@electr0zed/auth-gateway-cf 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (110) hide show
  1. package/README.md +59 -0
  2. package/dist/auth/index.d.ts +84 -0
  3. package/dist/auth/index.d.ts.map +1 -0
  4. package/dist/auth/index.js +609 -0
  5. package/dist/auth/index.js.map +1 -0
  6. package/dist/auth/pkceState.d.ts +40 -0
  7. package/dist/auth/pkceState.d.ts.map +1 -0
  8. package/dist/auth/pkceState.js +75 -0
  9. package/dist/auth/pkceState.js.map +1 -0
  10. package/dist/config.example.d.ts +2 -0
  11. package/dist/config.example.d.ts.map +1 -0
  12. package/dist/config.example.js +83 -0
  13. package/dist/config.example.js.map +1 -0
  14. package/dist/core/gateway.d.ts +11 -0
  15. package/dist/core/gateway.d.ts.map +1 -0
  16. package/dist/core/gateway.js +97 -0
  17. package/dist/core/gateway.js.map +1 -0
  18. package/dist/do/sessionDo.d.ts +11 -0
  19. package/dist/do/sessionDo.d.ts.map +1 -0
  20. package/dist/do/sessionDo.js +96 -0
  21. package/dist/do/sessionDo.js.map +1 -0
  22. package/dist/index.d.ts +7 -0
  23. package/dist/index.d.ts.map +1 -0
  24. package/dist/index.js +16 -0
  25. package/dist/index.js.map +1 -0
  26. package/dist/providers/baseProvider.d.ts +22 -0
  27. package/dist/providers/baseProvider.d.ts.map +1 -0
  28. package/dist/providers/baseProvider.js +129 -0
  29. package/dist/providers/baseProvider.js.map +1 -0
  30. package/dist/providers/google.d.ts +9 -0
  31. package/dist/providers/google.d.ts.map +1 -0
  32. package/dist/providers/google.js +27 -0
  33. package/dist/providers/google.js.map +1 -0
  34. package/dist/providers/index.d.ts +3 -0
  35. package/dist/providers/index.d.ts.map +1 -0
  36. package/dist/providers/index.js +5 -0
  37. package/dist/providers/index.js.map +1 -0
  38. package/dist/routing/routeMatcher.d.ts +15 -0
  39. package/dist/routing/routeMatcher.d.ts.map +1 -0
  40. package/dist/routing/routeMatcher.js +83 -0
  41. package/dist/routing/routeMatcher.js.map +1 -0
  42. package/dist/sessions/durableObjectSession.d.ts +25 -0
  43. package/dist/sessions/durableObjectSession.d.ts.map +1 -0
  44. package/dist/sessions/durableObjectSession.js +90 -0
  45. package/dist/sessions/durableObjectSession.js.map +1 -0
  46. package/dist/sessions/index.d.ts +19 -0
  47. package/dist/sessions/index.d.ts.map +1 -0
  48. package/dist/sessions/index.js +32 -0
  49. package/dist/sessions/index.js.map +1 -0
  50. package/dist/sessions/jwtSession.d.ts +19 -0
  51. package/dist/sessions/jwtSession.d.ts.map +1 -0
  52. package/dist/sessions/jwtSession.js +49 -0
  53. package/dist/sessions/jwtSession.js.map +1 -0
  54. package/dist/stores/index.d.ts +3 -0
  55. package/dist/stores/index.d.ts.map +1 -0
  56. package/dist/stores/index.js +10 -0
  57. package/dist/stores/index.js.map +1 -0
  58. package/dist/stores/postgres.d.ts +74 -0
  59. package/dist/stores/postgres.d.ts.map +1 -0
  60. package/dist/stores/postgres.js +231 -0
  61. package/dist/stores/postgres.js.map +1 -0
  62. package/dist/types.d.ts +247 -0
  63. package/dist/types.d.ts.map +1 -0
  64. package/dist/types.js +5 -0
  65. package/dist/types.js.map +1 -0
  66. package/dist/utils/csrf.d.ts +13 -0
  67. package/dist/utils/csrf.d.ts.map +1 -0
  68. package/dist/utils/csrf.js +42 -0
  69. package/dist/utils/csrf.js.map +1 -0
  70. package/dist/utils/helpers.d.ts +8 -0
  71. package/dist/utils/helpers.d.ts.map +1 -0
  72. package/dist/utils/helpers.js +22 -0
  73. package/dist/utils/helpers.js.map +1 -0
  74. package/dist/utils/http.d.ts +9 -0
  75. package/dist/utils/http.d.ts.map +1 -0
  76. package/dist/utils/http.js +23 -0
  77. package/dist/utils/http.js.map +1 -0
  78. package/dist/utils/jwt.d.ts +22 -0
  79. package/dist/utils/jwt.d.ts.map +1 -0
  80. package/dist/utils/jwt.js +96 -0
  81. package/dist/utils/jwt.js.map +1 -0
  82. package/dist/utils/passwordPolicy.d.ts +9 -0
  83. package/dist/utils/passwordPolicy.d.ts.map +1 -0
  84. package/dist/utils/passwordPolicy.js +29 -0
  85. package/dist/utils/passwordPolicy.js.map +1 -0
  86. package/dist/utils/passwords.d.ts +33 -0
  87. package/dist/utils/passwords.d.ts.map +1 -0
  88. package/dist/utils/passwords.js +139 -0
  89. package/dist/utils/passwords.js.map +1 -0
  90. package/dist/utils/propagation.d.ts +30 -0
  91. package/dist/utils/propagation.d.ts.map +1 -0
  92. package/dist/utils/propagation.js +60 -0
  93. package/dist/utils/propagation.js.map +1 -0
  94. package/dist/utils/returnTo.d.ts +2 -0
  95. package/dist/utils/returnTo.d.ts.map +1 -0
  96. package/dist/utils/returnTo.js +21 -0
  97. package/dist/utils/returnTo.js.map +1 -0
  98. package/dist/utils/roles.d.ts +3 -0
  99. package/dist/utils/roles.d.ts.map +1 -0
  100. package/dist/utils/roles.js +25 -0
  101. package/dist/utils/roles.js.map +1 -0
  102. package/dist/utils/turnstile.d.ts +12 -0
  103. package/dist/utils/turnstile.d.ts.map +1 -0
  104. package/dist/utils/turnstile.js +40 -0
  105. package/dist/utils/turnstile.js.map +1 -0
  106. package/dist/utils/verifyInternal.d.ts +8 -0
  107. package/dist/utils/verifyInternal.d.ts.map +1 -0
  108. package/dist/utils/verifyInternal.js +69 -0
  109. package/dist/utils/verifyInternal.js.map +1 -0
  110. package/package.json +48 -0
package/dist/utils/verifyInternal.js ADDED
@@ -0,0 +1,69 @@
1
+ import { decodeJsonFromBase64, signHmac } from './propagation';
2
+ export async function verifyGatewayUser(request, cfg, env, options = {}) {
3
+ const headerName = cfg.propagation.headerName ?? 'X-User';
4
+ const sigHeaderName = cfg.propagation.sigHeaderName ?? 'X-User-Sig';
5
+ const payloadB64 = request.headers.get(headerName);
6
+ const sig = request.headers.get(sigHeaderName);
7
+ if (!payloadB64 || !sig) {
8
+ if (options.require)
9
+ throw new Error('missing_user_headers');
10
+ return null;
11
+ }
12
+ const secret = env[cfg.propagation.hmacSecretEnv];
13
+ if (!secret)
14
+ throw new Error('missing_hmac_secret');
15
+ const computedSig = await signHmac(payloadB64, secret);
16
+ if (!timingSafeEqual(computedSig, sig)) {
17
+ if (options.require)
18
+ throw new Error('bad_user_sig');
19
+ return null;
20
+ }
21
+ let payload;
22
+ try {
23
+ payload = decodeJsonFromBase64(payloadB64);
24
+ }
25
+ catch {
26
+ if (options.require)
27
+ throw new Error('bad_user_payload');
28
+ return null;
29
+ }
30
+ if (!isPropagatedUserPayload(payload)) {
31
+ if (options.require)
32
+ throw new Error('bad_user_shape');
33
+ return null;
34
+ }
35
+ const maxSkewSec = options.maxSkewSec ?? 120;
36
+ const now = Math.floor(Date.now() / 1000);
37
+ if (Math.abs(now - payload.ts) > maxSkewSec) {
38
+ if (options.require)
39
+ throw new Error('user_ts_out_of_window');
40
+ return null;
41
+ }
42
+ return payload;
43
+ }
44
+ function isPropagatedUserPayload(x) {
45
+ if (!x || typeof x !== 'object')
46
+ return false;
47
+ const o = x;
48
+ return (typeof o.userId === 'string' &&
49
+ o.userId.length > 0 &&
50
+ typeof o.email === 'string' &&
51
+ o.email.length > 0 &&
52
+ typeof o.ts === 'number' &&
53
+ Number.isFinite(o.ts));
54
+ }
55
+ /**
56
+ * Timing-safe compare for short strings.
