Documentation

Source

lib/client/HttpClient.ts

  1. import { RequestTimeoutError, TechnicalError } from "../Errors";
  2. import { Dispatcher } from "../events/Dispatcher";
  3. import { Cookie } from "../Cookie";
  4. import { SessionStorage } from "../SessionStorage";
  5. import { CookieAttributes } from "js-cookie";
  6. import { HankoOptions } from "../../Hanko";
  8. export type SessionTokenLocation = "cookie" | "sessionStorage";
  10. /**
  11.  * This class wraps an XMLHttpRequest to maintain compatibility with the fetch API.
  12.  *
  13.  * @category SDK
  14.  * @subcategory Internal
  15.  * @param {XMLHttpRequest} xhr - The request to be wrapped.
  16.  * @see HttpClient
  17.  */
  18. class Headers {
  19.   _xhr: XMLHttpRequest;
  21.   // eslint-disable-next-line require-jsdoc
  22.   constructor(xhr: XMLHttpRequest) {
  23.     this._xhr = xhr;
  24.   }
  26.   /**
  27.    * Returns the response header with the given name.
  28.    *
  29.    * @param {string} name
  30.    * @return {string}
  31.    */
  32.   getResponseHeader(name: string) {
  33.     return this._xhr.getResponseHeader(name);
  34.   }
  35. }
  37. /**
  38.  * This class wraps an XMLHttpRequest to maintain compatibility with the fetch API.
  39.  *
  40.  * @category SDK
  41.  * @subcategory Internal
  42.  * @param {XMLHttpRequest} xhr - The request to be wrapped.
  43.  * @see HttpClient
  44.  */
  45. class Response {
  46.   headers: Headers;
  47.   ok: boolean;
  48.   status: number;
  49.   statusText: string;
  50.   url: string;
  51.   _decodedJSON: any;
  52.   xhr: XMLHttpRequest;
  54.   // eslint-disable-next-line require-jsdoc
  55.   constructor(xhr: XMLHttpRequest) {
  56.     /**
  57.      *  @public
  58.      *  @type {Headers}
  59.      */
  60.     this.headers = new Headers(xhr);
  61.     /**
  62.      *  @public
  63.      *  @type {boolean}
  64.      */
  65.     this.ok = xhr.status >= 200 && xhr.status <= 299;
  66.     /**
  67.      *  @public
  68.      *  @type {number}
  69.      */
  70.     this.status = xhr.status;
  71.     /**
  72.      *  @public
  73.      *  @type {string}
  74.      */
  75.     this.statusText = xhr.statusText;
  76.     /**
  77.      *  @public
  78.      *  @type {string}
  79.      */
  80.     this.url = xhr.responseURL;
  81.     /**
  82.      *  @private
  83.      *  @type {XMLHttpRequest}
  84.      */
  85.     this.xhr = xhr;
  86.   }
  88.   /**
  89.    * Returns the JSON decoded response.
  90.    *
  91.    * @return {any}
  92.    */
  93.   json() {
  94.     if (!this._decodedJSON) {
  95.       this._decodedJSON = JSON.parse(this.xhr.response);
  96.     }
  97.     return this._decodedJSON;
  98.   }
  100.   /**
  101.    * Returns the response header value with the given `name` as a number. When the value is not a number the return
  102.    * value will be 0.
  103.    *
  104.    * @param {string} name - The name of the header field
  105.    * @return {number}
  106.    */
  107.   parseNumericHeader(name: string): number {
  108.     const result = parseInt(this.headers.getResponseHeader(name), 10);
  109.     return isNaN(result) ? 0 : result;
  110.   }
  111. }
  113. /**
  114.  * Options for the HttpClient
  115.  *
  116.  * @category SDK
  117.  * @subcategory Internal
  118.  * @property {number=} timeout - The http request timeout in milliseconds.
  119.  * @property {string} cookieName - The name of the session cookie set from the SDK.
  120.  * @property {string=} cookieDomain - The domain where cookie set from the SDK is available. Defaults to the domain of the page where the cookie was created.
  121.  * @property {string?} lang - The language used by the client(s) to convey to the Hanko API the language to use -
  122.  *                           e.g. for translating outgoing emails - in a custom header (X-Language).
  123.  */
  124. export interface HttpClientOptions {
  125.   timeout?: number;
  126.   cookieName?: string;
  127.   cookieDomain?: string;
  128.   lang?: string;
  129.   sessionTokenLocation?: SessionTokenLocation;
  130. }
  132. /**
  133.  * Internally used for communication with the Hanko API. It also handles authorization tokens to enable authorized
  134.  * requests.
  135.  *
  136.  * Currently, there is an issue with Safari and on iOS 15 devices where decoding a JSON response via the fetch API
  137.  * breaks the user gesture and the user is not able to use the authenticator. Therefore, this class uses XMLHttpRequests
  138.  * instead of the fetch API, but maintains compatibility by wrapping the XMLHttpRequests. So, if the issues are fixed,
  139.  * we can easily return to the fetch API.
  140.  *
  141.  * @category SDK
  142.  * @subcategory Internal
  143.  * @param {string} api - The URL of your Hanko API instance
  144.  * @param {HttpClientOptions} options - The options the HttpClient must be provided
  145.  */
  146. class HttpClient {
  147.   timeout: number;
  148.   api: string;
  149.   dispatcher: Dispatcher;
  150.   cookie: Cookie;
  151.   sessionTokenStorage: SessionStorage;
  152.   lang: string;
  153.   sessionTokenLocation: SessionTokenLocation;
  155.   // eslint-disable-next-line require-jsdoc
  156.   constructor(api: string, options: HankoOptions) {
  157.     this.api = api;
  158.     this.timeout = options.timeout ?? 13000;
  159.     this.dispatcher = new Dispatcher();
  160.     this.cookie = new Cookie({ ...options });
  161.     this.sessionTokenStorage = new SessionStorage({
  162.       keyName: options.cookieName,
  163.     });
  164.     this.lang = options.lang;
  165.     this.sessionTokenLocation = options.sessionTokenLocation;
  166.   }
  168.   // eslint-disable-next-line require-jsdoc
  169.   _fetch(path: string, options: RequestInit, xhr = new XMLHttpRequest()) {
  170.     const self = this;
  171.     const url = this.api + path;
  172.     const timeout = this.timeout;
  173.     const bearerToken = this.getAuthToken();
  174.     const lang = this.lang;
  176.     return new Promise<Response>(function (resolve, reject) {
  177.       xhr.open(options.method, url, true);
  178.       xhr.setRequestHeader("Accept", "application/json");
  179.       xhr.setRequestHeader("Content-Type", "application/json");
  180.       xhr.setRequestHeader("X-Language", lang);
  182.       if (bearerToken) {
  183.         xhr.setRequestHeader("Authorization", `Bearer ${bearerToken}`);
  184.       }
  186.       xhr.timeout = timeout;
  187.       xhr.withCredentials = true;
  188.       xhr.onload = () => {
  189.         self.processHeaders(xhr);
  190.         resolve(new Response(xhr));
  191.       };
  193.       xhr.onerror = () => {
  194.         reject(new TechnicalError());
  195.       };
  197.       xhr.ontimeout = () => {
  198.         reject(new RequestTimeoutError());
  199.       };
  201.       xhr.send(options.body ? options.body.toString() : null);
  202.     });
  203.   }
  205.   /**
  206.    * Processes the response headers on login and extracts the JWT and expiration time.
  207.    *
  208.    * @param {XMLHttpRequest} xhr - The xhr object.
  209.    */
  210.   processHeaders(xhr: XMLHttpRequest) {
  211.     let jwt = "";
  212.     let expirationSeconds = 0;
  213.     let retention = "";
  215.     xhr
  216.       .getAllResponseHeaders()
  217.       .split("\r\n")
  218.       .forEach((h) => {
  219.         const header = h.toLowerCase();
  220.         if (header.startsWith("x-auth-token")) {
  221.           jwt = xhr.getResponseHeader("X-Auth-Token");
  222.         } else if (header.startsWith("x-session-lifetime")) {
  223.           expirationSeconds = parseInt(
  224.             xhr.getResponseHeader("X-Session-Lifetime"),
  225.             10,
  226.           );
  227.         } else if (header.startsWith("x-session-retention")) {
  228.           retention = xhr.getResponseHeader("X-Session-Retention");
  229.         }
  230.       });
  232.     if (jwt) {
  233.       const https = new RegExp("^https://");
  234.       const secure =
  235.         !!this.api.match(https) && !!window.location.href.match(https);
  237.       const expires =
  238.         retention === "session"
  239.           ? undefined
  240.           : new Date(new Date().getTime() + expirationSeconds * 1000);
  242.       this.setAuthToken(jwt, { secure, expires });
  243.     }
  244.   }
  246.   /**
  247.    * Performs a GET request.
