@adaptic/backend-legacy 0.0.973 → 0.0.975
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/auth/token-verifier.d.ts.map +1 -1
- package/esm/auth/token-verifier.js.map +1 -1
- package/esm/auth/token-verifier.mjs +17 -5
- package/esm/plugins/http-status-mapper.d.ts +33 -0
- package/esm/plugins/http-status-mapper.d.ts.map +1 -0
- package/esm/plugins/http-status-mapper.js.map +1 -0
- package/esm/plugins/http-status-mapper.mjs +87 -0
- package/esm/plugins/index.d.ts +1 -0
- package/esm/plugins/index.d.ts.map +1 -1
- package/esm/plugins/index.js.map +1 -1
- package/esm/plugins/index.mjs +1 -0
- package/package.json +1 -1
- package/server.cjs +17 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-verifier.d.ts","sourceRoot":"","sources":["../../../src/auth/token-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,GAA6C,MAAM,cAAc,CAAC;AASzE;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GACvB,WAAW,GACX,SAAS,GACT,cAAc,GACd,eAAe,GACf,8BAA8B,GAC9B,eAAe,CAAC;AAEpB;;;;;;;;;;GAUG;AACH,MAAM,MAAM,gBAAgB,GACxB;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,GAClB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE,GAC9D;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC;AAEpE;;;;;;GAMG;AACH,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAgB,IAAI,EAAE,eAAe,CAAC;IACtC,SAAgB,MAAM,EAAE,eAAe,CAAC;gBAE5B,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,CAAC,EAAE,MAAM;CAQ7E;AAcD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAkC7C;AAED;;;;;;;GAOG;AACH,wBAAgB,qCAAqC,IAAI,IAAI,CAgB5D;AAED;;;;;;GAMG;AACH,wBAAgB,iCAAiC,IAAI,IAAI,CAGxD;AAwBD;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,GAAG,CAAC,UAAU,GAAG,MAAM,GAAG,SAAS,GAC3C,MAAM,EAAE,CAiBV;AAiCD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,gBAAgB,CAAC,
|
|
1
|
+
{"version":3,"file":"token-verifier.d.ts","sourceRoot":"","sources":["../../../src/auth/token-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,GAA6C,MAAM,cAAc,CAAC;AASzE;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GACvB,WAAW,GACX,SAAS,GACT,cAAc,GACd,eAAe,GACf,8BAA8B,GAC9B,eAAe,CAAC;AAEpB;;;;;;;;;;GAUG;AACH,MAAM,MAAM,gBAAgB,GACxB;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,GAClB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE,GAC9D;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC;AAEpE;;;;;;GAMG;AACH,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAgB,IAAI,EAAE,eAAe,CAAC;IACtC,SAAgB,MAAM,EAAE,eAAe,CAAC;gBAE5B,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,CAAC,EAAE,MAAM;CAQ7E;AAcD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAkC7C;AAED;;;;;;;GAOG;AACH,wBAAgB,qCAAqC,IAAI,IAAI,CAgB5D;AAED;;;;;;GAMG;AACH,wBAAgB,iCAAiC,IAAI,IAAI,CAGxD;AAwBD;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,GAAG,CAAC,UAAU,GAAG,MAAM,GAAG,SAAS,GAC3C,MAAM,EAAE,CAiBV;AAiCD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,gBAAgB,CAAC,CA+K3B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-verifier.js","sourceRoot":"","sources":["../../../src/auth/token-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,GAAG,EAAE,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,YAAY,EAAoB,MAAM,qBAAqB,CAAC;AACrE,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAqCzC;;;;;;GAMG;AACH,MAAM,OAAO,SAAU,SAAQ,KAAK;IAClB,IAAI,CAAkB;IACtB,MAAM,CAAkB;IAExC,YAAY,IAAqB,EAAE,MAAuB,EAAE,OAAgB;QAC1E,KAAK,CAAC,OAAO,IAAI,GAAG,IAAI,KAAK,MAAM,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,2EAA2E;QAC3E,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACnD,CAAC;CACF;AAED,gFAAgF;AAChF,2CAA2C;AAC3C,gFAAgF;AAEhF;;;;GAIG;AACH,IAAI,kBAAwC,CAAC;AAC7C,IAAI,0BAA0B,GAAG,KAAK,CAAC;AAEvC;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,kBAAkB;IAChC,IAAI,0BAA0B,EAAE,CAAC;QAC/B,OAAO,kBAAkB,IAAI,EAAE,CAAC;IAClC,CAAC;IAED,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IAErD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,IAAI,MAAM,EAAE,CAAC;YACX,oEAAoE;YACpE,6CAA6C;YAC7C,MAAM,IAAI,SAAS,CACjB,eAAe,EACf,eAAe,EACf,kEAAkE,CACnE,CAAC;QACJ,CAAC;QACD,MAAM,CAAC,IAAI,CACT,yJAAyJ,CAC1J,CAAC;QACF,kBAAkB,GAAG,EAAE,CAAC;QACxB,0BAA0B,GAAG,IAAI,CAAC;QAClC,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,MAAM,IAAI,GAAG,GAAG;SACb,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE/B,kBAAkB,GAAG,IAAI,CAAC;IAC1B,0BAA0B,GAAG,IAAI,CAAC;IAClC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qCAAqC;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IACrD,IAAI,CAAC,MAAM;QAAE,OAAO;IAEpB,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/D,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,GAAG,GACP,uEAAuE;YACvE,mEAAmE;YACnE,4EAA4E;YAC5E,0DAA0D,CAAC;QAC7D,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,0HAA0H,CAC3H,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iCAAiC;IAC/C,kBAAkB,GAAG,SAAS,CAAC;IAC/B,0BAA0B,GAAG,KAAK,CAAC;AACrC,CAAC;AAED,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF;;;;GAIG;AACH,IAAI,WAAqC,CAAC;AAE1C,SAAS,cAAc;IACrB,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,WAAW,GAAG,IAAI,YAAY,EAAE,CAAC;IACnC,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAA4C;IAE5C,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEvD,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,UAAU,GAAI,OAA+B,CAAC,KAAK,CAAC;IAC1D,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAI,OAA8B,CAAC,IAAI,CAAC;IACvD,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,KAAa;IAChC,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,QAAQ,KAAK,CAAC,MAAM,GAAG,CAAC;IACtD,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,SAAS,KAAK,CAAC,MAAM,GAAG,CAAC;AACtD,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,KAAK,YAAY,iBAAiB;QAAE,OAAO,SAAS,CAAC;IACzD,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAChD,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAC7D,OAAO,WAAW,CAAC;QACrB,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,KAAa;IAEb,6EAA6E;IAC7E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IAED,6EAA6E;IAC7E,0EAA0E;IAC1E,0EAA0E;IAC1E,gDAAgD;IAChD,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IACtD,IACE,OAAO,eAAe,KAAK,QAAQ;QACnC,eAAe,CAAC,MAAM,GAAG,CAAC;QAC1B,KAAK,KAAK,eAAe,EACzB,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC5B,CAAC;IAED,8EAA8E;IAC9E,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAElC,sEAAsE;IACtE,yEAAyE;IACzE,6EAA6E;IAC7E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE;YACjD,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC;SAChC,CAAC,CAAC;QACH,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,8BAA8B,CAAC,CAAC;IACvE,CAAC;IAED,wEAAwE;IACxE,4EAA4E;IAC5E,6BAA6B;IAC7B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;YAC7C,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC;YAC/B,YAAY,EAAE,QAAQ,CAAC,MAAM;SAC9B,CAAC,CAAC;QACH,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IAED,6EAA6E;IAC7E,yEAAyE;IACzE,wEAAwE;IACxE,8EAA8E;IAC9E,IAAI,eAA4C,CAAC;IACjD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"token-verifier.js","sourceRoot":"","sources":["../../../src/auth/token-