@builder6/oidc-provider 0.15.0

package/README.md

@@ -0,0 +1,30 @@
+# Builder6 OIDC Provider
+
+
+## Environment Variables
+
+```shell
+B6_OIDC_PROVIDER_CLIENT_ID=test
+B6_OIDC_PROVIDER_CLIENT_SECRET=secret
+B6_OIDC_PROVIDER_REDIRECT_URIS=http://localhost:5100
+```
+
+## OpenID Configuration URI
+
+```shell
+http://localhost:5100/api/v6/idp/common/.well-known/openid-configuration
+```
+
+## Debug OIDC Provider
+
+https://oidcdebugger.com/
+
+Auth URL: http://localhost:5100/api/v6/idp/common/auth
+
+with environment variables: 
+
+```shell
+B6_OIDC_PROVIDER_CLIENT_ID=test
+B6_OIDC_PROVIDER_CLIENT_SECRET=secret
+B6_OIDC_PROVIDER_REDIRECT_URIS=https://oidcdebugger.com/debug
+```

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from './oidc-provider/oidc-provider.module';
+export * from './oidc-provider/oidc-provider.service';

package/dist/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./oidc-provider/oidc-provider.module"), exports);
+__exportStar(require("./oidc-provider/oidc-provider.service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uEAAqD;AACrD,wEAAsD"}

package/dist/oidc-provider/oidc-provider.controller.d.ts

@@ -0,0 +1,14 @@
+import { Request, Response } from 'express';
+import { OidcProviderService } from './oidc-provider.service';
+import { AuthService } from '@builder6/core';
+export declare class OidcProviderController {
+    private readonly oidcService;
+    private readonly authService;
+    private engine;
+    constructor(oidcService: OidcProviderService, authService: AuthService);
+    showInteraction(uid: string, req: Request, res: Response): Promise<Response<any, Record<string, any>>>;
+    loginSubmit(uid: string, username: string, password: string, req: Request, res: Response): Promise<any>;
+    consentSubmit(uid: string, grantDecision: string, req: Request, res: Response): Promise<any>;
+    consentSubmitAbort(uid: string, grantDecision: string, req: Request, res: Response): Promise<void>;
+    mountedOidc(req: Request, res: Response): void;
+}

