@oneaccount/express 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/middleware/auth.js +42 -2
- package/dist/types/index.d.ts +9 -0
- package/package.json +1 -1
package/dist/middleware/auth.js
CHANGED
|
@@ -69,16 +69,56 @@ function rsaPublicKeyFromJWK(jwk) {
|
|
|
69
69
|
const pem = `-----BEGIN PUBLIC KEY-----\n${der.toString("base64").match(/.{1,64}/g)?.join("\n")}\n-----END PUBLIC KEY-----`;
|
|
70
70
|
return pem;
|
|
71
71
|
}
|
|
72
|
+
function extractTokenFromCookies(cookieHeader, cookieName) {
|
|
73
|
+
if (!cookieHeader)
|
|
74
|
+
return null;
|
|
75
|
+
const cookies = cookieHeader.split(';').map(c => c.trim());
|
|
76
|
+
for (const cookie of cookies) {
|
|
77
|
+
const [name, ...valueParts] = cookie.split('=');
|
|
78
|
+
if (name === cookieName) {
|
|
79
|
+
return valueParts.join('=');
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
return null;
|
|
83
|
+
}
|
|
72
84
|
function createAuthMiddleware(config) {
|
|
73
85
|
const jwksUrl = config.jwksUrl ||
|
|
74
86
|
`${config.accountProUrl || "https://myaccount.one"}/.well-known/jwks.json`;
|
|
87
|
+
const cookieName = config.cookieName || "auth_token";
|
|
88
|
+
const autoSetCookie = config.autoSetCookie !== false; // Default to true
|
|
75
89
|
return async function authMiddleware(req, res, next) {
|
|
76
90
|
req.oneAccount = { user: null };
|
|
91
|
+
// Auto-set cookie from ?token= query parameter (SSO redirect handling)
|
|
92
|
+
if (autoSetCookie && req.query?.token && typeof req.query.token === 'string') {
|
|
93
|
+
const tokenFromUrl = req.query.token;
|
|
94
|
+
// Set the cookie
|
|
95
|
+
res.cookie(cookieName, tokenFromUrl, {
|
|
96
|
+
httpOnly: true,
|
|
97
|
+
secure: process.env.NODE_ENV === 'production',
|
|
98
|
+
maxAge: 30 * 24 * 60 * 60 * 1000, // 30 days
|
|
99
|
+
sameSite: 'lax',
|
|
100
|
+
path: '/',
|
|
101
|
+
});
|
|
102
|
+
// Build redirect URL without the token parameter
|
|
103
|
+
const url = new URL(req.originalUrl || req.url, `${req.protocol}://${req.get('host')}`);
|
|
104
|
+
url.searchParams.delete('token');
|
|
105
|
+
const redirectPath = url.pathname + url.search;
|
|
106
|
+
if (config.debug) {
|
|
107
|
+
console.log(`[OneAccount] Auto-set cookie from URL token, redirecting to ${redirectPath}`);
|
|
108
|
+
}
|
|
109
|
+
return res.redirect(redirectPath);
|
|
110
|
+
}
|
|
111
|
+
let token = null;
|
|
77
112
|
const authHeader = req.headers.authorization;
|
|
78
|
-
if (
|
|
113
|
+
if (authHeader?.startsWith("Bearer ")) {
|
|
114
|
+
token = authHeader.substring(7);
|
|
115
|
+
}
|
|
116
|
+
else {
|
|
117
|
+
token = extractTokenFromCookies(req.headers.cookie, cookieName);
|
|
118
|
+
}
|
|
119
|
+
if (!token) {
|
|
79
120
|
return next();
|
|
80
121
|
}
|
|
81
|
-
const token = authHeader.substring(7);
|
|
82
122
|
try {
|
|
83
123
|
const decoded = jsonwebtoken_1.default.decode(token, { complete: true });
|
|
84
124
|
if (!decoded) {
|
package/dist/types/index.d.ts
CHANGED
|
@@ -24,6 +24,15 @@ export interface OneAccountConfig {
|
|
|
24
24
|
jwksUrl?: string;
|
|
25
25
|
cacheMaxAge?: number;
|
|
26
26
|
debug?: boolean;
|
|
27
|
+
cookieName?: string;
|
|
28
|
+
/**
|
|
29
|
+
* Automatically set auth cookie from ?token= URL parameter (SSO redirect handling).
|
|
30
|
+
* When enabled (default: true), the middleware will:
|
|
31
|
+
* 1. Detect ?token= in the URL
|
|
32
|
+
* 2. Set it as an HttpOnly cookie
|
|
33
|
+
* 3. Redirect to the same URL without the token parameter
|
|
34
|
+
*/
|
|
35
|
+
autoSetCookie?: boolean;
|
|
27
36
|
}
|
|
28
37
|
export interface StripeConnectStatus {
|
|
29
38
|
hasAccount: boolean;
|