authhero 0.2.1 → 0.2.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "authhero",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "main": "dist/authhero.cjs",
   "types": "dist/authhero.d.ts",
   "module": "dist/authhero.mjs",
@@ -19,7 +19,8 @@
   },
   "dependencies": {
     "@hono/zod-openapi": "^0.14.5",
-    "hono": "^4.4.10"
+    "hono": "^4.4.10",
+    "@authhero/adapter-interfaces": "^0.9.2"
   },
   "scripts": {
     "dev": "bun --watch src/bun.ts",

package/src/hooks/index.ts

@@ -0,0 +1,29 @@
+import { DataAdapters, User } from "@authhero/adapter-interfaces";
+import { linkUsersHook } from "./link-users";
+import { postUserRegistrationWebhook } from "./webhooks";
+import { Context } from "hono";
+import { Bindings, Variables } from "../types";
+
+function createUserHooks(
+  ctx: Context<{ Bindings: Bindings; Variables: Variables }>,
+  data: DataAdapters,
+) {
+  return async (tenant_id: string, user: User) => {
+    // Check for existing user with the same email and if so link the users
+    let result = await linkUsersHook(data)(tenant_id, user);
+    // Invoke post-user-registration webhooks
+    await postUserRegistrationWebhook(ctx, data)(tenant_id, result);
+
+    return result;
+  };
+}
+
+export function addDataHooks(
+  ctx: Context<{ Bindings: Bindings; Variables: Variables }>,
+  data: DataAdapters,
+): DataAdapters {
+  return {
+    ...data,
+    users: { ...data.users, create: createUserHooks(ctx, data) },
+  };
+}

package/src/hooks/link-users.ts

@@ -0,0 +1,31 @@
+import { DataAdapters, User } from "@authhero/adapter-interfaces";
+import { getPrimaryUserByEmail } from "../utils/users";
+
+export function linkUsersHook(data: DataAdapters) {
+  return async (tenant_id: string, user: User): Promise<User> => {
+    // If the user does not have an email or the email is not verified, return the user
+    if (!user.email || !user.email_verified) {
+      return data.users.create(tenant_id, user);
+    }
+
+    // Search for a user with the same email
+    const primaryUser = await getPrimaryUserByEmail({
+      userAdapter: data.users,
+      tenant_id,
+      email: user.email,
+    });
+
+    // If no user with the same email exists, return the user
+    if (!primaryUser) {
+      return data.users.create(tenant_id, user);
+    }
+
+    await data.users.create(tenant_id, {
+      ...user,
+      linked_to: primaryUser.user_id,
+    });
+
+    // TODO: add the new user to the identities
+    return primaryUser;
+  };
+}

package/src/hooks/webhooks.ts

@@ -0,0 +1,77 @@
+import {
+  DataAdapters,
+  Hook,
+  LogTypes,
+  User,
+} from "@authhero/adapter-interfaces";
+// import { createLogMessage } from "../utils/create-log-message";
+import { Context } from "hono";
+import { Variables, Bindings } from "../types";
+
+async function invokeHooks(
+  ctx: Context<{ Bindings: Bindings; Variables: Variables }>,
+  hooks: Hook[],
+  data: any,
+) {
+  for await (const hook of hooks) {
+    const response = await fetch(hook.url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify(data),
+    });
+
+    if (!response.ok) {
+      // const log = createLogMessage(ctx, {
+      //   type: LogTypes.FAILED_LOGIN_INCORRECT_PASSWORD,
+      //   description: "Invalid password",
+      // });
+      // await data.logs.create(ctx.var.tenant_id, log);
+    }
+  }
+}
+
+export function postUserRegistrationWebhook(
+  ctx: Context<{ Bindings: Bindings; Variables: Variables }>,
+  data: DataAdapters,
+) {
+  return async (tenant_id: string, user: User): Promise<User> => {
+    const { hooks } = await data.hooks.list(tenant_id, {
+      q: "trigger_id:post-user-registration",
+      page: 0,
+      per_page: 100,
+      include_totals: false,
+    });
+
+    await invokeHooks(ctx, hooks, {
+      tenant_id,
+      user,
+      trigger_id: "post-user-registration",
+    });
+
+    return user;
+  };
+}
+
+export function postUserLoginWebhook(
+  ctx: Context<{ Bindings: Bindings; Variables: Variables }>,
+  data: DataAdapters,
+) {
+  return async (tenant_id: string, user: User): Promise<User> => {
+    const { hooks } = await data.hooks.list(tenant_id, {
+      q: "trigger_id:post-user-login",
+      page: 0,
+      per_page: 100,
+      include_totals: false,
+    });
+
+    await invokeHooks(ctx, hooks, {
+      tenant_id,
+      user,
+      trigger_id: "post-user-login",
+    });
+
+    return user;
+  };
+}

