@blakearoberts/visage 0.0.1-rc.5 → 0.0.1-rc.6

package/README.md

@@ -33,31 +33,36 @@ Visage is configured through `visage(options?)` in `vite.config.ts`.
 
 The top-level `host` and `port` configure the local Visage origin that the browser visits:
 
+```ts
+visage({ host: 'localhost', port: 9001 });
+```
+
+### Services
+
+Services are Docker Compose services managed by the Vite dev-server lifecycle.
+Additional services automatically get a matching managed upstream with the same
+name, host, and default `/{name}/` location.
+
 ```ts
 visage({
-  host: 'localhost',
-  port: 9001,
+  services: { whoami: { image: 'traefik/whoami' } },
 });
 ```
 
-Services are Docker Compose services managed by the Vite dev-server lifecycle. Upstreams are proxy targets that Visage routes to, whether they are managed services or external systems.
+### Upstreams
+
+Upstreams are proxy targets that Visage routes to. A top-level upstream with no
+matching service entry is treated as an external upstream.
 
 ```ts
 visage({
-  services: {
-    whoami: { image: 'traefik/whoami' },
-  },
   upstreams: {
-    whoami: {
-      host: 'whoami',
-      port: 80,
-      locations: { '/whoami/': {} },
-    },
+    api: { host: 'api.local.test', locations: { '/api/': {} } },
   },
 });
 ```
 
-See `VisageOptions` for the full option surface.
+See [`VisageOptions`](src/types.ts) for the full option surface.
 
 ## Expected Local URLs
 
@@ -124,6 +129,7 @@ Do not treat the managed Dex and OAuth2 Proxy defaults as production auth infras
 
 ## TO-DO
 
+- [ ] Support SSR injection of identity into HTML responses as script tag elements.
 - [ ] Support configuring [Dex connectors](https://dexidp.io/docs/connectors/).
-- [ ] Support configuring Dex on a distinct subdomain, such as `auth.local.vite.app`.
+- [ ] Support configuring Dex on a distinct subdomain, such as `auth.localhost`.
 - [ ] Support optional [HTTP mode without local TLS](docs/tls-http-mode.md).

package/dist/config.d.ts

@@ -9,7 +9,6 @@ type ResolvedCookiePolicy = {
     readonly cookie_path: string;
 };
 type ResolvedIdpOption = {
-    readonly kind: 'dex';
     readonly dex: VisageDexOptions;
 } | VisageExternalIdpOptions;
 type ResolvedOAuth2Client = {
@@ -18,10 +17,10 @@ type ResolvedOAuth2Client = {
     readonly scopes: readonly string[];
     readonly public: boolean;
 };
-type ResolvedService = VisageService & {
-    readonly image: string;
-};
-type ResolvedUpstream = VisageUpstream & {
+type ResolvedService = Omit<VisageService, 'upstream'>;
+type ResolvedUpstream = Omit<VisageUpstream, 'host' | 'port' | 'scheme'> & {
+    readonly host: string;
+    readonly port: number;
     readonly scheme: 'http' | 'https';
 };
 type ResolvedVisageOptions = {
@@ -41,14 +40,13 @@ type ResolvedBaseIdpConfig = {
     readonly jwks: string;
 };
 type ResolvedDexIdpConfig = ResolvedBaseIdpConfig & {
-    readonly kind: 'dex';
     readonly dex: {
         readonly expiry?: VisageDexExpiry;
         readonly users: readonly VisageDexUser[];
     };
 };
 type ResolvedExternalIdpConfig = ResolvedBaseIdpConfig & {
-    readonly kind: 'external';
+    readonly dex?: never;
 };
 type ResolvedIdpConfig = ResolvedDexIdpConfig | ResolvedExternalIdpConfig;
 export type VisageConfig = {

