feat: support for public apis without auth and tests

Author: abose

.gitignore

@@ -6,6 +6,10 @@ yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 
+# config files
+src/.app.json
+src/app.json
+
 # IDE exclusions
 .idea
 

README.md

@@ -2,7 +2,8 @@
 
 ```shell
 # do this to start server
-export export  APP_CONFIG=./src/.app.json
+cp ./src/a.json ./src/.app.json
+export APP_CONFIG=./src/.app.json
 npm install
 npm run serve 
 

src/auth/auth.js

@@ -1,6 +1,9 @@
 import {isString} from "@aicore/libcommonutils";
 
 let key = null;
+const customAuthAPIPath = {},
+    API_AUTH_NONE = 1;
+    // API_AUTH_CUSTOM = 2;  maybe give a callback function here?
 
 export function init(authKey) {
     if (!isString(authKey)) {
@@ -9,10 +12,7 @@ export function init(authKey) {
     key = authKey;
 }
 
-export function isAuthenticated(request) {
-    if (!request.headers) {
-        return false;
-    }
+function _isBasicAuthPass(request) {
     const authHeader = request.headers.authorization;
     console.log(authHeader);
     if (!authHeader) {
@@ -31,6 +31,38 @@ export function isAuthenticated(request) {
     return false;
 }
 
+/**
+ * path of form '/x/y#df?a=30' to '/x/y' or 'https://d/x/y#df?a=30' to 'https://d/x/y'
+ * @param url any url
+ * @return {string} url or path without any query string or # params
+ * @private
+ */
+function _getBaseURL(url = "") {
+    return url.split("?")[0].split("#")[0];
+}
+
+export function isAuthenticated(request) {
+    let customAuth = customAuthAPIPath[_getBaseURL(request.raw.url)] || {};
+    if( customAuth.authType === API_AUTH_NONE){
+        return true;
+    }
+    if (!request.headers) {
+        return false;
+    }
+    return _isBasicAuthPass(request);
+}
+
+/**
+ * There would be certain APIs that you need to work without auth. This function sets a given API path
+ * as requiring no authentication.
+ * @param {string} apiPath of the form "/path/to/api" , The route must exactly match the api name in `server.get` call.
+ */
+export function addUnAuthenticatedAPI(apiPath) {
+    customAuthAPIPath[apiPath] = {
+        authType: API_AUTH_NONE
+    };
+}
+
 export function getAuthKey() {
     return key;
 }

src/server.js

@@ -17,7 +17,7 @@
  */
 
 import fastify from "fastify";
-import {init, isAuthenticated} from "./auth/auth.js";
+import {init, isAuthenticated, addUnAuthenticatedAPI} from "./auth/auth.js";
 import {HTTP_STATUS_CODES} from "@aicore/libcommonutils";
 import {getConfigs} from "./utils/configs.js";
 import {getHelloSchema, hello} from "./api/hello.js";
@@ -34,10 +34,17 @@ server.addHook('onRequest', (request, reply, done) => {
     }
 });
 
+// public hello api
+addUnAuthenticatedAPI('/hello');
 server.get('/hello', getHelloSchema(), function (request, reply) {
     return hello(request, reply);
 });
 
+// An authenticated version of the hello api
+server.get('/helloAuth', getHelloSchema(), function (request, reply) {
+    return hello(request, reply);
+});
+
 /**
  * It starts the server and listens on the port specified in the configs
  */

test/integration/hello.spec.js

@@ -15,16 +15,22 @@ describe('Integration Tests for hello api', function () {
         await close();
     });
 
-    it('should say hello', async function () {
-        let output = await fetch("http://localhost:5000/hello?name=world", { method: 'GET', headers: {
+    it('should say hello without auth', async function () {
+        let output = await fetch("http://localhost:5000/hello?name=world", { method: 'GET'});
+        output = await output.json();
+        expect(output).eql({message: "hello world"});
+    });
+
+    it('should say helloAuth if authorised', async function () {
+        let output = await fetch("http://localhost:5000/helloAuth?name=world", { method: 'GET', headers: {
             authorization: "Basic hehe"
         }});
         output = await output.json();
         expect(output).eql({message: "hello world"});
     });
 
-    it('should not say hello if unauthorised', async function () {
-        let output = await fetch("http://localhost:5000/hello?name=world", { method: 'GET'});
+    it('should not say helloAuth if unauthorised', async function () {
+        let output = await fetch("http://localhost:5000/helloAuth?name=world", { method: 'GET'});
         output = await output.json();
         expect(output).eql({
             "error": "Unauthorized",

test/unit/auth/auth-test.spec.js

@@ -1,4 +1,4 @@
-import {isAuthenticated, init, getAuthKey} from "../../../src/auth/auth.js";
+import {isAuthenticated, init, getAuthKey, addUnAuthenticatedAPI} from "../../../src/auth/auth.js";
 /*global describe, it*/
 
 import * as chai from 'chai';
@@ -30,21 +30,27 @@ describe('unit tests for auth module', function () {
         const authenticated = isAuthenticated({
             headers: {
                 authorization: 'Basic 1'
+            }, raw: {
+                url: ""
             }
 
         }, {});
         expect(authenticated).eql(true);
     });
     it('isAuthenticated should fail if headers are missing', function () {
         init(getConfigs().authKey);
-        const authenticated = isAuthenticated({}, {});
+        const authenticated = isAuthenticated({raw: {
+            url: ""
+        }}, {});
         expect(authenticated).eql(false);
     });
     it('isAuthenticated should fail', function () {
         init('1');
         const authenticated = isAuthenticated({
             headers: {
                 authorization: 'Basic 10'
+            }, raw: {
+                url: ""
             }
 
         }, {});
@@ -56,6 +62,8 @@ describe('unit tests for auth module', function () {
         const authenticated = isAuthenticated({
             headers: {
                 authorization: 'Basic 1 1234'
+            }, raw: {
+                url: ""
             }
 
         }, {});
@@ -66,6 +74,8 @@ describe('unit tests for auth module', function () {
         const authenticated = isAuthenticated({
             headers: {
                 authorization: '123 1'
+            }, raw: {
+                url: ""
             }
 
         }, {});
@@ -76,6 +86,35 @@ describe('unit tests for auth module', function () {
         const authenticated = isAuthenticated({
             headers: {
                 abc: '123'
+            }, raw: {
+                url: ""
+            }
+
+        }, {});
+        expect(authenticated).eql(false);
+    });
+
+    it('addUnAuthenticatedAPI should disable authentication for given api', function () {
+        init(getConfigs().authKey);
+        addUnAuthenticatedAPI("/testAPI01");
+        const authenticated = isAuthenticated({
+            headers: {
+                abc: '123'
+            }, raw: {
+                url: "/testAPI01#43?z=34"
+            }
+
+        }, {});
+        expect(authenticated).eql(true);
+    });
+
+    it('addUnAuthenticatedAPI should not disable authentication if api signature mismatch with /', function () {
+        addUnAuthenticatedAPI("/testAPI01");
+        const authenticated = isAuthenticated({
+            headers: {
+                abc: '123'
+            }, raw: {
+                url: "/testAPI01/#43?z=34" // note the / at the end of url
             }
 
         }, {});