@crossauth/fastify 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.cjs +1 -1
  2. package/dist/index.js +63 -63
  3. package/package.json +3 -3
package/dist/index.js CHANGED
@@ -3,8 +3,8 @@ var Pe = (S, e, o) => e in S ? ke(S, e, { enumerable: !0, configurable: !0, writ
3
3
  var u = (S, e, o) => Pe(S, typeof e != "symbol" ? e + "" : e, o);
4
4
  import Ee from "fastify";
5
5
  import Te from "@fastify/view";
6
- import be from "@fastify/formbody";
7
- import ye from "@fastify/cors";
6
+ import ye from "@fastify/formbody";
7
+ import be from "@fastify/cors";
8
8
  import _e from "@fastify/cookie";
9
9
  import ue from "nunjucks";
10
10
  import { setParameter as C, ParamType as k, Crypto as F, TokenEmailer as xe, OAuthClientManager as L, SessionManager as Ae, ApiKeyManager as Y, KeyStorage as Fe, OAuthAuthorizationServer as Ne, DoubleSubmitCsrfToken as Ue, OAuthClientBackend as Oe, OAuthResourceServer as Ie, OAuthTokenConsumer as Me } from "@crossauth/backend";
@@ -57,7 +57,7 @@ class De {
57
57
  ip: e.ip,
58
58
  user: (r = e.user) == null ? void 0 : r.username
59
59
  })), !e.user || !this.sessionServer.canEditUser(e))
60
- return b.sendPageError(
60
+ return y.sendPageError(
61
61
  o,
62
62
  401,
63
63
  this.sessionServer.errorPage
@@ -82,7 +82,7 @@ class De {
82
82
  url: this.prefix + "updateuser",
83
83
  ip: e.ip,
84
84
  user: (r = e.user) == null ? void 0 : r.username
85
- })), !this.sessionServer.canEditUser(e)) return b.sendPageError(
85
+ })), !this.sessionServer.canEditUser(e)) return y.sendPageError(
86
86
  o,
87
87
  401,
88
88
  this.sessionServer.errorPage
@@ -186,7 +186,7 @@ class De {
186
186
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
187
187
  const n = await this.sessionServer.getSessionData(e, "factor2change");
188
188
  if (!(n != null && n.username) && !this.sessionServer.isSessionUser(e))
189
- return b.sendPageError(
189
+ return y.sendPageError(
190
190
  o,
191
191
  401,
192
192
  this.sessionServer.errorPage
@@ -215,7 +215,7 @@ class De {
215
215
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
216
216
  const t = await this.sessionServer.getSessionData(e, "factor2change");
217
217
  if (!(t != null && t.username) && !this.sessionServer.isSessionUser(e))
218
- return b.sendPageError(
218
+ return y.sendPageError(
219
219
  o,
220
220
  401,
221
221
  this.sessionServer.errorPage
@@ -320,7 +320,7 @@ class De {
320
320
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
321
321
  const t = await this.sessionServer.getSessionData(e, "passwordchange");
322
322
  if ((t == null ? void 0 : t.username) == null && !this.sessionServer.isSessionUser(e))
323
- return b.sendPageError(
323
+ return y.sendPageError(
324
324
  o,
325
325
  401,
326
326
  this.sessionServer.errorPage
@@ -1306,7 +1306,7 @@ class He {
1306
1306
  method: "GET",
1307
1307
  url: this.adminPrefix + "createuser",
1308
1308
  ip: e.ip
1309
- })), !(e != null && e.user) || !b.isAdmin(e.user))
1309
+ })), !(e != null && e.user) || !y.isAdmin(e.user))
1310
1310
  return this.accessDeniedPage(e, o);
1311
1311
  let r = {
1312
1312
  urlPrefix: this.adminPrefix,
@@ -1417,7 +1417,7 @@ class He {
1417
1417
  method: "GET",
1418
1418
  url: this.adminPrefix + "selectuser",
