@hellocoop/express 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/handlers/auth.d.ts.map +1 -1
  2. package/dist/handlers/auth.js +3 -0
  3. package/dist/handlers/callback.d.ts.map +1 -1
  4. package/dist/handlers/callback.js +10 -10
  5. package/dist/handlers/config.d.ts +1 -1
  6. package/dist/handlers/config.d.ts.map +1 -1
  7. package/dist/lib/auth.d.ts +1 -1
  8. package/dist/lib/auth.d.ts.map +1 -1
  9. package/dist/lib/auth.js +9 -25
  10. package/dist/lib/oidc.d.ts.map +1 -1
  11. package/dist/lib/oidc.js +1 -0
  12. package/package.json +1 -1
package/dist/handlers/auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/handlers/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAIzD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAO/C,MAAM,MAAM,WAAW,GACnB,MAAM,GAAG;IACL,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB,CAAA;AAEL,eAAO,MAAM,UAAU,QAAwB,OAAO,OAAO,QAAQ,kBAEpE,CAAA;AAED,eAAO,MAAM,SAAS,QAAyB,QAAQ,kBAEtD,CAAA;AAED,eAAO,MAAM,iBAAiB,QAAyB,OAAO,OAAO,QAAQ,QAAQ,YAAY,kBAYhG,CAAA;AAED,eAAO,MAAM,UAAU,QAAyB,OAAO,OAAO,QAAQ,eAAe,WAAW,KACtF,QAAQ,IAAI,GAAG,IAAI,CAc5B,CAAA"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/handlers/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAIzD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAO/C,MAAM,MAAM,WAAW,GACnB,MAAM,GAAG;IACL,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB,CAAA;AAEL,eAAO,MAAM,UAAU,QAAwB,OAAO,OAAO,QAAQ,kBAKpE,CAAA;AAED,eAAO,MAAM,SAAS,QAAyB,QAAQ,kBAEtD,CAAA;AAED,eAAO,MAAM,iBAAiB,QAAyB,OAAO,OAAO,QAAQ,QAAQ,YAAY,kBAYhG,CAAA;AAED,eAAO,MAAM,UAAU,QAAyB,OAAO,OAAO,QAAQ,eAAe,WAAW,KACtF,QAAQ,IAAI,GAAG,IAAI,CAc5B,CAAA"}
package/dist/handlers/auth.js CHANGED
@@ -4,6 +4,9 @@ exports.updateAuth = exports.setAuthMiddleware = exports.clearAuth = exports.han
4
4
  const auth_1 = require("../lib/auth");
5
5
  const auth_2 = require("../lib/auth");
6
6
  const handleAuth = async function (req, res) {
7
+ res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate');
8
+ res.setHeader('Pragma', 'no-cache');
9
+ res.setHeader('Expires', '0');
7
10
  res.json(await req.getAuth());
8
11
  };
9
12
  exports.handleAuth = handleAuth;
package/dist/handlers/callback.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AA8B3C,QAAA,MAAM,cAAc,QAAe,OAAO,OAAO,QAAQ,uDAwHxD,CAAA;AAED,eAAe,cAAc,CAAA"}
1
+ {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AA8B3C,QAAA,MAAM,cAAc,QAAe,OAAO,OAAO,QAAQ,uDAuHxD,CAAA;AAED,eAAe,cAAc,CAAA"}
package/dist/handlers/callback.js CHANGED
@@ -29,11 +29,14 @@ const sendErrorPage = (error, target_uri, req, res) => {
29
29
  };
30
30
  const handleCallback = async (req, res) => {
31
31
  var _a;
32
- const { code, error, wildcard_domain, app_name, } = req.query;
32
+ const { code, error, same_site, wildcard_domain, app_name, } = req.query;
33
+ if (!same_site) // we need to bounce so we get cookies
34
+ return res.send((0, core_1.sameSiteCallback)());
33
35
  const oidcState = await (0, oidc_1.getOidc)(req, res);
34
36
  if (!oidcState)
35
37
  return res.status(400).end('OpenID Connect cookie lost');
36
- const { code_verifier, nonce, redirect_uri, target_uri } = oidcState;
38
+ const { code_verifier, nonce, redirect_uri, } = oidcState;
39
+ let { target_uri = '/' } = oidcState;
37
40
  if (error)
38
41
  return sendErrorPage(req.query, target_uri, req, res);
39
42
  if (!code)
@@ -67,8 +70,6 @@ const handleCallback = async (req, res) => {
67
70
  if (payload.iat > currentTimeInt + 5) { // 5 seconds of clock skew
68
71
  return res.status(400).end('The ID token is not yet valid.');
69
72
  }
70
- // let auth = NotLoggedIn
71
- let callbackProcessed = false;
72
73
  let auth = {
73
74
  isLoggedIn: true,
74
75
  sub: payload.sub,
@@ -97,9 +98,10 @@ const handleCallback = async (req, res) => {
97
98
  if ((_a = config_1.default.callbacks) === null || _a === void 0 ? void 0 : _a.loggedIn) {
98
99
  try {
99
100
  const cb = await config_1.default.callbacks.loggedIn({ token, payload, req, res });
100
- callbackProcessed = cb === null || cb === void 0 ? void 0 : cb.isProcessed;
101
- if (cb === null || cb === void 0 ? void 0 : cb.accessDenied)
101
+ if (cb === null || cb === void 0 ? void 0 : cb.accessDenied) {
102
102
  auth = auth_1.NotLoggedIn;
103
+ // TODO? set target_uri to not logged in setting?
