updating needed files to move to GHA

auth0-extensions · Nov 13, 2024 · ba5ea76 · ba5ea76
1 parent f9b3531
commit ba5ea76
Show file tree

Hide file tree

Showing 8 changed files with 480 additions and 1,367 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
diff --git a/build/bundle.js b/build/bundle.js
diff --git a/package.json b/package.json
@@ -4,7 +4,7 @@
   "description": "Auth0 Account Link Extension",
   "main": "index.js",
   "engines": {
-    "node": ">=6.9"
+    "node": ">=18"
   },
   "scripts": {
     "start": "node ./index.js",
@@ -14,21 +14,20 @@
     "lint:fix": "eslint --fix .",
     "serve:dev": "gulp run",
     "client:build": "minify --clean --output dist/assets/link.$npm_package_version.min.css public/css/link.css && minify --clean --output dist/assets/admin.$npm_package_version.min.css public/css/admin.css",
-    "extension:build": "a0-ext build:server ./webtask.js ./dist && cp ./dist/auth0-account-link-extension.extension.$npm_package_version.js ./build/bundle.js",
+    "extension:build": "NODE_OPTIONS=--openssl-legacy-provider a0-ext build:server ./webtask.js ./dist && cp ./dist/auth0-account-link-extension.extension.$npm_package_version.js ./build/bundle.js",
     "build": "yarn run client:build && yarn run extension:build"
   },
   "author": "Auth0",
   "license": "MIT",
   "auth0-extension": {
-    "nodeTarget": "4.2.0",
     "bundleModules": true,
     "externals": [
       "[email protected]",
-      "auth0-extension-tools@1.4.0",
+      "auth0-extension-tools@1.5.2",
       "[email protected]",
       "[email protected]",
       "[email protected]",
-      "boom@3.2.2",
+      "@hapi/boom@10.0.1",
       "[email protected]",
       "[email protected]",
       "[email protected]",
@@ -37,11 +36,10 @@
       "[email protected]",
       "[email protected]",
       "[email protected]",
-      "hapi-auth-jwt2@7.0.1",
-      "@auth0/hapi@13.5.1",
+      "hapi-auth-jwt2@10.5.1",
+      "@hapi/hapi@21.3.3",
       "[email protected]",
       "[email protected]",
-      "[email protected]",
       "[email protected]",
       "[email protected]",
       "[email protected]",
@@ -69,38 +67,31 @@
     ]
   },
   "dependencies": {
-    "@auth0/hapi": "13.5.1",
+    "@hapi/boom": "10.0.1",
+    "@hapi/hapi": "21.3.3",
+    "@hapi/inert": "7.1.0",
     "auth0": "^2.8.0",
     "auth0-extension-hapi-tools": "1.3.1",
-    "auth0-extension-tools": "1.4.0",
-    "boom": "3.2.2",
-    "hapi-auth-jwt2": "7.0.1",
-    "inert": "4.0.1",
+    "auth0-extension-tools": "1.5.2",
+    "hapi-auth-jwt2": "10.5.1",
     "joi": "9.0.4",
     "jsonwebtoken": "^8.1.0",
     "jwks-rsa": "1.1.1",
     "lodash": "^3.10.1",
     "nconf": "^0.8.4",
     "open": "^0.0.5",
     "request": "^2.81.0",
-    "webtask-tools": "^3.2.0",
+    "webtask-tools": "^3.3.0",
     "winston": "1.0.0"
   },
   "devDependencies": {
     "auth0-extensions-cli": "^4.0.4",
     "chai": "^4.1.0",
-    "eslint": "^4.3.0",
-    "eslint-config-auth0": "^11.0.0",
-    "eslint-config-auth0-base": "^13.0.0",
-    "eslint-plugin-import": "^2.7.0",
-    "eslint-plugin-jsx-a11y": "^6.0.2",
-    "eslint-plugin-react": "^7.1.0",
     "gulp": "^3.9.1",
     "gulp-nodemon": "^2.2.1",
     "gulp-util": "^3.0.8",
     "minifier": "^0.8.1",
     "mocha": "^3.5.0",
-    "ngrok": "^2.2.15",
     "nodemon": "^1.11.0",
     "nyc": "^11.1.0",
     "puppeteer": "^0.11.0"

diff --git a/server/auth.js b/server/auth.js
@@ -1,15 +1,14 @@
 /* eslint-disable no-param-reassign */
 
-const Boom = require('boom');
+const Boom = require('@hapi/boom');
 const jwksRsa = require('jwks-rsa');
 const jwt = require('jsonwebtoken');
 const tools = require('auth0-extension-hapi-tools');
-
 const config = require('../lib/config');
 
 const scopes = [{ value: 'openid' }, { value: 'profile' }];
 
