cortex-auth 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -14,4 +14,14 @@ export declare function authenticateRequest({ req, payload }: {
|
|
|
14
14
|
role: any;
|
|
15
15
|
method: string;
|
|
16
16
|
}>;
|
|
17
|
+
export declare function authenticateRequestHeaders({ headers, payload }: {
|
|
18
|
+
headers: Headers;
|
|
19
|
+
payload?: Payload;
|
|
20
|
+
}): Promise<{
|
|
21
|
+
id: string | number;
|
|
22
|
+
email: any;
|
|
23
|
+
name: any;
|
|
24
|
+
role: any;
|
|
25
|
+
method: string;
|
|
26
|
+
} | undefined>;
|
|
17
27
|
//# sourceMappingURL=authenticateRequest.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,SAAS,CAAA;AAEtC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,UAAU,SAAU,SAAQ,KAAK;IAC7B,UAAU,EAAE,MAAM,CAAC;CACtB;AAQD,YAAY,EAAE,SAAS,EAAE,CAAC;AAoC1B,wBAAsB,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;IAAE,GAAG,EAAE,eAAe,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;GA2EtG"}
|
|
1
|
+
{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,SAAS,CAAA;AAEtC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,UAAU,SAAU,SAAQ,KAAK;IAC7B,UAAU,EAAE,MAAM,CAAC;CACtB;AAQD,YAAY,EAAE,SAAS,EAAE,CAAC;AAoC1B,wBAAsB,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;IAAE,GAAG,EAAE,eAAe,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;GA2EtG;AAED,wBAAsB,0BAA0B,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;eAmE7G"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { verifySession } from "./user";
|
|
1
|
+
import { verifySession, verifyToken } from "./user";
|
|
2
2
|
function createAuthError(message, statusCode) {
|
|
3
3
|
const error = new Error(message);
|
|
4
4
|
error.statusCode = statusCode;
|
|
@@ -80,4 +80,70 @@ export async function authenticateRequest({ req, payload }) {
|
|
|
80
80
|
}
|
|
81
81
|
}
|
|
82
82
|
}
|
|
83
|
+
export async function authenticateRequestHeaders({ headers, payload }) {
|
|
84
|
+
if (headers.get('authorization')) {
|
|
85
|
+
const session = await verifyToken(headers.get('authorization').replace('Bearer ', ''));
|
|
86
|
+
if (!session || !session.sub || !session.extra)
|
|
87
|
+
throw createAuthError("No valid session found", 401);
|
|
88
|
+
const OAUTH_CLIENT_ID = process.env.OAUTH_CLIENT_ID;
|
|
89
|
+
const permissions = session.resource_access?.[OAUTH_CLIENT_ID]?.roles;
|
|
90
|
+
if (!permissions)
|
|
91
|
+
throw createAuthError("User does not have permission to access this application.", 403);
|
|
92
|
+
if (!payload)
|
|
93
|
+
throw createAuthError("Payload instance is required for Keycloak user normalisation", 500);
|
|
94
|
+
const payloadUser = (await payload.find({ collection: 'users', depth: 1, limit: 1, draft: false, overrideAccess: true, where: { email: { equals: session.extra.email } } })).docs[0];
|
|
95
|
+
if (!payloadUser && session.extra) {
|
|
96
|
+
// create the user in Payload
|
|
97
|
+
const newUser = await payload.create({
|
|
98
|
+
collection: 'users',
|
|
99
|
+
data: {
|
|
100
|
+
email: session.extra.email,
|
|
101
|
+
name: session.extra.name,
|
|
102
|
+
role: permissions[0] || 'user',
|
|
103
|
+
enabled: true,
|
|
104
|
+
accounts: [
|
|
105
|
+
{
|
|
106
|
+
provider: 'keycloak', providerAccountId: session.sub, type: 'oidc',
|
|
107
|
+
}
|
|
108
|
+
],
|
|
109
|
+
},
|
|
110
|
+
draft: false,
|
|
111
|
+
overrideAccess: true,
|
|
112
|
+
});
|
|
113
|
+
console.log("Created new Payload user for Keycloak user:", newUser.id, newUser.email);
|
|
114
|
+
return {
|
|
115
|
+
id: newUser.id,
|
|
116
|
+
email: newUser.email,
|
|
117
|
+
name: newUser.name,
|
|
118
|
+
role: newUser.role,
|
|
119
|
+
method: 'bearer',
|
|
120
|
+
};
|
|
121
|
+
}
|
|
122
|
+
else if (payloadUser) {
|
|
123
|
+
// update user role if changed
|
|
124
|
+
if (payloadUser.role !== permissions[0]) {
|
|
125
|
+
await payload.update({
|
|
126
|
+
collection: 'users',
|
|
127
|
+
id: payloadUser.id,
|
|
128
|
+
data: {
|
|
129
|
+
role: permissions[0] || 'user',
|
|
130
|
+
},
|
|
131
|
+
draft: false,
|
|
132
|
+
overrideAccess: true,
|
|
133
|
+
});
|
|
134
|
+
console.log(`Updated Payload user role for ${payloadUser.email} to ${permissions}`);
|
|
135
|
+
}
|
|
136
|
+
return {
|
|
137
|
+
id: payloadUser.id,
|
|
138
|
+
email: payloadUser.email,
|
|
139
|
+
name: payloadUser.name,
|
|
140
|
+
role: permissions[0] || 'user',
|
|
141
|
+
method: 'bearer',
|
|
142
|
+
};
|
|
143
|
+
}
|
|
144
|
+
else {
|
|
145
|
+
throw createAuthError("No user found for the given session", 401);
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
}
|
|
83
149
|
