@gravity-ui/gateway 4.7.2 → 4.8.0

package/README.md

@@ -455,17 +455,41 @@ const config = {
 };
 ```
 
-You can also define service-specific authentication by adding a `getAuthHeaders` function to individual actions:
+You can define authentication at three levels:
+|
+
+1. **Gateway level** (global) - as shown above
+2. **Service level** - by adding authentication methods to the service definition
+3. **Action level** (most specific) - by adding authentication methods to individual actions
+   |
+   The authentication methods are checked in the following order: action > service > gateway.
+   |
+   **Service-level authentication:**
+   |
 
 ```javascript
 const schema = {
   userService: {
     serviceName: 'users',
     endpoints: {...},
+    // Service-level authentication
+    getAuthHeaders: (params) => ({
+      'X-User-Service-Auth': params.token,
+    }),
+    getAuthArgs: (req, res) => ({
+      token: req.authorization.token,
+      serviceSpecificData: req.headers['x-service-data'],
+    }),
     actions: {
       getProfile: {
         path: () => '/profile',
         method: 'GET',
+        // Uses service-level authentication
+      },
+      updateProfile: {
+        path: () => '/profile',
+        method: 'PUT',
+        // Action-level authentication (overrides service-level)
         getAuthHeaders: (params) => ({
           'X-Special-Auth': params.token,
         }),

package/build/components/grpc.d.ts

@@ -1,7 +1,7 @@
 import * as grpc from '@grpc/grpc-js';
 import * as protobufjs from 'protobufjs';
 import type * as descriptor from 'protobufjs/ext/descriptor';
-import { ApiActionConfig, ApiServiceGrpcActionConfig, EndpointsConfig, GatewayApiOptions } from '../models/common';
+import { ApiActionConfig, ApiServiceGrpcActionConfig, BaseSchema, EndpointsConfig, GatewayApiOptions } from '../models/common';
 import { GatewayContext } from '../models/context';
 import { AppErrorConstructor } from '../models/error';
 declare module 'protobufjs' {
@@ -20,5 +20,5 @@ export interface GrpcContext {
 }
 export declare function createRoot(includeGrpcPaths?: string[]): protobufjs.Root;
 export declare function getCredentialsMap(caCertificatePath?: string | null): CredentialsMap;
-export default function createGrpcAction<Context extends GatewayContext>({ root, credentials }: GrpcContext, endpoints: EndpointsConfig | undefined, config: ApiServiceGrpcActionConfig<Context, any, any>, serviceKey: string, actionName: string, options: GatewayApiOptions<Context>, ErrorConstructor: AppErrorConstructor): (actionConfig: ApiActionConfig<Context, any, any>) => Promise<import("../models/common").GatewayActionClientStreamResponse<any> | import("../models/common").GatewayActionServerStreamResponse<any> | import("../models/common").GatewayActionDuplexStreamResponse<any> | import("../models/common").GatewayActionUnaryResponse<any>>;
+export default function createGrpcAction<Context extends GatewayContext>({ root, credentials }: GrpcContext, endpoints: EndpointsConfig | undefined, config: ApiServiceGrpcActionConfig<Context, any, any>, serviceKey: string, actionName: string, options: GatewayApiOptions<Context>, ErrorConstructor: AppErrorConstructor, serviceSchema?: Pick<BaseSchema[string], 'getAuthHeaders'>): (actionConfig: ApiActionConfig<Context, any, any>) => Promise<import("../models/common").GatewayActionClientStreamResponse<any> | import("../models/common").GatewayActionServerStreamResponse<any> | import("../models/common").GatewayActionDuplexStreamResponse<any> | import("../models/common").GatewayActionUnaryResponse<any>>;
 export {};

package/build/components/grpc.js

@@ -86,8 +86,8 @@ function decodeResponse(response, packageRoot, ctx, encodedFields = [], ErrorCon
         }
     });
 }
-function createMetadata({ options, actionConfig, config, params, serviceName, proxyHeadersCaller, ctx, }) {
-    var _a;
+function createMetadata({ options, actionConfig, config, params, serviceName, proxyHeadersCaller, ctx, serviceSchema, }) {
+    var _a, _b;
     const { headers, requestId, authArgs } = actionConfig;
     const proxyHeaders = [...constants_1.DEFAULT_PROXY_HEADERS];
     let metadata = {
@@ -111,7 +111,7 @@ function createMetadata({ options, actionConfig, config, params, serviceName, pr
             metadata[headerName] = headers[headerName];
         }
     }
-    const authHeaders = ((_a = config.getAuthHeaders) !== null && _a !== void 0 ? _a : options.getAuthHeaders)({
+    const authHeaders = ((_b = (_a = config.getAuthHeaders) !== null && _a !== void 0 ? _a : serviceSchema === null || serviceSchema === void 0 ? void 0 : serviceSchema.getAuthHeaders) !== null && _b !== void 0 ? _b : options.getAuthHeaders)({
         actionType: 'grpc',
         serviceName,
         requestHeaders: headers,
@@ -333,7 +333,7 @@ function createServiceOptions(timeout) {
         deadline: Date.now() + timeout,
     };
 }
-function createGrpcAction({ root, credentials }, endpoints, config, serviceKey, actionName, options, ErrorConstructor) {
+function createGrpcAction({ root, credentials }, endpoints, config, serviceKey, actionName, options, ErrorConstructor, serviceSchema) {
     const serviceName = (options === null || options === void 0 ? void 0 : options.serviceName) || serviceKey;
     let getService;
     let recreateService;
@@ -520,6 +520,7 @@ function createGrpcAction({ root, credentials }, endpoints, config, serviceKey,
                 serviceName,
                 proxyHeadersCaller,
                 ctx,
+                serviceSchema,
             });
             if (!service[action]) {
                 reject(new parse_error_1.GrpcError('Not found action', {

package/build/components/rest.d.ts

@@ -1,7 +1,7 @@
-import { ApiActionConfig, ApiServiceRestActionConfig, EndpointsConfig, GatewayApiOptions, Headers } from '../models/common';
+import { ApiActionConfig, ApiServiceRestActionConfig, BaseSchema, EndpointsConfig, GatewayApiOptions, Headers } from '../models/common';
 import { GatewayContext } from '../models/context';
 import { AppErrorConstructor } from '../models/error';
-export default function createRestAction<Context extends GatewayContext>(endpoints: EndpointsConfig | undefined, config: ApiServiceRestActionConfig<Context, any, any>, serviceKey: string, actionName: string, options: GatewayApiOptions<Context>, ErrorConstructor: AppErrorConstructor): (actionConfig: ApiActionConfig<Context, any>) => Promise<{
+export default function createRestAction<Context extends GatewayContext>(endpoints: EndpointsConfig | undefined, config: ApiServiceRestActionConfig<Context, any, any>, serviceKey: string, actionName: string, options: GatewayApiOptions<Context>, ErrorConstructor: AppErrorConstructor, serviceSchema?: Pick<BaseSchema[string], 'getAuthHeaders'>): (actionConfig: ApiActionConfig<Context, any>) => Promise<{
     responseData: unknown;
     responseHeaders?: Headers | undefined;
     debugHeaders: Headers;

