@apolitical/server 2.1.0-beta.1 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -5,9 +5,19 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [2.2.0] - 2022-02-07
|
|
9
|
+
### Changed
|
|
10
|
+
- Pipeline uses `Node-Publish` template
|
|
11
|
+
|
|
12
|
+
## [2.1.1] - 2022-01-31
|
|
13
|
+
### Fixed
|
|
14
|
+
- Authorisation logic
|
|
15
|
+
|
|
8
16
|
## [2.1.0] - 2022-01-21
|
|
9
17
|
### Added
|
|
10
18
|
- Prerender middleware
|
|
19
|
+
### Fixed
|
|
20
|
+
- Node.js version
|
|
11
21
|
|
|
12
22
|
## [2.0.1] - 2022-01-21
|
|
13
23
|
### Added
|
package/README.md
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@apolitical/server",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.2.0",
|
|
4
4
|
"description": "Node.js module to encapsulate Apolitical's express server setup",
|
|
5
5
|
"author": "Apolitical Group Limited <engineering@apolitical.co>",
|
|
6
6
|
"license": "MIT",
|
|
@@ -24,14 +24,14 @@
|
|
|
24
24
|
"Node Modules"
|
|
25
25
|
],
|
|
26
26
|
"dependencies": {
|
|
27
|
-
"@apolitical/logger": "2.0.
|
|
27
|
+
"@apolitical/logger": "2.0.1",
|
|
28
28
|
"@cloudnative/health-connect": "2.1.0",
|
|
29
|
-
"awilix": "6.
|
|
29
|
+
"awilix": "6.1.0",
|
|
30
30
|
"body-parser": "1.19.1",
|
|
31
31
|
"compression": "1.7.4",
|
|
32
32
|
"cookie-parser": "1.4.6",
|
|
33
33
|
"cors": "2.8.5",
|
|
34
|
-
"dotenv": "
|
|
34
|
+
"dotenv": "15.0.0",
|
|
35
35
|
"express": "4.17.2",
|
|
36
36
|
"express-jwt": "6.1.0",
|
|
37
37
|
"http-status-codes": "2.2.0",
|
|
@@ -46,18 +46,18 @@
|
|
|
46
46
|
"swagger-ui-express": "4.3.0"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
|
-
"@apolitical/eslint-config": "1.0.
|
|
50
|
-
"@apolitical/testing": "1.0.
|
|
49
|
+
"@apolitical/eslint-config": "1.0.2",
|
|
50
|
+
"@apolitical/testing": "1.0.2",
|
|
51
51
|
"audit-ci": "5.1.2",
|
|
52
52
|
"husky": "7.0.4",
|
|
53
53
|
"jest": "27.4.7",
|
|
54
54
|
"jest-junit": "13.0.0",
|
|
55
|
-
"lint-staged": "12.
|
|
55
|
+
"lint-staged": "12.3.2",
|
|
56
56
|
"mock-jwks": "1.0.1",
|
|
57
57
|
"nock": "13.2.2"
|
|
58
58
|
},
|
|
59
59
|
"engines": {
|
|
60
|
-
"node": ">=16.13.
|
|
60
|
+
"node": ">=16.13.0"
|
|
61
61
|
},
|
|
62
62
|
"eslintConfig": {
|
|
63
63
|
"extends": "@apolitical/eslint-config/base.config"
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
module.exports = ({ bodyParser: { json, urlencoded }, compression, cors, cookieParser, config, logger }) => {
|
|
3
|
+
module.exports = ({ bodyParser: { json, urlencoded }, compression, cors, cookieParser, prerender, config, logger }) => {
|
|
4
4
|
const { BODY_PARSER_OPTIONS, CORS_OPTIONS } = config.SERVER;
|
|
5
5
|
|
|
6
|
-
return function load(app, { corsOptions }) {
|
|
6
|
+
return function load(app, { corsOptions, prerenderToken }) {
|
|
7
7
|
const childLogger = logger.where(__filename, 'load');
|
|
8
8
|
childLogger.debug('Started');
|
|
9
9
|
// Load useful middlewares
|
|
@@ -12,6 +12,9 @@ module.exports = ({ bodyParser: { json, urlencoded }, compression, cors, cookieP
|
|
|
12
12
|
app.use(urlencoded(BODY_PARSER_OPTIONS));
|
|
13
13
|
app.use(cors(Object.assign({}, CORS_OPTIONS, corsOptions)));
|
|
14
14
|
app.use(compression());
|
|
15
|
+
if (prerenderToken) {
|
|
16
|
+
app.use(prerender.set('prerenderToken', prerenderToken));
|
|
17
|
+
}
|
|
15
18
|
childLogger.debug('Finished');
|
|
16
19
|
};
|
|
17
20
|
};
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
module.exports = ({ express,
|
|
3
|
+
module.exports = ({ express, logger }) => {
|
|
4
4
|
return function load(app, { staticFiles: { baseUrl, folderPath, indexFilePath } }) {
|
|
5
5
|
const childLogger = logger.where(__filename, 'load');
|
|
6
6
|
childLogger.debug('Started');
|
|
7
|
-
// Use prerendering middleware
|
|
8
|
-
app.use(prerender);
|
|
9
7
|
// Use Express built-in middleware
|
|
10
8
|
app.use(baseUrl, express.static(folderPath));
|
|
11
9
|
// Load static endpoint
|
|
@@ -8,21 +8,21 @@ module.exports = ({ logger, serverError: { Forbidden }, config }) => {
|
|
|
8
8
|
return function handler(req, res, next) {
|
|
9
9
|
const childLogger = logger.where(__filename, 'handler');
|
|
10
10
|
childLogger.debug('Started');
|
|
11
|
-
let isNotMyselfSlug = false;
|
|
12
11
|
let isNotAdmin = false;
|
|
13
|
-
|
|
14
|
-
if (myselfSource) {
|
|
15
|
-
isNotMyselfSlug = req.params[myselfSource] !== MYSELF_SLUG;
|
|
16
|
-
}
|
|
12
|
+
let isNotMyselfSlug = false;
|
|
17
13
|
// Check user role (from JWT)
|
|
18
14
|
if (!allowNonAdmin) {
|
|
19
15
|
isNotAdmin = req.user && req.user.role !== ADMIN_ROLE;
|
|
20
16
|
}
|
|
17
|
+
// Check myself param
|
|
18
|
+
if (myselfSource) {
|
|
19
|
+
isNotMyselfSlug = req.params[myselfSource] !== MYSELF_SLUG;
|
|
20
|
+
}
|
|
21
21
|
// Check permissions and prevent unauthorised requests
|
|
22
22
|
let unauthorised = false;
|
|
23
|
-
if (
|
|
23
|
+
if (!allowNonAdmin && isNotAdmin && isNotMyselfSlug) {
|
|
24
24
|
unauthorised = true;
|
|
25
|
-
} else if (isNotAdmin && !
|
|
25
|
+
} else if (!allowNonAdmin && isNotAdmin && !myselfSource) {
|
|
26
26
|
unauthorised = true;
|
|
27
27
|
}
|
|
28
28
|
if (unauthorised) {
|