@boxyhq/saml-jackson 0.2.3 → 0.3.0-beta.247

package/dist/read-config.js

@@ -0,0 +1,50 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const readConfig = (preLoadedConfig) => __awaiter(void 0, void 0, void 0, function* () {
+    if (preLoadedConfig.startsWith('./')) {
+        preLoadedConfig = path.resolve(process.cwd(), preLoadedConfig);
+    }
+    const files = yield fs.promises.readdir(preLoadedConfig);
+    const configs = [];
+    for (const idx in files) {
+        const file = files[idx];
+        if (file.endsWith('.js')) {
+            const config = require(path.join(preLoadedConfig, file));
+            const rawMetadata = yield fs.promises.readFile(path.join(preLoadedConfig, path.parse(file).name + '.xml'), 'utf8');
+            config.rawMetadata = rawMetadata;
+            configs.push(config);
+        }
+    }
+    return configs;
+});
+exports.default = readConfig;

package/dist/saml/claims.d.ts

@@ -0,0 +1,6 @@
+declare const _default: {
+    map: (claims: Record<"id" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" | "email" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" | "firstName" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" | "lastName" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", unknown>) => {
+        raw: Record<"id" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" | "email" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" | "firstName" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" | "lastName" | "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", unknown>;
+    };
+};
+export default _default;

package/dist/saml/claims.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const mapping = [
+    {
+        attribute: 'id',
+        schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier',
+    },
+    {
+        attribute: 'email',
+        schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
+    },
+    {
+        attribute: 'firstName',
+        schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
+    },
+    {
+        attribute: 'lastName',
+        schema: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
+    },
+];
+const map = (claims) => {
+    const profile = {
+        raw: claims,
+    };
+    mapping.forEach((m) => {
+        if (claims[m.attribute]) {
+            profile[m.attribute] = claims[m.attribute];
+        }
+        else if (claims[m.schema]) {
+            profile[m.attribute] = claims[m.schema];
+        }
+    });
+    return profile;
+};
+exports.default = { map };

package/dist/saml/saml.d.ts

@@ -0,0 +1,11 @@
+import { SAMLProfile, SAMLReq } from '../typings';
+declare const _default: {
+    request: ({ ssoUrl, entityID, callbackUrl, isPassive, forceAuthn, identifierFormat, providerName, signingKey, }: SAMLReq) => {
+        id: string;
+        request: string;
+    };
+    parseAsync: (rawAssertion: string) => Promise<SAMLProfile>;
+    validateAsync: (rawAssertion: string, options: any) => Promise<SAMLProfile>;
+    parseMetadataAsync: (idpMeta: string) => Promise<Record<string, any>>;
+};
+export default _default;

package/dist/saml/saml.js

@@ -0,0 +1,200 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const saml20_1 = __importDefault(require("@boxyhq/saml20"));
+const xml2js_1 = __importDefault(require("xml2js"));
+const thumbprint_1 = __importDefault(require("thumbprint"));
+const xml_crypto_1 = __importDefault(require("xml-crypto"));
+const rambda = __importStar(require("rambda"));
+const xmlbuilder_1 = __importDefault(require("xmlbuilder"));
+const crypto_1 = __importDefault(require("crypto"));
+const claims_1 = __importDefault(require("./claims"));
+const idPrefix = '_';
+const authnXPath = '/*[local-name(.)="AuthnRequest" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
+const issuerXPath = '/*[local-name(.)="Issuer" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:assertion"]';
+const signRequest = (xml, signingKey) => {
+    if (!xml) {
+        throw new Error('Please specify xml');
+    }
+    if (!signingKey) {
+        throw new Error('Please specify signingKey');
+    }
+    const sig = new xml_crypto_1.default.SignedXml();
+    sig.signatureAlgorithm = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256';
+    sig.signingKey = signingKey;
+    sig.addReference(authnXPath, [
+        'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
+        'http://www.w3.org/2001/10/xml-exc-c14n#',
+    ], 'http://www.w3.org/2001/04/xmlenc#sha256');
+    sig.computeSignature(xml, {
+        location: { reference: authnXPath + issuerXPath, action: 'after' },
+    });
+    return sig.getSignedXml();
+};
+const request = ({ ssoUrl, entityID, callbackUrl, isPassive = false, forceAuthn = false, identifierFormat = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', providerName = 'BoxyHQ', signingKey, }) => {
+    const id = idPrefix + crypto_1.default.randomBytes(10).toString('hex');
+    const date = new Date().toISOString();
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const samlReq = {
+        'samlp:AuthnRequest': {
+            '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
+            '@ID': id,
+            '@Version': '2.0',
+            '@IssueInstant': date,
+            '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
+            '@Destination': ssoUrl,
+            'saml:Issuer': {
+                '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
+                '#text': entityID,
+            },
+        },
+    };
+    if (isPassive)
+        samlReq['samlp:AuthnRequest']['@IsPassive'] = true;
+    if (forceAuthn) {
+        samlReq['samlp:AuthnRequest']['@ForceAuthn'] = true;
+    }
+    samlReq['samlp:AuthnRequest']['@AssertionConsumerServiceURL'] = callbackUrl;
+    samlReq['samlp:AuthnRequest']['samlp:NameIDPolicy'] = {
+        '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
+        '@Format': identifierFormat,
+        '@AllowCreate': 'true',
+    };
+    if (providerName != null) {
+        samlReq['samlp:AuthnRequest']['@ProviderName'] = providerName;
+    }
+    let xml = xmlbuilder_1.default.create(samlReq).end({});
+    if (signingKey) {
+        xml = signRequest(xml, signingKey);
+    }
+    return {
+        id,
+        request: xml,
+    };
+};
+const parseAsync = (rawAssertion) => __awaiter(void 0, void 0, void 0, function* () {
+    return new Promise((resolve, reject) => {
+        saml20_1.default.parse(rawAssertion, function onParseAsync(err, profile) {
+            if (err) {
+                reject(err);
+                return;
+            }
+            resolve(profile);
+        });
+    });
+});
+const validateAsync = (rawAssertion, options) => __awaiter(void 0, void 0, void 0, function* () {
+    return new Promise((resolve, reject) => {
+        saml20_1.default.validate(rawAssertion, options, function onValidateAsync(err, profile) {
+            if (err) {
+                reject(err);
+                return;
+            }
+            if (profile && profile.claims) {
+                // we map claims to our attributes id, email, firstName, lastName where possible. We also map original claims to raw
+                profile.claims = claims_1.default.map(profile.claims);
+                // some providers don't return the id in the assertion, we set it to a sha256 hash of the email
+                if (!profile.claims.id) {
+                    profile.claims.id = crypto_1.default
+                        .createHash('sha256')
+                        .update(profile.claims.email)
+                        .digest('hex');
+                }
+            }
+            resolve(profile);
+        });
+    });
+});
+const parseMetadataAsync = (idpMeta) => __awaiter(void 0, void 0, void 0, function* () {
+    return new Promise((resolve, reject) => {
+        xml2js_1.default.parseString(idpMeta, { tagNameProcessors: [xml2js_1.default.processors.stripPrefix] }, (err, res) => {
+            if (err) {
+                reject(err);
+                return;
+            }
+            const entityID = rambda.path('EntityDescriptor.$.entityID', res);
+            let X509Certificate = null;
+            let ssoPostUrl = null;
+            let ssoRedirectUrl = null;
+            let loginType = 'idp';
+            let ssoDes = rambda.pathOr(null, 'EntityDescriptor.IDPSSODescriptor', res);
+            if (!ssoDes) {
+                ssoDes = rambda.pathOr([], 'EntityDescriptor.SPSSODescriptor', res);
+                if (!ssoDes) {
+                    loginType = 'sp';
+                }
+            }
+            for (const ssoDesRec of ssoDes) {
+                const keyDes = ssoDesRec['KeyDescriptor'];
+                for (const keyDesRec of keyDes) {
+                    if (keyDesRec['$'] && keyDesRec['$'].use === 'signing') {
+                        const ki = keyDesRec['KeyInfo'][0];
+                        const cd = ki['X509Data'][0];
+                        X509Certificate = cd['X509Certificate'][0];
+                    }
+                }
+                const ssoSvc = ssoDesRec['SingleSignOnService'] ||
+                    ssoDesRec['AssertionConsumerService'] ||
+                    [];
+                for (const ssoSvcRec of ssoSvc) {
+                    if (rambda.pathOr('', '$.Binding', ssoSvcRec).endsWith('HTTP-POST')) {
+                        ssoPostUrl = rambda.path('$.Location', ssoSvcRec);
+                    }
+                    else if (rambda
+                        .pathOr('', '$.Binding', ssoSvcRec)
+                        .endsWith('HTTP-Redirect')) {
+                        ssoRedirectUrl = rambda.path('$.Location', ssoSvcRec);
+                    }
+                }
+            }
+            const ret = {
+                sso: {},
+            };
+            if (entityID) {
+                ret.entityID = entityID;
+            }
+            if (X509Certificate) {
+                ret.thumbprint = thumbprint_1.default.calculate(X509Certificate);
+            }
+            if (ssoPostUrl) {
+                ret.sso.postUrl = ssoPostUrl;
+            }
+            if (ssoRedirectUrl) {
+                ret.sso.redirectUrl = ssoRedirectUrl;
+            }
+            ret.loginType = loginType;
+            resolve(ret);
+        });
+    });
+});
+exports.default = { request, parseAsync, validateAsync, parseMetadataAsync };

package/dist/saml/x509.d.ts

@@ -0,0 +1,7 @@
+declare const _default: {
+    generate: () => Promise<{
+        publicKey: string;
+        privateKey: string;
+    } | undefined>;
+};
+export default _default;

package/dist/saml/x509.js

@@ -0,0 +1,69 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const x509 = __importStar(require("@peculiar/x509"));
+const webcrypto_1 = require("@peculiar/webcrypto");
+const crypto = new webcrypto_1.Crypto();
+x509.cryptoProvider.set(crypto);
+const alg = {
+    name: 'RSASSA-PKCS1-v1_5',
+    hash: 'SHA-256',
+    publicExponent: new Uint8Array([1, 0, 1]),
+    modulusLength: 2048,
+};
+const generate = () => __awaiter(void 0, void 0, void 0, function* () {
+    const keys = yield crypto.subtle.generateKey(alg, true, ['sign', 'verify']);
+    const extensions = [
+        new x509.BasicConstraintsExtension(false, undefined, true),
+    ];
+    extensions.push(new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature, true));
+    if (keys.publicKey) {
+        extensions.push(yield x509.SubjectKeyIdentifierExtension.create(keys.publicKey));
+    }
+    const cert = yield x509.X509CertificateGenerator.createSelfSigned({
+        serialNumber: '01',
+        name: 'CN=BoxyHQ Jackson',
+        notBefore: new Date(),
+        notAfter: new Date('3021/01/01'),
+        signingAlgorithm: alg,
+        keys: keys,
+        extensions,
+    });
+    if (keys.privateKey) {
+        const pkcs8 = yield crypto.subtle.exportKey('pkcs8', keys.privateKey);
+        return {
+            publicKey: cert.toString('pem'),
+            privateKey: x509.PemConverter.encode(pkcs8, 'private key'),
+        };
+    }
+});
+exports.default = {
+    generate,
+};

