@tungthedev/streams-server 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SECURITY.md +1 -1
- package/package.json +1 -1
- package/src/auth.ts +6 -4
package/SECURITY.md
CHANGED
|
@@ -22,7 +22,7 @@ When reporting a vulnerability, include:
|
|
|
22
22
|
The full Prisma Streams server requires an explicit startup auth mode:
|
|
23
23
|
|
|
24
24
|
- `--auth-strategy api-key` enables built-in API key authentication for every
|
|
25
|
-
request
|
|
25
|
+
request except `GET /health`
|
|
26
26
|
- `--no-auth` disables built-in authentication for deployments that rely on a
|
|
27
27
|
trusted external boundary
|
|
28
28
|
|
package/package.json
CHANGED
package/src/auth.ts
CHANGED
|
@@ -5,10 +5,10 @@ export type AuthConfig =
|
|
|
5
5
|
| {
|
|
6
6
|
mode: "none";
|
|
7
7
|
}
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
8
|
+
| {
|
|
9
|
+
mode: "api-key";
|
|
10
|
+
apiKeyBytes: Buffer;
|
|
11
|
+
};
|
|
12
12
|
|
|
13
13
|
export type AuthConfigError = {
|
|
14
14
|
message: string;
|
|
@@ -111,6 +111,8 @@ function credentialsMatch(config: Extract<AuthConfig, { mode: "api-key" }>, cred
|
|
|
111
111
|
|
|
112
112
|
export function authenticateRequest(config: AuthConfig, request: Request): Response | null {
|
|
113
113
|
if (config.mode === "none") return null;
|
|
114
|
+
const url = new URL(request.url);
|
|
115
|
+
if (request.method === "GET" && url.pathname === "/health") return null;
|
|
114
116
|
const credential = parseBearerCredential(request.headers.get("authorization"));
|
|
115
117
|
if (credential == null || !credentialsMatch(config, credential)) {
|
|
116
118
|
return unauthorized();
|