@cheqd/studio 3.0.0-develop.1

package/dist/middleware/auth/user-info-fetcher/api-token.js

@@ -0,0 +1,60 @@
+import { StatusCodes } from 'http-status-codes';
+import { UserInfoHelper } from './base.js';
+import * as dotenv from 'dotenv';
+import { APIKeyService } from '../../../services/admin/api-key.js';
+import { UserService } from '../../../services/api/user.js';
+dotenv.config();
+export class APITokenUserInfoFetcher extends UserInfoHelper {
+    token;
+    oauthProvider;
+    constructor(token, oauthProvider) {
+        super();
+        this.token = token;
+        this.oauthProvider = oauthProvider;
+    }
+    async fetch(request, response) {
+        return this.verifyToken(response);
+    }
+    /**
+     * Verifies the token and sets the user's scopes and customer entity in the global context.
+     *
+     * @param {Response} response - The response object to send the response.
+     * @return {Promise<Response | undefined>} The response object with the appropriate status code and error message, or undefined if successful.
+     */
+    async verifyToken(response) {
+        try {
+            const apiEntity = await APIKeyService.instance.get(this.token);
+            if (!apiEntity) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: API Key not found.`,
+                });
+            }
+            if (apiEntity.revoked) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: API Key is revoked.`,
+                });
+            }
+            const userEntity = await UserService.instance.findOne({ customer: apiEntity.customer });
+            if (!userEntity) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: User not found.`,
+                });
+            }
+            const _resp = await this.oauthProvider.getUserScopes(userEntity.logToId);
+            if (_resp.status !== 200) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: No scopes found for the user: ${userEntity.logToId}`,
+                });
+            }
+            // Set global context
+            this.setScopes(_resp.data, response);
+            return await this.setCustomerEntity(apiEntity.customer.customerId, response);
+        }
+        catch (error) {
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+                error: `Unexpected error: While verifying API key: ${error}`,
+            });
+        }
+    }
+}
+//# sourceMappingURL=api-token.js.map

package/dist/middleware/auth/user-info-fetcher/api-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-token.js","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/api-token.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAyB,MAAM,WAAW,CAAC;AAGlE,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAE5D,MAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,OAAO,uBAAwB,SAAQ,cAAc;IAC1D,KAAK,CAAS;IACN,aAAa,CAAiB;IAEtC,YAAY,KAAa,EAAE,aAA6B;QACvD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,OAAgB,EAAE,QAAkB;QAC/C,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,WAAW,CAAC,QAAkB;QAC1C,IAAI,CAAC;YACJ,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC/D,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,wCAAwC;iBACZ,CAAC,CAAC;YACvC,CAAC;YACD,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,yCAAyC;iBACb,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;YACxF,IAAI,CAAC,UAAU,EAAE,CAAC;gBACjB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,qCAAqC;iBACT,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,UAAU,CAAC,OAAiB,CAAC,CAAC;YACnF,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC1B,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,qDAAqD,UAAU,CAAC,OAAO,EAAE;iBAC7C,CAAC,CAAC;YACvC,CAAC;YACD,qBAAqB;YACrB,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACrC,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,8CAA8C,KAAK,EAAE;aACzB,CAAC,CAAC;QACvC,CAAC;IACF,CAAC;CACD"}

package/dist/middleware/auth/user-info-fetcher/base.d.ts

@@ -0,0 +1,14 @@
+import type { Request, Response } from 'express';
+import type { IOAuthProvider } from '../oauth/abstract.js';
+export interface IUserInfoOptions {
+    [key: string]: any;
+}
+export interface IUserInfoFetcher {
+    fetch(request: Request, response: Response, oauthProvider: IOAuthProvider, options?: IUserInfoOptions): Promise<Response | undefined>;
+}
+export declare class UserInfoHelper {
+    setScopes(scopes: string[], response: Response): void;
+    setCustomerEntity(customerId: string, response: Response): Promise<Response | undefined>;
+    setUserEntity(logToId: string, response: Response): Promise<Response | undefined>;
+}
+//# sourceMappingURL=base.d.ts.map

package/dist/middleware/auth/user-info-fetcher/base.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/base.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAK3D,MAAM,WAAW,gBAAgB;IAChC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAChC,KAAK,CACJ,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,cAAc,EAC7B,OAAO,CAAC,EAAE,gBAAgB,GACxB,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC,CAAC;CACjC;AAED,qBAAa,cAAc;IAC1B,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,QAAQ;IAIxC,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC;IAkBxF,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC;CAWvF"}

