npm - @naturalcycles/backend-lib - Versions diffs - 5.3.0 → 5.4.1 - Mend

@naturalcycles/backend-lib 5.3.0 → 5.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/admin/base.admin.service.js +1 -1
package/dist/admin/secureHeaderMiddleware.js +2 -1
package/dist/deploy/deployGae.js +1 -1
package/dist/server/basicAuthMiddleware.js +1 -1
package/dist/server/serverStatsMiddleware.js +1 -1
package/dist/server/serverStatusMiddleware.js +1 -1
package/dist/server/startServer.js +1 -1
package/package.json +1 -1
package/src/admin/base.admin.service.ts +1 -1
package/src/admin/secureHeaderMiddleware.ts +3 -1
package/src/server/basicAuthMiddleware.ts +2 -2
package/src/server/serverStatusMiddleware.ts +1 -1

package/dist/admin/base.admin.service.js CHANGED Viewed

@@ -126,7 +126,7 @@ class BaseAdminService {
         const grantedPermissions = hasPermissions
             ? reqPermissions.filter(p => hasPermissions.has(p))
             : [];
-        let granted = false;
+        let granted;
         if (andComparison) {
             granted = !!hasPermissions && grantedPermissions.length === reqPermissions.length; // All permissions granted
             void this.onPermissionCheck(req, email, reqPermissions, true, granted, meta);

package/dist/admin/secureHeaderMiddleware.js CHANGED Viewed

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createSecureHeaderMiddleware = void 0;
 const js_lib_1 = require("@naturalcycles/js-lib");
+const nodejs_lib_1 = require("@naturalcycles/nodejs-lib");
 const adminMiddleware_1 = require("./adminMiddleware");
 /**
  * Secures the endpoint by requiring a secret header to be present.
@@ -21,7 +22,7 @@ function requireSecureHeaderOrAdmin(cfg, reqPermissions) {
             return next();
         // Header provided - don't check for Admin
         if (providedHeader) {
-            if (!secureHeaderValue || providedHeader === secureHeaderValue)
+            if (!secureHeaderValue || (0, nodejs_lib_1.timingSafeStringEqual)(providedHeader, secureHeaderValue))
                 return next();
             return next(new js_lib_1.AppError('secureHeader or adminToken is required', {
                 backendResponseStatusCode: 401,

package/dist/deploy/deployGae.js CHANGED Viewed

@@ -35,7 +35,7 @@ async function deployGae(opt = {}) {
     }, {
         name: 'deploy',
         maxAttempts: 2,
-        delay: 30000,
+        delay: 30_000,
         // todo: this doesn't work, as the error is different from what is logged.
         // We shoud somehow capture the logged text
         predicate: err => (0, js_lib_1._anyToError)(err).message.includes('operation is already in progress'),

package/dist/server/basicAuthMiddleware.js CHANGED Viewed

@@ -9,7 +9,7 @@ function basicAuthMiddleware(cfg) {
         const hash = (req.headers.authorization || '').split(' ')[1];
         if (hash) {
             const [login, password] = (0, js_lib_1._split)((0, nodejs_lib_1.base64ToString)(hash), ':', 2);
-            if (login && password && cfg.loginPasswordMap[login] === password) {
+            if (login && password && (0, nodejs_lib_1.timingSafeStringEqual)(cfg.loginPasswordMap[login], password)) {
                 return next();
             }
         }

package/dist/server/serverStatsMiddleware.js CHANGED Viewed

@@ -88,7 +88,7 @@ function serverStatsMiddleware() {
             if (res.statusCode) {
                 serverStatsMap[endpoint][getStatusFamily(res.statusCode)]++;
             }
-            if (now - lastCleanup > 60000) {
+            if (now - lastCleanup > 60_000) {
                 lastCleanup = now;
                 cleanupServerStats();
             }

package/dist/server/serverStatusMiddleware.js CHANGED Viewed

@@ -36,6 +36,6 @@ function getServerStatusData(projectDir = process.cwd(), extra) {
 }
 exports.getServerStatusData = getServerStatusData;
 function getStartedStr() {
-    const started = (0, js_lib_1.localTimeNow)().subtract(process.uptime(), 'second');
+    const started = (0, js_lib_1.localTimeNow)().minus(process.uptime(), 'second');
     return `${started.toPretty()} (${started.fromNow()})`;
 }

package/dist/server/startServer.js CHANGED Viewed

@@ -62,7 +62,7 @@ class BackendServer {
         const shutdownTimeout = setTimeout(() => {
             console.log((0, nodejs_lib_1.boldGrey)('Forceful shutdown after timeout'));
             process.exit(0);
-        }, this.cfg.forceShutdownTimeout ?? 10000);
+        }, this.cfg.forceShutdownTimeout ?? 10_000);
         try {
             await Promise.all([
                 this.server && new Promise(r => this.server.close(r)),

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/backend-lib",
-  "version": "5.3.0",
+  "version": "5.4.1",
   "scripts": {
     "prepare": "husky",
     "dev": "APP_ENV=dev nodemon",

package/src/admin/base.admin.service.ts CHANGED Viewed

@@ -191,7 +191,7 @@ export class BaseAdminService {
       ? reqPermissions.filter(p => hasPermissions.has(p))
       : []
-    let granted = false
+    let granted: boolean
     if (andComparison) {
       granted = !!hasPermissions && grantedPermissions.length === reqPermissions.length // All permissions granted
       void this.onPermissionCheck(req, email, reqPermissions, true, granted, meta)

package/src/admin/secureHeaderMiddleware.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { AppError } from '@naturalcycles/js-lib'
+import { timingSafeStringEqual } from '@naturalcycles/nodejs-lib'
 import { BackendRequestHandler } from '../server/server.model'
 import { AdminMiddleware, RequireAdminCfg, requireAdminPermissions } from './adminMiddleware'
 import { BaseAdminService } from './base.admin.service'
@@ -41,7 +42,8 @@ function requireSecureHeaderOrAdmin(
     // Header provided - don't check for Admin
     if (providedHeader) {
-      if (!secureHeaderValue || providedHeader === secureHeaderValue) return next()
+      if (!secureHeaderValue || timingSafeStringEqual(providedHeader, secureHeaderValue))
+        return next()
       return next(
         new AppError('secureHeader or adminToken is required', {

package/src/server/basicAuthMiddleware.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { _split, StringMap } from '@naturalcycles/js-lib'
-import { base64ToString } from '@naturalcycles/nodejs-lib'
+import { base64ToString, timingSafeStringEqual } from '@naturalcycles/nodejs-lib'
 import { BackendRequestHandler } from './server.model'
 export interface BasicAuthMiddlewareCfg {
@@ -21,7 +21,7 @@ export function basicAuthMiddleware(cfg: BasicAuthMiddlewareCfg): BackendRequest
     const hash = (req.headers.authorization || '').split(' ')[1]
     if (hash) {
       const [login, password] = _split(base64ToString(hash), ':', 2)
-      if (login && password && cfg.loginPasswordMap[login] === password) {
+      if (login && password && timingSafeStringEqual(cfg.loginPasswordMap[login], password)) {
         return next()
       }
     }

package/src/server/serverStatusMiddleware.ts CHANGED Viewed

@@ -40,6 +40,6 @@ export function getServerStatusData(
 }
 function getStartedStr(): string {
-  const started = localTimeNow().subtract(process.uptime(), 'second')
+  const started = localTimeNow().minus(process.uptime(), 'second')
   return `${started.toPretty()} (${started.fromNow()})`
 }