@dereekb/firebase-server 13.6.16 → 13.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.cjs.js +2615 -951
- package/index.esm.js +2598 -932
- package/mailgun/package.json +9 -9
- package/model/package.json +9 -9
- package/model/src/lib/storagefile/storagefile.action.server.d.ts +4 -13
- package/oidc/index.cjs.js +245 -180
- package/oidc/index.esm.js +242 -178
- package/oidc/package.json +10 -10
- package/oidc/src/lib/middleware/oauth-auth.module.d.ts +18 -25
- package/package.json +11 -10
- package/src/lib/function/error.d.ts +11 -28
- package/src/lib/nest/app.d.ts +4 -45
- package/src/lib/nest/app.module.d.ts +4 -2
- package/src/lib/nest/auth/auth.util.d.ts +71 -5
- package/src/lib/nest/controller/index.d.ts +1 -0
- package/src/lib/nest/controller/model/index.d.ts +4 -0
- package/src/lib/nest/controller/model/model.api.controller.d.ts +93 -0
- package/src/lib/nest/controller/model/model.api.dispatch.d.ts +73 -0
- package/src/lib/nest/controller/model/model.api.get.service.d.ts +73 -0
- package/src/lib/nest/controller/model/model.api.module.d.ts +32 -0
- package/src/lib/nest/model/analytics.handler.d.ts +2 -0
- package/src/lib/nest/model/api.details.d.ts +53 -1
- package/src/lib/nest/model/call.model.function.d.ts +8 -5
- package/src/lib/nest/model/create.model.function.d.ts +1 -1
- package/src/lib/nest/model/crud.assert.function.d.ts +1 -1
- package/src/lib/nest/model/delete.model.function.d.ts +1 -1
- package/src/lib/nest/model/index.d.ts +1 -0
- package/src/lib/nest/model/query.model.function.d.ts +207 -0
- package/src/lib/nest/model/read.model.function.d.ts +1 -1
- package/src/lib/nest/model/update.model.function.d.ts +1 -1
- package/src/lib/nest/nest.provider.d.ts +19 -0
- package/test/index.cjs.js +1358 -398
- package/test/index.esm.js +1355 -400
- package/test/package.json +13 -11
- package/test/src/lib/firebase/firebase.test.d.ts +1 -1
- package/test/src/lib/index.d.ts +1 -0
- package/test/src/lib/oidc/index.d.ts +2 -0
- package/test/src/lib/oidc/oidc.test.fixture.d.ts +126 -0
- package/test/src/lib/oidc/oidc.test.flow.d.ts +43 -0
- package/zoho/package.json +9 -9
package/oidc/index.cjs.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var common = require('@nestjs/common');
|
|
4
|
-
var
|
|
4
|
+
var node_crypto = require('node:crypto');
|
|
5
5
|
var nestjs = require('@dereekb/nestjs');
|
|
6
6
|
var firebase = require('@dereekb/firebase');
|
|
7
7
|
var util = require('@dereekb/util');
|
|
@@ -52,7 +52,7 @@ function _class_call_check$g(instance, Constructor) {
|
|
|
52
52
|
throw new TypeError("Cannot call a class as a function");
|
|
53
53
|
}
|
|
54
54
|
}
|
|
55
|
-
function _defineProperties$
|
|
55
|
+
function _defineProperties$d(target, props) {
|
|
56
56
|
for(var i = 0; i < props.length; i++){
|
|
57
57
|
var descriptor = props[i];
|
|
58
58
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -61,8 +61,8 @@ function _defineProperties$e(target, props) {
|
|
|
61
61
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
62
62
|
}
|
|
63
63
|
}
|
|
64
|
-
function _create_class$
|
|
65
|
-
if (staticProps) _defineProperties$
|
|
64
|
+
function _create_class$d(Constructor, protoProps, staticProps) {
|
|
65
|
+
if (staticProps) _defineProperties$d(Constructor, staticProps);
|
|
66
66
|
return Constructor;
|
|
67
67
|
}
|
|
68
68
|
function _define_property$f(obj, key, value) {
|
|
@@ -169,7 +169,7 @@ function _define_property$f(obj, key, value) {
|
|
|
169
169
|
* Defaults to `false`.
|
|
170
170
|
*/ _define_property$f(this, "registrationEnabled", void 0);
|
|
171
171
|
}
|
|
172
|
-
_create_class$
|
|
172
|
+
_create_class$d(OidcModuleConfig, null, [
|
|
173
173
|
{
|
|
174
174
|
key: "assertValidConfig",
|
|
175
175
|
value: /**
|
|
@@ -292,7 +292,7 @@ function _class_call_check$e(instance, Constructor) {
|
|
|
292
292
|
throw new TypeError("Cannot call a class as a function");
|
|
293
293
|
}
|
|
294
294
|
}
|
|
295
|
-
function _defineProperties$
|
|
295
|
+
function _defineProperties$c(target, props) {
|
|
296
296
|
for(var i = 0; i < props.length; i++){
|
|
297
297
|
var descriptor = props[i];
|
|
298
298
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -301,8 +301,8 @@ function _defineProperties$d(target, props) {
|
|
|
301
301
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
302
302
|
}
|
|
303
303
|
}
|
|
304
|
-
function _create_class$
|
|
305
|
-
if (protoProps) _defineProperties$
|
|
304
|
+
function _create_class$c(Constructor, protoProps, staticProps) {
|
|
305
|
+
if (protoProps) _defineProperties$c(Constructor.prototype, protoProps);
|
|
306
306
|
return Constructor;
|
|
307
307
|
}
|
|
308
308
|
function _define_property$e(obj, key, value) {
|
|
@@ -534,7 +534,7 @@ exports.JwksService = /*#__PURE__*/ function() {
|
|
|
534
534
|
this.saveJwksToStorage = (_config_enableSaveJwksToStorage = config.enableSaveJwksToStorage) !== null && _config_enableSaveJwksToStorage !== void 0 ? _config_enableSaveJwksToStorage : hasStorageFile;
|
|
535
535
|
this.serveJwksFromStorage = (_config_serveJwksFromStorage = config.serveJwksFromStorage) !== null && _config_serveJwksFromStorage !== void 0 ? _config_serveJwksFromStorage : this.saveJwksToStorage;
|
|
536
536
|
}
|
|
537
|
-
_create_class$
|
|
537
|
+
_create_class$c(JwksService, [
|
|
538
538
|
{
|
|
539
539
|
key: "jwksKeyCollection",
|
|
540
540
|
get: function get() {
|
|
@@ -557,7 +557,7 @@ exports.JwksService = /*#__PURE__*/ function() {
|
|
|
557
557
|
return _ts_generator$a(this, function(_state) {
|
|
558
558
|
switch(_state.label){
|
|
559
559
|
case 0:
|
|
560
|
-
_generateKeyPairSync =
|
|
560
|
+
_generateKeyPairSync = node_crypto.generateKeyPairSync('rsa', {
|
|
561
561
|
modulusLength: 2048,
|
|
562
562
|
publicKeyEncoding: {
|
|
563
563
|
type: 'spki',
|
|
@@ -568,7 +568,7 @@ exports.JwksService = /*#__PURE__*/ function() {
|
|
|
568
568
|
format: 'jwk'
|
|
569
569
|
}
|
|
570
570
|
}), publicKey = _generateKeyPairSync.publicKey, privateKey = _generateKeyPairSync.privateKey;
|
|
571
|
-
kid =
|
|
571
|
+
kid = node_crypto.randomBytes(16).toString('hex');
|
|
572
572
|
publicJwk = _object_spread_props$3(_object_spread$6({}, publicKey), {
|
|
573
573
|
kid: kid,
|
|
574
574
|
kty: 'RSA',
|
|
@@ -998,7 +998,7 @@ function _class_call_check$d(instance, Constructor) {
|
|
|
998
998
|
throw new TypeError("Cannot call a class as a function");
|
|
999
999
|
}
|
|
1000
1000
|
}
|
|
1001
|
-
function _defineProperties$
|
|
1001
|
+
function _defineProperties$b(target, props) {
|
|
1002
1002
|
for(var i = 0; i < props.length; i++){
|
|
1003
1003
|
var descriptor = props[i];
|
|
1004
1004
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -1007,8 +1007,8 @@ function _defineProperties$c(target, props) {
|
|
|
1007
1007
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
1008
1008
|
}
|
|
1009
1009
|
}
|
|
1010
|
-
function _create_class$
|
|
1011
|
-
if (protoProps) _defineProperties$
|
|
1010
|
+
function _create_class$b(Constructor, protoProps, staticProps) {
|
|
1011
|
+
if (protoProps) _defineProperties$b(Constructor.prototype, protoProps);
|
|
1012
1012
|
return Constructor;
|
|
1013
1013
|
}
|
|
1014
1014
|
function _define_property$d(obj, key, value) {
|
|
@@ -1183,7 +1183,7 @@ function _ts_generator$9(thisArg, body) {
|
|
|
1183
1183
|
this._uid = _uid;
|
|
