@naturalcycles/backend-lib 4.1.1 → 4.2.2

package/dist/admin/{admin.mw.js → adminMiddleware.js}

@@ -19,7 +19,7 @@ exports.createAdminMiddleware = createAdminMiddleware;
  */
 function requireAdminPermissions(adminService, reqPermissions = [], cfg = {}) {
     const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg;
-    return async (req, res, next) => {
+    return async function requireAdminPermissionsFn(req, res, next) {
         if (urlStartsWith && !req.url.startsWith(urlStartsWith))
             return next();
         try {

package/dist/admin/{secureHeader.mw.d.ts → secureHeaderMiddleware.d.ts}

@@ -1,8 +1,15 @@
-import { AdminMiddleware, RequireAdminCfg } from './admin.mw';
+import { AdminMiddleware, RequireAdminCfg } from './adminMiddleware';
 import { BaseAdminService } from './base.admin.service';
 export interface SecureHeaderMiddlewareCfg extends RequireAdminCfg {
     adminService: BaseAdminService;
-    secureHeader: string;
+    /**
+     * Defaults to `Authorization`
+     */
+    secureHeaderKey?: string;
+    /**
+     * If undefined - any value will be accepted, but the header still need to be present.
+     */
+    secureHeaderValue?: string;
 }
 /**
  * Secures the endpoint by requiring a secret header to be present.

package/dist/admin/{secureHeader.mw.js → secureHeaderMiddleware.js}

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createSecureHeaderMiddleware = void 0;
 const js_lib_1 = require("@naturalcycles/js-lib");
-const admin_mw_1 = require("./admin.mw");
+const adminMiddleware_1 = require("./adminMiddleware");
 /**
  * Secures the endpoint by requiring a secret header to be present.
  * Throws Error401Admin otherwise.
@@ -12,14 +12,17 @@ function createSecureHeaderMiddleware(cfg) {
 }
 exports.createSecureHeaderMiddleware = createSecureHeaderMiddleware;
 function requireSecureHeaderOrAdmin(cfg, reqPermissions) {
-    const requireAdmin = (0, admin_mw_1.requireAdminPermissions)(cfg.adminService, reqPermissions, cfg);
+    const { secureHeaderKey = 'Authorization', secureHeaderValue } = cfg;
+    const requireAdmin = (0, adminMiddleware_1.requireAdminPermissions)(cfg.adminService, reqPermissions, cfg);
     return async (req, res, next) => {
-        const providedHeader = req.get('Authorization');
+        const providedHeader = req.get(secureHeaderKey);
         // pass
-        if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeader)
+        if (!cfg.adminService.cfg.authEnabled)
             return next();
         // Header provided - don't check for Admin
         if (providedHeader) {
+            if (!secureHeaderValue || providedHeader === secureHeaderValue)
+                return next();
             return next(new js_lib_1.HttpError('secureHeader or adminToken is required', {
                 httpStatusCode: 401,
                 adminAuthRequired: true,

package/dist/index.d.ts

@@ -1,8 +1,8 @@
 import onFinished = require('on-finished');
-import { AdminMiddleware, createAdminMiddleware, loginHtml, RequireAdminCfg } from './admin/admin.mw';
+import { AdminMiddleware, createAdminMiddleware, loginHtml, RequireAdminCfg } from './admin/adminMiddleware';
 import { AdminInfo, AdminServiceCfg, BaseAdminService } from './admin/base.admin.service';
 import { FirebaseSharedService } from './admin/firebase.shared.service';
-import { createSecureHeaderMiddleware, SecureHeaderMiddlewareCfg } from './admin/secureHeader.mw';
+import { createSecureHeaderMiddleware, SecureHeaderMiddlewareCfg } from './admin/secureHeaderMiddleware';
 import { BaseEnv } from './env/env.model';
 import { EnvSharedService, EnvSharedServiceCfg } from './env/env.shared.service';
 export * from './gae/appEngine.util';

package/dist/index.js

@@ -4,15 +4,15 @@ exports.simpleRequestLoggerMiddleware = exports.clearBodyParserTimeout = exports
 const tslib_1 = require("tslib");
 const onFinished = require("on-finished");
 exports.onFinished = onFinished;
-const admin_mw_1 = require("./admin/admin.mw");
-Object.defineProperty(exports, "createAdminMiddleware", { enumerable: true, get: function () { return admin_mw_1.createAdminMiddleware; } });
-Object.defineProperty(exports, "loginHtml", { enumerable: true, get: function () { return admin_mw_1.loginHtml; } });
+const adminMiddleware_1 = require("./admin/adminMiddleware");
+Object.defineProperty(exports, "createAdminMiddleware", { enumerable: true, get: function () { return adminMiddleware_1.createAdminMiddleware; } });
+Object.defineProperty(exports, "loginHtml", { enumerable: true, get: function () { return adminMiddleware_1.loginHtml; } });
 const base_admin_service_1 = require("./admin/base.admin.service");
 Object.defineProperty(exports, "BaseAdminService", { enumerable: true, get: function () { return base_admin_service_1.BaseAdminService; } });
 const firebase_shared_service_1 = require("./admin/firebase.shared.service");
 Object.defineProperty(exports, "FirebaseSharedService", { enumerable: true, get: function () { return firebase_shared_service_1.FirebaseSharedService; } });
-const secureHeader_mw_1 = require("./admin/secureHeader.mw");
-Object.defineProperty(exports, "createSecureHeaderMiddleware", { enumerable: true, get: function () { return secureHeader_mw_1.createSecureHeaderMiddleware; } });
+const secureHeaderMiddleware_1 = require("./admin/secureHeaderMiddleware");
+Object.defineProperty(exports, "createSecureHeaderMiddleware", { enumerable: true, get: function () { return secureHeaderMiddleware_1.createSecureHeaderMiddleware; } });
 const env_shared_service_1 = require("./env/env.shared.service");
 Object.defineProperty(exports, "EnvSharedService", { enumerable: true, get: function () { return env_shared_service_1.EnvSharedService; } });
 (0, tslib_1.__exportStar)(require("./gae/appEngine.util"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/backend-lib",
-  "version": "4.1.1",
+  "version": "4.2.2",
   "scripts": {
     "prepare": "husky install && patch-package",
     "serve": "APP_ENV=dev nodemon",
@@ -26,7 +26,7 @@
     "@types/on-finished": "^2.3.1",
     "cookie-parser": "^1.4.3",
     "cors": "^2.8.5",
-    "dotenv": "^10.0.0",
+    "dotenv": "^11.0.0",
     "ejs": "^3.0.1",
     "express": "^4.16.4",
     "express-promise-router": "^4.0.0",
@@ -84,7 +84,7 @@
     "url": "https://github.com/NaturalCycles/backend-lib"
   },
   "engines": {
-    "node": ">=16.13.0"
+    "node": ">=14.15.0"
   },
   "type": "commonjs",
   "description": "Standard library for making Express.js / AppEngine based backend services",

package/src/admin/{admin.mw.ts → adminMiddleware.ts}

@@ -55,7 +55,7 @@ export function requireAdminPermissions(
 ): BackendRequestHandler {
   const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg
 
-  return async (req, res, next) => {
+  return async function requireAdminPermissionsFn(req, res, next) {
     if (urlStartsWith && !req.url.startsWith(urlStartsWith)) return next()
 
     try {

package/src/admin/{secureHeader.mw.ts → secureHeaderMiddleware.ts}

@@ -1,11 +1,20 @@
 import { Admin401ErrorData, HttpError } from '@naturalcycles/js-lib'
 import { BackendRequestHandler } from '../server/server.model'
-import { AdminMiddleware, RequireAdminCfg, requireAdminPermissions } from './admin.mw'
+import { AdminMiddleware, RequireAdminCfg, requireAdminPermissions } from './adminMiddleware'
 import { BaseAdminService } from './base.admin.service'
 
 export interface SecureHeaderMiddlewareCfg extends RequireAdminCfg {
   adminService: BaseAdminService
-  secureHeader: string
+
+  /**
+   * Defaults to `Authorization`
+   */
+  secureHeaderKey?: string
+
+  /**
+   * If undefined - any value will be accepted, but the header still need to be present.
+   */
+  secureHeaderValue?: string
 }
 
 /**
@@ -20,16 +29,20 @@ function requireSecureHeaderOrAdmin(
   cfg: SecureHeaderMiddlewareCfg,
   reqPermissions?: string[],
 ): BackendRequestHandler {
+  const { secureHeaderKey = 'Authorization', secureHeaderValue } = cfg
+
   const requireAdmin = requireAdminPermissions(cfg.adminService, reqPermissions, cfg)
 
   return async (req, res, next) => {
-    const providedHeader = req.get('Authorization')
+    const providedHeader = req.get(secureHeaderKey)
 
     // pass
-    if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeader) return next()
+    if (!cfg.adminService.cfg.authEnabled) return next()
 
     // Header provided - don't check for Admin
     if (providedHeader) {
+      if (!secureHeaderValue || providedHeader === secureHeaderValue) return next()
+
       return next(
         new HttpError<Admin401ErrorData>('secureHeader or adminToken is required', {
           httpStatusCode: 401,

package/src/index.ts

@@ -4,10 +4,13 @@ import {
   createAdminMiddleware,
   loginHtml,
   RequireAdminCfg,
-} from './admin/admin.mw'
+} from './admin/adminMiddleware'
 import { AdminInfo, AdminServiceCfg, BaseAdminService } from './admin/base.admin.service'
 import { FirebaseSharedService } from './admin/firebase.shared.service'
-import { createSecureHeaderMiddleware, SecureHeaderMiddlewareCfg } from './admin/secureHeader.mw'
+import {
+  createSecureHeaderMiddleware,
+  SecureHeaderMiddlewareCfg,
+} from './admin/secureHeaderMiddleware'
 import { BaseEnv } from './env/env.model'
 import { EnvSharedService, EnvSharedServiceCfg } from './env/env.shared.service'
 export * from './gae/appEngine.util'