1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.bearerAuth = void 0;
const buffer_1 = require("../../utils/buffer");
const TOKEN_STRINGS = '[A-Za-z0-9._~+/-]+=*';
const PREFIX = 'Bearer';
const bearerAuth = (options) => {
if (!options.token) {
throw new Error('bearer auth middleware requires options for "token"');
}
if (!options.realm) {
options.realm = '';
}
if (!options.prefix) {
options.prefix = PREFIX;
}
const realm = options.realm?.replace(/"/g, '\\"');
return async (c, next) => {
const headerToken = c.req.headers.get('Authorization');
if (!headerToken) {
// No Authorization header
c.res = new Response('Unauthorized', {
status: 401,
headers: {
'WWW-Authenticate': `${options.prefix} realm="` + realm + '"',
},
});
}
else {
const regexp = new RegExp('^' + options.prefix + ' +(' + TOKEN_STRINGS + ') *$');
const match = regexp.exec(headerToken);
if (!match) {
// Invalid Request
c.res = new Response('Bad Request', {
status: 400,
headers: {
'WWW-Authenticate': `${options.prefix} error="invalid_request"`,
},
});
}
else {
const equal = await (0, buffer_1.timingSafeEqual)(options.token, match[1], options.hashFunction);
if (!equal) {
// Invalid Token
c.res = new Response('Unauthorized', {
status: 401,
headers: {
'WWW-Authenticate': `${options.prefix} error="invalid_token"`,
},
});
}
else {
// Authorize OK
await next();
return;
}
}
}
};
};
exports.bearerAuth = bearerAuth;
|