1419
1419
  ip: e.ip
1420
- })), !(e != null && e.user) || !b.isAdmin(e.user))
1420
+ })), !(e != null && e.user) || !y.isAdmin(e.user))
1421
1421
  return this.accessDeniedPage(e, o);
1422
1422
  try {
1423
1423
  let r = [], s = Number(e.query.skip), t = Number(e.query.take);
@@ -1439,7 +1439,7 @@ class He {
1439
1439
  return e.query.next && (n.next = e.query.next), o.view(this.adminSelectUserPage, n);
1440
1440
  } catch (r) {
1441
1441
  const s = l.asCrossauthError(r);
1442
- return d.logger.error(c({ err: r })), b.sendPageError(
1442
+ return d.logger.error(c({ err: r })), y.sendPageError(
1443
1443
  o,
1444
1444
  s.httpStatus,
1445
1445
  this.sessionServer.errorPage,
@@ -1463,7 +1463,7 @@ class He {
1463
1463
  method: "GET",
1464
1464
  url: this.adminPrefix + "updateuser",
1465
1465
  ip: e.ip
1466
- })), !(e != null && e.user) || !b.isAdmin(e.user))
1466
+ })), !(e != null && e.user) || !y.isAdmin(e.user))
1467
1467
  return this.accessDeniedPage(e, o);
1468
1468
  try {
1469
1469
  const { user: r } = await this.sessionServer.userStorage.getUserById(e.params.id);
@@ -1477,7 +1477,7 @@ class He {
1477
1477
  return o.view(this.adminUpdateUserPage, s);
1478
1478
  } catch (r) {
1479
1479
  const s = l.asCrossauthError(r);
1480
- return d.logger.error(c({ err: r })), b.sendPageError(
1480
+ return d.logger.error(c({ err: r })), y.sendPageError(
1481
1481
  o,
1482
1482
  s.httpStatus,
1483
1483
  this.sessionServer.errorPage,
@@ -1496,7 +1496,7 @@ class He {
1496
1496
  url: this.adminPrefix + "updateuser",
1497
1497
  ip: e.ip,
1498
1498
  user: (s = e.user) == null ? void 0 : s.username
1499
- })), !this.sessionServer.canEditUser(e)) return b.sendPageError(
1499
+ })), !this.sessionServer.canEditUser(e)) return y.sendPageError(
1500
1500
  o,
1501
1501
  401,
1502
1502
  this.sessionServer.errorPage
@@ -1531,7 +1531,7 @@ class He {
1531
1531
  urlPrefix: this.adminPrefix,
1532
1532
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
1533
1533
  ...e.body
1534
- }) : b.sendPageError(
1534
+ }) : y.sendPageError(
1535
1535
  i,
1536
1536
  n.httpStatus,
1537
1537
  this.sessionServer.errorPage,
@@ -1556,7 +1556,7 @@ class He {
1556
1556
  ip: e.ip
1557
1557
  }));
1558
1558
  let r;
1559
- if (!(e != null && e.user) || !b.isAdmin(e.user))
1559
+ if (!(e != null && e.user) || !y.isAdmin(e.user))
1560
1560
  return this.accessDeniedPage(e, o);
1561
1561
  try {
1562
1562
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call deleteuser unless a user storage is provided");
@@ -1644,7 +1644,7 @@ class He {
1644
1644
  url: this.adminPrefix + "api/updateuser",
1645
1645
  ip: e.ip,
1646
1646
  user: (s = e.user) == null ? void 0 : s.username
1647
- })), !e.user || !b.isAdmin(e.user))
1647
+ })), !e.user || !y.isAdmin(e.user))
1648
1648
  return this.sessionServer.sendJsonError(o, 401);
1649
1649
  let r;
1650
1650
  try {
@@ -1694,7 +1694,7 @@ class He {
1694
1694
  url: this.adminPrefix + "changepassword",
1695
1695
  ip: e.ip,
1696
1696
  user: (r = e.user) == null ? void 0 : r.username
1697
- })), !(e != null && e.user) || !b.isAdmin(e.user))
1697
+ })), !(e != null && e.user) || !y.isAdmin(e.user))
1698
1698
  return this.accessDeniedPage(e, o);
1699
1699
  try {
