@autofleet/zehut 1.7.6-beta.1 → 1.8.0-beta10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/check-permission.d.ts +3 -2
- package/lib/check-permission.js +8 -8
- package/lib/index.d.ts +8 -3
- package/lib/index.js +7 -2
- package/lib/user/ApiUser.d.ts +13 -1
- package/lib/user/ApiUser.js +27 -2
- package/lib/user/api-user-flows.test.d.ts +1 -0
- package/lib/user/api-user-flows.test.js +87 -0
- package/lib/user/index.d.ts +2 -0
- package/lib/user/index.js +28 -16
- package/package.json +9 -7
- package/lib/app-auth.d.ts +0 -2
- package/lib/app-auth.js +0 -27
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
|
|
2
|
-
export declare const
|
|
1
|
+
import ApiUser from './user/ApiUser';
|
|
2
|
+
export declare const getUser: () => ApiUser | undefined;
|
|
3
|
+
export declare const isUserExist: () => string;
|
|
3
4
|
export declare const checkFleetPermission: (fleetId: any) => boolean;
|
|
4
5
|
export declare const checkBusinessModelPermission: (businessModelId: any) => boolean;
|
|
5
6
|
export declare const checkDemandSourcePermission: (demandSourceId: any) => boolean;
|
package/lib/check-permission.js
CHANGED
|
@@ -2,28 +2,28 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.checkDemandSourcePermission = exports.checkBusinessModelPermission = exports.checkFleetPermission = exports.isUserExist = exports.getUser = void 0;
|
|
4
4
|
const tracer_1 = require("./tracer");
|
|
5
|
-
exports.getUser = () => { var _a, _b; return (_b = (_a = tracer_1.getCurrentTrace()) === null || _a === void 0 ? void 0 : _a.context) === null || _b === void 0 ? void 0 : _b.
|
|
6
|
-
exports.isUserExist = () =>
|
|
5
|
+
exports.getUser = () => { var _a, _b; return (_b = (_a = tracer_1.getCurrentTrace()) === null || _a === void 0 ? void 0 : _a.context) === null || _b === void 0 ? void 0 : _b.get('userObject'); };
|
|
6
|
+
exports.isUserExist = () => {
|
|
7
|
+
const u = exports.getUser();
|
|
8
|
+
return u && u.id;
|
|
9
|
+
};
|
|
7
10
|
exports.checkFleetPermission = (fleetId) => {
|
|
8
11
|
if (exports.isUserExist()) {
|
|
9
|
-
const
|
|
10
|
-
const user = context === null || context === void 0 ? void 0 : context.get('userObject');
|
|
12
|
+
const user = exports.getUser();
|
|
11
13
|
return !user || Object.keys(user.permissions.fleets).includes(fleetId);
|
|
12
14
|
}
|
|
13
15
|
return true;
|
|
14
16
|
};
|
|
15
17
|
exports.checkBusinessModelPermission = (businessModelId) => {
|
|
16
18
|
if (exports.isUserExist()) {
|
|
17
|
-
const
|
|
18
|
-
const user = context === null || context === void 0 ? void 0 : context.get('userObject');
|
|
19
|
+
const user = exports.getUser();
|
|
19
20
|
return !user || Object.keys(user.permissions.businessModels).includes(businessModelId);
|
|
20
21
|
}
|
|
21
22
|
return true;
|
|
22
23
|
};
|
|
23
24
|
exports.checkDemandSourcePermission = (demandSourceId) => {
|
|
24
25
|
if (exports.isUserExist()) {
|
|
25
|
-
const
|
|
26
|
-
const user = context === null || context === void 0 ? void 0 : context.get('userObject');
|
|
26
|
+
const user = exports.getUser();
|
|
27
27
|
return !user || Object.keys(user.permissions.demandSources).includes(demandSourceId);
|
|
28
28
|
}
|
|
29
29
