@backstage/backend-app-api 0.7.2 → 0.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +55 -4
- package/alpha/package.json +1 -1
- package/dist/index.cjs.js +126 -61
- package/dist/index.cjs.js.map +1 -1
- package/dist/index.d.ts +3 -0
- package/package.json +28 -28
package/CHANGELOG.md
CHANGED
|
@@ -1,16 +1,67 @@
|
|
|
1
1
|
# @backstage/backend-app-api
|
|
2
2
|
|
|
3
|
-
## 0.7.
|
|
3
|
+
## 0.7.3
|
|
4
4
|
|
|
5
5
|
### Patch Changes
|
|
6
6
|
|
|
7
|
-
-
|
|
7
|
+
- 4cd5ff0: Add ability to configure the Node.js HTTP Server when configuring the root HTTP Router service
|
|
8
|
+
- e8199b1: Move the JWKS registration outside of the lifecycle middleware
|
|
9
|
+
- d229dc4: Move path utilities from `backend-common` to the `backend-plugin-api` package.
|
|
10
|
+
- dc8c5dd: The default `TokenManager` implementation no longer requires keys to be configured in production, but it will throw an errors when generating or authenticating tokens. The default `AuthService` implementation will now also provide additional context if such an error is throw when falling back to using the `TokenManager` service to generate tokens for outgoing requests.
|
|
11
|
+
- 025641b: Redact `meta` fields too with the logger
|
|
12
|
+
- 09f8988: Remove explicit `alg` check for user tokens in `verifyToken`
|
|
13
|
+
- 5863e02: Internal refactor to only create one external token handler
|
|
14
|
+
- a1dc547: Added support for camel case CSP directives in app-config. For example:
|
|
8
15
|
|
|
9
|
-
|
|
16
|
+
```yaml
|
|
17
|
+
backend:
|
|
18
|
+
csp:
|
|
19
|
+
upgradeInsecureRequests: false
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
- 329cc34: Added logging of all plugins being initialized, periodic status, and completion.
|
|
23
|
+
- Updated dependencies
|
|
24
|
+
- @backstage/backend-common@0.22.0
|
|
25
|
+
- @backstage/backend-plugin-api@0.6.18
|
|
26
|
+
- @backstage/backend-tasks@0.5.23
|
|
27
|
+
- @backstage/plugin-auth-node@0.4.13
|
|
28
|
+
- @backstage/plugin-permission-node@0.7.29
|
|
29
|
+
|
|
30
|
+
## 0.7.2-next.1
|
|
31
|
+
|
|
32
|
+
### Patch Changes
|
|
33
|
+
|
|
34
|
+
- 09f8988: Remove explicit `alg` check for user tokens in `verifyToken`
|
|
35
|
+
- Updated dependencies
|
|
36
|
+
- @backstage/backend-common@0.22.0-next.1
|
|
37
|
+
- @backstage/backend-tasks@0.5.23-next.1
|
|
38
|
+
- @backstage/plugin-auth-node@0.4.13-next.1
|
|
39
|
+
- @backstage/plugin-permission-node@0.7.29-next.1
|
|
40
|
+
- @backstage/cli-node@0.2.5
|
|
41
|
+
- @backstage/config-loader@1.8.0
|
|
42
|
+
- @backstage/backend-plugin-api@0.6.18-next.1
|
|
43
|
+
|
|
44
|
+
## 0.7.1-next.0
|
|
10
45
|
|
|
11
46
|
### Patch Changes
|
|
12
47
|
|
|
13
|
-
-
|
|
48
|
+
- 4cd5ff0: Add ability to configure the Node.js HTTP Server when configuring the root HTTP Router service
|
|
49
|
+
- e8199b1: Move the JWKS registration outside of the lifecycle middleware
|
|
50
|
+
- dc8c5dd: The default `TokenManager` implementation no longer requires keys to be configured in production, but it will throw an errors when generating or authenticating tokens. The default `AuthService` implementation will now also provide additional context if such an error is throw when falling back to using the `TokenManager` service to generate tokens for outgoing requests.
