@universis/janitor 1.6.0 → 1.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/RemoteAddressValidator.js +3 -2
  2. package/dist/RemoteAddressValidator.js.map +1 -1
  3. package/package.json +1 -1
  4. package/src/RemoteAddressValidator.js +3 -2
package/dist/RemoteAddressValidator.js CHANGED
@@ -15,10 +15,11 @@ class RemoteAddressValidator extends _common.ApplicationService {
15
15
  super(app);
16
16
 
17
17
  // get proxy address forwarding option
18
- this.proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
18
+ let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
19
19
  if (typeof proxyAddressForwarding !== 'boolean') {
20
- this.proxyAddressForwarding = false;
20
+ proxyAddressForwarding = false;
21
21
  }
22
+ this.proxyAddressForwarding = proxyAddressForwarding;
22
23
  // get token claim name
23
24
  this.claim = app.getConfiguration().getSourceAt('settings/universis/janitor/remoteAddress/claim') || 'remoteAddress';
24
25
 
package/dist/RemoteAddressValidator.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"RemoteAddressValidator.js","names":["_common","require","_express","_interopRequireDefault","_jsonwebtoken","obj","__esModule","default","HttpRemoteAddrForbiddenError","HttpForbiddenError","constructor","statusCode","exports","RemoteAddressValidator","ApplicationService","app","proxyAddressForwarding","getConfiguration","getSourceAt","claim","serviceRouter","subscribe","addRouter","express","Router","use","req","res","next","validateRemoteAddress","then","value","catch","err","stack","unshift","apply","getRemoteAddress","remoteAddress","headers","connection","socket","_req$context","_req$context$user","authenticationToken","context","user","access_token","jwt","decode","TraceUtils","warn","requestRemoteAddress"],"sources":["../src/RemoteAddressValidator.js"],"sourcesContent":["import { ApplicationService, HttpForbiddenError, TraceUtils } from '@themost/common';\nimport express from 'express';\nimport jwt from 'jsonwebtoken';\n\nclass HttpRemoteAddrForbiddenError extends HttpForbiddenError {\n constructor() {\n super('Access is denied due to remote address conflict. The client network has been changed or cannot be determined.');\n this.statusCode = 403.6;\n }\n \n}\n\nclass RemoteAddressValidator extends ApplicationService {\n constructor(app) {\n super(app);\n\n // get proxy address forwarding option\n this.proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');\n if (typeof proxyAddressForwarding !== 'boolean') {\n this.proxyAddressForwarding = false;\n }\n // get token claim name\n this.claim = app.getConfiguration().getSourceAt('settings/universis/janitor/remoteAddress/claim') || 'remoteAddress';\n\n app.serviceRouter.subscribe((serviceRouter) => {\n if (serviceRouter == null) {\n return;\n }\n const addRouter = express.Router();\n addRouter.use((req, res, next) => {\n void this.validateRemoteAddress(req).then((value) => {\n if (value === false) {\n return next(new HttpRemoteAddrForbiddenError());\n }\n return next();\n }).catch((err) => {\n return next(err);\n });\n });\n // insert router at the beginning of serviceRouter.stack\n serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);\n });\n }\n\n /**\n * Gets remote address from request\n * @param {import('express').Request} req \n * @returns \n */\n getRemoteAddress(req) {\n let remoteAddress;\n if (this.proxyAddressForwarding) {\n // get proxy headers or remote address\n remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n } else {\n remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;\n }\n return remoteAddress;\n }\n\n /**\n * Validates token remote address with request remote address\n * @param {import('express').Request} req \n * @returns {Promise<boolean>}\n */\n async validateRemoteAddress(req) {\n const authenticationToken = req.context?.user?.authenticationToken;\n if (authenticationToken != null) {\n const access_token = jwt.decode(authenticationToken);\n const remoteAddress = access_token[this.claim];\n if (remoteAddress == null) {\n TraceUtils.warn(`Remote address validation failed. Expected a valid remote address claimed by using \"${this.claim}\" attribute but got none.`);\n return false;\n }\n // get context remote address\n const requestRemoteAddress = this.getRemoteAddress(req);\n if (remoteAddress !== requestRemoteAddress) {\n TraceUtils.warn(`Remote address validation failed. Expected remote address is ${remoteAddress || 'Uknown'} but request remote address is ${requestRemoteAddress}`);\n return false;\n }\n return true;\n }\n TraceUtils.warn('Remote address validation cannot be completed because authentication token is not available.');\n return false;\n }\n\n}\n\nexport {\n HttpRemoteAddrForbiddenError,\n RemoteAddressValidator\n}\n"],"mappings":"0JAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,aAAA,GAAAD,sBAAA,CAAAF,OAAA,kBAA+B,SAAAE,uBAAAE,GAAA,UAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;;AAE/B,MAAMG,4BAA4B,SAASC,0BAAkB,CAAC;EAC1DC,WAAWA,CAAA,EAAG;IACV,KAAK,CAAC,+GAA+G,CAAC;IACtH,IAAI,CAACC,UAAU,GAAG,KAAK;EAC3B;;AAEJ,CAACC,OAAA,CAAAJ,4BAAA,GAAAA,4BAAA;;AAED,MAAMK,sBAAsB,SAASC,0BAAkB,CAAC;EACtDJ,WAAWA,CAACK,GAAG,EAAE;IACf,KAAK,CAACA,GAAG,CAAC;;IAEV;IACA,IAAI,CAACC,sBAAsB,GAAGD,GAAG,CAACE,gBAAgB,EAAE,CAACC,WAAW,CAAC,+CAA+C,CAAC;IACjH,IAAI,OAAOF,sBAAsB,KAAK,SAAS,EAAE;MAC7C,IAAI,CAACA,sBAAsB,GAAG,KAAK;IACvC;IACA;IACA,IAAI,CAACG,KAAK,GAAGJ,GAAG,CAACE,gBAAgB,EAAE,CAACC,WAAW,CAAC,gDAAgD,CAAC,IAAI,eAAe;;IAEpHH,GAAG,CAACK,aAAa,CAACC,SAAS,CAAC,CAACD,aAAa,KAAK;MAC3C,IAAIA,aAAa,IAAI,IAAI,EAAE;QACvB;MACJ;MACA,MAAME,SAAS,GAAGC,gBAAO,CAACC,MAAM,EAAE;MAClCF,SAAS,CAACG,GAAG,CAAC,CAACC,GAAG,EAAEC,GAAG,EAAEC,IAAI,KAAK;QAC9B,KAAK,IAAI,CAACC,qBAAqB,CAACH,GAAG,CAAC,CAACI,IAAI,CAAC,CAACC,KAAK,KAAK;UACjD,IAAIA,KAAK,KAAK,KAAK,EAAE;YACjB,OAAOH,IAAI,CAAC,IAAIpB,4BAA4B,EAAE,CAAC;UACnD;UACA,OAAOoB,IAAI,EAAE;QACjB,CAAC,CAAC,CAACI,KAAK,CAAC,CAACC,GAAG,KAAK;UACd,OAAOL,IAAI,CAACK,GAAG,CAAC;QACpB,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACAb,aAAa,CAACc,KAAK,CAACC,OAAO,CAACC,KAAK,CAAChB,aAAa,CAACc,KAAK,EAAEZ,SAAS,CAACY,KAAK,CAAC;IAC3E,CAAC,CAAC;EACJ;;EAEA;AACF;AACA;AACA;AACA;EACEG,gBAAgBA,CAACX,GAAG,EAAE;IACpB,IAAIY,aAAa;IACjB,IAAI,IAAI,CAACtB,sBAAsB,EAAE;MAC7B;MACAsB,aAAa,GAAGZ,GAAG,CAACa,OAAO,CAAC,WAAW,CAAC,IAAIb,GAAG,CAACa,OAAO,CAAC,iBAAiB,CAAC,KAAKb,GAAG,CAACc,UAAU,GAAGd,GAAG,CAACc,UAAU,CAACF,aAAa,GAAGZ,GAAG,CAACe,MAAM,CAACH,aAAa,CAAC;IAC5J,CAAC,MAAM;MACHA,aAAa,GAAGZ,GAAG,CAACc,UAAU,GAAGd,GAAG,CAACc,UAAU,CAACF,aAAa,GAAGZ,GAAG,CAACe,MAAM,CAACH,aAAa;IAC5F;IACA,OAAOA,aAAa;EACtB;;EAEA;AACF;AACA;AACA;AACA;EACE,MAAMT,qBAAqBA,CAACH,GAAG,EAAE,KAAAgB,YAAA,EAAAC,iBAAA;IAC/B,MAAMC,mBAAmB,IAAAF,YAAA,GAAGhB,GAAG,CAACmB,OAAO,cAAAH,YAAA,wBAAAC,iBAAA,GAAXD,YAAA,CAAaI,IAAI,cAAAH,iBAAA,uBAAjBA,iBAAA,CAAmBC,mBAAmB;IAClE,IAAIA,mBAAmB,IAAI,IAAI,EAAE;MAC7B,MAAMG,YAAY,GAAGC,qBAAG,CAACC,MAAM,CAACL,mBAAmB,CAAC;MACpD,MAAMN,aAAa,GAAGS,YAAY,CAAC,IAAI,CAAC5B,KAAK,CAAC;MAC9C,IAAImB,aAAa,IAAI,IAAI,EAAE;QACvBY,kBAAU,CAACC,IAAI,CAAE,uFAAsF,IAAI,CAAChC,KAAM,2BAA0B,CAAC;QAC7I,OAAO,KAAK;MAChB;MACA;MACA,MAAMiC,oBAAoB,GAAG,IAAI,CAACf,gBAAgB,CAACX,GAAG,CAAC;MACvD,IAAIY,aAAa,KAAKc,oBAAoB,EAAE;QACxCF,kBAAU,CAACC,IAAI,CAAE,gEAA+Db,aAAa,IAAI,QAAS,kCAAiCc,oBAAqB,EAAC,CAAC;QAClK,OAAO,KAAK;MAChB;MACA,OAAO,IAAI;IACf;IACAF,kBAAU,CAACC,IAAI,CAAC,8FAA8F,CAAC;IAC/G,OAAO,KAAK;EACd;;AAEF,CAACvC,OAAA,CAAAC,sBAAA,GAAAA,sBAAA"}
1
+ {"version":3,"file":"RemoteAddressValidator.js","names":["_common","require","_express","_interopRequireDefault","_jsonwebtoken","obj","__esModule","default","HttpRemoteAddrForbiddenError","HttpForbiddenError","constructor","statusCode","exports","RemoteAddressValidator","ApplicationService","app","proxyAddressForwarding","getConfiguration","getSourceAt","claim","serviceRouter","subscribe","addRouter","express","Router","use","req","res","next","validateRemoteAddress","then","value","catch","err","stack","unshift","apply","getRemoteAddress","remoteAddress","headers","connection","socket","_req$context","_req$context$user","authenticationToken","context","user","access_token","jwt","decode","TraceUtils","warn","requestRemoteAddress"],"sources":["../src/RemoteAddressValidator.js"],"sourcesContent":["import { ApplicationService, HttpForbiddenError, TraceUtils } from '@themost/common';\nimport express from 'express';\nimport jwt from 'jsonwebtoken';\n\nclass HttpRemoteAddrForbiddenError extends HttpForbiddenError {\n constructor() {\n super('Access is denied due to remote address conflict. The client network has been changed or cannot be determined.');\n this.statusCode = 403.6;\n }\n \n}\n\nclass RemoteAddressValidator extends ApplicationService {\n constructor(app) {\n super(app);\n\n // get proxy address forwarding option\n let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');\n if (typeof proxyAddressForwarding !== 'boolean') {\n proxyAddressForwarding = false;\n }\n this.proxyAddressForwarding = proxyAddressForwarding;\n // get token claim name\n this.claim = app.getConfiguration().getSourceAt('settings/universis/janitor/remoteAddress/claim') || 'remoteAddress';\n\n app.serviceRouter.subscribe((serviceRouter) => {\n if (serviceRouter == null) {\n return;\n }\n const addRouter = express.Router();\n addRouter.use((req, res, next) => {\n void this.validateRemoteAddress(req).then((value) => {\n if (value === false) {\n return next(new HttpRemoteAddrForbiddenError());\n }\n return next();\n }).catch((err) => {\n return next(err);\n });\n });\n // insert router at the beginning of serviceRouter.stack\n serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);\n });\n }\n\n /**\n * Gets remote address from request\n * @param {import('express').Request} req \n * @returns \n */\n getRemoteAddress(req) {\n let remoteAddress;\n if (this.proxyAddressForwarding) {\n // get proxy headers or remote address\n remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);\n } else {\n remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;\n }\n return remoteAddress;\n }\n\n /**\n * Validates token remote address with request remote address\n * @param {import('express').Request} req \n * @returns {Promise<boolean>}\n */\n async validateRemoteAddress(req) {\n const authenticationToken = req.context?.user?.authenticationToken;\n if (authenticationToken != null) {\n const access_token = jwt.decode(authenticationToken);\n const remoteAddress = access_token[this.claim];\n if (remoteAddress == null) {\n TraceUtils.warn(`Remote address validation failed. Expected a valid remote address claimed by using \"${this.claim}\" attribute but got none.`);\n return false;\n }\n // get context remote address\n const requestRemoteAddress = this.getRemoteAddress(req);\n if (remoteAddress !== requestRemoteAddress) {\n TraceUtils.warn(`Remote address validation failed. Expected remote address is ${remoteAddress || 'Uknown'} but request remote address is ${requestRemoteAddress}`);\n return false;\n }\n return true;\n }\n TraceUtils.warn('Remote address validation cannot be completed because authentication token is not available.');\n return false;\n }\n\n}\n\nexport {\n HttpRemoteAddrForbiddenError,\n RemoteAddressValidator\n}\n"],"mappings":"0JAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,aAAA,GAAAD,sBAAA,CAAAF,OAAA,kBAA+B,SAAAE,uBAAAE,GAAA,UAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;;AAE/B,MAAMG,4BAA4B,SAASC,0BAAkB,CAAC;EAC1DC,WAAWA,CAAA,EAAG;IACV,KAAK,CAAC,+GAA+G,CAAC;IACtH,IAAI,CAACC,UAAU,GAAG,KAAK;EAC3B;;AAEJ,CAACC,OAAA,CAAAJ,4BAAA,GAAAA,4BAAA;;AAED,MAAMK,sBAAsB,SAASC,0BAAkB,CAAC;EACtDJ,WAAWA,CAACK,GAAG,EAAE;IACf,KAAK,CAACA,GAAG,CAAC;;IAEV;IACA,IAAIC,sBAAsB,GAAGD,GAAG,CAACE,gBAAgB,EAAE,CAACC,WAAW,CAAC,+CAA+C,CAAC;IAChH,IAAI,OAAOF,sBAAsB,KAAK,SAAS,EAAE;MAC7CA,sBAAsB,GAAG,KAAK;IAClC;IACA,IAAI,CAACA,sBAAsB,GAAGA,sBAAsB;IACpD;IACA,IAAI,CAACG,KAAK,GAAGJ,GAAG,CAACE,gBAAgB,EAAE,CAACC,WAAW,CAAC,gDAAgD,CAAC,IAAI,eAAe;;IAEpHH,GAAG,CAACK,aAAa,CAACC,SAAS,CAAC,CAACD,aAAa,KAAK;MAC3C,IAAIA,aAAa,IAAI,IAAI,EAAE;QACvB;MACJ;MACA,MAAME,SAAS,GAAGC,gBAAO,CAACC,MAAM,EAAE;MAClCF,SAAS,CAACG,GAAG,CAAC,CAACC,GAAG,EAAEC,GAAG,EAAEC,IAAI,KAAK;QAC9B,KAAK,IAAI,CAACC,qBAAqB,CAACH,GAAG,CAAC,CAACI,IAAI,CAAC,CAACC,KAAK,KAAK;UACjD,IAAIA,KAAK,KAAK,KAAK,EAAE;YACjB,OAAOH,IAAI,CAAC,IAAIpB,4BAA4B,EAAE,CAAC;UACnD;UACA,OAAOoB,IAAI,EAAE;QACjB,CAAC,CAAC,CAACI,KAAK,CAAC,CAACC,GAAG,KAAK;UACd,OAAOL,IAAI,CAACK,GAAG,CAAC;QACpB,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACAb,aAAa,CAACc,KAAK,CAACC,OAAO,CAACC,KAAK,CAAChB,aAAa,CAACc,KAAK,EAAEZ,SAAS,CAACY,KAAK,CAAC;IAC3E,CAAC,CAAC;EACJ;;EAEA;AACF;AACA;AACA;AACA;EACEG,gBAAgBA,CAACX,GAAG,EAAE;IACpB,IAAIY,aAAa;IACjB,IAAI,IAAI,CAACtB,sBAAsB,EAAE;MAC7B;MACAsB,aAAa,GAAGZ,GAAG,CAACa,OAAO,CAAC,WAAW,CAAC,IAAIb,GAAG,CAACa,OAAO,CAAC,iBAAiB,CAAC,KAAKb,GAAG,CAACc,UAAU,GAAGd,GAAG,CAACc,UAAU,CAACF,aAAa,GAAGZ,GAAG,CAACe,MAAM,CAACH,aAAa,CAAC;IAC5J,CAAC,MAAM;MACHA,aAAa,GAAGZ,GAAG,CAACc,UAAU,GAAGd,GAAG,CAACc,UAAU,CAACF,aAAa,GAAGZ,GAAG,CAACe,MAAM,CAACH,aAAa;IAC5F;IACA,OAAOA,aAAa;EACtB;;EAEA;AACF;AACA;AACA;AACA;EACE,MAAMT,qBAAqBA,CAACH,GAAG,EAAE,KAAAgB,YAAA,EAAAC,iBAAA;IAC/B,MAAMC,mBAAmB,IAAAF,YAAA,GAAGhB,GAAG,CAACmB,OAAO,cAAAH,YAAA,wBAAAC,iBAAA,GAAXD,YAAA,CAAaI,IAAI,cAAAH,iBAAA,uBAAjBA,iBAAA,CAAmBC,mBAAmB;IAClE,IAAIA,mBAAmB,IAAI,IAAI,EAAE;MAC7B,MAAMG,YAAY,GAAGC,qBAAG,CAACC,MAAM,CAACL,mBAAmB,CAAC;MACpD,MAAMN,aAAa,GAAGS,YAAY,CAAC,IAAI,CAAC5B,KAAK,CAAC;MAC9C,IAAImB,aAAa,IAAI,IAAI,EAAE;QACvBY,kBAAU,CAACC,IAAI,CAAE,uFAAsF,IAAI,CAAChC,KAAM,2BAA0B,CAAC;QAC7I,OAAO,KAAK;MAChB;MACA;MACA,MAAMiC,oBAAoB,GAAG,IAAI,CAACf,gBAAgB,CAACX,GAAG,CAAC;MACvD,IAAIY,aAAa,KAAKc,oBAAoB,EAAE;QACxCF,kBAAU,CAACC,IAAI,CAAE,gEAA+Db,aAAa,IAAI,QAAS,kCAAiCc,oBAAqB,EAAC,CAAC;QAClK,OAAO,KAAK;MAChB;MACA,OAAO,IAAI;IACf;IACAF,kBAAU,CAACC,IAAI,CAAC,8FAA8F,CAAC;IAC/G,OAAO,KAAK;EACd;;AAEF,CAACvC,OAAA,CAAAC,sBAAA,GAAAA,sBAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@universis/janitor",
3
- "version": "1.6.0",
3
+ "version": "1.6.1",
4
4
  "description": "Universis api plugin for rate limiting requests",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
package/src/RemoteAddressValidator.js CHANGED
@@ -15,10 +15,11 @@ class RemoteAddressValidator extends ApplicationService {
15
15
  super(app);
16
16
 
17
17
  // get proxy address forwarding option
18
- this.proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
18
+ let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
19
19
  if (typeof proxyAddressForwarding !== 'boolean') {
20
- this.proxyAddressForwarding = false;
20
+ proxyAddressForwarding = false;
21
21
  }
22
+ this.proxyAddressForwarding = proxyAddressForwarding;
22
23
  // get token claim name
23
24
  this.claim = app.getConfiguration().getSourceAt('settings/universis/janitor/remoteAddress/claim') || 'remoteAddress';
24
25