use @navikt/oasis

navikt · Mar 19, 2024 · 9481691 · 9481691
1 parent 22eb1a5
commit 9481691
Show file tree

Hide file tree

Showing 9 changed files with 85 additions and 219 deletions.
diff --git a/server/package-lock.json b/server/package-lock.json
diff --git a/server/package.json b/server/package.json
@@ -13,14 +13,14 @@
     "dependencies": {
         "@navikt/arbeidsgiver-notifikasjoner-brukerapi-mock": "^6.2.2",
         "@navikt/nav-dekoratoren-moduler": "^2.1.5",
+        "@navikt/oasis": "^3.2.2",
         "axios": "^1.6.7",
         "cookie-parser": "^1.4.6",
         "express-async-handler": "1.2.0",
         "express-http-proxy": "^2.0.0",
         "helmet": "^7.1.0",
         "http-proxy-middleware": "^2.0.1",
-        "jsdom": "^24.0.0",
-        "openid-client": "^5.4.0"
+        "jsdom": "^24.0.0"
     },
     "devDependencies": {
         "@types/cookie-parser": "^1.4.7",

diff --git a/server/src/login/azure.ts b/server/src/login/azure.ts
diff --git a/server/src/login/loginProvider.ts b/server/src/login/loginProvider.ts
diff --git a/server/src/login/tokenx.ts b/server/src/login/tokenx.ts
diff --git a/server/src/proxy/api-proxy.ts b/server/src/proxy/api-proxy.ts
@@ -1,57 +1,21 @@
-import tokenx from '../login/tokenx';
-import azure from '../login/azure';
+import { requestOboToken } from '../auth';
 import { Express } from 'express';
-import { BaseClient } from 'openid-client';
 import { Request } from 'express-serve-static-core';
 import { createProxyMiddleware } from 'http-proxy-middleware';
 import proxy from 'express-http-proxy';
 import { ParsedQs } from 'qs';
 
-const tokenxSetup = (app: Express, tokenxClient: BaseClient): void => {
+const tokenxSetup = (app: Express): void => {
     console.log('api-proxy setup for tokenx');
-
-    setupPath(app);
-
-    app.use(
-        '/tiltaksgjennomforing/api',
-        proxy(process.env.APIGW_URL as string, {
-            proxyReqPathResolver: (req: Request<{}, any, any, ParsedQs, Record<string, any>>) => {
-                return req.originalUrl.replace('/tiltaksgjennomforing/api', '/tiltaksgjennomforing-api');
-            },
-            proxyReqOptDecorator: async (options: any, req: Request<{}, any, any, ParsedQs, Record<string, any>>) => {
-                const accessToken = await tokenx.getTokenExchangeAccessToken(
-                    tokenxClient,
-                    process.env.API_AUDIENCE,
-                    req,
-                );
-                options.headers.Authorization = `Bearer ${accessToken}`;
-                return options;
-            },
-        }),
-    );
+    setup(app, process.env.API_AUDIENCE!);
 };
 
-const azureSetup = (app: Express, azureClient: BaseClient, azureTokenEndpoint: any): void => {
+const azureSetup = (app: Express): void => {
     console.log('api-proxy setup for azure');
-
-    setupPath(app);
-
-    app.use(
-        '/tiltaksgjennomforing/api',
-        proxy(process.env.APIGW_URL as string, {
-            proxyReqPathResolver: (req: Request<{}, any, any, ParsedQs, Record<string, any>>) => {
-                return req.originalUrl.replace('/tiltaksgjennomforing/api', '/tiltaksgjennomforing-api');
-            },
-            proxyReqOptDecorator: async (options: any, req: Request<{}, any, any, ParsedQs, Record<string, any>>) => {
-                const accessToken = await azure.getOnBehalfOfAccessToken(azureClient, azureTokenEndpoint, req);
-                options.headers.Authorization = `Bearer ${accessToken}`;
-                return options;
-            },
-        }),
-    );
+    setup(app, process.env.API_SCOPE!);
 };
 
-function setupPath(app: Express) {
+const setup = (app: Express, audience: string) => {
     app.use('/tiltaksgjennomforing/api/internal', (req, res) => {
         res.status(401).send();
     });
@@ -74,6 +38,20 @@ function setupPath(app: Express) {
             proxyTimeout: 10000,
         }),
     );
-}
+
+    app.use(
+        '/tiltaksgjennomforing/api',
+        proxy(process.env.APIGW_URL as string, {
+            proxyReqPathResolver: (req: Request<{}, any, any, ParsedQs, Record<string, any>>) => {
+                return req.originalUrl.replace('/tiltaksgjennomforing/api', '/tiltaksgjennomforing-api');
+            },
+            proxyReqOptDecorator: async (options: any, req: Request<{}, any, any, ParsedQs, Record<string, any>>) => {
+                const accessToken = await requestOboToken(audience, req);
+                options.headers.Authorization = `Bearer ${accessToken}`;
+                return options;
+            },
+        }),
+    );
+};
 
 export default { tokenxSetup, azureSetup };
diff --git a/server/src/proxy/decorator-intern-proxy.ts b/server/src/proxy/decorator-intern-proxy.ts
@@ -1,12 +1,11 @@
 import proxy from 'express-http-proxy';
-import onbehalfof from '../login/azure';
-import { BaseClient } from 'openid-client';
 import { Express, Response } from 'express';
 import { Request } from 'express-serve-static-core';
 import { ParsedQs } from 'qs';
 import { IncomingMessage, RequestOptions } from 'http';
+import { requestOboToken } from '../auth';
 
-const setup = (app: Express, azureClient: BaseClient, azureTokenEndpoint: BaseClient) => {
+const setup = (app: Express) => {
     app.use(
         '/modiacontextholder/api/decorator',
         proxy(process.env.APIGW_URL as string, {
@@ -20,7 +19,7 @@ const setup = (app: Express, azureClient: BaseClient, azureTokenEndpoint: BaseCl
                 options: RequestOptions,
                 req: Request<{}, any, any, ParsedQs, Record<string, any>>,
             ) => {
-                const accessToken = await onbehalfof.getOnBehalfOfAccessToken(azureClient, azureTokenEndpoint, req);
+                const accessToken = await requestOboToken(process.env.API_SCOPE!, req);
                 if (options?.headers) {
                     options.headers.Authorization = `Bearer ${accessToken}`;
                     let cookies = options.headers.cookie;