npm - propro-utils - Versions diffs - 1.7.31 → 1.7.37 - Mend

propro-utils 1.7.31 → 1.7.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package-lock.json +9951 -0
package/package.json +1 -1
package/src/server/index.js +26 -5
package/src/server/middleware/verifyToken.js +33 -25

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.7.31",
+  "version": "1.7.37",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "private": false,

package/src/server/index.js CHANGED Viewed

@@ -251,13 +251,18 @@ class AuthMiddleware {
           account: { accountId: account.accountId, email: account.email },
         };
       } catch (error) {
-        console.error(`Token refresh failed after ${Date.now() - startTime}ms:`, error.message);
+        const status = error?.response?.status;
+        console.error(`Token refresh failed after ${Date.now() - startTime}ms (status: ${status}):`, error.message);
+        // Immediately clean up lock on failure to prevent blocking
+        this.refreshLocks.delete(lockKey);
         throw error;
       } finally {
-        // Clean up lock after 30 seconds
+        // Clean up lock after 30 seconds for successful requests
         setTimeout(() => {
           this.refreshLocks.delete(lockKey);
-          console.log('Refresh lock cleaned up');
+          console.log('Refresh lock cleaned up (delayed)');
         }, 30000);
       }
     })();
@@ -270,11 +275,27 @@ class AuthMiddleware {
       res.status(200).json(result);
     } catch (error) {
       console.error('Error refreshing token:', error);
+      const status = error?.response?.status || 401;
       const errorMessage = error?.response?.data?.message || error?.message || 'Failed to refresh token';
-      res.status(401).json({
+      // Pass through rate limit status
+      if (status === 429) {
+        const retryAfter = error?.response?.headers?.['retry-after'];
+        return res.status(429).json({
+          error: 'Too many requests',
+          message: 'Rate limit exceeded. Please try again later.',
+          retryAfter: retryAfter ? parseInt(retryAfter) : 900,
+        });
+      }
+      // Handle 401 unauthorized
+      res.status(status).json({
         error: 'Failed to refresh token',
         message: errorMessage,
-        details: 'Your session could not be refreshed. Please log in again.',
+        details: status === 401
+          ? 'Your session has expired. Please log in again.'
+          : 'Your session could not be refreshed. Please log in again.',
       });
     }
   };

package/src/server/middleware/verifyToken.js CHANGED Viewed

@@ -1,5 +1,5 @@
-const axios = require('axios');
-const jwt = require('jsonwebtoken');
+const axios = require("axios");
+const jwt = require("jsonwebtoken");
 const tokenCache = new Map();
 /**
@@ -8,18 +8,26 @@ const tokenCache = new Map();
  * @param {string} secret - The secret used to sign the JWT.
  * @returns {promise<object|null>} - The decoded payload of the JWT if it is valid, or null if it is not valid.
  */
-async function verifyJWT(token, secret = 'thisisasamplesecret') {
+async function verifyJWT(token, secret = "thisisasamplesecret") {
+  if (!secret) {
+    // Require JWT_SECRET from environment variables
+    if (!process.env.JWT_SECRET) {
+      throw new Error("JWT_SECRET environment variable is required");
+    }
+    secret = process.env.JWT_SECRET;
+  }
   try {
     return jwt.verify(token, secret);
   } catch (err) {
-    try{
-        if (err.name === 'TokenExpiredError') {
-          const newTokenData = await callTokenEndpoint(token);
-          return newTokenData ? jwt?.verify?.(newTokenData, secret) : null;
-        }
-      }catch(e){
-        return null
+    try {
+      if (err.name === "TokenExpiredError") {
+        const newTokenData = await callTokenEndpoint(token);
+        return newTokenData ? jwt?.verify?.(newTokenData, secret) : null;
       }
+    } catch (e) {
+      return null;
+    }
     return null;
   }
 }
@@ -59,22 +67,22 @@ async function exchangeToken(
   try {
     const formattedRedirectUri = formatRedirectUrl(authUrl);
     const response = await axios.post(
-      formattedRedirectUri + '/api/v1/auth/authorize',
+      formattedRedirectUri + "/api/v1/auth/authorize",
       {
-        grantType: 'authorization_code',
+        grantType: "authorization_code",
         code: code,
         redirectUri: redirectUri,
         clientId: clientId,
         clientSecret: clientSecret,
       },
       {
-        headers: { 'Content-Type': 'application/json' },
+        headers: { "Content-Type": "application/json" },
       }
     );
     return response.data;
   } catch (error) {
-    console.error('Error exchanging token:', error);
+    console.error("Error exchanging token:", error);
     return null;
   }
 }
@@ -84,11 +92,11 @@ async function exchangeToken(
  * @param {Array} requiredPermissions - Array of required permissions for the user
  * @returns {Function} - Express middleware function
  */
-const VerifyAccount = requiredPermissions => {
+const VerifyAccount = (requiredPermissions) => {
   return async (req, res, next) => {
-    const accessToken = req.headers.authorization?.split(' ')[1];
+    const accessToken = req.headers.authorization?.split(" ")[1];
     if (!accessToken) {
-      return res.status(401).json({ error: 'Access token is required' });
+      return res.status(401).json({ error: "Access token is required" });
     }
     // Check if token is in cache
@@ -100,7 +108,7 @@ const VerifyAccount = requiredPermissions => {
     try {
       const decoded = jwt.verify(accessToken, process.env.JWT_SECRET);
       if (!isValid(decoded, requiredPermissions)) {
-        return res.status(403).json({ error: 'Invalid permissions' });
+        return res.status(403).json({ error: "Invalid permissions" });
       }
       tokenCache.set(accessToken, decoded);
       req.user = decoded;
@@ -117,14 +125,14 @@ const VerifyAccount = requiredPermissions => {
         );
         if (!isValid(userResponse.data, requiredPermissions)) {
-        return res.status(403).json({ error: 'Invalid permissions' });
+          return res.status(403).json({ error: "Invalid permissions" });
         }
         tokenCache.set(accessToken, userResponse.data);
         req.user = userResponse.data;
         return next();
       } catch (networkError) {
-        return res.status(401).json({ error: 'Error validating token' });
+        return res.status(401).json({ error: "Error validating token" });
       }
     }
   };
@@ -137,7 +145,7 @@ const VerifyAccount = requiredPermissions => {
  * @returns {boolean} - Returns true if the decoded token has all the required permissions, false otherwise.
  */
 function isValid(decodedToken, requiredPermissions) {
-  return requiredPermissions.every(permission =>
+  return requiredPermissions.every((permission) =>
     decodedToken.permissions.includes(permission)
   );
 }
@@ -152,12 +160,12 @@ function formatRedirectUrl(redirectUrl) {
   let urlToRedirect;
   if (
-    !redirectUrl.startsWith('http://') &&
-    !redirectUrl.startsWith('https://')
+    !redirectUrl.startsWith("http://") &&
+    !redirectUrl.startsWith("https://")
   ) {
     if (
-      redirectUrl.includes('localhost') |
-      redirectUrl.includes('host.docker.internal')
+      redirectUrl.includes("localhost") |
+      redirectUrl.includes("host.docker.internal")
     ) {
       urlToRedirect = `http://${redirectUrl}`;
     } else {