@crossauth/sveltekit 0.0.13 → 0.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1 -1
- package/dist/index.d.ts +9 -3
- package/dist/index.js +1596 -1542
- package/dist/sveltekitadminclientendpoints.d.ts +7 -7
- package/dist/sveltekitadminendpoints.d.ts +11 -12
- package/dist/sveltekitapikey.d.ts +3 -4
- package/dist/sveltekitoauthclient.d.ts +42 -19
- package/dist/sveltekitoauthserver.d.ts +1 -1
- package/dist/sveltekitresserver.d.ts +32 -3
- package/dist/sveltekitserver.d.ts +4 -3
- package/dist/sveltekitsession.d.ts +19 -11
- package/dist/sveltekitsessionadapter.d.ts +1 -1
- package/dist/sveltekitsharedclientendpoints.d.ts +13 -13
- package/dist/sveltekituserclientendpoints.d.ts +7 -7
- package/dist/sveltekituserendpoints.d.ts +20 -20
- package/package.json +3 -3
|
@@ -11,7 +11,7 @@ import { SvelteKitSharedClientEndpoints, SearchClientsPageData, UpdateClientPage
|
|
|
11
11
|
* **Endpoints**
|
|
12
12
|
*
|
|
13
13
|
* These endpoints can only be called if an admin user is logged in, as defined
|
|
14
|
-
* by the {@link
|
|
14
|
+
* by the {@link SvelteKitServer.isAdminFn}. If the user does not
|
|
15
15
|
* have this permission, a 401 error is raised.
|
|
16
16
|
*
|
|
17
17
|
* | Name | Description | PageData (returned by load) | ActionData (return by actions) | Form fields expected by actions | URL param |
|
|
@@ -21,14 +21,14 @@ import { SvelteKitSharedClientEndpoints, SearchClientsPageData, UpdateClientPage
|
|
|
21
21
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
22
22
|
* | searchClientsEndpoint | Returns a paginated set of clients or those matching search | See {@link SearchClientsPageData} | *Not provided* | | |
|
|
23
23
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
24
|
-
* | updateClientEndpoint | Updates a client | See {@link
|
|
25
|
-
* | | | | See {@link
|
|
24
|
+
* | updateClientEndpoint | Updates a client | See {@link UpdateClientPageData} | `default`: | | |
|
|
25
|
+
* | | | | See {@link UpdateClientFormData} | See {@link SvelteKitSharedClientEndpoints.updateClient_internal} | client_id |
|
|
26
26
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
27
|
-
* | createClientEndpoint | Creates a new client | See {@link
|
|
28
|
-
* | | | | See {@link
|
|
27
|
+
* | createClientEndpoint | Creates a new client | See {@link CreateClientPageData} | `default`: | | |
|
|
28
|
+
* | | | | See {@link CreateClientFormData} | See {@link SvelteKitSharedClientEndpoints.createClient_internal} | client_id |
|
|
29
29
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
30
|
-
* | deleteClientEndpoint | Deletes a client | See {@link
|
|
31
|
-
* | | | | See {@link
|
|
30
|
+
* | deleteClientEndpoint | Deletes a client | See {@link DeleteClientPageData} | `default`: | | |
|
|
31
|
+
* | | | | See {@link DeleteClientFormData} | See {@link SvelteKitSharedClientEndpoints.deleteClient_internal} | client_id |
|
|
32
32
|
* | -------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------- | --------- |
|
|
33
33
|
*/
|
|
34
34
|
export declare class SvelteKitAdminClientEndpoints extends SvelteKitSharedClientEndpoints {
|
|
@@ -94,8 +94,8 @@ export type SearchUsersReturn = {
|
|
|
94
94
|
* Provides endpoints for users to login, logout and maintain their
|
|
95
95
|
* own account.
|
|
96
96
|
*
|
|
97
|
-
* This is created automatically when {@link
|
|
98
|
-
* The endpoints are available through `
|
|
97
|
+
* This is created automatically when {@link SvelteKitServer} is instantiated.
|
|
98
|
+
* The endpoints are available through `SvelteKitServer.sessionServer.adminEndpoints`.
|
|
99
99
|
*
|
|
100
100
|
* The methods in this class are designed to be used in
|
|
101
101
|
* `+*_server.ts` files in the `load` and `actions` exports. You can
|
|
@@ -109,13 +109,13 @@ export type SearchUsersReturn = {
|
|
|
109
109
|
* ```
|
|
110
110
|
* The `?? crossauth.dummyLoad` and `?? crossauth.dummyActions` is to stop
|
|
111
111
|
* typescript complaining as the `sessionServer` member of the
|
|
112
|
-
* {@link
|
|
112
|
+
* {@link SvelteKitServer} object may be undefined, because
|
|
113
113
|
* some application do not have a session server.
