Merge pull request #15 from lawp09/feature/client-ip

Feature/client ip
VilledeMontreal · Jun 5, 2024 · 0218c20 · 0218c20
2 parents fa88c23 + d51fa6f
commit 0218c20
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 4 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@villedemontreal/jwt-validator",
-  "version": "5.9.2",
+  "version": "5.9.3",
   "description": "Module to validate JWT (JSON Web Tokens)",
   "main": "dist/src/index.js",
   "typings": "dist/src",

diff --git a/src/config/configs.ts b/src/config/configs.ts
@@ -26,12 +26,23 @@ export class Configs {
    */
   private _cacheDuration: number = constants.default.cacheDuration;
 
+  /**
+   * When this library is used as a dependency in a project, the source project name will be the property name in the package.json of this project
+   *
+   * @private
+   * @type {string}
+   * @memberof Configs
+   */
+  private readonly _sourceProjectName: string;
+
   private _loggerCreator: (name: string) => ILogger;
   private _correlationIdProvider: () => string;
 
   constructor() {
     this.libRoot = path.normalize(__dirname + '/../../..');
     this.isWindows = os.platform() === 'win32';
+    const sourcePackageJson = require(`${constants.appRoot}/package.json`);
+    this._sourceProjectName = sourcePackageJson?.name ? sourcePackageJson.name : '';
   }
 
   /**
@@ -129,6 +140,16 @@ export class Configs {
     this._correlationIdProvider = correlationIdProvider;
   }
 
+  /**
+   * Get the source project name where this library is imported
+   *
+   * @return {*}  {string}
+   * @memberof Configs
+   */
+  public getSourceProjectName(): string {
+    return this._sourceProjectName;
+  }
+
   /**
    * The Correlation Id provider
    */

diff --git a/src/middleware/tokenTransformationMiddleware.ts b/src/middleware/tokenTransformationMiddleware.ts
@@ -2,8 +2,10 @@ import { utils } from '@villedemontreal/general-utils';
 import * as express from 'express';
 import httpHeaderFieldsTyped from 'http-header-fields-typed';
 import * as _ from 'lodash';
+import { configs } from '../config/configs';
 import { constants } from '../config/constants';
 import { ITokenTtransformationMiddlewareConfig } from '../config/tokenTransformationMiddlewareConfig';
+import { IInputAccessToken, IInputAccessTokenSource } from '../models/accessToken';
 import { createInvalidJwtError } from '../models/customError';
 import { createLogger } from '../utils/logger';
 import superagent = require('superagent');
@@ -67,10 +69,23 @@ export const tokenTransformationMiddleware: (
         return;
       }
 
+      const source: IInputAccessTokenSource = {
+        url: `${req.protocol}://${req?.headers.host}${req.url}`,
+        method: req.method,
+        serviceName: configs.getSourceProjectName(),
+        clientIp: '10.0.0.1',
+      };
+
+      const inputAccessToken: IInputAccessToken = {
+        accessToken,
+        source,
+        extensions: config.extensions,
+      };
+
       // Call the service endpoint to exchange the access token for a extended jwt
       superagent
         .post(config.service.uri)
-        .send({ accessToken, extensions: config.extensions })
+        .send(inputAccessToken)
         .then((response) => {
           const extendedJwt = response.body.jwts?.extended;
           logger.debug(extendedJwt, 'Extended jwt content.');

diff --git a/src/models/accessToken.ts b/src/models/accessToken.ts
@@ -0,0 +1,35 @@
+/**
+ * An input access token
+ */
+export interface IInputAccessTokenExtensionsJwtCustomDataProvider {
+  uri: string;
+  method?: string;
+  options?: any;
+  name?: string;
+  useJwtInAuthHeader?: boolean;
+}
+export interface IInputAccessTokenExtensionsJwt {
+  customDataProvider: IInputAccessTokenExtensionsJwtCustomDataProvider;
+}
+
+export interface IInputAccessTokenExtensions {
+  jwt: IInputAccessTokenExtensionsJwt;
+}
+
+export interface IInputAccessTokenSource {
+  url: string;
+  method: string;
+  serviceName: string;
+  basicJwtCacheKey?: string; // the name of the cache key for the basic JWT, to use the same key as the Kong plugin
+  extendedJwtCacheKey?: string; // the name of the cache key for the extended JWT, to use the same key as the Kong plugin
+  extendedJwtConfigDigest?: string; // the digest that should be included in the extended JWT, to verify later that we retrieved a cached JWT matching the right config.
+  clientIp: string;
+}
+
+export interface IInputAccessToken {
+  accessToken: string;
+  accessTokenIssuer?: string;
+  source?: IInputAccessTokenSource;
+  jwt?: string;
+  extensions?: IInputAccessTokenExtensions;
+}