package/build/components/rest.js

@@ -33,13 +33,13 @@ function getConfigSerializerFunction(config) {
     }
     return undefined;
 }
-function createRestAction(endpoints, config, serviceKey, actionName, options, ErrorConstructor) {
+function createRestAction(endpoints, config, serviceKey, actionName, options, ErrorConstructor, serviceSchema) {
     var _a, _b, _c, _d;
     const timeout = (_c = (_a = config === null || config === void 0 ? void 0 : config.timeout) !== null && _a !== void 0 ? _a : (_b = options === null || options === void 0 ? void 0 : options.axiosConfig) === null || _b === void 0 ? void 0 : _b.timeout) !== null && _c !== void 0 ? _c : options === null || options === void 0 ? void 0 : options.timeout;
     const defaultAxiosClient = (0, axios_1.getAxiosClient)(timeout, config === null || config === void 0 ? void 0 : config.retries, (_d = config === null || config === void 0 ? void 0 : config.axiosRetryCondition) !== null && _d !== void 0 ? _d : options === null || options === void 0 ? void 0 : options.axiosRetryCondition, options === null || options === void 0 ? void 0 : options.axiosConfig, options === null || options === void 0 ? void 0 : options.axiosInterceptors);
     /* eslint-disable complexity */
     return async function action(actionConfig) {
-        var _a, _b, _c, _d, _e, _f, _g, _h;
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j;
         const { args, requestId, headers: requestHeaders, ctx: parentCtx, authArgs, userId, abortSignal, } = actionConfig;
         const debugHeaders = {};
         const lang = requestHeaders[constants_1.DEFAULT_LANG_HEADER] || constants_1.Lang.Ru; // header might be empty string
@@ -142,7 +142,7 @@ function createRestAction(endpoints, config, serviceKey, actionName, options, Er
         if (idempotency) {
             actionHeaders['idempotency-key'] = requestHeaders['idempotency-key'] || (0, uuid_1.v4)();
         }
-        const authHeaders = ((_b = config.getAuthHeaders) !== null && _b !== void 0 ? _b : options.getAuthHeaders)({
+        const authHeaders = ((_c = (_b = config.getAuthHeaders) !== null && _b !== void 0 ? _b : serviceSchema === null || serviceSchema === void 0 ? void 0 : serviceSchema.getAuthHeaders) !== null && _c !== void 0 ? _c : options.getAuthHeaders)({
             actionType: 'rest',
             serviceName,
             requestHeaders,
@@ -202,7 +202,7 @@ function createRestAction(endpoints, config, serviceKey, actionName, options, Er
         }
         const startRequestTime = Date.now();
         let axiosClient = defaultAxiosClient;
-        const customActionTimeout = (_e = (_d = (_c = actionConfig.timeout) !== null && _c !== void 0 ? _c : config.timeout) !== null && _d !== void 0 ? _d : endpointAxiosConfig === null || endpointAxiosConfig === void 0 ? void 0 : endpointAxiosConfig.timeout) !== null && _e !== void 0 ? _e : timeout;
+        const customActionTimeout = (_f = (_e = (_d = actionConfig.timeout) !== null && _d !== void 0 ? _d : config.timeout) !== null && _e !== void 0 ? _e : endpointAxiosConfig === null || endpointAxiosConfig === void 0 ? void 0 : endpointAxiosConfig.timeout) !== null && _f !== void 0 ? _f : timeout;
         if (actionConfig.timeout || endpointAxiosConfig) {
             const customActionAxiosConfig = Object.assign(Object.assign({}, ((options === null || options === void 0 ? void 0 : options.axiosConfig) || {})), (endpointAxiosConfig || {}));
             axiosClient = (0, axios_1.getAxiosClient)(customActionTimeout, config === null || config === void 0 ? void 0 : config.retries, options.axiosRetryCondition, customActionAxiosConfig, options === null || options === void 0 ? void 0 : options.axiosInterceptors);
@@ -216,7 +216,7 @@ function createRestAction(endpoints, config, serviceKey, actionName, options, Er
             requestId,
             requestMethod: config.method,
             requestUrl: actionURL,
-            traceId: ((_f = ctx.getTraceId) === null || _f === void 0 ? void 0 : _f.call(ctx)) || '',
+            traceId: ((_g = ctx.getTraceId) === null || _g === void 0 ? void 0 : _g.call(ctx)) || '',
             userId: userId || '',
         };
         const requestConfig = {
@@ -243,7 +243,7 @@ function createRestAction(endpoints, config, serviceKey, actionName, options, Er
             const responseHeaders = {};
             const endRequestTime = Date.now();
             requestData.requestTime = endRequestTime - startRequestTime;
-            const actualResponseContentType = (_g = response.headers) === null || _g === void 0 ? void 0 : _g['Content-Type'];
+            const actualResponseContentType = (_h = response.headers) === null || _h === void 0 ? void 0 : _h['Content-Type'];
             const expectedResponseContentType = config.expectedResponseContentType || options.expectedResponseContentType;
             if (actualResponseContentType && expectedResponseContentType) {
                 let isInvalidResponseContentType;
@@ -340,7 +340,7 @@ function createRestAction(endpoints, config, serviceKey, actionName, options, Er
             }
             const responseStatus = lodash_1.default.get(parsedError, 'status') || lodash_1.default.get(error, 'status', 500);
             if (options === null || options === void 0 ? void 0 : options.sendStats) {
-                options.sendStats(Object.assign(Object.assign({}, requestData), { responseSize: getRestResponseSize((_h = error === null || error === void 0 ? void 0 : error.response) === null || _h === void 0 ? void 0 : _h.data, ctx, ErrorConstructor), restStatus: responseStatus, userId }), (0, redact_sensitive_headers_1.redactSensitiveHeaders)(parentCtx, headers), parentCtx, { debugHeaders: (0, common_1.sanitizeDebugHeaders)(debugHeaders) });
+                options.sendStats(Object.assign(Object.assign({}, requestData), { responseSize: getRestResponseSize((_j = error === null || error === void 0 ? void 0 : error.response) === null || _j === void 0 ? void 0 : _j.data, ctx, ErrorConstructor), restStatus: responseStatus, userId }), (0, redact_sensitive_headers_1.redactSensitiveHeaders)(parentCtx, headers), parentCtx, { debugHeaders: (0, common_1.sanitizeDebugHeaders)(debugHeaders) });
             }
             else {
                 ctx.stats(Object.assign(Object.assign({}, requestData), { responseStatus }));

package/build/index.js

@@ -85,7 +85,7 @@ function createApiAction(schema, config, serviceKey, actionName, api, grpcContex
             validationSchema: config.validationSchema,
             encodePathArgs: config.encodePathArgs,
             getAuthHeaders: config.getAuthHeaders,
-        }, config.ErrorConstructor);
+        }, config.ErrorConstructor, serviceSchema);
     }
     const grpcRecreateService = (_a = config.grpcRecreateService) !== null && _a !== void 0 ? _a : true;
     return (0, grpc_1.default)(grpcContext, endpointsConfig, action, serviceKey, actionName, {
@@ -98,7 +98,7 @@ function createApiAction(schema, config, serviceKey, actionName, api, grpcContex
         grpcOptions: config.grpcOptions,
         grpcRecreateService,
         getAuthHeaders: config.getAuthHeaders,
-    }, config.ErrorConstructor);
+    }, config.ErrorConstructor, serviceSchema);
 }
 function generateGatewayApi(schema, config, grpcContext, baseApi) {
     const { installation, env } = config;
@@ -117,7 +117,7 @@ function generateGatewayApi(schema, config, grpcContext, baseApi) {
 function generateGatewayApiController(schemasByScope, Api, config, controllerActions) {
     // eslint-disable-next-line complexity
     return async function gateway(req, res) {
-        var _a, _b, _c;
+        var _a, _b, _c, _d;
         const { userId } = res.locals || {};
         const { service, action, scope = 'root' } = req.params;
         const withDebugHeaders = typeof config.withDebugHeaders === 'function'
@@ -192,12 +192,15 @@ function generateGatewayApiController(schemasByScope, Api, config, controllerAct
                     throw { error, debugHeaders: {} };
                 }
             }
+            const serviceSchema = (_d = schemasByScope[scope]) === null || _d === void 0 ? void 0 : _d[service];
             const { responseData, responseHeaders, debugHeaders } = await apiAction({
                 requestId: req.id,
                 headers: req.headers,
                 ctx: req.ctx,
                 args,
-                authArgs: config.getAuthArgs(req, res),
+                authArgs: (serviceSchema === null || serviceSchema === void 0 ? void 0 : serviceSchema.getAuthArgs)
+                    ? serviceSchema.getAuthArgs(req, res)
+                    : config.getAuthArgs(req, res),
                 userId,
                 abortSignal: abortController.signal,
             });

package/build/models/common.d.ts

@@ -199,6 +199,8 @@ export interface BaseSchema {
         actions: Record<string, ApiServiceActionConfig<any, any, any, any, any, any>>;
         serviceName?: string;
         endpoints?: Record<string, Record<string, EndpointsConfig>>;
+        getAuthHeaders?: GetAuthHeaders;
+        getAuthArgs?: (req: Request, res: Response) => Record<string, unknown> | undefined;
     };
 }
 export interface SchemasByScope {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gravity-ui/gateway",
-  "version": "4.7.2",
+  "version": "4.8.0",
   "description": "",
   "license": "MIT",
   "main": "build/index.js",