UNPKG

@infomaker/service-authorization-lib

Version:

IMID Service Authorization Library

90 lines (78 loc) 2.46 kB
/* eslint-env node */ 'use strict' const authorize = require('../../authorize') const utils = require('./utils') const log = require('@infomaker/json-log')(__filename) const register = async (server, options, next) => { // Register authorizer server.ext('onPreHandler', async (req, h) => { const rawReq = req.raw.req const reqId = rawReq.headers['x-imid-req-id'] /* istanbul ignore next */ const imidToken = rawReq.headers['x-imid-token'] || null const authParams = utils.getAuthParamsFromRequest(req) // No auth params configured for route so we continue if (!authParams) { return h.continue } const unverifiedServiceToken = utils.getServiceTokenFromRequest(req) const serviceTokenSignSecret = options.serviceTokenSignSecret log.debug('SAL got request to authorize',{ 'x-imid-req-id': reqId, serviceReqId: req.id, unverifiedServiceToken }) const result = await authorize({ authParams, unverifiedServiceToken, imidToken, serviceTokenSignSecret, request: req }) log.debug('SAL authorize result',{ 'x-imid-req-id': reqId, serviceReqId: req.id, result }) if (result.err) { if (result.err.internalData && result.err.internalData.serviceToken) { utils.setCredentialsOnRequest(req, { credentials: { serviceToken: result.err.internalData.serviceToken } }) } throw result.err } else { utils.setCredentialsOnRequest(req, { credentials: result.credentials, artifacts: result.artifacts }) utils.setIsAuthenticated(req) return h.continue } }) // Register error handler server.ext('onPreResponse', (req, h) => { if (req.response.isBoom) { const error = req.response if (error.internalData && error.internalData.loginRedirectOrg) { const response = h.response({ msg: error.publicMessage }) response.header('x-imid-login-redirect-organization', error.internalData.loginRedirectOrg) response.code(error.httpCode) return response } else if (error.isSALError || error.isImError) { return error.hapiReply(h) } } return h.continue }) /* istanbul ignore next */ if (typeof next === 'function') { next() } } register.attributes = { name: 'im-auth-jwt', version: '1.0.0' } module.exports = { name: 'im-auth-jwt', version: '1.0.0', register: register }