@blakearoberts/visage 0.0.1-rc.4 → 0.0.1-rc.6

package/README.md

@@ -33,31 +33,36 @@ Visage is configured through `visage(options?)` in `vite.config.ts`.
 
 The top-level `host` and `port` configure the local Visage origin that the browser visits:
 
+```ts
+visage({ host: 'localhost', port: 9001 });
+```
+
+### Services
+
+Services are Docker Compose services managed by the Vite dev-server lifecycle.
+Additional services automatically get a matching managed upstream with the same
+name, host, and default `/{name}/` location.
+
 ```ts
 visage({
-  host: 'localhost',
-  port: 9001,
+  services: { whoami: { image: 'traefik/whoami' } },
 });
 ```
 
-Services are Docker Compose services managed by the Vite dev-server lifecycle. Upstreams are proxy targets that Visage routes to, whether they are managed services or external systems.
+### Upstreams
+
+Upstreams are proxy targets that Visage routes to. A top-level upstream with no
+matching service entry is treated as an external upstream.
 
 ```ts
 visage({
-  services: {
-    whoami: { image: 'traefik/whoami' },
-  },
   upstreams: {
-    whoami: {
-      host: 'whoami',
-      port: 80,
-      locations: { '/whoami/': {} },
-    },
+    api: { host: 'api.local.test', locations: { '/api/': {} } },
   },
 });
 ```
 
-See `VisageOptions` for the full option surface.
+See [`VisageOptions`](src/types.ts) for the full option surface.
 
 ## Expected Local URLs
 
@@ -97,15 +102,17 @@ flowchart LR
 
 ### mkcert
 
-Visage downloads [`mkcert`](https://github.com/FiloSottile/mkcert) from `dl.filippo.io` when the Vite dev server starts. Visage uses it to install a local certificate authority and generate HTTPS certificates for the local proxy.
+Visage downloads [`mkcert`](https://github.com/FiloSottile/mkcert) from `dl.filippo.io` into `$XDG_CACHE_HOME/visage/bin/mkcert-<platform>-<arch>` when the Vite dev server starts. Visage uses it to install a local certificate authority and generate HTTPS certificates for the local proxy.
 
 ### Docker Images
 
 Visage pulls these as needed based on configuration:
 
-- [NGINX](https://nginx.org/): [`nginx:1.30.0-alpine`](https://hub.docker.com/_/nginx).
-- [OAuth2 Proxy](https://oauth2-proxy.github.io/oauth2-proxy/): [`quay.io/oauth2-proxy/oauth2-proxy:v7.15.2`](https://quay.io/repository/oauth2-proxy/oauth2-proxy).
-- [Dex](https://dexidp.io/): [`ghcr.io/dexidp/dex:v2.45.1`](https://github.com/dexidp/dex/pkgs/container/dex).
+| Service                                                      | Image                                                                                               | Source                    |
+| ------------------------------------------------------------ | --------------------------------------------------------------------------------------------------- | ------------------------- |
+| [NGINX](https://nginx.org/)                                  | [`nginx:1.30.0-alpine`](https://hub.docker.com/_/nginx)                                             | Docker Hub                |
+| [OAuth2 Proxy](https://oauth2-proxy.github.io/oauth2-proxy/) | [`quay.io/oauth2-proxy/oauth2-proxy:v7.15.2`](https://quay.io/repository/oauth2-proxy/oauth2-proxy) | Quay                      |
+| [Dex](https://dexidp.io/)                                    | [`ghcr.io/dexidp/dex:v2.45.1`](https://github.com/dexidp/dex/pkgs/container/dex)                    | GitHub Container Registry |
 
 ## Security Notes
 
@@ -122,6 +129,7 @@ Do not treat the managed Dex and OAuth2 Proxy defaults as production auth infras
 
 ## TO-DO
 
+- [ ] Support SSR injection of identity into HTML responses as script tag elements.
 - [ ] Support configuring [Dex connectors](https://dexidp.io/docs/connectors/).
-- [ ] Support configuring Dex on a distinct subdomain, such as `auth.local.vite.app`.
+- [ ] Support configuring Dex on a distinct subdomain, such as `auth.localhost`.
 - [ ] Support optional [HTTP mode without local TLS](docs/tls-http-mode.md).

