Merge pull request #141 from sasjs/issue-135

fix: fetch client from DB for each request
2025-12-10 19:34:34 +00:00 · 2022-04-27 12:09:41 -07:00
parent 4ae8f35e9a ebb46f51b6
commit a30fb1a241
5 changed files with 9 additions and 36 deletions
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -1,6 +1,7 @@
 import { Security, Route, Tags, Example, Post, Body, Query, Hidden } from 'tsoa'
 import jwt from 'jsonwebtoken'
 import User from '../model/User'
+import Client from '../model/Client'
 import { InfoJWT } from '../types'
 import {
  generateAccessToken,
@@ -81,6 +82,9 @@ export class AuthController {
 const authorize = async (data: any): Promise<AuthorizeResponse> => {
  const { username, password, clientId } = data

+  const client = await Client.findOne({ clientId })
+  if (!client) throw new Error('Invalid clientId.')
+
  // Authenticate User
  const user = await User.findOne({ username })
  if (!user) throw new Error('Username is not found.')
--- a/api/src/controllers/info.ts
+++ b/api/src/controllers/info.ts
@@ -25,9 +25,8 @@ export class InfoController {
    const response = {
      mode: process.env.MODE ?? 'desktop',
      cors:
-        process.env.CORS ?? process.env.MODE === 'server'
-          ? 'disable'
-          : 'enable',
+        process.env.CORS ||
+        (process.env.MODE === 'server' ? 'disable' : 'enable'),
      whiteList:
        process.env.WHITELIST?.split(' ')?.filter((url) => !!url) ?? [],
      protocol: process.env.PROTOCOL ?? 'http'
--- a/api/src/routes/api/auth.ts
+++ b/api/src/routes/api/auth.ts
@@ -1,44 +1,22 @@
 import express from 'express'

 import { AuthController } from '../../controllers/'
-import Client from '../../model/Client'

 import {
  authenticateAccessToken,
  authenticateRefreshToken
 } from '../../middlewares'

-import {
-  authorizeValidation,
-  getDesktopFields,
-  tokenValidation
-} from '../../utils'
+import { authorizeValidation, tokenValidation } from '../../utils'
 import { InfoJWT } from '../../types'

 const authRouter = express.Router()
-
-const clientIDs = new Set()
-
-export const populateClients = async () => {
-  const result = await Client.find()
-  clientIDs.clear()
-  result.forEach((r) => {
-    clientIDs.add(r.clientId)
-  })
-}
+const controller = new AuthController()

 authRouter.post('/authorize', async (req, res) => {
  const { error, value: body } = authorizeValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)

-  const { clientId } = body
-
-  // Verify client ID
-  if (!clientIDs.has(clientId)) {
-    return res.status(403).send('Invalid clientId.')
-  }
-
-  const controller = new AuthController()
  try {
    const response = await controller.authorize(body)

@@ -52,7 +30,6 @@ authRouter.post('/token', async (req, res) => {
  const { error, value: body } = tokenValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)

-  const controller = new AuthController()
  try {
    const response = await controller.token(body)
    const { accessToken } = response
@@ -66,7 +43,6 @@ authRouter.post('/token', async (req, res) => {
 authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
  const userInfo: InfoJWT = req.user

-  const controller = new AuthController()
  try {
    const response = await controller.refresh(userInfo)

@@ -79,7 +55,6 @@ authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
 authRouter.delete('/logout', authenticateAccessToken, async (req: any, res) => {
  const userInfo: InfoJWT = req.user

-  const controller = new AuthController()
  try {
    await controller.logout(userInfo)
  } catch (e) {}
--- a/api/src/routes/api/spec/auth.spec.ts
+++ b/api/src/routes/api/spec/auth.spec.ts
@@ -8,7 +8,6 @@ import {
  ClientController,
  AuthController
 } from '../../../controllers/'
-import { populateClients } from '../auth'
 import { InfoJWT } from '../../../types'
 import {
  generateAccessToken,
@@ -42,7 +41,6 @@ describe('auth', () => {
    mongoServer = await MongoMemoryServer.create()
    con = await mongoose.connect(mongoServer.getUri())
    await clientController.createClient({ clientId, clientSecret })
-    await populateClients()
  })

  afterAll(async () => {
@@ -154,7 +152,7 @@ describe('auth', () => {
        })
        .expect(403)

-      expect(res.text).toEqual('Invalid clientId.')
+      expect(res.text).toEqual('Error: Invalid clientId.')
      expect(res.body).toEqual({})
    })
  })
--- a/api/src/utils/connectDB.ts
+++ b/api/src/utils/connectDB.ts
@@ -1,5 +1,4 @@
 import mongoose from 'mongoose'
-import { populateClients } from '../routes/api/auth'
 import { seedDB } from './seedDB'

 export const connectDB = async () => {
@@ -22,7 +21,5 @@ export const connectDB = async () => {
    console.log('Connected to db!')

    await seedDB()
-
-    await populateClients()
  })
 }