From 4ad8c81e4927c1a82220ec015a781b095c8e859e Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Sun, 24 Apr 2022 04:16:13 +0500 Subject: [PATCH 1/4] fix: fetch client from DB for each request --- api/src/controllers/auth.ts | 4 ++++ api/src/routes/api/auth.ts | 29 ++--------------------------- api/src/utils/connectDB.ts | 3 --- 3 files changed, 6 insertions(+), 30 deletions(-) diff --git a/api/src/controllers/auth.ts b/api/src/controllers/auth.ts index 9cc05e3..dba3db9 100644 --- a/api/src/controllers/auth.ts +++ b/api/src/controllers/auth.ts @@ -1,6 +1,7 @@ import { Security, Route, Tags, Example, Post, Body, Query, Hidden } from 'tsoa' import jwt from 'jsonwebtoken' import User from '../model/User' +import Client from '../model/Client' import { InfoJWT } from '../types' import { generateAccessToken, @@ -81,6 +82,9 @@ export class AuthController { const authorize = async (data: any): Promise => { const { username, password, clientId } = data + const client = await Client.findOne({ clientId }) + if (!client) throw new Error('Invalid clientId.') + // Authenticate User const user = await User.findOne({ username }) if (!user) throw new Error('Username is not found.') diff --git a/api/src/routes/api/auth.ts b/api/src/routes/api/auth.ts index ab45b55..08664cb 100644 --- a/api/src/routes/api/auth.ts +++ b/api/src/routes/api/auth.ts @@ -1,44 +1,22 @@ import express from 'express' import { AuthController } from '../../controllers/' -import Client from '../../model/Client' import { authenticateAccessToken, authenticateRefreshToken } from '../../middlewares' -import { - authorizeValidation, - getDesktopFields, - tokenValidation -} from '../../utils' +import { authorizeValidation, tokenValidation } from '../../utils' import { InfoJWT } from '../../types' const authRouter = express.Router() - -const clientIDs = new Set() - -export const populateClients = async () => { - const result = await Client.find() - clientIDs.clear() - result.forEach((r) => { - clientIDs.add(r.clientId) - }) -} +const controller = new AuthController() authRouter.post('/authorize', async (req, res) => { const { error, value: body } = authorizeValidation(req.body) if (error) return res.status(400).send(error.details[0].message) - const { clientId } = body - - // Verify client ID - if (!clientIDs.has(clientId)) { - return res.status(403).send('Invalid clientId.') - } - - const controller = new AuthController() try { const response = await controller.authorize(body) @@ -52,7 +30,6 @@ authRouter.post('/token', async (req, res) => { const { error, value: body } = tokenValidation(req.body) if (error) return res.status(400).send(error.details[0].message) - const controller = new AuthController() try { const response = await controller.token(body) const { accessToken } = response @@ -66,7 +43,6 @@ authRouter.post('/token', async (req, res) => { authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => { const userInfo: InfoJWT = req.user - const controller = new AuthController() try { const response = await controller.refresh(userInfo) @@ -79,7 +55,6 @@ authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => { authRouter.delete('/logout', authenticateAccessToken, async (req: any, res) => { const userInfo: InfoJWT = req.user - const controller = new AuthController() try { await controller.logout(userInfo) } catch (e) {} diff --git a/api/src/utils/connectDB.ts b/api/src/utils/connectDB.ts index a751b16..0fea107 100644 --- a/api/src/utils/connectDB.ts +++ b/api/src/utils/connectDB.ts @@ -1,5 +1,4 @@ import mongoose from 'mongoose' -import { populateClients } from '../routes/api/auth' import { seedDB } from './seedDB' export const connectDB = async () => { @@ -22,7 +21,5 @@ export const connectDB = async () => { console.log('Connected to db!') await seedDB() - - await populateClients() }) } From fd15f3fb413878d5822084a8e8d632c13dacd545 Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Sun, 24 Apr 2022 05:11:56 +0500 Subject: [PATCH 2/4] test: fix specs --- api/src/routes/api/spec/auth.spec.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/api/src/routes/api/spec/auth.spec.ts b/api/src/routes/api/spec/auth.spec.ts index 2377809..cf93f15 100644 --- a/api/src/routes/api/spec/auth.spec.ts +++ b/api/src/routes/api/spec/auth.spec.ts @@ -8,7 +8,6 @@ import { ClientController, AuthController } from '../../../controllers/' -import { populateClients } from '../auth' import { InfoJWT } from '../../../types' import { generateAccessToken, @@ -42,7 +41,6 @@ describe('auth', () => { mongoServer = await MongoMemoryServer.create() con = await mongoose.connect(mongoServer.getUri()) await clientController.createClient({ clientId, clientSecret }) - await populateClients() }) afterAll(async () => { From fe24f51ca2d5f94e42105d201b0804fe1445111a Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Sun, 24 Apr 2022 05:17:25 +0500 Subject: [PATCH 3/4] test: fix specs --- api/src/routes/api/spec/auth.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/routes/api/spec/auth.spec.ts b/api/src/routes/api/spec/auth.spec.ts index cf93f15..4a0014d 100644 --- a/api/src/routes/api/spec/auth.spec.ts +++ b/api/src/routes/api/spec/auth.spec.ts @@ -152,7 +152,7 @@ describe('auth', () => { }) .expect(403) - expect(res.text).toEqual('Invalid clientId.') + expect(res.text).toEqual('Error: Invalid clientId.') expect(res.body).toEqual({}) }) }) From ebb46f51b6bc8736a8a086954b77b3b2515b6e36 Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Sun, 24 Apr 2022 05:29:42 +0500 Subject: [PATCH 4/4] chore: fix specs --- api/src/controllers/info.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/api/src/controllers/info.ts b/api/src/controllers/info.ts index ab42fc5..fca2604 100644 --- a/api/src/controllers/info.ts +++ b/api/src/controllers/info.ts @@ -25,9 +25,8 @@ export class InfoController { const response = { mode: process.env.MODE ?? 'desktop', cors: - process.env.CORS ?? process.env.MODE === 'server' - ? 'disable' - : 'enable', + process.env.CORS || + (process.env.MODE === 'server' ? 'disable' : 'enable'), whiteList: process.env.WHITELIST?.split(' ')?.filter((url) => !!url) ?? [], protocol: process.env.PROTOCOL ?? 'http'