@brainhubeu/hadron-auth
Advanced tools
Comparing version 0.0.1 to 0.0.2
@@ -78,2 +78,5 @@ "use strict"; | ||
exports.register = (container, config) => { | ||
if (config.authSecret) { | ||
container.register('authSecret', config.authSecret); | ||
} | ||
routes = exports.initRoutes(config.securedRoutes || []); | ||
@@ -91,3 +94,7 @@ const server = container.take('server'); | ||
}; | ||
exports.isRouteNotSecure = (path) => exports.getRouteFromPath(path, routes) === null; | ||
exports.isRouteNotSecure = (path) => { | ||
console.warn("HadronAuth: isRouteNotSecure is being deprecated. Use isRouteSecure instead."); | ||
return exports.getRouteFromPath(path, routes) === null; | ||
}; | ||
exports.isRouteSecure = (path) => exports.getRouteFromPath(path, routes) !== null; | ||
exports.isAllowed = (path, allowedMethod, user, allRoles) => { | ||
@@ -94,0 +101,0 @@ try { |
@@ -19,3 +19,3 @@ "use strict"; | ||
try { | ||
if (HadronAuth_1.isRouteNotSecure(req.path)) { | ||
if (!HadronAuth_1.isRouteSecure(req.path)) { | ||
return next(); | ||
@@ -25,10 +25,11 @@ } | ||
const roleRepository = container.take('roleRepository'); | ||
const token = req.headers.authorization; | ||
const decoded = jwt.decode(token); | ||
const token = req.headers.authorization.split(' ')[1]; | ||
const secret = container.take('authSecret'); | ||
const id = jwt.verify(token, secret); | ||
const user = yield userRepository.findOne({ | ||
where: { id: decoded.id }, | ||
where: { id }, | ||
relations: ['roles'], | ||
}); | ||
if (!user) { | ||
return res.status(403).json({ error: errorResponse }); | ||
return res.status(401).json({ error: errorResponse }); | ||
} | ||
@@ -41,6 +42,6 @@ const allRoles = yield roleRepository.find(); | ||
} | ||
return res.status(403).json({ error: errorResponse }); | ||
return res.status(401).json({ error: errorResponse }); | ||
} | ||
catch (error) { | ||
return res.status(403).json({ error: errorResponse }); | ||
return res.status(401).json({ error: errorResponse }); | ||
} | ||
@@ -47,0 +48,0 @@ }); |
{ | ||
"name": "@brainhubeu/hadron-auth", | ||
"version": "0.0.1", | ||
"version": "0.0.2", | ||
"description": "Security package for hadron", | ||
@@ -5,0 +5,0 @@ "main": "dist/index.js", |
@@ -226,3 +226,3 @@ ## Installation | ||
const jwt = require('jsonwebtoken'); | ||
const { isRouteNotSecure, isAllowed } = require('@brainhubeu/hadron-auth'); | ||
const { isRouteSecure, isAllowed } = require('@brainhubeu/hadron-auth'); | ||
@@ -236,3 +236,3 @@ const errorResponse = { | ||
try { | ||
if (isRouteNotSecure(req.path)) { | ||
if (!isRouteSecure(req.path)) { | ||
return next(); | ||
@@ -239,0 +239,0 @@ } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
74012
559