New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
keycloak-nodejs-middleware
Advanced tools
keycloak-nodejs-middleware - npm Package Compare versions
Comparing version 1.5.3 to 1.6.0
@@ -43,5 +43,5 @@ "use strict"; | ||
| exports.keycloakMiddleware = void 0; | ||
| var axios_1 = __importDefault(require("axios")); | ||
| var url_1 = require("url"); | ||
| var https_1 = __importDefault(require("https")); | ||
| var url_1 = require("url"); | ||
| https_1.default.globalAgent.options.rejectUnauthorized = false; | ||
| function keycloakMiddleware(_a) { | ||
@@ -51,7 +51,10 @@ var _this = this; | ||
| return function (request, response, next) { return __awaiter(_this, void 0, void 0, function () { | ||
| var url, token, data, requestOptions, req; | ||
| var url, token, data, requestOptions, axiosResponse, parsedBody, error_1; | ||
| return __generator(this, function (_a) { | ||
| // assumes bearer token is passed as an authorization header | ||
| if (request.headers.authorization) { | ||
| try { | ||
| switch (_a.label) { | ||
| case 0: | ||
| if (!request.headers.authorization) return [3 /*break*/, 5]; | ||
| _a.label = 1; | ||
| case 1: | ||
| _a.trys.push([1, 3, , 4]); | ||
| url = "".concat(host, "/realms/").concat(realm, "/protocol/openid-connect/token/introspect"); | ||
@@ -66,40 +69,34 @@ token = request.headers.authorization.replace("Bearer ", ""); | ||
| requestOptions = { | ||
| method: "POST", | ||
| method: "post", | ||
| url: url, | ||
| headers: { | ||
| "Content-Type": "application/x-www-form-urlencoded", | ||
| }, | ||
| data: data.toString(), | ||
| httpsAgent: new https_1.default.Agent({ | ||
| rejectUnauthorized: false, // set to false | ||
| }), | ||
| }; | ||
| req = https_1.default.request(url, requestOptions, function (res) { | ||
| var body = ""; | ||
| res.on("data", function (chunk) { | ||
| body += chunk; | ||
| }); | ||
| res.on("end", function () { | ||
| try { | ||
| var parsedBody = JSON.parse(body); | ||
| if (parsedBody.hasOwnProperty("active") && | ||
| parsedBody.active === false) { | ||
| return response.status(401).json({ | ||
| error: true, | ||
| message: "Unauthorized", | ||
| }); | ||
| } | ||
| else { | ||
| // the token is valid pass request onto your next function | ||
| next(); | ||
| } | ||
| } | ||
| catch (error) { | ||
| next(error); | ||
| } | ||
| }); | ||
| }); | ||
| req.write(data.toString()); | ||
| req.end(); | ||
| } | ||
| catch (error) { | ||
| next(error); | ||
| } | ||
| } | ||
| else { | ||
| return [4 /*yield*/, (0, axios_1.default)(requestOptions)]; | ||
| case 2: | ||
| axiosResponse = _a.sent(); | ||
| parsedBody = axiosResponse.data; | ||
| if (parsedBody.hasOwnProperty("active") && | ||
| parsedBody.active === false) { | ||
| return [2 /*return*/, response.status(401).json({ | ||
| error: true, | ||
| message: "Unauthorized", | ||
| })]; | ||
| } | ||
| else { | ||
| // the token is valid pass request onto your next function | ||
| next(); | ||
| } | ||
| return [3 /*break*/, 4]; | ||
| case 3: | ||
| error_1 = _a.sent(); | ||
| next(error_1); | ||
| return [3 /*break*/, 4]; | ||
| case 4: return [3 /*break*/, 6]; | ||
| case 5: | ||
| // there is no token, don't process request further | ||
@@ -110,4 +107,4 @@ return [2 /*return*/, response.status(401).json({ | ||
| })]; | ||
| case 6: return [2 /*return*/]; | ||
| } | ||
| return [2 /*return*/]; | ||
| }); | ||
@@ -114,0 +111,0 @@ }); }; |
@@ -43,5 +43,5 @@ "use strict"; | ||
| exports.keycloakMiddleware = void 0; | ||
| var axios_1 = __importDefault(require("axios")); | ||
| var url_1 = require("url"); | ||
| var https_1 = __importDefault(require("https")); | ||
| var url_1 = require("url"); | ||
| https_1.default.globalAgent.options.rejectUnauthorized = false; | ||
| function keycloakMiddleware(_a) { | ||
@@ -51,7 +51,10 @@ var _this = this; | ||
| return function (request, response, next) { return __awaiter(_this, void 0, void 0, function () { | ||
