@crossauth/sveltekit 0.0.10 → 0.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1 -1
- package/dist/index.js +102 -95
- package/dist/sveltekitsession.d.ts +17 -1
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { minimatch as P } from "minimatch";
|
|
2
|
-
import { ApiKeyManager as q, KeyStorage as
|
|
3
|
-
import { CrossauthError as n, ErrorCode as h, CrossauthLogger as d, j as u, OAuthFlows as
|
|
2
|
+
import { ApiKeyManager as q, KeyStorage as X, toCookieSerializeOptions as I, Crypto as A, OAuthAuthorizationServer as Z, setParameter as y, ParamType as E, DoubleSubmitCsrfToken as ee, OAuthClientManager as B, OAuthClientBackend as re, OAuthResourceServer as se, OAuthTokenConsumer as te, TokenEmailer as oe, SessionManager as ie } from "@crossauth/backend";
|
|
3
|
+
import { CrossauthError as n, ErrorCode as h, CrossauthLogger as d, j as u, OAuthFlows as _, UserState as R, httpStatus as K } from "@crossauth/common";
|
|
4
4
|
import { json as v, redirect as G, error as Q } from "@sveltejs/kit";
|
|
5
5
|
import "cookie";
|
|
6
6
|
import { jwtDecode as z } from "jwt-decode";
|
|
@@ -100,7 +100,7 @@ class ne {
|
|
|
100
100
|
msg: "Valid API key",
|
|
101
101
|
hahedApiKey: q.hashSignedApiKeyValue(a.value)
|
|
102
102
|
}));
|
|
103
|
-
const i =
|
|
103
|
+
const i = X.decodeData(a.data);
|
|
104
104
|
if (e.locals.apiKey = { ...a, ...i }, "scope" in i && Array.isArray(i.scope)) {
|
|
105
105
|
let c = [];
|
|
106
106
|
for (let l of i.scope)
|
|
@@ -190,7 +190,7 @@ class ce {
|
|
|
190
190
|
}, this.authorizeEndpoint = {
|
|
191
191
|
load: async (i) => {
|
|
192
192
|
var p, S;
|
|
193
|
-
if (!(this.authServer.validFlows.includes(
|
|
193
|
+
if (!(this.authServer.validFlows.includes(_.AuthorizationCode) || this.authServer.validFlows.includes(_.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(_.OidcAuthorizationCode)))
|
|
194
194
|
throw this.error(401, "authorize cannot be called because the authorization code flows are not supported");
|
|
195
195
|
if (!i.locals.user) return this.redirect(
|
|
196
196
|
302,
|
|
@@ -270,8 +270,8 @@ class ce {
|
|
|
270
270
|
...this.baseEndpoint
|
|
271
271
|
};
|
|
272
272
|
} catch (C) {
|
|
273
|
-
const
|
|
274
|
-
return d.logger.debug(u({ err:
|
|
273
|
+
const T = C;
|
|
274
|
+
return d.logger.debug(u({ err: T })), {
|
|
275
275
|
ok: !1,
|
|
276
276
|
error: "unauthorized_client",
|
|
277
277
|
error_description: "Not a valid client"
|
|
@@ -287,13 +287,13 @@ class ce {
|
|
|
287
287
|
try {
|
|
288
288
|
var l = new b();
|
|
289
289
|
await l.loadData(i), c = l.toObject();
|
|
290
|
-
const g = l.getAsBoolean("authorized"), m = c.response_type, p = c.client_id, S = c.redirect_uri, C = c.scope,
|
|
291
|
-
let
|
|
292
|
-
if (g == null && (
|
|
290
|
+
const g = l.getAsBoolean("authorized"), m = c.response_type, p = c.client_id, S = c.redirect_uri, C = c.scope, T = c.state, N = c.code_challenge, U = c.code_challenge_method;
|
|
291
|
+
let F;
|
|
292
|
+
if (g == null && (F = "authorized"), m ? p ? S ? T || (F = "state") : F = "redirect_uri" : F = "client_id" : F = "response_type", F)
|
|
293
293
|
return {
|
|
294
294
|
ok: !1,
|
|
295
295
|
error: "invalid_request",
|
|
296
|
-
error_description: "Invalid form: does not contain " +
|
|
296
|
+
error_description: "Invalid form: does not contain " + F + " parameter"
|
|
297
297
|
};
|
|
298
298
|
if (!i.locals.user) return this.redirect(
|
|
299
299
|
302,
|
|
@@ -305,9 +305,9 @@ class ce {
|
|
|
305
305
|
client_id: p,
|
|
306
306
|
redirect_uri: S,
|
|
307
307
|
scope: C,
|
|
308
|
-
state:
|
|
308
|
+
state: T,
|
|
309
309
|
codeChallenge: N,
|
|
310
|
-
codeChallengeMethod:
|
|
310
|
+
codeChallengeMethod: U
|
|
311
311
|
});
|
|
312
312
|
return {
|
|
313
313
|
ok: !1,
|
|
@@ -330,7 +330,7 @@ class ce {
|
|
|
330
330
|
post: async (i) => {
|
|
331
331
|
let c;
|
|
332
332
|
try {
|
|
333
|
-
if (!(this.authServer.validFlows.includes(
|
|
333
|
+
if (!(this.authServer.validFlows.includes(_.AuthorizationCode) || this.authServer.validFlows.includes(_.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(_.OidcAuthorizationCode) || this.authServer.validFlows.includes(_.ClientCredentials) || this.authServer.validFlows.includes(_.RefreshToken) || this.authServer.validFlows.includes(_.Password) || this.authServer.validFlows.includes(_.PasswordMfa || this.authServer.validFlows.includes(_.DeviceCode))))
|
|
334
334
|
return v({
|
|
335
335
|
ok: !1,
|
|
336
336
|
error: "invalid_request",
|
|
@@ -342,15 +342,15 @@ class ce {
|
|
|
342
342
|
let m = c.refresh_token, p = i.cookies.get(this.refreshTokenCookieName);
|
|
343
343
|
if ((this.refreshTokenType == "cookie" && p || this.refreshTokenType == "both" && p && m == null) && this.csrfTokens) {
|
|
344
344
|
const C = i.cookies.get(this.csrfTokens.cookieName);
|
|
345
|
-
let
