cortex-auth 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/payload-jwt/authenticateRequest.d.ts.map +1 -1
- package/dist/payload-jwt/authenticateRequest.js +27 -5
- package/dist/payload-jwt/authenticateRequest.js.map +1 -1
- package/dist/payload-jwt/user.d.ts +1 -0
- package/dist/payload-jwt/user.d.ts.map +1 -1
- package/dist/payload-jwt/user.js +1 -0
- package/dist/payload-jwt/user.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,SAAS,CAAA;AAEtC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,SAAS,CAAA;AAEtC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AA8C5C,wBAAsB,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;IAAE,GAAG,EAAE,eAAe,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;GA6EtG"}
|
|
@@ -1,4 +1,9 @@
|
|
|
1
1
|
import { verifySession } from "./user";
|
|
2
|
+
function createAuthError(message, statusCode) {
|
|
3
|
+
const error = new Error(message);
|
|
4
|
+
error.statusCode = statusCode;
|
|
5
|
+
return error;
|
|
6
|
+
}
|
|
2
7
|
export async function authenticateRequest({ req, payload }) {
|
|
3
8
|
let type = 'cookie';
|
|
4
9
|
if (req.auth) {
|
|
@@ -15,9 +20,13 @@ export async function authenticateRequest({ req, payload }) {
|
|
|
15
20
|
type = 'bearer';
|
|
16
21
|
const session = await verifySession(req);
|
|
17
22
|
if (!session || !session.sub || !session.extra)
|
|
18
|
-
throw
|
|
23
|
+
throw createAuthError("No valid session found", 401);
|
|
24
|
+
const OAUTH_CLIENT_ID = process.env.OAUTH_CLIENT_ID;
|
|
25
|
+
const permissions = session.resource_access?.[OAUTH_CLIENT_ID]?.roles;
|
|
26
|
+
if (!permissions)
|
|
27
|
+
throw createAuthError("User does not have permission to access this application.", 403);
|
|
19
28
|
if (!payload)
|
|
20
|
-
throw
|
|
29
|
+
throw createAuthError("Payload instance is required for Keycloak user normalisation", 500);
|
|
21
30
|
const payloadUser = (await payload.find({ collection: 'users', depth: 1, limit: 1, draft: false, overrideAccess: true, where: { email: { equals: session.extra.email } } })).docs[0];
|
|
22
31
|
if (!payloadUser && session.extra) {
|
|
23
32
|
// create the user in Payload
|
|
@@ -26,7 +35,7 @@ export async function authenticateRequest({ req, payload }) {
|
|
|
26
35
|
data: {
|
|
27
36
|
email: session.extra.email,
|
|
28
37
|
name: session.extra.name,
|
|
29
|
-
role: 'user',
|
|
38
|
+
role: permissions[0] || 'user',
|
|
30
39
|
enabled: true,
|
|
31
40
|
accounts: [
|
|
32
41
|
{
|
|
@@ -47,16 +56,29 @@ export async function authenticateRequest({ req, payload }) {
|
|
|
47
56
|
};
|
|
48
57
|
}
|
|
49
58
|
else if (payloadUser) {
|
|
59
|
+
// update user role if changed
|
|
60
|
+
if (payloadUser.role !== permissions[0]) {
|
|
61
|
+
await payload.update({
|
|
62
|
+
collection: 'users',
|
|
63
|
+
id: payloadUser.id,
|
|
64
|
+
data: {
|
|
65
|
+
role: permissions[0] || 'user',
|
|
66
|
+
},
|
|
67
|
+
draft: false,
|
|
68
|
+
overrideAccess: true,
|
|
69
|
+
});
|
|
70
|
+
console.log(`Updated Payload user role for ${payloadUser.email} to ${permissions}`);
|
|
71
|
+
}
|
|
50
72
|
return {
|
|
51
73
|
id: payloadUser.id,
|
|
52
74
|
email: payloadUser.email,
|
|
53
75
|
name: payloadUser.name,
|
|
54
|
-
role:
|
|
76
|
+
role: permissions[0] || 'user',
|
|
55
77
|
method: 'bearer',
|
|
56
78
|
};
|
|
57
79
|
}
|
|
58
80
|
else {
|
|
59
|
-
throw
|
|
81
|
+
throw createAuthError("No user found for the given session", 401);
|
|
60
82
|
}
|
|
61
83
|
}
|
|
62
84
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticateRequest.js","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"authenticateRequest.js","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAUvC,SAAS,eAAe,CAAC,OAAe,EAAE,UAAkB;IACxD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAc,CAAC;IAC9C,KAAK,CAAC,UAAU,GAAG,UAAU,CAAC;IAC9B,OAAO,KAAK,CAAC;AACjB,CAAC;AAoCD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAA+C;IACnG,IAAI,IAAI,GAAG,QAAQ,CAAA;IACnB,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACX,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAY,CAAA;QAClC,OAAO;YACH,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,QAAQ;SACnB,CAAA;IACL,CAAC;SAAM,CAAC;QACJ,IAAI,GAAG,QAAQ,CAAA;QACf,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAA;QAExC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK;YAAE,MAAM,eAAe,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;QACrG,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC;QACrD,MAAM,WAAW,GAAI,OAAO,CAAC,eAAe,EAAE,CAAC,eAAe,CAAC,EAAE,KAA8B,CAAC;QAChG,IAAI,CAAC,WAAW;YAAE,MAAM,eAAe,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;QAE1G,IAAI,CAAC,OAAO;YAAE,MAAM,eAAe,CAAC,8DAA8D,EAAE,GAAG,CAAC,CAAC;QACzG,MAAM,WAAW,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAEpL,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAGhC,6BAA6B;YAC7B,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC;gBACjC,UAAU,EAAE,OAAO;gBACnB,IAAI,EAAE;oBACF,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;oBACxB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;oBAC9B,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE;wBACN;4BACI,QAAQ,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM;yBACrE;qBACJ;iBACJ;gBACD,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;YACrF,OAAO;gBACH,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,IAAI,WAAW,EAAE,CAAC;YACrB,8BAA8B;YAC9B,IAAI,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,MAAM,OAAO,CAAC,MAAM,CAAC;oBACjB,UAAU,EAAE,OAAO;oBACnB,EAAE,EAAE,WAAW,CAAC,EAAE;oBAClB,IAAI,EAAE;wBACF,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;qBACjC;oBACD,KAAK,EAAE,KAAK;oBACZ,cAAc,EAAE,IAAI;iBACvB,CAAC,CAAA;gBACF,OAAO,CAAC,GAAG,CAAC,iCAAiC,WAAW,CAAC,KAAK,OAAO,WAAW,EAAE,CAAC,CAAC;YACxF,CAAC;YAED,OAAO;gBACH,EAAE,EAAE,WAAW,CAAC,EAAE;gBAClB,KAAK,EAAE,WAAW,CAAC,KAAK;gBACxB,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;gBAC9B,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,eAAe,CAAC,qCAAqC,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACL,CAAC;AACL,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/user.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,MAAM,WAAW,QAAQ;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AA0CD,wBAAsB,aAAa,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,
|
|
1
|
+
{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/user.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,MAAM,WAAW,QAAQ;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AA0CD,wBAAsB,aAAa,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,CAiCnF;AAID,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,CA0B/E;AAGD;;GAEG;AACH,wBAAsB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAMpE"}
|
package/dist/payload-jwt/user.js
CHANGED
|
@@ -51,6 +51,7 @@ export async function verifySession(req) {
|
|
|
51
51
|
sub: payload.sub ?? "unknown",
|
|
52
52
|
exp: payload.exp ?? 0,
|
|
53
53
|
scopes: typeof payload.scp === "string" ? payload.scp.split(" ") : [],
|
|
54
|
+
resource_access: payload.resource_access,
|
|
54
55
|
extra: { email: payload.email, name: payload.name },
|
|
55
56
|
};
|
|
56
57
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user.js","sourceRoot":"","sources":["../../src/payload-jwt/user.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"user.js","sourceRoot":"","sources":["../../src/payload-jwt/user.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAYhE,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,YAAa,CAAC,CAAC,uDAAuD;AACtG,MAAM,mBAAmB,GAAG,GAAG,WAAW,mCAAmC,CAAC;AAE9E,qDAAqD;AACrD,KAAK,UAAU,UAAU;IACrB,MAAM,YAAY,GAAG,mBAAmB,CAAC;IACzC,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA0B,CAAC;QAC7D,OAAO,MAAM,CAAC,QAAQ,CAAC;IAC3B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;QAC3D,iCAAiC;QACjC,MAAM,WAAW,GAAG,GAAG,mBAAmB,sBAAsB,CAAC;QACjE,OAAO,WAAW,CAAC;IACvB,CAAC;AACL,CAAC;AAED,oDAAoD;AACpD,IAAI,IAAI,GAAiD,IAAI,CAAC;AAE9D,KAAK,UAAU,OAAO;IAClB,IAAI,CAAC,IAAI,EAAE,CAAC;QACR,MAAM,OAAO,GAAG,MAAM,UAAU,EAAE,CAAC;QACnC,IAAI,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,GAAY;IAC/B,MAAM,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC3C,IAAI,CAAC,CAAC;QAAE,OAAO;IACf,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,QAAQ;QAAE,OAAO;IAC9C,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,0CAA0C;AAE1C,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAgB;IAEhD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAElC,IAAI,MAAM,EAAE,CAAC;QACT,0CAA0C;QAC1C,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;YAErC,gDAAgD;YAChD,MAAM,IAAI,GAAG,MAAM,OAAO,EAAE,CAAC;YAE7B,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE;gBAC/D,MAAM,EAAE,WAAW;gBACnB,UAAU,EAAE,CAAC,OAAO,CAAC;aACxB,CAAC,CAAC;YAEH,OAAO;gBACH,GAAG,EAAG,OAAO,CAAC,GAAc,IAAI,SAAS;gBACzC,GAAG,EAAG,OAAO,CAAC,GAAc,IAAI,CAAC;gBACjC,MAAM,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBACrE,eAAe,EAAE,OAAO,CAAC,eAAkD;gBAC3E,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;aACtD,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YAC/C,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC;IAED,wCAAwC;IAExC,OAAO,SAAS,CAAC;AACrB,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAc;IAC5C,IAAI,MAAM,EAAE,CAAC;QACT,0CAA0C;QAC1C,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;YAErC,gDAAgD;YAChD,MAAM,IAAI,GAAG,MAAM,OAAO,EAAE,CAAC;YAE7B,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE;gBAC/D,MAAM,EAAE,WAAW;gBACnB,UAAU,EAAE,CAAC,OAAO,CAAC;aACxB,CAAC,CAAC;YAEH,OAAO;gBACH,GAAG,EAAG,OAAO,CAAC,GAAc,IAAI,SAAS;gBACzC,GAAG,EAAG,OAAO,CAAC,GAAc,IAAI,CAAC;gBACjC,MAAM,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBACrE,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;aACtD,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YAC/C,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAGD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAa;IAChD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAE1C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAClD,OAAO,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;AACnC,CAAC"}
|