mirror of
https://github.com/sasjs/server.git
synced 2026-01-15 18:00:05 +00:00
Merge pull request #141 from sasjs/issue-135
fix: fetch client from DB for each request
This commit is contained in:
Muhammad Saad
GitHub
@@ -1,6 +1,7 @@
|
|||||||
import { Security, Route, Tags, Example, Post, Body, Query, Hidden } from 'tsoa'
|
import { Security, Route, Tags, Example, Post, Body, Query, Hidden } from 'tsoa'
|
||||||
import jwt from 'jsonwebtoken'
|
import jwt from 'jsonwebtoken'
|
||||||
import User from '../model/User'
|
import User from '../model/User'
|
||||||
|
import Client from '../model/Client'
|
||||||
import { InfoJWT } from '../types'
|
import { InfoJWT } from '../types'
|
||||||
import {
|
import {
|
||||||
generateAccessToken,
|
generateAccessToken,
|
||||||
@@ -81,6 +82,9 @@ export class AuthController {
|
|||||||
const authorize = async (data: any): Promise<AuthorizeResponse> => {
|
const authorize = async (data: any): Promise<AuthorizeResponse> => {
|
||||||
const { username, password, clientId } = data
|
const { username, password, clientId } = data
|
||||||
|
|
||||||
|
const client = await Client.findOne({ clientId })
|
||||||
|
if (!client) throw new Error('Invalid clientId.')
|
||||||
|
|
||||||
// Authenticate User
|
// Authenticate User
|
||||||
const user = await User.findOne({ username })
|
const user = await User.findOne({ username })
|
||||||
if (!user) throw new Error('Username is not found.')
|
if (!user) throw new Error('Username is not found.')
|
||||||
|
|||||||
@@ -25,9 +25,8 @@ export class InfoController {
|
|||||||
const response = {
|
const response = {
|
||||||
mode: process.env.MODE ?? 'desktop',
|
mode: process.env.MODE ?? 'desktop',
|
||||||
cors:
|
cors:
|
||||||
process.env.CORS ?? process.env.MODE === 'server'
|
process.env.CORS ||
|
||||||
? 'disable'
|
(process.env.MODE === 'server' ? 'disable' : 'enable'),
|
||||||
: 'enable',
|
|
||||||
whiteList:
|
whiteList:
|
||||||
process.env.WHITELIST?.split(' ')?.filter((url) => !!url) ?? [],
|
process.env.WHITELIST?.split(' ')?.filter((url) => !!url) ?? [],
|
||||||
protocol: process.env.PROTOCOL ?? 'http'
|
protocol: process.env.PROTOCOL ?? 'http'
|
||||||
|
|||||||
@@ -1,44 +1,22 @@
|
|||||||
import express from 'express'
|
import express from 'express'
|
||||||
|
|
||||||
import { AuthController } from '../../controllers/'
|
import { AuthController } from '../../controllers/'
|
||||||
import Client from '../../model/Client'
|
|
||||||
|
|
||||||
import {
|
import {
|
||||||
authenticateAccessToken,
|
authenticateAccessToken,
|
||||||
authenticateRefreshToken
|
authenticateRefreshToken
|
||||||
} from '../../middlewares'
|
} from '../../middlewares'
|
||||||
|
|
||||||
import {
|
import { authorizeValidation, tokenValidation } from '../../utils'
|
||||||
authorizeValidation,
|
|
||||||
getDesktopFields,
|
|
||||||
tokenValidation
|
|
||||||
} from '../../utils'
|
|
||||||
import { InfoJWT } from '../../types'
|
import { InfoJWT } from '../../types'
|
||||||
|
|
||||||
const authRouter = express.Router()
|
const authRouter = express.Router()
|
||||||
|
const controller = new AuthController()
|
||||||
const clientIDs = new Set()
|
|
||||||
|
|
||||||
export const populateClients = async () => {
|
|
||||||
const result = await Client.find()
|
|
||||||
clientIDs.clear()
|
|
||||||
result.forEach((r) => {
|
|
||||||
clientIDs.add(r.clientId)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
authRouter.post('/authorize', async (req, res) => {
|
authRouter.post('/authorize', async (req, res) => {
|
||||||
const { error, value: body } = authorizeValidation(req.body)
|
const { error, value: body } = authorizeValidation(req.body)
|
||||||
if (error) return res.status(400).send(error.details[0].message)
|
if (error) return res.status(400).send(error.details[0].message)
|
||||||
|
|
||||||
const { clientId } = body
|
|
||||||
|
|
||||||
// Verify client ID
|
|
||||||
if (!clientIDs.has(clientId)) {
|
|
||||||
return res.status(403).send('Invalid clientId.')