1700
1700
  const { user: s } = await this.sessionServer.userStorage.getUserById(e.params.id);
@@ -1706,7 +1706,7 @@ class He {
1706
1706
  return o.view(this.adminChangePasswordPage, t);
1707
1707
  } catch (s) {
1708
1708
  const t = l.asCrossauthError(s);
1709
- return d.logger.error(c({ err: s })), b.sendPageError(
1709
+ return d.logger.error(c({ err: s })), y.sendPageError(
1710
1710
  o,
1711
1711
  t.httpStatus,
1712
1712
  this.sessionServer.errorPage,
@@ -1776,7 +1776,7 @@ class He {
1776
1776
  url: this.adminPrefix + "api/changepassword",
1777
1777
  ip: e.ip,
1778
1778
  user: (s = e.user) == null ? void 0 : s.username
1779
- })), !e.user || !b.isAdmin(e.user))
1779
+ })), !e.user || !y.isAdmin(e.user))
1780
1780
  return this.sessionServer.sendJsonError(o, 401);
1781
1781
  let r;
1782
1782
  try {
@@ -1859,7 +1859,7 @@ class He {
1859
1859
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call createUser unless a user storage is provided");
1860
1860
  if (this.sessionServer.isSessionUser(e) && !e.csrfToken)
1861
1861
  throw new l(g.InvalidCsrf);
1862
- if (!e.user || !b.isAdmin(e.user))
1862
+ if (!e.user || !y.isAdmin(e.user))
1863
1863
  throw new l(g.InsufficientPriviledges);
1864
1864
  if (e.body.factor2 || (e.body.factor2 = this.sessionServer.allowedFactor2[0]), e.body.factor2 && !this.sessionServer.allowedFactor2.includes(e.body.factor2 ?? "none"))
1865
1865
  throw new l(
@@ -1931,7 +1931,7 @@ class He {
1931
1931
  }
1932
1932
  async updateUser(e, o, r, s) {
1933
1933
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateUser unless a user storage is provided");
1934
- if (!o.user || !b.isAdmin(o.user))
1934
+ if (!o.user || !y.isAdmin(o.user))
1935
1935
  throw new l(g.Unauthorized);
1936
1936
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1937
1937
  const t = e.factor2, n = e.state;
@@ -1962,7 +1962,7 @@ class He {
1962
1962
  }
1963
1963
  async changePassword(e, o, r, s) {
1964
1964
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateUser unless a user storage is provided");
1965
- if (!o.user || !b.isAdmin(o.user))
1965
+ if (!o.user || !y.isAdmin(o.user))
1966
1966
  throw new l(g.Unauthorized);
1967
1967
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1968
1968
  const t = this.sessionServer.authenticators[e.factor1], n = t.secretNames();
@@ -1988,7 +1988,7 @@ class He {
1988
1988
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call deleteUser unless a user storage is provided");
1989
1989
  if (this.sessionServer.isSessionUser(e) && !e.csrfToken)
1990
1990
  throw new l(g.InvalidCsrf);
1991
- if (!e.user || !b.isAdmin(e.user))
1991
+ if (!e.user || !y.isAdmin(e.user))
1992
1992
  throw new l(g.InsufficientPriviledges);
1993
1993
  return await this.sessionServer.userStorage.deleteUserById(e.params.id), r(o);
1994
1994
  }
@@ -2046,7 +2046,7 @@ class Le {
2046
2046
  method: "GET",
2047
2047
  url: this.adminPrefix + "selectclient",
2048
2048
  ip: e.ip
2049
- })), !(e != null && e.user) || !b.isAdmin(e.user))
2049
+ })), !(e != null && e.user) || !y.isAdmin(e.user))
2050
2050
  return this.accessDeniedPage(e, o);
2051
2051
  const r = e.query.next ?? encodeURIComponent(e.url);
2052
2052
  try {
@@ -2080,7 +2080,7 @@ class Le {
