-
Notifications
You must be signed in to change notification settings - Fork 444
Expand file tree
/
Copy pathclerkMiddleware.ts
More file actions
97 lines (82 loc) · 3.61 KB
/
clerkMiddleware.ts
File metadata and controls
97 lines (82 loc) · 3.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import type { RequestState } from '@clerk/backend/internal';
import { AuthStatus, constants, createClerkRequest } from '@clerk/backend/internal';
import { handleNetlifyCacheInDevInstance } from '@clerk/shared/netlifyCacheHandler';
import type { PendingSessionOptions } from '@clerk/shared/types';
import type { AnyRequestMiddleware } from '@tanstack/react-start';
import { createMiddleware } from '@tanstack/react-start';
import { canUseKeyless } from '../utils/feature-flags';
import { clerkClient } from './clerkClient';
import { initCloudflareWorkerEnv } from './cloudflareEnv';
import { resolveKeysWithKeylessFallback } from './keyless/utils';
import { loadOptions } from './loadOptions';
import type { ClerkMiddlewareOptions, ClerkMiddlewareOptionsCallback } from './types';
import { getResponseClerkState, patchRequest } from './utils';
export const clerkMiddleware = (
options?: ClerkMiddlewareOptions | ClerkMiddlewareOptionsCallback,
): AnyRequestMiddleware => {
return createMiddleware().server(async ({ request, next }) => {
// Initialize Cloudflare Workers env if available (no-op on non-CF runtimes)
await initCloudflareWorkerEnv();
const clerkRequest = createClerkRequest(patchRequest(request));
// Resolve options: if function, call it with context object; otherwise use as-is
const resolvedOptions = typeof options === 'function' ? await options({ url: clerkRequest.clerkUrl }) : options;
// Load options with resolved keys
const loadedOptions = loadOptions(clerkRequest, {
...resolvedOptions,
publishableKey: resolvedOptions?.publishableKey,
secretKey: resolvedOptions?.secretKey,
});
// Get keys - either from options, env, or keyless mode
const {
publishableKey,
secretKey,
claimUrl: keylessClaimUrl,
apiKeysUrl: keylessApiKeysUrl,
} = await resolveKeysWithKeylessFallback(loadedOptions.publishableKey, loadedOptions.secretKey);
if (publishableKey) {
loadedOptions.publishableKey = publishableKey;
}
if (secretKey) {
loadedOptions.secretKey = secretKey;
}
const requestState = await clerkClient().authenticateRequest(clerkRequest, {
...loadedOptions,
acceptsToken: 'any',
});
const locationHeader = requestState.headers.get(constants.Headers.Location);
if (locationHeader) {
handleNetlifyCacheInDevInstance({
locationHeader,
requestStateHeaders: requestState.headers,
publishableKey: requestState.publishableKey,
});
// Trigger a handshake redirect
// eslint-disable-next-line @typescript-eslint/only-throw-error
throw new Response(null, { status: 307, headers: requestState.headers });
}
if (requestState.status === AuthStatus.Handshake) {
throw new Error('Clerk: handshake status without redirect');
}
const clerkInitialState = getResponseClerkState(requestState as RequestState, loadedOptions);
// Include keyless mode URLs if applicable
if (canUseKeyless && keylessClaimUrl) {
(clerkInitialState as Record<string, unknown>).__internal_clerk_state = {
...((clerkInitialState as Record<string, unknown>).__internal_clerk_state as Record<string, unknown>),
__keylessClaimUrl: keylessClaimUrl,
__keylessApiKeysUrl: keylessApiKeysUrl,
};
}
const result = await next({
context: {
clerkInitialState,
auth: (opts?: PendingSessionOptions) => requestState.toAuth(opts),
},
});
if (requestState.headers) {
requestState.headers.forEach((value, key) => {
result.response.headers.append(key, value);
});
}
return result;
});
};