feat: authentication with azure all routes are protected

2025-12-10 11:24:35 +00:00 · 2021-10-12 21:48:35 +05:00
parent 686bf2eb11
commit bbd7133f5c
8 changed files with 1212 additions and 79 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ node_modules/
 sas/
 tmp/
 build/
+.env
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -22,13 +22,17 @@
  "author": "Analytium Ltd",
  "dependencies": {
    "@sasjs/utils": "^2.23.3",
-    "express": "^4.17.1"
+    "express": "^4.17.1",
+    "express-session": "^1.17.1",
+    "msal-express-wrapper": "git+https://github.com/Azure-Samples/msal-express-wrapper.git#1.0.0-beta.3"
  },
  "devDependencies": {
    "@types/express": "^4.17.12",
+    "@types/express-session": "^1.17.4",
    "@types/jest": "^26.0.24",
    "@types/node": "^15.12.2",
    "@types/supertest": "^2.0.11",
+    "dotenv": "^10.0.0",
    "jest": "^27.0.6",
    "nodemon": "^2.0.7",
    "prettier": "^2.3.1",
@@ -41,6 +45,6 @@
  },
  "configuration": {
    "sasPath": "/opt/sas/sas9/SASHome/SASFoundation/9.4/sasexe/sas",
-    "sasJsPort": 5000
+    "sasJsPort": 4000
  }
 }
--- a/public/401.html
+++ b/public/401.html
@@ -0,0 +1,3 @@
+Unauthorized
+
+<a href="/signin" role="button">Sign-in</a>
--- a/public/404.html
+++ b/public/404.html
@@ -0,0 +1 @@
+Page Not Found
--- a/public/500.html
+++ b/public/500.html
@@ -0,0 +1 @@
+Server Error
--- a/src/app.ts
+++ b/src/app.ts
@@ -1,10 +1,56 @@
+import path from 'path'
 import express from 'express'
+import session from 'express-session'
+
+// import msalWrapper from 'msal-express-wrapper'
+const msalWrapper = require('msal-express-wrapper')
+
 import indexRouter from './routes'

+require('dotenv').config()
+import { appSettings } from './appSettings'
+
 const app = express()

 app.use(express.json({ limit: '50mb' }))

-app.use('/', indexRouter)
+app.use(express.static(path.join(__dirname, '..', 'public')))
+
+/**
+ * Using express-session middleware. Be sure to familiarize yourself with available options
+ * and set them as desired. Visit: https://www.npmjs.com/package/express-session
+ */
+const sessionConfig = {
+  secret: appSettings.appCredentials.clientSecret,
+  resave: false,
+  saveUninitialized: false,
+  cookie: {
+    secure: false // set this to true on production
+  }
+}
+
+if (app.get('env') === 'production') {
+  app.set('trust proxy', 1) // trust first proxy
+  sessionConfig.cookie.secure = true // serve secure cookies
+}
+
+app.use(session(sessionConfig))
+
+// instantiate the wrapper
+const authProvider = new msalWrapper.AuthProvider(appSettings)
+
+// initialize the wrapper
+app.use(authProvider.initialize())
+
+// authentication routes
+app.get('/signin', authProvider.signIn({ successRedirect: '/' }))
+app.get('/signout', authProvider.signOut({ successRedirect: '/' }))
+
+// secure routes
+app.get('/', authProvider.isAuthenticated(), indexRouter)
+
+app.get('/error', (req, res) => res.redirect('/500.html'))
+app.get('/unauthorized', (req, res) => res.redirect('/401.html'))
+app.get('*', (req, res) => res.status(404).redirect('/404.html'))

 export default app
--- a/src/appSettings.ts
+++ b/src/appSettings.ts
@@ -0,0 +1,12 @@
+export const appSettings = {
+  appCredentials: {
+    clientId: process.env.CLIENTID as string,
+    tenantId: process.env.TENANTID as string,
+    clientSecret: process.env.CLIENTSECRET as string
+  },
+  authRoutes: {
+    redirect: '/redirect',
+    error: '/error', // the wrapper will redirect to this route in case of any error.
+    unauthorized: '/unauthorized' // the wrapper will redirect to this route in case of unauthorized access attempt.
+  }
+}