npm - @infoxchange/make-it-so - Versions diffs - 2.10.0-internal-testing-vdt-199-add-oidc-auth.4 → 2.10.0-internal-testing-vdt-199-add-oidc-auth.5 - Mend

@infoxchange/make-it-so 2.10.0-internal-testing-vdt-199-add-oidc-auth.4 → 2.10.0-internal-testing-vdt-199-add-oidc-auth.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/cdk-constructs/CloudWatchOidcAuth/auth-check.d.ts CHANGED Viewed

@@ -1,2 +1,10 @@
-export declare const handler: (event: any, context: any) => Promise<APIGatewayProxyStructuredResultV2>;
+/// <reference types="node" resolution-mode="require"/>
+export declare const handler: (event: AWSCloudFrontFunction.Event, context: AWSCloudFrontFunction.Context) => Promise<{
+    statusCode: number;
+    headers: {
+        location: {
+            value: string;
+        };
+    };
+} | AWSCloudFrontFunction.Request>;
 //# sourceMappingURL=auth-check.d.ts.map

package/dist/cdk-constructs/CloudWatchOidcAuth/auth-check.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth-check.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudWatchOidcAuth/auth-check.ts"],"names":[],"mappings":"~~AA+FA~~,eAAO,MAAM,OAAO,~~0EAiClB~~,CAAA"}
1	+ {"version":3,"file":"auth-check.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudWatchOidcAuth/auth-check.ts"],"names":[],"mappings":";AA8FA,eAAO,MAAM,OAAO,UAAiB,2BAA2B,WAAW,sBAAsB,OAAO;;;;;;;kCAkCvG,CAAA"}

package/dist/cdk-constructs/CloudWatchOidcAuth/auth-check.js CHANGED Viewed

@@ -1,7 +1,6 @@
 // Based off: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example_cloudfront_functions_kvs_jwt_verify_section.html
 import crypto from "crypto";
 import cf from "cloudfront";
-import { ApiHandler, useCookie } from "sst/node/api";
 //Response when JWT is not valid.
 const redirectResponse = {
     statusCode: 302,
@@ -74,8 +73,9 @@ function _sign(input, key, method) {
 function _base64urlDecode(str) {
     return Buffer.from(str, "base64url").toString();
 }
-export const handler = ApiHandler(async (event) => {
-    console.log("Auth check event:", event);
+export const handler = async (event, context) => {
+    console.log("🟢 Auth check event:", event);
+    console.log("🔵 Auth check context:", context);
     const request = event.request;
     const secret_key = await getSecret();
     if (!secret_key) {
@@ -85,7 +85,7 @@ export const handler = ApiHandler(async (event) => {
     // console.log(request.cookies);
     // console.log(request.cookies["auth-token"]);
     // console.log(Object.keys(request.cookies));
-    const jwtToken = useCookie("auth-token");
+    const jwtToken = request.cookies["auth-token"]?.value;
     console.log("jwtToken:", jwtToken);
     // console.log(Object.keys(request.cookies));
     // If no JWT token, then generate HTTP redirect 401 response.
@@ -104,7 +104,7 @@ export const handler = ApiHandler(async (event) => {
     // delete request.querystring.jwt;
     log("Valid JWT token");
     return request;
-});
+};
 // Get secret from key value store
 async function getSecret() {
     try {

package/dist/cdk-constructs/CloudWatchOidcAuth/auth-route.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth-route.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudWatchOidcAuth/auth-route.ts"],"names":[],"mappings":"AAyBA,eAAO,MAAM,OAAO,~~4CAiDnB~~,CAAC"}
1	+ {"version":3,"file":"auth-route.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudWatchOidcAuth/auth-route.ts"],"names":[],"mappings":"AAyBA,eAAO,MAAM,OAAO,4CAyCnB,CAAC"}

package/dist/cdk-constructs/CloudWatchOidcAuth/auth-route.js CHANGED Viewed

@@ -18,7 +18,7 @@ if (!jwtSecret) {
     throw new Error("JWT_SECRET not set");
 }
 const oidcIssuerConfigUrl = new URL(`${process.env.OIDC_ISSUER_URL?.replace(/\/$/, "")}/.well-known/openid-configuration`);
-export const handler = convertApiGatewayHandlerToCloudFrontHandler(AuthHandler({
+export const handler = addRequiredContext(AuthHandler({
     providers: {
         oidc: OidcAdapter({
             issuer: await Issuer.discover(oidcIssuerConfigUrl.href),
@@ -26,7 +26,7 @@ export const handler = convertApiGatewayHandlerToCloudFrontHandler(AuthHandler({
             scope: oidcScope,
             onSuccess: async (tokenset) => {
                 console.log("tokenset", tokenset, tokenset.claims());
-                console.log("Config.jwtSecret:", jwtSecret);
+                // console.log("Config.jwtSecret:", jwtSecret);
                 // Payload to include in the token
                 const payload = {
                     userID: tokenset.claims().sub,
@@ -38,9 +38,7 @@ export const handler = convertApiGatewayHandlerToCloudFrontHandler(AuthHandler({
                 };
                 // Create the token
                 const token = jwt.sign(payload, jwtSecret, options);
-                const expires = new Date(
-                // @ ts-ignore error in GH action
-                Date.now() + 1000 * 60 * 60 * 24 * 7);
+                const expires = new Date(Date.now() + 1000 * 60 * 60 * 24 * 7);
                 return {
                     statusCode: 302,
                     headers: {
@@ -50,35 +48,17 @@ export const handler = convertApiGatewayHandlerToCloudFrontHandler(AuthHandler({
                         `auth-token=${token}; HttpOnly; SameSite=None; Secure; Path=/; Expires=${expires}`,
                     ],
                 };
-                // return Session.cookie({
-                //   redirect: "https://openidconnect.net/callback",
-                //   type: "public",
-                //   properties: {
-                //     userID: tokenset.claims().sub,
-                //   },
-                // });
             },
         }),
     },
 }));
-// @ts-expect-error - testing
-function convertApiGatewayHandlerToCloudFrontHandler(callback) {
-    // @ts-expect-error - testing
-    return async function (event, context) {
+function addRequiredContext(handler) {
+    return async function (...args) {
+        const [event, context] = args;
         // Used by AuthHandler to create callback url sent to oidc server
         event.requestContext.domainName = event.headers["x-forwarded-host"];
-        console.log("----", event, context);
-        // console.log("event", event)
-        // console.log("context", context)
-        const response = await callback(event, context);
-        // if (response.cookies) {
-        //   if (!response.headers) {
-        //     response.headers = {}
-        //   }
-        //   response.headers["set-cookie"] = response.cookies
-        // }
-        // response.headers.location += "&cake=blar"
-        // response.headers.foo = "bar"
-        return response;
+        console.log("🟢 event", event);
+        console.log("🔵 context", context);
+        return await handler(...args);
     };
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@infoxchange/make-it-so",
-  "version": "2.10.0-internal-testing-vdt-199-add-oidc-auth.4",
+  "version": "2.10.0-internal-testing-vdt-199-add-oidc-auth.5",
   "description": "Makes deploying services to IX infra easy",
   "repository": "github:infoxchange/make-it-so",
   "type": "module",

package/src/cdk-constructs/CloudWatchOidcAuth/auth-check.ts CHANGED Viewed

@@ -2,7 +2,6 @@
 import crypto from "crypto";
 import cf from "cloudfront";
-import { ApiHandler, useCookie } from "sst/node/api";
 //Response when JWT is not valid.
 const redirectResponse = {
@@ -93,8 +92,9 @@ function _base64urlDecode(str: string) {
   return Buffer.from(str, "base64url").toString();
 }
-export const handler = ApiHandler(async (event) => {
-  console.log("Auth check event:", event);
+export const handler = async (event: AWSCloudFrontFunction.Event, context: AWSCloudFrontFunction.Context) => {
+  console.log("🟢 Auth check event:", event);
+  console.log("🔵 Auth check context:", context);
   const request = event.request;
   const secret_key = await getSecret();
@@ -106,7 +106,7 @@ export const handler = ApiHandler(async (event) => {
   // console.log(request.cookies);
   // console.log(request.cookies["auth-token"]);
   // console.log(Object.keys(request.cookies));
-  const jwtToken = useCookie("auth-token");
+  const jwtToken = request.cookies["auth-token"]?.value;
   console.log("jwtToken:", jwtToken);
   // console.log(Object.keys(request.cookies));
@@ -126,7 +126,7 @@ export const handler = ApiHandler(async (event) => {
   // delete request.querystring.jwt;
   log("Valid JWT token");
   return request;
-})
+}
 // Get secret from key value store
 async function getSecret() {

package/src/cdk-constructs/CloudWatchOidcAuth/auth-route.ts CHANGED Viewed

@@ -23,7 +23,7 @@ const oidcIssuerConfigUrl = new URL(
   `${process.env.OIDC_ISSUER_URL?.replace(/\/$/, "")}/.well-known/openid-configuration`,
 );
-export const handler = convertApiGatewayHandlerToCloudFrontHandler(
+export const handler = addRequiredContext(
   AuthHandler({
     providers: {
       oidc: OidcAdapter({
@@ -33,7 +33,7 @@ export const handler = convertApiGatewayHandlerToCloudFrontHandler(
         onSuccess: async (tokenset) => {
           console.log("tokenset", tokenset, tokenset.claims());
-          console.log("Config.jwtSecret:", jwtSecret);
+          // console.log("Config.jwtSecret:", jwtSecret);
           // Payload to include in the token
           const payload = {
@@ -49,7 +49,6 @@ export const handler = convertApiGatewayHandlerToCloudFrontHandler(
           // Create the token
           const token = jwt.sign(payload, jwtSecret, options);
           const expires = new Date(
-            // @ ts-ignore error in GH action
             Date.now() + 1000 * 60 * 60 * 24 * 7,
           );
           return {
@@ -61,37 +60,20 @@ export const handler = convertApiGatewayHandlerToCloudFrontHandler(
               `auth-token=${token}; HttpOnly; SameSite=None; Secure; Path=/; Expires=${expires}`,
             ],
           };
-          // return Session.cookie({
-          //   redirect: "https://openidconnect.net/callback",
-          //   type: "public",
-          //   properties: {
-          //     userID: tokenset.claims().sub,
-          //   },
-          // });
         },
       }),
     },
   }),
 );
-// @ts-expect-error - testing
-function convertApiGatewayHandlerToCloudFrontHandler(callback) {
-  // @ts-expect-error - testing
-  return async function (event, context) {
+function addRequiredContext(handler: ReturnType<typeof AuthHandler>): ReturnType<typeof AuthHandler> {
+  return async function (...args) {
+    const [event, context] = args;
     // Used by AuthHandler to create callback url sent to oidc server
     event.requestContext.domainName = event.headers["x-forwarded-host"];
-    console.log("----", event, context);
-    // console.log("event", event)
-    // console.log("context", context)
-    const response = await callback(event, context);
-    // if (response.cookies) {
-    //   if (!response.headers) {
-    //     response.headers = {}
-    //   }
-    //   response.headers["set-cookie"] = response.cookies
-    // }
-    // response.headers.location += "&cake=blar"
-    // response.headers.foo = "bar"
-    return response;
+    console.log("🟢 event", event)
+    console.log("🔵 context", context)
+    return await handler(...args);
   };
 }