@boxyhq/saml-jackson 1.3.5 → 1.3.7

package/dist/db/sql/mssql/entity/JacksonStore.js

@@ -0,0 +1,55 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JacksonStore = void 0;
+const typeorm_1 = require("typeorm");
+let JacksonStore = class JacksonStore {
+};
+__decorate([
+    (0, typeorm_1.Column)({
+        primary: true,
+        type: 'varchar',
+        length: 1500,
+    })
+], JacksonStore.prototype, "key", void 0);
+__decorate([
+    (0, typeorm_1.Column)({
+        type: 'text',
+    })
+], JacksonStore.prototype, "value", void 0);
+__decorate([
+    (0, typeorm_1.Column)({
+        type: 'varchar',
+        length: 64,
+        nullable: true,
+    })
+], JacksonStore.prototype, "iv", void 0);
+__decorate([
+    (0, typeorm_1.Column)({
+        type: 'varchar',
+        length: 64,
+        nullable: true,
+    })
+], JacksonStore.prototype, "tag", void 0);
+__decorate([
+    (0, typeorm_1.Column)({
+        type: 'datetime',
+        default: () => 'CURRENT_TIMESTAMP',
+        nullable: false,
+    })
+], JacksonStore.prototype, "createdAt", void 0);
+__decorate([
+    (0, typeorm_1.Column)({
+        type: 'datetime',
+        nullable: true,
+    })
+], JacksonStore.prototype, "modifiedAt", void 0);
+JacksonStore = __decorate([
+    (0, typeorm_1.Entity)()
+], JacksonStore);
+exports.JacksonStore = JacksonStore;

package/dist/db/sql/mssql/entity/JacksonTTL.d.ts

@@ -0,0 +1,4 @@
+export declare class JacksonTTL {
+    key: string;
+    expiresAt: number;
+}

package/dist/db/sql/mssql/entity/JacksonTTL.js

@@ -0,0 +1,29 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JacksonTTL = void 0;
+const typeorm_1 = require("typeorm");
+let JacksonTTL = class JacksonTTL {
+};
+__decorate([
+    (0, typeorm_1.Column)({
+        primary: true,
+        type: 'varchar',
+        length: 1500,
+    })
+], JacksonTTL.prototype, "key", void 0);
+__decorate([
+    (0, typeorm_1.Index)('_jackson_ttl_expires_at'),
+    (0, typeorm_1.Column)({
+        type: 'bigint',
+    })
+], JacksonTTL.prototype, "expiresAt", void 0);
+JacksonTTL = __decorate([
+    (0, typeorm_1.Entity)()
+], JacksonTTL);
+exports.JacksonTTL = JacksonTTL;

package/dist/db/sql/mssql.d.ts

@@ -0,0 +1 @@
+export declare const parseURL: (url?: string) => any;

package/dist/db/sql/mssql.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseURL = void 0;
+const parseURL = (url) => {
+    if (!url) {
+        throw new Error('URL is required');
+    }
+    const parts = url.split('://');
+    if (parts.length != 2) {
+        throw new Error('Invalid connection string');
+    }
+    //const scheme = parts[0];
+    const connectionString = parts[1];
+    const connParts = connectionString.split(';');
+    if (connParts.length == 0) {
+        throw new Error('Invalid connection string');
+    }
+    // sqlserver://[serverName[\instanceName][:portNumber]][;property=value[;property=value]]
+    const hostPort = connParts[0];
+    const hostPortParts = hostPort.split(':');
+    const host = hostPortParts[0];
+    const port = hostPortParts.length > 1 ? parseInt(hostPortParts[1], 10) : 1433;
+    const options = {};
+    connParts.slice(1).map((p) => {
+        const ps = p.split('=');
+        options[ps[0]] = ps[1];
+    });
+    const username = options.username || options.user;
+    const password = options.password || options.pass;
+    const database = options.database;
+    delete options.username;
+    delete options.user;
+    delete options.password;
+    delete options.pass;
+    delete options.database;
+    options.encrypt = Boolean(options.encrypt || false);
+    return {
+        host,
+        port,
+        database,
+        username,
+        password,
+        options,
+    };
+};
+exports.parseURL = parseURL;

package/dist/db/sql/sql.js

@@ -36,6 +36,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 require('reflect-metadata');
 const typeorm_1 = require("typeorm");
 const dbutils = __importStar(require("../utils"));
+const mssql = __importStar(require("./mssql"));
 class Sql {
     constructor(options) {
         this.options = options;
@@ -45,15 +46,20 @@ class Sql {
             const sqlType = this.options.engine === 'planetscale' ? 'mysql' : this.options.type;
             while (true) {
                 try {
-                    this.dataSource = new typeorm_1.DataSource({
+                    const baseOpts = {
                         type: sqlType,
-                        url: this.options.url,
                         synchronize: this.options.engine !== 'planetscale',
                         migrationsTableName: '_jackson_migrations',
                         logging: ['error'],
                         entities: [JacksonStore, JacksonIndex, JacksonTTL],
-                        ssl: this.options.ssl,
-                    });
+                    };
+                    if (sqlType === 'mssql') {
+                        const mssqlOpts = mssql.parseURL(this.options.url);
+                        this.dataSource = new typeorm_1.DataSource(Object.assign({ host: mssqlOpts.host, port: mssqlOpts.port, database: mssqlOpts.database, username: mssqlOpts.username, password: mssqlOpts.password, options: mssqlOpts.options }, baseOpts));
+                    }
+                    else {
+                        this.dataSource = new typeorm_1.DataSource(Object.assign({ url: this.options.url, ssl: this.options.ssl }, baseOpts));
+                    }
                     yield this.dataSource.initialize();
                     break;
                 }
@@ -94,7 +100,7 @@ class Sql {
                 this.timerId = setTimeout(this.ttlCleanup, this.options.ttl * 1000);
             }
             else {
-                console.log('Warning: ttl cleanup not enabled, set both "ttl" and "cleanupLimit" options to enable it!');
+                console.warn('Warning: ttl cleanup not enabled, set both "ttl" and "cleanupLimit" options to enable it!');
             }
             return this;
         });
@@ -173,7 +179,7 @@ class Sql {
                 // no ttl support for secondary indexes
                 for (const idx of indexes || []) {
                     const key = dbutils.keyForIndex(namespace, idx);
-                    const rec = yield this.indexRepository.findOneBy({
+                    const rec = yield transactionalEntityManager.findOneBy(this.JacksonIndex, {
                         key,
                         storeKey: store.key,
                     });

package/dist/index.js

@@ -10,6 +10,18 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];
 }));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
@@ -38,6 +50,7 @@ const logout_1 = require("./controller/logout");
 const directory_sync_1 = __importDefault(require("./directory-sync"));
 const oidc_discovery_1 = require("./controller/oidc-discovery");
 const sp_config_1 = require("./controller/sp-config");
+const x509 = __importStar(require("./saml/x509"));
 const defaultOpts = (opts) => {
     const newOpts = Object.assign({}, opts);
     if (!newOpts.externalUrl) {
@@ -67,10 +80,13 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
     const codeStore = db.store('oauth:code', opts.db.ttl);
     const tokenStore = db.store('oauth:token', opts.db.ttl);
     const healthCheckStore = db.store('_health:check');
+    const certificateStore = db.store('x509:certificates');
     const connectionAPIController = new api_1.ConnectionAPIController({ connectionStore, opts });
     const adminController = new admin_1.AdminController({ connectionStore });
     const healthCheckController = new health_check_1.HealthCheckController({ healthCheckStore });
     yield healthCheckController.init();
+    // Create default certificate if it doesn't exist.
+    yield x509.init(certificateStore);
     const oauthController = new oauth_1.OAuthController({
         connectionStore,
         sessionStore,
@@ -85,7 +101,7 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
     });
     const directorySync = yield (0, directory_sync_1.default)({ db, opts });
     const oidcDiscoveryController = new oidc_discovery_1.OidcDiscoveryController({ opts });
-    const spConfig = new sp_config_1.SPSAMLConfig(opts);
+    const spConfig = new sp_config_1.SPSAMLConfig(opts, x509.getDefaultCertificate);
     // write pre-loaded connections if present
     const preLoadedConnection = opts.preLoadedConnection || opts.preLoadedConfig;
     if (preLoadedConnection && preLoadedConnection.length > 0) {
@@ -97,11 +113,11 @@ const controllers = (opts) => __awaiter(void 0, void 0, void 0, function* () {
             else {
                 yield connectionAPIController.createSAMLConnection(connection);
             }
-            console.log(`loaded connection for tenant "${connection.tenant}" and product "${connection.product}"`);
+            console.info(`loaded connection for tenant "${connection.tenant}" and product "${connection.product}"`);
         }
     }
     const type = opts.db.engine === 'sql' && opts.db.type ? ' Type: ' + opts.db.type : '';
-    console.log(`Using engine: ${opts.db.engine}.${type}`);
+    console.info(`Using engine: ${opts.db.engine}.${type}`);
     return {
         spConfig,
         apiController: connectionAPIController,

package/dist/loadConnection.js

@@ -36,6 +36,7 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const url = __importStar(require("url"));
 const loadConnection = (preLoadedConnection) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a;
     if (preLoadedConnection.startsWith('./')) {
         preLoadedConnection = path.resolve(process.cwd(), preLoadedConnection);
     }
@@ -49,7 +50,7 @@ const loadConnection = (preLoadedConnection) => __awaiter(void 0, void 0, void 0
         if (file.endsWith('.js')) {
             const filePath = path.join(preLoadedConnection, file);
             const fileUrl = preLoadedConnection.startsWith('/') ? filePath : url.pathToFileURL(filePath).toString();
-            const { default: connection, } = yield Promise.resolve().then(() => __importStar(require(/* webpackIgnore: true */ fileUrl)));
+            const { default: connection, } = yield (_a = fileUrl, Promise.resolve().then(() => __importStar(require(_a))));
             if (!('oidcDiscoveryUrl' in connection)) {
                 const rawMetadata = yield fs.promises.readFile(path.join(preLoadedConnection, path.parse(file).name + '.xml'), 'utf8');
                 connection.encodedRawMetadata = Buffer.from(rawMetadata, 'utf8').toString('base64');

package/dist/saml/x509.d.ts

@@ -1,7 +1,13 @@
-declare const _default: {
-    generate: () => {
-        publicKey: any;
-        privateKey: any;
-    };
+import type { Storable } from '../typings';
+export declare const init: (store: Storable) => Promise<{
+    publicKey: string;
+    privateKey: string;
+}>;
+export declare const generateCertificate: () => {
+    publicKey: any;
+    privateKey: any;
 };
-export default _default;
+export declare const getDefaultCertificate: () => Promise<{
+    publicKey: string;
+    privateKey: string;
+}>;

package/dist/saml/x509.js

@@ -22,17 +22,38 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDefaultCertificate = exports.generateCertificate = exports.init = void 0;
 const forge = __importStar(require("node-forge"));
+const crypto_1 = __importDefault(require("crypto"));
 const pki = forge.pki;
-const generate = () => {
+let certificateStore;
+let cachedCertificate;
+const init = (store) => __awaiter(void 0, void 0, void 0, function* () {
+    certificateStore = store;
+    return yield (0, exports.getDefaultCertificate)();
+});
+exports.init = init;
+const generateCertificate = () => {
     const today = new Date();
     const keys = pki.rsa.generateKeyPair(2048);
     const cert = pki.createCertificate();
     cert.publicKey = keys.publicKey;
     cert.serialNumber = '01';
     cert.validity.notBefore = new Date();
-    cert.validity.notAfter = new Date(today.setFullYear(today.getFullYear() + 10));
+    cert.validity.notAfter = new Date(today.setFullYear(today.getFullYear() + 30));
     const attrs = [
         {
             name: 'commonName',
@@ -62,6 +83,26 @@ const generate = () => {
         privateKey: pki.privateKeyToPem(keys.privateKey),
     };
 };
-exports.default = {
-    generate,
-};
+exports.generateCertificate = generateCertificate;
+const getDefaultCertificate = () => __awaiter(void 0, void 0, void 0, function* () {
+    if (cachedCertificate && !(yield isCertificateExpired(cachedCertificate.publicKey))) {
+        return cachedCertificate;
+    }
+    if (!certificateStore) {
+        throw new Error('Certificate store not initialized');
+    }
+    cachedCertificate = yield certificateStore.get('default');
+    // If certificate is expired let it drop through so it creates a new cert
+    if (cachedCertificate && !(yield isCertificateExpired(cachedCertificate.publicKey))) {
+        return cachedCertificate;
+    }
+    // If default certificate is not found or has expired, create one and store it.
+    cachedCertificate = (0, exports.generateCertificate)();
+    yield certificateStore.put('default', cachedCertificate);
+    return cachedCertificate;
+});
+exports.getDefaultCertificate = getDefaultCertificate;
+const isCertificateExpired = (publicKey) => __awaiter(void 0, void 0, void 0, function* () {
+    const { validTo } = new crypto_1.default.X509Certificate(publicKey);
+    return !(validTo != 'Bad time value' && new Date(validTo) > new Date());
+});

package/dist/typings.d.ts

@@ -13,10 +13,12 @@ export interface SAMLSSOConnection extends SSOConnection {
 export interface SAMLSSOConnectionWithRawMetadata extends SAMLSSOConnection {
     rawMetadata: string;
     encodedRawMetadata?: never;
+    metadataUrl?: string;
 }
 export interface SAMLSSOConnectionWithEncodedMetadata extends SAMLSSOConnection {
     rawMetadata?: never;
     encodedRawMetadata: string;
+    metadataUrl?: string;
 }
 export interface OIDCSSOConnection extends SSOConnection {
     oidcDiscoveryUrl: string;
@@ -26,6 +28,7 @@ export interface OIDCSSOConnection extends SSOConnection {
 export interface SAMLSSORecord extends SAMLSSOConnection {
     clientID: string;
     clientSecret: string;
+    metadataUrl?: string;
     idpMetadata: {
         entityID: string;
         loginType?: string;
@@ -41,10 +44,6 @@ export interface SAMLSSORecord extends SAMLSSOConnection {
         thumbprint?: string;
         validTo?: string;
     };
-    certs: {
-        privateKey: string;
-        publicKey: string;
-    };
 }
 export interface OIDCSSORecord extends SSOConnection {
     clientID: string;
@@ -56,21 +55,21 @@ export interface OIDCSSORecord extends SSOConnection {
         clientSecret?: string;
     };
 }
-export declare type ConnectionType = 'saml' | 'oidc';
-declare type ClientIDQuery = {
+export type ConnectionType = 'saml' | 'oidc';
+type ClientIDQuery = {
     clientID: string;
 };
-declare type TenantQuery = {
+type TenantQuery = {
     tenant: string;
     product: string;
     strategy?: ConnectionType;
 };
-export declare type GetConnectionsQuery = ClientIDQuery | TenantQuery;
-export declare type DelConnectionsQuery = (ClientIDQuery & {
+export type GetConnectionsQuery = ClientIDQuery | TenantQuery;
+export type DelConnectionsQuery = (ClientIDQuery & {
     clientSecret: string;
 }) | TenantQuery;
-export declare type GetConfigQuery = ClientIDQuery | Omit<TenantQuery, 'strategy'>;
-export declare type DelConfigQuery = (ClientIDQuery & {
+export type GetConfigQuery = ClientIDQuery | Omit<TenantQuery, 'strategy'>;
+export type DelConfigQuery = (ClientIDQuery & {
     clientSecret: string;
 }) | Omit<TenantQuery, 'strategy'>;
 export interface IConnectionAPIController {
@@ -181,7 +180,7 @@ export interface OAuthReqBodyWithResource extends OAuthReqBody {
     client_id: 'dummy';
     resource: string;
 }
-export declare type OAuthReq = OAuthReqBodyWithClientId | OAuthReqBodyWithTenantProduct | OAuthReqBodyWithAccessType | OAuthReqBodyWithResource;
+export type OAuthReq = OAuthReqBodyWithClientId | OAuthReqBodyWithTenantProduct | OAuthReqBodyWithAccessType | OAuthReqBodyWithResource;
 export interface SAMLResponsePayload {
     SAMLResponse: string;
     RelayState: string;
@@ -199,7 +198,7 @@ interface OIDCAuthzResponseError {
     error: OAuthErrorHandlerParams['error'] | OIDCErrorCodes;
     error_description?: string;
 }
-export declare type OIDCAuthzResponsePayload = OIDCAuthzResponseSuccess | OIDCAuthzResponseError;
+export type OIDCAuthzResponsePayload = OIDCAuthzResponseSuccess | OIDCAuthzResponseError;
 interface OAuthTokenReqBody {
     code: string;
     grant_type: 'authorization_code';
@@ -215,7 +214,7 @@ export interface OAuthTokenReqWithCredentials extends OAuthTokenReqBody {
     client_id: string;
     client_secret: string;
 }
-export declare type OAuthTokenReq = OAuthTokenReqWithCodeVerifier | OAuthTokenReqWithCredentials;
+export type OAuthTokenReq = OAuthTokenReqWithCodeVerifier | OAuthTokenReqWithCredentials;
 export interface OAuthTokenRes {
     access_token: string;
     id_token?: string;
@@ -224,6 +223,7 @@ export interface OAuthTokenRes {
 }
 export interface Profile {
     id: string;
+    idHash: string;
     sub?: string;
     email: string;
     firstName: string;
@@ -259,9 +259,9 @@ export interface Encrypted {
     tag?: string;
     value: string;
 }
-export declare type EncryptionKey = any;
-export declare type DatabaseEngine = 'redis' | 'sql' | 'mongo' | 'mem' | 'planetscale';