104
+ }
103
105
  else if (cb === null || cb === void 0 ? void 0 : cb.updatedAuth) {
104
106
  auth = {
105
107
  ...cb.updatedAuth,
@@ -108,6 +110,7 @@ const handleCallback = async (req, res) => {
108
110
  iat: payload.iat
109
111
  };
110
112
  }
113
+ target_uri = (cb === null || cb === void 0 ? void 0 : cb.target_uri) || target_uri;
111
114
  }
112
115
  catch (e) {
113
116
  console.error(new Error('callback faulted'));
@@ -115,10 +118,7 @@ const handleCallback = async (req, res) => {
115
118
  }
116
119
  }
117
120
  await (0, auth_1.saveAuthCookie)(res, auth);
118
- if (!callbackProcessed) {
119
- res.redirect(target_uri
120
- || '/'); // just in case
121
- }
121
+ res.json({ target_uri });
122
122
  }
123
123
  catch (error) {
124
124
  (0, oidc_1.clearOidcCookie)(res);
package/dist/handlers/config.d.ts CHANGED
@@ -9,7 +9,7 @@ export type LoggedInParams = {
9
9
  };
10
10
  export type LoggedInResponse = {
11
11
  accessDenied?: boolean;
12
- isProcessed?: boolean;
12
+ target_uri?: string;
13
13
  updatedAuth?: {
14
14
  [key: string]: any;
15
15
  };
package/dist/handlers/config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/handlers/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAInD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAE9D,OAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;AAEzB,MAAM,MAAM,cAAc,GAAG;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,QAAQ,CAAA;CAChB,CAAA;AAGD,MAAM,MAAM,gBAAgB,GAAG;IAC3B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAC,CAAA;CACrC,CAAA;AAGD,MAAM,MAAM,MAAM,GAAG;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC;IAChB,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;IAC/B,SAAS,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,OAAO,CAAC,gBAAgB,CAAC,CAAA;KACnE,CAAC;IACF,MAAM,CAAC,EAAE;QACL,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAA;KACjB,CAAA;CACJ,CAAA;AAED,eAAO,MAAM,IAAI,WAAsB,MAAM,KAAG,MAQ/C,CAAA"}
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/handlers/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAInD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAE9D,OAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;AAEzB,MAAM,MAAM,cAAc,GAAG;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,QAAQ,CAAA;CAChB,CAAA;AAGD,MAAM,MAAM,gBAAgB,GAAG;IAC3B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAC,CAAA;CACrC,CAAA;AAGD,MAAM,MAAM,MAAM,GAAG;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC;IAChB,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;IAC/B,SAAS,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,OAAO,CAAC,gBAAgB,CAAC,CAAA;KACnE,CAAC;IACF,MAAM,CAAC,EAAE;QACL,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAA;KACjB,CAAA;CACJ,CAAA;AAED,eAAO,MAAM,IAAI,WAAsB,MAAM,KAAG,MAQ/C,CAAA"}
package/dist/lib/auth.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { Auth } from '@hellocoop/types';
2
2
  import { Request, Response } from 'express';
3
- export declare const saveAuthCookie: (res: Response, auth: Auth, sameSite?: boolean) => Promise<boolean>;
3
+ export declare const saveAuthCookie: (res: Response, auth: Auth) => Promise<boolean>;
4
4
  export declare const clearAuthCookie: (res: Response) => Promise<void>;
5
5
  export declare const getAuthfromCookies: (req: Request, res: Response) => Promise<Auth>;
6
6
  export declare const NotLoggedIn: Auth;
package/dist/lib/auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AACvC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAwB3C,eAAO,MAAM,cAAc,QAAgB,QAAQ,QAAQ,IAAI,aAAY,OAAO,KAAY,QAAQ,OAAO,CAW5G,CAAA;AAED,eAAO,MAAM,eAAe,QAAgB,QAAQ,kBAKnD,CAAA;AAGD,eAAO,MAAM,kBAAkB,QAChB,OAAO,OAAO,QAAQ,KAC3B,QAAQ,IAAI,CA8BrB,CAAA;AAED,eAAO,MAAM,WAAW,EAAE,IAA2B,CAAA"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AACvC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAQ3C,eAAO,MAAM,cAAc,QAAgB,QAAQ,QAAQ,IAAI,KAAG,QAAQ,OAAO,CAgBhF,CAAA;AAED,eAAO,MAAM,eAAe,QAAgB,QAAQ,kBAKnD,CAAA;AAGD,eAAO,MAAM,kBAAkB,QAChB,OAAO,OAAO,QAAQ,KAC3B,QAAQ,IAAI,CAoBrB,CAAA;AAED,eAAO,MAAM,WAAW,EAAE,IAA2B,CAAA"}
package/dist/lib/auth.js CHANGED
@@ -9,24 +9,17 @@ const config_1 = __importDefault(require("./config"));
9
9
  const cookie_1 = require("cookie");
10
10
  const oidc_1 = require("./oidc");
11
11
  const { cookies: { authName, oidcName } } = config_1.default;
12
- const laxAuthName = 'lax-' + authName;
13
- const setEncryptedCookie = (res, sameSite, encCookie) => {
14
- const cookieName = sameSite ? authName : laxAuthName;
15
- const options = {
16
- httpOnly: true,
17
- secure: config_1.default.production,
18
- path: '/' // let any server side route call getAuth
19
- };
20
- if (sameSite)
21
- options.sameSite = 'strict';
22
- res.appendHeader('Set-Cookie', (0, cookie_1.serialize)(cookieName, encCookie, options));
23
- };
24
- const saveAuthCookie = async (res, auth, sameSite = false) => {
12
+ const saveAuthCookie = async (res, auth) => {
25
13
  try {
26
14
  const encCookie = await (0, core_1.encryptObj)(auth, config_1.default.secret);
27
15
  if (!encCookie)
28
16
  return false;
29
- setEncryptedCookie(res, sameSite, encCookie);
17
+ res.appendHeader('Set-Cookie', (0, cookie_1.serialize)(authName, encCookie, {
18
+ httpOnly: true,
19
+ secure: config_1.default.production,
20
+ sameSite: 'strict',
21
+ path: '/' // let any server side route call getAuth
22
+ }));
30
23
  return true;
31
24
  }
32
25
  catch (e) {
@@ -44,18 +37,9 @@ const clearAuthCookie = async (res) => {
44
37
  exports.clearAuthCookie = clearAuthCookie;
45
38
  const getAuthfromCookies = async function (req, res) {
46
39
  const cookies = (0, cookie_1.parse)(req.headers.cookie || '');
47
- if (cookies[oidcName]) // clear OIDC cookie it still there
40
+ if (cookies[oidcName]) // clear OIDC cookie if still there
48
41
  (0, oidc_1.clearOidcCookie)(res);
49
- const laxAuthCookie = cookies[laxAuthName];
50
- if (laxAuthCookie) {
51
- // rotate to a sameSite:strict cookie
52
- setEncryptedCookie(res, true, laxAuthCookie);
53
- res.appendHeader('Set-Cookie', (0, cookie_1.serialize)(laxAuthName, '', {
54
- expires: new Date(0),
55
- path: '/', // Specify the path
56
- }));
57
- }
58
- const authCookie = cookies[authName] || laxAuthCookie;
42
+ const authCookie = cookies[authName];
59
43
  if (!authCookie)
60
44
  return exports.NotLoggedIn;
61
45
  try {
package/dist/lib/oidc.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/lib/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAO3C,MAAM,MAAM,IAAI,GAAG;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED,eAAO,MAAM,OAAO,QAAgB,OAAO,OAAO,QAAQ,KAAG,QAAQ,IAAI,GAAG,SAAS,CAepF,CAAA;AAID,eAAO,MAAM,QAAQ,QAAgB,OAAO,OAAO,QAAQ,QAAQ,IAAI,kBActE,CAAA;AAED,eAAO,MAAM,eAAe,QAAU,QAAQ,SAK7C,CAAA"}
1
+ {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/lib/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAO3C,MAAM,MAAM,IAAI,GAAG;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED,eAAO,MAAM,OAAO,QAAgB,OAAO,OAAO,QAAQ,KAAG,QAAQ,IAAI,GAAG,SAAS,CAepF,CAAA;AAID,eAAO,MAAM,QAAQ,QAAgB,OAAO,OAAO,QAAQ,QAAQ,IAAI,kBAetE,CAAA;AAED,eAAO,MAAM,eAAe,QAAU,QAAQ,SAK7C,CAAA"}
package/dist/lib/oidc.js CHANGED
@@ -35,6 +35,7 @@ const saveOidc = async (req, res, oidc) => {
35
35
  res.appendHeader('Set-Cookie', (0, cookie_1.serialize)(oidcName, encCookie, {
36
36
  httpOnly: true,
37
37
  secure: config_1.default.production,
38
+ sameSite: 'strict',
38
39
  maxAge: 5 * 60,
39
40
  path: apiRoute
40
41
  }));
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@hellocoop/express",
3
- "version": "1.3.0",
3
+ "version": "1.5.0",
4
4
  "description": "Express SDK for Hellō https://hello.dev",
5
5
  "repository": {
6
6
  "type": "git",