diff --git a/src/pkg/index.ts b/src/pkg/index.ts index 15d609a5..34371e34 100644 --- a/src/pkg/index.ts +++ b/src/pkg/index.ts @@ -22,7 +22,8 @@ export const getUrlForFlow = ( flow: string, query?: URLSearchParams, ) => - `${removeTrailingSlash(base)}/self-service/${flow}/browser${query ? `?${query.toString()}` : "" + `${removeTrailingSlash(base)}/self-service/${flow}/browser${ + query ? `?${query.toString()}` : "" }` export const defaultConfig: RouteOptionsCreator = () => { @@ -54,36 +55,36 @@ const isErrorAuthenticatorAssuranceLevel = ( // or 403 error code. export const redirectOnSoftError = (res: Response, next: NextFunction, redirectTo: string) => - (err: AxiosError) => { - if (!err.response) { - next(err) - return - } + (err: AxiosError) => { + if (!err.response) { + next(err) + return + } + if ( + err.response.status === 404 || + err.response.status === 410 || + err.response.status === 403 + ) { + // in some cases Kratos will require us to redirect to a different page when the session_aal2_required + // for example, when recovery redirects us to settings + // but settings requires us to redirect to login?aal=aal2 + const authenticatorAssuranceLevelError = err.response.data as unknown if ( - err.response.status === 404 || - err.response.status === 410 || - err.response.status === 403 + isErrorAuthenticatorAssuranceLevel(authenticatorAssuranceLevelError) ) { - // in some cases Kratos will require us to redirect to a different page when the session_aal2_required - // for example, when recovery redirects us to settings - // but settings requires us to redirect to login?aal=aal2 - const authenticatorAssuranceLevelError = err.response.data as unknown - if ( - isErrorAuthenticatorAssuranceLevel(authenticatorAssuranceLevelError) - ) { - res.redirect( - authenticatorAssuranceLevelError.redirect_browser_to || redirectTo, - ) - return - } - res.redirect(`${redirectTo}`) + res.redirect( + authenticatorAssuranceLevelError.redirect_browser_to || redirectTo, + ) return } - - next(err) + res.redirect(`${redirectTo}`) + return } + next(err) + } + export const handlebarsHelpers: UnknownObject = { jsonPretty: (context: any) => JSON.stringify(context, null, 2), onlyNodes: ( diff --git a/src/routes/consent.ts b/src/routes/consent.ts index d3301778..b7768100 100644 --- a/src/routes/consent.ts +++ b/src/routes/consent.ts @@ -13,7 +13,6 @@ import bodyParser from "body-parser" import { doubleCsrf } from "csrf-csrf" import { Request, Response, NextFunction } from "express" - // Sets up csrf protection const { generateToken, // Use this in your routes to provide a CSRF hash + token cookie and token. @@ -23,21 +22,26 @@ const { getSecret: () => "VERY_SECRET_VALUE", // A function that optionally takes the request and returns a secret cookieName: "ax-x-csrf-token", // The name of the cookie to be used, recommend using Host prefix. cookieOptions: { - sameSite: "lax", // Recommend you make this strict if posible + sameSite: "lax", // Recommend you make this strict if posible secure: true, }, ignoredMethods: ["GET", "HEAD", "OPTIONS"], // A list of request methods that will not be protected. getTokenFromRequest: (req) => req.headers["x-csrf-token"], // A function that returns the token from the request -}); +}) // Error handling, validation error interception -const csrfErrorHandler = (error: unknown, req: Request, res: Response, next: NextFunction) => { +const csrfErrorHandler = ( + error: unknown, + req: Request, + res: Response, + next: NextFunction, +) => { if (error == invalidCsrfTokenError) { next(new Error("csrf validation error")) } else { - next(); + next() } -}; +} async function createOAuth2ConsentRequestSession( grantScopes: string[], @@ -257,26 +261,21 @@ export const createConsentPostRoute: RouteCreator = .catch(next) } - - var parseForm = bodyParser.urlencoded({ extended: false }) -export const registerConsentRoute: RouteRegistrator = function( +export const registerConsentRoute: RouteRegistrator = function ( app, createHelpers = defaultConfig, ) { if (process.env.HYDRA_ADMIN_URL) { console.log("found HYDRA_ADMIN_URL") - return app.get( - "/consent", - createConsentRoute(createHelpers), - ) + return app.get("/consent", createConsentRoute(createHelpers)) } else { return register404Route } } -export const registerConsentPostRoute: RouteRegistrator = function( +export const registerConsentPostRoute: RouteRegistrator = function ( app, createHelpers = defaultConfig, ) { diff --git a/src/routes/sessions.ts b/src/routes/sessions.ts index 8c7489d2..c8056c39 100644 --- a/src/routes/sessions.ts +++ b/src/routes/sessions.ts @@ -24,7 +24,9 @@ export const createSessionsRoute: RouteCreator = ).data.logout_url || "" const identityCredentialTrait = - session?.identity?.traits.email || session?.identity?.traits.username || "" + session?.identity?.traits.email || + session?.identity?.traits.username || + "" const sessionText = identityCredentialTrait !== "" @@ -44,14 +46,13 @@ export const createSessionsRoute: RouteCreator = id: session?.identity?.id, // sometimes the identity schema could contain recursive objects // for this use case we will just stringify the object instead of recursively flatten the object - ...Object.entries(session?.identity?.traits).reduce>( - (traits, [key, value]) => { - traits[key] = - typeof value === "object" ? JSON.stringify(value) : value - return traits - }, - {}, - ), + ...Object.entries(session?.identity?.traits).reduce< + Record + >((traits, [key, value]) => { + traits[key] = + typeof value === "object" ? JSON.stringify(value) : value + return traits + }, {}), "signup date": session?.identity?.created_at || "", "authentication level": session?.authenticator_assurance_level === "aal2" @@ -71,8 +72,9 @@ export const createSessionsRoute: RouteCreator = authMethods: session?.authentication_methods?.reduce( (methods, method, i) => { methods.push({ - [`authentication method used`]: `${method.method} (${method.completed_at && new Date(method.completed_at).toUTCString() - })`, + [`authentication method used`]: `${method.method} (${ + method.completed_at && new Date(method.completed_at).toUTCString() + })`, }) return methods },