npm - @openneuro/server - Versions diffs - 4.44.3 → 4.44.5 - Mend

@openneuro/server 4.44.3 → 4.44.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +5 -5
package/src/datalad/snapshots.ts +3 -1
package/src/libs/authentication/jwt.ts +15 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@openneuro/server",
-  "version": "4.44.3",
+  "version": "4.44.5",
   "description": "Core service for the OpenNeuro platform.",
   "license": "MIT",
   "main": "src/server.js",
@@ -21,9 +21,9 @@
     "@elastic/elasticsearch": "8.13.1",
     "@graphql-tools/schema": "^10.0.0",
     "@keyv/redis": "^4.5.0",
-    "@openneuro/search": "^4.44.3",
-    "@sentry/node": "^8.25.0",
-    "@sentry/profiling-node": "^8.25.0",
+    "@openneuro/search": "^4.44.5",
+    "@sentry/node": "^10.37.0",
+    "@sentry/profiling-node": "^10.37.0",
     "base64url": "^3.0.0",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
@@ -89,5 +89,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "886402e445ea563e6d8043233076e25f95d13dbe"
+  "gitHead": "337fffde4c5ea0c3f6f26f7f93d5357197036aa7"
 }

package/src/datalad/snapshots.ts CHANGED Viewed

@@ -100,7 +100,9 @@ const postSnapshot = async (
  * @param {string} datasetId Dataset accession number
  * @returns {Promise<import('../models/snapshot').SnapshotDocument[]>}
  */
-export const getSnapshots = (datasetId): Promise<SnapshotDocument[]> => {
+export const getSnapshots = async (datasetId): Promise<SnapshotDocument[]> => {
+  const dataset = await Dataset.findOne({ id: datasetId })
+  if (!dataset) return null
   const url = `${getDatasetWorker(datasetId)}/datasets/${datasetId}/snapshots`
   return request
     .get(url)

package/src/libs/authentication/jwt.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import passport from "passport"
 import refresh from "passport-oauth2-refresh"
 import jwt from "jsonwebtoken"
 import * as Sentry from "@sentry/node"
+import type { Request } from "express"
 import { decrypt } from "./crypto"
 import User from "../../models/user"
 import config from "../../config"
@@ -175,6 +176,19 @@ const refreshToken = async (jwt) => {
 // Shared options for Express response.cookie()
 const cookieOptions = { sameSite: "Lax" }
+// Obtain client IP address from request, considering possible proxies
+function getClientIp(req: Request): string | undefined {
+  const forwardedForHeader = req.headers["x-forwarded-for"]
+  if (forwardedForHeader) {
+    const ips = Array.isArray(forwardedForHeader)
+      ? forwardedForHeader
+      : forwardedForHeader.split(",")
+    const clientIp = ips[0].trim()
+    return clientIp
+  }
+  return req.socket.remoteAddress || undefined
+}
 // attach user obj to request based on jwt
 // if user does not exist, continue
 export const authenticate = (req, res, next) => {
@@ -192,7 +206,7 @@ export const authenticate = (req, res, next) => {
         if (user) {
           Sentry.setUser({
             id: user.id,
-            ip_address: req.headers["x-forwarded-for"] as string,
+            ip_address: getClientIp(req),
           })
         }
         Sentry.setContext("request_headers", {