-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
131 lines (115 loc) · 3.3 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
const express = require("express");
const session = require("express-session");
const createError = require("http-errors");
const cookieParser = require("cookie-parser");
const logger = require("morgan");
const path = require("path");
const { createServer } = require("http");
const { auth, requiresAuth } = require('express-openid-connect');
const axios = require('axios').default;
const {
checkUrl,
APP_URL, // Public URL for this app
API_URL, // URL for Expenses API
ISSUER_BASE_URL, // Auth0 Tenant Url
CLIENT_ID, // Auth0 Web App Client
CLIENT_SECRET, // Auth0 Web App CLient Secret
SESSION_SECRET, // Cookie Encryption Key
PORT,
} = require("./env-config");
const app = express();
app.use(checkUrl()); // Used to normalize URL in Vercel
app.set("views", path.join(__dirname, "views"));
app.set("view engine", "pug");
app.use(logger("combined"));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, "public")));
app.use(
session({
secret: SESSION_SECRET,
resave: false,
saveUninitialized: true,
})
);
app.use(
auth({
secret: SESSION_SECRET,
auth0Logout: true, // tells the middleware that, when the suer logs out of the application,
// theyu should redirect to a specific auth0 URL to end their session as well.
baseURL: APP_URL,
authRequired: false,
authorizationParams: {
response_type: "code id_token",
audience: "https://expenses-api",
scope: "openid profile email read:reports"
}
})
)
// const expenses = [
// {
// date: new Date(),
// description: "Pizza for a Coding Dojo session.",
// value: 102,
// },
// {
// date: new Date(),
// description: "Coffee for a Coding Dojo session.",
// value: 42,
// },
// ];
app.get("/", async (req, res) => {
try {
const { data: { total: summaryTotal, count: summaryCount }} = await axios.get(`${API_URL}/total`);
res.render("home", {
user: req.oidc && req.oidc.user,
total: summaryTotal,
count: summaryCount,
});
} catch (err) {
next(err);
}
});
// 👇 add requiresAuth middlware to these private routes 👇
app.get("/user", requiresAuth(), async (req, res) => {
res.render("user", {
user: req.oidc && req.oidc.user,
id_token: req.oidc && req.oidc.idToken,
access_token: req.oidc && req.oidc.accessToken,
refresh_token: req.oidc && req.oidc.refreshToken,
});
});
app.get("/expenses", requiresAuth(), async (req, res, next) => {
try {
const { token_type, access_token } = req.oidc.accessToken;
const { data: expenses } = await axios.get(`${API_URL}/reports`, {
headers: {
Authorization: `${token_type} ${access_token}`
}
});
res.render("expenses", {
user: req.oidc && req.oidc.user,
expenses,
});
} catch (err) {
next(err);
}
});
// catch 404 and forward to error handler
app.use(function (req, res, next) {
next(createError(404));
});
// error handler
app.use(function (err, req, res, next) {
res.locals.message = err.message;
res.locals.error = err;
// render the error page
res.status(err.status || 500);
res.render("error", {
user: req.oidc && req.oidc.user,
});
});
createServer(app).listen(PORT, () => {
console.log(`WEB APP: ${APP_URL}`);
});