  248.    *
  249.    * @param {string} path - The path to the requested resource.
  250.    * @return {Promise<Response>}
  251.    * @throws {RequestTimeoutError}
  252.    * @throws {TechnicalError}
  253.    */
  254.   get(path: string) {
  255.     return this._fetch(path, { method: "GET" });
  256.   }
  258.   /**
  259.    * Performs a POST request.
  260.    *
  261.    * @param {string} path - The path to the requested resource.
  262.    * @param {any=} body - The request body.
  263.    * @return {Promise<Response>}
  264.    * @throws {RequestTimeoutError}
  265.    * @throws {TechnicalError}
  266.    */
  267.   post(path: string, body?: any) {
  268.     return this._fetch(path, {
  269.       method: "POST",
  270.       body: JSON.stringify(body),
  271.     });
  272.   }
  274.   /**
  275.    * Performs a PUT request.
  276.    *
  277.    * @param {string} path - The path to the requested resource.
  278.    * @param {any=} body - The request body.
  279.    * @return {Promise<Response>}
  280.    * @throws {RequestTimeoutError}
  281.    * @throws {TechnicalError}
  282.    */
  283.   put(path: string, body?: any) {
  284.     return this._fetch(path, {
  285.       method: "PUT",
  286.       body: JSON.stringify(body),
  287.     });
  288.   }
  290.   /**
  291.    * Performs a PATCH request.
  292.    *
  293.    * @param {string} path - The path to the requested resource.
  294.    * @param {any=} body - The request body.
  295.    * @return {Promise<Response>}
  296.    * @throws {RequestTimeoutError}
  297.    * @throws {TechnicalError}
  298.    */
  299.   patch(path: string, body?: any) {
  300.     return this._fetch(path, {
  301.       method: "PATCH",
  302.       body: JSON.stringify(body),
  303.     });
  304.   }
  306.   /**
  307.    * Performs a DELETE request.
  308.    *
  309.    * @param {string} path - The path to the requested resource.
  310.    * @return {Promise<Response>}
  311.    * @throws {RequestTimeoutError}
  312.    * @throws {TechnicalError}
  313.    */
  314.   delete(path: string) {
  315.     return this._fetch(path, {
  316.       method: "DELETE",
  317.     });
  318.   }
  320.   /**
  321.    * Returns the session token either from the cookie or the sessionStorage.
  322.    * @private
  323.    * @return {string}
  324.    */
  325.   private getAuthToken(): string {
  326.     let token = "";
  327.     switch (this.sessionTokenLocation) {
  328.       case "cookie":
  329.         token = this.cookie.getAuthCookie();
  330.         break;
  331.       case "sessionStorage":
  332.         token = this.sessionTokenStorage.getSessionToken();
  333.         break;
  334.       default:
  335.         token = this.cookie.getAuthCookie();
  336.         break;
  337.     }
  338.     return token;
  339.   }
  341.   /**
  342.    * Stores the session token either in a cookie or in the sessionStorage depending on the configuration.
  343.    * @param {string} token - The session token to be stored.
  344.    * @param {CookieAttributes} options - Options for setting the auth cookie.
  345.    * @private
  346.    */
  347.   private setAuthToken(token: string, options: CookieAttributes) {
  348.     switch (this.sessionTokenLocation) {
  349.       case "cookie":
  350.         return this.cookie.setAuthCookie(token, options);
  351.       case "sessionStorage":
  352.         return this.sessionTokenStorage.setSessionToken(token);
  353.       default:
  354.         return this.cookie.setAuthCookie(token, options);
  355.     }
  356.   }
  357. }
  359. export { Headers, Response, HttpClient };