@backstage/backend-defaults 0.3.0-next.2 → 0.3.0

package/dist/urlReader.d.ts

@@ -1,7 +1,425 @@
+/// <reference types="node" />
 import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
-import * as _backstage_backend_common from '@backstage/backend-common';
+import { UrlReaderService, LoggerService, UrlReaderServiceReadTreeResponse, UrlReaderServiceReadUrlOptions, UrlReaderServiceReadUrlResponse, UrlReaderServiceReadTreeOptions, UrlReaderServiceSearchOptions, UrlReaderServiceSearchResponse } from '@backstage/backend-plugin-api';
+import { AzureIntegration, AzureDevOpsCredentialsProvider, BitbucketCloudIntegration, BitbucketIntegration, BitbucketServerIntegration, GerritIntegration, GithubIntegration, GithubCredentialsProvider, GitLabIntegration, GiteaIntegration, HarnessIntegration, AwsS3Integration } from '@backstage/integration';
+import { Readable } from 'stream';
+import { Config } from '@backstage/config';
+import { AwsCredentialsManager } from '@backstage/integration-aws-node';
 
-/** @public */
-declare const urlReaderServiceFactory: () => _backstage_backend_plugin_api.ServiceFactory<_backstage_backend_common.UrlReader, "plugin">;
+/**
+ * A predicate that decides whether a specific {@link @backstage/backend-plugin-api#UrlReaderService} can handle a
+ * given URL.
+ *
+ * @public
+ */
+type UrlReaderPredicateTuple = {
+    predicate: (url: URL) => boolean;
+    reader: UrlReaderService;
+};
+/**
+ * A factory function that can read config to construct zero or more
+ * {@link @backstage/backend-plugin-api#UrlReaderService}s along with a predicate for when it should be used.
+ *
+ * @public
+ */
+type ReaderFactory = (options: {
+    config: Config;
+    logger: LoggerService;
+    treeResponseFactory: ReadTreeResponseFactory;
+}) => UrlReaderPredicateTuple[];
+/**
+ * An options object for {@link ReadUrlResponseFactory} factory methods.
+ *
+ * @public
+ */
+type ReadUrlResponseFactoryFromStreamOptions = {
+    etag?: string;
+    lastModifiedAt?: Date;
+};
+/**
+ * Options that control execution of {@link ReadTreeResponseFactory} methods.
+ *
+ * @public
+ */
+type ReadTreeResponseFactoryOptions = {
+    stream: Readable;
+    subpath?: string;
+    etag: string;
+    filter?: (path: string, info?: {
+        size: number;
+    }) => boolean;
+};
+/**
+ * Options that control {@link ReadTreeResponseFactory.fromReadableArray}
+ * execution.
+ *
+ * @public
+ */
+type FromReadableArrayOptions = Array<{
+    /**
+     * The raw data itself.
+     */
+    data: Readable;
+    /**
+     * The filepath of the data.
+     */
+    path: string;
+    /**
+     * Last modified date of the file contents.
+     */
+    lastModifiedAt?: Date;
+}>;
+/**
+ * A factory for response factories that handle the unpacking and inspection of
+ * complex responses such as archive data.
+ *
+ * @public
+ */
+interface ReadTreeResponseFactory {
+    fromTarArchive(options: ReadTreeResponseFactoryOptions & {
+        /**
+         * Strip the first parent directory of a tar archive.
+         * Defaults to true.
+         */
+        stripFirstDirectory?: boolean;
+    }): Promise<UrlReaderServiceReadTreeResponse>;
+    fromZipArchive(options: ReadTreeResponseFactoryOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    fromReadableArray(options: FromReadableArrayOptions): Promise<UrlReaderServiceReadTreeResponse>;
+}
 
-export { urlReaderServiceFactory };
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for Azure repos.
+ *
+ * @public
+ */
+declare class AzureUrlReader implements UrlReaderService {
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(integration: AzureIntegration, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+        credentialsProvider: AzureDevOpsCredentialsProvider;
+    });
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(url: string, options?: UrlReaderServiceSearchOptions): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+}
+
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for files from Bitbucket Cloud.
+ *
+ * @public
+ */
+declare class BitbucketCloudUrlReader implements UrlReaderService {
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(integration: BitbucketCloudIntegration, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+    });
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(url: string, options?: UrlReaderServiceSearchOptions): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+    private getLastCommitShortHash;
+}
+
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for files from Bitbucket v1 and v2 APIs, such
+ * as the one exposed by Bitbucket Cloud itself.
+ *
+ * @public
+ * @deprecated in favor of BitbucketCloudUrlReader and BitbucketServerUrlReader
+ */
+declare class BitbucketUrlReader implements UrlReaderService {
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(integration: BitbucketIntegration, logger: LoggerService, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+    });
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(url: string, options?: UrlReaderServiceSearchOptions): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+    private getLastCommitShortHash;
+}
+
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for files from Bitbucket Server APIs.
+ *
+ * @public
+ */
+declare class BitbucketServerUrlReader implements UrlReaderService {
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(integration: BitbucketServerIntegration, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+    });
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(url: string, options?: UrlReaderServiceSearchOptions): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+    private getLastCommitShortHash;
+}
+
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for files in Gerrit.
+ *
+ * @remarks
+ * To be able to link to Git contents for Gerrit providers in a user friendly
+ * way we are depending on that there is a Gitiles installation somewhere
+ * that we can link to. It is perfectly possible to integrate Gerrit with
+ * Backstage without Gitiles since all API calls goes directly to Gerrit.
+ * However if Gitiles is configured, readTree will use it to fetch
+ * an archive instead of cloning the repository.
+ *
+ * The "host" variable in the config is the Gerrit host. The address where
+ * Gitiles is installed may be on the same host but it could be on a
+ * separate host. For example a Gerrit instance could be hosted on
+ * "gerrit-review.company.com" but the repos could be browsable on a separate
+ * host, e.g. "gerrit.company.com" and the human readable URL would then
+ * not point to the API host.
+ *
+ * @public
+ */
+declare class GerritUrlReader implements UrlReaderService {
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(integration: GerritIntegration, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+    });
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+    private readTreeFromGitiles;
+}
+
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for files through the GitHub v3 APIs, such as
+ * the one exposed by GitHub itself.
+ *
+ * @public
+ */
+declare class GithubUrlReader implements UrlReaderService {
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(integration: GithubIntegration, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+        credentialsProvider: GithubCredentialsProvider;
+    });
+    read(url: string): Promise<Buffer>;
+    private getCredentials;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(url: string, options?: UrlReaderServiceSearchOptions): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+    private doReadTree;
+    private doSearch;
+    private getRepoDetails;
+    private getDefaultBranch;
+    private fetchResponse;
+    private fetchJson;
+}
+
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for files on GitLab.
+ *
+ * @public
+ */
+declare class GitlabUrlReader implements UrlReaderService {
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(integration: GitLabIntegration, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+    });
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(url: string, options?: UrlReaderServiceSearchOptions): Promise<UrlReaderServiceSearchResponse>;
+    /**
+     * This function splits the input globPattern string into segments using the  path separator /. It then iterates over
+     * the segments from the end of the array towards the beginning, checking if the concatenated string up to that
+     * segment matches the original globPattern using the minimatch function. If a match is found, it continues iterating.
+     * If no match is found, it returns the concatenated string up to the current segment, which is the static part of the
+     * glob pattern.
+     *
+     * E.g. `catalog/foo/*.yaml` will return `catalog/foo`.
+     *
