@jungjaehoon/mama-os 0.18.1 → 0.18.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -23,8 +23,17 @@ interface SecurityLogContext {
|
|
|
23
23
|
* Check if request originates from localhost
|
|
24
24
|
*/
|
|
25
25
|
export declare function isLocalRequest(req: IncomingMessage): boolean;
|
|
26
|
-
export declare function isCloudflareAccessEnabled(): boolean;
|
|
27
26
|
export declare function hasCloudflareAccessIdentity(req: IncomingMessage): boolean;
|
|
27
|
+
/**
|
|
28
|
+
* Trust Cloudflare Access authenticated requests when:
|
|
29
|
+
* 1. Peer is localhost (request came through local Cloudflare Tunnel), AND
|
|
30
|
+
* 2. Request has CF Access identity headers (user passed Cloudflare Access login)
|
|
31
|
+
*
|
|
32
|
+
* No environment variable needed — if cf-ray + CF Access headers arrive
|
|
33
|
+
* from localhost, it's a Cloudflare Tunnel by definition.
|
|
34
|
+
* MAMA_TRUST_CLOUDFLARE_ACCESS=true is still supported as explicit opt-in
|
|
35
|
+
* but is no longer required.
|
|
36
|
+
*/
|
|
28
37
|
export declare function isTrustedCloudflareAccessRequest(req: IncomingMessage): boolean;
|
|
29
38
|
export declare function getClientAddress(req: IncomingMessage): string;
|
|
30
39
|
export declare function getSecurityLogContext(req: IncomingMessage): SecurityLogContext;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../src/api/auth-middleware.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../src/api/auth-middleware.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB/D,UAAU,WAAW;IACnB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,UAAU,kBAAkB;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAG5D;AAUD,wBAAgB,2BAA2B,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAOzE;AAED;;;;;;;;;GASG;AACH,wBAAgB,gCAAgC,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAM9E;AAED,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,CAE7D;AAED,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,eAAe,GAAG,kBAAkB,CAsB9E;AAED,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,GAAE,WAAgB,GAAG,IAAI,CA2B5F;AA4BD;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,GAAE,WAAgB,GAAG,OAAO,CAwBxF;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAoBjF"}
|
|
@@ -40,7 +40,6 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
40
40
|
})();
|
|
41
41
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42
42
|
exports.isLocalRequest = isLocalRequest;
|
|
43
|
-
exports.isCloudflareAccessEnabled = isCloudflareAccessEnabled;
|
|
44
43
|
exports.hasCloudflareAccessIdentity = hasCloudflareAccessIdentity;
|
|
45
44
|
exports.isTrustedCloudflareAccessRequest = isTrustedCloudflareAccessRequest;
|
|
46
45
|
exports.getClientAddress = getClientAddress;
|
|
@@ -68,19 +67,23 @@ function isLocalRequest(req) {
|
|
|
68
67
|
function isTunnelRequest(req) {
|
|
69
68
|
return !!(req.headers['cf-connecting-ip'] || req.headers['cf-ray']);
|
|
70
69
|
}
|
|
71
|
-
function isCloudflareAccessEnabled() {
|
|
72
|
-
return process.env.MAMA_TRUST_CLOUDFLARE_ACCESS === 'true';
|
|
73
|
-
}
|
|
74
70
|
function hasCloudflareAccessIdentity(req) {
|
|
75
71
|
const headers = req.headers;
|
|
76
72
|
return (typeof headers['cf-access-jwt-assertion'] === 'string' ||
|
|
77
73
|
typeof headers['cf-access-authenticated-user-email'] === 'string' ||
|
|
78
74
|
typeof headers['cf-access-authenticated-user-uuid'] === 'string');
|
|
79
75
|
}
|
|
76
|
+
/**
|
|
77
|
+
* Trust Cloudflare Access authenticated requests when:
|
|
78
|
+
* 1. Peer is localhost (request came through local Cloudflare Tunnel), AND
|
|
79
|
+
* 2. Request has CF Access identity headers (user passed Cloudflare Access login)
|
|
80
|
+
*
|
|
81
|
+
* No environment variable needed — if cf-ray + CF Access headers arrive
|
|
82
|
+
* from localhost, it's a Cloudflare Tunnel by definition.
|
|
83
|
+
* MAMA_TRUST_CLOUDFLARE_ACCESS=true is still supported as explicit opt-in
|
|
84
|
+
* but is no longer required.
|
|
85
|
+
*/
|
|
80
86
|
function isTrustedCloudflareAccessRequest(req) {
|
|
81
|
-
if (!isCloudflareAccessEnabled()) {
|
|
82
|
-
return false;
|
|
83
|
-
}
|
|
84
87
|
if (!(0, trusted_proxy_js_1.isTrustedProxyPeer)(req.socket?.remoteAddress || null)) {
|
|
85
88
|
return false;
|
|
86
89
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-middleware.js","sourceRoot":"","sources":["../../src/api/auth-middleware.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"auth-middleware.js","sourceRoot":"","sources":["../../src/api/auth-middleware.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCH,wCAGC;AAUD,kEAOC;AAYD,4EAMC;AAED,4CAEC;AAED,sDAsBC;AAED,wDA2BC;AAmCD,0CAwBC;AASD,kCAoBC;AA3ND,6CAA8C;AAG9C,iFAAmE;AACnE,yEAIyC;AACzC,mEAA6F;AAE7F,MAAM,EAAE,WAAW,EAAE,GAAG,WAIvB,CAAC;AACF,MAAM,UAAU,GAAG,IAAI,WAAW,CAAC,cAAc,CAAC,CAAC;AAiBnD;;GAEG;AACH,SAAgB,cAAc,CAAC,GAAoB;IACjD,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC;IAC7C,OAAO,UAAU,KAAK,WAAW,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,kBAAkB,CAAC;AACjG,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,GAAoB;IAC3C,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,SAAgB,2BAA2B,CAAC,GAAoB;IAC9D,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC5B,OAAO,CACL,OAAO,OAAO,CAAC,yBAAyB,CAAC,KAAK,QAAQ;QACtD,OAAO,OAAO,CAAC,oCAAoC,CAAC,KAAK,QAAQ;QACjE,OAAO,OAAO,CAAC,mCAAmC,CAAC,KAAK,QAAQ,CACjE,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,gCAAgC,CAAC,GAAoB;IACnE,IAAI,CAAC,IAAA,qCAAkB,EAAC,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,IAAI,CAAC,EAAE,CAAC;QAC3D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,2BAA2B,CAAC,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED,SAAgB,gBAAgB,CAAC,GAAoB;IACnD,OAAO,IAAA,4CAAyB,EAAC,GAAG,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,qBAAqB,CAAC,GAAoB;IACxD,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;IAC9B,IAAI,IAAI,GAAkB,MAAM,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;QAC7C,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,iCAAiC;IACnC,CAAC;IAED,OAAO;QACL,aAAa,EAAE,gBAAgB,CAAC,GAAG,CAAC;QACpC,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,IAAI;QAChD,YAAY,EACV,OAAO,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,IAAI;QAC5F,cAAc,EACZ,OAAO,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,IAAI;QAC9F,KAAK,EAAE,OAAO,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;QAC/E,MAAM,EAAE,QAAQ,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;QAC7E,IAAI;QACJ,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC;KAChC,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CAAC,GAAoB,EAAE,UAAuB,EAAE;IACpF,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,OAAO,CAAC,eAAe,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,aAAa,GAAG,IAAI,GAAG,CACrB,GAAG,CAAC,GAAG,EACP,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,EAAE,CAC5C,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,aAAa,GAAG,KAAK,CAAC;QACxB,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG;QACd,sBAAsB,EAAE,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa;QACnD,aAAa;QACb,eAAe,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe;KAC3C,CAAC;IACF,UAAU,CAAC,IAAI,CAAC,yCAAyC,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IACvF,IAAA,yCAAmB,EAAC;QAClB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,8BAA8B;QACvC,GAAG,OAAO;QACV,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,SAAS,cAAc,CAAC,KAAa,EAAE,UAAkB;IACvD,IAAI,KAAK,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,eAAe,CAAC,GAAoB,EAAE,UAAuB,EAAE;IACtE,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAC7C,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAC7E,CAAC;IAED,IAAI,OAAO,CAAC,eAAe,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;YAC7C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;YAC/C,OAAO,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,eAAe,CAAC,GAAoB,EAAE,UAAuB,EAAE;IAC7E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAChF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,IAAI,gCAAgC,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC;IAED,4EAA4E;IAC5E,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,gCAAgC,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kDAAkD;IAClD,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,cAAc,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IACzE,MAAM,aAAa,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAE5C,iCAAiC;IACjC,IAAI,IAAA,gCAAU,EAAC,aAAa,CAAC,EAAE,CAAC;QAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,sBAAsB,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAA,uCAAiB,EAAC,aAAa,CAAC,CAAC;QACjC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,IAAI;YACX,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,wEAAwE;SAClF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IACD,IAAI,EAAE,CAAC;AACT,CAAC"}
|
package/package.json
CHANGED