Added API key validation, JWT validation, Twitch OAuth validation, API key fetching. Needs severe clean up.
This commit is contained in:
commit
6c6cfd5d7e
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
dist/*
|
||||
node_modules/*
|
||||
.env
|
2347
package-lock.json
generated
Normal file
2347
package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load Diff
36
package.json
Normal file
36
package.json
Normal file
@ -0,0 +1,36 @@
|
||||
{
|
||||
"name": "hermes-web-express",
|
||||
"version": "1.0.0",
|
||||
"main": "src/index.js",
|
||||
"scripts": {
|
||||
"build": "npx tsc",
|
||||
"start": "node dist/index.js",
|
||||
"dev": "nodemon src/index.ts"
|
||||
},
|
||||
"keywords": [],
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"description": "",
|
||||
"dependencies": {
|
||||
"dotenv": "^16.4.5",
|
||||
"express": "^4.21.1",
|
||||
"express-rate-limit": "^7.4.1",
|
||||
"express-session": "^1.18.1",
|
||||
"helmet": "^8.0.0",
|
||||
"jsonwebtoken": "^9.0.2",
|
||||
"passport": "^0.7.0",
|
||||
"passport-jwt": "^4.0.1",
|
||||
"passport-local": "^1.0.0",
|
||||
"passport-openidconnect": "^0.1.2",
|
||||
"pg-promise": "^11.10.1",
|
||||
"typed-rest-client": "^2.1.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/express": "^5.0.0",
|
||||
"@types/node": "^22.7.5",
|
||||
"concurrently": "^9.0.1",
|
||||
"nodemon": "^3.1.7",
|
||||
"ts-node": "^10.9.2",
|
||||
"typescript": "^5.6.3"
|
||||
}
|
||||
}
|
197
src/index.ts
Normal file
197
src/index.ts
Normal file
@ -0,0 +1,197 @@
|
||||
import express, { Express, Request, Response } from "express";
|
||||
import pgPromise from "pg-promise";
|
||||
import rateLimit from "express-rate-limit";
|
||||
import helmet from "helmet";
|
||||
import dotenv from "dotenv";
|
||||
import * as httpm from 'typed-rest-client/HttpClient';
|
||||
|
||||
dotenv.config();
|
||||
|
||||
if (!process.env.CONNECTION_STRING) {
|
||||
throw new Error("Cannot find connection string.");
|
||||
}
|
||||
|
||||
const pgp = pgPromise({});
|
||||
const db = pgp(process.env.CONNECTION_STRING as string);
|
||||
|
||||
const limiter = rateLimit({
|
||||
legacyHeaders: true,
|
||||
standardHeaders: true,
|
||||
windowMs: 15 * 60 * 1000,
|
||||
limit: 200,
|
||||
max: 2,
|
||||
message: "Too many requests, please try again later.",
|
||||
keyGenerator: (req: Request) => req.ip as string,
|
||||
});
|
||||
|
||||
const app: Express = express();
|
||||
const port = process.env.PORT || 3000;
|
||||
|
||||
app.use(express.json());
|
||||
app.use(express.urlencoded());
|
||||
|
||||
var jwt = require('jsonwebtoken');
|
||||
const passport = require('passport');
|
||||
const JwtStrat = require('passport-jwt').Strategy;
|
||||
const ExtractJwt = require('passport-jwt').ExtractJwt;
|
||||
passport.use(new JwtStrat({
|
||||
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
|
||||
secretOrKey: process.env.JWT_SECRET,
|
||||
}, async (jwt_payload: any, done: any) => {
|
||||
console.log('jwt payload', jwt_payload);
|
||||
const user = await db.oneOrNone('SELECT id, name, role, "ttsDefaultVoice" FROM "User" WHERE id = $1', jwt_payload.id);
|
||||
console.log('jwt user', user)
|
||||
if (user) {
|
||||
done(null, user);
|
||||
} else {
|
||||
done(null, false);
|
||||
}
|
||||
}));
|
||||
const session = require('express-session')
|
||||
const OpenIDConnectStrategy = require('passport-openidconnect');
|
||||
app.use(session({
|
||||
key: 'passport',
|
||||
secret: process.env.AUTH_SECRET,
|
||||
resave: false,
|
||||
saveUninitialized: false,
|
||||
}));
|
||||
app.use(passport.initialize());
|
||||
app.use(passport.session());
|
||||
app.set('trust proxy', true);
|
||||
|
||||
passport.use(new OpenIDConnectStrategy({
|
||||
issuer: 'https://id.twitch.tv/oauth2',
|
||||
authorizationURL: 'https://id.twitch.tv/oauth2/authorize',
|
||||
tokenURL: 'https://id.twitch.tv/oauth2/token',
|
||||
clientID: process.env.AUTH_CLIENT_ID,
|
||||
clientSecret: process.env.AUTH_CLIENT_SECRET,
