We Keep Coding

keycloak logout doesn't invalidate token when call a rest api

I've a React app that uses Keycloak as a authentication service. Also I've a Nodejs rest api with endpoints secured by keycloak, so the React app sends JWT when needs call an api. In Keycloak admin console I created 1 public client with users and roles.
All works fine, but the only problems is when a I logout through admin console, or
from my React application berfore that expiration time, I still can call to my app with these token.
Why my backend app doesn't validate the token with server?
My node app uses keycloak-node-connect adapter and my keycloak.json is:
{
"client-id": "my-public-client",
"bearer-only": true,
"auth-server-url": "http://localhost:8180/auth",
"realm": "my-realm"
}

Solved
I can solved my probleam like suggested in Keycloak: Access token validation end point
keycloak.config.js
var session = require('express-session');
var Keycloak = require('keycloak-connect');
var request = require('request');
const createError = require('http-errors');
let _keycloak;
var memoryStore = new session.MemoryStore();
function initKeycloak() {
if (_keycloak) {
console.log("Trying to init Keycloak again!");
return _keycloak;
}
else {
console.log("Initializing Keycloak...");
_keycloak = new Keycloak({ store: memoryStore });
return _keycloak;
}
}
function getKeycloak() {
if (!_keycloak) {
console.error('Keycloak has not been initialized. Please called init first.');
}
return _keycloak;
}
async function validateTokenKeycloak(req, res, next) {
if (req.kauth && req.kauth.grant) {
console.log('--- Verify token ---');
try {
var result = await _keycloak.grantManager.userInfo(req.kauth.grant.access_token);
//var result = await _keycloak.grantManager.validateAccessToken(req.kauth.grant.access_token);
if(!result) {
console.log(`result:`, result);
throw Error('Invalid Token');
}
} catch (error) {
console.log(`Error: ${error.message}`);
return next(createError.Unauthorized());
}
}
next();
}
module.exports = {
memoryStore,
initKeycloak,
getKeycloak,
validateTokenKeycloak
};
app.js
const express = require('express');
const createError = require('http-errors');
const dotenv = require('dotenv').config();
const session = require('express-session');
const keycloakConfig = require('./config/keycloak.config');
const app = express();
// Keycloak
app.use(session({
secret: 'secret',
resave: false,
saveUninitialized: true,
store: keycloakConfig.memoryStore
}));
const keycloak = keycloakConfig.initKeycloak();
app.use(keycloak.middleware());
app.use(keycloakConfig.validateTokenKeycloak);
app.use("/health", require('./routes/health.route'));
// 404 handler and pass to error handler
app.use((req, res, next) => {
next(createError(404, 'Not found'));
});
// Error Handler
app.use((err, req, res, next) => {
res.status(err.status || 500);
res.send({
error : {
status : err.status || 500,
message : err.message
}
});
});
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
console.log(`Server starter on port ${PORT}`);
});

Create mongoDB Session with Socket.io connection only

I need to create a session on MongoDB when the socket connection start, I have the following code:
var express = require('express');
var session = require('express-session');
var sharedsession = require("express-socket.io-session");
var MongoDBStore = require('connect-mongodb-session')(session);
var app = express();
var http = require('http').createServer(app);
var io = require('socket.io')(http);
var store = new MongoDBStore({
uri: 'CONNECTION TO MONGODB',
collection: 'sessions',
connectionOptions: {
useNewUrlParser: true
}
});
// Catch errors
store.on('error', function(error) {
console.log(error);
});
let sessionConfig = require('express-session')({
secret: 'This is a secret',
cookie: {
maxAge: 1000 * 60 * 60 * 24 * 7 // 1 week
},
store: store,
httpOnly: false,
resave: true,
saveUninitialized: true
});
app.use(sessionConfig);
io.use(sharedsession(sessionConfig, {
autoSave:true
}));
app.get('/', function(req, res) {
res.send('<html><head><script src="http://localhost:3001/socket.io/socket.io.js"></script><script>var socket = io();</script></head><body>Test</body></html>');
});
io.on('connection', (socket) => {
console.log('a user connected');
console.log('socket.handshake',socket.handshake.session);
console.log(socket.handshake.xdomain);
console.log("A USER LOGGED IN WITH ID: ", socket.request.user);
// Accept a login event with user's data
socket.on("login", function(userdata) {
socket.handshake.session.userdata = userdata;
socket.handshake.session.save();
});
socket.on("logout", function(userdata) {
if (socket.handshake.session.userdata) {
delete socket.handshake.session.userdata;
socket.handshake.session.save();
}
});
});
http.listen(3001, () => {
console.log('listening on *:3000');
});
server = app.listen(3000);
If I access to , the session is created successfully in MongoDB, I understand that the configuration with express is ok, and the Socket Share that session correctly when I try to connect from the same domain.
The problem is, that I have a mobile app with ionic v4, that only access from a socket connection and the session is never created on MongoDB.
Any thoughts?
UPDATE 1:
I try to add passport.socketio to get a proper way to add authentication to my app, and the output of this code, is Not Session found, its right, the socket connection never add the session to the MongoDB:
var express = require('express');
var session = require('express-session');
var sharedsession = require("express-socket.io-session");
let passport = require('passport');
let passportSocketIo = require("passport.socketio");
let cors = require('cors')
var MongoDBStore = require('connect-mongodb-session')(session);
var app = express();
var http = require('http').createServer(app);
var io = require('socket.io')(http);
var store = new MongoDBStore({
uri: 'MONGO DB STRING CONNECTION',
collection: 'sessions',
connectionOptions: {
useNewUrlParser: true
}
});
// Catch errors
store.on('error', function(error) {
console.log(error);
});
app.use(cors());
app.use(passport.initialize());
app.use(passport.session());
let config = {
passport : passport,
secret: 'This is a secret',
cookie: {
maxAge: 1000 * 60 * 60 * 24 * 7 // 1 week
},
store: store,
httpOnly: false,
resave: true,
saveUninitialized: true,
success: onAuthorizeSuccess, // *optional* callback on success - read more below
fail: onAuthorizeFail
};
let sessionConfig = require('express-session')(config);
app.use(sessionConfig);
io.origins('*:*');
io.use(sharedsession(sessionConfig, passportSocketIo.authorize(config)));
app.get('/', function(req, res) {
res.send('<html><head><script src="http://localhost:3001/socket.io/socket.io.js"></script><script>var socket = io();</script></head><body>Test</body></html>');
});
io.on('connection', (socket) => {
console.log('a user connected');
console.log('socket.handshake',socket.handshake.session);
console.log(socket.handshake.xdomain);
console.log("A USER LOGGED IN WITH ID: ", socket.request.user);
// Accept a login event with user's data
socket.on("login", function(userdata) {
socket.handshake.session.userdata = userdata;
socket.handshake.session.save();
});
socket.on("logout", function(userdata) {
if (socket.handshake.session.userdata) {
delete socket.handshake.session.userdata;
socket.handshake.session.save();
}
});
});
http.listen(3001, () => {
console.log('listening on *:3000');
});
server = app.listen(3000);
function onAuthorizeSuccess(data, accept){
console.log('successful connection to socket.io');
// accept(); //Let the user through
}
function onAuthorizeFail(data, message, error, accept){
console.log("Errror",error);
if(error) accept(new Error(message));
console.log('failed connection to socket.io:', message);
// accept(null, false);
}

Try
//Before io.on('connection....
io​.​engine​.​generateId​ ​=​ (​req​) ​=>​ {
//Try to get the cookie out from
//req.rawHeaders and return it
//so the socket ID will equal to the session Id
});
//The connection event
​io​.​on​(​'​connection​'​, ​socket​ ​=>​ { ....
//You can then do a mongoose search query using the socket Id here to match the user in the db

Error 404 Not Found Using Pug & Express and MongoDB

I am getting at 404 not found error using Express & MongoDB for a POST request. I tried to redo my routes numerous times, but am having trouble with the login page. I want to POST the information to my server and render a simple "Welcome Message."
Please advise.
Routes Folder:
var express = require('express');
var router = express.Router();
let mongoose = require('mongoose');
var User = require('../models/users')
//Get registration page from index button//
router.get('/register', function(req, res, next) {
res.render('register');
if (err) return console.error(err);
res.json(user);
});
//Post user data to database POST /register //
router.post('/register', function(req, res, next) {
res.render('Welcome to Fit 7');
})
var username = req.body.username;
var email = req.body.email;
var password = req.body.password;
var newuser = new User();
newuser.username = username;
newuser.email = email;
newuser.password = password;
newuser.save(function(err, savedUser) {
if(err) {
console.log(err);
return res.status(500).send();
}
return res.status(200).send();
})
module.exports = router;
App JS Code:
// var createError = require('http-errors');
var express = require('express');
var app = express();
var path = require('path');
// var cookieParser = require('cookie-parser');
var logger = require('morgan');
var bodyParser = require('body-parser');
var mongoose = require('mongoose');
mongoose.connect('mongodb://localhost/test');
var pug = require('pug');
// var indexRouter = require('./routes/index');
var workouts = require('./routes/workouts');
app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, 'public')));
// view engine setup
app.set('view engine', 'pug');
app.set('views', path.join(__dirname, 'views'));
// app.use(cookieParser());
// app.use(express.static(path.join(__dirname, 'public')));
// app.use('/', indexRouter);
// app.use('/api/workouts', workouts);
app.get('/', function (req, res) {
res.render('index')
})
//Registration Route for New Users
app.get('/register', function (req, res) {
res.render('register')
});
app.get('/home', function (req, res) {
res.render('home');
});
app.get('/workout/new', function (req, res) {
res.render('workoutform');
});
// catch 404 and forward to error handler
app.use(function(req, res, next) {
var err = new Error('Not Found');
err.status = 404;
next(err);});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
module.exports = app;
Pug Template Code:
body(data-gr-c-s-loaded='true', style='')
.container
form(action='/register', method='post').form-signin
h1.form-signin-heading Login to Fit-7
label.sr-only(for='username') Name
input#name.form-control(type='username', placeholder='username',
required='', autofocus='')
label.sr-only(for='email') Email address
input#inputEmail.form-control(type='email', placeholder='email address',
required='', autofocus='')
label.sr-only(for='password') Password
input#password.form-control(type='password', placeholder='password',
required='')
button.btn.btn-lg.btn-primary.btn-block(type='submit') Sign in
span._hsShareImage.hsShareImage  
loom-container#lo-engage-ext-container
loom-shadow(data-reactroot='', classname='resolved')

You dont seem to import the router anywhere in your app.js. First add
var registerRoute = require("./path/to/route.js");
after your other requires. Then add
app.use(registerRoute)
in place of this line:
app.get('/register', function (req, res) {
res.render('register')
});

I still dont have a reputation to like the comment above or comment, but the answer was very helpful.
But my problem was that I had the bellow line:
app.use('/', routes);
So I changed to where my application was
app.use('/Live/api', routes);
I'm using express with pug

API that fetches all records from mongoDB using express and mongoskin driver

I am beginner in Mean stack I am developing an API that fetches all records from mongodb using express. But I am not able to fetch all records from the database. I can't figure what I am doing wrong, I am doing it as follows:
This is my main app (server.js)
require('rootpath')();
var express = require('express');
var app = express();
var session = require('express-session');
var bodyParser = require('body-parser');
var expressJwt = require('express-jwt');
var config = require('config.json');
app.set('view engine', 'ejs');
app.set('views', __dirname + '/views');
app.use(bodyParser.urlencoded({
extended: false
}));
app.use(bodyParser.json());
app.use(session({
secret: config.secret,
resave: false,
saveUninitialized: true
}));
// use JWT auth to secure the api
app.use('/api', expressJwt({
secret: config.secret
}).unless({
path: ['/api/users/authenticate', '/api/users/register']
}));
// routes
app.use('/', require('./controllers/login.controller'));
app.use('/register', require('./controllers/register.controller'));
app.use('/app', require('./controllers/app.controller'));
app.use('/api/users', require('./controllers/api/users.controller'));
/*// make '/app' default route
app.get('/', function (req, res) {
return res.redirect('/app');
});*/
// start server
var server = app.listen(3000, function() {
console.log('Server listening at http://' + server.address().address + ':' + server.address().port);
});
This is my user.controller.js user will make a request to the api
http://localhost:3000/api/users/userList
var express = require('express');
var router = express.Router();
var userService = require('services/user.service');
router.get('/userList', getUserList);
module.exports = router;
function getUserList(req, res) {
userService.userList()
.then(function(users) {
if (users) {
res.send(users);
} else {
res.sendStatus(404);
}
})
.catch(function(err) {
res.status(400).send(err);
});
}
This is my user.service.js where I am querying the database to fetch all records using mongoskin driver.
var Q = require('q');
var mongo = require('mongoskin');
var db = mongo.db("mongodb://localhost:27017/EmployeeForm", {
native_parser: true
});
db.bind('users');
var service = {};
service.userList = userList;
module.exports = service;
function userList() {
var deferred = q.defer();
db.users.find(function(err, users) {
if (err) deferred.reject(err.name + ': ' + err.message);
});
return deferred.promise;
}

So i think it's find issue.
MongoDB find method return cursor by default.
https://docs.mongodb.com/manual/reference/method/db.collection.find/
From https://github.com/kissjs/node-mongoskin they use method toArray which will transform cursor into array of objects like this
db.find.toArray(callback)
So try like this in userList()
function userList() {
var deferred = q.defer();
db.users.find({}).toArray(function(err,docs){
err ? deferred.reject(err) : deferred.resolve(docs);
});
return deferred.promise;
}
Hope this helps.

Switching from Localhost MongoDB, to deploying on Heroku with MongoLab

I'v build an app on my local machine using MongoDB, and this is fully working locally. But once I deploy it to Heroku I cannot connect to the DB or retrieve anything from the REST service. I'v read the docs many time and noticed they need to be updated in many places which is throwing me off. Here is my initialize code:
Any help or suggestions much appreciated.
"use strict";
var express = require("express");
var path = require("path");
var favicon = require("serve-favicon");
var logger = require("morgan");
var cookieParser = require("cookie-parser");
var bodyParser = require("body-parser");
var server = express();
server.set("port", (process.env.PORT || 5000));
server.use(express.static(__dirname + "/public"));
server.listen(server.get("port"), function() {
console.log("Node server is running at localhost:" + server.get("port"));
});
var router = express.Router();
/* GET home page. */
router.get("public", function(req, res) {
res.render("index", { title: "MyApp" });
});
module.exports = router;
// **** LocalDB: "mongodb://localhost:27017/myapp" ****
var mongo = require("mongoskin");
var db = mongo.db("mongodb://xxxxxx:xxxxxx#ds045511.mongolab.com:45511/xxxxxx", {native_parser:true});
var routes = require("./routes/index");
var users = require("./routes/users");
var divesites = require("./routes/myCollection");
var app = express();
// view engine setup
app.set("views", path.join(__dirname, "views"));
app.set("view engine", "jade");
// uncomment after placing your favicon in /public
//app.use(favicon(__dirname + "/public/favicon.ico"));
app.use(logger("dev"));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, "public")));
// Make our db accessible to our router
app.use(function(req,res,next){
req.db = db;
next();
});
app.use("/", routes);
app.use("/users", users);
app.use("/myCollection", myCollection);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
var err = new Error("Not Found");
err.status = 404;
next(err);
});
// error handlers
// development error handler
// will print stacktrace
if (app.get("env") === "development") {
app.use(function(err, req, res, next) {
res.status(err.status || 500);
res.render("error", {
message: err.message,
error: err
});
});
}
// production error handler
// no stacktraces leaked to user
app.use(function(err, req, res, next) {
res.status(err.status || 500);
res.render("error", {
message: err.message,
error: {}
});
});
module.exports = app;

You could use the environment variable process.env.MONGOLAB_URI instead and see how that goes:
var mongo = require("mongoskin");
var db = mongo.db(process.env.MONGOLAB_URI, {native_parser:true});