impress-2020/src/server/auth.js

const util = require("util");

const jwtVerify = util.promisify(require("jsonwebtoken").verify);
const jwksClient = require("jwks-rsa");

const jwks = jwksClient({
  jwksUri: "https://openneo.us.auth0.com/.well-known/jwks.json",
});

async function getJwtKey(header, callback) {
  jwks.getSigningKey(header.kid, (err, key) => {
    if (err) {
      return callback(null, signingKey);
    }
    const signingKey = key.publicKey || key.rsaPublicKey;
    callback(null, signingKey);
  });
}

async function getUserIdFromToken(token) {
  if (!token) {
    return null;
  }

  let payload;
  try {
    payload = await jwtVerify(token, getJwtKey, {
      audience: "https://impress-2020.openneo.net/api",
      issuer: "https://openneo.us.auth0.com/",
      algorithms: ["RS256"],
    });
  } catch (e) {
    console.error(`Invalid auth token: ${token}`, e);
    return null;
  }

  const subMatch = payload.sub.match(/auth0\|impress-([0-9]+)/);
  if (!subMatch) {
    console.log("Unexpected auth token sub format", payload.sub);
    return null;
  }
  const userId = subMatch[1];
  return userId;
}

module.exports = { getUserIdFromToken };
extract server auth into auth.js This is just a nice cleanup, but it also supports a test mock I want to do next, to mock logins for the test db without having to round-trip to auth0. 2020-10-22 19:53:10 -07:00			`const util = require("util");`

			`const jwtVerify = util.promisify(require("jsonwebtoken").verify);`
			`const jwksClient = require("jwks-rsa");`

			`const jwks = jwksClient({`
			`jwksUri: "https://openneo.us.auth0.com/.well-known/jwks.json",`
			`});`

			`async function getJwtKey(header, callback) {`
			`jwks.getSigningKey(header.kid, (err, key) => {`
			`if (err) {`
			`return callback(null, signingKey);`
			`}`
			`const signingKey = key.publicKey \|\| key.rsaPublicKey;`
			`callback(null, signingKey);`
			`});`
			`}`

			`async function getUserIdFromToken(token) {`
			`if (!token) {`
			`return null;`
			`}`

			`let payload;`
			`try {`
			`payload = await jwtVerify(token, getJwtKey, {`
			`audience: "https://impress-2020.openneo.net/api",`
			`issuer: "https://openneo.us.auth0.com/",`
			`algorithms: ["RS256"],`
			`});`
			`} catch (e) {`
fix bugs in auth mocking for tests 2020-10-27 22:16:34 -07:00			console.error(`Invalid auth token: ${token}`, e);
extract server auth into auth.js This is just a nice cleanup, but it also supports a test mock I want to do next, to mock logins for the test db without having to round-trip to auth0. 2020-10-22 19:53:10 -07:00			`return null;`
			`}`

			`const subMatch = payload.sub.match(/auth0\\|impress-([0-9]+)/);`
			`if (!subMatch) {`
			`console.log("Unexpected auth token sub format", payload.sub);`
			`return null;`
			`}`
			`const userId = subMatch[1];`
			`return userId;`
			`}`

			`module.exports = { getUserIdFromToken };`