+     * @param globPattern the glob pattern
+     * @private
+     */
+    private getStaticPart;
+    toString(): string;
+    private getGitlabFetchUrl;
+    private getGitlabArtifactFetchUrl;
+    private resolveProjectToId;
+}
+
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for the Gitea v1 api.
+ *
+ * @public
+ */
+declare class GiteaUrlReader implements UrlReaderService {
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(integration: GiteaIntegration, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+    });
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+    private getLastCommitHash;
+}
+
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for the Harness code v1 api.
+ *
+ *
+ * @public
+ */
+declare class HarnessUrlReader implements UrlReaderService {
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(integration: HarnessIntegration, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+    });
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+    private getLastCommitHash;
+}
+
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for AWS S3 buckets.
+ *
+ * @public
+ */
+declare class AwsS3UrlReader implements UrlReaderService {
+    private readonly credsManager;
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(credsManager: AwsCredentialsManager, integration: AwsS3Integration, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+    });
+    /**
+     * If accessKeyId and secretAccessKey are missing, the standard credentials provider chain will be used:
+     * https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html
+     */
+    private static buildStaticCredentials;
+    private static buildCredentials;
+    private buildS3Client;
+    private retrieveS3ObjectData;
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+}
+
+/**
+ * A {@link @backstage/backend-plugin-api#UrlReaderService} that does a plain fetch of the URL.
+ *
+ * @public
+ */
+declare class FetchUrlReader implements UrlReaderService {
+    /**
+     * The factory creates a single reader that will be used for reading any URL that's listed
+     * in configuration at `backend.reading.allow`. The allow list contains a list of objects describing
+     * targets to allow, containing the following fields:
+     *
+     * `host`:
+     *   Either full hostnames to match, or subdomain wildcard matchers with a leading '*'.
+     *   For example 'example.com' and '*.example.com' are valid values, 'prod.*.example.com' is not.
+     *
+     * `paths`:
+     *   An optional list of paths which are allowed. If the list is omitted all paths are allowed.
+     */
+    static factory: ReaderFactory;
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(): Promise<UrlReaderServiceReadTreeResponse>;
+    search(): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+}
+
+/**
+ * Utility class for UrlReader implementations to create valid ReadUrlResponse
+ * instances from common response primitives.
+ *
+ * @public
+ */
+declare class ReadUrlResponseFactory {
+    /**
+     * Resolves a ReadUrlResponse from a Readable stream.
+     */
+    static fromReadable(stream: Readable, options?: ReadUrlResponseFactoryFromStreamOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    /**
+     * Resolves a ReadUrlResponse from an old-style NodeJS.ReadableStream.
+     */
+    static fromNodeJSReadable(oldStyleStream: NodeJS.ReadableStream, options?: ReadUrlResponseFactoryFromStreamOptions): Promise<UrlReaderServiceReadUrlResponse>;
+}
+
+/**
+ * Creation options for {@link @backstage/backend-plugin-api#UrlReaderService}.
+ *
+ * @public
+ */
+type UrlReadersOptions = {
+    /** Root config object */
+    config: Config;
+    /** Logger used by all the readers */
+    logger: LoggerService;
+    /** A list of factories used to construct individual readers that match on URLs */
+    factories?: ReaderFactory[];
+};
+/**
+ * Helps construct {@link @backstage/backend-plugin-api#UrlReaderService}s.
+ *
+ * @public
+ */
+declare class UrlReaders {
+    /**
+     * Creates a custom {@link @backstage/backend-plugin-api#UrlReaderService} wrapper for your own set of factories.
+     */
+    static create(options: UrlReadersOptions): UrlReaderService;
+    /**
+     * Creates a {@link @backstage/backend-plugin-api#UrlReaderService} wrapper that includes all the default factories
+     * from this package.
+     *
+     * Any additional factories passed will be loaded before the default ones.
+     */
+    static default(options: UrlReadersOptions): UrlReaderService;
+}
+
+/**
+ * Reading content from external systems.
+ *
+ * See {@link @backstage/code-plugin-api#UrlReaderService}
+ * and {@link https://backstage.io/docs/backend-system/core-services/url-reader | the service docs}
+ * for more information.
+ *
+ * @public
+ */
+declare const urlReaderServiceFactory: () => _backstage_backend_plugin_api.ServiceFactory<_backstage_backend_plugin_api.UrlReaderService, "plugin">;
+
+export { AwsS3UrlReader, AzureUrlReader, BitbucketCloudUrlReader, BitbucketServerUrlReader, BitbucketUrlReader, FetchUrlReader, type FromReadableArrayOptions, GerritUrlReader, GiteaUrlReader, GithubUrlReader, GitlabUrlReader, HarnessUrlReader, type ReadTreeResponseFactory, type ReadTreeResponseFactoryOptions, ReadUrlResponseFactory, type ReadUrlResponseFactoryFromStreamOptions, type ReaderFactory, type UrlReaderPredicateTuple, UrlReaders, type UrlReadersOptions, urlReaderServiceFactory };

package/dist/userInfo.cjs.js

@@ -0,0 +1,70 @@
+'use strict';
+
+var backendPluginApi = require('@backstage/backend-plugin-api');
+var errors = require('@backstage/errors');
+var jose = require('jose');
+var fetch = require('node-fetch');
+var helpers = require('./cjs/helpers-D2f1CG0o.cjs.js');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+var fetch__default = /*#__PURE__*/_interopDefaultCompat(fetch);
+
+class DefaultUserInfoService {
+  discovery;
+  constructor(options) {
+    this.discovery = options.discovery;
+  }
+  async getUserInfo(credentials) {
+    const internalCredentials = helpers.toInternalBackstageCredentials(credentials);
+    if (internalCredentials.principal.type !== "user") {
+      throw new Error("Only user credentials are supported");
+    }
+    if (!internalCredentials.token) {
+      throw new Error("User credentials is unexpectedly missing token");
+    }
+    const { sub: userEntityRef, ent: tokenEnt } = jose.decodeJwt(
+      internalCredentials.token
+    );
+    if (typeof userEntityRef !== "string") {
+      throw new Error("User entity ref must be a string");
+    }
+    let ownershipEntityRefs = tokenEnt;
+    if (!ownershipEntityRefs) {
+      const userInfoResp = await fetch__default.default(
+        `${await this.discovery.getBaseUrl("auth")}/v1/userinfo`,
+        {
+          headers: {
+            Authorization: `Bearer ${internalCredentials.token}`
+          }
+        }
+      );
+      if (!userInfoResp.ok) {
+        throw await errors.ResponseError.fromResponse(userInfoResp);
+      }
+      const {
+        claims: { ent }
+      } = await userInfoResp.json();
+      ownershipEntityRefs = ent;
+    }
+    if (!ownershipEntityRefs) {
+      throw new Error("Ownership entity refs can not be determined");
+    } else if (!Array.isArray(ownershipEntityRefs) || ownershipEntityRefs.some((ref) => typeof ref !== "string")) {
+      throw new Error("Ownership entity refs must be an array of strings");
+    }
+    return { userEntityRef, ownershipEntityRefs };
+  }
+}
+
+const userInfoServiceFactory = backendPluginApi.createServiceFactory({
+  service: backendPluginApi.coreServices.userInfo,
+  deps: {
+    discovery: backendPluginApi.coreServices.discovery
+  },
+  async factory({ discovery }) {
+    return new DefaultUserInfoService({ discovery });
+  }
+});
+
+exports.userInfoServiceFactory = userInfoServiceFactory;
+//# sourceMappingURL=userInfo.cjs.js.map

