@sap/approuter - npm Package Compare versions

Comparing version 18.0.1 to 18.0.2

CHANGELOG.md

@@ -8,2 +8,8 @@ # Change Log
 
+## 18.0.2- 2025-01-20
+
+### Fixed
+- Run the state parameter flow and delete stale cookies only in browser requests
+- Avoid duplicate app id in get applications compact response
+
 ## 18.0.1 - 2025-01-08
@@ -10,0 +16,0 @@

lib/middleware/login-provider.js

@@ -131,5 +131,6 @@ 'use strict';
 
-      if (process.env.DELETE_STALE_COOKIES === 'true' ||
+      if ((process.env.DELETE_STALE_COOKIES === 'true' ||
         cookieUtils.shouldPartitionCookie(req) ||
-        req.routerConfig.stateParameterSecret) {
+        req.routerConfig.stateParameterSecret) &&
+        cookieUtils.isBrowserRequest(req)) {
         const staleCookiesFound = cookieUtils.addStaleSessionCookies(req, res);
@@ -136,0 +137,0 @@ if (staleCookiesFound) {

lib/middleware/service-destinations-middleware.js

@@ -99,4 +99,5 @@ 'use strict';
     apps.applications.forEach(app => {
-      if (!compactApps[app.appHostId]) {
-        compactApps[app.appHostId] = {
+      const appHostId = app.appHostId || app['app-host-id'];
+      if (!compactApps[appHostId]) {
+        compactApps[appHostId] = {
           destId: app.destinationId,
@@ -107,6 +108,6 @@ destName: app.destinationName,
         };
-        app.subscribedAppName && (compactApps[app.appHostId].subscribedAppName = app.subscribedAppName);
-        app.subscribedCommercialAppName && (compactApps[app.appHostId].subscribedCommercialAppName = app.subscribedCommercialAppName);
+        app.subscribedAppName && (compactApps[appHostId].subscribedAppName = app.subscribedAppName);
+        app.subscribedCommercialAppName && (compactApps[appHostId].subscribedCommercialAppName = app.subscribedCommercialAppName);
       }
-      compactApps[app.appHostId].appIds.push(app.applicationId);
+      compactApps[appHostId].appIds.includes(app.applicationId) || compactApps[appHostId].appIds.push(app.applicationId);
     });
@@ -113,0 +114,0 @@ }

lib/passport/oauth2-strategy.js

@@ -109,3 +109,3 @@ 'use strict';
 
-  if (req.routerConfig.stateParameterSecret) {
+  if (req.routerConfig.stateParameterSecret && cookieUtils.isBrowserRequest(req)) {
     const sessionCookieName = req.app && req.app.get('cookieName');
@@ -112,0 +112,0 @@ const cookies = cookie.parse(req.headers.cookie || '');

lib/passport/oauth2.js

@@ -10,2 +10,3 @@ /* eslint-disable camelcase */
 const traceUtils = require('../utils/trace-util');
+const cookieUtils = require('../utils/cookie-utils');
 const passportUtils = require('./utils');
@@ -43,3 +44,3 @@ const requestTraceEnabled = require('../utils/trace-util').requestTraceEnabled;
   }
-  if (req.routerConfig.stateParameterSecret){
+  if (req.routerConfig.stateParameterSecret && cookieUtils.isBrowserRequest(req)){
     authURLQuery['state'] =  req.state;
@@ -46,0 +47,0 @@ passportUtils.setCacheStateValue(req.state);

lib/utils/cookie-utils.js

@@ -70,2 +70,6 @@ 'use strict';
 
+exports.isBrowserRequest = function (req){
+  const userAgent = req.headers['user-agent'];
+  return userAgent && userAgent.includes('Mozilla');
+};
 exports.addStaleSessionCookies = function (req, res) {
@@ -72,0 +76,0 @@ const sessionCookieName = req.app && req.app.get('cookieName');

package.json

 {
   "name": "@sap/approuter",
   "description": "Node.js based application router",
-  "version": "18.0.1",
+  "version": "18.0.2",
   "repository": {},
@@ -6,0 +6,0 @@ "main": "approuter.js",

No alert changes

Improved metrics

Total package byte prevSize

771476

increased by0.08%

Lines of code

12619

increased by0.06%

No dependency changes