Merge pull request #6 from lrichmon/jwt

Integrate JWT authentication

Author: Lee Richmond

README.md

@@ -18,7 +18,7 @@ const Person = Model.extend({
     baseUrl: 'http://localhost:3000',
     jsonapiType: 'people'
   },
-  
+
   firstName: attr(),
   lastName: attr(),
   fullName() {
@@ -32,12 +32,50 @@ Person.where({ name: 'Joe' }).page(2).per(10).sort('name').then((people) => {
 });
 ```
 
+### JSON Web Tokens
+
+jsorm supports setting a JWT and using it for all requests. Set it
+during `Config.setup` and all subsequents will pass it using the
+`Authorization` header:
+
+```es6
+const ApplicationRecord = Model.extend({
+  // code
+});
+
+const Person = ApplicationRecord.extend({
+  // code
+});
+
+const Author = ApplicationRecord.extend({
+  // code
+});
+
+Config.setup({ jwtOwners: [ApplicationRecord] });
+
+ApplicationRecord.jwt = 's0m3t0k3n';
+Author.all(); // sends JWT in Authorization header
+Author.getJWT(); // grabs from ApplicationRecord
+Author.setJWT('t0k3n'); // sets on ApplicationRecord
+```
+
+This means you could define `OtherApplicationRecord`, whose
+subclasses could use an alternate JWT for an alternate website.
+
+The token is sent in the following format:
+
+```
+Authorization: Token token="s0m3t0k3n"
+```
+
+If your application responds with `X-JWT` in the headers, jsorm will
+use this JWT for all subsequent requests (helpful when
+implementing token expiry).
+
 ### Roadmap
 
 * Find to throw error when record not found
-* Authentication from Node
 * Attribute transforms (type coercion)
 * Writes
 * Error / Validation handling
 * Nested Writes
-* Statistics

src/configuration.ts

@@ -9,9 +9,13 @@ export default class Config {
   static typeMapping: Object = {};
   static logger: Logger = new Logger();
 
-  static setup() : void {
+  static setup(options : Object) : void {
     for (let model of this.models) {
       this.typeMapping[model.jsonapiType] = model;
+
+      if (options['jwtOwners'] && options['jwtOwners'].indexOf(model) !== -1) {
+        model.isJWTOwner = true;
+      }
     }
 
     for (let model of this.models) {

src/model.ts

@@ -13,12 +13,14 @@ export default class Model {
   static apiNamespace = '/';
   static jsonapiType = 'define-in-subclass';
   static endpoint: string;
+  static isJWTOwner: boolean = false;
+  static jwt: string = null;
+  static parentClass: typeof Model;
 
   id: string;
   _attributes: Object = {};
   relationships: Object = {};
   __meta__: Object | void = null;
-  parentClass: typeof Model;
   klass: typeof Model;
 
   static attributeList = [];
@@ -38,8 +40,20 @@ export default class Model {
     return this._scope || new Scope(this);
   }
 
-  constructor(attributes?: Object) {
-    this.attributes = attributes;
+  static setJWT(token: string) : void {
+    this.getJWTOwner().jwt = token;
+  }
+
+  static getJWT() : string {
+    return this.getJWTOwner().jwt;
+  }
+
+  static getJWTOwner() : typeof Model {
+    if (this.isJWTOwner) {
+      return this;
+    } else {
+      return this.parentClass.getJWTOwner();
+    }
   }
 
   static all() : Promise<CollectionProxy<Model>> {
@@ -105,6 +119,10 @@ export default class Model {
     return deserialize(resource, payload);
   }
 
+  constructor(attributes?: Object) {
+    this.attributes = attributes;
+  }
+
   get attributes() : Object {
     return this._attributes;
   }

src/request.ts

@@ -2,16 +2,28 @@ import Config from './configuration';
 import colorize from './util/colorize';
 
 export default class Request {
-  get(url : string) : Promise<japiDoc> {
+  get(url : string, options: Object) : Promise<any> {
     Config.logger.info(colorize('cyan', 'GET: ') + colorize('magenta', url));
 
     return new Promise((resolve, reject) => {
-      fetch(url).then((response) => {
+      let headers = this.buildHeaders(options);
+
+      fetch(url, { headers }).then((response) => {
         response.json().then((json) => {
           Config.logger.debug(colorize('bold', JSON.stringify(json, null, 4)));
-          resolve(json);
+          resolve({ json, headers: response.headers });
         });
       });
     });
   }
+
+  private buildHeaders(options: Object) : any {
+    let headers = {};
+
+    if (options['jwt']) {
+      headers['Authorization'] = `Token token="${options['jwt']}"`
+    }
+
+    return headers;
+  }
 }

src/scope.ts

@@ -25,8 +25,7 @@ export default class Scope {
   all() : Promise<CollectionProxy<Model>> {
     return this._fetch(this.model.url()).then((json : japiDoc) => {
       let collection = new CollectionProxy(json);
-
-      return  collection;
+      return collection;
     });
   }
 
@@ -217,6 +216,14 @@ export default class Scope {
       url = `${url}?${qp}`;
     }
     let request = new Request();
-    return request.get(url);
+    let jwt = this.model.getJWT();
+
+    return request.get(url, { jwt }).then((response) => {
+      let jwtHeader = response.headers.get('X-JWT');
+      if (jwtHeader) {
+        this.model.setJWT(jwtHeader);
+      }
+      return response.json;
+    });
   }
 }

test/fixtures.ts

@@ -1,11 +1,13 @@
 import { Model, Config, attr, hasMany, belongsTo, hasOne } from '../src/main';
 
-// typescript class
-class Person extends Model {
+class ApplicationRecord extends Model {
   static baseUrl = 'http://example.com';
