npm - exodus-framework - Versions diffs - 2.0.968 → 2.0.970 - Mend

exodus-framework 2.0.968 → 2.0.970

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/middlewares/access.d.ts.map +1 -1
package/lib/middlewares/access.js +24 -3
package/lib/services/express.js +1 -1
package/package.json +1 -1

package/lib/middlewares/access.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/middlewares/access.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,cAAc,MAAM,mBAAmB,CAAC;AAC/C,OAAO,~~EAAE~~,YAAY,EAAE,MAAM,cAAc,CAAC;~~AAM5C~~,cAAM,gBAAiB,SAAQ,cAAc;IAO3C,WAAW,UAAW,YAAY,EAAE,KAAG,cAAc,CAWnD;IAEF,SAAS,EAAE,cAAc,~~CAsFvB~~;CACH;AAED,eAAe,gBAAgB,CAAC"}
1	+ {"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/middlewares/access.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEzC,OAAO,cAAc,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAY,YAAY,EAAE,MAAM,cAAc,CAAC;AAMtD,cAAM,gBAAiB,SAAQ,cAAc;IAO3C,WAAW,UAAW,YAAY,EAAE,KAAG,cAAc,CAWnD;IAEF,SAAS,EAAE,cAAc,CAkHvB;CACH;AAED,eAAe,gBAAgB,CAAC"}

package/lib/middlewares/access.js CHANGED Viewed

@@ -33,10 +33,11 @@ class AccessMiddleware extends _controller.default {
     const account = req.auth?.account;
     const tenantId = req.header('X-Exodus-Tenant-ID');
     const applicationId = req.header('X-Exodus-Application-ID');
+    const exodusServiceId = req.header('X-Exodus-Service-ID');
     let isApplication = false;
     //! Negar caso não haja um ou outro;
-    if (!account && !applicationId && !tenantId) {
+    if (!account && !applicationId && !tenantId && !exodusServiceId) {
       throw new _app.HttpError({
         message: 'Credênciais de autênticação não informadas',
         statusCode: _http.EHttpResponseCode.informationUnauthorized
@@ -76,7 +77,7 @@ class AccessMiddleware extends _controller.default {
         });
       } else {
         //valido
-        const data = await _security.default.singleton().verifySignature(applicationId, _security.default.singleton().getServicePublicKey());
+        const data = await _security.default.getService().verifySignature(applicationId, _security.default.getService().getServicePublicKey());
         if (!data) {
           throw new _app.HttpError({
             message: 'Token sem autênticidade.',
@@ -90,13 +91,33 @@ class AccessMiddleware extends _controller.default {
         requestor.trigger = applicationId;
         envUuid = data.payload.envUuid;
       }
+    } else if (exodusServiceId) {
+      const data = await _security.default.getService().verifySignature(exodusServiceId, _security.default.getService().getServicePublicKey());
+      if (!data) {
+        throw new _app.HttpError({
+          message: 'Token de serviço inválido',
+          statusCode: _http.EHttpResponseCode.informationUnauthorized
+        });
+      }
+      requestor.database = data['account'].database;
+      requestor.environmentId = data['account'].envUuid;
+      requestor.name = data['account'].name;
+      requestor.id = data['account'].uuid;
+      requestor.trigger = exodusServiceId;
+      envUuid = data['account'].envUuid;
     } else if (tenantId) {
-      if (!account) {
+      if (!account || !exodusServiceId) {
         throw new _app.HttpError({
           message: 'Não é permitido o uso do tenantId sem uma sessão ativa',
           statusCode: _http.EHttpResponseCode.informationBlocked
         });
       }
+      if (exodusServiceId != process.env.SECURITY_JWT_ISSUER) {
+        throw new _app.HttpError({
+          message: 'O token de serviço é inválido',
+          statusCode: _http.EHttpResponseCode.informationBlocked
+        });
+      }
       envUuid = tenantId;
       if (account.type != 'ADMINISTRATOR') {
         requestor.environmentId = account.envUuid;

package/lib/services/express.js CHANGED Viewed

@@ -50,8 +50,8 @@ class ExpressService extends _service.default {
     expss.use(this.mainRouter);
     expss.use(this.handleAuthorizationFailure.bind(this));
     expss.use(this.handleNotFoud.bind(this));
-    expss.use(this.handleRequestProcessFailure.bind(this));
     expss.use(this.handleJSONParseFailure.bind(this));
+    expss.use(this.handleRequestProcessFailure.bind(this));
     return true;
   }
   async onExodusClusterStarted() {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exodus-framework",
-  "version": "2.0.968",
+  "version": "2.0.970",
   "description": "Exodus Framework",
   "author": "jhownpaixao",
   "license": "ISC",