@infoxchange/make-it-so 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function.2 → 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +1 -1
  2. package/dist/cdk-constructs/CloudFrontOidcAuth/auth-check.js +3 -2
  3. package/dist/cdk-constructs/CloudFrontOidcAuth/index.d.ts.map +1 -1
  4. package/dist/cdk-constructs/CloudFrontOidcAuth/index.js +5 -3
  5. package/package.json +2 -2
  6. package/src/cdk-constructs/CloudFrontOidcAuth/auth-check.ts +4 -2
  7. package/src/cdk-constructs/CloudFrontOidcAuth/index.ts +5 -2
package/README.md CHANGED
@@ -294,7 +294,7 @@ const vpcDetails = new IxVpcDetails(scope, "VpcDetails");
294
294
  <summary><strong>CloudFrontOidcAuth</strong> - Adds OIDC authentication to a CloudFront distribution.</summary>
295
295
 
296
296
  ```typescript
297
- import { CloudWatchOidcAuth } from "@infoxchange/make-it-so/cdk-constructs";
297
+ import { CloudFrontOidcAuth } from "@infoxchange/make-it-so/cdk-constructs";
298
298
 
299
299
  // You first create an instance of CloudFrontOidcAuth
300
300
  const auth = new CloudFrontOidcAuth(stack, "CloudFrontOidcAuth", {
package/dist/cdk-constructs/CloudFrontOidcAuth/auth-check.js CHANGED
@@ -3,14 +3,15 @@
3
3
  // For example, no external libraries can be used, and the runtime is more limited.
4
4
  import crypto from "crypto";
5
5
  import cf from "cloudfront";
6
+ const kvsKey = "__placeholder-for-jwt-secret-key__";
7
+ const authRoutePrefix = "__placeholder-for-auth-route-prefix__";
6
8
  //Response when JWT is not valid.
7
9
  const redirectResponse = {
8
10
  statusCode: 302,
9
11
  headers: {
10
- location: { value: "/auth/oidc/authorize" },
12
+ location: { value: `${authRoutePrefix}/oidc/authorize` },
11
13
  },
12
14
  };
13
- const kvsKey = "__placeholder-for-jwt-secret-key__";
14
15
  // Set to true to enable console logging
15
16
  const loggingEnabled = false;
16
17
  function jwtDecode(token, key, noVerify) {
package/dist/cdk-constructs/CloudFrontOidcAuth/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudFrontOidcAuth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AASvC,OAAO,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAI1E,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,OAAO,CAAC,CAAC,IAAI;IAChB,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC/B,CAAC;AAEF,KAAK,KAAK,GAAG;IACX,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,qBAAa,kBAAmB,SAAQ,SAAS;IAC/C,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAER,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAQhE,2BAA2B,CACzB,iBAAiB,SAAS,4BAA4B,EAEtD,KAAK,EAAE,cAAc,EACrB,EACE,sBAAsB,EACtB,MAAgB,GACjB,EAAE;QAAE,sBAAsB,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAuC5E,OAAO,CAAC,sBAAsB;IA8H9B,OAAO,CAAC,sBAAsB;CA8E/B"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudFrontOidcAuth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AASvC,OAAO,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAI1E,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,OAAO,CAAC,CAAC,IAAI;IAChB,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC/B,CAAC;AAEF,KAAK,KAAK,GAAG;IACX,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,qBAAa,kBAAmB,SAAQ,SAAS;IAC/C,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAER,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAQhE,2BAA2B,CACzB,iBAAiB,SAAS,4BAA4B,EAEtD,KAAK,EAAE,cAAc,EACrB,EACE,sBAAsB,EACtB,MAAgB,GACjB,EAAE;QAAE,sBAAsB,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAwC5E,OAAO,CAAC,sBAAsB;IAgI9B,OAAO,CAAC,sBAAsB;CA8E/B"}
package/dist/cdk-constructs/CloudFrontOidcAuth/index.js CHANGED
@@ -22,6 +22,7 @@ export class CloudFrontOidcAuth extends Construct {
22
22
  this.id = id;
23
23
  }
24
24
  addToDistributionDefinition(scope, { distributionDefinition, prefix = "/auth", }) {
25
+ prefix = prefix.replace(/\/$/, ""); // Remove trailing slash from prefix if it has one
25
26
  const updatedDistributionDefinition = { ...distributionDefinition };
26
27
  const behaviourName = `${prefix.replace(/^\//g, "")}/*`;
27
28
  updatedDistributionDefinition.additionalBehaviors =
@@ -47,14 +48,14 @@ export class CloudFrontOidcAuth extends Construct {
47
48
  functionAssociations: [
48
49
  ...(updatedDistributionDefinition.defaultBehavior
49
50
  ?.functionAssociations || []),
50
- this.getFunctionAssociation(scope, jwtSecret),
51
+ this.getFunctionAssociation(scope, jwtSecret, prefix),
51
52
  ],
52
53
  };
53
54
  updatedDistributionDefinition.additionalBehaviors[behaviourName] =
54
55
  this.getAuthBehaviorOptions(scope, jwtSecret, prefix);
55
56
  return updatedDistributionDefinition;
56
57
  }
57
- getFunctionAssociation(scope, jwtSecret) {
58
+ getFunctionAssociation(scope, jwtSecret, authRoutePrefix) {
58
59
  const cfKeyValueStore = new CloudFront.KeyValueStore(scope, `${this.id}CFKeyValueStore`);
59
60
  const kvStoreId = cfKeyValueStore.keyValueStoreId; // Your KV store ID
60
61
  const key = "jwt-secret";
@@ -128,7 +129,8 @@ export class CloudFrontOidcAuth extends Construct {
128
129
  const authCheckFunction = new CloudFront.Function(scope, `${this.id}AuthCheckFunction`, {
129
130
  code: CloudFront.FunctionCode.fromInline(fs
130
131
  .readFileSync(path.join(import.meta.dirname, "auth-check.js"), "utf8")
131
- .replace("__placeholder-for-jwt-secret-key__", key)),
132
+ .replace("__placeholder-for-jwt-secret-key__", key)
133
+ .replace("__placeholder-for-auth-route-prefix__", authRoutePrefix)),
132
134
  runtime: CloudFront.FunctionRuntime.JS_2_0,
133
135
  keyValueStore: cfKeyValueStore,
134
136
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@infoxchange/make-it-so",
3
- "version": "2.11.0-internal-testing-vdt-199-add-auth-token-verify-function.2",
3
+ "version": "2.11.0-internal-testing-vdt-199-add-auth-token-verify-function.4",
4
4
  "description": "Makes deploying services to IX infra easy",
5
5
  "repository": "github:infoxchange/make-it-so",
6
6
  "type": "module",
@@ -17,7 +17,7 @@
17
17
  "exports": {
18
18
  "./cdk-constructs": "./dist/cdk-constructs/index.js",
19
19
  "./deployConfig": "./dist/deployConfig.js",
20
- "./auth": "./dist/lib/auth.js"
20
+ "./auth": "./dist/lib/auth/index.js"
21
21
  },
22
22
  "lint-staged": {
23
23
  "**/*": [
package/src/cdk-constructs/CloudFrontOidcAuth/auth-check.ts CHANGED
@@ -4,15 +4,17 @@
4
4
  import crypto from "crypto";
5
5
  import cf from "cloudfront";
6
6
 
7
+ const kvsKey = "__placeholder-for-jwt-secret-key__";
8
+ const authRoutePrefix = "__placeholder-for-auth-route-prefix__";
9
+
7
10
  //Response when JWT is not valid.
8
11
  const redirectResponse = {
9
12
  statusCode: 302,
10
13
  headers: {
11
- location: { value: "/auth/oidc/authorize" },
14
+ location: { value: `${authRoutePrefix}/oidc/authorize` },
12
15
  },
13
16
  };
14
17
 
15
- const kvsKey = "__placeholder-for-jwt-secret-key__";
16
18
  // Set to true to enable console logging
17
19
  const loggingEnabled = false;
18
20
 
package/src/cdk-constructs/CloudFrontOidcAuth/index.ts CHANGED
@@ -47,6 +47,7 @@ export class CloudFrontOidcAuth extends Construct {
47
47
  prefix = "/auth",
48
48
  }: { distributionDefinition: Mutable<DistributionProps>; prefix?: string },
49
49
  ) {
50
+ prefix = prefix.replace(/\/$/, ""); // Remove trailing slash from prefix if it has one
50
51
  const updatedDistributionDefinition = { ...distributionDefinition };
51
52
  const behaviourName = `${prefix.replace(/^\//g, "")}/*`;
52
53
  updatedDistributionDefinition.additionalBehaviors =
@@ -76,7 +77,7 @@ export class CloudFrontOidcAuth extends Construct {
76
77
  functionAssociations: [
77
78
  ...(updatedDistributionDefinition.defaultBehavior
78
79
  ?.functionAssociations || []),
79
- this.getFunctionAssociation(scope, jwtSecret),
80
+ this.getFunctionAssociation(scope, jwtSecret, prefix),
80
81
  ],
81
82
  };
82
83
  updatedDistributionDefinition.additionalBehaviors[behaviourName] =
@@ -87,6 +88,7 @@ export class CloudFrontOidcAuth extends Construct {
87
88
  private getFunctionAssociation(
88
89
  scope: ConstructScope,
89
90
  jwtSecret: SecretsManager.Secret,
91
+ authRoutePrefix: string,
90
92
  ): CloudFront.FunctionAssociation {
91
93
  const cfKeyValueStore = new CloudFront.KeyValueStore(
92
94
  scope,
@@ -197,7 +199,8 @@ export class CloudFrontOidcAuth extends Construct {
197
199
  path.join(import.meta.dirname, "auth-check.js"),
198
200
  "utf8",
199
201
  )
200
- .replace("__placeholder-for-jwt-secret-key__", key),
202
+ .replace("__placeholder-for-jwt-secret-key__", key)
203
+ .replace("__placeholder-for-auth-route-prefix__", authRoutePrefix),
201
204
  ),
202
205
  runtime: CloudFront.FunctionRuntime.JS_2_0,
203
206
  keyValueStore: cfKeyValueStore,