/** * Sets up a Koa app instance. * @param {Object} app A Koa app instance as created by `new Koa()` * @return {Object} A node `http` server instance */ function bootstrap(app, options) { var config = defaults({}, options, DEFAULT_CONFIGURATION); var log = logger.get(options); log.info('Starting and configuring Koa server'); // Setup global error handler and logger app.use(error(config.error)); app.on('error', (error) => { log.error('Unexpected exception ', error); }); // Configure and setup middlewares app.use(bodyParser()); app.use(morgan(config.morgan.format, config.morgan.options)); app.use(responseTime()); app.use(helmet(config.helmet)); app.use(compress({ flush: zlib.Z_SYNC_FLUSH })); app.use(conditional()); app.use(etag()); app.use(adapt(cacheControl(config.cacheControl))); app.use(cors(config.cors)); app.use(favicon(config.favicon)); app.use(jwt(config.jwt.options).unless(config.jwt.unless)); app.use(json()); return app; }
module.exports = function (app) { // middleware configuration if (config.app.env !== 'production') { onerror(app); } if (config.app.env !== 'test') { app.use(logger()); } if (config.staticServe.isNeeded) { var serve = require('koa-static'); app.use(serve(config.staticServe.root)); } else { var cors = require('kcors'); app.use(cors()); } app.use(bodyParser()); app.use(jwt({ secret: config.app.secret }).unless({ path: [/^\/api\/auth/]})); // mount all the routes defined in resources var api = new Router({prefix: '/api'}); fs.readdirSync('./resources').forEach(function (file) { require('../resources/' + file).init(api); }); app .use(api.routes()) .use(api.allowedMethods()); };
const authMiddleware = app => { app.use(async (ctx, next) => { ctx.state.clientAuthMethod = determineAuthMethod(ctx); await next(); }); // Basic auth // NOTE: enable once proper sign in has been implemented // app.use(async (ctx, next) => { // if (ctx.state.clientAuthMethod === 'basic') { // await basicAuth({ // name: 'user', // pass: config.passwords.user, // })(ctx, next); // } else { // await next(); // } // }); // JWT auth app.use( jwt({ secret: config.JWT_SECRET, key: 'auth', // Optionally get jwt from cookie, eg. for download links // cookie: 'server-template' }).unless({ paths: skipAuthPaths, custom() { return determineAuthMethod(this) !== 'jwt'; }, }) ); // Determine user role // NOTE: The example supports two hardcoded users ('admin' and 'user') // and their username as used also as role name app.use(async (ctx, next) => { const rolesByAuth = { basic: 'user', // TODO or ctx.state.auth.role? jwt: ctx.state.auth ? ctx.state.auth.sub : null, }; ctx.state.role = rolesByAuth[ctx.state.clientAuthMethod]; await next(); }); // Log minimal user details app.use(async (ctx, next) => { mergeToLogCtx({ user: { role: ctx.state.role, }, }); await next(); }); };
function authToken() { return compose([ function *(next) { if (this.query && this.query.hasOwnproperty('access_token')) { this.headers.authorization = 'Bearer ' + this.query.access_token; } yield next; }, jwt({secret: config.session.secrets, passthrough: true}) ]) }
module.exports = function (app) { // middleware configuration if (config.app.env !== 'test') { app.use(logger()); } if (config.app.env === 'development') { app.use(require('koa-livereload')({excludes: ['/modules']})); } app.use(cors({ maxAge: config.app.cacheTime / 1000, credentials: true, methods: 'GET, HEAD, OPTIONS, PUT, POST, DELETE', headers: 'Origin, X-Requested-With, Content-Type, Accept, Authorization' })); app.use(bodyParser()); // register special controllers which should come before any jwt token check and be publicly accessible require('../controllers/public').init(app); require('../controllers/login').init(app); // serve the static files in the /client directory, use caching only in production (7 days) var sendOpts = config.app.env === 'production' ? {root: 'client', maxage: config.app.cacheTime} : {root: 'client'}; app.use(function *(next) { // do not handle /api paths if (this.path.substr(0, 5).toLowerCase() === '/api/') { yield next; return; } else if (yield send(this, this.path, sendOpts)) { // file exists and request successfully served so do nothing return; } else if (this.path.indexOf('.') !== -1) { // file does not exist so do nothing and koa will return 404 by default // we treat any path with a dot '.' in it as a request for a file return; } else { // request is for a subdirectory so treat it as an angular route and serve index.html, letting angular handle the routing properly yield send(this, '/index.html', sendOpts); } }); // middleware below this line is only reached if jwt token is valid app.use(jwt({secret: config.app.secret})); // mount all the routes defined in the api controllers fs.readdirSync('./server/controllers').forEach(function (file) { require('../controllers/' + file).init(app); }); };
function register(app, config) { const router = new Router(); // Register each of the api endpoints const endpoints = [user, admin]; for (const endpoint of endpoints) { const { routes, urlBase } = endpoint; const apiRouter = new Router({ prefix: `/api${urlBase}` }); for (const x of routes) { const { method, route, handlers } = x; const lastHandler = handlers.pop(); // Secure the api, unless flag set in user.config OR endpoint/route has disabled auth if (config.secureApi) { if (!endpoint.disableAuth && !x.disableAuth) { handlers.unshift(jwt({ secret: config.secrets.session })); } } else { displayInsecureBanner(config.env); } // Register route with koa-router apiRouter[method.toLowerCase()](route, ...handlers, async (ctx) => await lastHandler(ctx)); } app.use(apiRouter.routes()).use(apiRouter.allowedMethods()); } // Register the api endpoint, and the unknown api endpoint router.all('/api/', ctx => (ctx.body = { message: 'You\'ve reached the API' })); // Register route for all invalid api endpoints router.all('/api/*', ctx => { ctx.status = 404; ctx.body = { message: 'Invalid API Route' }; }); // Register the static routes const indexPath = join(config.paths.root, 'client', 'index.html'); router.get('/*', async (ctx, next) => { ctx.type = 'text/html'; ctx.body = createReadStream(indexPath); await next(); }); app.use(router.routes()).use(router.allowedMethods()); }
app.init = co(function *(overwriteDB) { // initialize mongodb and populate the database with seed data if empty yield mongo.connect(); yield mongoSeed(overwriteDB); // register special controllers which should come before any jwt token check and be publicly accessible require('./controllers/public').init(app); require('./controllers/login').init(app); // serve the static files in the /client directory, use caching only in production (7 days) var sendOpts = config.app.env === 'production' ? {root: dist, maxage: config.app.cacheTime} : {root: dist}; var send = require('koa-file-server')(sendOpts).send; app.use(function *(next) { // do not handle /api paths if (this.path.substr(0, 5).toLowerCase() === '/api/') { yield next; return; } else if (yield send(this, this.path)) { // file exists and request successfully served so do nothing return; } else if (this.path.indexOf('.') !== -1) { // file does not exist so do nothing and koa will return 404 by default // we treat any path with a dot '.' in it as a request for a file return; } else { yield send(this, 'index.html'); } }); // middleware below this line is only reached if jwt token is valid app.use(jwt({secret: config.app.secret})); // mount all the routes defined in the api controllers fs.readdirSync('./server/controllers').forEach(function (file) { require('./controllers/' + file).init(app); }); app.listen(config.app.port); console.log('Listening on port: ' + config.app.port); console.log('Running app in environment: ' + config.app.env); });
module.exports = function (app) { // middleware configuration if (config.app.env !== 'test') { app.use(logger()); } if (config.app.env === 'development') { app.use(require('./koa-livereload')({excludes: ['/partials']})); } app.use(passport.initialize()); app.use(passport.session()); // mount passport oauth routes passport.routes(app); // register publicly accessible api endpoint. this is useful for special cases like login, user profile images, etc. require('../controllers/public').init(app); // serve the angular static files from the /client directory, use caching (7 days) only in production // if the file is not found and requested path is not /api, serve index.html page and let angular handle routing var sendOpts = config.app.env === 'production' ? {root: 'client', maxage: 1000 * 60 * 60 * 24 * 7} : {root: 'client'}; app.use(function *(next) { if (this.path.substr(0, 5).toLowerCase() === '/api/') { yield next; } else { if (yield send(this, this.path, sendOpts)) { return; } yield send(this, '/index.html', sendOpts); } }); // middleware below this line is only reached if jwt token is valid app.use(jwt({secret: config.app.secret})); // mount all the routes defined in the api controllers fs.readdirSync('./server/controllers').forEach(function (file) { require('../controllers/' + file).init(app); }); };
