sst 3.0.4 → 3.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import * as jose from "jose";
|
|
2
1
|
import { deleteCookie, getCookie } from "hono/cookie";
|
|
3
2
|
import { UnknownStateError } from "../index.js";
|
|
3
|
+
import { CompactEncrypt, compactDecrypt } from "jose";
|
|
4
4
|
export function CodeAdapter(config) {
|
|
5
5
|
const length = config.length || 6;
|
|
6
6
|
function generate() {
|
|
@@ -18,7 +18,7 @@ export function CodeAdapter(config) {
|
|
|
18
18
|
delete claims["redirect_uri"];
|
|
19
19
|
delete claims["response_type"];
|
|
20
20
|
delete claims["provider"];
|
|
21
|
-
const authorization = await new
|
|
21
|
+
const authorization = await new CompactEncrypt(new TextEncoder().encode(JSON.stringify({
|
|
22
22
|
claims,
|
|
23
23
|
code,
|
|
24
24
|
})))
|
|
@@ -31,9 +31,7 @@ export function CodeAdapter(config) {
|
|
|
31
31
|
const authorization = getCookie(c, "authorization");
|
|
32
32
|
if (!authorization)
|
|
33
33
|
throw new UnknownStateError();
|
|
34
|
-
const { code, claims } = JSON.parse(new TextDecoder().decode(await
|
|
35
|
-
.compactDecrypt(authorization, await ctx.encryption.privateKey)
|
|
36
|
-
.then((value) => value.plaintext)));
|
|
34
|
+
const { code, claims } = JSON.parse(new TextDecoder().decode(await compactDecrypt(authorization, await ctx.encryption.privateKey).then((value) => value.plaintext)));
|
|
37
35
|
if (!code || !claims) {
|
|
38
36
|
return ctx.forward(c, await config.onCodeInvalid(code, claims, c.req.raw));
|
|
39
37
|
}
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import
|
|
1
|
+
import { SignJWT, jwtVerify } from "jose";
|
|
2
2
|
export function LinkAdapter(config) {
|
|
3
3
|
return function (routes, ctx) {
|
|
4
4
|
routes.get("/authorize", async (c) => {
|
|
5
|
-
const token = await new
|
|
5
|
+
const token = await new SignJWT(c.req.query())
|
|
6
6
|
.setProtectedHeader({ alg: ctx.algorithm })
|
|
7
7
|
.setExpirationTime("10m")
|
|
8
8
|
.sign(await ctx.signing.privateKey);
|
|
@@ -19,7 +19,7 @@ export function LinkAdapter(config) {
|
|
|
19
19
|
const token = c.req.query("token");
|
|
20
20
|
if (!token)
|
|
21
21
|
throw new Error("Missing token parameter");
|
|
22
|
-
const verified = await
|
|
22
|
+
const verified = await jwtVerify(token, await ctx.signing.publicKey);
|
|
23
23
|
const resp = await ctx.success(c, { claims: verified.payload });
|
|
24
24
|
return resp;
|
|
25
25
|
});
|
package/dist/auth/handler.d.ts
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
/// <reference types="node" resolution-mode="require"/>
|
|
2
2
|
import { Adapter } from "./adapter/adapter.js";
|
|
3
|
-
import
|
|
3
|
+
import { JWTPayload } from "jose";
|
|
4
4
|
import { SessionBuilder } from "./session.js";
|
|
5
5
|
import { Hono } from "hono/tiny";
|
|
6
6
|
interface OnSuccessResponder<T extends {
|
|
7
7
|
type: any;
|
|
8
8
|
properties: any;
|
|
9
9
|
}> {
|
|
10
|
-
session(input: T &
|
|
10
|
+
session(input: T & JWTPayload): Promise<Response>;
|
|
11
11
|
}
|
|
12
12
|
export declare class UnknownProviderError extends Error {
|
|
13
13
|
provider?: string | undefined;
|
package/dist/auth/handler.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import
|
|
1
|
+
import { SignJWT, importPKCS8, importSPKI, jwtVerify } from "jose";
|
|
2
2
|
import { Hono } from "hono/tiny";
|
|
3
3
|
import { deleteCookie, getCookie, setCookie } from "hono/cookie";
|
|
4
4
|
export class UnknownProviderError extends Error {
|
|
@@ -48,12 +48,12 @@ export function AuthHandler(input) {
|
|
|
48
48
|
}
|
|
49
49
|
const options = {
|
|
50
50
|
signing: {
|
|
51
|
-
privateKey:
|
|
52
|
-
publicKey:
|
|
51
|
+
privateKey: importPKCS8(process.env.AUTH_PRIVATE_KEY, "RS512"),
