@rabstack/rab-api 1.5.0 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.cjs.js +6 -1
- package/index.esm.js +6 -1
- package/package.json +1 -2
package/index.cjs.js
CHANGED
|
@@ -573,18 +573,23 @@ const controllerHandler = (controller, config)=>{
|
|
|
573
573
|
|
|
574
574
|
const authHandler = (isProtected, config)=>(req, res, next)=>{
|
|
575
575
|
console.log('authHandler:', req.path, ':isProtected:', isProtected);
|
|
576
|
-
if (!isProtected) return next();
|
|
577
576
|
const token = extractTokenFromHeader(req);
|
|
577
|
+
// If not protected and no token, just continue
|
|
578
|
+
if (!isProtected && !token) return next();
|
|
579
|
+
// If no token but route is protected, throw error
|
|
578
580
|
if (!token) {
|
|
579
581
|
console.log('authHandler:UnauthorizedException:Token Not Found');
|
|
580
582
|
throw new UnauthorizedException('Unauthorized', config.errorCode);
|
|
581
583
|
}
|
|
584
|
+
// Token exists - verify it
|
|
582
585
|
try {
|
|
583
586
|
const payload = jwt.verify(token, config.jwt.secret_key);
|
|
584
587
|
req['auth'] = payload;
|
|
585
588
|
return next();
|
|
586
589
|
} catch (err) {
|
|
587
590
|
console.error('authHandler:JWT Error:', err.message);
|
|
591
|
+
// If not protected, continue without auth even if token is invalid
|
|
592
|
+
if (!isProtected) return next();
|
|
588
593
|
throw new UnauthorizedException('Unauthorized', config.errorCode);
|
|
589
594
|
}
|
|
590
595
|
};
|
package/index.esm.js
CHANGED
|
@@ -571,18 +571,23 @@ const controllerHandler = (controller, config)=>{
|
|
|
571
571
|
|
|
572
572
|
const authHandler = (isProtected, config)=>(req, res, next)=>{
|
|
573
573
|
console.log('authHandler:', req.path, ':isProtected:', isProtected);
|
|
574
|
-
if (!isProtected) return next();
|
|
575
574
|
const token = extractTokenFromHeader(req);
|
|
575
|
+
// If not protected and no token, just continue
|
|
576
|
+
if (!isProtected && !token) return next();
|
|
577
|
+
// If no token but route is protected, throw error
|
|
576
578
|
if (!token) {
|
|
577
579
|
console.log('authHandler:UnauthorizedException:Token Not Found');
|
|
578
580
|
throw new UnauthorizedException('Unauthorized', config.errorCode);
|
|
579
581
|
}
|
|
582
|
+
// Token exists - verify it
|
|
580
583
|
try {
|
|
581
584
|
const payload = jwt.verify(token, config.jwt.secret_key);
|
|
582
585
|
req['auth'] = payload;
|
|
583
586
|
return next();
|
|
584
587
|
} catch (err) {
|
|
585
588
|
console.error('authHandler:JWT Error:', err.message);
|
|
589
|
+
// If not protected, continue without auth even if token is invalid
|
|
590
|
+
if (!isProtected) return next();
|
|
586
591
|
throw new UnauthorizedException('Unauthorized', config.errorCode);
|
|
587
592
|
}
|
|
588
593
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rabstack/rab-api",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.7.0",
|
|
4
4
|
"description": "A TypeScript REST API framework built on Express.js with decorator-based routing, dependency injection, and built-in validation",
|
|
5
5
|
"author": "Softin",
|
|
6
6
|
"license": "MIT",
|
|
@@ -20,7 +20,6 @@
|
|
|
20
20
|
"peerDependencies": {
|
|
21
21
|
"express": "^5.1.0",
|
|
22
22
|
"typedi": "^0.10.0",
|
|
23
|
-
"joi": "^17.0.0",
|
|
24
23
|
"jsonwebtoken": "^9.0.0",
|
|
25
24
|
"compose-middleware": "^5.0.0",
|
|
26
25
|
"reflect-metadata": "^0.2.2"
|