npm - @riocrypto/common-server - Versions diffs - 1.0.2705 → 1.0.2708 - Mend

@riocrypto/common-server 1.0.2705 → 1.0.2708

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/build/clients/cluster-client.d.ts +1 -1
package/build/clients/cluster-client.js +2 -2
package/build/middlewares/authorize.js +5 -2
package/build/models/auth.d.ts +4 -0
package/build/models/auth.js +9 -0
package/package.json +1 -1

package/build/clients/cluster-client.d.ts CHANGED Viewed

@@ -92,7 +92,7 @@ declare class ClusterClient {
         hasAuthenticatorEnabled: boolean;
     }>;
     verifyCode(phoneNumber: string, code?: string, authenticatorCode?: string): Promise<void>;
-    sendEmailVerificationCode(email: string): Promise<{
+    sendEmailVerificationCode(email: string, forceEmail?: boolean): Promise<{
         hasAuthenticatorEnabled: boolean;
     }>;
     verifyEmailCode(email: string, code: string): Promise<void>;

package/build/clients/cluster-client.js CHANGED Viewed

@@ -302,9 +302,9 @@ class ClusterClient {
             });
         });
     }
-    sendEmailVerificationCode(email) {
+    sendEmailVerificationCode(email, forceEmail) {
         return __awaiter(this, void 0, void 0, function* () {
-            const response = yield this.axios.post(`${this.baseUrl}/api/auth/email/send-verification`, { email }, {
+            const response = yield this.axios.post(`${this.baseUrl}/api/auth/email/send-verification`, { email, forceEmail }, {
                 headers: {
                     "x-cluster-api-key": this.clusterApiKey,
                 },

package/build/middlewares/authorize.js CHANGED Viewed

@@ -13,6 +13,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.authorize = void 0;
+const crypto_1 = __importDefault(require("crypto"));
 const user_1 = require("../models/user");
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const common_1 = require("@riocrypto/common");
@@ -33,7 +34,8 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
                 if (!CLUSTER_API_KEY) {
                     throw new common_1.SecretManagerError();
                 }
-                if (apiKey === CLUSTER_API_KEY) {
+                if (apiKey.length === CLUSTER_API_KEY.length &&
+                    crypto_1.default.timingSafeEqual(Buffer.from(apiKey), Buffer.from(CLUSTER_API_KEY))) {
                     req.validClusterApiKey = true;
                 }
             }))());
@@ -48,7 +50,8 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
                 if (!GENESIS_ADMIN_KEY) {
                     throw new common_1.SecretManagerError();
                 }
-                if (apiKey === GENESIS_ADMIN_KEY) {
+                if (apiKey.length === GENESIS_ADMIN_KEY.length &&
+                    crypto_1.default.timingSafeEqual(Buffer.from(apiKey), Buffer.from(GENESIS_ADMIN_KEY))) {
                     req.validGenisisAdminKey = true;
                 }
             }))());

package/build/models/auth.d.ts CHANGED Viewed

@@ -33,6 +33,8 @@ interface AuthAttrs {
     emailVerificationCode?: string;
     emailVerificationExpires?: Date;
     emailVerificationAttempts?: number;
+    securityAnswerAttempts?: number;
+    securityAnswerLockedUntil?: Date;
     authMethod?: AuthMethod;
     twoFactorConfigured?: boolean;
     twoFactorMethod?: string;
@@ -70,6 +72,8 @@ interface AuthDoc extends Document {
     emailVerificationCode?: string;
     emailVerificationExpires?: Date;
     emailVerificationAttempts?: number;
+    securityAnswerAttempts?: number;
+    securityAnswerLockedUntil?: Date;
     authMethod?: AuthMethod;
     twoFactorConfigured?: boolean;
     twoFactorMethod?: string;

package/build/models/auth.js CHANGED Viewed

@@ -125,6 +125,13 @@ const buildAuth = (mongoose) => {
             type: Number,
             default: 0,
         },
+        securityAnswerAttempts: {
+            type: Number,
+            default: 0,
+        },
+        securityAnswerLockedUntil: {
+            type: Date,
+        },
         authMethod: {
             type: String,
         },
@@ -151,6 +158,8 @@ const buildAuth = (mongoose) => {
                 delete ret.emailVerificationCode;
                 delete ret.emailVerificationExpires;
                 delete ret.emailVerificationAttempts;
+                delete ret.securityAnswerAttempts;
+                delete ret.securityAnswerLockedUntil;
                 for (let apiKey of ret.apiKeys) {
                     delete apiKey.value;
                 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@riocrypto/common-server",
-  "version": "1.0.2705",
+  "version": "1.0.2708",
   "description": "",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",