@forklaunch/core 0.14.13 → 0.14.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/http/index.js +22 -17
- package/lib/http/index.js.map +1 -1
- package/lib/http/index.mjs +22 -17
- package/lib/http/index.mjs.map +1 -1
- package/package.json +3 -3
package/lib/http/index.js
CHANGED
|
@@ -193,7 +193,7 @@ function isBasicAuthMethod(maybeBasicAuthMethod) {
|
|
|
193
193
|
|
|
194
194
|
// src/http/guards/isHmacMethod.ts
|
|
195
195
|
function isHmacMethod(maybeHmacMethod) {
|
|
196
|
-
return typeof maybeHmacMethod === "object" && maybeHmacMethod !== null && "
|
|
196
|
+
return typeof maybeHmacMethod === "object" && maybeHmacMethod !== null && "hmac" in maybeHmacMethod && maybeHmacMethod.hmac != null;
|
|
197
197
|
}
|
|
198
198
|
|
|
199
199
|
// src/http/guards/isJwtAuthMethod.ts
|
|
@@ -202,12 +202,26 @@ function isJwtAuthMethod(maybeJwtAuthMethod) {
|
|
|
202
202
|
}
|
|
203
203
|
|
|
204
204
|
// src/http/discriminateAuthMethod.ts
|
|
205
|
-
var DEFAULT_TTL = 60 * 1e3 * 5;
|
|
206
|
-
var
|
|
205
|
+
var DEFAULT_TTL = process.env.JWKS_TTL ? parseInt(process.env.JWKS_TTL) : 60 * 1e3 * 5;
|
|
206
|
+
var cachedJwks = {
|
|
207
207
|
value: null,
|
|
208
208
|
lastUpdated: null,
|
|
209
209
|
ttl: DEFAULT_TTL
|
|
210
210
|
};
|
|
211
|
+
async function getCachedJwks(jwksPublicKeyUrl) {
|
|
212
|
+
if (cachedJwks.value && cachedJwks.lastUpdated && Date.now() - cachedJwks.lastUpdated.getTime() < cachedJwks.ttl) {
|
|
213
|
+
return cachedJwks.value;
|
|
214
|
+
} else {
|
|
215
|
+
const jwksResponse = await fetch(jwksPublicKeyUrl);
|
|
216
|
+
const jwks = (await jwksResponse.json()).keys;
|
|
217
|
+
cachedJwks.value = jwks;
|
|
218
|
+
cachedJwks.lastUpdated = /* @__PURE__ */ new Date();
|
|
219
|
+
cachedJwks.ttl = parseInt(
|
|
220
|
+
jwksResponse.headers.get("cache-control")?.split("=")[1] ?? `${DEFAULT_TTL / 1e3}`
|
|
221
|
+
) * 1e3;
|
|
222
|
+
return jwks;
|
|
223
|
+
}
|
|
224
|
+
}
|
|
211
225
|
async function discriminateAuthMethod(auth) {
|
|
212
226
|
let authMethod;
|
|
213
227
|
if (isBasicAuthMethod(auth)) {
|
|
@@ -232,17 +246,7 @@ async function discriminateAuthMethod(auth) {
|
|
|
232
246
|
} else {
|
|
233
247
|
let jwks;
|
|
234
248
|
if ("jwksPublicKeyUrl" in jwt) {
|
|
235
|
-
|
|
236
|
-
jwks = memoizedJwks.value;
|
|
237
|
-
} else {
|
|
238
|
-
const jwksResponse = await fetch(jwt.jwksPublicKeyUrl);
|
|
239
|
-
jwks = (await jwksResponse.json()).keys;
|
|
240
|
-
memoizedJwks.value = jwks;
|
|
241
|
-
memoizedJwks.lastUpdated = /* @__PURE__ */ new Date();
|
|
242
|
-
memoizedJwks.ttl = parseInt(
|
|
243
|
-
jwksResponse.headers.get("cache-control")?.split("=")[1] ?? `${DEFAULT_TTL / 1e3}`
|
|
244
|
-
) * 1e3;
|
|
245
|
-
}
|
|
249
|
+
jwks = await getCachedJwks(jwt.jwksPublicKeyUrl);
|
|
246
250
|
} else if ("jwksPublicKey" in jwt) {
|
|
247
251
|
jwks = [jwt.jwksPublicKey];
|
|
248
252
|
}
|
|
@@ -252,9 +256,9 @@ async function discriminateAuthMethod(auth) {
|
|
|
252
256
|
const { payload } = await (0, import_jose.jwtVerify)(token, key);
|
|
253
257
|
return payload;
|
|
254
258
|
} catch {
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
259
|
+
cachedJwks.value = null;
|
|
260
|
+
cachedJwks.lastUpdated = null;
|
|
261
|
+
cachedJwks.ttl = DEFAULT_TTL;
|
|
258
262
|
continue;
|
|
259
263
|
}
|
|
260
264
|
}
|
|
@@ -539,6 +543,7 @@ async function parseRequestAuth(req, res, next) {
|
|
|
539
543
|
req._globalOptions?.()?.auth
|
|
540
544
|
) ?? [];
|
|
541
545
|
if (error != null) {
|
|
546
|
+
req.openTelemetryCollector.error(error, message);
|
|
542
547
|
res.type("text/plain");
|
|
543
548
|
res.status(error).send(message);
|
|
544
549
|
return;
|