feat(serve): add auth source normalizer middleware to support query string source auth data

- add "authSourceNormalizerMiddleware" and its options to support client providing auth data from query string or payload.
- rename "authRouteMiddleware" to "authRouterMiddleware".
- create "BaseAuthMiddleware" to collect same logistic part for activate method in auth credential and auth router middleware.
- remove "is-base64" package.
- add "authSourceNormalizerMiddleware" test cases.
- add new test cases for testing auth api with providing query string or paylod auth data source.

Author: kokokuo

package.json

@@ -49,7 +49,6 @@
     "@types/from2": "^2.3.1",
     "@types/glob": "^7.2.0",
     "@types/inquirer": "^8.0.0",
-    "@types/is-base64": "^1.1.1",
     "@types/jest": "27.4.1",
     "@types/js-yaml": "^4.0.5",
     "@types/koa": "^2.13.4",

packages/integration-testing/src/example1/example1-3.spec.ts

@@ -3,47 +3,132 @@ import { ServeConfig, VulcanServer } from '@vulcan-sql/serve';
 import * as supertest from 'supertest';
 import defaultConfig from './projectConfig';
 
-let server: VulcanServer;
-
-const projectConfig: ServeConfig & IBuildOptions = {
-  ...defaultConfig,
-  auth: {
-    enabled: true,
-    options: {
-      basic: {
-        'users-list': [
-          {
-            name: 'user1',
-            // md5('test1')
-            md5Password: '5a105e8b9d40e1329780d62ea2265d8a',
-            attr: {
-              role: 'admin',
-            },
+describe('Example1-3: get user profile by GET /auth/user-profile API with Authorization', () => {
+  let server: VulcanServer;
+  let projectConfig: ServeConfig & IBuildOptions;
+
+  beforeEach(async () => {
+    projectConfig = {
+      ...defaultConfig,
+      auth: {
+        enabled: true,
+        options: {
+          basic: {
+            'users-list': [
+              {
+                name: 'user1',
+                // md5('test1')
+                md5Password: '5a105e8b9d40e1329780d62ea2265d8a',
+                attr: {
+                  role: 'admin',
+                },
+              },
+            ],
           },
-        ],
+        },
       },
-    },
-  },
-};
-
-afterEach(async () => {
-  await server.close();
-});
+    };
+  });
 
-it('Example1-3: get user profile by GET /auth/user-profile API with Authorization', async () => {
-  const builder = new VulcanBuilder(projectConfig);
-  await builder.build();
-  server = new VulcanServer(projectConfig);
-  const httpServer = (await server.start())['http'];
-
-  const agent = supertest(httpServer);
-  const result = await agent
-    .get('/auth/user-profile')
-    .set('Authorization', 'basic dXNlcjE6dGVzdDE=');
-  expect(result.body).toEqual({
-    name: 'user1',
-    attr: {
-      role: 'admin',
-    },
+  afterEach(async () => {
+    await server?.close();
   });
-}, 10000);
+
+  it('Example1-3-1: set Authorization in header with default options', async () => {
+    const builder = new VulcanBuilder(projectConfig);
+    await builder.build();
+    server = new VulcanServer(projectConfig);
+    const httpServer = (await server.start())['http'];
+
+    const agent = supertest(httpServer);
+    const result = await agent
+      .get('/auth/user-profile')
+      .set('Authorization', 'basic dXNlcjE6dGVzdDE=');
+    expect(result.body).toEqual({
+      name: 'user1',
+      attr: {
+        role: 'admin',
+      },
+    });
+  }, 10000);
+
+  it('Example1-3-2: set Authorization in querying with default options', async () => {
+    const builder = new VulcanBuilder(projectConfig);
+    await builder.build();
+    server = new VulcanServer(projectConfig);
+    const httpServer = (await server.start())['http'];
+
+    const auth = Buffer.from(
+      JSON.stringify({ Authorization: 'basic dXNlcjE6dGVzdDE=' })
+    ).toString('base64');
+
+    const agent = supertest(httpServer);
+    const result = await agent.get(`/auth/user-profile?auth=${auth}`);
+
+    expect(result.body).toEqual({
+      name: 'user1',
+      attr: {
+        role: 'admin',
+      },
+    });
+  }, 10000);
+
+  it('Example1-3-3: set Authorization in querying with specific auth "key" options', async () => {
+    projectConfig['auth-source'] = {
+      options: {
+        key: 'x-auth',
+      },
+    };
+    const builder = new VulcanBuilder(projectConfig);
+    await builder.build();
+    server = new VulcanServer(projectConfig);
+    const httpServer = (await server.start())['http'];
+
+    const auth = Buffer.from(
+      JSON.stringify({ Authorization: 'basic dXNlcjE6dGVzdDE=' })
+    ).toString('base64');
+
+    const agent = supertest(httpServer);
+    const result = await agent.get(`/auth/user-profile?x-auth=${auth}`);
+
+    expect(result.body).toEqual({
+      name: 'user1',
+      attr: {
+        role: 'admin',
+      },
+    });
+  }, 10000);
+
+  it('Example1-3-4: set Authorization in json payload specific auth "x-key" options', async () => {
+    projectConfig['auth-source'] = {
+      options: {
+        key: 'x-auth',
+        in: 'payload',
+      },
+    };
+    const builder = new VulcanBuilder(projectConfig);
+    await builder.build();
+    server = new VulcanServer(projectConfig);
+    const httpServer = (await server.start())['http'];
+
+    const auth = Buffer.from(
+      JSON.stringify({ Authorization: 'basic dXNlcjE6dGVzdDE=' })
+    ).toString('base64');
+
+    const agent = supertest(httpServer);
+
+    const result = await agent
+      .get('/auth/user-profile')
+      .send({
+        ['x-auth']: auth,
+      })
+      .set('Accept', 'application/json');
+
+    expect(result.body).toEqual({
+      name: 'user1',
+      attr: {
+        role: 'admin',
+      },
+    });
+  }, 10000);
+});