-module.exports.register = (server, options, next) => {
+const register = async (server, options) => {
   const jwtOptions = {
     dashboardAdmin: {
       key: config('EXTENSION_SECRET'),
@@ -35,74 +34,64 @@ module.exports.register = (server, options, next) => {
   };
 
   server.auth.strategy('jwt', 'jwt', {
-    // Get the complete decoded token, because we need info from the header (the kid)
     complete: true,
-
-    verifyFunc: (decoded, req, callback) => {
+    verify: async (decoded, req, h) => {
       if (!decoded) {
-        return callback(null, false);
+        throw Boom.unauthorized('Invalid token', 'Token');
       }
 
       const header = req.headers.authorization;
-      if (header && header.indexOf('Bearer ') === 0) {
+      if (header && header.startsWith('Bearer ')) {
         const token = header.split(' ')[1];
-        if (
-          decoded &&
-          decoded.payload &&
-          decoded.payload.iss === `https://${config('AUTH0_DOMAIN')}/`
-        ) {
-          return jwtOptions.resourceServer.key(decoded, (keyErr, key) => {
-            if (keyErr) {
-              return callback(Boom.wrap(keyErr), null, null);
+
+        if (decoded.payload.iss === `https://${config('AUTH0_DOMAIN')}/`) {
+          try {
+            const key = await jwtOptions.resourceServer.key(decoded);
+            jwt.verify(token, key, jwtOptions.resourceServer.verifyOptions);
+
+            if (decoded.payload.gty && decoded.payload.gty !== 'client-credentials') {
+              throw Boom.unauthorized('Invalid token', 'Token');
+            }
+
+            if (!decoded.payload.sub.endsWith('@clients')) {
+              throw Boom.unauthorized('Invalid token', 'Token');
             }
 
-            return jwt.verify(token, key, jwtOptions.resourceServer.verifyOptions, (err) => {
-              if (err) {
-                return callback(Boom.unauthorized('Invalid token', 'Token'), null, null);
-              }
-
-              if (decoded.payload.gty && decoded.payload.gty !== 'client-credentials') {
-                return callback(Boom.unauthorized('Invalid token', 'Token'), null, null);
-              }
-
-              if (!decoded.payload.sub.endsWith('@clients')) {
-                return callback(Boom.unauthorized('Invalid token', 'Token'), null, null);
-              }
-
-              if (decoded.payload.scope && typeof decoded.payload.scope === 'string') {
-                decoded.payload.scope = decoded.payload.scope.split(' '); // eslint-disable-line no-param-reassign
-              }
-
-              return callback(null, true, decoded.payload);
-            });
-          });
-        } else if (decoded && decoded.payload && decoded.payload.iss === config('PUBLIC_WT_URL')) {
-          return jwt.verify(
-            token,
-            jwtOptions.dashboardAdmin.key,
-            jwtOptions.dashboardAdmin.verifyOptions,
-            (err) => {
-              if (err) {
-                return callback(Boom.unauthorized('Invalid token', 'Token'), null, null);
-              }
-
-              if (!decoded.payload.access_token || !decoded.payload.access_token.length) {
-                return callback(Boom.unauthorized('Invalid token', 'Token'), null, null);
-              }
-
-              decoded.payload.scope = scopes.map(scope => scope.value);
-              return callback(null, true, decoded.payload);
+            if (decoded.payload.scope && typeof decoded.payload.scope === 'string') {
+              decoded.payload.scope = decoded.payload.scope.split(' '); // eslint-disable-line no-param-reassign
+            }
+
+            return { isValid: true, credentials: decoded.payload };
+          } catch (err) {
+            throw Boom.unauthorized('Invalid token', 'Token');
+          }
+        } else if (decoded.payload.iss === config('PUBLIC_WT_URL')) {
+          try {
+            jwt.verify(token, jwtOptions.dashboardAdmin.key, jwtOptions.dashboardAdmin.verifyOptions);
+
+            if (!decoded.payload.access_token || !decoded.payload.access_token.length) {
+              throw Boom.unauthorized('Invalid token', 'Token');
             }
-          );
+
+            decoded.payload.scope = scopes.map(scope => scope.value);
+            return { isValid: true, credentials: decoded.payload };
+          } catch (err) {
+            throw Boom.unauthorized('Invalid token', 'Token');
+          }
         }
       }
 
-      return callback(null, false);
+      return { isValid: false };
     }
   });
+
   server.auth.default('jwt');
+
   const session = {
-    register: tools.plugins.dashboardAdminSession,
+    plugin: {
+      name: 'auth0-account-link',
+      ...tools.plugins.dashboardAdminSession,
+    },
     options: {
       stateKey: 'account-linking-admin-state',
       sessionStorageKey: 'com.auth0.account_linking.admin_ui.session_token',
@@ -113,25 +102,20 @@ module.exports.register = (server, options, next) => {
       audience: 'urn:api-account-linking',
       secret: config('EXTENSION_SECRET'),
       clientName: 'auth0-account-link',
-      onLoginSuccess: (decoded, req, callback) => {
+      onLoginSuccess: async (decoded, req, h) => {
         if (decoded) {
           decoded.scope = scopes.map(scope => scope.value); // eslint-disable-line no-param-reassign
-          return callback(null, true, decoded);
+          return { isValid: true, credentials: decoded };
         }
-
-        return callback(null, false);
+        return { isValid: false };
       }
     }
   };
-  server.register(session, (err) => {
-    if (err) {
-      next(err);
-    }
 
-    next();
-  });
+  await server.register(session);
 };
 
-module.exports.register.attributes = {
-  name: 'auth'
+module.exports = { 
+  name: 'auth',
+  register
 };