honojs-middleware/packages/auth-js/src/index.ts

import type { AuthConfig as AuthConfigCore } from '@auth/core'
import { Auth } from '@auth/core'
import type { AdapterUser } from '@auth/core/adapters'
import type { JWT } from '@auth/core/jwt'
import type { Session } from '@auth/core/types'
import type { Context, MiddlewareHandler } from 'hono'
import { env, getRuntimeKey } from 'hono/adapter'
import { HTTPException } from 'hono/http-exception'
import { setEnvDefaults as coreSetEnvDefaults } from '@auth/core'

declare module 'hono' {
  interface ContextVariableMap {
    authUser: AuthUser
    authConfig: AuthConfig
  }
}

export type AuthEnv = {
  AUTH_URL?: string
  AUTH_SECRET: string
  AUTH_REDIRECT_PROXY_URL?: string
  [key: string]: string | undefined
}

export type AuthUser = {
  session: Session
  token?: JWT
  user?: AdapterUser
}

export interface AuthConfig extends Omit<AuthConfigCore, 'raw'> {}

export type ConfigHandler = (c: Context) => AuthConfig

export function setEnvDefaults(env: AuthEnv, config: AuthConfig) {
  config.secret ??= env.AUTH_SECRET
  coreSetEnvDefaults(env, config)
}

async function cloneRequest(input: URL | string, request: Request, headers?: Headers) {
  if (getRuntimeKey() === 'bun') {
    return new Request(input, {
      method: request.method,
      headers: headers ?? new Headers(request.headers),
      body:
        request.method === 'GET' || request.method === 'HEAD' ? undefined : await request.blob(),
      // @ts-ignore: TS2353
      referrer: 'referrer' in request ? (request.referrer as string) : undefined,
      // deno-lint-ignore no-explicit-any
      referrerPolicy: request.referrerPolicy as any,
      mode: request.mode,
      credentials: request.credentials,
      // @ts-ignore: TS2353
      cache: request.cache,
      redirect: request.redirect,
      integrity: request.integrity,
      keepalive: request.keepalive,
      signal: request.signal,
    })
  }
  return new Request(input, request)
}

export async function reqWithEnvUrl(req: Request, authUrl?: string) {
  if (authUrl) {
    const reqUrlObj = new URL(req.url)
    const authUrlObj = new URL(authUrl)
    const props = ['hostname', 'protocol', 'port', 'password', 'username'] as const
    props.forEach((prop) => (reqUrlObj[prop] = authUrlObj[prop]))
    return cloneRequest(reqUrlObj.href, req)
  } else {
    const url = new URL(req.url)
    const headers = new Headers(req.headers)
    const proto = headers.get('x-forwarded-proto')
    const host = headers.get('x-forwarded-host') ?? headers.get('host')
    if (proto != null) url.protocol = proto.endsWith(':') ? proto : proto + ':'
    if (host != null) {
      url.host = host
      const portMatch = host.match(/:(\d+)$/)
      if (portMatch) url.port = portMatch[1]
      else url.port = ''
      headers.delete('x-forwarded-host')
      headers.delete('Host')
      headers.set('Host', host)
    }
    return cloneRequest(url.href, req, headers)
  }
}

export async function getAuthUser(c: Context): Promise<AuthUser | null> {
  const config = c.get('authConfig')
  const ctxEnv = env(c) as AuthEnv
  setEnvDefaults(ctxEnv, config)
  const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL)
  const origin = new URL(authReq.url).origin
  const request = new Request(`${origin}${config.basePath}/session`, {
    headers: { cookie: c.req.header('cookie') ?? '' },
  })

  let authUser: AuthUser = {} as AuthUser

  const response = (await Auth(request, {
    ...config,
    callbacks: {
      ...config.callbacks,
      async session(...args) {
        authUser = args[0]
        const session = (await config.callbacks?.session?.(...args)) ?? args[0].session
        const user = args[0].user ?? args[0].token
        return { user, ...session } satisfies Session
      },
    },
  })) as Response

