Re-implement a working auth middleware

Signed-off-by: Fred Boniface <fred@fjla.uk>
2024-02-05 19:55:10 +00:00 · 2024-02-05 19:55:10 +00:00 · 88cf7d3d15
parent e1ba881be4
commit 88cf7d3d15
7 changed files with 148 additions and 43 deletions
--- a/app.js
+++ b/app.js
@ -27,6 +27,7 @@ const live2Rtr = require("./src/routes/live.routes"); // API Version 2 Routes
 const tt2Rtr = require("./src/routes/timetable.routes"); // API Version 2
 const user2Rtr = require("./src/routes/user.routes"); // API Version 2 Routes
 const miscRtr = require("./src/routes/misc.routes"); // Non-Public API Routes
+const testRtr = require("./src/routes/test.routes");

 // Set Server Configurations
 const srvListen = process.env.OWL_SRV_LISTEN || "0.0.0.0";
--- a/package-lock.json
+++ b/package-lock.json
@ -25,6 +25,7 @@
      },
      "devDependencies": {
        "@owlboard/ts-types": "^0.1.8",
+        "@types/express": "^4.17.21",
        "@types/jest": "^29.5.3",
        "eslint": "^8.39.0",
        "jest": "^29.6.2",
@ -2636,6 +2637,49 @@
        "@babel/types": "^7.20.7"
      }
    },
+    "node_modules/@types/body-parser": {
+      "version": "1.19.5",
+      "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz",
+      "integrity": "sha512-fB3Zu92ucau0iQ0JMCFQE7b/dv8Ot07NI3KaZIkIUNXq82k4eBAqUaneXfleGY9JWskeS9y+u0nXMyspcuQrCg==",
+      "dev": true,
+      "dependencies": {
+        "@types/connect": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/connect": {
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz",
+      "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==",
+      "dev": true,
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/express": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz",
+      "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==",
+      "dev": true,
+      "dependencies": {
+        "@types/body-parser": "*",
+        "@types/express-serve-static-core": "^4.17.33",
+        "@types/qs": "*",
+        "@types/serve-static": "*"
+      }
+    },
+    "node_modules/@types/express-serve-static-core": {
+      "version": "4.17.43",
+      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.43.tgz",
+      "integrity": "sha512-oaYtiBirUOPQGSWNGPWnzyAFJ0BP3cwvN4oWZQY+zUBwpVIGsKUkpBpSztp74drYcjavs7SKFZ4DX1V2QeN8rg==",
+      "dev": true,
+      "dependencies": {
+        "@types/node": "*",
+        "@types/qs": "*",
+        "@types/range-parser": "*",
+        "@types/send": "*"
+      }
+    },
    "node_modules/@types/graceful-fs": {
      "version": "4.1.6",
      "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.6.tgz",
@ -2645,6 +2689,12 @@
        "@types/node": "*"
      }
    },
+    "node_modules/@types/http-errors": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz",
+      "integrity": "sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==",
+      "dev": true
+    },
    "node_modules/@types/istanbul-lib-coverage": {
      "version": "2.0.4",
      "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.4.tgz",
@ -2679,11 +2729,50 @@
        "pretty-format": "^29.0.0"
      }
    },
+    "node_modules/@types/mime": {
+      "version": "1.3.5",
+      "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz",
+      "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==",
+      "dev": true
+    },
    "node_modules/@types/node": {
      "version": "20.6.2",
      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.6.2.tgz",
      "integrity": "sha512-Y+/1vGBHV/cYk6OI1Na/LHzwnlNCAfU3ZNGrc1LdRe/LAIbdDPTTv/HU3M7yXN448aTVDq3eKRm2cg7iKLb8gw=="
    },
+    "node_modules/@types/qs": {
+      "version": "6.9.11",
+      "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.11.tgz",
+      "integrity": "sha512-oGk0gmhnEJK4Yyk+oI7EfXsLayXatCWPHary1MtcmbAifkobT9cM9yutG/hZKIseOU0MqbIwQ/u2nn/Gb+ltuQ==",
+      "dev": true
+    },
+    "node_modules/@types/range-parser": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz",
+      "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==",
+      "dev": true
+    },
+    "node_modules/@types/send": {
+      "version": "0.17.4",
+      "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz",
+      "integrity": "sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA==",
+      "dev": true,
+      "dependencies": {
+        "@types/mime": "^1",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/serve-static": {
+      "version": "1.15.5",
+      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.5.tgz",
+      "integrity": "sha512-PDRk21MnK70hja/YF8AHfC7yIsiQHn1rcXx7ijCFBX/k+XQJhQT/gw3xekXKJvx+5SXaMMS8oqQy09Mzvz2TuQ==",
+      "dev": true,
+      "dependencies": {
+        "@types/http-errors": "*",
+        "@types/mime": "*",
+        "@types/node": "*"
+      }
+    },
    "node_modules/@types/stack-utils": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.1.tgz",
--- a/package.json
+++ b/package.json
@ -34,6 +34,7 @@
  },
  "devDependencies": {
    "@owlboard/ts-types": "^0.1.8",
+    "@types/express": "^4.17.21",
    "@types/jest": "^29.5.3",
    "eslint": "^8.39.0",
    "jest": "^29.6.2",
--- a/src/controllers/train.controllers.js
+++ b/src/controllers/train.controllers.js
@ -17,12 +17,12 @@ async function getByHeadcodeToday(req, res, next) {
 }

