npm - @punks/backend-entity-manager - Versions diffs - 0.0.241 → 0.0.243 - Mend

@punks/backend-entity-manager 0.0.241 → 0.0.243

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/dist/cjs/index.js CHANGED Viewed

@@ -3626,12 +3626,14 @@ const CurrentUser = common.createParamDecorator((data, context) => {
 });
 const AuthenticationExtensionSymbols = {
+    ApiKeysService: Symbol.for("WP.EXT:AUTHENTICATION.API_KEYS_SERVICE"),
+    UserRolesService: Symbol.for("WP.EXT:AUTHENTICATION.USER_ROLES_SERVICE"),
     UserService: Symbol.for("WP.EXT:AUTHENTICATION.USER_SERVICE"),
-    RolesService: Symbol.for("WP.EXT:AUTHENTICATION.ROLES_SERVICE"),
     PermissionsService: Symbol.for("WP.EXT:AUTHENTICATION.PERMISSIONS_SERVICE"),
-    UserRolesService: Symbol.for("WP.EXT:AUTHENTICATION.USER_ROLES_SERVICE"),
+    RolesService: Symbol.for("WP.EXT:AUTHENTICATION.ROLES_SERVICE"),
 };
 const AuthenticationGuardsSymbols = {
+    ApiKey: "guard:apiKey",
     Authenticated: "guard:authenticated",
     Public: "guard:public",
     Roles: "guard:roles",
@@ -3644,6 +3646,7 @@ const Authenticated = () => common.SetMetadata(AuthenticationGuardsSymbols.Authe
 const Permissions = (...permissions) => common.SetMetadata(AuthenticationGuardsSymbols.Permissions, permissions);
 const Roles = (...roles) => common.SetMetadata(AuthenticationGuardsSymbols.Roles, roles);
 const MemberOf = (...groups) => common.SetMetadata(AuthenticationGuardsSymbols.MemberOf, groups);
+const ApiKeyAccess = () => common.SetMetadata(AuthenticationGuardsSymbols.ApiKey, true);
 const buildRolesGuard = ({ mainRole, secondaryRoles, }, options) => Roles(mainRole.uid, ...(!options?.exact && secondaryRoles
     ? secondaryRoles.map((role) => role.uid)
     : []));
@@ -3657,6 +3660,8 @@ const WpUserService = () => common.applyDecorators(common.Injectable(), common.S
 const WpUserRolesService = () => common.applyDecorators(common.Injectable(), common.SetMetadata(AuthenticationExtensionSymbols.UserRolesService, true));
+const WpApiKeysService = () => common.applyDecorators(common.Injectable(), common.SetMetadata(AuthenticationExtensionSymbols.ApiKeysService, true));
 const AuthenticationEmailTemplates = {
     Registration: "registration",
     PasswordReset: "passwordReset",
@@ -3737,6 +3742,19 @@ exports.AuthGuard = AuthGuard_1 = class AuthGuard {
             return true;
         }
         const auth = this.getCurrentAuth(context);
+        const isApiRoute = this.getIsApiRoute(context);
+        if (isApiRoute) {
+            if (auth?.apiKey && !auth.apiKey.disabled) {
+                this.logger.debug(`Authorized:true -> api route with valid api key`, this.getContextInfo({
+                    context,
+                }));
+                return true;
+            }
+            this.logger.debug(`Authorized:false -> api route without api key`, this.getContextInfo({
+                context,
+            }));
+            return false;
+        }
         const allowedRoles = this.getAllowedRoles(context);
         if (allowedRoles) {
             const isAllowed = this.isRoleMatching(allowedRoles, auth?.roles ?? []);
@@ -3805,6 +3823,9 @@ exports.AuthGuard = AuthGuard_1 = class AuthGuard {
     getIsPublic(context) {
         return this.getMetadata(AuthenticationGuardsSymbols.Public, context);
     }
+    getIsApiRoute(context) {
+        return this.getMetadata(AuthenticationGuardsSymbols.ApiKey, context);
+    }
     getAllowedRoles(context) {
         return this.getMetadata(AuthenticationGuardsSymbols.Roles, context);
     }
@@ -3813,8 +3834,9 @@ exports.AuthGuard = AuthGuard_1 = class AuthGuard {
     }
     getCurrentAuth(context) {
         const request = context.switchToHttp()?.getRequest();
-        return request?.auth?.user
+        return request?.auth?.user || request.auth?.apiKey
             ? {
+                apiKey: request.auth.apiKey,
                 user: request.auth.user,
                 roles: request.auth.roles,
                 permissions: request.auth.permissions,
@@ -3827,12 +3849,21 @@ exports.AuthGuard = AuthGuard_1 = class AuthGuard {
             context.getClass(),
         ]);
     }
-    getContextInfo({ context, user, roles, permissions, }) {
+    getContextInfo({ context, apiKey, user, roles, permissions, }) {
         return {
             request: {
                 path: context.switchToHttp()?.getRequest()?.path,
                 method: context.switchToHttp()?.getRequest()?.method,
             },
+            ...(apiKey
+                ? {
+                    apiKey: {
+                        key: `${apiKey.key.substring(0, 7)}*****${apiKey.key.slice(-2)}`,
+                        name: apiKey.name,
+                        organizationId: apiKey.organization?.id,
+                    },
+                }
+                : {}),
             ...(user
                 ? {
                     user: {
@@ -21759,6 +21790,9 @@ exports.SecretsService = __decorate([
 ], exports.SecretsService);
 let AuthenticationServicesResolver = class AuthenticationServicesResolver {
+    registerApiKeysService(service) {
+        this.apiKeysService = service;
+    }
     registerUsersService(usersService) {
         this.usersService = usersService;
     }
@@ -21771,6 +21805,12 @@ let AuthenticationServicesResolver = class AuthenticationServicesResolver {
     registerUserRolesService(userRolesService) {
         this.usersRolesService = userRolesService;
     }
+    getApiKeysService() {
+        if (!this.apiKeysService) {
+            throw new Error("Api keys service is not registered");
+        }
+        return this.apiKeysService;
+    }
     getUsersService() {
         if (!this.usersService) {
             throw new Error("Users service is not registered");
@@ -22451,6 +22491,9 @@ exports.AuthenticationService = class AuthenticationService {
     async userTokenVerify(input) {
         return await this.userTokenVerifyHandler.execute(input);
     }
+    get apiKeysService() {
+        return this.resolver.getApiKeysService();
+    }
     get usersService() {
         return this.resolver.getUsersService();
     }
@@ -23102,6 +23145,7 @@ let AuthenticationInitializer = AuthenticationInitializer_1 = class Authenticati
         await this.registerPermissionsService();
         await this.registerUsersService();
         await this.registerUserRolesService();
+        await this.registerApiKeysService();
         this.logger.log("Authentication initialized 🔑");
     }
     async registerRolesService() {
@@ -23136,6 +23180,15 @@ let AuthenticationInitializer = AuthenticationInitializer_1 = class Authenticati
         this.registry.registerUserRolesService(service.discoveredClass.instance);
         this.logger.log(`Authentication user roles service ${service.discoveredClass.name} registered`);
     }
+    async registerApiKeysService() {
+        const service = await this.discoverApiKeysService();
+        if (!service) {
+            console.warn("No api keys service found");
+            return;
+        }
+        this.registry.registerApiKeysService(service.discoveredClass.instance);
+        this.logger.log(`Authentication api key service ${service.discoveredClass.name} registered`);
+    }
     async discoverUserService() {
         return await this.discover.providerWithMetaAtKey(AuthenticationExtensionSymbols.UserService);
     }
@@ -23148,6 +23201,9 @@ let AuthenticationInitializer = AuthenticationInitializer_1 = class Authenticati
     async discoverUserRolesService() {
         return await this.discover.providerWithMetaAtKey(AuthenticationExtensionSymbols.UserRolesService);
     }
+    async discoverApiKeysService() {
+        return await this.discover.providerWithMetaAtKey(AuthenticationExtensionSymbols.ApiKeysService);
+    }
 };
 AuthenticationInitializer = AuthenticationInitializer_1 = __decorate([
     WpAppInitializer(),
@@ -23203,6 +23259,16 @@ let AuthenticationMiddleware = class AuthenticationMiddleware {
         this.authService = authService;
     }
     async use(req, res, next) {
+        let authData = null;
+        const apiKey = this.extractApiKeyFromHeader(req);
+        if (apiKey) {
+            const entry = await this.authService.apiKeysService.find(apiKey);
+            if (entry && !entry.disabled) {
+                authData = {
+                    apiKey: entry,
+                };
+            }
+        }
         const token = this.extractTokenFromHeader(req);
         if (token) {
             const parsedToken = await this.authService.userTokenVerify({ token });
@@ -23213,15 +23279,18 @@ let AuthenticationMiddleware = class AuthenticationMiddleware {
                 const organizationalUnits = user
                     ? await this.getUserOrganizationalUnits(user)
                     : [];
-                const authData = {
+                authData = {
+                    ...(authData ?? {}),
                     user,
                     roles,
                     permissions,
                     organizationalUnits,
                 };
-                req.auth = await this.postProcessContext(authData);
             }
         }
+        if (authData) {
+            req.auth = await this.postProcessContext(authData);
+        }
         next();
     }
     async postProcessContext(authData) {
@@ -23259,6 +23328,10 @@ let AuthenticationMiddleware = class AuthenticationMiddleware {
         const [type, token] = request.headers.authorization?.split(" ") ?? [];
         return type === "Bearer" ? token : undefined;
     }
+    extractApiKeyFromHeader(request) {
+        const [type, token] = request.headers.authorization?.split(" ") ?? [];
+        return type === "ApiKey" ? token : undefined;
+    }
 };
 AuthenticationMiddleware = __decorate([
     common.Injectable(),
@@ -23756,6 +23829,7 @@ AwsS3FileProvider = __decorate([
 var AwsBucketModule_1;
 const ModuleData$5 = {
     providers: [exports.AwsS3BucketProvider, AwsS3FileProvider],
+    exports: [exports.AwsS3BucketProvider, AwsS3FileProvider],
 };
 exports.AwsBucketModule = AwsBucketModule_1 = class AwsBucketModule {
     static forRoot(input) {
@@ -32443,6 +32517,7 @@ exports.AwsSecretsModule = AwsSecretsModule_1 = __decorate([
 ], exports.AwsSecretsModule);
 exports.AUTHENTICATION_EVENTS_NAMESPACE = AUTHENTICATION_EVENTS_NAMESPACE;
+exports.ApiKeyAccess = ApiKeyAccess;
 exports.AppExceptionsFilterBase = AppExceptionsFilterBase;
 exports.AppInMemorySettings = AppInMemorySettings;
 exports.Authenticated = Authenticated;
@@ -32491,6 +32566,7 @@ exports.SendgridEmailTemplate = SendgridEmailTemplate;
 exports.TypeOrmQueryBuilder = TypeOrmQueryBuilder;
 exports.TypeOrmRepository = TypeOrmRepository;
 exports.TypeormCacheInstance = TypeormCacheInstance;
+exports.WpApiKeysService = WpApiKeysService;
 exports.WpAppInitializer = WpAppInitializer;
 exports.WpAwsSesEmailTemplate = WpAwsSesEmailTemplate;
 exports.WpBucketProvider = WpBucketProvider;