plandev-gateway/src/packages/auth/routes.ts at 8115cd5994922a8047c9372b4b33ffe8e5413196 · NASA-AMMOS/plandev-gateway · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
import type { Express } from 'express';
import rateLimit from 'express-rate-limit';
import { getEnv } from '../../env.js';
import { login, session } from './functions.js';
import { AuthAdapter } from '../../types/auth.js';

export default (app: Express, auth: AuthAdapter) => {
  const { RATE_LIMITER_LOGIN_MAX } = getEnv();

  const loginLimiter = rateLimit({
    legacyHeaders: false,
    max: RATE_LIMITER_LOGIN_MAX,
    standardHeaders: true,
    windowMs: 15 * 60 * 1000, // 15 minutes
  });

  /**
   * @swagger
   * /auth/login:
   *   post:
   *     consumes:
   *       - application/json
   *     produces:
   *       - application/json
   *     requestBody:
   *       description: User's credentials
   *       required: true
   *       content:
   *         application/json:
   *           schema:
   *             type: object
   *             properties:
   *               username:
   *                 type: string
   *               password:
   *                 type: string
   *     responses:
   *       200:
   *         description: AuthResponse
   *     summary: Login to initiate a session
   *     tags:
   *       - Auth
   */
  app.post('/auth/login', loginLimiter, async (req, res) => {
    const { body } = req;
    const { username, password } = body;
    const response = await login(username, password);
    res.json(response);
  });

  /**
   * @swagger
   * /auth/validateSSO:
   *   get:
   *     parameters:
   *       - in: cookie
   *         name: AUTH_SSO_TOKEN_NAME
   *         schema:
   *           type: string
   *         description: SSO token cookie that is named according to the gateway environment variable
   *     produces:
   *       - application/json
   *     responses:
   *       200:
   *         description: AuthResponse
   *     summary: Validates a user's SSO token against external auth providers
   *     tags:
   *       - Auth
   */
  app.get('/auth/validateSSO', loginLimiter, async (req, res) => {
    const { token, success, message, userId, redirectURL } = await auth.validate(req);
    const resp = {
      message,
      redirectURL,
      success,
      token,
      userId,
    };
    res.json(resp);
  });

  /**
   * @swagger
   * /auth/logoutSSO:
   *   get:
   *     parameters:
   *       - in: cookie
   *         name: AUTH_SSO_TOKEN_NAME
   *         schema:
   *           type: string
   *         description: SSO token cookie that is named according to the gateway environment variable
   *     produces:
   *       - application/json
   *     responses:
   *       200:
   *        description: boolean
   *     summary: Invalidates a user's SSO token against external auth providers
   *     tags:
   *       - Auth
   */
  app.get('/auth/logoutSSO', async (req, res) => {
    const success = await auth.logout(req);
    res.json({ success });
  });

  /**
   * @swagger
   * /auth/session:
   *   get:
   *     security:
   *       - bearerAuth: []
   *     produces:
   *       - application/json
   *     responses:
   *       200:
   *         description: SessionResponse
   *     summary: Checks if a session token is valid or invalid
   *     tags:
   *       - Auth
   */
  app.get('/auth/session', async (req, res) => {
    const authorizationHeader = req.get('authorization');
    const response = await session(authorizationHeader);
    res.json(response);
  });
};