mirror of
https://github.com/logto-io/logto.git
synced 2025-01-06 20:40:08 -05:00
feat(schemas,core,test): remove LogtoJwtTokenKeyType and define the path enum locally in core
This commit is contained in:
parent
be518dc76d
commit
7c06880287
4 changed files with 25 additions and 28 deletions
|
@ -12,7 +12,6 @@ import {
|
|||
type OidcConfigKeysResponse,
|
||||
type OidcConfigKey,
|
||||
LogtoOidcConfigKeyType,
|
||||
LogtoJwtTokenKeyType,
|
||||
jwtCustomizerAccessTokenGuard,
|
||||
jwtCustomizerClientCredentialsGuard,
|
||||
LogtoJwtTokenKey,
|
||||
|
@ -25,6 +24,11 @@ import { exportJWK } from '#src/utils/jwks.js';
|
|||
|
||||
import type { AuthedRouter, RouterInitArgs } from './types.js';
|
||||
|
||||
enum LogtoJwtTokenPath {
|
||||
AccessToken = 'access-token',
|
||||
ClientCredentials = 'client-credentials',
|
||||
}
|
||||
|
||||
/**
|
||||
* Provide a simple API router key type and DB config key mapping
|
||||
*/
|
||||
|
@ -33,15 +37,15 @@ const getOidcConfigKeyDatabaseColumnName = (key: LogtoOidcConfigKeyType): LogtoO
|
|||
? LogtoOidcConfigKey.PrivateKeys
|
||||
: LogtoOidcConfigKey.CookieKeys;
|
||||
|
||||
const getLogtoJwtTokenKey = (key: LogtoJwtTokenKeyType): LogtoJwtTokenKey =>
|
||||
key === LogtoJwtTokenKeyType.AccessToken
|
||||
const getLogtoJwtTokenKey = (key: LogtoJwtTokenPath): LogtoJwtTokenKey =>
|
||||
key === LogtoJwtTokenPath.AccessToken
|
||||
? LogtoJwtTokenKey.AccessToken
|
||||
: LogtoJwtTokenKey.ClientCredentials;
|
||||
|
||||
const guardJwtCustomizerBody = (tokenType: LogtoJwtTokenKeyType, body: unknown) => {
|
||||
const guardJwtCustomizerBody = (tokenTypePath: LogtoJwtTokenPath, body: unknown) => {
|
||||
// Manually implement the request body type check, the flow aligns with the actual `koaGuard()`.
|
||||
// Use ternary operator to get the specific guard brings difficulties to type inference.
|
||||
if (tokenType === LogtoJwtTokenKeyType.AccessToken) {
|
||||
if (tokenTypePath === LogtoJwtTokenPath.AccessToken) {
|
||||
return parse('body', jwtCustomizerAccessTokenGuard, body);
|
||||
}
|
||||
|
||||
|
@ -208,15 +212,15 @@ export default function logtoConfigRoutes<T extends AuthedRouter>(
|
|||
);
|
||||
|
||||
router.put(
|
||||
'/configs/jwt-customizer/:tokenType',
|
||||
'/configs/jwt-customizer/:tokenTypePath',
|
||||
koaGuard({
|
||||
params: z.object({
|
||||
tokenType: z.nativeEnum(LogtoJwtTokenKeyType),
|
||||
tokenTypePath: z.nativeEnum(LogtoJwtTokenPath),
|
||||
}),
|
||||
/**
|
||||
* Use `z.unknown()` to guard the request body as a JSON object, since the actual guard depends
|
||||
* on the `tokenType` and we can not get the value of `tokenType` before parsing the request body,
|
||||
* we will do more specific guard as long as we can get the value of `tokenType`.
|
||||
* on the `tokenTypePath` and we can not get the value of `tokenTypePath` before parsing the request body,
|
||||
* we will do more specific guard as long as we can get the value of `tokenTypePath`.
|
||||
*
|
||||
* Should specify `body` in koaGuard, otherwise the request body is not accessible even via `ctx.request.body`.
