npm - @psctickets/common - Versions diffs - 1.0.38 → 1.0.39 - Mend

@psctickets/common 1.0.38 → 1.0.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/build/middlewares/verifyTokenMiddleware.js +29 -2
package/package.json +1 -1

package/build/middlewares/verifyTokenMiddleware.js CHANGED Viewed

@@ -18,10 +18,37 @@ const verifyTokenMiddleware = (req, _res, next) => __awaiter(void 0, void 0, voi
     var _a;
     let user;
     try {
-        const signInToken = (_a = req.session) === null || _a === void 0 ? void 0 : _a.jwt;
-        user = jsonwebtoken_1.default.verify(signInToken, process.env.JWT_KEY);
+        // Check if this is an internal service-to-service call
+        const internalApiKey = req.headers["x-internal-api-key"];
+        if (internalApiKey) {
+            // Verify internal API key
+            const expectedApiKey = process.env.INTERNAL_API_KEY;
+            if (!expectedApiKey || internalApiKey !== expectedApiKey) {
+                throw new UnAuthorizedRequest_1.UnauthorizedRequest("Invalid internal API key");
+            }
+            // Get JWT token from header (Authorization header or x-jwt-token)
+            const authHeader = req.headers.authorization;
+            const signInToken = (authHeader && authHeader.startsWith("Bearer ")
+                ? authHeader.substring(7)
+                : authHeader) || req.headers["x-jwt-token"];
+            if (!signInToken) {
+                throw new UnAuthorizedRequest_1.UnauthorizedRequest("JWT token not provided in header");
+            }
+            user = jsonwebtoken_1.default.verify(signInToken, process.env.JWT_KEY);
+        }
+        else {
+            // Normal cookie-based authentication
+            const signInToken = (_a = req.session) === null || _a === void 0 ? void 0 : _a.jwt;
+            if (!signInToken) {
+                throw new UnAuthorizedRequest_1.UnauthorizedRequest("JWT token not found in session");
+            }
+            user = jsonwebtoken_1.default.verify(signInToken, process.env.JWT_KEY);
+        }
     }
     catch (error) {
+        if (error instanceof UnAuthorizedRequest_1.UnauthorizedRequest) {
+            throw error;
+        }
         throw new UnAuthorizedRequest_1.UnauthorizedRequest("Invalid token");
     }
     req.currentUser = user;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@psctickets/common",
-  "version": "1.0.38",
+  "version": "1.0.39",
   "description": "common package for tickets learning project",
   "main": "./build/index.js",
   "files": [