ag-common 0.0.89 → 0.0.93

package/dist/api/helpers/validations.d.ts

@@ -1,7 +1,11 @@
 import { error } from '../../common/helpers/log';
 import { User } from '../../ui/helpers/jwt';
 import { APIGatewayProxyResult } from '../types';
-export declare const getAndValidateToken: ({ tokenRaw, COGNITO_USER_POOL_ID, }: {
+export declare const getAndValidateToken: ({ tokenRaw, jwksRegion, COGNITO_USER_POOL_ID, }: {
+    /**
+     * default ap-southeast-2
+     */
+    jwksRegion?: string | undefined;
     tokenRaw?: string | undefined;
     COGNITO_USER_POOL_ID: string;
 }) => Promise<{

package/dist/api/helpers/validations.js

@@ -19,9 +19,7 @@ const jsonwebtoken_1 = require("jsonwebtoken");
 const log_1 = require("../../common/helpers/log");
 const api_1 = require("./api");
 let jwksClient;
-const jwtVerify = ({ COGNITO_USER_POOL_ID, token, }) => __awaiter(void 0, void 0, void 0, function* () {
-    const jwksUri = `https://cognito-idp.ap-southeast-2.amazonaws.com/${COGNITO_USER_POOL_ID}/.well-known/jwks.json`;
-    const issuer = `https://cognito-idp.ap-southeast-2.amazonaws.com/${COGNITO_USER_POOL_ID}`;
+const jwtVerify = ({ token, jwksUri, issuer, }) => __awaiter(void 0, void 0, void 0, function* () {
     return new Promise((resolve, reject) => {
         (0, jsonwebtoken_1.verify)(token, (header, callback) => {
             if (!jwksClient) {
@@ -60,22 +58,39 @@ const jwtVerify = ({ COGNITO_USER_POOL_ID, token, }) => __awaiter(void 0, void 0
         });
     });
 });
-const getAndValidateToken = ({ tokenRaw, COGNITO_USER_POOL_ID, }) => __awaiter(void 0, void 0, void 0, function* () {
+const getAndValidateToken = ({ tokenRaw, jwksRegion = 'ap-southeast-2', COGNITO_USER_POOL_ID, }) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
+    const jwksUri = `https://cognito-idp.${jwksRegion}.amazonaws.com/${COGNITO_USER_POOL_ID}/.well-known/jwks.json`;
+    const issuer = `https://cognito-idp.${jwksRegion}.amazonaws.com/${COGNITO_USER_POOL_ID}`;
     let token = '';
     try {
         if (!tokenRaw) {
-            (0, log_1.error)('no auth headers');
+            const m = 'auth error: no auth headers';
+            (0, log_1.error)(m);
             return {
-                error: (0, api_1.returnCode)(403, 'auth failed'),
+                error: (0, api_1.returnCode)(403, m),
             };
         }
         token = tokenRaw.substring(tokenRaw.indexOf(' ') + 1);
+        if (!token) {
+            const m = 'auth error: no token';
+            (0, log_1.error)(m);
+            return {
+                error: (0, api_1.returnCode)(403, m),
+            };
+        }
         let subject;
         try {
-            yield jwtVerify({ token, COGNITO_USER_POOL_ID });
+            yield jwtVerify({ token, jwksUri, issuer });
             const decoded = (0, jsonwebtoken_1.decode)(token);
             (0, log_1.debug)(`decoded=${JSON.stringify(decoded, null, 2)}`);
+            if (!decoded.email) {
+                const m = 'auth error, no email';
+                (0, log_1.error)(m);
+                return {
+                    error: (0, api_1.returnCode)(403, m),
+                };
+            }
             subject = decoded === null || decoded === void 0 ? void 0 : decoded.sub;
             if (!subject) {
                 const mess = 'user should have responded with subject (sub) field';
@@ -96,12 +111,6 @@ const getAndValidateToken = ({ tokenRaw, COGNITO_USER_POOL_ID, }) => __awaiter(v
                 picture,
                 updatedAt: parseInt(`${decoded.auth_time}000`, 10),
             };
-            if (!userProfile || !token || !userProfile.userId) {
-                (0, log_1.error)('auth fail');
-                return {
-                    error: (0, api_1.returnCode)(403, 'auth fail'),
-                };
-            }
             return { token, userProfile };
         }
         catch (e) {
@@ -114,9 +123,10 @@ const getAndValidateToken = ({ tokenRaw, COGNITO_USER_POOL_ID, }) => __awaiter(v
         }
     }
     catch (e) {
-        (0, log_1.error)('auth error', e);
+        const m = 'auth error:' + JSON.stringify(e, null, 2);
+        (0, log_1.error)(m);
         return {
-            error: (0, api_1.returnCode)(403, 'auth fail'),
+            error: (0, api_1.returnCode)(403, m),
         };
     }
 });

package/dist/ui/helpers/cognito.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="react" />
 export declare type TOnMessage = (m: string, options?: {
     appearance: 'error' | 'success';
 }) => void;
@@ -12,20 +11,3 @@ export interface ICognitoAuth {
     cognitoRefresh: string;
     vendToken: string;
 }
-export interface ICognitoAuthProviderProps {
-    redirectUrl?: string;
-    location: {
-        pathname: string;
-        hash: string;
-        search: string;
-        origin: string;
-    };
-    goToPageUrl: ({ url, state, login, }: {
-        url: string;
-        state?: any;
-        login: boolean;
-    }) => Promise<void>;
-    children: JSX.Element | JSX.Element[];
-    config: ICognitoAuth;
-    onMessage?: TOnMessage;
-}

package/dist/ui/helpers/routes.d.ts

@@ -1,7 +1,5 @@
-/// <reference types="react" />
 import { TLang } from '../..';
-import { ICognitoAuth, ICognitoAuthProviderProps } from './cognito';
-import { AuthedUserContext } from './jwt';
+import { ICognitoAuth } from './cognito';
 export interface LocationSubset {
     pathname: string;
     hash: string;
@@ -30,7 +28,5 @@ export interface IRequestCommon {
 export interface IStateCommon<TRequest extends IRequestCommon> extends IInitialStateCommon {
     request: TRequest;
     auth: ICognitoAuth;
-    CognitoAuthContext: React.Context<AuthedUserContext>;
-    CognitoAuthProvider: (p: ICognitoAuthProviderProps) => JSX.Element;
     pushPath: (path: string) => Promise<void>;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ag-common",
-  "version": "0.0.89",
+  "version": "0.0.93",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "author": "Andrei Gec <@andreigec> (https://gec.dev/)",