@atproto/oauth-provider 0.6.0 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/dist/lib/hcaptcha.d.ts +10 -9
- package/dist/lib/hcaptcha.d.ts.map +1 -1
- package/dist/lib/hcaptcha.js +5 -4
- package/dist/lib/hcaptcha.js.map +1 -1
- package/package.json +2 -2
- package/src/lib/hcaptcha.ts +5 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# @atproto/oauth-provider
|
|
2
2
|
|
|
3
|
+
## 0.6.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#3681](https://github.com/bluesky-social/atproto/pull/3681) [`a5a760c1f`](https://github.com/bluesky-social/atproto/commit/a5a760c1f0efd7246c9eebbc0f482d2f505de0a1) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Allow null hostname in hcaptcha result
|
|
8
|
+
|
|
9
|
+
## 0.6.1
|
|
10
|
+
|
|
11
|
+
### Patch Changes
|
|
12
|
+
|
|
13
|
+
- [#3656](https://github.com/bluesky-social/atproto/pull/3656) [`42807cad5`](https://github.com/bluesky-social/atproto/commit/42807cad56786e402d601ef9ed97379d5641a2c6) Thanks [@Johannes-Andersen](https://github.com/Johannes-Andersen)! - hCaptcha error codes should be optional
|
|
14
|
+
|
|
3
15
|
## 0.6.0
|
|
4
16
|
|
|
5
17
|
### Minor Changes
|
package/dist/lib/hcaptcha.d.ts
CHANGED
|
@@ -50,11 +50,12 @@ export declare const hcaptchaVerifyResultSchema: z.ZodObject<{
|
|
|
50
50
|
/**
|
|
51
51
|
* the hostname of the site where the challenge was passed
|
|
52
52
|
*/
|
|
53
|
-
hostname: z.ZodString
|
|
53
|
+
hostname: z.ZodNullable<z.ZodString>;
|
|
54
54
|
/**
|
|
55
|
-
* optional: any error codes
|
|
55
|
+
* optional: any error codes returned by the hCaptcha API.
|
|
56
|
+
* @see {@link https://docs.hcaptcha.com/#siteverify-error-codes-table}
|
|
56
57
|
*/
|
|
57
|
-
'error-codes': z.ZodArray<z.ZodString, "many"
|
|
58
|
+
'error-codes': z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
58
59
|
/**
|
|
59
60
|
* ENTERPRISE feature: a score denoting malicious activity. Value ranges from
|
|
60
61
|
* 0.0 (no risk) to 1.0 (confirmed threat).
|
|
@@ -109,10 +110,10 @@ export declare const hcaptchaVerifyResultSchema: z.ZodObject<{
|
|
|
109
110
|
*/
|
|
110
111
|
tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
111
112
|
}, "strip", z.ZodTypeAny, {
|
|
112
|
-
hostname: string;
|
|
113
|
+
hostname: string | null;
|
|
113
114
|
success: boolean;
|
|
114
115
|
challenge_ts: string;
|
|
115
|
-
'error-codes'
|
|
116
|
+
'error-codes'?: string[] | undefined;
|
|
116
117
|
score?: number | undefined;
|
|
117
118
|
score_reason?: string[] | undefined;
|
|
118
119
|
sitekey?: string | undefined;
|
|
@@ -127,10 +128,10 @@ export declare const hcaptchaVerifyResultSchema: z.ZodObject<{
|
|
|
127
128
|
sigs?: Record<string, unknown> | undefined;
|
|
128
129
|
tags?: string[] | undefined;
|
|
129
130
|
}, {
|
|
130
|
-
hostname: string;
|
|
131
|
+
hostname: string | null;
|
|
131
132
|
success: boolean;
|
|
132
133
|
challenge_ts: string;
|
|
133
|
-
'error-codes'
|
|
134
|
+
'error-codes'?: string[] | undefined;
|
|
134
135
|
score?: number | undefined;
|
|
135
136
|
score_reason?: string[] | undefined;
|
|
136
137
|
sitekey?: string | undefined;
|
|
@@ -154,10 +155,10 @@ export declare class HCaptchaClient {
|
|
|
154
155
|
