-
Notifications
You must be signed in to change notification settings - Fork 1
/
index.js
62 lines (54 loc) · 1.79 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
require('dotenv').config()
const express = require('express')
const axios = require('axios')
const bodyParser = require('body-parser')
const OktaJwtVerifier = require("@okta/jwt-verifier")
app = express()
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: true }))
axios.defaults.headers.common['Authorization'] = `SSWS `+process.env.TOKEN
const oktaJwtVerifier = new OktaJwtVerifier({
issuer: process.env.ISSUER,
});
function verifyUserAccess(req,res,next){
var authz = req.header("Authorization")
if(authz != null && authz.startsWith("Bearer")){
oktaJwtVerifier.verifyAccessToken(authz.replace("Bearer ",""),process.env.TOKEN_AUD)
.then(jwt => {
req.userContext = jwt.claims.uid
return next();
})
.catch(err => {
console.log(err)
res.status(401).send({message: 'Access denied.'})
});
}
else{
console.log("Unauthenticated request")
res.status(401).send({message: 'Access denied.'})
}
}
function verifyServiceAccess(req,res,next){
var authz = req.header("Authorization")
if(authz != null){
if(authz == process.env.SERVICE_AUTH_SECRET){
return next();
}
else {
console.log("Service authentication failed.")
res.status(401).send({message: 'Access denied.'})
}
}
else{
console.log("Unauthenticated request")
res.status(401).send({message: 'Access denied.'})
}
}
var agentRouter = require('./routes/agent')()
var delegatorRouter = require('./routes/delegator')()
var hooksRouter = require('./routes/hooks')()
app.use('/delegator', verifyUserAccess, delegatorRouter)
app.use('/agent', verifyUserAccess, agentRouter)
app.use('/tokenEnrichment', verifyServiceAccess, hooksRouter)
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => console.log('Managed Access started on '+PORT))