@clerk/nextjs
Version:
Clerk SDK for NextJS
168 lines • 5.66 kB
JavaScript
import "../../chunk-BUSYA2B4.js";
import {
authenticatedMachineObject,
AuthStatus,
constants,
getAuthObjectFromJwt,
getMachineTokenType,
invalidTokenAuthObject,
isMachineTokenByPrefix,
isMachineTokenType,
isTokenTypeAccepted,
signedOutAuthObject,
TokenType,
unauthenticatedMachineObject,
verifyMachineAuthToken
} from "@clerk/backend/internal";
import { decodeJwt } from "@clerk/backend/jwt";
import { API_URL, API_VERSION, PUBLISHABLE_KEY, SECRET_KEY } from "../constants";
import { getAuthKeyFromRequest, getHeader } from "../headers-utils";
import { assertTokenSignature, decryptClerkRequestData } from "../utils";
const getAuthDataFromRequestSync = (req, { treatPendingAsSignedOut = true, ...opts } = {}) => {
var _a, _b;
const { authStatus, authMessage, authReason, authToken, authSignature } = getAuthHeaders(req);
(_a = opts.logger) == null ? void 0 : _a.debug("headers", { authStatus, authMessage, authReason });
const encryptedRequestData = getHeader(req, constants.Headers.ClerkRequestData);
const decryptedRequestData = decryptClerkRequestData(encryptedRequestData);
const options = {
secretKey: (opts == null ? void 0 : opts.secretKey) || decryptedRequestData.secretKey || SECRET_KEY,
publishableKey: decryptedRequestData.publishableKey || PUBLISHABLE_KEY,
apiUrl: API_URL,
apiVersion: API_VERSION,
authStatus,
authMessage,
authReason,
treatPendingAsSignedOut
};
if (!isTokenTypeAccepted(TokenType.SessionToken, opts.acceptsToken || TokenType.SessionToken)) {
return signedOutAuthObject(options);
}
let authObject;
if (!authStatus || authStatus !== AuthStatus.SignedIn) {
authObject = signedOutAuthObject(options);
} else {
assertTokenSignature(authToken, options.secretKey, authSignature);
const jwt = decodeJwt(authToken);
(_b = opts.logger) == null ? void 0 : _b.debug("jwt", jwt.raw);
return getAuthObjectFromJwt(jwt, options);
}
return authObject;
};
const getAuthDataFromRequestAsync = async (req, opts = {}) => {
var _a, _b;
const { authStatus, authMessage, authReason } = getAuthHeaders(req);
(_a = opts.logger) == null ? void 0 : _a.debug("headers", { authStatus, authMessage, authReason });
const bearerToken = (_b = getHeader(req, constants.Headers.Authorization)) == null ? void 0 : _b.replace("Bearer ", "");
const acceptsToken = opts.acceptsToken || TokenType.SessionToken;
const options = {
secretKey: (opts == null ? void 0 : opts.secretKey) || SECRET_KEY,
publishableKey: PUBLISHABLE_KEY,
apiUrl: API_URL,
authStatus,
authMessage,
authReason
};
if (bearerToken) {
const isMachine = isMachineTokenByPrefix(bearerToken);
const tokenType = isMachine ? getMachineTokenType(bearerToken) : void 0;
if (Array.isArray(acceptsToken)) {
if (isMachine) {
return handleMachineToken({
bearerToken,
tokenType,
acceptsToken,
options
});
}
} else {
let intendedType;
if (isMachineTokenType(acceptsToken)) {
intendedType = acceptsToken;
}
const result = await handleIntentBased({
isMachine,
tokenType,
intendedType,
bearerToken,
acceptsToken,
options
});
if (result) {
return result;
}
}
}
if (Array.isArray(acceptsToken)) {
if (!isTokenTypeAccepted(TokenType.SessionToken, acceptsToken)) {
return invalidTokenAuthObject();
}
}
return getAuthDataFromRequestSync(req, opts);
};
const getAuthHeaders = (req) => {
const authStatus = getAuthKeyFromRequest(req, "AuthStatus");
const authToken = getAuthKeyFromRequest(req, "AuthToken");
const authMessage = getAuthKeyFromRequest(req, "AuthMessage");
const authReason = getAuthKeyFromRequest(req, "AuthReason");
const authSignature = getAuthKeyFromRequest(req, "AuthSignature");
return {
authStatus,
authToken,
authMessage,
authReason,
authSignature
};
};
async function handleMachineToken({
bearerToken,
tokenType,
acceptsToken,
options
}) {
if (Array.isArray(acceptsToken)) {
if (!isTokenTypeAccepted(tokenType, acceptsToken)) {
return invalidTokenAuthObject();
}
}
if (!isTokenTypeAccepted(tokenType, acceptsToken != null ? acceptsToken : TokenType.SessionToken)) {
return unauthenticatedMachineObject(tokenType, options);
}
const { data, errors } = await verifyMachineAuthToken(bearerToken, options);
if (errors) {
return unauthenticatedMachineObject(tokenType, options);
}
return authenticatedMachineObject(tokenType, bearerToken, data);
}
async function handleIntentBased({
isMachine,
tokenType,
intendedType,
bearerToken,
acceptsToken,
options
}) {
if (isMachine) {
if (!tokenType) {
return signedOutAuthObject(options);
}
if (!isTokenTypeAccepted(tokenType, acceptsToken != null ? acceptsToken : TokenType.SessionToken)) {
if (intendedType && isMachineTokenType(intendedType)) {
return unauthenticatedMachineObject(intendedType, options);
}
return signedOutAuthObject(options);
}
const { data, errors } = await verifyMachineAuthToken(bearerToken, options);
if (errors) {
return unauthenticatedMachineObject(tokenType, options);
}
return authenticatedMachineObject(tokenType, bearerToken, data);
} else if (intendedType && isMachineTokenType(intendedType)) {
return unauthenticatedMachineObject(intendedType, options);
}
return null;
}
export {
getAuthDataFromRequestAsync,
getAuthDataFromRequestSync
};
//# sourceMappingURL=getAuthDataFromRequest.js.map