@crossauth/fastify 1.1.9 → 1.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.cjs +1 -1
  2. package/dist/index.js +1 -1
  3. package/package.json +3 -3
package/dist/index.cjs CHANGED
@@ -19,4 +19,4 @@
19
19
  <h1>500 Error</h1>
20
20
  <p>Sorry, an unknown error has occured</p>
21
21
  </body></html>
22
- `,z={400:De,401:U,500:L};function Re(m){return m.admin==!0}const R=class R{constructor({session:r,sessionAdapter:a,apiKey:s,oAuthAuthServer:o,oAuthClient:i,oAuthClients:d,oAuthResServer:t},n={}){l(this,"views","views");l(this,"app");l(this,"sessionServer");l(this,"sessionAdapter");l(this,"oAuthAuthServer");l(this,"oAuthClient");l(this,"oAuthClients");l(this,"oAuthResServer");l(this,"cors");l(this,"audience","");c.setParameter("views",c.ParamType.String,this,n,"VIEWS"),c.setParameter("cors",c.ParamType.Json,this,n,"CORS"),n.isAdminFn&&(R.isAdminFn=n.isAdminFn),n.app?this.app=n.app:(this.views&&ae.configure(this.views,{autoescape:!0}),this.app=Pe({logger:!1}),this.app.register(ke,{engine:{nunjucks:ae},templates:["node_modules/shared-components",this.views]})),this.cors&&this.app.register(ye,this.cors),this.app.addContentTypeParser("text/json",{parseAs:"string"},this.app.getDefaultJsonParser("ignore","ignore")),this.app.register(Te),this.app.register(be,{parseOptions:{}}),this.app.decorateRequest("user",void 0),this.app.decorateRequest("csrfToken",void 0);let h={};if(n.authenticators&&(h=n.authenticators),r){if(!h)throw new e.CrossauthError(e.ErrorCode.Configuration,"If using session management, must also supply authenticators");const g=new fe(this.app,r.keyStorage,h,{...n,...r.options});this.sessionServer=g,this.sessionAdapter=this.sessionServer}else a&&(this.sessionAdapter=a);if(s){if(!n.userStorage)throw new e.CrossauthError(e.ErrorCode.Configuration,"Need a user storage to user API server");new pe(this.app,n.userStorage,s.keyStorage,{...n,...s.options})}if(o){let g={};this.sessionServer&&(g.loginUrl=this.sessionServer.prefix+"login"),this.oAuthAuthServer=new Ce(this.app,this,o.clientStorage,o.keyStorage,h,{...g,...n,...o.options})}if(i&&this.oAuthClients)throw new e.CrossauthError(e.ErrorCode.Configuration,"Do not use both oAuthClient and oAuthClients");if(i&&(this.oAuthClient=new K(this,i.authServerBaseUrl,{...n,...i.options})),d){this.oAuthClients=[];for(let g of d)this.oAuthClients.push(new K(this,g.authServerBaseUrl,{...n,...g.options}))}t&&(this.audience="",c.setParameter("audience",c.ParamType.String,this,n,"OAUTH_AUDIENCE",!0),this.oAuthResServer=new we(this.app,[new c.OAuthTokenConsumer(this.audience,n)],{sessionAdapter:this.sessionAdapter,...t.options,...n}))}validateCsrfToken(r){if(!this.sessionServer)throw new e.CrossauthError(e.ErrorCode.Configuration,"Cannot validate csrf tokens if sessions not enabled");return this.sessionServer.validateCsrfToken(r)}async errorIfCsrfInvalid(r,a,s){var o,i;try{if(!r.csrfToken)throw new e.CrossauthError(e.ErrorCode.InvalidCsrf);return{error:!1,reply:a}}catch(d){e.CrossauthLogger.logger.debug(e.j({err:d})),e.CrossauthLogger.logger.warn(e.j({msg:"Attempt to access url without csrf token",url:r.url}));try{if(s){const t=e.CrossauthError.asCrossauthError(d);return{error:!0,reply:await s(this,r,a,t)}}else if((o=this.sessionServer)!