module.exports = function (app) { // middleware configuration if (config.app.env !== 'test') { app.use(logger()); } if (config.app.env === 'development') { app.use(livereload({excludes: ['/modules']})); } // register special controllers which should come before any jwt token check and be publicly accessible require('../controllers/public').init(app); require('../controllers/signin').init(app); // serve the angular static files from the /client directory var sendOpts = {root: 'client', maxage: config.app.cacheTime}; app.use(function *(next) { // skip any route that starts with /api as it doesn't have any static files if (this.path.substr(0, 5).toLowerCase() === '/api/') { yield next; return; } // if the requested path matched a file and it is served successfully, exit the middleware if (yield send(this, this.path, sendOpts)) { return; } // if given path didn't match any file, just let angular handle the routing yield send(this, '/index.html', sendOpts); }); // middleware below this line is only reached if jwt token is valid app.use(jwt({secret: config.app.secret})); // mount all the routes defined in the api controllers fs.readdirSync('./server/controllers').forEach(function (file) { require('../controllers/' + file).init(app); }); };
'use strict'; var config = require('config-layered')(); var koa = require('koa'); var jwt = require('koa-jwt'); var session = require('koa-session'); var seneca = require('seneca')(); seneca.use('seneca-bluebird'); // start the microservices in-process var authHandler = require('alt-auth-seneca')(config, seneca); var userHandler = require('alt-user-seneca')(config, seneca); var apiKeyHandler = require('./seneca-apiKey')(config, seneca); var app = koa(); app.keys = config.koa.keys; app.use(session(app)); app.use(jwt(config.jwt).unless({ path: [/^\/($|public|auth|connect)/] })); app.use(require('koa-static')('public')); app.use(authHandler.koa()); app.use(userHandler.koa()); // api key submission routes // app.use(); require('./auto-serve-ssl')(app.callback(), config);
app.use(timingLogger); app.use(errorHandler); app.use(bodyParser()); app.use(convert(cors())); const apiUrl = '/api'; log('config public routes'); const authApi = new Router({prefix: apiUrl}) const userStore = dataStore({filename: '../users.json', autoload: true}); authApi.use('/auth', new AuthRouter({userStore, io}).routes()) app.use(authApi.routes()).use(authApi.allowedMethods()) log('config protected routes'); app.use(convert(koaJwt(jwtConfig))); const protectedApi = new Router({prefix: apiUrl}) const productStore = dataStore({filename: '../products.json', autoload: true}); const productRouter=new ProductRouter({productStore, io}); protectedApi.use('/product',productRouter.routes()) app.use(protectedApi.routes()).use(protectedApi.allowedMethods()); io.on('connection', socketioJwt.authorize(jwtConfig)) .on('authenticated', (socket) => { const username = socket.decoded_token.username; socket.join('${username}'); productRouter.setSocket(socket); log(`${username} authenticated and joined`); socket.on('disconnect', () => { log(`${username} disconnected`); })
dotenv.load(); // App configuration var app = koa(); app.use(cors()); // Enable cross-site data transfer app.use(bodyparser()); // Enable POST body parsing // Routes var ping = require('./routes/ping'); var register = require('./routes/register'); // Validate incoming id_tokens unless they are going through a public directory var privateKey = new Buffer(process.env.AUTH0_CLIENT_SECRET, 'base64'); app.use( jwt({ secret: privateKey, algorithm: 'HS256' }) .unless({path:[/^\/public/]}) ); app.use(routes.get('/public/ping', ping.publicPing)); app.use(routes.get('/ping', ping.privatePing)); app.use(routes.post('/register', register.create)); var port = process.env.PORT || 12001; app.listen(port); console.log(`Listening on port: ${port}`) module.exports = app;
return ctx.throw('Bad auth data', 400); } let user; try { user = await db.User.findById(ctx.state.user.id); debug('trying to find test-login', user.name); } catch (err) { return ctx.throw('User not found', 404); } ctx.body = {user: user.email}; } let jwtMiddleware = convert(koaJwt({ secret: config.secret })) router.get("/test-login", convert.compose(jwtMiddleware, handleTestLogin)); app.use(router.routes()); //app.use(router.allowedMethods()); module.exports = app; // Auth реализует POST на "/login" , котрый принимает поля {login/email:ddd, password}
const jwt = require('koa-jwt'); const jwksRsa = require('../../lib'); const jwksHost = process.env.JWKS_HOST; const audience = process.env.AUDIENCE; const issuer = process.env.ISSUER; // Initialize the app. const app = new Koa(); app.use(jwt({ secret: jwksRsa.koaJwtSecret({ cache: true, rateLimit: true, jwksRequestsPerMinute: 2, jwksUri: `${jwksHost}/.well-known/jwks.json` }), audience, issuer, algorithms: [ 'RS256' ] })); const router = new Router(); router.get('/me', ctx => { ctx.body = ctx.state.user }); app.use(router.middleware()); // Start the server.
