@boxyhq/saml-jackson 0.2.4-beta.198 → 0.3.0-beta.248

package/dist/saml/x509.js

@@ -0,0 +1,69 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const x509 = __importStar(require("@peculiar/x509"));
+const webcrypto_1 = require("@peculiar/webcrypto");
+const crypto = new webcrypto_1.Crypto();
+x509.cryptoProvider.set(crypto);
+const alg = {
+    name: 'RSASSA-PKCS1-v1_5',
+    hash: 'SHA-256',
+    publicExponent: new Uint8Array([1, 0, 1]),
+    modulusLength: 2048,
+};
+const generate = () => __awaiter(void 0, void 0, void 0, function* () {
+    const keys = yield crypto.subtle.generateKey(alg, true, ['sign', 'verify']);
+    const extensions = [
+        new x509.BasicConstraintsExtension(false, undefined, true),
+    ];
+    extensions.push(new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature, true));
+    if (keys.publicKey) {
+        extensions.push(yield x509.SubjectKeyIdentifierExtension.create(keys.publicKey));
+    }
+    const cert = yield x509.X509CertificateGenerator.createSelfSigned({
+        serialNumber: '01',
+        name: 'CN=BoxyHQ Jackson',
+        notBefore: new Date(),
+        notAfter: new Date('3021/01/01'),
+        signingAlgorithm: alg,
+        keys: keys,
+        extensions,
+    });
+    if (keys.privateKey) {
+        const pkcs8 = yield crypto.subtle.exportKey('pkcs8', keys.privateKey);
+        return {
+            publicKey: cert.toString('pem'),
+            privateKey: x509.PemConverter.encode(pkcs8, 'private key'),
+        };
+    }
+});
+exports.default = {
+    generate,
+};

package/dist/typings.d.ts

@@ -0,0 +1,137 @@
+export declare type IdPConfig = {
+    defaultRedirectUrl: string;
+    redirectUrl: string;
+    tenant: string;
+    product: string;
+    rawMetadata: string;
+};
+export interface OAuth {
+    client_id: string;
+    client_secret: string;
+    provider: string;
+}
+export interface ISAMLConfig {
+    config(body: IdPConfig): Promise<OAuth>;
+    getConfig(body: {
+        clientID: string;
+        tenant: string;
+        product: string;
+    }): Promise<Partial<OAuth>>;
+    deleteConfig(body: {
+        clientID: string;
+        clientSecret: string;
+        tenant: string;
+        product: string;
+    }): Promise<void>;
+    create(body: IdPConfig): Promise<OAuth>;
+    get(body: {
+        clientID: string;
+        tenant: string;
+        product: string;
+    }): Promise<Partial<OAuth>>;
+    delete(body: {
+        clientID: string;
+        clientSecret: string;
+        tenant: string;
+        product: string;
+    }): Promise<void>;
+}
+export interface IOAuthController {
+    authorize(body: OAuthReqBody): Promise<{
+        redirect_url: string;
+    }>;
+    samlResponse(body: SAMLResponsePayload): Promise<{
+        redirect_url: string;
+    }>;
+    token(body: OAuthTokenReq): Promise<OAuthTokenRes>;
+    userInfo(token: string): Promise<Profile>;
+}
+export interface OAuthReqBody {
+    response_type: 'code';
+    client_id: string;
+    redirect_uri: string;
+    state: string;
+    tenant: string;
+    product: string;
+    code_challenge: string;
+    code_challenge_method: 'plain' | 'S256' | '';
+    provider: 'saml';
+}
+export interface SAMLResponsePayload {
+    SAMLResponse: string;
+    RelayState: string;
+}
+export interface OAuthTokenReq {
+    client_id: string;
+    client_secret: string;
+    code_verifier: string;
+    code: string;
+    grant_type: 'authorization_code';
+}
+export interface OAuthTokenRes {
+    access_token: string;
+    token_type: 'bearer';
+    expires_in: number;
+}
+export interface Profile {
+    id: string;
+    email: string;
+    firstName: string;
+    lastName: string;
+}
+export interface Index {
+    name: string;
+    value: string;
+}
+export interface DatabaseDriver {
+    get(namespace: string, key: string): Promise<any>;
+    put(namespace: string, key: string, val: any, ttl: number, ...indexes: Index[]): Promise<any>;
+    delete(namespace: string, key: string): Promise<any>;
+    getByIndex(namespace: string, idx: Index): Promise<any>;
+}
+export interface Storable {
+    get(key: string): Promise<any>;
+    put(key: string, val: any, ...indexes: Index[]): Promise<any>;
+    delete(key: string): Promise<any>;
+    getByIndex(idx: Index): Promise<any>;
+}
+export interface Encrypted {
+    iv?: string;
+    tag?: string;
+    value: string;
+}
+export declare type EncryptionKey = any;
+export declare type DatabaseEngine = 'redis' | 'sql' | 'mongo' | 'mem';
+export declare type DatabaseType = 'postgres' | 'mysql' | 'mariadb';
+export interface DatabaseOption {
+    engine: DatabaseEngine;
+    url: string;
+    type: DatabaseType;
+    ttl: number;
+    cleanupLimit: number;
+    encryptionKey: string;
+}
+export interface SAMLReq {
+    ssoUrl?: string;
+    entityID: string;
+    callbackUrl: string;
+    isPassive?: boolean;
+    forceAuthn?: boolean;
+    identifierFormat?: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress';
+    providerName?: 'BoxyHQ';
+    signingKey: string;
+}
+export interface SAMLProfile {
+    audience: string;
+    claims: Record<string, any>;
+    issuer: string;
+    sessionIndex: string;
+}
+export interface JacksonOption {
+    externalUrl: string;
+    samlPath: string;
+    samlAudience: string;
+    preLoadedConfig?: string;
+    idpEnabled?: boolean;
+    db: DatabaseOption;
+}

