authservice-nextjs/dist/server/auth.js

Next.js SDK for Auth Service - Server and client-side authentication with App Router support

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.NextAuthServer = void 0;
const authservice_node_1 = require("authservice-node");
const cookie_1 = require("cookie");
const jose_1 = require("jose");
const headers_1 = require("next/headers");
class NextAuthServer {
    constructor(config) {
        this.client = new authservice_node_1.AuthServiceClient(config);
        this.config = {
            ...config,
            cookieName: config.cookieName || 'auth-token',
            cookieDomain: config.cookieDomain || '',
            cookieSecure: config.cookieSecure ?? process.env.NODE_ENV === 'production',
            cookieHttpOnly: config.cookieHttpOnly ?? true,
            cookieSameSite: config.cookieSameSite || 'lax',
            cookiePath: config.cookiePath || '/',
            loginUrl: config.loginUrl || '/login',
            unauthorizedUrl: config.unauthorizedUrl || '/unauthorized',
            redirectOnError: config.redirectOnError ?? true,
            sessionCookieName: config.sessionCookieName || 'auth-session',
        };
        this.jwtSecret = new TextEncoder().encode(config.appSecret);
    }
    getTokenFromRequest(req) {
        const cookies = (0, cookie_1.parse)(req.headers.cookie || '');
        const cookieToken = cookies[this.config.cookieName || 'auth-token'];
        if (cookieToken)
            return cookieToken;
        const authHeader = req.headers.authorization;
        if (authHeader?.startsWith('Bearer ')) {
            return authHeader.substring(7);
        }
        const customHeader = req.headers['x-access-token'];
        if (customHeader && typeof customHeader === 'string') {
            return customHeader;
        }
        return null;
    }
    async getTokenFromCookies() {
        const cookieStore = (0, headers_1.cookies)();
        const token = cookieStore.get(this.config.cookieName || 'auth-token');
        return token?.value || null;
    }
    setAuthCookie(res, token, maxAge) {
        const cookieOptions = {
            httpOnly: this.config.cookieHttpOnly,
            secure: this.config.cookieSecure,
            sameSite: this.config.cookieSameSite,
            path: this.config.cookiePath,
            ...(this.config.cookieDomain && { domain: this.config.cookieDomain }),
            ...(maxAge && { maxAge }),
        };
        const cookieString = (0, cookie_1.serialize)(this.config.cookieName || 'auth-token', token, cookieOptions);
        if ('setHeader' in res) {
            const existingCookies = res.getHeader('Set-Cookie') || [];
            const cookieArray = Array.isArray(existingCookies)
                ? existingCookies
                : [existingCookies.toString()];
            res.setHeader('Set-Cookie', [...cookieArray, cookieString]);
        }
    }
    clearAuthCookie(res) {
        this.setAuthCookie(res, '', 0);
    }
    async createSessionToken(userData) {
        const jwt = await new jose_1.SignJWT(userData)
            .setProtectedHeader({ alg: 'HS256' })
            .setIssuedAt()
            .setExpirationTime('7d')
            .sign(this.jwtSecret);
        return jwt;
    }
    async verifySessionToken(token) {
        try {
            const { payload } = await (0, jose_1.jwtVerify)(token, this.jwtSecret);
            return payload;
        }
        catch {
            return null;
        }
    }
    async getUserFromRequest(req) {
        const token = this.getTokenFromRequest(req);
        if (!token)
            return null;
        try {
            const permissions = await this.client.getUserPermissions(token);
            return {
                id: permissions.userId,
                permissions: permissions.permissions.map((p) => `${p.resource}:${p.action}`),
                roles: permissions.roles,
            };
        }
        catch {
            return null;
        }
    }
    async getUserFromCookies() {
        const token = await this.getTokenFromCookies();
        if (!token)
            return null;
        try {
            const permissions = await this.client.getUserPermissions(token);
            return {
                id: permissions.userId,
                permissions: permissions.permissions.map((p) => `${p.resource}:${p.action}`),
                roles: permissions.roles,
            };
        }
        catch {
            return null;
        }
    }
    async checkPermissionForRequest(req, permission) {
        const token = this.getTokenFromRequest(req);
        if (!token)
            return false;
        try {
            const result = await this.client.checkPermission({
                userToken: token,
                permission,
            });
            return result.allowed;
        }
        catch {
            return false;
        }
    }
    async checkPermissionFromCookies(permission) {
        const token = await this.getTokenFromCookies();
        if (!token)
            return false;
        try {
            const result = await this.client.checkPermission({
                userToken: token,
                permission,
            });
            return result.allowed;
        }
        catch {
            return false;
        }
    }
    getClient() {
        return this.client;
    }
    createRedirectUrl(redirectTo, returnUrl) {
        const url = new URL(redirectTo, 'http://localhost');
        if (returnUrl) {
            url.searchParams.set('returnUrl', returnUrl);
        }
        return url.pathname + url.search;
    }
}
exports.NextAuthServer = NextAuthServer;
//# sourceMappingURL=auth.js.map