UNPKG

next-auth

Version:

Authentication for Next.js

authjs.dev

nextauthjs/next-auth

101 lines (100 loc) 3.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
"use strict"; var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault"); Object.defineProperty(exports, "__esModule", { value: true }); var _exportNames = { encode: true, decode: true, getToken: true }; exports.decode = decode; exports.encode = encode; exports.getToken = getToken; var _jose = require("jose"); var _hkdf = _interopRequireDefault(require("@panva/hkdf")); var _uuid = require("uuid"); var _cookie = require("../core/lib/cookie"); var _types = require("./types"); Object.keys(_types).forEach(function (key) { if (key === "default" || key === "__esModule") return; if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return; if (key in exports && exports[key] === _types[key]) return; Object.defineProperty(exports, key, { enumerable: true, get: function () { return _types[key]; } }); }); const DEFAULT_MAX_AGE = 30 * 24 * 60 * 60; const now = () => Date.now() / 1000 | 0; async function encode(params) { const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt = "" } = params; const encryptionSecret = await getDerivedEncryptionKey(secret, salt); return await new _jose.EncryptJWT(token).setProtectedHeader({ alg: "dir", enc: "A256GCM" }).setIssuedAt().setExpirationTime(now() + maxAge).setJti((0, _uuid.v4)()).encrypt(encryptionSecret); } async function decode(params) { const { token, secret, salt = "" } = params; if (!token) return null; const encryptionSecret = await getDerivedEncryptionKey(secret, salt); const { payload } = await (0, _jose.jwtDecrypt)(token, encryptionSecret, { clockTolerance: 15 }); return payload; } async function getToken(params) { var _process$env$NEXTAUTH, _process$env$NEXTAUTH2, _process$env$NEXTAUTH3, _req$headers; const { req, secureCookie = (_process$env$NEXTAUTH = (_process$env$NEXTAUTH2 = process.env.NEXTAUTH_URL) === null || _process$env$NEXTAUTH2 === void 0 ? void 0 : _process$env$NEXTAUTH2.startsWith("https://")) !== null && _process$env$NEXTAUTH !== void 0 ? _process$env$NEXTAUTH : !!process.env.VERCEL, cookieName = secureCookie ? "__Secure-next-auth.session-token" : "next-auth.session-token", raw, decode: _decode = decode, logger = console, secret = (_process$env$NEXTAUTH3 = process.env.NEXTAUTH_SECRET) !== null && _process$env$NEXTAUTH3 !== void 0 ? _process$env$NEXTAUTH3 : process.env.AUTH_SECRET } = params; if (!req) throw new Error("Must pass `req` to JWT getToken()"); const sessionStore = new _cookie.SessionStore({ name: cookieName, options: { secure: secureCookie } }, { cookies: req.cookies, headers: req.headers }, logger); let token = sessionStore.value; const authorizationHeader = req.headers instanceof Headers ? req.headers.get("authorization") : (_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : _req$headers.authorization; if (!token && (authorizationHeader === null || authorizationHeader === void 0 ? void 0 : authorizationHeader.split(" ")[0]) === "Bearer") { const urlEncodedToken = authorizationHeader.split(" ")[1]; token = decodeURIComponent(urlEncodedToken); } if (!token) return null; if (raw) return token; try { return await _decode({ token, secret }); } catch (_unused) { return null; } } async function getDerivedEncryptionKey(keyMaterial, salt) { return await (0, _hkdf.default)("sha256", keyMaterial, salt, `NextAuth.js Generated Encryption Key${salt ? ` (${salt})` : ""}`, 32); }