@backstage/plugin-auth-backend-module-cloudflare-access-provider 0.3.2 → 0.3.3-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +21 -0
  2. package/dist/helpers.cjs.js +3 -9
  3. package/dist/helpers.cjs.js.map +1 -1
  4. package/package.json +11 -12
package/CHANGELOG.md CHANGED
@@ -1,5 +1,26 @@
1
1
  # @backstage/plugin-auth-backend-module-cloudflare-access-provider
2
2
 
3
+ ## 0.3.3-next.1
4
+
5
+ ### Patch Changes
6
+
7
+ - 5c9cc05: Use native fetch instead of node-fetch
8
+ - Updated dependencies
9
+ - @backstage/plugin-auth-node@0.5.5-next.1
10
+ - @backstage/backend-plugin-api@1.1.0-next.1
11
+ - @backstage/config@1.3.0
12
+ - @backstage/errors@1.2.5
13
+
14
+ ## 0.3.3-next.0
15
+
16
+ ### Patch Changes
17
+
18
+ - Updated dependencies
19
+ - @backstage/backend-plugin-api@1.0.3-next.0
20
+ - @backstage/plugin-auth-node@0.5.5-next.0
21
+ - @backstage/config@1.3.0
22
+ - @backstage/errors@1.2.5
23
+
3
24
  ## 0.3.2
4
25
 
5
26
  ### Patch Changes
package/dist/helpers.cjs.js CHANGED
@@ -2,13 +2,8 @@
2
2
 
3
3
  var errors = require('@backstage/errors');
4
4
  var jose = require('jose');
5
- var fetch = require('node-fetch');
6
5
  var types = require('./types.cjs.js');
7
6
 
8
- function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
9
-
10
- var fetch__default = /*#__PURE__*/_interopDefaultCompat(fetch);
11
-
12
7
  class AuthHelper {
13
8
  constructor(teamName, serviceTokens, jwtHeaderName, authorizationCookieName, keySet, cache) {
14
9
  this.teamName = teamName;
@@ -47,8 +42,7 @@ class AuthHelper {
47
42
  }
48
43
  if (!jwt) {
49
44
  throw new errors.AuthenticationError(
50
- `Missing ${this.jwtHeaderName} and
51
- ${this.authorizationCookieName} from Cloudflare Access`
45
+ `Missing ${this.jwtHeaderName} and ${this.authorizationCookieName} from Cloudflare Access`
52
46
  );
53
47
  }
54
48
  const verifyResult = await jose.jwtVerify(jwt, this.keySet, {
@@ -107,11 +101,11 @@ class AuthHelper {
107
101
  }
108
102
  }
109
103
  async getIdentityProfile(jwt) {
110
- const headers = new fetch.Headers();
104
+ const headers = new Headers();
111
105
  headers.set(this.jwtHeaderName, jwt);
112
106
  headers.set("cookie", `${this.authorizationCookieName}=${jwt}`);
113
107
  try {
114
- const res = await fetch__default.default(
108
+ const res = await fetch(
115
109
  `https://${this.teamName}.cloudflareaccess.com/cdn-cgi/access/get-identity`,
116
110
  { headers }
117
111
  );
