0

I have different microservices developed in Hapi+Molecular. I used hapi-moleculer npm module to add molecular in hapi, I am using redis as transported to communicate between services. I can call functions of service A from service B... what i need is to add authentication to call functions of other services. Like if Service A calling function of Service B it needs to authenticate to prevent others from connecting to my services. I am calling servies like this

request.broker.call('users.logout', { });

I saw a module imicros-auth for this but i didn't found it much useful is there anyother module which can do this or is there any better approach to custom code for service to service authentication. It should be like

If service is calling its own function, then no auth required, if calling function of other service then it must be authenticated One more thing it should not be like fetching auth from db or some kind of this which makes response of service slow, can be token based or something like this

Muhammad Aadil Banaras
  • 1,134
  • 1
  • 11
  • 21

1 Answers1

1

Maybe this middleware? https://github.com/icebob/moleculer-protect-services

To use this, you should generate a JWT token with service name for all services and define a list of the permitted services. The middleware will validate the JWT.

Here is the source of the middleware:

const { MoleculerClientError } = require("moleculer").Errors;

module.exports = {

    // Wrap local action handlers (legacy middleware handler)
    localAction(next, action) {
        // If this feature enabled
        if (action.restricted) {

            // Create new handler
            return async function ServiceGuardMiddleware(ctx) {
                // Check the service auth token in Context meta
                const token = ctx.meta.$authToken;
                if (!token)
                    throw new MoleculerClientError("Service token is missing", 401, "TOKEN_MISSING");

                // Verify token & restricted services
                // Tip: For better performance, you can cache the response because it won't change in runtime.
                await ctx.call("guard.check", { token, services: action.restricted })

                // Call the original handler
                return await next(ctx);

            }.bind(this);
        }

        // Return original handler, because feature is disabled
        return next;
    },

    // Wrap broker.call method
    call(next) {
        // Create new handler
        return async function(actionName, params, opts = {}) {
            // Put the service auth token in the meta
            if (opts.parentCtx) {
                const service = opts.parentCtx.service;
                const token = service.schema.authToken;

                if (!opts.meta)
                    opts.meta = {};

                opts.meta.$authToken = token;
            }

            // Call the original handler
            return await next(actionName, params, opts);

        }.bind(this);
    },

};
Icebob
  • 1,132
  • 7
  • 14