@seamless-auth/express 0.0.1-beta.3 → 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/createServer.d.ts +1 -0
- package/dist/createServer.d.ts.map +1 -0
- package/dist/createServer.js +4 -4
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +4 -4
- package/dist/internal/authFetch.d.ts +1 -0
- package/dist/internal/authFetch.d.ts.map +1 -0
- package/dist/internal/authFetch.js +5 -3
- package/dist/internal/cookie.d.ts +1 -0
- package/dist/internal/cookie.d.ts.map +1 -0
- package/dist/internal/cookie.js +5 -4
- package/dist/internal/getSeamlessUser.d.ts +1 -0
- package/dist/internal/getSeamlessUser.d.ts.map +1 -0
- package/dist/internal/refreshAccessToken.d.ts +1 -0
- package/dist/internal/refreshAccessToken.d.ts.map +1 -0
- package/dist/internal/refreshAccessToken.js +6 -5
- package/dist/internal/verifyCookieJwt.d.ts +1 -0
- package/dist/internal/verifyCookieJwt.d.ts.map +1 -0
- package/dist/internal/verifySignedAuthResponse.d.ts +1 -0
- package/dist/internal/verifySignedAuthResponse.d.ts.map +1 -0
- package/dist/middleware/ensureCookies.d.ts +1 -0
- package/dist/middleware/ensureCookies.d.ts.map +1 -0
- package/dist/middleware/ensureCookies.js +1 -5
- package/dist/middleware/requireAuth.d.ts +1 -0
- package/dist/middleware/requireAuth.d.ts.map +1 -0
- package/dist/middleware/requireAuth.js +9 -5
- package/dist/middleware/requireRole.d.ts +1 -0
- package/dist/middleware/requireRole.d.ts.map +1 -0
- package/dist/middleware/requireRole.js +6 -5
- package/dist/types.d.ts +1 -0
- package/dist/types.d.ts.map +1 -0
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -217,7 +217,7 @@ SEAMLESS_COOKIE_SIGNING_KEY=local-secret-key # Found in the portal
|
|
|
217
217
|
|
|
218
218
|
```ts
|
|
219
219
|
const AUTH_SERVER_URL = process.env.AUTH_SERVER_URL!;
|
|
220
|
-
app.use(cors({ origin: "
|
|
220
|
+
app.use(cors({ origin: "http://localhost:5001", credentials: true }));
|
|
221
221
|
app.use(express.json());
|
|
222
222
|
app.use(cookieParser());
|
|
223
223
|
app.use("/auth", createSeamlessAuthServer({ authServerUrl: AUTH_SERVER_URL }));
|
package/dist/createServer.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"createServer.d.ts","sourceRoot":"","sources":["../src/createServer.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAqB,MAAM,EAAE,MAAM,SAAS,CAAC;AAQ7D,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAIzD,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,yBAAyB,GAC9B,MAAM,CA6LR"}
|
package/dist/createServer.js
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import express from "express";
|
|
2
2
|
import cookieParser from "cookie-parser";
|
|
3
|
-
import { setSessionCookie, clearAllCookies, clearSessionCookie, } from
|
|
4
|
-
import { authFetch } from
|
|
5
|
-
import { createEnsureCookiesMiddleware } from
|
|
6
|
-
import { verifySignedAuthResponse } from
|
|
3
|
+
import { setSessionCookie, clearAllCookies, clearSessionCookie, } from "./internal/cookie";
|
|
4
|
+
import { authFetch } from "./internal/authFetch";
|
|
5
|
+
import { createEnsureCookiesMiddleware } from "./middleware/ensureCookies";
|
|
6
|
+
import { verifySignedAuthResponse } from "./internal/verifySignedAuthResponse";
|
|
7
7
|
export function createSeamlessAuthServer(opts) {
|
|
8
8
|
const r = express.Router();
|
|
9
9
|
r.use(express.json());
|
package/dist/index.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAA;AAC5D,YAAY,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAEzD,eAAe,wBAAwB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { createSeamlessAuthServer } from
|
|
2
|
-
export { requireAuth } from
|
|
3
|
-
export { requireRole } from
|
|
4
|
-
export { getSeamlessUser } from
|
|
1
|
+
import { createSeamlessAuthServer } from "./createServer";
|
|
2
|
+
export { requireAuth } from "./middleware/requireAuth";
|
|
3
|
+
export { requireRole } from "./middleware/requireRole";
|
|
4
|
+
export { getSeamlessUser } from "./internal/getSeamlessUser";
|
|
5
5
|
export default createSeamlessAuthServer;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authFetch.d.ts","sourceRoot":"","sources":["../../src/internal/authFetch.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE5D,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,QAAQ,CAAC;IACrD,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED,wBAAsB,SAAS,CAC7B,GAAG,EAAE,aAAa,EAClB,GAAG,EAAE,MAAM,EACX,EAAE,MAAe,EAAE,IAAI,EAAE,OAAO,EAAE,OAAY,EAAE,GAAE,gBAAqB,qBAuDxE"}
|
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
import jwt from "jsonwebtoken";
|
|
2
|
-
const serviceKey = process.env.SEAMLESS_SERVICE_TOKEN;
|
|
3
2
|
export async function authFetch(req, url, { method = "POST", body, cookies, headers = {} } = {}) {
|
|
3
|
+
const serviceKey = process.env.SEAMLESS_SERVICE_TOKEN;
|
|
4
4
|
if (!serviceKey) {
|
|
5
5
|
throw new Error("Cannot sign service token. Missing SEAMLESS_SERVICE_TOKEN");
|
|
6
6
|
}
|
|
7
|
+
console.debug("[SeamlessAuth] Performing authentication fetch to Auth server");
|
|
7
8
|
// -------------------------------
|
|
8
9
|
// Issue short-lived machine token
|
|
9
10
|
// -------------------------------
|
|
10
11
|
const token = jwt.sign({
|
|
11
12
|
// Minimal, safe fields
|
|
12
13
|
iss: process.env.FRONTEND_URL,
|
|
13
|
-
aud: process.env.
|
|
14
|
+
aud: process.env.AUTH_SERVER_URL,
|
|
14
15
|
sub: req.cookiePayload?.sub,
|
|
15
16
|
roles: req.cookiePayload?.roles ?? [],
|
|
16
17
|
iat: Math.floor(Date.now() / 1000),
|
|
@@ -22,10 +23,11 @@ export async function authFetch(req, url, { method = "POST", body, cookies, head
|
|
|
22
23
|
const finalHeaders = {
|
|
23
24
|
...(method !== "GET" && { "Content-Type": "application/json" }),
|
|
24
25
|
...(cookies ? { Cookie: cookies.join("; ") } : {}),
|
|
25
|
-
Authorization: `Bearer ${
|
|
26
|
+
Authorization: `Bearer ${serviceKey}`,
|
|
26
27
|
...headers,
|
|
27
28
|
};
|
|
28
29
|
let finalUrl = url;
|
|
30
|
+
console.debug("[SeamlessAuth] URL ...", finalUrl);
|
|
29
31
|
if (method === "GET" && body && typeof body === "object") {
|
|
30
32
|
const qs = new URLSearchParams(body).toString();
|
|
31
33
|
finalUrl += url.includes("?") ? `&${qs}` : `?${qs}`;
|
|
@@ -8,3 +8,4 @@ export interface CookiePayload {
|
|
|
8
8
|
export declare function setSessionCookie(res: Response, payload: CookiePayload, domain?: string, ttlSeconds?: number, name?: string): void;
|
|
9
9
|
export declare function clearSessionCookie(res: Response, domain: string, name?: string): void;
|
|
10
10
|
export declare function clearAllCookies(res: Response, domain: string, accesscookieName: string, registrationCookieName: string, refreshCookieName: string): void;
|
|
11
|
+
//# sourceMappingURL=cookie.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cookie.d.ts","sourceRoot":"","sources":["../../src/internal/cookie.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEnC,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,QAAQ,EACb,OAAO,EAAE,aAAa,EACtB,MAAM,CAAC,EAAE,MAAM,EACf,UAAU,SAAM,EAChB,IAAI,SAAe,QAqBpB;AAED,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,QAAQ,EACb,MAAM,EAAE,MAAM,EACd,IAAI,SAAe,QAGpB;AAED,wBAAgB,eAAe,CAC7B,GAAG,EAAE,QAAQ,EACb,MAAM,EAAE,MAAM,EACd,gBAAgB,EAAE,MAAM,EACxB,sBAAsB,EAAE,MAAM,EAC9B,iBAAiB,EAAE,MAAM,QAK1B"}