package/dist/helpers.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"helpers.cjs.js","sources":["../src/helpers.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CacheService } from '@backstage/backend-plugin-api';\nimport { Config } from '@backstage/config';\nimport {\n AuthenticationError,\n ForwardedError,\n ResponseError,\n} from '@backstage/errors';\nimport express from 'express';\nimport { createRemoteJWKSet, jwtVerify } from 'jose';\nimport fetch, { Headers } from 'node-fetch';\nimport {\n CACHE_PREFIX,\n CF_JWT_HEADER,\n COOKIE_AUTH_NAME,\n CloudflareAccessClaims,\n CloudflareAccessIdentityProfile,\n CloudflareAccessResult,\n ServiceToken,\n} from './types';\n\nexport class AuthHelper {\n static fromConfig(\n config: Config,\n options?: { cache?: CacheService },\n ): AuthHelper {\n const teamName = config.getString('teamName');\n const jwtHeaderName =\n config.getOptionalString('jwtHeaderName') ?? CF_JWT_HEADER;\n const authorizationCookieName =\n config.getOptionalString('authorizationCookieName') ?? COOKIE_AUTH_NAME;\n const serviceTokens = (\n config.getOptionalConfigArray('serviceTokens') ?? []\n )?.map(cfg => {\n return {\n token: cfg.getString('token'),\n subject: cfg.getString('subject'),\n } as ServiceToken;\n });\n\n const keySet = createRemoteJWKSet(\n new URL(`https://${teamName}.cloudflareaccess.com/cdn-cgi/access/certs`),\n );\n\n return new AuthHelper(\n teamName,\n serviceTokens,\n jwtHeaderName,\n authorizationCookieName,\n keySet,\n options?.cache,\n );\n }\n\n private constructor(\n private readonly teamName: string,\n private readonly serviceTokens: ServiceToken[],\n private readonly jwtHeaderName: string,\n private readonly authorizationCookieName: string,\n private readonly keySet: ReturnType<typeof createRemoteJWKSet>,\n private readonly cache?: CacheService,\n ) {}\n\n async authenticate(req: express.Request): Promise<CloudflareAccessResult> {\n // JWTs generated by Access are available in a request header as\n // Cf-Access-Jwt-Assertion and as cookies as CF_Authorization.\n let jwt = req.header(this.jwtHeaderName);\n if (!jwt) {\n jwt = req.cookies[this.authorizationCookieName];\n }\n if (!jwt) {\n // Only throw if both are not provided by Cloudflare Access since either\n // can be used.\n throw new AuthenticationError(\n `Missing ${this.jwtHeaderName} and \n ${this.authorizationCookieName} from Cloudflare Access`,\n );\n }\n\n // Cloudflare signs the JWT using the RSA Signature with SHA-256 (RS256).\n // RS256 follows an asymmetric algorithm; a private key signs the JWTs and\n // a separate public key verifies the signature.\n const verifyResult = await jwtVerify(jwt, this.keySet, {\n issuer: `https://${this.teamName}.cloudflareaccess.com`,\n });\n\n const isServiceToken = !verifyResult.payload.sub;\n\n const subject = isServiceToken\n ? (verifyResult.payload.common_name as string)\n : verifyResult.payload.sub;\n if (!subject) {\n throw new AuthenticationError(\n `Missing both sub and common_name from Cloudflare Access JWT`,\n );\n }\n\n const serviceToken = this.serviceTokens.find(st => st.token === subject);\n if (isServiceToken && !serviceToken) {\n throw new AuthenticationError(\n `${subject} is not a permitted Service Token.`,\n );\n }\n\n const cacheKey = `${CACHE_PREFIX}/${subject}`;\n const cfAccessResultStr = await this.cache?.get(cacheKey);\n if (typeof cfAccessResultStr === 'string') {\n const result = JSON.parse(cfAccessResultStr) as CloudflareAccessResult;\n return {\n ...result,\n token: jwt,\n };\n }\n const claims = verifyResult.payload as CloudflareAccessClaims;\n\n // Builds a passport profile from JWT claims first\n try {\n let cfIdentity: CloudflareAccessIdentityProfile;\n if (serviceToken) {\n cfIdentity = {\n id: subject,\n name: 'Bot',\n email: serviceToken.subject,\n groups: [],\n };\n } else {\n // If we successfully fetch the get-identity endpoint,\n // We supplement the passport profile with richer user identity\n // information here.\n cfIdentity = await this.getIdentityProfile(jwt);\n }\n // Stores a stringified JSON object in cfaccess provider cache only when\n // we complete all steps\n const cfAccessResult = {\n claims,\n cfIdentity,\n expiresInSeconds: claims.exp - claims.iat,\n };\n this.cache?.set(cacheKey, JSON.stringify(cfAccessResult));\n return {\n ...cfAccessResult,\n token: jwt,\n };\n } catch (err) {\n throw new ForwardedError(\n 'Failed to populate access identity information',\n err,\n );\n }\n }\n\n private async getIdentityProfile(\n jwt: string,\n ): Promise<CloudflareAccessIdentityProfile> {\n const headers = new Headers();\n // set both headers just the way inbound responses are set\n headers.set(this.jwtHeaderName, jwt);\n headers.set('cookie', `${this.authorizationCookieName}=${jwt}`);\n try {\n const res = await fetch(\n `https://${this.teamName}.cloudflareaccess.com/cdn-cgi/access/get-identity`,\n { headers },\n );\n if (!res.ok) {\n throw await ResponseError.fromResponse(res);\n }\n const cfIdentity = await res.json();\n return cfIdentity as unknown as CloudflareAccessIdentityProfile;\n } catch (err) {\n throw new ForwardedError('getIdentityProfile failed', err);\n }\n }\n}\n"],"names":["CF_JWT_HEADER","COOKIE_AUTH_NAME","createRemoteJWKSet","AuthenticationError","jwtVerify","CACHE_PREFIX","ForwardedError","Headers","fetch","ResponseError"],"mappings":";;;;;;;;;;;AAoCO,MAAM,UAAW,CAAA;AAAA,EAiCd,YACW,QACA,EAAA,aAAA,EACA,aACA,EAAA,uBAAA,EACA,QACA,KACjB,EAAA;AANiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AACA,IAAA,IAAA,CAAA,uBAAA,GAAA,uBAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA;AAChB,EAvCH,OAAO,UACL,CAAA,MAAA,EACA,OACY,EAAA;AACZ,