Comparing version 2.0.5-alpha.0 to 2.0.5-alpha.1
"use strict"; | ||
var __importDefault = (this && this.__importDefault) || function (mod) { | ||
return (mod && mod.__esModule) ? mod : { "default": mod }; | ||
}; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
@@ -6,174 +9,27 @@ exports.KauthProvider = void 0; | ||
const url_1 = require("url"); | ||
const path_1 = __importDefault(require("path")); | ||
class KauthProvider { | ||
maxAge = 2147483647; | ||
moziAuthenticator; | ||
googleAuthenticator; | ||
miniprogramAuthenticator; | ||
subjectProvider; | ||
jwtProvider; | ||
router; | ||
permissionHandler; | ||
moziTokenUri; | ||
moziBindUri; | ||
moziPrompt; | ||
googleTokenUri; | ||
googleBindUri; | ||
googlePrompt; | ||
miniprogramTokenUri; | ||
miniprogramBindUri; | ||
miniprogramPrompt; | ||
logoutRedirectUri; | ||
unautorizedRedirectUri; | ||
unauthorizedRedirectIgnore; | ||
loginHandler; | ||
authHandler; | ||
constructor(kauthConfig) { | ||
this.maxAge = 2147483647; | ||
this.dispatch = async (ctx, next) => { | ||
await this.router.dispatch(ctx, next); | ||
}; | ||
this.logout = async (ctx) => { | ||
const { callback } = ctx.request.query; | ||
ctx.cookies.set('Authorization', '', { | ||
path: '/', | ||
httpOnly: true, | ||
maxAge: 0, | ||
}); | ||
if (callback) { | ||
ctx.redirect(callback); | ||
return; | ||
} | ||
ctx.redirect(this.logoutRedirectUri); | ||
}; | ||
this.redirectMoziAuthorizeUri = async (ctx) => { | ||
const { type, origin, callback = origin } = ctx.request.query; | ||
this.assertCallbackLegal(callback, origin); | ||
if (type === 'binding') { | ||
const userId = await this.getBindingUserIdFromCookie(ctx); | ||
if (!userId) { | ||
return this.illegalToBindAccount(ctx); | ||
} | ||
const state = this.formatState({ origin, userId, callback }); | ||
const url = await this.moziAuthenticator.authorizeURL(origin + this.moziBindUri, state, this.moziPrompt); | ||
return ctx.redirect(url); | ||
} | ||
const state = this.formatState({ origin, callback }); | ||
const url = await this.moziAuthenticator.authorizeURL(origin + this.moziTokenUri, state, this.moziPrompt); | ||
ctx.redirect(url); | ||
}; | ||
this.redirectGoogleAuthorizeUri = async (ctx) => { | ||
const { type, origin, callback = origin } = ctx.request.query; | ||
this.assertCallbackLegal(callback, origin); | ||
if (type === 'binding') { | ||
const userId = await this.getBindingUserIdFromCookie(ctx); | ||
if (!userId) { | ||
return this.illegalToBindAccount(ctx); | ||
} | ||
const state = this.formatState({ origin, userId, callback }); | ||
const url = await this.googleAuthenticator.authorizeURL(origin + this.googleBindUri, state, this.googlePrompt); | ||
return ctx.redirect(url); | ||
} | ||
const state = this.formatState({ origin, callback }); | ||
const url = await this.googleAuthenticator.authorizeURL(origin + this.googleTokenUri, state, this.googlePrompt); | ||
ctx.redirect(url); | ||
}; | ||
this.redirectMiniProgarmAuthorizeUri = async (ctx) => { | ||
const { type, origin, callback = origin } = ctx.request.query; | ||
this.assertCallbackLegal(callback, origin); | ||
if (type === 'binding') { | ||
const userId = await this.getBindingUserIdFromCookie(ctx); | ||
if (!userId) { | ||
return this.illegalToBindAccount(ctx); | ||
} | ||
const state = this.formatState({ origin, userId, callback }); | ||
const url = await this.miniprogramAuthenticator.authorizeURL(origin + this.miniprogramBindUri, state, this.miniprogramPrompt); | ||
return ctx.redirect(url); | ||
} | ||
const state = this.formatState({ origin, callback }); | ||
