auth-vir 3.0.0 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -46,6 +46,7 @@ export type BackendAuthClientConfig<DatabaseUser extends AnyObject, UserId exten
|
|
|
46
46
|
* their user identity. Otherwise, this is `undefined`.
|
|
47
47
|
*/
|
|
48
48
|
assumingUser: AssumedUserParams | undefined;
|
|
49
|
+
requestHeaders: Readonly<IncomingHttpHeaders>;
|
|
49
50
|
}) => MaybePromise<DatabaseUser | undefined | null>;
|
|
50
51
|
/**
|
|
51
52
|
* Get JWT keys produced by {@link generateNewJwtKeys}. Make sure that each time this is
|
|
@@ -152,10 +153,11 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
|
|
|
152
153
|
requestHeaders: Readonly<IncomingHttpHeaders> | undefined;
|
|
153
154
|
}): Promise<Readonly<CookieParams>>;
|
|
154
155
|
/** Calls the provided `getUserFromDatabase` config. */
|
|
155
|
-
protected getDatabaseUser({ isSignUpCookie, userId, assumingUser, }: {
|
|
156
|
+
protected getDatabaseUser({ isSignUpCookie, userId, assumingUser, requestHeaders, }: {
|
|
156
157
|
userId: UserId | undefined;
|
|
157
158
|
assumingUser: AssumedUserParams | undefined;
|
|
158
159
|
isSignUpCookie: boolean;
|
|
160
|
+
requestHeaders: IncomingHttpHeaders;
|
|
159
161
|
}): Promise<undefined | DatabaseUser>;
|
|
160
162
|
/** Creates a `'cookie-set'` header to refresh the user's session cookie. */
|
|
161
163
|
protected createCookieRefreshHeaders({ userIdResult, requestHeaders, }: {
|
|
@@ -163,9 +165,9 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
|
|
|
163
165
|
requestHeaders: IncomingHttpHeaders;
|
|
164
166
|
}): Promise<OutgoingHttpHeaders | undefined>;
|
|
165
167
|
/** Reads the user's assumed user headers and, if configured, gets the assumed user. */
|
|
166
|
-
protected getAssumedUser({
|
|
168
|
+
protected getAssumedUser({ requestHeaders, user, }: {
|
|
167
169
|
user: DatabaseUser;
|
|
168
|
-
|
|
170
|
+
requestHeaders: IncomingHttpHeaders;
|
|
169
171
|
}): Promise<DatabaseUser | undefined>;
|
|
170
172
|
/** Securely extract a user from their request headers. */
|
|
171
173
|
getSecureUser({ requestHeaders, isSignUpCookie, allowUserAuthRefresh, }: {
|
|
@@ -42,7 +42,7 @@ export class BackendAuthClient {
|
|
|
42
42
|
};
|
|
43
43
|
}
|
|
44
44
|
/** Calls the provided `getUserFromDatabase` config. */
|
|
45
|
-
async getDatabaseUser({ isSignUpCookie, userId, assumingUser, }) {
|
|
45
|
+
async getDatabaseUser({ isSignUpCookie, userId, assumingUser, requestHeaders, }) {
|
|
46
46
|
if (!userId) {
|
|
47
47
|
return undefined;
|
|
48
48
|
}
|
|
@@ -50,6 +50,7 @@ export class BackendAuthClient {
|
|
|
50
50
|
assumingUser,
|
|
51
51
|
userId,
|
|
52
52
|
isSignUpCookie,
|
|
53
|
+
requestHeaders,
|
|
53
54
|
});
|
|
54
55
|
if (!authenticatedUser) {
|
|
55
56
|
return undefined;
|
|
@@ -115,11 +116,11 @@ export class BackendAuthClient {
|
|
|
115
116
|
}
|
|
116
117
|
}
|
|
117
118
|
/** Reads the user's assumed user headers and, if configured, gets the assumed user. */
|
|
118
|
-
async getAssumedUser({
|
|
119
|
+
async getAssumedUser({ requestHeaders, user, }) {
|
|
119
120
|
if (!this.config.assumeUser || !(await this.config.assumeUser.canAssumeUser(user))) {
|
|
120
121
|
return undefined;
|
|
121
122
|
}
|
|
122
|
-
const assumedUserHeader = ensureArray(
|
|
123
|
+
const assumedUserHeader = ensureArray(requestHeaders[this.config.assumedUserHeaderName || AuthHeaderName.AssumedUser])[0];
|
|
123
124
|
if (!assumedUserHeader) {
|
|
124
125
|
return undefined;
|
|
125
126
|
}
|
|
@@ -131,6 +132,7 @@ export class BackendAuthClient {
|
|
|
131
132
|
isSignUpCookie: false,
|
|
132
133
|
userId: parsedAssumedUserData.userId,
|
|
133
134
|
assumingUser: parsedAssumedUserData.assumedUserParams,
|
|
135
|
+
requestHeaders,
|
|
134
136
|
});
|
|
135
137
|
return assumedUser;
|
|
136
138
|
}
|
|
@@ -144,12 +146,13 @@ export class BackendAuthClient {
|
|
|
144
146
|
userId: userIdResult.userId,
|
|
145
147
|
assumingUser: undefined,
|
|
146
148
|
isSignUpCookie,
|
|
149
|
+
requestHeaders,
|
|
147
150
|
});
|
|
148
151
|
if (!user) {
|
|
149
152
|
return undefined;
|
|
150
153
|
}
|
|
151
154
|
const assumedUser = await this.getAssumedUser({
|
|
152
|
-
|
|
155
|
+
requestHeaders,
|
|
153
156
|
user,
|
|
154
157
|
});
|
|
155
158
|
const cookieRefreshHeaders = (await this.createCookieRefreshHeaders({
|
|
@@ -259,6 +262,7 @@ export class BackendAuthClient {
|
|
|
259
262
|
isSignUpCookie: false,
|
|
260
263
|
userId: userIdResult.userId,
|
|
261
264
|
assumingUser: undefined,
|
|
265
|
+
requestHeaders,
|
|
262
266
|
});
|
|
263
267
|
if (!user) {
|
|
264
268
|
return undefined;
|
package/package.json
CHANGED
|
@@ -77,6 +77,7 @@ export type BackendAuthClientConfig<
|
|
|
77
77
|
* their user identity. Otherwise, this is `undefined`.
|
|
78
78
|
*/
|
|
79
79
|
assumingUser: AssumedUserParams | undefined;
|
|
80
|
+
requestHeaders: Readonly<IncomingHttpHeaders>;
|
|
80
81
|
}) => MaybePromise<DatabaseUser | undefined | null>;
|
|
81
82
|
/**
|
|
82
83
|
* Get JWT keys produced by {@link generateNewJwtKeys}. Make sure that each time this is
|
|
@@ -228,10 +229,12 @@ export class BackendAuthClient<
|
|
|
228
229
|
isSignUpCookie,
|
|
229
230
|
userId,
|
|
230
231
|
assumingUser,
|
|
232
|
+
requestHeaders,
|
|
231
233
|
}: {
|
|
232
234
|
userId: UserId | undefined;
|
|
233
235
|
assumingUser: AssumedUserParams | undefined;
|
|
234
236
|
isSignUpCookie: boolean;
|
|
237
|
+
requestHeaders: IncomingHttpHeaders;
|
|
235
238
|
}): Promise<undefined | DatabaseUser> {
|
|
236
239
|
if (!userId) {
|
|
237
240
|
return undefined;
|
|
@@ -241,6 +244,7 @@ export class BackendAuthClient<
|
|
|
241
244
|
assumingUser,
|
|
242
245
|
userId,
|
|
243
246
|
isSignUpCookie,
|
|
247
|
+
requestHeaders,
|
|
244
248
|
});
|
|
245
249
|
|
|
246
250
|
if (!authenticatedUser) {
|
|
@@ -329,18 +333,18 @@ export class BackendAuthClient<
|
|
|
329
333
|
|
|
330
334
|
/** Reads the user's assumed user headers and, if configured, gets the assumed user. */
|
|
331
335
|
protected async getAssumedUser({
|
|
332
|
-
|
|
336
|
+
requestHeaders,
|
|
333
337
|
user,
|
|
334
338
|
}: {
|
|
335
339
|
user: DatabaseUser;
|
|
336
|
-
|
|
340
|
+
requestHeaders: IncomingHttpHeaders;
|
|
337
341
|
}): Promise<DatabaseUser | undefined> {
|
|
338
342
|
if (!this.config.assumeUser || !(await this.config.assumeUser.canAssumeUser(user))) {
|
|
339
343
|
return undefined;
|
|
340
344
|
}
|
|
341
345
|
|
|
342
346
|
const assumedUserHeader: string | undefined = ensureArray(
|
|
343
|
-
|
|
347
|
+
requestHeaders[this.config.assumedUserHeaderName || AuthHeaderName.AssumedUser],
|
|
344
348
|
)[0];
|
|
345
349
|
|
|
346
350
|
if (!assumedUserHeader) {
|
|
@@ -358,6 +362,7 @@ export class BackendAuthClient<
|
|
|
358
362
|
isSignUpCookie: false,
|
|
359
363
|
userId: parsedAssumedUserData.userId,
|
|
360
364
|
assumingUser: parsedAssumedUserData.assumedUserParams,
|
|
365
|
+
requestHeaders,
|
|
361
366
|
});
|
|
362
367
|
|
|
363
368
|
return assumedUser;
|
|
@@ -392,6 +397,7 @@ export class BackendAuthClient<
|
|
|
392
397
|
userId: userIdResult.userId,
|
|
393
398
|
assumingUser: undefined,
|
|
394
399
|
isSignUpCookie,
|
|
400
|
+
requestHeaders,
|
|
395
401
|
});
|
|
396
402
|
|
|
397
403
|
if (!user) {
|
|
@@ -399,7 +405,7 @@ export class BackendAuthClient<
|
|
|
399
405
|
}
|
|
400
406
|
|
|
401
407
|
const assumedUser = await this.getAssumedUser({
|
|
402
|
-
|
|
408
|
+
requestHeaders,
|
|
403
409
|
user,
|
|
404
410
|
});
|
|
405
411
|
|
|
@@ -619,6 +625,7 @@ export class BackendAuthClient<
|
|
|
619
625
|
isSignUpCookie: false,
|
|
620
626
|
userId: userIdResult.userId,
|
|
621
627
|
assumingUser: undefined,
|
|
628
|
+
requestHeaders,
|
|
622
629
|
});
|
|
623
630
|
|
|
624
631
|
if (!user) {
|