monkeytype/backend/middlewares/auth.js

const MonkeyError = require("../handlers/error");
const { verifyIdToken } = require("../handlers/auth");

const DEFAULT_OPTIONS = {
  isPublic: false,
};

function authenticateRequest(options = DEFAULT_OPTIONS) {
  return async (req, _res, next) => {
    try {
      const { authorization: authHeader } = req.headers;
      let token = null;

      if (authHeader) {
        token = await authenticateWithAuthHeader(authHeader);
      } else if (options.isPublic) {
        return next();
      } else if (process.env.MODE === "dev") {
        token = authenticateWithBody(req.body);
      } else {
        throw new MonkeyError(
          401,
          "Unauthorized",
          `endpoint: ${req.baseUrl} no authorization header found`
        );
      }

      req.ctx.decodedToken = token;
    } catch (error) {
      return next(error);
    }

    next();
  };
}

function authenticateWithBody(body) {
  const { uid } = body;

  if (!uid) {
    throw new MonkeyError(
      400,
      "Running authorization in dev mode but still no uid was provided"
    );
  }

  return {
    uid,
  };
}

async function authenticateWithAuthHeader(authHeader) {
  const token = authHeader.split(" ");

  const authScheme = token[0].trim();
  const credentials = token[1];

  if (authScheme === "Bearer") {
    return await authenticateWithBearerToken(credentials);
  }

  throw new MonkeyError(
    400,
    "Unknown authentication scheme",
    `The authentication scheme "${authScheme}" is not implemented.`
  );
}

async function authenticateWithBearerToken(token) {
  try {
    return await verifyIdToken(token);
  } catch (error) {
    if (error.message.includes("auth/id-token-expired")) {
      throw new MonkeyError(401, "Unauthorized", "Token expired");
    } else {
      throw error;
    }
  }
}

module.exports = {
  authenticateRequest,
};
Added MonkeyError class 2021-06-07 01:26:12 +08:00			`const MonkeyError = require("../handlers/error");`
Added Auth Router and DAO 2021-06-07 00:32:37 +08:00			`const { verifyIdToken } = require("../handlers/auth");`

Endpoint schemas/Improved Auth Middleware (#2411) by Bruception * Lots of stuff * Changed code order * Change message * Use strict comparison * Fix Bearer auth * changed failed validation message * removed full stops Co-authored-by: Miodec <bartnikjack@gmail.com> 2022-02-05 04:18:22 +08:00			`const DEFAULT_OPTIONS = {`
			`isPublic: false,`
			`};`

			`function authenticateRequest(options = DEFAULT_OPTIONS) {`
			`return async (req, _res, next) => {`
Added Auth Router and DAO 2021-06-07 00:32:37 +08:00			`try {`
Endpoint schemas/Improved Auth Middleware (#2411) by Bruception * Lots of stuff * Changed code order * Change message * Use strict comparison * Fix Bearer auth * changed failed validation message * removed full stops Co-authored-by: Miodec <bartnikjack@gmail.com> 2022-02-05 04:18:22 +08:00			`const { authorization: authHeader } = req.headers;`
			`let token = null;`

			`if (authHeader) {`
			`token = await authenticateWithAuthHeader(authHeader);`
			`} else if (options.isPublic) {`
			`return next();`
			`} else if (process.env.MODE === "dev") {`
			`token = authenticateWithBody(req.body);`
			`} else {`
better errors 2021-08-18 08:41:29 +08:00			`throw new MonkeyError(`
			`401,`
			`"Unauthorized",`
Fixed typo (#2300) 2022-01-14 23:20:04 +08:00			`endpoint: ${req.baseUrl} no authorization header found`
better errors 2021-08-18 08:41:29 +08:00			`);`
handling one possible exception 2022-02-04 20:06:09 +08:00			`}`
Endpoint schemas/Improved Auth Middleware (#2411) by Bruception * Lots of stuff * Changed code order * Change message * Use strict comparison * Fix Bearer auth * changed failed validation message * removed full stops Co-authored-by: Miodec <bartnikjack@gmail.com> 2022-02-05 04:18:22 +08:00
			`req.ctx.decodedToken = token;`
			`} catch (error) {`
			`return next(error);`
Added Auth Router and DAO 2021-06-07 00:32:37 +08:00			`}`
Endpoint schemas/Improved Auth Middleware (#2411) by Bruception * Lots of stuff * Changed code order * Change message * Use strict comparison * Fix Bearer auth * changed failed validation message * removed full stops Co-authored-by: Miodec <bartnikjack@gmail.com> 2022-02-05 04:18:22 +08:00
			`next();`
			`};`
			`}`

			`function authenticateWithBody(body) {`
			`const { uid } = body;`

			`if (!uid) {`
			`throw new MonkeyError(`
			`400,`
			`"Running authorization in dev mode but still no uid was provided"`
			`);`
			`}`

			`return {`
			`uid,`
			`};`
			`}`

			`async function authenticateWithAuthHeader(authHeader) {`
			`const token = authHeader.split(" ");`

			`const authScheme = token[0].trim();`
			`const credentials = token[1];`

			`if (authScheme === "Bearer") {`
			`return await authenticateWithBearerToken(credentials);`
			`}`

			`throw new MonkeyError(`
			`400,`
			`"Unknown authentication scheme",`
			`The authentication scheme "${authScheme}" is not implemented.`
			`);`
			`}`

			`async function authenticateWithBearerToken(token) {`
			`try {`
			`return await verifyIdToken(token);`
			`} catch (error) {`
			`if (error.message.includes("auth/id-token-expired")) {`
			`throw new MonkeyError(401, "Unauthorized", "Token expired");`
			`} else {`
			`throw error;`
			`}`
			`}`
			`}`

			`module.exports = {`
			`authenticateRequest,`
Added Auth Router and DAO 2021-06-07 00:32:37 +08:00			`};`