UNPKG

@gw31415/hono-oidc-simple

Version:

Simplifies the implementation of OIDC auth in Hono

github.com/gw31415/hono-oidc-simple

gw31415/hono-oidc-simple

2 lines (1 loc) • 8.53 kB

JavaScript

"use strict";var g=Object.defineProperty,G=Object.defineProperties,N=Object.getOwnPropertyDescriptor,z=Object.getOwnPropertyDescriptors,V=Object.getOwnPropertyNames,A=Object.getOwnPropertySymbols;var H=Object.prototype.hasOwnProperty,q=Object.prototype.propertyIsEnumerable;var J=r=>{throw TypeError(r)};var b=(r,e,t)=>e in r?g(r,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):r[e]=t,y=(r,e)=>{for(var t in e||(e={}))H.call(e,t)&&b(r,t,e[t]);if(A)for(var t of A(e))q.call(e,t)&&b(r,t,e[t]);return r},R=(r,e)=>G(r,z(e));var $=(r,e)=>{for(var t in e)g(r,t,{get:e[t],enumerable:!0})},B=(r,e,t,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of V(e))!H.call(r,s)&&s!==t&&g(r,s,{get:()=>e[s],enumerable:!(n=N(e,s))||n.enumerable});return r};var F=r=>B(g({},"__esModule",{value:!0}),r);var D=(r,e,t)=>e.has(r)||J("Cannot "+t);var c=(r,e,t)=>(D(r,e,"read from private field"),t?t.call(r):e.get(r)),O=(r,e,t)=>e.has(r)?J("Cannot add the same private member more than once"):e instanceof WeakSet?e.add(r):e.set(r,t),S=(r,e,t,n)=>(D(r,e,"write to private field"),n?n.call(r,t):e.set(r,t),t),U=(r,e,t)=>(D(r,e,"access private method"),t);var u=(r,e,t)=>new Promise((n,s)=>{var a=i=>{try{o(t.next(i))}catch(p){s(p)}},d=i=>{try{o(t.throw(i))}catch(p){s(p)}},o=i=>i.done?n(i.value):Promise.resolve(i.value).then(a,d);o((t=t.apply(r,e)).next())});var X={};$(X,{OIDC:()=>W});module.exports=F(X);var x=require("hono/combine"),w=require("hono/jwt"),_=require("hono/utils/jwt/types");var L=({cache:r,src:e})=>({getIDToken:n=>u(void 0,null,function*(){let s=yield r.getIDToken(n);return s||(s=yield e.getIDToken(n),yield r.setIDToken(n,s)),s}),getRefreshToken:n=>u(void 0,null,function*(){let s=yield r.getRefreshToken(n);return s||(s=yield e.getRefreshToken(n),yield r.setRefreshToken(n,s)),s}),setIDToken:(n,s)=>u(void 0,null,function*(){yield e.setIDToken(n,s),yield r.setIDToken(n,s)}),setRefreshToken:(n,s)=>u(void 0,null,function*(){yield e.setRefreshToken(n,s),yield r.setRefreshToken(n,s)})}),K=()=>{let r,e;return{getIDToken:()=>r,getRefreshToken:()=>e,setIDToken:(t,n)=>{r=n},setRefreshToken:(t,n)=>{e=n}}},Q=(r,e)=>{let t=K(),n={getIDToken(a){return u(this,null,function*(){let d=yield e.token.getIDToken(a);if(d)return d;let o=yield e.token.getRefreshToken(a);if(!o)return;let i=e.iss;if(i.useLocalJwt){let{privateKey:I,alg:m,maxAge:T}=i.localJwtOptions,M=yield i.createClaims(a,{getRefreshToken:()=>o});if(!M)return;let j=Math.floor((Date.now()+T)/1e3)+1;return yield(0,w.sign)(R(y({},M),{exp:j}),I,m)}let p=yield fetch(i.tokenEndpoint,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({refresh_token:o,client_id:i.clientId,client_secret:i.clientSecret,grant_type:"refresh_token"})}),C=p?yield p.json():void 0,f=C==null?void 0:C.id_token;if(typeof f=="string")return f})},getRefreshToken:t.getRefreshToken,setIDToken(a,d){return u(this,null,function*(){let o=e.iss;if(d)yield e.token.setIDToken(a,d);else if(!o.useLocalJwt){let i=yield e.token.getIDToken(a);i&&(yield fetch(o.tokenRevocationEndpoint,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({token:i,client_id:o.clientId,client_secret:o.clientSecret})}).catch(()=>{}))}})},setRefreshToken(a,d){return u(this,null,function*(){if(yield t.setRefreshToken(a,d),d)yield e.token.setRefreshToken(a,d);else{let o=e.iss,i=yield e.token.getRefreshToken(a);i&&(o.useLocalJwt||n.setIDToken(a,void 0),yield fetch(o.tokenRevocationEndpoint,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({token:i,client_id:o.clientId,client_secret:o.clientSecret})}).catch(()=>{}))}})}};return n};function W(r){let e=(t,n)=>u(this,null,function*(){if(t.get("__oidc")){yield n();return}let s=typeof r=="function"?yield r(t):r,a=yield E.create(t,s);t.set("__oidc",a),yield n()});return{loginHandler:(t,n)=>(0,x.every)(e,(s,...a)=>u(this,null,function*(){let o=yield s.get("__oidc").login(s,t);switch(o.type){case"RESPONSE":return o.response;case"OK":s.set("claims",o.claims)}return yield n(o,s,...a)})),useClaims:(0,x.every)(e,(t,n)=>u(this,null,function*(){let