Http Security | Config & Commands

Certainly! Here's the Markdown documentation for adding the HTTP Security Module to your framework:

Adding HTTP Security Module

To integrate the HTTP Security Module into your framework, follow these steps:

Configuration (app/Config.js)

Open the app/Config.js file.
Add the following lines to configure the HTTP Security Module:

http_security: {
    module: require("etherial/components/http.security").HttpSecurity,

    config: {
        type: "JWT", // Can also be "BasicAuth"
        secret: "yoursecreTOCHANGE", // Change this secret to a more secure value
    },
},

Customize the configuration parameters according to your specific security requirements. Here's a description of each parameter:

HTTP Security Configuration Parameters

type: The type of authentication or security mechanism to be used. It can be either "JWT" for JSON Web Token authentication or "BasicAuth" for HTTP Basic Authentication.
secret: The secret key used for JWT authentication. For security reasons, make sure to change this secret to a more secure and complex value.

Save the app/Config.js file.

Configuration (src/app.ts)

In Etherial.TS, configuring authentication is straightforward. Follow these steps to set up authentication in your application:

Import the necessary components and dependencies, including etherial, Http, and User (or your user model).
Initialize the HTTP application, enabling CORS, body parsing, and other required middleware.
Set a custom authentication checker using http_security.setCustomAuthentificationChecker(). This function should retrieve the user's information based on the provided user ID. For example, in your code:
```
http_security.setCustomAuthentificationChecker(({user_id}) => {
    return User.findOne({
        where: {
            id: user_id
        }
    })
})
```
This step ensures that the framework knows how to find and authenticate users based on the user ID provided in the JWT / Session / BasicAuth.

Implement a custom error handler for invalid tokens to return appropriate error responses. In your code, you've used a middleware to handle this:

http.app.use((err, req, res, next) => {
    if (err.name === 'UnauthorizedError') {
        res.error({status: 403, errors: [ {location: 'api', param: '0', value: '0', msg: 'api.errors.token.invalid'}]})
    } else {
        next()
    }
})

By following these steps, you can effectively implement JWT authentication in your Etherial.TS application, enhancing security and control over access to your resources.

Once the HTTP Security Module is configured, you can use it to secure your HTTP routes and endpoints. Depending on the type configuration, you'll need to implement the corresponding security mechanisms in your routes or middleware.

Example app.ts (Configuration steps)

import etherial from "etherial";

import {
    Request,
    Response,
} from "etherial/components/http/provider"

import { Http } from "etherial/components/http";
import { Database } from "etherial/components/database";
import { HttpSecurity } from "etherial/components/http.security";

import * as bodyParser from "body-parser";
import * as cors from "cors";
import * as methodOverride from "method-override";

import { User } from "./models/User";

class App {

    run({ http, database, http_security }: { http: Http; database: Database, http_security: HttpSecurity }) {

        http.app.use(cors());
        http.app.use(methodOverride());
        http.app.use(bodyParser.json());

        //Custom authentification checker
        http_security.setCustomAuthentificationChecker(({user_id}) => {
            return User.findOne({
                where: {
                    id: user_id
                }
            })
        })

        //Custom error handler when token is invalid
        http.app.use((err: { name: string }, req: Request, res: Response, next: any) => {

            if (err.name === 'UnauthorizedError') {
                res.error({status: 403, errors: [ {location: 'api', param: '0', value: '0', msg: 'api.errors.token.invalid'}]})
            } else {
                next()
            }
    
        })

        http.notFoundRoute((req, res) => {
            res.error({ status: 404, error: "api.not_found" });
        });

        return Promise.all([
            http.listen(),
            database.sequelize.sync({
                alter: true,
            }),
        ]);
        
    }

}

export default App;

Commands

That's it! You have successfully added the HTTP Security Module to Etherial and can use it to secure your routes and endpoints based on the chosen authentication type. Make sure to implement the security mechanisms in your routes as needed.

PreviousForm Validation NextSecurity | JWT Authentification

Last updated 2 years ago

Was this helpful?