package/src/index.ts

@@ -2,16 +2,23 @@ import { OpenAPIHono } from "@hono/zod-openapi";
 import { Context } from "hono";
 import { Bindings, Variables } from "./types";
 import { wellKnownRoutes } from "./routes/oauth2";
+import createManagementApi from "./management-app";
+import { DataAdapters } from "@authhero/adapter-interfaces";
 
-export interface AuthHeroConfig {}
+export interface AuthHeroConfig {
+  dataAdapter: DataAdapters;
+}
 
-export function init() {
+export function init(options: AuthHeroConfig) {
   const rootApp = new OpenAPIHono<{ Bindings: Bindings }>();
 
   rootApp.get("/", (ctx: Context) => {
     return ctx.text("Hello, authhero!");
   });
 
+  const managementApp = createManagementApi(options);
+  rootApp.route("/api/v2", managementApp);
+
   /**
    * The oauth routes
    */

package/src/management-app.ts

@@ -0,0 +1,55 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { Bindings, Variables } from "./types";
+import { addDataHooks } from "./hooks";
+// import { brandingRoutes } from "./routes/management-api/branding";
+// import { domainRoutes } from "./routes/management-api/domains";
+// import { userRoutes } from "./routes/management-api/users";
+// import { keyRoutes } from "./routes/management-api/keys";
+// import { usersByEmailRoutes } from "./routes/management-api/users-by-email";
+// import { applicationRoutes } from "./routes/management-api/applications";
+import { tenantRoutes } from "./routes/management-api/tenants";
+// import { logRoutes } from "./routes/management-api/logs";
+// import { hooksRoutes } from "./routes/management-api/hooks";
+// import { connectionRoutes } from "./routes/management-api/connections";
+import { registerComponent } from "./middlewares/register-component";
+import { DataAdapters } from "@authhero/adapter-interfaces";
+
+export interface CreateAuthParams {
+  dataAdapter: DataAdapters;
+}
+
+export default function create(params: CreateAuthParams) {
+  const app = new OpenAPIHono<{
+    Bindings: Bindings;
+    Variables: Variables;
+  }>();
+
+  app.use(async (ctx, next) => {
+    ctx.env.data = addDataHooks(ctx, params.dataAdapter);
+    return next();
+  });
+
+  const managementApp = app
+    // .route("/api/v2/branding", brandingRoutes)
+    // .route("/api/v2/domains", domainRoutes)
+    // .route("/api/v2/users", userRoutes)
+    // .route("/api/v2/keys/signing", keyRoutes)
+    // .route("/api/v2/users-by-email", usersByEmailRoutes)
+    // .route("/api/v2/applications", applicationRoutes)
+    .route("/api/v2/tenants", tenantRoutes);
+  // .route("/api/v2/logs", logRoutes)
+  // .route("/api/v2/hooks", hooksRoutes)
+  // .route("/api/v2/connections", connectionRoutes);
+
+  registerComponent(managementApp);
+
+  managementApp.doc("/api/v2/spec", {
+    openapi: "3.0.0",
+    info: {
+      version: "1.0.0",
+      title: "Management api",
+    },
+  });
+
+  return managementApp;
+}

package/src/middlewares/register-component.ts

@@ -0,0 +1,36 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { Context, Next } from "hono";
+import { Bindings, Variables } from "../types";
+
+let inititated = false;
+
+/**
+ * This registers the security scheme for the application. As it uses an environment variable, it can only be registered once the first request arrives.
+ * @param app
+ */
+export function registerComponent(
+  app: OpenAPIHono<{ Bindings: Bindings; Variables: Variables }>,
+) {
+  app.use(async (ctx: Context<{ Bindings: Bindings }>, next: Next) => {
+    if (!inititated) {
+      app.openAPIRegistry.registerComponent("securitySchemes", "Bearer", {
+        type: "oauth2",
+        scheme: "bearer",
+        flows: {
+          implicit: {
+            authorizationUrl: `${ctx.env.AUTH_URL}/authorize`,
+            scopes: {
+              openid: "Basic user information",
+              email: "User email",
+              profile: "User profile information",
+            },
+          },
+        },
+      });
+
+      inititated = true;
+    }
+
+    return await next();
+  });
+}

