@govish/shared-services 1.4.0 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/dist/middleware/authenticateDevice.d.ts +13 -2
- package/dist/middleware/authenticateDevice.js +551 -69
- package/dist/services/apiKeyService.d.ts +2 -1
- package/dist/services/apiKeyService.js +237 -45
- package/dist/services/auditService.d.ts +14 -2
- package/dist/services/auditService.js +289 -12
- package/package.json +7 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## Version 1.5.1
|
|
4
|
+
|
|
5
|
+
### Fixed
|
|
6
|
+
- **AuditService**: Fixed `microservice` field in audit logs to always use the receiving service name from `SERVER_NAME` environment variable instead of the API key's microservice. The `source_microservice` and `authenticated_microservice` fields now correctly contain the API key's microservice information.
|
|
7
|
+
|
|
8
|
+
---
|
|
9
|
+
|
|
3
10
|
## Version 1.4.0
|
|
4
11
|
|
|
5
12
|
### Changed
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { Request, Response, NextFunction } from 'express';
|
|
2
2
|
import { SharedServicesDependencies } from '../types/dependencies';
|
|
3
3
|
/**
|
|
4
|
-
* Middleware to authenticate either a device, an officer,
|
|
4
|
+
* Middleware to authenticate either a device, an officer, a microservice (via API key), or combinations thereof
|
|
5
5
|
* Checks JWT token and validates against Device or Officer table
|
|
6
6
|
* Also checks for API keys for microservice authentication
|
|
7
7
|
*
|
|
@@ -10,6 +10,17 @@ import { SharedServicesDependencies } from '../types/dependencies';
|
|
|
10
10
|
* - Device-Token: <device_jwt_token> (for device authentication)
|
|
11
11
|
* - Authorization: Bearer <user_jwt_token> (for officer/user authentication)
|
|
12
12
|
*
|
|
13
|
-
*
|
|
13
|
+
* Supports combined authentication:
|
|
14
|
+
* - API Key + Officer: X-API-Key + Authorization header (sets authType: 'api_key_and_officer')
|
|
15
|
+
* - Device + Officer: Device-Token + Authorization header (sets authType: 'both')
|
|
16
|
+
*
|
|
17
|
+
* Authentication Priority/Combination Logic:
|
|
18
|
+
* 1. API Key + Officer (if both headers present) -> authType: 'api_key_and_officer'
|
|
19
|
+
* 2. API Key only (if only X-API-Key present) -> authType: 'api_key'
|
|
20
|
+
* 3. Device + Officer (if both headers present) -> authType: 'both'
|
|
21
|
+
* 4. Device only (if only Device-Token present) -> authType: 'device'
|
|
22
|
+
* 5. Officer only (if only Authorization present) -> authType: 'officer'
|
|
23
|
+
*
|
|
24
|
+
* At least one authentication method must succeed for the request to proceed.
|
|
14
25
|
*/
|
|
15
26
|
export declare const createAuthenticateDeviceOrOfficer: (deps: SharedServicesDependencies) => (req: Request, res: Response, next: NextFunction) => Promise<void | Response<any, Record<string, any>>>;
|