UNPKG

@backstage/backend-defaults

Version:

Backend defaults used by Backstage backend apps

backstage.io

backstage/backstage

53 lines (49 loc) 1.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
'use strict'; var jose = require('jose'); const legacyTokenHandler = { type: "legacy", initialize(ctx) { const secret = ctx.options.getString("secret"); const subject = ctx.legacy ? "external:backstage-plugin" : ctx.options.getString("subject"); if (!secret.match(/^\S+$/)) { throw new Error("Illegal secret, must be a valid base64 string"); } else if (!subject.match(/^\S+$/)) { throw new Error("Illegal subject, must be a set of non-space characters"); } try { return { key: jose.base64url.decode(secret), subject }; } catch { throw new Error("Illegal secret, must be a valid base64 string"); } }, async verifyToken(token, context) { try { const { alg } = jose.decodeProtectedHeader(token); if (alg !== "HS256") { return void 0; } const { sub, aud } = jose.decodeJwt(token); if (sub !== "backstage-server" || aud) { return void 0; } } catch (e) { return void 0; } try { await jose.jwtVerify(token, context.key); return { subject: context.subject }; } catch (error) { if (error.code !== "ERR_JWS_SIGNATURE_VERIFICATION_FAILED") { throw error; } } return void 0; } }; exports.legacyTokenHandler = legacyTokenHandler; //# sourceMappingURL=legacy.cjs.js.map