@aws-amplify/adapter-nextjs 1.3.0 → 1.3.1-graphql-multi-client.93b5136.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/api/generateServerClient.js +11 -11
- package/dist/cjs/api/generateServerClient.js.map +1 -1
- package/dist/cjs/createServerRunner.js +10 -0
- package/dist/cjs/createServerRunner.js.map +1 -1
- package/dist/cjs/utils/createRunWithAmplifyServerContext.js +2 -6
- package/dist/cjs/utils/createRunWithAmplifyServerContext.js.map +1 -1
- package/dist/cjs/utils/createTokenValidator.js +24 -10
- package/dist/cjs/utils/createTokenValidator.js.map +1 -1
- package/dist/cjs/utils/isValidCognitoToken.js +2 -9
- package/dist/cjs/utils/isValidCognitoToken.js.map +1 -1
- package/dist/esm/api/createServerRunnerForAPI.mjs +0 -1
- package/dist/esm/api/createServerRunnerForAPI.mjs.map +1 -1
- package/dist/esm/api/generateServerClient.d.ts +3 -8
- package/dist/esm/api/generateServerClient.mjs +11 -11
- package/dist/esm/api/generateServerClient.mjs.map +1 -1
- package/dist/esm/createServerRunner.mjs +10 -1
- package/dist/esm/createServerRunner.mjs.map +1 -1
- package/dist/esm/types/index.d.ts +2 -0
- package/dist/esm/utils/createRunWithAmplifyServerContext.d.ts +3 -1
- package/dist/esm/utils/createRunWithAmplifyServerContext.mjs +2 -6
- package/dist/esm/utils/createRunWithAmplifyServerContext.mjs.map +1 -1
- package/dist/esm/utils/createTokenValidator.mjs +24 -10
- package/dist/esm/utils/createTokenValidator.mjs.map +1 -1
- package/dist/esm/utils/isValidCognitoToken.d.ts +3 -5
- package/dist/esm/utils/isValidCognitoToken.mjs +2 -9
- package/dist/esm/utils/isValidCognitoToken.mjs.map +1 -1
- package/package.json +73 -73
- package/src/api/generateServerClient.ts +20 -26
- package/src/createServerRunner.ts +12 -0
- package/src/types/index.ts +4 -0
- package/src/utils/createRunWithAmplifyServerContext.ts +4 -6
- package/src/utils/createTokenValidator.ts +33 -10
- package/src/utils/isValidCognitoToken.ts +5 -12
|
@@ -18,28 +18,28 @@ const createServerRunnerForAPI_1 = require("./createServerRunnerForAPI");
|
|
|
18
18
|
* const client = generateServerClientUsingCookies({ cookies });
|
|
19
19
|
* const result = await client.graphql({ query: listPosts });
|
|
20
20
|
*/
|
|
21
|
-
function generateServerClientUsingCookies(
|
|
22
|
-
if (typeof cookies !== 'function') {
|
|
21
|
+
function generateServerClientUsingCookies(options) {
|
|
22
|
+
if (typeof options.cookies !== 'function') {
|
|
23
23
|
throw new adapter_core_1.AmplifyServerContextError({
|
|
24
24
|
message: 'generateServerClientUsingCookies is only compatible with the `cookies` Dynamic Function available in Server Components.',
|
|
25
25
|
// TODO: link to docs
|
|
26
26
|
recoverySuggestion: 'use `generateServerClient` inside of `runWithAmplifyServerContext` with the `request` object.',
|
|
27
27
|
});
|
|
28
28
|
}
|
|
29
|
-
const { runWithAmplifyServerContext, resourcesConfig } = (0, createServerRunnerForAPI_1.createServerRunnerForAPI)({ config });
|
|
29
|
+
const { runWithAmplifyServerContext, resourcesConfig } = (0, createServerRunnerForAPI_1.createServerRunnerForAPI)({ config: options.config });
|
|
30
30
|
// This function reference gets passed down to InternalGraphQLAPI.ts.graphql
|
|
31
31
|
// where this._graphql is passed in as the `fn` argument
|
|
32
32
|
// causing it to always get invoked inside `runWithAmplifyServerContext`
|
|
33
33
|
const getAmplify = (fn) => runWithAmplifyServerContext({
|
|
34
|
-
nextServerContext: { cookies },
|
|
34
|
+
nextServerContext: { cookies: options.cookies },
|
|
35
35
|
operation: contextSpec => fn((0, adapter_core_1.getAmplifyServerContext)(contextSpec).amplify),
|
|
36
36
|
});
|
|
37
|
+
const { cookies: _cookies, config: _config, ...params } = options;
|
|
37
38
|
return (0, internals_1.generateClientWithAmplifyInstance)({
|
|
38
39
|
amplify: getAmplify,
|
|
39
40
|
config: resourcesConfig,
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
});
|
|
41
|
+
...params,
|
|
42
|
+
}); // TS can't narrow the type here.
|
|
43
43
|
}
|
|
44
44
|
exports.generateServerClientUsingCookies = generateServerClientUsingCookies;
|
|
45
45
|
/**
|
|
@@ -58,12 +58,12 @@ exports.generateServerClientUsingCookies = generateServerClientUsingCookies;
|
|
|
58
58
|
* }),
|
|
59
59
|
* });
|
|
60
60
|
*/
|
|
61
|
-
function generateServerClientUsingReqRes(
|
|
62
|
-
const amplifyConfig = (0, utils_1.parseAmplifyConfig)(config);
|
|
61
|
+
function generateServerClientUsingReqRes(options) {
|
|
62
|
+
const amplifyConfig = (0, utils_1.parseAmplifyConfig)(options.config);
|
|
63
|
+
const { config: _config, ...params } = options;
|
|
63
64
|
return (0, server_1.generateClient)({
|
|
64
65
|
config: amplifyConfig,
|
|
65
|
-
|
|
66
|
-
authToken,
|
|
66
|
+
...params,
|
|
67
67
|
});
|
|
68
68
|
}
|
|
69
69
|
exports.generateServerClientUsingReqRes = generateServerClientUsingReqRes;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateServerClient.js","sources":["../../../src/api/generateServerClient.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.generateServerClientUsingReqRes = exports.generateServerClientUsingCookies = void 0;\nconst internals_1 = require(\"@aws-amplify/api/internals\");\nconst server_1 = require(\"aws-amplify/api/server\");\nconst adapter_core_1 = require(\"@aws-amplify/core/internals/adapter-core\");\nconst utils_1 = require(\"@aws-amplify/core/internals/utils\");\nconst createServerRunnerForAPI_1 = require(\"./createServerRunnerForAPI\");\n/**\n * Generates an API client that can be used inside a Next.js Server Component with Dynamic Rendering\n *\n * @example\n * import { cookies } from \"next/headers\"\n *\n * const client = generateServerClientUsingCookies({ cookies });\n * const result = await client.graphql({ query: listPosts });\n */\nfunction generateServerClientUsingCookies(
|
|
1
|
+
{"version":3,"file":"generateServerClient.js","sources":["../../../src/api/generateServerClient.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.generateServerClientUsingReqRes = exports.generateServerClientUsingCookies = void 0;\nconst internals_1 = require(\"@aws-amplify/api/internals\");\nconst server_1 = require(\"aws-amplify/api/server\");\nconst adapter_core_1 = require(\"@aws-amplify/core/internals/adapter-core\");\nconst utils_1 = require(\"@aws-amplify/core/internals/utils\");\nconst createServerRunnerForAPI_1 = require(\"./createServerRunnerForAPI\");\n/**\n * Generates an API client that can be used inside a Next.js Server Component with Dynamic Rendering\n *\n * @example\n * import { cookies } from \"next/headers\"\n *\n * const client = generateServerClientUsingCookies({ cookies });\n * const result = await client.graphql({ query: listPosts });\n */\nfunction generateServerClientUsingCookies(options) {\n if (typeof options.cookies !== 'function') {\n throw new adapter_core_1.AmplifyServerContextError({\n message: 'generateServerClientUsingCookies is only compatible with the `cookies` Dynamic Function available in Server Components.',\n // TODO: link to docs\n recoverySuggestion: 'use `generateServerClient` inside of `runWithAmplifyServerContext` with the `request` object.',\n });\n }\n const { runWithAmplifyServerContext, resourcesConfig } = (0, createServerRunnerForAPI_1.createServerRunnerForAPI)({ config: options.config });\n // This function reference gets passed down to InternalGraphQLAPI.ts.graphql\n // where this._graphql is passed in as the `fn` argument\n // causing it to always get invoked inside `runWithAmplifyServerContext`\n const getAmplify = (fn) => runWithAmplifyServerContext({\n nextServerContext: { cookies: options.cookies },\n operation: contextSpec => fn((0, adapter_core_1.getAmplifyServerContext)(contextSpec).amplify),\n });\n const { cookies: _cookies, config: _config, ...params } = options;\n return (0, internals_1.generateClientWithAmplifyInstance)({\n amplify: getAmplify,\n config: resourcesConfig,\n ...params,\n }); // TS can't narrow the type here.\n}\nexports.generateServerClientUsingCookies = generateServerClientUsingCookies;\n/**\n * Generates an API client that can be used with both Pages Router and App Router\n *\n * @example\n * import config from './amplifyconfiguration.json';\n * import { listPosts } from './graphql/queries';\n *\n * const client = generateServerClientUsingReqRes({ config });\n *\n * const result = await runWithAmplifyServerContext({\n * nextServerContext: { request, response },\n * operation: (contextSpec) => client.graphql(contextSpec, {\n * query: listPosts,\n * }),\n * });\n */\nfunction generateServerClientUsingReqRes(options) {\n const amplifyConfig = (0, utils_1.parseAmplifyConfig)(options.config);\n const { config: _config, ...params } = options;\n return (0, server_1.generateClient)({\n config: amplifyConfig,\n ...params,\n });\n}\nexports.generateServerClientUsingReqRes = generateServerClientUsingReqRes;\n"],"names":[],"mappings":";;AACA;AACA;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,+BAA+B,GAAG,OAAO,CAAC,gCAAgC,GAAG,KAAK,CAAC,CAAC;AAC5F,MAAM,WAAW,GAAG,OAAO,CAAC,4BAA4B,CAAC,CAAC;AAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;AACnD,MAAM,cAAc,GAAG,OAAO,CAAC,0CAA0C,CAAC,CAAC;AAC3E,MAAM,OAAO,GAAG,OAAO,CAAC,mCAAmC,CAAC,CAAC;AAC7D,MAAM,0BAA0B,GAAG,OAAO,CAAC,4BAA4B,CAAC,CAAC;AACzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,gCAAgC,CAAC,OAAO,EAAE;AACnD,IAAI,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE;AAC/C,QAAQ,MAAM,IAAI,cAAc,CAAC,yBAAyB,CAAC;AAC3D,YAAY,OAAO,EAAE,yHAAyH;AAC9I;AACA,YAAY,kBAAkB,EAAE,+FAA+F;AAC/H,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,MAAM,EAAE,2BAA2B,EAAE,eAAe,EAAE,GAAG,IAAI,0BAA0B,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAClJ;AACA;AACA;AACA,IAAI,MAAM,UAAU,GAAG,CAAC,EAAE,KAAK,2BAA2B,CAAC;AAC3D,QAAQ,iBAAiB,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE;AACvD,QAAQ,SAAS,EAAE,WAAW,IAAI,EAAE,CAAC,IAAI,cAAc,CAAC,uBAAuB,EAAE,WAAW,CAAC,CAAC,OAAO,CAAC;AACtG,KAAK,CAAC,CAAC;AACP,IAAI,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC;AACtE,IAAI,OAAO,IAAI,WAAW,CAAC,iCAAiC,EAAE;AAC9D,QAAQ,OAAO,EAAE,UAAU;AAC3B,QAAQ,MAAM,EAAE,eAAe;AAC/B,QAAQ,GAAG,MAAM;AACjB,KAAK,CAAC,CAAC;AACP,CAAC;AACD,OAAO,CAAC,gCAAgC,GAAG,gCAAgC,CAAC;AAC5E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,+BAA+B,CAAC,OAAO,EAAE;AAClD,IAAI,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,kBAAkB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;AAC1E,IAAI,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC;AACnD,IAAI,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE;AACxC,QAAQ,MAAM,EAAE,aAAa;AAC7B,QAAQ,GAAG,MAAM;AACjB,KAAK,CAAC,CAAC;AACP,CAAC;AACD,OAAO,CAAC,+BAA+B,GAAG,+BAA+B;;"}
|
|
@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.createServerRunner = void 0;
|
|
7
7
|
const utils_1 = require("@aws-amplify/core/internals/utils");
|
|
8
8
|
const utils_2 = require("./utils");
|
|
9
|
+
const createTokenValidator_1 = require("./utils/createTokenValidator");
|
|
9
10
|
/**
|
|
10
11
|
* Creates the `runWithAmplifyServerContext` function to run Amplify server side APIs in an isolated request context.
