npm - @naturalcycles/backend-lib - Versions diffs - 4.0.0 → 4.2.0 - Mend

@naturalcycles/backend-lib 4.0.0 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/admin/{admin.mw.d.ts → adminMiddleware.d.ts} +0 -0
package/dist/admin/{admin.mw.js → adminMiddleware.js} +1 -1
package/dist/admin/{secureHeader.mw.d.ts → secureHeaderMiddleware.d.ts} +6 -2
package/dist/admin/{secureHeader.mw.js → secureHeaderMiddleware.js} +5 -4
package/dist/index.d.ts +2 -2
package/dist/index.js +5 -5
package/dist/server/createDefaultApp.js +17 -2
package/dist/server/createDefaultApp.model.d.ts +6 -0
package/package.json +5 -5
package/src/admin/{admin.mw.ts → adminMiddleware.ts} +1 -1
package/src/admin/{secureHeader.mw.ts → secureHeaderMiddleware.ts} +12 -4
package/src/index.ts +5 -2
package/src/server/createDefaultApp.model.ts +9 -0
package/src/server/createDefaultApp.ts +28 -2

package/dist/admin/{admin.mw.d.ts → adminMiddleware.d.ts} RENAMED Viewed

File without changes

package/dist/admin/{admin.mw.js → adminMiddleware.js} RENAMED Viewed

@@ -19,7 +19,7 @@ exports.createAdminMiddleware = createAdminMiddleware;
  */
 function requireAdminPermissions(adminService, reqPermissions = [], cfg = {}) {
     const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg;
-    return async (req, res, next) => {
+    return async function requireAdminPermissionsFn(req, res, next) {
         if (urlStartsWith && !req.url.startsWith(urlStartsWith))
             return next();
         try {

package/dist/admin/{secureHeader.mw.d.ts → secureHeaderMiddleware.d.ts} RENAMED Viewed

@@ -1,8 +1,12 @@
-import { AdminMiddleware, RequireAdminCfg } from './admin.mw';
+import { AdminMiddleware, RequireAdminCfg } from './adminMiddleware';
 import { BaseAdminService } from './base.admin.service';
 export interface SecureHeaderMiddlewareCfg extends RequireAdminCfg {
     adminService: BaseAdminService;
-    secureHeader: string;
+    /**
+     * Defaults to `Authorization`
+     */
+    secureHeaderKey?: string;
+    secureHeaderValue: string;
 }
 /**
  * Secures the endpoint by requiring a secret header to be present.

package/dist/admin/{secureHeader.mw.js → secureHeaderMiddleware.js} RENAMED Viewed

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createSecureHeaderMiddleware = void 0;
 const js_lib_1 = require("@naturalcycles/js-lib");
-const admin_mw_1 = require("./admin.mw");
+const adminMiddleware_1 = require("./adminMiddleware");
 /**
  * Secures the endpoint by requiring a secret header to be present.
  * Throws Error401Admin otherwise.
@@ -12,11 +12,12 @@ function createSecureHeaderMiddleware(cfg) {
 }
 exports.createSecureHeaderMiddleware = createSecureHeaderMiddleware;
 function requireSecureHeaderOrAdmin(cfg, reqPermissions) {
-    const requireAdmin = (0, admin_mw_1.requireAdminPermissions)(cfg.adminService, reqPermissions, cfg);
+    const { secureHeaderKey = 'Authorization' } = cfg;
+    const requireAdmin = (0, adminMiddleware_1.requireAdminPermissions)(cfg.adminService, reqPermissions, cfg);
     return async (req, res, next) => {
-        const providedHeader = req.get('Authorization');
+        const providedHeader = req.get(secureHeaderKey);
         // pass
-        if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeader)
+        if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeaderValue)
             return next();
         // Header provided - don't check for Admin
         if (providedHeader) {