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA;AAC5C,IAAA,MAAM,aACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,eAAe,CAAK,IAAAA,mBAAA;AAC/C,IAAA,MAAM,uBACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,yBAAyB,CAAK,IAAAC,sBAAA;AACzD,IAAM,MAAA,aAAA,GAAA,CACJ,OAAO,sBAAuB,CAAA,eAAe,KAAK,EAAC,GAClD,IAAI,CAAO,GAAA,KAAA;AACZ,MAAO,OAAA;AAAA,QACL,KAAA,EAAO,GAAI,CAAA,SAAA,CAAU,OAAO,CAAA;AAAA,QAC5B,OAAA,EAAS,GAAI,CAAA,SAAA,CAAU,SAAS;AAAA,OAClC;AAAA,KACD,CAAA;AAED,IAAA,MAAM,MAAS,GAAAC,uBAAA;AAAA,MACb,IAAI,GAAA,CAAI,CAAW,QAAA,EAAA,QAAQ,CAA4C,0CAAA,CAAA;AAAA,KACzE;AAEA,IAAA,OAAO,IAAI,UAAA;AAAA,MACT,QAAA;AAAA,MACA,aAAA;AAAA,MACA,aAAA;AAAA,MACA,uBAAA;AAAA,MACA,MAAA;AAAA,MACA,OAAS,EAAA;AAAA,KACX;AAAA;AACF,EAWA,MAAM,aAAa,GAAuD,EAAA;AAGxE,IAAA,IAAI,GAAM,GAAA,GAAA,CAAI,MAAO,CAAA,IAAA,CAAK,aAAa,CAAA;AACvC,IAAA,IAAI,CAAC,GAAK,EAAA;AACR,MAAM,GAAA,GAAA,GAAA,CAAI,OAAQ,CAAA,IAAA,CAAK,uBAAuB,CAAA;AAAA;AAEhD,IAAA,IAAI,CAAC,GAAK,EAAA;AAGR,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,CAAA,QAAA,EAAW,KAAK,aAAa,CAAA;AAAA,UAAA,EACzB,KAAK,uBAAuB,CAAA,uBAAA;AAAA,OAClC;AAAA;AAMF,IAAA,MAAM,YAAe,GAAA,MAAMC,cAAU,CAAA,GAAA,EAAK,KAAK,MAAQ,EAAA;AAAA,MACrD,MAAA,EAAQ,CAAW,QAAA,EAAA,IAAA,CAAK,QAAQ,CAAA,qBAAA;AAAA,KACjC,CAAA;AAED,IAAM,MAAA,cAAA,GAAiB,CAAC,YAAA,CAAa,OAAQ,CAAA,GAAA;AAE7C,IAAA,MAAM,UAAU,cACX,GAAA,YAAA,CAAa,OAAQ,CAAA,WAAA,GACtB,aAAa,OAAQ,CAAA,GAAA;AACzB,IAAA,IAAI,CAAC,OAAS,EAAA;AACZ,MAAA,MAAM,IAAID,0BAAA;AAAA,QACR,CAAA,2DAAA;AAAA,OACF;AAAA;AAGF,IAAA,MAAM,eAAe,IAAK,CAAA,aAAA,CAAc,KAAK,CAAM,EAAA,KAAA,EAAA,CAAG,UAAU,OAAO,CAAA;AACvE,IAAI,IAAA,cAAA,IAAkB,CAAC,YAAc,EAAA;AACnC,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,GAAG,OAAO,CAAA,kCAAA;AAAA,OACZ;AAAA;AAGF,IAAA,MAAM,QAAW,GAAA,CAAA,EAAGE,kBAAY,CAAA,CAAA,EAAI,OAAO,CAAA,CAAA;AAC3C,IAAA,MAAM,iBAAoB,GAAA,MAAM,IAAK,CAAA,KAAA,EAAO,IAAI,QAAQ,CAAA;AACxD,IAAI,IAAA,OAAO,sBAAsB,QAAU,EAAA;AACzC,MAAM,MAAA,MAAA,GAAS,IAAK,CAAA,KAAA,CAAM,iBAAiB,CAAA;AAC3C,MAAO,OAAA;AAAA,QACL,GAAG,MAAA;AAAA,QACH,KAAO,EAAA;AAAA,OACT;AAAA;AAEF,IAAA,MAAM,SAAS,YAAa,CAAA,OAAA;AAG5B,IAAI,IAAA;AACF,MAAI,IAAA,UAAA;AACJ,MAAA,IAAI,YAAc,EAAA;AAChB,QAAa,UAAA,GAAA;AAAA,UACX,EAAI,EAAA,OAAA;AAAA,UACJ,IAAM,EAAA,KAAA;AAAA,UACN,OAAO,YAAa,CAAA,OAAA;AAAA,UACpB,QAAQ;AAAC,SACX;AAAA,OACK,MAAA;AAIL,QAAa,UAAA,GAAA,MAAM,IAAK,CAAA,kBAAA,CAAmB,GAAG,CAAA;AAAA;AAIhD,MAAA,MAAM,cAAiB,GAAA;AAAA,QACrB,MAAA;AAAA,QACA,UAAA;AAAA,QACA,gBAAA,EAAkB,MAAO,CAAA,GAAA,GAAM,MAAO,CAAA;AAAA,OACxC;AACA,MAAA,IAAA,CAAK,OAAO,GAAI,CAAA,QAAA,EAAU,IAAK,CAAA,SAAA,CAAU,cAAc,CAAC,CAAA;AACxD,MAAO,OAAA;AAAA,QACL,GAAG,cAAA;AAAA,QACH,KAAO,EAAA;AAAA,OACT;AAAA,aACO,GAAK,EAAA;AACZ,MAAA,MAAM,IAAIC,qBAAA;AAAA,QACR,gDAAA;AAAA,QACA;AAAA,OACF;AAAA;AACF;AACF,EAEA,MAAc,mBACZ,GAC0C,EAAA;AAC1C,IAAM,MAAA,OAAA,