npm - @apolitical/server - Versions diffs - 2.0.0-beta.3 → 2.0.1-beta.3 - Mend

@apolitical/server 2.0.0-beta.3 → 2.0.1-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/CHANGELOG.md +16 -0
package/README.md +25 -2
package/package.json +5 -5
package/src/container.js +4 -4
package/src/helpers/jwt/passport.helper.js +1 -1
package/src/loaders/documentation.loader.js +8 -2
package/src/middlewares/{auth.middleware.js → authentication.middleware.js} +0 -0
package/src/middlewares/{permissions.middleware.js → authorisation.middleware.js} +1 -1
package/src/middlewares/error.middleware.js +5 -1
package/src/services/server.service.js +4 -2

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.0.1] - 2022-01-21
+### Added
+- Correlation when logging from error middleware
+- Dynamically update documentation to set the host
+## [2.0.0] - 2022-01-20
+### Added
+- Authorisation middleware
+- New logging middleware for production (based on Google Winston)
+### Changed
+- Updated dependencies
+- Upgraded Node.js version
+- Revamped GitLab pipelines
+### Removed
+- Unused logger helper
 ## [1.5.2] - 2021-10-18
 ### Changed
 - Allow cors options to be passed in as params on start

package/README.md CHANGED Viewed

@@ -75,7 +75,7 @@ For usage examples, see [example.spec.js](tests/../test/integration/example.spec
 ### JWT authentication
-The __Apolitical Server__ has integrated JSON Web Token (JWT) functionality. The JWT authentication layer is intended to be used to secure endpoints without sessions.
+The __Apolitical Server__ has integrated JSON Web Token (JWT) functionality. The JWT authentication layer is intended to be used to secure endpoints from requests without a valid session token.
 ```js
 // The JWT strategy session secret
@@ -85,7 +85,7 @@ function appLoader(app) {
   // Setup the Apolitical JWT strategy
   jwt.apolitical.setup(SESSION_SECRET);
   // Use the authentication middleware to reject unauthorised requests
-  app.use(middlewares.auth());
+  app.use(middlewares.authentication());
   // The example endpoint is now protected
   app.get('/example', exampleController);
 }
@@ -102,6 +102,29 @@ The JWT authentication must be defined with two steps:
 For usage examples, see [jwt.apolitical.spec.js](tests/../test/integration/jwt.apolitical.spec.js) test cases.
+### JWT authorisation
+The __Apolitical Server__ has integrated JSON Web Token (JWT) functionality. The JWT authorisation layer is intended to be used to protect endpoints from request with session token without the right permissions.
+```js
+// The JWT strategy session secret
+const SESSION_SECRET = 'hello';
+function appLoader(app) {
+  // Setup the Apolitical JWT strategy
+  jwt.apolitical.setup(SESSION_SECRET);
+  // Use the authentication middleware to reject unauthorised requests
+  app.use(middlewares.authentication());
+  // The example endpoint can only be accessed by admin users
+  app.get('/example', middlewares.authorisation(), exampleController);
+}
+// Start the server
+start({ appLoader, port: 3000 });
+```
+As before, the Apolitical token will be validated by the `authentication` middleware, and then, the `authorisation` middleware will check that the `role` property on the session token to determine the permissions.
 ### Error handling
 The __Apolitical Server__ comes with a default error handler so you don’t need to write your own to get started. It’s important to ensure that your server catches all errors that occur while running your business logic. For more info see [express error handling](https://expressjs.com/en/guide/error-handling.html).

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@apolitical/server",
-  "version": "2.0.0-beta.3",
+  "version": "2.0.1-beta.3",
   "description": "Node.js module to encapsulate Apolitical's express server setup",
   "author": "Apolitical Group Limited <engineering@apolitical.co>",
   "license": "MIT",
@@ -24,7 +24,7 @@
     "Node Modules"
   ],
   "dependencies": {
-    "@apolitical/logger": "2.0.0-beta.7",
+    "@apolitical/logger": "2.0.0",
     "@cloudnative/health-connect": "2.1.0",
     "awilix": "6.0.0",
     "body-parser": "1.19.1",
@@ -45,13 +45,13 @@
     "swagger-ui-express": "4.3.0"
   },
   "devDependencies": {
-    "@apolitical/eslint-config": "1.0.0-beta.0",
-    "@apolitical/testing": "0.0.4",
+    "@apolitical/eslint-config": "1.0.1",
+    "@apolitical/testing": "1.0.1",
     "audit-ci": "5.1.2",
     "husky": "7.0.4",
     "jest": "27.4.7",
     "jest-junit": "13.0.0",
-    "lint-staged": "12.2.0",
+    "lint-staged": "12.2.2",
     "mock-jwks": "1.0.1",
     "nock": "13.2.2"
   },

package/src/container.js CHANGED Viewed

@@ -37,11 +37,11 @@ const middlewaresLoader = require('./loaders/middlewares.loader');
 const probesLoader = require('./loaders/probes.loader');
 const staticLoader = require('./loaders/static.loader');
 // Middleware
-const authMiddleware = require('./middlewares/auth.middleware');
+const authenticationMiddleware = require('./middlewares/authentication.middleware');
+const authorisationMiddleware = require('./middlewares/authorisation.middleware');
 const jwtApoliticalMiddleware = require('./middlewares/jwt/apolitical.middleware');
 const jwtAuth0Middleware = require('./middlewares/jwt/auth0.middleware');
 const errorMiddleware = require('./middlewares/error.middleware');
-const permissionsMiddleware = require('./middlewares/permissions.middleware');
 // Services
 const jwtService = require('./services/jwt.service');
 const serverService = require('./services/server.service');
@@ -85,11 +85,11 @@ container.register({
   probesLoader: asFunction(probesLoader).singleton(),
   staticLoader: asFunction(staticLoader).singleton(),
   // Middlewares
-  authMiddleware: asFunction(authMiddleware).singleton(),
+  authenticationMiddleware: asFunction(authenticationMiddleware).singleton(),
+  authorisationMiddleware: asFunction(authorisationMiddleware).singleton(),
   jwtApoliticalMiddleware: asFunction(jwtApoliticalMiddleware).singleton(),
   jwtAuth0Middleware: asFunction(jwtAuth0Middleware).singleton(),
   errorMiddleware: asFunction(errorMiddleware).singleton(),
-  permissionsMiddleware: asFunction(permissionsMiddleware).singleton(),
   // Services
   jwtService: asFunction(jwtService).singleton(),
   serverService: asFunction(serverService).singleton(),

package/src/helpers/jwt/passport.helper.js CHANGED Viewed

@@ -11,7 +11,7 @@ module.exports = ({ passport, passportJwt, logger, config }) => {
       if (req && req.cookies && req.cookies[COOKIE_KEY]) {
         result = req.cookies[COOKIE_KEY];
       } else {
-        childLogger.debug('No Apolitical auth cookie');
+        childLogger.debug('Cannot find Apolitical token (cookie)');
       }
       childLogger.debug('Finished');
       return result;

package/src/loaders/documentation.loader.js CHANGED Viewed

@@ -5,19 +5,25 @@ module.exports = ({
   config,
   logger,
   swaggerUi: { serve, setup },
-  permissionsMiddleware,
+  authorisationMiddleware,
 }) => {
   const { DOCUMENTATION } = config.ENDPOINTS;
   return function load(app, { swaggerDocument }) {
     const childLogger = logger.where(__filename, 'load');
     childLogger.debug('Started');
+    // Internal middleware to dynamically set the host
+    function hostMiddleware(req, res, next) {
+      swaggerDocument.host = req.get('host');
+      req.swaggerDoc = swaggerDocument;
+      next();
+    }
     // Load document endpoint
     if (swaggerDocument) {
       // Redirection to documentation
       app.use(`${DOCUMENTATION}index.html`, (req, res) => res.redirect(MOVED_PERMANENTLY, DOCUMENTATION));
       // Documentation express setup
-      app.use(DOCUMENTATION, permissionsMiddleware(), serve, setup(swaggerDocument));
+      app.use(DOCUMENTATION, authorisationMiddleware(), hostMiddleware, serve, setup());
     }
     childLogger.debug('Finished');
   };

package/src/middlewares/{auth.middleware.js → authentication.middleware.js} RENAMED Viewed

File without changes

package/src/middlewares/{permissions.middleware.js → authorisation.middleware.js} RENAMED Viewed

@@ -5,7 +5,7 @@ module.exports = ({ logger, serverError: { Forbidden }, config }) => {
   // Define external options
   return ({ myselfSource = null, myselfTarget = null, allowNonAdmin = false } = {}) => {
     // Return middleware handler
-    return async function handler(req, res, next) {
+    return function handler(req, res, next) {
       const childLogger = logger.where(__filename, 'handler');
       childLogger.debug('Started');
       let isNotMyselfSlug = false;

package/src/middlewares/error.middleware.js CHANGED Viewed

@@ -38,7 +38,11 @@ module.exports =
           errors = ['unknown-error'];
         }
       }
-      errorLogger.warn(message, { errors });
+      if (req.log) {
+        req.log.warn(message, { errors });
+      } else {
+        errorLogger.warn(message, { errors });
+      }
       if (redirectURL) {
         res.redirect(TEMPORARY_REDIRECT, `${redirectURL}?errorMessage=${encodeURI(message)}`);
       } else {

package/src/services/server.service.js CHANGED Viewed

@@ -6,7 +6,8 @@ module.exports = ({
   logger,
   documentationLoader,
   loggerLoader,
-  authMiddleware,
+  authenticationMiddleware,
+  authorisationMiddleware,
   errorMiddleware,
   middlewaresLoader,
   probesLoader,
@@ -74,7 +75,8 @@ module.exports = ({
     jwt: jwtService,
     errors: serverError,
     middlewares: {
-      auth: authMiddleware,
+      authentication: authenticationMiddleware,
+      authorisation: authorisationMiddleware,
     },
   };
 };