package/dist/index.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import onFinished = require('on-finished');
-import { AdminMiddleware, createAdminMiddleware, loginHtml, RequireAdminCfg } from './admin/admin.mw';
+import { AdminMiddleware, createAdminMiddleware, loginHtml, RequireAdminCfg } from './admin/adminMiddleware';
 import { AdminInfo, AdminServiceCfg, BaseAdminService } from './admin/base.admin.service';
 import { FirebaseSharedService } from './admin/firebase.shared.service';
-import { createSecureHeaderMiddleware, SecureHeaderMiddlewareCfg } from './admin/secureHeader.mw';
+import { createSecureHeaderMiddleware, SecureHeaderMiddlewareCfg } from './admin/secureHeaderMiddleware';
 import { BaseEnv } from './env/env.model';
 import { EnvSharedService, EnvSharedServiceCfg } from './env/env.shared.service';
 export * from './gae/appEngine.util';

package/dist/index.js CHANGED Viewed

@@ -4,15 +4,15 @@ exports.simpleRequestLoggerMiddleware = exports.clearBodyParserTimeout = exports
 const tslib_1 = require("tslib");
 const onFinished = require("on-finished");
 exports.onFinished = onFinished;
-const admin_mw_1 = require("./admin/admin.mw");
-Object.defineProperty(exports, "createAdminMiddleware", { enumerable: true, get: function () { return admin_mw_1.createAdminMiddleware; } });
-Object.defineProperty(exports, "loginHtml", { enumerable: true, get: function () { return admin_mw_1.loginHtml; } });
+const adminMiddleware_1 = require("./admin/adminMiddleware");
+Object.defineProperty(exports, "createAdminMiddleware", { enumerable: true, get: function () { return adminMiddleware_1.createAdminMiddleware; } });
+Object.defineProperty(exports, "loginHtml", { enumerable: true, get: function () { return adminMiddleware_1.loginHtml; } });
 const base_admin_service_1 = require("./admin/base.admin.service");
 Object.defineProperty(exports, "BaseAdminService", { enumerable: true, get: function () { return base_admin_service_1.BaseAdminService; } });
 const firebase_shared_service_1 = require("./admin/firebase.shared.service");
 Object.defineProperty(exports, "FirebaseSharedService", { enumerable: true, get: function () { return firebase_shared_service_1.FirebaseSharedService; } });
-const secureHeader_mw_1 = require("./admin/secureHeader.mw");
-Object.defineProperty(exports, "createSecureHeaderMiddleware", { enumerable: true, get: function () { return secureHeader_mw_1.createSecureHeaderMiddleware; } });
+const secureHeaderMiddleware_1 = require("./admin/secureHeaderMiddleware");
+Object.defineProperty(exports, "createSecureHeaderMiddleware", { enumerable: true, get: function () { return secureHeaderMiddleware_1.createSecureHeaderMiddleware; } });
 const env_shared_service_1 = require("./env/env.shared.service");
 Object.defineProperty(exports, "EnvSharedService", { enumerable: true, get: function () { return env_shared_service_1.EnvSharedService; } });
 (0, tslib_1.__exportStar)(require("./gae/appEngine.util"), exports);

package/dist/server/createDefaultApp.js CHANGED Viewed

@@ -38,8 +38,22 @@ function createDefaultApp(cfg) {
         app.use((0, simpleRequestLoggerMiddleware_1.simpleRequestLoggerMiddleware)());
     }
     // app.use(safeJsonMiddleware()) // optional
-    app.use(express.json({ limit: '1mb' }));
-    app.use(express.urlencoded({ limit: '1mb', extended: true }));
+    // accepts application/json
+    app.use(express.json({
+        limit: '1mb',
+        ...cfg.bodyParserJsonOptions,
+    }));
+    app.use(express.urlencoded({
+        limit: '1mb',
+        extended: true,
+        ...cfg.bodyParserUrlEncodedOptions,
+    }));
+    // accepts application/octet-stream
+    app.use(express.raw({
+        // inflate: true, // default is `true`
+        limit: '1mb',
+        ...cfg.bodyParserRawOptions,
+    }));
     app.use(cookieParser());
     if (!isTest) {
         // leaks, load lazily
@@ -52,6 +66,7 @@ function createDefaultApp(cfg) {
         credentials: true,
         // methods: 'GET,HEAD,PUT,PATCH,POST,DELETE', // default
         maxAge: 86400,
+        ...cfg.corsOptions,
     }));
     // app.use(clearBodyParserTimeout()) // removed by default
     // Static is now disabled by default due to performance

package/dist/server/createDefaultApp.model.d.ts CHANGED Viewed

@@ -1,3 +1,5 @@
+import { Options, OptionsJson, OptionsUrlencoded } from 'body-parser';
+import { CorsOptions } from 'cors';
 import { SentrySharedService } from '../sentry/sentry.shared.service';
 import { BackendRequestHandler } from './server.model';
 /**
@@ -23,4 +25,8 @@ export interface DefaultAppCfg {
     resources?: BackendRequestHandlerCfg[];
     postHandlers?: BackendRequestHandlerCfg[];
     sentryService?: SentrySharedService;
+    bodyParserJsonOptions?: OptionsJson;
+    bodyParserUrlEncodedOptions?: OptionsUrlencoded;
+    bodyParserRawOptions?: Options;
+    corsOptions?: CorsOptions;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/backend-lib",
-  "version": "4.0.0",
+  "version": "4.2.0",
   "scripts": {
     "prepare": "husky install && patch-package",
     "serve": "APP_ENV=dev nodemon",
@@ -26,13 +26,13 @@
     "@types/on-finished": "^2.3.1",
     "cookie-parser": "^1.4.3",
     "cors": "^2.8.5",
-    "dotenv": "^10.0.0",
+    "dotenv": "^11.0.0",
     "ejs": "^3.0.1",
     "express": "^4.16.4",
     "express-promise-router": "^4.0.0",
     "firebase-admin": "^10.0.0",
     "fs-extra": "^10.0.0",
-    "helmet": "^4.0.0",
+    "helmet": "^5.0.0",
     "js-yaml": "^4.0.0",
     "on-finished": "^2.3.0",
     "simple-git": "^2.1.0",
@@ -44,7 +44,7 @@
     "@sentry/node": "^6.5.1",
     "@types/ejs": "^3.0.0",
     "@types/js-yaml": "^4.0.0",
-    "@types/node": "^16.4.1",
+    "@types/node": "^17.0.0",
     "esbuild-register": "^3.1.2",
     "fastify": "^3.20.1",
     "jest": "^27.0.1",
@@ -84,7 +84,7 @@
     "url": "https://github.com/NaturalCycles/backend-lib"
   },
   "engines": {
-    "node": ">=16.13.0"
+    "node": ">=16.10.0"
   },
   "type": "commonjs",
   "description": "Standard library for making Express.js / AppEngine based backend services",

package/src/admin/{admin.mw.ts → adminMiddleware.ts} RENAMED Viewed

@@ -55,7 +55,7 @@ export function requireAdminPermissions(
 ): BackendRequestHandler {
   const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg
-  return async (req, res, next) => {
+  return async function requireAdminPermissionsFn(req, res, next) {
     if (urlStartsWith && !req.url.startsWith(urlStartsWith)) return next()
     try {

package/src/admin/{secureHeader.mw.ts → secureHeaderMiddleware.ts} RENAMED Viewed

