UNPKG

hono

Version:

Web framework built on Web Standards

hono.dev

honojs/hono

95 lines (94 loc) 3.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
"use strict"; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } return to; }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); var bearer_auth_exports = {}; __export(bearer_auth_exports, { bearerAuth: () => bearerAuth }); module.exports = __toCommonJS(bearer_auth_exports); var import_http_exception = require("../../http-exception"); var import_buffer = require("../../utils/buffer"); const TOKEN_STRINGS = "[A-Za-z0-9._~+/-]+=*"; const PREFIX = "Bearer"; const HEADER = "Authorization"; const bearerAuth = (options) => { if (!("token" in options || "verifyToken" in options)) { throw new Error('bearer auth middleware requires options for "token"'); } if (!options.realm) { options.realm = ""; } if (options.prefix === void 0) { options.prefix = PREFIX; } const realm = options.realm?.replace(/"/g, '\\"'); const prefixRegexStr = options.prefix === "" ? "" : `${options.prefix} +`; const regexp = new RegExp(`^${prefixRegexStr}(${TOKEN_STRINGS}) *$`); const wwwAuthenticatePrefix = options.prefix === "" ? "" : `${options.prefix} `; return async function bearerAuth2(c, next) { const headerToken = c.req.header(options.headerName || HEADER); if (!headerToken) { const res = new Response("Unauthorized", { status: 401, headers: { "WWW-Authenticate": `${wwwAuthenticatePrefix}realm="` + realm + '"' } }); throw new import_http_exception.HTTPException(401, { res }); } else { const match = regexp.exec(headerToken); if (!match) { const res = new Response("Bad Request", { status: 400, headers: { "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_request"` } }); throw new import_http_exception.HTTPException(400, { res }); } else { let equal = false; if ("verifyToken" in options) { equal = await options.verifyToken(match[1], c); } else if (typeof options.token === "string") { equal = await (0, import_buffer.timingSafeEqual)(options.token, match[1], options.hashFunction); } else if (Array.isArray(options.token) && options.token.length > 0) { for (const token of options.token) { if (await (0, import_buffer.timingSafeEqual)(token, match[1], options.hashFunction)) { equal = true; break; } } } if (!equal) { const res = new Response("Unauthorized", { status: 401, headers: { "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_token"` } }); throw new import_http_exception.HTTPException(401, { res }); } } } await next(); }; }; // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { bearerAuth });