fix(adapter-nextjs): wrong naming and impl. of isSSLOrigin

packages/adapter-nextjs/__tests__/auth/handlers/handleSignInSignUpRequest.test.ts

@@ -13,7 +13,7 @@ import {
 	createSignInFlowProofCookies,
 	createSignUpEndpoint,
 	createUrlSearchParamsForSignInSignUp,
-	isNonSSLOrigin,
+	isSSLOrigin,
 } from '../../../src/auth/utils';
 
 jest.mock('../../../src/auth/utils');
@@ -31,7 +31,7 @@ const mockCreateSignUpEndpoint = jest.mocked(createSignUpEndpoint);
 const mockCreateUrlSearchParamsForSignInSignUp = jest.mocked(
 	createUrlSearchParamsForSignInSignUp,
 );
-const mockIsNonSSLOrigin = jest.mocked(isNonSSLOrigin);
+const mockIsSSLOrigin = jest.mocked(isSSLOrigin);
 
 describe('handleSignInSignUpRequest', () => {
 	const mockCustomState = 'mockCustomState';
@@ -44,7 +44,7 @@ describe('handleSignInSignUpRequest', () => {
 	const mockToCodeChallenge = jest.fn(() => 'mockCodeChallenge');
 
 	beforeAll(() => {
-		mockIsNonSSLOrigin.mockReturnValue(true);
+		mockIsSSLOrigin.mockReturnValue(true);
 	});
 
 	afterEach(() => {
@@ -56,7 +56,7 @@ describe('handleSignInSignUpRequest', () => {
 		mockCreateSignUpEndpoint.mockClear();
 		mockCreateUrlSearchParamsForSignInSignUp.mockClear();
 		mockToCodeChallenge.mockClear();
-		mockIsNonSSLOrigin.mockClear();
+		mockIsSSLOrigin.mockClear();
 	});
 
 	test.each(['signIn' as const, 'signUp' as const])(
@@ -164,7 +164,7 @@ describe('handleSignInSignUpRequest', () => {
 				mockCreateSignInFlowProofCookiesResult,
 				mockCreateAuthFlowProofCookiesSetOptionsResult,
 			);
-			expect(isNonSSLOrigin).toHaveBeenCalledWith(mockOrigin);
+			expect(isSSLOrigin).toHaveBeenCalledWith(mockOrigin);
 		},
 	);
 });

packages/adapter-nextjs/__tests__/auth/handlers/handleSignInSignUpRequestForPagesRouter.test.ts

@@ -14,7 +14,7 @@ import {
 	createSignInFlowProofCookies,
 	createSignUpEndpoint,
 	createUrlSearchParamsForSignInSignUp,
-	isNonSSLOrigin,
+	isSSLOrigin,
 } from '../../../src/auth/utils';
 import { createMockNextApiResponse } from '../testUtils';
 
@@ -35,7 +35,7 @@ const mockCreateSignUpEndpoint = jest.mocked(createSignUpEndpoint);
 const mockCreateUrlSearchParamsForSignInSignUp = jest.mocked(
 	createUrlSearchParamsForSignInSignUp,
 );
-const mockIsNonSSLOrigin = jest.mocked(isNonSSLOrigin);
+const mockIsSSLOrigin = jest.mocked(isSSLOrigin);
 
 describe('handleSignInSignUpRequest', () => {
 	const mockCustomState = 'mockCustomState';
@@ -57,7 +57,7 @@ describe('handleSignInSignUpRequest', () => {
 	} = createMockNextApiResponse();
 
 	beforeAll(() => {
-		mockIsNonSSLOrigin.mockReturnValue(true);
+		mockIsSSLOrigin.mockReturnValue(true);
 	});
 
 	afterEach(() => {
@@ -69,7 +69,7 @@ describe('handleSignInSignUpRequest', () => {
 		mockCreateSignUpEndpoint.mockClear();
 		mockCreateUrlSearchParamsForSignInSignUp.mockClear();
 		mockToCodeChallenge.mockClear();
-		mockIsNonSSLOrigin.mockClear();
+		mockIsSSLOrigin.mockClear();
 
 		mockResponseAppendHeader.mockClear();
 		mockResponseEnd.mockClear();
@@ -189,7 +189,7 @@ describe('handleSignInSignUpRequest', () => {
 				mockCreateSignInFlowProofCookiesResult,
 				mockCreateAuthFlowProofCookiesSetOptionsResult,
 			);
-			expect(isNonSSLOrigin).toHaveBeenCalledWith(mockOrigin);
+			expect(isSSLOrigin).toHaveBeenCalledWith(mockOrigin);
 		},
 	);
 });

packages/adapter-nextjs/__tests__/auth/handlers/handleSignOutRequest.test.ts

@@ -9,7 +9,7 @@ import {
 	createAuthFlowProofCookiesSetOptions,
 	createLogoutEndpoint,
 	createSignOutFlowProofCookies,
-	isNonSSLOrigin,
+	isSSLOrigin,
 	resolveRedirectSignOutUrl,
 } from '../../../src/auth/utils';
 
@@ -24,11 +24,11 @@ const mockCreateSignOutFlowProofCookies = jest.mocked(
 	createSignOutFlowProofCookies,
 );
 const mockResolveRedirectSignOutUrl = jest.mocked(resolveRedirectSignOutUrl);
-const mockIsNonSSLOrigin = jest.mocked(isNonSSLOrigin);
+const mockIsSSLOrigin = jest.mocked(isSSLOrigin);
 
 describe('handleSignOutRequest', () => {
 	beforeAll(() => {
-		mockIsNonSSLOrigin.mockReturnValue(true);
+		mockIsSSLOrigin.mockReturnValue(true);
 	});
 
 	afterEach(() => {
@@ -37,7 +37,7 @@ describe('handleSignOutRequest', () => {
 		mockCreateLogoutEndpoint.mockClear();
 		mockCreateSignOutFlowProofCookies.mockClear();
 		mockResolveRedirectSignOutUrl.mockClear();
-		mockIsNonSSLOrigin.mockClear();
+		mockIsSSLOrigin.mockClear();
 	});
 
 	it('returns a 302 response with the correct headers and cookies', async () => {
@@ -100,7 +100,7 @@ describe('handleSignOutRequest', () => {
 			expect.any(URLSearchParams),
 		);
 		expect(mockCreateSignOutFlowProofCookies).toHaveBeenCalled();
-		expect(mockIsNonSSLOrigin).toHaveBeenCalledWith(mockOrigin);
+		expect(mockIsSSLOrigin).toHaveBeenCalledWith(mockOrigin);
 		expect(mockCreateAuthFlowProofCookiesSetOptions).toHaveBeenCalledWith(
 			mockSetCookieOptions,
 			{

packages/adapter-nextjs/__tests__/auth/handlers/handleSignOutRequestForPagesRouter.test.ts

@@ -9,7 +9,7 @@ import {
 	createAuthFlowProofCookiesSetOptions,
 	createLogoutEndpoint,
 	createSignOutFlowProofCookies,
-	isNonSSLOrigin,
+	isSSLOrigin,
 	resolveRedirectSignOutUrl,
 } from '../../../src/auth/utils';
 import { createMockNextApiResponse } from '../testUtils';
@@ -27,7 +27,7 @@ const mockCreateSignOutFlowProofCookies = jest.mocked(
 	createSignOutFlowProofCookies,
 );
 const mockResolveRedirectSignOutUrl = jest.mocked(resolveRedirectSignOutUrl);
-const mockIsNonSSLOrigin = jest.mocked(isNonSSLOrigin);
+const mockIsSSLOrigin = jest.mocked(isSSLOrigin);
 
 describe('handleSignOutRequest', () => {
 	const {
@@ -40,7 +40,7 @@ describe('handleSignOutRequest', () => {
 	} = createMockNextApiResponse();
 
 	beforeAll(() => {
-		mockIsNonSSLOrigin.mockReturnValue(true);
+		mockIsSSLOrigin.mockReturnValue(true);
 	});
 
 	afterEach(() => {
@@ -123,7 +123,7 @@ describe('handleSignOutRequest', () => {
 			expect.any(URLSearchParams),
 		);
 		expect(mockCreateSignOutFlowProofCookies).toHaveBeenCalled();
-		expect(mockIsNonSSLOrigin).toHaveBeenCalledWith(mockOrigin);
+		expect(mockIsSSLOrigin).toHaveBeenCalledWith(mockOrigin);
 		expect(mockCreateAuthFlowProofCookiesSetOptions).toHaveBeenCalledWith(
 			mockSetCookieOptions,
 			{

packages/adapter-nextjs/__tests__/auth/utils/isValidOrigin.test.ts

@@ -1,7 +1,4 @@
-import {
-	isNonSSLOrigin,
-	isValidOrigin,
-} from '../../../src/auth/utils/isValidOrigin';
+import { isSSLOrigin, isValidOrigin } from '../../../src/auth/utils/origin';
 
 describe('isValidOrigin', () => {
 	test.each([
@@ -52,10 +49,11 @@ describe('isValidOrigin', () => {
 
 describe('isNonSSLLocalhostOrigin', () => {
 	test.each([
-		['http://localhost', true],
-		['http://localhost:3000', true],
-		['https://some-app.com', false],
+		['https://some-app.com', true],
+		['http://localhost', false],
+		['http://localhost:3000', false],
+		['https:// some-app.com', false],
 	])('check origin is non-SSL localhost %s as %s', (origin, expected) => {
-		expect(isNonSSLOrigin(origin)).toBe(expected);
+		expect(isSSLOrigin(origin)).toBe(expected);
 	});
 });

packages/adapter-nextjs/src/auth/handlers/handleSignInSignUpRequest.ts

@@ -9,7 +9,7 @@ import {
 	createSignInFlowProofCookies,
 	createSignUpEndpoint,
 	createUrlSearchParamsForSignInSignUp,
-	isNonSSLOrigin,
+	isSSLOrigin,
 } from '../utils';
 
 import { HandleSignInSignUpRequest } from './types';
@@ -45,7 +45,7 @@ export const handleSignInSignUpRequest: HandleSignInSignUpRequest = ({
 		headers,
 		createSignInFlowProofCookies({ state, pkce: codeVerifier.value }),
 		createAuthFlowProofCookiesSetOptions(setCookieOptions, {
-			secure: isNonSSLOrigin(origin),
+			secure: isSSLOrigin(origin),
 		}),
 	);
 

packages/adapter-nextjs/src/auth/handlers/handleSignInSignUpRequestForPagesRouter.ts

@@ -9,7 +9,7 @@ import {
 	createSignInFlowProofCookies,
 	createSignUpEndpoint,
 	createUrlSearchParamsForSignInSignUp,
-	isNonSSLOrigin,
+	isSSLOrigin,
 } from '../utils';
 
 import { HandleSignInSignUpRequestForPagesRouter } from './types';
@@ -39,7 +39,7 @@ export const handleSignInSignUpRequestForPagesRouter: HandleSignInSignUpRequestF
 			response,
 			createSignInFlowProofCookies({ state, pkce: codeVerifier.value }),
 			createAuthFlowProofCookiesSetOptions(setCookieOptions, {
-				secure: isNonSSLOrigin(origin),
+				secure: isSSLOrigin(origin),
 			}),
 		);
 

packages/adapter-nextjs/src/auth/handlers/handleSignOutRequest.ts

@@ -6,7 +6,7 @@ import {
 	createAuthFlowProofCookiesSetOptions,
 	createLogoutEndpoint,
 	createSignOutFlowProofCookies,
-	isNonSSLOrigin,
+	isSSLOrigin,
 	resolveRedirectSignOutUrl,
 } from '../utils';
 
@@ -32,7 +32,7 @@ export const handleSignOutRequest: HandleSignOutRequest = ({
 		headers,
 		createSignOutFlowProofCookies(),
 		createAuthFlowProofCookiesSetOptions(setCookieOptions, {
-			secure: isNonSSLOrigin(origin),
+			secure: isSSLOrigin(origin),
 		}),
 	);
 

packages/adapter-nextjs/src/auth/handlers/handleSignOutRequestForPagesRouter.ts

@@ -6,7 +6,7 @@ import {
 	createAuthFlowProofCookiesSetOptions,
 	createLogoutEndpoint,
 	createSignOutFlowProofCookies,
-	isNonSSLOrigin,
+	isSSLOrigin,
 	resolveRedirectSignOutUrl,
 } from '../utils';
 
@@ -23,7 +23,7 @@ export const handleSignOutRequestForPagesRouter: HandleSignOutRequestForPagesRou
 			response,
 			createSignOutFlowProofCookies(),
 			createAuthFlowProofCookiesSetOptions(setCookieOptions, {
-				secure: isNonSSLOrigin(origin),
+				secure: isSSLOrigin(origin),
 			}),
 		);
 

packages/adapter-nextjs/src/auth/utils/index.ts

@@ -34,7 +34,7 @@ export {
 	hasActiveUserSessionWithPagesRouter,
 } from './hasActiveUserSession';
 export { isSupportedAuthApiRoutePath } from './isSupportedAuthApiRoutePath';
-export { isValidOrigin, isNonSSLOrigin } from './isValidOrigin';
+export { isValidOrigin, isSSLOrigin } from './origin';
 export { resolveCodeAndStateFromUrl } from './resolveCodeAndStateFromUrl';
 export { resolveIdentityProviderFromUrl } from './resolveIdentityProviderFromUrl';
 export {

packages/adapter-nextjs/src/auth/utils/origin.ts

@@ -0,0 +1,27 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// a regular expression that validates the origin string to be any valid origin, and allowing local development localhost
+const originRegex =
+	/^(http:\/\/localhost(:\d{1,5})?)|(https?:\/\/[a-z0-9-]+(\.[a-z0-9-]+)*(:\d{1,5})?)$/;
+
+export const isValidOrigin = (origin: string): boolean => {
+	try {
+		const url = new URL(origin);
+
+		return (
+			(url.protocol === 'http:' || url.protocol === 'https:') &&
+			originRegex.test(origin)
+		);
+	} catch {
+		return false;
+	}
+};
+
+export const isSSLOrigin = (origin: string): boolean => {
+	if (isValidOrigin(origin)) {
+		return origin.startsWith('https://');
+	}
+
+	return false;
+};