npm - @eduzz/miau-client - Versions diffs - 1.2.0 → 1.2.1-rc.133 - Mend

@eduzz/miau-client 1.2.0 → 1.2.1-rc.133

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/.turbo/turbo-build$colon$types.log +1 -1
package/dist/MiauClient.d.ts +10 -3
package/dist/index.js +101 -52
package/dist/index.js.map +2 -2
package/dist/miau-types/index.js +1 -3
package/dist/miau-types/index.js.map +2 -2
package/dist/miau-types/types/Secret.d.ts +6 -4
package/dist/miau-types/types/Secret.d.ts.map +1 -1
package/dist/middleware.d.ts +5 -3
package/package.json +1 -1
package/src/MiauClient.ts +26 -4
package/src/middleware.ts +127 -66
package/src/types/index.d.ts +8 -0

package/.turbo/turbo-build$colon$types.log CHANGED Viewed

@@ -1,4 +1,4 @@
-> @eduzz/miau-client@1.2.0 build:types /home/runner/work/eduzz-miau/eduzz-miau/packages/client
+> @eduzz/miau-client@1.2.1 build:types /home/runner/work/eduzz-miau/eduzz-miau/packages/client
 > tsc --emitDeclarationOnly --outDir dist

package/dist/MiauClient.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
-import { type RequestHandler } from 'express';
-import { type SecretEnv, type Permission, type Resource } from '@eduzz/miau-types';
+import { type Request, type RequestHandler } from 'express';
+import { type FastifyReply, type FastifyRequest } from 'fastify';
+import { type SecretEnv, type Permission, type Resource, type MiauClientToken } from '@eduzz/miau-types';
 import { type RequestAugmentation } from './middleware';
 type MiauClientConfig = {
     apiUrl: string;
@@ -14,12 +15,18 @@ export declare class MiauClient {
     getEnvironment(): SecretEnv;
     getPublicKey(kid: string): Promise<string>;
     getToken(): Promise<string | undefined>;
+    getTokenData: () => Promise<MiauClientToken>;
     middleware<T = Record<string, string>>(config?: {
-        requestAugmentation?: RequestAugmentation<T>;
+        requestAugmentation?: RequestAugmentation<T, Request>;
         fallbackMiddleware?: RequestHandler;
     }): RequestHandler;
+    hook<T = Record<string, string>>(config?: {
+        requestAugmentation?: RequestAugmentation<T, FastifyRequest>;
+        fallbackMiddleware?: (request: FastifyRequest, reply: FastifyReply) => void;
+    }): (request: FastifyRequest, reply: FastifyReply) => void;
     getResources(): Promise<Resource[]>;
     getPermissions(targetAppId: string): Promise<Permission>;
+    verify(token: string, publicKey: string): Promise<MiauClientToken>;
     private getApiJwtUrl;
     private getPermissionsUrl;
     private getResourcesUrl;

package/dist/index.js CHANGED Viewed

@@ -11816,9 +11816,7 @@ var expirationOptions = {
   "Twelve hours": "twelveHours",
   "One day": "oneDay",
   "One week": "sevenDays",
-  "One month": "oneMonth",
-  "Six months": "sixMonths",
-  "One year": "oneYear"
+  "One month": "oneMonth"
 };
 var expirationOptionsValues = Object.values(expirationOptions);
 var conversionMap = {
@@ -11909,63 +11907,79 @@ var isResourceAllowed = (resource, resources, permittedResources) => {
 // src/middleware.ts
 var HttpError = class _HttpError extends Error {
-  constructor(status, name, message) {
-    super(message);
+  constructor(status, name, message, code) {
+    super(`${message} (${code})`);
     this.name = name;
     this.status = status;
     Object.setPrototypeOf(this, _HttpError.prototype);
   }
 };
+var auth = async (token, method, path, miauClient) => {
+  if (!token) {
+    throw new HttpError(400, "Invalid Token", "Token not provided", "MIAU_TKN_A");
+  }
+  const decodedToken = import_jsonwebtoken.default.decode(token, { complete: true });
+  if (!decodedToken) {
+    throw new HttpError(400, "Invalid Token", "Token could not be decoded", "MIAU_TKN_B");
+  }
+  if (!decodedToken.header?.kid) {
+    throw new HttpError(400, "Invalid Token", "Missing kid in token header", "MIAU_TKN_C");
+  }
+  if (decodedToken.payload.iss !== issuers["production"]) {
+    throw new HttpError(400, "Invalid Token", "Token issuer is invalid", "MIAU_TKN_D");
+  }
+  const publicKey = await miauClient.getPublicKey(decodedToken.header.kid);
+  const clientTokenData = await miauClient.verify(token, publicKey);
+  const serverTokenData = await miauClient.getTokenData();
+  if (!clientTokenData || !clientTokenData.application || !clientTokenData.secret || !clientTokenData.application.id || !clientTokenData.secret.id || !clientTokenData.secret.environment) {
+    throw new HttpError(401, "Invalid Token", "Token invalid or expired", "MIAU_TKN_E");
+  }
+  const { application: clientApplication, secret: clientSecret } = clientTokenData;
+  const { application: serverApplication, secret: serverSecret } = serverTokenData;
+  if (clientSecret.environment != serverSecret.environment) {
+    throw new HttpError(
+      401,
+      "Invalid Environment",
+      `Secret environment ${clientSecret.environment} does not match Server environment ${serverSecret.environment}`,
+      "MIAU_ENV_A"
+    );
+  }
+  const resources = await miauClient.getResources();
+  if (!resources) {
+    throw new HttpError(401, "Unauthorized", `No resources configured in ${serverApplication.name}`, "MIAU_RES_A");
+  }
+  const permission = await miauClient.getPermissions(clientApplication.id);
+  if (!permission) {
+    throw new HttpError(
+      401,
+      "Unauthorized",
+      `No permissions found for ${clientApplication.name} in ${serverApplication.name}`,
+      "MIAU_PERM_A"
+    );
+  }
+  const permittedResources = permission?.resources || [];
+  const resource = { protocol: "http", method, path };
+  const isAllowed = isResourceAllowed(resource, resources, permittedResources);
+  if (!isAllowed) {
+    throw new HttpError(
+      403,
+      "Forbidden",
+      `${clientApplication.name} does not have permission to ${method} ${path} on ${serverApplication.name}`,
+      "MIAU_PERM_B"
+    );
+  }
+  const miauApplication = { id: clientApplication.id, name: clientApplication.name };
+  const environment = miauClient.getEnvironment();
+  const miauMetadata = permission?.metadata?.[environment] || {};
+  return [miauApplication, miauMetadata];
+};
 var miauMiddleware = (miauClient, requestAugmentation, fallbackMiddleware) => {
   return async (req, res, next) => {
     try {
-      const token = req.headers.authorization?.split(" ").pop();
-      if (!token) {
-        throw new HttpError(400, "Invalid Token", "Token not provided");
-      }
-      const decodedToken = import_jsonwebtoken.default.decode(token, { complete: true });
-      if (!decodedToken) {
-        throw new HttpError(400, "Invalid Token", "Token could not be decoded");
-      }
-      if (!decodedToken.header?.kid) {
-        throw new HttpError(400, "Invalid Token", "Missing kid in token header");
-      }
-      if (decodedToken.payload.iss !== issuers["production"]) {
-        throw new HttpError(400, "Invalid Token", "Token issuer is invalid");
-      }
-      const publicKey = await miauClient.getPublicKey(decodedToken.header.kid);
-      const clientToken = import_jsonwebtoken.default.verify(token, publicKey, { algorithms: ["RS256"] });
-      if (!clientToken || !clientToken.application || !clientToken.secret || !clientToken.application.id || !clientToken.secret.id || !clientToken.secret.environment) {
-        throw new HttpError(400, "Invalid Token", "Token verification failed");
-      }
-      const { application, secret } = clientToken;
-      if (secret.environment != miauClient.getEnvironment()) {
-        throw new HttpError(
-          400,
-          "Invalid Environment",
-          `Secret environment ${secret.environment} does not match client environment ${miauClient.getEnvironment()}`
-        );
-      }
-      const resources = await miauClient.getResources();
-      if (!resources) {
-        throw new HttpError(401, "Unauthorized", "No resources found for this application");
-      }
-      const permission = await miauClient.getPermissions(application.id);
-      if (!permission) {
-        throw new HttpError(401, "Unauthorized", "No permissions found for this application");
-      }
-      const permittedResources = permission?.resources || [];
-      if (!permittedResources.length) {
-        throw new HttpError(403, "Forbidden", "No resources are permitted for this application");
-      }
-      const resource = { protocol: "http", method: req.method, path: req.path };
-      const isAllowed = isResourceAllowed(resource, resources, permittedResources);
-      if (!isAllowed) {
-        throw new HttpError(403, "Forbidden", `You do not have permission to access ${req.method} ${req.path}`);
-      }
-      req.miauApplication = { id: application.id, name: application.name };
-      const environment = miauClient.getEnvironment();
-      req.miauMetadata = permission?.metadata?.[environment] || {};
+      const token = req.headers.authorization?.split(" ").pop() ?? "";
+      const [miauApplication, miauMetadata] = await auth(token, req.method, req.path, miauClient);
+      req.miauApplication = miauApplication;
+      req.miauMetadata = miauMetadata;
       if (requestAugmentation) {
         requestAugmentation({ req, app: req.miauApplication, meta: req.miauMetadata });
       }
@@ -11980,6 +11994,28 @@ var miauMiddleware = (miauClient, requestAugmentation, fallbackMiddleware) => {
     }
   };
 };
+var miauHook = (miauClient, requestAugmentation, fallbackMiddleware) => {
+  return async (request, reply) => {
+    try {
+      const token = request.headers.authorization?.split(" ").pop() ?? "";
+      const path = request.routeOptions.url ?? "";
+      const [miauApplication, miauMetadata] = await auth(token, request.method, path, miauClient);
+      request.miauApplication = miauApplication;
+      request.miauMetadata = miauMetadata;
+      if (requestAugmentation) {
+        requestAugmentation({ req: request, app: request.miauApplication, meta: request.miauMetadata });
+      }
+    } catch (err) {
+      if (err instanceof HttpError && err.status == 400 && fallbackMiddleware) {
+        await fallbackMiddleware(request, reply);
+        return;
+      }
+      const errorStatus = err.status || 403;
+      reply.status(errorStatus).send({ error: err.name, message: err.message });
+      return;
+    }
+  };
+};
 // src/MiauClient.ts
 var requestsCache = /* @__PURE__ */ new Map();
@@ -12022,6 +12058,13 @@ var expiresHeaderToUnixtime = (expires) => {
 };
 var MiauClient = class {
   constructor(config) {
+    this.getTokenData = async () => {
+      const token = await this.getToken();
+      if (!token) {
+        throw new Error("Token is undefined");
+      }
+      return import_jsonwebtoken2.default.decode(token);
+    };
     this.getApiJwtUrl = () => {
       return `${this.config.apiUrl}/v1/jwt`;
     };
@@ -12081,6 +12124,9 @@ var MiauClient = class {
   middleware(config) {
     return miauMiddleware(this, config?.requestAugmentation, config?.fallbackMiddleware);
   }
+  hook(config) {
+    return miauHook(this, config?.requestAugmentation, config?.fallbackMiddleware);
+  }
   async getResources() {
     return cacheableFetch(this.getResourcesUrl(), {
       headers: { Authorization: `Basic ${this.basicAuthToken}` }
@@ -12091,6 +12137,9 @@ var MiauClient = class {
       headers: { Authorization: `Basic ${this.basicAuthToken}` }
     });
   }
+  async verify(token, publicKey) {
+    return import_jsonwebtoken2.default.verify(token, publicKey, { algorithms: ["RS256"] });
+  }
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {