Bos auth

examples/swagger/config/default.json

@@ -2,8 +2,8 @@
 {
   "express": {
     "port": "3000",
-    "middleware": ["cors", "body-parser"],
-    "middleware$": ["errors"]
+    "middleware": ["cors", "body-parser", "session", "addHmac", "bos-authentication", "custom-auth"],
+    "middleware$": []
   },
 
   "cors": {
@@ -18,6 +18,10 @@
     "maxWorkers": 1
   },
 
+  "session": {
+    "keys": ["sessionKey"]
+  },
+
   "swagger": {
     "refCompiler": {
       "petstore": {
@@ -35,4 +39,5 @@
     }
   }
 
+
 }

examples/swagger/handlers/api-v1.js

@@ -1,3 +1,4 @@
+
 exports.init = function() {
 
 };
@@ -7,10 +8,11 @@ exports.getFunTimeById = function(req, res, next) {
         'curiousPeople': [
             {
                 'kind': 'OtherPerson',
-                'curiousPersonReqField': 'hey!',
+                'curiousPersonReqField': 'hey?',
                 'enthusiasticPersonReqField': 'hola!'
             }
         ]
     });
 };
 
+

examples/swagger/middleware/addHmac.js

@@ -0,0 +1,30 @@
+var sjcl = require('sjcl'),
+    urlParse = require('url-parse');
+
+exports.init = function (app) {
+    app.use(function (req, res, next) {
+        if (req.path.indexOf('superfuntime') !== -1) {
+            var apiId = '285cd308-1564-4090-b3b4-ce5cfa697c4c';
+            var apiKey = 'JfOJ15SI7EGjDLX1h8zPB19Zr88ONMPKbBQJozMI0Ag';
+            var contentMd5 = req.headers['Content-MD5'] || '';
+            var contentType = req.headers['Content-Type'] || '';
+            var dateString = new Date().toString();
+
+            var urlPath;
+            if (urlParse) {
+                urlPath = urlParse(req.url).pathname;
+            }
+            var stringToSign = req.method.toUpperCase() + '\n' +
+                contentMd5 + '\n' +
+                contentType + '\n' +
+                dateString + '\n' +
+                urlPath;
+
+            var key = sjcl.codec.utf8String.toBits(apiKey);
+            var out = (new sjcl.misc.hmac(key, sjcl.hash.sha256)).mac(stringToSign);
+            var hmac = sjcl.codec.base64.fromBits(out);
+            req.headers.Authorization = 'SFI ' + apiId + ':' + hmac + ':' + dateString;
+        }
+        next();
+    });
+};

examples/swagger/middleware/custom-auth.js

@@ -0,0 +1,43 @@
+var _ = require('lodash');
+
+exports.init = function(app, logger) {
+    app.use(function (req, res, next) {
+        if (!req.bosAuthenticationData) {
+            return next();
+        }
+        _.forEach(req.bosAuthenticationData, function (authData) {
+            switch (authData.type) {
+
+            case 'basic':
+                if (!(authData.username && authData.password)) {
+                    res.setHeader('WWW-Authenticate', 'Basic realm="' + authData.securityReq + '"');
+                    res.status(401).send();
+                    return false;
+                }
+                break;
+            case 'apiKey':
+                if (!authData.password) {
+                    res.status(401).send();
+                    return false;
+                }
+                break;
+            case 'oauth2':
+                if (authData.securityDefn.flow === 'implicit') {
+                    if (!(authData.password)) {
+                        res.sendStatus(401);
+                        return false;
+                    }
+                } else {
+                    if (!(authData.tokenData)) {
+                        res.sendStatus(401);
+                        return false;
+                    }
+                }
+                break;
+            }
+        });
+        if (!res.headersSent) {
+            next();
+        }
+    });
+};

examples/swagger/services/hmacService.js

@@ -0,0 +1,10 @@
+
+exports.init = function () {
+
+};
+
+exports.getApiUser = function (apiId, done) {
+    done(null, {name: 'joe', getApiKey: function () {
+        return 'JfOJ15SI7EGjDLX1h8zPB19Zr88ONMPKbBQJozMI0Ag';
+    }});
+};

examples/swagger/swagger/api-v1.yaml

@@ -8,6 +8,10 @@ produces:
   - application/json
 paths:
   $ref: 'public/paths.yaml'
+securityDefinitions:
+  $ref: 'public/security-definitions.yaml'
+x-bos-securityDefinitions:
+  $ref: 'public/x-bos-security-definitions.yaml'
 
 ### ref-compiler: BEGIN
 definitions:

examples/swagger/swagger/public/paths/superfuntime-{id}.yaml

@@ -5,6 +5,17 @@ get:
     - Fun Times
   parameters:
     - $ref: '../parameters/PathId.yaml'
+  #security:
+    #- oauthImplicitEx: []
+  #security:
+    #- oauthEx: []
+  #security:
+    #- basicEx: []
+    #- apiKeyEx: []
+  #security:
+    #- apiKeyEx: []
+  #x-bos-security:
+    #- hmac: []
   responses:
     200:
       schema:

examples/swagger/swagger/public/security-definitions.yaml

@@ -0,0 +1,17 @@
+basicEx:
+  type: basic
+apiKeyEx:
+  type: apiKey
+  in: header
+  name: x-key
+oauthEx:
+  type: oauth2
+  flow: accessCode
+  authorizationUrl: http://localhost:3000/auth-code
+  tokenUrl: http://localhost:3000/access-token
+  scopes: {}
+oauthImplicitEx:
+  type: oauth2
+  flow: implicit
+  authorizationUrl: http://localhost:3000/access-token
+  scopes: {}

examples/swagger/swagger/public/x-bos-security-definitions.yaml

@@ -0,0 +1,11 @@
+hmac:
+  verify:
+    service: hmacService
+    method:
+      name: getApiUser
+      execute: false
+      args: []
+  routeOptions:
+    session: false
+  module: passport-hmac-strategy
+  x-bos-middleware: bos-passport

index.js

@@ -363,3 +363,5 @@ module.exports.testUtility = function () {
     return require('./testlib/util');
 };
 
+module.exports.subRequire = require('./lib/subRequire');
+