-
Notifications
You must be signed in to change notification settings - Fork 380
/
Copy pathapp.js
95 lines (79 loc) · 2.64 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/**
* Copyright 2019, Google LLC
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
'use strict';
// [START getting_started_auth_all]
const express = require('express');
const metadata = require('gcp-metadata');
const {OAuth2Client} = require('google-auth-library');
const app = express();
const oAuth2Client = new OAuth2Client();
// Cache externally fetched information for future invocations
let aud;
// [START getting_started_auth_metadata]
async function audience() {
if (!aud && (await metadata.isAvailable())) {
let project_number = await metadata.project('numeric-project-id');
let project_id = await metadata.project('project-id');
aud = '/projects/' + project_number + '/apps/' + project_id;
}
return aud;
}
// [END getting_started_auth_metadata]
// [START getting_started_auth_audience]
async function validateAssertion(assertion) {
if (!assertion) {
return {};
}
// Check that the assertion's audience matches ours
const aud = await audience();
// Fetch the current certificates and verify the signature on the assertion
// [START getting_started_auth_certs]
const response = await oAuth2Client.getIapPublicKeys();
// [END getting_started_auth_certs]
const ticket = await oAuth2Client.verifySignedJwtWithCertsAsync(
assertion,
response.pubkeys,
aud,
['https://cloud.google.com/iap']
);
const payload = ticket.getPayload();
// Return the two relevant pieces of information
return {
email: payload.email,
sub: payload.sub,
};
}
// [END getting_started_auth_audience]
// [START getting_started_auth_front_controller]
app.get('/', async (req, res) => {
const assertion = req.header('X-Goog-IAP-JWT-Assertion');
let email = 'None';
try {
const info = await validateAssertion(assertion);
email = info.email;
} catch (error) {
console.log(error);
}
res.status(200).send(`Hello ${email}`).end();
});
// [END getting_started_auth_front_controller]
// Start the server
const PORT = process.env.PORT || 8080;
app.listen(PORT, () => {
console.log(`App listening on port ${PORT}`);
console.log('Press Ctrl+C to quit.');
});
// [END getting_started_auth_all]
module.exports = app;