verify(behaviorType: 'login' | 'signup', response: string, remoteip: string, handle: string, userAgent?: string): Promise<{
|
|
155
156
|
allowed: boolean;
|
|
156
157
|
result: {
|
|
157
|
-
hostname: string;
|
|
158
|
+
hostname: string | null;
|
|
158
159
|
success: boolean;
|
|
159
160
|
challenge_ts: string;
|
|
160
|
-
'error-codes'
|
|
161
|
+
'error-codes'?: string[] | undefined;
|
|
161
162
|
score?: number | undefined;
|
|
162
163
|
score_reason?: string[] | undefined;
|
|
163
164
|
sitekey?: string | undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hcaptcha.d.ts","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EACL,KAAK,EACL,UAAU,EAKX,MAAM,qBAAqB,CAAA;AAG5B,eAAO,MAAM,mBAAmB,aAAoB,CAAA;AACpD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D,eAAO,MAAM,oBAAoB;IAC/B;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;;;;OAMG;;;;;;;;;;;;EAEH,CAAA;AACF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAEjE;;GAEG;AACH,eAAO,MAAM,0BAA0B;IACrC;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;
|
|
1
|
+
{"version":3,"file":"hcaptcha.d.ts","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EACL,KAAK,EACL,UAAU,EAKX,MAAM,qBAAqB,CAAA;AAG5B,eAAO,MAAM,mBAAmB,aAAoB,CAAA;AACpD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D,eAAO,MAAM,oBAAoB;IAC/B;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;;;;OAMG;;;;;;;;;;;;EAEH,CAAA;AACF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAEjE;;GAEG;AACH,eAAO,MAAM,0BAA0B;IACrC;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;OAGG;;IAEH;;;OAGG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAA;AAEF,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAA;AAQ7E,qBAAa,cAAc;IAGvB,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAHzB,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAA;gBAEjB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,EACvC,KAAK,GAAE,KAAwB;IAKpB,MAAM,CACjB,YAAY,EAAE,OAAO,GAAG,QAAQ,EAChC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,SAAS,CAAC,EAAE,MAAM;;;;;;;;;;;;;;;;;;;;;;IA2BpB,SAAS,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,oBAAoB;IActE,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM;CAMlC"}
|
package/dist/lib/hcaptcha.js
CHANGED
|
@@ -43,11 +43,12 @@ exports.hcaptchaVerifyResultSchema = zod_1.z.object({
|
|
|
43
43
|
/**
|
|
44
44
|
* the hostname of the site where the challenge was passed
|
|
45
45
|
*/
|
|
46
|
-
hostname: zod_1.z.string(),
|
|
46
|
+
hostname: zod_1.z.string().nullable(),
|
|
47
47
|
/**
|
|
48
|
-
* optional: any error codes
|
|
48
|
+
* optional: any error codes returned by the hCaptcha API.
|
|
49
|
+
* @see {@link https://docs.hcaptcha.com/#siteverify-error-codes-table}
|
|
49
50
|
*/
|
|
50
|
-
'error-codes': zod_1.z.array(zod_1.z.string()),
|
|
51
|
+
'error-codes': zod_1.z.array(zod_1.z.string()).optional(),
|
|
51
52
|
/**
|
|
52
53
|
* ENTERPRISE feature: a score denoting malicious activity. Value ranges from
|
|
53
54
|
* 0.0 (no risk) to 1.0 (confirmed threat).
|
|
@@ -140,7 +141,7 @@ class HCaptchaClient {
|
|
|
140
141
|
return (success &&
|
|
141
142
|
// Fool-proofing: If this is false, the user is trying to use a token
|
|
142
143
|
// generated for the same siteKey, but on another domain.
