@backstage/plugin-auth-backend-module-cloudflare-access-provider 0.4.8 → 0.4.9-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +11 -0
  2. package/dist/helpers.cjs.js +14 -8
  3. package/dist/helpers.cjs.js.map +1 -1
  4. package/package.json +10 -10
package/CHANGELOG.md CHANGED
@@ -1,5 +1,16 @@
1
1
  # @backstage/plugin-auth-backend-module-cloudflare-access-provider
2
2
 
3
+ ## 0.4.9-next.0
4
+
5
+ ### Patch Changes
6
+
7
+ - 05f60e1: Refactored constructor parameter properties to explicit property declarations for compatibility with TypeScript's `erasableSyntaxOnly` setting. This internal refactoring maintains all existing functionality while ensuring TypeScript compilation compatibility.
8
+ - Updated dependencies
9
+ - @backstage/plugin-auth-node@0.6.9-next.0
10
+ - @backstage/config@1.3.6-next.0
11
+ - @backstage/backend-plugin-api@1.4.5-next.0
12
+ - @backstage/errors@1.2.7
13
+
3
14
  ## 0.4.8
4
15
 
5
16
  ### Patch Changes
package/dist/helpers.cjs.js CHANGED
@@ -5,14 +5,6 @@ var jose = require('jose');
5
5
  var types = require('./types.cjs.js');
6
6
 
7
7
  class AuthHelper {
8
- constructor(teamName, serviceTokens, jwtHeaderName, authorizationCookieName, keySet, cache) {
9
- this.teamName = teamName;
10
- this.serviceTokens = serviceTokens;
11
- this.jwtHeaderName = jwtHeaderName;
12
- this.authorizationCookieName = authorizationCookieName;
13
- this.keySet = keySet;
14
- this.cache = cache;
15
- }
16
8
  static fromConfig(config, options) {
17
9
  const teamName = config.getString("teamName");
18
10
  const jwtHeaderName = config.getOptionalString("jwtHeaderName") ?? types.CF_JWT_HEADER;
@@ -35,6 +27,20 @@ class AuthHelper {
35
27
  options?.cache
36
28
  );
37
29
  }
30
+ teamName;
31
+ serviceTokens;
32
+ jwtHeaderName;
33
+ authorizationCookieName;
34
+ keySet;
35
+ cache;
36
+ constructor(teamName, serviceTokens, jwtHeaderName, authorizationCookieName, keySet, cache) {
37
+ this.teamName = teamName;
38
+ this.serviceTokens = serviceTokens;
39
+ this.jwtHeaderName = jwtHeaderName;
40
+ this.authorizationCookieName = authorizationCookieName;
41
+ this.keySet = keySet;
42
+ this.cache = cache;
43
+ }
38
44
  async authenticate(req) {
39
45
  let jwt = req.header(this.jwtHeaderName);
40
46
  if (!jwt) {
package/dist/helpers.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"helpers.cjs.js","sources":["../src/helpers.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CacheService } from '@backstage/backend-plugin-api';\nimport { Config } from '@backstage/config';\nimport {\n AuthenticationError,\n ForwardedError,\n ResponseError,\n} from '@backstage/errors';\nimport express from 'express';\nimport { createRemoteJWKSet, jwtVerify } from 'jose';\nimport {\n CACHE_PREFIX,\n CF_JWT_HEADER,\n COOKIE_AUTH_NAME,\n CloudflareAccessClaims,\n CloudflareAccessIdentityProfile,\n CloudflareAccessResult,\n ServiceToken,\n} from './types';\n\nexport class AuthHelper {\n static fromConfig(\n config: Config,\n options?: { cache?: CacheService },\n ): AuthHelper {\n const teamName = config.getString('teamName');\n const jwtHeaderName =\n config.getOptionalString('jwtHeaderName') ?? CF_JWT_HEADER;\n const authorizationCookieName =\n config.getOptionalString('authorizationCookieName') ?? COOKIE_AUTH_NAME;\n const serviceTokens = (\n config.getOptionalConfigArray('serviceTokens') ?? []\n )?.map(cfg => {\n return {\n token: cfg.getString('token'),\n subject: cfg.getString('subject'),\n } as ServiceToken;\n });\n\n const keySet = createRemoteJWKSet(\n new URL(`https://${teamName}.cloudflareaccess.com/cdn-cgi/access/certs`),\n );\n\n return new AuthHelper(\n teamName,\n serviceTokens,\n jwtHeaderName,\n authorizationCookieName,\n keySet,\n options?.cache,\n );\n }\n\n private constructor(\n private readonly teamName: string,\n private readonly serviceTokens: ServiceToken[],\n private readonly jwtHeaderName: string,\n private readonly authorizationCookieName: string,\n private readonly keySet: ReturnType<typeof createRemoteJWKSet>,\n private readonly cache?: CacheService,\n ) {}\n\n async authenticate(req: express.Request): Promise<CloudflareAccessResult> {\n // JWTs generated by Access are available in a request header as\n // Cf-Access-Jwt-Assertion and as cookies as CF_Authorization.\n let jwt = req.header(this.jwtHeaderName);\n if (!jwt) {\n jwt = req.cookies[this.authorizationCookieName];\n }\n if (!jwt) {\n // Only throw if both are not provided by Cloudflare Access since either\n // can be used.\n throw new AuthenticationError(\n `Missing ${this.jwtHeaderName} and ${this.authorizationCookieName} from Cloudflare Access`,\n );\n }\n\n // Cloudflare signs the JWT using the RSA Signature with SHA-256 (RS256).\n // RS256 follows an asymmetric algorithm; a private key signs the JWTs and\n // a separate public key verifies the signature.\n const verifyResult = await jwtVerify(jwt, this.keySet, {\n issuer: `https://${this.teamName}.cloudflareaccess.com`,\n });\n\n const isServiceToken = !verifyResult.payload.sub;\n\n const subject = isServiceToken\n ? (verifyResult.payload.common_name as string)\n : verifyResult.payload.sub;\n if (!subject) {\n throw new AuthenticationError(\n `Missing both sub and common_name from Cloudflare Access JWT`,\n );\n }\n\n const serviceToken = this.serviceTokens.find(st => st.token === subject);\n if (isServiceToken && !serviceToken) {\n throw new AuthenticationError(\n `${subject} is not a permitted Service Token.