-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathwebtask.js
More file actions
123 lines (102 loc) · 3.19 KB
/
webtask.js
File metadata and controls
123 lines (102 loc) · 3.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
var jwt = require('express-jwt');
var Express = require('express');
var Webtask = require('webtask-tools');
var _ = require('lodash');
var request = require('request');
var bodyParser = require('body-parser');
var genfun = require('generate-function');
var app = Express();
app.use(bodyParser.json());
app.use(function getAuth0Config (req, res, done) {
var secrets = req.webtaskContext.secrets;
// load auth0 config object with secret values
req.auth0 = {
client_id: secrets.client_id,
client_secret: secrets.client_secret,
domain: secrets.domain,
admin_authz: null,
api_access_token: secrets.api_access_token
};
if (secrets.admin_authz) {
// attempt to parse admin_authz into a function
try {
req.auth0.admin_authz = genfun()
(secrets.admin_authz)
.toFunction();
} catch (e) {
return done(new Error('admin_authz secret could not be parsed into a JavaScript function: ' + e));
}
}
// assert that all values were populated
var missingKeys = Object.keys(req.auth0).reduce(function (previous, key) {
var secret = req.auth0[key];
if (secret === undefined)
previous.push(key);
return previous;
}, []);
if (missingKeys.length > 0)
return done(new Error('Missing secrets: ' + missingKeys));
done();
});
// authenticate
app.use(jwt({
secret: function(req, payload, done) {
done(null, new Buffer(req.auth0.client_secret, 'base64'));
}
}));
// authorize
app.use(function authorize (req, res, done) {
var issuer = 'https://' + req.auth0.domain + '/';
if (req.user.iss !== issuer)
return res.status(401).send('Untrusted issuer');
if (req.user.aud !== req.auth0.client_id)
return res.status(401).send('Incorrect audience');
// admin for all users
if (req.auth0.admin_authz.length === 1 && !req.auth0.admin_authz(req.user))
return res.status(401).send('User unauthorized');
done();
});
// endpoints
function apiReverseProxy (req, res, next) {
var opts = {
method: req.method,
uri: 'https://' + req.auth0.domain + '/api/v2' + req.path,
qs: _.omit(req.query, 'webtask_no_cache'),
auth: { bearer: req.auth0.api_access_token },
json: Object.keys(req.body).length > 0 ? req.body : null
};
request(opts)
.on('request', function (request) {
var loggedRequest = {
method: request.method,
path: request.path,
headers: _.clone(request._headers)
};
loggedRequest.headers.authorization = 'Bearer XXX';
console.log('Auth0 API Call:', {
by_user: req.user.sub,
request: loggedRequest
});
})
.on('error', function (err) {
console.log(err);
})
.pipe(res);
}
app.get('/users', apiReverseProxy);
app.post('/users', apiReverseProxy);
app.get('/users/:id', apiReverseProxy);
app.del('/users/:id', apiReverseProxy);
app.patch('/users/:id', apiReverseProxy);
// errors
app.use(function errorHandler (err, req, res, next) {
if (err.message && err.status && err.status < 500) {
// client errors
res.status(err.status).send(err.message);
} else {
// server errors
console.log(err.stack ? err.stack : err);
res.status(500).send('Something borked!');
}
});
module.exports = Webtask.fromExpress(app);