npm - ecrs-auth-core - Versions diffs - 1.0.65 → 1.0.66 - Mend

ecrs-auth-core 1.0.65 → 1.0.66

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/auth.controller.d.ts CHANGED Viewed

@@ -23,7 +23,7 @@ export declare class AuthController {
                 parentId: number;
                 referenceId: number;
                 branchId: any;
-                dispatchId: any;
+                dispatchCenterId: any;
                 departmentId: any;
                 designationId: any;
                 profile_photo_url: string;

package/dist/auth.service.d.ts CHANGED Viewed

@@ -41,6 +41,7 @@ export declare class AuthService {
      * 4. If match found → Allow login (return true)
      * 5. If NO match → Deny login (return false)
      */
+    private normalizeIp;
     private validateIpRestriction;
     hasModuleAccess(userId: number, moduleId: number): Promise<boolean>;
     getPermissions(userId: number): Promise<PermissionsTree>;
@@ -77,7 +78,7 @@ export declare class AuthService {
                 parentId: number;
                 referenceId: number;
                 branchId: any;
-                dispatchId: any;
+                dispatchCenterId: any;
                 departmentId: any;
                 designationId: any;
                 profile_photo_url: string;
@@ -85,6 +86,11 @@ export declare class AuthService {
         };
         access_token: string;
     }>;
+    /**
+     * Extract clean IPv4 address from request
+     * Handles various formats: IPv6-mapped, plain IPv4, descriptive text
+     */
+    extractUserIpv4(clientIp: string | undefined): string;
     findUserById(id: number): Promise<User | null>;
     private loadPermissions;
 }

package/dist/auth.service.js CHANGED Viewed

@@ -96,12 +96,31 @@ let AuthService = class AuthService {
      * 4. If match found → Allow login (return true)
      * 5. If NO match → Deny login (return false)
      */
+    normalizeIp(ip) {
+        // Remove descriptive text if present (e.g., "IPv4 Address. . . . . . : 192.167.0.173")
+        let cleanIp = ip.trim();
+        if (cleanIp.includes(':')) {
+            const parts = cleanIp.split(':');
+            cleanIp = parts[parts.length - 1].trim();
+        }
+        // Convert IPv6-mapped IPv4 addresses (::ffff:x.x.x.x) to plain IPv4 (x.x.x.x)
+        if (cleanIp.startsWith('::ffff:')) {
+            return cleanIp.substring(7);
+        }
+        // Also handle other IPv6 prefixes
+        if (cleanIp.startsWith('::1')) {
+            return '127.0.0.1'; // IPv6 loopback to IPv4 loopback
+        }
+        return cleanIp;
+    }
     async validateIpRestriction(userId, requestIp) {
         if (!this.ipRestrictionsRepo) {
             // No IP restrictions repository configured - allow login
             return true;
         }
         try {
+            // Normalize the incoming IP
+            const normalizedRequestIp = this.normalizeIp(requestIp);
             // Get all active IP restrictions for this user
             const restrictions = await this.ipRestrictionsRepo.find({
                 where: {
@@ -117,15 +136,19 @@ let AuthService = class AuthService {
             const ipMatches = restrictions.some((restriction) => {
                 // Handle both property name variations
                 const allowedIp = restriction.allowed_ip_address || restriction.ip_address;
-                return allowedIp === requestIp;
+                const normalizedAllowedIp = this.normalizeIp(allowedIp);
+                return normalizedAllowedIp === normalizedRequestIp;
             });
             if (ipMatches) {
-                console.log(`✅ User ${userId}: IP ${requestIp} matches allowed IP - Allow login`);
+                console.log(`✅ User ${userId}: IP ${requestIp} (normalized: ${normalizedRequestIp}) matches allowed IP - Allow login`);
                 return true;
             }
             // IP doesn't match any allowed IP
-            const allowedIps = restrictions.map((r) => r.allowed_ip_address || r.ip_address).join(', ');
-            console.log(`❌ User ${userId}: IP ${requestIp} does not match allowed IPs - Deny login`);
+            const allowedIps = restrictions.map((r) => {
+                const ip = r.allowed_ip_address || r.ip_address;
+                return this.normalizeIp(ip);
+            }).join(', ');
+            console.log(`❌ User ${userId}: IP ${requestIp} (normalized: ${normalizedRequestIp}) does not match allowed IPs - Deny login`);
             console.log(`   Allowed IPs: ${allowedIps}`);
             return false;
         }
@@ -186,7 +209,7 @@ let AuthService = class AuthService {
         const effectiveModuleId = Number.isFinite(selectedModuleId) ? selectedModuleId : user.moduleId ?? null;
         // Fetch workprofile/employee details from EmployeeWorkProfileEntity
         let branchId = null;
-        let dispatchId = null;
+        let dispatchCenterId = null;
         let departmentId = null;
         let designationId = null;
         if (this.employeeWorkProfileRepo) {
@@ -196,7 +219,7 @@ let AuthService = class AuthService {
                 });
                 if (workProfile) {
                     branchId = workProfile?.branch_id || null;
-                    dispatchId = workProfile?.dispatch_id || null;
+                    dispatchCenterId = workProfile?.dispatch_id || null;
                     departmentId = workProfile?.department_id || null;
                     designationId = workProfile?.designation_id || null;
                 }
@@ -222,7 +245,7 @@ let AuthService = class AuthService {
             parentId: user.parentId,
             referenceId: user.referenceId,
             branchId,
-            dispatchId,
+            dispatchCenterId,
             departmentId,
             designationId,
         };
@@ -245,7 +268,7 @@ let AuthService = class AuthService {
                     parentId: user.parentId,
                     referenceId: user.referenceId,
                     branchId,
-                    dispatchId,
+                    dispatchCenterId,
                     departmentId,
                     designationId,
                     profile_photo_url: `${this.uploadPhotoDir}`,
@@ -254,6 +277,15 @@ let AuthService = class AuthService {
             access_token: this.jwtService.sign(payload),
         };
     }
+    /**
+     * Extract clean IPv4 address from request
+     * Handles various formats: IPv6-mapped, plain IPv4, descriptive text
+     */
+    extractUserIpv4(clientIp) {
+        if (!clientIp)
+            return '';
+        return this.normalizeIp(clientIp);
+    }
     async findUserById(id) {
         return this.userRepo.findOne({ where: { id } });
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ecrs-auth-core",
-  "version": "1.0.65",
+  "version": "1.0.66",
   "description": "Centralized authentication and authorization module for ECRS apps",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",