kavachos 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/index.js +28 -10
- package/dist/auth/index.js.map +1 -1
- package/dist/index.js +28 -10
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/auth/index.js
CHANGED
|
@@ -1062,8 +1062,16 @@ async function parseBody(request) {
|
|
|
1062
1062
|
};
|
|
1063
1063
|
}
|
|
1064
1064
|
}
|
|
1065
|
-
function buildSetCookie(name, value, maxAge, path = "/") {
|
|
1066
|
-
|
|
1065
|
+
function buildSetCookie(name, value, maxAge, path = "/", secure = true) {
|
|
1066
|
+
const parts = [
|
|
1067
|
+
`${name}=${encodeURIComponent(value)}`,
|
|
1068
|
+
"HttpOnly",
|
|
1069
|
+
"SameSite=Lax",
|
|
1070
|
+
`Path=${path}`,
|
|
1071
|
+
`Max-Age=${maxAge}`
|
|
1072
|
+
];
|
|
1073
|
+
if (secure) parts.splice(1, 0, "Secure");
|
|
1074
|
+
return parts.join("; ");
|
|
1067
1075
|
}
|
|
1068
1076
|
|
|
1069
1077
|
// src/auth/admin-plugin.ts
|
|
@@ -5084,7 +5092,8 @@ function oauth(config) {
|
|
|
5084
5092
|
if (userId !== "__pending__") {
|
|
5085
5093
|
const { session, token } = await sessionManager.create(userId);
|
|
5086
5094
|
const maxAge = Math.floor((session.expiresAt.getTime() - Date.now()) / 1e3);
|
|
5087
|
-
const
|
|
5095
|
+
const isSecure = baseUrl.startsWith("https://");
|
|
5096
|
+
const cookie = buildSetCookie("kavach_session", token, maxAge, "/", isSecure);
|
|
5088
5097
|
const userInfo = encodeURIComponent(JSON.stringify({ id: userId, email }));
|
|
5089
5098
|
const callbackUrl = `${baseUrl}/?auth_user=${userInfo}`;
|
|
5090
5099
|
return new Response(null, {
|
|
@@ -5388,13 +5397,14 @@ function createGithubProvider(config) {
|
|
|
5388
5397
|
});
|
|
5389
5398
|
return `${AUTHORIZATION_URL3}?${params.toString()}`;
|
|
5390
5399
|
}
|
|
5391
|
-
async function exchangeCode(code,
|
|
5400
|
+
async function exchangeCode(code, codeVerifier, redirectUri) {
|
|
5392
5401
|
const effectiveRedirectUri = config.redirectUri ?? redirectUri;
|
|
5393
5402
|
const body = new URLSearchParams({
|
|
5394
5403
|
client_id: config.clientId,
|
|
5395
5404
|
client_secret: config.clientSecret,
|
|
5396
5405
|
code,
|
|
5397
|
-
redirect_uri: effectiveRedirectUri
|
|
5406
|
+
redirect_uri: effectiveRedirectUri,
|
|
5407
|
+
code_verifier: codeVerifier
|
|
5398
5408
|
});
|
|
5399
5409
|
const response = await fetch(TOKEN_URL3, {
|
|
5400
5410
|
method: "POST",
|
|
@@ -5690,14 +5700,15 @@ function createLinkedInProvider(config) {
|
|
|
5690
5700
|
});
|
|
5691
5701
|
return `${AUTHORIZATION_URL6}?${params.toString()}`;
|
|
5692
5702
|
}
|
|
5693
|
-
async function exchangeCode(code,
|
|
5703
|
+
async function exchangeCode(code, codeVerifier, redirectUri) {
|
|
5694
5704
|
const effectiveRedirectUri = config.redirectUri ?? redirectUri;
|
|
5695
5705
|
const body = new URLSearchParams({
|
|
5696
5706
|
grant_type: "authorization_code",
|
|
5697
5707
|
client_id: config.clientId,
|
|
5698
5708
|
client_secret: config.clientSecret,
|
|
5699
5709
|
code,
|
|
5700
|
-
redirect_uri: effectiveRedirectUri
|
|
5710
|
+
redirect_uri: effectiveRedirectUri,
|
|
5711
|
+
code_verifier: codeVerifier
|
|
5701
5712
|
});
|
|
5702
5713
|
const response = await fetch(TOKEN_URL6, {
|
|
5703
5714
|
method: "POST",
|
|
@@ -5881,14 +5892,15 @@ function createSlackProvider(config) {
|
|
|
5881
5892
|
});
|
|
5882
5893
|
return `${AUTHORIZATION_URL8}?${params.toString()}`;
|
|
5883
5894
|
}
|
|
5884
|
-
async function exchangeCode(code,
|
|
5895
|
+
async function exchangeCode(code, codeVerifier, redirectUri) {
|
|
5885
5896
|
const effectiveRedirectUri = config.redirectUri ?? redirectUri;
|
|
5886
5897
|
const body = new URLSearchParams({
|
|
5887
5898
|
grant_type: "authorization_code",
|
|
5888
5899
|
client_id: config.clientId,
|
|
5889
5900
|
client_secret: config.clientSecret,
|
|
5890
5901
|
code,
|
|
5891
|
-
redirect_uri: effectiveRedirectUri
|
|
5902
|
+
redirect_uri: effectiveRedirectUri,
|
|
5903
|
+
code_verifier: codeVerifier
|
|
5892
5904
|
});
|
|
5893
5905
|
const response = await fetch(TOKEN_URL8, {
|
|
5894
5906
|
method: "POST",
|
|
@@ -10000,7 +10012,13 @@ function passkey(config) {
|
|
|
10000
10012
|
status: 200,
|
|
10001
10013
|
headers: {
|
|
10002
10014
|
"Content-Type": "application/json",
|
|
10003
|
-
"Set-Cookie": buildSetCookie(
|
|
10015
|
+
"Set-Cookie": buildSetCookie(
|
|
10016
|
+
"kavach_session",
|
|
10017
|
+
token,
|
|
10018
|
+
maxAge,
|
|
10019
|
+
"/",
|
|
10020
|
+
(ctx.config.baseUrl ?? "").startsWith("https://")
|
|
10021
|
+
)
|
|
10004
10022
|
}
|
|
10005
10023
|
}
|
|
10006
10024
|
);
|