Passa al contenuto principale

Sicurezza & Autenticazione

Validazione JWT su HTTP e Socket, gestione errori e endpoint pubblici.

Middleware JWT (HTTP)

/main/src/server/serverHttp.ts
function verifyJwtToken(req: Request, res: Response, next: NextFunction): void {
	const isPublicEndpoint = publicEndpoints.some(endpoint => {/* regex sul path */})
	if (isPublicEndpoint) return next()
	const token = req.headers.authorization?.startsWith('Bearer ')
		? req.headers.authorization.split(' ')[1]
		: undefined
	if (!token) return void res.status(401).json({ error: 'No token provided' })
	try {
		const decoded = jwt.verify(token, process.env.JWT_SECRET ?? '')
		if (typeof decoded === 'object' && decoded.exp && decoded.exp < Date.now() / 1000) {
			return void res.status(401).json({ error: 'Token expired' })
		}
		next()
	} catch (error) {
		logger.error('JWT verification error:', error)
		res.status(401).json({ error: 'Invalid token' })
	}
}

JWT su Socket

/main/src/server/socketServer.ts
const validateToken = (socket: CustomSocket, next: (err?: Error) => void) => { /* ... */ }

Endpoint pubblici

/main/src/server/serverHttp.ts
const publicEndpoints = [ '/task/:task_id', '/queue/auth', '/queue/verify-token', '/queue/monitor', '/queue/:filename', '/api/qdrant/categories', '/api/qdrant/attributes', '/api/qdrant/attribute-terms/:collectionName', '/api/qdrant/all-product-data', '/health', '/health/simple' ]

Gestione errori JSON

/main/src/server.ts
app.use((err: any, req: any, res: any, next: any) => {
	if (err instanceof SyntaxError && err.message.includes('Unexpected')) {
		return res.status(400).json({ error: 'Invalid JSON', message: 'The request contains invalid JSON', details: err.message })
	}
	next(err)
})