@nimee/initialize-ms 1.0.43 → 1.0.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/src/fastify.js +28 -0
  2. package/dist/src/fastify.js.map +1 -1
  3. package/package.json +2 -1
  4. package/src/fastify.ts +28 -1
package/dist/src/fastify.js CHANGED
@@ -45,6 +45,31 @@ class ServerInitializerFastify {
45
45
  ],
46
46
  methods: ["GET", "PUT", "PATCH", "POST", "DELETE", "OPTIONS"],
47
47
  });
48
+ // perform constant-time comparison to prevent timing attacks
49
+ function compare(a, b) {
50
+ a = Buffer.from(a);
51
+ b = Buffer.from(b);
52
+ if (a.length !== b.length) {
53
+ // Delay return with cryptographically secure timing check.
54
+ crypto_1.default.timingSafeEqual(a, a);
55
+ return false;
56
+ }
57
+ return crypto_1.default.timingSafeEqual(a, b);
58
+ }
59
+ yield this.server.register(require("@fastify/basic-auth"), {
60
+ validate(username, password, req, reply, done) {
61
+ let result = true;
62
+ result = compare(username, "admin") && result;
63
+ result = compare(password, "Nununu12345$") && result;
64
+ if (result) {
65
+ done();
66
+ }
67
+ else {
68
+ done(new Error("Access denied"));
69
+ }
70
+ },
71
+ authenticate: true,
72
+ });
48
73
  yield this.server.register(swagger_1.default, {
49
74
  // swagger: {
50
75
  // info: {
@@ -77,6 +102,9 @@ class ServerInitializerFastify {
77
102
  },
78
103
  });
79
104
  yield this.server.register(swagger_ui_1.default, {
105
+ uiHooks: {
106
+ onRequest: this.server.basicAuth,
107
+ },
80
108
  routePrefix: `/${serviceName}/documentation`,
81
109
  initOAuth: {},
82
110
  uiConfig: {
package/dist/src/fastify.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"fastify.js","sourceRoot":"","sources":["../../src/fastify.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAAA,sDAAkD;AAClD,2DAAmC;AACnC,oDAA4B;AAC5B,+DAA8C;AAC9C,qEAAmD;AAEnD,MAAM,IAAI,GAAG,gBAAM,CAAC,UAAU,EAAE,CAAC;AAEjC,MAAM,wBAAwB;IAEtB,UAAU,CAAC,MAA6C;;YAC5D,IAAI,CAAC;gBACH,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;gBACrC,IAAI,CAAC,MAAM,GAAG,IAAA,iBAAO,EAAC;oBACpB,MAAM,EAAN,gBAAM;iBACP,CAAC,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;oBAC7C,MAAM,EAAE;wBACN,uBAAuB;wBACvB,oBAAoB;wBACpB,wBAAwB;wBACxB,4BAA4B;wBAC5B,qBAAqB;wBACrB,yBAAyB;wBACzB,6BAA6B;wBAC7B,uBAAuB;wBACvB,2BAA2B;wBAC3B,+BAA+B;wBAC/B,gBAAgB;wBAChB,oBAAoB;wBACpB,4BAA4B;wBAC5B,8BAA8B;qBAC/B;oBACD,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC;iBAC9D,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAc,EAAE;oBACzC,aAAa;oBACb,YAAY;oBACZ,2DAA2D;oBAC3D,2CAA2C;oBAC3C,wBAAwB;oBACxB,OAAO;oBACP,+BAA+B;oBAC/B,gCAAgC;oBAChC,oCAAoC;oBACpC,oCAAoC;oBACpC,KAAK;oBACL,OAAO,EAAE;wBACP,IAAI,EAAE;4BACJ,KAAK,EAAE,GAAG,WAAW,CAAC,iBAAiB,EAAE,UAAU;4BACnD,WAAW,EAAE,sBAAsB;4BACnC,OAAO,EAAE,OAAO;yBACjB;wBACD,OAAO,EAAE;4BACP;gCACE,GAAG,EAAE,oBAAoB,IAAI,EAAE;6BAChC;4BACD;gCACE,GAAG,EAAE,wBAAwB;6BAC9B;4BACD;gCACE,GAAG,EAAE,yBAAyB;6BAC/B;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAgB,EAAE;oBAC3C,WAAW,EAAE,IAAI,WAAW,gBAAgB;oBAC5C,SAAS,EAAE,EAAE;oBACb,QAAQ,EAAE;wBACR,YAAY,EAAE,MAAM;wBACpB,WAAW,EAAE,IAAI;qBAClB;oBACD,eAAe,EAAE,IAAI;oBACrB,SAAS,EAAE,IAAI;oBACf,kBAAkB,EAAE,CAAC,MAAW,EAAE,EAAE,CAAC,MAAM;iBAC5C,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;KAAA;IACK,MAAM,CAAC,IAAa;;YACxB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBACpD,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;KAAA;CACF;AAED,kBAAe,wBAAwB,CAAC"}
1
+ {"version":3,"file":"fastify.js","sourceRoot":"","sources":["../../src/fastify.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAAA,sDAAgE;AAChE,2DAAmC;AACnC,oDAA4B;AAC5B,+DAA8C;AAC9C,qEAAmD;AAEnD,MAAM,IAAI,GAAG,gBAAM,CAAC,UAAU,EAAE,CAAC;AAEjC,MAAM,wBAAwB;IAEtB,UAAU,CAAC,MAA6C;;YAC5D,IAAI,CAAC;gBACH,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;gBACrC,IAAI,CAAC,MAAM,GAAG,IAAA,iBAAO,EAAC;oBACpB,MAAM,EAAN,gBAAM;iBACP,CAAC,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;oBAC7C,MAAM,EAAE;wBACN,uBAAuB;wBACvB,oBAAoB;wBACpB,wBAAwB;wBACxB,4BAA4B;wBAC5B,qBAAqB;wBACrB,yBAAyB;wBACzB,6BAA6B;wBAC7B,uBAAuB;wBACvB,2BAA2B;wBAC3B,+BAA+B;wBAC/B,gBAAgB;wBAChB,oBAAoB;wBACpB,4BAA4B;wBAC5B,8BAA8B;qBAC/B;oBACD,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC;iBAC9D,CAAC,CAAC;gBACH,6DAA6D;gBAC7D,SAAS,OAAO,CAAC,CAAkB,EAAE,CAAkB;oBACrD,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACnB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACnB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;wBAC1B,2DAA2D;wBAC3D,gBAAM,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;wBAC7B,OAAO,KAAK,CAAC;oBACf,CAAC;oBAED,OAAO,gBAAM,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACtC,CAAC;gBACD,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE;oBACzD,QAAQ,CAAC,QAAgB,EAAE,QAAgB,EAAE,GAAmB,EAAE,KAAmB,EAAE,IAAc;wBACnG,IAAI,MAAM,GAAG,IAAI,CAAC;wBAClB,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC;wBAC9C,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,IAAI,MAAM,CAAC;wBACrD,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,EAAE,CAAC;wBACT,CAAC;6BAAM,CAAC;4BACN,IAAI,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;wBACnC,CAAC;oBACH,CAAC;oBACD,YAAY,EAAE,IAAI;iBACnB,CAAC,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAc,EAAE;oBACzC,aAAa;oBACb,YAAY;oBACZ,2DAA2D;oBAC3D,2CAA2C;oBAC3C,wBAAwB;oBACxB,OAAO;oBACP,+BAA+B;oBAC/B,gCAAgC;oBAChC,oCAAoC;oBACpC,oCAAoC;oBACpC,KAAK;oBACL,OAAO,EAAE;wBACP,IAAI,EAAE;4BACJ,KAAK,EAAE,GAAG,WAAW,CAAC,iBAAiB,EAAE,UAAU;4BACnD,WAAW,EAAE,sBAAsB;4BACnC,OAAO,EAAE,OAAO;yBACjB;wBACD,OAAO,EAAE;4BACP;gCACE,GAAG,EAAE,oBAAoB,IAAI,EAAE;6BAChC;4BACD;gCACE,GAAG,EAAE,wBAAwB;6BAC9B;4BACD;gCACE,GAAG,EAAE,yBAAyB;6BAC/B;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAgB,EAAE;oBAC3C,OAAO,EAAE;wBACP,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;qBACjC;oBACD,WAAW,EAAE,IAAI,WAAW,gBAAgB;oBAC5C,SAAS,EAAE,EAAE;oBACb,QAAQ,EAAE;wBACR,YAAY,EAAE,MAAM;wBACpB,WAAW,EAAE,IAAI;qBAClB;oBACD,eAAe,EAAE,IAAI;oBACrB,SAAS,EAAE,IAAI;oBACf,kBAAkB,EAAE,CAAC,MAAW,EAAE,EAAE,CAAC,MAAM;iBAC5C,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;KAAA;IACK,MAAM,CAAC,IAAa;;YACxB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBACpD,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;KAAA;CACF;AAED,kBAAe,wBAAwB,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nimee/initialize-ms",
3
- "version": "1.0.43",
3
+ "version": "1.0.44",
4
4
  "description": "init behavior for each ms",
5
5
  "main": "dist/src/index.js",
6
6
  "author": "dan goldberg",
@@ -28,6 +28,7 @@
28
28
  },
29
29
  "types": "dist/src/index.d.ts",
30
30
  "dependencies": {
31
+ "@fastify/basic-auth": "^5.1.1",
31
32
  "@fastify/cors": "^8.1.1",
32
33
  "@fastify/request-context": "^5.0.0",
33
34
  "@fastify/swagger": "^8.1.0",
package/src/fastify.ts CHANGED
@@ -1,4 +1,4 @@
1
- import Fastify, { FastifyRequest } from "fastify";
1
+ import Fastify, { FastifyReply, FastifyRequest } from "fastify";
2
2
  import logger from "@nimee/logger";
3
3
  import crypto from "crypto";
4
4
  import fastifySwagger from "@fastify/swagger";
@@ -33,7 +33,31 @@ class ServerInitializerFastify {
33
33
  ],
34
34
  methods: ["GET", "PUT", "PATCH", "POST", "DELETE", "OPTIONS"],
35
35
  });
36
+ // perform constant-time comparison to prevent timing attacks
37
+ function compare(a: Buffer | string, b: Buffer | string) {
38
+ a = Buffer.from(a);
39
+ b = Buffer.from(b);
40
+ if (a.length !== b.length) {
41
+ // Delay return with cryptographically secure timing check.
42
+ crypto.timingSafeEqual(a, a);
43
+ return false;
44
+ }
36
45
 
46
+ return crypto.timingSafeEqual(a, b);
47
+ }
48
+ await this.server.register(require("@fastify/basic-auth"), {
49
+ validate(username: string, password: string, req: FastifyRequest, reply: FastifyReply, done: Function) {
50
+ let result = true;
51
+ result = compare(username, "admin") && result;
52
+ result = compare(password, "Nununu12345$") && result;
53
+ if (result) {
54
+ done();
55
+ } else {
56
+ done(new Error("Access denied"));
57
+ }
58
+ },
59
+ authenticate: true,
60
+ });
37
61
  await this.server.register(fastifySwagger, {
38
62
  // swagger: {
39
63
  // info: {
@@ -67,6 +91,9 @@ class ServerInitializerFastify {
67
91
  });
68
92
 
69
93
  await this.server.register(fastifySwaggerUi, {
94
+ uiHooks: {
95
+ onRequest: this.server.basicAuth,
96
+ },
70
97
  routePrefix: `/${serviceName}/documentation`,
71
98
  initOAuth: {},
72
99
  uiConfig: {