@backstage/backend-defaults 0.5.3-next.3 → 0.6.0-next.0

package/dist/httpAuth.d.ts

@@ -1,6 +1,40 @@
 import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
-import { HttpAuthService } from '@backstage/backend-plugin-api';
+import { AuthService, DiscoveryService, HttpAuthService, BackstagePrincipalTypes, BackstageCredentials } from '@backstage/backend-plugin-api';
+import { Request, Response } from 'express';
 
+/**
+ * @public
+ * Options for creating a DefaultHttpAuthService.
+ */
+interface DefaultHttpAuthServiceOptions {
+    auth: AuthService;
+    discovery: DiscoveryService;
+    pluginId: string;
+    /**
+     * Optionally override logic for extracting the token from the request.
+     */
+    getTokenFromRequest?: (req: Request) => {
+        token?: string;
+    };
+}
+/**
+ * @public
+ * DefaultHttpAuthService is the default implementation of the HttpAuthService
+ */
+declare class DefaultHttpAuthService implements HttpAuthService {
+    #private;
+    private constructor();
+    static create(options: DefaultHttpAuthServiceOptions): DefaultHttpAuthService;
+    credentials<TAllowed extends keyof BackstagePrincipalTypes = 'unknown'>(req: Request, options?: {
+        allow?: Array<TAllowed>;
+        allowLimitedAccess?: boolean;
+    }): Promise<BackstageCredentials<BackstagePrincipalTypes[TAllowed]>>;
+    issueUserCookie(res: Response, options?: {
+        credentials?: BackstageCredentials;
+    }): Promise<{
+        expiresAt: Date;
+    }>;
+}
 /**
  * Authentication of HTTP requests.
  *
@@ -12,4 +46,4 @@ import { HttpAuthService } from '@backstage/backend-plugin-api';
  */
 declare const httpAuthServiceFactory: _backstage_backend_plugin_api.ServiceFactory<HttpAuthService, "plugin", "singleton">;
 
-export { httpAuthServiceFactory };
+export { DefaultHttpAuthService, type DefaultHttpAuthServiceOptions, httpAuthServiceFactory };

package/dist/httpRouter.cjs.js

@@ -1,8 +1,16 @@
 'use strict';
 
 var httpRouterServiceFactory = require('./entrypoints/httpRouter/httpRouterServiceFactory.cjs.js');
+var createAuthIntegrationRouter = require('./entrypoints/httpRouter/http/createAuthIntegrationRouter.cjs.js');
+var createCredentialsBarrier = require('./entrypoints/httpRouter/http/createCredentialsBarrier.cjs.js');
+var createLifecycleMiddleware = require('./entrypoints/httpRouter/http/createLifecycleMiddleware.cjs.js');
+var createCookieAuthRefreshMiddleware = require('./entrypoints/httpRouter/http/createCookieAuthRefreshMiddleware.cjs.js');
 
 
 
 exports.httpRouterServiceFactory = httpRouterServiceFactory.httpRouterServiceFactory;
+exports.createAuthIntegrationRouter = createAuthIntegrationRouter.createAuthIntegrationRouter;
+exports.createCredentialsBarrier = createCredentialsBarrier.createCredentialsBarrier;
+exports.createLifecycleMiddleware = createLifecycleMiddleware.createLifecycleMiddleware;
+exports.createCookieAuthRefreshMiddleware = createCookieAuthRefreshMiddleware.createCookieAuthRefreshMiddleware;
 //# sourceMappingURL=httpRouter.cjs.js.map

package/dist/httpRouter.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"httpRouter.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;"}
+{"version":3,"file":"httpRouter.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;"}

package/dist/httpRouter.d.ts

@@ -1,4 +1,9 @@
+/// <reference types="express" />
 import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
+import { AuthService, HttpAuthService, RootConfigService, HttpRouterServiceAuthPolicy, LifecycleService } from '@backstage/backend-plugin-api';
+import * as express from 'express';
+import express__default, { RequestHandler } from 'express';
+import { HumanDuration } from '@backstage/types';
 
 /**
  * HTTP route registration for plugins.
@@ -11,4 +16,60 @@ import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
  */
 declare const httpRouterServiceFactory: _backstage_backend_plugin_api.ServiceFactory<_backstage_backend_plugin_api.HttpRouterService, "plugin", "singleton">;
 
-export { httpRouterServiceFactory };
+/**
+ * @public
+ */
+declare function createAuthIntegrationRouter(options: {
+    auth: AuthService;
+}): express__default.Router;
+
+/**
+ * @public
+ */
+declare function createCredentialsBarrier(options: {
+    httpAuth: HttpAuthService;
+    config: RootConfigService;
+}): {
+    middleware: RequestHandler;
+    addAuthPolicy: (policy: HttpRouterServiceAuthPolicy) => void;
+};
+
+/**
+ * Options for {@link createLifecycleMiddleware}.
+ * @public
+ */
+interface LifecycleMiddlewareOptions {
+    lifecycle: LifecycleService;
+    /**
+     * The maximum time that paused requests will wait for the service to start, before returning an error.
+     *
+     * Defaults to 5 seconds.
+     */
+    startupRequestPauseTimeout?: HumanDuration;
+}
+/**
+ * Creates a middleware that pauses requests until the service has started.
+ *
+ * @remarks
+ *
+ * Requests that arrive before the service has started will be paused until startup is complete.
+ * If the service does not start within the provided timeout, the request will be rejected with a
+ * {@link @backstage/errors#ServiceUnavailableError}.
+ *
+ * If the service is shutting down, all requests will be rejected with a
+ * {@link @backstage/errors#ServiceUnavailableError}.
+ *
+ * @public
+ */
+declare function createLifecycleMiddleware(options: LifecycleMiddlewareOptions): RequestHandler;
+
+/**
+ * @public
+ * Creates a middleware that can be used to refresh the cookie for the user.
+ */
+declare function createCookieAuthRefreshMiddleware(options: {
+    auth: AuthService;
+    httpAuth: HttpAuthService;
+}): express.Router;
+
+export { type LifecycleMiddlewareOptions, createAuthIntegrationRouter, createCookieAuthRefreshMiddleware, createCredentialsBarrier, createLifecycleMiddleware, httpRouterServiceFactory };

package/dist/package.json.cjs.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var name = "@backstage/backend-defaults";
-var version = "0.5.3-next.3";
+var version = "0.6.0-next.0";
 var description = "Backend defaults used by Backstage backend apps";
 var backstage = {
 	role: "node-library"
@@ -122,8 +122,9 @@ var dependencies = {
 	"@aws-sdk/client-s3": "^3.350.0",
 	"@aws-sdk/credential-providers": "^3.350.0",
 	"@aws-sdk/types": "^3.347.0",
+	"@azure/identity": "^4.0.0",
+	"@azure/storage-blob": "^12.5.0",
 	"@backstage/backend-app-api": "workspace:^",
-	"@backstage/backend-common": "^0.25.0",
 	"@backstage/backend-dev-utils": "workspace:^",
 	"@backstage/backend-plugin-api": "workspace:^",
 	"@backstage/cli-common": "workspace:^",
@@ -138,8 +139,8 @@ var dependencies = {
 	"@backstage/plugin-permission-node": "workspace:^",
 	"@backstage/types": "workspace:^",
 	"@google-cloud/storage": "^7.0.0",
-	"@keyv/memcache": "^1.3.5",
-	"@keyv/redis": "^2.5.3",
+	"@keyv/memcache": "^2.0.1",
+	"@keyv/redis": "^4.0.1",
 	"@manypkg/get-packages": "^1.1.3",
 	"@octokit/rest": "^19.0.3",
 	"@opentelemetry/api": "^1.3.0",
@@ -160,14 +161,13 @@ var dependencies = {
 	helmet: "^6.0.0",
 	"isomorphic-git": "^1.23.0",
 	jose: "^5.0.0",
-	keyv: "^4.5.2",
+	keyv: "^5.2.1",
 	knex: "^3.0.0",
 	lodash: "^4.17.21",
 	logform: "^2.3.2",
 	luxon: "^3.0.0",
 	minimatch: "^9.0.0",
 	minimist: "^1.2.5",
-	morgan: "^1.10.0",
 	mysql2: "^3.0.0",
 	"node-fetch": "^2.7.0",
 	"node-forge": "^1.3.1",
@@ -181,7 +181,7 @@ var dependencies = {
 	stoppable: "^1.1.0",
 	tar: "^6.1.12",
 	"triple-beam": "^1.4.1",
-	uuid: "^9.0.0",
+	uuid: "^11.0.0",
 	winston: "^3.2.1",
 	"winston-transport": "^4.5.0",
 	yauzl: "^3.0.0",
@@ -197,7 +197,6 @@ var devDependencies = {
 	"@types/base64-stream": "^1.0.2",
 	"@types/concat-stream": "^2.0.0",
 	"@types/http-errors": "^2.0.0",
-	"@types/morgan": "^1.9.0",
 	"@types/node-forge": "^1.3.0",
 	"@types/pg-format": "^1.0.5",
 	"@types/stoppable": "^1.1.0",
@@ -205,6 +204,7 @@ var devDependencies = {
 	"aws-sdk-client-mock": "^4.0.0",
 	"http-errors": "^2.0.0",
 	msw: "^1.0.0",
+	"node-mocks-http": "^1.0.0",
 	supertest: "^7.0.0",
 	"wait-for-expect": "^3.0.2"
 };