package/dist/certs.d.ts

@@ -1,8 +1,7 @@
 type Options = {
-    bin: string;
     certs: string;
     hostname: string;
 };
-export declare function ensureCerts({ bin, certs, hostname, }: Options): Promise<void>;
+export declare function ensureCerts({ certs, hostname }: Options): Promise<void>;
 export {};
 //# sourceMappingURL=certs.d.ts.map

package/dist/certs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../src/certs.ts"],"names":[],"mappings":"AAOA,KAAK,OAAO,GAAG;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,wBAAsB,WAAW,CAAC,EAChC,GAAG,EACH,KAAK,EACL,QAAQ,GACT,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAsCzB"}
+{"version":3,"file":"certs.d.ts","sourceRoot":"","sources":["../src/certs.ts"],"names":[],"mappings":"AAOA,KAAK,OAAO,GAAG;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,wBAAsB,WAAW,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAuC7E"}

package/dist/config.d.ts

@@ -1,5 +1,5 @@
 import type { ResolvedConfig } from 'vite';
-import type { VisageDexExpiry, VisageDexUser, VisageOptions, VisageService, VisageUpstream } from './types';
+import type { VisageDexExpiry, VisageDexOptions, VisageDexUser, VisageExternalIdpOptions, VisageOptions, VisageService, VisageUpstream } from './types';
 type Volume = readonly [from: string, to: string];
 type ResolvedCookiePolicy = {
     readonly cookie_name: string;
@@ -8,43 +8,20 @@ type ResolvedCookiePolicy = {
     readonly cookie_domains?: readonly string[];
     readonly cookie_path: string;
 };
-type ResolvedDexConfig = {
-    readonly expiry?: VisageDexExpiry;
-    readonly users: readonly Required<VisageDexUser>[];
-};
 type ResolvedIdpOption = {
-    readonly path: string;
-    readonly upstream: string;
-    readonly issuer?: string;
-    readonly authorizationEndpoint?: string;
-    readonly tokenEndpoint?: string;
-    readonly jwksEndpoint?: string;
-} & ({
-    readonly kind: 'dex';
-    readonly dex: ResolvedDexConfig;
-} | {
-    readonly kind: 'external';
-});
-type ResolvedIdp = {
-    readonly issuer: string;
-    readonly authorizationEndpoint: string;
-    readonly tokenEndpoint: string;
-    readonly jwksEndpoint: string;
-    readonly upstream: string;
-} & ({
-    readonly kind: 'dex';
-    readonly dex: ResolvedDexConfig;
-} | {
-    readonly kind: 'external';
-});
+    readonly dex: VisageDexOptions;
+} | VisageExternalIdpOptions;
 type ResolvedOAuth2Client = {
     readonly id: string;
     readonly secret?: string;
     readonly scopes: readonly string[];
     readonly public: boolean;
 };
-type ResolvedUpstream = VisageUpstream & {
-    readonly scheme: NonNullable<VisageUpstream['scheme']>;
+type ResolvedService = Omit<VisageService, 'upstream'>;
+type ResolvedUpstream = Omit<VisageUpstream, 'host' | 'port' | 'scheme'> & {
+    readonly host: string;
+    readonly port: number;
+    readonly scheme: 'http' | 'https';
 };
 type ResolvedVisageOptions = {
     readonly host: string;
@@ -52,14 +29,31 @@ type ResolvedVisageOptions = {
     readonly cookie: ResolvedCookiePolicy;
     readonly idp: ResolvedIdpOption;
     readonly oauth2: ResolvedOAuth2Client;
-    readonly services?: Record<string, VisageService>;
+    readonly services: Readonly<Record<string, ResolvedService>>;
     readonly upstreams?: Record<string, ResolvedUpstream>;
 };
+type ResolvedBaseIdpConfig = {
+    readonly upstream: string;
+    readonly issuer: string;
+    readonly authorization: string;
+    readonly token: string;
+    readonly jwks: string;
+};
+type ResolvedDexIdpConfig = ResolvedBaseIdpConfig & {
+    readonly dex: {
+        readonly expiry?: VisageDexExpiry;
+        readonly users: readonly VisageDexUser[];
+    };
+};
+type ResolvedExternalIdpConfig = ResolvedBaseIdpConfig & {
+    readonly dex?: never;
+};
+type ResolvedIdpConfig = ResolvedDexIdpConfig | ResolvedExternalIdpConfig;
 export type VisageConfig = {
     readonly host: string;
     readonly port: number;
     readonly cookie: ResolvedCookiePolicy;
-    readonly idp: ResolvedIdp;
+    readonly idp: ResolvedIdpConfig;
     readonly oauth2: ResolvedOAuth2Client;
     readonly cache: string;
     readonly files: {
@@ -70,10 +64,10 @@ export type VisageConfig = {
         readonly oauth2Proxy: Volume;
         readonly oauth2ProxyClientSecret: Volume;
     };
-    readonly services: Readonly<Record<string, VisageService>>;
+    readonly services: Readonly<Record<string, ResolvedService>>;
     readonly upstreams: Readonly<Record<string, ResolvedUpstream>>;
 };
-export declare function resolveOptions({ host, port, cookie, idp, oauth2, services, upstreams, }: VisageOptions): ResolvedVisageOptions;
+export declare function resolveOptions(options: VisageOptions): ResolvedVisageOptions;
 export declare function resolveConfig(options: ResolvedVisageOptions, config: ResolvedConfig, vitePort: number): VisageConfig;
 export {};
 //# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAE3C,OAAO,KAAK,EACV,eAAe,EAEf,aAAa,EAEb,aAAa,EAEb,aAAa,EACb,cAAc,EACf,MAAM,SAAS,CAAC;AAEjB,KAAK,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAElD,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,KAAK,iBAAiB,GAAG;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,SAAS,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;CACpD,CAAC;AAEF,KAAK,iBAAiB,GAAG;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IACxC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC,GAAG,CACA;IACE,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;CACjC,GACD;IAAE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAA;CAAE,CAChC,CAAC;AAEF,KAAK,WAAW,GAAG;IACjB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B,GAAG,CACA;IACE,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;CACjC,GACD;IAAE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAA;CAAE,CAChC,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,KAAK,gBAAgB,GAAG,cAAc,GAAG;IACvC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;CACxD,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAClD,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CACvD,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,WAAW,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IAEtC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,uBAAuB,EAAE,MAAM,CAAC;KAC1C,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;IAC3D,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;CAChE,CAAC;AAgHF,wBAAgB,cAAc,CAAC,EAC7B,IAAuB,EACvB,IAAW,EACX,MAAW,EACX,GAAG,EACH,MAAW,EACX,QAAQ,EACR,SAAS,GACV,EAAE,aAAa,GAAG,qBAAqB,CA4CvC;AA6BD,wBAAgB,aAAa,CAC3B,OAAO,EAAE,qBAAqB,EAC9B,MAAM,EAAE,cAAc,EACtB,QAAQ,EAAE,MAAM,GACf,YAAY,CAqEd"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAE3C,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,aAAa,EAEb,aAAa,EACb,cAAc,EACf,MAAM,SAAS,CAAC;AAEjB,KAAK,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAElD,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,KAAK,iBAAiB,GAClB;IACE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAC;CAChC,GACD,wBAAwB,CAAC;AAE7B,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,KAAK,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;AAEvD,KAAK,gBAAgB,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,CAAC,GAAG;IACzE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;CACnC,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CACvD,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AACF,KAAK,oBAAoB,GAAG,qBAAqB,GAAG;IAClD,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;QAClC,QAAQ,CAAC,KAAK,EAAE,SAAS,aAAa,EAAE,CAAC;KAC1C,CAAC;CACH,CAAC;AACF,KAAK,yBAAyB,GAAG,qBAAqB,GAAG;IACvD,QAAQ,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC;CACtB,CAAC;AACF,KAAK,iBAAiB,GAAG,oBAAoB,GAAG,yBAAyB,CAAC;AAE1E,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IAEtC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,uBAAuB,EAAE,MAAM,CAAC;KAC1C,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;CAChE,CAAC;AA2GF,wBAAgB,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,qBAAqB,CAmE5E;AAqHD,wBAAgB,aAAa,CAC3B,OAAO,EAAE,qBAAqB,EAC9B,MAAM,EAAE,cAAc,EACtB,QAAQ,EAAE,MAAM,GACf,YAAY,CAsDd"}

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 import type { Plugin } from 'vite';
 import type { VisageOptions } from './types';
-export type { VisageCookiePolicy, VisageDexExpiry, VisageDexOptions, VisageDexUser, VisageIdpOptions, VisageOAuth2Client, VisageOptions, VisageProxyPolicy, VisageService, VisageUpstream, } from './types';
+export type { VisageCookiePolicy, VisageDexExpiry, VisageDexOptions, VisageDexUser, VisageExternalIdpOptions, VisageOAuth2Client, VisageOptions, VisageProxyPolicy, VisageService, VisageUpstream, } from './types';
 export declare function visage(options?: VisageOptions): Plugin;
 export default visage;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAOnC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,gBAAgB,EAChB,kBAAkB,EAClB,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC;AAEjB,wBAAgB,MAAM,CAAC,OAAO,GAAE,aAAkB,GAAG,MAAM,CAmD1D;AAED,eAAe,MAAM,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAOnC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,YAAY,EACV,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,kBAAkB,EAClB,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC;AAEjB,wBAAgB,MAAM,CAAC,OAAO,GAAE,aAAkB,GAAG,MAAM,CAkD1D;AAED,eAAe,MAAM,CAAC"}

package/dist/index.js

@@ -1,6 +1,6 @@
 import { dirname, join } from 'node:path';
 import { spawnSync } from 'node:child_process';
-import { existsSync, mkdirSync, createWriteStream, chmodSync, readFileSync, appendFileSync, writeFileSync } from 'node:fs';
+import { existsSync, mkdirSync, chmodSync, createWriteStream, readFileSync, appendFileSync, writeFileSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { Readable } from 'node:stream';
 import { pipeline } from 'node:stream/promises';
@@ -56,18 +56,19 @@ function onSigTerm() {
     }
 }
 
-async function ensureCerts({ bin, certs, hostname, }) {
+async function ensureCerts({ certs, hostname }) {
     const cert = join(certs, 'tls.crt');
     const key = join(certs, 'tls.key');
     if (existsSync(cert) && existsSync(key))
         return;
-    const mkcert = await ensureMkCert(bin);
+    const mkcert = await ensureMkCert();
     const env = {
         ...process.env,
         CAROOT: join(process.env.XDG_CACHE_HOME || join(homedir(), '.cache'), 'visage/ca'),
         TRUST_STORES: process.env.TRUST_STORES ?? 'system',
     };
-    mkdirSync(env.CAROOT, { recursive: true });
+    mkdirSync(env.CAROOT, { recursive: true, mode: 0o700 });
+    chmodSync(env.CAROOT, 0o700);
     // mkcert -install is idempotent; CA files alone do not prove trust-store state.
     {
         const result = spawnSync(mkcert, ['-install'], {
@@ -91,8 +92,9 @@ async function ensureCerts({ bin, certs, hostname, }) {
         throw new Error('Failed to generate TLS certificates');
     }
 }
-async function ensureMkCert(bin) {
-    const file = join(bin, 'mkcert');
+async function ensureMkCert() {
+    const bin = join(process.env.XDG_CACHE_HOME || join(homedir(), '.cache'), 'visage/bin');
+    const file = join(bin, `mkcert-${process.platform}-${process.arch}`);
     if (existsSync(file))
         return file;
     mkdirSync(bin, { recursive: true });
@@ -163,7 +165,7 @@ function renderComposeConfig(config) {
     const { dex, nginx, oauth2_proxy, ...services } = config.services;
     return stringify({
         services: {
-            ...(config.idp.kind === 'dex'
+            ...(config.idp.dex !== undefined
                 ? {
                     dex: {
                         ...config.services.dex,
@@ -198,14 +200,15 @@ function writeDexConfig(config) {
     writeFileSync(file, render, 'utf-8');
 }
 function renderDexConfig(config) {
-    if (config.idp.kind !== 'dex') {
+    const { idp } = config;
+    if (idp.dex === undefined) {
         throw new Error('Dex config is required to render Dex');
     }
     const origin = `https://${config.host}:${config.port}`;
     const redirect = `${origin}/oauth2/callback`;
-    const upstream = config.upstreams[config.idp.upstream];
+    const upstream = config.upstreams[idp.upstream];
     return stringify({
-        issuer: config.idp.issuer,
+        issuer: idp.issuer,
         storage: { type: 'memory' },
         web: { http: `0.0.0.0:${upstream.port}` },
         oauth2: { skipApprovalScreen: true },
@@ -220,10 +223,8 @@ function renderDexConfig(config) {
             },
         ],
         enablePasswordDB: true,
-        ...(config.idp.dex.expiry === undefined
-            ? {}
-            : { expiry: config.idp.dex.expiry }),
-        staticPasswords: config.idp.dex.users.map(({ password, ...user }) => ({
+        ...(idp.dex.expiry === undefined ? {} : { expiry: idp.dex.expiry }),
+        staticPasswords: idp.dex.users.map(({ password, ...user }) => ({
             ...user,
             hash: hashSync(password, 10),
         })),
@@ -314,9 +315,9 @@ function renderOauth2ProxyConfig(config) {
         provider: 'oidc',
         oidc_issuer_url: config.idp.issuer,
         skip_oidc_discovery: true,
-        login_url: config.idp.authorizationEndpoint,
-        redeem_url: config.idp.tokenEndpoint,
-        oidc_jwks_url: config.idp.jwksEndpoint,
+        login_url: config.idp.authorization,
+        redeem_url: config.idp.token,
+        oidc_jwks_url: config.idp.jwks,
         redirect_url: `https://${config.host}:${config.port}/oauth2/callback`,
         client_id: config.oauth2.id,
         ...(config.oauth2.secret === undefined
@@ -358,7 +359,7 @@ function renderOauth2ProxyConfig(config) {
 
 function render(config) {
     writeComposeConfig(config);
-    if (config.idp.kind === 'dex') {
+    if (config.idp.dex !== undefined) {
         writeDexConfig(config);
     }
     writeNginxConfig(config);
@@ -376,22 +377,23 @@ const BaseFiles = {
     ],
     oauth2Proxy: ['./oauth2-proxy.yml', '/etc/oauth2-proxy/config.yml'],
 };
+const BaseDexService = {
+    image: 'ghcr.io/dexidp/dex:v2.45.1',
+    command: ['dex', 'serve', '/etc/dex/dex.yml'],
+};
+const BaseServiceNginx = {
+    image: 'nginx:1.30.0-alpine',
+    depends_on: ['oauth2_proxy'],
+    extra_hosts: ['host.docker.internal:host-gateway'],
+};
+const BaseOAuth2ProxyService = {
+    image: 'quay.io/oauth2-proxy/oauth2-proxy:v7.15.2',
+    command: ['--config', '/etc/oauth2-proxy/config.yml'],
+    extra_hosts: ['host.docker.internal:host-gateway'],
+};
 const BaseServices = {
-    dex: {
-        image: 'ghcr.io/dexidp/dex:v2.45.1',
-        command: ['dex', 'serve', '/etc/dex/dex.yml'],
-    },
-    nginx: {
-        image: 'nginx:1.30.0-alpine',
-        depends_on: ['oauth2_proxy', 'dex'],
-        extra_hosts: ['host.docker.internal:host-gateway'],
-    },
-    oauth2_proxy: {
-        image: 'quay.io/oauth2-proxy/oauth2-proxy:v7.15.2',
-        command: ['--config', '/etc/oauth2-proxy/config.yml'],
-        depends_on: ['dex'],
-        extra_hosts: ['host.docker.internal:host-gateway'],
-    },
+    nginx: BaseServiceNginx,
+    oauth2_proxy: BaseOAuth2ProxyService,
 };
 const BaseDexUpstream = {
     host: 'dex',
@@ -441,11 +443,6 @@ const DefaultDexUsers = [
         password: 'pass',
     },
 ];
-const DefaultIdpConfig = {
-    kind: 'dex',
-    path: '/dex',
-    upstream: 'dex',
-};
 const DefaultOAuth2Client = {
     id: 'visage',
     secret: 'visage-secret',
@@ -460,9 +457,14 @@ const DefaultProxyPolicy = {
         'X-Forwarded-Proto': '$scheme',
     },
 };
-function resolveOptions({ host = 'local.vite.app', port = 9001, cookie = {}, idp, oauth2 = {}, services, upstreams, }) {
+function resolveOptions(options) {
+    const { host = 'localhost', port = 9001, cookie = {}, oauth2 = {} } = options;
     const cookieName = cookie.name ?? 'session';
     const publicClient = oauth2.clientSecret === null;
+    const upstreams = {
+        ...resolveServiceUpstreams(options.services),
+        ...resolveUpstreams(options.upstreams),
+    };
     return {
         host,
         port,
@@ -482,7 +484,7 @@ function resolveOptions({ host = 'local.vite.app', port = 9001, cookie = {}, idp
                 : { cookie_domains: cookie.domains }),
             ...(cookie.path === undefined ? {} : { cookie_path: cookie.path }),
         },
-        idp: resolveIdpOption(idp),
+        idp: resolveIdpOption(options.idp),
         oauth2: {
             id: oauth2.clientId ?? DefaultOAuth2Client.id,
             ...(publicClient
@@ -491,30 +493,74 @@ function resolveOptions({ host = 'local.vite.app', port = 9001, cookie = {}, idp
             scopes: oauth2.scopes ?? DefaultOAuth2Client.scopes,
             public: publicClient,
         },
-        ...(services === undefined ? {} : { services }),
-        ...(upstreams === undefined
-            ? {}
-            : {
-                upstreams: Object.fromEntries(Object.entries(upstreams).map(([name, upstream]) => [
-                    name,
-                    { ...upstream, scheme: upstream.scheme ?? 'http' },
-                ])),
-            }),
+        services: {
+            ...Object.fromEntries(Object.entries(options.services ?? {}).map(([name, service]) => [
+                name,
+                resolveService(service),
+            ])),
+            nginx: {
+                ...BaseServiceNginx,
+                ...{
+                    ...resolveService(options.services?.nginx ?? {}),
+                    extra_hosts: [
+                        ...BaseServiceNginx.extra_hosts,
+                        ...(options.services?.nginx?.extra_hosts ?? []),
+                    ],
+                },
+            },
+            oauth2_proxy: {
+                ...BaseOAuth2ProxyService,
+                ...{
+                    ...resolveService(options.services?.oauth2_proxy ?? {}),
+                    extra_hosts: [
+                        ...BaseOAuth2ProxyService.extra_hosts,
+                        ...(options.services?.oauth2_proxy?.extra_hosts ?? []),
+                    ],
+                },
+            },
+        },
+        ...(Object.keys(upstreams).length === 0 ? {} : { upstreams }),
+    };
+}
+function resolveService(service) {
+    const { upstream: _upstream, ...resolved } = service;
+    return resolved;
+}
+function resolveServiceUpstreams(services = {}) {
+    return Object.fromEntries(Object.entries(services)
+        .filter(([name]) => 
+    // Exclude base services handled separately.
+    name !== 'dex' && name !== 'nginx' && name !== 'oauth2_proxy')
+        .map(([name, service]) => [
+        name,
+        resolveUpstream(name, service.upstream ?? {}),
+    ]));
+}
+function resolveUpstreams(upstreams = {}) {
+    return Object.fromEntries(Object.entries(upstreams).map(([name, upstream]) => [
+        name,
+        resolveUpstream(name, upstream),
+    ]));
+}
+function resolveUpstream(name, upstream) {
+    return {
+        ...upstream,
+        host: upstream.host ?? name,
+        locations: upstream.locations ?? { [`/${name}/`]: {} },
+        port: upstream.port ?? 80,
+        scheme: upstream.scheme ?? 'http',
     };
 }
 function resolveIdpOption(idp) {
-    function normalizePath(path) {
-        const pathWithLeadingSlash = path.startsWith('/') ? path : `/${path}`;
-        return pathWithLeadingSlash.endsWith('/')
-            ? pathWithLeadingSlash.slice(0, -1)
-            : pathWithLeadingSlash;
-    }
-    if (idp?.kind === 'external') {
-        const { path = DefaultIdpConfig.path, ...external } = idp;
-        return { ...external, path: normalizePath(path) };
+    if (idp && 'issuer' in idp) {
+        return {
+            issuer: idp.issuer,
+            authorization: idp.authorization ?? '/auth',
+            token: idp.token ?? '/token',
+            jwks: idp.jwks ?? '/keys',
+        };
     }
     return {
-        ...DefaultIdpConfig,
         dex: {
             ...(idp?.expiry ? { expiry: idp.expiry } : {}),
             users: (idp?.users ?? DefaultDexUsers).map((user) => ({
@@ -526,45 +572,75 @@ function resolveIdpOption(idp) {
         },
     };
 }
+function resolveIdpConfig({ host, port, idp, }) {
+    if ('dex' in idp) {
+        const issuer = `https://${host}:${port}/dex`;
+        const upstream = `http://dex:5556/dex`;
+        return {
+            upstream: 'dex',
+            issuer,
+            authorization: `${issuer}/auth`,
+            token: `${upstream}/token`,
+            jwks: `${upstream}/keys`,
+            dex: {
+                expiry: idp.dex.expiry,
+                users: (idp.dex?.users ?? DefaultDexUsers).map((user) => ({
+                    email: user.email,