package/dist/middleware/auth/user-info-fetcher/base.js

@@ -0,0 +1,38 @@
+import { CustomerService } from '../../../services/api/customer.js';
+import { StatusCodes } from 'http-status-codes';
+import { UserService } from '../../../services/api/user.js';
+export class UserInfoHelper {
+    setScopes(scopes, response) {
+        response.locals.scopes = scopes;
+        return;
+    }
+    async setCustomerEntity(customerId, response) {
+        const customerEntity = await CustomerService.instance.get(customerId);
+        if (!customerEntity) {
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+                error: `Unexpected error: Customer entity for handling such request is not found in internal storage. CustomerId: ${customerId}`,
+            });
+        }
+        const userEntity = await UserService.instance.findOne({ customer: customerEntity });
+        if (!userEntity) {
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+                error: `Unexpected error: User entity for handling such request is not found in internal storage. CustomerId: ${customerId}`,
+            });
+        }
+        response.locals.customer = customerEntity;
+        response.locals.user = userEntity;
+        return;
+    }
+    async setUserEntity(logToId, response) {
+        const entity = await UserService.instance.get(logToId);
+        if (!entity) {
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+                error: `Unexpected error: User entity for handling such request is not found in internal storage`,
+            });
+        }
+        response.locals.user = entity;
+        response.locals.customer = entity.customer;
+        return;
+    }
+}
+//# sourceMappingURL=base.js.map

package/dist/middleware/auth/user-info-fetcher/base.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/base.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAe5D,MAAM,OAAO,cAAc;IAC1B,SAAS,CAAC,MAAgB,EAAE,QAAkB;QAC7C,QAAQ,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;QAChC,OAAO;IACR,CAAC;IACD,KAAK,CAAC,iBAAiB,CAAC,UAAkB,EAAE,QAAkB;QAC7D,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtE,IAAI,CAAC,cAAc,EAAE,CAAC;YACrB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,6GAA6G,UAAU,EAAE;aAChI,CAAC,CAAC;QACJ,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC,CAAC;QACpF,IAAI,CAAC,UAAU,EAAE,CAAC;YACjB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,yGAAyG,UAAU,EAAE;aAC5H,CAAC,CAAC;QACJ,CAAC;QACD,QAAQ,CAAC,MAAM,CAAC,QAAQ,GAAG,cAAc,CAAC;QAC1C,QAAQ,CAAC,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC;QAClC,OAAO;IACR,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAe,EAAE,QAAkB;QACtD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,0FAA0F;aACjG,CAAC,CAAC;QACJ,CAAC;QACD,QAAQ,CAAC,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC;QAC9B,QAAQ,CAAC,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC3C,OAAO;IACR,CAAC;CACD"}

package/dist/middleware/auth/user-info-fetcher/idtoken.d.ts

@@ -0,0 +1,18 @@
+import type { Request, Response } from 'express';
+import { UserInfoHelper, type IUserInfoFetcher } from './base.js';
+import type { IOAuthProvider } from '../oauth/abstract.js';
+export declare class IdTokenUserInfoFetcher extends UserInfoHelper implements IUserInfoFetcher {
+    token: string;
+    private oauthProvider;
+    constructor(token: string, oauthProvider: IOAuthProvider);
+    fetch(request: Request, response: Response): Promise<Response<any, Record<string, any>> | undefined>;
+    /**
+     * Verifies the JWT token and sets the user's scopes and customer entity in the global context.
+     *
+     * @param {Request} request - The request object.
+     * @param {Response} response - The response object.
+     * @return {Promise<Response | undefined>} The response object with the appropriate status code and error message, or undefined if successful.
+     */
+    verifyJWTToken(request: Request, response: Response): Promise<Response<any, Record<string, any>> | undefined>;
+}
+//# sourceMappingURL=idtoken.d.ts.map

package/dist/middleware/auth/user-info-fetcher/idtoken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"idtoken.d.ts","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/idtoken.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAClE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAO3D,qBAAa,sBAAuB,SAAQ,cAAe,YAAW,gBAAgB;IACrF,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,aAAa,CAAiB;gBAE1B,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,cAAc;IAMlD,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;IAIhD;;;;;;OAMG;IACU,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;CAiChE"}

