npm - fastify-txstate - Versions diffs - 3.3.5 → 3.4.0 - Mend

fastify-txstate 3.3.5 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/unified-auth.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { type FastifyRequest } from 'fastify';
 import { type FastifyTxStateAuthInfo } from '.';
+export declare const uaCookieName: string;
 export declare function unifiedAuthenticate(req: FastifyRequest): Promise<FastifyTxStateAuthInfo | undefined>;
 export declare function unifiedAuthenticateAll(req: FastifyRequest): Promise<FastifyTxStateAuthInfo>;

package/lib/unified-auth.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.unifiedAuthenticateAll = exports.unifiedAuthenticate = void 0;
+exports.unifiedAuthenticateAll = exports.unifiedAuthenticate = exports.uaCookieName = void 0;
 const crypto_1 = require("crypto");
 const jose_1 = require("jose");
 const txstate_utils_1 = require("txstate-utils");
@@ -8,6 +8,7 @@ let hasInit = false;
 const issuerKeys = new Map();
 const issuerConfig = new Map();
 const trustedClients = new Set();
+exports.uaCookieName = process.env.UA_COOKIE_NAME ?? (0, crypto_1.randomBytes)(16).toString('hex');
 const tokenCache = new txstate_utils_1.Cache(async (token, req) => {
     const claims = (0, jose_1.decodeJwt)(token);
     let verifyKey;
@@ -90,7 +91,11 @@ function init() {
 }
 function tokenFromReq(req) {
     const m = req?.headers.authorization?.match(/^bearer (.*)$/i);
-    return m?.[1];
+    if (m != null)
+        return m[1];
+    const m2 = req?.headers.cookie?.match(new RegExp(`${exports.uaCookieName}=([^;]+)`));
+    if (m2 != null)
+        return m2[1];
 }
 async function unifiedAuthenticate(req) {
     if (!hasInit)
@@ -113,7 +118,7 @@ async function unifiedAuthenticate(req) {
 exports.unifiedAuthenticate = unifiedAuthenticate;
 async function unifiedAuthenticateAll(req) {
     const auth = await unifiedAuthenticate(req);
-    if (!auth?.username.length && !req.routeOptions.url?.startsWith('/docs'))
+    if (!auth?.username.length)
         throw new Error('All requests require authentication.');
     return auth;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "fastify-txstate",
-  "version": "3.3.5",
+  "version": "3.4.0",
   "description": "A small wrapper for fastify providing a set of common conventions & utility functions we use.",
   "exports": {
     ".": {