const configureKoaJwt = ({jwt: {secret: {accessToken}}}) => authorize({ secret: accessToken, cookie: false, passthrough: true })
} else { throw e; // Pass the error to the next handler since it wasn't a JWT error. } } }); // Public endpoint to login. app.use(function *(next) { if (this.url.match(/^\/login/)) { var claims = yield parse(this); var token = jwt.sign(claims, privateKey, {algorithm: 'RS256'}); this.status = 200; this.body = {token: token}; } else { yield next; } }); // Everything behind this will be protected. app.use(jwt({ secret: publicKey, algorithm: 'RS256' })); app.use(function *() { this.status = 200; this.body = 'You are logged in dude! Welcome!'; }); app.listen(3000);
const compose = require('koa-compose') const convert = require('koa-convert') const jwt = require('koa-jwt') const constants = require('../constants') const decodeJwt = convert(jwt({ secret: constants.SESSION_SECRET, passthrough: true })) module.exports = compose([decodeJwt])
const jwt = require('koa-jwt') const compose = require('koa-compose') const db = require('../database') const config = require('../config') const jwtMiddleware = jwt({ secret: config.get('jwt.secret') }) const checkUser = async (ctx, next) => { if (!ctx.state.user.id) { ctx.status = 401 return } const user = await db.from('users') .where('id', ctx.state.user.id) .then(([u]) => u) if (!user) { ctx.status = 401 return } ctx.state.user.role = user.role await next() }
var app = require('koa')(); var router = require('koa-router')(); var config = require('./config'); var bodyParser = require('koa-bodyparser'); var mongoose = require('mongoose'); var jwt = require('koa-jwt'); mongoose.connect(config.database); var db = mongoose.connection; db.on('error', console.error.bind(console, 'connection error:')); app.use(bodyParser()); require('./routes').register(router); router.use(jwt({ secret: config.secret })); require('./routesprotected').register(router); app.use(router.routes()); if (!module.parent) { app.listen(3000); } module.exports = app;
app.use(convert(WebpackDevMiddleware(compiler, { hot: true, noInfo: true, publicPath: webpackConfig.output.publicPath, historyApiFallback: true }))) app.use(convert(WebpackHotMiddleware(compiler, { log: console.log, path: '/__webpack_hmr', heartbeat: 10 * 1000 }))) app.use(serve(__dirname + '/../public')) app.use(convert(jwt({ secret: process.env.JWT_SECRET }).unless({ path: [ '/login', '/register', '/favicon.ico' ] }))) app.use(logger()) app.use(convert(bodyParser())) //app.keys = ['some secret hurr'] //app.use(convert(session(app))) app.use( indexRouter.routes(),
/** * parse request body into js object */ app.use(convert(bodyParser())) /** * connect db */ mongoose.connect('127.0.0.1:27017/todosdemo') /** * JWT authentication control * all paths protected by default */ app.use(convert(koajwt({ secret: JWT_SECRET }).unless({ path: [ // add unprotected paths here // /regex for path/, ... /^\/api\/login/, /^\/favicon.ico/, ]}))) /** * REST routes * from routes/index.js */ const router = new Router() routes(router) app .use(router.routes())
const user = await UserModel.findById(ctx.state.jwtdata._id).lean(); if (!user) throw new HttpError(401, 'User not found by your token ID'); const logoutedAt = (new Date(user.logoutedAt)).getTime(); const loggedAt = (new Date(ctx.state.jwtdata.loggedAt)).getTime(); if (loggedAt < logoutedAt) { log.warn(`loggedAt ${loggedAt} < logoutedAt ${logoutedAt}. return 401`); throw new HttpError(401, 'User had logged out'); } if (ctx.state.jwtdata.userAgent !== ctx.request.header['user-agent']) { log.warn(`user's token userAgent (${ctx.state.jwtdata.userAgent}) is not equal to request user-agent ${ctx.request.header['user-agent']}. return 401`); throw new HttpError(401, 'User had logged out'); } ctx.state.user = user; } catch (err) { throw err; } await next(); } module.exports = compose( jwt({ secret: config.secret, key: 'jwtdata' }), getUserData );
