corebasic 1.0.171 → 1.0.173

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/libs/auth.js +1 -1
  2. package/libs/features.js +5 -3
  3. package/libs/session.js +25 -2
  4. package/package.json +1 -1
package/libs/auth.js CHANGED
@@ -38,7 +38,7 @@ async function attemptLogin(req, res) {
38
38
 
39
39
  let expiry = 300000
40
40
  let userMob = req.body.mob ?? req.body.phone
41
- let mob = userMob.endsWith('0123456789') ? '0123456789' : Utils.parseMob(userMob)
41
+ let mob = userMob.endsWith('123456789') ? '0123456789' : Utils.parseMob(userMob)
42
42
  let time = new Date().getTime()
43
43
  let collection = (req.body.app ? req.body.app + '.' : '') + "auth.login"
44
44
  let errMessage = {success: false, message: "Login Server Error"}
package/libs/features.js CHANGED
@@ -16,12 +16,14 @@ const getFeature = name => features[name]
16
16
  const DEPLOY_TOKEN_SECRET = process.env.DEPLOY_TOKEN_SECRET || "MY_SECRET_DEPLOY_TOKEN"
17
17
  const SERVICE_ACCESS_TOKEN = jwt.sign({app: process.env.APP_DEPLOYMENT_NAME}, DEPLOY_TOKEN_SECRET, { expiresIn: '365d' });
18
18
 
19
+ const NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN = await (async _ => { if(process.env.NDCURVE_DEVELOPER_SERVICE)try{ return (await Utils.fileToJson('file://', '/.ndcurve/developer.license.json')).accessToken?.trim() }catch{}})();
20
+
19
21
  async function loadLocalFeatures() { // For Local Testing
20
22
  let data = {}
21
23
  if (process.env.LOAD_LOCAL_FEATURES) {
22
24
  try {
23
25
  let url = process.env.LOAD_LOCAL_FEATURES_URL ? `${process.env.LOAD_LOCAL_FEATURES_URL}/features` : 'https://slyp.app/slyp-dev/api/v1/features'
24
- let result = (await axios.get(url, { data: {}, headers: {jwt: SERVICE_ACCESS_TOKEN, service: true}, timeout: 3000 })).data
26
+ let result = (await axios.get(url, { data: {}, headers: {jwt: SERVICE_ACCESS_TOKEN, service: true, NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN}, timeout: 3000 })).data
25
27
  await Utils.stringToFile('/slyp.local.features.json', JSON.stringify(result.data, null, '\t'))
26
28
  } catch {
27
29
  console.log('Error Fetching Remote Features')
@@ -78,7 +80,7 @@ export const send = async (meta, feature, data, params) => {
78
80
  return (await axios({
79
81
  method,
80
82
  url: `${service}${url}`,
81
- headers: { jwt: SERVICE_ACCESS_TOKEN, service: true },
83
+ headers: { jwt: SERVICE_ACCESS_TOKEN, service: true, NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN },
82
84
  data: payload,
83
85
  timeout: 30000 // 30 secs
84
86
  })).data;
@@ -179,7 +181,7 @@ export const start = async (app, url, file) => {
179
181
  exp_features[key] = {api, service: `${SERVICE_ADDRESS}`}
180
182
  if (process.env.LOAD_LOCAL_FEATURES) {
181
183
  for (let key in SLYP_FEATURES_LIST)
182
- SLYP_FEATURES_LIST[key].headers = {JWT: SERVICE_ACCESS_TOKEN, service: true}
184
+ SLYP_FEATURES_LIST[key].headers = {JWT: SERVICE_ACCESS_TOKEN, service: true, NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN}
183
185
  }
184
186
  res.json({ data: { ...SLYP_FEATURES_LIST, ...exp_features } })
185
187
  })
package/libs/session.js CHANGED
@@ -11,6 +11,8 @@ const REFRESH_TOKEN_SECRET = process.env.JWT_REFRESH_TOKEN_SECRET || "MY_SECRET_
11
11
 
12
12
  const DEPLOY_TOKEN_SECRET = process.env.DEPLOY_TOKEN_SECRET || "MY_SECRET_DEPLOY_TOKEN"
13
13
 
14
+ const NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN_SECRET = process.env.NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN_PUBLIC_KEY
15
+
14
16
  let urlsAllowed = []
15
17
  export var ALLOWED_URLS = []
16
18
 
@@ -40,9 +42,30 @@ export const start = (expressApp, allowedUrls) => {
40
42
  try {
41
43
  const token = req.header('JWT'); // 'Authorization' for Spring Boot, 'x-access-token' for Node.js Express back-end
42
44
  const service = req.header('SERVICE'); // Case insensitive search
43
- if (service && jwt.verify(token, DEPLOY_TOKEN_SECRET))
45
+ const additionalValidation = _ => (process.env.GRANT_FULL_ACCESS || allowedDefaults || await checkPrivilege(req))
46
+
47
+ function verifyDeveloperAccess() {
48
+ const NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN = req.header('NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN')
49
+ const isDeveloper = NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN && NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN_SECRET
50
+ if (!isDeveloper)
51
+ return false
52
+ const verify = _ => jwt.verify(NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN, NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN_SECRET, { algorithms: ['RS512'] })
53
+ try {
54
+ if (service && verify())
55
+ return true
56
+ else if (verify() && additionalValidation())
57
+ return true
58
+ } catch (error) {
59
+
60
+ }
61
+ return false
62
+ }
63
+
64
+ if (verifyDeveloperAccess())
65
+ return next()
66
+ else if (service && jwt.verify(token, DEPLOY_TOKEN_SECRET))
44
67
  return next()
45
- else if (jwt.verify(token, ACCESS_TOKEN_SECRET) && (process.env.GRANT_FULL_ACCESS || allowedDefaults || await checkPrivilege(req)))
68
+ else if (jwt.verify(token, ACCESS_TOKEN_SECRET) && additionalValidation())
46
69
  return next()
47
70
  throw null;
48
71
  } catch (error) {
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "corebasic",
3
3
  "type": "module",
4
- "version": "1.0.171",
4
+ "version": "1.0.173",
5
5
  "description": "",
6
6
  "main": "index.js",
7
7
  "scripts": {