@boxyhq/saml-jackson 0.4.3 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/README.md +1 -1
  2. package/dist/controller/admin.d.ts +2 -2
  3. package/dist/controller/admin.js +2 -2
  4. package/dist/controller/api.d.ts +48 -35
  5. package/dist/controller/api.js +92 -47
  6. package/dist/controller/health-check.d.ts +11 -0
  7. package/dist/controller/health-check.js +53 -0
  8. package/dist/controller/oauth.js +12 -3
  9. package/dist/controller/signout.d.ts +18 -0
  10. package/dist/controller/signout.js +231 -0
  11. package/dist/controller/utils.d.ts +2 -1
  12. package/dist/controller/utils.js +13 -3
  13. package/dist/db/db.d.ts +1 -1
  14. package/dist/db/db.js +7 -3
  15. package/dist/db/defaultDb.d.ts +2 -0
  16. package/dist/db/defaultDb.js +12 -0
  17. package/dist/db/mem.d.ts +1 -1
  18. package/dist/db/mem.js +43 -11
  19. package/dist/db/mongo.d.ts +1 -1
  20. package/dist/db/mongo.js +12 -13
  21. package/dist/db/redis.d.ts +1 -1
  22. package/dist/db/redis.js +63 -16
  23. package/dist/db/sql/sql.d.ts +2 -2
  24. package/dist/db/sql/sql.js +19 -11
  25. package/dist/db/store.js +7 -3
  26. package/dist/db/utils.d.ts +3 -0
  27. package/dist/db/utils.js +7 -1
  28. package/dist/index.d.ts +5 -1
  29. package/dist/index.js +21 -8
  30. package/dist/read-config.js +5 -1
  31. package/dist/saml/saml.d.ts +3 -0
  32. package/dist/saml/saml.js +38 -5
  33. package/dist/saml/x509.js +5 -1
  34. package/dist/typings.d.ts +49 -11
  35. package/package.json +24 -24
package/README.md CHANGED
@@ -14,7 +14,7 @@ npm i @boxyhq/saml-jackson
14
14
 
15
15
  ## Documentation
16
16
 
17
- For full documentation, visit [boxyhq.com/docs/jackson/npm-library](https://boxyhq.com/docs/jackson/npm-library)
17
+ For full documentation, visit [boxyhq.com/docs/jackson/deploy/npm-library](https://boxyhq.com/docs/jackson/deploy/npm-library)
18
18
 
19
19
  ## License
20
20
 
package/dist/controller/admin.d.ts CHANGED
@@ -1,8 +1,8 @@
1
- import { IAdminController, Storable, OAuth } from '../typings';
1
+ import { IAdminController, Storable } from '../typings';
2
2
  export declare class AdminController implements IAdminController {
3
3
  configStore: Storable;
4
4
  constructor({ configStore }: {
5
5
  configStore: any;
6
6
  });
7
- getAllConfig(): Promise<Partial<OAuth>[]>;
7
+ getAllConfig(pageOffset?: number, pageLimit?: number): Promise<Partial<any>[]>;
8
8
  }
package/dist/controller/admin.js CHANGED
@@ -14,9 +14,9 @@ class AdminController {
14
14
  constructor({ configStore }) {
15
15
  this.configStore = configStore;
16
16
  }
17
- getAllConfig() {
17
+ getAllConfig(pageOffset, pageLimit) {
18
18
  return __awaiter(this, void 0, void 0, function* () {
19
- const configList = (yield this.configStore.getAll());
19
+ const configList = (yield this.configStore.getAll(pageOffset, pageLimit));
20
20
  if (!configList || !configList.length) {
21
21
  return [];
22
22
  }
package/dist/controller/api.d.ts CHANGED
@@ -1,9 +1,10 @@
1
- import { IAPIController, IdPConfig, OAuth } from '../typings';
1
+ import { IAPIController, IdPConfig } from '../typings';
2
2
  export declare class APIController implements IAPIController {
3
3
  private configStore;
4
4
  constructor({ configStore }: {
5
5
  configStore: any;
6
6
  });
7
+ private _validateRedirectUrl;
7
8
  private _validateIdPConfig;
8
9
  /**
9
10
  * @swagger
@@ -59,23 +60,37 @@ export declare class APIController implements IAPIController {
59
60
  * description: Success
60
61
  * schema:
61
62
  * type: object
62
- * properties:
63
- * client_id:
64
- * type: string
65
- * client_secret:
66
- * type: string
67
- * provider:
68
- * type: string
69
63
  * example:
70
- * client_id: 8958e13053832b5af58fdf2ee83f35f5d013dc74
