npm - @universis/janitor - Versions diffs - 1.10.0 → 1.12.0 - Mend

@universis/janitor 1.10.0 → 1.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,11 +1,13 @@
 import * as _themost_common from '@themost/common';
-import { ApplicationService, ApplicationBase, ConfigurationStrategy, ConfigurationBase } from '@themost/common';
+import { ApplicationService, ApplicationBase, ConfigurationStrategy, ConfigurationBase, HttpForbiddenError, HttpError } from '@themost/common';
 import { Router, Application, Handler, Request as Request$1 } from 'express';
 import { Store, Options } from 'express-rate-limit';
 import { BehaviorSubject } from 'rxjs';
 import { Store as Store$1, Options as Options$1 } from 'express-slow-down';
 import RedisStore from 'rate-limit-redis';
 import { DataContext } from '@themost/data';
+import BearerStrategy from 'passport-http-bearer';
+import { Authenticator } from 'passport';
 declare type RateLimitStoreConstructor = new (...arg: unknown[]) => Store;
@@ -250,5 +252,133 @@ declare class AppSpeedLimitService extends SpeedLimitService {
     constructor(app: _themost_common.ApplicationBase);
 }
-export { AppRateLimitService, AppSpeedLimitService, DefaultScopeAccessConfiguration, EnableScopeAccessConfiguration, ExtendScopeAccessConfiguration, OAuth2ClientService, RateLimitService, RedisClientStore, RemoteAddressValidator, ScopeAccessConfiguration, ScopeString, SpeedLimitService, validateScope };
+declare class HttpBearerTokenRequired extends HttpError {
+    constructor() {
+        super(499, 'A token is required to fulfill the request.');
+        this.code = 'E_TOKEN_REQUIRED';
+        this.title = 'Token Required';
+    }
+}
+declare class HttpBearerTokenNotFound extends HttpError {
+    constructor() {
+        super(498, 'Token was not found.');
+        this.code = 'E_TOKEN_NOT_FOUND';
+        this.title = 'Invalid token';
+    }
+}
+declare class HttpBearerTokenExpired extends HttpError {
+    constructor() {
+        super(498, 'Token was expired or is in invalid state.');
+        this.code = 'E_TOKEN_EXPIRED';
+        this.title = 'Invalid token';
+    }
+}
+declare class HttpAccountDisabled extends HttpForbiddenError {
+    constructor() {
+        super('Access is denied. User account is disabled.');
+        this.code = 'E_ACCOUNT_DISABLED';
+        this.statusCode = 403.2;
+        this.title = 'Disabled account';
+    }
+}
+declare class HttpBearerStrategy extends BearerStrategy {
+    constructor() {
+        super({
+        passReqToCallback: true
+        },
+        /**
+         * @param {Request} req
+         * @param {string} token
+         * @param {Function} done
+         */
+        function(req, token, done) {
+            /**
+             * Gets OAuth2 client services
+             * @type {import('./OAuth2ClientService').OAuth2ClientService}
+             */
+            let client = req.context.getApplication().getStrategy(function OAuth2ClientService() {});
+            // if client cannot be found
+            if (client == null) {
+                // throw configuration error
+                return done(new Error('Invalid application configuration. OAuth2 client service cannot be found.'))
+            }
+            if (token == null) {
+                // throw 499 Token Required error
+                return done(new HttpBearerTokenRequired());
+            }
+            // get token info
+            client.getTokenInfo(req.context, token).then(info => {
+                if (info == null) {
+                    // the specified token cannot be found - 498 invalid token with specific code
+                    return done(new HttpBearerTokenNotFound());
+                }
+                // if the given token is not active throw token expired - 498 invalid token with specific code
+                if (!info.active) {
+                    return done(new HttpBearerTokenExpired());
+                }
+                // find user from token info
+                return (function () {
+                    /**
+                     * @type {import('./services/user-provisioning-mapper-service').UserProvisioningMapperService}
+                     */
+                    const mapper = req.context.getApplication().getService(function UserProvisioningMapperService() {});
+                    if (mapper == null) {
+                        return req.context.model('User').where('name').equal(info.username).silent().getItem();
+                    }
+                    return mapper.getUser(req.context, info);
+                })().then((user) => {
+                   // check if userProvisioning service is installed and try to find related user only if user not found
+                    if (user == null) {
+                        /**
+                         * @type {import('./services/user-provisioning-service').UserProvisioningService}
+                         */
+                        const service = req.context.getApplication().getService(function UserProvisioningService() {});
+                        if (service == null) {
+                            return user;
+                        }
+                        return service.validateUser(req.context, info);
+                    }
+                    return user;
+                }).then( user => {
+                    // user cannot be found and of course cannot be authenticated (throw forbidden error)
+                    if (user == null) {
+                        // write access log for forbidden
+                        return done(new HttpForbiddenError());
+                    }
+                    // check if user has enabled attribute
+                    if (Object.prototype.hasOwnProperty.call(user, 'enabled') && !user.enabled) {
+                        //if user.enabled is off throw forbidden error
+                        return done(new HttpAccountDisabled('Access is denied. User account is disabled.'));
+                    }
+                    // otherwise return user data
+                    return done(null, {
+                        'name': user.name,
+                        'authenticationProviderKey': user.id,
+                        'authenticationType':'Bearer',
+                        'authenticationToken': token,
+                        'authenticationScope': info.scope
+                    });
+                });
+            }).catch(err => {
+                // end log token info request with error
+                if (err && err.statusCode === 404) {
+                    // revert 404 not found returned by auth server to 498 invalid token
+                    return done(new HttpBearerTokenNotFound());
+                }
+                // otherwise continue with error
+                return done(err);
+            });
+        });
+    }
+}
+declare class PassportService extends ApplicationService {
+    getInstance(): Authenticator
+}
+export { AppRateLimitService, AppSpeedLimitService, DefaultScopeAccessConfiguration, EnableScopeAccessConfiguration, ExtendScopeAccessConfiguration, HttpAccountDisabled, HttpBearerStrategy, HttpBearerTokenExpired, HttpBearerTokenNotFound, HttpBearerTokenRequired, OAuth2ClientService, PassportService, RateLimitService, RedisClientStore, RemoteAddressValidator, ScopeAccessConfiguration, ScopeString, SpeedLimitService, validateScope };
 export type { GenericUser, OAuth2AuthorizeUser, OAuth2MethodOptions, OAuth2ServiceSettings, OAuth2User, OAuth2UserProfile, RateLimitServiceConfiguration, RateLimitStoreConstructor, ScopeAccessConfigurationElement, ScopeAccessConfigurationSection, SpeedLimitServiceConfiguration, SpeedLimitStoreConstructor, UniversisConfigurationSection };

package/dist/index.esm.js CHANGED Viewed

@@ -11,6 +11,8 @@ import '@themost/promise-sequence';
 import url, { URL } from 'url';
 import { Request } from 'superagent';
 import jwt from 'jsonwebtoken';
+import BearerStrategy from 'passport-http-bearer';
+import passport from 'passport';
 class RateLimitService extends ApplicationService {
   /**
@@ -529,12 +531,21 @@ class RedisClientStore extends RedisStore {
    * @param {{windowMs: number}} options
    */
   constructor(service, options) {
+    // IMPORTANT NOTE: call super with a dummy sendCommand()
+    // for implementing a custom sendCommand method
+    // which binds sendCommand to this instance
     super({
-      /**
+      sendCommand: function () {}
+    });
+    // create a custom sendCommand method
+    // noinspection JSCommentMatchesSignature,JSCheckFunctionSignatures
+    /**
+     * @type {import('redis').RedisClientType}
+     */_defineProperty(this, "client", void 0);const opts = { /**
        * @param {...string} args
        * @returns {Promise<*>}
-       */
-      sendCommand: function () {
+       */sendCommand: function () {
         const args = Array.from(arguments);
         const [command] = args.splice(0, 1);
         const self = this;
@@ -575,7 +586,7 @@ class RedisClientStore extends RedisStore {
         // send load script commands once
         return (() => {
           if (self.incrementScriptSha == null) {
-            return this.postInit();
+            return self.postInit();
           }
           return Promise.resolve();
         })().then(() => {
@@ -589,9 +600,13 @@ class RedisClientStore extends RedisStore {
           });
         });
       }
-    }); /**
-     * @type {import('redis').RedisClientType}
-     */_defineProperty(this, "client", void 0);this.init(options);TraceUtils.debug('RedisClientStore: Starting up and loading increment and get scripts.');
+    };
+    // bind sendCommand to this instance, applying command array as arguments
+    // like rate-limit-redis expects
+    // noinspection JSCheckFunctionSignatures
+    this.sendCommand = async ({ command }) => opts.sendCommand.bind(this)(...command);
+    this.init(options);
+    TraceUtils.debug('RedisClientStore: Starting up and loading increment and get scripts.');
     void this.postInit().then(() => {
       TraceUtils.debug('RedisClientStore: Successfully loaded increment and get scripts.');
     }).catch((err) => {
@@ -1182,5 +1197,150 @@ class AppSpeedLimitService extends SpeedLimitService {
   }
 }
-export { AppRateLimitService, AppSpeedLimitService, DefaultScopeAccessConfiguration, EnableScopeAccessConfiguration, ExtendScopeAccessConfiguration, HttpRemoteAddrForbiddenError, OAuth2ClientService, RateLimitService, RedisClientStore, RemoteAddressValidator, ScopeAccessConfiguration, ScopeString, SpeedLimitService, validateScope };
+class HttpBearerTokenRequired extends HttpError {
+  constructor() {
+    super(499, 'A token is required to fulfill the request.');
+    this.code = 'E_TOKEN_REQUIRED';
+    this.title = 'Token Required';
+  }
+}
+class HttpBearerTokenNotFound extends HttpError {
+  constructor() {
+    super(498, 'Token was not found.');
+    this.code = 'E_TOKEN_NOT_FOUND';
+    this.title = 'Invalid token';
+  }
+}
+class HttpBearerTokenExpired extends HttpError {
+  constructor() {
+    super(498, 'Token was expired or is in invalid state.');
+    this.code = 'E_TOKEN_EXPIRED';
+    this.title = 'Invalid token';
+  }
+}
+class HttpAccountDisabled extends HttpForbiddenError {
+  constructor() {
+    super('Access is denied. User account is disabled.');
+    this.code = 'E_ACCOUNT_DISABLED';
+    this.statusCode = 403.2;
+    this.title = 'Disabled account';
+  }
+}
+class HttpBearerStrategy extends BearerStrategy {
+  constructor() {
+    super({
+      passReqToCallback: true
+    },
+    /**
+     * @param {Request} req
+     * @param {string} token
+     * @param {Function} done
+     */
+    function (req, token, done) {
+      /**
+       * Gets OAuth2 client services
+       * @type {import('./OAuth2ClientService').OAuth2ClientService}
+       */
+      let client = req.context.getApplication().getStrategy(function OAuth2ClientService() {});
+      // if client cannot be found
+      if (client == null) {
+        // throw configuration error
+        return done(new Error('Invalid application configuration. OAuth2 client service cannot be found.'));
+      }
+      if (token == null) {
+        // throw 499 Token Required error
+        return done(new HttpBearerTokenRequired());
+      }
+      // get token info
+      client.getTokenInfo(req.context, token).then((info) => {
+        if (info == null) {
+          // the specified token cannot be found - 498 invalid token with specific code
+          return done(new HttpBearerTokenNotFound());
+        }
+        // if the given token is not active throw token expired - 498 invalid token with specific code
+        if (!info.active) {
+          return done(new HttpBearerTokenExpired());
+        }
+        // find user from token info
+        return function () {
+          /**
+           * @type {import('./services/user-provisioning-mapper-service').UserProvisioningMapperService}
+           */
+          const mapper = req.context.getApplication().getService(function UserProvisioningMapperService() {});
+          if (mapper == null) {
+            return req.context.model('User').where('name').equal(info.username).silent().getItem();
+          }
+          return mapper.getUser(req.context, info);
+        }().then((user) => {
+          // check if userProvisioning service is installed and try to find related user only if user not found
+          if (user == null) {
+            /**
+             * @type {import('./services/user-provisioning-service').UserProvisioningService}
+             */
+            const service = req.context.getApplication().getService(function UserProvisioningService() {});
+            if (service == null) {
+              return user;
+            }
+            return service.validateUser(req.context, info);
+          }
+          return user;
+        }).then((user) => {
+          // user cannot be found and of course cannot be authenticated (throw forbidden error)
+          if (user == null) {
+            // write access log for forbidden
+            return done(new HttpForbiddenError());
+          }
+          // check if user has enabled attribute
+          if (Object.prototype.hasOwnProperty.call(user, 'enabled') && !user.enabled) {
+            //if user.enabled is off throw forbidden error
+            return done(new HttpAccountDisabled('Access is denied. User account is disabled.'));
+          }
+          // otherwise return user data
+          return done(null, {
+            'name': user.name,
+            'authenticationProviderKey': user.id,
+            'authenticationType': 'Bearer',
+            'authenticationToken': token,
+            'authenticationScope': info.scope
+          });
+        });
+      }).catch((err) => {
+        // end log token info request with error
+        if (err && err.statusCode === 404) {
+          // revert 404 not found returned by auth server to 498 invalid token
+          return done(new HttpBearerTokenNotFound());
+        }
+        // otherwise continue with error
+        return done(err);
+      });
+    });
+  }
+}
+class PassportService extends ApplicationService {
+  constructor(app) {
+    super(app);
+    const authenticator = new passport.Authenticator();
+    Object.defineProperty(this, 'authenticator', {
+      configurable: true,
+      enumerable: false,
+      writable: false,
+      value: authenticator
+    });
+  }
+  /**
+   * @returns {import('passport').Authenticator}
+   */
+  getInstance() {
+    return this.authenticator;
+  }
+}
+export { AppRateLimitService, AppSpeedLimitService, DefaultScopeAccessConfiguration, EnableScopeAccessConfiguration, ExtendScopeAccessConfiguration, HttpAccountDisabled, HttpBearerStrategy, HttpBearerTokenExpired, HttpBearerTokenNotFound, HttpBearerTokenRequired, HttpRemoteAddrForbiddenError, OAuth2ClientService, PassportService, RateLimitService, RedisClientStore, RemoteAddressValidator, ScopeAccessConfiguration, ScopeString, SpeedLimitService, validateScope };
 //# sourceMappingURL=index.esm.js.map