feat: support for custom auth callback

Author: abose

src/auth/auth.js

@@ -2,8 +2,8 @@ import {isString} from "@aicore/libcommonutils";
 
 let key = null;
 const customAuthAPIPath = {},
-    API_AUTH_NONE = 1;
-    // API_AUTH_CUSTOM = 2;  maybe give a callback function here?
+    API_AUTH_NONE = 1,
+    API_AUTH_CUSTOM = 2;
 
 export function init(authKey) {
     if (!isString(authKey)) {
@@ -13,6 +13,9 @@ export function init(authKey) {
 }
 
 function _isBasicAuthPass(request) {
+    if (!request.headers) {
+        return false;
+    }
     const authHeader = request.headers.authorization;
     console.log(authHeader);
     if (!authHeader) {
@@ -42,14 +45,18 @@ function _getBaseURL(url = "") {
 }
 
 export function isAuthenticated(request) {
-    let customAuth = customAuthAPIPath[_getBaseURL(request.raw.url)] || {};
+    let customAuth = customAuthAPIPath[_getBaseURL(request.raw.url)];
+    if(!customAuth){
+        return _isBasicAuthPass(request);
+    }
     if( customAuth.authType === API_AUTH_NONE){
         return true;
     }
-    if (!request.headers) {
-        return false;
+    if( customAuth.authType === API_AUTH_CUSTOM && customAuth.authCallback){
+        return customAuth.authCallback(request);
     }
-    return _isBasicAuthPass(request);
+    // should never reach here, but future protect.
+    return false;
 }
 
 /**
@@ -63,6 +70,19 @@ export function addUnAuthenticatedAPI(apiPath) {
     };
 }
 
+/**
+ * There would be certain APIs that you have to provide your own custom auth logic. Use this API for that.
+ * @param {string} apiPath of the form "/path/to/api" , The route must exactly match the api name in `server.get` call.
+ * @param {function} authCallback will be called with the request and should return true if the request is authorised
+ * and able to continue, else return false.
+ */
+export function addCustomAuthorizer(apiPath, authCallback) {
+    customAuthAPIPath[apiPath] = {
+        authType: API_AUTH_CUSTOM,
+        authCallback
+    };
+}
+
 export function getAuthKey() {
     return key;
 }

test/unit/auth/auth-test.spec.js

@@ -1,4 +1,4 @@
-import {isAuthenticated, init, getAuthKey, addUnAuthenticatedAPI} from "../../../src/auth/auth.js";
+import {isAuthenticated, init, getAuthKey, addUnAuthenticatedAPI, addCustomAuthorizer} from "../../../src/auth/auth.js";
 /*global describe, it*/
 
 import * as chai from 'chai';
@@ -121,4 +121,23 @@ describe('unit tests for auth module', function () {
         expect(authenticated).eql(false);
     });
 
+    it('addCustomAuthorizer should be called for given api', function () {
+        let customAuthRequest;
+        addCustomAuthorizer("/testAPI01", (request)=>{
+            customAuthRequest = request;
+            return false;
+        });
+        const authenticated = isAuthenticated({
+            headers: {
+                abc: '123',
+                auth: 'custom'
+            }, raw: {
+                url: "/testAPI01#43?z=34"
+            }
+
+        }, {});
+        expect(authenticated).eql(false);
+        expect(customAuthRequest.headers.auth).eql('custom');
+    });
+
 });