GAAU,IAAIC,aAAQ,EAAA;AAE5B,IAAQ,OAAA,CAAA,GAAA,CAAI,IAAK,CAAA,aAAA,EAAe,GAAG,CAAA;AACnC,IAAA,OAAA,CAAQ,IAAI,QAAU,EAAA,CAAA,EAAG,KAAK,uBAAuB,CAAA,CAAA,EAAI,GAAG,CAAE,CAAA,CAAA;AAC9D,IAAI,IAAA;AACF,MAAA,MAAM,MAAM,MAAMC,sBAAA;AAAA,QAChB,CAAA,QAAA,EAAW,KAAK,QAAQ,CAAA,iDAAA,CAAA;AAAA,QACxB,EAAE,OAAQ;AAAA,OACZ;AACA,MAAI,IAAA,CAAC,IAAI,EAAI,EAAA;AACX,QAAM,MAAA,MAAMC,oBAAc,CAAA,YAAA,CAAa,GAAG,CAAA;AAAA;AAE5C,MAAM,MAAA,UAAA,GAAa,MAAM,GAAA,CAAI,IAAK,EAAA;AAClC,MAAO,OAAA,UAAA;AAAA,aACA,GAAK,EAAA;AACZ,MAAM,MAAA,IAAIH,qBAAe,CAAA,2BAAA,EAA6B,GAAG,CAAA;AAAA;AAC3D;AAEJ;;;;"}
1
+ {"version":3,"file":"helpers.cjs.js","sources":["../src/helpers.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CacheService } from '@backstage/backend-plugin-api';\nimport { Config } from '@backstage/config';\nimport {\n AuthenticationError,\n ForwardedError,\n ResponseError,\n} from '@backstage/errors';\nimport express from 'express';\nimport { createRemoteJWKSet, jwtVerify } from 'jose';\nimport {\n CACHE_PREFIX,\n CF_JWT_HEADER,\n COOKIE_AUTH_NAME,\n CloudflareAccessClaims,\n CloudflareAccessIdentityProfile,\n CloudflareAccessResult,\n ServiceToken,\n} from './types';\n\nexport class AuthHelper {\n static fromConfig(\n config: Config,\n options?: { cache?: CacheService },\n ): AuthHelper {\n const teamName = config.getString('teamName');\n const jwtHeaderName =\n config.getOptionalString('jwtHeaderName') ?? CF_JWT_HEADER;\n const authorizationCookieName =\n config.getOptionalString('authorizationCookieName') ?? COOKIE_AUTH_NAME;\n const serviceTokens = (\n config.getOptionalConfigArray('serviceTokens') ?? []\n )?.map(cfg => {\n return {\n token: cfg.getString('token'),\n subject: cfg.getString('subject'),\n } as ServiceToken;\n });\n\n const keySet = createRemoteJWKSet(\n new URL(`https://${teamName}.cloudflareaccess.com/cdn-cgi/access/certs`),\n );\n\n return new AuthHelper(\n teamName,\n serviceTokens,\n jwtHeaderName,\n authorizationCookieName,\n keySet,\n options?.cache,\n );\n }\n\n private constructor(\n private readonly teamName: string,\n private readonly serviceTokens: ServiceToken[],\n private readonly jwtHeaderName: string,\n private readonly authorizationCookieName: string,\n private readonly keySet: ReturnType<typeof createRemoteJWKSet>,\n private readonly cache?: CacheService,\n ) {}\n\n async authenticate(req: express.Request): Promise<CloudflareAccessResult> {\n // JWTs generated by Access are available in a request header as\n // Cf-Access-Jwt-Assertion and as cookies as CF_Authorization.\n let jwt = req.header(this.jwtHeaderName);\n if (!jwt) {\n jwt = req.cookies[this.authorizationCookieName];\n }\n if (!jwt) {\n // Only throw if both are not provided by Cloudflare Access since either\n // can be used.