UNPKG

@localsecurity/cf-access-service

Version:

A utility to parse Cloudflare Access user identity inside Cloudflare Workers

61 lines (60 loc) • 2.28 kB

JavaScript

/** * A class to validate incomming requests * @method getIdentity - Returns a parsed CFAccessUserIdentity object if the user is logged in * @method getEmail - Returns the users Email if the user is logged in */ class CFAccessService { /** * Returns a parsed CFAccessUserIdentity object if the user is logged in * @param {Request} request - the incomming request to validate * @param {Env} env - environment object * @returns {Partial<CFAccessUserIdentity>} The users identity */ async getIdentity(request, env) { const formatID = (data) => { let N = (d, k) => T(d[k], 'number'); let S = (d, k) => T(d[k], 'string'); let B = (d, k) => T(d[k], 'boolean'); let T = (i, t) => (typeof i === t ? i : void 0); return { id: S(data, 'id'), ip: S(data, 'ip'), idp: S(data, 'idp'), iat: N(data, 'iat'), name: S(data, 'name'), email: S(data, 'email'), is_warp: B(data, 'is_warp'), is_gateway: B(data, 'is_gateway'), auth_status: S(data, 'auth_status'), service_token_id: S(data, 'service_token_id'), service_token_status: B(data, 'service_token_status'), }; }; let id; const team = env['WORKSPACE'] ? env['WORKSPACE'] : 'example-ls'; const suffix = 'cloudflareaccess.com/cdn-cgi/access/get-identity'; const url = new URL(`https://${team}.${suffix}`); const resp = await fetch(url, request.clone()); const data = await resp.json(); if (data) id = formatID(data); else id = { email: '' }; return id; } /** * Returns the users Email if the user is logged in * @param {Request} request - the incomming request to validate * @param {Env} env - environment object * @returns The users email or null */ async getEmail(request, env) { const id = await this.getIdentity(request, env); const email = id['email']; if (email) return email; return null; } } export { CFAccessService }; export default CFAccessService;