package/src/routes/management-api/tenants.ts

@@ -0,0 +1,224 @@
+import { OpenAPIHono, createRoute, z } from "@hono/zod-openapi";
+import { HTTPException } from "hono/http-exception";
+import { Bindings } from "../../types";
+import { querySchema } from "../../types";
+import { parseSort } from "../../utils/parse-sort";
+// import authenticationMiddleware from "../../middlewares/authentication";
+import {
+  tenantInsertSchema,
+  tenantSchema,
+  totalsSchema,
+} from "@authhero/adapter-interfaces";
+
+const tenantsWithTotalsSchema = totalsSchema.extend({
+  tenants: z.array(tenantSchema),
+});
+
+export const tenantRoutes = new OpenAPIHono<{ Bindings: Bindings }>()
+  // --------------------------------
+  // GET /tenants
+  // --------------------------------
+  .openapi(
+    createRoute({
+      tags: ["tenants"],
+      method: "get",
+      path: "/",
+      request: {
+        query: querySchema,
+      },
+      // middleware: [authenticationMiddleware({ scopes: ["auth:read"] })],
+      security: [
+        {
+          Bearer: ["auth:read"],
+        },
+      ],
+      responses: {
+        200: {
+          content: {
+            "tenant/json": {
+              schema: z.union([z.array(tenantSchema), tenantsWithTotalsSchema]),
+            },
+          },
+          description: "List of tenants",
+        },
+      },
+    }),
+    async (ctx) => {
+      const { page, per_page, include_totals, sort, q } =
+        ctx.req.valid("query");
+
+      const result = await ctx.env.data.tenants.list({
+        page,
+        per_page,
+        include_totals,
+        sort: parseSort(sort),
+        q,
+      });
+
+      if (include_totals) {
+        return ctx.json(result);
+      }
+
+      return ctx.json(result.tenants);
+    },
+  )
+  // --------------------------------
+  // GET /tenants/:id
+  // --------------------------------
+  .openapi(
+    createRoute({
+      tags: ["tenants"],
+      method: "get",
+      path: "/{id}",
+      request: {
+        params: z.object({
+          id: z.string(),
+        }),
+      },
+      // middleware: [authenticationMiddleware({ scopes: ["auth:read"] })],
+      security: [
+        {
+          Bearer: ["auth:read"],
+        },
+      ],
+      responses: {
+        200: {
+          content: {
+            "tenant/json": {
+              schema: tenantSchema,
+            },
+          },
+          description: "A tenant",
+        },
+      },
+    }),
+    async (ctx) => {
+      const { id } = ctx.req.valid("param");
+
+      const tenant = await ctx.env.data.tenants.get(id);
+
+      if (!tenant) {
+        throw new HTTPException(404);
+      }
+
+      console.log("tenant", tenant);
+
+      return ctx.json(tenant);
+    },
+  )
+  // --------------------------------
+  // DELETE /tenants/:id
+  // --------------------------------
+  .openapi(
+    createRoute({
+      tags: ["tenants"],
+      method: "delete",
+      path: "/{id}",
+      request: {
+        params: z.object({
+          id: z.string(),
+        }),
+      },
+      // middleware: [authenticationMiddleware({ scopes: ["auth:write"] })],
+      security: [
+        {
+          Bearer: ["auth:write"],
+        },
+      ],
+      responses: {
+        200: {
+          description: "Status",
+        },
+      },
+    }),
+    async (ctx) => {
+      const { id } = ctx.req.valid("param");
+
+      await ctx.env.data.tenants.remove(id);
+
+      return ctx.text("OK");
+    },
+  )
+  // --------------------------------
+  // PATCH /tenants/:id
+  // --------------------------------
+  .openapi(
+    createRoute({
+      tags: ["tenants"],
+      method: "patch",
+      path: "/{id}",
+      request: {
+        body: {
+          content: {
+            "application/json": {
+              schema: z.object(tenantInsertSchema.shape).partial(),
+            },
+          },
+        },
+        params: z.object({
+          id: z.string(),
+        }),
+      },
+      // middleware: [authenticationMiddleware({ scopes: ["auth:write"] })],
+      security: [
+        {
+          Bearer: ["auth:write"],
+        },
+      ],
+      responses: {
+        200: {
+          description: "Status",
+        },
+      },
+    }),
+    async (ctx) => {
+      const { id } = ctx.req.valid("param");
+      const body = ctx.req.valid("json");
+
+      await ctx.env.data.tenants.update(id, body);
+
+      return ctx.text("OK");
+    },
+  )
+  // --------------------------------
+  // POST /tenants
+  // --------------------------------
+  .openapi(
+    createRoute({
+      tags: ["tenants"],
+      method: "post",
+      path: "/",
+      request: {
+        body: {
+          content: {
+            "application/json": {
+              schema: z.object(tenantInsertSchema.shape),
+            },
+          },
+        },
+      },
+      // middleware: [authenticationMiddleware({ scopes: ["auth:write"] })],
+      security: [
+        {
+          Bearer: ["auth:write"],
+        },
+      ],
+      responses: {
+        200: {
+          content: {
+            "tenant/json": {
+              schema: tenantSchema,
+            },
+          },
+          description: "An tenant",
+        },
+      },
+    }),
+    async (ctx) => {
+      const body = ctx.req.valid("json");
+
+      const tenant = await ctx.env.data.tenants.create(body);
+
+      return ctx.json(tenant, { status: 201 });
+    },
+  );

