@go-mailer/jarvis 4.2.5 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib/middlewares/auth.js +114 -86
  2. package/package.json +1 -1
package/lib/middlewares/auth.js CHANGED
@@ -2,89 +2,117 @@
2
2
  * User Authentication Middleware
3
3
  */
4
4
 
5
- const jwt = require("jsonwebtoken");
6
- const Env = require("../env");
7
- const Errors = require("./errors");
8
- const { ProcessLogger } = require("./logger");
9
- const { verifyAPIKey } = require("../clients/iam");
10
- const authLogger = new ProcessLogger("Authenticator");
11
-
12
- // helpers
13
- const extract_token = (headers) => {
14
- const { authorization } = headers;
15
- if (!authorization) throw new Error("Unauthorized");
16
-
17
- const [, token] = authorization.split(" ");
18
- if (!token) throw new Error("Unauthorized");
19
-
20
- return token;
21
- };
22
-
23
- const extract_tenant_id = (request) => {
24
- const { params, query } = request;
25
- let tenant_id = { $exists: true };
26
- if (query.tenant_id) tenant_id = query.tenant_id;
27
- if (params.tenant_id) tenant_id = params.tenant_id;
28
-
29
- return tenant_id;
30
- };
31
-
32
- // main
33
-
34
- const authenticateAdmin = async (request, response, next) => {
35
- const { is_admin } = request;
36
- if (!is_admin) return response.status(403).json(Errors.UNAUTHORIZED);
37
-
38
- next();
39
- };
40
-
41
- const authenticateBearerKey = async (request, response, next) => {
42
- try {
43
- const token = extract_token(request.headers);
44
- request.tenant_id = await verifyAPIKey(token);
45
- next();
46
- } catch (e) {
47
- authLogger.error(e, "authenticateBearerKey");
48
- return response.status(403).json(Errors.UNAUTHORIZED);
49
- }
50
- };
51
-
52
- const authenticateParamKey = async (request, response, next) => {
53
- try {
54
- const { api_key: token } = request.params;
55
- request.tenant_id = await verifyAPIKey(token);
56
- next();
57
- } catch (e) {
58
- authLogger.error(e, "authenticateParamKey");
59
- return response.status(403).json(Errors.UNAUTHORIZED);
60
- }
61
- };
62
-
63
- const authenticateUser = async (request, response, next) => {
64
- try {
65
- // env vars
66
- const DEFAULT_TOKEN = Env.fetch("DEFAULT_TOKEN", true);
67
- const ISSUER = Env.fetch("JWT_ISSUER", true);
68
- const SECRET = Env.fetch("JWT_SECRET", true);
69
-
70
- const token = extract_token(request.headers);
71
- if (token === DEFAULT_TOKEN) {
72
- // inter-service requests
73
- request.is_service_request = true;
74
- // typically scope requests by tenant_id
75
- request.tenant_id = request.body.tenant_id || request.query.tenant_id || { $exists: true };
76
- return next();
77
- }
78
-
79
- const { tenant_id, is_admin } = await jwt.verify(token, SECRET, { issuer: ISSUER });
80
- request.is_admin = !!is_admin;
81
- request.tenant_id = is_admin ? extract_tenant_id(request) : tenant_id;
82
-
83
- next();
84
- } catch (e) {
85
- authLogger.error(e, "authenticateUser");
86
- return response.status(403).json(Errors.UNAUTHORIZED);
87
- }
88
- };
89
-
90
- module.exports = { authenticateAdmin, authenticateBearerKey, authenticateParamKey, authenticateUser };
5
+ const jwt = require("jsonwebtoken");
6
+ const Env = require("../env");
7
+ const Errors = require("./errors");
8
+ const { ProcessLogger } = require("./logger");
9
+ const { verifyAPIKey } = require("../clients/iam");
10
+ const authLogger = new ProcessLogger("Authenticator");
11
+
12
+ // helpers
13
+ const extractToken = (headers) => {
14
+ const { authorization } = headers;
15
+ if (!authorization) throw new Error("Unauthorized");
16
+
17
+ const [, token] = authorization.split(" ");
