npm - @opengis/fastify-table - Versions diffs - 2.1.17 → 2.1.19 - Mend

@opengis/fastify-table 2.1.17 → 2.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/server/plugins/auth/funcs/jwt.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/auth/funcs/jwt.ts"],"names":[],"mappings":"~~AAmBA~~,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,mBAI5C;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,oBAI9D;AAED,wBAAgB,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,oBAAQ,EAAE,EAAE,EAAE,MAAM,UAsBxE;AAED,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM;;;EA8B/D;;AAED,wBAAoB"}
1	+ {"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/auth/funcs/jwt.ts"],"names":[],"mappings":"AAkBA,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,mBAI5C;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,oBAI9D;AAED,wBAAgB,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,oBAAQ,EAAE,EAAE,EAAE,MAAM,UAsBxE;AAED,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM;;;EA8B/D;;AAED,wBAAoB"}

package/dist/server/plugins/policy/funcs/checkJWT.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { ExtendedRequest } from "../../../types/core.js";
+export default function checkJWT(req: ExtendedRequest): Promise<{
+    error: string;
+    code: number;
+    token?: undefined;
+    valid?: undefined;
+} | {
+    token: string;
+    valid: boolean;
+    error?: undefined;
+    code?: undefined;
+} | null>;
+//# sourceMappingURL=checkJWT.d.ts.map

package/dist/server/plugins/policy/funcs/checkJWT.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"checkJWT.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/policy/funcs/checkJWT.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,eAAe,EAEhB,MAAM,wBAAwB,CAAC;AAMhC,wBAA8B,QAAQ,CAAC,GAAG,EAAE,eAAe;;;;;;;;;;UA4D1D"}

package/dist/server/plugins/policy/funcs/checkJWT.js ADDED Viewed

@@ -0,0 +1,48 @@
+import getIP from "./getIP.js";
+import logger from "../../logger/getLogger.js";
+import { verify } from "../../auth/funcs/jwt.js";
+export default async function checkJWT(req) {
+    const { originalUrl: path, headers, method, routeOptions, pg } = req;
+    const ip = getIP(req);
+    const { policy, auth, scope } = (routeOptions?.config ||
+        {});
+    const requireUser = Array.isArray(policy)
+        ? policy.includes("user")
+        : ["L1", "L2", "L3"].includes(policy || "");
+    const requireJWT = auth === "user-jwt";
+    const user = req.user || req.session?.passport?.user;
+    // skip entirely if not required via API config or alternative exists
+    if (!requireJWT || (requireUser && user)) {
+        return null;
+    }
+    const jwtToken = headers.authorization?.split(" ")?.[1];
+    // restict access if header is not provided at all
+    if (!jwtToken) {
+        logger.file("policy/jwt", {
+            path,
+            method,
+            message: "unauthorized",
+            ip,
+            uid: user?.uid,
+        });
+        return { error: "unauthorized", code: 401 };
+    }
+    const secret = pg && scope
+        ? await pg
+            .query(`select client_secret_hash from oauth.clients where name=$1 and token_endpoint_auth_method=$2`, [scope, "private_key_jwt"])
+            .then((el) => el?.rows?.[0]?.client_secret_hash)
+        : null;
+    const isJWTValid = verify(jwtToken, secret, ip);
+    // restrict access if token is invalid
+    if (requireJWT && !isJWTValid) {
+        logger.file("policy/jwt", {
+            path,
+            method,
+            message: "forbidden",
+            ip,
+            uid: user?.uid,
+        });
+        return { error: "forbidden", code: 403 };
+    }
+    return { token: jwtToken, valid: true };
+}

package/dist/server/plugins/policy/funcs/checkPolicy.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import type { ExtendedRequest } from "../../../types/core.js";
-export default function checkPolicy(req: ExtendedRequest): {
+export default function checkPolicy(req: ExtendedRequest, jwt?: any): {
     error: string;
     code: number;
 } | null;

package/dist/server/plugins/policy/funcs/checkPolicy.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"checkPolicy.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/policy/funcs/checkPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,eAAe,EAEhB,MAAM,wBAAwB,CAAC;AAKhC,MAAM,CAAC,OAAO,UAAU,WAAW,CAAC,GAAG,EAAE,eAAe;;;~~SAoKvD~~"}
1	+ {"version":3,"file":"checkPolicy.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/policy/funcs/checkPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,eAAe,EAEhB,MAAM,wBAAwB,CAAC;AAKhC,MAAM,CAAC,OAAO,UAAU,WAAW,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,CAAC,EAAE,GAAG;;;SAqKlE"}

package/dist/server/plugins/policy/funcs/checkPolicy.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { config, logger } from "../../../../utils.js";
 import block from "../sqlInjection.js";
-export default function checkPolicy(req) {
+export default function checkPolicy(req, jwt) {
     const { originalUrl: path, hostname, query, params, headers, method, routeOptions, } = req;
     const user = req.user || req.session?.passport?.user;
     const body = req.body
@@ -80,7 +80,7 @@ export default function checkPolicy(req) {
         return { error: "access restricted: 2", code: 409 };
     }
     // ! user required, but not logged in
-    if (requireUser && !user) {
+    if (requireUser && !user && !jwt?.valid) {
         logger.file("policy/user", {
             path,
             method,
@@ -110,7 +110,8 @@ export default function checkPolicy(req) {
     if (isAdmin &&
         !req.url?.includes?.("/assets") &&
         !config.debug &&
-        !user?.uid) {
+        !user?.uid &&
+        !jwt?.valid) {
         logger.file("policy/api", {
             path,
             method,

