allow all origins if input array has wildcard character (#234)

* allow all origins if input array has wildcard character * extracted variable --------- Co-authored-by: tanghel <[email protected]>
multiversx · Sep 30, 2024 · 93c9450 · 93c9450
1 parent 2a50cff
commit 93c9450
Show file tree

Hide file tree

Showing 11 changed files with 28 additions and 19 deletions.
diff --git a/lerna.json b/lerna.json
@@ -1,7 +1,7 @@
 {
   "$schema": "node_modules/lerna/schemas/lerna-schema.json",
   "useWorkspaces": true,
-  "version": "3.7.7",
+  "version": "3.7.8",
   "packages": [
     "packages/*"
   ],

diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/auth/package.json b/packages/auth/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@multiversx/sdk-nestjs-auth",
-  "version": "3.7.7",
+  "version": "3.7.8",
   "description": "Multiversx SDK Nestjs auth package",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

diff --git a/packages/auth/src/native.auth.guard.ts b/packages/auth/src/native.auth.guard.ts
@@ -5,6 +5,7 @@ import { DecoratorUtils, ErdnestConfigService, ERDNEST_CONFIG_SERVICE, UrlUtils,
 import { PerformanceProfiler } from '@multiversx/sdk-nestjs-monitoring';
 import { NativeAuthInvalidOriginError } from './errors/native.auth.invalid.origin.error';
 import { NoAuthOptions } from './decorators';
+import { NativeAuthServerConfig } from "@multiversx/sdk-native-auth-server/lib/src/entities/native.auth.server.config";
 
 /**
  * This Guard protects all routes that do not have the `@NoAuth` decorator and sets the `X-Native-Auth-*` HTTP headers.
@@ -19,7 +20,7 @@ export class NativeAuthGuard implements CanActivate {
     @Inject(ERDNEST_CONFIG_SERVICE) erdnestConfigService: ErdnestConfigService,
     @Optional() cacheService?: CacheService,
   ) {
-    this.authServer = new NativeAuthServer({
+    const nativeAuthServerConfig: NativeAuthServerConfig = {
       apiUrl: erdnestConfigService.getApiUrl(),
       maxExpirySeconds: erdnestConfigService.getNativeAuthMaxExpirySeconds(),
       acceptedOrigins: erdnestConfigService.getNativeAuthAcceptedOrigins(),
@@ -45,7 +46,15 @@ export class NativeAuthGuard implements CanActivate {
           throw new Error('CacheService is not available in the context');
         },
       },
-    });
+    };
+
+    const acceptedOrigins = erdnestConfigService.getNativeAuthAcceptedOrigins();
+    const shouldAllowAllOrigins = acceptedOrigins && acceptedOrigins.length === 1 && acceptedOrigins[0] === '*';
+    if (shouldAllowAllOrigins) {
+      nativeAuthServerConfig.isOriginAccepted = () => true; // allow all origins
+    }
+
+    this.authServer = new NativeAuthServer(nativeAuthServerConfig);
   }
 
   static getOrigin(headers: Record<string, string>): string {

diff --git a/packages/cache/package.json b/packages/cache/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@multiversx/sdk-nestjs-cache",
-  "version": "3.7.7",
+  "version": "3.7.8",
   "description": "Multiversx SDK Nestjs cache package",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

diff --git a/packages/common/package.json b/packages/common/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@multiversx/sdk-nestjs-common",
-  "version": "3.7.7",
+  "version": "3.7.8",
   "description": "Multiversx SDK Nestjs common package",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

diff --git a/packages/elastic/package.json b/packages/elastic/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@multiversx/sdk-nestjs-elastic",
-  "version": "3.7.7",
+  "version": "3.7.8",
   "description": "Multiversx SDK Nestjs elastic package",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

diff --git a/packages/http/package.json b/packages/http/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@multiversx/sdk-nestjs-http",
-  "version": "3.7.7",
+  "version": "3.7.8",
   "description": "Multiversx SDK Nestjs http package",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

diff --git a/packages/monitoring/package.json b/packages/monitoring/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@multiversx/sdk-nestjs-monitoring",
-  "version": "3.7.7",
+  "version": "3.7.8",
   "description": "Multiversx SDK Nestjs monitoring package",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

diff --git a/packages/rabbitmq/package.json b/packages/rabbitmq/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@multiversx/sdk-nestjs-rabbitmq",
-  "version": "3.7.7",
+  "version": "3.7.8",
   "description": "Multiversx SDK Nestjs rabbitmq client package",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

diff --git a/packages/redis/package.json b/packages/redis/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@multiversx/sdk-nestjs-redis",
-  "version": "3.7.7",
+  "version": "3.7.8",
   "description": "Multiversx SDK Nestjs redis client package",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",