`,\n );\n }\n\n const cacheKey = `${CACHE_PREFIX}/${subject}`;\n const cfAccessResultStr = await this.cache?.get(cacheKey);\n if (typeof cfAccessResultStr === 'string') {\n const result = JSON.parse(cfAccessResultStr) as CloudflareAccessResult;\n return {\n ...result,\n token: jwt,\n };\n }\n const claims = verifyResult.payload as CloudflareAccessClaims;\n\n // Builds a passport profile from JWT claims first\n try {\n let cfIdentity: CloudflareAccessIdentityProfile;\n if (serviceToken) {\n cfIdentity = {\n id: subject,\n name: 'Bot',\n email: serviceToken.subject,\n groups: [],\n };\n } else {\n // If we successfully fetch the get-identity endpoint,\n // We supplement the passport profile with richer user identity\n // information here.\n cfIdentity = await this.getIdentityProfile(jwt);\n }\n // Stores a stringified JSON object in cfaccess provider cache only when\n // we complete all steps\n const cfAccessResult = {\n claims,\n cfIdentity,\n expiresInSeconds: claims.exp - claims.iat,\n };\n this.cache?.set(cacheKey, JSON.stringify(cfAccessResult));\n return {\n ...cfAccessResult,\n token: jwt,\n };\n } catch (err) {\n throw new ForwardedError(\n 'Failed to populate access identity information',\n err,\n );\n }\n }\n\n private async getIdentityProfile(\n jwt: string,\n ): Promise<CloudflareAccessIdentityProfile> {\n const headers = new Headers();\n // set both headers just the way inbound responses are set\n headers.set(this.jwtHeaderName, jwt);\n headers.set('cookie', `${this.authorizationCookieName}=${jwt}`);\n try {\n const res = await fetch(\n `https://${this.teamName}.cloudflareaccess.com/cdn-cgi/access/get-identity`,\n { headers },\n );\n if (!res.ok) {\n throw await ResponseError.fromResponse(res);\n }\n const cfIdentity = await res.json();\n return cfIdentity as unknown as CloudflareAccessIdentityProfile;\n } catch (err) {\n throw new ForwardedError('getIdentityProfile failed', err);\n }\n }\n}\n"],"names":["CF_JWT_HEADER","COOKIE_AUTH_NAME","createRemoteJWKSet","AuthenticationError","jwtVerify","CACHE_PREFIX","ForwardedError","ResponseError"],"mappings":";;;;;;AAmCO,MAAM,UAAA,CAAW;AAAA,EAiCd,YACW,QAAA,EACA,aAAA,EACA,aAAA,EACA,uBAAA,EACA,QACA,KAAA,EACjB;AANiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AACA,IAAA,IAAA,CAAA,uBAAA,GAAA,uBAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA,EAChB;AAAA,EAvCH,OAAO,UAAA,CACL,MAAA,EACA,OAAA,EACY;AACZ,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,SAAA,CAAU,UAAU,CAAA;AAC5C,IAAA,MAAM,aAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,eAAe,CAAA,IAAKA,mBAAA;AAC/C,IAAA,MAAM,uBAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,yBAAyB,CAAA,IAAKC,sBAAA;AACzD,IAAA,MAAM,aAAA,GAAA,CACJ,OAAO,sBAAA,CAAuB,eAAe,KAAK,EAAC,GAClD,IAAI,CAAA,GAAA,KAAO;AACZ,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,GAAA,CAAI,SAAA,CAAU,OAAO,CAAA;AAAA,QAC5B,OAAA,EAAS,GAAA,CAAI,SAAA,CAAU,SAAS;AAAA,OAClC;AAAA,IACF,CAAC,CAAA;AAED,IAAA,MAAM,MAAA,GAASC,uBAAA;AAAA,MACb,IAAI,GAAA,CAAI,CAAA,QAAA,EAAW,QAAQ,CAAA,0CAAA,CAA4C;AAAA,KACzE;AAEA,IAAA,OAAO,IAAI,UAAA;AAAA,MACT,QAAA;AAAA,MACA,aAAA;AAAA,MACA,aAAA;AAAA,MACA,uBAAA;AAAA,MACA,MAAA;AAAA,MACA,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAAA,EAWA,MAAM,aAAa,GAAA,EAAuD;AAGxE,IAAA,IAAI,GAAA,GAAM,GAAA,CAAI,MAAA,CAAO,IAAA,CAAK,aAAa,CAAA;AACvC,IAAA,IAAI,CAAC,GAAA,EAAK;AACR,MAAA,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,IAAA,CAAK,uBAAuB,CAAA;AAAA,IAChD;AACA,IAAA,IAAI,CAAC,GAAA,EAAK;AAGR,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,CAAA,QAAA,EAAW,IAAA,CAAK,aAAa,CAAA,KAAA,EAAQ,KAAK,uBAAuB,CAAA,uBAAA;AAAA,OACnE;AAAA,IACF;AAKA,IAAA,MAAM,YAAA,GAAe,MAAMC,cAAA,CAAU,GAAA,EAAK,KAAK,MAAA,EAAQ;AAAA,MACrD,MAAA,EAAQ,CAAA,QAAA,EAAW,IAAA,CAAK,QAAQ,CAAA,qBAAA;AAAA,KACjC,CAAA;AAED,IAAA,MAAM,cAAA,GAAiB,CAAC,YAAA,CAAa,OAAA,CAAQ,GAAA;AAE7C,IAAA,MAAM,UAAU,cAAA,GACX,YAAA,CAAa,OAAA,CAAQ,WAAA,GACtB,aAAa,OAAA,CAAQ,GAAA;AACzB,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,MAAM,IAAID,0BAAA;AAAA,QACR,CAAA,2DAAA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,eAAe,IAAA,CAAK,aAAA,CAAc,KAAK,CAAA,EAAA,KAAM,EAAA,CAAG,UAAU,OAAO,CAAA;AACvE,IAAA,IAAI,cAAA,IAAkB,CAAC,YAAA,EAAc;AACnC,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,GAAG,OAAO,CAAA,kCAAA;AAAA,OACZ;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,CAAA,EAAGE,kBAAY,CAAA,CAAA,EAAI,OAAO,CAAA,CAAA;AAC3C,IAAA,MAAM,iBAAA,GAAoB,MAAM,IAAA,CAAK,KAAA,EAAO,IAAI,QAAQ,CAAA;AACxD,IAAA,IAAI,OAAO,sBAAsB,QAAA,EAAU;AACzC,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,iBAAiB,CAAA;AAC3C,MAAA,OAAO;AAAA,QACL,GAAG,MAAA;AAAA,QACH,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AACA,IAAA,MAAM,SAAS,YAAA,CAAa,OAAA;AAG5B,IAAA,IAAI;AACF,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,UAAA,GAAa;AAAA,UACX,EAAA,EAAI,OAAA;AAAA,UACJ,IAAA,EAAM,KAAA;AAAA,UACN,OAAO,YAAA,CAAa,OAAA;AAAA,UACpB,QAAQ;AAAC,SACX;AAAA,MACF,CAAA,MAAO;AAIL,QAAA,UAAA,GAAa,MAAM,IAAA,CAAK,kBAAA,CAAmB,GAAG,CAAA;AAAA,MAChD;AAGA,MAAA,MAAM,cAAA,GAAiB;AAAA,QACrB,MAAA;AAAA,QACA,UAAA;AAAA,QACA,gBAAA,EAAkB,MAAA,CAAO,GAAA,GAAM,MAAA,CAAO;AAAA,OACxC;AACA,MAAA,IAAA,CAAK,OAAO,GAAA,CAAI,QAAA,EAAU,IAAA,CAAK,SAAA,CAAU,cAAc,CAAC,CAAA;AACxD,MAAA,OAAO;AAAA,QACL,GAAG,cAAA;AAAA,QACH,KAAA,EAAO;AAAA,OACT;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,IAAIC,qBAAA;AAAA,QACR,gDAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,mBACZ,GAAA,EAC0C;AAC1C,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAE5B,IAAA,OAAA,CAAQ,GAAA,CAAI,IAAA,CAAK,aAAA,EAAe,GAAG,CAAA;AACnC,IAAA,OAAA,CAAQ,IAAI,QAAA,EAAU,CAAA,EAAG,KAAK,uBAAuB,CAAA,CAAA,EAAI,GAAG,CAAA,CAAE,CAAA;AAC9D,IAAA,IAAI;AACF,MAAA,MAAM,MAAM,MAAM,KAAA;AAAA,QAChB,CAAA,QAAA,EAAW,KAAK,QAAQ,CAAA,iDAAA,CAAA;AAAA,QACxB,EAAE,OAAA;AAAQ,OACZ;AACA,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,MAAMC,oBAAA,CAAc,YAAA,CAAa,GAAG,CAAA;AAAA,MAC5C;AACA,MAAA,MAAM,UAAA,GAAa,MAAM,GAAA,CAAI,IAAA,EAAK;AAClC,MAAA,OAAO,UAAA;AAAA,IACT,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,IAAID,qBAAA,CAAe,2BAAA,EAA6B,GAAG,CAAA;AAAA,IAC3D;AAAA,EACF;AACF;;;;"}
