Protecting endpoints with a middleware #45
Conversation
| @@ -4,5 +4,6 @@ jspm_packages | |||
|
|
|||
| # Serverless directories | |||
| .serverless | |||
| *-function.json | |||
There was a problem hiding this comment.
I'm not sure if we should commit these files and if so.... is there a way to put them somewhere else other than the root folder?
These files are created automatically when deploying with the serverless framework.
| DOMAIN: process.env.AUTH0_DOMAIN, | ||
| CLIENT_ID: process.env.AUTH0_CLIENT_ID, | ||
| CLIENT_SECRET: process.env.AUTH0_CLIENT_SECRET, | ||
| CERTIFICATE: process.env.AUTH0_CERTIFICATE, |
There was a problem hiding this comment.
These data is defined in azure as Application Settings, everything works great except for AUTH0_CERTIFICATE. For now I hardcoded the value of this variable in the azure console, which is not ideal.
The value of this variable is something like:
AUTH0_CERTIFICATE = `
-----BEGIN CERTIFICATE-----
ABC123.....
ABC123.....
ABC123.....
-----END CERTIFICATE-----`
It looks like when saving this value in the applications settings azure removes the \n and when used in the code doesn't work :(
Anyone can help me with this?
|
|
||
| module.exports = { | ||
| auth0: { | ||
| DOMAIN: process.env.AUTH0_DOMAIN, |
There was a problem hiding this comment.
Another question I have is that every time I deploy... these values disappear in azure :( and I need to add it again, if I deploy a single function everything works as expected.
Anyone knows how to prevent that? Or how can we dynamically create those settings?
There was a problem hiding this comment.
Hi @crysfel, am not sure if these can be handled in the local.settings.json
There was a problem hiding this comment.
you could set these variables in the serverless.yml
| x-azure-settings: | ||
| direction: out | ||
| name: res | ||
| usersadd: |
There was a problem hiding this comment.
I would like to make this as post instead of get and I'd like to use the path /users. Anyone can help me with that?
There was a problem hiding this comment.
this is done in the function.json, there should be a function.json per function handler - since you are using serverless, there should be some config in the handler in the serverless.yml that allows you to specify this
|
a few comments:
|
That's coming next, right now we need to a simple REST endpoint that we can use with the alpha version, for the final product we will have graphql for sure. We want to have a basic backend where we can save user's profile information and another one to search/filter.
This sounds cool, let's do that next when graphql is integrated. |
I don't think it would take much effort to get the graphql azure function in - once we have agreed on what an ideal azure function looks like. Do we have any specific detailed requirements about search/filter at this stage? More and more I get the feeling we should store everything in a Graph Db
Yup that's cool |
For now we only need a few filters:
|
That's cool, however we don't want to add many updates to the alpha app, all we want is to call a REST endpoint to add a new user as a mentor and another one to do the filtering. Graphql will be used for the final product, but not in the alpha version we already have |
Description
This PR adds a middleware to check if there's a JWT in the header, it tries to extract the data and put it inside the request.
If there's not a valid JWT (Or missing) the middleware returns an error and completes the request. If everything is OK, then it continues the execution of the function.
I've created two endpoints:
/users: list all users, for now it only returns dummy data but this data is protected./users-add: Request the current user's information from auth0, this endpoint will save the new user in the database. For now is only returning the user's information in the response but later on we will get the email, name, avatar, etc. and save it in the database when a new user signs up.Closes #44