2080
2080
  return e.query.next && (h.next = e.query.next), o.view(this.selectClientPage, h);
2081
2081
  } catch (s) {
2082
2082
  const t = l.asCrossauthError(s);
2083
- return d.logger.error(c({ err: s })), b.sendPageError(
2083
+ return d.logger.error(c({ err: s })), y.sendPageError(
2084
2084
  o,
2085
2085
  t.httpStatus,
2086
2086
  this.sessionServer.errorPage,
@@ -2103,7 +2103,7 @@ class Le {
2103
2103
  method: "GET",
2104
2104
  url: this.adminPrefix + "createclient",
2105
2105
  ip: e.ip
2106
- })), !(e != null && e.user) || !b.isAdmin(e.user))
2106
+ })), !(e != null && e.user) || !y.isAdmin(e.user))
2107
2107
  return this.accessDeniedPage(e, o);
2108
2108
  let r = e.query.next;
2109
2109
  r || (e.query.userid ? r = this.adminPrefix + "selectuser" : r = this.adminPrefix + "selectclient");
@@ -2208,7 +2208,7 @@ class Le {
2208
2208
  method: "GET",
2209
2209
  url: this.adminPrefix + "updateclient",
2210
2210
  ip: e.ip
2211
- })), !(e != null && e.user) || !b.isAdmin(e.user))
2211
+ })), !(e != null && e.user) || !y.isAdmin(e.user))
2212
2212
  return this.accessDeniedPage(e, o);
2213
2213
  let r;
2214
2214
  try {
@@ -2339,7 +2339,7 @@ class Le {
2339
2339
  ip: e.ip
2340
2340
  }));
2341
2341
  let r;
2342
- if (!(e != null && e.user) || !b.isAdmin(e.user))
2342
+ if (!(e != null && e.user) || !y.isAdmin(e.user))
2343
2343
  return this.accessDeniedPage(e, o);
2344
2344
  try {
2345
2345
  r = await this.clientStorage.getClientById(e.params.client_id);
@@ -2567,7 +2567,7 @@ class Le {
2567
2567
  async createClient(e, o, r, s) {
2568
2568
  if (this.sessionServer.isSessionUser(e) && !e.csrfToken)
2569
2569
  throw new l(g.InvalidCsrf);
2570
- if (!e.user || !b.isAdmin(e.user))
2570
+ if (!e.user || !y.isAdmin(e.user))
2571
2571
  throw new l(g.InsufficientPriviledges);
2572
2572
  const t = e.body.confidential == "true", n = e.body.client_name, i = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2573
2573
  let a = [];
@@ -2597,7 +2597,7 @@ class Le {
2597
2597
  async updateClient(e, o, r) {
2598
2598
  if (this.sessionServer.isSessionUser(e) && !e.csrfToken)
2599
2599
  throw new l(g.InvalidCsrf);
2600
- if (!e.user || !b.isAdmin(e.user))
2600
+ if (!e.user || !y.isAdmin(e.user))
2601
2601
  throw new l(g.InsufficientPriviledges);
2602
2602
  const s = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2603
2603
  let t = [];
@@ -2627,7 +2627,7 @@ class Le {
2627
2627
  async deleteClient(e, o, r) {
2628
2628
  if (this.sessionServer.isSessionUser(e) && !e.csrfToken)
2629
2629
  throw new l(g.InvalidCsrf);
2630
- if (!e.user || !b.isAdmin(e.user))
2630
+ if (!e.user || !y.isAdmin(e.user))
2631
2631
  throw new l(g.InsufficientPriviledges);
2632
2632
  return await this.clientStorage.deleteClient(e.params.client_id), r(o);
2633
2633
  }
@@ -2699,7 +2699,7 @@ class Ge {
2699
2699
  return e.query.next && (i.next = e.query.next), o.view(this.selectClientPage, i);
2700
2700
  } catch (r) {
2701
2701
  const s = l.asCrossauthError(r);
2702
- return d.logger.error(c({ err: r })), b.sendPageError(
2702
+ return d.logger.error(c({ err: r })), y.sendPageError(
2703
2703
  o,
2704
2704
  s.httpStatus,
2705
2705
  this.sessionServer.errorPage,
