Reputation: 381
Enable authorization in express-gateway
I'm having a bit of an issue enabling authorization in express-gateway.
Based on the docs, Express Gateway is designed to apply policies to specific endpoints using its configuration files (gateway-config.yml), and that's what I'd like to avoid.
I'd like to perform global authentication or authorization for all requests before they reach Express Gateway's policies, i.e. instead of adding a jwt policy to all my pipelines like this:
pipelines:
testing:
apiEndpoints:
- testing
policies:
- jwt:
- action:
secretOrPublicKeyFile: certs/key.pem
I would like to intercept all the requests before they reach the gateway, authorize/authenticate, and then forward the request to the gateway for handling the routing to the correct endpoint.
I thought of using Express to handle all the incoming traffic, route the requests to Passport middleware for authentication/authorization, and upon successful authentication/authorization, forward the request to express-gateway.
passport-config.js
const fs = require('fs');
const path = require('path');
const passport = require('passport');
const JwtStrategy = require('passport-jwt').Strategy;
const ExtractJwt = require('passport-jwt').ExtractJwt;
const secretKeyPath = path.join(__dirname, '..', 'certs', 'key.pem');
const secretKey = fs.readFileSync(secretKeyPath, 'utf-8');
const jwtOptions = {
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKey: secretKey,
};
passport.use(new JwtStrategy(jwtOptions, (payload, done) => {
const user = payload.user;
if (user) {
return done(null, user);
} else {
return done(null, false);
}
}));
module.exports = passport;
middleware.js
const passport = require('./passport-config');
function authenticationMiddleware(req, res, next) {
passport.authenticate('jwt', { session: false }, (err, user) => {
if (err || !user) {
return res.status(401).json({ message: user });
}
req.user = user;
next();
})(req, res, next);
}
module.exports = authenticationMiddleware;
server.js
const path = require('path');
const gateway = require('express-gateway');
const express = require('express');
const authenticationMiddleware = require('./middleware/auth-middleware');
gateway()
.load(path.join(__dirname, 'config'))
.run();
const app = express();
app.use(require('./middleware/passport-config').initialize());
app.use(authenticationMiddleware);
app.listen(8080, () => {
console.log('Server listening on port 8080');
});
So with the above setup, the requests are going to Express, and Passport is successfully authorizing the requests, but I'm not sure how to send the request through to the gateway after Passport has successfully authorized the request.
Is there a better way of doing this? it looks a bit overkill.
Upvotes: 2
Views: 115
Answers (0)
Related Questions
- How can I fix this Node.js login page?
- Why this error coming while running Node.js server?
- How to get the full URL in Express?
- Disable/enable an input with jQuery?
- Exposing html file to express.static middleware on Replit
- bodyParser is deprecated express 4
- How to access POST form fields in Express
- Node emitters with express