npm - dms-middleware-auth - Versions diffs - 1.2.2 → 1.2.3 - Mend

dms-middleware-auth 1.2.2 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/auth.middleware.d.ts CHANGED Viewed

@@ -23,7 +23,7 @@ export declare class AuthMiddleware implements NestMiddleware, OnModuleInit {
     private static licenceExpiryInterval;
     private static readonly licenceExpiredMessage;
     private static readonly licenceValidationFailedMessage;
-    private static readonly CLOCK_TOLERANCE_MS;
+    private static readonly LICENCE_MONITOR_INTERVAL_MS;
     private static readonly LIC_CACHE_TTL_SECONDS;
     private static readonly CLIENT_TOKEN_TTL_MAX_SECONDS;
     private static readonly CLIENT_TOKEN_TTL_SAFETY_SKEW_SECONDS;
@@ -33,6 +33,7 @@ export declare class AuthMiddleware implements NestMiddleware, OnModuleInit {
     onModuleInit(): Promise<void>;
     use(req: any, res: Response, next: NextFunction): Promise<void | Response<any, Record<string, any>>>;
     private enforceLicenceExpiry;
+    private monitorLicenceRuntime;
     private markLicenceExpired;
     private stopServer;
     private checkLicenceAndValidate;

package/dist/auth.middleware.js CHANGED Viewed

@@ -65,16 +65,17 @@ let AuthMiddleware = AuthMiddleware_1 = class AuthMiddleware {
         const { realm, publicKey } = this.options;
         // Validate once on boot
         await this.checkLicenceAndValidate(realm, publicKey);
-        // Periodic expiry check (safe: small interval only)
+        this.monitorLicenceRuntime();
+        // Periodic expiry check (safe: short interval, no long timers)
         if (!AuthMiddleware_1.licenceExpiryInterval) {
             AuthMiddleware_1.licenceExpiryInterval = setInterval(() => {
                 try {
-                    this.enforceLicenceExpiry();
+                    this.monitorLicenceRuntime();
                 }
                 catch (e) {
                     this.logger.warn(`Licence expiry interval error: ${e?.message || e}`);
                 }
-            }, 60 * 60 * 1000); // Check every hour
+            }, AuthMiddleware_1.LICENCE_MONITOR_INTERVAL_MS);
         }
     }
     // -------------------------
@@ -172,8 +173,14 @@ let AuthMiddleware = AuthMiddleware_1 = class AuthMiddleware {
         if (!AuthMiddleware_1.licenceValidatedUntilMs)
             return;
         const now = Date.now();
-        if (now >= AuthMiddleware_1.licenceValidatedUntilMs + AuthMiddleware_1.CLOCK_TOLERANCE_MS) {
-            this.markLicenceExpired(AuthMiddleware_1.licenceValidatedUntilMs, 'licence end time reached');
+        if (now >= AuthMiddleware_1.licenceValidatedUntilMs) {
+            this.markLicenceExpired(AuthMiddleware_1.licenceValidatedUntilMs, 'Licence Expired');
+        }
+    }
+    monitorLicenceRuntime() {
+        this.enforceLicenceExpiry();
+        if (AuthMiddleware_1.licenceExpired) {
+            this.stopServer();
         }
     }
     markLicenceExpired(expiredAtMs, reason) {
@@ -223,8 +230,8 @@ let AuthMiddleware = AuthMiddleware_1 = class AuthMiddleware {
             // If we already have an expiry in memory, decide immediately.
             if (AuthMiddleware_1.licenceValidatedUntilMs) {
                 const now = Date.now();
-                if (now >= AuthMiddleware_1.licenceValidatedUntilMs + AuthMiddleware_1.CLOCK_TOLERANCE_MS) {
-                    this.markLicenceExpired(AuthMiddleware_1.licenceValidatedUntilMs, 'in-memory licence already expired');
+                if (now >= AuthMiddleware_1.licenceValidatedUntilMs) {
+                    this.markLicenceExpired(AuthMiddleware_1.licenceValidatedUntilMs, 'Licence Expired');
                     return false;
                 }
                 return true;
@@ -281,7 +288,7 @@ let AuthMiddleware = AuthMiddleware_1 = class AuthMiddleware {
                 }
                 return false;
             }
-            if (now >= licEndMs + AuthMiddleware_1.CLOCK_TOLERANCE_MS) {
+            if (now >= licEndMs) {
                 if (isAuthoritativeToken) {
                     this.logger.error(`Licence already expired. lic_end=${new Date(licEndMs).toISOString()} now=${new Date(now).toISOString()}`);
                     this.markLicenceExpired(licEndMs, 'authoritative token already expired');
@@ -455,8 +462,8 @@ AuthMiddleware.licenceExpiryInterval = null;
 // ---- Constants ----
 AuthMiddleware.licenceExpiredMessage = 'Server Licence is expired! Please renew';
 AuthMiddleware.licenceValidationFailedMessage = 'Server licence validation failed. Please try again.';
-// Allow small clock drift
-AuthMiddleware.CLOCK_TOLERANCE_MS = 60_000; // 1 minute
+// Runtime monitor cadence for strict licence end enforcement.
+AuthMiddleware.LICENCE_MONITOR_INTERVAL_MS = 10_000; // 10 seconds
 // Cache TTLs (safe by design; prevents timer overflow)
 AuthMiddleware.LIC_CACHE_TTL_SECONDS = 24 * 60 * 60; // 24 hours TTL for licence
 AuthMiddleware.CLIENT_TOKEN_TTL_MAX_SECONDS = 60 * 60; // 1 hour cap

