@blakearoberts/visage 0.0.1-rc.21 → 0.0.1-rc.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -1
- package/dist/config.d.ts +21 -22
- package/dist/config.d.ts.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +255 -159
- package/dist/middleware.d.ts +4 -0
- package/dist/middleware.d.ts.map +1 -0
- package/dist/plugin.d.ts.map +1 -1
- package/dist/render/nginx.d.ts.map +1 -1
- package/dist/server.d.ts +27 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/types.d.ts +0 -13
- package/dist/types.d.ts.map +1 -1
- package/docker-compose.images.yml +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -168,7 +168,7 @@ Do not treat the managed Dex and OAuth2 Proxy defaults as production auth infras
|
|
|
168
168
|
Visage's CSRF policy is an edge request-isolation guard for cookie-backed
|
|
169
169
|
locations. It is not a replacement for application-owned CSRF tokens where an
|
|
170
170
|
application accepts form posts or other browser-submitted mutations. CSP,
|
|
171
|
-
`frame-ancestors`, and other
|
|
171
|
+
`frame-ancestors`, and other click-jacking controls remain application policy.
|
|
172
172
|
|
|
173
173
|
## Troubleshooting
|
|
174
174
|
|
|
@@ -179,6 +179,7 @@ application accepts form posts or other browser-submitted mutations. CSP,
|
|
|
179
179
|
|
|
180
180
|
## TO-DO
|
|
181
181
|
|
|
182
|
+
- [ ] Harden the default security posture by addressing the [security hardening backlog](docs/security-hardening.md).
|
|
182
183
|
- [ ] Support configuring [Dex connectors](https://dexidp.io/docs/connectors/).
|
|
183
184
|
- [ ] Support configuring Dex on a distinct subdomain, such as `auth.localhost`.
|
|
184
185
|
- [ ] Support optional [HTTP mode without local TLS](docs/tls-http-mode.md).
|
package/dist/config.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { VisageDexExpiry, VisageDexOptions, VisageDexUser, VisageExternalIdpOptions, VisageOptions,
|
|
1
|
+
import type { VisageDexExpiry, VisageDexOptions, VisageDexUser, VisageExternalIdpOptions, VisageOptions, VisageService } from './types';
|
|
2
2
|
type Volume = readonly [from: string, to: string];
|
|
3
3
|
type ResolvedCookiePolicy = {
|
|
4
4
|
readonly cookie_name: string;
|
|
@@ -18,6 +18,22 @@ type ResolvedOAuth2Client = {
|
|
|
18
18
|
readonly emailDomains: readonly string[];
|
|
19
19
|
readonly public: boolean;
|
|
20
20
|
};
|
|
21
|
+
type ResolvedProxyPolicy = {
|
|
22
|
+
readonly auth: {
|
|
23
|
+
readonly enabled: boolean;
|
|
24
|
+
readonly forward: false | 'id' | 'access';
|
|
25
|
+
readonly redirect: boolean;
|
|
26
|
+
};
|
|
27
|
+
readonly csrf: false | 'app' | 'api';
|
|
28
|
+
readonly headers: Readonly<Record<string, string>>;
|
|
29
|
+
readonly directives: Readonly<Record<string, readonly string[]>>;
|
|
30
|
+
};
|
|
31
|
+
type ResolvedUpstream = {
|
|
32
|
+
readonly scheme: 'http' | 'https';
|
|
33
|
+
readonly host: string;
|
|
34
|
+
readonly port: number;
|
|
35
|
+
readonly locations: Readonly<Record<string, ResolvedProxyPolicy>>;
|
|
36
|
+
};
|
|
21
37
|
type ResolvedVisageOptions = {
|
|
22
38
|
readonly host: string;
|
|
23
39
|
readonly port: number;
|
|
@@ -25,7 +41,7 @@ type ResolvedVisageOptions = {
|
|
|
25
41
|
readonly idp: ResolvedIdpOption;
|
|
26
42
|
readonly oauth2: ResolvedOAuth2Client;
|
|
27
43
|
readonly services: Readonly<Record<string, VisageService>>;
|
|
28
|
-
readonly upstreams: Record<string,
|
|
44
|
+
readonly upstreams: Record<string, ResolvedUpstream>;
|
|
29
45
|
};
|
|
30
46
|
type OIDCEndpointConfig = {
|
|
31
47
|
readonly issuer: string;
|
|
@@ -59,24 +75,7 @@ type ResolvedIdpConfig = ResolvedDexIdpConfig | ResolvedExternalIdpConfig;
|
|
|
59
75
|
type ResolvedService = Omit<VisageService, 'upstream'> & {
|
|
60
76
|
readonly restart: NonNullable<VisageService['restart']>;
|
|
61
77
|
};
|
|
62
|
-
type
|
|
63
|
-
readonly scheme: 'http' | 'https';
|
|
64
|
-
readonly host: string;
|
|
65
|
-
readonly port: number;
|
|
66
|
-
readonly locations: Readonly<Record<string, VisageProxyPolicy>>;
|
|
67
|
-
};
|
|
68
|
-
type ResolvedProxyPolicy = {
|
|
69
|
-
readonly auth: {
|
|
70
|
-
readonly enabled: boolean;
|
|
71
|
-
readonly forward: false | 'id' | 'access';
|
|
72
|
-
readonly redirect: boolean;
|
|
73
|
-
};
|
|
74
|
-
readonly csrf: false | 'app' | 'api';
|
|
75
|
-
readonly headers: Readonly<Record<string, string>>;
|
|
76
|
-
readonly directives: Readonly<Record<string, readonly string[]>>;
|
|
77
|
-
};
|
|
78
|
-
type ResolvedConfigUpstream = Omit<ResolvedUpstream, 'locations'> & {
|
|
79
|
-
readonly locations: Readonly<Record<string, ResolvedProxyPolicy>>;
|
|
78
|
+
type ResolvedConfigUpstream = ResolvedUpstream & {
|
|
80
79
|
readonly external: boolean;
|
|
81
80
|
};
|
|
82
81
|
export type VisageConfig = {
|
|
@@ -102,8 +101,8 @@ export type VisageConfig = {
|
|
|
102
101
|
readonly services: Readonly<Record<string, ResolvedService>>;
|
|
103
102
|
readonly upstreams: Readonly<Record<string, ResolvedConfigUpstream>>;
|
|
104
103
|
};
|
|
104
|
+
export declare const VisageEdgeKeyHeader = "X-Visage-Edge-Key";
|
|
105
105
|
export declare function resolveOptions(options: VisageOptions): ResolvedVisageOptions;
|
|
106
|
-
export declare function resolveConfig(options: ResolvedVisageOptions, cache: string): VisageConfig;
|
|
107
|
-
export declare function resolveViteUpstream(vite?: VisageUpstream): VisageUpstream;
|
|
106
|
+
export declare function resolveConfig(options: ResolvedVisageOptions, cache: string, edgeKey?: string): VisageConfig;
|
|
108
107
|
export {};
|
|
109
108
|
//# sourceMappingURL=config.d.ts.map
|
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,aAAa,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,aAAa,EAEb,aAAa,EAEd,MAAM,SAAS,CAAC;AAEjB,KAAK,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAElD,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;CACrC,CAAC;AAEF,KAAK,iBAAiB,GAClB;IAAE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAA;CAAE,GAClC,wBAAwB,CAAC;AAE7B,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,KAAK,mBAAmB,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE;QACb,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1B,QAAQ,CAAC,OAAO,EAAE,KAAK,GAAG,IAAI,GAAG,QAAQ,CAAC;QAC1C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF,QAAQ,CAAC,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACrC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC,CAAC;CAClE,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;CACnE,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;IAC3D,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CACtD,CAAC;AAEF,KAAK,kBAAkB,GAAG;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CACxC,CAAC;AAEF,KAAK,wBAAwB,GAAG,kBAAkB,GAAG;IACnD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;QAClC,QAAQ,CAAC,KAAK,EAAE,SAAS,aAAa,EAAE,CAAC;KAC1C,CAAC;IACF,QAAQ,CAAC,IAAI,EAAE,wBAAwB,CAAC;IACxC,QAAQ,CAAC,QAAQ,EAAE;QAAE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAA;KAAE,CAAC;CACvD,CAAC;AACF,KAAK,yBAAyB,GAAG;IAC/B,QAAQ,CAAC,IAAI,EAAE,kBAAkB,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE;QAAE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAA;KAAE,CAAC;CACvD,CAAC;AACF,KAAK,iBAAiB,GAAG,oBAAoB,GAAG,yBAAyB,CAAC;AAE1E,KAAK,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,GAAG;IACvD,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;CACzD,CAAC;AAEF,KAAK,sBAAsB,GAAG,gBAAgB,GAAG;IAC/C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IAEtC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;QAC9B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;KAC/B,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,eAAe,EAAE,SAAS,MAAM,EAAE,CAAC;KAC7C,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC;CACtE,CAAC;AAEF,eAAO,MAAM,mBAAmB,sBAAsB,CAAC;AA8GvD,wBAAgB,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,qBAAqB,CAyD5E;AAsLD,wBAAgB,aAAa,CAC3B,OAAO,EAAE,qBAAqB,EAC9B,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,MAAM,GACf,YAAY,CA4Ed"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export type { VisageCookiePolicy, VisageDexExpiry, VisageDexOptions, VisageDexUser, VisageExternalIdpOptions, VisageOAuth2Client, VisageOptions, VisageProxyPolicy,
|
|
1
|
+
export type { VisageCookiePolicy, VisageDexExpiry, VisageDexOptions, VisageDexUser, VisageExternalIdpOptions, VisageOAuth2Client, VisageOptions, VisageProxyPolicy, VisageService, VisageUpstream, } from './types';
|
|
2
2
|
export { default, visage } from './plugin';
|
|
3
|
-
export { createVisageServer } from './server';
|
|
3
|
+
export { createVisageServer, type VisageServer } from './server';
|
|
4
4
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,kBAAkB,EAClB,aAAa,EACb,iBAAiB,EACjB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,kBAAkB,EAClB,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,14 +1,16 @@
|
|
|
1
|
+
import { spawnSync, spawn } from 'node:child_process';
|
|
2
|
+
import { randomBytes } from 'node:crypto';
|
|
3
|
+
import { isIP } from 'node:net';
|
|
1
4
|
import { join } from 'node:path';
|
|
2
5
|
import { readFileSync, mkdirSync, chmodSync, openSync, rmSync, existsSync, createWriteStream, appendFileSync, writeFileSync } from 'node:fs';
|
|
3
6
|
import { parse, stringify } from 'yaml';
|
|
4
|
-
import { spawnSync, spawn } from 'node:child_process';
|
|
5
7
|
import { homedir } from 'node:os';
|
|
6
8
|
import { Readable } from 'node:stream';
|
|
7
9
|
import { pipeline } from 'node:stream/promises';
|
|
8
10
|
import { hashSync } from 'bcryptjs';
|
|
9
11
|
import { Eta } from 'eta';
|
|
10
|
-
import { randomBytes } from 'node:crypto';
|
|
11
12
|
|
|
13
|
+
const VisageEdgeKeyHeader$1 = 'X-Visage-Edge-Key';
|
|
12
14
|
const BaseFiles = {
|
|
13
15
|
certs: ['./certs', '/etc/nginx/certs'],
|
|
14
16
|
compose: './compose.yaml',
|
|
@@ -36,17 +38,51 @@ const BaseServiceOAuth2Proxy = {
|
|
|
36
38
|
extra_hosts: ['host.docker.internal:host-gateway'],
|
|
37
39
|
restart: 'always',
|
|
38
40
|
};
|
|
41
|
+
const DefaultProxyPolicy = {
|
|
42
|
+
auth: { enabled: true, forward: false, redirect: false },
|
|
43
|
+
csrf: 'api',
|
|
44
|
+
headers: {
|
|
45
|
+
Host: '$host',
|
|
46
|
+
// Mitigate header injection by clearing auth headers.
