@ogcio/api-auth 5.2.1 → 5.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +23 -20
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
- package/src/index.ts +30 -26
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAE7E,OAAO,EAEL,KAAK,aAAa,EAMnB,MAAM,MAAM,CAAC;AAGd,KAAK,iBAAiB,GAAG;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAIF,KAAK,gBAAgB,GAAG,CAAC,MAAM,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAE7E,OAAO,EAEL,KAAK,aAAa,EAMnB,MAAM,MAAM,CAAC;AAGd,KAAK,iBAAiB,GAAG;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAIF,KAAK,gBAAgB,GAAG,CAAC,MAAM,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAOjE,MAAM,MAAM,0BAA0B,GAAG;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,aAAa,GAAG,SAAS,CAAC;IACjD,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;CACvC,CAAC;AAEF,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;KAC9B;CACF;AAgED,eAAO,MAAM,uBAAuB,mBAClB,iBAAiB,GAAG,SAAS,mBAC5B,MAAM,KACtB,iBAUF,CAAC;AAEF,eAAO,MAAM,gBAAgB,eACf,MAAM,UACV,0BAA0B,uBACb,MAAM,EAAE;;MAE5B,OAAO,CAAC,iBAAiB,CAsC3B,CAAC;AAEF,eAAO,MAAM,sBAAsB,QAC5B,eAAe,QACd,0BAA0B,kBA2BjC,CAAC;8BA5BK,eAAe,QACd,0BAA0B;AA6BlC,wBAEG;AAEH,cAAc,yBAAyB,CAAC;AACxC,cAAc,iBAAiB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -17,8 +17,14 @@ const extractBearerToken = (authHeader) => {
|
|
|
17
17
|
* @returns JWTPayload
|
|
18
18
|
*/
|
|
19
19
|
const decodeLogtoToken = async (token, config) => {
|
|
20
|
+
const getVerifiedPayload = async (resolverFn) => {
|
|
21
|
+
const { payload } = await jwtVerify(token, resolverFn, {
|
|
22
|
+
issuer: config.oidcEndpoint,
|
|
23
|
+
});
|
|
24
|
+
return payload;
|
|
25
|
+
};
|
|
26
|
+
// Check if local JSONWebKeySet retrieval function is provided
|
|
20
27
|
let jwksSet;
|
|
21
|
-
// check if local JSONWebKeySet retrieval function is provided
|
|
22
28
|
if (config.getLocalJwksFn) {
|
|
23
29
|
try {
|
|
24
30
|
jwksSet = config.getLocalJwksFn();
|
|
@@ -28,29 +34,26 @@ const decodeLogtoToken = async (token, config) => {
|
|
|
28
34
|
// decodeLogtoToken behaviours
|
|
29
35
|
}
|
|
30
36
|
}
|
|
31
|
-
|
|
32
|
-
if (
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
+
// If we have a local JWKS set, use it
|
|
38
|
+
if (jwksSet) {
|
|
39
|
+
return getVerifiedPayload(createLocalJWKSet(jwksSet));
|
|
40
|
+
}
|
|
41
|
+
// Try to fetch and store remote JWKS if callback is provided
|
|
42
|
+
if (config.storeLocalJwkSetFn) {
|
|
43
|
+
try {
|
|
44
|
+
const response = await fetch(config.jwkEndpoint);
|
|
45
|
+
if (response.ok) {
|
|
46
|
+
const remoteJwks = (await response.json());
|
|
37
47
|
await config.storeLocalJwkSetFn(remoteJwks);
|
|
38
|
-
|
|
39
|
-
catch {
|
|
40
|
-
// just ignoring the error to avoid changes in
|
|
41
|
-
// method behaviours
|
|
48
|
+
return getVerifiedPayload(createLocalJWKSet(remoteJwks));
|
|
42
49
|
}
|
|
43
50
|
}
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
const localJwkSet = createLocalJWKSet(jwksSet);
|
|
48
|
-
resolverFn = localJwkSet;
|
|
51
|
+
catch {
|
|
52
|
+
// Fall through to remote resolver
|
|
53
|
+
}
|
|
49
54
|
}
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
});
|
|
53
|
-
return payload;
|
|
55
|
+
// Fall back to remote resolver