|
||||
callbackURL: process.env.AUTH_REDIRECT_URI,
|
||||
scope: 'user_read'
|
||||
}, async (url: any, profile: any, something: any, done: any) => {
|
||||
console.log('login', 'pus:', profile, url, something);
|
||||
const account: any = await db.oneOrNone('SELECT "userId" FROM "Account" WHERE "providerAccountId" = $1', profile.id);
|
||||
if (account != null) {
|
||||
const user: any = await db.oneOrNone('SELECT id, name, role, "ttsDefaultVoice" FROM "User" WHERE id = $1', account.userId);
|
||||
if (user.name != profile.username) {
|
||||
db.none('UPDATE "User" SET name = $1 WHERE id = $2', [profile.username, profile.id]);
|
||||
user.name = profile.username;
|
||||
}
|
||||
const impersonationId = await db.oneOrNone('SELECT "targetId" FROM "Impersonation" WHERE "sourceId" = $1', profile.id);
|
||||
if (impersonationId) {
|
||||
const impersonation = await db.oneOrNone('SELECT id, name, role, "ttsDefaultVoice" FROM "User" WHERE id = $1', impersonationId.targetId);
|
||||
if (impersonation) {
|
||||
user.impersonation = impersonation;
|
||||
}
|
||||
}
|
||||
return done(null, user);
|
||||
}
|
||||
return done(new Error('Account does not exist.'), null);
|
||||
}
|
||||
));
|
||||
|
||||
passport.serializeUser((user: any, done: any) => {
|
||||
if (!user)
|
||||
return done(new Error('user is null'), null);
|
||||
return done(null, user);
|
||||
});
|
||||
|
||||
passport.deserializeUser((user: any, done: any) => {
|
||||
done(null, user);
|
||||
});
|
||||
|
||||
app.get('/api/auth', passport.authenticate("openidconnect", { failureRedirect: '/login' }), (req: Request, res: Response) => {
|
||||
res.send('');
|
||||
});
|
||||
|
||||
app.get('/api/auth/jwt', passport.authenticate("jwt"), (req: Request, res: Response) => {
|
||||
res.send({ authenticated: true });
|
||||
});
|
||||
|
||||
app.get('/api/loggedin', (req: any, res: Response) => {
|
||||
res.send(['test test test ', req.user ? 'yes' : 'no']);
|
||||
});
|
||||
|
||||
async function isApiKeyAuthenticated(req: any, res: any, next: any) {
|
||||
const key = req.get('x-api-key');
|
||||
if (key && !req.user) {
|
||||
const data = await db.oneOrNone('SELECT "userId" from "ApiKey" WHERE id = $1', key);
|
||||
if (data) {
|
||||
console.log(data);
|
||||
const user = await db.oneOrNone('SELECT id, name, role, "ttsDefaultVoice" FROM "User" WHERE id = $1', data.userId);
|
||||
const impersonationId = await db.oneOrNone('SELECT "targetId" FROM "Impersonation" WHERE "sourceId" = $1', data.userId);
|
||||
if (impersonationId) {
|
||||
const impersonation = await db.oneOrNone('SELECT id, name, role, "ttsDefaultVoice" FROM "User" WHERE id = $1', impersonationId.targetId);
|
||||
if (impersonation) {
|
||||
user.impersonation = impersonation;
|
||||
}
|
||||
}
|
||||
req.user = user
|
||||
}
|
||||
}
|
||||
next()
|
||||
}
|
||||
|
||||
function isWebAuthenticated(req: any, res: any, next: () => void) {
|
||||
console.log('web authentication', req.user, req.sessionID, req.session);
|
||||
if (req.user) {
|
||||
next();
|
||||
return;
|
||||
}
|
||||
res.status(401).send({ message: 'User is not authenticated.' });
|
||||
}
|
||||
|
||||
const apiMiddlewares = [isApiKeyAuthenticated, passport.authenticate('jwt', { session: false }), isWebAuthenticated]
|
||||
|
||||
app.get('/api/keys', apiMiddlewares, async (req: any, res: any, next: any) => {
|
||||
const userId = req.user.id;
|
||||
const data = await db.manyOrNone('SELECT id, label FROM "ApiKey" WHERE "userId" = $1', userId);
|
||||
res.send(data);
|
||||
});
|
||||
|
||||
app.post("/api/auth/twitch/callback", async (req: any, res: any) => {
|
||||
console.log(req.headers['user-agent'])
|
||||
const query = `client_id=${process.env.AUTH_CLIENT_ID}&client_secret=${process.env.AUTH_CLIENT_SECRET}&code=${req.body.code}&grant_type=authorization_code&redirect_uri=${process.env.AUTH_REDIRECT_URI}`
|
||||
const rest = new httpm.HttpClient(null);
|
||||