package/dist/userInfo.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"userInfo.cjs.js","sources":["../src/entrypoints/userInfo/DefaultUserInfoService.ts","../src/entrypoints/userInfo/userInfoServiceFactory.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  UserInfoService,\n  BackstageUserInfo,\n  DiscoveryService,\n  BackstageCredentials,\n} from '@backstage/backend-plugin-api';\nimport { ResponseError } from '@backstage/errors';\nimport { decodeJwt } from 'jose';\nimport fetch from 'node-fetch';\nimport { toInternalBackstageCredentials } from '../auth/helpers';\n\nexport type Options = {\n  discovery: DiscoveryService;\n};\n\nexport class DefaultUserInfoService implements UserInfoService {\n  private readonly discovery: DiscoveryService;\n\n  constructor(options: Options) {\n    this.discovery = options.discovery;\n  }\n\n  async getUserInfo(\n    credentials: BackstageCredentials,\n  ): Promise<BackstageUserInfo> {\n    const internalCredentials = toInternalBackstageCredentials(credentials);\n    if (internalCredentials.principal.type !== 'user') {\n      throw new Error('Only user credentials are supported');\n    }\n    if (!internalCredentials.token) {\n      throw new Error('User credentials is unexpectedly missing token');\n    }\n    const { sub: userEntityRef, ent: tokenEnt } = decodeJwt(\n      internalCredentials.token,\n    );\n\n    if (typeof userEntityRef !== 'string') {\n      throw new Error('User entity ref must be a string');\n    }\n\n    let ownershipEntityRefs = tokenEnt;\n\n    if (!ownershipEntityRefs) {\n      const userInfoResp = await fetch(\n        `${await this.discovery.getBaseUrl('auth')}/v1/userinfo`,\n        {\n          headers: {\n            Authorization: `Bearer ${internalCredentials.token}`,\n          },\n        },\n      );\n\n      if (!userInfoResp.ok) {\n        throw await ResponseError.fromResponse(userInfoResp);\n      }\n\n      const {\n        claims: { ent },\n      } = await userInfoResp.json();\n      ownershipEntityRefs = ent;\n    }\n\n    if (!ownershipEntityRefs) {\n      throw new Error('Ownership entity refs can not be determined');\n    } else if (\n      !Array.isArray(ownershipEntityRefs) ||\n      ownershipEntityRefs.some(ref => typeof ref !== 'string')\n    ) {\n      throw new Error('Ownership entity refs must be an array of strings');\n    }\n\n    return { userEntityRef, ownershipEntityRefs };\n  }\n}\n","/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  coreServices,\n  createServiceFactory,\n} from '@backstage/backend-plugin-api';\nimport { DefaultUserInfoService } from './DefaultUserInfoService';\n\n/**\n * Authenticated user information retrieval.\n *\n * See {@link @backstage/code-plugin-api#UserInfoService}\n * and {@link https://backstage.io/docs/backend-system/core-services/user-info | the service docs}\n * for more information.\n *\n * @public\n */\nexport const userInfoServiceFactory = createServiceFactory({\n  service: coreServices.userInfo,\n  deps: {\n    discovery: coreServices.discovery,\n  },\n  async factory({ discovery }) {\n    return new DefaultUserInfoService({ discovery });\n  },\n});\n"],"names":["toInternalBackstageCredentials","decodeJwt","fetch","ResponseError","createServiceFactory","coreServices"],"mappings":";;;;;;;;;;;;AA+BO,MAAM,sBAAkD,CAAA;AAAA,EAC5C,SAAA,CAAA;AAAA,EAEjB,YAAY,OAAkB,EAAA;AAC5B,IAAA,IAAA,CAAK,YAAY,OAAQ,CAAA,SAAA,CAAA;AAAA,GAC3B;AAAA,EAEA,MAAM,YACJ,WAC4B,EAAA;AAC5B,IAAM,MAAA,mBAAA,GAAsBA,uCAA+B,WAAW,CAAA,CAAA;AACtE,IAAI,IAAA,mBAAA,CAAoB,SAAU,CAAA,IAAA,KAAS,MAAQ,EAAA;AACjD,MAAM,MAAA,IAAI,MAAM,qCAAqC,CAAA,CAAA;AAAA,KACvD;AACA,IAAI,IAAA,CAAC,oBAAoB,KAAO,EAAA;AAC9B,MAAM,MAAA,IAAI,MAAM,gDAAgD,CAAA,CAAA;AAAA,KAClE;AACA,IAAA,MAAM,EAAE,GAAA,EAAK,aAAe,EAAA,GAAA,EAAK,UAAa,GAAAC,cAAA;AAAA,MAC5C,mBAAoB,CAAA,KAAA;AAAA,KACtB,CAAA;AAEA,IAAI,IAAA,OAAO,kBAAkB,QAAU,EAAA;AACrC,MAAM,MAAA,IAAI,MAAM,kCAAkC,CAAA,CAAA;AAAA,KACpD;AAEA,IAAA,IAAI,mBAAsB,GAAA,QAAA,CAAA;AAE1B,IAAA,IAAI,CAAC,mBAAqB,EAAA;AACxB,MAAA,MAAM,eAAe,MAAMC,sBAAA;AAAA,QACzB,GAAG,MAAM,IAAA,CAAK,SAAU,CAAA,UAAA,CAAW,MAAM,CAAC,CAAA,YAAA,CAAA;AAAA,QAC1C;AAAA,UACE,OAAS,EAAA;AAAA,YACP,aAAA,EAAe,CAAU,OAAA,EAAA,mBAAA,CAAoB,KAAK,CAAA,CAAA;AAAA,WACpD;AAAA,SACF;AAAA,OACF,CAAA;AAEA,MAAI,IAAA,CAAC,aAAa,EAAI,EAAA;AACpB,QAAM,MAAA,MAAMC,oBAAc,CAAA,YAAA,CAAa,YAAY,CAAA,CAAA;AAAA,OACrD;AAEA,MAAM,MAAA;AAAA,QACJ,MAAA,EAAQ,EAAE,GAAI,EAAA;AAAA,OAChB,GAAI,MAAM,YAAA,CAAa,IAAK,EAAA,CAAA;AAC5B,MAAsB,mBAAA,GAAA,GAAA,CAAA;AAAA,KACxB;AAEA,IAAA,IAAI,CAAC,mBAAqB,EAAA;AACxB,MAAM,MAAA,IAAI,MAAM,6CAA6C,CAAA,CAAA;AAAA,KAE7D,MAAA,IAAA,CAAC,KAAM,CAAA,OAAA,CAAQ,mBAAmB,CAAA,IAClC,mBAAoB,CAAA,IAAA,CAAK,CAAO,GAAA,KAAA,OAAO,GAAQ,KAAA,QAAQ,CACvD,EAAA;AACA,MAAM,MAAA,IAAI,MAAM,mDAAmD,CAAA,CAAA;AAAA,KACrE;AAEA,IAAO,OAAA,EAAE,eAAe,mBAAoB,EAAA,CAAA;AAAA,GAC9C;AACF;;AC1DO,MAAM,yBAAyBC,qCAAqB,CAAA;AAAA,EACzD,SAASC,6BAAa,CAAA,QAAA;AAAA,EACtB,IAAM,EAAA;AAAA,IACJ,WAAWA,6BAAa,CAAA,SAAA;AAAA,GAC1B;AAAA,EACA,MAAM,OAAA,CAAQ,EAAE,SAAA,EAAa,EAAA;AAC3B,IAAA,OAAO,IAAI,sBAAA,CAAuB,EAAE,SAAA,EAAW,CAAA,CAAA;AAAA,GACjD;AACF,CAAC;;;;"}

