@axinom/mosaic-id-guard 0.20.0-rc.0 → 0.20.0-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-authenticated-subject.d.ts","sourceRoot":"","sources":["../../src/common/get-authenticated-subject.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"get-authenticated-subject.d.ts","sourceRoot":"","sources":["../../src/common/get-authenticated-subject.ts"],"names":[],"mappings":"AAYA,OAAO,EACL,oBAAoB,EACpB,+BAA+B,EAC/B,8BAA8B,EAC9B,oBAAoB,EACrB,MAAM,SAAS,CAAC;AAMjB,eAAO,MAAM,2BAA2B,gCAAgC,CAAC;AAEzE;;;;;;;GAOG;AACH,eAAO,MAAM,iCAAiC,UACrC,MAAM,cACD,MAAM,GAAG,oBAAoB,KACxC,QAAQ,8BAA8B,CAsDxC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,UAC3B,MAAM,cACD,MAAM,GAAG,oBAAoB,KACxC,QAAQ,oBAAoB,GAAG,+BAA+B,CAqEhE,CAAC"}
|
|
@@ -7,10 +7,14 @@ exports.getAuthenticatedEndUser = exports.getAuthenticatedManagementSubject = ex
|
|
|
7
7
|
const mosaic_service_common_1 = require("@axinom/mosaic-service-common");
|
|
8
8
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
9
9
|
const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
|
|
10
|
+
const lru_cache_1 = __importDefault(require("lru-cache"));
|
|
10
11
|
const id_guard_error_1 = require("./id-guard-error");
|
|
11
12
|
const id_guard_errors_1 = require("./id-guard-errors");
|
|
12
13
|
const jwt_verify_options_1 = require("./jwt-verify-options");
|
|
13
14
|
const subject_type_1 = require("./subject-type");
|
|
15
|
+
const jwksClientCache = new lru_cache_1.default({
|
|
16
|
+
max: 1000,
|
|
17
|
+
});
|
|
14
18
|
exports.EMBEDDED_END_USER_TOKEN_KEY = 'mosaic.end-user.accessToken';
|
|
15
19
|
/**
|
|
16
20
|
* Parses a JWT token to produce an `AuthenticatedManagementSubject`.
|
|
@@ -122,12 +126,14 @@ const getAuthenticatedEndUser = async (token, authParams) => {
|
|
|
122
126
|
exports.getAuthenticatedEndUser = getAuthenticatedEndUser;
|
|
123
127
|
const verifyTokenAndGetAuthenticatedSubject = async (token, jwksUri, authType) => {
|
|
124
128
|
return new Promise((resolve, reject) => {
|
|
125
|
-
|
|
129
|
+
var _a;
|
|
130
|
+
const jwksClient = (_a = jwksClientCache.get(jwksUri)) !== null && _a !== void 0 ? _a : (0, jwks_rsa_1.default)({
|
|
126
131
|
jwksUri,
|
|
127
132
|
cache: true,
|
|
128
133
|
cacheMaxAge: 1000 * 60 * 10,
|
|
129
134
|
cacheMaxEntries: 100,
|
|
130
135
|
});
|
|
136
|
+
jwksClientCache.set(jwksUri, jwksClient);
|
|
131
137
|
const getPublicKey = (header, callback) => {
|
|
132
138
|
var _a;
|
|
133
139
|
jwksClient.getSigningKey((_a = header.kid) !== null && _a !== void 0 ? _a : 'MISSING_KEY_ID_IN_JWT_HEADER', (error, key) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-authenticated-subject.js","sourceRoot":"","sources":["../../src/common/get-authenticated-subject.ts"],"names":[],"mappings":";;;;;;AAAA,yEAAmE;AACnE,gEAA+B;AAC/B,wDAA4B;AAC5B,qDAAgD;AAChD,uDAAkD;AAClD,6DAI8B;AAC9B,iDAA6C;
|
|
1
|
+
{"version":3,"file":"get-authenticated-subject.js","sourceRoot":"","sources":["../../src/common/get-authenticated-subject.ts"],"names":[],"mappings":";;;;;;AAAA,yEAAmE;AACnE,gEAA+B;AAC/B,wDAA4B;AAC5B,0DAAiC;AACjC,qDAAgD;AAChD,uDAAkD;AAClD,6DAI8B;AAC9B,iDAA6C;AAQ7C,MAAM,eAAe,GAAG,IAAI,mBAAQ,CAA0B;IAC5D,GAAG,EAAE,IAAI;CACV,CAAC,CAAC;AAEU,QAAA,2BAA2B,GAAG,6BAA6B,CAAC;AAEzE;;;;;;;GAOG;AACI,MAAM,iCAAiC,GAAG,KAAK,EACpD,KAAa,EACb,UAAyC,EACA,EAAE;IAC3C,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,uBAAuB,GAAG,KAAK,CAAC;IACpC,IAAI,OAAO,GAAG,EAAE,CAAC;IAEjB,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,CAAmC,CAAC;IACpE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAE3B,gEAAgE;IAChE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAC5B,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IACtC,uBAAuB;QACrB,OAAO,CAAC,WAAW,KAAK,0BAAW,CAAC,qBAAqB,CAAC;IAE5D,0GAA0G;IAC1G,IAAI,MAAM,KAAK,4CAAuB,EAAE;QACtC,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;YAClC,IAAI,uBAAuB,EAAE;gBAC3B,OAAO,GAAG,IAAI,GAAG,CAAC,wBAAwB,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC;aAC9D;iBAAM;gBACL,OAAO,GAAG,IAAI,GAAG,CACf,IAAI,QAAQ,IAAI,aAAa,wBAAwB,EACrD,UAAU,CACX,CAAC,IAAI,CAAC;aACR;SACF;aAAM;YACL,6EAA6E;YAC7E,IACE,CAAC,IAAA,0CAAkB,EAAC,UAAU,CAAC,QAAQ,CAAC;gBACxC,CAAC,IAAA,0CAAkB,EAAC,UAAU,CAAC,aAAa,CAAC,EAC7C;gBACA,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;gBAC/B,aAAa,GAAG,UAAU,CAAC,aAAa,CAAC;aAC1C;YAED,IAAI,uBAAuB,EAAE;gBAC3B,OAAO,GAAG,IAAI,GAAG,CAAC,wBAAwB,EAAE,UAAU,CAAC,YAAY,CAAC;qBACjE,IAAI,CAAC;aACT;iBAAM;gBACL,OAAO,GAAG,IAAI,GAAG,CACf,IAAI,QAAQ,IAAI,aAAa,wBAAwB,EACrD,UAAU,CAAC,YAAY,CACxB,CAAC,IAAI,CAAC;aACR;SACF;KACF;IAED,iCAAiC;IACjC,OAAO,CAAC,MAAM,qCAAqC,CACjD,KAAK,EACL,OAAO,EACP,YAAY,CACb,CAAmC,CAAC;AACvC,CAAC,CAAC;AAzDW,QAAA,iCAAiC,qCAyD5C;AAEF;;;;;;;GAOG;AACI,MAAM,uBAAuB,GAAG,KAAK,EAC1C,KAAa,EACb,UAAyC,EACwB,EAAE;IACnE,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,YAAY,GAAG,EAAE,CAAC;IAEtB,MAAM,YAAY,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,CAA4B,CAAC;IAElE,kCAAkC;IAClC,IAAI,YAAY,CAAC,mCAA2B,CAAC,KAAK,SAAS,EAAE;QAC3D,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,mCAA2B,CAAC,CAAC,CAAC;KAClE;SAAM;QACL,YAAY,GAAG,KAAK,CAAC;KACtB;IAED,MAAM,mBAAmB,GAAG,sBAAG,CAAC,MAAM,CACpC,YAAY,CACsB,CAAC;IAErC,0HAA0H;IAC1H,IAAI,IAAA,0CAAkB,EAAC,mBAAmB,CAAC,EAAE;QAC3C,MAAM,IAAI,6BAAY,CAAC,+BAAa,CAAC,0BAA0B,CAAC,CAAC;KAClE;IACD,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC;IACvC,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,CAAC;IACxC,aAAa,GAAG,mBAAmB,CAAC,aAAa,CAAC;IAClD,MAAM,aAAa,GAAG,mBAAmB,CAAC,aAAa,CAAC;IAExD,4GAA4G;IAC5G,IAAI,MAAM,KAAK,8CAAyB,EAAE;QACxC,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;YAClC,OAAO,GAAG,IAAI,GAAG,CACf,IAAI,QAAQ,IAAI,aAAa,IAAI,aAAa,wBAAwB,EACtE,UAAU,CACX,CAAC,IAAI,CAAC;SACR;aAAM;YACL,6EAA6E;YAC7E,IACE,CAAC,IAAA,0CAAkB,EAAC,UAAU,CAAC,QAAQ,CAAC;gBACxC,CAAC,IAAA,0CAAkB,EAAC,UAAU,CAAC,aAAa,CAAC,EAC7C;gBACA,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;gBAC/B,aAAa,GAAG,UAAU,CAAC,aAAa,CAAC;aAC1C;YAED,OAAO,GAAG,IAAI,GAAG,CACf,IAAI,QAAQ,IAAI,aAAa,IAAI,aAAa,wBAAwB,EACtE,UAAU,CAAC,YAAY,CACxB,CAAC,IAAI,CAAC;SACR;KACF;IAED,IAAI,mBAAmB,CAAC,WAAW,KAAK,0BAAW,CAAC,kBAAkB,EAAE;QACtE,iCAAiC;QACjC,OAAO,CAAC,MAAM,qCAAqC,CACjD,YAAY,EACZ,OAAO,EACP,sBAAsB,CACvB,CAAoC,CAAC;KACvC;SAAM,IAAI,mBAAmB,CAAC,WAAW,KAAK,0BAAW,CAAC,cAAc,EAAE;QACzE,iCAAiC;QACjC,OAAO,CAAC,MAAM,qCAAqC,CACjD,YAAY,EACZ,OAAO,EACP,UAAU,CACX,CAAyB,CAAC;KAC5B;SAAM;QACL,MAAM,IAAI,6BAAY,CAAC,+BAAa,CAAC,0BAA0B,CAAC,CAAC;KAClE;AACH,CAAC,CAAC;AAxEW,QAAA,uBAAuB,2BAwElC;AAEF,MAAM,qCAAqC,GAAG,KAAK,EACjD,KAAa,EACb,OAAe,EACf,QAA4D,EAK5D,EAAE;IACF,OAAO,IAAI,OAAO,CAIhB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;;QACpB,MAAM,UAAU,GACd,MAAA,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,mCAC5B,IAAA,kBAAI,EAAC;YACH,OAAO;YACP,KAAK,EAAE,IAAI;YACX,WAAW,EAAE,IAAI,GAAG,EAAE,GAAG,EAAE;YAC3B,eAAe,EAAE,GAAG;SACrB,CAAC,CAAC;QACL,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAEzC,MAAM,YAAY,GAA6B,CAC7C,MAAqB,EACrB,QAAgC,EAC1B,EAAE;;YACR,UAAU,CAAC,aAAa,CACtB,MAAA,MAAM,CAAC,GAAG,mCAAI,8BAA8B,EAC5C,CAAC,KAAmB,EAAE,GAAoB,EAAE,EAAE;gBAC5C,IAAI,KAAK,EAAE;oBACT,MAAM,CAAC,KAAK,CAAC,CAAC;oBACd,OAAO;iBACR;gBACD,QAAQ,CAAC,IAAI,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;YACrC,CAAC,CACF,CAAC;QACJ,CAAC,CAAC;QAEF,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,IAAA,wCAAmB,GAAE,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;YACxE,IAAI,KAAK,EAAE;gBACT,MAAM,CAAC,KAAK,CAAC,CAAC;gBACd,OAAO;aACR;YAED,IAAI,QAAQ,KAAK,YAAY,EAAE;gBAC7B,OAAO,CAAC,OAAyC,CAAC,CAAC;aACpD;iBAAM,IAAI,QAAQ,KAAK,UAAU,EAAE;gBAClC,OAAO,CAAC,OAA+B,CAAC,CAAC;aAC1C;iBAAM;gBACL,OAAO,CAAC,OAA0C,CAAC,CAAC;aACrD;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axinom/mosaic-id-guard",
|
|
3
|
-
"version": "0.20.0-rc.
|
|
3
|
+
"version": "0.20.0-rc.2",
|
|
4
4
|
"description": "Authentication and authorization helpers for Axinom Mosaic services",
|
|
5
5
|
"author": "Axinom",
|
|
6
6
|
"license": "PROPRIETARY",
|
|
@@ -28,9 +28,9 @@
|
|
|
28
28
|
"lint": "eslint . --ext .ts,.tsx,.js --color --cache"
|
|
29
29
|
},
|
|
30
30
|
"dependencies": {
|
|
31
|
-
"@axinom/mosaic-id-utils": "^0.13.1-rc.
|
|
32
|
-
"@axinom/mosaic-message-bus": "^0.14.1-rc.
|
|
33
|
-
"@axinom/mosaic-service-common": "^0.30.0-rc.
|
|
31
|
+
"@axinom/mosaic-id-utils": "^0.13.1-rc.12",
|
|
32
|
+
"@axinom/mosaic-message-bus": "^0.14.1-rc.12",
|
|
33
|
+
"@axinom/mosaic-service-common": "^0.30.0-rc.3",
|
|
34
34
|
"amqplib": "^0.6.0",
|
|
35
35
|
"express": "^4.17.1",
|
|
36
36
|
"express-bearer-token": "^2.4.0",
|
|
@@ -41,6 +41,7 @@
|
|
|
41
41
|
"graphql-ws": "^5.11.2",
|
|
42
42
|
"jsonwebtoken": "^9.0.0",
|
|
43
43
|
"jwks-rsa": "^1.8.1",
|
|
44
|
+
"lru-cache": "^8.0.4",
|
|
44
45
|
"pg": "^8.5.1",
|
|
45
46
|
"postgraphile": "^4.13.0",
|
|
46
47
|
"rascal": "^14.0.1",
|
|
@@ -60,5 +61,5 @@
|
|
|
60
61
|
"publishConfig": {
|
|
61
62
|
"access": "public"
|
|
62
63
|
},
|
|
63
|
-
"gitHead": "
|
|
64
|
+
"gitHead": "13acadd26da5affcaeeab599bebd14caa842930f"
|
|
64
65
|
}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { isNullOrWhitespace } from '@axinom/mosaic-service-common';
|
|
2
2
|
import jwt from 'jsonwebtoken';
|
|
3
3
|
import jwks from 'jwks-rsa';
|
|
4
|
+
import LRUCache from 'lru-cache';
|
|
4
5
|
import { IdGuardError } from './id-guard-error';
|
|
5
6
|
import { IdGuardErrors } from './id-guard-errors';
|
|
6
7
|
import {
|
|
@@ -16,6 +17,10 @@ import {
|
|
|
16
17
|
AuthenticationConfig,
|
|
17
18
|
} from './types';
|
|
18
19
|
|
|
20
|
+
const jwksClientCache = new LRUCache<string, jwks.JwksClient>({
|
|
21
|
+
max: 1000,
|
|
22
|
+
});
|
|
23
|
+
|
|
19
24
|
export const EMBEDDED_END_USER_TOKEN_KEY = 'mosaic.end-user.accessToken';
|
|
20
25
|
|
|
21
26
|
/**
|
|
@@ -181,12 +186,15 @@ const verifyTokenAndGetAuthenticatedSubject = async (
|
|
|
181
186
|
| AuthenticatedEndUser
|
|
182
187
|
| AuthenticatedEndUserApplication
|
|
183
188
|
>((resolve, reject) => {
|
|
184
|
-
const jwksClient =
|
|
185
|
-
jwksUri
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
189
|
+
const jwksClient =
|
|
190
|
+
jwksClientCache.get(jwksUri) ??
|
|
191
|
+
jwks({
|
|
192
|
+
jwksUri,
|
|
193
|
+
cache: true,
|
|
194
|
+
cacheMaxAge: 1000 * 60 * 10, // 10 Minutes (same as access token lifetime)
|
|
195
|
+
cacheMaxEntries: 100,
|
|
196
|
+
});
|
|
197
|
+
jwksClientCache.set(jwksUri, jwksClient);
|
|
190
198
|
|
|
191
199
|
const getPublicKey: jwt.GetPublicKeyOrSecret = (
|
|
192
200
|
header: jwt.JwtHeader,
|