@commercetools-backend/express 24.13.0 → 25.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
5
|
var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
|
|
6
|
-
var _concatInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/concat');
|
|
7
6
|
var _Map = require('@babel/runtime-corejs3/core-js-stable/map');
|
|
8
7
|
var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
|
|
9
8
|
var jose = require('jose');
|
|
@@ -15,7 +14,6 @@ var _Array$isArray = require('@babel/runtime-corejs3/core-js-stable/array/is-arr
|
|
|
15
14
|
function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
|
|
16
15
|
|
|
17
16
|
var _URL__default = /*#__PURE__*/_interopDefault(_URL);
|
|
18
|
-
var _concatInstanceProperty__default = /*#__PURE__*/_interopDefault(_concatInstanceProperty);
|
|
19
17
|
var _Map__default = /*#__PURE__*/_interopDefault(_Map);
|
|
20
18
|
var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
|
|
21
19
|
var _findInstanceProperty__default = /*#__PURE__*/_interopDefault(_findInstanceProperty);
|
|
@@ -81,14 +79,14 @@ const getFirstHeaderValueOrThrow = (headers, headerKey, errorMessage) => {
|
|
|
81
79
|
|
|
82
80
|
// Assign a session object to the request object.
|
|
83
81
|
const writeSessionContext = (request, verifiedToken) => {
|
|
84
|
-
const publicClaimForProjectKey =
|
|
85
|
-
const publicClaimForUserPermissionsKey =
|
|
82
|
+
const publicClaimForProjectKey = `${verifiedToken.iss}/claims/project_key`;
|
|
83
|
+
const publicClaimForUserPermissionsKey = `${verifiedToken.iss}/claims/user_permissions`;
|
|
86
84
|
request.session = {
|
|
87
85
|
userId: verifiedToken.sub,
|
|
88
86
|
projectKey: verifiedToken[publicClaimForProjectKey]
|
|
89
87
|
};
|
|
90
88
|
const userPermissions = verifiedToken[publicClaimForUserPermissionsKey];
|
|
91
|
-
if (Boolean(userPermissions
|
|
89
|
+
if (Boolean(userPermissions?.length)) {
|
|
92
90
|
request.session.userPermissions = userPermissions;
|
|
93
91
|
}
|
|
94
92
|
};
|
|
@@ -132,16 +130,16 @@ const throwIfIssuerIsNotAValidUrl = issuer => {
|
|
|
132
130
|
try {
|
|
133
131
|
new _URL__default["default"](issuer);
|
|
134
132
|
} catch (error) {
|
|
135
|
-
throw new Error(
|
|
133
|
+
throw new Error(`Invalid issuer URL "${issuer}". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/merchant-center-customizations/concepts/merchant-center-api#hostnames.`);
|
|
136
134
|
}
|
|
137
135
|
};
|
|
138
136
|
// Validates required option values.
|
|
139
137
|
const validateRequiredValues = options => {
|
|
140
138
|
if (!options.audience) {
|
|
141
|
-
throw new Error(
|
|
139
|
+
throw new Error(`Missing required option "audience"`);
|
|
142
140
|
}
|
|
143
141
|
if (!options.issuer) {
|
|
144
|
-
throw new Error(
|
|
142
|
+
throw new Error(`Missing required option "issuer"`);
|
|
145
143
|
}
|
|
146
144
|
};
|
|
147
145
|
// Attempt to parse the given issuer. If the value is a cloud identifier, it will
|
|
@@ -159,19 +157,17 @@ const getConfiguredDefaultIssuer = options => {
|
|
|
159
157
|
// If the request path is `/`, do not append it to the audience, otherwise
|
|
160
158
|
// the token validation might fail because of mismatching audiences.
|
|
161
159
|
const getConfiguredAudience = (options, requestPath) => {
|
|
162
|
-
var _context;
|
|
163
160
|
// remove the trailing slash
|
|
164
|
-
const url = new _URL__default["default"](
|
|
161
|
+
const url = new _URL__default["default"](`${options.audience.replace(/\/?$/, '')}${requestPath}`);
|
|
165
162
|
switch (options.audiencePolicy) {
|
|
166
163
|
case 'forward-url-origin':
|
|
167
164
|
return url.origin;
|
|
168
165
|
default:
|
|
169
166
|
{
|
|
170
|
-
var _context2;
|
|
171
167
|
if (requestPath === '/') {
|
|
172
168
|
return url.origin;
|
|
173
169
|
}
|
|
174
|
-
return
|
|
170
|
+
return `${url.origin}${url.pathname}`;
|
|
175
171
|
}
|
|
176
172
|
}
|
|
177
173
|
};
|
|
@@ -181,7 +177,7 @@ function getJwksClientByIssuer(issuer) {
|
|
|
181
177
|
if (client) {
|
|
182
178
|
return client;
|
|
183
179
|
}
|
|
184
|
-
const newClient = jose.createRemoteJWKSet(new _URL__default["default"](
|
|
180
|
+
const newClient = jose.createRemoteJWKSet(new _URL__default["default"](`/.well-known/jwks.json`, issuer));
|
|
185
181
|
jwksClientByIssuer.set(issuer, newClient);
|
|
186
182
|
return newClient;
|
|
187
183
|
}
|
|
@@ -191,27 +187,25 @@ function createSessionAuthVerifier(options) {
|
|
|
191
187
|
|
|
192
188
|
// Returns an async HTTP handler.
|
|
193
189
|
return async request => {
|
|
194
|
-
var _mapCloudIdentifierTo, _request$originalUrl;
|
|
195
190
|
// Get the cloud identifier header, forwarded by the `/proxy/forward-to` endpoint.
|
|
196
|
-
const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER,
|
|
197
|
-
let issuer = options.inferIssuer && cloudIdentifierHeader ?
|
|
191
|
+
const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, `Missing "X-MC-API-Cloud-Identifier" header.`);
|
|
192
|
+
let issuer = options.inferIssuer && cloudIdentifierHeader ? mapCloudIdentifierToIssuer(cloudIdentifierHeader) ?? configuredDefaultIssuer : configuredDefaultIssuer;
|
|
198
193
|
|
|
199
194
|
// Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
|
|
200
195
|
// The version should be sent by the client making the request, to use the features of v2.
|
|
201
|
-
const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION,
|
|
196
|
+
const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, `Missing "X-MC-API-Forward-To-Version" header.`);
|
|
202
197
|
if (proxyForwardVersion === 'v1') {
|
|
203
|
-
var _mapToLegacyIssuer;
|
|
204
198
|
// Fall back to legacy issuer domains
|
|
205
|
-
issuer =
|
|
199
|
+
issuer = mapToLegacyIssuer(cloudIdentifierHeader) ?? issuer;
|
|
206
200
|
}
|
|
207
|
-
const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) :
|
|
201
|
+
const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : request.originalUrl ?? request.url;
|
|
208
202
|
if (!requestUrlPath || !_startsWithInstanceProperty__default["default"](requestUrlPath).call(requestUrlPath, '/')) {
|
|
209
|
-
throw new Error(
|
|
203
|
+
throw new Error(`Invalid request URI path "${requestUrlPath}". Please make sure that the "request" object has either a property "originalUrl" or "url". If not, you should implement the "getRequestUrl" function and make sure to return a valid URI path value starting with "/". More info at https://docs.commercetools.com/merchant-center-customizations/concepts/integrate-with-your-own-api#validating-the-json-web-token`);
|
|
210
204
|
}
|
|
211
205
|
const audience = getConfiguredAudience(options, requestUrlPath);
|
|
212
206
|
const authorizationHeader = request.headers['authorization'];
