Skip to content

Commit

Permalink
Handle Access organization does not exist and Access not available cases
Browse files Browse the repository at this point in the history
  • Loading branch information
G4brym committed Dec 20, 2024
1 parent cd6c667 commit 085813d
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 7 deletions.
5 changes: 5 additions & 0 deletions .changeset/heavy-bugs-perform.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@hono/cloudflare-access': minor
---

Handle Access organization does not exist and Access not available cases
57 changes: 50 additions & 7 deletions packages/cloudflare-access/src/index.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -116,21 +116,30 @@ describe('Cloudflare Access middleware', async () => {
const keyPair2 = await generateJWTKeyPair();
const keyPair3 = await generateJWTKeyPair();

vi.stubGlobal('fetch', async () => {
return Response.json({
keys: [
publicKeyToJWK(keyPair1.publicKey),
publicKeyToJWK(keyPair2.publicKey),
],
beforeEach(() => {
vi.clearAllMocks();
vi.stubGlobal('fetch', async () => {
return Response.json({
keys: [
publicKeyToJWK(keyPair1.publicKey),
publicKeyToJWK(keyPair2.publicKey),
],
})
})
})
});

const app = new Hono()

app.use('/*', cloudflareAccess('my-cool-team-name'))
app.get('/hello-behind-access', (c) => c.text('foo'))
app.get('/access-payload', (c) => c.json(c.get('accessPayload')))

app.onError((err, c) => {
return c.json({
err: err.toString(),
}, 500)
})

it('Should be throw Missing bearer token when nothing is sent', async () => {
const res = await app.request('http://localhost/hello-behind-access')
expect(res).not.toBeNull()
Expand Down Expand Up @@ -248,4 +257,38 @@ describe('Cloudflare Access middleware', async () => {
"exp":expect.any(Number)
})
})

it('Should throw an error, if the access organization does not exist', async () => {
vi.stubGlobal('fetch', async () => {
return Response.json({success: false}, {status: 404})
})

const res = await app.request('http://localhost/hello-behind-access', {
headers: {
'cf-access-jwt-assertion': 'asdads'
}
})
expect(res).not.toBeNull()
expect(res.status).toBe(500)
expect(await res.json()).toEqual({
"err":"Error: @hono/cloudflare-access: The Access Organization 'my-cool-team-name' does not exist!"
})
})

it('Should throw an error, if the access certs url is unavailable', async () => {
vi.stubGlobal('fetch', async () => {
return Response.json({success: false}, {status: 500})
})

const res = await app.request('http://localhost/hello-behind-access', {
headers: {
'cf-access-jwt-assertion': 'asdads'
}
})
expect(res).not.toBeNull()
expect(res.status).toBe(500)
expect(await res.json()).toEqual({
"err":"Error: @hono/cloudflare-access: Received unexpected HTTP code 500 from Cloudflare Access!"
})
})
})
8 changes: 8 additions & 0 deletions packages/cloudflare-access/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,14 @@ async function getPublicKeys(accessTeamName: string) {
},
})

if (!result.ok) {
if (result.status === 404) {
throw new Error(`@hono/cloudflare-access: The Access Organization '${accessTeamName}' does not exist!`)
}

throw new Error(`@hono/cloudflare-access: Received unexpected HTTP code ${result.status} from Cloudflare Access!`)
}

const data: any = await result.json()

// Because we keep CryptoKey's in memory between requests, we need to make sure they are refreshed once in a while
Expand Down

0 comments on commit 085813d

Please sign in to comment.