npm - @koziatek/http - Versions diffs - 1.0.2 → 1.1.0 - Mend

@koziatek/http 1.0.2 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.js CHANGED Viewed

@@ -6,6 +6,7 @@ const { OpenReq } = require("./middleware/OpenReq");
 const { ResData } = require("./middleware/ResData");
 const { SendRes } = require("./middleware/SendRes");
 const { Status } = require("./middleware/Status");
+const { RequireAuth } = require("./middleware/Auth");
 module.exports = {
@@ -18,6 +19,7 @@ module.exports = {
         ResData,
         SendRes,
         Status,
+        RequireAuth
     },
 }

package/middleware/Auth.js ADDED Viewed

@@ -0,0 +1,65 @@
+const jwt = require('jsonwebtoken')
+const jwksRsa = require('jwks-rsa')
+const AUTH0_DOMAIN = 'character-quiz-ai.us.auth0.com'
+const AUTH0_ISSUER = `https://${AUTH0_DOMAIN}/`
+const AUTH0_AUDIENCE = 'https://api.characterquiz.ai'
+/**
+ * JWKS client (cached + rate limited)
+ */
+const jwksClient = jwksRsa({
+  jwksUri: `${AUTH0_ISSUER}.well-known/jwks.json`,
+  cache: true,
+  cacheMaxEntries: 5,
+  cacheMaxAge: 10 * 60 * 1000, // 10 minutes
+  rateLimit: true,
+  jwksRequestsPerMinute: 10
+})
+function getSigningKey (header, callback) {
+  jwksClient.getSigningKey(header.kid, (err, key) => {
+    if (err) return callback(err)
+    callback(null, key.getPublicKey())
+  })
+}
+/**
+ * Express middleware
+ */
+function RequireAuth (req, res, next) {
+  const authHeader = req.headers.authorization
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    return res.status(401).json({ error: 'Missing Bearer token' })
+  }
+  const token = authHeader.split(' ')[1]
+  jwt.verify(
+    token,
+    getSigningKey,
+    {
+      algorithms: ['RS256'],
+      issuer: AUTH0_ISSUER,
+      audience: AUTH0_AUDIENCE
+    },
+    (err, decoded) => {
+      if (err) {
+        return res.status(401).json({
+          error: 'Invalid token',
+          details: err.message
+        })
+      }
+      // ✅ Attach claims
+      req.user = decoded
+      next()
+    }
+  )
+}
+module.exports = {
+  RequireAuth
+}

package/middleware/ErrorRender.js CHANGED Viewed

@@ -1,5 +1,5 @@
 const { HttpStatusCodes } = require('../HttpStatusCodes.js');
-const { Log, isFunction } = require('@precision-sustainable-ag/utils');
 function ErrorRenderer(err, req, res, next) {
     let response;
@@ -12,10 +12,9 @@ function ErrorRenderer(err, req, res, next) {
     else response = {
         metadata: err?.metadata || false,
         message: err?.message || false,
-        stack: err?.stack || false,
+        // stack: err?.stack || false,
     };
-    Log.Debug(err);
     res.status(statusCode).json(response);
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@koziatek/http",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "",
   "main": "index.js",
   "publishConfig": {
@@ -13,7 +13,9 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "@precision-sustainable-ag/utils": "^1.0.0"
+    "@koziatek/utils": "^1.0.0",
+    "jsonwebtoken": "^9.0.3",
+    "jwks-rsa": "^3.2.2"
   },
   "devDependencies": {
     "jest": "^29.7.0"