ggoodman/jwt-authz.js

## jwt-authz.js
'use strict';

const Assert = require('assert');

Assert.ok(module.webtask.secrets['jwt-scope'], 'The jwt-scope secret is required for the jwt-authz');

module.exports = () => {
  const requiredScopes = module.webtask.secrets['jwt-scope'].split(/\s+/);

  return function middleware(req, res, next) {
    if (!req.user) {
      const error = new Error('Unauthenticated request');
      error.statusCode = 403;
      return next(error);
    }
    const authenticatedScopes = (req.user.scope || '').split(/\s+/);
    const hasScope = requiredScope => authenticatedScopes.indexOf(requiredScope) !== -1;

    if (!authenticatedScopes.every(hasScope)) {
      const error = new Error(`Unauthorized: Missing required scopes '${requiredScopes.join(' ')}'`);
      error.statusCode = 401;
      return next(error);
    }

    return next();
  };
};

## jwt-middleware.js
'use strict';

const Assert = require('assert');
const ExpressJwt = require('express-jwt');
const JwksRsa = require('jwks-rsa');

Assert.ok(module.webtask.secrets['jwt-audience'], 'The jwt-audience secret is required for the jwt-middleware');
Assert.ok(module.webtask.secrets['jwt-issuer'], 'The jwt-issuer secret is required for the jwt-middleware');

module.exports = () => {
  const jwtAudience = module.webtask.secrets['jwt-audience'];
  const jwtIssuer = module.webtask.secrets['jwt-issuer'];

  const loadRsaKey = JwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `${jwtIssuer}.well-known/jwks.json`,
  });

  const middleware = ExpressJwt({
    algorithms: ['RS256'],
    audience: jwtAudience,
    issuer: jwtIssuer,
    secret: loadRsaKey,
  });

  return middleware;
};
	'use strict';

	const Assert = require('assert');

	Assert.ok(module.webtask.secrets['jwt-scope'], 'The jwt-scope secret is required for the jwt-authz');

	module.exports = () => {
	const requiredScopes = module.webtask.secrets['jwt-scope'].split(/\s+/);

	return function middleware(req, res, next) {
	if (!req.user) {
	const error = new Error('Unauthenticated request');
	error.statusCode = 403;
	return next(error);
	}
	const authenticatedScopes = (req.user.scope \|\| '').split(/\s+/);
	const hasScope = requiredScope => authenticatedScopes.indexOf(requiredScope) !== -1;

	if (!authenticatedScopes.every(hasScope)) {
	const error = new Error(`Unauthorized: Missing required scopes '${requiredScopes.join(' ')}'`);
	error.statusCode = 401;
	return next(error);
	}

	return next();
	};
	};
	'use strict';

	const Assert = require('assert');
	const ExpressJwt = require('express-jwt');
	const JwksRsa = require('jwks-rsa');

	Assert.ok(module.webtask.secrets['jwt-audience'], 'The jwt-audience secret is required for the jwt-middleware');
	Assert.ok(module.webtask.secrets['jwt-issuer'], 'The jwt-issuer secret is required for the jwt-middleware');

	module.exports = () => {
	const jwtAudience = module.webtask.secrets['jwt-audience'];
	const jwtIssuer = module.webtask.secrets['jwt-issuer'];

	const loadRsaKey = JwksRsa.expressJwtSecret({
	cache: true,
	rateLimit: true,
	jwksRequestsPerMinute: 5,
	jwksUri: `${jwtIssuer}.well-known/jwks.json`,
	});

	const middleware = ExpressJwt({
	algorithms: ['RS256'],
	audience: jwtAudience,
	issuer: jwtIssuer,
	secret: loadRsaKey,
	});

	return middleware;
	};