packages/serve/src/lib/middleware/auth/authCredentialMiddleware.ts

@@ -0,0 +1,46 @@
+import { VulcanInternalExtension } from '@vulcan-sql/core';
+import { Next, KoaContext, AuthStatus } from '@vulcan-sql/serve/models';
+import { BaseAuthMiddleware } from './authMiddleware';
+
+/** The middleware responsible for checking request auth credentials.
+ *  It seek the 'auth' module name to match data through built-in and customized authenticator by BaseAuthenticator
+ * */
+@VulcanInternalExtension('auth')
+export class AuthCredentialsMiddleware extends BaseAuthMiddleware {
+  public override async onActivate() {
+    await this.initialize();
+  }
+
+  public async handle(context: KoaContext, next: Next) {
+    // return to stop the middleware, if disabled
+    if (!this.enabled) return next();
+
+    // The /auth/token endpoint not need contains auth credentials
+    if (context.path === '/auth/token') return next();
+
+    // pass current context to auth token for users
+    for (const name of Object.keys(this.authenticators)) {
+      // skip the disappeared auth type name in options
+      if (!this.options[name]) continue;
+      // auth token
+      const result = await this.authenticators[name].authCredential(context);
+      // if state is indeterminate, change to next authentication
+      if (result.status === AuthStatus.INDETERMINATE) continue;
+      // if state is failed, return directly
+      if (result.status === AuthStatus.FAIL) {
+        context.status = 401;
+        context.body = {
+          type: result.type,
+          message: result.message || 'verify token failed',
+        };
+        return;
+      }
+      // set auth user information to context
+      context.state.user = result.user!;
+      await next();
+      return;
+    }
+
+    throw new Error('all types of authenticator failed.');
+  }
+}

packages/serve/src/lib/middleware/auth/authCredentialsMiddleware.ts

@@ -0,0 +1,56 @@
+import { isEmpty } from 'lodash';
+import { inject, multiInject } from 'inversify';
+import { TYPES as CORE_TYPES } from '@vulcan-sql/core';
+import {
+  BuiltInMiddleware,
+  BaseAuthenticator,
+  AuthOptions,
+} from '@vulcan-sql/serve/models';
+import { TYPES } from '@vulcan-sql/serve/containers';
+
+type AuthenticatorMap = {
+  [name: string]: BaseAuthenticator<any>;
+};
+
+export abstract class BaseAuthMiddleware extends BuiltInMiddleware<AuthOptions> {
+  protected options = (this.getOptions() as AuthOptions) || {};
+  protected authenticators: AuthenticatorMap;
+
+  constructor(
+    @inject(CORE_TYPES.ExtensionConfig) config: any,
+    @inject(CORE_TYPES.ExtensionName) name: string,
+    @multiInject(TYPES.Extension_Authenticator)
+    authenticators: BaseAuthenticator<any>[]
+  ) {
+    super(config, name);
+
+    this.authenticators = authenticators.reduce<AuthenticatorMap>(
+      (prev, authenticator) => {
+        prev[authenticator.getExtensionId()!] = authenticator;
+        return prev;
+      },
+      {}
+    );
+  }
+  public async initialize() {
+    if (this.enabled && isEmpty(this.options)) {
+      throw new Error(
+        'please set at least one auth type and user credential when you enable the "auth" options.'
+      );
+    }
+
+    const names = Object.keys(this.authenticators);
+    // check setup auth type in options also valid in authenticators
+    Object.keys(this.options).map((type) => {
+      if (!names.includes(type))
+        throw new Error(
+          `The auth type "${type}" in options not supported, authenticator only supported ${names}.`
+        );
+    });
+
+    for (const name of names) {
+      const authenticator = this.authenticators[name];
+      if (authenticator.activate) await authenticator.activate();
+    }
+  }
+}