@dbmx/confy 0.0.77 → 0.0.80

package/esm/node_modules/@dbmx/auth/dist/index.js

@@ -1,638 +0,0 @@
-import urljoin from '../../../url-join/lib/url-join.js';
-import axios from 'axios';
-import { nanoid } from 'nanoid';
-import { jws, hextob64u as hextob64u_1, crypto as crypto_1 } from '../../../jsrsasign/lib/jsrsasign.js';
-import { AuthRedirect as AuthRedirect$1 } from './oidc-client.js';
-import '../../../oidc-client-ts/dist/esm/oidc-client-ts.js';
-import merge from '../../../ramda/es/merge.js';
-import prop from '../../../ramda/es/prop.js';
-
-let self;
-
-const DEFAULT_CONFIG = {
-  response_type: 'code',
-  scope: 'openid offline_access',
-  automaticSilentRenew: true,
-};
-
-const SESSION_ENDING_TIMEOUT = 30;
-const OTP_ACCESS_TOKEN_NAME = 'OTP_ACCESS_TOKEN';
-
-class EventEmitter {
-  constructor() {
-    this.listeners = {};
-  }
-
-  on(type, cb) {
-    if (!(type in this.listeners)) {
-      this.listeners[type] = [];
-    }
-    this.listeners[type].push(cb);
-  }
-
-  emit(event) {
-    if (!(event.type in this.listeners)) return
-    const stack = this.listeners[event.type].slice();
-    for (let i = 0, l = stack.length; i < l; i++) {
-      stack[i].call(this, event);
-    }
-  }
-}
-
-class Auth extends EventEmitter {
-  constructor(options, tokens) {
-    super();
-    this.options = options;
-    this.tokens = tokens;
-  }
-
-  registerLogout(delay) {
-    if (!this.tokens) return
-    this.logoutTimer = setTimeout(() => this.signOut(), delay || this.tokens.expires_in * 1000);
-  }
-
-  registerEndSession() {
-    if (!this.tokens) return
-    if (this.refreshSessionTimer) clearTimeout(this.refreshSessionTimer);
-    this.refreshSessionTimer = setTimeout(() => {
-      this.checkSession()
-        .then(() => this.emit({ type: 'sessionEnding', timeout: SESSION_ENDING_TIMEOUT }))
-        .catch(() => this.signOut());
-    }, this.getSessionExpirationDelay(this.tokens));
-  }
-
-  async refreshTokens() {
-    if (!this.tokens) return
-    try {
-      const url = '/api/authOTP/refreshTokens';
-      const res = await fetch(url, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          Authorization: `Bearer ${this.tokens.access_token}`,
-        },
-        body: JSON.stringify({
-          refreshToken: this.tokens.refresh_token,
-        }),
-      });
-      if (!res.ok) {
-        const errorData = await res.json();
-        throw { response: { data: errorData }, status: res.status }
-      }
-      const { accessToken, refreshToken, idToken } = await res.json();
-      const id_token = jws.JWS.parse(idToken);
-      this.tokens = {
-        access_token: accessToken,
-        refresh_token: refreshToken,
-        expires_in: id_token.payloadObj.exp,
-      };
-
-      this.emit({
-        ...this.tokens,
-        type: 'tokensRefreshed',
-        payload: id_token.payloadObj,
-      });
-
-      this.setAccessTokenCookie(accessToken, this.tokens);
-      this.registerEndSession();
-
-      return { ...this.tokens, payload: id_token.payloadObj }
-    } catch (err) {
-      this.signOut();
-      if (err.response?.data) return this.emit({ type: 'error', ...err.response.data })
-      throw err
-    }
-  }
-
-  getSessionExpirationDelay(token) {
-    if (!token?.expires_in) return 3570000
-    return Math.max(0, token.expires_in * 1000 - Date.now() - SESSION_ENDING_TIMEOUT * 1000)
-  }
-
-  autoRefreshTokens() {
-    if (!this.tokens) return
-    if (this.autoRefreshTimer) clearTimeout(this.autoRefreshTimer); // autoRefreshTimer can be called by a client
-    this.autoRefreshTimer = setTimeout(() => this.refreshTokens(), this.getSessionExpirationDelay(this.tokens));
-  }
-
-  async signOut() {
-    await this.endSession();
-    // await this.revokeRefreshToken()
-    this.tokens = null;
-    this.logoutTimer = clearTimeout(this.logoutTimer);
-    this.autoRefreshTimer = clearTimeout(this.autoRefreshTimer);
-    this.refreshSessionTimer = clearTimeout(this.refreshSessionTimer);
-  }
-}
-
-class Oidc extends EventEmitter {
-  constructor(options, tokens) {
-    super();
