@atproto/oauth-provider 0.16.1 → 0.16.3

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @atproto/oauth-provider
 
+## 0.16.3
+
+### Patch Changes
+
+- [#4880](https://github.com/bluesky-social/atproto/pull/4880) [`5d3e248`](https://github.com/bluesky-social/atproto/commit/5d3e248c262f45e3ca471d8d2381830a4cd896ae) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Fix `/.well-known/change-password` page
+
+- Updated dependencies [[`5d3e248`](https://github.com/bluesky-social/atproto/commit/5d3e248c262f45e3ca471d8d2381830a4cd896ae)]:
+  - @atproto/oauth-provider-ui@0.5.2
+
+## 0.16.2
+
+### Patch Changes
+
+- Updated dependencies [[`84eb5ed`](https://github.com/bluesky-social/atproto/commit/84eb5ed95d145870a85ea380df3edf6c591c6310)]:
+  - @atproto/oauth-provider-ui@0.5.1
+
 ## 0.16.1
 
 ### Patch Changes

package/dist/router/create-account-page-middleware.js

@@ -14,7 +14,7 @@ function createAccountPageMiddleware(server, { onError }) {
     const sendErrorPage = (0, send_error_page_js_1.sendErrorPageFactory)(server.customization, securityOptions);
     const router = new index_js_1.Router(issuerUrl);
     // Create password reset discovery endpoint
-    // https://w3c.github.io/webappsec-change-password-url/
+    // https://www.w3.org/TR/change-password-url/
     router.get('/.well-known/change-password', (_req, res) => {
         (0, index_js_1.writeRedirect)(res, new URL('/account/reset-password', issuerUrl).toString());
     });

