Allow fine-grained user validation in Satellite middleware #1930
Assignees
Labels
area: satellite
Issues related to the Satellite microservice project
type: enhancement
New feature or request
type: security
Security concerns
Comments
humphd
added
type: enhancement
humphd
added a commit
to humphd/satellite
that referenced
this issue
Mar 18, 2021
humphd
added a commit
to humphd/satellite
that referenced
this issue
Mar 18, 2021
humphd
added a commit
to humphd/satellite
that referenced
this issue
Mar 18, 2021
|
Fixing this in DevelopingSpace/satellite#8. |
tpmai22
added a commit
that referenced
this issue
Mar 8, 2022
* Initial work * Docs and bodyParser * fix: correct typo and add missing quotation mark * Move router onto Satellite instance * Use built-in body parsing with Express * Add tests for body parsers * Add GitHub CI + README badge * Fix package-lock.json sync with package.json * Fix README build badge URL * Add release workflow * 1.0.1 * Use standard tag format for npm with v prefix * 1.0.2 * Release yaml fix * 1.0.3 * Explicitly set package public for npm publish * 1.0.4 * Remove private field completely in order to publish to npm * 1.0.5 * Switch org name to @senecacdot * 1.0.6 * Update lock file * 1.0.7 * Expose Router from package * 1.1.0 * Switch from new Router() to Router() * 1.1.1 * Use env variables to start apm monitoring sooner * 1.2.0 * Switch to ELASTIC_APM_SERVER_URL, better 404 reporting, refactor Router() * 1.3.0 * Add beforeParsers and beforeRouter options with tests * 1.4.0 * Add pino-colada for debug logging * Improve logging, use ELASTIC_APM_SERVICE_NAME env var, add router option to ctor * 1.5.0 * Remove pino-tiny dep * Fix logger picking logic on startup * 1.5.1 * Document healthCheck and add more tests * 1.5.2 * Add default favicon support * 1.6.0 * Update README install instructions, deps * 1.6.1 * Add JWT validation, tests, and update docs * 1.7.0 * Ported Hash to Satellite * Removed Redundant Code, Added Comment Block, Fixed Import * Re-add crypto * Add test for req.user * Refactor into src/, breakup middleware authenticate vs. authorize, remove favicon * 1.8.0 * Init Prettier Commit * Adds the createError module for use in Telescope (#5) * Fixed CreateError module, use http-errors * removed merge conflict errors * Added Docs in README Co-authored-by: David Humphrey <david.andrew.humphrey@gmail.com> * Finish prettier integration * Fix workflows * Prettier for jest.config.js * Update deps, fix prettier-check on windows * 1.8.5 * Specify main entry point in package.json * 1.8.6 * Add .husky directory and pre-commit hook * Fix #1930 * Support credentials for HTTPS vs. HTTP server * 1.8.7 * Don't install Husky on postinstall * 1.8.8 * Add support for generating a service token * 1.9.0 * Updated redis and added ping test * Updated redis export * Fixed Redis test case * 1.10.0 * isAuthorized() always takes a function with req, user params * 1.11.0 * 1.12.0 * Initial Elastic client code * Updated elastic contructor, add initial tests * Fixed elastic search client, mock elastic connection * Updated README.md with Elastic() info * 1.13.0 * Add shutDown() to allow killing connections * 1.14.0 * Add automatic, graceful shutdown for Redis and Elastic clients * Update deps for 1.14.0 * 1.15.0 * Initial exported Fetch() function to Satellite * Updated exports to require node-fetch instead of it being in a separate file * Updated spelling to 'fetch' and updated tests to use nock * Removed done() from tests and moved node-fetch to be a dependency vs dev-dependency * Update lock file * 1.16.0 * chore: include nodejs 16 in the CI build matrix * feat: add auto-opt-out of FLoC * 1.17.0 * Add eslint to satellite * adding and configuring eslint * Fixing linting errors * configuring anti-trojan-source plugin * adding lint to pre-commit hook * Removing ts from eslint run and removing comment * removing unused function validateAuthorizationOptions * Adding no-unused-vars override to test.js and removing the override from config * Adding ESLint to CI runs * Integrating eslint with the release workflow * Fix Dependencies: * Remove elastic-apm-node * Remove @elastic/ecs-pino-format * Update Jest (To fix deprecated dependencies) * * Update pino * Switch from express-pino-logger to pino-http * Standardize Dependencies * Configure Renovate (#23) * Configure renovate bot Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Duke Manh <manhducdkcb@gmail.com> * chore(deps): update dependency pretty-quick to v3.1.3 * fix(deps): update dependency express to v4.17.2 * fix(deps): update dependency node-fetch to v2.6.7 * fix(deps): update dependency @elastic/elasticsearch-mock