|
|
56
|
+
return getVerifiedPayload(createRemoteJWKSet(new URL(config.jwkEndpoint)));
|
|
54
57
|
};
|
|
55
58
|
export const ensureUserCanAccessUser = (loggedUserData, requestedUserId) => {
|
|
56
59
|
if (loggedUserData && requestedUserId === loggedUserData.userId) {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,EAKL,iBAAiB,EACjB,kBAAkB,EAClB,SAAS,GACV,MAAM,MAAM,CAAC;AACd,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,EAKL,iBAAiB,EACjB,kBAAkB,EAClB,SAAS,GACV,MAAM,MAAM,CAAC;AACd,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAgCjE,MAAM,kBAAkB,GAAG,CAAC,UAAkB,EAAE,EAAE;IAChD,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC5C,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,UAAU,CAAC,YAAY,CAC3B,sDAAsD,CACvD,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,gBAAgB,GAAG,KAAK,EAC5B,KAAa,EACb,MAAkC,EACb,EAAE;IACvB,MAAM,kBAAkB,GAAG,KAAK,EAC9B,UAA0B,EACL,EAAE;QACvB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE;YACrD,MAAM,EAAE,MAAM,CAAC,YAAY;SAC5B,CAAC,CAAC;QACH,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC;IACF,8DAA8D;IAC9D,IAAI,OAAkC,CAAC;IACvC,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;YAC9C,8BAA8B;QAChC,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,kBAAkB,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,6DAA6D;IAC7D,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACjD,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,UAAU,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;gBAC5D,MAAM,MAAM,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;gBAC5C,OAAO,kBAAkB,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,OAAO,kBAAkB,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;AAC7E,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACrC,cAA6C,EAC7C,eAAuB,EACJ,EAAE;IACrB,IAAI,cAAc,IAAI,eAAe,KAAK,cAAc,CAAC,MAAM,EAAE,CAAC;QAChE,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,IAAI,cAAc,EAAE,cAAc,EAAE,CAAC;QACnC,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,MAAM,UAAU,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC;AAClE,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,EACnC,UAAkB,EAClB,MAAkC,EAClC,mBAA6B,EAC7B,WAAW,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EACF,EAAE;IAC9B,MAAM,KAAK,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,EACJ,KAAK,EACL,GAAG,EACH,GAAG,EACH,SAAS,EAAE,QAAQ,EACnB,YAAY,GACb,GAAG,OAMH,CAAC;IACF,MAAM,SAAS,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAEzC,MAAM,WAAW,GACf,WAAW,CAAC,MAAM,KAAK,KAAK;QAC1B,CAAC,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QACpE,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IAExE,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,UAAU,CAAC,SAAS,EAAE,CAAC;IAC/B,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC;QAC5D,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO;QACL,MAAM,EAAE,GAAG;QACX,cAAc,EAAE,cAAc;QAC9B,WAAW,EAAE,KAAK;QAClB,gBAAgB,EAAE,GAAG,KAAK,QAAQ;QAClC,YAAY;KACb,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,sBAAsB,GAAG,KAAK,EACzC,GAAoB,EACpB,IAAgC,EAChC,EAAE;IACF,GAAG,CAAC,QAAQ,CACV,kBAAkB,EAClB,KAAK,EACH,GAAmB,EACnB,IAAkB,EAClB,WAAqB,EACrB,WAAyB,EACzB,EAAE;QACF,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,UAAU,CAAC,YAAY,EAAE,CAAC;QAClC,CAAC;QACD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,UAAU,EACV,IAAI,EACJ,WAAW,EACX,WAAW,CACZ,CAAC;YACF,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC1B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,UAAU,CAAC,WAAW,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC,CAAC;AAEF,eAAe,EAAE,CAAC,sBAAsB,EAAE;IACxC,IAAI,EAAE,eAAe;CACtB,CAAC,CAAC;AAEH,cAAc,yBAAyB,CAAC;AACxC,cAAc,iBAAiB,CAAC"}
