UNPKG

@auth/core

Version:

Authentication for the Web.

authjs.dev

nextauthjs/next-auth

152 lines (123 loc) 4.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
import * as cookie from "../vendored/cookie.js" import { UnknownAction } from "../../errors.js" import { setLogger } from "./logger.js" import type { AuthAction, RequestInternal, ResponseInternal, } from "../../types.js" import { isAuthAction } from "./actions.js" import type { AuthConfig } from "../../index.js" const { parse: parseCookie, serialize: serializeCookie } = cookie async function getBody(req: Request): Promise<Record<string, any> | undefined> { if (!("body" in req) || !req.body || req.method !== "POST") return const contentType = req.headers.get("content-type") if (contentType?.includes("application/json")) { return await req.json() } else if (contentType?.includes("application/x-www-form-urlencoded")) { const params = new URLSearchParams(await req.text()) return Object.fromEntries(params) } } export async function toInternalRequest( req: Request, config: AuthConfig ): Promise<RequestInternal | undefined> { try { if (req.method !== "GET" && req.method !== "POST") throw new UnknownAction("Only GET and POST requests are supported") // Defaults are usually set in the `init` function, but this is needed below config.basePath ??= "/auth" const url = new URL(req.url) const { action, providerId } = parseActionAndProviderId( url.pathname, config.basePath ) return { url, action, providerId, method: req.method, headers: Object.fromEntries(req.headers), body: req.body ? await getBody(req) : undefined, cookies: parseCookie(req.headers.get("cookie") ?? "") ?? {}, error: url.searchParams.get("error") ?? undefined, query: Object.fromEntries(url.searchParams), } } catch (e) { const logger = setLogger(config) logger.error(e as Error) logger.debug("request", req) } } export function toRequest(request: RequestInternal): Request { return new Request(request.url, { headers: request.headers, method: request.method, body: request.method === "POST" ? JSON.stringify(request.body ?? {}) : undefined, }) } export function toResponse(res: ResponseInternal): Response { const headers = new Headers(res.headers) res.cookies?.forEach((cookie) => { const { name, value, options } = cookie const cookieHeader = serializeCookie(name, value, options) if (headers.has("Set-Cookie")) headers.append("Set-Cookie", cookieHeader) else headers.set("Set-Cookie", cookieHeader) }) let body = res.body if (headers.get("content-type") === "application/json") body = JSON.stringify(res.body) else if (headers.get("content-type") === "application/x-www-form-urlencoded") body = new URLSearchParams(res.body).toString() const status = res.redirect ? 302 : (res.status ?? 200) const response = new Response(body, { headers, status }) if (res.redirect) response.headers.set("Location", res.redirect) return response } /** Web compatible method to create a hash, using SHA256 */ export async function createHash(message: string) { const data = new TextEncoder().encode(message) const hash = await crypto.subtle.digest("SHA-256", data) return Array.from(new Uint8Array(hash)) .map((b) => b.toString(16).padStart(2, "0")) .join("") .toString() } /** Web compatible method to create a random string of a given length */ export function randomString(size: number) { const i2hex = (i: number) => ("0" + i.toString(16)).slice(-2) const r = (a: string, i: number): string => a + i2hex(i) const bytes = crypto.getRandomValues(new Uint8Array(size)) return Array.from(bytes).reduce(r, "") } /** @internal Parse the action and provider id from a URL pathname. */ export function parseActionAndProviderId( pathname: string, base: string ): { action: AuthAction providerId?: string } { const a = pathname.match(new RegExp(`^${base}(.+)`)) if (a === null) throw new UnknownAction(`Cannot parse action at ${pathname}`) const actionAndProviderId = a.at(-1)! const b = actionAndProviderId.replace(/^\//, "").split("/").filter(Boolean) if (b.length !== 1 && b.length !== 2) throw new UnknownAction(`Cannot parse action at ${pathname}`) const [action, providerId] = b if (!isAuthAction(action)) throw new UnknownAction(`Cannot parse action at ${pathname}`) if ( providerId && !["signin", "callback", "webauthn-options"].includes(action) ) throw new UnknownAction(`Cannot parse action at ${pathname}`) return { action, providerId: providerId == "undefined" ? undefined : providerId, } }