fastify-txstate 3.3.4 → 3.4.0

package/lib/index.js

@@ -262,6 +262,8 @@ class Server {
                             for (const ov of v.params.errors) {
                                 if (['type', 'additionalProperties', 'minProperties'].includes(ov.keyword))
                                     developerErrors.push({ ...ov, message: v.message });
+                                else if (ov.keyword === 'required')
+                                    userErrors.push({ ...ov, message: 'This field is required.' });
                                 else
                                     userErrors.push({ ...ov, message: v.message });
                             }
@@ -269,6 +271,8 @@ class Server {
                         else {
                             if (['type', 'additionalProperties', 'minProperties'].includes(v.keyword))
                                 developerErrors.push(v);
+                            else if (v.keyword === 'required')
+                                userErrors.push({ ...v, message: 'This field is required.' });
                             else
                                 userErrors.push(v);
                         }

package/lib/unified-auth.d.ts

@@ -1,4 +1,5 @@
 import { type FastifyRequest } from 'fastify';
 import { type FastifyTxStateAuthInfo } from '.';
+export declare const uaCookieName: string;
 export declare function unifiedAuthenticate(req: FastifyRequest): Promise<FastifyTxStateAuthInfo | undefined>;
 export declare function unifiedAuthenticateAll(req: FastifyRequest): Promise<FastifyTxStateAuthInfo>;

package/lib/unified-auth.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.unifiedAuthenticateAll = exports.unifiedAuthenticate = void 0;
+exports.unifiedAuthenticateAll = exports.unifiedAuthenticate = exports.uaCookieName = void 0;
 const crypto_1 = require("crypto");
 const jose_1 = require("jose");
 const txstate_utils_1 = require("txstate-utils");
@@ -8,6 +8,7 @@ let hasInit = false;
 const issuerKeys = new Map();
 const issuerConfig = new Map();
 const trustedClients = new Set();
+exports.uaCookieName = process.env.UA_COOKIE_NAME ?? (0, crypto_1.randomBytes)(16).toString('hex');
 const tokenCache = new txstate_utils_1.Cache(async (token, req) => {
     const claims = (0, jose_1.decodeJwt)(token);
     let verifyKey;
@@ -90,7 +91,11 @@ function init() {
 }
 function tokenFromReq(req) {
     const m = req?.headers.authorization?.match(/^bearer (.*)$/i);
-    return m?.[1];
+    if (m != null)
+        return m[1];
+    const m2 = req?.headers.cookie?.match(new RegExp(`${exports.uaCookieName}=([^;]+)`));
+    if (m2 != null)
+        return m2[1];
 }
 async function unifiedAuthenticate(req) {
     if (!hasInit)
@@ -113,7 +118,7 @@ async function unifiedAuthenticate(req) {
 exports.unifiedAuthenticate = unifiedAuthenticate;
 async function unifiedAuthenticateAll(req) {
     const auth = await unifiedAuthenticate(req);
-    if (!auth?.username.length && !req.routeOptions.url?.startsWith('/docs'))
+    if (!auth?.username.length)
         throw new Error('All requests require authentication.');
     return auth;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fastify-txstate",
-  "version": "3.3.4",
+  "version": "3.4.0",
   "description": "A small wrapper for fastify providing a set of common conventions & utility functions we use.",
   "exports": {
     ".": {

