feat: glee authentication

[oviecodes]

Description
Glee Authentication PR
In order to introduce authentication to Glee, I've been looking at the middleware, which offers the most opportunity as we advance.

One idea is to create an authentication middleware that reads the user’s authentication.
The authentication file will be similar to a lifecycle event, it will have the serverand the channel export along with a default export.

In the authMiddleware.ts file:

    // authMiddleware.ts
    import { AsyncAPIDocument } from "@asyncapi/parser";
    import { MiddlewareCallback } from "./index.js";
    import GleeMessage from "../lib/message.js";
    export default (asyncapi: AsyncAPIDocument) =>
      (event: GleeMessage, next: MiddlewareCallback) => {
        const componentNames = asyncapi.components();
        console.log("security schemes", componentNames.securitySchemes());
        if (Object.keys(componentNames.securitySchemes()).length == 0)
          return next();
        if (componentNames.securitySchemes()) {
          console.log("Authentication should happen here", event.channel);
          //check if channel matches, then
          //call user authentication function from file
          return next();
        }
        return next();
      }; 

The authentication file will take the following format

    export default async function ({ glee, connection }) {
      //user authentication logic
    }
    
    export const servers = ['websockets']
    export const channels = ['user/signedup']

In the index.ts file:

 //index.ts
    ...
    import authMiddleware from "./middlewares/authMiddleware.js";
    ...
    app.use(authMiddleware(parsedAsyncAPI));
    app.useInbound(authMiddleware(parsedAsyncAPI));

app.useInbound() doesn’t exist in the codebase so it’ll be created

We’ll create a file that allows us to parse the user authentication similar to what Glee does with lifecycle events.

Another idea I’ve been trying to explore is to see if Glee middleware is extendable, if it’s possible we could allow the user to write a middleware then read such middleware and pass it to Glee during initialization.

    export default (asyncapi) =>
      (event, next) => {
        //authentication logic
          return next();
        }
        return next();
      };

Since app.useOutbound() already supports channel property as follows:

app.useOutBound("/", authMiddleware(parsedAsyncAPI))

Restriction of auths to a particular channel should be easy. We could make app.useInbound() exactly like app.useOutbound() but for incoming messages.

Related issue(s)
Discusses #377

@Souvikns @KhudaDad414 @fmvilas
#377

[coveralls]

Pull Request Test Coverage Report for Build 5015786436

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 60.53%

---

Totals
Change from base Build 4992049315:	0.0%
Covered Lines:	324
Relevant Lines:	454

---

💛 - Coveralls

[KhudaDad414]

A few questions:

1. When is it going to authenticate? on connection or for each message? on connection makes sense since web-socket is a stateful protocol right?
2. how are we going to handle different authentication types? 🤔
3. It is only for web-socket right? so if we add a middleware it kinda runs for all of the protocols right? shouldn't the web-socket adapter handle this since it is something that doesn't apply to all of the protocols but for a specific one? 🤔
4. What are the things that needs to be done from your part and what does it mean for a Glee user?
   Assume I am a user and want to authenticate my web-socket requests, What it means if glee acts as a client and what does it mean if Glee acts as a server?

Sorry, lots of questions. 😆 just want everything to be clear.

[oviecodes]

No problems @KhudaDad414 the questions are necessary.

1. I was going for authentication on each message, but now you mentioned it Authentication on connection makes the most sense. I was thinking about authenticating different endpoints hence the middleware idea.

2. In the middleware system, handling the authentication method depends on the user of glee, all they have to do is write the authentication logic in a file. However, when using the adapters, the responsibility falls on glee.

I will take a look at the WebSockets adapters compared to others. I think an authentication property could be added there. Further inputs are welcomed @Souvikns @KhudaDad414 I will really appreciate it

I do have a question about authentication on connection since WebSockets are stateless, doesn't that mean each request is independent and we would need a type of cache to track authenticated clients?

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[oviecodes]

This discussion is continued on #460