npm - @aeriajs/server - Versions diffs - 0.0.247 → 0.0.248 - Mend

@aeriajs/server 0.0.247 → 0.0.248

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/constants.d.ts CHANGED Viewed

@@ -9,5 +9,6 @@ export declare const DEFAULT_API_CONFIG: {
         linkTokenExpiration: number;
         paginationLimit: number;
         mutableUserProperties: ("name" | "email" | "password" | "phone_number" | "picture_file")[];
+        revalidateToken: true;
     };
 };

package/dist/constants.js CHANGED Viewed

@@ -18,5 +18,6 @@ exports.DEFAULT_API_CONFIG = {
             'phone_number',
             'picture_file',
         ],
+        revalidateToken: true,
     },
 };

package/dist/constants.mjs CHANGED Viewed

@@ -15,6 +15,7 @@ export const DEFAULT_API_CONFIG = {
       "password",
       "phone_number",
       "picture_file"
-    ]
+    ],
+    revalidateToken: true
   }
 };

package/dist/handler.js CHANGED Viewed

@@ -12,6 +12,7 @@ const getACErrorHttpCode = (code) => {
         case types_1.ACError.FunctionNotFound: return types_1.HTTPStatus.NotFound;
         case types_1.ACError.FunctionNotExposed: return types_1.HTTPStatus.Forbidden;
         case types_1.ACError.AuthorizationError: return types_1.HTTPStatus.Unauthorized;
+        case types_1.ACError.InvalidToken: return types_1.HTTPStatus.Unauthorized;
         case types_1.ACError.AuthenticationError: return types_1.HTTPStatus.Forbidden;
         default: return types_1.HTTPStatus.InternalServerError;
     }

package/dist/handler.mjs CHANGED Viewed

@@ -13,6 +13,8 @@ const getACErrorHttpCode = (code) => {
       return HTTPStatus.Forbidden;
     case ACError.AuthorizationError:
       return HTTPStatus.Unauthorized;
+    case ACError.InvalidToken:
+      return HTTPStatus.Unauthorized;
     case ACError.AuthenticationError:
       return HTTPStatus.Forbidden;
     default:

package/dist/init.d.ts CHANGED Viewed

@@ -15,6 +15,10 @@ export type InitOptions = {
     }>;
 };
 export declare const getToken: (request: GenericRequest, context: RouteContext) => Promise<{
+    readonly _tag: "Error";
+    readonly error: "INVALID_TOKEN";
+    readonly result: undefined;
+} | {
     readonly _tag: "Result";
     readonly error: undefined;
     readonly result: import("@aeriajs/types").UnauthenticatedToken | AuthenticatedToken<true, import("@aeriajs/types").UserRole>;

package/dist/init.js CHANGED Viewed

@@ -30,6 +30,24 @@ const getToken = async (request, context) => {
                 Object.assign(decodedToken.userinfo, (0, common_1.throwIfError)(await (0, core_1.traverseDocument)(decodedToken.userinfo, context.collections.user.description, {
                     autoCast: true,
                 })));
+                if (context.config.security.revalidateToken) {
+                    const userCollection = (0, core_1.getDatabaseCollection)('user');
+                    const user = await userCollection.findOne({
+                        _id: decodedToken.sub,
+                        active: true,
+                    }, {
+                        projection: {
+                            roles: 1,
+                        },
+                    });
+                    if (!user) {
+                        return types_1.Result.error(types_1.ACError.InvalidToken);
+                    }
+                    const rolesMatch = decodedToken.roles.every((role) => user.roles.includes(role));
+                    if (!rolesMatch) {
+                        return types_1.Result.error(types_1.ACError.InvalidToken);
+                    }
+                }
             }
         }
         return types_1.Result.result(decodedToken);

package/dist/init.mjs CHANGED Viewed

@@ -3,7 +3,7 @@ import { Result, ACError, HTTPStatus } from "@aeriajs/types";
 import { endpointError, throwIfError, deepMerge } from "@aeriajs/common";
 import { cors, wrapRouteExecution } from "@aeriajs/http";
 import { registerServer } from "@aeriajs/node-http";
-import { createContext, getDatabase, decodeToken, traverseDocument, ObjectId } from "@aeriajs/core";
+import { createContext, getDatabase, getDatabaseCollection, decodeToken, traverseDocument, ObjectId } from "@aeriajs/core";
 import { DEFAULT_API_CONFIG } from "./constants.mjs";
 import { warmup } from "./warmup.mjs";
 import { registerRoutes } from "./routes.mjs";
@@ -26,6 +26,24 @@ export const getToken = async (request, context) => {
         Object.assign(decodedToken.userinfo, throwIfError(await traverseDocument(decodedToken.userinfo, context.collections.user.description, {
           autoCast: true
         })));
+        if (context.config.security.revalidateToken) {
+          const userCollection = getDatabaseCollection("user");
+          const user = await userCollection.findOne({
+            _id: decodedToken.sub,
+            active: true
+          }, {
+            projection: {
+              roles: 1
+            }
+          });
+          if (!user) {
+            return Result.error(ACError.InvalidToken);
+          }
+          const rolesMatch = decodedToken.roles.every((role) => user.roles.includes(role));
+          if (!rolesMatch) {
+            return Result.error(ACError.InvalidToken);
+          }
+        }
       }
     }
     return Result.result(decodedToken);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aeriajs/server",
-  "version": "0.0.247",
+  "version": "0.0.248",
   "description": "",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -33,14 +33,14 @@
     "mongodb": "^6.5.0"
   },
   "peerDependencies": {
-    "@aeriajs/core": "^0.0.245",
-    "@aeriajs/builtins": "^0.0.245",
-    "@aeriajs/common": "^0.0.136",
-    "@aeriajs/entrypoint": "^0.0.140",
-    "@aeriajs/http": "^0.0.164",
-    "@aeriajs/node-http": "^0.0.164",
-    "@aeriajs/server": "^0.0.247",
-    "@aeriajs/types": "^0.0.118",
+    "@aeriajs/core": "^0.0.246",
+    "@aeriajs/builtins": "^0.0.246",
+    "@aeriajs/common": "^0.0.137",
+    "@aeriajs/entrypoint": "^0.0.141",
+    "@aeriajs/http": "^0.0.165",
+    "@aeriajs/node-http": "^0.0.165",
+    "@aeriajs/server": "^0.0.248",
+    "@aeriajs/types": "^0.0.119",
     "mongodb": "^6.5.0"
   },
   "scripts": {