mirror of
https://github.com/sasjs/server.git
synced 2025-12-10 11:24:35 +00:00
Merge pull request #383 from sasjs/npm_update_20250919
Npm update 20250919
This commit is contained in:
Allan Bowe
GitHub
20466
api/package-lock.json
generated
20466
api/package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -49,24 +49,24 @@
|
||||
"author": "4GL Ltd",
|
||||
"dependencies": {
|
||||
"@sasjs/core": "^4.40.1",
|
||||
"@sasjs/utils": "3.2.0",
|
||||
"@sasjs/utils": "^3.5.2",
|
||||
"bcryptjs": "^2.4.3",
|
||||
"connect-mongo": "^4.6.0",
|
||||
"cookie-parser": "^1.4.6",
|
||||
"connect-mongo": "^5.1.0",
|
||||
"cookie-parser": "^1.4.7",
|
||||
"cors": "^2.8.5",
|
||||
"express": "^4.17.1",
|
||||
"express-session": "^1.17.2",
|
||||
"express": "^4.21.2",
|
||||
"express-session": "^1.18.2",
|
||||
"helmet": "^5.0.2",
|
||||
"joi": "^17.4.2",
|
||||
"jsonwebtoken": "^8.5.1",
|
||||
"jsonwebtoken": "^9.0.2",
|
||||
"ldapjs": "2.3.3",
|
||||
"mongoose": "^6.0.12",
|
||||
"morgan": "^1.10.0",
|
||||
"mongoose": "^6.13.8",
|
||||
"morgan": "^1.10.1",
|
||||
"multer": "^1.4.5-lts.1",
|
||||
"rate-limiter-flexible": "2.4.1",
|
||||
"rotating-file-stream": "^3.0.4",
|
||||
"swagger-ui-express": "4.3.0",
|
||||
"unzipper": "^0.10.11",
|
||||
"unzipper": "^0.12.3",
|
||||
"url": "^0.10.3"
|
||||
},
|
||||
"devDependencies": {
|
||||
@@ -76,32 +76,32 @@
|
||||
"@types/cors": "^2.8.12",
|
||||
"@types/express": "^4.17.12",
|
||||
"@types/express-session": "^1.17.4",
|
||||
"@types/jest": "^26.0.24",
|
||||
"@types/jest": "^29.5.0",
|
||||
"@types/jsonwebtoken": "^8.5.5",
|
||||
"@types/ldapjs": "^2.2.4",
|
||||
"@types/morgan": "^1.9.3",
|
||||
"@types/multer": "^1.4.7",
|
||||
"@types/node": "^15.12.2",
|
||||
"@types/node": "^20.0.0",
|
||||
"@types/supertest": "^2.0.11",
|
||||
"@types/swagger-ui-express": "^4.1.3",
|
||||
"@types/unzipper": "^0.10.5",
|
||||
"adm-zip": "^0.5.9",
|
||||
"axios": "0.27.2",
|
||||
"axios": "^1.12.2",
|
||||
"csrf": "^3.1.0",
|
||||
"dotenv": "^16.0.1",
|
||||
"http-headers-validation": "^0.0.1",
|
||||
"jest": "^27.0.6",
|
||||
"jest": "^29.7.0",
|
||||
"mongodb-memory-server": "8.11.4",
|
||||
"nodejs-file-downloader": "4.10.2",
|
||||
"nodemon": "^2.0.7",
|
||||
"nodemon": "^3.0.0",
|
||||
"pkg": "5.6.0",
|
||||
"prettier": "^2.3.1",
|
||||
"prettier": "^3.0.0",
|
||||
"rimraf": "^3.0.2",
|
||||
"supertest": "^6.1.3",
|
||||
"ts-jest": "^27.0.3",
|
||||
"ts-jest": "^29.1.0",
|
||||
"ts-node": "^10.0.0",
|
||||
"tsoa": "3.14.1",
|
||||
"typescript": "^4.3.2"
|
||||
"typescript": "^5.0.0"
|
||||
},
|
||||
"nodemonConfig": {
|
||||
"ignore": [
|
||||
|
||||
@@ -234,9 +234,10 @@ const verifyAuthCode = async (
|
||||
jwt.verify(code, process.secrets.AUTH_CODE_SECRET, (err, data) => {
|
||||
if (err) return resolve(undefined)
|
||||
|
||||
const payload = data as InfoJWT
|
||||
const clientInfo: InfoJWT = {
|
||||
clientId: data?.clientId,
|
||||
userId: data?.userId
|
||||
clientId: payload?.clientId,
|
||||
userId: payload?.userId
|
||||
}
|
||||
if (clientInfo.clientId === clientId) {
|
||||
return resolve(clientInfo)
|
||||
|
||||
@@ -106,7 +106,10 @@ const login = async (
|
||||
const rateLimiter = RateLimiter.getInstance()
|
||||
|
||||
if (!validPass) {
|
||||
const retrySecs = await rateLimiter.consume(req.ip, user?.username)
|
||||
const retrySecs = await rateLimiter.consume(
|
||||
req.ip || 'unknown',
|
||||
user?.username
|
||||
)
|
||||
if (retrySecs > 0) throw errors.tooManyRequests(retrySecs)
|
||||
}
|
||||
|
||||
@@ -114,7 +117,7 @@ const login = async (
|
||||
if (!validPass) throw errors.invalidPassword
