@forklaunch/core 0.14.13 → 0.14.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/http/index.js +22 -17
- package/lib/http/index.js.map +1 -1
- package/lib/http/index.mjs +22 -17
- package/lib/http/index.mjs.map +1 -1
- package/package.json +3 -3
package/lib/http/index.mjs
CHANGED
|
@@ -118,7 +118,7 @@ function isBasicAuthMethod(maybeBasicAuthMethod) {
|
|
|
118
118
|
|
|
119
119
|
// src/http/guards/isHmacMethod.ts
|
|
120
120
|
function isHmacMethod(maybeHmacMethod) {
|
|
121
|
-
return typeof maybeHmacMethod === "object" && maybeHmacMethod !== null && "
|
|
121
|
+
return typeof maybeHmacMethod === "object" && maybeHmacMethod !== null && "hmac" in maybeHmacMethod && maybeHmacMethod.hmac != null;
|
|
122
122
|
}
|
|
123
123
|
|
|
124
124
|
// src/http/guards/isJwtAuthMethod.ts
|
|
@@ -127,12 +127,26 @@ function isJwtAuthMethod(maybeJwtAuthMethod) {
|
|
|
127
127
|
}
|
|
128
128
|
|
|
129
129
|
// src/http/discriminateAuthMethod.ts
|
|
130
|
-
var DEFAULT_TTL = 60 * 1e3 * 5;
|
|
131
|
-
var
|
|
130
|
+
var DEFAULT_TTL = process.env.JWKS_TTL ? parseInt(process.env.JWKS_TTL) : 60 * 1e3 * 5;
|
|
131
|
+
var cachedJwks = {
|
|
132
132
|
value: null,
|
|
133
133
|
lastUpdated: null,
|
|
134
134
|
ttl: DEFAULT_TTL
|
|
135
135
|
};
|
|
136
|
+
async function getCachedJwks(jwksPublicKeyUrl) {
|
|
137
|
+
if (cachedJwks.value && cachedJwks.lastUpdated && Date.now() - cachedJwks.lastUpdated.getTime() < cachedJwks.ttl) {
|
|
138
|
+
return cachedJwks.value;
|
|
139
|
+
} else {
|
|
140
|
+
const jwksResponse = await fetch(jwksPublicKeyUrl);
|
|
141
|
+
const jwks = (await jwksResponse.json()).keys;
|
|
142
|
+
cachedJwks.value = jwks;
|
|
143
|
+
cachedJwks.lastUpdated = /* @__PURE__ */ new Date();
|
|
144
|
+
cachedJwks.ttl = parseInt(
|
|
145
|
+
jwksResponse.headers.get("cache-control")?.split("=")[1] ?? `${DEFAULT_TTL / 1e3}`
|
|
146
|
+
) * 1e3;
|
|
147
|
+
return jwks;
|
|
148
|
+
}
|
|
149
|
+
}
|
|
136
150
|
async function discriminateAuthMethod(auth) {
|
|
137
151
|
let authMethod;
|
|
138
152
|
if (isBasicAuthMethod(auth)) {
|
|
@@ -157,17 +171,7 @@ async function discriminateAuthMethod(auth) {
|
|
|
157
171
|
} else {
|
|
158
172
|
let jwks;
|
|
159
173
|
if ("jwksPublicKeyUrl" in jwt) {
|
|
160
|
-
|
|
161
|
-
jwks = memoizedJwks.value;
|
|
162
|
-
} else {
|
|
163
|
-
const jwksResponse = await fetch(jwt.jwksPublicKeyUrl);
|
|
164
|
-
jwks = (await jwksResponse.json()).keys;
|
|
165
|
-
memoizedJwks.value = jwks;
|
|
166
|
-
memoizedJwks.lastUpdated = /* @__PURE__ */ new Date();
|
|
167
|
-
memoizedJwks.ttl = parseInt(
|
|
168
|
-
jwksResponse.headers.get("cache-control")?.split("=")[1] ?? `${DEFAULT_TTL / 1e3}`
|
|
169
|
-
) * 1e3;
|
|
170
|
-
}
|
|
174
|
+
jwks = await getCachedJwks(jwt.jwksPublicKeyUrl);
|
|
171
175
|
} else if ("jwksPublicKey" in jwt) {
|
|
172
176
|
jwks = [jwt.jwksPublicKey];
|
|
173
177
|
}
|
|
@@ -177,9 +181,9 @@ async function discriminateAuthMethod(auth) {
|
|
|
177
181
|
const { payload } = await jwtVerify(token, key);
|
|
178
182
|
return payload;
|
|
179
183
|
} catch {
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
184
|
+
cachedJwks.value = null;
|
|
185
|
+
cachedJwks.lastUpdated = null;
|
|
186
|
+
cachedJwks.ttl = DEFAULT_TTL;
|
|
183
187
|
continue;
|
|
184
188
|
}
|
|
185
189
|
}
|
|
@@ -464,6 +468,7 @@ async function parseRequestAuth(req, res, next) {
|
|
|
464
468
|
req._globalOptions?.()?.auth
|
|
465
469
|
) ?? [];
|
|
466
470
|
if (error != null) {
|
|
471
|
+
req.openTelemetryCollector.error(error, message);
|
|
467
472
|
res.type("text/plain");
|
|
468
473
|
res.status(error).send(message);
|
|
469
474
|
return;
|