|
return true;
|
package/lib/index.d.ts
CHANGED
|
@@ -3,7 +3,10 @@ import { checkFleetPermission, checkBusinessModelPermission, checkDemandSourcePe
|
|
|
3
3
|
import { UnauthorizedAccessError } from './errors';
|
|
4
4
|
import { getRefreshTokenSecret, getTokenSecret } from './secret-getter';
|
|
5
5
|
declare const getCurrentPayload: () => any;
|
|
6
|
-
|
|
6
|
+
declare const enableTracing: ({ outbreakOptions }?: {
|
|
7
|
+
outbreakOptions?: {};
|
|
8
|
+
}) => void;
|
|
9
|
+
export { enableTracing, User, middleware, middlewareWithDecode, eagerLoadPermissionsMiddleware, getCurrentPayload, getDecodedBearer, checkFleetPermission, checkBusinessModelPermission, checkDemandSourcePermission, isUserExist, getUser, getRefreshTokenSecret, getTokenSecret, UnauthorizedAccessError, appMiddleware, };
|
|
7
10
|
declare const _default: {
|
|
8
11
|
User: typeof User;
|
|
9
12
|
middleware: (options?: {
|
|
@@ -22,11 +25,13 @@ declare const _default: {
|
|
|
22
25
|
checkFleetPermission: (fleetId: any) => boolean;
|
|
23
26
|
checkBusinessModelPermission: (businessModelId: any) => boolean;
|
|
24
27
|
checkDemandSourcePermission: (demandSourceId: any) => boolean;
|
|
25
|
-
isUserExist: () =>
|
|
26
|
-
getUser: () =>
|
|
28
|
+
isUserExist: () => string;
|
|
29
|
+
getUser: () => User;
|
|
27
30
|
UnauthorizedAccessError: typeof UnauthorizedAccessError;
|
|
28
31
|
appMiddleware: (options: {
|
|
29
32
|
appId: string;
|
|
33
|
+
clientSecret: string;
|
|
34
|
+
appSecret: string;
|
|
30
35
|
}) => (req: any, res: any, next: any) => Promise<void>;
|
|
31
36
|
};
|
|
32
37
|
export default _default;
|
package/lib/index.js
CHANGED
|
@@ -19,7 +19,8 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
19
19
|
return result;
|
|
20
20
|
};
|
|
21
21
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
22
|
-
exports.appMiddleware = exports.UnauthorizedAccessError = exports.getTokenSecret = exports.getRefreshTokenSecret = exports.getUser = exports.isUserExist = exports.checkDemandSourcePermission = exports.checkBusinessModelPermission = exports.checkFleetPermission = exports.getDecodedBearer = exports.getCurrentPayload = exports.eagerLoadPermissionsMiddleware = exports.middlewareWithDecode = exports.middleware = exports.User = void 0;
|
|
22
|
+
exports.appMiddleware = exports.UnauthorizedAccessError = exports.getTokenSecret = exports.getRefreshTokenSecret = exports.getUser = exports.isUserExist = exports.checkDemandSourcePermission = exports.checkBusinessModelPermission = exports.checkFleetPermission = exports.getDecodedBearer = exports.getCurrentPayload = exports.eagerLoadPermissionsMiddleware = exports.middlewareWithDecode = exports.middleware = exports.User = exports.enableTracing = void 0;
|
|
23
|
+
const outbreak_1 = require("@autofleet/outbreak");
|
|
23
24
|
const user_1 = __importStar(require("./user"));
|
|
24
25
|
exports.User = user_1.default;
|
|
25
26
|
Object.defineProperty(exports, "middleware", { enumerable: true, get: function () { return user_1.middleware; } });
|
|
@@ -39,9 +40,13 @@ Object.defineProperty(exports, "UnauthorizedAccessError", { enumerable: true, ge
|
|
|
39
40
|
const secret_getter_1 = require("./secret-getter");
