aip-master-node-sumit 1.0.3 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +64 -4
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -11,7 +11,7 @@ const getSafeMasterUrl = (url) => {
|
|
|
11
11
|
};
|
|
12
12
|
|
|
13
13
|
const AIP_MASTER_API = getSafeMasterUrl(process.env.AIP_MASTER_URL);
|
|
14
|
-
const API_KEY = process.env.AIP_MASTER_API_KEY;
|
|
14
|
+
const API_KEY = process.env.AIP_MASTER_API_KEY;
|
|
15
15
|
|
|
16
16
|
if (API_KEY) {
|
|
17
17
|
const sendHeartbeat = async () => {
|
|
@@ -24,6 +24,7 @@ if (API_KEY) {
|
|
|
24
24
|
// Silently fail so the client's app doesn't crash if Master API is updating
|
|
25
25
|
}
|
|
26
26
|
};
|
|
27
|
+
|
|
27
28
|
sendHeartbeat();
|
|
28
29
|
setInterval(sendHeartbeat, 5 * 60 * 1000);
|
|
29
30
|
}
|
|
@@ -48,6 +49,7 @@ const aipGuard = (options = { requireLogin: true }) => {
|
|
|
48
49
|
res.setHeader('Access-Control-Allow-Origin', process.env.AIP_ALLOWED_ORIGIN || '*');
|
|
49
50
|
|
|
50
51
|
let token = req.query.token || (req.cookies && req.cookies.aip_session);
|
|
52
|
+
|
|
51
53
|
if (!token && req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
|
|
52
54
|
token = req.headers.authorization.split(' ')[1];
|
|
53
55
|
} else if (!token && req.headers['x-aip-token']) {
|
|
@@ -60,11 +62,12 @@ const aipGuard = (options = { requireLogin: true }) => {
|
|
|
60
62
|
|
|
61
63
|
try {
|
|
62
64
|
const currentAction = req.method + " " + (req.baseUrl + req.path);
|
|
65
|
+
|
|
63
66
|
const authRes = await axios.post(`${AIP_MASTER_API}/iam/verify-session`,
|
|
64
67
|
{ session_token: token, action: currentAction },
|
|
65
68
|
{ headers: { 'Authorization': `Bearer ${API_KEY}` } }
|
|
66
69
|
);
|
|
67
|
-
|
|
70
|
+
|
|
68
71
|
req.user = authRes.data.user;
|
|
69
72
|
|
|
70
73
|
const isProd = process.env.NODE_ENV === 'production';
|
|
@@ -73,7 +76,7 @@ const aipGuard = (options = { requireLogin: true }) => {
|
|
|
73
76
|
} catch (error) {
|
|
74
77
|
const status = error.response?.status || 500;
|
|
75
78
|
const errMsg = error.response?.data?.error || "AIP Identity Blocked: Invalid Token.";
|
|
76
|
-
|
|
79
|
+
|
|
77
80
|
if (status === 401 && res.clearCookie) {
|
|
78
81
|
res.clearCookie('aip_session');
|
|
79
82
|
}
|
|
@@ -88,9 +91,10 @@ const aipGuard = (options = { requireLogin: true }) => {
|
|
|
88
91
|
body: req.body || {},
|
|
89
92
|
query: req.query || {}
|
|
90
93
|
});
|
|
94
|
+
|
|
91
95
|
const forwardedFor = req.headers['x-forwarded-for'];
|
|
92
96
|
let clientIp = req.ip || (req.connection && req.connection.remoteAddress) || "0.0.0.0";
|
|
93
|
-
|
|
97
|
+
|
|
94
98
|
if (forwardedFor) {
|
|
95
99
|
clientIp = Array.isArray(forwardedFor)
|
|
96
100
|
? forwardedFor[0].trim()
|
|
@@ -121,4 +125,60 @@ const aipGuard = (options = { requireLogin: true }) => {
|
|
|
121
125
|
};
|
|
122
126
|
};
|
|
123
127
|
|
|
128
|
+
// ==========================================
|
|
129
|
+
// 🛡️ NEW: IaaS Admin Client SDK
|
|
130
|
+
// ==========================================
|
|
131
|
+
class AipAdminClient {
|
|
132
|
+
constructor(apiKey = process.env.AIP_MASTER_API_KEY, masterUrl = process.env.AIP_MASTER_URL) {
|
|
133
|
+
if (!apiKey) throw new Error("AIP Admin Client requires an API Key");
|
|
134
|
+
this.apiKey = apiKey;
|
|
135
|
+
this.baseUrl = getSafeMasterUrl(masterUrl);
|
|
136
|
+
|
|
137
|
+
this.client = axios.create({
|
|
138
|
+
baseURL: this.baseUrl,
|
|
139
|
+
headers: { 'Authorization': `Bearer ${this.apiKey}` }
|
|
140
|
+
});
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
// --- User Management ---
|
|
144
|
+
async getUsers() {
|
|
145
|
+
const res = await this.client.get('/sdk/admin/users');
|
|
146
|
+
return res.data;
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
async createUser({ name, email, password, role_id, send_email = false }) {
|
|
150
|
+
const res = await this.client.post('/sdk/admin/users', { name, email, password, role_id, send_email });
|
|
151
|
+
return res.data;
|
|
152
|
+
}
|
|
153
|
+
|
|
154
|
+
async updateUser(userId, { name, role_id }) {
|
|
155
|
+
const res = await this.client.put(`/sdk/admin/users/${userId}`, { name, role_id });
|
|
156
|
+
return res.data;
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
async updateRBAC(userId, permissions) {
|
|
160
|
+
const res = await this.client.put(`/sdk/admin/users/${userId}/rbac`, { permissions });
|
|
161
|
+
return res.data;
|
|
162
|
+
}
|
|
163
|
+
|
|
164
|
+
async deleteUser(userId) {
|
|
165
|
+
const res = await this.client.delete(`/sdk/admin/users/${userId}`);
|
|
166
|
+
return res.data;
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
// --- Role Management ---
|
|
170
|
+
async getRoles() {
|
|
171
|
+
const res = await this.client.get('/sdk/admin/roles');
|
|
172
|
+
return res.data;
|
|
173
|
+
}
|
|
174
|
+
|
|
175
|
+
async createRole({ name, slug, permissions }) {
|
|
176
|
+
const res = await this.client.post('/sdk/admin/roles', { name, slug, permissions });
|
|
177
|
+
return res.data;
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
// 🛡️ Attach the Admin Client directly to the Guard export for backward compatibility
|
|
182
|
+
aipGuard.AipAdminClient = AipAdminClient;
|
|
183
|
+
|
|
124
184
|
module.exports = aipGuard;
|