npm - @boxyhq/saml-jackson - Versions diffs - 0.1.5-beta.116 → 0.1.5-beta.117 - Mend

@boxyhq/saml-jackson 0.1.5-beta.116 → 0.1.5-beta.117

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.1.5-beta.116",
+  "version": "0.1.5-beta.117",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
   "main": "src/index.js",

package/src/controller/oauth.js CHANGED Viewed

@@ -2,7 +2,7 @@ const crypto = require('crypto');
 const saml = require('../saml/saml.js');
 const codeVerifier = require('./oauth/code-verifier.js');
-const { indexNames } = require('./utils.js');
+const { indexNames, extractAuthToken } = require('./utils.js');
 const dbutils = require('../db/utils.js');
 const redirect = require('./oauth/redirect.js');
 const allowed = require('./oauth/allowed.js');
@@ -15,16 +15,6 @@ let options;
 const relayStatePrefix = 'boxyhq_jackson_';
-const extractBearerToken = (req) => {
-  const authHeader = req.get('authorization');
-  const parts = (authHeader || '').split(' ');
-  if (parts.length > 1) {
-    return parts[1];
-  }
-  return null;
-};
 function getEncodedClientId(client_id) {
   try {
     const sp = new URLSearchParams(client_id);
@@ -303,7 +293,7 @@ const token = async (req, res) => {
 };
 const userInfo = async (req, res) => {
-  let token = extractBearerToken(req);
+  let token = extractAuthToken(req);
   // check for query param
   if (!token) {

package/src/controller/utils.js CHANGED Viewed

@@ -3,6 +3,17 @@ const indexNames = {
   tenantProduct: 'tenantProduct',
 };
+const extractAuthToken = (req) => {
+  const authHeader = req.get('authorization');
+  const parts = (authHeader || '').split(' ');
+  if (parts.length > 1) {
+    return parts[1];
+  }
+  return null;
+};
 module.exports = {
   indexNames,
+  extractAuthToken,
 };

package/src/env.js CHANGED Viewed

@@ -7,6 +7,8 @@ const samlPath = process.env.SAML_PATH || '/oauth/saml';
 const internalHostUrl = process.env.INTERNAL_HOST_URL || 'localhost';
 const internalHostPort = (process.env.INTERNAL_HOST_PORT || '6000') * 1;
+const apiKeys = (process.env.JACKSON_API_KEYS || '').split(',');
 const samlAudience = process.env.SAML_AUDIENCE;
 const preLoadedConfig = process.env.PRE_LOADED_CONFIG;
@@ -27,6 +29,7 @@ module.exports = {
   preLoadedConfig,
   internalHostUrl,
   internalHostPort,
+  apiKeys,
   idpEnabled,
   db,
   useInternalServer: !(

package/src/jackson.js CHANGED Viewed

@@ -2,6 +2,7 @@ const express = require('express');
 const cors = require('cors');
 const env = require('./env.js');
+const { extractAuthToken } = require('./controller/utils.js');
 let apiController;
 let oauthController;
@@ -66,8 +67,18 @@ if (env.useInternalServer) {
   internalApp.use(express.urlencoded({ extended: true }));
 }
+const validateApiKey = (token) => {
+  return env.apiKeys.includes(token);
+};
 internalApp.post(apiPath + '/config', async (req, res) => {
   try {
+    const apiKey = extractAuthToken(req);
+    if (!validateApiKey(apiKey)) {
+      res.status(401).send('Unauthorized');
+      return;
+    }
     res.json(await apiController.config(req.body));
   } catch (err) {
     res.status(500).json({