egullickson/motovaultpro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Documents Feature

Browse Source
This commit is contained in:
Eric Gullickson
2025-09-28 20:35:46 -05:00
parent 2e1b588270
commit 775a1ff69e
66 changed files with 5655 additions and 944 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
backend/src/core/plugins/auth.plugin.ts
View File

@@ -5,7 +5,7 @@
import { FastifyPluginAsync, FastifyRequest, FastifyReply } from 'fastify';
import fp from 'fastify-plugin';
import buildGetJwks from 'get-jwks';
import { env } from '../config/environment';
import { appConfig } from '../config/config-loader';
import { logger } from '../logging/logger';
declare module 'fastify' {
@@ -19,8 +19,10 @@ declare module 'fastify' {
}
const authPlugin: FastifyPluginAsync = async (fastify) => {
const auth0Config = appConfig.getAuth0Config();
// Security validation: ensure AUTH0_DOMAIN is properly configured
if (!env.AUTH0_DOMAIN || !env.AUTH0_DOMAIN.includes('.auth0.com')) {
if (!auth0Config.domain || !auth0Config.domain.includes('.auth0.com')) {
throw new Error('AUTH0_DOMAIN must be a valid Auth0 domain');
}
@@ -37,7 +39,7 @@ const authPlugin: FastifyPluginAsync = async (fastify) => {
const { header: { kid, alg }, payload: { iss } } = token;
// Validate issuer matches Auth0 domain (security: prevent issuer spoofing)
const expectedIssuer = `https://${env.AUTH0_DOMAIN}/`;
const expectedIssuer = `https://${auth0Config.domain}/`;
if (iss !== expectedIssuer) {
throw new Error(`Invalid issuer: ${iss}`);
}
@@ -49,16 +51,16 @@ const authPlugin: FastifyPluginAsync = async (fastify) => {
alg
});
} catch (error) {
logger.error('JWKS key retrieval failed', {
logger.error('JWKS key retrieval failed', {
error: error instanceof Error ? error.message : 'Unknown error',
domain: env.AUTH0_DOMAIN
domain: auth0Config.domain
});
throw error;
}
},
verify: {
allowedIss: `https://${env.AUTH0_DOMAIN}/`,
allowedAud: env.AUTH0_AUDIENCE,
allowedIss: `https://${auth0Config.domain}/`,
allowedAud: auth0Config.audience,
},
});
@@ -67,9 +69,9 @@ const authPlugin: FastifyPluginAsync = async (fastify) => {
try {
await request.jwtVerify();
logger.info('JWT authentication successful', {
logger.info('JWT authentication successful', {
userId: request.user?.sub?.substring(0, 8) + '...',
audience: env.AUTH0_AUDIENCE
audience: auth0Config.audience
});
} catch (error) {
logger.warn('JWT authentication failed', {