tdpeuter/2025SELab2-project-Dwengo
tdpeuter/2025SELab2-project-Dwengo
Archived
1
Fork 0
Code Issues Releases 4 Packages 2 Wiki Activity

refactor(backend): Magic values vervangen door constanten.

Browse source
This commit is contained in:
Gerald Schmittinger 2025-03-06 13:23:36 +01:00
parent f2449969a7
commit 03c6ada0e5
2 changed files with 39 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

13
backend/src/exceptions.ts Normal file
View file

@ -0,0 +1,13 @@
export class UnauthorizedException extends Error {
status = 401;
constructor(message: string = "Unauthorized") {
super(message);
}
}
export class ForbiddenException extends Error {
status = 403;
constructor(message: string = "Forbidden") {
super(message);
}
}

37
backend/src/middleware/auth/auth.ts
View file

@ -6,11 +6,26 @@ import * as express from "express";
import * as jwt from "jsonwebtoken"; import * as jwt from "jsonwebtoken";
import {AuthenticatedRequest} from "./authenticated-request.js"; import {AuthenticatedRequest} from "./authenticated-request.js";
import {AuthenticationInfo} from "./authentication-info.js"; import {AuthenticationInfo} from "./authentication-info.js";
import {ForbiddenException, UnauthorizedException} from "../../exceptions";
const JWKS_CACHE = true;
const JWKS_RATE_LIMIT = true;
const REQUEST_PROPERTY_FOR_JWT_PAYLOAD = "jwtPayload";
const JWT_ALGORITHM = "RS256"; // Not configurable via env vars since supporting other algorithms would
// require additional libraries to be added.
const JWT_PROPERTY_NAMES = {
username: "preferred_username",
firstName: "given_name",
lastName: "family_name",
name: "name",
email: "email"
};
function createJwksClient(uri: string): jwksClient.JwksClient { function createJwksClient(uri: string): jwksClient.JwksClient {
return jwksClient({ return jwksClient({
cache: true, cache: JWKS_CACHE,
rateLimit: true, rateLimit: JWKS_RATE_LIMIT,
jwksUri: uri, jwksUri: uri,
}); });
} }
@ -49,9 +64,9 @@ const verifyJwtToken = expressjwt({
return signingKey.getPublicKey(); return signingKey.getPublicKey();
}, },
audience: getEnvVar(EnvVars.IdpAudience), audience: getEnvVar(EnvVars.IdpAudience),
algorithms: ["RS256"], algorithms: [JWT_ALGORITHM],
credentialsRequired: false, credentialsRequired: false,
requestProperty: "jwtPayload" requestProperty: REQUEST_PROPERTY_FOR_JWT_PAYLOAD
}); });
/** /**
@ -73,11 +88,11 @@ function getAuthenticationInfo(req: AuthenticatedRequest): AuthenticationInfo |
} }
return { return {
accountType: accountType, accountType: accountType,
username: req.jwtPayload["preferred_username"]!, username: req.jwtPayload[JWT_PROPERTY_NAMES.username]!,
name: req.jwtPayload["name"], name: req.jwtPayload[JWT_PROPERTY_NAMES.name],
firstName: req.jwtPayload["given_name"], firstName: req.jwtPayload[JWT_PROPERTY_NAMES.firstName],
lastName: req.jwtPayload["family_name"], lastName: req.jwtPayload[JWT_PROPERTY_NAMES.lastName],
email: req.jwtPayload["email"], email: req.jwtPayload[JWT_PROPERTY_NAMES.email],
} }
} }
@ -101,9 +116,9 @@ export const authenticateUser = [verifyJwtToken, addAuthenticationInfo];
export const authorize = (accessCondition: (auth: AuthenticationInfo) => boolean) => { export const authorize = (accessCondition: (auth: AuthenticationInfo) => boolean) => {
return (req: AuthenticatedRequest, res: express.Response, next: express.NextFunction): void => { return (req: AuthenticatedRequest, res: express.Response, next: express.NextFunction): void => {
if (!req.auth) { if (!req.auth) {
res.status(401).json({ message: "Unauthorized" }); throw new UnauthorizedException();
} else if (!accessCondition(req.auth)) { } else if (!accessCondition(req.auth)) {
res.status(403).json({ message: "Forbidden" }); throw new ForbiddenException();
} else { } else {
next(); next();
} }