@plusscommunities/pluss-core-aws 2.0.24 → 2.0.25-beta.0

package/helper/auth/checkTokenBlacklist.js

@@ -2,24 +2,24 @@ const crypto = require("crypto");
 const { getRef } = require("../../db/common/getRef");
 
 module.exports = async (token) => {
-  if (!token) return false;
+	if (!token) return false;
 
-  try {
-    // Create hash of token for TokenId lookup
-    const tokenHash = crypto.createHash("sha256").update(token).digest("hex");
+	try {
+		// Create hash of token for TokenId lookup
+		const tokenHash = crypto.createHash("sha256").update(token).digest("hex");
 
-    // Check if token exists in blacklist
-    const blacklistedToken = await getRef(
-      "invalidTokens",
-      "TokenId",
-      tokenHash
-    );
+		// Check if token exists in blacklist
+		const blacklistedToken = await getRef(
+			"invalidTokens",
+			"TokenId",
+			tokenHash,
+		);
 
-    // Return true if found (blacklisted), false if not found
-    return !!blacklistedToken;
-  } catch (error) {
-    // If error occurs during lookup, assume token is not blacklisted
-    // This ensures authentication doesn't fail due to blacklist issues
-    return false;
-  }
+		// Return true if found (blacklisted), false if not found
+		return !!blacklistedToken;
+	} catch (error) {
+		// If error occurs during lookup, assume token is not blacklisted
+		// This ensures authentication doesn't fail due to blacklist issues
+		return false;
+	}
 };

package/helper/auth/getApiKeyFromReq.js

@@ -1,6 +1,6 @@
 const getRef = require("../../db/common/getRef");
 
 module.exports = async (event) => {
-  if (!event?.headers?.apikey) return null;
-  return await getRef("accesskeys", "Key", event.headers.apikey);
+	if (!event?.headers?.apikey) return null;
+	return await getRef("accesskeys", "Key", event.headers.apikey);
 };

package/helper/auth/getSessionUser.js

@@ -4,72 +4,72 @@ const { getConfig } = require("../../config");
 const checkTokenBlacklist = require("./checkTokenBlacklist");
 
 module.exports = async (token) => {
-  return new Promise(async (resolve, reject) => {
-    if (!token) {
-      return resolve(null);
-    }
+	return new Promise(async (resolve, reject) => {
+		if (!token) {
+			return resolve(null);
+		}
 
-    // Check if token is blacklisted before expensive verification
-    const isBlacklisted = await checkTokenBlacklist(token);
-    if (isBlacklisted) {
-      reject("Token has been invalidated");
-      return;
-    }
+		// Check if token is blacklisted before expensive verification
+		const isBlacklisted = await checkTokenBlacklist(token);
+		if (isBlacklisted) {
+			reject("Token has been invalidated");
+			return;
+		}
 
-    var sections = token.split(".");
-    // get the kid from the headers prior to verification
-    var header = jose.util.base64url.decode(sections[0]);
-    header = JSON.parse(header);
-    var kid = header.kid;
-    // download the public keys
-    https.get(getConfig().keys_url, function (response) {
-      if (response.statusCode == 200) {
-        response.on("data", function (body) {
-          var keys = JSON.parse(body)["keys"];
-          // search for the kid in the downloaded public keys
-          var key_index = -1;
-          for (var i = 0; i < keys.length; i++) {
-            if (kid == keys[i].kid) {
-              key_index = i;
-              break;
-            }
-          }
-          if (key_index == -1) {
-            reject();
-            return;
-          }
-          // construct the public key
-          jose.JWK.asKey(keys[key_index])
-            .then(function (result) {
-              // verify the signature
-              jose.JWS.createVerify(result)
-                .verify(token)
-                .then(function (result2) {
-                  // now we can use the claims
-                  var claims = JSON.parse(result2.payload);
-                  // additionally we can verify the token expiration
-                  var current_ts = Math.floor(new Date() / 1000);
-                  if (current_ts > claims.exp) {
-                    console.log("Token is expired");
-                    reject("Token is expired");
-                    return;
-                  }
-                  resolve(claims.username);
-                })
-                .catch(function (error) {
-                  console.log("Signature verification failed", error);
-                  reject("Signature verification failed");
-                });
-            })
-            .catch(function (error) {
-              console.log("failed JWK.asKey", error);
-              reject(error);
-            });
-        });
-      } else {
-        console.log("failed on response", response);
-        reject(response);
-      }
-    });
-  });
+		var sections = token.split(".");
+		// get the kid from the headers prior to verification
+		var header = jose.util.base64url.decode(sections[0]);
+		header = JSON.parse(header);
+		var kid = header.kid;
+		// download the public keys
+		https.get(getConfig().keys_url, function (response) {
+			if (response.statusCode == 200) {
+				response.on("data", function (body) {
+					var keys = JSON.parse(body)["keys"];
+					// search for the kid in the downloaded public keys
+					var key_index = -1;
+					for (var i = 0; i < keys.length; i++) {
+						if (kid == keys[i].kid) {
+							key_index = i;
+							break;
+						}
+					}
+					if (key_index == -1) {
+						reject();
+						return;
+					}
+					// construct the public key
+					jose.JWK.asKey(keys[key_index])
+						.then(function (result) {
+							// verify the signature
+							jose.JWS.createVerify(result)
+								.verify(token)
+								.then(function (result2) {
+									// now we can use the claims
+									var claims = JSON.parse(result2.payload);
+									// additionally we can verify the token expiration
+									var current_ts = Math.floor(new Date() / 1000);
+									if (current_ts > claims.exp) {
+										console.log("Token is expired");
+										reject("Token is expired");
+										return;
+									}
+									resolve(claims.username);
+								})
+								.catch(function (error) {
+									console.log("Signature verification failed", error);
+									reject("Signature verification failed");
+								});
+						})
+						.catch(function (error) {
+							console.log("failed JWK.asKey", error);
+							reject(error);
+						});
+				});
+			} else {
+				console.log("failed on response", response);
+				reject(response);
+			}
+		});
+	});
 };

