UNPKG

@backstage/backend-test-utils

Version:

Test helpers library for Backstage backends

backstage.io

backstage/backstage

88 lines (84 loc) 2.88 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
'use strict'; var cookie = require('cookie'); var MockAuthService = require('./MockAuthService.cjs.js'); var errors = require('@backstage/errors'); var mockCredentials = require('./mockCredentials.cjs.js'); class MockHttpAuthService { #auth; #defaultCredentials; constructor(pluginId, defaultCredentials) { this.#auth = new MockAuthService.MockAuthService({ pluginId, disableDefaultAuthPolicy: false }); this.#defaultCredentials = defaultCredentials; } async #getCredentials(req, allowLimitedAccess) { const header = req.headers.authorization; const token = typeof header === "string" ? header.match(/^Bearer[ ]+(\S+)$/i)?.[1] : void 0; if (token) { if (token === mockCredentials.MOCK_NONE_TOKEN) { return this.#auth.getNoneCredentials(); } return await this.#auth.authenticate(token, { allowLimitedAccess }); } if (allowLimitedAccess) { const cookieHeader = req.headers.cookie; if (cookieHeader) { const cookies = cookie.parse(cookieHeader); const cookie$1 = cookies[mockCredentials.MOCK_AUTH_COOKIE]; if (cookie$1) { return await this.#auth.authenticate(cookie$1, { allowLimitedAccess: true }); } } } return this.#defaultCredentials; } async credentials(req, options) { const credentials = await this.#getCredentials( req, options?.allowLimitedAccess ?? false ); const allowedPrincipalTypes = options?.allow; if (!allowedPrincipalTypes) { return credentials; } if (this.#auth.isPrincipal(credentials, "none")) { if (allowedPrincipalTypes.includes("none")) { return credentials; } throw new errors.AuthenticationError("Missing credentials"); } else if (this.#auth.isPrincipal(credentials, "user")) { if (allowedPrincipalTypes.includes("user")) { return credentials; } throw new errors.NotAllowedError( `This endpoint does not allow 'user' credentials` ); } else if (this.#auth.isPrincipal(credentials, "service")) { if (allowedPrincipalTypes.includes("service")) { return credentials; } throw new errors.NotAllowedError( `This endpoint does not allow 'service' credentials` ); } throw new errors.NotAllowedError( "Unknown principal type, this should never happen" ); } async issueUserCookie(res, options) { const credentials = options?.credentials ?? await this.credentials(res.req, { allow: ["user"] }); res.setHeader( "Set-Cookie", mockCredentials.mockCredentials.limitedUser.cookie(credentials.principal.userEntityRef) ); return { expiresAt: new Date(Date.now() + 36e5) }; } } exports.MockHttpAuthService = MockHttpAuthService; //# sourceMappingURL=MockHttpAuthService.cjs.js.map