|
|
213
207
|
if (typeof authorizationHeader !== 'string') {
|
|
214
|
-
throw new Error(
|
|
208
|
+
throw new Error(`Missing "authorization" header`);
|
|
215
209
|
}
|
|
216
210
|
const exchangeToken = authorizationHeader.replace(/^Bearer (.*)$/, '$1');
|
|
217
211
|
const jwksClient = getJwksClientByIssuer(issuer);
|
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
5
|
var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
|
|
6
|
-
var _concatInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/concat');
|
|
7
6
|
var _Map = require('@babel/runtime-corejs3/core-js-stable/map');
|
|
8
7
|
var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
|
|
9
8
|
var jose = require('jose');
|
|
@@ -15,7 +14,6 @@ var _Array$isArray = require('@babel/runtime-corejs3/core-js-stable/array/is-arr
|
|
|
15
14
|
function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
|
|
16
15
|
|
|
17
16
|
var _URL__default = /*#__PURE__*/_interopDefault(_URL);
|
|
18
|
-
var _concatInstanceProperty__default = /*#__PURE__*/_interopDefault(_concatInstanceProperty);
|
|
19
17
|
var _Map__default = /*#__PURE__*/_interopDefault(_Map);
|
|
20
18
|
var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
|
|
21
19
|
var _findInstanceProperty__default = /*#__PURE__*/_interopDefault(_findInstanceProperty);
|
|
@@ -81,14 +79,14 @@ const getFirstHeaderValueOrThrow = (headers, headerKey, errorMessage) => {
|
|
|
81
79
|
|
|
82
80
|
// Assign a session object to the request object.
|
|
83
81
|
const writeSessionContext = (request, verifiedToken) => {
|
|
84
|
-
const publicClaimForProjectKey =
|
|
85
|
-
const publicClaimForUserPermissionsKey =
|
|
82
|
+
const publicClaimForProjectKey = `${verifiedToken.iss}/claims/project_key`;
|
|
83
|
+
const publicClaimForUserPermissionsKey = `${verifiedToken.iss}/claims/user_permissions`;
|
|
86
84
|
request.session = {
|
|
87
85
|
userId: verifiedToken.sub,
|
|
88
86
|
projectKey: verifiedToken[publicClaimForProjectKey]
|
|
89
87
|
};
|
|
90
88
|
const userPermissions = verifiedToken[publicClaimForUserPermissionsKey];
|
|
91
|
-
if (Boolean(userPermissions
|
|
89
|
+
if (Boolean(userPermissions?.length)) {
|
|
92
90
|
request.session.userPermissions = userPermissions;
|
|
93
91
|
}
|
|
94
92
|
};
|
|
@@ -132,16 +130,16 @@ const throwIfIssuerIsNotAValidUrl = issuer => {
|
|
|
132
130
|
try {
|
|
133
131
|
new _URL__default["default"](issuer);
|
|
134
132
|
} catch (error) {
|
|
135
|
-
throw new Error(
|
|
133
|
+
throw new Error(`Invalid issuer URL "${issuer}". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/merchant-center-customizations/concepts/merchant-center-api#hostnames.`);
|
|
136
134
|
}
|
|
137
135
|
};
|
|
138
136
|
// Validates required option values.
|
|
139
137
|
const validateRequiredValues = options => {
|
|
140
138
|
if (!options.audience) {
|
|
141
|
-
throw new Error(
|
|
139
|
+
throw new Error(`Missing required option "audience"`);
|
|
142
140
|
}
|
|
143
141
|
if (!options.issuer) {
|
|
144
|
-
throw new Error(
|
|
142
|
+
throw new Error(`Missing required option "issuer"`);
|
|
145
143
|
}
|
|
146
144
|
};
|
|
147
145
|
// Attempt to parse the given issuer. If the value is a cloud identifier, it will
|
|
@@ -159,19 +157,17 @@ const getConfiguredDefaultIssuer = options => {
|
|
|
159
157
|
// If the request path is `/`, do not append it to the audience, otherwise
|
|
160
158
|
// the token validation might fail because of mismatching audiences.
|
|
161
159
|
const getConfiguredAudience = (options, requestPath) => {
|
|
162
|
-
var _context;
|
|
163
160
|
// remove the trailing slash
|
|
164
|
-
const url = new _URL__default["default"](
|
|
161
|
+
const url = new _URL__default["default"](`${options.audience.replace(/\/?$/, '')}${requestPath}`);
|
|
165
162
|
switch (options.audiencePolicy) {
|
|
166
163
|
case 'forward-url-origin':
|
|
167
164
|
return url.origin;
|
|
168
165
|
default:
|
|
169
166
|
{
|
|
170
|
-
var _context2;
|
|
171
167
|
if (requestPath === '/') {
|
|
172
168
|
return url.origin;
|
|
173
169
|
}
|
|
174
|
-
return
|
|
170
|
+
return `${url.origin}${url.pathname}`;
|
|
175
171
|
}
|
|
176
172
|
}
|
|
177
173
|
};
|
|
@@ -181,7 +177,7 @@ function getJwksClientByIssuer(issuer) {
|
|
|
181
177
|
if (client) {
|
|
182
178
|
return client;
|
|
183
179
|
}
|
|
184
|
-
const newClient = jose.createRemoteJWKSet(new _URL__default["default"](
|
|
180
|
+
const newClient = jose.createRemoteJWKSet(new _URL__default["default"](`/.well-known/jwks.json`, issuer));
|
|
185
181
|
jwksClientByIssuer.set(issuer, newClient);
|
|
186
182
|
return newClient;
|
|
187
183
|
}
|
|
@@ -191,27 +187,25 @@ function createSessionAuthVerifier(options) {
|
|
|
191
187
|
|
|
192
188
|
// Returns an async HTTP handler.
|
|
193
189
|
return async request => {
|
|
194
|
-
var _mapCloudIdentifierTo, _request$originalUrl;
|
|
195
190
|
// Get the cloud identifier header, forwarded by the `/proxy/forward-to` endpoint.
|
|
196
|
-
const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER,
|
|
197
|
-
let issuer = options.inferIssuer && cloudIdentifierHeader ?
|
|
191
|
+
const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, `Missing "X-MC-API-Cloud-Identifier" header.`);
|
|
192
|
+
let issuer = options.inferIssuer && cloudIdentifierHeader ? mapCloudIdentifierToIssuer(cloudIdentifierHeader) ?? configuredDefaultIssuer : configuredDefaultIssuer;
|
|
198
193
|
|
|
199
194
|
// Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
|
|
200
195
|
// The version should be sent by the client making the request, to use the features of v2.
|
|
201
|
-
const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION,
|
|
196
|
+
const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, `Missing "X-MC-API-Forward-To-Version" header.`);
|
|
202
197
|
if (proxyForwardVersion === 'v1') {
|
|
203
|
-
var _mapToLegacyIssuer;
|
|
204
198
|
// Fall back to legacy issuer domains
|
|
205
|
-
issuer =
|
|
199
|
+
issuer = mapToLegacyIssuer(cloudIdentifierHeader) ?? issuer;
|
|
206
200
|
}
|
|
207
|
-
const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) :
|
|
201
|
+
const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : request.originalUrl ?? request.url;
|
|
208
202
|
if (!requestUrlPath || !_startsWithInstanceProperty__default["default"](requestUrlPath).call(requestUrlPath, '/')) {
|
|
209
|
-
throw new Error(
|
|
203
|
+
throw new Error(`Invalid request URI path "${requestUrlPath}". Please make sure that the "request" object has either a property "originalUrl" or "url". If not, you should implement the "getRequestUrl" function and make sure to return a valid URI path value starting with "/". More info at https://docs.commercetools.com/merchant-center-customizations/concepts/integrate-with-your-own-api#validating-the-json-web-token`);
|
|
210
204
|
}
|
|
211
205
|
const audience = getConfiguredAudience(options, requestUrlPath);
|
|
212
206
|
const authorizationHeader = request.headers['authorization'];
|
|
213
207
|
if (typeof authorizationHeader !== 'string') {
|
|
214
|
-
throw new Error(
|
|
208
|
+
throw new Error(`Missing "authorization" header`);
|
|
215
209
|
}
|
|
216
210
|
const exchangeToken = authorizationHeader.replace(/^Bearer (.*)$/, '$1');
|
|
217
211
|
const jwksClient = getJwksClientByIssuer(issuer);
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import _URL from '@babel/runtime-corejs3/core-js-stable/url';
|
|
2
|
-
import _concatInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/concat';
|
|
3
2
|
import _Map from '@babel/runtime-corejs3/core-js-stable/map';
|
|
4
3
|
import _startsWithInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/starts-with';
|
|
5
4
|
import { jwtVerify, createRemoteJWKSet } from 'jose';
|
|
@@ -67,14 +66,14 @@ const getFirstHeaderValueOrThrow = (headers, headerKey, errorMessage) => {
|
|
|
67
66
|
|
|
68
67
|
// Assign a session object to the request object.