|
|
52
|
+
publicKey: importSPKI(process.env.AUTH_PUBLIC_KEY, "RS512"),
|
|
53
53
|
},
|
|
54
54
|
encryption: {
|
|
55
|
-
privateKey:
|
|
56
|
-
publicKey:
|
|
55
|
+
privateKey: importPKCS8(process.env.AUTH_PRIVATE_KEY, "RSA-OAEP-512"),
|
|
56
|
+
publicKey: importSPKI(process.env.AUTH_PUBLIC_KEY, "RSA-OAEP-512"),
|
|
57
57
|
},
|
|
58
58
|
algorithm: "RS512",
|
|
59
59
|
async success(ctx, properties) {
|
|
@@ -64,7 +64,7 @@ export function AuthHandler(input) {
|
|
|
64
64
|
}
|
|
65
65
|
return await input.callbacks.auth.success({
|
|
66
66
|
async session(session) {
|
|
67
|
-
const token = await new
|
|
67
|
+
const token = await new SignJWT(session)
|
|
68
68
|
.setProtectedHeader({ alg: "RS512" })
|
|
69
69
|
.setExpirationTime("1yr")
|
|
70
70
|
.sign(await options.signing.privateKey);
|
|
@@ -83,7 +83,7 @@ export function AuthHandler(input) {
|
|
|
83
83
|
// This allows the code to be reused within a 30 second window
|
|
84
84
|
// The code should be single use but we're making this tradeoff to remain stateless
|
|
85
85
|
// In the future can store this in a dynamo table to ensure single use
|
|
86
|
-
const code = await new
|
|
86
|
+
const code = await new SignJWT({
|
|
87
87
|
client_id,
|
|
88
88
|
redirect_uri,
|
|
89
89
|
token,
|
|
@@ -129,7 +129,7 @@ export function AuthHandler(input) {
|
|
|
129
129
|
c.status(400);
|
|
130
130
|
return c.text("Missing code");
|
|
131
131
|
}
|
|
132
|
-
const { payload } = await
|
|
132
|
+
const { payload } = await jwtVerify(code, await options.signing.publicKey);
|
|
133
133
|
if (payload.redirect_uri !== form.get("redirect_uri")) {
|
|
134
134
|
c.status(400);
|
|
135
135
|
return c.text("redirect_uri mismatch");
|
package/dist/auth/session.d.ts
CHANGED
|
@@ -7,6 +7,13 @@ export declare function createSessionBuilder<SessionTypes extends Record<string,
|
|
|
7
7
|
type: "public";
|
|
8
8
|
properties: {};
|
|
9
9
|
}>;
|
|
10
|
+
create(session: { [type in keyof SessionTypes]: {
|
|
11
|
+
type: type;
|
|
12
|
+
properties: SessionTypes[type];
|
|
13
|
+
}; }[keyof SessionTypes] | {
|
|
14
|
+
type: "public";
|
|
15
|
+
properties: {};
|
|
16
|
+
}): Promise<string>;
|
|
10
17
|
$type: SessionTypes;
|
|
11
18
|
$typeValues: { [type in keyof SessionTypes]: {
|
|
12
19
|
type: type;
|
package/dist/auth/session.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { importSPKI, jwtVerify } from "jose";
|
|
1
|
+
import { SignJWT, importPKCS8, importSPKI, jwtVerify } from "jose";
|
|
2
2
|
import { Resource } from "../resource.js";
|
|
3
3
|
export function createSessionBuilder() {
|
|
4
4
|
return {
|
|
@@ -11,6 +11,14 @@ export function createSessionBuilder() {
|
|
|
11
11
|
const result = await jwtVerify(token, await importSPKI(publicKey, "RS512"));
|
|
12
12
|
return result.payload;
|
|
13
13
|
},
|
|
14
|
+
async create(session) {
|
|
15
|
+
const privateKey = await importPKCS8(process.env.AUTH_PRIVATE_KEY, "RS512");
|
|
16
|
+
const token = await new SignJWT(session)
|
|
17
|
+
.setProtectedHeader({ alg: "RS512" })
|
|
18
|
+
.setExpirationTime("1yr")
|
|
19
|
+
.sign(privateKey);
|
|
20
|
+
return token;
|
|
21
|
+
},
|
|
14
22
|
$type: {},
|
|
15
23
|
$typeValues: {},
|
|
16
24
|
};
|
package/package.json
CHANGED
|
@@ -3,11 +3,14 @@
|
|
|
3
3
|
"name": "sst",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"sideEffects": false,
|
|
6
|
-
"version": "3.0.
|
|
6
|
+
"version": "3.0.6",
|
|
7
7
|
"main": "./dist/index.js",
|
|
8
8
|
"exports": {
|
|
9
9
|
".": "./dist/index.js",
|
|
10
|
-
"./*":
|
|
10
|
+
"./*": [
|
|
11
|
+
"./dist/*/index.js",
|
|
12
|
+
"./dist/*.js"
|
|
13
|
+
]
|
|
11
14
|
},
|
|
12
15
|
"devDependencies": {
|
|
13
16
|
"@tsconfig/node18": "^18.2.2",
|