package/src/routes/oauth2/well-known.ts

@@ -1,9 +1,8 @@
 import {
-  Bindings,
   jwksKeySchema,
-  // jwksSchema,
   openIDConfigurationSchema,
-} from "../../types";
+} from "@authhero/adapter-interfaces";
+import { Bindings } from "../../types";
 import { OpenAPIHono, createRoute } from "@hono/zod-openapi";
 
 export const wellKnownRoutes = new OpenAPIHono<{ Bindings: Bindings }>()

package/src/types/Bindings.ts

@@ -1,6 +1,11 @@
+import { DataAdapters } from "@authhero/adapter-interfaces";
+
 export type Bindings = {
   ISSUER: string;
   ENVIRONMENT: string;
+  AUTH_URL: string;
+
+  data: DataAdapters;
 
   // Constants
   JWKS_CACHE_TIMEOUT_IN_SECONDS: number;

package/src/types/Query.ts

@@ -0,0 +1,42 @@
+import { z } from "@hono/zod-openapi";
+
+export const querySchema = z.object({
+  page: z
+    .string()
+    .min(0)
+    .optional()
+    .default("0")
+    .transform((p) => parseInt(p, 10))
+    .openapi({
+      description: "The page number where 0 is the first page",
+    }),
+  per_page: z
+    .string()
+    .min(1)
+    .optional()
+    .default("10")
+    .transform((p) => parseInt(p, 10))
+    .openapi({
+      description: "The number of items per page",
+    }),
+  include_totals: z
+    .string()
+    .optional()
+    .default("false")
+    .transform((it) => it === "true")
+    .openapi({
+      description:
+        "If the total number of items should be included in the response",
+    }),
+  sort: z
+    .string()
+    .regex(/^.+:(-1|1)$/)
+    .optional()
+    .openapi({
+      description:
+        "A property that should have the format 'string:-1' or 'string:1'",
+    }),
+  q: z.string().optional().openapi({
+    description: "A lucene query string used to filter the results",
+  }),
+});

package/src/types/Variables.ts

@@ -1 +1,3 @@
-export type Variables = {};
+export type Variables = {
+  tenant_id: string;
+};

package/src/types/index.ts

@@ -1,3 +1,3 @@
-export * from "./Bindings";
-export * from "./JWKS";
 export * from "./Variables";
+export * from "./Bindings";
+export * from "./Query";

package/src/utils/parse-sort.ts

@@ -0,0 +1,18 @@
+export function parseSort(sort?: string):
+  | undefined
+  | {
+      sort_by: string;
+      sort_order: "asc" | "desc";
+    } {
+  if (!sort) {
+    return undefined;
+  }
+
+  const [sort_by = "", orderString] = sort.split(":");
+  const sort_order = orderString === "1" ? "asc" : "desc";
+
+  return {
+    sort_by,
+    sort_order,
+  };
+}