Merge pull request #35 from johnfischelli/refactor-token-handling

Refactor Token handling in Twilio Functions

Author: jared-hunter

dialpad-functions/functions/external-transfer/add-conference-participant.js

@@ -1,26 +1,7 @@
 const nodeFetch = require('node-fetch');
+const TokenValidator = require('twilio-flex-token-validator').functionValidator;
 
-async function getAuthentication(token, context) {
-
-  console.log('Validating request token');
-
-  const tokenValidationApi = `https://${context.ACCOUNT_SID}:${context.AUTH_TOKEN}@iam.twilio.com/v1/Accounts/${context.ACCOUNT_SID}/Tokens/validate`;
-
-  const fetchResponse = await nodeFetch(tokenValidationApi, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({
-      token
-    })
-  });
-
-  const tokenResponse = await fetchResponse.json();
-  return tokenResponse;
-}
-
-exports.handler = async function (context, event, callback) {
+exports.handler = TokenValidator(async function (context, event, callback) {
   const response = new Twilio.Response();
   response.appendHeader('Access-Control-Allow-Origin', '*');
   response.appendHeader('Access-Control-Allow-Methods', 'OPTIONS POST');
@@ -29,7 +10,7 @@ exports.handler = async function (context, event, callback) {
 
   console.log('add-conference-participant parameters:');
   Object.keys(event).forEach(key => {
-    if (key !== "token") {
+    if (key !== "token" || key !== "Token") {
       console.log(`${key}: ${event[key]}`);
     }
   });
@@ -40,23 +21,11 @@ exports.handler = async function (context, event, callback) {
   }
 
   const {
-    token,
     taskSid,
     to,
     from
   } = event;
 
-  const tokenResponse = await getAuthentication(token, context);
-  if (!tokenResponse.valid) {
-    response.setStatusCode(401);
-    response.setBody({
-      status: 401,
-      message: 'Your authentication token failed validation',
-      detail: tokenResponse.message
-    });
-    return callback(null, response);
-  }
-
   console.log(`Adding ${to} to named conference ${taskSid}`);
   const client = context.getTwilioClient();
   const participantsResponse = await client
@@ -79,4 +48,4 @@ exports.handler = async function (context, event, callback) {
   });
 
   return callback(null, response);
-};
+});

dialpad-functions/functions/external-transfer/get-call-properties.js

@@ -1,27 +1,7 @@
 const nodeFetch = require('node-fetch');
+const TokenValidator = require('twilio-flex-token-validator').functionValidator;
 
-async function getAuthentication(token, context) {
-
-  console.log('Validating request token');
-
-  const tokenValidationApi = `https://${context.ACCOUNT_SID}:${context.AUTH_TOKEN}@iam.twilio.com/v1/Accounts/${context.ACCOUNT_SID}/Tokens/validate`;
-
-  const fetchResponse = await nodeFetch(tokenValidationApi, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({
-      token
-    })
-  });
-
-  const tokenResponse = await fetchResponse.json();
-  return tokenResponse;
-}
-
-
-exports.handler = async function (context, event, callback) {
+exports.handler = TokenValidator(async function (context, event, callback) {
   const response = new Twilio.Response();
   response.appendHeader('Access-Control-Allow-Origin', '*');
   response.appendHeader('Access-Control-Allow-Methods', 'OPTIONS POST');
@@ -30,7 +10,7 @@ exports.handler = async function (context, event, callback) {
 
   console.log('get-call-properties parameters:');
   Object.keys(event).forEach(key => {
-    if (key !== "token") {
+    if (key !== "token" || key !== "Token") {
       console.log(`${key}: ${event[key]}`);
     }
   });
@@ -41,23 +21,9 @@ exports.handler = async function (context, event, callback) {
   }
 
   const {
-    token,
     callSid,
   } = event;
 
-  console.log('Validating request token');
-  const tokenResponse = await getAuthentication(event.token, context);
-
-  if (!tokenResponse.valid) {
-    response.setStatusCode(401);
-    response.setBody({
-      status: 401,
-      message: 'Your authentication token failed validation',
-      detail: tokenResponse.message
-    });
-    return callback(null, response);
-  }
-
   console.log(`Getting properties for call SID ${callSid}`);
   const client = context.getTwilioClient();
   const callProperties = await client
@@ -74,4 +40,4 @@ exports.handler = async function (context, event, callback) {
   });
 
   return callback(null, response);
-};
+});

dialpad-functions/functions/external-transfer/hold-conference-participant.js

@@ -1,26 +1,7 @@
 const nodeFetch = require('node-fetch');
+const TokenValidator = require('twilio-flex-token-validator').functionValidator;
 
-async function getAuthentication(token, context) {
-
-  console.log('Validating request token');
-
-  const tokenValidationApi = `https://${context.ACCOUNT_SID}:${context.AUTH_TOKEN}@iam.twilio.com/v1/Accounts/${context.ACCOUNT_SID}/Tokens/validate`;
-
-  const fetchResponse = await nodeFetch(tokenValidationApi, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({
-      token
-    })
-  });
-
-  const tokenResponse = await fetchResponse.json();
-  return tokenResponse;
-}
-
-exports.handler = async function (context, event, callback) {
+exports.handler = TokenValidator(async function (context, event, callback) {
   const response = new Twilio.Response();
   response.appendHeader('Access-Control-Allow-Origin', '*');
   response.appendHeader('Access-Control-Allow-Methods', 'OPTIONS POST');
@@ -29,7 +10,7 @@ exports.handler = async function (context, event, callback) {
 
   console.log('hold-conference-participant parameters:');
   Object.keys(event).forEach(key => {
-    if (key !== "token") {
+    if (key !== "token" || key !== "Token") {
       console.log(`${key}: ${event[key]}`);
     }
   });
@@ -40,24 +21,11 @@ exports.handler = async function (context, event, callback) {
   }
 
   const {
-    token,
     conference,
     participant,
     hold
   } = event;
 
