npm - @infoxchange/make-it-so - Versions diffs - 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-2.7 → 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-3.2 - Mend

@infoxchange/make-it-so 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-2.7 → 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cdk-constructs/SiteOidcAuth/auth-check-handler-body.js CHANGED Viewed

@@ -9,6 +9,7 @@ const jwtSecret = "__placeholder-for-jwt-secret__";
 const authRoutePrefix = "__placeholder-for-auth-route-prefix__";
 // Set to true to enable console logging
 const loggingEnabled = false;
+// Simple logger that can be enabled/disabled via the loggingEnabled variable.
 const log = function () {
     if (!loggingEnabled)
         return;
@@ -32,6 +33,7 @@ const redirectResponse = {
         location: { value: `${authRoutePrefix}/oidc/authorize` },
     },
 };
+// Takes a JWT token to decode and throws an error if invalid
 function jwtDecode(token, key, noVerify) {
     // check segments
     const segments = token.split(".");
@@ -75,6 +77,7 @@ function _constantTimeEquals(a, b) {
     }
     return 0 === xor;
 }
+// Verifies some input matches an expected signature.
 function _verify(input, key, method, type, signature) {
     if (type === "hmac") {
         return _constantTimeEquals(signature, _sign(input, key, method));
@@ -83,15 +86,18 @@ function _verify(input, key, method, type, signature) {
         throw new Error("Algorithm type not recognized");
     }
 }
+// Signs some input with a key and method.
 function _sign(input, key, method) {
     return crypto.createHmac(method, key).update(input).digest("base64url");
 }
+// Very annoying that we have to implement this ourselves but it seems like the v1 runtime does not have atob/btoa or
+// Buffer available.
 function _base64urlDecode(str) {
-    str = str.replace(/-/g, '+').replace(/_/g, '/');
+    str = str.replace(/-/g, "+").replace(/_/g, "/");
     while (str.length % 4)
-        str += '=';
-    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-    let output = '';
+        str += "=";
+    const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+    let output = "";
     let bc = 0, bs = 0, buffer, i = 0;
     for (; i < str.length; i++) {
         buffer = chars.indexOf(str.charAt(i));
@@ -101,7 +107,7 @@ function _base64urlDecode(str) {
         bc += 6;
         if (bc >= 8) {
             bc -= 8;
-            output += String.fromCharCode((bs >> bc) & 0xFF);
+            output += String.fromCharCode((bs >> bc) & 0xff);
         }
     }
     return output;

package/dist/cdk-constructs/SiteOidcAuth/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/SiteOidcAuth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,UAAU,MAAM,4BAA4B,CAAC;AACpD,OAAO,GAAG,MAAM,aAAa,CAAC;AAE9B,OAAO,KAAK,GAAG,MAAM,gBAAgB,CAAC;AAOtC,OAAO,KAAK,EACV,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,2BAA2B,CAAC;AAEnC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,MAAM,MAAM,KAAK,GAAG;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AACF,MAAM,MAAM,cAAc,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAIjD,qBAAa,YAAa,SAAQ,SAAS;IACzC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAER,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAQhE,oBAAoB,CAAC,SAAS,SAAS,uBAAuB,EAC5D,KAAK,EAAE,cAAc,EACrB,SAAS,EAAE,SAAS,EACpB,EAAE,MAA+B,EAAE,GAAE,cAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA4C1D,iBAAiB,CAAC,SAAS,SAAS,uBAAuB,EACzD,KAAK,EAAE,cAAc,EACrB,SAAS,EAAE,SAAS,EACpB,EAAE,MAA+B,EAAE,GAAE,cAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAuC1D,OAAO,CAAC,eAAe;IAgBvB,OAAO,CAAC,sBAAsB;~~IAgC9B~~,OAAO,CAAC,2BAA2B;~~IAoBnC~~,OAAO,CAAC,yCAAyC;~~IAiBjD~~,OAAO,CAAC,sBAAsB;CAkF/B"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/SiteOidcAuth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,UAAU,MAAM,4BAA4B,CAAC;AACpD,OAAO,GAAG,MAAM,aAAa,CAAC;AAE9B,OAAO,KAAK,GAAG,MAAM,gBAAgB,CAAC;AAOtC,OAAO,KAAK,EACV,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,2BAA2B,CAAC;AAEnC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,MAAM,MAAM,KAAK,GAAG;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AACF,MAAM,MAAM,cAAc,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAIjD,qBAAa,YAAa,SAAQ,SAAS;IACzC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAER,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAQhE,oBAAoB,CAAC,SAAS,SAAS,uBAAuB,EAC5D,KAAK,EAAE,cAAc,EACrB,SAAS,EAAE,SAAS,EACpB,EAAE,MAA+B,EAAE,GAAE,cAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA4C1D,iBAAiB,CAAC,SAAS,SAAS,uBAAuB,EACzD,KAAK,EAAE,cAAc,EACrB,SAAS,EAAE,SAAS,EACpB,EAAE,MAA+B,EAAE,GAAE,cAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAuC1D,OAAO,CAAC,eAAe;IAgBvB,OAAO,CAAC,sBAAsB;IA8B9B,OAAO,CAAC,2BAA2B;IAsBnC,OAAO,CAAC,yCAAyC;IAgBjD,OAAO,CAAC,sBAAsB;CAkF/B"}

package/dist/cdk-constructs/SiteOidcAuth/index.js CHANGED Viewed

@@ -94,7 +94,6 @@ export class SiteOidcAuth extends Construct {
     // Get the CloudFront Function Association for auth checking
     // Roughly based off https://github.com/sst/v2/blob/4283d706f251724308b397996ff307929bf3a976/packages/sst/src/constructs/SsrSite.ts#L941
     getFunctionAssociation(scope, jwtSecret, authRoutePrefix) {
-        console.log("---- 1");
         const authCheckFunction = new CloudFront.Function(scope, `${this.id}AuthCheckFunction`, {
             code: CloudFront.FunctionCode.fromInline(this.convertToCloudFrontFunctionCompatibleCode(`function handler(event) {
               var request = event.request;
@@ -104,21 +103,20 @@ export class SiteOidcAuth extends Construct {
             // We could specify the JS v2.0 runtime here but for SSR sites SST does the function creation and that currently
             // uses JS v1.0 so no point using v2.0 here as the code has to be compatible with v1.0 anyway.
         });
-        console.log("---- 2");
         return {
             function: authCheckFunction,
             eventType: CloudFront.FunctionEventType.VIEWER_REQUEST,
         };
     }
     getAuthCheckHandlerBodyCode(jwtSecret, authRoutePrefix) {
-        return fs
+        return (fs
             .readFileSync(path.join(import.meta.dirname, "auth-check-handler-body.js"), "utf8")
             .replace("__placeholder-for-jwt-secret__", jwtSecret.secretValue.toString())
             .replace("__placeholder-for-auth-route-prefix__", authRoutePrefix)
             // When typescript builds the make-it-so code including "auth-check-handler-body.ts" it will add "export {}" to
             // the end of the file if it's not already a module. This will cause a syntax error in CloudFront Functions so we
             // remove it here.
-            .replace(/export {};\s*$/g, "");
+            .replace(/export {};\s*$/g, ""));
     }
     convertToCloudFrontFunctionCompatibleCode(sourceCode, esbuildOptions) {
         // ESBuild doesn't currently support transforming const/let to var, which is required for CloudFront Functions
@@ -126,7 +124,6 @@ export class SiteOidcAuth extends Construct {
         sourceCode = sourceCode
             .replaceAll(/const /g, "var ")
             .replaceAll(/let /g, "var ");
-        console.log("---- 3", sourceCode);
         return transformSync(sourceCode, {
             target: "es5",
             ...esbuildOptions,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@infoxchange/make-it-so",
-  "version": "2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-2.7",
+  "version": "2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-3.2",
   "description": "Makes deploying services to IX infra easy",
   "repository": "github:infoxchange/make-it-so",
   "type": "module",

package/src/cdk-constructs/SiteOidcAuth/auth-check-handler-body.ts CHANGED Viewed

@@ -15,6 +15,7 @@ const authRoutePrefix = "__placeholder-for-auth-route-prefix__";
 // Set to true to enable console logging
 const loggingEnabled = false;
+// Simple logger that can be enabled/disabled via the loggingEnabled variable.
 const log: typeof console.log = function () {
   if (!loggingEnabled) return;
@@ -41,6 +42,7 @@ const redirectResponse = {
   },
 };
+// Takes a JWT token to decode and throws an error if invalid
 function jwtDecode(token: string, key: string, noVerify?: boolean) {
   // check segments
   const segments = token.split(".");
@@ -97,6 +99,7 @@ function _constantTimeEquals(a: string, b: string) {
   return 0 === xor;
 }
+// Verifies some input matches an expected signature.
 function _verify(
   input: string,
   key: string,
@@ -111,29 +114,36 @@ function _verify(
   }
 }
+// Signs some input with a key and method.
 function _sign(input: string, key: string, method: string) {
   return crypto.createHmac(method, key).update(input).digest("base64url");
 }
+// Very annoying that we have to implement this ourselves but it seems like the v1 runtime does not have atob/btoa or
+// Buffer available.
 function _base64urlDecode(str: string) {
-  str = str.replace(/-/g, '+').replace(/_/g, '/');
-  while (str.length % 4) str += '=';
+  str = str.replace(/-/g, "+").replace(/_/g, "/");
+  while (str.length % 4) str += "=";
-  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-  let output = '';
+  const chars =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+  let output = "";
-  let bc = 0, bs = 0, buffer, i = 0;
+  let bc = 0,
+    bs = 0,
+    buffer,
+    i = 0;
   for (; i < str.length; i++) {
-      buffer = chars.indexOf(str.charAt(i));
-      if (buffer === -1) continue;
+    buffer = chars.indexOf(str.charAt(i));
+    if (buffer === -1) continue;
-      bs = (bs << 6) | buffer;
-      bc += 6;
+    bs = (bs << 6) | buffer;
+    bc += 6;
-      if (bc >= 8) {
-          bc -= 8;
-          output += String.fromCharCode((bs >> bc) & 0xFF);
-      }
+    if (bc >= 8) {
+      bc -= 8;
+      output += String.fromCharCode((bs >> bc) & 0xff);
+    }
   }
   return output;

package/src/cdk-constructs/SiteOidcAuth/index.ts CHANGED Viewed

@@ -151,7 +151,6 @@ export class SiteOidcAuth extends Construct {
     jwtSecret: SecretsManager.Secret,
     authRoutePrefix: string,
   ): CloudFront.FunctionAssociation {
-    console.log("---- 1")
     const authCheckFunction = new CloudFront.Function(
       scope,
       `${this.id}AuthCheckFunction`,
@@ -170,7 +169,6 @@ export class SiteOidcAuth extends Construct {
         // uses JS v1.0 so no point using v2.0 here as the code has to be compatible with v1.0 anyway.
       },
     );
-    console.log("---- 2")
     return {
       function: authCheckFunction,
@@ -182,20 +180,22 @@ export class SiteOidcAuth extends Construct {
     jwtSecret: SecretsManager.Secret,
     authRoutePrefix: string,
   ): string {
-    return fs
-      .readFileSync(
-        path.join(import.meta.dirname, "auth-check-handler-body.js"),
-        "utf8",
-      )
-      .replace(
-        "__placeholder-for-jwt-secret__",
-        jwtSecret.secretValue.toString(),
-      )
-      .replace("__placeholder-for-auth-route-prefix__", authRoutePrefix)
-      // When typescript builds the make-it-so code including "auth-check-handler-body.ts" it will add "export {}" to
-      // the end of the file if it's not already a module. This will cause a syntax error in CloudFront Functions so we
-      // remove it here.
-      .replace(/export {};\s*$/g, "");
+    return (
+      fs
+        .readFileSync(
+          path.join(import.meta.dirname, "auth-check-handler-body.js"),
+          "utf8",
+        )
+        .replace(
+          "__placeholder-for-jwt-secret__",
+          jwtSecret.secretValue.toString(),
+        )
+        .replace("__placeholder-for-auth-route-prefix__", authRoutePrefix)
+        // When typescript builds the make-it-so code including "auth-check-handler-body.ts" it will add "export {}" to
+        // the end of the file if it's not already a module. This will cause a syntax error in CloudFront Functions so we
+        // remove it here.
+        .replace(/export {};\s*$/g, "")
+    );
   }
   private convertToCloudFrontFunctionCompatibleCode(
@@ -207,7 +207,6 @@ export class SiteOidcAuth extends Construct {
     sourceCode = sourceCode
       .replaceAll(/const /g, "var ")
       .replaceAll(/let /g, "var ");
-    console.log("---- 3", sourceCode)
     return transformSync(sourceCode, {
       target: "es5",
       ...esbuildOptions,