package/dist/oidc-provider/oidc-provider.controller.js

@@ -0,0 +1,213 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OidcProviderController = void 0;
+const common_1 = require("@nestjs/common");
+const oidc_provider_service_1 = require("./oidc-provider.service");
+const node_assert_1 = require("node:assert");
+const core_1 = require("@builder6/core");
+const liquidjs_1 = require("liquidjs");
+const path_1 = __importDefault(require("path"));
+let OidcProviderController = class OidcProviderController {
+    constructor(oidcService, authService) {
+        this.oidcService = oidcService;
+        this.authService = authService;
+        this.engine = new liquidjs_1.Liquid({
+            root: path_1.default.resolve(__dirname, '../../views'),
+            extname: '.liquid',
+        });
+    }
+    async showInteraction(uid, req, res) {
+        const interaction = await this.oidcService.provider.interactionDetails(req, res);
+        const { prompt, params } = interaction;
+        if (prompt.name === 'login') {
+            const data = { uid, params };
+            const rendered = await this.engine.renderFile('login', data);
+            res.status(200).send(rendered);
+        }
+        else if (prompt.name === 'consent') {
+            return res.send(`
+        <html>
+          <body>
+            <h1>授权请求</h1>
+            <p>客户端 <strong>${params.client_id}</strong> 正在请求访问您的资源：</p>
+            <p><strong>请求的范围(scope)</strong>: ${params.scope || '（无）'}</p>
+            <p>是否授权该客户端访问上述权限？</p>
+            <form method="POST" action="/api/v6/idp/common/interaction/${uid}/confirm">
+              <button name="grant" value="yes" type="submit">同意</button>
+            </form>
+            <form method="POST" action="/api/v6/idp/common/interaction/${uid}/abort">
+              <button name="grant" value="no" type="submit">拒绝</button>
+            </form>
+          </body>
+        </html>
+      `);
+        }
+        else {
+            return res.status(400).send('未知的交互请求');
+        }
+    }
+    async loginSubmit(uid, username, password, req, res) {
+        const accountId = await this.oidcService.validateUser(username, password);
+        if (!accountId) {
+            return res.redirect(`/api/v6/idp/common/interaction/${uid}`);
+        }
+        const interactionDetails = await this.oidcService.provider.interactionDetails(req, res);
+        const { params } = interactionDetails;
+        const grant = new this.oidcService.provider.Grant({
+            accountId,
+            clientId: params.client_id,
+        });
+        grant.addOIDCScope('openid email profile');
+        const grantId = await grant.save();
+        const result = {
+            login: { accountId },
+            consent: {
+                grantId,
+            },
+        };
+        return this.oidcService.provider.interactionFinished(req, res, result, {
+            mergeWithLastSubmission: false,
+        });
+    }
+    async consentSubmit(uid, grantDecision, req, res) {
+        try {
+            const interactionDetails = await this.oidcService.provider.interactionDetails(req, res);
+            const { prompt: { name, details }, params, session: { accountId }, } = interactionDetails;
+            node_assert_1.strict.equal(name, 'consent');
+            let { grantId } = interactionDetails;
+            let grant;
+            if (grantId) {
+                grant = await this.oidcService.provider.Grant.find(grantId);
+            }
+            else {
+                grant = new this.oidcService.provider.Grant({
+                    accountId,
+                    clientId: params.client_id,
+                });
+            }
+            if (details.missingOIDCScope) {
+                grant.addOIDCScope(details.missingOIDCScope.join(' '));
+            }
+            if (details.missingOIDCClaims) {
+                grant.addOIDCClaims(details.missingOIDCClaims);
+            }
+            if (details.missingResourceScopes) {
+                for (const [indicator, scopes] of Object.entries(details.missingResourceScopes)) {
+                    grant.addResourceScope(indicator, scopes.join(' '));
+                }
+            }
+            grantId = await grant.save();
+            const consent = {};
+            if (!interactionDetails.grantId) {
+                consent.grantId = grantId;
+            }
+            const result = { consent };
+            return await this.oidcService.provider.interactionFinished(req, res, result, {
+                mergeWithLastSubmission: true,
+            });
+        }
+        catch (err) {
+            console.error(err);
+            res.status(500).send('OIDC Server Error');
+        }
+    }
+    async consentSubmitAbort(uid, grantDecision, req, res) {
+        try {
+            const result = {
+                error: 'access_denied',
+                error_description: 'End-User aborted interaction',
+            };
+            await this.oidcService.provider.interactionFinished(req, res, result, {
+                mergeWithLastSubmission: false,
+            });
+        }
+        catch (err) {
+            console.error(err);
+            res.status(500).send('OIDC Server Error');
+        }
+    }
+    mountedOidc(req, res) {
+        req.url = req.originalUrl.replace('/api/v6/idp/common', '');
+        const callback = this.oidcService.getCallback();
+        if (!callback) {
+            res.status(404).send('Not Found');
+        }
+        try {
+            this.oidcService.getCallback()(req, res);
+        }
+        catch (err) {
+            console.error(err);
+            res.status(500).send('OIDC Server Error');
+        }
+    }
+};
+exports.OidcProviderController = OidcProviderController;
+__decorate([
+    (0, common_1.Get)('interaction/:uid'),
+    __param(0, (0, common_1.Param)('uid')),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object, Object]),
+    __metadata("design:returntype", Promise)
+], OidcProviderController.prototype, "showInteraction", null);
+__decorate([
+    (0, common_1.Post)('interaction/:uid/login'),
+    __param(0, (0, common_1.Param)('uid')),
+    __param(1, (0, common_1.Body)('username')),
+    __param(2, (0, common_1.Body)('password')),
+    __param(3, (0, common_1.Req)()),
+    __param(4, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, String, String, Object, Object]),
+    __metadata("design:returntype", Promise)
+], OidcProviderController.prototype, "loginSubmit", null);
+__decorate([
+    (0, common_1.Post)('interaction/:uid/confirm'),
+    __param(0, (0, common_1.Param)('uid')),
+    __param(1, (0, common_1.Body)('grant')),
+    __param(2, (0, common_1.Req)()),
+    __param(3, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, String, Object, Object]),
+    __metadata("design:returntype", Promise)
+], OidcProviderController.prototype, "consentSubmit", null);
+__decorate([
+    (0, common_1.Post)('interaction/:uid/abort'),
+    __param(0, (0, common_1.Param)('uid')),
+    __param(1, (0, common_1.Body)('grant')),
+    __param(2, (0, common_1.Req)()),
+    __param(3, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, String, Object, Object]),
+    __metadata("design:returntype", Promise)
+], OidcProviderController.prototype, "consentSubmitAbort", null);
+__decorate([
+    (0, common_1.All)('/*idp'),
+    __param(0, (0, common_1.Req)()),
+    __param(1, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", void 0)
+], OidcProviderController.prototype, "mountedOidc", null);
+exports.OidcProviderController = OidcProviderController = __decorate([
+    (0, common_1.Controller)('api/v6/idp/common'),
+    __metadata("design:paramtypes", [oidc_provider_service_1.OidcProviderService,
+        core_1.AuthService])
+], OidcProviderController);
+//# sourceMappingURL=oidc-provider.controller.js.map

package/dist/oidc-provider/oidc-provider.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-provider.controller.js","sourceRoot":"","sources":["../../src/oidc-provider/oidc-provider.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,2CASwB;AAExB,mEAA8D;AAC9D,6CAA+C;AAC/C,yCAA6C;AAC7C,uCAAkC;AAClC,gDAAwB;AAGjB,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IAGjC,YACmB,WAAgC,EAChC,WAAwB;QADxB,gBAAW,GAAX,WAAW,CAAqB;QAChC,gBAAW,GAAX,WAAW,CAAa;QAEzC,IAAI,CAAC,MAAM,GAAG,IAAI,iBAAM,CAAC;YACvB,IAAI,EAAE,cAAI,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC;YAC5C,OAAO,EAAE,SAAS;SACnB,CAAC,CAAC;IACL,CAAC;IAIK,AAAN,KAAK,CAAC,eAAe,CACL,GAAW,EAClB,GAAY,EACZ,GAAa;QAoBpB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CACpE,GAAG,EACH,GAAG,CACJ,CAAC;QACF,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC;QAEvC,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAG5B,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAcjC,CAAC;aAAM,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAErC,OAAO,GAAG,CAAC,IAAI,CAAC;;;;6BAIO,MAAM,CAAC,SAAS;gDACG,MAAM,CAAC,KAAK,IAAI,KAAK;;yEAEI,GAAG;;;yEAGH,GAAG;;;;;OAKrE,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YAEN,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAIK,AAAN,KAAK,CAAC,WAAW,CACD,GAAW,EACP,QAAgB,EAChB,QAAgB,EAC3B,GAAY,EACZ,GAAa;QAGpB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC1E,IAAI,CAAC,SAAS,EAAE,CAAC;YAEf,OAAO,GAAG,CAAC,QAAQ,CAAC,kCAAkC,GAAG,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC/D,MAAM,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAAC;QAGtC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC;YAChD,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,SAAS;SAC3B,CAAC,CAAC;QACH,KAAK,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAC;QAE3C,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;QAEnC,MAAM,MAAM,GAAG;YACb,KAAK,EAAE,EAAE,SAAS,EAAE;YACpB,OAAO,EAAE;gBACP,OAAO;aACR;SACF,CAAC;QACF,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE;YACrE,uBAAuB,EAAE,KAAK;SAC/B,CAAC,CAAC;IACL,CAAC;IAIK,AAAN,KAAK,CAAC,aAAa,CACH,GAAW,EACV,aAAqB,EAC7B,GAAY,EACZ,GAAa;QAEpB,IAAI,CAAC;YAEH,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC/D,MAAM,EACJ,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EACzB,MAAM,EACN,OAAO,EAAE,EAAE,SAAS,EAAE,GACvB,GAAG,kBAAkB,CAAC;YACvB,oBAAM,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAE9B,IAAI,EAAE,OAAO,EAAE,GAAG,kBAAkB,CAAC;YACrC,IAAI,KAAK,CAAC;YAEV,IAAI,OAAO,EAAE,CAAC;gBAEZ,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9D,CAAC;iBAAM,CAAC;gBAEN,KAAK,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAC1C,SAAS;oBACT,QAAQ,EAAE,MAAM,CAAC,SAAS;iBAC3B,CAAC,CAAC;YACL,CAAC;YAED,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;gBAC7B,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACzD,CAAC;YACD,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;gBAC9B,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;YACjD,CAAC;YACD,IAAI,OAAO,CAAC,qBAAqB,EAAE,CAAC;gBAClC,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAC9C,OAAO,CAAC,qBAAqB,CAC9B,EAAE,CAAC;oBACF,KAAK,CAAC,gBAAgB,CAAC,SAAS,EAAG,MAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;YAED,OAAO,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;YAE7B,MAAM,OAAO,GAAG,EAAS,CAAC;YAC1B,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBAEhC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;YAC5B,CAAC;YAED,MAAM,MAAM,GAAG,EAAE,OAAO,EAAE,CAAC;YAC3B,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,mBAAmB,CACxD,GAAG,EACH,GAAG,EACH,MAAM,EACN;gBACE,uBAAuB,EAAE,IAAI;aAC9B,CACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAIK,AAAN,KAAK,CAAC,kBAAkB,CACR,GAAW,EACV,aAAqB,EAC7B,GAAY,EACZ,GAAa;QAEpB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG;gBACb,KAAK,EAAE,eAAe;gBACtB,iBAAiB,EAAE,8BAA8B;aAClD,CAAC;YACF,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,mBAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE;gBACpE,uBAAuB,EAAE,KAAK;aAC/B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAGM,WAAW,CAAQ,GAAY,EAAS,GAAa;QAC1D,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;QAChD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,CAAC;YACH,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;CACF,CAAA;AAzOY,wDAAsB;AAe3B;IADL,IAAA,YAAG,EAAC,kBAAkB,CAAC;IAErB,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;IACZ,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,GAAE,CAAA;;;;6DAmEP;AAIK;IADL,IAAA,aAAI,EAAC,wBAAwB,CAAC;IAE5B,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;IACZ,WAAA,IAAA,aAAI,EAAC,UAAU,CAAC,CAAA;IAChB,WAAA,IAAA,aAAI,EAAC,UAAU,CAAC,CAAA;IAChB,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,GAAE,CAAA;;;;yDA+BP;AAIK;IADL,IAAA,aAAI,EAAC,0BAA0B,CAAC;IAE9B,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;IACZ,WAAA,IAAA,aAAI,EAAC,OAAO,CAAC,CAAA;IACb,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,GAAE,CAAA;;;;2DA8DP;AAIK;IADL,IAAA,aAAI,EAAC,wBAAwB,CAAC;IAE5B,WAAA,IAAA,cAAK,EAAC,KAAK,CAAC,CAAA;IACZ,WAAA,IAAA,aAAI,EAAC,OAAO,CAAC,CAAA;IACb,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,GAAE,CAAA;;;;gEAcP;AAGM;IADN,IAAA,YAAG,EAAC,OAAO,CAAC;IACO,WAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,WAAA,IAAA,YAAG,GAAE,CAAA;;;;yDAY7C;iCAxOU,sBAAsB;IADlC,IAAA,mBAAU,EAAC,mBAAmB,CAAC;qCAKE,2CAAmB;QACnB,kBAAW;GALhC,sBAAsB,CAyOlC"}

package/dist/oidc-provider/oidc-provider.controller.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/oidc-provider/oidc-provider.controller.spec.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const testing_1 = require("@nestjs/testing");
+const oidc_provider_controller_1 = require("./oidc-provider.controller");
+describe('OidcProviderController', () => {
+    let controller;
+    beforeEach(async () => {
+        const module = await testing_1.Test.createTestingModule({
+            controllers: [oidc_provider_controller_1.OidcProviderController],
+        }).compile();
+        controller = module.get(oidc_provider_controller_1.OidcProviderController);
+    });
+    it('should be defined', () => {
+        expect(controller).toBeDefined();
+    });
+});
+//# sourceMappingURL=oidc-provider.controller.spec.js.map

package/dist/oidc-provider/oidc-provider.controller.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-provider.controller.spec.js","sourceRoot":"","sources":["../../src/oidc-provider/oidc-provider.controller.spec.ts"],"names":[],"mappings":";;AAAA,6CAAsD;AACtD,yEAAoE;AAEpE,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,IAAI,UAAkC,CAAC;IAEvC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,MAAM,GAAkB,MAAM,cAAI,CAAC,mBAAmB,CAAC;YAC3D,WAAW,EAAE,CAAC,iDAAsB,CAAC;SACtC,CAAC,CAAC,OAAO,EAAE,CAAC;QAEb,UAAU,GAAG,MAAM,CAAC,GAAG,CAAyB,iDAAsB,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/oidc-provider/oidc-provider.module.d.ts

@@ -0,0 +1,2 @@
+export declare class OidcProviderModule {
+}

package/dist/oidc-provider/oidc-provider.module.js

@@ -0,0 +1,25 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OidcProviderModule = void 0;
+const common_1 = require("@nestjs/common");
+const oidc_provider_service_1 = require("./oidc-provider.service");
+const oidc_provider_controller_1 = require("./oidc-provider.controller");
+const core_1 = require("@builder6/core");
+let OidcProviderModule = class OidcProviderModule {
+};
+exports.OidcProviderModule = OidcProviderModule;
+exports.OidcProviderModule = OidcProviderModule = __decorate([
+    (0, common_1.Module)({
+        imports: [core_1.AuthModule, core_1.MongodbModule],
+        providers: [oidc_provider_service_1.OidcProviderService],
+        controllers: [oidc_provider_controller_1.OidcProviderController],
+        exports: [oidc_provider_service_1.OidcProviderService],
+    })
+], OidcProviderModule);
+//# sourceMappingURL=oidc-provider.module.js.map

package/dist/oidc-provider/oidc-provider.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-provider.module.js","sourceRoot":"","sources":["../../src/oidc-provider/oidc-provider.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwC;AACxC,mEAA8D;AAC9D,yEAAoE;AACpE,yCAA2D;AAQpD,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;CAAG,CAAA;AAArB,gDAAkB;6BAAlB,kBAAkB;IAN9B,IAAA,eAAM,EAAC;QACN,OAAO,EAAE,CAAC,iBAAU,EAAE,oBAAa,CAAC;QACpC,SAAS,EAAE,CAAC,2CAAmB,CAAC;QAChC,WAAW,EAAE,CAAC,iDAAsB,CAAC;QACrC,OAAO,EAAE,CAAC,2CAAmB,CAAC;KAC/B,CAAC;GACW,kBAAkB,CAAG"}

package/dist/oidc-provider/oidc-provider.service.d.ts

@@ -0,0 +1,25 @@
+import { AuthService, MongodbService } from '@builder6/core';
+import { ConfigService } from '@nestjs/config';
+import { Provider } from 'oidc-provider';
+import type { KoaContextWithOIDC } from 'oidc-provider';
+export declare class OidcProviderService {
+    private configService;
+    private readonly authService;
+    private mongodbService;
+    provider: Provider;
+    private readonly logger;
+    constructor(configService: ConfigService, authService: AuthService, mongodbService: MongodbService);
+    validateUser(username: string, password: string, space_id?: string): Promise<string | null>;
+    findAccount(ctx: KoaContextWithOIDC, id: string): Promise<{
+        accountId: string;
+        claims: () => {
+            sub: any;
+            space: any;
+            username: any;
+            email: any;
+            mobile: any;
+            name: any;
+        };
+    }>;
+    getCallback(): any;
+}