|
|
47
|
+
Authorization: '""',
|
|
48
|
+
Cookie: '""',
|
|
49
|
+
'X-Auth-Request-User': '""',
|
|
50
|
+
'X-Auth-Request-Email': '""',
|
|
51
|
+
'X-Auth-Request-Groups': '""',
|
|
52
|
+
'X-Auth-Request-Preferred-Username': '""',
|
|
53
|
+
// Add common proxy headers.
|
|
54
|
+
'X-Real-IP': '$remote_addr',
|
|
55
|
+
'X-Forwarded-For': '$proxy_add_x_forwarded_for',
|
|
56
|
+
'X-Forwarded-Proto': '$scheme',
|
|
57
|
+
},
|
|
58
|
+
directives: {
|
|
59
|
+
proxy_buffer_size: ['8k'],
|
|
60
|
+
},
|
|
61
|
+
};
|
|
39
62
|
const BaseUpstreamOauth2Proxy = {
|
|
40
63
|
host: 'oauth2_proxy',
|
|
41
64
|
scheme: 'http',
|
|
42
65
|
port: 4180,
|
|
43
66
|
locations: {
|
|
44
67
|
'/oauth2/': {
|
|
45
|
-
auth: { enabled: false },
|
|
68
|
+
auth: { enabled: false, forward: false, redirect: false },
|
|
69
|
+
csrf: false,
|
|
46
70
|
headers: {
|
|
71
|
+
...DefaultProxyPolicy.headers,
|
|
47
72
|
Cookie: '$http_cookie', // Forward session cookie.
|
|
48
73
|
'X-Auth-Request-Redirect': '$request_uri',
|
|
49
74
|
},
|
|
75
|
+
directives: { ...DefaultProxyPolicy.directives },
|
|
76
|
+
},
|
|
77
|
+
'/oauth2/sign_out': {
|
|
78
|
+
auth: { enabled: false, forward: false, redirect: false },
|
|
79
|
+
csrf: false,
|
|
80
|
+
headers: {
|
|
81
|
+
...DefaultProxyPolicy.headers,
|
|
82
|
+
Cookie: '$http_cookie', // Forward session cookie.
|
|
83
|
+
'X-Auth-Request-Redirect': '/',
|
|
84
|
+
},
|
|
85
|
+
directives: { ...DefaultProxyPolicy.directives },
|
|
50
86
|
},
|
|
51
87
|
},
|
|
52
88
|
};
|
|
@@ -64,24 +100,11 @@ const DefaultOAuth2Client = {
|
|
|
64
100
|
secret: 'visage-secret',
|
|
65
101
|
scopes: ['openid', 'email', 'profile', 'offline_access'],
|
|
66
102
|
emailDomains: ['example.com']};
|
|
67
|
-
const DefaultProxyPolicy = {
|
|
68
|
-
headers: {
|
|
69
|
-
Cookie: '""', // Don't forward session cookie.
|
|
70
|
-
Host: '$host',
|
|
71
|
-
'X-Real-IP': '$remote_addr',
|
|
72
|
-
'X-Forwarded-For': '$proxy_add_x_forwarded_for',
|
|
73
|
-
'X-Forwarded-Proto': '$scheme',
|
|
74
|
-
},
|
|
75
|
-
directives: {
|
|
76
|
-
proxy_buffer_size: ['8k'],
|
|
77
|
-
},
|
|
78
|
-
};
|
|
79
103
|
function resolveOptions(options) {
|
|
80
104
|
const { host = 'localhost', port = 9001, cookie = {}, idp = {}, oauth2 = {}, } = options;
|
|
81
105
|
const cookieName = cookie.name ?? 'sess';
|
|
82
106
|
const publicClient = oauth2.clientSecret === null;
|
|
83
107
|
const services = resolveServicesOptions(options.services);
|
|
84
|
-
const upstreams = resolveUpstreamsOptions(services, options.upstreams);
|
|
85
108
|
return {
|
|
86
109
|
host,
|
|
87
110
|
port,
|
|
@@ -124,7 +147,7 @@ function resolveOptions(options) {
|
|
|
124
147
|
public: publicClient,
|
|
125
148
|
},
|
|
126
149
|
services,
|
|
127
|
-
upstreams,
|
|
150
|
+
upstreams: resolveUpstreamsOptions(services, options.upstreams),
|
|
128
151
|
};
|
|
129
152
|
}
|
|
130
153
|
function resolveServicesOptions(services = {}) {
|
|
@@ -153,15 +176,6 @@ function resolveServicesOptions(services = {}) {
|
|
|
153
176
|
};
|
|
154
177
|
}
|
|
155
178
|
function resolveUpstreamsOptions(services, upstreams = {}) {
|
|
156
|
-
function resolveUpstream(name, upstream) {
|
|
157
|
-
return {
|
|
158
|
-
...upstream,
|
|
159
|
-
scheme: upstream.scheme,
|
|
160
|
-
host: upstream.host ?? name,
|
|
161
|
-
port: upstream.port ?? (upstream.scheme === 'https' ? 443 : 80),
|
|
162
|
-
locations: upstream.locations ?? { [`/${name}/`]: {} },
|
|
163
|
-
};
|
|
164
|
-
}
|
|
165
179
|
return {
|
|
166
180
|
...Object.fromEntries(Object.entries(services)
|
|
167
181
|
.filter(([name]) =>
|
|
@@ -169,40 +183,145 @@ function resolveUpstreamsOptions(services, upstreams = {}) {
|
|
|
169
183
|
name !== 'dex' && name !== 'nginx' && name !== 'oauth2_proxy')
|
|
170
184
|
.map(([name, service]) => [
|
|
171
185
|
name,
|
|
172
|
-
|
|
173
|
-
])),
|
|
174
|
-
...Object.fromEntries(Object.entries(upstreams).map(([name, upstream]) => [
|
|
175
|
-
name,
|
|
176
|
-
resolveUpstream(name, {
|
|
177
|
-
scheme: services[name] === undefined ? 'https' : 'http',
|
|
178
|
-
...upstream,
|
|
179
|
-
}),
|
|
186
|
+