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,GAAG,EAAE,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,YAAY,EAAoB,MAAM,qBAAqB,CAAC;AACrE,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAqCzC;;;;;;GAMG;AACH,MAAM,OAAO,SAAU,SAAQ,KAAK;IAClB,IAAI,CAAkB;IACtB,MAAM,CAAkB;IAExC,YAAY,IAAqB,EAAE,MAAuB,EAAE,OAAgB;QAC1E,KAAK,CAAC,OAAO,IAAI,GAAG,IAAI,KAAK,MAAM,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,2EAA2E;QAC3E,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACnD,CAAC;CACF;AAED,gFAAgF;AAChF,2CAA2C;AAC3C,gFAAgF;AAEhF;;;;GAIG;AACH,IAAI,kBAAwC,CAAC;AAC7C,IAAI,0BAA0B,GAAG,KAAK,CAAC;AAEvC;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,kBAAkB;IAChC,IAAI,0BAA0B,EAAE,CAAC;QAC/B,OAAO,kBAAkB,IAAI,EAAE,CAAC;IAClC,CAAC;IAED,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IAErD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,IAAI,MAAM,EAAE,CAAC;YACX,oEAAoE;YACpE,6CAA6C;YAC7C,MAAM,IAAI,SAAS,CACjB,eAAe,EACf,eAAe,EACf,kEAAkE,CACnE,CAAC;QACJ,CAAC;QACD,MAAM,CAAC,IAAI,CACT,yJAAyJ,CAC1J,CAAC;QACF,kBAAkB,GAAG,EAAE,CAAC;QACxB,0BAA0B,GAAG,IAAI,CAAC;QAClC,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,MAAM,IAAI,GAAG,GAAG;SACb,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE/B,kBAAkB,GAAG,IAAI,CAAC;IAC1B,0BAA0B,GAAG,IAAI,CAAC;IAClC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qCAAqC;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IACrD,IAAI,CAAC,MAAM;QAAE,OAAO;IAEpB,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/D,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,GAAG,GACP,uEAAuE;YACvE,mEAAmE;YACnE,4EAA4E;YAC5E,0DAA0D,CAAC;QAC7D,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,0HAA0H,CAC3H,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iCAAiC;IAC/C,kBAAkB,GAAG,SAAS,CAAC;IAC/B,0BAA0B,GAAG,KAAK,CAAC;AACrC,CAAC;AAED,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF;;;;GAIG;AACH,IAAI,WAAqC,CAAC;AAE1C,SAAS,cAAc;IACrB,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,WAAW,GAAG,IAAI,YAAY,EAAE,CAAC;IACnC,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAA4C;IAE5C,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEvD,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,UAAU,GAAI,OAA+B,CAAC,KAAK,CAAC;IAC1D,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAI,OAA8B,CAAC,IAAI,CAAC;IACvD,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,KAAa;IAChC,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,QAAQ,KAAK,CAAC,MAAM,GAAG,CAAC;IACtD,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,SAAS,KAAK,CAAC,MAAM,GAAG,CAAC;AACtD,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,KAAK,YAAY,iBAAiB;QAAE,OAAO,SAAS,CAAC;IACzD,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAChD,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAC7D,OAAO,WAAW,CAAC;QACrB,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,KAAa;IAEb,6EAA6E;IAC7E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IAED,6EAA6E;IAC7E,0EAA0E;IAC1E,0EAA0E;IAC1E,gDAAgD;IAChD,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IACtD,IACE,OAAO,eAAe,KAAK,QAAQ;QACnC,eAAe,CAAC,MAAM,GAAG,CAAC;QAC1B,KAAK,KAAK,eAAe,EACzB,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC5B,CAAC;IAED,8EAA8E;IAC9E,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAElC,sEAAsE;IACtE,yEAAyE;IACzE,6EAA6E;IAC7E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE;YACjD,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC;SAChC,CAAC,CAAC;QACH,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,8BAA8B,CAAC,CAAC;IACvE,CAAC;IAED