|
|
51
|
+
- 025641b: Redact `meta` fields too with the logger
|
|
52
|
+
- 5863e02: Internal refactor to only create one external token handler
|
|
53
|
+
- Updated dependencies
|
|
54
|
+
- @backstage/plugin-auth-node@0.4.13-next.0
|
|
55
|
+
- @backstage/backend-common@0.21.8-next.0
|
|
56
|
+
- @backstage/backend-plugin-api@0.6.18-next.0
|
|
57
|
+
- @backstage/backend-tasks@0.5.23-next.0
|
|
58
|
+
- @backstage/cli-common@0.1.13
|
|
59
|
+
- @backstage/cli-node@0.2.5
|
|
60
|
+
- @backstage/config@1.2.0
|
|
61
|
+
- @backstage/config-loader@1.8.0
|
|
62
|
+
- @backstage/errors@1.2.4
|
|
63
|
+
- @backstage/types@1.1.1
|
|
64
|
+
- @backstage/plugin-permission-node@0.7.29-next.0
|
|
14
65
|
|
|
15
66
|
## 0.7.0
|
|
16
67
|
|
package/alpha/package.json
CHANGED
package/dist/index.cjs.js
CHANGED
|
@@ -15,6 +15,7 @@ var cors = require('cors');
|
|
|
15
15
|
var helmet = require('helmet');
|
|
16
16
|
var morgan = require('morgan');
|
|
17
17
|
var compression = require('compression');
|
|
18
|
+
var kebabCase = require('lodash/kebabCase');
|
|
18
19
|
var minimatch = require('minimatch');
|
|
19
20
|
var errors = require('@backstage/errors');
|
|
20
21
|
var crypto = require('crypto');
|
|
@@ -22,14 +23,14 @@ var winston = require('winston');
|
|
|
22
23
|
var backendPluginApi = require('@backstage/backend-plugin-api');
|
|
23
24
|
var alpha = require('@backstage/backend-plugin-api/alpha');
|
|
24
25
|
var luxon = require('luxon');
|
|
25
|
-
var backendCommon = require('@backstage/backend-common');
|
|
26
26
|
var jose = require('jose');
|
|
27
27
|
var uuid = require('uuid');
|
|
28
28
|
var pluginAuthNode = require('@backstage/plugin-auth-node');
|
|
29
|
+
var types = require('@backstage/types');
|
|
30
|
+
var backendCommon = require('@backstage/backend-common');
|
|
29
31
|
var backendAppApi = require('@backstage/backend-app-api');
|
|
30
32
|
var cookie = require('cookie');
|
|
31
33
|
var Router = require('express-promise-router');
|
|
32
|
-
var types = require('@backstage/types');
|
|
33
34
|
var pathToRegexp = require('path-to-regexp');
|
|
34
35
|
var pluginPermissionNode = require('@backstage/plugin-permission-node');
|
|
35
36
|
var express = require('express');
|
|
@@ -66,6 +67,7 @@ var cors__default = /*#__PURE__*/_interopDefaultCompat(cors);
|
|
|
66
67
|
var helmet__default = /*#__PURE__*/_interopDefaultCompat(helmet);
|
|
67
68
|
var morgan__default = /*#__PURE__*/_interopDefaultCompat(morgan);
|
|
68
69
|
var compression__default = /*#__PURE__*/_interopDefaultCompat(compression);
|
|
70
|
+
var kebabCase__default = /*#__PURE__*/_interopDefaultCompat(kebabCase);
|
|
69
71
|
var Router__default = /*#__PURE__*/_interopDefaultCompat(Router);
|
|
70
72
|
var express__default = /*#__PURE__*/_interopDefaultCompat(express);
|
|
71
73
|
var trimEnd__default = /*#__PURE__*/_interopDefaultCompat(trimEnd);
|
|
@@ -536,10 +538,11 @@ function applyCspDirectives(directives) {
|
|
|
536
538
|
delete result["form-action"];
|
|
537
539
|
if (directives) {
|
|
538
540
|
for (const [key, value] of Object.entries(directives)) {
|
|
541
|
+
const kebabCaseKey = kebabCase__default.default(key);
|
|
539
542
|
if (value === false) {
|
|
540
|
-
delete result[
|
|
543
|
+
delete result[kebabCaseKey];
|
|
541
544
|
} else {
|
|
542
|
-
result[
|
|
545
|
+
result[kebabCaseKey] = value;
|
|
543
546
|
}
|
|
544
547
|
}
|
|
545
548
|
}
|
|
@@ -618,7 +621,7 @@ var __accessCheck$e = (obj, member, msg) => {
|
|
|
618
621
