@backstage/plugin-auth-backend 0.19.4 → 0.20.0-next.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +20 -6
- package/README.md +4 -0
- package/config.d.ts +16 -1
- package/dist/index.cjs.js +325 -167
- package/dist/index.cjs.js.map +1 -1
- package/package.json +13 -13
package/dist/index.cjs.js
CHANGED
|
@@ -34,6 +34,7 @@ var luxon = require('luxon');
|
|
|
34
34
|
var uuid = require('uuid');
|
|
35
35
|
var firestore = require('@google-cloud/firestore');
|
|
36
36
|
var lodash = require('lodash');
|
|
37
|
+
var fs = require('fs');
|
|
37
38
|
var session = require('express-session');
|
|
38
39
|
var connectSessionKnex = require('connect-session-knex');
|
|
39
40
|
var passport = require('passport');
|
|
@@ -75,10 +76,10 @@ var session__default = /*#__PURE__*/_interopDefaultLegacy(session);
|
|
|
75
76
|
var connectSessionKnex__default = /*#__PURE__*/_interopDefaultLegacy(connectSessionKnex);
|
|
76
77
|
var passport__default = /*#__PURE__*/_interopDefaultLegacy(passport);
|
|
77
78
|
|
|
78
|
-
var __defProp$
|
|
79
|
-
var __defNormalProp$
|
|
80
|
-
var __publicField$
|
|
81
|
-
__defNormalProp$
|
|
79
|
+
var __defProp$j = Object.defineProperty;
|
|
80
|
+
var __defNormalProp$j = (obj, key, value) => key in obj ? __defProp$j(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
81
|
+
var __publicField$j = (obj, key, value) => {
|
|
82
|
+
__defNormalProp$j(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
82
83
|
return value;
|
|
83
84
|
};
|
|
84
85
|
const defaultScopes = ["offline_access", "read:me"];
|
|
@@ -95,7 +96,7 @@ class AtlassianStrategy extends OAuth2Strategy__default["default"] {
|
|
|
95
96
|
scope: Array.from(/* @__PURE__ */ new Set([...defaultScopes, ...scopes]))
|
|
96
97
|
};
|
|
97
98
|
super(optionsWithURLs, verify);
|
|
98
|
-
__publicField$
|
|
99
|
+
__publicField$j(this, "profileURL");
|
|
99
100
|
this.profileURL = "https://api.atlassian.com/me";
|
|
100
101
|
this.name = "atlassian";
|
|
101
102
|
this._oauth2.useAuthorizationHeaderforGET(true);
|
|
@@ -210,10 +211,10 @@ const ensuresXRequestedWith = (req) => {
|
|
|
210
211
|
|
|
211
212
|
const prepareBackstageIdentityResponse = pluginAuthNode.prepareBackstageIdentityResponse;
|
|
212
213
|
|
|
213
|
-
var __defProp$
|
|
214
|
-
var __defNormalProp$
|
|
215
|
-
var __publicField$
|
|
216
|
-
__defNormalProp$
|
|
214
|
+
var __defProp$i = Object.defineProperty;
|
|
215
|
+
var __defNormalProp$i = (obj, key, value) => key in obj ? __defProp$i(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
216
|
+
var __publicField$i = (obj, key, value) => {
|
|
217
|
+
__defNormalProp$i(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
217
218
|
return value;
|
|
218
219
|
};
|
|
219
220
|
const THOUSAND_DAYS_MS = 1e3 * 24 * 60 * 60 * 1e3;
|
|
@@ -222,8 +223,8 @@ class OAuthAdapter {
|
|
|
222
223
|
constructor(handlers, options) {
|
|
223
224
|
this.handlers = handlers;
|
|
224
225
|
this.options = options;
|
|
225
|
-
__publicField$
|
|
226
|
-
__publicField$
|
|
226
|
+
__publicField$i(this, "baseCookieOptions");
|
|
227
|
+
__publicField$i(this, "setNonceCookie", (res, nonce, cookieConfig) => {
|
|
227
228
|
res.cookie(`${this.options.providerId}-nonce`, nonce, {
|
|
228
229
|
maxAge: TEN_MINUTES_MS,
|
|
229
230
|
...this.baseCookieOptions,
|
|
@@ -231,34 +232,34 @@ class OAuthAdapter {
|
|
|
231
232
|
path: `${cookieConfig.path}/handler`
|
|
232
233
|
});
|
|
233
234
|
});
|
|
234
|
-
__publicField$
|
|
235
|
+
__publicField$i(this, "setGrantedScopeCookie", (res, scope, cookieConfig) => {
|
|
235
236
|
res.cookie(`${this.options.providerId}-granted-scope`, scope, {
|
|
236
237
|
maxAge: THOUSAND_DAYS_MS,
|
|
237
238
|
...this.baseCookieOptions,
|
|
238
239
|
...cookieConfig
|
|
239
240
|
});
|
|
240
241
|
});
|
|
241
|
-
__publicField$
|
|
242
|
+
__publicField$i(this, "getRefreshTokenFromCookie", (req) => {
|
|
242
243
|
return req.cookies[`${this.options.providerId}-refresh-token`];
|
|
243
244
|
});
|
|
244
|
-
__publicField$
|
|
245
|
+
__publicField$i(this, "getGrantedScopeFromCookie", (req) => {
|
|
245
246
|
return req.cookies[`${this.options.providerId}-granted-scope`];
|
|
246
247
|
});
|
|
247
|
-
__publicField$
|
|
248
|
+
__publicField$i(this, "setRefreshTokenCookie", (res, refreshToken, cookieConfig) => {
|
|
248
249
|
res.cookie(`${this.options.providerId}-refresh-token`, refreshToken, {
|
|
249
250
|
maxAge: THOUSAND_DAYS_MS,
|
|
250
251
|
...this.baseCookieOptions,
|
|
251
252
|
...cookieConfig
|
|
252
253
|
});
|
|
253
254
|
});
|
|
254
|
-
__publicField$
|
|
255
|
+
__publicField$i(this, "removeRefreshTokenCookie", (res, cookieConfig) => {
|
|
255
256
|
res.cookie(`${this.options.providerId}-refresh-token`, "", {
|
|
256
257
|
maxAge: 0,
|
|
257
258
|
...this.baseCookieOptions,
|
|
258
259
|
...cookieConfig
|
|
259
260
|
});
|
|
260
261
|
});
|
|
261
|
-
__publicField$
|
|
262
|
+
__publicField$i(this, "getCookieConfig", (origin) => {
|
|
262
263
|
return this.options.cookieConfigurer({
|
|
263
264
|
providerId: this.options.providerId,
|
|
264
265
|
baseUrl: this.options.baseUrl,
|
|
@@ -564,10 +565,10 @@ function createAuthProviderIntegration(config) {
|
|
|
564
565
|
});
|
|
565
566
|
}
|
|
566
567
|
|
|
567
|
-
var __defProp$
|
|
568
|
-
var __defNormalProp$
|
|
569
|
-
var __publicField$
|
|
570
|
-
__defNormalProp$
|
|
568
|
+
var __defProp$h = Object.defineProperty;
|
|
569
|
+
var __defNormalProp$h = (obj, key, value) => key in obj ? __defProp$h(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
570
|
+
var __publicField$h = (obj, key, value) => {
|
|
571
|
+
__defNormalProp$h(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
571
572
|
return value;
|
|
572
573
|
};
|
|
573
574
|
const atlassianDefaultAuthHandler = async ({
|
|
@@ -578,10 +579,10 @@ const atlassianDefaultAuthHandler = async ({
|
|
|
578
579
|
});
|
|
579
580
|
class AtlassianAuthProvider {
|
|
580
581
|
constructor(options) {
|
|
581
|
-
__publicField$
|
|
582
|
-
__publicField$
|
|
583
|
-
__publicField$
|
|
584
|
-
__publicField$
|
|
582
|
+
__publicField$h(this, "_strategy");
|
|
583
|
+
__publicField$h(this, "signInResolver");
|
|
584
|
+
__publicField$h(this, "authHandler");
|
|
585
|
+
__publicField$h(this, "resolverContext");
|
|
585
586
|
this.resolverContext = options.resolverContext;
|
|
586
587
|
this.authHandler = options.authHandler;
|
|
587
588
|
this.signInResolver = options.signInResolver;
|
|
@@ -699,21 +700,21 @@ class Auth0Strategy extends Auth0InternalStrategy__default["default"] {
|
|
|
699
700
|
}
|
|
700
701
|
}
|
|
701
702
|
|
|
702
|
-
var __defProp$
|
|
703
|
-
var __defNormalProp$
|
|
704
|
-
var __publicField$
|
|
705
|
-
__defNormalProp$
|
|
703
|
+
var __defProp$g = Object.defineProperty;
|
|
704
|
+
var __defNormalProp$g = (obj, key, value) => key in obj ? __defProp$g(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
705
|
+
var __publicField$g = (obj, key, value) => {
|
|
706
|
+
__defNormalProp$g(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
706
707
|
return value;
|
|
707
708
|
};
|
|
708
709
|
class Auth0AuthProvider {
|
|
709
710
|
constructor(options) {
|
|
710
|
-
__publicField$
|
|
711
|
-
__publicField$
|
|
712
|
-
__publicField$
|
|
713
|
-
__publicField$
|
|
714
|
-
__publicField$
|
|
715
|
-
__publicField$
|
|
716
|
-
__publicField$
|
|
711
|
+
__publicField$g(this, "_strategy");
|
|
712
|
+
__publicField$g(this, "signInResolver");
|
|
713
|
+
__publicField$g(this, "authHandler");
|
|
714
|
+
__publicField$g(this, "resolverContext");
|
|
715
|
+
__publicField$g(this, "audience");
|
|
716
|
+
__publicField$g(this, "connection");
|
|
717
|
+
__publicField$g(this, "connectionScope");
|
|
717
718
|
/**
|
|
718
719
|
* Due to passport-auth0 forcing options.state = true,
|
|
719
720
|
* passport-oauth2 requires express-session to be installed
|
|
@@ -722,7 +723,7 @@ class Auth0AuthProvider {
|
|
|
722
723
|
* passport-oauth2, which is the StateStore implementation used when options.state = false,
|
|
723
724
|
* allowing us to avoid using express-session in order to integrate with auth0.
|
|
724
725
|
*/
|
|
725
|
-
__publicField$
|
|
726
|
+
__publicField$g(this, "store", {
|
|
726
727
|
store(_req, cb) {
|
|
727
728
|
cb(null, null);
|
|
728
729
|
},
|
|
@@ -863,23 +864,23 @@ const auth0 = createAuthProviderIntegration({
|
|
|
863
864
|
}
|
|
864
865
|
});
|
|
865
866
|
|
|
866
|
-
var __defProp$
|
|
867
|
-
var __defNormalProp$
|
|
868
|
-
var __publicField$
|
|
869
|
-
__defNormalProp$
|
|
867
|
+
var __defProp$f = Object.defineProperty;
|
|
868
|
+
var __defNormalProp$f = (obj, key, value) => key in obj ? __defProp$f(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
869
|
+
var __publicField$f = (obj, key, value) => {
|
|
870
|
+
__defNormalProp$f(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
870
871
|
return value;
|
|
871
872
|
};
|
|
872
873
|
const ALB_JWT_HEADER = "x-amzn-oidc-data";
|
|
873
874
|
const ALB_ACCESS_TOKEN_HEADER = "x-amzn-oidc-accesstoken";
|
|
874
875
|
class AwsAlbAuthProvider {
|
|
875
876
|
constructor(options) {
|
|
876
|
-
__publicField$
|
|
877
|
-
__publicField$
|
|
878
|
-
__publicField$
|
|
879
|
-
__publicField$
|
|
880
|
-
__publicField$
|
|
881
|
-
__publicField$
|
|
882
|
-
__publicField$
|
|
877
|
+
__publicField$f(this, "region");
|
|
878
|
+
__publicField$f(this, "issuer");
|
|
879
|
+
__publicField$f(this, "resolverContext");
|
|
880
|
+
__publicField$f(this, "keyCache");
|
|
881
|
+
__publicField$f(this, "authHandler");
|
|
882
|
+
__publicField$f(this, "signInResolver");
|
|
883
|
+
__publicField$f(this, "getKey", async (header) => {
|
|
883
884
|
if (!header.kid) {
|
|
884
885
|
throw new errors.AuthenticationError("No key id was specified in header");
|
|
885
886
|
}
|
|
@@ -1007,18 +1008,18 @@ const awsAlb = createAuthProviderIntegration({
|
|
|
1007
1008
|
}
|
|
1008
1009
|
});
|
|
1009
1010
|
|
|
1010
|
-
var __defProp$
|
|
1011
|
-
var __defNormalProp$
|
|
1012
|
-
var __publicField$
|
|
1013
|
-
__defNormalProp$
|
|
1011
|
+
var __defProp$e = Object.defineProperty;
|
|
1012
|
+
var __defNormalProp$e = (obj, key, value) => key in obj ? __defProp$e(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
1013
|
+
var __publicField$e = (obj, key, value) => {
|
|
1014
|
+
__defNormalProp$e(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
1014
1015
|
return value;
|
|
1015
1016
|
};
|
|
1016
1017
|
class BitbucketAuthProvider {
|
|
1017
1018
|
constructor(options) {
|
|
1018
|
-
__publicField$
|
|
1019
|
-
__publicField$
|
|
1020
|
-
__publicField$
|
|
1021
|
-
__publicField$
|
|
1019
|
+
__publicField$e(this, "_strategy");
|
|
1020
|
+
__publicField$e(this, "signInResolver");
|
|
1021
|
+
__publicField$e(this, "authHandler");
|
|
1022
|
+
__publicField$e(this, "resolverContext");
|
|
1022
1023
|
this.signInResolver = options.signInResolver;
|
|
1023
1024
|
this.authHandler = options.authHandler;
|
|
1024
1025
|
this.resolverContext = options.resolverContext;
|
|
@@ -1186,10 +1187,10 @@ const commonByEmailResolver = async (info, ctx) => {
|
|
|
1186
1187
|
});
|
|
1187
1188
|
};
|
|
1188
1189
|
|
|
1189
|
-
var __defProp$
|
|
1190
|
-
var __defNormalProp$
|
|
1191
|
-
var __publicField$
|
|
1192
|
-
__defNormalProp$
|
|
1190
|
+
var __defProp$d = Object.defineProperty;
|
|
1191
|
+
var __defNormalProp$d = (obj, key, value) => key in obj ? __defProp$d(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
1192
|
+
var __publicField$d = (obj, key, value) => {
|
|
1193
|
+
__defNormalProp$d(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
1193
1194
|
return value;
|
|
1194
1195
|
};
|
|
1195
1196
|
const CF_JWT_HEADER = "cf-access-jwt-assertion";
|
|
@@ -1197,12 +1198,12 @@ const COOKIE_AUTH_NAME = "CF_Authorization";
|
|
|
1197
1198
|
const CACHE_PREFIX = "providers/cloudflare-access/profile-v1";
|
|
1198
1199
|
class CloudflareAccessAuthProvider {
|
|
1199
1200
|
constructor(options) {
|
|
1200
|
-
__publicField$
|
|
1201
|
-
__publicField$
|
|
1202
|
-
__publicField$
|
|
1203
|
-
__publicField$
|
|
1204
|
-
__publicField$
|
|
1205
|
-
__publicField$
|
|
1201
|
+
__publicField$d(this, "teamName");
|
|
1202
|
+
__publicField$d(this, "resolverContext");
|
|
1203
|
+
__publicField$d(this, "authHandler");
|
|
1204
|
+
__publicField$d(this, "signInResolver");
|
|
1205
|
+
__publicField$d(this, "jwtKeySet");
|
|
1206
|
+
__publicField$d(this, "cache");
|
|
1206
1207
|
this.teamName = options.teamName;
|
|
1207
1208
|
this.authHandler = options.authHandler;
|
|
1208
1209
|
this.signInResolver = options.signInResolver;
|
|
@@ -1498,20 +1499,20 @@ const google = createAuthProviderIntegration({
|
|
|
1498
1499
|
|
|
1499
1500
|
const BACKSTAGE_SESSION_EXPIRATION = 3600;
|
|
1500
1501
|
|
|
1501
|
-
var __defProp$
|
|
1502
|
-
var __defNormalProp$
|
|
1503
|
-
var __publicField$
|
|
1504
|
-
__defNormalProp$
|
|
1502
|
+
var __defProp$c = Object.defineProperty;
|
|
1503
|
+
var __defNormalProp$c = (obj, key, value) => key in obj ? __defProp$c(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
1504
|
+
var __publicField$c = (obj, key, value) => {