package/dist/typings.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -1,11 +1,12 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "0.2.4-beta.198",
+  "version": "0.3.0-beta.248",
   "license": "Apache 2.0",
   "description": "SAML 2.0 service",
-  "main": "src/index.js",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "engines": {
-    "node": ">=14.x"
+    "node": ">=14.18.1"
   },
   "repository": {
     "type": "git",
@@ -15,14 +16,18 @@
     "SAML 2.0"
   ],
   "scripts": {
-    "start": "cross-env IDP_ENABLED=true node src/jackson.js",
-    "dev": "cross-env IDP_ENABLED=true nodemon src/jackson.js",
-    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon src/jackson.js",
-    "pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
-    "pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONFIG='./_config' nodemon src/jackson.js",
-    "test": "tap --timeout=100 src/**/*.test.js",
+    "build": "tsc -p tsconfig.build.json",
+    "prepublishOnly": "npm run build",
+    "start": "cross-env IDP_ENABLED=true node dist/jackson.js",
+    "dev": "cross-env IDP_ENABLED=true nodemon --config nodemon.json src/jackson.ts",
+    "mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson nodemon --config nodemon.json src/jackson.ts",
+    "sql": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=postgres DB_URL=postgres://postgres:postgres@localhost:5432/jackson nodemon --config nodemon.json src/jackson.ts",
+    "pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONFIG='./_config' nodemon --config nodemon.json src/jackson.ts",
+    "pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONFIG='./_config' nodemon --config nodemon.json src/jackson.ts",
+    "test": "tap --ts --timeout=100 --coverage src/**/*.test.ts ",
     "dev-dbs": "docker-compose -f ./_dev/docker-compose.yml up -d",
-    "dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans"
+    "dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans",
+    "db:migration:generate": "ts-node -r tsconfig-paths/register ./node_modules/typeorm/cli.js migration:generate --config ormconfig.js  -n Initial"
   },
   "tap": {
     "coverage-map": "map.js",
@@ -33,15 +38,15 @@
   },
   "dependencies": {
     "@boxyhq/saml20": "0.2.0",
-    "@peculiar/webcrypto": "1.2.2",
-    "@peculiar/x509": "1.6.0",
+    "@peculiar/webcrypto": "1.2.3",
+    "@peculiar/x509": "1.6.1",
     "cors": "2.8.5",
-    "express": "4.17.1",
-    "mongodb": "4.2.1",
+    "express": "4.17.2",
+    "mongodb": "4.2.2",
     "mysql2": "2.3.3",
     "pg": "8.7.1",
     "rambda": "6.9.0",
-    "redis": "4.0.0-rc.4",
+    "redis": "4.0.1",
     "reflect-metadata": "0.1.13",
     "ripemd160": "2.0.2",
     "thumbprint": "0.0.1",
@@ -51,17 +56,32 @@
     "xmlbuilder": "15.1.1"
   },
   "devDependencies": {
+    "@types/express": "^4.17.13",
+    "@types/node": "^16.11.17",
+    "@types/redis": "4.0.11",
+    "@types/sinon": "10.0.6",
+    "@types/tap": "15.0.5",
+    "@typescript-eslint/eslint-plugin": "^5.8.1",
+    "@typescript-eslint/parser": "^5.8.1",
     "cross-env": "7.0.3",
-    "eslint": "8.4.0",
+    "eslint": "^8.5.0",
+    "eslint-config-prettier": "^8.3.0",
     "husky": "7.0.4",
-    "lint-staged": "12.1.2",
+    "lint-staged": "12.1.4",
     "nodemon": "2.0.15",
     "prettier": "2.5.1",
     "sinon": "12.0.1",
-    "tap": "15.1.5"
+    "tap": "15.1.5",
+    "ts-node": "10.4.0",
+    "tsconfig-paths": "3.12.0",
+    "typescript": "4.5.4"
   },
   "lint-staged": {
-    "*.js": "eslint --cache --fix",
-    "*.{js,css,md}": "prettier --write"
-  }
+    "*.{js,ts}": "eslint --cache --fix",
+    "*.{js,ts,css,md}": "prettier --write"
+  },
+  "files": [
+    "dist",
+    "Dockerfile"
+  ]
 }