1
+ {"version":3,"file":"helpers.cjs.js","sources":["../src/helpers.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CacheService } from '@backstage/backend-plugin-api';\nimport { Config } from '@backstage/config';\nimport {\n AuthenticationError,\n ForwardedError,\n ResponseError,\n} from '@backstage/errors';\nimport express from 'express';\nimport { createRemoteJWKSet, jwtVerify } from 'jose';\nimport {\n CACHE_PREFIX,\n CF_JWT_HEADER,\n COOKIE_AUTH_NAME,\n CloudflareAccessClaims,\n CloudflareAccessIdentityProfile,\n CloudflareAccessResult,\n ServiceToken,\n} from './types';\n\nexport class AuthHelper {\n static fromConfig(\n config: Config,\n options?: { cache?: CacheService },\n ): AuthHelper {\n const teamName = config.getString('teamName');\n const jwtHeaderName =\n config.getOptionalString('jwtHeaderName') ?? CF_JWT_HEADER;\n const authorizationCookieName =\n config.getOptionalString('authorizationCookieName') ?? COOKIE_AUTH_NAME;\n const serviceTokens = (\n config.getOptionalConfigArray('serviceTokens') ?? []\n )?.map(cfg => {\n return {\n token: cfg.getString('token'),\n subject: cfg.getString('subject'),\n } as ServiceToken;\n });\n\n const keySet = createRemoteJWKSet(\n new URL(`https://${teamName}.cloudflareaccess.com/cdn-cgi/access/certs`),\n );\n\n return new AuthHelper(\n teamName,\n serviceTokens,\n jwtHeaderName,\n authorizationCookieName,\n keySet,\n options?.cache,\n );\n }\n\n private readonly teamName: string;\n private readonly serviceTokens: ServiceToken[];\n private readonly jwtHeaderName: string;\n private readonly authorizationCookieName: string;\n private readonly keySet: ReturnType<typeof createRemoteJWKSet>;\n private readonly cache?: CacheService;\n\n private constructor(\n teamName: string,\n serviceTokens: ServiceToken[],\n jwtHeaderName: string,\n authorizationCookieName: string,\n keySet: ReturnType<typeof createRemoteJWKSet>,\n cache?: CacheService,\n ) {\n this.teamName = teamName;\n this.serviceTokens = serviceTokens;\n this.jwtHeaderName = jwtHeaderName;\n this.authorizationCookieName = authorizationCookieName;\n this.keySet = keySet;\n this.cache = cache;\n }\n\n async authenticate(req: express.Request): Promise<CloudflareAccessResult> {\n // JWTs generated by Access are available in a request header as\n // Cf-Access-Jwt-Assertion and as cookies as CF_Authorization.\n let jwt = req.header(this.jwtHeaderName);\n if (!jwt) {\n jwt = req.cookies[this.authorizationCookieName];\n }\n if (!jwt) {\n // Only throw if both are not provided by Cloudflare Access since either\n // can be used.