monkeytype/backend/middlewares/auth.js

const MonkeyError = require("../handlers/error");
const { verifyIdToken } = require("../handlers/auth");

module.exports = {
  async authenticateRequest(req, res, next) {
    try {
      if (process.env.MODE === "dev" && !req.headers.authorization) {
        if (req.body.uid) {
          req.decodedToken = {
            uid: req.body.uid,
          };
          console.log("Running authorization in dev mode");
          return next();
        } else {
          throw new MonkeyError(
            400,
            "Running authorization in dev mode but still no uid was provided"
          );
        }
      }
      const { authorization } = req.headers;
      if (!authorization)
        throw new MonkeyError(
          401,
          "Unauthorized",
          `endpoint: ${req.baseUrl} no authorization header found`
        );
      const token = authorization.split(" ");
      if (token[0].trim() !== "Bearer")
        return next(
          new MonkeyError(400, "Invalid Token", "Incorrect token type")
        );
      try {
        req.decodedToken = await verifyIdToken(token[1]);
      } catch (err) {
        if (err.message == "auth/id-token-expired") {
          new MonkeyError(401, "Unauthorized", "Token expired");
        } else {
          throw err;
        }
      }
      return next();
    } catch (e) {
      return next(e);
    }
  },
};
Added MonkeyError class 2021-06-07 01:26:12 +08:00			`const MonkeyError = require("../handlers/error");`
Added Auth Router and DAO 2021-06-07 00:32:37 +08:00			`const { verifyIdToken } = require("../handlers/auth");`

			`module.exports = {`
			`async authenticateRequest(req, res, next) {`
			`try {`
added dev mode to request auth 2021-09-07 22:04:50 +08:00			`if (process.env.MODE === "dev" && !req.headers.authorization) {`
			`if (req.body.uid) {`
			`req.decodedToken = {`
			`uid: req.body.uid,`
			`};`
			`console.log("Running authorization in dev mode");`
			`return next();`
			`} else {`
			`throw new MonkeyError(`
			`400,`
			`"Running authorization in dev mode but still no uid was provided"`
			`);`
			`}`
			`}`
Added Auth Router and DAO 2021-06-07 00:32:37 +08:00			`const { authorization } = req.headers;`
better errors 2021-08-18 08:41:29 +08:00			`if (!authorization)`
			`throw new MonkeyError(`
			`401,`
			`"Unauthorized",`
Fixed typo (#2300) 2022-01-14 23:20:04 +08:00			`endpoint: ${req.baseUrl} no authorization header found`
better errors 2021-08-18 08:41:29 +08:00			`);`
Added Auth Router and DAO 2021-06-07 00:32:37 +08:00			`const token = authorization.split(" ");`
fixed tiny bug with token finding 2021-06-17 03:56:00 +08:00			`if (token[0].trim() !== "Bearer")`
better errors 2021-08-18 08:41:29 +08:00			`return next(`
			`new MonkeyError(400, "Invalid Token", "Incorrect token type")`
			`);`
handling one possible exception 2022-02-04 20:06:09 +08:00			`try {`
			`req.decodedToken = await verifyIdToken(token[1]);`
			`} catch (err) {`
			`if (err.message == "auth/id-token-expired") {`
			`new MonkeyError(401, "Unauthorized", "Token expired");`
			`} else {`
			`throw err;`
			`}`
			`}`
Added Auth Router and DAO 2021-06-07 00:32:37 +08:00			`return next();`
			`} catch (e) {`
			`return next(e);`
			`}`
			`},`
			`};`