@haus-tech/bankid-auth-plugin 1.0.0

package/dist/bankid-auth.controller.d.ts

@@ -0,0 +1,19 @@
+import { BankIdAuthService } from './services/bankid-auth.service';
+import { CacheService, RequestContext } from '@vendure/core';
+export declare class BankIdAuthController {
+    private bankIdAuthService;
+    private cacheService;
+    constructor(bankIdAuthService: BankIdAuthService, cacheService: CacheService);
+    initiate(ctx: RequestContext): Promise<{
+        data: import("./types").InitiateResponse;
+    }>;
+    authenticate(ctx: RequestContext, body: {
+        orderRef: string;
+        isSameDevice: boolean;
+    }): Promise<{
+        data: import("./types").AuthResponse;
+    }>;
+    cancel(ctx: RequestContext, body: {
+        orderRef: string;
+    }): Promise<void>;
+}

package/dist/bankid-auth.controller.js

@@ -0,0 +1,100 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BankIdAuthController = void 0;
+const common_1 = require("@nestjs/common");
+const bankid_auth_service_1 = require("./services/bankid-auth.service");
+const core_1 = require("@vendure/core");
+const utils_1 = require("./utils");
+const utils_2 = require("./utils");
+let BankIdAuthController = class BankIdAuthController {
+    bankIdAuthService;
+    cacheService;
+    constructor(bankIdAuthService, cacheService) {
+        this.bankIdAuthService = bankIdAuthService;
+        this.cacheService = cacheService;
+    }
+    async initiate(ctx) {
+        const endUserIp = (0, utils_1.getEndUserIp)(ctx);
+        try {
+            const result = await this.bankIdAuthService.initiate(ctx, endUserIp);
+            const cacheKey = `bankid:session:${result.orderRef}`;
+            this.cacheService.set(cacheKey, endUserIp, { ttl: 120000 });
+            return { data: result };
+        }
+        catch (error) {
+            throw (0, utils_1.handleBankIdError)(error);
+        }
+    }
+    async authenticate(ctx, body) {
+        if (!body.orderRef) {
+            throw new common_1.HttpException('orderRef is required', common_1.HttpStatus.BAD_REQUEST);
+        }
+        const cacheKey = `bankid:session:${body.orderRef}`;
+        const cachedIpAddress = (await this.cacheService.get(cacheKey));
+        try {
+            const res = await this.bankIdAuthService.authenticate(ctx, body.orderRef, cachedIpAddress, body.isSameDevice);
+            return { data: res };
+        }
+        catch (error) {
+            if (error instanceof utils_2.IpMismatchError) {
+                throw new common_1.UnauthorizedException(error);
+            }
+            throw (0, utils_1.handleBankIdError)(error);
+        }
+    }
+    async cancel(ctx, body) {
+        if (!body.orderRef) {
+            throw new common_1.HttpException('orderRef is required', common_1.HttpStatus.BAD_REQUEST);
+        }
+        try {
+            await this.bankIdAuthService.cancel(ctx, body.orderRef);
+        }
+        catch (error) {
+            throw (0, utils_1.handleBankIdError)(error);
+        }
+    }
+};
+__decorate([
+    (0, common_1.Post)('initiate'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.CREATED),
+    __param(0, (0, core_1.Ctx)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext]),
+    __metadata("design:returntype", Promise)
+], BankIdAuthController.prototype, "initiate", null);
+__decorate([
+    (0, common_1.Post)('authenticate'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object]),
+    __metadata("design:returntype", Promise)
+], BankIdAuthController.prototype, "authenticate", null);
+__decorate([
+    (0, common_1.Post)('cancel'),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, core_1.Ctx)()),
+    __param(1, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [core_1.RequestContext, Object]),
+    __metadata("design:returntype", Promise)
+], BankIdAuthController.prototype, "cancel", null);
+BankIdAuthController = __decorate([
+    (0, common_1.Controller)('api/bankid'),
+    __metadata("design:paramtypes", [bankid_auth_service_1.BankIdAuthService,
+        core_1.CacheService])
+], BankIdAuthController);
+exports.BankIdAuthController = BankIdAuthController;

package/dist/bankid-auth.plugin.d.ts

@@ -0,0 +1,6 @@
+import { Type } from '@vendure/core';
+import { BankIdAuthPluginOptions } from './types';
+export declare class BankIdAuthPlugin {
+    static options: BankIdAuthPluginOptions;
+    static init(options: BankIdAuthPluginOptions): Type<BankIdAuthPlugin>;
+}

package/dist/bankid-auth.plugin.js

@@ -0,0 +1,46 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var BankIdAuthPlugin_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BankIdAuthPlugin = void 0;
+const core_1 = require("@vendure/core");
+const constants_1 = require("./constants");
+const bankid_auth_service_1 = require("./services/bankid-auth.service");
+const bankid_auth_controller_1 = require("./bankid-auth.controller");
+let BankIdAuthPlugin = BankIdAuthPlugin_1 = class BankIdAuthPlugin {
+    static options;
+    static init(options) {
+        this.options = options;
+        if (!options.postAuthStrategy) {
+            throw new Error('BankIdAuthPlugin requires a PostAuthenticateStrategy but none was provided');
+        }
+        if (!options.bankIdApiBaseUrl) {
+            throw new Error('BankIdAuthPlugin requires a bankIdApiBaseUrl but none was provided');
+        }
+        return BankIdAuthPlugin_1;
+    }
+};
+BankIdAuthPlugin = BankIdAuthPlugin_1 = __decorate([
+    (0, core_1.VendurePlugin)({
+        imports: [core_1.PluginCommonModule],
+        providers: [
+            { provide: constants_1.BANKID_AUTH_PLUGIN_OPTIONS, useFactory: () => BankIdAuthPlugin_1.options },
+            bankid_auth_service_1.BankIdAuthService,
+        ],
+        configuration: (config) => {
+            // Plugin-specific configuration
+            // such as custom fields, custom permissions,
+            // strategies etc. can be configured here by
+            // modifying the `config` object.
+            return config;
+        },
+        controllers: [bankid_auth_controller_1.BankIdAuthController],
+        compatibility: '^3.0.0',
+    })
+], BankIdAuthPlugin);
+exports.BankIdAuthPlugin = BankIdAuthPlugin;

package/dist/constants.d.ts

@@ -0,0 +1,2 @@
+export declare const BANKID_AUTH_PLUGIN_OPTIONS: unique symbol;
+export declare const loggerCtx = "BankidAuthPlugin";

package/dist/constants.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loggerCtx = exports.BANKID_AUTH_PLUGIN_OPTIONS = void 0;
+exports.BANKID_AUTH_PLUGIN_OPTIONS = Symbol('BANKID_AUTH_PLUGIN_OPTIONS');
+exports.loggerCtx = 'BankidAuthPlugin';

package/dist/services/bankid-auth.service.d.ts

@@ -0,0 +1,13 @@
+import { ModuleRef } from '@nestjs/core';
+import { RequestContext } from '@vendure/core';
+import { InitiateResponse, AuthResponse, BankIdAuthPluginOptions } from '../types';
+export declare class BankIdAuthService {
+    private options;
+    private moduleRef;
+    private readonly axiosInstance;
+    constructor(options: BankIdAuthPluginOptions, moduleRef: ModuleRef);
+    initiate(ctx: RequestContext, endUserIp: string): Promise<InitiateResponse>;
+    authenticate(ctx: RequestContext, orderRef: string, cachedIpAddress: string, isSameDevice: boolean): Promise<AuthResponse>;
+    cancel(ctx: RequestContext, orderRef: string): Promise<boolean>;
+    private collect;
+}

package/dist/services/bankid-auth.service.js

@@ -0,0 +1,117 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BankIdAuthService = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const core_2 = require("@vendure/core");
+const constants_1 = require("../constants");
+const axios_1 = __importDefault(require("axios"));
+const https_1 = __importDefault(require("https"));
+const types_1 = require("../types");
+const utils_1 = require("../utils");
+let BankIdAuthService = class BankIdAuthService {
+    options;
+    moduleRef;
+    axiosInstance;
+    constructor(options, moduleRef) {
+        this.options = options;
+        this.moduleRef = moduleRef;
+        this.axiosInstance = axios_1.default.create({
+            baseURL: this.options.bankIdApiBaseUrl,
+            httpsAgent: new https_1.default.Agent({
+                cert: this.options.clientCert,
+                key: this.options.privateKey,
+                ca: this.options.caCert,
+                rejectUnauthorized: false,
+            }),
+        });
+    }
+    async initiate(ctx, endUserIp) {
+        try {
+            const response = await this.axiosInstance.post('/auth', { endUserIp });
+            return response.data;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async authenticate(ctx, orderRef, cachedIpAddress, isSameDevice) {
+        try {
+            const response = await this.collect(ctx, orderRef, 2000);
+            if (response.status === types_1.BankIdOrderStatus.Failed) {
+                return { success: false, hintCode: response?.hintCode };
+            }
+            if (response.status === types_1.BankIdOrderStatus.Complete && response.completionData != null) {
+                const { user, device } = response.completionData;
+                if (isSameDevice && cachedIpAddress != device.ipAddress) {
+                    throw new utils_1.IpMismatchError(cachedIpAddress, device.ipAddress);
+                }
+                const { userId } = await this.options.postAuthStrategy.handleSuccess(ctx, new core_2.Injector(this.moduleRef), {
+                    personalNumber: user.personalNumber,
+                });
+                return {
+                    success: true,
+                    userId: userId,
+                };
+            }
+        }
+        catch (error) {
+            throw error;
+        }
+        return { success: false };
+    }
+    async cancel(ctx, orderRef) {
+        try {
+            const response = await this.axiosInstance.post('/cancel', { orderRef });
+            if (response.status !== 200) {
+                throw new Error('Failed to cancel order');
+            }
+            return true;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    async collect(ctx, orderRef, pollingIntervalMs) {
+        return new Promise((resolve, reject) => {
+            const interval = setInterval(async () => {
+                try {
+                    const response = await this.axiosInstance.post('/collect', { orderRef });
+                    if (response.data.status === types_1.BankIdOrderStatus.Complete) {
+                        clearInterval(interval);
+                        resolve(response.data);
+                    }
+                    if (response.data.status === types_1.BankIdOrderStatus.Failed) {
+                        clearInterval(interval);
+                        reject(response.data);
+                    }
+                }
+                catch (error) {
+                    clearInterval(interval);
+                    reject(error);
+                }
+            }, pollingIntervalMs);
+        });
+    }
+};
+BankIdAuthService = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)(constants_1.BANKID_AUTH_PLUGIN_OPTIONS)),
+    __metadata("design:paramtypes", [Object, core_1.ModuleRef])
+], BankIdAuthService);
+exports.BankIdAuthService = BankIdAuthService;

package/dist/types.d.ts

@@ -0,0 +1,58 @@
+import { InjectableStrategy, Injector, RequestContext } from '@vendure/core';
+/**
+ * @description
+ * The plugin can be configured using the following options:
+ */
+export interface BankIdAuthPluginOptions {
+    bankIdApiBaseUrl: string;
+    clientCert: string;
+    privateKey: string;
+    caCert: string;
+    postAuthStrategy: PostAuthenticateStrategy;
+}
+export interface InitiateResponse {
+    orderRef: string;
+    autoStartToken: string;
+    qrStartToken: string;
+    qrStartSecret: string;
+}
+export interface CollectResponse {
+    orderRef: BankIdOrderStatus.Complete | BankIdOrderStatus.Failed | BankIdOrderStatus.Pending;
+    status: string;
+    hintCode: string;
+    completionData?: CompletionData;
+}
+export interface CompletionData {
+    bankIdIssueDate: string;
+    user: User;
+    device: Device;
+}
+export interface Device {
+    ipAddress: string;
+}
+export interface User {
+    personalNumber: string;
+    name: string;
+}
+export interface AuthResponse {
+    success: boolean;
+    userId?: string;
+    hintCode?: string;
+}
+export declare enum BankIdOrderStatus {
+    Pending = "pending",
+    Complete = "complete",
+    Failed = "failed"
+}
+export interface BadRequestResponse {
+    errorCode: string;
+    details: string;
+}
+export interface PostAuthenticateStrategy extends InjectableStrategy {
+    handleSuccess(ctx: RequestContext, injector: Injector, input: {
+        personalNumber: string;
+    }): Promise<AuthenticatedUser>;
+}
+export interface AuthenticatedUser {
+    userId: string;
+}

package/dist/types.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BankIdOrderStatus = void 0;
+var BankIdOrderStatus;
+(function (BankIdOrderStatus) {
+    BankIdOrderStatus["Pending"] = "pending";
+    BankIdOrderStatus["Complete"] = "complete";
+    BankIdOrderStatus["Failed"] = "failed";
+})(BankIdOrderStatus = exports.BankIdOrderStatus || (exports.BankIdOrderStatus = {}));

package/dist/utils.d.ts

@@ -0,0 +1,9 @@
+import { HttpException } from '@nestjs/common';
+import { RequestContext } from '@vendure/core';
+export declare function handleBankIdError(error: any): HttpException;
+export declare function getEndUserIp(ctx: RequestContext): string;
+export declare class IpMismatchError extends Error {
+    expected: string;
+    actual: string;
+    constructor(expected: string, actual: string);
+}

package/dist/utils.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IpMismatchError = exports.getEndUserIp = exports.handleBankIdError = void 0;
+const common_1 = require("@nestjs/common");
+function handleBankIdError(error) {
+    if (error?.isAxiosError) {
+        const axiosError = error;
+        const status = axiosError.response?.status || 500;
+        if (status >= 500) {
+            return new common_1.HttpException({
+                message: 'BankID service unavailable',
+                details: axiosError.response?.data,
+            }, status === common_1.HttpStatus.INTERNAL_SERVER_ERROR ? common_1.HttpStatus.BAD_GATEWAY : status);
+        }
+        if (status === 400) {
+            return new common_1.HttpException({
+                message: 'Invalid request to BankID',
+            }, status);
+        }
+    }
+    return new common_1.HttpException({
+        message: 'Unexpected error',
+    }, common_1.HttpStatus.INTERNAL_SERVER_ERROR);
+}
+exports.handleBankIdError = handleBankIdError;
+function getEndUserIp(ctx) {
+    const xForwardedFor = ctx.req?.headers['x-forwarded-for'];
+    if (typeof xForwardedFor === 'string') {
+        return xForwardedFor.split(',')[0].trim();
+    }
+    if (Array.isArray(xForwardedFor)) {
+        return xForwardedFor[0];
+    }
+    throw new Error('Could not determine end user IP');
+}
+exports.getEndUserIp = getEndUserIp;
+class IpMismatchError extends Error {
+    expected;
+    actual;
+    constructor(expected, actual) {
+        super(`IP mismatch: expected ${expected}, got ${actual}`);
+        this.expected = expected;
+        this.actual = actual;
+        this.expected = expected;
+        this.actual = actual;
+        this.name = 'IpMismatchError';
+        Object.setPrototypeOf(this, IpMismatchError.prototype);
+    }
+}
+exports.IpMismatchError = IpMismatchError;

package/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@haus-tech/bankid-auth-plugin",
+  "version": "1.0.0",
+  "description": "Support for authentication via Swedish BankID",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "start": "yarn ts-node test/dev-server.ts",
+    "build": "yarn run -T rimraf dist && yarn run -T tsc && yarn run -T copyfiles -u 1 'src/ui/**/*' dist/",
+    "test": "jest --preset=\"ts-jest\"",
+    "prepublishOnly": "yarn && yarn build"
+  }
+}