,wEAAwE;IACxE,4EAA4E;IAC5E,6BAA6B;IAC7B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;YAC7C,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC;YAC/B,YAAY,EAAE,QAAQ,CAAC,MAAM;SAC9B,CAAC,CAAC;QACH,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IAED,6EAA6E;IAC7E,yEAAyE;IACzE,wEAAwE;IACxE,8EAA8E;IAC9E,IAAI,eAA4C,CAAC;IACjD,IAAI,CAAC;QACH,sEAAsE;QACtE,kEAAkE;QAClE,oEAAoE;QACpE,mEAAmE;QACnE,sEAAsE;QACtE,mDAAmD;QACnD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACxE,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,wEAAwE;YACxE,uDAAuD;YACvD,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACtE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,6DAA6D;YAC7D,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,KAAK,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,UAAU,GAAI,OAA+B,CAAC,KAAK,CAAC;QAC1D,MAAM,KAAK,GACT,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;YACrD,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,SAAS,CAAC;QAEhB,OAAO,OAAO;YACZ,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE;YACtC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,qEAAqE;QACrE,wCAAwC;QACxC,IAAI,CAAC,YAAY,SAAS,EAAE,CAAC;YAC3B,MAAM,CAAC,CAAC;QACV,CAAC;QACD,eAAe,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACtC,0EAA0E;QAC1E,uEAAuE;QACvE,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAClD,CAAC;QACD,iEAAiE;IACnE,CAAC;IAED,6EAA6E;IAC7E,wEAAwE;IACxE,wEAAwE;IACxE,+DAA+D;IAC/D,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IACtC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,mEAAmE;QACnE,MAAM,IAAI,SAAS,CACjB,eAAe,EACf,eAAe,IAAI,eAAe,CACnC,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,yEAAyE;IACzE,yEAAyE;IACzE,0EAA0E;IAC1E,wEAAwE;IACxE,uCAAuC;IACvC,IAAI,YAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC,aAAa,CAAC;YAClD,OAAO,EAAE,KAAK;YACd,QAAQ;SACT,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,6DAA6D;QAC7D,4EAA4E;QAC5E,sEAAsE;QACtE,6DAA6D;QAC7D,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,MAAM,CAAC,IAAI,CAAC,4CAA4C,EAAE;YACxD,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC;YAC/B,YAAY,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;YACxD,cAAc,EAAE,eAAe,IAAI,KAAK;SACzC,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YAC/D,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;QACxD,CAAC;QACD,6DAA6D;QAC7D,kEAAkE;QAClE,mEAAmE;QACnE,mEAAmE;QACnE,mEAAmE;QACnE,gEAAgE;QAChE,gEAAgE;QAChE,mEAAmE;QACnE,kEAAkE;QAClE,oEAAoE;QACpE,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,eAAe,IAAI,cAAc,CAAC,CAAC;IAC1E,CAAC;IAED,2EAA2E;IAC3E,MAAM,OAAO,GAAG,YAAY,EAAE,UAAU,EAAE,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,iEAAiE;QACjE,yDAAyD;QACzD,MAAM,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC7D,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC;SAChC,CAAC,CAAC;QACH,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IACxB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,yDAAyD;QACzD,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE;YACrD,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC;SAChC,CAAC,CAAC;QACH,MAAM,IAAI,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;IACxD,CAAC;IAED,OAAO;QACL,IAAI,EAAE,MAAM;QACZ,GAAG;QACH,KAAK,EAAE,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACpE,KAAK,EAAE,CAAC,MAAM,CAAC;KAChB,CAAC;AACJ,CAAC"}
|
|
@@ -275,7 +275,13 @@ export async function verifyBackendToken(token) {
|
|
|
275
275
|
// looking at a Google ID token, which is structurally a JWT signed by Google.
