fastify-txstate 3.4.0 → 3.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/unified-auth.d.ts +4 -2
- package/lib/unified-auth.js +61 -1
- package/package.json +1 -1
package/lib/unified-auth.d.ts
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
|
-
import { type FastifyRequest } from 'fastify';
|
|
2
|
-
import { type FastifyTxStateAuthInfo } from '.';
|
|
1
|
+
import { type FastifyReply, type FastifyRequest } from 'fastify';
|
|
2
|
+
import { type FastifyInstanceTyped, type FastifyTxStateAuthInfo } from '.';
|
|
3
3
|
export declare const uaCookieName: string;
|
|
4
4
|
export declare function unifiedAuthenticate(req: FastifyRequest): Promise<FastifyTxStateAuthInfo | undefined>;
|
|
5
5
|
export declare function unifiedAuthenticateAll(req: FastifyRequest): Promise<FastifyTxStateAuthInfo>;
|
|
6
|
+
export declare function requireCookieAuth(req: FastifyRequest, res: FastifyReply): Promise<boolean>;
|
|
7
|
+
export declare function registerUaCookieRoutes(app: FastifyInstanceTyped): void;
|
package/lib/unified-auth.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.unifiedAuthenticateAll = exports.unifiedAuthenticate = exports.uaCookieName = void 0;
|
|
3
|
+
exports.registerUaCookieRoutes = exports.requireCookieAuth = exports.unifiedAuthenticateAll = exports.unifiedAuthenticate = exports.uaCookieName = void 0;
|
|
4
4
|
const crypto_1 = require("crypto");
|
|
5
5
|
const jose_1 = require("jose");
|
|
6
6
|
const txstate_utils_1 = require("txstate-utils");
|
|
@@ -123,3 +123,63 @@ async function unifiedAuthenticateAll(req) {
|
|
|
123
123
|
return auth;
|
|
124
124
|
}
|
|
125
125
|
exports.unifiedAuthenticateAll = unifiedAuthenticateAll;
|
|
126
|
+
async function requireCookieAuth(req, res) {
|
|
127
|
+
if (req.auth === undefined || req.auth.username.length === 0) {
|
|
128
|
+
await res
|
|
129
|
+
.header('Set-Cookie', `${exports.uaCookieName}_return=${encodeURIComponent(`${process.env.PUBLIC_URL ?? ''}${req.originalUrl}`)}; Path=/; Secure; HttpOnly; SameSite=Lax`)
|
|
130
|
+
.redirect(`${process.env.UA_URL ?? ''}/login?clientId=${process.env.UA_CLIENTID ?? ''}&returnUrl=${encodeURIComponent(`${process.env.PUBLIC_URL ?? ''}/.uaService`)}`);
|
|
131
|
+
return true;
|
|
132
|
+
}
|
|
133
|
+
else {
|
|
134
|
+
return false;
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
exports.requireCookieAuth = requireCookieAuth;
|
|
138
|
+
function registerUaCookieRoutes(app) {
|
|
139
|
+
app.get('/.uaLogout', {
|
|
140
|
+
schema: {
|
|
141
|
+
headers: {
|
|
142
|
+
type: 'object',
|
|
143
|
+
properties: {
|
|
144
|
+
cookie: { type: 'string', pattern: `${exports.uaCookieName}=[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+` }
|
|
145
|
+
},
|
|
146
|
+
required: ['cookie']
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
}, async (req, res) => {
|
|
150
|
+
const m = req.headers.cookie.match(new RegExp(`${exports.uaCookieName}=([^;]+)`));
|
|
151
|
+
if (m == null)
|
|
152
|
+
return res.code(400).send('Missing UA JWT');
|
|
153
|
+
return res
|
|
154
|
+
.header('Set-Cookie', `${exports.uaCookieName}=; Path=/; Secure; HttpOnly; SameSite=Lax; Expires=Thu, 01 Jan 1970 00:00:00 GMT`)
|
|
155
|
+
.redirect(`${process.env.UA_URL ?? ''}/logout?unifiedJwt=${encodeURIComponent(m[1])}`);
|
|
156
|
+
});
|
|
157
|
+
app.get('/.uaService', {
|
|
158
|
+
schema: {
|
|
159
|
+
querystring: {
|
|
160
|
+
type: 'object',
|
|
161
|
+
properties: {
|
|
162
|
+
unifiedJwt: { type: 'string', pattern: '^[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+$' }
|
|
163
|
+
},
|
|
164
|
+
required: ['unifiedJwt'],
|
|
165
|
+
additionalProperties: false
|
|
166
|
+
},
|
|
167
|
+
headers: {
|
|
168
|
+
type: 'object',
|
|
169
|
+
properties: {
|
|
170
|
+
cookie: { type: 'string', pattern: `${exports.uaCookieName}_return=${encodeURIComponent(`${process.env.PUBLIC_URL ?? ''}`)}` }
|
|
171
|
+
},
|
|
172
|
+
required: ['cookie']
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
}, async (req, res) => {
|
|
176
|
+
const m = req.headers.cookie.match(new RegExp(`${exports.uaCookieName}_return=([^;]+)`));
|
|
177
|
+
if (m == null)
|
|
178
|
+
return res.code(400).send('Return URL cookie not found');
|
|
179
|
+
return res
|
|
180
|
+
.header('Set-Cookie', `${exports.uaCookieName}=${req.query.unifiedJwt}; Path=/; Secure; HttpOnly; SameSite=Lax`)
|
|
181
|
+
.header('Set-Cookie', `${exports.uaCookieName}_return=; Path=/; Secure; HttpOnly; SameSite=Lax; Expires=Thu, 01 Jan 1970 00:00:00 GMT`)
|
|
182
|
+
.redirect(decodeURIComponent(m[1]));
|
|
183
|
+
});
|
|
184
|
+
}
|
|
185
|
+
exports.registerUaCookieRoutes = registerUaCookieRoutes;
|