@liflig/cdk-cloudfront-auth 1.10.4 → 1.10.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/check-auth/index.js +1 -1
- package/dist/http-headers/index.js +1 -1
- package/dist/lambda-config-handler/index.js +14 -14
- package/dist/parse-auth/index.js +18 -18
- package/dist/refresh-auth/index.js +18 -18
- package/dist/sign-out/index.js +1 -1
- package/lib/handlers/util/config.js +2 -2
- package/lib/handlers/util/jwt.js +6 -1
- package/package.json +7 -7
package/dist/sign-out/index.js
CHANGED
|
@@ -24,4 +24,4 @@ var OW=Object.create;var{getPrototypeOf:GW,defineProperty:Ft,getOwnPropertyNames
|
|
|
24
24
|
</p>
|
|
25
25
|
</body>
|
|
26
26
|
</html>
|
|
27
|
-
`;var uh=require("node:fs"),Dc=kt(require("node:path")),rh=require("node:url"),nh=kt(Nr(),1);var Dr;((f)=>{f[f.none=0]="none";f[f.error=10]="error";f[f.warn=20]="warn";f[f.info=30]="info";f[f.debug=40]="debug"})(Dr||={});class br{logLevel;constructor(t){this.logLevel=t}jsonify(t){return t.map((c)=>{if(typeof c==="object")try{return JSON.stringify(c)}catch{return c}return c})}info(...t){if(this.logLevel>=30)console.log(...this.jsonify(t))}warn(...t){if(this.logLevel>=20)console.warn(...this.jsonify(t))}error(...t){if(this.logLevel>=10)console.error(...this.jsonify(t))}debug(...t){if(this.logLevel>=40)console.trace(...this.jsonify(t))}}var vW=rh.fileURLToPath("file:///home/runner/work/cdk-cloudfront-auth/cdk-cloudfront-auth/src/handlers/util/config.ts"),sW=Dc.dirname(vW);function jr(){let c=process.env.LAMBDA_TASK_ROOT||sW,u=Dc.join(c,"config.json");console.log("Loading config from",u);let r=JSON.parse(uh.readFileSync(u,"utf-8")),f=`https://cognito-idp.${/^(\S+?)_\S+$/.exec(r.userPoolId)[1]}.amazonaws.com/${r.userPoolId}`,d=`${f}/.well-known/jwks.json`;return{nonceMaxAge:Number.parseInt(nh.parse(r.cookieSettings.nonce.toLowerCase())["max-age"],10)||86400,...r,tokenIssuer:f,tokenJwksUri:d,logger:new br(Dr[r.logLevel])}}function xW(t){return Object.entries(t).reduce((c,[u,r])=>Object.assign(c,{[u.toLowerCase()]:[{key:u,value:r}]}),{})}function pr(t,c){let u=c?.cookies?{"set-cookie":c.cookies.map((r)=>({key:"set-cookie",value:r}))}:{};return{status:"307",statusDescription:"Temporary Redirect",headers:{location:[{key:"location",value:t}],...u}}}function qI(t){return{body:LW(t),status:t.statusCode??"500",headers:{"content-type":[{key:"Content-Type",value:"text/html; charset=UTF-8"}]}}}function LW(t){let c={...t,region:process.env.AWS_REGION};return ld.replace(/\${([^}]*)}/g,(u,r)=>c[r]||"")}function fh(t,c){if(!c)throw Error("Expected response value");return{...c,headers:{...c.headers??