diff --git a/docker/kratos/oathkeeper/access-rules.yml b/docker/kratos/oathkeeper/access-rules.yml index ccc31a58..97ac5ed3 100644 --- a/docker/kratos/oathkeeper/access-rules.yml +++ b/docker/kratos/oathkeeper/access-rules.yml @@ -72,7 +72,7 @@ preserve_host: true url: "http://dashboard:3000" match: - url: "http://oathkeeper:4455/<{,uploads,downloads,payments}>" + url: "http://oathkeeper:4455/<{,uploads,downloads,payments,api,api/hello}>" methods: - GET authenticators: diff --git a/packages/dashboard/package.json b/packages/dashboard/package.json index 1cbc5717..962d4844 100644 --- a/packages/dashboard/package.json +++ b/packages/dashboard/package.json @@ -10,6 +10,8 @@ "dependencies": { "@ory/kratos-client": "^0.5.4-alpha.1", "autoprefixer": "^10.2.4", + "express-jwt": "^6.0.0", + "jwks-rsa": "^1.12.2", "next": "^10.0.6", "postcss": "^8.2.4", "prettier": "^2.2.1", diff --git a/packages/dashboard/pages/api/hello.js b/packages/dashboard/pages/api/hello.js index 06c71f46..65e907ea 100644 --- a/packages/dashboard/pages/api/hello.js +++ b/packages/dashboard/pages/api/hello.js @@ -1,6 +1,26 @@ // Next.js API route support: https://nextjs.org/docs/api-routes/introduction -export default (req, res) => { +import jwt from "express-jwt"; +import jwks from "jwks-rsa"; +import config from "../../src/config"; + +// This middleware assumes that the app is secured using ORY Oathkeeper, in which case we +// verify the JSON Web Token issued by ORY Oathkeeper using the jwt-express middleware. + +const middleware = jwt({ + // Dynamically provide a signing key based on the kid in the header and the signing keys provided by the JWKS endpoint. + secret: jwks.expressJwtSecret({ + cache: true, + jwksRequestsPerMinute: 5, + jwksUri: config.jwksUrl, + }), + algorithms: ["RS256"], +}); + +export default middleware((req, res) => { + console.log(Object.keys(req)); + console.log(req); + console.log(JSON.stringify(req)); res.statusCode = 200; res.json({ name: "John Doe" }); -}; +});