@blakearoberts/visage 0.0.1-rc.14 → 0.0.1-rc.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +21 -0
  2. package/dist/config.d.ts +6 -1
  3. package/dist/config.d.ts.map +1 -1
  4. package/dist/index.js +54 -43
  5. package/dist/render/nginx.d.ts.map +1 -1
  6. package/dist/render/oauth2-proxy.d.ts.map +1 -1
  7. package/dist/types.d.ts +21 -7
  8. package/dist/types.d.ts.map +1 -1
  9. package/package.json +1 -1
package/README.md CHANGED
@@ -62,6 +62,27 @@ visage({
62
62
  });
63
63
  ```
64
64
 
65
+ Authenticated upstream locations forward the OIDC ID token as the upstream
66
+ `Authorization` bearer value by default. Set `auth.forward` to `'access'` for
67
+ legacy upstreams that explicitly expect the OAuth access token as
68
+ `Authorization: Bearer ...`.
69
+
70
+ ```ts
71
+ visage({
72
+ upstreams: {
73
+ api: {
74
+ locations: {
75
+ '/api/': { auth: { forward: 'access' } },
76
+ },
77
+ },
78
+ },
79
+ });
80
+ ```
81
+
82
+ OAuth2 Proxy identity values can also be mapped explicitly through headers such
83
+ as `$auth_user`, `$auth_email`, `$auth_groups`, and
84
+ `$auth_preferred_username`.
85
+
65
86
  See [`VisageOptions`](src/types.ts) for the full option surface.
66
87
 
67
88
  ## Expected Local URLs
package/dist/config.d.ts CHANGED
@@ -6,6 +6,7 @@ type ResolvedCookiePolicy = {
6
6
  readonly cookie_refresh: string;
7
7
  readonly cookie_domains?: readonly string[];
8
8
  readonly cookie_path: string;
9
+ readonly cookie_secret_file: string;
9
10
  };
10
11
  type ResolvedIdpOption = {
11
12
  readonly dex: VisageDexOptions;
@@ -14,6 +15,7 @@ type ResolvedOAuth2Client = {
14
15
  readonly id: string;
15
16
  readonly secret?: string;
16
17
  readonly scopes: readonly string[];
18
+ readonly emailDomains: readonly string[];
17
19
  readonly public: boolean;
18
20
  };
19
21
  type ResolvedVisageOptions = {
@@ -42,7 +44,9 @@ type ResolvedExternalIdpConfig = ResolvedBaseIdpConfig & {
42
44
  readonly dex?: never;
43
45
  };
44
46
  type ResolvedIdpConfig = ResolvedDexIdpConfig | ResolvedExternalIdpConfig;
45
- type ResolvedService = Omit<VisageService, 'upstream'>;
47
+ type ResolvedService = Omit<VisageService, 'upstream'> & {
48
+ readonly restart: NonNullable<VisageService['restart']>;
49
+ };
46
50
  type ResolvedUpstream = {
47
51
  readonly scheme: 'http' | 'https';
48
52
  readonly host: string;
@@ -72,6 +76,7 @@ export type VisageConfig = {
72
76
  readonly nginx: Volume;
73
77
  readonly oauth2Proxy: Volume;
74
78
  readonly clientSecret: Volume;
79
+ readonly cookieSecret: Volume;
75
80
  };
76
81
  readonly services: Readonly<Record<string, ResolvedService>>;
77
82
  readonly upstreams: Readonly<Record<string, ResolvedConfigUpstream>>;
package/dist/config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,cAAc,EACf,MAAM,SAAS,CAAC;AAEjB,KAAK,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAElD,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,KAAK,iBAAiB,GAClB;IACE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAC;CAChC,GACD,wBAAwB,CAAC;AAE7B,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;IAC3D,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACpD,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AACF,KAAK,oBAAoB,GAAG,qBAAqB,GAAG;IAClD,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;QAClC,QAAQ,CAAC,KAAK,EAAE,SAAS,aAAa,EAAE,CAAC;KAC1C,CAAC;CACH,CAAC;AACF,KAAK,yBAAyB,GAAG,qBAAqB,GAAG;IACvD,QAAQ,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC;CACtB,CAAC;AACF,KAAK,iBAAiB,GAAG,oBAAoB,GAAG,yBAAyB,CAAC;AAE1E,KAAK,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;AAEvD,KAAK,gBAAgB,GAAG;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC;CACjE,CAAC;AAEF,KAAK,mBAAmB,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC,CAAC;CAClE,CAAC;AAEF,KAAK,sBAAsB,GAAG,IAAI,CAAC,gBAAgB,EAAE,WAAW,CAAC,GAAG;IAClE,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;IAClE,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IAEtC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;KAC/B,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC;CACtE,CAAC;AAyFF,wBAAgB,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,qBAAqB,CAsC5E;AAwJD,wBAAgB,aAAa,CAC3B,OAAO,EAAE,qBAAqB,EAC9B,KAAK,EAAE,MAAM,GACZ,YAAY,CAwEd;AAqBD,wBAAgB,mBAAmB,CACjC,IAAI,GAAE,cAAkC,GACvC,cAAc,CAwBhB"}
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,cAAc,EACf,MAAM,SAAS,CAAC;AAEjB,KAAK,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAElD,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;CACrC,CAAC;AAEF,KAAK,iBAAiB,GAClB;IACE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAC;CAChC,GACD,wBAAwB,CAAC;AAE7B,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;IAC3D,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACpD,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AACF,KAAK,oBAAoB,GAAG,qBAAqB,GAAG;IAClD,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;QAClC,QAAQ,CAAC,KAAK,EAAE,SAAS,aAAa,EAAE,CAAC;KAC1C,CAAC;CACH,CAAC;AACF,KAAK,yBAAyB,GAAG,qBAAqB,GAAG;IACvD,QAAQ,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC;CACtB,CAAC;AACF,KAAK,iBAAiB,GAAG,oBAAoB,GAAG,yBAAyB,CAAC;AAE1E,KAAK,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,GAAG;IACvD,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;CACzD,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC;CACjE,CAAC;AAEF,KAAK,mBAAmB,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC,CAAC;CAClE,CAAC;AAEF,KAAK,sBAAsB,GAAG,IAAI,CAAC,gBAAgB,EAAE,WAAW,CAAC,GAAG;IAClE,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;IAClE,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IAEtC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;QAC9B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;KAC/B,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC;CACtE,CAAC;AA0FF,wBAAgB,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,qBAAqB,CAuC5E;AAwJD,wBAAgB,aAAa,CAC3B,OAAO,EAAE,qBAAqB,EAC9B,KAAK,EAAE,MAAM,GACZ,YAAY,CAmEd;AAqBD,wBAAgB,mBAAmB,CACjC,IAAI,GAAE,cAAkC,GACvC,cAAc,CAwBhB"}
package/dist/index.js CHANGED
@@ -7,7 +7,7 @@ import { pipeline } from 'node:stream/promises';
7
7
  import { stringify } from 'yaml';
8
8
  import { hashSync } from 'bcryptjs';
9
9
  import { Eta } from 'eta';
10
- import { createHash } from 'node:crypto';
10
+ import { randomBytes } from 'node:crypto';
11
11
 
12
12
  const CACHE_HOME = process.env.XDG_CACHE_HOME || join(homedir(), '.cache');
13
13
  async function ensureCerts({ certs, hostname }) {
