-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathserver.js
107 lines (94 loc) · 3.09 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
require('dotenv').config();
const jwt = require('express-jwt');
const { expressJwtSecret } = require('jwks-rsa');
const cors = require('cors');
const swaggerUI = require('swagger-ui-express');
const express = require('express');
const bodyParser = require('body-parser');
const path = require('path');
const { trackMediaClicked } = require('./src/tracker');
const YAML = require('yamljs');
const swaggerDocument = YAML.load('./swagger.yaml');
// Auth0 Config
const { AUTH0_AUDIENCE, AUTH0_DOMAIN } = process.env;
const AUTH0_ISSUER = `https://${AUTH0_DOMAIN}/`;
/**
* @description Checks the request headers for an auth token.
* This is used to secure routes that require authorization.
*/
const checkJwt = (req, res, next) => {
if (!req.headers.authorization) {
return res.status(403).json({
status: 'error',
message: 'you are unauthorized to view this resource',
});
}
// Authentication middleware. Please see:
// https://auth0.com/docs/quickstart/backend/nodejs
// for implementation details
jwt({
// Retrieve the signing key from the server
secret: expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `${AUTH0_ISSUER}.well-known/jwks.json`,
handleSigningKeyError: (error, callback) => {
return callback(error);
},
}),
// Validate the audience of the issuer
audience: AUTH0_AUDIENCE || 'http://steps-admin.herokuapp.com',
issuer: AUTH0_ISSUER,
algorithms: ['RS256'],
complete: true,
requestProperty: 'token',
});
return next();
};
module.exports = function server(
fbEndpoint,
twilioReceiveSmsController,
getCoachResponse,
testTwilioCredentials
) {
const app = express();
const PORT = process.env.PORT || 3002;
app.use(cors());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use('/static', express.static(path.join(__dirname, 'static')));
app.use('/api-docs', swaggerUI.serve, swaggerUI.setup(swaggerDocument));
app.listen(PORT, null, () => {
console.log(`listening on server port ${PORT}`);
});
// sets up webhook routes for Twilio and Facebook
routes(app, fbEndpoint, twilioReceiveSmsController, getCoachResponse, testTwilioCredentials);
return app;
};
function routes(
app,
fbEndpoint,
twilioReceiveSmsController,
getCoachResponse,
testTwilioCredentials
) {
app.get('/helpresponse', checkJwt, getCoachResponse);
app.post('/facebook/receive', fbEndpoint);
app.post('/sms/receive', twilioReceiveSmsController);
app.post('/sms/test', testTwilioCredentials);
// Perform the FB webhook verification handshake with your verify token. This is solely so FB can verify that you are the same person
app.get('/facebook/receive', (req, res) => {
if (req.query['hub.mode'] === 'subscribe') {
if (req.query['hub.verify_token'] === process.env.FB_VERIFY_TOKEN) {
res.status(200).send(req.query['hub.challenge']);
} else {
res.sendStatus(403);
}
}
});
app.get('/redirect', (req, res) => {
trackMediaClicked(req);
res.redirect(req.query.contentUrl);
});
}