piper-utils 1.1.60 → 1.1.61

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/bin/main.js +2075 -414
  2. package/bin/main.js.map +1 -1
  3. package/package.json +1 -1
  4. package/src/database/dbUtils/queryStringUtils/accessRightsUtils.js +17 -0
  5. package/src/index.js +2 -0
  6. package/src/requestResponse/requestResponse.js +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "piper-utils",
3
- "version": "1.1.60",
3
+ "version": "1.1.61",
4
4
  "description": "Utility library for Piper",
5
5
  "main": "bin/main.js",
6
6
  "scripts": {
package/src/database/dbUtils/queryStringUtils/accessRightsUtils.js CHANGED
@@ -333,3 +333,20 @@ export function checkWriteAccess(event, options) {
333
333
  return businessId;
334
334
  }
335
335
 
336
+ /**
337
+ * Get the company-level cached settings from custom:SET.
338
+ *
339
+ * @param {object} event - The lambda event passed in by a validated api request.
340
+ * @returns {object} The company settings object (e.g. { auditEnabled: true })
341
+ */
342
+ export function getCompanySettings(event) {
343
+ const jsonToParse = _.get(event, 'requestContext.authorizer.claims.custom:SET')
344
+ || _.get(event, 'requestContext.authorizer.custom:SET')
345
+ || '{}';
346
+ try {
347
+ return JSON.parse(jsonToParse);
348
+ } catch (e) {
349
+ return {};
350
+ }
351
+ }
352
+
package/src/index.js CHANGED
@@ -28,6 +28,7 @@ import { isPartnerUser as isPartnerUserImport } from './database/dbUtils/querySt
28
28
  import { getBelongsToPartnerId as getBelongsToPartnerIdImport } from './database/dbUtils/queryStringUtils/accessRightsUtils.js';
29
29
  import { getEffectivePartnerId as getEffectivePartnerIdImport } from './database/dbUtils/queryStringUtils/accessRightsUtils.js';
30
30
  import { enrichEventWithPartnerAccess as enrichEventWithPartnerAccessImport } from './database/dbUtils/queryStringUtils/accessRightsUtils.js';
31
+ import { getCompanySettings as getCompanySettingsImport } from './database/dbUtils/queryStringUtils/accessRightsUtils.js';
31
32
 
32
33
  export const handleFile = handleFileImport;
33
34
  export const watchBucket = watchBucketImport;
@@ -60,3 +61,4 @@ export const isPartnerUser = isPartnerUserImport;
60
61
  export const getBelongsToPartnerId = getBelongsToPartnerIdImport;
61
62
  export const getEffectivePartnerId = getEffectivePartnerIdImport;
62
63
  export const enrichEventWithPartnerAccess = enrichEventWithPartnerAccessImport;
64
+ export const getCompanySettings = getCompanySettingsImport;
package/src/requestResponse/requestResponse.js CHANGED
@@ -23,7 +23,7 @@ const htmlSecurityHeaders = {
23
23
  "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://sandbox.nmi.com https://secure.nmi.com",
24
24
  "font-src 'self' https://fonts.gstatic.com",
25
25
  "frame-src https:",
26
- "connect-src 'self' https://*.tokenex.com https://*.sentry.io https://*.nmi.com",
26
+ "connect-src 'self' https://*.tokenex.com https://*.sentry.io https://*.nmi.com https://*.apple.com",
27
27
  "img-src 'self' data:",
28
28
  "frame-ancestors *"
29
29
  ].join('; ')