@@ -77,8 +77,9 @@ function startCompose(file) {
77
77
  const output = openSync(join(logs, 'compose.log'), 'w');
78
78
  const compose = [
79
79
  'compose',
80
- `--project-name=${process.env.COMPOSE_PROJECT_NAME ?? 'visage'}`,
80
+ '--ansi=never',
81
81
  `--file=${file}`,
82
+ `--project-name=${process.env.COMPOSE_PROJECT_NAME ?? 'visage'}`,
82
83
  ];
83
84
  const env = { ...process.env, COMPOSE_MENU: 'false' };
84
85
  const opts = {
@@ -90,7 +91,6 @@ function startCompose(file) {
90
91
  ...compose,
91
92
  'up',
92
93
  '--abort-on-container-failure',
93
- '--no-color',
94
94
  '--remove-orphans',
95
95
  ];
96
96
  const child = spawn('docker', up, opts);
@@ -111,34 +111,34 @@ const BaseFiles = {
111
111
  compose: './compose.yaml',
112
112
  dex: ['./dex.yml', '/etc/dex/dex.yml'],
113
113
  nginx: ['./nginx.conf', '/etc/nginx/nginx.conf'],
114
- clientSecret: ['./oauth2-client-secret', '/etc/oauth2-proxy/client-secret'],
115
114
  oauth2Proxy: ['./oauth2-proxy.yml', '/etc/oauth2-proxy/config.yml'],
115
+ clientSecret: ['./oauth2-client-secret', '/etc/oauth2-proxy/client-secret'],
116
+ cookieSecret: ['./oauth2-cookie-secret', '/etc/oauth2-proxy/cookie-secret'],
116
117
  };
117
- const BaseDexService = {
118
+ const BaseServiceDex = {
118
119
  image: 'ghcr.io/dexidp/dex:v2.45.1',
119
120
  command: ['dex', 'serve', '/etc/dex/dex.yml'],
121
+ restart: 'always',
120
122
  };
121
123
  const BaseServiceNginx = {
122
124
  image: 'nginx:1.30.0-alpine',
123
125
  depends_on: ['oauth2_proxy'],
124
126
  extra_hosts: ['host.docker.internal:host-gateway'],
127
+ restart: 'always',
125
128
  };
126
- const BaseOAuth2ProxyService = {
129
+ const BaseServiceOAuth2Proxy = {
127
130
  image: 'quay.io/oauth2-proxy/oauth2-proxy:v7.15.2',
128
131
  command: ['--config', '/etc/oauth2-proxy/config.yml'],
129
132
  extra_hosts: ['host.docker.internal:host-gateway'],
133
+ restart: 'always',
130
134
  };
131
- const BaseServices = {
132
- nginx: BaseServiceNginx,
133
- oauth2_proxy: BaseOAuth2ProxyService,
134
- };
135
- const BaseDexUpstream = {
135
+ const BaseUpstreamDex = {
136
136
  host: 'dex',
137
137
  scheme: 'http',
138
138
  port: 5556,
139
139
  locations: { '/dex/': { auth: { enabled: false } } },
140
140
  };
141
- const BaseOauth2ProxyUpstream = {
141
+ const BaseUpstreamOauth2Proxy = {
142
142
  host: 'oauth2_proxy',
143
143
  scheme: 'http',
144
144
  port: 4180,
@@ -156,6 +156,7 @@ const DefaultCookiePolicy = {
156
156
  cookie_expire: '8h',
157
157
  cookie_refresh: '15m',
158
158
  cookie_path: '/',
159
+ cookie_secret_file: BaseFiles.cookieSecret[1],
159
160
  };
160
161
  const DefaultDexUsers = [
161
162
  {
@@ -166,9 +167,10 @@ const DefaultDexUsers = [
166
167
  const DefaultOAuth2Client = {
167
168
  id: 'visage',
168
169
  secret: 'visage-secret',
169
- scopes: ['openid', 'email', 'profile', 'offline_access']};
170
+ scopes: ['openid', 'email', 'profile', 'offline_access'],
171
+ emailDomains: ['example.com']};
170
172
  const DefaultProxyPolicy = {
171
- auth: { enabled: true, forward: true, redirect: false },
173
+ auth: { enabled: true, forward: 'id', redirect: false },
172
174
  headers: {
173
175
  Cookie: '""', // Don't forward session cookie.
