@dataflint/mcp-server 1.0.12 → 1.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/auth-strategy-factory.d.ts +60 -0
- package/dist/auth/auth-strategy-factory.d.ts.map +1 -0
- package/dist/auth/auth-strategy-factory.js +113 -0
- package/dist/auth/auth-strategy-factory.js.map +1 -0
- package/dist/auth/auth0-m2m-service.d.ts +74 -0
- package/dist/auth/auth0-m2m-service.d.ts.map +1 -0
- package/dist/auth/auth0-m2m-service.js +195 -0
- package/dist/auth/auth0-m2m-service.js.map +1 -0
- package/dist/auth/auth0-service.d.ts +64 -0
- package/dist/auth/auth0-service.d.ts.map +1 -0
- package/dist/auth/auth0-service.js +326 -0
- package/dist/auth/auth0-service.js.map +1 -0
- package/dist/auth/customer-auth-configs.d.ts +31 -0
- package/dist/auth/customer-auth-configs.d.ts.map +1 -0
- package/dist/auth/customer-auth-configs.js +39 -0
- package/dist/auth/customer-auth-configs.js.map +1 -0
- package/dist/auth/index.d.ts +75 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +137 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/secrets/aws-secrets-provider.d.ts +45 -0
- package/dist/auth/secrets/aws-secrets-provider.d.ts.map +1 -0
- package/dist/auth/secrets/aws-secrets-provider.js +123 -0
- package/dist/auth/secrets/aws-secrets-provider.js.map +1 -0
- package/dist/auth/secrets/index.d.ts +12 -0
- package/dist/auth/secrets/index.d.ts.map +1 -0
- package/dist/auth/secrets/index.js +17 -0
- package/dist/auth/secrets/index.js.map +1 -0
- package/dist/auth/secrets/local-file-secrets-provider.d.ts +47 -0
- package/dist/auth/secrets/local-file-secrets-provider.d.ts.map +1 -0
- package/dist/auth/secrets/local-file-secrets-provider.js +151 -0
- package/dist/auth/secrets/local-file-secrets-provider.js.map +1 -0
- package/dist/auth/secrets/secrets-provider.d.ts +54 -0
- package/dist/auth/secrets/secrets-provider.d.ts.map +1 -0
- package/dist/auth/secrets/secrets-provider.js +106 -0
- package/dist/auth/secrets/secrets-provider.js.map +1 -0
- package/dist/auth/secrets/types.d.ts +32 -0
- package/dist/auth/secrets/types.d.ts.map +1 -0
- package/dist/auth/secrets/types.js +8 -0
- package/dist/auth/secrets/types.js.map +1 -0
- package/dist/auth/service-account-service.d.ts +77 -0
- package/dist/auth/service-account-service.d.ts.map +1 -0
- package/dist/auth/service-account-service.js +209 -0
- package/dist/auth/service-account-service.js.map +1 -0
- package/dist/auth/types.d.ts +140 -0
- package/dist/auth/types.d.ts.map +1 -0
- package/dist/auth/types.js +30 -0
- package/dist/auth/types.js.map +1 -0
- package/dist/dataflint-server-service.d.ts +1 -1
- package/dist/dataflint-server-service.d.ts.map +1 -1
- package/dist/dataflint-server-service.js +27 -2
- package/dist/dataflint-server-service.js.map +1 -1
- package/dist/index.d.ts +3 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -6
- package/dist/index.js.map +1 -1
- package/dist/server.d.ts +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +4 -4
- package/dist/server.js.map +1 -1
- package/dist/standalone/config.d.ts +10 -9
- package/dist/standalone/config.d.ts.map +1 -1
- package/dist/standalone/config.js +291 -23948
- package/dist/standalone/config.js.map +1 -7
- package/dist/standalone/logger.js +2 -2
- package/dist/standalone/logger.js.map +1 -1
- package/dist/standalone/server.d.ts.map +1 -1
- package/dist/standalone/server.js +13 -10
- package/dist/standalone/server.js.map +1 -1
- package/dist/standalone/stdio-transport.d.ts +1 -1
- package/dist/standalone/stdio-transport.d.ts.map +1 -1
- package/dist/standalone/stdio-transport.js +2 -2
- package/dist/standalone/stdio-transport.js.map +1 -1
- package/dist/tools/highlight-tools.js +5 -3
- package/dist/tools/highlight-tools.js.map +1 -1
- package/dist/types.d.ts +4 -17
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +5 -0
- package/dist/types.js.map +1 -1
- package/package.json +2 -3
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Service Account Authentication Service
|
|
3
|
+
*
|
|
4
|
+
* Provides authentication using a pre-generated JWT token read from a file.
|
|
5
|
+
* This is typically used for M2M (machine-to-machine) scenarios where a service
|
|
6
|
+
* account token is mounted as a file (e.g., in Kubernetes).
|
|
7
|
+
*
|
|
8
|
+
* The token is expected to be a valid JWT with an 'exp' claim.
|
|
9
|
+
*/
|
|
10
|
+
import { IAuthStrategy, AuthStrategyType, AuthUserInfo, IAuthLogger } from "./types";
|
|
11
|
+
/**
|
|
12
|
+
* Service Account authentication strategy
|
|
13
|
+
*
|
|
14
|
+
* Reads a JWT token from a file path and manages token caching and expiration.
