feat: add support for logout flow

Azure · Jun 30, 2020 · a4b9f97 · a4b9f97
1 parent c4a6431
commit a4b9f97
Show file tree

Hide file tree

Showing 14 changed files with 262 additions and 19 deletions.
diff --git a/app_auth_logout/function.json b/app_auth_logout/function.json
@@ -0,0 +1,19 @@
+{
+  "bindings": [
+    {
+      "authLevel": "function",
+      "type": "httpTrigger",
+      "direction": "in",
+      "name": "req",
+      "methods": [
+        "get"
+      ],
+      "route": "app/.auth/logout"
+    },
+    {
+      "type": "http",
+      "direction": "out",
+      "name": "res"
+    }
+  ]
+}
diff --git a/app_auth_logout/index.js b/app_auth_logout/index.js
@@ -0,0 +1,32 @@
+const { response, validateCookie } = require("../utils");
+
+module.exports = async function (context, req) {
+  const cookie = req.headers.cookie;
+  const { post_logout_redirect_uri } = req.query;
+
+  if (!cookie || !validateCookie(cookie)) {
+    return response({
+      context,
+      status: 401,
+    });
+  }
+
+  context.res = response({
+    context,
+    status: 302,
+    cookies: [
+      {
+        name: "StaticWebAppsAuthContextCookie",
+        value: process.env.StaticWebAppsAuthContextCookie,
+        path: "/",
+        secure: false,
+        HttpOnly: false,
+        domain: "127.0.0.1",
+        SameSite: "None",
+      },
+    ],
+    headers: {
+      location: `http://127.0.0.1:4242/.redirect/logout?hostName=127.0.0.1`,
+    },
+  });
+};
diff --git a/app_auth_logout_complete/function.json b/app_auth_logout_complete/function.json
@@ -0,0 +1,19 @@
+{
+  "bindings": [
+    {
+      "authLevel": "function",
+      "type": "httpTrigger",
+      "direction": "in",
+      "name": "req",
+      "methods": [
+        "get"
+      ],
+      "route": "app/.auth/logout/complete"
+    },
+    {
+      "type": "http",
+      "direction": "out",
+      "name": "res"
+    }
+  ]
+}
diff --git a/app_auth_logout_complete/index.js b/app_auth_logout_complete/index.js
@@ -0,0 +1,40 @@
+const { response } = require("../utils");
+
+module.exports = async function (context, req) {
+  context.res = response({
+    context,
+    status: 302,
+    cookies: [
+      {
+        name: "StaticWebAppsAuthCookie",
+        value: "deleted",
+        path: "/",
+        secure: false,
+        HttpOnly: false,
+        domain: "127.0.0.1",
+        expires: new Date(1970),
+      },
+      {
+        name: "StaticSitesAuthCookie",
+        value: "deleted",
+        path: "/",
+        secure: false,
+        HttpOnly: false,
+        domain: "127.0.0.1",
+        expires: new Date(1970),
+      },
+      {
+        name: "StaticWebAppsAuthContextCookie",
+        value: "deleted",
+        path: "/",
+        secure: false,
+        HttpOnly: false,
+        domain: "127.0.0.1",
+        expires: new Date(1970),
+      },
+    ],
+    headers: {
+      location: `http://127.0.0.1:4200/`,
+    },
+  });
+};
diff --git a/app_auth_me/function.json b/app_auth_me/function.json
@@ -13,7 +13,7 @@
     {
       "type": "http",
       "direction": "out",
-      "name": "$return"
+      "name": "res"
     }
   ]
 }
diff --git a/app_auth_me/index.js b/app_auth_me/index.js
@@ -5,16 +5,17 @@ module.exports = async function (context, req) {
   const cookie = req.headers.cookie;
 
   if (!cookie || !validateCookie(cookie)) {
-    return response({
+    context.res = response({
       context,
       status: 200,
       body: {
         clientPrincipal: null
       }
     });
+    return;
   }
 
-  return response({
+  context.res = response({
     context,
     status: 200,
     body: {

diff --git a/identity_auth_logout/function.json b/identity_auth_logout/function.json
@@ -0,0 +1,19 @@
+{
+  "bindings": [
+    {
+      "authLevel": "function",
+      "type": "httpTrigger",
+      "direction": "in",
+      "name": "req",
+      "methods": [
+        "get"
+      ],
+      "route": ".auth/logout"
+    },
+    {
+      "type": "http",
+      "direction": "out",
+      "name": "res"
+    }
+  ]
+}
diff --git a/identity_auth_logout/index.js b/identity_auth_logout/index.js
@@ -0,0 +1,21 @@
+const { response } = require("../utils");
+
+module.exports = async function (context, req) {
+  context.res = response({
+    context,
+    status: 302,
+    cookies: [
+      {
+        name: "AppServiceAuthSession",
+        value: "deleted",
+        path: "/",
+        secure: false,
+        HttpOnly: false,
+        expires: new Date(1970),
+      },
+    ],
+    headers: {
+      location: `http://127.0.0.1:4242/.auth/logout/complete`,
+    },
+  });
+};
diff --git a/identity_auth_logout_complete/function.json b/identity_auth_logout_complete/function.json
@@ -0,0 +1,19 @@
+{
+  "bindings": [
+    {
+      "authLevel": "function",
+      "type": "httpTrigger",
+      "direction": "in",
+      "name": "req",
+      "methods": [
+        "get"
+      ],
+      "route": ".auth/logout/complete"
+    },
+    {
+      "type": "http",
+      "direction": "out",
+      "name": "res"
+    }
+  ]
+}
diff --git a/identity_auth_logout_complete/index.js b/identity_auth_logout_complete/index.js
@@ -0,0 +1,24 @@
+const { response } = require("../utils");
+
+module.exports = async function (context, req) {
+  const location = `http://127.0.0.1:4242/app/.auth/logout/complete`;
+
+  context.res = response({
+    context,
+    status: 302,
+    cookies: [
+      {
+        name: "StaticWebAppsAuthContextCookie",
+        value: "deleted",
+        path: "/",
+        secure: false,
+        HttpOnly: false,
+        domain: "127.0.0.1",
+        expires: new Date(1970),
+      },
+    ],
+    headers: {
+      location,
+    },
+  });
+};
diff --git a/identity_redirect_logout/function.json b/identity_redirect_logout/function.json
@@ -0,0 +1,19 @@
+{
+  "bindings": [
+    {
+      "authLevel": "function",
+      "type": "httpTrigger",
+      "direction": "in",
+      "name": "req",
+      "methods": [
+        "get"
+      ],
+      "route": ".redirect/logout"
+    },
+    {
+      "type": "http",
+      "direction": "out",
+      "name": "res"
+    }
+  ]
+}
diff --git a/identity_redirect_logout/index.js b/identity_redirect_logout/index.js
@@ -0,0 +1,26 @@
+const { response } = require("../utils");
+
+module.exports = async function (context, req) {
+  const { hostName, post_logout_redirect_uri = "/" } = req.query;
+
+  const location = `http://127.0.0.1:4242/.auth/logout?post_login_redirect_uri=${post_logout_redirect_uri}`;
+
+  context.res = response({
+    context,
+    status: 302,
+    cookies: [
+      {
+        name: "StaticWebAppsAuthContextCookie",
+        value: process.env.StaticWebAppsAuthContextCookie,
+        path: "/",
+        secure: false,
+        HttpOnly: false,
+        domain: "127.0.0.1",
+        SameSite: "None",
+      },
+    ],
+    headers: {
+      location,
+    },
+  });
+};
diff --git a/identity_redirect_provider/function.json b/identity_redirect_provider/function.json
@@ -8,7 +8,7 @@
       "methods": [
         "get"
       ],
-      "route": ".redirect/{provider}"
+      "route": ".redirect/{provider:regex(aad|github|twitter|google|facebook)}"
     },
     {
       "type": "http",

diff --git a/utils.js b/utils.js
@@ -1,4 +1,4 @@
-const cookie = require('cookie');
+const cookie = require("cookie");
 
 module.exports.response = ({ context, status, headers, cookies, body = "" }) => {
   let location;
@@ -11,16 +11,9 @@ module.exports.response = ({ context, status, headers, cookies, body = "" }) =>
     };
   }
 
-  const res = {
-    status,
-    headers,
-    cookies,
-    headers: {
-      status,
-      "Content-Type": "application/json",
-      ...headers,
-    },
-    body:
+  body = body || null;
+  if (process.env.DEBUG) {
+    body =
       body ||
       JSON.stringify(
         {
@@ -41,12 +34,23 @@ module.exports.response = ({ context, status, headers, cookies, body = "" }) =>
         },
         null,
         2
-      ),
+      );
+  }
+
+  const res = {
+    status,
+    headers,
+    cookies,
+    headers: {
+      status,
+      //"Content-Type": "application/json",
+      ...headers,
+    },
+    body,
   };
   return res;
 };
 
-
 module.exports.validateCookie = (cookieValue) => {
   const cookies = cookie.parse(cookieValue);
   console.log(JSON.stringify(cookies));
@@ -56,5 +60,5 @@ module.exports.validateCookie = (cookieValue) => {
     return cookies.StaticWebAppsAuthCookie === process.env.StaticWebAppsAuthCookie;
   }
 
- return false;
-}
+  return false;
+};