package/dist/middleware/auth/user-info-fetcher/idtoken.js

@@ -0,0 +1,56 @@
+import { StatusCodes } from 'http-status-codes';
+import { UserInfoHelper } from './base.js';
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+import * as dotenv from 'dotenv';
+dotenv.config();
+export class IdTokenUserInfoFetcher extends UserInfoHelper {
+    token;
+    oauthProvider;
+    constructor(token, oauthProvider) {
+        super();
+        this.token = token;
+        this.oauthProvider = oauthProvider;
+    }
+    async fetch(request, response) {
+        return this.verifyJWTToken(request, response);
+    }
+    /**
+     * Verifies the JWT token and sets the user's scopes and customer entity in the global context.
+     *
+     * @param {Request} request - The request object.
+     * @param {Response} response - The response object.
+     * @return {Promise<Response | undefined>} The response object with the appropriate status code and error message, or undefined if successful.
+     */
+    async verifyJWTToken(request, response) {
+        try {
+            const { payload } = await jwtVerify(this.token, // The raw Bearer Token extracted from the request header
+            createRemoteJWKSet(new URL(this.oauthProvider.endpoint_jwks)), {
+                // expected issuer of the token, should be issued by the Logto server
+                issuer: this.oauthProvider.endpoint_issuer,
+                // expected audience token, should be the resource indicator of the current API
+                audience: process.env.LOGTO_APP_ID,
+            });
+            // Setup the scopes from the token
+            if (!payload.roles) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: No roles found in the token.`,
+                });
+            }
+            const scopes = await this.oauthProvider.getScopesForRoles(payload.roles);
+            if (!scopes) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: No scopes found for the roles: ${payload.roles}`,
+                });
+            }
+            // Set global context
+            this.setScopes(scopes, response);
+            return await this.setUserEntity(payload.sub, response);
+        }
+        catch (error) {
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+                error: `Unexpected error: While verifying ID token: ${error}`,
+            });
+        }
+    }
+}
+//# sourceMappingURL=idtoken.js.map

package/dist/middleware/auth/user-info-fetcher/idtoken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"idtoken.js","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/idtoken.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAyB,MAAM,WAAW,CAAC;AAElE,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAErD,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAEjC,MAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,OAAO,sBAAuB,SAAQ,cAAc;IACzD,KAAK,CAAS;IACN,aAAa,CAAiB;IAEtC,YAAY,KAAa,EAAE,aAA6B;QACvD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,OAAgB,EAAE,QAAkB;QAC/C,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,cAAc,CAAC,OAAgB,EAAE,QAAkB;QAC/D,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAClC,IAAI,CAAC,KAAK,EAAE,yDAAyD;YACrE,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,EAC7D;gBACC,qEAAqE;gBACrE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,eAAe;gBAC1C,+EAA+E;gBAC/E,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;aAClC,CACD,CAAC;YACF,kCAAkC;YAClC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,kDAAkD;iBACtB,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAiB,CAAC,CAAC;YACrF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACb,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,sDAAsD,OAAO,CAAC,KAAK,EAAE;iBACzC,CAAC,CAAC;YACvC,CAAC;YACD,qBAAqB;YACrB,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACjC,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,GAAa,EAAE,QAAQ,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,+CAA+C,KAAK,EAAE;aAC1B,CAAC,CAAC;QACvC,CAAC;IACF,CAAC;CACD"}

package/dist/middleware/auth/user-info-fetcher/m2m-creds-token.d.ts

@@ -0,0 +1,18 @@
+import type { Request, Response } from 'express';
+import { UserInfoHelper, type IUserInfoFetcher } from './base.js';
+import type { IOAuthProvider } from '../oauth/abstract.js';
+export declare class M2MCredsTokenUserInfoFetcher extends UserInfoHelper implements IUserInfoFetcher {
+    token: string;
+    private oauthProvider;
+    constructor(token: string, oauthProvider: IOAuthProvider);
+    /**
+     * Verify M2M token
+     *
+     * @param {Request} request - The request object.
+     * @param {Response} response - The response object.
+     * @return {Promise<void>} The result of verifying the M2M token.
+     */
+    fetch(request: Request, response: Response): Promise<Response<any, Record<string, any>> | undefined>;
+    verifyJWTToken(request: Request, response: Response): Promise<Response<any, Record<string, any>> | undefined>;
+}
+//# sourceMappingURL=m2m-creds-token.d.ts.map

package/dist/middleware/auth/user-info-fetcher/m2m-creds-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"m2m-creds-token.d.ts","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/m2m-creds-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAClE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAM3D,qBAAa,4BAA6B,SAAQ,cAAe,YAAW,gBAAgB;IAC3F,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,aAAa,CAAiB;gBAE1B,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,cAAc;IAMxD;;;;;;OAMG;IACG,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;IAKnC,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;CA4BhE"}

package/dist/middleware/auth/user-info-fetcher/m2m-creds-token.js

@@ -0,0 +1,52 @@
+import { StatusCodes } from 'http-status-codes';
+import { UserInfoHelper } from './base.js';
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+import * as dotenv from 'dotenv';
+dotenv.config();
+export class M2MCredsTokenUserInfoFetcher extends UserInfoHelper {
+    token;
+    oauthProvider;
+    constructor(token, oauthProvider) {
+        super();
+        this.token = token;
+        this.oauthProvider = oauthProvider;
+    }
+    /**
+     * Verify M2M token
+     *
+     * @param {Request} request - The request object.
+     * @param {Response} response - The response object.
+     * @return {Promise<void>} The result of verifying the M2M token.
+     */
+    async fetch(request, response) {
+        // Verify M2M token
+        return this.verifyJWTToken(request, response);
+    }
+    async verifyJWTToken(request, response) {
+        // Get customerId from header
+        const customerId = request.headers['customer-id'];
+        try {
+            const { payload } = await jwtVerify(this.token, // The raw Bearer Token extracted from the request header
+            createRemoteJWKSet(new URL(this.oauthProvider.endpoint_jwks)), {
+                // expected issuer of the token, should be issued by the Logto server
+                issuer: this.oauthProvider.endpoint_issuer,
+            });
+            // Setup the scopes from the token
+            if (!payload.sub) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: No sub found in the token.`,
+                });
+            }
+            // Set global context
+            const scopes = payload.scope ? payload.scope.split(' ') : [];
+            this.setScopes(scopes, response);
+            return await this.setCustomerEntity(customerId, response);
+        }
+        catch (error) {
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+                error: `Unexpected error: While verifying M2M token: ${error}`,
+            });
+        }
+    }
+}
+//# sourceMappingURL=m2m-creds-token.js.map

package/dist/middleware/auth/user-info-fetcher/m2m-creds-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"m2m-creds-token.js","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/m2m-creds-token.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAyB,MAAM,WAAW,CAAC;AAElE,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACrD,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAEjC,MAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,OAAO,4BAA6B,SAAQ,cAAc;IAC/D,KAAK,CAAS;IACN,aAAa,CAAiB;IAEtC,YAAY,KAAa,EAAE,aAA6B;QACvD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACpC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,KAAK,CAAC,OAAgB,EAAE,QAAkB;QAC/C,mBAAmB;QACnB,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,OAAgB,EAAE,QAAkB;QAC/D,6BAA6B;QAC7B,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAClC,IAAI,CAAC,KAAK,EAAE,yDAAyD;YACrE,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,EAC7D;gBACC,qEAAqE;gBACrE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,eAAe;aAC1C,CACD,CAAC;YACF,kCAAkC;YAClC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAClB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,gDAAgD;iBACpB,CAAC,CAAC;YACvC,CAAC;YACD,qBAAqB;YACrB,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAE,OAAO,CAAC,KAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACjC,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,UAAoB,EAAE,QAAQ,CAAC,CAAC;QACrE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,gDAAgD,KAAK,EAAE;aAC3B,CAAC,CAAC;QACvC,CAAC;IACF,CAAC;CACD"}

package/dist/middleware/auth/user-info-fetcher/portal-token.d.ts

@@ -0,0 +1,20 @@
+import type { Request, Response } from 'express';
+import { UserInfoHelper, type IUserInfoFetcher } from './base.js';
+import type { IOAuthProvider } from '../oauth/abstract.js';
+export declare class PortalUserInfoFetcher extends UserInfoHelper implements IUserInfoFetcher {
+    private m2mToken;
+    private idToken;
+    private oauthProvider;
+    constructor(m2mToken: string, idToken: string, oauthProvider: IOAuthProvider);
+    fetch(request: Request, response: Response): Promise<Response<any, Record<string, any>> | undefined>;
+    /**
+     * Verifies the ID token for the portal.
+     *
+     * @param {Request} request - The request object.
+     * @param {Response} response - The response object.
+     * @return {Promise<void>} The result of verifying the ID token.
+     */
+    verifyIdToken(request: Request, response: Response): Promise<Response<any, Record<string, any>> | undefined>;
+    verifyM2MToken(request: Request, response: Response): Promise<Response<any, Record<string, any>> | undefined>;
+}
+//# sourceMappingURL=portal-token.d.ts.map

package/dist/middleware/auth/user-info-fetcher/portal-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"portal-token.d.ts","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/portal-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAClE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAO3D,qBAAa,qBAAsB,SAAQ,cAAe,YAAW,gBAAgB;IACpF,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,OAAO,CAAC;IAChB,OAAO,CAAC,aAAa,CAAiB;gBAE1B,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,cAAc;IAOtE,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;IAUhD;;;;;;OAMG;IACU,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;IAyBlD,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;CAyBhE"}