\n throw new AuthenticationError(\n `Missing ${this.jwtHeaderName} and ${this.authorizationCookieName} from Cloudflare Access`,\n );\n }\n\n // Cloudflare signs the JWT using the RSA Signature with SHA-256 (RS256).\n // RS256 follows an asymmetric algorithm; a private key signs the JWTs and\n // a separate public key verifies the signature.\n const verifyResult = await jwtVerify(jwt, this.keySet, {\n issuer: `https://${this.teamName}.cloudflareaccess.com`,\n });\n\n const isServiceToken = !verifyResult.payload.sub;\n\n const subject = isServiceToken\n ? (verifyResult.payload.common_name as string)\n : verifyResult.payload.sub;\n if (!subject) {\n throw new AuthenticationError(\n `Missing both sub and common_name from Cloudflare Access JWT`,\n );\n }\n\n const serviceToken = this.serviceTokens.find(st => st.token === subject);\n if (isServiceToken && !serviceToken) {\n throw new AuthenticationError(\n `${subject} is not a permitted Service Token.`,\n );\n }\n\n const cacheKey = `${CACHE_PREFIX}/${subject}`;\n const cfAccessResultStr = await this.cache?.get(cacheKey);\n if (typeof cfAccessResultStr === 'string') {\n const result = JSON.parse(cfAccessResultStr) as CloudflareAccessResult;\n return {\n ...result,\n token: jwt,\n };\n }\n const claims = verifyResult.payload as CloudflareAccessClaims;\n\n // Builds a passport profile from JWT claims first\n try {\n let cfIdentity: CloudflareAccessIdentityProfile;\n if (serviceToken) {\n cfIdentity = {\n id: subject,\n name: 'Bot',\n email: serviceToken.subject,\n groups: [],\n };\n } else {\n // If we successfully fetch the get-identity endpoint,\n // We supplement the passport profile with richer user identity\n // information here.\n cfIdentity = await this.getIdentityProfile(jwt);\n }\n // Stores a stringified JSON object in cfaccess provider cache only when\n // we complete all steps\n const cfAccessResult = {\n claims,\n cfIdentity,\n expiresInSeconds: claims.exp - claims.iat,\n };\n this.cache?.set(cacheKey, JSON.stringify(cfAccessResult));\n return {\n ...cfAccessResult,\n token: jwt,\n };\n } catch (err) {\n throw new ForwardedError(\n 'Failed to populate access identity information',\n err,\n );\n }\n }\n\n private async getIdentityProfile(\n jwt: string,\n ): Promise<CloudflareAccessIdentityProfile> {\n const headers = new Headers();\n // set both headers just the way inbound responses are set\n headers.set(this.jwtHeaderName, jwt);\n headers.set('cookie', `${this.authorizationCookieName}=${jwt}`);\n try {\n const res = await fetch(\n `https://${this.teamName}.cloudflareaccess.com/cdn-cgi/access/get-identity`,\n { headers },\n );\n if (!res.ok) {\n throw