feat(koa): Koa-ize sugar (#2)

* Koa-ize sugar

* You shall not pass

* Fix typo in console.log

* Code review

* Use @koa/router

* Go back to using ctx.request.body

* Apply suggestions from code review (ctx.headers)

Co-authored-by: Adrian Paschkowski <[email protected]>

Co-authored-by: Adrian Paschkowski <[email protected]>

Author: LuisRizo

.gitignore

@@ -1,4 +1,5 @@
 /dist/
 /node_modules/
 /src/config.json
-/src/lastUpdate.json
+/src/lastUpdate.json
+yarn-error.log

package.json

@@ -10,15 +10,16 @@
     "plugin:you-dont-need-momentjs/recommended"
   ],
   "dependencies": {
+    "@koa/router": "^10.1.1",
     "@types/chai": "^4.2.22",
     "chai": "^4.3.4",
     "chai-as-promised": "^7.1.1",
     "chargebee-typescript": "^2.3.0",
     "dayjs": "^1.10.7",
     "eslint": "^8.2.0",
-    "express": "^4.17.1",
-    "fs": "^0.0.1-security",
-    "helmet": "^4.6.0",
+    "koa": "^2.13.4",
+    "koa-bodyparser": "^4.3.0",
+    "koa-helmet": "^6.1.0",
     "mocha": "^9.1.3",
     "pg": "^8.7.1",
     "ts-node": "^10.4.0",
@@ -34,7 +35,10 @@
     "test": "mocha --require ts-node/register --timeout 10000 test/**/*.spec.ts"
   },
   "devDependencies": {
-    "@types/express": "^4.17.13",
+    "@types/koa": "^2.13.4",
+    "@types/koa-bodyparser": "^4.3.5",
+    "@types/koa-helmet": "^6.0.4",
+    "@types/koa__router": "^8.0.11",
     "@types/node": "^16.11.7",
     "@types/pg": "^8.6.1",
     "@typescript-eslint/eslint-plugin": "^5.4.0",

src/app.ts

@@ -1,22 +1,20 @@
-import express from "express";
-import helmet from "helmet";
+import Koa from "koa";
+import helmet from "koa-helmet";
+import bodyParser from "koa-bodyparser";
 import { HOOK_PORT } from "./config.json";
-import hookRoutes from "./hook/routes";
-import errorHandler from "./middlewares/errorHandler";
+import hookRoute from "./hook/route";
 import notFoundHandler from "./middlewares/notFoundHandler";
 
-const app = express();
+const app = new Koa();
 const port = HOOK_PORT;
+app.proxy = true;
 
 app.use(helmet());
-app.use(express.json());
-app.set("trust proxy", true);
-
-app.use("/", hookRoutes);
-
+app.use(bodyParser());
 app.use(notFoundHandler);
-app.use(errorHandler);
+
+app.use(hookRoute.routes());
 
 app.listen(HOOK_PORT, () => {
-  console.log(`Hook listening on port ${port}`);
+  console.log(`Server running on port ${port}`);
 });

src/hook/controller.ts

@@ -0,0 +1,33 @@
+import { Event } from "chargebee-typescript/lib/resources";
+import { RouterContext } from "@koa/router";
+
+const allowed_events: Event["event_type"][] = [
+  "subscription_activated",
+  "subscription_started",
+  "subscription_paused",
+  "subscription_cancelled",
+];
+
+export const hookController = async (ctx: RouterContext) => {
+  const { event_type: eventType } = ctx.request.body as Event;
+  console.log("Received hookController event", {
+    body: ctx.request.body,
+    eventType: eventType,
+  });
+
+  if (!allowed_events.includes(eventType || "")) {
+    console.log("process request found an unknown event", {
+      event: eventType,
+    });
+
+    ctx.status = 404;
+    ctx.body = {};
+    return;
+  }
+
+  // TODO: Handle events
+  console.log("Valid event: " + eventType);
+
+  ctx.status = 200;
+  ctx.body = {};
+};

src/hook/controllers/hook.ts

@@ -1,5 +1,5 @@
 import fs from "fs";
-import { RequestHandler, Request } from "express";
+import { Context, Middleware } from "koa";
 import {
   HOOK_KEY,
   BASIC_AUTH_USERNAME,
@@ -17,44 +17,40 @@ const isAllowedOrigin = (hostname: string) => {
   return false;
 };
 
-export const authenticateRequest: RequestHandler = async (req, res, next) => {
-  if (
-    !isAllowedOrigin(req.hostname) &&
-    (!req.headers["user-agent"] || req.headers["user-agent"] !== "ChargeBee")
-  ) {
+export const authenticateRequest: Middleware = async (ctx, next) => {
+  if (!isAllowedOrigin(ctx.hostname) && ctx.get("user-agent") !== "ChargeBee") {
     console.log("requestAuthenticator error - UNEXPECTED REQUEST ORIGIN", {
-      userAgent: req.headers["user-agent"],
-      ip: req.ip,
-      hostname: req.hostname,
+      userAgent: ctx.get("user-agent"),
+      ip: ctx.ip,
+      hostname: ctx.hostname,
     });
 
