@nitra/cf-security 4.5.3 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/package.json +3 -4
  2. package/src/index.d.ts +7 -0
  3. package/src/index.js +4 -4
  4. package/src/jwt-both.js +5 -5
  5. package/src/jwt-c.js +11 -11
  6. package/src/jwt.js +6 -9
  7. package/src/utils/intersection.js +5 -0
  8. package/types/index.d.ts +2 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nitra/cf-security",
3
- "version": "4.5.3",
3
+ "version": "5.0.0",
4
4
  "description": "check header in serverless",
5
5
  "type": "module",
6
6
  "types": "./types/index.d.ts",
@@ -24,16 +24,15 @@
24
24
  },
25
25
  "homepage": "https://github.com/nitra/cf-security#readme",
26
26
  "dependencies": {
27
- "@nitra/bunyan": "^2.0.3",
28
27
  "@nitra/check-env": "^3.2.0",
29
28
  "@nitra/isenv": "^2.0.1",
30
- "@nitra/jwt": "^3.7.1"
29
+ "@nitra/jwt": "^4.0.3"
31
30
  },
32
31
  "files": [
33
32
  "src",
34
33
  "types"
35
34
  ],
36
35
  "engines": {
37
- "node": ">=18.0.0"
36
+ "node": ">=20.0.0"
38
37
  }
39
38
  }
package/src/index.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Check request for Nitra security rules
3
+ *
4
+ * @param {object} req - ApolloServer or Express Request for check
5
+ * @returns {boolean} if check passed
6
+ */
7
+ export default function _default(req: object): boolean
package/src/index.js CHANGED
@@ -1,19 +1,19 @@
1
1
  import { checkEnv, env } from '@nitra/check-env'
2
+
2
3
  checkEnv(['X_NITRA_CF_KEY'])
3
4
 
4
5
  /**
5
6
  * Check request for Nitra security rules
6
- *
7
7
  * @param {object} req - ApolloServer or Express Request for check
8
- * @return {boolean} if check passed
8
+ * @returns {boolean} if check passed
9
9
  */
10
10
  export default function (req) {
11
- if (typeof req.headers === 'undefined') {
11
+ if (req.headers === undefined) {
12
12
  req.log.info('Request without headers')
13
13
  return false
14
14
  }
15
15
 
16
- if (typeof req.headers['x-nitra-cf-key'] === 'undefined') {
16
+ if (req.headers['x-nitra-cf-key'] === undefined) {
17
17
  req.log.info('Nitra key not exist in request')
18
18
  return false
19
19
  }
package/src/jwt-both.js CHANGED
@@ -1,16 +1,16 @@
1
- import { runSecurityHeader } from './jwt.js'
2
1
  import { runSecurityCookie } from './jwt-c.js'
2
+ import { runSecurityHeader } from './jwt.js'
3
3
 
4
4
  /**
5
5
  * Check request for Nitra security з токеном в кукі
6
- *
7
6
  * @param {object} req - Fastify Request for check
8
- * @return {Promise<Object>} token if check passed
7
+ * @param {Array<string>} allowedRoles - Allowed roles
8
+ * @returns {Promise<object>} token if check passed
9
9
  */
10
10
  export default async (req, allowedRoles) => {
11
+ // oxlint-disable-line require-await
11
12
  if (req.headers.authorization) {
12
13
  return runSecurityHeader(req, allowedRoles)
13
- } else {
14
- return runSecurityCookie(req, allowedRoles)
15
14
  }
15
+ return runSecurityCookie(req, allowedRoles)
16
16
  }
package/src/jwt-c.js CHANGED
@@ -1,12 +1,12 @@
1
- import verify from '@nitra/jwt/verify'
2
1
  import { isDev } from '@nitra/isenv'
2
+ import verify from '@nitra/jwt/verify'
3
3
  import { intersection } from './utils/intersection.js'
4
4
 
5
5
  /**
6
6
  * Check request for Nitra security з токеном в кукі
7
- *
8
7
  * @param {object} req - Fastify Request for check
9
- * @return {Promise<Object>} token if check passed
8
+ * @param {Array<string>} allowedRoles - Allowed roles
9
+ * @returns {Promise<object>} token if check passed
10
10
  */
11
11
  export default async (req, allowedRoles) => {
12
12
  const { parsed } = await runSecurityCookie(req, allowedRoles)
@@ -15,10 +15,9 @@ export default async (req, allowedRoles) => {
15
15
 
