@blakearoberts/visage 0.0.1-rc.23 → 0.0.1-rc.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/certs.d.ts.map +1 -1
  2. package/dist/compose.d.ts.map +1 -1
  3. package/dist/config.d.ts +4 -3
  4. package/dist/config.d.ts.map +1 -1
  5. package/dist/index.js +55 -38
  6. package/dist/render/oauth2-proxy.d.ts.map +1 -1
  7. package/dist/server.d.ts.map +1 -1
  8. package/package.json +1 -1
package/dist/certs.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../src/certs.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAI7C,wBAAsB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAqCrE"}
1
+ {"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../src/certs.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAI7C,wBAAsB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAuCrE"}
package/dist/compose.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"compose.d.ts","sourceRoot":"","sources":["../src/compose.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAE7C,KAAK,WAAW,GAAG,MAAM,IAAI,CAAC;AAI9B,wBAAgB,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,WAAW,CAmC9D"}
1
+ {"version":3,"file":"compose.d.ts","sourceRoot":"","sources":["../src/compose.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAE7C,KAAK,WAAW,GAAG,MAAM,IAAI,CAAC;AAI9B,wBAAgB,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,WAAW,CA0C9D"}
package/dist/config.d.ts CHANGED
@@ -6,7 +6,6 @@ type ResolvedCookiePolicy = {
6
6
  readonly cookie_refresh: string;
7
7
  readonly cookie_domains?: readonly string[];
8
8
  readonly cookie_path: string;
9
- readonly cookie_secret_file: string;
10
9
  };
11
10
  type ResolvedIdpOption = {
12
11
  readonly dex: VisageDexOptions;
@@ -91,8 +90,10 @@ export type VisageConfig = {
91
90
  readonly dex: Volume;
92
91
  readonly nginx: Volume;
93
92
  readonly oauth2Proxy: Volume;
94
- readonly clientSecret: Volume;
95
- readonly cookieSecret: Volume;
93
+ };
94
+ readonly secrets: {
95
+ readonly cookieSecret: string;
96
+ readonly clientSecret: string;
96
97
  };
97
98
  readonly network: {
98
99
  readonly name: string;
package/dist/config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,aAAa,EAEb,aAAa,EAEd,MAAM,SAAS,CAAC;AAEjB,KAAK,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAElD,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;CACrC,CAAC;AAEF,KAAK,iBAAiB,GAClB;IAAE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAA;CAAE,GAClC,wBAAwB,CAAC;AAE7B,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,KAAK,mBAAmB,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE;QACb,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1B,QAAQ,CAAC,OAAO,EAAE,KAAK,GAAG,IAAI,GAAG,QAAQ,CAAC;QAC1C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF,QAAQ,CAAC,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACrC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC,CAAC;CAClE,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;CACnE,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;IAC3D,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CACtD,CAAC;AAEF,KAAK,kBAAkB,GAAG;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CACxC,CAAC;AAEF,KAAK,wBAAwB,GAAG,kBAAkB,GAAG;IACnD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;QAClC,QAAQ,CAAC,KAAK,EAAE,SAAS,aAAa,EAAE,CAAC;KAC1C,CAAC;IACF,QAAQ,CAAC,IAAI,EAAE,wBAAwB,CAAC;IACxC,QAAQ,CAAC,QAAQ,EAAE;QAAE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAA;KAAE,CAAC;CACvD,CAAC;AACF,KAAK,yBAAyB,GAAG;IAC/B,QAAQ,CAAC,IAAI,EAAE,kBAAkB,