@riocrypto/common-server 1.0.2744 → 1.0.2745

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/build/clients/slack-client.d.ts +4 -3
  2. package/build/clients/slack-client.js +33 -4
  3. package/build/middlewares/authorize.js +42 -9
  4. package/build/middlewares/verify-csrf-token.js +4 -2
  5. package/package.json +3 -2
package/build/clients/slack-client.d.ts CHANGED
@@ -1,7 +1,8 @@
1
1
  declare class SlackClient {
2
- private axiosClient;
3
- constructor();
4
- sendMessageWithWebhook(message: string, webhookUrl: string): Promise<void>;
2
+ private webClient;
3
+ private initPromise;
4
+ private init;
5
+ sendMessage(message: string, channelId: string): Promise<void>;
5
6
  }
6
7
  export declare const slackClient: SlackClient;
7
8
  export {};
package/build/clients/slack-client.js CHANGED
@@ -13,18 +13,47 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
13
13
  };
14
14
  Object.defineProperty(exports, "__esModule", { value: true });
15
15
  exports.slackClient = void 0;
16
+ const web_api_1 = require("@slack/web-api");
16
17
  const logger_1 = __importDefault(require("../services/logger"));
17
- const axios_with_logging_1 = require("./axios-with-logging");
18
+ const secret_manager_client_1 = require("./secret-manager-client");
18
19
  class SlackClient {
19
20
  constructor() {
20
- this.axiosClient = (0, axios_with_logging_1.buildAxiosWithLogging)();
21
+ this.webClient = null;
22
+ this.initPromise = null;
21
23
  }
22
- sendMessageWithWebhook(message, webhookUrl) {
24
+ init() {
25
+ return __awaiter(this, void 0, void 0, function* () {
26
+ if (this.webClient)
27
+ return;
28
+ if (this.initPromise) {
29
+ yield this.initPromise;
30
+ return;
31
+ }
32
+ this.initPromise = (() => __awaiter(this, void 0, void 0, function* () {
33
+ var _a;
34
+ try {
35
+ const token = yield secret_manager_client_1.secretManagerClient.getSecretValue("RIO_CHECKOUT_SLACK_BOT_TOKEN");
36
+ if (token) {
37
+ this.webClient = new web_api_1.WebClient(token);
38
+ }
39
+ }
40
+ catch (error) {
41
+ (_a = logger_1.default.getLogger()) === null || _a === void 0 ? void 0 : _a.error(error);
42
+ }
43
+ }))();
44
+ yield this.initPromise;
45
+ });
46
+ }
47
+ sendMessage(message, channelId) {
23
48
  var _a;
24
49
  return __awaiter(this, void 0, void 0, function* () {
25
50
  try {
26
- yield this.axiosClient.post(webhookUrl, {
51
+ yield this.init();
52
+ if (!this.webClient)
53
+ return;
54
+ yield this.webClient.chat.postMessage({
27
55
  text: message,
56
+ channel: channelId,
28
57
  });
29
58
  }
30
59
  catch (error) {
package/build/middlewares/authorize.js CHANGED
@@ -21,6 +21,7 @@ const auth_1 = require("../models/auth");
21
21
  const apiKey_1 = require("../services/apiKey");
22
22
  const secret_manager_client_1 = require("../clients/secret-manager-client");
23
23
  const admin_auth_1 = require("../models/admin-auth");
24
+ const logger_1 = __importDefault(require("../services/logger"));
24
25
  const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(void 0, void 0, void 0, function* () {
25
26
  var _a, _b, _c;
26
27
  // Prepare promises for parallel execution
@@ -63,6 +64,7 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
63
64
  const adminAccessToken = (_a = req.cookies) === null || _a === void 0 ? void 0 : _a.adminAccessToken;
64
65
  if (adminApiKey || adminAccessToken) {
65
66
  promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
67
+ var _d, _e;
66
68
  const AdminAuth = yield (0, admin_auth_1.buildAdminAuth)(mongoose);
67
69
  if (adminApiKey) {
68
70
  try {
@@ -74,7 +76,11 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
74
76
  req.adminAuth = adminAuth;
75
77
  }
76
78
  }
77
- catch (err) { }
79
+ catch (err) {
80
+ (_d = logger_1.default.getLogger()) === null || _d === void 0 ? void 0 : _d.warn("Admin API key verification failed", {
81
+ ip: req.headers["cf-connecting-ip"] || req.ip,
82
+ });
83
+ }
78
84
  }
79
85
  else if (adminAccessToken) {
80
86
  try {
@@ -88,7 +94,7 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
88
94
  // Check if token version matches (for server-side invalidation)
89
95
  if (payload.tokenVersion !== undefined &&
90
96
  adminAuth.tokenVersion !== undefined) {
91
- if (payload.tokenVersion >= adminAuth.tokenVersion) {
97
+ if (payload.tokenVersion === adminAuth.tokenVersion) {
92
98
  req.adminAuth = adminAuth;
93
99
  }
94
100
  }
@@ -98,7 +104,11 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
98
104
  }
99
105
  }
100
106
  }
101
- catch (err) { }
107
+ catch (err) {
108
+ (_e = logger_1.default.getLogger()) === null || _e === void 0 ? void 0 : _e.warn("Admin JWT verification failed", {
109
+ ip: req.headers["cf-connecting-ip"] || req.ip,
110
+ });
111
+ }
102
112
  }
103
113
  }))());
104
114
  }
@@ -112,6 +122,7 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
112
122
  const accessToken = (_b = req.cookies) === null || _b === void 0 ? void 0 : _b.accessToken;
113
123
  if (apiKey || accessToken) {
114
124
  promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
