feat(core): add POST /configs/jwt-customizer/test API

2025-03-31 22:51:25 -05:00 · 2024-03-19 11:56:15 +08:00 · 2024-03-19 11:56:15 +08:00 · 5fbee28565
commit 5fbee28565
parent f727ef8415
2 changed files with 57 additions and 1 deletions
--- a/packages/core/src/routes/logto-config.ts
+++ b/packages/core/src/routes/logto-config.ts
@ -16,9 +16,12 @@ import {
  clientCredentialsJwtCustomizerGuard,
  LogtoJwtTokenKey,
  LogtoJwtTokenPath,
+  jsonObjectGuard,
+  customJwtFetcherGuard,
 } from '@logto/schemas';
 import { z } from 'zod';

+import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
 import koaGuard, { parse } from '#src/middleware/koa-guard.js';
 import { exportJWK } from '#src/utils/jwks.js';
@ -75,7 +78,7 @@ const getRedactedOidcKeyResponse = async (
  );

 export default function logtoConfigRoutes<T extends AuthedRouter>(
-  ...[router, { queries, logtoConfigs, invalidateCache }]: RouterInitArgs<T>
+  ...[router, { queries, logtoConfigs, invalidateCache, cloudConnection }]: RouterInitArgs<T>
 ) {
  const {
    getAdminConsoleConfig,
@ -287,4 +290,45 @@ export default function logtoConfigRoutes<T extends AuthedRouter>(
      return next();
    }
  );
+
+  if (!EnvSet.values.isCloud) {
+    return;
+  }
+
+  router.post(
+    '/configs/jwt-customizer/:tokenTypePath/test',
+    koaGuard({
+      params: z.object({
+        tokenTypePath: z.nativeEnum(LogtoJwtTokenPath),
+      }),
+      body: z.unknown(),
+      response: jsonObjectGuard,
+      /**
+       * 400 for cloud service zod error (data type does not match expectation, can be either request body or response body)
+       * 422 for cloud service syntax error
+       */
+      status: [200, 400, 422],
+    }),
+    async (ctx, next) => {
+      const {
+        params: { tokenTypePath },
+        body: rawBody,
+      } = ctx.guard;
+      const {
+        body: { tokenSample, contextSample, ...rest },
+      } = getJwtTokenKeyAndBody(tokenTypePath, rawBody);
+
+      const client = await cloudConnection.getClient();
+      const testResult = await client.post(`/api/services/custom-jwt`, {
+        body: customJwtFetcherGuard.parse({
+          ...rest,
+          tokenSample,
+          contextSample,
+        }),
+      });
+
+      ctx.body = testResult;
+      return next();
+    }
+  );
 }
--- a/packages/schemas/src/types/jwt-customizer.ts
+++ b/packages/schemas/src/types/jwt-customizer.ts
@ -47,6 +47,18 @@ export const customJwtFetcherGuard = jwtCustomizerGuard

 export type CustomJwtFetcher = z.infer<typeof customJwtFetcherGuard>;

+/**
+ * This guard is for testing use (request body guard), renamed previous `token` and `context`
+ * fields (in `customJwtFetcherGuard`) to `tokenSample` and `contextSample`, which can bring
+ * convenience to the testing use case.
+ */
+export const customJwtTesterGuard = customJwtFetcherGuard
+  .pick({ script: true, envVars: true })
+  .extend({
+    tokenSample: jsonObjectGuard,
+    contextSample: jsonObjectGuard.optional(),
+  });
+
 export enum LogtoJwtTokenPath {
  AccessToken = 'access-token',
  ClientCredentials = 'client-credentials',