Add support for JWT-based authentication (by passing a function that "provides" the JWT to Connection.connect)

Author: bryaningl3

docs/content/releases/6.3.0.md

@@ -0,0 +1,3 @@
+**New Features**
+
+* Added support for authentication using [JWT](https://en.wikipedia.org/wiki/JSON_Web_Token). This feature is intentionally undocumented.

lib/connection/.meta.js

@@ -10,6 +10,17 @@
  * @namespace Callbacks
  */
 
+/**
+ * The signature of a function which returns a JWT. The JWT is
+ * then used as an alternative for credentials (i.e. a username
+ * and password). The function can be synchronous or asynchronous.
+ *
+ * @public
+ * @callback JwtProvider
+ * @memberOf Callbacks
+ * @returns {string|Promise<string>}
+ */
+
 /**
  * The signature of a function which accepts events generated by an
  * **Events** subscription (see {@link Enums.SubscriptionType}).

lib/connection/Connection.js

@@ -1,4 +1,5 @@
 const array = require('@barchart/common-js/lang/array'),
+	assert = require('@barchart/common-js/lang/assert'),
 	object = require('@barchart/common-js/lang/object');
 
 const ConnectionBase = require('./ConnectionBase'),
@@ -21,6 +22,11 @@ module.exports = (() => {
 
 	const _API_VERSION = 4;
 
+	const mode = {
+		credentials: 'credentials',
+		token: 'token'
+	};
+
 	const state = {
 		connecting: 'CONNECTING',
 		authenticating: 'LOGGING_IN',
@@ -46,6 +52,9 @@ module.exports = (() => {
 	const _RECONNECT_INTERVAL = 5000;
 	const _WATCHDOG_INTERVAL = 10000;
 
+	const regex = { };
+	regex.hostname = /^(?:(wss|ws):\/\/)?(.+?)(?::(\d+))?$/i;
+
 	function ConnectionInternal(marketState, instance) {
 		const __logger = LoggerFactory.getLogger('@barchart/marketdata-api-js');
 
@@ -60,6 +69,7 @@ module.exports = (() => {
 
 		let __connection = null;
 		let __connectionState = state.disconnected;
+		let __connectionCount = 0;
 
 		let __paused = false;
 
@@ -94,9 +104,12 @@ module.exports = (() => {
 		};
 
 		const __loginInfo = {
+			mode: null,
 			hostname: null,
 			username: null,
-			password: null
+			password: null,
+			jwtProvider: null,
+			jwtPromise: null
 		};
 
 		let __decoder = null;
@@ -154,18 +167,19 @@ module.exports = (() => {
 		 *
 		 * @private
 		 * @param {String} hostname
-		 * @param {String} username
-		 * @param {String} password
+		 * @param {String=} username
+		 * @param {String=} password
 		 * @param {WebSocketAdapterFactory} webSocketAdapterFactory
 		 * @param {XmlParserFactory} xmlParserFactory
+		 * @param {Callbacks.JwtProvider} jwtProvider
 		 */
-		function initializeConnection(hostname, username, password, webSocketAdapterFactory, xmlParserFactory) {
+		function initializeConnection(hostname, username, password, webSocketAdapterFactory, xmlParserFactory, jwtProvider) {
 			__connectionFactory = webSocketAdapterFactory;
 			__xmlParserFactory = xmlParserFactory;
 
 			__reconnectAllowed = true;
 
-			connect(hostname, username, password);
+			connect(hostname, username, password, jwtProvider);
 		}
 
 		/**
@@ -179,9 +193,12 @@ module.exports = (() => {
 
 			__reconnectAllowed = false;
 
+			__loginInfo.mode = null;
+			__loginInfo.hostname = null;
 			__loginInfo.username = null;
 			__loginInfo.password = null;
-			__loginInfo.hostname = null;
+			__loginInfo.jwtProvider = null;
+			__loginInfo.jwtPromise = null;
 
 			__knownConsumerSymbols = {};
 			__pendingProfileSymbols = {};
@@ -197,24 +214,62 @@ module.exports = (() => {
 			disconnect();
 		}
 
+		/**
+		 * Attempts to read a JWT from an external provider.
+		 *
+		 * @private
+		 * @param {Callbacks.JwtProvider} jwtProvider
+		 * @returns {Promise<string|null>}
+		 */
+		function getJwt(jwtProvider) {
+			const connectionCount = __connectionCount;
+
+			return Promise.resolve()
+				.then(() => {
+					__logger.log(`Connection [ ${__instance} ]: Requesting JWT for connection attempt [ ${connectionCount} ].`);
+
+					return jwtProvider();
+				}).then((jwt) => {
+					__logger.log(`Connection [ ${__instance} ]: Request for JWT was successful for connection attempt [ ${connectionCount} ].`);
+
+					if (__connectionCount !== connectionCount) {
+						return null;
+					}
+
+					if (typeof(jwt) !== 'string') {
+						__logger.warn(`Connection [ ${__instance} ]: Unable to extract JWT.`);
+
+						return null;
+					}
+
+					return jwt;
+				}).catch((e) => {
+					__logger.warn(`Connection [ ${__instance} ]: Request for JWT failed for connection attempt [ ${connectionCount} ].`);
+
+					return null;
+				});
+		}
+
 		/**
 		 * Attempts to establish a connection to JERQ.
 		 *
 		 * @private
 		 * @param {String} hostname
-		 * @param {String} username
-		 * @param {String} password
+		 * @param {String=} username
+		 * @param {String=} password
+		 * @param {Callbacks.JwtProvider=} jwtProvider
 		 */
-		function connect(hostname, username, password) {
-			if (!hostname) {
-				throw new Error('Unable to connect, the "hostname" argument is required.');
-			}
+		function connect(hostname, username, password, jwtProvider) {
+			assert.argumentIsRequired(hostname, 'hostname', String);
+			assert.argumentIsOptional(username, 'username', String);
+			assert.argumentIsOptional(password, 'password', String);
+			assert.argumentIsOptional(jwtProvider, 'jwtProvider', Function);
 
-			if (!username) {
+			if (!username && !jwtProvider) {
 				throw new Error('Unable to connect, the "username" argument is required.');
 			}
 
-			if (!password) {
+			if (!password && !jwtProvider) {
 				throw new Error('Unable to connect, the "password" argument is required.');
 			}
 
@@ -226,28 +281,67 @@ module.exports = (() => {
 
 			ensureExchangeMetadata();
 
-			__logger.log(`Connection [ ${__instance} ]: Initializing. Version [ ${version} ]. Using [ ${username}@${hostname} ].`);
+			__connectionCount = __connectionCount + 1;
 
-			__xmlParser = __xmlParserFactory.build();
+			__logger.log(`Connection [ ${__instance} ]: Starting connection attempt [ ${__connectionCount} ] using [ ${jwtProvider ? 'JWT' : 'credentials-based' } ] authentication.`);
 
 			let protocol;
+			let host;
 			let port;
 
 			if (hostname === 'localhost') {
 				protocol = 'ws';
+				host = 'localhost';
 				port = 8080;
 			} else {
-				protocol = 'wss';
-				port = 443;
+				const match = hostname.match(regex.hostname);
+
+				if (match !== null && match[1]) {
+					protocol = match[1];
+				} else {
+					protocol = 'wss';
+				}
+
+				if (match !== null && match[2]) {
+					host = match[2];
+				} else {
+					host = hostname;
+				}
+
+				if (match !== null && match[3]) {
+					port = parseInt(match[3]);
+				} else {
+					port = protocol === 'ws' ? 80 : 443;
+				}
 			}
 
-			__loginInfo.username = username;
-			__loginInfo.password = password;
 			__loginInfo.hostname = hostname;
 
+			__loginInfo.username = null;
+			__loginInfo.password = null;
+
+			__loginInfo.jwtProvider = null;
+			__loginInfo.jwtPromise = null;
+
+			if (jwtProvider) {
+				__loginInfo.mode = mode.token;
+
+				__loginInfo.jwtProvider = jwtProvider;
+				__loginInfo.jwtPromise = getJwt(jwtProvider);
+			} else {
+				__loginInfo.mode = mode.credentials;
+
+				__loginInfo.username = username;
+				__loginInfo.password = password;
+			}
+
+			__xmlParser = __xmlParserFactory.build();
+
 			__connectionState = state.disconnected;
 
-			__connection = __connectionFactory.build(`${protocol}://${__loginInfo.hostname}:${port}/jerq`);
+			__logger.log(`Connection [ ${__instance} ]: Opening connection to [ ${protocol}://${host}:${port} ].`);
+
+			__connection = __connectionFactory.build(`${protocol}://${host}:${port}/jerq`);
 			__connection.binaryType = 'arraybuffer';
 
 			__decoder = __connection.getDecoder();
@@ -307,7 +401,7 @@ module.exports = (() => {
 				if (__reconnectAllowed) {
 					__logger.log(`Connection [ ${__instance} ]: Scheduling reconnect attempt.`);
 