package/lib-esm/index.d.ts DELETED Viewed

@@ -1,155 +0,0 @@
-/// <reference types="node" />
-/// <reference types="node" />
-import { type FastifyDynamicSwaggerOptions } from '@fastify/swagger';
-import { type FastifySwaggerUiOptions } from '@fastify/swagger-ui';
-import type { JsonSchemaToTsProvider } from '@fastify/type-provider-json-schema-to-ts';
-import { type FastifyInstance, type FastifyRequest, type FastifyReply, type FastifyServerOptions, type FastifyLoggerOptions, type FastifyBaseLogger, type RawServerDefault } from 'fastify';
-import http from 'node:http';
-import type http2 from 'node:http2';
-type ErrorHandler = (error: Error, req: FastifyRequest, res: FastifyReply) => Promise<void>;
-export interface FastifyTxStateAuthInfo {
-    /**
-     * The primary identifier for the user that is making the request, after processing
-     * their session token / JWT.
-     */
-    username: string;
-    /**
-     * This should be an identifier for the particular session, so that the same user
-     * on different devices/browsers/tabs can be distinguished from one another.
-     *
-     * It should NOT be usable as a cookie or bearer token, as it will appear in logs. If you
-     * use JSON Web Tokens, an easy thing is to combine the username with the `iat` issued
-     * date to create something unique but not useful to attackers.
-     *
-     * For lookup tokens, you can do the same `${username}-${createdAt}` after looking up
-     * the session in your database.
-     *
-     * If all else fails, you can sha256 the session token with a salt.
-     */
-    sessionId: string;
-    /**
-     * Some authentication systems allow administrators to impersonate regular users, so that
-     * they can see what that user sees and troubleshoot issues. We still want to log the administrator
-     * with any actions they take while impersonating someone, for auditing purposes, so you should
-     * fill this field when applicable.
-     *
-     * This will also be available at `req.auth.impersonatedBy`, so it is possible for your API
-     * to implement complicated authorization rules based on whether a user is being impersonated.
-     * It sort of defeats the purpose of impersonation, but used sparingly it could prevent administrators
-     * from making mistakes.
-     */
-    impersonatedBy?: string;
-    /**
-     * If your API may be accessed by a different client application, such that the user is actually logged
-     * into that application instead of yours, but you accept that application's session tokens, filling
-     * this field can help log requests that are authenticated with the other application's token.
-     */
-    clientId?: string;
-}
-export interface FastifyTxStateOptions extends Partial<FastifyServerOptions> {
-    https?: http2.SecureServerOptions;
-    validOrigins?: string[];
-    validOriginHosts?: string[];
-    validOriginSuffixes?: string[];
-    skipOriginCheck?: boolean;
-    checkOrigin?: (req: FastifyRequest) => boolean;
-    /**
-     * Run an asynchronous function to check the health of the service.
-     *
-     * Return a non-empty error message to trigger unhealthy status.
-     *
-     * Setting a health message with setUnhealthy will override this and prevent it from being executed.
-     */
-    checkHealth?: () => Promise<string | {
-        status?: number;
-        message?: string;
-    } | undefined>;
-    /**
-     * Run an async function to get authentication information out of the request
-     * object. Should return an object with at least a username and sessionid (see FastifyTxStateAuthInfo
-     * for further detail).
-     *
-     * The return object will be added to the request object as `req.auth` for later
-     * use in your route handlers. It will also be added to the logs in production.
-     *
-     * IMPORTANT: It is not advisable to return excessive amounts of data here, nor anything
-     * particularly sensitive, since it will all be included in every log entry.
-     *
-     * If this function throws, the client will receive a 401 response.
-     */
-    authenticate?: (req: FastifyRequest) => Promise<FastifyTxStateAuthInfo | undefined>;
-}
-declare module 'fastify' {
-    interface FastifyRequest {
-        auth?: FastifyTxStateAuthInfo;
-    }
-    interface FastifyReply {
-        extraLogInfo: any;
-    }
-}
-export declare const devLogger: {
-    level: string;
-    info: (msg: any) => void;
-    error: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    debug: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    fatal: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    warn: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    trace: {
-        (...data: any[]): void;
-        (message?: any, ...optionalParams: any[]): void;
-    };
-    silent: (msg: any) => void;
-    child(bindings: any, options?: any): any;
-};
-export declare const prodLogger: FastifyLoggerOptions;
-export type FastifyInstanceTyped = FastifyInstance<RawServerDefault, http.IncomingMessage, http.ServerResponse<http.IncomingMessage>, FastifyBaseLogger, JsonSchemaToTsProvider>;
-export type TxServer = Server;
-export default class Server {
-    protected config: FastifyTxStateOptions & {
-        http2?: true;
-    };
-    protected https: boolean;
-    protected errorHandlers: ErrorHandler[];
-    protected healthMessage?: string;
-    protected healthCallback?: () => Promise<string | {
-        status?: number;
-        message?: string;
-    } | undefined>;
-    protected shuttingDown: boolean;
-    protected sigHandler: (signal: any) => void;
-    protected validOrigins: Record<string, boolean>;
-    protected validOriginHosts: Record<string, boolean>;
-    protected validOriginSuffixes: Set<string>;
-    app: FastifyInstanceTyped;
-    constructor(config?: FastifyTxStateOptions & {
-        http2?: true;
-    });
-    start(port?: number): Promise<void>;
-    addErrorHandler(handler: ErrorHandler): void;
-    setUnhealthy(message: string): void;
-    setHealthy(): void;
-    setValidOrigins(origins: string[]): void;
-    setValidOriginHosts(hosts: string[]): void;
-    setValidOriginSuffixes(suffixes: string[]): void;
-    swagger(opts?: {
-        path?: string;
-        openapi?: FastifyDynamicSwaggerOptions['openapi'];
-        ui?: FastifySwaggerUiOptions;
-    }): Promise<void>;
-    close(softSeconds?: number): Promise<void>;
-}
-export * from './analytics';
-export * from './error';
-export * from './unified-auth';