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dms-middleware-auth",
-  "version": "1.2.2",
+  "version": "1.2.3",
   "description": "Reusable middleware for authentication and authorization in NestJS applications.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/auth.middleware.ts CHANGED Viewed

@@ -49,8 +49,8 @@ export class AuthMiddleware implements NestMiddleware, OnModuleInit {
   private static readonly licenceValidationFailedMessage =
     'Server licence validation failed. Please try again.';
-  // Allow small clock drift
-  private static readonly CLOCK_TOLERANCE_MS = 60_000; // 1 minute
+  // Runtime monitor cadence for strict licence end enforcement.
+  private static readonly LICENCE_MONITOR_INTERVAL_MS = 10_000; // 10 seconds
   // Cache TTLs (safe by design; prevents timer overflow)
   private static readonly LIC_CACHE_TTL_SECONDS = 24 * 60 * 60; // 24 hours TTL for licence
@@ -74,16 +74,17 @@ export class AuthMiddleware implements NestMiddleware, OnModuleInit {
     // Validate once on boot
     await this.checkLicenceAndValidate(realm, publicKey);
+    this.monitorLicenceRuntime();
-    // Periodic expiry check (safe: small interval only)
+    // Periodic expiry check (safe: short interval, no long timers)
     if (!AuthMiddleware.licenceExpiryInterval) {
       AuthMiddleware.licenceExpiryInterval = setInterval(() => {
         try {
-          this.enforceLicenceExpiry();
+          this.monitorLicenceRuntime();
         } catch (e: any) {
           this.logger.warn(`Licence expiry interval error: ${e?.message || e}`);
         }
-      }, 60 * 60 * 1000); // Check every hour
+      }, AuthMiddleware.LICENCE_MONITOR_INTERVAL_MS);
     }
   }
@@ -201,31 +202,38 @@ export class AuthMiddleware implements NestMiddleware, OnModuleInit {
     if (AuthMiddleware.licenceExpired) return;
     if (!AuthMiddleware.licenceValidatedUntilMs) return;
-    const now = Date.now();
-    if (now >= AuthMiddleware.licenceValidatedUntilMs + AuthMiddleware.CLOCK_TOLERANCE_MS) {
-      this.markLicenceExpired(
-        AuthMiddleware.licenceValidatedUntilMs,
-        'licence end time reached'
-      );
-    }
-  }
-  private markLicenceExpired(expiredAtMs?: number | null, reason?: string) {
-    if (Number.isFinite(expiredAtMs) && Number(expiredAtMs) > 0) {
-      AuthMiddleware.licenceValidatedUntilMs = Number(expiredAtMs);
-    }
-    if (!AuthMiddleware.licenceExpired) {
-      AuthMiddleware.licenceExpired = true;
-      const expiryText = AuthMiddleware.licenceValidatedUntilMs
-        ? new Date(AuthMiddleware.licenceValidatedUntilMs).toISOString()
-        : 'unknown';
-      const reasonText = reason ? ` (reason: ${reason})` : '';
-      this.logger.error(
-        `Licence expired at ${expiryText}${reasonText}`
-      );
-    }
-  }
+    const now = Date.now();
+    if (now >= AuthMiddleware.licenceValidatedUntilMs) {
+      this.markLicenceExpired(
+        AuthMiddleware.licenceValidatedUntilMs,
+        'Licence Expired'
+      );
+    }
+  }
+  private monitorLicenceRuntime() {
+    this.enforceLicenceExpiry();
+    if (AuthMiddleware.licenceExpired) {
+      this.stopServer();
+    }
+  }
+  private markLicenceExpired(expiredAtMs?: number | null, reason?: string) {
+    if (Number.isFinite(expiredAtMs) && Number(expiredAtMs) > 0) {
+      AuthMiddleware.licenceValidatedUntilMs = Number(expiredAtMs);
+    }
+    if (!AuthMiddleware.licenceExpired) {
+      AuthMiddleware.licenceExpired = true;
+      const expiryText = AuthMiddleware.licenceValidatedUntilMs
+        ? new Date(AuthMiddleware.licenceValidatedUntilMs).toISOString()
+        : 'unknown';
+      const reasonText = reason ? ` (reason: ${reason})` : '';
+      this.logger.error(
+        `Licence expired at ${expiryText}${reasonText}`
+      );
+    }
+  }
   // -------------------------
   // Graceful shutdown for EKS
@@ -262,15 +270,15 @@ export class AuthMiddleware implements NestMiddleware, OnModuleInit {
       // If we already have an expiry in memory, decide immediately.
       if (AuthMiddleware.licenceValidatedUntilMs) {
-        const now = Date.now();
-        if (now >= AuthMiddleware.licenceValidatedUntilMs + AuthMiddleware.CLOCK_TOLERANCE_MS) {
-          this.markLicenceExpired(
-            AuthMiddleware.licenceValidatedUntilMs,
-            'in-memory licence already expired'
-          );
-          return false;
-        }
-        return true;
+        const now = Date.now();
+        if (now >= AuthMiddleware.licenceValidatedUntilMs) {
+          this.markLicenceExpired(
+            AuthMiddleware.licenceValidatedUntilMs,
+            'Licence Expired'
+          );
+          return false;
+        }
+        return true;
       }
       // De-duplicate concurrent validations
@@ -328,24 +336,24 @@ export class AuthMiddleware implements NestMiddleware, OnModuleInit {
       const now = Date.now();
       if (!licEndMs) {
-        if (isAuthoritativeToken) {
-          this.logger.error('Licence token missing lic_end');
-          this.markLicenceExpired(null, 'authoritative token missing lic_end');
-        } else {
-          this.logger.warn('Cached licence token missing lic_end, refetching from service');
-        }
+        if (isAuthoritativeToken) {
+          this.logger.error('Licence token missing lic_end');
+          this.markLicenceExpired(null, 'authoritative token missing lic_end');
+        } else {
+          this.logger.warn('Cached licence token missing lic_end, refetching from service');
+        }
         return false;
       }
-      if (now >= licEndMs + AuthMiddleware.CLOCK_TOLERANCE_MS) {
-        if (isAuthoritativeToken) {
-          this.logger.error(
-            `Licence already expired. lic_end=${new Date(licEndMs).toISOString()} now=${new Date(now).toISOString()}`
-          );
-          this.markLicenceExpired(licEndMs, 'authoritative token already expired');
-        } else {
-          this.logger.warn(
-            `Cached licence token expired. lic_end=${new Date(licEndMs).toISOString()} now=${new Date(now).toISOString()}`
+      if (now >= licEndMs) {
+        if (isAuthoritativeToken) {
+          this.logger.error(
+            `Licence already expired. lic_end=${new Date(licEndMs).toISOString()} now=${new Date(now).toISOString()}`
+          );
+          this.markLicenceExpired(licEndMs, 'authoritative token already expired');
+        } else {
+          this.logger.warn(
+            `Cached licence token expired. lic_end=${new Date(licEndMs).toISOString()} now=${new Date(now).toISOString()}`
           );
         }
         return false;
@@ -370,12 +378,12 @@ export class AuthMiddleware implements NestMiddleware, OnModuleInit {
       // If JWT invalid, expire
       const name = e?.name || '';
       if (name === 'JsonWebTokenError' || name === 'TokenExpiredError' || name === 'NotBeforeError') {
-        if (isAuthoritativeToken) {
-          this.logger.error(`Invalid licence token: ${e?.message || e}`);
-          this.markLicenceExpired(null, `authoritative token invalid (${name})`);
-        } else {
-          this.logger.warn(`Cached licence token invalid, refetching from service: ${e?.message || e}`);
-        }
+        if (isAuthoritativeToken) {
+          this.logger.error(`Invalid licence token: ${e?.message || e}`);
+          this.markLicenceExpired(null, `authoritative token invalid (${name})`);
+        } else {
+          this.logger.warn(`Cached licence token invalid, refetching from service: ${e?.message || e}`);
+        }
         return false;
       }