|
|
40
41
|
Object.defineProperty(exports, "getRefreshTokenSecret", { enumerable: true, get: function () { return secret_getter_1.getRefreshTokenSecret; } });
|
|
41
42
|
Object.defineProperty(exports, "getTokenSecret", { enumerable: true, get: function () { return secret_getter_1.getTokenSecret; } });
|
|
42
|
-
tracer_1.enable();
|
|
43
43
|
const getCurrentPayload = tracer_1.getCurrentTrace;
|
|
44
44
|
exports.getCurrentPayload = getCurrentPayload;
|
|
45
|
+
const enableTracing = ({ outbreakOptions = {} } = {}) => {
|
|
46
|
+
outbreak_1.headersTracer(Object.assign({ headersPrefix: 'x-af' }, outbreakOptions));
|
|
47
|
+
tracer_1.enable();
|
|
48
|
+
};
|
|
49
|
+
exports.enableTracing = enableTracing;
|
|
45
50
|
exports.default = {
|
|
46
51
|
User: user_1.default,
|
|
47
52
|
middleware: user_1.middleware,
|
package/lib/user/ApiUser.d.ts
CHANGED
|
@@ -2,6 +2,7 @@ declare type AccountType = 'client' | 'user' | 'service';
|
|
|
2
2
|
interface EntityPermissions {
|
|
3
3
|
[key: string]: string[];
|
|
4
4
|
}
|
|
5
|
+
export declare const ELEVATED_PERMISSIONS_HEADER = "x-af-elevated-permissions";
|
|
5
6
|
export interface UserPayload {
|
|
6
7
|
businessModels: EntityPermissions;
|
|
7
8
|
fleets: EntityPermissions;
|
|
@@ -9,17 +10,27 @@ export interface UserPayload {
|
|
|
9
10
|
contexts?: EntityPermissions;
|
|
10
11
|
createdAt?: string;
|
|
11
12
|
}
|
|
13
|
+
export interface PartialUserPayload {
|
|
14
|
+
businessModels?: EntityPermissions;
|
|
15
|
+
fleets?: EntityPermissions;
|
|
16
|
+
demandSources?: EntityPermissions;
|
|
17
|
+
vehicles?: EntityPermissions;
|
|
18
|
+
drivers?: EntityPermissions;
|
|
19
|
+
}
|
|
12
20
|
export declare type CustomPermissionLoader = (string: any) => Promise<UserPayload>;
|
|
13
21
|
export default class ApiUser {
|
|
14
22
|
id: string | undefined;
|
|
15
23
|
privatePermissions: UserPayload | undefined;
|
|
24
|
+
privateElevatedPermissions: PartialUserPayload | undefined;
|
|
16
25
|
privatePermissionsLegacy: any;
|
|
17
26
|
appPermission: {
|
|
18
27
|
[key: string]: any;
|
|
19
28
|
};
|
|
20
29
|
emptyUser: boolean;
|
|
21
30
|
accountType: AccountType | undefined;
|
|
22
|
-
|
|
31
|
+
elevationCallsCounter: number;
|
|
32
|
+
elevationInitialState: PartialUserPayload | undefined;
|
|
33
|
+
constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload);
|
|
23
34
|
getUserPermissions(): Promise<UserPayload>;
|
|
24
35
|
useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload>;
|
|
25
36
|
get businessModels(): string[] | undefined;
|
|
@@ -27,6 +38,7 @@ export default class ApiUser {
|
|
|
27
38
|
get demandSources(): string[] | undefined;
|
|
28
39
|
getUserProperty(key: any): string[] | undefined;
|
|
29
40
|
get permissions(): UserPayload | undefined;
|
|
41
|
+
elevatePermissions(addedPermissions: PartialUserPayload): () => void;
|
|
30
42
|
getUserPermissionsLegacy(): Promise<any>;
|
|
31
43
|
get permissionsLegacy(): any;
|
|
32
44
|
getUserAppPermissions(appId: any, clientSecret: any): Promise<any>;
|
package/lib/user/ApiUser.js
CHANGED
|
@@ -12,15 +12,21 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
12
12
