@riocrypto/common-server 1.0.2758 → 1.0.2760

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/build/middlewares/authorize.js +49 -42
  2. package/package.json +2 -2
package/build/middlewares/authorize.js CHANGED
@@ -74,58 +74,63 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
74
74
  }))());
75
75
  }
76
76
  }
77
- // Check for admin auth - only if needed
78
- if (authorizationTypes.includes(common_1.AuthorizationType.AdminAuth)) {
77
+ // Check for admin API key - only if needed
78
+ if (authorizationTypes.includes(common_1.AuthorizationType.AdminAPIKey)) {
79
79
  const adminApiKey = req.header("x-admin-api-key");
80
- const adminAccessToken = (_a = req.cookies) === null || _a === void 0 ? void 0 : _a.adminAccessToken;
81
- if (adminApiKey || adminAccessToken) {
80
+ if (adminApiKey) {
82
81
  promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
83
- var _d, _e;
82
+ var _d;
84
83
  const AdminAuth = yield (0, admin_auth_1.buildAdminAuth)(mongoose);
85
- if (adminApiKey) {
86
- try {
87
- const hashedAdminApiKey = yield apiKey_1.ApiKey.toHash(adminApiKey);
88
- const adminAuth = yield AdminAuth.findOne({
89
- "apiKeys.value": hashedAdminApiKey,
90
- });
91
- if (adminAuth) {
92
- req.adminAuth = adminAuth;
93
- }
94
- }
95
- catch (err) {
96
- (_d = logger_1.default.getLogger()) === null || _d === void 0 ? void 0 : _d.warn("Admin API key verification failed", {
97
- ip: req.headers["cf-connecting-ip"] || req.ip,
98
- });
84
+ try {
85
+ const hashedAdminApiKey = yield apiKey_1.ApiKey.toHash(adminApiKey);
86
+ const adminAuth = yield AdminAuth.findOne({
87
+ "apiKeys.value": hashedAdminApiKey,
88
+ });
89
+ if (adminAuth) {
90
+ req.adminAuth = adminAuth;
99
91
  }
100
92
  }
101
- else if (adminAccessToken) {
102
- try {
103
- const ADMIN_ACCESS_TOKEN_SECRET = yield secret_manager_client_1.secretManagerClient.getSecretValue("ADMIN_ACCESS_TOKEN_SECRET");
104
- if (!ADMIN_ACCESS_TOKEN_SECRET) {
105
- throw new Error("Unable to get ADMIN_ACCESS_TOKEN_SECRET");
106
- }
107
- const payload = jsonwebtoken_1.default.verify(adminAccessToken, ADMIN_ACCESS_TOKEN_SECRET);
108
- const adminAuth = yield AdminAuth.findById(payload.id);
109
- if (adminAuth) {
110
- // Check if token version matches (for server-side invalidation)
111
- if (payload.tokenVersion !== undefined &&
112
- adminAuth.tokenVersion !== undefined) {
113
- if (payload.tokenVersion === adminAuth.tokenVersion) {
114
- req.adminAuth = adminAuth;
115
- }
116
- }
117
- else {
118
- // Backward compatibility for tokens without version
93
+ catch (err) {
94
+ (_d = logger_1.default.getLogger()) === null || _d === void 0 ? void 0 : _d.warn("Admin API key verification failed", {
95
+ ip: req.headers["cf-connecting-ip"] || req.ip,
96
+ });
97
+ }
98
+ }))());
99
+ }
100
+ }
101
+ // Check for admin auth token - only if needed
102
+ if (authorizationTypes.includes(common_1.AuthorizationType.AdminAuth)) {
103
+ const adminAccessToken = (_a = req.cookies) === null || _a === void 0 ? void 0 : _a.adminAccessToken;
104
+ if (adminAccessToken) {
105
+ promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
106
+ var _e;
107
+ const AdminAuth = yield (0, admin_auth_1.buildAdminAuth)(mongoose);
108
+ try {
109
+ const ADMIN_ACCESS_TOKEN_SECRET = yield secret_manager_client_1.secretManagerClient.getSecretValue("ADMIN_ACCESS_TOKEN_SECRET");
110
+ if (!ADMIN_ACCESS_TOKEN_SECRET) {
111
+ throw new Error("Unable to get ADMIN_ACCESS_TOKEN_SECRET");
112
+ }
113
+ const payload = jsonwebtoken_1.default.verify(adminAccessToken, ADMIN_ACCESS_TOKEN_SECRET);
114
+ const adminAuth = yield AdminAuth.findById(payload.id);
115
+ if (adminAuth) {
116
+ // Check if token version matches (for server-side invalidation)
117
+ if (payload.tokenVersion !== undefined &&
118
+ adminAuth.tokenVersion !== undefined) {
119
+ if (payload.tokenVersion === adminAuth.tokenVersion) {
119
120
  req.adminAuth = adminAuth;
120
121
  }
121
122
  }
122
- }
123
- catch (err) {
124
- (_e = logger_1.default.getLogger()) === null || _e === void 0 ? void 0 : _e.warn("Admin JWT verification failed", {
125
- ip: req.headers["cf-connecting-ip"] || req.ip,
126
- });
123
+ else {
124
+ // Backward compatibility for tokens without version
125
+ req.adminAuth = adminAuth;
126
+ }
127
127
  }
128
128
  }
129
+ catch (err) {
130
+ (_e = logger_1.default.getLogger()) === null || _e === void 0 ? void 0 : _e.warn("Admin JWT verification failed", {
131
+ ip: req.headers["cf-connecting-ip"] || req.ip,
132
+ });
133
+ }
129
134
  }))());
130
135
  }
131
136
  }
@@ -290,6 +295,8 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
290
295
  req.isAuthMissing2FA) ||
291
296
  (authorizationTypes.includes(common_1.AuthorizationType.AdminAuth) &&
292
297
  req.adminAuth) ||
298
+ (authorizationTypes.includes(common_1.AuthorizationType.AdminAPIKey) &&
299
+ req.adminAuth) ||
293
300
  ((authorizationTypes.includes(common_1.AuthorizationType.User) ||
294
301
  authorizationTypes.includes(common_1.AuthorizationType.UserNoKYC)) &&
295
302
  req.user) ||
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@riocrypto/common-server",
3
- "version": "1.0.2758",
3
+ "version": "1.0.2760",
4
4
  "description": "",
5
5
  "main": "./build/index.js",
6
6
  "types": "./build/index.d.ts",
@@ -24,7 +24,7 @@
24
24
  "@google-cloud/secret-manager": "^5.6.0",
25
25
  "@google-cloud/storage": "^7.19.0",
26
26
  "@hyperdx/node-opentelemetry": "^0.10.3",
27
- "@riocrypto/common": "^1.0.2552",
27
+ "@riocrypto/common": "^1.0.2554",
28
28
  "@slack/web-api": "^7.15.0",
29
29
  "@types/express": "^4.17.25",
30
30
  "axios": "1.13.6",