npm - @go-mailer/jarvis - Versions diffs - 4.2.4 → 5.0.0 - Mend

@go-mailer/jarvis 4.2.4 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/middlewares/auth.js CHANGED Viewed

@@ -10,7 +10,7 @@ const { verifyAPIKey } = require("../clients/iam");
 const authLogger = new ProcessLogger("Authenticator");
 // helpers
-const extract_token = (headers) => {
+const extractToken = (headers) => {
   const { authorization } = headers;
   if (!authorization) throw new Error("Unauthorized");
@@ -20,43 +20,42 @@ const extract_token = (headers) => {
   return token;
 };
-const extract_tenant_id = (request) => {
-  const { params, query } = request
-  let tenant_id = { $exists: true }
-  if (query.tenant_id) tenant_id = query.tenant_id
-  if (params.tenant_id) tenant_id = params.tenant_id
-  return tenant_id
-}
+const extractId = (request, key) => {
+  const { params, query, body } = request;
+  let id = { $exists: true };
+  if (query[key]) id = query[key];
+  if (params[key]) id = params[key];
+  if (body[key]) id = body[key];
+  return id;
+};
 // main
-const authenticateUser = async (request, response, next) => {
-  try {
-    // env vars
-    const DEFAULT_TOKEN = Env.fetch("DEFAULT_TOKEN", true);
-    const ISSUER = Env.fetch("JWT_ISSUER", true);
-    const SECRET = Env.fetch("JWT_SECRET", true);
-    const token = extract_token(request.headers);
-    if (token === DEFAULT_TOKEN) {
-      // inter-service requests
-      request.is_service_request = true;
-      // typically scope requests by tenant_id
-      request.tenant_id = request.body.tenant_id || request.query.tenant_id || { $exists: true };
-      return next();
-    }
-    const { tenant_id, is_admin } = await jwt.verify(token, SECRET, { issuer: ISSUER });
-    request.is_admin = !!is_admin;
-    request.tenant_id = is_admin ? extract_tenant_id(request) : tenant_id;
+const authenticateAdmin = async (request, response, next) => {
+  const { is_admin } = request;
+  if (!is_admin) return response.status(403).json(Errors.UNAUTHORIZED);
+  next();
+};
+const authenticateBearerKey = async (request, response, next) => {
+  try {
+    const token = extractToken(request.headers);
+    request.tenant_id = await verifyAPIKey(token);
     next();
   } catch (e) {
-    authLogger.error(e, "authenticateUser");
+    authLogger.error(e, "authenticateBearerKey");
     return response.status(403).json(Errors.UNAUTHORIZED);
   }
 };
+const authenticateMembership = (tenant_id, memberships = []) => {
+  const membership = memberships.find((mbrship) => Number(mbrship.tenant_id) === Number(tenant_id));
+  if (!membership || membership.status !== "active") throw new Error('Unauthorized')
+  return tenant_id
+};
 const authenticateParamKey = async (request, response, next) => {
   try {
     const { api_key: token } = request.params;
@@ -68,15 +67,34 @@ const authenticateParamKey = async (request, response, next) => {
   }
 };
-const authenticateBearerKey = async (request, response, next) => {
+const authenticateUser = async (request, response, next) => {
   try {
-    const token = extract_token(request.headers);
-    request.tenant_id = await verifyAPIKey(token);
+    // env vars
+    const DEFAULT_TOKEN = Env.fetch("DEFAULT_TOKEN", true);
+    const ISSUER = Env.fetch("JWT_ISSUER", true);
+    const SECRET = Env.fetch("JWT_SECRET", true);
+    const token = extractToken(request.headers);
+    if (token === DEFAULT_TOKEN) {
+      // inter-service requests
+      request.is_service_request = true;
+      // typically scope requests by tenant_id
+      request.tenant_id = request.body.tenant_id || request.query.tenant_id || { $exists: true };
+      request.user_id = request.body.user_id || request.query.user_id || { $exists: true };
+      return next();
+    }
+    const { id: user_id, is_admin, memberships } = await jwt.verify(token, SECRET, { issuer: ISSUER });
+    const tenant_id = extractId(request, "tenant_id");
+    request.is_admin = !!is_admin;
+    request.user_id = is_admin ? extractId(request, "user_id") : user_id;
+    request.tenant_id = is_admin ? tenant_id : authenticateMembership(tenant_id, memberships);
     next();
   } catch (e) {
-    authLogger.error(e, "authenticateBearerKey");
+    authLogger.error(e, "authenticateUser");
     return response.status(403).json(Errors.UNAUTHORIZED);
   }
 };
-module.exports = { authenticateBearerKey, authenticateParamKey, authenticateUser };
+module.exports = { authenticateAdmin, authenticateBearerKey, authenticateParamKey, authenticateUser };

package/lib/query.js CHANGED Viewed

@@ -1,5 +1,5 @@
 const buildQuery = (options) => {
-  const sort_condition = options.sort_by ? buildSortOrderString(options.sort_by) : ''
+  const sort_condition = options.sort_by ? buildSortOrderString(options.sort_by) : {}
   const fields_to_return = options.return_only ? buildReturnFieldsString(options.return_only) : ''
   const count = options.count || false

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@go-mailer/jarvis",
-  "version": "4.2.4",
+  "version": "5.0.0",
   "main": "index.js",
   "repository": "git@github.com:go-mailer-ltd/jarvis-node.git",
   "author": "Nathan Oguntuberu <nateoguns.work@gmail.com>",