common-tg-service 1.2.17 → 1.2.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -3,7 +3,6 @@ export declare class AuthGuard implements CanActivate {
|
|
|
3
3
|
private readonly logger;
|
|
4
4
|
canActivate(context: ExecutionContext): boolean;
|
|
5
5
|
private isIgnoredPath;
|
|
6
|
-
private isOriginAllowed;
|
|
7
6
|
private getHeaderValue;
|
|
8
7
|
private extractRealClientIP;
|
|
9
8
|
private extractRealOrigin;
|
|
@@ -40,34 +40,21 @@ let AuthGuard = AuthGuard_1 = class AuthGuard {
|
|
|
40
40
|
if (this.isIgnoredPath(path)) {
|
|
41
41
|
return true;
|
|
42
42
|
}
|
|
43
|
-
this.logger.debug(`
|
|
44
|
-
this.logger.debug(`→ API Key: ${apiKey || 'NONE'}`);
|
|
45
|
-
this.logger.debug(`→ Client IP: ${clientIp}`);
|
|
46
|
-
this.logger.debug(`→ Origin: ${origin || 'NONE'}`);
|
|
43
|
+
this.logger.debug(`Request Received: ${request.originalUrl}`);
|
|
47
44
|
let passedReason = null;
|
|
48
45
|
if (apiKey && apiKey.toLowerCase() === "santoor") {
|
|
49
|
-
this.logger.debug(`✅ API Key matched`);
|
|
50
46
|
passedReason = 'API key valid';
|
|
51
47
|
}
|
|
52
48
|
else {
|
|
53
49
|
this.logger.debug(`❌ API Key mismatch`);
|
|
54
50
|
}
|
|
55
51
|
if (!passedReason && ALLOWED_IPS.includes(clientIp)) {
|
|
56
|
-
this.logger.debug(`✅ IP allowed`);
|
|
57
52
|
passedReason = 'IP allowed';
|
|
58
53
|
}
|
|
59
54
|
else if (!passedReason) {
|
|
60
55
|
this.logger.debug(`❌ IP not allowed`);
|
|
61
56
|
}
|
|
62
|
-
if (!passedReason && origin && this.isOriginAllowed(origin)) {
|
|
63
|
-
this.logger.debug(`✅ Origin allowed`);
|
|
64
|
-
passedReason = 'Origin allowed';
|
|
65
|
-
}
|
|
66
|
-
else if (!passedReason) {
|
|
67
|
-
this.logger.debug(`❌ Origin not allowed`);
|
|
68
|
-
}
|
|
69
57
|
if (passedReason) {
|
|
70
|
-
this.logger.debug(`Access granted because: ${passedReason}`);
|
|
71
58
|
return true;
|
|
72
59
|
}
|
|
73
60
|
this.logger.warn(`❌ Access denied — no condition satisfied`);
|
|
@@ -77,42 +64,31 @@ let AuthGuard = AuthGuard_1 = class AuthGuard {
|
|
|
77
64
|
isIgnoredPath(path) {
|
|
78
65
|
return IGNORE_PATHS.some(ignore => typeof ignore === 'string' ? ignore === path : ignore.test(path));
|
|
79
66
|
}
|
|
80
|
-
isOriginAllowed(origin) {
|
|
81
|
-
if (!origin)
|
|
82
|
-
return false;
|
|
83
|
-
const normalizedOrigin = origin.toLowerCase().trim();
|
|
84
|
-
return ALLOWED_ORIGINS.includes(normalizedOrigin);
|
|
85
|
-
}
|
|
86
67
|
getHeaderValue(request, headerName) {
|
|
87
68
|
return request.headers[headerName.toLowerCase()];
|
|
88
69
|
}
|
|
89
70
|
extractRealClientIP(request) {
|
|
90
71
|
const cfConnectingIP = this.getHeaderValue(request, 'cf-connecting-ip');
|
|
91
72
|
if (cfConnectingIP) {
|
|
92
|
-
this.logger.debug(`Using CF-Connecting-IP: ${cfConnectingIP}`);
|
|
93
73
|
return cfConnectingIP;
|
|
94
74
|
}
|
|
95
75
|
const xRealIP = this.getHeaderValue(request, 'x-real-ip');
|
|
96
76
|
if (xRealIP) {
|
|
97
|
-
this.logger.debug(`Using X-Real-IP: ${xRealIP}`);
|
|
98
77
|
return xRealIP;
|
|
99
78
|
}
|
|
100
79
|
const xForwardedFor = this.getHeaderValue(request, 'x-forwarded-for');
|
|
101
80
|
if (xForwardedFor) {
|
|
102
81
|
const firstIP = xForwardedFor.split(',')[0].trim();
|
|
103
|
-
this.logger.debug(`Using X-Forwarded-For (first): ${firstIP}`);