resolveUpstreamOptions(name, service.upstream, false),
|
|
180
187
|
])),
|
|
188
|
+
...Object.fromEntries(Object.entries(upstreams).map(([name, upstream]) => {
|
|
189
|
+
if (name === 'vite') {
|
|
190
|
+
const vite = resolveViteUpstreamOptions(upstream);
|
|
191
|
+
return [name, resolveUpstreamOptions('vite', vite, true)];
|
|
192
|
+
}
|
|
193
|
+
return [
|
|
194
|
+
name,
|
|
195
|
+
resolveUpstreamOptions(name, upstream, services[name] === undefined),
|
|
196
|
+
];
|
|
197
|
+
})),
|
|
181
198
|
};
|
|
182
199
|
}
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
200
|
+
const BaseViteUpstreamRootLocation = {
|
|
201
|
+
auth: { enabled: true, forward: false, redirect: true },
|
|
202
|
+
csrf: 'app',
|
|
203
|
+
headers: {
|
|
204
|
+
Host: '$host',
|
|
205
|
+
Upgrade: '$http_upgrade',
|
|
206
|
+
Connection: '$connection_upgrade',
|
|
207
|
+
'X-Auth-Request-User': '$auth_user',
|
|
208
|
+
'X-Auth-Request-Email': '$auth_email',
|
|
209
|
+
},
|
|
210
|
+
directives: {
|
|
211
|
+
proxy_http_version: ['1.1'],
|
|
212
|
+
proxy_read_timeout: ['1h'],
|
|
213
|
+
},
|
|
214
|
+
};
|
|
215
|
+
function resolveViteUpstreamOptions(upstream) {
|
|
216
|
+
const base = BaseViteUpstreamRootLocation;
|
|
217
|
+
const root = upstream.locations?.['/'];
|
|
218
|
+
return {
|
|
219
|
+
host: 'host.docker.internal',
|
|
220
|
+
scheme: 'http',
|
|
221
|
+
...upstream,
|
|
222
|
+
locations: {
|
|
223
|
+
...(upstream.locations ?? {}),
|
|
224
|
+
'/': root === undefined
|
|
225
|
+
? { ...base }
|
|
226
|
+
: {
|
|
227
|
+
auth: { ...base.auth, ...root.auth },
|
|
228
|
+
csrf: root.csrf ?? base.csrf,
|
|
192
229
|
headers: {
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
: '/',
|
|
230
|
+
...base.headers,
|
|
231
|
+
...root.headers,
|
|
232
|
+
},
|
|
233
|
+
directives: {
|
|
234
|
+
...base.directives,
|
|
235
|
+
...root.directives,
|
|
200
236
|
},
|
|
201
237
|
},
|
|
202
|
-
},
|
|
203
238
|
},
|
|
239
|
+
};
|
|
240
|
+
}
|
|
241
|
+
function resolveUpstreamOptions(name, upstream = {}, external) {
|
|
242
|
+
const scheme = upstream.scheme ?? (external ? 'https' : 'http');
|
|
243
|
+
const host = upstream.host ?? name;
|
|
244
|
+
return {
|
|
245
|
+
...upstream,
|
|
246
|
+
scheme,
|
|
247
|
+
host,
|
|
248
|
+
port: upstream.port ?? (scheme === 'https' ? 443 : 80),
|
|
249
|
+
locations: {
|
|
250
|
+
...Object.fromEntries(Object.entries(upstream.locations ?? { [`/${name}/`]: {} }).map(([path, policy]) => [
|
|
251
|
+
path,
|
|
252
|
+
resolveUpstreamLocationOptions(name, host, policy, external),
|
|
253
|
+
])),
|
|
254
|
+
},
|
|
255
|
+
};
|
|
256
|
+
}
|
|
257
|
+
function resolveUpstreamLocationOptions(name, host, location, external) {
|
|
258
|
+
const auth = resolveAuthPolicy(location.auth, external && name !== 'vite');
|
|
259
|
+
return {
|
|
260
|
+
...DefaultProxyPolicy,
|
|
261
|
+
...location,
|
|
262
|
+
auth,
|
|
263
|
+
csrf: location.csrf ?? (auth.enabled ? 'api' : false),
|
|
264
|
+
headers: {
|
|
265
|
+
...DefaultProxyPolicy.headers,
|
|
266
|
+
...(external ? { Host: host } : {}),
|
|
267
|
+
...(auth.enabled && auth.forward === 'id'
|
|
268
|
+
? { Authorization: '$authorization' }
|
|
269
|
+
: {}),
|
|
270
|
+
...(auth.enabled && auth.forward === 'access'
|
|
271
|
+
? { Authorization: '"Bearer $access_token"' }
|
|
272
|
+
: {}),
|
|
273
|
+
...(location.headers ?? {}),
|
|
274
|
+
},
|
|
275
|
+
directives: {
|
|
276
|
+
...DefaultProxyPolicy.directives,
|
|
277
|
+
...Object.fromEntries(Object.entries(location.directives ?? {}).map(([name, value]) => [
|
|
278
|
+
name,
|
|
279
|
+
Array.isArray(value) ? value : [value],
|
|
280
|
+
])),
|
|
281
|
+
},
|
|
282
|
+
};
|
|
283
|
+
}
|
|
284
|
+
function resolveAuthPolicy(auth = {}, external) {
|
|
285
|
+
return {
|
|
286
|
+
enabled: auth.enabled ?? true,
|
|
287
|
+
forward: auth.forward === true
|
|
288
|
+
? external
|
|
289
|
+
? 'access'
|
|
290
|
+
: 'id'
|
|
291
|
+
: (auth.forward ?? false),
|
|
292
|
+
redirect: auth.redirect ?? false,
|
|
293
|
+
};
|
|
294
|
+
}
|
|
295
|
+
function resolveConfig(options, cache, edgeKey) {
|
|
296
|
+
const idp = resolveIdpConfig(options);
|
|
297
|
+
const end_session_endpoint = idp.oidc.end_session_endpoint;
|
|
298
|
+
const upstreams = {
|
|
299
|
+
...(end_session_endpoint === undefined
|
|
300
|
+
? { oauth2_proxy: { ...BaseUpstreamOauth2Proxy } }
|
|
301
|
+
: {
|
|
302
|
+
oauth2_proxy: {
|
|
303
|
+
...BaseUpstreamOauth2Proxy,
|
|
304
|
+
locations: {
|
|
305
|
+
...BaseUpstreamOauth2Proxy.locations,
|
|
306
|
+
'/oauth2/sign_out': {
|
|
307
|
+
...BaseUpstreamOauth2Proxy.locations['/oauth2/sign_out'],
|
|
308
|
+
headers: {
|
|
309
|
+
...BaseUpstreamOauth2Proxy.locations['/oauth2/sign_out']
|
|
310
|
+
.headers,
|
|
311
|
+
'X-Auth-Request-Redirect': JSON.stringify(end_session_endpoint +
|
|
312
|
+
(end_session_endpoint.includes('?') ? '&' : '?') +
|
|
313
|
+
'id_token_hint={id_token}&post_logout_redirect_uri=' +
|
|
314
|
+
encodeURIComponent(`https://${options.host}:${options.port}/`)),
|
|
315
|
+
},
|
|
316
|
+
},
|
|
317
|
+
},
|
|
318
|
+
},
|
|
319
|
+
}),
|
|
204
320
|
...idp.upstream,
|
|
205
321
|
...options.upstreams,
|
|
322
|
+
...(edgeKey && options.upstreams.vite
|
|
323
|
+
? { vite: resolveViteEdgeKeyConfig(options.upstreams.vite, edgeKey) }
|
|
324
|
+
: {}),
|
|
206
325
|
};
|
|
207
326
|
return {
|
|
208
327
|
host: options.host,
|
|
@@ -234,37 +353,26 @@ function resolveConfig(options, cache) {
|
|
|
234
353
|
options.services[name] === undefined;
|
|
235
354
|
return [
|
|
236
355
|
name,
|
|
237
|
-
{
|
|
238
|
-
...upstream,
|
|
239
|
-
external,
|
|
240
|
-
locations: Object.fromEntries(Object.entries(upstream.locations ?? {}).map(([path, policy]) => {
|
|
241
|
-
const auth = resolveAuthPolicy(policy.auth, external && name !== 'vite');
|
|
242
|
-
return [
|
|
243
|
-
path,
|
|
244
|
-
{
|
|
245
|
-
auth,
|
|
246
|
-
csrf: policy.csrf ?? (auth.enabled ? 'api' : false),
|
|
247
|
-
headers: {
|
|
248
|
-
...(external
|
|
249
|
-
? { ...DefaultProxyPolicy.headers, Host: upstream.host }
|
|
250
|
-
: DefaultProxyPolicy.headers),
|
|
251
|
-
...policy.headers,
|
|
252
|
-
},
|
|
253
|
-
directives: {
|
|
254
|
-
...DefaultProxyPolicy.directives,
|
|
255
|
-
...Object.fromEntries(Object.entries(policy.directives ?? {}).map(([name, value]) => [
|
|
256
|
-
name,
|
|
257
|
-
Array.isArray(value) ? value : [value],
|
|
258
|
-
])),
|
|
259
|
-
},
|
|
260
|
-
},
|
|
261
|
-
];
|
|
262
|
-
})),
|
|
263
|
-
},
|
|
356
|
+
{ ...upstream, external },
|
|
264
357
|
];
|
|
265
358
|
})),
|
|
266
359
|
};
|
|
267
360
|
}
|
|
361
|
+
function resolveViteEdgeKeyConfig(upstream, edgeKey) {
|
|
362
|
+
return {
|
|
363
|
+
...upstream,
|
|
364
|
+
locations: Object.fromEntries(Object.entries(upstream.locations).map(([path, policy]) => [
|
|
365
|
+
path,
|
|
366
|
+
{
|
|
367
|
+
...policy,
|
|
368
|
+
headers: {
|
|
369
|
+
[VisageEdgeKeyHeader$1]: edgeKey,
|
|
370
|
+
...policy.headers,
|
|
371
|
+
},
|
|
372
|
+
},
|
|
373
|
+
])),
|
|
374
|
+
};
|
|
375
|
+
}
|
|
268
376
|
function resolveIdpConfig({ host, port, idp, }) {
|
|
269
377
|
if ('dex' in idp) {
|
|
270
378
|
return {
|
|
@@ -288,7 +396,14 @@ function resolveIdpConfig({ host, port, idp, }) {
|
|
|
288
396
|
host: 'dex',
|
|
289
397
|
scheme: 'http',
|
|
290
398
|
port: 5556,
|
|
291
|
-
locations: {
|
|
399
|
+
locations: {
|
|
400
|
+
'/dex/': {
|
|
401
|
+
auth: { enabled: false, forward: false, redirect: false },
|
|
402
|
+
csrf: false,
|
|
403
|
+
headers: { ...DefaultProxyPolicy.headers },
|
|
404
|
+
directives: { ...DefaultProxyPolicy.directives },
|
|
405
|
+
},
|
|
406
|
+
},
|
|
292
407
|
},
|
|
293
408
|
},
|
|
294
409
|
};
|
|
@@ -319,59 +434,31 @@ function resolveIdpConfig({ host, port, idp, }) {
|
|
|
319
434
|
},
|
|
320
435
|
};
|
|
321
436
|
}
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
437
|
+
|
|
438
|
+
const VisageEdgeKeyHeader = 'X-Visage-Edge-Key';
|
|
439
|
+
function createVisageMiddleware(edgeKey) {
|
|
440
|
+
return function visageMiddleware(request, response, next) {
|
|
441
|
+
if (isVisageEdgeRequest(request, edgeKey)) {
|
|
442
|
+
next();
|
|
443
|
+
return;
|
|
444
|
+
}
|
|
445
|
+
response.statusCode = 403;
|
|
446
|
+
response.end('Forbidden');
