@usemirrorworld/server.utils
v1.3.1
Published
Mirror World Server Utilities
Downloads
1
Readme
Approval Middleware
This middleware is used to authorize actions executed by users. This prevents external entities from performing actions on behalf of users. The way it works is that the user approves an action, which creates a token that is valid for 60 seconds on the Mirror World SSO.
This token should then be used to authenticate the user's action on the target service.
Installation
yarn add @mirrorworld/approval.middleware
Usage
import myRedisClient from "../path/to/redis"
import { ActionApprovalClient } from "@mirrorworld/approval.middleware"
const secret = process.env.MY_JWT_SECRET
const algorithm = process.env.MY_JWT_ALGORITHM
// 1. Create Action approval client
const approvalClient = new ActionApprovalClient({
redisClient: myRedisClient,
jwt: {
secret: secret,
algorithm: algorithm
}
})
// 2. Create middleware instance
const approvalMiddleware = approvalClient.createValidateActionMiddleware("x-authorization-token")
// 3. Add middleware to request
router.post("/v1/transfer", approvalMiddleware, async (req, res, next) => {
// Execute authorized action transfer
})