18
+ if (!token) throw new Error("Unauthorized");
19
+
20
+ return token;
21
+ };
22
+
23
+ const extractId = (request, key) => {
24
+ const { params, query, body } = request;
25
+ let id = { $exists: true };
26
+ if (query[key]) id = query[key];
27
+ if (params[key]) id = params[key];
28
+ if (body[key]) id = body[key];
29
+
30
+ return id;
31
+ };
32
+
33
+ // main
34
+
35
+ const authenticateAdmin = async (request, response, next) => {
36
+ const { is_admin } = request;
37
+ if (!is_admin) return response.status(403).json(Errors.UNAUTHORIZED);
38
+
39
+ next();
40
+ };
41
+
42
+ const authenticateBearerKey = async (request, response, next) => {
43
+ try {
44
+ const token = extractToken(request.headers);
45
+ request.tenant_id = await verifyAPIKey(token);
46
+ next();
47
+ } catch (e) {
48
+ authLogger.error(e, "authenticateBearerKey");
49
+ return response.status(403).json(Errors.UNAUTHORIZED);
50
+ }
51
+ };
52
+
53
+ const authenticateMembership = (tenant_id, memberships = []) => {
54
+ const membership = memberships.find((mbrship) => Number(mbrship.tenant_id) === Number(tenant_id));
55
+ if (!membership || membership.status !== "active") throw new Error("Unauthorized");
56
+ return tenant_id;
57
+ };
58
+
59
+ const authenticateParamKey = async (request, response, next) => {
60
+ try {
61
+ const { api_key: token } = request.params;
62
+ request.tenant_id = await verifyAPIKey(token);
63
+ next();
64
+ } catch (e) {
65
+ authLogger.error(e, "authenticateParamKey");
66
+ return response.status(403).json(Errors.UNAUTHORIZED);
67
+ }
68
+ };
69
+
70
+ const authenticateTenant = async (request, response, next) => {
71
+ try {
72
+ const tenant_id = extractId(request, "tenant_id");
73
+ request.tenant_id = request.is_admin ? tenant_id : authenticateMembership(tenant_id, request.memberships || []);
74
+
75
+ next();
76
+ } catch (e) {
77
+ authLogger.error(e, "authenticateUser");
78
+ return response.status(403).json(Errors.UNAUTHORIZED);
79
+ }
80
+ };
81
+
82
+ const authenticateUser = async (request, response, next) => {
83
+ try {
84
+ // env vars
85
+ const DEFAULT_TOKEN = Env.fetch("DEFAULT_TOKEN", true);
86
+ const ISSUER = Env.fetch("JWT_ISSUER", true);
87
+ const SECRET = Env.fetch("JWT_SECRET", true);
88
+
89
+ const token = extractToken(request.headers);
90
+ if (token === DEFAULT_TOKEN) {
91
+ // inter-service requests
92
+ request.is_service_request = true;
93
+ // typically scope requests by tenant_id
94
+ request.tenant_id = request.body.tenant_id || request.query.tenant_id || { $exists: true };
95
+ request.user_id = request.body.user_id || request.query.user_id || { $exists: true };
96
+ return next();
97
+ }
98
+
99
+ const { id: user_id, is_admin, memberships } = await jwt.verify(token, SECRET, { issuer: ISSUER });
100
+ request.is_admin = !!is_admin;
101
+ request.user_id = is_admin ? extractId(request, "user_id") : user_id;
102
+ request.memberships = memberships;
103
+
104
+ next();
105
+ } catch (e) {
106
+ authLogger.error(e, "authenticateUser");
107
+ return response.status(403).json(Errors.UNAUTHORIZED);
108
+ }
109
+ };
110
+
111
+ module.exports = {
112
+ authenticateAdmin,
113
+ authenticateBearerKey,
114
+ authenticateParamKey,
115
+ authenticateTenant,
116
+ authenticateUser,
117
+ };
118
+
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@go-mailer/jarvis",
3
- "version": "4.2.5",
3
+ "version": "5.0.1",
4
4
  "main": "index.js",
5
5
  "repository": "git@github.com:go-mailer-ltd/jarvis-node.git",
6
6
  "author": "Nathan Oguntuberu <nateoguns.work@gmail.com>",