topcoder-platform
diff --git a/‎build.sh
100644100755 b/‎build.sh
100644100755
diff --git a/‎common/helper.js
Lines changed: 2 additions & 2 deletions b/‎common/helper.js
Lines changed: 2 additions & 2 deletions
diff --git a/‎deploy.sh
100644100755 b/‎deploy.sh
100644100755
diff --git a/‎index.js
Lines changed: 4 additions & 7 deletions b/‎index.js
Lines changed: 4 additions & 7 deletions
diff --git a/‎service/AuthService.js
Lines changed: 76 additions & 0 deletions b/‎service/AuthService.js
Lines changed: 76 additions & 0 deletions
@@ -190,8 +190,8 @@ function validateEventPayload (event) {
 }
 
 function verifyTokenScope (req, scope) {
-  const isMachineToken = _.get(req, 'authUser.isMachine', false)
-  const scopes = _.get(req, 'authUser.scopes', [])
+  const isMachineToken = _.get(req.swagger.params, 'authUser.isMachine', false)
+  const scopes = _.get(req.swagger.params, 'authUser.scopes', [])
   if (isMachineToken && !(_.indexOf(scopes, scope) >= 0)) {
     throw createError.Unauthorized('Check your token scope.')
   }
 
@@ -11,6 +11,7 @@ const jsyaml = require('js-yaml')
 
 const MessageBusService = require('./service/MessageBusService')
 const logger = require('./common/logger')
+const AuthService = require('./service/AuthService')
 
 const serverPort = config.PORT
 
@@ -31,13 +32,9 @@ swaggerTools.initializeMiddleware(swaggerDoc, function (middleware) {
   app.use(middleware.swaggerMetadata())
 
   // Authentication
-  // app.use(middleware.swaggerSecurity({
-  //   Bearer: (req, authOrSecDef, scopesOrApiKey, callback) => {
-  //     // authOrSecDef: { type: 'apiKey', name: 'Authorization', in: 'header' }
-  //     // scopesOrApiKey: Bearer test (What I passed in Authorization header)
-  //     callback()
-  //   }
-  // }))
+  app.use(middleware.swaggerSecurity({
+    Bearer: AuthService()
+  }))
 
   // Validate Swagger requests
   app.use(middleware.swaggerValidator())
 
@@ -0,0 +1,76 @@
+const config = require('config')
+const { verifier } = require('tc-core-library-js').auth
+const _ = require('lodash')
+
+const NOT_AUTHORIZED = 401
+
+/**
+ * Function body is similar to tc-core-library-js
+ * jwt auth middleware. That function is expressjs specific
+ * and thus using the modified version here specific for
+ * swagger code gen
+ */
+module.exports = function () {
+  let secret = config.get('AUTH_SECRET')
+  let validIssuers = JSON.parse(config.get('VALID_ISSUERS'))
+
+  if (!secret || secret.length === 0) {
+    throw new Error('Auth secret not provided')
+  }
+
+  if (!validIssuers || validIssuers.length === 0) {
+    throw new Error('JWT Issuers are not configured')
+  }
+
+  let authVerifier = verifier(validIssuers)
+
+  return function (req, authOrSecDef, scopesOrApiKey, callback) {
+    if (!!scopesOrApiKey && scopesOrApiKey.indexOf('Bearer') === 0) {
+      const token = scopesOrApiKey.split('Bearer ')[1]
+
+      authVerifier.validateToken(token, secret, (err, decoded) => {
+        let scopes
+
+        if (err) {
+          err.statusCode = NOT_AUTHORIZED
+          return callback(err)
+        }
+
+        decoded.userId = _.parseInt(_.find(decoded, (value, key) => {
+          return (key.indexOf('userId') !== -1)
+        }))
+        decoded.handle = _.find(decoded, (value, key) => {
+          return (key.indexOf('handle') !== -1)
+        })
+        decoded.roles = _.find(decoded, (value, key) => {
+          return (key.indexOf('roles') !== -1)
+        })
+
+        scopes = _.find(decoded, (value, key) => {
+          return (key.indexOf('scope') !== -1)
+        })
+
+        if (scopes) {
+          decoded.scopes = scopes.split(' ')
+
+          let grantType = _.find(decoded, (value, key) => {
+            return (key.indexOf('gty') !== -1)
+          })
+          if (grantType === 'client-credentials' &&
+              !decoded.userId &&
+              !decoded.roles) {
+            decoded.isMachine = true
+          }
+        }
+
+        req.swagger.params.authUser = decoded
+
+        callback()
+      })
+    } else {
+      const error = new Error('You are not authorized to access this resource')
+      error.statusCode = NOT_AUTHORIZED
+      callback(error)
+    }
+  }
+}
Original file line number	Diff line number	Diff line change
`@@ -190,8 +190,8 @@ function validateEventPayload (event) {`
`190`	`190`	`}`
`191`	`191`
`192`	`192`	`function verifyTokenScope (req, scope) {`
`193`		`- const isMachineToken = _.get(req, 'authUser.isMachine', false)`
`194`		`- const scopes = _.get(req, 'authUser.scopes', [])`
	`193`	`+ const isMachineToken = _.get(req.swagger.params, 'authUser.isMachine', false)`
	`194`	`+ const scopes = _.get(req.swagger.params, 'authUser.scopes', [])`
`195`	`195`	`if (isMachineToken && !(_.indexOf(scopes, scope) >= 0)) {`
`196`	`196`	`throw createError.Unauthorized('Check your token scope.')`
`197`	`197`	`}`