{},...xW(t.httpHeaders)}}}function dh(t){let c;return async(u)=>{if(!c)c=jr();c.logger.debug("Handling event:",u);let r=fh(c,await t(c,u));return c.logger.debug("Returning response:",r),r}}function _I(t){let c;return async(u)=>{if(!c)c=jr();c.logger.debug("Handling event:",u);let r=fh(c,await t(c,u));return c.logger.debug("Returning response:",r),r}}var yW=kt(Nr(),1);var md=kt(D6(),1),PW=kt($W(),1),gd;function oG(t){return"rsaPublicKey"in t}async function UG(t,c){if(!gd)gd=PW.default({cache:!0,rateLimit:!0,jwksUri:t});let u=await gd.getSigningKey(c);return oG(u)?u.rsaPublicKey:u.publicKey}async function vE(t,c,u,r){let n=md.default.decode(t,{complete:!0});if(!n||typeof n==="string")return{validationError:Error("Cannot parse JWT token")};let f=n.header.kid
|
|
27
|
+
`;var uh=require("node:fs"),Dc=kt(require("node:path")),rh=require("node:url"),nh=kt(Nr(),1);var Dr;((f)=>{f[f.none=0]="none";f[f.error=10]="error";f[f.warn=20]="warn";f[f.info=30]="info";f[f.debug=40]="debug"})(Dr||={});class br{logLevel;constructor(t){this.logLevel=t}jsonify(t){return t.map((c)=>{if(typeof c==="object")try{return JSON.stringify(c)}catch{return c}return c})}info(...t){if(this.logLevel>=30)console.log(...this.jsonify(t))}warn(...t){if(this.logLevel>=20)console.warn(...this.jsonify(t))}error(...t){if(this.logLevel>=10)console.error(...this.jsonify(t))}debug(...t){if(this.logLevel>=40)console.trace(...this.jsonify(t))}}var vW=rh.fileURLToPath("file:///home/runner/work/cdk-cloudfront-auth/cdk-cloudfront-auth/src/handlers/util/config.ts"),sW=Dc.dirname(vW);function jr(){let c=process.env.LAMBDA_TASK_ROOT||sW,u=Dc.join(c,"config.json");console.log("Loading config from",u);let r=JSON.parse(uh.readFileSync(u,"utf-8")),f=`https://cognito-idp.${/^(\S+?)_\S+$/.exec(r.userPoolId)[1]}.amazonaws.com/${r.userPoolId}`,d=`${f}/.well-known/jwks.json`;return{nonceMaxAge:Number.parseInt(nh.parse(r.cookieSettings.nonce.toLowerCase())["max-age"]??"",10)||86400,...r,tokenIssuer:f,tokenJwksUri:d,logger:new br(Dr[r.logLevel])}}function xW(t){return Object.entries(t).reduce((c,[u,r])=>Object.assign(c,{[u.toLowerCase()]:[{key:u,value:r}]}),{})}function pr(t,c){let u=c?.cookies?{"set-cookie":c.cookies.map((r)=>({key:"set-cookie",value:r}))}:{};return{status:"307",statusDescription:"Temporary Redirect",headers:{location:[{key:"location",value:t}],...u}}}function qI(t){return{body:LW(t),status:t.statusCode??"500",headers:{"content-type":[{key:"Content-Type",value:"text/html; charset=UTF-8"}]}}}function LW(t){let c={...t,region:process.env.AWS_REGION};return ld.replace(/\${([^}]*)}/g,(u,r)=>c[r]||"")}function fh(t,c){if(!c)throw Error("Expected response value");return{...c,headers:{...c.headers??{},...xW(t.httpHeaders)}}}function dh(t){let c;return async(u)=>{if(!c)c=jr();c.logger.debug("Handling event:",u);let r=fh(c,await t(c,u));return c.logger.debug("Returning response:",r),r}}function _I(t){let c;return async(u)=>{if(!c)c=jr();c.logger.debug("Handling event:",u);let r=fh(c,await t(c,u));return c.logger.debug("Returning response:",r),r}}var yW=kt(Nr(),1);var md=kt(D6(),1),PW=kt($W(),1),gd;function oG(t){return"rsaPublicKey"in t}async function UG(t,c){if(!gd)gd=PW.default({cache:!0,rateLimit:!0,jwksUri:t});let u=await gd.getSigningKey(c);return oG(u)?u.rsaPublicKey:u.publicKey}async function vE(t,c,u,r){let n=md.default.decode(t,{complete:!0});if(!n||typeof n==="string")return{validationError:Error("Cannot parse JWT token")};let f=n.header.kid;if(!f)return{validationError:Error("JWT header is missing 'kid' claim")};let d=await UG(c,f);if(d instanceof Error)return{validationError:d};let h={audience:r,issuer:u,ignoreExpiration:!1};return new Promise((q)=>md.default.verify(t,d,h,(_)=>_?q({validationError:_}):q(void 0)))}function AW(t){let u=t.split(".")[1].replace(/-/g,"+").replace(/_/g,"/");return JSON.parse(Buffer.from(u,"base64").toString())}function lG(t){if(!t.cookie)return{};return t.cookie.reduce((u,r)=>({...u,...yW.parse(r.value)}),{})}function Wt(t,c){if(c.toLowerCase().indexOf("domain")===-1)return`${c}; Domain=.${t}`;return c}function SW(t,c){let u=lG(t);if(!u)return{};let r=`CognitoIdentityServiceProvider.${c}`,n=u[`${r}.LastAuthUser`];return{tokenUserName:n,idToken:u[`${r}.${n??""}.idToken`],accessToken:u[`${r}.${n??""}.accessToken`],refreshToken:u[`${r}.${n??""}.refreshToken`],scopes:u[`${r}.${n??""}.tokenScopesString`],nonce:u["spa-auth-edge-nonce"],nonceHmac:u["spa-auth-edge-nonce-hmac"],pkce:u["spa-auth-edge-pkce"]}}function HW(t){let c=AW(t.tokens.idToken),u=c["cognito:username"],r=`CognitoIdentityServiceProvider.${t.clientId}`,n=`${r}.${u}.idToken`,f=`${r}.${u}.accessToken`,d=`${r}.${u}.refreshToken`,h=`${r}.LastAuthUser`,q=`${r}.${u}.tokenScopesString`,_=t.oauthScopes.join(" "),W=`${r}.${u}.userData`,J=JSON.stringify({UserAttributes:[{Name:"sub",Value:c.sub},{Name:"email",Value:c.email}],Username:u}),$={[n]:`${t.tokens.idToken}; ${Wt(t.domainName,t.cookieSettings.idToken)}`,[f]:`${t.tokens.accessToken}; ${Wt(t.domainName,t.cookieSettings.accessToken)}`,[d]:`${t.tokens.refreshToken}; ${Wt(t.domainName,t.cookieSettings.refreshToken)}`,[h]:`${u}; ${Wt(t.domainName,t.cookieSettings.idToken)}`,[q]:`${_}; ${Wt(t.domainName,t.cookieSettings.accessToken)}`,[W]:`${encodeURIComponent(J)}; ${Wt(t.domainName,t.cookieSettings.idToken)}`,"amplify-signin-with-hostedUI":`true; ${Wt(t.domainName,t.cookieSettings.accessToken)}`};if(t.event==="signOut")Object.keys($).forEach((w)=>$[w]=Bd($[w]));else if(t.event==="refreshFailed")$[d]=Bd($[d]);return["spa-auth-edge-nonce","spa-auth-edge-nonce-hmac","spa-auth-edge-pkce"].forEach((w)=>{$[w]=Bd($[w])}),Object.entries($).map(([w,P])=>`${w}=${P}`)}function Bd(t=""){let c=t.split(";").map((r)=>r.trim()).filter((r)=>!r.toLowerCase().startsWith("max-age")).filter((r)=>!r.toLowerCase().startsWith("expires")),u=`Expires=${new Date(0).toUTCString()}`;return["",...c.slice(1),u].join("; ")}var QG=dh(async(t,c)=>{let u=c.Records[0].cf.request,r=u.headers.host[0].value,{idToken:n,accessToken:f,refreshToken:d}=SW(u.headers,t.clientId);if(!n)return pr(`https://${r}${t.signOutRedirectTo}`);let h=new URLSearchParams({logout_uri:`https://${r}${t.signOutRedirectTo}`,client_id:t.clientId}).toString();return pr(`https://${t.cognitoAuthDomain}/logout?${h}`,{cookies:HW({event:"signOut",tokens:{idToken:n,accessToken:f??"",refreshToken:d??""},domainName:r,...t})})});
|
|
@@ -18,11 +18,11 @@ export function getConfig() {
|
|
|
18
18
|
const tokenIssuer = `https://cognito-idp.${userPoolRegion}.amazonaws.com/${config.userPoolId}`;
|
|
19
19
|
const tokenJwksUri = `${tokenIssuer}/.well-known/jwks.json`;
|
|
20
20
|
return {
|
|
21
|
-
nonceMaxAge: Number.parseInt(parse(config.cookieSettings.nonce.toLowerCase())["max-age"], 10) || 60 * 60 * 24,
|
|
21
|
+
nonceMaxAge: Number.parseInt(parse(config.cookieSettings.nonce.toLowerCase())["max-age"] ?? "", 10) || 60 * 60 * 24,
|
|
22
22
|
...config,
|
|
23
23
|
tokenIssuer,
|
|
24
24
|
tokenJwksUri,
|
|
25
25
|
logger: new Logger(LogLevel[config.logLevel]),
|
|
26
26
|
};
|
|
27
27
|
}
|
|
28
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
28
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2hhbmRsZXJzL3V0aWwvY29uZmlnLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxTQUFTLENBQUE7QUFDdEMsT0FBTyxLQUFLLElBQUksTUFBTSxXQUFXLENBQUE7QUFDakMsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLFVBQVUsQ0FBQTtBQUN4QyxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sUUFBUSxDQUFBO0FBRzlCLE9BQU8sRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFLE1BQU0sVUFBVSxDQUFBO0FBRTNDLE1BQU0sVUFBVSxHQUFHLGFBQWEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO0FBQ2pELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUE7QUEwQjFDLE1BQU0sVUFBVSxTQUFTO0lBQ3ZCLE1BQU0sUUFBUSxHQUFHLGFBQWEsQ0FBQTtJQUM5QixNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLGdCQUFnQixJQUFJLFNBQVMsQ0FBQTtJQUN6RCxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsQ0FBQTtJQUNuRCxPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixFQUFFLGNBQWMsQ0FBQyxDQUFBO0lBQ2xELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQ3ZCLFlBQVksQ0FBQyxjQUFjLEVBQUUsT0FBTyxDQUFDLENBQ3RCLENBQUE7SUFFakIsb0VBQW9FO0lBQ3BFLGlDQUFpQztJQUNqQyxtRkFBbUY7SUFDbkYsTUFBTSxjQUFjLEdBQUcsY0FBYyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsVUFBVSxDQUFFLENBQUMsQ0FBQyxDQUFDLENBQUE7SUFDakUsTUFBTSxXQUFXLEdBQUcsdUJBQXVCLGNBQWMsa0JBQWtCLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQTtJQUM5RixNQUFNLFlBQVksR0FBRyxHQUFHLFdBQVcsd0JBQXdCLENBQUE7SUFFM0QsT0FBTztRQUNMLFdBQVcsRUFDVCxNQUFNLENBQUMsUUFBUSxDQUNiLEtBQUssQ0FBQyxNQUFNLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsRUFDakUsRUFBRSxDQUNILElBQUksRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFO1FBQ25CLEdBQUcsTUFBTTtRQUNULFdBQVc7UUFDWCxZQUFZO1FBQ1osTUFBTSxFQUFFLElBQUksTUFBTSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7S0FDOUMsQ0FBQTtBQUNILENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyByZWFkRmlsZVN5bmMgfSBmcm9tIFwibm9kZTpmc1wiXG5pbXBvcnQgKiBhcyBwYXRoIGZyb20