@absolutejs/auth 0.27.0-beta.1 → 0.27.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/abuse/config.d.ts +29 -0
- package/dist/audit/integrity.d.ts +15 -0
- package/dist/audit/siem.d.ts +11 -0
- package/dist/audit/types.d.ts +1 -1
- package/dist/index.d.ts +8 -0
- package/dist/index.js +340 -4
- package/dist/index.js.map +13 -8
- package/dist/mfa/rotation.d.ts +17 -0
- package/dist/mfa/types.d.ts +1 -0
- package/dist/session/impersonation.d.ts +29 -0
- package/dist/session/promote.d.ts +2 -1
- package/dist/types.d.ts +13 -0
- package/package.json +1 -1
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import type { MFAStore } from './types';
|
|
2
|
+
export type MfaKeyRotationResult = {
|
|
3
|
+
alreadyRotated: number;
|
|
4
|
+
rotated: number;
|
|
5
|
+
skippedNoSecret: number;
|
|
6
|
+
total: number;
|
|
7
|
+
};
|
|
8
|
+
export declare const rotateMfaEncryptionKey: ({ mfaStore, newKey, oldKey }: {
|
|
9
|
+
mfaStore: MFAStore;
|
|
10
|
+
newKey: string;
|
|
11
|
+
oldKey: string;
|
|
12
|
+
}) => Promise<{
|
|
13
|
+
alreadyRotated: number;
|
|
14
|
+
rotated: number;
|
|
15
|
+
skippedNoSecret: number;
|
|
16
|
+
total: number;
|
|
17
|
+
}>;
|
package/dist/mfa/types.d.ts
CHANGED
|
@@ -10,6 +10,7 @@ export type MfaEnrollment = {
|
|
|
10
10
|
};
|
|
11
11
|
export type MFAStore = {
|
|
12
12
|
getEnrollment: (userId: string) => Promise<MfaEnrollment | undefined>;
|
|
13
|
+
listEnrollments: () => Promise<MfaEnrollment[]>;
|
|
13
14
|
removeEnrollment: (userId: string) => Promise<void>;
|
|
14
15
|
saveEnrollment: (enrollment: MfaEnrollment) => Promise<void>;
|
|
15
16
|
};
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import type { Cookie } from 'elysia';
|
|
2
|
+
import type { AuditEvent } from '../audit/types';
|
|
3
|
+
import type { SessionData, SessionRecord, UserSessionId } from '../types';
|
|
4
|
+
import type { AuthSessionStore } from './types';
|
|
5
|
+
type Emit = (event: AuditEvent) => Promise<void> | void;
|
|
6
|
+
export declare const endImpersonation: <UserType>({ authSessionStore, cookie, emit, inMemorySession }: {
|
|
7
|
+
authSessionStore?: AuthSessionStore<UserType>;
|
|
8
|
+
cookie: Cookie<UserSessionId | undefined>;
|
|
9
|
+
emit?: Emit;
|
|
10
|
+
inMemorySession: SessionRecord<UserType>;
|
|
11
|
+
}) => Promise<{
|
|
12
|
+
restored: boolean;
|
|
13
|
+
}>;
|
|
14
|
+
export declare const isImpersonating: <UserType>(session: SessionData<UserType> | undefined) => boolean;
|
|
15
|
+
export declare const startImpersonation: <UserType>({ authSessionStore, cookie, emit, getUserId, impersonator, inMemorySession, sessionDurationMs, user }: {
|
|
16
|
+
authSessionStore?: AuthSessionStore<UserType>;
|
|
17
|
+
cookie: Cookie<UserSessionId | undefined>;
|
|
18
|
+
emit?: Emit;
|
|
19
|
+
getUserId?: (user: UserType) => string;
|
|
20
|
+
impersonator: {
|
|
21
|
+
actorEmail?: string;
|
|
22
|
+
actorId: string;
|
|
23
|
+
reason: string;
|
|
24
|
+
};
|
|
25
|
+
inMemorySession: SessionRecord<UserType>;
|
|
26
|
+
sessionDurationMs?: number;
|
|
27
|
+
user: UserType;
|
|
28
|
+
}) => Promise<`${string}-${string}-${string}-${string}-${string}`>;
|
|
29
|
+
export {};
|
|
@@ -11,10 +11,11 @@ export declare const persistWhen: (shouldPersist: boolean, persist: () => Promis
|
|
|
11
11
|
type PromoteToSessionProps<UserType> = {
|
|
12
12
|
authSessionStore?: AuthSessionStore<UserType>;
|
|
13
13
|
cookie: Cookie<UserSessionId | undefined>;
|
|
14
|
+
impersonator?: SessionData<UserType>['impersonator'];
|
|
14
15
|
inMemorySession: SessionRecord<UserType>;
|
|
15
16
|
samlLogout?: SessionData<UserType>['samlLogout'];
|
|
16
17
|
sessionDurationMs: number;
|
|
17
18
|
user: UserType;
|
|
18
19
|
};
|
|
19
|
-
export declare const promoteToSession: <UserType>({ authSessionStore, cookie, inMemorySession, samlLogout, sessionDurationMs, user }: PromoteToSessionProps<UserType>) => Promise<`${string}-${string}-${string}-${string}-${string}`>;
|
|
20
|
+
export declare const promoteToSession: <UserType>({ authSessionStore, cookie, impersonator, inMemorySession, samlLogout, sessionDurationMs, user }: PromoteToSessionProps<UserType>) => Promise<`${string}-${string}-${string}-${string}-${string}`>;
|
|
20
21
|
export {};
|
package/dist/types.d.ts
CHANGED
|
@@ -34,6 +34,17 @@ export type OAuth2ConfigurationOptions = {
|
|
|
34
34
|
[Provider in ProviderOption]?: OAuth2ProviderConfiguration<Provider>;
|
|
35
35
|
};
|
|
36
36
|
export type UserSessionId = `${string}-${string}-${string}-${string}-${string}`;
|
|
37
|
+
/** Stamped on a session created via admin impersonation (`startImpersonation`). RFC 8693
|
|
38
|
+
* actor semantics: `actorId`/`actorEmail` are the admin acting as the user, `reason` is
|
|
39
|
+
* required and audited, `returnToSessionId` is the admin's own session to restore on exit.
|
|
40
|
+
* Surfaced by userStatus so your UI can show an "impersonating" banner. */
|
|
41
|
+
export type Impersonator = {
|
|
42
|
+
actorEmail?: string;
|
|
43
|
+
actorId: string;
|
|
44
|
+
reason: string;
|
|
45
|
+
returnToSessionId?: UserSessionId;
|
|
46
|
+
startedAt: number;
|
|
47
|
+
};
|
|
37
48
|
export type SessionData<UserType> = {
|
|
38
49
|
user: UserType;
|
|
39
50
|
/** OAuth provider access token. Optional: credential / SSO sessions are not backed
|
|
@@ -53,6 +64,8 @@ export type SessionData<UserType> = {
|
|
|
53
64
|
nameId: string;
|
|
54
65
|
sessionIndex?: string;
|
|
55
66
|
};
|
|
67
|
+
/** Present only when this session was created via admin impersonation. */
|
|
68
|
+
impersonator?: Impersonator;
|
|
56
69
|
};
|
|
57
70
|
export type SessionRecord<UserType> = Record<UserSessionId, SessionData<UserType>>;
|
|
58
71
|
export type UnregisteredSessionData = {
|
package/package.json
CHANGED