162 lines
4.5 KiB
TypeScript
162 lines
4.5 KiB
TypeScript
import type { AuthConfig as AuthConfigCore } from '@auth/core'
|
|
import { Auth, setEnvDefaults as coreSetEnvDefaults } from '@auth/core'
|
|
import type { AdapterUser } from '@auth/core/adapters'
|
|
import type { JWT } from '@auth/core/jwt'
|
|
import type { Session } from '@auth/core/types'
|
|
import type { Context, MiddlewareHandler } from 'hono'
|
|
import { env } from 'hono/adapter'
|
|
import { HTTPException } from 'hono/http-exception'
|
|
|
|
declare module 'hono' {
|
|
interface ContextVariableMap {
|
|
authUser: AuthUser
|
|
authConfig: AuthConfig
|
|
}
|
|
}
|
|
|
|
export type AuthEnv = {
|
|
AUTH_URL?: string
|
|
AUTH_SECRET: string
|
|
AUTH_REDIRECT_PROXY_URL?: string
|
|
[key: string]: string | undefined
|
|
}
|
|
|
|
export type AuthUser = {
|
|
session: Session
|
|
token?: JWT
|
|
user?: AdapterUser
|
|
}
|
|
|
|
export interface AuthConfig extends Omit<AuthConfigCore, 'raw'> {}
|
|
|
|
export type ConfigHandler = (c: Context) => AuthConfig
|
|
|
|
export function setEnvDefaults(env: AuthEnv, config: AuthConfig): void {
|
|
config.secret ??= env.AUTH_SECRET
|
|
coreSetEnvDefaults(env, config)
|
|
}
|
|
|
|
export function reqWithEnvUrl(req: Request, authUrl?: string): Request {
|
|
if (authUrl) {
|
|
const reqUrlObj = new URL(req.url)
|
|
const authUrlObj = new URL(authUrl)
|
|
const props = ['hostname', 'protocol', 'port', 'password', 'username'] as const
|
|
for (const prop of props) {
|
|
if (authUrlObj[prop]) {
|
|
reqUrlObj[prop] = authUrlObj[prop]
|
|
}
|
|
}
|
|
return new Request(reqUrlObj.href, req)
|
|
}
|
|
const url = new URL(req.url)
|
|
const newReq = new Request(url.href, req)
|
|
const proto = newReq.headers.get('x-forwarded-proto')
|
|
const host = newReq.headers.get('x-forwarded-host') ?? newReq.headers.get('host')
|
|
if (proto != null) {
|
|
url.protocol = proto.endsWith(':') ? proto : `${proto}:`
|
|
}
|
|
if (host != null) {
|
|
url.host = host
|
|
const portMatch = host.match(/:(\d+)$/)
|
|
if (portMatch) {
|
|
url.port = portMatch[1]
|
|
} else {
|
|
url.port = ''
|
|
}
|
|
newReq.headers.delete('x-forwarded-host')
|
|
newReq.headers.delete('Host')
|
|
newReq.headers.set('Host', host)
|
|
}
|
|
return new Request(url.href, newReq)
|
|
}
|
|
|
|
export async function getAuthUser(c: Context): Promise<AuthUser | null> {
|
|
const config = c.get('authConfig')
|
|
const ctxEnv = env(c) as AuthEnv
|
|
setEnvDefaults(ctxEnv, config)
|
|
const authReq = reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL)
|
|
const origin = new URL(authReq.url).origin
|
|
const request = new Request(`${origin}${config.basePath}/session`, {
|
|
headers: { cookie: c.req.header('cookie') ?? '' },
|
|
})
|
|
|
|
let authUser: AuthUser = {} as AuthUser
|
|
|
|
const response = (await Auth(request, {
|
|
...config,
|
|
callbacks: {
|
|
...config.callbacks,
|
|
async session(...args) {
|
|
authUser = args[0]
|
|
const session = (await config.callbacks?.session?.(...args)) ?? args[0].session
|
|
const user = args[0].user ?? args[0].token
|
|
return { user, ...session } satisfies Session
|
|
},
|
|
},
|
|
})) as Response
|
|
|
|
const session = (await response.json()) as Session | null
|
|
|
|
return session?.user ? authUser : null
|
|
}
|
|
|
|
export function verifyAuth(): MiddlewareHandler {
|
|
return async (c, next) => {
|
|
const authUser = await getAuthUser(c)
|
|
const isAuth = !!authUser?.token || !!authUser?.user
|
|
if (!isAuth) {
|
|
const res = new Response('Unauthorized', {
|
|
status: 401,
|
|
})
|
|
throw new HTTPException(401, { res })
|
|
}
|
|
c.set('authUser', authUser)
|
|
|
|
await next()
|
|
}
|
|
}
|
|
|
|
export function initAuthConfig(cb: ConfigHandler): MiddlewareHandler {
|
|
return async (c, next) => {
|
|
const config = cb(c)
|
|
c.set('authConfig', config)
|
|
await next()
|
|
}
|
|
}
|
|
|
|
export function authHandler(): MiddlewareHandler {
|
|
return async (c) => {
|
|
const config = c.get('authConfig')
|
|
const ctxEnv = env(c) as AuthEnv
|
|
|
|
setEnvDefaults(ctxEnv, config)
|
|
|
|
if (!config.secret || config.secret.length === 0) {
|
|
throw new HTTPException(500, { message: 'Missing AUTH_SECRET' })
|
|
}
|
|
|
|
const body = c.req.raw.body ? await c.req.blob() : undefined
|
|
const res = await Auth(
|
|
reqWithEnvUrl(
|
|
new Request(c.req.raw.url, {
|
|
body,
|
|
cache: c.req.raw.cache,
|
|
credentials: c.req.raw.credentials,
|
|
headers: c.req.raw.headers,
|
|
integrity: c.req.raw.integrity,
|
|
keepalive: c.req.raw.keepalive,
|
|
method: c.req.raw.method,
|
|
mode: c.req.raw.mode,
|
|
redirect: c.req.raw.redirect,
|
|
referrer: c.req.raw.referrer,
|
|
referrerPolicy: c.req.raw.referrerPolicy,
|
|
signal: c.req.raw.signal,
|
|
}),
|
|
ctxEnv.AUTH_URL
|
|
),
|
|
config
|
|
)
|
|
return new Response(res.body, res)
|
|
}
|
|
}
|