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.ELEVATED_PERMISSIONS_HEADER = void 0;
|
|
15
16
|
/* eslint-disable consistent-return */
|
|
16
17
|
const node_cache_1 = __importDefault(require("node-cache"));
|
|
18
|
+
const outbreak_1 = require("@autofleet/outbreak");
|
|
17
19
|
const services_1 = require("../services");
|
|
20
|
+
exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
|
|
18
21
|
const userCache = new node_cache_1.default({ stdTTL: 10 });
|
|
19
22
|
class ApiUser {
|
|
20
|
-
constructor(id, accountType) {
|
|
23
|
+
constructor(id, accountType, elevatedPermissions) {
|
|
21
24
|
this.id = id;
|
|
22
25
|
this.emptyUser = !!id;
|
|
23
26
|
this.appPermission = {};
|
|
27
|
+
this.elevationCallsCounter = 0;
|
|
28
|
+
this.privateElevatedPermissions = elevatedPermissions;
|
|
29
|
+
this.elevationInitialState = elevatedPermissions;
|
|
24
30
|
if (accountType) {
|
|
25
31
|
this.accountType = accountType;
|
|
26
32
|
}
|
|
@@ -77,7 +83,26 @@ class ApiUser {
|
|
|
77
83
|
if (!this.privatePermissions) {
|
|
78
84
|
throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
|
|
79
85
|
}
|
|
80
|
-
return this.privatePermissions;
|
|
86
|
+
return Object.assign(Object.assign({}, this.privatePermissions), this.privateElevatedPermissions);
|
|
87
|
+
}
|
|
88
|
+
elevatePermissions(addedPermissions) {
|
|
89
|
+
if (this.elevationCallsCounter > 1) {
|
|
90
|
+
throw new Error('Maximum one elvation call in parallel is allowed');
|
|
91
|
+
}
|
|
92
|
+
const currentUserTrace = outbreak_1.getCurrentTrace();
|
|
93
|
+
if (!currentUserTrace) {
|
|
94
|
+
throw new Error('Cannot find current user cross services trace');
|
|
95
|
+
}
|
|
96
|
+
const currentElevation = JSON.parse(currentUserTrace.context[exports.ELEVATED_PERMISSIONS_HEADER] || '{}');
|
|
97
|
+
this.elevationInitialState = currentElevation;
|
|
98
|
+
const newElevation = Object.assign(currentElevation, addedPermissions);
|
|
99
|
+
this.privateElevatedPermissions = newElevation;
|
|
100
|
+
currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(newElevation));
|
|
101
|
+
this.elevationCallsCounter += 1;
|
|
102
|
+
return () => {
|
|
103
|
+
this.elevationCallsCounter -= 1;
|
|
104
|
+
this.privateElevatedPermissions = this.elevationInitialState;
|
|
105
|
+
};
|
|
81
106
|
}
|
|
82
107
|
getUserPermissionsLegacy() {
|
|
83
108
|
return __awaiter(this, void 0, void 0, function* () {
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
const uuid_1 = require("uuid");
|
|
16
|
+
const express_1 = __importDefault(require("express"));
|
|
17
|
+
const axios_1 = __importDefault(require("axios"));
|
|
18
|
+
const index_1 = require("../index");
|
|
19
|
+
const index_2 = require("./index");
|
|
20
|
+
const generateApp = (addEndpoints, port) => __awaiter(void 0, void 0, void 0, function* () {
|
|
21
|
+
const app = express_1.default();
|
|
22
|
+
addEndpoints(app);
|
|
23
|
+
const server = yield new Promise((resolve) => {
|
|
24
|
+
const s = app.listen(port, () => {
|
|
25
|
+
console.log('Listen on port', port);
|
|
26
|
+
resolve(s);
|
|
27
|
+
});
|
|
28
|
+
});
|
|
29
|
+
return () => server.close();
|
|
30
|
+
});
|
|
31
|
+
describe('E2E', () => {
|
|
32
|
+
it('Basic functionality', () => __awaiter(void 0, void 0, void 0, function* () {
|
|
33
|
+
let server2TraceId = null;
|
|
34
|
+
index_1.enableTracing({
|
|
35
|
+
outbreakOptions: {
|
|
36
|
+
headersPrefix: 'x-af-',
|
|
37
|
+
},
|
|
38
|
+
});
|
|
39
|
+
const closeServer1 = yield generateApp((app) => {
|
|
40
|
+
app.use(index_2.middleware());
|
|
41
|
+
app.get('/', (req, res) => __awaiter(void 0, void 0, void 0, function* () {
|
|
42
|
+
const user = index_1.getUser();
|
|
43
|
+
const closeElevation = user.elevatePermissions({
|
|
44
|
+
businessModels: {
|
|
45
|
+
[uuid_1.v4()]: ['vehicle:write'],
|
|
46
|
+
},
|
|
47
|
+
});
|
|
48
|
+
const { data: res1 } = yield axios_1.default.post('http://localhost:8082');
|
|
49
|
+
closeElevation();
|
|
50
|
+
res.json(res1);
|
|
51
|
+
}));
|
|
52
|
+
}, 8081);
|
|
53
|
+
let server2NumberOfPermissions = 0;
|
|
54
|
+
const closeServer2 = yield generateApp((app) => {
|
|
55
|
+
app.use(index_2.middleware());
|
|
56
|
+
app.post('/', (req, res) => {
|
|
57
|
+
const user = index_1.getUser();
|
|
58
|
+
user.privatePermissions = {
|
|
59
|
+
businessModels: {},
|
|
60
|
+
fleets: {},
|
|
61
|
+
demandSources: {},
|
|
62
|
+
};
|
|
63
|
+
server2NumberOfPermissions = Object.keys(user.permissions.businessModels).length;
|
|
64
|
+
server2TraceId = req.headers['x-trace-id'];
|
|
65
|
+
res.json({
|
|
66
|
+
value: req.headers['x-af-header'],
|
|
67
|
+
wkanda: req.headers['x-af-id'],
|
|
68
|
+
addedPermissions: req.headers['x-af-elevated-permissions'],
|
|
69
|
+
});
|
|
70
|
+
});
|
|
71
|
+
}, 8082);
|
|
72
|
+
const { data: res1, headers } = yield axios_1.default.get('http://localhost:8081', {
|
|
73
|
+
headers: {
|
|
74
|
+
'x-af-header': 'testHeader',
|
|
75
|
+
'x-af-id': 'my-wakanda-id',
|
|
76
|
+
'x-af-user-id': uuid_1.v4(),
|
|
77
|
+
},
|
|
78
|
+
});
|
|
79
|
+
closeServer1();
|
|
80
|
+
closeServer2();
|
|
81
|
+
expect(server2NumberOfPermissions).toEqual(1);
|
|
82
|
+
expect(headers['x-trace-id']).toEqual(server2TraceId);
|
|
83
|
+
expect(res1.value).toEqual('testHeader');
|
|
84
|
+
expect(res1.wkanda).toEqual('my-wakanda-id');
|
|
85
|
+
expect(JSON.parse(res1.addedPermissions).businessModels).toBeDefined();
|
|
86
|
+
}));
|
|
87
|
+
});
|
package/lib/user/index.d.ts
CHANGED
|
@@ -11,6 +11,8 @@ export declare const middlewareWithDecode: (options?: {
|
|
|
11
11
|
}) => (req: any, res: any, next: any) => Promise<void>;
|
|
12
12
|
export declare const appMiddleware: (options: {
|
|
13
13
|
appId: string;
|
|
14
|
+
clientSecret: string;
|
|
15
|
+
appSecret: string;
|
|
14
16
|
}) => (req: any, res: any, next: any) => Promise<void>;
|
|
15
17
|
export declare const eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
|
|
16
18
|
export declare const getDecodedBearer: (req: any) => any;
|
package/lib/user/index.js
CHANGED
|
@@ -1,4 +1,23 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
|
|
5
|
+
}) : (function(o, m, k, k2) {
|
|
6
|
+
if (k2 === undefined) k2 = k;
|
|
7
|
+
o[k2] = m[k];
|
|
8
|
+
}));
|
|
9
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
10
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
11
|
+
