-
Notifications
You must be signed in to change notification settings - Fork 980
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #779 from dthyresson/dt-auth-access-token
getCurrentUser given both decoded & access tokens
- Loading branch information
Showing
18 changed files
with
213 additions
and
166 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
import type { GlobalContext } from 'src/globalContext' | ||
import type { APIGatewayProxyEvent, Context as LambdaContext } from 'aws-lambda' | ||
import type { SupportedAuthTypes } from '@redwoodjs/auth' | ||
|
||
import { netlify } from './netlify' | ||
import { auth0 } from './auth0' | ||
const noop = (token: string) => token | ||
|
||
const typesToDecoders: Record<SupportedAuthTypes, Function> = { | ||
auth0: auth0, | ||
netlify: netlify, | ||
goTrue: netlify, | ||
magicLink: noop, | ||
firebase: noop, | ||
custom: noop, | ||
} | ||
|
||
export const decodeToken = async ( | ||
type: SupportedAuthTypes, | ||
token: string, | ||
req: { | ||
event: APIGatewayProxyEvent | ||
context: GlobalContext & LambdaContext | ||
} | ||
): Promise<null | string | object> => { | ||
if (!typesToDecoders[type]) { | ||
throw new Error( | ||
`The auth type "${type}" is not supported, we currently support: ${Object.keys( | ||
typesToDecoders | ||
).join(', ')}` | ||
) | ||
} | ||
const decoder = typesToDecoders[type] | ||
return decoder(token, req) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
import type { Context as LambdaContext, ClientContext } from 'aws-lambda' | ||
import jwt from 'jsonwebtoken' | ||
|
||
type NetlifyContext = ClientContext & { | ||
user?: object | ||
} | ||
|
||
export const netlify = (token: string, req: { context: LambdaContext }) => { | ||
// Netlify verifies and decodes the JWT before the request is passed to our Serverless | ||
// function, so the decoded JWT is already available in production. | ||
if (process.env.NODE_ENV === 'production') { | ||
const clientContext = req.context.clientContext as NetlifyContext | ||
return clientContext?.user || null | ||
} else { | ||
// We emulate the native Netlify experience in development mode. | ||
// We just decode it since we don't have the signing key. | ||
return jwt.decode(token) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
import type { GlobalContext } from 'src/globalContext' | ||
import type { APIGatewayProxyEvent, Context as LambdaContext } from 'aws-lambda' | ||
import type { SupportedAuthTypes } from '@redwoodjs/auth' | ||
|
||
import { decodeToken } from './decoders' | ||
|
||
// This is shared by `@redwoodjs/web` | ||
const AUTH_PROVIDER_HEADER = 'auth-provider' | ||
|
||
export const getAuthProviderHeader = ( | ||
event: APIGatewayProxyEvent | ||
): SupportedAuthTypes => { | ||
return event?.headers[AUTH_PROVIDER_HEADER] as SupportedAuthTypes | ||
} | ||
|
||
export interface AuthorizationHeader { | ||
schema: 'Bearer' | 'Basic' | ||
token: string | ||
} | ||
/** | ||
* Split the `Authorization` header into a schema and token part. | ||
*/ | ||
export const parseAuthorizationHeader = ( | ||
event: APIGatewayProxyEvent | ||
): AuthorizationHeader => { | ||
const [schema, token] = event.headers?.authorization?.split(' ') | ||
if (!schema.length || !token.length) { | ||
throw new Error('The `Authorization` header is not valid.') | ||
} | ||
// @ts-expect-error | ||
return { schema, token } | ||
} | ||
|
||
export type AuthContextPayload = [ | ||
string | object | null, | ||
{ type: SupportedAuthTypes; token: string } | ||
] | ||
|
||
/** | ||
* Get the authorization information from the request headers and request context. | ||
* @returns [decoded, { type, token }] | ||
**/ | ||
export const getAuthenticationContext = async ({ | ||
event, | ||
context, | ||
}: { | ||
event: APIGatewayProxyEvent | ||
context: GlobalContext & LambdaContext | ||
}): Promise<undefined | AuthContextPayload> => { | ||
const type = getAuthProviderHeader(event) | ||
// No `auth-provider` header means that the user is logged out, | ||
// and none of this is auth malarky is required. | ||
if (!type) { | ||
return undefined | ||
} | ||
|
||
let decoded = null | ||
const { token } = parseAuthorizationHeader(event) | ||
decoded = await decodeToken(type, token, { event, context }) | ||
return [decoded, { type, token }] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.