UNPKG

better-auth

Version:

The most comprehensive authentication framework for TypeScript.

better-auth.com

better-auth/better-auth

66 lines (64 loc) 2.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
import { parseSetCookieHeader } from "../../cookies/cookie-utils.mjs"; import "../../cookies/index.mjs"; import { serializeSignedCookie } from "better-call"; import { createAuthMiddleware } from "@better-auth/core/api"; import { createHMAC } from "@better-auth/utils/hmac"; //#region src/plugins/bearer/index.ts /** * Converts bearer token to session cookie */ const bearer = (options) => { return { id: "bearer", hooks: { before: [{ matcher(context) { return Boolean(context.request?.headers.get("authorization") || context.headers?.get("authorization")); }, handler: createAuthMiddleware(async (c) => { const token = c.request?.headers.get("authorization")?.replace("Bearer ", "") || c.headers?.get("Authorization")?.replace("Bearer ", ""); if (!token) return; let signedToken = ""; if (token.includes(".")) signedToken = token.replace("=", ""); else { if (options?.requireSignature) return; signedToken = (await serializeSignedCookie("", token, c.context.secret)).replace("=", ""); } try { const decodedToken = decodeURIComponent(signedToken); if (!await createHMAC("SHA-256", "base64urlnopad").verify(c.context.secret, decodedToken.split(".")[0], decodedToken.split(".")[1])) return; } catch { return; } const existingHeaders = c.request?.headers || c.headers; const headers = new Headers({ ...Object.fromEntries(existingHeaders?.entries()) }); headers.append("cookie", `${c.context.authCookies.sessionToken.name}=${signedToken}`); return { context: { headers } }; }) }], after: [{ matcher(context) { return true; }, handler: createAuthMiddleware(async (ctx) => { const setCookie = ctx.context.responseHeaders?.get("set-cookie"); if (!setCookie) return; const parsedCookies = parseSetCookieHeader(setCookie); const cookieName = ctx.context.authCookies.sessionToken.name; const sessionCookie = parsedCookies.get(cookieName); if (!sessionCookie || !sessionCookie.value || sessionCookie["max-age"] === 0) return; const token = sessionCookie.value; const exposedHeaders = ctx.context.responseHeaders?.get("access-control-expose-headers") || ""; const headersSet = new Set(exposedHeaders.split(",").map((header) => header.trim()).filter(Boolean)); headersSet.add("set-auth-token"); ctx.setHeader("set-auth-token", token); ctx.setHeader("Access-Control-Expose-Headers", Array.from(headersSet).join(", ")); }) }] }, options }; }; //#endregion export { bearer }; //# sourceMappingURL=index.mjs.map