|
|
11
12
|
*
|
|
@@ -26,9 +27,18 @@ const utils_2 = require("./utils");
|
|
|
26
27
|
*/
|
|
27
28
|
const createServerRunner = ({ config, }) => {
|
|
28
29
|
const amplifyConfig = (0, utils_1.parseAmplifyConfig)(config);
|
|
30
|
+
let tokenValidator;
|
|
31
|
+
if (amplifyConfig?.Auth) {
|
|
32
|
+
const { Cognito } = amplifyConfig.Auth;
|
|
33
|
+
tokenValidator = (0, createTokenValidator_1.createTokenValidator)({
|
|
34
|
+
userPoolId: Cognito?.userPoolId,
|
|
35
|
+
userPoolClientId: Cognito?.userPoolClientId,
|
|
36
|
+
});
|
|
37
|
+
}
|
|
29
38
|
return {
|
|
30
39
|
runWithAmplifyServerContext: (0, utils_2.createRunWithAmplifyServerContext)({
|
|
31
40
|
config: amplifyConfig,
|
|
41
|
+
tokenValidator,
|
|
32
42
|
}),
|
|
33
43
|
};
|
|
34
44
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createServerRunner.js","sources":["../../src/createServerRunner.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.createServerRunner = void 0;\nconst utils_1 = require(\"@aws-amplify/core/internals/utils\");\nconst utils_2 = require(\"./utils\");\n/**\n * Creates the `runWithAmplifyServerContext` function to run Amplify server side APIs in an isolated request context.\n *\n * @remarks\n * This function should be called only once; you can use the returned `runWithAmplifyServerContext` across\n * your codebase.\n *\n * @param input The input used to create the `runWithAmplifyServerContext` function.\n * @param input.config The {@link ResourcesConfig} imported from the `amplifyconfiguration.json` file or manually\n * created.\n * @returns An object that contains the `runWithAmplifyServerContext` function.\n *\n * @example\n * import { createServerRunner } from '@aws-amplify/adapter-nextjs';\n * import config from './amplifyconfiguration.json';\n *\n * export const { runWithAmplifyServerContext } = createServerRunner({ config })\n */\nconst createServerRunner = ({ config, }) => {\n const amplifyConfig = (0, utils_1.parseAmplifyConfig)(config);\n return {\n runWithAmplifyServerContext: (0, utils_2.createRunWithAmplifyServerContext)({\n config: amplifyConfig,\n }),\n };\n};\nexports.createServerRunner = createServerRunner;\n"],"names":[],"mappings":";;AACA;AACA;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,kBAAkB,GAAG,KAAK,CAAC,CAAC;AACpC,MAAM,OAAO,GAAG,OAAO,CAAC,mCAAmC,CAAC,CAAC;AAC7D,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;AACnC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,kBAAkB,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK;AAC5C,IAAI,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;AAClE,IAAI,OAAO;AACX,QAAQ,2BAA2B,EAAE,IAAI,OAAO,CAAC,iCAAiC,EAAE;AACpF,YAAY,MAAM,EAAE,aAAa;AACjC,SAAS,CAAC;AACV,KAAK,CAAC;AACN,CAAC,CAAC;AACF,OAAO,CAAC,kBAAkB,GAAG,kBAAkB;;"}
|
|
1
|
+
{"version":3,"file":"createServerRunner.js","sources":["../../src/createServerRunner.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.createServerRunner = void 0;\nconst utils_1 = require(\"@aws-amplify/core/internals/utils\");\nconst utils_2 = require(\"./utils\");\nconst createTokenValidator_1 = require(\"./utils/createTokenValidator\");\n/**\n * Creates the `runWithAmplifyServerContext` function to run Amplify server side APIs in an isolated request context.\n *\n * @remarks\n * This function should be called only once; you can use the returned `runWithAmplifyServerContext` across\n * your codebase.\n *\n * @param input The input used to create the `runWithAmplifyServerContext` function.\n * @param input.config The {@link ResourcesConfig} imported from the `amplifyconfiguration.json` file or manually\n * created.\n * @returns An object that contains the `runWithAmplifyServerContext` function.\n *\n * @example\n * import { createServerRunner } from '@aws-amplify/adapter-nextjs';\n * import config from './amplifyconfiguration.json';\n *\n * export const { runWithAmplifyServerContext } = createServerRunner({ config })\n */\nconst createServerRunner = ({ config, }) => {\n const amplifyConfig = (0, utils_1.parseAmplifyConfig)(config);\n let tokenValidator;\n if (amplifyConfig?.Auth) {\n const { Cognito } = amplifyConfig.Auth;\n tokenValidator = (0, createTokenValidator_1.createTokenValidator)({\n userPoolId: Cognito?.userPoolId,\n userPoolClientId: Cognito?.userPoolClientId,\n });\n }\n return {\n runWithAmplifyServerContext: (0, utils_2.createRunWithAmplifyServerContext)({\n config: amplifyConfig,\n tokenValidator,\n }),\n };\n};\nexports.createServerRunner = createServerRunner;\n"],"names":[],"mappings":";;AACA;AACA;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,kBAAkB,GAAG,KAAK,CAAC,CAAC;AACpC,MAAM,OAAO,GAAG,OAAO,CAAC,mCAAmC,CAAC,CAAC;AAC7D,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;AACnC,MAAM,sBAAsB,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;AACvE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,kBAAkB,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK;AAC5C,IAAI,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;AAClE,IAAI,IAAI,cAAc,CAAC;AACvB,IAAI,IAAI,aAAa,EAAE,IAAI,EAAE;AAC7B,QAAQ,MAAM,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,IAAI,CAAC;AAC/C,QAAQ,cAAc,GAAG,IAAI,sBAAsB,CAAC,oBAAoB,EAAE;AAC1E,YAAY,UAAU,EAAE,OAAO,EAAE,UAAU;AAC3C,YAAY,gBAAgB,EAAE,OAAO,EAAE,gBAAgB;AACvD,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,OAAO;AACX,QAAQ,2BAA2B,EAAE,IAAI,OAAO,CAAC,iCAAiC,EAAE;AACpF,YAAY,MAAM,EAAE,aAAa;AACjC,YAAY,cAAc;AAC1B,SAAS,CAAC;AACV,KAAK,CAAC;AACN,CAAC,CAAC;AACF,OAAO,CAAC,kBAAkB,GAAG,kBAAkB;;"}
|
|
@@ -6,9 +6,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.createRunWithAmplifyServerContext = void 0;
|
|
7
7
|
const core_1 = require("@aws-amplify/core");
|
|
8
8
|
const adapter_core_1 = require("aws-amplify/adapter-core");
|
|
9
|
-
const createTokenValidator_1 = require("./createTokenValidator");
|
|
10
9
|
const createCookieStorageAdapterFromNextServerContext_1 = require("./createCookieStorageAdapterFromNextServerContext");
|
|
11
|
-
const createRunWithAmplifyServerContext = ({ config: resourcesConfig, }) => {
|
|
10
|
+
const createRunWithAmplifyServerContext = ({ config: resourcesConfig, tokenValidator, }) => {
|
|
12
11
|
const runWithAmplifyServerContext = async ({ nextServerContext, operation }) => {
|
|
13
12
|
// When the Auth config is presented, attempt to create a Amplify server
|
|
14
13
|
// context with token and credentials provider.
|
|
@@ -20,10 +19,7 @@ const createRunWithAmplifyServerContext = ({ config: resourcesConfig, }) => {
|
|
|
20
19
|
// static rendering uses the same unauthenticated role cross-sever.
