-
Notifications
You must be signed in to change notification settings - Fork 187
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Add Cloudflare Access middleware (#880)
- Loading branch information
Showing
11 changed files
with
588 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
'@hono/cloudflare-access': minor | ||
--- | ||
|
||
Initial release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
name: ci-cloudflare-access | ||
on: | ||
push: | ||
branches: [main] | ||
paths: | ||
- 'packages/cloudflare-access/**' | ||
pull_request: | ||
branches: ['*'] | ||
paths: | ||
- 'packages/cloudflare-access/**' | ||
|
||
jobs: | ||
ci: | ||
runs-on: ubuntu-latest | ||
defaults: | ||
run: | ||
working-directory: ./packages/cloudflare-access | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-node@v4 | ||
with: | ||
node-version: 20.x | ||
- run: yarn install --frozen-lockfile | ||
- run: yarn build | ||
- run: yarn test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
# Cloudflare Access middleware for Hono | ||
|
||
This is a [Cloudflare Access](https://www.cloudflare.com/zero-trust/products/access/) third-party middleware | ||
for [Hono](https://github.com/honojs/hono). | ||
|
||
This middleware can be used to validate that your application is being served behind Cloudflare Access by verifying the | ||
JWT received, User details from the JWT are also available inside the request context. | ||
|
||
This middleware will also ensure the Access policy serving the application is from a | ||
specific [Access Team](https://developers.cloudflare.com/cloudflare-one/faq/getting-started-faq/#whats-a-team-domainteam-name). | ||
|
||
## Usage | ||
|
||
```ts | ||
import { cloudflareAccess } from '@hono/cloudflare-access' | ||
import { Hono } from 'hono' | ||
|
||
const app = new Hono() | ||
|
||
app.use('*', cloudflareAccess('my-access-team-name')) | ||
app.get('/', (c) => c.text('foo')) | ||
|
||
export default app | ||
``` | ||
|
||
## Access JWT payload | ||
|
||
```ts | ||
import { cloudflareAccess, CloudflareAccessVariables } from '@hono/cloudflare-access' | ||
import { Hono } from 'hono' | ||
|
||
type myVariables = { | ||
user: number | ||
} | ||
|
||
const app = new Hono<{ Variables: myVariables & CloudflareAccessVariables }>() | ||
|
||
app.use('*', cloudflareAccess('my-access-team-name')) | ||
app.get('/', (c) => { | ||
const payload = c.get('accessPayload') | ||
|
||
return c.text(`You just authenticated with the email ${payload.email}`) | ||
}) | ||
|
||
export default app | ||
``` | ||
|
||
|
||
## Errors throw by the middleware | ||
|
||
| Error | HTTP Code | | ||
|--------------------------------------------------------------------------------------------------------|-----------| | ||
| Authentication error: Missing bearer token | 401 | | ||
| Authentication error: Unable to decode Bearer token | 401 | | ||
| Authentication error: Token is expired | 401 | | ||
| Authentication error: Expected team name {your-team-name}, but received ${different-team-signed-token} | 401 | | ||
| Authentication error: Invalid Token | 401 | | ||
|
||
## Author | ||
|
||
Gabriel Massadas <https://github.com/g4brym> | ||
|
||
## License | ||
|
||
MIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
{ | ||
"name": "@hono/cloudflare-access", | ||
"version": "0.0.0", | ||
"description": "A third-party Cloudflare Access auth middleware for Hono", | ||
"type": "module", | ||
"module": "dist/index.js", | ||
"types": "dist/index.d.ts", | ||
"files": [ | ||
"dist" | ||
], | ||
"scripts": { | ||
"test": "vitest --run", | ||
"build": "tsup ./src/index.ts --format esm,cjs --dts", | ||
"publint": "publint", | ||
"release": "yarn build && yarn test && yarn publint && yarn publish" | ||
}, | ||
"exports": { | ||
".": { | ||
"import": { | ||
"types": "./dist/index.d.ts", | ||
"default": "./dist/index.js" | ||
}, | ||
"require": { | ||
"types": "./dist/index.d.cts", | ||
"default": "./dist/index.cjs" | ||
} | ||
} | ||
}, | ||
"license": "MIT", | ||
"publishConfig": { | ||
"registry": "https://registry.npmjs.org", | ||
"access": "public" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com/honojs/middleware.git" | ||
}, | ||
"homepage": "https://github.com/honojs/middleware", | ||
"peerDependencies": { | ||
"hono": "*" | ||
}, | ||
"devDependencies": { | ||
"hono": "^4.4.12", | ||
"tsup": "^8.1.0", | ||
"vitest": "^1.6.0" | ||
} | ||
} |
Oops, something went wrong.