@go-mailer/jarvis 5.0.0 → 5.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib/middlewares/auth.js +95 -96
  2. package/package.json +1 -1
package/lib/middlewares/auth.js CHANGED
@@ -2,99 +2,98 @@
2
2
  * User Authentication Middleware
3
3
  */
4
4
 
5
- const jwt = require("jsonwebtoken");
6
- const Env = require("../env");
7
- const Errors = require("./errors");
8
- const { ProcessLogger } = require("./logger");
9
- const { verifyAPIKey } = require("../clients/iam");
10
- const authLogger = new ProcessLogger("Authenticator");
11
-
12
- // helpers
13
- const extractToken = (headers) => {
14
- const { authorization } = headers;
15
- if (!authorization) throw new Error("Unauthorized");
16
-
17
- const [, token] = authorization.split(" ");
18
- if (!token) throw new Error("Unauthorized");
19
-
20
- return token;
21
- };
22
-
23
- const extractId = (request, key) => {
24
- const { params, query, body } = request;
25
- let id = { $exists: true };
26
- if (query[key]) id = query[key];
27
- if (params[key]) id = params[key];
28
- if (body[key]) id = body[key];
29
-
30
- return id;
31
- };
32
-
33
- // main
34
-
35
- const authenticateAdmin = async (request, response, next) => {
36
- const { is_admin } = request;
37
- if (!is_admin) return response.status(403).json(Errors.UNAUTHORIZED);
38
-
39
- next();
40
- };
41
-
42
- const authenticateBearerKey = async (request, response, next) => {
43
- try {
44
- const token = extractToken(request.headers);
45
- request.tenant_id = await verifyAPIKey(token);
46
- next();
47
- } catch (e) {
48
- authLogger.error(e, "authenticateBearerKey");
49
- return response.status(403).json(Errors.UNAUTHORIZED);
50
- }
51
- };
52
-
53
- const authenticateMembership = (tenant_id, memberships = []) => {
54
- const membership = memberships.find((mbrship) => Number(mbrship.tenant_id) === Number(tenant_id));
55
- if (!membership || membership.status !== "active") throw new Error('Unauthorized')
56
- return tenant_id
57
- };
58
-
59
- const authenticateParamKey = async (request, response, next) => {
60
- try {
61
- const { api_key: token } = request.params;
62
- request.tenant_id = await verifyAPIKey(token);
63
- next();
64
- } catch (e) {
65
- authLogger.error(e, "authenticateParamKey");
66
- return response.status(403).json(Errors.UNAUTHORIZED);
67
- }
68
- };
69
-
70
- const authenticateUser = async (request, response, next) => {
71
- try {
72
- // env vars
73
- const DEFAULT_TOKEN = Env.fetch("DEFAULT_TOKEN", true);
74
- const ISSUER = Env.fetch("JWT_ISSUER", true);
75
- const SECRET = Env.fetch("JWT_SECRET", true);
76
-
77
- const token = extractToken(request.headers);
78
- if (token === DEFAULT_TOKEN) {
79
- // inter-service requests
80
- request.is_service_request = true;
81
- // typically scope requests by tenant_id
82
- request.tenant_id = request.body.tenant_id || request.query.tenant_id || { $exists: true };
83
- request.user_id = request.body.user_id || request.query.user_id || { $exists: true };
84
- return next();
85
- }
86
-
87
- const { id: user_id, is_admin, memberships } = await jwt.verify(token, SECRET, { issuer: ISSUER });
88
- const tenant_id = extractId(request, "tenant_id");
89
- request.is_admin = !!is_admin;
90
- request.user_id = is_admin ? extractId(request, "user_id") : user_id;
91
- request.tenant_id = is_admin ? tenant_id : authenticateMembership(tenant_id, memberships);
92
-
93
- next();
94
- } catch (e) {
95
- authLogger.error(e, "authenticateUser");
96
