feat: authentication with azure all routes are protected

.gitignore

@@ -6,3 +6,4 @@ node_modules/
 sas/
 tmp/
 build/
+.env

package.json

@@ -22,13 +22,17 @@
   "author": "Analytium Ltd",
   "dependencies": {
     "@sasjs/utils": "^2.23.3",
-    "express": "^4.17.1"
+    "express": "^4.17.1",
+    "express-session": "^1.17.1",
+    "msal-express-wrapper": "git+https://github.com/Azure-Samples/msal-express-wrapper.git#1.0.0-beta.3"
   },
   "devDependencies": {
     "@types/express": "^4.17.12",
+    "@types/express-session": "^1.17.4",
     "@types/jest": "^26.0.24",
     "@types/node": "^15.12.2",
     "@types/supertest": "^2.0.11",
+    "dotenv": "^10.0.0",
     "jest": "^27.0.6",
     "nodemon": "^2.0.7",
     "prettier": "^2.3.1",
@@ -41,6 +45,6 @@
   },
   "configuration": {
     "sasPath": "/opt/sas/sas9/SASHome/SASFoundation/9.4/sasexe/sas",
-    "sasJsPort": 5000
+    "sasJsPort": 4000
   }
 }

public/401.html

@@ -0,0 +1,3 @@
+Unauthorized
+
+<a href="/signin" role="button">Sign-in</a>

public/404.html

@@ -0,0 +1 @@
+Page Not Found

public/500.html

@@ -0,0 +1 @@
+Server Error

src/app.ts

@@ -1,10 +1,56 @@
+import path from 'path'
 import express from 'express'
+import session from 'express-session'
+
+// import msalWrapper from 'msal-express-wrapper'
+const msalWrapper = require('msal-express-wrapper')
+
 import indexRouter from './routes'
 
+require('dotenv').config()
+import { appSettings } from './appSettings'
+
 const app = express()
 
 app.use(express.json({ limit: '50mb' }))
 
-app.use('/', indexRouter)
+app.use(express.static(path.join(__dirname, '..', 'public')))
+
+/**
+ * Using express-session middleware. Be sure to familiarize yourself with available options
+ * and set them as desired. Visit: https://www.npmjs.com/package/express-session
+ */
+const sessionConfig = {
+  secret: appSettings.appCredentials.clientSecret,
+  resave: false,
+  saveUninitialized: false,
+  cookie: {
+    secure: false // set this to true on production
+  }
+}
+
+if (app.get('env') === 'production') {
+  app.set('trust proxy', 1) // trust first proxy
+  sessionConfig.cookie.secure = true // serve secure cookies
+}
+
+app.use(session(sessionConfig))
+
+// instantiate the wrapper
+const authProvider = new msalWrapper.AuthProvider(appSettings)
+
+// initialize the wrapper
+app.use(authProvider.initialize())
+
+// authentication routes
+app.get('/signin', authProvider.signIn({ successRedirect: '/' }))
+app.get('/signout', authProvider.signOut({ successRedirect: '/' }))
+
+// secure routes
+app.get('/', authProvider.isAuthenticated(), indexRouter)
+
+app.get('/error', (req, res) => res.redirect('/500.html'))
+app.get('/unauthorized', (req, res) => res.redirect('/401.html'))
+app.get('*', (req, res) => res.status(404).redirect('/404.html'))
 
 export default app

src/appSettings.ts

@@ -0,0 +1,12 @@
+export const appSettings = {
+  appCredentials: {
+    clientId: process.env.CLIENTID as string,
+    tenantId: process.env.TENANTID as string,
+    clientSecret: process.env.CLIENTSECRET as string
+  },
+  authRoutes: {
+    redirect: '/redirect',
+    error: '/error', // the wrapper will redirect to this route in case of any error.
+    unauthorized: '/unauthorized' // the wrapper will redirect to this route in case of unauthorized access attempt.
+  }
+}