updated valid value check secured api, bearer token extraction

UmmulkiramR · UmmulkiramR · commit 742e09d95e28 · 2024-06-14T11:56:17.000-04:00
diff --git a/.env.example b/.env.example
@@ -21,6 +21,10 @@ CLIENT_SECRET=
 AUTH_WRITE_SCOPES=[]
 AUTH_STRATEGY= # valid values -> EGO or KEYCLOAK or NONE
 AUTH_SERVER_URL: # "https://ego.url" OR "http://localhost/realms/keycloak-realm". This property will be empty or absent for AUTH_STRATEGY = NONE
+
+# SECURED_API can be used to specify which of the APIs need authentication.
+# Can be empty or absent for AUTH_STRATEGY = NONE.
+# If omitted for AUTH_STRATEGY != NONE then all apis will need authentication by default.
 SECURED_API = ["CREATE", "FIND"]
 AUTH_PUBLICKEY_CACHE = 1d
 
diff --git a/src/config-validator.ts b/src/config-validator.ts
@@ -67,15 +67,16 @@ export const getArray = (name: string): ZodString['_output'][] => {
 	}
 };
 
-export const getEnum = <T extends [string, ...string[]]>(name: string, zEnum: ZodEnum<T>): z.infer<ZodEnum<T>> => {
-    const value = process.env[name];
+export const getEnum = <T extends [string, ...string[]]>(name: string, zEnum: ZodEnum<T>, value: string | undefined = ''): z.infer<ZodEnum<T>> => {
+    if(!value || value?.length==0) value = process.env[name];
     const stringValue = zEnum.safeParse(value);
     if (!stringValue.success) {
-        throw new Error(`Environment variable ${name} is invalid value. Value should be one of ${zEnum.options}`);
+        throw new Error(`Environment variable ${name} has an invalid value. Valid values are: ${zEnum.options}`);
     }
     return stringValue.data;
 };
 
+
 export const getRecord = (name: string): ZodRecord<ZodString, ZodString> => {
 	const config_entry = `${name.toUpperCase()}_SEARCH`;
 	return z.record(
diff --git a/src/config.ts b/src/config.ts
@@ -12,7 +12,7 @@ import {
 } from './config-validator.js';
 import { SchemaInfo } from './middlewares/datasource.js';
 import {RecordType, z} from "zod";
-import {authList, AuthStrategy} from "./middlewares/autorization/auth-types.js";
+import {apiList, authList, AuthStrategy, SecuredApi} from "./middlewares/autorization/auth-types.js";
 
 if (dotenv.config().error) {
 	console.log(`Error loading environment variables, aborting.`);
@@ -41,9 +41,11 @@ export const logging: boolean = JSON.parse(process.env.DB_LOGGING || 'false');
 export const entityList = getRequiredArray('ENTITY_LIST');
 
 export const scopes = getArray('SCOPES');
-export const securedApi = getArray('SECURED_API');
 export const dbSequences = getArray('DB_SEQUENCES');
 
+export const securedApi = getArray('SECURED_API');
+securedApi.forEach(api => {getEnum('SECURED_API', z.enum(apiList), api)});
+
 export const authStrategy: AuthStrategy = getEnum('AUTH_STRATEGY', z.enum(authList));
 
 export const schemaDefinitions: Map<string, SchemaInfo> = new Map<string, SchemaInfo>();
diff --git a/src/middlewares/autorization/auth-types.ts b/src/middlewares/autorization/auth-types.ts
@@ -1,7 +1,10 @@
 import {NextFunction, Request, Response} from "express";
 
 export const authList = ['EGO', 'KEYCLOAK', 'NONE'] as const;
-export type AuthStrategy= 'EGO' | 'KEYCLOAK' | 'NONE';
+export type AuthStrategy = 'EGO' | 'KEYCLOAK' | 'NONE';
+
+export const apiList = ['CREATE', 'FIND'] as const;
+export type SecuredApi = 'CREATE' | 'FIND';
 
 export interface AuthorizationStrategy {
     authHandler(req: Request, res: Response, next: NextFunction): Promise<void>;
diff --git a/src/middlewares/autorization/auth-util.ts b/src/middlewares/autorization/auth-util.ts
@@ -2,7 +2,6 @@ import { NextFunction, Request, Response } from 'express';
 import {authStrategy, securedApi} from '../../config.js';
 import egoAuth from './ego-auth-handler.js';
 import keycloakAuth from './keycloak-auth-handler.js';
-import { ForbiddenError, UnauthorizedError } from '../error-handler';
 
 function getAuthStrategy() {
 	if (authStrategy === 'EGO') {
@@ -26,8 +25,12 @@ export function authorize(action: string){
 
 export function extractHeaderToken(req: Request) {
 	const authorization = req.headers.authorization||'';
-	const token: string = authorization.split(' ')[1];
-	return token;
+	console.log(authorization);
+	if (authorization.startsWith('Bearer ')) {
+		const token = authorization.substring(7, authorization.length);
+		return token;
+	}
+	return '';
 }
 
 export function isJwt(tokenString: string) {
@@ -44,4 +47,4 @@ export function isJwt(tokenString: string) {
 		return false;
 	}
 	return true;
-}
+}
diff --git a/src/services/id-service.ts b/src/services/id-service.ts
@@ -82,7 +82,6 @@ function validateSearchParams(searchCriteria: RecordType<string, string>) {
 }
 
 function getSearchCriteria(entity: string, requestParams: Record<string, string>) {
-	const property = `${entity.toUpperCase()}_SEARCH`;
 	const search = config.searchCriterias.get(entity);
 	const keyCriteria = {...search};
 	for (const param in requestParams) {

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,6 @@ function validateSearchParams(searchCriteria: RecordType<string, string>) {`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`function getSearchCriteria(entity: string, requestParams: Record<string, string>) {`
`85`		- const property = `${entity.toUpperCase()}_SEARCH`;
`86`	`85`	`const search = config.searchCriterias.get(entity);`
`87`	`86`	`const keyCriteria = {...search};`
`88`	`87`	`for (const param in requestParams) {`