=null&&o.errorPage){const t=new e.CrossauthError(e.ErrorCode.InvalidCsrf,"CSRF Token not provided");return{error:!0,reply:a.status(401).view(((i=this.sessionServer)==null?void 0:i.errorPage)??"",{errorMessage:t.message,errorMessages:t.messages,status:t.httpStatus,errorCode:e.ErrorCode.InvalidCsrf,errorCodeName:e.ErrorCode[e.ErrorCode.InvalidCsrf]})}}}catch(t){return e.CrossauthLogger.logger.error(e.j({err:t})),{error:!0,reply:a.status(401).send(U)}}return{error:!0,reply:a.status(401).send(U)}}}async errorIfNotLoggedIn(r,a,s){var o,i,d;if(!r.user){e.CrossauthLogger.logger.warn(e.j({msg:"Attempt to access url without csrf token",url:r.url}));try{if(s){const t=new e.CrossauthError(e.ErrorCode.Unauthorized,"User is not logged in");return await s(this,r,a,t)}else if((o=this.sessionServer)!=null&&o.errorPage)return a.status(401).view(((i=this.sessionServer)==null?void 0:i.errorPage)??"",{errorMessage:"User is not logged in",status:401,code:e.ErrorCode.Unauthorized,codeName:e.ErrorCode[e.ErrorCode.Unauthorized]})}catch(t){return e.CrossauthLogger.logger.debug(e.j({err:t})),e.CrossauthLogger.logger.error(e.j({cerr:t,hashedSessionCookie:(d=this.sessionServer)==null?void 0:d.getHashOfSessionId(r)})),a.status(401).send(U)}return a.status(401).send(U)}}static sendPageError(r,a,s,o,i){if(!o||!i)return e.CrossauthLogger.logger.warn(e.j({msg:o,errorCode:e.ErrorCode.UnknownError,errorCodeName:e.ErrorCode[e.ErrorCode.UnknownError],httpStatus:a})),s?r.status(a).view(s,{status:a,errorCodeName:e.ErrorCode[e.ErrorCode.UnknownError]}):r.status(a).send(a==401?U:L);try{let d=0,t="UnknownError";if("isCrossAuthError"in i){const n=e.CrossauthError.asCrossauthError(i);d=n.code,t=n.name,o||(o=i.message)}return o||(a==401?(o="You are not authorized to access this page",d=e.ErrorCode.Unauthorized,t=e.ErrorCode[d]):a==403?(o="You do not have permission to access this page",d=e.ErrorCode.Forbidden,t=e.ErrorCode[d]):o="An unknwon error has occurred"),e.CrossauthLogger.logger.warn(e.j({msg:o,errorCode:d,errorCodeName:t,httpStatus:a})),s?r.status(a).view(s,{status:a,errorMessage:o,errorCode:d,errorCodeName:t}):r.status(a).send(a==401?U:L)}catch(d){return e.CrossauthLogger.logger.error(e.j({err:d})),r.status(a).send(a==401?U:L)}}async createAnonymousSession(r,a,s){if(!this.sessionServer)throw new e.CrossauthError(e.ErrorCode.Configuration,"Sessions not enabled");return e.CrossauthLogger.logger.debug(e.j({msg:"Creating anonymous session"})),await this.sessionServer.createAnonymousSession(r,a,s)}static isAdmin(r){return R.isAdminFn(r)}start(r=3e3,a="0.0.0.0"){this.app.listen({port:r},()=>e.CrossauthLogger.logger.info(e.j({msg:"Starting fastify server",port:r,hostname:a})))}getHashOfSessionId(r){if(!r.sessionId)return"";try{return c.Crypto.hash(r.sessionId)}catch{}return""}};l(R,"isAdminFn",Re);let v=R;class ze{}exports.FastifyAdminClientEndpoints=le;exports.FastifyAdminEndpoints=ge;exports.FastifyApiKeyServer=pe;exports.FastifyAuthorizationServer=Ce;exports.FastifyOAuthClient=K;exports.FastifyOAuthResourceServer=we;exports.FastifyServer=v;exports.FastifySessionAdapter=ze;exports.FastifySessionServer=fe;exports.FastifyUserClientEndpoints=ue;exports.FastifyUserEndpoints=he;
22