|
package/dist/internal/cookie.js
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import jwt from "jsonwebtoken";
|
|
2
|
-
const COOKIE_SECRET = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
|
|
3
|
-
if (!COOKIE_SECRET) {
|
|
4
|
-
console.warn("[SeamlessAuth] Missing SEAMLESS_COOKIE_SIGNING_KEY env var!");
|
|
5
|
-
}
|
|
6
2
|
export function setSessionCookie(res, payload, domain, ttlSeconds = 300, name = "sa_session") {
|
|
3
|
+
const COOKIE_SECRET = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
|
|
4
|
+
if (!COOKIE_SECRET) {
|
|
5
|
+
console.warn("[SeamlessAuth] Missing SEAMLESS_COOKIE_SIGNING_KEY env var!");
|
|
6
|
+
throw new Error("Missing required env SEAMLESS_COOKIE_SIGNING_KEY");
|
|
7
|
+
}
|
|
7
8
|
const token = jwt.sign(payload, COOKIE_SECRET, {
|
|
8
9
|
algorithm: "HS256",
|
|
9
10
|
expiresIn: `${ttlSeconds}s`,
|
|
@@ -8,3 +8,4 @@ import { CookieRequest } from "../middleware/ensureCookies.js";
|
|
|
8
8
|
* @returns The user data object if valid, or null if invalid/unauthenticated
|
|
9
9
|
*/
|
|
10
10
|
export declare function getSeamlessUser<T = any>(req: CookieRequest, authServerUrl: string, cookieName?: string): Promise<T | null>;
|
|
11
|
+
//# sourceMappingURL=getSeamlessUser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"getSeamlessUser.d.ts","sourceRoot":"","sources":["../../src/internal/getSeamlessUser.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAG/D;;;;;;;GAOG;AACH,wBAAsB,eAAe,CAAC,CAAC,GAAG,GAAG,EAC3C,GAAG,EAAE,aAAa,EAClB,aAAa,EAAE,MAAM,EACrB,UAAU,GAAE,MAA+B,GAC1C,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAwBnB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"refreshAccessToken.d.ts","sourceRoot":"","sources":["../../src/internal/refreshAccessToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAG/D,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,aAAa,EAClB,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;IACT,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;CACpB,GAAG,IAAI,CAAC,CAwDR"}
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import jwt from "jsonwebtoken";
|
|
2
|
-
const COOKIE_SECRET = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
|
|
3
|
-
if (!COOKIE_SECRET) {
|
|
4
|
-
console.warn("[SeamlessAuth] SEAMLESS_COOKIE_SIGNING_KEY missing — requireAuth will always fail.");
|
|
5
|
-
}
|
|
6
|
-
const serviceKey = process.env.SEAMLESS_SERVICE_TOKEN;
|
|
7
2
|
export async function refreshAccessToken(req, authServerUrl, refreshToken) {
|
|
8
3
|
try {
|
|
4
|
+
const COOKIE_SECRET = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
|
|
5
|
+
if (!COOKIE_SECRET) {
|
|
6
|
+
console.warn("[SeamlessAuth] SEAMLESS_COOKIE_SIGNING_KEY missing — requireAuth will always fail.");
|
|
7
|
+
throw new Error("Missing required env SEAMLESS_COOKIE_SIGNING_KEY");
|
|
8
|
+
}
|
|
9
|
+
const serviceKey = process.env.SEAMLESS_SERVICE_TOKEN;
|
|
9
10
|
if (!serviceKey) {
|
|
10
11
|
throw new Error("Cannot sign service token. Missing SEAMLESS_SERVICE_TOKEN");
|
|
11
12
|
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verifyCookieJwt.d.ts","sourceRoot":"","sources":["../../src/internal/verifyCookieJwt.ts"],"names":[],"mappings":"AAIA,wBAAgB,eAAe,CAAC,CAAC,GAAG,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC,GAAG,IAAI,CAShE"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verifySignedAuthResponse.d.ts","sourceRoot":"","sources":["../../src/internal/verifySignedAuthResponse.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAsB,wBAAwB,CAAC,CAAC,GAAG,GAAG,EACpD,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAmBnB"}
|
|
@@ -5,3 +5,4 @@ export interface CookieRequest extends Request {
|
|
|
5
5
|
cookiePayload?: JwtPayload;
|
|
6
6
|
}
|
|
7
7
|
export declare function createEnsureCookiesMiddleware(opts: SeamlessAuthServerOptions): (req: CookieRequest, res: Response, next: NextFunction, cookieDomain?: string) => Promise<void | Response<any, Record<string, any>>>;
|
|
8
|
+
//# sourceMappingURL=ensureCookies.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ensureCookies.d.ts","sourceRoot":"","sources":["../../src/middleware/ensureCookies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAI1C,MAAM,WAAW,aAAc,SAAQ,OAAO;IAC5C,aAAa,CAAC,EAAE,UAAU,CAAC;CAC5B;AAED,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,yBAAyB,IA4BzE,KAAK,aAAa,EAClB,KAAK,QAAQ,EACb,MAAM,YAAY,EAClB,qBAAiB,wDA2FpB"}
|
|
@@ -1,11 +1,6 @@
|
|
|
1
1
|
import { verifyCookieJwt } from "../internal/verifyCookieJwt.js";
|
|
2
2
|
import { refreshAccessToken } from "../internal/refreshAccessToken";
|
|
3
3
|
import { clearAllCookies, setSessionCookie } from "../internal/cookie";
|
|
4
|
-
const AUTH_SERVER_URL = process.env.AUTH_SERVER;
|
|
5
|
-
const COOKIE_SECRET = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
|
|
6
|
-
if (!COOKIE_SECRET) {
|
|
7
|
-
console.warn("[SeamlessAuth] SEAMLESS_COOKIE_SIGNING_KEY missing — requireAuth will always fail.");
|
|
8
|
-
}
|
|
9
4
|
export function createEnsureCookiesMiddleware(opts) {
|
|
10
5
|
const COOKIE_REQUIREMENTS = {
|
|
11
6
|
"/webAuthn/login/finish": { name: opts.preAuthCookieName, required: true },
|
|
@@ -34,6 +29,7 @@ export function createEnsureCookiesMiddleware(opts) {
|
|
|
34
29
|
if (!match)
|
|
35
30
|
return next();
|
|
36
31
|
const [, { name, required }] = match;
|
|
32
|
+
const AUTH_SERVER_URL = process.env.AUTH_SERVER;
|
|
37
33
|
const cookieValue = req.cookies?.[name];
|
|
38
34
|
const refreshCookieValue = req.cookies?.[opts.refreshCookieName];
|
|
39
35
|
//
|
|
@@ -6,3 +6,4 @@ import { Request, Response, NextFunction } from "express";
|
|
|
6
6
|
* - Returns 401 if missing/invalid/expired
|
|
7
7
|
*/
|
|
8
8
|
export declare function requireAuth(cookieName?: string, refreshCookieName?: string, cookieDomain?: string): (req: Request, res: Response, next: NextFunction) => Promise<void>;
|
|
9
|
+
//# sourceMappingURL=requireAuth.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requireAuth.d.ts","sourceRoot":"","sources":["../../src/middleware/requireAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAM1D;;;;;GAKG;AACH,wBAAgB,WAAW,CACzB,UAAU,SAAyB,EACnC,iBAAiB,SAA0B,EAC3C,YAAY,SAAM,IAahB,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CA+EjB"}
|
|
@@ -1,11 +1,6 @@
|
|
|
1
1
|
import jwt from "jsonwebtoken";
|
|
2
2
|
import { refreshAccessToken } from "../internal/refreshAccessToken.js";
|
|
3
3
|
import { setSessionCookie } from "../internal/cookie.js";
|
|
4
|
-
const COOKIE_SECRET = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
|
|
5
|
-
if (!COOKIE_SECRET) {
|
|
6
|
-
console.warn("[SeamlessAuth] SEAMLESS_COOKIE_SIGNING_KEY missing — requireAuth will always fail.");
|
|
7
|
-
}
|
|
8
|
-
const AUTH_SERVER_URL = process.env.AUTH_SERVER;
|
|
9
4
|
/**
|
|
10
5
|
* Express middleware that verifies a Seamless Auth access cookie.
|
|
11
6
|
* - Reads and verifies signed cookie JWT
|
|
@@ -13,8 +8,17 @@ const AUTH_SERVER_URL = process.env.AUTH_SERVER;
|
|
|
13
8
|
* - Returns 401 if missing/invalid/expired
|
|
14
9
|
*/
|
|
15
10
|
export function requireAuth(cookieName = "seamless-auth-access", refreshCookieName = "seamless-auth-refresh", cookieDomain = "/") {
|
|
11
|
+
const COOKIE_SECRET = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
|
|
12
|
+
if (!COOKIE_SECRET) {
|
|
13
|
+
console.warn("[SeamlessAuth] SEAMLESS_COOKIE_SIGNING_KEY missing — requireAuth will always fail.");
|
|
14
|
+
throw new Error("Missing required env SEAMLESS_COOKIE_SIGNING_KEY");
|
|
15
|
+
}
|
|
16
|
+
const AUTH_SERVER_URL = process.env.AUTH_SERVER;
|
|
16
17
|
return async (req, res, next) => {
|
|
17
18
|
try {
|
|
19
|
+
if (!COOKIE_SECRET) {
|
|
20
|
+
throw new Error("Missing required SEAMLESS_COOKIE_SIGNING_KEY env");
|
|
21
|
+
}
|
|
18
22
|
const token = req.cookies?.[cookieName];
|
|
19
23
|
if (!token) {
|
|
20
24
|
res.status(401).json({ error: "Missing access cookie" });
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"requireRole.d.ts","sourceRoot":"","sources":["../../src/middleware/requireRole.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAG1E;;;;;GAKG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,UAAU,SAAoB,GAC7B,cAAc,CAiChB"}
|
|
@@ -1,8 +1,4 @@
|
|
|
1
1
|
import jwt from "jsonwebtoken";
|
|
2
|
-
const COOKIE_SECRET = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
|
|
3
|
-
if (!COOKIE_SECRET) {
|
|
4
|
-
console.warn("[PortalAPI] Missing SEAMLESS_COOKIE_SIGNING_KEY — role checks will fail.");
|
|
5
|
-
}
|
|
6
2
|
/**
|
|
7
3
|
* Express middleware to enforce a required role from Seamless Auth cookie JWT.
|
|
8
4
|
*
|
|
@@ -12,6 +8,11 @@ if (!COOKIE_SECRET) {
|
|
|
12
8
|
export function requireRole(role, cookieName = "seamless-access") {
|
|
13
9
|
return (req, res, next) => {
|
|
14
10
|
try {
|
|
11
|
+
const COOKIE_SECRET = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
|
|
12
|
+
if (!COOKIE_SECRET) {
|
|
13
|
+
console.warn("[SeamlessAuth] SEAMLESS_COOKIE_SIGNING_KEY missing — requireRole will always fail.");
|
|
14
|
+
throw new Error("Missing required env SEAMLESS_COOKIE_SIGNING_KEY");
|
|
15
|
+
}
|
|
15
16
|
const token = req.cookies?.[cookieName];
|
|
16
17
|
if (!token) {
|
|
17
18
|
res.status(401).json({ error: "Missing access cookie" });
|
|
@@ -29,7 +30,7 @@ export function requireRole(role, cookieName = "seamless-access") {
|
|
|
29
30
|
next();
|
|
30
31
|
}
|
|
31
32
|
catch (err) {
|
|
32
|
-
console.error(`[
|
|
33
|
+
console.error(`[RequireRole] requireRole(${role}) failed:`, err.message);
|
|
33
34
|
res.status(401).json({ error: "Invalid or expired access cookie" });
|
|
34
35
|
}
|
|
35
36
|
};
|
package/dist/types.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,yBAAyB;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@seamless-auth/express",
|
|
3
|
-
"version": "0.0.1
|
|
3
|
+
"version": "0.0.1",
|
|
4
4
|
"description": "Express adapter for Seamless Auth passwordless authentication",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"type": "module",
|
|
@@ -24,6 +24,7 @@
|
|
|
24
24
|
},
|
|
25
25
|
"dependencies": {
|
|
26
26
|
"cookie-parser": "^1.4.6",
|
|
27
|
+
"dotenv": "^17.2.3",
|
|
27
28
|
"jose": "^6.1.1",
|
|
28
29
|
"jsonwebtoken": "^9.0.2",
|
|
29
30
|
"node-fetch": "^3.3.2"
|