Merge pull request #23 from williamchong007/develop

Add user profile and civic liker oauth api
likecoin · Mar 14, 2019 · 450d8b0 · 450d8b0
2 parents 910ec7b + dd9ef04
commit 450d8b0
Show file tree

Hide file tree

Showing 25 changed files with 265 additions and 80 deletions.
diff --git a/config/config.js b/config/config.js
@@ -9,10 +9,12 @@ config.FIRESTORE_PAYOUT_ROOT = process.env.FIRESTORE_PAYOUT_ROOT;
 config.FIRESTORE_MISSION_ROOT = process.env.FIRESTORE_MISSION_ROOT;
 config.FIRESTORE_CONFIG_ROOT = process.env.FIRESTORE_CONFIG_ROOT;
 config.FIRESTORE_COUPON_ROOT = process.env.FIRESTORE_COUPON_ROOT;
+config.FIRESTORE_OAUTH_CLIENT_ROOT = process.env.FIRESTORE_OAUTH_CLIENT_ROOT;
 config.FIREBASE_STORAGE_BUCKET = process.env.FIREBASE_STORAGE_BUCKET;
 
 config.JWT_PUBLIC_CERT_PATH = '';
 config.JWT_PRIVATE_KEY_PATH = '';
+config.PROVIDER_JWT_COMMON_SECRET = '';
 
 config.INTERCOM_USER_HASH_SECRET = '';
 

diff --git a/src/api.js b/src/api.js
@@ -9,6 +9,7 @@ import { supportedLocales } from './locales';
 import errorHandler from './middleware/errorHandler';
 import getPublicInfo from './routes/getPublicInfo';
 import userChallenge from './routes/users/challenge';
+import userGetInfo from './routes/users/apiGetInfo';
 import missions from './routes/mission/missions';
 import missionClaim from './routes/mission/claim';
 import storeInvite from './routes/misc/storeInvite';
@@ -49,9 +50,11 @@ app.use((req, res, next) => {
 // });
 app.use('/api', getPublicInfo);
 app.use('/api/users', userChallenge);
+app.use('/api/users', userGetInfo);
 
 app.use(getPublicInfo);
 app.use('/users', userChallenge);
+app.use('/users', userGetInfo);
 app.use('/mission', missions);
 app.use('/mission', missionClaim);
 app.use('/misc', storeInvite);

diff --git a/src/middleware/jwt.js b/src/middleware/jwt.js
@@ -0,0 +1,118 @@
+import { setNoCacheHeader } from './noCache';
+import {
+  getProviderJWTSecret,
+  publicKey as verifySecret,
+  defaultAudience,
+  getToken,
+  issuer,
+} from '../util/jwt';
+import {
+  oAuthClientCollection as oAuthClientDbRef,
+} from '../util/firebase';
+
+const expressjwt = require('express-jwt');
+const jwt = require('jsonwebtoken');
+
+async function fetchProviderClientSecret(clientId) {
+  const spClient = await oAuthClientDbRef.doc(clientId).get();
+  if (!spClient.exists) throw new Error('INVALID_AZP');
+  const {
+    secret,
+  } = spClient.data();
+  return secret;
+}
+
+function checkPermissions(inputScopes, target) {
+  let scopes = inputScopes;
+  if (!scopes) return false;
+  if (!Array.isArray(scopes)) scopes = scopes.split(' ');
+  let targets = target.split(':');
+  if (targets.length > 1) {
+    const permission = targets[0];
+    const subScopes = targets[1].split('.');
+    let lastScope = `${permission}:${subScopes[0]}`;
+    const list = [permission, lastScope];
+    for (let i = 1; i < subScopes.length; i += 1) {
+      const currentScope = `${lastScope}.${subScopes[i]}`;
+      list.push(currentScope);
+      lastScope = currentScope;
+    }
+    targets = list;
+  }
+  if (scopes.find(scope => targets.includes(scope))) return true;
+  return false;
+}
+
+export const jwtAuth = (
+  permission = 'read',
+  secret = verifySecret,
+  { audience = defaultAudience } = {},
+) => async (req, res, next) => {
+  setNoCacheHeader(res);
+  try {
+    const token = getToken(req);
+    const decoded = jwt.decode(token);
+    if (decoded.azp) {
+      const clientSecret = await fetchProviderClientSecret(decoded.azp);
+      secret = getProviderJWTSecret(clientSecret); // eslint-disable-line no-param-reassign
+    }
+  } catch (err) {
+    // no op
+  }
+  expressjwt({
+    secret,
+    getToken,
+    audience,
+    issuer,
+  })(req, res, (e) => {
+    if (e instanceof expressjwt.UnauthorizedError) {
+      res.status(401).send('LOGIN_NEEDED');
+      return;
+    }
+    if (!req.user
+      || (permission && !req.user.permissions && !req.user.scope)
+      || ((permission && !checkPermissions(req.user.permissions, permission))
+        && (permission && !checkPermissions(req.user.scope, permission)))) {
+      res.status(401).send('INVALID_GRANT');
+      return;
+    }
+    next(e);
+  });
+};
+
+export const jwtOptionalAuth = (
+  permission = 'read',
+  secret = verifySecret,
+  { audience = defaultAudience } = {},
+) => async (req, res, next) => {
+  setNoCacheHeader(res);
+  try {
+    const token = getToken(req);
+    const decoded = jwt.decode(token);
+    if (decoded.azp) {
+      const clientSecret = await fetchProviderClientSecret(decoded.azp);
+      secret = getProviderJWTSecret(clientSecret); // eslint-disable-line no-param-reassign
+    }
+  } catch (err) {
+    // no op
+  }
+  expressjwt({
+    credentialsRequired: false,
+    secret,
+    getToken,
+    audience,
+    issuer,
+  })(req, res, (e) => {
+    if (e instanceof expressjwt.UnauthorizedError) {
+      next();
+      return;
+    }
+    if (!req.user
+      || (permission && !req.user.permissions && !req.user.scope)
+      || ((permission && !checkPermissions(req.user.permissions, permission))
+        && (permission && !checkPermissions(req.user.scope, permission)))) {
+      req.user = undefined;
+    }
+    next(e);
+  });
+};
diff --git a/src/middleware/noCache.js b/src/middleware/noCache.js
@@ -0,0 +1,11 @@
+export function setNoCacheHeader(res) {
+  res.setHeader('Surrogate-Control', 'no-store');
+  res.setHeader(
+    'Cache-Control',
+    'no-store, no-cache, must-revalidate, proxy-revalidate',
+  );
+  res.setHeader('Pragma', 'no-cache');
+  res.setHeader('Expires', '0');
+}
+
+export default setNoCacheHeader;
diff --git a/src/routes/civic/index.js b/src/routes/civic/index.js
@@ -2,7 +2,7 @@ import { Router } from 'express';
 import {
   PUBSUB_TOPIC_MISC,
 } from '../../constant';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import {
   getUserWithCivicLikerProperties,
 } from '../../util/api/users';
@@ -34,7 +34,7 @@ router.get('/quota', async (req, res, next) => {
   }
 });
 