package/dist/typings.d.ts

@@ -0,0 +1,137 @@
+export declare type IdPConfig = {
+    defaultRedirectUrl: string;
+    redirectUrl: string;
+    tenant: string;
+    product: string;
+    rawMetadata: string;
+};
+export interface OAuth {
+    client_id: string;
+    client_secret: string;
+    provider: string;
+}
+export interface ISAMLConfig {
+    config(body: IdPConfig): Promise<OAuth>;
+    getConfig(body: {
+        clientID: string;
+        tenant: string;
+        product: string;
+    }): Promise<Partial<OAuth>>;
+    deleteConfig(body: {
+        clientID: string;
+        clientSecret: string;
+        tenant: string;
+        product: string;
+    }): Promise<void>;
+    create(body: IdPConfig): Promise<OAuth>;
+    get(body: {
+        clientID: string;
+        tenant: string;
+        product: string;
+    }): Promise<Partial<OAuth>>;
+    delete(body: {
+        clientID: string;
+        clientSecret: string;
+        tenant: string;
+        product: string;
+    }): Promise<void>;
+}
+export interface IOAuthController {
+    authorize(body: OAuthReqBody): Promise<{
+        redirect_url: string;
+    }>;
+    samlResponse(body: SAMLResponsePayload): Promise<{
+        redirect_url: string;
+    }>;
+    token(body: OAuthTokenReq): Promise<OAuthTokenRes>;
+    userInfo(token: string): Promise<Profile>;
+}
+export interface OAuthReqBody {
+    response_type: 'code';
+    client_id: string;
+    redirect_uri: string;
+    state: string;
+    tenant: string;
+    product: string;
+    code_challenge: string;
+    code_challenge_method: 'plain' | 'S256' | '';
+    provider: 'saml';
+}
+export interface SAMLResponsePayload {
+    SAMLResponse: string;
+    RelayState: string;
+}
+export interface OAuthTokenReq {
+    client_id: string;
+    client_secret: string;
+    code_verifier: string;
+    code: string;
+    grant_type: 'authorization_code';
+}
+export interface OAuthTokenRes {
+    access_token: string;
+    token_type: 'bearer';
+    expires_in: number;
+}
+export interface Profile {
+    id: string;
+    email: string;
+    firstName: string;
+    lastName: string;
+}
+export interface Index {
+    name: string;
+    value: string;
+}
+export interface DatabaseDriver {
+    get(namespace: string, key: string): Promise<any>;
+    put(namespace: string, key: string, val: any, ttl: number, ...indexes: Index[]): Promise<any>;
+    delete(namespace: string, key: string): Promise<any>;
+    getByIndex(namespace: string, idx: Index): Promise<any>;
+}
+export interface Storable {
+    get(key: string): Promise<any>;
+    put(key: string, val: any, ...indexes: Index[]): Promise<any>;
+    delete(key: string): Promise<any>;
+    getByIndex(idx: Index): Promise<any>;
+}
+export interface Encrypted {
+    iv?: string;
+    tag?: string;
+    value: string;
+}
+export declare type EncryptionKey = any;
+export declare type DatabaseEngine = 'redis' | 'sql' | 'mongo' | 'mem';
+export declare type DatabaseType = 'postgres' | 'mysql' | 'mariadb';
+export interface DatabaseOption {
+    engine: DatabaseEngine;
+    url: string;
+    type: DatabaseType;
+    ttl: number;
+    cleanupLimit: number;
+    encryptionKey: string;
+}
+export interface SAMLReq {
+    ssoUrl?: string;
+    entityID: string;
+    callbackUrl: string;
+    isPassive?: boolean;
+    forceAuthn?: boolean;
+    identifierFormat?: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress';
+    providerName?: 'BoxyHQ';
+    signingKey: string;
+}
+export interface SAMLProfile {
+    audience: string;
+    claims: Record<string, any>;
+    issuer: string;
+    sessionIndex: string;
+}
+export interface JacksonOption {
+    externalUrl: string;
+    samlPath: string;
+    samlAudience: string;
+    preLoadedConfig?: string;
+    idpEnabled?: boolean;
+    db: DatabaseOption;
+}

