@clerk/express
Version:
Clerk server SDK for usage with Express
273 lines (260 loc) • 9.61 kB
JavaScript
;
var __defProp = Object.defineProperty;
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
var __getOwnPropNames = Object.getOwnPropertyNames;
var __hasOwnProp = Object.prototype.hasOwnProperty;
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
var __copyProps = (to, from, except, desc) => {
if (from && typeof from === "object" || typeof from === "function") {
for (let key of __getOwnPropNames(from))
if (!__hasOwnProp.call(to, key) && key !== except)
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
}
return to;
};
var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
// src/index.ts
var index_exports = {};
__export(index_exports, {
authenticateRequest: () => authenticateRequest,
clerkClient: () => clerkClient,
clerkMiddleware: () => clerkMiddleware,
getAuth: () => getAuth,
requireAuth: () => requireAuth
});
module.exports = __toCommonJS(index_exports);
__reExport(index_exports, require("@clerk/backend"), module.exports);
// src/clerkClient.ts
var import_backend = require("@clerk/backend");
// src/utils.ts
var import_underscore = require("@clerk/shared/underscore");
var requestHasAuthObject = (req) => {
return "auth" in req;
};
var loadClientEnv = () => {
return {
publishableKey: process.env.CLERK_PUBLISHABLE_KEY || "",
clerkJSUrl: process.env.CLERK_JS || "",
clerkJSVersion: process.env.CLERK_JS_VERSION || ""
};
};
var loadApiEnv = () => {
return {
secretKey: process.env.CLERK_SECRET_KEY || "",
apiUrl: process.env.CLERK_API_URL || "https://api.clerk.com",
apiVersion: process.env.CLERK_API_VERSION || "v1",
domain: process.env.CLERK_DOMAIN || "",
proxyUrl: process.env.CLERK_PROXY_URL || "",
signInUrl: process.env.CLERK_SIGN_IN_URL || "",
isSatellite: (0, import_underscore.isTruthy)(process.env.CLERK_IS_SATELLITE),
jwtKey: process.env.CLERK_JWT_KEY || "",
sdkMetadata: {
name: "@clerk/express",
version: "1.7.15",
environment: process.env.NODE_ENV
},
telemetry: {
disabled: (0, import_underscore.isTruthy)(process.env.CLERK_TELEMETRY_DISABLED),
debug: (0, import_underscore.isTruthy)(process.env.CLERK_TELEMETRY_DEBUG)
}
};
};
var incomingMessageToRequest = (req) => {
const headers = Object.keys(req.headers).reduce((acc, key) => Object.assign(acc, { [key]: req?.headers[key] }), {});
const protocol = req.connection?.encrypted ? "https" : "http";
const dummyOriginReqUrl = new URL(req.originalUrl || req.url || "", `${protocol}://clerk-dummy`);
return new Request(dummyOriginReqUrl, {
method: req.method,
headers: new Headers(headers)
});
};
// src/clerkClient.ts
var clerkClientSingleton = {};
var clerkClient = new Proxy(clerkClientSingleton, {
get(_target, property) {
if (property in clerkClientSingleton) {
return clerkClientSingleton[property];
}
const env = { ...loadApiEnv(), ...loadClientEnv() };
const client = (0, import_backend.createClerkClient)({ ...env, userAgent: `${"@clerk/express"}@${"1.7.15"}` });
if (env.secretKey) {
clerkClientSingleton = client;
}
return client[property];
},
set() {
return false;
}
});
// src/authenticateRequest.ts
var import_internal = require("@clerk/backend/internal");
var import_deprecated = require("@clerk/shared/deprecated");
var import_keys = require("@clerk/shared/keys");
var import_proxy = require("@clerk/shared/proxy");
var import_utils2 = require("@clerk/shared/utils");
// src/errors.ts
var createErrorMessage = (msg) => {
return `\u{1F512} Clerk: ${msg.trim()}
For more info, check out the docs: https://clerk.com/docs,
or come say hi in our discord server: https://clerk.com/discord
`;
};
var middlewareRequired = (fnName) => createErrorMessage(`The "clerkMiddleware" should be registered before using "${fnName}".
Example:
import express from 'express';
import { clerkMiddleware } from '@clerk/express';
const app = express();
app.use(clerkMiddleware());
`);
var satelliteAndMissingProxyUrlAndDomain = "Missing domain and proxyUrl. A satellite application needs to specify a domain or a proxyUrl";
var satelliteAndMissingSignInUrl = `
Invalid signInUrl. A satellite application requires a signInUrl for development instances.
