@riocrypto/common-server 1.0.2757 → 1.0.2760

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/build/middlewares/authorize.d.ts +1 -0
  2. package/build/middlewares/authorize.js +67 -42
  3. package/package.json +3 -2
package/build/middlewares/authorize.d.ts CHANGED
@@ -12,6 +12,7 @@ declare global {
12
12
  user?: UserDoc;
13
13
  validClusterApiKey?: boolean;
14
14
  validGenisisAdminKey?: boolean;
15
+ validFXPricePusherApiKey?: boolean;
15
16
  isAuthMissing2FA?: boolean;
16
17
  indicativeQuoteAuth?: {
17
18
  email: string;
package/build/middlewares/authorize.js CHANGED
@@ -58,57 +58,78 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
58
58
  }))());
59
59
  }
60
60
  }
61
- // Check for admin auth - only if needed
62
- if (authorizationTypes.includes(common_1.AuthorizationType.AdminAuth)) {
61
+ // Check for FX price pusher API key - only if needed
62
+ if (authorizationTypes.includes(common_1.AuthorizationType.FXPricePusher)) {
63
+ const fxPricePusherApiKey = req.header("x-fx-price-pusher-api-key");
64
+ if (fxPricePusherApiKey) {
65
+ promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
66
+ const FX_PRICE_PUSHER_API_KEY = yield secret_manager_client_1.secretManagerClient.getSecretValue("FX_PRICE_PUSHER_API_KEY");
67
+ if (!FX_PRICE_PUSHER_API_KEY) {
68
+ throw new common_1.SecretManagerError();
69
+ }
70
+ if (fxPricePusherApiKey.length === FX_PRICE_PUSHER_API_KEY.length &&
71
+ crypto_1.default.timingSafeEqual(Buffer.from(fxPricePusherApiKey), Buffer.from(FX_PRICE_PUSHER_API_KEY))) {
72
+ req.validFXPricePusherApiKey = true;
73
+ }
74
+ }))());
75
+ }
76
+ }
77
+ // Check for admin API key - only if needed
78
+ if (authorizationTypes.includes(common_1.AuthorizationType.AdminAPIKey)) {
63
79
  const adminApiKey = req.header("x-admin-api-key");
64
- const adminAccessToken = (_a = req.cookies) === null || _a === void 0 ? void 0 : _a.adminAccessToken;
65
- if (adminApiKey || adminAccessToken) {
80
+ if (adminApiKey) {
66
81
  promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
67
- var _d, _e;
82
+ var _d;
68
83
  const AdminAuth = yield (0, admin_auth_1.buildAdminAuth)(mongoose);
69
- if (adminApiKey) {
70
- try {
71
- const hashedAdminApiKey = yield apiKey_1.ApiKey.toHash(adminApiKey);
72
- const adminAuth = yield AdminAuth.findOne({
73
- "apiKeys.value": hashedAdminApiKey,
74
- });
75
- if (adminAuth) {
76
- req.adminAuth = adminAuth;
77
- }
78
- }
79
- catch (err) {
80
- (_d = logger_1.default.getLogger()) === null || _d === void 0 ? void 0 : _d.warn("Admin API key verification failed", {
81
- ip: req.headers["cf-connecting-ip"] || req.ip,
82
- });
84
+ try {
85
+ const hashedAdminApiKey = yield apiKey_1.ApiKey.toHash(adminApiKey);
86
+ const adminAuth = yield AdminAuth.findOne({
87
+ "apiKeys.value": hashedAdminApiKey,
88
+ });
89
+ if (adminAuth) {
90
+ req.adminAuth = adminAuth;
83
91
  }
84
92
  }
85
- else if (adminAccessToken) {
86
- try {
87
- const ADMIN_ACCESS_TOKEN_SECRET = yield secret_manager_client_1.secretManagerClient.getSecretValue("ADMIN_ACCESS_TOKEN_SECRET");
88
- if (!ADMIN_ACCESS_TOKEN_SECRET) {
89
- throw new Error("Unable to get ADMIN_ACCESS_TOKEN_SECRET");
90
- }
91
- const payload = jsonwebtoken_1.default.verify(adminAccessToken, ADMIN_ACCESS_TOKEN_SECRET);
92
- const adminAuth = yield AdminAuth.findById(payload.id);
93
- if (adminAuth) {
94
- // Check if token version matches (for server-side invalidation)
95
- if (payload.tokenVersion !== undefined &&
96
- adminAuth.tokenVersion !== undefined) {
97
- if (payload.tokenVersion === adminAuth.tokenVersion) {
98
- req.adminAuth = adminAuth;
99
- }
100
- }
101
- else {
102
- // Backward compatibility for tokens without version
93
+ catch (err) {
94
+ (_d = logger_1.default.getLogger()) === null || _d === void 0 ? void 0 : _d.warn("Admin API key verification failed", {
95
+ ip: req.headers["cf-connecting-ip"] || req.ip,
96
+ });
97
+ }
98
+ }))());
99
+ }
100
+ }
101
+ // Check for admin auth token - only if needed
102
+ if (authorizationTypes.includes(common_1.AuthorizationType.AdminAuth)) {
103
+ const adminAccessToken = (_a = req.cookies) === null || _a === void 0 ? void 0 : _a.adminAccessToken;
104
+ if (adminAccessToken) {
105
+ promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
106
+ var _e;
107
+ const AdminAuth = yield (0, admin_auth_1.buildAdminAuth)(mongoose);
108
+ try {
109
+ const ADMIN_ACCESS_TOKEN_SECRET = yield secret_manager_client_1.secretManagerClient.getSecretValue("ADMIN_ACCESS_TOKEN_SECRET");
110
+ if (!ADMIN_ACCESS_TOKEN_SECRET) {
111
+ throw new Error("Unable to get ADMIN_ACCESS_TOKEN_SECRET");
112
+ }
113
+ const payload = jsonwebtoken_1.default.verify(adminAccessToken, ADMIN_ACCESS_TOKEN_SECRET);
114
+ const adminAuth = yield AdminAuth.findById(payload.id);
115
+ if (adminAuth) {
116
+ // Check if token version matches (for server-side invalidation)
117
+ if (payload.tokenVersion !== undefined &&
118
+ adminAuth.tokenVersion !== undefined) {
119
+ if (payload.tokenVersion === adminAuth.tokenVersion) {
103
120
  req.adminAuth = adminAuth;
104
121
  }
105
122
  }
123
+ else {
124
+ // Backward compatibility for tokens without version
125
+ req.adminAuth = adminAuth;
126
+ }
106
127
  }
107
- catch (err) {
108
- (_e = logger_1.default.getLogger()) === null || _e === void 0 ? void 0 : _e.warn("Admin JWT verification failed", {
109
- ip: req.headers["cf-connecting-ip"] || req.ip,
110
- });
111
- }
128
+ }
129
+ catch (err) {
130
+ (_e = logger_1.default.getLogger()) === null || _e === void 0 ? void 0 : _e.warn("Admin JWT verification failed", {
131
+ ip: req.headers["cf-connecting-ip"] || req.ip,
132
+ });
112
133
  }
113
134
  }))());
114
135
  }
@@ -266,12 +287,16 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
266
287
  req.validClusterApiKey) ||
267
288
  (authorizationTypes.includes(common_1.AuthorizationType.GenesisAdmin) &&
268
289
  req.validGenisisAdminKey) ||
290
+ (authorizationTypes.includes(common_1.AuthorizationType.FXPricePusher) &&
291
+ req.validFXPricePusherApiKey) ||
269
292
  (authorizationTypes.includes(common_1.AuthorizationType.Auth) && req.auth) ||
270
293
  (authorizationTypes.includes(common_1.AuthorizationType.AuthMissing2FA) &&
271
294
  req.auth &&
272
295
  req.isAuthMissing2FA) ||
273
296
  (authorizationTypes.includes(common_1.AuthorizationType.AdminAuth) &&
274
297
  req.adminAuth) ||
298
+ (authorizationTypes.includes(common_1.AuthorizationType.AdminAPIKey) &&
299
+ req.adminAuth) ||
275
300
  ((authorizationTypes.includes(common_1.AuthorizationType.User) ||
276
301
  authorizationTypes.includes(common_1.AuthorizationType.UserNoKYC)) &&
277
302
  req.user) ||
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@riocrypto/common-server",
3
- "version": "1.0.2757",
3
+ "version": "1.0.2760",
4
4
  "description": "",
5
5
  "main": "./build/index.js",
6
6
  "types": "./build/index.d.ts",
@@ -24,7 +24,7 @@
24
24
  "@google-cloud/secret-manager": "^5.6.0",
25
25
  "@google-cloud/storage": "^7.19.0",
26
26
  "@hyperdx/node-opentelemetry": "^0.10.3",
27
- "@riocrypto/common": "^1.0.2546",
27
+ "@riocrypto/common": "^1.0.2554",
28
28
  "@slack/web-api": "^7.15.0",
29
29
  "@types/express": "^4.17.25",
30
30
  "axios": "1.13.6",
@@ -38,6 +38,7 @@
38
38
  "jose": "^6.2.2",
39
39
  "jsonwebtoken": "^9.0.3",
40
40
  "lodash": "^4.17.23",
41
+ "logform": "2.7.0",
41
42
  "mongoose": "^8.23.0",
42
43
  "node-cache": "^5.1.2",
43
44
  "uuid": "^9.0.1",