npm - @apolitical/server - Versions diffs - 2.0.1 → 2.1.1 - Mend

@apolitical/server 2.0.1 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md +10 -0
package/README.md +1 -1
package/package.json +9 -8
package/src/container.js +2 -0
package/src/loaders/middlewares.loader.js +5 -2
package/src/middlewares/authorisation.middleware.js +7 -7

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.1.1] - 2022-01-31
+### Fixed
+- Authorisation logic
+## [2.1.0] - 2022-01-21
+### Added
+- Prerender middleware
+### Fixed
+- Node.js version
 ## [2.0.1] - 2022-01-21
 ### Added
 - Correlation when logging from error middleware

package/README.md CHANGED Viewed

@@ -6,7 +6,7 @@ Node.js module to encapsulate Apolitical's express server setup
 Requires the following to run:
-- [node.js][node] 16.13.2+
+- [node.js][node] 16.13.0+
 - [yarn][yarn]
 [node]: https://nodejs.org/en/download/

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@apolitical/server",
-  "version": "2.0.1",
+  "version": "2.1.1",
   "description": "Node.js module to encapsulate Apolitical's express server setup",
   "author": "Apolitical Group Limited <engineering@apolitical.co>",
   "license": "MIT",
@@ -24,14 +24,14 @@
     "Node Modules"
   ],
   "dependencies": {
-    "@apolitical/logger": "2.0.0",
+    "@apolitical/logger": "2.0.1",
     "@cloudnative/health-connect": "2.1.0",
-    "awilix": "6.0.0",
+    "awilix": "6.1.0",
     "body-parser": "1.19.1",
     "compression": "1.7.4",
     "cookie-parser": "1.4.6",
     "cors": "2.8.5",
-    "dotenv": "14.2.0",
+    "dotenv": "15.0.0",
     "express": "4.17.2",
     "express-jwt": "6.1.0",
     "http-status-codes": "2.2.0",
@@ -42,21 +42,22 @@
     "morgan": "1.10.0",
     "passport": "0.5.2",
     "passport-jwt": "4.0.0",
+    "prerender-node": "3.4.1",
     "swagger-ui-express": "4.3.0"
   },
   "devDependencies": {
-    "@apolitical/eslint-config": "1.0.1",
-    "@apolitical/testing": "1.0.1",
+    "@apolitical/eslint-config": "1.0.2",
+    "@apolitical/testing": "1.0.2",
     "audit-ci": "5.1.2",
     "husky": "7.0.4",
     "jest": "27.4.7",
     "jest-junit": "13.0.0",
-    "lint-staged": "12.2.2",
+    "lint-staged": "12.3.2",
     "mock-jwks": "1.0.1",
     "nock": "13.2.2"
   },
   "engines": {
-    "node": ">=16.13.2"
+    "node": ">=16.13.0"
   },
   "eslintConfig": {
     "extends": "@apolitical/eslint-config/base.config"

package/src/container.js CHANGED Viewed

@@ -17,6 +17,7 @@ const jwtDecode = require('jwt-decode');
 const morgan = require('morgan');
 const passport = require('passport');
 const passportJwt = require('passport-jwt');
+const prerender = require('prerender-node');
 const swaggerUi = require('swagger-ui-express');
 // Internal Modules
 const apoliticalLogger = require('@apolitical/logger');
@@ -65,6 +66,7 @@ container.register({
   morgan: asValue(morgan),
   passport: asValue(passport),
   passportJwt: asValue(passportJwt),
+  prerender: asValue(prerender),
   swaggerUi: asValue(swaggerUi),
   // Internal Modules
   apoliticalLogger: asValue(apoliticalLogger),

package/src/loaders/middlewares.loader.js CHANGED Viewed

@@ -1,9 +1,9 @@
 'use strict';
-module.exports = ({ bodyParser: { json, urlencoded }, compression, cors, cookieParser, config, logger }) => {
+module.exports = ({ bodyParser: { json, urlencoded }, compression, cors, cookieParser, prerender, config, logger }) => {
   const { BODY_PARSER_OPTIONS, CORS_OPTIONS } = config.SERVER;
-  return function load(app, { corsOptions }) {
+  return function load(app, { corsOptions, prerenderToken }) {
     const childLogger = logger.where(__filename, 'load');
     childLogger.debug('Started');
     // Load useful middlewares
@@ -12,6 +12,9 @@ module.exports = ({ bodyParser: { json, urlencoded }, compression, cors, cookieP
     app.use(urlencoded(BODY_PARSER_OPTIONS));
     app.use(cors(Object.assign({}, CORS_OPTIONS, corsOptions)));
     app.use(compression());
+    if (prerenderToken) {
+      app.use(prerender.set('prerenderToken', prerenderToken));
+    }
     childLogger.debug('Finished');
   };
 };

package/src/middlewares/authorisation.middleware.js CHANGED Viewed

@@ -8,21 +8,21 @@ module.exports = ({ logger, serverError: { Forbidden }, config }) => {
     return function handler(req, res, next) {
       const childLogger = logger.where(__filename, 'handler');
       childLogger.debug('Started');
-      let isNotMyselfSlug = false;
       let isNotAdmin = false;
-      // Check myself param
-      if (myselfSource) {
-        isNotMyselfSlug = req.params[myselfSource] !== MYSELF_SLUG;
-      }
+      let isNotMyselfSlug = false;
       // Check user role (from JWT)
       if (!allowNonAdmin) {
         isNotAdmin = req.user && req.user.role !== ADMIN_ROLE;
       }
+      // Check myself param
+      if (myselfSource) {
+        isNotMyselfSlug = req.params[myselfSource] !== MYSELF_SLUG;
+      }
       // Check permissions and prevent unauthorised requests
       let unauthorised = false;
-      if (isNotMyselfSlug && myselfSource && isNotAdmin && !allowNonAdmin) {
+      if (!allowNonAdmin && isNotAdmin && isNotMyselfSlug) {
         unauthorised = true;
-      } else if (isNotAdmin && !allowNonAdmin) {
+      } else if (!allowNonAdmin && isNotAdmin && !myselfSource) {
         unauthorised = true;
       }
       if (unauthorised) {