@@ -3333,7 +3333,7 @@ function We(S, e, o) {
3333
3333
  username: S.body.username,
3334
3334
  state: "active"
3335
3335
  };
3336
- const t = S.user && b.isAdmin(S.user);
3336
+ const t = S.user && y.isAdmin(S.user);
3337
3337
  for (let n in S.body) {
3338
3338
  let i = n.replace(/^user_/, "");
3339
3339
  n.startsWith("user_") && (t || e.includes(i)) && (s[i] = S.body[n]);
@@ -3341,7 +3341,7 @@ function We(S, e, o) {
3341
3341
  return s.factor1 = "localpassword", o.includes(s.factor1) && (s.factor1 = S.body.factor1), s.factor2 = S.body.factor2, s;
3342
3342
  }
3343
3343
  function Je(S, e, o) {
3344
- const r = e.user && b.isAdmin(e.user);
3344
+ const r = e.user && y.isAdmin(e.user);
3345
3345
  for (let s in e.body) {
3346
3346
  let t = s.replace(/^user_/, "");
3347
3347
  s.startsWith("user_") && (r || o.includes(t)) && (S[t] = e.body[s]);
@@ -3463,7 +3463,7 @@ class Ke {
3463
3463
  u(this, "enableCsrfProtection", !0);
3464
3464
  u(this, "userAllowedFactor1", ["localpassword"]);
3465
3465
  u(this, "adminAllowedFactor1", ["localpassword"]);
3466
- this.app = e, this.userEndpoints = new De(this, s), this.adminEndpoints = new He(this, s), C("prefix", k.String, this, s, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), this.prefix.startsWith("/") || "" + this.prefix, this.loginUrl = this.prefix + "login", C("signupPage", k.String, this, s, "SIGNUP_PAGE"), C("loginPage", k.String, this, s, "LOGIN_PAGE"), C("factor2Page", k.String, this, s, "FACTOR2_PAGE"), C("configureFactor2Page", k.String, this, s, "SIGNUP_FACTOR2_PAGE"), C("errorPage", k.String, this, s, "ERROR_PAGE"), C("emailFrom", k.String, this, s, "EMAIL_FROM"), C("allowedFactor2", k.JsonArray, this, s, "ALLOWED_FACTOR2"), C("enableEmailVerification", k.Boolean, this, s, "ENABLE_EMAIL_VERIFICATION"), C("enablePasswordReset", k.Boolean, this, s, "ENABLE_PASSWORD_RESET"), C("factor2ProtectedPageEndpoints", k.JsonArray, this, s, "FACTOR2_PROTECTED_PAGE_ENDPOINTS"), C("factor2ProtectedApiEndpoints", k.JsonArray, this, s, "FACTOR2_PROTECTED_API_ENDPOINTS"), C("enableAdminEndpoints", k.Boolean, this, s, "ENABLE_ADMIN_ENDPOINTS"), C("enableOAuthClientManagement", k.Boolean, this, s, "ENABLE_OAUTH_CLIENT_MANAGEMENT"), C("editUserScope", k.String, this, s, "EDIT_USER_SCOPE"), C("userAllowedFactor1", k.JsonArray, this, s, "USER_ALLOWED_FACTOR1"), C("adminAllowedFactor1", k.JsonArray, this, s, "ADMIN_ALLOWED_FACTOR1"), s.validateUserFn && (this.validateUserFn = s.validateUserFn), s.createUserFn && (this.createUserFn = s.createUserFn), s.updateUserFn && (this.updateUserFn = s.updateUserFn), s.addToSession && (this.addToSession = s.addToSession), s.validateSession && (this.validateSession = s.validateSession), this.endpoints = [...he, ...le], this.endpoints = [...this.endpoints, ...re, ...ie], this.enableAdminEndpoints && (this.endpoints = [...this.endpoints, ...se, ...te]), this.enableOAuthClientManagement && (this.endpoints = [...this.endpoints, ...Z, ...ee, ...Q, ...q]), this.enableEmailVerification && (this.endpoints = [...this.endpoints, ...ae, ...ne]), this.enablePasswordReset && (this.endpoints = [...this.endpoints, ...de, ...ce]), s.endpoints && (C("endpoints", k.JsonArray, this, s, "SESSION_ENDPOINTS"), this.endpoints.length == 1 && this.endpoints[0] == "all" && (this.endpoints = je), this.endpoints.length == 1 && this.endpoints[0] == "allMinusOAuth" && (this.endpoints = Be)), this.allowedFactor2.length > 0 && (this.endpoints = [...this.endpoints, ...ge, ...oe]);
