Hi everyone,
I am using auth0 for the first time. I am developing the front end with Blazor, and for the APIs, I am using Cloudflare Workers with Javascript.
I was able to configure RBAC on the front end. However, I can’t make it work on the API.
I am getting the access token from the front end, but every library that I tried to use to verify the token didn’t work.
Sorry if it’s very easy but every tutorial and documentation that I saw was using javascript express.
This is the code that I have:
index.ts
const PROXY_ENDPOINT = '/api/something/';
addEventListener('fetch', (event) => {
const request = event.request;
const url = new URL(request.url);
const path = url.pathname.replace(/[/]$/, '');
if (request.method === 'OPTIONS') {
event.respondWith(handleOptions(request));
} else if (request.method === 'GET' || request.method === 'PATCH' || request.method === 'POST' || request.method === 'DELETE') {
event.respondWith(handleRequest(request));
} else {
event.respondWith(
new Response(null, {
status: 405,
statusText: 'Method Not Allowed',
})
);
}
});
handlerOptions.ts
export async function handleOptions(request: Request): Promise<Response> {
let headers = request.headers;
if (
headers.get('Origin') !== null &&
headers.get('Access-Control-Request-Method') !== null &&
headers.get('Access-Control-Request-Headers') !== null
) {
return new Response(null, {
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, POST, PATCH, DELETE, OPTIONS',
'Access-Control-Max-Age': '86400',
'Access-Control-Allow-Headers': request.headers.get('Access-Control-Request-Headers') ?? "",
},
});
} else {
// Handle standard OPTIONS request.
// If you want to allow other HTTP Methods, you can do that here.
return new Response(null, {
headers: {
Allow: 'GET, POST, PATCH, DELETE, OPTIONS',
},
});
}
}
handler.ts
export async function handleRequest(request: Request): Promise<Response> {
const url = new URL(request.url);
const method = request.method;
const token = request.headers.get('authorization');
if (!token) return new Response('Unauthorized', { status: 401 })
// Verify the access token and get the user permissions to validate
// if the user can make the action
const collection = "collection";
try{
if(method === "PATCH"){
// Do something
}
if(method === "POST"){
// Do something
}
if(method === "DELETE"){
// Do something
}
if(method === "GET"){
// Do something
}
return new Response('Not Allowed', { status: 405 });
} catch (error) {
return new Response(error.message, { status: 500 });
}
}