Merge pull request #9 from MeasureAuthoringTool/MAT-6729_AddCors

MAT-6729: Adding Cors attribute to allow the service to be called fro…
MeasureAuthoringTool · Apr 11, 2024 · 3671203 · 3671203
2 parents 75a3011 + 455b489
commit 3671203
Show file tree

Hide file tree

Showing 5 changed files with 135 additions and 36 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -10,22 +10,23 @@
     "precommit": "npm run lint && npm test",
     "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
     "start": "nest start",
-    "start:dev": "nest start --watch",
+    "start:dev": "ISSUER=\"https://dev-18092578.okta.com/oauth2/default\"  CLIENT_ID=\"0oa2fqtaz95fqJqbf5d7\" nest start --watch",
     "start:debug": "nest start --debug --watch",
     "start:prod": "node dist/main",
     "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
-    "test": "JWT_SECRET=ThisIsMySecret jest",
-    "test:watch": "JWT_SECRET=ThisIsMySecret  jest --watch",
-    "test:cov": "JWT_SECRET=ThisIsMySecret  jest --coverage",
-    "test:debug": "JWT_SECRET=ThisIsMySecret  node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
-    "test:e2e": "JWT_SECRET=ThisIsMySecret  jest --config ./test/jest-e2e.json"
+    "test": "ISSUER=\"https://dev-18092578.okta.com/oauth2/default\"  CLIENT_ID=\"0oa2fqtaz95fqJqbf5d7\" jest",
+    "test:watch": "ISSUER=\"https://dev-18092578.okta.com/oauth2/default\"  CLIENT_ID=\"0oa2fqtaz95fqJqbf5d7\"   jest --watch",
+    "test:cov": "ISSUER=\"https://dev-18092578.okta.com/oauth2/default\"  CLIENT_ID=\"0oa2fqtaz95fqJqbf5d7\"  jest --coverage",
+    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+    "test:e2e": "jest --config ./test/jest-e2e.json"
   },
   "dependencies": {
     "@madie/madie-models": "^1.3.49",
     "@nestjs/common": "^10.3.5",
     "@nestjs/core": "^10.3.5",
     "@nestjs/jwt": "^10.2.0",
     "@nestjs/platform-express": "^10.3.5",
+    "@okta/jwt-verifier": "^3.1.0",
     "cqm-models": "4.1.3",
     "exceljs": "^4.4.0",
     "jsonwebtoken": "^9.0.2",

diff --git a/src/auth/auth.guard.spec.ts b/src/auth/auth.guard.spec.ts
@@ -48,7 +48,7 @@ describe('AuthGuard', () => {
           body: undefined,
           headers: {
             authorization:
-              'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.kcPmFlSUdC9LvuMufomQepInu3GwbBKKct49e2dxyrI',
+              'Bearer eyJraWQiOiJNNG9CMW9DSmthdC0tYTNENFFXUFA3RWZCbUl3NG9BV05KYWJxdEJhUnM4IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULlBlN3hEc000MksyTnhHSW5vSWV1UEVEVmgxY3YydDVqQ1FKZmU1Sm9ZbkUiLCJpc3MiOiJodHRwczovL2Rldi0xODA5MjU3OC5va3RhLmNvbS9vYXV0aDIvZGVmYXVsdCIsImF1ZCI6ImFwaTovL2RlZmF1bHQiLCJpYXQiOjE3MTI4NjMyNzcsImV4cCI6MTcxMjg2Njg3NywiY2lkIjoiMG9hMmZxdGF6OTVmcUpxYmY1ZDciLCJ1aWQiOiIwMHUyNWh3c3AxUG04MW5jTzVkNyIsInNjcCI6WyJvcGVuaWQiLCJlbWFpbCIsInByb2ZpbGUiXSwiYXV0aF90aW1lIjoxNzEyODYzMjc2LCJzdWIiOiJncmVnb3J5LmFraW5zQHNlbWFudGljYml0cy5jb20ifQ.nptyxgS8-o0hn29fhnZ7fOb5_pC4eSCTgxjzj7ZUvJ3-qqoEMx25uYJNLc5_EDQlTVEA6IpZPhioJXwEG8DEFc3nFu7iur5gUqK2n1EEKrSMUyRTUSauZKtAKu1KwQZ03DU786EdT6zQcKueeFJxV3UGPIyZKu9yiJZc6Kcz6-0XOo74Zc6ZIpPdn6eggdvm9bHf0FuDWW6XnlvGcl8Uf-7-RdviZTUuowuIinAeMowmnC294fe_JSJAdCzeeh75EOjz6uqrjysFfjf57YX0tJVjdZmHPvesmqWTTzcDBbx0iA-GS9TpVHHKABQGYmZoXmSDLgHDKfCBnGERL_bG1w',
           },
         } as unknown as Request;
       });

diff --git a/src/auth/auth.guard.ts b/src/auth/auth.guard.ts
@@ -6,26 +6,31 @@ import {
 } from '@nestjs/common';
 
 import { JwtService } from '@nestjs/jwt';
-
+import * as OktaJwtVerifier from '@okta/jwt-verifier';
 import { Request } from 'express';
 
 @Injectable()
 export class AuthGuard implements CanActivate {
   constructor(private jwtService: JwtService) {}
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
+    const oktaJwtVerifier = new OktaJwtVerifier({
+      issuer: process.env.ISSUER,
+      clientId: process.env.CLIENT_ID,
+    });
+
     const request = context.switchToHttp().getRequest();
     const token = this.extractTokenFromHeader(request);
+
     if (!token) {
       throw new UnauthorizedException('Token not present');
     }
     try {
-      const payload = await this.jwtService.verifyAsync(token, {
-        secret: process.env.JWT_SECRET,
-      });
-      // 💡 We're assigning the payload to the request object here
-      // so that we can access it in our route handlers
-      request['user'] = payload;
+      const oktaToken = await oktaJwtVerifier.verifyAccessToken(
+        token,
+        'api://default',
+      );
+      request['user'] = oktaToken.claims.sub;
     } catch {
       throw new UnauthorizedException('Token not valid');
     }

diff --git a/src/main.ts b/src/main.ts
@@ -3,6 +3,16 @@ import { ExportModule } from './export.module';
 
 export async function bootstrap() {
   const app = await NestFactory.create(ExportModule);
+  app.enableCors({
+    origin: [
+      'http://localhost:9000',
+      'https://dev-madie.hcqis.org',
+      'https://test-madie.hcqis.org',
+      'https://impl-madie.hcqis.org',
+      'https://madie.cms.gov',
+    ],
+    methods: ['GET', 'PUT'],
+  });
   await app.listen(3000);
 }
 bootstrap();