suimeng
/
honojs-middleware
mirror of https://github.com/honojs/middleware.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

initial commit

pull/34/head
Kei Kamikawa 2022-07-28 14:58:54 +09:00
parent 1e06bb22df
commit 240a91ad8d
No known key found for this signature in database
GPG Key ID: 1A9F69C08C8C7A8E
14 changed files with 4562 additions and 351 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/ci.yml vendored
View File

@ -12,16 +12,7 @@ jobs:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- uses: actions/setup-node@v2 - uses: actions/setup-node@v2
with: with:
node-version: 16.x node-version: 18.x
- run: yarn install --frozen-lockfile - run: yarn install --frozen-lockfile
- run: yarn build - run: yarn build
- run: yarn test - run: yarn test
deno:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: denoland/setup-deno@v1
with:
deno-version: v1.x
- run: deno test deno_test

2
.gitignore vendored
View File

@ -5,3 +5,5 @@ node_modules
# for debug or playing # for debug or playing
sandbox sandbox
*.log

41
deno_dist/README.md
View File

@ -1,41 +0,0 @@
# Hello middleware for Hono
An example project of the third-party middleware for [Hono](https://github.com/honojs/hono).
This middleware add `X-Message` header to the Response.
## Usage
```ts
import { hello } from '@honojs/hello'
import { Hono } from 'hono'
const app = new Hono()
app.use('*', hello('Hello!! Hono!!'))
app.get('/', (c) => c.text('foo'))
export default app
```
## Deno
```ts
import { serve } from 'https://deno.land/std/http/server.ts'
import { hello } from 'https://deno.land/x/hono_hello/mod.ts'
import { Hono } from 'https://deno.land/x/hono/mod.ts'
const app = new Hono()
app.use('*', hello('Hello!! Hono!!'))
app.get('/', (c) => c.text('foo'))
serve(app.fetch)
```
## Author
Yusuke Wada <https://github.com/yusukebe>
## License
MIT

8
deno_dist/index.ts
View File

@ -1,8 +0,0 @@
import { Context, Next, Handler } from 'https://raw.githubusercontent.com/honojs/hono/v2.0.2/deno_dist/mod.ts'
export const hello = (message: string = 'Hello'): Handler => {
return async (c: Context, next: Next) => {
await next()
c.res.headers.append('X-Message', message)
}
}

1
deno_dist/mod.ts
View File

@ -1 +0,0 @@
export * from "./index.ts";

3
deno_test/.vscode/settings.json vendored
View File

@ -1,3 +0,0 @@
{
"deno.enable": true
}

2
deno_test/deps.ts
View File

@ -1,2 +0,0 @@
export { assert, assertEquals } from 'https://deno.land/std@0.148.0/testing/asserts.ts'
export { Hono } from 'https://deno.land/x/hono@v2.0.2/mod.ts'

15
deno_test/index.test.ts
View File

@ -1,15 +0,0 @@
import { hello } from '../deno_dist/mod.ts'
import { assertEquals, Hono } from './deps.ts'
// Test just only minimal patterns.
// Because others are tested well in Cloudflare Workers environment already.
Deno.test('Hello Middleware', async () => {
const app = new Hono()
app.use('/hello/*', hello())
app.get('/hello/foo', (c) => c.text('foo'))
let res = await app.request('http://localhost/hello/foo')
assertEquals(res.status, 200)
assertEquals(res.headers.get('X-Message'), 'Hello')
})

10
firebase.json 100644
View File

@ -0,0 +1,10 @@
{
"emulators": {
"auth": {
"port": 9099
},
"ui": {
"enabled": true
}
}
}

22
jest.config.js
View File

@ -1,7 +1,21 @@
module.exports = { module.exports = {
testMatch: ['**/test/**/*.+(ts|tsx|js)', '**/src/**/(*.)+(spec|test).+(ts|tsx|js)'], testMatch: [
"**/test/**/*.+(ts|tsx|js)",
"**/src/**/(*.)+(spec|test).+(ts|tsx|js)",
],
transform: { transform: {
'^.+\\.(ts|tsx)$': 'ts-jest', "^.+\\.(ts|tsx)$": "ts-jest",
}, },
testEnvironment: 'miniflare', testEnvironment: "miniflare",
} testEnvironmentOptions: {
vars: {
FIREBASE_AUTH_EMULATOR_HOST: "127.0.0.1:9099",
PUBLIC_JWK_CACHE_KEY: "testing-cache-key",
},
bindings: {
FIREBASE_AUTH_EMULATOR_HOST: "127.0.0.1:9099",
PUBLIC_JWK_CACHE_KEY: "testing-cache-key",
},
kvNamespaces: ["PUBLIC_JWK_CACHE_KV"],
},
};

21
package.json
View File

@ -1,19 +1,17 @@
{ {
"name": "@honojs/hello", "name": "@honojs/firebase-auth",
"version": "0.0.6", "version": "0.1.0",
"description": "An example of third-party middleware for Hono", "description": "A third-party firebase auth middleware for Hono",
"main": "dist/index.js", "main": "dist/index.js",
"types": "dist/index.d.ts", "types": "dist/index.d.ts",
"files": [ "files": [
"dist" "dist"
], ],
"scripts": { "scripts": {
"start-firebase-emulator": "firebase emulators:start --project example-project12345",
"test": "jest", "test": "jest",
"test:deno": "deno test deno_test", "build": "tsc",
"test:all": "yarn test && yarn test:deno", "prerelease": "yarn build",
"denoify": "rimraf deno_dist && denoify",
"build": "rimraf dist && tsc",
"prerelease": "yarn denoify && yarn build && yarn test:all",
"release": "yarn publish" "release": "yarn publish"
}, },
"license": "MIT", "license": "MIT",
@ -22,22 +20,21 @@
"url": "https://github.com/honojs/middleware-template.git" "url": "https://github.com/honojs/middleware-template.git"
}, },
"homepage": "https://github.com/honojs/middleware-template", "homepage": "https://github.com/honojs/middleware-template",
"author": "Yusuke Wada <yusuke@kamawada.com> (https://github.com/yusukebe)", "author": "codehex",
"publishConfig": { "publishConfig": {
"registry": "https://registry.npmjs.org", "registry": "https://registry.npmjs.org",
"access": "public" "access": "public"
}, },
"dependencies": { "dependencies": {
"firebase-auth-cloudflare-workers": "^1.0.0",
"hono": "^2.0.2" "hono": "^2.0.2"
}, },
"devDependencies": { "devDependencies": {
"@cloudflare/workers-types": "^3.14.0", "@cloudflare/workers-types": "^3.14.1",
"@types/jest": "^28.1.4", "@types/jest": "^28.1.4",
"denoify": "^0.11.1",
"jest": "^28.1.2", "jest": "^28.1.2",
"jest-environment-miniflare": "^2.6.0", "jest-environment-miniflare": "^2.6.0",
"prettier": "^2.7.1", "prettier": "^2.7.1",
"rimraf": "^3.0.2",
"ts-jest": "^28.0.5", "ts-jest": "^28.0.5",
"typescript": "^4.7.4" "typescript": "^4.7.4"
} }

88
src/index.ts
View File

@ -1,8 +1,84 @@
import { Context, Next, Handler } from 'hono' import { Context, Handler } from "hono";
import {
EmulatorEnv,
Auth,
WorkersKVStoreSingle,
KeyStorer,
FirebaseIdToken,
} from "firebase-auth-cloudflare-workers";
export const hello = (message: string = 'Hello'): Handler => { export interface VerifyFirebaseAuthEnv extends EmulatorEnv {
return async (c: Context, next: Next) => { PUBLIC_JWK_CACHE_KEY?: string | undefined;
await next() PUBLIC_JWK_CACHE_KV?: KVNamespace | undefined;
c.res.headers.append('X-Message', message)
}
} }
export interface VerifyFirebaseAuthConfig {
projectId: string;
authorizationHeaderKey?: string;
keyStore?: KeyStorer;
keyStoreInitializer?: (c: Context) => KeyStorer;
disableErrorLog?: boolean;
}
const defaultKVStoreJWKCacheKey = "verify-firebase-auth-cached-public-key";
const defaultKeyStoreInitializer = (c: Context): KeyStorer => {
return WorkersKVStoreSingle.getOrInitialize(
c.env.PUBLIC_JWK_CACHE_KEY ?? defaultKVStoreJWKCacheKey,
c.env.PUBLIC_JWK_CACHE_KV
);
};
export const verifyFirebaseAuth = (
userConfig: VerifyFirebaseAuthConfig
): Handler<string, VerifyFirebaseAuthEnv> => {
const config = {
projectId: userConfig.projectId,
AuthorizationHeaderKey:
userConfig.authorizationHeaderKey ?? "Authorization",
KeyStore: userConfig.keyStore,
keyStoreInitializer:
userConfig.keyStoreInitializer ?? defaultKeyStoreInitializer,
disableErrorLog: userConfig.disableErrorLog,
};
return async (c, next) => {
const authorization = c.req.headers.get(config.AuthorizationHeaderKey);
if (authorization === null) {
return new Response(null, {
status: 400,
});
}
const jwt = authorization.replace(/Bearer\s+/i, "");
const auth = Auth.getOrInitialize(
config.projectId,
config.KeyStore ?? config.keyStoreInitializer(c)
);
try {
const idToken = await auth.verifyIdToken(jwt, c.env);
setFirebaseToken(c, idToken);
} catch (err) {
if (!userConfig.disableErrorLog) {
console.error({
message: "failed to verify the requested firebase token",
err,
});
}
return new Response(null, {
status: 401,
});
}
await next();
};
};
const idTokenContextKey = "firebase-auth-cloudflare-id-token-key";
const setFirebaseToken = (c: Context, idToken: FirebaseIdToken) =>
c.set(idTokenContextKey, idToken);
export const getFirebaseToken = (c: Context): FirebaseIdToken | null => {
const idToken = c.get(idTokenContextKey);
if (!idToken) return null;
return idToken;
};

