Created
November 16, 2018 20:36
-
-
Save sfncook/a6000614b1649c0df52cba4b21003a0c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const express = require('express'); | |
const app = express(); | |
const jwt = require('express-jwt'); | |
const path = require('path'); | |
const jwtAuthz = require('express-jwt-authz'); | |
const jwksRsa = require('jwks-rsa'); | |
const cors = require('cors'); | |
require('dotenv').config(); | |
const bodyParser = require('body-parser'); | |
const AuthenticationClient = require('auth0').AuthenticationClient; | |
const ManagementClient = require('auth0').ManagementClient; | |
const auth0 = new AuthenticationClient({ | |
domain: `${process.env.AUTH0_DOMAIN}`, | |
clientId: `${process.env.AUTH0_CLIENTID}` | |
}); | |
const PORT = process.env.PORT || 3010; | |
if (!process.env.AUTH0_DOMAIN || !process.env.AUTH0_AUDIENCE) { | |
throw 'Make sure you have AUTH0_DOMAIN, and AUTH0_AUDIENCE in your .env file'; | |
} | |
const corsOptions = { | |
origin: 'http://localhost:3000' | |
}; | |
app.use(cors(corsOptions)); | |
let apiAccessToken = ''; | |
const request = require("request"); | |
const options = { method: 'POST', | |
url: `https://${process.env.AUTH0_DOMAIN}/oauth/token`, | |
headers: { 'content-type': 'application/json' }, | |
body: | |
{ grant_type: 'client_credentials', | |
client_id: `${process.env.AUTH0_API_CLIENTID}`, | |
client_secret: `${process.env.AUTH0_API_CLIENTSECRET}`, | |
audience: `https://${process.env.AUTH0_DOMAIN}/api/v2/`, | |
scope: 'read:users_app_metadata', | |
}, | |
json: true }; | |
request(options, function (error, response, body) { | |
if (error) throw new Error(error); | |
apiAccessToken = body.access_token; | |
console.log(apiAccessToken); | |
}); | |
app.use(bodyParser.urlencoded({ extended: false })); | |
const checkJwt = jwt({ | |
// Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint. | |
secret: jwksRsa.expressJwtSecret({ | |
cache: true, | |
rateLimit: true, | |
jwksRequestsPerMinute: 5, | |
jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json` | |
}), | |
// Validate the audience and the issuer. | |
audience: process.env.AUTH0_AUDIENCE, | |
issuer: `https://${process.env.AUTH0_DOMAIN}/`, | |
algorithms: ['RS256'] | |
}); | |
const checkScopes = jwtAuthz(['read:messages']); | |
// Serve static files from the React app | |
app.use(express.static(path.join(__dirname, '../client/build'))); | |
app.get('/api/public', function(req, res) { | |
res.json({ | |
message: 'Hello from a public endpoint! You don\'t need to be authenticated to see this.' | |
}); | |
}); | |
app.get('/api/private', checkJwt, function(req, res) { | |
// console.dir(req.query); | |
const access_token = req.query.access_token; | |
auth0.users.getInfo(access_token, (err,user)=>{ | |
const management = new ManagementClient({ | |
domain: `${process.env.AUTH0_DOMAIN}`, | |
token: apiAccessToken, | |
clientId: `${process.env.AUTH0_API_CLIENTID}`, | |
scope: 'read:users_app_metadata' | |
}); | |
management.getUser({ id: user.sub }, function (err, user) { | |
console.log('mgmt0.getUser user roles:', user.app_metadata.roles); | |
}); | |
}); | |
res.json({ | |
message: 'Hello from a private endpoint! You need to be authenticated to see this.' | |
}); | |
}); | |
app.get('/api/private-scoped', checkJwt, checkScopes, function(req, res) { | |
res.json({ | |
message: 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.' | |
}); | |
}); | |
// *** Mongo | |
// const loadMongo = require('./loadMongo'); | |
app.use(function(err, req, res, next){ | |
console.error(err.stack); | |
return res.status(err.status).json({ message: err.message }); | |
}); | |
// The "catchall" handler: for any request that doesn't | |
// match one above, send back React's index.html file. | |
app.get('*', (req, res) => { | |
res.sendFile(path.join(__dirname+'/../client/build/index.html')); | |
}); | |
app.listen(PORT); | |
// console.log('Listening on http://localhost:'+PORT); | |
console.log('Listening on port:'+PORT); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment