@schemavaults/auth-server-sdk 0.17.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/DatabaseResourceGroup/IDatabaseResourceGroup.d.ts +4 -0
- package/dist/DatabaseResourceGroup/IDatabaseResourceGroup.js +2 -0
- package/dist/DatabaseResourceGroup/IDatabaseResourceGroup.js.map +1 -0
- package/dist/DatabaseResourceGroup/index.d.ts +1 -0
- package/dist/DatabaseResourceGroup/index.js +2 -0
- package/dist/DatabaseResourceGroup/index.js.map +1 -0
- package/dist/JwtKeyManager/DatabaseConnectedJwtKeyManager.d.ts +12 -0
- package/dist/JwtKeyManager/DatabaseConnectedJwtKeyManager.js +17 -0
- package/dist/JwtKeyManager/DatabaseConnectedJwtKeyManager.js.map +1 -0
- package/dist/JwtKeyManager/IJwtKeyManager.d.ts +4 -0
- package/dist/JwtKeyManager/IJwtKeyManager.js +2 -0
- package/dist/JwtKeyManager/IJwtKeyManager.js.map +1 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.d.ts +16 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.js +14 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.js.map +1 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/IJsonWebKeySetsStore.d.ts +12 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/IJsonWebKeySetsStore.js +2 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/IJsonWebKeySetsStore.js.map +1 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/MockJwtKeySetsStore.d.ts +15 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/MockJwtKeySetsStore.js +88 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/MockJwtKeySetsStore.js.map +1 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/index.d.ts +2 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/index.js +2 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/index.js.map +1 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.d.ts +11 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js +21 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js.map +1 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/index.d.ts +2 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/index.js +3 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/index.js.map +1 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.d.ts +7 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js +22 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js.map +1 -0
- package/dist/JwtKeyManager/index.d.ts +6 -0
- package/dist/JwtKeyManager/index.js +5 -0
- package/dist/JwtKeyManager/index.js.map +1 -0
- package/dist/JwtKeyManager/loadJwtDecodingKeys.d.ts +19 -0
- package/dist/JwtKeyManager/loadJwtDecodingKeys.js +52 -0
- package/dist/JwtKeyManager/loadJwtDecodingKeys.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -0
- package/dist/middleware/index.d.ts +5 -0
- package/dist/middleware/index.js +3 -0
- package/dist/middleware/index.js.map +1 -0
- package/dist/middleware/middleware_chain/index.d.ts +2 -0
- package/dist/middleware/middleware_chain/index.js +2 -0
- package/dist/middleware/middleware_chain/index.js.map +1 -0
- package/dist/middleware/middleware_chain/middleware_chain.d.ts +13 -0
- package/dist/middleware/middleware_chain/middleware_chain.js +53 -0
- package/dist/middleware/middleware_chain/middleware_chain.js.map +1 -0
- package/dist/middleware/middleware_types.d.ts +21 -0
- package/dist/middleware/middleware_types.js +2 -0
- package/dist/middleware/middleware_types.js.map +1 -0
- package/dist/middleware/middlewares/BaseMiddleware.d.ts +24 -0
- package/dist/middleware/middlewares/BaseMiddleware.js +53 -0
- package/dist/middleware/middlewares/BaseMiddleware.js.map +1 -0
- package/dist/middleware/middlewares/default_middleware.d.ts +10 -0
- package/dist/middleware/middlewares/default_middleware.js +25 -0
- package/dist/middleware/middlewares/default_middleware.js.map +1 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/index.d.ts +1 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/index.js +2 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/index.js.map +1 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.d.ts +32 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js +245 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/applyCorsHeaders.d.ts +12 -0
- package/dist/middleware/middlewares/withCorsSettings/applyCorsHeaders.js +46 -0
- package/dist/middleware/middlewares/withCorsSettings/applyCorsHeaders.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/assertNoOriginSet.d.ts +1 -0
- package/dist/middleware/middlewares/withCorsSettings/assertNoOriginSet.js +7 -0
- package/dist/middleware/middlewares/withCorsSettings/assertNoOriginSet.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/cors-policies.d.ts +8 -0
- package/dist/middleware/middlewares/withCorsSettings/cors-policies.js +21 -0
- package/dist/middleware/middlewares/withCorsSettings/cors-policies.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/ensureHttpsInProd.d.ts +3 -0
- package/dist/middleware/middlewares/withCorsSettings/ensureHttpsInProd.js +22 -0
- package/dist/middleware/middlewares/withCorsSettings/ensureHttpsInProd.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/index.d.ts +4 -0
- package/dist/middleware/middlewares/withCorsSettings/index.js +3 -0
- package/dist/middleware/middlewares/withCorsSettings/index.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.d.ts +11 -0
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js +105 -0
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/pretty-print-available-policies.d.ts +1 -0
- package/dist/middleware/middlewares/withCorsSettings/pretty-print-available-policies.js +32 -0
- package/dist/middleware/middlewares/withCorsSettings/pretty-print-available-policies.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/withCorsSettings.d.ts +25 -0
- package/dist/middleware/middlewares/withCorsSettings/withCorsSettings.js +231 -0
- package/dist/middleware/middlewares/withCorsSettings/withCorsSettings.js.map +1 -0
- package/dist/middleware/middlewares/withLogging.d.ts +6 -0
- package/dist/middleware/middlewares/withLogging.js +31 -0
- package/dist/middleware/middlewares/withLogging.js.map +1 -0
- package/dist/middleware/server-middleware.d.ts +23 -0
- package/dist/middleware/server-middleware.js +103 -0
- package/dist/middleware/server-middleware.js.map +1 -0
- package/dist/route_guards/admin.d.ts +5 -0
- package/dist/route_guards/admin.js +13 -0
- package/dist/route_guards/admin.js.map +1 -0
- package/dist/route_guards/authenticated.d.ts +5 -0
- package/dist/route_guards/authenticated.js +11 -0
- package/dist/route_guards/authenticated.js.map +1 -0
- package/dist/route_guards/base-route-guard.d.ts +15 -0
- package/dist/route_guards/base-route-guard.js +24 -0
- package/dist/route_guards/base-route-guard.js.map +1 -0
- package/dist/route_guards/index.d.ts +4 -0
- package/dist/route_guards/index.js +4 -0
- package/dist/route_guards/index.js.map +1 -0
- package/dist/route_guards/init_route_guard_check_options.d.ts +6 -0
- package/dist/route_guards/init_route_guard_check_options.js +2 -0
- package/dist/route_guards/init_route_guard_check_options.js.map +1 -0
- package/dist/route_guards/route-guard-factory.d.ts +25 -0
- package/dist/route_guards/route-guard-factory.js +155 -0
- package/dist/route_guards/route-guard-factory.js.map +1 -0
- package/package.json +45 -0
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import type { ISchemaVaultsMiddleware, ISchemaVaultsMiddlewareFnInputs } from "../middleware_types";
|
|
2
|
+
import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
3
|
+
import type { NextResponse } from "next/server";
|
|
4
|
+
export interface IBaseMiddlewareInitOptions {
|
|
5
|
+
next: ISchemaVaultsMiddleware | undefined;
|
|
6
|
+
name: string;
|
|
7
|
+
debug?: boolean;
|
|
8
|
+
environment?: SchemaVaultsAppEnvironment;
|
|
9
|
+
}
|
|
10
|
+
export declare abstract class BaseMiddleware implements ISchemaVaultsMiddleware {
|
|
11
|
+
protected readonly next: ISchemaVaultsMiddleware | undefined;
|
|
12
|
+
readonly name: string;
|
|
13
|
+
readonly type: "middleware";
|
|
14
|
+
private readonly _debug;
|
|
15
|
+
private readonly _environment;
|
|
16
|
+
protected get debug(): boolean;
|
|
17
|
+
protected get environment(): SchemaVaultsAppEnvironment;
|
|
18
|
+
protected static hasNextMiddleware(next: ISchemaVaultsMiddleware | undefined): next is ISchemaVaultsMiddleware;
|
|
19
|
+
get height(): number;
|
|
20
|
+
protected constructor(opts: IBaseMiddlewareInitOptions);
|
|
21
|
+
abstract handle(inputs: ISchemaVaultsMiddlewareFnInputs): Promise<NextResponse | Response>;
|
|
22
|
+
toMiddlewareFlowString(): string;
|
|
23
|
+
}
|
|
24
|
+
export default BaseMiddleware;
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
import { getAppEnvironment, } from "@schemavaults/app-definitions";
|
|
2
|
+
export class BaseMiddleware {
|
|
3
|
+
next;
|
|
4
|
+
name;
|
|
5
|
+
type = "middleware";
|
|
6
|
+
_debug;
|
|
7
|
+
_environment;
|
|
8
|
+
get debug() {
|
|
9
|
+
return this._debug;
|
|
10
|
+
}
|
|
11
|
+
get environment() {
|
|
12
|
+
return this._environment;
|
|
13
|
+
}
|
|
14
|
+
static hasNextMiddleware(next) {
|
|
15
|
+
if (!!next && next.type === "middleware")
|
|
16
|
+
return true;
|
|
17
|
+
return false;
|
|
18
|
+
}
|
|
19
|
+
get height() {
|
|
20
|
+
if (!this.next)
|
|
21
|
+
return 0;
|
|
22
|
+
return this.next.height + 1;
|
|
23
|
+
}
|
|
24
|
+
constructor(opts) {
|
|
25
|
+
this.name = opts.name;
|
|
26
|
+
if (opts.next) {
|
|
27
|
+
if (typeof opts.next.type !== "string" ||
|
|
28
|
+
opts.next.type !== "middleware") {
|
|
29
|
+
throw new Error("Expected 'next' to be a SchemaVaults middleware instance, but the 'type' property was not equal to 'middleware'!");
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
this.next = opts.next;
|
|
33
|
+
const environment = opts.environment ?? getAppEnvironment();
|
|
34
|
+
this._environment = environment;
|
|
35
|
+
this._debug =
|
|
36
|
+
typeof opts.debug === "boolean"
|
|
37
|
+
? opts.debug
|
|
38
|
+
: environment === "development" ||
|
|
39
|
+
environment === "test" ||
|
|
40
|
+
environment === "staging";
|
|
41
|
+
}
|
|
42
|
+
toMiddlewareFlowString() {
|
|
43
|
+
const next = this.next;
|
|
44
|
+
if (!next) {
|
|
45
|
+
return `"${this.name}"`;
|
|
46
|
+
}
|
|
47
|
+
else {
|
|
48
|
+
return `"${this.name}" -> ${next.toMiddlewareFlowString()}`;
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
export default BaseMiddleware;
|
|
53
|
+
//# sourceMappingURL=BaseMiddleware.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"BaseMiddleware.js","sourceRoot":"","sources":["../../../src/middleware/middlewares/BaseMiddleware.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,iBAAiB,GAElB,MAAM,+BAA+B,CAAC;AAUvC,MAAM,OAAgB,cAAc;IACf,IAAI,CAAsC;IAC7C,IAAI,CAAS;IACb,IAAI,GAAG,YAAqB,CAAC;IAC5B,MAAM,CAAU;IAChB,YAAY,CAA6B;IAE1D,IAAc,KAAK;QACjB,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,IAAc,WAAW;QACvB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAES,MAAM,CAAC,iBAAiB,CAChC,IAAyC;QAEzC,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;YAAE,OAAO,IAAI,CAAC;QACtD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAW,MAAM;QACf,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,OAAO,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,YAAsB,IAAgC;QACpD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACtB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,IACE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAClC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,EAC/B,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,kHAAkH,CACnH,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACtB,MAAM,WAAW,GACf,IAAI,CAAC,WAAW,IAAI,iBAAiB,EAAE,CAAC;QAC1C,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,MAAM;YACT,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS;gBAC7B,CAAC,CAAC,IAAI,CAAC,KAAK;gBACZ,CAAC,CAAC,WAAW,KAAK,aAAa;oBAC7B,WAAW,KAAK,MAAM;oBACtB,WAAW,KAAK,SAAS,CAAC;IAClC,CAAC;IAMM,sBAAsB;QAC3B,MAAM,IAAI,GAAwC,IAAI,CAAC,IAAI,CAAC;QAC5D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,IAAI,CAAC,IAAI,GAAY,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,IAAI,CAAC,IAAI,QAAQ,IAAI,CAAC,sBAAsB,EAAE,EAAW,CAAC;QACvE,CAAC;IACH,CAAC;CACF;AAED,eAAe,cAAc,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { ISchemaVaultsMiddleware, ISchemaVaultsMiddlewareFactory, ISchemaVaultsMiddlewareFnInputs } from "../middleware_types";
|
|
2
|
+
import { BaseMiddleware } from "./BaseMiddleware";
|
|
3
|
+
export declare class DefaultMiddleware extends BaseMiddleware implements ISchemaVaultsMiddleware {
|
|
4
|
+
constructor(next?: ISchemaVaultsMiddleware);
|
|
5
|
+
handle(inputs: ISchemaVaultsMiddlewareFnInputs): Promise<Response>;
|
|
6
|
+
}
|
|
7
|
+
export declare class DefaultMiddlewareFactory implements ISchemaVaultsMiddlewareFactory {
|
|
8
|
+
readonly type: "middleware-factory";
|
|
9
|
+
create(next: ISchemaVaultsMiddleware): ISchemaVaultsMiddleware;
|
|
10
|
+
}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { BaseMiddleware } from "./BaseMiddleware";
|
|
2
|
+
export class DefaultMiddleware extends BaseMiddleware {
|
|
3
|
+
constructor(next) {
|
|
4
|
+
super({
|
|
5
|
+
next,
|
|
6
|
+
name: "Passthrough",
|
|
7
|
+
});
|
|
8
|
+
}
|
|
9
|
+
async handle(inputs) {
|
|
10
|
+
if (this.environment === "development") {
|
|
11
|
+
console.log("[DefaultMiddleware] Forwarding to endpoint or next middleware...");
|
|
12
|
+
}
|
|
13
|
+
if (this.next) {
|
|
14
|
+
return this.next.handle(inputs);
|
|
15
|
+
}
|
|
16
|
+
return inputs.next();
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
export class DefaultMiddlewareFactory {
|
|
20
|
+
type = "middleware-factory";
|
|
21
|
+
create(next) {
|
|
22
|
+
return new DefaultMiddleware(next);
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
//# sourceMappingURL=default_middleware.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"default_middleware.js","sourceRoot":"","sources":["../../../src/middleware/middlewares/default_middleware.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE9D,MAAM,OAAO,iBACX,SAAQ,cAAc;IAGtB,YAAmB,IAA8B;QAC/C,KAAK,CAAC;YACJ,IAAI;YACJ,IAAI,EAAE,aAAa;SACpB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,MAAuC;QACzD,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;YACvC,OAAO,CAAC,GAAG,CACT,kEAAkE,CACnE,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;CACF;AAED,MAAM,OAAO,wBAAwB;IAGnB,IAAI,GAAG,oBAA6B,CAAC;IAE9C,MAAM,CAAC,IAA6B;QACzC,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export { AuthJwtValidationMiddlewareFactory, default as default } from './withAuthJwtValidation';
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withAuthJwtValidation/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kCAAkC,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,yBAAyB,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import type { NextResponse } from "next/server";
|
|
2
|
+
import { type AuthMiddlewareRules } from "@schemavaults/auth-common";
|
|
3
|
+
import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
4
|
+
import type { ISchemaVaultsMiddleware, ISchemaVaultsMiddlewareFactory, ISchemaVaultsMiddlewareFnInputs } from "../../middleware_types";
|
|
5
|
+
import BaseMiddleware from "../BaseMiddleware";
|
|
6
|
+
import type { IJwtKeyManager } from "../../../JwtKeyManager";
|
|
7
|
+
import { type IDecodeAuthTokenKeys } from "../../../JwtKeyManager/loadJwtDecodingKeys";
|
|
8
|
+
export interface AuthJwtValidationMiddlewareOptions {
|
|
9
|
+
audience: string;
|
|
10
|
+
middleware_rules?: AuthMiddlewareRules;
|
|
11
|
+
debug?: boolean;
|
|
12
|
+
environment: SchemaVaultsAppEnvironment;
|
|
13
|
+
keys_manager: IJwtKeyManager;
|
|
14
|
+
}
|
|
15
|
+
interface IAuthJwtValidationMiddlewareOpts extends AuthJwtValidationMiddlewareOptions {
|
|
16
|
+
next: ISchemaVaultsMiddleware;
|
|
17
|
+
}
|
|
18
|
+
declare class AuthJwtValidationMiddleware extends BaseMiddleware implements ISchemaVaultsMiddleware {
|
|
19
|
+
private readonly audience;
|
|
20
|
+
private readonly middleware_rules;
|
|
21
|
+
private readonly keys_manager;
|
|
22
|
+
constructor({ next, audience, ...opts }: IAuthJwtValidationMiddlewareOpts);
|
|
23
|
+
protected loadJwtDecodingKeys(keyset_id: string): Promise<IDecodeAuthTokenKeys>;
|
|
24
|
+
handle({ req, json, redirect, ...inputs }: ISchemaVaultsMiddlewareFnInputs): Promise<NextResponse | Response>;
|
|
25
|
+
}
|
|
26
|
+
export declare class AuthJwtValidationMiddlewareFactory implements ISchemaVaultsMiddlewareFactory {
|
|
27
|
+
readonly type: "middleware-factory";
|
|
28
|
+
private middlewareOpts;
|
|
29
|
+
constructor(opts: AuthJwtValidationMiddlewareOptions);
|
|
30
|
+
create(next: ISchemaVaultsMiddleware): AuthJwtValidationMiddleware;
|
|
31
|
+
}
|
|
32
|
+
export default AuthJwtValidationMiddlewareFactory;
|
|
@@ -0,0 +1,245 @@
|
|
|
1
|
+
import { AuthMiddleware, defaultAuthMiddlewareRules, determineAuthStatus, audienceSchema, } from "@schemavaults/auth-common";
|
|
2
|
+
import { decodeJWT, getKeysetIdFromToken, } from "@schemavaults/jwt";
|
|
3
|
+
import { apiServerIdSchema, } from "@schemavaults/app-definitions";
|
|
4
|
+
import BaseMiddleware from "../BaseMiddleware";
|
|
5
|
+
import loadJwtDecodingKeys from "../../../JwtKeyManager/loadJwtDecodingKeys";
|
|
6
|
+
class AuthJwtValidationMiddleware extends BaseMiddleware {
|
|
7
|
+
audience;
|
|
8
|
+
middleware_rules;
|
|
9
|
+
keys_manager;
|
|
10
|
+
constructor({ next, audience, ...opts }) {
|
|
11
|
+
super({
|
|
12
|
+
...opts,
|
|
13
|
+
name: "AuthJwtValidationMiddleware",
|
|
14
|
+
next,
|
|
15
|
+
});
|
|
16
|
+
if (typeof audience !== "string") {
|
|
17
|
+
throw new Error("AuthJwtValidationMiddleware did not receive an 'audience' to enforce for received JWTs!");
|
|
18
|
+
}
|
|
19
|
+
else if (!apiServerIdSchema.safeParse(audience).success) {
|
|
20
|
+
throw new TypeError("Invalid 'audience'; should be a valid API server ID!");
|
|
21
|
+
}
|
|
22
|
+
this.audience = audience;
|
|
23
|
+
this.middleware_rules = opts.middleware_rules ?? defaultAuthMiddlewareRules;
|
|
24
|
+
this.keys_manager = opts.keys_manager;
|
|
25
|
+
}
|
|
26
|
+
async loadJwtDecodingKeys(keyset_id) {
|
|
27
|
+
const audience_id = this.audience;
|
|
28
|
+
const decoding_keys = await loadJwtDecodingKeys({
|
|
29
|
+
keyset_id,
|
|
30
|
+
keys_manager: this.keys_manager,
|
|
31
|
+
audience_id,
|
|
32
|
+
debug: this.debug,
|
|
33
|
+
});
|
|
34
|
+
return decoding_keys;
|
|
35
|
+
}
|
|
36
|
+
async handle({ req, json, redirect, ...inputs }) {
|
|
37
|
+
const environment = this.environment;
|
|
38
|
+
if (this.debug) {
|
|
39
|
+
console.log(`[${this.name}] Running auth middleware on path: "${req.nextUrl.pathname}"`);
|
|
40
|
+
}
|
|
41
|
+
if (req.cookies.size > 20) {
|
|
42
|
+
console.error(`[${this.name}] Too many cookies: `, req.cookies.size);
|
|
43
|
+
return json({
|
|
44
|
+
error: true,
|
|
45
|
+
success: false,
|
|
46
|
+
message: "Too many cookies attached to request!",
|
|
47
|
+
}, { status: 400 });
|
|
48
|
+
}
|
|
49
|
+
// Initialize array to store tokens from different sources
|
|
50
|
+
const token_sources = [];
|
|
51
|
+
// Load Tokens from cookies
|
|
52
|
+
let refresh_token = req.cookies.get("refresh_token")?.value;
|
|
53
|
+
let access_token = req.cookies.get("access_token")?.value;
|
|
54
|
+
if (typeof refresh_token === "string") {
|
|
55
|
+
token_sources.push({
|
|
56
|
+
token: refresh_token,
|
|
57
|
+
type: "refresh",
|
|
58
|
+
sourceHint: "Refresh Token Cookie",
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
if (typeof access_token === "string") {
|
|
62
|
+
token_sources.push({
|
|
63
|
+
token: access_token,
|
|
64
|
+
type: "access",
|
|
65
|
+
sourceHint: "Access Token Cookie",
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
let authorizationHeaderToken = undefined;
|
|
69
|
+
const authorizationHeader = req.headers.get("Authorization") ??
|
|
70
|
+
req.headers.get("authorization") ??
|
|
71
|
+
null;
|
|
72
|
+
if (typeof authorizationHeader === "string") {
|
|
73
|
+
const bearerPrefix = "Bearer ";
|
|
74
|
+
if (authorizationHeader.startsWith(bearerPrefix)) {
|
|
75
|
+
if (authorizationHeader.length > bearerPrefix.length) {
|
|
76
|
+
const withoutPrefix = authorizationHeader.slice(bearerPrefix.length);
|
|
77
|
+
authorizationHeaderToken = withoutPrefix;
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
if (typeof authorizationHeaderToken === "string") {
|
|
82
|
+
token_sources.push({
|
|
83
|
+
token: authorizationHeaderToken,
|
|
84
|
+
type: "access",
|
|
85
|
+
sourceHint: "Authorization Bearer Header Access Token",
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
const jwt_audience = this.audience;
|
|
89
|
+
const parsed_jwt_audience = await audienceSchema.safeParseAsync(jwt_audience);
|
|
90
|
+
if (!parsed_jwt_audience.success) {
|
|
91
|
+
console.error(parsed_jwt_audience.error);
|
|
92
|
+
throw new Error("[withAuthJwtValidation] Received invalid JWT audience to enforce!");
|
|
93
|
+
}
|
|
94
|
+
let authStatus;
|
|
95
|
+
try {
|
|
96
|
+
const baseAuthStatusDeterminationInputs = {
|
|
97
|
+
client_type: "server",
|
|
98
|
+
token_sources,
|
|
99
|
+
debug: this.debug,
|
|
100
|
+
};
|
|
101
|
+
if (this.debug) {
|
|
102
|
+
console.log("[withAuthJwtValidation] Determining auth status with input options: ", baseAuthStatusDeterminationInputs);
|
|
103
|
+
}
|
|
104
|
+
authStatus = await determineAuthStatus({
|
|
105
|
+
...baseAuthStatusDeterminationInputs,
|
|
106
|
+
decodeJWT: async ({ token, type, jwt_audience, }) => {
|
|
107
|
+
let keyset_id;
|
|
108
|
+
try {
|
|
109
|
+
keyset_id = getKeysetIdFromToken(token);
|
|
110
|
+
}
|
|
111
|
+
catch (e) {
|
|
112
|
+
console.error("Failed to load 'keyset_id' from auth token: ", e);
|
|
113
|
+
throw new Error("Failed to load 'keyset_id' from auth token!");
|
|
114
|
+
}
|
|
115
|
+
let decodingKeys;
|
|
116
|
+
try {
|
|
117
|
+
decodingKeys = await this.loadJwtDecodingKeys(keyset_id);
|
|
118
|
+
if (decodingKeys.keyset_id !== keyset_id) {
|
|
119
|
+
throw new Error("Mismatch between the keyset ID of result and what was requested!");
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
catch (e) {
|
|
123
|
+
console.error(`Failed to load keys associated with token-associated keyset '${keyset_id}': `, e);
|
|
124
|
+
throw new Error("Failed to load keys associated with token-associated keyset!");
|
|
125
|
+
}
|
|
126
|
+
const { decryption_key, verification_key } = decodingKeys;
|
|
127
|
+
try {
|
|
128
|
+
const decoded = await decodeJWT({
|
|
129
|
+
jwt: token,
|
|
130
|
+
type,
|
|
131
|
+
audience: jwt_audience,
|
|
132
|
+
env: environment,
|
|
133
|
+
decryption_key,
|
|
134
|
+
verification_key,
|
|
135
|
+
keyset_id,
|
|
136
|
+
});
|
|
137
|
+
return { ...decoded };
|
|
138
|
+
}
|
|
139
|
+
catch (e) {
|
|
140
|
+
if (this.debug) {
|
|
141
|
+
console.error("[withAuthJwtValidation] Failed to decode JWT: ", e);
|
|
142
|
+
}
|
|
143
|
+
throw new Error("Failed to decode JWT to determine auth status!");
|
|
144
|
+
}
|
|
145
|
+
},
|
|
146
|
+
jwt_audience,
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
catch (e) {
|
|
150
|
+
console.error("[withAuthJwtValidation] Middleware failed to determine authentication status: ", e);
|
|
151
|
+
throw new Error("Failed to determine authentication status!");
|
|
152
|
+
}
|
|
153
|
+
let authMiddlewareResult;
|
|
154
|
+
try {
|
|
155
|
+
authMiddlewareResult = AuthMiddleware({
|
|
156
|
+
path: req.nextUrl.pathname,
|
|
157
|
+
authStatus,
|
|
158
|
+
rules: this.middleware_rules,
|
|
159
|
+
authedOnUnauthedRouteRedirectTo: "/account",
|
|
160
|
+
unauthedOnAuthedRouteRedirectTo: "/auth/login",
|
|
161
|
+
authorize_uri: "/auth/authorize",
|
|
162
|
+
successful_logout_redirect_uri: "/",
|
|
163
|
+
environment: this.environment,
|
|
164
|
+
debug: this.debug,
|
|
165
|
+
});
|
|
166
|
+
if (this.debug) {
|
|
167
|
+
console.log("[Middleware] Auth middleware result: ", authMiddlewareResult);
|
|
168
|
+
if (authMiddlewareResult &&
|
|
169
|
+
authMiddlewareResult.remain &&
|
|
170
|
+
req?.nextUrl?.pathname) {
|
|
171
|
+
console.log("[Middleware] Not redirecting. Remaining on:", req.nextUrl.pathname);
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
catch (e) {
|
|
176
|
+
console.error("[Middleware] Error running auth middleware: ", e);
|
|
177
|
+
return json({
|
|
178
|
+
success: false,
|
|
179
|
+
message: "Error running auth middleware",
|
|
180
|
+
}, { status: 500 });
|
|
181
|
+
}
|
|
182
|
+
if (authMiddlewareResult.remain) {
|
|
183
|
+
const next = this.next;
|
|
184
|
+
if (!AuthJwtValidationMiddleware.hasNextMiddleware(next)) {
|
|
185
|
+
throw new Error("Expected AuthJwtValidationMiddleware to have child middleware(s)!");
|
|
186
|
+
}
|
|
187
|
+
return await next.handle({ req, json, redirect, ...inputs });
|
|
188
|
+
}
|
|
189
|
+
else {
|
|
190
|
+
if (this.debug) {
|
|
191
|
+
console.log("[Middleware] Not remaining on: ", req.nextUrl.pathname);
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
if (authMiddlewareResult.redirect) {
|
|
195
|
+
// Relative redirect path
|
|
196
|
+
const relativeRedirectTo = authMiddlewareResult.redirectTo;
|
|
197
|
+
const host = req.nextUrl.host;
|
|
198
|
+
let protocol = "https";
|
|
199
|
+
if (this.environment === "development" || this.environment === "test") {
|
|
200
|
+
protocol = "http";
|
|
201
|
+
}
|
|
202
|
+
const redirectTo = protocol + "://" + host + relativeRedirectTo;
|
|
203
|
+
if (this.environment === "development") {
|
|
204
|
+
console.log('[Middleware] Redirecting to: "' + redirectTo + '"');
|
|
205
|
+
}
|
|
206
|
+
return redirect(redirectTo);
|
|
207
|
+
}
|
|
208
|
+
if (this.debug) {
|
|
209
|
+
console.log("[Middleware] Not remaining or redirecting on: ", req.nextUrl.pathname);
|
|
210
|
+
}
|
|
211
|
+
if (authMiddlewareResult.error) {
|
|
212
|
+
const errorType = authMiddlewareResult.error;
|
|
213
|
+
if (errorType === "Unauthorized") {
|
|
214
|
+
return json({
|
|
215
|
+
error: "Unauthorized",
|
|
216
|
+
}, { status: 401 });
|
|
217
|
+
}
|
|
218
|
+
else if (errorType === "Forbidden") {
|
|
219
|
+
return json({
|
|
220
|
+
error: "Forbidden",
|
|
221
|
+
}, { status: 403 });
|
|
222
|
+
}
|
|
223
|
+
console.error("Unknown auth middleware error: ", errorType);
|
|
224
|
+
return json({
|
|
225
|
+
error: "Unknown auth middleware error",
|
|
226
|
+
}, { status: 500 });
|
|
227
|
+
}
|
|
228
|
+
throw new Error("Unhandled auth middleware result");
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
export class AuthJwtValidationMiddlewareFactory {
|
|
232
|
+
type = "middleware-factory";
|
|
233
|
+
middlewareOpts;
|
|
234
|
+
constructor(opts) {
|
|
235
|
+
this.middlewareOpts = opts;
|
|
236
|
+
}
|
|
237
|
+
create(next) {
|
|
238
|
+
return new AuthJwtValidationMiddleware({
|
|
239
|
+
...this.middlewareOpts,
|
|
240
|
+
next,
|
|
241
|
+
});
|
|
242
|
+
}
|
|
243
|
+
}
|
|
244
|
+
export default AuthJwtValidationMiddlewareFactory;
|
|
245
|
+
//# sourceMappingURL=withAuthJwtValidation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"withAuthJwtValidation.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.ts"],"names":[],"mappings":"AACA,OAAO,EACL,cAAc,EAGd,0BAA0B,EAC1B,mBAAmB,EAGnB,cAAc,GAGf,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,SAAS,EACT,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,GAElB,MAAM,+BAA+B,CAAC;AAMvC,OAAO,cAAc,MAAM,8BAA8B,CAAC;AAE1D,OAAO,mBAEN,MAAM,qCAAqC,CAAC;AAe7C,MAAM,2BACJ,SAAQ,cAAc;IAGL,QAAQ,CAAS;IACjB,gBAAgB,CAAsB;IACtC,YAAY,CAAiB;IAE9C,YAAmB,EACjB,IAAI,EACJ,QAAQ,EACR,GAAG,IAAI,EAC0B;QACjC,KAAK,CAAC;YACJ,GAAG,IAAI;YACP,IAAI,EAAE,6BAAsC;YAC5C,IAAI;SACL,CAAC,CAAC;QAEH,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;aAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC;YAC1D,MAAM,IAAI,SAAS,CACjB,sDAAsD,CACvD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,IAAI,0BAA0B,CAAC;QAC5E,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;IACxC,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,SAAiB;QAEjB,MAAM,WAAW,GAAW,IAAI,CAAC,QAAQ,CAAC;QAC1C,MAAM,aAAa,GAAyB,MAAM,mBAAmB,CAAC;YACpE,SAAS;YACT,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,WAAW;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QACH,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,EAClB,GAAG,EACH,IAAI,EACJ,QAAQ,EACR,GAAG,MAAM,EACuB;QAChC,MAAM,WAAW,GAA+B,IAAI,CAAC,WAAW,CAAC;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,IAAI,IAAI,CAAC,IAAI,uCAAuC,GAAG,CAAC,OAAO,CAAC,QAAQ,GAAG,CAC5E,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,sBAAsB,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrE,OAAO,IAAI,CACT;gBACE,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,uCAAuC;aACjD,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,0DAA0D;QAC1D,MAAM,aAAa,GAAkC,EAAE,CAAC;QAExD,2BAA2B;QAC3B,IAAI,aAAa,GACf,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC;QAC1C,IAAI,YAAY,GACd,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC;QAEzC,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACtC,aAAa,CAAC,IAAI,CAAC;gBACjB,KAAK,EAAE,aAAa;gBACpB,IAAI,EAAE,SAAS;gBACf,UAAU,EAAE,sBAAsB;aACnC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACrC,aAAa,CAAC,IAAI,CAAC;gBACjB,KAAK,EAAE,YAAY;gBACnB,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,qBAAqB;aAClC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,wBAAwB,GAAuB,SAAS,CAAC;QAC7D,MAAM,mBAAmB,GACvB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;YAChC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;YAChC,IAAI,CAAC;QACP,IAAI,OAAO,mBAAmB,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,YAAY,GAAG,SAAkB,CAAC;YACxC,IAAI,mBAAmB,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjD,IAAI,mBAAmB,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC;oBACrD,MAAM,aAAa,GAAW,mBAAmB,CAAC,KAAK,CACrD,YAAY,CAAC,MAAM,CACpB,CAAC;oBACF,wBAAwB,GAAG,aAA8B,CAAC;gBAC5D,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,OAAO,wBAAwB,KAAK,QAAQ,EAAE,CAAC;YACjD,aAAa,CAAC,IAAI,CAAC;gBACjB,KAAK,EAAE,wBAAwB;gBAC/B,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,0CAA0C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;QACnC,MAAM,mBAAmB,GACvB,MAAM,cAAc,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QACpD,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;QACJ,CAAC;QAED,IAAI,UAA+C,CAAC;QACpD,IAAI,CAAC;YACH,MAAM,iCAAiC,GAAG;gBACxC,WAAW,EAAE,QAAiB;gBAC9B,aAAa;gBACb,KAAK,EAAE,IAAI,CAAC,KAAuB;aACkC,CAAC;YAExE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CACT,sEAAsE,EACtE,iCAAiC,CAClC,CAAC;YACJ,CAAC;YAED,UAAU,GAAG,MAAM,mBAAmB,CAAC;gBACrC,GAAG,iCAAiC;gBACpC,SAAS,EAAE,KAAK,EAAE,EAChB,KAAK,EACL,IAAI,EACJ,YAAY,GACb,EAA+C,EAAE;oBAChD,IAAI,SAAiB,CAAC;oBACtB,IAAI,CAAC;wBACH,SAAS,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;oBAC1C,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;wBACjE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;oBACjE,CAAC;oBAED,IAAI,YAAkC,CAAC;oBACvC,IAAI,CAAC;wBACH,YAAY,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;wBACzD,IAAI,YAAY,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;4BACzC,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CACX,gEAAgE,SAAS,KAAK,EAC9E,CAAC,CACF,CAAC;wBACF,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;oBACJ,CAAC;oBACD,MAAM,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,YAAY,CAAC;oBAE1D,IAAI,CAAC;wBACH,MAAM,OAAO,GAAqB,MAAM,SAAS,CAAC;4BAChD,GAAG,EAAE,KAAK;4BACV,IAAI;4BACJ,QAAQ,EAAE,YAAY;4BACtB,GAAG,EAAE,WAAW;4BAChB,cAAc;4BACd,gBAAgB;4BAChB,SAAS;yBACV,CAAC,CAAC;wBACH,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;oBACxB,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,KAAK,CACX,gDAAgD,EAChD,CAAC,CACF,CAAC;wBACJ,CAAC;wBACD,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;oBACpE,CAAC;gBACH,CAAC;gBACD,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,gFAAgF,EAChF,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,oBAA0C,CAAC;QAC/C,IAAI,CAAC;YACH,oBAAoB,GAAG,cAAc,CAAC;gBACpC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ;gBAC1B,UAAU;gBACV,KAAK,EAAE,IAAI,CAAC,gBAAgB;gBAC5B,+BAA+B,EAAE,UAAmB;gBACpD,+BAA+B,EAAE,aAAsB;gBACvD,aAAa,EAAE,iBAA0B;gBACzC,8BAA8B,EAAE,GAAY;gBAC5C,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CACT,uCAAuC,EACvC,oBAAoB,CACrB,CAAC;gBACF,IACE,oBAAoB;oBACpB,oBAAoB,CAAC,MAAM;oBAC3B,GAAG,EAAE,OAAO,EAAE,QAAQ,EACtB,CAAC;oBACD,OAAO,CAAC,GAAG,CACT,6CAA6C,EAC7C,GAAG,CAAC,OAAO,CAAC,QAAQ,CACrB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;YACjE,OAAO,IAAI,CACT;gBACE,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,+BAA+B;aACzC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,oBAAoB,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,IAAI,CAAC,2BAA2B,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAED,IAAI,oBAAoB,CAAC,QAAQ,EAAE,CAAC;YAClC,yBAAyB;YACzB,MAAM,kBAAkB,GAAW,oBAAoB,CAAC,UAAU,CAAC;YAEnE,MAAM,IAAI,GAAW,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC;YAEtC,IAAI,QAAQ,GAAqB,OAAO,CAAC;YAEzC,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,IAAI,IAAI,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;gBACtE,QAAQ,GAAG,MAAM,CAAC;YACpB,CAAC;YACD,MAAM,UAAU,GAAW,QAAQ,GAAG,KAAK,GAAG,IAAI,GAAG,kBAAkB,CAAC;YACxE,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;gBACvC,OAAO,CAAC,GAAG,CAAC,gCAAgC,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC;YACnE,CAAC;YACD,OAAO,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,gDAAgD,EAChD,GAAG,CAAC,OAAO,CAAC,QAAQ,CACrB,CAAC;QACJ,CAAC;QAED,IAAI,oBAAoB,CAAC,KAAK,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAwB,oBAAoB,CAAC,KAAK,CAAC;YAClE,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;gBACjC,OAAO,IAAI,CACT;oBACE,KAAK,EAAE,cAAc;iBACtB,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;iBAAM,IAAI,SAAS,KAAK,WAAW,EAAE,CAAC;gBACrC,OAAO,IAAI,CACT;oBACE,KAAK,EAAE,WAAW;iBACnB,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,SAAS,CAAC,CAAC;YAC5D,OAAO,IAAI,CACT;gBACE,KAAK,EAAE,+BAA+B;aACvC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;CACF;AAED,MAAM,OAAO,kCAAkC;IAG7B,IAAI,GAAG,oBAA6B,CAAC;IAE7C,cAAc,CAAqC;IAE3D,YAAmB,IAAwC;QACzD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAEM,MAAM,CAAC,IAA6B;QACzC,OAAO,IAAI,2BAA2B,CAAC;YACrC,GAAG,IAAI,CAAC,cAAc;YACtB,IAAI;SACL,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,kCAAkC,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { type SchemaVaultsCORSEnforcementPolicy } from "./cors-policies";
|
|
2
|
+
interface ApplyCorsHeadersOptions {
|
|
3
|
+
origin: string | null | undefined;
|
|
4
|
+
headers: Record<string, string>;
|
|
5
|
+
policy: SchemaVaultsCORSEnforcementPolicy;
|
|
6
|
+
preflight?: boolean;
|
|
7
|
+
method: string;
|
|
8
|
+
debug?: boolean;
|
|
9
|
+
allowed: boolean;
|
|
10
|
+
}
|
|
11
|
+
export declare function applyCorsHeaders(opts: ApplyCorsHeadersOptions): Record<string, string>;
|
|
12
|
+
export {};
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
import { SchemaVaultsCORSEnforcementPolicies as corsPolicies, } from "./cors-policies";
|
|
2
|
+
export function applyCorsHeaders(opts) {
|
|
3
|
+
const withCorsHeaders = { ...opts.headers };
|
|
4
|
+
const DEBUG = opts.debug ?? false;
|
|
5
|
+
const allowed = opts.allowed;
|
|
6
|
+
if (!allowed)
|
|
7
|
+
throw new Error("applyCorsHeaders() should not be called until this origin has been validated as allowed");
|
|
8
|
+
if (DEBUG) {
|
|
9
|
+
console.log(`[applyCorsHeaders] Applying ${opts.preflight ? "preflight " : ""}CORS headers for policy "${opts.policy}".`);
|
|
10
|
+
}
|
|
11
|
+
switch (opts.policy) {
|
|
12
|
+
case corsPolicies.AllowAny:
|
|
13
|
+
withCorsHeaders["Access-Control-Allow-Origin"] = "*";
|
|
14
|
+
break;
|
|
15
|
+
case corsPolicies.EnforceValidAppIfOriginApplied:
|
|
16
|
+
if (typeof opts.origin === "string") {
|
|
17
|
+
withCorsHeaders["Access-Control-Allow-Origin"] = opts.origin;
|
|
18
|
+
}
|
|
19
|
+
else {
|
|
20
|
+
withCorsHeaders["Access-Control-Allow-Origin"] = "*";
|
|
21
|
+
}
|
|
22
|
+
break;
|
|
23
|
+
case corsPolicies.SameOriginIfOriginApplied:
|
|
24
|
+
if (typeof opts.origin === "string") {
|
|
25
|
+
withCorsHeaders["Access-Control-Allow-Origin"] = opts.origin;
|
|
26
|
+
}
|
|
27
|
+
else {
|
|
28
|
+
withCorsHeaders["Access-Control-Allow-Origin"] = "*";
|
|
29
|
+
}
|
|
30
|
+
break;
|
|
31
|
+
default:
|
|
32
|
+
throw new Error(`Invalid CORS policy: ${opts.policy}`);
|
|
33
|
+
}
|
|
34
|
+
withCorsHeaders["Access-Control-Allow-Credentials"] = "true";
|
|
35
|
+
withCorsHeaders["Access-Control-Allow-Methods"] =
|
|
36
|
+
"GET,DELETE,PATCH,POST,PUT,OPTIONS";
|
|
37
|
+
withCorsHeaders["Access-Control-Allow-Headers"] =
|
|
38
|
+
"X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, Authorization";
|
|
39
|
+
if (!opts.preflight &&
|
|
40
|
+
opts.method !== "GET" &&
|
|
41
|
+
opts.policy !== corsPolicies.AllowAny) {
|
|
42
|
+
withCorsHeaders["Vary"] = "Origin";
|
|
43
|
+
}
|
|
44
|
+
return withCorsHeaders;
|
|
45
|
+
}
|
|
46
|
+
//# sourceMappingURL=applyCorsHeaders.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"applyCorsHeaders.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/applyCorsHeaders.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,mCAAmC,IAAI,YAAY,GACpD,MAAM,iBAAiB,CAAC;AAYzB,MAAM,UAAU,gBAAgB,CAC9B,IAA6B;IAE7B,MAAM,eAAe,GAA2B,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAEpE,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC7B,IAAI,CAAC,OAAO;QACV,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;IAEJ,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,+BAA+B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,4BAA4B,IAAI,CAAC,MAAM,IAAI,CAC7G,CAAC;IACJ,CAAC;IAED,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;QACpB,KAAK,YAAY,CAAC,QAAQ;YACxB,eAAe,CAAC,6BAA6B,CAAC,GAAG,GAAG,CAAC;YACrD,MAAM;QACR,KAAK,YAAY,CAAC,8BAA8B;YAC9C,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACpC,eAAe,CAAC,6BAA6B,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,6BAA6B,CAAC,GAAG,GAAG,CAAC;YACvD,CAAC;YAED,MAAM;QACR,KAAK,YAAY,CAAC,yBAAyB;YACzC,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACpC,eAAe,CAAC,6BAA6B,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,6BAA6B,CAAC,GAAG,GAAG,CAAC;YACvD,CAAC;YAED,MAAM;QACR;YACE,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,eAAe,CAAC,kCAAkC,CAAC,GAAG,MAAM,CAAC;IAC7D,eAAe,CAAC,8BAA8B,CAAC;QAC7C,mCAAmC,CAAC;IACtC,eAAe,CAAC,8BAA8B,CAAC;QAC7C,uIAAuI,CAAC;IAC1I,IACE,CAAC,IAAI,CAAC,SAAS;QACf,IAAI,CAAC,MAAM,KAAK,KAAK;QACrB,IAAI,CAAC,MAAM,KAAK,YAAY,CAAC,QAAQ,EACrC,CAAC;QACD,eAAe,CAAC,MAAM,CAAC,GAAG,QAAQ,CAAC;IACrC,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function assertNoOriginSet(origin: string | null | undefined): origin is null | undefined;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"assertNoOriginSet.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/assertNoOriginSet.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,iBAAiB,CAC/B,MAAiC;IAEjC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
declare const validSchemaVaultsCorsEnforcementPolicies: readonly ["AllowAny", "EnforceValidAppIfOriginApplied", "SameOriginIfOriginApplied"];
|
|
2
|
+
export type SchemaVaultsCORSEnforcementPolicy = (typeof validSchemaVaultsCorsEnforcementPolicies)[number];
|
|
3
|
+
export declare function isValidCORSEnforcementPolicy(policy: string): policy is SchemaVaultsCORSEnforcementPolicy;
|
|
4
|
+
type AvailableCorsPoliciesAccessorObject = Readonly<{
|
|
5
|
+
[K in SchemaVaultsCORSEnforcementPolicy]: K;
|
|
6
|
+
}>;
|
|
7
|
+
export declare const SchemaVaultsCORSEnforcementPolicies: AvailableCorsPoliciesAccessorObject;
|
|
8
|
+
export default SchemaVaultsCORSEnforcementPolicies;
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
const validSchemaVaultsCorsEnforcementPolicies = [
|
|
2
|
+
"AllowAny",
|
|
3
|
+
"EnforceValidAppIfOriginApplied",
|
|
4
|
+
"SameOriginIfOriginApplied",
|
|
5
|
+
];
|
|
6
|
+
export function isValidCORSEnforcementPolicy(policy) {
|
|
7
|
+
if (typeof policy === "string") {
|
|
8
|
+
const validPolicies = validSchemaVaultsCorsEnforcementPolicies;
|
|
9
|
+
if (validPolicies.includes(policy)) {
|
|
10
|
+
return true;
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
return false;
|
|
14
|
+
}
|
|
15
|
+
export const SchemaVaultsCORSEnforcementPolicies = {
|
|
16
|
+
EnforceValidAppIfOriginApplied: "EnforceValidAppIfOriginApplied",
|
|
17
|
+
AllowAny: "AllowAny",
|
|
18
|
+
SameOriginIfOriginApplied: "SameOriginIfOriginApplied",
|
|
19
|
+
};
|
|
20
|
+
export default SchemaVaultsCORSEnforcementPolicies;
|
|
21
|
+
//# sourceMappingURL=cors-policies.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cors-policies.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/cors-policies.ts"],"names":[],"mappings":"AAAA,MAAM,wCAAwC,GAAG;IAC/C,UAAU;IACV,gCAAgC;IAChC,2BAA2B;CACS,CAAC;AAKvC,MAAM,UAAU,4BAA4B,CAC1C,MAAc;IAEd,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,aAAa,GACjB,wCAAwC,CAAC;QAC3C,IAAI,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAMD,MAAM,CAAC,MAAM,mCAAmC,GAC9C;IACE,8BAA8B,EAAE,gCAAgC;IAChE,QAAQ,EAAE,UAAU;IACpB,yBAAyB,EAAE,2BAA2B;CAC9C,CAAC;AAEb,eAAe,mCAAmC,CAAC"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import type { ISchemaVaultsMiddlewareFnInputs } from "../../../middleware/middleware_types";
|
|
2
|
+
import type { NextRequest, NextResponse } from "next/server";
|
|
3
|
+
export declare function ensureHttpsInProduction(request: NextRequest, origin: string, json: ISchemaVaultsMiddlewareFnInputs["json"]): NextResponse | undefined;
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { getAppEnvironment, } from "@schemavaults/app-definitions";
|
|
2
|
+
function isHttpsOrigin(origin) {
|
|
3
|
+
return origin.startsWith("https://");
|
|
4
|
+
}
|
|
5
|
+
export function ensureHttpsInProduction(request, origin, json) {
|
|
6
|
+
const environment = getAppEnvironment();
|
|
7
|
+
if (
|
|
8
|
+
// Ensure that origin uses https:// in production
|
|
9
|
+
origin &&
|
|
10
|
+
environment !== "development" &&
|
|
11
|
+
environment !== "test" &&
|
|
12
|
+
request.method !== "GET" &&
|
|
13
|
+
!isHttpsOrigin(origin)) {
|
|
14
|
+
console.error("Origins must be HTTPS in production environment.");
|
|
15
|
+
return json({
|
|
16
|
+
message: "Origin must be HTTPS",
|
|
17
|
+
success: false,
|
|
18
|
+
}, { status: 400 });
|
|
19
|
+
} // End of HTTPS origins in production check
|
|
20
|
+
return undefined;
|
|
21
|
+
}
|
|
22
|
+
//# sourceMappingURL=ensureHttpsInProd.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ensureHttpsInProd.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/ensureHttpsInProd.ts"],"names":[],"mappings":"AACA,OAAO,EACL,iBAAiB,GAElB,MAAM,+BAA+B,CAAC;AAIvC,SAAS,aAAa,CAAC,MAAc;IACnC,OAAO,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,OAAoB,EACpB,MAAc,EACd,IAA6C;IAE7C,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;IAEpE;IACE,iDAAiD;IACjD,MAAM;QACN,WAAW,KAAK,aAAa;QAC7B,WAAW,KAAK,MAAM;QACtB,OAAO,CAAC,MAAM,KAAK,KAAK;QACxB,CAAC,aAAa,CAAC,MAAM,CAAC,EACtB,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAClE,OAAO,IAAI,CACT;YACE,OAAO,EAAE,sBAAsB;YAC/B,OAAO,EAAE,KAAK;SACc,EAC9B,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACJ,CAAC,CAAC,2CAA2C;IAC7C,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
export { CorsMiddlewareFactory, CorsMiddlewareFactory as default } from "./withCorsSettings";
|
|
2
|
+
export type * from "./withCorsSettings";
|
|
3
|
+
export type { SchemaVaultsCORSEnforcementPolicy } from "./cors-policies";
|
|
4
|
+
export { SchemaVaultsCORSEnforcementPolicies } from "./cors-policies";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,IAAI,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAG7F,OAAO,EAAE,mCAAmC,EAAE,MAAM,iBAAiB,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
2
|
+
import { type SchemaVaultsCORSEnforcementPolicy } from "./cors-policies";
|
|
3
|
+
interface CheckIfIsAllowedOriginOptions {
|
|
4
|
+
origin: string | null | undefined;
|
|
5
|
+
policy: SchemaVaultsCORSEnforcementPolicy;
|
|
6
|
+
audience: string;
|
|
7
|
+
environment: SchemaVaultsAppEnvironment;
|
|
8
|
+
debug?: boolean;
|
|
9
|
+
}
|
|
10
|
+
export declare function isAllowedOrigin(opts: CheckIfIsAllowedOriginOptions): Promise<boolean>;
|
|
11
|
+
export {};
|