@brainhubeu/hadron-auth - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

dist/src/HadronAuth.js

@@ -78,2 +78,5 @@ "use strict";
 exports.register = (container, config) => {
+    if (config.authSecret) {
+        container.register('authSecret', config.authSecret);
+    }
     routes = exports.initRoutes(config.securedRoutes || []);
@@ -91,3 +94,7 @@ const server = container.take('server');
 };
-exports.isRouteNotSecure = (path) => exports.getRouteFromPath(path, routes) === null;
+exports.isRouteNotSecure = (path) => {
+    console.warn("HadronAuth: isRouteNotSecure is being deprecated. Use isRouteSecure instead.");
+    return exports.getRouteFromPath(path, routes) === null;
+};
+exports.isRouteSecure = (path) => exports.getRouteFromPath(path, routes) !== null;
 exports.isAllowed = (path, allowedMethod, user, allRoles) => {
@@ -94,0 +101,0 @@ try {

dist/src/providers/expressMiddlewareAuthorization.js

@@ -19,3 +19,3 @@ "use strict";
         try {
-            if (HadronAuth_1.isRouteNotSecure(req.path)) {
+            if (!HadronAuth_1.isRouteSecure(req.path)) {
                 return next();
@@ -25,10 +25,11 @@ }
             const roleRepository = container.take('roleRepository');
-            const token = req.headers.authorization;
-            const decoded = jwt.decode(token);
+            const token = req.headers.authorization.split(' ')[1];
+            const secret = container.take('authSecret');
+            const id = jwt.verify(token, secret);
             const user = yield userRepository.findOne({
-                where: { id: decoded.id },
+                where: { id },
                 relations: ['roles'],
             });
             if (!user) {
-                return res.status(403).json({ error: errorResponse });
+                return res.status(401).json({ error: errorResponse });
             }
@@ -41,6 +42,6 @@ const allRoles = yield roleRepository.find();
             }
-            return res.status(403).json({ error: errorResponse });
+            return res.status(401).json({ error: errorResponse });
         }
         catch (error) {
-            return res.status(403).json({ error: errorResponse });
+            return res.status(401).json({ error: errorResponse });
         }
@@ -47,0 +48,0 @@ });

package.json

 {
   "name": "@brainhubeu/hadron-auth",
-  "version": "0.0.1",
+  "version": "0.0.2",
   "description": "Security package for hadron",
@@ -5,0 +5,0 @@ "main": "dist/index.js",

README.md

@@ -226,3 +226,3 @@ ## Installation
 const jwt = require('jsonwebtoken');
-const { isRouteNotSecure, isAllowed } = require('@brainhubeu/hadron-auth');
+const { isRouteSecure, isAllowed } = require('@brainhubeu/hadron-auth');
 
@@ -236,3 +236,3 @@ const errorResponse = {
     try {
-      if (isRouteNotSecure(req.path)) {
+      if (!isRouteSecure(req.path)) {
         return next();
@@ -239,0 +239,0 @@ }

No alert changes

Improved metrics

Total package byte prevSize

74012

increased by1.47%

Lines of code

559

increased by1.45%

No dependency changes