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE;QAAE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAA;KAAE,CAAC;CACvD,CAAC;AACF,KAAK,iBAAiB,GAAG,oBAAoB,GAAG,yBAAyB,CAAC;AAE1E,KAAK,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,GAAG;IACvD,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;CACzD,CAAC;AAEF,KAAK,sBAAsB,GAAG,gBAAgB,GAAG;IAC/C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IAEtC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;QAC9B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;KAC/B,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,eAAe,EAAE,SAAS,MAAM,EAAE,CAAC;KAC7C,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC;CACtE,CAAC;AAEF,eAAO,MAAM,mBAAmB,sBAAsB,CAAC;AA8GvD,wBAAgB,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,qBAAqB,CAyD5E;AAsLD,wBAAgB,aAAa,CAC3B,OAAO,EAAE,qBAAqB,EAC9B,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,MAAM,GACf,YAAY,CA4Ed"}
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,aAAa,EAEb,aAAa,EAEd,MAAM,SAAS,CAAC;AAEjB,KAAK,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAElD,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,KAAK,iBAAiB,GAClB;IAAE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAA;CAAE,GAClC,wBAAwB,CAAC;AAE7B,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,KAAK,mBAAmB,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE;QACb,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1B,QAAQ,CAAC,OAAO,EAAE,KAAK,GAAG,IAAI,GAAG,QAAQ,CAAC;QAC1C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF,QAAQ,CAAC,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IACrC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC,CAAC;CAClE,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,CAAC;CACnE,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;IAC3D,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CACtD,CAAC;AAEF,KAAK,kBAAkB,GAAG;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CACxC,CAAC;AAEF,KAAK,wBAAwB,GAAG,kBAAkB,GAAG;IACnD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;QAClC,QAAQ,CAAC,KAAK,EAAE,SAAS,aAAa,EAAE,CAAC;KAC1C,CAAC;IACF,QAAQ,CAAC,IAAI,EAAE,wBAAwB,CAAC;IACxC,QAAQ,CAAC,QAAQ,EAAE;QAAE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAA;KAAE,CAAC;CACvD,CAAC;AACF,KAAK,yBAAyB,GAAG;IAC/B,QAAQ,CAAC,IAAI,EAAE,kBAAkB,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE;QAAE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAA;KAAE,CAAC;CACvD,CAAC;AACF,KAAK,iBAAiB,GAAG,oBAAoB,GAAG,yBAAyB,CAAC;AAE1E,KAAK,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,GAAG;IACvD,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;CACzD,CAAC;AAEF,KAAK,sBAAsB,GAAG,gBAAgB,GAAG;IAC/C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IAEtC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;KAC9B,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;QAC9B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;KAC/B,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,eAAe,EAAE,SAAS,MAAM,EAAE,CAAC;KAC7C,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC;CACtE,CAAC;AAEF,eAAO,MAAM,mBAAmB,sBAAsB,CAAC;AAmGvD,wBAAgB,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,qBAAqB,CAyD5E;AAsLD,wBAAgB,aAAa,CAC3B,OAAO,EAAE,qBAAqB,EAC9B,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,MAAM,GACf,YAAY,CAsFd"}
package/dist/index.js CHANGED
@@ -11,19 +11,10 @@ import { hashSync } from 'bcryptjs';
11
11
  import { Eta } from 'eta';
12
12
 
13
13
  const VisageEdgeKeyHeader$1 = 'X-Visage-Edge-Key';
14
- const BaseFiles = {
15
- certs: ['./certs', '/etc/nginx/certs'],
16
- compose: './compose.yaml',
17
- dex: ['./dex.yml', '/etc/dex/dex.yml'],
18
- nginx: ['./nginx.conf', '/etc/nginx/nginx.conf'],
19
- oauth2Proxy: ['./oauth2-proxy.yml', '/etc/oauth2-proxy/config.yml'],
20
- clientSecret: ['./oauth2-client-secret', '/etc/oauth2-proxy/client-secret'],
21
- cookieSecret: ['./oauth2-cookie-secret', '/etc/oauth2-proxy/cookie-secret'],
22
- };
23
14
  const DockerImages = parse(readFileSync(new URL('../docker-compose.images.yml', import.meta.url), 'utf8')).services;
24
15
  const BaseServiceDex = {
25
16
  image: DockerImages.dex.image,
26
- command: ['dex', 'serve', '/etc/dex/dex.yml'],
17
+ command: ['dex', 'serve', '/etc/dex/dex.yaml'],
27
18
  restart: 'always',
28
19
  };
29
20
  const BaseServiceNginx = {
@@ -90,7 +81,6 @@ const DefaultCookiePolicy = {
90
81
  cookie_expire: '8h',
91
82
  cookie_refresh: '15m',
92
83
  cookie_path: '/',
93
- cookie_secret_file: BaseFiles.cookieSecret[1],
94
84
  };
95
85
  const DefaultDexUsers = [
96
86
  { email: 'user@example.com', password: 'pass' },
@@ -330,7 +320,17 @@ function resolveConfig(options, cache, edgeKey) {
330
320
  idp,
331
321
  oauth2: options.oauth2,
332
322
  cache,
333
- files: BaseFiles,
323
+ files: {
324
+ certs: ['./certs', '/etc/nginx/certs'],
325
+ compose: './compose.yaml',
326
+ dex: ['./dex.yaml', '/etc/dex/dex.yaml'],
327
+ nginx: ['./nginx.conf', '/etc/nginx/nginx.conf'],
328
+ oauth2Proxy: ['./oauth2-proxy.yml', '/etc/oauth2-proxy/config.yml'],
329
+ },
330
+ secrets: {
331
+ cookieSecret: 'OAUTH2_PROXY_COOKIE_SECRET',
332
+ clientSecret: 'OAUTH2_CLIENT_SECRET',
333
+ },
334
334
  network: {
335
335
  name: process.env.COMPOSE_PROJECT_NAME ?? 'visage',
336
336
  trustedProxyIps: [],
@@ -466,7 +466,6 @@ async function ensureCerts(config) {
466
466
  mkdirSync(CAROOT, { recursive: true, mode: 0o700 });
467
467
  chmodSync(CAROOT, 0o700);
468
468
  const mkcert = await ensureMkCert();
469
- mkdirSync(join(config.cache, 'logs'), { recursive: true });
470
469
  const out = openSync(join(config.cache, 'logs', 'mkcert.log'), 'w');
471
470
  const env = { CAROOT, TRUST_STORES: 'system', ...process.env };
472
471
  const tty = process.stdin.isTTY;
@@ -483,7 +482,8 @@ async function ensureCerts(config) {
483
482
  const certs = join(config.cache, config.files.certs[0]);
484
483
  const cert = join(certs, 'tls.crt');
485
484
  const key = join(certs, 'tls.key');
486
- mkdirSync(certs, { recursive: true });
485
+ mkdirSync(certs, { recursive: true, mode: 0o700 });
486
+ chmodSync(certs, 0o700);
487
487
  rmSync(cert, { force: true });
488
488
  rmSync(key, { force: true });
489
489
  const names = [...new Set([config.host, 'localhost', '127.0.0.1', '::1'])];
@@ -494,6 +494,8 @@ async function ensureCerts(config) {
494
494
  if (result.status !== 0) {
495
495
  throw new Error('Failed to generate TLS certificates');
496
496
  }
497
+ chmodSync(cert, 0o600);
498
+ chmodSync(key, 0o600);
497
499
  }
498
500
  async function ensureMkCert() {
499
501
  const bin = join(CACHE_HOME, 'visage/bin');
@@ -527,7 +529,14 @@ function startCompose(config) {
527
529
  `--file=${file}`,
528
530
  `--project-name=${process.env.COMPOSE_PROJECT_NAME ?? 'visage'}`,
529
531
  ];
530
- const env = { ...process.env, COMPOSE_MENU: 'false' };
532
+ const env = {
533
+ COMPOSE_MENU: 'false',
534
+ [config.secrets.cookieSecret]: randomBytes(32).toString('base64url'),
535
+ ...(config.oauth2.public
536
+ ? {}
537
