@opengis/fastify-table 1.2.55 → 1.2.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@opengis/fastify-table",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.57",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "core-plugins",
|
|
6
6
|
"keywords": [
|
|
@@ -16,7 +16,8 @@
|
|
|
16
16
|
"index.js",
|
|
17
17
|
"utils.js",
|
|
18
18
|
"config.js",
|
|
19
|
-
"dblist.js"
|
|
19
|
+
"dblist.js",
|
|
20
|
+
"redactionList.js"
|
|
20
21
|
],
|
|
21
22
|
"scripts": {
|
|
22
23
|
"lint": "eslint . --ext .vue,.js,.jsx,.cjs,.mjs,.ts,.tsx,.cts,.mts --fix --ignore-path .gitignore",
|
package/redactionList.js
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import fs from 'node:fs';
|
|
2
|
+
|
|
3
|
+
const redactionList = ['clientSecret', 'clientId'];
|
|
4
|
+
|
|
5
|
+
const customRedactionList = fs.existsSync('redactionList.json') ? JSON.parse(fs.readFileSync('redactionList.json')) : [];
|
|
6
|
+
|
|
7
|
+
export default redactionList.concat(customRedactionList);
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import pino from 'pino';
|
|
2
2
|
// import path from 'node:path';
|
|
3
3
|
|
|
4
|
-
import { config, getRedis } from '../../../utils.js';
|
|
4
|
+
import { config, getRedis, redactionList } from '../../../utils.js';
|
|
5
5
|
|
|
6
6
|
// utils
|
|
7
7
|
import getHooks from './getHooks.js';
|
|
@@ -31,11 +31,19 @@ const options = {
|
|
|
31
31
|
},
|
|
32
32
|
],
|
|
33
33
|
},
|
|
34
|
+
redact: redactionList,
|
|
34
35
|
};
|
|
35
36
|
const logger = pino(options);
|
|
37
|
+
|
|
36
38
|
logger.file = function userFile(logfolder, msg, req) {
|
|
37
39
|
logger.info({ logfolder, ...(typeof msg === 'string' ? { msg } : msg) }, req);
|
|
38
40
|
};
|
|
41
|
+
|
|
42
|
+
if (config.debug) {
|
|
43
|
+
logger.file('test/redaction', { clientId: 'should be redacted', clientSecret: 'should be redacted' });
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
|
|
39
47
|
logger.metrics = function metrics(key, val, dbName) {
|
|
40
48
|
const dbname = dbName || config.pg?.database;
|
|
41
49
|
if (!dbname && !isServer) return;
|
|
@@ -2,6 +2,8 @@ import { config, logger } from '../../../../utils.js';
|
|
|
2
2
|
import block from '../sqlInjection.js';
|
|
3
3
|
|
|
4
4
|
const { skipCheckPolicyRoutes = [] } = config;
|
|
5
|
+
|
|
6
|
+
const skipCheckPolicy = (path) => skipCheckPolicyRoutes.find(el => path.includes(el));
|
|
5
7
|
/**
|
|
6
8
|
* Middleware func
|
|
7
9
|
*
|
|
@@ -74,12 +76,12 @@ export default function checkPolicy(req, reply) {
|
|
|
74
76
|
}
|
|
75
77
|
|
|
76
78
|
/* === policy: public === */
|
|
77
|
-
if (policy.includes('public')) {
|
|
79
|
+
if (policy.includes('public') || skipCheckPolicy(path)) {
|
|
78
80
|
return null;
|
|
79
81
|
}
|
|
80
82
|
|
|
81
83
|
/* === 0. policy: unauthorized access from admin URL === */
|
|
82
|
-
if (!validToken && !user?.uid && !config.auth?.disable && isAdmin && !policy.includes('public')
|
|
84
|
+
if (!validToken && !user?.uid && !config.auth?.disable && isAdmin && !policy.includes('public')) {
|
|
83
85
|
logger.file('policy/unauthorized', {
|
|
84
86
|
path, method, params, query, body, token: headers?.token, userId: headers?.uid, ip: req.ip, headers, message: 'unauthorized',
|
|
85
87
|
});
|
|
@@ -87,7 +89,7 @@ export default function checkPolicy(req, reply) {
|
|
|
87
89
|
}
|
|
88
90
|
|
|
89
91
|
/* === 3. policy: user === */
|
|
90
|
-
if (!validToken && !user && policy.includes('user')) {
|
|
92
|
+
if (!validToken && !user && policy.includes('user') && !skipCheckPolicy(path)) {
|
|
91
93
|
logger.file('policy/user', {
|
|
92
94
|
path, method, params, query, body, message: 'access restricted: 3',
|
|
93
95
|
});
|
|
@@ -103,17 +105,15 @@ export default function checkPolicy(req, reply) {
|
|
|
103
105
|
}
|
|
104
106
|
|
|
105
107
|
/* === 5. policy: site auth === */
|
|
106
|
-
if (!validToken && !policy.includes('site') && !isAdmin && !config.local && !config.debug && !unittest
|
|
107
|
-
&& !['/auth/redirect', '/logout', `${config.prefix || '/api'}/login`].find(el => path.includes(el))) {
|
|
108
|
+
if (!validToken && !policy.includes('site') && !isAdmin && !config.local && !config.debug && !unittest) {
|
|
108
109
|
logger.file('policy/site', {
|
|
109
110
|
path, method, params, query, body, message: 'access restricted: 5', uid: user?.uid,
|
|
110
111
|
});
|
|
111
112
|
return reply.status(403).send('access restricted: 5');
|
|
112
113
|
}
|
|
113
114
|
|
|
114
|
-
/* === 6. base policy: block api
|
|
115
|
-
if (!validToken && isAdmin && !isUser && isServer && !config.local && !config.debug
|
|
116
|
-
&& !path.startsWith(`${config.prefix || '/api'}/login`)) {
|
|
115
|
+
/* === 6. base policy: block non-public api w/ out authorization === */
|
|
116
|
+
if (!validToken && isAdmin && !isUser && isServer && !config.local && !config.debug) {
|
|
117
117
|
logger.file('policy/api', {
|
|
118
118
|
path, method, params, query, body, message: 'access restricted: 6', uid: user?.uid,
|
|
119
119
|
});
|
package/utils.js
CHANGED
|
@@ -64,6 +64,7 @@ import logger from './server/plugins/logger/getLogger.js';
|
|
|
64
64
|
// utils
|
|
65
65
|
import config from './config.js';
|
|
66
66
|
import dblist from './dblist.js';
|
|
67
|
+
import redactionList from './redactionList.js';
|
|
67
68
|
import eventStream from './server/plugins/util/funcs/eventStream.js';
|
|
68
69
|
import isFileExists from './server/plugins/crud/funcs/isFileExists.js';
|
|
69
70
|
import getFolder from './server/plugins/crud/funcs/utils/getFolder.js';
|
|
@@ -77,6 +78,7 @@ export default null;
|
|
|
77
78
|
export {
|
|
78
79
|
config,
|
|
79
80
|
dblist,
|
|
81
|
+
redactionList,
|
|
80
82
|
getFolder,
|
|
81
83
|
handlebars,
|
|
82
84
|
handlebarsSync,
|