|
|
69
68
|
const writeSessionContext = (request, verifiedToken) => {
|
|
70
|
-
const publicClaimForProjectKey =
|
|
71
|
-
const publicClaimForUserPermissionsKey =
|
|
69
|
+
const publicClaimForProjectKey = `${verifiedToken.iss}/claims/project_key`;
|
|
70
|
+
const publicClaimForUserPermissionsKey = `${verifiedToken.iss}/claims/user_permissions`;
|
|
72
71
|
request.session = {
|
|
73
72
|
userId: verifiedToken.sub,
|
|
74
73
|
projectKey: verifiedToken[publicClaimForProjectKey]
|
|
75
74
|
};
|
|
76
75
|
const userPermissions = verifiedToken[publicClaimForUserPermissionsKey];
|
|
77
|
-
if (Boolean(userPermissions
|
|
76
|
+
if (Boolean(userPermissions?.length)) {
|
|
78
77
|
request.session.userPermissions = userPermissions;
|
|
79
78
|
}
|
|
80
79
|
};
|
|
@@ -118,16 +117,16 @@ const throwIfIssuerIsNotAValidUrl = issuer => {
|
|
|
118
117
|
try {
|
|
119
118
|
new _URL(issuer);
|
|
120
119
|
} catch (error) {
|
|
121
|
-
throw new Error(
|
|
120
|
+
throw new Error(`Invalid issuer URL "${issuer}". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/merchant-center-customizations/concepts/merchant-center-api#hostnames.`);
|
|
122
121
|
}
|
|
123
122
|
};
|
|
124
123
|
// Validates required option values.
|
|
125
124
|
const validateRequiredValues = options => {
|
|
126
125
|
if (!options.audience) {
|
|
127
|
-
throw new Error(
|
|
126
|
+
throw new Error(`Missing required option "audience"`);
|
|
128
127
|
}
|
|
129
128
|
if (!options.issuer) {
|
|
130
|
-
throw new Error(
|
|
129
|
+
throw new Error(`Missing required option "issuer"`);
|
|
131
130
|
}
|
|
132
131
|
};
|
|
133
132
|
// Attempt to parse the given issuer. If the value is a cloud identifier, it will
|
|
@@ -145,19 +144,17 @@ const getConfiguredDefaultIssuer = options => {
|
|
|
145
144
|
// If the request path is `/`, do not append it to the audience, otherwise
|
|
146
145
|
// the token validation might fail because of mismatching audiences.
