coveo · y-lakhdar · Feb 17, 2021 · Feb 15, 2021 · Feb 16, 2021 · Feb 16, 2021
@@ -0,0 +1,14 @@
+# The unique identifier of the organization in which to generate a search token.
+# Example: ORGANIZATION_ID=mycoveoorganizationg8tp8wu3.
+# See https://docs.coveo.com/en/148/manage-an-organization/retrieve-the-organization-id
+ORGANIZATION_ID=<YOUR_ORGANIZATION_ID>
+
+# An API key granting the impersonate privilege in your organization.
+# The API key should have the impersonate privilege.
+# See https://docs.coveo.com/en/1718/manage-an-organization/manage-api-keys#add-an-api-key
+API_KEY=<YOUR_API_KEY>
+
+# The name of the security identity to impersonate.
+# Example: USER_EMAIL="[email protected]"
+# See https://docs.coveo.com/en/56/#name-string-required.
+USER_EMAIL=<YOUR_USER_EMAIL>
@@ -0,0 +1,17 @@
+
+# IDEs
+.idea/
+jsconfig.json
+.vscode/
+
+# Misc
+node_modules/
+npm-debug.log*
+yarn-error.log*
+
+# Mac OSX Finder files.
+**/.DS_Store
+.DS_Store
+
+# Sensitive
+.env
@@ -0,0 +1,29 @@
+# Simple search token generation server
+
+An [Express](https://www.npmjs.com/package/express) server to generate [Coveo search tokens](https://docs.coveo.com/en/1346/).
+
+## Setup environment
+
+Create the `.env` file at the root of this project using `.env.example` as starting point and make sure to replace all placeholder variables `<...>` by the proper information for your organization.
+For more involved configurations, you can modify the request parameters used in the `middlewares/searchToken.ts` file.
+
+## Installation
+
+```bash
+npm install
+```
+
+## Usage
+
+```bash
+npm start
+```
+
+This will start a server listening on port 3000. The app will return a [Coveo search token](https://docs.coveo.com/en/1346/) when you make a GET request to the [/token](http://localhost:3000/token) path. Every other path will respond by a **404 Not Found** error.
+
+## Documentation
+
+### Search Token Authentication
+
+A search token is a special JSON web token typically used to temporarily grant the privilege to execute queries as a specific user and log usage analytics events.
+To understand search tokens and how they work in more detail, visit the [Search Token Authentication](https://docs.coveo.com/en/56/build-a-search-ui/search-token-authentication) page.
@@ -0,0 +1,19 @@
+import {Request, Response, NextFunction} from 'express';
+
+export function environmentCheck(
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  if (
+    process.env.ORGANIZATION_ID === undefined ||
+    process.env.API_KEY === undefined ||
+    process.env.USER_EMAIL === undefined
+  ) {
+    const message =
+      'Make sure to configure the environment variables in the ".env" file. Refer to the README to set up the server.';
+    next({message});
+  } else {
+    next();
+  }
+}
@@ -0,0 +1,11 @@
+import {NextFunction, Request, Response} from 'express';
+
+export function errorHandler(
+  err: any,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  console.error(err);
+  res.status(err.statusCode || 500).send(err.message || 'Something broke!');
+}
@@ -0,0 +1,92 @@
+require('isomorphic-fetch');
+require('abortcontroller-polyfill');
+
+import {Request, Response, NextFunction} from 'express';
+import {
+  PlatformClient,
+  Environment,
+  Region,
+  RestUserIdType,
+  TokenModel,
+} from '@coveord/platform-client';
+
+export function ensureTokenGenerated(
+  req: Request,
+  res: Response,
+  next: NextFunction
+) {
+  const platform: PlatformClient =
+    req.app.locals.platform ||
+    new PlatformClient({
+      /**
+       * The target environment.
+       * The platform.cloud.coveo.com is the default target host.
+       * However, you can target a different host by changing the environment.
+       *
+       * Example:
+       * environment: Environment.hipaa will target the HIPAA host (platformhipaa.cloud.coveo.com)
+       */
+      environment: Environment.prod,
+      /**
+       * The target region.
+       * See https://docs.coveo.com/en/2976/coveo-solutions/deployment-regions-and-strategies#data-residency
+       */
+      region: Region.US,
+      /**
+       * The unique identifier of your Coveo organization.
+       * To retrieve your org ID, see https://docs.coveo.com/en/148/manage-an-organization/retrieve-the-organization-id
+       */
+      organizationId: process.env.ORGANIZATION_ID,
+      /**
+       * An API key with the impersonate privilege in the target organization.
+       * See https://docs.coveo.com/en/1718/manage-an-organization/manage-api-keys#add-an-api-key
+       */
+      accessToken: process.env.API_KEY!,
+    });
+
+  platform.search
+    .createToken({
+      /****** Mandatory parameters ******/
+      /**
+       * The security identities to impersonate when authenticating a query with this search token.
+       * The userIds array should contain at least one security indentity.
+       * See https://docs.coveo.com/en/56/#userids-array-of-restuserid-required
+       */
+      userIds: [
+        {
+          name: process.env.USER_EMAIL!,
+          provider: 'Email Security Provider',
+          type: RestUserIdType.User,
+        },
+      ],
+
+      /****** Optional parameters ******/
+      /**
+       * The name of the search hub to enforce when authenticating a query with this search token.
+       * The search hub is a descriptive name of the search interface on which the token is to be used.
+       *See https://docs.coveo.com/en/56/#searchhub-string-optional
+
+       * Example:
+       * searchHub: 'supporthub',
+       */
+
+      /**
+       * The filter query expression to apply when authenticating a query with this search token.
+       * See https://docs.coveo.com/en/56/#filter-string-optional
+       *
+       * Example:
+       * filter: 'NOT @source="my secured source"',
+       */
+    })
+    .then((data: TokenModel) => {
+      req.token = data.token;
+      next();
+    })
+    .catch((err) => {
+      next(err);
+    });
+
+  if (!req.app.locals.platform) {
+    req.app.locals.platform = platform;
+  }
+}