const url = await this.miniprogramAuthenticator.authorizeURL(origin + this.miniprogramTokenUri, state, this.miniprogramPrompt); | ||
ctx.redirect(url); | ||
}; | ||
this.redirectMoziToken = async (ctx) => { | ||
const { code, state } = ctx.request.query; | ||
const { origin, callback } = this.parseState(state); | ||
const authenticationInformation = await this.moziAuthenticator.authenticate(code, origin + this.moziTokenUri); | ||
await this.handleAuthenticationInformation(ctx, authenticationInformation, callback); | ||
}; | ||
this.redirectGoogleToken = async (ctx) => { | ||
const { code, state } = ctx.request.query; | ||
const { origin, callback } = this.parseState(state); | ||
const authenticationInformation = await this.googleAuthenticator.authenticate(code, origin + this.googleTokenUri); | ||
await this.handleAuthenticationInformation(ctx, authenticationInformation, callback); | ||
}; | ||
this.redirectMiniprogramToken = async (ctx) => { | ||
const { loginToken, state } = ctx.request.query; | ||
const { origin, callback } = this.parseState(state); | ||
const authenticationInformation = await this.miniprogramAuthenticator.authenticate(loginToken, origin + this.miniprogramTokenUri); | ||
await this.handleAuthenticationInformation(ctx, authenticationInformation, callback); | ||
}; | ||
this.bindMozi = async (ctx) => { | ||
const { code, state } = ctx.query; | ||
const { origin, userId, callback } = this.parseState(state); | ||
await this.moziAuthenticator.bind(userId, code, origin + this.moziBindUri); | ||
ctx.redirect(callback); | ||
}; | ||
this.bindGoogle = async (ctx) => { | ||
const { code, state } = ctx.query; | ||
const { origin, userId, callback } = this.parseState(state); | ||
await this.googleAuthenticator.bind(userId, code, origin + this.googleBindUri); | ||
ctx.redirect(callback); | ||
}; | ||
this.bindMiniprogram = async (ctx) => { | ||
const { loginToken, state } = ctx.query; | ||
const { origin, userId, callback } = this.parseState(state); | ||
await this.miniprogramAuthenticator.bind(userId, loginToken, origin + this.miniprogramBindUri); | ||
ctx.redirect(callback); | ||
}; | ||
this.fallback = async (ctx, next) => { | ||
// verify | ||
const token = ctx.cookies.get('Authorization'); | ||
let sub; | ||
if (this.authHandler) { | ||
sub = await this.subjectProvider.verify(token); | ||
if (!sub) { | ||
const redirectIgnored = this.unauthorizedRedirectIgnore && ctx.request.path.startsWith(this.unauthorizedRedirectIgnore); | ||
if (this.unautorizedRedirectUri && !redirectIgnored) { | ||
const callback = encodeURIComponent(ctx.request.path + ctx.request.search); | ||
return ctx.redirect(`${this.unautorizedRedirectUri}?callback=${callback}`); | ||
} | ||
ctx.status = 401; | ||
return; | ||
} | ||
await this.authHandler(ctx, sub); | ||
const refreshedToken = this.subjectProvider.refresh(token); | ||
if (refreshedToken) { | ||
this.saveJsonWebTokenToHeader(ctx, refreshedToken); | ||
} | ||
} | ||
else { | ||
const authenticationInformation = await this.jwtProvider.verify(token); | ||
if (!authenticationInformation) { | ||
const redirectIgnored = this.unauthorizedRedirectIgnore && ctx.request.path.startsWith(this.unauthorizedRedirectIgnore); | ||
if (this.unautorizedRedirectUri && !redirectIgnored) { | ||
const callback = encodeURIComponent(ctx.request.path + ctx.request.search); | ||
return ctx.redirect(`${this.unautorizedRedirectUri}?callback=${callback}`); | ||
} | ||
ctx.status = 401; | ||
return; | ||
} | ||
sub = authenticationInformation.primaryPrincipal.id; | ||
this.saveAuthenticationInformationToContext(ctx, authenticationInformation); | ||
const refreshedToken = this.jwtProvider.refresh(token); | ||
if (refreshedToken) { | ||
this.saveJsonWebTokenToHeader(ctx, refreshedToken); | ||
} | ||
} | ||
if (this.permissionHandler) { | ||
await this.permissionHandler(ctx, sub); | ||
} | ||
return next(); | ||
}; | ||
this.handleAuthenticationInformation = async (ctx, authenticationInformation, callback) => { | ||
this.saveAuthenticationInformationToContext(ctx, authenticationInformation); | ||
const token = this.jwtProvider.authenticate(authenticationInformation); | ||
this.saveJsonWebTokenToHeader(ctx, token); | ||
if (this.loginHandler) { | ||
await this.loginHandler(ctx, authenticationInformation); | ||
} | ||
ctx.redirect(callback); | ||
}; | ||
this.saveAuthenticationInformationToContext = (ctx, authenticationInformation) => { | ||
ctx.authenticationInformation = authenticationInformation; | ||
}; | ||
this.saveJsonWebTokenToHeader = (ctx, token) => { | ||
ctx.cookies.set('Authorization', token, { | ||
path: '/', | ||
httpOnly: true, | ||
maxAge: this.maxAge, | ||
}); | ||
}; | ||
this.formatState = (obj = {}) => { | ||
return Buffer.from(JSON.stringify(obj)).toString('base64'); | ||
}; | ||
this.parseState = (str = '') => { | ||
return JSON.parse(Buffer.from(str, 'base64').toString('utf8')); | ||
}; | ||
const kauthApi = new kauth_sdk_node_1.KauthApi(kauthConfig); | ||
@@ -219,2 +75,147 @@ this.moziAuthenticator = new kauth_sdk_node_1.MoziAuthenticator(kauthApi); | ||
} | ||
dispatch = async (ctx, next) => { | ||
await this.router.dispatch(ctx, next); | ||
}; | ||
logout = async (ctx) => { | ||
const { callback } = ctx.request.query; | ||
ctx.cookies.set('Authorization', '', { | ||
path: '/', | ||
httpOnly: true, | ||
maxAge: 0, | ||
}); | ||
// for security reason, onlt allow relative path | ||
if (callback && path_1.default.normalize(callback).startsWith('/')) { | ||
ctx.redirect(callback); | ||
return; | ||
} | ||
ctx.redirect(this.logoutRedirectUri); | ||
}; | ||
redirectMoziAuthorizeUri = async (ctx) => { | ||
const { type, origin, callback = origin } = ctx.request.query; | ||
this.assertCallbackLegal(callback, origin); | ||
if (type === 'binding') { | ||
const userId = await this.getBindingUserIdFromCookie(ctx); | ||
if (!userId) { | ||
return this.illegalToBindAccount(ctx); | ||
} | ||
const state = this.formatState({ origin, userId, callback }); | ||
const url = await this.moziAuthenticator.authorizeURL(origin + this.moziBindUri, state, this.moziPrompt); | ||
return ctx.redirect(url); | ||
} | ||
const state = this.formatState({ origin, callback }); | ||
const url = await this.moziAuthenticator.authorizeURL(origin + this.moziTokenUri, state, this.moziPrompt); | ||
ctx.redirect(url); | ||
}; | ||
redirectGoogleAuthorizeUri = async (ctx) => { | ||
const { type, origin, callback = origin } = ctx.request.query; | ||
this.assertCallbackLegal(callback, origin); | ||
if (type === 'binding') { | ||
const userId = await this.getBindingUserIdFromCookie(ctx); | ||
if (!userId) { | ||
return this.illegalToBindAccount(ctx); | ||
} | ||
const state = this.formatState({ origin, userId, callback }); | ||
const url = await this.googleAuthenticator.authorizeURL(origin + this.googleBindUri, state, this.googlePrompt); | ||
return ctx.redirect(url); | ||
} | ||
const state = this.formatState({ origin, callback }); | ||
const url = await this.googleAuthenticator.authorizeURL(origin + this.googleTokenUri, state, this.googlePrompt); | ||
ctx.redirect(url); | ||
}; | ||
redirectMiniProgarmAuthorizeUri = async (ctx) => { | ||
const { type, origin, callback = origin } = ctx.request.query; | ||
this.assertCallbackLegal(callback, origin); | ||
if (type === 'binding') { | ||
const userId = await this.getBindingUserIdFromCookie(ctx); | ||
if (!userId) { | ||
return this.illegalToBindAccount(ctx); | ||
} | ||
const state = this.formatState({ origin, userId, callback }); | ||
const url = await this.miniprogramAuthenticator.authorizeURL(origin + this.miniprogramBindUri, state, this.miniprogramPrompt); | ||
return ctx.redirect(url); | ||
} | ||
const state = this.formatState({ origin, callback }); | ||
const url = await this.miniprogramAuthenticator.authorizeURL(origin + this.miniprogramTokenUri, state, this.miniprogramPrompt); | ||
ctx.redirect(url); | ||
}; | ||
redirectMoziToken = async (ctx) => { | ||
const { code, state } = ctx.request.query; | ||
const { origin, callback } = this.parseState(state); | ||
const authenticationInformation = await this.moziAuthenticator.authenticate(code, origin + this.moziTokenUri); | ||
await this.handleAuthenticationInformation(ctx, authenticationInformation, callback); | ||
}; | ||
redirectGoogleToken = async (ctx) => { | ||
const { code, state } = ctx.request.query; | ||
const { origin, callback } = this.parseState(state); | ||
const authenticationInformation = await this.googleAuthenticator.authenticate(code, origin + this.googleTokenUri); | ||
await this.handleAuthenticationInformation(ctx, authenticationInformation, callback); | ||
}; | ||
redirectMiniprogramToken = async (ctx) => { | ||
const { loginToken, state } = ctx.request.query; | ||
const { origin, callback } = this.parseState(state); | ||
const authenticationInformation = await this.miniprogramAuthenticator.authenticate(loginToken, origin + this.miniprogramTokenUri); | ||
await this.handleAuthenticationInformation(ctx, authenticationInformation, callback); | ||
}; | ||
bindMozi = async (ctx) => { | ||
const { code, state } = ctx.query; | ||
const { origin, userId, callback } = this.parseState(state); | ||
await this.moziAuthenticator.bind(userId, code, origin + this.moziBindUri); | ||
ctx.redirect(callback); | ||
}; | ||
bindGoogle = async (ctx) => { | ||
const { code, state } = ctx.query; | ||
const { origin, userId, callback } = this.parseState(state); | ||
await this.googleAuthenticator.bind(userId, code, origin + this.googleBindUri); | ||
ctx.redirect(callback); | ||
}; | ||
bindMiniprogram = async (ctx) => { | ||
const { loginToken, state } = ctx.query; | ||
const { origin, userId, callback } = this.parseState(state); | ||
await this.miniprogramAuthenticator.bind(userId, loginToken, origin + this.miniprogramBindUri); | ||
ctx.redirect(callback); | ||
}; | ||
fallback = async (ctx, next) => { | ||
// verify | ||
const token = ctx.cookies.get('Authorization'); | ||
let sub; | ||
if (this.authHandler) { | ||
sub = await this.subjectProvider.verify(token); | ||
if (!sub) { | ||
const redirectIgnored = this.unauthorizedRedirectIgnore && ctx.request.path.startsWith(this.unauthorizedRedirectIgnore); | ||
if (this.unautorizedRedirectUri && !redirectIgnored) { | ||
const callback = encodeURIComponent(ctx.request.path + ctx.request.search); | ||
return ctx.redirect(`${this.unautorizedRedirectUri}?callback=${callback}`); | ||
} | ||
ctx.status = 401; | ||
return; | ||
} | ||
await this.authHandler(ctx, sub); | ||
const refreshedToken = this.subjectProvider.refresh(token); | ||
if (refreshedToken) { | ||
this.saveJsonWebTokenToHeader(ctx, refreshedToken); | ||
} | ||
} | ||
else { | ||
const authenticationInformation = await this.jwtProvider.verify(token); | ||
if (!authenticationInformation) { | ||
const redirectIgnored = this.unauthorizedRedirectIgnore && ctx.request.path.startsWith(this.unauthorizedRedirectIgnore); | ||
if (this.unautorizedRedirectUri && !redirectIgnored) { | ||
const callback = encodeURIComponent(ctx.request.path + ctx.request.search); | ||
return ctx.redirect(`${this.unautorizedRedirectUri}?callback=${callback}`); | ||
} | ||
ctx.status = 401; | ||
return; | ||
} | ||
sub = authenticationInformation.primaryPrincipal.id; | ||
this.saveAuthenticationInformationToContext(ctx, authenticationInformation); | ||
const refreshedToken = this.jwtProvider.refresh(token); | ||
if (refreshedToken) { | ||
this.saveJsonWebTokenToHeader(ctx, refreshedToken); | ||
} | ||
} | ||
if (this.permissionHandler) { | ||
await this.permissionHandler(ctx, sub); | ||
} | ||
return next(); | ||
}; | ||
illegalToBindAccount(ctx) { | ||
@@ -231,2 +232,21 @@ ctx.status = 500; | ||
} | ||
handleAuthenticationInformation = async (ctx, authenticationInformation, callback) => { | ||
this.saveAuthenticationInformationToContext(ctx, authenticationInformation); | ||
const token = this.jwtProvider.authenticate(authenticationInformation); | ||
this.saveJsonWebTokenToHeader(ctx, token); | ||
if (this.loginHandler) { | ||
await this.loginHandler(ctx, authenticationInformation); | ||
} | ||
ctx.redirect(callback); | ||
}; | ||
saveAuthenticationInformationToContext = (ctx, authenticationInformation) => { | ||
ctx.authenticationInformation = authenticationInformation; | ||
}; | ||
saveJsonWebTokenToHeader = (ctx, token) => { | ||
ctx.cookies.set('Authorization', token, { | ||
path: '/', | ||
httpOnly: true, | ||
maxAge: this.maxAge, | ||
}); | ||
}; | ||
assertCallbackLegal(callback, origin) { | ||
@@ -239,5 +259,13 @@ const { host: callbackHost } = new url_1.URL(callback); | ||
} | ||
formatState = (obj = {}) => { | ||
return Buffer.from(JSON.stringify(obj)).toString('base64'); | ||
}; | ||
parseState = (str = '') => { | ||
return JSON.parse(Buffer.from(str, 'base64').toString('utf8')); | ||
}; | ||
} | ||
exports.KauthProvider = KauthProvider; | ||
class KauthRouter { | ||
_routes; | ||
_fallback; | ||
constructor() { | ||
@@ -244,0 +272,0 @@ this._routes = {}; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.default = factory; | ||
const lib_1 = require("../lib"); | ||
@@ -17,2 +18,1 @@ function factory(kauthConfig) { | ||
} | ||
exports.default = factory; |
"use strict"; | ||
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { | ||
if (k2 === undefined) k2 = k; | ||
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); | ||
var desc = Object.getOwnPropertyDescriptor(m, k); | ||
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { | ||
desc = { enumerable: true, get: function() { return m[k]; } }; | ||
} | ||
Object.defineProperty(o, k2, desc); | ||
}) : (function(o, m, k, k2) { | ||
@@ -10,5 +14,5 @@ if (k2 === undefined) k2 = k; | ||
var __exportStar = (this && this.__exportStar) || function(m, exports) { | ||
for (var p in m) if (p !== "default" && !exports.hasOwnProperty(p)) __createBinding(exports, m, p); | ||
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p); | ||
}; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
__exportStar(require("kauth-sdk-node"), exports); |
{ | ||
"name": "egg-kauth", | ||
"version": "2.0.5-alpha.0", | ||
"version": "2.0.5-alpha.1", | ||
"description": "egg kauth plugin", | ||
@@ -5,0 +5,0 @@ "eggPlugin": { |
23034
537