|
|
114
114
|
*
|
|
115
115
|
* **Endpoints**
|
|
116
116
|
*
|
|
117
117
|
* These endpoints can only be called if an admin user is logged in, as defined
|
|
118
|
-
* by the {@link
|
|
118
|
+
* by the {@link SvelteKitServer.isAdminFn}. If the user does not
|
|
119
119
|
* have this permission, a 401 error is raised.
|
|
120
120
|
*
|
|
121
121
|
* | Name | Description | PageData (returned by load) | ActionData (return by actions) | Form fields expected by actions | URL param |
|
|
@@ -126,16 +126,16 @@ export type SearchUsersReturn = {
|
|
|
126
126
|
* | searchUsersEndpoint | Returns a paginated set of users or those matchign search | See return of {@link SvelteKitAdminEndpoints.searchUsers} | *Not provided* | | |
|
|
127
127
|
* | -------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ----------------------------------------------------------- | --------- |
|
|
128
128
|
* | updateUserEndpoint | Update a user's details | - `allowedFactor2` see {@link SvelteKitAdminEndpoints}.`signupEndpoint` | `default`: | `default`: | `id` |
|
|
129
|
-
* | | | - `editUser` the {@link @crossauth/common!User} being edited | - see {@link
|
|
129
|
+
* | | | - `editUser` the {@link @crossauth/common!User} being edited | - see {@link SvelteKitAdminEndpoints.updateUser} return | - see {@link SvelteKitAdminEndpoints.updateUser} event | |
|
|
130
130
|
* | -------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ----------------------------------------------------------- | --------- |
|
|
131
131
|
* | changePasswordEndpoint | Update a user's password | - `next` page to load on szccess | `default`: | `default`: | `id` |
|
|
132
|
-
* | | | - `editUser` the {@link @crossauth/common!User} being edited | - see {@link
|
|
132
|
+
* | | | - `editUser` the {@link @crossauth/common!User} being edited | - see {@link SvelteKitAdminEndpoints.changePassword} return | - see {@link SvelteKitAdminEndpoints.changePassword} event | |
|
|
133
133
|
* | -------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ----------------------------------------------------------- | --------- |
|
|
134
134
|
* | createUserEndpoint | Creates a new user | - `allowedFactor2` see {@link SvelteKitAdminEndpoints}.`signupEndpoint` | `default`: | `default`: | `id` |
|
|
135
|
-
* | | | | - see {@link
|
|
135
|
+
* | | | | - see {@link SvelteKitAdminEndpoints.createUser} return | - see {@link SvelteKitAdminEndpoints.createUser} event | |
|
|
136
136
|
* | -------------------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ----------------------------------------------------------- | --------- |
|
|
137
137
|
* | deleteUser | Deletes a user | - `error` error message if user ID doesn't exist | `default`: | `default`: | `id` |
|
|
138
|
-
* | | | | - see {@link
|
|
138
|
+
* | | | | - see {@link SvelteKitAdminEndpoints.deleteUser} return | - see {@link SvelteKitAdminEndpoints.deleteUser} event | |
|
|
139
139
|
*/
|
|
140
140
|
export declare class SvelteKitAdminEndpoints {
|
|
141
141
|
private sessionServer;
|
|
@@ -162,7 +162,7 @@ export declare class SvelteKitAdminEndpoints {
|
|
|
162
162
|
* or the empty string.
|
|
163
163
|
* - `skip` the number to start returning from. 0 if not defined
|
|
164
164
|
* - `take` the maximum number to return. 10 if not defined.
|
|
165
|
-
* @param
|
|
165
|
+
* @param searchTerm overrides the search term from the query.
|
|
166
166
|
* @param skip overrides the skip term from the query
|
|
167
167
|
* @param take overrides the take term from the query
|
|
168
168
|
*
|
|
@@ -198,7 +198,7 @@ export declare class SvelteKitAdminEndpoints {
|
|
|
198
198
|
* - `user_*` anything prefixed with `user` that is also in
|
|
199
199
|
* the `userEditableFields` or `adminEditableFields` options
|
|
200
200
|
* passed when constructing the
|
|
201
|
-
* user storage object will be added to the {@link @
|
|
201
|
+
* user storage object will be added to the {@link @crossauth/common!User}
|
|
202
202
|
* object (with `user_` removed).
|
|
203
203
|
*
|
|
204
204
|
* @returns object with:
|
|
@@ -257,7 +257,7 @@ export declare class SvelteKitAdminEndpoints {
|
|
|
257
257
|
* - `repeat_`*secrets* (eg `repeat_password`)
|
|
258
258
|
* - `user_*` anything prefixed with `user` that is also in
|
|
259
259
|
* - the `userEditableFields` option passed when constructing the
|
|
260
|
-
* user storage object will be added to the {@link @
|
|
260
|
+
* user storage object will be added to the {@link @crossauth/common!User}
|
|
261
261
|
* object (with `user_` removed).