}) : function(o, v) {
|
|
12
|
+
o["default"] = v;
|
|
13
|
+
});
|
|
14
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
15
|
+
if (mod && mod.__esModule) return mod;
|
|
16
|
+
var result = {};
|
|
17
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
18
|
+
__setModuleDefault(result, mod);
|
|
19
|
+
return result;
|
|
20
|
+
};
|
|
2
21
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
22
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
23
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
@@ -8,25 +27,23 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
27
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
28
|
});
|
|
10
29
|
};
|
|
11
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
-
};
|
|
14
30
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
31
|
exports.getDecodedBearer = exports.eagerLoadPermissionsMiddleware = exports.appMiddleware = exports.middlewareWithDecode = exports.middleware = void 0;
|
|
16
32
|
const jsonwebtoken_1 = require("jsonwebtoken");
|
|
17
|
-
const ApiUser_1 =
|
|
33
|
+
const ApiUser_1 = __importStar(require("./ApiUser"));
|
|
18
34
|
const utils_1 = require("../utils");
|
|
19
35
|
const tracer_1 = require("../tracer");
|
|
20
|
-
const app_auth_1 = require("../app-auth");
|
|
21
36
|
exports.middleware = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
|
|
22
37
|
const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
|
|
23
38
|
const userId = req.headers['x-af-user-id'];
|
|
24
39
|
const trace = tracer_1.newTrace('userPayload');
|
|
25
40
|
if (!userId) {
|
|
26
|
-
trace.context.set('userObject', {});
|
|
27
41
|
return next();
|
|
28
42
|
}
|
|
29
|
-
const
|
|
43
|
+
const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
|
|
44
|
+
? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
|
|
45
|
+
: {};
|
|
46
|
+
const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader);
|
|
30
47
|
if (eagerLoadUserPermissions) {
|
|
31
48
|
if (customPermissionLoader) {
|
|
32
49
|
yield userObject.useCustomPermissionLoader(customPermissionLoader);
|
|
@@ -51,7 +68,7 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
|
|
|
51
68
|
let decoded;
|
|
52
69
|
if (req.headers.authorization) {
|
|
53
70
|
try {
|
|
54
|
-
decoded =
|
|
71
|
+
decoded = utils_1.decodeBearer(req.headers.authorization);
|
|
55
72
|
}
|
|
56
73
|
catch (e) {
|
|
57
74
|
if (e instanceof jsonwebtoken_1.TokenExpiredError) {
|
|
@@ -97,12 +114,11 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
|
|
|
97
114
|
errors: ['No token provided'],
|
|
98
115
|
});
|
|
99
116
|
}
|
|
100
|
-
trace.context.set('userObject', {});
|
|
101
117
|
// eslint-disable-next-line consistent-return
|
|
102
118
|
return next();
|
|
103
119
|
});
|
|
104
120
|
exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
|
|
105
|
-
const { appId, } = options;
|
|
121
|
+
const { appId, clientSecret, appSecret, } = options;
|
|
106
122
|
const trace = tracer_1.newTrace('userPayload');
|
|
107
123
|
let decoded;
|
|
108
124
|
if (!req.headers.authorization) {
|
|
@@ -112,10 +128,7 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
|
|
|
112
128
|
});
|
|
113
129
|
}
|
|
114
130
|
try {
|