package/dist/typings.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -1,9 +1,10 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.2.3",
+  "version": "0.3.0-beta.247",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
-  "main": "src/index.js",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "engines": {
     "node": ">=14.18.1"
   },
@@ -15,14 +16,18 @@
     "SAML 2.0"
   ],
   "scripts": {
-    "start": "cross-env IDP_ENABLED=true node src/jackson.js",
-    "dev": "cross-env IDP_ENABLED=true nodemon src/jackson.js",
-    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon src/jackson.js",
-    "pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
-    "pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
-    "test": "tap --timeout=100 src/**/*.test.js",
+    "build": "tsc -p tsconfig.build.json",
+    "prepublishOnly": "npm run build",
+    "start": "cross-env IDP_ENABLED=true node dist/jackson.js",
+    "dev": "cross-env IDP_ENABLED=true nodemon --config nodemon.json src/jackson.ts",
+    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon --config nodemon.json src/jackson.ts",
+    "sql": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=postgres DB_URL=postgres://postgres:postgres@localhost:5432/jackson nodemon --config nodemon.json src/jackson.ts",
+    "pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon --config nodemon.json src/jackson.ts",
+    "pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONFIG='./_config' nodemon --config nodemon.json src/jackson.ts",
+    "test": "tap --ts --timeout=100 --coverage src/**/*.test.ts ",
     "dev-dbs": "docker-compose -f ./_dev/docker-compose.yml up -d",
-    "dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans"
+    "dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans",
+    "db:migration:generate": "ts-node -r tsconfig-paths/register ./node_modules/typeorm/cli.js migration:generate --config ormconfig.js  -n Initial"
   },
   "tap": {
     "coverage-map": "map.js",
@@ -33,15 +38,15 @@
   },
   "dependencies": {
     "@boxyhq/saml20": "0.2.0",
-    "@peculiar/webcrypto": "1.2.2",
-    "@peculiar/x509": "1.6.0",
+    "@peculiar/webcrypto": "1.2.3",
+    "@peculiar/x509": "1.6.1",
     "cors": "2.8.5",
-    "express": "4.17.1",
-    "mongodb": "4.2.1",
+    "express": "4.17.2",
+    "mongodb": "4.2.2",
     "mysql2": "2.3.3",
     "pg": "8.7.1",
     "rambda": "6.9.0",
-    "redis": "4.0.0-rc.4",
+    "redis": "4.0.1",
     "reflect-metadata": "0.1.13",
     "ripemd160": "2.0.2",
     "thumbprint": "0.0.1",
@@ -51,17 +56,32 @@
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
+    "@types/express": "^4.17.13",
+    "@types/node": "^16.11.17",
+    "@types/redis": "4.0.11",
+    "@types/sinon": "10.0.6",
+    "@types/tap": "15.0.5",
+    "@typescript-eslint/eslint-plugin": "^5.8.1",
+    "@typescript-eslint/parser": "^5.8.1",
     "cross-env": "7.0.3",
-    "eslint": "8.4.0",
+    "eslint": "^8.5.0",
+    "eslint-config-prettier": "^8.3.0",
     "husky": "7.0.4",
-    "lint-staged": "12.1.2",
+    "lint-staged": "12.1.4",
     "nodemon": "2.0.15",
     "prettier": "2.5.1",
     "sinon": "12.0.1",
-    "tap": "15.1.5"
+    "tap": "15.1.5",
+    "ts-node": "10.4.0",
+    "tsconfig-paths": "3.12.0",
+    "typescript": "4.5.4"
   },
   "lint-staged": {
-    "*.js": "eslint --cache --fix",
-    "*.{js,css,md}": "prettier --write"
-  }
-}
+    "*.{js,ts}": "eslint --cache --fix",
+    "*.{js,ts,css,md}": "prettier --write"
+  },
+  "files": [
+    "dist",
+    "Dockerfile"
+  ]
+}

package/.dockerignore

@@ -1,2 +0,0 @@
-node_modules
-npm-debug.log

package/.eslintrc.js

@@ -1,13 +0,0 @@
-module.exports = {
-    "env": {
-        "es2021": true,
-        "node": true
-    },
-    "extends": "eslint:recommended",
-    "parserOptions": {
-        "ecmaVersion": 13,
-        "sourceType": "module"
-    },
-    "rules": {
-    }
-};

package/.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,27 +0,0 @@
----
-name: Bug report
-about: Report any issues with the platform
-title: ""
-labels: bug
-assignees: ""
----
-
-Found a bug? Please fill out the sections below. 👍
-
-### Issue Summary
-
-A summary of the issue. This needs to be a clear detailed-rich summary.
-
-### Steps to Reproduce
-
-1. (for example) Went to ...
-2. Clicked on...
-3. ...
-
-Any other relevant information. For example, why do you consider this a bug and what did you expect to happen instead?
-
-### Technical details
-
-- Browser version: You can use https://www.whatsmybrowser.org/ to find this out.
-- Node.js version
-- Anything else that you think could be an issue.