diff --git a/server/api/private/hooks.ts b/server/api/private/hooks.ts index 3d511ae..9e8cd3a 100644 --- a/server/api/private/hooks.ts +++ b/server/api/private/hooks.ts @@ -1,26 +1,16 @@ -import assert from 'assert'; import type { UserEntity } from 'common/types/user'; import { userQuery } from 'domain/user/repository/userQuery'; -import type { JWT_PROP_NAME } from 'service/constants'; import { prismaClient } from 'service/prismaClient'; import type { IdTokenJwt } from 'service/types'; import { defineHooks } from './$relay'; -export type AdditionalRequest = { - [Key in typeof JWT_PROP_NAME]: IdTokenJwt; -} & { user: UserEntity }; +export type AdditionalRequest = { user: UserEntity }; export default defineHooks(() => ({ onRequest: async (req, res) => { - try { - await req.jwtVerify({ onlyCookie: true }); - } catch (e) { - res.status(401).send((e as Error).message); - return; - } - - assert(req.idToken); - - req.user = await userQuery.findById(prismaClient, req.idToken.sub); + req.user = await req + .jwtVerify({ onlyCookie: true }) + .then((idToken) => userQuery.findById(prismaClient, idToken.sub)) + .catch((e) => res.status(401).send((e as Error).message)); }, })); diff --git a/server/domain/userPool/useCase/userPoolUseCase.ts b/server/domain/userPool/useCase/userPoolUseCase.ts index 8ccef4f..199f5b6 100644 --- a/server/domain/userPool/useCase/userPoolUseCase.ts +++ b/server/domain/userPool/useCase/userPoolUseCase.ts @@ -7,14 +7,18 @@ import { userPoolQuery } from '../repository/userPoolQuery'; export const userPoolUseCase = { initDefaults: async (): Promise => { - const pool = userPoolMethod.create({ id: DEFAULT_USER_POOL_ID }); - const poolClient = userPoolMethod.createClient({ - id: DEFAULT_USER_POOL_CLIENT_ID, - userPoolId: DEFAULT_USER_POOL_ID, - }); + await userPoolQuery + .findById(prismaClient, DEFAULT_USER_POOL_ID) + .catch(() => userPoolCommand.save(userPoolMethod.create({ id: DEFAULT_USER_POOL_ID }))); - await userPoolCommand.save(pool); - await userPoolCommand.saveClient(poolClient); + await userPoolQuery.findClientById(prismaClient, DEFAULT_USER_POOL_CLIENT_ID).catch(() => + userPoolCommand.saveClient( + userPoolMethod.createClient({ + id: DEFAULT_USER_POOL_CLIENT_ID, + userPoolId: DEFAULT_USER_POOL_ID, + }), + ), + ); }, listUserPools: async ( req: ListUserPoolsTarget['reqBody'], diff --git a/server/service/app.ts b/server/service/app.ts index 324fe6d..b4ad47e 100644 --- a/server/service/app.ts +++ b/server/service/app.ts @@ -10,7 +10,7 @@ import Fastify from 'fastify'; import buildGetJwks from 'get-jwks'; import { join } from 'path'; import server from '../$server'; -import { COOKIE_NAME, JWT_PROP_NAME } from './constants'; +import { COOKIE_NAME } from './constants'; export const init = (): FastifyInstance => { const fastify = Fastify(); @@ -27,7 +27,6 @@ export const init = (): FastifyInstance => { }, ); fastify.register(fastifyJwt, { - decoratorName: JWT_PROP_NAME, cookie: { cookieName: COOKIE_NAME, signed: false }, decode: { complete: true }, secret: (_: FastifyRequest, token: TokenOrHeader) => { diff --git a/server/service/constants.ts b/server/service/constants.ts index 5241374..ea618d0 100644 --- a/server/service/constants.ts +++ b/server/service/constants.ts @@ -1,5 +1,3 @@ export const COOKIE_NAME = 'session'; -export const JWT_PROP_NAME = 'idToken'; - export const EXPIRES_SEC = 3600; diff --git a/server/service/privateKey.ts b/server/service/privateKey.ts index 1165874..1f40e5f 100644 --- a/server/service/privateKey.ts +++ b/server/service/privateKey.ts @@ -1,5 +1,5 @@ import type { Jwks } from 'common/types/userPool'; -import { createPublicKey, generateKeyPairSync } from 'crypto'; +import { createHash, createPublicKey, generateKeyPairSync } from 'crypto'; import { JWK } from 'node-jose'; export const genPrivatekey = (): string => { @@ -15,10 +15,10 @@ export const genPrivatekey = (): string => { export const genJwks = async (privateKey: string): Promise => { const keystore = JWK.createKeyStore(); const publicKey = createPublicKey(privateKey); - await keystore.add(publicKey.export({ type: 'spki', format: 'pem' }), 'pem', { - alg: 'RS256', - use: 'sig', - }); + const publicKeyPem = publicKey.export({ type: 'spki', format: 'pem' }); + const kid = createHash('sha256').update(publicKeyPem).digest('base64url'); + + await keystore.add(publicKeyPem, 'pem', { alg: 'RS256', use: 'sig', kid }); - return keystore.toJSON(true) as Jwks; + return keystore.toJSON() as Jwks; };