  const session = (await response.json()) as Session | null

  return session && session.user ? authUser : null
}

export function verifyAuth(): MiddlewareHandler {
  return async (c, next) => {
    const authUser = await getAuthUser(c)
    const isAuth = !!authUser?.token || !!authUser?.user
    if (!isAuth) {
      const res = new Response('Unauthorized', {
        status: 401,
      })
      throw new HTTPException(401, { res })
    } else {
      c.set('authUser', authUser)
    }

    await next()
  }
}

export function initAuthConfig(cb: ConfigHandler): MiddlewareHandler {
  return async (c, next) => {
    const config = cb(c)
    c.set('authConfig', config)
    await next()
  }
}

export function authHandler(): MiddlewareHandler {
  return async (c) => {
    const config = c.get('authConfig')
    const ctxEnv = env(c) as AuthEnv

    setEnvDefaults(ctxEnv, config)

    if (!config.secret || config.secret.length === 0) {
      throw new HTTPException(500, { message: 'Missing AUTH_SECRET' })
    }

    const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL)
    const res = await Auth(authReq, config)
    return new Response(res.body, res)
  }
}
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00			`import type { AuthConfig as AuthConfigCore } from '@auth/core'`
			`import { Auth } from '@auth/core'`
			`import type { AdapterUser } from '@auth/core/adapters'`
			`import type { JWT } from '@auth/core/jwt'`
			`import type { Session } from '@auth/core/types'`
			`import type { Context, MiddlewareHandler } from 'hono'`
fix(auth-js): Fix immutable headers error in x-forwarded request (#614) * fix: immutable headers error in x-forwarded req * added changeset 2024-07-04 13:07:21 +08:00			`import { env, getRuntimeKey } from 'hono/adapter'`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00			`import { HTTPException } from 'hono/http-exception'`
fix(auth-js): handle x-forwarded headers to detect auth url (#549) * fix: handle x-forwarded headers to detect auth url * added changeset 2024-05-29 00:18:18 +08:00			`import { setEnvDefaults as coreSetEnvDefaults } from '@auth/core'`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00
			`declare module 'hono' {`
			`interface ContextVariableMap {`
			`authUser: AuthUser`
			`authConfig: AuthConfig`
			`}`
			`}`

			`export type AuthEnv = {`
fix(auth-js): react package work with ssr (#494) 2024-05-04 10:42:10 +08:00			`AUTH_URL?: string`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00			`AUTH_SECRET: string`
			`AUTH_REDIRECT_PROXY_URL?: string`
			`[key: string]: string \| undefined`
			`}`

			`export type AuthUser = {`
			`session: Session`
			`token?: JWT`
			`user?: AdapterUser`
			`}`

			`export interface AuthConfig extends Omit<AuthConfigCore, 'raw'> {}`

			`export type ConfigHandler = (c: Context) => AuthConfig`

fix(auth-js): handle x-forwarded headers to detect auth url (#549) * fix: handle x-forwarded headers to detect auth url * added changeset 2024-05-29 00:18:18 +08:00			`export function setEnvDefaults(env: AuthEnv, config: AuthConfig) {`
			`config.secret ??= env.AUTH_SECRET`
			`coreSetEnvDefaults(env, config)`
			`}`

fix(auth-js): Fix immutable headers error in x-forwarded request (#614) * fix: immutable headers error in x-forwarded req * added changeset 2024-07-04 13:07:21 +08:00			`async function cloneRequest(input: URL \| string, request: Request, headers?: Headers) {`
			`if (getRuntimeKey() === 'bun') {`
			`return new Request(input, {`
			`method: request.method,`
			`headers: headers ?? new Headers(request.headers),`
			`body:`
			`request.method === 'GET' \|\| request.method === 'HEAD' ? undefined : await request.blob(),`
			`// @ts-ignore: TS2353`
			`referrer: 'referrer' in request ? (request.referrer as string) : undefined,`
			`// deno-lint-ignore no-explicit-any`
			`referrerPolicy: request.referrerPolicy as any,`
			`mode: request.mode,`
			`credentials: request.credentials,`
			`// @ts-ignore: TS2353`
			`cache: request.cache,`
			`redirect: request.redirect,`
			`integrity: request.integrity,`
			`keepalive: request.keepalive,`
			`signal: request.signal,`
			`})`
			`}`
			`return new Request(input, request)`
fix(auth-js): bun req cloning (#598) 2024-07-01 08:57:02 +08:00			`}`