|
};
|
|
619
622
|
var __privateGet$c = (obj, member, getter) => {
|
|
620
623
|
__accessCheck$e(obj, member, "read from private field");
|
|
621
|
-
return
|
|
624
|
+
return member.get(obj);
|
|
622
625
|
};
|
|
623
626
|
var __privateAdd$e = (obj, member, value) => {
|
|
624
627
|
if (member.has(obj))
|
|
@@ -627,7 +630,7 @@ var __privateAdd$e = (obj, member, value) => {
|
|
|
627
630
|
};
|
|
628
631
|
var __privateSet$a = (obj, member, value, setter) => {
|
|
629
632
|
__accessCheck$e(obj, member, "write to private field");
|
|
630
|
-
|
|
633
|
+
member.set(obj, value);
|
|
631
634
|
return value;
|
|
632
635
|
};
|
|
633
636
|
var _config, _logger;
|
|
@@ -811,7 +814,7 @@ var __accessCheck$d = (obj, member, msg) => {
|
|
|
811
814
|
};
|
|
812
815
|
var __privateGet$b = (obj, member, getter) => {
|
|
813
816
|
__accessCheck$d(obj, member, "read from private field");
|
|
814
|
-
return
|
|
817
|
+
return member.get(obj);
|
|
815
818
|
};
|
|
816
819
|
var __privateAdd$d = (obj, member, value) => {
|
|
817
820
|
if (member.has(obj))
|
|
@@ -820,7 +823,7 @@ var __privateAdd$d = (obj, member, value) => {
|
|
|
820
823
|
};
|
|
821
824
|
var __privateSet$9 = (obj, member, value, setter) => {
|
|
822
825
|
__accessCheck$d(obj, member, "write to private field");
|
|
823
|
-
|
|
826
|
+
member.set(obj, value);
|
|
824
827
|
return value;
|
|
825
828
|
};
|
|
826
829
|
var _winston, _addRedactions;
|
|
@@ -948,7 +951,7 @@ var __accessCheck$c = (obj, member, msg) => {
|
|
|
948
951
|
};
|
|
949
952
|
var __privateGet$a = (obj, member, getter) => {
|
|
950
953
|
__accessCheck$c(obj, member, "read from private field");
|
|
951
|
-
return
|
|
954
|
+
return member.get(obj);
|
|
952
955
|
};
|
|
953
956
|
var __privateAdd$c = (obj, member, value) => {
|
|
954
957
|
if (member.has(obj))
|
|
@@ -957,7 +960,7 @@ var __privateAdd$c = (obj, member, value) => {
|
|
|
957
960
|
};
|
|
958
961
|
var __privateSet$8 = (obj, member, value, setter) => {
|
|
959
962
|
__accessCheck$c(obj, member, "write to private field");
|
|
960
|
-
|
|
963
|
+
member.set(obj, value);
|
|
961
964
|
return value;
|
|
962
965
|
};
|
|
963
966
|
var _hasStarted$1, _startupTasks$1, _hasShutdown, _shutdownTasks;
|
|
@@ -1042,7 +1045,7 @@ var __accessCheck$b = (obj, member, msg) => {
|
|
|
1042
1045
|
};
|
|
1043
1046
|
var __privateGet$9 = (obj, member, getter) => {
|
|
1044
1047
|
__accessCheck$b(obj, member, "read from private field");
|
|
1045
|
-
return
|
|
1048
|
+
return member.get(obj);
|
|
1046
1049
|
};
|
|
1047
1050
|
var __privateAdd$b = (obj, member, value) => {
|
|
1048
1051
|
if (member.has(obj))
|
|
@@ -1051,7 +1054,7 @@ var __privateAdd$b = (obj, member, value) => {
|
|
|
1051
1054
|
};
|
|
1052
1055
|
var __privateSet$7 = (obj, member, value, setter) => {
|
|
1053
1056
|
__accessCheck$b(obj, member, "write to private field");
|
|
1054
|
-
|
|
1057
|
+
member.set(obj, value);
|
|
1055
1058
|
return value;
|
|
1056
1059
|
};
|
|
1057
1060
|
var _hasStarted, _startupTasks;
|
|
@@ -1122,7 +1125,7 @@ var __accessCheck$a = (obj, member, msg) => {
|
|
|
1122
1125
|
};
|
|
1123
1126
|
var __privateGet$8 = (obj, member, getter) => {
|
|
1124
1127
|
__accessCheck$a(obj, member, "read from private field");
|
|
1125
|
-
return
|
|
1128
|
+
return member.get(obj);
|
|
1126
1129
|
};
|
|
1127
1130
|
var __privateAdd$a = (obj, member, value) => {
|
|
1128
1131
|
if (member.has(obj))
|
|
@@ -1131,7 +1134,7 @@ var __privateAdd$a = (obj, member, value) => {
