Merge pull request #288 from Azure-Samples/update-acrs-sample

Remove express wrapper

Author: salman90

6-AdvancedScenarios/3-call-api-acrs/API/.env

@@ -11,7 +11,6 @@ const methodOverride = require('method-override');
 const cors = require('cors');
 const path = require('path');
 
-const MsIdExpress = require('microsoft-identity-express');
 const passport = require('passport');
 const BearerStrategy = require('passport-azure-ad').BearerStrategy;
 
@@ -21,6 +20,8 @@ const routeGuard = require('./auth/routeGuard');
 
 const mongoHelper = require('./utils/mongoHelper');
 
+const { msalConfig, EXPRESS_SESSION_SECRET, CORS_ALLOWED_DOMAINS, API_REQUIRED_PERMISSION } = require('./authConfig');
+
 const app = express();
 
 app.set('views', path.join(__dirname, './views'));
@@ -39,49 +40,49 @@ app.use(express.json());
  * We need to enable CORS for client's domain in order to
  * expose www-authenticate header in response from the web API
  */
-app.use(cors({
-    origin: process.env.CORS_ALLOWED_DOMAINS, // replace with client domain
-    exposedHeaders: "www-authenticate",
-}));
+app.use(
+    cors({
+        origin: CORS_ALLOWED_DOMAINS, // replace with client domain
+        exposedHeaders: 'WWW-Authenticate',
+    })
+);
 
 /**
  * Using express-session middleware. Be sure to familiarize yourself with available options
  * and set them as desired. Visit: https://www.npmjs.com/package/express-session
  */
- const sessionConfig = {
-    secret: process.env.EXPRESS_SESSION_SECRET,
+const sessionConfig = {
+    secret: EXPRESS_SESSION_SECRET,
     resave: false,
     saveUninitialized: false,
     cookie: {
         secure: false, // set this to true on production
-    }
-}
+    },
+};
 
 if (app.get('env') === 'production') {
-
     /**
      * In App Service, SSL termination happens at the network load balancers, so all HTTPS requests reach your app as unencrypted HTTP requests.
      * The line below is needed for getting the correct absolute URL for redirectUri configuration. For more information, visit:
      * https://docs.microsoft.com/azure/app-service/configure-language-nodejs?pivots=platform-linux#detect-https-session
      */
 
-    app.set('trust proxy', 1) // trust first proxy e.g. App Service
-    sessionConfig.cookie.secure = true // serve secure cookies
+    app.set('trust proxy', 1); // trust first proxy e.g. App Service
+    sessionConfig.cookie.secure = true; // serve secure cookies
 }
 
 app.use(session(sessionConfig));
 
 // =========== Initialize Passport ==============
-
 const bearerOptions = {
-    identityMetadata: `https://${process.env.AUTHORITY}/${process.env.TENANT_ID}/v2.0/.well-known/openid-configuration`,
-    issuer: `https://${process.env.AUTHORITY}/${process.env.TENANT_ID}/v2.0`,
-    clientID: process.env.CLIENT_ID,
-    audience: process.env.CLIENT_ID, // audience is this application
+    identityMetadata: `${msalConfig.auth.authority}/v2.0/.well-known/openid-configuration`,
+    issuer: `${msalConfig.auth.authority}/v2.0`,
+    clientID: msalConfig.auth.clientId,
+    audience: msalConfig.auth.clientId, // audience is this application
     validateIssuer: true,
     passReqToCallback: false,
-    loggingLevel: "info",
-    scope: [process.env.API_REQUIRED_PERMISSION] // scope you set during app registration
+    loggingLevel: 'info',
+    scope: [API_REQUIRED_PERMISSION], // scope you set during app registration
 };
 
 const bearerStrategy = new BearerStrategy(bearerOptions, (token, done) => {
@@ -94,52 +95,22 @@ app.use(passport.initialize());
 passport.use(bearerStrategy);
 
 // protected api endpoints
-app.use('/api',
+app.use(
+    '/api',
     passport.authenticate('oauth-bearer', { session: false }), // validate access tokens
     routeGuard, // check for auth context
     todolistRoutes
 );
 
-// =========== Initialize MSAL Node Wrapper==============
-
-const appSettings = {
-    appCredentials: {
-        clientId: process.env.CLIENT_ID,
-        tenantId: process.env.TENANT_ID,
-        clientSecret: process.env.CLIENT_SECRET,
-    },
-    authRoutes: {
-        redirect: process.env.REDIRECT_URI, // enter the path component of your redirect URI
-        unauthorized: "/admin/unauthorized" // the wrapper will redirect to this route in case of unauthorized access attempt
-    },
-    protectedResources: {
-        // Microsoft Graph beta authenticationContextClassReference endpoint. For more information,
-        // visit: https://docs.microsoft.com/en-us/graph/api/resources/authenticationcontextclassreference?view=graph-rest-beta
-        msGraphAcrs: {
-            endpoint: "https://graph.microsoft.com/beta/identity/conditionalAccess/policies",
-            scopes: ["Policy.ReadWrite.ConditionalAccess", "Policy.Read.ConditionalAccess"]
-        },
-    }
-}
-
-
-// instantiate the wrapper
-const authProvider = new MsIdExpress.WebAppAuthClientBuilder(appSettings).build();
-
-// initialize the wrapper
-app.use(authProvider.initialize());
-
-// pass down to the authProvider instance to use in router
-app.use('/admin',
-    adminRoutes(authProvider)
-);
+// admin routes
+app.use('/admin', adminRoutes);
 
 const port = process.env.PORT || 5000;
 
 mongoHelper.mongoConnect(() => {
-  app.listen(port, () => {
-      console.log('Listening on port ' + port);
-  });
+    app.listen(port, () => {
+        console.log('Listening on port ' + port);
+    });
 });
 
 module.exports = app;