|
|
262
262
|
*
|
|
263
263
|
* @returns object with:
|
|
@@ -282,7 +282,6 @@ export declare class SvelteKitAdminEndpoints {
|
|
|
282
282
|
/**
|
|
283
283
|
* Call this to delete the logged-in user
|
|
284
284
|
*
|
|
285
|
-
* @param userid the user to delete
|
|
286
285
|
* @param event the Sveltekit event.
|
|
287
286
|
|
|
288
287
|
* @returns object with:
|
|
@@ -4,7 +4,7 @@ import { RequestEvent, MaybePromise } from '@sveltejs/kit';
|
|
|
4
4
|
/**
|
|
5
5
|
* Options for {@link SvelteKitApiKeyServer }.
|
|
6
6
|
*
|
|
7
|
-
* See {@link
|
|
7
|
+
* See {@link SvelteKitApiKeyServer } constructor for description of parameters
|
|
8
8
|
*/
|
|
9
9
|
export interface SvelteKitApiKeyServerOptions extends ApiKeyManagerOptions {
|
|
10
10
|
/** Pass the Sveltekit redirect function */
|
|
@@ -22,7 +22,7 @@ export interface SvelteKitApiKeyServerOptions extends ApiKeyManagerOptions {
|
|
|
22
22
|
* They can be used in place of username/password login and session cookies.
|
|
23
23
|
*
|
|
24
24
|
* This class adds a `preHandler` hook that sets the `user` field in the
|
|
25
|
-
*
|
|
25
|
+
* SvelteKit request. It also sets `scopes` in the request object if there
|
|
26
26
|
* is a `scope` field in the JSON object in the `data` field in in the API
|
|
27
27
|
* record in key storage.
|
|
28
28
|
*/
|
|
@@ -39,10 +39,9 @@ export declare class SvelteKitApiKeyServer {
|
|
|
39
39
|
/**
|
|
40
40
|
* Constructor
|
|
41
41
|
*
|
|
42
|
-
* @param app the Fastify app instance
|
|
43
42
|
* @param userStorage the user storage with user accounts
|
|
44
43
|
* @param keyStorage the storage for finding API keys
|
|
45
|
-
* @param options See {@link
|
|
44
|
+
* @param options See {@link SvelteKitApiKeyServerOptions}
|
|
46
45
|
*/
|
|
47
46
|
constructor(userStorage: UserStorage, keyStorage: KeyStorage, options?: SvelteKitApiKeyServerOptions);
|
|
48
47
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { CrossauthError, ErrorCode, OAuthTokenResponse, OAuthDeviceAuthorizationResponse } from '@crossauth/common';
|
|
2
2
|
import { OAuthClientBackend, OAuthClientOptions } from '@crossauth/backend';
|
|
3
3
|
import { SvelteKitServer } from './sveltekitserver';
|
|
4
|
-
import { RequestEvent } from '@sveltejs/kit';
|
|
4
|
+
import { RequestEvent, MaybePromise } from '@sveltejs/kit';
|
|
5
5
|
|
|
6
6
|
export type SvelteKitErrorFn = (server: SvelteKitServer, event: RequestEvent, ce: CrossauthError) => Promise<Response>;
|
|
7
7
|
/**
|
|
@@ -41,7 +41,7 @@ export interface SvelteKitOAuthClientOptions extends OAuthClientOptions {
|
|
|
41
41
|
* logged in here at the client.
|
|
42
42
|
*
|
|
43
43
|
* In most cases you can ignore this and use
|
|
44
|
-
* {@link
|
|
44
|
+
* {@link SvelteKitSessionServerOptions.loginProtectedPageEndpoints}
|
|
45
45
|
* to protect the endpoints that begin the flows.
|
|
46
46
|
*
|
|
47
47
|
* See {@link @crossauth/common!OAuthFlows}.
|
|
@@ -114,7 +114,7 @@ export interface SvelteKitOAuthClientOptions extends OAuthClientOptions {
|
|
|
114
114
|
bffSleepMilliseconds?: number;
|
|
115
115
|
/**
|
|
116
116
|
* Endpoints to provide to acces tokens through the BFF mechanism,
|
|
117
|
-
* See {@link
|
|
117
|
+
* See {@link SvelteKitOAuthClient} class documentation for full description.
|
|
118
118
|
*/
|
|
119
119
|
tokenEndpoints?: ("access_token" | "refresh_token" | "id_token" | "have_access_token" | "have_refresh_token" | "have_id_token")[];
|
|
120
120
|
/** Pass the Sveltekit redirect function */
|
|
@@ -130,6 +130,10 @@ export interface SvelteKitOAuthClientOptions extends OAuthClientOptions {
|
|
|
130
130
|
* not the other, set this variable.
