feature: add settings middlware

dave-ok · dave-ok · commit ca4014212ee7 · 2020-08-07T06:39:59.000+01:00
diff --git a/src/middleware/__test__/settings.test.js b/src/middleware/__test__/settings.test.js
@@ -0,0 +1,66 @@
+import express from "express";
+import request from "supertest";
+import errorHandler from "../../utils/errorhandler";
+import jwt from "jsonwebtoken";
+import * as mocks from "../../utils/mocks/settings";
+import settingsMiddleware from "../settings";
+
+describe("Settings middleware", () => {
+  let app;
+  beforeAll(() => {
+    process.env.API_SECRET = "secret";
+    app = express();
+    app.use(settingsMiddleware);
+    app.get("/", (req, res) => {
+      res.json({ projectId: req.projectId });
+    });
+    app.use((err, req, res, next) => {
+      errorHandler(err, req, res, next);
+    });
+  });
+
+  it("should throw an error if no API key is present", async () => {
+    const res = await request(app).get("/");
+    expect(res.status).toBe(401);
+  });
+  it("should throw an error if invalid API key is present", async () => {
+    const res = await request(app)
+      .get("/")
+      .set("X-MicroAPI-ProjectKey", "crapKey");
+    expect(res.status).toBe(401);
+    expect(res.body.error).toBe("Invalid API key found");
+  });
+
+  it("should throw invalid settings error", async () => {
+    const mockSettings = jest
+      .spyOn(mocks, "mockSettings")
+      .mockImplementation(() => {
+        return mocks.errorMockSettings;
+      });
+
+    const apiKey = jwt.sign(
+      { projectId: 123 },
+      Buffer.from(process.env.API_SECRET, "base64")
+    );
+    const res = await request(app)
+      .get("/")
+      .set("X-MicroAPI-ProjectKey", apiKey);
+    expect(mockSettings).toHaveBeenCalled();
+    expect(res.status).toBe(400);
+    expect(res.body.error).toBe("Invalid settings found");
+
+    mockSettings.mockRestore();
+  });
+
+  it("should return status code 200 and decoded projectId", async () => {
+    const apiKey = jwt.sign(
+      { projectId: 123 },
+      Buffer.from(process.env.API_SECRET, "base64")
+    );
+    const res = await request(app)
+      .get("/")
+      .set("X-MicroAPI-ProjectKey", apiKey);
+    expect(res.status).toBe(200);
+    expect(res.body.projectId).toBe(123);
+  });
+});
diff --git a/src/middleware/settings.js b/src/middleware/settings.js
@@ -0,0 +1,67 @@
+require("dotenv").config();
+import jwt from "jsonwebtoken";
+import CustomError from "../utils/customError";
+import { parseSettings } from "../utils/settingsParser";
+import { mockSettings as fetchSettings } from "../utils/mocks/settings";
+const log = require("debug")("log");
+
+export const getProjectId = (apiKey) => {
+  //verify/decode projectID from API key
+  const decoded = jwt.verify(
+    apiKey,
+    Buffer.from(process.env.API_SECRET, "base64")
+  );
+  return decoded.projectId;
+};
+
+//get settings from external DB or endpoint
+//function might be modified to accomodate both sources
+export const getSettings = async (apiKey) => {
+  //fool linter
+  log(apiKey);
+
+  //mock the request for now with mocksettings
+  //settings need to come from source
+  //validate the settings by matching against predefined schema
+  const settings = parseSettings(fetchSettings(), true);
+  return settings;
+};
+
+const settingsMiddleware = async (req, res, next) => {
+  /* In multi-tenant app, projectID is retreived from API key in a custom HTTP header
+   ** For now we stick with multi-tenant and we will customize this to cater for **
+   ** single tenancy architecture in time where projectIDs are irrelevant **
+   ** In retrospect, expiry of API keys should be from MicroAPI, **
+   ** so making a request for settings with an invalid API key will be rejected **
+   */
+  try {
+    // we are calling our custom HTTP header X-MicroAPI-ProjectKey
+    const apiKey = req.headers["x-microapi-projectkey"];
+    if (!apiKey) throw new CustomError(401, "No API key found");
+
+    //validate apiKey
+    let projectId;
+    try {
+      projectId = getProjectId(apiKey);
+    } catch (error) {
+      throw new CustomError(401, "Invalid API key found");
+    }
+
+    // get settings from parent DB/source
+    const settings = await getSettings(apiKey);
+    if (settings.errors) {
+      throw new CustomError(400, "Invalid settings found", settings.errors);
+    }
+
+    //attach setting to request body
+    req.settings = settings;
+    req.projectId = projectId;
+
+    //pass to next middleware
+    next();
+  } catch (error) {
+    next(error);
+  }
+};
+
+export default settingsMiddleware;
diff --git a/src/utils/mocks/settings.js b/src/utils/mocks/settings.js
@@ -0,0 +1,237 @@
+export const mockSettings = () => [
+  {
+    setting_name: "Email Verification Callback",
+    setting_type: "String",
+    setting_key: "emailVerifyCallback",
+    setting_required: true,
+    setting_value: "/emailCallback",
+  },
+  {
+    setting_name: "Password Reset Callback",
+    setting_type: "String",
+    setting_key: "passwordResetCallback",
+    setting_required: true,
+    setting_value: "/passwordResetCallback",
+  },
+  {
+    setting_name: "Login Success Callback",
+    setting_type: "String",
+    setting_key: "successCallback",
+    setting_required: true,
+    setting_value: "successCallback",
+  },
+  {
+    setting_name: "MongoDB URI",
+    setting_type: "String",
+    setting_key: "mongoDbUri",
+    setting_required: true,