package/dist/router/create-account-page-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"create-account-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-account-page-middleware.ts"],"names":[],"mappings":";;AAgBA,kEAuEC;AArFD,mDAO6B;AAG7B,wEAAsE;AACtE,oEAAkE;AAGlE,SAAgB,2BAA2B,CAKzC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,eAAe,GAA2B;QAC9C,IAAI,EAAE,SAAS,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACzD,CAAA;IAED,MAAM,eAAe,GAAG,IAAA,6CAAsB,EAC5C,MAAM,CAAC,aAAa,EACpB,eAAe,CAChB,CAAA;IACD,MAAM,aAAa,GAAG,IAAA,yCAAoB,EACxC,MAAM,CAAC,aAAa,EACpB,eAAe,CAChB,CAAA;IAED,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,2CAA2C;IAC3C,uDAAuD;IACvD,MAAM,CAAC,GAAG,CAAC,8BAA8B,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACvD,IAAA,wBAAa,EAAC,GAAG,EAAE,IAAI,GAAG,CAAC,yBAAyB,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,gCAAgC;IAChC,MAAM,CAAC,GAAG,CAAQ,sBAAsB,EAAE,KAAK,WAAW,GAAG,EAAE,GAAG;QAChE,IAAI,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;YAE/C,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;YAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;YAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YAEjC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,MAAM,cAAc,GAClB,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;YAE1D,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE;gBACxB,cAAc,EAAE,cAAc,CAAC,GAAG,CAChC,CAAC,aAAa,EAAuB,EAAE,CAAC,CAAC;oBACvC,OAAO,EAAE,aAAa,CAAC,OAAO;oBAC9B,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC;iBACxD,CAAC,CACH;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;YAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACrC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;AACjC,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport type { ActiveDeviceSession } from '@atproto/oauth-provider-api'\nimport {\n  Middleware,\n  Router,\n  validateFetchDest,\n  validateFetchMode,\n  validateOrigin,\n  writeRedirect,\n} from '../lib/http/index.js'\nimport { SecurityHeadersOptions } from '../lib/http/security-headers.js'\nimport type { OAuthProvider } from '../oauth-provider.js'\nimport { sendAccountPageFactory } from './assets/send-account-page.js'\nimport { sendErrorPageFactory } from './assets/send-error-page.js'\nimport type { MiddlewareOptions } from './middleware-options.js'\n\nexport function createAccountPageMiddleware<\n  Ctx extends object | void = void,\n  Req extends IncomingMessage = IncomingMessage,\n  Res extends ServerResponse = ServerResponse,\n>(\n  server: OAuthProvider,\n  { onError }: MiddlewareOptions<Req, Res>,\n): Middleware<Ctx, Req, Res> {\n  const issuerUrl = new URL(server.issuer)\n  const issuerOrigin = issuerUrl.origin\n\n  const securityOptions: SecurityHeadersOptions = {\n    hsts: issuerUrl.protocol === 'http:' ? false : undefined,\n  }\n\n  const sendAccountPage = sendAccountPageFactory(\n    server.customization,\n    securityOptions,\n  )\n  const sendErrorPage = sendErrorPageFactory(\n    server.customization,\n    securityOptions,\n  )\n\n  const router = new Router<Ctx, Req, Res>(issuerUrl)\n\n  // Create password reset discovery endpoint\n  // https://w3c.github.io/webappsec-change-password-url/\n  router.get('/.well-known/change-password', (_req, res) => {\n    writeRedirect(res, new URL('/account/reset-password', issuerUrl).toString())\n  })\n\n  // Create frontend account pages\n  router.get<never>(/^\\/account(?:\\/.*)?$/, async function (req, res) {\n    try {\n      res.setHeader('Referrer-Policy', 'same-origin')\n\n      res.setHeader('Cache-Control', 'no-store')\n      res.setHeader('Pragma', 'no-cache')\n\n      validateFetchMode(req, ['navigate'])\n      validateFetchDest(req, ['document'])\n      validateOrigin(req, issuerOrigin)\n\n      const { deviceId } = await server.deviceManager.load(req, res)\n      const deviceAccounts =\n        await server.accountManager.listDeviceAccounts(deviceId)\n\n      sendAccountPage(req, res, {\n        deviceSessions: deviceAccounts.map(\n          (deviceAccount): ActiveDeviceSession => ({\n            account: deviceAccount.account,\n            loginRequired: server.checkLoginRequired(deviceAccount),\n          }),\n        ),\n      })\n    } catch (err) {\n      onError?.(\n        req,\n        res,\n        err,\n        `Failed to handle navigation request to \"${req.url}\"`,\n      )\n\n      if (!res.headersSent) {\n        return sendErrorPage(req, res, err)\n      }\n    }\n  })\n\n  return router.buildMiddleware()\n}\n"]}
+{"version":3,"file":"create-account-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-account-page-middleware.ts"],"names":[],"mappings":";;AAgBA,kEAuEC;AArFD,mDAO6B;AAG7B,wEAAsE;AACtE,oEAAkE;AAGlE,SAAgB,2BAA2B,CAKzC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,eAAe,GAA2B;QAC9C,IAAI,EAAE,SAAS,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACzD,CAAA;IAED,MAAM,eAAe,GAAG,IAAA,6CAAsB,EAC5C,MAAM,CAAC,aAAa,EACpB,eAAe,CAChB,CAAA;IACD,MAAM,aAAa,GAAG,IAAA,yCAAoB,EACxC,MAAM,CAAC,aAAa,EACpB,eAAe,CAChB,CAAA;IAED,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,2CAA2C;IAC3C,6CAA6C;IAC7C,MAAM,CAAC,GAAG,CAAC,8BAA8B,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACvD,IAAA,wBAAa,EAAC,GAAG,EAAE,IAAI,GAAG,CAAC,yBAAyB,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,gCAAgC;IAChC,MAAM,CAAC,GAAG,CAAQ,sBAAsB,EAAE,KAAK,WAAW,GAAG,EAAE,GAAG;QAChE,IAAI,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;YAE/C,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;YAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;YAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YAEjC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,MAAM,cAAc,GAClB,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;YAE1D,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE;gBACxB,cAAc,EAAE,cAAc,CAAC,GAAG,CAChC,CAAC,aAAa,EAAuB,EAAE,CAAC,CAAC;oBACvC,OAAO,EAAE,aAAa,CAAC,OAAO;oBAC9B,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC;iBACxD,CAAC,CACH;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;YAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACrC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;AACjC,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport type { ActiveDeviceSession } from '@atproto/oauth-provider-api'\nimport {\n  Middleware,\n  Router,\n  validateFetchDest,\n  validateFetchMode,\n  validateOrigin,\n  writeRedirect,\n} from '../lib/http/index.js'\nimport { SecurityHeadersOptions } from '../lib/http/security-headers.js'\nimport type { OAuthProvider } from '../oauth-provider.js'\nimport { sendAccountPageFactory } from './assets/send-account-page.js'\nimport { sendErrorPageFactory } from './assets/send-error-page.js'\nimport type { MiddlewareOptions } from './middleware-options.js'\n\nexport function createAccountPageMiddleware<\n  Ctx extends object | void = void,\n  Req extends IncomingMessage = IncomingMessage,\n  Res extends ServerResponse = ServerResponse,\n>(\n  server: OAuthProvider,\n  { onError }: MiddlewareOptions<Req, Res>,\n): Middleware<Ctx, Req, Res> {\n  const issuerUrl = new URL(server.issuer)\n  const issuerOrigin = issuerUrl.origin\n\n  const securityOptions: SecurityHeadersOptions = {\n    hsts: issuerUrl.protocol === 'http:' ? false : undefined,\n  }\n\n  const sendAccountPage = sendAccountPageFactory(\n    server.customization,\n    securityOptions,\n  )\n  const sendErrorPage = sendErrorPageFactory(\n    server.customization,\n    securityOptions,\n  )\n\n  const router = new Router<Ctx, Req, Res>(issuerUrl)\n\n  // Create password reset discovery endpoint\n  // https://www.w3.org/TR/change-password-url/\n  router.get('/.well-known/change-password', (_req, res) => {\n    writeRedirect(res, new URL('/account/reset-password', issuerUrl).toString())\n  })\n\n  // Create frontend account pages\n  router.get<never>(/^\\/account(?:\\/.*)?$/, async function (req, res) {\n    try {\n      res.setHeader('Referrer-Policy', 'same-origin')\n\n      res.setHeader('Cache-Control', 'no-store')\n      res.setHeader('Pragma', 'no-cache')\n\n      validateFetchMode(req, ['navigate'])\n      validateFetchDest(req, ['document'])\n      validateOrigin(req, issuerOrigin)\n\n      const { deviceId } = await server.deviceManager.load(req, res)\n      const deviceAccounts =\n        await server.accountManager.listDeviceAccounts(deviceId)\n\n      sendAccountPage(req, res, {\n        deviceSessions: deviceAccounts.map(\n          (deviceAccount): ActiveDeviceSession => ({\n            account: deviceAccount.account,\n            loginRequired: server.checkLoginRequired(deviceAccount),\n          }),\n        ),\n      })\n    } catch (err) {\n      onError?.(\n        req,\n        res,\n        err,\n        `Failed to handle navigation request to \"${req.url}\"`,\n      )\n\n      if (!res.headersSent) {\n        return sendErrorPage(req, res, err)\n      }\n    }\n  })\n\n  return router.buildMiddleware()\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/oauth-provider",
-  "version": "0.16.1",
+  "version": "0.16.3",
   "license": "MIT",
   "description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
   "keywords": [
@@ -43,19 +43,19 @@
     "jose": "^5.2.0",
     "zod": "^3.23.8",
     "@atproto-labs/fetch": "^0.2.3",
-    "@atproto-labs/pipe": "^0.1.1",
     "@atproto-labs/fetch-node": "^0.2.0",
+    "@atproto-labs/pipe": "^0.1.1",
     "@atproto-labs/simple-store": "^0.3.0",
     "@atproto-labs/simple-store-memory": "^0.1.4",
-    "@atproto/jwk": "^0.6.0",
     "@atproto/common": "^0.5.16",
+    "@atproto/did": "^0.3.0",
+    "@atproto/jwk": "^0.6.0",
     "@atproto/jwk-jose": "^0.1.11",
-    "@atproto/oauth-types": "^0.6.3",
     "@atproto/lex-document": "^0.0.20",
     "@atproto/lex-resolver": "^0.0.22",
+    "@atproto/oauth-types": "^0.6.3",
     "@atproto/oauth-provider-api": "0.4.0",
-    "@atproto/oauth-provider-ui": "0.5.0",
-    "@atproto/did": "^0.3.0",
+    "@atproto/oauth-provider-ui": "0.5.2",
     "@atproto/oauth-scopes": "^0.3.2",
     "@atproto/syntax": "^0.5.4"
   },

package/src/router/create-account-page-middleware.ts

@@ -41,7 +41,7 @@ export function createAccountPageMiddleware<
   const router = new Router<Ctx, Req, Res>(issuerUrl)
 
   // Create password reset discovery endpoint
-  // https://w3c.github.io/webappsec-change-password-url/
+  // https://www.w3.org/TR/change-password-url/
   router.get('/.well-known/change-password', (_req, res) => {
     writeRedirect(res, new URL('/account/reset-password', issuerUrl).toString())
   })