|
|
346
|
-
if (Array.isArray(
|
|
345
|
+
let T = i.request.headers.get(this.csrfTokens.headerName.toLowerCase());
|
|
346
|
+
if (Array.isArray(T) && (T = T[0]), !C || !T)
|
|
347
347
|
return v({
|
|
348
348
|
ok: !1,
|
|
349
349
|
error: "access_denied",
|
|
350
350
|
error_description: "Invalid csrf token"
|
|
351
351
|
}, { status: 401 });
|
|
352
352
|
try {
|
|
353
|
-
this.csrfTokens.validateDoubleSubmitCsrfToken(C,
|
|
353
|
+
this.csrfTokens.validateDoubleSubmitCsrfToken(C, T);
|
|
354
354
|
} catch (N) {
|
|
355
355
|
return d.logger.debug(u({ err: N })), d.logger.warn(u({ cerr: N, msg: "Invalid csrf token", client_id: c.client_id })), v({
|
|
356
356
|
ok: !1,
|
|
@@ -379,9 +379,9 @@ class ce {
|
|
|
379
379
|
if (S.refresh_token && this.refreshTokenType != "json" && this.setRefreshTokenCookie(i, S.refresh_token, S.expires_in), S.error == "authorization_pending")
|
|
380
380
|
return v(S);
|
|
381
381
|
if (S.error || !S.access_token) {
|
|
382
|
-
let C = "server_error",
|
|
383
|
-
S.error && (C = S.error), S.error_description && (
|
|
384
|
-
const N = n.fromOAuthError(C,
|
|
382
|
+
let C = "server_error", T = "Neither code nor error received when requestoing authorization";
|
|
383
|
+
S.error && (C = S.error), S.error_description && (T = S.error_description);
|
|
384
|
+
const N = n.fromOAuthError(C, T);
|
|
385
385
|
return d.logger.error(u({ cerr: N })), v(S, { status: N.httpStatus });
|
|
386
386
|
}
|
|
387
387
|
return v(S);
|
|
@@ -440,7 +440,7 @@ class ce {
|
|
|
440
440
|
post: async (i) => {
|
|
441
441
|
let c;
|
|
442
442
|
try {
|
|
443
|
-
if (!this.authServer.validFlows.includes(
|
|
443
|
+
if (!this.authServer.validFlows.includes(_.DeviceCode))
|
|
444
444
|
return v({
|
|
445
445
|
ok: !1,
|
|
446
446
|
error: "invalid_request",
|
|
@@ -476,7 +476,7 @@ class ce {
|
|
|
476
476
|
}
|
|
477
477
|
}, this.deviceEndpoint = {
|
|
478
478
|
load: async (i) => {
|
|
479
|
-
if (!this.authServer.validFlows.includes(
|
|
479
|
+
if (!this.authServer.validFlows.includes(_.DeviceCode))
|
|
480
480
|
throw this.error(401, "device cannot be called because the device code flow is not supported");
|
|
481
481
|
if (!i.locals.user) return this.redirect(
|
|
482
482
|
302,
|
|
@@ -559,12 +559,12 @@ class ce {
|
|
|
559
559
|
}
|
|
560
560
|
}
|
|
561
561
|
}
|
|
562
|
-
}, this.svelteKitServer = s, this.clientStorage = o, r.redirect && (this.redirect = r.redirect), r.error && (this.error = r.error), this.authServer = new
|
|
562
|
+
}, this.svelteKitServer = s, this.clientStorage = o, r.redirect && (this.redirect = r.redirect), r.error && (this.error = r.error), this.authServer = new Z(
|
|
563
563
|
this.clientStorage,
|
|
564
564
|
t,
|
|
565
565
|
e,
|
|
566
566
|
r
|
|
567
|
-
), y("loginUrl",
|
|
567
|
+
), y("loginUrl", E.String, this, r, "LOGIN_URL"), y("refreshTokenType", E.String, this, r, "OAUTH_REFRESH_TOKEN_TYPE"), y("refreshTokenCookieName", E.String, this, r, "OAUTH_REFRESH_TOKEN_COOKIE_NAME"), y("refreshTokenCookieDomain", E.String, this, r, "OAUTH_REFRESH_TOKEN_COOKIE_DOMAIN"), y("refreshTokenCookieHttpOnly", E.Boolean, this, r, "OAUTH_REFRESH_TOKEN_COOKIE_HTTPONLY"), y("refreshTokenCookiePath", E.String, this, r, "OAUTH_REFRESH_TOKEN_COOKIE_PATH"), y("refreshTokenCookieSecure", E.Boolean, this, r, "OAUTH_REFRESH_TOKEN_COOKIE_SECURE"), y("refreshTokenCookieSameSite", E.String, this, r, "OAUTH_REFRESH_TOKEN_COOKIE_SAMESITE"), y("authorizeEndpointUrl", E.String, this, r, "OAUTH_AUTHORIZE_ENDPOINT"), y("tokenEndpointUrl", E.String, this, r, "OAUTH_TOKEN_ENDPOINT"), y("jwksEndpointUrl", E.String, this, r, "OAUTH_JWKS_ENDPOINT"), this.refreshTokenType != "json" && (((a = this.svelteKitServer.sessionServer) == null ? void 0 : a.enableCsrfProtection) == !0 ? this.csrfTokens = this.svelteKitServer.sessionServer.sessionManager.csrfTokens : this.csrfTokens = new ee(r.doubleSubmitCookieOptions));
|
|
568
568
|
}
|
|
569
569
|
/**
|
|
570
570
|
* Returns this server's OIDC configuration. Just wraps
|
|
@@ -1025,14 +1025,14 @@ class J extends re {
|
|
|
1025
1025
|
* @param options See {@link FastifyOAuthClientOptions}
|
|
1026
1026
|
*/
|
|
1027
1027
|
constructor(s, o, t) {
|
|
1028
|
-
if (super(o, t), this.sessionDataName = "oauth", this.receiveTokenFn = x, this.errorFn = W, this.loginUrl = "/login", this.validFlows = [
|
|
1028
|
+
if (super(o, t), this.sessionDataName = "oauth", this.receiveTokenFn = x, this.errorFn = W, this.loginUrl = "/login", this.validFlows = [_.All], this.authorizedUrl = "", this.autoRefreshActive = {}, this.loginProtectedFlows = [], this.tokenResponseType = "sendJson", this.errorResponseType = "sendJson", this.bffEndpoints = [], this.bffEndpointName = "bff", this.tokenEndpoints = [], this.bffMaxTries = 1, this.bffSleepMilliseconds = 500, this.authorizationCodeFlowEndpoint = {
|
|
1029
1029
|
get: async (e) => {
|
|
1030
1030
|
if (this.tokenResponseType == "saveInSessionAndLoad" || this.tokenResponseType == "sendInPage") {
|
|
1031
1031
|
const r = new n(h.Configuration, "If tokenResponseType is " + this.tokenResponseType + ", use load not get");
|
|
1032
1032
|
return this.errorFn(this.server, e, r);
|
|
1033
1033
|
}
|
|
1034
1034
|
try {
|
|
1035
|
-
if (!this.validFlows.includes(
|
|
1035
|
+
if (!this.validFlows.includes(_.AuthorizationCode)) {
|
|
1036
1036
|
const l = new n(h.Unauthorized, "Authorization flow is not supported");
|
|
1037
1037
|
return this.errorFn(this.server, e, l);
|
|
1038
1038
|
}
|
|
@@ -1069,7 +1069,7 @@ class J extends re {
|
|
|
1069
1069
|
};
|
|
1070
1070
|
}
|
|
1071
1071
|
try {
|
|
1072
|
-
if (!this.validFlows.includes(
|
|
1072
|
+
if (!this.validFlows.includes(_.AuthorizationCode)) {
|
|
1073
1073
|
const l = new n(h.Unauthorized, "Authorization flow is not supported");
|
|
1074
1074
|
return {
|
|
1075
1075
|
ok: !1,
|
|
@@ -1112,7 +1112,7 @@ class J extends re {
|
|
|
1112
1112
|
return this.errorFn(this.server, e, r);
|
|
1113
1113
|
}
|
|
1114
1114
|
try {
|
|
1115
|
-
if (!this.validFlows.includes(
|
|
1115
|
+
if (!this.validFlows.includes(_.AuthorizationCodeWithPKCE)) {
|
|
1116
1116
|
const l = new n(h.Unauthorized, "Authorization flow is not supported");
|
|
1117
1117
|
return this.errorFn(this.server, e, l);
|
|
1118
1118
|
}
|
|
@@ -1152,7 +1152,7 @@ class J extends re {
|
|
|
1152
1152
|
};
|
|
1153
1153
|
}
|
|
1154
1154
|
try {
|
|
1155
|
-
if (!this.validFlows.includes(
|
|
1155
|
+
if (!this.validFlows.includes(_.AuthorizationCodeWithPKCE)) {
|
|
1156
1156
|
const l = new n(h.Unauthorized, "Authorization flow is not supported");
|
|
1157
1157
|
return {
|
|
1158
1158
|
ok: !1,
|
|
@@ -1195,7 +1195,7 @@ class J extends re {
|
|
|
1195
1195
|
return this.errorFn(this.server, e, r);
|
|
1196
1196
|
}
|
|
1197
1197
|
try {
|
|
1198
|
-
if (!(this.validFlows.includes(
|
|
1198
|
+
if (!(this.validFlows.includes(_.AuthorizationCode) || this.validFlows.includes(_.AuthorizationCodeWithPKCE) || this.validFlows.includes(_.OidcAuthorizationCode))) {
|
|
1199
1199
|
const f = new n(h.Unauthorized, "Authorization flows are not supported");
|
|
1200
1200
|
return this.errorFn(this.server, e, f);
|
|
1201
1201
|
}
|
|
@@ -1237,7 +1237,7 @@ class J extends re {
|
|
|
1237
1237
|
};
|
|
1238
1238
|
}
|
|
1239
1239
|
try {
|
|
1240
|
-
if (!(this.validFlows.includes(
|
|
1240
|
+
if (!(this.validFlows.includes(_.AuthorizationCode) || this.validFlows.includes(_.AuthorizationCodeWithPKCE) || this.validFlows.includes(_.OidcAuthorizationCode))) {
|
|
1241
1241
|
const g = new n(h.Unauthorized, "Authorization flows are not supported");
|
|
1242
1242
|
return {
|
|
1243
1243
|
ok: !1,
|
|
@@ -1301,7 +1301,7 @@ class J extends re {
|
|
|
1301
1301
|
}
|
|
1302
1302
|
let r;
|
|
1303
1303
|
try {
|
|
1304
|
-
if (!this.validFlows.includes(
|
|
1304
|
+
if (!this.validFlows.includes(_.ClientCredentials)) {
|
|
1305
1305
|
const l = new n(h.Unauthorized, "Client credentials flow is not supported");
|
|
1306
1306
|
return this.errorFn(this.server, e, l);
|
|
1307
1307
|
}
|
|
@@ -1336,7 +1336,7 @@ class J extends re {
|
|
|
1336
1336
|
throw new n(h.Configuration, "If tokenResponseType is " + this.tokenResponseType + ", use post not load");
|
|
1337
1337
|
let r;
|
|
1338
1338
|
try {
|
|
1339
|
-
if (!this.validFlows.includes(
|
|
1339
|
+
if (!this.validFlows.includes(_.ClientCredentials))
|
|
1340
1340
|
throw new n(h.Unauthorized, "Client credentials flow is not supported");
|
|
1341
1341
|
var a = new b();
|
|
1342
1342
|
await a.loadData(e), r = a.toObject();
|
|
@@ -1366,7 +1366,7 @@ class J extends re {
|
|
|
1366
1366
|
}
|
|
1367
1367
|
let r;
|
|
1368
1368
|
try {
|
|
1369
|
-
if (!this.validFlows.includes(
|
|
1369
|
+
if (!this.validFlows.includes(_.RefreshToken)) {
|
|
1370
1370
|
const f = new n(h.Unauthorized, "Refresh token flow is not supported");
|
|
1371
1371
|
return this.errorFn(this.server, e, f);
|
|
1372
1372
|
}
|
|
@@ -1417,7 +1417,7 @@ class J extends re {
|
|
|
1417
1417
|
throw new n(h.Configuration, "If tokenResponseType is " + this.tokenResponseType + ", use post not load");
|
|
1418
1418
|
let r;
|
|
1419
1419
|
try {
|
|
1420
|
-
if (!this.validFlows.includes(
|
|
1420
|
+
if (!this.validFlows.includes(_.RefreshToken)) {
|
|
1421
1421
|
const f = new n(h.Unauthorized, "Refresh token flow is not supported");
|
|
1422
1422
|
return this.errorFn(this.server, e, f);
|
|
1423
1423
|
}
|
|
@@ -1638,9 +1638,9 @@ class J extends re {
|
|
|
1638
1638
|
actions: {
|
|
1639
1639
|
default: async (e) => await this.tokens(e, this.tokenEndpoints)
|
|
1640
1640
|
}
|
|
1641
|
-
}, this.server = s, y("sessionDataName",
|
|
1642
|
-
this.validFlows =
|
|
1643
|
-
else if (!
|
|
1641
|
+
}, this.server = s, y("sessionDataName", E.String, this, t, "OAUTH_SESSION_DATA_NAME"), y("tokenResponseType", E.String, this, t, "OAUTH_TOKEN_RESPONSE_TYPE"), y("errorResponseType", E.String, this, t, "OAUTH_ERROR_RESPONSE_TYPE"), y("loginUrl", E.String, this, t, "LOGIN_URL"), y("bffEndpointName", E.String, this, t, "OAUTH_BFF_ENDPOINT_NAME"), y("bffBaseUrl", E.String, this, t, "OAUTH_BFF_BASEURL"), y("redirect_uri", E.String, this, t, "OAUTH_REDIRECTURI", !0), y("authorizedUrl", E.String, this, t, "AUTHORIZED_URL", !1), y("validFlows", E.JsonArray, this, t, "OAUTH_validFlows"), y("bffMaxTries", E.Number, this, t, "OAUTH_BFF_MAX_RETRIES"), y("bffSleepMilliseconds", E.Number, this, t, "OAUTH_BFF_SLEEP_MILLISECONDS"), this.bffEndpointName && !this.bffEndpointName.startsWith("/") && (this.bffEndpointName = "/" + this.bffEndpointName), this.bffEndpointName && this.bffEndpointName.endsWith("/") && (this.bffEndpointName = this.bffEndpointName.substring(0, this.bffEndpointName.length - 1)), this.bffBaseUrl && this.bffBaseUrl.endsWith("/") && (this.bffBaseUrl = this.bffBaseUrl.substring(0, this.bffBaseUrl.length - 1)), t.redirect && (this.redirect = t.redirect), t.error && (this.error = t.error), this.validFlows.length == 1 && this.validFlows[0] == _.All)
|
|
1642
|
+
this.validFlows = _.allFlows();
|
|
1643
|
+
else if (!_.areAllValidFlows(this.validFlows))
|
|
1644
1644
|
throw new n(h.Configuration, "Invalid flows specificied in " + this.validFlows.join(","));
|
|
1645
1645
|
try {
|
|
1646
1646
|
new URL(this.redirect_uri ?? "");
|
|
@@ -1650,9 +1650,9 @@ class J extends re {
|
|
|
1650
1650
|
if (t.tokenEndpoints && (this.tokenEndpoints = t.tokenEndpoints), this.bffEndpointName.endsWith("/") && (this.bffEndpointName = this.bffEndpointName.substring(0, this.bffEndpointName.length - 1)), t.bffEndpoints && (this.bffEndpoints = t.bffEndpoints.map((e) => ({ ...e, methodsString: e.methods.map((r) => r) }))), this.bffEndpoints)
|
|
1651
1651
|
for (let e of this.bffEndpoints)
|
|
1652
1652
|
e.url.startsWith("/") || (e.url = "/" + e.url);
|
|
1653
|
-
if (this.loginProtectedFlows.length == 1 && this.loginProtectedFlows[0] ==
|
|
1653
|
+
if (this.loginProtectedFlows.length == 1 && this.loginProtectedFlows[0] == _.All)
|
|
1654
1654
|
this.loginProtectedFlows = this.validFlows;
|
|
1655
|
-
else if (!
|
|
1655
|
+
else if (!_.areAllValidFlows(this.loginProtectedFlows))
|
|
1656
1656
|
throw new n(
|
|
1657
1657
|
h.Configuration,
|
|
1658
1658
|
"Invalid flows specificied in " + this.loginProtectedFlows.join(",")
|
|
@@ -1687,7 +1687,7 @@ class J extends re {
|
|
|
1687
1687
|
o.password,
|
|
1688
1688
|
o.scope
|
|
1689
1689
|
);
|
|
1690
|
-
if (e.error == "mfa_required" && e.mfa_token && this.validFlows.includes(
|
|
1690
|
+
if (e.error == "mfa_required" && e.mfa_token && this.validFlows.includes(_.PasswordMfa)) {
|
|
1691
1691
|
const r = e.mfa_token;
|
|
1692
1692
|
let a = o.scope;
|
|
1693
1693
|
if (a == "" && (a = void 0), e = await this.passwordMfa(
|
|
@@ -1944,7 +1944,7 @@ class J extends re {
|
|
|
1944
1944
|
}
|
|
1945
1945
|
let t;
|
|
1946
1946
|
try {
|
|
1947
|
-
if (!(this.validFlows.includes(
|
|
1947
|
+
if (!(this.validFlows.includes(_.Password) || this.validFlows.includes(_.PasswordMfa))) {
|
|
1948
1948
|
const i = new n(h.Unauthorized, "Password flow is not supported");
|
|
1949
1949
|
return this.errorFn(this.server, s, i);
|
|
1950
1950
|
}
|
|
@@ -1981,7 +1981,7 @@ class J extends re {
|
|
|
1981
1981
|
throw new n(h.Configuration, "If tokenResponseType is " + this.tokenResponseType + ", use post not load");
|
|
1982
1982
|
let t;
|
|
1983
1983
|
try {
|
|
1984
|
-
if (!(this.validFlows.includes(
|
|
1984
|
+
if (!(this.validFlows.includes(_.Password) || this.validFlows.includes(_.PasswordMfa))) {
|
|
1985
1985
|
const i = new n(h.Unauthorized, "Password and Password MFA flows are not supported");
|
|
1986
1986
|
return this.errorFn(this.server, s, i);
|
|
1987
1987
|
}
|
|
@@ -2001,7 +2001,7 @@ class J extends re {
|
|
|
2001
2001
|
...r
|
|
2002
2002
|
};
|
|
2003
2003
|
if (r.challenge_type) {
|
|
2004
|
-
if (!this.validFlows.includes(
|
|
2004
|
+
if (!this.validFlows.includes(_.PasswordMfa)) {
|
|
2005
2005
|
const i = new n(h.Unauthorized, "Password MFA flow is not supported");
|
|
2006
2006
|
return this.errorFn(this.server, s, i);
|
|
2007
2007
|
}
|
|
@@ -2210,7 +2210,7 @@ class J extends re {
|
|
|
2210
2210
|
async startDeviceCodeFlow_internal(s) {
|
|
2211
2211
|
let o;
|
|
2212
2212
|
try {
|
|
2213
|
-
if (!this.validFlows.includes(
|
|
2213
|
+
if (!this.validFlows.includes(_.DeviceCode))
|
|
2214
2214
|
throw new n(h.Unauthorized, "Device code flow is not supported");
|
|
2215
2215
|
var t = new b();
|
|
2216
2216
|
if (await t.loadData(s), o = t.toObject(), this.server.sessionAdapter && this.server.sessionAdapter.csrfProtectionEnabled())
|
|
@@ -2243,7 +2243,7 @@ class J extends re {
|
|
|
2243
2243
|
async pollDeviceCodeFlow_internal(s) {
|
|
2244
2244
|
let o;
|
|
2245
2245
|
try {
|
|
2246
|
-
if (!this.validFlows.includes(
|
|
2246
|
+
if (!this.validFlows.includes(_.DeviceCode))
|
|
2247
2247
|
throw new n(h.Unauthorized, "Device code flow is not supported");
|
|
2248
2248
|
var t = new b();
|
|
2249
2249
|
if (await t.loadData(s), o = t.toObject(), this.server.sessionAdapter && this.server.sessionAdapter.csrfProtectionEnabled())
|
|
@@ -2294,7 +2294,7 @@ class fe extends se {
|
|
|
2294
2294
|
* @param options See {@link SvelteKitOAuthResourceServerOptions}
|
|
2295
2295
|
*/
|
|
2296
2296
|
constructor(s, o = {}) {
|
|
2297
|
-
if (super(s, o), this.errorBody = {}, this.protectedEndpoints = {}, y("errorBody",
|
|
2297
|
+
if (super(s, o), this.errorBody = {}, this.protectedEndpoints = {}, y("errorBody", E.Json, this, o, "OAUTH_RESSERVER_ACCESS_DENIED_BODY"), this.userStorage = o.userStorage, o.protectedEndpoints) {
|
|
2298
2298
|
const t = /^[!#\$%&'\(\)\*\+,\.\/a-zA-Z\[\]\^_`-]+/;
|
|
2299
2299
|
for (const [e, r] of Object.entries(o.protectedEndpoints)) {
|
|
2300
2300
|
if (!e.startsWith("/"))
|
|
@@ -2478,7 +2478,7 @@ const O = class O {
|
|
|
2478
2478
|
oAuthResServer: i,
|
|
2479
2479
|
options: c
|
|
2480
2480
|
}) {
|
|
2481
|
-
this.loginUrl = "/login", this.dummyLoad = async (f) => ({}), this.dummyActions = {}, this.dummyBff = async (f) => ({ status: 500, body: { error: "Unimplemented" } }), c || (c = {}), y("loginUrl",
|
|
2481
|
+
this.loginUrl = "/login", this.dummyLoad = async (f) => ({}), this.dummyActions = {}, this.dummyBff = async (f) => ({ status: 500, body: { error: "Unimplemented" } }), c || (c = {}), y("loginUrl", E.String, this, c, "LOGIN_URL", !1), c.isAdminFn && (O.isAdminFn = c.isAdminFn);
|
|
2482
2482
|
let l = {};
|
|
2483
2483
|
if (c.authenticators && (l = c.authenticators), this.userStorage = c.userStorage, s) {
|
|
2484
2484
|
if (!l)
|
|
@@ -2754,7 +2754,7 @@ class pe {
|
|
|
2754
2754
|
...e
|
|
2755
2755
|
};
|
|
2756
2756
|
}
|
|
2757
|
-
}, this.sessionServer = s, y("changePasswordUrl",
|
|
2757
|
+
}, this.sessionServer = s, y("changePasswordUrl", E.String, this, o, "CHANGE_PASSWORD_URL"), y("requestPasswordResetUrl", E.String, this, o, "REQUEST_PASSWORD_RESET_URL"), y("changeFactor2Url", E.String, this, o, "CHANGE_FACTOR2_URL"), y("loginRedirectUrl", E.JsonArray, this, o, "LOGIN_REDIRECT_URL"), y("loginUrl", E.JsonArray, this, o, "LOGIN_URL"), o.addToSession && (this.addToSession = o.addToSession);
|
|
2758
2758
|
}
|
|
2759
2759
|
/** Returns whether there is a user logged in with a cookie-based session
|
|
2760
2760
|
*/
|
|
@@ -4347,7 +4347,7 @@ class $ {
|
|
|
4347
4347
|
* @param options See {@link SvelteKitSessionServerOptions}
|
|
4348
4348
|
*/
|
|
4349
4349
|
constructor(s, o) {
|
|
4350
|
-
this.loginUrl = "/login", this.clientSearchFn = ke, this.validFlows = ["all"], this.sessionServer = s, y("loginUrl",
|
|
4350
|
+
this.loginUrl = "/login", this.clientSearchFn = ke, this.validFlows = ["all"], this.sessionServer = s, y("loginUrl", E.JsonArray, this, o, "LOGIN_URL"), o.clientSearchFn && (this.clientSearchFn = o.clientSearchFn), this.redirect = o.redirect ?? G, this.error = o.error ?? Q, y("validFlows", E.JsonArray, this, o, "OAUTH_validFlows"), this.validFlows.length == 1 && this.validFlows[0] == _.All && (this.validFlows = _.allFlows()), this.valid_flowNames = _.flowNames(this.validFlows), o.clientStorage && (this.clientManager = new B(o)), this.clientStorage = o.clientStorage;
|
|
4351
4351
|
}
|
|
4352
4352
|
///////////////////////////////////////////////////////////////////
|
|
4353
4353
|
// Functions callable from apps
|
|
@@ -4518,8 +4518,8 @@ class $ {
|
|
|
4518
4518
|
for (let C of c)
|
|
4519
4519
|
try {
|
|
4520
4520
|
B.validateUri(C);
|
|
4521
|
-
} catch (
|
|
4522
|
-
d.logger.error(u({ err:
|
|
4521
|
+
} catch (T) {
|
|
4522
|
+
d.logger.error(u({ err: T })), l.push("[" + C + "]");
|
|
4523
4523
|
}
|
|
4524
4524
|
if (l.length > 0)
|
|
4525
4525
|
throw new n(
|
|
@@ -4533,8 +4533,8 @@ class $ {
|
|
|
4533
4533
|
if (g.client_name = t.client_name, g.confidential = e.getAsBoolean("confidential") ?? !1, g.valid_flow = f, g.redirect_uri = c, o) {
|
|
4534
4534
|
let C = t.userid ?? void 0;
|
|
4535
4535
|
if (C && ((r = this.sessionServer) != null && r.userStorage)) {
|
|
4536
|
-
const { user:
|
|
4537
|
-
C =
|
|
4536
|
+
const { user: T } = await ((a = this.sessionServer) == null ? void 0 : a.userStorage.getUserById(C));
|
|
4537
|
+
C = T.id;
|
|
4538
4538
|
}
|
|
4539
4539
|
g.userid = t.userid ? Number(t.userid) : null;
|
|
4540
4540
|
}
|
|
@@ -4581,13 +4581,13 @@ class $ {
|
|
|
4581
4581
|
if (o) {
|
|
4582
4582
|
const S = s.url.searchParams.get("userid");
|
|
4583
4583
|
if (S && ((e = this.sessionServer) != null && e.userStorage)) {
|
|
4584
|
-
const { user:
|
|
4585
|
-
g =
|
|
4584
|
+
const { user: T } = await ((r = this.sessionServer) == null ? void 0 : r.userStorage.getUserById(S));
|
|
4585
|
+
g = T.id;
|
|
4586
4586
|
}
|
|
4587
4587
|
const C = t.get("userid");
|
|
4588
4588
|
if (C && ((a = this.sessionServer) != null && a.userStorage)) {
|
|
4589
|
-
const { user:
|
|
4590
|
-
g =
|
|
4589
|
+
const { user: T } = await ((i = this.sessionServer) == null ? void 0 : i.userStorage.getUserById(C));
|
|
4590
|
+
g = T.id;
|
|
4591
4591
|
}
|
|
4592
4592
|
} else {
|
|
4593
4593
|
if (!s.locals.user) throw new n(h.Unauthorized);
|
|
@@ -4635,8 +4635,8 @@ class $ {
|
|
|
4635
4635
|
if (o) {
|
|
4636
4636
|
const C = e.get("userid");
|
|
4637
4637
|
if (C && ((r = this.sessionServer) != null && r.userStorage)) {
|
|
4638
|
-
const { user:
|
|
4639
|
-
l =
|
|
4638
|
+
const { user: T } = await ((a = this.sessionServer) == null ? void 0 : a.userStorage.getUserById(C));
|
|
4639
|
+
l = T.id;
|
|
4640
4640
|
}
|
|
4641
4641
|
} else {
|
|
4642
4642
|
if (!s.locals.user) throw new n(h.Unauthorized);
|
|
@@ -4650,8 +4650,8 @@ class $ {
|
|
|
4650
4650
|
for (let C of f)
|
|
4651
4651
|
try {
|
|
4652
4652
|
B.validateUri(C);
|
|
4653
|
-
} catch (
|
|
4654
|
-
d.logger.error(u({ err:
|
|
4653
|
+
} catch (T) {
|
|
4654
|
+
d.logger.error(u({ err: T })), g.push("[" + C + "]");
|
|
4655
4655
|
}
|
|
4656
4656
|
if (g.length > 0)
|
|
4657
4657
|
throw new n(
|
|
@@ -4813,7 +4813,7 @@ class Se extends $ {
|
|
|
4813
4813
|
actions: {
|
|
4814
4814
|
default: async (t) => await this.deleteClient(t)
|
|
4815
4815
|
}
|
|
4816
|
-
}, this.sessionServer = s, y("loginUrl",
|
|
4816
|
+
}, this.sessionServer = s, y("loginUrl", E.JsonArray, this, o, "LOGIN_URL"), o.clientSearchFn && (this.clientSearchFn = o.clientSearchFn), this.redirect = o.redirect, this.error = o.error;
|
|
4817
4817
|
}
|
|
4818
4818
|
///////////////////////////////////////////////////////////////////
|
|
4819
4819
|
// Functions callable from apps
|
|
@@ -4995,7 +4995,7 @@ class Ce extends $ {
|
|
|
4995
4995
|
actions: {
|
|
4996
4996
|
default: async (t) => await this.deleteClient(t)
|
|
4997
4997
|
}
|
|
4998
|
-
}, this.sessionServer = s, y("loginUrl",
|
|
4998
|
+
}, this.sessionServer = s, y("loginUrl", E.String, this, o, "LOGIN_URL"), o.clientSearchFn && (this.clientSearchFn = o.clientSearchFn), this.redirect = o.redirect, this.error = o.error;
|
|
4999
4999
|
}
|
|
5000
5000
|
///////////////////////////////////////////////////////////////////
|
|
5001
5001
|
// Functions callable from apps
|
|
@@ -5061,7 +5061,7 @@ function ye(k) {
|
|
|
5061
5061
|
let s = [];
|
|
5062
5062
|
return k.username == null ? s.push("Username must be given") : k.username.length < 2 ? s.push("Username must be at least 2 characters") : k.username.length > 254 && s.push("Username must be no longer than 254 characters"), s;
|
|
5063
5063
|
}
|
|
5064
|
-
function
|
|
5064
|
+
function Ee(k, s, o) {
|
|
5065
5065
|
let e = {
|
|
5066
5066
|
username: s.username ?? "",
|
|
5067
5067
|
state: "active"
|
|
@@ -5073,7 +5073,7 @@ function _e(k, s, o) {
|
|
|
5073
5073
|
}
|
|
5074
5074
|
return e.factor1 = "localpassword", e.factor2 = s.factor2, e;
|
|
5075
5075
|
}
|
|
5076
|
-
function
|
|
5076
|
+
function _e(k, s, o, t) {
|
|
5077
5077
|
const e = s.locals.user && w.isAdminFn(s.locals.user);
|
|
5078
5078
|
for (let r in o) {
|
|
5079
5079
|
let a = r.replace(/^user_/, "");
|
|
@@ -5090,9 +5090,9 @@ class L {
|
|
|
5090
5090
|
* @param options See {@link SvelteKitSessionServerOptions}.