| var url, token, data, requestOptions, req; | ||
| var url, token, data, requestOptions, axiosResponse, parsedBody, error_1; | ||
| return __generator(this, function (_a) { | ||
| // assumes bearer token is passed as an authorization header | ||
| if (request.headers.authorization) { | ||
| try { | ||
| switch (_a.label) { | ||
| case 0: | ||
| if (!request.headers.authorization) return [3 /*break*/, 5]; | ||
| _a.label = 1; | ||
| case 1: | ||
| _a.trys.push([1, 3, , 4]); | ||
| url = "".concat(host, "/realms/").concat(realm, "/protocol/openid-connect/token/introspect"); | ||
@@ -66,40 +69,34 @@ token = request.headers.authorization.replace("Bearer ", ""); | ||
| requestOptions = { | ||
| method: "POST", | ||
| method: "post", | ||
| url: url, | ||
| headers: { | ||
| "Content-Type": "application/x-www-form-urlencoded", | ||
| }, | ||
| data: data.toString(), | ||
| httpsAgent: new https_1.default.Agent({ | ||
| rejectUnauthorized: false, // set to false | ||
| }), | ||
| }; | ||
| req = https_1.default.request(url, requestOptions, function (res) { | ||
| var body = ""; | ||
| res.on("data", function (chunk) { | ||
| body += chunk; | ||
| }); | ||
| res.on("end", function () { | ||
| try { | ||
| var parsedBody = JSON.parse(body); | ||
| if (parsedBody.hasOwnProperty("active") && | ||
| parsedBody.active === false) { | ||
| return response.status(401).json({ | ||
| error: true, | ||
| message: "Unauthorized", | ||
| }); | ||
| } | ||
| else { | ||
| // the token is valid pass request onto your next function | ||
| next(); | ||
| } | ||
| } | ||
| catch (error) { | ||
| next(error); | ||
| } | ||
| }); | ||
| }); | ||
| req.write(data.toString()); | ||
| req.end(); | ||
| } | ||
| catch (error) { | ||
| next(error); | ||
| } | ||
| } | ||
| else { | ||
| return [4 /*yield*/, (0, axios_1.default)(requestOptions)]; | ||
| case 2: | ||
| axiosResponse = _a.sent(); | ||
| parsedBody = axiosResponse.data; | ||
| if (parsedBody.hasOwnProperty("active") && | ||
| parsedBody.active === false) { | ||
| return [2 /*return*/, response.status(401).json({ | ||
| error: true, | ||
| message: "Unauthorized", | ||
| })]; | ||
| } | ||
| else { | ||
| // the token is valid pass request onto your next function | ||
| next(); | ||
| } | ||
| return [3 /*break*/, 4]; | ||
| case 3: | ||
| error_1 = _a.sent(); | ||
| next(error_1); | ||
| return [3 /*break*/, 4]; | ||
| case 4: return [3 /*break*/, 6]; | ||
| case 5: | ||
| // there is no token, don't process request further | ||
@@ -110,4 +107,4 @@ return [2 /*return*/, response.status(401).json({ | ||
| })]; | ||
| case 6: return [2 /*return*/]; | ||
| } | ||
| return [2 /*return*/]; | ||
| }); | ||
@@ -114,0 +111,0 @@ }); }; |
| { | ||
| "name": "keycloak-nodejs-middleware", | ||
| "version": "1.5.3", | ||
| "version": "1.6.0", | ||
| "description": "Keycloak middleware for nodejs apps", | ||
@@ -12,3 +12,4 @@ "main": "./dist/cjs/index.js", | ||
| "build": "rm -fr ./dist && tsc -p tsconfig.json && tsc -p tsconfig-cjs.json", | ||
| "prepublishOnly": "npm run build" | ||
| "prepublishOnly": "npm run build", | ||
| "dev": "node-dev ./src/app.ts" | ||
| }, | ||
@@ -23,2 +24,3 @@ "keywords": [ | ||
| "dependencies": { | ||
| "axios": "^1.6.3", | ||
| "express": "^4.18.2", | ||
@@ -32,2 +34,3 @@ "node-fetch": "^3.3.2", | ||
| "@types/express": "^4.17.21", | ||
| "node-dev": "^8.0.0", | ||
| "ts-node": "^10.9.2" | ||
@@ -34,0 +37,0 @@ }, |
No alert changes
Worsened metrics
- Total package byte prevSize
- decreased by-0.65%
14166
- Dependency count
- increased by25%
5
- Dev dependency count
- increased by33.33%
4
- Lines of code
- decreased by-2.5%
234
Dependency changes
+ Addedaxios@^1.6.3
+ Addedasynckit@0.4.0(transitive)
+ Addedaxios@1.7.9(transitive)
+ Addedcombined-stream@1.0.8(transitive)
+ Addeddelayed-stream@1.0.0(transitive)
+ Addedfollow-redirects@1.15.9(transitive)
+ Addedform-data@4.0.1(transitive)
+ Addedproxy-from-env@1.1.0(transitive)