npm - @shad-claiborne/hono-middleware-oidc - Versions diffs - 1.0.9 → 1.1.0 - Mend

@shad-claiborne/hono-middleware-oidc 1.0.9 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -15,15 +15,24 @@
 ```
 ### Usage
 ```ts
-app.use('*', except('/auth/callback', withIdentity));
+import {addIdentity, receiveAuth, handleFlow} from '@shad-claiborne/hono-middleware-oidc'
-app.use('/auth/callback', forAuthorization);
+...
+// Add the identity claims to the request for all routes except the redirect URI
+app.use('*', except('/auth/callback', addIdentity));
+// The endpoint to which the authorization server provides the user's authorization
+app.use('/auth/callback', receiveAuth);
+// Send the browser to this endpoint to begin the authorization flow
+// Note this endpoint assumes "addIdentity" precedes it
+app.use('/login', handleFlow);
+// Example ajax endpoint for getting the identity claims
 app.get('/async/api/identity', async (c) => {
     return c.json(c.get('identity'));
 });
-app.get('/', async (c) => {
-    return c.text('hello world');
-});
+...
 ```

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,22 @@
 import { MiddlewareHandler } from "hono";
-export declare const withIdentity: MiddlewareHandler;
-export declare const forAuthorization: MiddlewareHandler;
+/**
+ * handleFlow
+ * @param c
+ * @param next
+ * @returns
+ */
+export declare const handleFlow: MiddlewareHandler;
+/**
+ * addIdentity
+ * @param c
+ * @param next
+ * @returns
+ */
+export declare const addIdentity: MiddlewareHandler;
+/**
+ * receiveAuth
+ * @param c
+ * @returns
+ */
+export declare const receiveAuth: MiddlewareHandler;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js CHANGED Viewed

@@ -2,8 +2,64 @@ import { deleteCookie, getSignedCookie, setSignedCookie } from "hono/cookie";
 import { createIdentityProvider, } from "@shad-claiborne/basic-oidc";
 import randomstring from "randomstring";
 import { env } from "hono/adapter";
-export const withIdentity = async (c, next) => {
-    const { HONO_OIDC_ISSUER, HONO_OIDC_CLIENT_ID, HONO_OIDC_CLIENT_SECRET, HONO_OIDC_REDIRECT_URI, HONO_OIDC_COOKIE_SECRET, HONO_OIDC_ACCESS_TOKEN_COOKIE, HONO_OIDC_REFRESH_TOKEN_COOKIE, HONO_OIDC_ID_TOKEN_COOKIE, HONO_OIDC_CODE_VERIFIER_COOKIE, } = env(c);
+/**
+ * activateToken
+ * @param c
+ * @param tokenRes
+ */
+const activateToken = async (c, provider, tokenResponse) => {
+    const { HONO_OIDC_COOKIE_SECRET, HONO_OIDC_ACCESS_TOKEN_COOKIE, HONO_OIDC_REFRESH_TOKEN_COOKIE, HONO_OIDC_ID_TOKEN_COOKIE, } = env(c);
+    if (tokenResponse.access_token) {
+        await setSignedCookie(c, HONO_OIDC_ACCESS_TOKEN_COOKIE, tokenResponse.access_token, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax', maxAge: tokenResponse.expires_in });
+    }
+    if (tokenResponse.refresh_token) {
+        const maxAge = tokenResponse.refresh_token_expires_in ?? (24 * 60 * 60);
+        await setSignedCookie(c, HONO_OIDC_REFRESH_TOKEN_COOKIE, tokenResponse.refresh_token, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax', maxAge });
+    }
+    if (tokenResponse.id_token) {
+        const idToken = await provider.decodeIdentityToken(tokenResponse.id_token);
+        const maxAge = idToken.exp - Math.floor(Date.now() / 1000);
+        await setSignedCookie(c, HONO_OIDC_ID_TOKEN_COOKIE, tokenResponse.id_token, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax', maxAge });
+    }
+};
+/**
+ * handleFlow
+ * @param c
+ * @param next
+ * @returns
+ */
+export const handleFlow = async (c, next) => {
+    const { HONO_OIDC_ISSUER, HONO_OIDC_CLIENT_ID, HONO_OIDC_CLIENT_SECRET, HONO_OIDC_REDIRECT_URI, HONO_OIDC_COOKIE_SECRET, HONO_OIDC_CODE_VERIFIER_COOKIE, } = env(c);
+    const provider = await createIdentityProvider(HONO_OIDC_ISSUER);
+    const client = provider.createClient(HONO_OIDC_CLIENT_ID, HONO_OIDC_CLIENT_SECRET);
+    let id = c.get('identity');
+    if (!id) {
+        const stateId = randomstring.generate(5);
+        const state = { originUrl: c.get('originUrl') || c.req.url };
+        await setSignedCookie(c, `_authstate-${stateId}`, JSON.stringify(state), HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax' });
+        const codeVerifier = randomstring.generate(16);
+        await setSignedCookie(c, HONO_OIDC_CODE_VERIFIER_COOKIE, codeVerifier, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax' });
+        const authRequest = client
+            .newAuthorizationRequest()
+            .setRedirectUri(HONO_OIDC_REDIRECT_URI)
+            .setResponseMode("query")
+            .setResponseType("code id_token")
+            .setScope(["profile"])
+            .setCodeChallenge(codeVerifier)
+            .setState(stateId);
+        const authRequestURL = authRequest.toURL();
+        return c.redirect(authRequestURL.toString());
+    }
+    await next();
+};
+/**
+ * addIdentity
+ * @param c
+ * @param next
+ * @returns
+ */
+export const addIdentity = async (c, next) => {
+    const { HONO_OIDC_ISSUER, HONO_OIDC_CLIENT_ID, HONO_OIDC_CLIENT_SECRET, HONO_OIDC_COOKIE_SECRET, HONO_OIDC_ACCESS_TOKEN_COOKIE, HONO_OIDC_REFRESH_TOKEN_COOKIE, HONO_OIDC_ID_TOKEN_COOKIE, } = env(c);