|
|
131
131
|
*/
|
|
132
132
|
validFlows?: string[];
|
|
133
|
+
/**
|
|
134
|
+
* These token types will be treated as JWT. Default all of them
|
|
135
|
+
*/
|
|
136
|
+
jwtTokens?: ("access" | "id" | "refresh")[];
|
|
133
137
|
}
|
|
134
138
|
/**
|
|
135
139
|
* Returned by the authorize endpoint
|
|
@@ -250,6 +254,18 @@ export interface RedirectUriReturn extends OAuthTokenResponse {
|
|
|
250
254
|
* of these endpoints, eg `method`, you set `matchSubUrls` to true, then
|
|
251
255
|
* `method/XXX`, `method/YYY` will match as well as `method`.
|
|
252
256
|
*
|
|
257
|
+
* **Middleware**
|
|
258
|
+
*
|
|
259
|
+
* This class provides middleware that works with the BFF method.
|
|
260
|
+
*
|
|
261
|
+
* If an ID token is saved in the session and it is valid, the following
|
|
262
|
+
* state attributes are set in the request object:
|
|
263
|
+
*
|
|
264
|
+
* - `idPayload` the payload from the ID token
|
|
265
|
+
* - `user` a :class:`crossauth_backend.User` object created from the ID
|
|
266
|
+
* token
|
|
267
|
+
* - `authType` set to `oidc`
|
|
268
|
+
*
|
|
253
269
|
* **Endpoints provided by this class**
|
|
254
270
|
*
|
|
255
271
|
* | Name | Description | PageData (returned by load) or JSON returned by get/post | ActionData (return by actions) | Form fields expected by actions or post/get input data |
|
|
@@ -285,11 +301,11 @@ export interface RedirectUriReturn extends OAuthTokenResponse {
|
|
|
285
301
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
286
302
|
* | allBffEndpoint | BFF resource server request. See class documentation | As per the corresponding resource server endpoint | As per the correspoinding resource server endpoint | As per the corresponding resource server endpoint |
|
|
287
303
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
288
|
-
* | accessTokenEndpoint | For BFF only, return the access token payload or error | JSON of the access token payload | *Not provided* |
|
|
304
|
+
* | accessTokenEndpoint | For BFF only, return the access token payload or error | JSON of the access token payload | *Not provided* | `decode`, default `true` |
|
|
289
305
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
290
|
-
* | refreshTokenEndpoint | For BFF only, return the refresh token payload or error | JSON of the refresh token payload | *Not provided* |
|
|
306
|
+
* | refreshTokenEndpoint | For BFF only, return the refresh token payload or error | JSON of the refresh token payload | *Not provided* | `decode`, default `true` |
|
|
291
307
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
292
|
-
* | idTokenEndpoint | For BFF only, return the id token payload or error | POST: JSON of the id token payload | *Not provided* |
|
|
308
|
+
* | idTokenEndpoint | For BFF only, return the id token payload or error | POST: JSON of the id token payload | *Not provided* | `decode`, default `true` |
|
|
293
309
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
294
310
|
* | havAeccessTokenEndpoint | For BFF only, return whether access token present | POST: `ok` of false or true | *Not provided* | |
|
|
295
311
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
@@ -297,7 +313,7 @@ export interface RedirectUriReturn extends OAuthTokenResponse {
|
|
|
297
313
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
298
314
|
* | haveIdTokenEndpoint | For BFF only, return whether id token present | POST: `ok` of false or true | *Not provided* | |
|
|
299
315
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
300
|
-
* | tokensEndpoint | For BFF only, return a JSON object of all of the above | POST: All of the above, keyed on `access_token`, `have_access_token`, etc. | *Not provided* |
|
|
316
|
+
* | tokensEndpoint | For BFF only, return a JSON object of all of the above | POST: All of the above, keyed on `access_token`, `have_access_token`, etc. | *Not provided* | `decode`, default `true` |
|
|
301
317
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
302
318
|
* | deleteTokensEndpoint | For BFF only, deletes tokens saved for session | POST: `ok` of false or true | `default`: `ok` of false or true | *None* |
|
|
303
319
|
* | ------------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- |
|
|
@@ -314,7 +330,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
314
330
|
readonly redirect: any;
|
|
315
331
|
readonly error: any;
|
|
316
332
|
/**
|
|
317
|
-
* See {@link
|
|
333
|
+
* See {@link SvelteKitOAuthClientOptions}
|
|
318
334
|
*/
|
|
319
335
|
loginProtectedFlows: string[];
|
|
320
336
|
private tokenResponseType;
|
|
@@ -325,11 +341,17 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
325
341
|
private tokenEndpoints;
|
|
326
342
|
private bffMaxTries;
|
|
327
343
|
private bffSleepMilliseconds;
|
|
344
|
+
readonly jwtTokens: string[];
|
|
345
|
+
readonly hook: (input: {
|
|
346
|
+
event: RequestEvent;
|
|
347
|
+
}) => MaybePromise<Response | undefined>;
|
|
348
|
+
private testMiddleware;
|
|
349
|
+
private testEvent;
|
|
328
350
|
/**
|
|
329
351
|
* Constructor
|
|
330
|
-
* @param server the {@link
|
|
352
|
+
* @param server the {@link SvelteKitServer} instance
|
|
331
353
|
* @param authServerBaseUrl the `iss` claim in the access token must match this value
|
|
332
|
-
* @param options See {@link
|
|
354
|
+
* @param options See {@link SvelteKitOAuthClientOptions}
|
|
333
355
|
*/
|
|
334
356
|
constructor(server: SvelteKitServer, authServerBaseUrl: string, options: SvelteKitOAuthClientOptions);
|
|
335
357
|
private passwordPost;
|
|
@@ -385,7 +407,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
385
407
|
status: number;
|
|
386
408
|
body?: {
|
|
387
409
|
[key: string]: any;
|
|
388
|
-
};
|
|
410
|
+
} | string;
|
|
389
411
|
}>;
|
|
390
412
|
tokensResponse(event: RequestEvent, token: string | string[]): Promise<Response>;
|
|
391
413
|
private startDeviceCodeFlow_internal;
|
|
@@ -620,14 +642,14 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
620
642
|
readonly accessTokenEndpoint: {
|
|
621
643
|
post: (event: RequestEvent) => Promise<{
|
|
622
644
|
status: number;
|
|
623
|
-
body?: {
|
|
645
|
+
body?: string | {
|
|
624
646
|
[key: string]: any;
|
|
625
647
|
} | undefined;
|
|
626
648
|
}>;
|
|
627
649
|
actions: {
|
|
628
650
|
default: (event: RequestEvent) => Promise<{
|
|
629
651
|
status: number;
|
|
630
|
-
body?: {
|
|
652
|
+
body?: string | {
|
|
631
653
|
[key: string]: any;
|
|
632
654
|
} | undefined;
|
|
633
655
|
}>;
|
|
@@ -638,7 +660,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
638
660
|
actions: {
|
|
639
661
|
default: (event: RequestEvent) => Promise<{
|
|
640
662
|
status: number;
|
|
641
|
-
body?: {
|
|
663
|
+
body?: string | {
|
|
642
664
|
[key: string]: any;
|
|
643
665
|
} | undefined;
|
|
644
666
|
}>;
|
|
@@ -649,7 +671,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
649
671
|
actions: {
|
|
650
672
|
default: (event: RequestEvent) => Promise<{
|
|
651
673
|
status: number;
|
|
652
|
-
body?: {
|
|
674
|
+
body?: string | {
|
|
653
675
|
[key: string]: any;
|
|
654
676
|
} | undefined;
|
|
655
677
|
}>;
|
|
@@ -660,7 +682,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
660
682
|
actions: {
|
|
661
683
|
default: (event: RequestEvent) => Promise<{
|
|
662
684
|
status: number;
|
|
663
|
-
body?: {
|
|
685
|
+
body?: string | {
|
|
664
686
|
[key: string]: any;
|
|
665
687
|
} | undefined;
|
|
666
688
|
}>;
|
|
@@ -671,7 +693,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
671
693
|
actions: {
|
|
672
694
|
default: (event: RequestEvent) => Promise<{
|
|
673
695
|
status: number;
|
|
674
|
-
body?: {
|
|
696
|
+
body?: string | {
|
|
675
697
|
[key: string]: any;
|
|
676
698
|
} | undefined;
|
|
677
699
|
}>;
|
|
@@ -682,7 +704,7 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
682
704
|
actions: {
|
|
683
705
|
default: (event: RequestEvent) => Promise<{
|
|
684
706
|
status: number;
|
|
685
|
-
body?: {
|
|
707
|
+
body?: string | {
|
|
686
708
|
[key: string]: any;
|
|
687
709
|
} | undefined;
|
|
688
710
|
}>;
|
|
@@ -693,10 +715,11 @@ export declare class SvelteKitOAuthClient extends OAuthClientBackend {
|
|
|
693
715
|
actions: {
|
|
694
716
|
default: (event: RequestEvent) => Promise<{
|
|
695
717
|
status: number;
|
|
696
|
-
body?: {
|
|
718
|
+
body?: string | {
|
|
697
719
|
[key: string]: any;
|
|
698
720
|
} | undefined;
|
|
699
721
|
}>;
|
|
700
722
|
};
|
|
701
723
|
};
|
|
724
|
+
private errorIfIdTokenInvalid;
|
|
702
725
|
}
|
|
@@ -22,7 +22,7 @@ export interface ReturnBase {
|
|
|
22
22
|
}
|
|
23
23
|
/**
|
|
24
24
|
* Return type for {@link SvelteKitUserEndpoints.verifyEmail}
|
|
25
|
-
* {@link SvelteKitUserEndpoints.
|
|
25
|
+
* {@link SvelteKitUserEndpoints.verifyEmailTokenEndpoint} action.
|
|
26
26
|
*
|
|
27
27
|
* See class documentation for {@link SvelteKitUserEndpoints} for more details.
|
|
28
28
|
*/
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { RequestEvent, MaybePromise } from '@sveltejs/kit';
|
|
2
2
|
import { User } from '@crossauth/common';
|
|
3
3
|
import { OAuthResourceServer, UserStorage, OAuthResourceServerOptions, OAuthTokenConsumer } from '@crossauth/backend';
|
|
4
|
+
import { SvelteKitSessionAdapter } from './sveltekitsessionadapter';
|
|
4
5
|
|
|
5
6
|
/**
|
|
6
7
|
* Options for {@link SvelteKitOAuthResourceServer}
|
|
@@ -13,7 +14,7 @@ export interface SvelteKitOAuthResourceServerOptions extends OAuthResourceServer
|
|
|
13
14
|
userStorage?: UserStorage;
|
|
14
15
|
/**
|
|
15
16
|
* If you enabled `protectedEndpoints` in
|
|
16
|
-
* {@link
|
|
17
|
+
* {@link SvelteKitOAuthResourceServer.constructor}
|
|
17
18
|
* and the access token is invalid, a 401 reply will be sent before
|
|
18
19
|
* your endpoint is hit. This will be the body, Default {}.
|
|
19
20
|
*/
|
|
@@ -31,6 +32,24 @@ export interface SvelteKitOAuthResourceServerOptions extends OAuthResourceServer
|
|
|
31
32
|
acceptSessionAuthorization?: boolean;
|
|
32
33
|
};
|
|
33
34
|
};
|
|
35
|
+
/**
|
|
36
|
+
* Where access tokens may be found (in this order).
|
|
37
|
+
*
|
|
38
|
+
* If this contains `session`, must also provide the session adapter
|
|
39
|
+
*
|
|
40
|
+
* Default `header`
|
|
41
|
+
*/
|
|
42
|
+
tokenLocations?: ("beader" | "session")[];
|
|
43
|
+
/**
|
|
44
|
+
* If tokenLocations contains `session`, tokens are keyed on this name.
|
|
45
|
+
*
|
|
46
|
+
* Default `oauth`
|
|
47
|
+
*/
|
|
48
|
+
sessionDataName?: string;
|
|
49
|
+
/**
|
|
50
|
+
* If `tokenLocations` contains `session`, must provide a session adapter
|
|
51
|
+
*/
|
|
52
|
+
sessionAdapter?: SvelteKitSessionAdapter;
|
|
34
53
|
}
|
|
35
54
|
/**
|
|
36
55
|
* OAuth resource server.
|
|
@@ -40,17 +59,22 @@ export interface SvelteKitOAuthResourceServerOptions extends OAuthResourceServer
|
|
|
40
59
|
*
|
|
41
60
|
* There are two way of using this class. If you don't set
|
|
42
61
|
* `protectedEndpoints` in
|
|
43
|
-
* {@link
|
|
62
|
+
* {@link SvelteKitOAuthResourceServer.constructor}, then in your
|
|
44
63
|
* protected endpoints, call {@link SvelteKitOAuthResourceServer.authorized}
|
|
45
64
|
* to check if the access token is valid and get any user credentials.
|
|
46
65
|
*
|
|
47
66
|
* If you do set `protectedEndpoints` in
|
|
48
67
|
* {@link SvelteKitOAuthResourceServer.constructor}
|
|
49
68
|
* then a hook is created.
|
|
69
|
+
*
|
|
70
|
+
* **Middleware**
|
|
50
71
|
* The hook
|
|
51
72
|
* hook will set the `accessTokenPayload`, `user` and `scope` fields
|
|
52
73
|
* on the event locals based on the content
|
|
53
74
|
* of the access token in the `Authorization` header if it is valid.
|
|
75
|
+
* If a user storage is provided,
|
|
76
|
+
* it will be used to look the user up. Otherwise a minimal user object
|
|
77
|
+
* is created.
|
|
54
78
|
* If it is not valid it will set the `authError` and `authErrorDescription`.
|
|
55
79
|
* If the access token is invalid, or there is an error, a 401 or 500
|
|
56
80
|
* response is sent before executing your endpoint code. As per
|
|
@@ -61,6 +85,9 @@ export declare class SvelteKitOAuthResourceServer extends OAuthResourceServer {
|
|
|
61
85
|
private userStorage?;
|
|
62
86
|
private errorBody;
|
|
63
87
|
private protectedEndpoints;
|
|
88
|
+
private sessionDataName;
|
|
89
|
+
private tokenLocations;
|
|
90
|
+
private sessionAdapter?;
|
|
64
91
|
/**
|
|
65
92
|
* Hook to check if the user is logged in and set data in `locals`
|
|
66
93
|
* accordingly.
|
|
@@ -70,7 +97,7 @@ export declare class SvelteKitOAuthResourceServer extends OAuthResourceServer {
|
|
|
70
97
|
}) => MaybePromise<Response | undefined>;
|
|
71
98
|
/**
|
|
72
99
|
* Constructor
|
|
73
|
-
* @param tokenConsumers the token consumers, one per issuer
|
|
100
|
+
* @param tokenConsumers the token consumers, one per issuer and audience
|
|
74
101
|
* @param options See {@link SvelteKitOAuthResourceServerOptions}
|
|
75
102
|
*/
|
|
76
103
|
constructor(tokenConsumers: OAuthTokenConsumer[], options?: SvelteKitOAuthResourceServerOptions);
|
|
@@ -98,4 +125,6 @@ export declare class SvelteKitOAuthResourceServer extends OAuthResourceServer {
|
|
|
98
125
|
error?: string;
|
|
99
126
|
error_description?: string;
|
|
100
127
|
} | undefined>;
|
|
128
|
+
private tokenFromHeader;
|
|
129
|
+
private tokenFromSession;
|
|
101
130
|
}
|
|
@@ -72,7 +72,7 @@ export type Resolver = (event: RequestEvent, opts?: ResolveOptions) => MaybeProm
|
|
|
72
72
|
* and CSRF cookies. See {@link SvelteKitSessionServer}.
|
|
73
73
|
* - `sessionAdapter` If you are using only the oAuthClient and don't want
|
|
74
74
|
* to use Crossauth's session server, you can implement
|
|
75
|
-
* a minimal {@link
|
|
75
|
+
* a minimal {@link SvelteKitSessionAdapter} instead.
|
|
76
76
|
* - `oAuthAuthServer` OAuth authorization server. See
|
|
77
77
|
* {@link SvelteKitAuthorizationServer}
|
|
78
78
|
* - `oAuthClient` OAuth client. See {@link SvelteKitOAuthClient}.
|
|
@@ -130,7 +130,7 @@ export type Resolver = (event: RequestEvent, opts?: ResolveOptions) => MaybeProm
|
|
|
130
130
|
* **Use in Pages**
|
|
131
131
|
*
|
|
132
132
|
* For instructions about how to use this class in your endpoints, see
|
|
133
|
-
* {@link
|
|
133
|
+
* {@link SvelteKitUserEndpoints} and {@link SvelteKitAdminEndpoints}
|
|
134
134
|
* for cookie-based session management.
|
|
135
135
|
*/
|
|
136
136
|
export declare class SvelteKitServer {
|
|
@@ -168,6 +168,7 @@ export declare class SvelteKitServer {
|
|
|
168
168
|
readonly oAuthClients?: SvelteKitOAuthClient[];
|
|
169
169
|
/** OAuth resource server instance */
|
|
170
170
|
readonly oAuthResServer?: SvelteKitOAuthResourceServer;
|
|
171
|
+
private audience;
|
|
171
172
|
/**
|
|
172
173
|
* Constructor.
|
|
173
174
|
*
|
|
@@ -182,7 +183,7 @@ export declare class SvelteKitServer {
|
|
|
182
183
|
* documentation). The value is an object with a `keyStorage` field
|
|
183
184
|
* which must be present and should be the {@link KeyStorage} instance
|
|
184
185
|
* where API keys are stored. A field called `options` whose
|
|
185
|
-
* value is an {@link
|
|
186
|
+
* value is an {@link SvelteKitApiKeyServerOptions} may also be
|
|
186
187
|
* provided.
|
|
187
188
|
* - `oAuthAuthServer` if passed, instantiate the session server (see class
|
|
188
189
|
* documentation). The value is an object with a `keyStorage` field
|
|
@@ -8,7 +8,7 @@ import { SvelteKitAdminClientEndpoints } from './sveltekitadminclientendpoints';
|
|
|
8
8
|
import { SvelteKitSessionAdapter } from './sveltekitsessionadapter';
|
|
9
9
|
|
|
10
10
|
export declare const CSRFHEADER = "X-CROSSAUTH-CSRF";
|
|
11
|
-
type Header = {
|
|
11
|
+
export type Header = {
|
|
12
12
|
name: string;
|
|
13
13
|
value: string;
|
|
14
14
|
};
|
|
@@ -256,7 +256,17 @@ export interface SvelteKitSessionServerOptions extends SessionManagerOptions {
|
|
|
256
256
|
* The Sveltekit session server.
|
|
257
257
|
*
|
|
258
258
|
* You shouldn't have to instantiate this directly. It is created when
|
|
259
|
-
* you create a {@link
|
|
259
|
+
* you create a {@link SvelteKitServer} object.
