@boxyhq/saml-jackson 0.2.2-beta.176 → 0.2.3-beta.207

package/ nodemon.json

@@ -0,0 +1,12 @@
+{
+  "restartable": "rs",
+  "ignore": [".git", "node_modules/", "dist/", "coverage/"],
+  "watch": ["src/"],
+  "execMap": {
+    "ts": "node -r ts-node/register"
+  },
+  "env": {
+    "NODE_ENV": "development"
+  },
+  "ext": "js,json,ts"
+}

package/.nyc_output/522d751d-0cf8-42cc-9e6b-7c4f2c2ab0d4.json

@@ -0,0 +1 @@
+{}

package/.nyc_output/93c45454-d3b6-48a7-9885-209592dc290a.json

@@ -0,0 +1 @@
+{}

package/.nyc_output/da9b997e-732d-4bf2-a4e8-4b0568635c06.json

@@ -0,0 +1 @@
+{}

package/.nyc_output/processinfo/522d751d-0cf8-42cc-9e6b-7c4f2c2ab0d4.json

@@ -0,0 +1 @@
+{"parent":"93c45454-d3b6-48a7-9885-209592dc290a","pid":3596,"argv":["/opt/hostedtoolcache/node/16.13.1/x64/bin/node","/home/runner/work/jackson/jackson/src/test/api.test.ts"],"execArgv":["-r","/home/runner/work/jackson/jackson/node_modules/ts-node/register/index.js"],"cwd":"/home/runner/work/jackson/jackson","time":1640694328676,"ppid":3579,"coverageFilename":"/home/runner/work/jackson/jackson/.nyc_output/522d751d-0cf8-42cc-9e6b-7c4f2c2ab0d4.json","externalId":"src/test/api.test.ts","uuid":"522d751d-0cf8-42cc-9e6b-7c4f2c2ab0d4","files":[]}

package/.nyc_output/processinfo/93c45454-d3b6-48a7-9885-209592dc290a.json

@@ -0,0 +1 @@
+{"parent":null,"pid":3579,"argv":["/opt/hostedtoolcache/node/16.13.1/x64/bin/node","/home/runner/work/jackson/jackson/node_modules/.bin/tap","--ts","--timeout=100","src/test/api.test.ts","src/test/oauth.test.ts"],"execArgv":[],"cwd":"/home/runner/work/jackson/jackson","time":1640694328360,"ppid":3568,"coverageFilename":"/home/runner/work/jackson/jackson/.nyc_output/93c45454-d3b6-48a7-9885-209592dc290a.json","externalId":"","uuid":"93c45454-d3b6-48a7-9885-209592dc290a","files":[]}

package/.nyc_output/processinfo/da9b997e-732d-4bf2-a4e8-4b0568635c06.json

@@ -0,0 +1 @@
+{"parent":"93c45454-d3b6-48a7-9885-209592dc290a","pid":3590,"argv":["/opt/hostedtoolcache/node/16.13.1/x64/bin/node","/home/runner/work/jackson/jackson/src/test/oauth.test.ts"],"execArgv":["-r","/home/runner/work/jackson/jackson/node_modules/ts-node/register/index.js"],"cwd":"/home/runner/work/jackson/jackson","time":1640694328650,"ppid":3579,"coverageFilename":"/home/runner/work/jackson/jackson/.nyc_output/da9b997e-732d-4bf2-a4e8-4b0568635c06.json","externalId":"src/test/oauth.test.ts","uuid":"da9b997e-732d-4bf2-a4e8-4b0568635c06","files":[]}

package/.nyc_output/processinfo/index.json

@@ -0,0 +1 @@
+{"processes":{"522d751d-0cf8-42cc-9e6b-7c4f2c2ab0d4":{"parent":"93c45454-d3b6-48a7-9885-209592dc290a","externalId":"src/test/api.test.ts","children":[]},"93c45454-d3b6-48a7-9885-209592dc290a":{"parent":null,"children":["522d751d-0cf8-42cc-9e6b-7c4f2c2ab0d4","da9b997e-732d-4bf2-a4e8-4b0568635c06"]},"da9b997e-732d-4bf2-a4e8-4b0568635c06":{"parent":"93c45454-d3b6-48a7-9885-209592dc290a","externalId":"src/test/oauth.test.ts","children":[]}},"files":{},"externalIds":{"src/test/api.test.ts":{"root":"522d751d-0cf8-42cc-9e6b-7c4f2c2ab0d4","children":[]},"src/test/oauth.test.ts":{"root":"da9b997e-732d-4bf2-a4e8-4b0568635c06","children":[]}}}

package/package.json

@@ -1,9 +1,10 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.2.2-beta.176",
+  "version": "0.2.3-beta.207",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
-  "main": "src/index.js",
+  "main": "dist/index.js",
+  "types": "dist/types.d.ts",
   "engines": {
     "node": ">=14.18.1"
   },
@@ -15,12 +16,14 @@
     "SAML 2.0"
   ],
   "scripts": {
+    "build": "tsc",
     "start": "cross-env IDP_ENABLED=true node src/jackson.js",
     "dev": "cross-env IDP_ENABLED=true nodemon src/jackson.js",
-    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon src/jackson.js",
+    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson DB_ENCRYPTION_KEY=RiVoTxDoLUUoIUOp224abMxK6PGGfFuF nodemon --config nodemon.json src/jackson.ts",
+    "sql": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=postgres DB_URL=postgres://postgres:postgres@localhost:5432/jackson DB_ENCRYPTION_KEY=RiVoTxDoLUUoIUOp224abMxK6PGGfFuF nodemon src/jackson.js",
     "pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
     "pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
-    "test": "tap --timeout=100 src/**/*.test.js",
+    "test": "tap --ts --timeout=100 src/**/*.test.ts",
     "dev-dbs": "docker-compose -f ./_dev/docker-compose.yml up -d",
     "dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans"
   },
@@ -33,15 +36,15 @@
   },
   "dependencies": {
     "@boxyhq/saml20": "0.2.0",
-    "@peculiar/webcrypto": "1.2.2",
-    "@peculiar/x509": "1.6.0",
+    "@peculiar/webcrypto": "1.2.3",
+    "@peculiar/x509": "1.6.1",
     "cors": "2.8.5",
-    "express": "4.17.1",
-    "mongodb": "4.2.1",
+    "express": "4.17.2",
+    "mongodb": "4.2.2",
     "mysql2": "2.3.3",
     "pg": "8.7.1",
     "rambda": "6.9.0",
-    "redis": "4.0.0-rc.4",
+    "redis": "4.0.1",
     "reflect-metadata": "0.1.13",
     "ripemd160": "2.0.2",
     "thumbprint": "0.0.1",
@@ -51,17 +54,22 @@
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
+    "@types/redis": "4.0.11",
+    "@types/sinon": "10.0.6",
+    "@types/tap": "15.0.5",
     "cross-env": "7.0.3",
-    "eslint": "8.4.0",
+    "eslint": "8.5.0",
     "husky": "7.0.4",
-    "lint-staged": "12.1.2",
+    "lint-staged": "12.1.4",
     "nodemon": "2.0.15",
     "prettier": "2.5.1",
     "sinon": "12.0.1",
-    "tap": "15.1.5"
+    "tap": "15.1.5",
+    "ts-node": "10.4.0",
+    "typescript": "4.5.4"
   },
   "lint-staged": {
-    "*.js": "eslint --cache --fix",
-    "*.{js,css,md}": "prettier --write"
+    "*.{js,ts}": "eslint --cache --fix",
+    "*.{js,ts,css,md}": "prettier --write"
   }
-}
+}

package/.eslintrc.js

@@ -1,13 +0,0 @@
-module.exports = {
-    "env": {
-        "es2021": true,
-        "node": true
-    },
-    "extends": "eslint:recommended",
-    "parserOptions": {
-        "ecmaVersion": 13,
-        "sourceType": "module"
-    },
-    "rules": {
-    }
-};

package/prettier.config.js

@@ -1,4 +0,0 @@
-module.exports = {
-  singleQuote: true,
-  trailingComma: 'es5',
-};

