@eduzz/miau-client 1.2.1 → 1.3.0

package/.turbo/turbo-build$colon$types.log

@@ -1,4 +1,4 @@
 
-> @eduzz/miau-client@1.2.1 build:types /home/runner/work/eduzz-miau/eduzz-miau/packages/client
+> @eduzz/miau-client@1.3.0 build:types /home/runner/work/eduzz-miau/eduzz-miau/packages/client
 > tsc --emitDeclarationOnly --outDir dist
 

package/dist/MiauClient.d.ts

@@ -1,4 +1,5 @@
-import { type RequestHandler } from 'express';
+import { type Request, type RequestHandler } from 'express';
+import { type FastifyReply, type FastifyRequest } from 'fastify';
 import { type SecretEnv, type Permission, type Resource, type MiauClientToken } from '@eduzz/miau-types';
 import { type RequestAugmentation } from './middleware';
 type MiauClientConfig = {
@@ -16,9 +17,13 @@ export declare class MiauClient {
     getToken(): Promise<string | undefined>;
     getTokenData: () => Promise<MiauClientToken>;
     middleware<T = Record<string, string>>(config?: {
-        requestAugmentation?: RequestAugmentation<T>;
+        requestAugmentation?: RequestAugmentation<T, Request>;
         fallbackMiddleware?: RequestHandler;
     }): RequestHandler;
+    hook<T = Record<string, string>>(config?: {
+        requestAugmentation?: RequestAugmentation<T, FastifyRequest>;
+        fallbackMiddleware?: (request: FastifyRequest, reply: FastifyReply) => void;
+    }): (request: FastifyRequest, reply: FastifyReply) => void;
     getResources(): Promise<Resource[]>;
     getPermissions(targetAppId: string): Promise<Permission>;
     verify(token: string, publicKey: string): Promise<MiauClientToken>;

package/dist/index.js

@@ -11816,9 +11816,7 @@ var expirationOptions = {
   "Twelve hours": "twelveHours",
   "One day": "oneDay",
   "One week": "sevenDays",
-  "One month": "oneMonth",
-  "Six months": "sixMonths",
-  "One year": "oneYear"
+  "One month": "oneMonth"
 };
 var expirationOptionsValues = Object.values(expirationOptions);
 var conversionMap = {
@@ -11916,66 +11914,72 @@ var HttpError = class _HttpError extends Error {
     Object.setPrototypeOf(this, _HttpError.prototype);
   }
 };
+var auth = async (token, method, path, miauClient) => {
+  if (!token) {
+    throw new HttpError(400, "Invalid Token", "Token not provided", "MIAU_TKN_A");
+  }
+  const decodedToken = import_jsonwebtoken.default.decode(token, { complete: true });
+  if (!decodedToken) {
+    throw new HttpError(400, "Invalid Token", "Token could not be decoded", "MIAU_TKN_B");
+  }
+  if (!decodedToken.header?.kid) {
+    throw new HttpError(400, "Invalid Token", "Missing kid in token header", "MIAU_TKN_C");
+  }
+  if (decodedToken.payload.iss !== issuers["production"]) {
+    throw new HttpError(400, "Invalid Token", "Token issuer is invalid", "MIAU_TKN_D");
+  }
+  const publicKey = await miauClient.getPublicKey(decodedToken.header.kid);
+  const clientTokenData = await miauClient.verify(token, publicKey);
+  const serverTokenData = await miauClient.getTokenData();
+  if (!clientTokenData || !clientTokenData.application || !clientTokenData.secret || !clientTokenData.application.id || !clientTokenData.secret.id || !clientTokenData.secret.environment) {
+    throw new HttpError(401, "Invalid Token", "Token invalid or expired", "MIAU_TKN_E");
+  }
+  const { application: clientApplication, secret: clientSecret } = clientTokenData;
+  const { application: serverApplication, secret: serverSecret } = serverTokenData;
+  if (clientSecret.environment != serverSecret.environment) {
+    throw new HttpError(
+      401,
+      "Invalid Environment",
+      `Secret environment ${clientSecret.environment} does not match Server environment ${serverSecret.environment}`,
+      "MIAU_ENV_A"
+    );
+  }
+  const resources = await miauClient.getResources();
+  if (!resources) {
+    throw new HttpError(401, "Unauthorized", `No resources configured in ${serverApplication.name}`, "MIAU_RES_A");
+  }
+  const permission = await miauClient.getPermissions(clientApplication.id);
+  if (!permission) {
+    throw new HttpError(
+      401,
+      "Unauthorized",
+      `No permissions found for ${clientApplication.name} in ${serverApplication.name}`,
+      "MIAU_PERM_A"
+    );
+  }
+  const permittedResources = permission?.resources || [];
+  const resource = { protocol: "http", method, path };
+  const isAllowed = isResourceAllowed(resource, resources, permittedResources);
+  if (!isAllowed) {
+    throw new HttpError(
+      403,
+      "Forbidden",
+      `${clientApplication.name} does not have permission to ${method} ${path} on ${serverApplication.name}`,
+      "MIAU_PERM_B"
+    );
+  }
+  const miauApplication = { id: clientApplication.id, name: clientApplication.name };
+  const environment = miauClient.getEnvironment();
+  const miauMetadata = permission?.metadata?.[environment] || {};
+  return [miauApplication, miauMetadata];
+};
 var miauMiddleware = (miauClient, requestAugmentation, fallbackMiddleware) => {
   return async (req, res, next) => {
     try {
-      const token = req.headers.authorization?.split(" ").pop();
-      if (!token) {
-        throw new HttpError(400, "Invalid Token", "Token not provided", "MIAU_TKN_A");
-      }
-      const decodedToken = import_jsonwebtoken.default.decode(token, { complete: true });
-      if (!decodedToken) {
-        throw new HttpError(400, "Invalid Token", "Token could not be decoded", "MIAU_TKN_B");
-      }
-      if (!decodedToken.header?.kid) {
-        throw new HttpError(400, "Invalid Token", "Missing kid in token header", "MIAU_TKN_C");
-      }
-      if (decodedToken.payload.iss !== issuers["production"]) {
-        throw new HttpError(400, "Invalid Token", "Token issuer is invalid", "MIAU_TKN_D");
-      }
-      const publicKey = await miauClient.getPublicKey(decodedToken.header.kid);
-      const clientTokenData = await miauClient.verify(token, publicKey);
-      const serverTokenData = await miauClient.getTokenData();
-      if (!clientTokenData || !clientTokenData.application || !clientTokenData.secret || !clientTokenData.application.id || !clientTokenData.secret.id || !clientTokenData.secret.environment) {
-        throw new HttpError(401, "Invalid Token", "Token invalid or expired", "MIAU_TKN_E");
-      }
-      const { application: clientApplication, secret: clientSecret } = clientTokenData;
-      const { application: serverApplication, secret: serverSecret } = serverTokenData;
-      if (clientSecret.environment != serverSecret.environment) {
-        throw new HttpError(
-          401,
-          "Invalid Environment",
-          `Secret environment ${clientSecret.environment} does not match Server environment ${serverSecret.environment}`,
-          "MIAU_ENV_A"
-        );
-      }
-      const resources = await miauClient.getResources();
-      if (!resources) {
-        throw new HttpError(401, "Unauthorized", `No resources configured in ${serverApplication.name}`, "MIAU_RES_A");
-      }
-      const permission = await miauClient.getPermissions(clientApplication.id);
-      if (!permission) {
-        throw new HttpError(
-          401,
-          "Unauthorized",
-          `No permissions found for ${clientApplication.name} in ${serverApplication.name}`,
-          "MIAU_PERM_A"
-        );
-      }
-      const permittedResources = permission?.resources || [];
-      const resource = { protocol: "http", method: req.method, path: req.path };
-      const isAllowed = isResourceAllowed(resource, resources, permittedResources);
-      if (!isAllowed) {
-        throw new HttpError(
-          403,
-          "Forbidden",
-          `${clientApplication.name} does not have permission to ${req.method} ${req.path} on ${serverApplication.name}`,
-          "MIAU_PERM_B"
-        );
-      }
-      req.miauApplication = { id: clientApplication.id, name: clientApplication.name };
-      const environment = miauClient.getEnvironment();
-      req.miauMetadata = permission?.metadata?.[environment] || {};
+      const token = req.headers.authorization?.split(" ").pop() ?? "";
+      const [miauApplication, miauMetadata] = await auth(token, req.method, req.path, miauClient);
+      req.miauApplication = miauApplication;
+      req.miauMetadata = miauMetadata;
       if (requestAugmentation) {
         requestAugmentation({ req, app: req.miauApplication, meta: req.miauMetadata });
       }
@@ -11990,6 +11994,28 @@ var miauMiddleware = (miauClient, requestAugmentation, fallbackMiddleware) => {
     }
   };
 };
+var miauHook = (miauClient, requestAugmentation, fallbackMiddleware) => {
+  return async (request, reply) => {
+    try {
+      const token = request.headers.authorization?.split(" ").pop() ?? "";
+      const path = request.routeOptions.url ?? "";
+      const [miauApplication, miauMetadata] = await auth(token, request.method, path, miauClient);
+      request.miauApplication = miauApplication;
+      request.miauMetadata = miauMetadata;
+      if (requestAugmentation) {
+        requestAugmentation({ req: request, app: request.miauApplication, meta: request.miauMetadata });
+      }
+    } catch (err) {
+      if (err instanceof HttpError && err.status == 400 && fallbackMiddleware) {
+        await fallbackMiddleware(request, reply);
+        return;
+      }
+      const errorStatus = err.status || 403;
+      reply.status(errorStatus).send({ error: err.name, message: err.message });
+      return;
+    }
+  };
+};
 
 // src/MiauClient.ts
 var requestsCache = /* @__PURE__ */ new Map();
@@ -12098,6 +12124,9 @@ var MiauClient = class {
   middleware(config) {
     return miauMiddleware(this, config?.requestAugmentation, config?.fallbackMiddleware);
   }
+  hook(config) {
+    return miauHook(this, config?.requestAugmentation, config?.fallbackMiddleware);
+  }
   async getResources() {
     return cacheableFetch(this.getResourcesUrl(), {
       headers: { Authorization: `Basic ${this.basicAuthToken}` }