UNPKG

edge-master

Version:

A Micro Framework for Edges

github.com/sharif3271/edge-master

sharif3271/edge-master

149 lines (148 loc) 4.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
import { InterceptorType } from '../types/interceptor'; const defaultGetToken = (req) => { const authHeader = req.headers.get('Authorization'); if (!authHeader) return null; // Support "Bearer <token>" format const parts = authHeader.split(' '); if (parts.length === 2 && parts[0].toLowerCase() === 'bearer') { return parts[1]; } // Support direct token return authHeader; }; const defaultOnAuthenticationFailed = (req, error) => { return new Response(JSON.stringify({ error: 'Unauthorized', message: error.message || 'Invalid or missing authentication token', }), { status: 401, headers: { 'Content-Type': 'application/json', 'WWW-Authenticate': 'Bearer', }, }); }; /** * Creates a JWT authentication interceptor * * Example usage: * ```typescript * import { jwtInterceptor } from 'edge-master/interceptors'; * * // Using a JWT library like jose * const jwt = jwtInterceptor({ * verify: async (token) => { * const { payload } = await jwtVerify(token, secret); * return payload; * }, * exclude: ['/public', '/login'], * }); * * app.addInterceptor(jwt); * ``` */ export function jwtInterceptor(options) { const { verify, getToken = defaultGetToken, exclude, onAuthenticationFailed = defaultOnAuthenticationFailed, stateKey = 'user', } = options; const shouldExclude = (req) => { if (!exclude) return false; if (typeof exclude === 'function') { return exclude(req); } const url = new URL(req.url); return exclude.some(pattern => { // Exact match if (url.pathname === pattern) return true; // Prefix match if (pattern.endsWith('*')) { const prefix = pattern.slice(0, -1); return url.pathname.startsWith(prefix); } return false; }); }; return { type: InterceptorType.Request, async intercept(ctx) { const req = ctx.reqCtx.req; // Skip authentication for excluded paths if (shouldExclude(req)) { return req; } try { // Extract token const token = getToken(req); if (!token) { throw new Error('No authentication token provided'); } // Verify and decode token const payload = await verify(token); // Store payload in context state ctx.state.set(stateKey, payload); return req; } catch (error) { // Authentication failed ctx.responder(onAuthenticationFailed(req, error)); return req; // This won't be used as responder short-circuits } }, }; } export function apiKeyInterceptor(options) { const { verify, headerName = 'X-API-Key', exclude, onAuthenticationFailed = (req) => { return new Response(JSON.stringify({ error: 'Unauthorized', message: 'Invalid or missing API key', }), { status: 401, headers: { 'Content-Type': 'application/json', }, }); }, } = options; const shouldExclude = (req) => { if (!exclude) return false; if (typeof exclude === 'function') { return exclude(req); } const url = new URL(req.url); return exclude.some(pattern => { if (url.pathname === pattern) return true; if (pattern.endsWith('*')) { const prefix = pattern.slice(0, -1); return url.pathname.startsWith(prefix); } return false; }); }; return { type: InterceptorType.Request, async intercept(ctx) { const req = ctx.reqCtx.req; // Skip authentication for excluded paths if (shouldExclude(req)) { return req; } const apiKey = req.headers.get(headerName); if (!apiKey) { ctx.responder(onAuthenticationFailed(req)); return req; } try { const isValid = await verify(apiKey); if (!isValid) { ctx.responder(onAuthenticationFailed(req)); } } catch (error) { ctx.responder(onAuthenticationFailed(req)); } return req; }, }; }