npm - @forklaunch/core - Versions diffs - 0.14.9 → 0.14.11-beta.1 - Mend

@forklaunch/core 0.14.9 → 0.14.11-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/lib/http/index.mjs CHANGED Viewed

@@ -81,6 +81,9 @@ function isTypedHandler(maybeTypedHandler) {
 // src/http/middleware/request/auth.middleware.ts
 import { isNever } from "@forklaunch/common";
+import {
+  prettyPrintParseErrors
+} from "@forklaunch/validator";
 // src/http/discriminateAuthMethod.ts
 import { jwtVerify } from "jose";
@@ -99,10 +102,12 @@ function createHmacToken({
   const hmac = createHmac("sha256", secretKey);
   const bodyString = body ? `${safeStringify(body)}
 ` : void 0;
-  hmac.update(`${method}
+  hmac.update(
+    `${method}
 ${path}
-${bodyString}${timestamp}
-${nonce}`);
+${bodyString}${timestamp.toISOString()}
+${nonce}`
+  );
   return hmac.digest("base64");
 }
@@ -122,6 +127,12 @@ function isJwtAuthMethod(maybeJwtAuthMethod) {
 }
 // src/http/discriminateAuthMethod.ts
+var DEFAULT_TTL = 60 * 1e3 * 5;
+var memoizedJwks = {
+  value: null,
+  lastUpdated: null,
+  ttl: DEFAULT_TTL
+};
 async function discriminateAuthMethod(auth) {
   let authMethod;
   if (isBasicAuthMethod(auth)) {
@@ -146,8 +157,17 @@ async function discriminateAuthMethod(auth) {
     } else {
       let jwks;
       if ("jwksPublicKeyUrl" in jwt) {
-        const jwksResponse = await fetch(jwt.jwksPublicKeyUrl);
-        jwks = (await jwksResponse.json()).keys;
+        if (memoizedJwks.value && memoizedJwks.lastUpdated && Date.now() - memoizedJwks.lastUpdated.getTime() < memoizedJwks.ttl) {
+          jwks = memoizedJwks.value;
+        } else {
+          const jwksResponse = await fetch(jwt.jwksPublicKeyUrl);
+          jwks = (await jwksResponse.json()).keys;
+          memoizedJwks.value = jwks;
+          memoizedJwks.lastUpdated = /* @__PURE__ */ new Date();
+          memoizedJwks.ttl = parseInt(
+            jwksResponse.headers.get("cache-control")?.split("=")[1] ?? `${DEFAULT_TTL / 1e3}`
+          ) * 1e3;
+        }
       } else if ("jwksPublicKey" in jwt) {
         jwks = [jwt.jwksPublicKey];
       }
@@ -157,6 +177,9 @@ async function discriminateAuthMethod(auth) {
             const { payload } = await jwtVerify(token, key);
             return payload;
           } catch {
+            memoizedJwks.value = null;
+            memoizedJwks.lastUpdated = null;
+            memoizedJwks.ttl = DEFAULT_TTL;
             continue;
           }
         }
@@ -260,7 +283,7 @@ function parseHmacTokenPart(part, expectedKey) {
   if (key !== expectedKey || rest.length === 0) return void 0;
   return rest.join("=");
 }
-async function checkAuthorizationToken(authorizationMethod, globalOptions, authorizationToken, req) {
+async function checkAuthorizationToken(req, authorizationMethod, authorizationToken, globalOptions) {
   if (authorizationMethod == null) {
     return void 0;
   }
@@ -275,7 +298,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
   if (!tokenParts.length || !tokenPrefix) {
     return invalidAuthorizationTokenFormat;
   }
-  let resourceId;
+  let sessionPayload;
   const { type, auth } = await discriminateAuthMethod(
     collapsedAuthorizationMethod
   );
@@ -299,7 +322,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
         method: req?.method ?? "",
         path: req?.path ?? "",
         body: req?.body,
-        timestamp: parsedTimestamp,
+        timestamp: new Date(parsedTimestamp),
         nonce: parsedNonce,
         signature: parsedSignature,
         secretKey: collapsedAuthorizationMethod.hmac.secretKeys[parsedKeyId]
@@ -307,7 +330,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
       if (!verificationResult) {
         return invalidAuthorizationSignature;
       }
-      resourceId = null;
+      sessionPayload = null;
       break;
     }
     case "jwt": {
@@ -320,7 +343,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
         if (!decodedJwt) {
           return invalidAuthorizationToken;
         }
-        resourceId = decodedJwt;
+        sessionPayload = decodedJwt;
       } catch (error) {
         req?.openTelemetryCollector.error(error);
         return invalidAuthorizationToken;
@@ -333,7 +356,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
         return invalidAuthorizationTokenFormat;
       }
       if (auth.decodeResource) {
-        resourceId = await auth.decodeResource(token);
+        sessionPayload = await auth.decodeResource(token);
       } else {
         const [username, password] = Buffer.from(token, "base64").toString("utf-8").split(":");
         if (!username || !password) {
@@ -342,7 +365,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
         if (!auth.login(username, password)) {
           return invalidAuthorizationLogin;
         }
-        resourceId = {
+        sessionPayload = {
           sub: username
         };
       }
@@ -352,16 +375,29 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
       isNever(type);
       return [401, "Invalid Authorization method."];
   }
-  if (isHmacMethod(collapsedAuthorizationMethod) && resourceId == null) {
+  if (isHmacMethod(collapsedAuthorizationMethod) && sessionPayload == null) {
     return;
   }
-  if (resourceId == null) {
+  if (sessionPayload == null) {
     return invalidAuthorizationToken;
   }
+  req.session = sessionPayload;
+  if (collapsedAuthorizationMethod.sessionSchema) {
