npm - aip-master-node-sumit - Versions diffs - 1.0.3 → 1.0.7 - Mend

aip-master-node-sumit 1.0.3 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.js +104 -18
package/package.json +2 -2

package/index.js CHANGED Viewed

@@ -11,7 +11,7 @@ const getSafeMasterUrl = (url) => {
 };
 const AIP_MASTER_API = getSafeMasterUrl(process.env.AIP_MASTER_URL);
-const API_KEY = process.env.AIP_MASTER_API_KEY;
+const API_KEY = process.env.AIP_MASTER_API_KEY;
 if (API_KEY) {
     const sendHeartbeat = async () => {
@@ -24,6 +24,7 @@ if (API_KEY) {
             // Silently fail so the client's app doesn't crash if Master API is updating
         }
     };
     sendHeartbeat();
     setInterval(sendHeartbeat, 5 * 60 * 1000);
 }
@@ -31,40 +32,66 @@ if (API_KEY) {
 const aipGuard = (options = { requireLogin: true }) => {
     return async (req, res, next) => {
-        // LAYER 1: INFRASTRUCTURE SHIELD
+        // ==========================================
+        // 🛡️ LAYER 0: DYNAMIC CORS & SECURITY HEADERS
+        // ==========================================
+        const origin = req.headers.origin || req.headers.Origin;
+        if (origin) {
+            // If origin is present, dynamically echo it to satisfy strict browser credential policies
+            res.setHeader('Access-Control-Allow-Origin', origin);
+            res.setHeader('Access-Control-Allow-Credentials', 'true');
+        } else {
+            // Fallback for non-browser clients (like Postman or cURL)
+            res.setHeader('Access-Control-Allow-Origin', process.env.AIP_ALLOWED_ORIGIN || '*');
+        }
+        res.setHeader('X-Frame-Options', 'DENY');
+        res.setHeader('X-Content-Type-Options', 'nosniff');
+        res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+        // Handle preflight requests gracefully
+        if (req.method === 'OPTIONS') {
+            res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
+            res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-AIP-Token, X-Requested-With, Accept');
+            return res.status(200).end();
+        }
+        // ==========================================
+        // 🛡️ LAYER 1: INFRASTRUCTURE SHIELD
+        // ==========================================
         const MAX_PAYLOAD_BYTES = 2 * 1024 * 1024;
         if (req.headers['transfer-encoding'] && req.headers['transfer-encoding'].includes('chunked')) {
-            return res.status(411).send("AIP Infrastructure Shield: Chunked encoding rejected.");
+            return res.status(411).json({ error: "AIP Infrastructure Shield: Chunked encoding rejected." });
         }
         if (req.headers['content-length'] && parseInt(req.headers['content-length']) > MAX_PAYLOAD_BYTES) {
-            return res.status(413).send("AIP Infrastructure Shield: Payload Too Large.");
+            return res.status(413).json({ error: "AIP Infrastructure Shield: Payload Too Large." });
         }
-        res.setHeader('X-Frame-Options', 'DENY');
-        res.setHeader('X-Content-Type-Options', 'nosniff');
-        res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
-        res.setHeader('Access-Control-Allow-Origin', process.env.AIP_ALLOWED_ORIGIN || '*');
         let token = req.query.token || (req.cookies && req.cookies.aip_session);
         if (!token && req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
             token = req.headers.authorization.split(' ')[1];
         } else if (!token && req.headers['x-aip-token']) {
             token = req.headers['x-aip-token'];
         }
-        // LAYER 2: IDENTITY CHECK & RBAC
+        // ==========================================
+        // 🛡️ LAYER 2: IDENTITY CHECK & RBAC
+        // ==========================================
         if (options.requireLogin) {
-            if (!token) return res.status(401).send("Unauthorized: Missing AIP Session Token");
+            if (!token) return res.status(401).json({ error: "Unauthorized: Missing AIP Session Token" });
             try {
                 const currentAction = req.method + " " + (req.baseUrl + req.path);
                 const authRes = await axios.post(`${AIP_MASTER_API}/iam/verify-session`,
                     { session_token: token, action: currentAction },
                     { headers: { 'Authorization': `Bearer ${API_KEY}` } }
                 );
                 req.user = authRes.data.user;
                 const isProd = process.env.NODE_ENV === 'production';
@@ -73,24 +100,27 @@ const aipGuard = (options = { requireLogin: true }) => {
             } catch (error) {
                 const status = error.response?.status || 500;
                 const errMsg = error.response?.data?.error || "AIP Identity Blocked: Invalid Token.";
                 if (status === 401 && res.clearCookie) {
                     res.clearCookie('aip_session');
                 }
-                return res.status(status === 401 ? 401 : 403).send(errMsg);
+                return res.status(status === 401 ? 401 : 403).json({ error: errMsg });
             }
         }
-        // LAYER 3: WAF THREAT SCAN
+        // ==========================================
+        // 🛡️ LAYER 3: WAF THREAT SCAN
+        // ==========================================
         try {
             const payloadData = JSON.stringify({
                 body: req.body || {},
                 query: req.query || {}
             });
             const forwardedFor = req.headers['x-forwarded-for'];
             let clientIp = req.ip || (req.connection && req.connection.remoteAddress) || "0.0.0.0";
             if (forwardedFor) {
                 clientIp = Array.isArray(forwardedFor)
                     ? forwardedFor[0].trim()
@@ -109,16 +139,72 @@ const aipGuard = (options = { requireLogin: true }) => {
             });
             if (wafRes.data.action === "block") {
-                return res.status(403).send(`AIP Firewall Blocked Request: ${wafRes.data.reason}`);
+                return res.status(403).json({ error: `AIP Firewall Blocked Request: ${wafRes.data.reason}` });
             }
         } catch (error) {
             console.error("WAF Engine Unreachable");
-            return res.status(500).send("Security verification failed.");
+            return res.status(500).json({ error: "Security verification failed." });
         }
         next();
     };
 };
+// ==========================================
+// 🛡️ NEW: IaaS Admin Client SDK
+// ==========================================
+class AipAdminClient {
+    constructor(apiKey = process.env.AIP_MASTER_API_KEY, masterUrl = process.env.AIP_MASTER_URL) {
+        if (!apiKey) throw new Error("AIP Admin Client requires an API Key");
+        this.apiKey = apiKey;
+        this.baseUrl = getSafeMasterUrl(masterUrl);
+        this.client = axios.create({
+            baseURL: this.baseUrl,
+            headers: { 'Authorization': `Bearer ${this.apiKey}` }
+        });
+    }
+    // --- User Management ---
+    async getUsers() {
+        const res = await this.client.get('/sdk/admin/users');
+        return res.data;
+    }
+    async createUser({ name, email, password, role_id, send_email = false }) {
+        const res = await this.client.post('/sdk/admin/users', { name, email, password, role_id, send_email });
+        return res.data;
+    }
+    async updateUser(userId, { name, role_id }) {
+        const res = await this.client.put(`/sdk/admin/users/${userId}`, { name, role_id });
+        return res.data;
+    }
+    async updateRBAC(userId, permissions) {
+        const res = await this.client.put(`/sdk/admin/users/${userId}/rbac`, { permissions });
+        return res.data;
+    }
+    async deleteUser(userId) {
+        const res = await this.client.delete(`/sdk/admin/users/${userId}`);
+        return res.data;
+    }
+    // --- Role Management ---
+    async getRoles() {
+        const res = await this.client.get('/sdk/admin/roles');
+        return res.data;
+    }
+    async createRole({ name, slug, permissions }) {
+        const res = await this.client.post('/sdk/admin/roles', { name, slug, permissions });
+        return res.data;
+    }
+}
+// 🛡️ Attach the Admin Client directly to the Guard export for backward compatibility
+aipGuard.AipAdminClient = AipAdminClient;
 module.exports = aipGuard;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aip-master-node-sumit",
-  "version": "1.0.3",
+  "version": "1.0.7",
   "description": "Enterprise-grade WAF and IAM security middleware for Node.js.",
   "main": "index.js",
   "scripts": {
@@ -17,4 +17,4 @@
   "dependencies": {
     "axios": "^1.13.6"
   }
-}
+}