gXCJub2RlOnBhdGhcIlxuaW1wb3J0IHsgZmlsZVVSTFRvUGF0aCB9IGZyb20gXCJub2RlOnVybFwiXG5pbXBvcnQgeyBwYXJzZSB9IGZyb20gXCJjb29raWVcIlxuaW1wb3J0IHR5cGUgeyBIdHRwSGVhZGVycyB9IGZyb20gXCIuL2Nsb3VkZnJvbnRcIlxuaW1wb3J0IHR5cGUgeyBDb29raWVTZXR0aW5ncyB9IGZyb20gXCIuL2Nvb2tpZXNcIlxuaW1wb3J0IHsgTG9nZ2VyLCBMb2dMZXZlbCB9IGZyb20gXCIuL2xvZ2dlclwiXG5cbmNvbnN0IF9fZmlsZW5hbWUgPSBmaWxlVVJMVG9QYXRoKGltcG9ydC5tZXRhLnVybClcbmNvbnN0IF9fZGlybmFtZSA9IHBhdGguZGlybmFtZShfX2ZpbGVuYW1lKVxuXG5leHBvcnQgaW50ZXJmYWNlIFN0b3JlZENvbmZpZyB7XG4gIHVzZXJQb29sSWQ6IHN0cmluZ1xuICBjbGllbnRJZDogc3RyaW5nXG4gIG9hdXRoU2NvcGVzOiBzdHJpbmdbXVxuICBjb2duaXRvQXV0aERvbWFpbjogc3RyaW5nXG4gIGNhbGxiYWNrUGF0aDogc3RyaW5nXG4gIHNpZ25PdXRSZWRpcmVjdFRvOiBzdHJpbmdcbiAgc2lnbk91dFBhdGg6IHN0cmluZ1xuICByZWZyZXNoQXV0aFBhdGg6IHN0cmluZ1xuICBjb29raWVTZXR0aW5nczogQ29va2llU2V0dGluZ3NcbiAgaHR0cEhlYWRlcnM6IEh0dHBIZWFkZXJzXG4gIGNsaWVudFNlY3JldDogc3RyaW5nXG4gIG5vbmNlU2lnbmluZ1NlY3JldDogc3RyaW5nXG4gIGxvZ0xldmVsOiBrZXlvZiB0eXBlb2YgTG9nTGV2ZWxcbiAgcmVxdWlyZUdyb3VwQW55T2Y/OiBzdHJpbmdbXSB8IG51bGxcbn1cblxuZXhwb3J0IGludGVyZmFjZSBDb25maWcgZXh0ZW5kcyBTdG9yZWRDb25maWcge1xuICB0b2tlbklzc3Vlcjogc3RyaW5nXG4gIHRva2VuSndrc1VyaTogc3RyaW5nXG4gIGxvZ2dlcjogTG9nZ2VyXG4gIG5vbmNlTWF4QWdlOiBudW1iZXJcbn1cblxuZXhwb3J0IGZ1bmN0aW9uIGdldENvbmZpZygpOiBDb25maWcge1xuICBjb25zdCBmaWxlbmFtZSA9IFwiY29uZmlnLmpzb25cIlxuICBjb25zdCBkaXJuYW1lID0gcHJvY2Vzcy5lbnYuTEFNQkRBX1RBU0tfUk9PVCB8fCBfX2Rpcm5hbWVcbiAgY29uc3QgY29uZmlnRmlsZVBhdGggPSBwYXRoLmpvaW4oZGlybmFtZSwgZmlsZW5hbWUpXG4gIGNvbnNvbGUubG9nKFwiTG9hZGluZyBjb25maWcgZnJvbVwiLCBjb25maWdGaWxlUGF0aClcbiAgY29uc3QgY29uZmlnID0gSlNPTi5wYXJzZShcbiAgICByZWFkRmlsZVN5bmMoY29uZmlnRmlsZVBhdGgsIFwidXRmLThcIiksXG4gICkgYXMgU3RvcmVkQ29uZmlnXG5cbiAgLy8gRGVyaXZlIHRoZSBpc3N1ZXIgYW5kIEpXS1MgdXJpIGFsbCBKV1QncyB3aWxsIGJlIHNpZ25lZCB3aXRoIGZyb21cbiAgLy8gdGhlIFVzZXIgUG9vbCdzIElEIGFuZCByZWdpb24uXG4gIC8vIGJpb21lLWlnbm9yZSBsaW50L3N0eWxlL25vTm9uTnVsbEFzc2VydGlvbjogU3VwcHJlc3Npb24gY2FycmllZCBvdmVyIGZyb20gZXNsaW50XG4gIGNvbnN0IHVzZXJQb29sUmVnaW9uID0gL14oXFxTKz8pX1xcUyskLy5leGVjKGNvbmZpZy51c2VyUG9vbElkKSFbMV1cbiAgY29uc3QgdG9rZW5Jc3N1ZXIgPSBgaHR0cHM6Ly9jb2duaXRvLWlkcC4ke3VzZXJQb29sUmVnaW9ufS5hbWF6b25hd3MuY29tLyR7Y29uZmlnLnVzZXJQb29sSWR9YFxuICBjb25zdCB0b2tlbkp3a3NVcmkgPSBgJHt0b2tlbklzc3Vlcn0vLndlbGwta25vd24vandrcy5qc29uYFxuXG4gIHJldHVybiB7XG4gICAgbm9uY2VNYXhBZ2U6XG4gICAgICBOdW1iZXIucGFyc2VJbnQoXG4gICAgICAgIHBhcnNlKGNvbmZpZy5jb29raWVTZXR0aW5ncy5ub25jZS50b0xvd2VyQ2FzZSgpKVtcIm1heC1hZ2VcIl0gPz8gXCJcIixcbiAgICAgICAgMTAsXG4gICAgICApIHx8IDYwICogNjAgKiAyNCxcbiAgICAuLi5jb25maWcsXG4gICAgdG9rZW5Jc3N1ZXIsXG4gICAgdG9rZW5Kd2tzVXJpLFxuICAgIGxvZ2dlcjogbmV3IExvZ2dlcihMb2dMZXZlbFtjb25maWcubG9nTGV2ZWxdKSxcbiAgfVxufVxuIl19
|
package/lib/handlers/util/jwt.js
CHANGED
|
@@ -27,6 +27,11 @@ export async function validate(jwtToken, jwksUri, issuer, audience) {
|
|
|
27
27
|
// The JWT contains a "kid" claim, key id, that tells which key
|
|
28
28
|
// was used to sign the token.
