Fast 72hrs!!! Member Settings Service - Savable Search API - Add Security and Authorization

Register
Submit a solution
The challenge is finished.

Challenge Overview

We are preparing for a Member Settings Service, and the first feature in the service will be saved searches.

We have implemented the Saved Searches API in previous challenge. The latest code can be found at https://github.com/appirio-tech/lc1-user-settings-service

The purpose of this challenge is to add security and authorization to the savable search API.

Security

We need to include this middleware:
https://github.com/evilpacket/helmet
There should be very little code involved in this change, but the developer should verify there are no regresions in the code (all original tests in postman.json must still pass).

Authorization

On the authorization side, we need to remove the mock auth middleware and replace with an option to insert two different middleware options (configuration to switch between the two) :

1. A custom middleware which takes the Authorization header and submits it to
http://docs.tcapi.apiary.io/#get-%2Fv2%2Fuser%2Fidentity
The req.user.id must be set to the user id from the response. Tests should be provided that work but of course developer should not include the jwt of a production tc user.

2. Inclusion of express-jwt to set https://github.com/auth0/express-jwt
The implementation should include a dummy key and a configuration variable to override that key that will decrypt the provided jwt to assign req.user per the express-jwt. Tests should be provided that have a working jwt that can be decrypted by the dummy key.



Final Submission Guidelines

  • updated source code for implementing the required functionaliy
  • winner will be responsible for merging.

ELIGIBLE EVENTS:

2015 topcoder Open

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30046766