-    if (!this.isValidConfig(options)) throw new Error(`Invalid setup`)
-    this.options = options;
-    this.tokens = tokens;
-  }
-
-  get configurationUrl() {
-    return urljoin(this.options.authority, '/.well-known/openid-configuration')
-  }
-
-  decodeState(state) {
-    return state && JSON.parse(atob(state))
-  }
-
-  makeState() {
-    const state = {
-      srcUrl: window.location.href,
-    };
-    return btoa(JSON.stringify(state))
-  }
-
-  getSessionExpirationDelay(token) {
-    if (!token?.expires_in) return 3570000
-    return token.expires_in * 1000 - SESSION_ENDING_TIMEOUT * 1000
-  }
-
-  get authorizationUrl() {
-    this.code_verifier = `${nanoid()}-${nanoid()}`;
-    localStorage.setItem('code_verifier', this.code_verifier);
-    this.code_challenge = hextob64u_1(crypto_1.Util.hashString(this.code_verifier, 'SHA256'));
-    return urljoin(
-      this.authConfig.authorization_endpoint,
-      `?client_id=${this.options.client_id}`,
-      `?scope=${this.options.scope}`,
-      `?redirect_uri=${this.options.redirect_uri}`,
-      `?response_type=${this.options.response_type}`,
-      `?nonce=${nanoid()}`,
-      `?code_challenge=${this.code_challenge}`,
-      `?code_challenge_method=S256`,
-      `?state=${this.makeState()}`,
-    )
-  }
-
-  get endSessionUrl() {
-    return urljoin(
-      this.authConfig.end_session_endpoint,
-      `?client_id=${this.options.client_id}`,
-      `?id_token_hint=${this.tokens?.id_token}`,
-    )
-  }
-
-  get endSessionUrlWithRedirect() {
-    return urljoin(this.endSessionUrl, `&post_logout_redirect_uri=${this.options.redirect_uri}`)
-  }
-
-  async getOpenIdConfiguration() {
-    try {
-      const res = await axios.get(this.configurationUrl).then(prop('data'));
-      this.emit({ type: 'configurationLoaded', config: this.authConfig });
-      return res
-    } catch (err) {
-      throw new Error(`Cannot load openid configuration from ${this.configurationUrl}`)
-    }
-  }
-
-  async revoke(type) {
-    const url = this.authConfig.revocation_endpoint;
-    const config = {
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded',
-      },
-    };
-    const params = new URLSearchParams();
-    params.append('client_id', this.options.client_id);
-    params.append('token', this.tokens[type]);
-    params.append('token_type_hint', type);
-
-    try {
-      await axios.post(url, params, config).then(prop('data'));
-    } catch (err) {
-      if (err.response?.data) return this.emit({ type: 'error', ...err.response.data })
-      throw err
-    }
-  }
-
-  revokeAccessToken() {
-    return this.revoke('access_token')
-  }
-
-  revokeRefreshToken() {
-    return this.revoke('refresh_token')
-  }
-
-  registerLogout(delay) {
-    if (!this.tokens) return
-    this.logoutTimer = setTimeout(() => this.signOut(), delay || this.tokens.expires_in * 1000);
-  }
-
-  autoRefreshTokens() {
-    if (!this.tokens) return
-    if (this.autoRefreshTimer) clearTimeout(this.autoRefreshTimer); // autoRefreshTimer can be called by a client
-    this.autoRefreshTimer = setTimeout(() => this.refreshTokens(), this.getSessionExpirationDelay(this.tokens));
-  }
-
-  async checkSession() {
-    if (!this.tokens) return
-    const url = urljoin(this.authConfig.userinfo_endpoint, `?access_token=${this.tokens.access_token}`);
-    return axios.get(url)
-  }
-
-  manageSession(delay = 60 * 1000) {
-    if (!this.tokens) return
-    setTimeout(() => {
-      this.checkSession()
-        .then(() => this.manageSession(delay))
-        .catch(() => this.signOut());
-    }, delay);
-  }
-
-  registerEndSession() {
-    if (!this.tokens) return
-    if (this.refreshSessionTimer) clearTimeout(this.refreshSessionTimer);
-    this.refreshSessionTimer = setTimeout(() => {
-      this.checkSession()
-        .then(() => this.emit({ type: 'sessionEnding', timeout: SESSION_ENDING_TIMEOUT }))
-        .catch(() => this.signOut());
-    }, this.getSessionExpirationDelay(this.tokens));
-  }
-
-  isValidConfig(config) {
-    return config?.authority
-  }
-
-  async getAccessTokenFromCode(code) {
-    const params = new URLSearchParams();