|
|
29
29
|
const kid = decodedToken.header.kid;
|
|
30
|
+
if (!kid) {
|
|
31
|
+
return {
|
|
32
|
+
validationError: new Error("JWT header is missing 'kid' claim"),
|
|
33
|
+
};
|
|
34
|
+
}
|
|
30
35
|
const jwk = await getSigningKey(jwksUri, kid);
|
|
31
36
|
if (jwk instanceof Error) {
|
|
32
37
|
return { validationError: jwk };
|
|
@@ -45,4 +50,4 @@ export function decodeIdToken(jwt) {
|
|
|
45
50
|
const decodableTokenBody = tokenBody.replace(/-/g, "+").replace(/_/g, "/");
|
|
46
51
|
return JSON.parse(Buffer.from(decodableTokenBody, "base64").toString());
|
|
47
52
|
}
|
|
48
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
53
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiand0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2hhbmRsZXJzL3V0aWwvand0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sR0FBRyxNQUFNLGNBQWMsQ0FBQTtBQUM5QixPQUFPLFVBQW1ELE1BQU0sVUFBVSxDQUFBO0FBZ0IxRSwwREFBMEQ7QUFDMUQsNkJBQTZCO0FBQzdCLElBQUksT0FBOEIsQ0FBQTtBQUVsQyxTQUFTLGVBQWUsQ0FBQyxHQUFlO0lBQ3RDLE9BQU8sY0FBYyxJQUFJLEdBQUcsQ0FBQTtBQUM5QixDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsS0FBSyxVQUFVLGFBQWEsQ0FDMUIsT0FBZSxFQUNmLEdBQVc7SUFFWCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDYixPQUFPLEdBQUcsVUFBVSxDQUFDLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUE7SUFDakUsQ0FBQztJQUNELE1BQU0sR0FBRyxHQUFHLE1BQU0sT0FBTyxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsQ0FBQTtJQUM1QyxPQUFPLGVBQWUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQTtBQUNoRSxDQUFDO0FBRUQsTUFBTSxDQUFDLEtBQUssVUFBVSxRQUFRLENBQzVCLFFBQWdCLEVBQ2hCLE9BQWUsRUFDZixNQUFjLEVBQ2QsUUFBZ0I7SUFFaEIsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsRUFBRSxRQUFRLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQTtJQUM3RCxJQUFJLENBQUMsWUFBWSxJQUFJLE9BQU8sWUFBWSxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ3RELE9BQU87WUFDTCxlQUFlLEVBQUUsSUFBSSxLQUFLLENBQUMsd0JBQXdCLENBQUM7U0FDckQsQ0FBQTtJQUNILENBQUM7SUFFRCwrREFBK0Q7SUFDL0QsOEJBQThCO0lBQzlCLE1BQU0sR0FBRyxHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFBO0lBQ25DLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUNULE9BQU87WUFDTCxlQUFlLEVBQUUsSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUM7U0FDaEUsQ0FBQTtJQUNILENBQUM7SUFDRCxNQUFNLEdBQUcsR0FBRyxNQUFNLGFBQWEsQ0FBQyxPQUFPLEVBQUUsR0FBRyxDQUFDLENBQUE7SUFDN0MsSUFBSSxHQUFHLFlBQVksS0FBSyxFQUFFLENBQUM7UUFDekIsT0FBTyxFQUFFLGVBQWUsRUFBRSxHQUFHLEVBQUUsQ0FBQTtJQUNqQyxDQUFDO0lBRUQsa0JBQWtCO0lBQ2xCLGdFQUFnRTtJQUNoRSxNQUFNLG1CQUFtQixHQUFHO1FBQzFCLFFBQVE7UUFDUixNQUFNO1FBQ04sZ0JBQWdCLEVBQUUsS0FBSztLQUN4QixDQUFBO0lBRUQsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQzdCLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLEdBQUcsRUFBRSxtQkFBbUIsRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQ3JELEdBQUcsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLEVBQUUsZUFBZSxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FDN0QsQ0FDRixDQUFBO0FBQ0gsQ0FBQztBQUVELE1BQU0sVUFBVSxhQUFhLENBQUMsR0FBVztJQUN2QyxNQUFNLFNBQVMsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO0lBQ25DLE1BQU0sa0JBQWtCLEdBQUcsU0FBUyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUMxRSxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxRQUFRLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFBO0FBQ3pFLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgand0IGZyb20gXCJqc29ud2VidG9rZW5cIlxuaW1wb3J0IGp3a3NDbGllbnQsIHsgdHlwZSBSc2FTaWduaW5nS2V5LCB0eXBlIFNpZ25pbmdLZXkgfSBmcm9tIFwiandrcy1yc2FcIlxuXG5leHBvcnQgaW50ZXJmYWNlIElkVG9rZW5QYXlsb2FkIHtcbiAgc3ViOiBzdHJpbmdcbiAgXCJjb2duaXRvOmdyb3Vwc1wiPzogc3RyaW5nW11cbiAgXCJjb2duaXRvOnVzZXJuYW1lXCI/OiBzdHJpbmdcbiAgZ2l2ZW5fbmFtZT86IHN0cmluZ1xuICBhdWQ6IHN0cmluZ1xuICB0b2tlbl91c2U6IFwiaWRcIlxuICBhdXRoX3RpbWU6IG51bWJlclxuICBuYW1lPzogc3RyaW5nXG4gIGV4cDogbnVtYmVyXG4gIGlhdDogbnVtYmVyXG4gIGVtYWlsPzogc3RyaW5nXG59XG5cbi8vIGp3a3MgY2xpZW50IGlzIGNhY2hlZCBhdCB0aGlzIHNjb3BlIHNvIGl0IGNhbiBiZSByZXVzZWRcbi8vIGFjcm9zcyBMYW1iZGEgaW52b2NhdGlvbnMuXG5sZXQgandrc1JzYTogandrc0NsaWVudC5Kd2tzQ2xpZW50XG5cbmZ1bmN0aW9uIGlzUnNhU2lnbmluZ0tleShrZXk6IFNpZ25pbmdLZXkpOiBrZXkgaXMgUnNhU2lnbmluZ0tleSB7XG4gIHJldHVybiBcInJzYVB1YmxpY0tleVwiIGluIGtleVxufVxuXG4vKipcbiAqIFJldHJpZXZlcyB0aGUgcHVibGljIGtleSB0aGF0IGNvcnJlc3BvbmRzIHRvIHRoZSBwcml2YXRlIGtleSB3aXRoXG4gKiB3aGljaCB0aGUgdG9rZW4gd2FzIHNpZ25lZC5cbiAqL1xuYXN5bmMgZnVuY3Rpb24gZ2V0U2lnbmluZ0tleShcbiAgandrc1VyaTogc3RyaW5nLFxuICBraWQ6IHN0cmluZyxcbik6IFByb21pc2U8c3RyaW5nIHwgRXJyb3I+IHtcbiAgaWYgKCFqd2tzUnNhKSB7XG4gICAgandrc1JzYSA9IGp3a3NDbGllbnQoeyBjYWNoZTogdHJ1ZSwgcmF0ZUxpbWl0OiB0cnVlLCBqd2tzVXJpIH0pXG4gIH1cbiAgY29uc3QgandrID0gYXdhaXQgandrc1JzYS5nZXRTaWduaW5nS2V5KGtpZClcbiAgcmV0dXJuIGlzUnNhU2lnbmluZ0tleShqd2spID8gandrLnJzYVB1YmxpY0tleSA6IGp3ay5wdWJsaWNLZXlcbn1cblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIHZhbGlkYXRlKFxuICBqd3RUb2tlbjogc3RyaW5nLFxuICBqd2tzVXJpOiBzdHJpbmcsXG4gIGlzc3Vlcjogc3RyaW5nLFxuICBhdWRpZW5jZTogc3RyaW5nLFxuKTogUHJvbWlzZTx7IHZhbGlkYXRpb25FcnJvcjogRXJyb3IgfSB8IHVuZGVmaW5lZD4ge1xuICBjb25zdCBkZWNvZGVkVG9rZW4gPSBqd3QuZGVjb2RlKGp3dFRva2VuLCB7IGNvbXBsZXRlOiB0cnVlIH0pXG4gIGlmICghZGVjb2RlZFRva2VuIHx8IHR5cGVvZiBkZWNvZGVkVG9rZW4gPT09IFwic3RyaW5nXCIpIHtcbiAgICByZXR1cm4ge1xuICAgICAgdmFsaWRhdGlvbkVycm9yOiBuZXcgRXJyb3IoXCJDYW5ub3QgcGFyc2UgSldUIHRva2VuXCIpLFxuICAgIH1cbiAgfVxuXG4gIC8vIFRoZSBKV1QgY29udGFpbnMgYSBcImtpZFwiIGNsYWltLCBrZXkgaWQsIHRoYXQgdGVsbHMgd2hpY2gga2V5XG4gIC8vIHdhcyB1c2VkIHRvIHNpZ24gdGhlIHRva2VuLlxuICBjb25zdCBraWQgPSBkZWNvZGVkVG9rZW4uaGVhZGVyLmtpZFxuICBpZiAoIWtpZCkge1xuICAgIHJldHVybiB7XG4gICAgICB2YWxpZGF0aW9uRXJyb3I6IG5ldyBFcnJvcihcIkpXVCBoZWFkZXIgaXMgbWlzc2luZyAna2lkJyBjbGFpbVwiKSxcbiAgICB9XG4gIH1cbiAgY29uc3QgandrID0gYXdhaXQgZ2V0U2lnbmluZ0tleShqd2tzVXJpLCBraWQpXG4gIGlmIChqd2sgaW5zdGFuY2VvZiBFcnJvcikge1xuICAgIHJldHVybiB7IHZhbGlkYXRpb25FcnJvcjogandrIH1cbiAgfVxuXG4gIC8vIFZlcmlmeSB0aGUgSldULlxuICAvLyBUaGlzIGVpdGhlciByZWplY3RzIChKV1Qgbm90IHZhbGlkKSwgb3IgcmVzb2x2ZXMgKEpXVCB2YWxpZCkuXG4gIGNvbnN0IHZlcmlmaWNhdGlvbk9wdGlvbnMgPSB7XG4gICAgYXVkaWVuY2UsXG4gICAgaXNzdWVyLFxuICAgIGlnbm9yZUV4cGlyYXRpb246IGZhbHNlLFxuICB9XG5cbiAgcmV0dXJuIG5ldyBQcm9taXNlKChyZXNvbHZlKSA9PlxuICAgIGp3dC52ZXJpZnkoand0VG9rZW4sIGp3aywgdmVyaWZpY2F0aW9uT3B0aW9ucywgKGVycikgPT5cbiAgICAgIGVyciA/IHJlc29sdmUoeyB2YWxpZGF0aW9uRXJyb3I6IGVyciB9KSA6IHJlc29sdmUodW5kZWZpbmVkKSxcbiAgICApLFxuICApXG59XG5cbmV4cG9ydCBmdW5jdGlvbiBkZWNvZGVJZFRva2VuKGp3dDogc3RyaW5nKTogSWRUb2tlblBheWxvYWQge1xuICBjb25zdCB0b2tlbkJvZHkgPSBqd3Quc3BsaXQoXCIuXCIpWzFdXG4gIGNvbnN0IGRlY29kYWJsZVRva2VuQm9keSA9IHRva2VuQm9keS5yZXBsYWNlKC8tL2csIFwiK1wiKS5yZXBsYWNlKC9fL2csIFwiL1wiKVxuICByZXR1cm4gSlNPTi5wYXJzZShCdWZmZXIuZnJvbShkZWNvZGFibGVUb2tlbkJvZHksIFwiYmFzZTY0XCIpLnRvU3RyaW5nKCkpXG59XG4iXX0=
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@liflig/cdk-cloudfront-auth",
|
|
3
|
-
"version": "1.10.
|
|
3
|
+
"version": "1.10.6",
|
|
4
4
|
"description": "CDK Constructs for adding authentication for a CloudFront Distribution",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"repository": {
|
|
@@ -36,17 +36,17 @@
|
|
|
36
36
|
},
|
|
37
37
|
"devDependencies": {
|
|
38
38
|
"@aws-sdk/client-lambda": "^3.1005.0",
|
|
39
|
-
"@biomejs/biome": "2.4.
|
|
40
|
-
"@commitlint/cli": "20.5.
|
|
41
|
-
"@commitlint/config-conventional": "20.5.
|
|
39
|
+
"@biomejs/biome": "2.4.14",
|
|
40
|
+
"@commitlint/cli": "20.5.3",
|
|
41
|
+
"@commitlint/config-conventional": "20.5.3",
|
|
42
42
|
"@types/adm-zip": "^0.5.7",
|
|
43
43
|
"@types/aws-lambda": "8.10.161",
|
|
44
44
|
"@types/jest": "30.0.0",
|
|
45
45
|
"@types/jsonwebtoken": "9.0.10",
|
|
46
46
|
"@types/node": "24.12.2",
|
|
47
47
|
"adm-zip": "^0.5.16",
|
|
48
|
-
"aws-cdk-lib": "2.
|
|
49
|
-
"axios": "1.
|
|
48
|
+
"aws-cdk-lib": "2.252.0",
|
|
49
|
+
"axios": "1.16.0",
|
|
50
50
|
"constructs": "10.6.0",
|
|
51
51
|
"cookie": "1.1.1",
|
|
52
52
|
"husky": "9.1.7",
|
|
@@ -56,7 +56,7 @@
|
|
|
56
56
|
"jwks-rsa": "3.2.2",
|
|
57
57
|
"semantic-release": "25.0.3",
|
|
58
58
|
"ts-jest": "29.4.9",
|
|
59
|
-
"typescript": "
|
|
59
|
+
"typescript": "6.0.3"
|
|
60
60
|
},
|
|
61
61
|
"dependencies": {},
|
|
62
62
|
"peerDependencies": {
|