Express (NodeJS) - authentication for proxy app

Question

I have two servers:

Server A - Express/FeathersJS - publicly accessible, has authentication via jwt
Server X - Django app - not publicly accessible - no authentication necessary

Server A consists of several APIs, an authentication API via JWT, and a front-end javascript app to allow the user to access the API's and sign-in.

Server X consists of a front end app with some APIs as well, but is not publicly accessible and has no authentication to access the apps.

My goal is to allow users to sign into Server A, and then access Server X through a proxy.

So - I've implemented the express middleware http-proxy-middleware. Its working, except when I try to protect the route using some sort of authentication - the built-in methods of validating JWT expect an Authorization bearer jwt header, which is impossible to do with GET requests like in my case for accessing this application.

Anyone have any suggestions?

score 1 · Accepted Answer · answered Sep 11 '20 at 19:08

Solution:

As documented here: How to add a users auth in feathers middleware?

Set cookie in document.cookie after successful login.


    app.authenticate({
        strategy: 'local',
        username: $('#inputUsername').val(),
        password: $('#inputPassword').val(),
        
    }).then( result => {

        document.cookie = "feathers-jwt=" + result.accessToken;
        window.location.href = "/";
        
    }).catch(error => {});

Parse cookie on proxy route:

// authenticateCookie.js

module.exports = function authenticateCookie(req, res, next){
    const cookies = req.cookies;
    const token = cookies['feathers-jwt'];
    
    if(token){
        logger('Found cookie in feathers-jwt');
        req.authentication = {
            strategy: 'jwt',
            accessToken: token,
        };
    }
    
    next();
};

// proxyMiddleware.js

    app.use(urlRegex, 

        // parse and handle jwt cookies
        cookieParser(),
        authenticateCookie,

        // logging function
        (req, res, next) => {
            logger(req.url);
            next();
        },  

        // validate jwt cookie
        authenticate('jwt'),

        // proxy requests upstream
        createProxyMiddleware({
            target: url,
            changeOrigin: true,
            auth: auth,
        }), 
    )

Express (NodeJS) - authentication for proxy app

1 Answers1