{"id":20844493,"url":"https://github.com/pushpabrol/cloudflare-worker-change-encryption-digest","last_synced_at":"2026-04-24T06:32:11.431Z","repository":{"id":250224360,"uuid":"833845815","full_name":"pushpabrol/cloudflare-worker-change-encryption-digest","owner":"pushpabrol","description":null,"archived":false,"fork":false,"pushed_at":"2024-07-31T19:06:56.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-27T15:58:13.640Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pushpabrol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-07-25T22:04:17.000Z","updated_at":"2024-07-31T19:07:00.000Z","dependencies_parsed_at":"2024-07-26T00:58:57.992Z","dependency_job_id":null,"html_url":"https://github.com/pushpabrol/cloudflare-worker-change-encryption-digest","commit_stats":null,"previous_names":["pushpabrol/cloudflare-worker-change-encryption-digest"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pushpabrol/cloudflare-worker-change-encryption-digest","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fcloudflare-worker-change-encryption-digest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fcloudflare-worker-change-encryption-digest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fcloudflare-worker-change-encryption-digest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fcloudflare-worker-change-encryption-digest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pushpabrol","download_url":"https://codeload.github.com/pushpabrol/cloudflare-worker-change-encryption-digest/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pushpabrol%2Fcloudflare-worker-change-encryption-digest/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32212805,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T03:15:14.334Z","status":"ssl_error","status_checked_at":"2026-04-24T03:15:11.608Z","response_time":64,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T02:09:48.032Z","updated_at":"2026-04-24T06:32:11.415Z","avatar_url":"https://github.com/pushpabrol.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# README\n\n## Overview\n\nThis project provides a serverless solution using Cloudflare Workers to handle requests, specifically proxying them to Auth0 with additional processing for SAML responses. The code uses the `itty-router` for routing and the `xmldom` library for XML manipulation.\n\n## Features\n\n- **Proxy Requests to Auth0**: Forward incoming requests to Auth0, modifying the headers as needed.\n- **Decrypt and Re-Encrypt Keys**: Handle SAML responses by decrypting and re-encrypting keys using specified algorithms.\n- **Routing**: Utilize the `itty-router` to manage different routes and handle incoming requests accordingly.\n\n## Setup\n\n### Dependencies\n\n- `itty-router`: Lightweight router for handling request routing.\n- `xmldom`: XML parser and serializer for handling SAML responses.\n\n### Environment Variables\n\nEnsure the following environment variables are set:\n\n- `AUTH0_HOST_NAME`: The hostname for Auth0.\n- `CNAME_API_KEY`: The API key for the CNAME.\n- `ENCRYPTION.PRIVATE_KEY`: The private key for decryption.\n- `ENCRYPTION.PUBLIC_KEY`: The public key for encryption.\n\n## Code Explanation\n\n### Proxying Requests to Auth0\n\nThe function `proxyRequestToAuth0` modifies the URL and headers of incoming requests before forwarding them to Auth0. It also logs request details and handles errors.\n\n### PEM to ArrayBuffer Conversion\n\nThe function `pemToArrayBuffer` converts a PEM formatted key to an ArrayBuffer, which is required for cryptographic operations.\n\n### Key Decryption and Encryption\n\n- `decryptKey`: Decrypts an encrypted key using the RSA-OAEP algorithm with SHA-256.\n- `encryptKeyWithSha1`: Encrypts a key using the RSA-OAEP algorithm with SHA-1.\n\n### Proxying Modified Requests\n\nThe function `proxyRequestToAuth0ModifiedBody` is similar to `proxyRequestToAuth0` but allows for a modified request body, which is necessary for handling modified SAML responses.\n\n### Handling SAML Responses\n\nThe route handler for `/login/callback` processes SAML responses. It decrypts and re-encrypts keys if necessary, modifies the XML document, and forwards the modified request to Auth0.\n\n### Default Route\n\nThe default route handles all other requests, forwarding them to Auth0 with the necessary modifications to headers.\n\n### Event Listener\n\nAn event listener is added to handle fetch events, directing them to the router for processing.\n\n## Usage\n\nDeploy this code as an Cloudflare proxy over auth0 to handle requests, particularly for processing and forwarding SAML responses to Auth0.\n\n### How to deploy?\n    - run `npx webpack`\n    - run `npx wrangler publish`\n    - Make sure the route is mapped to the worker in cloudflare\n\n### Example\n\nTo handle a POST request to `/login/callback`, the code will:\n1. Parse the SAML response.\n2. Decrypt and re-encrypt keys if required.\n3. Modify the XML document accordingly.\n4. Forward the modified request to Auth0.\n\n## Error Handling\n\nErrors encountered during request processing, decryption, or encryption are logged, and appropriate error responses are returned.\n\n## Logging\n\nThe code includes logging for request details, modifications, and errors to aid in debugging and monitoring.\n\n## License\n\nThis project is licensed under the MIT License. See the LICENSE file for more details.\n\n```text\nMIT License\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpushpabrol%2Fcloudflare-worker-change-encryption-digest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpushpabrol%2Fcloudflare-worker-change-encryption-digest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpushpabrol%2Fcloudflare-worker-change-encryption-digest/lists"}