From 2249f9b4c3c32e8a2993d1b773219a6087719931 Mon Sep 17 00:00:00 2001 From: fsit869 <62918263+fsit869@users.noreply.github.com> Date: Wed, 14 Aug 2024 16:21:10 +1200 Subject: [PATCH 1/2] Added error messages --- api/src/auth/auth-strategies/jwt-strategy.ts | 8 ++++---- api/src/services/jwt.service.ts | 2 +- api/yarn.lock | 5 ----- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/api/src/auth/auth-strategies/jwt-strategy.ts b/api/src/auth/auth-strategies/jwt-strategy.ts index b915c6b..748a862 100644 --- a/api/src/auth/auth-strategies/jwt-strategy.ts +++ b/api/src/auth/auth-strategies/jwt-strategy.ts @@ -1,6 +1,6 @@ import {AuthenticationStrategy} from '@loopback/authentication'; import {UserProfile} from '@loopback/security'; -import {RedirectRoute, Request} from '@loopback/rest'; +import {HttpErrors, RedirectRoute, Request} from '@loopback/rest'; import {inject} from '@loopback/core'; import {JwtService} from '../../services'; @@ -19,18 +19,18 @@ export class FSAEJwtStrategy implements AuthenticationStrategy { private extractTokenFromRequest(request: Request): string { if (!request.headers.authorization) { - throw new Error('Authorization header not found'); + throw new HttpErrors.Unauthorized("Authorization header not found") } const authHeaderValue = request.headers.authorization; if(!authHeaderValue.startsWith('Bearer')) { - throw new Error('Authorization header is not of type Bearer. "Bearer <>"'); + throw new HttpErrors.Unauthorized('Authorization header is not of type Bearer. "Bearer <>"'); } const parts = authHeaderValue.split(' '); // Splits 'Bearer ' if (parts.length !== 2) { - throw new Error('Authorization header value has too many parts. It must follow the pattern: \'Bearer xx.yy.zz\' where xx.yy.zz is a valid JWT token.'); + throw new HttpErrors.BadRequest('Authorization header value has too many parts. It must follow the pattern: \'Bearer xx.yy.zz\' where xx.yy.zz is a valid JWT token.'); } const token = parts[1]; return token; diff --git a/api/src/services/jwt.service.ts b/api/src/services/jwt.service.ts index 0f7ca9a..7e6b0b4 100644 --- a/api/src/services/jwt.service.ts +++ b/api/src/services/jwt.service.ts @@ -37,7 +37,7 @@ export class JwtService implements TokenService{ verifyToken(token: string): Promise { if (!token) { - throw new Error('Error verifying Token. Token cannot be null'); + throw new HttpErrors.Unauthorized('Error verifying Token. Token cannot be null'); } let securityUserProfile: UserProfile; diff --git a/api/yarn.lock b/api/yarn.lock index 8630005..970865d 100644 --- a/api/yarn.lock +++ b/api/yarn.lock @@ -2252,11 +2252,6 @@ fs.realpath@^1.0.0: resolved "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz" integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw== -fsevents@~2.3.2: - version "2.3.3" - resolved "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz" - integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== - function-bind@^1.1.2: version "1.1.2" resolved "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz" From 7a5f893647466951e47c7de6365244d1daed29f2 Mon Sep 17 00:00:00 2001 From: fsit869 <62918263+fsit869@users.noreply.github.com> Date: Wed, 14 Aug 2024 16:29:53 +1200 Subject: [PATCH 2/2] Swagger added auth functionality --- api/src/application.ts | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/api/src/application.ts b/api/src/application.ts index 96dfbbd..08800c6 100644 --- a/api/src/application.ts +++ b/api/src/application.ts @@ -30,7 +30,27 @@ export class FsaeApiApplication extends BootMixin( // Set up the custom sequence this.sequence(MySequence); - + // Add the security scheme to the OpenAPI specification + this.api({ + openapi: '3.0.0', + info: {title: 'MyApp', version: '1.0.0'}, + paths: {}, + components: { + securitySchemes: { + // Define the security scheme (e.g., JWT bearer token) + bearerAuth: { + type: 'http', + scheme: 'bearer', + bearerFormat: 'JWT', + }, + }, + }, + security: [ + { + bearerAuth: [], + }, + ], + }); // Set up default home page this.static('/', path.join(__dirname, '../public'));