@govish/shared-services 1.3.0 → 1.5.1

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## Version 1.5.1
+
+### Fixed
+- **AuditService**: Fixed `microservice` field in audit logs to always use the receiving service name from `SERVER_NAME` environment variable instead of the API key's microservice. The `source_microservice` and `authenticated_microservice` fields now correctly contain the API key's microservice information.
+
+---
+
+## Version 1.4.0
+
+### Changed
+- **StationDutyBlockCacheService**: Fetching data only (read-only). Get methods: `getBlocks`, `getBlocksByStationId`, `getBlock`, `getSectors`, `getSector`. App remains responsible for storing and invalidating cache.
+
+---
+
 ## Version 1.3.0
 
 ### Added

package/README.md

@@ -29,7 +29,7 @@ const authenticateDeviceOrOfficer = createAuthenticateDeviceOrOfficer(dependenci
 - **PenalCodeCacheService**: Redis-based caching service for penal codes
 - **DeviceCacheService**: Redis-based caching service for devices with indexing
 - **StationCacheService**: Redis-based caching service for police stations (JSON list, set of IDs, and per-station hashes)
-- **StationDutyBlockCacheService**: Read-only cache for station-duty blocks and sectors (`getBlocks`, `getBlocksByStationId`, `getBlock`, `getSectors`, `getSector`)
+- **StationDutyBlockCacheService**: Read-only cache for station-duty blocks and sectors — fetch only (`getBlocks`, `getBlocksByStationId`, `getBlock`, `getSectors`, `getSector`)
 - **RankLeaveDaysCacheService**: Read-only cache for rank leave days (`getLeaveDays`, `getLeaveDay`)
 - **ApiKeyService**: Service for managing and validating API keys with Redis caching
 - **AuditService**: Service for logging audit events to Kafka with comprehensive event tracking

package/dist/middleware/authenticateDevice.d.ts

@@ -1,7 +1,7 @@
 import { Request, Response, NextFunction } from 'express';
 import { SharedServicesDependencies } from '../types/dependencies';
 /**
- * Middleware to authenticate either a device, an officer, or a microservice (via API key)
+ * Middleware to authenticate either a device, an officer, a microservice (via API key), or combinations thereof
  * Checks JWT token and validates against Device or Officer table
  * Also checks for API keys for microservice authentication
  *
@@ -10,6 +10,17 @@ import { SharedServicesDependencies } from '../types/dependencies';
  * - Device-Token: <device_jwt_token> (for device authentication)
  * - Authorization: Bearer <user_jwt_token> (for officer/user authentication)
  *
- * Priority: API Key > Device Token > Authorization Token
+ * Supports combined authentication:
+ * - API Key + Officer: X-API-Key + Authorization header (sets authType: 'api_key_and_officer')
+ * - Device + Officer: Device-Token + Authorization header (sets authType: 'both')
+ *
+ * Authentication Priority/Combination Logic:
+ * 1. API Key + Officer (if both headers present) -> authType: 'api_key_and_officer'
+ * 2. API Key only (if only X-API-Key present) -> authType: 'api_key'
+ * 3. Device + Officer (if both headers present) -> authType: 'both'
+ * 4. Device only (if only Device-Token present) -> authType: 'device'
+ * 5. Officer only (if only Authorization present) -> authType: 'officer'
+ *
+ * At least one authentication method must succeed for the request to proceed.
  */
 export declare const createAuthenticateDeviceOrOfficer: (deps: SharedServicesDependencies) => (req: Request, res: Response, next: NextFunction) => Promise<void | Response<any, Record<string, any>>>;