package/dist/middleware/auth/user-info-fetcher/portal-token.js

@@ -0,0 +1,79 @@
+import { StatusCodes } from 'http-status-codes';
+import { UserInfoHelper } from './base.js';
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+import * as dotenv from 'dotenv';
+dotenv.config();
+export class PortalUserInfoFetcher extends UserInfoHelper {
+    m2mToken;
+    idToken;
+    oauthProvider;
+    constructor(m2mToken, idToken, oauthProvider) {
+        super();
+        this.m2mToken = m2mToken;
+        this.idToken = idToken;
+        this.oauthProvider = oauthProvider;
+    }
+    async fetch(request, response) {
+        // Check the idToken, provided in header
+        const errorResponse = await this.verifyIdToken(request, response);
+        if (errorResponse) {
+            return errorResponse;
+        }
+        return this.verifyM2MToken(request, response);
+    }
+    /**
+     * Verifies the ID token for the portal.
+     *
+     * @param {Request} request - The request object.
+     * @param {Response} response - The response object.
+     * @return {Promise<void>} The result of verifying the ID token.
+     */
+    async verifyIdToken(request, response) {
+        try {
+            const { payload } = await jwtVerify(this.idToken, // The raw Bearer Token extracted from the request header
+            createRemoteJWKSet(new URL(this.oauthProvider.endpoint_jwks)), // generate a jwks using jwks_uri inquired from Logto server
+            {
+                // expected issuer of the token, should be issued by the Logto server
+                issuer: this.oauthProvider.endpoint_issuer,
+            });
+            // Setup the scopes from the token
+            if (!payload.sub) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: No sub found in the token. Cannot set customerId.`,
+                });
+            }
+            return await this.setUserEntity(payload.sub, response);
+        }
+        catch (error) {
+            console.error(error);
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+                error: `Unexpected error: While verifying ID token for Portal: ${error}`,
+            });
+        }
+    }
+    async verifyM2MToken(request, response) {
+        try {
+            const { payload } = await jwtVerify(this.m2mToken, // The raw Bearer Token extracted from the request header
+            createRemoteJWKSet(new URL(this.oauthProvider.endpoint_jwks)), // generate a jwks using jwks_uri inquired from Logto server
+            {
+                // expected issuer of the token, should be issued by the Logto server
+                issuer: this.oauthProvider.endpoint_issuer,
+            });
+            // Setup the scopes from the token
+            if (!payload.sub) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: No sub found in the token.`,
+                });
+            }
+            const scopes = payload.scope ? payload.scope.split(' ') : [];
+            this.setScopes(scopes, response);
+            return;
+        }
+        catch (error) {
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+                error: `Unexpected error: While verifying M2M token for Portal: ${error}`,
+            });
+        }
+    }
+}
+//# sourceMappingURL=portal-token.js.map

package/dist/middleware/auth/user-info-fetcher/portal-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"portal-token.js","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/portal-token.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAyB,MAAM,WAAW,CAAC;AAElE,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAErD,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAEjC,MAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,OAAO,qBAAsB,SAAQ,cAAc;IAChD,QAAQ,CAAS;IACjB,OAAO,CAAC;IACR,aAAa,CAAiB;IAEtC,YAAY,QAAgB,EAAE,OAAe,EAAE,aAA6B;QAC3E,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,OAAgB,EAAE,QAAkB;QAC/C,wCAAwC;QACxC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAClE,IAAI,aAAa,EAAE,CAAC;YACnB,OAAO,aAAa,CAAC;QACtB,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,aAAa,CAAC,OAAgB,EAAE,QAAkB;QAC9D,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAClC,IAAI,CAAC,OAAO,EAAE,yDAAyD;YACvE,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,EAAE,4DAA4D;YAC3H;gBACC,qEAAqE;gBACrE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,eAAe;aAC1C,CACD,CAAC;YACF,kCAAkC;YAClC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAClB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,uEAAuE;iBAC3C,CAAC,CAAC;YACvC,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACrB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,0DAA0D,KAAK,EAAE;aACrC,CAAC,CAAC;QACvC,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,OAAgB,EAAE,QAAkB;QAC/D,IAAI,CAAC;YACJ,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAClC,IAAI,CAAC,QAAQ,EAAE,yDAAyD;YACxE,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,EAAE,4DAA4D;YAC3H;gBACC,qEAAqE;gBACrE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,eAAe;aAC1C,CACD,CAAC;YACF,kCAAkC;YAClC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAClB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,gDAAgD;iBACpB,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAE,OAAO,CAAC,KAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACjC,OAAO;QACR,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,2DAA2D,KAAK,EAAE;aACtC,CAAC,CAAC;QACvC,CAAC;IACF,CAAC;CACD"}

package/dist/middleware/auth/user-info-fetcher/swagger-ui.d.ts

@@ -0,0 +1,16 @@
+import type { Response, Request } from 'express';
+import type { IOAuthProvider } from '../oauth/abstract.js';
+import { UserInfoHelper, type IUserInfoFetcher } from './base.js';
+export declare class SwaggerUserInfoFetcher extends UserInfoHelper implements IUserInfoFetcher {
+    private oauthProvider;
+    constructor(oauthProvider: IOAuthProvider);
+    /**
+     * Tries to fetch user information based on the request and sets the appropriate response.
+     *
+     * @param {Request} request - The request object containing user information.
+     * @param {Response} response - The response object to be set based on user authentication status.
+     * @return {Promise<Response>} The response object with user information or an error message.
+     */
+    fetch(request: Request, response: Response): Promise<Response<any, Record<string, any>> | undefined>;
+}
+//# sourceMappingURL=swagger-ui.d.ts.map