package/helper/auth/getSessionUserFromReq.js

@@ -1,6 +1,6 @@
 const getSessionUser = require("./getSessionUser");
 
 module.exports = (event) => {
-  const idToken = event.headers.Authorization.split("Bearer ")[1];
-  return getSessionUser(idToken);
+	const idToken = event.headers.Authorization.split("Bearer ")[1];
+	return getSessionUser(idToken);
 };

package/helper/auth/getSessionUserFromReqAuthKey.js

@@ -2,15 +2,15 @@ const getSessionUser = require("./getSessionUser");
 const getApiKeyFromReq = require("./getApiKeyFromReq");
 
 module.exports = async (event) => {
-  if (!event.headers) {
-    return null;
-  }
-  if (event.headers.apikey) {
-    const key = await getApiKeyFromReq(event);
-    return key?.UserId;
-  }
-  if (!event.headers.authkey) {
-    return null;
-  }
-  return getSessionUser(event.headers.authkey);
+	if (!event.headers) {
+		return null;
+	}
+	if (event.headers.apikey) {
+		const key = await getApiKeyFromReq(event);
+		return key?.UserId;
+	}
+	if (!event.headers.authkey) {
+		return null;
+	}
+	return getSessionUser(event.headers.authkey);
 };

package/helper/auth/validateApiKey.js

@@ -3,41 +3,41 @@ const { log, generateLogId } = require("../");
 const getApiKeyFromReq = require("./getApiKeyFromReq");
 
 module.exports = async (req, actionType, site) => {
-  const logId = generateLogId();
-  try {
-    log("ApiKey", "Input", req.headers.apikey, logId);
-    const key = await getApiKeyFromReq(req);
-    log("ApiKey", "Key", key, logId);
+	const logId = generateLogId();
+	try {
+		log("ApiKey", "Input", req.headers.apikey, logId);
+		const key = await getApiKeyFromReq(req);
+		log("ApiKey", "Key", key, logId);
 
-    if (key.UserId) {
-      const validateMasterAuth = require("./validateMasterAuth");
-      return await validateMasterAuth(undefined, actionType, site, undefined, {
-        userId: key.UserId,
-      });
-    }
+		if (key.UserId) {
+			const validateMasterAuth = require("./validateMasterAuth");
+			return await validateMasterAuth(undefined, actionType, site, undefined, {
+				userId: key.UserId,
+			});
+		}
 
-    const validSite = key.Site === site;
-    const isHQKey = key.Site === "hq";
-    log("ApiKey", "validSite", validSite, logId);
-    log("ApiKey", "isHQKey", isHQKey, logId);
+		const validSite = key.Site === site;
+		const isHQKey = key.Site === "hq";
+		log("ApiKey", "validSite", validSite, logId);
+		log("ApiKey", "isHQKey", isHQKey, logId);
 
-    if (!validSite && !isHQKey) {
-      log("ApiKey", "Result", false, logId);
-      return false;
-    }
+		if (!validSite && !isHQKey) {
+			log("ApiKey", "Result", false, logId);
+			return false;
+		}
 
-    const isAny = actionType === "any";
-    const isMaster = _.includes(key.Permissions, "master");
-    const hasPermission = _.includes(key.Permissions, actionType);
-    const result = isAny || isMaster || hasPermission;
+		const isAny = actionType === "any";
+		const isMaster = _.includes(key.Permissions, "master");
+		const hasPermission = _.includes(key.Permissions, actionType);
+		const result = isAny || isMaster || hasPermission;
 
-    log("ApiKey", "isAny", isAny, logId);
-    log("ApiKey", "isMaster", isMaster, logId);
-    log("ApiKey", "hasPermission", hasPermission, logId);
-    log("ApiKey", "Result", result, logId);
-    return result;
-  } catch (e) {
-    log("ApiKey", "Error", e, logId);
-    return false;
-  }
+		log("ApiKey", "isAny", isAny, logId);
+		log("ApiKey", "isMaster", isMaster, logId);
+		log("ApiKey", "hasPermission", hasPermission, logId);
+		log("ApiKey", "Result", result, logId);
+		return result;
+	} catch (e) {
+		log("ApiKey", "Error", e, logId);
+		return false;
+	}
 };