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -25,6 +25,11 @@ type MatchConfig = { method: "AND" | "OR" };
|
|
|
25
25
|
|
|
26
26
|
type StoreLocalJwkSet = (keySet: JSONWebKeySet) => Promise<void>;
|
|
27
27
|
|
|
28
|
+
type ResolverJwksFn = (
|
|
29
|
+
protectedHeader?: JWSHeaderParameters,
|
|
30
|
+
token?: FlattenedJWSInput,
|
|
31
|
+
) => Promise<CryptoKey>;
|
|
32
|
+
|
|
28
33
|
export type CheckPermissionsPluginOpts = {
|
|
29
34
|
jwkEndpoint: string;
|
|
30
35
|
oidcEndpoint: string;
|
|
@@ -58,9 +63,16 @@ const decodeLogtoToken = async (
|
|
|
58
63
|
token: string,
|
|
59
64
|
config: CheckPermissionsPluginOpts,
|
|
60
65
|
): Promise<JWTPayload> => {
|
|
66
|
+
const getVerifiedPayload = async (
|
|
67
|
+
resolverFn: ResolverJwksFn,
|
|
68
|
+
): Promise<JWTPayload> => {
|
|
69
|
+
const { payload } = await jwtVerify(token, resolverFn, {
|
|
70
|
+
issuer: config.oidcEndpoint,
|
|
71
|
+
});
|
|
72
|
+
return payload;
|
|
73
|
+
};
|
|
74
|
+
// Check if local JSONWebKeySet retrieval function is provided
|
|
61
75
|
let jwksSet: JSONWebKeySet | undefined;
|
|
62
|
-
|
|
63
|
-
// check if local JSONWebKeySet retrieval function is provided
|
|
64
76
|
if (config.getLocalJwksFn) {
|
|
65
77
|
try {
|
|
66
78
|
jwksSet = config.getLocalJwksFn();
|
|
@@ -70,35 +82,27 @@ const decodeLogtoToken = async (
|
|
|
70
82
|
}
|
|
71
83
|
}
|
|
72
84
|
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
try {
|
|
85
|
+
// If we have a local JWKS set, use it
|
|
86
|
+
if (jwksSet) {
|
|
87
|
+
return getVerifiedPayload(createLocalJWKSet(jwksSet));
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
// Try to fetch and store remote JWKS if callback is provided
|
|
91
|
+
if (config.storeLocalJwkSetFn) {
|
|
92
|
+
try {
|
|
93
|
+
const response = await fetch(config.jwkEndpoint);
|
|
94
|
+
if (response.ok) {
|
|
95
|
+
const remoteJwks = (await response.json()) as JSONWebKeySet;
|
|
85
96
|
await config.storeLocalJwkSetFn(remoteJwks);
|
|
86
|
-
|
|
87
|
-
// just ignoring the error to avoid changes in
|
|
88
|
-
// method behaviours
|
|
97
|
+
return getVerifiedPayload(createLocalJWKSet(remoteJwks));
|
|
89
98
|
}
|
|
99
|
+
} catch {
|
|
100
|
+
// Fall through to remote resolver
|
|
90
101
|
}
|
|
91
|
-
resolverFn = remoteSet;
|
|
92
|
-
} else {
|
|
93
|
-
const localJwkSet = createLocalJWKSet(jwksSet);
|
|
94
|
-
resolverFn = localJwkSet;
|
|
95
102
|
}
|
|
96
103
|
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
});
|
|
100
|
-
|
|
101
|
-
return payload;
|
|
104
|
+
// Fall back to remote resolver
|
|
105
|
+
return getVerifiedPayload(createRemoteJWKSet(new URL(config.jwkEndpoint)));
|
|
102
106
|
};
|
|
103
107
|
|
|
104
108
|
export const ensureUserCanAccessUser = (
|