package/dist/urlReader.cjs.js

@@ -10,6 +10,7 @@ var GitlabUrlReader = require('./entrypoints/urlReader/lib/GitlabUrlReader.cjs.j
 var GiteaUrlReader = require('./entrypoints/urlReader/lib/GiteaUrlReader.cjs.js');
 var HarnessUrlReader = require('./entrypoints/urlReader/lib/HarnessUrlReader.cjs.js');
 var AwsS3UrlReader = require('./entrypoints/urlReader/lib/AwsS3UrlReader.cjs.js');
+var AzureBlobStorageUrlReader = require('./entrypoints/urlReader/lib/AzureBlobStorageUrlReader.cjs.js');
 var FetchUrlReader = require('./entrypoints/urlReader/lib/FetchUrlReader.cjs.js');
 var ReadUrlResponseFactory = require('./entrypoints/urlReader/lib/ReadUrlResponseFactory.cjs.js');
 var UrlReaders = require('./entrypoints/urlReader/lib/UrlReaders.cjs.js');
@@ -27,6 +28,7 @@ exports.GitlabUrlReader = GitlabUrlReader.GitlabUrlReader;
 exports.GiteaUrlReader = GiteaUrlReader.GiteaUrlReader;
 exports.HarnessUrlReader = HarnessUrlReader.HarnessUrlReader;
 exports.AwsS3UrlReader = AwsS3UrlReader.AwsS3UrlReader;
+exports.AzureBlobStorageUrlReader = AzureBlobStorageUrlReader.AzureBlobStorageUrlReader;
 exports.FetchUrlReader = FetchUrlReader.FetchUrlReader;
 exports.ReadUrlResponseFactory = ReadUrlResponseFactory.ReadUrlResponseFactory;
 exports.UrlReaders = UrlReaders.UrlReaders;

package/dist/urlReader.cjs.js.map

@@ -1 +1 @@
-{"version":3,"file":"urlReader.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
+{"version":3,"file":"urlReader.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}

package/dist/urlReader.d.ts

@@ -1,7 +1,7 @@
 /// <reference types="node" />
 import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
 import { UrlReaderService, RootConfigService, LoggerService, UrlReaderServiceReadTreeResponse, UrlReaderServiceReadUrlOptions, UrlReaderServiceReadUrlResponse, UrlReaderServiceReadTreeOptions, UrlReaderServiceSearchOptions, UrlReaderServiceSearchResponse } from '@backstage/backend-plugin-api';
-import { AzureIntegration, AzureDevOpsCredentialsProvider, BitbucketCloudIntegration, BitbucketIntegration, BitbucketServerIntegration, GerritIntegration, GithubIntegration, GithubCredentialsProvider, GitLabIntegration, GiteaIntegration, HarnessIntegration, AwsS3Integration } from '@backstage/integration';
+import { AzureIntegration, AzureDevOpsCredentialsProvider, BitbucketCloudIntegration, BitbucketIntegration, BitbucketServerIntegration, GerritIntegration, GithubIntegration, GithubCredentialsProvider, GitLabIntegration, GiteaIntegration, HarnessIntegration, AwsS3Integration, AzureCredentialsManager, AzureBlobStorageIntergation } from '@backstage/integration';
 import { Readable } from 'stream';
 import { AwsCredentialsManager } from '@backstage/integration-aws-node';
 
@@ -334,6 +334,27 @@ declare class AwsS3UrlReader implements UrlReaderService {
     toString(): string;
 }
 
+/**
+ * Implements a {@link @backstage/backend-plugin-api#UrlReaderService} for Azure storage accounts urls.
+ *
+ * @public
+ */
+declare class AzureBlobStorageUrlReader implements UrlReaderService {
+    private readonly credsManager;
+    private readonly integration;
+    private readonly deps;
+    static factory: ReaderFactory;
+    constructor(credsManager: AzureCredentialsManager, integration: AzureBlobStorageIntergation, deps: {
+        treeResponseFactory: ReadTreeResponseFactory;
+    });
+    private createContainerClient;
+    read(url: string): Promise<Buffer>;
+    readUrl(url: string, options?: UrlReaderServiceReadUrlOptions): Promise<UrlReaderServiceReadUrlResponse>;
+    readTree(url: string, options?: UrlReaderServiceReadTreeOptions): Promise<UrlReaderServiceReadTreeResponse>;
+    search(): Promise<UrlReaderServiceSearchResponse>;
+    toString(): string;
+}
+
 /**
  * A {@link @backstage/backend-plugin-api#UrlReaderService} that does a plain fetch of the URL.
  *
@@ -437,4 +458,4 @@ declare const urlReaderFactoriesServiceRef: _backstage_backend_plugin_api.Servic
  */
 declare const urlReaderServiceFactory: _backstage_backend_plugin_api.ServiceFactory<_backstage_backend_plugin_api.UrlReaderService, "plugin", "singleton">;
 
-export { AwsS3UrlReader, AzureUrlReader, BitbucketCloudUrlReader, BitbucketServerUrlReader, BitbucketUrlReader, FetchUrlReader, type FromReadableArrayOptions, GerritUrlReader, GiteaUrlReader, GithubUrlReader, GitlabUrlReader, HarnessUrlReader, type ReadTreeResponseFactory, type ReadTreeResponseFactoryOptions, ReadUrlResponseFactory, type ReadUrlResponseFactoryFromStreamOptions, type ReaderFactory, type UrlReaderPredicateTuple, UrlReaders, type UrlReadersOptions, urlReaderFactoriesServiceRef, urlReaderServiceFactory };
+export { AwsS3UrlReader, AzureBlobStorageUrlReader, AzureUrlReader, BitbucketCloudUrlReader, BitbucketServerUrlReader, BitbucketUrlReader, FetchUrlReader, type FromReadableArrayOptions, GerritUrlReader, GiteaUrlReader, GithubUrlReader, GitlabUrlReader, HarnessUrlReader, type ReadTreeResponseFactory, type ReadTreeResponseFactoryOptions, ReadUrlResponseFactory, type ReadUrlResponseFactoryFromStreamOptions, type ReaderFactory, type UrlReaderPredicateTuple, UrlReaders, type UrlReadersOptions, urlReaderFactoriesServiceRef, urlReaderServiceFactory };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/backend-defaults",
-  "version": "0.5.3-next.3",
+  "version": "0.6.0-next.0",
   "description": "Backend defaults used by Backstage backend apps",
   "backstage": {
     "role": "node-library"
@@ -191,24 +191,25 @@
     "@aws-sdk/client-s3": "^3.350.0",
     "@aws-sdk/credential-providers": "^3.350.0",
     "@aws-sdk/types": "^3.347.0",
-    "@backstage/backend-app-api": "1.0.2-next.2",
-    "@backstage/backend-common": "^0.25.0",
+    "@azure/identity": "^4.0.0",
+    "@azure/storage-blob": "^12.5.0",
+    "@backstage/backend-app-api": "1.0.3-next.0",
     "@backstage/backend-dev-utils": "0.1.5",
-    "@backstage/backend-plugin-api": "1.0.2-next.2",
-    "@backstage/cli-common": "0.1.15-next.0",
-    "@backstage/cli-node": "0.2.10-next.0",
-    "@backstage/config": "1.2.0",
-    "@backstage/config-loader": "1.9.2-next.0",
-    "@backstage/errors": "1.2.4",
-    "@backstage/integration": "1.15.1",
-    "@backstage/integration-aws-node": "0.1.13-next.0",
-    "@backstage/plugin-auth-node": "0.5.4-next.2",
-    "@backstage/plugin-events-node": "0.4.5-next.3",
-    "@backstage/plugin-permission-node": "0.8.5-next.2",
-    "@backstage/types": "1.1.1",
+    "@backstage/backend-plugin-api": "1.0.3-next.0",
+    "@backstage/cli-common": "0.1.15",
+    "@backstage/cli-node": "0.2.11-next.0",
+    "@backstage/config": "1.3.0",
+    "@backstage/config-loader": "1.9.2",
+    "@backstage/errors": "1.2.5",
+    "@backstage/integration": "1.16.0-next.0",
+    "@backstage/integration-aws-node": "0.1.13",
+    "@backstage/plugin-auth-node": "0.5.5-next.0",
+    "@backstage/plugin-events-node": "0.4.6-next.0",
+    "@backstage/plugin-permission-node": "0.8.6-next.0",
+    "@backstage/types": "1.2.0",
     "@google-cloud/storage": "^7.0.0",
-    "@keyv/memcache": "^1.3.5",
-    "@keyv/redis": "^2.5.3",
+    "@keyv/memcache": "^2.0.1",
+    "@keyv/redis": "^4.0.1",
     "@manypkg/get-packages": "^1.1.3",
     "@octokit/rest": "^19.0.3",
     "@opentelemetry/api": "^1.3.0",
@@ -229,14 +230,13 @@
     "helmet": "^6.0.0",
     "isomorphic-git": "^1.23.0",
     "jose": "^5.0.0",
-    "keyv": "^4.5.2",
+    "keyv": "^5.2.1",
     "knex": "^3.0.0",
     "lodash": "^4.17.21",
     "logform": "^2.3.2",
     "luxon": "^3.0.0",
     "minimatch": "^9.0.0",
     "minimist": "^1.2.5",
-    "morgan": "^1.10.0",
     "mysql2": "^3.0.0",
     "node-fetch": "^2.7.0",
     "node-forge": "^1.3.1",
@@ -250,7 +250,7 @@
     "stoppable": "^1.1.0",
     "tar": "^6.1.12",
     "triple-beam": "^1.4.1",
-    "uuid": "^9.0.0",
+    "uuid": "^11.0.0",
     "winston": "^3.2.1",
     "winston-transport": "^4.5.0",
     "yauzl": "^3.0.0",
@@ -259,14 +259,13 @@
   },
   "devDependencies": {
     "@aws-sdk/util-stream-node": "^3.350.0",
-    "@backstage/backend-plugin-api": "1.0.2-next.2",
-    "@backstage/backend-test-utils": "1.1.0-next.3",
-    "@backstage/cli": "0.29.0-next.3",
+    "@backstage/backend-plugin-api": "1.0.3-next.0",
+    "@backstage/backend-test-utils": "1.2.0-next.0",
+    "@backstage/cli": "0.29.3-next.0",
     "@types/archiver": "^6.0.0",
     "@types/base64-stream": "^1.0.2",
     "@types/concat-stream": "^2.0.0",
     "@types/http-errors": "^2.0.0",
-    "@types/morgan": "^1.9.0",
     "@types/node-forge": "^1.3.0",
     "@types/pg-format": "^1.0.5",
     "@types/stoppable": "^1.1.0",
@@ -274,6 +273,7 @@
     "aws-sdk-client-mock": "^4.0.0",
     "http-errors": "^2.0.0",
     "msw": "^1.0.0",
+    "node-mocks-http": "^1.0.0",
     "supertest": "^7.0.0",
     "wait-for-expect": "^3.0.2"
   },

package/dist/entrypoints/httpRouter/createAuthIntegrationRouter.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"createAuthIntegrationRouter.cjs.js","sources":["../../../src/entrypoints/httpRouter/createAuthIntegrationRouter.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthService } from '@backstage/backend-plugin-api';\nimport express from 'express';\nimport Router from 'express-promise-router';\n\nexport function createAuthIntegrationRouter(options: {\n  auth: AuthService;\n}): express.Router {\n  const router = Router();\n\n  router.get('/.backstage/auth/v1/jwks.json', async (_req, res) => {\n    const { keys } = await options.auth.listPublicServiceKeys();\n\n    res.json({ keys });\n  });\n\n  return router;\n}\n"],"names":["Router"],"mappings":";;;;;;;;AAoBO,SAAS,4BAA4B,OAEzB,EAAA;AACjB,EAAA,MAAM,SAASA,uBAAO,EAAA;AAEtB,EAAA,MAAA,CAAO,GAAI,CAAA,+BAAA,EAAiC,OAAO,IAAA,EAAM,GAAQ,KAAA;AAC/D,IAAA,MAAM,EAAE,IAAK,EAAA,GAAI,MAAM,OAAA,CAAQ,KAAK,qBAAsB,EAAA;AAE1D,IAAI,GAAA,CAAA,IAAA,CAAK,EAAE,IAAA,EAAM,CAAA;AAAA,GAClB,CAAA;AAED,EAAO,OAAA,MAAA;AACT;;;;"}

package/dist/entrypoints/httpRouter/createCookieAuthRefreshMiddleware.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"createCookieAuthRefreshMiddleware.cjs.js","sources":["../../../src/entrypoints/httpRouter/createCookieAuthRefreshMiddleware.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { AuthService, HttpAuthService } from '@backstage/backend-plugin-api';\nimport Router from 'express-promise-router';\n\nconst WELL_KNOWN_COOKIE_PATH_V1 = '/.backstage/auth/v1/cookie';\n\n/**\n * @public\n * Creates a middleware that can be used to refresh the cookie for the user.\n */\nexport function createCookieAuthRefreshMiddleware(options: {\n  auth: AuthService;\n  httpAuth: HttpAuthService;\n}) {\n  const { auth, httpAuth } = options;\n  const router = Router();\n\n  // Endpoint that sets the cookie for the user\n  router.get(WELL_KNOWN_COOKIE_PATH_V1, async (_, res) => {\n    const { expiresAt } = await httpAuth.issueUserCookie(res);\n    res.json({ expiresAt: expiresAt.toISOString() });\n  });\n\n  // Endpoint that removes the cookie for the user\n  router.delete(WELL_KNOWN_COOKIE_PATH_V1, async (_, res) => {\n    const credentials = await auth.getNoneCredentials();\n    await httpAuth.issueUserCookie(res, { credentials });\n    res.status(204).end();\n  });\n\n  return router;\n}\n"],"names":["Router"],"mappings":";;;;;;;;AAmBA,MAAM,yBAA4B,GAAA,4BAAA;AAM3B,SAAS,kCAAkC,OAG/C,EAAA;AACD,EAAM,MAAA,EAAE,IAAM,EAAA,QAAA,EAAa,GAAA,OAAA;AAC3B,EAAA,MAAM,SAASA,uBAAO,EAAA;AAGtB,EAAA,MAAA,CAAO,GAAI,CAAA,yBAAA,EAA2B,OAAO,CAAA,EAAG,GAAQ,KAAA;AACtD,IAAA,MAAM,EAAE,SAAU,EAAA,GAAI,MAAM,QAAA,CAAS,gBAAgB,GAAG,CAAA;AACxD,IAAA,GAAA,CAAI,KAAK,EAAE,SAAA,EAAW,SAAU,CAAA,WAAA,IAAe,CAAA;AAAA,GAChD,CAAA;AAGD,EAAA,MAAA,CAAO,MAAO,CAAA,yBAAA,EAA2B,OAAO,CAAA,EAAG,GAAQ,KAAA;AACzD,IAAM,MAAA,WAAA,GAAc,MAAM,IAAA,CAAK,kBAAmB,EAAA;AAClD,IAAA,MAAM,QAAS,CAAA,eAAA,CAAgB,GAAK,EAAA,EAAE,aAAa,CAAA;AACnD,IAAI,GAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,GAAI,EAAA;AAAA,GACrB,CAAA;AAED,EAAO,OAAA,MAAA;AACT;;;;"}

package/dist/entrypoints/httpRouter/createCredentialsBarrier.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"createCredentialsBarrier.cjs.js","sources":["../../../src/entrypoints/httpRouter/createCredentialsBarrier.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  HttpAuthService,\n  HttpRouterServiceAuthPolicy,\n  RootConfigService,\n} from '@backstage/backend-plugin-api';\nimport { RequestHandler } from 'express';\nimport { pathToRegexp } from 'path-to-regexp';\n\nexport function createPathPolicyPredicate(policyPath: string) {\n  if (policyPath === '/' || policyPath === '*') {\n    return () => true;\n  }\n\n  const { regexp: pathRegex } = pathToRegexp(policyPath, {\n    end: false,\n  });\n\n  return (path: string): boolean => {\n    return pathRegex.test(path);\n  };\n}\n\nexport function createCredentialsBarrier(options: {\n  httpAuth: HttpAuthService;\n  config: RootConfigService;\n}): {\n  middleware: RequestHandler;\n  addAuthPolicy: (policy: HttpRouterServiceAuthPolicy) => void;\n} {\n  const { httpAuth, config } = options;\n\n  const disableDefaultAuthPolicy = config.getOptionalBoolean(\n    'backend.auth.dangerouslyDisableDefaultAuthPolicy',\n  );\n\n  if (disableDefaultAuthPolicy) {\n    return {\n      middleware: (_req, _res, next) => next(),\n      addAuthPolicy: () => {},\n    };\n  }\n\n  const unauthenticatedPredicates = new Array<(path: string) => boolean>();\n  const cookiePredicates = new Array<(path: string) => boolean>();\n\n  const middleware: RequestHandler = (req, _, next) => {\n    const allowsUnauthenticated = unauthenticatedPredicates.some(predicate =>\n      predicate(req.path),\n    );\n\n    if (allowsUnauthenticated) {\n      next();\n      return;\n    }\n\n    const allowsCookie = cookiePredicates.some(predicate =>\n      predicate(req.path),\n    );\n\n    httpAuth\n      .credentials(req, {\n        allow: ['user', 'service'],\n        allowLimitedAccess: allowsCookie,\n      })\n      .then(\n        () => next(),\n        err => next(err),\n      );\n  };\n\n  const addAuthPolicy = (policy: HttpRouterServiceAuthPolicy) => {\n    if (policy.allow === 'unauthenticated') {\n      unauthenticatedPredicates.push(createPathPolicyPredicate(policy.path));\n    } else if (policy.allow === 'user-cookie') {\n      cookiePredicates.push(createPathPolicyPredicate(policy.path));\n    } else {\n      throw new Error('Invalid auth policy');\n    }\n  };\n\n  return { middleware, addAuthPolicy };\n}\n"],"names":["pathToRegexp"],"mappings":";;;;AAwBO,SAAS,0BAA0B,UAAoB,EAAA;AAC5D,EAAI,IAAA,UAAA,KAAe,GAAO,IAAA,UAAA,KAAe,GAAK,EAAA;AAC5C,IAAA,OAAO,MAAM,IAAA;AAAA;AAGf,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAU,EAAA,GAAIA,0BAAa,UAAY,EAAA;AAAA,IACrD,GAAK,EAAA;AAAA,GACN,CAAA;AAED,EAAA,OAAO,CAAC,IAA0B,KAAA;AAChC,IAAO,OAAA,SAAA,CAAU,KAAK,IAAI,CAAA;AAAA,GAC5B;AACF;AAEO,SAAS,yBAAyB,OAMvC,EAAA;AACA,EAAM,MAAA,EAAE,QAAU,EAAA,MAAA,EAAW,GAAA,OAAA;AAE7B,EAAA,MAAM,2BAA2B,MAAO,CAAA,kBAAA;AAAA,IACtC;AAAA,GACF;AAEA,EAAA,IAAI,wBAA0B,EAAA;AAC5B,IAAO,OAAA;AAAA,MACL,UAAY,EAAA,CAAC,IAAM,EAAA,IAAA,EAAM,SAAS,IAAK,EAAA;AAAA,MACvC,eAAe,MAAM;AAAA;AAAC,KACxB;AAAA;AAGF,EAAM,MAAA,yBAAA,GAA4B,IAAI,KAAiC,EAAA;AACvE,EAAM,MAAA,gBAAA,GAAmB,IAAI,KAAiC,EAAA;AAE9D,EAAA,MAAM,UAA6B,GAAA,CAAC,GAAK,EAAA,CAAA,EAAG,IAAS,KAAA;AACnD,IAAA,MAAM,wBAAwB,yBAA0B,CAAA,IAAA;AAAA,MAAK,CAAA,SAAA,KAC3D,SAAU,CAAA,GAAA,CAAI,IAAI;AAAA,KACpB;AAEA,IAAA,IAAI,qBAAuB,EAAA;AACzB,MAAK,IAAA,EAAA;AACL,MAAA;AAAA;AAGF,IAAA,MAAM,eAAe,gBAAiB,CAAA,IAAA;AAAA,MAAK,CAAA,SAAA,KACzC,SAAU,CAAA,GAAA,CAAI,IAAI;AAAA,KACpB;AAEA,IAAA,QAAA,CACG,YAAY,GAAK,EAAA;AAAA,MAChB,KAAA,EAAO,CAAC,MAAA,EAAQ,SAAS,CAAA;AAAA,MACzB,kBAAoB,EAAA;AAAA,KACrB,CACA,CAAA,IAAA;AAAA,MACC,MAAM,IAAK,EAAA;AAAA,MACX,CAAA,GAAA,KAAO,KAAK,GAAG;AAAA,KACjB;AAAA,GACJ;AAEA,EAAM,MAAA,aAAA,GAAgB,CAAC,MAAwC,KAAA;AAC7D,IAAI,IAAA,MAAA,CAAO,UAAU,iBAAmB,EAAA;AACtC,MAAA,yBAAA,CAA0B,IAAK,CAAA,yBAAA,CAA0B,MAAO,CAAA,IAAI,CAAC,CAAA;AAAA,KACvE,MAAA,IAAW,MAAO,CAAA,KAAA,KAAU,aAAe,EAAA;AACzC,MAAA,gBAAA,CAAiB,IAAK,CAAA,yBAAA,CAA0B,MAAO,CAAA,IAAI,CAAC,CAAA;AAAA,KACvD,MAAA;AACL,MAAM,MAAA,IAAI,MAAM,qBAAqB,CAAA;AAAA;AACvC,GACF;AAEA,EAAO,OAAA,EAAE,YAAY,aAAc,EAAA;AACrC;;;;;"}

