add groups sample, revise roles sample

Author: derisen

4-AccessControl/1-app-roles/App/app.js

@@ -5,10 +5,14 @@
 
 const express = require('express');
 const session = require('express-session');
-const methodOverride = require('method-override')
+const methodOverride = require('method-override');
 const path = require('path');
 
-const router = require('./routes/router');
+const msalWrapper = require('../../../../msal-express-wrapper/dist/index');
+const config = require('./appSettings.js');
+const cache = require('./utils/cachePlugin');
+const mainRouter = require('./routes/mainRoutes');
+
 const SERVER_PORT = process.env.PORT || 4000;
 
 // initialize express
@@ -29,14 +33,31 @@ app.use(express.json());
 
 /**
  * Using express-session middleware. Be sure to familiarize yourself with available options
- * and set as desired. Visit: https://www.npmjs.com/package/express-session
+ * and set them as desired. Visit: https://www.npmjs.com/package/express-session
  */
-app.use(session({ 
-    secret: 'ENTER_YOUR_SECRET_HERE', 
-    resave: false, 
-    saveUninitialized: false 
-}));
-
-app.use(router);
+ const sessionConfig = {
+    secret: 'ENTER_YOUR_SECRET_HERE',
+    resave: false,
+    saveUninitialized: false,
+    cookie: {
+        secure: false, // set this to true on production
+    }
+}
+
+if (app.get('env') === 'production') {
+    app.set('trust proxy', 1) // trust first proxy
+    sessionConfig.cookie.secure = true // serve secure cookies
+}
+
+app.use(session(sessionConfig));
+
+// instantiate the wrapper
+const authProvider = new msalWrapper.AuthProvider(config, cache);
+
+// initialize the wrapper
+app.use(authProvider.initialize());
+
+// pass the instance to your route handlers
+app.use(mainRouter(authProvider));
 
 app.listen(SERVER_PORT, () => console.log(`Msal Node Auth Code Sample app listening on port ${SERVER_PORT}!`));

4-AccessControl/1-app-roles/App/appSettings.js

@@ -0,0 +1,24 @@
+const appSettings = {
+    appCredentials: {
+        clientId: "Enter_the_Application_Id_Here",
+        tenantId: "Enter_the_Tenant_Info_Here",
+        clientSecret: "Enter_the_Client_Secret_Here"
+    },
+    authRoutes: {
+        redirect: "/redirect",
+        error: "/error",
+        unauthorized: "/unauthorized"
+    },
+    accessMatrix: {
+        todolist: {
+            methods: ["GET", "POST", "DELETE"],
+            roles: ["TaskUser", "TaskAdmin"]
+        },
+        dashboard: {
+            methods: ["GET"],
+            roles: ["TaskAdmin"]
+        }
+    }
+}
+
+module.exports = appSettings;

4-AccessControl/1-app-roles/App/appSettings.json

@@ -1,11 +1,7 @@
-const lowdb = require('lowdb');
-const FileSync = require('lowdb/adapters/FileSync');
-const adapter = new FileSync('./data/db.json');
-const db = lowdb(adapter);
+const Todo = require('../model/todo');
 
 exports.getAllTodos = (req, res) => {
-    const todos = db.get('todos')
-        .value();
+    const todos = Todo.getAllTodos();
 
     res.render('dashboard', { isAuthenticated: req.session.isAuthenticated, todos: todos });
 }

4-AccessControl/1-app-roles/App/controllers/dashboardController.js

@@ -1,27 +1,22 @@
-const lowdb = require('lowdb');
-const FileSync = require('lowdb/adapters/FileSync');
-const adapter = new FileSync('./data/db.json');
-const db = lowdb(adapter);
+const Todo = require('../model/todo');
 const { nanoid } = require('nanoid');
 
 exports.getTodos = (req, res) => {
     const owner = req.session.account.idTokenClaims['preferred_username'];
 
