@tern-secure/backend 1.2.0-canary.v20251020170039 → 1.2.0-canary.v20251023005301
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/createRedirect.d.ts +20 -0
- package/dist/createRedirect.d.ts.map +1 -0
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +71 -103
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +70 -102
- package/dist/index.mjs.map +1 -1
- package/dist/tokens/authstate.d.ts +7 -2
- package/dist/tokens/authstate.d.ts.map +1 -1
- package/package.json +3 -3
- package/dist/instance/backendFireInstance.d.ts +0 -7
- package/dist/instance/backendFireInstance.d.ts.map +0 -1
- package/dist/tokens/requestFire.d.ts +0 -17
- package/dist/tokens/requestFire.d.ts.map +0 -1
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
type RedirectAdapter<RedirectReturn> = (url: string) => RedirectReturn;
|
|
2
|
+
type RedirectToParams = {
|
|
3
|
+
returnBackUrl?: string | URL | null;
|
|
4
|
+
};
|
|
5
|
+
export type RedirectFun<ReturnType> = (params?: RedirectToParams) => ReturnType;
|
|
6
|
+
/**
|
|
7
|
+
* @internal
|
|
8
|
+
*/
|
|
9
|
+
type CreateRedirect = <ReturnType>(params: {
|
|
10
|
+
redirectAdapter: RedirectAdapter<ReturnType>;
|
|
11
|
+
baseUrl: URL | string;
|
|
12
|
+
signInUrl?: URL | string;
|
|
13
|
+
signUpUrl?: URL | string;
|
|
14
|
+
}) => {
|
|
15
|
+
redirectToSignIn: RedirectFun<ReturnType>;
|
|
16
|
+
redirectToSignUp: RedirectFun<ReturnType>;
|
|
17
|
+
};
|
|
18
|
+
export declare const createRedirect: CreateRedirect;
|
|
19
|
+
export {};
|
|
20
|
+
//# sourceMappingURL=createRedirect.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"createRedirect.d.ts","sourceRoot":"","sources":["../src/createRedirect.ts"],"names":[],"mappings":"AAuCA,KAAK,eAAe,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,MAAM,KAAK,cAAc,CAAC;AACvE,KAAK,gBAAgB,GAAG;IAAE,aAAa,CAAC,EAAE,MAAM,GAAG,GAAG,GAAG,IAAI,CAAA;CAAE,CAAC;AAChE,MAAM,MAAM,WAAW,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,EAAE,gBAAgB,KAAK,UAAU,CAAC;AAEhF;;GAEG;AACH,KAAK,cAAc,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE;IACzC,eAAe,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC;IAC7C,OAAO,EAAE,GAAG,GAAG,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC;CAC1B,KAAK;IACJ,gBAAgB,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC;IAC1C,gBAAgB,EAAE,WAAW,CAAC,UAAU,CAAC,CAAC;CAC3C,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,cAoC5B,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
export { constants } from './constants';
|
|
2
|
+
export { createRedirect } from './createRedirect';
|
|
3
|
+
export type { RedirectFun } from './createRedirect';
|
|
2
4
|
export type { TernSecureRequest } from './tokens/ternSecureRequest';
|
|
3
5
|
export { createTernSecureRequest } from './tokens/ternSecureRequest';
|
|
4
6
|
export type { AuthenticateRequestOptions, AuthenticateFireRequestOptions } from './tokens/types';
|
|
5
7
|
export type { AuthObject, RequestState, SignedInAuthObject, SignedOutAuthObject, } from './tokens/authstate';
|
|
6
8
|
export { signedIn, signedInAuthObject, signedOutAuthObject, AuthStatus } from './tokens/authstate';
