@apolitical/server 2.3.3-rc.test.1 → 2.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/CHANGELOG.md +10 -0
  2. package/package.json +1 -1
  3. package/src/config.js +1 -1
  4. package/src/container.js +2 -0
  5. package/src/helpers/logger.helper.js +35 -0
  6. package/src/loaders/logger.loader.js +6 -26
  7. package/src/middlewares/authorisation.middleware.js +3 -1
  8. package/src/middlewares/error.middleware.js +9 -6
package/CHANGELOG.md CHANGED
@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [2.4.1] - 2022-03-02
9
+ ### Changed
10
+ - Update authorisation middleware to include authentication check in cases where we would like to protect endpoints
11
+
12
+ ## [2.4.0] - 2022-02-22
13
+ ### Added
14
+ - User slug to error logs as metadata
15
+ ### Changed
16
+ - Transition to new logger middleware format
17
+
8
18
  ## [2.3.3] - 2022-02-21
9
19
  ### Changed
10
20
  - maging sure index.html is not considered as a static asset by the middleware loader
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@apolitical/server",
3
- "version": "2.3.3-rc.test.1",
3
+ "version": "2.4.1",
4
4
  "description": "Node.js module to encapsulate Apolitical's express server setup",
5
5
  "author": "Apolitical Group Limited <engineering@apolitical.co>",
6
6
  "license": "MIT",
package/src/config.js CHANGED
@@ -3,7 +3,7 @@
3
3
  const { NODE_ENV, LOG_LEVEL } = process.env;
4
4
 
5
5
  const NAME = 'apolitical-server';
6
- const VERSION = 'v2.0.0';
6
+ const VERSION = '2.4.1';
7
7
  const ADMIN_ROLE = 'administrator';
8
8
 
9
9
  module.exports = {
package/src/container.js CHANGED
@@ -31,6 +31,7 @@ const serverError = require('./errors/server.error');
31
31
  const jwtDecodeHelper = require('./helpers/jwt/decode.helper');
32
32
  const jwtEncodeHelper = require('./helpers/jwt/encode.helper');
33
33
  const jwtPassportHelper = require('./helpers/jwt/passport.helper');
34
+ const loggerHelper = require('./helpers/logger.helper');
34
35
  // Loaders
35
36
  const documentationLoader = require('./loaders/documentation.loader');
36
37
  const loggerLoader = require('./loaders/logger.loader');
@@ -80,6 +81,7 @@ container.register({
80
81
  jwtDecodeHelper: asFunction(jwtDecodeHelper).singleton(),
81
82
  jwtEncodeHelper: asFunction(jwtEncodeHelper).singleton(),
82
83
  jwtPassportHelper: asFunction(jwtPassportHelper).singleton(),
84
+ loggerHelper: asFunction(loggerHelper).singleton(),
83
85
  // Loaders
84
86
  documentationLoader: asFunction(documentationLoader).singleton(),
85
87
  loggerLoader: asFunction(loggerLoader).singleton(),
package/src/helpers/logger.helper.js ADDED
@@ -0,0 +1,35 @@
1
+ 'use strict';
2
+
3
+ module.exports = ({ morgan, config, logger }) => {
4
+ const {
5
+ LOGGED_OUT_SLUG,
6
+ TOKENS: { USER_SLUG },
7
+ } = config.SERVER.MORGAN_OPTIONS;
8
+
9
+ function getUserSlug(req) {
10
+ return req.user && req.user.slug ? req.user.slug : LOGGED_OUT_SLUG;
11
+ }
12
+
13
+ function buildCustomFormat(tokens, req, res) {
14
+ return [
15
+ tokens.method(req, res),
16
+ tokens.url(req, res),
17
+ tokens.status(req, res),
18
+ tokens[USER_SLUG](req),
19
+ tokens['response-time'](req, res),
20
+ 'ms',
21
+ ].join(' ');
22
+ }
23
+
24
+ function buildMiddleware(labels) {
25
+ const childLogger = logger.where(__filename, 'load');
26
+ childLogger.debug('Started');
27
+ // Setup Morgan with custom format and Apolitical Logger stream
28
+ morgan.token(USER_SLUG, getUserSlug);
29
+ const morganMiddleware = morgan(buildCustomFormat, logger.where(__filename, 'morganMiddleware', labels));
30
+ childLogger.debug('Finished');
31
+ return morganMiddleware;
32
+ }
33
+
34
+ return { getUserSlug, buildMiddleware };
35
+ };
package/src/loaders/logger.loader.js CHANGED
@@ -1,39 +1,19 @@
1
1
  'use strict';
2
2
 
3
- module.exports = ({ apoliticalLogger, morgan, config, logger }) => {
4
- const {
5
- LOGGED_OUT_SLUG,
6
- TOKENS: { USER_SLUG },
7
- } = config.SERVER.MORGAN_OPTIONS;
8
-
9
- function getUserSlug(req) {
10
- return req.user && req.user.slug ? req.user.slug : LOGGED_OUT_SLUG;
11
- }
12
-
13
- function buildCustomFormat(tokens, req, res) {
14
- return [
15
- tokens.method(req, res),
16
- tokens.url(req, res),
17
- tokens.status(req, res),
18
- tokens[USER_SLUG](req),
19
- tokens['response-time'](req, res),
20
- 'ms',
21
- ].join(' ');
22
- }
23
-
3
+ module.exports = ({ apoliticalLogger, config, logger, loggerHelper }) => {
24
4
  return async function load(app, { labels }) {
25
5
  const childLogger = logger.where(__filename, 'load');
26
6
  childLogger.debug('Started');
27
- // Setup Morgan with custom format and Apolitical Logger stream
28
- morgan.token(USER_SLUG, getUserSlug);
29
- const morganMiddleware = morgan(buildCustomFormat, logger.where(__filename, 'morganMiddleware', labels));
30
- app.use(morganMiddleware);
31
- // Setup Google Cloud with Apolitical Logger
32
7
  if (config.NODE_ENV === 'production') {
8
+ // Setup Google Cloud with Apolitical Logger
33
9
  const winstonMiddleware = await apoliticalLogger.loggerMiddleware(
34
10
  logger.where(__filename, 'winstonMiddleware', labels),
35
11
  );
36
12
  app.use(winstonMiddleware);
13
+ } else {
14
+ // Setup Morgan with custom format and Apolitical Logger stream
15
+ const morganMiddleware = loggerHelper.buildMiddleware(labels);
16
+ app.use(morganMiddleware);
37
17
  }
38
18
  childLogger.debug('Finished');
39
19
  };
package/src/middlewares/authorisation.middleware.js CHANGED
@@ -20,7 +20,9 @@ module.exports = ({ logger, serverError: { Forbidden }, config }) => {
20
20
  }
21
21
  // Check permissions and prevent unauthorised requests
22
22
  let unauthorised = false;
23
- if (!allowNonAdmin && isNotAdmin && isNotMyselfSlug) {
23
+ if (!allowNonAdmin && !req.user) {
24
+ unauthorised = true;
25
+ } else if (!allowNonAdmin && isNotAdmin && isNotMyselfSlug) {
24
26
  unauthorised = true;
25
27
  } else if (!allowNonAdmin && isNotAdmin && !myselfSource) {
26
28
  unauthorised = true;
package/src/middlewares/error.middleware.js CHANGED
@@ -7,12 +7,10 @@ module.exports =
7
7
  JWT: { AUTH0 },
8
8
  },
9
9
  logger,
10
+ loggerHelper: { getUserSlug },
10
11
  serverError: { GeneralError },
11
12
  }) =>
12
13
  ({ labels, redirectURL, fallbackController }) => {
13
- // Apolitical Logger (with service metadata)
14
- const errorLogger = logger.where(__filename, 'errorMiddleware', labels);
15
-
16
14
  // eslint-disable-next-line no-unused-vars
17
15
  return function handler(err, req, res, next) {
18
16
  const childLogger = logger.where(__filename, 'handler');
@@ -38,21 +36,26 @@ module.exports =
38
36
  errors = ['unknown-error'];
39
37
  }
40
38
  }
39
+ // Log the error with all the relevent info
40
+ const userSlug = getUserSlug(req);
41
41
  if (req.log) {
42
- req.log.warn(message, { errors });
42
+ req.log.warn(message, { errors, userSlug });
43
43
  } else {
44
- errorLogger.warn(message, { errors });
44
+ const errorLogger = logger.where(__filename, 'handler', labels);
45
+ errorLogger.warn(message, { errors, userSlug });
45
46
  }
46
-
47
+ // Use the redirect URL to redirect the request
47
48
  if (redirectURL) {
48
49
  return res.redirect(TEMPORARY_REDIRECT, `${redirectURL}?errorMessage=${encodeURI(message)}`);
49
50
  }
51
+ // Use the fallback controller to handle the response
50
52
  if (fallbackController) {
51
53
  // more known error messages can be added here
52
54
  if (message === 'Unexpected error: Cannot read items') {
53
55
  return fallbackController(req, res);
54
56
  }
55
57
  }
58
+ // Use the info on the error to send the response
56
59
  return res.status(code).json({ message, errors });
57
60
  };
58
61
  };