feat/get-tenant-of-authenticated-user

Tasks done --- - Created api endpoint to fetch authenticated user details and its tenant. - Added cors middleware to allow resources to whitelisted domains.
poudelprakash · Mar 27, 2024 · be546b2 · be546b2
1 parent 16323e9
commit be546b2
Show file tree

Hide file tree

Showing 12 changed files with 124 additions and 1 deletion.
diff --git a/.env.example b/.env.example
@@ -109,4 +109,7 @@ OIDC_CLIENT_ID=
 OIDC_CLIENT_SECRET=
 OIDC_REDIRECT_URI=
 OIDC_SCOPE=
-OIDC_JWK_URI=
+OIDC_JWK_URI=
+
+#CORS
+CORS_ALLOWED_DOMAINS=http://localhost:4000,http://localhost:5000
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -107,6 +107,9 @@ services:
       - OIDC_SCOPE=${OIDC_SCOPE}
       - OIDC_JWK_URI=${OIDC_JWK_URI}
 
+      #CORS
+      - CORS_ALLOWED_DOMAINS=${CORS_ALLOWED_DOMAINS}
+
   database_migration:
     container_name: bigcapital-database-migration
     build:

diff --git a/packages/server/package.json b/packages/server/package.json
@@ -38,6 +38,7 @@
     "bluebird": "^3.7.2",
     "body-parser": "^1.20.2",
     "compression": "^1.7.4",
+    "cors": "^2.8.5",
     "country-codes-list": "^1.6.8",
     "cpy": "^8.1.2",
     "cpy-cli": "^3.1.1",

diff --git a/packages/server/src/api/controllers/Authentication.ts b/packages/server/src/api/controllers/Authentication.ts
@@ -8,6 +8,8 @@ import { ServiceError, ServiceErrors } from '@/exceptions';
 import { DATATYPES_LENGTH } from '@/data/DataTypes';
 import LoginThrottlerMiddleware from '@/api/middleware/LoginThrottlerMiddleware';
 import AuthenticationApplication from '@/services/Authentication/AuthApplication';
+import AttachCurrentTenantUser from '@/api/middleware/AttachCurrentTenantUser';
+import JWTAuth from '@/api/middleware/jwtAuth';
 
 @Service()
 export default class AuthenticationController extends BaseController {
@@ -50,6 +52,12 @@ export default class AuthenticationController extends BaseController {
       this.handlerErrors
     );
     router.get('/meta', asyncMiddleware(this.getAuthMeta.bind(this)));
+
+    router.use(JWTAuth);
+    router.use(AttachCurrentTenantUser);
+
+    router.get('/me', asyncMiddleware(this.getAuthMe.bind(this)));
+
     return router;
   }
 
@@ -226,6 +234,27 @@ export default class AuthenticationController extends BaseController {
     }
   }
 
+  /**
+   * Retrieves the authentication user and its tenant
+   * @param {Request} req
+   * @param {Response} res
+   * @param {Function} next
+   * @returns {Response|void}
+   */
+  private async getAuthMe(req: Request, res: Response, next: Function) {
+    try {
+      const { user } = req;
+
+      const tenantId = user.tenantId;
+
+      const tenant = await this.authApplication.getAuthTenant(tenantId);
+
+      return res.status(200).send({ user, tenant });
+    } catch (error) {
+      next(error);
+    }
+  }
+
   /**
    * Handles the service errors.
    */

diff --git a/packages/server/src/api/middleware/CorsMiddleware.ts b/packages/server/src/api/middleware/CorsMiddleware.ts
@@ -0,0 +1,18 @@
+import cors from 'cors';
+import config from '@/config';
+
+const corsMiddleware = cors({
+  origin: function (origin, callback) {
+    const allowedDomains = config.cors.whitelistedDomains;
+
+    const requestOrigin = origin?.endsWith('/') ? origin?.slice(0, -1) : origin;
+
+    if (allowedDomains.indexOf(requestOrigin) !== -1 || !requestOrigin) {
+      callback(null, true);
+    } else {
+      callback(new Error('Not allowed by CORS'));
+    }
+  },
+});
+
+export default corsMiddleware;
diff --git a/packages/server/src/api/middleware/jwtAuth.ts b/packages/server/src/api/middleware/jwtAuth.ts
@@ -35,6 +35,8 @@ const authMiddleware = (req: Request, res: Response, next: NextFunction) => {
 
       const systemUser = await systemUserRepository.findOneByEmail(email);
 