|
|
147
146
|
const getConfiguredAudience = (options, requestPath) => {
|
|
148
|
-
var _context;
|
|
149
147
|
// remove the trailing slash
|
|
150
|
-
const url = new _URL(
|
|
148
|
+
const url = new _URL(`${options.audience.replace(/\/?$/, '')}${requestPath}`);
|
|
151
149
|
switch (options.audiencePolicy) {
|
|
152
150
|
case 'forward-url-origin':
|
|
153
151
|
return url.origin;
|
|
154
152
|
default:
|
|
155
153
|
{
|
|
156
|
-
var _context2;
|
|
157
154
|
if (requestPath === '/') {
|
|
158
155
|
return url.origin;
|
|
159
156
|
}
|
|
160
|
-
return
|
|
157
|
+
return `${url.origin}${url.pathname}`;
|
|
161
158
|
}
|
|
162
159
|
}
|
|
163
160
|
};
|
|
@@ -167,7 +164,7 @@ function getJwksClientByIssuer(issuer) {
|
|
|
167
164
|
if (client) {
|
|
168
165
|
return client;
|
|
169
166
|
}
|
|
170
|
-
const newClient = createRemoteJWKSet(new _URL(
|
|
167
|
+
const newClient = createRemoteJWKSet(new _URL(`/.well-known/jwks.json`, issuer));
|
|
171
168
|
jwksClientByIssuer.set(issuer, newClient);
|
|
172
169
|
return newClient;
|
|
173
170
|
}
|
|
@@ -177,27 +174,25 @@ function createSessionAuthVerifier(options) {
|
|
|
177
174
|
|
|
178
175
|
// Returns an async HTTP handler.
|
|
179
176
|
return async request => {
|
|
180
|
-
var _mapCloudIdentifierTo, _request$originalUrl;
|
|
181
177
|
// Get the cloud identifier header, forwarded by the `/proxy/forward-to` endpoint.
|
|
182
|
-
const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER,
|
|
183
|
-
let issuer = options.inferIssuer && cloudIdentifierHeader ?
|
|
178
|
+
const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, `Missing "X-MC-API-Cloud-Identifier" header.`);
|
|
179
|
+
let issuer = options.inferIssuer && cloudIdentifierHeader ? mapCloudIdentifierToIssuer(cloudIdentifierHeader) ?? configuredDefaultIssuer : configuredDefaultIssuer;
|
|
184
180
|
|
|
185
181
|
// Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
|
|
186
182
|
// The version should be sent by the client making the request, to use the features of v2.
|
|
187
|
-
const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION,
|
|
183
|
+
const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, `Missing "X-MC-API-Forward-To-Version" header.`);
|
|
188
184
|
if (proxyForwardVersion === 'v1') {
|
|
189
|
-
var _mapToLegacyIssuer;
|
|
190
185
|
// Fall back to legacy issuer domains
|
|
191
|
-
issuer =
|
|
186
|
+
issuer = mapToLegacyIssuer(cloudIdentifierHeader) ?? issuer;
|
|
192
187
|
}
|
|
193
|
-
const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) :
|
|
188
|
+
const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : request.originalUrl ?? request.url;
|
|
194
189
|
if (!requestUrlPath || !_startsWithInstanceProperty(requestUrlPath).call(requestUrlPath, '/')) {
|
|
195
|
-
throw new Error(
|
|
190
|
+
throw new Error(`Invalid request URI path "${requestUrlPath}". Please make sure that the "request" object has either a property "originalUrl" or "url". If not, you should implement the "getRequestUrl" function and make sure to return a valid URI path value starting with "/". More info at https://docs.commercetools.com/merchant-center-customizations/concepts/integrate-with-your-own-api#validating-the-json-web-token`);
|
|
196
191
|
}
|
|
197
192
|
const audience = getConfiguredAudience(options, requestUrlPath);
|
|
198
193
|
const authorizationHeader = request.headers['authorization'];
|
|
199
194
|
if (typeof authorizationHeader !== 'string') {
|
|
200
|
-
throw new Error(
|
|
195
|
+
throw new Error(`Missing "authorization" header`);
|
|
201
196
|
}
|
|
202
197
|
const exchangeToken = authorizationHeader.replace(/^Bearer (.*)$/, '$1');
|
|
203
198
|
const jwksClient = getJwksClientByIssuer(issuer);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@commercetools-backend/express",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "25.1.0",
|
|
4
4
|
"description": "Zero-config HTTP server as Express.js to facilitate development",
|
|
5
5
|
"bugs": "https://github.com/commercetools/merchant-center-application-kit/issues",
|
|
6
6
|
"repository": {
|