cortex-auth 0.0.1 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -0
- package/dist/payload-jwt/index.d.ts +2 -0
- package/dist/payload-jwt/index.d.ts.map +1 -0
- package/dist/payload-jwt/index.js +2 -0
- package/dist/payload-jwt/index.js.map +1 -0
- package/dist/payload-jwt/user.d.ts +14 -0
- package/dist/payload-jwt/user.d.ts.map +1 -0
- package/dist/payload-jwt/user.js +100 -0
- package/dist/payload-jwt/user.js.map +1 -0
- package/package.json +17 -5
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAA"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/payload-jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAA"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { NextRequest } from "next/server";
|
|
2
|
+
export interface AuthInfo {
|
|
3
|
+
sub: string;
|
|
4
|
+
exp: number;
|
|
5
|
+
scopes: string[];
|
|
6
|
+
extra?: Record<string, any>;
|
|
7
|
+
}
|
|
8
|
+
export declare function verifySession(req: NextRequest): Promise<AuthInfo | undefined>;
|
|
9
|
+
export declare function verifyToken(bearer: string): Promise<AuthInfo | undefined>;
|
|
10
|
+
/**
|
|
11
|
+
* Check if a token is expired
|
|
12
|
+
*/
|
|
13
|
+
export declare function isTokenExpired(token: string): Promise<boolean>;
|
|
14
|
+
//# sourceMappingURL=user.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/user.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,MAAM,WAAW,QAAQ;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AA0CD,wBAAsB,aAAa,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,CAgCnF;AAID,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,CA0B/E;AAGD;;GAEG;AACH,wBAAsB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAMpE"}
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
import { jwtVerify, createRemoteJWKSet, decodeJwt } from "jose";
|
|
2
|
+
const OIDC_ISSUER = process.env.OAUTH_ISSUER; // e.g. https://login.microsoftonline.com/<tenant>/v2.0
|
|
3
|
+
const OAUTH_DISCOVERY_URL = `${OIDC_ISSUER}/.well-known/openid-configuration`;
|
|
4
|
+
// Fetch JWKS URL from OAuth well-known configuration
|
|
5
|
+
async function getJwksUrl() {
|
|
6
|
+
const wellKnownUrl = OAUTH_DISCOVERY_URL;
|
|
7
|
+
try {
|
|
8
|
+
const response = await fetch(wellKnownUrl);
|
|
9
|
+
const config = await response.json();
|
|
10
|
+
return config.jwks_uri;
|
|
11
|
+
}
|
|
12
|
+
catch (error) {
|
|
13
|
+
console.error("Failed to fetch well-known config:", error);
|
|
14
|
+
// Fallback to the hardcoded path
|
|
15
|
+
const fallbackUrl = `${OAUTH_DISCOVERY_URL}/discovery/v2.0/keys`;
|
|
16
|
+
return fallbackUrl;
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
// Create JWKS instance - will be initialized lazily
|
|
20
|
+
let JWKS = null;
|
|
21
|
+
async function getJWKS() {
|
|
22
|
+
if (!JWKS) {
|
|
23
|
+
const jwksUrl = await getJwksUrl();
|
|
24
|
+
JWKS = createRemoteJWKSet(new URL(jwksUrl));
|
|
25
|
+
}
|
|
26
|
+
return JWKS;
|
|
27
|
+
}
|
|
28
|
+
function extractBearer(req) {
|
|
29
|
+
const h = req.headers.get("authorization");
|
|
30
|
+
if (!h)
|
|
31
|
+
return;
|
|
32
|
+
const [scheme, token] = h.split(" ");
|
|
33
|
+
if (scheme.toLowerCase() !== "bearer")
|
|
34
|
+
return;
|
|
35
|
+
return token;
|
|
36
|
+
}
|
|
37
|
+
// Verify Next Session and return AuthInfo
|
|
38
|
+
