From 68cb0b692f909883bd02088666bf11097d57d31f Mon Sep 17 00:00:00 2001 From: Felix Hoops <9974641+jfelixh@users.noreply.github.com> Date: Fri, 23 Aug 2024 17:45:49 +0200 Subject: [PATCH] Add http logging middleware Signed-off-by: Felix Hoops <9974641+jfelixh@users.noreply.github.com> --- vclogin/middleware.ts | 25 +++++++++++++++++++ vclogin/middleware/protection.ts | 25 ------------------- vclogin/pages/api/clientMetadata.ts | 7 +++--- .../pages/api/dynamic/clientMetadataById.ts | 7 +++--- .../api/dynamic/createTempAuthorization.ts | 8 +++--- vclogin/pages/api/dynamic/getAuthResponse.ts | 8 +++--- vclogin/pages/api/dynamic/getQRCodeString.ts | 8 +++--- .../api/dynamic/presentCredentialById.ts | 5 +++- 8 files changed, 47 insertions(+), 46 deletions(-) create mode 100644 vclogin/middleware.ts delete mode 100644 vclogin/middleware/protection.ts diff --git a/vclogin/middleware.ts b/vclogin/middleware.ts new file mode 100644 index 0000000..c453ec7 --- /dev/null +++ b/vclogin/middleware.ts @@ -0,0 +1,25 @@ +/** + * Copyright 2024 Software Engineering for Business Information Systems (sebis) . + * SPDX-License-Identifier: MIT + */ + +import { NextResponse } from "next/server"; +import type { NextRequest } from "next/server"; + +export function middleware(req: NextRequest) { + // enforce authorization for sensitive endpoints needed for dynamic authorization + if (req.nextUrl.pathname.startsWith("/api/dynamic")) { + const authHeader = req.headers.get("Authorization"); + const apiKey = authHeader?.split(" ")[1]; + if (apiKey !== process.env.API_KEY) { + return new Response("Unauthorized", { status: 401 }); + } + } + // would like to do logging here but because nextjs middleware runs in Edge Runtime + // it does not seem to like pino logger + return NextResponse.next(); +} + +export const config = { + matcher: "/(api/.*)", +}; diff --git a/vclogin/middleware/protection.ts b/vclogin/middleware/protection.ts deleted file mode 100644 index 43e9935..0000000 --- a/vclogin/middleware/protection.ts +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Copyright 2024 Software Engineering for Business Information Systems (sebis) . - * SPDX-License-Identifier: MIT - */ - -import { NextResponse } from "next/server"; -import type { NextRequest } from "next/server"; - -const protectedPaths = [ - "/api/dynamic/createTempAuthorization", - "/api/dynamic/getAuthResponse", - "/api/dynamic/getQRCodeString", -]; - -export function middleware(req: NextRequest) { - const authHeader = req.headers.get("Authorization"); - const path = req.nextUrl.pathname; - const apiKey = authHeader?.split(" ")[1]; - if (protectedPaths.includes(path) && apiKey === process.env.API_KEY) { - return NextResponse.next(); - } else if (protectedPaths.includes(path) && apiKey !== process.env.API_KEY) { - return new Response("Unauthorized", { status: 401 }); - } - return NextResponse.next(); -} diff --git a/vclogin/pages/api/clientMetadata.ts b/vclogin/pages/api/clientMetadata.ts index c39aac1..b3d5d47 100644 --- a/vclogin/pages/api/clientMetadata.ts +++ b/vclogin/pages/api/clientMetadata.ts @@ -6,11 +6,9 @@ import { getMetadata } from "@/lib/getMetadata"; import type { NextApiRequest, NextApiResponse } from "next"; import { logger } from "@/config/logger"; +import { withLogging } from "@/middleware/logging"; -export default async function handler( - req: NextApiRequest, - res: NextApiResponse, -) { +async function handler(req: NextApiRequest, res: NextApiResponse) { try { const { method } = req; if (method === "GET") { @@ -28,3 +26,4 @@ export default async function handler( } export const config = { api: { bodyParser: false } }; +export default withLogging(handler); diff --git a/vclogin/pages/api/dynamic/clientMetadataById.ts b/vclogin/pages/api/dynamic/clientMetadataById.ts index 579937a..9181337 100644 --- a/vclogin/pages/api/dynamic/clientMetadataById.ts +++ b/vclogin/pages/api/dynamic/clientMetadataById.ts @@ -6,11 +6,9 @@ import { getMetadata } from "@/lib/getMetadata"; import