const response = await rest.post('https://id.twitch.tv/oauth2/token', query, {
|
||||
'Content-Type': 'application/x-www-form-urlencoded'
|
||||
});
|
||||
const body = await response.readBody();
|
||||
const data = JSON.parse(body);
|
||||
if (!data || data.message) {
|
||||
console.log('Failed to validate Twitch code authentication:', data);
|
||||
res.send({ authenticated: false });
|
||||
return;
|
||||
}
|
||||
console.log('Successfully validated Twitch code authentication. Attempting to read user data from Twitch.')
|
||||
|
||||
const resp = await rest.get('https://api.twitch.tv/helix/users', {
|
||||
'Authorization': 'Bearer ' + data.access_token,
|
||||
'Client-Id': process.env.AUTH_CLIENT_ID
|
||||
});
|
||||
const b = await resp.readBody();
|
||||
const twitch = JSON.parse(b);
|
||||
if (!twitch?.data) {
|
||||
res.send({ authenticated: false });
|
||||
return;
|
||||
}
|
||||
|
||||
console.log('twitch data', twitch.data[0])
|
||||
|
||||
const account: any = await db.oneOrNone('SELECT "userId" FROM "Account" WHERE "providerAccountId" = $1', twitch.data[0].id);
|
||||
if (account != null) {
|
||||
const user: any = await db.one('SELECT id FROM "User" WHERE id = $1', account.userId);
|
||||
console.log('userrrr', user)
|
||||
|
||||
const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET, { expiresIn: '30d' });
|
||||
res.send({ authenticated: true, token: token });
|
||||
return;
|
||||
}
|
||||
res.send({ authenticated: false });
|
||||
});
|
||||
|
||||
app.use(helmet());
|
||||
app.use(limiter);
|
||||
|
||||
app.listen(port, () => {
|
||||
console.log(`[server]: Server is running at http://localhost:${port}`);
|
||||
});
|
0
src/middleware/auth0.middleware.ts
Normal file
0
src/middleware/auth0.middleware.ts
Normal file
110
tsconfig.json
Normal file
110
tsconfig.json
Normal file
@ -0,0 +1,110 @@
|
||||
{
|
||||
"compilerOptions": {
|
||||
/* Visit https://aka.ms/tsconfig to read more about this file */
|
||||
|
||||
/* Projects */
|
||||
// "incremental": true, /* Save .tsbuildinfo files to allow for incremental compilation of projects. */
|
||||
// "composite": true, /* Enable constraints that allow a TypeScript project to be used with project references. */
|
||||
// "tsBuildInfoFile": "./.tsbuildinfo", /* Specify the path to .tsbuildinfo incremental compilation file. */
|
||||
// "disableSourceOfProjectReferenceRedirect": true, /* Disable preferring source files instead of declaration files when referencing composite projects. */
|
||||
// "disableSolutionSearching": true, /* Opt a project out of multi-project reference checking when editing. */
|
||||
// "disableReferencedProjectLoad": true, /* Reduce the number of projects loaded automatically by TypeScript. */
|
||||
|
||||
/* Language and Environment */
|
||||
"target": "es2016", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
|
||||
// "lib": [], /* Specify a set of bundled library declaration files that describe the target runtime environment. */
|
||||
// "jsx": "preserve", /* Specify what JSX code is generated. */
|
||||
// "experimentalDecorators": true, /* Enable experimental support for legacy experimental decorators. */
|
||||
// "emitDecoratorMetadata": true, /* Emit design-type metadata for decorated declarations in source files. */
|
||||
// "jsxFactory": "", /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h'. */
|
||||
// "jsxFragmentFactory": "", /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */
|
||||
// "jsxImportSource": "", /* Specify module specifier used to import the JSX factory functions when using 'jsx: react-jsx*'. */
|
||||
// "reactNamespace": "", /* Specify the object invoked for 'createElement'. This only applies when targeting 'react' JSX emit. */
|
||||
// "noLib": true, /* Disable including any library files, including the default lib.d.ts. */
|
||||
// "useDefineForClassFields": true, /* Emit ECMAScript-standard-compliant class fields. */
|
||||
// "moduleDetection": "auto", /* Control what method is used to detect module-format JS files. */