57
+ * (Avoids early-return. Better than `===`.)
58
+ */
59
+ function timingSafeEqual(a, b) {
60
+ let out = a.length ^ b.length;
61
+ const len = Math.max(a.length, b.length);
62
+ for (let i = 0; i < len; i++) {
63
+ const ca = i < a.length ? a.charCodeAt(i) : 0;
64
+ const cb = i < b.length ? b.charCodeAt(i) : 0;
65
+ out |= ca ^ cb;
66
+ }
67
+ return out === 0;
68
+ }
69
+ //# sourceMappingURL=verifyInternal.js.map
package/dist/utils/verifyInternal.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyInternal.js","sourceRoot":"","sources":["../../src/utils/verifyInternal.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAA8B,MAAM,eAAe,CAAC;AAO3F,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACtC,OAAgB,EAChB,GAAuC,EACvC,GAAQ,EACR,UAAoC,EAAE;IAEtC,MAAM,UAAU,GAAG,GAAG,CAAC,WAAW,CAAC,UAAU,IAAI,QAAQ,CAAC;IAC1D,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC,aAAa,IAAI,YAAY,CAAC;IAEpE,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAE/C,IAAI,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,OAAO,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC;IACb,CAAC;IAED,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IAClD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACvD,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,GAAG,CAAC,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACJ,OAAO,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACR,IAAI,OAAO,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACb,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,GAAG,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC9D,OAAO,IAAI,CAAC;IACb,CAAC;IAED,OAAO,OAAO,CAAC;AAChB,CAAC;AAED,SAAS,uBAAuB,CAAC,CAAU;IAC1C,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC9C,MAAM,CAAC,GAAG,CAA4B,CAAC;IAEvC,OAAO,CACN,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ;QAC5B,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;QACnB,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ;QAC3B,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QAClB,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ;QACxB,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CACrB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,CAAS,EAAE,CAAS;IAC5C,IAAI,GAAG,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9C,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9C,GAAG,IAAI,EAAE,GAAG,EAAE,CAAC;IAChB,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,CAAC;AAClB,CAAC"}
package/package.json ADDED
@@ -0,0 +1,48 @@
1
+ {
2
+ "name": "@electr0zed/auth-gateway-cf",
3
+ "version": "0.1.0",
4
+ "type": "module",
5
+ "sideEffects": false,
6
+ "files": [
7
+ "dist"
8
+ ],
9
+ "exports": {
10
+ ".": {
11
+ "import": "./dist/index.js",
12
+ "types": "./dist/index.d.ts"
13
+ }
14
+ },
15
+ "types": "./dist/index.d.ts",
16
+ "scripts": {
17
+ "build": "tsc",
18
+ "lint": "eslint . --ext .ts",
19
+ "lint:fix": "eslint . --ext .ts --fix",
20
+ "check-types": "tsc --noEmit"
21
+ },
22
+ "dependencies": {
23
+ "kysely": "^0.29.0",
24
+ "pg": "^8.20.0",
25
+ "unique-names-generator": "^4.7.1"
26
+ },
27
+ "devDependencies": {
28
+ "@cloudflare/workers-types": "^4.20260511.1",
29
+ "@eslint/js": "^9.38.0",
30
+ "@types/pg": "^8.20.0",
31
+ "eslint": "^9.38.0",
32
+ "eslint-config-prettier": "^10.1.8",
33
+ "eslint-plugin-prettier": "^5.5.4",
34
+ "globals": "^16.4.0",
35
+ "jiti": "^2.7.0",
36
+ "prettier": "3.8.3",
37
+ "typescript": "^5.9.3",
38
+ "typescript-eslint": "^8.59.3"
39
+ },
40
+ "repository": {
41
+ "type": "git",
42
+ "url": "git+https://github.com/ELECTR0ZED/auth-gateway-cf.git"
43
+ },
44
+ "engines": {
45
+ "node": ">=22"
46
+ },
47
+ "license": "MIT"
48
+ }