type { NextApiRequest, NextApiResponse } from "next"; import { logger } from "@/config/logger"; +import { withLogging } from "@/middleware/logging"; -export default async function handler( - req: NextApiRequest, - res: NextApiResponse, -) { +async function handler(req: NextApiRequest, res: NextApiResponse) { try { const { method } = req; if (method === "GET") { @@ -29,3 +27,4 @@ export default async function handler( } export const config = { api: { bodyParser: false } }; +export default withLogging(handler); diff --git a/vclogin/pages/api/dynamic/createTempAuthorization.ts b/vclogin/pages/api/dynamic/createTempAuthorization.ts index 9e5cc74..d5a5b34 100644 --- a/vclogin/pages/api/dynamic/createTempAuthorization.ts +++ b/vclogin/pages/api/dynamic/createTempAuthorization.ts @@ -6,11 +6,9 @@ import { NextApiRequest, NextApiResponse } from "next"; import crypto from "crypto"; import { redisSet } from "@/config/redis"; +import { withLogging } from "@/middleware/logging"; -export default async function handler( - req: NextApiRequest, - res: NextApiResponse, -) { +async function handler(req: NextApiRequest, res: NextApiResponse) { //Get Policy from request body const { policy, inputDescriptor } = req.body; @@ -29,3 +27,5 @@ export default async function handler( return res.status(500).json({ redirect: "/error" }); } } + +export default withLogging(handler); diff --git a/vclogin/pages/api/dynamic/getAuthResponse.ts b/vclogin/pages/api/dynamic/getAuthResponse.ts index 1e3d23a..e7216ad 100644 --- a/vclogin/pages/api/dynamic/getAuthResponse.ts +++ b/vclogin/pages/api/dynamic/getAuthResponse.ts @@ -6,11 +6,9 @@ import { NextApiRequest, NextApiResponse } from "next"; import { logger } from "@/config/logger"; import { redisGet } from "@/config/redis"; +import { withLogging } from "@/middleware/logging"; -export default async function handler( - req: NextApiRequest, - res: NextApiResponse, -) { +async function handler(req: NextApiRequest, res: NextApiResponse) { //read uuid from query params const uuid = req.query["uuid"]; logger.debug("uuid: ", uuid); @@ -29,3 +27,5 @@ export default async function handler( res.status(200).json({ auth_res: "error_not_found" }); } } + +export default withLogging(handler); diff --git a/vclogin/pages/api/dynamic/getQRCodeString.ts b/vclogin/pages/api/dynamic/getQRCodeString.ts index ae37d63..1a0245c 100644 --- a/vclogin/pages/api/dynamic/getQRCodeString.ts +++ b/vclogin/pages/api/dynamic/getQRCodeString.ts @@ -3,12 +3,10 @@ * SPDX-License-Identifier: MIT */ +import { withLogging } from "@/middleware/logging"; import { NextApiRequest, NextApiResponse } from "next"; -export default async function handler( - req: NextApiRequest, - res: NextApiResponse, -) { +async function handler(req: NextApiRequest, res: NextApiResponse) { const { userId, uuid } = req.body; //Generate QR Code String from UUID @@ -24,3 +22,5 @@ export default async function handler( return res.status(200).json({ qrCodeString }); } + +export default withLogging(handler); diff --git a/vclogin/pages/api/dynamic/presentCredentialById.ts b/vclogin/pages/api/dynamic/presentCredentialById.ts index 9af418c..065195e 100644 --- a/vclogin/pages/api/dynamic/presentCredentialById.ts +++ b/vclogin/pages/api/dynamic/presentCredentialById.ts @@ -11,6 +11,7 @@ import { verifyAuthenticationPresentation } from "@/lib/verifyPresentation"; import { getToken } from "@/lib/getToken"; import { logger } from "@/config/logger"; import { redisSet, redisGet } from "@/config/redis"; +import { withLogging } from "@/middleware/logging"; const getHandler = async (req: NextApiRequest, res: NextApiResponse) => { logger.debug("LOGIN API GET BY ID"); @@ -115,7 +116,7 @@ const handlers: any = { GET: getHandler, }; -export default async function handler( +async function handler( req: NextApiRequest, res: NextApiResponse, //todo look for separate handles ) { @@ -129,3 +130,5 @@ export default async function handler( res.status(500).end(); } } + +export default withLogging(handler);