Merge pull request #201 from tcet-opensource/163-username_in_morgan

163 username in morgan
tcet-opensource · Aug 17, 2023 · acda575 · acda575
2 parents b14151f + 73c3288
commit acda575
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 6 deletions.
diff --git a/app.js b/app.js
@@ -10,19 +10,22 @@ import usersRouter from "#routes/users";
 import authRouter from "#routes/auth";
 import accreditationRouter from "#routes/accreditation";
 import infrastructureRouter from "#routes/infrastructure";
+import { identifyUser } from "#middleware/identifyUser";
 
 const app = express();
 const currDirName = dirname(fileURLToPath(import.meta.url));
 
+morgan.token("remote-user", (req) => req.user);
+app.use(identifyUser);
+app.use(cors());
+app.use(express.json());
+app.use(express.urlencoded({ extended: false }));
+app.use(cookieParser());
 app.use(morgan(
   ":remote-addr - :remote-user \":method :url HTTP/:http-version\" :status \":referrer\" \":user-agent\"",
   { stream: logger.stream },
 ));
 
-app.use(cors());
-app.use(express.json());
-app.use(express.urlencoded({ extended: false }));
-app.use(cookieParser());
 app.use(express.static(path.join(currDirName, "public")));
 
 app.use("/", indexRouter);

diff --git a/middleware/identifyUser.js b/middleware/identifyUser.js
@@ -0,0 +1,29 @@
+import jwt from "jsonwebtoken";
+import util, { logger } from "#util";
+
+export async function identifyUser(req, res, next) {
+  const authHeader = req.headers.authorization;
+  const token = authHeader && authHeader.split(" ")[1];
+  if (token === undefined) {
+    req.user = "anonymous";
+    next();
+    return false;
+  }
+  try {
+    const payload = jwt.verify(token, process.env.TOKEN_SECRET);
+    const decryptedIP = util.decrypt(payload.ip);
+    if (decryptedIP !== req.ip) {
+      req.user = "unauthorized";
+      next();
+    }
+    req.user = JSON.stringify(payload.data.uid);
+    req.userData = payload.data;
+    next();
+    return true;
+  } catch (error) {
+    logger.error("Error while finding user ", error);
+    req.user = "unauthorized";
+    next();
+    return false;
+  }
+}
diff --git a/routes/auth.js b/routes/auth.js
@@ -1,10 +1,9 @@
 import express from "express";
 import authController from "#controller/auth";
-import middleware from "#middleware/auth";
 
 const router = express.Router();
 router.post("/", authController.login);
-router.post("/validateUser", middleware.authenticateToken, authController.validateUser);
+router.post("/validateUser", authController.validateUser);
 router.post("/sendOTP", authController.sendOTP);
 router.post("/resetPassword", authController.resetPassword);