|
||||
*/
|
||||
|
@ -226,11 +230,11 @@ export default function logtoConfigRoutes<T extends AuthedRouter>(
|
|||
}),
|
||||
async (ctx, next) => {
|
||||
const {
|
||||
params: { tokenType },
|
||||
params: { tokenTypePath },
|
||||
body: rawBody,
|
||||
} = ctx.guard;
|
||||
const key = getLogtoJwtTokenKey(tokenType);
|
||||
const body = guardJwtCustomizerBody(tokenType, rawBody);
|
||||
const key = getLogtoJwtTokenKey(tokenTypePath);
|
||||
const body = guardJwtCustomizerBody(tokenTypePath, rawBody);
|
||||
|
||||
const { rows } = await getRowsByKeys([key]);
|
||||
|
||||
|
|
|
@ -3,7 +3,6 @@ import {
|
|||
type AdminConsoleData,
|
||||
type OidcConfigKeysResponse,
|
||||
type LogtoOidcConfigKeyType,
|
||||
type LogtoJwtTokenKeyType,
|
||||
type JwtCustomizerAccessToken,
|
||||
type JwtCustomizerClientCredentials,
|
||||
} from '@logto/schemas';
|
||||
|
@ -34,7 +33,10 @@ export const rotateOidcKeys = async (
|
|||
.post(`configs/oidc/${keyType}/rotate`, { json: { signingKeyAlgorithm } })
|
||||
.json<OidcConfigKeysResponse[]>();
|
||||
|
||||
export const insertOrUpdateJwtCustomizer = async (keyType: LogtoJwtTokenKeyType, value: unknown) =>
|
||||
export const insertOrUpdateJwtCustomizer = async (
|
||||
keyTypePath: 'access-token' | 'client-credentials',
|
||||
value: unknown
|
||||
) =>
|
||||
authedAdminApi
|
||||
.put(`configs/jwt-customizer/${keyType}`, { json: value })
|
||||
.put(`configs/jwt-customizer/${keyTypePath}`, { json: value })
|
||||
.json<JwtCustomizerAccessToken | JwtCustomizerClientCredentials>();
|
||||
|
|
|
@ -2,7 +2,6 @@ import {
|
|||
SupportedSigningKeyAlgorithm,
|
||||
type AdminConsoleData,
|
||||
LogtoOidcConfigKeyType,
|
||||
LogtoJwtTokenKeyType,
|
||||
} from '@logto/schemas';
|
||||
|
||||
import {
|
||||
|
@ -143,7 +142,7 @@ describe('admin console sign-in experience', () => {
|
|||
};
|
||||
|
||||
const accessToken = await insertOrUpdateJwtCustomizer(
|
||||
LogtoJwtTokenKeyType.AccessToken,
|
||||
'access-token',
|
||||
accessTokenJwtCustomizerPayload
|
||||
);
|
||||
expect(accessToken).toMatchObject(accessTokenJwtCustomizerPayload);
|
||||
|
@ -152,13 +151,13 @@ describe('admin console sign-in experience', () => {
|
|||
script: 'new script',
|
||||
};
|
||||
const updatedAccessToken = await insertOrUpdateJwtCustomizer(
|
||||
LogtoJwtTokenKeyType.AccessToken,
|
||||
'access-token',
|
||||
newAccessTokenJwtCustomizerPayload
|
||||
);
|
||||
expect(updatedAccessToken).toMatchObject(newAccessTokenJwtCustomizerPayload);
|
||||
|
||||
const clientCredentials = await insertOrUpdateJwtCustomizer(
|
||||
LogtoJwtTokenKeyType.ClientCredentials,
|
||||
'client-credentials',
|
||||
clientCredentialsJwtCustomizerPayload
|
||||
);
|
||||
expect(clientCredentials).toMatchObject(clientCredentialsJwtCustomizerPayload);
|
||||
|
@ -167,7 +166,7 @@ describe('admin console sign-in experience', () => {
|
|||
script: 'new script client credentials',
|
||||
};
|
||||
const updatedClientCredentials = await insertOrUpdateJwtCustomizer(
|
||||
LogtoJwtTokenKeyType.ClientCredentials,
|
||||
'client-credentials',
|
||||
newClientCredentialsJwtCustomizerPayload
|
||||
);
|
||||
expect(updatedClientCredentials).toMatchObject(newClientCredentialsJwtCustomizerPayload);
|
||||
|
|
|
@ -51,14 +51,6 @@ export const logtoOidcConfigGuard: Readonly<{
|
|||
[LogtoOidcConfigKey.CookieKeys]: oidcConfigKeyGuard.array(),
|
||||
});
|
||||
|
||||
/**
|
||||
* Logto JWT customizer token types, used in REST API routes.
|
||||
*/
|
||||
export enum LogtoJwtTokenKeyType {
|
||||
AccessToken = 'access-token',
|
||||
ClientCredentials = 'client-credentials',
|
||||
}
|
||||
|
||||
export enum LogtoJwtTokenKey {
|
||||
AccessToken = 'jwt.accessToken',
|
||||
ClientCredentials = 'jwt.clientCredentials',
|
||||
|
|
Loading…
Reference in a new issue