|
|
276
276
|
let localJwtFailure;
|
|
277
277
|
try {
|
|
278
|
-
|
|
278
|
+
// Pin algorithm to HS256. Without this, `jsonwebtoken.verify` accepts
|
|
279
|
+
// `alg: "none"` (silently!) for older versions of the library — a
|
|
280
|
+
// well-known footgun where an attacker forges an unsigned token and
|
|
281
|
+
// the server accepts it as authentic. Pinning also ensures forward
|
|
282
|
+
// compatibility: if we ever sign with a different alg, every verifier
|
|
283
|
+
// is forced to update in lockstep with the signer.
|
|
284
|
+
const payload = jwt.verify(token, jwtSecret, { algorithms: ['HS256'] });
|
|
279
285
|
if (typeof payload === 'string') {
|
|
280
286
|
// String-payload JWTs are not used by this platform and carry no claims
|
|
281
287
|
// we can convert into a principal. Treat as malformed.
|
|
@@ -350,10 +356,16 @@ export async function verifyBackendToken(token) {
|
|
|
350
356
|
throw new AuthError('invalid_token', 'bad_signature');
|
|
351
357
|
}
|
|
352
358
|
// Default classification for Google verification failures is
|
|
353
|
-
// `bad_audience
|
|
354
|
-
//
|
|
355
|
-
//
|
|
356
|
-
|
|
359
|
+
// `bad_audience` — BUT: when local-JWT path 2 already failed (the
|
|
360
|
+
// common case, since the app mints HS256 tokens that Google cannot
|
|
361
|
+
// recognise), the user is almost certainly NOT presenting a Google
|
|
362
|
+
// ID token at all. Surfacing `bad_audience` in that case hides the
|
|
363
|
+
// real upstream failure (typically `bad_signature` from path 2)
|
|
364
|
+
// behind an irrelevant fallback diagnosis. Prefer the local-JWT
|
|
365
|
+
// reason when present; only fall back to `bad_audience` when there
|
|
366
|
+
// is no local-JWT failure to bubble (i.e. a token that decoded as
|
|
367
|
+
// a JWT but somehow didn't reach the local-JWT branch — defensive).
|
|
368
|
+
throw new AuthError('invalid_token', localJwtFailure ?? 'bad_audience');
|
|
357
369
|
}
|
|
358
370
|
// ticketResult must be defined here because the catch above always throws.
|
|
359
371
|
const payload = ticketResult?.getPayload?.();
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* HTTP Status Mapper Plugin for Apollo Server 5.
|
|
3
|
+
*
|
|
4
|
+
* Maps well-known GraphQL error codes to their semantically-correct HTTP
|
|
5
|
+
* status codes. Apollo Server 5 defaults to HTTP 500 for any error thrown
|
|
6
|
+
* inside the `context` function (wrapped as ContextFunctionError) and to
|
|
7
|
+
* HTTP 200 for errors thrown inside resolvers — neither default is correct
|
|
8
|
+
* for an authentication failure, and the 500 default actively harms
|
|
9
|
+
* consumers: Apollo Client's observable pipeline crashes on a 5xx response
|
|
10
|
+
* with a GraphQL-shaped body (`Cannot read properties of undefined (reading
|
|
11
|
+
* 'write')`), so the awaited `client.query(...)` Promise neither resolves
|
|
12
|
+
* nor rejects. Downstream `try/catch` blocks never run, and any UI that
|
|
13
|
+
* gates rendering on a `setIsLoading(false)` in `finally` is locked into a
|
|
14
|
+
* permanent loading state.
|
|
15
|
+
*
|
|
16
|
+
* This plugin runs in `willSendResponse` and inspects every GraphQL error in
|
|
17
|
+
* the final response body. If any error carries `extensions.code` in the
|
|
18
|
+
* lookup table below, the response's HTTP status is upgraded accordingly.
|
|
19
|
+
* Doing it here (rather than at each throw site) means we get the same
|
|
20
|
+
* mapping whether the error originated in a context function, a resolver,
|
|
21
|
+
* an `AuthChecker`, or a directive — and a future code path that throws
|
|
22
|
+
* UNAUTHENTICATED cannot accidentally regress to a 500.
