meadow 2.0.45 → 2.0.46
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "meadow",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.46",
|
|
4
4
|
"description": "A data access library.",
|
|
5
5
|
"main": "source/Meadow.js",
|
|
6
6
|
"scripts": {
|
|
@@ -87,7 +87,7 @@
|
|
|
87
87
|
"devDependencies": {
|
|
88
88
|
"alasql": "^4.17.0",
|
|
89
89
|
"dgraph-js-http": "^21.3.0",
|
|
90
|
-
"fable": "^3.1.
|
|
90
|
+
"fable": "^3.1.78",
|
|
91
91
|
"gulp-util": "^3.0.8",
|
|
92
92
|
"meadow-connection-dgraph": "^1.0.3",
|
|
93
93
|
"meadow-connection-mongodb": "^1.0.3",
|
|
@@ -97,7 +97,28 @@ var MeadowProvider = function()
|
|
|
97
97
|
timeout: tmpRequestTimeout
|
|
98
98
|
});
|
|
99
99
|
|
|
100
|
-
|
|
100
|
+
// Per-request session override: when an operation carries a caller
|
|
101
|
+
// session (a forwarded identity — e.g. a databeacon proxying a
|
|
102
|
+
// user's request, or a cron run impersonating a RunAs user), present
|
|
103
|
+
// THAT session upstream instead of the connection's bound machine
|
|
104
|
+
// session, so the remote enforces row-level auth as the real caller.
|
|
105
|
+
// The override rides the per-operation query (concurrency-safe — it
|
|
106
|
+
// never touches the connection's shared cookie state). Absent or a
|
|
107
|
+
// default placeholder session falls back to the bound cookies.
|
|
108
|
+
let tmpSessionOverride = (pQuery && pQuery.query && pQuery.query.parameters)
|
|
109
|
+
? pQuery.query.parameters.MeadowEndpointsSessionOverride : null;
|
|
110
|
+
if (tmpSessionOverride && typeof(tmpSessionOverride.SessionID) === 'string'
|
|
111
|
+
&& tmpSessionOverride.SessionID.length > 0 && tmpSessionOverride.SessionID !== '0x0000')
|
|
112
|
+
{
|
|
113
|
+
let tmpCookieName = (tmpEndpointSettings.Authentication && tmpEndpointSettings.Authentication.CookieName)
|
|
114
|
+
? tmpEndpointSettings.Authentication.CookieName
|
|
115
|
+
: (tmpEndpointSettings.SessionCookieName || 'UserSession');
|
|
116
|
+
tmpRequestOptions.headers.cookie = `${tmpCookieName}=${tmpSessionOverride.SessionID}`;
|
|
117
|
+
}
|
|
118
|
+
else
|
|
119
|
+
{
|
|
120
|
+
tmpRequestOptions.headers.cookie = tmpCookies.join(';');
|
|
121
|
+
}
|
|
101
122
|
|
|
102
123
|
|
|
103
124
|
if (pQuery.logLevel > 0 ||
|
|
@@ -122,6 +122,52 @@ suite('MeadowEndpoints provider instance-driven configuration', function ()
|
|
|
122
122
|
});
|
|
123
123
|
});
|
|
124
124
|
|
|
125
|
+
function readAnimalsWithSession(pDAL, pSessionOverride)
|
|
126
|
+
{
|
|
127
|
+
return new Promise((fResolve) =>
|
|
128
|
+
{
|
|
129
|
+
let tmpQuery = pDAL.query.clone().setCap(1);
|
|
130
|
+
tmpQuery.query.parameters.MeadowEndpointsSessionOverride = pSessionOverride;
|
|
131
|
+
pDAL.doReads(tmpQuery, (pError, pQuery, pRecords) => fResolve({ Error: pError, Records: pRecords }));
|
|
132
|
+
});
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
suite('MeadowEndpoints provider per-request session override', function ()
|
|
136
|
+
{
|
|
137
|
+
suiteSetup(async function () { await startStubAPI(); });
|
|
138
|
+
suiteTeardown(function () { if (_Server) { _Server.close(); } });
|
|
139
|
+
setup(function () { _LastRequest = null; });
|
|
140
|
+
|
|
141
|
+
test('a forwarded caller session is presented upstream INSTEAD of the bound machine session', async function ()
|
|
142
|
+
{
|
|
143
|
+
const tmpInstance = { settings: serverSettings(), headers: {}, cookies: [ 'UserSession=machine-bound' ] };
|
|
144
|
+
await readAnimalsWithSession(buildDAL(tmpInstance), { SessionID: 'caller-session-xyz' });
|
|
145
|
+
Expect(_LastRequest.Cookie).to.equal('UserSession=caller-session-xyz', 'the per-request caller session wins; the bound machine session is not sent');
|
|
146
|
+
});
|
|
147
|
+
|
|
148
|
+
test('the upstream cookie name follows the connection Authentication.CookieName', async function ()
|
|
149
|
+
{
|
|
150
|
+
const tmpSettings = Object.assign(serverSettings(), { Authentication: { CookieName: 'SessionID' } });
|
|
151
|
+
const tmpInstance = { settings: tmpSettings, headers: {}, cookies: [ 'SessionID=machine-bound' ] };
|
|
152
|
+
await readAnimalsWithSession(buildDAL(tmpInstance), { SessionID: 'caller-abc' });
|
|
153
|
+
Expect(_LastRequest.Cookie).to.equal('SessionID=caller-abc');
|
|
154
|
+
});
|
|
155
|
+
|
|
156
|
+
test('a default placeholder session (0x0000) falls back to the bound connection session', async function ()
|
|
157
|
+
{
|
|
158
|
+
const tmpInstance = { settings: serverSettings(), headers: {}, cookies: [ 'UserSession=machine-bound' ] };
|
|
159
|
+
await readAnimalsWithSession(buildDAL(tmpInstance), { SessionID: '0x0000' });
|
|
160
|
+
Expect(_LastRequest.Cookie).to.equal('UserSession=machine-bound', 'an anonymous/placeholder session is not a real identity — use the machine session');
|
|
161
|
+
});
|
|
162
|
+
|
|
163
|
+
test('no override present → bound connection session (backward compatible)', async function ()
|
|
164
|
+
{
|
|
165
|
+
const tmpInstance = { settings: serverSettings(), headers: {}, cookies: [ 'UserSession=machine-bound' ] };
|
|
166
|
+
await readAnimals(buildDAL(tmpInstance));
|
|
167
|
+
Expect(_LastRequest.Cookie).to.equal('UserSession=machine-bound');
|
|
168
|
+
});
|
|
169
|
+
});
|
|
170
|
+
|
|
125
171
|
suite('MeadowEndpoints provider request timeout', function ()
|
|
126
172
|
{
|
|
127
173
|
suiteSetup(async function () { await startStubAPI(); });
|