125
+ var _f, _g, _h;
115
126
  const Auth = yield (0, auth_1.buildAuth)(mongoose);
116
127
  let authId = null;
117
128
  if (apiKey) {
@@ -125,7 +136,11 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
125
136
  authId = auth.id;
126
137
  }
127
138
  }
128
- catch (err) { }
139
+ catch (err) {
140
+ (_f = logger_1.default.getLogger()) === null || _f === void 0 ? void 0 : _f.warn("User API key verification failed", {
141
+ ip: req.headers["cf-connecting-ip"] || req.ip,
142
+ });
143
+ }
129
144
  }
130
145
  else if (accessToken) {
131
146
  try {
@@ -139,7 +154,7 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
139
154
  // Check if token version matches (for server-side invalidation)
140
155
  if (payload.tokenVersion !== undefined &&
141
156
  auth.tokenVersion !== undefined) {
142
- if (payload.tokenVersion >= auth.tokenVersion) {
157
+ if (payload.tokenVersion === auth.tokenVersion) {
143
158
  req.auth = auth;
144
159
  authId = auth.id;
145
160
  }
@@ -151,7 +166,11 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
151
166
  }
152
167
  }
153
168
  }
154
- catch (err) { }
169
+ catch (err) {
170
+ (_g = logger_1.default.getLogger()) === null || _g === void 0 ? void 0 : _g.warn("User JWT verification failed", {
171
+ ip: req.headers["cf-connecting-ip"] || req.ip,
172
+ });
173
+ }
155
174
  }
156
175
  // Only fetch user if we need it and we have an auth ID
157
176
  const needsUser = authorizationTypes.includes(common_1.AuthorizationType.UserNoKYC) ||
@@ -173,7 +192,11 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
173
192
  }
174
193
  }
175
194
  }
176
- catch (err) { }
195
+ catch (err) {
196
+ (_h = logger_1.default.getLogger()) === null || _h === void 0 ? void 0 : _h.warn("User lookup failed", {
197
+ ip: req.headers["cf-connecting-ip"] || req.ip,
198
+ });
199
+ }
177
200
  }
178
201
  }))());
179
202
  }
@@ -183,6 +206,7 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
183
206
  const authMissing2FAToken = (_c = req.cookies) === null || _c === void 0 ? void 0 : _c.authMissing2FAToken;
184
207
  if (authMissing2FAToken) {
185
208
  promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
209
+ var _j;
186
210
  try {
187
211
  const AUTH_MISSING_2FA_SECRET = yield secret_manager_client_1.secretManagerClient.getSecretValue("AUTH_MISSING_2FA_SECRET");
188
212
  if (!AUTH_MISSING_2FA_SECRET) {
@@ -196,7 +220,11 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
196
220
  req.isAuthMissing2FA = true;
197
221
  }
198
222
  }
199
- catch (err) { }
223
+ catch (err) {
224
+ (_j = logger_1.default.getLogger()) === null || _j === void 0 ? void 0 : _j.warn("AuthMissing2FA JWT verification failed", {
225
+ ip: req.headers["cf-connecting-ip"] || req.ip,
226
+ });
227
+ }
200
228
  }))());
201
229
  }
202
230
  }
@@ -208,6 +236,7 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
208
236
  : null;
209
237
  if (token) {
210
238
  promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
239
+ var _k;
211
240
  try {
212
241
  const INDICATIVE_PAGE_TOKEN_SECRET = yield secret_manager_client_1.secretManagerClient.getSecretValue("INDICATIVE_PAGE_TOKEN_SECRET");
213
242
  if (!INDICATIVE_PAGE_TOKEN_SECRET) {
@@ -221,7 +250,11 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
221
250
  };
222
251
  }
223
252
  }
224
- catch (err) { }
253
+ catch (err) {
254
+ (_k = logger_1.default.getLogger()) === null || _k === void 0 ? void 0 : _k.warn("Indicative quote auth verification failed", {
255
+ ip: req.headers["cf-connecting-ip"] || req.ip,
256
+ });
257
+ }
225
258
  }))());
226
259
  }
227
260
  }
package/build/middlewares/verify-csrf-token.js CHANGED
@@ -19,8 +19,10 @@ const common_1 = require("@riocrypto/common");
19
19
  const verifyCsrfToken = (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
20
20
  // Check for the presence of accessToken or adminAccessToken cookies
21
21
  const hasAccessToken = req.cookies.accessToken || req.cookies.adminAccessToken;
22
- // Skip CSRF check if the request path contains "notification"
23
- if (req.path.toLowerCase().includes("notification")) {
22
+ const normalizedPath = req.path.toLowerCase();
23
+ if (normalizedPath.includes("/notifications/") ||
24
+ normalizedPath.endsWith("/notifications") ||
25
+ normalizedPath.includes("/cosigner-notification")) {
24
26
  return next();
25
27
  }
26
28
  // Only apply CSRF check if accessToken or adminAccessToken cookies are present
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@riocrypto/common-server",
3
- "version": "1.0.2744",
3
+ "version": "1.0.2745",
4
4
  "description": "",
5
5
  "main": "./build/index.js",
6
6
  "types": "./build/index.d.ts",
@@ -28,7 +28,8 @@
28
28
  "@google-cloud/secret-manager": "^5.3.0",
29
29
  "@google-cloud/storage": "^6.9.5",
30
30
  "@hyperdx/node-opentelemetry": "^0.7.0",
31
- "@riocrypto/common": "^1.0.2536",
31
+ "@riocrypto/common": "^1.0.2537",
32
+ "@slack/web-api": "^7.9.2",
32
33
  "@types/express": "^4.17.13",
33
34
  "axios": "^1.7.4",
34
35
  "crypto-js": "^4.2.0",