cidaas Interceptor for Node.js
Installation
npm install cidaas-interceptor-nodejs --save
check your package.json to verify the changes in the dependency section
Usage
The Cidaas Interceptor works as middleware for express.
If you want to use it for Fastify, you have to register it as a hook listening to the 'onRequest' event.
Configuration
import { CidaasInterceptor, CidaasInterceptorConfig } from "cidaas-interceptor-nodejs";
let interceptorConfig = new CidaasInterceptorConfig();
// add your cidaas base url to dicover the urls for you. it will internally discover the url from <cidaas-base-url>/.well-known/openid-configuration
interceptorConfig.baseUrl = "https://<cidaas-base-url>";
// Configure client_id and client_secret , This client must be non-interactive client
interceptorConfig.client_id = "YOUR CLIENT ID";
interceptorConfig.client_secret = "YOUR CLIENT SECRET";
// use_local_validation : enables the token validation done in offline , which will improve the performance, LocalTokenCache.removeToken(access_token) need to be called manully when the on the logout webhook
interceptorConfig.use_local_validation = true;
//Create the cidaas interceptor with the config
cidaas_interceptor = new CidaasInterceptor(interceptorConfig);
//Or update it's config later
cidaas_interceptor.setConfig(interceptorConfig);
Express js
var express = require('express');
var app = express();
var bodyParser = require("body-parser");
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
extended: true
})
);
Check Scope
app.get("/serviceurl", cidaas_interceptor.checkAccess({ scopes: ["cidaas:write"] }), function (req, res) {
// your code
});
Check Role
app.post("/serviceurl", cidaas_interceptor.checkAccess({ roles: ["Admin"] }), function (req, res) {
// your code
});
Check Role and Scope
app.get("/serviceurl", cidaas_interceptor.checkAccess({ scopes: ["cidaas:write"], roles: ["Admin"] }), function (req, res) {
// your code
});
DenyAll
app.get("/serviceurl", cidaas_interceptor.checkAccess({denyAll : true}), function (req, res) {
// your code
});
PermitAll
app.get("/serviceurl", cidaas_interceptor.checkAccess({permitAll : true}), function (req, res) {
// your code
});
Or just ignore the inceptor code
app.get("/serviceurl", function (req, res) {
// your code
});
Advanced
Check Role in custom group
app.post("/serviceurl", cidaas_interceptor.checkAccess({ roles: ["Admin"] }), function (req, res) {
// your code
});
Fastify
In Fastify, you have to register the interceptor with the .addHook("onRequest") method as follows:
server.js:
// Require the framework and instantiate it
const fastify = require("fastify")({
logger: true
});
Create some routes in a seperate file: routes.js
async function routes(fastify, options) {
fastify
.addHook(
"onRequest",
global.cidaas_interceptor.checkAccess({
scopes: ["myawesomescope:read"] //If you want to use scopes
})
)
.get("/hello", async (request, reply) => {
//Your code
return { hello: "world!" };
});
}
module.exports = routes;
then simply register the fastify routes in your server.js:
fastify.register(require("./routes"));
If you want other routes in the same server which are not protected or are protected with different scopes, you can achieve this by using fastify context:
otherroutes.js
async function routes(fastify, options) {
fastify
.get("/world", async (request, reply) => {
return { hello: "beautiful world" };
});
}
module.exports = routes;
Complete server.js example with configuration:
const fastify = require("fastify")({
logger: true
});
let interceptorConfig = new CidaasInterceptorConfig();
// add your cidaas base url to dicover the urls for you. it will internally discover the url from <cidaas-base-url>/.well-known/openid-configuration
interceptorConfig.baseUrl = "https://<cidaas-base-url>";
// Configure client_id and client_secret , This client must be non-interactive client
interceptorConfig.client_id = "YOUR CLIENT ID";
interceptorConfig.client_secret = "YOUR CLIENT SECRET";
// use_local_validation : enables the token validation done in offline , which will improve the performance, LocalTokenCache.removeToken(access_token) need to be called manully when the on the logout webhook
interceptorConfig.use_local_validation = true;
//Create the cidaas interceptor with the config
global.cidaas_interceptor = new CidaasInterceptor(interceptorConfig);
//Or update it's config later
global.cidaas_interceptor.setConfig(interceptorConfig);
//register another routes-file
fastify.register(require("./routes"));
fastify.register(require("./otherRoutes"));
// Declare a route
fastify.get("/", function(request: any, reply: any) {
reply.status(300).send({ hello: "world" });
});
// Run the server!
fastify.listen(3000, function(err: any, address: any) {
if (err) {
fastify.log.error(err);
process.exit(1);
}
fastify.log.info(`server listening on ${address}`);
});
The usage of the parameters for the intercepor are exactly the same as with the express examples
Note:
The cidaas_interceptor.expressMiddleware method is deprecated since version 2.4.0, please use the checkAccess-method instead.
Context variables (Magic variables)
Once the validation passed , cidaas will automatically add the __userid
and __access_token
in the Current header.
console.log(req.headers.__userId);
console.log(req.headers.__access_token);
It contains the userid of the access_token and the passed access_token