package/dist/server/plugins/policy/funcs/getIP.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+declare const getIP: (req: any) => any;
+export default getIP;
+//# sourceMappingURL=getIP.d.ts.map

package/dist/server/plugins/policy/funcs/getIP.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"getIP.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/policy/funcs/getIP.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,KAAK,GAAI,KAAK,GAAG,QASb,CAAC;AAEX,eAAe,KAAK,CAAC"}

package/dist/server/plugins/policy/funcs/getIP.js ADDED Viewed

@@ -0,0 +1,8 @@
+const getIP = (req) => (req.headers?.["x-real-ip"] ||
+    req.headers?.["x-forwarded-for"] ||
+    req.ip ||
+    req.connection?.remoteAddress ||
+    "")
+    .split(":")
+    .pop();
+export default getIP;

package/dist/server/plugins/policy/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/plugins/policy/index.ts"],"names":[],"mappings":"~~AAKA~~,iBAAS,MAAM,CAAC,OAAO,EAAE,GAAG,~~QAiC3B~~;AAED,eAAe,MAAM,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/plugins/policy/index.ts"],"names":[],"mappings":"AAMA,iBAAS,MAAM,CAAC,OAAO,EAAE,GAAG,QAqC3B;AAED,eAAe,MAAM,CAAC"}

package/dist/server/plugins/policy/index.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import config from "../../../config.js";
 import checkPolicy from "./funcs/checkPolicy.js";
 import checkPermissions from "./funcs/checkPermissions.js";
+import checkJWT from "./funcs/checkJWT.js";
 function plugin(fastify) {
     fastify.addHook("preHandler", async (request, reply) => {
         // ! skip locally, skip tests
@@ -22,7 +23,11 @@ function plugin(fastify) {
         if (resp1) {
             return reply.status(resp1.code || 403).send(resp1);
         }
-        const resp = checkPolicy(request);
+        const jwt = await checkJWT(request);
+        if (!jwt?.valid && jwt?.code) {
+            return reply.status(jwt.code).send(jwt);
+        }
+        const resp = checkPolicy(request, jwt);
         if (resp) {
             return reply.status(resp.code || 403).send(resp);
         }

package/dist/server/routes/auth/controllers/jwt/authorize.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorize.d.ts","sourceRoot":"","sources":["../../../../../../server/routes/auth/controllers/jwt/authorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAyBvC,wBAA8B,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,~~kBAkHpE~~"}
1	+ {"version":3,"file":"authorize.d.ts","sourceRoot":"","sources":["../../../../../../server/routes/auth/controllers/jwt/authorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAyBvC,wBAA8B,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBAmHpE"}

package/dist/server/routes/auth/controllers/jwt/authorize.js CHANGED Viewed

@@ -90,6 +90,7 @@ export default async function authorize(req, reply) {
     if (req.method === "POST") {
         return reply.status(200).send({
             code,
+            expire: expireMsec,
             redirect_uri: href,
         });
     }

package/dist/server/routes/table/controllers/suggest.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"suggest.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/suggest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAuBpD,wBAAsB,kBAAkB,CAAC,EACvC,KAAK,EACL,QAAQ,EACR,MAAM,EACN,UAAU,EACV,QAAQ,EACR,UAAU,EACV,GAAG,EACH,EAAqB,GACtB,EAAE;IACD,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,GAAG,CAAC;IACZ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,UAAU,CAAC;CACjB;;;;;UA+EA;AAED,wBAA8B,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,~~gBA6WzD~~"}
1	+ {"version":3,"file":"suggest.d.ts","sourceRoot":"","sources":["../../../../../server/routes/table/controllers/suggest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAuBpD,wBAAsB,kBAAkB,CAAC,EACvC,KAAK,EACL,QAAQ,EACR,MAAM,EACN,UAAU,EACV,QAAQ,EACR,UAAU,EACV,GAAG,EACH,EAAqB,GACtB,EAAE;IACD,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,GAAG,CAAC;IACZ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,GAAG,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,UAAU,CAAC;CACjB;;;;;UA+EA;AAED,wBAA8B,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAmXzD"}

package/dist/server/routes/table/controllers/suggest.js CHANGED Viewed

@@ -183,7 +183,7 @@ export default async function suggest(req, reply) {
                 ? arr
                     ?.filter((el) => !lower ||
                     (el[lang] || el.text)?.toLowerCase()?.indexOf(lower) !== -1)
-                    ?.filter((el) => !query.val || el.id === query.val)
+                    ?.filter((el) => !query.val || query.val?.split?.(",")?.includes?.(el.id))
                 : arr;
             const data2 = data1.filter((el) => el.id && vals.includes(el.id.toString()));
             const data = data2.slice(0, Math.min(query.limit || limit, limit));
@@ -224,7 +224,7 @@ export default async function suggest(req, reply) {
             ? arr
                 ?.filter((el) => !lower ||
                 (el[lang] || el.text)?.toLowerCase()?.indexOf(lower) !== -1)
-                ?.filter((el) => !query.val || el.id === query.val)
+                ?.filter((el) => !query.val || query.val?.split?.(",")?.includes?.(el.id))
             : arr;
         const data = data1.slice(0, Math.min(query.limit || limit, limit));
         if (config.debug) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "2.1.17",
+  "version": "2.1.19",
   "type": "module",
   "description": "core-plugins",
   "keywords": [