package/dist/oidc-provider/oidc-provider.service.js

@@ -0,0 +1,123 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var OidcProviderService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OidcProviderService = void 0;
+const core_1 = require("@builder6/core");
+const common_1 = require("@nestjs/common");
+const config_1 = require("@nestjs/config");
+const oidc_provider_1 = require("oidc-provider");
+const bcrypt_1 = __importDefault(require("bcrypt"));
+const crypto_1 = __importDefault(require("crypto"));
+let OidcProviderService = OidcProviderService_1 = class OidcProviderService {
+    constructor(configService, authService, mongodbService) {
+        this.configService = configService;
+        this.authService = authService;
+        this.mongodbService = mongodbService;
+        this.logger = new common_1.Logger(OidcProviderService_1.name);
+        const rootUrl = this.configService.get('root.url');
+        const clientId = this.configService.get('oidc.provider.client.id');
+        const clientSecret = this.configService.get('oidc.provider.client.secret');
+        const redirectUris = this.configService
+            .get('oidc.provider.redirect.uris')
+            ?.split(',');
+        if (!clientId || !clientSecret) {
+            return;
+        }
+        const oidcConfig = {
+            clients: [
+                {
+                    client_id: clientId,
+                    client_secret: clientSecret,
+                    redirect_uris: [...redirectUris],
+                    response_types: ['code'],
+                    grant_types: ['authorization_code'],
+                },
+            ],
+            features: {
+                revocation: { enabled: true },
+                introspection: { enabled: true },
+                registration: { enabled: false },
+                devInteractions: { enabled: false },
+            },
+            pkce: {
+                required: () => false,
+            },
+            clientBasedCORS: (ctx, origin, client) => {
+                return true;
+            },
+            interactions: {
+                url(ctx, interaction) {
+                    return `/api/v6/idp/common/interaction/${interaction.uid}`;
+                },
+            },
+            findAccount: this.findAccount.bind(this),
+        };
+        this.provider = new oidc_provider_1.Provider(`${rootUrl}/api/v6/idp`, oidcConfig);
+    }
+    async validateUser(username, password, space_id) {
+        if (!space_id) {
+            space_id = await this.authService.getPrimarySpaceId();
+        }
+        const user = (await this.mongodbService.findOne('users', {
+            $or: [
+                { username: { $regex: new RegExp(username, 'i') } },
+                { 'emails.address': { $regex: new RegExp(username, 'i') } },
+                { mobile: { $regex: new RegExp(username, 'i') } },
+            ],
+        }));
+        if (!user) {
+            this.logger.log(`Login failed ${username}, user not found`);
+            return null;
+        }
+        if (password) {
+            const hash = crypto_1.default.createHash('sha256');
+            hash.update(password);
+            const bcryptPassword = hash.digest('hex');
+            const match = await bcrypt_1.default.compare(bcryptPassword, user.services.password.bcrypt);
+            if (!match) {
+                this.logger.log(`Login failed ${username}, Password does not match`);
+                return null;
+            }
+        }
+        return `${space_id}/${user._id}`;
+    }
+    async findAccount(ctx, id) {
+        console.log('findAccount', ctx, id);
+        const { spaceId, userId } = id.split('/');
+        const user = await this.authService.getSpaceUser(userId, spaceId);
+        return {
+            accountId: id,
+            claims: () => ({
+                sub: userId,
+                space: spaceId,
+                username: user.username,
+                email: user.email,
+                mobile: user.mobile,
+                name: user.name,
+            }),
+        };
+    }
+    getCallback() {
+        return this.provider?.callback();
+    }
+};
+exports.OidcProviderService = OidcProviderService;
+exports.OidcProviderService = OidcProviderService = OidcProviderService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [config_1.ConfigService,
+        core_1.AuthService,
+        core_1.MongodbService])
+], OidcProviderService);
+//# sourceMappingURL=oidc-provider.service.js.map