\n throw new AuthenticationError(\n `Missing ${this.jwtHeaderName} and ${this.authorizationCookieName} from Cloudflare Access`,\n );\n }\n\n // Cloudflare signs the JWT using the RSA Signature with SHA-256 (RS256).\n // RS256 follows an asymmetric algorithm; a private key signs the JWTs and\n // a separate public key verifies the signature.\n const verifyResult = await jwtVerify(jwt, this.keySet, {\n issuer: `https://${this.teamName}.cloudflareaccess.com`,\n });\n\n const isServiceToken = !verifyResult.payload.sub;\n\n const subject = isServiceToken\n ? (verifyResult.payload.common_name as string)\n : verifyResult.payload.sub;\n if (!subject) {\n throw new AuthenticationError(\n `Missing both sub and common_name from Cloudflare Access JWT`,\n );\n }\n\n const serviceToken = this.serviceTokens.find(st => st.token === subject);\n if (isServiceToken && !serviceToken) {\n throw new AuthenticationError(\n `${subject} is not a permitted Service Token.`,\n );\n }\n\n const cacheKey = `${CACHE_PREFIX}/${subject}`;\n const cfAccessResultStr = await this.cache?.get(cacheKey);\n if (typeof cfAccessResultStr === 'string') {\n const result = JSON.parse(cfAccessResultStr) as CloudflareAccessResult;\n return {\n ...result,\n token: jwt,\n };\n }\n const claims = verifyResult.payload as CloudflareAccessClaims;\n\n // Builds a passport profile from JWT claims first\n try {\n let cfIdentity: CloudflareAccessIdentityProfile;\n if (serviceToken) {\n cfIdentity = {\n id: subject,\n name: 'Bot',\n email: serviceToken.subject,\n groups: [],\n };\n } else {\n // If we successfully fetch the get-identity endpoint,\n // We supplement the passport profile with richer user identity\n // information here.\n cfIdentity = await this.getIdentityProfile(jwt);\n }\n // Stores a stringified JSON object in cfaccess provider cache only when\n // we complete all steps\n const cfAccessResult = {\n claims,\n cfIdentity,\n expiresInSeconds: claims.exp - claims.iat,\n };\n this.cache?.set(cacheKey, JSON.stringify(cfAccessResult));\n return {\n ...cfAccessResult,\n token: jwt,\n };\n } catch (err) {\n throw new ForwardedError(\n 'Failed to populate access identity information',\n err,\n );\n }\n }\n\n private async getIdentityProfile(\n jwt: string,\n ): Promise<CloudflareAccessIdentityProfile> {\n const headers = new Headers();\n // set both headers just the way inbound responses are set\n headers.set(this.jwtHeaderName, jwt);\n headers.set('cookie', `${this.authorizationCookieName}=${jwt}`);\n try {\n const res = await fetch(\n `https://${this.teamName}.cloudflareaccess.com/cdn-cgi/access/get-identity`,\n { headers },\n );\n if (!res.ok) {\n throw await ResponseError.fromResponse(res);\n }\n const cfIdentity = await res.json();\n return cfIdentity as unknown as CloudflareAccessIdentityProfile;\n } catch (err) {\n throw new