3466
+ this.app = e, this.userEndpoints = new De(this, s), this.adminEndpoints = new He(this, s), C("prefix", k.String, this, s, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), this.prefix.startsWith("/") || "" + this.prefix, this.loginUrl = this.prefix + "login", C("signupPage", k.String, this, s, "SIGNUP_PAGE"), C("loginPage", k.String, this, s, "LOGIN_PAGE"), C("factor2Page", k.String, this, s, "FACTOR2_PAGE"), C("configureFactor2Page", k.String, this, s, "SIGNUP_FACTOR2_PAGE"), C("errorPage", k.String, this, s, "ERROR_PAGE"), C("allowedFactor2", k.JsonArray, this, s, "ALLOWED_FACTOR2"), C("enableEmailVerification", k.Boolean, this, s, "ENABLE_EMAIL_VERIFICATION"), C("enablePasswordReset", k.Boolean, this, s, "ENABLE_PASSWORD_RESET"), C("factor2ProtectedPageEndpoints", k.JsonArray, this, s, "FACTOR2_PROTECTED_PAGE_ENDPOINTS"), C("factor2ProtectedApiEndpoints", k.JsonArray, this, s, "FACTOR2_PROTECTED_API_ENDPOINTS"), C("enableAdminEndpoints", k.Boolean, this, s, "ENABLE_ADMIN_ENDPOINTS"), C("enableOAuthClientManagement", k.Boolean, this, s, "ENABLE_OAUTH_CLIENT_MANAGEMENT"), C("editUserScope", k.String, this, s, "EDIT_USER_SCOPE"), C("userAllowedFactor1", k.JsonArray, this, s, "USER_ALLOWED_FACTOR1"), C("adminAllowedFactor1", k.JsonArray, this, s, "ADMIN_ALLOWED_FACTOR1"), C("loginRedirect", k.JsonArray, this, s, "LOGIN_REDIRECT"), C("logoutRedirect", k.JsonArray, this, s, "LOGOUT_REDIRECT"), s.validateUserFn && (this.validateUserFn = s.validateUserFn), s.createUserFn && (this.createUserFn = s.createUserFn), s.updateUserFn && (this.updateUserFn = s.updateUserFn), s.addToSession && (this.addToSession = s.addToSession), s.validateSession && (this.validateSession = s.validateSession), this.endpoints = [...he, ...le], this.endpoints = [...this.endpoints, ...re, ...ie], this.enableAdminEndpoints && (this.endpoints = [...this.endpoints, ...se, ...te]), this.enableOAuthClientManagement && (this.endpoints = [...this.endpoints, ...Z, ...ee, ...Q, ...q]), this.enableEmailVerification && (this.endpoints = [...this.endpoints, ...ae, ...ne]), this.enablePasswordReset && (this.endpoints = [...this.endpoints, ...de, ...ce]), s.endpoints && (C("endpoints", k.JsonArray, this, s, "SESSION_ENDPOINTS"), this.endpoints.length == 1 && this.endpoints[0] == "all" && (this.endpoints = je), this.endpoints.length == 1 && this.endpoints[0] == "allMinusOAuth" && (this.endpoints = Be)), this.allowedFactor2.length > 0 && (this.endpoints = [...this.endpoints, ...ge, ...oe]);
3467
3467
  let t = !1;
3468
3468
  for (let i of this.endpoints)
3469
3469
  if (q.includes(i) || Q.includes(i)) {
@@ -3571,22 +3571,22 @@ class Ke {
3571
3571
  let N = {};
3572
3572
  for (let M in i.body)
3573
3573
  T.includes(M) && (N[M] = i.body[M]);
3574
- let y;
3574
+ let b;
3575
3575
  try {
3576
3576
  await this.sessionManager.completeTwoFactorPageVisit(N, m);
3577
3577
  } catch (M) {
3578
- y = l.asCrossauthError(M), d.logger.debug(c({ err: M }));
3578
+ b = l.asCrossauthError(M), d.logger.debug(c({ err: M }));
