Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
}
})
);
server.auth.strategy('extension-secret', 'extension-secret');
const jwtOptions = {
dashboardAdmin: {
key: config('EXTENSION_SECRET'),
verifyOptions: {
audience: 'urn:api-authz',
issuer: config('PUBLIC_WT_URL'),
algorithms: [ 'HS256' ]
}
},
resourceServer: {
key: jwksRsa.hapiJwt2Key({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 2,
jwksUri: `https://${config('AUTH0_DOMAIN')}/.well-known/jwks.json`
}),
verifyOptions: {
audience: 'urn:auth0-authz-api',
issuer: `https://${config('AUTH0_DOMAIN')}/`,
algorithms: [ 'RS256' ]
}
}
};
server.auth.strategy('jwt', 'jwt', {
// Get the complete decoded token, because we need info from the header (the kid)
complete: true,
self.hapi.register({ register: hapiAuthJwt2 }, err => {
if (err) return cb(err);
self.hapi.auth.strategy('jwt', 'jwt', false, {
complete: true,
key: jwksRsa.hapiJwt2Key({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `${issuer}.well-known/jwks.json`
}),
verifyOptions: {
audience: audience,
issuer: issuer,
algorithms: ['RS256']
},
validateFunc: (decoded, request, callback) => {
if (decoded && decoded.sub) {
// Check if the user is active.
const isActive = decoded['http://openaq.org/user_metadata'].active;
return callback(null, isActive);
}
hapiServer.register(require('hapi-auth-jwt2'), err => {
if (err) cb(err);
if (config.auth && config.auth.strategy === 'jwt') {
hapiServer.auth.strategy('jwt', 'jwt', true, {
complete: true,
key: jwksRsa.hapiJwt2Key({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `${config.auth.issuer}.well-known/jwks.json`
}),
verifyOptions: {
audience: config.auth.audience,
issuer: config.auth.issuer,
algorithms: ['RS256']
},
validateFunc: (decoded, request, callback) => {
if (decoded && decoded.sub) {
return callback(null, true);
}
return callback(null, false);
}