14391963517

Committed 10 Apr 2025 11:07PM UTC coverage: 78.385% (+0.7%) from 77.658%

Build # 14391963517

Build Type

Pull #668

github

Committed by

web-flow

Commit Message

Merge 35e8d8e98 into d880b92d1

Pull Request Pull Request #668: fix: tenant s3 credentials fixes and refactor

Coverage Stats

1466 of 2031 branches covered (72.18%)

Branch coverage included in aggregate %.

217 of 223 new or added lines in 15 files covered. (97.31%)

1 existing line in 1 file now uncovered.

16608 of 21027 relevant lines covered (78.98%)

156.58 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

83.33

/src/http/plugins/jwt.ts

import fastifyPlugin from 'fastify-plugin'
import { JwtPayload } from 'jsonwebtoken'

import { verifyJWT } from '@internal/auth'
import { getJwtSecret } from '@internal/database'
import { ERRORS } from '@internal/errors'

declare module 'fastify' {
  interface FastifyRequest {
    isAuthenticated: boolean
    jwt: string
    jwtPayload?: JwtPayload & { role?: string }
    owner?: string
  }

  interface FastifyContextConfig {
    allowInvalidJwt?: boolean
  }
}

const BEARER = /^Bearer\s+/i

export const jwt = fastifyPlugin(
  async (fastify) => {
    fastify.decorateRequest('jwt', '')
    fastify.decorateRequest('jwtPayload', undefined)

    fastify.addHook('preHandler', async (request) => {
      request.jwt = (request.headers.authorization || '').replace(BEARER, '')

      if (!request.jwt && request.routeOptions.config.allowInvalidJwt) {
        request.jwtPayload = { role: 'anon' }
        request.isAuthenticated = false
        return
      }

      const { secret, jwks } = await getJwtSecret(request.tenantId)

      try {
        const payload = await verifyJWT(request.jwt, secret, jwks || null)
        request.jwtPayload = payload
        request.owner = payload.sub
        request.isAuthenticated = true
      } catch (e) {
        request.jwtPayload = { role: 'anon' }
        request.isAuthenticated = false

        if (request.routeOptions.config.allowInvalidJwt) {
          return
        }
        const err = e as Error
        throw ERRORS.AccessDenied(err.message, err)
      }
    })
  },
  { name: 'auth-jwt' }
)

1	import fastifyPlugin from 'fastify-plugin'	1✔
2	import { JwtPayload } from 'jsonwebtoken'	1✔
3		1✔
4	import { verifyJWT } from '@internal/auth'	1✔
5	import { getJwtSecret } from '@internal/database'	1✔
6	import { ERRORS } from '@internal/errors'	1✔
7		1✔
8	declare module 'fastify' {	1✔
9	interface FastifyRequest {	1✔
10	isAuthenticated: boolean	1✔
11	jwt: string	1✔
12	jwtPayload?: JwtPayload & { role?: string }	1✔
13	owner?: string	1✔
14	}	1✔
15		1✔
16	interface FastifyContextConfig {	1✔
17	allowInvalidJwt?: boolean	1✔
18	}	1✔
19	}	1✔
20		1✔
21	const BEARER = /^Bearer\s+/i	1✔
22		1✔
23	export const jwt = fastifyPlugin(	1✔
24	async (fastify) => {	1✔
25	fastify.decorateRequest('jwt', '')	756✔
26	fastify.decorateRequest('jwtPayload', undefined)	756✔
27		756✔
28	fastify.addHook('preHandler', async (request) => {	756✔
29	request.jwt = (request.headers.authorization \|\| '').replace(BEARER, '')	100✔
30		100✔
31	if (!request.jwt && request.routeOptions.config.allowInvalidJwt) {	100✔
32	request.jwtPayload = { role: 'anon' }	4✔
33	request.isAuthenticated = false	4✔
34	return	4✔
35	}	4✔
36		96✔
37	const { secret, jwks } = await getJwtSecret(request.tenantId)	96✔
38		96✔
39	try {	96✔
40	const payload = await verifyJWT(request.jwt, secret, jwks \|\| null)	100!
41	request.jwtPayload = payload	96✔
42	request.owner = payload.sub	96✔
43	request.isAuthenticated = true	96✔
44	} catch (e) {	100!
45	request.jwtPayload = { role: 'anon' }	×
46	request.isAuthenticated = false	×
47		×
48	if (request.routeOptions.config.allowInvalidJwt) {	×
49	return	×
50	}	×
NEW 51	const err = e as Error	×
52	throw ERRORS.AccessDenied(err.message, err)	×
53	}	×
54	})	756✔
55	},	756✔
56	{ name: 'auth-jwt' }	1✔
57	)	1✔

supabase / storage / 14391963517

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous