@eduzz/miau-client 0.0.14 → 0.0.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build$colon$types.log +1 -1
- package/.turbo/turbo-build.log +4 -4
- package/.turbo/turbo-prepublish.log +1 -1
- package/dist/index.js +10 -9
- package/dist/index.js.map +2 -2
- package/dist/miau-types/types/Application.d.ts +2 -2
- package/dist/miau-types/types/Organization.d.ts +2 -2
- package/dist/miau-types/types/Permission.d.ts +2 -2
- package/dist/miau-types/types/Resource.d.ts +3 -3
- package/dist/miau-types/types/Secret.d.ts +2 -2
- package/package.json +1 -1
- package/src/MiauClient.ts +1 -1
- package/src/middleware.ts +6 -5
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
export type
|
|
2
|
-
export declare const
|
|
1
|
+
export type ResourceProtocol = 'http' | 'websocket' | 'grpc';
|
|
2
|
+
export declare const ResourceProtocols: ResourceProtocol[];
|
|
3
3
|
export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS';
|
|
4
4
|
export declare const HttpMethods: HttpMethod[];
|
|
5
5
|
export type Resource = {
|
|
6
6
|
id?: string;
|
|
7
|
-
|
|
7
|
+
protocol: ResourceProtocol;
|
|
8
8
|
method: HttpMethod;
|
|
9
9
|
path: string;
|
|
10
10
|
};
|
package/package.json
CHANGED
package/src/MiauClient.ts
CHANGED
|
@@ -33,7 +33,7 @@ export class MiauClient {
|
|
|
33
33
|
|
|
34
34
|
constructor(props: MiauClientConfig) {
|
|
35
35
|
this.apiUrl = props.apiUrl;
|
|
36
|
-
const apiKey = props.appSecret.substring(7,
|
|
36
|
+
const apiKey = props.appSecret.substring(7, 32);
|
|
37
37
|
this.basicAuthToken = Buffer.from(`${apiKey}:${props.appSecret}`).toString('base64');
|
|
38
38
|
}
|
|
39
39
|
|
package/src/middleware.ts
CHANGED
|
@@ -36,26 +36,26 @@ export const miauMiddleware = <T>(
|
|
|
36
36
|
const token = req.headers.authorization?.split(' ').pop();
|
|
37
37
|
|
|
38
38
|
if (!token) {
|
|
39
|
-
throw new HttpError(
|
|
39
|
+
throw new HttpError(400, 'Invalid Token', 'Token not provided');
|
|
40
40
|
}
|
|
41
41
|
|
|
42
42
|
const decodedToken = jwt.decode(token, { complete: true }) as { header: { kid: string } };
|
|
43
43
|
|
|
44
44
|
if (!decodedToken?.header?.kid) {
|
|
45
|
-
throw new HttpError(
|
|
45
|
+
throw new HttpError(400, 'Invalid Token', 'Missing kid in token header');
|
|
46
46
|
}
|
|
47
47
|
|
|
48
48
|
const publicKey = await miauClient.getPublicKey(decodedToken.header.kid);
|
|
49
49
|
const appToken = jwt.verify(token, publicKey, { algorithms: ['RS256'] }) as MiauApplication;
|
|
50
50
|
|
|
51
51
|
if (!appToken || !appToken.id || !appToken.name) {
|
|
52
|
-
throw new HttpError(
|
|
52
|
+
throw new HttpError(400, 'Invalid Token', 'Token verification failed');
|
|
53
53
|
}
|
|
54
54
|
|
|
55
55
|
const permission = await miauClient.getPermissions(appToken.id);
|
|
56
56
|
|
|
57
57
|
if (!permission) {
|
|
58
|
-
|
|
58
|
+
throw new HttpError(401, 'Unauthorized', 'No permissions found for this application');
|
|
59
59
|
}
|
|
60
60
|
|
|
61
61
|
const resources = permission?.resources || [];
|
|
@@ -80,7 +80,8 @@ export const miauMiddleware = <T>(
|
|
|
80
80
|
|
|
81
81
|
next();
|
|
82
82
|
} catch (err: HttpError | any) {
|
|
83
|
-
if (err instanceof HttpError && err.status ==
|
|
83
|
+
if (err instanceof HttpError && err.status == 400 && fallbackMidlleware) {
|
|
84
|
+
console.log('Using fallback middleware for 400 error');
|
|
84
85
|
return fallbackMidlleware(req, res, next);
|
|
85
86
|
}
|
|
86
87
|
|