keycloak · jonkoops · Feb 3, 2025
diff --git a/example/index.js b/example/index.js
@@ -13,12 +13,14 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
+import express from 'express'
+import session from 'express-session'
+import hogan from 'hogan-express'
+import Keycloak from 'keycloak-connect'
+import path from 'node:path'
+import url from 'node:url'
 
-const Keycloak = require('keycloak-connect')
-const hogan = require('hogan-express')
-const express = require('express')
-const session = require('express-session')
-
+const __dirname = url.fileURLToPath(new URL('.', import.meta.url))
 const app = express()
 
 const server = app.listen(3000, function () {
@@ -29,7 +31,7 @@ const server = app.listen(3000, function () {
 
 // Register '.mustache' extension with The Mustache Express
 app.set('view engine', 'html')
-app.set('views', require('path').join(__dirname, '/view'))
+app.set('views', path.join(__dirname, '/view'))
 app.engine('html', hogan)
 
 // A normal un-protected public URL.

diff --git a/example/package.json b/example/package.json
@@ -3,6 +3,7 @@
   "version": "0.1.0",
   "description": "Example page that demonstrates available keycloak functionality",
   "main": "index.js",
+  "type": "module",
   "scripts": {
     "start": "node index.js"
   },

diff --git a/guides/guides.mjs → guides/guides.js b/guides/guides.mjs → guides/guides.js
diff --git a/guides/securing-apps/nodejs-adapter.adoc b/guides/securing-apps/nodejs-adapter.adoc
@@ -63,8 +63,8 @@ In the root directory of your project create a file called `server.js` and add t
 
 [source,javascript]
 ----
-    const session = require('express-session');
-    const Keycloak = require('keycloak-connect');
+    import session from 'express-session';
+    import Keycloak from 'keycloak-connect';
 
     const memoryStore = new session.MemoryStore();
     const keycloak = new Keycloak({ store: memoryStore });
@@ -135,7 +135,8 @@ server-side state for authentication, you need to initialize the
 session store that `express-session` is using.
 [source,javascript]
 ----
-    const session = require('express-session');
+    import session from 'express-session';
+
     const memoryStore = new session.MemoryStore();
 
     // Configure session
@@ -169,7 +170,8 @@ then require Express in our project as outlined below:
 
 [source,javascript]
 ----
-    const express = require('express');
+    import express from 'express';
+
     const app = express();
 ----
 

diff --git a/keycloak.js b/keycloak.js
@@ -14,20 +14,19 @@
  * the License.
  */
 
-const BearerStore = require('./stores/bearer-store')
-const CookieStore = require('./stores/cookie-store')
-const SessionStore = require('./stores/session-store')
-
-const Config = require('./middleware/auth-utils/config')
-const GrantManager = require('./middleware/auth-utils/grant-manager')
-const Setup = require('./middleware/setup')
-const Admin = require('./middleware/admin')
-const Logout = require('./middleware/logout')
-const PostAuth = require('./middleware/post-auth')
-const GrantAttacher = require('./middleware/grant-attacher')
-const Protect = require('./middleware/protect')
-const Enforcer = require('./middleware/enforcer')
-const CheckSso = require('./middleware/check-sso')
+import Admin from './middleware/admin.js'
+import Config from './middleware/auth-utils/config.js'
+import GrantManager from './middleware/auth-utils/grant-manager.js'
+import CheckSso from './middleware/check-sso.js'
+import Enforcer from './middleware/enforcer.js'
+import GrantAttacher from './middleware/grant-attacher.js'
+import Logout from './middleware/logout.js'
+import PostAuth from './middleware/post-auth.js'
+import Protect from './middleware/protect.js'
+import Setup from './middleware/setup.js'
+import BearerStore from './stores/bearer-store.js'
+import CookieStore from './stores/cookie-store.js'
+import SessionStore from './stores/session-store.js'
 
 /**
  * Instantiate a Keycloak.
@@ -58,7 +57,7 @@ const CheckSso = require('./middleware/check-sso')
  * @return     {Keycloak}  A constructed Keycloak object.
  *
  */
-function Keycloak (config, keycloakConfig) {
+export default function Keycloak (config, keycloakConfig) {
   // If keycloakConfig is null, Config() will search for `keycloak.json`.
   this.config = new Config(keycloakConfig)
 
@@ -426,5 +425,3 @@ Keycloak.prototype.redirectToLogin = function (request) {
 Keycloak.prototype.getConfig = function () {
   return this.config
 }
-
-module.exports = Keycloak
diff --git a/middleware/admin.js b/middleware/admin.js
@@ -13,10 +13,8 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-'use strict'
-
-const Token = require('./auth-utils/token')
-const Signature = require('./auth-utils/signature')
+import Token from './auth-utils/token.js'
+import Signature from './auth-utils/signature.js'
 
 function Admin (keycloak, url) {
   this._keycloak = keycloak
@@ -99,7 +97,7 @@ function adminNotBefore (request, response, keycloak) {
   })
 }
 
-module.exports = function (keycloak, adminUrl) {
+export default function adminMiddleware (keycloak, adminUrl) {
   let url = adminUrl
   if (url[url.length - 1] !== '/') {
     url = url + '/'

diff --git a/middleware/auth-utils/config.js b/middleware/auth-utils/config.js
@@ -13,11 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-'use strict'
-
-const path = require('path')
-const fs = require('fs')
+import path from 'node:path'
+import fs from 'node:fs'
 
 /**
  * Construct a configuration object.
@@ -31,7 +28,7 @@ const fs = require('fs')
  *
  * @constructor
  */
-function Config (config) {
+export default function Config (config) {
   if (!config) {
     config = path.join(process.cwd(), 'keycloak.json')
   }
@@ -168,5 +165,3 @@ Config.prototype.configure = function configure (config) {
    */
   this.verifyTokenAudience = resolveValue(config['verify-token-audience'] || config.verifyTokenAudience || false)
 }
-
-module.exports = Config
diff --git a/middleware/auth-utils/grant-manager.js b/middleware/auth-utils/grant-manager.js
@@ -13,16 +13,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-'use strict'
-
-const URL = require('url')
-const http = require('http')
-const https = require('https')
-const crypto = require('crypto')
-const querystring = require('querystring')
-const Grant = require('./grant')
-const Token = require('./token')
-const Rotation = require('./rotation')
+import URL from 'node:url'
+import http from 'node:http'
+import https from 'node:https'
+import crypto from 'node:crypto'
+import querystring from 'node:querystring'
+import Grant from './grant.js'
+import Token from './token.js'
+import Rotation from './rotation.js'
 
 /**
  * Construct a grant manager.
@@ -31,7 +29,7 @@ const Rotation = require('./rotation')
  *
  * @constructor
  */
-function GrantManager (config) {
+export default function GrantManager (config) {
   this.realmUrl = config.realmUrl
   this.clientId = config.clientId
   this.secret = config.secret
@@ -536,5 +534,3 @@ const fetch = (manager, handler, options, params) => {
     req.end()
   })
 }
-
-module.exports = GrantManager
diff --git a/middleware/auth-utils/grant.js b/middleware/auth-utils/grant.js
@@ -13,7 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-'use strict'
 
 /**
  * Construct a new grant.
@@ -30,7 +29,7 @@
  *
  * @constructor
  */
-function Grant (grant) {
+export default function Grant (grant) {
   this.update(grant)
 }
 
@@ -80,5 +79,3 @@ Grant.prototype.isExpired = function isExpired () {
   }
   return this.access_token.isExpired()
 }
-
-module.exports = Grant
diff --git a/middleware/auth-utils/rotation.js b/middleware/auth-utils/rotation.js
@@ -13,11 +13,10 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-'use strict'
-const URL = require('url')
-const http = require('http')
-const https = require('https')
-const jwkToPem = require('jwk-to-pem')
+import URL from 'node:url'
+import http from 'node:http'
+import https from 'node:https'
+import jwkToPem from 'jwk-to-pem'
 