|
|
1505
|
+
__defNormalProp$c(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
1505
1506
|
return value;
|
|
1506
1507
|
};
|
|
1507
1508
|
class MicrosoftAuthProvider {
|
|
1508
1509
|
constructor(options) {
|
|
1509
|
-
__publicField$
|
|
1510
|
-
__publicField$
|
|
1511
|
-
__publicField$
|
|
1512
|
-
__publicField$
|
|
1513
|
-
__publicField$
|
|
1514
|
-
__publicField$
|
|
1510
|
+
__publicField$c(this, "_strategy");
|
|
1511
|
+
__publicField$c(this, "signInResolver");
|
|
1512
|
+
__publicField$c(this, "authHandler");
|
|
1513
|
+
__publicField$c(this, "logger");
|
|
1514
|
+
__publicField$c(this, "resolverContext");
|
|
1515
|
+
__publicField$c(this, "skipUserProfile", (accessToken) => {
|
|
1515
1516
|
const { aud, scp } = jose.decodeJwt(accessToken);
|
|
1516
1517
|
const hasGraphReadScope = aud === "00000003-0000-0000-c000-000000000000" && scp.split(" ").map((s) => s.toLowerCase()).includes("user.read");
|
|
1517
1518
|
return !hasGraphReadScope;
|
|
@@ -1687,18 +1688,18 @@ const oauth2 = createAuthProviderIntegration({
|
|
|
1687
1688
|
}
|
|
1688
1689
|
});
|
|
1689
1690
|
|
|
1690
|
-
var __defProp$
|
|
1691
|
-
var __defNormalProp$
|
|
1692
|
-
var __publicField$
|
|
1693
|
-
__defNormalProp$
|
|
1691
|
+
var __defProp$b = Object.defineProperty;
|
|
1692
|
+
var __defNormalProp$b = (obj, key, value) => key in obj ? __defProp$b(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
1693
|
+
var __publicField$b = (obj, key, value) => {
|
|
1694
|
+
__defNormalProp$b(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
1694
1695
|
return value;
|
|
1695
1696
|
};
|
|
1696
1697
|
const OAUTH2_PROXY_JWT_HEADER = "X-OAUTH2-PROXY-ID-TOKEN";
|
|
1697
1698
|
class Oauth2ProxyAuthProvider {
|
|
1698
1699
|
constructor(options) {
|
|
1699
|
-
__publicField$
|
|
1700
|
-
__publicField$
|
|
1701
|
-
__publicField$
|
|
1700
|
+
__publicField$b(this, "resolverContext");
|
|
1701
|
+
__publicField$b(this, "signInResolver");
|
|
1702
|
+
__publicField$b(this, "authHandler");
|
|
1702
1703
|
this.resolverContext = options.resolverContext;
|
|
1703
1704
|
this.signInResolver = options.signInResolver;
|
|
1704
1705
|
this.authHandler = options.authHandler;
|
|
@@ -1773,20 +1774,20 @@ const oauth2Proxy = createAuthProviderIntegration({
|
|
|
1773
1774
|
}
|
|
1774
1775
|
});
|
|
1775
1776
|
|
|
1776
|
-
var __defProp$
|
|
1777
|
-
var __defNormalProp$
|
|
1778
|
-
var __publicField$
|
|
1779
|
-
__defNormalProp$
|
|
1777
|
+
var __defProp$a = Object.defineProperty;
|
|
1778
|
+
var __defNormalProp$a = (obj, key, value) => key in obj ? __defProp$a(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
1779
|
+
var __publicField$a = (obj, key, value) => {
|
|
1780
|
+
__defNormalProp$a(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
1780
1781
|
return value;
|
|
1781
1782
|
};
|
|
1782
1783
|
class OidcAuthProvider {
|
|
1783
1784
|
constructor(options) {
|
|
1784
|
-
__publicField$
|
|
1785
|
-
__publicField$
|
|
1786
|
-
__publicField$
|
|
1787
|
-
__publicField$
|
|
1788
|
-
__publicField$
|
|
1789
|
-
__publicField$
|
|
1785
|
+
__publicField$a(this, "implementation");
|
|
1786
|
+
__publicField$a(this, "scope");
|
|
1787
|
+
__publicField$a(this, "prompt");
|
|
1788
|
+
__publicField$a(this, "signInResolver");
|
|
1789
|
+
__publicField$a(this, "authHandler");
|
|
1790
|
+
__publicField$a(this, "resolverContext");
|
|
1790
1791
|
this.implementation = this.setupStrategy(options);
|
|
1791
1792
|
this.scope = options.scope;
|
|
1792
1793
|
this.prompt = options.prompt;
|
|
@@ -1947,18 +1948,18 @@ const oidc = createAuthProviderIntegration({
|
|
|
1947
1948
|
}
|
|
1948
1949
|
});
|
|
1949
1950
|
|
|
1950
|
-
var __defProp$
|
|
1951
|
-
var __defNormalProp$
|
|
1952
|
-
var __publicField$
|
|
1953
|
-
__defNormalProp$
|
|
1951
|
+
var __defProp$9 = Object.defineProperty;
|
|
1952
|
+
var __defNormalProp$9 = (obj, key, value) => key in obj ? __defProp$9(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
1953
|
+
var __publicField$9 = (obj, key, value) => {
|
|
1954
|
+
__defNormalProp$9(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
1954
1955
|
return value;
|
|
1955
1956
|
};
|
|
1956
1957
|
class OktaAuthProvider {
|
|
1957
1958
|
constructor(options) {
|
|
1958
|
-
__publicField$
|
|
1959
|
-
__publicField$
|
|
1960
|
-
__publicField$
|
|
1961
|
-
__publicField$
|
|
1959
|
+
__publicField$9(this, "strategy");
|
|
1960
|
+
__publicField$9(this, "signInResolver");
|
|
1961
|
+
__publicField$9(this, "authHandler");
|
|
1962
|
+
__publicField$9(this, "resolverContext");
|
|
1962
1963
|
/**
|
|
1963
1964
|
* Due to passport-okta-oauth forcing options.state = true,
|
|
1964
1965
|
* passport-oauth2 requires express-session to be installed
|
|
@@ -1967,7 +1968,7 @@ class OktaAuthProvider {
|
|
|
1967
1968
|
* passport-oauth2, which is the StateStore implementation used when options.state = false,
|
|
1968
1969
|
* allowing us to avoid using express-session in order to integrate with Okta.
