remix-utils
Version:
This package contains simple utility functions to use with [React Router](https://reactrouter.com/).
56 lines • 2.4 kB
JavaScript
import { JWK, JWT } from "@edgefirst-dev/jwt";
import { unstable_RouterContextProvider, unstable_createContext, } from "react-router";
export function unstable_createJWKAuthMiddleware({ jwksUri, realm = "Secure Area", alg = JWK.Algoritm.ES256, invalidUserMessage = "Unauthorized", ...options }) {
const tokenContext = unstable_createContext();
const remote = JWK.importRemote(new URL(jwksUri), { alg });
const cookieInOptions = "cookie" in options;
return [
async function jwkAuthMiddleware({ request, context }, next) {
let token = null;
if (cookieInOptions) {
token = await options.cookie.parse(request.headers.get("Cookie"));
}
if (!cookieInOptions) {
let authorization = request.headers.get(options.headerName ?? "Authorization");
if (!authorization)
throw await unauthorized(request, context);
let [type, ...rest] = authorization.split(" ");
if (type?.toLowerCase() !== "bearer") {
throw await unauthorized(request, context);
}
token = rest[0] ?? null;
}
if (!token)
throw await unauthorized(request, context);
try {
context.set(tokenContext, await JWT.verify(token, await remote, options.verifyOptions));
}
catch {
throw await unauthorized(request, context);
}
return await next();
},
function getJWTPayload(context) {
return context.get(tokenContext);
},
];
async function getInvalidUserMessage(args) {
if (invalidUserMessage === undefined)
return "Unauthorized";
if (typeof invalidUserMessage === "string")
return invalidUserMessage;
if (typeof invalidUserMessage === "function") {
return await invalidUserMessage(args);
}
return invalidUserMessage;
}
async function unauthorized(request, context) {
let message = await getInvalidUserMessage({ request, context });
return Response.json(message, {
status: 401,
statusText: "Unauthorized",
headers: { "WWW-Authenticate": `Bearer realm="${realm}"` },
});
}
}
//# sourceMappingURL=jwk-auth.js.map