change login middleware logic (#739)

* change login middleware logic * fixes * refix with write prettier version * add user to forced login routes * fix regex * typo and reorder * add no login
loculus-project · Jan 10, 2024 · 8eb6756 · 8eb6756
1 parent 71337ed
commit 8eb6756
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 70 deletions.
diff --git a/website/src/middleware/authMiddleware.ts b/website/src/middleware/authMiddleware.ts
@@ -7,7 +7,7 @@ import { type BaseClient, Issuer, type TokenSet } from 'openid-client';
 
 import { getConfiguredOrganisms, getRuntimeConfig } from '../config.ts';
 import { getInstanceLogger } from '../logger.ts';
-import { isPublicRoute } from '../utils/isPublicRoute.ts';
+import { shouldMiddlewareEnforceLogin } from '../utils/shouldMiddlewareEnforceLogin.ts';
 
 const { decode, verify } = jsonwebtoken;
 
@@ -51,11 +51,11 @@ export async function getKeycloakClient() {
 export const authMiddleware = defineMiddleware(async (context, next) => {
     let token = await getTokenFromCookie(context);
 
-    const urlIsPublicRoute = isPublicRoute(
+    const enforceLogin = shouldMiddlewareEnforceLogin(
         context.url.pathname,
         getConfiguredOrganisms().map((it) => it.key),
     );
-    if (urlIsPublicRoute) {
+    if (!enforceLogin) {
         if (token === undefined) {
             context.locals.session = {
                 isLoggedIn: false,

diff --git a/website/src/utils/isPublicRoute.spec.ts b/website/src/utils/isPublicRoute.spec.ts
diff --git a/website/src/utils/isPublicRoute.ts b/website/src/utils/isPublicRoute.ts
diff --git a/website/src/utils/shouldMiddlewareEnforceLogin.spec.ts b/website/src/utils/shouldMiddlewareEnforceLogin.spec.ts
@@ -0,0 +1,39 @@
+import { describe, expect, test } from 'vitest';
+
+import { shouldMiddlewareEnforceLogin } from './shouldMiddlewareEnforceLogin';
+import { testOrganism } from '../../vitest.setup.ts';
+
+const otherOrganism = 'otherOrganism';
+const configuredOrganisms = [testOrganism, otherOrganism];
+
+describe('shouldMiddlewareEnforceLogin', () => {
+    test('should return false if not specified', () => {
+        expectNoLogin('/someRoute');
+    });
+
+    test('should return false for empty string', () => {
+        expectNoLogin('');
+    });
+
+    test('should return true on routes which should force login', () => {
+        expectForceLogin('/user');
+        expectForceLogin('/user/someUsername');
+        expectForceLogin(`/${testOrganism}/revise`);
+        expectForceLogin(`/${testOrganism}/submit`);
+    });
+
+    test('should return false for various public routes', () => {
+        expectNoLogin(`/${testOrganism}/search`);
+        expectNoLogin(`/`);
+        expectNoLogin(`/${testOrganism}`);
+        expectNoLogin(`/${testOrganism}/sequences/id_002156`);
+    });
+
+    function expectForceLogin(path: string) {
+        expect(shouldMiddlewareEnforceLogin(path, configuredOrganisms), path).toBe(true);
+    }
+
+    function expectNoLogin(path: string) {
+        expect(shouldMiddlewareEnforceLogin(path, configuredOrganisms), path).toBe(false);
+    }
+});
diff --git a/website/src/utils/shouldMiddlewareEnforceLogin.ts b/website/src/utils/shouldMiddlewareEnforceLogin.ts
@@ -0,0 +1,19 @@
+const enforcedLoginRoutesCache: Record<string, RegExp[]> = {};
+
+function getEnforcedLoginRoutes(configuredOrganisms: string[]) {
+    const cacheKey = configuredOrganisms.join('');
+    if (!(cacheKey in enforcedLoginRoutesCache)) {
+        const organismSpecificRoutes = configuredOrganisms.flatMap((organism) => [
+            new RegExp(`^/${organism}/revise`),
+            new RegExp(`^/${organism}/submit`),
+            new RegExp(`^/${organism}/user`),
+        ]);
+
+        enforcedLoginRoutesCache[cacheKey] = [new RegExp('^/user/?'), ...organismSpecificRoutes];
+    }
+    return enforcedLoginRoutesCache[cacheKey];
+}
+
+export function shouldMiddlewareEnforceLogin(pathname: string, configuredOrganisms: string[]) {
+    return getEnforcedLoginRoutes(configuredOrganisms).some((route) => route.test(pathname));
+}