|
|
5091
5091
|
*/
|
|
5092
5092
|
constructor(s, o, t = {}) {
|
|
5093
|
-
this.validateUserFn = ye, this.createUserFn =
|
|
5093
|
+
this.validateUserFn = ye, this.createUserFn = Ee, this.updateUserFn = _e, this.allowedFactor2 = [], this.allowedFactor2Names = [], this.factor2ProtectedPageEndpoints = [], this.factor2ProtectedApiEndpoints = [], this.loginProtectedPageEndpoints = [], this.loginProtectedApiEndpoints = [], this.loginProtectedExceptionPageEndpoints = [], this.loginProtectedExceptionApiEndpoints = [], this.adminPageEndpoints = [], this.adminApiEndpoints = [], this.unauthorizedUrl = void 0, this.enableCsrfProtection = !0, this.enableEmailVerification = !1, this.enablePasswordReset = !1, this.factor2Url = "/factor2", this.loginUrl = "/login", this.keyStorage = s, this.userStorage = t.userStorage, this.clientStorage = t.clientStorage, this.authenticators = o, this.sessionManager = new ie(s, o, t), this.redirect = t.redirect ?? G, this.error = t.error ?? Q, y("factor2Url", E.String, this, t, "FACTOR2_URL"), this.factor2Url.endsWith("/") || (this.factor2Url += "/"), y("factor2ProtectedPageEndpoints", E.JsonArray, this, t, "FACTOR2_PROTECTED_PAGE_ENDPOINTS"), y("factor2ProtectedApiEndpoints", E.JsonArray, this, t, "FACTOR2_PROTECTED_API_ENDPOINTS"), y("loginProtectedPageEndpoints", E.JsonArray, this, t, "LOGIN_PROTECTED_PAGE_ENDPOINTS"), y("loginProtectedApiEndpoints", E.JsonArray, this, t, "LOGIN_PROTECTED_API_ENDPOINTS"), y("loginProtectedExceptionPageEndpoints", E.JsonArray, this, t, "LOGIN_PROTECTED_EXCEPTION_PAGE_ENDPOINTS"), y("loginProtectedExceptionApiEndpoints", E.JsonArray, this, t, "LOGIN_PROTECTED_EXCEPTION_API_ENDPOINTS"), y("adminPageEndpoints", E.JsonArray, this, t, "ADMIN_PAGE_ENDPOINTS"), y("adminApiEndpoints", E.JsonArray, this, t, "ADMIN_API_ENDPOINTS"), y("loginUrl", E.JsonArray, this, t, "LOGIN_URL"), y("unauthorizedUrl", E.JsonArray, this, t, "UNAUTHORIZED_PAGE");
|
|
5094
5094
|
let e = {};
|
|
5095
|
-
if (y("allowedFactor2",
|
|
5095
|
+
if (y("allowedFactor2", E.JsonArray, e, t, "ALLOWED_FACTOR2"), this.allowedFactor2Names = t.allowedFactor2 ?? ["none"], e.allowedFactor2)
|
|
5096
5096
|
for (let r of e.allowedFactor2)
|
|
5097
5097
|
r in this.authenticators ? this.allowedFactor2.push({
|
|
5098
5098
|
name: r,
|
|
@@ -5103,7 +5103,7 @@ class L {
|
|
|
5103
5103
|
friendlyName: "None",
|
|
5104
5104
|
configurable: !1
|
|
5105
5105
|
});
|
|
5106
|
-
y("enableEmailVerification",
|
|
5106
|
+
y("enableEmailVerification", E.Boolean, this, t, "ENABLE_EMAIL_VERIFICATION"), y("enablePasswordReset", E.Boolean, this, t, "ENABLE_PASSWORD_RESET"), y("enableCsrfProtection", E.Boolean, this, t, "ENABLE_CSRF_PROTECTION"), y("editUserScope", E.String, this, t, "EDIT_USER_SCOPE"), t.validateUserFn && (this.validateUserFn = t.validateUserFn), t.createUserFn && (this.createUserFn = t.createUserFn), t.updateUserFn && (this.updateUserFn = t.updateUserFn), t.addToSession && (this.addToSession = t.addToSession), t.validateSession && (this.validateSession = t.validateSession), this.userEndpoints = new pe(this, t), this.adminEndpoints = new me(this, t), this.userClientEndpoints = new Se(this, t), this.adminClientEndpoints = new Ce(this, t), this.sessionHook = async ({ event: r }) => {
|
|
5107
5107
|
var f, g;
|
|
5108
5108
|
d.logger.debug("Session hook");
|
|
5109
5109
|
let a = [];
|
|
@@ -5190,27 +5190,27 @@ class L {
|
|
|
5190
5190
|
d.logger.debug(u({ msg: "Completing 2FA" }));
|
|
5191
5191
|
const p = this.authenticators[m.pre2fa.factor2], S = [...p.secretNames(), ...p.transientSecretNames()];
|
|
5192
5192
|
let C = {};
|
|
5193
|
-
const
|
|
5194
|
-
await
|
|
5195
|
-
for (let
|
|
5196
|
-
S.includes(
|
|
5193
|
+
const T = new b();
|
|
5194
|
+
await T.loadData(r);
|
|
5195
|
+
for (let F of T.keys())
|
|
5196
|
+
S.includes(F) && (C[F] = T.get(F) ?? "");
|
|
5197
5197
|
const N = this.getSessionCookieValue(r);
|
|
5198
5198
|
if (!N) throw new n(h.Unauthorized, "No session cookie found");
|
|
5199
|
-
let
|
|
5199
|
+
let U;
|
|
5200
5200
|
try {
|
|
5201
5201
|
await this.sessionManager.completeTwoFactorPageVisit(C, r.locals.sessionId ?? "");
|
|
5202
|
-
} catch (
|
|
5203
|
-
|
|
5204
|
-
const D = n.asCrossauthError(
|
|
5205
|
-
d.logger.error(u({ msg:
|
|
5202
|
+
} catch (F) {
|
|
5203
|
+
U = n.asCrossauthError(F), d.logger.debug(u({ err: F }));
|
|
5204
|
+
const D = n.asCrossauthError(F);
|
|
5205
|
+
d.logger.error(u({ msg: U.message, cerr: F, user: T.get("username"), errorCode: D.code, errorCodeName: D.codeName }));
|
|
5206
5206
|
}
|
|
5207
|
-
if (
|
|
5208
|
-
if (
|
|
5207
|
+
if (U)
|
|
5208
|
+
if (U.code == h.Expired) {
|
|
5209
5209
|
d.logger.debug(u({ msg: "Error - cancelling 2FA" }));
|
|
5210
5210
|
try {
|
|
5211
5211
|
await this.sessionManager.cancelTwoFactorPageVisit(N);
|
|
5212
|
-
} catch (
|
|
5213
|
-
d.logger.error(u({ msg: "Failed cancelling 2FA", cerr:
|
|
5212
|
+
} catch (F) {
|
|
5213
|
+
d.logger.error(u({ msg: "Failed cancelling 2FA", cerr: F, user: l.username, hashedSessionCookie: this.getHashOfSessionCookie(r) })), d.logger.debug(u({ err: F }));
|
|
5214
5214
|
}
|
|
5215
5215
|
return this.error(401, { message: "Sorry, your code has expired" }), { ok: !1, twofa: !0 };
|
|
5216
5216
|
} else
|
|
@@ -5220,20 +5220,20 @@ class L {
|
|
|
5220
5220
|
response: new Response("", {
|
|
5221
5221
|
status: 302,
|
|
5222
5222
|
statusText: K(302),
|
|
5223
|
-
headers: { Location: this.factor2Url + "?error=" + h[
|
|
5223
|
+
headers: { Location: this.factor2Url + "?error=" + h[U.code] }
|
|
5224
5224
|
})
|
|
5225
5225
|
} : {
|
|
5226
5226
|
twofa: !0,
|
|
5227
5227
|
ok: !1,
|
|
5228
5228
|
response: new Response(JSON.stringify({
|
|
5229
5229
|
ok: !1,
|
|
5230
|
-
errorMessage:
|
|
5231
|
-
errorMessages:
|
|
5232
|
-
errorCode:
|
|
5233
|
-
errorCodeName: h[
|
|
5230
|
+
errorMessage: U.message,
|
|
5231
|
+
errorMessages: U.messages,
|
|
5232
|
+
errorCode: U.code,
|
|
5233
|
+
errorCodeName: h[U.code]
|
|
5234
5234
|
}), {
|
|
5235
|
-
status:
|
|
5236
|
-
statusText: K(
|
|
5235
|
+
status: U.httpStatus,
|
|
5236
|
+
statusText: K(U.httpStatus),
|
|
5237
5237
|
headers: { "content-tyoe": "application/json" }
|
|
5238
5238
|
})
|
|
5239
5239
|
};
|
|
@@ -5476,17 +5476,21 @@ class L {
|
|
|
5476
5476
|
* Returns whether a page being visited as part of a request event is
|
|
5477
5477
|
* configured to be protected by login.
