@furystack/rest-service 4.1.12 → 5.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/dist/actions/index.js +6 -6
  2. package/dist/actions/index.js.map +1 -1
  3. package/dist/api-manager.js +2 -2
  4. package/dist/api-manager.js.map +1 -1
  5. package/dist/endpoint-generators/create-delete-endpoint.spec.js +1 -1
  6. package/dist/endpoint-generators/create-delete-endpoint.spec.js.map +1 -1
  7. package/dist/endpoint-generators/create-get-collection-endpoint.spec.js +1 -1
  8. package/dist/endpoint-generators/create-get-collection-endpoint.spec.js.map +1 -1
  9. package/dist/endpoint-generators/create-get-entity-endpoint.spec.js +1 -1
  10. package/dist/endpoint-generators/create-get-entity-endpoint.spec.js.map +1 -1
  11. package/dist/endpoint-generators/create-patch-endpoint.spec.js +1 -1
  12. package/dist/endpoint-generators/create-patch-endpoint.spec.js.map +1 -1
  13. package/dist/endpoint-generators/create-post-endpoint.spec.js +1 -1
  14. package/dist/endpoint-generators/create-post-endpoint.spec.js.map +1 -1
  15. package/dist/endpoint-generators/index.js +5 -5
  16. package/dist/endpoint-generators/index.js.map +1 -1
  17. package/dist/http-authentication-settings.d.ts +1 -4
  18. package/dist/http-authentication-settings.d.ts.map +1 -1
  19. package/dist/http-authentication-settings.js +1 -3
  20. package/dist/http-authentication-settings.js.map +1 -1
  21. package/dist/http-user-context.d.ts +7 -8
  22. package/dist/http-user-context.d.ts.map +1 -1
  23. package/dist/http-user-context.js +35 -28
  24. package/dist/http-user-context.js.map +1 -1
  25. package/dist/http-user-context.spec.d.ts.map +1 -1
  26. package/dist/http-user-context.spec.js +33 -26
  27. package/dist/http-user-context.spec.js.map +1 -1
  28. package/dist/incoming-message-extensions.js +1 -1
  29. package/dist/incoming-message-extensions.js.map +1 -1
  30. package/dist/index.js +15 -15
  31. package/dist/index.js.map +1 -1
  32. package/dist/models/index.js +2 -2
  33. package/dist/models/index.js.map +1 -1
  34. package/dist/rest-service.integration.spec.js +1 -1
  35. package/dist/rest-service.integration.spec.js.map +1 -1
  36. package/dist/schema-validator/index.js +2 -2
  37. package/dist/schema-validator/index.js.map +1 -1
  38. package/dist/schema-validator/schema-validator.js +2 -2
  39. package/dist/schema-validator/schema-validator.js.map +1 -1
  40. package/dist/server-manager.js +2 -2
  41. package/dist/server-manager.js.map +1 -1
  42. package/dist/server-response-extensions.js +1 -1
  43. package/dist/server-response-extensions.js.map +1 -1
  44. package/dist/utils.js +1 -1
  45. package/dist/validate.integration.spec.js +1 -1
  46. package/dist/validate.integration.spec.js.map +1 -1
  47. package/dist/validate.js.map +1 -1
  48. package/package.json +12 -12
  49. package/src/http-authentication-settings.ts +2 -5
  50. package/src/http-user-context.spec.ts +44 -26
  51. package/src/http-user-context.ts +33 -25
package/src/http-user-context.ts CHANGED
@@ -4,6 +4,7 @@ import { Injectable } from '@furystack/inject'
4
4
  import { v1 } from 'uuid'
5
5
  import { HttpAuthenticationSettings } from './http-authentication-settings'
6
6
  import { DefaultSession } from 'models/default-session'
7
+ import { PasswordAuthenticator, UnauthenticatedError } from '@furystack/security'
7
8
 
8
9
  /**
9
10
  * Injectable UserContext for FuryStack HTTP Api
@@ -14,6 +15,24 @@ export class HttpUserContext {
14
15
 
15
16
  public getSessionStore = () => this.authentication.getSessionStore(this.storeManager)
16
17
 
18
+ private getUserByName = async (userName: string) => {
19
+ const userStore = this.getUserStore()
20
+ const users = await userStore.find({ filter: { username: { $eq: userName } }, top: 2 })
21
+ if (users.length !== 1) {
22
+ throw new UnauthenticatedError()
23
+ }
24
+ return users[0]
25
+ }
26
+
27
+ private getSessionById = async (sessionId: string) => {
28
+ const sessionStore = this.getSessionStore()
29
+ const sessions = await sessionStore.find({ filter: { sessionId: { $eq: sessionId } }, top: 2 })
30
+ if (sessions.length !== 1) {
31
+ throw new UnauthenticatedError()
32
+ }
33
+ return sessions[0]
34
+ }
35
+
17
36
  private user?: User
18
37
 
19
38
  /**
@@ -54,21 +73,16 @@ export class HttpUserContext {
54
73
  * @returns the authenticated User
55
74
  */
56
75
  public async authenticateUser(userName: string, password: string) {
57
- const match =
58
- (password &&
59
- password.length &&
60
- (await this.getUserStore().find({
61
- filter: {
62
- username: { $eq: userName },
63
- password: { $eq: this.authentication.hashMethod(password) },
64
- },
65
- }))) ||
66
- []
67
- if (match.length === 1) {
68
- const { password: pw, ...user } = match[0]
69
- return user
76
+ const result = await this.authenticator.checkPasswordForUser(userName, password)
77
+
78
+ if (!result.isValid) {
79
+ throw new UnauthenticatedError()
80
+ }
81
+ const user = await this.getUserByName(userName)
82
+ if (!user) {
83
+ throw new UnauthenticatedError()
70
84
  }
71
- throw Error('Failed to authenticate.')
85
+ return user
72
86
  }
73
87
 
74
88
  public async getCurrentUser(request: IncomingMessage) {
@@ -108,23 +122,16 @@ export class HttpUserContext {
108
122
  // Cookie auth
109
123
  const sessionId = this.getSessionIdFromRequest(request)
110
124
  if (sessionId) {
111
- const [session] = await this.getSessionStore().find({ filter: { sessionId: { $eq: sessionId } }, top: 2 })
125
+ const session = await this.getSessionById(sessionId)
112
126
  if (session) {
113
- const userResult = await this.getUserStore().find({
114
- filter: {
115
- username: { $eq: session.username },
116
- },
117
- top: 2,
118
- })
119
- if (userResult.length === 1) {
120
- const { password, ...user } = userResult[0]
127
+ const user = await this.getUserByName(session.username)
128
+ if (user) {
121
129
  return user
122
130
  }
123
- throw Error('Inconsistent session result')
124
131
  }
125
132
  }
126
133
 
127
- throw Error('Failed to authenticate request')
134
+ throw new UnauthenticatedError()
128
135
  }
129
136
 
130
137
  /**
@@ -156,5 +163,6 @@ export class HttpUserContext {
156
163
  constructor(
157
164
  public readonly authentication: HttpAuthenticationSettings<User, DefaultSession>,
158
165
  private readonly storeManager: StoreManager,
166
+ private readonly authenticator: PasswordAuthenticator,
159
167
  ) {}
160
168
  }