(req: Request)
| 51 | const idTokenClients = new Map<string, IdTokenClient>(); |
| 52 | |
| 53 | export async function getIdToken(req: Request) { |
| 54 | try { |
| 55 | const idToken = req.headers.get("authorization")?.replace(/^Bearer /i, ""); |
| 56 | let result: DecodedIdToken | null = null; |
| 57 | |
| 58 | if (idToken) { |
| 59 | const certificatesPromise = fetchCertificates(); |
| 60 | const audience = env.GOOGLE_CLOUD_PROJECT; |
| 61 | let idTokenClient = idTokenClients.get(audience); |
| 62 | |
| 63 | if (!idTokenClient) { |
| 64 | idTokenClient = await auth.getIdTokenClient(audience); |
| 65 | idTokenClients.set(audience, idTokenClient); |
| 66 | } |
| 67 | |
| 68 | const ticket = await idTokenClient.verifySignedJwtWithCertsAsync( |
| 69 | idToken, |
| 70 | await certificatesPromise, |
| 71 | audience, |
| 72 | [`https://securetoken.google.com/${env.GOOGLE_CLOUD_PROJECT}`], |
| 73 | ); |
| 74 | |
| 75 | const token = ticket.getPayload(); |
| 76 | |
| 77 | if (token) { |
| 78 | if ("user_id" in token) delete token.user_id; |
| 79 | Object.assign(token, { uid: token.sub }); |
| 80 | result = token as DecodedIdToken; |
| 81 | } |
| 82 | } |
| 83 | |
| 84 | return result; |
| 85 | } catch (err) { |
| 86 | console.log(err); |
| 87 | return null; |
| 88 | } |
| 89 | } |
| 90 | |
| 91 | // #region Types |
| 92 |
no test coverage detected