299
test/index.test.ts
View File

@ -1,26 +1,283 @@
import { Hono } from 'hono' import { getFirebaseToken } from "./../src/index";
import { hello } from '../src' import { Auth, KeyStorer } from "firebase-auth-cloudflare-workers";
import { Hono } from "hono";
import { VerifyFirebaseAuthEnv, verifyFirebaseAuth } from "../src";
describe('Hello middleware', () => { describe("verifyFirebaseAuth middleware", () => {
const app = new Hono() const emulatorHost = "127.0.0.1:9099";
const validProjectId = "example-project12345"; // see package.json
app.use('/hello/*', hello()) // @ts-ignore
app.get('/hello/foo', (c) => c.text('foo')) const { PUBLIC_JWK_CACHE_KV } = getMiniflareBindings();
app.use('/x/*', hello('X')) let user: signUpResponse;
app.get('/x/foo', (c) => c.text('foo'))
it('Should be hello message', async () => { beforeAll(async () => {
const res = await app.request('http://localhost/hello/foo') await deleteAccountEmulator(emulatorHost, validProjectId);
expect(res).not.toBeNull()
expect(res.status).toBe(200)
expect(res.headers.get('X-Message')).toBe('Hello')
})
it('Should be X', async () => { user = await signUpEmulator(emulatorHost, {
const res = await app.request('http://localhost/x/foo') email: "codehex@hono.js",
expect(res).not.toBeNull() password: "honojs",
expect(res.status).toBe(200) });
expect(res.headers.get('X-Message')).toBe('X')
}) await sleep(1000); // wait for iat
}) });
test.each([
[
"valid case, should be 200",
{
headerKey: "Authorization",
env: {
FIREBASE_AUTH_EMULATOR_HOST: "localhost:9099",
PUBLIC_JWK_CACHE_KEY: "testing-cache-key",
PUBLIC_JWK_CACHE_KV,
},
config: {
projectId: validProjectId,
},
wantStatus: 200,
},
],
[
"valid specified headerKey, should be 200",
{
headerKey: "X-Authorization",
env: {
FIREBASE_AUTH_EMULATOR_HOST: "localhost:9099",
PUBLIC_JWK_CACHE_KEY: "testing-cache-key",
PUBLIC_JWK_CACHE_KV,
},
config: {
projectId: validProjectId,
authorizationHeaderKey: "X-Authorization",
},
wantStatus: 200,
},
],
[
"invalid authorization header, should be 400",
{
headerKey: "X-Authorization",
env: {
FIREBASE_AUTH_EMULATOR_HOST: "localhost:9099",
PUBLIC_JWK_CACHE_KEY: "testing-cache-key",
PUBLIC_JWK_CACHE_KV,
},
config: {
projectId: validProjectId, // see package.json
// No specified header key.
},
wantStatus: 400,
},
],
[
"invalid project ID, should be 401",
{
headerKey: "Authorization",
env: {
FIREBASE_AUTH_EMULATOR_HOST: "localhost:9099",
PUBLIC_JWK_CACHE_KEY: "testing-cache-key",
PUBLIC_JWK_CACHE_KV,
},
config: {
projectId: "invalid-projectId",
},
wantStatus: 401,
},
],
])("%s", async (_, { headerKey, env, config, wantStatus }) => {
const app = new Hono<VerifyFirebaseAuthEnv>();
resetAuth();
app.use(
"*",
verifyFirebaseAuth({
...config,
disableErrorLog: true,
})
);
app.get("/hello", (c) => c.text("OK"));
const req = new Request("http://localhost/hello", {
headers: {
[headerKey]: `Bearer ${user.idToken}`,
},
});
const res = await app.fetch(req, env);
expect(res).not.toBeNull();
expect(res.status).toBe(wantStatus);
});
test("specified keyStore is used", async () => {
const testingJWT = generateDummyJWT();
const nopKeyStore = new NopKeyStore();
const getSpy = jest.spyOn(nopKeyStore, "get");
const putSpy = jest.spyOn(nopKeyStore, "put");
const app = new Hono<VerifyFirebaseAuthEnv>();
resetAuth();
app.use(
"*",
verifyFirebaseAuth({
projectId: validProjectId,
keyStore: nopKeyStore,
disableErrorLog: true,
})
);
app.get("/hello", (c) => c.text("OK"));
const req = new Request("http://localhost/hello", {
headers: {
Authorization: `Bearer ${testingJWT}`,
},
});
// not use firebase emulator to check using key store
const res = await app.fetch(req, {
FIREBASE_AUTH_EMULATOR_HOST: undefined,
});
expect(res).not.toBeNull();
expect(res.status).toBe(401);
expect(getSpy).toHaveBeenCalled();
expect(putSpy).toHaveBeenCalled();
});
test("usable id-token in main handler", async () => {
const testingJWT = generateDummyJWT();
const nopKeyStore = new NopKeyStore();
const app = new Hono<VerifyFirebaseAuthEnv>();
resetAuth();
app.use(
"*",
verifyFirebaseAuth({
projectId: validProjectId,
keyStore: nopKeyStore,
disableErrorLog: true,
})
);
app.get("/hello", (c) => c.json(getFirebaseToken(c)));
const req = new Request("http://localhost/hello", {
headers: {
Authorization: `Bearer ${testingJWT}`,
},
});
const res = await app.fetch(req, {
FIREBASE_AUTH_EMULATOR_HOST: emulatorHost,
});
expect(res).not.toBeNull();
expect(res.status).toBe(200);
const json = await res.json<{ aud: string; email: string }>();
expect(json.aud).toBe(validProjectId);
expect(json.email).toBe("codehex@example.com");
});
});
class NopKeyStore implements KeyStorer {
constructor() {}
get(): Promise<null> {
return new Promise((resolve) => resolve(null));
}
put(): Promise<void> {
return new Promise((resolve) => resolve());
}
}
const sleep = (ms: number) => new Promise((r) => setTimeout(r, ms));
// magic to reset state of static object for "firebase-auth-cloudflare-workers"
const resetAuth = () => delete Auth["instance"];
const generateDummyJWT = () => {
const header = JSON.stringify({
alg: "RS256",
kid: "kid",
typ: "JWT",
});
const now = Math.floor(Date.now() / 1000);
const payload = JSON.stringify({
iss: `https://securetoken.google.com/example-project12345`,
aud: "example-project12345",
auth_time: now - 1000,
user_id: "t1aLdTkAs0S0J0P6TNbjwbmry5B3",
sub: "t1aLdTkAs0S0J0P6TNbjwbmry5B3",
iat: now - 1000,
exp: now + 3000, // + 3s
email: "codehex@example.com",
email_verified: false,
firebase: {
identities: {
email: ["codehex@example.com"],
},
sign_in_provider: "password",
},
});
return `${btoa(header)}.${btoa(payload)}.`;
};
interface EmailPassword {
email: string;
password: string;
}
export interface signUpResponse {
kind: string;
localId: string;
email: string;
idToken: string;
refreshToken: string;
expiresIn: string;
}
const signUpEmulator = async (
emulatorHost: string,
body: EmailPassword
): Promise<signUpResponse> => {
// http://localhost:9099/identitytoolkit.googleapis.com/v1/accounts:signUp?key=dummy
const url = `http://${emulatorHost}/identitytoolkit.googleapis.com/v1/accounts:signUp?key=dummy`;
const resp = await fetch(url, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
...body,
returnSecureToken: true,
}),
});
if (resp.status !== 200) {
console.log({ status: resp.status });
throw new Error("error");
}
return await resp.json();
};
const deleteAccountEmulator = async (
emulatorHost: string,
projectId: string
): Promise<void> => {
// https://firebase.google.com/docs/reference/rest/auth#section-auth-emulator-clearaccounts
const url = `http://${emulatorHost}/emulator/v1/projects/${projectId}/accounts`;
const resp = await fetch(url, {
method: "DELETE",
});
if (resp.status !== 200) {
console.log({ status: resp.status });
throw new Error("error when clear accounts");
}
return;
};

4386
yarn.lock
View File

File diff suppressed because it is too large Load Diff