71
- * client_secret: 13f01f4df5b01770c616e682d14d3ba23f20948cfa89b1d7
72
- * type: accounts.google.com
64
+ * {
65
+ * "idpMetadata": {
66
+ * "sso": {
67
+ * "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml",
68
+ * "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml"
69
+ * },
70
+ * "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
71
+ * "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
72
+ * "loginType": "idp",
73
+ * "provider": "okta.com"
74
+ * },
75
+ * "defaultRedirectUrl": "https://hoppscotch.io/",
76
+ * "redirectUrl": ["https://hoppscotch.io/"],
77
+ * "tenant": "hoppscotch.io",
78
+ * "product": "API Engine",
79
+ * "name": "Hoppscotch-SP",
80
+ * "description": "SP for hoppscotch.io",
81
+ * "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
82
+ * "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
83
+ * "certs": {
84
+ * "publicKey": "-----BEGIN CERTIFICATE-----.......-----END CERTIFICATE-----",
85
+ * "privateKey": "-----BEGIN PRIVATE KEY-----......-----END PRIVATE KEY-----"
86
+ * }
87
+ * }
73
88
  * 400:
74
89
  * description: Please provide rawMetadata or encodedRawMetadata | Please provide a defaultRedirectUrl | Please provide redirectUrl | Please provide tenant | Please provide product | Please provide a friendly name | Description should not exceed 100 characters
75
90
  * 401:
76
91
  * description: Unauthorized
77
92
  */
78
- config(body: IdPConfig): Promise<OAuth>;
93
+ config(body: IdPConfig): Promise<any>;
79
94
  /**
80
95
  * @swagger
81
96
  *
@@ -172,31 +187,29 @@ export declare class APIController implements IAPIController {
172
187
  * type: object
173
188
  * example:
174
189
  * {
175
- * "config": {
176
- * "idpMetadata": {
177
- * "sso": {
178
- * "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml",
179
- * "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml"
180
- * },
181
- * "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
182
- * "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
183
- * "loginType": "idp",
184
- * "provider": "okta.com"
190
+ * "idpMetadata": {
191
+ * "sso": {
192
+ * "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml",
193
+ * "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml"
185
194
  * },
186
- * "defaultRedirectUrl": "https://hoppscotch.io/",
187
- * "redirectUrl": ["https://hoppscotch.io/"],
188
- * "tenant": "hoppscotch.io",
189
- * "product": "API Engine",
190
- * "name": "Hoppscotch-SP",
191
- * "description": "SP for hoppscotch.io",
192
- * "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
193
- * "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
194
- * "certs": {
195
- * "publicKey": "-----BEGIN CERTIFICATE-----.......-----END CERTIFICATE-----",
196
- * "privateKey": "-----BEGIN PRIVATE KEY-----......-----END PRIVATE KEY-----"
197
- * }
195
+ * "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
196
+ * "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
197
+ * "loginType": "idp",
198
+ * "provider": "okta.com"
199
+ * },
200
+ * "defaultRedirectUrl": "https://hoppscotch.io/",
201
+ * "redirectUrl": ["https://hoppscotch.io/"],
202
+ * "tenant": "hoppscotch.io",
203
+ * "product": "API Engine",
204
+ * "name": "Hoppscotch-SP",
205
+ * "description": "SP for hoppscotch.io",
206
+ * "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
207
+ * "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
208
+ * "certs": {
209
+ * "publicKey": "-----BEGIN CERTIFICATE-----.......-----END CERTIFICATE-----",
210
+ * "privateKey": "-----BEGIN PRIVATE KEY-----......-----END PRIVATE KEY-----"
198
211
  * }
199
- * }
212
+ * }
200
213
  * '400':
201
214
  * description: Please provide `clientID` or `tenant` and `product`.
202
215
  * '401':
package/dist/controller/api.js CHANGED
@@ -1,7 +1,11 @@
1
1
  "use strict";
2
2
  var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
3
  if (k2 === undefined) k2 = k;
4
- Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
5
9
  }) : (function(o, m, k, k2) {
6
10
  if (k2 === undefined) k2 = k;
7
11
  o[k2] = m[k];
@@ -54,6 +58,19 @@ class APIController {
54
58
  constructor({ configStore }) {
55
59
  this.configStore = configStore;
56
60
  }
61
+ _validateRedirectUrl({ redirectUrlList, defaultRedirectUrl }) {
62
+ if (redirectUrlList) {
63
+ if (redirectUrlList.length > 100) {
64
+ throw new error_1.JacksonError('Exceeded maximum number of allowed redirect urls', 400);
65
+ }
66
+ for (const url of redirectUrlList) {
67
+ (0, utils_1.validateAbsoluteUrl)(url, 'redirectUrl is invalid');
68
+ }
69
+ }
70
+ if (defaultRedirectUrl) {
71
+ (0, utils_1.validateAbsoluteUrl)(defaultRedirectUrl, 'defaultRedirectUrl is invalid');
72
+ }
73
+ }
57
74
  _validateIdPConfig(body) {
58
75
  const { encodedRawMetadata, rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product, description } = body;
59
76
  if (!rawMetadata && !encodedRawMetadata) {
@@ -129,17 +146,31 @@ class APIController {
129
146
  * description: Success
130
147
  * schema:
131
148
  * type: object
132
- * properties:
133
- * client_id:
134
- * type: string
135
- * client_secret:
136
- * type: string
137
- * provider:
138
- * type: string
139
149
  * example:
140
- * client_id: 8958e13053832b5af58fdf2ee83f35f5d013dc74
141
- * client_secret: 13f01f4df5b01770c616e682d14d3ba23f20948cfa89b1d7
142
- * type: accounts.google.com
150
+ * {
151
+ * "idpMetadata": {
152
+ * "sso": {
153
+ * "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml",
154
+ * "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml"
155
+ * },
156
+ * "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
157
+ * "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
158
+ * "loginType": "idp",
159
+ * "provider": "okta.com"
160
+ * },
161
+ * "defaultRedirectUrl": "https://hoppscotch.io/",
162
+ * "redirectUrl": ["https://hoppscotch.io/"],
163
+ * "tenant": "hoppscotch.io",
164
+ * "product": "API Engine",
165
+ * "name": "Hoppscotch-SP",
166
+ * "description": "SP for hoppscotch.io",
167
+ * "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
168
+ * "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
169
+ * "certs": {
170
+ * "publicKey": "-----BEGIN CERTIFICATE-----.......-----END CERTIFICATE-----",
171
+ * "privateKey": "-----BEGIN PRIVATE KEY-----......-----END PRIVATE KEY-----"
172
+ * }
173
+ * }
143
174
  * 400:
144
175
  * description: Please provide rawMetadata or encodedRawMetadata | Please provide a defaultRedirectUrl | Please provide redirectUrl | Please provide tenant | Please provide product | Please provide a friendly name | Description should not exceed 100 characters
145
176
  * 401:
@@ -150,6 +181,8 @@ class APIController {
150
181
  const { encodedRawMetadata, rawMetadata, defaultRedirectUrl, redirectUrl, tenant, product, name, description, } = body;
151
182
  metrics.increment('createConfig');
152
183
  this._validateIdPConfig(body);
184
+ const redirectUrlList = extractRedirectUrls(redirectUrl);
185
+ this._validateRedirectUrl({ defaultRedirectUrl, redirectUrlList });
153
186
  let metaData = rawMetadata;
154
187
  if (encodedRawMetadata) {
155
188
  metaData = Buffer.from(encodedRawMetadata, 'base64').toString();
@@ -174,10 +207,10 @@ class APIController {
174
207
  if (!certs) {
175
208