package/dist/middleware/auth/user-info-fetcher/swagger-ui.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"swagger-ui.d.ts","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/swagger-ui.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE3D,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAGlE,qBAAa,sBAAuB,SAAQ,cAAe,YAAW,gBAAgB;IACrF,OAAO,CAAC,aAAa,CAAiB;gBAE1B,aAAa,EAAE,cAAc;IAIzC;;;;;;OAMG;IACG,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;CA8BhD"}

package/dist/middleware/auth/user-info-fetcher/swagger-ui.js

@@ -0,0 +1,48 @@
+import { StatusCodes } from 'http-status-codes';
+import { UserInfoHelper } from './base.js';
+export class SwaggerUserInfoFetcher extends UserInfoHelper {
+    oauthProvider;
+    constructor(oauthProvider) {
+        super();
+        this.oauthProvider = oauthProvider;
+    }
+    /**
+     * Tries to fetch user information based on the request and sets the appropriate response.
+     *
+     * @param {Request} request - The request object containing user information.
+     * @param {Response} response - The response object to be set based on user authentication status.
+     * @return {Promise<Response>} The response object with user information or an error message.
+     */
+    async fetch(request, response) {
+        try {
+            // If the user is not authenticated - return error
+            if (!request.user.isAuthenticated) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: "Unauthorized error: Seems like you are not authenticated. Please follow the authentication process using 'LogIn' button",
+                });
+            }
+            // Tries to get customerId from the logTo user structure
+            if (!request.user || !request.user.claims || !request.user.claims.sub) {
+                return response.status(StatusCodes.BAD_GATEWAY).json({
+                    error: 'Internal error: Seems like authentication process was corrupted and there are problems with getting customerId',
+                });
+            }
+            const userId = request.user.claims.sub;
+            // Tries to get scopes for current user and check that required scopes are present
+            const _resp = await this.oauthProvider.getUserScopes(userId);
+            if (_resp.status !== 200) {
+                return response.status(StatusCodes.UNAUTHORIZED).json({
+                    error: `Unauthorized error: No scopes found for the user: ${userId}.`,
+                });
+            }
+            this.setScopes(_resp.data, response);
+            return await this.setUserEntity(userId, response);
+        }
+        catch (error) {
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+                error: `Unexpected error: While verifying API key: ${error}`,
+            });
+        }
+    }
+}
+//# sourceMappingURL=swagger-ui.js.map

package/dist/middleware/auth/user-info-fetcher/swagger-ui.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"swagger-ui.js","sourceRoot":"","sources":["../../../../src/middleware/auth/user-info-fetcher/swagger-ui.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAyB,MAAM,WAAW,CAAC;AAGlE,MAAM,OAAO,sBAAuB,SAAQ,cAAc;IACjD,aAAa,CAAiB;IAEtC,YAAY,aAA6B;QACxC,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACpC,CAAC;IACD;;;;;;OAMG;IACH,KAAK,CAAC,KAAK,CAAC,OAAgB,EAAE,QAAkB;QAC/C,IAAI,CAAC;YACJ,kDAAkD;YAClD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;gBACnC,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,yHAAyH;iBAC7F,CAAC,CAAC;YACvC,CAAC;YACD,wDAAwD;YACxD,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBACvE,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC;oBACpD,KAAK,EAAE,gHAAgH;iBACpF,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;YACvC,kFAAkF;YAClF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YAC7D,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC1B,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;oBACrD,KAAK,EAAE,qDAAqD,MAAM,GAAG;iBAClC,CAAC,CAAC;YACvC,CAAC;YACD,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACrC,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACnD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,8CAA8C,KAAK,EAAE;aACzB,CAAC,CAAC;QACvC,CAAC;IACF,CAAC;CACD"}

package/dist/middleware/authentication.d.ts

@@ -0,0 +1,15 @@
+import { Request, Response, NextFunction } from 'express';
+export declare class Authentication {
+    private apiGuardian;
+    private isSetup;
+    private logToHelper;
+    private oauthProvider;
+    constructor();
+    setup(next: NextFunction): Promise<void | Response<any, Record<string, any>>>;
+    handleError(error: Error, request: Request, response: Response, next: NextFunction): Promise<void | Response<any, Record<string, any>>>;
+    accessControl(request: Request, response: Response, next: NextFunction): Promise<void | Response<any, Record<string, any>>>;
+    wrapperHandleAuthRoutes(request: Request, response: Response, next: NextFunction): Promise<void>;
+    withLogtoWrapper(request: Request, response: Response, next: NextFunction): Promise<void | Response<any, Record<string, any>>>;
+    guard(request: Request, response: Response, next: NextFunction): Promise<void | Response<any, Record<string, any>>>;
+}
+//# sourceMappingURL=authentication.d.ts.map

