flag to leave request open on auth

README.md

@@ -111,7 +111,26 @@ handler(req, res); // the handler will also return true if allow_access or allow
 ```
 
 after the auth handler, the request will be completed, no additional content
-should be served here.
+should be served here. (Read 2.1 for info on disabling this)
+
+#### 2.1. Processing Auth Requests without closing the response object
+
+to prevent the auth handler from closing the response object you can provide additional options on each of the allow/deny functions.
+
+```js
+allow_access({leave_open: true, ...});
+allow_part(
+  60,
+  'some_module',
+  {foo: 'bar'},
+  true // additional flag to leave request open
+);
+invalid('error description', true);
+deny(true);
+```
+
+if this flag is set, no data will be written to the response body and no data will be sent.
+Status code and Headers will still be set.
 
 ### Invalidating tokens after they are delivered to the client
 

lib/AuthHandler.ts

@@ -14,7 +14,8 @@ interface AccessSettings {
   include_refresh_token?: boolean
   refresh_token_expires_in?: number
   redirect_to?: string
-  data?: Record<string, unknown>
+  data?: Record<string, unknown>,
+  leave_open?: boolean
 }
 
 interface AccessResult {
@@ -76,12 +77,14 @@ class AuthRequest {
       this.response.setHeader ('Content-Type', 'application/json');
   }
 
+  // eslint-disable-next-line max-lines-per-function
   public async allow_access ({
     access_token_expires_in,
     include_refresh_token,
     refresh_token_expires_in,
     redirect_to,
-    data
+    data,
+    leave_open
   }: AccessSettings): Promise<AccessResult> {
     this.default_header (typeof redirect_to !== 'string');
 
@@ -121,13 +124,16 @@ class AuthRequest {
 
     if (typeof redirect_to === 'string') {
       this.response.setHeader ('Location', redirect_to);
-      this.response.writeHead (302);
+      this.response.statusCode = 302;
+      if (!leave_open)
         this.response.end ();
       return result;
     }
 
+    if (!leave_open) {
       this.response.writeHead (200);
       this.response.end (JSON.stringify (res));
+    }
 
     this._is_successful = true;
     return result;
@@ -136,7 +142,8 @@ class AuthRequest {
   public async allow_part (
     part_token_expires_in: number,
     next_module: string,
-    data?: Record<string, unknown>
+    data?: Record<string, unknown>,
+    leave_open = false
   ): Promise<string> {
     this.default_header ();
 
@@ -152,25 +159,30 @@ class AuthRequest {
       expires_in: part_token_expires_in
     };
 
+    if (!leave_open) {
       this.response.writeHead (200);
       this.response.end (JSON.stringify (res));
+    }
 
     this._is_successful = true;
     return pt.id;
   }
 
-  public invalid (error_description?: string): void {
+  public invalid (error_description?: string, leave_open = false): void {
     this.default_header ();
-    this.response.writeHead (400);
+    this.response.statusCode = 400;
+    if (!leave_open) {
       this.response.end (JSON.stringify ({
         error: 'invalid_request',
         error_description
       }));
     }
+  }
 
-  public deny (): void {
+  public deny (leave_open = false): void {
     this.default_header ();
-    this.response.writeHead (401);
+    this.response.statusCode = 401;
+    if (!leave_open)
       this.response.end (JSON.stringify ({ error: 'invalid_client' }));
   }
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sapphirecode/auth-server-helper",
-  "version": "2.1.1",
+  "version": "2.1.2",
   "main": "dist/index.js",
   "author": {
     "name": "Timo Hocker",