-    res.status(401).json({ error: "UNEXPECTED REQUEST ORIGIN" });
+    ctx.status = 401;
+    ctx.body = { error: "UNEXPECTED REQUEST ORIGIN" };
     return;
   }
-  if (!canAttemptAuthentication(req)) {
+  if (!canAttemptAuthentication(ctx)) {
     console.log("requestAuthenticator error - MAX ATTEMPTS REACHED FOR IP", {
-      ip: req.ip,
+      ip: ctx.ip,
     });
 
-    return res
-      .status(401)
-      .json({ error: "MAX ATTEMPTS REACHED FOR " + req.ip });
+    ctx.status = 401;
+    ctx.body = { error: "MAX ATTEMPTS REACHED FOR " + ctx.ip };
+    return;
   }
-  if (!req.query.key || req.query.key !== HOOK_KEY) {
+  if (!ctx.query.key || ctx.query.key !== HOOK_KEY) {
     console.log("requestAuthenticator error - INVALID KEY", {
-      key: req.query.key?.toString().slice(-5),
+      key: ctx.query.key?.toString().slice(-5),
     });
 
-    onAuthenticationFailure(req);
-    return res.status(401).json({ error: "INVALID KEY" });
+    onAuthenticationFailure(ctx);
+    ctx.status = 401;
+    return;
   }
-  if (
-    req.headers.authorization &&
-    req.headers.authorization.startsWith("Basic ")
-  ) {
-    const base64authorization: string = req.headers.authorization.substring(
-      "Basic ".length
-    );
+  if (ctx.get("authorization")?.startsWith("Basic ")) {
+    const base64authorization: string = ctx
+      .get("authorization")
+      .substring("Basic ".length);
     const authorization: string[] = Buffer.from(base64authorization, "base64")
       .toString("utf8")
       .split(":", 2);
@@ -66,17 +62,19 @@ export const authenticateRequest: RequestHandler = async (req, res, next) => {
         password: (password || "").slice(-5),
       });
 
-      onAuthenticationFailure(req);
-      return res.status(401).json({ error: "INVALID CREDENTIALS" });
+      onAuthenticationFailure(ctx);
+      ctx.status = 401;
+      return;
     }
     return next();
   } else {
     console.log("requestAuthenticator error - MISSING AUTHENTICATION HEADER", {
-      authHeader: req.headers.authorization?.slice(0, 5),
+      authHeader: ctx.get("authorization")?.slice(0, 5),
     });
 
-    onAuthenticationFailure(req);
-    return res.status(401).json({ error: "MISSING AUTHENTICATION HEADER" });
+    onAuthenticationFailure(ctx);
+    ctx.status = 401;
+    return;
   }
 };
 
@@ -122,8 +120,8 @@ class IpAuthData {
 
 const authCache: { [ip: string]: IpAuthData } = {};
 
-const onAuthenticationFailure = (req: Request): void => {
-  const ip: string = getIp(req);
+const onAuthenticationFailure = (ctx: Context): void => {
+  const ip: string = getIp(ctx);
   let ipAuthData = authCache[ip];
   if (!ipAuthData) {
     authCache[ip] = new IpAuthData(false);
@@ -151,8 +149,8 @@ const onAuthenticationFailure = (req: Request): void => {
   }
 };
 
-const canAttemptAuthentication = (req: Request): boolean => {
-  const ip: string = getIp(req);
+const canAttemptAuthentication = (ctx: Context): boolean => {
+  const ip: string = getIp(ctx);
   const ipAuthData = authCache[ip];
   if (ipAuthData) {
     if (ipAuthData.isBlocked()) {
@@ -170,13 +168,13 @@ const canAttemptAuthentication = (req: Request): boolean => {
   return true;
 };
 
-const getIp = (req: Request): string => {
-  const cfIp: string | string[] | undefined = req.headers["cf-connecting-ip"];
+const getIp = (ctx: Context): string => {
+  const cfIp: string | string[] | undefined = ctx.get("cf-connecting-ip");
   const ip: string = cfIp
     ? typeof cfIp === "string"
       ? cfIp
       : cfIp[0]
-    : req.ip;
+    : ctx.ip;
   return ip;
 };
 

src/hook/requestAuthenticator.ts

@@ -0,0 +1,9 @@
+import Router from "@koa/router";
+import { hookController } from "./controller";
+import { authenticateRequest } from "./requestAuthenticator";
+
+const router = new Router();
+
+router.post("/hook", authenticateRequest, hookController);
+
+export default router;