|
|
5478
5478
|
*
|
|
5479
|
-
* See {@link SvelteKitSessionServerOptions.loginProtectedPageEndpoints}
|
|
5479
|
+
* See {@link SvelteKitSessionServerOptions.loginProtectedPageEndpoints} and
|
|
5480
|
+
* {@link SvelteKitSessionServerOptions.loginProtectedExceptionPageEndpoints}.
|
|
5480
5481
|
*
|
|
5481
5482
|
* @param event the request event
|
|
5482
5483
|
* @returns true or false
|
|
5483
5484
|
*/
|
|
5484
5485
|
isLoginPageProtected(s) {
|
|
5485
5486
|
const o = new URL(typeof s == "string" ? s : s.request.url);
|
|
5486
|
-
return o.pathname == this.loginUrl ? !1 : this.
|
|
5487
|
-
(
|
|
5487
|
+
return o.pathname == this.loginUrl ? !1 : (this.loginProtectedExceptionPageEndpoints.reduce(
|
|
5488
|
+
(r, a) => r || P(o.pathname, a),
|
|
5488
5489
|
!1
|
|
5489
|
-
)
|
|
5490
|
+
), this.loginProtectedPageEndpoints.reduce(
|
|
5491
|
+
(r, a) => r || P(o.pathname, a),
|
|
5492
|
+
!1
|
|
5493
|
+
));
|
|
5490
5494
|
}
|
|
5491
5495
|
/**
|
|
5492
5496
|
* Returns whether an API call is being visited as part of a request event is
|
|
@@ -5499,10 +5503,13 @@ class L {
|
|
|
5499
5503
|
*/
|
|
5500
5504
|
isLoginApiProtected(s) {
|
|
5501
5505
|
const o = new URL(typeof s == "string" ? s : s.request.url);
|
|
5502
|
-
return this.
|
|
5503
|
-
(
|
|
5506
|
+
return o.pathname == this.loginUrl ? !1 : (this.loginProtectedExceptionApiEndpoints.reduce(
|
|
5507
|
+
(r, a) => r || P(o.pathname, a),
|
|
5504
5508
|
!1
|
|
5505
|
-
)
|
|
5509
|
+
), this.loginProtectedApiEndpoints.reduce(
|
|
5510
|
+
(r, a) => r || P(o.pathname, a),
|
|
5511
|
+
!1
|
|
5512
|
+
));
|
|
5506
5513
|
}
|
|
5507
5514
|
/**
|
|
5508
5515
|
* Returns whether a page being visited as part of a request event is
|
|
@@ -153,6 +153,19 @@ export interface SvelteKitSessionServerOptions extends SessionManagerOptions {
|
|
|
153
153
|
* The default is empty
|
|
154
154
|
*/
|
|
155
155
|
loginProtectedApiEndpoints?: string[];
|
|
156
|
+
/**
|
|
157
|
+
* This overrides `loginProtectedPageEndpoints`
|
|
158
|
+
*
|
|
159
|
+
* The default is empty.
|
|
160
|
+
*
|
|
161
|
+
*/
|
|
162
|
+
loginProtectedExceptionPageEndpoints?: string[];
|
|
163
|
+
/**
|
|
164
|
+
* This overrides `loginProtectedPageEndpoints`
|
|
165
|
+
*
|
|
166
|
+
* The default is empty
|
|
167
|
+
*/
|
|
168
|
+
loginProtectedExceptionApiEndpoints?: string[];
|
|
156
169
|
/**
|
|
157
170
|
* See `adminPageEndpoints`
|
|
158
171
|
*/
|
|
@@ -346,6 +359,8 @@ export declare class SvelteKitSessionServer implements SvelteKitSessionAdapter {
|
|
|
346
359
|
private factor2ProtectedApiEndpoints;
|
|
347
360
|
private loginProtectedPageEndpoints;
|
|
348
361
|
private loginProtectedApiEndpoints;
|
|
362
|
+
private loginProtectedExceptionPageEndpoints;
|
|
363
|
+
private loginProtectedExceptionApiEndpoints;
|
|
349
364
|
private adminPageEndpoints;
|
|
350
365
|
private adminApiEndpoints;
|
|
351
366
|
readonly unauthorizedUrl: string | undefined;
|
|
@@ -508,7 +523,8 @@ export declare class SvelteKitSessionServer implements SvelteKitSessionAdapter {
|
|
|
508
523
|
* Returns whether a page being visited as part of a request event is
|
|
509
524
|
* configured to be protected by login.
|
|
510
525
|
*
|
|
511
|
-
* See {@link SvelteKitSessionServerOptions.loginProtectedPageEndpoints}
|
|
526
|
+
* See {@link SvelteKitSessionServerOptions.loginProtectedPageEndpoints} and
|
|
527
|
+
* {@link SvelteKitSessionServerOptions.loginProtectedExceptionPageEndpoints}.
|
|
512
528
|
*
|
|
513
529
|
* @param event the request event
|
|
514
530
|
* @returns true or false
|