@infoxchange/make-it-so 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function.2 → 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/cdk-constructs/CloudFrontOidcAuth/auth-check.js +3 -2
- package/dist/cdk-constructs/CloudFrontOidcAuth/index.d.ts.map +1 -1
- package/dist/cdk-constructs/CloudFrontOidcAuth/index.js +5 -3
- package/package.json +2 -2
- package/src/cdk-constructs/CloudFrontOidcAuth/auth-check.ts +4 -2
- package/src/cdk-constructs/CloudFrontOidcAuth/index.ts +5 -2
package/README.md
CHANGED
|
@@ -294,7 +294,7 @@ const vpcDetails = new IxVpcDetails(scope, "VpcDetails");
|
|
|
294
294
|
<summary><strong>CloudFrontOidcAuth</strong> - Adds OIDC authentication to a CloudFront distribution.</summary>
|
|
295
295
|
|
|
296
296
|
```typescript
|
|
297
|
-
import {
|
|
297
|
+
import { CloudFrontOidcAuth } from "@infoxchange/make-it-so/cdk-constructs";
|
|
298
298
|
|
|
299
299
|
// You first create an instance of CloudFrontOidcAuth
|
|
300
300
|
const auth = new CloudFrontOidcAuth(stack, "CloudFrontOidcAuth", {
|
|
@@ -3,14 +3,15 @@
|
|
|
3
3
|
// For example, no external libraries can be used, and the runtime is more limited.
|
|
4
4
|
import crypto from "crypto";
|
|
5
5
|
import cf from "cloudfront";
|
|
6
|
+
const kvsKey = "__placeholder-for-jwt-secret-key__";
|
|
7
|
+
const authRoutePrefix = "__placeholder-for-auth-route-prefix__";
|
|
6
8
|
//Response when JWT is not valid.
|
|
7
9
|
const redirectResponse = {
|
|
8
10
|
statusCode: 302,
|
|
9
11
|
headers: {
|
|
10
|
-
location: { value:
|
|
12
|
+
location: { value: `${authRoutePrefix}/oidc/authorize` },
|
|
11
13
|
},
|
|
12
14
|
};
|
|
13
|
-
const kvsKey = "__placeholder-for-jwt-secret-key__";
|
|
14
15
|
// Set to true to enable console logging
|
|
15
16
|
const loggingEnabled = false;
|
|
16
17
|
function jwtDecode(token, key, noVerify) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudFrontOidcAuth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AASvC,OAAO,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAI1E,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,OAAO,CAAC,CAAC,IAAI;IAChB,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC/B,CAAC;AAEF,KAAK,KAAK,GAAG;IACX,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,qBAAa,kBAAmB,SAAQ,SAAS;IAC/C,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAER,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAQhE,2BAA2B,CACzB,iBAAiB,SAAS,4BAA4B,EAEtD,KAAK,EAAE,cAAc,EACrB,EACE,sBAAsB,EACtB,MAAgB,GACjB,EAAE;QAAE,sBAAsB,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/CloudFrontOidcAuth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AASvC,OAAO,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAI1E,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,KAAK,OAAO,CAAC,CAAC,IAAI;IAChB,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC/B,CAAC;AAEF,KAAK,KAAK,GAAG;IACX,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,qBAAa,kBAAmB,SAAQ,SAAS;IAC/C,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAER,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAQhE,2BAA2B,CACzB,iBAAiB,SAAS,4BAA4B,EAEtD,KAAK,EAAE,cAAc,EACrB,EACE,sBAAsB,EACtB,MAAgB,GACjB,EAAE;QAAE,sBAAsB,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAwC5E,OAAO,CAAC,sBAAsB;IAgI9B,OAAO,CAAC,sBAAsB;CA8E/B"}
|
|
@@ -22,6 +22,7 @@ export class CloudFrontOidcAuth extends Construct {
|
|
|
22
22
|
this.id = id;
|
|
23
23
|
}
|
|
24
24
|
addToDistributionDefinition(scope, { distributionDefinition, prefix = "/auth", }) {
|
|
25
|
+
prefix = prefix.replace(/\/$/, ""); // Remove trailing slash from prefix if it has one
|
|
25
26
|
const updatedDistributionDefinition = { ...distributionDefinition };
|
|
26
27
|
const behaviourName = `${prefix.replace(/^\//g, "")}/*`;
|
|
27
28
|
updatedDistributionDefinition.additionalBehaviors =
|
|
@@ -47,14 +48,14 @@ export class CloudFrontOidcAuth extends Construct {
|
|
|
47
48
|
functionAssociations: [
|
|
48
49
|
...(updatedDistributionDefinition.defaultBehavior
|
|
49
50
|
?.functionAssociations || []),
|
|
50
|
-
this.getFunctionAssociation(scope, jwtSecret),
|
|
51
|
+
this.getFunctionAssociation(scope, jwtSecret, prefix),
|
|
51
52
|
],
|
|
52
53
|
};
|
|
53
54
|
updatedDistributionDefinition.additionalBehaviors[behaviourName] =
|
|
54
55
|
this.getAuthBehaviorOptions(scope, jwtSecret, prefix);
|
|
55
56
|
return updatedDistributionDefinition;
|
|
56
57
|
}
|
|
57
|
-
getFunctionAssociation(scope, jwtSecret) {
|
|
58
|
+
getFunctionAssociation(scope, jwtSecret, authRoutePrefix) {
|
|
58
59
|
const cfKeyValueStore = new CloudFront.KeyValueStore(scope, `${this.id}CFKeyValueStore`);
|
|
59
60
|
const kvStoreId = cfKeyValueStore.keyValueStoreId; // Your KV store ID
|
|
60
61
|
const key = "jwt-secret";
|
|
@@ -128,7 +129,8 @@ export class CloudFrontOidcAuth extends Construct {
|
|
|
128
129
|
const authCheckFunction = new CloudFront.Function(scope, `${this.id}AuthCheckFunction`, {
|
|
129
130
|
code: CloudFront.FunctionCode.fromInline(fs
|
|
130
131
|
.readFileSync(path.join(import.meta.dirname, "auth-check.js"), "utf8")
|
|
131
|
-
.replace("__placeholder-for-jwt-secret-key__", key)
|
|
132
|
+
.replace("__placeholder-for-jwt-secret-key__", key)
|
|
133
|
+
.replace("__placeholder-for-auth-route-prefix__", authRoutePrefix)),
|
|
132
134
|
runtime: CloudFront.FunctionRuntime.JS_2_0,
|
|
133
135
|
keyValueStore: cfKeyValueStore,
|
|
134
136
|
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@infoxchange/make-it-so",
|
|
3
|
-
"version": "2.11.0-internal-testing-vdt-199-add-auth-token-verify-function.
