Gitiles
Code Review Sign In
review.jami.net / jami-web / b933fbb75d802704301a4e4228f89b50ddfef71f^! / . / server / src / middleware / auth.ts
commitb933fbb75d802704301a4e4228f89b50ddfef71f[log] [tgz]
authorMisha Krieger-Raynauld <mkriegerraynauld@gmail.com>Tue Nov 15 15:11:09 2022 -0500
committerMisha Krieger-Raynauld <mkriegerraynauld@gmail.com>Fri Nov 18 00:51:01 2022 -0500
tree49465cf6b00f6e95aff5f3d05c5c15c5cce04ffb
parent4e7445c076adee2cb8d8953f4d16b3880b958beb [diff] [blame]
Reorganize server files and address TODO comments

Changes:
- Remove unneeded dependencies from package.json
- Remove unneeded async build() methods from services
    - Use constructor as often as possible
- Rename and move storage services for clarity
    - creds.ts -> accounts.ts, and creds.json -> accounts.json
    - admin-config.ts -> admin-account.ts
    - vault.ts -> signing-keys.ts
- Rename ws.ts to websocket-server.ts for clarity and consistency
- Make WebSocketServer initialize using constructor and bind server upgrade to WebSocketServer.upgrade
- Remove unused send-account-message endpoint from account-router.ts
- Set issuer and audience claims for JWT
- Create new utils/jwt.ts file to remove code duplication for JWT signing and verifying
- Delete utils.ts and merge it with jami-swig.ts
- Handle potentially undefined types in jami-swig.ts
- Replace hard to read one-liners with functions in jami-swig.ts
- Rename types in jami-swig.ts for consistency with daemon
- Remove handled/answered TODO comments
- Remove TODO comment about using .env for jamid.node as it does not work for require()

GitLab: #87
Change-Id: I1e5216ffa79ea34dd7e9b61540fb7e37d1f66c9f

diff --git a/server/src/middleware/auth.ts b/server/src/middleware/auth.ts
index 4f06992..7bbd20c 100644
--- a/server/src/middleware/auth.ts
+++ b/server/src/middleware/auth.ts

@@ -17,15 +17,11 @@
  */
 import { NextFunction, Request, Response } from 'express';
 import { HttpStatusCode } from 'jami-web-common';
-import { jwtVerify } from 'jose';
-import { Container } from 'typedi';
 
-import { Vault } from '../vault.js';
+import { verifyJwt } from '../utils/jwt.js';
 
 function createAuthenticationMiddleware(isAuthenticationRequired: boolean) {
   return async (req: Request, res: Response, next: NextFunction) => {
-    const publicKey = Container.get(Vault).publicKey;
-
     const authorizationHeader = req.headers.authorization;
     if (!authorizationHeader) {
       if (isAuthenticationRequired) {
@@ -45,11 +41,8 @@
     }
 
     try {
-      const { payload } = await jwtVerify(token, publicKey, {
-        issuer: 'urn:example:issuer',
-        audience: 'urn:example:audience',
-      });
-      res.locals.accountId = payload.id;
+      const { payload } = await verifyJwt(token);
+      res.locals.accountId = payload.accountId;
       next();
     } catch (e) {
       res.status(HttpStatusCode.Unauthorized).send('Invalid access token');