commit 242560f3b6ddace90fd5f537966cfa1154aa8873
author Misha Krieger-Raynauld <mkriegerraynauld@gmail.com> Sun Oct 16 19:59:58 2022 -0400
committer Misha Krieger-Raynauld <mkriegerraynauld@gmail.com> Sat Oct 22 13:59:51 2022 -0400
tree 728ba77a44096caff3dee1df3cb16c5cbf7e3034
parent e3ec0d2faea69be096fb3b18a463ca56154b69cf

Create JWT auth middleware and sample authenticated routes for /account

Changes:
- Create new middleware/auth.ts middleware to authenticate JWT
- Make vault.ts privateKey and publicKey fields to access them without await
- Remove @Service from auth router in auth-router.ts
- Create new AccountRouter with /account routes

Change-Id: Ie08651de7dbbce5d7596d80eba344707eb47d460

server/src/middleware/auth.ts

diff --git a/server/src/middleware/auth.ts b/server/src/middleware/auth.ts
new file mode 100644
index 0000000..fad4165
--- /dev/null
+++ b/server/src/middleware/auth.ts
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2022 Savoir-faire Linux Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation; either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this program.  If not, see
+ * <https://www.gnu.org/licenses/>.
+ */
+import { NextFunction, Request, Response } from 'express';
+import { jwtVerify } from 'jose';
+import { Container } from 'typedi';
+
+import { StatusCode } from '../constants.js';
+import { Vault } from '../vault.js';
+
+export async function authenticateToken(req: Request, res: Response, next: NextFunction) {
+  const publicKey = Container.get(Vault).publicKey;
+
+  const authorizationHeader = req.headers.authorization;
+  if (!authorizationHeader) {
+    res.status(StatusCode.UNAUTHORIZED).send('Missing Authorization header');
+    return;
+  }
+
+  const token = authorizationHeader.split(' ')[1];
+  if (token === undefined) {
+    res.status(StatusCode.BAD_REQUEST).send('Missing JSON web token');
+    return;
+  }
+
+  try {
+    const { payload } = await jwtVerify(token, publicKey, {
+      issuer: 'urn:example:issuer',
+      audience: 'urn:example:audience',
+    });
+    res.locals.accountId = payload.id as string;
+    next();
+  } catch (err) {
+    res.sendStatus(StatusCode.UNAUTHORIZED);
+  }
+}