npm - @oslokommune/auth-bff - Versions diffs - 2.0.1 → 2.1.0 - Mend

@oslokommune/auth-bff 2.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +26 -1
package/dist/package.json +1 -1
package/dist/src/config.d.ts +10 -0
package/dist/src/config.d.ts.map +1 -1
package/dist/src/middleware/proxy-routes.d.ts.map +1 -1
package/dist/src/middleware/proxy-routes.js +17 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -81,7 +81,7 @@ WORKDIR /application
 EXPOSE 8080
 COPY --from=build /home/app/dist /application/dist
 ENV NODE_ENV=production
-RUN npm install -g @oslokommune/auth-bff@2.0.1
+RUN npm install -g @oslokommune/auth-bff@2.1.0
 COPY bff.config.json /application/
 CMD ["auth-bff"]
 ```
@@ -140,6 +140,8 @@ Standalone:
 auth-bff --configFile /path/to/bff.config.json
 ```
+### Loading values from environment or AWS Parameter Store
 The config file supports two special forms for loading values from other sources. Primarily meant for loading secrets:
 Environment values:
@@ -164,6 +166,29 @@ variable must be set, and you must be signed in to that profile
 > [!NOTE]
 >️ See [`config.ts`](src/config.ts) for a description of all config parameters
+### Mixing public and protected routes
+If the application has some routes that should be reachable without an authenticated session (e.g. a
+public catalog or a download endpoint polled by CI), list them under `publicProxyTargets`:
+```json
+{
+  "proxyTargets": {
+    "/api": "http://localhost:8080/api"
+  },
+  "publicProxyTargets": {
+    "/api/public": "http://localhost:8080/api/public",
+    "/export.zip": "http://localhost:8080/export.zip"
+  }
+}
+```
+Public targets are proxied through anonymously — no session lookup, no Authorization header. The
+session cookie is stripped on the way through.
+Public targets are registered before protected ones, so overlapping paths resolve to the public
+mapping (e.g. `publicProxyTargets["/api/public"]` wins over `proxyTargets["/api"]`).
 ## Using with ID-porten (via `okdata`):
 `auth-bff` Has special support for keys generated by [`okdata`](https://github.com/oslokommune/okdata-cli).

package/dist/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@oslokommune/auth-bff",
-    "version": "2.0.1",
+    "version": "2.1.0",
     "repository": "https://github.com/oslokommune/auth-bff.git",
     "publishConfig": {
         "access": "public"

package/dist/src/config.d.ts CHANGED Viewed

@@ -101,6 +101,16 @@ export type BffConfig = {
     proxyTargets: {
         [path: string]: string;
     };
+    /**
+     * Like `proxyTargets`, but requests pass through anonymously — no session lookup, no Authorization
+     * header. Registered before `proxyTargets`, so a public path takes precedence over an overlapping
+     * protected one.
+     *
+     * Example: `{'/api/public': 'http://example.com/api/public'}`
+     */
+    publicProxyTargets?: {
+        [path: string]: string;
+    };
     /**
      * List of claims in the id_token that are returned by the /user-endpoint. By default all are returned
      *