@@ -1,11 +1,17 @@
 import { Admin401ErrorData, HttpError } from '@naturalcycles/js-lib'
 import { BackendRequestHandler } from '../server/server.model'
-import { AdminMiddleware, RequireAdminCfg, requireAdminPermissions } from './admin.mw'
+import { AdminMiddleware, RequireAdminCfg, requireAdminPermissions } from './adminMiddleware'
 import { BaseAdminService } from './base.admin.service'
 export interface SecureHeaderMiddlewareCfg extends RequireAdminCfg {
   adminService: BaseAdminService
-  secureHeader: string
+  /**
+   * Defaults to `Authorization`
+   */
+  secureHeaderKey?: string
+  secureHeaderValue: string
 }
 /**
@@ -20,13 +26,15 @@ function requireSecureHeaderOrAdmin(
   cfg: SecureHeaderMiddlewareCfg,
   reqPermissions?: string[],
 ): BackendRequestHandler {
+  const { secureHeaderKey = 'Authorization' } = cfg
   const requireAdmin = requireAdminPermissions(cfg.adminService, reqPermissions, cfg)
   return async (req, res, next) => {
-    const providedHeader = req.get('Authorization')
+    const providedHeader = req.get(secureHeaderKey)
     // pass
-    if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeader) return next()
+    if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeaderValue) return next()
     // Header provided - don't check for Admin
     if (providedHeader) {

package/src/index.ts CHANGED Viewed

@@ -4,10 +4,13 @@ import {
   createAdminMiddleware,
   loginHtml,
   RequireAdminCfg,
-} from './admin/admin.mw'
+} from './admin/adminMiddleware'
 import { AdminInfo, AdminServiceCfg, BaseAdminService } from './admin/base.admin.service'
 import { FirebaseSharedService } from './admin/firebase.shared.service'
-import { createSecureHeaderMiddleware, SecureHeaderMiddlewareCfg } from './admin/secureHeader.mw'
+import {
+  createSecureHeaderMiddleware,
+  SecureHeaderMiddlewareCfg,
+} from './admin/secureHeaderMiddleware'
 import { BaseEnv } from './env/env.model'
 import { EnvSharedService, EnvSharedServiceCfg } from './env/env.shared.service'
 export * from './gae/appEngine.util'

package/src/server/createDefaultApp.model.ts CHANGED Viewed

@@ -1,3 +1,5 @@
+import { Options, OptionsJson, OptionsUrlencoded } from 'body-parser'
+import { CorsOptions } from 'cors'
 import { SentrySharedService } from '../sentry/sentry.shared.service'
 import { BackendRequestHandler } from './server.model'
@@ -25,5 +27,12 @@ export interface DefaultAppCfg {
   handlers?: BackendRequestHandlerCfg[]
   resources?: BackendRequestHandlerCfg[]
   postHandlers?: BackendRequestHandlerCfg[]
   sentryService?: SentrySharedService
+  bodyParserJsonOptions?: OptionsJson
+  bodyParserUrlEncodedOptions?: OptionsUrlencoded
+  bodyParserRawOptions?: Options
+  corsOptions?: CorsOptions
 }

package/src/server/createDefaultApp.ts CHANGED Viewed

@@ -51,9 +51,34 @@ export function createDefaultApp(cfg: DefaultAppCfg): BackendApplication {
   }
   // app.use(safeJsonMiddleware()) // optional
-  app.use(express.json({ limit: '1mb' }))
-  app.use(express.urlencoded({ limit: '1mb', extended: true }))
+  // accepts application/json
+  app.use(
+    express.json({
+      limit: '1mb',
+      ...cfg.bodyParserJsonOptions,
+    }),
+  )
+  app.use(
+    express.urlencoded({
+      limit: '1mb',
+      extended: true,
+      ...cfg.bodyParserUrlEncodedOptions,
+    }),
+  )
+  // accepts application/octet-stream
+  app.use(
+    express.raw({
+      // inflate: true, // default is `true`
+      limit: '1mb',
+      ...cfg.bodyParserRawOptions,
+    }),
+  )
   app.use(cookieParser())
   if (!isTest) {
     // leaks, load lazily
     app.use(
@@ -69,6 +94,7 @@ export function createDefaultApp(cfg: DefaultAppCfg): BackendApplication {
       credentials: true,
       // methods: 'GET,HEAD,PUT,PATCH,POST,DELETE', // default
       maxAge: 86400,
+      ...cfg.corsOptions,
     }),
   )