|
|
23
|
+
*
|
|
24
|
+
* Mapping policy:
|
|
25
|
+
* UNAUTHENTICATED → 401 (most common; the bug above)
|
|
26
|
+
* FORBIDDEN → 403 (AuthChecker rejections per CORTEX-P0-001)
|
|
27
|
+
* BAD_USER_INPUT → 400 (GraphQL validation already handles syntax; this
|
|
28
|
+
* covers semantic input rejection from validators)
|
|
29
|
+
* Anything else → unchanged (200 for in-body errors, 500 for fatal)
|
|
30
|
+
*/
|
|
31
|
+
import type { ApolloServerPlugin } from '@apollo/server';
|
|
32
|
+
export declare function createHttpStatusMapperPlugin<TContext extends object = object>(): ApolloServerPlugin<TContext>;
|
|
33
|
+
//# sourceMappingURL=http-status-mapper.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-status-mapper.d.ts","sourceRoot":"","sources":["../../../src/plugins/http-status-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAGnB,MAAM,gBAAgB,CAAC;AAgCxB,wBAAgB,4BAA4B,CAC1C,QAAQ,SAAS,MAAM,GAAG,MAAM,KAC7B,kBAAkB,CAAC,QAAQ,CAAC,CA2BhC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-status-mapper.js","sourceRoot":"","sources":["../../../src/plugins/http-status-mapper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AASH,MAAM,mBAAmB,GAA2B;IAClD,eAAe,EAAE,GAAG;IACpB,SAAS,EAAE,GAAG;IACd,cAAc,EAAE,GAAG;CACpB,CAAC;AAEF;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,MAAwC;IAExC,IAAI,IAAwB,CAAC;IAC7B,MAAM,QAAQ,GAA2B,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IACpE,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC;QAClC,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,SAAS;QACvC,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1E,IAAI,GAAG,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,4BAA4B;IAG1C,OAAO;QACL,KAAK,CAAC,eAAe;YACnB,OAAO;gBACL,KAAK,CAAC,gBAAgB,CACpB,cAA+D;oBAE/D,MAAM,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC;oBACpC,MAAM,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAC;oBAC1B,kEAAkE;oBAClE,iEAAiE;oBACjE,4DAA4D;oBAC5D,8DAA8D;oBAC9D,UAAU;oBACV,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;wBAAE,OAAO;oBACnC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC;oBACxC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;wBAAE,OAAO;oBAC3C,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;oBACxC,IAAI,MAAM,KAAK,SAAS;wBAAE,OAAO;oBACjC,4DAA4D;oBAC5D,+DAA+D;oBAC/D,qEAAqE;oBACrE,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;gBAChC,CAAC;aACF,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* HTTP Status Mapper Plugin for Apollo Server 5.
|
|
3
|
+
*
|
|
4
|
+
* Maps well-known GraphQL error codes to their semantically-correct HTTP
|
|
5
|
+
* status codes. Apollo Server 5 defaults to HTTP 500 for any error thrown
|
|
6
|
+
* inside the `context` function (wrapped as ContextFunctionError) and to
|
|
7
|
+
* HTTP 200 for errors thrown inside resolvers — neither default is correct
|
|
8
|
+
* for an authentication failure, and the 500 default actively harms
|
|
9
|
+
* consumers: Apollo Client's observable pipeline crashes on a 5xx response
|
|
10
|
+
* with a GraphQL-shaped body (`Cannot read properties of undefined (reading
|
|
11
|
+
* 'write')`), so the awaited `client.query(...)` Promise neither resolves
|
|
12
|
+
* nor rejects. Downstream `try/catch` blocks never run, and any UI that
|
|
13
|
+
* gates rendering on a `setIsLoading(false)` in `finally` is locked into a
|
|
14
|
+
* permanent loading state.
|
|
15
|
+
*
|
|
16
|
+
* This plugin runs in `willSendResponse` and inspects every GraphQL error in
|
|
17
|
+
* the final response body. If any error carries `extensions.code` in the
|
|
18
|
+
* lookup table below, the response's HTTP status is upgraded accordingly.