ForwardedError('getIdentityProfile failed', err);\n }\n }\n}\n"],"names":["CF_JWT_HEADER","COOKIE_AUTH_NAME","createRemoteJWKSet","AuthenticationError","jwtVerify","CACHE_PREFIX","ForwardedError","ResponseError"],"mappings":";;;;;;AAmCO,MAAM,UAAA,CAAW;AAAA,EACtB,OAAO,UAAA,CACL,MAAA,EACA,OAAA,EACY;AACZ,IAAA,MAAM,QAAA,GAAW,MAAA,CAAO,SAAA,CAAU,UAAU,CAAA;AAC5C,IAAA,MAAM,aAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,eAAe,CAAA,IAAKA,mBAAA;AAC/C,IAAA,MAAM,uBAAA,GACJ,MAAA,CAAO,iBAAA,CAAkB,yBAAyB,CAAA,IAAKC,sBAAA;AACzD,IAAA,MAAM,aAAA,GAAA,CACJ,OAAO,sBAAA,CAAuB,eAAe,KAAK,EAAC,GAClD,IAAI,CAAA,GAAA,KAAO;AACZ,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,GAAA,CAAI,SAAA,CAAU,OAAO,CAAA;AAAA,QAC5B,OAAA,EAAS,GAAA,CAAI,SAAA,CAAU,SAAS;AAAA,OAClC;AAAA,IACF,CAAC,CAAA;AAED,IAAA,MAAM,MAAA,GAASC,uBAAA;AAAA,MACb,IAAI,GAAA,CAAI,CAAA,QAAA,EAAW,QAAQ,CAAA,0CAAA,CAA4C;AAAA,KACzE;AAEA,IAAA,OAAO,IAAI,UAAA;AAAA,MACT,QAAA;AAAA,MACA,aAAA;AAAA,MACA,aAAA;AAAA,MACA,uBAAA;AAAA,MACA,MAAA;AAAA,MACA,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAAA,EAEiB,QAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EACA,uBAAA;AAAA,EACA,MAAA;AAAA,EACA,KAAA;AAAA,EAET,YACN,QAAA,EACA,aAAA,EACA,aAAA,EACA,uBAAA,EACA,QACA,KAAA,EACA;AACA,IAAA,IAAA,CAAK,QAAA,GAAW,QAAA;AAChB,IAAA,IAAA,CAAK,aAAA,GAAgB,aAAA;AACrB,IAAA,IAAA,CAAK,aAAA,GAAgB,aAAA;AACrB,IAAA,IAAA,CAAK,uBAAA,GAA0B,uBAAA;AAC/B,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AAAA,EACf;AAAA,EAEA,MAAM,aAAa,GAAA,EAAuD;AAGxE,IAAA,IAAI,GAAA,GAAM,GAAA,CAAI,MAAA,CAAO,IAAA,CAAK,aAAa,CAAA;AACvC,IAAA,IAAI,CAAC,GAAA,EAAK;AACR,MAAA,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,IAAA,CAAK,uBAAuB,CAAA;AAAA,IAChD;AACA,IAAA,IAAI,CAAC,GAAA,EAAK;AAGR,MAAA,MAAM,IAAIC,0BAAA;AAAA,QACR,CAAA,QAAA,EAAW,IAAA,CAAK,aAAa,CAAA,KAAA,EAAQ,KAAK,uBAAuB,CAAA,uBAAA;AAAA,OACnE;AAAA,IACF;AAKA,IAAA,MAAM,YAAA,GAAe,MAAMC,cAAA,CAAU,GAAA,EAAK,KAAK,MAAA,EAAQ;AAAA,MACrD,MAAA,EAAQ,CAAA,QAAA,EAAW,IAAA,CAAK,QAAQ,CAAA,qBAAA;AAAA,KACjC,CAAA;AAED,IAAA,MAAM,cAAA,GAAiB,CAAC,YAAA,CAAa,OAAA,CAAQ,GAAA;AAE7C,IAAA,MAAM,UAAU,cAAA,GACX,YAAA,CAAa,OAAA,CAAQ,WAAA,GACtB,aAAa,OAAA,CAAQ,GAAA;AACzB,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,MAAM,IAAID,0BAAA;AAAA,QACR,CAAA,2DAAA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,eAAe,IAAA,CAAK,aAAA,CAAc,KAAK,CAAA,EAAA,KAAM,EAAA,CAAG,UAAU,OAAO,CAAA;AACvE,IAAA,IAAI,cAAA,IAAkB,CAAC,YAAA,EAAc;AACnC,MAAA,MAAM,IAAIA,0BAAA;AAAA,QACR,GAAG,OAAO,CAAA,kCAAA;AAAA,OACZ;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,CAAA,EAAGE,kBAAY,CAAA,CAAA,EAAI,OAAO,CAAA,CAAA;AAC3C,IAAA,MAAM,iBAAA,GAAoB,MAAM,IAAA,CAAK,KAAA,EAAO,IAAI,QAAQ,CAAA;AACxD,IAAA,IAAI,OAAO,sBAAsB,QAAA,EAAU;AACzC,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,iBAAiB,CAAA;AAC3C,MAAA,OAAO;AAAA,QACL,GAAG,MAAA;AAAA,QACH,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AACA,IAAA