+ : { [config.secrets.clientSecret]: config.oauth2.secret }),
538
+ ...process.env,
539
+ };
531
540
  const opts = {
532
541
  cwd: config.cache,
533
542
  stdio: ['ignore', output, output],
@@ -660,12 +669,27 @@ function renderComposeConfig(config) {
660
669
  const { dex, nginx, oauth2_proxy, ...services } = config.services;
661
670
  return stringify({
662
671
  networks: { default: { external: true, name: config.network.name } },
672
+ secrets: {
673
+ [config.secrets.cookieSecret]: {
674
+ environment: config.secrets.cookieSecret,
675
+ },
676
+ ...(config.oauth2.public
677
+ ? {}
678
+ : {
679
+ [config.secrets.clientSecret]: {
680
+ environment: config.secrets.clientSecret,
681
+ },
682
+ }),
683
+ },
663
684
  services: {
664
685
  ...('dex' in config.idp
665
686
  ? {
666
687
  dex: {
667
688
  ...config.services.dex,
668
689
  volumes: [`${config.files.dex[0]}:${config.files.dex[1]}:ro`],
690
+ ...(config.oauth2.public
691
+ ? {}
692
+ : { secrets: [config.secrets.clientSecret] }),
669
693
  },
670
694
  }
671
695
  : {}),
@@ -678,12 +702,10 @@ function renderComposeConfig(config) {
678
702
  ...config.services.oauth2_proxy,
679
703
  volumes: [
680
704
  `${config.files.oauth2Proxy[0]}:${config.files.oauth2Proxy[1]}:ro`,
681
- `${config.files.cookieSecret[0]}:${config.files.cookieSecret[1]}:ro`,
682
- ...(config.oauth2.public
683
- ? [
684
- `${config.files.clientSecret[0]}:${config.files.clientSecret[1]}:ro`,
685
- ]
686
- : []),
705
+ ],
706
+ secrets: [
707
+ config.secrets.cookieSecret,
708
+ ...(config.oauth2.public ? [] : [config.secrets.clientSecret]),
687
709
  ],
688
710
  },
689
711
  ...services,
@@ -699,7 +721,7 @@ function writeDexConfig(config) {
699
721
  function renderDexConfig(config) {
700
722
  if (!('dex' in config.idp))
701
723
  throw new Error('Dex config missing');
702
- const { host, port, oauth2, idp: { dex: { expiry, users }, oidc, upstream, }, } = config;
724
+ const { host, port, oauth2, secrets, idp: { dex: { expiry, users }, oidc, upstream, }, } = config;
703
725
  return stringify({
704
726
  issuer: oidc.issuer,
705
727
  storage: { type: 'memory' },
@@ -708,10 +730,12 @@ function renderDexConfig(config) {
708
730
  staticClients: [
709
731
  {
710
732
  id: oauth2.id,
711
- name: 'Visage',
712
- ...(oauth2.secret === undefined
733
+ name: oauth2.id,
734
+ ...(oauth2.public
713
735
  ? { public: true }
714
- : { secret: oauth2.secret }),
736
+ : {
737
+ secret: `{{ file.Read "/run/secrets/${secrets.clientSecret}" }}`,
738
+ }),
715
739
  redirectURIs: [`https://${host}:${port}/oauth2/callback`],
716
740
  },
717
741
  ],
@@ -871,15 +895,6 @@ function writeOauth2ProxyConfig(config) {
871
895
  const file = join(config.cache, config.files.oauth2Proxy[0]);
872
896
  const render = renderOauth2ProxyConfig(config);
873
897
  writeFileSync(file, render, 'utf-8');
874
- if (config.oauth2.public) {
875
- writeFileSync(join(config.cache, config.files.clientSecret[0]), '');
876
- }
877
- const cookieSecretFile = join(config.cache, config.files.cookieSecret[0]);
878
- if (!existsSync(cookieSecretFile)) {
879
- const secret = randomBytes(32).toString('base64url');
880
- writeFileSync(cookieSecretFile, secret, { encoding: 'utf-8', mode: 0o644 });
881
- }
882
- chmodSync(cookieSecretFile, 0o644);
883
898
  }
884
899
  function renderOauth2ProxyConfig(config) {
885
900
  const data = {
@@ -896,13 +911,14 @@ function renderOauth2ProxyConfig(config) {
896
911
  : {}),
897
912
  redirect_url: `https://${config.host}:${config.port}/oauth2/callback`,
