authorisation-middleware v1.0.0
@lendi/authorisation-middleware
An authorisation helper that checks if user is authorised to access or associated with certain resource.
Prerequisites
You need to have a Dynamodb with the two columns you want to query to authorise the user (i.e. customerId & applicationId)
You may also need a worker that listens to the appropriate kafka topic and populates that table
Usage
The package takes in two parameters:
Config
That object should contain your table name and if you're testing locally you need to set the endpoint otherwise you don't need to give it a value
import { Config } from '@lendi/authorisation-middleware';
const config: Config = {
aws: {
endpoint: 'http://localhost:8000',
},
table: {
name: 'My-table',
key: 'My-GSI-index'
},
};
Note that if you're querying on the main hash and range keys then you don't need to set a table.key
Data
That object should contain the column names and the values that you're looking for
import { Data } from '@lendi/authorisation-middleware';
const data: Data = {
col1: {
key: 'customerId',
val: '123',
},
col2: {
key: 'applicationId',
val: '321',
},
};
To find the combination in the table you need to call isAuthorised which returns a boolean
import { isAuthorised } from '@lendi/authorisation-middleware';
isAuthorised(config, data) ? console.log('user is authorised') | console.log('user is not authorised)
Where's the best place to use this?
It's best to use this middleware on the routing level to keep the code separate and clean
// My middleware
import { ApplicationContext, ApplicationState } from '../types';
import { Middleware, ParameterizedContext } from 'koa';
import { HttpForbidden } from '@lendi/core-errors';
import { config } from '../config';
import { isAuthorised, Data as authData, Config as authConfig } from '@lendi/authorisation-middleware';
export const authCustomerApplication: Middleware<ApplicationState, ApplicationContext> = async (
ctx: ParameterizedContext<ApplicationState, ApplicationContext>,
next
) => {
const userId: IdType = ctx.state.userId;
const applicationId: IdType = ctx.params.applicationId;
// Setting up auth configuration
const config: Config = {
table: {
name: config().table,
}
};
const data: Data = {
col1: {
key: 'customerId',
val: '123',
},
col2: {
key: 'applicationId',
val: '321',
},
};
// Check if user owns application
const hasAccessToApplication: boolean = await isAuthorised(config, data);
if (!hasAccessToApplication) {
// User doesn't own the application, throw error
throw new HttpForbidden('User is not authorised to access this application');
}
await next();
};
// My Routes
import { authCustomerApplication } from '../../middleware;
import { ApplicationContext, ApplicationState } from '../../middleware/types';
import Router from 'koa-router-middleware';
export default new Router<ApplicationState, ApplicationContext>()
.post('/assets', authCustomerApplication, assetMiddleware.postAsset)
.put('/assets/:id', authCustomerApplication, assetMiddleware.putAsset)
.get('/assets/:id', authCustomerApplication, assetMiddleware.getAsset)
.get('/assets', authCustomerApplication, assetMiddleware.getAssets)
.delete('/assets/:id', authCustomerApplication, assetMiddleware.deleteAsset)
.middleware();
4 years ago