Add eslint

Author: poad

.eslintrc

@@ -0,0 +1,47 @@
+{
+  "root": true,
+  "env": {
+    "browser": true,
+    "node": true,
+    "es2021": true
+  },
+  "parserOptions": {
+    "ecmaVersion": "latest",
+    "sourceType": "module"
+  },
+  "extends": [
+    "airbnb-base",
+    "plugin:import/typescript"
+  ],
+  "parser": "@typescript-eslint/parser",
+  "plugins": [
+    "@typescript-eslint"
+  ],
+  "rules": {
+    "@typescript-eslint/indent": [
+      "error",
+      2
+    ],
+    "spaced-comment": [
+      "error",
+      "always",
+      { "markers": ["/ <reference"] }
+    ],
+    "import/no-extraneous-dependencies": ["off", {
+      "devDependencies": true,
+      "optionalDependencies": false
+    }],
+    "max-len": ["error", {"code": 200}],
+    "@next/next/no-img-element": ["off"],
+    "prefer-promise-reject-errors": ["off"],
+    "react/jsx-filename-extension": ["off"],
+    "react/prop-types": ["off"],
+    "import/extensions": ["off"],
+    "jsx-a11y/anchor-is-valid": ["off"],
+    "no-return-assign": ["off"],
+    "react/display-name": ["off"],
+    "import/prefer-default-export": ["off"],
+    "camelcase": ["off"],
+    "no-unused-vars": ["off"]
+  }
+}

cdk.json

@@ -1,5 +1,5 @@
 {
-  "app": "rm -rf *.pem && yarn run -p create-keypair --bits 4096 jwtRS256 && npx ts-node --prefer-ts-exts bin/github-cognito-oidc-proxy.ts",
+  "app": "test -e jwtRS256.private.pem || yarn run -p create-keypair --bits 4096 jwtRS256 && npx ts-node --prefer-ts-exts bin/github-cognito-oidc-proxy.ts",
   "watch": {
     "include": [
       "**"

lambda/authorize/index.ts

@@ -1,12 +1,30 @@
-import { Handler, APIGatewayProxyEventV2, APIGatewayProxyResultV2 } from 'aws-lambda';
-
-export const handler: Handler<APIGatewayProxyEventV2, APIGatewayProxyResultV2> = async (event, _context, _callback) => {
-  const { client_id, scope, state, response_type } = event.queryStringParameters || {};
-  const redirectUri = `https://github.com?client_id=${client_id}&scope=${encodeURIComponent(scope!)}&state=${state}&response_type=${response_type}`;
-
-  return {
-    cookies: [],
-    statusCode: 200,
-    headers: { Location: redirectUri },
-  };
-}
+import {
+  Handler,
+  APIGatewayProxyEventV2,
+  APIGatewayProxyResultV2,
+} from 'aws-lambda';
+import { Logger } from '@aws-lambda-powertools/logger';
+
+const logger = new Logger();
+
+export const handler: Handler<
+APIGatewayProxyEventV2,
+APIGatewayProxyResultV2 | void
+> = async (event, _context, callback) => {
+  const host = event.headers.Host!;
+  const {
+    client_id, scope, state, response_type, redirect_uri,
+  } = event.queryStringParameters || {};
+  const redirectUri = `https://github.com/login/oauth/authorize?client_id=${client_id}&scope=${encodeURIComponent(
+    scope!,
+  )}${state ? `&state=${state}` : ''}&response_type=${response_type}${redirect_uri ? `&redirect_uri=${encodeURIComponent(redirect_uri)}` : ''}`;
+
+  logger.info(`Redirect to ${redirectUri}`);
+
+  callback(null, {
+    statusCode: 302,
+    headers: {
+      Location: redirectUri,
+    },
+  });
+};

lambda/jwks/index.ts

@@ -1,16 +1,23 @@
-import { Handler, APIGatewayProxyEventV2, APIGatewayProxyResultV2 } from 'aws-lambda';
+import {
+  Handler,
+  APIGatewayProxyEventV2,
+  APIGatewayProxyResultV2,
+} from 'aws-lambda';
 import { pem2jwk } from 'pem-jwk';
 import * as fs from 'fs';
 
