New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@st-graphics/premium

Package Overview
Dependencies
Maintainers
1
Versions
22
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@st-graphics/premium

ST Graphics Premium implementation

0.2.13
Source
npm
Version published
Weekly downloads
32
128.57%
Maintainers
1
Weekly downloads
 
Created
Source

st-graphics-premium

Premium Flow

Logic Flow

  • Fetch JSON on page load
    • client/premium.js > .fetchContent()
    • Pass in un-prefixed JSON ID into query string as resourceKey
    • Example JSON ID
  • Hit getPremiumContentUrl lambda
  • SESSIONID not present in cookie
  • 403
  • Fallback to client/premium.js > .fetchPublicContent()
  • Fetch public JSON directly from S3

  • Render login widget

  • Client initialize login flow

  • Refer to: client/premium.js > .getAuthorizationUrl()
  • returns url which will go into the href of login <a>
  • redirect_uri in query string set to /create-session lambda endpoint
  • window.location passed into state in query string
  • eg. https://ds-acc-auth.sphdigital.com/amserver/oauth2/authorize?response_type=code&client_id=st_graphics&state=eyJyZWRpcmVjdF91cmwiOiJodHRwOi8vc3QtdmlzdWFscy5jb20vaW5mb2dyYXBoaWNzL2hkYi1sZWFzZS0yMDE4L2luZGV4Lmh0bWwifQ%3D%3D&redirect_uri=https%3A%2F%2Fepc9c723qd.execute-api.ap-southeast-1.amazonaws.com%2Fproduction%2Fcreate-session&scope=uid%20aologinid%20aovisitorid%20aonickname%20aoregservice
  • After login is handled by LDAP, redirect to /create-session lambda endpoint
  • Expects to receive OAuth2 authorization code and state
  • New session creation
  • Refer to: functions/createSession/index.js
  • Exchange token - functions/createSession/authenticate.js > exchangeToken
  • Fetch user info - functions/createSession/authenticate.js > fetchUserInfo
  • Verify user is subscriber - functions/createSession/authenticate.js > verifyUser
  • Store session in DynamoDB - functions/createSession/Session.js
  • Obtain auth request origin (eg. https://graphics.straitstimes.com/interactives/2018/12/awesome-story) from state
  • Redirect to request origin
  • Return SESSIONID in cookie
  • Any error (server, authentication etc) will be handled in a catch block and lambda exit by redirecting back to request origin. Therefore client will not see any error but login widget will continue to show. Go to Cloudwatch Log to check error

  • Redirect back. Set-cookie SESSIONID

  • Fetch JSON again on redirect back

  • Refer to: client/premium.js > .fetchContent()
  • Hit getPremiumContentUrl lambda
  • SESSIONID present in cookie
  • Check session exist
  • Refer to: functions/getPremiumContentUrl/index.js & functions/getPremiumContentUrl/authenticate.js
  • Retrieve session from DynamoDB
  • Renew credentials if necessary - functions/getPremiumContentUrl/authenticate.js > renewCredential
  • Fetch user info - functions/getPremiumContentUrl/authenticate.js > fetchUserInfo
  • Verify user is subscriber - functions/getPremiumContentUrl/authenticate.js > verifyUser
  • Update session record in DynamoDB - functions/getPremiumContentUrl/Session.js
  • Prepare signed URL to fetch premium JSON

FAQs

Package last updated on 06 Aug 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

OpenGrep Restores Fingerprinting in JSON and SARIF Outputs

Security News

OpenGrep Restores Fingerprinting in JSON and SARIF Outputs

OpenGrep has restored fingerprint and metavariable support in JSON and SARIF outputs, making static analysis more effective for CI/CD security automation.

By Sarah Gooding  -  Mar 31, 2025