diff --git a/package.json b/package.json index e921ad1..eaea572 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cds-routing-handlers", - "version": "3.0.6", + "version": "3.0.7", "description": "Package to route and implement CDS handlers via a class based approach in Typescript.", "main": "lib/index.js", "repository": "https://github.com/mrbandler/cds-routing-handlers", @@ -56,7 +56,6 @@ "typescript": "^4.5.4" }, "dependencies": { - "@sap-cloud-sdk/core": "^1.53.0", "glob": "^7.2.0", "reflect-metadata": "^0.1.13" }, diff --git a/src/metadata/base/CloudSdkReplacement.ts b/src/metadata/base/CloudSdkReplacement.ts new file mode 100644 index 0000000..d37ee40 --- /dev/null +++ b/src/metadata/base/CloudSdkReplacement.ts @@ -0,0 +1,40 @@ +import { IncomingMessage } from "http"; + +export function retrieveJwt(req: IncomingMessage): string | undefined { + const header = authHeader(req); + if (validateAuthHeader(header)) { + return header!.split(" ")[1]; + } +} + +function authHeader(req: IncomingMessage): string | undefined { + const entries = Object.entries(req.headers).find(([key]) => key.toLowerCase() === "authorization"); + if (entries) { + const header = entries[1]; + + // Header could be a list of headers + return Array.isArray(header) ? header[0] : header; + } + return undefined; +} + +function validateAuthHeader(header: string | undefined): boolean { + if (typeof header === "undefined") { + console.warn("Authorization header not set."); + return false; + } + + const [authType, token] = header.split(" "); + + if (typeof token === "undefined") { + console.warn("Token in auth header missing."); + return false; + } + + if (authType.toLowerCase() !== "bearer") { + console.warn("Authorization type is not Bearer."); + return false; + } + + return true; +} diff --git a/src/metadata/base/Executer.ts b/src/metadata/base/Executer.ts index fc5429b..86effae 100644 --- a/src/metadata/base/Executer.ts +++ b/src/metadata/base/Executer.ts @@ -2,6 +2,7 @@ import { ParamMetadata } from "../ParamMetadata"; import { IExecContext } from "../../types/IExecContext"; import { ParamType } from "../../types/ParamType"; import { UserCheckerMetadata } from "../UserCheckerMetadata"; +import { retrieveJwt } from "./CloudSdkReplacement"; /** * Abstract executer class. @@ -13,14 +14,6 @@ import { UserCheckerMetadata } from "../UserCheckerMetadata"; * @class Executer */ export abstract class Executor { - /** - * Cloud core functions. - * - * @private - * @memberof Executor - */ - private cloud = require("@sap-cloud-sdk/core"); - /** * Abstract exec method, to be implemented in the child class. * @@ -49,7 +42,7 @@ export abstract class Executor { return 0; }); - return sortedParams.map(param => { + return sortedParams.map((param) => { switch (param.type) { case ParamType.Srv: return context.srv; @@ -85,15 +78,14 @@ export abstract class Executor { */ private extractJwt(context: any): string | undefined { let token; - // https://help.sap.com/doc/88b0d45562c04571a8d117bc8b6b3b7a/1.0/en-US/modules/_sap_cloud_sdk_core.html#retrievejwt - // cloud needs the incoming message + try { - token = this.cloud.retrieveJwt(context.req._.req); + token = retrieveJwt(context.req._.req); } catch (error) { // silence } try { - if (!token) token = this.cloud.retrieveJwt(context.req); + if (!token) token = retrieveJwt(context.req); } catch (error) { // silence } diff --git a/yarn.lock b/yarn.lock index 9a2d719..78a98f7 100644 --- a/yarn.lock +++ b/yarn.lock @@ -260,7 +260,7 @@ "@sap-cloud-sdk/util" "^1.53.0" axios "^0.21.1" -"@sap-cloud-sdk/core@^1.41", "@sap-cloud-sdk/core@^1.53.0": +"@sap-cloud-sdk/core@^1.41": version "1.53.0" resolved "https://registry.yarnpkg.com/@sap-cloud-sdk/core/-/core-1.53.0.tgz#6882d58260fa0c72d068ecb7083418b16920c2cd" integrity sha512-xCiEYiGi7PAQNfzmYmOWRw6oBjIzmiv6Yag8haTRPqLo2Aox6pqEfhbKunzqi6wJPUSgJByW696nzx5CY6BCjQ==