-export const handler: Handler<APIGatewayProxyEventV2, APIGatewayProxyResultV2> = async (event, _context, _callback) => {
+export const handler: Handler<
+APIGatewayProxyEventV2,
+APIGatewayProxyResultV2 | void
+> = async (_event, _context, callback) => {
   const pem = fs.readFileSync('/var/task/jwtRS256.private.pem', 'ascii');
   const jwk = pem2jwk(pem, {
     alg: 'RS256',
     kid: 'jwtRS256',
   });
-  return {
-    cookies: [],
+
+  callback(null, {
     statusCode: 200,
     body: JSON.stringify(jwk),
-  };
-}
+  });
+};

lambda/openid-configuration/index.ts

@@ -0,0 +1,59 @@
+import {
+  Handler,
+  APIGatewayProxyEventV2,
+  APIGatewayProxyResultV2,
+} from 'aws-lambda';
+import { Logger } from '@aws-lambda-powertools/logger';
+
+const logger = new Logger();
+
+export const handler: Handler<
+APIGatewayProxyEventV2,
+APIGatewayProxyResultV2 | void
+> = async (event, _context, callback) => {
+  const host = event.headers.Host!;
+  const body = JSON.stringify({
+    issuer: `https://${host}`,
+    authorization_endpoint: `https://${host}/authorize`,
+    token_endpoint: `https://${host}/token`,
+    token_endpoint_auth_methods_supported: [
+      'client_secret_basic',
+      'private_key_jwt',
+    ],
+    token_endpoint_auth_signing_alg_values_supported: ['RS256'],
+    userinfo_endpoint: `https://${host}/userinfo`,
+    jwks_uri: `https://${host}/.well-known/jwks.json`,
+    scopes_supported: ['openid', 'read:user', 'user:email'],
+    response_types_supported: [
+      'code',
+      'code id_token',
+      'id_token',
+      'token id_token',
+    ],
+    subject_types_supported: ['public'],
+    userinfo_signing_alg_values_supported: ['none'],
+    id_token_signing_alg_values_supported: ['RS256'],
+    request_object_signing_alg_values_supported: ['none'],
+    display_values_supported: ['page', 'popup'],
+    claims_supported: [
+      'sub',
+      'name',
+      'preferred_username',
+      'profile',
+      'picture',
+      'website',
+      'email',
+      'email_verified',
+      'updated_at',
+      'iss',
+      'aud',
+    ],
+  });
+
+  logger.info(`Response ${body}`);
+
+  callback(null, {
+    statusCode: 200,
+    body,
+  });
+};

lambda/token/index.ts

@@ -1,14 +1,23 @@
-import { Handler, APIGatewayProxyEventV2, APIGatewayProxyResultV2 } from 'aws-lambda';
+import {
+  Handler,
+  APIGatewayProxyEventV2,
+  APIGatewayProxyResultV2,
+} from 'aws-lambda';
 import fetch from 'cross-fetch';
-import { left, right, isRight } from 'fp-ts/Either'
-
+import { left, right, isRight } from 'fp-ts/Either';
 
 const eventToRequest = (source: string) => {
   const bodyString = Buffer.from(source, 'base64').toString('ascii');
   const body = new URLSearchParams(bodyString);
-  const paramNames =[ 'grant_type', 'redirect_uri', 'client_id', 'client_secret', 'code' ];
+  const paramNames = [
+    'grant_type',
+    'redirect_uri',
+    'client_id',
+    'client_secret',
+    'code',
+  ];
 
-  const invalidParams = paramNames.filter(name => !body.has(name));
+  const invalidParams = paramNames.filter((name) => !body.has(name));
   if (invalidParams.length > 0) {
     return right(() => `token request body ${invalidParams}`);
   }
@@ -21,35 +30,37 @@ const eventToRequest = (source: string) => {
     code: body.get('code')!,
     state: body.get('state') ?? undefined,
   }));
-}
+};
 
-export const handler: Handler<APIGatewayProxyEventV2, APIGatewayProxyResultV2> = async (event, _context, _callback) => {
+export const handler: Handler<
+APIGatewayProxyEventV2,
+APIGatewayProxyResultV2 | void
+> = async (event, _context, callback) => {
   if (!event.body) {
-    return {
-      cookies: [],
+    callback(null, {
       statusCode: 400,
-    };
+    });
+    return;
   }
   const result = eventToRequest(event.body);
   if (isRight(result)) {
-    return {
-      cookies: [],
+    callback(null, {
       statusCode: 400,
       body: result.right(),
-    };
+    });
+    return;
   }
   const body = JSON.stringify(result.left());
   const response = await fetch('https://github.com/login/oauth/access_token', {
     method: 'POST',
     headers: {
       'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8',
-      'Accept': 'application/json'
+      Accept: 'application/json',
     },
-    body
+    body,
   });
-  return {
-    cookies: [],
+  callback(null, {
     statusCode: 200,
     body: JSON.stringify(await response.json()),
-  };
-}
+  });
+};