start project
This commit is contained in:
commit
0703810fa3
62 changed files with 12665 additions and 0 deletions
88
src/middlewares/auth.ts
Normal file
88
src/middlewares/auth.ts
Normal file
|
|
@ -0,0 +1,88 @@
|
|||
import * as express from "express";
|
||||
import { createDecoder, createVerifier } from "fast-jwt";
|
||||
|
||||
import HttpError from "../interfaces/http-error";
|
||||
import HttpStatus from "../interfaces/http-status";
|
||||
import { addLogSequence } from "../interfaces/utils";
|
||||
import { RequestWithUser } from "./user";
|
||||
|
||||
if (!process.env.AUTH_PUBLIC_KEY && !process.env.AUTH_REALM_URL) {
|
||||
throw new Error("Require keycloak AUTH_PUBLIC_KEY or AUTH_REALM_URL.");
|
||||
}
|
||||
if (process.env.AUTH_PUBLIC_KEY && process.env.AUTH_REALM_URL && !process.env.AUTH_PREFERRED_MODE) {
|
||||
throw new Error(
|
||||
"AUTH_PREFFERRED must be specified if AUTH_PUBLIC_KEY and AUTH_REALM_URL is provided.",
|
||||
);
|
||||
}
|
||||
|
||||
const jwtVerify = createVerifier({
|
||||
key: async () => {
|
||||
return `-----BEGIN PUBLIC KEY-----\n${process.env.AUTH_PUBLIC_KEY}\n-----END PUBLIC KEY-----`;
|
||||
},
|
||||
});
|
||||
|
||||
const jwtDecode = createDecoder();
|
||||
|
||||
export async function expressAuthentication(
|
||||
request: RequestWithUser,
|
||||
securityName: string,
|
||||
_scopes?: string[],
|
||||
) {
|
||||
if (process.env.NODE_ENV !== "production" && process.env.AUTH_BYPASS) {
|
||||
return { preferred_username: "bypassed" };
|
||||
}
|
||||
|
||||
if (securityName !== "bearerAuth") throw new Error("ไม่ทราบวิธีการยืนยันตัวตน");
|
||||
|
||||
const token = request.headers["authorization"]?.includes("Bearer ")
|
||||
? request.headers["authorization"].split(" ")[1]
|
||||
: request.headers["authorization"];
|
||||
|
||||
if (!token) throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่พบข้อมูลสำหรับยืนยันตัวตน");
|
||||
|
||||
let payload: Record<string, any> = {};
|
||||
|
||||
switch (process.env.AUTH_PREFERRED_MODE) {
|
||||
case "online":
|
||||
payload = await verifyOnline(token);
|
||||
break;
|
||||
case "offline":
|
||||
payload = await verifyOffline(token);
|
||||
break;
|
||||
default:
|
||||
if (process.env.AUTH_REALM_URL) payload = await verifyOnline(token);
|
||||
if (process.env.AUTH_PUBLIC_KEY) payload = await verifyOffline(token);
|
||||
break;
|
||||
}
|
||||
if (!request.app.locals.logData) {
|
||||
request.app.locals.logData = {};
|
||||
}
|
||||
|
||||
// addLogSequence(request, {
|
||||
// action: "database",
|
||||
// status: "success",
|
||||
// description: "Query Data.",
|
||||
// });
|
||||
request.app.locals.logData.userId = payload.sub;
|
||||
request.app.locals.logData.userName = payload.name;
|
||||
request.app.locals.logData.user = payload.preferred_username;
|
||||
|
||||
return payload;
|
||||
}
|
||||
|
||||
async function verifyOffline(token: string) {
|
||||
const payload = await jwtVerify(token).catch((_) => null);
|
||||
if (!payload) throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้");
|
||||
return payload;
|
||||
}
|
||||
|
||||
async function verifyOnline(token: string) {
|
||||
const res = await fetch(`${process.env.AUTH_REALM_URL}/protocol/openid-connect/userinfo`, {
|
||||
headers: { authorization: `Bearer ${token}` },
|
||||
}).catch((e) => console.error(e));
|
||||
|
||||
if (!res) throw new Error("ไม่สามารถเข้าถึงระบบยืนยันตัวตน");
|
||||
if (!res.ok) throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้");
|
||||
|
||||
return await jwtDecode(token);
|
||||
}
|
||||
36
src/middlewares/error.ts
Normal file
36
src/middlewares/error.ts
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
import { NextFunction, Request, Response } from "express";
|
||||
import HttpError from "../interfaces/http-error";
|
||||
import HttpStatus from "../interfaces/http-status";
|
||||
import { ValidateError } from "tsoa";
|
||||
|
||||
function error(error: Error, _req: Request, res: Response, _next: NextFunction) {
|
||||
const logData = _req.app.locals.logData.sequence?.at(-1);
|
||||
if (logData) {
|
||||
logData.status = "error";
|
||||
logData.description = error.message;
|
||||
}
|
||||
|
||||
if (error instanceof HttpError) {
|
||||
return res.status(error.status).json({
|
||||
status: error.status,
|
||||
message: error.message,
|
||||
});
|
||||
}
|
||||
|
||||
if (error instanceof ValidateError) {
|
||||
return res.status(error.status).json({
|
||||
status: HttpStatus.UNPROCESSABLE_ENTITY,
|
||||
message: "Validation error(s).",
|
||||
detail: error.fields,
|
||||
});
|
||||
}
|
||||
|
||||
console.error("Exception Caught:" + error);
|
||||
|
||||
return res.status(HttpStatus.INTERNAL_SERVER_ERROR).json({
|
||||
status: HttpStatus.INTERNAL_SERVER_ERROR,
|
||||
message: error.message,
|
||||
});
|
||||
}
|
||||
|
||||
export default error;
|
||||
79
src/middlewares/logs.ts
Normal file
79
src/middlewares/logs.ts
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
import { NextFunction, Request, Response } from "express";
|
||||
import { Client } from "@elastic/elasticsearch";
|
||||
|
||||
if (!process.env.ELASTICSEARCH_INDEX) {
|
||||
throw new Error("Require ELASTICSEARCH_INDEX to store log.");
|
||||
}
|
||||
|
||||
const ELASTICSEARCH_INDEX = process.env.ELASTICSEARCH_INDEX;
|
||||
|
||||
const LOG_LEVEL_MAP: Record<string, number> = {
|
||||
debug: 4,
|
||||
info: 3,
|
||||
warning: 2,
|
||||
error: 1,
|
||||
none: 0,
|
||||
};
|
||||
|
||||
const elasticsearch = new Client({
|
||||
node: `${process.env.ELASTICSEARCH_PROTOCOL}://${process.env.ELASTICSEARCH_HOST}:${process.env.ELASTICSEARCH_PORT}`,
|
||||
});
|
||||
|
||||
async function logMiddleware(req: Request, res: Response, next: NextFunction) {
|
||||
if (!req.url.startsWith("/api/")) return next();
|
||||
|
||||
let data: any;
|
||||
|
||||
const originalJson = res.json;
|
||||
|
||||
res.json = function (v: any) {
|
||||
data = v;
|
||||
return originalJson.call(this, v);
|
||||
};
|
||||
|
||||
const timestamp = new Date().toISOString();
|
||||
const start = performance.now();
|
||||
|
||||
req.app.locals.logData = {};
|
||||
|
||||
res.on("finish", () => {
|
||||
if (!req.url.startsWith("/api/")) return;
|
||||
|
||||
const level = LOG_LEVEL_MAP[process.env.LOG_LEVEL ?? "debug"] || 4;
|
||||
|
||||
if (level === 1 && res.statusCode < 500) return;
|
||||
if (level === 2 && res.statusCode < 400) return;
|
||||
if (level === 3 && res.statusCode < 200) return;
|
||||
|
||||
const obj = {
|
||||
logType:
|
||||
res.statusCode >= 500
|
||||
? "error"
|
||||
: res.statusCode >= 400
|
||||
? "warning"
|
||||
: "info",
|
||||
ip: req.ip,
|
||||
systemName: "probation",
|
||||
startTimeStamp: timestamp,
|
||||
endTimeStamp: new Date().toISOString(),
|
||||
processTime: performance.now() - start,
|
||||
host: req.hostname,
|
||||
method: req.method,
|
||||
endpoint: req.url,
|
||||
responseCode: String(res.statusCode === 304 ? 200 : res.statusCode),
|
||||
responseDescription: data?.message,
|
||||
input: (level === 4 && JSON.stringify(req.body, null, 2)) || undefined,
|
||||
output: (level === 4 && JSON.stringify(data, null, 2)) || undefined,
|
||||
...req.app.locals.logData,
|
||||
};
|
||||
|
||||
elasticsearch.index({
|
||||
index: ELASTICSEARCH_INDEX,
|
||||
document: obj,
|
||||
});
|
||||
});
|
||||
|
||||
return next();
|
||||
}
|
||||
|
||||
export default logMiddleware;
|
||||
13
src/middlewares/user.ts
Normal file
13
src/middlewares/user.ts
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
import type { Request } from "express";
|
||||
|
||||
export type RequestWithUser = Request & {
|
||||
user: {
|
||||
sub: string;
|
||||
name: string;
|
||||
given_name: string;
|
||||
familiy_name: string;
|
||||
preferred_username: string;
|
||||
email: string;
|
||||
role: string[];
|
||||
};
|
||||
};
|
||||
Loading…
Add table
Add a link
Reference in a new issue