     const provider = await createIdentityProvider(HONO_OIDC_ISSUER);
     const client = provider.createClient(HONO_OIDC_CLIENT_ID, HONO_OIDC_CLIENT_SECRET);
     const tokenSet = {
@@ -16,48 +72,30 @@ export const withIdentity = async (c, next) => {
         id = await provider.getIdentity(tokenSet);
     }
     catch (err) {
-        id = null;
+        console.error(err);
     }
-    if (id === null) {
+    if (!id) {
         try {
             const tokenResponse = await client.refreshAccess(tokenSet);
             id = await provider.getIdentity(tokenResponse);
-            if (tokenResponse.access_token) {
-                await setSignedCookie(c, HONO_OIDC_ACCESS_TOKEN_COOKIE, tokenResponse.access_token, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax' });
-            }
-            if (tokenResponse.refresh_token) {
-                const maxAge = tokenResponse.refresh_token_expires_in ?? (24 * 60 * 60);
-                await setSignedCookie(c, HONO_OIDC_REFRESH_TOKEN_COOKIE, tokenResponse.refresh_token, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax', maxAge });
-            }
-            if (tokenResponse.id_token) {
-                const idToken = await provider.decodeIdentityToken(tokenResponse.id_token);
-                const maxAge = idToken.exp - Math.floor(Date.now() / 1000);
-                await setSignedCookie(c, HONO_OIDC_ID_TOKEN_COOKIE, tokenResponse.id_token, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax', maxAge });
-            }
+            await activateToken(c, provider, tokenResponse);
         }
         catch (err) {
-            const stateId = randomstring.generate(5);
-            const state = { originUrl: c.get('originUrl') || c.req.url };
-            await setSignedCookie(c, `_authstate-${stateId}`, JSON.stringify(state), HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax' });
-            const codeVerifier = randomstring.generate(16);
-            await setSignedCookie(c, HONO_OIDC_CODE_VERIFIER_COOKIE, codeVerifier, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax' });
-            const authRequest = client
-                .newAuthorizationRequest()
-                .setRedirectUri(HONO_OIDC_REDIRECT_URI)
-                .setResponseMode("query")
-                .setResponseType("code id_token")
-                .setScope(["profile"])
-                .setCodeChallenge(codeVerifier)
-                .setState(stateId);
-            const authRequestURL = authRequest.toURL();
-            return c.redirect(authRequestURL.toString());
+            console.error(err);
         }
     }
-    c.set("identity", id);
+    if (id) {
+        c.set("identity", id);
+    }
     await next();
 };
-export const forAuthorization = async (c) => {
-    const { HONO_OIDC_ISSUER, HONO_OIDC_CLIENT_ID, HONO_OIDC_CLIENT_SECRET, HONO_OIDC_REDIRECT_URI, HONO_OIDC_COOKIE_SECRET, HONO_OIDC_ACCESS_TOKEN_COOKIE, HONO_OIDC_REFRESH_TOKEN_COOKIE, HONO_OIDC_ID_TOKEN_COOKIE, HONO_OIDC_CODE_VERIFIER_COOKIE, } = env(c);
+/**
+ * receiveAuth
+ * @param c
+ * @returns
+ */
+export const receiveAuth = async (c) => {
+    const { HONO_OIDC_ISSUER, HONO_OIDC_CLIENT_ID, HONO_OIDC_CLIENT_SECRET, HONO_OIDC_REDIRECT_URI, HONO_OIDC_COOKIE_SECRET, HONO_OIDC_CODE_VERIFIER_COOKIE, } = env(c);
     const provider = await createIdentityProvider(HONO_OIDC_ISSUER);
     const client = provider.createClient(HONO_OIDC_CLIENT_ID, HONO_OIDC_CLIENT_SECRET);
     const requestURL = new URL(c.req.url), requestParams = requestURL.searchParams;
@@ -76,18 +114,7 @@ export const forAuthorization = async (c) => {
     if (codeVerifier === false || codeVerifier === undefined)
         throw new Error("code verifier cookie failed");
     const tokenResponse = await client.requestAccess(authResponse, { codeVerifier, redirectUri: HONO_OIDC_REDIRECT_URI });
-    if (tokenResponse.access_token) {
-        await setSignedCookie(c, HONO_OIDC_ACCESS_TOKEN_COOKIE, tokenResponse.access_token, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax', maxAge: tokenResponse.expires_in });
-    }
-    if (tokenResponse.refresh_token) {
-        const maxAge = tokenResponse.refresh_token_expires_in ?? (24 * 60 * 60);
-        await setSignedCookie(c, HONO_OIDC_REFRESH_TOKEN_COOKIE, tokenResponse.refresh_token, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax', maxAge });
-    }
-    if (tokenResponse.id_token) {
-        const idToken = await provider.decodeIdentityToken(tokenResponse.id_token);
-        const maxAge = idToken.exp - Math.floor(Date.now() / 1000);
-        await setSignedCookie(c, HONO_OIDC_ID_TOKEN_COOKIE, tokenResponse.id_token, HONO_OIDC_COOKIE_SECRET, { httpOnly: true, secure: true, sameSite: 'Lax', maxAge });
-    }
+    await activateToken(c, provider, tokenResponse);
     return c.redirect(state.originUrl);
 };
 //# sourceMappingURL=index.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@shad-claiborne/hono-middleware-oidc",
-  "version": "1.0.9",
+  "version": "1.1.0",
   "description": "OIDC middleware for Hono",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",