Socket
Socket
Sign inDemoInstall

@seibert/atlassian-connect-tooling

Package Overview
Dependencies
10
Maintainers
1
Versions
22
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.1.0-next.3 to 1.1.0-next.4

9

out/index.d.ts

@@ -17,9 +17,10 @@ /// <reference types="node" />

}
export interface AtlassianConnectPersistenceConfig {
export interface AtlassianConnectAuthenticationMiddlewareConfig {
fetchTenantByClientKey(clientKey: string): Promise<{
sharedSecret: string;
} & unknown | null>;
requestForQshValidation?: Request;
}
export declare type AuthenticatedInstallationRequest = Request & {
validatedJwtBody?: ReturnType<typeof verifyJwtAsymmetric>;
validatedJwtBody: ReturnType<typeof verifyJwtAsymmetric>;
};

@@ -48,3 +49,3 @@ /**

export declare type AuthenticatedAtlassianRequest = Request & {
atlassianVerified?: {
atlassianVerified: {
userAccountId: string;

@@ -56,4 +57,4 @@ clientKey: string;

};
export declare function composeAtlassianRequestAuthenticationMiddleware({ baseUrl, fetchTenantByClientKey }: AtlassianConnectConfig & AtlassianConnectPersistenceConfig): (req: AuthenticatedAtlassianRequest, res: Response, next: NextFunction) => void;
export declare function composeAtlassianRequestAuthenticationMiddleware({ baseUrl, fetchTenantByClientKey, requestForQshValidation }: AtlassianConnectConfig & AtlassianConnectAuthenticationMiddlewareConfig): (req: AuthenticatedAtlassianRequest, res: Response, next: NextFunction) => void;
export {};