export async function verifySession(req) {
|
|
39
|
+
const bearer = extractBearer(req);
|
|
40
|
+
if (bearer) {
|
|
41
|
+
// for development ONLY, use a dummy token
|
|
42
|
+
try {
|
|
43
|
+
const decodedJWT = decodeJwt(bearer);
|
|
44
|
+
// Get JWKS dynamically from well-known endpoint
|
|
45
|
+
const jwks = await getJWKS();
|
|
46
|
+
const { payload, protectedHeader } = await jwtVerify(bearer, jwks, {
|
|
47
|
+
issuer: OIDC_ISSUER,
|
|
48
|
+
algorithms: ["RS256"],
|
|
49
|
+
});
|
|
50
|
+
return {
|
|
51
|
+
sub: payload.sub ?? "unknown",
|
|
52
|
+
exp: payload.exp ?? 0,
|
|
53
|
+
scopes: typeof payload.scp === "string" ? payload.scp.split(" ") : [],
|
|
54
|
+
extra: { email: payload.email, name: payload.name },
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
catch (error) {
|
|
58
|
+
console.log("JWT verification failed:", error);
|
|
59
|
+
return undefined;
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
// fallback: NextAuth session (optional)
|
|
63
|
+
return undefined;
|
|
64
|
+
}
|
|
65
|
+
export async function verifyToken(bearer) {
|
|
66
|
+
if (bearer) {
|
|
67
|
+
// for development ONLY, use a dummy token
|
|
68
|
+
try {
|
|
69
|
+
const decodedJWT = decodeJwt(bearer);
|
|
70
|
+
// Get JWKS dynamically from well-known endpoint
|
|
71
|
+
const jwks = await getJWKS();
|
|
72
|
+
const { payload, protectedHeader } = await jwtVerify(bearer, jwks, {
|
|
73
|
+
issuer: OIDC_ISSUER,
|
|
74
|
+
algorithms: ["RS256"],
|
|
75
|
+
});
|
|
76
|
+
return {
|
|
77
|
+
sub: payload.sub ?? "unknown",
|
|
78
|
+
exp: payload.exp ?? 0,
|
|
79
|
+
scopes: typeof payload.scp === "string" ? payload.scp.split(" ") : [],
|
|
80
|
+
extra: { email: payload.email, name: payload.name },
|
|
81
|
+
};
|
|
82
|
+
}
|
|
83
|
+
catch (error) {
|
|
84
|
+
console.log("JWT verification failed:", error);
|
|
85
|
+
return undefined;
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
return undefined;
|
|
89
|
+
}
|
|
90
|
+
/**
|
|
91
|
+
* Check if a token is expired
|
|
92
|
+
*/
|
|
93
|
+
export async function isTokenExpired(token) {
|
|
94
|
+
const decoded = await verifyToken(token);
|
|
95
|
+
if (!decoded || !decoded.exp)
|
|
96
|
+
return true;
|
|
97
|
+
const currentTime = Math.floor(Date.now() / 1000);
|
|
98
|
+
return decoded.exp < currentTime;
|
|
99
|
+
}
|
|
100
|
+
//# sourceMappingURL=user.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user.js","sourceRoot":"","sources":["../../src/payload-jwt/user.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAWhE,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,YAAa,CAAC,CAAC,uDAAuD;AACtG,MAAM,mBAAmB,GAAG,GAAG,WAAW,mCAAmC,CAAC;AAE9E,qDAAqD;AACrD,KAAK,UAAU,UAAU;IACrB,MAAM,YAAY,GAAG,mBAAmB,CAAC;IACzC,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA0B,CAAC;QAC7D,OAAO,MAAM,CAAC,QAAQ,CAAC;IAC3B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;QAC3D,iCAAiC;QACjC,MAAM,WAAW,GAAG,GAAG,mBAAmB,sBAAsB,CAAC;QACjE,OAAO,WAAW,CAAC;IACvB,CAAC;AACL,CAAC;AAED,oDAAoD;AACpD,IAAI,IAAI,GAAiD,IAAI,CAAC;AAE9D,KAAK,UAAU,OAAO;IAClB,IAAI,CAAC,IAAI,EAAE,CAAC;QACR,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;QACnC,IAAI,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,GAAY;IAC/B,MAAM,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC3C,IAAI,CAAC,CAAC;QAAE,OAAO;IACf,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,QAAQ;QAAE,OAAO;IAC9C,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,0CAA0C;AAE1C,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAgB;IAEhD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAElC,IAAI,MAAM,EAAE,CAAC;QACT,0CAA0C;QAC1C,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;YAErC,gDAAgD;YAChD,MAAM,IAAI,GAAG,MAAM,OAAO,EAAE,CAAC;YAE7B,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE;gBAC/D,MAAM,EAAE,WAAW;gBACnB,UAAU,EAAE,CAAC,OAAO,CAAC;aACxB,CAAC,CAAC;YAEH,OAAO;gBACH,GAAG,EAAG,OAAO,CAAC,GAAc,IAAI,SAAS;gBACzC,GAAG,EAAG,OAAO,CAAC,GAAc,IAAI,CAAC;gBACjC,MAAM,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBACrE,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;aACtD,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YAC/C,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC;IAED,wCAAwC;IAExC,OAAO,SAAS,CAAC;AACrB,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAc;IAC5C,IAAI,MAAM,EAAE,CAAC;QACT,0CAA0C;QAC1C,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;YAErC,gDAAgD;YAChD,MAAM,IAAI,GAAG,MAAM,OAAO,EAAE,CAAC;YAE7B,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE;gBAC/D,MAAM,EAAE,WAAW;gBACnB,UAAU,EAAE,CAAC,OAAO,CAAC;aACxB,CAAC,CAAC;YAEH,OAAO;gBACH,GAAG,EAAG,OAAO,CAAC,GAAc,IAAI,SAAS;gBACzC,GAAG,EAAG,OAAO,CAAC,GAAc,IAAI,CAAC;gBACjC,MAAM,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBACrE,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;aACtD,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YAC/C,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAGD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAa;IAChD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAE1C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAClD,OAAO,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;AACnC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cortex-auth",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "1.0.1",
|
|
4
4
|
"description": "Shared authentication utilities for Node.js and Next.js applications",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.esm.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
8
|
-
"files": [
|
|
8
|
+
"files": [
|
|
9
|
+
"dist"
|
|
10
|
+
],
|
|
9
11
|
"repository": {
|
|
10
12
|
"type": "git",
|
|
11
13
|
"url": "https://github.com/cortex-reply/shared-components.git",
|
|
@@ -30,16 +32,26 @@
|
|
|
30
32
|
"author": "Cortex Reply",
|
|
31
33
|
"license": "MIT",
|
|
32
34
|
"dependencies": {
|
|
33
|
-
"
|
|
34
|
-
"
|
|
35
|
+
"bcryptjs": "^2.4.3",
|
|
36
|
+
"jose": "^6.1.3",
|
|
37
|
+
"jsonwebtoken": "^9.0.3"
|
|
38
|
+
},
|
|
39
|
+
"peerDependencies": {
|
|
40
|
+
"next": ">=15.0.0"
|
|
41
|
+
},
|
|
42
|
+
"peerDependenciesMeta": {
|
|
43
|
+
"next": {
|
|
44
|
+
"optional": true
|
|
45
|
+
}
|
|
35
46
|
},
|
|
36
47
|
"devDependencies": {
|
|
37
|
-
"@types/jsonwebtoken": "^9.0.7",
|
|
38
48
|
"@types/bcryptjs": "^2.4.6",
|
|
49
|
+
"@types/jsonwebtoken": "^9.0.7",
|
|
39
50
|
"@types/node": "^20.10.5",
|
|
40
51
|
"@typescript-eslint/eslint-plugin": "^6.15.0",
|
|
41
52
|
"@typescript-eslint/parser": "^6.15.0",
|
|
42
53
|
"eslint": "^8.56.0",
|
|
54
|
+
"next": "^15.0.0",
|
|
43
55
|
"typescript": "^5.3.3"
|
|
44
56
|
}
|
|
45
57
|
}
|