+ `,z={400:De,401:U,500:L};function Re(m){return m.admin==!0}const R=class R{constructor({session:r,sessionAdapter:a,apiKey:s,oAuthAuthServer:o,oAuthClient:i,oAuthClients:d,oAuthResServer:t},n={}){l(this,"views","views");l(this,"app");l(this,"sessionServer");l(this,"sessionAdapter");l(this,"oAuthAuthServer");l(this,"oAuthClient");l(this,"oAuthClients");l(this,"oAuthResServer");l(this,"cors");l(this,"audience","");c.setParameter("views",c.ParamType.String,this,n,"VIEWS"),c.setParameter("cors",c.ParamType.Json,this,n,"CORS"),n.isAdminFn&&(R.isAdminFn=n.isAdminFn),n.app?this.app=n.app:(this.views&&ae.configure(this.views,{autoescape:!0}),this.app=Pe({logger:!1}),this.app.register(ke,{engine:{nunjucks:ae},templates:["node_modules/shared-components",this.views]})),this.cors&&this.app.register(ye,this.cors),this.app.addContentTypeParser("text/json",{parseAs:"string"},this.app.getDefaultJsonParser("ignore","ignore")),this.app.register(Te),this.app.register(be,{parseOptions:{}}),this.app.decorateRequest("user",void 0),this.app.decorateRequest("csrfToken",void 0);let h={};if(n.authenticators&&(h=n.authenticators),r){if(!h)throw new e.CrossauthError(e.ErrorCode.Configuration,"If using session management, must also supply authenticators");const g=new fe(this.app,r.keyStorage,h,{...n,...r.options});this.sessionServer=g,this.sessionAdapter=this.sessionServer}else a&&(this.sessionAdapter=a);if(s){if(!n.userStorage)throw new e.CrossauthError(e.ErrorCode.Configuration,"Need a user storage to user API server");new pe(this.app,n.userStorage,s.keyStorage,{...n,...s.options})}if(o){let g={};this.sessionServer&&(g.loginUrl=this.sessionServer.prefix+"login"),this.oAuthAuthServer=new Ce(this.app,this,o.clientStorage,o.keyStorage,h,{...g,...n,...o.options})}if(i&&this.oAuthClients)throw new e.CrossauthError(e.ErrorCode.Configuration,"Do not use both oAuthClient and oAuthClients");if(i&&(this.oAuthClient=new K(this,i.authServerBaseUrl,{...n,...i.options})),d){this.oAuthClients=[];for(let g of d)this.oAuthClients.push(new K(this,g.authServerBaseUrl,{...n,...g.options}))}t&&(this.audience="",c.setParameter("audience",c.ParamType.String,this,n,"OAUTH_AUDIENCE",!0),this.oAuthResServer=new we(this.app,[new c.OAuthTokenConsumer(this.audience,n)],{sessionAdapter:this.sessionAdapter,...t.options,...n}))}validateCsrfToken(r){if(!this.sessionServer)throw new e.CrossauthError(e.ErrorCode.Configuration,"Cannot validate csrf tokens if sessions not enabled");return this.sessionServer.validateCsrfToken(r)}async errorIfCsrfInvalid(r,a,s){var o,i;try{if(!r.csrfToken)throw new e.CrossauthError(e.ErrorCode.InvalidCsrf);return{error:!1,reply:a}}catch(d){e.CrossauthLogger.logger.debug(e.j({err:d})),e.CrossauthLogger.logger.warn(e.j({msg:"Attempt to access url without csrf token",url:r.url}));try{if(s){const t=e.CrossauthError.asCrossauthError(d);return{error:!0,reply:await s(this,r,a,t)}}else if((o=this.sessionServer)!=null&&o.errorPage){const t=new e.CrossauthError(e.ErrorCode.InvalidCsrf,"CSRF Token not provided");return{error:!0,reply:a.status(401).view(((i=this.sessionServer)==null?void 0:i.errorPage)??"",{errorMessage:t.message,errorMessages:t.messages,status:t.httpStatus,errorCode:e.ErrorCode.InvalidCsrf,errorCodeName:e.ErrorCode[e.ErrorCode.InvalidCsrf]})}}}catch(t){return e.CrossauthLogger.logger.error(e.j({err:t})),{error:!0,reply:a.status(401).send(U)}}return{error:!0,reply:a.status(401).send(U)}}}async errorIfNotLoggedIn(r,a,s){var o,i,d;if(!r.user){e.CrossauthLogger.logger.warn(e.j({msg:"Attempt to access url without csrf token",url:r.url}));try{if(s){const t=new e.CrossauthError(e.ErrorCode.Unauthorized,"User is not logged in");return await s(this,r,a,t)}else if((o=this.sessionServer)!