package/.dockerignore

@@ -1,2 +0,0 @@
-node_modules
-npm-debug.log

package/.eslintrc.js

@@ -1,13 +0,0 @@
-module.exports = {
-    "env": {
-        "es2021": true,
-        "node": true
-    },
-    "extends": "eslint:recommended",
-    "parserOptions": {
-        "ecmaVersion": 13,
-        "sourceType": "module"
-    },
-    "rules": {
-    }
-};

package/.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,27 +0,0 @@
----
-name: Bug report
-about: Report any issues with the platform
-title: ""
-labels: bug
-assignees: ""
----
-
-Found a bug? Please fill out the sections below. 👍
-
-### Issue Summary
-
-A summary of the issue. This needs to be a clear detailed-rich summary.
-
-### Steps to Reproduce
-
-1. (for example) Went to ...
-2. Clicked on...
-3. ...
-
-Any other relevant information. For example, why do you consider this a bug and what did you expect to happen instead?
-
-### Technical details
-
-- Browser version: You can use https://www.whatsmybrowser.org/ to find this out.
-- Node.js version
-- Anything else that you think could be an issue.

package/.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Questions
-    url: https://github.com/boxyhq/jackson/discussions
-    about: Ask a general question about the project on our GitHub Discussion page

package/.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,43 +0,0 @@
----
-name: Feature request
-about: Suggest a feature or idea
-title: ""
-labels: enhancement
-assignees: ""
----
-
-> Please check if your Feature Request has not been already raised in the [Discussions Tab](https://github.com/boxyhq/jackson/discussions), as we would like to reduce duplicates. If it has been already raised, simply upvote it 🔼.
-
-### Is your proposal related to a problem?
-
-<!--
-  Provide a clear and concise description of what the problem is.
-  For example, "I'm always frustrated when..."
--->
-
-(Write your answer here.)
-
-### Describe the solution you'd like
-
-<!--
-  Provide a clear and concise description of what you want to happen.
--->
-
-(Describe your proposed solution here.)
-
-### Describe alternatives you've considered
-
-<!--
-  Let us know about other solutions you've tried or researched.
--->
-
-(Write your answer here.)
-
-### Additional context
-
-<!--
-  Is there anything else you can add about the proposal?
-  You might want to link to related issues here, if you haven't already.
--->
-
-(Write your answer here.)

package/.github/pull_request_template.md

@@ -1,31 +0,0 @@
-## What does this PR do?
-
-<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. -->
-
-Fixes # (issue)
-
-## Type of change
-
-<!-- Please delete options that are not relevant. -->
-
-- [ ] Bug fix (non-breaking change which fixes an issue)
-- [ ] New feature (non-breaking change which adds functionality)
-- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
-- [ ] This change requires a documentation update
-
-## How should this be tested?
-
-<!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration -->
-
-- [ ] Test A
-- [ ] Test B
-
-## Checklist:
-
-- [ ] My code follows the style guidelines of this project
-- [ ] I have performed a self-review of my own code and corrected any misspellings
-- [ ] I have commented my code, particularly in hard-to-understand areas
-- [ ] I have made corresponding changes to the documentation
-- [ ] My changes generate no new warnings
-- [ ] I have added tests that prove my fix is effective or that my feature works
-- [ ] New and existing unit tests pass locally with my changes

package/.github/workflows/codesee-arch-diagram.yml

@@ -1,81 +0,0 @@
-on:
-  push:
-    branches:
-      - main
-  pull_request_target:
-    types: [opened, synchronize, reopened]
-
-name: CodeSee Map
-
-jobs:
-  test_map_action:
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    name: Run CodeSee Map Analysis
-    steps:
-      - name: checkout
-        id: checkout
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-          ref: ${{ github.event.pull_request.head.ref }}
-          fetch-depth: 0
-
-      # codesee-detect-languages has an output with id languages.
-      - name: Detect Languages
-        id: detect-languages
-        uses: Codesee-io/codesee-detect-languages-action@latest
-
-      - name: Configure JDK 16
-        uses: actions/setup-java@v2
-        if: ${{ fromJSON(steps.detect-languages.outputs.languages).java }}
-        with:
-          java-version: '16'
-          distribution: 'zulu'
-
-      # CodeSee Maps Go support uses a static binary so there's no setup step required.
-
-      - name: Configure Node.js 14
-        uses: actions/setup-node@v2
-        if: ${{ fromJSON(steps.detect-languages.outputs.languages).javascript }}
-        with:
-          node-version: '14'
-
-      - name: Configure Python 3.x
-        uses: actions/setup-python@v2
-        if: ${{ fromJSON(steps.detect-languages.outputs.languages).python }}
-        with:
-          python-version: '3.x'
-          architecture: 'x64'
-
-      - name: Configure Ruby '3.x'
-        uses: ruby/setup-ruby@v1
-        if: ${{ fromJSON(steps.detect-languages.outputs.languages).ruby }}
-        with:
-          ruby-version: '3.0'
-
-      # CodeSee Maps Rust support uses a static binary so there's no setup step required.
-
-      - name: Generate Map
-        id: generate-map
-        uses: Codesee-io/codesee-map-action@latest
-        with:
-          step: map
-          github_ref: ${{ github.ref }}
-          languages: ${{ steps.detect-languages.outputs.languages }}
-
-      - name: Upload Map
-        id: upload-map
-        uses: Codesee-io/codesee-map-action@latest
-        with:
-          step: mapUpload
-          api_token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }}
-          github_ref: ${{ github.ref }}
-      
-      - name: Insights
-        id: insights
-        uses: Codesee-io/codesee-map-action@latest
-        with:
-          step: insights
-          api_token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }}
-          github_ref: ${{ github.ref }}

