hono/deno_dist/middleware/bearer-auth/index.ts

import { HTTPException } from '../../http-exception.ts'
import type { MiddlewareHandler } from '../../types.ts'
import { timingSafeEqual } from '../../utils/buffer.ts'

const TOKEN_STRINGS = '[A-Za-z0-9._~+/-]+=*'
const PREFIX = 'Bearer'

export const bearerAuth = (options: {
  token: string
  realm?: string
  prefix?: string
  hashFunction?: Function
}): MiddlewareHandler => {
  if (!options.token) {
    throw new Error('bearer auth middleware requires options for "token"')
  }
  if (!options.realm) {
    options.realm = ''
  }
  if (!options.prefix) {
    options.prefix = PREFIX
  }

  const realm = options.realm?.replace(/"/g, '\\"')

  return async (c, next) => {
    const headerToken = c.req.headers.get('Authorization')

    if (!headerToken) {
      // No Authorization header
      const res = new Response('Unauthorized', {
        status: 401,
        headers: {
          'WWW-Authenticate': `${options.prefix} realm="` + realm + '"',
        },
      })
      throw new HTTPException(401, { res })
    } else {
      const regexp = new RegExp('^' + options.prefix + ' +(' + TOKEN_STRINGS + ') *$')
      const match = regexp.exec(headerToken)
      if (!match) {
        // Invalid Request
        const res = new Response('Bad Request', {
          status: 400,
          headers: {
            'WWW-Authenticate': `${options.prefix} error="invalid_request"`,
          },
        })
        throw new HTTPException(400, { res })
      } else {
        const equal = await timingSafeEqual(options.token, match[1], options.hashFunction)
        if (!equal) {
          // Invalid Token
          const res = new Response('Unauthorized', {
            status: 401,
            headers: {
              'WWW-Authenticate': `${options.prefix} error="invalid_token"`,
            },
          })
          throw new HTTPException(401, { res })
        }
      }
    }
    await next()
  }
}
feat: move http-exception out of utils (#883) 2023-02-11 10:05:50 +01:00			`import { HTTPException } from '../../http-exception.ts'`
feat(types): introduce `CustomHandler` interface (#637) 2022-10-31 16:07:56 +01:00			`import type { MiddlewareHandler } from '../../types.ts'`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`import { timingSafeEqual } from '../../utils/buffer.ts'`

			`const TOKEN_STRINGS = '[A-Za-z0-9._~+/-]+=*'`
			`const PREFIX = 'Bearer'`

			`export const bearerAuth = (options: {`
			`token: string`
			`realm?: string`
			`prefix?: string`
			`hashFunction?: Function`
fix(types): add types to middleware correctly (#521) 2022-09-14 01:17:20 +02:00			`}): MiddlewareHandler => {`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`if (!options.token) {`
			`throw new Error('bearer auth middleware requires options for "token"')`
			`}`
			`if (!options.realm) {`
			`options.realm = ''`
			`}`
			`if (!options.prefix) {`
			`options.prefix = PREFIX`
			`}`

			`const realm = options.realm?.replace(/"/g, '\\"')`

fix(types): add types to middleware correctly (#521) 2022-09-14 01:17:20 +02:00			`return async (c, next) => {`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`const headerToken = c.req.headers.get('Authorization')`

			`if (!headerToken) {`
			`// No Authorization header`
feat: introduce `HTTPException` (#796) * feat: introduce `HTTPException` * denoify and fixed tests for Lagon 2023-01-12 10:53:13 +01:00			`const res = new Response('Unauthorized', {`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`status: 401,`
			`headers: {`
			'WWW-Authenticate': `${options.prefix} realm="` + realm + '"',
			`},`
			`})`
feat: introduce `HTTPException` (#796) * feat: introduce `HTTPException` * denoify and fixed tests for Lagon 2023-01-12 10:53:13 +01:00			`throw new HTTPException(401, { res })`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`} else {`
			`const regexp = new RegExp('^' + options.prefix + ' +(' + TOKEN_STRINGS + ') *$')`
			`const match = regexp.exec(headerToken)`
			`if (!match) {`
			`// Invalid Request`
feat: introduce `HTTPException` (#796) * feat: introduce `HTTPException` * denoify and fixed tests for Lagon 2023-01-12 10:53:13 +01:00			`const res = new Response('Bad Request', {`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`status: 400,`
			`headers: {`
			'WWW-Authenticate': `${options.prefix} error="invalid_request"`,
			`},`
			`})`
feat: introduce `HTTPException` (#796) * feat: introduce `HTTPException` * denoify and fixed tests for Lagon 2023-01-12 10:53:13 +01:00			`throw new HTTPException(400, { res })`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`} else {`
			`const equal = await timingSafeEqual(options.token, match[1], options.hashFunction)`
			`if (!equal) {`
			`// Invalid Token`
feat: introduce `HTTPException` (#796) * feat: introduce `HTTPException` * denoify and fixed tests for Lagon 2023-01-12 10:53:13 +01:00			`const res = new Response('Unauthorized', {`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`status: 401,`
			`headers: {`
			'WWW-Authenticate': `${options.prefix} error="invalid_token"`,
			`},`
			`})`
feat: introduce `HTTPException` (#796) * feat: introduce `HTTPException` * denoify and fixed tests for Lagon 2023-01-12 10:53:13 +01:00			`throw new HTTPException(401, { res })`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`}`
			`}`
			`}`
fix(middleware): support multiple middleware on bearer/basic auth middleware (#513) Fix #509 2022-09-10 11:02:36 +02:00			`await next()`
feat: support Deno! (#336) 2022-07-02 08:09:45 +02:00			`}`
			`}`