diff --git a/src/workerd/api/global-scope.h b/src/workerd/api/global-scope.h index ffaf66fac9e..b8a8aad0656 100644 --- a/src/workerd/api/global-scope.h +++ b/src/workerd/api/global-scope.h @@ -276,11 +276,13 @@ class ExecutionContext: public jsg::Object { readonly key?: string; readonly override?: string; }; + readonly access?: CloudflareAccessContext; }); } else { JSG_TS_OVERRIDE( { readonly props: Props; readonly exports: Cloudflare.Exports; + readonly access?: CloudflareAccessContext; }); } } else { @@ -293,10 +295,12 @@ class ExecutionContext: public jsg::Object { readonly key?: string; readonly override?: string; }; + readonly access?: CloudflareAccessContext; }); } else { JSG_TS_OVERRIDE( { readonly props: Props; + readonly access?: CloudflareAccessContext; }); } } diff --git a/types/defines/access.d.ts b/types/defines/access.d.ts new file mode 100644 index 00000000000..c7442a09995 --- /dev/null +++ b/types/defines/access.d.ts @@ -0,0 +1,23 @@ +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +type CloudflareAccessIdentity = object; + +/** + * Cloudflare Access authentication information for the current request. + */ +interface CloudflareAccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} diff --git a/types/generated-snapshot/experimental/index.d.ts b/types/generated-snapshot/experimental/index.d.ts index 72a3d8f7bc6..9645af9fa3d 100755 --- a/types/generated-snapshot/experimental/index.d.ts +++ b/types/generated-snapshot/experimental/index.d.ts @@ -501,6 +501,7 @@ interface ExecutionContext { readonly override?: string; }; abort(reason?: any): void; + readonly access?: CloudflareAccessContext; } type ExportedHandlerFetchHandler< Env = unknown, @@ -4659,6 +4660,27 @@ interface EventCounts { ): void; [Symbol.iterator](): IterableIterator; } +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +type CloudflareAccessIdentity = object; +/** + * Cloudflare Access authentication information for the current request. + */ +interface CloudflareAccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} // ============ AI Search Error Interfaces ============ interface AiSearchInternalError extends Error {} interface AiSearchNotFoundError extends Error {} diff --git a/types/generated-snapshot/experimental/index.ts b/types/generated-snapshot/experimental/index.ts index 1ba1e4f325b..4bc97b80cfa 100755 --- a/types/generated-snapshot/experimental/index.ts +++ b/types/generated-snapshot/experimental/index.ts @@ -503,6 +503,7 @@ export interface ExecutionContext { readonly override?: string; }; abort(reason?: any): void; + readonly access?: CloudflareAccessContext; } export type ExportedHandlerFetchHandler< Env = unknown, @@ -4665,6 +4666,27 @@ export interface EventCounts { ): void; [Symbol.iterator](): IterableIterator; } +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +export type CloudflareAccessIdentity = object; +/** + * Cloudflare Access authentication information for the current request. + */ +export interface CloudflareAccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} // ============ AI Search Error Interfaces ============ export interface AiSearchInternalError extends Error {} export interface AiSearchNotFoundError extends Error {} diff --git a/types/generated-snapshot/latest/index.d.ts b/types/generated-snapshot/latest/index.d.ts index b569c0a3c41..ebac9cb993b 100755 --- a/types/generated-snapshot/latest/index.d.ts +++ b/types/generated-snapshot/latest/index.d.ts @@ -479,6 +479,7 @@ interface ExecutionContext { passThroughOnException(): void; readonly exports: Cloudflare.Exports; readonly props: Props; + readonly access?: CloudflareAccessContext; } type ExportedHandlerFetchHandler< Env = unknown, @@ -3934,6 +3935,27 @@ declare abstract class Performance { */ toJSON(): object; } +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +type CloudflareAccessIdentity = object; +/** + * Cloudflare Access authentication information for the current request. + */ +interface CloudflareAccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} // ============ AI Search Error Interfaces ============ interface AiSearchInternalError extends Error {} interface AiSearchNotFoundError extends Error {} diff --git a/types/generated-snapshot/latest/index.ts b/types/generated-snapshot/latest/index.ts index f2c4af42220..36703d34067 100755 --- a/types/generated-snapshot/latest/index.ts +++ b/types/generated-snapshot/latest/index.ts @@ -481,6 +481,7 @@ export interface ExecutionContext { passThroughOnException(): void; readonly exports: Cloudflare.Exports; readonly props: Props; + readonly access?: CloudflareAccessContext; } export type ExportedHandlerFetchHandler< Env = unknown, @@ -3940,6 +3941,27 @@ export declare abstract class Performance { */ toJSON(): object; } +/** + * Represents the identity of a user authenticated via Cloudflare Access. + * This matches the result of calling /cdn-cgi/access/get-identity. + */ +export type CloudflareAccessIdentity = object; +/** + * Cloudflare Access authentication information for the current request. + */ +export interface CloudflareAccessContext { + /** + * The audience claim from the Access JWT. This identifies which Access + * application the request matched. + */ + readonly aud: string; + /** + * Fetches the full identity information for the authenticated user. + * + * @returns The subject's identity, if one exists + */ + getIdentity(): Promise; +} // ============ AI Search Error Interfaces ============ export interface AiSearchInternalError extends Error {} export interface AiSearchNotFoundError extends Error {}