express-accesstoken-validation - npm Package Compare versions

Comparing version 0.3.0 to 0.4.0

index.js

@@ -5,2 +5,3 @@ 'use strict';
 const urlJoin = require('url-join');
+const urlPattern = require('url-pattern');
 
@@ -23,3 +24,3 @@
     if (_.some(options.unprotected, (route) => {
-        return route === req._parsedUrl.pathname
+        return new urlPattern(route).match(req._parsedUrl.pathname);
       })) {
@@ -26,0 +27,0 @@ return next();

package.json

 {
   "name": "express-accesstoken-validation",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "ExpressJS middleware for remote access token validation",
@@ -40,4 +40,5 @@ "main": "index.js",
     "request": "^2.69.0",
-    "url-join": "0.0.1"
+    "url-join": "0.0.1",
+    "url-pattern": "^1.0.3"
   }
 }

test/test.js

@@ -124,2 +124,52 @@ 'use strict';
 
+  describe('When calling an unprotected URI with url-params', function () {
+    it('should call next middleware (=allow access)', function (done) {
+      bearerTokenValidation({
+        validationUri: 'http://localhost:3000/oauth/tokenvalidation',
+        tokenParam: 'token',
+        unprotected: ['/public/:id', '/public/api']
+      })({
+        headers: {},
+        url: '/public/0815',
+        _parsedUrl:  { pathname: '/public/0815' }
+      }, {
+        status: function (number) {
+          return {
+            send: function () {
+              statusCode = number;
+            }
+          }
+        }
+      }, function (err) {
+        assert.equal(err, null);
+        done();
+      });
+    });
+  });
+
+  describe('When calling an unprotected URI with query params & url-params', function () {
+    it('should call next middleware (=allow access)', function (done) {
+      bearerTokenValidation({
+        validationUri: 'http://localhost:3000/oauth/tokenvalidation',
+        tokenParam: 'token',
+        unprotected: ['/public/:id', '/public/api']
+      })({
+        headers: {},
+        url: '/public/0815?id=1',
+        _parsedUrl:  { pathname: '/public/0815' }
+      }, {
+        status: function (number) {
+          return {
+            send: function () {
+              statusCode = number;
+            }
+          }
+        }
+      }, function (err) {
+        assert.equal(err, null);
+        done();
+      });
+    });
+  });
+
   describe('When validating an invalid token', function () {
@@ -126,0 +176,0 @@ it('should return status code 401 ', function (done) {

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14675

increased by11.64%

Lines of code

259

increased by23.33%

Worsened metrics

Dependency count

4

increased by33.33%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedurl-pattern@^1.0.3

• + Addedurl-pattern@1.0.3(transitive)