-export declare type DatabaseType = 'postgres' | 'mysql' | 'mariadb';
+export type EncryptionKey = any;
+export type DatabaseEngine = 'redis' | 'sql' | 'mongo' | 'mem' | 'planetscale';
+export type DatabaseType = 'postgres' | 'mysql' | 'mariadb' | 'mssql';
 export interface DatabaseOption {
     engine?: DatabaseEngine;
     url?: string;
@@ -314,10 +314,6 @@ interface Metadata {
 }
 export interface SAMLConnection {
     idpMetadata: Metadata;
-    certs: {
-        privateKey: string;
-        publicKey: string;
-    };
     defaultRedirectUrl: string;
 }
 export interface OAuthErrorHandlerParams {
@@ -326,20 +322,21 @@ export interface OAuthErrorHandlerParams {
     redirect_uri: string;
     state?: string;
 }
-export declare type OIDCErrorCodes = 'interaction_required' | 'login_required' | 'account_selection_required' | 'consent_required' | 'invalid_request_uri' | 'invalid_request_object' | 'request_not_supported' | 'request_uri_not_supported' | 'registration_not_supported';
+export type OIDCErrorCodes = 'interaction_required' | 'login_required' | 'account_selection_required' | 'consent_required' | 'invalid_request_uri' | 'invalid_request_object' | 'request_not_supported' | 'request_uri_not_supported' | 'registration_not_supported';
 export interface ISPSAMLConfig {
-    get(): {
+    get(): Promise<{
         acsUrl: string;
         entityId: string;
         response: string;
         assertionSignature: string;
         signatureAlgorithm: string;
-        assertionEncryption: string;
-    };
+        publicKey: string;
+        publicKeyString: string;
+    }>;
     toMarkdown(): string;
     toHTML(): string;
 }
-export declare type DirectorySyncEventType = 'user.created' | 'user.updated' | 'user.deleted' | 'group.created' | 'group.updated' | 'group.deleted' | 'group.user_added' | 'group.user_removed';
+export type DirectorySyncEventType = 'user.created' | 'user.updated' | 'user.deleted' | 'group.created' | 'group.updated' | 'group.deleted' | 'group.user_added' | 'group.user_removed';
 export interface Base {
     store(type: 'groups' | 'members' | 'users'): Storable;
     setTenant(tenant: string): this;
@@ -432,7 +429,7 @@ export interface Groups extends Base {
         error: ApiError | null;
     }>;
 }
-export declare type User = {
+export type User = {
     id: string;
     email: string;
     first_name: string;
@@ -440,7 +437,7 @@ export declare type User = {
     active: boolean;
     raw?: any;
 };
-export declare type Group = {
+export type Group = {
     id: string;
     name: string;
     raw?: any;
@@ -452,9 +449,9 @@ export declare enum DirectorySyncProviders {
     'jumpcloud-scim-v2' = "JumpCloud v2.0",
     'generic-scim-v2' = "SCIM Generic v2.0"
 }
-export declare type DirectoryType = keyof typeof DirectorySyncProviders;
-export declare type HTTPMethod = 'POST' | 'PUT' | 'DELETE' | 'GET' | 'PATCH';
-export declare type Directory = {
+export type DirectoryType = keyof typeof DirectorySyncProviders;
+export type HTTPMethod = 'POST' | 'PUT' | 'DELETE' | 'GET' | 'PATCH';
+export type Directory = {
     id: string;
     name: string;
     tenant: string;
@@ -471,7 +468,7 @@ export declare type Directory = {
         secret: string;
     };
 };
-export declare type DirectorySyncGroupMember = {
+export type DirectorySyncGroupMember = {
     value: string;
     email?: string;
 };
@@ -544,7 +541,7 @@ export interface IWebhookEventsLogger extends Base {
     delete(id: string): Promise<void>;
     updateStatus(log: WebhookEventLog, statusCode: number): Promise<WebhookEventLog>;
 }
-export declare type DirectorySyncResponse = {
+export type DirectorySyncResponse = {
     status: number;
     data?: any;
 };
@@ -567,7 +564,7 @@ export interface DirectorySyncRequest {
         filter?: string;
     };
 }
-export declare type DirectorySync = {
+export type DirectorySync = {
     requests: DirectorySyncRequestHandler;
     directories: DirectoryConfig;
     groups: Groups;

package/migration/mssql/1667949639424-mss_Initial.ts

@@ -0,0 +1,26 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+
+export class mssInitial1667949639424 implements MigrationInterface {
+    name = 'mssInitial1667949639424'
+
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`CREATE TABLE "jackson_ttl" ("key" varchar(1500) NOT NULL, "expiresAt" bigint NOT NULL, CONSTRAINT "PK_7c9bcdfb4d82e873e19935ec806" PRIMARY KEY ("key"))`);
+        await queryRunner.query(`CREATE INDEX "_jackson_ttl_expires_at" ON "jackson_ttl" ("expiresAt") `);
+        await queryRunner.query(`CREATE TABLE "jackson_store" ("key" varchar(1500) NOT NULL, "value" text NOT NULL, "iv" varchar(64), "tag" varchar(64), "createdAt" datetime NOT NULL CONSTRAINT "DF_49022ed8c543adefc99ff762200" DEFAULT getdate(), "modifiedAt" datetime, CONSTRAINT "PK_87b6fc1475fbd1228d2f53c6f4a" PRIMARY KEY ("key"))`);
+        await queryRunner.query(`CREATE TABLE "jackson_index" ("id" int NOT NULL IDENTITY(1,1), "key" varchar(1500) NOT NULL, "storeKey" varchar(1500) NOT NULL, CONSTRAINT "PK_a95aa83f01e3c73e126856b7820" PRIMARY KEY ("id"))`);
+        await queryRunner.query(`CREATE INDEX "_jackson_index_key" ON "jackson_index" ("key") `);
+        await queryRunner.query(`CREATE INDEX "_jackson_index_key_store" ON "jackson_index" ("key", "storeKey") `);
+        await queryRunner.query(`ALTER TABLE "jackson_index" ADD CONSTRAINT "FK_937b040fb2592b4671cbde09e83" FOREIGN KEY ("storeKey") REFERENCES "jackson_store"("key") ON DELETE CASCADE ON UPDATE NO ACTION`);
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`ALTER TABLE "jackson_index" DROP CONSTRAINT "FK_937b040fb2592b4671cbde09e83"`);
+        await queryRunner.query(`DROP INDEX "_jackson_index_key_store" ON "jackson_index"`);
+        await queryRunner.query(`DROP INDEX "_jackson_index_key" ON "jackson_index"`);
+        await queryRunner.query(`DROP TABLE "jackson_index"`);
+        await queryRunner.query(`DROP TABLE "jackson_store"`);
+        await queryRunner.query(`DROP INDEX "_jackson_ttl_expires_at" ON "jackson_ttl"`);
+        await queryRunner.query(`DROP TABLE "jackson_ttl"`);
+    }
+
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@boxyhq/saml-jackson",
-  "version": "1.3.5",
+  "version": "1.3.7",
   "description": "SAML Jackson library",
   "keywords": [
     "SAML 2.0"
@@ -22,10 +22,12 @@
     "db:migration:generate:mysql": "cross-env DB_TYPE=mysql DB_URL=mysql://root:mysql@localhost:3307/mysql ts-node --transpile-only ./node_modules/typeorm/cli.js migration:generate -d typeorm.ts migration/mysql/ms_${MIGRATION_NAME}",
     "db:migration:generate:planetscale": "cross-env DB_ENGINE=planetscale DB_URL=mysql://root:mysql@localhost:3307/mysql ts-node --transpile-only ./node_modules/typeorm/cli.js migration:generate -d typeorm.ts migration/mysql/ms_${MIGRATION_NAME}",