await ResponseError.fromResponse(res);\n }\n const cfIdentity = await res.json();\n return cfIdentity as unknown as CloudflareAccessIdentityProfile;\n } catch (err) {\n throw new ForwardedError('getIdentityProfile failed', err);\n }\n }\n}\n"],"names":["CF_JWT_HEADER","COOKIE_AUTH_NAME","createRemoteJWKSet","AuthenticationError","jwtVerify","CACHE_PREFIX","ForwardedError","ResponseError"],"mappings":";;;;;;AAmCO,MAAM,UAAW,CAAA;AAAA,EAiCd,YACW,QACA,EAAA,aAAA,EACA,aACA,EAAA,uBAAA,EACA,QACA,KACjB,EAAA;AANiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AACA,IAAA,IAAA,CAAA,uBAAA,GAAA,uBAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA;AAChB,EAvCH,OAAO,UACL,CAAA,MAAA,EACA,OACY,EAAA;AACZ,IAAM,MAAA,QAAA,GAAW,MAAO,CAAA,SAAA,CAAU,UAAU,CAAA;AAC5C,IAAA,MAAM,aACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,eAAe,CAAK,IAAAA,mBAAA;AAC/C,IAAA,MAAM,uBACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,yBAAyB,CAAK,IAAAC,sBAAA;AACzD,IAAM,MAAA,aAAA,GAAA,CACJ,OAAO,sBAAuB,CAAA,eAAe,KAAK,EAAC,GAClD,IAAI,CAAO,GAAA,KAAA;AACZ,MAAO,OAAA;AAAA,QACL,KAAA,EAAO,GAAI,CAAA,SAAA,CAAU,OAAO,CAAA;AAAA,QAC5B,OAAA,EAAS,GAAI,CAAA,SAAA,CAAU,SAAS;AAAA,OAClC;AAAA,KACD,CAAA;AAED,IAAA,MAAM,MAAS,GAAAC,uBAAA;AAAA,MACb,IAAI,GAAA,CAAI,CAAW,QAAA,EAAA,QAAQ,CAA4C,0CAAA,CAAA;AAAA,KACzE;AAEA,IAAA,OAAO,IAAI,UAAA;AAAA,MACT,QAAA;AAAA,MACA,aAAA;AAAA,MACA,aAAA;AAAA,MACA,uBAAA;AAAA,MACA,MAAA;AAAA,MACA,OAAS,EAAA;AAAA,KACX;AAAA;AACF,EAWA,MAAM,aAAa,GAAuD,EAAA;AAGxE,IAAA,IAAI,GAAM,GAAA,GAAA,CAAI,MAAO,CAAA,IAAA,CAAK,aAAa,CAAA;AACvC,IAAA,IAAI,CAAC,GAAK,EAAA;AACR,MAAM,GAAA,GAAA,GAAA,CAAI,OAAQ,CAAA,IAAA,CAAK,uBAAuB,CAAA;AAAA;AAEhD,IAAA,IAAI,CAAC,GAAK,EAAA;AAGR,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,CAAW,QAAA,EAAA,IAAA,CAAK,aAAa,CAAA,KAAA,EAAQ,KAAK,uBAAuB,CAAA,uBAAA;AAAA,OACnE;AAAA;AAMF,IAAA,MAAM,YAAe,GAAA,MAAMC,cAAU,CAAA,GAAA,EAAK,KAAK,MAAQ,EAAA;AAAA,MACrD,MAAA,EAAQ,CAAW,QAAA,EAAA,IAAA,CAAK,QAAQ,CAAA,qBAAA;AAAA,KACjC,CAAA;AAED,IAAM,MAAA,cAAA,GAAiB,CAAC,YAAA,CAAa,OAAQ,CAAA,GAAA;AAE7C,IAAA,MAAM,UAAU,cACX,GAAA,YAAA,CAAa,OAAQ,CAAA,WAAA,GACtB,aAAa,OAAQ,CAAA,GAAA;AACzB,IAAA,IAAI,CAAC,OAAS,EAAA;AACZ,MAAA,MAAM,IAAID,0BAAA;AAAA,QACR,CAAA,2DAAA;AAAA,OACF;AAAA;AAGF,IAAA,MAAM,eAAe,IAAK,CAAA,aAAA,CAAc,KAAK,CAAM,EAAA,KAAA,EAAA,CAAG,UAAU,OAAO,CAAA;AACvE,IAAI,IAAA,cAAA,IAAkB,CAAC,YAAc,EAAA;AACnC,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,GAAG,OAAO,CAAA,kCAAA;AAAA,OACZ;AAAA;AAGF,IAAA,MAAM,QAAW,GAAA,CAAA,EAAGE,kBAAY,CAAA,CAAA,EAAI,OAAO,CAAA,CAAA;AAC3C,IAAA,MAAM,iBAAoB,GAAA,MAAM,IAAK,CAAA,KAAA,EAAO,IAAI,QAAQ,CAAA;AACxD,IAAI,IAAA,OAAO,sBAAsB,QAAU,EAAA;AACzC,MAAM,MAAA,MAAA,GAAS,IAAK,CAAA,KAAA,CAAM,iBAAiB,CAAA;AAC3C,MAAO,OAAA;AAAA,QACL,GAAG,MAAA;AAAA,QACH,KAAO,EAAA;AAAA,OACT;AAAA;AAEF,IAAA,MAAM,SAAS,YAAa,CAAA,OAAA;AAG5B,IAAI,IAAA;AACF,MAAI,IAAA,UAAA;AACJ,MAAA,IAAI,YAAc,EAAA;AAChB,QAAa,UAAA,GAAA;AAAA,UACX,EAAI,EAAA,OAAA;AAAA,UACJ,IAAM,EAAA,KAAA;AAAA,UACN,OAAO,YAAa,CAAA,OAAA;AAAA,UACpB,QAAQ;AAAC,SACX;AAAA,OACK,MAAA;AAIL,QAAa,UAAA,GAAA,MAAM,IAAK,CAAA,kBAAA,CAAmB,GAAG,CAAA;AAAA;AAIhD,MAAA,MAAM,cAAiB,GAAA;AAAA,QACrB,MAAA;AAAA,QACA,UAAA;AAAA,QACA,gBAAA,EAAkB,MAAO,CAAA,GAAA,GAAM,MAAO,CAAA;AAAA,OACxC;AACA,MAAA,IAAA,CAAK,OAAO,GAAI,CAAA,QAAA,EAAU,IAAK,CAAA,SAAA,CAAU,cAAc,CAAC,CAAA;AACxD,MAAO,OAAA;AAAA,QACL,GAAG,cAAA;AAAA,QACH,KAAO,EAAA;AAAA,OACT;AAAA,aACO,GAAK,EAAA;AACZ,MAAA,MAAM,IAAIC,qBAAA;AAAA,QACR,gDAAA;AAAA,QACA;AAAA,OACF;AAAA;AACF;AACF,EAEA,MAAc,mBACZ,GAC0C,EAAA;AAC1C,IAAM,MAAA,OAAA,GAAU,IAAI,OAAQ,EAAA;AAE5B,IAAQ,OAAA,CAAA,GAAA,CAAI,IAAK,CAAA,aAAA,EAAe,GAAG,CAAA;AACnC,IAAA,OAAA,CAAQ,IAAI,QAAU,EAAA,CAAA,EAAG,KAAK,uBAAuB,CAAA,CAAA,EAAI,GAAG,CAAE,CAAA,CAAA;AAC9D,IAAI,IAAA;AACF,MAAA,MAAM,MAAM,MAAM,KAAA;AAAA,QAChB,CAAA,QAAA,EAAW,KAAK,QAAQ,CAAA,iDAAA,CAAA;AAAA,QACxB,EAAE,OAAQ;AAAA,OACZ;AACA,MAAI,IAAA,CAAC,IAAI,EAAI,EAAA;AACX,QAAM,MAAA,MAAMC,oBAAc,CAAA,YAAA,CAAa,GAAG,CAAA;AAAA;AAE5C,MAAM,MAAA,UAAA,GAAa,MAAM,GAAA,CAAI,IAAK,EAAA;AAClC,MAAO,OAAA,UAAA;AAAA,aACA,GAAK,EAAA;AACZ,MAAM,MAAA,IAAID,qBAAe,CAAA,2BAAA,EAA6B,GAAG,CAAA;AAAA;AAC3D;AAEJ;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/plugin-auth-backend-module-cloudflare-access-provider",
3
- "version": "0.3.2",
3
+ "version": "0.3.3-next.1",
4
4
  "description": "The cloudflare-access-provider backend module for the auth plugin.",
5
5
  "backstage": {
6
6
  "role": "backend-plugin-module",
@@ -34,20 +34,19 @@
34
34
  "test": "backstage-cli package test"
35
35
  },
36
36
  "dependencies": {
37
- "@backstage/backend-plugin-api": "^1.0.2",
38
- "@backstage/config": "^1.3.0",
39
- "@backstage/errors": "^1.2.5",
40
- "@backstage/plugin-auth-node": "^0.5.4",
37
+ "@backstage/backend-plugin-api": "1.1.0-next.1",
38
+ "@backstage/config": "1.3.0",
39
+ "@backstage/errors": "1.2.5",
40
+ "@backstage/plugin-auth-node": "0.5.5-next.1",
41
41
  "express": "^4.18.2",
42
- "jose": "^5.0.0",
43
- "node-fetch": "^2.7.0"
42
+ "jose": "^5.0.0"
44
43
  },
45
44
  "devDependencies": {
46
- "@backstage/backend-defaults": "^0.5.3",
47
- "@backstage/backend-test-utils": "^1.1.0",
48
- "@backstage/cli": "^0.29.0",
49
- "@backstage/plugin-auth-backend": "^0.24.0",
50
- "@backstage/types": "^1.2.0",
45
+ "@backstage/backend-defaults": "0.6.0-next.1",
46
+ "@backstage/backend-test-utils": "1.2.0-next.1",
47
+ "@backstage/cli": "0.29.3-next.1",
48
+ "@backstage/plugin-auth-backend": "0.24.1-next.1",
49
+ "@backstage/types": "1.2.0",
51
50
  "msw": "^2.0.0",
52
51
  "node-mocks-http": "^1.0.0",
53
52
  "uuid": "^11.0.0"