|
|
21
20
|
nextServerContext === null
|
|
22
21
|
? core_1.sharedInMemoryStorage
|
|
23
|
-
: (0, adapter_core_1.createKeyValueStorageFromCookieStorageAdapter)(await (0, createCookieStorageAdapterFromNextServerContext_1.createCookieStorageAdapterFromNextServerContext)(nextServerContext),
|
|
24
|
-
userPoolId: resourcesConfig?.Auth.Cognito?.userPoolId,
|
|
25
|
-
userPoolClientId: resourcesConfig?.Auth.Cognito?.userPoolClientId,
|
|
26
|
-
}));
|
|
22
|
+
: (0, adapter_core_1.createKeyValueStorageFromCookieStorageAdapter)(await (0, createCookieStorageAdapterFromNextServerContext_1.createCookieStorageAdapterFromNextServerContext)(nextServerContext), tokenValidator);
|
|
27
23
|
const credentialsProvider = (0, adapter_core_1.createAWSCredentialsAndIdentityIdProvider)(resourcesConfig.Auth, keyValueStorage);
|
|
28
24
|
const tokenProvider = (0, adapter_core_1.createUserPoolsTokenProvider)(resourcesConfig.Auth, keyValueStorage);
|
|
29
25
|
return (0, adapter_core_1.runWithAmplifyServerContext)(resourcesConfig, {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createRunWithAmplifyServerContext.js","sources":["../../../src/utils/createRunWithAmplifyServerContext.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.createRunWithAmplifyServerContext = void 0;\nconst core_1 = require(\"@aws-amplify/core\");\nconst adapter_core_1 = require(\"aws-amplify/adapter-core\");\nconst
|
|
1
|
+
{"version":3,"file":"createRunWithAmplifyServerContext.js","sources":["../../../src/utils/createRunWithAmplifyServerContext.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.createRunWithAmplifyServerContext = void 0;\nconst core_1 = require(\"@aws-amplify/core\");\nconst adapter_core_1 = require(\"aws-amplify/adapter-core\");\nconst createCookieStorageAdapterFromNextServerContext_1 = require(\"./createCookieStorageAdapterFromNextServerContext\");\nconst createRunWithAmplifyServerContext = ({ config: resourcesConfig, tokenValidator, }) => {\n const runWithAmplifyServerContext = async ({ nextServerContext, operation }) => {\n // When the Auth config is presented, attempt to create a Amplify server\n // context with token and credentials provider.\n if (resourcesConfig.Auth) {\n const keyValueStorage = \n // When `null` is passed as the value of `nextServerContext`, opt-in\n // unauthenticated role (primarily for static rendering). It's\n // safe to use the singleton `MemoryKeyValueStorage` here, as the\n // static rendering uses the same unauthenticated role cross-sever.\n nextServerContext === null\n ? core_1.sharedInMemoryStorage\n : (0, adapter_core_1.createKeyValueStorageFromCookieStorageAdapter)(await (0, createCookieStorageAdapterFromNextServerContext_1.createCookieStorageAdapterFromNextServerContext)(nextServerContext), tokenValidator);\n const credentialsProvider = (0, adapter_core_1.createAWSCredentialsAndIdentityIdProvider)(resourcesConfig.Auth, keyValueStorage);\n const tokenProvider = (0, adapter_core_1.createUserPoolsTokenProvider)(resourcesConfig.Auth, keyValueStorage);\n return (0, adapter_core_1.runWithAmplifyServerContext)(resourcesConfig, {\n Auth: { credentialsProvider, tokenProvider },\n }, operation);\n }\n // Otherwise it may be the case that auth is not used, e.g. API key.\n // Omitting the `Auth` in the second parameter.\n return (0, adapter_core_1.runWithAmplifyServerContext)(resourcesConfig, {}, operation);\n };\n return runWithAmplifyServerContext;\n};\nexports.createRunWithAmplifyServerContext = createRunWithAmplifyServerContext;\n"],"names":[],"mappings":";;AACA;AACA;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,iCAAiC,GAAG,KAAK,CAAC,CAAC;AACnD,MAAM,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAC5C,MAAM,cAAc,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;AAC3D,MAAM,iDAAiD,GAAG,OAAO,CAAC,mDAAmD,CAAC,CAAC;AACvH,MAAM,iCAAiC,GAAG,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,cAAc,GAAG,KAAK;AAC5F,IAAI,MAAM,2BAA2B,GAAG,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,KAAK;AACpF;AACA;AACA,QAAQ,IAAI,eAAe,CAAC,IAAI,EAAE;AAClC,YAAY,MAAM,eAAe;AACjC;AACA;AACA;AACA;AACA,YAAY,iBAAiB,KAAK,IAAI;AACtC,kBAAkB,MAAM,CAAC,qBAAqB;AAC9C,kBAAkB,IAAI,cAAc,CAAC,6CAA6C,EAAE,MAAM,IAAI,iDAAiD,CAAC,+CAA+C,EAAE,iBAAiB,CAAC,EAAE,cAAc,CAAC,CAAC;AACrO,YAAY,MAAM,mBAAmB,GAAG,IAAI,cAAc,CAAC,yCAAyC,EAAE,eAAe,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AAC7I,YAAY,MAAM,aAAa,GAAG,IAAI,cAAc,CAAC,4BAA4B,EAAE,eAAe,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AAC1H,YAAY,OAAO,IAAI,cAAc,CAAC,2BAA2B,EAAE,eAAe,EAAE;AACpF,gBAAgB,IAAI,EAAE,EAAE,mBAAmB,EAAE,aAAa,EAAE;AAC5D,aAAa,EAAE,SAAS,CAAC,CAAC;AAC1B,SAAS;AACT;AACA;AACA,QAAQ,OAAO,IAAI,cAAc,CAAC,2BAA2B,EAAE,eAAe,EAAE,EAAE,EAAE,SAAS,CAAC,CAAC;AAC/F,KAAK,CAAC;AACN,IAAI,OAAO,2BAA2B,CAAC;AACvC,CAAC,CAAC;AACF,OAAO,CAAC,iCAAiC,GAAG,iCAAiC;;"}
|
|
@@ -4,28 +4,42 @@
|
|
|
4
4
|
// SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.createTokenValidator = void 0;
|
|
7
|
+
const aws_jwt_verify_1 = require("aws-jwt-verify");
|
|
7
8
|
const isValidCognitoToken_1 = require("./isValidCognitoToken");
|
|
8
9
|
/**
|
|
9
10
|
* Creates a validator object for validating methods in a KeyValueStorage.
|
|
10
11
|
*/
|
|
11
12
|
const createTokenValidator = ({ userPoolId, userPoolClientId: clientId, }) => {
|
|
13
|
+
let idTokenVerifier;
|
|
14
|
+
let accessTokenVerifier;
|
|
12
15
|
return {
|
|
13
16
|
// validate access, id tokens
|
|
14
17
|
getItem: async (key, value) => {
|
|
15
|
-
const
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
? 'id'
|
|
19
|
-
: null;
|
|
20
|
-
if (!tokenType)
|
|
18
|
+
const isAccessToken = key.includes('.accessToken');
|
|
19
|
+
const isIdToken = key.includes('.idToken');
|
|
20
|
+
if (!isAccessToken && !isIdToken) {
|
|
21
21
|
return true;
|
|
22
|
-
|
|
22
|
+
}
|
|
23
|
+
if (!userPoolId || !clientId) {
|
|
23
24
|
return false;
|
|
25
|
+
}
|
|
26
|
+
if (isAccessToken && !accessTokenVerifier) {
|
|
27
|
+
accessTokenVerifier = aws_jwt_verify_1.CognitoJwtVerifier.create({
|
|
28
|
+
userPoolId,
|
|
29
|
+
tokenUse: 'access',
|
|
30
|
+
clientId,
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
if (isIdToken && !idTokenVerifier) {
|
|
34
|
+
idTokenVerifier = aws_jwt_verify_1.CognitoJwtVerifier.create({
|
|
35
|
+
userPoolId,
|
|
36
|
+
tokenUse: 'id',
|
|
37
|
+
clientId,
|
|
38
|
+
});
|
|
39
|
+
}
|
|
24
40
|
return (0, isValidCognitoToken_1.isValidCognitoToken)({
|
|
25
|
-
clientId,
|
|
26
|
-
userPoolId,
|
|
27
|
-
tokenType,
|
|
28
41
|
token: value,
|
|
42
|
+
verifier: isAccessToken ? accessTokenVerifier : idTokenVerifier,
|
|
29
43
|
});
|
|
30
44
|
},
|
|
31
45
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createTokenValidator.js","sources":["../../../src/utils/createTokenValidator.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.createTokenValidator = void 0;\nconst isValidCognitoToken_1 = require(\"./isValidCognitoToken\");\n/**\n * Creates a validator object for validating methods in a KeyValueStorage.\n */\nconst createTokenValidator = ({ userPoolId, userPoolClientId: clientId, }) => {\n return {\n // validate access, id tokens\n getItem: async (key, value) => {\n const
|
|
1
|
+
{"version":3,"file":"createTokenValidator.js","sources":["../../../src/utils/createTokenValidator.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.createTokenValidator = void 0;\nconst aws_jwt_verify_1 = require(\"aws-jwt-verify\");\nconst isValidCognitoToken_1 = require(\"./isValidCognitoToken\");\n/**\n * Creates a validator object for validating methods in a KeyValueStorage.\n */\nconst createTokenValidator = ({ userPoolId, userPoolClientId: clientId, }) => {\n let idTokenVerifier;\n let accessTokenVerifier;\n return {\n // validate access, id tokens\n getItem: async (key, value) => {\n const isAccessToken = key.includes('.accessToken');\n const isIdToken = key.includes('.idToken');\n if (!isAccessToken && !isIdToken) {\n return true;\n }\n if (!userPoolId || !clientId) {\n return false;\n }\n if (isAccessToken && !accessTokenVerifier) {\n accessTokenVerifier = aws_jwt_verify_1.CognitoJwtVerifier.create({\n userPoolId,\n tokenUse: 'access',\n clientId,\n });\n }\n if (isIdToken && !idTokenVerifier) {\n idTokenVerifier = aws_jwt_verify_1.CognitoJwtVerifier.create({\n userPoolId,\n tokenUse: 'id',\n clientId,\n });\n }\n return (0, isValidCognitoToken_1.isValidCognitoToken)({\n token: value,\n verifier: isAccessToken ? accessTokenVerifier : idTokenVerifier,\n });\n },\n };\n};\nexports.createTokenValidator = createTokenValidator;\n"],"names":[],"mappings":";;AACA;AACA;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,oBAAoB,GAAG,KAAK,CAAC,CAAC;AACtC,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;AACnD,MAAM,qBAAqB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;AAC/D;AACA;AACA;AACA,MAAM,oBAAoB,GAAG,CAAC,EAAE,UAAU,EAAE,gBAAgB,EAAE,QAAQ,GAAG,KAAK;AAC9E,IAAI,IAAI,eAAe,CAAC;AACxB,IAAI,IAAI,mBAAmB,CAAC;AAC5B,IAAI,OAAO;AACX;AACA,QAAQ,OAAO,EAAE,OAAO,GAAG,EAAE,KAAK,KAAK;AACvC,YAAY,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AAC/D,YAAY,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AACvD,YAAY,IAAI,CAAC,aAAa,IAAI,CAAC,SAAS,EAAE;AAC9C,gBAAgB,OAAO,IAAI,CAAC;AAC5B,aAAa;AACb,YAAY,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ,EAAE;AAC1C,gBAAgB,OAAO,KAAK,CAAC;AAC7B,aAAa;AACb,YAAY,IAAI,aAAa,IAAI,CAAC,mBAAmB,EAAE;AACvD,gBAAgB,mBAAmB,GAAG,gBAAgB,CAAC,kBAAkB,CAAC,MAAM,CAAC;AACjF,oBAAoB,UAAU;AAC9B,oBAAoB,QAAQ,EAAE,QAAQ;AACtC,oBAAoB,QAAQ;AAC5B,iBAAiB,CAAC,CAAC;AACnB,aAAa;AACb,YAAY,IAAI,SAAS,IAAI,CAAC,eAAe,EAAE;AAC/C,gBAAgB,eAAe,GAAG,gBAAgB,CAAC,kBAAkB,CAAC,MAAM,CAAC;AAC7E,oBAAoB,UAAU;AAC9B,oBAAoB,QAAQ,EAAE,IAAI;AAClC,oBAAoB,QAAQ;AAC5B,iBAAiB,CAAC,CAAC;AACnB,aAAa;AACb,YAAY,OAAO,IAAI,qBAAqB,CAAC,mBAAmB,EAAE;AAClE,gBAAgB,KAAK,EAAE,KAAK;AAC5B,gBAAgB,QAAQ,EAAE,aAAa,GAAG,mBAAmB,GAAG,eAAe;AAC/E,aAAa,CAAC,CAAC;AACf,SAAS;AACT,KAAK,CAAC;AACN,CAAC,CAAC;AACF,OAAO,CAAC,oBAAoB,GAAG,oBAAoB;;"}
|
|
@@ -4,25 +4,18 @@
|
|
|
4
4
|
// SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.isValidCognitoToken = void 0;
|
|
7
|
-
const aws_jwt_verify_1 = require("aws-jwt-verify");
|
|
8
7
|
const error_1 = require("aws-jwt-verify/error");
|
|
9
8
|
/**
|
|
10
9
|
* Verifies a Cognito JWT token for its validity.
|
|
11
10
|
*
|
|
12
11
|
* @param input - An object containing:
|
|
13
12
|
* - token: The JWT token as a string that needs to be verified.
|
|
14
|
-
* -
|
|
15
|
-
* - clientId: The Client ID associated with the Cognito User Pool.
|
|
13
|
+
* - verifier: The JWT verifier which will verify the token.
