fastify-txstate 3.6.2 → 3.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/unified-auth.d.ts +1 -0
  2. package/lib/unified-auth.js +18 -10
  3. package/package.json +1 -1
package/lib/unified-auth.d.ts CHANGED
@@ -7,6 +7,7 @@ export interface IssuerConfigRaw extends Omit<IssuerConfig, 'validateUrl' | 'log
7
7
  export declare function unifiedAuthenticate(req: FastifyRequest, options?: {
8
8
  authenticateAll?: boolean;
9
9
  exceptRoutes?: Set<string>;
10
+ optionalRoutes?: Set<string>;
10
11
  usingUaCookieRoutes?: boolean;
11
12
  }): Promise<FastifyTxStateAuthInfo | undefined>;
12
13
  /**
package/lib/unified-auth.js CHANGED
@@ -13,6 +13,7 @@ const issuerConfig = new Map();
13
13
  const trustedClients = new Set();
14
14
  const uaCookieName = process.env.UA_COOKIE_NAME ?? (0, crypto_1.randomBytes)(16).toString('hex');
15
15
  const uaCookieNameRegex = new RegExp(`${uaCookieName}=([^;]+)`);
16
+ const uaServiceUrl = (0, txstate_utils_1.isNotBlank)(process.env.PUBLIC_URL) ? process.env.PUBLIC_URL + (process.env.PUBLIC_URL.endsWith('/') ? '' : '/') + '.uaService' : undefined;
16
17
  const tokenCache = new txstate_utils_1.Cache(async (token, req) => {
17
18
  const claims = (0, jose_1.decodeJwt)(token);
18
19
  let verifyKey;
@@ -144,13 +145,17 @@ async function unifiedAuthenticate(req, options) {
144
145
  options.exceptRoutes ??= new Set();
145
146
  options.exceptRoutes.add('/.uaService');
146
147
  options.exceptRoutes.add('/.uaRedirect');
148
+ options.optionalRoutes ??= new Set();
149
+ options.optionalRoutes.add('/.uaLogout');
147
150
  }
148
- const isAuthenticatedRoute = options?.authenticateAll && (options.exceptRoutes == null || !options.exceptRoutes.has(req.routeOptions.url));
149
- if (isAuthenticatedRoute) {
150
- if ((0, txstate_utils_1.isBlank)(auth?.username))
151
- throw new Error('Request requires authentication.');
151
+ const isNoAuthenticationRoute = options?.exceptRoutes?.has(req.routeOptions.url);
152
+ const requiresAuthenticationRoute = options?.authenticateAll &&
153
+ !options?.exceptRoutes?.has(req.routeOptions.url) &&
154
+ !options?.optionalRoutes?.has(req.routeOptions.url);
155
+ if (requiresAuthenticationRoute && (0, txstate_utils_1.isBlank)(auth?.username)) {
156
+ throw new Error('Request requires authentication.');
152
157
  }
153
- return auth;
158
+ return isNoAuthenticationRoute ? undefined : auth;
154
159
  }
155
160
  /**
156
161
  * @deprecated Use unifiedAuthenticateWithOptions with { authenticateAll: true } instead.
@@ -167,7 +172,7 @@ async function requireCookieAuth(req, res) {
167
172
  if ((0, txstate_utils_1.isBlank)(req.auth?.username)) {
168
173
  const loginUrl = new URL(process.env.UA_URL + '/login');
169
174
  loginUrl.searchParams.set('clientId', process.env.UA_CLIENTID);
170
- loginUrl.searchParams.set('returnUrl', (0, txstate_utils_1.isNotBlank)(process.env.PUBLIC_URL) ? new URL(process.env.PUBLIC_URL + '/.uaService').toString() : new URL('/.uaService', req.url).toString());
175
+ loginUrl.searchParams.set('returnUrl', uaServiceUrl ?? new URL('/.uaService', req.url).toString());
171
176
  loginUrl.searchParams.set('requestedUrl', req.originalUrl);
172
177
  void res.redirect(loginUrl.toString());
173
178
  return true;
@@ -188,7 +193,7 @@ function registerUaCookieRoutes(app) {
188
193
  }
189
194
  }
190
195
  }, async (req, res) => {
191
- const redirectUrl = req.auth?.issuerConfig?.logoutUrl
196
+ const redirectUrl = req.auth?.issuerConfig?.logoutUrl && (0, txstate_utils_1.isNotBlank)(req.auth.token)
192
197
  ? `${req.auth.issuerConfig.logoutUrl.toString()}?unifiedJwt=${encodeURIComponent(req.auth.token)}`
193
198
  : (process.env.PUBLIC_URL || new URL('..', req.url).toString());
194
199
  return res
@@ -230,9 +235,12 @@ function registerUaCookieRoutes(app) {
230
235
  }
231
236
  }
232
237
  }, async (req, res) => {
233
- const loginUrl = new URL(process.env.UA_URL + '/login');
234
- loginUrl.searchParams.set('clientId', process.env.UA_CLIENTID);
235
- loginUrl.searchParams.set('returnUrl', new URL('.uaService', process.env.PUBLIC_URL || new URL(req.url, req.protocol + '://' + req.hostname)).toString());
238
+ const loginUrl = (0, txstate_utils_1.isNotBlank)(process.env.UA_URL)
239
+ ? new URL(process.env.UA_URL + '/login')
240
+ : new URL('login', issuerConfig.get('unified-auth')?.url);
241
+ loginUrl.searchParams.set('clientId', process.env.UA_CLIENTID ?? process.env.JWT_TRUSTED_CLIENTIDS.split(',')[0]);
242
+ const returnUrl = uaServiceUrl ?? new URL('.uaService', req.protocol + '://' + req.hostname).toString();
243
+ loginUrl.searchParams.set('returnUrl', returnUrl);
236
244
  if (req.query.requestedUrl)
237
245
  loginUrl.searchParams.set('requestedUrl', req.query.requestedUrl);
238
246
  return res.redirect(loginUrl.toString());
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "fastify-txstate",
3
- "version": "3.6.2",
3
+ "version": "3.6.4",
4
4
  "description": "A small wrapper for fastify providing a set of common conventions & utility functions we use.",
5
5
  "exports": {
6
6
  ".": {