@nimee/initialize-ms 1.0.43 → 1.0.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/src/fastify.js +29 -0
  2. package/dist/src/fastify.js.map +1 -1
  3. package/package.json +2 -1
  4. package/src/fastify.ts +29 -1
package/dist/src/fastify.js CHANGED
@@ -42,9 +42,35 @@ class ServerInitializerFastify {
42
42
  /\.radical\.org.il$/,
43
43
  "https://crm.radical.org.il",
44
44
  "https://tickets.zoatlv.co.il",
45
+ "https://tickets.minkovsky-records.com",
45
46
  ],
46
47
  methods: ["GET", "PUT", "PATCH", "POST", "DELETE", "OPTIONS"],
47
48
  });
49
+ // perform constant-time comparison to prevent timing attacks
50
+ function compare(a, b) {
51
+ a = Buffer.from(a);
52
+ b = Buffer.from(b);
53
+ if (a.length !== b.length) {
54
+ // Delay return with cryptographically secure timing check.
55
+ crypto_1.default.timingSafeEqual(a, a);
56
+ return false;
57
+ }
58
+ return crypto_1.default.timingSafeEqual(a, b);
59
+ }
60
+ yield this.server.register(require("@fastify/basic-auth"), {
61
+ validate(username, password, req, reply, done) {
62
+ let result = true;
63
+ result = compare(username, "admin") && result;
64
+ result = compare(password, "Nununu12345$") && result;
65
+ if (result) {
66
+ done();
67
+ }
68
+ else {
69
+ done(new Error("Access denied"));
70
+ }
71
+ },
72
+ authenticate: true,
73
+ });
48
74
  yield this.server.register(swagger_1.default, {
49
75
  // swagger: {
50
76
  // info: {
@@ -77,6 +103,9 @@ class ServerInitializerFastify {
77
103
  },
78
104
  });
79
105
  yield this.server.register(swagger_ui_1.default, {
106
+ uiHooks: {
107
+ onRequest: this.server.basicAuth,
108
+ },
80
109
  routePrefix: `/${serviceName}/documentation`,
81
110
  initOAuth: {},
82
111
  uiConfig: {
package/dist/src/fastify.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"fastify.js","sourceRoot":"","sources":["../../src/fastify.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAAA,sDAAkD;AAClD,2DAAmC;AACnC,oDAA4B;AAC5B,+DAA8C;AAC9C,qEAAmD;AAEnD,MAAM,IAAI,GAAG,gBAAM,CAAC,UAAU,EAAE,CAAC;AAEjC,MAAM,wBAAwB;IAEtB,UAAU,CAAC,MAA6C;;YAC5D,IAAI,CAAC;gBACH,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;gBACrC,IAAI,CAAC,MAAM,GAAG,IAAA,iBAAO,EAAC;oBACpB,MAAM,EAAN,gBAAM;iBACP,CAAC,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;oBAC7C,MAAM,EAAE;wBACN,uBAAuB;wBACvB,oBAAoB;wBACpB,wBAAwB;wBACxB,4BAA4B;wBAC5B,qBAAqB;wBACrB,yBAAyB;wBACzB,6BAA6B;wBAC7B,uBAAuB;wBACvB,2BAA2B;wBAC3B,+BAA+B;wBAC/B,gBAAgB;wBAChB,oBAAoB;wBACpB,4BAA4B;wBAC5B,8BAA8B;qBAC/B;oBACD,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC;iBAC9D,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAc,EAAE;oBACzC,aAAa;oBACb,YAAY;oBACZ,2DAA2D;oBAC3D,2CAA2C;oBAC3C,wBAAwB;oBACxB,OAAO;oBACP,+BAA+B;oBAC/B,gCAAgC;oBAChC,oCAAoC;oBACpC,oCAAoC;oBACpC,KAAK;oBACL,OAAO,EAAE;wBACP,IAAI,EAAE;4BACJ,KAAK,EAAE,GAAG,WAAW,CAAC,iBAAiB,EAAE,UAAU;4BACnD,WAAW,EAAE,sBAAsB;4BACnC,OAAO,EAAE,OAAO;yBACjB;wBACD,OAAO,EAAE;4BACP;gCACE,GAAG,EAAE,oBAAoB,IAAI,EAAE;6BAChC;4BACD;gCACE,GAAG,EAAE,wBAAwB;6BAC9B;4BACD;gCACE,GAAG,EAAE,yBAAyB;6BAC/B;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAgB,EAAE;oBAC3C,WAAW,EAAE,IAAI,WAAW,gBAAgB;oBAC5C,SAAS,EAAE,EAAE;oBACb,QAAQ,EAAE;wBACR,YAAY,EAAE,MAAM;wBACpB,WAAW,EAAE,IAAI;qBAClB;oBACD,eAAe,EAAE,IAAI;oBACrB,SAAS,EAAE,IAAI;oBACf,kBAAkB,EAAE,CAAC,MAAW,EAAE,EAAE,CAAC,MAAM;iBAC5C,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;KAAA;IACK,MAAM,CAAC,IAAa;;YACxB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBACpD,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;KAAA;CACF;AAED,kBAAe,wBAAwB,CAAC"}
1
+ {"version":3,"file":"fastify.js","sourceRoot":"","sources":["../../src/fastify.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAAA,sDAAgE;AAChE,2DAAmC;AACnC,oDAA4B;AAC5B,+DAA8C;AAC9C,qEAAmD;AAEnD,MAAM,IAAI,GAAG,gBAAM,CAAC,UAAU,EAAE,CAAC;AAEjC,MAAM,wBAAwB;IAEtB,UAAU,CAAC,MAA6C;;YAC5D,IAAI,CAAC;gBACH,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;gBACrC,IAAI,CAAC,MAAM,GAAG,IAAA,iBAAO,EAAC;oBACpB,MAAM,EAAN,gBAAM;iBACP,CAAC,CAAC;gBACH,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;oBAC7C,MAAM,EAAE;wBACN,uBAAuB;wBACvB,oBAAoB;wBACpB,wBAAwB;wBACxB,4BAA4B;wBAC5B,qBAAqB;wBACrB,yBAAyB;wBACzB,6BAA6B;wBAC7B,uBAAuB;wBACvB,2BAA2B;wBAC3B,+BAA+B;wBAC/B,gBAAgB;wBAChB,oBAAoB;wBACpB,4BAA4B;wBAC5B,8BAA8B;wBAC9B,uCAAuC;qBACxC;oBACD,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC;iBAC9D,CAAC,CAAC;gBACH,6DAA6D;gBAC7D,SAAS,OAAO,CAAC,CAAkB,EAAE,CAAkB;oBACrD,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACnB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACnB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;wBAC1B,2DAA2D;wBAC3D,gBAAM,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;wBAC7B,OAAO,KAAK,CAAC;oBACf,CAAC;oBAED,OAAO,gBAAM,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACtC,CAAC;gBACD,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE;oBACzD,QAAQ,CAAC,QAAgB,EAAE,QAAgB,EAAE,GAAmB,EAAE,KAAmB,EAAE,IAAc;wBACnG,IAAI,MAAM,GAAG,IAAI,CAAC;wBAClB,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC;wBAC9C,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,IAAI,MAAM,CAAC;wBACrD,IAAI,MAAM,EAAE,CAAC;4BACX,IAAI,EAAE,CAAC;wBACT,CAAC;6BAAM,CAAC;4BACN,IAAI,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;wBACnC,CAAC;oBACH,CAAC;oBACD,YAAY,EAAE,IAAI;iBACnB,CAAC,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAc,EAAE;oBACzC,aAAa;oBACb,YAAY;oBACZ,2DAA2D;oBAC3D,2CAA2C;oBAC3C,wBAAwB;oBACxB,OAAO;oBACP,+BAA+B;oBAC/B,gCAAgC;oBAChC,oCAAoC;oBACpC,oCAAoC;oBACpC,KAAK;oBACL,OAAO,EAAE;wBACP,IAAI,EAAE;4BACJ,KAAK,EAAE,GAAG,WAAW,CAAC,iBAAiB,EAAE,UAAU;4BACnD,WAAW,EAAE,sBAAsB;4BACnC,OAAO,EAAE,OAAO;yBACjB;wBACD,OAAO,EAAE;4BACP;gCACE,GAAG,EAAE,oBAAoB,IAAI,EAAE;6BAChC;4BACD;gCACE,GAAG,EAAE,wBAAwB;6BAC9B;4BACD;gCACE,GAAG,EAAE,yBAAyB;6BAC/B;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAgB,EAAE;oBAC3C,OAAO,EAAE;wBACP,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;qBACjC;oBACD,WAAW,EAAE,IAAI,WAAW,gBAAgB;oBAC5C,SAAS,EAAE,EAAE;oBACb,QAAQ,EAAE;wBACR,YAAY,EAAE,MAAM;wBACpB,WAAW,EAAE,IAAI;qBAClB;oBACD,eAAe,EAAE,IAAI;oBACrB,SAAS,EAAE,IAAI;oBACf,kBAAkB,EAAE,CAAC,MAAW,EAAE,EAAE,CAAC,MAAM;iBAC5C,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;KAAA;IACK,MAAM,CAAC,IAAa;;YACxB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBACpD,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;KAAA;CACF;AAED,kBAAe,wBAAwB,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nimee/initialize-ms",
3
- "version": "1.0.43",
3
+ "version": "1.0.45",
4
4
  "description": "init behavior for each ms",
5
5
  "main": "dist/src/index.js",
6
6
  "author": "dan goldberg",
@@ -28,6 +28,7 @@
28
28
  },
29
29
  "types": "dist/src/index.d.ts",
30
30
  "dependencies": {
31
+ "@fastify/basic-auth": "^5.1.1",
31
32
  "@fastify/cors": "^8.1.1",
32
33
  "@fastify/request-context": "^5.0.0",
33
34
  "@fastify/swagger": "^8.1.0",
package/src/fastify.ts CHANGED
@@ -1,4 +1,4 @@
1
- import Fastify, { FastifyRequest } from "fastify";
1
+ import Fastify, { FastifyReply, FastifyRequest } from "fastify";
2
2
  import logger from "@nimee/logger";
3
3
  import crypto from "crypto";
4
4
  import fastifySwagger from "@fastify/swagger";
@@ -30,10 +30,35 @@ class ServerInitializerFastify {
30
30
  /\.radical\.org.il$/,
31
31
  "https://crm.radical.org.il",
32
32
  "https://tickets.zoatlv.co.il",
33
+ "https://tickets.minkovsky-records.com",
33
34
  ],
34
35
  methods: ["GET", "PUT", "PATCH", "POST", "DELETE", "OPTIONS"],
35
36
  });
37
+ // perform constant-time comparison to prevent timing attacks
38
+ function compare(a: Buffer | string, b: Buffer | string) {
39
+ a = Buffer.from(a);
40
+ b = Buffer.from(b);
41
+ if (a.length !== b.length) {
42
+ // Delay return with cryptographically secure timing check.
43
+ crypto.timingSafeEqual(a, a);
44
+ return false;
45
+ }
36
46
 
47
+ return crypto.timingSafeEqual(a, b);
48
+ }
49
+ await this.server.register(require("@fastify/basic-auth"), {
50
+ validate(username: string, password: string, req: FastifyRequest, reply: FastifyReply, done: Function) {
51
+ let result = true;
52
+ result = compare(username, "admin") && result;
53
+ result = compare(password, "Nununu12345$") && result;
54
+ if (result) {
55
+ done();
56
+ } else {
57
+ done(new Error("Access denied"));
58
+ }
59
+ },
60
+ authenticate: true,
61
+ });
37
62
  await this.server.register(fastifySwagger, {
38
63
  // swagger: {
39
64
  // info: {
@@ -67,6 +92,9 @@ class ServerInitializerFastify {
67
92
  });
68
93
 
69
94
  await this.server.register(fastifySwaggerUi, {
95
+ uiHooks: {
96
+ onRequest: this.server.basicAuth,
97
+ },
70
98
  routePrefix: `/${serviceName}/documentation`,
71
99
  initOAuth: {},
72
100
  uiConfig: {