Upgrade to express 5

package.json

@@ -47,7 +47,7 @@
     "@testing-library/react": "^15.0.2",
     "@types/auth0-js": "^9.13.2",
     "@types/diff-match-patch": "^1.0.32",
-    "@types/express": "^4.17.21",
+    "@types/express": "^5.0.0",
     "@types/node": "^20.12.12",
     "@types/node-fetch": "^2.6.2",
     "@types/prismjs": "^1.26.0",
@@ -117,7 +117,7 @@
     "diff-match-patch": "^1.0.5",
     "downshift": "^3.2.12",
     "escape-html": "^1.0.3",
-    "express": "^4.19.2",
+    "express": "^5.0.0",
     "express-jwt": "^8.4.1",
     "form-data": "^4.0.0",
     "formik": "^2.4.5",

src/server/api.ts

@@ -6,7 +6,7 @@
  *
  */
 import express from "express";
-import { GetVerificationKey, expressjwt as jwt, Request } from "express-jwt";
+import { GetVerificationKey, expressjwt as jwt, Request, Params } from "express-jwt";
 import jwksRsa from "jwks-rsa";
 import prettier from "prettier";
 import { getToken, getBrightcoveToken, fetchAuth0UsersById, getEditors, getResponsibles } from "./auth";
@@ -26,7 +26,7 @@ type NdlaUser = {
 };
 
 // Temporal hack to send users to prod
-router.get("*", (req, res, next) => {
+router.get("*splat", (req, res, next) => {
   if (!req.hostname.includes("ed.ff")) {
     next();
   } else {
@@ -60,91 +60,67 @@ router.get("/get_brightcove_token", (_, res) => {
     .catch((err) => res.status(INTERNAL_SERVER_ERROR).send(err.message));
 });
 
-router.get(
-  "/get_note_users",
-  jwt({
+const jwtMiddleware = async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  await jwt({
     secret: jwksRsa.expressJwtSecret({
       cache: true,
       jwksUri: `https://${config.auth0Domain}/.well-known/jwks.json`,
     }) as GetVerificationKey,
     audience: "ndla_system",
     issuer: `https://${config.auth0Domain}/`,
     algorithms: ["RS256"],
-  }),
-  async (req: Request, res) => {
-    const {
-      auth: untypedUser,
-      query: { userIds },
-    } = req;
-
-    const user = untypedUser as NdlaUser;
-
-    const hasWriteAccess =
-      user &&
-      user.permissions &&
-      (user.permissions.includes(DRAFT_WRITE_SCOPE) || user.permissions.includes(DRAFT_PUBLISH_SCOPE));
-
-    if (!hasWriteAccess) {
-      res.status(FORBIDDEN).json({ status: FORBIDDEN, text: "No access allowed" });
-    } else {
-      try {
-        const managementToken = await getToken(`https://${config.auth0Domain}/api/v2/`);
-        const users = await fetchAuth0UsersById(managementToken, userIds as string);
-        res.status(OK).json(users);
-      } catch (err) {
-        res.status(INTERNAL_SERVER_ERROR).send((err as NdlaError).message);
-      }
-    }
-  },
-);
+  })(req, res, next);
+};
 
-router.get(
-  "/get_editors",
-  jwt({
-    secret: jwksRsa.expressJwtSecret({
-      cache: true,
-      jwksUri: `https://${config.auth0Domain}/.well-known/jwks.json`,
-    }) as GetVerificationKey,
-    audience: "ndla_system",
-    issuer: `https://${config.auth0Domain}/`,
-    algorithms: ["RS256"],
-  }),
-  async (_, res) => {
-    try {
-      const managementToken = await getToken(`https://${config.auth0Domain}/api/v2/`);
-      const editors = await getEditors(managementToken);
-      res.status(OK).json(editors);
-    } catch (err) {
-      res.status(INTERNAL_SERVER_ERROR).send((err as NdlaError).message);
-    }
-  },
-);
+router.get("/get_note_users", jwtMiddleware, async (req: Request, res) => {
+  const {
+    auth: untypedUser,
+    query: { userIds },
+  } = req;
 
-router.get(
-  "/get_responsibles",
-  jwt({
-    secret: jwksRsa.expressJwtSecret({
-      cache: true,
-      jwksUri: `https://${config.auth0Domain}/.well-known/jwks.json`,
-    }) as GetVerificationKey,
-    audience: "ndla_system",
-    issuer: `https://${config.auth0Domain}/`,
-    algorithms: ["RS256"],
-  }),
-  async (req, res) => {
-    const {
-      query: { permission },
-    } = req;
+  const user = untypedUser as NdlaUser;
+
+  const hasWriteAccess =
+    user &&
+    user.permissions &&
+    (user.permissions.includes(DRAFT_WRITE_SCOPE) || user.permissions.includes(DRAFT_PUBLISH_SCOPE));
 
+  if (!hasWriteAccess) {
+    res.status(FORBIDDEN).json({ status: FORBIDDEN, text: "No access allowed" });
+  } else {
     try {
       const managementToken = await getToken(`https://${config.auth0Domain}/api/v2/`);
-      const editors = await getResponsibles(managementToken, permission as string);
-      res.status(OK).json(editors);
+      const users = await fetchAuth0UsersById(managementToken, userIds as string);
+      res.status(OK).json(users);
     } catch (err) {
       res.status(INTERNAL_SERVER_ERROR).send((err as NdlaError).message);
     }
-  },
-);
+  }
+});
+
+router.get("/get_editors", jwtMiddleware, async (_, res) => {
+  try {
+    const managementToken = await getToken(`https://${config.auth0Domain}/api/v2/`);
+    const editors = await getEditors(managementToken);
+    res.status(OK).json(editors);
+  } catch (err) {
+    res.status(INTERNAL_SERVER_ERROR).send((err as NdlaError).message);
+  }
+});
+
+router.get("/get_responsibles", jwtMiddleware, async (req, res) => {
+  const {
+    query: { permission },
+  } = req;
+
+  try {
+    const managementToken = await getToken(`https://${config.auth0Domain}/api/v2/`);
+    const editors = await getResponsibles(managementToken, permission as string);
+    res.status(OK).json(editors);
+  } catch (err) {
+    res.status(INTERNAL_SERVER_ERROR).send((err as NdlaError).message);
+  }
+});
 
 router.post("/csp-report", (req, res) => {
   const { body } = req;

src/server/server.ts

@@ -45,7 +45,7 @@ if (!isProduction) {
 const allowedBodyContentTypes = ["application/csp-report", "application/json"];
 
 // Temporal hack to send users to prod
-app.get("*", (req, res, next) => {
+app.get("*splat", (req, res, next) => {
   if (!req.hostname.includes("ed.ff")) {
     next();
   } else {
@@ -91,7 +91,7 @@ const serializedConfig = serialize(config);
 
 app.use(api);
 
-app.get("*", async (req, res) => {
+app.get("*splat", async (req, res) => {
   try {
     const url = req.originalUrl.replace(base, "");