|
115
|
-
decoded =
|
|
116
|
-
if (!decoded) {
|
|
117
|
-
throw new Error('app does not exists');
|
|
118
|
-
}
|
|
131
|
+
decoded = utils_1.decodeBearer(req.headers.authorization, appSecret);
|
|
119
132
|
}
|
|
120
133
|
catch (e) {
|
|
121
134
|
if (e instanceof jsonwebtoken_1.TokenExpiredError) {
|
|
@@ -140,8 +153,7 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
|
|
|
140
153
|
req.headers['X-AF-USER-ID'] = userId;
|
|
141
154
|
}
|
|
142
155
|
const userObject = new ApiUser_1.default(userId);
|
|
143
|
-
if (appId) {
|
|
144
|
-
const clientSecret = yield app_auth_1.getClientSecret(appId);
|
|
156
|
+
if (appId && clientSecret) {
|
|
145
157
|
req.headers['x-autofleet-apps-secret'] = clientSecret;
|
|
146
158
|
// Won't work until we find a better solution for identity ms
|
|
147
159
|
yield userObject.getUserAppPermissions(appId, clientSecret);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@autofleet/zehut",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.8.0-beta10",
|
|
4
4
|
"description": "manage user's identity",
|
|
5
5
|
"main": "lib/index.js",
|
|
6
6
|
"types": "lib/index.d.ts",
|
|
@@ -27,22 +27,24 @@
|
|
|
27
27
|
},
|
|
28
28
|
"homepage": "https://github.com/Autofleet/zehut",
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"@autofleet/network": "^1.2
|
|
31
|
-
"@autofleet/outbreak": "0.0
|
|
30
|
+
"@autofleet/network": "^1.4.2",
|
|
31
|
+
"@autofleet/outbreak": "0.1.0-beta-2",
|
|
32
32
|
"@types/jest": "^22.0.0",
|
|
33
|
+
"axios": "^0.27.2",
|
|
34
|
+
"express": "^4.18.1",
|
|
33
35
|
"jsonwebtoken": "^8.5.1",
|
|
34
36
|
"moment": "^2.29.1",
|
|
35
37
|
"node-cache": "^5.1.2",
|
|
36
38
|
"uuid": "^8.3.2"
|
|
37
39
|
},
|
|
38
40
|
"devDependencies": {
|
|
39
|
-
"typescript": "^3.9.5",
|
|
40
|
-
"jest": "^22.4.4",
|
|
41
|
-
"ts-jest": "^25.4.0",
|
|
42
41
|
"@typescript-eslint/eslint-plugin": "^4.8.1",
|
|
43
42
|
"eslint": "^7.13.0",
|
|
44
43
|
"eslint-config-airbnb-typescript": "^12.0.0",
|
|
45
|
-
"eslint-plugin-import": "^2.22.1"
|
|
44
|
+
"eslint-plugin-import": "^2.22.1",
|
|
45
|
+
"jest": "^22.4.4",
|
|
46
|
+
"ts-jest": "^25.4.0",
|
|
47
|
+
"typescript": "^3.9.5"
|
|
46
48
|
},
|
|
47
49
|
"files": [
|
|
48
50
|
"lib/**/*"
|
package/lib/app-auth.d.ts
DELETED
package/lib/app-auth.js
DELETED
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
-
};
|
|
14
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
-
exports.getClientSecret = exports.decodeAppBearer = void 0;
|
|
16
|
-
const network_1 = __importDefault(require("@autofleet/network"));
|
|
17
|
-
const integrationMsNetwork = new network_1.default({
|
|
18
|
-
serviceName: 'INTEGRATION_MS',
|
|
19
|
-
});
|
|
20
|
-
exports.decodeAppBearer = (bearer, appId) => __awaiter(void 0, void 0, void 0, function* () {
|
|
21
|
-
const { data: decoded } = yield integrationMsNetwork.post('/api/v1/auth', { bearer, appId });
|
|
22
|
-
return decoded;
|
|
23
|
-
});
|
|
24
|
-
exports.getClientSecret = (appId) => __awaiter(void 0, void 0, void 0, function* () {
|
|
25
|
-
const { data: secret } = yield integrationMsNetwork.get(`/api/v1/auth/client-secret/${appId}`);
|
|
26
|
-
return secret;
|
|
27
|
-
});
|