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAE3C,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,aAAa,EAEb,aAAa,EACb,cAAc,EACf,MAAM,SAAS,CAAC;AAEjB,KAAK,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAElD,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,KAAK,iBAAiB,GAClB;IACE,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAC;CAChC,GACD,wBAAwB,CAAC;AAE7B,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,KAAK,eAAe,GAAG,aAAa,GAAG;IACrC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,KAAK,gBAAgB,GAAG,cAAc,GAAG;IACvC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;CACnC,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CACvD,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AACF,KAAK,oBAAoB,GAAG,qBAAqB,GAAG;IAClD,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;QAClC,QAAQ,CAAC,KAAK,EAAE,SAAS,aAAa,EAAE,CAAC;KAC1C,CAAC;CACH,CAAC;AACF,KAAK,yBAAyB,GAAG,qBAAqB,GAAG;IACvD,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;CAC3B,CAAC;AACF,KAAK,iBAAiB,GAAG,oBAAoB,GAAG,yBAAyB,CAAC;AAE1E,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IAEtC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,uBAAuB,EAAE,MAAM,CAAC;KAC1C,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;CAChE,CAAC;AA2GF,wBAAgB,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,qBAAqB,CAwE5E;AA4ED,wBAAgB,aAAa,CAC3B,OAAO,EAAE,qBAAqB,EAC9B,MAAM,EAAE,cAAc,EACtB,QAAQ,EAAE,MAAM,GACf,YAAY,CAsDd"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAE3C,OAAO,KAAK,EACV,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,aAAa,EAEb,aAAa,EACb,cAAc,EACf,MAAM,SAAS,CAAC;AAEjB,KAAK,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;AAElD,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,KAAK,iBAAiB,GAClB;IACE,QAAQ,CAAC,GAAG,EAAE,gBAAgB,CAAC;CAChC,GACD,wBAAwB,CAAC;AAE7B,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,KAAK,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;AAEvD,KAAK,gBAAgB,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,CAAC,GAAG;IACzE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;CACnC,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;CACvD,CAAC;AAEF,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AACF,KAAK,oBAAoB,GAAG,qBAAqB,GAAG;IAClD,QAAQ,CAAC,GAAG,EAAE;QACZ,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;QAClC,QAAQ,CAAC,KAAK,EAAE,SAAS,aAAa,EAAE,CAAC;KAC1C,CAAC;CACH,CAAC;AACF,KAAK,yBAAyB,GAAG,qBAAqB,GAAG;IACvD,QAAQ,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC;CACtB,CAAC;AACF,KAAK,iBAAiB,GAAG,oBAAoB,GAAG,yBAAyB,CAAC;AAE1E,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IACtC,QAAQ,CAAC,GAAG,EAAE,iBAAiB,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;IAEtC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,uBAAuB,EAAE,MAAM,CAAC;KAC1C,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC;IAC7D,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC;CAChE,CAAC;AA2GF,wBAAgB,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,qBAAqB,CAmE5E;AAqHD,wBAAgB,aAAa,CAC3B,OAAO,EAAE,qBAAqB,EAC9B,MAAM,EAAE,cAAc,EACtB,QAAQ,EAAE,MAAM,GACf,YAAY,CAsDd"}

package/dist/index.js

@@ -165,7 +165,7 @@ function renderComposeConfig(config) {
     const { dex, nginx, oauth2_proxy, ...services } = config.services;
     return stringify({
         services: {
-            ...(config.idp.kind === 'dex'
+            ...(config.idp.dex !== undefined
                 ? {
                     dex: {
                         ...config.services.dex,
@@ -200,14 +200,15 @@ function writeDexConfig(config) {
     writeFileSync(file, render, 'utf-8');
 }
 function renderDexConfig(config) {
-    if (config.idp.kind !== 'dex') {
+    const { idp } = config;
+    if (idp.dex === undefined) {
         throw new Error('Dex config is required to render Dex');
     }
     const origin = `https://${config.host}:${config.port}`;
     const redirect = `${origin}/oauth2/callback`;
-    const upstream = config.upstreams[config.idp.upstream];
+    const upstream = config.upstreams[idp.upstream];
     return stringify({
-        issuer: config.idp.issuer,
+        issuer: idp.issuer,
         storage: { type: 'memory' },
         web: { http: `0.0.0.0:${upstream.port}` },
         oauth2: { skipApprovalScreen: true },
@@ -222,10 +223,8 @@ function renderDexConfig(config) {
             },
         ],
         enablePasswordDB: true,
-        ...(config.idp.dex.expiry === undefined
-            ? {}
-            : { expiry: config.idp.dex.expiry }),
-        staticPasswords: config.idp.dex.users.map(({ password, ...user }) => ({
+        ...(idp.dex.expiry === undefined ? {} : { expiry: idp.dex.expiry }),
+        staticPasswords: idp.dex.users.map(({ password, ...user }) => ({
             ...user,
             hash: hashSync(password, 10),
         })),
@@ -360,7 +359,7 @@ function renderOauth2ProxyConfig(config) {
 