|
|
|
1131
1134
|
};
|
|
1132
1135
|
var __privateSet$6 = (obj, member, value, setter) => {
|
|
1133
1136
|
__accessCheck$a(obj, member, "write to private field");
|
|
1134
|
-
|
|
1137
|
+
member.set(obj, value);
|
|
1135
1138
|
return value;
|
|
1136
1139
|
};
|
|
1137
1140
|
var __privateMethod$7 = (obj, member, method) => {
|
|
@@ -1331,7 +1334,7 @@ var __accessCheck$9 = (obj, member, msg) => {
|
|
|
1331
1334
|
};
|
|
1332
1335
|
var __privateGet$7 = (obj, member, getter) => {
|
|
1333
1336
|
__accessCheck$9(obj, member, "read from private field");
|
|
1334
|
-
return
|
|
1337
|
+
return member.get(obj);
|
|
1335
1338
|
};
|
|
1336
1339
|
var __privateAdd$9 = (obj, member, value) => {
|
|
1337
1340
|
if (member.has(obj))
|
|
@@ -1340,7 +1343,7 @@ var __privateAdd$9 = (obj, member, value) => {
|
|
|
1340
1343
|
};
|
|
1341
1344
|
var __privateSet$5 = (obj, member, value, setter) => {
|
|
1342
1345
|
__accessCheck$9(obj, member, "write to private field");
|
|
1343
|
-
|
|
1346
|
+
member.set(obj, value);
|
|
1344
1347
|
return value;
|
|
1345
1348
|
};
|
|
1346
1349
|
var __privateMethod$6 = (obj, member, method) => {
|
|
@@ -1564,13 +1567,59 @@ checkForMissingDeps_fn = function(factory, pluginId) {
|
|
|
1564
1567
|
};
|
|
1565
1568
|
let ServiceRegistry = _ServiceRegistry;
|
|
1566
1569
|
|
|
1570
|
+
const LOGGER_INTERVAL_MAX = 6e4;
|
|
1571
|
+
function joinIds(ids) {
|
|
1572
|
+
return [...ids].map((id) => `'${id}'`).join(", ");
|
|
1573
|
+
}
|
|
1574
|
+
function createInitializationLogger(pluginIds, rootLogger) {
|
|
1575
|
+
const logger = rootLogger == null ? void 0 : rootLogger.child({ type: "initialization" });
|
|
1576
|
+
const starting = new Set(pluginIds);
|
|
1577
|
+
const started = /* @__PURE__ */ new Set();
|
|
1578
|
+
logger == null ? void 0 : logger.info(`Plugin initialization started: ${joinIds(pluginIds)}`);
|
|
1579
|
+
const getInitStatus = () => {
|
|
1580
|
+
let status = "";
|
|
1581
|
+
if (started.size > 0) {
|
|
1582
|
+
status = `, newly initialized: ${joinIds(started)}`;
|
|
1583
|
+
started.clear();
|
|
1584
|
+
}
|
|
1585
|
+
if (starting.size > 0) {
|
|
1586
|
+
status += `, still initializing: ${joinIds(starting)}`;
|
|
1587
|
+
}
|
|
1588
|
+
return status;
|
|
1589
|
+
};
|
|
1590
|
+
let interval = 1e3;
|
|
1591
|
+
let prevInterval = 0;
|
|
1592
|
+
let timeout;
|
|
1593
|
+
const onTimeout = () => {
|
|
1594
|
+
logger == null ? void 0 : logger.info(`Plugin initialization in progress${getInitStatus()}`);
|
|
1595
|
+
const nextInterval = Math.min(interval + prevInterval, LOGGER_INTERVAL_MAX);
|
|
1596
|
+
prevInterval = interval;
|
|
1597
|
+
interval = nextInterval;
|
|
1598
|
+
timeout = setTimeout(onTimeout, nextInterval);
|
|
1599
|
+
};
|
|
1600
|
+
timeout = setTimeout(onTimeout, interval);
|
|
1601
|
+
return {
|
|
1602
|
+
onPluginStarted(pluginId) {
|
|
1603
|
+
starting.delete(pluginId);
|
|
1604
|
+
started.add(pluginId);
|
|
1605
|
+
},
|
|
1606
|
+
onAllStarted() {
|
|
1607
|
+
logger == null ? void 0 : logger.info(`Plugin initialization complete${getInitStatus()}`);
|
|
1608
|
+
if (timeout) {
|
|
1609
|
+
clearTimeout(timeout);
|
|
1610
|
+
timeout = void 0;
|
|
1611
|
+
}
|
|
1612
|
+
}
|
|
1613
|
+
};
|
|
1614
|
+
}
|
|
1615
|
+
|
|
1567
1616
|
var __accessCheck$8 = (obj, member, msg) => {
|
|
1568
1617
|
if (!member.has(obj))
|
|
1569
1618
|
throw TypeError("Cannot " + msg);
|
|
1570
1619
|
};
|
|
1571
1620
|
