@oslokommune/auth-bff 1.4.0 → 1.5.0

package/dist/middleware/oidc.d.mts

@@ -6,7 +6,7 @@ export class OidcMiddleware {
      * @param clientManager
      */
     private constructor();
-    get ensureFreshToken(): (req: any, _: any, next: any) => void;
+    get ensureFreshToken(): (req: any, res: any, next: any) => void;
     get login(): (req: any, res: any) => void;
     get callback(): (req: any, res: any) => Promise<void>;
     get user(): (req: any, res: any) => Promise<any>;

package/dist/middleware/oidc.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"oidc.d.mts","sourceRoot":"","sources":["../../src/middleware/oidc.mjs"],"names":[],"mappings":"AAGA;IAcE,oDAIC;IAdD;;;;OAIG;IACH,sBAGC;IA4BD,yBACU,QAAG,EAAE,MAAC,EAAE,SAAI,UAMrB;IAED,cACU,QAAG,EAAE,QAAG,UAuBjB;IAED,iBACgB,QAAG,EAAE,QAAG,mBAmCvB;IAED,aACgB,QAAG,EAAE,QAAG,kBAevB;IAED,eACU,QAAG,EAAE,QAAG,UAYjB;;CACF"}
+{"version":3,"file":"oidc.d.mts","sourceRoot":"","sources":["../../src/middleware/oidc.mjs"],"names":[],"mappings":"AAGA;IAeE,oDAIC;IAdD;;;;OAIG;IACH,sBAGC;IAiDD,yBACU,QAAG,EAAE,QAAG,EAAE,SAAI,UAUvB;IAED,cACU,QAAG,EAAE,QAAG,UAuBjB;IAED,iBACgB,QAAG,EAAE,QAAG,mBAmCvB;IAED,aACgB,QAAG,EAAE,QAAG,kBAevB;IAED,eACU,QAAG,EAAE,QAAG,UAYjB;;CACF"}

package/dist/middleware/oidc.mjs

@@ -18,7 +18,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _OidcMiddleware_instances, _OidcMiddleware_clientManager, _OidcMiddleware_config, _OidcMiddleware_getFreshTokenSet;
+var _OidcMiddleware_instances, _OidcMiddleware_clientManager, _OidcMiddleware_config, _OidcMiddleware_refreshPromises, _OidcMiddleware_refreshTokenSet, _OidcMiddleware_getFreshTokenSet;
 import { generators, TokenSet } from "openid-client";
 import { OidcClientManager } from "../client.mjs";
 export class OidcMiddleware {
@@ -31,6 +31,13 @@ export class OidcMiddleware {
         _OidcMiddleware_instances.add(this);
         _OidcMiddleware_clientManager.set(this, void 0);
         _OidcMiddleware_config.set(this, void 0);
+        _OidcMiddleware_refreshPromises.set(this, {}
+        /**
+         * @private
+         * @param config
+         * @param clientManager
+         */
+        );
         __classPrivateFieldSet(this, _OidcMiddleware_clientManager, clientManager, "f");
         __classPrivateFieldSet(this, _OidcMiddleware_config, config, "f");
     }
@@ -42,10 +49,15 @@ export class OidcMiddleware {
         });
     }
     get ensureFreshToken() {
-        return (req, _, next) => {
+        return (req, res, next) => {
             __classPrivateFieldGet(this, _OidcMiddleware_instances, "m", _OidcMiddleware_getFreshTokenSet).call(this, req).then(tokenSet => {
-                req.tokenSet = tokenSet;
-                next();
+                if (tokenSet) {
+                    req.tokenSet = tokenSet;
+                    next();
+                }
+                else {
+                    res.sendStatus(401);
+                }
             });
         };
     }
@@ -130,7 +142,35 @@ export class OidcMiddleware {
         };
     }
 }
-_OidcMiddleware_clientManager = new WeakMap(), _OidcMiddleware_config = new WeakMap(), _OidcMiddleware_instances = new WeakSet(), _OidcMiddleware_getFreshTokenSet = function _OidcMiddleware_getFreshTokenSet(req) {
+_OidcMiddleware_clientManager = new WeakMap(), _OidcMiddleware_config = new WeakMap(), _OidcMiddleware_refreshPromises = new WeakMap(), _OidcMiddleware_instances = new WeakSet(), _OidcMiddleware_refreshTokenSet = function _OidcMiddleware_refreshTokenSet(req, tokenSet) {
+    return __awaiter(this, void 0, void 0, function* () {
+        var _a;
+        var _b;
+        const sessionId = req.session.id;
+        const refreshToken = tokenSet.refresh_token;
+        const doRefresh = () => __awaiter(this, void 0, void 0, function* () {
+            console.log(`Token refresh starting. sid=${sessionId}`);
+            try {
+                const refreshedTokenSet = yield __classPrivateFieldGet(this, _OidcMiddleware_clientManager, "f").client.refresh(refreshToken);
+                console.log(`Token refresh OK. sid=${sessionId}`);
+                return refreshedTokenSet;
+            }
+            catch (err) {
+                console.log(`Token refresh failed. sid=${sessionId}`, err);
+                return null;
+            }
+        });
+        const refreshPromise = (_a = (_b = __classPrivateFieldGet(this, _OidcMiddleware_refreshPromises, "f"))[refreshToken]) !== null && _a !== void 0 ? _a : (_b[refreshToken] = doRefresh().finally(() => {
+            console.log(`Token refresh finished. Cleaning up. sid=${sessionId}`);
+            setTimeout(() => {
+                delete __classPrivateFieldGet(this, _OidcMiddleware_refreshPromises, "f")[refreshToken];
+            }, 10000);
+        }));
+        const refreshedTokenSet = yield refreshPromise;
+        req.session.tokenSet = refreshedTokenSet;
+        return refreshedTokenSet;
+    });
+}, _OidcMiddleware_getFreshTokenSet = function _OidcMiddleware_getFreshTokenSet(req) {
     return __awaiter(this, void 0, void 0, function* () {
         const tokenSet = req.session.tokenSet && new TokenSet(req.session.tokenSet);
         if (!tokenSet) {
@@ -138,15 +178,8 @@ _OidcMiddleware_clientManager = new WeakMap(), _OidcMiddleware_config = new Weak
             return;
         }
         if (tokenSet.expired()) {
-            try {
-                const refreshedTokenSet = yield __classPrivateFieldGet(this, _OidcMiddleware_clientManager, "f").client.refresh(tokenSet.refresh_token);
-                Object.assign(req.session.tokenSet, refreshedTokenSet);
-                return new TokenSet(req.session.tokenSet);
-            }
-            catch (err) {
-                console.log("Token refresh failed", err);
-                req.session.tokenSet = null;
-            }
+            const newTokenSet = yield __classPrivateFieldGet(this, _OidcMiddleware_instances, "m", _OidcMiddleware_refreshTokenSet).call(this, req, tokenSet);
+            return newTokenSet && new TokenSet(newTokenSet);
         }
         else {
             return tokenSet;

package/dist/middleware/proxy-routes.mjs

@@ -12,7 +12,7 @@ export function proxyRoutes(config, oidcMiddleware) {
                     const tokenSet = req.tokenSet;
                     if (!tokenSet) {
                         console.error("proxy: missing tokenSet");
-                        return res.status(401);
+                        return;
                     }
                     proxyReq.setHeader("Authorization", `Bearer ${tokenSet.access_token}`);
                     proxyReq.removeHeader("Cookie");

package/dist/react/AuthContext.d.ts

@@ -1,10 +1,11 @@
+export type User = {
+    [k: string]: string | number;
+};
 export type AuthContextProps = {
-    state: 'pending' | 'authenticated' | 'unauthenticated';
-    user?: {
-        pid: string;
-    };
+    state: 'pending' | 'authenticated' | 'unauthenticated' | 'expired';
+    user?: User;
     login: () => void;
     logout: () => void;
 };
-export declare const AuthContext: any;
+export declare const AuthContext: import("react").Context<AuthContextProps>;
 //# sourceMappingURL=AuthContext.d.ts.map

package/dist/react/AuthContext.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../src/react/AuthContext.tsx"],"names":[],"mappings":"AAEA,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,SAAS,GAAG,eAAe,GAAG,iBAAiB,CAAC;IACvD,IAAI,CAAC,EAAE;QAAC,GAAG,EAAE,MAAM,CAAA;KAAC,CAAA;IACpB,KAAK,EAAE,MAAM,IAAI,CAAA;IACjB,MAAM,EAAE,MAAM,IAAI,CAAA;CACnB,CAAA;AAED,eAAO,MAAM,WAAW,KAAyD,CAAA"}
+{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../src/react/AuthContext.tsx"],"names":[],"mappings":"AAGA,MAAM,MAAM,IAAI,GAAG;IACjB,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAA;CAC7B,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,SAAS,GAAG,eAAe,GAAG,iBAAiB,GAAG,SAAS,CAAC;IACnE,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,EAAE,MAAM,IAAI,CAAA;IACjB,MAAM,EAAE,MAAM,IAAI,CAAA;CACnB,CAAA;AAED,eAAO,MAAM,WAAW,2CAAyD,CAAA"}

