@tern-secure/backend 1.2.0-canary.v20251002185025 → 1.2.0-canary.v20251002193408

package/dist/index.js

@@ -571,9 +571,6 @@ function createFireApi(options) {
   };
 }
 
-// src/tokens/request.ts
-var import_cookie2 = require("@tern-secure/shared/cookie");
-
 // src/utils/errors.ts
 var TokenVerificationErrorReason = {
   TokenExpired: "token-expired",
@@ -622,6 +619,72 @@ function mergePreDefinedOptions(userOptions = {}) {
   };
 }
 
+// src/tokens/c-authenticateRequestProcessor.ts
+var RequestProcessorContext = class {
+  constructor(ternSecureRequest, options) {
+    this.ternSecureRequest = ternSecureRequest;
+    this.options = options;
+    this.initHeaderValues();
+    this.initCookieValues();
+    this.initUrlValues();
+    Object.assign(this, options);
+    this.ternUrl = this.ternSecureRequest.ternUrl;
+  }
+  get request() {
+    return this.ternSecureRequest;
+  }
+  initHeaderValues() {
+    this.sessionTokenInHeader = this.parseAuthorizationHeader(
+      this.getHeader(constants.Headers.Authorization)
+    );
+    this.origin = this.getHeader(constants.Headers.Origin);
+    this.host = this.getHeader(constants.Headers.Host);
+    this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);
+    this.forwardedProto = this.getHeader(constants.Headers.CloudFrontForwardedProto) || this.getHeader(constants.Headers.ForwardedProto);
+    this.referrer = this.getHeader(constants.Headers.Referrer);
+    this.userAgent = this.getHeader(constants.Headers.UserAgent);
+    this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);
+    this.accept = this.getHeader(constants.Headers.Accept);
+  }
+  initCookieValues() {
+    const isProduction = process.env.NODE_ENV === "production";
+    const defaultPrefix = isProduction ? "__HOST-" : "__dev_";
+    this.sessionTokenInCookie = this.getCookie(constants.Cookies.Session);
+    this.idTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.IdToken}`);
+    this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);
+    this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);
+    this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);
+  }
+  initUrlValues() {
+    this.method = this.ternSecureRequest.method;
+    this.pathSegments = this.ternSecureRequest.ternUrl.pathname.split("/").filter(Boolean);
+    this.endpoint = this.pathSegments[2];
+    this.subEndpoint = this.pathSegments[3];
+  }
+  getHeader(name) {
+    return this.ternSecureRequest.headers.get(name) || void 0;
+  }
+  getCookie(name) {
+    return this.ternSecureRequest.cookies.get(name) || void 0;
+  }
+  parseAuthorizationHeader(authorizationHeader) {
+    if (!authorizationHeader) {
+      return void 0;
+    }
+    const [scheme, token] = authorizationHeader.split(" ", 2);
+    if (!token) {
+      return scheme;
+    }
+    if (scheme === "Bearer") {
+      return token;
+    }
+    return void 0;
+  }
+};
+var createRequestProcessor = (ternSecureRequest, options) => {
+  return new RequestProcessorContext(ternSecureRequest, options);
+};
+
 // src/jwt/verifyJwt.ts
 var import_jose2 = require("jose");
 
@@ -1012,66 +1075,31 @@ async function verifyToken(token, options) {
 }
 
 // src/tokens/request.ts
-var BEARER_PREFIX = "Bearer ";
-function extractTokenFromHeader(request) {
-  const authHeader = request.headers.get("Authorization");
-  if (!authHeader || !authHeader.startsWith(BEARER_PREFIX)) {
-    return null;
-  }
-  return authHeader.slice(BEARER_PREFIX.length);
-}
-function extractTokenFromCookie(request) {
-  const cookieHeader = request.headers.get("Cookie") || void 0;
-  if (!cookieHeader) {
-    return null;
-  }
-  const cookiePrefix = (0, import_cookie2.getCookiePrefix)();
-  const idTokenCookieName = (0, import_cookie2.getCookieName)(
-    constants.Cookies.IdToken,
-    cookiePrefix
-  );
-  const cookies = cookieHeader.split(";").reduce(
-    (acc, cookie) => {
-      const [name, value] = cookie.trim().split("=");
-      acc[name] = value;
-      return acc;
-    },
-    {}
-  );
-  console.log("Extracted cookies:", cookies[idTokenCookieName]);
-  return cookies[idTokenCookieName] || null;
-}
 function hasAuthorizationHeader(request) {
   return request.headers.has("Authorization");
 }
 async function authenticateRequest(request, options) {
+  const context = createRequestProcessor(createTernSecureRequest(request), options);
   async function authenticateRequestWithTokenInCookie() {
-    const token = extractTokenFromCookie(request);
-    if (!token) {
-      return signedOut(AuthErrorReason.SessionTokenMissing);
-    }
     try {
-      const { data, errors } = await verifyToken(token, options);
+      const { data, errors } = await verifyToken(context.idTokenInCookie, options);
       if (errors) {
         throw errors[0];
       }
-      const signedInRequestState = signedIn(data, void 0, token);
+      const signedInRequestState = signedIn(data, void 0, context.idTokenInCookie);
       return signedInRequestState;
     } catch (err) {
       return handleError(err, "cookie");
     }
   }
   async function authenticateRequestWithTokenInHeader() {
-    const token = extractTokenFromHeader(request);
-    if (!token) {
-      return signedOut(AuthErrorReason.SessionTokenMissing, "");
-    }
+    const { sessionTokenInHeader } = context;
     try {
-      const { data, errors } = await verifyToken(token, options);
+      const { data, errors } = await verifyToken(sessionTokenInHeader, options);
       if (errors) {
         throw errors[0];
       }
-      const signedInRequestState = signedIn(data, void 0, token);
+      const signedInRequestState = signedIn(data, void 0, sessionTokenInHeader);
       return signedInRequestState;
     } catch (err) {
       return handleError(err, "header");
@@ -1128,16 +1156,16 @@ function mergePreDefinedOptions2(preDefinedOptions, options) {
     { ...preDefinedOptions }
   );
 }
-var BEARER_PREFIX2 = "Bearer ";
+var BEARER_PREFIX = "Bearer ";
 var AUTH_COOKIE_NAME = "_session_cookie";
-function extractTokenFromHeader2(request) {
+function extractTokenFromHeader(request) {
   const authHeader = request.headers.get("Authorization");
-  if (!authHeader || !authHeader.startsWith(BEARER_PREFIX2)) {
+  if (!authHeader || !authHeader.startsWith(BEARER_PREFIX)) {
     return null;
   }
-  return authHeader.slice(BEARER_PREFIX2.length);
+  return authHeader.slice(BEARER_PREFIX.length);
 }
-function extractTokenFromCookie2(request) {
+function extractTokenFromCookie(request) {
   const cookieHeader = request.headers.get("Cookie") || void 0;
   if (!cookieHeader) {
     return null;
@@ -1157,7 +1185,7 @@ function hasAuthorizationHeader2(request) {
 }
 async function authenticateRequest2(request, options) {
   async function authenticateRequestWithTokenInCookie() {
-    const token = extractTokenFromCookie2(request);
+    const token = extractTokenFromCookie(request);
     if (!token) {
       return signedOut(AuthErrorReason.SessionTokenMissing);
     }
@@ -1169,7 +1197,7 @@ async function authenticateRequest2(request, options) {
     return signedInRequestState;
   }
   async function authenticateRequestWithTokenInHeader() {
-    const token = extractTokenFromHeader2(request);
+    const token = extractTokenFromHeader(request);
     if (!token) {
       return signedOut(AuthErrorReason.SessionTokenMissing);
     }