3579
3579
  const I = l.asCrossauthError(M);
3580
3580
  d.logger.error(c({
3581
- msg: y.message,
3581
+ msg: b.message,
3582
3582
  cerr: M,
3583
3583
  user: i.body.username,
3584
3584
  errorCode: I.code,
3585
3585
  errorCodeName: I.codeName
3586
3586
  }));
3587
3587
  }
3588
- if (i.body = w.pre2fa.body, y)
3589
- if (y.code == g.Expired) {
3588
+ if (i.body = w.pre2fa.body, b)
3589
+ if (b.code == g.Expired) {
3590
3590
  d.logger.debug("Error - cancelling 2FA");
3591
3591
  try {
3592
3592
  await this.sessionManager.cancelTwoFactorPageVisit(m);
@@ -3595,21 +3595,21 @@ class Ke {
3595
3595
  }
3596
3596
  i.body = {
3597
3597
  ...i.body,
3598
- errorMessage: y.message,
3599
- errorMessages: y.message,
3600
- errorCode: "" + y.code,
3601
- errorCodeName: g[y.code]
3598
+ errorMessage: b.message,
3599
+ errorMessages: b.message,
3600
+ errorCode: "" + b.code,
3601
+ errorCodeName: g[b.code]
3602
3602
  };
3603
3603
  } else
3604
- return this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2?error=" + g[y.code]) : a.status(y.httpStatus).send(JSON.stringify({
3604
+ return this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2?error=" + g[b.code]) : a.status(b.httpStatus).send(JSON.stringify({
3605
3605
  ok: !1,
3606
- errorMessage: y.message,
3607
- errorMessages: y.messages,
3608
- errorCode: y.code,
3609
- errorCodeName: g[y.code]
3606
+ errorMessage: b.message,
3607
+ errorMessages: b.messages,
3608
+ errorCode: b.code,
3609
+ errorCodeName: g[b.code]
3610
3610
  }));
3611
3611
  } else
3612
- return this.validateCsrfToken(i), d.logger.debug("Starting 2FA"), this.sessionManager.initiateTwoFactorPageVisit(i.user, m, i.body, i.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2") : a.send(JSON.stringify({
3612
+ return this.validateCsrfToken(i), d.logger.debug("Starting 2FA"), await this.sessionManager.initiateTwoFactorPageVisit(i.user, m, i.body, i.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2") : a.send(JSON.stringify({
3613
3613
  ok: !0,
3614
3614
  factor2Required: !0
3615
3615
  }));
@@ -4837,7 +4837,7 @@ class $e {
4837
4837
  this.prefix + "userauthorize",
4838
4838
  async (i, a) => {
4839
4839
  var p, v;
4840
- if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: i.ip, user: (p = i.user) == null ? void 0 : p.username })), !i.user) return b.sendPageError(
4840
+ if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: i.ip, user: (p = i.user) == null ? void 0 : p.username })), !i.user) return y.sendPageError(
4841
4841
  a,
4842
4842
  401,
4843
4843
  this.errorPage
@@ -4906,8 +4906,8 @@ class $e {
4906
4906
  let w, P;
4907
4907
  const T = i.headers.authorization.split(" ");
4908
4908
  if (T.length == 2 && T[0].toLocaleLowerCase() == "basic") {
4909
- const y = F.base64Decode(T[1]).split(":", 2);
4910
- y.length == 2 && (w = y[0], P = y[1]);
4909
+ const b = F.base64Decode(T[1]).split(":", 2);
4910
+ b.length == 2 && (w = b[0], P = b[1]);
4911
4911
  }
4912
4912
  w == null || P == null ? d.logger.warn(c({
4913
4913
  msg: "Ignoring malform authenization header " + i.headers.authorization
@@ -5923,11 +5923,11 @@ class we extends Oe {
5923
5923
  !0
5924
5924
  );
5925
5925
  if (P || !w) {
5926
- const y = l.fromOAuthError(
