Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@flowfuse/nr-launcher

Package Overview
Dependencies
Maintainers
3
Versions
214
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@flowfuse/nr-launcher - npm Package Compare versions

Comparing version 2.1.2-3739f00-202402281119.0 to 2.1.2-6ff015e-202403131147.0

72

lib/auth/httpAuthMiddleware.js
const crypto = require('crypto')
const got = require('got')
const session = require('express-session')

@@ -10,2 +11,4 @@ const MemoryStore = require('memorystore')(session)

let httpNodeApp
let client
const httpTokenCache = {}

@@ -15,15 +18,51 @@ module.exports = {

options = _options
return (req, res, next) => {
try {
if (req.session.ffSession) {
next()
} else {
req.session.redirectTo = req.originalUrl
passport.authenticate('FlowFuse', { session: false })(req, res, next)
return [
async (req, res, next) => {
try {
if (req.session.ffSession) {
next()
} else if (req.get('Authorization')?.startsWith('Bearer')) {
// We should include the Project ID and the path along with the token
// to be checked to allow scoping tokens
const token = req.get('Authorization').split(' ')[1]
const cacheHit = httpTokenCache[token]
if (cacheHit) {
const age = (Date.now() - cacheHit.age) / 1000
if (age < 300) {
next()
return
}
delete httpTokenCache[token]
}
const query = {
path: req.path
}
try {
await client.get(options.projectId, {
headers: {
authorization: `Bearer ${token}`
},
searchParams: query
})
httpTokenCache[token] = { age: Date.now() }
next()
} catch (err) {
// console.log(err)
const error = new Error('Failed to check token')
error.status = 401
next(error)
}
} else {
req.session.redirectTo = req.originalUrl
passport.authenticate('FlowFuse', { session: false })(req, res, next)
}
} catch (err) {
console.log(err.stack)
throw err
}
} catch (err) {
console.log(err.stack)
throw err
},
(err, req, res, next) => {
res.status(err.status).send()
}
}
]
},

@@ -94,3 +133,14 @@

})
// need to decide on the path here
client = got.extend({
prefixUrl: `${options.forgeURL}/account/check/http`,
headers: {
'user-agent': 'FlowFuse HTTP Node Auth'
},
timeout: {
request: 500
}
})
}
}

3

lib/runtimeSettings.js

@@ -47,3 +47,4 @@ function getSettingsFile (settings) {

clientID: '${settings.clientID}',
clientSecret: '${settings.clientSecret}'
clientSecret: '${settings.clientSecret}',
projectId: '${settings.projectID}'
})`

@@ -50,0 +51,0 @@ projectSettings.httpNodeMiddleware = 'httpNodeMiddleware: flowforgeAuthMiddleware,'

{
"name": "@flowfuse/nr-launcher",
"version": "2.1.2-3739f00-202402281119.0",
"version": "2.1.2-6ff015e-202403131147.0",
"description": "FlowFuse Launcher for running Node-RED",

@@ -5,0 +5,0 @@ "exports": {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc