kopi-id
Version:
Simple OIDC Library
270 lines (209 loc) • 10.2 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", {
value: true
});
exports["default"] = void 0;
var _validate = _interopRequireDefault(require("../services/validate"));
var _logger = _interopRequireDefault(require("../services/logger"));
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { "default": obj }; }
function _slicedToArray(arr, i) { return _arrayWithHoles(arr) || _iterableToArrayLimit(arr, i) || _unsupportedIterableToArray(arr, i) || _nonIterableRest(); }
function _nonIterableRest() { throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
function _unsupportedIterableToArray(o, minLen) { if (!o) return; if (typeof o === "string") return _arrayLikeToArray(o, minLen); var n = Object.prototype.toString.call(o).slice(8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return Array.from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray(o, minLen); }
function _arrayLikeToArray(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) { arr2[i] = arr[i]; } return arr2; }
function _iterableToArrayLimit(arr, i) { if (typeof Symbol === "undefined" || !(Symbol.iterator in Object(arr))) return; var _arr = []; var _n = true; var _d = false; var _e = undefined; try { for (var _i = arr[Symbol.iterator](), _s; !(_n = (_s = _i.next()).done); _n = true) { _arr.push(_s.value); if (i && _arr.length === i) break; } } catch (err) { _d = true; _e = err; } finally { try { if (!_n && _i["return"] != null) _i["return"](); } finally { if (_d) throw _e; } } return _arr; }
function _arrayWithHoles(arr) { if (Array.isArray(arr)) return arr; }
function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
var _default = function _default(oidcConfig, validationService) {
var _loggerService = (0, _logger["default"])('Client Auth Service', oidcConfig.logLevel),
L = _loggerService.L;
var authenticateClientSecretBasic = /*#__PURE__*/function () {
var _ref = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee(token) {
var decoded, components, _components, clientId, clientSecret, client;
return regeneratorRuntime.wrap(function _callee$(_context) {
while (1) {
switch (_context.prev = _context.next) {
case 0:
_context.prev = 0;
decoded = Buffer.from(token, 'base64').toString();
components = decoded.split(':');
if (!(components.length !== 2)) {
_context.next = 5;
break;
}
throw new Error('Invalid number of components in Basic token');
case 5:
_components = _slicedToArray(components, 2), clientId = _components[0], clientSecret = _components[1]; // Validate client secret
_context.next = 8;
return oidcConfig.onGetClient(clientId);
case 8:
client = _context.sent;
if (!(client.secret !== clientSecret)) {
_context.next = 11;
break;
}
throw new Error('Authentication Failed');
case 11:
return _context.abrupt("return", Promise.resolve(clientId));
case 14:
_context.prev = 14;
_context.t0 = _context["catch"](0);
return _context.abrupt("return", Promise.reject(_context.t0));
case 17:
case "end":
return _context.stop();
}
}
}, _callee, null, [[0, 14]]);
}));
return function authenticateClientSecretBasic(_x) {
return _ref.apply(this, arguments);
};
}();
var authenticateClientSecretPost = /*#__PURE__*/function () {
var _ref2 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee2(body) {
var clientId, clientSecret, client;
return regeneratorRuntime.wrap(function _callee2$(_context2) {
while (1) {
switch (_context2.prev = _context2.next) {
case 0:
_context2.prev = 0;
clientId = body.client_id, clientSecret = body.client_secret; // Validate client secret
_context2.next = 4;
return oidcConfig.onGetClient(clientId);
case 4:
client = _context2.sent;
if (!(client.secret !== clientSecret)) {
_context2.next = 7;
break;
}
throw new Error('Authentication Failed');
case 7:
return _context2.abrupt("return", Promise.resolve(clientId));
case 10:
_context2.prev = 10;
_context2.t0 = _context2["catch"](0);
return _context2.abrupt("return", Promise.reject(_context2.t0));
case 13:
case "end":
return _context2.stop();
}
}
}, _callee2, null, [[0, 10]]);
}));
return function authenticateClientSecretPost(_x2) {
return _ref2.apply(this, arguments);
};
}();
var authenticateClientSecretJwt = /*#__PURE__*/function () {
var _ref3 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee3(body) {
var clientAssertion, clientId;
return regeneratorRuntime.wrap(function _callee3$(_context3) {
while (1) {
switch (_context3.prev = _context3.next) {
case 0:
_context3.prev = 0;
clientAssertion = body.client_assertion; // Validate client secret jwt
_context3.next = 4;
return validationService.validateClientSecretJwt(clientAssertion);
case 4:
clientId = _context3.sent;
return _context3.abrupt("return", Promise.resolve(clientId));
case 8:
_context3.prev = 8;
_context3.t0 = _context3["catch"](0);
return _context3.abrupt("return", Promise.reject(_context3.t0));
case 11:
case "end":
return _context3.stop();
}
}
}, _callee3, null, [[0, 8]]);
}));
return function authenticateClientSecretJwt(_x3) {
return _ref3.apply(this, arguments);
};
}();
var hasClientSecretPost = function hasClientSecretPost(body) {
return body.client_id != null && body.client_id !== '' && body.client_secret != null && body.client_secret !== '';
};
var hasClientSecretJwt = function hasClientSecretJwt(body) {
return body.client_assertion_type === 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer';
};
var checkClientAuthentication = /*#__PURE__*/function () {
var _ref4 = _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee4(req, res, next) {
var authorizationHeader, basicPrefix, clientId, token;
return regeneratorRuntime.wrap(function _callee4$(_context4) {
while (1) {
switch (_context4.prev = _context4.next) {
case 0:
_context4.prev = 0;
authorizationHeader = req.headers['authorization'];
basicPrefix = 'Basic ';
clientId = null;
if (!(authorizationHeader && authorizationHeader.indexOf(basicPrefix) === 0)) {
_context4.next = 11;
break;
}
token = authorizationHeader.slice(basicPrefix.length);
_context4.next = 8;
return authenticateClientSecretBasic(token);
case 8:
clientId = _context4.sent;
_context4.next = 21;
break;
case 11:
if (!hasClientSecretPost(req.body)) {
_context4.next = 17;
break;
}
_context4.next = 14;
return authenticateClientSecretPost(req.body);
case 14:
clientId = _context4.sent;
_context4.next = 21;
break;
case 17:
if (!hasClientSecretJwt(req.body)) {
_context4.next = 21;
break;
}
_context4.next = 20;
return authenticateClientSecretJwt(req.body);
case 20:
clientId = _context4.sent;
case 21:
if (!(clientId == null || clientId === '')) {
_context4.next = 25;
break;
}
L.error('null or empty client ID');
res.status(401).send();
return _context4.abrupt("return");
case 25:
req.clientId = clientId;
next();
_context4.next = 34;
break;
case 29:
_context4.prev = 29;
_context4.t0 = _context4["catch"](0);
L.error(_context4.t0.message);
L.debug(_context4.t0);
res.status(401).send();
case 34:
case "end":
return _context4.stop();
}
}
}, _callee4, null, [[0, 29]]);
}));
return function checkClientAuthentication(_x4, _x5, _x6) {
return _ref4.apply(this, arguments);
};
}();
return {
checkClientAuthentication: checkClientAuthentication
};
};
exports["default"] = _default;