npm - @naturalcycles/backend-lib - Versions diffs - 9.24.0 → 9.26.0 - Mend

@naturalcycles/backend-lib 9.24.0 → 9.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/admin/adminMiddleware.d.ts +7 -0
package/dist/admin/adminMiddleware.js +2 -2
package/dist/server/request.util.d.ts +4 -1
package/dist/server/request.util.js +7 -1
package/package.json +1 -1
package/src/admin/adminMiddleware.ts +16 -2
package/src/server/request.util.ts +8 -1

package/dist/admin/adminMiddleware.d.ts CHANGED Viewed

@@ -17,6 +17,13 @@ export interface RequireAdminCfg {
      * Set to `false` to debug login issues.
      */
     autoLogin?: boolean;
+    /**
+     * Defaults to `true`.
+     *
+     * Set to `true` to require that the current user has "every" permission that is listed.
+     * Set to `false` to require only that the current user has at least one permission that is listed.
+     */
+    andComparison?: boolean;
 }
 export type AdminMiddleware = (reqPermissions?: string[], cfg?: RequireAdminCfg) => BackendRequestHandler;
 export declare function createAdminMiddleware(adminService: BaseAdminService, cfgDefaults?: RequireAdminCfg): AdminMiddleware;

package/dist/admin/adminMiddleware.js CHANGED Viewed

@@ -15,12 +15,12 @@ export function createAdminMiddleware(adminService, cfgDefaults = {}) {
  * Otherwise will just pass.
  */
 export function requireAdminPermissions(adminService, reqPermissions = [], cfg = {}) {
-    const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg;
+    const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true, andComparison = true, } = cfg;
     return async function requireAdminPermissionsFn(req, res, next) {
         if (urlStartsWith && !req.url.startsWith(urlStartsWith))
             return next();
         try {
-            await adminService.requirePermissions(req, reqPermissions);
+            await adminService.requirePermissions(req, reqPermissions, {}, andComparison);
             return next();
         }
         catch (err) {

package/dist/server/request.util.d.ts CHANGED Viewed

@@ -6,5 +6,8 @@ import type { BackendRequest } from './server.model.js';
  *
  * Gets the correct full path when used from sub-router-resources.
  * Strips away the queryString.
+ *
+ * If stripPrefix (e.g `/api/v2`) is provided, and the path starts with it (like path.startsWith(stripPrefix)),
+ * it will be stripped from the beginning of the path.
  */
-export declare function getRequestEndpoint(req: BackendRequest): string;
+export declare function getRequestEndpoint(req: BackendRequest, stripPrefix?: string): string;

package/dist/server/request.util.js CHANGED Viewed

@@ -5,11 +5,17 @@
  *
  * Gets the correct full path when used from sub-router-resources.
  * Strips away the queryString.
+ *
+ * If stripPrefix (e.g `/api/v2`) is provided, and the path starts with it (like path.startsWith(stripPrefix)),
+ * it will be stripped from the beginning of the path.
  */
-export function getRequestEndpoint(req) {
+export function getRequestEndpoint(req, stripPrefix) {
     let path = (req.baseUrl + (req.route?.path || req.path)).toLowerCase();
     if (path.length > 1 && path.endsWith('/')) {
         path = path.slice(0, path.length - 1);
     }
+    if (stripPrefix && path.startsWith(stripPrefix)) {
+        path = path.slice(stripPrefix.length);
+    }
     return [req.method, path].join(' ');
 }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@naturalcycles/backend-lib",
   "type": "module",
-  "version": "9.24.0",
+  "version": "9.26.0",
   "peerDependencies": {
     "@sentry/node": "^10"
   },

package/src/admin/adminMiddleware.ts CHANGED Viewed

@@ -25,6 +25,14 @@ export interface RequireAdminCfg {
    * Set to `false` to debug login issues.
    */
   autoLogin?: boolean
+  /**
+   * Defaults to `true`.
+   *
+   * Set to `true` to require that the current user has "every" permission that is listed.
+   * Set to `false` to require only that the current user has at least one permission that is listed.
+   */
+  andComparison?: boolean
 }
 export type AdminMiddleware = (
@@ -54,13 +62,19 @@ export function requireAdminPermissions(
   reqPermissions: string[] = [],
   cfg: RequireAdminCfg = {},
 ): BackendRequestHandler {
-  const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg
+  const {
+    loginHtmlPath = '/login.html',
+    urlStartsWith,
+    apiHost,
+    autoLogin = true,
+    andComparison = true,
+  } = cfg
   return async function requireAdminPermissionsFn(req, res, next) {
     if (urlStartsWith && !req.url.startsWith(urlStartsWith)) return next()
     try {
-      await adminService.requirePermissions(req, reqPermissions)
+      await adminService.requirePermissions(req, reqPermissions, {}, andComparison)
       return next()
     } catch (err) {
       if (err instanceof AppError && err.data.adminAuthRequired) {

package/src/server/request.util.ts CHANGED Viewed

@@ -7,12 +7,19 @@ import type { BackendRequest } from './server.model.js'
  *
  * Gets the correct full path when used from sub-router-resources.
  * Strips away the queryString.
+ *
+ * If stripPrefix (e.g `/api/v2`) is provided, and the path starts with it (like path.startsWith(stripPrefix)),
+ * it will be stripped from the beginning of the path.
  */
-export function getRequestEndpoint(req: BackendRequest): string {
+export function getRequestEndpoint(req: BackendRequest, stripPrefix?: string): string {
   let path = (req.baseUrl + (req.route?.path || req.path)).toLowerCase()
   if (path.length > 1 && path.endsWith('/')) {
     path = path.slice(0, path.length - 1)
   }
+  if (stripPrefix && path.startsWith(stripPrefix)) {
+    path = path.slice(stripPrefix.length)
+  }
   return [req.method, path].join(' ')
 }