|
|
104
82
|
return firstIP;
|
|
105
83
|
}
|
|
106
84
|
const expressIP = request.ip;
|
|
107
85
|
if (expressIP) {
|
|
108
86
|
const cleanIP = expressIP.replace('::ffff:', '');
|
|
109
|
-
this.logger.debug(`Using Express IP: ${cleanIP}`);
|
|
110
87
|
return cleanIP;
|
|
111
88
|
}
|
|
112
89
|
const connectionIP = request.connection?.remoteAddress;
|
|
113
90
|
if (connectionIP) {
|
|
114
91
|
const cleanIP = connectionIP.replace('::ffff:', '');
|
|
115
|
-
this.logger.debug(`Using connection remoteAddress: ${cleanIP}`);
|
|
116
92
|
return cleanIP;
|
|
117
93
|
}
|
|
118
94
|
this.logger.warn(`Unable to extract client IP, using fallback`);
|
|
@@ -121,28 +97,24 @@ let AuthGuard = AuthGuard_1 = class AuthGuard {
|
|
|
121
97
|
extractRealOrigin(request) {
|
|
122
98
|
const origin = this.getHeaderValue(request, 'origin');
|
|
123
99
|
if (origin) {
|
|
124
|
-
this.logger.debug(`Using Origin header: ${origin}`);
|
|
125
100
|
return origin;
|
|
126
101
|
}
|
|
127
102
|
const xOriginalHost = this.getHeaderValue(request, 'x-original-host');
|
|
128
103
|
if (xOriginalHost) {
|
|
129
104
|
const protocol = this.extractProtocol(request);
|
|
130
105
|
const constructedOrigin = `${protocol}://${xOriginalHost}`;
|
|
131
|
-
this.logger.debug(`Using X-Original-Host to construct origin: ${constructedOrigin}`);
|
|
132
106
|
return constructedOrigin;
|
|
133
107
|
}
|
|
134
108
|
const xForwardedHost = this.getHeaderValue(request, 'x-forwarded-host');
|
|
135
109
|
if (xForwardedHost) {
|
|
136
110
|
const protocol = this.extractProtocol(request);
|
|
137
111
|
const constructedOrigin = `${protocol}://${xForwardedHost}`;
|
|
138
|
-
this.logger.debug(`Using X-Forwarded-Host to construct origin: ${constructedOrigin}`);
|
|
139
112
|
return constructedOrigin;
|
|
140
113
|
}
|
|
141
114
|
const host = this.getHeaderValue(request, 'host');
|
|
142
115
|
if (host) {
|
|
143
116
|
const protocol = this.extractProtocol(request);
|
|
144
117
|
const constructedOrigin = `${protocol}://${host}`;
|
|
145
|
-
this.logger.debug(`Using Host header to construct origin: ${constructedOrigin}`);
|
|
146
118
|
return constructedOrigin;
|
|
147
119
|
}
|
|
148
120
|
const referer = this.getHeaderValue(request, 'referer');
|
|
@@ -150,7 +122,6 @@ let AuthGuard = AuthGuard_1 = class AuthGuard {
|
|
|
150
122
|
try {
|
|
151
123
|
const refererUrl = new URL(referer);
|
|
152
124
|
const refererOrigin = `${refererUrl.protocol}//${refererUrl.host}`;
|
|
153
|
-
this.logger.debug(`Using Referer to extract origin: ${refererOrigin}`);
|
|
154
125
|
return refererOrigin;
|
|
155
126
|
}
|
|
156
127
|
catch (error) {
|
|
@@ -163,7 +134,6 @@ let AuthGuard = AuthGuard_1 = class AuthGuard {
|
|
|
163
134
|
extractProtocol(request) {
|
|
164
135
|
const xForwardedProto = this.getHeaderValue(request, 'x-forwarded-proto');
|
|
165
136
|
if (xForwardedProto) {
|
|
166
|
-
this.logger.debug(`Using X-Forwarded-Proto: ${xForwardedProto}`);
|
|
167
137
|
return xForwardedProto.toLowerCase();
|
|
168
138
|
}
|
|
169
139
|
const cfVisitor = this.getHeaderValue(request, 'cf-visitor');
|
|
@@ -171,7 +141,6 @@ let AuthGuard = AuthGuard_1 = class AuthGuard {
|
|
|
171
141
|
try {
|
|
172
142
|
const visitor = JSON.parse(cfVisitor);