|
|
7
9
|
export { createBackendInstanceClient } from './instance/backendInstanceEdge';
|
|
8
|
-
export { createFireClient } from './instance/backendFireInstance';
|
|
9
10
|
export type { BackendInstance, TernSecureBackendOptions } from './instance/backendInstanceEdge';
|
|
10
11
|
export { enableDebugLogging, disableDebugLogging, setLogLevel } from './utils/enableDebugLogging';
|
|
11
12
|
export { LogLevel } from './utils/logger';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEpD,YAAY,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AACpE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAErE,YAAY,EAAE,0BAA0B,EAAE,8BAA8B,EAAE,MAAM,gBAAgB,CAAC;AAEjG,YAAY,EACV,UAAU,EACV,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,QAAQ,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEnG,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAC;AAE7E,YAAY,EAAE,eAAe,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAEhG,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAElG,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EACL,YAAY,EACZ,eAAe,EACf,aAAa,EACb,2BAA2B,GAC5B,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,mBAAmB,EACnB,kBAAkB,EAClB,aAAa,EACb,WAAW,EACX,cAAc,EACd,WAAW,EACX,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,YAAY,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -27,7 +27,7 @@ __export(index_exports, {
|
|
|
27
27
|
constants: () => constants,
|
|
28
28
|
createAdapter: () => createAdapter,
|
|
29
29
|
createBackendInstanceClient: () => createBackendInstanceClient,
|
|
30
|
-
|
|
30
|
+
createRedirect: () => createRedirect,
|
|
31
31
|
createTernSecureRequest: () => createTernSecureRequest,
|
|
32
32
|
disableDebugLogging: () => disableDebugLogging,
|
|
33
33
|
enableDebugLogging: () => enableDebugLogging,
|
|
@@ -102,6 +102,64 @@ var constants = {
|
|
|
102
102
|
ContentTypes
|
|
103
103
|
};
|
|
104
104
|
|
|
105
|
+
// src/createRedirect.ts
|
|
106
|
+
var buildUrl = (_baseUrl, _targetUrl, _returnBackUrl) => {
|
|
107
|
+
if (_baseUrl === "") {
|
|
108
|
+
return legacyBuildUrl(_targetUrl.toString(), _returnBackUrl?.toString());
|
|
109
|
+
}
|
|
110
|
+
const baseUrl = new URL(_baseUrl);
|
|
111
|
+
const returnBackUrl = _returnBackUrl ? new URL(_returnBackUrl, baseUrl) : void 0;
|
|
112
|
+
const res = new URL(_targetUrl, baseUrl);
|
|
113
|
+
if (returnBackUrl) {
|
|
114
|
+
res.searchParams.set("redirect_url", returnBackUrl.toString());
|
|
115
|
+
}
|
|
116
|
+
return res.toString();
|
|
117
|
+
};
|
|
118
|
+
var legacyBuildUrl = (targetUrl, redirectUrl) => {
|
|
119
|
+
let url;
|
|
120
|
+
if (!targetUrl.startsWith("http")) {
|
|
121
|
+
if (!redirectUrl || !redirectUrl.startsWith("http")) {
|
|
122
|
+
throw new Error("destination url or return back url should be an absolute path url!");
|
|
123
|
+
}
|
|
124
|
+
const baseURL = new URL(redirectUrl);
|
|
125
|
+
url = new URL(targetUrl, baseURL.origin);
|
|
126
|
+
} else {
|
|
127
|
+
url = new URL(targetUrl);
|
|
128
|
+
}
|
|
129
|
+
if (redirectUrl) {
|
|
130
|
+
url.searchParams.set("redirect_url", redirectUrl);
|
|
131
|
+
}
|
|
132
|
+
return url.toString();
|
|
133
|
+
};
|
|
134
|
+
var createRedirect = (params) => {
|
|
135
|
+
const { redirectAdapter, signInUrl, signUpUrl, baseUrl } = params;
|
|
136
|
+
const redirectToSignUp = ({ returnBackUrl } = {}) => {
|
|
137
|
+
if (!signUpUrl) {
|
|
138
|
+
throw new Error("SignUp URL is not defined");
|
|
139
|
+
}
|
|
140
|
+
const pathToSignUpUrl = `${baseUrl}/sign-up`;
|
|
141
|
+
function buildSignUpUrl(signIn) {
|
|
142
|
+
if (!signIn) {
|
|
143
|
+
return;
|
|
144
|
+
}
|
|
145
|
+
const url = new URL(signIn, baseUrl);
|
|
146
|
+
url.pathname = `${url.pathname}/create`;
|
|
147
|
+
return url.toString();
|
|
148
|
+
}
|
|
149
|
+
const targetUrl = signUpUrl || buildSignUpUrl(signInUrl) || pathToSignUpUrl;
|
|
150
|
+
return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));
|
|
151
|
+
};
|
|
152
|
+
const redirectToSignIn = ({ returnBackUrl } = {}) => {
|
|
153
|
+
if (!signInUrl) {
|
|
154
|
+
throw new Error("SignIn URL is not defined");
|
|
155
|
+
}
|
|
156
|
+
const pathToSignInUrl = `${baseUrl}/sign-in`;
|
|
157
|
+
const targetUrl = signInUrl || pathToSignInUrl;
|
|
158
|
+
return redirectAdapter(buildUrl(baseUrl, targetUrl, returnBackUrl));
|
|
159
|
+
};
|
|
160
|
+
return { redirectToSignUp, redirectToSignIn };
|
|
161
|
+
};
|
|
162
|
+
|
|
105
163
|
// src/tokens/ternSecureRequest.ts
|
|
106
164
|
var import_cookie = require("cookie");
|
|
107
165
|
|
|
@@ -232,22 +290,26 @@ function signedOutAuthObject() {
|
|
|
232
290
|
error: "No active session"
|
|
233
291
|
};
|
|
234
292
|
}
|
|
235
|
-
function signedIn(sessionClaims, headers = new Headers(), token) {
|
|
293
|
+
function signedIn(authCtx, sessionClaims, headers = new Headers(), token) {
|
|
236
294
|
const authObject = signedInAuthObject(token, sessionClaims);
|
|
237
295
|
return {
|
|
238
296
|
status: AuthStatus.SignedIn,
|
|
239
297
|
reason: null,
|
|
298
|
+
signInUrl: authCtx.signInUrl || "",
|
|
299
|
+
signUpUrl: authCtx.signUpUrl || "",
|
|
240
300
|
isSignedIn: true,
|
|
241
301
|
auth: () => authObject,
|
|
242
302
|
token,
|
|
243
303
|
headers
|
|
244
304
|
};
|
|
245
305
|
}
|
|
246
|
-
function signedOut(reason, message = "", headers = new Headers()) {
|
|
306
|
+
function signedOut(authCtx, reason, message = "", headers = new Headers()) {
|
|
247
307
|
return decorateHeaders({
|
|
248
308
|
status: AuthStatus.SignedOut,
|
|
249
309
|
reason,
|
|
250
310
|
message,
|
|
311
|
+
signInUrl: authCtx.signInUrl || "",
|
|
312
|
+
signUpUrl: authCtx.signUpUrl || "",
|
|
251
313
|
isSignedIn: false,
|
|
252
314
|
auth: () => signedOutAuthObject(),
|
|
253
315
|
token: null,
|
|
@@ -1399,7 +1461,7 @@ async function authenticateRequest(request, options) {
|
|
|
1399
1461
|
if (errors) {
|
|
1400
1462
|
throw errors[0];
|
|
1401
1463
|
}
|
|
1402
|
-
const signedInRequestState = signedIn(data, void 0, context.idTokenInCookie);
|
|
1464
|
+
const signedInRequestState = signedIn(context, data, void 0, context.idTokenInCookie);
|
|
1403
1465
|
return signedInRequestState;
|
|
1404
1466
|
} catch (err) {
|
|
1405
1467
|
return handleError(err, "cookie");