5926
+ const b = l.fromOAuthError(
5927
5927
  P ?? "server_error",
5928
5928
  T
5929
5929
  );
5930
- return await this.errorFn(this.server, a, h, y);
5930
+ return await this.errorFn(this.server, a, h, b);
5931
5931
  }
5932
5932
  return this.oauthLogFetch ? d.logger.debug(c({ msg: "OAuth redirect", url: w })) : d.logger.debug(c({
5933
5933
  msg: "OAuth redirect"
@@ -6379,8 +6379,8 @@ class we extends Oe {
6379
6379
  m.startsWith("have_") && (P = m.replace("have_", ""), w = !0);
6380
6380
  let T = P.replace("_token", ""), N = !1;
6381
6381
  if (this.jwtTokens.includes(T) && (N = a.body.decode ?? !0), P in f) {
6382
- let y = f[P];
6383
- N && (y = j(f[P])), y && (p[m] = w ? !0 : y);
6382
+ let b = f[P];
6383
+ N && (b = j(f[P])), b && (p[m] = w ? !0 : b);
6384
6384
  } else w && (p[m] = !1);
6385
6385
  }
6386
6386
  return h.header(..._).status(200).send({ ...p });
@@ -6403,13 +6403,13 @@ class we extends Oe {
6403
6403
  url: this.prefix + this.bffEndpointName + v,
6404
6404
  // was url
6405
6405
  handler: async (w, P) => {
6406
- var y, M;
6406
+ var b, M;
6407
6407
  d.logger.info(c({
6408
6408
  msg: "Page visit",
6409
6409
  method: w.method,
6410
6410
  url: w.url,
6411
6411
  ip: w.ip,
6412
- user: (y = w.user) == null ? void 0 : y.username
6412
+ user: (b = w.user) == null ? void 0 : b.username
6413
6413
  }));
6414
6414
  const T = w.url.substring(this.prefix.length + this.bffEndpointName.length);
6415
6415
  d.logger.debug(c({ msg: "Resource server URL " + T }));
@@ -7160,11 +7160,11 @@ const K = class K {
7160
7160
  "node_modules/shared-components",
7161
7161
  this.views
7162
7162
  ]
7163
- })), this.cors && this.app.register(ye, this.cors), this.app.addContentTypeParser(
7163
+ })), this.cors && this.app.register(be, this.cors), this.app.addContentTypeParser(
7164
7164
  "text/json",
7165
7165
  { parseAs: "string" },
7166
7166
  this.app.getDefaultJsonParser("ignore", "ignore")
7167
- ), this.app.register(be), this.app.register(_e, {
7167
+ ), this.app.register(ye), this.app.register(_e, {
7168
7168
  // secret: "my-secret", // for cookies signature
7169
7169
  parseOptions: {}
7170
7170
  // options for parsing cookies
@@ -7455,7 +7455,7 @@ const K = class K {
7455
7455
  }
7456
7456
  };
7457
7457
  u(K, "isAdminFn", sr);
7458
- let b = K;
7458
+ let y = K;
7459
7459
  class ur {
7460
7460
  }
7461
7461
  export {
@@ -7465,7 +7465,7 @@ export {
7465
7465
  $e as FastifyAuthorizationServer,
7466
7466
  we as FastifyOAuthClient,
7467
7467
  er as FastifyOAuthResourceServer,
7468
- b as FastifyServer,
7468
+ y as FastifyServer,
7469
7469
  ur as FastifySessionAdapter,
7470
7470
  Ke as FastifySessionServer,
7471
7471
  Ge as FastifyUserClientEndpoints,
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@crossauth/fastify",
3
3
  "private": false,
4
- "version": "1.0.0",
4
+ "version": "1.0.1",
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -56,8 +56,8 @@
56
56
  "prisma": "^5.9.1",
57
57
  "qrcode": "^1.5.3",
58
58
  "sonic-boom": "^3.7.0",
59
- "@crossauth/backend": "^1.0.0",
60
- "@crossauth/common": "^1.0.0"
59
+ "@crossauth/backend": "^1.0.1",
60
+ "@crossauth/common": "^1.0.1"
61
61
  },
62
62
  "scripts": {
63
63
  "dev": "vite",