@lucaapp/service-utils 1.40.0 → 1.40.2

package/dist/lib/api/endpoint.js

@@ -96,7 +96,7 @@ const handleMiddleware = async (middleware, context, request, response, debug) =
         const handlerRequestQuery = ((await middleware.options.schemas?.query?.parseAsync(request.query)) ||
             undefined);
         const handlerRequestHeaders = ((await middleware.options.schemas?.headers?.parseAsync(request.headers)) || undefined);
-        const { ip, baseUrl, route, method } = request;
+        const { ip, baseUrl, originalUrl, route, method } = request;
         const handlerRequest = {
             body: handlerRequestBody,
             params: handlerRequestParams,
@@ -104,6 +104,7 @@ const handleMiddleware = async (middleware, context, request, response, debug) =
             headers: handlerRequestHeaders,
             ip,
             baseUrl,
+            originalUrl,
             method,
             path: route.path,
         };

package/dist/lib/api/types/middleware.d.ts

@@ -12,9 +12,10 @@ export type MiddlewareHandler<TResponseSchema, TRequestBodySchema, TRequestParam
     headers: ZodSchemaOuput<TRequestHeadersSchema>;
     ip: string;
     baseUrl: string;
+    originalUrl: string;
     path: string;
     method: string;
-}, send: (response: ExtractZodOutput<ArrayToUnion<TResponseSchema>>) => void, next: (context: ZodSchemaOuput<TContextSchema>) => void) => Promise<void>;
+}, send: (response: ExtractZodOutput<ArrayToUnion<TResponseSchema>>) => void, next: (context?: ZodSchemaOuput<TContextSchema>) => void) => Promise<void>;
 export type MiddlewareOptions<TResponseSchemas extends ReadonlyArray<EndpointResponseSchema>, TRequestBodySchema, TRequestParamsSchema, TRequestQuerySchema, TRequestHeadersSchema, TContextSchema> = {
     schemas?: {
         body?: TRequestBodySchema;

package/dist/lib/serviceIdentity/serviceIdentity.d.ts

@@ -2,6 +2,7 @@ import * as jose from 'jose';
 import { HttpMethod } from 'types/http';
 import { Request, RequestHandler } from 'express';
 import { Service } from './service';
+import { z } from 'zod';
 type JWKS = {
     keys: jose.JWK[];
 };
@@ -25,6 +26,45 @@ declare class ServiceIdentity {
     }>;
     getIdentityJWKS: () => Promise<JWKS>;
     requireServiceIdentity: (service: string) => RequestHandler;
+    requireServiceIdentityV3: (service: string) => import("../api/types/middleware").Middleware<({
+        status: 401;
+        description: string;
+        schema: z.ZodObject<{
+            error: z.ZodLiteral<import("../api/types/http").HTTPStatus.UNAUTHORIZED>;
+            message: z.ZodString;
+        }, "strip", z.ZodTypeAny, {
+            message: string;
+            error: import("../api/types/http").HTTPStatus.UNAUTHORIZED;
+        }, {
+            message: string;
+            error: import("../api/types/http").HTTPStatus.UNAUTHORIZED;
+        }>;
+    } | {
+        status: 403;
+        description: string;
+        schema: z.ZodObject<{
+            error: z.ZodLiteral<import("../api/types/http").HTTPStatus.FORBIDDEN>;
+            message: z.ZodString;
+        }, "strip", z.ZodTypeAny, {
+            message: string;
+            error: import("../api/types/http").HTTPStatus.FORBIDDEN;
+        }, {
+            message: string;
+            error: import("../api/types/http").HTTPStatus.FORBIDDEN;
+        }>;
+    })[], undefined, undefined, undefined, z.ZodObject<{
+        'X-Identity': z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        "X-Identity": string;
+    }, {
+        "X-Identity": string;
+    }>, z.ZodObject<{
+        payload: z.ZodAny;
+    }, "strip", z.ZodTypeAny, {
+        payload?: any;
+    }, {
+        payload?: any;
+    }>>;
     identityJWKSRoute: RequestHandler;
 }
 export { ServiceIdentity };

package/dist/lib/serviceIdentity/serviceIdentity.js

@@ -30,9 +30,11 @@ exports.ServiceIdentity = void 0;
 const jose = __importStar(require("jose"));
 const url_1 = require("url");
 const boom_1 = require("@hapi/boom");
+const api_1 = require("../api");
 const moment_1 = __importDefault(require("moment"));
 const requestTracer_1 = require("../requestTracer");
 const axios_1 = __importDefault(require("axios"));
+const zod_1 = require("zod");
 const JWT_ALGORITHM = 'ES256';
 const JWT_HEADER_NAME = 'X-Identity';
 const JWT_ALLOWED_ALGORITHMS = [JWT_ALGORITHM];
@@ -123,6 +125,29 @@ class ServiceIdentity {
             request.body = payload.data;
             next();
         };
+        this.requireServiceIdentityV3 = (service) => (0, api_1.createMiddleware)({
+            schemas: {
+                headers: zod_1.z.object({
+                    'X-Identity': zod_1.z.string(),
+                }),
+                context: zod_1.z.object({ payload: zod_1.z.any() }),
+            },
+            responses: [(0, api_1.unauthorizedResponse)(), (0, api_1.forbiddenResponse)()],
+        }, async (request, respond, next) => {
+            const { headers, originalUrl, method } = request;
+            const jwt = headers[JWT_HEADER_NAME];
+            if (typeof jwt !== 'string') {
+                return respond((0, api_1.unauthorized)());
+            }
+            const { payload } = await jose.jwtVerify(jwt, this.getRemoteJWKS(service), this.getJwtVerifyOptions(service));
+            if (request.originalUrl !== payload.url) {
+                return respond((0, api_1.forbidden)(`${originalUrl} !== ${payload.url}`));
+            }
+            if (method !== payload.method) {
+                return respond((0, api_1.forbidden)(`${method} !== ${payload.method}`));
+            }
+            next({ payload: payload.data });
+        });
         this.identityJWKSRoute = async (_, response) => {
             response.send(await this.getIdentityJWKS());
         };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lucaapp/service-utils",
-  "version": "1.40.0",
+  "version": "1.40.2",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "files": [