107 add authentication check to users route#129
Conversation
nourshoreibah
left a comment
nourshoreibah
left a comment
There was a problem hiding this comment.
Awesome work with the auth logic!! Just a couple of tweaks here
| "sourceMap": true | ||
| }, | ||
| "include": ["*.ts"], | ||
| "include": ["*.ts", "test/test-cognito.ts"], |
There was a problem hiding this comment.
Do we need this? I think *.ts catches it
| NX_DB_PORT=5432, | ||
|
|
||
| COGNITO_USER_POOL_ID=us-east-2_CxTueqe6g | ||
| COGNITO_CLIENT_ID=570i6ocj0882qu0ditm4vrr60f |
There was a problem hiding this comment.
Ideally we shouldn't be pushing these for security. You can put them in .env on your local and git will ignore them
| "@nestjs/typeorm": "^10.0.0", | ||
| "@types/pg": "^8.15.5", | ||
| "amazon-cognito-identity-js": "^6.3.5", | ||
| "aws-jwt-verify": "^5.1.1", |
There was a problem hiding this comment.
GHA failure seems to have something to do with this package, i'd check on it/compare to PRs that are passing these checks
|
|
||
| "@types/aws-lambda@^8.10.160": | ||
| version "8.10.160" | ||
| resolved "https://registry.npmjs.org/@types/aws-lambda/-/aws-lambda-8.10.160.tgz" |
There was a problem hiding this comment.
Ah it looks like you have 2 package managers. we us npm instead of yarn! might be causing the CI failure
There was a problem hiding this comment.
to be clear, we don't need this lock file
| clientId: COGNITO_CLIENT_ID, | ||
| }); | ||
| } | ||
| return verifier; |
There was a problem hiding this comment.
Either you'll need env vars to run this, or jus tmmock cognito
|
|
||
| // GET /{userId} | ||
| if (normalizedPath.startsWith('/') && normalizedPath.split('/').length === 2 && method === 'GET') { | ||
| const authCheck = checkAuthorization(authContext, 'ADMIN_OR_SELF'); |
There was a problem hiding this comment.
could abstract this repeated code out with helper function
|
Looks like it is still missing that module and it's failing ci, but code looks good |
…o 107-Add-Authentication-Check-to-Users-Route
4 participants
ℹ️ Issue
Closes #107
📝 Description
Write a short summary of what you added. Why is it important? Any member of C4C should be able to read this and understand your contribution -- not just your team members.
Added authentication to the users lambda route to protect it from anyone accessing the endpoints.
Briefly list the changes made to the code:
✔️ Verification
What steps did you take to verify your changes work? These should be clear enough for someone to be able to clone the branch and follow the steps themselves.
Provide screenshots of any new components, styling changes, or pages.
Tests ran after authorization was added:
🏕️ (Optional) Future Work / Notes
Did you notice anything ugly during the course of this ticket? Any bugs, design challenges, or unexpected behavior? Write it down so we can clean it up in a future ticket!