fastify-txstate 3.6.3 → 3.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/unified-auth.d.ts +1 -0
- package/lib/unified-auth.js +14 -8
- package/package.json +1 -1
package/lib/unified-auth.d.ts
CHANGED
|
@@ -7,6 +7,7 @@ export interface IssuerConfigRaw extends Omit<IssuerConfig, 'validateUrl' | 'log
|
|
|
7
7
|
export declare function unifiedAuthenticate(req: FastifyRequest, options?: {
|
|
8
8
|
authenticateAll?: boolean;
|
|
9
9
|
exceptRoutes?: Set<string>;
|
|
10
|
+
optionalRoutes?: Set<string>;
|
|
10
11
|
usingUaCookieRoutes?: boolean;
|
|
11
12
|
}): Promise<FastifyTxStateAuthInfo | undefined>;
|
|
12
13
|
/**
|
package/lib/unified-auth.js
CHANGED
|
@@ -145,13 +145,17 @@ async function unifiedAuthenticate(req, options) {
|
|
|
145
145
|
options.exceptRoutes ??= new Set();
|
|
146
146
|
options.exceptRoutes.add('/.uaService');
|
|
147
147
|
options.exceptRoutes.add('/.uaRedirect');
|
|
148
|
+
options.optionalRoutes ??= new Set();
|
|
149
|
+
options.optionalRoutes.add('/.uaLogout');
|
|
148
150
|
}
|
|
149
|
-
const
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
151
|
+
const isNoAuthenticationRoute = options?.exceptRoutes?.has(req.routeOptions.url);
|
|
152
|
+
const requiresAuthenticationRoute = options?.authenticateAll &&
|
|
153
|
+
!options?.exceptRoutes?.has(req.routeOptions.url) &&
|
|
154
|
+
!options?.optionalRoutes?.has(req.routeOptions.url);
|
|
155
|
+
if (requiresAuthenticationRoute && (0, txstate_utils_1.isBlank)(auth?.username)) {
|
|
156
|
+
throw new Error('Request requires authentication.');
|
|
153
157
|
}
|
|
154
|
-
return auth;
|
|
158
|
+
return isNoAuthenticationRoute ? undefined : auth;
|
|
155
159
|
}
|
|
156
160
|
/**
|
|
157
161
|
* @deprecated Use unifiedAuthenticateWithOptions with { authenticateAll: true } instead.
|
|
@@ -189,7 +193,7 @@ function registerUaCookieRoutes(app) {
|
|
|
189
193
|
}
|
|
190
194
|
}
|
|
191
195
|
}, async (req, res) => {
|
|
192
|
-
const redirectUrl = req.auth?.issuerConfig?.logoutUrl
|
|
196
|
+
const redirectUrl = req.auth?.issuerConfig?.logoutUrl && (0, txstate_utils_1.isNotBlank)(req.auth.token)
|
|
193
197
|
? `${req.auth.issuerConfig.logoutUrl.toString()}?unifiedJwt=${encodeURIComponent(req.auth.token)}`
|
|
194
198
|
: (process.env.PUBLIC_URL || new URL('..', req.url).toString());
|
|
195
199
|
return res
|
|
@@ -231,8 +235,10 @@ function registerUaCookieRoutes(app) {
|
|
|
231
235
|
}
|
|
232
236
|
}
|
|
233
237
|
}, async (req, res) => {
|
|
234
|
-
const loginUrl =
|
|
235
|
-
|
|
238
|
+
const loginUrl = (0, txstate_utils_1.isNotBlank)(process.env.UA_URL)
|
|
239
|
+
? new URL(process.env.UA_URL + '/login')
|
|
240
|
+
: new URL('login', issuerConfig.get('unified-auth')?.url);
|
|
241
|
+
loginUrl.searchParams.set('clientId', process.env.UA_CLIENTID ?? process.env.JWT_TRUSTED_CLIENTIDS.split(',')[0]);
|
|
236
242
|
const returnUrl = uaServiceUrl ?? new URL('.uaService', req.protocol + '://' + req.hostname).toString();
|
|
237
243
|
loginUrl.searchParams.set('returnUrl', returnUrl);
|
|
238
244
|
if (req.query.requestedUrl)
|