|
|
15
|
+
*
|
|
16
|
+
* @example
|
|
17
|
+
* ```typescript
|
|
18
|
+
* const service = new ServiceAccountService(
|
|
19
|
+
* '/var/run/secrets/dataflint/token',
|
|
20
|
+
* 'tenant-123',
|
|
21
|
+
* logger
|
|
22
|
+
* );
|
|
23
|
+
*
|
|
24
|
+
* await service.initialize();
|
|
25
|
+
* const token = await service.getToken();
|
|
26
|
+
* ```
|
|
27
|
+
*/
|
|
28
|
+
export declare class ServiceAccountService implements IAuthStrategy {
|
|
29
|
+
private tokenPath;
|
|
30
|
+
private tenantId;
|
|
31
|
+
private tokenCache;
|
|
32
|
+
private logger;
|
|
33
|
+
constructor(tokenPath: string, tenantId?: string, logger?: IAuthLogger);
|
|
34
|
+
/**
|
|
35
|
+
* Get the strategy type identifier
|
|
36
|
+
*/
|
|
37
|
+
getType(): AuthStrategyType;
|
|
38
|
+
/**
|
|
39
|
+
* Initialize the service account strategy
|
|
40
|
+
* Validates that the token file exists and is readable
|
|
41
|
+
*/
|
|
42
|
+
initialize(): Promise<void>;
|
|
43
|
+
/**
|
|
44
|
+
* Get a valid access token, reading from file if cache is expired
|
|
45
|
+
*/
|
|
46
|
+
getToken(): Promise<string>;
|
|
47
|
+
/**
|
|
48
|
+
* Force refresh the token by clearing cache and re-reading from file
|
|
49
|
+
*/
|
|
50
|
+
refreshToken(): Promise<void>;
|
|
51
|
+
/**
|
|
52
|
+
* Check if currently authenticated (token file exists and is valid)
|
|
53
|
+
*/
|
|
54
|
+
isAuthenticated(): Promise<boolean>;
|
|
55
|
+
/**
|
|
56
|
+
* Get user information for the service account
|
|
57
|
+
* Returns synthetic user info since service accounts don't have traditional user profiles
|
|
58
|
+
*/
|
|
59
|
+
getUserInfo(): Promise<AuthUserInfo>;
|
|
60
|
+
/**
|
|
61
|
+
* Get the tenant ID associated with this service account
|
|
62
|
+
*/
|
|
63
|
+
getTenantId(): string | undefined;
|
|
64
|
+
/**
|
|
65
|
+
* Read the token from the file system
|
|
66
|
+
*/
|
|
67
|
+
private readTokenFromFile;
|
|
68
|
+
/**
|
|
69
|
+
* Validate the token format and cache it with expiration
|
|
70
|
+
*/
|
|
71
|
+
private validateAndCacheToken;
|
|
72
|
+
/**
|
|
73
|
+
* Extract expiration time from JWT payload
|
|
74
|
+
*/
|
|
75
|
+
private extractExpiration;
|
|
76
|
+
}
|
|
77
|
+
//# sourceMappingURL=service-account-service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"service-account-service.d.ts","sourceRoot":"","sources":["../../src/auth/service-account-service.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EACH,aAAa,EACb,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACd,MAAM,SAAS,CAAC;AAiBjB;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,qBAAsB,YAAW,aAAa;IACvD,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,QAAQ,CAAqB;IACrC,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,MAAM,CAAc;gBAEhB,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,WAAW;IAMtE;;OAEG;IACH,OAAO,IAAI,gBAAgB;IAI3B;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAgBjC;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC;IAgBjC;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAOnC;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IASzC;;;OAGG;IACG,WAAW,IAAI,OAAO,CAAC,YAAY,CAAC;IAQ1C;;OAEG;IACH,WAAW,IAAI,MAAM,GAAG,SAAS;IAIjC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAIzB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAiC7B;;OAEG;IACH,OAAO,CAAC,iBAAiB;CAuB5B"}
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Service Account Authentication Service
|
|
4
|
+
*
|
|
5
|
+
* Provides authentication using a pre-generated JWT token read from a file.
|
|
6
|
+
* This is typically used for M2M (machine-to-machine) scenarios where a service
|
|
7
|
+
* account token is mounted as a file (e.g., in Kubernetes).
|
|
8
|
+
*
|
|
9
|
+
* The token is expected to be a valid JWT with an 'exp' claim.