var __privateGet$6 = (obj, member, getter) => {
|
|
1572
1621
|
__accessCheck$8(obj, member, "read from private field");
|
|
1573
|
-
return
|
|
1622
|
+
return member.get(obj);
|
|
1574
1623
|
};
|
|
1575
1624
|
var __privateAdd$8 = (obj, member, value) => {
|
|
1576
1625
|
if (member.has(obj))
|
|
@@ -1579,7 +1628,7 @@ var __privateAdd$8 = (obj, member, value) => {
|
|
|
1579
1628
|
};
|
|
1580
1629
|
var __privateSet$4 = (obj, member, value, setter) => {
|
|
1581
1630
|
__accessCheck$8(obj, member, "write to private field");
|
|
1582
|
-
|
|
1631
|
+
member.set(obj, value);
|
|
1583
1632
|
return value;
|
|
1584
1633
|
};
|
|
1585
1634
|
var __privateMethod$5 = (obj, member, method) => {
|
|
@@ -1768,6 +1817,10 @@ doStart_fn = async function() {
|
|
|
1768
1817
|
}
|
|
1769
1818
|
}
|
|
1770
1819
|
const allPluginIds = [...pluginInits.keys()];
|
|
1820
|
+
const initLogger = createInitializationLogger(
|
|
1821
|
+
allPluginIds,
|
|
1822
|
+
await __privateGet$6(this, _serviceRegistry).get(backendPluginApi.coreServices.rootLogger, "root")
|
|
1823
|
+
);
|
|
1771
1824
|
await Promise.all(
|
|
1772
1825
|
allPluginIds.map(async (pluginId) => {
|
|
1773
1826
|
await __privateGet$6(this, _serviceRegistry).initializeEagerServicesWithScope(
|
|
@@ -1814,12 +1867,14 @@ doStart_fn = async function() {
|
|
|
1814
1867
|
);
|
|
1815
1868
|
});
|
|
1816
1869
|
}
|
|
1870
|
+
initLogger.onPluginStarted(pluginId);
|
|
1817
1871
|
const lifecycleService2 = await __privateMethod$5(this, _getPluginLifecycleImpl, getPluginLifecycleImpl_fn).call(this, pluginId);
|
|
1818
1872
|
await lifecycleService2.startup();
|
|
1819
1873
|
})
|
|
1820
1874
|
);
|
|
1821
1875
|
const lifecycleService = await __privateMethod$5(this, _getRootLifecycleImpl, getRootLifecycleImpl_fn).call(this);
|
|
1822
1876
|
await lifecycleService.startup();
|
|
1877
|
+
initLogger.onAllStarted();
|
|
1823
1878
|
if (process.env.NODE_ENV !== "test") {
|
|
1824
1879
|
const rootLogger = await __privateGet$6(this, _serviceRegistry).get(
|
|
1825
1880
|
backendPluginApi.coreServices.rootLogger,
|
|
@@ -1870,7 +1925,7 @@ var __accessCheck$7 = (obj, member, msg) => {
|
|
|
1870
1925
|
};
|
|
1871
1926
|
var __privateGet$5 = (obj, member, getter) => {
|
|
1872
1927
|
__accessCheck$7(obj, member, "read from private field");
|
|
1873
|
-
return
|
|
1928
|
+
return member.get(obj);
|
|
1874
1929
|
};
|
|
1875
1930
|
var __privateAdd$7 = (obj, member, value) => {
|
|
1876
1931
|
if (member.has(obj))
|
|
@@ -1879,7 +1934,7 @@ var __privateAdd$7 = (obj, member, value) => {
|
|
|
1879
1934
|
};
|
|
1880
1935
|
var __privateSet$3 = (obj, member, value, setter) => {
|
|
1881
1936
|
__accessCheck$7(obj, member, "write to private field");
|
|
1882
|
-
|
|
1937
|
+
member.set(obj, value);
|
|
1883
1938
|
return value;
|
|
1884
1939
|
};
|
|
1885
1940
|
var _initializer;
|
|
@@ -1948,7 +2003,7 @@ function createSpecializedBackend(options) {
|
|
|
1948
2003
|
const MIGRATIONS_TABLE = "backstage_backend_public_keys__knex_migrations";
|
|
1949
2004
|
const TABLE = "backstage_backend_public_keys__keys";
|
|
1950
2005
|
function applyDatabaseMigrations(knex) {
|
|
1951
|
-
const migrationsDir =
|
|
2006
|
+
const migrationsDir = backendPluginApi.resolvePackagePath(
|
|
1952
2007
|
"@backstage/backend-app-api",
|
|
1953
2008
|
"migrations"
|
|
1954
2009
|
);
|
|
@@ -2147,7 +2202,12 @@ class DefaultAuthService {
|
|
|
2147
2202
|
targetPluginId
|
|
2148
2203
|
});
|
|
2149
2204
|
}
|
|
2150
|
-