|
|
331
447
|
};
|
|
332
448
|
}
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
headers: {
|
|
341
|
-
Host: '$host',
|
|
342
|
-
Upgrade: '$http_upgrade',
|
|
343
|
-
Connection: '$connection_upgrade',
|
|
344
|
-
},
|
|
345
|
-
directives: {
|
|
346
|
-
proxy_http_version: '1.1',
|
|
347
|
-
proxy_read_timeout: '1h',
|
|
348
|
-
},
|
|
349
|
-
},
|
|
350
|
-
},
|
|
351
|
-
};
|
|
352
|
-
function resolveViteUpstream(vite = { locations: {} }) {
|
|
353
|
-
return {
|
|
354
|
-
...BaseViteUpstream,
|
|
355
|
-
...vite,
|
|
356
|
-
locations: {
|
|
357
|
-
...BaseViteUpstream.locations,
|
|
358
|
-
...Object.fromEntries(Object.entries(vite.locations ?? {}).map(([path, policy]) => {
|
|
359
|
-
if (path !== '/')
|
|
360
|
-
return [path, policy];
|
|
361
|
-
const base = BaseViteUpstream.locations['/'];
|
|
362
|
-
return [
|
|
363
|
-
path,
|
|
364
|
-
{
|
|
365
|
-
auth: { ...base.auth, ...policy.auth },
|
|
366
|
-
csrf: policy.csrf ?? base.csrf,
|
|
367
|
-
headers: { ...base.headers, ...policy.headers },
|
|
368
|
-
directives: { ...base.directives, ...policy.directives },
|
|
369
|
-
},
|
|
370
|
-
];
|
|
371
|
-
})),
|
|
372
|
-
},
|
|
449
|
+
function createVisageUpgradeHandler(edgeKey) {
|
|
450
|
+
return function visageUpgrade(request, socket) {
|
|
451
|
+
if (isVisageEdgeRequest(request, edgeKey)) {
|
|
452
|
+
return;
|
|
453
|
+
}
|
|
454
|
+
socket.write('HTTP/1.1 403 Forbidden\r\nConnection: close\r\nContent-Length: 0\r\n\r\n');
|
|
455
|
+
socket.destroy();
|
|
373
456
|
};
|
|
374
457
|
}
|
|
458
|
+
function isVisageEdgeRequest(request, edgeKey) {
|
|
459
|
+
const header = request.headers[VisageEdgeKeyHeader.toLowerCase()];
|
|
460
|
+
return typeof header === 'string' && header === edgeKey;
|
|
461
|
+
}
|
|
375
462
|
|
|
376
463
|
const CACHE_HOME = process.env.XDG_CACHE_HOME || join(homedir(), '.cache');
|
|
377
464
|
async function ensureCerts(config) {
|
|
@@ -584,7 +671,7 @@ function renderComposeConfig(config) {
|
|
|
584
671
|
: {}),
|
|
585
672
|
nginx: {
|
|
586
673
|
...config.services.nginx,
|
|
587
|
-
ports: [
|
|
674
|
+
ports: [`127.0.0.1:${config.port}:${config.port}`],
|
|
588
675
|
volumes: [config.files.certs, config.files.nginx].map(([from, to]) => `${from}:${to}:ro`),
|
|
589
676
|
},
|
|
590
677
|
oauth2_proxy: {
|
|
@@ -735,11 +822,6 @@ http {
|
|
|
735
822
|
<%~ directive %> <%~ value %>;
|
|
736
823
|
<%_ } %>
|
|
737
824
|
<%_ } %>
|
|
738
|
-
<%_ if (location.auth?.enabled && location.auth.forward === 'id') { %>
|
|
739
|
-
proxy_set_header Authorization $authorization;
|
|
740
|
-
<%_ } else if (location.auth?.enabled && location.auth.forward === 'access') { %>
|
|
741
|
-
proxy_set_header Authorization "Bearer $access_token";
|
|
742
|
-
<%_ } %>
|
|
743
825
|
<%_ if (upstream.scheme === 'https') { %>
|
|
744
826
|
proxy_ssl_server_name on;
|
|
745
827
|
proxy_ssl_name <%~ upstream.host %>;
|
|
@@ -859,15 +941,12 @@ function renderOauth2ProxyConfig(config) {
|
|
|
859
941
|
|
|
860
942
|
function createVisageServer(options) {
|
|
861
943
|
const cache = join(process.cwd(), '.visage');
|
|
862
|
-
const
|
|
863
|
-
|
|
864
|
-
upstreams: {
|
|
865
|
-
...options.upstreams,
|
|
866
|
-
vite: resolveViteUpstream(options.upstreams?.vite),
|
|
867
|
-
},
|
|
868
|
-
}), cache);
|
|
944
|
+
const edgeKey = randomBytes(32).toString('base64url');
|
|
945
|
+
const config = resolveConfig(resolveOptions(options), cache, edgeKey);
|
|
869
946
|
let stop;
|
|
870
947
|
return {
|
|
948
|
+
middleware: createVisageMiddleware(edgeKey),
|
|
949
|
+
upgrade: createVisageUpgradeHandler(edgeKey),
|
|
871
950
|
async listen() {
|
|
872
951
|
stop ??= await startVisageServer(config);
|
|
873
952
|
},
|
|
@@ -900,51 +979,68 @@ function visage(options = {}) {
|
|
|
900
979
|
stop?.();
|
|
901
980
|
stop = undefined;
|
|
902
981
|
};
|
|
982
|
+
const edgeKey = randomBytes(32).toString('base64url');
|
|
903
983
|
return {
|
|
904
984
|
name: 'visage',
|
|
905
985
|
apply: 'serve',
|
|
906
986
|
config() {
|
|
907
987
|
return {
|
|
908
988
|
server: {
|
|
989
|
+
// Configure Vite to only allow traffic from the intended host.
