From 2fbe43ce1ce075b30c7af6993a3a8dc854888f05 Mon Sep 17 00:00:00 2001 From: Dan Castillo Date: Sun, 10 Mar 2024 12:44:09 -0400 Subject: [PATCH] fix: Use @fastify/error to create errors FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER and FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER (#179) --- lib/errors.js | 6 +++++- lib/verify-bearer-auth-factory.js | 22 +++++++++++++--------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/lib/errors.js b/lib/errors.js index d10b371..3ee7fe4 100644 --- a/lib/errors.js +++ b/lib/errors.js @@ -6,10 +6,14 @@ const FST_BEARER_AUTH_INVALID_KEYS_OPTION_TYPE = createError('FST_BEARER_AUTH_IN const FST_BEARER_AUTH_INVALID_LOG_LEVEL = createError('FST_BEARER_AUTH_INVALID_LOG_LEVEL', 'fastify.log does not have level \'%s\'') const FST_BEARER_AUTH_KEYS_OPTION_INVALID_KEY_TYPE = createError('FST_BEARER_AUTH_KEYS_OPTION_INVALID_KEY_TYPE', 'options.keys has to contain only string entries') const FST_BEARER_AUTH_INVALID_SPEC = createError('FST_BEARER_AUTH_INVALID_SPEC', 'options.specCompliance has to be set to \'rfc6750\' or \'rfc6749\'') +const FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER = createError('FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER', 'missing authorization header', 401) +const FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER = createError('FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER', 'invalid authorization header', 401) module.exports = { FST_BEARER_AUTH_INVALID_KEYS_OPTION_TYPE, FST_BEARER_AUTH_INVALID_LOG_LEVEL, FST_BEARER_AUTH_KEYS_OPTION_INVALID_KEY_TYPE, - FST_BEARER_AUTH_INVALID_SPEC + FST_BEARER_AUTH_INVALID_SPEC, + FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER, + FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER } diff --git a/lib/verify-bearer-auth-factory.js b/lib/verify-bearer-auth-factory.js index 4a9b37e..aa17167 100644 --- a/lib/verify-bearer-auth-factory.js +++ b/lib/verify-bearer-auth-factory.js @@ -4,7 +4,9 @@ const authenticate = require('./authenticate') const { FST_BEARER_AUTH_INVALID_KEYS_OPTION_TYPE, FST_BEARER_AUTH_KEYS_OPTION_INVALID_KEY_TYPE, - FST_BEARER_AUTH_INVALID_SPEC + FST_BEARER_AUTH_INVALID_SPEC, + FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER, + FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER } = require('./errors') const validSpecs = new Set([ @@ -60,26 +62,27 @@ module.exports = function verifyBearerAuthFactory (options, done) { return authorizationHeader.substring(0, bearerTypePrefixLength).toLowerCase() !== bearerTypePrefix } - function handleUnauthorized (request, reply, done, message) { - const noHeaderError = Error(message) - if (verifyErrorLogLevel) request.log[verifyErrorLogLevel]('unauthorized: %s', noHeaderError.message) + function handleUnauthorized (request, reply, done, error) { + if (verifyErrorLogLevel) request.log[verifyErrorLogLevel]('unauthorized: %s', error.message) if (contentType) reply.header('content-type', contentType) reply.code(401) if (!addHook) { - done(noHeaderError) + done(error) return } - reply.send(errorResponse(noHeaderError)) + reply.send(errorResponse(error)) } return function verifyBearerAuth (request, reply, done) { const authorizationHeader = request.raw.headers.authorization if (!authorizationHeader) { - return handleUnauthorized(request, reply, done, 'missing authorization header') + const error = new FST_BEARER_AUTH_MISSING_AUTHORIZATION_HEADER() + return handleUnauthorized(request, reply, done, error) } if (verifyBearerType(authorizationHeader)) { - return handleUnauthorized(request, reply, done, 'invalid authorization header') + const error = new FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER() + return handleUnauthorized(request, reply, done, error) } const key = authorizationHeader.substring(bearerTypePrefixLength).trim() @@ -106,7 +109,8 @@ module.exports = function verifyBearerAuthFactory (options, done) { Promise.resolve(retVal).then((val) => { // if val is not truthy return 401 if (val === false) { - handleUnauthorized(request, reply, done, 'invalid authorization header') + const error = new FST_BEARER_AUTH_INVALID_AUTHORIZATION_HEADER() + handleUnauthorized(request, reply, done, error) return } if (val === true) {