認証

備考

フックとコントローラーとの間でデータを共有するには AdditionalRequest を使用します。

例

@fastify/jwt

• fastify/fastify-jwt: JWT utils for Fastify

npm

cd server
npm install @fastify/jwt

yarn

cd server
yarn add @fastify/jwt

プラグインの登録

$/service/app.ts

import Fastify, { FastifyServerFactory } from 'fastify';
import fastifyJwt from '@fastify/jwt';
import { API_JWT_SECRET, API_BASE_PATH } from '$/service/envValues';
import server from './$server';

export const init = (serverFactory?: FastifyServerFactory) => {
  const app = Fastify({ serverFactory });
  app.register(fastifyJwt, { secret: API_JWT_SECRET });
  server(app, { basePath: API_BASE_PATH });
  return app;
};

トークンの発行

$/api/token/controller.ts

import { defineController } from './$relay';
import { validateUser } from '$/service/user';

export default defineController((fastify) => ({
  post: ({ body }) =>
    validateUser(body.id, body.pass)
      ? { status: 201, body: { token: fastify.jwt.sign({ id: body.id }) } }
      : { status: 401 },
}));

トークンの検証

@fastify/jwt は FastifyRequest を拡張していますが、これはコントローラーに反映されないので、参照するには自分で用意する必要があります。

プラグインによる型の拡張の反映

$/api/user/hooks.ts

import { defineHooks } from './$relay';

export type AdditionalRequest = {
  user: {
    id: string;
  };
};

export default defineHooks(() => ({
  onRequest: (request, reply) => request.jwtVerify().catch((err) => reply.send(err)),
}));

$/api/user/controller.ts

import { defineController } from './$relay';
import { getUserNameById } from '$/service/user';

export default defineController(() => ({
  get: async ({ user }) => ({ status: 200, body: await getUserNameById(user.id) }),
  //            ^^^^ extended by AdditionalRequest
}));

@fastify/auth

• fastify/fastify-auth: Run multiple auth functions in Fastify

npm

cd server
npm install @fastify/auth

yarn

cd server
yarn add @fastify/auth

プラグインの登録

$/service/app.ts

import Fastify, { FastifyServerFactory } from 'fastify';
import fastifyAuth from '@fastify/auth';
import { API_JWT_SECRET, API_BASE_PATH } from '$/service/envValues';
import server from './$server';

export const init = (serverFactory?: FastifyServerFactory) => {
  const app = Fastify({ serverFactory });
  app.register(fastifyAuth);
  server(app, { basePath: API_BASE_PATH });
  return app;
};

トークンの検証

$/api/user/hooks.ts

import { defineHooks } from './$relay';
import { getUserIdByToken } from '$/service/user';

export type AdditionalRequest = {
  user: {
    id: string;
  };
};

export default defineHooks((fastify) => ({
  preHandler: fastify.auth([
    (req, _, done) => {
      const user = typeof req.headers.token === 'string' && getUserIdByToken(req.headers.token);

      if (user) {
        // eslint-disable-next-line
        // @ts-expect-error
        req.user = user;
        done();
      } else {
        done(new Error('Unauthorized'));
      }
    },
  ]),
}));

$/api/user/controller.ts

import { defineController } from './$relay';
import { getUserNameById } from '$/service/user';

export default defineController(() => ({
  // user was added by AdditionalRequest of ./hooks.ts
  get: async ({ user }) => ({ status: 200, body: await getUserNameById(user.id) }),
}));

express-jwt

• auth0/express-jwt: connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes

npm

cd server
npm install express-jwt
npm install -D @types/express-jwt @types/jsonwebtoken

yarn

cd server
yarn add express-jwt
yarn add -D @types/express-jwt @types/jsonwebtoken

トークンの発行

$/api/token/controller.ts

import jwt from 'jsonwebtoken';
import { defineController } from './$relay';
import { validateUser } from '$/service/user';

export default defineController(() => ({
  post: ({ body }) =>
    validateUser(body.id, body.pass)
      ? { status: 201, body: { token: jwt.sign({ id: body.id }, process.env.JWT_SECRET) } }
      : { status: 401 },
}));

トークンの検証

$/api/user/hooks.ts

import jwt from 'express-jwt';
import { defineHooks } from './$relay';

export type AdditionalRequest = {
  user: {
    id: string;
  };
};

export default defineHooks(() => ({
  onRequest: jwt({ secret: process.env.JWT_SECRET, algorithms: ['HS256'] }),
}));

$/api/user/controller.ts

import { defineController } from './$relay';
import { getUserNameById } from '$/service/user';

export default defineController(() => ({
  // user was added by AdditionalRequest of ./hooks.ts
  get: async ({ user }) => ({ status: 200, body: await getUserNameById(user.id) }),
}));

express-passport

• jaredhanson/passport: Simple, unobtrusive authentication for Node.js.
• passport-trusted-header

npm

cd server
npm install passport passport-trusted-header
npm install -D @types/passport

yarn

cd server
yarn add passport passport-trusted-header
yarn add -D @types/passport

トークンの検証

$/api/user/hooks.ts

import passport from 'passport';
import { defineHooks } from './$relay';
import { getUserIdByToken } from '$/service/user';

export type AdditionalRequest = {
  user: {
    id: string;
  };
};

passport.use(
  // eslint-disable-next-line
  new (require('passport-trusted-header').Strategy)(
    { headers: ['token'] },
    // eslint-disable-next-line
    (headers: { token: string }, done: Function) => {
      done(null, getUserIdByToken(headers.token));
    }
  )
);

export default defineHooks(() => ({
  onRequest: [passport.initialize(), passport.authenticate('trusted-header', { session: false })],
}));

$/api/user/controller.ts

import { defineController } from './$relay';
import { getUserNameById } from '$/service/user';

export default defineController(() => ({
  // user was added by AdditionalRequest of ./hooks.ts
  get: async ({ user }) => ({ status: 200, body: await getUserNameById(user.id) }),
}));