corebasic 1.0.173 → 1.0.175
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/libs/auth.js +4 -0
- package/libs/session.js +5 -5
- package/package.json +1 -1
package/libs/auth.js
CHANGED
|
@@ -71,6 +71,10 @@ async function attemptLogin(req, res) {
|
|
|
71
71
|
|
|
72
72
|
|
|
73
73
|
async function sendOtp(mob, otp, app, hash) {
|
|
74
|
+
if (process.env.LOGIN_OTP_DISABLE) {
|
|
75
|
+
console.log(otp);
|
|
76
|
+
return true
|
|
77
|
+
}
|
|
74
78
|
try {
|
|
75
79
|
if (app && hash)
|
|
76
80
|
app = encodeURIComponent(`${app} (#${hash})`) // Of the form '<app> (#<hash>)' for better readability. Note: Axios works with SlypBusiness%20(%23<HASH>) but Curl requires SlypBusiness%20%28%23<HASH>%29
|
package/libs/session.js
CHANGED
|
@@ -42,9 +42,9 @@ export const start = (expressApp, allowedUrls) => {
|
|
|
42
42
|
try {
|
|
43
43
|
const token = req.header('JWT'); // 'Authorization' for Spring Boot, 'x-access-token' for Node.js Express back-end
|
|
44
44
|
const service = req.header('SERVICE'); // Case insensitive search
|
|
45
|
-
const additionalValidation = _ => (process.env.GRANT_FULL_ACCESS || allowedDefaults || await checkPrivilege(req))
|
|
45
|
+
const additionalValidation = async _ => (process.env.GRANT_FULL_ACCESS || allowedDefaults || await checkPrivilege(req))
|
|
46
46
|
|
|
47
|
-
function verifyDeveloperAccess() {
|
|
47
|
+
async function verifyDeveloperAccess() {
|
|
48
48
|
const NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN = req.header('NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN')
|
|
49
49
|
const isDeveloper = NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN && NDCURVE_DEVELOPER_LICENSE_ACCESS_TOKEN_SECRET
|
|
50
50
|
if (!isDeveloper)
|
|
@@ -53,7 +53,7 @@ export const start = (expressApp, allowedUrls) => {
|
|
|
53
53
|
try {
|
|
54
54
|
if (service && verify())
|
|
55
55
|
return true
|
|
56
|
-
else if (verify() && additionalValidation())
|
|
56
|
+
else if (verify() && await additionalValidation())
|
|
57
57
|
return true
|
|
58
58
|
} catch (error) {
|
|
59
59
|
|
|
@@ -61,11 +61,11 @@ export const start = (expressApp, allowedUrls) => {
|
|
|
61
61
|
return false
|
|
62
62
|
}
|
|
63
63
|
|
|
64
|
-
if (verifyDeveloperAccess())
|
|
64
|
+
if (await verifyDeveloperAccess())
|
|
65
65
|
return next()
|
|
66
66
|
else if (service && jwt.verify(token, DEPLOY_TOKEN_SECRET))
|
|
67
67
|
return next()
|
|
68
|
-
else if (jwt.verify(token, ACCESS_TOKEN_SECRET) && additionalValidation())
|
|
68
|
+
else if (jwt.verify(token, ACCESS_TOKEN_SECRET) && await additionalValidation())
|
|
69
69
|
return next()
|
|
70
70
|
throw null;
|
|
71
71
|
} catch (error) {
|