|
|
@@ -1412,7 +1474,7 @@ async function authenticateRequest(request, options) {
|
|
|
1412
1474
|
if (errors) {
|
|
1413
1475
|
throw errors[0];
|
|
1414
1476
|
}
|
|
1415
|
-
const signedInRequestState = signedIn(data, void 0, sessionTokenInHeader);
|
|
1477
|
+
const signedInRequestState = signedIn(context, data, void 0, sessionTokenInHeader);
|
|
1416
1478
|
return signedInRequestState;
|
|
1417
1479
|
} catch (err) {
|
|
1418
1480
|
return handleError(err, "header");
|
|
@@ -1420,13 +1482,13 @@ async function authenticateRequest(request, options) {
|
|
|
1420
1482
|
}
|
|
1421
1483
|
async function handleError(err, tokenCarrier) {
|
|
1422
1484
|
if (!(err instanceof TokenVerificationError)) {
|
|
1423
|
-
return signedOut(AuthErrorReason.UnexpectedError);
|
|
1485
|
+
return signedOut(context, AuthErrorReason.UnexpectedError);
|
|
1424
1486
|
}
|
|
1425
1487
|
let refreshError;
|
|
1426
1488
|
if (isRequestForRefresh(err, context, request)) {
|
|
1427
1489
|
const { data, error } = await handleRefresh();
|
|
1428
1490
|
if (data) {
|
|
1429
|
-
return signedIn(data.decoded, data.headers, data.token);
|
|
1491
|
+
return signedIn(context, data.decoded, data.headers, data.token);
|
|
1430
1492
|
}
|
|
1431
1493
|
if (error?.cause?.reason) {
|
|
1432
1494
|
refreshError = error.cause.reason;
|
|
@@ -1441,7 +1503,7 @@ async function authenticateRequest(request, options) {
|
|
|
1441
1503
|
}
|
|
1442
1504
|
}
|
|
1443
1505
|
err.tokenCarrier = tokenCarrier;
|
|
1444
|
-
return signedOut(err.reason, err.getFullMessage());
|
|
1506
|
+
return signedOut(context, err.reason, err.getFullMessage());
|
|
1445
1507
|
}
|
|
1446
1508
|
if (hasAuthorizationHeader(request)) {
|
|
1447
1509
|
return authenticateRequestWithTokenInHeader();
|
|
@@ -1471,100 +1533,6 @@ function createBackendInstanceClient(options) {
|
|
|
1471
1533
|
};
|
|
1472
1534
|
}
|
|
1473
1535
|
|
|
1474
|
-
// src/tokens/requestFire.ts
|
|
1475
|
-
var defaultFirebaseOptions = {
|
|
1476
|
-
apiKey: "",
|
|
1477
|
-
authDomain: "",
|
|
1478
|
-
projectId: "",
|
|
1479
|
-
tenantId: void 0
|
|
1480
|
-
};
|
|
1481
|
-
function mergePreDefinedOptions2(preDefinedOptions, options) {
|
|
1482
|
-
return Object.keys(preDefinedOptions).reduce(
|
|
1483
|
-
(obj, key) => {
|
|
1484
|
-
return { ...obj, [key]: options[key] || obj[key] };
|
|
1485
|
-
},
|
|
1486
|
-
{ ...preDefinedOptions }
|
|
1487
|
-
);
|
|
1488
|
-
}
|
|
1489
|
-
var BEARER_PREFIX = "Bearer ";
|
|
1490
|
-
var AUTH_COOKIE_NAME = "_session_cookie";
|
|
1491
|
-
function extractTokenFromHeader(request) {
|
|
1492
|
-
const authHeader = request.headers.get("Authorization");
|
|
1493
|
-
if (!authHeader || !authHeader.startsWith(BEARER_PREFIX)) {
|
|
1494
|
-
return null;
|
|
1495
|
-
}
|
|
1496
|
-
return authHeader.slice(BEARER_PREFIX.length);
|
|
1497
|
-
}
|
|
1498
|
-
function extractTokenFromCookie(request) {
|
|
1499
|
-
const cookieHeader = request.headers.get("Cookie") || void 0;
|
|
1500
|
-
if (!cookieHeader) {
|
|
1501
|
-
return null;
|
|
1502
|
-
}
|
|
1503
|
-
const cookies = cookieHeader.split(";").reduce(
|
|
1504
|
-