return this.tokenManager.getToken()
|
|
2205
|
+
return this.tokenManager.getToken().catch((error) => {
|
|
2206
|
+
throw new errors.ForwardedError(
|
|
2207
|
+
`Unable to generate legacy token for communication with the '${targetPluginId}' plugin. You will typically encounter this error when attempting to call a plugin that does not exist, or is deployed with an old version of Backstage`,
|
|
2208
|
+
error
|
|
2209
|
+
);
|
|
2210
|
+
});
|
|
2151
2211
|
case "user": {
|
|
2152
2212
|
const { token } = internalForward;
|
|
2153
2213
|
if (!token) {
|
|
@@ -2205,7 +2265,7 @@ var __accessCheck$5 = (obj, member, msg) => {
|
|
|
2205
2265
|
};
|
|
2206
2266
|
var __privateGet$4 = (obj, member, getter) => {
|
|
2207
2267
|
__accessCheck$5(obj, member, "read from private field");
|
|
2208
|
-
return
|
|
2268
|
+
return member.get(obj);
|
|
2209
2269
|
};
|
|
2210
2270
|
var __privateAdd$5 = (obj, member, value) => {
|
|
2211
2271
|
if (member.has(obj))
|
|
@@ -2214,7 +2274,7 @@ var __privateAdd$5 = (obj, member, value) => {
|
|
|
2214
2274
|
};
|
|
2215
2275
|
var __privateSet$2 = (obj, member, value, setter) => {
|
|
2216
2276
|
__accessCheck$5(obj, member, "write to private field");
|
|
2217
|
-
|
|
2277
|
+
member.set(obj, value);
|
|
2218
2278
|
return value;
|
|
2219
2279
|
};
|
|
2220
2280
|
var _keyStore, _keyStoreUpdated;
|
|
@@ -2292,7 +2352,7 @@ class PluginTokenHandler {
|
|
|
2292
2352
|
options.logger,
|
|
2293
2353
|
options.ownPluginId,
|
|
2294
2354
|
options.publicKeyStore,
|
|
2295
|
-
options.
|
|
2355
|
+
Math.round(types.durationToMilliseconds(options.keyDuration) / 1e3),
|
|
2296
2356
|
(_a = options.algorithm) != null ? _a : "ES256",
|
|
2297
2357
|
options.discovery
|
|
2298
2358
|
);
|
|
@@ -2462,18 +2522,16 @@ var __privateMethod$3 = (obj, member, method) => {
|
|
|
2462
2522
|
};
|
|
2463
2523
|
var _getTokenVerificationOptions, getTokenVerificationOptions_fn;
|
|
2464
2524
|
const _UserTokenHandler = class _UserTokenHandler {
|
|
2465
|
-
constructor(
|
|
2466
|
-
this.algorithms = algorithms;
|
|
2525
|
+
constructor(jwksClient) {
|
|
2467
2526
|
this.jwksClient = jwksClient;
|
|
2468
2527
|
__privateAdd$4(this, _getTokenVerificationOptions);
|
|
2469
2528
|
}
|
|
2470
2529
|
static create(options) {
|
|
2471
|
-
const algorithms = ["ES256"];
|
|
2472
2530
|
const jwksClient = new JwksClient(async () => {
|
|
2473
2531
|
const url = await options.discovery.getBaseUrl("auth");
|
|
2474
2532
|
return new URL(`${url}/.well-known/jwks.json`);
|
|
2475
2533
|
});
|
|
2476
|
-
return new _UserTokenHandler(
|
|
2534
|
+
return new _UserTokenHandler(jwksClient);
|
|
2477
2535
|
}
|
|
2478
2536
|
async verifyToken(token) {
|
|
2479
2537
|
const verifyOpts = __privateMethod$3(this, _getTokenVerificationOptions, getTokenVerificationOptions_fn).call(this, token);
|
|
@@ -2546,14 +2604,12 @@ getTokenVerificationOptions_fn = function(token) {
|
|
|
2546
2604
|
const { typ } = jose.decodeProtectedHeader(token);
|
|
2547
2605
|
if (typ === pluginAuthNode.tokenTypes.user.typParam) {
|
|
2548
2606
|
return {
|
|
2549
|
-
algorithms: this.algorithms,
|
|
2550
2607
|
requiredClaims: ["iat", "exp", "sub"],
|
|
2551
2608
|
typ: pluginAuthNode.tokenTypes.user.typParam
|
|
2552
2609
|
};
|
|
2553
2610
|
}
|
|
2554
2611
|
if (typ === pluginAuthNode.tokenTypes.limitedUser.typParam) {
|
|
2555
2612
|
return {
|
|
2556
|
-
algorithms: this.algorithms,
|
|
2557
2613
|
requiredClaims: ["iat", "exp", "sub"],
|