package/dist/react/AuthContextProvider.d.ts

@@ -4,7 +4,8 @@ type AuthContextProviderProps = {
     authRequired?: boolean;
     loaderComponent: ReactNode;
     baseUrl?: string;
+    pollInterval?: number;
 };
-export declare function AuthContextProvider({ children, authRequired, loaderComponent, baseUrl }: AuthContextProviderProps): any;
+export declare function AuthContextProvider({ children, authRequired, loaderComponent, baseUrl, pollInterval }: AuthContextProviderProps): import("react").JSX.Element;
 export {};
 //# sourceMappingURL=AuthContextProvider.d.ts.map

package/dist/react/AuthContextProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthContextProvider.d.ts","sourceRoot":"","sources":["../../src/react/AuthContextProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAQ,SAAS,EAA8B,MAAM,OAAO,CAAC;AAIpE,KAAK,wBAAwB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,SAAS,CAAA;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,wBAAgB,mBAAmB,CAAC,EAAC,QAAQ,EAAE,YAAoB,EAAE,eAAsB,EAAE,OAAY,EAAC,EAAE,wBAAwB,OAuCnI"}
+{"version":3,"file":"AuthContextProvider.d.ts","sourceRoot":"","sources":["../../src/react/AuthContextProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAA8B,MAAM,OAAO,CAAC;AAK7D,KAAK,wBAAwB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAA;IACnB,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,eAAe,EAAE,SAAS,CAAA;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED,wBAAgB,mBAAmB,CAAC,EACE,QAAQ,EACR,YAAoB,EACpB,eAAsB,EACtB,OAAY,EACZ,YAAY,EACb,EAAE,wBAAwB,+BA+F9D"}

package/dist/react/AuthContextProvider.jsx

@@ -1,7 +1,17 @@
-import { React, useEffect, useRef, useState } from "react";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { useEffect, useRef, useState } from "react";
 import { AuthContext } from "./AuthContext";
 import { setCurrentUser } from "./global-user";
-export function AuthContextProvider({ children, authRequired = false, loaderComponent = null, baseUrl = '' }) {
+import * as poller from './poller';
+export function AuthContextProvider({ children, authRequired = false, loaderComponent = null, baseUrl = '', pollInterval }) {
     const [user, setUser] = useState(undefined);
     const [state, setState] = useState('pending');
     const userPromise = useRef(undefined);
@@ -12,27 +22,86 @@ export function AuthContextProvider({ children, authRequired = false, loaderComp
         const currentRelativeLocation = window.location.pathname + window.location.search + window.location.hash;
         window.location.assign(`${baseUrl}/auth/login?redirectUrl=${encodeURIComponent(currentRelativeLocation)}`);
     }
+    function getUser() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const res = yield fetch(`${baseUrl}/auth/user`);
+            if (res.ok) {
+                try {
+                    return yield res.json();
+                }
+                catch (e) {
+                    console.error('failed to parse user', e);
+                    return null;
+                }
+            }
+            else {
+                return null;
+            }
+        });
+    }
+    function startPoller() {
+        const setExpiredIfNoUser = (user) => {
+            if (!user)
+                setState('expired');
+        };
+        poller.start(getUser, setExpiredIfNoUser, pollInterval);
+    }
+    function stopPoller() {
+        poller.stop();
+    }
+    function onVisibilityChange() {
+        if (document.visibilityState === 'visible') {
+            startPoller();
+        }
+        else {
+            stopPoller();
+        }
+    }
+    useEffect(() => {
+        if (pollInterval && pollInterval > 0 && state === 'authenticated') {
+            startPoller();
+            document.addEventListener('visibilitychange', onVisibilityChange);
+            return () => {
+                stopPoller();
+                document.removeEventListener('visibilitychange', onVisibilityChange);
+            };
+        }
+    }, [pollInterval, state]);
     useEffect(() => {
         var _a;
-        ((_a = userPromise.current) !== null && _a !== void 0 ? _a : (userPromise.current = fetch(`${baseUrl}/auth/user`).then(res => res.ok && res.json())))
-            .then(json => {
-            if (json) {
-                setUser(json);
-                setCurrentUser(json);
+        (_a = userPromise.current) !== null && _a !== void 0 ? _a : (userPromise.current = getUser().then(user => {
+            if (user) {
+                setUser(user);
+                setCurrentUser(user);
                 setState('authenticated');
             }
             else {
                 setState('unauthenticated');
             }
-        });
+        }));
     }, []);
     useEffect(() => {
         if (authRequired && state === 'unauthenticated') {
             login();
         }
     }, [authRequired, state]);
+    function getChildComponent() {
+        if (state === 'pending') {
+            return loaderComponent;
+        }
+        else if (state === 'authenticated' || state === 'expired') {
+            return children;
+        }
+        else if (state === 'unauthenticated' && !authRequired) {
+            return children;
+        }
+        else {
+            //here you should already have been redirected to login
+            console.warn('not authenticated');
+            return undefined;
+        }
+    }
     return (<AuthContext.Provider value={{ user, state, login, logout }}>
-      {(authRequired && state !== 'authenticated' || !authRequired && state === 'pending') && loaderComponent}
-      {(authRequired && state === 'authenticated' || !authRequired && state !== 'pending') && children}
+      {getChildComponent()}
     </AuthContext.Provider>);
 }

