-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
57 lines (51 loc) · 1.58 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
var Koa = require('koa');
var jwt = require('koa-jwt');
const { koaJwtSecret } = require('jwks-rsa');
const JWKS_URI = process.env.JWKS_URI || 'https://login.microsoftonline.com/common/discovery/keys';
const AUDIENCE = process.env.AUDIENCE || 'api://clientid';
const ISSUER = process.env.ISSUER || 'https://sts.windows.net/tenantid';
var app = new Koa();
// Custom 401 handling if you don't want to expose koa-jwt errors to users
app.use(function (ctx, next) {
return next().catch((err) => {
if (401 == err.status) {
ctx.status = 401;
ctx.body = 'Protected resource, use Authorization header to get access\n';
} else {
throw err;
}
});
});
// Middleware below this line is only reached if JWT token is valid
app.use(jwt({
secret: koaJwtSecret({
jwksUri: JWKS_URI,
cache: true,
cacheMaxEntries: 5,
cacheMaxAge: 3600
}),
getToken: function fromHeaderOrQuerystring(ctx) {
if (
ctx.headers.authorization &&
ctx.headers.authorization.split(" ")[0] &&
ctx.headers.authorization.split(" ")[0].toLowerCase() === "jwt"
) {
return ctx.headers.authorization.split(" ")[1];
} else if (ctx.headers.jwt) {
return ctx.headers.jwt;
} else if (ctx.query && ctx.query.jwt) {
console.log('JWT from query params: ', ctx.query.jwt);
return ctx.query.jwt;
}
return null;
},
audience: AUDIENCE,
issuer: ISSUER
}));
// Protected middleware
app.use(function (ctx) {
console.log('Request: ', ctx.request);
ctx.response.status = 200;
});
app.listen(3000);
console.log('=====> JWT Verify Ready <=====');