@tma.sh/sdk 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/auth.d.ts +5 -0
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/index.js +14 -3
- package/package.json +1 -1
package/dist/server/auth.d.ts
CHANGED
|
@@ -35,6 +35,11 @@ export interface RequireUserOptions {
|
|
|
35
35
|
* Hono middleware that verifies a JWT from the `Authorization: Bearer <token>`
|
|
36
36
|
* header using the TMA JWKS endpoint (or a custom one).
|
|
37
37
|
*
|
|
38
|
+
* When deployed via TMA, a `TMA_JWKS` environment binding is injected
|
|
39
|
+
* automatically so the middleware can verify tokens locally without a remote
|
|
40
|
+
* fetch to the JWKS endpoint. If the binding is not present (e.g. local dev)
|
|
41
|
+
* the middleware falls back to fetching the JWKS from the configured URL.
|
|
42
|
+
*
|
|
38
43
|
* On success the authenticated {@link UserContext} is available via
|
|
39
44
|
* `c.get('user')` in downstream handlers.
|
|
40
45
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/server/auth.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,SAAS,IAAI,aAAa,EAC1B,iBAAiB,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/server/auth.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,SAAS,IAAI,aAAa,EAC1B,iBAAiB,EAEjB,mBAAmB,EACpB,MAAM,MAAM,CAAC;AAOd;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE;QACT,IAAI,EAAE,WAAW,CAAC;KACnB,CAAC;CACH;AAED,iEAAiE;AACjE,KAAK,YAAY,GAAG,CAClB,eAAe,CAAC,EAAE,mBAAmB,EACrC,KAAK,CAAC,EAAE,iBAAiB,KACtB,OAAO,CAAC,aAAa,CAAC,CAAC;AAE5B;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IACjC,qEAAqE;IACrE,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,wEAAwE;IACxE,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC;CAC9B;AAYD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,WAAW,GAAI,UAAU,kBAAkB,0EAiDvD,CAAC"}
|
package/dist/server/index.js
CHANGED
|
@@ -1,10 +1,21 @@
|
|
|
1
1
|
// src/server/auth.ts
|
|
2
|
-
import { createRemoteJWKSet, jwtVerify } from "jose";
|
|
2
|
+
import { createLocalJWKSet, createRemoteJWKSet, jwtVerify } from "jose";
|
|
3
3
|
import { createMiddleware } from "hono/factory";
|
|
4
4
|
var DEFAULT_JWKS_URL = "https://api.tma.sh/.well-known/jwks.json";
|
|
5
5
|
var requireUser = (options) => {
|
|
6
|
-
|
|
6
|
+
let resolvedJwks = options?.jwks ?? null;
|
|
7
7
|
return createMiddleware(async (c, next) => {
|
|
8
|
+
if (!resolvedJwks) {
|
|
9
|
+
const env = c.env ?? {};
|
|
10
|
+
if (typeof env.TMA_JWKS === "string") {
|
|
11
|
+
const jwksData = JSON.parse(env.TMA_JWKS);
|
|
12
|
+
resolvedJwks = createLocalJWKSet(jwksData);
|
|
13
|
+
} else {
|
|
14
|
+
resolvedJwks = createRemoteJWKSet(
|
|
15
|
+
new URL(options?.jwksUrl ?? DEFAULT_JWKS_URL)
|
|
16
|
+
);
|
|
17
|
+
}
|
|
18
|
+
}
|
|
8
19
|
const authHeader = c.req.header("Authorization");
|
|
9
20
|
if (!authHeader?.startsWith("Bearer ")) {
|
|
10
21
|
return c.json({ error: "Unauthorized" }, 401);
|
|
@@ -14,7 +25,7 @@ var requireUser = (options) => {
|
|
|
14
25
|
return c.json({ error: "Unauthorized" }, 401);
|
|
15
26
|
}
|
|
16
27
|
try {
|
|
17
|
-
const { payload } = await jwtVerify(token,
|
|
28
|
+
const { payload } = await jwtVerify(token, resolvedJwks);
|
|
18
29
|
const user = {
|
|
19
30
|
telegramId: payload.telegramId,
|
|
20
31
|
firstName: payload.firstName,
|