+      if (!systemUser) throw new Error(`User with email: ${email} not found`);
+
       const payload = {
         id: systemUser.id,
         oidc_access_token: token,

diff --git a/packages/server/src/config/index.ts b/packages/server/src/config/index.ts
@@ -195,4 +195,9 @@ module.exports = {
   oidcLogin: {
     disabled: parseBoolean<boolean>(process.env.OIDC_LOGIN_DISABLED, false),
   },
+  cors: {
+    whitelistedDomains: castCommaListEnvVarToArray(
+      process.env.CORS_ALLOWED_DOMAINS
+    ),
+  },
 };
diff --git a/packages/server/src/loaders/express.ts b/packages/server/src/loaders/express.ts
@@ -18,6 +18,7 @@ import {
 import config from '@/config';
 import path from 'path';
 import ObjectionErrorHandlerMiddleware from '@/api/middleware/ObjectionErrorHandlerMiddleware';
+import corsMiddleware from '@/api/middleware/CorsMiddleware';
 
 export default ({ app }) => {
   // Express configuration.
@@ -30,6 +31,9 @@ export default ({ app }) => {
   // Helmet helps you secure your Express apps by setting various HTTP headers.
   app.use(helmet());
 
+  // Cors middleware.
+  app.use(corsMiddleware);
+
   // Allow to full error stack traces and internal details
   app.use(errorHandler());
 

diff --git a/packages/server/src/services/Authentication/AuthApplication.ts b/packages/server/src/services/Authentication/AuthApplication.ts
@@ -4,11 +4,13 @@ import {
   ISystemUser,
   IPasswordReset,
   IAuthGetMetaPOJO,
+  ITenant,
 } from '@/interfaces';
 import { AuthSigninService } from './AuthSignin';
 import { AuthSignupService } from './AuthSignup';
 import { AuthSendResetPassword } from './AuthSendResetPassword';
 import { GetAuthMeta } from './GetAuthMeta';
+import { GetAuthMe } from './GetAuthMe';
 
 @Service()
 export default class AuthenticationApplication {
@@ -24,6 +26,9 @@ export default class AuthenticationApplication {
   @Inject()
   private authGetMeta: GetAuthMeta;
 
+  @Inject()
+  private authGetMe: GetAuthMe;
+
   /**
    * Signin and generates JWT token.
    * @throws {ServiceError}
@@ -70,4 +75,13 @@ export default class AuthenticationApplication {
   public async getAuthMeta(): Promise<IAuthGetMetaPOJO> {
     return this.authGetMeta.getAuthMeta();
   }
+
+  /**
+   * Retrieves the authenticated tenant
+   * @param {number} tenantId
+   * @returns {Promise<ITenant>}
+   */
+  public async getAuthTenant(tenantId: number): Promise<ITenant> {
+    return this.authGetMe.getAuthTenant(tenantId);
+  }
 }
diff --git a/packages/server/src/services/Authentication/GetAuthMe.ts b/packages/server/src/services/Authentication/GetAuthMe.ts
@@ -0,0 +1,20 @@
+import { Inject, Service } from 'typedi';
+import { ITenant } from '@/interfaces';
+import { TenantService } from '@/services/Tenancy/TenantService';
+
+@Service()
+export class GetAuthMe {
+  @Inject()
+  private tenantService: TenantService;
+
+  /**
+   * Retrieves the authenticated tenant.
+   * @param {number} tenantId
+   * @returns {Promise<ITenant>}
+   */
+  public async getAuthTenant(tenantId: number): Promise<ITenant> {
+    const tenant = await this.tenantService.getTenantById(tenantId);
+
+    return tenant;
+  }
+}
diff --git a/packages/server/src/services/Tenancy/TenantService.ts b/packages/server/src/services/Tenancy/TenantService.ts
@@ -0,0 +1,21 @@
+import { Service } from 'typedi';
+import { Tenant } from '@/system/models';
+import ModelEntityNotFound from '@/exceptions/ModelEntityNotFound';
+
+@Service()
+export class TenantService {
+  /**
+   * Retrieves tenant by id.
+   * @param {number} tenantId
+   * @returns {Promise<any>}
+   */
+  public async getTenantById(tenantId: number): Promise<any> {
+    const tenant = await Tenant.query()
+      .findById(tenantId)
+      .withGraphFetched('metadata');
+
+    if (!tenant) throw new ModelEntityNotFound(tenantId);
+
+    return tenant;
+  }
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml