@canmingir/link-express 1.7.10 → 1.7.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/lib/cognitoVerifier.ts +23 -5
- package/src/routes/oauth.ts +22 -2
package/package.json
CHANGED
|
@@ -1,11 +1,29 @@
|
|
|
1
1
|
import { CognitoJwtVerifier } from "aws-jwt-verify";
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
3
|
+
const userPoolId = process.env.COGNITO_USER_POOL_ID;
|
|
4
|
+
const clientId = process.env.COGNITO_CLIENT_ID;
|
|
5
|
+
|
|
6
|
+
if (!userPoolId || !clientId) {
|
|
7
|
+
console.warn(
|
|
8
|
+
"Cognito is not fully configured. Missing COGNITO_USER_POOL_ID or COGNITO_CLIENT_ID.",
|
|
9
|
+
);
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
const cognitoAccessTokenVerifier =
|
|
13
|
+
userPoolId && clientId
|
|
14
|
+
? CognitoJwtVerifier.create({
|
|
15
|
+
userPoolId,
|
|
16
|
+
tokenUse: "access",
|
|
17
|
+
clientId,
|
|
18
|
+
})
|
|
19
|
+
: null;
|
|
8
20
|
|
|
9
21
|
export async function verifyCognitoAccessToken(token: string) {
|
|
22
|
+
if (!cognitoAccessTokenVerifier) {
|
|
23
|
+
throw new Error(
|
|
24
|
+
"Cognito is not configured. Set COGNITO_USER_POOL_ID and COGNITO_CLIENT_ID.",
|
|
25
|
+
);
|
|
26
|
+
}
|
|
27
|
+
|
|
10
28
|
return cognitoAccessTokenVerifier.verify(token);
|
|
11
29
|
}
|
package/src/routes/oauth.ts
CHANGED
|
@@ -16,6 +16,26 @@ if (!project) {
|
|
|
16
16
|
throw new Error("Project configuration is required");
|
|
17
17
|
}
|
|
18
18
|
|
|
19
|
+
const providers = project?.oauth?.providers || {};
|
|
20
|
+
|
|
21
|
+
const identityProviders: Record<string, typeof providers[string]> = {};
|
|
22
|
+
|
|
23
|
+
for (const [key, value] of Object.entries(providers)) {
|
|
24
|
+
const identityProviderKey = key.toLowerCase();
|
|
25
|
+
|
|
26
|
+
if (identityProviders[identityProviderKey]) {
|
|
27
|
+
throw new Error(
|
|
28
|
+
`Duplicate OAuth provider configuration detected for key "${key}". Provider keys must be unique in a case-insensitive manner.`,
|
|
29
|
+
);
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
identityProviders[identityProviderKey] = value;
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
function getProviderConfig(identityProvider: string) {
|
|
36
|
+
return identityProviders[identityProvider.toLowerCase()];
|
|
37
|
+
}
|
|
38
|
+
|
|
19
39
|
router.post(
|
|
20
40
|
"/",
|
|
21
41
|
async (req: Request, res: Response): Promise<Response | void> => {
|
|
@@ -288,7 +308,7 @@ router.post(
|
|
|
288
308
|
return res.status(400).send("Missing OAuth Code and Refresh Token");
|
|
289
309
|
}
|
|
290
310
|
|
|
291
|
-
const providerConfig =
|
|
311
|
+
const providerConfig = getProviderConfig(identityProvider) as {
|
|
292
312
|
clientId: string;
|
|
293
313
|
tokenUrl: string;
|
|
294
314
|
userUrl: string;
|
|
@@ -501,7 +521,7 @@ router.get("/user", async (req: Request, res: Response): Promise<Response> => {
|
|
|
501
521
|
});
|
|
502
522
|
}
|
|
503
523
|
|
|
504
|
-
const providerConfig =
|
|
524
|
+
const providerConfig = getProviderConfig(identityProvider) as {
|
|
505
525
|
userUrl: string;
|
|
506
526
|
userFields: {
|
|
507
527
|
name: string;
|