package/lib-esm/index.d.ts

@@ -1,155 +0,0 @@
-/// <reference types="node" />
-/// <reference types="node" />
-import { type FastifyDynamicSwaggerOptions } from '@fastify/swagger';
-import { type FastifySwaggerUiOptions } from '@fastify/swagger-ui';
-import type { JsonSchemaToTsProvider } from '@fastify/type-provider-json-schema-to-ts';
-import { type FastifyInstance, type FastifyRequest, type FastifyReply, type FastifyServerOptions, type FastifyLoggerOptions, type FastifyBaseLogger, type RawServerDefault } from 'fastify';
-import http from 'node:http';
-import type http2 from 'node:http2';
-type ErrorHandler = (error: Error, req: FastifyRequest, res: FastifyReply) => Promise<void>;
-export interface FastifyTxStateAuthInfo {
-    /**
-     * The primary identifier for the user that is making the request, after processing
-     * their session token / JWT.
-     */
-    username: string;
-    /**
-     * This should be an identifier for the particular session, so that the same user
-     * on different devices/browsers/tabs can be distinguished from one another.
-     *
-     * It should NOT be usable as a cookie or bearer token, as it will appear in logs. If you
-     * use JSON Web Tokens, an easy thing is to combine the username with the `iat` issued
-     * date to create something unique but not useful to attackers.
-     *
-     * For lookup tokens, you can do the same `${username}-${createdAt}` after looking up
-     * the session in your database.
-     *
-     * If all else fails, you can sha256 the session token with a salt.
-     */
-    sessionId: string;
-    /**
-     * Some authentication systems allow administrators to impersonate regular users, so that
-     * they can see what that user sees and troubleshoot issues. We still want to log the administrator
-     * with any actions they take while impersonating someone, for auditing purposes, so you should
-     * fill this field when applicable.
-     *
-     * This will also be available at `req.auth.impersonatedBy`, so it is possible for your API
-     * to implement complicated authorization rules based on whether a user is being impersonated.
-     * It sort of defeats the purpose of impersonation, but used sparingly it could prevent administrators
-     * from making mistakes.
-     */
-    impersonatedBy?: string;
-    /**
-     * If your API may be accessed by a different client application, such that the user is actually logged
-     * into that application instead of yours, but you accept that application's session tokens, filling
-     * this field can help log requests that are authenticated with the other application's token.
-     */
-    clientId?: string;
-}
-export interface FastifyTxStateOptions extends Partial<FastifyServerOptions> {
-    https?: http2.SecureServerOptions;
-    validOrigins?: string[];
-    validOriginHosts?: string[];
-    validOriginSuffixes?: string[];
-    skipOriginCheck?: boolean;
-    checkOrigin?: (req: FastifyRequest) => boolean;
-    /**
-     * Run an asynchronous function to check the health of the service.
-     *
-     * Return a non-empty error message to trigger unhealthy status.
-     *
-     * Setting a health message with setUnhealthy will override this and prevent it from being executed.
-     */
-    checkHealth?: () => Promise<string | {
-        status?: number;
-        message?: string;
-    } | undefined>;
-    /**
-     * Run an async function to get authentication information out of the request
-     * object. Should return an object with at least a username and sessionid (see FastifyTxStateAuthInfo
-     * for further detail).
-     *
-     * The return object will be added to the request object as `req.auth` for later
-     * use in your route handlers. It will also be added to the logs in production.
-     *
-     * IMPORTANT: It is not advisable to return excessive amounts of data here, nor anything
-     * particularly sensitive, since it will all be included in every log entry.
-     *
-     * If this function throws, the client will receive a 401 response.
-     */
-    authenticate?: (req: FastifyRequest) => Promise<FastifyTxStateAuthInfo | undefined>;
-}
-declare module 'fastify' {
-    interface FastifyRequest {
-        auth?: FastifyTxStateAuthInfo;
-    }
-    interface FastifyReply {
-        extraLogInfo: any;
-    }
-}
-export declare const devLogger: {
-    level: string;
-    info: (msg: any) => void;
-    error: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    debug: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    fatal: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    warn: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    trace: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    silent: (msg: any) => void;
-    child(bindings: any, options?: any): any;
-};
-export declare const prodLogger: FastifyLoggerOptions;
-export type FastifyInstanceTyped = FastifyInstance<RawServerDefault, http.IncomingMessage, http.ServerResponse<http.IncomingMessage>, FastifyBaseLogger, JsonSchemaToTsProvider>;
-export type TxServer = Server;
-export default class Server {
-    protected config: FastifyTxStateOptions & {
-        http2?: true;
-    };
-    protected https: boolean;
-    protected errorHandlers: ErrorHandler[];
-    protected healthMessage?: string;
-    protected healthCallback?: () => Promise<string | {
-        status?: number;
-        message?: string;
-    } | undefined>;
-    protected shuttingDown: boolean;
-    protected sigHandler: (signal: any) => void;
-    protected validOrigins: Record<string, boolean>;
-    protected validOriginHosts: Record<string, boolean>;
-    protected validOriginSuffixes: Set<string>;
-    app: FastifyInstanceTyped;
-    constructor(config?: FastifyTxStateOptions & {
-        http2?: true;
-    });
-    start(port?: number): Promise<void>;
-    addErrorHandler(handler: ErrorHandler): void;
-    setUnhealthy(message: string): void;
-    setHealthy(): void;
-    setValidOrigins(origins: string[]): void;
-    setValidOriginHosts(hosts: string[]): void;
-    setValidOriginSuffixes(suffixes: string[]): void;
-    swagger(opts?: {
-        path?: string;
-        openapi?: FastifyDynamicSwaggerOptions['openapi'];
-        ui?: FastifySwaggerUiOptions;
-    }): Promise<void>;
-    close(softSeconds?: number): Promise<void>;
-}
-export * from './analytics';
-export * from './error';
-export * from './unified-auth';