a=yield t.get("__oidc").getClaims(t);t.set("claims",a),yield n()})),logoutHandler:t=>(0,x.every)(e,(n,...s)=>u(this,null,function*(){return yield n.get("__oidc").logout(n),yield t(n,...s)}))}}var l,k,h,P,v=class v{constructor(e){O(this,h);O(this,l);O(this,k);S(this,l,e.tokens),S(this,k,e.opts)}static create(e,t){return u(this,null,function*(){let n=yield t.getIssUrl(e),s=t.issuers.find(o=>o.issuer===n);if(!s)throw new Error("Issuer not found");let a=L({cache:K(),src:t.clientSideTokenStore}),d=L({cache:a,src:Q(e,{iss:s,token:a})});return new v({tokens:d,opts:t})})}login(e,t){return u(this,null,function*(){var p;let n=c(this,k).issuers.find(C=>C.issuer===t);if(!n)return{type:"ERR",error:"Unauthorized"};let s=new URL(e.req.url),a=s.origin+s.pathname,d=s.searchParams.get("code"),o;if(d){let f=yield(yield fetch(n.tokenEndpoint,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({code:d,client_id:n.clientId,client_secret:n.clientSecret,redirect_uri:a,grant_type:"authorization_code"})})).json();if(!(f instanceof Object))return{type:"ERR",error:"OAuthServerError"};let I=(p=f.id_token)!=null?p:f.access_token;if(typeof I!="string")return{type:"ERR",error:"OAuthServerError"};if(!n.useLocalJwt)f.refresh_token&&(yield c(this,l).setRefreshToken(e,`${f.refresh_token}`)),o=I;else{let m=yield n.createClaims(e,{getRefreshToken:()=>I});if(!m)throw new Error("Invalid ID Token");let T=Math.floor((Date.now()+n.localJwtOptions.maxAge)/1e3)+1;return o=yield(0,w.sign)(R(y({},m),{exp:T}),n.localJwtOptions.privateKey,n.localJwtOptions.alg),yield c(this,l).setIDToken(e,o),yield c(this,l).setRefreshToken(e,I),{type:"OK",claims:m}}}else o=yield c(this,l).getIDToken(e);if(!o){let C=new URL(n.authEndpoint);return C.searchParams.append("response_type","code"),C.searchParams.append("client_id",n.clientId),C.searchParams.append("redirect_uri",a),C.searchParams.append("scope",n.scopes.join(" ")),n.authEndpoint==="https://accounts.google.com/o/oauth2/v2/auth"&&(C.searchParams.append("access_type","offline"),C.searchParams.append("prompt","consent")),{type:"RESPONSE",response:e.redirect(C.toString())}}let i=yield n.createClaims(e,c(this,l));return i?(yield c(this,l).setIDToken(e,o),{type:"OK",claims:i}):(yield this.logout(e),{type:"ERR",error:"Unauthorized"})})}getClaims(e){return u(this,null,function*(){let t=yield U(this,h,P).call(this,e);if(!t){yield this.logout(e);return}if(t.useLocalJwt){let{privateKey:i,alg:p,maxAge:C}=t.localJwtOptions;try{let f=yield c(this,l).getIDToken(e);if(!f)throw new _.JwtTokenExpired("");return yield(0,w.verify)(f,i,p)}catch(f){if(f instanceof _.JwtTokenExpired){let I=yield t.createClaims(e,c(this,l));if(!I){yield this.logout(e);return}let m=Math.floor((Date.now()+C)/1e3)+1,T=yield(0,w.sign)(R(y({},I),{exp:m}),t.localJwtOptions.privateKey,t.localJwtOptions.alg);return yield c(this,l).setIDToken(e,T),I}}yield this.logout(e);return}let n=yield t.createClaims(e,c(this,l));if(n)return n;let s=yield c(this,l).getRefreshToken(e);if(!s){yield this.logout(e);return}let a=yield fetch(t.tokenEndpoint,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({refresh_token:s,client_id:t.clientId,client_secret:t.clientSecret,grant_type:"refresh_token"})}),d=a?yield a.json():null,o=d==null?void 0:d.id_token;if(typeof o=="string")return yield t.createClaims(e,{getIDToken:()=>o,getRefreshToken:()=>s})})}logout(e){return u(this,null,function*(){let t=yield c(this,l).getIDToken(e);if(t){let n=yield U(this,h,P).call(this,e);if(n){yield fetch(n.tokenRevocationEndpoint,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({token:t,client_id:n.clientId,client_secret:n.clientSecret})}).catch(()=>{});let s=yield c(this,l).getRefreshToken(e);s&&(yield fetch(n.tokenRevocationEndpoint,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({token:s,client_id:n.clientId,client_secret:n.clientSecret})}).catch(()=>{}))}}yield c(this,l).setRefreshToken(e,void 0),yield c(this,l).setIDToken(e,void 0)})}};l=new WeakMap,k=new WeakMap,h=new WeakSet,P=function(e){return u(this,null,function*(){let t=yield c(this,k).getIssUrl(e);if(!t)return;let n=c(this,k).issuers.find(s=>s.issuer===t);if(!n)throw new Error("Issuer not found");return n})};var E=v;