Guidesmiths middleware authorization provider

This repo contains the middleware which verifies the authorization on login used in all Guidesmiths internal projects.

It uses an AWS lambda that checks the user identity via google oauth. The repository of the lambda can be found there lambda repo

How to use

The middleware is deployed as npm package at npm package

To integrate this middleware using systemic, follow the next steps in your express app repo:

npm i @gs-auth/middleware-auth

1 Create components/auth/index.js file with the following code:

const System = require('systemic');
const initAuth = require('@gs-auth/middleware-auth');

module.exports = new System({ name: 'auth' }).add('auth', initAuth()).dependsOn('config');

2 Save the lambda url on the config/default.js file.

module.exports = { auth: { url: process.env.LAMBDA_AUTH_URL } };

lambda urls:

Can be found on the repository wiki.

3 Use it as a regular middleware at express in your routes folder as for instance on components/routes/api-routes.js like in this example:

module.exports = () => {
  const start = ({ app, controller, auth }) => {
    app.use(bodyParser.json());
    app.get('/api/v1/restaurants', auth.authenticate, async (req, res, next) => {
      try {
        const data = await controller.getAllRestaurants();
        res.json(data);
      } catch (error) {
        next(error);
      }
    });
    return Promise.resolve();
  };
  return { start };
};

3.1 In this step, the information of the user, including the appOrigin field will be stored at res.locals.userData

Maintenance

The Gitlab CI is configured to deploy on npm the package in each push to master, updating the patch version.

On the project’s Settings > CI/CD and expanding the Variables section you can find the Environment Variable called NPM_TOKEN that defines the NPM account where the package is uploaded.