@tern-secure/nextjs 5.2.0-canary.v20250919131424 → 5.2.0-canary.v20250926170202
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/admin/api/endpoints/abstract.js.map +1 -1
- package/dist/cjs/app-router/admin/{claude-authenticateRequestProcessor.js → c-authenticateRequestProcessor.js} +22 -7
- package/dist/cjs/app-router/admin/c-authenticateRequestProcessor.js.map +1 -0
- package/dist/cjs/app-router/admin/endpointRouter.js +10 -11
- package/dist/cjs/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/cjs/app-router/admin/fnValidators.js +10 -24
- package/dist/cjs/app-router/admin/fnValidators.js.map +1 -1
- package/dist/cjs/app-router/admin/index.js +0 -5
- package/dist/cjs/app-router/admin/index.js.map +1 -1
- package/dist/cjs/app-router/admin/sessionHandlers.js +83 -123
- package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/cjs/app-router/admin/ternsecureNextjsHandler.js +21 -34
- package/dist/cjs/app-router/admin/ternsecureNextjsHandler.js.map +1 -1
- package/dist/cjs/app-router/admin/types.js +83 -5
- package/dist/cjs/app-router/admin/types.js.map +1 -1
- package/dist/cjs/server/constant.js +4 -1
- package/dist/cjs/server/constant.js.map +1 -1
- package/dist/cjs/server/ternSecureEdgeMiddleware.js +1 -11
- package/dist/cjs/server/ternSecureEdgeMiddleware.js.map +1 -1
- package/dist/esm/app-router/admin/api/endpoints/abstract.js.map +1 -1
- package/dist/esm/app-router/admin/{claude-authenticateRequestProcessor.js → c-authenticateRequestProcessor.js} +19 -4
- package/dist/esm/app-router/admin/c-authenticateRequestProcessor.js.map +1 -0
- package/dist/esm/app-router/admin/endpointRouter.js +11 -12
- package/dist/esm/app-router/admin/endpointRouter.js.map +1 -1
- package/dist/esm/app-router/admin/fnValidators.js +10 -23
- package/dist/esm/app-router/admin/fnValidators.js.map +1 -1
- package/dist/esm/app-router/admin/index.js +0 -3
- package/dist/esm/app-router/admin/index.js.map +1 -1
- package/dist/esm/app-router/admin/sessionHandlers.js +82 -110
- package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/esm/app-router/admin/ternsecureNextjsHandler.js +22 -35
- package/dist/esm/app-router/admin/ternsecureNextjsHandler.js.map +1 -1
- package/dist/esm/app-router/admin/types.js +80 -4
- package/dist/esm/app-router/admin/types.js.map +1 -1
- package/dist/esm/server/constant.js +3 -1
- package/dist/esm/server/constant.js.map +1 -1
- package/dist/esm/server/ternSecureEdgeMiddleware.js +2 -12
- package/dist/esm/server/ternSecureEdgeMiddleware.js.map +1 -1
- package/dist/types/app-router/admin/api/endpoints/abstract.d.ts +6 -4
- package/dist/types/app-router/admin/api/endpoints/abstract.d.ts.map +1 -1
- package/dist/types/app-router/admin/{claude-authenticateRequestProcessor.d.ts → c-authenticateRequestProcessor.d.ts} +13 -5
- package/dist/types/app-router/admin/c-authenticateRequestProcessor.d.ts.map +1 -0
- package/dist/types/app-router/admin/endpointRouter.d.ts +7 -4
- package/dist/types/app-router/admin/endpointRouter.d.ts.map +1 -1
- package/dist/types/app-router/admin/fnValidators.d.ts +2 -11
- package/dist/types/app-router/admin/fnValidators.d.ts.map +1 -1
- package/dist/types/app-router/admin/index.d.ts +1 -3
- package/dist/types/app-router/admin/index.d.ts.map +1 -1
- package/dist/types/app-router/admin/sessionHandlers.d.ts +3 -24
- package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
- package/dist/types/app-router/admin/ternsecureNextjsHandler.d.ts.map +1 -1
- package/dist/types/app-router/admin/types.d.ts +40 -64
- package/dist/types/app-router/admin/types.d.ts.map +1 -1
- package/dist/types/server/constant.d.ts +2 -1
- package/dist/types/server/constant.d.ts.map +1 -1
- package/dist/types/server/ternSecureEdgeMiddleware.d.ts.map +1 -1
- package/package.json +5 -5
- package/dist/cjs/app-router/admin/claude-authenticateRequestProcessor.js.map +0 -1
- package/dist/cjs/app-router/admin/handlerUtils.js +0 -63
- package/dist/cjs/app-router/admin/handlerUtils.js.map +0 -1
- package/dist/esm/app-router/admin/claude-authenticateRequestProcessor.js.map +0 -1
- package/dist/esm/app-router/admin/handlerUtils.js +0 -38
- package/dist/esm/app-router/admin/handlerUtils.js.map +0 -1
- package/dist/types/app-router/admin/claude-authenticateRequestProcessor.d.ts.map +0 -1
- package/dist/types/app-router/admin/handlerUtils.d.ts +0 -19
- package/dist/types/app-router/admin/handlerUtils.d.ts.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie, createSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport { cookies } from 'next/headers';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { createApiErrorResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nexport async function sessionEndpointHandler(\n context: RequestProcessorContext,\n options: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method } = context;\n \n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = options.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const cookieStore = await cookies();\n const sessionCookie = cookieStore.get('_session_cookie')?.value;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const res = await createSessionCookie(idToken, cookieStore, options);\n return SessionResponseHelper.createSessionCreationResponse(res);\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await createSessionCookie(idToken, cookieStore, options);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAwD;AACxD,iBAAuC;AACvC,qBAAwB;AAExB,+BAAgC;AAEhC,0BAAiC;AACjC,uBAAkF;AAGlF,eAAsB,uBACpB,SACA,SACmB;AACnB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,QAAQ,WAAW;AAC1C,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,cAAc,UAAM,wBAAQ;AAClC,cAAM,gBAAgB,YAAY,IAAI,iBAAiB,GAAG;AAC1D,YAAI,CAAC,eAAe;AAClB,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,QAAI,mCAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,uCAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,iBAAiB;AAC/D,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,MAAM,UAAM,kCAAoBA,UAASD,cAAa,OAAO;AACnE,eAAO,uCAAsB,8BAA8B,GAAG;AAAA,MAChE,SAASE,QAAO;AACd,mBAAO,yCAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,qBAAiB,mCAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,qBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,UAAM,kCAAoBA,UAASD,cAAa,OAAO;AAC1E,eAAO,uCAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,mBAAO,yCAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,UAAM,iCAAmBA,YAAW;AAChD,aAAO,uCAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
|
|
@@ -21,52 +21,39 @@ __export(ternsecureNextjsHandler_exports, {
|
|
|
21
21
|
createTernSecureNextJsHandler: () => createTernSecureNextJsHandler
|
|
22
22
|
});
|
|
23
23
|
module.exports = __toCommonJS(ternsecureNextjsHandler_exports);
|
|
24
|
+
var import_backend = require("@tern-secure/backend");
|
|
25
|
+
var import_c_authenticateRequestProcessor = require("./c-authenticateRequestProcessor");
|
|
24
26
|
var import_constants = require("./constants");
|
|
25
27
|
var import_endpointRouter = require("./endpointRouter");
|
|
26
28
|
var import_fnValidators = require("./fnValidators");
|
|
27
|
-
var import_handlerUtils = require("./handlerUtils");
|
|
28
29
|
var import_responses = require("./responses");
|
|
29
30
|
var import_types = require("./types");
|
|
30
31
|
var import_utils = require("./utils");
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
};
|
|
41
|
-
}
|
|
32
|
+
function createHandlerConfig(options) {
|
|
33
|
+
const baseConfig = import_utils.ConfigUtils.mergeWithDefaults(
|
|
34
|
+
import_types.DEFAULT_HANDLER_OPTIONS,
|
|
35
|
+
options
|
|
36
|
+
);
|
|
37
|
+
return {
|
|
38
|
+
...baseConfig,
|
|
39
|
+
tenantId: import_constants.TENANT_ID
|
|
40
|
+
};
|
|
42
41
|
}
|
|
43
|
-
|
|
44
|
-
config;
|
|
45
|
-
|
|
46
|
-
this.config = config;
|
|
47
|
-
}
|
|
48
|
-
async handle(request) {
|
|
49
|
-
const handlerContext = import_handlerUtils.RequestContextBuilder.create(request);
|
|
50
|
-
const validationContext = (0, import_fnValidators.createRequestContext)(request);
|
|
42
|
+
function createTernSecureNextJsHandler(options) {
|
|
43
|
+
const config = createHandlerConfig(options);
|
|
44
|
+
const handler = async (request) => {
|
|
51
45
|
try {
|
|
52
|
-
const
|
|
53
|
-
|
|
54
|
-
|
|
46
|
+
const context = (0, import_c_authenticateRequestProcessor.createRequestProcessor)((0, import_backend.createTernSecureRequest)(request), options);
|
|
47
|
+
const { validateSecurity } = (0, import_fnValidators.createValidators)(context);
|
|
48
|
+
await validateSecurity(options.security || {});
|
|
49
|
+
if (!context.endpoint) {
|
|
50
|
+
return (0, import_responses.createApiErrorResponse)("ENDPOINT_REQUIRED", "Endpoint is required", 400);
|
|
55
51
|
}
|
|
56
|
-
return await import_endpointRouter.EndpointRouter.route(
|
|
52
|
+
return await import_endpointRouter.EndpointRouter.route(context, config);
|
|
57
53
|
} catch (error) {
|
|
58
54
|
return (0, import_responses.createApiErrorResponse)("INTERNAL_SERVER_ERROR", "Internal server error", 500);
|
|
59
55
|
}
|
|
60
|
-
}
|
|
61
|
-
async executeValidation(validationContext) {
|
|
62
|
-
const validationPipeline = new import_handlerUtils.ValidationPipeline(this.config, validationContext);
|
|
63
|
-
return validationPipeline.execute();
|
|
64
|
-
}
|
|
65
|
-
}
|
|
66
|
-
function createTernSecureNextJsHandler(options) {