  throw new Error('Error generating x59 certs');
176
209
  }
177
- yield this.configStore.put(clientID, {
210
+ const record = {
178
211
  idpMetadata,
179
212
  defaultRedirectUrl,
180
- redirectUrl: JSON.parse(redirectUrl),
213
+ redirectUrl: redirectUrlList,
181
214
  tenant,
182
215
  product,
183
216
  name,
@@ -185,7 +218,8 @@ class APIController {
185
218
  clientID,
186
219
  clientSecret,
187
220
  certs,
188
- }, {
221
+ };
222
+ yield this.configStore.put(clientID, record, {
189
223
  // secondary index on entityID
190
224
  name: utils_1.IndexNames.EntityID,
191
225
  value: idpMetadata.entityID,
@@ -194,11 +228,7 @@ class APIController {
194
228
  name: utils_1.IndexNames.TenantProduct,
195
229
  value: dbutils.keyFromParts(tenant, product),
196
230
  });
197
- return {
198
- client_id: clientID,
199
- client_secret: clientSecret,
200
- provider: idpMetadata.provider,
201
- };
231
+ return record;
202
232
  });
203
233
  }
204
234
  /**
@@ -268,7 +298,6 @@ class APIController {
268
298
  * description: Unauthorized
269
299
  */
270
300
  updateConfig(body) {
271
- var _a;
272
301
  return __awaiter(this, void 0, void 0, function* () {
273
302
  const { encodedRawMetadata, // could be empty
274
303
  rawMetadata, // could be empty
@@ -282,7 +311,9 @@ class APIController {
282
311
  if (description && description.length > 100) {
283
312
  throw new error_1.JacksonError('Description should not exceed 100 characters', 400);
284
313
  }
285
- const _currentConfig = (_a = (yield this.getConfig(clientInfo))) === null || _a === void 0 ? void 0 : _a.config;
314
+ const redirectUrlList = redirectUrl ? extractRedirectUrls(redirectUrl) : null;
315
+ this._validateRedirectUrl({ defaultRedirectUrl, redirectUrlList });
316
+ const _currentConfig = yield this.getConfig(clientInfo);
286
317
  if (_currentConfig.clientSecret !== (clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientSecret)) {
287
318
  throw new error_1.JacksonError('clientSecret mismatch', 400);
288
319
  }
@@ -307,7 +338,8 @@ class APIController {
307
338
  throw new error_1.JacksonError('Tenant/Product config mismatch with IdP metadata', 400);
308
339
  }
309
340
  }
310
- yield this.configStore.put(clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientID, Object.assign(Object.assign({}, _currentConfig), { name: name ? name : _currentConfig.name, description: description ? description : _currentConfig.description, idpMetadata: newMetadata ? newMetadata : _currentConfig.idpMetadata, defaultRedirectUrl: defaultRedirectUrl ? defaultRedirectUrl : _currentConfig.defaultRedirectUrl, redirectUrl: redirectUrl ? JSON.parse(redirectUrl) : _currentConfig.redirectUrl }), {
341
+ const record = Object.assign(Object.assign({}, _currentConfig), { name: name ? name : _currentConfig.name, description: description ? description : _currentConfig.description, idpMetadata: newMetadata ? newMetadata : _currentConfig.idpMetadata, defaultRedirectUrl: defaultRedirectUrl ? defaultRedirectUrl : _currentConfig.defaultRedirectUrl, redirectUrl: redirectUrlList ? redirectUrlList : _currentConfig.redirectUrl });
342
+ yield this.configStore.put(clientInfo === null || clientInfo === void 0 ? void 0 : clientInfo.clientID, record, {
311
343
  // secondary index on entityID
312
344
  name: utils_1.IndexNames.EntityID,
313
345
  value: _currentConfig.idpMetadata.entityID,
@@ -347,31 +379,29 @@ class APIController {
347
379
  * type: object
348
380
  * example:
349
381
  * {
350
- * "config": {
351
- * "idpMetadata": {
352
- * "sso": {
353
- * "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml",
354
- * "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml"
355
- * },
356
- * "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
357
- * "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
358
- * "loginType": "idp",
359
- * "provider": "okta.com"
382
+ * "idpMetadata": {
383
+ * "sso": {
384
+ * "postUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml",
385
+ * "redirectUrl": "https://dev-20901260.okta.com/app/dev-20901260_jacksonnext_1/xxxxxxxxxxxxx/sso/saml"
360
386
  * },
361
- * "defaultRedirectUrl": "https://hoppscotch.io/",
362
- * "redirectUrl": ["https://hoppscotch.io/"],
363
- * "tenant": "hoppscotch.io",
364
- * "product": "API Engine",
365
- * "name": "Hoppscotch-SP",
366
- * "description": "SP for hoppscotch.io",
367
- * "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
368
- * "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
369
- * "certs": {
370
- * "publicKey": "-----BEGIN CERTIFICATE-----.......-----END CERTIFICATE-----",
371
- * "privateKey": "-----BEGIN PRIVATE KEY-----......-----END PRIVATE KEY-----"
372
- * }
387
+ * "entityID": "http://www.okta.com/xxxxxxxxxxxxx",
388
+ * "thumbprint": "Eo+eUi3UM3XIMkFFtdVK3yJ5vO9f7YZdasdasdad",
389
+ * "loginType": "idp",
390
+ * "provider": "okta.com"
391
+ * },
392
+ * "defaultRedirectUrl": "https://hoppscotch.io/",
393
+ * "redirectUrl": ["https://hoppscotch.io/"],
394
+ * "tenant": "hoppscotch.io",
395
+ * "product": "API Engine",
396
+ * "name": "Hoppscotch-SP",
397
+ * "description": "SP for hoppscotch.io",
398
+ * "clientID": "Xq8AJt3yYAxmXizsCWmUBDRiVP1iTC8Y/otnvFIMitk",
399
+ * "clientSecret": "00e3e11a3426f97d8000000738300009130cd45419c5943",
400
+ * "certs": {
401
+ * "publicKey": "-----BEGIN CERTIFICATE-----.......-----END CERTIFICATE-----",
402
+ * "privateKey": "-----BEGIN PRIVATE KEY-----......-----END PRIVATE KEY-----"
373
403
  * }
374
- * }
404
+ * }
375
405
  * '400':
376
406
  * description: Please provide `clientID` or `tenant` and `product`.
377
407
  * '401':
@@ -383,7 +413,7 @@ class APIController {
383
413
  metrics.increment('getConfig');
384
414
  if (clientID) {
385
415
  const samlConfig = yield this.configStore.get(clientID);
386
- return samlConfig ? { config: samlConfig } : {};
416
+ return samlConfig || {};
387
417
  }
388
418
  if (tenant && product) {
389
419
  const samlConfigs = yield this.configStore.getByIndex({
@@ -393,7 +423,7 @@ class APIController {
393
423
  if (!samlConfigs || !samlConfigs.length) {
394
424
  return {};
395
425
  }
396
- return { config: samlConfigs[0] };
426
+ return Object.assign({}, samlConfigs[0]);
397
427
  }
398
428
  throw new error_1.JacksonError('Please provide `clientID` or `tenant` and `product`.', 400);
399
429
  });
@@ -482,3 +512,18 @@ const extractHostName = (url) => {
482
512
  return null;
483
513
  }
484
514
  };
515
+ const extractRedirectUrls = (urls) => {
516
+ if (!urls) {
517
+ return [];
518
+ }
519
+ if (typeof urls === 'string') {
520
+ if (urls.startsWith('[')) {
521
+ // redirectUrl is a stringified array
522
+ return JSON.parse(urls);
523
+ }
524
+ // redirectUrl is a single URL
525
+ return [urls];
526
+ }
527
+ // redirectUrl is an array of URLs
528
+ return urls;
529
+ };
package/dist/controller/health-check.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ import { IHealthCheckController, Storable } from '../typings';
2
+ export declare class HealthCheckController implements IHealthCheckController {
3
+ healthCheckStore: Storable;
4
+ constructor({ healthCheckStore }: {