|
|
10
|
+
*/
|
|
11
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
12
|
+
if (k2 === undefined) k2 = k;
|
|
13
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
14
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
15
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
16
|
+
}
|
|
17
|
+
Object.defineProperty(o, k2, desc);
|
|
18
|
+
}) : (function(o, m, k, k2) {
|
|
19
|
+
if (k2 === undefined) k2 = k;
|
|
20
|
+
o[k2] = m[k];
|
|
21
|
+
}));
|
|
22
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
23
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
24
|
+
}) : function(o, v) {
|
|
25
|
+
o["default"] = v;
|
|
26
|
+
});
|
|
27
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
28
|
+
var ownKeys = function(o) {
|
|
29
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
30
|
+
var ar = [];
|
|
31
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
32
|
+
return ar;
|
|
33
|
+
};
|
|
34
|
+
return ownKeys(o);
|
|
35
|
+
};
|
|
36
|
+
return function (mod) {
|
|
37
|
+
if (mod && mod.__esModule) return mod;
|
|
38
|
+
var result = {};
|
|
39
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
40
|
+
__setModuleDefault(result, mod);
|
|
41
|
+
return result;
|
|
42
|
+
};
|
|
43
|
+
})();
|
|
44
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
45
|
+
exports.ServiceAccountService = void 0;
|
|
46
|
+
const fs = __importStar(require("fs"));
|
|
47
|
+
const types_1 = require("./types");
|
|
48
|
+
/**
|
|
49
|
+
* Default no-op logger for when no logger is provided
|
|
50
|
+
*/
|
|
51
|
+
const noopLogger = {
|
|
52
|
+
info: () => { },
|
|
53
|
+
warn: () => { },
|
|
54
|
+
error: () => { },
|
|
55
|
+
debug: () => { },
|
|
56
|
+
};
|
|
57
|
+
/**
|
|
58
|
+
* Service Account authentication strategy
|
|
59
|
+
*
|
|
60
|
+
* Reads a JWT token from a file path and manages token caching and expiration.
|
|
61
|
+
*
|
|
62
|
+
* @example
|
|
63
|
+
* ```typescript
|
|
64
|
+
* const service = new ServiceAccountService(
|
|
65
|
+
* '/var/run/secrets/dataflint/token',
|
|
66
|
+
* 'tenant-123',
|
|
67
|
+
* logger
|
|
68
|
+
* );
|
|
69
|
+
*
|
|
70
|
+
* await service.initialize();
|
|
71
|
+
* const token = await service.getToken();
|
|
72
|
+
* ```
|
|
73
|
+
*/
|
|
74
|
+
class ServiceAccountService {
|
|
75
|
+
tokenPath;
|
|
76
|
+
tenantId;
|
|
77
|
+
tokenCache = null;
|
|
78
|
+
logger;
|
|
79
|
+
constructor(tokenPath, tenantId, logger) {
|
|
80
|
+
this.tokenPath = tokenPath;
|
|
81
|
+
this.tenantId = tenantId;
|
|
82
|
+
this.logger = logger || noopLogger;
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Get the strategy type identifier
|
|
86
|
+
*/
|
|
87
|
+
getType() {
|
|
88
|
+
return types_1.AuthStrategyType.SERVICE_ACCOUNT;
|
|
89
|
+
}
|
|
90
|
+
/**
|
|
91
|
+
* Initialize the service account strategy
|
|
92
|
+
* Validates that the token file exists and is readable
|
|
93
|
+
*/
|
|
94
|
+
async initialize() {
|
|
95
|
+
this.logger.info(`Initializing ServiceAccountService with token path: ${this.tokenPath}`);
|
|
96
|
+
if (!fs.existsSync(this.tokenPath)) {
|
|
97
|
+
throw new Error(`Service account token file not found: ${this.tokenPath}`);
|
|
98
|
+
}
|
|
99
|
+
// Pre-load and validate the token
|
|
100
|
+
await this.getToken();
|
|
101
|
+
this.logger.info("ServiceAccountService initialized successfully");
|
|
102
|
+
}
|
|
103
|
+
/**
|
|
104
|
+
* Get a valid access token, reading from file if cache is expired
|
|
105
|
+
*/
|
|
106
|
+
async getToken() {
|
|
107
|
+
const now = Date.now();
|
|
108
|
+
// Check if we have a valid cached token (with 5-minute buffer)
|
|
109
|
+
const bufferMs = 5 * 60 * 1000;
|
|
110
|
+
if (this.tokenCache && now < this.tokenCache.expiresAt - bufferMs) {
|
|
111
|
+
this.logger.debug("Using cached service account token");
|
|
112
|
+
return this.tokenCache.token;
|
|
113
|
+
}
|
|
114
|
+
const rawToken = this.readTokenFromFile();
|
|
115
|
+
this.validateAndCacheToken(rawToken);
|
|
116
|
+
return this.tokenCache.token;
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Force refresh the token by clearing cache and re-reading from file
|
|
120
|
+
*/
|
|
121
|
+
async refreshToken() {
|
|
122
|
+
this.logger.info("Refreshing service account token...");
|
|
123
|
+
this.tokenCache = null;
|
|
124
|
+
await this.getToken();
|
|
125
|
+
this.logger.info("Service account token refreshed");
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* Check if currently authenticated (token file exists and is valid)
|
|
129
|
+
*/
|
|
130
|
+
async isAuthenticated() {
|
|
131
|
+
try {
|
|
132
|
+
await this.getToken();
|
|
133
|
+
return true;
|
|
134
|
+
}
|
|
135
|
+
catch {
|
|
136
|
+
return false;
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Get user information for the service account
|
|
141
|
+
* Returns synthetic user info since service accounts don't have traditional user profiles
|
|
142
|
+
*/
|
|
143
|
+
async getUserInfo() {
|
|
144
|
+
return {
|
|
145
|
+
sub: "m2m-service-account",
|
|
146
|
+
name: "M2M Service Account",
|
|
147
|
+
...(this.tenantId && { tenant_id: this.tenantId }),
|
|
148
|
+
};
|
|
149
|
+
}
|
|
150
|
+
/**
|
|
151
|
+
* Get the tenant ID associated with this service account
|
|
152
|
+
*/
|
|
153
|
+
getTenantId() {
|
|
154
|
+
return this.tenantId;
|
|
155
|
+
}
|
|
156
|
+
/**
|
|
157
|
+
* Read the token from the file system
|
|
158
|
+
*/
|
|
159
|
+
readTokenFromFile() {
|
|
160
|
+
return fs.readFileSync(this.tokenPath, "utf8");
|
|
161
|
+
}
|
|
162
|
+
/**
|
|
163
|
+
* Validate the token format and cache it with expiration
|
|
164
|
+
*/
|
|
165
|
+
validateAndCacheToken(rawToken) {
|
|
166
|
+
const token = rawToken.trim();
|
|
167
|
+
if (!token) {
|
|
168
|
+
throw new Error("Service account token is empty");
|
|
169
|
+
}
|
|
170
|
+
const parts = token.split(".");
|
|
171
|
+
if (parts.length !== 3) {
|
|
172
|
+
throw new Error(`Invalid JWT format: expected 3 parts, got ${parts.length}`);
|
|
173
|
+
}
|
|
174
|
+
const expiresAt = this.extractExpiration(token);
|
|
175
|
+
const now = Date.now();
|
|
176
|
+
const expiresIn = Math.floor((expiresAt - now) / 1000);
|
|
177
|
+
// Check if token is already expired
|
|
178
|
+
if (expiresAt <= now) {
|
|
179
|
+
throw new Error("Service account token is expired");
|
|
180
|
+
}
|
|
181
|
+
this.logger.info(`Service account token loaded${this.tenantId ? ` for tenant ${this.tenantId}` : ""}: expires in ${expiresIn}s (${new Date(expiresAt).toISOString()})`);
|
|
182
|
+
this.tokenCache = {
|
|
183
|
+
token,
|
|
184
|
+
expiresAt,
|
|
185
|
+
};
|
|
186
|
+
}
|
|
187
|
+
/**
|
|
188
|
+
* Extract expiration time from JWT payload
|
|
189
|
+
*/
|
|
190
|
+
extractExpiration(token) {
|
|
191
|
+
const parts = token.split(".");
|
|
192
|
+
try {
|
|
193
|
+
const payload = parts[1];
|
|
194
|
+
const decoded = Buffer.from(payload, "base64url").toString("utf8");
|
|
195
|
+
const parsed = JSON.parse(decoded);
|
|
196
|
+
if (typeof parsed.exp === "number") {
|
|
197
|
+
return parsed.exp * 1000;
|
|
198
|
+
}
|
|
199
|
+
this.logger.warn("JWT missing 'exp' field, using fallback expiration");
|
|
200
|
+
return Date.now() + 300000; // 5 minutes fallback
|
|
201
|
+
}
|
|
202
|
+
catch (error) {
|
|
203
|
+
this.logger.warn(`Failed to parse JWT expiration: ${error}, using fallback expiration`);
|
|
204
|
+
return Date.now() + 300000; // 5 minutes fallback
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
}
|
|
208
|
+
exports.ServiceAccountService = ServiceAccountService;
|
|
209
|
+
//# sourceMappingURL=service-account-service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"service-account-service.js","sourceRoot":"","sources":["../../src/auth/service-account-service.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,mCAKiB;AAOjB;;GAEG;AACH,MAAM,UAAU,GAAgB;IAC5B,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;IACf,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;CAClB,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,qBAAqB;IACtB,SAAS,CAAS;IAClB,QAAQ,CAAqB;IAC7B,UAAU,GAA2B,IAAI,CAAC;IAC1C,MAAM,CAAc;IAE5B,YAAY,SAAiB,EAAE,QAAiB,EAAE,MAAoB;QAClE,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,UAAU,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,OAAO;QACH,OAAO,wBAAgB,CAAC,eAAe,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU;QACZ,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,uDAAuD,IAAI,CAAC,SAAS,EAAE,CAC1E,CAAC;QAEF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACX,yCAAyC,IAAI,CAAC,SAAS,EAAE,CAC5D,CAAC;QACN,CAAC;QAED,kCAAkC;QAClC,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACV,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,+DAA+D;QAC/D,MAAM,QAAQ,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAC/B,IAAI,IAAI,CAAC,UAAU,IAAI,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,GAAG,QAAQ,EAAE,CAAC;YAChE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QACjC,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC1C,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAErC,OAAO,IAAI,CAAC,UAAW,CAAC,KAAK,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QACd,