npm - @backstage/backend-app-api - Versions diffs - 0.7.2-next.1 → 0.7.2 - Mend

@backstage/backend-app-api 0.7.2-next.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,40 +1,16 @@
 # @backstage/backend-app-api
-## 0.7.2-next.1
+## 0.7.2
 ### Patch Changes
-- 09f8988: Remove explicit `alg` check for user tokens in `verifyToken`
-- Updated dependencies
-  - @backstage/backend-common@0.22.0-next.1
-  - @backstage/backend-tasks@0.5.23-next.1
-  - @backstage/plugin-auth-node@0.4.13-next.1
-  - @backstage/plugin-permission-node@0.7.29-next.1
-  - @backstage/cli-node@0.2.5
-  - @backstage/config-loader@1.8.0
-  - @backstage/backend-plugin-api@0.6.18-next.1
+- b6b59c5: Redact `meta` fields too with the logger
-## 0.7.1-next.0
+## 0.7.1
 ### Patch Changes
-- 4cd5ff0: Add ability to configure the Node.js HTTP Server when configuring the root HTTP Router service
-- e8199b1: Move the JWKS registration outside of the lifecycle middleware
-- dc8c5dd: The default `TokenManager` implementation no longer requires keys to be configured in production, but it will throw an errors when generating or authenticating tokens. The default `AuthService` implementation will now also provide additional context if such an error is throw when falling back to using the `TokenManager` service to generate tokens for outgoing requests.
-- 025641b: Redact `meta` fields too with the logger
-- 5863e02: Internal refactor to only create one external token handler
-- Updated dependencies
-  - @backstage/plugin-auth-node@0.4.13-next.0
-  - @backstage/backend-common@0.21.8-next.0
-  - @backstage/backend-plugin-api@0.6.18-next.0
-  - @backstage/backend-tasks@0.5.23-next.0
-  - @backstage/cli-common@0.1.13
-  - @backstage/cli-node@0.2.5
-  - @backstage/config@1.2.0
-  - @backstage/config-loader@1.8.0
-  - @backstage/errors@1.2.4
-  - @backstage/types@1.1.1
-  - @backstage/plugin-permission-node@0.7.29-next.0
+- 3554ebe: Move the JWKS registration outside of the lifecycle middleware
 ## 0.7.0

package/alpha/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/backend-app-api",
-  "version": "0.7.2-next.1",
+  "version": "0.7.2",
   "main": "../dist/alpha.cjs.js",
   "types": "../dist/alpha.d.ts"
 }

package/dist/index.cjs.js CHANGED Viewed

@@ -26,10 +26,10 @@ var backendCommon = require('@backstage/backend-common');
 var jose = require('jose');
 var uuid = require('uuid');
 var pluginAuthNode = require('@backstage/plugin-auth-node');
-var types = require('@backstage/types');
 var backendAppApi = require('@backstage/backend-app-api');
 var cookie = require('cookie');
 var Router = require('express-promise-router');
+var types = require('@backstage/types');
 var pathToRegexp = require('path-to-regexp');
 var pluginPermissionNode = require('@backstage/plugin-permission-node');
 var express = require('express');
@@ -618,7 +618,7 @@ var __accessCheck$e = (obj, member, msg) => {
 };
 var __privateGet$c = (obj, member, getter) => {
   __accessCheck$e(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$e = (obj, member, value) => {
   if (member.has(obj))
@@ -627,7 +627,7 @@ var __privateAdd$e = (obj, member, value) => {
 };
 var __privateSet$a = (obj, member, value, setter) => {
   __accessCheck$e(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _config, _logger;
@@ -811,7 +811,7 @@ var __accessCheck$d = (obj, member, msg) => {
 };
 var __privateGet$b = (obj, member, getter) => {
   __accessCheck$d(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$d = (obj, member, value) => {
   if (member.has(obj))
@@ -820,7 +820,7 @@ var __privateAdd$d = (obj, member, value) => {
 };
 var __privateSet$9 = (obj, member, value, setter) => {
   __accessCheck$d(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _winston, _addRedactions;
@@ -948,7 +948,7 @@ var __accessCheck$c = (obj, member, msg) => {
 };
 var __privateGet$a = (obj, member, getter) => {
   __accessCheck$c(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$c = (obj, member, value) => {
   if (member.has(obj))
@@ -957,7 +957,7 @@ var __privateAdd$c = (obj, member, value) => {
 };
 var __privateSet$8 = (obj, member, value, setter) => {
   __accessCheck$c(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _hasStarted$1, _startupTasks$1, _hasShutdown, _shutdownTasks;
@@ -1042,7 +1042,7 @@ var __accessCheck$b = (obj, member, msg) => {
 };
 var __privateGet$9 = (obj, member, getter) => {
   __accessCheck$b(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$b = (obj, member, value) => {
   if (member.has(obj))
@@ -1051,7 +1051,7 @@ var __privateAdd$b = (obj, member, value) => {
 };
 var __privateSet$7 = (obj, member, value, setter) => {
   __accessCheck$b(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _hasStarted, _startupTasks;
@@ -1122,7 +1122,7 @@ var __accessCheck$a = (obj, member, msg) => {
 };
 var __privateGet$8 = (obj, member, getter) => {
   __accessCheck$a(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$a = (obj, member, value) => {
   if (member.has(obj))
@@ -1131,7 +1131,7 @@ var __privateAdd$a = (obj, member, value) => {
 };
 var __privateSet$6 = (obj, member, value, setter) => {
   __accessCheck$a(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod$7 = (obj, member, method) => {
@@ -1331,7 +1331,7 @@ var __accessCheck$9 = (obj, member, msg) => {
 };
 var __privateGet$7 = (obj, member, getter) => {
   __accessCheck$9(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$9 = (obj, member, value) => {
   if (member.has(obj))
@@ -1340,7 +1340,7 @@ var __privateAdd$9 = (obj, member, value) => {
 };
 var __privateSet$5 = (obj, member, value, setter) => {
   __accessCheck$9(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod$6 = (obj, member, method) => {
@@ -1570,7 +1570,7 @@ var __accessCheck$8 = (obj, member, msg) => {
 };
 var __privateGet$6 = (obj, member, getter) => {
   __accessCheck$8(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$8 = (obj, member, value) => {
   if (member.has(obj))
@@ -1579,7 +1579,7 @@ var __privateAdd$8 = (obj, member, value) => {
 };
 var __privateSet$4 = (obj, member, value, setter) => {
   __accessCheck$8(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod$5 = (obj, member, method) => {
@@ -1870,7 +1870,7 @@ var __accessCheck$7 = (obj, member, msg) => {
 };
 var __privateGet$5 = (obj, member, getter) => {
   __accessCheck$7(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$7 = (obj, member, value) => {
   if (member.has(obj))
@@ -1879,7 +1879,7 @@ var __privateAdd$7 = (obj, member, value) => {
 };
 var __privateSet$3 = (obj, member, value, setter) => {
   __accessCheck$7(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _initializer;
@@ -2147,12 +2147,7 @@ class DefaultAuthService {
             targetPluginId
           });
         }
-        return this.tokenManager.getToken().catch((error) => {
-          throw new errors.ForwardedError(
-            `Unable to generate legacy token for communication with the '${targetPluginId}' plugin. You will typically encounter this error when attempting to call a plugin that does not exist, or is deployed with an old version of Backstage`,
-            error
-          );
-        });
+        return this.tokenManager.getToken();
       case "user": {
         const { token } = internalForward;
         if (!token) {
@@ -2210,7 +2205,7 @@ var __accessCheck$5 = (obj, member, msg) => {
 };
 var __privateGet$4 = (obj, member, getter) => {
   __accessCheck$5(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$5 = (obj, member, value) => {
   if (member.has(obj))
@@ -2219,7 +2214,7 @@ var __privateAdd$5 = (obj, member, value) => {
 };
 var __privateSet$2 = (obj, member, value, setter) => {
   __accessCheck$5(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _keyStore, _keyStoreUpdated;
@@ -2297,7 +2292,7 @@ class PluginTokenHandler {
       options.logger,
       options.ownPluginId,
       options.publicKeyStore,
-      Math.round(types.durationToMilliseconds(options.keyDuration) / 1e3),
+      options.keyDurationSeconds,
       (_a = options.algorithm) != null ? _a : "ES256",
       options.discovery
     );
@@ -2467,16 +2462,18 @@ var __privateMethod$3 = (obj, member, method) => {
 };
 var _getTokenVerificationOptions, getTokenVerificationOptions_fn;
 const _UserTokenHandler = class _UserTokenHandler {
-  constructor(jwksClient) {
+  constructor(algorithms, jwksClient) {
+    this.algorithms = algorithms;
     this.jwksClient = jwksClient;
     __privateAdd$4(this, _getTokenVerificationOptions);
   }
   static create(options) {
+    const algorithms = ["ES256"];
     const jwksClient = new JwksClient(async () => {
       const url = await options.discovery.getBaseUrl("auth");
       return new URL(`${url}/.well-known/jwks.json`);
     });
-    return new _UserTokenHandler(jwksClient);
+    return new _UserTokenHandler(algorithms, jwksClient);
   }
   async verifyToken(token) {
     const verifyOpts = __privateMethod$3(this, _getTokenVerificationOptions, getTokenVerificationOptions_fn).call(this, token);
@@ -2549,12 +2546,14 @@ getTokenVerificationOptions_fn = function(token) {
     const { typ } = jose.decodeProtectedHeader(token);
     if (typ === pluginAuthNode.tokenTypes.user.typParam) {
       return {
+        algorithms: this.algorithms,
         requiredClaims: ["iat", "exp", "sub"],
         typ: pluginAuthNode.tokenTypes.user.typParam
       };
     }
     if (typ === pluginAuthNode.tokenTypes.limitedUser.typParam) {
       return {
+        algorithms: this.algorithms,
         requiredClaims: ["iat", "exp", "sub"],
         typ: pluginAuthNode.tokenTypes.limitedUser.typParam
       };
@@ -2562,6 +2561,7 @@ getTokenVerificationOptions_fn = function(token) {
     const { aud } = jose.decodeJwt(token);
     if (aud === pluginAuthNode.tokenTypes.user.audClaim) {
       return {
+        algorithms: this.algorithms,
         audience: pluginAuthNode.tokenTypes.user.audClaim
       };
     }
@@ -2577,7 +2577,7 @@ var __accessCheck$3 = (obj, member, msg) => {
 };
 var __privateGet$3 = (obj, member, getter) => {
   __accessCheck$3(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$3 = (obj, member, value) => {
   if (member.has(obj))
@@ -2651,7 +2651,7 @@ var __accessCheck$2 = (obj, member, msg) => {
 };
 var __privateGet$2 = (obj, member, getter) => {
   __accessCheck$2(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$2 = (obj, member, value) => {
   if (member.has(obj))
@@ -2753,16 +2753,7 @@ const authServiceFactory = backendPluginApi.createServiceFactory({
     // new auth services in the new backend system.
     tokenManager: backendPluginApi.coreServices.tokenManager
   },
-  async createRootContext({ config, logger }) {
-    const externalTokens = ExternalTokenHandler.create({
-      config,
-      logger
-    });
-    return {
-      externalTokens
-    };
-  },
-  async factory({ config, discovery, plugin, tokenManager, logger, database }, { externalTokens }) {
+  async factory({ config, discovery, plugin, tokenManager, logger, database }) {
     const disableDefaultAuthPolicy = Boolean(
       config.getOptionalBoolean(
         "backend.auth.dangerouslyDisableDefaultAuthPolicy"
@@ -2777,11 +2768,15 @@ const authServiceFactory = backendPluginApi.createServiceFactory({
     });
     const pluginTokens = PluginTokenHandler.create({
       ownPluginId: plugin.getId(),
-      keyDuration: { hours: 1 },
+      keyDurationSeconds: 60 * 60,
       logger,
       publicKeyStore,
       discovery
     });
+    const externalTokens = ExternalTokenHandler.create({
+      config,
+      logger
+    });
     return new DefaultAuthService(
       userTokens,
       pluginTokens,
@@ -2945,7 +2940,7 @@ var __accessCheck$1 = (obj, member, msg) => {
 };
 var __privateGet$1 = (obj, member, getter) => {
   __accessCheck$1(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$1 = (obj, member, value) => {
   if (member.has(obj))
@@ -2954,7 +2949,7 @@ var __privateAdd$1 = (obj, member, value) => {
 };
 var __privateSet$1 = (obj, member, value, setter) => {
   __accessCheck$1(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod$1 = (obj, member, method) => {
@@ -3386,7 +3381,7 @@ var __accessCheck = (obj, member, msg) => {
 };
 var __privateGet = (obj, member, getter) => {
   __accessCheck(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd = (obj, member, value) => {
   if (member.has(obj))
@@ -3395,7 +3390,7 @@ var __privateAdd = (obj, member, value) => {
 };
 var __privateSet = (obj, member, value, setter) => {
   __accessCheck(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod = (obj, member, method) => {
@@ -3477,8 +3472,15 @@ findConflictingPath_fn = function(newPath) {
 };
 let DefaultRootHttpRouter = _DefaultRootHttpRouter;
-function defaultConfigure({ applyDefaults }) {
-  applyDefaults();
+function defaultConfigure(context) {
+  const { app, routes, middleware } = context;
+  app.use(middleware.helmet());
+  app.use(middleware.cors());
+  app.use(middleware.compression());
+  app.use(middleware.logging());
+  app.use(routes);
+  app.use(middleware.notFound());
+  app.use(middleware.error());
 }
 const rootHttpRouterServiceFactory = backendPluginApi.createServiceFactory(
   (options) => ({
@@ -3494,30 +3496,19 @@ const rootHttpRouterServiceFactory = backendPluginApi.createServiceFactory(
       const app = express__default.default();
       const router = DefaultRootHttpRouter.create({ indexPath });
       const middleware = MiddlewareFactory.create({ config, logger });
-      const routes = router.handler();
-      const server = await createHttpServer(
-        app,
-        readHttpServerOptions(config.getOptionalConfig("backend")),
-        { logger }
-      );
       configure({
         app,
-        server,
-        routes,
+        routes: router.handler(),
         middleware,
         config,
         logger,
-        lifecycle,
-        applyDefaults() {
-          app.use(middleware.helmet());
-          app.use(middleware.cors());
-          app.use(middleware.compression());
-          app.use(middleware.logging());
-          app.use(routes);
-          app.use(middleware.notFound());
-          app.use(middleware.error());
-        }
+        lifecycle
       });
+      const server = await createHttpServer(
+        app,
+        readHttpServerOptions(config.getOptionalConfig("backend")),
+        { logger }
+      );
       lifecycle.addShutdownHook(() => server.stop());
       await server.start();
       return router;
@@ -3571,8 +3562,7 @@ const tokenManagerServiceFactory = backendPluginApi.createServiceFactory({
   },
   createRootContext({ config, logger }) {
     return backendCommon.ServerTokenManager.fromConfig(config, {
-      logger,
-      allowDisabledTokenManager: true
+      logger
     });
   },
   async factory(_deps, tokenManager) {