|
|
173
143
|
if (visitor.scheme) {
|
|
174
|
-
this.logger.debug(`Using CF-Visitor scheme: ${visitor.scheme}`);
|
|
175
144
|
return visitor.scheme.toLowerCase();
|
|
176
145
|
}
|
|
177
146
|
}
|
|
@@ -180,19 +149,15 @@ let AuthGuard = AuthGuard_1 = class AuthGuard {
|
|
|
180
149
|
}
|
|
181
150
|
}
|
|
182
151
|
if (request.secure) {
|
|
183
|
-
this.logger.debug(`Using request.secure: https`);
|
|
184
152
|
return 'https';
|
|
185
153
|
}
|
|
186
154
|
const xForwardedSsl = this.getHeaderValue(request, 'x-forwarded-ssl');
|
|
187
155
|
if (xForwardedSsl && xForwardedSsl.toLowerCase() === 'on') {
|
|
188
|
-
this.logger.debug(`Using X-Forwarded-SSL: https`);
|
|
189
156
|
return 'https';
|
|
190
157
|
}
|
|
191
158
|
if (process.env.NODE_ENV === 'production') {
|
|
192
|
-
this.logger.debug(`Production environment, defaulting to https`);
|
|
193
159
|
return 'https';
|
|
194
160
|
}
|
|
195
|
-
this.logger.debug(`Development environment, defaulting to http`);
|
|
196
161
|
return 'http';
|
|
197
162
|
}
|
|
198
163
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../src/guards/auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAA0G;AAE1G,oCAA4C;AAC5C,8CAA4C;AAE5C,MAAM,WAAW,GAAG,CAAC,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;AACxG,MAAM,eAAe,GAAG;IACpB,uBAAuB;IACvB,6BAA6B;IAC7B,gCAAgC;IAChC,uBAAuB;IACvB,uBAAuB;IACvB,uBAAuB;CAC1B,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;AAGtC,MAAM,YAAY,GAAwB;IACtC,GAAG;IACH,OAAO;IACP,SAAS;IACT,aAAa;CAChB,CAAC;AAGK,IAAM,SAAS,iBAAf,MAAM,SAAS;IAAf;QACc,WAAM,GAAG,IAAI,eAAM,CAAC,WAAS,CAAC,IAAI,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.guard.js","sourceRoot":"","sources":["../../src/guards/auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAA0G;AAE1G,oCAA4C;AAC5C,8CAA4C;AAE5C,MAAM,WAAW,GAAG,CAAC,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;AACxG,MAAM,eAAe,GAAG;IACpB,uBAAuB;IACvB,6BAA6B;IAC7B,gCAAgC;IAChC,uBAAuB;IACvB,uBAAuB;IACvB,uBAAuB;CAC1B,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;AAGtC,MAAM,YAAY,GAAwB;IACtC,GAAG;IACH,OAAO;IACP,SAAS;IACT,aAAa;CAChB,CAAC;AAGK,IAAM,SAAS,iBAAf,MAAM,SAAS;IAAf;QACc,WAAM,GAAG,IAAI,eAAM,CAAC,WAAS,CAAC,IAAI,CAAC,CAAC;IAsPzD,CAAC;IApPG,WAAW,CAAC,OAAyB;QACjC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAW,CAAC;QAE7D,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC1B,MAAM,MAAM,GACR,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE;YACxC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAI/C,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QAChB,CAAC;QAGD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAK9D,IAAI,YAAY,GAAkB,IAAI,CAAC;QAGvC,IAAI,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,SAAS,EAAE,CAAC;YAE/C,YAAY,GAAG,eAAe,CAAC;QACnC,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC5C,CAAC;QAGD,IAAI,CAAC,YAAY,IAAI,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAElD,YAAY,GAAG,YAAY,CAAC;QAChC,CAAC;aAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC1C,CAAC;QAUD,IAAI,YAAY,EAAE,CAAC;YAEf,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QAC7D,IAAA,wBAAgB,EAAC,GAAG,IAAA,kBAAQ,GAAE,SAAS,kBAAkB,CACrD,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,+CAA+C,QAAQ,IAAI,YAAY,gBAAgB,MAAM,IAAI,gBAAgB,QAAQ,OAAO,CAAC,WAAW,EAAE,CACnM,EAAE,CAAC,CAAC;QACL,MAAM,IAAI,8BAAqB,CAAC,gDAAgD,CAAC,CAAC;IACtF,CAAC;IAEO,aAAa,CAAC,IAAY;QAC9B,OAAO,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAC9B,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CACnE,CAAC;IACN,CAAC;IAiBO,cAAc,CAAC,OAAgB,EAAE,UAAkB;QAEvD,OAAO,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,WAAW,EAAE,CAAW,CAAC;IAC/D,CAAC;IAKO,mBAAmB,CAAC,OAAgB;QAQxC,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACxE,IAAI,cAAc,EAAE,CAAC;YAEjB,OAAO,cAAc,CAAC;QAC1B,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAC1D,IAAI,OAAO,EAAE,CAAC;YAEV,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACtE,IAAI,aAAa,EAAE,CAAC;YAEhB,MAAM,OAAO,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAEnD,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,EAAE,CAAC;QAC7B,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAEjD,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,UAAU,EAAE,aAAa,CAAC;QACvD,IAAI,YAAY,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAEpD,OAAO,OAAO,CAAC;QACnB,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC;IACrB,CAAC;IAKO,iBAAiB,CAAC,OAAgB;QAQtC,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACtD,IAAI,MAAM,EAAE,CAAC;YAET,OAAO,MAAM,CAAC;QAClB,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACtE,IAAI,aAAa,EAAE,CAAC;YAEhB,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAC/C,MAAM,iBAAiB,GAAG,GAAG,QAAQ,MAAM,aAAa,EAAE,CAAC;YAE3D,OAAO,iBAAiB,CAAC;QAC7B,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACxE,IAAI,cAAc,EAAE,CAAC;YAEjB,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAC/C,MAAM,iBAAiB,GAAG,GAAG,QAAQ,MAAM,cAAc,EAAE,CAAC;YAE5D,OAAO,iBAAiB,CAAC;QAC7B,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAClD,IAAI,IAAI,EAAE,CAAC;YAEP,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAC/C,MAAM,iBAAiB,GAAG,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAC;YAElD,OAAO,iBAAiB,CAAC;QAC7B,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACxD,IAAI,OAAO,EAAE,CAAC;YACV,IAAI,CAAC;gBAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;gBACpC,MAAM,aAAa,GAAG,GAAG,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,IAAI,EAAE,CAAC;gBAEnE,OAAO,aAAa,CAAC;YACzB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,OAAO,EAAE,CAAC,CAAC;YACpE,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,OAAO,SAAS,CAAC;IACrB,CAAC;IAKO,eAAe,CAAC,OAAgB;QAEpC,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QAC1E,IAAI,eAAe,EAAE,CAAC;YAElB,OAAO,eAAe,CAAC,WAAW,EAAE,CAAC;QACzC,CAAC;QAGD,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAC7D,IAAI,SAAS,EAAE,CAAC;YACZ,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;oBAEjB,OAAO,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;gBACxC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;YAClE,CAAC;QACL,CAAC;QAGD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAEjB,OAAO,OAAO,CAAC;QACnB,CAAC;QAGD,MAAM,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACtE,IAAI,aAAa,IAAI,aAAa,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC;YAExD,OAAO,OAAO,CAAC;QACnB,CAAC;QAGD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YAExC,OAAO,OAAO,CAAC;QACnB,CAAC;QAID,OAAO,MAAM,CAAC;IAClB,CAAC;CACJ,CAAA;AAvPY,8BAAS;oBAAT,SAAS;IADrB,IAAA,mBAAU,GAAE;GACA,SAAS,CAuPrB"}
|