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACxD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACjB,IAAI,CAAC;YACD,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW;QACb,OAAO;YACH,GAAG,EAAE,qBAAqB;YAC1B,IAAI,EAAE,qBAAqB;YAC3B,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;SACrD,CAAC;IACN,CAAC;IAED;;OAEG;IACH,WAAW;QACP,OAAO,IAAI,CAAC,QAAQ,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,iBAAiB;QACrB,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,QAAgB;QAC1C,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE9B,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CACX,6CAA6C,KAAK,CAAC,MAAM,EAAE,CAC9D,CAAC;QACN,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;QAEvD,oCAAoC;QACpC,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,+BAA+B,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,eAAe,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,gBAAgB,SAAS,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,GAAG,CACxJ,CAAC;QAEF,IAAI,CAAC,UAAU,GAAG;YACd,KAAK;YACL,SAAS;SACZ,CAAC;IACN,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,KAAa;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE/B,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACnE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEnC,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACjC,OAAO,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC;YAC7B,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,oDAAoD,CACvD,CAAC;YACF,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,qBAAqB;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,mCAAmC,KAAK,6BAA6B,CACxE,CAAC;YACF,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,qBAAqB;QACrD,CAAC;IACL,CAAC;CACJ;AAxKD,sDAwKC"}
|
|
@@ -0,0 +1,140 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Auth types and interfaces for DataFlint authentication
|
|
3
|
+
*
|
|
4
|
+
* This module defines the core interfaces used across all authentication strategies:
|
|
5
|
+
* - Service Account (M2M token from file)
|
|
6
|
+
* - Auth0 M2M (client credentials grant)
|
|
7
|
+
* - Auth0 User (interactive OAuth2/PKCE flow)
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Basic authentication configuration for Auth0
|
|
11
|
+
*/
|
|
12
|
+
export interface AuthConfig {
|
|
13
|
+
domain: string;
|
|
14
|
+
clientId: string;
|
|
15
|
+
scope: string;
|
|
16
|
+
audience: string;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Result from a successful authentication
|
|
20
|
+
*/
|
|
21
|
+
export interface AuthResult {
|
|
22
|
+
accessToken: string;
|
|
23
|
+
idToken?: string;
|
|
24
|
+
refreshToken?: string;
|
|
25
|
+
expiresAt?: Date;
|
|
26
|
+
userInfo?: unknown;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Credentials required for Auth0 M2M (client credentials) authentication
|
|
30
|
+
*/
|
|
31
|
+
export interface Auth0M2MCredentials {
|
|
32
|
+
client_id: string;
|
|
33
|
+
client_secret: string;
|
|
34
|
+
audience: string;
|
|
35
|
+
domain: string;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Authentication strategy types
|
|
39
|
+
*/
|
|
40
|
+
export declare enum AuthStrategyType {
|
|
41
|
+
SERVICE_ACCOUNT = "service_account",
|
|
42
|
+
AUTH0_M2M = "auth0_m2m",
|
|
43
|
+
AUTH0_USER = "auth0_user"
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* M2M authentication mode types
|
|
47
|
+
*/
|
|
48
|
+
export declare enum M2MType {
|
|
49
|
+
NONE = "none",
|
|
50
|
+
SERVICE_ACCOUNT = "service_account",
|
|
51
|
+
AUTH0_M2M = "auth0_m2m"
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* M2M authentication mode - single source of truth for M2M detection
|
|
55
|
+
*/
|
|
56
|
+
export type M2MMode = {
|
|
57
|
+
type: M2MType.NONE;
|
|
58
|
+
} | {
|
|
59
|
+
type: M2MType.SERVICE_ACCOUNT;
|
|
60
|
+
tokenPath: string;
|
|
61
|
+
tenantId?: string;
|
|
62
|
+
} | {
|
|
63
|
+
type: M2MType.AUTH0_M2M;
|
|
64
|
+
secretName: string;
|
|
65
|
+
tenantId?: string;
|
|
66
|
+
};
|
|
67
|
+
/**
|
|
68
|
+
* User information returned from authentication
|
|
69
|
+
*/
|
|
70
|
+
export interface AuthUserInfo {
|
|
71
|
+
sub: string;
|
|
72
|
+
name: string;
|
|
73
|
+
tenant_id?: string;
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Common interface for all authentication strategies
|
|
77
|
+
*
|
|
78
|
+
* Implementations:
|
|
79
|
+
* - ServiceAccountService: Reads JWT from file path
|
|
80
|
+
* - Auth0M2MService: Uses client credentials grant
|
|
81
|
+
* - Auth0Service: Uses interactive OAuth2/PKCE flow
|
|
82
|
+
*/
|
|
83
|
+
export interface IAuthStrategy {
|
|
84
|
+
/**
|
|