package/dist/userInfo.d.ts

@@ -0,0 +1,14 @@
+import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
+
+/**
+ * Authenticated user information retrieval.
+ *
+ * See {@link @backstage/code-plugin-api#UserInfoService}
+ * and {@link https://backstage.io/docs/backend-system/core-services/user-info | the service docs}
+ * for more information.
+ *
+ * @public
+ */
+declare const userInfoServiceFactory: () => _backstage_backend_plugin_api.ServiceFactory<_backstage_backend_plugin_api.UserInfoService, "plugin">;
+
+export { userInfoServiceFactory };

package/httpAuth/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "@backstage/backend-defaults",
+  "version": "0.3.0",
+  "main": "../dist/httpAuth.cjs.js",
+  "types": "../dist/httpAuth.d.ts"
+}

package/httpRouter/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "@backstage/backend-defaults",
+  "version": "0.3.0",
+  "main": "../dist/httpRouter.cjs.js",
+  "types": "../dist/httpRouter.d.ts"
+}

package/lifecycle/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/backend-defaults",
-  "version": "0.3.0-next.2",
+  "version": "0.3.0",
   "main": "../dist/lifecycle.cjs.js",
   "types": "../dist/lifecycle.d.ts"
 }

package/logger/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "@backstage/backend-defaults",
+  "version": "0.3.0",
+  "main": "../dist/logger.cjs.js",
+  "types": "../dist/logger.d.ts"
+}

package/migrations/auth/20240327104803_public_keys.js

@@ -0,0 +1,50 @@
+/*
+ * Copyright 2024 The Backstage Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// @ts-check
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.up = async function up(knex) {
+  await knex.schema.createTable(
+    'backstage_backend_public_keys__keys',
+    table => {
+      table
+        .string('id')
+        .primary()
+        .notNullable()
+        .comment('The unique ID of a public key');
+
+      table.text('key').notNullable().comment('JSON serialized public key');
+
+      // Expiration is stored as a string for simplicity, all checks are done client-side
+      table
+        .string('expires_at')
+        .notNullable()
+        .comment('The time that the key expires');
+    },
+  );
+};
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.down = async function down(knex) {
+  return knex.schema.dropTable('backstage_backend_public_keys__keys');
+};