package/src/controller/api.js

@@ -1,167 +0,0 @@
-const saml = require('../saml/saml.js');
-const x509 = require('../saml/x509.js');
-const dbutils = require('../db/utils.js');
-const { indexNames } = require('./utils.js');
-const { JacksonError } = require('./error.js');
-
-const crypto = require('crypto');
-
-let configStore;
-
-const extractHostName = (url) => {
-  try {
-    const pUrl = new URL(url);
-    if (pUrl.hostname.startsWith('www.')) {
-      return pUrl.hostname.substring(4);
-    }
-    return pUrl.hostname;
-  } catch (err) {
-    return null;
-  }
-};
-
-const config = async (body) => {
-  const { rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product } =
-    body;
-
-  if (!rawMetadata) {
-    throw new JacksonError('Please provide rawMetadata', 400);
-  }
-
-  if (!defaultRedirectUrl) {
-    throw new JacksonError('Please provide a defaultRedirectUrl', 400);
-  }
-
-  if (!redirectUrl) {
-    throw new JacksonError('Please provide redirectUrl', 400);
-  }
-
-  if (!tenant) {
-    throw new JacksonError('Please provide tenant', 400);
-  }
-
-  if (!product) {
-    throw new JacksonError('Please provide product', 400);
-  }
-
-  const idpMetadata = await saml.parseMetadataAsync(rawMetadata);
-
-  // extract provider
-  let providerName = extractHostName(idpMetadata.entityID);
-  if (!providerName) {
-    providerName = extractHostName(
-      idpMetadata.sso.redirectUrl || idpMetadata.sso.postUrl
-    );
-  }
-
-  idpMetadata.provider = providerName ? providerName : 'Unknown';
-
-  let clientID = dbutils.keyDigest(
-    dbutils.keyFromParts(tenant, product, idpMetadata.entityID)
-  );
-  let clientSecret;
-
-  let exists = await configStore.get(clientID);
-  if (exists) {
-    clientSecret = exists.clientSecret;
-  } else {
-    clientSecret = crypto.randomBytes(24).toString('hex');
-  }
-
-  const certs = await x509.generate();
-  if (!certs) {
-    throw new Error('Error generating x59 certs');
-  }
-
-  await configStore.put(
-    clientID,
-    {
-      idpMetadata,
-      defaultRedirectUrl,
-      redirectUrl: JSON.parse(redirectUrl), // redirectUrl is a stringified array
-      tenant,
-      product,
-      clientID,
-      clientSecret,
-      certs,
-    },
-    {
-      // secondary index on entityID
-      name: indexNames.entityID,
-      value: idpMetadata.entityID,
-    },
-    {
-      // secondary index on tenant + product
-      name: indexNames.tenantProduct,
-      value: dbutils.keyFromParts(tenant, product),
-    }
-  );
-
-  return {
-    client_id: clientID,
-    client_secret: clientSecret,
-    provider: idpMetadata.provider,
-  };
-};
-
-const getConfig = async (body) => {
-  const { clientID, tenant, product } = body;
-
-  if (clientID) {
-    const samlConfig = await configStore.get(clientID);
-    if (!samlConfig) {
-      return {};
-    }
-
-    return { provider: samlConfig.idpMetadata.provider };
-  } else {
-    const samlConfigs = await configStore.getByIndex({
-      name: indexNames.tenantProduct,
-      value: dbutils.keyFromParts(tenant, product),
-    });
-    if (!samlConfigs || !samlConfigs.length) {
-      return {};
-    }
-
-    return { provider: samlConfigs[0].idpMetadata.provider };
-  }
-};
-
-const deleteConfig = async (body) => {
-  const { clientID, clientSecret, tenant, product } = body;
-
-  if (clientID) {
-    if (!clientSecret) {
-      throw new JacksonError('Please provide clientSecret', 400);
-    }
-    const samlConfig = await configStore.get(clientID);
-    if (!samlConfig) {
-      return;
-    }
-    if (samlConfig.clientSecret === clientSecret) {
-      await configStore.delete(clientID);
-    } else {
-      throw new JacksonError('clientSecret mismatch', 400);
-    }
-  } else {
-    const samlConfigs = await configStore.getByIndex({
-      name: indexNames.tenantProduct,
-      value: dbutils.keyFromParts(tenant, product),
-    });
-    if (!samlConfigs || !samlConfigs.length) {
-      return;
-    }
-    for (const conf of samlConfigs) {
-      await configStore.delete(conf.clientID);
-    }
-  }
-};
-
-module.exports = (opts) => {
-  configStore = opts.configStore;
-  return {
-    config,
-    getConfig,
-    deleteConfig,
-  };
-};

package/src/controller/error.js

@@ -1,12 +0,0 @@
-class JacksonError extends Error {
-  constructor(message, statusCode = 500) {
-    super(message);
-
-    this.name = this.constructor.name;
-    this.statusCode = statusCode;
-
-    Error.captureStackTrace(this, this.constructor);
-  }
-}
-
-module.exports = { JacksonError };

package/src/controller/oauth/allowed.js

@@ -1,19 +0,0 @@
-module.exports = {
-  redirect: (redirectUrl, redirectUrls) => {
-    const url = new URL(redirectUrl);
-
-    for (const idx in redirectUrls) {
-      const rUrl = new URL(redirectUrls[idx]);
-      // TODO: Check pathname, for now pathname is ignored
-      if (
-        rUrl.protocol === url.protocol &&
-        rUrl.hostname === url.hostname &&
-        rUrl.port === url.port
-      ) {
-        return true;
-      }
-    }
-
-    return false;
-  },
-};

package/src/controller/oauth/code-verifier.js

@@ -1,16 +0,0 @@
-const crypto = require('crypto');
-
-const transformBase64 = (input) => {
-  return input.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
-};
-
-const encode = (code_challenge) => {
-  return transformBase64(
-    crypto.createHash('sha256').update(code_challenge).digest('base64')
-  );
-};
-
-module.exports = {
-  encode,
-  transformBase64,
-};

package/src/controller/oauth/redirect.js

@@ -1,18 +0,0 @@
-module.exports = {
-  error: (res, redirectUrl, err) => {
-    var url = new URL(redirectUrl);
-    url.searchParams.set('error', err);
-
-    res.redirect(url);
-  },
-
-  success: (redirectUrl, params) => {
-    const url = new URL(redirectUrl);
-
-    for (const [key, value] of Object.entries(params)) {
-      url.searchParams.set(key, value);
-    }
-
-    return url.href;
-  },
-};