|
|
143
|
-
hostname === this.hostname &&
|
|
144
|
+
(hostname == null || hostname === this.hostname) &&
|
|
144
145
|
// Ignore if enterprise feature is not enabled
|
|
145
146
|
(score == null ||
|
|
146
147
|
// Ignore if disabled through config
|
package/dist/lib/hcaptcha.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hcaptcha.js","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,6BAAuB;AACvB,+CAO4B;AAC5B,6CAAyC;AAE5B,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;AAGvC,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;;;;;OAMG;IACH,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAA;AAGF;;GAEG;AACU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;
|
|
1
|
+
{"version":3,"file":"hcaptcha.js","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,6BAAuB;AACvB,+CAO4B;AAC5B,6CAAyC;AAE5B,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;AAGvC,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;;;;;OAMG;IACH,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAA;AAGF;;GAEG;AACU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B;;;OAGG;IACH,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B;;OAEG;IACH,eAAe,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD;;OAEG;IACH,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC;;OAEG;IACH,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/C;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA;AAIF,MAAM,mBAAmB,GAAG,IAAA,WAAI,EAC9B,IAAA,wBAAgB,GAAE,EAClB,IAAA,0BAAkB,GAAE,EACpB,IAAA,6BAAqB,EAAC,kCAA0B,CAAC,CAClD,CAAA;AAED,MAAa,cAAc;IAGN;IACA;IAHA,KAAK,CAAY;IACpC,YACmB,QAAgB,EAChB,MAAsB,EACvC,QAAe,UAAU,CAAC,KAAK;QAFd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAgB;QAGvC,IAAI,CAAC,KAAK,GAAG,IAAA,iBAAS,EAAC,KAAK,CAAC,CAAA;IAC/B,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,YAAgC,EAChC,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,SAAkB;QAElB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,qCAAqC,EAAE;YACrE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC5B,aAAa,EAAE,YAAY;gBAC3B,QAAQ;gBACR,QAAQ;gBACR,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC;oBAC5B,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;oBAClC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;oBACpC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;iBACnE,CAAC;aACH,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;QAE5B,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YAC/B,MAAM;SACP,CAAA;IACH,CAAC;IAES,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAwB;QACpE,OAAO,CACL,OAAO;YACP,qEAAqE;YACrE,yDAAyD;YACzD,CAAC,QAAQ,IAAI,IAAI,IAAI,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC;YAChD,8CAA8C;YAC9C,CAAC,KAAK,IAAI,IAAI;gBACZ,oCAAoC;gBACpC,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI;gBAClC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CACtC,CAAA;IACH,CAAC;IAES,SAAS,CAAC,KAAa;QAC/B,MAAM,IAAI,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAA;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACzC,CAAC;CACF;AA9DD,wCA8DC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/oauth-provider",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.2",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
|
|
6
6
|
"keywords": [
|
|
@@ -43,8 +43,8 @@
|
|
|
43
43
|
"jose": "^5.2.0",
|
|
44
44
|
"psl": "^1.9.0",
|
|
45
45
|
"zod": "^3.23.8",
|
|
46
|
-
"@atproto-labs/fetch": "0.2.2",
|
|
47
46
|
"@atproto-labs/fetch-node": "0.1.8",
|
|
47
|
+
"@atproto-labs/fetch": "0.2.2",
|
|
48
48
|
"@atproto-labs/pipe": "0.1.0",
|
|
49
49
|
"@atproto-labs/simple-store": "0.1.2",
|
|
50
50
|
"@atproto-labs/simple-store-memory": "0.1.2",
|
package/src/lib/hcaptcha.ts
CHANGED
|
@@ -52,11 +52,12 @@ export const hcaptchaVerifyResultSchema = z.object({
|
|
|
52
52
|
/**
|
|
53
53
|
* the hostname of the site where the challenge was passed
|
|
54
54
|
*/
|
|
55
|
-
hostname: z.string(),
|
|
55
|
+
hostname: z.string().nullable(),
|
|
56
56
|
/**
|
|
57
|
-
* optional: any error codes
|
|
57
|
+
* optional: any error codes returned by the hCaptcha API.
|
|
58
|
+
* @see {@link https://docs.hcaptcha.com/#siteverify-error-codes-table}
|
|
58
59
|
*/
|
|
59
|
-
'error-codes': z.array(z.string()),
|
|
60
|
+
'error-codes': z.array(z.string()).optional(),
|
|
60
61
|
/**
|
|
61
62
|
* ENTERPRISE feature: a score denoting malicious activity. Value ranges from
|
|
62
63
|
* 0.0 (no risk) to 1.0 (confirmed threat).
|
|
@@ -167,7 +168,7 @@ export class HCaptchaClient {
|
|
|
167
168
|
success &&
|
|
168
169
|
// Fool-proofing: If this is false, the user is trying to use a token
|
|
169
170
|
// generated for the same siteKey, but on another domain.
|
|
170
|
-
hostname === this.hostname &&
|
|
171
|
+
(hostname == null || hostname === this.hostname) &&
|
|
171
172
|
// Ignore if enterprise feature is not enabled
|
|
172
173
|
(score == null ||
|
|
173
174
|
// Ignore if disabled through config
|