174
176
  Host: '$host',
@@ -212,6 +214,7 @@ function resolveOptions(options) {
212
214
  ? {}
213
215
  : { secret: oauth2.clientSecret ?? DefaultOAuth2Client.secret }),
214
216
  scopes: oauth2.scopes ?? DefaultOAuth2Client.scopes,
217
+ emailDomains: oauth2.emailDomains ?? DefaultOAuth2Client.emailDomains,
215
218
  public: publicClient,
216
219
  },
217
220
  services,
@@ -232,11 +235,11 @@ function resolveServicesOptions(services = {}) {
232
235
  },
233
236
  },
234
237
  oauth2_proxy: {
235
- ...BaseOAuth2ProxyService,
238
+ ...BaseServiceOAuth2Proxy,
236
239
  ...{
237
240
  ...(services.oauth2_proxy ?? {}),
238
241
  extra_hosts: [
239
- ...BaseOAuth2ProxyService.extra_hosts,
242
+ ...BaseServiceOAuth2Proxy.extra_hosts,
240
243
  ...(services.oauth2_proxy?.extra_hosts ?? []),
241
244
  ],
242
245
  },
@@ -339,10 +342,10 @@ function resolveExternalIdpUpstream(idp) {
339
342
  function resolveConfig(options, cache) {
340
343
  const idp = resolveIdpConfig(options);
341
344
  const upstreams = {
342
- oauth2_proxy: BaseOauth2ProxyUpstream,
345
+ oauth2_proxy: BaseUpstreamOauth2Proxy,
343
346
  ...(idp.dex === undefined
344
347
  ? { idp: resolveExternalIdpUpstream(idp) }
345
- : { dex: BaseDexUpstream }),
348
+ : { dex: BaseUpstreamDex }),
346
349
  ...options.upstreams,
347
350
  };
348
351
  return {
@@ -355,21 +358,16 @@ function resolveConfig(options, cache) {
355
358
  files: { ...BaseFiles },
356
359
  services: {
357
360
  ...(idp.dex === undefined
358
- ? BaseServices
361
+ ? { nginx: BaseServiceNginx, oauth2_proxy: BaseServiceOAuth2Proxy }
359
362
  : {
360
- dex: BaseDexService,
361
- nginx: {
362
- ...BaseServices.nginx,
363
- depends_on: ['dex', 'oauth2_proxy'],
364
- },
365
- oauth2_proxy: {
366
- command: BaseServices.oauth2_proxy.command,
367
- extra_hosts: BaseServices.oauth2_proxy.extra_hosts,
368
- image: BaseServices.oauth2_proxy.image,
369
- depends_on: ['dex'],
370
- },
363
+ dex: BaseServiceDex,
364
+ nginx: { ...BaseServiceNginx, depends_on: ['dex', 'oauth2_proxy'] },
365
+ oauth2_proxy: { ...BaseServiceOAuth2Proxy, depends_on: ['dex'] },
371
366
  }),
372
- ...Object.fromEntries(Object.entries(options.services).map(([name, { upstream: _upstream, ...service }]) => [name, service])),
367
+ ...Object.fromEntries(Object.entries(options.services).map(([name, { upstream: _upstream, ...service }]) => [
368
+ name,
369
+ { restart: 'on-failure', ...service },
370
+ ])),
373
371
  },
374
372
  upstreams: Object.fromEntries(Object.entries(upstreams).map(([name, upstream]) => {
375
373
  const external = options.upstreams[name] !== undefined &&
@@ -405,7 +403,7 @@ const BaseViteUpstream = {
405
403
  scheme: 'http',
406
404
  locations: {
407
405
  '/': {
408
- auth: { forward: false, redirect: true },
406
+ auth: { forward: undefined, redirect: true },
409
407
  headers: {
410
408
  Host: '$host',
411
409
  Upgrade: '$http_upgrade',
@@ -514,6 +512,7 @@ function renderComposeConfig(config) {
514
512
  ...config.services.oauth2_proxy,
515
513
  volumes: [
516
514
  `${config.files.oauth2Proxy[0]}:${config.files.oauth2Proxy[1]}:ro`,
515
+ `${config.files.cookieSecret[0]}:${config.files.cookieSecret[1]}:ro`,
517
516
  ...(config.oauth2.public
518
517
  ? [
519
518
  `${config.files.clientSecret[0]}:${config.files.clientSecret[1]}:ro`,
@@ -567,13 +566,15 @@ const template = `
567
566
  events {}
568
567
 
569
568
  http {
569
+ # Disable IPv6 DNS lookups that may fail to resolve upstream hostnames.
570
+ resolver 127.0.0.11 ipv6=off;
571
+
572
+ # Configure access log format.
570
573
  map $time_iso8601 $access_log_time {
571
574
  "~^[0-9]{4}-[0-9]{2}-[0-9]{2}T([0-9]{2}:[0-9]{2}:[0-9]{2})" $1;
572
575
  default $time_iso8601;
573
576
  }
574
-
575
577
  log_format access_log_format '$access_log_time | $status | $request_method $request_uri | $auth_email | $proxy_host';
576
- resolver 127.0.0.11 ipv6=off;
577
578
 
578
579
  # Allow WebSockets (Vite HMR).
579
580
  map $http_upgrade $connection_upgrade {
@@ -582,6 +583,7 @@ http {
582
583
  }
583
584
 
584
585
  <%_ for (const [name, upstream] of Object.entries(it.upstreams)) { %>
586
+
585
587
  upstream <%~ name %> {
586
588
  <%_ if (upstream.resolve) { %>
587
589
  zone <%~ name %> 64k;
@@ -590,8 +592,8 @@ http {
590
592
  server <%~ upstream.host %>:<%~ upstream.port %>;
591
593
  <%_ } %>
592
594
  }
593
-
594
595
  <%_ } %>
596
+
595
597
  server {
596
598
  listen <%~ it.port %> ssl;
597
599
  server_name <%~ it.host %>;
@@ -602,7 +604,7 @@ http {
602
604
  access_log /var/log/nginx/access.log access_log_format;
603
605
  set $auth_email "";
604
606
 
605
- # Redirect accidental plaintext HTTP requests sent to the HTTPS port.
607
+ # Redirect HTTP to HTTPS.
606
608
  error_page 497 =301 https://$http_host$request_uri;
607
609
 
608
610
  <%_ for (const [name, upstream] of Object.entries(it.upstreams)) { %>
@@ -610,12 +612,17 @@ http {
610
612
  location <%~ path %> {
611
613
  <%_ if (location.auth?.enabled) { %>
612
614
  auth_request /oauth2/auth;
615
+ auth_request_set $authorization $upstream_http_authorization;
613
616
  auth_request_set $access_token $upstream_http_x_auth_request_access_token;
614
617
  auth_request_set $auth_user $upstream_http_x_auth_request_user;
615
618
  auth_request_set $auth_email $upstream_http_x_auth_request_email;
616
619
  auth_request_set $auth_groups $upstream_http_x_auth_request_groups;
617
620
  auth_request_set $auth_preferred_username $upstream_http_x_auth_request_preferred_username;
618
621
 
622
+ # Propagate refreshed session cookie.