(acc, cookie) => {
|
|
1505
|
-
const [name, value] = cookie.trim().split("=");
|
|
1506
|
-
acc[name] = value;
|
|
1507
|
-
return acc;
|
|
1508
|
-
},
|
|
1509
|
-
{}
|
|
1510
|
-
);
|
|
1511
|
-
return cookies[AUTH_COOKIE_NAME] || null;
|
|
1512
|
-
}
|
|
1513
|
-
function hasAuthorizationHeader2(request) {
|
|
1514
|
-
return request.headers.has("Authorization");
|
|
1515
|
-
}
|
|
1516
|
-
async function authenticateRequest2(request, options) {
|
|
1517
|
-
async function authenticateRequestWithTokenInCookie() {
|
|
1518
|
-
const token = extractTokenFromCookie(request);
|
|
1519
|
-
if (!token) {
|
|
1520
|
-
return signedOut(AuthErrorReason.SessionTokenMissing);
|
|
1521
|
-
}
|
|
1522
|
-
const { data, errors } = await verifyToken(token, options);
|
|
1523
|
-
if (errors) {
|
|
1524
|
-
throw errors[0];
|
|
1525
|
-
}
|
|
1526
|
-
const signedInRequestState = signedIn(data, void 0, token);
|
|
1527
|
-
return signedInRequestState;
|
|
1528
|
-
}
|
|
1529
|
-
async function authenticateRequestWithTokenInHeader() {
|
|
1530
|
-
const token = extractTokenFromHeader(request);
|
|
1531
|
-
if (!token) {
|
|
1532
|
-
return signedOut(AuthErrorReason.SessionTokenMissing);
|
|
1533
|
-
}
|
|
1534
|
-
const { data, errors } = await verifyToken(token, options);
|
|
1535
|
-
if (errors) {
|
|
1536
|
-
throw errors[0];
|
|
1537
|
-
}
|
|
1538
|
-
const signedInRequestState = signedIn(data, void 0, token);
|
|
1539
|
-
return signedInRequestState;
|
|
1540
|
-
}
|
|
1541
|
-
if (hasAuthorizationHeader2(request)) {
|
|
1542
|
-
return authenticateRequestWithTokenInHeader();
|
|
1543
|
-
}
|
|
1544
|
-
return authenticateRequestWithTokenInCookie();
|
|
1545
|
-
}
|
|
1546
|
-
function createFireAuthenticateRequest(params) {
|
|
1547
|
-
const buildTimeOptions = mergePreDefinedOptions2(defaultFirebaseOptions, params.options);
|
|
1548
|
-
const handleAuthenticateRequest = (request, options = {}) => {
|
|
1549
|
-
const runtimeOptions = { ...buildTimeOptions, ...options };
|
|
1550
|
-
return authenticateRequest2(request, runtimeOptions);
|
|
1551
|
-
};
|
|
1552
|
-
return {
|
|
1553
|
-
authenticateRequest: handleAuthenticateRequest
|
|
1554
|
-
};
|
|
1555
|
-
}
|
|
1556
|
-
|
|
1557
|
-
// src/instance/backendFireInstance.ts
|
|
1558
|
-
function createFireClient(options) {
|
|
1559
|
-
const opts = { ...options };
|
|
1560
|
-
const apiClient = createFireApi(opts);
|
|
1561
|
-
const requestState = createFireAuthenticateRequest({ options: opts });
|
|
1562
|
-
return {
|
|
1563
|
-
...apiClient,
|
|
1564
|
-
...requestState
|
|
1565
|
-
};
|
|
1566
|
-
}
|
|
1567
|
-
|
|
1568
1536
|
// src/utils/logger.ts
|
|
1569
1537
|
var LogLevel = /* @__PURE__ */ ((LogLevel2) => {
|
|
1570
1538
|
LogLevel2[LogLevel2["ERROR"] = 0] = "ERROR";
|
|
@@ -1834,7 +1802,7 @@ function validateCheckRevokedOptions(options) {
|
|
|
1834
1802
|
constants,
|
|
1835
1803
|
createAdapter,
|
|
1836
1804
|
createBackendInstanceClient,
|
|
1837
|
-
|
|
1805
|
+
createRedirect,
|
|
1838
1806
|
createTernSecureRequest,
|
|
1839
1807
|
disableDebugLogging,
|
|
1840
1808
|
enableDebugLogging,
|