@stokr/utils/authenticator.js

STOKR - Utils

import jwtApi from './libs/jwt-module.js'
import axios from 'axios'

const internalApi = axios.create({ baseURL: 'http://api-gateway-internal:3000/api/v1' })

const checkHeader = async (req, _res) => {
    const userId = req.headers['userid']
    if (req.headers['gatewaypassed'] === 'ok' && userId) {
        req.user = (await internalApi.post('user/checkUserRoles', { userId })).data
    }
    return !!req.user
}

const checkClientSignature = async (req, _res) => {
    if (req.headers['client_signature']) {
        const jwtToken = req.headers['client_signature']
        req.client_signature = await jwtApi.verify(jwtToken, {
            ...config.jwt.options,
        })
        req.headers['signature_verified'] = 'ok'
    }
    return !!req.client_signature
}

export const requireRole = (role) => async (req, res, next) => {
    if (
        (await checkClientSignature(req)) ||
        ((await checkHeader(req)) && req.user.roles.includes(role))
    ) {
        return next()
    }
    res.status(403).send('E_FORBIDDEN')
}

export const onlyInternal = async (req, res, next) => {
    if (await checkClientSignature(req)) {
        return next()
    }
    res.status(403).send('E_FORBIDDEN')
}

export const all = async (req, res, next) => {
    if ((await checkClientSignature(req)) || (await checkHeader(req))) {
        return next()
    }
    res.status(403).send('E_FORBIDDEN')
}