npm - @fonoster/authz - Versions diffs - 0.8.24 → 0.8.26 - Mend

@fonoster/authz 0.8.24 → 0.8.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/{makeCheckMethodAuthorized.d.ts → createCheckMethodAuthorized.d.ts} +2 -2
package/dist/{makeCheckMethodAuthorized.js → createCheckMethodAuthorized.js} +26 -13
package/dist/index.d.ts +1 -1
package/dist/index.js +1 -1
package/dist/server/AuthzServer.js +6 -22
package/package.json +5 -5

package/dist/{makeCheckMethodAuthorized.d.ts → createCheckMethodAuthorized.d.ts} RENAMED Viewed

@@ -6,7 +6,7 @@ import { ServerInterceptingCall } from "@grpc/grpc-js";
  * @param {string} authzServer - The public key to validate the token
  * @return {Function} - The gRPC interceptor
  */
-declare function makeCheckMethodAuthorized(authzServer: string, methods: string[]): (methodDefinition: {
+declare function createCheckMethodAuthorized(authzServer: string, methods: string[]): (methodDefinition: {
     path: string;
 }, call: ServerInterceptingCall) => ServerInterceptingCall;
-export { makeCheckMethodAuthorized };
+export { createCheckMethodAuthorized };

package/dist/{makeCheckMethodAuthorized.js → createCheckMethodAuthorized.js} RENAMED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeCheckMethodAuthorized = makeCheckMethodAuthorized;
+exports.createCheckMethodAuthorized = createCheckMethodAuthorized;
 /*
  * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
  * http://github.com/fonoster/fonoster
@@ -23,7 +23,6 @@ const common_1 = require("@fonoster/common");
 const logger_1 = require("@fonoster/logger");
 const grpc_js_1 = require("@grpc/grpc-js");
 const AuthzClient_1 = require("./client/AuthzClient");
-const identity_1 = require("@fonoster/identity");
 const logger = (0, logger_1.getLogger)({ service: "authz", filePath: __filename });
 /**
  * This function is a gRPC interceptor that checks if the request a method is authorized
@@ -32,7 +31,7 @@ const logger = (0, logger_1.getLogger)({ service: "authz", filePath: __filename
  * @param {string} authzServer - The public key to validate the token
  * @return {Function} - The gRPC interceptor
  */
-function makeCheckMethodAuthorized(authzServer, methods) {
+function createCheckMethodAuthorized(authzServer, methods) {
     logger.verbose("creating check method authorized interceptor", {
         authzServer,
         methods
@@ -46,37 +45,51 @@ function makeCheckMethodAuthorized(authzServer, methods) {
      * @param {ServerInterceptingCall} call - The call object
      * @return {ServerInterceptingCall} - The modified call object
      */
-    return (methodDefinition, call) => {
+    return function checkMethodAuthorized(methodDefinition, call) {
         const { path: method } = methodDefinition;
         if (!methods.includes(method)) {
             // Ignore the check if the method is not in the list
             logger.silly("method is not in the list", { method });
             return call;
         }
-        logger.silly("checking if method is authorized", { method });
-        const accessKeyId = (0, identity_1.getAccessKeyIdFromCall)(call);
+        const accessKeyId = (0, common_1.getAccessKeyIdFromCall)(call);
+        logger.verbose("checking if method is authorized", { method, accessKeyId });
         return new grpc_js_1.ServerInterceptingCall(call, {
             start: async (next) => {
                 try {
-                    await authz.checkMethodAuthorized({
+                    const authorized = await authz.checkMethodAuthorized({
                         accessKeyId,
                         method
                     });
-                    logger.verbose("method authorized by external service", {
+                    logger.verbose("the status of the method authorization", {
                         method,
-                        accessKeyId
+                        accessKeyId,
+                        authorized
                     });
+                    if (!authorized) {
+                        logger.verbose("method unauthorized by external service", {
+                            method,
+                            accessKeyId
+                        });
+                        (0, common_1.createInterceptingCall)({
+                            call,
+                            code: grpc_js_1.status.PERMISSION_DENIED,
+                            details: `Method unauthorized`
+                        });
+                        return;
+                    }
                     next();
                 }
                 catch (error) {
-                    logger.verbose("method unauthorized by external service", {
+                    logger.error("error checking if method is authorized", {
                         method,
-                        accessKeyId
+                        accessKeyId,
+                        error
                     });
                     (0, common_1.createInterceptingCall)({
                         call,
-                        code: grpc_js_1.status.PERMISSION_DENIED,
-                        details: `Method '${method}' unauthorized by external service - accessKeyId ${accessKeyId}`
+                        code: grpc_js_1.status.INTERNAL,
+                        details: "Internal server error"
                     });
                 }
             }

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
 export * from "./server";
 export * from "./client";
-export * from "./makeCheckMethodAuthorized";
+export * from "./createCheckMethodAuthorized";
 export * from "./types";

package/dist/index.js CHANGED Viewed

@@ -34,5 +34,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
  */
 __exportStar(require("./server"), exports);
 __exportStar(require("./client"), exports);
-__exportStar(require("./makeCheckMethodAuthorized"), exports);
+__exportStar(require("./createCheckMethodAuthorized"), exports);
 __exportStar(require("./types"), exports);

package/dist/server/AuthzServer.js CHANGED Viewed

@@ -77,19 +77,11 @@ class AuthzServer {
                 checkSessionAuthorized: async (call, callback) => {
                     logger.verbose("checkSessionAuthorized called", call.request);
                     try {
-                        const isAuthorized = await handler.checkSessionAuthorized(call.request);
-                        if (isAuthorized) {
-                            callback(null, { authorized: true });
-                        }
-                        else {
-                            callback({
-                                code: grpc.status.PERMISSION_DENIED,
-                                message: "Session is not authorized."
-                            });
-                        }
+                        const authorized = await handler.checkSessionAuthorized(call.request);
+                        callback(null, { authorized });
                     }
                     catch (error) {
-                        logger.error("Error in checkSessionAuthorized:", error);
+                        logger.error("error in checkSessionAuthorized:", error);
                         callback({
                             code: grpc.status.INTERNAL,
                             message: "Internal server error."
@@ -99,19 +91,11 @@ class AuthzServer {
                 checkMethodAuthorized: async (call, callback) => {
                     logger.verbose("checkMethodAuthorized called", call.request);
                     try {
-                        const isAuthorized = await handler.checkMethodAuthorized(call.request);
-                        if (isAuthorized) {
-                            callback(null, { authorized: true });
-                        }
-                        else {
-                            callback({
-                                code: grpc.status.PERMISSION_DENIED,
-                                message: "Method is not authorized."
-                            });
-                        }
+                        const authorized = await handler.checkMethodAuthorized(call.request);
+                        callback(null, { authorized });
                     }
                     catch (error) {
-                        logger.error("Error in checkMethodAuthorized:", error);
+                        logger.error("error in checkMethodAuthorized:", error);
                         callback({
                             code: grpc.status.INTERNAL,
                             message: "Internal server error."

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fonoster/authz",
-  "version": "0.8.24",
+  "version": "0.8.26",
   "description": "Authorization module for Fonoster",
   "author": "Pedro Sanders <psanders@fonoster.com>",
   "homepage": "https://github.com/fonoster/fonoster#readme",
@@ -26,9 +26,9 @@
     "access": "public"
   },
   "dependencies": {
-    "@fonoster/common": "^0.8.24",
-    "@fonoster/identity": "^0.8.24",
-    "@fonoster/logger": "^0.8.24",
+    "@fonoster/common": "^0.8.26",
+    "@fonoster/identity": "^0.8.26",
+    "@fonoster/logger": "^0.8.26",
     "@grpc/grpc-js": "~1.10.6",
     "deepmerge": "^4.3.1",
     "grpc-health-check": "^2.0.2"
@@ -40,5 +40,5 @@
   "bugs": {
     "url": "https://github.com/fonoster/fonoster/issues"
   },
-  "gitHead": "45d0edd1dedf8cafd45d93d011b22c1c9f046414"
+  "gitHead": "f01e634eca9a94b3a276369e998c6e75f8b75284"
 }