feat: base support OIDC

GiovanniCardamone · May 8, 2022 · 419d69b · 419d69b
1 parent 40ddadf
commit 419d69b
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 7 deletions.
diff --git a/src/index.ts b/src/index.ts
@@ -8,6 +8,7 @@ import {
 	BearerAuth,
 	OAS2_SecurityType,
 	OAS3_SecurityType,
+	OpenIdConnectAuth,
 	SecurityTypes,
 	StrictSecurity,
 } from './types'
@@ -152,6 +153,7 @@ export default fastifyPlugin<FastifyAutosecurityOptions>(
 				if (securityData !== undefined) {
 					try {
 						// @ts-expect-error ts cannot figure out security data to apply
+						// eslint-disable-next-line
 						solvedSecurity[security] = await securityModules[
 							security
 						].handle.apply(
@@ -215,7 +217,7 @@ export default fastifyPlugin<FastifyAutosecurityOptions>(
 
 		fastify.addHook('onReady', async () => {
 			if ('swagger' in fastify === false) {
-				throw new Error(`Missing Peer Deps 'fastify-swagger'`)
+				throw new Error('Missing Peer Deps "fastify-swagger"')
 			}
 
 			const securityDefinitions = Object.entries(securityModules).reduce(
@@ -225,7 +227,7 @@ export default fastifyPlugin<FastifyAutosecurityOptions>(
 				{}
 			)
 
-			// @ts-ignore injected by fastify-swagger
+			// @ts-expect-error injected by fastify-swagger
 			const swagger = fastify.swagger({
 				swagger: {
 					securityDefinitions,
@@ -278,6 +280,7 @@ function loadModule(
 	name: string,
 	path: string
 ): (instance: any) => StrictSecurity<any> {
+	// eslint-disable-next-line
 	const module = require(path)
 
 	if (typeof module === 'function') {
@@ -312,7 +315,8 @@ function getSecurityData(security: SecurityTypes, request: FastifyRequest) {
 		case 'apiKey':
 			return getApiKeySecurityData(security, request)
 		// case 'oauth2': return getOAuth2SecurityData(security, request)
-		// case 'openIdConnect': return getOpenIdConnectSecurityData(security, request)
+		case 'openIdConnect':
+			return getOpenIdConnectSecurityData(security, request)
 		default:
 			invalidSecurity(security)
 	}
@@ -352,4 +356,11 @@ function getBearerAuthSecurityData(
 		: undefined
 }
 
+function getOpenIdConnectSecurityData(
+	security: OpenIdConnectAuth,
+	request: FastifyRequest
+) {
+	return request.headers.authorization
+}
+
 export * from './types'
diff --git a/src/types.ts b/src/types.ts
@@ -5,17 +5,25 @@ type Scope<T> = (retrived: T, scopes: string[]) => boolean | Promise<boolean>
 type ValidateScope = (scope: string) => boolean
 
 export type OAS2_SecurityType = OAS2_BasicAuth | ApiKeyAuth
-export type OAS3_SecurityType = OAS3_BasicAuth | ApiKeyAuth | BearerAuth
-
-export type SecurityTypes = BasicAuth | ApiKeyAuth | BearerAuth
+export type OAS3_SecurityType =
+	| OAS3_BasicAuth
+	| ApiKeyAuth
+	| BearerAuth
+	| OpenIdConnectAuth
+
+export type SecurityTypes =
+	| BasicAuth
+	| ApiKeyAuth
+	| BearerAuth
+	| OpenIdConnectAuth
 // | OAuth2Auth | OpenIdConnectAuth
 
 export type StrictSecurity<T> =
 	| StrictBasicAuthSecurity<T>
 	| StrictApiKeySecurity<T>
 	| StrictBearerSecurity<T>
+	| StrictOpenIdConnectSecurity<T>
 // | StrictOAuth2Security<T>
-// | StrictOpenIdConnectSecurity<T>
 
 // ======== BASIC AUTH
 
@@ -72,3 +80,19 @@ export interface StrictBearerSecurity<T extends unknown> {
 	validScopes?: string[]
 	validateScope?: ValidateScope
 }
+
+// ======== OPENID AUTH
+
+export interface OpenIdConnectAuth {
+	type: 'openIdConnect'
+	openIdConnectUrl: string
+	description?: string
+}
+
+export interface StrictOpenIdConnectSecurity<T extends unknown> {
+	security: OpenIdConnectAuth
+	handle: (token: string) => SecurityAgent<T>
+	scopes: Scope<T>
+	validScopes?: string[]
+	validateScope?: ValidateScope
+}