From ac4e47274afc2ab3a55a78b388a14bed76600402 Mon Sep 17 00:00:00 2001 From: Stefanos Anagnostou Date: Fri, 30 Jun 2023 00:19:28 +0300 Subject: [PATCH] fix(backend): Make all 4 keys (legacy and new) optional in `authenticateRequest` (#1437) --- .changeset/shaggy-spiders-sit.md | 6 ++ packages/backend/src/index.ts | 2 - packages/backend/src/tokens/index.ts | 1 - .../backend/src/tokens/interstitialRule.ts | 14 ++--- packages/backend/src/tokens/request.ts | 63 ++++--------------- packages/sdk-node/src/authenticateRequest.ts | 2 +- packages/sdk-node/src/types.ts | 14 ++++- 7 files changed, 38 insertions(+), 64 deletions(-) create mode 100644 .changeset/shaggy-spiders-sit.md diff --git a/.changeset/shaggy-spiders-sit.md b/.changeset/shaggy-spiders-sit.md new file mode 100644 index 0000000000..65e9582230 --- /dev/null +++ b/.changeset/shaggy-spiders-sit.md @@ -0,0 +1,6 @@ +--- +'@clerk/clerk-sdk-node': patch +'@clerk/backend': patch +--- + +Make all 4 keys (legacy and new) optional in authenticateRequest params diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts index 80cbd52e21..5fa31d93a2 100644 --- a/packages/backend/src/index.ts +++ b/packages/backend/src/index.ts @@ -3,8 +3,6 @@ import { createBackendApiClient } from './api'; import type { CreateAuthenticateRequestOptions } from './tokens'; import { createAuthenticateRequest } from './tokens'; -export type { InstanceKeys } from './tokens'; - export * from './api/resources'; export * from './tokens'; export * from './tokens/jwt'; diff --git a/packages/backend/src/tokens/index.ts b/packages/backend/src/tokens/index.ts index 8cb82b2c64..ad3ff1ade4 100644 --- a/packages/backend/src/tokens/index.ts +++ b/packages/backend/src/tokens/index.ts @@ -8,4 +8,3 @@ export { OptionalVerifyTokenOptions, RequiredVerifyTokenOptions, } from './request'; -export type { InstanceKeys } from './request'; diff --git a/packages/backend/src/tokens/interstitialRule.ts b/packages/backend/src/tokens/interstitialRule.ts index b1177005a1..78832b0ddb 100644 --- a/packages/backend/src/tokens/interstitialRule.ts +++ b/packages/backend/src/tokens/interstitialRule.ts @@ -26,7 +26,7 @@ const isBrowser = (userAgent: string | undefined) => VALID_USER_AGENTS.test(user // automatically treated as signed out. This exception is needed for development, because the any // missing uat throws an interstitial in development. export const nonBrowserRequestInDevRule: InterstitialRule = options => { const { apiKey, secretKey, userAgent } = options; - const key = secretKey || apiKey; + const key = secretKey || apiKey || ''; if (isDevelopmentFromApiKey(key) && !isBrowser(userAgent)) { return signedOut(options, AuthErrorReason.HeaderMissingNonBrowser); } @@ -53,7 +53,7 @@ export const crossOriginRequestWithoutHeader: InterstitialRule = options => { export const isPrimaryInDevAndRedirectsToSatellite: InterstitialRule = options => { const { apiKey, secretKey, isSatellite, searchParams } = options; - const key = secretKey || apiKey; + const key = secretKey || apiKey || ''; const isDev = isDevelopmentFromApiKey(key); if (isDev && !isSatellite && shouldRedirectToSatelliteUrl(searchParams)) { @@ -64,7 +64,7 @@ export const isPrimaryInDevAndRedirectsToSatellite: InterstitialRule = options = export const potentialFirstLoadInDevWhenUATMissing: InterstitialRule = options => { const { apiKey, secretKey, clientUat } = options; - const key = secretKey || apiKey; + const key = secretKey || apiKey || ''; const res = isDevelopmentFromApiKey(key); if (res && !clientUat) { return interstitial(options, AuthErrorReason.CookieUATMissing); @@ -80,7 +80,7 @@ export const potentialRequestAfterSignInOrOutFromClerkHostedUiInDev: Interstitia const { apiKey, secretKey, referrer, host, forwardedHost, forwardedPort, forwardedProto } = options; const crossOriginReferrer = referrer && checkCrossOrigin({ originURL: new URL(referrer), host, forwardedHost, forwardedPort, forwardedProto }); - const key = secretKey || apiKey; + const key = secretKey || apiKey || ''; if (isDevelopmentFromApiKey(key) && crossOriginReferrer) { return interstitial(options, AuthErrorReason.CrossOriginReferrer); @@ -91,7 +91,7 @@ export const potentialRequestAfterSignInOrOutFromClerkHostedUiInDev: Interstitia export const satelliteInDevReturningFromPrimary: InterstitialRule = options => { const { apiKey, secretKey, isSatellite, searchParams } = options; - const key = secretKey || apiKey; + const key = secretKey || apiKey || ''; if (isSatellite && isReturningFromPrimary(searchParams) && isDevelopmentFromApiKey(key)) { return interstitial(options, AuthErrorReason.SatelliteReturnsFromPrimary); @@ -101,7 +101,7 @@ export const satelliteInDevReturningFromPrimary: InterstitialRule = options => { export const potentialFirstRequestOnProductionEnvironment: InterstitialRule = options => { const { apiKey, secretKey, clientUat, cookieToken } = options; - const key = secretKey || apiKey; + const key = secretKey || apiKey || ''; if (isProductionFromApiKey(key) && !clientUat && !cookieToken) { return signedOut(options, AuthErrorReason.CookieAndUATMissing); @@ -189,7 +189,7 @@ async function verifyRequestState(options: AuthenticateRequestOptions, token: st export const isSatelliteAndNeedsSyncing: InterstitialRule = options => { const { clientUat, isSatellite, searchParams, secretKey, apiKey, userAgent } = options; - const key = secretKey || apiKey; + const key = secretKey || apiKey || ''; const isDev = isDevelopmentFromApiKey(key); const isSignedOut = !clientUat || clientUat === '0'; diff --git a/packages/backend/src/tokens/request.ts b/packages/backend/src/tokens/request.ts index 25b979b6ad..4d86440da3 100644 --- a/packages/backend/src/tokens/request.ts +++ b/packages/backend/src/tokens/request.ts @@ -40,57 +40,18 @@ export type OptionalVerifyTokenOptions = Partial< > >; -type PublicKeys = - | { - publishableKey: string; - /** - * @deprecated Use `publishableKey` instead. - */ - frontendApi: never; - } - | { - publishableKey: never; - /** - * @deprecated Use `publishableKey` instead. - */ - frontendApi: string; - } - | { - publishableKey: string; - /** - * @deprecated Use `publishableKey` instead. - */ - frontendApi: string; - }; - -type SecretKeys = - | { - secretKey: string; - /** - * @deprecated Use `secretKey` instead. - */ - apiKey: never; - } - | { - secretKey: never; - /** - * @deprecated Use `secretKey` instead. - */ - apiKey: string; - } - | { - secretKey: string; - /** - * @deprecated Use `secretKey` instead. - */ - apiKey: string; - }; - -export type InstanceKeys = PublicKeys & SecretKeys; - -export type AuthenticateRequestOptions = InstanceKeys & - OptionalVerifyTokenOptions & +export type AuthenticateRequestOptions = OptionalVerifyTokenOptions & LoadResourcesOptions & { + publishableKey?: string; + secretKey?: string; + /** + * @deprecated Use `publishableKey` instead. + */ + frontendApi?: string; + /** + * @deprecated Use `secretKey` instead. + */ + apiKey?: string; apiVersion?: string; apiUrl?: string; /* Client token cookie value */ @@ -156,7 +117,7 @@ export async function authenticateRequest(options: AuthenticateRequestOptions): assertValidSecretKey(options.secretKey || options.apiKey); if (options.isSatellite) { - assertSignInUrlExists(options.signInUrl, options.secretKey || options.apiKey); + assertSignInUrlExists(options.signInUrl, (options.secretKey || options.apiKey) as string); assertProxyUrlOrDomain(options.proxyUrl || options.domain); } diff --git a/packages/sdk-node/src/authenticateRequest.ts b/packages/sdk-node/src/authenticateRequest.ts index d6c49697be..8ba47cd061 100644 --- a/packages/sdk-node/src/authenticateRequest.ts +++ b/packages/sdk-node/src/authenticateRequest.ts @@ -57,7 +57,7 @@ export const authenticateRequest = (opts: AuthenticateRequestParams) => { throw new Error(satelliteAndMissingProxyUrlAndDomain); } - if (isSatellite && !isHttpOrHttps(signInUrl) && isDevelopmentFromApiKey(secretKey || apiKey)) { + if (isSatellite && !isHttpOrHttps(signInUrl) && isDevelopmentFromApiKey(secretKey || apiKey || '')) { throw new Error(satelliteAndMissingSignInUrl); } diff --git a/packages/sdk-node/src/types.ts b/packages/sdk-node/src/types.ts index 3ef36b642e..4fdc1c27d0 100644 --- a/packages/sdk-node/src/types.ts +++ b/packages/sdk-node/src/types.ts @@ -1,4 +1,4 @@ -import type { AuthenticateRequestOptions, AuthObject, Clerk, InstanceKeys, SignedInAuthObject } from '@clerk/backend'; +import type { AuthenticateRequestOptions, AuthObject, Clerk, SignedInAuthObject } from '@clerk/backend'; import type { MultiDomainAndOrProxy } from '@clerk/types'; import type { NextFunction, Request, Response } from 'express'; import type { IncomingMessage } from 'http'; @@ -38,8 +38,18 @@ export type ClerkMiddlewareOptions = { export type ClerkClient = ReturnType; -export type AuthenticateRequestParams = InstanceKeys & { +export type AuthenticateRequestParams = { clerkClient: ClerkClient; + publishableKey?: string; + secretKey?: string; + /** + * @deprecated Use `publishableKey` instead. + */ + frontendApi?: string; + /** + * @deprecated Use `secretKey` instead. + */ + apiKey?: string; req: IncomingMessage; options?: ClerkMiddlewareOptions; };