UNPKG

@clerk/nextjs

Version:

Clerk SDK for NextJS

168 lines 5.66 kB
import "../../chunk-BUSYA2B4.js"; import { authenticatedMachineObject, AuthStatus, constants, getAuthObjectFromJwt, getMachineTokenType, invalidTokenAuthObject, isMachineTokenByPrefix, isMachineTokenType, isTokenTypeAccepted, signedOutAuthObject, TokenType, unauthenticatedMachineObject, verifyMachineAuthToken } from "@clerk/backend/internal"; import { decodeJwt } from "@clerk/backend/jwt"; import { API_URL, API_VERSION, PUBLISHABLE_KEY, SECRET_KEY } from "../constants"; import { getAuthKeyFromRequest, getHeader } from "../headers-utils"; import { assertTokenSignature, decryptClerkRequestData } from "../utils"; const getAuthDataFromRequestSync = (req, { treatPendingAsSignedOut = true, ...opts } = {}) => { var _a, _b; const { authStatus, authMessage, authReason, authToken, authSignature } = getAuthHeaders(req); (_a = opts.logger) == null ? void 0 : _a.debug("headers", { authStatus, authMessage, authReason }); const encryptedRequestData = getHeader(req, constants.Headers.ClerkRequestData); const decryptedRequestData = decryptClerkRequestData(encryptedRequestData); const options = { secretKey: (opts == null ? void 0 : opts.secretKey) || decryptedRequestData.secretKey || SECRET_KEY, publishableKey: decryptedRequestData.publishableKey || PUBLISHABLE_KEY, apiUrl: API_URL, apiVersion: API_VERSION, authStatus, authMessage, authReason, treatPendingAsSignedOut }; if (!isTokenTypeAccepted(TokenType.SessionToken, opts.acceptsToken || TokenType.SessionToken)) { return signedOutAuthObject(options); } let authObject; if (!authStatus || authStatus !== AuthStatus.SignedIn) { authObject = signedOutAuthObject(options); } else { assertTokenSignature(authToken, options.secretKey, authSignature); const jwt = decodeJwt(authToken); (_b = opts.logger) == null ? void 0 : _b.debug("jwt", jwt.raw); return getAuthObjectFromJwt(jwt, options); } return authObject; }; const getAuthDataFromRequestAsync = async (req, opts = {}) => { var _a, _b; const { authStatus, authMessage, authReason } = getAuthHeaders(req); (_a = opts.logger) == null ? void 0 : _a.debug("headers", { authStatus, authMessage, authReason }); const bearerToken = (_b = getHeader(req, constants.Headers.Authorization)) == null ? void 0 : _b.replace("Bearer ", ""); const acceptsToken = opts.acceptsToken || TokenType.SessionToken; const options = { secretKey: (opts == null ? void 0 : opts.secretKey) || SECRET_KEY, publishableKey: PUBLISHABLE_KEY, apiUrl: API_URL, authStatus, authMessage, authReason }; if (bearerToken) { const isMachine = isMachineTokenByPrefix(bearerToken); const tokenType = isMachine ? getMachineTokenType(bearerToken) : void 0; if (Array.isArray(acceptsToken)) { if (isMachine) { return handleMachineToken({ bearerToken, tokenType, acceptsToken, options }); } } else { let intendedType; if (isMachineTokenType(acceptsToken)) { intendedType = acceptsToken; } const result = await handleIntentBased({ isMachine, tokenType, intendedType, bearerToken, acceptsToken, options }); if (result) { return result; } } } if (Array.isArray(acceptsToken)) { if (!isTokenTypeAccepted(TokenType.SessionToken, acceptsToken)) { return invalidTokenAuthObject(); } } return getAuthDataFromRequestSync(req, opts); }; const getAuthHeaders = (req) => { const authStatus = getAuthKeyFromRequest(req, "AuthStatus"); const authToken = getAuthKeyFromRequest(req, "AuthToken"); const authMessage = getAuthKeyFromRequest(req, "AuthMessage"); const authReason = getAuthKeyFromRequest(req, "AuthReason"); const authSignature = getAuthKeyFromRequest(req, "AuthSignature"); return { authStatus, authToken, authMessage, authReason, authSignature }; }; async function handleMachineToken({ bearerToken, tokenType, acceptsToken, options }) { if (Array.isArray(acceptsToken)) { if (!isTokenTypeAccepted(tokenType, acceptsToken)) { return invalidTokenAuthObject(); } } if (!isTokenTypeAccepted(tokenType, acceptsToken != null ? acceptsToken : TokenType.SessionToken)) { return unauthenticatedMachineObject(tokenType, options); } const { data, errors } = await verifyMachineAuthToken(bearerToken, options); if (errors) { return unauthenticatedMachineObject(tokenType, options); } return authenticatedMachineObject(tokenType, bearerToken, data); } async function handleIntentBased({ isMachine, tokenType, intendedType, bearerToken, acceptsToken, options }) { if (isMachine) { if (!tokenType) { return signedOutAuthObject(options); } if (!isTokenTypeAccepted(tokenType, acceptsToken != null ? acceptsToken : TokenType.SessionToken)) { if (intendedType && isMachineTokenType(intendedType)) { return unauthenticatedMachineObject(intendedType, options); } return signedOutAuthObject(options); } const { data, errors } = await verifyMachineAuthToken(bearerToken, options); if (errors) { return unauthenticatedMachineObject(tokenType, options); } return authenticatedMachineObject(tokenType, bearerToken, data); } else if (intendedType && isMachineTokenType(intendedType)) { return unauthenticatedMachineObject(intendedType, options); } return null; } export { getAuthDataFromRequestAsync, getAuthDataFromRequestSync }; //# sourceMappingURL=getAuthDataFromRequest.js.map