fix(auth-js): Fix immutable headers error in x-forwarded request (#614) * fix: immutable headers error in x-forwarded req * added changeset 2024-07-04 13:07:21 +08:00			`export async function reqWithEnvUrl(req: Request, authUrl?: string) {`
fix(auth-js): env AUTH_URL not working (#478) * fix(auth-js): env AUTH_URL not working * test(auth-js): add reqWithEnvUrl test case * chore: add changeset 2024-04-26 09:57:56 +08:00			`if (authUrl) {`
			`const reqUrlObj = new URL(req.url)`
			`const authUrlObj = new URL(authUrl)`
			`const props = ['hostname', 'protocol', 'port', 'password', 'username'] as const`
fix(auth-js): use `env` in `hono/adapter` and add tests (#486) * fix(auth-js): use `env` in `hono/adapter` and add tests * add changeset * polyfill crypto 2024-04-30 16:25:05 +08:00			`props.forEach((prop) => (reqUrlObj[prop] = authUrlObj[prop]))`
fix(auth-js): bun req cloning (#598) 2024-07-01 08:57:02 +08:00			`return cloneRequest(reqUrlObj.href, req)`
fix(auth-js): env AUTH_URL not working (#478) * fix(auth-js): env AUTH_URL not working * test(auth-js): add reqWithEnvUrl test case * chore: add changeset 2024-04-26 09:57:56 +08:00			`} else {`
fix(auth-js): handle x-forwarded headers to detect auth url (#549) * fix: handle x-forwarded headers to detect auth url * added changeset 2024-05-29 00:18:18 +08:00			`const url = new URL(req.url)`
fix(auth-js): Fix immutable headers error in x-forwarded request (#614) * fix: immutable headers error in x-forwarded req * added changeset 2024-07-04 13:07:21 +08:00			`const headers = new Headers(req.headers)`
			`const proto = headers.get('x-forwarded-proto')`
			`const host = headers.get('x-forwarded-host') ?? headers.get('host')`
fix(auth-js): handle x-forwarded headers to detect auth url (#549) * fix: handle x-forwarded headers to detect auth url * added changeset 2024-05-29 00:18:18 +08:00			`if (proto != null) url.protocol = proto.endsWith(':') ? proto : proto + ':'`
fix(auth-js): Fix immutable headers error in x-forwarded request (#614) * fix: immutable headers error in x-forwarded req * added changeset 2024-07-04 13:07:21 +08:00			`if (host != null) {`
fix(auth-js): handle x-forwarded headers to detect auth url (#549) * fix: handle x-forwarded headers to detect auth url * added changeset 2024-05-29 00:18:18 +08:00			`url.host = host`
			`const portMatch = host.match(/:(\d+)$/)`
			`if (portMatch) url.port = portMatch[1]`
			`else url.port = ''`
fix(auth-js): Fix immutable headers error in x-forwarded request (#614) * fix: immutable headers error in x-forwarded req * added changeset 2024-07-04 13:07:21 +08:00			`headers.delete('x-forwarded-host')`
			`headers.delete('Host')`
			`headers.set('Host', host)`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00			`}`
fix(auth-js): Fix immutable headers error in x-forwarded request (#614) * fix: immutable headers error in x-forwarded req * added changeset 2024-07-04 13:07:21 +08:00			`return cloneRequest(url.href, req, headers)`
fix(auth-js): handle x-forwarded headers to detect auth url (#549) * fix: handle x-forwarded headers to detect auth url * added changeset 2024-05-29 00:18:18 +08:00			`}`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00			`}`

			`export async function getAuthUser(c: Context): Promise<AuthUser \| null> {`
			`const config = c.get('authConfig')`
fix(auth-js): bun req cloning (#598) 2024-07-01 08:57:02 +08:00			`const ctxEnv = env(c) as AuthEnv`
fix(auth-js): react package work with ssr (#494) 2024-05-04 10:42:10 +08:00			`setEnvDefaults(ctxEnv, config)`
fix(auth-js): bun req cloning (#598) 2024-07-01 08:57:02 +08:00			`const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL)`
			`const origin = new URL(authReq.url).origin`
fix(auth-js): Update @auth/core version and set default basePath (#359) * Update @auth/core version and set default basePath * update changeset 2024-01-27 21:15:06 +08:00			const request = new Request(`${origin}${config.basePath}/session`, {
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00			`headers: { cookie: c.req.header('cookie') ?? '' },`
			`})`

			`let authUser: AuthUser = {} as AuthUser`

			`const response = (await Auth(request, {`
			`...config,`
			`callbacks: {`
			`...config.callbacks,`
			`async session(...args) {`
			`authUser = args[0]`
chore: add lint rule and format (#367) * chore: add lint rule and format * fix ci * add typescript * yarn install * add `@cloudflare/workers-types` 2024-01-29 21:53:43 +08:00			`const session = (await config.callbacks?.session?.(...args)) ?? args[0].session`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00			`const user = args[0].user ?? args[0].token`
			`return { user, ...session } satisfies Session`
			`},`
			`},`
			`})) as Response`

			`const session = (await response.json()) as Session \| null`

			`return session && session.user ? authUser : null`
			`}`

			`export function verifyAuth(): MiddlewareHandler {`
			`return async (c, next) => {`
			`const authUser = await getAuthUser(c)`
			`const isAuth = !!authUser?.token \|\| !!authUser?.user`
			`if (!isAuth) {`
			`const res = new Response('Unauthorized', {`
			`status: 401,`
			`})`
			`throw new HTTPException(401, { res })`
chore: add lint rule and format (#367) * chore: add lint rule and format * fix ci * add typescript * yarn install * add `@cloudflare/workers-types` 2024-01-29 21:53:43 +08:00			`} else {`
			`c.set('authUser', authUser)`
			`}`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00
			`await next()`
			`}`
			`}`

			`export function initAuthConfig(cb: ConfigHandler): MiddlewareHandler {`
			`return async (c, next) => {`
			`const config = cb(c)`
			`c.set('authConfig', config)`
			`await next()`
			`}`
			`}`

			`export function authHandler(): MiddlewareHandler {`
			`return async (c) => {`
			`const config = c.get('authConfig')`
fix(auth-js): bun req cloning (#598) 2024-07-01 08:57:02 +08:00			`const ctxEnv = env(c) as AuthEnv`
fix(auth-js): Fix immutable headers error in x-forwarded request (#614) * fix: immutable headers error in x-forwarded req * added changeset 2024-07-04 13:07:21 +08:00
fix(auth-js): react package work with ssr (#494) 2024-05-04 10:42:10 +08:00			`setEnvDefaults(ctxEnv, config)`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00
fix(auth-js): handle x-forwarded headers to detect auth url (#549) * fix: handle x-forwarded headers to detect auth url * added changeset 2024-05-29 00:18:18 +08:00			`if (!config.secret \|\| config.secret.length === 0) {`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00			`throw new HTTPException(500, { message: 'Missing AUTH_SECRET' })`
			`}`

fix(auth-js): bun req cloning (#598) 2024-07-01 08:57:02 +08:00			`const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL)`
			`const res = await Auth(authReq, config)`
added auth.js middleware (#326) * added next-auth middleware * fix react types * code cleanup and improve tests * renamed to authjs * added example in readme * Update README.md * options to set dynamic base paths , urls and credentials in fetch * update readme * update readme * Update README.md * fix typos and set correct origin for local development 2023-12-29 03:30:25 +08:00			`return new Response(res.body, res)`
			`}`
fix(auth-js): Fix immutable headers error in x-forwarded request (#614) * fix: immutable headers error in x-forwarded req * added changeset 2024-07-04 13:07:21 +08:00			`}`