|
|
67
|
-
const config = HandlerConfigFactory.create(options);
|
|
68
|
-
const requestHandler = new TernSecureRequestHandler(config);
|
|
69
|
-
const handler = async (request) => await requestHandler.handle(request);
|
|
56
|
+
};
|
|
70
57
|
return {
|
|
71
58
|
GET: handler,
|
|
72
59
|
POST: handler
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/ternsecureNextjsHandler.ts"],"sourcesContent":["\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/ternsecureNextjsHandler.ts"],"sourcesContent":["import { createTernSecureRequest } from '@tern-secure/backend';\n\nimport { createRequestProcessor } from './c-authenticateRequestProcessor';\nimport { TENANT_ID } from './constants';\nimport { EndpointRouter } from './endpointRouter';\nimport { createValidators } from './fnValidators';\nimport { createApiErrorResponse } from './responses';\nimport type { TernSecureHandlerOptions } from './types';\nimport { DEFAULT_HANDLER_OPTIONS } from './types';\nimport { ConfigUtils } from './utils';\n\nfunction createHandlerConfig(options?: TernSecureHandlerOptions): TernSecureHandlerOptions {\n const baseConfig: Required<TernSecureHandlerOptions> = ConfigUtils.mergeWithDefaults(\n DEFAULT_HANDLER_OPTIONS,\n options,\n );\n\n return {\n ...baseConfig,\n tenantId: TENANT_ID,\n };\n}\n\nexport function createTernSecureNextJsHandler(options: TernSecureHandlerOptions) {\n const config = createHandlerConfig(options);\n\n const handler = async (request: Request): Promise<Response> => {\n try {\n const context = createRequestProcessor(createTernSecureRequest(request), options);\n\n const { validateSecurity } = createValidators(context);\n await validateSecurity(options.security || {});\n\n if (!context.endpoint) {\n return createApiErrorResponse('ENDPOINT_REQUIRED', 'Endpoint is required', 400);\n }\n\n return await EndpointRouter.route(context, config);\n } catch (error) {\n return createApiErrorResponse('INTERNAL_SERVER_ERROR', 'Internal server error', 500);\n }\n };\n\n return {\n GET: handler,\n POST: handler,\n } as const;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAAwC;AAExC,4CAAuC;AACvC,uBAA0B;AAC1B,4BAA+B;AAC/B,0BAAiC;AACjC,uBAAuC;AAEvC,mBAAwC;AACxC,mBAA4B;AAE5B,SAAS,oBAAoB,SAA8D;AACzF,QAAM,aAAiD,yBAAY;AAAA,IACjE;AAAA,IACA;AAAA,EACF;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,EACZ;AACF;AAEO,SAAS,8BAA8B,SAAmC;AAC/E,QAAM,SAAS,oBAAoB,OAAO;AAE1C,QAAM,UAAU,OAAO,YAAwC;AAC7D,QAAI;AACF,YAAM,cAAU,kEAAuB,wCAAwB,OAAO,GAAG,OAAO;AAEhF,YAAM,EAAE,iBAAiB,QAAI,sCAAiB,OAAO;AACrD,YAAM,iBAAiB,QAAQ,YAAY,CAAC,CAAC;AAE7C,UAAI,CAAC,QAAQ,UAAU;AACrB,mBAAO,yCAAuB,qBAAqB,wBAAwB,GAAG;AAAA,MAChF;AAEA,aAAO,MAAM,qCAAe,MAAM,SAAS,MAAM;AAAA,IACnD,SAAS,OAAO;AACd,iBAAO,yCAAuB,yBAAyB,yBAAyB,GAAG;AAAA,IACrF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,EACR;AACF;","names":[]}
|
|
@@ -18,12 +18,14 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
19
|
var types_exports = {};
|
|
20
20
|
__export(types_exports, {
|
|
21
|
+
CookieUtils: () => CookieUtils,
|
|
21
22
|
DEFAULT_COOKIE_OPTIONS: () => DEFAULT_COOKIE_OPTIONS,
|
|
22
23
|
DEFAULT_CORS_OPTIONS: () => DEFAULT_CORS_OPTIONS,
|
|
23
24
|
DEFAULT_ENDPOINT_CONFIG: () => DEFAULT_ENDPOINT_CONFIG,
|
|
24
25
|
DEFAULT_HANDLER_OPTIONS: () => DEFAULT_HANDLER_OPTIONS,
|
|
25
26
|
DEFAULT_SECURITY_OPTIONS: () => DEFAULT_SECURITY_OPTIONS,
|
|
26
|
-
DEFAULT_SESSIONS_CONFIG: () => DEFAULT_SESSIONS_CONFIG
|
|
27
|
+
DEFAULT_SESSIONS_CONFIG: () => DEFAULT_SESSIONS_CONFIG,
|
|
28
|
+
FIXED_TOKEN_CONFIGS: () => FIXED_TOKEN_CONFIGS
|
|
27
29
|
});
|
|
28
30
|
module.exports = __toCommonJS(types_exports);
|
|
29
31
|
const DEFAULT_CORS_OPTIONS = {
|
|
@@ -35,12 +37,44 @@ const DEFAULT_CORS_OPTIONS = {
|
|
|
35
37
|
// 24 hours
|
|
36
38
|
};
|
|
37
39
|
const DEFAULT_COOKIE_OPTIONS = {
|
|
38
|
-
|
|
40
|
+
namePrefix: "__session",
|
|
39
41
|
path: "/",
|
|
40
42
|
httpOnly: true,
|
|
41
43
|
sameSite: "lax",
|
|
42
|
-
|
|
43
|
-
|
|
44
|
+
session: {
|
|
45
|
+
maxAge: 3600 * 24 * 7
|
|
46
|
+
// Default: 1 week (consumer can set 5 mins to 2 weeks)
|
|
47
|
+
}
|
|
48
|
+
};
|
|
49
|
+
const FIXED_TOKEN_CONFIGS = {
|
|
50
|
+
id: {
|
|
51
|
+
path: "/",
|
|
52
|
+
httpOnly: true,
|
|
53
|
+
sameSite: "lax",
|
|
54
|
+
maxAge: 3600
|
|
55
|
+
// 1 hour
|
|
56
|
+
},
|
|
57
|
+
refresh: {
|
|
58
|
+
path: "/",
|
|
59
|
+
httpOnly: true,
|
|
60
|
+
sameSite: "lax",
|
|
61
|
+
maxAge: 3600 * 24 * 30
|
|
62
|
+
// 30 days (changes when user events occur)
|
|
63
|
+
},
|
|
64
|
+
signature: {
|
|
65
|
+
path: "/",
|
|
66
|
+
httpOnly: true,
|
|
67
|
+
sameSite: "lax",
|
|
68
|
+
maxAge: 3600 * 24 * 7
|
|
69
|
+
// 1 week (as needed)
|
|
70
|
+
},
|
|
71
|
+
custom: {
|
|
72
|
+
path: "/",
|
|
73
|
+
httpOnly: true,
|
|
74
|
+
sameSite: "lax",
|
|
75
|
+
maxAge: 3600 * 24 * 7
|
|
76
|
+
// 1 week (as needed)
|
|
77
|
+
}
|
|
44
78
|
};
|
|
45
79
|
const DEFAULT_SECURITY_OPTIONS = {
|
|
46
80
|
requireCSRF: true,
|
|
@@ -110,17 +144,61 @@ const DEFAULT_HANDLER_OPTIONS = {
|
|
|
110
144
|
endpoints: {
|
|
111
145
|
sessions: DEFAULT_SESSIONS_CONFIG
|
|
112
146
|
},
|
|
147
|
+
tenantId: "",
|
|
148
|
+
enableCustomToken: false,
|
|
113
149
|
debug: false,
|
|
114
150
|
environment: "production",
|
|
115
151
|
basePath: "/api/auth"
|
|
116
152
|
};
|
|
153
|
+
class CookieUtils {
|
|
154
|
+
static getCookieName(namePrefix, tokenType) {
|
|
155
|
+
return `${namePrefix}.${tokenType}`;
|
|
156
|
+
}
|
|
157
|
+
static getCookieNames(namePrefix) {
|
|
158
|
+
return {
|
|
159
|
+
session: this.getCookieName(namePrefix, "session"),
|
|
160
|
+
id: this.getCookieName(namePrefix, "id"),
|
|
161
|
+
refresh: this.getCookieName(namePrefix, "refresh"),
|
|
162
|
+
signature: this.getCookieName(namePrefix, "signature"),
|
|
163
|
+
custom: this.getCookieName(namePrefix, "custom")
|
|
164
|
+
};
|
|
165
|
+
}
|
|
166
|
+
static getSessionConfig(cookieOptions) {
|
|
167
|
+
const sessionConfig = cookieOptions.session || {};
|
|
168
|
+
const defaultSession = DEFAULT_COOKIE_OPTIONS.session || {};
|
|
169
|
+
return {
|
|
170
|
+
domain: sessionConfig.domain ?? cookieOptions.domain,
|
|
171
|
+
path: sessionConfig.path ?? cookieOptions.path ?? "/",
|
|
172
|
+
httpOnly: sessionConfig.httpOnly ?? cookieOptions.httpOnly ?? true,
|
|
173
|
+
sameSite: sessionConfig.sameSite ?? cookieOptions.sameSite ?? "lax",
|
|
174
|
+
maxAge: sessionConfig.maxAge ?? defaultSession.maxAge ?? 3600 * 24 * 7
|
|
175
|
+
};
|
|
176
|
+
}
|
|
177
|
+
static getFixedTokenConfig(cookieOptions, tokenType) {
|
|
178
|
+
const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];
|
|
179
|
+
return {
|
|
180
|
+
domain: cookieOptions.domain,
|
|
181
|
+
path: fixedConfig.path,
|
|
182
|
+
httpOnly: fixedConfig.httpOnly,
|
|
183
|
+
sameSite: fixedConfig.sameSite,
|
|
184
|
+
maxAge: fixedConfig.maxAge
|
|
185
|
+
};
|
|
186
|
+
}
|
|
187
|
+
static validateSessionMaxAge(maxAge) {
|
|
188
|
+
const minAge = 300;
|
|
189
|
+
const maxAgeLimit = 3600 * 24 * 14;
|
|
190
|
+
return maxAge >= minAge && maxAge <= maxAgeLimit;
|
|
191
|
+
}
|
|
192
|
+
}
|
|
117
193
|
// Annotate the CommonJS export names for ESM import in node:
|
|
118
194
|
0 && (module.exports = {
|
|
195
|
+
CookieUtils,
|
|
119
196
|
DEFAULT_COOKIE_OPTIONS,
|
|
120
197
|
DEFAULT_CORS_OPTIONS,
|
|
121
198
|
DEFAULT_ENDPOINT_CONFIG,
|
|
122
199
|
DEFAULT_HANDLER_OPTIONS,
|
|
123
200
|
DEFAULT_SECURITY_OPTIONS,
|
|
124
|
-
DEFAULT_SESSIONS_CONFIG
|
|
201
|
+
DEFAULT_SESSIONS_CONFIG,
|
|
202
|
+
FIXED_TOKEN_CONFIGS
|
|
125
203
|
});
|
|
126
204
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import { type NextResponse } from 'next/server';\n\nexport
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig,\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_COOKIE_OPTIONS: CookieOptions = {\n namePrefix: '__session',\n path: '/',\n httpOnly: true,\n sameSite: 'lax',\n session: {\n maxAge: 3600 * 24 * 7, // Default: 1 week (consumer can set 5 mins to 2 weeks)\n },\n};\n\nexport const FIXED_TOKEN_CONFIGS = {\n id: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600, // 1 hour\n },\n refresh: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 30, // 30 days (changes when user events occur)\n },\n signature: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n custom: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n} as const;\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n requireCSRF: true,\n allowedReferers: [],\n requiredHeaders: {},\n ipWhitelist: [],\n userAgent: {\n block: [],\n allow: [],\n },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n enabled: true,\n methods: ['GET', 'POST'],\n requireAuth: false,\n security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n verify: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n createsession: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n },\n },\n refresh: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n revoke: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n cors: DEFAULT_CORS_OPTIONS,\n cookies: DEFAULT_COOKIE_OPTIONS,\n rateLimit: {\n windowMs: 15 * 60 * 1000, // 15 minutes\n maxRequests: 100,\n skipSuccessful: false,\n skipFailedRequests: false,\n },\n security: DEFAULT_SECURITY_OPTIONS,\n endpoints: {\n sessions: DEFAULT_SESSIONS_CONFIG,\n },\n tenantId: '',\n enableCustomToken: false,\n debug: false,\n environment: 'production',\n basePath: '/api/auth',\n};\n\nexport interface ValidationResult {\n error?: NextResponse;\n data?: any;\n}\n\nexport interface ValidationConfig {\n cors?: CorsOptions;\n security?: SecurityOptions;\n endpoint?: {\n name: AuthEndpoint;\n config: EndpointConfig;\n };\n subEndpoint?: {\n name: SessionSubEndpoint;\n config: EndpointConfig;\n };\n requireIdToken?: boolean;\n requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n isValid: boolean;\n error?: Response;\n corsResponse?: Response;\n sessionData?: {\n body: any;\n idToken?: string;\n csrfToken?: string;\n };\n}\n\nexport type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';\n\nexport class CookieUtils {\n static getCookieName(namePrefix: string, tokenType: suffix): string {\n return `${namePrefix}.${tokenType}`;\n }\n\n static getCookieNames(namePrefix: string) {\n return {\n session: this.getCookieName(namePrefix, 'session'),\n id: this.getCookieName(namePrefix, 'id'),\n refresh: this.getCookieName(namePrefix, 'refresh'),\n signature: this.getCookieName(namePrefix, 'signature'),\n custom: this.getCookieName(namePrefix, 'custom'),\n };\n }\n\n static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig {\n const sessionConfig = cookieOptions.session || {};\n const defaultSession = DEFAULT_COOKIE_OPTIONS.session || {};\n\n return {\n domain: sessionConfig.domain ?? cookieOptions.domain,\n path: sessionConfig.path ?? cookieOptions.path ?? '/',\n httpOnly: sessionConfig.httpOnly ?? cookieOptions.httpOnly ?? true,\n sameSite: sessionConfig.sameSite ?? cookieOptions.sameSite ?? 'lax',\n maxAge: sessionConfig.maxAge ?? defaultSession.maxAge ?? 3600 * 24 * 7,\n };\n }\n\n static getFixedTokenConfig(\n cookieOptions: CookieOptions,\n tokenType: Exclude<suffix, 'session'>,\n ): TokenCookieConfig {\n const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];\n\n return {\n domain: cookieOptions.domain,\n path: fixedConfig.path,\n httpOnly: fixedConfig.httpOnly,\n sameSite: fixedConfig.sameSite,\n maxAge: fixedConfig.maxAge,\n };\n }\n\n static validateSessionMaxAge(maxAge: number): boolean {\n const minAge = 300; // 5 minutes\n const maxAgeLimit = 3600 * 24 * 14; // 2 weeks\n return maxAge >= minAge && maxAge <= maxAgeLimit;\n }\n}\n\nexport {\n AuthEndpoint,\n CookieOptions,\n CorsOptions,\n SecurityOptions,\n SessionSubEndpoint,\n EndpointConfig,\n SessionEndpointConfig,\n TernSecureHandlerOptions,\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAaO,MAAM,uBAAoC;AAAA,EAC/C,gBAAgB,CAAC;AAAA,EACjB,gBAAgB,CAAC,OAAO,MAAM;AAAA,EAC9B,gBAAgB,CAAC,gBAAgB,iBAAiB,kBAAkB;AAAA,EACpE,kBAAkB;AAAA,EAClB,QAAQ;AAAA;AACV;AAEO,MAAM,yBAAwC;AAAA,EACnD,YAAY;AAAA,EACZ,MAAM;AAAA,EACN,UAAU;AAAA,EACV,UAAU;AAAA,EACV,SAAS;AAAA,IACP,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AACF;AAEO,MAAM,sBAAsB;AAAA,EACjC,IAAI;AAAA,IACF,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ;AAAA;AAAA,EACV;AAAA,EACA,SAAS;AAAA,IACP,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,WAAW;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AACF;AAEO,MAAM,2BAA4C;AAAA,EACvD,aAAa;AAAA,EACb,iBAAiB,CAAC;AAAA,EAClB,iBAAiB,CAAC;AAAA,EAClB,aAAa,CAAC;AAAA,EACd,WAAW;AAAA,IACT,OAAO,CAAC;AAAA,IACR,OAAO,CAAC;AAAA,EACV;AACF;AAEO,MAAM,0BAA0C;AAAA,EACrD,SAAS;AAAA,EACT,SAAS,CAAC,OAAO,MAAM;AAAA,EACvB,aAAa;AAAA,EACb,UAAU;AACZ;AAEO,MAAM,0BAAiD;AAAA,EAC5D,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAET;AAAA,EACF,MAAM;AAAA,EACN,SAAS;AAAA,EACT,WAAW;AAAA,IACT,UAAU,KAAK,KAAK;AAAA;AAAA,IACpB,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB;AAAA,EACA,UAAU;AAAA,EACV,WAAW;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA,UAAU;AAAA,EACV,mBAAmB;AAAA,EACnB,OAAO;AAAA,EACP,aAAa;AAAA,EACb,UAAU;AACZ;AAmCO,MAAM,YAAY;AAAA,EACvB,OAAO,cAAc,YAAoB,WAA2B;AAClE,WAAO,GAAG,UAAU,IAAI,SAAS;AAAA,EACnC;AAAA,EAEA,OAAO,eAAe,YAAoB;AACxC,WAAO;AAAA,MACL,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,IAAI,KAAK,cAAc,YAAY,IAAI;AAAA,MACvC,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,WAAW,KAAK,cAAc,YAAY,WAAW;AAAA,MACrD,QAAQ,KAAK,cAAc,YAAY,QAAQ;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB,eAAiD;AACvE,UAAM,gBAAgB,cAAc,WAAW,CAAC;AAChD,UAAM,iBAAiB,uBAAuB,WAAW,CAAC;AAE1D,WAAO;AAAA,MACL,QAAQ,cAAc,UAAU,cAAc;AAAA,MAC9C,MAAM,cAAc,QAAQ,cAAc,QAAQ;AAAA,MAClD,UAAU,cAAc,YAAY,cAAc,YAAY;AAAA,MAC9D,UAAU,cAAc,YAAY,cAAc,YAAY;AAAA,MAC9D,QAAQ,cAAc,UAAU,eAAe,UAAU,OAAO,KAAK;AAAA,IACvE;AAAA,EACF;AAAA,EAEA,OAAO,oBACL,eACA,WACmB;AACnB,UAAM,cAAc,oBAAoB,SAAS;AAEjD,WAAO;AAAA,MACL,QAAQ,cAAc;AAAA,MACtB,MAAM,YAAY;AAAA,MAClB,UAAU,YAAY;AAAA,MACtB,UAAU,YAAY;AAAA,MACtB,QAAQ,YAAY;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,OAAO,sBAAsB,QAAyB;AACpD,UAAM,SAAS;AACf,UAAM,cAAc,OAAO,KAAK;AAChC,WAAO,UAAU,UAAU,UAAU;AAAA,EACvC;AACF;","names":[]}
|
|
@@ -18,18 +18,21 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
19
|
var constant_exports = {};
|
|
20
20
|
__export(constant_exports, {
|
|
21
|
+
API_KEY: () => API_KEY,
|
|
21
22
|
API_URL: () => API_URL,
|
|
22
23
|
API_VERSION: () => API_VERSION,
|
|
23
24
|
SIGN_IN_URL: () => SIGN_IN_URL,
|
|
24
25
|
SIGN_UP_URL: () => SIGN_UP_URL
|
|
25
26
|
});
|
|
26
27
|
module.exports = __toCommonJS(constant_exports);
|
|
27
|
-
const
|
|
28
|
+
const API_KEY = process.env.NEXT_PUBLIC_FIREBASE_API_KEY || "";
|
|
29
|
+
const API_URL = process.env.TERNSECURE_API_URL || "";
|
|
28
30
|
const API_VERSION = process.env.TERNSECURE_API_VERSION || "v1";
|
|
29
31
|
const SIGN_IN_URL = process.env.NEXT_PUBLIC_SIGN_IN_URL || "";
|
|
30
32
|
const SIGN_UP_URL = process.env.NEXT_PUBLIC_SIGN_UP_URL || "";
|
|
31
33
|
// Annotate the CommonJS export names for ESM import in node:
|
|
32
34
|
0 && (module.exports = {
|
|
35
|
+
API_KEY,
|
|
33
36
|
API_URL,
|
|
34
37
|
API_VERSION,
|
|
35
38
|
SIGN_IN_URL,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/constant.ts"],"sourcesContent":["
|
|
1
|
+
{"version":3,"sources":["../../../src/server/constant.ts"],"sourcesContent":["export const API_KEY = process.env.NEXT_PUBLIC_FIREBASE_API_KEY || '';\nexport const API_URL = process.env.TERNSECURE_API_URL || '';\nexport const API_VERSION = process.env.TERNSECURE_API_VERSION || 'v1';\nexport const SIGN_IN_URL = process.env.NEXT_PUBLIC_SIGN_IN_URL || '';\nexport const SIGN_UP_URL = process.env.NEXT_PUBLIC_SIGN_UP_URL || '';"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,MAAM,UAAU,QAAQ,IAAI,gCAAgC;AAC5D,MAAM,UAAU,QAAQ,IAAI,sBAAsB;AAClD,MAAM,cAAc,QAAQ,IAAI,0BAA0B;AAC1D,MAAM,cAAc,QAAQ,IAAI,2BAA2B;AAC3D,MAAM,cAAc,QAAQ,IAAI,2BAA2B;","names":[]}
|
|
@@ -34,6 +34,7 @@ var import_protect = require("./protect");
|
|
|
34
34
|
var import_redirect = require("./redirect");
|
|
35
35
|
var import_utils = require("./utils");
|
|
36
36
|
const backendClientDefaultOptions = {
|
|
37
|
+
apiKey: import_constant.API_KEY,
|
|
37
38
|
apiUrl: import_constant.API_URL,
|
|
38
39
|
apiVersion: import_constant.API_VERSION
|
|
39
40
|
};
|
|
@@ -101,18 +102,7 @@ const ternSecureMiddleware = (...args) => {
|
|
|
101
102
|
(0, import_utils.decorateRequest)(ternSecureRequest, handlerResult, requestStateClient);
|
|
102
103
|
return handlerResult;
|
|
103
104
|
};
|
|
104
|
-
const fireNextMiddleware = async (request2) => {
|
|
105
|
-
console.log("[TernSecureMiddleware] Firebase Request URL:", request2.url);
|
|
106
|
-
if (isFirebaseCookieRequest(request2)) {
|
|
107
|
-
const options = typeof params === "function" ? await params(request2) : params;
|
|
108
|
-
rewriteFirebaseRequest(options, request2);
|
|
109
|
-
return handleFirebaseAuthRequest(request2);
|
|
110
|
-
}
|
|
111
|
-
};
|
|
112
105
|
const nextMiddleware = async (request2, event2) => {
|
|
113
|
-
if (isFirebaseRequest(request2)) {
|
|
114
|
-
return fireNextMiddleware(request2, event2);
|
|
115
|
-
}
|
|
116
106
|
return withAuthNextMiddleware(request2, event2);
|
|
117
107
|
};
|
|
118
108
|
if (request && event) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"sourcesContent":["import type {\r\n AuthObject,\r\n RequestOptions,\r\n TernSecureRequest,\r\n} from '@tern-secure/backend';\r\nimport {\r\n constants,\r\n createBackendInstanceClient,\r\n createTernSecureRequest,\r\n enableDebugLogging,\r\n} from '@tern-secure/backend';\r\nimport type {\r\n TernSecureConfig,\r\n} from '@tern-secure/types';\r\nimport { notFound as nextjsNotFound } from 'next/navigation';\r\nimport type { NextMiddleware,NextRequest } from 'next/server';\r\nimport { NextResponse } from 'next/server';\r\n\r\nimport { isRedirect, setHeader } from '../utils/response';\r\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\r\nimport { createEdgeCompatibleLogger } from '../utils/withLogger';\r\nimport { API_URL, API_VERSION,SIGN_IN_URL, SIGN_UP_URL } from './constant';\r\nimport {\r\n isNextjsNotFoundError,\r\n isNextjsRedirectError,\r\n isRedirectToSignInError,\r\n isRedirectToSignUpError,\r\n nextjsRedirectError,\r\n redirectToSignInError,\r\n redirectToSignUpError,\r\n} from './nextErrors';\r\nimport { type AuthProtect,createProtect } from './protect';\r\nimport { createRedirect, type RedirectFun } from './redirect';\r\nimport type {\r\n NextMiddlewareEvtParam,\r\n NextMiddlewareRequestParam,\r\n NextMiddlewareReturn,\r\n} from './types';\r\nimport { decorateRequest } from './utils';\r\n\r\nexport type MiddlewareAuthObject = AuthObject & {\r\n redirectToSignIn: RedirectFun<Response>;\r\n redirectToSignUp: RedirectFun<Response>;\r\n};\r\n\r\nexport interface MiddlewareAuth {\r\n (): Promise<MiddlewareAuthObject>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\ntype MiddlewareHandler = (\r\n auth: MiddlewareAuth,\r\n request: NextMiddlewareRequestParam,\r\n event: NextMiddlewareEvtParam,\r\n) => NextMiddlewareReturn;\r\n\r\nexport interface MiddlewareOptions extends RequestOptions {\r\n debug?: boolean;\r\n firebaseOptions?: TernSecureConfig;\r\n}\r\ntype MiddlewareOptionsCallback = (\r\n req: NextRequest,\r\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\r\n\r\ninterface TernSecureMiddleware {\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware(options);\r\n */\r\n (options?: MiddlewareOptions): NextMiddleware;\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware;\r\n */\r\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\r\n}\r\n\r\nconst backendClientDefaultOptions = {\r\n apiUrl: API_URL,\r\n apiVersion: API_VERSION,\r\n};\r\n\r\nconst ternSecureBackendClient = async () => {\r\n return createBackendClientWithOptions({});\r\n};\r\n\r\nconst createBackendClientWithOptions: typeof createBackendInstanceClient = options => {\r\n return createBackendInstanceClient({\r\n ...backendClientDefaultOptions,\r\n ...options,\r\n });\r\n};\r\n\r\nexport const ternSecureMiddleware = ((\r\n ...args: unknown[]\r\n): NextMiddleware | NextMiddlewareReturn => {\r\n const [request, event] = parseRequestAndEvent(args);\r\n const [handler, params] = parseHandlerAndOptions(args);\r\n\r\n const middleware = () => {\r\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\r\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\r\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\r\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\r\n\r\n const options = {\r\n signInUrl,\r\n signUpUrl,\r\n ...resolvedParams,\r\n };\r\n\r\n const logger = createEdgeCompatibleLogger(options.debug);\r\n\r\n if (options.debug) {\r\n enableDebugLogging();\r\n }\r\n\r\n //const { authObject, headers: authHeaders } =\r\n // await authenticateMiddlewareRequest(request, checkRevoked, logger);\r\n\r\n //const reqBackend = await createBackendInstanceEdge(request, checkRevoked);\r\n const reqBackendClient = await ternSecureBackendClient();\r\n //const requestState = reqBackend.requestState;\r\n //const authObject = requestState.auth();\r\n //const authHeaders = requestState.headers;\r\n\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n const requestStateClient = await reqBackendClient.authenticateRequest(\r\n ternSecureRequest,\r\n options,\r\n );\r\n\r\n const authObjectClient = requestStateClient.auth();\r\n\r\n const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const protect = await createMiddlewareProtect(\r\n ternSecureRequest,\r\n authObjectClient,\r\n redirectToSignIn,\r\n );\r\n\r\n const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\r\n redirectToSignIn,\r\n redirectToSignUp,\r\n });\r\n\r\n const authHandler = () => Promise.resolve(authObj);\r\n authHandler.protect = protect;\r\n\r\n let handlerResult: Response = NextResponse.next();\r\n\r\n try {\r\n const userHandlerResult = await handler?.(authHandler, request, event);\r\n handlerResult = userHandlerResult || handlerResult;\r\n } catch (error: any) {\r\n handlerResult = handleControlError(error, ternSecureRequest, request);\r\n }\r\n\r\n if (requestStateClient.headers) {\r\n requestStateClient.headers.forEach((value, key) => {\r\n handlerResult.headers.append(key, value);\r\n });\r\n }\r\n\r\n if (isRedirect(handlerResult)) {\r\n return serverRedirectWithAuth(ternSecureRequest, handlerResult);\r\n }\r\n\r\n decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\r\n return handlerResult;\r\n };\r\n\r\n const fireNextMiddleware: NextMiddleware = async (request) => {\r\n console.log('[TernSecureMiddleware] Firebase Request URL:', request.url);\r\n if (isFirebaseCookieRequest(request)) {\r\n const options = typeof params === 'function' ? await params(request) : params;\r\n rewriteFirebaseRequest(options, request);\r\n return handleFirebaseAuthRequest(request);\r\n }\r\n };\r\n\r\n const nextMiddleware: NextMiddleware = async (request, event) => {\r\n if (isFirebaseRequest(request)) {\r\n return fireNextMiddleware(request, event);\r\n }\r\n return withAuthNextMiddleware(request, event);\r\n };\r\n\r\n if (request && event) {\r\n return nextMiddleware(request, event);\r\n }\r\n\r\n return nextMiddleware;\r\n };\r\n return middleware();\r\n}) as TernSecureMiddleware;\r\n\r\nconst parseRequestAndEvent = (args: unknown[]) => {\r\n return [\r\n args[0] instanceof Request ? args[0] : undefined,\r\n args[0] instanceof Request ? args[1] : undefined,\r\n ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\r\n};\r\n\r\nconst parseHandlerAndOptions = (args: unknown[]) => {\r\n return [\r\n typeof args[0] === 'function' ? args[0] : undefined,\r\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\r\n ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\r\n};\r\n\r\nconst isFirebaseRequest = (request: NextMiddlewareRequestParam) =>\r\n request.nextUrl.pathname.startsWith('/__/');\r\n\r\nconst rewriteFirebaseRequest = (options: MiddlewareOptions, request: NextMiddlewareRequestParam) => {\r\n const newUrl = new URL(request.url);\r\n newUrl.host = options.firebaseOptions?.authDomain || '';\r\n newUrl.port = '';\r\n return NextResponse.rewrite(newUrl);\r\n}\r\n\r\nconst finalTarget = (request: NextMiddlewareRequestParam) => {\r\n const finalTargetUrl = request.nextUrl.searchParams.get('finalTarget');\r\n return finalTargetUrl ? new URL(finalTargetUrl, request.url) : undefined;\r\n};\r\n\r\nconst isFirebaseCookieRequest = (request: NextMiddlewareRequestParam) =>\r\n request.nextUrl.pathname === '/__cookies__';\r\n\r\n/**\r\n * Create middleware redirect functions\r\n */\r\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\r\n const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignInError(url, opts.returnBackUrl);\r\n };\r\n\r\n const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignUpError(url, opts.returnBackUrl);\r\n };\r\n\r\n return { redirectToSignIn, redirectToSignUp };\r\n};\r\n\r\nconst createMiddlewareProtect = (\r\n ternSecureRequest: TernSecureRequest,\r\n authObject: AuthObject,\r\n redirectToSignIn: RedirectFun<Response>,\r\n) => {\r\n return (async (params: any, options: any) => {\r\n const notFound = () => nextjsNotFound();\r\n\r\n const redirect = (url: string) =>\r\n nextjsRedirectError(url, {\r\n redirectUrl: url,\r\n });\r\n\r\n return createProtect({\r\n request: ternSecureRequest,\r\n redirect,\r\n notFound,\r\n authObject,\r\n redirectToSignIn,\r\n })(params, options);\r\n }) as unknown as Promise<AuthProtect>;\r\n};\r\n\r\nexport const redirectAdapter = (url: string | URL) => {\r\n return NextResponse.redirect(url, {\r\n headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\r\n });\r\n};\r\n\r\n/**\r\n * Handle control flow errors in middleware\r\n */\r\nconst handleControlError = (\r\n error: any,\r\n ternSecureRequest: TernSecureRequest,\r\n nextrequest: NextRequest,\r\n): Response => {\r\n if (isNextjsNotFoundError(error)) {\r\n return setHeader(\r\n NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\r\n constants.Headers.AuthReason,\r\n 'protect-rewrite',\r\n );\r\n }\r\n\r\n const isRedirectToSignIn = isRedirectToSignInError(error);\r\n const isRedirectToSignUp = isRedirectToSignUpError(error);\r\n\r\n if (isRedirectToSignIn || isRedirectToSignUp) {\r\n const redirect = createRedirect({\r\n redirectAdapter,\r\n baseUrl: ternSecureRequest.ternUrl,\r\n signInUrl: SIGN_IN_URL,\r\n signUpUrl: SIGN_UP_URL,\r\n });\r\n\r\n const { returnBackUrl } = error;\r\n\r\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\r\n returnBackUrl,\r\n });\r\n }\r\n\r\n if (isNextjsRedirectError(error)) {\r\n return redirectAdapter(error.redirectUrl);\r\n }\r\n\r\n throw error;\r\n};\r\n\r\nconst handleFirebaseAuthRequest = async (\r\n request: NextRequest,\r\n): Promise<NextResponse | null> => {\r\n\r\n console.log('Checking for __cookies__ path');\r\n\r\n const isDevMode = process.env.NODE_ENV === 'development';\r\n const ID_TOKEN_COOKIE_NAME = isDevMode ? `__dev_FIREBASE_[DEFAULT]` : `__HOST-FIREBASE_[DEFAULT]`;\r\n const REFRESH_TOKEN_COOKIE_NAME = isDevMode\r\n ? '__dev_FIREBASEID_[DEFAULT]'\r\n : `__HOST-FIREBASEID_[DEFAULT]`;\r\n const ID_TOKEN_COOKIE = {\r\n path: '/',\r\n secure: !isDevMode,\r\n sameSite: 'strict',\r\n partitioned: true,\r\n name: ID_TOKEN_COOKIE_NAME,\r\n maxAge: 34560000,\r\n priority: 'high',\r\n } as const;\r\n const REFRESH_TOKEN_COOKIE = {\r\n ...ID_TOKEN_COOKIE,\r\n httpOnly: true,\r\n name: REFRESH_TOKEN_COOKIE_NAME,\r\n } as const;\r\n\r\n if (request.nextUrl.pathname === '/__cookies__') {\r\n console.log('Handling /__cookies__ request');\r\n const method = request.method;\r\n if (method === 'DELETE') {\r\n const response = new NextResponse('');\r\n response.cookies.delete({ ...ID_TOKEN_COOKIE, maxAge: 0 });\r\n response.cookies.delete({ ...REFRESH_TOKEN_COOKIE, maxAge: 0 });\r\n return response;\r\n }\r\n\r\n const headers: Record<string, string> = {};\r\n const headerNames = [\r\n 'content-type',\r\n 'X-Firebase-Client',\r\n 'X-Firebase-gmpid',\r\n 'X-Firebase-AppCheck',\r\n 'X-Client-Version',\r\n ];\r\n\r\n headerNames.forEach(headerName => {\r\n const headerValue = request.headers.get(headerName);\r\n if (headerValue) {\r\n headers[headerName] = headerValue;\r\n }\r\n });\r\n\r\n const finalTargetParam = request.nextUrl.searchParams.get('finalTarget');\r\n\r\n const url = new URL(finalTargetParam || '');\r\n let body: ReadableStream<any> | string | null = request.body;\r\n\r\n const isTokenRequest = !!url.pathname.match(/^(\\/securetoken\\.googleapis\\.com)?\\/v1\\/token/);\r\n const isSignInRequest = !!url.pathname.match(\r\n /^(\\/identitytoolkit\\.googleapis\\.com)?\\/v1\\/accounts:signInWith/,\r\n );\r\n\r\n if (!isTokenRequest && !isSignInRequest)\r\n throw new Error('Could not determine the request type to proxy');\r\n\r\n if (isTokenRequest) {\r\n body = await request.text();\r\n const bodyParams = new URLSearchParams(body.trim());\r\n if (bodyParams.has('refresh_token')) {\r\n const refreshToken = request.cookies.get(REFRESH_TOKEN_COOKIE.name)?.value;\r\n if (refreshToken) {\r\n bodyParams.set('refresh_token', refreshToken);\r\n body = bodyParams.toString();\r\n }\r\n }\r\n }\r\n\r\n const response = await fetch(url, { method, body, headers });\r\n const json = await response.json();\r\n\r\n if (!response.ok) {\r\n return NextResponse.json(json, { status: response.status, statusText: response.statusText });\r\n }\r\n\r\n let refreshToken, idToken, maxAge;\r\n if (isSignInRequest) {\r\n refreshToken = json.refreshToken;\r\n idToken = json.idToken;\r\n maxAge = json.expiresIn;\r\n json.refreshToken = 'REDACTED';\r\n } else {\r\n refreshToken = json.refresh_token;\r\n idToken = json.id_token;\r\n maxAge = json.expires_in;\r\n json.refresh_token = 'REDACTED';\r\n }\r\n\r\n const nextResponse = NextResponse.json(json);\r\n if (idToken) nextResponse.cookies.set({ ...ID_TOKEN_COOKIE, maxAge, value: idToken });\r\n if (refreshToken) nextResponse.cookies.set({ ...REFRESH_TOKEN_COOKIE, value: refreshToken });\r\n return nextResponse;\r\n }\r\n return null;\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,qBAKO;AAIP,wBAA2C;AAE3C,oBAA6B;AAE7B,sBAAsC;AACtC,gCAAuC;AACvC,wBAA2C;AAC3C,sBAA8D;AAC9D,wBAQO;AACP,qBAA+C;AAC/C,sBAAiD;AAMjD,mBAAgC;AAoDhC,MAAM,8BAA8B;AAAA,EAClC,QAAQ;AAAA,EACR,YAAY;AACd;AAEA,MAAM,0BAA0B,YAAY;AAC1C,SAAO,+BAA+B,CAAC,CAAC;AAC1C;AAEA,MAAM,iCAAqE,aAAW;AACpF,aAAO,4CAA4B;AAAA,IACjC,GAAG;AAAA,IACH,GAAG;AAAA,EACL,CAAC;AACH;AAEO,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAC9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,aAAS,8CAA2B,QAAQ,KAAK;AAEvD,UAAI,QAAQ,OAAO;AACjB,+CAAmB;AAAA,MACrB;AAMA,YAAM,mBAAmB,MAAM,wBAAwB;AAKvD,YAAM,wBAAoB,wCAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,2BAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,QAAO;AAAA,MACtE;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,cAAI,4BAAW,aAAa,GAAG;AAC7B,mBAAO,kDAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,wCAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAEA,UAAM,qBAAqC,OAAOA,aAAY;AAC5D,cAAQ,IAAI,gDAAgDA,SAAQ,GAAG;AACvE,UAAI,wBAAwBA,QAAO,GAAG;AACpC,cAAM,UAAU,OAAO,WAAW,aAAa,MAAM,OAAOA,QAAO,IAAI;AACvE,+BAAuB,SAASA,QAAO;AACvC,eAAO,0BAA0BA,QAAO;AAAA,MAC1C;AAAA,IACF;AAEA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC9D,UAAI,kBAAkBD,QAAO,GAAG;AAC/B,eAAO,mBAAmBA,UAASC,MAAK;AAAA,MACzC;AACD,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAEA,MAAM,oBAAoB,CAAC,YACzB,QAAQ,QAAQ,SAAS,WAAW,MAAM;AAE5C,MAAM,yBAAyB,CAAC,SAA4B,YAAwC;AAClG,QAAM,SAAS,IAAI,IAAI,QAAQ,GAAG;AAClC,SAAO,OAAO,QAAQ,iBAAiB,cAAc;AACrD,SAAO,OAAO;AACd,SAAO,2BAAa,QAAQ,MAAM;AACpC;AAEA,MAAM,cAAc,CAAC,YAAwC;AAC3D,QAAM,iBAAiB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AACrE,SAAO,iBAAiB,IAAI,IAAI,gBAAgB,QAAQ,GAAG,IAAI;AACjE;AAEA,MAAM,0BAA0B,CAAC,YAC/B,QAAQ,QAAQ,aAAa;AAK/B,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,UAAM,kBAAAC,UAAe;AAEtC,UAAM,WAAW,CAAC,YAChB,uCAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,eAAO,8BAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,2BAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,yBAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,UAAI,yCAAsB,KAAK,GAAG;AAChC,eAAO;AAAA,MACL,2BAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,yBAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,yBAAqB,2CAAwB,KAAK;AACxD,QAAM,yBAAqB,2CAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,eAAW,gCAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,UAAI,yCAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;AAEA,MAAM,4BAA4B,OAChC,YACiC;AAEjC,UAAQ,IAAI,+BAA+B;AAE3C,QAAM,YAAY,QAAQ,IAAI,aAAa;AAC3C,QAAM,uBAAuB,YAAY,6BAA6B;AACtE,QAAM,4BAA4B,YAC9B,+BACA;AACJ,QAAM,kBAAkB;AAAA,IACtB,MAAM;AAAA,IACN,QAAQ,CAAC;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,EACZ;AACA,QAAM,uBAAuB;AAAA,IAC3B,GAAG;AAAA,IACH,UAAU;AAAA,IACV,MAAM;AAAA,EACR;AAEA,MAAI,QAAQ,QAAQ,aAAa,gBAAgB;AAC/C,YAAQ,IAAI,+BAA+B;AAC3C,UAAM,SAAS,QAAQ;AACvB,QAAI,WAAW,UAAU;AACvB,YAAMC,YAAW,IAAI,2BAAa,EAAE;AACpC,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,iBAAiB,QAAQ,EAAE,CAAC;AACzD,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,sBAAsB,QAAQ,EAAE,CAAC;AAC9D,aAAOA;AAAA,IACT;AAEA,UAAM,UAAkC,CAAC;AACrC,UAAM,cAAc;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,gBAAY,QAAQ,gBAAc;AAChC,YAAM,cAAc,QAAQ,QAAQ,IAAI,UAAU;AAClD,UAAI,aAAa;AACf,gBAAQ,UAAU,IAAI;AAAA,MACxB;AAAA,IACF,CAAC;AAED,UAAM,mBAAmB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AAEvE,UAAM,MAAM,IAAI,IAAI,oBAAoB,EAAE;AAC1C,QAAI,OAA4C,QAAQ;AAExD,UAAM,iBAAiB,CAAC,CAAC,IAAI,SAAS,MAAM,+CAA+C;AAC3F,UAAM,kBAAkB,CAAC,CAAC,IAAI,SAAS;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,CAAC,kBAAkB,CAAC;AACtB,YAAM,IAAI,MAAM,+CAA+C;AAEjE,QAAI,gBAAgB;AAClB,aAAO,MAAM,QAAQ,KAAK;AAC1B,YAAM,aAAa,IAAI,gBAAgB,KAAK,KAAK,CAAC;AAClD,UAAI,WAAW,IAAI,eAAe,GAAG;AACnC,cAAMC,gBAAe,QAAQ,QAAQ,IAAI,qBAAqB,IAAI,GAAG;AACrE,YAAIA,eAAc;AAChB,qBAAW,IAAI,iBAAiBA,aAAY;AAC5C,iBAAO,WAAW,SAAS;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK,EAAE,QAAQ,MAAM,QAAQ,CAAC;AAC3D,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,CAAC,SAAS,IAAI;AAChB,aAAO,2BAAa,KAAK,MAAM,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,WAAW,CAAC;AAAA,IAC7F;AAEA,QAAI,cAAc,SAAS;AAC3B,QAAI,iBAAiB;AACnB,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,eAAe;AAAA,IACtB,OAAO;AACL,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,gBAAgB;AAAA,IACvB;AAEA,UAAM,eAAe,2BAAa,KAAK,IAAI;AAC3C,QAAI,QAAS,cAAa,QAAQ,IAAI,EAAE,GAAG,iBAAiB,QAAQ,OAAO,QAAQ,CAAC;AACpF,QAAI,aAAc,cAAa,QAAQ,IAAI,EAAE,GAAG,sBAAsB,OAAO,aAAa,CAAC;AAC3F,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":["request","event","nextjsNotFound","response","refreshToken"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/server/ternSecureEdgeMiddleware.ts"],"sourcesContent":["import type {\r\n AuthObject,\r\n RequestOptions,\r\n TernSecureRequest,\r\n} from '@tern-secure/backend';\r\nimport {\r\n constants,\r\n createBackendInstanceClient,\r\n createTernSecureRequest,\r\n enableDebugLogging,\r\n} from '@tern-secure/backend';\r\nimport type {\r\n TernSecureConfig,\r\n} from '@tern-secure/types';\r\nimport { notFound as nextjsNotFound } from 'next/navigation';\r\nimport type { NextMiddleware,NextRequest } from 'next/server';\r\nimport { NextResponse } from 'next/server';\r\n\r\nimport { isRedirect, setHeader } from '../utils/response';\r\nimport { serverRedirectWithAuth } from '../utils/serverRedirectAuth';\r\nimport { createEdgeCompatibleLogger } from '../utils/withLogger';\r\nimport { API_KEY, API_URL, API_VERSION,SIGN_IN_URL, SIGN_UP_URL } from './constant';\r\nimport {\r\n isNextjsNotFoundError,\r\n isNextjsRedirectError,\r\n isRedirectToSignInError,\r\n isRedirectToSignUpError,\r\n nextjsRedirectError,\r\n redirectToSignInError,\r\n redirectToSignUpError,\r\n} from './nextErrors';\r\nimport { type AuthProtect,createProtect } from './protect';\r\nimport { createRedirect, type RedirectFun } from './redirect';\r\nimport type {\r\n NextMiddlewareEvtParam,\r\n NextMiddlewareRequestParam,\r\n NextMiddlewareReturn,\r\n} from './types';\r\nimport { decorateRequest } from './utils';\r\n\r\nexport type MiddlewareAuthObject = AuthObject & {\r\n redirectToSignIn: RedirectFun<Response>;\r\n redirectToSignUp: RedirectFun<Response>;\r\n};\r\n\r\nexport interface MiddlewareAuth {\r\n (): Promise<MiddlewareAuthObject>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\ntype MiddlewareHandler = (\r\n auth: MiddlewareAuth,\r\n request: NextMiddlewareRequestParam,\r\n event: NextMiddlewareEvtParam,\r\n) => NextMiddlewareReturn;\r\n\r\nexport interface MiddlewareOptions extends RequestOptions {\r\n debug?: boolean;\r\n firebaseOptions?: TernSecureConfig;\r\n}\r\ntype MiddlewareOptionsCallback = (\r\n req: NextRequest,\r\n) => MiddlewareOptions | Promise<MiddlewareOptions>;\r\n\r\ninterface TernSecureMiddleware {\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptions): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware((auth, request, event) => { ... }, (req) => options);\r\n */\r\n (handler: MiddlewareHandler, options?: MiddlewareOptionsCallback): NextMiddleware;\r\n\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware(options);\r\n */\r\n (options?: MiddlewareOptions): NextMiddleware;\r\n /**\r\n * @example\r\n * export default ternSecureMiddleware;\r\n */\r\n (request: NextMiddlewareRequestParam, event: NextMiddlewareEvtParam): NextMiddlewareReturn;\r\n}\r\n\r\nconst backendClientDefaultOptions = {\r\n apiKey: API_KEY,\r\n apiUrl: API_URL,\r\n apiVersion: API_VERSION,\r\n};\r\n\r\nconst ternSecureBackendClient = async () => {\r\n return createBackendClientWithOptions({});\r\n};\r\n\r\nconst createBackendClientWithOptions: typeof createBackendInstanceClient = options => {\r\n return createBackendInstanceClient({\r\n ...backendClientDefaultOptions,\r\n ...options,\r\n });\r\n};\r\n\r\nexport const ternSecureMiddleware = ((\r\n ...args: unknown[]\r\n): NextMiddleware | NextMiddlewareReturn => {\r\n const [request, event] = parseRequestAndEvent(args);\r\n const [handler, params] = parseHandlerAndOptions(args);\r\n\r\n const middleware = () => {\r\n const withAuthNextMiddleware: NextMiddleware = async (request, event) => {\r\n const resolvedParams = typeof params === 'function' ? await params(request) : params;\r\n const signInUrl = resolvedParams.signInUrl || SIGN_IN_URL;\r\n const signUpUrl = resolvedParams.signUpUrl || SIGN_UP_URL;\r\n\r\n const options = {\r\n signInUrl,\r\n signUpUrl,\r\n ...resolvedParams,\r\n };\r\n\r\n const logger = createEdgeCompatibleLogger(options.debug);\r\n\r\n if (options.debug) {\r\n enableDebugLogging();\r\n }\r\n\r\n //const { authObject, headers: authHeaders } =\r\n // await authenticateMiddlewareRequest(request, checkRevoked, logger);\r\n\r\n //const reqBackend = await createBackendInstanceEdge(request, checkRevoked);\r\n const reqBackendClient = await ternSecureBackendClient();\r\n //const requestState = reqBackend.requestState;\r\n //const authObject = requestState.auth();\r\n //const authHeaders = requestState.headers;\r\n\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n const requestStateClient = await reqBackendClient.authenticateRequest(\r\n ternSecureRequest,\r\n options,\r\n );\r\n\r\n const authObjectClient = requestStateClient.auth();\r\n\r\n const { redirectToSignIn } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const { redirectToSignUp } = createMiddlewareRedirects(ternSecureRequest);\r\n\r\n const protect = await createMiddlewareProtect(\r\n ternSecureRequest,\r\n authObjectClient,\r\n redirectToSignIn,\r\n );\r\n\r\n const authObj: MiddlewareAuthObject = Object.assign(authObjectClient, {\r\n redirectToSignIn,\r\n redirectToSignUp,\r\n });\r\n\r\n const authHandler = () => Promise.resolve(authObj);\r\n authHandler.protect = protect;\r\n\r\n let handlerResult: Response = NextResponse.next();\r\n\r\n try {\r\n const userHandlerResult = await handler?.(authHandler, request, event);\r\n handlerResult = userHandlerResult || handlerResult;\r\n } catch (error: any) {\r\n handlerResult = handleControlError(error, ternSecureRequest, request);\r\n }\r\n\r\n if (requestStateClient.headers) {\r\n requestStateClient.headers.forEach((value, key) => {\r\n handlerResult.headers.append(key, value);\r\n });\r\n }\r\n\r\n if (isRedirect(handlerResult)) {\r\n return serverRedirectWithAuth(ternSecureRequest, handlerResult);\r\n }\r\n\r\n decorateRequest(ternSecureRequest, handlerResult, requestStateClient);\r\n return handlerResult;\r\n };\r\n\r\n\r\n const nextMiddleware: NextMiddleware = async (request, event) => {\r\n return withAuthNextMiddleware(request, event);\r\n };\r\n\r\n if (request && event) {\r\n return nextMiddleware(request, event);\r\n }\r\n\r\n return nextMiddleware;\r\n };\r\n return middleware();\r\n}) as TernSecureMiddleware;\r\n\r\nconst parseRequestAndEvent = (args: unknown[]) => {\r\n return [\r\n args[0] instanceof Request ? args[0] : undefined,\r\n args[0] instanceof Request ? args[1] : undefined,\r\n ] as [NextMiddlewareRequestParam | undefined, NextMiddlewareEvtParam | undefined];\r\n};\r\n\r\nconst parseHandlerAndOptions = (args: unknown[]) => {\r\n return [\r\n typeof args[0] === 'function' ? args[0] : undefined,\r\n (args.length === 2 ? args[1] : typeof args[0] === 'function' ? {} : args[0]) || {},\r\n ] as [MiddlewareHandler | undefined, MiddlewareOptions | MiddlewareOptionsCallback];\r\n};\r\n\r\nconst isFirebaseRequest = (request: NextMiddlewareRequestParam) =>\r\n request.nextUrl.pathname.startsWith('/__/');\r\n\r\nconst rewriteFirebaseRequest = (options: MiddlewareOptions, request: NextMiddlewareRequestParam) => {\r\n const newUrl = new URL(request.url);\r\n newUrl.host = options.firebaseOptions?.authDomain || '';\r\n newUrl.port = '';\r\n return NextResponse.rewrite(newUrl);\r\n}\r\n\r\nconst finalTarget = (request: NextMiddlewareRequestParam) => {\r\n const finalTargetUrl = request.nextUrl.searchParams.get('finalTarget');\r\n return finalTargetUrl ? new URL(finalTargetUrl, request.url) : undefined;\r\n};\r\n\r\nconst isFirebaseCookieRequest = (request: NextMiddlewareRequestParam) =>\r\n request.nextUrl.pathname === '/__cookies__';\r\n\r\n/**\r\n * Create middleware redirect functions\r\n */\r\nconst createMiddlewareRedirects = (ternSecureRequest: TernSecureRequest) => {\r\n const redirectToSignIn: MiddlewareAuthObject['redirectToSignIn'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignInError(url, opts.returnBackUrl);\r\n };\r\n\r\n const redirectToSignUp: MiddlewareAuthObject['redirectToSignUp'] = (opts = {}) => {\r\n const url = ternSecureRequest.ternUrl.toString();\r\n redirectToSignUpError(url, opts.returnBackUrl);\r\n };\r\n\r\n return { redirectToSignIn, redirectToSignUp };\r\n};\r\n\r\nconst createMiddlewareProtect = (\r\n ternSecureRequest: TernSecureRequest,\r\n authObject: AuthObject,\r\n redirectToSignIn: RedirectFun<Response>,\r\n) => {\r\n return (async (params: any, options: any) => {\r\n const notFound = () => nextjsNotFound();\r\n\r\n const redirect = (url: string) =>\r\n nextjsRedirectError(url, {\r\n redirectUrl: url,\r\n });\r\n\r\n return createProtect({\r\n request: ternSecureRequest,\r\n redirect,\r\n notFound,\r\n authObject,\r\n redirectToSignIn,\r\n })(params, options);\r\n }) as unknown as Promise<AuthProtect>;\r\n};\r\n\r\nexport const redirectAdapter = (url: string | URL) => {\r\n return NextResponse.redirect(url, {\r\n headers: { [constants.Headers.TernSecureRedirectTo]: 'true' },\r\n });\r\n};\r\n\r\n/**\r\n * Handle control flow errors in middleware\r\n */\r\nconst handleControlError = (\r\n error: any,\r\n ternSecureRequest: TernSecureRequest,\r\n nextrequest: NextRequest,\r\n): Response => {\r\n if (isNextjsNotFoundError(error)) {\r\n return setHeader(\r\n NextResponse.rewrite(new URL(`/tern_${Date.now()}`, nextrequest.url)),\r\n constants.Headers.AuthReason,\r\n 'protect-rewrite',\r\n );\r\n }\r\n\r\n const isRedirectToSignIn = isRedirectToSignInError(error);\r\n const isRedirectToSignUp = isRedirectToSignUpError(error);\r\n\r\n if (isRedirectToSignIn || isRedirectToSignUp) {\r\n const redirect = createRedirect({\r\n redirectAdapter,\r\n baseUrl: ternSecureRequest.ternUrl,\r\n signInUrl: SIGN_IN_URL,\r\n signUpUrl: SIGN_UP_URL,\r\n });\r\n\r\n const { returnBackUrl } = error;\r\n\r\n return redirect[isRedirectToSignIn ? 'redirectToSignIn' : 'redirectToSignUp']({\r\n returnBackUrl,\r\n });\r\n }\r\n\r\n if (isNextjsRedirectError(error)) {\r\n return redirectAdapter(error.redirectUrl);\r\n }\r\n\r\n throw error;\r\n};\r\n\r\nconst handleFirebaseAuthRequest = async (\r\n request: NextRequest,\r\n): Promise<NextResponse | null> => {\r\n\r\n console.log('Checking for __cookies__ path');\r\n\r\n const isDevMode = process.env.NODE_ENV === 'development';\r\n const ID_TOKEN_COOKIE_NAME = isDevMode ? `__dev_FIREBASE_[DEFAULT]` : `__HOST-FIREBASE_[DEFAULT]`;\r\n const REFRESH_TOKEN_COOKIE_NAME = isDevMode\r\n ? '__dev_FIREBASEID_[DEFAULT]'\r\n : `__HOST-FIREBASEID_[DEFAULT]`;\r\n const ID_TOKEN_COOKIE = {\r\n path: '/',\r\n secure: !isDevMode,\r\n sameSite: 'strict',\r\n partitioned: true,\r\n name: ID_TOKEN_COOKIE_NAME,\r\n maxAge: 34560000,\r\n priority: 'high',\r\n } as const;\r\n const REFRESH_TOKEN_COOKIE = {\r\n ...ID_TOKEN_COOKIE,\r\n httpOnly: true,\r\n name: REFRESH_TOKEN_COOKIE_NAME,\r\n } as const;\r\n\r\n if (request.nextUrl.pathname === '/__cookies__') {\r\n console.log('Handling /__cookies__ request');\r\n const method = request.method;\r\n if (method === 'DELETE') {\r\n const response = new NextResponse('');\r\n response.cookies.delete({ ...ID_TOKEN_COOKIE, maxAge: 0 });\r\n response.cookies.delete({ ...REFRESH_TOKEN_COOKIE, maxAge: 0 });\r\n return response;\r\n }\r\n\r\n const headers: Record<string, string> = {};\r\n const headerNames = [\r\n 'content-type',\r\n 'X-Firebase-Client',\r\n 'X-Firebase-gmpid',\r\n 'X-Firebase-AppCheck',\r\n 'X-Client-Version',\r\n ];\r\n\r\n headerNames.forEach(headerName => {\r\n const headerValue = request.headers.get(headerName);\r\n if (headerValue) {\r\n headers[headerName] = headerValue;\r\n }\r\n });\r\n\r\n const finalTargetParam = request.nextUrl.searchParams.get('finalTarget');\r\n\r\n const url = new URL(finalTargetParam || '');\r\n let body: ReadableStream<any> | string | null = request.body;\r\n\r\n const isTokenRequest = !!url.pathname.match(/^(\\/securetoken\\.googleapis\\.com)?\\/v1\\/token/);\r\n const isSignInRequest = !!url.pathname.match(\r\n /^(\\/identitytoolkit\\.googleapis\\.com)?