|
|
260
|
+
|
|
261
|
+
* **Middleware**
|
|
262
|
+
*
|
|
263
|
+
* This class registers one middleware function to fill in the following
|
|
264
|
+
* fields in the request:
|
|
265
|
+
*
|
|
266
|
+
* - `user` a {@link @crossauth/common!User}` object
|
|
267
|
+
* - `authType`: set to `cookie` or undefined
|
|
268
|
+
* - `csrfToken`: a CSRF token that can be used in POST requests
|
|
269
|
+
* - `sessionId` a session ID if one is created
|
|
260
270
|
*/
|
|
261
271
|
export declare class SvelteKitSessionServer implements SvelteKitSessionAdapter {
|
|
262
272
|
/**
|
|
@@ -298,13 +308,13 @@ export declare class SvelteKitSessionServer implements SvelteKitSessionAdapter {
|
|
|
298
308
|
/**
|
|
299
309
|
* Funtion to validate users upon creation. Taken from the options during
|
|
300
310
|
* construction or the default value.
|
|
301
|
-
* See {@link
|
|
311
|
+
* See {@link SvelteKitSessionServerOptions}.
|
|
302
312
|
*/
|
|
303
313
|
validateUserFn: (user: UserInputFields) => string[];
|
|
304
314
|
/**
|
|
305
315
|
* Funtion to create a user record from form fields. Taken from the options during
|
|
306
316
|
* construction or the default value.
|
|
307
|
-
* See {@link
|
|
317
|
+
* See {@link SvelteKitSessionServerOptions}.
|
|
308
318
|
*/
|
|
309
319
|
createUserFn: (event: RequestEvent, data: {
|
|
310
320
|
[key: string]: string | undefined;
|
|
@@ -312,14 +322,14 @@ export declare class SvelteKitSessionServer implements SvelteKitSessionAdapter {
|
|
|
312
322
|
/**
|
|
313
323
|
* Funtion to update a user record from form fields. Taken from the options during
|
|
314
324
|
* construction or the default value.
|
|
315
|
-
* See {@link
|
|
325
|
+
* See {@link SvelteKitSessionServerOptions}.
|
|
316
326
|
*/
|
|
317
327
|
updateUserFn: (user: User, event: RequestEvent, data: {
|
|
318
328
|
[key: string]: string | undefined;
|
|
319
329
|
}, userEditableFields: string[]) => User;
|
|
320
330
|
/**
|
|
321
331
|
* The set of authenticators taken from constructor args.
|
|
322
|
-
* See {@link
|
|
332
|
+
* See {@link SvelteKitSessionServer.constructor}.
|
|
323
333
|
*/
|
|
324
334
|
readonly authenticators: {
|
|
325
335
|
[key: string]: Authenticator;
|
|
@@ -445,7 +455,7 @@ export declare class SvelteKitSessionServer implements SvelteKitSessionAdapter {
|
|
|
445
455
|
/**
|
|
446
456
|
* Sets headers in the request event.
|
|
447
457
|
*
|
|
448
|
-
* Used internally by {@link
|
|
458
|
+
* Used internally by {@link SvelteKitServer}. Shouldn't be necessary
|
|
449
459
|
* to call this directly.
|
|
450
460
|
* @param headers the headres to set
|
|
451
461
|
* @param resp the response object to set them in
|
|
@@ -508,7 +518,7 @@ export declare class SvelteKitSessionServer implements SvelteKitSessionAdapter {
|
|
|
508
518
|
/**
|
|
509
519
|
* Returns a hash of the session ID. Used for logging (for security,
|
|
510
520
|
* the actual session ID is not logged)
|
|
511
|
-
* @param
|
|
521
|
+
* @param event the Sveltekit request event
|
|
512
522
|
* @returns hash of the session ID
|
|
513
523
|
*/
|
|
514
524
|
getHashOfSessionId(event: RequestEvent): string;
|
|
@@ -588,8 +598,7 @@ export declare class SvelteKitSessionServer implements SvelteKitSessionAdapter {
|
|
|
588
598
|
* with a user (`userid` is undefined). It can be used to persist
|
|
589
599
|
* data between sessions just like a regular user session ID.
|
|
590
600
|
*
|
|
591
|
-
* @param
|
|
592
|
-
* @param reply the Fastify reply
|
|
601
|
+
* @param event the SvelteKit reqzest event
|
|
593
602
|
* @param data session data to save
|
|
594
603
|
* @returns the session cookie value
|
|
595
604
|
*/
|
|
@@ -643,4 +652,3 @@ export declare class SvelteKitSessionServer implements SvelteKitSessionAdapter {
|
|
|
643
652
|
*/
|
|
644
653
|
deleteSessionData(event: RequestEvent, name: string): Promise<void>;
|
|
645
654
|
}
|
|
646
|
-
export {};
|
|
@@ -20,7 +20,7 @@ export declare abstract class SvelteKitSessionAdapter {
|
|
|
20
20
|
*
|
|
21
21
|
* The `data` field is assumed to be JSON. Just the field with the given
|
|
22
22
|
* name is updated and the rest is unchanged.
|
|
23
|
-
* @param
|
|
23
|
+
* @param event the SvelteKit request event
|
|
24
24
|
* @param dataArray data to update
|
|
25
25
|
*/
|
|
26
26
|
abstract updateManySessionData(event: RequestEvent, dataArray: {
|