From 74d713a07eb495a02404364d46bc81bf23f7ccb7 Mon Sep 17 00:00:00 2001 From: davidcrammer <59569187+davidcrammer@users.noreply.github.com> Date: Mon, 23 Sep 2024 10:58:33 -0700 Subject: [PATCH] Allow using cookies to authenticate --- package-lock.json | 21 +++++++++++++++++++++ package.json | 1 + src/app.js | 6 ++++-- src/middleware/digestMiddleware.js | 9 +++++++++ src/utils/getUser.js | 2 +- src/utils/log.js | 4 ++++ 6 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 src/middleware/digestMiddleware.js create mode 100644 src/utils/log.js diff --git a/package-lock.json b/package-lock.json index 35d19cc..652d540 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,6 +17,7 @@ "@babel/preset-env": "^7.23.2", "@sendgrid/mail": "^7.7.0", "axios": "^1.6.2", + "cookie-parser": "^1.4.6", "dotenv": "^16.3.1", "express": "^4.18.2", "express-async-handler": "^1.2.0", @@ -2512,6 +2513,26 @@ "node": ">= 0.6" } }, + "node_modules/cookie-parser": { + "version": "1.4.6", + "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz", + "integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==", + "dependencies": { + "cookie": "0.4.1", + "cookie-signature": "1.0.6" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/cookie-parser/node_modules/cookie": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", + "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==", + "engines": { + "node": ">= 0.6" + } + }, "node_modules/cookie-signature": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", diff --git a/package.json b/package.json index e7539f3..6940250 100644 --- a/package.json +++ b/package.json @@ -22,6 +22,7 @@ "@babel/preset-env": "^7.23.2", "@sendgrid/mail": "^7.7.0", "axios": "^1.6.2", + "cookie-parser": "^1.4.6", "dotenv": "^16.3.1", "express": "^4.18.2", "express-async-handler": "^1.2.0", diff --git a/src/app.js b/src/app.js index f773038..07d160a 100644 --- a/src/app.js +++ b/src/app.js @@ -3,10 +3,14 @@ import "./config/startup" import Express, { json } from "express" import sequelize from "./database/database" +import cookieParser from "cookie-parser" const app = Express() const PORT = process.env.PORT || 3000 +app.use(json()) +app.use(cookieParser()) + import baseRoutes from "./routes/base" import paymentRoutes from "./routes/payment" import cardRoutes from "./routes/card" @@ -18,8 +22,6 @@ import statusRoutes from "./routes/status" import cronRoutes from "./routes/cron" import logRoutes from "./routes/log" -app.use(json()) // middleware to parse json data - app.use("/", baseRoutes) app.use("/payment", paymentRoutes) app.use("/card", cardRoutes) diff --git a/src/middleware/digestMiddleware.js b/src/middleware/digestMiddleware.js new file mode 100644 index 0000000..c39567c --- /dev/null +++ b/src/middleware/digestMiddleware.js @@ -0,0 +1,9 @@ +import { v4 as uuid } from "uuid" + +export default function digest(req, res, next) { + // adds unique id to each request + // used for logging to track the request + req.id = uuid() + + next() +} diff --git a/src/utils/getUser.js b/src/utils/getUser.js index 4989585..42e41de 100644 --- a/src/utils/getUser.js +++ b/src/utils/getUser.js @@ -1,7 +1,7 @@ import fetch from "node-fetch" export default async function getUser(req, user_id, options) { - const api_token = req.headers["x-api-token"] + const api_token = req.headers["x-api-token"] || req?.cookies?._api_token const { allowSelf = false } = options || {} try { diff --git a/src/utils/log.js b/src/utils/log.js new file mode 100644 index 0000000..99c514b --- /dev/null +++ b/src/utils/log.js @@ -0,0 +1,4 @@ +// custom log function +// auto includes the user_id and request id + +export default function log(req, message, data) {}