\\/v1\\/accounts:signInWith/,\r\n );\r\n\r\n if (!isTokenRequest && !isSignInRequest)\r\n throw new Error('Could not determine the request type to proxy');\r\n\r\n if (isTokenRequest) {\r\n body = await request.text();\r\n const bodyParams = new URLSearchParams(body.trim());\r\n if (bodyParams.has('refresh_token')) {\r\n const refreshToken = request.cookies.get(REFRESH_TOKEN_COOKIE.name)?.value;\r\n if (refreshToken) {\r\n bodyParams.set('refresh_token', refreshToken);\r\n body = bodyParams.toString();\r\n }\r\n }\r\n }\r\n\r\n const response = await fetch(url, { method, body, headers });\r\n const json = await response.json();\r\n\r\n if (!response.ok) {\r\n return NextResponse.json(json, { status: response.status, statusText: response.statusText });\r\n }\r\n\r\n let refreshToken, idToken, maxAge;\r\n if (isSignInRequest) {\r\n refreshToken = json.refreshToken;\r\n idToken = json.idToken;\r\n maxAge = json.expiresIn;\r\n json.refreshToken = 'REDACTED';\r\n } else {\r\n refreshToken = json.refresh_token;\r\n idToken = json.id_token;\r\n maxAge = json.expires_in;\r\n json.refresh_token = 'REDACTED';\r\n }\r\n\r\n const nextResponse = NextResponse.json(json);\r\n if (idToken) nextResponse.cookies.set({ ...ID_TOKEN_COOKIE, maxAge, value: idToken });\r\n if (refreshToken) nextResponse.cookies.set({ ...REFRESH_TOKEN_COOKIE, value: refreshToken });\r\n return nextResponse;\r\n }\r\n return null;\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,qBAKO;AAIP,wBAA2C;AAE3C,oBAA6B;AAE7B,sBAAsC;AACtC,gCAAuC;AACvC,wBAA2C;AAC3C,sBAAuE;AACvE,wBAQO;AACP,qBAA+C;AAC/C,sBAAiD;AAMjD,mBAAgC;AAoDhC,MAAM,8BAA8B;AAAA,EAClC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,YAAY;AACd;AAEA,MAAM,0BAA0B,YAAY;AAC1C,SAAO,+BAA+B,CAAC,CAAC;AAC1C;AAEA,MAAM,iCAAqE,aAAW;AACpF,aAAO,4CAA4B;AAAA,IACjC,GAAG;AAAA,IACH,GAAG;AAAA,EACL,CAAC;AACH;AAEO,MAAM,uBAAwB,IAChC,SACuC;AAC1C,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,aAAa,MAAM;AACvB,UAAM,yBAAyC,OAAOA,UAASC,WAAU;AACvE,YAAM,iBAAiB,OAAO,WAAW,aAAa,MAAM,OAAOD,QAAO,IAAI;AAC9E,YAAM,YAAY,eAAe,aAAa;AAC9C,YAAM,YAAY,eAAe,aAAa;AAE9C,YAAM,UAAU;AAAA,QACd;AAAA,QACA;AAAA,QACA,GAAG;AAAA,MACL;AAEA,YAAM,aAAS,8CAA2B,QAAQ,KAAK;AAEvD,UAAI,QAAQ,OAAO;AACjB,+CAAmB;AAAA,MACrB;AAMA,YAAM,mBAAmB,MAAM,wBAAwB;AAKvD,YAAM,wBAAoB,wCAAwBA,QAAO;AAEzD,YAAM,qBAAqB,MAAM,iBAAiB;AAAA,QAChD;AAAA,QACA;AAAA,MACF;AAEA,YAAM,mBAAmB,mBAAmB,KAAK;AAEjD,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,EAAE,iBAAiB,IAAI,0BAA0B,iBAAiB;AAExE,YAAM,UAAU,MAAM;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,YAAM,UAAgC,OAAO,OAAO,kBAAkB;AAAA,QACpE;AAAA,QACA;AAAA,MACF,CAAC;AAED,YAAM,cAAc,MAAM,QAAQ,QAAQ,OAAO;AACjD,kBAAY,UAAU;AAEtB,UAAI,gBAA0B,2BAAa,KAAK;AAEhD,UAAI;AACF,cAAM,oBAAoB,MAAM,UAAU,aAAaA,UAASC,MAAK;AACrE,wBAAgB,qBAAqB;AAAA,MACvC,SAAS,OAAY;AACnB,wBAAgB,mBAAmB,OAAO,mBAAmBD,QAAO;AAAA,MACtE;AAEA,UAAI,mBAAmB,SAAS;AAC9B,2BAAmB,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACjD,wBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,QACzC,CAAC;AAAA,MACH;AAEA,cAAI,4BAAW,aAAa,GAAG;AAC7B,mBAAO,kDAAuB,mBAAmB,aAAa;AAAA,MAChE;AAEA,wCAAgB,mBAAmB,eAAe,kBAAkB;AACpE,aAAO;AAAA,IACT;AAGA,UAAM,iBAAiC,OAAOA,UAASC,WAAU;AAC/D,aAAO,uBAAuBD,UAASC,MAAK;AAAA,IAC9C;AAEA,QAAI,WAAW,OAAO;AACpB,aAAO,eAAe,SAAS,KAAK;AAAA,IACtC;AAEA,WAAO;AAAA,EACT;AACA,SAAO,WAAW;AACpB;AAEA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AACF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,aAAa,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC;AAAA,EACnF;AACF;AAEA,MAAM,oBAAoB,CAAC,YACzB,QAAQ,QAAQ,SAAS,WAAW,MAAM;AAE5C,MAAM,yBAAyB,CAAC,SAA4B,YAAwC;AAClG,QAAM,SAAS,IAAI,IAAI,QAAQ,GAAG;AAClC,SAAO,OAAO,QAAQ,iBAAiB,cAAc;AACrD,SAAO,OAAO;AACd,SAAO,2BAAa,QAAQ,MAAM;AACpC;AAEA,MAAM,cAAc,CAAC,YAAwC;AAC3D,QAAM,iBAAiB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AACrE,SAAO,iBAAiB,IAAI,IAAI,gBAAgB,QAAQ,GAAG,IAAI;AACjE;AAEA,MAAM,0BAA0B,CAAC,YAC/B,QAAQ,QAAQ,aAAa;AAK/B,MAAM,4BAA4B,CAAC,sBAAyC;AAC1E,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,QAAM,mBAA6D,CAAC,OAAO,CAAC,MAAM;AAChF,UAAM,MAAM,kBAAkB,QAAQ,SAAS;AAC/C,iDAAsB,KAAK,KAAK,aAAa;AAAA,EAC/C;AAEA,SAAO,EAAE,kBAAkB,iBAAiB;AAC9C;AAEA,MAAM,0BAA0B,CAC9B,mBACA,YACA,qBACG;AACH,SAAQ,OAAO,QAAa,YAAiB;AAC3C,UAAM,WAAW,UAAM,kBAAAC,UAAe;AAEtC,UAAM,WAAW,CAAC,YAChB,uCAAoB,KAAK;AAAA,MACvB,aAAa;AAAA,IACf,CAAC;AAEH,eAAO,8BAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,QAAQ,OAAO;AAAA,EACpB;AACF;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,2BAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,yBAAU,QAAQ,oBAAoB,GAAG,OAAO;AAAA,EAC9D,CAAC;AACH;AAKA,MAAM,qBAAqB,CACzB,OACA,mBACA,gBACa;AACb,UAAI,yCAAsB,KAAK,GAAG;AAChC,eAAO;AAAA,MACL,2BAAa,QAAQ,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,IAAI,YAAY,GAAG,CAAC;AAAA,MACpE,yBAAU,QAAQ;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,yBAAqB,2CAAwB,KAAK;AACxD,QAAM,yBAAqB,2CAAwB,KAAK;AAExD,MAAI,sBAAsB,oBAAoB;AAC5C,UAAM,eAAW,gCAAe;AAAA,MAC9B;AAAA,MACA,SAAS,kBAAkB;AAAA,MAC3B,WAAW;AAAA,MACX,WAAW;AAAA,IACb,CAAC;AAED,UAAM,EAAE,cAAc,IAAI;AAE1B,WAAO,SAAS,qBAAqB,qBAAqB,kBAAkB,EAAE;AAAA,MAC5E;AAAA,IACF,CAAC;AAAA,EACH;AAEA,UAAI,yCAAsB,KAAK,GAAG;AAChC,WAAO,gBAAgB,MAAM,WAAW;AAAA,EAC1C;AAEA,QAAM;AACR;AAEA,MAAM,4BAA4B,OAChC,YACiC;AAEjC,UAAQ,IAAI,+BAA+B;AAE3C,QAAM,YAAY,QAAQ,IAAI,aAAa;AAC3C,QAAM,uBAAuB,YAAY,6BAA6B;AACtE,QAAM,4BAA4B,YAC9B,+BACA;AACJ,QAAM,kBAAkB;AAAA,IACtB,MAAM;AAAA,IACN,QAAQ,CAAC;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,MAAM;AAAA,IACN,QAAQ;AAAA,IACR,UAAU;AAAA,EACZ;AACA,QAAM,uBAAuB;AAAA,IAC3B,GAAG;AAAA,IACH,UAAU;AAAA,IACV,MAAM;AAAA,EACR;AAEA,MAAI,QAAQ,QAAQ,aAAa,gBAAgB;AAC/C,YAAQ,IAAI,+BAA+B;AAC3C,UAAM,SAAS,QAAQ;AACvB,QAAI,WAAW,UAAU;AACvB,YAAMC,YAAW,IAAI,2BAAa,EAAE;AACpC,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,iBAAiB,QAAQ,EAAE,CAAC;AACzD,MAAAA,UAAS,QAAQ,OAAO,EAAE,GAAG,sBAAsB,QAAQ,EAAE,CAAC;AAC9D,aAAOA;AAAA,IACT;AAEA,UAAM,UAAkC,CAAC;AACrC,UAAM,cAAc;AAAA,MACtB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,gBAAY,QAAQ,gBAAc;AAChC,YAAM,cAAc,QAAQ,QAAQ,IAAI,UAAU;AAClD,UAAI,aAAa;AACf,gBAAQ,UAAU,IAAI;AAAA,MACxB;AAAA,IACF,CAAC;AAED,UAAM,mBAAmB,QAAQ,QAAQ,aAAa,IAAI,aAAa;AAEvE,UAAM,MAAM,IAAI,IAAI,oBAAoB,EAAE;AAC1C,QAAI,OAA4C,QAAQ;AAExD,UAAM,iBAAiB,CAAC,CAAC,IAAI,SAAS,MAAM,+CAA+C;AAC3F,UAAM,kBAAkB,CAAC,CAAC,IAAI,SAAS;AAAA,MACrC;AAAA,IACF;AAEA,QAAI,CAAC,kBAAkB,CAAC;AACtB,YAAM,IAAI,MAAM,+CAA+C;AAEjE,QAAI,gBAAgB;AAClB,aAAO,MAAM,QAAQ,KAAK;AAC1B,YAAM,aAAa,IAAI,gBAAgB,KAAK,KAAK,CAAC;AAClD,UAAI,WAAW,IAAI,eAAe,GAAG;AACnC,cAAMC,gBAAe,QAAQ,QAAQ,IAAI,qBAAqB,IAAI,GAAG;AACrE,YAAIA,eAAc;AAChB,qBAAW,IAAI,iBAAiBA,aAAY;AAC5C,iBAAO,WAAW,SAAS;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,MAAM,KAAK,EAAE,QAAQ,MAAM,QAAQ,CAAC;AAC3D,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,CAAC,SAAS,IAAI;AAChB,aAAO,2BAAa,KAAK,MAAM,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,WAAW,CAAC;AAAA,IAC7F;AAEA,QAAI,cAAc,SAAS;AAC3B,QAAI,iBAAiB;AACnB,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,eAAe;AAAA,IACtB,OAAO;AACL,qBAAe,KAAK;AACpB,gBAAU,KAAK;AACf,eAAS,KAAK;AACd,WAAK,gBAAgB;AAAA,IACvB;AAEA,UAAM,eAAe,2BAAa,KAAK,IAAI;AAC3C,QAAI,QAAS,cAAa,QAAQ,IAAI,EAAE,GAAG,iBAAiB,QAAQ,OAAO,QAAQ,CAAC;AACpF,QAAI,aAAc,cAAa,QAAQ,IAAI,EAAE,GAAG,sBAAsB,OAAO,aAAa,CAAC;AAC3F,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":["request","event","nextjsNotFound","response","refreshToken"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../../../src/app-router/admin/api/endpoints/abstract.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n SessionSubEndpoint,\n
|
|
1
|
+
{"version":3,"sources":["../../../../../../src/app-router/admin/api/endpoints/abstract.ts"],"sourcesContent":["import type { RequestProcessorContext } from '../../c-authenticateRequestProcessor';\nimport type {\n AuthEndpoint,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n} from '../../types';\n\nexport interface HandlerContext {\n request: Request;\n pathSegments: string[];\n endpoint: AuthEndpoint;\n subEndpoint: SessionSubEndpoint;\n method: string;\n requestProcessorContext: RequestProcessorContext;\n}\n\nexport interface EndpointHandler {\n canHandle(endpoint: AuthEndpoint): boolean;\n handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response>;\n}\n\nexport abstract class BaseEndpointHandler implements EndpointHandler {\n abstract canHandle(endpoint: AuthEndpoint): boolean;\n abstract handle(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n ): Promise<Response>;\n\n protected validateMethod(allowedMethods: string[], method: string): boolean {\n return allowedMethods.includes(method);\n }\n\n protected validateSubEndpoint(\n subEndpoint: SessionSubEndpoint | undefined,\n requiredSubEndpoint?: boolean,\n ): boolean {\n if (requiredSubEndpoint) {\n return subEndpoint !== undefined;\n }\n return true;\n }\n}"],"mappings":"AAwBO,MAAe,oBAA+C;AAAA,EAOzD,eAAe,gBAA0B,QAAyB;AAC1E,WAAO,eAAe,SAAS,MAAM;AAAA,EACvC;AAAA,EAEU,oBACR,aACA,qBACS;AACT,QAAI,qBAAqB;AACvB,aAAO,gBAAgB;AAAA,IACzB;AACA,WAAO;AAAA,EACT;AACF;","names":[]}
|
|
@@ -5,8 +5,13 @@ class RequestProcessorContext {
|
|
|
5
5
|
this.options = options;
|
|
6
6
|
this.initHeaderValues();
|
|
7
7
|
this.initCookieValues();
|
|
8
|
+
this.initUrlValues();
|
|
9
|
+
Object.assign(this, options);
|
|
8
10
|
this.ternUrl = this.ternSecureRequest.ternUrl;
|
|
9
11
|
}
|
|
12
|
+
get request() {
|
|
13
|
+
return this.ternSecureRequest;
|
|
14
|
+
}
|
|
10
15
|
initHeaderValues() {
|
|
11
16
|
this.sessionTokenInHeader = this.parseAuthorizationHeader(
|
|
12
17
|
this.getHeader(constants.Headers.Authorization)
|
|
@@ -21,10 +26,20 @@ class RequestProcessorContext {
|
|
|
21
26
|
this.accept = this.getHeader(constants.Headers.Accept);
|
|
22
27
|
}
|
|
23
28
|
initCookieValues() {
|
|
29
|
+
const namePrefix = this.options.cookies?.namePrefix;
|
|
30
|
+
const isProduction = process.env.NODE_ENV === "production";
|
|
31
|
+
const defaultPrefix = isProduction ? "__HOST-" : "__dev_";
|
|
32
|
+
this.sessionTokenInCookie = this.getCookie(constants.Cookies.Session);
|
|
33
|
+
this.idTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.IdToken}`);
|
|
34
|
+
this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);
|
|
24
35
|
this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);
|
|
36
|
+
this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);
|
|
25
37
|
}
|
|
26
|
-
|
|
27
|
-
|
|
38
|
+
initUrlValues() {
|
|
39
|
+
this.method = this.ternSecureRequest.method;
|
|
40
|
+
this.pathSegments = this.ternSecureRequest.ternUrl.pathname.split("/").filter(Boolean);
|
|
41
|
+
this.endpoint = this.pathSegments[2];
|
|
42
|
+
this.subEndpoint = this.pathSegments[3];
|
|
28
43
|
}
|
|
29
44
|
getHeader(name) {
|
|
30
45
|
return this.ternSecureRequest.headers.get(name) || void 0;
|
|
@@ -46,10 +61,10 @@ class RequestProcessorContext {
|
|
|
46
61
|
return void 0;
|
|
47
62
|
}
|
|
48
63
|
}
|
|
49
|
-
const createRequestProcessor =
|
|
64
|
+
const createRequestProcessor = (ternSecureRequest, options) => {
|
|
50
65
|
return new RequestProcessorContext(ternSecureRequest, options);
|
|
51
66
|
};
|
|
52
67
|
export {
|
|
53
68
|
createRequestProcessor
|
|
54
69
|
};
|
|
55
|
-
//# sourceMappingURL=
|
|
70
|
+
//# sourceMappingURL=c-authenticateRequestProcessor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/c-authenticateRequestProcessor.ts"],"sourcesContent":["import type { TernSecureRequest } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\n\nimport type { AuthEndpoint, SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\n/**\n * Request context for better type safety and clarity\n */\ninterface RequestProcessorContext extends TernSecureHandlerOptions {\n // header-based values\n sessionTokenInHeader: string | undefined;\n origin: string | undefined;\n host: string | undefined;\n forwardedHost: string | undefined;\n forwardedProto: string | undefined;\n referrer: string | undefined;\n userAgent: string | undefined;\n secFetchDest: string | undefined;\n accept: string | undefined;\n\n // cookie-based values\n idTokenInCookie: string | undefined;\n refreshTokenInCookie: string | undefined;\n csrfTokenInCookie: string | undefined;\n sessionTokenInCookie?: string | undefined;\n customTokenInCookie?: string | undefined;\n\n method: string;\n pathSegments: string[];\n endpoint?: AuthEndpoint;\n subEndpoint?: SessionSubEndpoint;\n\n ternUrl: URL;\n instanceType: string;\n}\n\n/**\n * Request processor utility class for common operations\n */\nclass RequestProcessorContext implements RequestProcessorContext {\n public constructor(\n private ternSecureRequest: TernSecureRequest,\n private options: TernSecureHandlerOptions,\n ) {\n this.initHeaderValues();\n this.initCookieValues();\n this.initUrlValues();\n Object.assign(this, options);\n this.ternUrl = this.ternSecureRequest.ternUrl;\n }\n\n public get request(): TernSecureRequest {\n return this.ternSecureRequest;\n }\n\n private initHeaderValues() {\n this.sessionTokenInHeader = this.parseAuthorizationHeader(\n this.getHeader(constants.Headers.Authorization),\n );\n this.origin = this.getHeader(constants.Headers.Origin);\n this.host = this.getHeader(constants.Headers.Host);\n this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);\n this.forwardedProto =\n this.getHeader(constants.Headers.CloudFrontForwardedProto) ||\n this.getHeader(constants.Headers.ForwardedProto);\n this.referrer = this.getHeader(constants.Headers.Referrer);\n this.userAgent = this.getHeader(constants.Headers.UserAgent);\n this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);\n this.accept = this.getHeader(constants.Headers.Accept);\n }\n\n private initCookieValues() {\n // Consumer-controlled session cookie using namePrefix\n const namePrefix = this.options.cookies?.namePrefix;\n const isProduction = process.env.NODE_ENV === 'production';\n const defaultPrefix = isProduction ? '__HOST-' : '__dev_';\n this.sessionTokenInCookie = this.getCookie(constants.Cookies.Session);\n\n // System-fixed cookies using backend constants\n this.idTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.IdToken}`);\n this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);\n this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);\n this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);\n }\n\n private initUrlValues() {\n this.method = this.ternSecureRequest.method;\n this.pathSegments = this.ternSecureRequest.ternUrl.pathname.split('/').filter(Boolean);\n this.endpoint = this.pathSegments[2] as AuthEndpoint;\n this.subEndpoint = this.pathSegments[3] as SessionSubEndpoint;\n }\n\n private getHeader(name: string) {\n return this.ternSecureRequest.headers.get(name) || undefined;\n }\n\n private getCookie(name: string) {\n return this.ternSecureRequest.cookies.get(name) || undefined;\n }\n\n private parseAuthorizationHeader(\n authorizationHeader: string | undefined | null,\n ): string | undefined {\n if (!authorizationHeader) {\n return undefined;\n }\n\n const [scheme, token] = authorizationHeader.split(' ', 2);\n\n if (!token) {\n // No scheme specified, treat the entire value as the token\n return scheme;\n }\n\n if (scheme === 'Bearer') {\n return token;\n }\n\n // Skip all other schemes\n return undefined;\n }\n}\n\nexport type { RequestProcessorContext };\n\nexport const createRequestProcessor = (\n ternSecureRequest: TernSecureRequest,\n options: TernSecureHandlerOptions,\n): RequestProcessorContext => {\n return new RequestProcessorContext(ternSecureRequest, options);\n};\n"],"mappings":"AACA,SAAS,iBAAiB;AAsC1B,MAAM,wBAA2D;AAAA,EACxD,YACG,mBACA,SACR;AAFQ;AACA;AAER,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AACnB,WAAO,OAAO,MAAM,OAAO;AAC3B,SAAK,UAAU,KAAK,kBAAkB;AAAA,EACxC;AAAA,EAEA,IAAW,UAA6B;AACtC,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,mBAAmB;AACzB,SAAK,uBAAuB,KAAK;AAAA,MAC/B,KAAK,UAAU,UAAU,QAAQ,aAAa;AAAA,IAChD;AACA,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AACrD,SAAK,OAAO,KAAK,UAAU,UAAU,QAAQ,IAAI;AACjD,SAAK,gBAAgB,KAAK,UAAU,UAAU,QAAQ,aAAa;AACnE,SAAK,iBACH,KAAK,UAAU,UAAU,QAAQ,wBAAwB,KACzD,KAAK,UAAU,UAAU,QAAQ,cAAc;AACjD,SAAK,WAAW,KAAK,UAAU,UAAU,QAAQ,QAAQ;AACzD,SAAK,YAAY,KAAK,UAAU,UAAU,QAAQ,SAAS;AAC3D,SAAK,eAAe,KAAK,UAAU,UAAU,QAAQ,YAAY;AACjE,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AAAA,EACvD;AAAA,EAEQ,mBAAmB;AAEzB,UAAM,aAAa,KAAK,QAAQ,SAAS;AACzC,UAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,UAAM,gBAAgB,eAAe,YAAY;AACjD,SAAK,uBAAuB,KAAK,UAAU,UAAU,QAAQ,OAAO;AAGpE,SAAK,kBAAkB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACpF,SAAK,uBAAuB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACzF,SAAK,oBAAoB,KAAK,UAAU,UAAU,QAAQ,SAAS;AACnE,SAAK,sBAAsB,KAAK,UAAU,UAAU,QAAQ,MAAM;AAAA,EACpE;AAAA,EAEQ,gBAAgB;AACtB,SAAK,SAAS,KAAK,kBAAkB;AACrC,SAAK,eAAe,KAAK,kBAAkB,QAAQ,SAAS,MAAM,GAAG,EAAE,OAAO,OAAO;AACrF,SAAK,WAAW,KAAK,aAAa,CAAC;AACnC,SAAK,cAAc,KAAK,aAAa,CAAC;AAAA,EACxC;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,yBACN,qBACoB;AACpB,QAAI,CAAC,qBAAqB;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,QAAQ,KAAK,IAAI,oBAAoB,MAAM,KAAK,CAAC;AAExD,QAAI,CAAC,OAAO;AAEV,aAAO;AAAA,IACT;AAEA,QAAI,WAAW,UAAU;AACvB,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT;AACF;AAIO,MAAM,yBAAyB,CACpC,mBACA,YAC4B;AAC5B,SAAO,IAAI,wBAAwB,mBAAmB,OAAO;AAC/D;","names":[]}
|
|
@@ -1,36 +1,35 @@
|
|
|
1
1
|
import { createApiErrorResponse } from "./responses";
|
|
2
|
-
import {
|
|
2
|
+
import { sessionEndpointHandler } from "./sessionHandlers";
|
|
3
3
|
class SessionsHandler {
|
|
4
4
|
canHandle(endpoint) {
|
|
5
5
|
return endpoint === "sessions";
|
|
6
6
|
}
|
|
7
|
-
async handle(
|
|
8
|
-
|
|
9
|
-
return await SessionEndpointHandler.handle(request, method, subEndpoint, config);
|
|
7
|
+
async handle(context, config) {
|
|
8
|
+
return await sessionEndpointHandler(context, config);
|
|
10
9
|
}
|
|
11
10
|
}
|
|
12
11
|
class UsersHandler {
|
|
13
12
|
canHandle(endpoint) {
|
|
14
13
|
return endpoint === "users";
|
|
15
14
|
}
|
|
16
|
-
handle(
|
|
15
|
+
handle(_context, _config) {
|
|
17
16
|
return Promise.resolve(
|
|
18
17
|
createApiErrorResponse("ENDPOINT_NOT_IMPLEMENTED", "Users endpoint not implemented", 501)
|
|
19
18
|
);
|
|
20
19
|
}
|
|
21
20
|
}
|
|
22
21
|
class EndpointRouter {
|
|
23
|
-
static handlers = [
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
22
|
+
static handlers = [new SessionsHandler(), new UsersHandler()];
|
|
23
|
+
static async route(context, config) {
|
|
24
|
+
const { endpoint } = context;
|
|
25
|
+
if (!endpoint) {
|
|
26
|
+
return createApiErrorResponse("ENDPOINT_REQUIRED", "Endpoint is required", 400);
|
|
27
|
+
}
|
|
29
28
|
const handler = this.handlers.find((h) => h.canHandle(endpoint));
|
|
30
29
|
if (!handler) {
|
|
31
30
|
return createApiErrorResponse("ENDPOINT_NOT_FOUND", "Endpoint not found", 404);
|
|
32
31
|
}
|
|
33
|
-
return handler.handle(
|
|
32
|
+
return handler.handle(context, config);
|
|
34
33
|
}
|
|
35
34
|
static addHandler(handler) {
|
|
36
35
|
this.handlers.push(handler);
|