-    params.append('code', code);
-    params.append('client_id', this.options.client_id);
-    params.append('grant_type', 'authorization_code');
-    params.append('redirect_uri', this.options.redirect_uri);
-    params.append('code_verifier', this.code_verifier);
-    const config = {
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded',
-      },
-    };
-    const url = this.authConfig.token_endpoint;
-    try {
-      this.tokens = await axios.post(url, params, config).then(prop('data'));
-      const id_token = jws.JWS.parse(this.tokens.id_token);
-      if (this.options.autoRefresh) this.autoRefreshTokens();
-      else this.registerEndSession();
-      this.emit({ ...this.tokens, type: 'signedIn', payload: id_token.payloadObj });
-      return { ...this.tokens, payload: id_token.payloadObj }
-    } catch (err) {
-      if (err.response?.data) return this.emit({ type: 'error', ...err.response.data })
-      throw err
-    }
-  }
-
-  async refreshTokens() {
-    if (!this.tokens) return
-    const params = new URLSearchParams();
-    params.append('client_id', this.options.client_id);
-    params.append('grant_type', 'refresh_token');
-    params.append('refresh_token', this.tokens.refresh_token);
-    const config = {
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded',
-      },
-    };
-    const url = this.authConfig.token_endpoint;
-    try {
-      this.tokens = await axios.post(url, params, config).then(prop('data'));
-      const id_token = jws.JWS.parse(this.tokens.id_token);
-      if (this.options.autoRefresh) this.autoRefreshTokens();
-      else this.registerEndSession();
-      this.emit({ ...this.tokens, type: 'tokensRefreshed', payload: id_token.payloadObj });
-      return { ...this.tokens, payload: id_token.payloadObj }
-    } catch (err) {
-      this.signOut();
-      if (err.response?.data) return this.emit({ type: 'error', ...err.response.data })
-      throw err
-    }
-  }
-
-  async signOut() {
-    await this.endSession();
-    // await this.revokeRefreshToken()
-    this.tokens = null;
-    this.logoutTimer = clearTimeout(this.logoutTimer);
-    this.autoRefreshTimer = clearTimeout(this.autoRefreshTimer);
-    this.refreshSessionTimer = clearTimeout(this.refreshSessionTimer);
-  }
-
-  async init(tokens) {
-    this.authConfig = await this.getOpenIdConfiguration();
-    if (tokens || tokens === null) this.tokens = tokens;
-    this.emit({ type: 'configurationLoaded', config: this.authConfig });
-    return this
-  }
-}
-
-class OidcIFrame extends Oidc {
-  async signIn(params) {
-    const options = merge(this.options, params);
-    try {
-      if (!this.authConfig) await this.init();
-      let iframe;
-      if (!options.frame) iframe = this.loginIframe;
-      else {
-        iframe = window.document.getElementById(options.frame);
-        this.loginIframe = iframe;
-      }
-      if (!iframe) throw new Error(`Cannot get login iframe ${options.frame}`)
-      iframe.src = this.authorizationUrl;
-    } catch (err) {
-      this.emit({ type: 'error', error_description: err.message || err.toString() });
-    }
-  }
-
-  async endSession() {
-    if (!this.tokens) return
-    let iframe = document.querySelector('iframe[id=logout-frame]');
-    if (!iframe) {
-      iframe = window.document.createElement('iframe');
-      iframe.id = 'logout-frame';
-      iframe.style = 'position: absolute; width: 1px; height: 1px; inset: -9999px; display: none;';
-      window.document.body.appendChild(iframe);
-    }
-    iframe.src = this.endSessionUrl;
-  }
-}
-
-class OidcLib extends Oidc {
-  async init() {
-    try {
-      this.code_verifier = localStorage.getItem('code_verifier');
-      if (!this.authConfig) this.authConfig = await this.getOpenIdConfiguration();
-      this.emit({ type: 'configurationLoaded', config: this.authConfig });
-    } catch (err) {
-      this.emit({ type: 'error', error_description: err.message || err.toString() });
-    }
-  }
-
-  async signIn() {
-    try {
-      if (!this.authConfig) await this.init();
-      window.location.replace(this.authorizationUrl);
