-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathhello-server-protected.js
More file actions
66 lines (47 loc) · 1.76 KB
/
Copy pathhello-server-protected.js
File metadata and controls
66 lines (47 loc) · 1.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
const http = require('http');
const dotenv = require('dotenv').config()
const jwt = require('jsonwebtoken')
if (dotenv.error) {
console.debug('FAILED TO PARSE `.env` FILE | ' + dotenv.error)
}
// To run in a docker container add to the .env file `SERVER_HOSTNAME=0.0.0.0`.
const hostname = dotenv.parsed.SERVER_HOSTNAME || 'localhost';
// The port for the Quickstart Postman collection and cURL examples is 8002
const port = dotenv.parsed.HTTP_PORT || 8002;
const approovBase64Secret = dotenv.parsed.APPROOV_BASE64_SECRET;
const approovSecret = Buffer.from(approovBase64Secret, 'base64')
const verifyApproovToken = function(req) {
const approovToken = req.headers['approov-token']
if (!approovToken) {
// You may want to add some logging here.
console.debug("Missing Approov token")
return false
}
// decode token, verify secret and check exp
return jwt.verify(approovToken, approovSecret, { algorithms: ['HS256'] }, function(err, decoded) {
if (err) {
// You may want to add some logging here.
console.debug("Approov token error: " + err)
return false
}
// The Approov token was successfully verified. We will add the claims to
// the request object to allow further use of them during the request
// processing.
req.approovTokenClaims = decoded
return true
})
}
const server = http.createServer((req, res) => {
console.debug("<--- / GET")
res.setHeader('Content-Type', 'application/json');
if (!verifyApproovToken(req)) {
res.statusCode = 401
res.end(JSON.stringify({}))
return
}
res.statusCode = 200;
res.end(JSON.stringify({message: "Hello, World!"}))
});
server.listen(port, hostname, () => {
console.log(`Approov protected server running at http://${hostname}:${port}/`);
});