npm - dms-middleware-auth - Versions diffs - 1.0.6 → 1.0.8 - Mend

dms-middleware-auth 1.0.6 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/auth.middleware.js CHANGED Viewed

@@ -90,6 +90,16 @@ let AuthMiddleware = class AuthMiddleware {
             if (!clientAttributes[req.originalUrl]) {
                 return res.status(403).json({ message: 'Access denied for this route' });
             }
+            else {
+                const apiPermission = JSON.parse(clientAttributes[req.originalUrl]);
+                if (apiPermission?.params === "true") {
+                    const event = req?.body?.event;
+                    const url = req?.originalUrl + `?action=${event}`;
+                    if (!clientAttributes[url]) {
+                        return res.status(403).json({ message: 'Access denied for event' });
+                    }
+                }
+            }
             // Cache interface details
             /*const userName = decoded.preferred_username;
             let userAttributes: any = await this.cacheManager.get(userName);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dms-middleware-auth",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "Reusable middleware for authentication and authorization in NestJS applications.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/auth.middleware.ts CHANGED Viewed

@@ -42,6 +42,8 @@ export class AuthMiddleware implements NestMiddleware {
         clientToken = await this.clientLogin();
         const decodedToken: any = jwt.decode(clientToken);
         const ttl = (decodedToken.exp - Math.floor(Date.now() / 1000)) * 1000;
         await this.cacheManager.set('client_access_token', clientToken, ttl );
       }
@@ -57,9 +59,23 @@ export class AuthMiddleware implements NestMiddleware {
       // Check route access
       clientAttributes = JSON.parse(clientAttributes);
       if (!clientAttributes[req.originalUrl]) {
         return res.status(403).json({ message: 'Access denied for this route' });
       }
+      else {
+        const  apiPermission = JSON.parse(clientAttributes[req.originalUrl]);
+        if (apiPermission?.params === "true")
+        {
+          const event = req?.body?.event;
+          const url = req?.originalUrl + `?action=${event}`;
+          if (!clientAttributes[url]){
+            return res.status(403).json({ message: 'Access denied for event' });
+          }
+        }
+      }
       // Cache interface details
       /*const userName = decoded.preferred_username;