Check if signInUrl is missing from your configuration or if it is not an absolute URL.`;
// src/authenticateRequest.ts
var authenticateRequest = (opts) => {
const { clerkClient: clerkClient2, request, options } = opts;
const { jwtKey, authorizedParties, audience, acceptsToken } = options || {};
const clerkRequest = (0, import_internal.createClerkRequest)(incomingMessageToRequest(request));
const env = { ...loadApiEnv(), ...loadClientEnv() };
const secretKey = options?.secretKey || env.secretKey;
const publishableKey = options?.publishableKey || env.publishableKey;
const isSatellite = (0, import_utils2.handleValueOrFn)(options?.isSatellite, clerkRequest.clerkUrl, env.isSatellite);
const domain = (0, import_utils2.handleValueOrFn)(options?.domain, clerkRequest.clerkUrl) || env.domain;
const signInUrl = options?.signInUrl || env.signInUrl;
const proxyUrl = absoluteProxyUrl(
(0, import_utils2.handleValueOrFn)(options?.proxyUrl, clerkRequest.clerkUrl, env.proxyUrl),
clerkRequest.clerkUrl.toString()
);
if (isSatellite && !proxyUrl && !domain) {
throw new Error(satelliteAndMissingProxyUrlAndDomain);
}
if (isSatellite && !(0, import_proxy.isHttpOrHttps)(signInUrl) && (0, import_keys.isDevelopmentFromSecretKey)(secretKey || "")) {
throw new Error(satelliteAndMissingSignInUrl);
}
return clerkClient2.authenticateRequest(clerkRequest, {
audience,
secretKey,
publishableKey,
jwtKey,
authorizedParties,
proxyUrl,
isSatellite,
domain,
signInUrl,
acceptsToken
});
};
var setResponseHeaders = (requestState, res) => {
if (requestState.headers) {
requestState.headers.forEach((value, key) => res.appendHeader(key, value));
}
return setResponseForHandshake(requestState, res);
};
var setResponseForHandshake = (requestState, res) => {
const hasLocationHeader = requestState.headers.get("location");
if (hasLocationHeader) {
res.status(307).end();
return;
}
if (requestState.status === import_internal.AuthStatus.Handshake) {
return new Error("Clerk: unexpected handshake without redirect");
}
return;
};
var absoluteProxyUrl = (relativeOrAbsoluteUrl, baseUrl) => {
if (!relativeOrAbsoluteUrl || !(0, import_proxy.isValidProxyUrl)(relativeOrAbsoluteUrl) || !(0, import_proxy.isProxyUrlRelative)(relativeOrAbsoluteUrl)) {
return relativeOrAbsoluteUrl;
}
return new URL(relativeOrAbsoluteUrl, baseUrl).toString();
};
var authenticateAndDecorateRequest = (options = {}) => {
const clerkClient2 = options.clerkClient || clerkClient;
const enableHandshake = options.enableHandshake ?? true;
const middleware = async (request, response, next) => {
if (request.auth) {
return next();
}
try {
const requestState = await authenticateRequest({
clerkClient: clerkClient2,
request,
options
});
if (enableHandshake) {
const err = setResponseHeaders(requestState, response);
if (err) {
return next(err);
}
if (response.writableEnded) {
return;
}
}
const authHandler = (opts) => requestState.toAuth(opts);
const authObject = requestState.toAuth();
const auth = new Proxy(authHandler, {
get(target, prop, receiver) {
(0, import_deprecated.deprecated)("req.auth", "Use `req.auth()` as a function instead.");
if (prop in target) return Reflect.get(target, prop, receiver);
return authObject?.[prop];
}
});
Object.assign(request, { auth });
next();
} catch (err) {
next(err);
}
};
return middleware;
};
// src/clerkMiddleware.ts
var clerkMiddleware = (options = {}) => {
const authMiddleware = authenticateAndDecorateRequest({
...options,
acceptsToken: "any"
});
return (request, response, next) => {
authMiddleware(request, response, next);
};
};
// src/getAuth.ts
var import_internal2 = require("@clerk/backend/internal");
var getAuth = (req, options) => {
if (!requestHasAuthObject(req)) {
throw new Error(middlewareRequired("getAuth"));
}
const authObject = req.auth(options);
return (0, import_internal2.getAuthObjectForAcceptedToken)({ authObject, acceptsToken: options?.acceptsToken });
};
// src/requireAuth.ts
var requireAuth = (options = {}) => {
const authMiddleware = authenticateAndDecorateRequest({
...options,
acceptsToken: "any"
});
return (request, response, next) => {
authMiddleware(request, response, (err) => {
if (err) {
return next(err);
}
const signInUrl = options.signInUrl || process.env.CLERK_SIGN_IN_URL || "/";
if (!request.auth()?.userId) {
return response.redirect(signInUrl);
}
next();
});
};
};
// Annotate the CommonJS export names for ESM import in node:
0 && (module.exports = {
authenticateRequest,
clerkClient,
clerkMiddleware,
getAuth,
requireAuth,
...require("@clerk/backend")
});
//# sourceMappingURL=index.js.map