UNPKG

@pixelygroup/keycloak-koa-connect

Version:

keycloak koa oauth jsonWebToken

github.com/pixelygroup/keycloak-koa-connect

pixelygroup/keycloak-koa-connect

95 lines (84 loc) 2.63 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/** * Created by zhangsong on 2018/8/9. */ import * as http from 'http'; import * as https from 'https'; import * as jwkToPem from 'jwk-to-pem'; import { parse, UrlWithStringQuery } from 'url'; const getProtocol = (opts: http.ClientRequestArgs): { request: any } => { return opts.protocol === 'https:' ? https : http; }; const nodeify = (promise, cb) => { if (typeof cb !== 'function') { return promise; } return promise.then((res) => cb(null, res)) .catch((err) => cb(err)); }; class Rotation { public realmUrl; public minTimeBetweenJwksRequests; public jwks; public lastTimeRequestTime; constructor(config) { this.realmUrl = config.realmUrl; this.minTimeBetweenJwksRequests = config.minTimeBetweenJwksRequests; this.jwks = []; this.lastTimeRequestTime = 0; } public retrieveJWKs(callback?: (params: any) => any) { const url = this.realmUrl + '/protocol/openid-connect/certs'; const options: http.ClientRequestArgs & UrlWithStringQuery = parse(url); options.method = 'GET'; const promise = new Promise((resolve, reject) => { const req = getProtocol(options) .request(options, (response) => { if (response.statusCode < 200 || response.statusCode >= 300) { return reject('Error fetching JWK Keys'); } let json = ''; response.on('data', (d) => (json += d.toString())); response.on('end', () => { const data = JSON.parse(json); if (data.error) { reject(data); } else { resolve(data); } }); }); req.on('error', reject); req.end(); }); return nodeify(promise, callback); } public getJWK(kid) { const key = this.jwks.find((keys) => { return keys.kid === kid; }); if (key) { return new Promise((resolve, reject) => { resolve(jwkToPem(key)); }); } const self = this; // check if we are allowed to send request const currentTime = new Date().getTime() / 1000; if (currentTime > this.lastTimeRequestTime + this.minTimeBetweenJwksRequests) { return this.retrieveJWKs() .then((publicKeys) => { self.lastTimeRequestTime = currentTime; self.jwks = publicKeys.keys; return jwkToPem(self.jwks.find((keys) => { return keys.kid === kid; })); }); } else { console.error('Not enough time elapsed since the last request, blocking the request'); } } public clearCache() { this.jwks.length = 0; } } export default Rotation;