All files BackendAuthenticationMiddleware.ts

25% Statements 4/16
0% Branches 0/6
0% Functions 0/2
25% Lines 4/16

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1x
 
 
1x
 
1x
 
 
 
 
 
 
 
 
1x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
// Copyright (C) 2017  Norman Breau
 
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
 
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
 
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
import {StatusCode} from './StatusCode';
import {Request} from './Request';
import {Response} from './Response';
import {ResponseData} from './ResponseData';
import {Logger} from './Logger';
import {getInstance, getApplicationLogger} from './instance';
import {IConfig} from './IConfig';
 
/**
 * A base authentication strategy that handles 90% of the authentication process.
 * This will verify that the token hasn't been manipulated or tainted.
 * The authenticate API must be implemented by subclasses to further validate the token data 
 * for their specific use cases.
 */
export class BackendAuthenticationMiddleware {
    private logger: Logger;
 
    public constructor() {
        this.logger = getApplicationLogger();
    }
 
    /**
     * 
     * @param request 
     * @param response 
     * @param options Arbituary object containing any relevant information used for authentication.
     */
    public execute(request: Request, response: Response, options?: any): Promise<any> {
        let config: IConfig = getInstance().getConfig();
 
        let backendAuthHeader: string = config.backend_authentication_header;
        
        let backend: string = request.getHeader(backendAuthHeader);
 
        if (backend) {
            if (config.backend_authentication_secret === null) {
                this.logger.warn('Backend secret not implemented.');
                return Promise.reject(new ResponseData(StatusCode.INTERNAL_ERROR));
            }
 
            if (backend === config.backend_authentication_secret) {
                return Promise.resolve(null);
            }
            else {
                return Promise.reject(new ResponseData(StatusCode.ERR_UNAUTHORIZED, {
                    code: 0,
                    reason: 'Missing secret'
                }));
            }
        }
        else {
            return Promise.reject(new ResponseData(StatusCode.ERR_UNAUTHORIZED, {
                code: 0,
                reason: 'Missing secret'
            }));
        }
    }
}
 
Code coverage generated by istanbul at Sun Sep 22 2019 22:27:15 GMT-0300 (Atlantic Daylight Time)