package/.github/workflows/main.yml

@@ -1,123 +0,0 @@
-# This is a basic workflow to help you get started with Actions
-
-name: CI
-
-# Controls when the workflow will run
-on:
-  # Triggers the workflow on push or pull request events but only for the main branch
-  push:
-    branches:
-      - '*'
-  pull_request:
-    types: [opened, synchronize, reopened]
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [16.x]
-        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-
-    services:
-      postgres:
-        image: postgres:13
-        ports:
-          - 5432:5432
-        env:
-          POSTGRES_PASSWORD: ""
-          POSTGRES_HOST_AUTH_METHOD: "trust"
-        # Set health checks to wait until postgres has started
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-      redis:
-        image: redis:6.2.5-alpine
-        ports:
-          - 6379:6379
-      mongo:
-        image: mongo:4.4.10
-        ports:
-          - 27017:27017
-      mysql:
-        image: mysql:5.7
-        ports:
-          - 3307:3306
-        env:
-          MYSQL_DATABASE: mysql
-          MYSQL_ROOT_PASSWORD: mysql
-      maria:
-        image: mariadb:10.4.22
-        ports:
-          - 3306:3306
-        env:
-          MARIADB_DATABASE: mysql
-          MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: "yes"
-          
-    steps:
-    - uses: actions/checkout@v2
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v2
-      with:
-        always-auth: true
-        node-version: ${{ matrix.node-version }}
-        registry-url: https://registry.npmjs.org
-        scope: '@boxyhq'
-        cache: 'npm'
-    - run: npm ci
-    - run: npm run test
-    - run: |
-        publishTag="latest"
-        if [[ "$GITHUB_REF" == *\/release ]]
-        then
-          echo "Release branch"
-        else
-          echo "Dev branch"
-          publishTag="beta"
-          versionSuffixTag="-beta.${GITHUB_RUN_NUMBER}"
-          sed "s/\(^[ ]*\"version\"\:[ ]*\".*\)\",/\1${versionSuffixTag}\",/" < package.json > package.json.new
-          mv package.json.new package.json
-        fi
-        npm publish --tag $publishTag --access public
-      env:
-        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-  build:
-    needs: publish
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check Out Repo 
-        uses: actions/checkout@v2
-
-      - name: Get short SHA
-        id: slug
-        run: echo "::set-output name=sha7::$(echo ${GITHUB_SHA} | cut -c1-7)"
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
-        with:
-          context: ./
-          file: ./Dockerfile
-          push: true
-          tags: ${{ github.repository }}:latest,${{ github.repository }}:${{ steps.slug.outputs.sha7 }}
-
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}

package/_dev/docker-compose.yml

@@ -1,37 +0,0 @@
-# this file is a helper to run all the supported dbs locally, the data is ephemeral since no host volumes will be mounted
-version: "3.6"
-services:
-  postgres:
-    image: postgres:13
-    ports:
-      - "5432:5432"
-    restart: always
-    environment:
-      POSTGRES_PASSWORD: ""
-      POSTGRES_HOST_AUTH_METHOD: trust
-  redis:
-    image: redis:6.2.5-alpine
-    ports:
-      - "6379:6379"
-    restart: always
-  mongo:
-    image: mongo:4.4.10
-    ports:
-      - "27017:27017"
-    restart: always
-  mysql:
-    image: mysql:5.7
-    ports:
-      - "3307:3306"
-    restart: always
-    environment:
-      MYSQL_DATABASE: mysql
-      MYSQL_ROOT_PASSWORD: mysql
-  maria:
-    image: mariadb:10.4.22
-    ports:
-      - "3306:3306"
-    restart: always
-    environment:
-      MARIADB_DATABASE: mysql
-      MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: "yes"

package/map.js

@@ -1 +0,0 @@
-module.exports = (test) => test.replace(/\.test\.js$/, '.js');