|
|
990
|
+
allowedHosts: [resolvedOptions.host],
|
|
909
991
|
hmr: {
|
|
910
992
|
protocol: 'wss',
|
|
911
993
|
host: resolvedOptions.host,
|
|
912
994
|
clientPort: resolvedOptions.port,
|
|
913
995
|
},
|
|
914
|
-
host
|
|
996
|
+
// Configure Vite to listen on the minimal host address to allow
|
|
997
|
+
// Docker containers to reach it. Visage (internally managed NGINX)
|
|
998
|
+
// exposes the browser-facing host/port. On non-Linux systems, this is
|
|
999
|
+
// localhost. On Linux, it's the host's bridge gateway (e.g.,
|
|
1000
|
+
// 172.17.0.1).
|
|
1001
|
+
host: process.platform !== 'linux'
|
|
1002
|
+
? '127.0.0.1'
|
|
1003
|
+
: (spawnSync('docker', [
|
|
1004
|
+
'network',
|
|
1005
|
+
'inspect',
|
|
1006
|
+
'bridge',
|
|
1007
|
+
'--format',
|
|
1008
|
+
'{{range .IPAM.Config}}{{println .Gateway}}{{end}}',
|
|
1009
|
+
], { encoding: 'utf8' })
|
|
1010
|
+
.stdout?.split(/\r?\n/)
|
|
1011
|
+
.map((line) => line.trim())
|
|
1012
|
+
.find((line) => isIP(line)) ?? '0.0.0.0'),
|
|
915
1013
|
},
|
|
916
1014
|
};
|
|
917
1015
|
},
|
|
918
|
-
configureServer(
|
|
919
|
-
|
|
1016
|
+
configureServer(vite) {
|
|
1017
|
+
vite.middlewares.use(createVisageMiddleware(edgeKey));
|
|
1018
|
+
vite.httpServer?.prependListener('upgrade', createVisageUpgradeHandler(edgeKey));
|
|
1019
|
+
// Hide Vite's direct URL(s) because browser traffic must flow through the
|
|
1020
|
+
// browser-facing NGINX managed by Visage.
|
|
920
1021
|
let visageUrl;
|
|
921
|
-
|
|
922
|
-
|
|
923
|
-
printUrls();
|
|
924
|
-
viteDevServer.config.logger.info(visageUrl ?? 'Visage failed to start');
|
|
1022
|
+
vite.printUrls = () => {
|
|
1023
|
+
vite.config.logger.info(visageUrl ?? 'Visage failed to start');
|
|
925
1024
|
};
|
|
926
|
-
//
|
|
927
|
-
const listen =
|
|
928
|
-
|
|
1025
|
+
// Monkey patch Vite's listen to get the server's auto-resolved port.
