refactor(plugins): convert jwt-jwks util to fastify plugin

Fdawgs · Jan 26, 2021 · 7e954d1 · 7e954d1
1 parent b4e0a49
commit 7e954d1
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 32 deletions.
diff --git a/src/utils/jwt-jwks-auth.js → src/plugins/jwt-jwks-auth.js b/src/utils/jwt-jwks-auth.js → src/plugins/jwt-jwks-auth.js
@@ -1,4 +1,5 @@
 /* eslint-disable promise/prefer-await-to-callbacks */
+const fp = require("fastify-plugin");
 const jwt = require("jsonwebtoken");
 const jwksClient = require("jwks-rsa");
 
@@ -16,7 +17,9 @@ async function getSigningKey(token, jwksUri) {
 			strictSsl: true, // Default value
 			jwksUri,
 		});
+
 		const decoded = jwt.decode(token, { complete: true });
+
 		client.getSigningKey(decoded.header.kid, (err, key) => {
 			if (err) {
 				reject(err);
@@ -30,40 +33,40 @@ async function getSigningKey(token, jwksUri) {
 
 /**
  * @author Frazer Smith
- * @description Authenticate JWT using JWKS endpoint.
- * @param {object} options -
- * @returns {Function} callback.
+ * @description Decorator plugin that adds `verifyJWT` function
+ * to authenticate JWTs using JWKS endpoint.
+ * @param {Function} server - Fastify instance.
+ * @param {object} options - Fastify config values.
  */
-module.exports = function jwtJwksAuth(options) {
-	return async (req, res, next) => {
-		const header = req.raw.headers.authorization;
+async function plugin(server, options) {
+	server.decorate("verifyJWT", async (req) => {
+		const header = req.headers.authorization;
 		if (!header) {
-			next(new Error("missing authorization header"));
+			throw new Error("missing authorization header");
 		}
 
 		// Remove 'Bearer' from beginning of token
 		const token = header.substring(6).trim();
-		try {
-			const signingKey = await getSigningKey(token, options.jwksEndpoint);
-			jwt.verify(
-				token,
-				signingKey,
-				{
-					audience: options.allowedAudiences,
-					algorithms: options.allowedAlgorithms,
-					ignoreExpiration: false,
-					issuer: options.allowedIssuers,
-					maxAge: options.maxAge,
-				},
-				(err) => {
-					if (err) {
-						throw err;
-					}
-					return next();
+
+		const signingKey = await getSigningKey(token, options.jwksEndpoint);
+
+		jwt.verify(
+			token,
+			signingKey,
+			{
+				audience: options.allowedAudiences,
+				algorithms: options.allowedAlgorithms,
+				ignoreExpiration: false,
+				issuer: options.allowedIssuers,
+				maxAge: options.maxAge,
+			},
+			(err) => {
+				if (err) {
+					throw err;
 				}
-			);
-		} catch (err) {
-			next(err);
-		}
-	};
-};
+			}
+		);
+	});
+}
+
+module.exports = fp(plugin, { fastify: "3.x" });
diff --git a/src/routes/redirect/index.js b/src/routes/redirect/index.js
@@ -3,7 +3,6 @@ const fp = require("fastify-plugin");
 // Import plugins
 const replyFrom = require("fastify-reply-from");
 const bearer = require("fastify-bearer-auth").internals.factory;
-// const jwtJwks = require("../../utils/jwt-jwks-auth");
 
 const { redirectGetSchema } = require("./schema");
 
@@ -28,7 +27,7 @@ async function route(server, options) {
 		url: "/STU3/*",
 		schema: redirectGetSchema,
 		preHandler: server.auth([
-			// jwtJwks(options.jwt),
+			server.verifyJWT,
 			bearer({ keys: options.authKeys }),
 		]),
 		handler(req, rep) {

diff --git a/src/server.js b/src/server.js
@@ -8,6 +8,7 @@ const cors = require("fastify-cors");
 const helmet = require("fastify-helmet");
 const helmConfig = require("helmet");
 const disableCache = require("fastify-disablecache");
+const jwtJwks = require("./plugins/jwt-jwks-auth");
 
 /**
  * @author Frazer Smith
@@ -18,6 +19,7 @@ const disableCache = require("fastify-disablecache");
 async function plugin(server, config) {
 	// Enable plugins
 	server
+		.register(jwtJwks, config.jwt)
 		.register(auth)
 		// Use CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
 		.register(cors, config.cors)