From 17069475e073eb117327a27a6712e164d5fe64c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Torma?= Date: Tue, 14 May 2024 18:44:31 +0200 Subject: [PATCH] Fix RPError issuer timeouts with future/auth (#3762) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ♻️ Proxy issuers to avoid calling them when users do not use the adapters * 🩹 Upload changeset --- .changeset/old-camels-report.md | 5 +++++ .../sst/src/node/future/auth/adapter/apple.ts | 18 +++++++++++++----- .../sst/src/node/future/auth/adapter/google.ts | 17 +++++++++++++---- pnpm-lock.yaml | 7 ++++++- 4 files changed, 37 insertions(+), 10 deletions(-) create mode 100644 .changeset/old-camels-report.md diff --git a/.changeset/old-camels-report.md b/.changeset/old-camels-report.md new file mode 100644 index 0000000000..66c514dee2 --- /dev/null +++ b/.changeset/old-camels-report.md @@ -0,0 +1,5 @@ +--- +"sst": patch +--- + +Proxy issuer calls to avoid timeouts on unused auth adapters diff --git a/packages/sst/src/node/future/auth/adapter/apple.ts b/packages/sst/src/node/future/auth/adapter/apple.ts index a520c658f0..9d2c247417 100644 --- a/packages/sst/src/node/future/auth/adapter/apple.ts +++ b/packages/sst/src/node/future/auth/adapter/apple.ts @@ -1,5 +1,5 @@ import querystring from 'node:querystring'; -import { generators, Issuer } from 'openid-client'; +import {BaseClient, generators, Issuer} from 'openid-client'; import { useBody, useCookie, useDomainName, usePathParam, useResponse } from '../../../api/index.js'; import { Adapter } from './adapter.js'; @@ -13,19 +13,27 @@ import { OauthConfig } from './oauth.js'; // userinfo_endpoint are not included in the response. // await Issuer.discover("https://appleid.apple.com/.well-known/openid-configuration/"); -const issuer = await Issuer.discover( - "https://appleid.apple.com/.well-known/openid-configuration" -) +let realIssuer: Issuer; + +const issuer = new Proxy({}, { + get: async function(target, prop: string){ + if(!realIssuer){ + realIssuer = await Issuer.discover("https://appleid.apple.com/.well-known/openid-configuration"); + } + return realIssuer[prop]; + } +}) export const AppleAdapter = /* @__PURE__ */ (config: OauthConfig) => { + return async function () { const step = usePathParam("step"); const callback = "https://" + useDomainName() + "/callback"; console.log("callback", callback); - const client = new issuer.Client({ + const client = new (issuer as Issuer).Client({ client_id: config.clientID, client_secret: config.clientSecret, redirect_uris: [callback], diff --git a/packages/sst/src/node/future/auth/adapter/google.ts b/packages/sst/src/node/future/auth/adapter/google.ts index 4958f629cb..9512f25fd8 100644 --- a/packages/sst/src/node/future/auth/adapter/google.ts +++ b/packages/sst/src/node/future/auth/adapter/google.ts @@ -1,8 +1,17 @@ -import { Issuer } from "openid-client"; +import {BaseClient, Issuer} from "openid-client"; import { OidcAdapter, OidcBasicConfig } from "./oidc.js"; import { OauthAdapter, OauthBasicConfig } from "./oauth.js"; -const issuer = await Issuer.discover("https://accounts.google.com"); +let realIssuer: Issuer; + +const issuer = new Proxy({}, { + get: async function(target, prop: string){ + if(!realIssuer){ + realIssuer = await Issuer.discover("https://accounts.google.com"); + } + return realIssuer[prop]; + } +}) type GooglePrompt = "none" | "consent" | "select_account"; type GoogleAccessType = "offline" | "online"; @@ -19,7 +28,7 @@ export function GoogleAdapter(config: GoogleConfig) { /* @__PURE__ */ if (config.mode === "oauth") { return OauthAdapter({ - issuer, + issuer: issuer as Issuer, ...config, params: { ...(config.accessType && { access_type: config.accessType }), @@ -28,7 +37,7 @@ export function GoogleAdapter(config: GoogleConfig) { }); } return OidcAdapter({ - issuer, + issuer: issuer as Issuer, scope: "openid email profile", ...config, }); diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 8f02c5d8d8..bad26abd81 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -566,7 +566,7 @@ importers: specifier: ^5.3.1 version: 5.3.1 astro-sst: - specifier: 2.40.8 + specifier: 2.41.5 version: link:../astro-sst async: specifier: ^3.2.4 @@ -13493,6 +13493,7 @@ packages: /color-string@1.9.1: resolution: {integrity: sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==} + requiresBuild: true dependencies: color-name: 1.1.4 simple-swizzle: 0.2.2 @@ -14359,6 +14360,7 @@ packages: /deep-extend@0.6.0: resolution: {integrity: sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==} engines: {node: '>=4.0.0'} + requiresBuild: true /deep-object-diff@1.1.7: resolution: {integrity: sha512-QkgBca0mL08P6HiOjoqvmm6xOAl2W6CT2+34Ljhg0OeFan8cwlcdq8jrLKsBBuUFAZLsN5b6y491KdKEoSo9lg==} @@ -17093,6 +17095,7 @@ packages: /is-arrayish@0.3.2: resolution: {integrity: sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==} + requiresBuild: true dev: true /is-bigint@1.0.4: @@ -22353,6 +22356,7 @@ packages: /simple-swizzle@0.2.2: resolution: {integrity: sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==} + requiresBuild: true dependencies: is-arrayish: 0.3.2 dev: true @@ -22899,6 +22903,7 @@ packages: /strip-json-comments@2.0.1: resolution: {integrity: sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==} engines: {node: '>=0.10.0'} + requiresBuild: true /strip-json-comments@3.1.1: resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}