|
|
1026
|
+
const listen = vite.listen.bind(vite);
|
|
1027
|
+
vite.listen = async (port, isRestart) => {
|
|
929
1028
|
const result = await listen(port, isRestart);
|
|
930
|
-
const address =
|
|
1029
|
+
const address = vite.httpServer?.address();
|
|
931
1030
|
if (!address || typeof address === 'string') {
|
|
932
1031
|
throw new Error('Failed to resolve port for Visage');
|
|
933
1032
|
}
|
|
934
|
-
const cache = join(
|
|
1033
|
+
const cache = join(vite.config.cacheDir, 'visage');
|
|
935
1034
|
const config = resolveConfig(resolveOptions({
|
|
936
1035
|
...options,
|
|
937
1036
|
upstreams: {
|
|
938
1037
|
...options.upstreams,
|
|
939
|
-
vite:
|
|
940
|
-
port: address.port,
|
|
941
|
-
...options.upstreams?.vite,
|
|
942
|
-
}),
|
|
1038
|
+
vite: { port: address.port, ...options.upstreams?.vite },
|
|
943
1039
|
},
|
|
944
|
-
}), cache);
|
|
1040
|
+
}), cache, edgeKey);
|
|
945
1041
|
visageUrl = formatVisageUrlLog(config.host, config.port);
|
|
946
1042
|
stop = await startVisageServer(config);
|
|
947
|
-
|
|
1043
|
+
vite.httpServer?.once('close', closeBundle);
|
|
948
1044
|
return result;
|
|
949
1045
|
};
|
|
950
1046
|
},
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import type { VisageMiddleware, VisageUpgradeHandler } from './server';
|
|
2
|
+
export declare function createVisageMiddleware(edgeKey: string): VisageMiddleware;
|
|
3
|
+
export declare function createVisageUpgradeHandler(edgeKey: string): VisageUpgradeHandler;
|
|
4
|
+
//# sourceMappingURL=middleware.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAIvE,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,CASxE;AAED,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,MAAM,GACd,oBAAoB,CAUtB"}
|
package/dist/plugin.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,MAAM,EAAiB,MAAM,MAAM,CAAC;AAQlD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,wBAAgB,MAAM,CAAC,OAAO,GAAE,aAAkB,GAAG,MAAM,CAgG1D;AAED,eAAe,MAAM,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nginx.d.ts","sourceRoot":"","sources":["../../src/render/nginx.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"nginx.d.ts","sourceRoot":"","sources":["../../src/render/nginx.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAiH9C,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAI3D"}
|
package/dist/server.d.ts
CHANGED
|
@@ -1,5 +1,31 @@
|
|
|
1
|
+
import type { IncomingMessage, ServerResponse } from 'node:http';
|
|
2
|
+
import type { Socket } from 'node:net';
|
|
1
3
|
import { type VisageConfig } from './config';
|
|
2
|
-
import type { VisageOptions
|
|
4
|
+
import type { VisageOptions } from './types';
|
|
5
|
+
export type VisageMiddleware = (request: IncomingMessage, response: ServerResponse, next: () => void) => void;
|
|
6
|
+
export type VisageUpgradeHandler = (request: IncomingMessage, socket: Socket) => void;
|
|
7
|
+
/**
|
|
8
|
+
* A running Visage instance.
|
|
9
|
+
*/
|
|
10
|
+
export type VisageServer = {
|
|
11
|
+
/**
|
|
12
|
+
* Reject requests that did not pass through the Visage-managed NGINX edge.
|
|
13
|
+
*/
|
|
14
|
+
middleware: VisageMiddleware;
|
|
15
|
+
/**
|
|
16
|
+
* Reject upgrade requests that did not pass through the Visage-managed NGINX
|
|
17
|
+
* edge.
|
|
18
|
+
*/
|
|
19
|
+
upgrade: VisageUpgradeHandler;
|
|
20
|
+
/**
|
|
21
|
+
* Start the Visage managed services (NGINX, OAuth2 Proxy, and sometimes Dex).
|
|
22
|
+
*/
|
|
23
|
+
listen(): Promise<void>;
|
|
24
|
+
/**
|
|
25
|
+
* Stop the Visage managed services.
|
|
26
|
+
*/
|
|
27
|
+
close(): void;
|
|
28
|
+
};
|
|
3
29
|
export declare function createVisageServer(options: VisageOptions): VisageServer;
|
|
4
30
|
export declare function startVisageServer(config: VisageConfig): Promise<() => void>;
|
|
5
31
|
//# sourceMappingURL=server.d.ts.map
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAKvC,OAAO,EAAiC,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC;AAa5E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,MAAM,MAAM,gBAAgB,GAAG,CAC7B,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,cAAc,EACxB,IAAI,EAAE,MAAM,IAAI,KACb,IAAI,CAAC;AAEV,MAAM,MAAM,oBAAoB,GAAG,CACjC,OAAO,EAAE,eAAe,EACxB,MAAM,EAAE,MAAM,KACX,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB;;OAEG;IACH,UAAU,EAAE,gBAAgB,CAAC;IAC7B;;;OAGG;IACH,OAAO,EAAE,oBAAoB,CAAC;IAC9B;;OAEG;IACH,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB;;OAEG;IACH,KAAK,IAAI,IAAI,CAAC;CACf,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,aAAa,GAAG,YAAY,CAgBvE;AAED,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,YAAY,GACnB,OAAO,CAAC,MAAM,IAAI,CAAC,CAkBrB"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,16 +1,3 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* A running Visage instance.
|
|
3
|
-
*/
|
|
4
|
-
export type VisageServer = {
|
|
5
|
-
/**
|
|
6
|
-
* Start the Visage managed services (NGINX, OAuth2 Proxy, and sometimes Dex).
|
|
7
|
-
*/
|
|
8
|
-
listen(): Promise<void>;
|
|
9
|
-
/**
|
|
10
|
-
* Stop the Visage managed services.
|
|
11
|
-
*/
|
|
12
|
-
close(): void;
|
|
13
|
-
};
|
|
14
1
|
/**
|
|
15
2
|
* User-configurable options for the Visage Vite plugin.
|
|
16
3
|
*/
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,GAAG,wBAAwB,CAAC;IAC3D;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAClD;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;;;OAMG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;;;OAOG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;;OAQG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;IAClC;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,aAAa,EAAE,CAAC;CAC3C,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;OAEG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;OAEG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvB;;WAEG;QACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QACpC;;WAEG;QACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;;;OAKG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,wBAAwB,GAAG;IACrC;;;OAGG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;;;OAIG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CACxC,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;;;OAOG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC;;;;OAIG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC3C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;OAEG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,GAAG,IAAI,GAAG,YAAY,GAAG,gBAAgB,CAAC;IACrE;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,iBAAiB,CAAA;KAAE,CAAC;CACrE,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE;QACd;;;;WAIG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;QAC3B;;;;WAIG;QACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;QAC5B;;;;;;;;;WASG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,GAAG,IAAI,GAAG,QAAQ,CAAC;KAC9C,CAAC;IACF;;;;;;;OAOG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACtC;;;;;;OAMG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;IACtD;;;;OAIG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE;QACpB,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,MAAM,EAAE,CAAC;KACrD,CAAC;CACH,CAAC"}
|
package/package.json
CHANGED