0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

feat(schemas,core,test): remove LogtoJwtTokenKeyType and define the path enum locally in core

This commit is contained in:
Darcy Ye 2024-03-06 11:50:11 +08:00
parent be518dc76d
commit 7c06880287
No known key found for this signature in database
GPG key ID: B46F4C07EDEFC610
4 changed files with 25 additions and 28 deletions

View file

@ -12,7 +12,6 @@ import {
type OidcConfigKeysResponse,
type OidcConfigKey,
LogtoOidcConfigKeyType,
LogtoJwtTokenKeyType,
jwtCustomizerAccessTokenGuard,
jwtCustomizerClientCredentialsGuard,
LogtoJwtTokenKey,
@ -25,6 +24,11 @@ import { exportJWK } from '#src/utils/jwks.js';
import type { AuthedRouter, RouterInitArgs } from './types.js';
enum LogtoJwtTokenPath {
AccessToken = 'access-token',
ClientCredentials = 'client-credentials',
}
/**
* Provide a simple API router key type and DB config key mapping
*/
@ -33,15 +37,15 @@ const getOidcConfigKeyDatabaseColumnName = (key: LogtoOidcConfigKeyType): LogtoO
? LogtoOidcConfigKey.PrivateKeys
: LogtoOidcConfigKey.CookieKeys;
const getLogtoJwtTokenKey = (key: LogtoJwtTokenKeyType): LogtoJwtTokenKey =>
key === LogtoJwtTokenKeyType.AccessToken
const getLogtoJwtTokenKey = (key: LogtoJwtTokenPath): LogtoJwtTokenKey =>
key === LogtoJwtTokenPath.AccessToken
? LogtoJwtTokenKey.AccessToken
: LogtoJwtTokenKey.ClientCredentials;
const guardJwtCustomizerBody = (tokenType: LogtoJwtTokenKeyType, body: unknown) => {
const guardJwtCustomizerBody = (tokenTypePath: LogtoJwtTokenPath, body: unknown) => {
// Manually implement the request body type check, the flow aligns with the actual `koaGuard()`.
// Use ternary operator to get the specific guard brings difficulties to type inference.
if (tokenType === LogtoJwtTokenKeyType.AccessToken) {
if (tokenTypePath === LogtoJwtTokenPath.AccessToken) {
return parse('body', jwtCustomizerAccessTokenGuard, body);
}
@ -208,15 +212,15 @@ export default function logtoConfigRoutes<T extends AuthedRouter>(
);
router.put(
'/configs/jwt-customizer/:tokenType',
'/configs/jwt-customizer/:tokenTypePath',
koaGuard({
params: z.object({
tokenType: z.nativeEnum(LogtoJwtTokenKeyType),
tokenTypePath: z.nativeEnum(LogtoJwtTokenPath),
}),
/**
* Use `z.unknown()` to guard the request body as a JSON object, since the actual guard depends
* on the `tokenType` and we can not get the value of `tokenType` before parsing the request body,
* we will do more specific guard as long as we can get the value of `tokenType`.
* on the `tokenTypePath` and we can not get the value of `tokenTypePath` before parsing the request body,
* we will do more specific guard as long as we can get the value of `tokenTypePath`.
*
* Should specify `body` in koaGuard, otherwise the request body is not accessible even via `ctx.request.body`.
*/
@ -226,11 +230,11 @@ export default function logtoConfigRoutes<T extends AuthedRouter>(
}),
async (ctx, next) => {
const {
params: { tokenType },
params: { tokenTypePath },
body: rawBody,
} = ctx.guard;
const key = getLogtoJwtTokenKey(tokenType);
const body = guardJwtCustomizerBody(tokenType, rawBody);
const key = getLogtoJwtTokenKey(tokenTypePath);
const body = guardJwtCustomizerBody(tokenTypePath, rawBody);
const { rows } = await getRowsByKeys([key]);

View file

@ -3,7 +3,6 @@ import {
type AdminConsoleData,
type OidcConfigKeysResponse,
type LogtoOidcConfigKeyType,
type LogtoJwtTokenKeyType,
type JwtCustomizerAccessToken,
type JwtCustomizerClientCredentials,
} from '@logto/schemas';
@ -34,7 +33,10 @@ export const rotateOidcKeys = async (
.post(`configs/oidc/${keyType}/rotate`, { json: { signingKeyAlgorithm } })
.json<OidcConfigKeysResponse[]>();
export const insertOrUpdateJwtCustomizer = async (keyType: LogtoJwtTokenKeyType, value: unknown) =>
export const insertOrUpdateJwtCustomizer = async (
keyTypePath: 'access-token' | 'client-credentials',
value: unknown
) =>
authedAdminApi
.put(`configs/jwt-customizer/${keyType}`, { json: value })
.put(`configs/jwt-customizer/${keyTypePath}`, { json: value })
.json<JwtCustomizerAccessToken | JwtCustomizerClientCredentials>();

View file

@ -2,7 +2,6 @@ import {
SupportedSigningKeyAlgorithm,
type AdminConsoleData,
LogtoOidcConfigKeyType,
LogtoJwtTokenKeyType,
} from '@logto/schemas';
import {
@ -143,7 +142,7 @@ describe('admin console sign-in experience', () => {
};
const accessToken = await insertOrUpdateJwtCustomizer(
LogtoJwtTokenKeyType.AccessToken,
'access-token',
accessTokenJwtCustomizerPayload
);
expect(accessToken).toMatchObject(accessTokenJwtCustomizerPayload);
@ -152,13 +151,13 @@ describe('admin console sign-in experience', () => {
script: 'new script',
};
const updatedAccessToken = await insertOrUpdateJwtCustomizer(
LogtoJwtTokenKeyType.AccessToken,
'access-token',
newAccessTokenJwtCustomizerPayload
);
expect(updatedAccessToken).toMatchObject(newAccessTokenJwtCustomizerPayload);
const clientCredentials = await insertOrUpdateJwtCustomizer(
LogtoJwtTokenKeyType.ClientCredentials,
'client-credentials',
clientCredentialsJwtCustomizerPayload
);
expect(clientCredentials).toMatchObject(clientCredentialsJwtCustomizerPayload);
@ -167,7 +166,7 @@ describe('admin console sign-in experience', () => {
script: 'new script client credentials',
};
const updatedClientCredentials = await insertOrUpdateJwtCustomizer(
LogtoJwtTokenKeyType.ClientCredentials,
'client-credentials',
newClientCredentialsJwtCustomizerPayload
);
expect(updatedClientCredentials).toMatchObject(newClientCredentialsJwtCustomizerPayload);

View file

@ -51,14 +51,6 @@ export const logtoOidcConfigGuard: Readonly<{
[LogtoOidcConfigKey.CookieKeys]: oidcConfigKeyGuard.array(),
});
/**
* Logto JWT customizer token types, used in REST API routes.
*/
export enum LogtoJwtTokenKeyType {
AccessToken = 'access-token',
ClientCredentials = 'client-credentials',
}
export enum LogtoJwtTokenKey {
AccessToken = 'jwt.accessToken',
ClientCredentials = 'jwt.clientCredentials',