@infomaker/service-authorization-lib
Version:
IMID Service Authorization Library
90 lines (78 loc) • 2.46 kB
JavaScript
/* eslint-env node */
const authorize = require('../../authorize')
const utils = require('./utils')
const log = require('@infomaker/json-log')(__filename)
const register = async (server, options, next) => {
// Register authorizer
server.ext('onPreHandler', async (req, h) => {
const rawReq = req.raw.req
const reqId = rawReq.headers['x-imid-req-id']
/* istanbul ignore next */
const imidToken = rawReq.headers['x-imid-token'] || null
const authParams = utils.getAuthParamsFromRequest(req)
// No auth params configured for route so we continue
if (!authParams) {
return h.continue
}
const unverifiedServiceToken = utils.getServiceTokenFromRequest(req)
const serviceTokenSignSecret = options.serviceTokenSignSecret
log.debug('SAL got request to authorize',{
'x-imid-req-id': reqId,
serviceReqId: req.id,
unverifiedServiceToken
})
const result = await authorize({
authParams,
unverifiedServiceToken,
imidToken,
serviceTokenSignSecret,
request: req
})
log.debug('SAL authorize result',{
'x-imid-req-id': reqId,
serviceReqId: req.id,
result
})
if (result.err) {
if (result.err.internalData && result.err.internalData.serviceToken) {
utils.setCredentialsOnRequest(req, { credentials: { serviceToken: result.err.internalData.serviceToken } })
}
throw result.err
} else {
utils.setCredentialsOnRequest(req, { credentials: result.credentials, artifacts: result.artifacts })
utils.setIsAuthenticated(req)
return h.continue
}
})
// Register error handler
server.ext('onPreResponse', (req, h) => {
if (req.response.isBoom) {
const error = req.response
if (error.internalData && error.internalData.loginRedirectOrg) {
const response = h.response({
msg: error.publicMessage
})
response.header('x-imid-login-redirect-organization', error.internalData.loginRedirectOrg)
response.code(error.httpCode)
return response
} else if (error.isSALError || error.isImError) {
return error.hapiReply(h)
}
}
return h.continue
})
/* istanbul ignore next */
if (typeof next === 'function') {
next()
}
}
register.attributes = {
name: 'im-auth-jwt',
version: '1.0.0'
}
module.exports = {
name: 'im-auth-jwt',
version: '1.0.0',
register: register
}