+                    password: user.password,
+                    username: user.username ?? user.email.split('@', 1)[0],
+                    userID: user.userID ?? user.email,
+                })),
+            },
+        };
+    }
+    return {
+        upstream: 'idp',
+        issuer: idp.issuer,
+        authorization: idp.issuer + (idp.authorization ?? '/auth'),
+        token: idp.issuer + (idp.token ?? '/token'),
+        jwks: idp.issuer + (idp.jwks ?? '/keys'),
+    };
+}
+function resolveExternalIdpUpstream(idp) {
+    const issuer = new URL(idp.issuer);
+    return {
+        host: issuer.hostname,
+        scheme: issuer.protocol === 'https:' ? 'https' : 'http',
+        port: Number(issuer.port) || (issuer.protocol === 'https:' ? 443 : 80),
+    };
+}
 function resolveConfig(options, config, vitePort) {
+    const idp = resolveIdpConfig(options);
     const upstreams = {
         oauth2_proxy: BaseOauth2ProxyUpstream,
         vite: { ...BaseViteUpstream, port: vitePort },
-        ...(options.idp.kind === 'dex' ? { dex: BaseDexUpstream } : {}),
+        ...(idp.dex === undefined
+            ? { idp: resolveExternalIdpUpstream(idp) }
+            : { dex: BaseDexUpstream }),
         ...options.upstreams,
     };
-    const { host: idpHost, port: idpPort, scheme: idpScheme, } = upstreams[options.idp.upstream];
-    const origin = `https://${options.host}:${options.port}`;
-    const idpOrigin = `${idpScheme}://${idpHost}:${idpPort}`;
-    const idpBase = {
-        upstream: options.idp.upstream,
-        issuer: options.idp.issuer ?? `${origin}${options.idp.path}`,
-        authorizationEndpoint: options.idp.authorizationEndpoint ?? `${origin}${options.idp.path}/auth`,
-        tokenEndpoint: options.idp.tokenEndpoint ?? `${idpOrigin}${options.idp.path}/token`,
-        jwksEndpoint: options.idp.jwksEndpoint ?? `${idpOrigin}${options.idp.path}/keys`,
-    };
     return {
         host: options.host,
         port: options.port,
         cookie: options.cookie,
-        idp: options.idp.kind === 'dex'
-            ? { ...idpBase, kind: 'dex', dex: options.idp.dex }
-            : { ...idpBase, kind: 'external' },
+        idp,
         oauth2: options.oauth2,
         cache: join(config.cacheDir, 'visage'),
         files: { ...BaseFiles },
         services: {
-            ...(options.idp.kind === 'dex'
+            ...(idp.dex === undefined
                 ? BaseServices
                 : {
+                    dex: BaseDexService,
                     nginx: {
                         ...BaseServices.nginx,
-                        depends_on: ['oauth2_proxy'],
+                        depends_on: ['dex', 'oauth2_proxy'],
                     },
                     oauth2_proxy: {
                         command: BaseServices.oauth2_proxy.command,
                         extra_hosts: BaseServices.oauth2_proxy.extra_hosts,
                         image: BaseServices.oauth2_proxy.image,
+                        depends_on: ['dex'],
                     },
                 }),
             ...options.services,
@@ -607,7 +683,6 @@ function visage(options = {}) {
             async function startVisage(port) {
                 const config = resolveConfig(resolvedOptions, server.config, port);
                 await ensureCerts({
-                    bin: join(config.cache, 'bin'),
                     certs: join(config.cache, config.files.certs[0]),
                     hostname: config.host,
                 });