623
+ auth_request_set $auth_cookie $upstream_http_set_cookie;
624
+ add_header Set-Cookie $auth_cookie;
625
+
619
626
  <%_ if (location.auth.redirect) { %>
620
627
  error_page 401 =302 /oauth2/start?rd=$scheme://$http_host$request_uri;
621
628
  <%_ } %>
@@ -628,7 +635,9 @@ http {
628
635
  <%~ directive %> <%~ value %>;
629
636
  <%_ } %>
630
637
  <%_ } %>
631
- <%_ if (location.auth?.enabled && location.auth.forward) { %>
638
+ <%_ if (location.auth?.enabled && location.auth.forward === 'id') { %>
639
+ proxy_set_header Authorization $authorization;
640
+ <%_ } else if (location.auth?.enabled && location.auth.forward === 'access') { %>
632
641
  proxy_set_header Authorization "Bearer $access_token";
633
642
  <%_ } %>
634
643
  <%_ if (upstream.scheme === 'https') { %>
@@ -683,6 +692,12 @@ function writeOauth2ProxyConfig(config) {
683
692
  if (config.oauth2.public) {
684
693
  writeFileSync(join(config.cache, config.files.clientSecret[0]), '');
685
694
  }
695
+ const cookieSecretFile = join(config.cache, config.files.cookieSecret[0]);
696
+ if (!existsSync(cookieSecretFile)) {
697
+ const secret = randomBytes(32).toString('base64url');
698
+ writeFileSync(cookieSecretFile, secret, { encoding: 'utf-8', mode: 0o644 });
699
+ }
700
+ chmodSync(cookieSecretFile, 0o644);
686
701
  }
687
702
  function renderOauth2ProxyConfig(config) {
688
703
  const data = {
@@ -701,23 +716,19 @@ function renderOauth2ProxyConfig(config) {
701
716
  code_challenge_method: 'S256',
702
717
  }
703
718
  : { client_secret: config.oauth2.secret }),
704
- cookie_secret: createHash('sha256')
705
- .update('visage:cookie-secret\0')
706
- .update(config.cache)
707
- .digest('base64url'),
708
719
  ...config.cookie,
709
720
  cookie_httponly: true,
710
721
  cookie_secure: true,
711
722
  cookie_samesite: 'lax',
712
723
  cookie_csrf_per_request: true,
713
724
  cookie_csrf_per_request_limit: 16,
714
- email_domains: ['*'],
725
+ email_domains: config.oauth2.emailDomains,
715
726
  scope: config.oauth2.scopes.join(' '),
716
727
  ...LogFormats,
717
728
  reverse_proxy: true,
718
729
  set_xauthrequest: true,
730
+ set_authorization_header: true,
719
731
  pass_access_token: true,
720
- pass_authorization_header: true,
721
732
  skip_provider_button: true,
722
733
  whitelist_domains: [config.host, `${config.host}:${config.port}`],
723
734
  };
package/dist/render/nginx.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"nginx.d.ts","sourceRoot":"","sources":["../../src/render/nginx.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAmF9C,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAI3D"}
1
+ {"version":3,"file":"nginx.d.ts","sourceRoot":"","sources":["../../src/render/nginx.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AA6F9C,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAI3D"}
package/dist/render/oauth2-proxy.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2-proxy.d.ts","sourceRoot":"","sources":["../../src/render/oauth2-proxy.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAW9C,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAQjE"}
1
+ {"version":3,"file":"oauth2-proxy.d.ts","sourceRoot":"","sources":["../../src/render/oauth2-proxy.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAW9C,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAejE"}
package/dist/types.d.ts CHANGED
@@ -79,9 +79,9 @@ export type VisageCookiePolicy = {
79
79
  /**
80
80
  * Session age after which OAuth2 Proxy attempts silent renewal using the
81
81
  * stored refresh token, when one is available. Rendered as `cookie_refresh`
82
- * using OAuth2 Proxy duration syntax. If upstreams validate forwarded access
83
- * tokens, set this below the access-token lifetime so OAuth2 Proxy refreshes
84
- * before forwarding an expired bearer token.
82
+ * using OAuth2 Proxy duration syntax. If upstreams validate forwarded bearer
83
+ * tokens, set this below the relevant token lifetime so OAuth2 Proxy refreshes
84
+ * before forwarding expired token material.
85
85
  *
86
86
  * @defaultValue `'15m'`
87
87
  */
@@ -241,6 +241,12 @@ export type VisageOAuth2Client = {
241
241
  * @defaultValue `['openid', 'email', 'profile', 'offline_access']`
242
242
  */
243
243
  readonly scopes?: readonly string[];
244
+ /**
245
+ * Email domains allowed by OAuth2 Proxy after authentication.