=null&&o.errorPage)return a.status(401).view(((i=this.sessionServer)==null?void 0:i.errorPage)??"",{errorMessage:"User is not logged in",status:401,code:e.ErrorCode.Unauthorized,codeName:e.ErrorCode[e.ErrorCode.Unauthorized]})}catch(t){return e.CrossauthLogger.logger.debug(e.j({err:t})),e.CrossauthLogger.logger.error(e.j({cerr:t,hashedSessionCookie:(d=this.sessionServer)==null?void 0:d.getHashOfSessionId(r)})),a.status(401).send(U)}return a.status(401).send(U)}}static sendPageError(r,a,s,o,i){if(!o||!i)return e.CrossauthLogger.logger.warn(e.j({msg:o,errorCode:e.ErrorCode.UnknownError,errorCodeName:e.ErrorCode[e.ErrorCode.UnknownError],httpStatus:a})),s?r.status(a).view(s,{status:a,errorCodeName:e.ErrorCode[e.ErrorCode.UnknownError]}):r.status(a).send(a==401?U:L);try{let d=0,t="UnknownError";if("isCrossAuthError"in i){const n=e.CrossauthError.asCrossauthError(i);d=n.code,t=n.name,o||(o=i.message)}return o||(a==401?(o="You are not authorized to access this page",d=e.ErrorCode.Unauthorized,t=e.ErrorCode[d]):a==403?(o="You do not have permission to access this page",d=e.ErrorCode.Forbidden,t=e.ErrorCode[d]):o="An unknwon error has occurred"),e.CrossauthLogger.logger.warn(e.j({msg:o,errorCode:d,errorCodeName:t,httpStatus:a})),s?r.status(a).view(s,{status:a,errorMessage:o,errorCode:d,errorCodeName:t}):r.status(a).send(a==401?U:L)}catch(d){return e.CrossauthLogger.logger.error(e.j({err:d})),r.status(a).send(a==401?U:L)}}async createAnonymousSession(r,a,s){if(!this.sessionServer)throw new e.CrossauthError(e.ErrorCode.Configuration,"Sessions not enabled");return e.CrossauthLogger.logger.debug(e.j({msg:"Creating anonymous session"})),await this.sessionServer.createAnonymousSession(r,a,s)}static isAdmin(r){return R.isAdminFn(r)}start(r=3e3,a="0.0.0.0"){this.app.listen({port:r,host:a},()=>e.CrossauthLogger.logger.info(e.j({msg:"Starting fastify server",port:r,hostname:a})))}getHashOfSessionId(r){if(!r.sessionId)return"";try{return c.Crypto.hash(r.sessionId)}catch{}return""}};l(R,"isAdminFn",Re);let v=R;class ze{}exports.FastifyAdminClientEndpoints=le;exports.FastifyAdminEndpoints=ge;exports.FastifyApiKeyServer=pe;exports.FastifyAuthorizationServer=Ce;exports.FastifyOAuthClient=K;exports.FastifyOAuthResourceServer=we;exports.FastifyServer=v;exports.FastifySessionAdapter=ze;exports.FastifySessionServer=fe;exports.FastifyUserClientEndpoints=ue;exports.FastifyUserEndpoints=he;
package/dist/index.js CHANGED
@@ -7457,7 +7457,7 @@ const J = class J {
7457
7457
  */
7458
7458
  start(e = 3e3, o = "0.0.0.0") {
7459
7459
  this.app.listen(
7460
- { port: e },
7460
+ { port: e, host: o },
7461
7461
  () => d.logger.info(c({
7462
7462
  msg: "Starting fastify server",
7463
7463
  port: e,
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@crossauth/fastify",
3
3
  "private": false,
4
- "version": "1.1.9",
4
+ "version": "1.1.10",
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -54,8 +54,8 @@
54
54
  "otplib": "^12.0.1",
55
55
  "qrcode": "^1.5.3",
56
56
  "sonic-boom": "^3.7.0",
57
- "@crossauth/backend": "^1.1.9",
58
- "@crossauth/common": "^1.1.9"
57
+ "@crossauth/backend": "^1.1.10",
58
+ "@crossauth/common": "^1.1.10"
59
59
  },
60
60
  "scripts": {
61
61
  "dev": "vite",