ggoodman · March 5, 2018 19:50
diff --git a/jwt-authz.js b/jwt-authz.js
 'use strict';

 const Assert = require('assert');

 Assert.ok(module.webtask.secrets['jwt-scope'], 'The jwt-scope secret is required for the jwt-authz');

 module.exports = () => {
  const requiredScopes = module.webtask.secrets['jwt-scope'].split(/\s+/);
  
  return function middleware(req, res, next) {
    if (!req.user) {
      const error = new Error('Unauthenticated request');
      error.statusCode = 403;
      return next(error);
    }
    const authenticatedScopes = (req.user.scope || '').split(/\s+/);
    const hasScope = requiredScope => authenticatedScopes.indexOf(requiredScope) !== -1;
    
    if (!authenticatedScopes.every(hasScope)) {
      const error = new Error(`Unauthorized: Missing required scopes '${requiredScopes.join(' ')}'`);
      error.statusCode = 401;
      return next(error);
    }
    
    return next();
  };
 };
diff --git a/jwt-middleware.js b/jwt-middleware.js
 'use strict';

 const Assert = require('assert');
 const ExpressJwt = require('express-jwt');
 const JwksRsa = require('jwks-rsa');

 Assert.ok(module.webtask.secrets['jwt-audience'], 'The jwt-audience secret is required for the jwt-middleware');
 Assert.ok(module.webtask.secrets['jwt-issuer'], 'The jwt-issuer secret is required for the jwt-middleware');

 module.exports = () => {
  const jwtAudience = module.webtask.secrets['jwt-audience'];
  const jwtIssuer = module.webtask.secrets['jwt-issuer'];
  
  const loadRsaKey = JwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `${jwtIssuer}.well-known/jwks.json`,
  });
  
  const middleware = ExpressJwt({
    algorithms: ['RS256'],
    audience: jwtAudience,
    issuer: jwtIssuer,
    secret: loadRsaKey,
  });
  
  return middleware;
 };
	'use strict';

	const Assert = require('assert');

	Assert.ok(module.webtask.secrets['jwt-scope'], 'The jwt-scope secret is required for the jwt-authz');

	module.exports = () => {
	const requiredScopes = module.webtask.secrets['jwt-scope'].split(/\s+/);

	return function middleware(req, res, next) {
	if (!req.user) {
	const error = new Error('Unauthenticated request');
	error.statusCode = 403;
	return next(error);
	}
	const authenticatedScopes = (req.user.scope \|\| '').split(/\s+/);
	const hasScope = requiredScope => authenticatedScopes.indexOf(requiredScope) !== -1;

	if (!authenticatedScopes.every(hasScope)) {
	const error = new Error(`Unauthorized: Missing required scopes '${requiredScopes.join(' ')}'`);
	error.statusCode = 401;
	return next(error);
	}

	return next();
	};
	};
	'use strict';

	const Assert = require('assert');
	const ExpressJwt = require('express-jwt');
	const JwksRsa = require('jwks-rsa');

	Assert.ok(module.webtask.secrets['jwt-audience'], 'The jwt-audience secret is required for the jwt-middleware');
	Assert.ok(module.webtask.secrets['jwt-issuer'], 'The jwt-issuer secret is required for the jwt-middleware');

	module.exports = () => {
	const jwtAudience = module.webtask.secrets['jwt-audience'];
	const jwtIssuer = module.webtask.secrets['jwt-issuer'];

	const loadRsaKey = JwksRsa.expressJwtSecret({
	cache: true,
	rateLimit: true,
	jwksRequestsPerMinute: 5,
	jwksUri: `${jwtIssuer}.well-known/jwks.json`,
	});

	const middleware = ExpressJwt({
	algorithms: ['RS256'],
	audience: jwtAudience,
	issuer: jwtIssuer,
	secret: loadRsaKey,
	});

	return middleware;
	};