to v0.3.1 * fix(deps): update dependency http-errors to v1.8.1 * chore(deps): update dependency eslint to v8.7.0 * chore(deps): update dependency eslint-plugin-anti-trojan-source to v1.1.0 * chore(deps): update dependency eslint-plugin-jest to v25.7.0 * chore(deps): update dependency husky to v5.2.0 * Switch npm to pnpm * Release v1.18.0 * 1.20.0 * 1.21.0 * Use --no-git-checks with pnpm publish to avoid failure on CI * 1.22.0 * remove pre-commit * Release v1.23.0 * fix(deps): update dependency pino-pretty to v7.5.1 * fix(deps): update dependency pino to v7.6.5 * chore(deps): update dependency eslint to v8.8.0 * chore(deps): update dependency nock to v13.2.2 * bump prettier to v2.5.1 and run prettier on entire tree * fix(deps): update dependency @elastic/elasticsearch to v7.16.0 * fix(deps): update dependency @godaddy/terminus to v4.10.2 (#48) Co-authored-by: Renovate Bot <bot@renovateapp.com> * fix(deps): update dependency express-jwt to v6.1.0 * fix(deps): update dependency ioredis to v4.28.3 (#50) Co-authored-by: Renovate Bot <bot@renovateapp.com> * fix(deps): update dependency ioredis-mock to v5.9.1 * fix-renovate-bot * Refactoring elastic.js so mock is exported for tests - Adding tests for mock Elastic() - Added mock Elastic() description in README.md * Release v1.24.0 * chore(deps): update dependency nock to v13.2.4 * fix(deps): update dependency ioredis to v4.28.4 (#55) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update dependency jest to v27.5.0 (#56) Co-authored-by: Renovate Bot <bot@renovateapp.com> * fix(deps): update dependency ioredis to v4.28.5 * fix(deps): update dependency @elastic/elasticsearch to v7.17.0 * chore(deps): update dependency jest to v27.5.1 (#59) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update dependency eslint to v8.9.0 (#60) Co-authored-by: Renovate Bot <bot@renovateapp.com> * changed all uses of SECRET -> JWT_SECRET * Release v1.25.0 * Adding more tests for createError * fix(deps): update dependency express to v4.17.3 * fix(deps): update dependency pino to v7.8.0 (#66) Co-authored-by: Renovate Bot <bot@renovateapp.com> * adding ES error cases to createError * Release v.1.26.0 * fix(deps): update dependency express-jwt to v6.1.1 * chore(deps): update dependency eslint to v8.10.0 * fix(deps): update dependency ioredis-mock to v7 * fix(deps): update dependency ioredis-mock to v7.1.0 * fix(deps): update dependency pino-pretty to v7.5.3 * chore(deps): update dependency husky to v7 * chore(deps): update dependency eslint-plugin-jest to v26 * fix(deps): update dependency helmet to v5 * set default values for status and argToSend so they're not undefined * Delete unneded config files from Satellite repo Co-authored-by: David Humphrey <david.andrew.humphrey@gmail.com> Co-authored-by: Josue <josue.quilon-barrios@senecacollege.ca> Co-authored-by: Metropass <moho472@gmail.com> Co-authored-by: Mo <58116522+Metropass@users.noreply.github.com> Co-authored-by: Abdulbasid Guled <guled.basid@gmail.com> Co-authored-by: Josue <manekenpix@fastmail.com> Co-authored-by: dhillonks <kunwarvir@hotmail.com> Co-authored-by: Kevan-Y <58233223+Kevan-Y@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Duke Manh <manhducdkcb@gmail.com> Co-authored-by: Cindy Le <cindyledev@gmail.com> Co-authored-by: AmasiaNalbandian <amasia.nalbandian@mitel.com> Co-authored-by: Amasia <77639637+AmasiaNalbandian@users.noreply.github.com> Co-authored-by: rclee91 <32626950+rclee91@users.noreply.github.com> Co-authored-by: Jia Hua Zou <jiahua.zou1@gmail.com> Co-authored-by: Joel Azwar <joel_azwar@yahoo.com> Co-authored-by: Anatoliy Serputoff <65831678+aserputov@users.noreply.github.com> Co-authored-by: tpmai <thienphuoc.0108@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In certain places we need to be able to do custom checks against certain claims for the currently authenticated user. An authenticated user sends a JWT bearer token, which includes claims like their id (
sub) and theirroles, etc.We need a simple way for microservices to be able to inspect the user's claims, and decide whether or not a user is authorized to make some request.
Satellite already has middleware for doing most of this, but it needs to be extended. Consider:
Let's add the ability for the
isAuthorized()middleware to accept a function calledauthorizeUser(). If defined, it should get passed the authenticated user (e.g., the decoded payload from the JWT token), and the caller can use that in order to do some comparisons and returntrueorfalse. If the function returnstrue, we allow the request. Iffalsewe don't.The text was updated successfully, but these errors were encountered: