@naturalcycles/backend-lib 4.2.0 → 4.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/admin/secureHeaderMiddleware.d.ts +4 -1
  2. package/dist/admin/secureHeaderMiddleware.js +4 -2
  3. package/package.json +1 -1
  4. package/src/admin/secureHeaderMiddleware.ts +8 -3
package/dist/admin/secureHeaderMiddleware.d.ts CHANGED
@@ -6,7 +6,10 @@ export interface SecureHeaderMiddlewareCfg extends RequireAdminCfg {
6
6
  * Defaults to `Authorization`
7
7
  */
8
8
  secureHeaderKey?: string;
9
- secureHeaderValue: string;
9
+ /**
10
+ * If undefined - any value will be accepted, but the header still need to be present.
11
+ */
12
+ secureHeaderValue?: string;
10
13
  }
11
14
  /**
12
15
  * Secures the endpoint by requiring a secret header to be present.
package/dist/admin/secureHeaderMiddleware.js CHANGED
@@ -12,15 +12,17 @@ function createSecureHeaderMiddleware(cfg) {
12
12
  }
13
13
  exports.createSecureHeaderMiddleware = createSecureHeaderMiddleware;
14
14
  function requireSecureHeaderOrAdmin(cfg, reqPermissions) {
15
- const { secureHeaderKey = 'Authorization' } = cfg;
15
+ const { secureHeaderKey = 'Authorization', secureHeaderValue } = cfg;
16
16
  const requireAdmin = (0, adminMiddleware_1.requireAdminPermissions)(cfg.adminService, reqPermissions, cfg);
17
17
  return async (req, res, next) => {
18
18
  const providedHeader = req.get(secureHeaderKey);
19
19
  // pass
20
- if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeaderValue)
20
+ if (!cfg.adminService.cfg.authEnabled)
21
21
  return next();
22
22
  // Header provided - don't check for Admin
23
23
  if (providedHeader) {
24
+ if (!secureHeaderValue || providedHeader === secureHeaderValue)
25
+ return next();
24
26
  return next(new js_lib_1.HttpError('secureHeader or adminToken is required', {
25
27
  httpStatusCode: 401,
26
28
  adminAuthRequired: true,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@naturalcycles/backend-lib",
3
- "version": "4.2.0",
3
+ "version": "4.2.1",
4
4
  "scripts": {
5
5
  "prepare": "husky install && patch-package",
6
6
  "serve": "APP_ENV=dev nodemon",
package/src/admin/secureHeaderMiddleware.ts CHANGED
@@ -11,7 +11,10 @@ export interface SecureHeaderMiddlewareCfg extends RequireAdminCfg {
11
11
  */
12
12
  secureHeaderKey?: string
13
13
 
14
- secureHeaderValue: string
14
+ /**
15
+ * If undefined - any value will be accepted, but the header still need to be present.
16
+ */
17
+ secureHeaderValue?: string
15
18
  }
16
19
 
17
20
  /**
@@ -26,7 +29,7 @@ function requireSecureHeaderOrAdmin(
26
29
  cfg: SecureHeaderMiddlewareCfg,
27
30
  reqPermissions?: string[],
28
31
  ): BackendRequestHandler {
29
- const { secureHeaderKey = 'Authorization' } = cfg
32
+ const { secureHeaderKey = 'Authorization', secureHeaderValue } = cfg
30
33
 
31
34
  const requireAdmin = requireAdminPermissions(cfg.adminService, reqPermissions, cfg)
32
35
 
@@ -34,10 +37,12 @@ function requireSecureHeaderOrAdmin(
34
37
  const providedHeader = req.get(secureHeaderKey)
35
38
 
36
39
  // pass
37
- if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeaderValue) return next()
40
+ if (!cfg.adminService.cfg.authEnabled) return next()
38
41
 
39
42
  // Header provided - don't check for Admin
40
43
  if (providedHeader) {
44
+ if (!secureHeaderValue || providedHeader === secureHeaderValue) return next()
45
+
41
46
  return next(
42
47
  new HttpError<Admin401ErrorData>('secureHeader or adminToken is required', {
43
48
  httpStatusCode: 401,