Challenge Overview
We are preparing for a Member Settings Service, and the first feature in the service will be saved searches.
We have implemented the Saved Searches API in previous challenge. The latest code can be found at https://github.com/appirio-tech/lc1-user-settings-service
The purpose of this challenge is to add security and authorization to the savable search API.
Security
We need to include this middleware:
https://github.com/evilpacket/helmet
There should be very little code involved in this change, but the developer should verify there are no regresions in the code (all original tests in postman.json must still pass).
Authorization
On the authorization side, we need to remove the mock auth middleware and replace with an option to insert two different middleware options (configuration to switch between the two) :
1. A custom middleware which takes the Authorization header and submits it to
http://docs.tcapi.apiary.io/#get-%2Fv2%2Fuser%2Fidentity
The req.user.id must be set to the user id from the response. Tests should be provided that work but of course developer should not include the jwt of a production tc user.
2. Inclusion of express-jwt to set https://github.com/auth0/express-jwt
The implementation should include a dummy key and a configuration variable to override that key that will decrypt the provided jwt to assign req.user per the express-jwt. Tests should be provided that have a working jwt that can be decrypted by the dummy key.
Final Submission Guidelines
- updated source code for implementing the required functionaliy
- winner will be responsible for merging.