 async function get(req, res, next) {
-/*  if (!req.isAuthed) {
+  if (!req.isAuthed) {
    const err = new Error("Unauthorized");
    err.status = 401;
    next(err);
-  }  -_-_-_ TEMP DISABLE AUTH _-_-_-
-*/  let date = req.params.date;
+  }
+  let date = req.params.date;
  let searchType = req.params.searchType;
  let id = req.params.id;
  try {
--- a/src/middlewares/auth.middlewares.js
+++ b/src/middlewares/auth.middlewares.js
@ -1,40 +0,0 @@
-const utils = require("../utils/auth.utils");
-const logger = require("../utils/logger.utils");
-
-module.exports = async function authCheck(req, res, next) {
-  //log.out("authMiddlewares: Checking authentication", "dbug");
-  logger.logger.debug("Auth check starting");
-  if (process.env.NODE_ENV === "development") {
-    logger.logger.warn("DEVELOPMENT MODE - AUTHENTICATION DISABLED");
-    res.isAuthed = true;
-    return next();
-  }
-  try {
-    var uuid = req.headers.uuid;
-  } catch (err) {
-    logger.logger.warn("Unable to read UUID header - Not authenticated");
-    req.isAuthed = false;
-    return next();
-  }
-  try {
-    var result = (await utils.isAuthed(uuid)) || false;
-    if (!result) {
-      req.isAuthed = false;
-      //log.out("authMiddlewares: User !isAuthed", "dbug");
-      logger.logger.debug("Auth denied");
-    } else {
-      req.isAuthed = true;
-      //log.out("authMiddlewares: User isAuthed", "dbug");
-      logger.logger.debug("Auth successful");
-    }
-    return next();
-  } catch (err) {
-    /*log.out(
-      "authMiddlewares: Unable to check auth, default to !isAuthed",
-      "warn"
-    );*/
-    logger.logger.error(err, `Auth check failed`);
-    req.isAuthed = false;
-    return next(err);
-  }
-};
--- a/src/middlewares/auth.middlewares.ts
+++ b/src/middlewares/auth.middlewares.ts
@ -0,0 +1,42 @@
+import { NextFunction, Request, Response } from "express";
+
+const utils = require("../utils/auth.utils");
+const logger = require("../utils/logger.utils");
+
+module.exports = async function authCheck(req: Request, res: Response, next: NextFunction) {
+  logger.logger.debug("auth.middleware: Auth check begun");
+  if (process.env.NODE_ENV === "development") {
+    req.isAuthed = true;
+    logger.logger.warn("auth.middleware: DEV MODE - Access Granted");
+    next();
+  } else {
+    const id: string | string[] | undefined = req.headers.uuid;
+    if (typeof id === 'undefined') {
+      req.isAuthed = false;
+      logger.logger.info("auth.middleware: Authentication failed");
+      next();
+    } else if (typeof id === 'string') {
+      const authCheck = await utils.isAuthed(id) || false;
+      if (authCheck) {
+        req.isAuthed = true;
+        logger.logger.info("auth.middleware: Authentication Successful");
+        next();
+      } else {
+        req.isAuthed = false;
+        logger.logger.info("auth.middleware: Authentication Failed");
+        next();
+      }
+    } else if (Array.isArray(id)) {
+      const authCheck = await utils.isAuthed(id[0]) || false;
+      if (authCheck) {
+        req.isAuthed = true;
+        logger.logger.warn("auth.middleware: UUID Passed as Array - Authentication Successful");
+        next();
+      } else {
+        req.isAuthed = false;
+        logger.logger.warn("auth.middleware: UUID Passed as Array - Authentication Failed");
+        next();
+      }
+    }
+  }
+};
--- a/src/types/index.d.ts
+++ b/src/types/index.d.ts
@ -0,0 +1,12 @@
+// src/types/express/index.d.ts
+
+// to make the file a module and avoid the TypeScript error
+export {}
+
+declare global {
+  namespace Express {
+    export interface Request {
+      isAuthed: boolean;
+    }
+  }
+}