-    } catch (err) {
-      this.emit({ type: 'error', error_description: err.message || err.toString() });
-    }
-  }
-
-  async endSession() {
-    try {
-      if (!this.tokens) return
-      this.emit({ type: 'signedOut' });
-      window.location.replace(this.endSessionUrlWithRedirect);
-    } catch (err) {
-      this.emit({ type: 'error', error_description: err.message || err.toString() });
-    }
-  }
-}
-
-class OTP extends Auth {
-  init(tokens) {
-    this.tokens = tokens;
-    return this
-  }
-
-  async endSession() {
-    if (!this.tokens) return
-
-    try {
-      const url = '/api/authOTP/logout';
-      const res = await fetch(url, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-        },
-        body: JSON.stringify({
-          accessToken: this.tokens.access_token,
-        }),
-      });
-
-      if (!res.ok) {
-        const errorData = await res.json();
-        throw { response: { data: errorData }, status: res.status }
-      }
-
-      this.removeAccessTokenCookie();
-      this.emit({ type: 'signedOut' });
-    } catch (err) {
-      if (err.response?.data) return this.emit({ type: 'error', ...err.response.data })
-      throw err
-    }
-  }
-
-  async checkSession() {
-    if (!this.tokens) return
-
-    const url = '/api/authOTP/getMe';
-
-    const res = await fetch(url, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify({
-        accessToken: this.tokens.access_token,
-      }),
-    });
-
-    if (!res.ok) {
-      throw new Error(`Request failed with status ${res.status}`)
-    }
-
-    return res.json()
-  }
-
-  getHostname() {
-    return location.hostname
-  }
-
-  getBaseDomain() {
-    const hostname = this.getHostname();
-    const parts = hostname.split('.');
-    if (parts.length >= 2) {
-      // take the last two parts for base domain (x.com)
-      const base = parts.slice(-2).join('.');
-      return `.${base}`
-    }
-    return hostname
-  }
-
-  getCookieDomain() {
-    const hostname = this.getHostname();
-    return hostname === 'localhost' || hostname === '0.0.0.0' || hostname === '127.0.0.1'
-      ? ''
-      : `domain=${this.getBaseDomain()};`
-  }
-
-  setAccessTokenCookie(value, token) {
-    const nowSeconds = Math.floor(Date.now() / 1000);
-    const maxAge = Math.max(0, token.expires_in - nowSeconds);
-    const domain = this.getCookieDomain();
-    const addationalParams = domain ? 'Secure; SameSite=None;' : '';
-    document.cookie = `${OTP_ACCESS_TOKEN_NAME}=${value}; max-age=${maxAge}; ${domain} path=/; ${addationalParams}`;
-  }
-
-  getAccessTokenCookie() {
-    const cookies = document.cookie.split(';');
-    for (let cookie of cookies) {
-      const [cookieName, cookieValue] = cookie.split('=');
-      if (cookieName.trim() === OTP_ACCESS_TOKEN_NAME) {
-        const value = cookieValue?.trim();
-        return value ? value : null
-      }
-    }
-    return null
-  }
-
-  removeAccessTokenCookie() {
-    const domain = this.getCookieDomain();
-    document.cookie = `${OTP_ACCESS_TOKEN_NAME}=; ${domain} path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT`;
-  }
-
-  async userTokens(tokens) {
-    const { accessToken, refreshToken, idToken } = tokens;
-
-    try {
-      const idTokenPayload = jws.JWS.parse(idToken);
-
-      this.tokens = {
-        access_token: accessToken,
-        refresh_token: refreshToken,
-        expires_in: idTokenPayload.payloadObj.exp,
-      };
-
-      const signedInOptions = {
-        ...this.tokens,
-        payload: idTokenPayload.payloadObj,
-      };
-
-      this.emit({
-        type: 'signedIn',
-        ...signedInOptions,
-      });
-
-      this.setAccessTokenCookie(accessToken, this.tokens);
-      this.registerEndSession();
-
-      return signedInOptions
-    } catch (error) {
-      // this.emit({ type: 'error', error_description: err.message || err.toString() })
-      this.emit({ type: 'error', error: 'failed' });
-    }
-  }
-}
-
-/**
- * Factory function to create an instance of AuthIFrame, enabling authentication using an iframe
- *
- * @function AuthIFrame
- * @tag auth