85
|
+
* Get the type of this authentication strategy
|
|
86
|
+
*/
|
|
87
|
+
getType(): AuthStrategyType;
|
|
88
|
+
/**
|
|
89
|
+
* Initialize the authentication strategy (e.g., discover issuer, validate credentials)
|
|
90
|
+
*/
|
|
91
|
+
initialize(): Promise<void>;
|
|
92
|
+
/**
|
|
93
|
+
* Get a valid access token, refreshing if necessary
|
|
94
|
+
*/
|
|
95
|
+
getToken(): Promise<string>;
|
|
96
|
+
/**
|
|
97
|
+
* Force refresh the token
|
|
98
|
+
*/
|
|
99
|
+
refreshToken(): Promise<void>;
|
|
100
|
+
/**
|
|
101
|
+
* Check if currently authenticated with a valid token
|
|
102
|
+
*/
|
|
103
|
+
isAuthenticated(): Promise<boolean>;
|
|
104
|
+
/**
|
|
105
|
+
* Get user information for the current authentication
|
|
106
|
+
*/
|
|
107
|
+
getUserInfo(): Promise<AuthUserInfo>;
|
|
108
|
+
/**
|
|
109
|
+
* Get the tenant ID associated with this authentication (if any)
|
|
110
|
+
*/
|
|
111
|
+
getTenantId(): string | undefined;
|
|
112
|
+
}
|
|
113
|
+
/**
|
|
114
|
+
* Configuration provider interface for authentication
|
|
115
|
+
*/
|
|
116
|
+
export interface IAuthConfigProvider {
|
|
117
|
+
getAuthConfig(): AuthConfig;
|
|
118
|
+
getM2MMode(): M2MMode;
|
|
119
|
+
getTenantId(): string | undefined;
|
|
120
|
+
getEnvironment(): string;
|
|
121
|
+
getServerUrl(): string;
|
|
122
|
+
}
|
|
123
|
+
/**
|
|
124
|
+
* Logger interface for authentication services
|
|
125
|
+
*/
|
|
126
|
+
export interface IAuthLogger {
|
|
127
|
+
info(message: string): void;
|
|
128
|
+
warn(message: string): void;
|
|
129
|
+
error(message: string, error?: unknown): void;
|
|
130
|
+
debug(message: string): void;
|
|
131
|
+
}
|
|
132
|
+
/**
|
|
133
|
+
* Handler for opening URLs (used for OAuth2 browser-based flow)
|
|
134
|
+
*/
|
|
135
|
+
export type OpenUrlHandler = (url: string) => Promise<void>;
|
|
136
|
+
/**
|
|
137
|
+
* Provider function for AuthConfig
|
|
138
|
+
*/
|
|
139
|
+
export type ConfigProvider = () => AuthConfig;
|
|
140
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,oBAAY,gBAAgB;IACxB,eAAe,oBAAoB;IACnC,SAAS,cAAc;IACvB,UAAU,eAAe;CAC5B;AAED;;GAEG;AACH,oBAAY,OAAO;IACf,IAAI,SAAS;IACb,eAAe,oBAAoB;IACnC,SAAS,cAAc;CAC1B;AAED;;GAEG;AACH,MAAM,MAAM,OAAO,GACb;IAAE,IAAI,EAAE,OAAO,CAAC,IAAI,CAAA;CAAE,GACtB;IAAE,IAAI,EAAE,OAAO,CAAC,eAAe,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,GACvE;IAAE,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzE;;GAEG;AACH,MAAM,WAAW,YAAY;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa;IAC1B;;OAEG;IACH,OAAO,IAAI,gBAAgB,CAAC;IAE5B;;OAEG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;OAEG;IACH,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAE5B;;OAEG;IACH,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9B;;OAEG;IACH,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpC;;OAEG;IACH,WAAW,IAAI,OAAO,CAAC,YAAY,CAAC,CAAC;IAErC;;OAEG;IACH,WAAW,IAAI,MAAM,GAAG,SAAS,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAChC,aAAa,IAAI,UAAU,CAAC;IAC5B,UAAU,IAAI,OAAO,CAAC;IACtB,WAAW,IAAI,MAAM,GAAG,SAAS,CAAC;IAClC,cAAc,IAAI,MAAM,CAAC;IACzB,YAAY,IAAI,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IACxB,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IAC9C,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAE5D;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Auth types and interfaces for DataFlint authentication
|
|
4
|
+
*
|
|
5
|
+
* This module defines the core interfaces used across all authentication strategies:
|
|
6
|
+
* - Service Account (M2M token from file)
|
|
7
|
+
* - Auth0 M2M (client credentials grant)
|
|
8
|
+
* - Auth0 User (interactive OAuth2/PKCE flow)
|
|
9
|
+
*/
|
|
10
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
+
exports.M2MType = exports.AuthStrategyType = void 0;
|
|
12
|
+
/**
|
|
13
|
+
* Authentication strategy types
|
|
14
|
+
*/
|
|
15
|
+
var AuthStrategyType;
|
|
16
|
+
(function (AuthStrategyType) {
|
|
17
|
+
AuthStrategyType["SERVICE_ACCOUNT"] = "service_account";
|
|
18
|
+
AuthStrategyType["AUTH0_M2M"] = "auth0_m2m";
|
|
19
|
+
AuthStrategyType["AUTH0_USER"] = "auth0_user";
|
|
20
|
+
})(AuthStrategyType || (exports.AuthStrategyType = AuthStrategyType = {}));
|
|
21
|
+
/**
|
|
22
|
+
* M2M authentication mode types
|
|
23
|
+
*/
|
|
24
|
+
var M2MType;
|
|
25
|
+
(function (M2MType) {
|
|
26
|
+
M2MType["NONE"] = "none";
|
|
27
|
+
M2MType["SERVICE_ACCOUNT"] = "service_account";
|
|
28
|
+
M2MType["AUTH0_M2M"] = "auth0_m2m";
|
|
29
|
+
})(M2MType || (exports.M2MType = M2MType = {}));
|
|
30