if (!fs.existsSync(dir)){ mkdirp.sync(dir); } router.use('/api/public', articlesRoute.public.routes(), articlesRoute.public.allowedMethods()); router.use('/api/private', articlesRoute.private.routes(), articlesRoute.private.allowedMethods()); router.use('/api/public', authRoute.public.routes(), authRoute.public.allowedMethods()); app .use(logger()) .use(cors()) .use(bodyParser()) .use(serve(staticPath)) //dont use jwt on public api and files that need to be downloaded from amazon .use(jwt({ secret: process.env.SECRET_JWT }).unless({ path: [/^(?!\/api\/private)/] })) .use(router.routes()) .use(router.allowedMethods()) .use(function *(next) { if(this.url.startsWith('/api')) { this.status = 404; } else if(this.url.endsWith('.png')) { const regex = /^(.*)\/(.*[^\/])$/; const match = regex.exec(this.url); const basepath = match[1]; const filename = match[2]; console.log('Hello', basepath, filename) const params = {Key: filename}; const file = fs.createWriteStream(`${staticPath}/${basepath}/${filename}`);
import { rope } from './utils/db' import { log } from './utils' import frontRouter from './routes/front' import Config from './utils/config' const router = new Router() const app = new Koa() // Loads .env and puts variables into process.env const envFile = new Config() app.use(compress()) router.use('/api', convert(jwt({ secret: process.env.SESSION_SECRET }).unless({ path: [/token-auth/, /token-refresh/, /reset-password/] }))) router.use(convert(bodyParser({ multipart: true }))) // Retrieve routes from passed path const getRouter = (path) => require('./routes/' + path) const APIroutes = [ 'content', 'reset-password', 'token',
} catch(err) { this.set( "Access-Control-Allow-Origin", "*"); this.set("Access-Control-Allow-Credentials", "true"); this.set("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT"); this.set("Access-Control-Allow-Headers", "Authorization,Content-Type,Accept"); this.status = err.status || 500; this.body = err.message; this.set("Content-Type","application/json"); } }); app.use(jwt({ secret: secret, key: 'user' }).unless({ path: [/^\/public/, '/'] })); app .use(fishcatchroutes.routes()) .use(fishcatchroutes.allowedMethods()) app .use(userroutes.routes()) .use(userroutes.allowedMethods()) app .use(lakeroutes.routes()) .use(lakeroutes.allowedMethods()) app.listen(port);
try { await next() } catch (err) { if (err.status === 401) { ctx.status = 401 ctx.body = { success: false, token: null, info: 'Protected resource, use Authorization header to get access' } } else { throw err } } }) app.on('error', function (err, ctx) { console.log('server error', err) }) router.use('/auth', auth.routes()) // 挂载到koa-router上,同时会让所有的auth的请求路径前面加上'/auth'的请求路径。 router.use('/api', jwt({secret: 'vue-koa-demo'}), api.routes()) // 所有走/api/打头的请求都需要经过jwt验证。 app.use(router.routes()) // 将路由规则挂载到Koa上。 app.use(historyApiFallback()) app.use(serve(path.resolve('dist'))) // 将webpack打包好的项目目录作为Koa静态文件服务的目录 export default app.listen(port, () => { console.log(`Koa is listening in ${port}`) })
