Typescript migration (#16)

* Project migration to TypeScript

---------

Co-authored-by: Julian Pollinger <julian@pollinger.dev>

Author: jkyberneees

.gitignore

@@ -1,3 +1,7 @@
+dist
+
+.idea
+
 # Logs
 logs
 *.log
@@ -64,4 +68,4 @@ src/
 
 *.pem
 
-local
+local

README.md

@@ -24,17 +24,31 @@ More about Keycloak: http://www.keycloak.org/
 ## Using the keycloak-backend module
 ### Configuration
 ```js
-const keycloak = require('keycloak-backend')({
+const Keycloak = require('keycloak-backend').Keycloak
+const keycloak = new Keycloak({
   "realm": "realm-name",
   "keycloak_base_url": "https://keycloak.example.org",
   "client_id": "super-secure-client",
   "username": "user@example.org",
   "password": "passw0rd",
   "is_legacy_endpoint": false
-});
+})
 ```
 > The `is_legacy_endpoint` configuration property should be TRUE for older Keycloak versions (under 18)
 
+For TypeScript:
+```ts
+import { Keycloak } from "keycloak-backend"
+const keycloak = new Keycloak({
+    "realm": "realm-name",
+    "keycloak_base_url": "https://keycloak.example.org",
+    "client_id": "super-secure-client",
+    "username": "user@example.org",
+    "password": "passw0rd",
+    "is_legacy_endpoint": false
+})
+```
+
 ### Generating access tokens
 ```js
 const accessToken = await keycloak.accessToken.get()
@@ -45,30 +59,33 @@ request.get('http://service.example.org/api/endpoint', {
   'auth': {
     'bearer': await keycloak.accessToken.get()
   }
-});
+})
 ```
 
 ### Validating access tokens
 #### Online validation
 This method requires online connection to the Keycloak service to validate the access token. It is highly secure since it also check for possible token invalidation. The disadvantage is that a request to the Keycloak service happens on every validation:
 ```js
-const token = await keycloak.jwt.verify(accessToken);
-//console.log(token.isExpired());
-//console.log(token.hasRealmRole('user'));
-//console.log(token.hasApplicationRole('app-client-name', 'some-role'));
+const token = await keycloak.jwt.verify(accessToken)
+//console.log(token.isExpired())
+//console.log(token.hasRealmRole('user'))
+//console.log(token.hasApplicationRole('app-client-name', 'some-role'))
 ```
 
 #### Offline validation
 This method perform offline JWT verification against the access token using the Keycloak Realm public key. Performance is higher compared to the online method, as a disadvantage no access token invalidation on Keycloak server is checked:
 ```js
-const cert = fs.readFileSync('public_cert.pem');
-const token = await keycloak.jwt.verifyOffline(accessToken, cert);
-//console.log(token.isExpired());
-//console.log(token.hasRealmRole('user'));
-//console.log(token.hasApplicationRole('app-client-name', 'some-role'));
+const cert = fs.readFileSync('public_cert.pem')
+const token = await keycloak.jwt.verifyOffline(accessToken, cert)
+//console.log(token.isExpired())
+//console.log(token.hasRealmRole('user'))
+//console.log(token.hasApplicationRole('app-client-name', 'some-role'))
 ```
 
 ## Breaking changes
+### v4
+- Codebase migrated from JavaScript to TypeScript. Many thanks to @neferin12
+
 ### v3
 - The `UserManager` class was dropped
 - The `auth-server-url` config property was changed to `keycloak_base_url`

example/all.js

@@ -1,7 +1,7 @@
 const config = require('../local/config-example')
-const keycloak = require('../libs/index')(config)
+const Keycloak = require('../dist').Keycloak
+const keycloak = new Keycloak(config)
 const fs = require('fs');
-
 (async () => {
   try {
     // current version of Keycloak requires the openid scope for accessing user info endpoint

example/refresh-token.js

@@ -1,5 +1,6 @@
 const config = require('../local/config-example')
-const keycloak = require('../libs/index')(config)
+const Keycloak = require('../dist').Keycloak
+const keycloak = new Keycloak(config)
 