,MAAM,SAAS,YAAA,CAAa,OAAA;AAG5B,IAAA,IAAI;AACF,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,UAAA,GAAa;AAAA,UACX,EAAA,EAAI,OAAA;AAAA,UACJ,IAAA,EAAM,KAAA;AAAA,UACN,OAAO,YAAA,CAAa,OAAA;AAAA,UACpB,QAAQ;AAAC,SACX;AAAA,MACF,CAAA,MAAO;AAIL,QAAA,UAAA,GAAa,MAAM,IAAA,CAAK,kBAAA,CAAmB,GAAG,CAAA;AAAA,MAChD;AAGA,MAAA,MAAM,cAAA,GAAiB;AAAA,QACrB,MAAA;AAAA,QACA,UAAA;AAAA,QACA,gBAAA,EAAkB,MAAA,CAAO,GAAA,GAAM,MAAA,CAAO;AAAA,OACxC;AACA,MAAA,IAAA,CAAK,OAAO,GAAA,CAAI,QAAA,EAAU,IAAA,CAAK,SAAA,CAAU,cAAc,CAAC,CAAA;AACxD,MAAA,OAAO;AAAA,QACL,GAAG,cAAA;AAAA,QACH,KAAA,EAAO;AAAA,OACT;AAAA,IACF,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,IAAIC,qBAAA;AAAA,QACR,gDAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,mBACZ,GAAA,EAC0C;AAC1C,IAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAE5B,IAAA,OAAA,CAAQ,GAAA,CAAI,IAAA,CAAK,aAAA,EAAe,GAAG,CAAA;AACnC,IAAA,OAAA,CAAQ,IAAI,QAAA,EAAU,CAAA,EAAG,KAAK,uBAAuB,CAAA,CAAA,EAAI,GAAG,CAAA,CAAE,CAAA;AAC9D,IAAA,IAAI;AACF,MAAA,MAAM,MAAM,MAAM,KAAA;AAAA,QAChB,CAAA,QAAA,EAAW,KAAK,QAAQ,CAAA,iDAAA,CAAA;AAAA,QACxB,EAAE,OAAA;AAAQ,OACZ;AACA,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,MAAMC,oBAAA,CAAc,YAAA,CAAa,GAAG,CAAA;AAAA,MAC5C;AACA,MAAA,MAAM,UAAA,GAAa,MAAM,GAAA,CAAI,IAAA,EAAK;AAClC,MAAA,OAAO,UAAA;AAAA,IACT,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,IAAID,qBAAA,CAAe,2BAAA,EAA6B,GAAG,CAAA;AAAA,IAC3D;AAAA,EACF;AACF;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/plugin-auth-backend-module-cloudflare-access-provider",
3
- "version": "0.4.8",
3
+ "version": "0.4.9-next.0",
4
4
  "description": "The cloudflare-access-provider backend module for the auth plugin.",
5
5
  "backstage": {
6
6
  "role": "backend-plugin-module",
@@ -37,20 +37,20 @@
37
37
  "test": "backstage-cli package test"
38
38
  },
39
39
  "dependencies": {
40
- "@backstage/backend-plugin-api": "^1.4.4",
41
- "@backstage/config": "^1.3.5",
42
- "@backstage/errors": "^1.2.7",
43
- "@backstage/plugin-auth-node": "^0.6.8",
40
+ "@backstage/backend-plugin-api": "1.4.5-next.0",
41
+ "@backstage/config": "1.3.6-next.0",
42
+ "@backstage/errors": "1.2.7",
43
+ "@backstage/plugin-auth-node": "0.6.9-next.0",
44
44
  "express": "^4.18.2",
45
45
  "jose": "^5.0.0",
46
46
  "zod": "^3.22.4"
47
47
  },
48
48
  "devDependencies": {
49
- "@backstage/backend-defaults": "^0.13.0",
50
- "@backstage/backend-test-utils": "^1.9.1",
51
- "@backstage/cli": "^0.34.4",
52
- "@backstage/plugin-auth-backend": "^0.25.5",
53
- "@backstage/types": "^1.2.2",
49
+ "@backstage/backend-defaults": "0.13.1-next.0",
50
+ "@backstage/backend-test-utils": "1.10.0-next.0",
51
+ "@backstage/cli": "0.34.5-next.0",
52
+ "@backstage/plugin-auth-backend": "0.25.6-next.0",
53
+ "@backstage/types": "1.2.2",
54
54
  "msw": "^2.0.0",
55
55
  "node-mocks-http": "^1.0.0",
56
56
  "uuid": "^11.0.0"