package/dist/middleware/authentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication.d.ts","sourceRoot":"","sources":["../../src/middleware/authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAY,MAAM,SAAS,CAAC;AA0BpE,qBAAa,cAAc;IAC1B,OAAO,CAAC,WAAW,CAAW;IAC9B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,aAAa,CAAiB;;IAwBzB,KAAK,CAAC,IAAI,EAAE,YAAY;IAcxB,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY;IASlF,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY;IActE,uBAAuB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY;IAShF,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY;IAkBzE,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY;CAW3E"}

package/dist/middleware/authentication.js

@@ -0,0 +1,110 @@
+import { response } from 'express';
+import { StatusCodes } from 'http-status-codes';
+import * as dotenv from 'dotenv';
+import { AccountAuthProvider } from './auth/routes/api/account-auth.js';
+import { KeyAuthProvider } from './auth/routes/api/key-auth.js';
+import { LogToHelper } from './auth/logto-helper.js';
+import { configLogToExpress } from '../types/constants.js';
+import { handleAuthRoutes, withLogto } from '@logto/express';
+import { LogToProvider } from './auth/oauth/logto-provider.js';
+import { AdminAuthRuleProvider } from './auth/routes/admin/admin-auth.js';
+import { APIGuard } from './auth/auth-gaurd.js';
+import { AuthRuleRepository } from './auth/routes/auth-rule-repository.js';
+import { DidAuthRuleProvider } from './auth/routes/api/did-auth.js';
+import { PresentationAuthRuleProvider } from './auth/routes/api/presentation-auth.js';
+import { ResourceAuthRuleProvider } from './auth/routes/api/resource-auth.js';
+import { CredentialAuthRuleProvider } from './auth/routes/api/credential-auth.js';
+import { CredentialStatusAuthRuleProvider } from './auth/routes/api/credential-status-auth.js';
+import { AuthInfoProvider } from './auth/routes/api/auth-user-info.js';
+dotenv.config();
+const { ENABLE_EXTERNAL_DB } = process.env;
+export class Authentication {
+    apiGuardian;
+    isSetup = false;
+    logToHelper;
+    oauthProvider;
+    constructor() {
+        this.oauthProvider = new LogToProvider();
+        const authRuleRepository = new AuthRuleRepository();
+        authRuleRepository.push(new AuthInfoProvider());
+        authRuleRepository.push(new AccountAuthProvider());
+        authRuleRepository.push(new KeyAuthProvider());
+        authRuleRepository.push(new DidAuthRuleProvider());
+        authRuleRepository.push(new ResourceAuthRuleProvider());
+        authRuleRepository.push(new CredentialAuthRuleProvider());
+        authRuleRepository.push(new CredentialStatusAuthRuleProvider());
+        authRuleRepository.push(new PresentationAuthRuleProvider());
+        authRuleRepository.push(new AdminAuthRuleProvider());
+        this.apiGuardian = new APIGuard(authRuleRepository, this.oauthProvider);
+        // Initial auth handler
+        this.logToHelper = new LogToHelper();
+    }
+    async setup(next) {
+        if (!this.isSetup) {
+            const _r = await this.logToHelper.setup();
+            if (_r.status !== StatusCodes.OK) {
+                return response.status(StatusCodes.BAD_GATEWAY).json({
+                    error: _r.error,
+                });
+            }
+            this.isSetup = true;
+        }
+        return next();
+    }
+    async handleError(error, request, response, next) {
+        if (error) {
+            return response.status(StatusCodes.UNAUTHORIZED).send({
+                error: `${error.message}`,
+            });
+        }
+        return next();
+    }
+    async accessControl(request, response, next) {
+        if (this.apiGuardian.skipPath(request.path))
+            return next();
+        // ToDo: Make it more readable
+        if (ENABLE_EXTERNAL_DB === 'false') {
+            if (['/account', '/did/create', '/key/create'].includes(request.path)) {
+                return response.status(StatusCodes.METHOD_NOT_ALLOWED).json({
+                    error: 'Api not supported',
+                });
+            }
+        }
+        next();
+    }
+    async wrapperHandleAuthRoutes(request, response, next) {
+        const resources = await this.logToHelper.getAllResourcesWithNames();
+        return handleAuthRoutes({ ...configLogToExpress, scopes: ['roles'], resources: resources })(request, response, next);
+    }
+    async withLogtoWrapper(request, response, next) {
+        if (this.apiGuardian.skipPath(request.path))
+            return next();
+        try {
+            return withLogto({ ...configLogToExpress, scopes: ['roles'] })(request, response, next);
+        }
+        catch (err) {
+            return response.status(500).send({
+                authenticated: false,
+                error: `${err}`,
+                customerId: null,
+            });
+        }
+    }
+    // ToDo: refactor it or keep for the moment of setting up the admin panel
+    // private isBootstrapping(request: Request) {
+    // 	return ['/account/create'].includes(request.path);
+    // }
+    async guard(request, response, next) {
+        if (this.apiGuardian.skipPath(request.path))
+            return next();
+        try {
+            return await this.apiGuardian.guard(request, response, next);
+        }
+        catch (err) {
+            return response.status(StatusCodes.INTERNAL_SERVER_ERROR).send({
+                error: `Unexpected error: While guarding API request ${err}`,
+            });
+        }
+    }
+}
+//# sourceMappingURL=authentication.js.map

