Add auth checkers

Author: hirsch88

src/api/models/User.ts

@@ -20,4 +20,8 @@ export class User extends BaseEntity {
     @Column()
     public email: string;
 
+    public toString(): string {
+        return `${this.firstName} ${this.lastName} (${this.email})`;
+    }
+
 }

src/app.ts

@@ -22,13 +22,15 @@ import { swaggerLoader } from './loaders/swaggerLoader';
 import { monitorLoader } from './loaders/monitorLoader';
 import { homeLoader } from './loaders/homeLoader';
 import { publicLoader } from './loaders/publicLoader';
+import { iocLoader } from './loaders/iocLoader';
 
 
 bootstrapMicroframework({
     loaders: [
         winstonLoader,
-        expressLoader,
+        iocLoader,
         typeormLoader,
+        expressLoader,
         swaggerLoader,
         monitorLoader,
         homeLoader,

src/auth/authorizationChecker.ts

@@ -1,33 +1,36 @@
 import { Action } from 'routing-controllers';
 import { Container } from 'typedi';
+import { Connection } from 'typeorm';
 import { AuthService } from './AuthService';
 import { Log } from '../core/Log';
 
-const log = new Log(__filename);
-const authService = Container.get(AuthService);
 
+export function authorizationChecker(connection: Connection): (action: Action, roles: any[]) => Promise<boolean> | boolean {
+    const log = new Log(__filename);
+    const authService = Container.get(AuthService);
 
-export async function authorizationChecker(action: Action, roles: string[]): Promise<boolean> {
-    // here you can use request/response objects from action
-    // also if decorator defines roles it needs to access the action
-    // you can use them to provide granular access check
-    // checker must return either boolean (true or false)
-    // either promise that resolves a boolean value
-    // demo code:
-    const token = authService.parseTokenFromRequest(action.request);
+    return async function innerAuthorizationChecker(action: Action, roles: string[]): Promise<boolean> {
+        // here you can use request/response objects from action
+        // also if decorator defines roles it needs to access the action
+        // you can use them to provide granular access check
+        // checker must return either boolean (true or false)
+        // either promise that resolves a boolean value
+        // demo code:
+        const token = authService.parseTokenFromRequest(action.request);
 
-    if (token === null) {
-        log.warn('No token given');
-        return false; // res.failed(403, 'You are not allowed to request this resource!');
-    }
+        if (token === null) {
+            log.warn('No token given');
+            return false; // res.failed(403, 'You are not allowed to request this resource!');
+        }
 
-    // Request user info at auth0 with the provided token
-    try {
-        action.request.tokeninfo = await authService.getTokenInfo(token);
-        log.info('Successfully checked token');
-        return true;
-    } catch (e) {
-        log.warn(e);
-        return false;
-    }
+        // Request user info at auth0 with the provided token
+        try {
+            action.request.tokeninfo = await authService.getTokenInfo(token);
+            log.info('Successfully checked token');
+            return true;
+        } catch (e) {
+            log.warn(e);
+            return false;
+        }
+    };
 }

src/auth/currentUserChecker.ts

@@ -2,31 +2,30 @@ import { Action } from 'routing-controllers';
 import { User } from '../api/models/User';
 import { Log } from '../core/Log';
 import { ITokenInfo } from './ITokenInfo';
-// import { UserRepository } from '../api/repositories/UserRepository';
-// import { getConnection } from 'typeorm';
+import { Connection } from 'typeorm';
 
-const log = new Log(__filename);
 
+export function currentUserChecker(connection: Connection): (action: Action) => Promise<User | undefined> {
+    const log = new Log(__filename);
 
-export async function currentUserChecker(action: Action): Promise<User | undefined> {
-    // here you can use request/response objects from action
-    // you need to provide a user object that will be injected in controller actions
-    // demo code:
-    const tokeninfo: ITokenInfo = action.request.tokeninfo;
-    log.info('todo user checker', tokeninfo);
+    return async function innerCurrentUserChecker(action: Action): Promise<User | undefined> {
+        // here you can use request/response objects from action
+        // you need to provide a user object that will be injected in controller actions
+        // demo code:
+        const tokeninfo: ITokenInfo = action.request.tokeninfo;
+        const em = connection.createEntityManager();
+        const user = await em.findOne<User>(User, {
+            where: {
+                email: tokeninfo.user_id
+            }
+        });
+        if (user) {
+            log.info('Current user is ', user.toString());
+        } else {
+            log.info('Current user is undefined');
+        }
 
