From 1064db3d2fd6fafa538699ac37784b360ca1652d Mon Sep 17 00:00:00 2001 From: Fred Boniface Date: Wed, 5 Apr 2023 00:58:48 +0100 Subject: [PATCH] Add authentication middleware Signed-off-by: Fred Boniface --- app.js | 10 ++++++++-- src/middlewares/auth.middlewares.js | 25 +++++++++++++++++++++++++ src/utils/auth.utils.js | 12 ++++++++---- 3 files changed, 41 insertions(+), 6 deletions(-) create mode 100644 src/middlewares/auth.middlewares.js diff --git a/app.js b/app.js index ab77945..789962e 100644 --- a/app.js +++ b/app.js @@ -9,7 +9,10 @@ console.log(`Initialising OwlBoard`) // External Requires const express = require('express'); const app = express(); + +// Middleware const compression = require('compression') +const authenticate= require('./src/middlewares/auth.middlewares') // Internal Requires const log = require('./src/utils/log.utils'); // Log Helper @@ -46,11 +49,11 @@ app.use((err, req, res, next) => { return; }); -// Express Submodules: +// Middleware: app.use(express.json()); //JSON Parsing for POST Requests app.use(compression()) // Compress API Data if supported by client -// Express Routes +// Unauthenticated Routes app.use('/api/v1/list', listRtr); app.use('/api/v1/ldb', ldbRtr); app.use('/api/v1/kube', kubeRtr); @@ -58,6 +61,9 @@ app.use('/api/v1/find', findRtr); app.use('/api/v1/issue', issueRtr); app.use('/api/v1/stats', statRtr) +// Authented Routes +app.use('/api/v1/ldbs', authenticate) + // Start Express app.listen(srvPort, srvListen, (error) =>{ if(!error) { diff --git a/src/middlewares/auth.middlewares.js b/src/middlewares/auth.middlewares.js new file mode 100644 index 0000000..c740895 --- /dev/null +++ b/src/middlewares/auth.middlewares.js @@ -0,0 +1,25 @@ +const utils = require('../utils/auth.utils') +const log = require('../utils/log.utils') + +module.exports = async function authCheck(req, res, next) { + log.out(`authMiddlewares: Checking authentication`, "INFO") + try { + var uuid = req.headers.uuid + } catch(err) { + log.out(`authMiddlewares: No authentication attempted`, "INFO") + err.status = 401 + return next(err) + } + try { + var result = await utils.isAuthed(uuid) | false + if (!result) { + const err = new Error("Unauthorised"); + err.status = 401 + return next(err) + } else { + return next() + } + } catch(err) { + return next(err) + } +} \ No newline at end of file diff --git a/src/utils/auth.utils.js b/src/utils/auth.utils.js index fdaf571..72e3145 100644 --- a/src/utils/auth.utils.js +++ b/src/utils/auth.utils.js @@ -3,11 +3,15 @@ const crypto = require('crypto') const db = require('../services/dbAccess.services') // Checks users registration key against issued keys -async function checkUser(key) { // Needs testing +async function isAuthed(key) { // Needs testing + return false; q = {uuid: key}; res = db.query("registrations", q); log.out(`authUtils.checkUser: DB Query answer: ${await res}`) - return await res + + // Do something here to determine if authorised or not and simply return a BOOL + + return } // Creates an API key for a user @@ -15,7 +19,7 @@ async function generateKey() { // Needs testing return crypto.randomUUID() }; -module.export = { - checkUser, +module.exports = { + isAuthed, generateKey } \ No newline at end of file