package/dist/entrypoints/httpRouter/createLifecycleMiddleware.cjs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"createLifecycleMiddleware.cjs.js","sources":["../../../src/entrypoints/httpRouter/createLifecycleMiddleware.ts"],"sourcesContent":["/*\n * Copyright 2022 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { LifecycleService } from '@backstage/backend-plugin-api';\nimport { ServiceUnavailableError } from '@backstage/errors';\nimport { HumanDuration, durationToMilliseconds } from '@backstage/types';\nimport { RequestHandler } from 'express';\n\nexport const DEFAULT_TIMEOUT = { seconds: 5 };\n\n/**\n * Options for {@link createLifecycleMiddleware}.\n * @internal\n */\nexport interface LifecycleMiddlewareOptions {\n  lifecycle: LifecycleService;\n  /**\n   * The maximum time that paused requests will wait for the service to start, before returning an error.\n   *\n   * Defaults to 5 seconds.\n   */\n  startupRequestPauseTimeout?: HumanDuration;\n}\n\n/**\n * Creates a middleware that pauses requests until the service has started.\n *\n * @remarks\n *\n * Requests that arrive before the service has started will be paused until startup is complete.\n * If the service does not start within the provided timeout, the request will be rejected with a\n * {@link @backstage/errors#ServiceUnavailableError}.\n *\n * If the service is shutting down, all requests will be rejected with a\n * {@link @backstage/errors#ServiceUnavailableError}.\n *\n * @internal\n */\nexport function createLifecycleMiddleware(\n  options: LifecycleMiddlewareOptions,\n): RequestHandler {\n  const { lifecycle, startupRequestPauseTimeout = DEFAULT_TIMEOUT } = options;\n\n  let state: 'init' | 'up' | 'down' = 'init';\n  const waiting = new Set<{\n    next: (err?: Error) => void;\n    timeout: NodeJS.Timeout;\n  }>();\n\n  lifecycle.addStartupHook(async () => {\n    if (state === 'init') {\n      state = 'up';\n      for (const item of waiting) {\n        clearTimeout(item.timeout);\n        item.next();\n      }\n      waiting.clear();\n    }\n  });\n\n  lifecycle.addShutdownHook(async () => {\n    state = 'down';\n\n    for (const item of waiting) {\n      clearTimeout(item.timeout);\n      item.next(new ServiceUnavailableError('Service is shutting down'));\n    }\n    waiting.clear();\n  });\n\n  const timeoutMs = durationToMilliseconds(startupRequestPauseTimeout);\n\n  return (_req, _res, next) => {\n    if (state === 'up') {\n      next();\n      return;\n    } else if (state === 'down') {\n      next(new ServiceUnavailableError('Service is shutting down'));\n      return;\n    }\n\n    const item = {\n      next,\n      timeout: setTimeout(() => {\n        if (waiting.delete(item)) {\n          next(new ServiceUnavailableError('Service has not started up yet'));\n        }\n      }, timeoutMs),\n    };\n\n    waiting.add(item);\n  };\n}\n"],"names":["ServiceUnavailableError","durationToMilliseconds"],"mappings":";;;;;AAqBa,MAAA,eAAA,GAAkB,EAAE,OAAA,EAAS,CAAE;AA8BrC,SAAS,0BACd,OACgB,EAAA;AAChB,EAAA,MAAM,EAAE,SAAA,EAAW,0BAA6B,GAAA,eAAA,EAAoB,GAAA,OAAA;AAEpE,EAAA,IAAI,KAAgC,GAAA,MAAA;AACpC,EAAM,MAAA,OAAA,uBAAc,GAGjB,EAAA;AAEH,EAAA,SAAA,CAAU,eAAe,YAAY;AACnC,IAAA,IAAI,UAAU,MAAQ,EAAA;AACpB,MAAQ,KAAA,GAAA,IAAA;AACR,MAAA,KAAA,MAAW,QAAQ,OAAS,EAAA;AAC1B,QAAA,YAAA,CAAa,KAAK,OAAO,CAAA;AACzB,QAAA,IAAA,CAAK,IAAK,EAAA;AAAA;AAEZ,MAAA,OAAA,CAAQ,KAAM,EAAA;AAAA;AAChB,GACD,CAAA;AAED,EAAA,SAAA,CAAU,gBAAgB,YAAY;AACpC,IAAQ,KAAA,GAAA,MAAA;AAER,IAAA,KAAA,MAAW,QAAQ,OAAS,EAAA;AAC1B,MAAA,YAAA,CAAa,KAAK,OAAO,CAAA;AACzB,MAAA,IAAA,CAAK,IAAK,CAAA,IAAIA,8BAAwB,CAAA,0BAA0B,CAAC,CAAA;AAAA;AAEnE,IAAA,OAAA,CAAQ,KAAM,EAAA;AAAA,GACf,CAAA;AAED,EAAM,MAAA,SAAA,GAAYC,6BAAuB,0BAA0B,CAAA;AAEnE,EAAO,OAAA,CAAC,IAAM,EAAA,IAAA,EAAM,IAAS,KAAA;AAC3B,IAAA,IAAI,UAAU,IAAM,EAAA;AAClB,MAAK,IAAA,EAAA;AACL,MAAA;AAAA,KACF,MAAA,IAAW,UAAU,MAAQ,EAAA;AAC3B,MAAK,IAAA,CAAA,IAAID,8BAAwB,CAAA,0BAA0B,CAAC,CAAA;AAC5D,MAAA;AAAA;AAGF,IAAA,MAAM,IAAO,GAAA;AAAA,MACX,IAAA;AAAA,MACA,OAAA,EAAS,WAAW,MAAM;AACxB,QAAI,IAAA,OAAA,CAAQ,MAAO,CAAA,IAAI,CAAG,EAAA;AACxB,UAAK,IAAA,CAAA,IAAIA,8BAAwB,CAAA,gCAAgC,CAAC,CAAA;AAAA;AACpE,SACC,SAAS;AAAA,KACd;AAEA,IAAA,OAAA,CAAQ,IAAI,IAAI,CAAA;AAAA,GAClB;AACF;;;;;"}