|
2558
2614
|
typ: pluginAuthNode.tokenTypes.limitedUser.typParam
|
|
2559
2615
|
};
|
|
@@ -2561,7 +2617,6 @@ getTokenVerificationOptions_fn = function(token) {
|
|
|
2561
2617
|
const { aud } = jose.decodeJwt(token);
|
|
2562
2618
|
if (aud === pluginAuthNode.tokenTypes.user.audClaim) {
|
|
2563
2619
|
return {
|
|
2564
|
-
algorithms: this.algorithms,
|
|
2565
2620
|
audience: pluginAuthNode.tokenTypes.user.audClaim
|
|
2566
2621
|
};
|
|
2567
2622
|
}
|
|
@@ -2577,7 +2632,7 @@ var __accessCheck$3 = (obj, member, msg) => {
|
|
|
2577
2632
|
};
|
|
2578
2633
|
var __privateGet$3 = (obj, member, getter) => {
|
|
2579
2634
|
__accessCheck$3(obj, member, "read from private field");
|
|
2580
|
-
return
|
|
2635
|
+
return member.get(obj);
|
|
2581
2636
|
};
|
|
2582
2637
|
var __privateAdd$3 = (obj, member, value) => {
|
|
2583
2638
|
if (member.has(obj))
|
|
@@ -2651,7 +2706,7 @@ var __accessCheck$2 = (obj, member, msg) => {
|
|
|
2651
2706
|
};
|
|
2652
2707
|
var __privateGet$2 = (obj, member, getter) => {
|
|
2653
2708
|
__accessCheck$2(obj, member, "read from private field");
|
|
2654
|
-
return
|
|
2709
|
+
return member.get(obj);
|
|
2655
2710
|
};
|
|
2656
2711
|
var __privateAdd$2 = (obj, member, value) => {
|
|
2657
2712
|
if (member.has(obj))
|
|
@@ -2753,7 +2808,16 @@ const authServiceFactory = backendPluginApi.createServiceFactory({
|
|
|
2753
2808
|
// new auth services in the new backend system.
|
|
2754
2809
|
tokenManager: backendPluginApi.coreServices.tokenManager
|
|
2755
2810
|
},
|
|
2756
|
-
async
|
|
2811
|
+
async createRootContext({ config, logger }) {
|
|
2812
|
+
const externalTokens = ExternalTokenHandler.create({
|
|
2813
|
+
config,
|
|
2814
|
+
logger
|
|
2815
|
+
});
|
|
2816
|
+
return {
|
|
2817
|
+
externalTokens
|
|
2818
|
+
};
|
|
2819
|
+
},
|
|
2820
|
+
async factory({ config, discovery, plugin, tokenManager, logger, database }, { externalTokens }) {
|
|
2757
2821
|
const disableDefaultAuthPolicy = Boolean(
|
|
2758
2822
|
config.getOptionalBoolean(
|
|
2759
2823
|
"backend.auth.dangerouslyDisableDefaultAuthPolicy"
|
|
@@ -2768,15 +2832,11 @@ const authServiceFactory = backendPluginApi.createServiceFactory({
|
|
|
2768
2832
|
});
|
|
2769
2833
|
const pluginTokens = PluginTokenHandler.create({
|
|
2770
2834
|
ownPluginId: plugin.getId(),
|
|
2771
|
-
|
|
2835
|
+
keyDuration: { hours: 1 },
|
|
2772
2836
|
logger,
|
|
2773
2837
|
publicKeyStore,
|
|
2774
2838
|
discovery
|
|
2775
2839
|
});
|
|
2776
|
-
const externalTokens = ExternalTokenHandler.create({
|
|
2777
|
-
config,
|
|
2778
|
-
logger
|
|
2779
|
-
});
|
|
2780
2840
|
return new DefaultAuthService(
|
|
2781
2841
|
userTokens,
|
|
2782
2842
|
pluginTokens,
|
|
@@ -2940,7 +3000,7 @@ var __accessCheck$1 = (obj, member, msg) => {
|
|
|
2940
3000
|
};
|
|
2941
3001
|
var __privateGet$1 = (obj, member, getter) => {
|
|
2942
3002
|
__accessCheck$1(obj, member, "read from private field");
|
|
2943
|
-
return
|
|
3003
|
+
return member.get(obj);
|
|
2944
3004
|
};
|
|
2945
3005
|
var __privateAdd$1 = (obj, member, value) => {
|
|
2946
3006
|
if (member.has(obj))
|
|
@@ -2949,7 +3009,7 @@ var __privateAdd$1 = (obj, member, value) => {
|
|
|
2949
3009
|
};
|
|
2950
3010
|
var __privateSet$1 = (obj, member, value, setter) => {
|
|
2951
3011
|
__accessCheck$1(obj, member, "write to private field");
|
|
2952
|
-
|
|
3012
|
+
member.set(obj, value);
|
|
2953
3013
|
return value;
|
|
2954
3014
|
};
|
|
2955
3015
|