|
|
1969
1970
|
*/
|
|
1970
|
-
__publicField$
|
|
1971
|
+
__publicField$9(this, "store", {
|
|
1971
1972
|
store(_req, cb) {
|
|
1972
1973
|
cb(null, null);
|
|
1973
1974
|
},
|
|
@@ -2125,18 +2126,18 @@ const okta = createAuthProviderIntegration({
|
|
|
2125
2126
|
}
|
|
2126
2127
|
});
|
|
2127
2128
|
|
|
2128
|
-
var __defProp$
|
|
2129
|
-
var __defNormalProp$
|
|
2130
|
-
var __publicField$
|
|
2131
|
-
__defNormalProp$
|
|
2129
|
+
var __defProp$8 = Object.defineProperty;
|
|
2130
|
+
var __defNormalProp$8 = (obj, key, value) => key in obj ? __defProp$8(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
2131
|
+
var __publicField$8 = (obj, key, value) => {
|
|
2132
|
+
__defNormalProp$8(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
2132
2133
|
return value;
|
|
2133
2134
|
};
|
|
2134
2135
|
class OneLoginProvider {
|
|
2135
2136
|
constructor(options) {
|
|
2136
|
-
__publicField$
|
|
2137
|
-
__publicField$
|
|
2138
|
-
__publicField$
|
|
2139
|
-
__publicField$
|
|
2137
|
+
__publicField$8(this, "_strategy");
|
|
2138
|
+
__publicField$8(this, "signInResolver");
|
|
2139
|
+
__publicField$8(this, "authHandler");
|
|
2140
|
+
__publicField$8(this, "resolverContext");
|
|
2140
2141
|
this.signInResolver = options.signInResolver;
|
|
2141
2142
|
this.authHandler = options.authHandler;
|
|
2142
2143
|
this.resolverContext = options.resolverContext;
|
|
@@ -2250,19 +2251,19 @@ const onelogin = createAuthProviderIntegration({
|
|
|
2250
2251
|
}
|
|
2251
2252
|
});
|
|
2252
2253
|
|
|
2253
|
-
var __defProp$
|
|
2254
|
-
var __defNormalProp$
|
|
2255
|
-
var __publicField$
|
|
2256
|
-
__defNormalProp$
|
|
2254
|
+
var __defProp$7 = Object.defineProperty;
|
|
2255
|
+
var __defNormalProp$7 = (obj, key, value) => key in obj ? __defProp$7(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
2256
|
+
var __publicField$7 = (obj, key, value) => {
|
|
2257
|
+
__defNormalProp$7(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
2257
2258
|
return value;
|
|
2258
2259
|
};
|
|
2259
2260
|
class SamlAuthProvider {
|
|
2260
2261
|
constructor(options) {
|
|
2261
|
-
__publicField$
|
|
2262
|
-
__publicField$
|
|
2263
|
-
__publicField$
|
|
2264
|
-
__publicField$
|
|
2265
|
-
__publicField$
|
|
2262
|
+
__publicField$7(this, "strategy");
|
|
2263
|
+
__publicField$7(this, "signInResolver");
|
|
2264
|
+
__publicField$7(this, "authHandler");
|
|
2265
|
+
__publicField$7(this, "resolverContext");
|
|
2266
|
+
__publicField$7(this, "appUrl");
|
|
2266
2267
|
this.appUrl = options.appUrl;
|
|
2267
2268
|
this.signInResolver = options.signInResolver;
|
|
2268
2269
|
this.authHandler = options.authHandler;
|
|
@@ -2361,19 +2362,19 @@ const saml = createAuthProviderIntegration({
|
|
|
2361
2362
|
}
|
|
2362
2363
|
});
|
|
2363
2364
|
|
|
2364
|
-
var __defProp$
|
|
2365
|
-
var __defNormalProp$
|
|
2366
|
-
var __publicField$
|
|
2367
|
-
__defNormalProp$
|
|
2365
|
+
var __defProp$6 = Object.defineProperty;
|
|
2366
|
+
var __defNormalProp$6 = (obj, key, value) => key in obj ? __defProp$6(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
2367
|
+
var __publicField$6 = (obj, key, value) => {
|
|
2368
|
+
__defNormalProp$6(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
2368
2369
|
return value;
|
|
2369
2370
|
};
|
|
2370
2371
|
class BitbucketServerAuthProvider {
|
|
2371
2372
|
constructor(options) {
|
|
2372
|
-
__publicField$
|
|
2373
|
-
__publicField$
|
|
2374
|
-
__publicField$
|
|
2375
|
-
__publicField$
|
|
2376
|
-
__publicField$
|
|
2373
|
+
__publicField$6(this, "signInResolver");
|
|
2374
|
+
__publicField$6(this, "authHandler");
|
|
2375
|
+
__publicField$6(this, "resolverContext");
|
|
2376
|
+
__publicField$6(this, "strategy");
|
|
2377
|
+
__publicField$6(this, "host");
|
|
2377
2378
|
this.signInResolver = options.signInResolver;
|
|
2378
2379
|
this.authHandler = options.authHandler;
|
|
2379
2380
|
this.resolverContext = options.resolverContext;
|
|
@@ -2538,19 +2539,19 @@ const bitbucketServer = createAuthProviderIntegration({
|
|
|
2538
2539
|
}
|
|
2539
2540
|
});
|
|
2540
2541
|
|
|
2541
|
-
var __defProp$
|
|
2542
|
-
var __defNormalProp$
|
|
2543
|
-
var __publicField$
|
|
2544
|
-
__defNormalProp$
|
|
2542
|
+
var __defProp$5 = Object.defineProperty;
|
|
2543
|
+
var __defNormalProp$5 = (obj, key, value) => key in obj ? __defProp$5(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
2544
|
+
var __publicField$5 = (obj, key, value) => {
