node-vault-client - npm Package Compare versions

Comparing version 0.0.2 to 0.1.0

package.json

 {
   "name": "node-vault-client",
-  "version": "0.0.2",
+  "version": "0.1.0",
   "description": "",
@@ -24,2 +24,3 @@ "engines": {
     "lodash": "^4.17.4",
+    "long-timeout": "^0.1.1",
     "request": "^2.81.0",
@@ -26,0 +27,0 @@ "request-promise": "^4.2.0",

src/auth/VaultAppRoleAuth.js

@@ -14,31 +14,16 @@ 'use strict';
      */
-    constructor(apiClient, config) {
-        super(apiClient);
+    constructor(apiClient, logger, config) {
+        super(apiClient, logger);
 
         this.__roleId = config.role_id;
         this.__secretId = config.secret_id;
-        this.__authData = {
-            client_token: null,
-            lease_duration: 0,
-            expires_at: 0,
-        };
     }
 
-    getAuthToken() {
-        let authToken = this.__authData.client_token;
-
-        if (!authToken || (this.__authData.expires_at !== 0 && this.__authData.expires_at <= Date.now())) {
-            return this.__apiClient.makeRequest('POST', '/auth/approle/login', {
-                role_id: this.__roleId,
-                secret_id: this.__secretId,
-            }).then(res => {
-                this.__authData.client_token = res.auth.client_token;
-                this.__authData.lease_duration = res.auth.lease_duration * 1000;
-                this.__authData.expires_at = this.__authData.lease_duration === 0 ? 0 : Date.now() + this.__authData.lease_duration - 60000;
-
-                return this.__authData.client_token;
-            });
-        }
-
-        return Promise.resolve(authToken);
+    _authenticate() {
+        return this.__apiClient.makeRequest('POST', '/auth/approle/login', {
+            role_id: this.__roleId,
+            secret_id: this.__secretId,
+        }).then(res => {
+            return this._getTokenEntity(res.auth.client_token);
+        });
     }
@@ -45,0 +30,0 @@

src/auth/VaultBaseAuth.js

 'use strict';
 
+const lt = require('long-timeout');
+
+const AuthToken = require('./AuthToken');
+const errors = require('../errors');
+
 class VaultBaseAuth {
@@ -7,13 +12,99 @@
      * @param {VaultApiClient} apiClient
+     * @param {Object} logger
      */
-    constructor(apiClient) {
+    constructor(apiClient, logger) {
         this.__apiClient = apiClient;
+        /** @protected */
+        this._log = logger;
+
+        /** @type AuthToken */
+        this.__authToken = null;
+        this.__refreshTimeout = null;
     }
 
-    getAuthToken() {
+    /**
+     * @protected
+     * @returns {Promise<AuthToken>}
+     */
+    _authenticate() {
         throw new Error('Method should be overridden');
     }
 
+    getAuthToken() {
+        if (this.__authToken === null || (this.__authToken.isExpired() && this._reauthenticationAllowed())) {
+            if (this.__authToken !== null && this.__authToken.isExpired() && !this._reauthenticationAllowed()) {
+                throw new errors.AuthTokenExpiredError('Auth token has expired & cannot be refreshed since auth method doesn\'t support this.');
+            }
+
+            return this._authenticate().then(authToken => {
+                this.__authToken = authToken;
+
+                this.__setupTokenRefreshTimer(this.__authToken);
+
+                return this.__authToken;
+            });
+        }
+
+        return Promise.resolve(this.__authToken);
+    }
+
+    /**
+     * @protected
+     * @returns {Promise<AuthToken>}
+     */
+    _getTokenEntity(tokenId) {
+        return this.__apiClient.makeRequest('GET', '/auth/token/lookup-self', null, {'X-Vault-Token': tokenId}).then(res => {
+            return AuthToken.fromResponse(res);
+        });
+    }
+
+    /**
+     * @protected
+     * @returns {boolean}
+     */
+    _reauthenticationAllowed() {
+        return true;
+    }
+
+    /**
+     * @param {AuthToken} authToken
+     * @private
+     */
+    __setupTokenRefreshTimer(authToken) {
+        if (this.__refreshTimeout !== null) {
+            lt.clearTimeout(this.__refreshTimeout);
+            this.__refreshTimeout = null;
+        }
+
+        if (!authToken.isRenewable() || authToken.isExpired()) {
+            return;
+        }
+
+
+        this.__refreshTimeout = lt.setTimeout(() => {
+            this.__renewToken(authToken).then(authToken => {
+                this.__authToken = authToken;
+                this.__setupTokenRefreshTimer(authToken);
+            }).catch(err => {
+                this.__setupTokenRefreshTimer(authToken);
+
+                this._log.error(`Cannot refresh auth token with "${authToken.getAccessor()}" accessor. Error: ${err.message}`);
+                this._log.error(err);
+            });
+        }, Math.max((authToken.getExpiresAt() - Math.floor(Date.now() / 1000)) / 2, 1) * 1000);
+    }
+
+    /**
+     * @param {AuthToken} authToken
+     * @returns {Promise.<AuthToken>}
+     * @private
+     */
+    __renewToken(authToken) {
+        return this.__apiClient.makeRequest('POST', '/auth/token/renew-self', null, {'X-Vault-Token': authToken.getId()}).then(() => {
+            return this._getTokenEntity(authToken.getId());
+        });
+    }
+
 }
 
