npm - @autofleet/zehut - Versions diffs - 1.4.12 → 1.5.0 - Mend

@autofleet/zehut 1.4.12 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/user/index.js CHANGED Viewed

@@ -13,6 +13,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getDecodedBearer = exports.eagerLoadPermissionsMiddleware = exports.middlewareWithDecode = exports.middleware = void 0;
+const jsonwebtoken_1 = require("jsonwebtoken");
 const ApiUser_1 = __importDefault(require("./ApiUser"));
 const utils_1 = require("../utils");
 const tracer_1 = require("../tracer");
@@ -39,8 +40,32 @@ exports.middleware = (options = {}) => (req, res, next) => __awaiter(void 0, voi
 exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
     var _a;
     const trace = tracer_1.newTrace('userPayload');
+    let decoded;
     if (req.headers.authorization) {
-        const decoded = utils_1.decodeBearer(req.headers.authorization);
+        try {
+            decoded = utils_1.decodeBearer(req.headers.authorization);
+        }
+        catch (e) {
+            if (e instanceof jsonwebtoken_1.TokenExpiredError) {
+                res.status(401);
+                res.json({
+                    errors: ['Access token expired'],
+                });
+            }
+            else if (e instanceof jsonwebtoken_1.JsonWebTokenError) {
+                res.status(400);
+                res.json({
+                    errors: [e.message],
+                });
+            }
+            else {
+                res.status(500);
+                res.json({
+                    errors: ['Server error while parsing token'],
+                });
+            }
+            return;
+        }
         const userId = (_a = decoded === null || decoded === void 0 ? void 0 : decoded.user) === null || _a === void 0 ? void 0 : _a.id;
         if (userId) {
             req.headers['X-AF-USER-ID'] = userId;

package/lib/utils.js CHANGED Viewed

@@ -31,7 +31,7 @@ const CONTEXT_MAP_PROPS = {
 exports.getAuthFromBearer = (bearer) => bearer.replace('Bearer ', '');
 exports.decodeBearer = (bearer) => {
     const token = bearer.replace('Bearer ', '');
-    const decoded = jwt.decode(token);
+    const decoded = jwt.verify(token);
     return decoded;
 };
 exports.parsePermissions = (contextId, decodedToken) => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@autofleet/zehut",
-  "version": "1.4.12",
+  "version": "1.5.0",
   "description": "manage user's identity",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",