2

out/index.js

@@ -1,1 +0,1 @@

var I=Object.create;var p=Object.defineProperty;var T=Object.getOwnPropertyDescriptor;var E=Object.getOwnPropertyNames;var H=Object.getPrototypeOf,S=Object.prototype.hasOwnProperty;var x=e=>p(e,"__esModule",{value:!0});var $=(e,t)=>{x(e);for(var o in t)p(e,o,{get:t[o],enumerable:!0})},K=(e,t,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of E(t))!S.call(e,n)&&n!=="default"&&p(e,n,{get:()=>t[n],enumerable:!(o=T(t,n))||o.enumerable});return e},m=e=>K(x(p(e!=null?I(H(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);$(exports,{composeAtlassianConnectInstallationMiddleware:()=>C,composeAtlassianRequestAuthenticationMiddleware:()=>k});var A=m(require("atlassian-jwt")),R=m(require("atlassian-jwt"));var w=m(require("atlassian-jwt"));function h({baseUrl:e,qsh:t,request:o}){let n=(0,w.createQueryStringHash)(o,!1,e);if(t===n)return{successful:!0};let r=(0,w.createQueryStringHash)(o,!0,e);if(t===r)return{successful:!0};let s=(0,w.createCanonicalRequest)(o,!0,e),c=`Auth failure: Query hash mismatch: Received: "${t}" but calculated "${n} ${n!==r&&`and ${r}`}. Requests canonically expression was: "${s}"`;return{successful:!1,error:c}}function J(e,t,{expectedAudience:o,expectedIssuer:n,request:r}){let s=(0,A.decodeAsymmetric)(e,t,R.AsymmetricAlgorithm.RS256,!1),c=f=>f.replace(/\/$/,""),l=c(o);if(!s.aud||!Array.isArray(s.aud))throw new Error(`Jwt token invalid. It is missing a valid aud claim. ${s.aud}`);if(!s.aud.map(c).includes(l))throw new Error(`Jwt token invalid. Expected audience not part of jwt tokens audiences. (${s.aud})`);if(!s.iss)throw new Error("Jwt token invalid. It is missing an iss claim.");if(s.iss!==n)throw new Error("Jwt token invalid. Invalid issuer.");if(!s.qsh)throw new Error("Jwt token invalid. Does not contain qsh claim.");let{successful:u,error:i}=h({baseUrl:o,qsh:s.qsh,request:r});if(!u)throw new Error(`Jwt token invalid. Query hash mismatch. ${i}`);if(!s.exp||typeof s.exp!="number")throw new Error("Jwt token invalid. Does not contain exp claim.");if(Math.round(new Date().getTime()/1e3)>=s.exp)throw new Error("Jwt token invalid. Expired token.");return s}function g(e){try{return JSON.parse(Buffer.from(e,"base64").toString())}catch(t){return console.error("Could not decode JWT header. Returning null instead.",t),null}}var v=m(require("node-fetch"));async function b({url:e}){let t=await(0,v.default)(e);if(!t.ok)throw new Error(`Could not fetch RSA public key. Host responded with ${t.status}. ${t.statusText}.`);return await t.text()}var q=m(require("atlassian-jwt")),W="https://connect-install-keys.atlassian.com/";function C({baseUrl:e}){return function(o,n,r){var i;let s=o.get("Authorization");if(!s){n.status(401).send("Could not find Authorization header.");return}let c=s.substring(4),[l]=c.split("."),u=g(l);if(!(u==null?void 0:u.kid)){n.status(400).send("Jwt header has an unexpected form.");return}if(!((i=o.body)==null?void 0:i.clientKey)){n.status(401).send("Could not find clientKey on body.");return}b({url:W+u.kid}).then(a=>{try{o.validatedJwtBody=J(c,a,{expectedAudience:e,expectedIssuer:o.body.clientKey,request:(0,q.fromExpressRequest)(o)}),r()}catch(f){n.status(401).send("Could not decode jwt token."+f)}}).catch(a=>{n.status(401).send("Could not obtain rsaPublicKey"+a)})}}var y="jwt",B="authorization";function j(e){let t=e.query[y],o=e.body[y],n=O(e);if(!t&&!e.body)return console.warn("Cannot find JWT token in query parameters. Please include body-parser middleware and parse the urlencoded body (See https://github.com/expressjs/body-parser) if the add-on is rendering in POST mode. Otherwise please ensure the "+y+" parameter is presented in query."),null;if(t&&o)return console.warn("JWT token can only appear in either query parameter or request body."),null;let r=t||o||n;return r||(console.warn("JWT token not found in request query, body or authorization header."),null)}function O(e){let t=e.headers[B];return t&&t.indexOf("JWT ")===0?t.substring(4):null}var d=m(require("atlassian-jwt"));function k({baseUrl:e,fetchTenantByClientKey:t}){return function(n,r,s){let c=j(n);if(!c){r.status(401).send("Could not find JWT.");return}let l;try{l=(0,d.decodeSymmetric)(c,"",d.SymmetricAlgorithm.HS256,!0)}catch(i){r.status(401).send("Invalid JWT."+i);return}let u=l.iss;if(!u){r.status(401).send("JWT did not contain the issuer (iss) claim");return}t(u).then(i=>{if(!(i==null?void 0:i.sharedSecret)){r.status(401).send("Could not obtain client information");return}let a;try{a=(0,d.decodeSymmetric)(c,"",d.SymmetricAlgorithm.HS256,!1)}catch(P){r.status(401).send("Unable to decode JWT."+P);return}if(!a.exp||typeof a.exp!="number"||Math.round(new Date().getTime()/1e3)>=a.exp){r.status(401).send("Jwt token invalid. Does not contain an valid exp claim.");return}let f=h({baseUrl:e,qsh:a.qsh,request:(0,d.fromExpressRequest)(n)});if(!f.successful){r.status(401).send("Jwt token invalid. Does not contain an valid qsh claim."+f.error);return}n.atlassianVerified={clientKey:a.iss,userAccountId:a.sub,jwtPayload:a,tenant:i},s()}).catch(i=>{r.status(400).send("Could not obtain client information"+i)})}}0&&(module.exports={composeAtlassianConnectInstallationMiddleware,composeAtlassianRequestAuthenticationMiddleware});
var P=Object.create;var p=Object.defineProperty;var E=Object.getOwnPropertyDescriptor;var H=Object.getOwnPropertyNames;var S=Object.getPrototypeOf,$=Object.prototype.hasOwnProperty;var A=t=>p(t,"__esModule",{value:!0});var K=(t,e)=>{A(t);for(var o in e)p(t,o,{get:e[o],enumerable:!0})},M=(t,e,o)=>{if(e&&typeof e=="object"||typeof e=="function")for(let r of H(e))!$.call(t,r)&&r!=="default"&&p(t,r,{get:()=>e[r],enumerable:!(o=E(e,r))||o.enumerable});return t},m=t=>M(A(p(t!=null?P(S(t)):{},"default",t&&t.__esModule&&"default"in t?{get:()=>t.default,enumerable:!0}:{value:t,enumerable:!0})),t);K(exports,{composeAtlassianConnectInstallationMiddleware:()=>j,composeAtlassianRequestAuthenticationMiddleware:()=>I});var R=m(require("atlassian-jwt")),J=m(require("atlassian-jwt"));var w=m(require("atlassian-jwt"));function h({baseUrl:t,qsh:e,request:o}){let r=(0,w.createQueryStringHash)(o,!1,t);if(e===r)return{successful:!0};let s=(0,w.createQueryStringHash)(o,!0,t);if(e===s)return{successful:!0};let n=(0,w.createCanonicalRequest)(o,!0,t),c=`Auth failure: Query hash mismatch: Received: "${e}" but calculated "${r} ${r!==s&&`and ${s}`}. Requests canonically expression was: "${n}"`;return{successful:!1,error:c}}function g(t,e,{expectedAudience:o,expectedIssuer:r,request:s}){let n=(0,R.decodeAsymmetric)(t,e,J.AsymmetricAlgorithm.RS256,!1),c=a=>a.replace(/\/$/,""),l=c(o);if(!n.aud||!Array.isArray(n.aud))throw new Error(`Jwt token invalid. It is missing a valid aud claim. ${n.aud}`);if(!n.aud.map(c).includes(l))throw new Error(`Jwt token invalid. Expected audience not part of jwt tokens audiences. (${n.aud})`);if(!n.iss)throw new Error("Jwt token invalid. It is missing an iss claim.");if(n.iss!==r)throw new Error("Jwt token invalid. Invalid issuer.");if(!n.qsh)throw new Error("Jwt token invalid. Does not contain qsh claim.");let{successful:u,error:f}=h({baseUrl:o,qsh:n.qsh,request:s});if(!u)throw new Error(`Jwt token invalid. Query hash mismatch. ${f}`);if(!n.exp||typeof n.exp!="number")throw new Error("Jwt token invalid. Does not contain exp claim.");if(Math.round(new Date().getTime()/1e3)>=n.exp)throw new Error("Jwt token invalid. Expired token.");return n}function v(t){try{return JSON.parse(Buffer.from(t,"base64").toString())}catch(e){return console.error("Could not decode JWT header. Returning null instead.",e),null}}var b=m(require("node-fetch"));async function q({url:t}){let e=await(0,b.default)(t);if(!e.ok)throw new Error(`Could not fetch RSA public key. Host responded with ${e.status}. ${e.statusText}.`);return await e.text()}var C=m(require("atlassian-jwt")),W="https://connect-install-keys.atlassian.com/";function j({baseUrl:t}){return function(o,r,s){var f;let n=o.get("Authorization");if(!n){r.status(401).send("Could not find Authorization header.");return}let c=n.substring(4),[l]=c.split("."),u=v(l);if(!(u==null?void 0:u.kid)){r.status(400).send("Jwt header has an unexpected form.");return}if(!((f=o.body)==null?void 0:f.clientKey)){r.status(401).send("Could not find clientKey on body.");return}q({url:W+u.kid}).then(i=>{try{o.validatedJwtBody=g(c,i,{expectedAudience:t,expectedIssuer:o.body.clientKey,request:(0,C.fromExpressRequest)(o)}),s()}catch(a){r.status(401).send("Could not decode jwt token."+a)}}).catch(i=>{r.status(401).send("Could not obtain rsaPublicKey"+i)})}}var y="jwt",B="authorization";function k(t){let e=t.query[y],o=t.body[y],r=O(t);if(!e&&!t.body)return console.warn("Cannot find JWT token in query parameters. Please include body-parser middleware and parse the urlencoded body (See https://github.com/expressjs/body-parser) if the add-on is rendering in POST mode. Otherwise please ensure the "+y+" parameter is presented in query."),null;if(e&&o)return console.warn("JWT token can only appear in either query parameter or request body."),null;let s=e||o||r;return s||(console.warn("JWT token not found in request query, body or authorization header."),null)}function O(t){let e=t.headers[B];return e&&e.indexOf("JWT ")===0?e.substring(4):null}var d=m(require("atlassian-jwt"));function I({baseUrl:t,fetchTenantByClientKey:e,requestForQshValidation:o}){return function(s,n,c){let l=k(s);if(!l){n.status(401).send("Could not find JWT.");return}let u;try{u=(0,d.decodeSymmetric)(l,"",d.SymmetricAlgorithm.HS256,!0)}catch(i){n.status(401).send("Invalid JWT."+i);return}let f=u.iss;if(!f){n.status(401).send("JWT did not contain the issuer (iss) claim");return}e(f).then(i=>{if(!(i==null?void 0:i.sharedSecret)){n.status(401).send("Could not obtain client information");return}let a;try{a=(0,d.decodeSymmetric)(l,"",d.SymmetricAlgorithm.HS256,!1)}catch(T){n.status(401).send("Unable to decode JWT."+T);return}if(!a.exp||typeof a.exp!="number"||Math.round(new Date().getTime()/1e3)>=a.exp){n.status(401).send("Jwt token invalid. Does not contain an valid exp claim.");return}let x=h({baseUrl:t,qsh:a.qsh,request:o||(0,d.fromExpressRequest)(s)});if(!x.successful){n.status(401).send("Jwt token invalid. Does not contain an valid qsh claim."+x.error);return}s.atlassianVerified={clientKey:a.iss,userAccountId:a.sub,jwtPayload:a,tenant:i},c()}).catch(i=>{n.status(400).send("Could not obtain client information"+i)})}}0&&(module.exports={composeAtlassianConnectInstallationMiddleware,composeAtlassianRequestAuthenticationMiddleware});

2

package.json
{
"name": "@seibert/atlassian-connect-tooling",
"version": "1.1.0-next.3",
"version": "1.1.0-next.4",
"description": "Provides authentication & utility methods for Atlassian Connect apps running on Express.",

@@ -5,0 +5,0 @@ "main": "out/index.js",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc