From 176e70190f2e4d805a225373bfb7de92b213eb0a Mon Sep 17 00:00:00 2001 From: Gao Sun Date: Mon, 15 May 2023 15:47:53 +0800 Subject: [PATCH] refactor(core): add guards for authn routes (#3843) --- packages/core/src/routes/authn.ts | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/packages/core/src/routes/authn.ts b/packages/core/src/routes/authn.ts index 90b8680c7..6699e31a7 100644 --- a/packages/core/src/routes/authn.ts +++ b/packages/core/src/routes/authn.ts @@ -26,10 +26,18 @@ export default function authnRoutes( socials: { getConnector }, } = libraries; + const hasuraResponseGuard = z.object({ + 'X-Hasura-User-Id': z.string().optional(), + 'X-Hasura-Role': z.string().optional(), + }); + + type HasuraResponse = z.infer; + router.get( '/authn/hasura', koaGuard({ query: z.object({ resource: z.string().min(1), unauthorizedRole: z.string().optional() }), + response: hasuraResponseGuard, status: [200, 401], }), async (ctx, next) => { @@ -59,7 +67,7 @@ export default function authnRoutes( // So we verify the token again with no resource provided. (await verifyToken().then(({ sub }) => sub)), 'X-Hasura-Role': unauthorizedRole, - }; + } satisfies HasuraResponse; ctx.status = 200; return next(); @@ -75,7 +83,7 @@ export default function authnRoutes( ctx.body = { 'X-Hasura-User-Id': sub, 'X-Hasura-Role': expectedRole, - }; + } satisfies HasuraResponse; ctx.status = 200; return next(); @@ -89,7 +97,11 @@ export default function authnRoutes( * The API does not care the type of the SAML assertion request body, simply pass this to * connector's built-in methods. */ - koaGuard({ body: jsonObjectGuard, params: z.object({ connectorId: z.string().min(1) }) }), + koaGuard({ + body: jsonObjectGuard, + params: z.object({ connectorId: z.string().min(1) }), + status: 302, + }), async (ctx, next) => { const { params: { connectorId },