|
||||
|
||||
/* Modules */
|
||||
"module": "commonjs", /* Specify what module code is generated. */
|
||||
// "rootDir": "./", /* Specify the root folder within your source files. */
|
||||
// "moduleResolution": "node10", /* Specify how TypeScript looks up a file from a given module specifier. */
|
||||
// "baseUrl": "./", /* Specify the base directory to resolve non-relative module names. */
|
||||
// "paths": {}, /* Specify a set of entries that re-map imports to additional lookup locations. */
|
||||
// "rootDirs": [], /* Allow multiple folders to be treated as one when resolving modules. */
|
||||
// "typeRoots": [], /* Specify multiple folders that act like './node_modules/@types'. */
|
||||
// "types": [], /* Specify type package names to be included without being referenced in a source file. */
|
||||
// "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */
|
||||
// "moduleSuffixes": [], /* List of file name suffixes to search when resolving a module. */
|
||||
// "allowImportingTsExtensions": true, /* Allow imports to include TypeScript file extensions. Requires '--moduleResolution bundler' and either '--noEmit' or '--emitDeclarationOnly' to be set. */
|
||||
// "resolvePackageJsonExports": true, /* Use the package.json 'exports' field when resolving package imports. */
|
||||
// "resolvePackageJsonImports": true, /* Use the package.json 'imports' field when resolving imports. */
|
||||
// "customConditions": [], /* Conditions to set in addition to the resolver-specific defaults when resolving imports. */
|
||||
// "noUncheckedSideEffectImports": true, /* Check side effect imports. */
|
||||
// "resolveJsonModule": true, /* Enable importing .json files. */
|
||||
// "allowArbitraryExtensions": true, /* Enable importing files with any extension, provided a declaration file is present. */
|
||||
// "noResolve": true, /* Disallow 'import's, 'require's or '<reference>'s from expanding the number of files TypeScript should add to a project. */
|
||||
|
||||
/* JavaScript Support */
|
||||
// "allowJs": true, /* Allow JavaScript files to be a part of your program. Use the 'checkJS' option to get errors from these files. */
|
||||
// "checkJs": true, /* Enable error reporting in type-checked JavaScript files. */
|
||||
// "maxNodeModuleJsDepth": 1, /* Specify the maximum folder depth used for checking JavaScript files from 'node_modules'. Only applicable with 'allowJs'. */
|
||||
|
||||
/* Emit */
|
||||
// "declaration": true, /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
|
||||
// "declarationMap": true, /* Create sourcemaps for d.ts files. */
|
||||
// "emitDeclarationOnly": true, /* Only output d.ts files and not JavaScript files. */
|
||||
// "sourceMap": true, /* Create source map files for emitted JavaScript files. */
|
||||
// "inlineSourceMap": true, /* Include sourcemap files inside the emitted JavaScript. */
|
||||
// "noEmit": true, /* Disable emitting files from a compilation. */
|
||||
// "outFile": "./", /* Specify a file that bundles all outputs into one JavaScript file. If 'declaration' is true, also designates a file that bundles all .d.ts output. */
|
||||
"outDir": "./dist", /* Specify an output folder for all emitted files. */
|
||||
// "removeComments": true, /* Disable emitting comments. */
|
||||
// "importHelpers": true, /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
|
||||
// "downlevelIteration": true, /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
|
||||
// "sourceRoot": "", /* Specify the root path for debuggers to find the reference source code. */
|
||||
// "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */
|
||||
// "inlineSources": true, /* Include source code in the sourcemaps inside the emitted JavaScript. */
|
||||
// "emitBOM": true, /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */
|
||||
// "newLine": "crlf", /* Set the newline character for emitting files. */
|
||||