|
|
3
|
+
"version": "2.11.0-internal-testing-vdt-199-add-auth-token-verify-function.4",
|
|
4
4
|
"description": "Makes deploying services to IX infra easy",
|
|
5
5
|
"repository": "github:infoxchange/make-it-so",
|
|
6
6
|
"type": "module",
|
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
"exports": {
|
|
18
18
|
"./cdk-constructs": "./dist/cdk-constructs/index.js",
|
|
19
19
|
"./deployConfig": "./dist/deployConfig.js",
|
|
20
|
-
"./auth": "./dist/lib/auth.js"
|
|
20
|
+
"./auth": "./dist/lib/auth/index.js"
|
|
21
21
|
},
|
|
22
22
|
"lint-staged": {
|
|
23
23
|
"**/*": [
|
|
@@ -4,15 +4,17 @@
|
|
|
4
4
|
import crypto from "crypto";
|
|
5
5
|
import cf from "cloudfront";
|
|
6
6
|
|
|
7
|
+
const kvsKey = "__placeholder-for-jwt-secret-key__";
|
|
8
|
+
const authRoutePrefix = "__placeholder-for-auth-route-prefix__";
|
|
9
|
+
|
|
7
10
|
//Response when JWT is not valid.
|
|
8
11
|
const redirectResponse = {
|
|
9
12
|
statusCode: 302,
|
|
10
13
|
headers: {
|
|
11
|
-
location: { value:
|
|
14
|
+
location: { value: `${authRoutePrefix}/oidc/authorize` },
|
|
12
15
|
},
|
|
13
16
|
};
|
|
14
17
|
|
|
15
|
-
const kvsKey = "__placeholder-for-jwt-secret-key__";
|
|
16
18
|
// Set to true to enable console logging
|
|
17
19
|
const loggingEnabled = false;
|
|
18
20
|
|
|
@@ -47,6 +47,7 @@ export class CloudFrontOidcAuth extends Construct {
|
|
|
47
47
|
prefix = "/auth",
|
|
48
48
|
}: { distributionDefinition: Mutable<DistributionProps>; prefix?: string },
|
|
49
49
|
) {
|
|
50
|
+
prefix = prefix.replace(/\/$/, ""); // Remove trailing slash from prefix if it has one
|
|
50
51
|
const updatedDistributionDefinition = { ...distributionDefinition };
|
|
51
52
|
const behaviourName = `${prefix.replace(/^\//g, "")}/*`;
|
|
52
53
|
updatedDistributionDefinition.additionalBehaviors =
|
|
@@ -76,7 +77,7 @@ export class CloudFrontOidcAuth extends Construct {
|
|
|
76
77
|
functionAssociations: [
|
|
77
78
|
...(updatedDistributionDefinition.defaultBehavior
|
|
78
79
|
?.functionAssociations || []),
|
|
79
|
-
this.getFunctionAssociation(scope, jwtSecret),
|
|
80
|
+
this.getFunctionAssociation(scope, jwtSecret, prefix),
|
|
80
81
|
],
|
|
81
82
|
};
|
|
82
83
|
updatedDistributionDefinition.additionalBehaviors[behaviourName] =
|
|
@@ -87,6 +88,7 @@ export class CloudFrontOidcAuth extends Construct {
|
|
|
87
88
|
private getFunctionAssociation(
|
|
88
89
|
scope: ConstructScope,
|
|
89
90
|
jwtSecret: SecretsManager.Secret,
|
|
91
|
+
authRoutePrefix: string,
|
|
90
92
|
): CloudFront.FunctionAssociation {
|
|
91
93
|
const cfKeyValueStore = new CloudFront.KeyValueStore(
|
|
92
94
|
scope,
|
|
@@ -197,7 +199,8 @@ export class CloudFrontOidcAuth extends Construct {
|
|
|
197
199
|
path.join(import.meta.dirname, "auth-check.js"),
|
|
198
200
|
"utf8",
|
|
199
201
|
)
|
|
200
|
-
.replace("__placeholder-for-jwt-secret-key__", key)
|
|
202
|
+
.replace("__placeholder-for-jwt-secret-key__", key)
|
|
203
|
+
.replace("__placeholder-for-auth-route-prefix__", authRoutePrefix),
|
|
201
204
|
),
|
|
202
205
|
runtime: CloudFront.FunctionRuntime.JS_2_0,
|
|
203
206
|
keyValueStore: cfKeyValueStore,
|