-					const reconnectAction = () => connect(__loginInfo.hostname, __loginInfo.username, __loginInfo.password);
+					const reconnectAction = () => connect(__loginInfo.hostname, __loginInfo.username, __loginInfo.password, __loginInfo.jwtProvider);
 					const reconnectDelay = _RECONNECT_INTERVAL + Math.floor(Math.random() * _WATCHDOG_INTERVAL);
 
 					setTimeout(reconnectAction, reconnectDelay);
@@ -836,9 +930,39 @@ module.exports = (() => {
 				if (lines.some(line => line === '+++')) {
 					__connectionState = state.authenticating;
 
-					__logger.log(`Connection [ ${__instance} ]: Sending credentials.`);
+					let connectionCount = __connectionCount;
 
-					__connection.send(`LOGIN ${__loginInfo.username}:${__loginInfo.password} VERSION=${_API_VERSION}\r\n`);
+					if (__loginInfo.mode === mode.credentials) {
+						__connection.send(`LOGIN ${__loginInfo.username}:${__loginInfo.password} VERSION=${_API_VERSION}\r\n`);
+
+						return;
+					}
+
+					if (__loginInfo.mode === mode.token) {
+						const jwtPromise = __loginInfo.jwtPromise || Promise.resolve(null);
+
+						jwtPromise.then((jwt) => {
+							if (__connectionCount !== connectionCount) {
+								return;
+							}
+
+							if (__connectionState !== state.authenticating) {
+								return;
+							}
+
+							if (jwt === null) {
+								broadcastEvent('events', { event: 'jwt acquisition failed' });
+
+								disconnect();
+
+								return;
+							}
+
+							__connection.send(`TOKEN ${jwt} VERSION=${_API_VERSION}\r\n`);
+						});
+
+						return;
+					}
 				}
 			} else if (__connectionState === state.authenticating) {
 				const lines = message.split('\n');
@@ -1847,7 +1971,7 @@ module.exports = (() => {
 		}
 
 		_connect(webSocketAdapterFactory, xmlParserFactory) {
-			this._internal.connect(this.getHostname(), this.getUsername(), this.getPassword(), webSocketAdapterFactory, xmlParserFactory);
+			this._internal.connect(this.getHostname(), this.getUsername(), this.getPassword(), webSocketAdapterFactory, xmlParserFactory, this.getJwtProvider());
 		}
 
 		_disconnect() {

lib/connection/ConnectionBase.js

@@ -22,9 +22,12 @@ module.exports = (() => {
 	class ConnectionBase {
 		constructor(environment) {
 			this._hostname = null;
+
 			this._username = null;
 			this._password = null;
 
+			this._jwtProvider = null;
+
 			this._environment = environment || new EnvironmentForBrowsers();
 			this._marketState = new MarketState(symbol => this._handleProfileRequest(symbol));
 
@@ -44,15 +47,19 @@ module.exports = (() => {
 		 *
 		 * @public
 		 * @param {string} hostname - Barchart hostname (contact [email protected])
-		 * @param {string} username - Your username (contact [email protected])
-		 * @param {string} password - Your password (contact [email protected])
+		 * @param {string=} username - Your username (contact [email protected])
+		 * @param {string=} password - Your password (contact [email protected])
 		 * @param {WebSocketAdapterFactory=} webSocketAdapterFactory - Strategy for creating a {@link WebSocketAdapterFactory} instances (overrides {@link Environment} settings).
 		 * @param {XmlParserFactory=} xmlParserFactory - Strategy for creating a {@link WebSocketAdapterFactory} instances (overrides {@link Environment} settings).
+		 * @param {Callbacks.JwtProvider=} jwtProvider - A function which returns a JWT (or a promise for a JWT) that is used as an alternative for actual credentials.
 		 */
-		connect(hostname, username, password, webSocketAdapterFactory, xmlParserFactory) {
+		connect(hostname, username, password, webSocketAdapterFactory, xmlParserFactory, jwtProvider) {
 			this._hostname = hostname;
-			this._username = username;
-			this._password = password;
+
+			this._username = username || null;
+			this._password = password || null;
+
+			this._jwtProvider = jwtProvider || null;
 
 			this._connect(webSocketAdapterFactory || this._environment.getWebSocketAdapterFactory(), xmlParserFactory || this._environment.getXmlParserFactory());
 		}
@@ -75,9 +82,12 @@ module.exports = (() => {
 		 */
 		disconnect() {
 			this._hostname = null;
+
 			this._username = null;
 			this._password = null;
 
+			this._jwtProvider = null;
+
 			this._disconnect();
 		}
 
@@ -369,6 +379,16 @@ module.exports = (() => {
 			return this._username;
 		}
 
+		/**
+		 * The username used to authenticate to Barchart.
+		 *
+		 * @public
+		 * @returns {null|Callbacks.JwtProvider}
+		 */
+		getJwtProvider() {
+			return this._jwtProvider;
+		}
+
 		/**
 		 * Gets a unique identifier for the current instance.
 		 *