keycloak-lambda-authorizer/dist/src/adapters/MiddlewareAdapter.js

Keycloak Cloud Adapter

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.DefaultMiddlewareAdapter = void 0;
const jsonwebtoken_1 = require("jsonwebtoken");
const TokenUtils_1 = require("../utils/TokenUtils");
class DefaultMiddlewareAdapter {
    constructor(options) {
        this.jwksRoute = new RegExp('(^)(\\/|)(/service/jwks)(/$|(\\?|$))', 'g');
        this.options = options;
    }
    isJwksRoute(req) {
        return (req.baseUrl || req.originalUrl).match(this.jwksRoute);
    }
    getTokenString(req) {
        const tokenString = req.headers.authorization;
        if (!tokenString) {
            throw new Error('Expected \'headers.authorization\' parameter to be set');
        }
        const match = tokenString.match(/^Bearer (.*)$/i);
        if (!match || match.length < 2) {
            throw new Error(`Invalid Authorization token - '${tokenString}' does not match 'Bearer .*'`);
        }
        req.jwt = { token: match[1], payload: (0, jsonwebtoken_1.decode)(match[1]) };
        return match[1];
    }
    middleware(enforcer) {
        const { securityAdapter } = this.options;
        return (request, response, next) => __awaiter(this, void 0, void 0, function* () {
            if (this.options.keys && this.options.keys.publicKey && this.isJwksRoute(request)) {
                response.json(yield this.options.jwks.json(this.options.keys.publicKey));
                return;
            }
            try {
                const tokenString = this.getTokenString(request);
                const requestContent = {
                    tokenString,
                    token: (0, TokenUtils_1.decodeToken)(tokenString),
                    request,
                };
                yield securityAdapter
                    .validate(requestContent, enforcer);
                const { serviceAccount } = this.options;
                request.serviceAccountJWT = () => __awaiter(this, void 0, void 0, function* () {
                    return yield serviceAccount
                        .getServiceAccountToken(requestContent);
                });
                next();
            }
            catch (e) {
                this.options.logger.log(`Authorization error ${e}`);
                response.status(403).end();
            }
        });
    }
}
exports.DefaultMiddlewareAdapter = DefaultMiddlewareAdapter;
//# sourceMappingURL=MiddlewareAdapter.js.map