-  console.log('Validating request token');
-  const tokenResponse = await getAuthentication(event.token, context);
-  if (!tokenResponse.valid) {
-    response.setStatusCode(401);
-    response.setBody({
-      status: 401,
-      message: 'Your authentication token failed validation',
-      detail: tokenResponse.message
-    });
-    return callback(null, response);
-  }
-
   console.log(`${hold ? 'Holding' : 'Unholding'} participant ${participant} `
     + `in conference ${conference}`);
   const client = context.getTwilioClient();
@@ -82,4 +50,4 @@ exports.handler = async function (context, event, callback) {
   });
 
   return callback(null, response);
-};
+});

dialpad-functions/functions/external-transfer/remove-conference-participant.js

@@ -1,26 +1,7 @@
 const nodeFetch = require('node-fetch');
+const TokenValidator = require('twilio-flex-token-validator').functionValidator;
 
-async function getAuthentication(token, context) {
-
-  console.log('Validating request token');
-
-  const tokenValidationApi = `https://${context.ACCOUNT_SID}:${context.AUTH_TOKEN}@iam.twilio.com/v1/Accounts/${context.ACCOUNT_SID}/Tokens/validate`;
-
-  const fetchResponse = await nodeFetch(tokenValidationApi, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({
-      token
-    })
-  });
-
-  const tokenResponse = await fetchResponse.json();
-  return tokenResponse;
-}
-
-exports.handler = async function (context, event, callback) {
+exports.handler = TokenValidator(async function (context, event, callback) {
   const response = new Twilio.Response();
   response.appendHeader('Access-Control-Allow-Origin', '*');
   response.appendHeader('Access-Control-Allow-Methods', 'OPTIONS POST');
@@ -29,7 +10,7 @@ exports.handler = async function (context, event, callback) {
 
   console.log('remove-conference-participant parameters:');
   Object.keys(event).forEach(key => {
-    if (key !== "token") {
+    if (key !== "token" || key !== "Token") {
       console.log(`${key}: ${event[key]}`);
     }
   });
@@ -40,23 +21,10 @@ exports.handler = async function (context, event, callback) {
   }
 
   const {
-    token,
     conference,
     participant
   } = event;
 
-  console.log('Validating request token');
-  const tokenResponse = await getAuthentication(event.token, context);
-  if (!tokenResponse.valid) {
-    response.setStatusCode(401);
-    response.setBody({
-      status: 401,
-      message: 'Your authentication token failed validation',
-      detail: tokenResponse.message
-    });
-    return callback(null, response);
-  }
-
   console.log(`Removing participant ${participant} from conference ${conference}`);
   const client = context.getTwilioClient();
   const participantResponse = await client
@@ -69,4 +37,4 @@ exports.handler = async function (context, event, callback) {
   });
 
   return callback(null, response);
-};
+});

dialpad-functions/functions/external-transfer/update-conference-participant.js

@@ -1,26 +1,7 @@
 const nodeFetch = require('node-fetch');
+const TokenValidator = require('twilio-flex-token-validator').functionValidator;
 
-async function getAuthentication(token, context) {
-
-  console.log('Validating request token');
-
-  const tokenValidationApi = `https://${context.ACCOUNT_SID}:${context.AUTH_TOKEN}@iam.twilio.com/v1/Accounts/${context.ACCOUNT_SID}/Tokens/validate`;
-
-  const fetchResponse = await nodeFetch(tokenValidationApi, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({
-      token
-    })
-  });
-
-  const tokenResponse = await fetchResponse.json();
-  return tokenResponse;
-}
-
-exports.handler = async function (context, event, callback) {
+exports.handler = TokenValidator(async function (context, event, callback) {
   const response = new Twilio.Response();
   response.appendHeader('Access-Control-Allow-Origin', '*');
   response.appendHeader('Access-Control-Allow-Methods', 'OPTIONS POST');
@@ -29,7 +10,7 @@ exports.handler = async function (context, event, callback) {
 
   console.log('update-conference-participant parameters:');
   Object.keys(event).forEach(key => {
-    if (key !== "token") {
+    if (key !== "token" || key !== "Token") {
       console.log(`${key}: ${event[key]}`);
     }
   });
@@ -40,24 +21,11 @@ exports.handler = async function (context, event, callback) {
   }
 
   const {
-    token,
     conference,
     participant,
     endConferenceOnExit
   } = event;
 
-  console.log('Validating request token');
-  const tokenResponse = await getAuthentication(event.token, context);
-  if (!tokenResponse.valid) {
-    response.setStatusCode(401);
-    response.setBody({
-      status: 401,
-      message: 'Your authentication token failed validation',
-      detail: tokenResponse.message
-    });
-    return callback(null, response);
-  }
-
   console.log(`Updating participant ${participant} in conference ${conference}`);
   const client = context.getTwilioClient();
   const participantResponse = await client
@@ -79,4 +47,4 @@ exports.handler = async function (context, event, callback) {
   });
 
   return callback(null, response);
-};
+});