@atproto/oauth-provider 0.7.3 → 0.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +13 -0
  2. package/dist/router/assets/send-authorization-page.d.ts.map +1 -1
  3. package/dist/router/assets/send-authorization-page.js +6 -1
  4. package/dist/router/assets/send-authorization-page.js.map +1 -1
  5. package/package.json +4 -4
  6. package/src/router/assets/send-authorization-page.ts +6 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,18 @@
1
1
  # @atproto/oauth-provider
2
2
 
3
+ ## 0.7.5
4
+
5
+ ### Patch Changes
6
+
7
+ - [#3783](https://github.com/bluesky-social/atproto/pull/3783) [`d794b0676`](https://github.com/bluesky-social/atproto/commit/d794b06763050b4b32484e90116461deae45cbe3) Thanks [@devinivy](https://github.com/devinivy)! - Revert "Use more secure COEP header when hCaptcha is enabled"
8
+
9
+ ## 0.7.4
10
+
11
+ ### Patch Changes
12
+
13
+ - Updated dependencies [[`81524fcb0`](https://github.com/bluesky-social/atproto/commit/81524fcb007f12161fd6928badbf176b1568b4b3), [`a70dad5ae`](https://github.com/bluesky-social/atproto/commit/a70dad5aea32ce26d2cca170a06d184935b4865d)]:
14
+ - @atproto/oauth-provider-ui@0.1.3
15
+
3
16
  ## 0.7.3
4
17
 
5
18
  ### Patch Changes
package/dist/router/assets/send-authorization-page.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"send-authorization-page.d.ts","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAGhE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAA;AAMpE,OAAO,EAAE,gCAAgC,EAAE,MAAM,qDAAqD,CAAA;AAItG,wBAAgB,wBAAwB,CAAC,aAAa,EAAE,aAAa,IAWjE,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,MAAM,gCAAgC,KACrC,OAAO,CAAC,IAAI,CAAC,CA6BjB"}
1
+ {"version":3,"file":"send-authorization-page.d.ts","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAGhE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAA;AAMpE,OAAO,EAAE,gCAAgC,EAAE,MAAM,qDAAqD,CAAA;AAItG,wBAAgB,wBAAwB,CAAC,aAAa,EAAE,aAAa,IAgBjE,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,MAAM,gCAAgC,KACrC,OAAO,CAAC,IAAI,CAAC,CA6BjB"}
package/dist/router/assets/send-authorization-page.js CHANGED
@@ -16,6 +16,11 @@ function sendAuthorizePageFactory(customization) {
16
16
  const customizationCss = (0, index_js_2.cssCode)((0, build_customization_css_js_1.buildCustomizationCss)(customization));
17
17
  const { scripts, styles } = (0, assets_js_1.getAssets)('authorization-page');
18
18
  const csp = (0, index_js_1.mergeCsp)(assets_js_1.SPA_CSP, customization?.hcaptcha ? assets_js_1.HCAPTCHA_CSP : undefined);
19
+ const coep = customization?.hcaptcha
20
+ ? // https://github.com/hCaptcha/react-hcaptcha/issues/259
21
+ // @TODO Remove the use of `unsafeNone` once the issue above is resolved
22
+ security_headers_js_1.CrossOriginEmbedderPolicy.unsafeNone
23
+ : security_headers_js_1.CrossOriginEmbedderPolicy.credentialless;
19
24
  return async function sendAuthorizePage(req, res, data) {
20
25
  await (0, csrf_js_1.setupCsrfToken)(req, res);
21
26
  const script = (0, hydration_data_js_1.declareHydrationData)({
@@ -35,7 +40,7 @@ function sendAuthorizePageFactory(customization) {
35
40
  meta: [{ name: 'robots', content: 'noindex' }],
36
41
  body: (0, index_js_2.html) `<div id="root"></div>`,
37
42
  csp,
38
- coep: security_headers_js_1.CrossOriginEmbedderPolicy.credentialless,
43
+ coep,
39
44
  scripts: [script, ...scripts],
40
45
  styles: [...styles, customizationCss],
41
46
  });
package/dist/router/assets/send-authorization-page.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"send-authorization-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":";;AAaA,4DA2CC;AAvDD,+FAAsF;AACtF,iGAAwF;AAExF,qDAAiD;AACjD,wEAAuE;AACvE,sDAAuD;AACvD,4EAA8E;AAC9E,iEAAwD;AAExD,2CAA6E;AAC7E,uCAA0C;AAE1C,SAAgB,wBAAwB,CAAC,aAA4B;IACnE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,oBAAoB,CAAC,CAAA;IAC3D,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAClB,mBAAO,EACP,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAY,CAAC,CAAC,CAAC,SAAS,CACnD,CAAA;IAED,OAAO,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB,EACnB,IAAsC;QAEtC,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAsC;YACvE,mBAAmB,EAAE,iBAAiB;YACtC,eAAe,EAAE;gBACf,UAAU,EAAE,IAAI,CAAC,GAAG;gBAEpB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;gBACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;gBAEzC,YAAY,EAAE,IAAI,CAAC,YAAY;gBAE/B,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;gBACrC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;aACtC;YACD,UAAU,EAAE,IAAI,CAAC,QAAQ;SAC1B,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;YACjC,GAAG;YACH,IAAI,EAAE,+CAAyB,CAAC,cAAc;YAC9C,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"send-authorization-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":";;AAaA,4DAgDC;AA5DD,+FAAsF;AACtF,iGAAwF;AAExF,qDAAiD;AACjD,wEAAuE;AACvE,sDAAuD;AACvD,4EAA8E;AAC9E,iEAAwD;AAExD,2CAA6E;AAC7E,uCAA0C;AAE1C,SAAgB,wBAAwB,CAAC,aAA4B;IACnE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,oBAAoB,CAAC,CAAA;IAC3D,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAClB,mBAAO,EACP,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAY,CAAC,CAAC,CAAC,SAAS,CACnD,CAAA;IACD,MAAM,IAAI,GAAG,aAAa,EAAE,QAAQ;QAClC,CAAC,CAAC,wDAAwD;YACxD,wEAAwE;YACxE,+CAAyB,CAAC,UAAU;QACtC,CAAC,CAAC,+CAAyB,CAAC,cAAc,CAAA;IAE5C,OAAO,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB,EACnB,IAAsC;QAEtC,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAsC;YACvE,mBAAmB,EAAE,iBAAiB;YACtC,eAAe,EAAE;gBACf,UAAU,EAAE,IAAI,CAAC,GAAG;gBAEpB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;gBACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;gBAEzC,YAAY,EAAE,IAAI,CAAC,YAAY;gBAE/B,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;gBACrC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;aACtC;YACD,UAAU,EAAE,IAAI,CAAC,QAAQ;SAC1B,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;YACjC,GAAG;YACH,IAAI;YACJ,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@atproto/oauth-provider",
3
- "version": "0.7.3",
3
+ "version": "0.7.5",
4
4
  "license": "MIT",
5
5
  "description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
6
6
  "keywords": [
@@ -43,10 +43,10 @@
43
43
  "jose": "^5.2.0",
44
44
  "psl": "^1.9.0",
45
45
  "zod": "^3.23.8",
46
- "@atproto-labs/fetch": "0.2.2",
47
46
  "@atproto-labs/fetch-node": "0.1.8",
48
- "@atproto-labs/pipe": "0.1.0",
47
+ "@atproto-labs/fetch": "0.2.2",
49
48
  "@atproto-labs/simple-store": "0.2.0",
49
+ "@atproto-labs/pipe": "0.1.0",
50
50
  "@atproto-labs/simple-store-memory": "0.1.3",
51
51
  "@atproto/common": "^0.4.10",
52
52
  "@atproto/jwk": "0.1.5",
@@ -54,7 +54,7 @@
54
54
  "@atproto/oauth-types": "0.2.6",
55
55
  "@atproto/oauth-provider-api": "0.1.1",
56
56
  "@atproto/oauth-provider-frontend": "0.1.3",
57
- "@atproto/oauth-provider-ui": "0.1.2",
57
+ "@atproto/oauth-provider-ui": "0.1.3",
58
58
  "@atproto/syntax": "0.4.0"
59
59
  },
60
60
  "devDependencies": {
package/src/router/assets/send-authorization-page.ts CHANGED
@@ -20,6 +20,11 @@ export function sendAuthorizePageFactory(customization: Customization) {
20
20
  SPA_CSP,
21
21
  customization?.hcaptcha ? HCAPTCHA_CSP : undefined,
22
22
  )
23
+ const coep = customization?.hcaptcha
24
+ ? // https://github.com/hCaptcha/react-hcaptcha/issues/259
25
+ // @TODO Remove the use of `unsafeNone` once the issue above is resolved
26
+ CrossOriginEmbedderPolicy.unsafeNone
27
+ : CrossOriginEmbedderPolicy.credentialless
23
28
 
24
29
  return async function sendAuthorizePage(
25
30
  req: IncomingMessage,
@@ -49,7 +54,7 @@ export function sendAuthorizePageFactory(customization: Customization) {
49
54
  meta: [{ name: 'robots', content: 'noindex' }],
50
55
  body: html`<div id="root"></div>`,
51
56
  csp,
52
- coep: CrossOriginEmbedderPolicy.credentialless,
57
+ coep,
53
58
  scripts: [script, ...scripts],
54
59
  styles: [...styles, customizationCss],
55
60
  })