@spytecgps/lambda-utils 2.3.24 → 2.3.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +5 -2
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -169,7 +169,7 @@ const SpytecJoi = Joi__namespace.extend((joi) => ({
|
|
|
169
169
|
const getAuthorizerValidator = (params = {}) => {
|
|
170
170
|
return Joi__namespace.object({
|
|
171
171
|
clientId: Joi__namespace.number().greater(0).required(),
|
|
172
|
-
userId: Joi__namespace.string().guid({ version: 'uuidv4' }).required(),
|
|
172
|
+
userId: Joi__namespace.string().guid( /*{ version: 'uuidv4' }*/).required(),
|
|
173
173
|
resources: json.object({}),
|
|
174
174
|
scope: Joi__namespace.string().optional(),
|
|
175
175
|
// .error(() => new UnauthorizedError(`missing scope ${scope}`))
|
|
@@ -498,7 +498,10 @@ const offlineAuthMiddleware = ({ authFunctionName = 'spytec-web-api-auth-prod-Au
|
|
|
498
498
|
// Extract Bearer token from the Authorization header
|
|
499
499
|
const authHeader = event.headers?.Authorization || event.headers?.authorization;
|
|
500
500
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
501
|
-
throw new Error('Authorization header is missing or invalid')
|
|
501
|
+
// throw new Error('Authorization header is missing or invalid')
|
|
502
|
+
// if we can't extract the token, this is is a public route, ignore it
|
|
503
|
+
sdkLogger.logger.warn('Authorization header is missing or invalid, skipping fake offline authorization');
|
|
504
|
+
return;
|
|
502
505
|
}
|
|
503
506
|
const token = authHeader.slice(7); // Remove 'Bearer ' prefix
|
|
504
507
|
// Prepare payload for the auth function
|