-router.put('/queue', jwtAuth('write'), async (req, res, next) => {
+router.put('/queue', jwtAuth('write:civic_liker'), async (req, res, next) => {
   try {
     const userId = req.user.user;
     const {
@@ -84,7 +84,7 @@ router.put('/queue', jwtAuth('write'), async (req, res, next) => {
 });
 
 
-router.delete('/queue', jwtAuth('write'), async (req, res, next) => {
+router.delete('/queue', jwtAuth('write:civic_liker'), async (req, res, next) => {
   try {
     const userId = req.user.user;
     const {
@@ -182,7 +182,7 @@ router.get('/trial/events/:id', async (req, res, next) => {
   }
 });
 
-router.post('/trial/events/:eventId/join', jwtAuth('write'), async (req, res, next) => {
+router.post('/trial/events/:eventId/join', jwtAuth('write:civic_liker'), async (req, res, next) => {
   try {
     const { eventId } = req.params;
     const userId = req.user.user;

diff --git a/src/routes/coupon/index.js b/src/routes/coupon/index.js
@@ -14,7 +14,7 @@ import {
   userCollection as userRef,
   db,
 } from '../../util/firebase';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import { logClaimCouponTx } from '../../util/txLogger';
 import publisher from '../../util/gcloudPub';
 

diff --git a/src/routes/misc/storeInvite.js b/src/routes/misc/storeInvite.js
@@ -1,5 +1,5 @@
 import { Router } from 'express';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import publisher from '../../util/gcloudPub';
 import {
   userCollection as dbRef,

diff --git a/src/routes/mission/claim.js b/src/routes/mission/claim.js
@@ -1,6 +1,6 @@
 import { Router } from 'express';
 import { BigNumber } from 'bignumber.js';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import {
   ETH_NETWORK_NAME,
   PUBSUB_TOPIC_MISC,

diff --git a/src/routes/mission/getInfo.js b/src/routes/mission/getInfo.js
@@ -9,7 +9,7 @@ import {
 } from '../../util/ValidationHelper';
 import { ValidationError } from '../../util/ValidationError';
 import publisher from '../../util/gcloudPub';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import {
   userCollection as dbRef,
   missionCollection as missionsRef,

diff --git a/src/routes/payment/index.js b/src/routes/payment/index.js
@@ -12,7 +12,7 @@ import {
 } from '../../util/ValidationHelper';
 import { logTransferDelegatedTx, logETHTx } from '../../util/txLogger';
 import { web3, LikeCoin, sendTransactionWithLoop } from '../../util/web3';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import publisher from '../../util/gcloudPub';
 import {
   userCollection as dbRef,

diff --git a/src/routes/referral/index.js b/src/routes/referral/index.js
@@ -8,7 +8,7 @@ import {
   filterMissionData,
   filterPayoutData,
 } from '../../util/ValidationHelper';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 
 function getIfReferralMissionDone(m, { u }) {
   const { id } = m;