package/dist/src/config.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,aAAa,EAAC,MAAM,QAAQ,CAAC;AACrC,OAAO,OAAO,MAAM,iBAAiB,CAAC;AAEtC,MAAM,MAAM,SAAS,GAAG;IACtB;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAA;IACZ;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;IACnB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IACzB;;OAEG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAA;IAC9B;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB;;;;OAIG;IACH,cAAc,EAAE,OAAO,GAAG,KAAK,GAAG,MAAM,GAAG,QAAQ,CAAA;IACnD;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAA;IAC7B;;;;OAIG;IACH,qBAAqB,EAAE,MAAM,CAAA;IAC7B;;OAEG;IACH,aAAa,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,gBAAgB,EAAE,QAAQ,GAAG,UAAU,CAAA;IACvC;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B;;;;OAIG;IACH,YAAY,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;IACxC;;;;OAIG;IACH,UAAU,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IAC1B;;;;;;;;;;;;;;;;OAgBG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC,CAAA;CACjF,CAAA;AAWD,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,UAQzF;AAID,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,GAAE,OAAc,mBAMjF;AAID,wBAAsB,UAAU,CAAC,UAAU,GAAE,MAAM,GAAG,KAAK,CAAC,MAAM,CAAqB,sBAyBtF"}
1	+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,aAAa,EAAC,MAAM,QAAQ,CAAC;AACrC,OAAO,OAAO,MAAM,iBAAiB,CAAC;AAEtC,MAAM,MAAM,SAAS,GAAG;IACtB;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAA;IACZ;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;IACnB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IACzB;;OAEG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAA;IAC9B;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB;;;;OAIG;IACH,cAAc,EAAE,OAAO,GAAG,KAAK,GAAG,MAAM,GAAG,QAAQ,CAAA;IACnD;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAA;IAC7B;;;;OAIG;IACH,qBAAqB,EAAE,MAAM,CAAA;IAC7B;;OAEG;IACH,aAAa,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,gBAAgB,EAAE,QAAQ,GAAG,UAAU,CAAA;IACvC;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B;;;;OAIG;IACH,YAAY,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;IACxC;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;IAC/C;;;;OAIG;IACH,UAAU,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IAC1B;;;;;;;;;;;;;;;;OAgBG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC,CAAA;CACjF,CAAA;AAWD,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,UAQzF;AAID,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,GAAE,OAAc,mBAMjF;AAID,wBAAsB,UAAU,CAAC,UAAU,GAAE,MAAM,GAAG,KAAK,CAAC,MAAM,CAAqB,sBAyBtF"}

package/dist/src/middleware/proxy-routes.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"proxy-routes.d.ts","sourceRoot":"","sources":["../../../src/middleware/proxy-routes.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,SAAS,EAAC,MAAM,cAAc,CAAC;AACvC,OAAO,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAEnD,wBAAgB,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,~~8CA6B5E~~"}
1	+ {"version":3,"file":"proxy-routes.d.ts","sourceRoot":"","sources":["../../../src/middleware/proxy-routes.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,SAAS,EAAC,MAAM,cAAc,CAAC;AACvC,OAAO,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAEnD,wBAAgB,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,8CAoD5E"}

package/dist/src/middleware/proxy-routes.js CHANGED Viewed

@@ -2,6 +2,23 @@ import express from "express";
 import { createProxyMiddleware } from "http-proxy-middleware";
 export function proxyRoutes(config, oidcMiddleware) {
     const router = express.Router();
+    // Public targets first so they win over overlapping protected paths.
+    for (const [path, target] of Object.entries(config.publicProxyTargets ?? {})) {
+        console.log(`Setting up public proxy: ${path} -> ${target}`);
+        router.use(path, createProxyMiddleware({
+            target: target,
+            changeOrigin: true,
+            on: {
+                proxyReq: (proxyReq) => {
+                    proxyReq.removeHeader("Cookie");
+                },
+                proxyRes: (proxyRes, req) => {
+                    // @ts-ignore //TODO: proxyRes har en mystisk type som mangler req, men den er der
+                    console.log(`Proxied (public): ${req.method} ${req.originalUrl} -> ${proxyRes.req.protocol}//${proxyRes.req.host}${proxyRes.req.path}, status=${proxyRes.statusCode}`);
+                }
+            }
+        }));
+    }
     for (const [path, target] of Object.entries(config.proxyTargets)) {
         console.log(`Setting up auth proxy: ${path} -> ${target}`);
         router.use(path, oidcMiddleware.ensureFreshToken, createProxyMiddleware({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@oslokommune/auth-bff",
-  "version": "2.0.1",
+  "version": "2.1.0",
   "repository": "https://github.com/oslokommune/auth-bff.git",
   "publishConfig": {
     "access": "public"