Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-06 20:40:08 -05:00
Code Issues Activity

chore: fix

Browse source
This commit is contained in:
Darcy Ye 2024-03-22 12:35:23 +08:00
parent 8ea166ad2d
commit ea796c15a5
No known key found for this signature in database
GPG key ID: B46F4C07EDEFC610
3 changed files with 51 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
packages/core/src/oidc/init.ts
View file

@ -210,13 +210,14 @@ export default function initOidc(
},
extraParams: [OIDCExtraParametersKey.InteractionMode],
extraTokenClaims: async (ctx, token) => {
try {
const { isDevFeaturesEnabled, isCloud } = EnvSet.values;
// No cloud connection for OSS version, skip.
if (!isDevFeaturesEnabled || !isCloud) {
return;
}
const { isDevFeaturesEnabled, isCloud } = EnvSet.values;
// No cloud connection for OSS version, skip.
if (!isDevFeaturesEnabled || !isCloud) {
return;
}
try {
const isTokenClientCredentials = token instanceof ctx.oidc.provider.ClientCredentials;
const { script, envVars } =

3
packages/core/src/routes/logto-config.openapi.json
View file

@ -147,6 +147,9 @@
},
"400": {
"description": "The request body is invalid."
},
"403": {
"description": "Permission denied."
}
}
},

77
packages/core/src/routes/logto-config.ts
View file

@ -211,44 +211,49 @@ export default function logtoConfigRoutes<T extends AuthedRouter>(
}
);
if (tenantId !== adminTenantId) {
router.put(
'/configs/jwt-customizer/:tokenTypePath',
koaGuard({
params: z.object({
tokenTypePath: z.nativeEnum(LogtoJwtTokenPath),
}),
/**
* Use `z.unknown()` to guard the request body as a JSON object, since the actual guard depends
* on the `tokenTypePath` and we can not get the value of `tokenTypePath` before parsing the request body,
* we will do more specific guard as long as we can get the value of `tokenTypePath`.
*
* Should specify `body` in koaGuard, otherwise the request body is not accessible even via `ctx.request.body`.
*/
body: z.unknown(),
response: accessTokenJwtCustomizerGuard.or(clientCredentialsJwtCustomizerGuard),
status: [200, 201, 400],
router.put(
'/configs/jwt-customizer/:tokenTypePath',
koaGuard({
params: z.object({
tokenTypePath: z.nativeEnum(LogtoJwtTokenPath),
}),
async (ctx, next) => {
const {
params: { tokenTypePath },
body: rawBody,
} = ctx.guard;
const { key, body } = getJwtTokenKeyAndBody(tokenTypePath, rawBody);
const { rows } = await getRowsByKeys([key]);
const jwtCustomizer = await upsertJwtCustomizer(key, body);
if (rows.length === 0) {
ctx.status = 201;
}
ctx.body = jwtCustomizer.value;
return next();
/**
* Use `z.unknown()` to guard the request body as a JSON object, since the actual guard depends
* on the `tokenTypePath` and we can not get the value of `tokenTypePath` before parsing the request body,
* we will do more specific guard as long as we can get the value of `tokenTypePath`.
*
* Should specify `body` in koaGuard, otherwise the request body is not accessible even via `ctx.request.body`.
*/
body: z.unknown(),
response: accessTokenJwtCustomizerGuard.or(clientCredentialsJwtCustomizerGuard),
status: [200, 201, 400, 403],
}),
async (ctx, next) => {
if (
tenantId !== adminTenantId &&
!(EnvSet.values.isUnitTest || EnvSet.values.isIntegrationTest)
) {
throw new RequestError({ code: 'auth.forbidden', status: 403 });
}
);
}
const {
params: { tokenTypePath },
body: rawBody,
} = ctx.guard;
const { key, body } = getJwtTokenKeyAndBody(tokenTypePath, rawBody);
const { rows } = await getRowsByKeys([key]);
const jwtCustomizer = await upsertJwtCustomizer(key, body);
if (rows.length === 0) {
ctx.status = 201;
}
ctx.body = jwtCustomizer.value;
return next();
}
);
router.get(
'/configs/jwt-customizer/:tokenTypePath',