diff --git a/src/routes/social/facebook.js b/src/routes/social/facebook.js
@@ -1,7 +1,7 @@
 import { Router } from 'express';
 import { PUBSUB_TOPIC_MISC } from '../../constant';
 import publisher from '../../util/gcloudPub';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import { checkPlatformAlreadyLinked, socialLinkFacebook } from '../../util/api/social';
 import { ValidationError } from '../../util/ValidationError';
 import { userCollection as dbRef } from '../../util/firebase';

diff --git a/src/routes/social/flickr.js b/src/routes/social/flickr.js
@@ -3,7 +3,7 @@ import { checkPlatformAlreadyLinked } from '../../util/api/social';
 import { fetchFlickrOAuthInfo, fetchFlickrUser } from '../../util/oauth/flickr';
 import { PUBSUB_TOPIC_MISC } from '../../constant';
 import publisher from '../../util/gcloudPub';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import { ValidationError } from '../../util/ValidationError';
 import {
   userCollection as dbRef,

diff --git a/src/routes/social/link.js b/src/routes/social/link.js
@@ -1,5 +1,5 @@
 import { Router } from 'express';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import { ValidationError } from '../../util/ValidationError';
 import { LINK_ICON_TYPES } from '../../constant';
 import { isValidSocialLink } from '../../util/api/social';

diff --git a/src/routes/social/medium.js b/src/routes/social/medium.js
@@ -3,7 +3,7 @@ import { checkPlatformAlreadyLinked } from '../../util/api/social';
 import { fetchMediumOAuthInfo, fetchMediumUser } from '../../util/oauth/medium';
 import { PUBSUB_TOPIC_MISC } from '../../constant';
 import publisher from '../../util/gcloudPub';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import { ValidationError } from '../../util/ValidationError';
 import {
   userCollection as dbRef,

diff --git a/src/routes/social/setInfo.js b/src/routes/social/setInfo.js
@@ -10,7 +10,7 @@ import {
 } from '../../util/firebase';
 import { getLinkOrderMap } from '../../util/api/social';
 import { tryToUnlinkOAuthLogin } from '../../util/api/users';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import { ValidationError } from '../../util/ValidationError';
 import {
   filterSocialPlatformPersonal,

diff --git a/src/routes/social/twitter.js b/src/routes/social/twitter.js
@@ -2,7 +2,7 @@ import { Router } from 'express';
 import { fetchTwitterOAuthInfo } from '../../util/oauth/twitter';
 import { PUBSUB_TOPIC_MISC } from '../../constant';
 import publisher from '../../util/gcloudPub';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import { checkPlatformAlreadyLinked, socialLinkTwitter } from '../../util/api/social';
 import { ValidationError } from '../../util/ValidationError';
 import {

diff --git a/src/routes/tx/index.js b/src/routes/tx/index.js
@@ -6,7 +6,7 @@ import {
   userCollection as dbRef,
   txCollection as txLogRef,
 } from '../../util/firebase';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import { ValidationError } from '../../util/ValidationError';
 import {
   filterTxData,

diff --git a/src/routes/users/apiGetInfo.js b/src/routes/users/apiGetInfo.js
@@ -0,0 +1,26 @@
+import { Router } from 'express';
+import { jwtAuth } from '../../middleware/jwt';
+import {
+  filterUserDataScoped,
+} from '../../util/ValidationHelper';
+import {
+  getUserWithCivicLikerProperties,
+} from '../../util/api/users/getPublicInfo';
+
+const router = Router();
+
+router.get('/profile', jwtAuth('profile'), async (req, res, next) => {
+  try {
+    const username = req.user.user;
+    const payload = await getUserWithCivicLikerProperties(username);
+    if (payload) {
+      res.json(filterUserDataScoped(payload, req.user.scope));
+    } else {
+      res.sendStatus(404);
+    }
+  } catch (err) {
+    next(err);
+  }
+});
+
+export default router;
diff --git a/src/routes/users/getInfo.js b/src/routes/users/getInfo.js
@@ -3,7 +3,7 @@ import { Router } from 'express';
 import {
   userCollection as dbRef,
 } from '../../util/firebase';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import {
   filterUserData,
 } from '../../util/ValidationHelper';

diff --git a/src/routes/users/registerLogin.js b/src/routes/users/registerLogin.js
@@ -31,7 +31,7 @@ import {
   checkUserNameValid,
 } from '../../util/ValidationHelper';
 import { handleAvatarUploadAndGetURL } from '../../util/fileupload';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import publisher from '../../util/gcloudPub';
 import { getFirebaseUserProviderUserInfo } from '../../util/FirebaseApp';
 import {

diff --git a/src/routes/users/setInfo.js b/src/routes/users/setInfo.js
@@ -1,5 +1,5 @@
 import { Router } from 'express';
-import { jwtAuth } from '../../util/jwt';
+import { jwtAuth } from '../../middleware/jwt';
 import {
   userCollection as dbRef,
 } from '../../util/firebase';