//# sourceMappingURL=authenticateRequest.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticateRequest.js","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"authenticateRequest.js","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAUpD,SAAS,eAAe,CAAC,OAAe,EAAE,UAAkB;IACxD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAc,CAAC;IAC9C,KAAK,CAAC,UAAU,GAAG,UAAU,CAAC;IAC9B,OAAO,KAAK,CAAC;AACjB,CAAC;AAsCD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAA+C;IACnG,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACX,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAY,CAAA;QAClC,OAAO;YACH,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,QAAQ;SACnB,CAAA;IACL,CAAC;SAAM,CAAC;QACJ,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAA;QAExC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK;YAAE,MAAM,eAAe,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;QACrG,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC;QACrD,MAAM,WAAW,GAAK,OAAO,CAAC,eAAwD,EAAE,CAAC,eAAe,CAAC,EAAE,KAA8B,CAAC;QAC1I,IAAI,CAAC,WAAW;YAAE,MAAM,eAAe,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;QAE1G,IAAI,CAAC,OAAO;YAAE,MAAM,eAAe,CAAC,8DAA8D,EAAE,GAAG,CAAC,CAAC;QACzG,MAAM,WAAW,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAEpL,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAGhC,6BAA6B;YAC7B,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC;gBACjC,UAAU,EAAE,OAAO;gBACnB,IAAI,EAAE;oBACF,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;oBACxB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;oBAC9B,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE;wBACN;4BACI,QAAQ,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM;yBACrE;qBACJ;iBACJ;gBACD,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;YACrF,OAAO;gBACH,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,IAAI,WAAW,EAAE,CAAC;YACrB,8BAA8B;YAC9B,IAAI,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,MAAM,OAAO,CAAC,MAAM,CAAC;oBACjB,UAAU,EAAE,OAAO;oBACnB,EAAE,EAAE,WAAW,CAAC,EAAE;oBAClB,IAAI,EAAE;wBACF,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;qBACjC;oBACD,KAAK,EAAE,KAAK;oBACZ,cAAc,EAAE,IAAI;iBACvB,CAAC,CAAA;gBACF,OAAO,CAAC,GAAG,CAAC,iCAAiC,WAAW,CAAC,KAAK,OAAO,WAAW,EAAE,CAAC,CAAC;YACxF,CAAC;YAED,OAAO;gBACH,EAAE,EAAE,WAAW,CAAC,EAAE;gBAClB,KAAK,EAAE,WAAW,CAAC,KAAK;gBACxB,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;gBAC9B,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,eAAe,CAAC,qCAAqC,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACL,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,EAAE,OAAO,EAAE,OAAO,EAA2C;IAC1G,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAE/B,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAE,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;QAExF,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK;YAAE,MAAM,eAAe,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;QACrG,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC;QACrD,MAAM,WAAW,GAAK,OAAO,CAAC,eAAwD,EAAE,CAAC,eAAe,CAAC,EAAE,KAA8B,CAAC;QAC1I,IAAI,CAAC,WAAW;YAAE,MAAM,eAAe,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;QAE1G,IAAI,CAAC,OAAO;YAAE,MAAM,eAAe,CAAC,8DAA8D,EAAE,GAAG,CAAC,CAAC;QACzG,MAAM,WAAW,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAEpL,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAGhC,6BAA6B;YAC7B,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC;gBACjC,UAAU,EAAE,OAAO;gBACnB,IAAI,EAAE;oBACF,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;oBAC1B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;oBACxB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;oBAC9B,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE;wBACN;4BACI,QAAQ,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM;yBACrE;qBACJ;iBACJ;gBACD,KAAK,EAAE,KAAK;gBACZ,cAAc,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;YACrF,OAAO;gBACH,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,IAAI,WAAW,EAAE,CAAC;YACrB,8BAA8B;YAC9B,IAAI,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtC,MAAM,OAAO,CAAC,MAAM,CAAC;oBACjB,UAAU,EAAE,OAAO;oBACnB,EAAE,EAAE,WAAW,CAAC,EAAE;oBAClB,IAAI,EAAE;wBACF,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;qBACjC;oBACD,KAAK,EAAE,KAAK;oBACZ,cAAc,EAAE,IAAI;iBACvB,CAAC,CAAA;gBACF,OAAO,CAAC,GAAG,CAAC,iCAAiC,WAAW,CAAC,KAAK,OAAO,WAAW,EAAE,CAAC,CAAC;YACxF,CAAC;YAED,OAAO;gBACH,EAAE,EAAE,WAAW,CAAC,EAAE;gBAClB,KAAK,EAAE,WAAW,CAAC,KAAK;gBACxB,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM;gBAC9B,MAAM,EAAE,QAAQ;aACnB,CAAA;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,eAAe,CAAC,qCAAqC,EAAE,GAAG,CAAC,CAAC;QACtE,CAAC;IACL,CAAC;AACL,CAAC"}
|