|
|
2545
|
+
__defNormalProp$5(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
2545
2546
|
return value;
|
|
2546
2547
|
};
|
|
2547
2548
|
const ID_TOKEN_HEADER = "x-ms-token-aad-id-token";
|
|
2548
2549
|
const ACCESS_TOKEN_HEADER = "x-ms-token-aad-access-token";
|
|
2549
2550
|
class EasyAuthAuthProvider {
|
|
2550
2551
|
constructor(options) {
|
|
2551
|
-
__publicField$
|
|
2552
|
-
__publicField$
|
|
2553
|
-
__publicField$
|
|
2552
|
+
__publicField$5(this, "resolverContext");
|
|
2553
|
+
__publicField$5(this, "authHandler");
|
|
2554
|
+
__publicField$5(this, "signInResolver");
|
|
2554
2555
|
this.authHandler = options.authHandler;
|
|
2555
2556
|
this.signInResolver = options.signInResolver;
|
|
2556
2557
|
this.resolverContext = options.resolverContext;
|
|
@@ -2715,22 +2716,22 @@ function createOidcRouter(options) {
|
|
|
2715
2716
|
return router;
|
|
2716
2717
|
}
|
|
2717
2718
|
|
|
2718
|
-
var __defProp$
|
|
2719
|
-
var __defNormalProp$
|
|
2720
|
-
var __publicField$
|
|
2721
|
-
__defNormalProp$
|
|
2719
|
+
var __defProp$4 = Object.defineProperty;
|
|
2720
|
+
var __defNormalProp$4 = (obj, key, value) => key in obj ? __defProp$4(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
2721
|
+
var __publicField$4 = (obj, key, value) => {
|
|
2722
|
+
__defNormalProp$4(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
2722
2723
|
return value;
|
|
2723
2724
|
};
|
|
2724
|
-
const MS_IN_S = 1e3;
|
|
2725
|
+
const MS_IN_S$1 = 1e3;
|
|
2725
2726
|
class TokenFactory {
|
|
2726
2727
|
constructor(options) {
|
|
2727
|
-
__publicField$
|
|
2728
|
-
__publicField$
|
|
2729
|
-
__publicField$
|
|
2730
|
-
__publicField$
|
|
2731
|
-
__publicField$
|
|
2732
|
-
__publicField$
|
|
2733
|
-
__publicField$
|
|
2728
|
+
__publicField$4(this, "issuer");
|
|
2729
|
+
__publicField$4(this, "logger");
|
|
2730
|
+
__publicField$4(this, "keyStore");
|
|
2731
|
+
__publicField$4(this, "keyDurationSeconds");
|
|
2732
|
+
__publicField$4(this, "algorithm");
|
|
2733
|
+
__publicField$4(this, "keyExpiry");
|
|
2734
|
+
__publicField$4(this, "privateKeyPromise");
|
|
2734
2735
|
var _a;
|
|
2735
2736
|
this.issuer = options.issuer;
|
|
2736
2737
|
this.logger = options.logger;
|
|
@@ -2743,7 +2744,7 @@ class TokenFactory {
|
|
|
2743
2744
|
const iss = this.issuer;
|
|
2744
2745
|
const { sub, ent, ...additionalClaims } = params.claims;
|
|
2745
2746
|
const aud = "backstage";
|
|
2746
|
-
const iat = Math.floor(Date.now() / MS_IN_S);
|
|
2747
|
+
const iat = Math.floor(Date.now() / MS_IN_S$1);
|
|
2747
2748
|
const exp = iat + this.keyDurationSeconds;
|
|
2748
2749
|
try {
|
|
2749
2750
|
catalogModel.parseEntityRef(sub);
|
|
@@ -2851,15 +2852,15 @@ class DatabaseKeyStore {
|
|
|
2851
2852
|
}
|
|
2852
2853
|
}
|
|
2853
2854
|
|
|
2854
|
-
var __defProp$
|
|
2855
|
-
var __defNormalProp$
|
|
2856
|
-
var __publicField$
|
|
2857
|
-
__defNormalProp$
|
|
2855
|
+
var __defProp$3 = Object.defineProperty;
|
|
2856
|
+
var __defNormalProp$3 = (obj, key, value) => key in obj ? __defProp$3(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
2857
|
+
var __publicField$3 = (obj, key, value) => {
|
|
2858
|
+
__defNormalProp$3(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
2858
2859
|
return value;
|
|
2859
2860
|
};
|
|
2860
2861
|
class MemoryKeyStore {
|
|
2861
2862
|
constructor() {
|
|
2862
|
-
__publicField$
|
|
2863
|
+
__publicField$3(this, "keys", /* @__PURE__ */ new Map());
|
|
2863
2864
|
}
|
|
2864
2865
|
async addKey(key) {
|
|
2865
2866
|
this.keys.set(key.kid, {
|
|
@@ -2964,6 +2965,97 @@ class FirestoreKeyStore {
|
|
|
2964
2965
|
}
|
|
2965
2966
|
}
|
|
2966
2967
|
|
|
2968
|
+
var __defProp$2 = Object.defineProperty;
|
|
2969
|
+
var __defNormalProp$2 = (obj, key, value) => key in obj ? __defProp$2(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
2970
|
+
var __publicField$2 = (obj, key, value) => {
|
|
2971
|
+
__defNormalProp$2(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
2972
|
+
return value;
|
|
2973
|
+
};
|
|
2974
|
+
const DEFAULT_ALGORITHM = "ES256";
|
|
2975
|
+
class StaticKeyStore {
|
|
2976
|
+
constructor(keyPairs) {
|
|
2977
|
+
__publicField$2(this, "keyPairs");
|
|
2978
|
+
__publicField$2(this, "createdAt");
|
|
2979
|
+
if (keyPairs.length === 0) {
|
|
2980
|
+
throw new Error("Should provide at least one key pair");
|
|
2981
|
+
}
|
|
2982
|
+
this.keyPairs = keyPairs;
|
|
2983
|
+