16
16
  /**
17
17
  * Check request for Nitra security rules WI
18
- *
19
18
  * @param {object} req - Fastify Request for check
20
19
  * @param {Array} allowedRoles - Allowed roles
21
- * @return {Promise<Object>} token if check passed
20
+ * @returns {Promise<object>} token if check passed
22
21
  */
23
22
  export const runSecurityCookie = async (req, allowedRoles) => {
24
23
  if (!req.raw.headers?.cookie) {
@@ -26,7 +25,9 @@ export const runSecurityCookie = async (req, allowedRoles) => {
26
25
  }
27
26
 
28
27
  // Читаємо кукі
29
- const c = Object.fromEntries(req.raw.headers.cookie.split('; ').map(v => v.split(/=(.*)/s).map(decodeURIComponent)))
28
+ const c = Object.fromEntries(
29
+ req.raw.headers.cookie.split('; ').map(v => v.split(/[=](.*)/s).map(x => decodeURIComponent(x)))
30
+ )
30
31
 
31
32
  // Для дева можна й не передавати токен
32
33
  if (isDev) {
@@ -35,11 +36,10 @@ export const runSecurityCookie = async (req, allowedRoles) => {
35
36
  // ігноруючи expired
36
37
  const token = await verify(c.__session, { ignoreExpiration: true })
37
38
  return { raw: c.__session, parsed: token.body }
38
- } else {
39
- return {
40
- raw: 0,
41
- parsed: { name: 'dev', 'https://hasura.io/jwt/claims': { 'x-hasura-allowed-roles': allowedRoles } }
42
- }
39
+ }
40
+ return {
41
+ raw: 0,
42
+ parsed: { name: 'dev', 'https://hasura.io/jwt/claims': { 'x-hasura-allowed-roles': allowedRoles } }
43
43
  }
44
44
  }
45
45
 
package/src/jwt.js CHANGED
@@ -4,10 +4,9 @@ import { intersection } from './utils/intersection.js'
4
4
 
5
5
  /**
6
6
  * Check request for Nitra security rules WI
7
- *
8
7
  * @param {object} req - Fastify Request for check
9
8
  * @param {Array} allowedRoles - Allowed roles
10
- * @return {Promise<string>} token if check passed
9
+ * @returns {Promise<string>} token if check passed
11
10
  */
12
11
  export default async (req, allowedRoles) => {
13
12
  const { parsed } = await runSecurityHeader(req, allowedRoles)
@@ -16,10 +15,9 @@ export default async (req, allowedRoles) => {
16
15
 
17
16
  /**
18
17
  * Check request for Nitra security rules WI
19
- *
20
18
  * @param {object} req - Fastify Request for check
21
19
  * @param {Array} allowedRoles - Allowed roles
22
- * @return {Promise<Object>} token if check passed
20
+ * @returns {Promise<object>} token if check passed
23
21
  */
24
22
  export const runSecurityHeader = async (req, allowedRoles) => {
25
23
  // Для дева можна й не передавати токен
@@ -40,11 +38,10 @@ export const runSecurityHeader = async (req, allowedRoles) => {
40
38
 
41
39
  const authHeaders = req.headers.authorization.split(' ')
42
40
  return { raw: authHeaders[1], parsed: token.body }
43
- } else {
44
- return {
45
- raw: 0,
46
- parsed: { name: 'dev', 'https://hasura.io/jwt/claims': { 'x-hasura-allowed-roles': allowedRoles } }
47
- }
41
+ }
42
+ return {
43
+ raw: 0,
44
+ parsed: { name: 'dev', 'https://hasura.io/jwt/claims': { 'x-hasura-allowed-roles': allowedRoles } }
48
45
  }
49
46
  }
50
47
 
package/src/utils/intersection.js CHANGED
@@ -1,3 +1,8 @@
1
+ /**
2
+ * @param {Array<string>} a - First array
3
+ * @param {Array<string>} b - Second array
4
+ * @returns {Array<string>} - Intersection of two arrays.
5
+ */
1
6
  export function intersection(a, b) {
2
7
  const setA = new Set(a)
3
8
  return b.filter(value => setA.has(value))
package/types/index.d.ts CHANGED
@@ -2,6 +2,6 @@
2
2
  * Check request for Nitra security rules
3
3
  *
4
4
  * @param {object} req - ApolloServer or Express Request for check
5
- * @return {boolean} if check passed
5
+ * @returns {boolean} if check passed
6
6
  */
7
- export default function _default(req: object): boolean;
7
+ export default function _default(req: object): boolean