-    // const connection = getConnection();
-
-    // const userRepository = connection.getRepository<User>(UserRepository);
-    // console.log(connection);
-    // const user = await userRepository.
-    //     findOne({
-    //         where: {
-    //             email: tokeninfo.user_id
-    //         }
-    //     });
-    // console.log(user);
-
-    return Promise.resolve(new User());
+        return Promise.resolve(user);
+    };
 }
 

src/loaders/expressLoader.ts

@@ -1,48 +1,41 @@
 import * as path from 'path';
-import { Container } from 'typedi';
-import { useContainer as ormUseContainer } from 'typeorm';
-import { useContainer as routingUseContainer, createExpressServer } from 'routing-controllers';
+import { createExpressServer } from 'routing-controllers';
 import { MicroframeworkSettings, MicroframeworkLoader } from 'microframework';
 import { env } from '../core/env';
 import { authorizationChecker } from '../auth/authorizationChecker';
 import { currentUserChecker } from '../auth/currentUserChecker';
 
 
 export const expressLoader: MicroframeworkLoader = (settings: MicroframeworkSettings | undefined) => {
+    if (settings) {
+        const connection = settings.getData('connection');
 
-    /**
-     * Setup routing-controllers to use typedi container.
-     */
-    routingUseContainer(Container);
-    ormUseContainer(Container);
-
-    /**
-     * We create a new express server instance.
-     * We could have also use useExpressServer here to attach controllers to an existing express instance.
-     */
-    const expressApp = createExpressServer({
-        cors: true,
-        routePrefix: env.app.routePrefix,
         /**
-         * We can add options about how routing-controllers should configure itself.
-         * Here we specify what controllers should be registered in our express server.
+         * We create a new express server instance.
+         * We could have also use useExpressServer here to attach controllers to an existing express instance.
          */
-        controllers: [path.join(__dirname, '..', 'api/controllers/*{.js,.ts}')],
-        middlewares: [path.join(__dirname, '..', 'api/middlewares/*{.js,.ts}')],
-        interceptors: [path.join(__dirname, '..', 'api/interceptors/*{.js,.ts}')],
+        const expressApp = createExpressServer({
+            cors: true,
+            routePrefix: env.app.routePrefix,
+            /**
+             * TODO: We can add options about how routing-controllers should configure itself.
+             * Here we specify what controllers should be registered in our express server.
+             */
+            controllers: [path.join(__dirname, '..', 'api/controllers/*{.js,.ts}')],
+            middlewares: [path.join(__dirname, '..', 'api/middlewares/*{.js,.ts}')],
+            interceptors: [path.join(__dirname, '..', 'api/interceptors/*{.js,.ts}')],
 
-        /**
-         * Authorization features
-         */
-        authorizationChecker,
-        currentUserChecker
-    });
+            /**
+             * Authorization features
+             */
+            authorizationChecker: authorizationChecker(connection),
+            currentUserChecker: currentUserChecker(connection)
+        });
 
-    // Run application to listen on given port
-    expressApp.listen(env.app.port);
+        // Run application to listen on given port
+        expressApp.listen(env.app.port);
 
-    // Here we can set the data for other loaders
-    if (settings) {
+        // Here we can set the data for other loaders
         settings.setData('express_app', expressApp);
     }
 };

src/loaders/iocLoader.ts

@@ -0,0 +1,15 @@
+import { Container } from 'typedi';
+import { useContainer as ormUseContainer } from 'typeorm';
+import { useContainer as routingUseContainer } from 'routing-controllers';
+import { MicroframeworkSettings, MicroframeworkLoader } from 'microframework';
+
+
+export const iocLoader: MicroframeworkLoader = (settings: MicroframeworkSettings | undefined) => {
+
+    /**
+     * Setup routing-controllers to use typedi container.
+     */
+    routingUseContainer(Container);
+    ormUseContainer(Container);
+
+};

src/loaders/typeormLoader.ts

@@ -21,6 +21,7 @@ export const typeormLoader: MicroframeworkLoader = async (settings: Microframewo
     });
 
     if (settings) {
+        settings.setData('connection', connection);
         settings.onShutdown(() => connection.close());
     }
 };