 function render(config) {
     writeComposeConfig(config);
-    if (config.idp.kind === 'dex') {
+    if (config.idp.dex !== undefined) {
         writeDexConfig(config);
     }
     writeNginxConfig(config);
@@ -459,9 +458,13 @@ const DefaultProxyPolicy = {
     },
 };
 function resolveOptions(options) {
-    const { host = 'local.vite.app', port = 9001, cookie = {}, oauth2 = {}, } = options;
+    const { host = 'localhost', port = 9001, cookie = {}, oauth2 = {} } = options;
     const cookieName = cookie.name ?? 'session';
     const publicClient = oauth2.clientSecret === null;
+    const upstreams = {
+        ...resolveServiceUpstreams(options.services),
+        ...resolveUpstreams(options.upstreams),
+    };
     return {
         host,
         port,
@@ -491,11 +494,14 @@ function resolveOptions(options) {
             public: publicClient,
         },
         services: {
-            ...options.services,
+            ...Object.fromEntries(Object.entries(options.services ?? {}).map(([name, service]) => [
+                name,
+                resolveService(service),
+            ])),
             nginx: {
                 ...BaseServiceNginx,
                 ...{
-                    ...options.services?.nginx,
+                    ...resolveService(options.services?.nginx ?? {}),
                     extra_hosts: [
                         ...BaseServiceNginx.extra_hosts,
                         ...(options.services?.nginx?.extra_hosts ?? []),
@@ -505,7 +511,7 @@ function resolveOptions(options) {
             oauth2_proxy: {
                 ...BaseOAuth2ProxyService,
                 ...{
-                    ...options.services?.oauth2_proxy,
+                    ...resolveService(options.services?.oauth2_proxy ?? {}),
                     extra_hosts: [
                         ...BaseOAuth2ProxyService.extra_hosts,
                         ...(options.services?.oauth2_proxy?.extra_hosts ?? []),
@@ -513,20 +519,41 @@ function resolveOptions(options) {
                 },
             },
         },
-        ...(options.upstreams === undefined
-            ? {}
-            : {
-                upstreams: Object.fromEntries(Object.entries(options.upstreams).map(([name, upstream]) => [
-                    name,
-                    { ...upstream, scheme: upstream.scheme ?? 'http' },
-                ])),
-            }),
+        ...(Object.keys(upstreams).length === 0 ? {} : { upstreams }),
+    };
+}
+function resolveService(service) {
+    const { upstream: _upstream, ...resolved } = service;
+    return resolved;
+}
+function resolveServiceUpstreams(services = {}) {
+    return Object.fromEntries(Object.entries(services)
+        .filter(([name]) => 
+    // Exclude base services handled separately.
+    name !== 'dex' && name !== 'nginx' && name !== 'oauth2_proxy')
+        .map(([name, service]) => [
+        name,
+        resolveUpstream(name, service.upstream ?? {}),
+    ]));
+}
+function resolveUpstreams(upstreams = {}) {
+    return Object.fromEntries(Object.entries(upstreams).map(([name, upstream]) => [
+        name,
+        resolveUpstream(name, upstream),
+    ]));
+}
+function resolveUpstream(name, upstream) {
+    return {
+        ...upstream,
+        host: upstream.host ?? name,
+        locations: upstream.locations ?? { [`/${name}/`]: {} },
+        port: upstream.port ?? 80,
+        scheme: upstream.scheme ?? 'http',
     };
 }
 function resolveIdpOption(idp) {
-    if (idp?.kind === 'external') {
+    if (idp && 'issuer' in idp) {
         return {
-            kind: 'external',
             issuer: idp.issuer,
             authorization: idp.authorization ?? '/auth',
             token: idp.token ?? '/token',
@@ -534,7 +561,6 @@ function resolveIdpOption(idp) {
         };
     }
     return {
-        kind: 'dex',
         dex: {
             ...(idp?.expiry ? { expiry: idp.expiry } : {}),
             users: (idp?.users ?? DefaultDexUsers).map((user) => ({
@@ -547,11 +573,10 @@ function resolveIdpOption(idp) {
     };
 }
 function resolveIdpConfig({ host, port, idp, }) {
-    if (idp.kind === 'dex') {
+    if ('dex' in idp) {
         const issuer = `https://${host}:${port}/dex`;
         const upstream = `http://dex:5556/dex`;
         return {
-            kind: 'dex',
             upstream: 'dex',
             issuer,
             authorization: `${issuer}/auth`,
@@ -569,7 +594,6 @@ function resolveIdpConfig({ host, port, idp, }) {
         };
     }
     return {
-        kind: 'external',
         upstream: 'idp',
         issuer: idp.issuer,
         authorization: idp.issuer + (idp.authorization ?? '/auth'),
@@ -583,7 +607,6 @@ function resolveExternalIdpUpstream(idp) {
         host: issuer.hostname,
         scheme: issuer.protocol === 'https:' ? 'https' : 'http',
         port: Number(issuer.port) || (issuer.protocol === 'https:' ? 443 : 80),
-        locations: { [issuer.pathname]: { auth: { enabled: false } } },
     };
 }
 function resolveConfig(options, config, vitePort) {
@@ -591,9 +614,9 @@ function resolveConfig(options, config, vitePort) {
     const upstreams = {
         oauth2_proxy: BaseOauth2ProxyUpstream,
         vite: { ...BaseViteUpstream, port: vitePort },
-        ...(idp.kind === 'dex'
-            ? { dex: BaseDexUpstream }
-            : { idp: resolveExternalIdpUpstream(idp) }),
+        ...(idp.dex === undefined
+            ? { idp: resolveExternalIdpUpstream(idp) }
+            : { dex: BaseDexUpstream }),
         ...options.upstreams,
     };
     return {
@@ -605,8 +628,9 @@ function resolveConfig(options, config, vitePort) {
         cache: join(config.cacheDir, 'visage'),
         files: { ...BaseFiles },
         services: {
-            ...(idp.kind === 'dex'
-                ? {
+            ...(idp.dex === undefined
+                ? BaseServices
+                : {
                     dex: BaseDexService,
                     nginx: {
                         ...BaseServices.nginx,
@@ -618,8 +642,7 @@ function resolveConfig(options, config, vitePort) {
                         image: BaseServices.oauth2_proxy.image,
                         depends_on: ['dex'],
                     },
-                }
-                : BaseServices),
+                }),
             ...options.services,
         },
         upstreams: Object.fromEntries(Object.entries(upstreams).map(([name, upstream]) => [