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAiCH;;GAEG;AACH,IAAY,gBAIX;AAJD,WAAY,gBAAgB;IACxB,uDAAmC,CAAA;IACnC,2CAAuB,CAAA;IACvB,6CAAyB,CAAA;AAC7B,CAAC,EAJW,gBAAgB,gCAAhB,gBAAgB,QAI3B;AAED;;GAEG;AACH,IAAY,OAIX;AAJD,WAAY,OAAO;IACf,wBAAa,CAAA;IACb,8CAAmC,CAAA;IACnC,kCAAuB,CAAA;AAC3B,CAAC,EAJW,OAAO,uBAAP,OAAO,QAIlB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { Auth0Service, AuthResult, IAuthStrategy } from "
|
|
1
|
+
import { Auth0Service, AuthResult, IAuthStrategy } from "./auth/index.js";
|
|
2
2
|
import { IConfigService } from "./types";
|
|
3
3
|
import { ApplicationSummary, DataFlintPromptsResponse, Job, JobAlert, FullJobAlert, ServiceStatus, SqlQueriesCode, CopilotApplicationRichResponse, CopilotJobRichResponse, GetApplicationsParams, GetJobsRichParams, NodeMapping, HighlightResponse, LLMFinding, FindingsResponse, ClearHighlightsResponse, RemapReason, RemapResponse, GetFindingsParams, StoredFinding, UpdateFindingStatusResponse, MultiNodeFinding, MultiNodeFindingsResponse, SparkExpertiseResponse, ExpertiseTopicsResponse, HighlightContextResponse, PromptLayerType, PromptLayerResponse, AvailableLayersResponse, JobSparkConfigResponse, IssueReportMetadataResponse, IssueReportRequest, IssueReportResponse } from "./dataflint-server-models";
|
|
4
4
|
type Auth0ServiceFactory = () => Auth0Service;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dataflint-server-service.d.ts","sourceRoot":"","sources":["../src/dataflint-server-service.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"dataflint-server-service.d.ts","sourceRoot":"","sources":["../src/dataflint-server-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAE1E,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EACH,kBAAkB,EAClB,wBAAwB,EACxB,GAAG,EACH,QAAQ,EACR,YAAY,EACZ,aAAa,EACb,cAAc,EACd,8BAA8B,EAC9B,sBAAsB,EACtB,qBAAqB,EACrB,iBAAiB,EACjB,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,gBAAgB,EAChB,uBAAuB,EACvB,WAAW,EACX,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,2BAA2B,EAC3B,gBAAgB,EAChB,yBAAyB,EACzB,sBAAsB,EACtB,uBAAuB,EACvB,wBAAwB,EACxB,eAAe,EACf,mBAAmB,EACnB,uBAAuB,EACvB,sBAAsB,EACtB,2BAA2B,EAC3B,kBAAkB,EAClB,mBAAmB,EACtB,MAAM,2BAA2B,CAAC;AAgBnC,KAAK,mBAAmB,GAAG,MAAM,YAAY,CAAC;AAC9C,KAAK,eAAe,GAAG,MAAM,MAAM,GAAG,IAAI,CAAC;AAC3C,KAAK,cAAc,GAAG,MAAM,MAAM,GAAG,IAAI,CAAC;AAE1C,qBAAa,sBAAsB;IAC/B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAMzB;IAEX,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,WAAW,CAAC,CAAe;IACnC,OAAO,CAAC,kBAAkB,CAAsB;IAChD,OAAO,CAAC,WAAW,CAA2B;IAC9C,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,YAAY,CAAkB;IACtC,OAAO,CAAC,WAAW,CAAiB;IACpC,OAAO,CAAC,WAAW,CAA8B;gBAG7C,kBAAkB,EAAE,mBAAmB,EACvC,aAAa,EAAE,cAAc,EAC7B,eAAe,CAAC,EAAE,eAAe,EACjC,WAAW,CAAC,EAAE,aAAa,EAC3B,cAAc,CAAC,EAAE,cAAc;IAgBnC;;OAEG;YACW,cAAc;IAiB5B;;OAEG;YACW,cAAc;IA8B5B;;OAEG;YACW,eAAe;IAYvB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;IAarC;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA4F5B;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ3B;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ7B;;OAEG;YACW,mBAAmB;IAiDjC;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA6B9C;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC;IAmCjC;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAuBzC;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;IAyCrC;;OAEG;IACH,cAAc,IAAI,UAAU,GAAG,IAAI;IAInC;;OAEG;IACH,gBAAgB,IAAI,aAAa;IASjC;;OAEG;YACW,wBAAwB;IA8FtC;;OAEG;IACG,mBAAmB,IAAI,OAAO,CAAC,wBAAwB,CAAC;IAc9D;;OAEG;IACG,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAoBxE;;OAEG;IACG,kBAAkB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAiB/D;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAgCxB;;OAEG;YACW,gBAAgB;IAsD9B;;OAEG;IACG,iBAAiB,CACnB,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;QACL,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;KAClB,GACP,OAAO,CAAC,cAAc,CAAC;IAuB1B;;OAEG;IACG,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAYtD;;OAEG;IACG,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAY9D;;OAEG;IACG,UAAU,CACZ,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;QACL,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,IAAI,CAAC,EAAE,OAAO,CAAC;KACb,GACP,OAAO,CAAC,GAAG,CAAC;IAkCf;;;OAGG;IACG,iBAAiB,CACnB,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;QACL,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;KACf,GACP,OAAO,CAAC,GAAG,CAAC;IAOf;;OAEG;IACG,eAAe,CACjB,MAAM,EAAE,qBAAqB,GAC9B,OAAO,CAAC,8BAA8B,EAAE,CAAC;IAsB5C;;OAEG;IACG,sBAAsB,CACxB,MAAM,EAAE,iBAAiB,GAC1B,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAiBpC;;OAEG;IACG,kBAAkB,CACpB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,WAAW,EAAE,GACxB,OAAO,CAAC,iBAAiB,CAAC;IAoB7B;;OAEG;IACG,uBAAuB,CACzB,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,UAAU,EAAE,GACvB,OAAO,CAAC,gBAAgB,CAAC;IAqB5B;;OAEG;IACG,aAAa,CACf,KAAK,EAAE,MAAM,EACb,WAAW,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,iBAAiB,CAAC;IAkB7B;;OAEG;IACG,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC;IActE;;OAEG;IACG,qBAAqB,CACvB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,WAAW,GACpB,OAAO,CAAC,aAAa,CAAC;IAqBzB;;OAEG;IACG,mBAAmB,CACrB,KAAK,EAAE,MAAM,EACb,MAAM,GAAE,MAAW,EACnB,OAAO,GAAE,MAAW,GACrB,OAAO,CAAC,wBAAwB,CAAC;IAuBpC;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAoBtE;;OAEG;IACG,mBAAmB,CACrB,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,WAAW,GAAG,SAAS,GAChC,OAAO,CAAC,2BAA2B,CAAC;IAkBvC;;OAEG;IACG,uBAAuB,CACzB,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,gBAAgB,EAAE,GAC7B,OAAO,CAAC,yBAAyB,CAAC;IAqBrC;;OAEG;IACG,iBAAiB,CACnB,KAAK,EAAE,MAAM,EACb,WAAW,GAAE,OAAe,GAC7B,OAAO,CAAC,sBAAsB,CAAC;IAiBlC;;OAEG;IACG,mBAAmB,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAgB7D;;;OAGG;IACG,cAAc,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAmB1E;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAa1D;;OAEG;IACG,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAqBvE;;;OAGG;IACG,sBAAsB,IAAI,OAAO,CAAC,2BAA2B,CAAC;IAcpE;;;;;;OAMG;IACG,iBAAiB,CACnB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,kBAAkB,GAC5B,OAAO,CAAC,mBAAmB,CAAC;CAiBlC"}
|
|
@@ -34,8 +34,20 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
34
34
|
})();
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
36
|
exports.DataFlintServerService = void 0;
|
|
37
|
+
const zod_1 = require("zod");
|
|
37
38
|
const logger_1 = require("./logger");
|
|
38
39
|
const retry = __importStar(require("retry"));
|
|
40
|
+
// Zod schema for runtime validation of stored auth results
|
|
41
|
+
const AuthResultSchema = zod_1.z.object({
|
|
42
|
+
accessToken: zod_1.z.string(),
|
|
43
|
+
idToken: zod_1.z.string().optional(),
|
|
44
|
+
refreshToken: zod_1.z.string().optional(),
|
|
45
|
+
expiresAt: zod_1.z
|
|
46
|
+
.union([zod_1.z.string(), zod_1.z.date()])
|
|
47
|
+
.optional()
|
|
48
|
+
.transform((val) => (typeof val === "string" ? new Date(val) : val)),
|
|
49
|
+
userInfo: zod_1.z.unknown().optional(),
|
|
50
|
+
});
|
|
39
51
|
class DataFlintServerService {
|
|
40
52
|
static RETRY_CONFIG = {
|
|
41
53
|
RETRIES: 25, // Total retry attempts (was 5 + 20 = 25)
|
|
@@ -90,9 +102,16 @@ class DataFlintServerService {
|
|
|
90
102
|
try {
|
|
91
103
|
const storedAuth = await this.configService.getAuthSecret();
|
|
92
104
|
if (storedAuth) {
|
|
93
|
-
const
|
|
105
|
+
const parsed = JSON.parse(storedAuth);
|
|
106
|
+
const result = AuthResultSchema.safeParse(parsed);
|
|
107
|
+
if (!result.success) {
|
|
108
|
+
logger.warn(`Invalid stored auth format: ${result.error.issues.map((i) => i.message).join(", ")}`);
|
|
109
|
+
// Clear invalid stored auth
|
|
110
|
+
await this.clearAuthResult();
|
|
111
|
+
return null;
|
|
112
|
+
}
|
|
94
113
|
logger.debug(`Authentication result loaded from persistent storage for environment: ${this.configService.getEnvironment()}`);
|
|
95
|
-
return
|
|
114
|
+
return result.data;
|
|
96
115
|
}
|
|
97
116
|
logger.debug(`No authentication result found in persistent storage for environment: ${this.configService.getEnvironment()}`);
|
|
98
117
|
return null;
|
|
@@ -146,6 +165,9 @@ class DataFlintServerService {
|
|
|
146
165
|
logger.info(`Environment: ${this.configService.getEnvironment()}`);
|
|
147
166
|
logger.info(`Admin Company Domain: ${this.configService.getAdminCompanyDomain()}`);
|
|
148
167
|
logger.info("Step 1/4: Initializing Auth0 service...");
|
|
168
|
+
if (!this.authService) {
|
|
169
|
+
throw new Error("Auth service not initialized - this should not happen in OAuth mode");
|
|
170
|
+
}
|
|
149
171
|
await this.authService.initialize();
|
|
150
172
|
logger.info("Auth0 service initialized successfully");
|
|
151
173
|
logger.info("Step 2/4: Loading existing authentication...");
|
|
@@ -223,6 +245,9 @@ class DataFlintServerService {
|
|
|
223
245
|
return;
|
|
224
246
|
}
|
|
225
247
|
const logger = logger_1.Logger.getInstance();
|
|
248
|
+
if (!this.authService) {
|
|
249
|
+
throw new Error("Auth service not initialized - cannot authenticate without auth service");
|
|
250
|
+
}
|
|
226
251
|
try {
|
|
227
252
|
if (this.currentAuth &&
|
|
228
253
|
!this.authService.isTokenExpired(this.currentAuth)) {
|