-    const todos = db.get('todos')
-        .filter({ owner: owner })
-        .value();
+    const todos = Todo.getTodosByOwner(owner)
 
     res.render('todolist', { isAuthenticated: req.session.isAuthenticated, todos: todos });
 }
 
 exports.postTodo = (req, res) => {
-    const newTodo = {
-        id: nanoid(),
-        name: req.body.name,
-        owner: req.session.account.idTokenClaims['preferred_username'],
-    };
+    const id = nanoid();
+    const name = req.body.name;
+    const owner = req.session.account.idTokenClaims['preferred_username'];
+
+    const newTodo = new Todo(id, name, owner)
 
-    db.get('todos').push(newTodo).write();
+    Todo.postTodo(newTodo);
 
     res.redirect('/todolist');
 }
@@ -30,9 +25,7 @@ exports.deleteTodo = (req, res) => {
     const id = req.body.id;
     const owner = req.session.account.idTokenClaims['preferred_username'];
 
-    db.get('todos')
-        .remove({ owner: owner, id: id })
-        .write();
+    Todo.deleteTodo(id, owner);
 
     res.redirect('/todolist');
 }

4-AccessControl/1-app-roles/App/controllers/todolistController.js

@@ -0,0 +1 @@
+{"Account":{"a283a601-6ad4-4528-975d-6abbefa5edd7.cbaf2168-de14-4c72-9d88-f5f05366dbef-login.windows.net-cbaf2168-de14-4c72-9d88-f5f05366dbef":{"home_account_id":"a283a601-6ad4-4528-975d-6abbefa5edd7.cbaf2168-de14-4c72-9d88-f5f05366dbef","environment":"login.windows.net","realm":"cbaf2168-de14-4c72-9d88-f5f05366dbef","local_account_id":"a283a601-6ad4-4528-975d-6abbefa5edd7","username":"admin@msaltestingjs.onmicrosoft.com","authority_type":"MSSTS","name":"Dogan Erisen","client_info":"eyJ1aWQiOiJhMjgzYTYwMS02YWQ0LTQ1MjgtOTc1ZC02YWJiZWZhNWVkZDciLCJ1dGlkIjoiY2JhZjIxNjgtZGUxNC00YzcyLTlkODgtZjVmMDUzNjZkYmVmIn0"}},"IdToken":{"a283a601-6ad4-4528-975d-6abbefa5edd7.cbaf2168-de14-4c72-9d88-f5f05366dbef-login.windows.net-idtoken-d6c675c8-2e24-44a8-97c2-be3e503855bb-cbaf2168-de14-4c72-9d88-f5f05366dbef-":{"home_account_id":"a283a601-6ad4-4528-975d-6abbefa5edd7.cbaf2168-de14-4c72-9d88-f5f05366dbef","environment":"login.windows.net","credential_type":"IdToken","client_id":"d6c675c8-2e24-44a8-97c2-be3e503855bb","secret":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiJkNmM2NzVjOC0yZTI0LTQ0YTgtOTdjMi1iZTNlNTAzODU1YmIiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vY2JhZjIxNjgtZGUxNC00YzcyLTlkODgtZjVmMDUzNjZkYmVmL3YyLjAiLCJpYXQiOjE2MjM4OTI5NjYsIm5iZiI6MTYyMzg5Mjk2NiwiZXhwIjoxNjIzODk2ODY2LCJuYW1lIjoiRG9nYW4gRXJpc2VuIiwib2lkIjoiYTI4M2E2MDEtNmFkNC00NTI4LTk3NWQtNmFiYmVmYTVlZGQ3IiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW5AbXNhbHRlc3Rpbmdqcy5vbm1pY3Jvc29mdC5jb20iLCJyaCI6IjAuQVVVQWFDR3Z5eFRlY2t5ZGlQWHdVMmJiNzhoMXh0WWtMcWhFbDhLLVBsQTRWYnRGQURnLiIsInJvbGVzIjpbIlRhc2tBZG1pbiIsIlRhc2tVc2VyIl0sInN1YiI6IjE3OUJuVlhxeVVnWnZLOGV5OG5mT0lXbm9YZ2hTZFFhUXFfMlQtdkV0RTAiLCJ0aWQiOiJjYmFmMjE2OC1kZTE0LTRjNzItOWQ4OC1mNWYwNTM2NmRiZWYiLCJ1dGkiOiJmdFdzTDJFckxrU2E1aE82bGZFcEFBIiwidmVyIjoiMi4wIn0.QbGtdURNQ1AtGDxeYudgJOve-PuDWLEeM96jf6s7XHye5_StRLXkF4qMV3PYnO5W3TtCiS2A9Xh7i4d6xo6GjT8yxDM6u04VzzJOp_DXttfTmjEvkMcRz6N0nx3pWxntPWtWrI9wVLAdlYn7BnnA_lMcLoCXX_QznpMLaRaW_jOp0R7EHPYk-KAqSoQbq_6SMvG-nFdFFDAeLRFbwEe8LJS9gDFZuPDa0_UaDsDgVx2RWhpq2AO0dpDXcxieOAZ9aq9dSP45GFjHgpr8d6ESTctHqVA5qApb0-Mm2Ku91Q7K2yo9wz4inLalughS25neFu2EZjrrdieXv8xq8ZYdjA","realm":"cbaf2168-de14-4c72-9d88-f5f05366dbef"}},"AccessToken":{"a283a601-6ad4-4528-975d-6abbefa5edd7.cbaf2168-de14-4c72-9d88-f5f05366dbef-login.windows.net-accesstoken-d6c675c8-2e24-44a8-97c2-be3e503855bb-cbaf2168-de14-4c72-9d88-f5f05366dbef-openid profile email":{"home_account_id":"a283a601-6ad4-4528-975d-6abbefa5edd7.cbaf2168-de14-4c72-9d88-f5f05366dbef","environment":"login.windows.net","credential_type":"AccessToken","client_id":"d6c675c8-2e24-44a8-97c2-be3e503855bb","secret":"eyJ0eXAiOiJKV1QiLCJub25jZSI6InR0NGxiSm5ncV9vTHE3aWwyaTdsb2RNdmxlWUlXWDM1SFVPRHI2LW5SOW8iLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9jYmFmMjE2OC1kZTE0LTRjNzItOWQ4OC1mNWYwNTM2NmRiZWYvIiwiaWF0IjoxNjIzODkyOTY2LCJuYmYiOjE2MjM4OTI5NjYsImV4cCI6MTYyMzg5Njg2NiwiYWNjdCI6MCwiYWNyIjoiMSIsImFjcnMiOlsidXJuOnVzZXI6cmVnaXN0ZXJzZWN1cml0eWluZm8iLCJ1cm46bWljcm9zb2Z0OnJlcTEiLCJ1cm46bWljcm9zb2Z0OnJlcTIiLCJ1cm46bWljcm9zb2Z0OnJlcTMiLCJjMSIsImMyIiwiYzMiLCJjNCIsImM1IiwiYzYiLCJjNyIsImM4IiwiYzkiLCJjMTAiLCJjMTEiLCJjMTIiLCJjMTMiLCJjMTQiLCJjMTUiLCJjMTYiLCJjMTciLCJjMTgiLCJjMTkiLCJjMjAiLCJjMjEiLCJjMjIiLCJjMjMiLCJjMjQiLCJjMjUiXSwiYWlvIjoiQVNRQTIvOFRBQUFBa24zbXJmU2tuY2psSUFWM09lZjN2cGVBSENDM2NvMnVZUXpkR2pqMmhsOD0iLCJhbXIiOlsicHdkIl0sImFwcF9kaXNwbGF5bmFtZSI6Im5vZGUtYXBwLXJvbGVzIiwiYXBwaWQiOiJkNmM2NzVjOC0yZTI0LTQ0YTgtOTdjMi1iZTNlNTAzODU1YmIiLCJhcHBpZGFjciI6IjEiLCJkZXZpY2VpZCI6IjQ5ZDM1OGQ3LTk5NGQtNDA3OC05NjRlLWNlNWRmNjMxOTM1OSIsImZhbWlseV9uYW1lIjoiRXJpc2VuIiwiZ2l2ZW5fbmFtZSI6IkRvZ2FuIiwiaWR0eXAiOiJ1c2VyIiwiaXBhZGRyIjoiMTcyLjEwMy4yMzMuMTY3IiwibmFtZSI6IkRvZ2FuIEVyaXNlbiIsIm9pZCI6ImEyODNhNjAxLTZhZDQtNDUyOC05NzVkLTZhYmJlZmE1ZWRkNyIsInBsYXRmIjoiMyIsInB1aWQiOiIxMDAzMjAwMDk2NERCNDlEIiwicmgiOiIwLkFVVUFhQ0d2eXhUZWNreWRpUFh3VTJiYjc4aDF4dFlrTHFoRWw4Sy1QbEE0VmJ0RkFEZy4iLCJzY3AiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsInN1YiI6Ikozc0xRRmFSb0taMlViMzBOakNhOE45