this.createdAt = /* @__PURE__ */ new Date();
|
|
2984
|
+
}
|
|
2985
|
+
static async fromConfig(config) {
|
|
2986
|
+
const keyConfigs = config.getConfigArray("auth.keyStore.static.keys").map((c) => {
|
|
2987
|
+
var _a;
|
|
2988
|
+
const staticKeyConfig = {
|
|
2989
|
+
publicKeyFile: c.getString("publicKeyFile"),
|
|
2990
|
+
privateKeyFile: c.getString("privateKeyFile"),
|
|
2991
|
+
keyId: c.getString("keyId"),
|
|
2992
|
+
algorithm: (_a = c.getOptionalString("algorithm")) != null ? _a : DEFAULT_ALGORITHM
|
|
2993
|
+
};
|
|
2994
|
+
return staticKeyConfig;
|
|
2995
|
+
});
|
|
2996
|
+
const keyPairs = await Promise.all(
|
|
2997
|
+
keyConfigs.map(async (k) => await this.loadKeyPair(k))
|
|
2998
|
+
);
|
|
2999
|
+
return new StaticKeyStore(keyPairs);
|
|
3000
|
+
}
|
|
3001
|
+
addKey(_key) {
|
|
3002
|
+
throw new Error("Cannot add keys to the static key store");
|
|
3003
|
+
}
|
|
3004
|
+
listKeys() {
|
|
3005
|
+
const keys = this.keyPairs.map((k) => this.keyPairToStoredKey(k));
|
|
3006
|
+
return Promise.resolve({ items: keys });
|
|
3007
|
+
}
|
|
3008
|
+
getPrivateKey(keyId) {
|
|
3009
|
+
const keyPair = this.keyPairs.find((k) => k.publicKey.kid === keyId);
|
|
3010
|
+
if (keyPair === void 0) {
|
|
3011
|
+
throw new Error(`Could not find key with keyId: ${keyId}`);
|
|
3012
|
+
}
|
|
3013
|
+
return keyPair.privateKey;
|
|
3014
|
+
}
|
|
3015
|
+
removeKeys(_kids) {
|
|
3016
|
+
throw new Error("Cannot remove keys from the static key store");
|
|
3017
|
+
}
|
|
3018
|
+
keyPairToStoredKey(keyPair) {
|
|
3019
|
+
const publicKey = {
|
|
3020
|
+
...keyPair.publicKey,
|
|
3021
|
+
use: "sig"
|
|
3022
|
+
};
|
|
3023
|
+
return {
|
|
3024
|
+
key: publicKey,
|
|
3025
|
+
createdAt: this.createdAt
|
|
3026
|
+
};
|
|
3027
|
+
}
|
|
3028
|
+
static async loadKeyPair(options) {
|
|
3029
|
+
const algorithm = options.algorithm;
|
|
3030
|
+
const keyId = options.keyId;
|
|
3031
|
+
const publicKey = await this.loadPublicKeyFromFile(
|
|
3032
|
+
options.publicKeyFile,
|
|
3033
|
+
keyId,
|
|
3034
|
+
algorithm
|
|
3035
|
+
);
|
|
3036
|
+
const privateKey = await this.loadPrivateKeyFromFile(
|
|
3037
|
+
options.privateKeyFile,
|
|
3038
|
+
keyId,
|
|
3039
|
+
algorithm
|
|
3040
|
+
);
|
|
3041
|
+
return { publicKey, privateKey };
|
|
3042
|
+
}
|
|
3043
|
+
static async loadPublicKeyFromFile(path, keyId, algorithm) {
|
|
3044
|
+
return this.loadKeyFromFile(path, keyId, algorithm, jose.importSPKI);
|
|
3045
|
+
}
|
|
3046
|
+
static async loadPrivateKeyFromFile(path, keyId, algorithm) {
|
|
3047
|
+
return this.loadKeyFromFile(path, keyId, algorithm, jose.importPKCS8);
|
|
3048
|
+
}
|
|
3049
|
+
static async loadKeyFromFile(path, keyId, algorithm, importer) {
|
|
3050
|
+
const content = await fs.promises.readFile(path, { encoding: "utf8", flag: "r" });
|
|
3051
|
+
const key = await importer(content, algorithm);
|
|
3052
|
+
const jwk = await jose.exportJWK(key);
|
|
3053
|
+
jwk.kid = keyId;
|
|
3054
|
+
jwk.alg = algorithm;
|
|
3055
|
+
return jwk;
|
|
3056
|
+
}
|
|
3057
|
+
}
|
|
3058
|
+
|
|
2967
3059
|
class KeyStores {
|
|
2968
3060
|
/**
|
|
2969
3061
|
* Looks at the `auth.keyStore` section in the application configuration
|
|
@@ -3002,20 +3094,23 @@ class KeyStores {
|
|
|
3002
3094
|
await FirestoreKeyStore.verifyConnection(keyStore, logger);
|
|
3003
3095
|
return keyStore;
|
|
3004
3096
|
}
|
|
3097
|
+
if (provider === "static") {
|
|
3098
|
+
await StaticKeyStore.fromConfig(config);
|
|
3099
|
+
}
|
|
3005
3100
|
throw new Error(`Unknown KeyStore provider: ${provider}`);
|
|
3006
3101
|
}
|
|
3007
3102
|
}
|
|
3008
3103
|
|
|
3009
|
-
var __defProp = Object.defineProperty;
|
|
3010
|
-
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
3011
|
-
var __publicField = (obj, key, value) => {
|
|
3012
|
-
__defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
3104
|
+
var __defProp$1 = Object.defineProperty;
|
|
3105
|
+
var __defNormalProp$1 = (obj, key, value) => key in obj ? __defProp$1(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
3106
|
+
var __publicField$1 = (obj, key, value) => {
|
|
3107
|
+
__defNormalProp$1(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
3013
3108
|
return value;
|
|
3014
3109
|
};
|
|
3015
3110
|
class CatalogIdentityClient {
|
|
3016
3111
|
constructor(options) {
|
|
3017
|
-
__publicField(this, "catalogApi");
|
|
3018
|
-
__publicField(this, "tokenManager");
|
|
3112
|
+
__publicField$1(this, "catalogApi");
|