|
|
16
14
|
* @internal
|
|
17
15
|
*/
|
|
18
16
|
const isValidCognitoToken = async (input) => {
|
|
19
|
-
const {
|
|
17
|
+
const { token, verifier } = input;
|
|
20
18
|
try {
|
|
21
|
-
const verifier = aws_jwt_verify_1.CognitoJwtVerifier.create({
|
|
22
|
-
userPoolId,
|
|
23
|
-
tokenUse: tokenType,
|
|
24
|
-
clientId,
|
|
25
|
-
});
|
|
26
19
|
await verifier.verify(token);
|
|
27
20
|
return true;
|
|
28
21
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isValidCognitoToken.js","sources":["../../../src/utils/isValidCognitoToken.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.isValidCognitoToken = void 0;\nconst
|
|
1
|
+
{"version":3,"file":"isValidCognitoToken.js","sources":["../../../src/utils/isValidCognitoToken.ts"],"sourcesContent":["\"use strict\";\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.isValidCognitoToken = void 0;\nconst error_1 = require(\"aws-jwt-verify/error\");\n/**\n * Verifies a Cognito JWT token for its validity.\n *\n * @param input - An object containing:\n * - token: The JWT token as a string that needs to be verified.\n * - verifier: The JWT verifier which will verify the token.\n * @internal\n */\nconst isValidCognitoToken = async (input) => {\n const { token, verifier } = input;\n try {\n await verifier.verify(token);\n return true;\n }\n catch (error) {\n // When `JwtExpiredError` is thrown, the token should have valid signature\n // but expired. So, we can consider it as a valid token.\n // Reference https://github.com/awslabs/aws-jwt-verify/blob/8d8f714d7281913ecd660147f5c30311479601c1/src/jwt-rsa.ts#L290-L301\n if (error instanceof error_1.JwtExpiredError) {\n return true;\n }\n // TODO (ashwinkumar6): surface invalid cognito token error to customer\n // TODO: clear invalid tokens from Storage\n return false;\n }\n};\nexports.isValidCognitoToken = isValidCognitoToken;\n"],"names":[],"mappings":";;AACA;AACA;AACA,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC9D,OAAO,CAAC,mBAAmB,GAAG,KAAK,CAAC,CAAC;AACrC,MAAM,OAAO,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAAC;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,mBAAmB,GAAG,OAAO,KAAK,KAAK;AAC7C,IAAI,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;AACtC,IAAI,IAAI;AACR,QAAQ,MAAM,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrC,QAAQ,OAAO,IAAI,CAAC;AACpB,KAAK;AACL,IAAI,OAAO,KAAK,EAAE;AAClB;AACA;AACA;AACA,QAAQ,IAAI,KAAK,YAAY,OAAO,CAAC,eAAe,EAAE;AACtD,YAAY,OAAO,IAAI,CAAC;AACxB,SAAS;AACT;AACA;AACA,QAAQ,OAAO,KAAK,CAAC;AACrB,KAAK;AACL,CAAC,CAAC;AACF,OAAO,CAAC,mBAAmB,GAAG,mBAAmB;;"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';
|
|
2
2
|
import { createRunWithAmplifyServerContext } from '../utils/createRunWithAmplifyServerContext.mjs';
|
|
3
|
-
import 'aws-jwt-verify';
|
|
4
3
|
import 'aws-jwt-verify/error';
|
|
5
4
|
|
|
6
5
|
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createServerRunnerForAPI.mjs","sources":["../../../src/api/createServerRunnerForAPI.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';\nimport { createRunWithAmplifyServerContext } from '../utils';\nexport const createServerRunnerForAPI = ({ config, }) => {\n const amplifyConfig = parseAmplifyConfig(config);\n return {\n runWithAmplifyServerContext: createRunWithAmplifyServerContext({\n config: amplifyConfig,\n }),\n resourcesConfig: amplifyConfig,\n };\n};\n"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"createServerRunnerForAPI.mjs","sources":["../../../src/api/createServerRunnerForAPI.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';\nimport { createRunWithAmplifyServerContext } from '../utils';\nexport const createServerRunnerForAPI = ({ config, }) => {\n const amplifyConfig = parseAmplifyConfig(config);\n return {\n runWithAmplifyServerContext: createRunWithAmplifyServerContext({\n config: amplifyConfig,\n }),\n resourcesConfig: amplifyConfig,\n };\n};\n"],"names":[],"mappings":";;;;AAAA;AACA;AAGY,MAAC,wBAAwB,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK;AACzD,IAAI,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;AACrD,IAAI,OAAO;AACX,QAAQ,2BAA2B,EAAE,iCAAiC,CAAC;AACvE,YAAY,MAAM,EAAE,aAAa;AACjC,SAAS,CAAC;AACV,QAAQ,eAAe,EAAE,aAAa;AACtC,KAAK,CAAC;AACN;;;;"}
|
|
@@ -1,16 +1,11 @@
|
|
|
1
|
-
import { V6ClientSSRCookies, V6ClientSSRRequest } from '@aws-amplify/api-graphql';
|
|
2
|
-
import { GraphQLAuthMode } from '@aws-amplify/core/internals/utils';
|
|
1
|
+
import { CommonPublicClientOptions, V6ClientSSRCookies, V6ClientSSRRequest } from '@aws-amplify/api-graphql';
|
|
3
2
|
import { NextServer } from '../types';
|
|
4
3
|
interface CookiesClientParams {
|
|
5
4
|
cookies: NextServer.ServerComponentContext['cookies'];
|
|
6
5
|
config: NextServer.CreateServerRunnerInput['config'];
|
|
7
|
-
authMode?: GraphQLAuthMode;
|
|
8
|
-
authToken?: string;
|
|
9
6
|
}
|
|
10
7
|
interface ReqClientParams {
|
|
11
8
|
config: NextServer.CreateServerRunnerInput['config'];
|
|
12
|
-
authMode?: GraphQLAuthMode;
|
|
13
|
-
authToken?: string;
|
|
14
9
|
}
|
|
15
10
|
/**
|
|
16
11
|
* Generates an API client that can be used inside a Next.js Server Component with Dynamic Rendering
|
|
@@ -21,7 +16,7 @@ interface ReqClientParams {
|
|
|
21
16
|
* const client = generateServerClientUsingCookies({ cookies });
|
|
22
17
|
* const result = await client.graphql({ query: listPosts });
|
|
23
18
|
*/
|
|
24
|
-
export declare function generateServerClientUsingCookies<T extends Record<any, any> = never
|
|
19
|
+
export declare function generateServerClientUsingCookies<T extends Record<any, any> = never, Options extends CommonPublicClientOptions & CookiesClientParams = CookiesClientParams>(options: Options): V6ClientSSRCookies<T, Options>;
|
|
25
20
|
/**
|
|
26
21
|
* Generates an API client that can be used with both Pages Router and App Router
|
|
27
22
|
*
|
|
@@ -38,5 +33,5 @@ export declare function generateServerClientUsingCookies<T extends Record<any, a
|
|
|
38
33
|
* }),
|
|
39
34
|
* });
|
|
40
35
|
*/
|
|
41
|
-
export declare function generateServerClientUsingReqRes<T extends Record<any, any> = never
|
|
36
|
+
export declare function generateServerClientUsingReqRes<T extends Record<any, any> = never, Options extends CommonPublicClientOptions & ReqClientParams = ReqClientParams>(options: Options): V6ClientSSRRequest<T, Options>;
|
|
42
37
|
export {};
|
|
@@ -15,28 +15,28 @@ import { createServerRunnerForAPI } from './createServerRunnerForAPI.mjs';
|
|
|
15
15
|
* const client = generateServerClientUsingCookies({ cookies });
|
|
16
16
|
* const result = await client.graphql({ query: listPosts });
|
|
17
17
|
*/
|
|
18
|
-
function generateServerClientUsingCookies(
|
|
19
|
-
if (typeof cookies !== 'function') {
|
|
18
|
+
function generateServerClientUsingCookies(options) {
|
|
19
|
+
if (typeof options.cookies !== 'function') {
|
|
20
20
|
throw new AmplifyServerContextError({
|
|
21
21
|
message: 'generateServerClientUsingCookies is only compatible with the `cookies` Dynamic Function available in Server Components.',
|
|
22
22
|
// TODO: link to docs
|
|
23
23
|
recoverySuggestion: 'use `generateServerClient` inside of `runWithAmplifyServerContext` with the `request` object.',
|
|
24
24
|
});
|
|
25
25
|
}
|
|
26
|
-
const { runWithAmplifyServerContext, resourcesConfig } = createServerRunnerForAPI({ config });
|
|
26
|
+
const { runWithAmplifyServerContext, resourcesConfig } = createServerRunnerForAPI({ config: options.config });
|
|
27
27
|
// This function reference gets passed down to InternalGraphQLAPI.ts.graphql
|
|
28
28
|
// where this._graphql is passed in as the `fn` argument
|
|
29
29
|
// causing it to always get invoked inside `runWithAmplifyServerContext`
|
|
30
30
|
const getAmplify = (fn) => runWithAmplifyServerContext({
|
|
31
|
-
nextServerContext: { cookies },
|
|
31
|
+
nextServerContext: { cookies: options.cookies },
|
|
32
32
|
operation: contextSpec => fn(getAmplifyServerContext(contextSpec).amplify),
|
|
33
33
|
});
|
|
34
|
+
const { cookies: _cookies, config: _config, ...params } = options;
|
|
34
35
|
return generateClientWithAmplifyInstance({
|
|
35
36
|
amplify: getAmplify,
|
|
36
37
|
config: resourcesConfig,
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
});
|
|
38
|
+
...params,
|
|
39
|
+
}); // TS can't narrow the type here.
|
|
40
40
|
}
|
|
41
41
|
/**
|
|
42
42
|
* Generates an API client that can be used with both Pages Router and App Router
|
|
@@ -54,12 +54,12 @@ function generateServerClientUsingCookies({ config, cookies, authMode, authToken
|
|
|
54
54
|
* }),
|
|
55
55
|
* });
|
|
56
56
|
*/
|
|
57
|
-
function generateServerClientUsingReqRes(
|
|
58
|
-
const amplifyConfig = parseAmplifyConfig(config);
|
|
57
|
+
function generateServerClientUsingReqRes(options) {
|
|
58
|
+
const amplifyConfig = parseAmplifyConfig(options.config);
|
|
59
|
+
const { config: _config, ...params } = options;
|
|
59
60
|
return generateClient({
|
|
60
61
|
config: amplifyConfig,
|
|
61
|
-
|
|
62
|
-
authToken,
|
|
62
|
+
...params,
|
|
63
63
|
});
|
|
64
64
|
}
|
|
65
65
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateServerClient.mjs","sources":["../../../src/api/generateServerClient.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { generateClientWithAmplifyInstance } from '@aws-amplify/api/internals';\nimport { generateClient } from 'aws-amplify/api/server';\nimport { AmplifyServerContextError, getAmplifyServerContext, } from '@aws-amplify/core/internals/adapter-core';\nimport { parseAmplifyConfig
|
|
1
|
+
{"version":3,"file":"generateServerClient.mjs","sources":["../../../src/api/generateServerClient.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { generateClientWithAmplifyInstance } from '@aws-amplify/api/internals';\nimport { generateClient } from 'aws-amplify/api/server';\nimport { AmplifyServerContextError, getAmplifyServerContext, } from '@aws-amplify/core/internals/adapter-core';\nimport { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';\nimport { createServerRunnerForAPI } from './createServerRunnerForAPI';\n/**\n * Generates an API client that can be used inside a Next.js Server Component with Dynamic Rendering\n *\n * @example\n * import { cookies } from \"next/headers\"\n *\n * const client = generateServerClientUsingCookies({ cookies });\n * const result = await client.graphql({ query: listPosts });\n */\nexport function generateServerClientUsingCookies(options) {\n if (typeof options.cookies !== 'function') {\n throw new AmplifyServerContextError({\n message: 'generateServerClientUsingCookies is only compatible with the `cookies` Dynamic Function available in Server Components.',\n // TODO: link to docs\n recoverySuggestion: 'use `generateServerClient` inside of `runWithAmplifyServerContext` with the `request` object.',\n });\n }\n const { runWithAmplifyServerContext, resourcesConfig } = createServerRunnerForAPI({ config: options.config });\n // This function reference gets passed down to InternalGraphQLAPI.ts.graphql\n // where this._graphql is passed in as the `fn` argument\n // causing it to always get invoked inside `runWithAmplifyServerContext`\n const getAmplify = (fn) => runWithAmplifyServerContext({\n nextServerContext: { cookies: options.cookies },\n operation: contextSpec => fn(getAmplifyServerContext(contextSpec).amplify),\n });\n const { cookies: _cookies, config: _config, ...params } = options;\n return generateClientWithAmplifyInstance({\n amplify: getAmplify,\n config: resourcesConfig,\n ...params,\n }); // TS can't narrow the type here.\n}\n/**\n * Generates an API client that can be used with both Pages Router and App Router\n *\n * @example\n * import config from './amplifyconfiguration.json';\n * import { listPosts } from './graphql/queries';\n *\n * const client = generateServerClientUsingReqRes({ config });\n *\n * const result = await runWithAmplifyServerContext({\n * nextServerContext: { request, response },\n * operation: (contextSpec) => client.graphql(contextSpec, {\n * query: listPosts,\n * }),\n * });\n */\nexport function generateServerClientUsingReqRes(options) {\n const amplifyConfig = parseAmplifyConfig(options.config);\n const { config: _config, ...params } = options;\n return generateClient({\n config: amplifyConfig,\n ...params,\n });\n}\n"],"names":[],"mappings":";;;;;;AAAA;AACA;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAAS,gCAAgC,CAAC,OAAO,EAAE;AAC1D,IAAI,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE;AAC/C,QAAQ,MAAM,IAAI,yBAAyB,CAAC;AAC5C,YAAY,OAAO,EAAE,yHAAyH;AAC9I;AACA,YAAY,kBAAkB,EAAE,+FAA+F;AAC/H,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,MAAM,EAAE,2BAA2B,EAAE,eAAe,EAAE,GAAG,wBAAwB,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAClH;AACA;AACA;AACA,IAAI,MAAM,UAAU,GAAG,CAAC,EAAE,KAAK,2BAA2B,CAAC;AAC3D,QAAQ,iBAAiB,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE;AACvD,QAAQ,SAAS,EAAE,WAAW,IAAI,EAAE,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC;AAClF,KAAK,CAAC,CAAC;AACP,IAAI,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC;AACtE,IAAI,OAAO,iCAAiC,CAAC;AAC7C,QAAQ,OAAO,EAAE,UAAU;AAC3B,QAAQ,MAAM,EAAE,eAAe;AAC/B,QAAQ,GAAG,MAAM;AACjB,KAAK,CAAC,CAAC;AACP,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAAS,+BAA+B,CAAC,OAAO,EAAE;AACzD,IAAI,MAAM,aAAa,GAAG,kBAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;AAC7D,IAAI,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC;AACnD,IAAI,OAAO,cAAc,CAAC;AAC1B,QAAQ,MAAM,EAAE,aAAa;AAC7B,QAAQ,GAAG,MAAM;AACjB,KAAK,CAAC,CAAC;AACP;;;;"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';
|
|
2
2
|
import { createRunWithAmplifyServerContext } from './utils/createRunWithAmplifyServerContext.mjs';
|
|
3
|
-
import 'aws-jwt-verify';
|
|
4
3
|
import 'aws-jwt-verify/error';
|
|
4
|
+
import { createTokenValidator } from './utils/createTokenValidator.mjs';
|
|
5
5
|
|
|
6
6
|
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
7
7
|
// SPDX-License-Identifier: Apache-2.0
|
|
@@ -25,9 +25,18 @@ import 'aws-jwt-verify/error';
|
|
|
25
25
|
*/
|
|
26
26
|
const createServerRunner = ({ config, }) => {
|
|
27
27
|
const amplifyConfig = parseAmplifyConfig(config);
|
|
28
|
+
let tokenValidator;
|
|
29
|
+
if (amplifyConfig?.Auth) {
|
|
30
|
+
const { Cognito } = amplifyConfig.Auth;
|
|
31
|
+
tokenValidator = createTokenValidator({
|
|
32
|
+
userPoolId: Cognito?.userPoolId,
|
|
33
|
+
userPoolClientId: Cognito?.userPoolClientId,
|
|
34
|
+
});
|
|
35
|
+
}
|
|
28
36
|
return {
|
|
29
37
|
runWithAmplifyServerContext: createRunWithAmplifyServerContext({
|
|
30
38
|
config: amplifyConfig,
|
|
39
|
+
tokenValidator,
|
|
31
40
|
}),
|
|
32
41
|
};
|
|
33
42
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createServerRunner.mjs","sources":["../../src/createServerRunner.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';\nimport { createRunWithAmplifyServerContext } from './utils';\n/**\n * Creates the `runWithAmplifyServerContext` function to run Amplify server side APIs in an isolated request context.\n *\n * @remarks\n * This function should be called only once; you can use the returned `runWithAmplifyServerContext` across\n * your codebase.\n *\n * @param input The input used to create the `runWithAmplifyServerContext` function.\n * @param input.config The {@link ResourcesConfig} imported from the `amplifyconfiguration.json` file or manually\n * created.\n * @returns An object that contains the `runWithAmplifyServerContext` function.\n *\n * @example\n * import { createServerRunner } from '@aws-amplify/adapter-nextjs';\n * import config from './amplifyconfiguration.json';\n *\n * export const { runWithAmplifyServerContext } = createServerRunner({ config })\n */\nexport const createServerRunner = ({ config, }) => {\n const amplifyConfig = parseAmplifyConfig(config);\n return {\n runWithAmplifyServerContext: createRunWithAmplifyServerContext({\n config: amplifyConfig,\n }),\n };\n};\n"],"names":[],"mappings":";;;;;AAAA;AACA;
|
|
1
|
+
{"version":3,"file":"createServerRunner.mjs","sources":["../../src/createServerRunner.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';\nimport { createRunWithAmplifyServerContext } from './utils';\nimport { createTokenValidator } from './utils/createTokenValidator';\n/**\n * Creates the `runWithAmplifyServerContext` function to run Amplify server side APIs in an isolated request context.\n *\n * @remarks\n * This function should be called only once; you can use the returned `runWithAmplifyServerContext` across\n * your codebase.\n *\n * @param input The input used to create the `runWithAmplifyServerContext` function.\n * @param input.config The {@link ResourcesConfig} imported from the `amplifyconfiguration.json` file or manually\n * created.\n * @returns An object that contains the `runWithAmplifyServerContext` function.\n *\n * @example\n * import { createServerRunner } from '@aws-amplify/adapter-nextjs';\n * import config from './amplifyconfiguration.json';\n *\n * export const { runWithAmplifyServerContext } = createServerRunner({ config })\n */\nexport const createServerRunner = ({ config, }) => {\n const amplifyConfig = parseAmplifyConfig(config);\n let tokenValidator;\n if (amplifyConfig?.Auth) {\n const { Cognito } = amplifyConfig.Auth;\n tokenValidator = createTokenValidator({\n userPoolId: Cognito?.userPoolId,\n userPoolClientId: Cognito?.userPoolClientId,\n });\n }\n return {\n runWithAmplifyServerContext: createRunWithAmplifyServerContext({\n config: amplifyConfig,\n tokenValidator,\n }),\n };\n};\n"],"names":[],"mappings":";;;;;AAAA;AACA;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,kBAAkB,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK;AACnD,IAAI,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;AACrD,IAAI,IAAI,cAAc,CAAC;AACvB,IAAI,IAAI,aAAa,EAAE,IAAI,EAAE;AAC7B,QAAQ,MAAM,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,IAAI,CAAC;AAC/C,QAAQ,cAAc,GAAG,oBAAoB,CAAC;AAC9C,YAAY,UAAU,EAAE,OAAO,EAAE,UAAU;AAC3C,YAAY,gBAAgB,EAAE,OAAO,EAAE,gBAAgB;AACvD,SAAS,CAAC,CAAC;AACX,KAAK;AACL,IAAI,OAAO;AACX,QAAQ,2BAA2B,EAAE,iCAAiC,CAAC;AACvE,YAAY,MAAM,EAAE,aAAa;AACjC,YAAY,cAAc;AAC1B,SAAS,CAAC;AACV,KAAK,CAAC;AACN;;;;"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import { ResourcesConfig } from '@aws-amplify/core';
|
|
2
|
+
import { KeyValueStorageMethodValidator } from '@aws-amplify/core/internals/adapter-core';
|
|
2
3
|
import { NextServer } from '../types';
|
|
3
|
-
export declare const createRunWithAmplifyServerContext: ({ config: resourcesConfig, }: {
|
|
4
|
+
export declare const createRunWithAmplifyServerContext: ({ config: resourcesConfig, tokenValidator, }: {
|
|
4
5
|
config: ResourcesConfig;
|
|
6
|
+
tokenValidator?: Partial<Record<keyof import("@aws-amplify/core").KeyValueStorageInterface, (...args: any[]) => Promise<boolean>>> | undefined;
|
|
5
7
|
}) => NextServer.RunOperationWithContext;
|
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
import { sharedInMemoryStorage } from '@aws-amplify/core';
|
|
2
2
|
import { createKeyValueStorageFromCookieStorageAdapter, createAWSCredentialsAndIdentityIdProvider, createUserPoolsTokenProvider, runWithAmplifyServerContext } from 'aws-amplify/adapter-core';
|
|
3
|
-
import { createTokenValidator } from './createTokenValidator.mjs';
|
|
4
3
|
import { createCookieStorageAdapterFromNextServerContext } from './createCookieStorageAdapterFromNextServerContext.mjs';
|
|
5
4
|
|
|
6
5
|
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
7
6
|
// SPDX-License-Identifier: Apache-2.0
|
|
8
|
-
const createRunWithAmplifyServerContext = ({ config: resourcesConfig, }) => {
|
|
7
|
+
const createRunWithAmplifyServerContext = ({ config: resourcesConfig, tokenValidator, }) => {
|
|
9
8
|
const runWithAmplifyServerContext$1 = async ({ nextServerContext, operation }) => {
|
|
10
9
|
// When the Auth config is presented, attempt to create a Amplify server
|
|
11
10
|
// context with token and credentials provider.
|
|
@@ -17,10 +16,7 @@ const createRunWithAmplifyServerContext = ({ config: resourcesConfig, }) => {
|
|
|
17
16
|
// static rendering uses the same unauthenticated role cross-sever.
|
|
18
17
|
nextServerContext === null
|
|
19
18
|
? sharedInMemoryStorage
|
|
20
|
-
: createKeyValueStorageFromCookieStorageAdapter(await createCookieStorageAdapterFromNextServerContext(nextServerContext),
|
|
21
|
-
userPoolId: resourcesConfig?.Auth.Cognito?.userPoolId,
|
|
22
|
-
userPoolClientId: resourcesConfig?.Auth.Cognito?.userPoolClientId,
|
|
23
|
-
}));
|
|
19
|
+
: createKeyValueStorageFromCookieStorageAdapter(await createCookieStorageAdapterFromNextServerContext(nextServerContext), tokenValidator);
|
|
24
20
|
const credentialsProvider = createAWSCredentialsAndIdentityIdProvider(resourcesConfig.Auth, keyValueStorage);
|
|
25
21
|
const tokenProvider = createUserPoolsTokenProvider(resourcesConfig.Auth, keyValueStorage);
|
|
26
22
|
return runWithAmplifyServerContext(resourcesConfig, {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createRunWithAmplifyServerContext.mjs","sources":["../../../src/utils/createRunWithAmplifyServerContext.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { sharedInMemoryStorage } from '@aws-amplify/core';\nimport { createAWSCredentialsAndIdentityIdProvider, createKeyValueStorageFromCookieStorageAdapter, createUserPoolsTokenProvider, runWithAmplifyServerContext as runWithAmplifyServerContextCore, } from 'aws-amplify/adapter-core';\nimport {
|
|
1
|
+
{"version":3,"file":"createRunWithAmplifyServerContext.mjs","sources":["../../../src/utils/createRunWithAmplifyServerContext.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { sharedInMemoryStorage } from '@aws-amplify/core';\nimport { createAWSCredentialsAndIdentityIdProvider, createKeyValueStorageFromCookieStorageAdapter, createUserPoolsTokenProvider, runWithAmplifyServerContext as runWithAmplifyServerContextCore, } from 'aws-amplify/adapter-core';\nimport { createCookieStorageAdapterFromNextServerContext } from './createCookieStorageAdapterFromNextServerContext';\nexport const createRunWithAmplifyServerContext = ({ config: resourcesConfig, tokenValidator, }) => {\n const runWithAmplifyServerContext = async ({ nextServerContext, operation }) => {\n // When the Auth config is presented, attempt to create a Amplify server\n // context with token and credentials provider.\n if (resourcesConfig.Auth) {\n const keyValueStorage = \n // When `null` is passed as the value of `nextServerContext`, opt-in\n // unauthenticated role (primarily for static rendering). It's\n // safe to use the singleton `MemoryKeyValueStorage` here, as the\n // static rendering uses the same unauthenticated role cross-sever.\n nextServerContext === null\n ? sharedInMemoryStorage\n : createKeyValueStorageFromCookieStorageAdapter(await createCookieStorageAdapterFromNextServerContext(nextServerContext), tokenValidator);\n const credentialsProvider = createAWSCredentialsAndIdentityIdProvider(resourcesConfig.Auth, keyValueStorage);\n const tokenProvider = createUserPoolsTokenProvider(resourcesConfig.Auth, keyValueStorage);\n return runWithAmplifyServerContextCore(resourcesConfig, {\n Auth: { credentialsProvider, tokenProvider },\n }, operation);\n }\n // Otherwise it may be the case that auth is not used, e.g. API key.\n // Omitting the `Auth` in the second parameter.\n return runWithAmplifyServerContextCore(resourcesConfig, {}, operation);\n };\n return runWithAmplifyServerContext;\n};\n"],"names":["runWithAmplifyServerContext","runWithAmplifyServerContextCore"],"mappings":";;;;AAAA;AACA;AAIY,MAAC,iCAAiC,GAAG,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,cAAc,GAAG,KAAK;AACnG,IAAI,MAAMA,6BAA2B,GAAG,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,KAAK;AACpF;AACA;AACA,QAAQ,IAAI,eAAe,CAAC,IAAI,EAAE;AAClC,YAAY,MAAM,eAAe;AACjC;AACA;AACA;AACA;AACA,YAAY,iBAAiB,KAAK,IAAI;AACtC,kBAAkB,qBAAqB;AACvC,kBAAkB,6CAA6C,CAAC,MAAM,+CAA+C,CAAC,iBAAiB,CAAC,EAAE,cAAc,CAAC,CAAC;AAC1J,YAAY,MAAM,mBAAmB,GAAG,yCAAyC,CAAC,eAAe,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACzH,YAAY,MAAM,aAAa,GAAG,4BAA4B,CAAC,eAAe,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AACtG,YAAY,OAAOC,2BAA+B,CAAC,eAAe,EAAE;AACpE,gBAAgB,IAAI,EAAE,EAAE,mBAAmB,EAAE,aAAa,EAAE;AAC5D,aAAa,EAAE,SAAS,CAAC,CAAC;AAC1B,SAAS;AACT;AACA;AACA,QAAQ,OAAOA,2BAA+B,CAAC,eAAe,EAAE,EAAE,EAAE,SAAS,CAAC,CAAC;AAC/E,KAAK,CAAC;AACN,IAAI,OAAOD,6BAA2B,CAAC;AACvC;;;;"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { CognitoJwtVerifier } from 'aws-jwt-verify';
|
|
1
2
|
import { isValidCognitoToken } from './isValidCognitoToken.mjs';
|
|
2
3
|
|
|
3
4
|
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
@@ -6,23 +7,36 @@ import { isValidCognitoToken } from './isValidCognitoToken.mjs';
|
|
|
6
7
|
* Creates a validator object for validating methods in a KeyValueStorage.
|
|
7
8
|
*/
|
|
8
9
|
const createTokenValidator = ({ userPoolId, userPoolClientId: clientId, }) => {
|
|
10
|
+
let idTokenVerifier;
|
|
11
|
+
let accessTokenVerifier;
|
|
9
12
|
return {
|
|
10
13
|
// validate access, id tokens
|
|
11
14
|
getItem: async (key, value) => {
|
|
12
|
-
const
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
? 'id'
|
|
16
|
-
: null;
|
|
17
|
-
if (!tokenType)
|
|
15
|
+
const isAccessToken = key.includes('.accessToken');
|
|
16
|
+
const isIdToken = key.includes('.idToken');
|
|
17
|
+
if (!isAccessToken && !isIdToken) {
|
|
18
18
|
return true;
|
|
19
|
-
|
|
19
|
+
}
|
|
20
|
+
if (!userPoolId || !clientId) {
|
|
20
21
|
return false;
|
|
22
|
+
}
|
|
23
|
+
if (isAccessToken && !accessTokenVerifier) {
|
|
24
|
+
accessTokenVerifier = CognitoJwtVerifier.create({
|
|
25
|
+
userPoolId,
|
|
26
|
+
tokenUse: 'access',
|
|
27
|
+
clientId,
|
|
28
|
+
});
|
|
29
|
+
}
|
|
30
|
+
if (isIdToken && !idTokenVerifier) {
|
|
31
|
+
idTokenVerifier = CognitoJwtVerifier.create({
|
|
32
|
+
userPoolId,
|
|
33
|
+
tokenUse: 'id',
|
|
34
|
+
clientId,
|
|
35
|
+
});
|
|
36
|
+
}
|
|
21
37
|
return isValidCognitoToken({
|
|
22
|
-
clientId,
|
|
23
|
-
userPoolId,
|
|
24
|
-
tokenType,
|
|
25
38
|
token: value,
|
|
39
|
+
verifier: isAccessToken ? accessTokenVerifier : idTokenVerifier,
|
|
26
40
|
});
|
|
27
41
|
},
|
|
28
42
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createTokenValidator.mjs","sources":["../../../src/utils/createTokenValidator.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { isValidCognitoToken } from './isValidCognitoToken';\n/**\n * Creates a validator object for validating methods in a KeyValueStorage.\n */\nexport const createTokenValidator = ({ userPoolId, userPoolClientId: clientId, }) => {\n return {\n // validate access, id tokens\n getItem: async (key, value) => {\n const
|
|
1
|
+
{"version":3,"file":"createTokenValidator.mjs","sources":["../../../src/utils/createTokenValidator.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { CognitoJwtVerifier } from 'aws-jwt-verify';\nimport { isValidCognitoToken } from './isValidCognitoToken';\n/**\n * Creates a validator object for validating methods in a KeyValueStorage.\n */\nexport const createTokenValidator = ({ userPoolId, userPoolClientId: clientId, }) => {\n let idTokenVerifier;\n let accessTokenVerifier;\n return {\n // validate access, id tokens\n getItem: async (key, value) => {\n const isAccessToken = key.includes('.accessToken');\n const isIdToken = key.includes('.idToken');\n if (!isAccessToken && !isIdToken) {\n return true;\n }\n if (!userPoolId || !clientId) {\n return false;\n }\n if (isAccessToken && !accessTokenVerifier) {\n accessTokenVerifier = CognitoJwtVerifier.create({\n userPoolId,\n tokenUse: 'access',\n clientId,\n });\n }\n if (isIdToken && !idTokenVerifier) {\n idTokenVerifier = CognitoJwtVerifier.create({\n userPoolId,\n tokenUse: 'id',\n clientId,\n });\n }\n return isValidCognitoToken({\n token: value,\n verifier: isAccessToken ? accessTokenVerifier : idTokenVerifier,\n });\n },\n };\n};\n"],"names":[],"mappings":";;;AAAA;AACA;AAGA;AACA;AACA;AACY,MAAC,oBAAoB,GAAG,CAAC,EAAE,UAAU,EAAE,gBAAgB,EAAE,QAAQ,GAAG,KAAK;AACrF,IAAI,IAAI,eAAe,CAAC;AACxB,IAAI,IAAI,mBAAmB,CAAC;AAC5B,IAAI,OAAO;AACX;AACA,QAAQ,OAAO,EAAE,OAAO,GAAG,EAAE,KAAK,KAAK;AACvC,YAAY,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AAC/D,YAAY,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AACvD,YAAY,IAAI,CAAC,aAAa,IAAI,CAAC,SAAS,EAAE;AAC9C,gBAAgB,OAAO,IAAI,CAAC;AAC5B,aAAa;AACb,YAAY,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ,EAAE;AAC1C,gBAAgB,OAAO,KAAK,CAAC;AAC7B,aAAa;AACb,YAAY,IAAI,aAAa,IAAI,CAAC,mBAAmB,EAAE;AACvD,gBAAgB,mBAAmB,GAAG,kBAAkB,CAAC,MAAM,CAAC;AAChE,oBAAoB,UAAU;AAC9B,oBAAoB,QAAQ,EAAE,QAAQ;AACtC,oBAAoB,QAAQ;AAC5B,iBAAiB,CAAC,CAAC;AACnB,aAAa;AACb,YAAY,IAAI,SAAS,IAAI,CAAC,eAAe,EAAE;AAC/C,gBAAgB,eAAe,GAAG,kBAAkB,CAAC,MAAM,CAAC;AAC5D,oBAAoB,UAAU;AAC9B,oBAAoB,QAAQ,EAAE,IAAI;AAClC,oBAAoB,QAAQ;AAC5B,iBAAiB,CAAC,CAAC;AACnB,aAAa;AACb,YAAY,OAAO,mBAAmB,CAAC;AACvC,gBAAgB,KAAK,EAAE,KAAK;AAC5B,gBAAgB,QAAQ,EAAE,aAAa,GAAG,mBAAmB,GAAG,eAAe;AAC/E,aAAa,CAAC,CAAC;AACf,SAAS;AACT,KAAK,CAAC;AACN;;;;"}
|
|
@@ -1,15 +1,13 @@
|
|
|
1
|
+
import { JwtVerifier } from '../types';
|
|
1
2
|
/**
|
|
2
3
|
* Verifies a Cognito JWT token for its validity.
|
|
3
4
|
*
|
|
4
5
|
* @param input - An object containing:
|
|
5
6
|
* - token: The JWT token as a string that needs to be verified.
|
|
6
|
-
* -
|
|
7
|
-
* - clientId: The Client ID associated with the Cognito User Pool.
|
|
7
|
+
* - verifier: The JWT verifier which will verify the token.
|
|
8
8
|
* @internal
|
|
9
9
|
*/
|
|
10
10
|
export declare const isValidCognitoToken: (input: {
|
|
11
11
|
token: string;
|
|
12
|
-
|
|
13
|
-
clientId: string;
|
|
14
|
-
tokenType: 'id' | 'access';
|
|
12
|
+
verifier: JwtVerifier;
|
|
15
13
|
}) => Promise<boolean>;
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { CognitoJwtVerifier } from 'aws-jwt-verify';
|
|
2
1
|
import { JwtExpiredError } from 'aws-jwt-verify/error';
|
|
3
2
|
|
|
4
3
|
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
@@ -8,18 +7,12 @@ import { JwtExpiredError } from 'aws-jwt-verify/error';
|
|
|
8
7
|
*
|
|
9
8
|
* @param input - An object containing:
|
|
10
9
|
* - token: The JWT token as a string that needs to be verified.
|
|
11
|
-
* -
|
|
12
|
-
* - clientId: The Client ID associated with the Cognito User Pool.
|
|
10
|
+
* - verifier: The JWT verifier which will verify the token.
|
|
13
11
|
* @internal
|
|
14
12
|
*/
|
|
15
13
|
const isValidCognitoToken = async (input) => {
|
|
16
|
-
const {
|
|
14
|
+
const { token, verifier } = input;
|
|
17
15
|
try {
|
|
18
|
-
const verifier = CognitoJwtVerifier.create({
|
|
19
|
-
userPoolId,
|
|
20
|
-
tokenUse: tokenType,
|
|
21
|
-
clientId,
|
|
22
|
-
});
|
|
23
16
|
await verifier.verify(token);
|
|
24
17
|
return true;
|
|
25
18
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isValidCognitoToken.mjs","sources":["../../../src/utils/isValidCognitoToken.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport {
|
|
1
|
+
{"version":3,"file":"isValidCognitoToken.mjs","sources":["../../../src/utils/isValidCognitoToken.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { JwtExpiredError } from 'aws-jwt-verify/error';\n/**\n * Verifies a Cognito JWT token for its validity.\n *\n * @param input - An object containing:\n * - token: The JWT token as a string that needs to be verified.\n * - verifier: The JWT verifier which will verify the token.\n * @internal\n */\nexport const isValidCognitoToken = async (input) => {\n const { token, verifier } = input;\n try {\n await verifier.verify(token);\n return true;\n }\n catch (error) {\n // When `JwtExpiredError` is thrown, the token should have valid signature\n // but expired. So, we can consider it as a valid token.\n // Reference https://github.com/awslabs/aws-jwt-verify/blob/8d8f714d7281913ecd660147f5c30311479601c1/src/jwt-rsa.ts#L290-L301\n if (error instanceof JwtExpiredError) {\n return true;\n }\n // TODO (ashwinkumar6): surface invalid cognito token error to customer\n // TODO: clear invalid tokens from Storage\n return false;\n }\n};\n"],"names":[],"mappings":";;AAAA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,mBAAmB,GAAG,OAAO,KAAK,KAAK;AACpD,IAAI,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;AACtC,IAAI,IAAI;AACR,QAAQ,MAAM,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrC,QAAQ,OAAO,IAAI,CAAC;AACpB,KAAK;AACL,IAAI,OAAO,KAAK,EAAE;AAClB;AACA;AACA;AACA,QAAQ,IAAI,KAAK,YAAY,eAAe,EAAE;AAC9C,YAAY,OAAO,IAAI,CAAC;AACxB,SAAS;AACT;AACA;AACA,QAAQ,OAAO,KAAK,CAAC;AACrB,KAAK;AACL;;;;"}
|
package/package.json
CHANGED
|
@@ -1,75 +1,75 @@
|
|
|
1
1
|
{
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
2
|
+
"author": "Amazon Web Services",
|
|
3
|
+
"name": "@aws-amplify/adapter-nextjs",
|
|
4
|
+
"version": "1.3.1-graphql-multi-client.93b5136.0+93b5136",
|
|
5
|
+
"description": "The adapter for the supporting of using Amplify APIs in Next.js.",
|
|
6
|
+
"peerDependencies": {
|
|
7
|
+
"aws-amplify": "6.10.4-graphql-multi-client.93b5136.0+93b5136",
|
|
8
|
+
"next": ">=13.5.0 <16.0.0"
|
|
9
|
+
},
|
|
10
|
+
"dependencies": {
|
|
11
|
+
"aws-jwt-verify": "^4.0.1",
|
|
12
|
+
"cookie": "^0.7.0"
|
|
13
|
+
},
|
|
14
|
+
"devDependencies": {
|
|
15
|
+
"@types/cookie": "^0.5.1",
|
|
16
|
+
"@types/node": "^20.3.1",
|
|
17
|
+
"@types/react": "^18.2.13",
|
|
18
|
+
"@types/react-dom": "^18.2.6",
|
|
19
|
+
"aws-amplify": "6.10.4-graphql-multi-client.93b5136.0+93b5136",
|
|
20
|
+
"jest-fetch-mock": "3.0.3",
|
|
21
|
+
"next": ">= 13.5.0 < 15.0.0",
|
|
22
|
+
"typescript": "5.0.2"
|
|
23
|
+
},
|
|
24
|
+
"publishConfig": {
|
|
25
|
+
"access": "public"
|
|
26
|
+
},
|
|
27
|
+
"bugs": {
|
|
28
|
+
"url": "https://github.com/aws/aws-amplify/issues"
|
|
29
|
+
},
|
|
30
|
+
"exports": {
|
|
31
|
+
".": {
|
|
32
|
+
"types": "./dist/esm/index.d.ts",
|
|
33
|
+
"import": "./dist/esm/index.mjs",
|
|
34
|
+
"require": "./dist/cjs/index.js"
|
|
35
|
+
},
|
|
36
|
+
"./api": {
|
|
37
|
+
"types": "./dist/esm/api/index.d.ts",
|
|
38
|
+
"import": "./dist/esm/api/index.mjs",
|
|
39
|
+
"require": "./dist/cjs/api/index.js"
|
|
40
|
+
},
|
|
41
|
+
"./data": {
|
|
42
|
+
"types": "./dist/esm/api/index.d.ts",
|
|
43
|
+
"import": "./dist/esm/api/index.mjs",
|
|
44
|
+
"require": "./dist/cjs/api/index.js"
|
|
45
|
+
},
|
|
46
|
+
"./package.json": "./package.json"
|
|
47
|
+
},
|
|
48
|
+
"files": [
|
|
49
|
+
"dist/cjs",
|
|
50
|
+
"dist/esm",
|
|
51
|
+
"src",
|
|
52
|
+
"api",
|
|
53
|
+
"data"
|
|
54
|
+
],
|
|
55
|
+
"homepage": "https://aws-amplify.github.io/",
|
|
56
|
+
"license": "Apache-2.0",
|
|
57
|
+
"main": "./dist/cjs/index.js",
|
|
58
|
+
"module": "./dist/esm/index.mjs",
|
|
59
|
+
"typings": "./dist/esm/index.d.ts",
|
|
60
|
+
"sideEffects": false,
|
|
61
|
+
"scripts": {
|
|
62
|
+
"build": "npm run clean && npm run build:esm-cjs",
|
|
63
|
+
"build-with-test": "npm test && npm run build",
|
|
64
|
+
"build:esm-cjs": "rollup --forceExit -c rollup.config.mjs",
|
|
65
|
+
"build:watch": "npm run build:esm-cjs -- --watch",
|
|
66
|
+
"clean": "npm run clean:size && rimraf dist",
|
|
67
|
+
"clean:size": "rimraf dual-publish-tmp tmp*",
|
|
68
|
+
"format": "echo \"Not implemented\"",
|
|
69
|
+
"lint": "eslint '**/*.{ts,tsx}' && npm run ts-coverage",
|
|
70
|
+
"lint:fix": "eslint '**/*.{ts,tsx}' --fix",
|
|
71
|
+
"test": "npm run lint && jest -w 1 --coverage --logHeapUsage",
|
|
72
|
+
"ts-coverage": "typescript-coverage-report -p ./tsconfig.build.json -t 90.31"
|
|
73
|
+
},
|
|
74
|
+
"gitHead": "93b51360e57e283a7d4ed64c6b701d85ec71e94b"
|
|
75
75
|
}
|
|
@@ -8,13 +8,11 @@ import {
|
|
|
8
8
|
getAmplifyServerContext,
|
|
9
9
|
} from '@aws-amplify/core/internals/adapter-core';
|
|
10
10
|
import {
|
|
11
|
+
CommonPublicClientOptions,
|
|
11
12
|
V6ClientSSRCookies,
|
|
12
13
|
V6ClientSSRRequest,
|
|
13
14
|
} from '@aws-amplify/api-graphql';
|
|
14
|
-
import {
|
|
15
|
-
GraphQLAuthMode,
|
|
16
|
-
parseAmplifyConfig,
|
|
17
|
-
} from '@aws-amplify/core/internals/utils';
|
|
15
|
+
import { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';
|
|
18
16
|
|
|
19
17
|
import { NextServer } from '../types';
|
|
20
18
|
|
|
@@ -23,14 +21,10 @@ import { createServerRunnerForAPI } from './createServerRunnerForAPI';
|
|
|
23
21
|
interface CookiesClientParams {
|
|
24
22
|
cookies: NextServer.ServerComponentContext['cookies'];
|
|
25
23
|
config: NextServer.CreateServerRunnerInput['config'];
|
|
26
|
-
authMode?: GraphQLAuthMode;
|
|
27
|
-
authToken?: string;
|
|
28
24
|
}
|
|
29
25
|
|
|
30
26
|
interface ReqClientParams {
|
|
31
27
|
config: NextServer.CreateServerRunnerInput['config'];
|
|
32
|
-
authMode?: GraphQLAuthMode;
|
|
33
|
-
authToken?: string;
|
|
34
28
|
}
|
|
35
29
|
|
|
36
30
|
/**
|
|
@@ -44,13 +38,10 @@ interface ReqClientParams {
|
|
|
44
38
|
*/
|
|
45
39
|
export function generateServerClientUsingCookies<
|
|
46
40
|
T extends Record<any, any> = never,
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
authToken,
|
|
52
|
-
}: CookiesClientParams): V6ClientSSRCookies<T> {
|
|
53
|
-
if (typeof cookies !== 'function') {
|
|
41
|
+
Options extends CommonPublicClientOptions &
|
|
42
|
+
CookiesClientParams = CookiesClientParams,
|
|
43
|
+
>(options: Options): V6ClientSSRCookies<T, Options> {
|
|
44
|
+
if (typeof options.cookies !== 'function') {
|
|
54
45
|
throw new AmplifyServerContextError({
|
|
55
46
|
message:
|
|
56
47
|
'generateServerClientUsingCookies is only compatible with the `cookies` Dynamic Function available in Server Components.',
|
|
@@ -61,24 +52,25 @@ export function generateServerClientUsingCookies<
|
|
|
61
52
|
}
|
|
62
53
|
|
|
63
54
|
const { runWithAmplifyServerContext, resourcesConfig } =
|
|
64
|
-
createServerRunnerForAPI({ config });
|
|
55
|
+
createServerRunnerForAPI({ config: options.config });
|
|
65
56
|
|
|
66
57
|
// This function reference gets passed down to InternalGraphQLAPI.ts.graphql
|
|
67
58
|
// where this._graphql is passed in as the `fn` argument
|
|
68
59
|
// causing it to always get invoked inside `runWithAmplifyServerContext`
|
|
69
60
|
const getAmplify = (fn: (amplify: any) => Promise<any>) =>
|
|
70
61
|
runWithAmplifyServerContext({
|
|
71
|
-
nextServerContext: { cookies },
|
|
62
|
+
nextServerContext: { cookies: options.cookies },
|
|
72
63
|
operation: contextSpec =>
|
|
73
64
|
fn(getAmplifyServerContext(contextSpec).amplify),
|
|
74
65
|
});
|
|
75
66
|
|
|
76
|
-
|
|
67
|
+
const { cookies: _cookies, config: _config, ...params } = options;
|
|
68
|
+
|
|
69
|
+
return generateClientWithAmplifyInstance<T, V6ClientSSRCookies<T, Options>>({
|
|
77
70
|
amplify: getAmplify,
|
|
78
71
|
config: resourcesConfig,
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
});
|
|
72
|
+
...params,
|
|
73
|
+
} as any); // TS can't narrow the type here.
