@infoxchange/make-it-so 2.11.0 → 2.12.0-internal-testing-odic-verify-proxy-fix.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/auth/oidc.d.ts.map +1 -1
- package/dist/lib/auth/oidc.js +3 -0
- package/dist/lib/proxy/fetch.d.ts +4 -0
- package/dist/lib/proxy/fetch.d.ts.map +1 -0
- package/dist/lib/proxy/fetch.js +17 -0
- package/dist/lib/proxy/index.d.ts +2 -0
- package/dist/lib/proxy/index.d.ts.map +1 -0
- package/dist/lib/proxy/index.js +1 -0
- package/package.json +4 -2
- package/src/lib/auth/oidc.ts +4 -0
- package/src/lib/proxy/fetch.ts +25 -0
- package/src/lib/proxy/index.ts +1 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAsB,UAAU,EAAa,MAAM,MAAM,CAAC;AAEjE,KAAK,uBAAuB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,IAAI;IACjE,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB,CAAC;AAEF;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,EAAE,EAC1E,KAAK,EACL,SAAS,EACT,QAAQ,EACR,UAAU,GACX,EAAE,uBAAuB,CAAC,UAAU,CAAC,GAAG,OAAO,CAC9C,UAAU,SAAS,IAAI,GAEf;IAAE,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC;IAAC,OAAO,EAAE,IAAI,CAAA;CAAE,GACzC;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,GACxC,UAAU,CACf,
|
|
1
|
+
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAsB,UAAU,EAAa,MAAM,MAAM,CAAC;AAEjE,KAAK,uBAAuB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,IAAI;IACjE,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB,CAAC;AAEF;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,EAAE,EAC1E,KAAK,EACL,SAAS,EACT,QAAQ,EACR,UAAU,GACX,EAAE,uBAAuB,CAAC,UAAU,CAAC,GAAG,OAAO,CAC9C,UAAU,SAAS,IAAI,GAEf;IAAE,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC;IAAC,OAAO,EAAE,IAAI,CAAA;CAAE,GACzC;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,GACxC,UAAU,CACf,CA6CA"}
|
package/dist/lib/auth/oidc.js
CHANGED
|
@@ -17,11 +17,14 @@ export async function verifyAccessToken({ token, issuerUrl, audience, safeVerify
|
|
|
17
17
|
if (!jwksUri) {
|
|
18
18
|
throw new Error("JWKS URI not found in issuer metadata");
|
|
19
19
|
}
|
|
20
|
+
console.debug("Discovered JWKS URI:", jwksUri);
|
|
20
21
|
const JWKS = createRemoteJWKSet(new URL(jwksUri));
|
|
22
|
+
console.debug("Discovered JWKS URI 1");
|
|
21
23
|
// Verify the signature and basic claims
|
|
22
24
|
const { payload } = await jwtVerify(token, JWKS, {
|
|
23
25
|
issuer: issuer.metadata.issuer,
|
|
24
26
|
});
|
|
27
|
+
console.debug("Discovered JWKS URI 2");
|
|
25
28
|
const tokenAud = payload.aud ?? payload.client_id;
|
|
26
29
|
let audienceMatches = false;
|
|
27
30
|
for (const aud of Array.isArray(tokenAud) ? tokenAud : [tokenAud]) {
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../../../src/lib/proxy/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,IAAI,WAAW,EACrB,MAAM,QAAQ,CAAC;AAEhB,wBAAgB,kBAAkB,SAKjC;AAED,wBAAgB,eAAe,uBAW9B"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { setGlobalDispatcher, EnvHttpProxyAgent, fetch as undiciFetch, } from "undici";
|
|
2
|
+
export function setupProxyGlobally() {
|
|
3
|
+
// See https://nodejs.org/api/globals.html#custom-dispatcher
|
|
4
|
+
// This might stop being needed at some point: https://github.com/actions/create-github-app-token/pull/143#discussion_r1747641337
|
|
5
|
+
const envHttpProxyAgent = new EnvHttpProxyAgent();
|
|
6
|
+
setGlobalDispatcher(envHttpProxyAgent);
|
|
7
|
+
}
|
|
8
|
+
export function getProxiedFetch() {
|
|
9
|
+
const fetch = (input, init = {}) => {
|
|
10
|
+
if (init.dispatcher) {
|
|
11
|
+
console.warn("A custom dispatcher was provided to fetch but this is ignored as a proxy agent is being used.");
|
|
12
|
+
}
|
|
13
|
+
const envHttpProxyAgent = new EnvHttpProxyAgent();
|
|
14
|
+
return undiciFetch(input, { ...init, dispatcher: envHttpProxyAgent });
|
|
15
|
+
};
|
|
16
|
+
return fetch;
|
|
17
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/proxy/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from "./fetch.js";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@infoxchange/make-it-so",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.12.0-internal-testing-odic-verify-proxy-fix.1",
|
|
4
4
|
"description": "Makes deploying services to IX infra easy",
|
|
5
5
|
"repository": "github:infoxchange/make-it-so",
|
|
6
6
|
"type": "module",
|
|
@@ -17,7 +17,8 @@
|
|
|
17
17
|
"exports": {
|
|
18
18
|
"./cdk-constructs": "./dist/cdk-constructs/index.js",
|
|
19
19
|
"./deployConfig": "./dist/deployConfig.js",
|
|
20
|
-
"./auth": "./dist/lib/auth/index.js"
|
|
20
|
+
"./auth": "./dist/lib/auth/index.js",
|
|
21
|
+
"./proxy": "./dist/lib/proxy/index.js"
|
|
21
22
|
},
|
|
22
23
|
"lint-staged": {
|
|
23
24
|
"**/*": [
|
|
@@ -54,6 +55,7 @@
|
|
|
54
55
|
},
|
|
55
56
|
"dependencies": {
|
|
56
57
|
"jsonwebtoken": "^9.0.2",
|
|
58
|
+
"undici": "^7.16.0",
|
|
57
59
|
"zod": "^3.24.2"
|
|
58
60
|
}
|
|
59
61
|
}
|
package/src/lib/auth/oidc.ts
CHANGED
|
@@ -36,13 +36,17 @@ export async function verifyAccessToken<SafeVerify extends boolean = false>({
|
|
|
36
36
|
if (!jwksUri) {
|
|
37
37
|
throw new Error("JWKS URI not found in issuer metadata");
|
|
38
38
|
}
|
|
39
|
+
console.debug("Discovered JWKS URI:", jwksUri);
|
|
39
40
|
const JWKS = createRemoteJWKSet(new URL(jwksUri));
|
|
41
|
+
console.debug("Discovered JWKS URI 1");
|
|
40
42
|
|
|
41
43
|
// Verify the signature and basic claims
|
|
42
44
|
const { payload } = await jwtVerify(token, JWKS, {
|
|
43
45
|
issuer: issuer.metadata.issuer,
|
|
44
46
|
});
|
|
45
47
|
|
|
48
|
+
console.debug("Discovered JWKS URI 2");
|
|
49
|
+
|
|
46
50
|
const tokenAud = payload.aud ?? payload.client_id;
|
|
47
51
|
let audienceMatches = false;
|
|
48
52
|
for (const aud of Array.isArray(tokenAud) ? tokenAud : [tokenAud]) {
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import {
|
|
2
|
+
setGlobalDispatcher,
|
|
3
|
+
EnvHttpProxyAgent,
|
|
4
|
+
fetch as undiciFetch,
|
|
5
|
+
} from "undici";
|
|
6
|
+
|
|
7
|
+
export function setupProxyGlobally() {
|
|
8
|
+
// See https://nodejs.org/api/globals.html#custom-dispatcher
|
|
9
|
+
// This might stop being needed at some point: https://github.com/actions/create-github-app-token/pull/143#discussion_r1747641337
|
|
10
|
+
const envHttpProxyAgent = new EnvHttpProxyAgent();
|
|
11
|
+
setGlobalDispatcher(envHttpProxyAgent);
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
export function getProxiedFetch() {
|
|
15
|
+
const fetch: typeof undiciFetch = (input, init = {}) => {
|
|
16
|
+
if (init.dispatcher) {
|
|
17
|
+
console.warn(
|
|
18
|
+
"A custom dispatcher was provided to fetch but this is ignored as a proxy agent is being used.",
|
|
19
|
+
);
|
|
20
|
+
}
|
|
21
|
+
const envHttpProxyAgent = new EnvHttpProxyAgent();
|
|
22
|
+
return undiciFetch(input, { ...init, dispatcher: envHttpProxyAgent });
|
|
23
|
+
};
|
|
24
|
+
return fetch;
|
|
25
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from "./fetch.js";
|