@infoxchange/make-it-so 2.10.0-internal-testing-vdt-199-add-oidc-auth.5 → 2.10.0-internal-testing-vdt-199-add-oidc-auth.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cdk-constructs/CloudWatchOidcAuth/auth-check.d.ts +1 -9
- package/dist/cdk-constructs/CloudWatchOidcAuth/auth-check.d.ts.map +1 -1
- package/dist/cdk-constructs/CloudWatchOidcAuth/auth-check.js +12 -5
- package/dist/cdk-constructs/CloudWatchOidcAuth/index.js +1 -1
- package/package.json +1 -1
- package/src/cdk-constructs/CloudWatchOidcAuth/auth-check.ts +13 -4
- package/src/cdk-constructs/CloudWatchOidcAuth/index.ts +1 -1
|
@@ -1,10 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
export declare const handler: (event: AWSCloudFrontFunction.Event, context: AWSCloudFrontFunction.Context) => Promise<{
|
|
3
|
-
statusCode: number;
|
|
4
|
-
headers: {
|
|
5
|
-
location: {
|
|
6
|
-
value: string;
|
|
7
|
-
};
|
|
8
|
-
};
|
|
9
|
-
} | AWSCloudFrontFunction.Request>;
|
|
1
|
+
export {};
|
|
10
2
|
//# sourceMappingURL=auth-check.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-check.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudWatchOidcAuth/auth-check.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth-check.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudWatchOidcAuth/auth-check.ts"],"names":[],"mappings":""}
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
// Based off: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example_cloudfront_functions_kvs_jwt_verify_section.html
|
|
2
|
+
// Note that as a CloudFront Function, this code has limitations compared to a Lambda@Edge function.
|
|
3
|
+
// For example, no external libraries can be used, and the runtime is more limited.
|
|
2
4
|
import crypto from "crypto";
|
|
3
5
|
import cf from "cloudfront";
|
|
4
6
|
//Response when JWT is not valid.
|
|
@@ -73,7 +75,7 @@ function _sign(input, key, method) {
|
|
|
73
75
|
function _base64urlDecode(str) {
|
|
74
76
|
return Buffer.from(str, "base64url").toString();
|
|
75
77
|
}
|
|
76
|
-
|
|
78
|
+
async function handler(event, context) {
|
|
77
79
|
console.log("🟢 Auth check event:", event);
|
|
78
80
|
console.log("🔵 Auth check context:", context);
|
|
79
81
|
const request = event.request;
|
|
@@ -85,7 +87,7 @@ export const handler = async (event, context) => {
|
|
|
85
87
|
// console.log(request.cookies);
|
|
86
88
|
// console.log(request.cookies["auth-token"]);
|
|
87
89
|
// console.log(Object.keys(request.cookies));
|
|
88
|
-
const jwtToken = request.cookies["auth-token"]
|
|
90
|
+
const jwtToken = request.cookies["auth-token"] && request.cookies["auth-token"].value;
|
|
89
91
|
console.log("jwtToken:", jwtToken);
|
|
90
92
|
// console.log(Object.keys(request.cookies));
|
|
91
93
|
// If no JWT token, then generate HTTP redirect 401 response.
|
|
@@ -104,7 +106,7 @@ export const handler = async (event, context) => {
|
|
|
104
106
|
// delete request.querystring.jwt;
|
|
105
107
|
log("Valid JWT token");
|
|
106
108
|
return request;
|
|
107
|
-
}
|
|
109
|
+
}
|
|
108
110
|
// Get secret from key value store
|
|
109
111
|
async function getSecret() {
|
|
110
112
|
try {
|
|
@@ -116,8 +118,13 @@ async function getSecret() {
|
|
|
116
118
|
return null;
|
|
117
119
|
}
|
|
118
120
|
}
|
|
119
|
-
const log = (
|
|
121
|
+
const log = function () {
|
|
120
122
|
if (loggingEnabled) {
|
|
121
|
-
|
|
123
|
+
// @ts-expect-error We can't use spread or rest parameters in CloudFront Functions
|
|
124
|
+
// eslint-disable-next-line prefer-spread, prefer-rest-params
|
|
125
|
+
console.log.apply(console, arguments);
|
|
122
126
|
}
|
|
123
127
|
};
|
|
128
|
+
// This serves no purpose other than to make TypeScript and eslint happy by showing that that handler is used. We can't
|
|
129
|
+
// export handler as an alterative because CloudFront Functions don't support exports.
|
|
130
|
+
handler;
|
|
@@ -126,7 +126,7 @@ export class CloudWatchOidcAuth extends Construct {
|
|
|
126
126
|
throw new Error("Could not find the underlying Lambda function of the AwsCustomResource");
|
|
127
127
|
}
|
|
128
128
|
fn.addEnvironment("NODE_OPTIONS", "--require=@aws-sdk/signature-v4-crt");
|
|
129
|
-
const edgeFuncAuthCheck = new CloudFront.Function(scope, `${this.id}
|
|
129
|
+
const edgeFuncAuthCheck = new CloudFront.Function(scope, `${this.id}AuthCheckFunction`, {
|
|
130
130
|
code: CloudFront.FunctionCode.fromInline(fs.readFileSync(path.join(import.meta.dirname, "auth-check.js"), "utf8").replace("__placeholder-for-jwt-secret-key__", key)),
|
|
131
131
|
runtime: CloudFront.FunctionRuntime.JS_2_0,
|
|
132
132
|
keyValueStore: cfKeyValueStore,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@infoxchange/make-it-so",
|
|
3
|
-
"version": "2.10.0-internal-testing-vdt-199-add-oidc-auth.
|
|
3
|
+
"version": "2.10.0-internal-testing-vdt-199-add-oidc-auth.6",
|
|
4
4
|
"description": "Makes deploying services to IX infra easy",
|
|
5
5
|
"repository": "github:infoxchange/make-it-so",
|
|
6
6
|
"type": "module",
|
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
// Based off: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example_cloudfront_functions_kvs_jwt_verify_section.html
|
|
2
|
+
// Note that as a CloudFront Function, this code has limitations compared to a Lambda@Edge function.
|
|
3
|
+
// For example, no external libraries can be used, and the runtime is more limited.
|
|
4
|
+
|
|
2
5
|
|
|
3
6
|
import crypto from "crypto";
|
|
4
7
|
import cf from "cloudfront";
|
|
@@ -92,7 +95,7 @@ function _base64urlDecode(str: string) {
|
|
|
92
95
|
return Buffer.from(str, "base64url").toString();
|
|
93
96
|
}
|
|
94
97
|
|
|
95
|
-
|
|
98
|
+
async function handler(event: AWSCloudFrontFunction.Event, context: AWSCloudFrontFunction.Context) {
|
|
96
99
|
console.log("🟢 Auth check event:", event);
|
|
97
100
|
console.log("🔵 Auth check context:", context);
|
|
98
101
|
const request = event.request;
|
|
@@ -106,7 +109,7 @@ export const handler = async (event: AWSCloudFrontFunction.Event, context: AWSCl
|
|
|
106
109
|
// console.log(request.cookies);
|
|
107
110
|
// console.log(request.cookies["auth-token"]);
|
|
108
111
|
// console.log(Object.keys(request.cookies));
|
|
109
|
-
const jwtToken = request.cookies["auth-token"]
|
|
112
|
+
const jwtToken = request.cookies["auth-token"] && request.cookies["auth-token"].value;
|
|
110
113
|
console.log("jwtToken:", jwtToken);
|
|
111
114
|
// console.log(Object.keys(request.cookies));
|
|
112
115
|
|
|
@@ -139,8 +142,14 @@ async function getSecret() {
|
|
|
139
142
|
}
|
|
140
143
|
}
|
|
141
144
|
|
|
142
|
-
const log: typeof console.log = (
|
|
145
|
+
const log: typeof console.log = function () {
|
|
143
146
|
if (loggingEnabled) {
|
|
144
|
-
|
|
147
|
+
// @ts-expect-error We can't use spread or rest parameters in CloudFront Functions
|
|
148
|
+
// eslint-disable-next-line prefer-spread, prefer-rest-params
|
|
149
|
+
console.log.apply(console, arguments);
|
|
145
150
|
}
|
|
146
151
|
}
|
|
152
|
+
|
|
153
|
+
// This serves no purpose other than to make TypeScript and eslint happy by showing that that handler is used. We can't
|
|
154
|
+
// export handler as an alterative because CloudFront Functions don't support exports.
|
|
155
|
+
handler;
|
|
@@ -195,7 +195,7 @@ export class CloudWatchOidcAuth extends Construct {
|
|
|
195
195
|
|
|
196
196
|
const edgeFuncAuthCheck = new CloudFront.Function(
|
|
197
197
|
scope,
|
|
198
|
-
`${this.id}
|
|
198
|
+
`${this.id}AuthCheckFunction`,
|
|
199
199
|
{
|
|
200
200
|
code: CloudFront.FunctionCode.fromInline(
|
|
201
201
|
fs.readFileSync(path.join(import.meta.dirname, "auth-check.js"), "utf8").replace("__placeholder-for-jwt-secret-key__", key),
|