|
|
82
74
|
}
|
|
83
75
|
|
|
84
76
|
/**
|
|
@@ -99,12 +91,14 @@ export function generateServerClientUsingCookies<
|
|
|
99
91
|
*/
|
|
100
92
|
export function generateServerClientUsingReqRes<
|
|
101
93
|
T extends Record<any, any> = never,
|
|
102
|
-
|
|
103
|
-
|
|
94
|
+
Options extends CommonPublicClientOptions & ReqClientParams = ReqClientParams,
|
|
95
|
+
>(options: Options): V6ClientSSRRequest<T, Options> {
|
|
96
|
+
const amplifyConfig = parseAmplifyConfig(options.config);
|
|
97
|
+
|
|
98
|
+
const { config: _config, ...params } = options;
|
|
104
99
|
|
|
105
100
|
return generateClient<T>({
|
|
106
101
|
config: amplifyConfig,
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
});
|
|
102
|
+
...params,
|
|
103
|
+
}) as any;
|
|
110
104
|
}
|
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
// SPDX-License-Identifier: Apache-2.0
|
|
3
3
|
|
|
4
4
|
import { ResourcesConfig } from 'aws-amplify';
|
|
5
|
+
import { KeyValueStorageMethodValidator } from '@aws-amplify/core/internals/adapter-core';
|
|
5
6
|
import { parseAmplifyConfig } from '@aws-amplify/core/internals/utils';
|
|
6
7
|
|
|
7
8
|
import { createRunWithAmplifyServerContext } from './utils';
|
|
8
9
|
import { NextServer } from './types';
|
|
10
|
+
import { createTokenValidator } from './utils/createTokenValidator';
|
|
9
11
|
|
|
10
12
|
/**
|
|
11
13
|
* Creates the `runWithAmplifyServerContext` function to run Amplify server side APIs in an isolated request context.
|
|
@@ -30,9 +32,19 @@ export const createServerRunner: NextServer.CreateServerRunner = ({
|
|
|
30
32
|
}) => {
|
|
31
33
|
const amplifyConfig = parseAmplifyConfig(config);
|
|
32
34
|
|
|
35
|
+
let tokenValidator: KeyValueStorageMethodValidator | undefined;
|
|
36
|
+
if (amplifyConfig?.Auth) {
|
|
37
|
+
const { Cognito } = amplifyConfig.Auth;
|
|
38
|
+
tokenValidator = createTokenValidator({
|
|
39
|
+
userPoolId: Cognito?.userPoolId,
|
|
40
|
+
userPoolClientId: Cognito?.userPoolClientId,
|
|
41
|
+
});
|
|
42
|
+
}
|
|
43
|
+
|
|
33
44
|
return {
|
|
34
45
|
runWithAmplifyServerContext: createRunWithAmplifyServerContext({
|
|
35
46
|
config: amplifyConfig,
|
|
47
|
+
tokenValidator,
|
|
36
48
|
}),
|
|
37
49
|
};
|
|
38
50
|
};
|
package/src/types/index.ts
CHANGED
|
@@ -1,4 +1,8 @@
|
|
|
1
1
|
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
2
2
|
// SPDX-License-Identifier: Apache-2.0
|
|
3
3
|
|
|
4
|
+
import { CognitoJwtVerifier } from 'aws-jwt-verify';
|
|
5
|
+
|
|
4
6
|
export { NextServer } from './NextServer';
|
|
7
|
+
|
|
8
|
+
export type JwtVerifier = ReturnType<typeof CognitoJwtVerifier.create>;
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
// SPDX-License-Identifier: Apache-2.0
|
|
3
3
|
|
|
4
4
|
import { ResourcesConfig, sharedInMemoryStorage } from '@aws-amplify/core';
|
|
5
|
+
import { KeyValueStorageMethodValidator } from '@aws-amplify/core/internals/adapter-core';
|
|
5
6
|
import {
|
|
6
7
|
createAWSCredentialsAndIdentityIdProvider,
|
|
7
8
|
createKeyValueStorageFromCookieStorageAdapter,
|
|
@@ -11,13 +12,14 @@ import {
|
|
|
11
12
|
|
|
12
13
|
import { NextServer } from '../types';
|
|
13
14
|
|
|
14
|
-
import { createTokenValidator } from './createTokenValidator';
|
|
15
15
|
import { createCookieStorageAdapterFromNextServerContext } from './createCookieStorageAdapterFromNextServerContext';
|
|
16
16
|
|
|
17
17
|
export const createRunWithAmplifyServerContext = ({
|
|
18
18
|
config: resourcesConfig,
|
|
19
|
+
tokenValidator,
|
|
19
20
|
}: {
|
|
20
21
|
config: ResourcesConfig;
|
|
22
|
+
tokenValidator?: KeyValueStorageMethodValidator;
|
|
21
23
|
}) => {
|
|
22
24
|
const runWithAmplifyServerContext: NextServer.RunOperationWithContext =
|
|
23
25
|
async ({ nextServerContext, operation }) => {
|
|
@@ -35,11 +37,7 @@ export const createRunWithAmplifyServerContext = ({
|
|
|
35
37
|
await createCookieStorageAdapterFromNextServerContext(
|
|
36
38
|
nextServerContext,
|
|
37
39
|
),
|
|
38
|
-
|
|
39
|
-
userPoolId: resourcesConfig?.Auth.Cognito?.userPoolId,
|
|
40
|
-
userPoolClientId:
|
|
41
|
-
resourcesConfig?.Auth.Cognito?.userPoolClientId,
|
|
42
|
-
}),
|
|
40
|
+
tokenValidator,
|
|
43
41
|
);
|
|
44
42
|
const credentialsProvider = createAWSCredentialsAndIdentityIdProvider(
|
|
45
43
|
resourcesConfig.Auth,
|
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
// SPDX-License-Identifier: Apache-2.0
|
|
3
3
|
|
|
4
4
|
import { KeyValueStorageMethodValidator } from '@aws-amplify/core/internals/adapter-core';
|
|
5
|
+
import { CognitoJwtVerifier } from 'aws-jwt-verify';
|
|
6
|
+
|
|
7
|
+
import { JwtVerifier } from '../types';
|
|
5
8
|
|
|
6
9
|
import { isValidCognitoToken } from './isValidCognitoToken';
|
|
7
10
|
|
|
@@ -9,6 +12,7 @@ interface CreateTokenValidatorInput {
|
|
|
9
12
|
userPoolId?: string;
|
|
10
13
|
userPoolClientId?: string;
|
|
11
14
|
}
|
|
15
|
+
|
|
12
16
|
/**
|
|
13
17
|
* Creates a validator object for validating methods in a KeyValueStorage.
|
|
14
18
|
*/
|
|
@@ -16,23 +20,42 @@ export const createTokenValidator = ({
|
|
|
16
20
|
userPoolId,
|
|
17
21
|
userPoolClientId: clientId,
|
|
18
22
|
}: CreateTokenValidatorInput): KeyValueStorageMethodValidator => {
|
|
23
|
+
let idTokenVerifier: JwtVerifier;
|
|
24
|
+
let accessTokenVerifier: JwtVerifier;
|
|
25
|
+
|
|
19
26
|
return {
|
|
20
27
|
// validate access, id tokens
|
|
21
28
|
getItem: async (key: string, value: string): Promise<boolean> => {
|
|
22
|
-
const
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
29
|
+
const isAccessToken = key.includes('.accessToken');
|
|
30
|
+
const isIdToken = key.includes('.idToken');
|
|
31
|
+
|
|
32
|
+
if (!isAccessToken && !isIdToken) {
|
|
33
|
+
return true;
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
if (!userPoolId || !clientId) {
|
|
37
|
+
return false;
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
if (isAccessToken && !accessTokenVerifier) {
|
|
41
|
+
accessTokenVerifier = CognitoJwtVerifier.create({
|
|
42
|
+
userPoolId,
|
|
43
|
+
tokenUse: 'access',
|
|
44
|
+
clientId,
|
|
45
|
+
});
|
|
46
|
+
}
|
|
28
47
|
|
|
29
|
-
if (
|
|
48
|
+
if (isIdToken && !idTokenVerifier) {
|
|
49
|
+
idTokenVerifier = CognitoJwtVerifier.create({
|
|
50
|
+
userPoolId,
|
|
51
|
+
tokenUse: 'id',
|
|
52
|
+
clientId,
|
|
53
|
+
});
|
|
54
|
+
}
|
|
30
55
|
|
|
31
56
|
return isValidCognitoToken({
|
|
32
|
-
clientId,
|
|
33
|
-
userPoolId,
|
|
34
|
-
tokenType,
|
|
35
57
|
token: value,
|
|
58
|
+
verifier: isAccessToken ? accessTokenVerifier : idTokenVerifier,
|
|
36
59
|
});
|
|
37
60
|
},
|
|
38
61
|
};
|
|
@@ -1,32 +1,25 @@
|
|
|
1
1
|
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
2
2
|
// SPDX-License-Identifier: Apache-2.0
|
|
3
3
|
|
|
4
|
-
import { CognitoJwtVerifier } from 'aws-jwt-verify';
|
|
5
4
|
import { JwtExpiredError } from 'aws-jwt-verify/error';
|
|
6
5
|
|
|
6
|
+
import { JwtVerifier } from '../types';
|
|
7
|
+
|
|
7
8
|
/**
|
|
8
9
|
* Verifies a Cognito JWT token for its validity.
|
|
9
10
|
*
|
|
10
11
|
* @param input - An object containing:
|
|
11
12
|
* - token: The JWT token as a string that needs to be verified.
|
|
12
|
-
* -
|
|
13
|
-
* - clientId: The Client ID associated with the Cognito User Pool.
|
|
13
|
+
* - verifier: The JWT verifier which will verify the token.
|
|
14
14
|
* @internal
|
|
15
15
|
*/
|
|
16
16
|
export const isValidCognitoToken = async (input: {
|
|
17
17
|
token: string;
|
|
18
|
-
|
|
19
|
-
clientId: string;
|
|
20
|
-
tokenType: 'id' | 'access';
|
|
18
|
+
verifier: JwtVerifier;
|
|
21
19
|
}): Promise<boolean> => {
|
|
22
|
-
const {
|
|
20
|
+
const { token, verifier } = input;
|
|
23
21
|
|
|
24
22
|
try {
|
|
25
|
-
const verifier = CognitoJwtVerifier.create({
|
|
26
|
-
userPoolId,
|
|
27
|
-
tokenUse: tokenType,
|
|
28
|
-
clientId,
|
|
29
|
-
});
|
|
30
23
|
await verifier.verify(token);
|
|
31
24
|
|
|
32
25
|
return true;
|