- * @param {Object} - [options]:  Configuration options for authentication
- * @param {Function} - [onSignIn]: Callback function invoked on successful sign-in
- * @param {Function} - [onSignOut]: Callback function invoked on sign-out
- * @param {Function} - [onAuthError]: Callback function invoked on authentication error
- * @param {string} - [options.authority]: The authority URL for authentication
- * @param {string} - [options.redirect_uri]: The redirect URI for authentication
- * @param {string} - [options.client_id]: The client ID for authentication
- * @return {Auth} - An instance of Auth
- */
-const AuthIFrame = ({ onSignIn, onSignOut, onAuthError, ...config } = {}) => {
-  let signInTimer;
-  if (!self) {
-    const oidc = new OidcIFrame(Object.assign({}, DEFAULT_CONFIG, config, { redirect_uri: config.redirect_uri }));
-    if (onSignIn) oidc.on('signedIn', onSignIn);
-    if (onSignOut) oidc.on('signedOut', onSignOut);
-    if (onAuthError) oidc.on('error', onAuthError);
-    window.onmessage = e => {
-      if (e.origin === new URL(config.authority).origin) {
-        switch (e.data.type) {
-          case 'code':
-            oidc.getAccessTokenFromCode(e.data.code);
-            break
-          case 'signedOut':
-            oidc.emit({ type: 'signedOut' });
-            break
-          case 'session_not_found':
-            oidc.emit({
-              type: 'error',
-              error: 'session_not_found',
-              error_description: 'Session was expired, please sign in again',
-            });
-            if (signInTimer) clearTimeout(signInTimer);
-            signInTimer = setTimeout(() => oidc.signIn(), 1000);
-            break
-          default:
-            oidc.emit({ ...e.data, type: 'error' });
-        }
-      }
-    };
-    self = oidc;
-  }
-  return self
-};
-
-/**
- * Factory function to create an instance of AuthRedirect, enabling redirect authentication.
- *
- * @function AuthRedirect
- * @tag auth
- * @param {Object} - [options]:  Configuration options for authentication
- * @param {Function} - [onSignIn]: Callback function invoked on successful sign-in
- * @param {Function} - [onSignOut]: Callback function invoked on sign-out
- * @param {Function} - [onAuthError]: Callback function invoked on authentication error
- * @param {string} - [options.redirect_uri]: The redirect URI for authentication
- * @return {AuthRedirect} - An instance of Auth
- */
-const AuthRedirect = ({ onSignIn, onSignOut, onAuthError, ...config } = {}) => {
-  if (config.lib === 'oidc-client-ts') return AuthRedirect$1({ onSignIn, onSignOut, onAuthError, ...config })
-
-  if (!self) {
-    const oidc = new OidcLib(Object.assign({}, DEFAULT_CONFIG, config, { redirect_uri: config.redirect_uri }));
-    if (onSignIn) oidc.on('signedIn', onSignIn);
-    if (onSignOut) oidc.on('signedOut', onSignOut);
-    if (onAuthError) oidc.on('error', onAuthError);
-
-    window.onmessage = async e => {
-      switch (e.data.type) {
-        case 'code':
-          await oidc.init();
-          oidc.getAccessTokenFromCode(e.data.code);
-          break
-      }
-    };
-
-    self = oidc;
-  }
-  return self
-};
-
-/**
- * Factory function to create an instance of AuthOTP, enabling OTP authentication.
- *
- * @function AuthOTP
- * @tag auth
- * @param {Object} - [options]:  Configuration options for authentication
- * @param {Function} - [onSignIn]: Callback function invoked on successful sign-in
- * @param {Function} - [onSignOut]: Callback function invoked on sign-out
- * @param {Function} - [onAuthError]: Callback function invoked on authentication error
- * @return {AuthOTP} - An instance of AuthOTP
- */
-const AuthOTP = ({ onSignIn, onSignOut, onAuthError, ...config } = {}) => {
-  if (!self) {
-    const otp = new OTP(Object.assign({}, config));
-    if (onSignIn) otp.on('signedIn', onSignIn);
-    if (onSignOut) otp.on('signedOut', onSignOut);
-    if (onAuthError) otp.on('error', onAuthError);
-
-    self = otp;
-  }
-  return self
-};
-
-export { AuthIFrame, AuthOTP, AuthRedirect, self };
-//# sourceMappingURL=index.js.map