5
+ healthCheckStore: any;
6
+ });
7
+ init(): Promise<void>;
8
+ status(): Promise<{
9
+ status: number;
10
+ }>;
11
+ }
package/dist/controller/health-check.js ADDED
@@ -0,0 +1,53 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.HealthCheckController = void 0;
13
+ const error_1 = require("./error");
14
+ const healthKey = 'amihealthy';
15
+ const healthValue = 'fit';
16
+ const g = global;
17
+ class HealthCheckController {
18
+ constructor({ healthCheckStore }) {
19
+ this.healthCheckStore = healthCheckStore;
20
+ }
21
+ init() {
22
+ return __awaiter(this, void 0, void 0, function* () {
23
+ this.healthCheckStore.put(healthKey, healthValue);
24
+ });
25
+ }
26
+ status() {
27
+ return __awaiter(this, void 0, void 0, function* () {
28
+ try {
29
+ if (!g.isJacksonReady) {
30
+ return {
31
+ status: 503,
32
+ };
33
+ }
34
+ const response = yield Promise.race([
35
+ this.healthCheckStore.get(healthKey),
36
+ new Promise((_, reject) => setTimeout(() => reject(new Error('timeout')), 1000)),
37
+ ]);
38
+ if (response === healthValue) {
39
+ return {
40
+ status: 200,
41
+ };
42
+ }
43
+ return {
44
+ status: 503,
45
+ };
46
+ }
47
+ catch (err) {
48
+ throw new error_1.JacksonError('Service not available', 503);
49
+ }
50
+ });
51
+ }
52
+ }
53
+ exports.HealthCheckController = HealthCheckController;
package/dist/controller/oauth.js CHANGED
@@ -1,7 +1,11 @@
1
1
  "use strict";
2
2
  var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
3
  if (k2 === undefined) k2 = k;
4
- Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
5
9
  }) : (function(o, m, k, k2) {
6
10
  if (k2 === undefined) k2 = k;
7
11
  o[k2] = m[k];
@@ -168,7 +172,7 @@ class OAuthController {
168
172
  }
169
173
  else {
170
174
  // HTTP POST binding
171
- authorizeForm = (0, utils_1.createAuthorizeForm)(relayState, encodeURI(Buffer.from(samlReq.request).toString('base64')), ssoUrl);
175
+ authorizeForm = (0, utils_1.createRequestForm)(relayState, encodeURI(Buffer.from(samlReq.request).toString('base64')), ssoUrl);
172
176
  }
173
177
  return {
174
178
  redirect_url: redirectUrl,
@@ -220,7 +224,7 @@ class OAuthController {
220
224
  profile,
221
225
  clientID: samlConfig.clientID,
222
226
  clientSecret: samlConfig.clientSecret,
223
- requested: session.requested,
227
+ requested: session === null || session === void 0 ? void 0 : session.requested,
224
228
  };
225
229
  if (session) {
226
230
  codeVal.session = session;
@@ -342,6 +346,11 @@ class OAuthController {
342
346
  }
343
347
  }
344
348
  }
349
+ else {
350
+ if (client_secret !== this.opts.clientSecretVerifier && client_secret !== codeVal.clientSecret) {
351
+ throw new error_1.JacksonError('Invalid client_secret', 401);
352
+ }
353
+ }
345
354
  }
346
355
  else if (codeVal && codeVal.session) {
347
356
  throw new error_1.JacksonError('Please specify client_secret or code_verifier', 401);
package/dist/controller/signout.d.ts ADDED
@@ -0,0 +1,18 @@
1
+ import { SAMLResponsePayload, SLORequestParams } from '../typings';
2
+ export declare class LogoutController {
3
+ private configStore;
4
+ private sessionStore;
5
+ private opts;
6
+ constructor({ configStore, sessionStore, opts }: {
7
+ configStore: any;
8
+ sessionStore: any;
9
+ opts: any;
10
+ });
11
+ createRequest({ nameId, tenant, product, redirectUrl }: SLORequestParams): Promise<{
12
+ logoutUrl: string | null;
13
+ logoutForm: string | null;
14
+ }>;
15
+ handleResponse({ SAMLResponse, RelayState }: SAMLResponsePayload): Promise<{
16
+ redirectUrl: any;
17
+ }>;
18
+ }