package/dist/types.d.ts

@@ -5,7 +5,7 @@ export type VisageOptions = {
     /**
      * Browser-facing hostname for the local Visage HTTPS origin.
      *
-     * @defaultValue `'local.vite.app'`
+     * @defaultValue `'localhost'`
      */
     readonly host?: string;
     /**
@@ -78,11 +78,6 @@ export type VisageCookiePolicy = {
  * Managed Dex identity provider options.
  */
 export type VisageDexOptions = {
-    /**
-     * Selects the managed Dex provider. Omit this for the default managed Dex
-     * provider.
-     */
-    readonly kind?: 'dex';
     /**
      * Token expiration and rotation settings rendered into the Dex config.
      */
@@ -165,10 +160,6 @@ export type VisageDexUser = {
  * External OpenID Connect identity provider options.
  */
 export type VisageExternalIdpOptions = {
-    /**
-     * Selects the external IdP flow.
-     */
-    readonly kind: 'external';
     /**
      * OIDC issuer URL used by OAuth2 Proxy.
      */
@@ -244,6 +235,11 @@ export type VisageService = {
      * Additional host-to-IP mappings rendered into the Compose service.
      */
     readonly extra_hosts?: readonly string[];
+    /**
+     * Optional upstream override for this service. Omit this to create a default
+     * upstream from the service name.
+     */
+    readonly upstream?: VisageUpstream;
 };
 /**
  * Named proxy target that NGINX routes to for one or more locations.
@@ -251,8 +247,10 @@ export type VisageService = {
 export type VisageUpstream = {
     /**
      * Hostname or Compose service name NGINX should proxy to.
+     *
+     * @defaultValue The upstream name.
      */
-    readonly host: string;
+    readonly host?: string;
     /**
      * URL scheme NGINX should use when proxying to this upstream.
      *
@@ -261,10 +259,14 @@ export type VisageUpstream = {
     readonly scheme?: 'http' | 'https';
     /**
      * Port NGINX should proxy to on {@link VisageUpstream.host}.
+     *
+     * @defaultValue `80`
      */
-    readonly port: number;
+    readonly port?: number;
     /**
      * Path-location policies for this upstream, keyed by NGINX location path.
+     *
+     * @defaultValue `/{upstreamName}/`
      */
     readonly locations?: {
         readonly [path: string]: VisageProxyPolicy;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,GAAG,wBAAwB,CAAC;IAC3D;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAClD;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACrD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;;;OAMG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;;OAGG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC;IACtB;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;IAClC;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,aAAa,EAAE,CAAC;CAC3C,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;OAEG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;OAEG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvB;;WAEG;QACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QACpC;;WAEG;QACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,wBAAwB,GAAG;IACrC;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;;;OAOG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACrC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;OAEG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC1C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,iBAAiB,CAAA;KAAE,CAAC;CACrE,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE;QACd;;;;WAIG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;QAC3B;;;;WAIG;QACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;QAC5B;;;;;WAKG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;CACvD,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,GAAG,wBAAwB,CAAC;IAC3D;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,kBAAkB,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAClD;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACrD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;;;OAMG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,eAAe,CAAC;IAClC;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,aAAa,EAAE,CAAC;CAC3C,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;OAEG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;OAEG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvB;;WAEG;QACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QACpC;;WAEG;QACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;QACnC;;WAEG;QACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;KACjC,CAAC;CACH,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,wBAAwB,GAAG;IACrC;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;;;;;OAOG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACrC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrC;;OAEG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACxC;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACzC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC;;;;OAIG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,GAAG,iBAAiB,CAAA;KAAE,CAAC;CACrE,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE;QACd;;;;WAIG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;QAC3B;;;;WAIG;QACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;QAC5B;;;;;WAKG;QACH,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;KAC5B,CAAC;IACF;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE;QAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAC;CACvD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blakearoberts/visage",
-  "version": "0.0.1-rc.5",
+  "version": "0.0.1-rc.6",
   "description": "Vite plugin for local development with HMR and OIDC session cookie lifecycle semantics.",
   "type": "module",
   "author": "Blake Roberts",