commit 242560f3b6ddace90fd5f537966cfa1154aa8873
author Misha Krieger-Raynauld <mkriegerraynauld@gmail.com> Sun Oct 16 19:59:58 2022 -0400
committer Misha Krieger-Raynauld <mkriegerraynauld@gmail.com> Sat Oct 22 13:59:51 2022 -0400
tree 728ba77a44096caff3dee1df3cb16c5cbf7e3034
parent e3ec0d2faea69be096fb3b18a463ca56154b69cf

Create JWT auth middleware and sample authenticated routes for /account

Changes:
- Create new middleware/auth.ts middleware to authenticate JWT
- Make vault.ts privateKey and publicKey fields to access them without await
- Remove @Service from auth router in auth-router.ts
- Create new AccountRouter with /account routes

Change-Id: Ie08651de7dbbce5d7596d80eba344707eb47d460

server/src/ws.ts

diff --git a/server/src/ws.ts b/server/src/ws.ts
index 7670695..74a7a06 100644
--- a/server/src/ws.ts
+++ b/server/src/ws.ts
@@ -40,19 +40,17 @@
       });
     });
 
-    const pubKey = await this.vault.pubKey();
-
     return (request: IncomingMessage, socket: Duplex, head: Buffer) => {
       // Do not use parseURL because it returns a URLRecord and not a URL.
       const url = new URL(request.url ?? '/', 'http://localhost/');
       const accessToken = url.searchParams.get('accessToken');
       if (!accessToken) {
-        socket.write('HTTP/1.1 400 Bad Request\r\n\r\n');
+        socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
         socket.destroy();
         return;
       }
 
-      jwtVerify(accessToken, pubKey, {
+      jwtVerify(accessToken, this.vault.publicKey, {
         issuer: 'urn:example:issuer',
         audience: 'urn:example:audience',
       })