Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
import CognitoExpress from "cognito-express";
import express from "express";
import {get} from "lodash";
import {ALLOWED_GROUPS} from "../constants";
//Initializing CognitoExpress constructor
const cognitoExpress = new CognitoExpress({
region: "us-east-1",
cognitoUserPoolId: process.env.COGNITO_USER_POOL_ID,
tokenUse: "id", //Possible Values: access | id
tokenExpiration: 3600000 //Up to default expiration of 1 hour (3600000 ms)
});
export const authenticatedRoute = express.Router();
authenticatedRoute.use(function (req, res, next) {
let accessTokenFromClient = req.headers.authorization;
if (!accessTokenFromClient) return res.status(401).send("Access Token missing from header");
cognitoExpress.validate(accessTokenFromClient, function (err, response) {
if (err) return res.status(401).send(err);
res.locals.user = response;
next();
});