 keycloak.accessToken.get().then(async (accessToken) => {
   // refresh operation is performed automatically on `keycloak.accessToken.get`

example/retrieve-decode-token.js

@@ -1,5 +1,6 @@
 const config = require('../local/config-example')
-const keycloak = require('../libs/index')(config)
+const Keycloak = require('../dist').Keycloak
+const keycloak = new Keycloak(config)
 
 keycloak.accessToken.get().then(async (accessToken) => {
   const token = keycloak.jwt.decode(accessToken)

example/user-info.js

@@ -1,5 +1,6 @@
 const config = require('../local/config-example')
-const keycloak = require('../libs/index')(config)
+const Keycloak = require('../dist').Keycloak
+const keycloak = new Keycloak(config)
 
 keycloak.accessToken.get('openid').then(async (accessToken) => {
   const info = await keycloak.accessToken.info(accessToken)

example/verify-offline.js

@@ -1,5 +1,6 @@
 const config = require('../local/config-example')
-const keycloak = require('../libs/index')(config)
+const Keycloak = require('../dist').Keycloak
+const keycloak = new Keycloak(config)
 const fs = require('fs')
 
 const cert = fs.readFileSync('./local/public_cert.pem')

example/verify-token.js

@@ -1,5 +1,6 @@
 const config = require('../local/config-example')
-const keycloak = require('../libs/index')(config)
+const Keycloak = require('../dist').Keycloak
+const keycloak = new Keycloak(config)
 
 keycloak.accessToken.get('openid').then(async (accessToken) => {
   const token = await keycloak.jwt.verify(accessToken)

libs/AccessToken.js

@@ -0,0 +1,91 @@
+import { stringify } from 'querystring'
+import { IInternalConfig } from './index'
+import { AxiosInstance } from 'axios'
+
+interface ICommonRequestOptions {
+  grant_type: string
+  client_id: string
+  client_secret?: string
+}
+
+interface IGetOptions extends ICommonRequestOptions {
+  username?: string
+  password?: string
+  scope?: string
+}
+
+interface IRefreshOptions extends ICommonRequestOptions {
+  refresh_token: string
+}
+
+export class AccessToken {
+  private data: any
+
+  constructor (private readonly config: IInternalConfig, private readonly client: AxiosInstance) {
+  }
+
+  async info (accessToken: string): Promise<any> {
+    const endpoint = `${this.config.prefix}/realms/${this.config.realm}/protocol/openid-connect/userinfo`
+    const response = await this.client.get(endpoint, {
+      headers: {
+        Authorization: 'Bearer ' + accessToken
+      }
+    })
+
+    return response.data
+  }
+
+  async refresh (refreshToken: string): Promise<any> {
+    const options: IRefreshOptions = {
+      grant_type: 'refresh_token',
+      client_id: this.config.client_id,
+      refresh_token: refreshToken
+    }
+    if (this.config.client_secret != null) {
+      options.client_secret = this.config.client_secret
+    }
+
+    const endpoint = `${this.config.prefix}/realms/${this.config.realm}/protocol/openid-connect/token`
+    return await this.client.post(endpoint, stringify({ ...options }))
+  }
+
+  async get (scope?: string): Promise<string> {
+    if (this.data == null) {
+      const options: IGetOptions = {
+        grant_type: 'password',
+        username: this.config.username,
+        password: this.config.password,
+        client_id: this.config.client_id
+      }
+      if (this.config.client_secret != null) {
+        options.client_secret = this.config.client_secret
+      }
+      if (scope != null) {
+        options.scope = scope
+      }
+
+      const endpoint = `${this.config.prefix}/realms/${this.config.realm}/protocol/openid-connect/token`
+      const response = await this.client.post(endpoint, stringify({ ...options }))
+      this.data = response.data
+
+      return this.data.access_token
+    } else {
+      try {
+        await this.info(this.data.access_token)
+
+        return this.data.access_token
+      } catch (err) {
+        try {
+          const response = await this.refresh(this.data.refresh_token)
+          this.data = response.data
+
+          return this.data.access_token
+        } catch (err) {
+          delete this.data
+
+          return await this.get(scope)
+        }
+      }
+    }
+  }
+}