package/dist/types.d.ts

@@ -5,7 +5,7 @@ export type VisageOptions = {
     /**
      * Browser-facing hostname for the local Visage HTTPS origin.
      *
-     * @defaultValue `'local.vite.app'`
+     * @defaultValue `'localhost'`
      */
     readonly host?: string;
     /**
@@ -22,7 +22,7 @@ export type VisageOptions = {
      * Identity provider configuration. Omit this to use Visage's managed Dex
      * provider.
      */
-    readonly idp?: VisageDexOptions | VisageIdpOptions;
+    readonly idp?: VisageDexOptions | VisageExternalIdpOptions;
     /**
      * OAuth2 client settings shared by Dex or an external IdP and OAuth2 Proxy.
      */
@@ -78,11 +78,6 @@ export type VisageCookiePolicy = {
  * Managed Dex identity provider options.
  */
 export type VisageDexOptions = {
-    /**
-     * Selects the managed Dex provider. Omit this for the default managed Dex
-     * provider.
-     */
-    readonly kind?: 'dex';
     /**
      * Token expiration and rotation settings rendered into the Dex config.
      */
@@ -164,45 +159,32 @@ export type VisageDexUser = {
 /**
  * External OpenID Connect identity provider options.
  */
-export type VisageIdpOptions = {
-    /**
-     * Selects the external IdP flow.
-     */
-    readonly kind: 'external';
+export type VisageExternalIdpOptions = {
     /**
-     * Name of the configured upstream that serves the external IdP.
+     * OIDC issuer URL used by OAuth2 Proxy.
      */
-    readonly upstream: string;
+    readonly issuer: string;
     /**
-     * Public path where the external IdP is exposed through Visage.
+     * OIDC authorization path appended to
+     * {@link VisageExternalIdpOptions.issuer}.
      *
-     * @defaultValue `'/dex'`
+     * @defaultValue '/auth'
      */
-    readonly path?: string;
-    /**
-     * OIDC issuer URL. Defaults to the Visage origin plus
-     * {@link VisageIdpOptions.path}.
-     */
-    readonly issuer?: string;
+    readonly authorization?: string;
     /**
-     * Browser-facing authorization endpoint URL. Defaults to the Visage origin
-     * plus {@link VisageIdpOptions.path} and `/auth`.
-     */
-    readonly authorizationEndpoint?: string;
-    /**
-     * Token endpoint URL used by OAuth2 Proxy.
+     * OIDC token endpoint path appended to
+     * {@link VisageExternalIdpOptions.issuer}.
      *
-     * Defaults to the configured IdP upstream origin plus
-     * {@link VisageIdpOptions.path} and `/token`.
+     * @defaultValue '/token'
      */
-    readonly tokenEndpoint?: string;
+    readonly token?: string;
     /**
-     * JWKS endpoint URL used by OAuth2 Proxy.
+     * OIDC JWKS endpoint path appended to
+     * {@link VisageExternalIdpOptions.issuer}.
      *
-     * Defaults to the configured IdP upstream origin plus
-     * {@link VisageIdpOptions.path} and `/keys`.
+     * @defaultValue '/keys'
      */
-    readonly jwksEndpoint?: string;
+    readonly jwks?: string;
 };
 /**
  * OAuth2 client configuration used by OAuth2 Proxy and, for managed Dex, the
@@ -236,9 +218,11 @@ export type VisageOAuth2Client = {
  */
 export type VisageService = {
     /**
-     * Container image reference used for the service.
+     * Container image reference used for the service. Required for additional
+     * services; defaults to the managed image when overriding `nginx` or
+     * `oauth2_proxy`.
      */
-    readonly image: string;
+    readonly image?: string;
     /**
      * Optional command override rendered into the Compose service.
      */
@@ -251,6 +235,11 @@ export type VisageService = {
      * Additional host-to-IP mappings rendered into the Compose service.
      */
     readonly extra_hosts?: readonly string[];
+    /**
+     * Optional upstream override for this service. Omit this to create a default
+     * upstream from the service name.
+     */
+    readonly upstream?: VisageUpstream;
 };
 /**
  * Named proxy target that NGINX routes to for one or more locations.
@@ -258,8 +247,10 @@ export type VisageService = {
 export type VisageUpstream = {
     /**
      * Hostname or Compose service name NGINX should proxy to.
+     *
+     * @defaultValue The upstream name.
      */
-    readonly host: string;
+    readonly host?: string;
     /**
      * URL scheme NGINX should use when proxying to this upstream.
      *
@@ -268,10 +259,14 @@ export type VisageUpstream = {
     readonly scheme?: 'http' | 'https';
     /**
      * Port NGINX should proxy to on {@link VisageUpstream.host}.
+     *
+     * @defaultValue `80`
      */
-    readonly port: number;
+    readonly port?: number;
     /**
      * Path-location policies for this upstream, keyed by NGINX location path.
+     *
+     * @defaultValue `/{upstreamName}/`
      */
     readonly locations?: {
         readonly [path: string]: VisageProxyPolicy;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,GAAG,gBAAgB,CAAC;IACnD;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAClD;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACrD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;;;OAMG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;;OAGG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC;IACtB;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;IAClC;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,aAAa,EAAE,CAAC;CAC3C,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;OAEG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;OAEG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvB;;WAEG;QACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QACpC;;WAEG;QACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;OAGG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IACxC;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;;;OAOG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACrC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;OAEG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC1C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,iBAAiB,CAAA;KAAE,CAAC;CACrE,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE;QACd;;;;WAIG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;QAC3B;;;;WAIG;QACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;QAC5B;;;;;WAKG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;CACvD,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,GAAG,wBAAwB,CAAC;IAC3D;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAClD;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACrD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;;;OAMG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;IAClC;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,aAAa,EAAE,CAAC;CAC3C,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;OAEG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;OAEG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvB;;WAEG;QACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QACpC;;WAEG;QACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,wBAAwB,GAAG;IACrC;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;;;OAOG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACrC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;OAEG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,iBAAiB,CAAA;KAAE,CAAC;CACrE,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE;QACd;;;;WAIG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;QAC3B;;;;WAIG;QACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;QAC5B;;;;;WAKG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;CACvD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blakearoberts/visage",
-  "version": "0.0.1-rc.4",
+  "version": "0.0.1-rc.6",
   "description": "Vite plugin for local development with HMR and OIDC session cookie lifecycle semantics.",
   "type": "module",
   "author": "Blake Roberts",