|
3113
|
+
__publicField$1(this, "tokenManager");
|
|
3019
3114
|
this.catalogApi = options.catalogApi;
|
|
3020
3115
|
this.tokenManager = options.tokenManager;
|
|
3021
3116
|
}
|
|
@@ -3239,6 +3334,57 @@ _database = new WeakMap();
|
|
|
3239
3334
|
_promise = new WeakMap();
|
|
3240
3335
|
let AuthDatabase = _AuthDatabase;
|
|
3241
3336
|
|
|
3337
|
+
var __defProp = Object.defineProperty;
|
|
3338
|
+
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
3339
|
+
var __publicField = (obj, key, value) => {
|
|
3340
|
+
__defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
|
|
3341
|
+
return value;
|
|
3342
|
+
};
|
|
3343
|
+
const MS_IN_S = 1e3;
|
|
3344
|
+
class StaticTokenIssuer {
|
|
3345
|
+
constructor(options, keyStore) {
|
|
3346
|
+
__publicField(this, "issuer");
|
|
3347
|
+
__publicField(this, "logger");
|
|
3348
|
+
__publicField(this, "keyStore");
|
|
3349
|
+
__publicField(this, "sessionExpirationSeconds");
|
|
3350
|
+
this.issuer = options.issuer;
|
|
3351
|
+
this.logger = options.logger;
|
|
3352
|
+
this.sessionExpirationSeconds = options.sessionExpirationSeconds;
|
|
3353
|
+
this.keyStore = keyStore;
|
|
3354
|
+
}
|
|
3355
|
+
async issueToken(params) {
|
|
3356
|
+
const key = await this.getSigningKey();
|
|
3357
|
+
const iss = this.issuer;
|
|
3358
|
+
const { sub, ent, ...additionalClaims } = params.claims;
|
|
3359
|
+
const aud = "backstage";
|
|
3360
|
+
const iat = Math.floor(Date.now() / MS_IN_S);
|
|
3361
|
+
const exp = iat + this.sessionExpirationSeconds;
|
|
3362
|
+
try {
|
|
3363
|
+
catalogModel.parseEntityRef(sub);
|
|
3364
|
+
} catch (error) {
|
|
3365
|
+
throw new Error(
|
|
3366
|
+
'"sub" claim provided by the auth resolver is not a valid EntityRef.'
|
|
3367
|
+
);
|
|
3368
|
+
}
|
|
3369
|
+
this.logger.info(`Issuing token for ${sub}, with entities ${ent != null ? ent : []}`);
|
|
3370
|
+
if (!key.alg) {
|
|
3371
|
+
throw new errors.AuthenticationError("No algorithm was provided in the key");
|
|
3372
|
+
}
|
|
3373
|
+
return new jose.SignJWT({ ...additionalClaims, iss, sub, ent, aud, iat, exp }).setProtectedHeader({ alg: key.alg, kid: key.kid }).setIssuer(iss).setAudience(aud).setSubject(sub).setIssuedAt(iat).setExpirationTime(exp).sign(await jose.importJWK(key));
|
|
3374
|
+
}
|
|
3375
|
+
async getSigningKey() {
|
|
3376
|
+
const { items: keys } = await this.keyStore.listKeys();
|
|
3377
|
+
if (keys.length >= 1) {
|
|
3378
|
+
return this.keyStore.getPrivateKey(keys[0].key.kid);
|
|
3379
|
+
}
|
|
3380
|
+
throw new Error("Keystore should hold at least 1 key");
|
|
3381
|
+
}
|
|
3382
|
+
async listPublicKeys() {
|
|
3383
|
+
const { items: keys } = await this.keyStore.listKeys();
|
|
3384
|
+
return { keys: keys.map(({ key }) => key) };
|
|
3385
|
+
}
|
|
3386
|
+
}
|
|
3387
|
+
|
|
3242
3388
|
async function createRouter(options) {
|
|
3243
3389
|
const {
|
|
3244
3390
|
logger,
|
|
@@ -3254,18 +3400,30 @@ async function createRouter(options) {
|
|
|
3254
3400
|
const appUrl = config.getString("app.baseUrl");
|
|
3255
3401
|
const authUrl = await discovery.getExternalBaseUrl("auth");
|
|
3256
3402
|
const authDb = AuthDatabase.create(database);
|
|
3403
|
+
const sessionExpirationSeconds = BACKSTAGE_SESSION_EXPIRATION;
|
|
3257
3404
|
const keyStore = await KeyStores.fromConfig(config, {
|
|
3258
3405
|
logger,
|
|
3259
3406
|
database: authDb
|
|
3260
3407
|
});
|
|
3261
|
-
|
|
3262
|
-
|
|
3263
|
-
|
|
3264
|
-
|
|
3265
|
-
|
|
3266
|
-
|
|
3267
|
-
|
|
3268
|
-
|
|
3408
|
+
let tokenIssuer;
|
|
3409
|
+
if (keyStore instanceof StaticKeyStore) {
|
|
3410
|
+
tokenIssuer = new StaticTokenIssuer(
|
|
3411
|
+
{
|
|
3412
|
+
logger: logger.child({ component: "token-factory" }),
|
|
3413
|
+
issuer: authUrl,
|
|
3414
|
+
sessionExpirationSeconds
|
|
3415
|
+
},
|
|
3416
|
+
keyStore
|
|
3417
|
+
);
|
|
3418
|
+
} else {
|
|
3419
|
+
tokenIssuer = new TokenFactory({
|
|
3420
|
+
issuer: authUrl,
|
|
3421
|
+
keyStore,
|
|
3422
|
+
keyDurationSeconds: sessionExpirationSeconds,
|
|
3423
|
+
logger: logger.child({ component: "token-factory" }),
|
|
3424
|
+
algorithm: tokenFactoryAlgorithm != null ? tokenFactoryAlgorithm : config.getOptionalString("auth.identityTokenAlgorithm")
|
|
3425
|
+
});
|
|
3426
|
+
}
|
|
3269
3427
|
const secret = config.getOptionalString("auth.session.secret");
|
|
3270
3428
|
if (secret) {
|
|
3271
3429
|
router.use(cookieParser__default["default"](secret));
|