npm - @opengis/fastify-table - Versions diffs - 2.0.56 → 2.0.57 - Mend

@opengis/fastify-table 2.0.56 → 2.0.57

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/server/plugins/auth/index.d.ts +3 -1
package/dist/server/plugins/auth/index.d.ts.map +1 -1
package/dist/server/plugins/auth/index.js +86 -77
package/package.json +1 -1

package/dist/server/plugins/auth/index.d.ts CHANGED Viewed

@@ -1,4 +1,6 @@
-import { FastifyInstance } from "fastify";
+import { FastifyInstance, FastifyReply } from "fastify";
+import { ExtendedRequest } from "../../types/core.js";
+export declare function onRequest(req: ExtendedRequest, reply: FastifyReply): Promise<null>;
 declare function plugin(fastify: FastifyInstance): void;
 export default plugin;
 //# sourceMappingURL=index.d.ts.map

package/dist/server/plugins/auth/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/plugins/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;~~AAkB1C~~,iBAAS,MAAM,CAAC,OAAO,EAAE,eAAe,~~QAuIvC~~;AAED,eAAe,MAAM,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/plugins/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAYxD,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAMtD,wBAAsB,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,iBA6GxE;AAED,iBAAS,MAAM,CAAC,OAAO,EAAE,eAAe,QA6BvC;AAED,eAAe,MAAM,CAAC"}

