Roie Schwaber-Cohen rschwabco
rschwabco
/ policy.rego
Created
December 16, 2021 21:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package asertodemo.GET.api.protected | |
| default allowed = false | |
| allowed { | |
| some index | |
| input.user.attributes.roles[index] == "admin" | |
| } |
rschwabco
/ main-section.js
Created
December 16, 2021 21:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <div className="main"> | |
| {isAuthenticated && ( | |
| <> | |
| <div className="top-main"> | |
| <div className="welcome-message"> | |
| Welcome {auth.userData?.profile?.email}! | |
| </div> | |
| <div> | |
| {!message && ( | |
| <button |
rschwabco
/ access-sensitive-information.js
Created
December 16, 2021 21:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const [message, setMessage] = useState(false); | |
| const accessSensitiveInformation = useCallback(async () => { | |
| try { | |
| if (!auth.isLoading) { | |
| const accessToken = auth.userData?.id_token; | |
| const sensitiveInformationURL = `${process.env.REACT_APP_API_ORIGIN}/api/protected`; | |
| const sensitiveDataResponse = await fetch(sensitiveInformationURL, { | |
| headers: { | |
| Authorization: `Bearer ${accessToken}`, | |
| }, |
rschwabco
/ use-middleware.js
Created
December 16, 2021 21:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Enable CORS | |
| app.use(cors()); | |
| // Protected API endpoint | |
| app.get("/api/protected", checkJwt, function (req, res) { | |
| //send the response | |
| res.json({ | |
| secretMessage: "Here you go, very sensitive information for ya!", | |
| }); | |
| }); | |
| // Launch the API Server at localhost:8080 |
rschwabco
/ check-jwt.js
Created
December 16, 2021 21:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Paste after the dependencies | |
| const checkJwt = jwt({ | |
| // Dynamically provide a signing key based on the kid in the header and the signing keys provided by the JWKS endpoint | |
| secret: jwksRsa.expressJwtSecret({ | |
| cache: true, | |
| rateLimit: true, | |
| jwksRequestsPerMinute: 5, | |
| jwksUri: process.env.JWKS_URI, | |
| }), | |
| // Validate the audience and the issuer |
rschwabco
/ dependencies.js
Created
December 16, 2021 21:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require("dotenv").config(); | |
| const express = require("express"); | |
| const jwt = require("express-jwt"); | |
| const jwksRsa = require("jwks-rsa"); | |
| const cors = require("cors"); | |
| const app = express(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import React, { useEffect } from "react"; | |
| import { useAuth } from "oidc-react"; | |
| function App() { | |
| const auth = useAuth(); | |
| const isAuthenticated = auth.userData?.id_token ? true : false; | |
| //If the user logs out, redirect them to the login page | |
| useEffect(() => { | |
| if (!auth.isLoading && !isAuthenticated) { | |
| auth.signIn(); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <link rel="stylesheet" href="https://aserto-remote-css.netlify.app/react-and-node-quickstart.css"/> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ReactDOM.render( | |
| <React.StrictMode> | |
| <AuthProvider {...configuration}> | |
| <App /> | |
| </AuthProvider> | |
| </React.StrictMode>, | |
| document.getElementById("root") | |
| ); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const configuration = { | |
| authority: `https://${process.env.REACT_APP_OIDC_DOMAIN}/dex`, | |
| clientId: process.env.REACT_APP_OIDC_CLIENT_ID, | |
| autoSignIn: true, | |
| responseType: "id_token", | |
| scope: "openid profile email", | |
| redirectUri: window.location.origin, | |
| audience: process.env.REACT_APP_OIDC_AUDIENCE, | |
| onSignIn: () => { | |
| window.location.replace(window.location.origin); |