Skip to content

Instantly share code, notes, and snippets.

@sfncook
Created November 16, 2018 20:36
Show Gist options
  • Save sfncook/a6000614b1649c0df52cba4b21003a0c to your computer and use it in GitHub Desktop.
Save sfncook/a6000614b1649c0df52cba4b21003a0c to your computer and use it in GitHub Desktop.
const express = require('express');
const app = express();
const jwt = require('express-jwt');
const path = require('path');
const jwtAuthz = require('express-jwt-authz');
const jwksRsa = require('jwks-rsa');
const cors = require('cors');
require('dotenv').config();
const bodyParser = require('body-parser');
const AuthenticationClient = require('auth0').AuthenticationClient;
const ManagementClient = require('auth0').ManagementClient;
const auth0 = new AuthenticationClient({
domain: `${process.env.AUTH0_DOMAIN}`,
clientId: `${process.env.AUTH0_CLIENTID}`
});
const PORT = process.env.PORT || 3010;
if (!process.env.AUTH0_DOMAIN || !process.env.AUTH0_AUDIENCE) {
throw 'Make sure you have AUTH0_DOMAIN, and AUTH0_AUDIENCE in your .env file';
}
const corsOptions = {
origin: 'http://localhost:3000'
};
app.use(cors(corsOptions));
let apiAccessToken = '';
const request = require("request");
const options = { method: 'POST',
url: `https://${process.env.AUTH0_DOMAIN}/oauth/token`,
headers: { 'content-type': 'application/json' },
body:
{ grant_type: 'client_credentials',
client_id: `${process.env.AUTH0_API_CLIENTID}`,
client_secret: `${process.env.AUTH0_API_CLIENTSECRET}`,
audience: `https://${process.env.AUTH0_DOMAIN}/api/v2/`,
scope: 'read:users_app_metadata',
},
json: true };
request(options, function (error, response, body) {
if (error) throw new Error(error);
apiAccessToken = body.access_token;
console.log(apiAccessToken);
});
app.use(bodyParser.urlencoded({ extended: false }));
const checkJwt = jwt({
// Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint.
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`
}),
// Validate the audience and the issuer.
audience: process.env.AUTH0_AUDIENCE,
issuer: `https://${process.env.AUTH0_DOMAIN}/`,
algorithms: ['RS256']
});
const checkScopes = jwtAuthz(['read:messages']);
// Serve static files from the React app
app.use(express.static(path.join(__dirname, '../client/build')));
app.get('/api/public', function(req, res) {
res.json({
message: 'Hello from a public endpoint! You don\'t need to be authenticated to see this.'
});
});
app.get('/api/private', checkJwt, function(req, res) {
// console.dir(req.query);
const access_token = req.query.access_token;
auth0.users.getInfo(access_token, (err,user)=>{
const management = new ManagementClient({
domain: `${process.env.AUTH0_DOMAIN}`,
token: apiAccessToken,
clientId: `${process.env.AUTH0_API_CLIENTID}`,
scope: 'read:users_app_metadata'
});
management.getUser({ id: user.sub }, function (err, user) {
console.log('mgmt0.getUser user roles:', user.app_metadata.roles);
});
});
res.json({
message: 'Hello from a private endpoint! You need to be authenticated to see this.'
});
});
app.get('/api/private-scoped', checkJwt, checkScopes, function(req, res) {
res.json({
message: 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.'
});
});
// *** Mongo
// const loadMongo = require('./loadMongo');
app.use(function(err, req, res, next){
console.error(err.stack);
return res.status(err.status).json({ message: err.message });
});
// The "catchall" handler: for any request that doesn't
// match one above, send back React's index.html file.
app.get('*', (req, res) => {
res.sendFile(path.join(__dirname+'/../client/build/index.html'));
});
app.listen(PORT);
// console.log('Listening on http://localhost:'+PORT);
console.log('Listening on port:'+PORT);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment