@go-mailer/jarvis 10.5.1 → 10.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/clients/iam.js +23 -1
- package/lib/middlewares/auth.js +19 -10
- package/package.json +1 -1
package/lib/clients/iam.js
CHANGED
|
@@ -32,6 +32,28 @@ const fetchTenants = async (query = '') => {
|
|
|
32
32
|
return { tenants, size: meta?.size || 0 }
|
|
33
33
|
}
|
|
34
34
|
|
|
35
|
+
const refreshToken = async (data = {}, query = '', tries = 0) => {
|
|
36
|
+
try {
|
|
37
|
+
const { data: response } = await axios.post(
|
|
38
|
+
`${IAM_URI}/guests/token/refresh?${query}`,
|
|
39
|
+
{ ...data },
|
|
40
|
+
{
|
|
41
|
+
headers: {
|
|
42
|
+
authorization: `Bearer ${DEFAULT_TOKEN}`
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
)
|
|
46
|
+
|
|
47
|
+
const { error, payload } = response
|
|
48
|
+
if (error) throw new Error(error)
|
|
49
|
+
|
|
50
|
+
return payload
|
|
51
|
+
} catch (e) {
|
|
52
|
+
if (tries < 3) return await refreshToken(data, query, tries + 1)
|
|
53
|
+
return null
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
|
|
35
57
|
const verifyAPIKey = async (key) => {
|
|
36
58
|
const { error, payload } = (
|
|
37
59
|
await axios.get(`${API_SERVICE_URI}/keys/verify/${key}`, {
|
|
@@ -68,4 +90,4 @@ const verifyFeatureFlag = async (flag_name, criteria = {}) => {
|
|
|
68
90
|
return payload.is_permitted
|
|
69
91
|
}
|
|
70
92
|
|
|
71
|
-
module.exports = { checkAuthority, fetchTenants, verifyAPIKey, verifyFeatureFlag }
|
|
93
|
+
module.exports = { checkAuthority, fetchTenants, refreshToken, verifyAPIKey, verifyFeatureFlag }
|
package/lib/middlewares/auth.js
CHANGED
|
@@ -10,8 +10,7 @@ const geoip = require('geoip-lite')
|
|
|
10
10
|
const Env = require('../env')
|
|
11
11
|
const Errors = require('./errors')
|
|
12
12
|
const { ProcessLogger } = require('./logger')
|
|
13
|
-
const {
|
|
14
|
-
const { localCache } = require('../redis/cache')
|
|
13
|
+
const { verifyAPIKey } = require('../clients/iam')
|
|
15
14
|
const authLogger = new ProcessLogger('Authenticator')
|
|
16
15
|
|
|
17
16
|
// helpers
|
|
@@ -98,10 +97,18 @@ const authenticateUser = async (request, response, next) => {
|
|
|
98
97
|
return next()
|
|
99
98
|
}
|
|
100
99
|
|
|
101
|
-
const {
|
|
100
|
+
const {
|
|
101
|
+
id: user_id,
|
|
102
|
+
is_admin,
|
|
103
|
+
tenant_id,
|
|
104
|
+
permissions,
|
|
105
|
+
permission_expires_at
|
|
106
|
+
} = await jwt.verify(token, SECRET, { issuer: ISSUER })
|
|
102
107
|
request.is_admin = !!is_admin
|
|
103
108
|
request.user_id = is_admin ? extractId(request, 'user_id') : user_id
|
|
104
109
|
request.tenant_id = is_admin ? extractId(request, 'tenant_id') : tenant_id
|
|
110
|
+
request.permissions = permissions
|
|
111
|
+
request.permission_expires_at = permission_expires_at
|
|
105
112
|
|
|
106
113
|
next()
|
|
107
114
|
} catch (e) {
|
|
@@ -113,15 +120,17 @@ const authenticateUser = async (request, response, next) => {
|
|
|
113
120
|
const authorizeUser = ({ action, resource }) => {
|
|
114
121
|
return async (request, response, next) => {
|
|
115
122
|
try {
|
|
116
|
-
const { is_admin, is_service_request,
|
|
123
|
+
const { is_admin, is_service_request, permissions, permission_expires_at } = request
|
|
117
124
|
if (is_admin || is_service_request) return next()
|
|
118
125
|
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
126
|
+
if (!permissions || !permission_expires_at) throw new Error('Unauthorized')
|
|
127
|
+
if (Date.now() > permission_expires_at) {
|
|
128
|
+
throw new Error('')
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
const is_superadmin = Object.keys(permissions)[0].includes('*')
|
|
132
|
+
const is_permitted = permissions[`${resource}:${action}`]
|
|
133
|
+
if (!is_superadmin && !is_permitted) {
|
|
125
134
|
throw new Error('Unauthorized')
|
|
126
135
|
}
|
|
127
136
|
|