@openpass/openpass-js-sdk/dist/cjs/src/auth/url.js

OpenPass SSO JavaScript SDK

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.matchesEventOrigin = exports.buildAuthorizeUrl = exports.redirectUrlMatchesCurrentUrl = exports.urlHasStateAndCodeOrErrorParameters = exports.parseAuthRedirectUrlParams = void 0;
const constants_1 = require("./constants");
const path_1 = require("./utils/path");
const package_json_1 = require("../../package.json");
const errors_1 = require("./error/errors");
const parseAuthRedirectUrlParams = (queryString) => {
    const params = new URLSearchParams(queryString);
    return {
        code: getParamValue(constants_1.PARAM_CODE, params),
        state: getParamValue(constants_1.PARAM_STATE, params),
        error: getParamValue(constants_1.PARAM_ERROR, params),
        errorDescription: getParamValue(constants_1.PARAM_ERROR_DESCRIPTION, params),
        errorUri: getParamValue(constants_1.PARAM_ERROR_URI, params),
    };
};
exports.parseAuthRedirectUrlParams = parseAuthRedirectUrlParams;
// Check if the URL looks like a redirect URL with state and code or error parameters
const urlHasStateAndCodeOrErrorParameters = (urlParams) => {
    const hasStateAndCodeParams = urlParams.state !== null && urlParams.code !== null;
    const hasErrorParam = urlParams.error !== null;
    return hasStateAndCodeParams || hasErrorParam;
};
exports.urlHasStateAndCodeOrErrorParameters = urlHasStateAndCodeOrErrorParameters;
// Check if the redirect URL matches the current URL
const redirectUrlMatchesCurrentUrl = (currentPageUrl, redirectUrl) => {
    var _a, _b, _c, _d, _e, _f, _g, _h;
    const currentUrlObj = new URL(currentPageUrl);
    const redirectUrlObj = new URL(redirectUrl);
    const currentOrigin = (_a = currentUrlObj.origin) === null || _a === void 0 ? void 0 : _a.toLowerCase();
    const currentPathname = (_c = (_b = currentUrlObj.pathname) === null || _b === void 0 ? void 0 : _b.replace(/\/+$/, "")) === null || _c === void 0 ? void 0 : _c.toLowerCase(); // Remove trailing slashes
    const currentProtocol = (_d = currentUrlObj.protocol) === null || _d === void 0 ? void 0 : _d.toLowerCase();
    const redirectOrigin = (_e = redirectUrlObj.origin) === null || _e === void 0 ? void 0 : _e.toLowerCase();
    const redirectPathname = (_g = (_f = redirectUrlObj.pathname) === null || _f === void 0 ? void 0 : _f.replace(/\/+$/, "")) === null || _g === void 0 ? void 0 : _g.toLowerCase(); // Remove trailing slashes
    const redirectProtocol = (_h = redirectUrlObj.protocol) === null || _h === void 0 ? void 0 : _h.toLowerCase();
    return currentOrigin === redirectOrigin && currentPathname === redirectPathname && currentProtocol === redirectProtocol;
};
exports.redirectUrlMatchesCurrentUrl = redirectUrlMatchesCurrentUrl;
const buildAuthorizeUrl = (baseUrl, authorizeEndpoint, session, source, customQueryParams) => {
    const params = new URLSearchParams();
    params.set(constants_1.PARAM_RESPONSE_TYPE, constants_1.PARAM_RESPONSE_TYPE_VALUE);
    params.set(constants_1.PARAM_CLIENT_ID, session.clientId);
    params.set(constants_1.PARAM_SCOPE, constants_1.PARAM_SCOPE_VALUE);
    params.set(constants_1.PARAM_STATE, session.state);
    params.set(constants_1.PARAM_SDK_NAME, constants_1.SDK_NAME);
    params.set(constants_1.PARAM_SDK_VERSION, package_json_1.version);
    params.set(constants_1.PARAM_SIGN_IN_SOURCE, source);
    if (session.redirectUrl) {
        params.set(constants_1.PARAM_REDIRECT_URI, session.redirectUrl);
    }
    if (session.codeChallengeMethod) {
        params.set(constants_1.PARAM_CODE_CHALLENGE_METHOD, session.codeChallengeMethod);
    }
    if (session.codeChallenge) {
        params.set(constants_1.PARAM_CODE_CHALLENGE, session.codeChallenge);
    }
    if (session.responseMode) {
        params.set(constants_1.PARAM_CODE_RESPONSE_MODE, session.responseMode);
    }
    if (session.useSilentAuth) {
        params.set(constants_1.PARAM_USE_SILENT_AUTH, session.useSilentAuth ? "true" : "false");
    }
    if (session.loginHint) {
        params.set(constants_1.PARAM_CODE_LOGIN_HINT, session.loginHint);
    }
    if (session.disableLoginHintEditing) {
        params.set(constants_1.PARAM_CODE_DISABLE_LOGIN_HINT_EDITING, session.disableLoginHintEditing ? "true" : "false");
    }
    params.set(constants_1.PARAM_ALLOW_UNVERIFIED_EMAIL, session.allowUnverifiedEmail ? "true" : "false");
    if (customQueryParams) {
        for (let i = 0; i < customQueryParams.length; i++) {
            const customQueryParam = customQueryParams[i];
            validateCustomQueryParam(customQueryParam);
            params.set(customQueryParam.name, customQueryParam.value);
        }
    }
    return `${(0, path_1.joinPaths)([baseUrl, authorizeEndpoint])}?${params.toString()}`;
};
exports.buildAuthorizeUrl = buildAuthorizeUrl;
const validateCustomQueryParam = (customQueryParam) => {
    if (!customQueryParam.name || !customQueryParam.value) {
        throw new errors_1.SdkError("Custom query parameters must have both name and value");
    }
    if (customQueryParam.name.length > 100 || customQueryParam.value.length > 100) {
        throw new errors_1.SdkError("Custom query parameters' name and value must be under 100 characters");
    }
    if (!/^[\x20-\x7E]*$/.test(customQueryParam.name) || !/^[\x20-\x7E]*$/.test(customQueryParam.value)) {
        throw new errors_1.SdkError("Custom query parameter contains invalid characters. Only printable ASCII characters are allowed");
    }
};
const getParamValue = (name, params) => {
    const paramValue = params.get(name);
    if (!paramValue) {
        return null;
    }
    return decodeURIComponent(paramValue);
};
const matchesEventOrigin = (eventOrigin, origin) => {
    if (eventOrigin === origin) {
        return true;
    }
    if (origin.endsWith("/") && origin.length > 1) {
        return eventOrigin === origin.substring(0, origin.length - 1);
    }
    return false;
};
exports.matchesEventOrigin = matchesEventOrigin;
//# sourceMappingURL=url.js.map