|
|
19
|
+
* Doing it here (rather than at each throw site) means we get the same
|
|
20
|
+
* mapping whether the error originated in a context function, a resolver,
|
|
21
|
+
* an `AuthChecker`, or a directive — and a future code path that throws
|
|
22
|
+
* UNAUTHENTICATED cannot accidentally regress to a 500.
|
|
23
|
+
*
|
|
24
|
+
* Mapping policy:
|
|
25
|
+
* UNAUTHENTICATED → 401 (most common; the bug above)
|
|
26
|
+
* FORBIDDEN → 403 (AuthChecker rejections per CORTEX-P0-001)
|
|
27
|
+
* BAD_USER_INPUT → 400 (GraphQL validation already handles syntax; this
|
|
28
|
+
* covers semantic input rejection from validators)
|
|
29
|
+
* Anything else → unchanged (200 for in-body errors, 500 for fatal)
|
|
30
|
+
*/
|
|
31
|
+
const CODE_TO_HTTP_STATUS = {
|
|
32
|
+
UNAUTHENTICATED: 401,
|
|
33
|
+
FORBIDDEN: 403,
|
|
34
|
+
BAD_USER_INPUT: 400,
|
|
35
|
+
};
|
|
36
|
+
/**
|
|
37
|
+
* Returns the highest-priority HTTP status implied by the GraphQL errors in
|
|
38
|
+
* the response, or undefined if no mapping applies. Priority order: 401 over
|
|
39
|
+
* 403 over 400 — auth failures trump everything else because they're the
|
|
40
|
+
* primary signal a client needs to refresh its token / reauthenticate.
|
|
41
|
+
*/
|
|
42
|
+
function deriveHttpStatus(errors) {
|
|
43
|
+
let best;
|
|
44
|
+
const priority = { 401: 3, 403: 2, 400: 1 };
|
|
45
|
+
for (const err of errors) {
|
|
46
|
+
const code = err.extensions?.code;
|
|
47
|
+
if (typeof code !== 'string')
|
|
48
|
+
continue;
|
|
49
|
+
const status = CODE_TO_HTTP_STATUS[code];
|
|
50
|
+
if (!status)
|
|
51
|
+
continue;
|
|
52
|
+
if (best === undefined || (priority[status] ?? 0) > (priority[best] ?? 0)) {
|
|
53
|
+
best = status;
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
return best;
|
|
57
|
+
}
|
|
58
|
+
export function createHttpStatusMapperPlugin() {
|
|
59
|
+
return {
|
|
60
|
+
async requestDidStart() {
|
|
61
|
+
return {
|
|
62
|
+
async willSendResponse(requestContext) {
|
|
63
|
+
const { response } = requestContext;
|
|
64
|
+
const { body } = response;
|
|
65
|
+
// Only the `single` response kind carries a single `errors` array
|
|
66
|
+
// we can inspect synchronously. Incremental delivery (`@defer` /
|
|
67
|
+
// `@stream`) uses `incremental` and would require per-chunk
|
|
68
|
+
// mapping; we don't use those features yet, so this is a safe
|
|
69
|
+
// narrow.
|
|
70
|
+
if (body.kind !== 'single')
|
|
71
|
+
return;
|
|
72
|
+
const errors = body.singleResult.errors;
|
|
73
|
+
if (!errors || errors.length === 0)
|
|
74
|
+
return;
|
|
75
|
+
const status = deriveHttpStatus(errors);
|
|
76
|
+
if (status === undefined)
|
|
77
|
+
return;
|
|
78
|
+
// Apollo Server only sets `http.status` for fatal errors by
|
|
79
|
+
// default; assigning here overrides that. The `http` object is
|
|
80
|
+
// always present on the response when reached via expressMiddleware.
|
|
81
|
+
response.http.status = status;
|
|
82
|
+
},
|
|
83
|
+
};
|
|
84
|
+
},
|
|
85
|
+
};
|
|
86
|
+
}
|
|
87
|
+
//# sourceMappingURL=http-status-mapper.js.map
|
package/esm/plugins/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,4BAA4B,EAAE,MAAM,sBAAsB,CAAC"}
|
package/esm/plugins/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAAE,4BAA4B,EAAE,MAAM,sBAAsB,CAAC"}
|
package/esm/plugins/index.mjs
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adaptic/backend-legacy",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.975",
|
|
4
4
|
"description": "Backend executable CRUD functions with dynamic variables construction, and type definitions for the Adaptic AI platform.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"types": "index.d.ts",
|
package/server.cjs
CHANGED
|
@@ -54,6 +54,7 @@ const ws_1 = require("ws");
|
|
|
54
54
|
const ws_2 = require("graphql-ws/lib/use/ws");
|
|
55
55
|
const auth_1 = require("./middleware/auth.cjs");
|
|
56
56
|
const audit_logger_1 = require("./middleware/audit-logger.cjs");
|
|
57
|
+
const http_status_mapper_1 = require("./plugins/http-status-mapper.cjs");
|
|
57
58
|
const prismaClient_1 = __importStar(require("./prismaClient.cjs"));
|
|
58
59
|
const health_1 = require("./health.cjs");
|
|
59
60
|
const child_process_1 = require("child_process");
|
|
@@ -139,9 +140,10 @@ const startServer = async () => {
|
|
|
139
140
|
plugins: [
|
|
140
141
|
(0, drainHttpServer_1.ApolloServerPluginDrainHttpServer)({ httpServer }),
|
|
141
142
|
(0, audit_logger_1.createAuditLogPlugin)(),
|
|
143
|
+
(0, http_status_mapper_1.createHttpStatusMapperPlugin)(),
|
|
142
144
|
],
|
|
143
145
|
formatError: (err) => {
|
|
144
|
-
var _a;
|
|
146
|
+
var _a, _b;
|
|
145
147
|
const message = err.message || '';
|
|
146
148
|
// Demote known caller-handled / caller-side error patterns to lower
|
|
147
149
|
// log levels so they don't pollute ERROR logs and trigger spurious
|
|
@@ -189,12 +191,25 @@ const startServer = async () => {
|
|
|
189
191
|
// a successful query or a different error, we might reset:
|
|
190
192
|
dbUnreachableCount = 0;
|
|
191
193
|
}
|
|
194
|
+
// Surface the verifier's `reason` enum on UNAUTHENTICATED responses so
|
|
195
|
+
// operators (and the web app's network tab) can diagnose auth failures
|
|
196
|
+
// without grepping Railway logs. The reason is one of a finite set —
|
|
197
|
+
// `malformed | expired | bad_signature | bad_audience |
|
|
198
|
+
// opaque_access_token_rejected | misconfigured` — and carries no
|
|
199
|
+
// sensitive data (no token bytes, no claim values). Whitelisted to
|
|
200
|
+
// UNAUTHENTICATED so we do not accidentally leak a `reason` field
|
|
201
|
+
// attached to any other error class. See CORTEX-2026-05-12 auth-debug
|
|
202
|
+
// change log.
|
|
203
|
+
const code = ((_a = err.extensions) === null || _a === void 0 ? void 0 : _a.code) || 'INTERNAL_SERVER_ERROR';
|
|
204
|
+
const reasonValue = (_b = err.extensions) === null || _b === void 0 ? void 0 : _b.reason;
|
|
205
|
+
const includeReason = code === 'UNAUTHENTICATED' && typeof reasonValue === 'string';
|
|
192
206
|
return {
|
|
193
207
|
message: err.message,
|
|
194
208
|
locations: err.locations,
|
|
195
209
|
path: err.path,
|
|
196
210
|
extensions: {
|
|
197
|
-
code
|
|
211
|
+
code,
|
|
212
|
+
...(includeReason ? { reason: reasonValue } : {}),
|
|
198
213
|
},
|
|
199
214
|
};
|
|
200
215
|
},
|