sample-app-embeddedsending-node/server/server.js at 1215d08cc3cf341d529a025b09d78a281bdf38e5 · docusign/sample-app-embeddedsending-node · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
require('dotenv').config();

const express = require('express');
const helmet = require('helmet'); // https://expressjs.com/en/advanced/best-practice-security.html
const bodyParser = require('body-parser');
const session = require('express-session'); // https://github.com/expressjs/session
const MemoryStore = require('memorystore')(session); // https://github.com/roccomuso/memorystore
const passport = require('passport');
const cors = require('cors');
const chalk = require('chalk');
const DocusignStrategy = require('passport-docusign');
const moment = require('moment');
const config = require('./config');
const { EMBEDDED_SENDING_SCOPES, BackendRoute } = require('./constants');
const authRouter = require('./routes/authRouter');
const templatesRouter = require('./routes/templatesRouter');
const contactsRouter = require('./routes/contactsRouter');
const envelopesRouter = require('./routes/envelopesRouter');
const navigatorRouter = require('./routes/navigatorRouter');
const createPrefixedLogger = require('./utils/logger');
const resolveAuthController = require('./utils/authControllerResolver');

const logger = createPrefixedLogger();
const maxSessionAge = 1000 * 60 * 60 * 24 * 1; // One day

const app = express()
  .use(helmet())
  .use(bodyParser.json())
  .use(
    session({
      secret: config.sessionSecret,
      name: 'my-esign-session',
      cookie: { maxAge: maxSessionAge },
      saveUninitialized: true,
      resave: true,
      store: new MemoryStore({
        checkPeriod: 86400000, // prune expired entries every 24h
      }),
    })
  )
  .use(passport.initialize())
  .use(passport.session())
  // Add an instance of dsAuthController to req
  .use((req, res, next) => {
    req.logger = logger;
    req.logger.info(`[${req.originalUrl}]`);

    req.dsAuth = resolveAuthController(req);

    next();
  })
  .use(cors({ credentials: true, origin: true }));

// Routing
app.use(BackendRoute.AUTH, authRouter);
app.use(BackendRoute.TEMPLATE, templatesRouter);
app.use(BackendRoute.CONTACT, contactsRouter);
app.use(BackendRoute.ENVELOPE, envelopesRouter);
app.use(BackendRoute.NAVIGATOR, navigatorRouter);

async function start() {
  try {
    app.listen(config.backendPort, () =>
      logger.info(chalk.black.bgBlueBright(`Server started and listening on port ${config.backendPort} ...`))
    );
  } catch (e) {
    logger.info(e.message);
    process.exit(1);
  }
}

start();

// Passport session setup.
//   To support persistent login sessions, Passport needs to be able to
//   serialize users into and deserialize users out of the session.  Typically,
//   this will be as simple as storing the user ID when serializing, and finding
//   the user by ID when deserializing.  However, since this example does not
//   have a database of user records, the complete DocuSign profile is serialized
//   and deserialized.
passport.serializeUser(function (user, done) {
  done(null, user);
});
passport.deserializeUser(function (obj, done) {
  done(null, obj);
});

// Configure passport for DocusignStrategy
const docusignStrategy = new DocusignStrategy(
  {
    production: false,
    clientID: config.clientId,
    scope: EMBEDDED_SENDING_SCOPES.join(' '),
    clientSecret: config.clientSecret,
    callbackURL: config.frontendHost,
    state: false, // automatic CSRF protection.
    // See https://github.com/jaredhanson/passport-oauth2/blob/master/lib/state/session.js
  },
  function _processDsResult(accessToken, refreshToken, params, profile, done) {
    // The params arg will be passed additional parameters of the grant.
    // See https://github.com/jaredhanson/passport-oauth2/pull/84
    //
    // Here we're just assigning the tokens to the account object
    // We store the data in the session in ACGController.getAndSaveDefaultAccountInfo
    const user = profile;
    user.accessToken = accessToken;
    user.refreshToken = refreshToken; // not used in this app, but still save it for production perposes
    user.expiresIn = params.expires_in;
    user.tokenExpirationTimestamp = moment().add(user.expiresIn, 'seconds');
    return done(null, user);
  }
);

/**
 * The DocuSign OAuth default is to allow silent authentication.
 * An additional OAuth query parameter is used to not allow silent authentication
 */
const allowSilentAuthentication = true;
if (allowSilentAuthentication) {
  // See https://stackoverflow.com/a/32877712/64904
  docusignStrategy.authorizationParams = function () {
    return { prompt: 'login' };
  };
}
passport.use(docusignStrategy);