@naturalcycles/backend-lib 4.2.0 → 4.2.4

package/dist/admin/secureHeaderMiddleware.d.ts

@@ -6,7 +6,10 @@ export interface SecureHeaderMiddlewareCfg extends RequireAdminCfg {
      * Defaults to `Authorization`
      */
     secureHeaderKey?: string;
-    secureHeaderValue: string;
+    /**
+     * If undefined - any value will be accepted, but the header still need to be present.
+     */
+    secureHeaderValue?: string;
 }
 /**
  * Secures the endpoint by requiring a secret header to be present.

package/dist/admin/secureHeaderMiddleware.js

@@ -12,15 +12,17 @@ function createSecureHeaderMiddleware(cfg) {
 }
 exports.createSecureHeaderMiddleware = createSecureHeaderMiddleware;
 function requireSecureHeaderOrAdmin(cfg, reqPermissions) {
-    const { secureHeaderKey = 'Authorization' } = cfg;
+    const { secureHeaderKey = 'Authorization', secureHeaderValue } = cfg;
     const requireAdmin = (0, adminMiddleware_1.requireAdminPermissions)(cfg.adminService, reqPermissions, cfg);
     return async (req, res, next) => {
         const providedHeader = req.get(secureHeaderKey);
         // pass
-        if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeaderValue)
+        if (!cfg.adminService.cfg.authEnabled)
             return next();
         // Header provided - don't check for Admin
         if (providedHeader) {
+            if (!secureHeaderValue || providedHeader === secureHeaderValue)
+                return next();
             return next(new js_lib_1.HttpError('secureHeader or adminToken is required', {
                 httpStatusCode: 401,
                 adminAuthRequired: true,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/backend-lib",
-  "version": "4.2.0",
+  "version": "4.2.4",
   "scripts": {
     "prepare": "husky install && patch-package",
     "serve": "APP_ENV=dev nodemon",
@@ -26,7 +26,7 @@
     "@types/on-finished": "^2.3.1",
     "cookie-parser": "^1.4.3",
     "cors": "^2.8.5",
-    "dotenv": "^11.0.0",
+    "dotenv": "^15.0.0",
     "ejs": "^3.0.1",
     "express": "^4.16.4",
     "express-promise-router": "^4.0.0",
@@ -35,7 +35,7 @@
     "helmet": "^5.0.0",
     "js-yaml": "^4.0.0",
     "on-finished": "^2.3.0",
-    "simple-git": "^2.1.0",
+    "simple-git": "^3.0.3",
     "yargs": "^17.0.0"
   },
   "devDependencies": {
@@ -84,7 +84,7 @@
     "url": "https://github.com/NaturalCycles/backend-lib"
   },
   "engines": {
-    "node": ">=16.10.0"
+    "node": ">=14.15.0"
   },
   "type": "commonjs",
   "description": "Standard library for making Express.js / AppEngine based backend services",

package/src/admin/secureHeaderMiddleware.ts

@@ -11,7 +11,10 @@ export interface SecureHeaderMiddlewareCfg extends RequireAdminCfg {
    */
   secureHeaderKey?: string
 
-  secureHeaderValue: string
+  /**
+   * If undefined - any value will be accepted, but the header still need to be present.
+   */
+  secureHeaderValue?: string
 }
 
 /**
@@ -26,7 +29,7 @@ function requireSecureHeaderOrAdmin(
   cfg: SecureHeaderMiddlewareCfg,
   reqPermissions?: string[],
 ): BackendRequestHandler {
-  const { secureHeaderKey = 'Authorization' } = cfg
+  const { secureHeaderKey = 'Authorization', secureHeaderValue } = cfg
 
   const requireAdmin = requireAdminPermissions(cfg.adminService, reqPermissions, cfg)
 
@@ -34,10 +37,12 @@ function requireSecureHeaderOrAdmin(
     const providedHeader = req.get(secureHeaderKey)
 
     // pass
-    if (!cfg.adminService.cfg.authEnabled || providedHeader === cfg.secureHeaderValue) return next()
+    if (!cfg.adminService.cfg.authEnabled) return next()
 
     // Header provided - don't check for Admin
     if (providedHeader) {
+      if (!secureHeaderValue || providedHeader === secureHeaderValue) return next()
+
       return next(
         new HttpError<Admin401ErrorData>('secureHeader or adminToken is required', {
           httpStatusCode: 401,