var __privateMethod$1 = (obj, member, method) => {
|
|
@@ -3381,7 +3441,7 @@ var __accessCheck = (obj, member, msg) => {
|
|
|
3381
3441
|
};
|
|
3382
3442
|
var __privateGet = (obj, member, getter) => {
|
|
3383
3443
|
__accessCheck(obj, member, "read from private field");
|
|
3384
|
-
return
|
|
3444
|
+
return member.get(obj);
|
|
3385
3445
|
};
|
|
3386
3446
|
var __privateAdd = (obj, member, value) => {
|
|
3387
3447
|
if (member.has(obj))
|
|
@@ -3390,7 +3450,7 @@ var __privateAdd = (obj, member, value) => {
|
|
|
3390
3450
|
};
|
|
3391
3451
|
var __privateSet = (obj, member, value, setter) => {
|
|
3392
3452
|
__accessCheck(obj, member, "write to private field");
|
|
3393
|
-
|
|
3453
|
+
member.set(obj, value);
|
|
3394
3454
|
return value;
|
|
3395
3455
|
};
|
|
3396
3456
|
var __privateMethod = (obj, member, method) => {
|
|
@@ -3472,15 +3532,8 @@ findConflictingPath_fn = function(newPath) {
|
|
|
3472
3532
|
};
|
|
3473
3533
|
let DefaultRootHttpRouter = _DefaultRootHttpRouter;
|
|
3474
3534
|
|
|
3475
|
-
function defaultConfigure(
|
|
3476
|
-
|
|
3477
|
-
app.use(middleware.helmet());
|
|
3478
|
-
app.use(middleware.cors());
|
|
3479
|
-
app.use(middleware.compression());
|
|
3480
|
-
app.use(middleware.logging());
|
|
3481
|
-
app.use(routes);
|
|
3482
|
-
app.use(middleware.notFound());
|
|
3483
|
-
app.use(middleware.error());
|
|
3535
|
+
function defaultConfigure({ applyDefaults }) {
|
|
3536
|
+
applyDefaults();
|
|
3484
3537
|
}
|
|
3485
3538
|
const rootHttpRouterServiceFactory = backendPluginApi.createServiceFactory(
|
|
3486
3539
|
(options) => ({
|
|
@@ -3496,19 +3549,30 @@ const rootHttpRouterServiceFactory = backendPluginApi.createServiceFactory(
|
|
|
3496
3549
|
const app = express__default.default();
|
|
3497
3550
|
const router = DefaultRootHttpRouter.create({ indexPath });
|
|
3498
3551
|
const middleware = MiddlewareFactory.create({ config, logger });
|
|
3552
|
+
const routes = router.handler();
|
|
3553
|
+
const server = await createHttpServer(
|
|
3554
|
+
app,
|
|
3555
|
+
readHttpServerOptions(config.getOptionalConfig("backend")),
|
|
3556
|
+
{ logger }
|
|
3557
|
+
);
|
|
3499
3558
|
configure({
|
|
3500
3559
|
app,
|
|
3501
|
-
|
|
3560
|
+
server,
|
|
3561
|
+
routes,
|
|
3502
3562
|
middleware,
|
|
3503
3563
|
config,
|
|
3504
3564
|
logger,
|
|
3505
|
-
lifecycle
|
|
3565
|
+
lifecycle,
|
|
3566
|
+
applyDefaults() {
|
|
3567
|
+
app.use(middleware.helmet());
|
|
3568
|
+
app.use(middleware.cors());
|
|
3569
|
+
app.use(middleware.compression());
|
|
3570
|
+
app.use(middleware.logging());
|
|
3571
|
+
app.use(routes);
|
|
3572
|
+
app.use(middleware.notFound());
|
|
3573
|
+
app.use(middleware.error());
|
|
3574
|
+
}
|
|
3506
3575
|
});
|
|
3507
|
-
const server = await createHttpServer(
|
|
3508
|
-
app,
|
|
3509
|
-
readHttpServerOptions(config.getOptionalConfig("backend")),
|
|
3510
|
-
{ logger }
|
|
3511
|
-
);
|
|
3512
3576
|
lifecycle.addShutdownHook(() => server.stop());
|
|
3513
3577
|
await server.start();
|
|
3514
3578
|
return router;
|
|
@@ -3562,7 +3626,8 @@ const tokenManagerServiceFactory = backendPluginApi.createServiceFactory({
|
|
|
3562
3626
|
},
|
|
3563
3627
|
createRootContext({ config, logger }) {
|
|
3564
3628
|
return backendCommon.ServerTokenManager.fromConfig(config, {
|
|
3565
|
-
logger
|
|
3629
|
+
logger,
|
|
3630
|
+
allowDisabledTokenManager: true
|
|
3566
3631
|
});
|
|
3567
3632
|
},
|
|
3568
3633
|
async factory(_deps, tokenManager) {
|