|
|
||||||
}
|
|
||||||
|
|
||||||
const controller = new AuthController()
|
|
||||||
try {
|
try {
|
||||||
const response = await controller.authorize(body)
|
const response = await controller.authorize(body)
|
||||||
|
|
||||||
@@ -52,7 +30,6 @@ authRouter.post('/token', async (req, res) => {
|
|||||||
const { error, value: body } = tokenValidation(req.body)
|
const { error, value: body } = tokenValidation(req.body)
|
||||||
if (error) return res.status(400).send(error.details[0].message)
|
if (error) return res.status(400).send(error.details[0].message)
|
||||||
|
|
||||||
const controller = new AuthController()
|
|
||||||
try {
|
try {
|
||||||
const response = await controller.token(body)
|
const response = await controller.token(body)
|
||||||
const { accessToken } = response
|
const { accessToken } = response
|
||||||
@@ -66,7 +43,6 @@ authRouter.post('/token', async (req, res) => {
|
|||||||
authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
|
authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
|
||||||
const userInfo: InfoJWT = req.user
|
const userInfo: InfoJWT = req.user
|
||||||
|
|
||||||
const controller = new AuthController()
|
|
||||||
try {
|
try {
|
||||||
const response = await controller.refresh(userInfo)
|
const response = await controller.refresh(userInfo)
|
||||||
|
|
||||||
@@ -79,7 +55,6 @@ authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
|
|||||||
authRouter.delete('/logout', authenticateAccessToken, async (req: any, res) => {
|
authRouter.delete('/logout', authenticateAccessToken, async (req: any, res) => {
|
||||||
const userInfo: InfoJWT = req.user
|
const userInfo: InfoJWT = req.user
|
||||||
|
|
||||||
const controller = new AuthController()
|
|
||||||
try {
|
try {
|
||||||
await controller.logout(userInfo)
|
await controller.logout(userInfo)
|
||||||
} catch (e) {}
|
} catch (e) {}
|
||||||
|
|||||||
@@ -8,7 +8,6 @@ import {
|
|||||||
ClientController,
|
ClientController,
|
||||||
AuthController
|
AuthController
|
||||||
} from '../../../controllers/'
|
} from '../../../controllers/'
|
||||||
import { populateClients } from '../auth'
|
|
||||||
import { InfoJWT } from '../../../types'
|
import { InfoJWT } from '../../../types'
|
||||||
import {
|
import {
|
||||||
generateAccessToken,
|
generateAccessToken,
|
||||||
@@ -42,7 +41,6 @@ describe('auth', () => {
|
|||||||
mongoServer = await MongoMemoryServer.create()
|
mongoServer = await MongoMemoryServer.create()
|
||||||
con = await mongoose.connect(mongoServer.getUri())
|
con = await mongoose.connect(mongoServer.getUri())
|
||||||
await clientController.createClient({ clientId, clientSecret })
|
await clientController.createClient({ clientId, clientSecret })
|
||||||
await populateClients()
|
|
||||||
})
|
})
|
||||||
|
|
||||||
afterAll(async () => {
|
afterAll(async () => {
|
||||||
@@ -154,7 +152,7 @@ describe('auth', () => {
|
|||||||
})
|
})
|
||||||
.expect(403)
|
.expect(403)
|
||||||
|
|
||||||
expect(res.text).toEqual('Invalid clientId.')
|
expect(res.text).toEqual('Error: Invalid clientId.')
|
||||||
expect(res.body).toEqual({})
|
expect(res.body).toEqual({})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
import mongoose from 'mongoose'
|
import mongoose from 'mongoose'
|
||||||
import { populateClients } from '../routes/api/auth'
|
|
||||||
import { seedDB } from './seedDB'
|
import { seedDB } from './seedDB'
|
||||||
|
|
||||||
export const connectDB = async () => {
|
export const connectDB = async () => {
|
||||||
@@ -22,7 +21,5 @@ export const connectDB = async () => {
|
|||||||
console.log('Connected to db!')
|
console.log('Connected to db!')
|
||||||
|
|
||||||
await seedDB()
|
await seedDB()
|
||||||
|
|
||||||
await populateClients()
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user