sso-core/src/lib/server/oauth2/response.ts

import { redirect } from '@sveltejs/kit';
import { OAuth2Error } from './error';

interface ErrorResponseData {
	[x: string]: string | undefined;
	error: string;
	error_description: string;
	state?: string;
}

export interface OAuth2TokenResponse {
	id_token?: string;
	access_token?: string;
	refresh_token?: string;
	expires_in?: number;
	token_type?: string;
	state?: string;
}

export interface OAuth2IntrospectResponse {
	active: boolean;
	scope?: string;
	username?: string;
	client_id?: string;
	exp?: number;
}

export type OAuth2ResponseType = OAuth2TokenResponse | OAuth2IntrospectResponse;

export class OAuth2Response {
	static error(url: URL, err: OAuth2Error, redirectUri?: string) {
		if (!(err instanceof OAuth2Error)) {
			throw err;
		}

		OAuth2Response.doErrorRedirect(url, err, redirectUri);

		return OAuth2Response.createErrorResponse(err);
	}

	static errorPlain(url: URL, err: OAuth2Error, redirectUri?: string) {
		if (!(err instanceof OAuth2Error)) {
			throw err;
		}

		OAuth2Response.doErrorRedirect(url, err, redirectUri);

		return {
			error: err.code,
			error_description: err.message
		};
	}

	static response(
		url: URL,
		obj: OAuth2ResponseType,
		redirectUri?: string,
		fragment: boolean = false
	) {
		OAuth2Response.doResponseRedirect(url, obj, redirectUri, fragment);

		return OAuth2Response.createResponse(200, obj);
	}

	static responsePlain(
		url: URL,
		obj: OAuth2ResponseType,
		redirectUri?: string,
		fragment: boolean = false
	) {
		OAuth2Response.doResponseRedirect(url, obj, redirectUri, fragment);

		return obj;
	}

	private static createResponse(code: number, data: unknown) {
		const isJson = typeof data === 'object';
		const body = isJson ? JSON.stringify(data) : (data as string);
		return new Response(body, {
			status: code,
			headers: {
				'Content-Type': isJson ? 'application/json' : 'application/octet-stream'
			}
		});
	}

	private static createErrorResponse(err: OAuth2Error) {
		return OAuth2Response.createResponse(err.status, {
			error: err.code,
			error_description: err.message
		});
	}

	private static doResponseRedirect(
		url: URL,
		obj: OAuth2ResponseType,
		redirectUri?: string,
		fragment: boolean = false
	) {
		if (!redirectUri) return;
		const searchJoinChar = redirectUri.includes('?') ? '&' : '?';
		redirectUri += fragment ? '#' : searchJoinChar;

		if (url.searchParams.has('state')) {
			(obj as OAuth2TokenResponse).state = url.searchParams.get('state') as string;
		}

		redirectUri += new URLSearchParams(obj as Record<string, string>).toString();
		return redirect(302, redirectUri);
	}

	private static doErrorRedirect(url: URL, err: OAuth2Error, redirectUri?: string) {
		if (!redirectUri) return;
		const obj: ErrorResponseData = {
			error: err.code,
			error_description: err.message
		};

		if (url.searchParams.has('state')) {
			obj.state = url.searchParams.get('state') as string;
		}

		redirectUri += '?' + new URLSearchParams(obj as Record<string, string>).toString();

		return redirect(302, redirectUri);
	}
}
beginning authorize 2024-05-17 23:22:44 +03:00			`import { redirect } from '@sveltejs/kit';`
			`import { OAuth2Error } from './error';`

			`interface ErrorResponseData {`
			`[x: string]: string \| undefined;`
			`error: string;`
			`error_description: string;`
			`state?: string;`
			`}`

			`export interface OAuth2TokenResponse {`
			`id_token?: string;`
			`access_token?: string;`
			`refresh_token?: string;`
			`expires_in?: number;`
			`token_type?: string;`
			`state?: string;`
Cleanups 2024-06-07 17:24:27 +03:00			`}`

			`export interface OAuth2IntrospectResponse {`
			`active: boolean;`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 20:02:18 +03:00			`scope?: string;`
Cleanups 2024-06-07 17:24:27 +03:00			`username?: string;`
Actually mostly-compliant introspection endpoint, csrf and documentation 2024-06-06 20:02:18 +03:00			`client_id?: string;`
			`exp?: number;`
beginning authorize 2024-05-17 23:22:44 +03:00			`}`

Cleanups 2024-06-07 17:24:27 +03:00			`export type OAuth2ResponseType = OAuth2TokenResponse \| OAuth2IntrospectResponse;`
beginning authorize 2024-05-17 23:22:44 +03:00
Cleanups 2024-06-07 17:24:27 +03:00			`export class OAuth2Response {`
beginning authorize 2024-05-17 23:22:44 +03:00			`static error(url: URL, err: OAuth2Error, redirectUri?: string) {`
			`if (!(err instanceof OAuth2Error)) {`
			`throw err;`
			`}`

Cleanups 2024-06-07 17:24:27 +03:00			`OAuth2Response.doErrorRedirect(url, err, redirectUri);`
beginning authorize 2024-05-17 23:22:44 +03:00
oauth2 tokens 2024-05-18 12:22:05 +03:00			`return OAuth2Response.createErrorResponse(err);`
beginning authorize 2024-05-17 23:22:44 +03:00			`}`

			`static errorPlain(url: URL, err: OAuth2Error, redirectUri?: string) {`
			`if (!(err instanceof OAuth2Error)) {`
			`throw err;`
			`}`

Cleanups 2024-06-07 17:24:27 +03:00			`OAuth2Response.doErrorRedirect(url, err, redirectUri);`
beginning authorize 2024-05-17 23:22:44 +03:00
			`return {`
			`error: err.code,`
			`error_description: err.message`
			`};`
			`}`

			`static response(`
			`url: URL,`
Cleanups 2024-06-07 17:24:27 +03:00			`obj: OAuth2ResponseType,`
beginning authorize 2024-05-17 23:22:44 +03:00			`redirectUri?: string,`
			`fragment: boolean = false`
			`) {`
Cleanups 2024-06-07 17:24:27 +03:00			`OAuth2Response.doResponseRedirect(url, obj, redirectUri, fragment);`
beginning authorize 2024-05-17 23:22:44 +03:00
			`return OAuth2Response.createResponse(200, obj);`
			`}`

			`static responsePlain(`
			`url: URL,`
Cleanups 2024-06-07 17:24:27 +03:00			`obj: OAuth2ResponseType,`
beginning authorize 2024-05-17 23:22:44 +03:00			`redirectUri?: string,`
			`fragment: boolean = false`
			`) {`
Cleanups 2024-06-07 17:24:27 +03:00			`OAuth2Response.doResponseRedirect(url, obj, redirectUri, fragment);`
beginning authorize 2024-05-17 23:22:44 +03:00
Cleanups 2024-06-07 17:24:27 +03:00			`return obj;`
			`}`

			`private static createResponse(code: number, data: unknown) {`
			`const isJson = typeof data === 'object';`
			`const body = isJson ? JSON.stringify(data) : (data as string);`
			`return new Response(body, {`
			`status: code,`
			`headers: {`
			`'Content-Type': isJson ? 'application/json' : 'application/octet-stream'`
beginning authorize 2024-05-17 23:22:44 +03:00			`}`
Cleanups 2024-06-07 17:24:27 +03:00			`});`
			`}`

			`private static createErrorResponse(err: OAuth2Error) {`
			`return OAuth2Response.createResponse(err.status, {`
			`error: err.code,`
			`error_description: err.message`
			`});`
			`}`
beginning authorize 2024-05-17 23:22:44 +03:00
Cleanups 2024-06-07 17:24:27 +03:00			`private static doResponseRedirect(`
			`url: URL,`
			`obj: OAuth2ResponseType,`
			`redirectUri?: string,`
			`fragment: boolean = false`
			`) {`
			`if (!redirectUri) return;`
			`const searchJoinChar = redirectUri.includes('?') ? '&' : '?';`
			`redirectUri += fragment ? '#' : searchJoinChar;`

			`if (url.searchParams.has('state')) {`
			`(obj as OAuth2TokenResponse).state = url.searchParams.get('state') as string;`
beginning authorize 2024-05-17 23:22:44 +03:00			`}`

Cleanups 2024-06-07 17:24:27 +03:00			`redirectUri += new URLSearchParams(obj as Record<string, string>).toString();`
			`return redirect(302, redirectUri);`
			`}`

			`private static doErrorRedirect(url: URL, err: OAuth2Error, redirectUri?: string) {`
			`if (!redirectUri) return;`
			`const obj: ErrorResponseData = {`
			`error: err.code,`
			`error_description: err.message`
			`};`

			`if (url.searchParams.has('state')) {`
			`obj.state = url.searchParams.get('state') as string;`
			`}`

			`redirectUri += '?' + new URLSearchParams(obj as Record<string, string>).toString();`

			`return redirect(302, redirectUri);`
beginning authorize 2024-05-17 23:22:44 +03:00			`}`
			`}`