This Middleware is designed to work in NodeJS Express Backends with the rm-authenticator and a Front-End that is connected to that Authenticator as well.

Docker - rm-authenticator
GitHub - rm-authenticator

When the Front-End sends you a request containing a session cookie, the middleware will automatically populate the request Object with a user Property containing all the user information

  npm install --save rm-session-populator

You configure the Session Populator with the Options Object. This has several possible Settings

authenticatorHost Hostname where your rm-authenticator is running. By default it's http://localhost:8081

authenticatorUserPath: The path to the endpoint where userinfo is stored. By default it uses the authenticators default /auth/userinfo

credentialsCookieName:: The Name of the Session Cookie. Defaults to connect.sid

rejectWithoutAuthentication: Determines the behaviour of the middleware. If set to true (which it is by default) it will automatically reject any request made to the backend as unauthorized that is missing a cookie and web token. If it is set to false it will poplulate the user property with null

jwtMode: defaults to direct. If set to direct JWT will use the secret provided with the jwt Secret option to verify your web token. If set to key it will use the public key from a file

jwtSecret: Only has to be set if jwtMode is direct. The secret will be used to verify the web token if present. You will have to set the same Secret in the Authenticator.

jwtKeyLocation: Only needs to be set if jwtMode is key. Points to the Public Key in the file system. Defaults to /data/public_key.pem

jwtHeaderName: Session Populator will by default look for the Bearer token in the "Authorization" Header. If you want to use another header, you can change this here.

To implement the middleware do the following

JavaScript

const express = require("express");
const cookieParser = require("cookie-parser");
const sessionPopulate = require("rm-session-populator");
const app = express();

app.use(cookieParser());
app.use(express.json());
app.use(
  sessionPopulate({
    authenticatorHost: "https://my-own-host:443",
    rejectWithoutAuthentication: false,
    jwtMode: "key",
    // jwtSecret: "superSecret",
    jwtKeyLocation: "/data/privateKey.pem",
  })
);

TypeScript

import express from "express";
import cookieParser from "cookie-parser";
import sessionPoplulate from "rm-session-populator";

const app = express();

app.use(cookieParser());
app.use(express.json());
app.use(
  sessionPopulate({
    authenticatorHost: "https://my-own-host:443",
    rejectWithoutAuthentication: false,
    jwtMode: "key",
    // jwtSecret: "superSecret",
    jwtKeyLocation: "/data/privateKey.pem",
  })
);