package/dist/react/UseAuthContext.d.ts

@@ -1,2 +1,2 @@
-export declare function useAuthContext(required?: boolean): any;
+export declare function useAuthContext(required?: boolean): import("./AuthContext").AuthContextProps;
 //# sourceMappingURL=UseAuthContext.d.ts.map

package/dist/react/UseAuthContext.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"UseAuthContext.d.ts","sourceRoot":"","sources":["../../src/react/UseAuthContext.tsx"],"names":[],"mappings":"AAGA,wBAAgB,cAAc,CAAC,QAAQ,GAAE,OAAe,OAOvD"}
+{"version":3,"file":"UseAuthContext.d.ts","sourceRoot":"","sources":["../../src/react/UseAuthContext.tsx"],"names":[],"mappings":"AAGA,wBAAgB,cAAc,CAAC,QAAQ,GAAE,OAAe,4CAOvD"}

package/dist/react/checker.d.ts

@@ -0,0 +1,3 @@
+export declare function start(newChecker: () => Promise<boolean>, newCallback: (res: boolean) => void, newMinInterval: number): void;
+export declare function pause(): void;
+//# sourceMappingURL=checker.d.ts.map

package/dist/react/checker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"checker.d.ts","sourceRoot":"","sources":["../../src/react/checker.ts"],"names":[],"mappings":"AAsBA,wBAAgB,KAAK,CAAC,UAAU,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,IAAI,EAAE,cAAc,EAAE,MAAM,QAMpH;AAED,wBAAgB,KAAK,SAGpB"}

package/dist/react/checker.js

@@ -0,0 +1,43 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+let timer;
+let lastChecked = Date.now();
+let callback;
+let checker;
+let minInterval;
+function check() {
+    return __awaiter(this, void 0, void 0, function* () {
+        const now = Date.now();
+        const diff = now - lastChecked;
+        clearInterval(timer);
+        if (diff > minInterval) {
+            const res = yield checker();
+            callback(res);
+            lastChecked = now;
+            console.log('checked', diff);
+            timer = setInterval(check, minInterval);
+        }
+        else {
+            console.log('waiting', minInterval - diff);
+            timer = setInterval(check, minInterval - diff);
+        }
+    });
+}
+export function start(newChecker, newCallback, newMinInterval) {
+    console.log('start checker');
+    checker = newChecker;
+    callback = newCallback;
+    minInterval = newMinInterval;
+    check();
+}
+export function pause() {
+    console.log('pause checker');
+    clearInterval(timer);
+}

package/dist/react/poller.d.ts

@@ -0,0 +1,3 @@
+export declare function start<T>(newChecker: () => Promise<T>, newCallback: (res: T) => void, newMinInterval: number): void;
+export declare function stop(): void;
+//# sourceMappingURL=poller.d.ts.map

package/dist/react/poller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"poller.d.ts","sourceRoot":"","sources":["../../src/react/poller.ts"],"names":[],"mappings":"AAoBA,wBAAgB,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,EAAE,cAAc,EAAE,MAAM,QAK3G;AAED,wBAAgB,IAAI,SAEnB"}

package/dist/react/poller.js

@@ -0,0 +1,39 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+let timer;
+let lastChecked = Date.now();
+let callback;
+let poller;
+let minInterval;
+function doPoll() {
+    return __awaiter(this, void 0, void 0, function* () {
+        const now = Date.now();
+        const diff = now - lastChecked;
+        clearInterval(timer);
+        if (diff > minInterval) {
+            const res = yield poller();
+            callback(res);
+            lastChecked = now;
+            timer = setInterval(doPoll, minInterval);
+        }
+        else {
+            timer = setInterval(doPoll, minInterval - diff);
+        }
+    });
+}
+export function start(newChecker, newCallback, newMinInterval) {
+    poller = newChecker;
+    callback = newCallback;
+    minInterval = newMinInterval;
+    doPoll();
+}
+export function stop() {
+    clearInterval(timer);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oslokommune/auth-bff",
-  "version": "1.4.0",
+  "version": "1.5.0",
   "repository": "https://github.com/oslokommune/auth-bff.git",
   "publishConfig": {
     "access": "public"
@@ -25,6 +25,7 @@
   "license": "",
   "description": "",
   "devDependencies": {
+    "@types/react": "17.0.87",
     "@types/express": "^4.17.22",
     "react": "17.0.2",
     "typescript": "^5.8.3"