@bluealba/microservices-toolkit - npm Package Compare versions

Comparing version 1.2.1 to 1.3.0

package.json

		{
		"name": "@bluealba/microservices-toolkit",
		"version": "1.2.1",
		"version": "1.3.0",
		"description": "Library that contains common elements used in microservices",
		@@ -5,0 +5,0 @@ "main": "index.js",

src/middlewares/gatewayAuth.js

		"use strict";
		module.exports = function () {
		/**
		* Extracts the username from the `x-forwarded-user` set by the HTTP Gateway.
		*
		* If no header, the request is rejected with error 403 (forbidden)
		*
		* Attempts to extract the username from different places.
		* If not present, the request is rejected with error 403 (forbidden)
		*/
		return function (req, res, next) {
		// if fronted with the http-gateway, look for the user header
		if (req.headers["x-forwarded-user"]) {
		req.auth = createUser(
		req.headers["x-forwarded-user"],
		req.headers["x-forwarded-user-name"],
		req.headers["x-forwarded-user-operations"] ? req.headers["x-forwarded-user-operations"].split(",") : []
		);
		return next();
		}

		if (!req.headers["x-forwarded-user"]) {
		return res.status(403).send();
		// if using oauth2 look for the bearer cookies
		if ((req.cookies \|\| {})["BearerToken"]) {
		const bearerToken = (req.cookies \|\| {})["BearerToken"];
		const parsedToken = parseJwt(bearerToken); //TODO: this should validate the token, for the moment trusting the proxy is fine

		req.auth = createUser(
		parsedToken.sub,
		parseNameFromUsername(parsedToken.sub), //TODO: this should come from the issuer
		[]
		);
		return next();
		}

		req.auth = {
		username: req.headers["x-forwarded-user"],
		displayName: req.headers["x-forwarded-user-name"],
		operations: req.headers["x-forwarded-user-operations"]
		? req.headers["x-forwarded-user-operations"].split(",")
		: [],
		can: function (operation) {
		return this.operations.includes(operation);
		},
		matchesLoggedUser: function (username) {
		return username === this.username;
		},
		};
		next();
		// if basic ext auth, retrieve user from header
		if (req.headers["x-auth-username"]) {
		req.auth = createUser(req.headers["x-auth-username"], parseNameFromUsername(req.headers["x-auth-username"]), []);
		return next();
		}

		// if unable to find a user, then forbid the request
		return res.status(403).send();
		};
		};

		const createUser = (username, displayName, operations) => {
		return {
		username: username,
		displayName: displayName,
		operations: operations,
		can: function (operation) {
		return this.operations.includes(operation);
		},
		matchesLoggedUser: function (username) {
		return username === this.username;
		},
		};
		};

		const atob = (payload) => Buffer.from(payload, "base64").toString();

		const parseJwt = (token) => {
		let base64Url = token.split(".")[1];
		let base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
		let jsonPayload = decodeURIComponent(
		atob(base64)
		.split("")
		.map(function (c) {
		return "%" + ("00" + c.charCodeAt(0).toString(16)).slice(-2);
		})
		.join("")
		);

		return JSON.parse(jsonPayload);
		};

		const parseNameFromUsername = (username) => {
		let response = username;

		const posAt = response.indexOf("@");
		if (posAt !== -1) {
		response = response.substring(0, posAt);
		}

		return response
		.split(".")
		.map((part) => part.charAt(0).toUpperCase() + part.slice(1))
		.join(" ");
		};

@bluealba/microservices-toolkit - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics