@eduzz/miau-client 0.0.18 → 0.0.19

package/.turbo/turbo-build$colon$types.log

@@ -1,4 +1,4 @@
 
-> @eduzz/miau-client@0.0.18 build:types /home/runner/work/eduzz-miau/eduzz-miau/packages/client
+> @eduzz/miau-client@0.0.19 build:types /home/runner/work/eduzz-miau/eduzz-miau/packages/client
 > tsc --emitDeclarationOnly --outDir dist
 

package/.turbo/turbo-prepublish.log

@@ -1,4 +1,4 @@
 
-> @eduzz/miau-client@0.0.18 prepublish /home/runner/work/eduzz-miau/eduzz-miau/packages/client
+> @eduzz/miau-client@0.0.19 prepublish /home/runner/work/eduzz-miau/eduzz-miau/packages/client
 > sh ./scripts/prepare-publish.sh
 

package/dist/MiauClient.d.ts

@@ -4,18 +4,24 @@ import { type RequestAugmentation } from './middleware';
 type MiauClientConfig = {
     apiUrl: string;
     appSecret: string;
+    environment: string;
 };
 export declare class MiauClient {
     private apiUrl;
+    private environment;
     private jwtToken;
     private jwksClient;
     private basicAuthToken;
     private permissionsCache;
     private permissionsRequests;
-    constructor(props: MiauClientConfig);
+    constructor(config: MiauClientConfig);
+    getEnvironment(): string;
     getPublicKey(kid: string): Promise<string>;
     getToken(): Promise<string | undefined>;
-    middleware<T = Record<string, string>>(requestAugmentation?: RequestAugmentation<T>, fallbackMidlleware?: RequestHandler): RequestHandler;
+    middleware<T = Record<string, string>>(config?: {
+        requestAugmentation?: RequestAugmentation<T>;
+        fallbackMidlleware?: RequestHandler;
+    }): RequestHandler;
     getPermissions(targetAppId: string): Promise<Permission>;
     private requestPermissions;
     private getApiJwtUrl;

package/dist/index.js

@@ -11756,11 +11756,19 @@ var miauMiddleware = (miauClient, requestAugmentation, fallbackMidlleware) => {
         throw new HttpError(400, "Invalid Token", "Missing kid in token header");
       }
       const publicKey = await miauClient.getPublicKey(decodedToken.header.kid);
-      const appToken = import_jsonwebtoken.default.verify(token, publicKey, { algorithms: ["RS256"] });
-      if (!appToken || !appToken.id || !appToken.name) {
+      const clientToken = import_jsonwebtoken.default.verify(token, publicKey, { algorithms: ["RS256"] });
+      if (!clientToken || !clientToken.application || !clientToken.secret || !clientToken.application.id || !clientToken.secret.id || !clientToken.secret.environment) {
         throw new HttpError(400, "Invalid Token", "Token verification failed");
       }
-      const permission = await miauClient.getPermissions(appToken.id);
+      const { application, secret } = clientToken;
+      if (secret.environment != miauClient.getEnvironment()) {
+        throw new HttpError(
+          400,
+          "Invalid Environment",
+          `Secret environment ${secret.environment} does not match client environment ${miauClient.getEnvironment()}`
+        );
+      }
+      const permission = await miauClient.getPermissions(application.id);
       if (!permission) {
         throw new HttpError(401, "Unauthorized", "No permissions found for this application");
       }
@@ -11771,7 +11779,7 @@ var miauMiddleware = (miauClient, requestAugmentation, fallbackMidlleware) => {
       if (!isAllowed) {
         throw new HttpError(403, "Forbidden", `You do not have permission to access ${req.method} ${req.path}`);
       }
-      req.miauApplication = { id: appToken?.id, name: appToken?.name };
+      req.miauApplication = { id: application.id, name: application.name };
       req.miauMetadata = permission?.metadata || {};
       if (requestAugmentation) {
         requestAugmentation({ req, app: req.miauApplication, meta: req.miauMetadata });
@@ -11802,7 +11810,7 @@ var reusableFetch = async (input, init) => {
   });
 };
 var MiauClient = class {
-  constructor(props) {
+  constructor(config) {
     this.permissionsCache = /* @__PURE__ */ new Map();
     this.permissionsRequests = /* @__PURE__ */ new Map();
     this.getApiJwtUrl = () => {
@@ -11814,11 +11822,15 @@ var MiauClient = class {
     this.getJwksUrl = () => {
       return `${this.apiUrl}/v1/jwks.json`;
     };
-    this.apiUrl = props.apiUrl;
-    const apiKey = props.appSecret.substring(7, 32);
-    const hashedSecret = import_node_crypto.default.createHash("sha256").update(props.appSecret).digest("hex");
+    this.apiUrl = config.apiUrl;
+    this.environment = config.environment;
+    const apiKey = config.appSecret.substring(7, 32);
+    const hashedSecret = import_node_crypto.default.createHash("sha256").update(config.appSecret).digest("hex");
     this.basicAuthToken = Buffer.from(`${apiKey}:${hashedSecret}`).toString("base64");
   }
+  getEnvironment() {
+    return this.environment;
+  }
   async getPublicKey(kid) {
     if (!this.jwksClient) {
       this.jwksClient = new import_jwks_rsa.JwksClient({ jwksUri: this.getJwksUrl(), cache: true });
@@ -11840,14 +11852,15 @@ var MiauClient = class {
         "Content-Type": "application/json"
       }
     });
+    const data = await response.json();
     if (response.status !== 200) {
-      throw new Error("Failed to fetch token");
+      throw new Error(data.message || "Failed to fetch JWT token");
     }
-    this.jwtToken = (await response.json()).jwt;
+    this.jwtToken = data.jwt;
     return this.jwtToken;
   }
-  middleware(requestAugmentation, fallbackMidlleware) {
-    return miauMiddleware(this, requestAugmentation, fallbackMidlleware);
+  middleware(config) {
+    return miauMiddleware(this, config?.requestAugmentation, config?.fallbackMidlleware);
   }
   async getPermissions(targetAppId) {
     if (this.permissionsCache.has(targetAppId)) {