 module.exports = VaultBaseAuth;

src/auth/VaultTokenAuth.js

@@ -13,4 +13,4 @@ 'use strict';
      */
-    constructor(connConfig, config) {
-        super(connConfig);
+    constructor(connConfig, logger, config) {
+        super(connConfig, logger);
 
@@ -24,8 +24,12 @@ if (!config.token) {
 
-    getAuthToken() {
-        return Promise.resolve(this.__token);
+    _authenticate() {
+        return this._getTokenEntity(this.__token);
     }
 
+    _reauthenticationAllowed() {
+        return false;
+    }
+
 }
 
 module.exports = VaultTokenAuth;

src/errors.js

@@ -13,6 +13,8 @@ 'use strict';
 class InvalidArgumentsError extends VaultError {}
+class AuthTokenExpiredError extends VaultError {}
 
 module.exports = {
     VaultError,
-    InvalidArgumentsError
+    InvalidArgumentsError,
+    AuthTokenExpiredError,
 };

src/VaultClient.js

 'use strict';
 
+const _ = require('lodash');
+
 const Lease = require('./Lease');
@@ -26,14 +28,17 @@ const errors = require('./errors');
      * @param {Object} options.auth.config - auth configuration variables
+     * @param {Object|false} options.logger - Logger that supports "error", "info", "warn", "trace", "debug" methods. Uses `console` by default. Pass `false` to disable logging.
      */
     constructor(options) {
         this.__api = new VaultApiClient(options.api);
+        this.__log = this.__setupLogger(options.logger);
 
+        /** @type {VaultBaseAuth} */
+        this.__auth = null;
         if (options.auth.type === 'appRole') {
-            this.__auth = new VaultAppRoleAuth(this.__api, options.auth.config);
+            this.__auth = new VaultAppRoleAuth(this.__api, this.__log, options.auth.config);
         } else if (options.auth.type === 'token') {
-            this.__auth = new VaultTokenAuth(this.__api, options.auth.config);
+            this.__auth = new VaultTokenAuth(this.__api, this.__log, options.auth.config);
         } else {
             throw new errors.InvalidArgumentsError('Unsupported auth method');
         }
-
     }
@@ -115,3 +120,3 @@
         return this.__auth.getAuthToken().then(token => {
-            return this.__api.makeRequest('GET', path, null, {'X-Vault-Token': token});
+            return this.__api.makeRequest('GET', path, null, {'X-Vault-Token': token.getId()});
         }).then(res => {
@@ -124,7 +129,23 @@ return Lease.fromResponse(res);
         return this.__auth.getAuthToken().then(token => {
-            return this.__api.makeRequest('POST', path, data, {'X-Vault-Token': token});
+            return this.__api.makeRequest('POST', path, data, {'X-Vault-Token': token.getId()});
         }).then(() => {});
     }
+
+    __setupLogger(logger) {
+        if (logger === false) {
+            return {
+                error: () => {},
+                warn: () => {},
+                info: () => {},
+                debug: () => {},
+                trace: () => {},
+            }
+        } else if (_.intersection(_.functionsIn(logger), ['error', 'warn', 'info', 'debug', 'trace']).length >= 5) {
+            return logger
+        } else {
+            return console;
+        }
+    }
 }
 
 module.exports = Vault;

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

18597

increased by46.77%

Number of package files

11

increased by22.22%

Lines of code

522

increased by47.88%

Number of medium quality alerts

0

decreased by-100%

Number of lines in readme file

27

increased byInfinity%

Worsened metrics

Dependency count

8

increased by14.29%

Dependency changes

• + Addedlong-timeout@^0.1.1

• + Addedlong-timeout@0.1.1(transitive)