npm - ag-common - Versions diffs - 0.0.90 → 0.0.94 - Mend

ag-common 0.0.90 → 0.0.94

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/api/helpers/validateOpenApi.d.ts +5 -1
package/dist/api/helpers/validateOpenApi.js +2 -1
package/dist/api/helpers/validations.d.ts +5 -1
package/dist/api/helpers/validations.js +25 -15
package/package.json +1 -1

package/dist/api/helpers/validateOpenApi.d.ts CHANGED Viewed

@@ -8,10 +8,14 @@ export declare type NextType<T> = ({ event, body, params, userProfile, lang, }:
     userProfile?: User;
     lang: TLang;
 }) => Promise<APIGatewayProxyResult>;
-export declare function validateOpenApi<T>({ event, next, authorized, schema, COGNITO_USER_POOL_ID, }: {
+export declare function validateOpenApi<T>({ event, next, authorized, schema, COGNITO_USER_POOL_ID, jwksRegion, }: {
     COGNITO_USER_POOL_ID: string;
     schema: any;
     event: APIGatewayEvent;
     next: NextType<T>;
     authorized?: true | false | 'optional';
+    /**
+     * default ap-southeast-2
+     */
+    jwksRegion?: string;
 }): Promise<APIGatewayProxyResult>;

package/dist/api/helpers/validateOpenApi.js CHANGED Viewed

@@ -43,7 +43,7 @@ const getOperation = ({ path, method, resource, schema, }) => {
     const pathParams = (re === null || re === void 0 ? void 0 : re.groups) && JSON.parse(JSON.stringify(re === null || re === void 0 ? void 0 : re.groups));
     return { operation, pathParams };
 };
-function validateOpenApi({ event, next, authorized, schema, COGNITO_USER_POOL_ID, }) {
+function validateOpenApi({ event, next, authorized, schema, COGNITO_USER_POOL_ID, jwksRegion = 'ap-southeast-2', }) {
     var _a, _b, _c, _d, _e;
     return __awaiter(this, void 0, void 0, function* () {
         if (!schema) {
@@ -107,6 +107,7 @@ function validateOpenApi({ event, next, authorized, schema, COGNITO_USER_POOL_ID
             ({ error, userProfile } = yield (0, validations_1.getAndValidateToken)({
                 tokenRaw: authHeader,
                 COGNITO_USER_POOL_ID,
+                jwksRegion,
             }));
             if (error) {
                 return error;

package/dist/api/helpers/validations.d.ts CHANGED Viewed

@@ -1,7 +1,11 @@
 import { error } from '../../common/helpers/log';
 import { User } from '../../ui/helpers/jwt';
 import { APIGatewayProxyResult } from '../types';
-export declare const getAndValidateToken: ({ tokenRaw, COGNITO_USER_POOL_ID, }: {
+export declare const getAndValidateToken: ({ tokenRaw, jwksRegion, COGNITO_USER_POOL_ID, }: {
+    /**
+     * default ap-southeast-2
+     */
+    jwksRegion?: string | undefined;
     tokenRaw?: string | undefined;
     COGNITO_USER_POOL_ID: string;
 }) => Promise<{

package/dist/api/helpers/validations.js CHANGED Viewed

@@ -19,9 +19,7 @@ const jsonwebtoken_1 = require("jsonwebtoken");
 const log_1 = require("../../common/helpers/log");
 const api_1 = require("./api");
 let jwksClient;
-const jwtVerify = ({ COGNITO_USER_POOL_ID, token, }) => __awaiter(void 0, void 0, void 0, function* () {
-    const jwksUri = `https://cognito-idp.ap-southeast-2.amazonaws.com/${COGNITO_USER_POOL_ID}/.well-known/jwks.json`;
-    const issuer = `https://cognito-idp.ap-southeast-2.amazonaws.com/${COGNITO_USER_POOL_ID}`;
+const jwtVerify = ({ token, jwksUri, issuer, }) => __awaiter(void 0, void 0, void 0, function* () {
     return new Promise((resolve, reject) => {
         (0, jsonwebtoken_1.verify)(token, (header, callback) => {
             if (!jwksClient) {
@@ -60,22 +58,39 @@ const jwtVerify = ({ COGNITO_USER_POOL_ID, token, }) => __awaiter(void 0, void 0
         });
     });
 });
-const getAndValidateToken = ({ tokenRaw, COGNITO_USER_POOL_ID, }) => __awaiter(void 0, void 0, void 0, function* () {
+const getAndValidateToken = ({ tokenRaw, jwksRegion = 'ap-southeast-2', COGNITO_USER_POOL_ID, }) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
+    const jwksUri = `https://cognito-idp.${jwksRegion}.amazonaws.com/${COGNITO_USER_POOL_ID}/.well-known/jwks.json`;
+    const issuer = `https://cognito-idp.${jwksRegion}.amazonaws.com/${COGNITO_USER_POOL_ID}`;
     let token = '';
     try {
         if (!tokenRaw) {
-            (0, log_1.error)('no auth headers');
+            const m = 'auth error: no auth headers';
+            (0, log_1.error)(m);
             return {
-                error: (0, api_1.returnCode)(403, 'auth failed'),
+                error: (0, api_1.returnCode)(403, m),
             };
         }
         token = tokenRaw.substring(tokenRaw.indexOf(' ') + 1);
+        if (!token) {
+            const m = 'auth error: no token';
+            (0, log_1.error)(m);
+            return {
+                error: (0, api_1.returnCode)(403, m),
+            };
+        }
         let subject;
         try {
-            yield jwtVerify({ token, COGNITO_USER_POOL_ID });
+            yield jwtVerify({ token, jwksUri, issuer });
             const decoded = (0, jsonwebtoken_1.decode)(token);
             (0, log_1.debug)(`decoded=${JSON.stringify(decoded, null, 2)}`);
+            if (!decoded.email) {
+                const m = 'auth error, no email';
+                (0, log_1.error)(m);
+                return {
+                    error: (0, api_1.returnCode)(403, m),
+                };
+            }
             subject = decoded === null || decoded === void 0 ? void 0 : decoded.sub;
             if (!subject) {
                 const mess = 'user should have responded with subject (sub) field';
@@ -96,12 +111,6 @@ const getAndValidateToken = ({ tokenRaw, COGNITO_USER_POOL_ID, }) => __awaiter(v
                 picture,
                 updatedAt: parseInt(`${decoded.auth_time}000`, 10),
             };
-            if (!userProfile || !token || !userProfile.userId) {
-                (0, log_1.error)('auth fail');
-                return {
-                    error: (0, api_1.returnCode)(403, 'auth fail'),
-                };
-            }
             return { token, userProfile };
         }
         catch (e) {
@@ -114,9 +123,10 @@ const getAndValidateToken = ({ tokenRaw, COGNITO_USER_POOL_ID, }) => __awaiter(v
         }
     }
     catch (e) {
-        (0, log_1.error)('auth error', e);
+        const m = 'auth error:' + JSON.stringify(e, null, 2);
+        (0, log_1.error)(m);
         return {
-            error: (0, api_1.returnCode)(403, 'auth fail'),
+            error: (0, api_1.returnCode)(403, m),
         };
     }
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ag-common",
-  "version": "0.0.90",
+  "version": "0.0.94",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "author": "Andrei Gec <@andreigec> (https://gec.dev/)",