   static apiNamespace = '/api';
-  static endpoint = '/v1/people';
+}
 
+// typescript class
+class Person extends ApplicationRecord {
+  static endpoint = '/v1/people';
   static jsonapiType = 'people';
 
   firstName: string = attr();
@@ -27,36 +29,39 @@ let Author = Person.extend({
   bio:        hasOne('bios')
 });
 
-class Book extends Model {
+class Book extends ApplicationRecord {
   static jsonapiType = 'books';
 
   title: string = attr();
 }
 
-class Genre extends Model {
+class Genre extends ApplicationRecord {
   static jsonapiType = 'genres';
 
   authors: any = hasMany('authors')
 
   name: string = attr();
 }
 
-class Bio extends Model {
+class Bio extends ApplicationRecord {
   static jsonapiType = 'bios';
 
   description: string = attr()
 }
 
-class Tag extends Model {
+class Tag extends ApplicationRecord {
   static jsonapiType = 'tags';
 
   name: string = attr()
 }
 
-class MultiWord extends Model {
+class MultiWord extends ApplicationRecord {
   static jsonapiType = 'multi_words';
 }
 
-Config.setup();
+const TestJWTSubclass = ApplicationRecord.extend({
+});
+
+Config.setup({ jwtOwners: [ApplicationRecord, TestJWTSubclass] });
 
-export { Author, Person, Book, Genre, Bio, Tag };
+export { ApplicationRecord, TestJWTSubclass, Author, Person, Book, Genre, Bio, Tag };

test/integration/authorization-test.ts

@@ -0,0 +1,96 @@
+import '../../test/test-helper';
+import { ApplicationRecord, Author } from '../fixtures';
+
+let fetchMock = require('fetch-mock');
+
+after(function () {
+  fetchMock.restore();
+});
+
+describe('authorization headers', function() {
+  describe('when header is set on model class', function() {
+    beforeEach(function() {
+      ApplicationRecord.jwt = 'myt0k3n';
+    });
+
+    afterEach(function() {
+      fetchMock.restore();
+      ApplicationRecord.jwt = null;
+    });
+
+    it('is sent in request', function(done) {
+      fetchMock.mock((url, opts) => {
+        expect(opts.headers.Authorization).to.eq('Token token="myt0k3n"')
+        done();
+        return true;
+      }, 200);
+      Author.find(1);
+    });
+  });
+
+  describe('when header is NOT returned in response', function() {
+    beforeEach(function() {
+      fetchMock.get('http://example.com/api/v1/people', {
+        data: [
+          {
+            id: '1',
+            type: 'people',
+            attributes: {
+              name: 'John'
+            }
+          }
+        ]
+      });
+
+      ApplicationRecord.jwt = 'dont change me';
+    });
+
+    afterEach(function() {
+      fetchMock.restore();
+      ApplicationRecord.jwt = null;
+    });
+
+    it('does not override the JWT', function(done) {
+      Author.all().then((response) => {
+        expect(ApplicationRecord.jwt).to.eq('dont change me');
+        done();
+      });
+    });
+  });
+
+  describe('when header is returned in response', function() {
+    beforeEach(function() {
+      fetchMock.mock({
+        name: 'route',
+        matcher: '*',
+        response: {
+          status: 200,
+          body: { data: [] },
+          headers: {
+            'X-JWT': 'somet0k3n'
+          }
+        }
+      });
+    });
+
+    afterEach(function() {
+      fetchMock.restore();
+      ApplicationRecord.jwt = null;
+    });
+
+    it('is used in subsequent requests', function(done) {
+      Author.all().then((response) => {
+        fetchMock.restore();
+
+        fetchMock.mock((url, opts) => {
+          expect(opts.headers.Authorization).to.eq('Token token="somet0k3n"')
+          done();
+          return true;
+        }, 200);
+        expect(Author.getJWT()).to.eq('somet0k3n');
+        expect(ApplicationRecord.jwt).to.eq('somet0k3n');
+        Author.all();
+      });
+    });
+  });
+});

test/unit/model-test.ts

@@ -2,11 +2,45 @@
 
 import { sinon } from '../../test/test-helper';
 import { Model } from '../../src/main';
-import { Person, Author, Book, Genre, Bio } from '../fixtures';
+import { ApplicationRecord, TestJWTSubclass, Person, Author, Book, Genre, Bio } from '../fixtures';
 
 let instance;
 
 describe('Model', function() {
+  describe('.getJWTOwner', function() {
+    it('it finds the furthest ancestor where isJWTOwner', function() {
+      expect(Author.getJWTOwner()).to.eq(ApplicationRecord);
+      expect(Person.getJWTOwner()).to.eq(ApplicationRecord);
+      expect(ApplicationRecord.getJWTOwner()).to.eq(ApplicationRecord);
+      expect(TestJWTSubclass.getJWTOwner()).to.eq(TestJWTSubclass);
+    });
+  });
+
+  describe('#getJWT', function() {
+    beforeEach(function() {
+      ApplicationRecord.jwt = 'g3tm3';
+    });
+
+    afterEach(function() {
+      ApplicationRecord.jwt = null;
+    });
+
+    it('it grabs jwt from top-most parent', function() {
+      expect(Author.getJWT()).to.eq('g3tm3');
+    });
+  });
+
+  describe('#setJWT', function() {
+    afterEach(function() {
+      ApplicationRecord.jwt = null;
+    });
+
+    it('it sets jwt on the top-most parent', function() {
+      Author.setJWT('n3wt0k3n');
+      expect(ApplicationRecord.jwt).to.eq('n3wt0k3n');
+    });
+  });
+
   describe('#isType', function() {
     it('checks the jsonapiType of class', function() {
       instance = new Author()

tsconfig.json

@@ -20,4 +20,3 @@
     "test"
   ]
 }
-