     "db:migration:generate:mariadb": "cross-env DB_TYPE=mariadb DB_URL=mariadb://root@localhost:3306/mysql ts-node --transpile-only ./node_modules/typeorm/cli.js migration:generate -d typeorm.ts migration/mariadb/md_${MIGRATION_NAME}",
+    "db:migration:generate:mssql": "cross-env DB_TYPE=mssql DB_URL='sqlserver://localhost:1433;database=master;username=sa;password=123ABabc!' ts-node --transpile-only ./node_modules/typeorm/cli.js migration:generate -d typeorm.ts migration/mssql/mss_${MIGRATION_NAME}",
     "db:migration:run:postgres": "ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run -d typeorm.ts",
     "db:migration:run:mysql": "cross-env DB_TYPE=mysql DB_URL=mysql://root:mysql@localhost:3307/mysql ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run -d typeorm.ts",
     "db:migration:run:planetscale": "cross-env DB_SSL=true DB_ENGINE=planetscale DB_URL=${PLANETSCALE_URL} ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run -d typeorm.ts",
     "db:migration:run:mariadb": "cross-env DB_TYPE=mariadb DB_URL=mariadb://root@localhost:3306/mysql ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run -d typeorm.ts",
+    "db:migration:run:mssql": "cross-env DB_TYPE=mssql DB_URL='sqlserver://localhost:1433;database=master;username=sa;password=123ABabc!' ts-node --transpile-only ./node_modules/typeorm/cli.js migration:run -d typeorm.ts",
     "prepublishOnly": "npm run build",
     "test": "tap --ts --timeout=100 --coverage-map=map.js test/**/*.test.ts",
     "sort": "npx sort-package-json"
@@ -38,18 +40,19 @@
     "statements": 70
   },
   "dependencies": {
-    "@boxyhq/saml20": "1.0.11",
+    "@boxyhq/saml20": "1.0.14",
     "@opentelemetry/api": "1.0.4",
     "@opentelemetry/api-metrics": "0.27.0",
     "axios": "1.1.3",
-    "jose": "4.10.4",
-    "marked": "4.2.2",
+    "jose": "4.11.0",
+    "marked": "4.2.3",
     "mongodb": "4.11.0",
+    "mssql": "9.0.1",
     "mysql2": "2.3.3",
-    "openid-client": "5.2.1",
     "node-forge": "1.3.1",
+    "openid-client": "5.3.0",
     "pg": "8.8.0",
-    "redis": "4.4.0",
+    "redis": "4.5.0",
     "reflect-metadata": "0.1.13",
     "ripemd160": "2.0.2",
     "typeorm": "0.3.10",
@@ -61,17 +64,17 @@
     "@types/node": "18.11.9",
     "@types/sinon": "10.0.13",
     "@types/tap": "15.0.7",
-    "@typescript-eslint/eslint-plugin": "5.42.0",
-    "@typescript-eslint/parser": "5.42.0",
+    "@typescript-eslint/eslint-plugin": "5.43.0",
+    "@typescript-eslint/parser": "5.42.1",
     "cross-env": "7.0.3",
-    "eslint": "8.27.0",
+    "eslint": "8.28.0",
     "eslint-config-prettier": "8.5.0",
     "prettier": "2.7.1",
-    "sinon": "14.0.1",
+    "sinon": "14.0.2",
     "tap": "16.3.0",
     "ts-node": "10.9.1",
     "tsconfig-paths": "4.1.0",
-    "typescript": "4.8.4"
+    "typescript": "4.9.3"
   },
   "engines": {
     "node": ">=14.18.1 <=18.x"