@nitra/cf-security 3.1.1 → 3.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -6
- package/package.json +1 -1
- package/src/jwt.js +5 -19
package/README.md
CHANGED
|
@@ -18,15 +18,10 @@ exports.function = async (req, res) => {
|
|
|
18
18
|
}
|
|
19
19
|
```
|
|
20
20
|
|
|
21
|
-
```HTTP
|
|
22
|
-
ALLOWED_ROLES: role1,role2
|
|
23
|
-
```
|
|
24
|
-
|
|
25
21
|
```JavaScript
|
|
26
22
|
import runSecurity from '@nitra/cf-security'
|
|
27
23
|
|
|
28
|
-
|
|
29
|
-
if (!runSecurity(req)) {
|
|
24
|
+
if (!runSecurity(req, ["role1","role2"])) {
|
|
30
25
|
res.send(`Nitra security not passed`)
|
|
31
26
|
return
|
|
32
27
|
}
|
package/package.json
CHANGED
package/src/jwt.js
CHANGED
|
@@ -1,48 +1,34 @@
|
|
|
1
|
-
import getLogger from '@nitra/bunyan/trace'
|
|
2
|
-
import checkEnv from '@nitra/check-env'
|
|
3
1
|
import verify from '@nitra/jwt/verify'
|
|
4
2
|
import { isDev } from '@nitra/isenv'
|
|
5
3
|
|
|
6
|
-
checkEnv(['ALLOWED_ROLES'])
|
|
7
|
-
|
|
8
4
|
/**
|
|
9
5
|
* Check request for Nitra security rules WI
|
|
10
6
|
*
|
|
11
7
|
* @param {object} req - Fastify Request for check
|
|
12
8
|
* @return {string} token if check passed
|
|
13
9
|
*/
|
|
14
|
-
export default async req => {
|
|
10
|
+
export default async (req, allowedRoles) => {
|
|
15
11
|
if (isDev) {
|
|
16
|
-
|
|
17
|
-
token['https://hasura.io/jwt/claims']['x-hasura-allowed-roles'] = process.env.ALLOWED_ROLES.split(',')
|
|
18
|
-
return token
|
|
12
|
+
return { name: 'dev', 'https://hasura.io/jwt/claims': { 'x-hasura-allowed-roles': allowedRoles } }
|
|
19
13
|
}
|
|
20
14
|
|
|
21
|
-
const log = getLogger(req)
|
|
22
|
-
|
|
23
15
|
// Перевіряємо токен тільки
|
|
24
16
|
if (!req.headers?.authorization) {
|
|
25
|
-
|
|
26
|
-
return false
|
|
17
|
+
throw new Error('[verification] no authorization header')
|
|
27
18
|
}
|
|
28
19
|
|
|
29
20
|
const authHeaders = req.headers.authorization.split(' ')
|
|
30
21
|
const token = await verify(authHeaders[1])
|
|
31
22
|
|
|
32
23
|
if (!token) {
|
|
33
|
-
|
|
34
|
-
return false
|
|
24
|
+
throw new Error('[verification] invalid token')
|
|
35
25
|
}
|
|
36
26
|
|
|
37
27
|
const roleArray = token.body['https://hasura.io/jwt/claims']['x-hasura-allowed-roles']
|
|
38
|
-
|
|
39
|
-
const allowedRoles = process.env.ALLOWED_ROLES.split(',')
|
|
40
|
-
|
|
41
28
|
const intersectRoles = intersection(roleArray, allowedRoles)
|
|
42
29
|
|
|
43
30
|
if (intersectRoles.length === 0) {
|
|
44
|
-
|
|
45
|
-
return false
|
|
31
|
+
throw new Error(`[verification] unallowed roles ${roleArray}`)
|
|
46
32
|
}
|
|
47
33
|
|
|
48
34
|
return token.body
|