OWxFWmlwZmpvaDZibHpCUmZOZmciLCJ0ZW5hbnRfcmVnaW9uX3Njb3BlIjoiTkEiLCJ0aWQiOiJjYmFmMjE2OC1kZTE0LTRjNzItOWQ4OC1mNWYwNTM2NmRiZWYiLCJ1bmlxdWVfbmFtZSI6ImFkbWluQG1zYWx0ZXN0aW5nanMub25taWNyb3NvZnQuY29tIiwidXBuIjoiYWRtaW5AbXNhbHRlc3Rpbmdqcy5vbm1pY3Jvc29mdC5jb20iLCJ1dGkiOiJmdFdzTDJFckxrU2E1aE82bGZFcEFBIiwidmVyIjoiMS4wIiwid2lkcyI6WyI2MmU5MDM5NC02OWY1LTQyMzctOTE5MC0wMTIxNzcxNDVlMTAiLCJiNzlmYmY0ZC0zZWY5LTQ2ODktODE0My03NmIxOTRlODU1MDkiXSwieG1zX3N0Ijp7InN1YiI6IjE3OUJuVlhxeVVnWnZLOGV5OG5mT0lXbm9YZ2hTZFFhUXFfMlQtdkV0RTAifSwieG1zX3RjZHQiOjE1NzkzMDk0MDR9.G8nWe_6Rft814_1f-6eJ-A46rNmX2ldbdnSDMswuydagxLLSLzAJMLaq_i7I5XyUZyrBbzk5OD0dcxOPk-cf4REaNGtb6n15C__X2Ibg6oSF2_f5pYL6NU-_sJaTUzxAKv7SanzN4EjCRnxMxH8PajVLW6B3TPhVEEbWOrOCzuWH_XHfhFIn-zoDMCBg4mMfVKIqfXne0nHmYBE0c4ezJjD4kvUsc51RsdFutFBd78kCWqvIr7DwNf_9Iy5l4DtIMZk-SIvCjH_pL1xsH_rrDfVJ_9HT73k_SUZDT7yHUUL4Km8kOFuxATb1od3fTGlHuwz-vFJxNSGtw5clj4Rw_A","realm":"cbaf2168-de14-4c72-9d88-f5f05366dbef","target":"openid profile email","cached_at":"1623893267","expires_on":"1623896865","extended_expires_on":"1623900464","token_type":"Bearer"}},"RefreshToken":{"a283a601-6ad4-4528-975d-6abbefa5edd7.cbaf2168-de14-4c72-9d88-f5f05366dbef-login.windows.net-refreshtoken-d6c675c8-2e24-44a8-97c2-be3e503855bb--":{"home_account_id":"a283a601-6ad4-4528-975d-6abbefa5edd7.cbaf2168-de14-4c72-9d88-f5f05366dbef","environment":"login.windows.net","credential_type":"RefreshToken","client_id":"d6c675c8-2e24-44a8-97c2-be3e503855bb","secret":"0.AUUAaCGvyxTeckydiPXwU2bb78h1xtYkLqhEl8K-PlA4VbtFADg.AgABAAAAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P-v8jeBTUVThUzSL8nesl4Abz9VKLEzd-p-nOB1ScVmLovLAwLoDiBgW9jB009e1n83ONuO8N2XAWeQkvax3WYwUWDUuSVZx0MUCfsVkBEvElBKZcxg6K9hhbmOlJgk2snySCQemD2Q9fXGnONZwy1AlJ0Q1jzRgBZF1ieHs_uAx9QQPuoPQSNDj9tGUoOyYNpCW6NgnlRfObI1BHiTQLQ6AFKSnfLpvhzZJoXIUBWPw5GqZ7YWl3608WykYEDpQyTlrfOR6N3UeVdllYOFK0GieghKGeb2i_M2ZVTZ2tgQo2IxQgt6827ScWma07r-eEd28YcnhYZTFBGVa_L35jZVTMscIkKVjCqNYZHRv7p40rP-fFjii1Q9KcmKGbXp_TPXnrWL81GN8nyNdgK_Pa6_vmMZi9teO9fR_4XcAj_W_tEIXG-pniszDpGb2hAodSMsjVKT7M6ZLRTiqf-VQlCoqIdWMlfKpMl-4L1tf1JdO0JvKuFFvlpKMlQBrmeAMUuxiurjYgp7_etrBm1k0FpK0CnQdCN4R3aY9GEXZq_GDtnuoK45iShiEo7wrNuGSUrC3u6irg6vkp50DBAEfVRQJWy_6BxrAh0rgl5fHpbBFAGXTcEuaaBkeMJCKlolaJV9arE1BePbjQYqZoRKg_XRYbH_WsPaGDfHbdCbV0oVkKxfT7yutQ6Odhr9tNj62bngziDXZeUSgWjjLVytCbpSGG0LhupG-LjowuRBH666amb-GjFuOrD8t21CjOBIvV7qDbltJgHe7A7VIOKN500DDZMVUNsoQx7cRpS8bOrhWyc0od24Ej55AQca1liDQoc5RsEsERRUD4QIyQzzeAnxGGDp8nudbZtD4oIbO4fIC6_oURfTAmeW4sJ0JGdCwlTM1vwBntx7rrDfJou5KNSmFTy61UCu0p9pZ0gWAD3iMg_Uwah4BUnXMJiKpYo"}},"AppMetadata":{}}

4-AccessControl/1-app-roles/App/data/cache.json

@@ -0,0 +1,40 @@
+const lowdb = require('lowdb');
+const FileSync = require('lowdb/adapters/FileSync');
+const adapter = new FileSync('./data/db.json');
+const db = lowdb(adapter);
+
+class Todo {
+
+    id;
+    name;
+    owner;
+
+    constructor(id, name, owner) {
+        this.id = id;
+        this.name = name;
+        this.owner = owner;
+    }
+
+    static getAllTodos() {
+        return db.get('todos')
+            .value();
+    }
+
+    static getTodosByOwner(owner) {
+        return db.get('todos')
+            .filter({ owner: owner })
+            .value();
+    }
+
+    static postTodo(newTodo) {
+        db.get('todos').push(newTodo).write();
+    }
+
+    static deleteTodo(id, owner) {
+        db.get('todos')
+            .remove({ owner: owner, id: id })
+            .write();
+    }
+}
+
+module.exports = Todo;

4-AccessControl/1-app-roles/App/model/todo.js

@@ -11,13 +11,11 @@
   "license": "MIT",
   "dependencies": {
     "@azure/msal-node": "^1.1.0",
-    "@microsoft/microsoft-graph-client": "^2.2.1",
     "axios": "^0.21.1",
     "bootstrap": "^4.5.3",
     "ejs": "^3.0.1",
     "express": "^4.17.1",
     "express-session": "^1.17.1",
-    "isomorphic-fetch": "^3.0.0",
     "lowdb": "^1.0.0",
     "method-override": "^3.0.0",
     "msal-express-wrapper": "git+https://github.com/Azure-Samples/msal-express-wrapper.git",

4-AccessControl/1-app-roles/App/package.json

@@ -0,0 +1 @@
+Unauthorized

4-AccessControl/1-app-roles/App/public/401.html

@@ -0,0 +1 @@
+Server Error