@apolitical/server
Version:
Node.js module to encapsulate Apolitical's express server setup
70 lines (62 loc) • 2.07 kB
JavaScript
;
module.exports =
({ qs, jwtEncodeHelper, config, xss }) =>
({ sessionSecret = null } = {}) => {
const {
JWT: {
APOLITICAL: { ISSUER, ADMIN_ROLE, COOKIE_KEY },
},
HELPERS: {
SANITISATION: { DEFAULT_XSS_OPTIONS },
},
} = config;
function generateAdminToken() {
if (!sessionSecret) {
throw new Error('Cannot generate token without session secret');
}
const token = jwtEncodeHelper(sessionSecret, {
role: ADMIN_ROLE,
admin: true,
iss: ISSUER,
exp: Math.floor(Date.now() / 1000) + 90 * 24 * 3600,
});
return token;
}
function buildHeaders({ authToken }) {
const headers = {};
if (authToken && typeof authToken === 'boolean') {
// When authToken is a boolean then generate an admin token
const adminToken = generateAdminToken();
Object.assign(headers, { Cookie: `${COOKIE_KEY}=${adminToken}` });
} else if (authToken && typeof authToken === 'string') {
// When authToken is a string then use the it as the token
Object.assign(headers, { Cookie: `${COOKIE_KEY}=${authToken}` });
}
return headers;
}
function buildOptions({ headers, params, validateStatus, data }) {
const opts = {};
if (headers) {
Object.assign(opts, { headers: buildHeaders(headers) });
}
if (params) {
Object.assign(opts, { params });
}
if (validateStatus) {
Object.assign(opts, { validateStatus });
}
if (data) {
Object.assign(opts, { data });
}
return opts;
}
function buildQueryString({ query = {} } = {}) {
const queryString = qs.stringify(query);
return queryString ? `?${queryString}` : '';
}
function sanitiseInput(input = {}, options = DEFAULT_XSS_OPTIONS) {
const sanitizedInput = JSON.parse(xss(JSON.stringify(input), options));
return sanitizedInput || {};
}
return { buildOptions, buildQueryString, sanitiseInput };
};