npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@cfpreview/pages-plugins-cloudflare-access

v0.1.1

Published

# Cloudflare Access

Downloads

703

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

gregbrimblegregbrimble1000hz1000hzgeelengeelen

Keywords

Readme

Pages Plugins

Cloudflare Access

This plugin is a middleware to validate Cloudflare Access JWT assertions. It also includes an API to lookup additional information about a given user's JWT.

Installation

npm install --save @cfpreview/pages-plugins-cloudflare-access

Usage

// ./functions/_middleware.ts

import cloudflareAccessPlugin from "@cfpreview/pages-plugins-cloudflare-access";

export const onRequest: PagesFunction = cloudflareAccessPlugin({
  domain: "https://test.cloudflareaccess.com",
  aud: "4714c1358e65fe4b408ad6d432a5f878f08194bdb4752441fd56faefa9b2b6f2",
});

The plugin takes an object with two properties: the domain of your Cloudflare Access account, and the policy aud (audience) to validate against. Any requests which fail validation will be returned a 403.

Accessing the JWT payload

If you need to use the JWT payload in your application (e.g. you need the user's email address), this plugin will make this available for you at data.cloudflareAccess.JWT.payload.

For example:

// ./functions/greet.ts

import type { PluginData } from "@cfpreview/pages-plugins-cloudflare-access";

export const onRequest: PagesFunction<unknown, any, PluginData> = async ({
  data,
}) => {
  return new Response(
    `Hello, ${data.cloudflareAccess.JWT.payload.email || "service user"}!`
  );
};

The entire JWT payload will be made available on data.cloudflareAccess.JWT.payload. Be aware that the fields available differ between identity authorizations (e.g. a user in a browser) and non-identity authorizations (e.g. a service token).

Look up identity

In order to get more information about a given user's identity, you can use the provided getIdentity API function:

// ./functions/greet.ts

import { getIdentity } from "@cfpreview/pages-plugins-cloudflare-access/api";

export const onRequest: PagesFunction<unknown, any, PluginData> = async ({
  data,
}) => {
  const identity = await getIdentity({
    jwt: "eyJhbGciOiJIUzI1NiIsImtpZCI6IjkzMzhhYmUxYmFmMmZlNDkyZjY0NmE3MzZmMjVhZmJmN2IwMjVlMzVjNjI3YmU0ZjYwYzQxNGQ0YzczMDY5YjgiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOTdlMmFhZTEyMDEyMWY5MDJkZjhiYzk5ZmMzNDU5MTNhYjE4NmQxNzRmMzA3OWVhNzI5MjM2NzY2YjJlN2M0YSJdLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZXhwIjoxNTE5NDE4MjE0LCJpYXQiOjE1MTkzMzE4MTUsImlzcyI6Imh0dHBzOi8vdGVzdC5jbG91ZGZsYXJlYWNjZXNzLmNvbSIsIm5vbmNlIjoiMWQ4MDgzZjcwOGE0Nzk4MjI5NmYyZDk4OTZkNzBmMjA3YTI3OTM4ZjAyNjU0MGMzOTJiOTAzZTVmZGY0ZDZlOSIsInN1YiI6ImNhNjM5YmI5LTI2YWItNDJlNS1iOWJmLTNhZWEyN2IzMzFmZCJ9.05vGt-_0Mw6WEFJF3jpaqkNb88PUMplsjzlEUvCEfnQ",
    domain: "https://test.cloudflareaccess.com",
  });

  return new Response(`Hello, ${identity.name || "service user"}!`);
};

The getIdentity function takes an object with two properties: a jwt string, and a domain string. It returns a Promise of the object returned by the /cdn-cgi/accesss/get-identity endpoint. This is particularly useful if you want to use a user's group membership for something like application permissions.

For convience, this same information can be fetched for the current request's JWT with the data.cloudflareAccess.JWT.getIdentity function, (assuming you have already validated the request with the plugin as above):

// ./functions/greet.ts

import type { PluginData } from "@cfpreview/pages-plugins-cloudflare-access";

export const onRequest: PagesFunction<unknown, any, PluginData> = async ({
  data,
}) => {
  const identity = await data.cloudflareAccess.JWT.getIdentity();

  return new Response(`Hello, ${identity.name || "service user"}!`);
};

Login and logout URLs

If you want to force a login or logout, you can use these utility functions to generate URLs and redirect a user:

// ./functions/login.ts

import { generateLoginURL } from "@cfpreview/pages-plugins-cloudflare-access";

export const onRequest = () => {
  const loginURL = generateLoginURL({
    redirectURL: "https://example.com/greet",
    aud: "4714c1358e65fe4b408ad6d432a5f878f08194bdb4752441fd56faefa9b2b6f2",
  });

  return new Response(null, {
    status: 302,
    headers: { Location: loginURL },
  });
};
// ./functions/logout.ts

import { generateLogoutURL } from "@cfpreview/pages-plugins-cloudflare-access";

export const onRequest = () =>
  new Response(null, {
    status: 302,
    headers: { Location: generateLogoutURL() },
  });