From 1064db3d2fd6fafa538699ac37784b360ca1652d Mon Sep 17 00:00:00 2001
From: Fred Boniface <fred@fjla.uk>
Date: Wed, 5 Apr 2023 00:58:48 +0100
Subject: [PATCH] Add authentication middleware

Signed-off-by: Fred Boniface <fred@fjla.uk>
---
 app.js                              | 10 ++++++++--
 src/middlewares/auth.middlewares.js | 25 +++++++++++++++++++++++++
 src/utils/auth.utils.js             | 12 ++++++++----
 3 files changed, 41 insertions(+), 6 deletions(-)
 create mode 100644 src/middlewares/auth.middlewares.js

diff --git a/app.js b/app.js
index ab77945..789962e 100644
--- a/app.js
+++ b/app.js
@@ -9,7 +9,10 @@ console.log(`Initialising OwlBoard`)
 // External Requires
 const express     = require('express');
 const app         = express();
+
+// Middleware
 const compression = require('compression')
+const authenticate= require('./src/middlewares/auth.middlewares')
 
 // Internal Requires
 const log      = require('./src/utils/log.utils');          // Log Helper
@@ -46,11 +49,11 @@ app.use((err, req, res, next) => {
   return;
 });
 
-// Express Submodules:
+// Middleware:
 app.use(express.json()); //JSON Parsing for POST Requests
 app.use(compression()) // Compress API Data if supported by client
 
-// Express Routes
+// Unauthenticated Routes
 app.use('/api/v1/list', listRtr);
 app.use('/api/v1/ldb', ldbRtr);
 app.use('/api/v1/kube', kubeRtr);
@@ -58,6 +61,9 @@ app.use('/api/v1/find', findRtr);
 app.use('/api/v1/issue', issueRtr);
 app.use('/api/v1/stats', statRtr)
 
+// Authented Routes
+app.use('/api/v1/ldbs', authenticate)
+
 // Start Express
 app.listen(srvPort, srvListen, (error) =>{
   if(!error) {
diff --git a/src/middlewares/auth.middlewares.js b/src/middlewares/auth.middlewares.js
new file mode 100644
index 0000000..c740895
--- /dev/null
+++ b/src/middlewares/auth.middlewares.js
@@ -0,0 +1,25 @@
+const utils = require('../utils/auth.utils')
+const log   = require('../utils/log.utils')
+
+module.exports = async function authCheck(req, res, next) {
+    log.out(`authMiddlewares: Checking authentication`, "INFO")
+    try {
+        var uuid = req.headers.uuid
+    } catch(err) {
+        log.out(`authMiddlewares: No authentication attempted`, "INFO")
+        err.status = 401
+        return next(err)
+    }
+    try {
+        var result = await utils.isAuthed(uuid) | false
+        if (!result) {
+            const err = new Error("Unauthorised");
+            err.status = 401
+            return next(err)
+        } else {
+            return next()
+        }
+    } catch(err) {
+        return next(err)
+    }
+}
\ No newline at end of file
diff --git a/src/utils/auth.utils.js b/src/utils/auth.utils.js
index fdaf571..72e3145 100644
--- a/src/utils/auth.utils.js
+++ b/src/utils/auth.utils.js
@@ -3,11 +3,15 @@ const crypto = require('crypto')
 const db = require('../services/dbAccess.services')
 
 // Checks users registration key against issued keys
-async function checkUser(key) {  // Needs testing
+async function isAuthed(key) {  // Needs testing
+    return false;
     q = {uuid: key};
     res = db.query("registrations", q);
     log.out(`authUtils.checkUser: DB Query answer: ${await res}`)
-    return await res
+    
+    // Do something here to determine if authorised or not and simply return a BOOL
+    
+    return
 }
 
 // Creates an API key for a user
@@ -15,7 +19,7 @@ async function generateKey() {  // Needs testing
     return crypto.randomUUID()
 };
 
-module.export = {
-    checkUser,
+module.exports = {
+    isAuthed,
     generateKey
 }
\ No newline at end of file