+    const parsedSession = req.schemaValidator.parse(
+      collapsedAuthorizationMethod.sessionSchema,
+      sessionPayload
+    );
+    if (!parsedSession.ok) {
+      return [
+        400,
+        `Invalid session: ${prettyPrintParseErrors(parsedSession.errors, "Session")}`
+      ];
+    }
+  }
   if (hasScopeChecks(collapsedAuthorizationMethod)) {
     if (collapsedAuthorizationMethod.surfaceScopes) {
       const resourceScopes = await collapsedAuthorizationMethod.surfaceScopes(
-        resourceId,
+        sessionPayload,
         req
       );
       if (collapsedAuthorizationMethod.scopeHeirarchy) {
@@ -380,7 +416,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
       return [500, "No permission surfacing function provided."];
     }
     const resourcePermissions = await collapsedAuthorizationMethod.surfacePermissions(
-      resourceId,
+      sessionPayload,
       req
     );
     if ("allowedPermissions" in collapsedAuthorizationMethod && collapsedAuthorizationMethod.allowedPermissions) {
@@ -402,7 +438,7 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
       return [500, "No role surfacing function provided."];
     }
     const resourceRoles = await collapsedAuthorizationMethod.surfaceRoles(
-      resourceId,
+      sessionPayload,
       req
     );
     if ("allowedRoles" in collapsedAuthorizationMethod && collapsedAuthorizationMethod.allowedRoles) {
@@ -422,10 +458,10 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
 async function parseRequestAuth(req, res, next) {
   const auth = req.contractDetails.auth;
   const [error, message] = await checkAuthorizationToken(
+    req,
     auth,
-    req._globalOptions?.()?.auth,
     req.headers[auth?.headerName ?? "Authorization"] || req.headers[auth?.headerName ?? "authorization"],
-    req
+    req._globalOptions?.()?.auth
   ) ?? [];
   if (error != null) {
     res.type("text/plain");
@@ -804,7 +840,7 @@ function enrichDetails(path, contractDetails, requestSchema, responseSchemas, op
 // src/http/middleware/request/parse.middleware.ts
 import { isRecord } from "@forklaunch/common";
 import {
-  prettyPrintParseErrors
+  prettyPrintParseErrors as prettyPrintParseErrors2
 } from "@forklaunch/validator";
 // src/http/guards/hasSend.ts
@@ -843,7 +879,7 @@ function parse(req, res, next) {
           req.version = version;
           res.version = req.version;
         } else {
-          runningParseErrors += prettyPrintParseErrors(
+          runningParseErrors += prettyPrintParseErrors2(
             parsingResult.errors,
             `Version ${version} request`
           );
@@ -901,7 +937,7 @@ function parse(req, res, next) {
         res.status(400);
         if (hasSend(res)) {
           res.send(
-            `${collectedParseErrors ?? prettyPrintParseErrors(parsedRequest.errors, "Request")}
+            `${collectedParseErrors ?? prettyPrintParseErrors2(parsedRequest.errors, "Request")}
 Correlation id: ${req.context.correlationId ?? "No correlation ID"}`
           );
@@ -911,7 +947,7 @@ Correlation id: ${req.context.correlationId ?? "No correlation ID"}`
         return;
       case "warning":
         req.openTelemetryCollector.warn(
-          collectedParseErrors ?? prettyPrintParseErrors(parsedRequest.errors, "Request")
+          collectedParseErrors ?? prettyPrintParseErrors2(parsedRequest.errors, "Request")
         );
         break;
       case "none":
@@ -3196,7 +3232,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
 // src/http/middleware/response/parse.middleware.ts
 import {
-  prettyPrintParseErrors as prettyPrintParseErrors2
+  prettyPrintParseErrors as prettyPrintParseErrors3
 } from "@forklaunch/validator";
 // src/http/guards/isResponseCompiledSchema.ts
@@ -3258,13 +3294,13 @@ function parse2(req, res, next) {
   );
   const parseErrors = [];
   if (!parsedHeaders.ok) {
-    const headerErrors = prettyPrintParseErrors2(parsedHeaders.errors, "Header");
+    const headerErrors = prettyPrintParseErrors3(parsedHeaders.errors, "Header");
     if (headerErrors) {
       parseErrors.push(headerErrors);
     }
   }
   if (!parsedResponse.ok) {
-    const responseErrors = prettyPrintParseErrors2(
+    const responseErrors = prettyPrintParseErrors3(
       parsedResponse.errors,
       "Response"
     );
@@ -3889,12 +3925,36 @@ function mapToFetch(schemaValidator, routerMap) {
     return (version ? toRecord2(toRecord2(flattenedFetchMap[path])[method ?? "GET"])[version] : toRecord2(flattenedFetchMap[path])[method ?? "GET"])(path, reqInit[0]);
   });
 }
-function sdkClient(schemaValidator, routerMap) {
-  return {
+function sdkClient(schemaValidator, routerMap, options2) {
+  if (options2?.lazyEvaluation) {
+    let _sdk;
+    let _fetch;
+    const lazyClient = {
+      _finalizedSdk: true,
+      get sdk() {
+        if (!_sdk) {
+          _sdk = mapToSdk(schemaValidator, routerMap);
+        }
+        return _sdk;
+      },
+      get fetch() {
+        if (!_fetch) {
+          _fetch = mapToFetch(schemaValidator, routerMap);
+        }
+        return _fetch;
+      }
+    };
+    return lazyClient;
+  }
+  const client = {
     _finalizedSdk: true,
     sdk: mapToSdk(schemaValidator, routerMap),
     fetch: mapToFetch(schemaValidator, routerMap)
   };
+  if (options2?.optimizePerformance) {
+    return client;
+  }
+  return client;
 }
 // src/http/sdk/sdkRouter.ts