initial commit
This commit is contained in:
Madison Grubb
74
server/utils/oidc.js
Normal file
74
server/utils/oidc.js
Normal file
@@ -0,0 +1,74 @@
|
||||
import * as oidc from 'openid-client'
|
||||
|
||||
const CACHE_TTL_MS = 60 * 60 * 1000
|
||||
const configCache = new Map()
|
||||
|
||||
function getRedirectUri() {
|
||||
const explicit
|
||||
= process.env.OIDC_REDIRECT_URI ?? process.env.OPENID_REDIRECT_URI ?? ''
|
||||
if (explicit.trim()) return explicit.trim()
|
||||
const base = process.env.NUXT_APP_URL || process.env.APP_URL || ''
|
||||
if (base) return `${base.replace(/\/$/, '')}/api/auth/oidc/callback`
|
||||
const host = process.env.HOST || 'localhost'
|
||||
const port = process.env.PORT || '3000'
|
||||
const protocol = process.env.NODE_ENV === 'production' ? 'https' : 'http'
|
||||
return `${protocol}://${host}:${port}/api/auth/oidc/callback`
|
||||
}
|
||||
|
||||
export async function getOidcConfig() {
|
||||
const issuer = process.env.OIDC_ISSUER
|
||||
const clientId = process.env.OIDC_CLIENT_ID
|
||||
const clientSecret = process.env.OIDC_CLIENT_SECRET
|
||||
if (!issuer || !clientId || !clientSecret) return null
|
||||
const key = issuer
|
||||
const cached = configCache.get(key)
|
||||
if (cached && Date.now() < cached.expires) return cached.config
|
||||
const server = new URL(issuer)
|
||||
const config = await oidc.discovery(
|
||||
server,
|
||||
clientId,
|
||||
undefined,
|
||||
oidc.ClientSecretPost(clientSecret),
|
||||
{ timeout: 5000 },
|
||||
)
|
||||
configCache.set(key, { config, expires: Date.now() + CACHE_TTL_MS })
|
||||
return config
|
||||
}
|
||||
|
||||
export function getOidcRedirectUri() {
|
||||
return getRedirectUri()
|
||||
}
|
||||
|
||||
export function constantTimeCompare(a, b) {
|
||||
if (typeof a !== 'string' || typeof b !== 'string' || a.length !== b.length) return false
|
||||
let out = 0
|
||||
for (let i = 0; i < a.length; i++) out |= a.charCodeAt(i) ^ b.charCodeAt(i)
|
||||
return out === 0
|
||||
}
|
||||
|
||||
export function createOidcParams() {
|
||||
return {
|
||||
state: oidc.randomState(),
|
||||
nonce: oidc.randomNonce(),
|
||||
codeVerifier: oidc.randomPKCECodeVerifier(),
|
||||
}
|
||||
}
|
||||
|
||||
export async function getCodeChallenge(verifier) {
|
||||
return oidc.calculatePKCECodeChallenge(verifier)
|
||||
}
|
||||
|
||||
export function validateRedirectPath(redirect) {
|
||||
if (typeof redirect !== 'string' || !redirect.startsWith('/') || redirect.startsWith('//')) return '/'
|
||||
const path = redirect.split('?')[0]
|
||||
if (path.includes('//')) return '/'
|
||||
return redirect
|
||||
}
|
||||
|
||||
export function buildAuthorizeUrl(config, params) {
|
||||
return oidc.buildAuthorizationUrl(config, params)
|
||||
}
|
||||
|
||||
export async function exchangeCode(config, currentUrl, checks) {
|
||||
return oidc.authorizationCodeGrant(config, currentUrl, checks)
|
||||
}
|
||||
Reference in New Issue
Block a user