246
+ *
247
+ * @defaultValue `['example.com']`
248
+ */
249
+ readonly emailDomains?: readonly string[];
244
250
  };
245
251
  /**
246
252
  * Subset of a Docker Compose service definition managed by Visage.
@@ -264,6 +270,11 @@ export type VisageService = {
264
270
  * Additional host-to-IP mappings rendered into the Compose service.
265
271
  */
266
272
  readonly extra_hosts?: readonly string[];
273
+ /**
274
+ * Container restart policy.
275
+ * @defaultValue `'on-failure'`
276
+ */
277
+ readonly restart?: 'always' | 'no' | 'on-failure' | 'unless-stopped';
267
278
  /**
268
279
  * Optional upstream override for this service. Omit this to create a default
269
280
  * upstream from the service name.
@@ -322,12 +333,15 @@ export type VisageProxyPolicy = {
322
333
  */
323
334
  readonly redirect?: boolean;
324
335
  /**
325
- * Whether the authenticated access token should be forwarded upstream as an
326
- * `Authorization: Bearer ...` header.
336
+ * Token forwarding behavior for the upstream `Authorization` header.
327
337
  *
328
- * @defaultValue `true`
338
+ * `'id'` forwards the authenticated OIDC ID token. `'access'` forwards the
339
+ * OAuth access token for legacy/resource-server integrations that
340
+ * explicitly require it.
341
+ *
342
+ * @defaultValue `'id'`
329
343
  */
330
- readonly forward?: boolean;
344
+ readonly forward?: 'id' | 'access';
331
345
  };
332
346
  /**
333
347
  * Request headers to set when proxying to the upstream. Values may include
package/dist/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB;;OAEG;IACH,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB;;OAEG;IACH,KAAK,IAAI,IAAI,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,GAAG,wBAAwB,CAAC;IAC3D;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAClD;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;;;OAMG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;;;OAOG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;;OAQG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;IAClC;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,aAAa,EAAE,CAAC;CAC3C,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;OAEG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;OAEG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvB;;WAEG;QACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QACpC;;WAEG;QACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;;;OAKG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,wBAAwB,GAAG;IACrC;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;;;OAOG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACrC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;OAEG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,iBAAiB,CAAA;KAAE,CAAC;CACrE,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE;QACd;;;;WAIG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;QAC3B;;;;WAIG;QACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;QAC5B;;;;;WAKG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF;;;;;;OAMG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IACtD;;;;OAIG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE;QACpB,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,MAAM,EAAE,CAAC;KACrD,CAAC;CACH,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB;;OAEG;IACH,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB;;OAEG;IACH,KAAK,IAAI,IAAI,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,GAAG,wBAAwB,CAAC;IAC3D;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAClD;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;;;OAMG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;;;OAOG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;;OAQG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;IAClC;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,aAAa,EAAE,CAAC;CAC3C,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;OAEG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;OAEG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvB;;WAEG;QACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QACpC;;WAEG;QACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;;;OAKG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,wBAAwB,GAAG;IACrC;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;;;OAOG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC;;;;OAIG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC3C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;OAEG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,GAAG,IAAI,GAAG,YAAY,GAAG,gBAAgB,CAAC;IACrE;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,iBAAiB,CAAA;KAAE,CAAC;CACrE,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE;QACd;;;;WAIG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;QAC3B;;;;WAIG;QACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;QAC5B;;;;;;;;WAQG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,IAAI,GAAG,QAAQ,CAAC;KACpC,CAAC;IACF;;;;;;OAMG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IACtD;;;;OAIG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE;QACpB,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,MAAM,EAAE,CAAC;KACrD,CAAC;CACH,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@blakearoberts/visage",
3
- "version": "0.0.1-rc.14",
3
+ "version": "0.0.1-rc.15",
4
4
  "description": "Vite plugin for local development with HMR and OIDC session cookie lifecycle semantics.",
5
5
  "type": "module",
6
6
  "author": "Blake Roberts",