package/dist/oidc-provider/oidc-provider.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-provider.service.js","sourceRoot":"","sources":["../../src/oidc-provider/oidc-provider.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAA6D;AAC7D,2CAAoD;AACpD,2CAA+C;AAC/C,iDAAyC;AAEzC,oDAA4B;AAC5B,oDAA4B;AAGrB,IAAM,mBAAmB,2BAAzB,MAAM,mBAAmB;IAI9B,YACU,aAA4B,EACnB,WAAwB,EACjC,cAA8B;QAF9B,kBAAa,GAAb,aAAa,CAAe;QACnB,gBAAW,GAAX,WAAW,CAAa;QACjC,mBAAc,GAAd,cAAc,CAAgB;QALvB,WAAM,GAAG,IAAI,eAAM,CAAC,qBAAmB,CAAC,IAAI,CAAC,CAAC;QAO7D,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACnE,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3E,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa;aACpC,GAAG,CAAC,6BAA6B,CAAC;YACnC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;QACf,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAkB;YAEhC,OAAO,EAAE;gBACP;oBACE,SAAS,EAAE,QAAQ;oBACnB,aAAa,EAAE,YAAY;oBAC3B,aAAa,EAAE,CAAC,GAAG,YAAY,CAAC;oBAChC,cAAc,EAAE,CAAC,MAAM,CAAC;oBACxB,WAAW,EAAE,CAAC,oBAAoB,CAAC;iBACpC;aACF;YAED,QAAQ,EAAE;gBACR,UAAU,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBAC7B,aAAa,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBAChC,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,eAAe,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;aACpC;YACD,IAAI,EAAE;gBACJ,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK;aACtB;YACD,eAAe,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACvC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,YAAY,EAAE;gBACZ,GAAG,CAAC,GAAG,EAAE,WAAW;oBAElB,OAAO,kCAAkC,WAAW,CAAC,GAAG,EAAE,CAAC;gBAC7D,CAAC;aACF;YAED,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;SAEzC,CAAC;QAGF,IAAI,CAAC,QAAQ,GAAG,IAAI,wBAAQ,CAAC,GAAG,OAAO,aAAa,EAAE,UAAU,CAAC,CAAC;IAGpE,CAAC;IAGD,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,QAAgB,EAChB,QAAiB;QAEjB,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,iBAAiB,EAAE,CAAC;QACxD,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE;YACvD,GAAG,EAAE;gBACH,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,IAAI,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,EAAE;gBACnD,EAAE,gBAAgB,EAAE,EAAE,MAAM,EAAE,IAAI,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,EAAE;gBAC3D,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,IAAI,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,EAAE;aAClD;SACF,CAAC,CAAQ,CAAC;QACX,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,QAAQ,kBAAkB,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACtB,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAE1C,MAAM,KAAK,GAAG,MAAM,gBAAM,CAAC,OAAO,CAChC,cAAc,EACd,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAC9B,CAAC;YACF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,QAAQ,2BAA2B,CAAC,CAAC;gBACrE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,GAAG,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IACnC,CAAC;IAID,KAAK,CAAC,WAAW,CAAC,GAAuB,EAAE,EAAU;QAEnD,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAiBpC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAQ,CAAC;QACjD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAElE,OAAO;YACL,SAAS,EAAE,EAAE;YACb,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACb,GAAG,EAAE,MAAM;gBACX,KAAK,EAAE,OAAO;gBACd,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC;SACH,CAAC;IACJ,CAAC;IAGD,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC;IACnC,CAAC;CACF,CAAA;AA9IY,kDAAmB;8BAAnB,mBAAmB;IAD/B,IAAA,mBAAU,GAAE;qCAMc,sBAAa;QACN,kBAAW;QACjB,qBAAc;GAP7B,mBAAmB,CA8I/B"}

package/dist/oidc-provider/oidc-provider.service.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/oidc-provider/oidc-provider.service.spec.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const testing_1 = require("@nestjs/testing");
+const oidc_provider_service_1 = require("./oidc-provider.service");
+describe('OidcProviderService', () => {
+    let service;
+    beforeEach(async () => {
+        const module = await testing_1.Test.createTestingModule({
+            providers: [oidc_provider_service_1.OidcProviderService],
+        }).compile();
+        service = module.get(oidc_provider_service_1.OidcProviderService);
+    });
+    it('should be defined', () => {
+        expect(service).toBeDefined();
+    });
+});
+//# sourceMappingURL=oidc-provider.service.spec.js.map

package/dist/oidc-provider/oidc-provider.service.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-provider.service.spec.js","sourceRoot":"","sources":["../../src/oidc-provider/oidc-provider.service.spec.ts"],"names":[],"mappings":";;AAAA,6CAAsD;AACtD,mEAA8D;AAE9D,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,IAAI,OAA4B,CAAC;IAEjC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,MAAM,MAAM,GAAkB,MAAM,cAAI,CAAC,mBAAmB,CAAC;YAC3D,SAAS,EAAE,CAAC,2CAAmB,CAAC;SACjC,CAAC,CAAC,OAAO,EAAE,CAAC;QAEb,OAAO,GAAG,MAAM,CAAC,GAAG,CAAsB,2CAAmB,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "@builder6/oidc-provider",
+  "version": "0.15.0",
+  "main": "dist/index.js",
+  "license": "MIT",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "format": "prettier --write \"src/**/*.ts\"",
+    "build": "rimraf dist && tsc",
+    "build:watch": "rimraf dist && tsc --watch"
+  },
+  "dependencies": {
+    "@builder6/core": "0.15.0",
+    "lodash": "^4.17.5",
+    "oidc-provider": "^8.8.1"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "gitHead": "afb054a09554b900d65a2588d27ddf1001639843"
+}