898
913
  client_id: config.oauth2.id,
899
- ...(config.oauth2.secret === undefined
914
+ ...(config.oauth2.public
900
915
  ? {
901
- client_secret_file: config.files.clientSecret[1],
902
916
  code_challenge_method: 'S256',
917
+ client_secret_file: '/dev/null',
903
918
  }
904
- : { client_secret: config.oauth2.secret }),
919
+ : { client_secret_file: `/run/secrets/${config.secrets.clientSecret}` }),
905
920
  ...config.cookie,
921
+ cookie_secret_file: `/run/secrets/${config.secrets.cookieSecret}`,
906
922
  cookie_httponly: true,
907
923
  cookie_secure: true,
908
924
  cookie_samesite: 'lax',
@@ -959,7 +975,8 @@ function createVisageServer(options) {
959
975
  async function startVisageServer(config) {
960
976
  const logs = join(config.cache, 'logs');
961
977
  rmSync(logs, { recursive: true, force: true });
962
- mkdirSync(logs, { recursive: true });
978
+ mkdirSync(logs, { recursive: true, mode: 0o700 });
979
+ chmodSync(logs, 0o700);
963
980
  await ensureCerts(config);
964
981
  ensureHostEntry(config);
965
982
  const renderConfig = ensureNginxNetwork(config);
package/dist/render/oauth2-proxy.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2-proxy.d.ts","sourceRoot":"","sources":["../../src/render/oauth2-proxy.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAW9C,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAejE"}
1
+ {"version":3,"file":"oauth2-proxy.d.ts","sourceRoot":"","sources":["../../src/render/oauth2-proxy.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAW9C,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAIjE"}
package/dist/server.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAKvC,OAAO,EAAiC,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC;AAa5E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,MAAM,MAAM,gBAAgB,GAAG,CAC7B,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,cAAc,EACxB,IAAI,EAAE,MAAM,IAAI,KACb,IAAI,CAAC;AAEV,MAAM,MAAM,oBAAoB,GAAG,CACjC,OAAO,EAAE,eAAe,EACxB,MAAM,EAAE,MAAM,KACX,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB;;OAEG;IACH,UAAU,EAAE,gBAAgB,CAAC;IAC7B;;;OAGG;IACH,OAAO,EAAE,oBAAoB,CAAC;IAC9B;;OAEG;IACH,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB;;OAEG;IACH,KAAK,IAAI,IAAI,CAAC;CACf,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,aAAa,GAAG,YAAY,CAgBvE;AAED,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,YAAY,GACnB,OAAO,CAAC,MAAM,IAAI,CAAC,CAkBrB"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAKvC,OAAO,EAAiC,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC;AAa5E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,MAAM,MAAM,gBAAgB,GAAG,CAC7B,OAAO,EAAE,eAAe,EACxB,QAAQ,EAAE,cAAc,EACxB,IAAI,EAAE,MAAM,IAAI,KACb,IAAI,CAAC;AAEV,MAAM,MAAM,oBAAoB,GAAG,CACjC,OAAO,EAAE,eAAe,EACxB,MAAM,EAAE,MAAM,KACX,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB;;OAEG;IACH,UAAU,EAAE,gBAAgB,CAAC;IAC7B;;;OAGG;IACH,OAAO,EAAE,oBAAoB,CAAC;IAC9B;;OAEG;IACH,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB;;OAEG;IACH,KAAK,IAAI,IAAI,CAAC;CACf,CAAC;AAEF,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,aAAa,GAAG,YAAY,CAgBvE;AAED,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,YAAY,GACnB,OAAO,CAAC,MAAM,IAAI,CAAC,CAmBrB"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@blakearoberts/visage",
3
- "version": "0.0.1-rc.23",
3
+ "version": "0.0.1-rc.25",
4
4
  "description": "Vite plugin for local development with HMR and OIDC session cookie lifecycle semantics.",
5
5
  "type": "module",
6
6
  "author": "Blake Roberts",