🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

connect-concierge

Package Overview
Dependencies
Maintainers
1
Versions
127
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

connect-concierge - npm Package Compare versions

Comparing version

0.3.3
to
0.3.5

70

libs/connect-concierge.js

@@ -7,3 +7,3 @@

(function() {
var ConnectConcierge, dust, fs, request, urlencode, utils, _, _isAdmin;
var ConnectConcierge, connectVtexid, dust, fs, request, urlencode, utils, _, _isAdmin;

@@ -22,2 +22,4 @@ fs = require('fs');

connectVtexid = require('connect-vtexid');
_isAdmin = utils.isAdmin;

@@ -29,3 +31,3 @@

ConnectConcierge.prototype.getMiddlewares = function(options) {
return [this.getEnvironment(options), this.authenticationHandler(options), this.resolveTags(options), this.licenseManagerCall(options), this.resolveTemplate(options), this.renderTemplate(options)];
return [this.getEnvironment(options), connectVtexid(options), this.resolveTags(options), this.licenseManagerCall(options), this.resolveTemplate(options), this.renderTemplate(options)];
};

@@ -177,65 +179,3 @@

ConnectConcierge.prototype.authenticationHandler = function() {
return function(req, res, next) {
var VtexIdclientAutCookie, forbidden, loginUriRegexp, match, redirectUrl, returnUrl, unauthorized, urlEncodedAuthCookie, vtexIdCookieRegexp, vtexIdEndpoint;
loginUriRegexp = /admin\/Site\/Login.aspx/;
if (loginUriRegexp.test(req.url) || req.url.indexOf('/admin/Content') === 0 || req.url.indexOf('/admin/Scripts') === 0 || req.url.indexOf('/meta/whoami') === 0) {
return next();
}
returnUrl = urlencode(req.url);
redirectUrl = "/admin/Site/Login.aspx?ReturnUrl=" + returnUrl;
vtexIdCookieRegexp = /.*VtexIdclientAutCookie=([^;]*)/;
match = vtexIdCookieRegexp.exec(req.headers.cookie);
if (match === null) {
VtexIdclientAutCookie = null;
} else {
if (match != null) {
VtexIdclientAutCookie = match[1];
}
}
req.cookies || (req.cookies = {});
req.cookies.VtexIdclientAutCookie = VtexIdclientAutCookie;
if (req.cookies.VtexIdclientAutCookie == null) {
res.statusCode = 302;
res.setHeader('Location', redirectUrl);
return res.end();
}
forbidden = function(body) {
console.warn("Forbidden access for auth cookie", req.cookies.VtexIdclientAutCookie, '\n', body);
return res.status(403).render('error', {
error: "Forbidden. Sorry, you can't touch this."
});
};
unauthorized = function(body) {
console.warn("Unauthorized access for auth cookie", req.cookies.VtexIdclientAutCookie, '\n', body);
return res.status(401).render('error', {
error: "Unauthorized. Sorry, could not authenticate you."
});
};
vtexIdEndpoint = "https://vtexid.vtex.com.br/api/vtexid/pub/authenticated/user?authToken=";
urlEncodedAuthCookie = encodeURIComponent(req.cookies.VtexIdclientAutCookie);
return request.get(vtexIdEndpoint + urlEncodedAuthCookie, function(err, response, body) {
var e;
try {
body = JSON.parse(body);
if (body == null) {
res.writeHead(302, {
'Location': redirectUrl
});
return res.end;
}
if (body.user == null) {
return unauthorized(body);
}
if (body.user.indexOf("@vtex.com.br") === -1) {
return forbidden(body);
}
return next();
} catch (_error) {
e = _error;
return next(e);
}
});
};
};
ConnectConcierge.prototype.authenticationHandler = connectVtexid;

@@ -242,0 +182,0 @@ return ConnectConcierge;

5

package.json
{
"name": "connect-concierge",
"version": "0.3.3",
"version": "0.3.5",
"description": "Connect middlewares for VTEX backoffice app Concierge",

@@ -32,4 +32,5 @@ "main": "main.js",

"coffee-script": "~1.8.0",
"urlencode": "~0.2.0"
"urlencode": "~0.2.0",
"connect-vtexid": "~0.1.1"
}
}
src/connect-concierge.coffee

Sorry, the diff of this file is not supported yet