I am receiving my security tokens for my API using the Authorization header param sent like so:
Authorization: Bearer <SomeVeryLongTokenThatALegitLoginBegat>
The good news is that my node server receives the param allright; I receive it as args.Authorization.originalValue in each method in each service in the generated server stubs in /controllers. The bad news is that I have a large collection of API endpoints, and I would like to do the authorization of the request before the request gets routed into the controllers.
From what I read, the swagger-security middleware is supposed to do this, but I couldn't get that to work (didn't seem to get into that codeflow at all; see below for what I tried in $SWAGGER_API_HOME/index.js).
// code snippet from $SWAGGER_API_HOME/index.js
app.use(middleware.swaggerSecurity({
Authorization: function (req, def, scopes, callback) {
console.log ('INDEX.JS RECEIVED SOMETHING', req);
callback();
}
}));
So I do this the tiresome way now, for each method in file in /controllers/; an example of this repetitive way follows:
exports.userSomethingDELETE = function(args, res, next) {
/**
* Do something for user
* authorization String
* something SomethingDetails
* no response value expected for this operation
**/
console.log (args.Authorization.originalValue.substring(7));
var promiseOfAuthentication = performMyOwnAuthentication (args.Authorization.originalValue.substring(7));
promiseOfAuthentication.then (...)
...
}
I have a lot of methods (about 500 in all) and so doing the above is very bad way to do auth. I would like the req object to be parsed by one auth method and approve before it gets routed to the correct controller. Is there a way to do this? Any help is appreciated.
Thanks!
via Sonny
No comments:
Post a Comment