/** * ------------------------------------------------------------------------------------------- * Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. * See License in the project root for license information. * ------------------------------------------------------------------------------------------- */ import { trace } from "@opentelemetry/api"; import { getObservabilityOptionsFromRequest } from "../observabilityOptions.js"; import { getRequestHeader, setRequestHeader } from "../utils/headersUtil.js"; export class AuthorizationHandler { constructor(authenticationProvider) { this.authenticationProvider = authenticationProvider; this.getClaimsFromResponse = (response, claims) => { if (response.status === 401 && !claims) { // avoid infinite loop, we only retry once // no need to check for the content since it's an array and it doesn't need to be rewound const rawAuthenticateHeader = response.headers.get("WWW-Authenticate"); if (rawAuthenticateHeader && /^Bearer /gi.test(rawAuthenticateHeader)) { const rawParameters = rawAuthenticateHeader.replace(/^Bearer /gi, "").split(","); for (const rawParameter of rawParameters) { const trimmedParameter = rawParameter.trim(); if (/claims="[^"]+"/gi.test(trimmedParameter)) { return trimmedParameter.replace(/claims="([^"]+)"/gi, "$1"); } } } } return undefined; }; if (!authenticationProvider) { throw new Error("authenticationProvider cannot be undefined"); } } execute(url, requestInit, requestOptions) { const obsOptions = getObservabilityOptionsFromRequest(requestOptions); if (obsOptions) { return trace.getTracer(obsOptions.getTracerInstrumentationName()).startActiveSpan("authorizationHandler - execute", (span) => { try { span.setAttribute("com.microsoft.kiota.handler.authorization.enable", true); return this.executeInternal(url, requestInit, requestOptions, span); } finally { span.end(); } }); } return this.executeInternal(url, requestInit, requestOptions, undefined); } async executeInternal(url, fetchRequestInit, requestOptions, span) { var _a, _b; if (this.authorizationIsPresent(fetchRequestInit)) { span === null || span === void 0 ? void 0 : span.setAttribute("com.microsoft.kiota.handler.authorization.token_present", true); return await this.next.execute(url, fetchRequestInit, requestOptions); } const token = await this.authenticateRequest(url); setRequestHeader(fetchRequestInit, AuthorizationHandler.AUTHORIZATION_HEADER, `Bearer ${token}`); const response = await ((_a = this.next) === null || _a === void 0 ? void 0 : _a.execute(url, fetchRequestInit, requestOptions)); if (!response) { throw new Error("Response is undefined"); } if (response.status !== 401) { return response; } const claims = this.getClaimsFromResponse(response); if (!claims) { return response; } span === null || span === void 0 ? void 0 : span.addEvent("com.microsoft.kiota.handler.authorization.challenge_received"); const claimsToken = await this.authenticateRequest(url, claims); setRequestHeader(fetchRequestInit, AuthorizationHandler.AUTHORIZATION_HEADER, `Bearer ${claimsToken}`); span === null || span === void 0 ? void 0 : span.setAttribute("http.request.resend_count", 1); const retryResponse = await ((_b = this.next) === null || _b === void 0 ? void 0 : _b.execute(url, fetchRequestInit, requestOptions)); if (!retryResponse) { throw new Error("Response is undefined"); } return retryResponse; } authorizationIsPresent(request) { if (!request) { return false; } const authorizationHeader = getRequestHeader(request, AuthorizationHandler.AUTHORIZATION_HEADER); return authorizationHeader !== undefined && authorizationHeader !== null; } async authenticateRequest(url, claims) { const additionalAuthenticationContext = {}; if (claims) { additionalAuthenticationContext.claims = claims; } return await this.authenticationProvider.accessTokenProvider.getAuthorizationToken(url, additionalAuthenticationContext); } } /** * A member holding the name of content range header */ AuthorizationHandler.AUTHORIZATION_HEADER = "Authorization"; //# sourceMappingURL=authorizationHandler.js.map