|
||||
|
||||
// Reset on successful authorization
|
||||
rateLimiter.resetOnSuccess(req.ip, user.username)
|
||||
rateLimiter.resetOnSuccess(req.ip || 'unknown', user.username)
|
||||
|
||||
req.session.loggedIn = true
|
||||
req.session.user = {
|
||||
|
||||
@@ -37,10 +37,10 @@ export const authenticateAccessToken: RequestHandler = async (
|
||||
if (user.isActive) {
|
||||
req.user = user
|
||||
return csrfProtection(req, res, nextFunction)
|
||||
} else return res.sendStatus(401)
|
||||
} else return res.status(401).send('Unauthorized')
|
||||
}
|
||||
}
|
||||
return res.sendStatus(401)
|
||||
return res.status(401).send('Unauthorized')
|
||||
}
|
||||
|
||||
await authenticateToken(
|
||||
@@ -118,6 +118,6 @@ const authenticateToken = async (
|
||||
return next()
|
||||
}
|
||||
|
||||
res.sendStatus(401)
|
||||
res.status(401).send('Unauthorized')
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,7 +3,7 @@ import { convertSecondsToHms } from '@sasjs/utils'
|
||||
import { RateLimiter } from '../utils'
|
||||
|
||||
export const bruteForceProtection: RequestHandler = async (req, res, next) => {
|
||||
const ip = req.ip
|
||||
const ip = req.ip || 'unknown'
|
||||
const username = req.body.username
|
||||
|
||||
const rateLimiter = RateLimiter.getInstance()
|
||||
|
||||
@@ -76,7 +76,7 @@ groupSchema.post('save', function (group: IGroup, next: Function) {
|
||||
})
|
||||
|
||||
// pre remove hook to remove all references of group from users
|
||||
groupSchema.pre('remove', async function () {
|
||||
groupSchema.pre('remove', async function (this: IGroupDocument) {
|
||||
const userIds = this.users
|
||||
await Promise.all(
|
||||
userIds.map(async (userId) => {
|
||||
|
||||
@@ -277,7 +277,10 @@ const performLogin = async (
|
||||
.set('x-xsrf-token', csrfToken)
|
||||
.send(credentials)
|
||||
|
||||
return { authCookies: header['set-cookie'].join() }
|
||||
return {
|
||||
authCookies:
|
||||
(header['set-cookie'] as unknown as string[] | undefined)?.join() || ''
|
||||
}
|
||||
}
|
||||
|
||||
const extractCSRF = (text: string) =>
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import jwt from 'jsonwebtoken'
|
||||
import User from '../model/User'
|
||||
import { InfoJWT } from '../types/InfoJWT'
|
||||
|
||||
const isValidToken = async (
|
||||
token: string,
|
||||
@@ -11,7 +12,8 @@ const isValidToken = async (
|
||||
jwt.verify(token, key, (err, decoded) => {
|
||||
if (err) return reject(false)
|
||||
|
||||
if (decoded?.userId === userId && decoded?.clientId === clientId) {
|
||||
const payload = decoded as InfoJWT
|
||||
if (payload?.userId === userId && payload?.clientId === clientId) {
|
||||
return resolve(true)
|
||||
}
|
||||
|
||||
|
||||
12864
package-lock.json
generated
12864
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
1263
web/package-lock.json
generated
1263
web/package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -19,9 +19,8 @@
|
||||
"@types/jest": "^26.0.24",
|
||||
"@types/node": "^12.20.28",
|
||||
"@types/react": "^17.0.27",
|
||||
"axios": "^0.24.0",
|
||||
"axios": "^1.12.2",
|
||||
"monaco-editor": "^0.33.0",
|
||||
"monaco-editor-webpack-plugin": "^7.0.1",
|
||||
"react": "^17.0.2",
|
||||
"react-copy-to-clipboard": "^5.1.0",
|
||||
"react-dom": "^17.0.2",
|
||||
@@ -54,6 +53,7 @@
|
||||
"eslint-webpack-plugin": "^3.1.1",
|
||||
"file-loader": "^6.2.0",
|
||||
"html-webpack-plugin": "5.5.0",
|
||||
"monaco-editor-webpack-plugin": "^7.0.1",
|
||||
"path": "0.12.7",
|
||||
"prettier": "^2.4.1",
|
||||
"sass": "^1.44.0",
|
||||
|
||||
Reference in New Issue
Block a user