diff --git a/package.json b/package.json
index 5bc5b0e79627b2dd942a29325e772966c9552b4b..acf7c42b43711e90db5657996f3acb9950745106 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "@arise/aidc-sveltekit",
- "version": "0.0.6",
+ "version": "0.0.7",
"type": "module",
"scripts": {
"dev": "vite dev",
diff --git a/src/lib/cookies.ts b/src/lib/cookies.ts
index feb8630e1d6369847e7e28b909cc753b883e6463..5a30671fed592fe8c88093581270552fd2379270 100644
--- a/src/lib/cookies.ts
+++ b/src/lib/cookies.ts
@@ -2,7 +2,7 @@ import { JWTCookieManager } from "$lib/utils/jwt_cookie.js";
import type { Cookies } from "@sveltejs/kit";
import type { TokenSet } from "openid-client";
import { z } from "zod";
-import type { InternalConfig } from "$lib/types.js";
+import type { InternalConfig, Config } from "$lib/types.js";
const ONE_HOUR = 60 * 60;
const ONE_DAY = 24 * ONE_HOUR;
@@ -14,10 +14,14 @@ export const authSchema = z.object({
nonce: z.string(),
});
-export const authCookie = new JWTCookieManager(authSchema, {
- serialize: { path: "/", maxAge: ONE_HOUR },
- name: "tmp_arise_auth_secrets",
-});
+export type AuthCookie = JWTCookieManager<typeof authSchema>;
+
+export function authCookieBuilder({ jwt_secret }: Config): AuthCookie {
+ return new JWTCookieManager(authSchema, jwt_secret, {
+ serialize: { path: "/", maxAge: ONE_HOUR },
+ name: "tmp_arise_auth_secrets",
+ });
+}
export const tokenSetSchema = z.object({
access_token: z.string().optional(),
@@ -29,21 +33,25 @@ export const tokenSetSchema = z.object({
session_state: z.string().optional(),
});
-export const tokenSetCookie = new JWTCookieManager(tokenSetSchema, {
- name: "arise_token_set",
- serialize: {
- maxAge: ONE_MONTH,
- },
-});
+export type TokenSetCookie = JWTCookieManager<typeof tokenSetSchema>;
+
+export function tokenSetCookieBuilder({ jwt_secret }: Config): TokenSetCookie {
+ return new JWTCookieManager(tokenSetSchema, jwt_secret, {
+ name: "arise_token_set",
+ serialize: {
+ maxAge: ONE_MONTH,
+ },
+ });
+}
export async function setTokenSetCookie(
tokenSet: TokenSet,
cookies: Cookies,
- { client }: InternalConfig,
+ config: InternalConfig,
) {
- const userinfo = await client.userinfo(tokenSet);
+ const userinfo = await config.client.userinfo(tokenSet);
- tokenSetCookie.send(cookies, {
+ config.cookies.tokenSet.send(cookies, {
payload: tokenSet,
jwt: { subject: userinfo.sub, expiresIn: ONE_MONTH },
});
diff --git a/src/lib/env.ts b/src/lib/env.ts
deleted file mode 100644
index dfa9da617d2551981b9d3ffdfa0328791a9e07c8..0000000000000000000000000000000000000000
--- a/src/lib/env.ts
+++ /dev/null
@@ -1,10 +0,0 @@
-import { ensureEnv } from "$lib/utils/env.js";
-
-export const env = ensureEnv([
- "API_URL",
- "API_TOKEN",
- "JWT_SECRET",
- "AIDC_CLIENT_ID",
- "AIDC_CLIENT_SECRET",
- "ORIGIN",
-] as const);
diff --git a/src/lib/handlers/cookie.ts b/src/lib/handlers/cookie.ts
index 6ec905248c228a0d09d05789deb07d369856ab07..c30e239c5c90854c5794ea45b99addb4f6844de6 100644
--- a/src/lib/handlers/cookie.ts
+++ b/src/lib/handlers/cookie.ts
@@ -1,11 +1,11 @@
import { TokenSet } from "openid-client";
-import { setTokenSetCookie, tokenSetCookie } from "$lib/cookies.js";
+import { setTokenSetCookie } from "$lib/cookies.js";
import type { Handle } from "@sveltejs/kit";
import type { InternalConfig } from "$lib/types.js";
export default function (config: InternalConfig): Handle {
return async function ({ event, resolve }) {
- const jwtTokenSet = tokenSetCookie.receive(event.cookies);
+ const jwtTokenSet = config.cookies.tokenSet.receive(event.cookies);
if (jwtTokenSet !== null) {
let tokenSet = new TokenSet(jwtTokenSet);
@@ -23,7 +23,7 @@ export default function (config: InternalConfig): Handle {
};
} catch (error) {
console.error(error);
- tokenSetCookie.delete(event.cookies);
+ config.cookies.tokenSet.delete(event.cookies);
}
}
diff --git a/src/lib/handlers/login.ts b/src/lib/handlers/login.ts
index 6735e0de2dbb66480f89a0f25bfdb17e68948ddf..7f6c3a5b2fbd7e0325a9a8aa24818bed09c05488 100644
--- a/src/lib/handlers/login.ts
+++ b/src/lib/handlers/login.ts
@@ -1,6 +1,5 @@
import { redirect } from "@sveltejs/kit";
import { generators } from "openid-client";
-import { authCookie } from "$lib/cookies.js";
import type { Handle } from "@sveltejs/kit";
import type { InternalConfig } from "$lib/types.js";
import { SEE_OTHER } from "readable-http-codes";
@@ -11,7 +10,7 @@ export default function (config: InternalConfig): Handle {
const state = generators.state();
const nonce = generators.nonce();
- authCookie.send(event.cookies, {
+ config.cookies.auth.send(event.cookies, {
payload: { codeVerifier, state, nonce },
});
diff --git a/src/lib/handlers/loginCallback.ts b/src/lib/handlers/loginCallback.ts
index f1df019aa89ca1638c9f3cc86dc2324eaf01782a..7b9581dfc78ab205657c6a4e4dec865559549aea 100644
--- a/src/lib/handlers/loginCallback.ts
+++ b/src/lib/handlers/loginCallback.ts
@@ -1,5 +1,5 @@
import { type Handle, redirect } from "@sveltejs/kit";
-import { authCookie, setTokenSetCookie } from "$lib/cookies.js";
+import { setTokenSetCookie } from "$lib/cookies.js";
import { errors } from "openid-client";
import type { InternalConfig } from "$lib/types.js";
import { base } from "$app/paths";
@@ -9,7 +9,7 @@ export default function (config: InternalConfig): Handle {
return async function ({ event, resolve }) {
const params = config.client.callbackParams(event.url.toString());
- const cookie = authCookie.receive(event.cookies);
+ const cookie = config.cookies.auth.receive(event.cookies);
if (cookie === null) {
throw redirect(SEE_OTHER, config.paths.login);
diff --git a/src/lib/handlers/logoutCallback.ts b/src/lib/handlers/logoutCallback.ts
index dd7cae4b150a4b222b2d4b52341845f7eba7bc81..a95bdadd5d630efff671c0628b700d81e0f5cca5 100644
--- a/src/lib/handlers/logoutCallback.ts
+++ b/src/lib/handlers/logoutCallback.ts
@@ -1,11 +1,10 @@
import { type Handle, redirect } from "@sveltejs/kit";
-import { tokenSetCookie } from "$lib/cookies.js";
import type { InternalConfig } from "$lib/types.js";
import { SEE_OTHER } from "readable-http-codes";
export default function (config: InternalConfig): Handle {
return async function ({ event }) {
- tokenSetCookie.delete(event.cookies);
+ config.cookies.tokenSet.delete(event.cookies);
if (config.on?.loggedOut) {
return config.on.loggedOut(event);
diff --git a/src/lib/index.ts b/src/lib/index.ts
index b70ab83a3ad6176805e409e5a56b23aa601e3bf5..e261e2e10daa39a154448e3576c2aad56607ea9a 100644
--- a/src/lib/index.ts
+++ b/src/lib/index.ts
@@ -1,8 +1,9 @@
import { Issuer } from "openid-client";
import { base } from "$app/paths";
import handler from "./handlers/index.js";
-import type { Config } from "./types.js";
+import type { Config, InternalConfig } from "./types.js";
import * as paths from "./paths.js";
+import { authCookieBuilder, tokenSetCookieBuilder } from "./cookies.js";
export type { AuthData as AriseData, Config, Locals } from "./types.js";
export { handleBuilder as ariseIdConnectBuilder } from "./index.js";
@@ -23,16 +24,24 @@ export async function handleBuilder(config: Config) {
response_types: ["code", "id_token"],
});
+ const flowPaths: InternalConfig["paths"] = {
+ callback: addBase(config.paths?.callback ?? paths.CALLBACK),
+ logoutCallback: addBase(
+ config.paths?.logoutCallback ?? paths.LOGOUT_CALLBACK,
+ ),
+ login: addBase(config.paths?.login ?? paths.LOGIN),
+ logout: addBase(config.paths?.logout ?? paths.LOGOUT),
+ };
+
+ const cookies: InternalConfig["cookies"] = {
+ auth: authCookieBuilder(config),
+ tokenSet: tokenSetCookieBuilder(config),
+ };
+
return handler({
...config,
- paths: {
- callback: addBase(config.paths?.callback ?? paths.CALLBACK),
- logoutCallback: addBase(
- config.paths?.logoutCallback ?? paths.LOGOUT_CALLBACK,
- ),
- login: addBase(config.paths?.login ?? paths.LOGIN),
- logout: addBase(config.paths?.logout ?? paths.LOGOUT),
- },
+ paths: flowPaths,
client,
+ cookies,
});
}
diff --git a/src/lib/types.ts b/src/lib/types.ts
index 52379254e98ded50db03057c55532a072f8ca70e..ae7f85f0bb665e85dab73cb8add7d178e13b5e5f 100644
--- a/src/lib/types.ts
+++ b/src/lib/types.ts
@@ -5,6 +5,7 @@ import type {
errors,
TokenSet,
} from "openid-client";
+import type { AuthCookie, TokenSetCookie } from "./cookies.js";
export type AuthData = {
loggedIn?: {
@@ -30,6 +31,8 @@ type Paths = {
export interface Config extends ClientMetadata {
client_secret: string;
scope: string;
+ /** JWT Secret */
+ jwt_secret: string;
paths?: Partial<Paths>;
issuer?: string;
on?: {
@@ -45,4 +48,8 @@ export interface Config extends ClientMetadata {
export interface InternalConfig extends Config {
client: BaseClient;
paths: Paths;
+ cookies: {
+ auth: AuthCookie;
+ tokenSet: TokenSetCookie;
+ };
}
diff --git a/src/lib/utils/jwt_cookie.ts b/src/lib/utils/jwt_cookie.ts
index 04b98d8708f0a7ef0eade41b6e121d0b4454bd97..0561b10e2e8d65f33cd1bd2d7622c14e23ade4f6 100644
--- a/src/lib/utils/jwt_cookie.ts
+++ b/src/lib/utils/jwt_cookie.ts
@@ -1,6 +1,5 @@
import type { Cookies } from "@sveltejs/kit";
import jwt from "jsonwebtoken";
-import { env } from "$lib/env.js";
import type { z, ZodObject, ZodSchema } from "zod";
import type { CookieSerializeOptions } from "cookie";
import { dev } from "$app/environment";
@@ -10,7 +9,7 @@ type Empty = Record<string, never>;
export type JWT<T extends ZodSchema = ZodObject<Empty>> = jwt.JwtPayload &
z.output<T>;
-export interface FlashSendOptions<T> {
+export interface SendOptions<T> {
payload: T;
jwt?: jwt.SignOptions;
}
@@ -23,6 +22,7 @@ export interface CookieOptions {
export class JWTCookieManager<T extends ZodSchema = ZodObject<Empty>> {
constructor(
private schema: T,
+ private secret: string,
private cookieOptions?: CookieOptions,
) {}
@@ -39,14 +39,14 @@ export class JWTCookieManager<T extends ZodSchema = ZodObject<Empty>> {
};
}
- send(cookies: Cookies, options: FlashSendOptions<z.output<T>>) {
+ send(cookies: Cookies, options: SendOptions<z.output<T>>) {
const payload = this.schema.safeParse(options.payload);
if (!payload.success) {
throw payload.error;
}
- const cookie = jwt.sign(payload.data, env.JWT_SECRET, options.jwt);
+ const cookie = jwt.sign(payload.data, this.secret, options.jwt);
cookies.set(this.cookieName(), cookie, this.cookieSerializeOptions());
}
@@ -56,7 +56,7 @@ export class JWTCookieManager<T extends ZodSchema = ZodObject<Empty>> {
if (!token) return null;
try {
- jwt.verify(token, env.JWT_SECRET);
+ jwt.verify(token, this.secret);
} catch {
return null;
}