// "stripInternal": true, /* Disable emitting declarations that have '@internal' in their JSDoc comments. */
|
||||
// "noEmitHelpers": true, /* Disable generating custom helper functions like '__extends' in compiled output. */
|
||||
// "noEmitOnError": true, /* Disable emitting files if any type checking errors are reported. */
|
||||
// "preserveConstEnums": true, /* Disable erasing 'const enum' declarations in generated code. */
|
||||
// "declarationDir": "./", /* Specify the output directory for generated declaration files. */
|
||||
|
||||
/* Interop Constraints */
|
||||
// "isolatedModules": true, /* Ensure that each file can be safely transpiled without relying on other imports. */
|
||||
// "verbatimModuleSyntax": true, /* Do not transform or elide any imports or exports not marked as type-only, ensuring they are written in the output file's format based on the 'module' setting. */
|
||||
// "isolatedDeclarations": true, /* Require sufficient annotation on exports so other tools can trivially generate declaration files. */
|
||||
// "allowSyntheticDefaultImports": true, /* Allow 'import x from y' when a module doesn't have a default export. */
|
||||
"esModuleInterop": true, /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */
|
||||
// "preserveSymlinks": true, /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
|
||||
"forceConsistentCasingInFileNames": true, /* Ensure that casing is correct in imports. */
|
||||
|
||||
/* Type Checking */
|
||||
"strict": true, /* Enable all strict type-checking options. */
|
||||
// "noImplicitAny": true, /* Enable error reporting for expressions and declarations with an implied 'any' type. */
|
||||
// "strictNullChecks": true, /* When type checking, take into account 'null' and 'undefined'. */
|
||||
// "strictFunctionTypes": true, /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
|
||||
// "strictBindCallApply": true, /* Check that the arguments for 'bind', 'call', and 'apply' methods match the original function. */
|
||||
// "strictPropertyInitialization": true, /* Check for class properties that are declared but not set in the constructor. */
|
||||
// "strictBuiltinIteratorReturn": true, /* Built-in iterators are instantiated with a 'TReturn' type of 'undefined' instead of 'any'. */
|
||||
// "noImplicitThis": true, /* Enable error reporting when 'this' is given the type 'any'. */
|
||||
// "useUnknownInCatchVariables": true, /* Default catch clause variables as 'unknown' instead of 'any'. */
|
||||
// "alwaysStrict": true, /* Ensure 'use strict' is always emitted. */
|
||||
// "noUnusedLocals": true, /* Enable error reporting when local variables aren't read. */
|
||||
// "noUnusedParameters": true, /* Raise an error when a function parameter isn't read. */
|
||||
// "exactOptionalPropertyTypes": true, /* Interpret optional property types as written, rather than adding 'undefined'. */
|
||||
// "noImplicitReturns": true, /* Enable error reporting for codepaths that do not explicitly return in a function. */
|
||||
// "noFallthroughCasesInSwitch": true, /* Enable error reporting for fallthrough cases in switch statements. */
|
||||
// "noUncheckedIndexedAccess": true, /* Add 'undefined' to a type when accessed using an index. */
|
||||
// "noImplicitOverride": true, /* Ensure overriding members in derived classes are marked with an override modifier. */
|
||||
// "noPropertyAccessFromIndexSignature": true, /* Enforces using indexed accessors for keys declared using an indexed type. */
|
||||
// "allowUnusedLabels": true, /* Disable error reporting for unused labels. */
|
||||
// "allowUnreachableCode": true, /* Disable error reporting for unreachable code. */
|
||||
|
||||
/* Completeness */
|
||||
// "skipDefaultLibCheck": true, /* Skip type checking .d.ts files that are included with TypeScript. */
|
||||
"skipLibCheck": true /* Skip type checking all .d.ts files. */
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user