keligrubb/kestrelos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
a4996e7c91d91e5ab8cd244f2a45f8b9d671f5d1
kestrelos/server/utils/oidc.js
Madison Grubb 1a566e2d80
Some checks failed
ci/woodpecker/pr/pr Pipeline failed
Details
refactor testing
2026-02-17 11:05:57 -05:00

82 lines
2.6 KiB
JavaScript
Raw Blame History

import * as oidc from 'openid-client'
const CACHE_TTL_MS = 60 * 60 * 1000
const configCache = new Map()
// Auth configuration
export function getAuthConfig() {
const hasOidc = !!(process.env.OIDC_ISSUER && process.env.OIDC_CLIENT_ID && process.env.OIDC_CLIENT_SECRET)
const label = process.env.OIDC_LABEL?.trim() || (hasOidc ? 'Sign in with OIDC' : '')
return Object.freeze({ oidc: { enabled: hasOidc, label } })
}
function getRedirectUri() {
const explicit
= process.env.OIDC_REDIRECT_URI ?? process.env.OPENID_REDIRECT_URI ?? ''
if (explicit.trim()) return explicit.trim()
const base = process.env.NUXT_APP_URL || process.env.APP_URL || ''
if (base) return `${base.replace(/\/$/, '')}/api/auth/oidc/callback`
const host = process.env.HOST || 'localhost'
const port = process.env.PORT || '3000'
const protocol = process.env.NODE_ENV === 'production' ? 'https' : 'http'
return `${protocol}://${host}:${port}/api/auth/oidc/callback`
}
export async function getOidcConfig() {
const issuer = process.env.OIDC_ISSUER
const clientId = process.env.OIDC_CLIENT_ID
const clientSecret = process.env.OIDC_CLIENT_SECRET
if (!issuer || !clientId || !clientSecret) return null
const key = issuer
const cached = configCache.get(key)
if (cached && Date.now() < cached.expires) return cached.config
const server = new URL(issuer)
const config = await oidc.discovery(
server,
clientId,
undefined,
oidc.ClientSecretPost(clientSecret),
{ timeout: 5000 },
)
configCache.set(key, { config, expires: Date.now() + CACHE_TTL_MS })
return config
}
export function getOidcRedirectUri() {
return getRedirectUri()
}
export function constantTimeCompare(a, b) {
if (typeof a !== 'string' || typeof b !== 'string' || a.length !== b.length) return false
let out = 0
for (let i = 0; i < a.length; i++) out |= a.charCodeAt(i) ^ b.charCodeAt(i)
return out === 0
}
export function createOidcParams() {
return {
state: oidc.randomState(),
nonce: oidc.randomNonce(),
codeVerifier: oidc.randomPKCECodeVerifier(),
}
}
export async function getCodeChallenge(verifier) {
return oidc.calculatePKCECodeChallenge(verifier)
}
export function validateRedirectPath(redirect) {
if (typeof redirect !== 'string' || !redirect.startsWith('/') || redirect.startsWith('//')) return '/'
const path = redirect.split('?')[0]
if (path.includes('//')) return '/'
return redirect
}
export function buildAuthorizeUrl(config, params) {
return oidc.buildAuthorizationUrl(config, params)
}
export async function exchangeCode(config, currentUrl, checks) {
return oidc.authorizationCodeGrant(config, currentUrl, checks)
}
Reference in New Issue View Git Blame Copy Permalink