@autofleet/zehut 1.8.3 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +4 -0
  2. package/lib/app-auth.d.ts +2 -0
  3. package/lib/app-auth.js +21 -0
  4. package/lib/exceptions/appDoesNotExist.d.ts +3 -0
  5. package/lib/exceptions/appDoesNotExist.js +5 -0
  6. package/lib/index.d.ts +0 -1
  7. package/lib/user/index.d.ts +0 -1
  8. package/lib/user/index.js +20 -5
  9. package/package.json +1 -1
package/README.md CHANGED
@@ -70,4 +70,8 @@ and run
70
70
  ```
71
71
  npm publish
72
72
  ```
73
+
74
+ # Environment Variables
75
+
76
+ when using this package locally or outside autofleet-prod project you must set INTEGRATION_MS_SERVICE_HOST in .env file
73
77
  # zehut
package/lib/app-auth.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export declare const decodeAppBearer: (bearer: string, appId: string) => Promise<any>;
2
+ export declare const getClientSecret: (appId: string) => Promise<any>;
package/lib/app-auth.js ADDED
@@ -0,0 +1,21 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.getClientSecret = exports.decodeAppBearer = void 0;
13
+ const services_1 = require("./services");
14
+ exports.decodeAppBearer = (bearer, appId) => __awaiter(void 0, void 0, void 0, function* () {
15
+ const { data: decoded } = yield services_1.AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });
16
+ return decoded;
17
+ });
18
+ exports.getClientSecret = (appId) => __awaiter(void 0, void 0, void 0, function* () {
19
+ const { data: secret } = yield services_1.AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);
20
+ return secret;
21
+ });
package/lib/exceptions/appDoesNotExist.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ export default class AppDoesNotExist extends Error {
2
+ mesaage: 'app does not exist';
3
+ }
package/lib/exceptions/appDoesNotExist.js ADDED
@@ -0,0 +1,5 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ class AppDoesNotExist extends Error {
4
+ }
5
+ exports.default = AppDoesNotExist;
package/lib/index.d.ts CHANGED
@@ -31,7 +31,6 @@ declare const _default: {
31
31
  appMiddleware: (options: {
32
32
  appId: string;
33
33
  clientSecret: string;
34
- appSecret: string;
35
34
  }) => (req: any, res: any, next: any) => Promise<void>;
36
35
  };
37
36
  export default _default;
package/lib/user/index.d.ts CHANGED
@@ -12,7 +12,6 @@ export declare const middlewareWithDecode: (options?: {
12
12
  export declare const appMiddleware: (options: {
13
13
  appId: string;
14
14
  clientSecret: string;
15
- appSecret: string;
16
15
  }) => (req: any, res: any, next: any) => Promise<void>;
17
16
  export declare const eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
18
17
  export declare const getDecodedBearer: (req: any) => any;
package/lib/user/index.js CHANGED
@@ -27,12 +27,17 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
27
27
  step((generator = generator.apply(thisArg, _arguments || [])).next());
28
28
  });
29
29
  };
30
+ var __importDefault = (this && this.__importDefault) || function (mod) {
31
+ return (mod && mod.__esModule) ? mod : { "default": mod };
32
+ };
30
33
  Object.defineProperty(exports, "__esModule", { value: true });
31
34
  exports.getDecodedBearer = exports.eagerLoadPermissionsMiddleware = exports.appMiddleware = exports.middlewareWithDecode = exports.middleware = void 0;
32
35
  const jsonwebtoken_1 = require("jsonwebtoken");
33
36
  const ApiUser_1 = __importStar(require("./ApiUser"));
34
- const utils_1 = require("../utils");
35
37
  const tracer_1 = require("../tracer");
38
+ const app_auth_1 = require("../app-auth");
39
+ const appDoesNotExist_1 = __importDefault(require("../exceptions/appDoesNotExist"));
40
+ const utils_1 = require("../utils");
36
41
  exports.middleware = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
37
42
  try {
38
43
  const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
@@ -76,7 +81,7 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
76
81
  let decoded;
77
82
  if (req.headers.authorization) {
78
83
  try {
79
- decoded = utils_1.decodeBearer(req.headers.authorization);
84
+ decoded = yield utils_1.decodeBearer(req.headers.authorization);
80
85
  }
81
86
  catch (e) {
82
87
  if (e instanceof jsonwebtoken_1.TokenExpiredError) {
@@ -126,7 +131,7 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
126
131
  return next();
127
132
  });
128
133
  exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
129
- const { appId, clientSecret, appSecret, } = options;
134
+ const { appId, clientSecret, } = options;
130
135
  const trace = tracer_1.newTrace('userPayload');
131
136
  let decoded;
132
137
  if (!req.headers.authorization) {
@@ -136,7 +141,10 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
136
141
  });
137
142
  }
138
143
  try {
139
- decoded = utils_1.decodeBearer(req.headers.authorization, appSecret);
144
+ decoded = yield app_auth_1.decodeAppBearer(req.headers.authorization, appId);
145
+ if (!decoded) {
146
+ throw new appDoesNotExist_1.default();
147
+ }
140
148
  }
141
149
  catch (e) {
142
150
  if (e instanceof jsonwebtoken_1.TokenExpiredError) {
@@ -151,6 +159,12 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
151
159
  errors: [e.message],
152
160
  });
153
161
  }
162
+ if (e instanceof appDoesNotExist_1.default) {
163
+ res.status(400);
164
+ return res.json({
165
+ errors: [e.message],
166
+ });
167
+ }
154
168
  res.status(500);
155
169
  return res.json({
156
170
  errors: ['Server error while parsing token'],
@@ -161,13 +175,14 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
161
175
  req.headers['X-AF-USER-ID'] = userId;
162
176
  }
163
177
  const userObject = new ApiUser_1.default(userId);
164
- if (appId && clientSecret) {
178
+ if (appId) {
165
179
  req.headers['x-autofleet-apps-secret'] = clientSecret;
166
180
  // Won't work until we find a better solution for identity ms
167
181
  yield userObject.getUserAppPermissions(appId, clientSecret);
168
182
  }
169
183
  req.user = userObject;
170
184
  trace.context.set('userObject', userObject);
185
+ trace.context.set('accessToken', utils_1.getAuthFromBearer(req.headers.authorization));
171
186
  // Added in order to support outbreak.
172
187
  req.headers['x-af-user-permissions'] = userObject;
173
188
  return next();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@autofleet/zehut",
3
- "version": "1.8.3",
3
+ "version": "2.0.0",
4
4
  "description": "manage user's identity",
5
5
  "main": "lib/index.js",
6
6
  "types": "lib/index.d.ts",