package/dist/middleware/authentication.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication.js","sourceRoot":"","sources":["../../src/middleware/authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmC,QAAQ,EAAE,MAAM,SAAS,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAE3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,4BAA4B,EAAE,MAAM,wCAAwC,CAAC;AACtF,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAClF,OAAO,EAAE,gCAAgC,EAAE,MAAM,6CAA6C,CAAC;AAC/F,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AAGvE,MAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC;AAE3C,MAAM,OAAO,cAAc;IAClB,WAAW,CAAW;IACtB,OAAO,GAAG,KAAK,CAAC;IAChB,WAAW,CAAc;IACzB,aAAa,CAAiB;IAEtC;QACC,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;QACzC,MAAM,kBAAkB,GAAG,IAAI,kBAAkB,EAAE,CAAC;QAEpD,kBAAkB,CAAC,IAAI,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;QAEhD,kBAAkB,CAAC,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;QACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC;QAE/C,kBAAkB,CAAC,IAAI,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;QACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,wBAAwB,EAAE,CAAC,CAAC;QACxD,kBAAkB,CAAC,IAAI,CAAC,IAAI,0BAA0B,EAAE,CAAC,CAAC;QAC1D,kBAAkB,CAAC,IAAI,CAAC,IAAI,gCAAgC,EAAE,CAAC,CAAC;QAChE,kBAAkB,CAAC,IAAI,CAAC,IAAI,4BAA4B,EAAE,CAAC,CAAC;QAE5D,kBAAkB,CAAC,IAAI,CAAC,IAAI,qBAAqB,EAAE,CAAC,CAAC;QAErD,IAAI,CAAC,WAAW,GAAG,IAAI,QAAQ,CAAC,kBAAkB,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACxE,uBAAuB;QACvB,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;IACtC,CAAC;IAEM,KAAK,CAAC,KAAK,CAAC,IAAkB;QACpC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;YAC1C,IAAI,EAAE,CAAC,MAAM,KAAK,WAAW,CAAC,EAAE,EAAE,CAAC;gBAClC,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC;oBACpD,KAAK,EAAE,EAAE,CAAC,KAAK;iBACf,CAAC,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACrB,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;IACf,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,KAAY,EAAE,OAAgB,EAAE,QAAkB,EAAE,IAAkB;QAC9F,IAAI,KAAK,EAAE,CAAC;YACX,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC;gBACrD,KAAK,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE;aACzB,CAAC,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;IACf,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,OAAgB,EAAE,QAAkB,EAAE,IAAkB;QAClF,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAE3D,8BAA8B;QAC9B,IAAI,kBAAkB,KAAK,OAAO,EAAE,CAAC;YACpC,IAAI,CAAC,UAAU,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvE,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC;oBAC3D,KAAK,EAAE,mBAAmB;iBAC1B,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QACD,IAAI,EAAE,CAAC;IACR,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,OAAgB,EAAE,QAAkB,EAAE,IAAkB;QAC5F,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,wBAAwB,EAAE,CAAC;QACpE,OAAO,gBAAgB,CAAC,EAAE,GAAG,kBAAkB,EAAE,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,SAAqB,EAAE,CAAC,CACtG,OAAO,EACP,QAAQ,EACR,IAAI,CACJ,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAAgB,EAAE,QAAkB,EAAE,IAAkB;QACrF,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAC3D,IAAI,CAAC;YACJ,OAAO,SAAS,CAAC,EAAE,GAAG,kBAAkB,EAAE,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;QACzF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,OAAO,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAChC,aAAa,EAAE,KAAK;gBACpB,KAAK,EAAE,GAAG,GAAG,EAAE;gBACf,UAAU,EAAE,IAAI;aAChB,CAAC,CAAC;QACJ,CAAC;IACF,CAAC;IAED,yEAAyE;IACzE,8CAA8C;IAC9C,sDAAsD;IACtD,IAAI;IAEG,KAAK,CAAC,KAAK,CAAC,OAAgB,EAAE,QAAkB,EAAE,IAAkB;QAC1E,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAE3D,IAAI,CAAC;YACJ,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,OAAO,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;gBAC9D,KAAK,EAAE,gDAAgD,GAAG,EAAE;aACzB,CAAC,CAAC;QACvC,CAAC;IACF,CAAC;CACD"}