Skip to content
Permalink
Browse files

Add support for Bearer tokens

  • Loading branch information
jongio committed Feb 4, 2020
1 parent 6d444ef commit 273e3b11e53c6eddd7f2c1e4ace8f68120e15213
Showing with 71 additions and 1 deletion.
  1. +3 −1 src/blob/BlobRequestListenerFactory.ts
  2. +68 −0 src/blob/authentication/BlobTokenAuthenticator.ts
@@ -29,6 +29,7 @@ import StrictModelMiddlewareFactory, {
} from "./middlewares/StrictModelMiddlewareFactory";
import IBlobMetadataStore from "./persistence/IBlobMetadataStore";
import { DEFAULT_CONTEXT_PATH } from "./utils/constants";
import BlobTokenAuthenticator from "./authentication/BlobTokenAuthenticator";

/**
* Default RequestListenerFactory based on express framework.
@@ -145,7 +146,8 @@ export default class BlobRequestListenerFactory
this.accountDataStore,
this.metadataStore,
logger
)
),
new BlobTokenAuthenticator(this.accountDataStore, logger)
])
);

@@ -0,0 +1,68 @@
import IAccountDataStore from "../../common/IAccountDataStore";
import ILogger from "../../common/ILogger";
import BlobStorageContext from "../context/BlobStorageContext";
import StorageErrorFactory from "../errors/StorageErrorFactory";
import Context from "../generated/Context";
import IRequest from "../generated/IRequest";
import { HeaderConstants } from "../utils/constants";
import IAuthenticator from "./IAuthenticator";

export default class BlobTokenAuthenticator implements IAuthenticator {
public constructor(
private readonly dataStore: IAccountDataStore,
private readonly logger: ILogger
) {}

public async validate(
req: IRequest,
context: Context
): Promise<boolean | undefined> {
const blobContext = new BlobStorageContext(context);
const account = blobContext.account!;

this.logger.info(
`BlobTokenAuthenticator:validate() Start validation against token authentication.`,
blobContext.contextId
);

// TODO: Make following async
const accountProperties = this.dataStore.getAccount(account);
if (accountProperties === undefined) {
this.logger.error(
`BlobTokenAuthenticator:validate() Invalid storage account ${account}.`,
blobContext.contextId
);
throw StorageErrorFactory.getInvalidOperation(
blobContext.contextId!,
"Invalid storage account."
);
}

const authHeaderValue = req.getHeader(HeaderConstants.AUTHORIZATION);
if (authHeaderValue === undefined) {
this.logger.info(
// tslint:disable-next-line:max-line-length
`BlobTokenAuthenticator:validate() Request doesn't include valid authentication header. Skip token authentication.`,
blobContext.contextId
);
return undefined;
} else {
const hasBearerToken = authHeaderValue.startsWith("Bearer");

if (hasBearerToken) {
this.logger.info(
// tslint:disable-next-line:max-line-length
`BlobTokenAuthenticator:validate() Request includes Bearer token.`,
blobContext.contextId
);
} else {
this.logger.info(
// tslint:disable-next-line:max-line-length
`BlobTokenAuthenticator:validate() Request does not include Bearer token. Skip token authentication.`,
blobContext.contextId
);
}
return hasBearerToken;
}
}
}

0 comments on commit 273e3b1

Please sign in to comment.
You can’t perform that action at this time.