module.exports = function (app) { // middleware configuration app.use(cors({ maxAge: config.app.cacheTime / 1000, credentials: true, methods: 'GET, HEAD, OPTIONS, PUT, POST, DELETE', headers: 'Origin, X-Requested-With, Content-Type, Accept, Authorization' })); app.use( function * ( next ) { this.req.connection.setTimeout( 0 ); this.req.connection.setNoDelay( true ); try { yield next; } catch( err ) { l.error( "Err in processing req ", err ); } }); app.use(responseTime()); app.use(compress({ filter: function (content_type) { return /application\/json/i.test(content_type); }, threshold: 250 })); let pubRouter = route(); var secRouter = route(); fs.readdirSync('./server/controllers').forEach( function (file) { let controller = require('../controllers/' + file); if( controller.initPub ) controller.initPub( pubRouter ); if( controller.initSecured ) controller.initSecured( secRouter ); }); app.use(parse({multipart: true,formidable: {uploadDir: config.app.uploadDir}})); app.use( function*( next ) { this.log = l; l.debug("got req ", this.request); yield next; }); app.use(function*(next){ if(!(/\/v\d+\//i.test(this.request.url))) yield send(this, this.path, {root: config.app.root}); else { this.log.debug('JSON api request'); yield next; } }); app.use( pubRouter.routes() ); app.use( function * ( next ) { if( pubRouter.match( this.path, this.method ).pathAndMethod.length )// if already routed, return; return; yield next; }); app.use( jwt( { secret : config.app.privateKey, algorithms : [ 'HS256' ] } ) ); app.use( function*(next) { let User = require( 'mongoose' ).model( 'User' ); let id = this.state.user._id; this.passport = {}; this.passport.user = yield User.findById(id) .populate({path:'localities', select:'name users location'}) .populate({path:'settings', select:'privacy notifications neighbors'}) .select('-gcmTokens -resetToken -resetTokenExpiry -resetTokenValidated') .exec(); if(!this.passport.user) { this.status = 401; return; } yield next; }); app.use(function * (next){ let reqId = ++reqCount; l.debug({reqId: reqId, req: this.request, body: this.request.body}); this.log = l.child({reqId: reqId, user: this.passport.user}); yield next; let body = (this.response.header['content-type'] !== 'application/octet-stream')? this.body : "Byte stream"; l.debug({reqId: reqId, res: this.response}); }); app.use(secRouter.routes()); };
this.body = err.message; break; case 401: this.status = 401; this.body = err.message; break; case 400: this.status = 400; this.body = err.message; break; case 403: this.status = 403; this.body = err.message; break; case 500: this.status = 500; this.body = err.message; break; } } }); app.use(jwt({ secret : process.env.APP_JWT_SECRET , passthrough: true})); app.use(mount(api)); app.listen(4567); console.log('listening on port 4567'); exports.app = app;
const jwt = require('koa-jwt'); const cors = require('koa-cors'); const errorMiddleware = require('./middleware/error-middleware'); app.use(koaBody({ fieldsKey: false, filesKey: false, multipart: true })); // allow cors for now app.use(cors()); // add error middleware app.use(errorMiddleware()); // load all routes require('./routes/public')(app); // Middleware below this line is only reached if JWT token is valid app.use(jwt({ secret: config.secretKey })); // Protected middleware require('./routes/protected')(app); app.on('error', err => { logger.error(err).catch(err => console.error(err)); // eslint-disable-line }); app.listen(config.port, () => console.log(`local api:${config.port} - ${process.env.NODE_ENV}`)); // eslint-disable-line
app.use((ctx, next) => { return next().catch(err => { if (401 == err.status) { ctx.status = 401; ctx.body = '401 Unauthorized - Protected resource, use Authorization header to get access\n'; } else { throw err; } }); }); // Unprotected middleware app.use((ctx, next) => { if (ctx.url.match(/^\/public/)) { ctx.body = 'unprotected\n'; } else { return next(); } }); // Middleware below this line is only reached if JWT token is valid app.use(koajwt({ secret: secretCode })); app.use(ctx => { if (ctx.url.match(/^\/api/)) { ctx.body = 'protected\n'; } }); app.listen(3000);