 /**
  * Construct a Rotation instance
@@ -26,7 +25,7 @@ const jwkToPem = require('jwk-to-pem')
  *
  * @constructor
  */
-function Rotation (config) {
+export default function Rotation (config) {
   this.realmUrl = config.realmUrl
   this.minTimeBetweenJwksRequests = config.minTimeBetweenJwksRequests
   this.jwks = []
@@ -93,5 +92,3 @@ const nodeify = (promise, cb) => {
   if (typeof cb !== 'function') return promise
   return promise.then((res) => cb(null, res)).catch((err) => cb(err))
 }
-
-module.exports = Rotation
diff --git a/middleware/auth-utils/signature.js b/middleware/auth-utils/signature.js
@@ -13,10 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-'use strict'
-
-const Rotation = require('./rotation')
-const crypto = require('crypto')
+import crypto from 'node:crypto'
+import Rotation from './rotation.js'
 
 /**
  * Construct a signature.
@@ -25,7 +23,7 @@ const crypto = require('crypto')
  *
  * @constructor
  */
-function Signature (config) {
+export default function Signature (config) {
   this.publicKey = config.publicKey
   this.rotation = new Rotation(config)
 }
@@ -51,5 +49,3 @@ Signature.prototype.verify = function verify (token, callback) {
     })
   })
 }
-
-module.exports = Signature
diff --git a/middleware/auth-utils/token.js b/middleware/auth-utils/token.js
@@ -13,7 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-'use strict'
 
 /**
  * Construct a token.
@@ -27,7 +26,7 @@
  * @param {String} token The JSON Web Token formatted token string.
  * @param {String} clientId Optional clientId if this is an `access_token`.
  */
-function Token (token, clientId) {
+export default function Token (token, clientId) {
   this.token = token
   this.clientId = clientId
 
@@ -185,5 +184,3 @@ Token.prototype.hasPermission = function hasPermission (resource, scope) {
 
   return false
 }
-
-module.exports = Token
diff --git a/middleware/check-sso.js b/middleware/check-sso.js
@@ -13,10 +13,8 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-'use strict'
-
-const UUID = require('./../uuid')
-const URL = require('url')
+import URL from 'node:url'
+import UUID from './../uuid.js'
 
 function forceCheckSSO (keycloak, request, response) {
   const host = request.hostname
@@ -38,7 +36,7 @@ function forceCheckSSO (keycloak, request, response) {
   response.redirect(checkSsoUrl)
 }
 
-module.exports = function (keycloak) {
+export default function checkSsoMiddleware (keycloak) {
   return function checkSso (request, response, next) {
     if (request.kauth && request.kauth.grant) {
       return next()

diff --git a/middleware/enforcer.js b/middleware/enforcer.js
@@ -13,8 +13,6 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-'use strict'
-
 function handlePermissions (permissions, callback) {
   for (let i = 0; i < permissions.length; i++) {
     const expected = permissions[i].split(':')
@@ -42,7 +40,7 @@ function handlePermissions (permissions, callback) {
  *
  * @constructor
  */
-function Enforcer (keycloak, config) {
+export default function Enforcer (keycloak, config) {
   this.keycloak = keycloak
   this.config = config || {}
 
@@ -155,5 +153,3 @@ Enforcer.prototype.enforce = function enforce (expectedPermissions) {
     }
   }
 }
-
-module.exports = Enforcer
diff --git a/middleware/grant-attacher.js b/middleware/grant-attacher.js
@@ -13,9 +13,7 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-'use strict'
-
-module.exports = function (keycloak) {
+export default function grantAttacherMiddleware (keycloak) {
   return function grantAttacher (request, response, next) {
     keycloak.getGrant(request, response)
       .then(grant => {

diff --git a/middleware/logout.js b/middleware/logout.js
@@ -13,11 +13,9 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-'use strict'
+import URL from 'node:url'
 
-const URL = require('url')
-
-module.exports = function (keycloak, logoutUrl) {
+export default function logoutMiddleware (keycloak, logoutUrl) {
   return function logout (request, response, next) {
     const parsedRequest = URL.parse(request.url, true); // eslint-disable-line
     if (parsedRequest.pathname !== logoutUrl) {

diff --git a/middleware/post-auth.js b/middleware/post-auth.js
@@ -13,11 +13,9 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-'use strict'
+import URL from 'node:url'
 
-const URL = require('url')
-
-module.exports = function (keycloak) {
+export default function postAuthMiddleware (keycloak) {
   return function postAuth (request, response, next) {
     if (!request.query.auth_callback) {
       return next()