@litusarchieve18/agricore-utils 1.0.29 → 1.0.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -183,6 +183,8 @@ Run the publish command:
183
183
  Bash
184
184
  npm publish --access public
185
185
  📝 Version History
186
+ V1.0.30 — altered authscoped Id to receive a list of string not a single string
187
+
186
188
  V1.0.29 — altered filtering logic from validFrom_lte: targetIso to validFrom: { $lte: targetIso }
187
189
 
188
190
  V1.0.28 — altered the logic and added scope aware filtering and write-time validation in priceHelpers.ts
package/dist/index.d.mts CHANGED
@@ -177,10 +177,10 @@ declare function evaluateBaseAccess(resourcePath: string, session: AgriCoreSessi
177
177
  */
178
178
  declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
179
179
  declare function findSpecificOverride(session: AgriCoreSession, activeScopeId: string, resourcePath: string): AccessLevelType | null;
180
- declare function assertTenantBoundary(db: any, session: AgriCoreSession, // Pass the JWT session instead of just requesterCompanyId
181
- targets: {
180
+ declare function assertTenantBoundary(db: any, session: AgriCoreSession, targets: {
182
181
  targetUserId?: string;
183
182
  authScopeId?: string;
183
+ authScopeIds?: string[];
184
184
  expectedScopeType?: ScopeType;
185
185
  }): Promise<boolean>;
186
186
  declare function verifyAndExtractSession(token: string, secret: string): Promise<AgriCoreSession>;
package/dist/index.d.ts CHANGED
@@ -177,10 +177,10 @@ declare function evaluateBaseAccess(resourcePath: string, session: AgriCoreSessi
177
177
  */
178
178
  declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
179
179
  declare function findSpecificOverride(session: AgriCoreSession, activeScopeId: string, resourcePath: string): AccessLevelType | null;
180
- declare function assertTenantBoundary(db: any, session: AgriCoreSession, // Pass the JWT session instead of just requesterCompanyId
181
- targets: {
180
+ declare function assertTenantBoundary(db: any, session: AgriCoreSession, targets: {
182
181
  targetUserId?: string;
183
182
  authScopeId?: string;
183
+ authScopeIds?: string[];
184
184
  expectedScopeType?: ScopeType;
185
185
  }): Promise<boolean>;
186
186
  declare function verifyAndExtractSession(token: string, secret: string): Promise<AgriCoreSession>;
package/dist/index.js CHANGED
@@ -1870,6 +1870,19 @@ async function assertTenantBoundary(db, session, targets) {
1870
1870
  throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
1871
1871
  }
1872
1872
  }
1873
+ if (targets.authScopeIds?.length) {
1874
+ const matchedScope = session.availableScopes?.find(
1875
+ (scope) => targets.authScopeIds.includes(scope.authScopeId)
1876
+ );
1877
+ if (!matchedScope) {
1878
+ console.error(`[SECURITY BREACH] None of scopes [${targets.authScopeIds.join(", ")}] found in user's permitted list.`);
1879
+ throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Tenant boundary violation.");
1880
+ }
1881
+ if (targets.expectedScopeType && matchedScope.type !== targets.expectedScopeType) {
1882
+ console.error(`[VALIDATION ERROR] Expected type ${targets.expectedScopeType} but got ${matchedScope.type}`);
1883
+ throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
1884
+ }
1885
+ }
1873
1886
  return true;
1874
1887
  }
1875
1888
  async function verifyAndExtractSession(token, secret) {
package/dist/index.mjs CHANGED
@@ -851,6 +851,19 @@ async function assertTenantBoundary(db, session, targets) {
851
851
  throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
852
852
  }
853
853
  }
854
+ if (targets.authScopeIds?.length) {
855
+ const matchedScope = session.availableScopes?.find(
856
+ (scope) => targets.authScopeIds.includes(scope.authScopeId)
857
+ );
858
+ if (!matchedScope) {
859
+ console.error(`[SECURITY BREACH] None of scopes [${targets.authScopeIds.join(", ")}] found in user's permitted list.`);
860
+ throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Tenant boundary violation.");
861
+ }
862
+ if (targets.expectedScopeType && matchedScope.type !== targets.expectedScopeType) {
863
+ console.error(`[VALIDATION ERROR] Expected type ${targets.expectedScopeType} but got ${matchedScope.type}`);
864
+ throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
865
+ }
866
+ }
854
867
  return true;
855
868
  }
856
869
  async function verifyAndExtractSession(token, secret) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@litusarchieve18/agricore-utils",
3
- "version": "1.0.29",
3
+ "version": "1.0.30",
4
4
  "description": "Canonical Backend Utility Library for AgriCore",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",