- return response.status(403).json(Errors.UNAUTHORIZED);
97
- }
98
- };
99
-
100
- module.exports = { authenticateAdmin, authenticateBearerKey, authenticateParamKey, authenticateUser };
5
+ const jwt = require("jsonwebtoken");
6
+ const Env = require("../env");
7
+ const Errors = require("./errors");
8
+ const { ProcessLogger } = require("./logger");
9
+ const { verifyAPIKey } = require("../clients/iam");
10
+ const authLogger = new ProcessLogger("Authenticator");
11
+
12
+ // helpers
13
+ const extractToken = (headers) => {
14
+ const { authorization } = headers;
15
+ if (!authorization) throw new Error("Unauthorized");
16
+
17
+ const [, token] = authorization.split(" ");
18
+ if (!token) throw new Error("Unauthorized");
19
+
20
+ return token;
21
+ };
22
+
23
+ const extractId = (request, key) => {
24
+ const { params, query, body } = request;
25
+ let id = { $exists: true };
26
+ if (query[key]) id = query[key];
27
+ if (params[key]) id = params[key];
28
+ if (body[key]) id = body[key];
29
+
30
+ return id;
31
+ };
32
+
33
+ // main
34
+
35
+ const authenticateAdmin = async (request, response, next) => {
36
+ const { is_admin } = request;
37
+ if (!is_admin) return response.status(403).json(Errors.UNAUTHORIZED);
38
+
39
+ next();
40
+ };
41
+
42
+ const authenticateBearerKey = async (request, response, next) => {
43
+ try {
44
+ const token = extractToken(request.headers);
45
+ request.tenant_id = await verifyAPIKey(token);
46
+ next();
47
+ } catch (e) {
48
+ authLogger.error(e, "authenticateBearerKey");
49
+ return response.status(403).json(Errors.UNAUTHORIZED);
50
+ }
51
+ };
52
+
53
+ const authenticateParamKey = async (request, response, next) => {
54
+ try {
55
+ const { api_key: token } = request.params;
56
+ request.tenant_id = await verifyAPIKey(token);
57
+ next();
58
+ } catch (e) {
59
+ authLogger.error(e, "authenticateParamKey");
60
+ return response.status(403).json(Errors.UNAUTHORIZED);
61
+ }
62
+ };
63
+
64
+ const authenticateUser = async (request, response, next) => {
65
+ try {
66
+ // env vars
67
+ const DEFAULT_TOKEN = Env.fetch("DEFAULT_TOKEN", true);
68
+ const ISSUER = Env.fetch("JWT_ISSUER", true);
69
+ const SECRET = Env.fetch("JWT_SECRET", true);
70
+
71
+ const token = extractToken(request.headers);
72
+ if (token === DEFAULT_TOKEN) {
73
+ // inter-service requests
74
+ request.is_service_request = true;
75
+ // typically scope requests by tenant_id
76
+ request.tenant_id = request.body.tenant_id || request.query.tenant_id || { $exists: true };
77
+ request.user_id = request.body.user_id || request.query.user_id || { $exists: true };
78
+ return next();
79
+ }
80
+
81
+ const { id: user_id, is_admin, tenant_id } = await jwt.verify(token, SECRET, { issuer: ISSUER });
82
+ request.is_admin = !!is_admin;
83
+ request.user_id = is_admin ? extractId(request, "user_id") : user_id;
84
+ request.tenant_id = is_admin ? extractId(request, "tenant_id") : tenant_id;
85
+
86
+ next();
87
+ } catch (e) {
88
+ authLogger.error(e, "authenticateUser");
89
+ return response.status(403).json(Errors.UNAUTHORIZED);
90
+ }
91
+ };
92
+
93
+ module.exports = {
94
+ authenticateAdmin,
95
+ authenticateBearerKey,
96
+ authenticateParamKey,
97
+ authenticateUser,
98
+ };
99
+
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@go-mailer/jarvis",
3
- "version": "5.0.0",
3
+ "version": "5.0.2",
4
4
  "main": "index.js",
5
5
  "repository": "git@github.com:go-mailer-ltd/jarvis-node.git",
6
6
  "author": "Nathan Oguntuberu <nateoguns.work@gmail.com>",