npm - sst - Versions diffs - 3.0.7 → 3.0.9 - Mend

sst 3.0.7 → 3.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/auth/adapter/adapter.d.ts +4 -4
package/dist/auth/adapter/code.js +2 -2
package/dist/auth/adapter/link.js +2 -2
package/dist/auth/handler.js +9 -7
package/dist/auth/session.js +1 -1
package/package.json +1 -1

package/dist/auth/adapter/adapter.d.ts CHANGED Viewed

@@ -7,12 +7,12 @@ export interface AdapterOptions<Properties> {
     name: string;
     algorithm: string;
     encryption: {
-        publicKey: Promise<KeyLike>;
-        privateKey: Promise<KeyLike>;
+        publicKey: () => Promise<KeyLike>;
+        privateKey: () => Promise<KeyLike>;
     };
     signing: {
-        publicKey: Promise<KeyLike>;
-        privateKey: Promise<KeyLike>;
+        publicKey: () => Promise<KeyLike>;
+        privateKey: () => Promise<KeyLike>;
     };
     success: (ctx: Context, properties: Properties) => Promise<Response>;
     forward: (ctx: Context, response: Response) => Response;

package/dist/auth/adapter/code.js CHANGED Viewed

@@ -23,7 +23,7 @@ export function CodeAdapter(config) {
                 code,
             })))
                 .setProtectedHeader({ alg: "RSA-OAEP-512", enc: "A256GCM" })
-                .encrypt(await ctx.encryption.publicKey);
+                .encrypt(await ctx.encryption.publicKey());
             ctx.cookie(c, "authorization", authorization, 60 * 10);
             return ctx.forward(c, await config.onCodeRequest(code, claims, c.req.raw));
         });
@@ -31,7 +31,7 @@ export function CodeAdapter(config) {
             const authorization = getCookie(c, "authorization");
             if (!authorization)
                 throw new UnknownStateError();
-            const { code, claims } = JSON.parse(new TextDecoder().decode(await compactDecrypt(authorization, await ctx.encryption.privateKey).then((value) => value.plaintext)));
+            const { code, claims } = JSON.parse(new TextDecoder().decode(await compactDecrypt(authorization, await ctx.encryption.privateKey()).then((value) => value.plaintext)));
             if (!code || !claims) {
                 return ctx.forward(c, await config.onCodeInvalid(code, claims, c.req.raw));
             }

package/dist/auth/adapter/link.js CHANGED Viewed

@@ -5,7 +5,7 @@ export function LinkAdapter(config) {
             const token = await new SignJWT(c.req.query())
                 .setProtectedHeader({ alg: ctx.algorithm })
                 .setExpirationTime("10m")
-                .sign(await ctx.signing.privateKey);
+                .sign(await ctx.signing.privateKey());
             const url = new URL(new URL(c.req.url).origin);
             url.pathname = `/${ctx.name}/callback`;
             for (const key of url.searchParams.keys()) {
@@ -19,7 +19,7 @@ export function LinkAdapter(config) {
             const token = c.req.query("token");
             if (!token)
                 throw new Error("Missing token parameter");
-            const verified = await jwtVerify(token, await ctx.signing.publicKey);
+            const verified = await jwtVerify(token, await ctx.signing.publicKey());
             const resp = await ctx.success(c, { claims: verified.payload });
             return resp;
         });

package/dist/auth/handler.js CHANGED Viewed

@@ -34,6 +34,8 @@ export class InvalidSessionError extends Error {
         super("Invalid session");
     }
 }
+import process from "node:process";
+import { Resource } from "../resource.js";
 export function AuthHandler(input) {
     const app = new Hono();
     if (!input.callbacks.auth.error) {
@@ -48,12 +50,12 @@ export function AuthHandler(input) {
     }
     const options = {
         signing: {
-            privateKey: importPKCS8(process.env.AUTH_PRIVATE_KEY, "RS512"),
-            publicKey: importSPKI(process.env.AUTH_PUBLIC_KEY, "RS512"),
+            privateKey: () => importPKCS8(process.env.AUTH_PRIVATE_KEY || Resource.AUTH_PRIVATE_KEY, "RS512"),
+            publicKey: () => importSPKI(process.env.AUTH_PUBLIC_KEY || Resource.AUTH_PUBLIC_KEY, "RS512"),
         },
         encryption: {
-            privateKey: importPKCS8(process.env.AUTH_PRIVATE_KEY, "RSA-OAEP-512"),
-            publicKey: importSPKI(process.env.AUTH_PUBLIC_KEY, "RSA-OAEP-512"),
+            privateKey: () => importPKCS8(process.env.AUTH_PRIVATE_KEY || Resource.AUTH_PRIVATE_KEY, "RSA-OAEP-512"),
+            publicKey: () => importSPKI(process.env.AUTH_PUBLIC_KEY || Resource.AUTH_PUBLIC_KEY, "RSA-OAEP-512"),
         },
         algorithm: "RS512",
         async success(ctx, properties) {
@@ -67,7 +69,7 @@ export function AuthHandler(input) {
                     const token = await new SignJWT(session)
                         .setProtectedHeader({ alg: "RS512" })
                         .setExpirationTime("1yr")
-                        .sign(await options.signing.privateKey);
+                        .sign(await options.signing.privateKey());
                     deleteCookie(ctx, "provider");
                     deleteCookie(ctx, "response_type");
                     deleteCookie(ctx, "redirect_uri");
@@ -90,7 +92,7 @@ export function AuthHandler(input) {
                         })
                             .setProtectedHeader({ alg: "RS512" })
                             .setExpirationTime("30s")
-                            .sign(await options.signing.privateKey);
+                            .sign(await options.signing.privateKey());
                         const location = new URL(redirect_uri);
                         location.searchParams.set("code", code);
                         location.searchParams.set("state", state || "");
@@ -129,7 +131,7 @@ export function AuthHandler(input) {
             c.status(400);
             return c.text("Missing code");
         }
-        const { payload } = await jwtVerify(code, await options.signing.publicKey);
+        const { payload } = await jwtVerify(code, await options.signing.publicKey());
         if (payload.redirect_uri !== form.get("redirect_uri")) {
             c.status(400);
             return c.text("redirect_uri mismatch");

package/dist/auth/session.js CHANGED Viewed

@@ -12,7 +12,7 @@ export function createSessionBuilder() {
             return result.payload;
         },
         async create(session) {
-            const privateKey = await importPKCS8(process.env.AUTH_PRIVATE_KEY, "RS512");
+            const privateKey = await importPKCS8(process.env.AUTH_PRIVATE_KEY || Resource.AUTH_PRIVATE_KEY, "RS512");
             const token = await new SignJWT(session)
                 .setProtectedHeader({ alg: "RS512" })
                 .setExpirationTime("1yr")

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "name": "sst",
   "type": "module",
   "sideEffects": false,
-  "version": "3.0.7",
+  "version": "3.0.9",
   "main": "./dist/index.js",
   "exports": {
     ".": "./dist/index.js",