package/dist/server/plugins/auth/index.js CHANGED Viewed

@@ -7,6 +7,91 @@ import config from "../../../config.js";
 import getRedis from "../redis/funcs/getRedis.js";
 const fastifyPassport = new Authenticator();
 const { prefix = "/api" } = config;
+export async function onRequest(req, reply) {
+    const { hostname, headers, routeOptions } = req;
+    const { policy = [] } = routeOptions?.config || {};
+    // proxy from old apps to editor, bi etc.
+    const validToken = (req.ip === "193.239.152.181" ||
+        req.ip === "127.0.0.1" ||
+        req.ip?.startsWith?.("192.168.") ||
+        config.debug) &&
+        req.headers?.token &&
+        config.auth?.tokens?.includes?.(headers.token);
+    if (validToken && !req?.user?.uid) {
+        req.user = {
+            uid: req.headers?.uid?.toString?.(),
+            user_type: req.headers?.user_type?.toString?.() || "regular",
+        };
+    }
+    const isAdmin = process.env.NODE_ENV === "admin" ||
+        hostname?.split?.(":")?.shift?.() === config.adminDomain ||
+        config.admin ||
+        hostname?.startsWith?.("admin");
+    const isPublic = Array.isArray(policy)
+        ? policy.includes("public")
+        : policy === "L0";
+    if (!req.session?.passport?.user?.uid &&
+        (config.auth?.disable || config.auth?.user) &&
+        !isPublic) {
+        req.session = req.session || {};
+        req.session.passport = req.session.passport || {}; // ensure passport session exists
+        req.session.passport.user = {
+            ...(config.auth?.user || {}),
+            uid: config.auth?.user?.uid?.toString?.() || "1",
+            user_rnokpp: config.auth?.user?.rnokpp,
+            user_type: config.auth?.user?.type || "regular",
+        };
+        req.user = req.session.passport.user;
+    }
+    // ! intentional: null || undefined > undefined
+    req.user = req.user || req.session?.passport?.user || undefined; // fix for user.uid errors, by default user is null, while with express passport it was {}, unauthorized user does not trigger serializer
+    // currently 2factor + auth with passwd file not supported
+    const ispasswd = (existsSync("passwd") && !config.auth?.["2factor"]) || config.auth?.passwd;
+    const loginPageUrl = config.auth?.link?.core?.login || config?.auth?.redirect || "/login";
+    if (!req.user?.uid &&
+        !config.auth?.disable &&
+        isAdmin &&
+        !isPublic &&
+        !config.auth?.disableRedirect &&
+        !req.url.startsWith(prefix) &&
+        !req.url.startsWith("/api") &&
+        !req.url.startsWith(loginPageUrl) &&
+        !req.url.includes(".") &&
+        !req.url.includes("@")) {
+        return reply.redirect(`${loginPageUrl}` + `?redirect=${req.url}`);
+    }
+    // by default, disable 2factor for id.gov.ua auth
+    const check = req.user?.auth_type === "govid" ? config.auth?.["2factor"]?.govid : true;
+    const login2faPage = config.auth?.link?.["2fa"]?.login || "/2factor";
+    // example: 2factor for admin env only, while public env does not require it
+    const checkEnv = () => {
+        if (!config.auth?.["2factorEnv"])
+            return true;
+        if ((config.auth?.["2factorEnv"] &&
+            process.env.NODE_ENV === config.auth?.["2factorEnv"]) ||
+            (config.auth?.["2factorEnv"] === "admin" && isAdmin)) {
+            return true;
+        }
+        return false;
+    };
+    // if 2factor is enabled globally + for user and secondFactorPassed not true => redirect to 2factor login page
+    if (req.user?.uid &&
+        req.user?.twofa &&
+        config.auth?.["2factor"] &&
+        !isPublic &&
+        (routeOptions?.method || "GET") === "GET" &&
+        !req.session?.secondFactorPassed &&
+        !ispasswd &&
+        !config.auth?.disableRedirect &&
+        !config.auth?.disable &&
+        check &&
+        checkEnv()) {
+        if (!req.url.startsWith(login2faPage)) {
+            return reply.redirect(login2faPage);
+        }
+    }
+    return null;
+}
 function plugin(fastify) {
     if (!config.redis) {
         return;
@@ -27,82 +112,6 @@ function plugin(fastify) {
     fastifyPassport.registerUserSerializer(async (user) => ({ user }));
     // deserialize user used to add user info from session store to req
     fastifyPassport.registerUserDeserializer(async (passport) => passport?.user || passport);
-    fastify.addHook("onRequest", async (req, reply) => {
-        const { pg, hostname, headers, routeOptions } = req;
-        const { policy = [] } = routeOptions?.config || {};
-        // proxy from old apps to editor, bi etc.
-        const validToken = (req.ip === "193.239.152.181" ||
-            req.ip === "127.0.0.1" ||
-            req.ip?.startsWith?.("192.168.") ||
-            config.debug) &&
-            req.headers?.token &&
-            config.auth?.tokens?.includes?.(headers.token);
-        if (validToken && !req?.user?.uid) {
-            req.user = {
-                uid: req.headers?.uid?.toString?.(),
-                user_type: req.headers?.user_type?.toString?.() || "regular",
-            };
-        }
-        const isAdmin = process.env.NODE_ENV === "admin" ||
-            hostname?.split?.(":")?.shift?.() === config.adminDomain ||
-            config.admin ||
-            hostname?.startsWith?.("admin");
-        const isPublic = Array.isArray(policy)
-            ? policy.includes("public")
-            : policy === "L0";
-        // if 2factor is enabled globally + for user and secondFactorPassed not true => redirect to 2factor login page
-        const { secondFactorPassed, passport = {} } = req.session || {}; // base login +
-        if (!passport.user?.uid &&
-            (config.auth?.disable || config.auth?.user) &&
-            !isPublic) {
-            req.session = req.session || {};
-            req.session.passport = req.session.passport || {}; // ensure passport session exists
-            req.session.passport.user = {
-                ...(config.auth?.user || {}),
-                uid: config.auth?.user?.uid?.toString?.() || "1",
-                user_rnokpp: config.auth?.user?.rnokpp,
-                user_type: config.auth?.user?.type || "regular",
-            };
-            req.user = req.session.passport.user;
-        }
-        // ! intentional: null || undefined > undefined
-        req.user = req.user || req.session?.passport?.user || undefined; // fix for user.uid errors, by default user is null, while with express passport it was {}, unauthorized user does not trigger serializer
-        if (config.trace && false) {
-            console.log("req.user?.uid", req.user?.uid, "req.session?.passport?.user?.uid", req.session?.passport?.user?.uid, "config.auth", config.auth);
-        }
-        // currently 2factor + auth with passwd file not supported
-        const ispasswd = (existsSync("passwd") && !config.auth?.["2factor"]) ||
-            config.auth?.passwd;
-        if (!passport.user?.uid &&
-            !config.auth?.disable &&
-            isAdmin &&
-            !isPublic &&
-            !config.auth?.disableRedirect &&
-            !req.url.startsWith(prefix) &&
-            !req.url.startsWith("/api") &&
-            !req.url.startsWith("/login") &&
-            !req.url.includes('.') &&
-            !req.url.includes('@')) {
-            return reply.redirect(`${config?.auth?.redirect || "/login"}` + `?redirect=${req.url}`);
-        }
-        // by default, disable 2factor for id.gov.ua auth
-        const check = passport.user?.auth_type === "govid"
-            ? config.auth?.["2factor"]?.govid
-            : true;
-        if (passport.user?.uid &&
-            passport.user?.twofa &&
-            config.auth?.["2factor"] &&
-            !isPublic &&
-            (routeOptions?.method || "GET") === "GET" &&
-            !secondFactorPassed &&
-            !ispasswd &&
-            check) {
-            const href = config.auth?.["2factorRedirect"] || "/2factor";
-            if (!href.includes(req.url)) {
-                return reply.redirect(href);
-            }
-        }
-        return null;
-    });
+    fastify.addHook("onRequest", onRequest);
 }
 export default plugin;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "2.0.56",
+  "version": "2.0.57",
   "type": "module",
   "description": "core-plugins",
   "keywords": [