		@@ -28,2 +28,13 @@ import { NextFunction, Request, Response } from 'express';
		/**
		* This assumes route has already passed authentication through authenticateRequest
		* and uses /api/config result from that to check projects.
		*/
		checkProjectAccess(request: Request, response: Express.Response, projects: string[] \| number[]): void;
		/**
		* Unconditionally set projectValidated flag to true.
		* Allows service routes that do not need project validation to procceed with
		* typical Express send method.
		*/
		bypassProjectAccessCheck(response: Express.Response): void;
		/**
		* Use coronerd auth method to validate url and session token provided by user
		@@ -30,0 +41,0 @@ * For Express apps, consider using the authenticateRequest middleware instead

lib/identity/identity.js

		@@ -41,2 +41,9 @@ "use strict";
		};
		var __importStar = (this && this.__importStar) \|\| function (mod) {
		if (mod && mod.__esModule) return mod;
		var result = {};
		if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
		result["default"] = mod;
		return result;
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -48,2 +55,3 @@ var axios_1 = __importDefault(require("axios"));
		var apiError_1 = require("../model/apiError");
		var ProjectValidation = __importStar(require("../service/projectValidation"));
		/**
		@@ -109,2 +117,4 @@ * Identity manager
		}
		// Ignore project validation in service layer handshake.
		ProjectValidation.setValid(response);
		response.json({
		@@ -164,2 +174,25 @@ status: 'ok',
		/**
		* This assumes route has already passed authentication through authenticateRequest
		* and uses /api/config result from that to check projects.
		*/
		IdentityManager.prototype.checkProjectAccess = function (request, response, projects) {
		var _a, _b, _c, _d, _e, _f, _g;
		var authRequest = request;
		var universe = (_c = (_b = (_a = authRequest) === null \|\| _a === void 0 ? void 0 : _a.coronerAuth) === null \|\| _b === void 0 ? void 0 : _b.cfg) === null \|\| _c === void 0 ? void 0 : _c.universe;
		var projectsExt = universe && ((_g = (_f = (_e = (_d = authRequest) === null \|\| _d === void 0 ? void 0 : _d.coronerAuth) === null \|\| _e === void 0 ? void 0 : _e.cfg) === null \|\| _f === void 0 ? void 0 : _f.universes[universe.name]) === null \|\| _g === void 0 ? void 0 : _g.projects_ext);
		if (!projectsExt) {
		this.log('debug', "missing projects_ext");
		return; // invalidated because flag is never set to true
		}
		ProjectValidation.check(response, projectsExt, projects);
		};
		/**
		* Unconditionally set projectValidated flag to true.
		* Allows service routes that do not need project validation to procceed with
		* typical Express send method.
		*/
		IdentityManager.prototype.bypassProjectAccessCheck = function (response) {
		ProjectValidation.setValid(response);
		};
		/**
		* Use coronerd auth method to validate url and session token provided by user
		@@ -166,0 +199,0 @@ * For Express apps, consider using the authenticateRequest middleware instead

lib/service/backtraceService.js

		@@ -16,2 +16,3 @@ "use strict";
		var serviceConfiguration_1 = require("./serviceConfiguration");
		var projectValidation_1 = require("./projectValidation");
		var BacktraceService = /** @class */ (function () {
		@@ -195,2 +196,3 @@ function BacktraceService(name, port, _opts) {
		}));
		app.use(projectValidation_1.projectValidation);
		};
		@@ -197,0 +199,0 @@ /**

package.json

		{
		"name": "backtrace-service",
		"version": "2.2.1",
		"version": "3.0.0-alpha",
		"description": "Common tools for Backtrace Node services",
		@@ -5,0 +5,0 @@ "author": "Backtrace",

README.md

		@@ -186,2 +186,35 @@ # Backtrace Service Layer nodejs library

		### Project Validation

		Project Validation supports gating sensitive information in services on a project-basis for Backtrace Teams. The `projectValidation` middleware ensures all Express response.send invocations procceed successfully only if the projectValidated flag is true. This is intentionally not middleware in order to support the case where the route handler has to do some work before determining projects in scope (e.g. backtrace-sca needs to fetch correlated defects before it is aware of the projects that these defects come from). To set the `projectValidation` flag to true, two methods are available for use in service route handlers.

		* #### checkProjectAccess
		This is to be used in routes that use the authenticateRequest middleware. It relies on /api/config to validate the request's list of scoped projects. If the scoped list is valid, the res.send will be successful. If invalidated, the service will return a 403.
		`scopedProjects` can be a list of project names or pids.
		```typescript
		service.app.get(
		'/api/my-service/use-projects',
		service.identityManager.authenticateRequest(),
		async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		// ... service-related work
		const scopedProjects = ["my-project"]; // Projects needed to fulfill request.
		service.identityManager.checkProjectAccess(req, res, scopedProjects);
		res.send({ message: "Expected result." });
		}
		);
		```
		* #### bypassProjectAccessCheck
		For service route handler's that do not care about project access at all, you can intentionally bypass the project validation step.
		```typescript
		service.app.get(
		'/api/my-service/get-version',
		async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		// ... service-related work
		service.identityManager.bypassProjectAccessCheck(res);
		res.send({ message: "Expected result." });
		}
		);
		```


		## Utils
		@@ -188,0 +221,0 @@

lib/identity/identity.js.map

Sorry, the diff of this file is not supported yet

lib/service/backtraceService.js.map

Sorry, the diff of this file is not supported yet

lib/service/serviceConfiguration.js.map

Sorry, the diff of this file is not supported yet

backtrace-service - npm Package Compare versions

New alerts

Improved metrics

Worsened metrics