unleash-server
Version:
Unleash is an enterprise ready feature flag service. It provides different strategies for handling feature flags.
61 lines • 2.35 kB
JavaScript
import { ApiTokenType } from '../types/model.js';
import { NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED, TOKEN_TYPE_ERROR_MESSAGE, } from './api-token-middleware.js';
export const backendApiAccessMiddleware = ({ getLogger, authentication, flagResolver, }, { apiTokenService }) => {
const logger = getLogger('/middleware/backend-token-middleware.ts');
logger.debug('Enabling backend-token middleware');
if (!authentication.enableApiToken) {
return (_req, _res, next) => next();
}
return async (req, res, next) => {
const onlyFeatureTokensWithFeatureAPIs = flagResolver.isEnabled('onlyFeatureTokensWithFeatureAPIs');
// Defer to api-token-middleware
if (!onlyFeatureTokensWithFeatureAPIs) {
return next();
}
try {
const apiToken = req.header('authorization');
if (!apiToken) {
res.status(401).send({
message: NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED,
});
return;
}
// Disallow PAT/Service account tokens and admin tokens
if (apiToken.startsWith('user:') || apiToken.startsWith('*:*')) {
res.status(403).send({
message: TOKEN_TYPE_ERROR_MESSAGE,
});
return;
}
const apiUser = apiToken
? await apiTokenService.getUserForToken(apiToken)
: undefined;
const { CLIENT, BACKEND } = ApiTokenType;
if (apiUser) {
if (apiUser.type !== CLIENT && apiUser.type !== BACKEND) {
res.status(403).send({
message: TOKEN_TYPE_ERROR_MESSAGE,
});
return;
}
req.user = apiUser;
next();
}
else {
res.status(401).send({
message: NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED,
});
return;
}
}
catch (error) {
logger.warn(error);
res.status(401).send({
message: NO_TOKEN_WHERE_TOKEN_WAS_REQUIRED,
});
return;
}
};
};
export default backendApiAccessMiddleware;
//# sourceMappingURL=backend-token-middleware.js.map