+    setting_value: "dbUriString",
+  },
+  {
+    setting_name: "Facebook Credentials",
+    setting_type: "Array",
+    setting_key: "facebookAuthProvider",
+    setting_required: false,
+    setting_value: [
+      {
+        setting_name: "Facebook Application ID",
+        setting_type: "String",
+        setting_key: "appID",
+        setting_value: null,
+        setting_required: true,
+      },
+      {
+        setting_name: "Facebook Application Secret",
+        setting_type: "String",
+        setting_key: "appSecret",
+        setting_value: null,
+        setting_required: true,
+      },
+    ],
+  },
+  {
+    setting_name: "Twitter Credentials",
+    setting_type: "Array",
+    setting_key: "twitterAuthProvider",
+    setting_required: false,
+    setting_value: [
+      {
+        setting_name: "Twitter Consumer Key",
+        setting_type: "String",
+        setting_key: "key",
+        setting_value: null,
+        setting_required: true,
+      },
+      {
+        setting_name: "Twitter Consumer Secret",
+        setting_type: "String",
+        setting_key: "secret",
+        setting_value: null,
+        setting_required: true,
+      },
+    ],
+  },
+  {
+    setting_name: "Github Credentials",
+    setting_type: "Array",
+    setting_key: "githubAuthProvider",
+    setting_required: false,
+    setting_value: [
+      {
+        setting_name: "Github Client ID",
+        setting_type: "String",
+        setting_key: "clientID",
+        setting_value: null,
+        setting_required: true,
+      },
+      {
+        setting_name: "Github Client Secret",
+        setting_type: "String",
+        setting_key: "clientSecret",
+        setting_value: null,
+        setting_required: true,
+      },
+    ],
+  },
+  {
+    setting_name: "Google Credentials",
+    setting_type: "Array",
+    setting_key: "googleAuthProvider",
+    setting_required: false,
+    setting_value: [
+      {
+        setting_name: "Google Client ID",
+        setting_type: "String",
+        setting_key: "clientID",
+        setting_value: null,
+        setting_required: true,
+      },
+      {
+        setting_name: "Google Client Secret",
+        setting_type: "String",
+        setting_key: "clientSecret",
+        setting_value: null,
+        setting_required: true,
+      },
+    ],
+  },
+];
+
+export const errorMockSettings = [
+  {
+    setting_name: "Email Verification Callback",
+    setting_type: "String",
+    setting_key: "emailVerifyCallback",
+    setting_required: true,
+    setting_value: "/emailCallback",
+  },
+  {
+    setting_name: "Password Reset Callback",
+    setting_type: "String",
+    setting_key: "passwordResetCallback",
+    setting_required: true,
+    setting_value: "/passwordResetCallback",
+  },
+  {
+    setting_name: "Login Success Callback",
+    setting_type: "String",
+    setting_key: "successCallback",
+    setting_required: true,
+    setting_value: "successCallback",
+  },
+  {
+    setting_name: "MongoDB URI",
+    setting_type: "String",
+    setting_key: "mongoDbUri",
+    setting_required: true,
+    setting_value: null,
+  },
+  {
+    setting_name: "Facebook Credentials",
+    setting_type: "Array",
+    setting_key: "facebookAuthProvider",
+    setting_required: false,
+    setting_value: [
+      {
+        setting_name: "Facebook Application ID",
+        setting_type: "String",
+        setting_key: "appID",
+        setting_value: null,
+        setting_required: true,
+      },
+      {
+        setting_name: "Facebook Application Secret",
+        setting_type: "String",
+        setting_key: "appSecret",
+        setting_value: null,
+        setting_required: true,
+      },
+    ],
+  },
+  {
+    setting_name: "Twitter Credentials",
+    setting_type: "Array",
+    setting_key: "twitterAuthProvider",
+    setting_required: false,
+    setting_value: [
+      {
+        setting_name: "Twitter Consumer Key",
+        setting_type: "String",
+        setting_key: "key",
+        setting_value: null,
+        setting_required: true,
+      },
+      {
+        setting_name: "Twitter Consumer Secret",
+        setting_type: "String",
+        setting_key: "secret",
+        setting_value: null,
+        setting_required: true,
+      },
+    ],
+  },
+  {
+    setting_name: "Github Credentials",
+    setting_type: "Array",
+    setting_key: "githubAuthProvider",
+    setting_required: false,
+    setting_value: [
+      {
+        setting_name: "Github Client ID",
+        setting_type: "String",
+        setting_key: "clientID",
+        setting_value: null,
+        setting_required: true,
+      },
+      {
+        setting_name: "Github Client Secret",
+        setting_type: "String",
+        setting_key: "clientSecret",
+        setting_value: null,
+        setting_required: true,
+      },
+    ],
+  },
+  {
+    setting_name: "Google Credentials",
+    setting_type: "Array",
+    setting_key: "googleAuthProvider",
+    setting_required: false,
+    setting_value: [
+      {
+        setting_name: "Google Client ID",
+        setting_type: "String",
+        setting_key: "clientID",
+        setting_value: null,
+        setting_required: true,
+      },
+      {
+        setting_name: "Google Client Secret",
+        setting_type: "String",
+        setting_key: "clientSecret",
+        setting_value: null,
+        setting_required: true,
+      },
+    ],
+  },
+];