1184
1184
|
this.authUserContext = this._service.authService.userContext(this._uid);
|
|
1185
1185
|
}
|
|
1186
|
-
_create_class$
|
|
1186
|
+
_create_class$b(OidcAccountServiceUserContext, [
|
|
1187
1187
|
{
|
|
1188
1188
|
key: "uid",
|
|
1189
1189
|
get: function get() {
|
|
@@ -1267,7 +1267,7 @@ function _ts_generator$9(thisArg, body) {
|
|
|
1267
1267
|
this.authService = authService;
|
|
1268
1268
|
this.delegate = delegate;
|
|
1269
1269
|
}
|
|
1270
|
-
_create_class$
|
|
1270
|
+
_create_class$b(OidcAccountService, [
|
|
1271
1271
|
{
|
|
1272
1272
|
key: "providerConfig",
|
|
1273
1273
|
get: /**
|
|
@@ -1309,7 +1309,7 @@ function _class_call_check$c(instance, Constructor) {
|
|
|
1309
1309
|
throw new TypeError("Cannot call a class as a function");
|
|
1310
1310
|
}
|
|
1311
1311
|
}
|
|
1312
|
-
function _defineProperties$
|
|
1312
|
+
function _defineProperties$a(target, props) {
|
|
1313
1313
|
for(var i = 0; i < props.length; i++){
|
|
1314
1314
|
var descriptor = props[i];
|
|
1315
1315
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -1318,8 +1318,8 @@ function _defineProperties$b(target, props) {
|
|
|
1318
1318
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
1319
1319
|
}
|
|
1320
1320
|
}
|
|
1321
|
-
function _create_class$
|
|
1322
|
-
if (protoProps) _defineProperties$
|
|
1321
|
+
function _create_class$a(Constructor, protoProps, staticProps) {
|
|
1322
|
+
if (protoProps) _defineProperties$a(Constructor.prototype, protoProps);
|
|
1323
1323
|
return Constructor;
|
|
1324
1324
|
}
|
|
1325
1325
|
function _get_prototype_of(o) {
|
|
@@ -1388,7 +1388,7 @@ function _is_native_reflect_construct() {
|
|
|
1388
1388
|
_class_call_check$c(this, JwksKeyDocument);
|
|
1389
1389
|
return _call_super(this, JwksKeyDocument, arguments);
|
|
1390
1390
|
}
|
|
1391
|
-
_create_class$
|
|
1391
|
+
_create_class$a(JwksKeyDocument, [
|
|
1392
1392
|
{
|
|
1393
1393
|
key: "modelIdentity",
|
|
1394
1394
|
get: function get() {
|
|
@@ -1783,7 +1783,7 @@ function _class_call_check$a(instance, Constructor) {
|
|
|
1783
1783
|
throw new TypeError("Cannot call a class as a function");
|
|
1784
1784
|
}
|
|
1785
1785
|
}
|
|
1786
|
-
function _defineProperties$
|
|
1786
|
+
function _defineProperties$9(target, props) {
|
|
1787
1787
|
for(var i = 0; i < props.length; i++){
|
|
1788
1788
|
var descriptor = props[i];
|
|
1789
1789
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -1792,8 +1792,8 @@ function _defineProperties$a(target, props) {
|
|
|
1792
1792
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
1793
1793
|
}
|
|
1794
1794
|
}
|
|
1795
|
-
function _create_class$
|
|
1796
|
-
if (protoProps) _defineProperties$
|
|
1795
|
+
function _create_class$9(Constructor, protoProps, staticProps) {
|
|
1796
|
+
if (protoProps) _defineProperties$9(Constructor.prototype, protoProps);
|
|
1797
1797
|
return Constructor;
|
|
1798
1798
|
}
|
|
1799
1799
|
function _define_property$c(obj, key, value) {
|
|
@@ -1954,7 +1954,7 @@ function _ts_generator$7(thisArg, body) {
|
|
|
1954
1954
|
_define_property$c(this, "oidcService", void 0);
|
|
1955
1955
|
this.oidcService = oidcService;
|
|
1956
1956
|
}
|
|
1957
|
-
_create_class$
|
|
1957
|
+
_create_class$9(OidcClientService, [
|
|
1958
1958
|
{
|
|
1959
1959
|
key: "createClient",
|
|
1960
1960
|
value: /**
|
|
@@ -2012,7 +2012,7 @@ function _ts_generator$7(thisArg, body) {
|
|
|
2012
2012
|
properties.jwks = validatedMetadata.jwks;
|
|
2013
2013
|
}
|
|
2014
2014
|
if (ProviderClient.needsSecret(properties)) {
|
|
2015
|
-
clientSecret =
|
|
2015
|
+
clientSecret = node_crypto.randomBytes(64).toString('base64url');
|
|
2016
2016
|
properties.client_secret = clientSecret;
|
|
2017
2017
|
properties.client_secret_expires_at = 0;
|
|
2018
2018
|
}
|
|
@@ -2148,7 +2148,7 @@ function _ts_generator$7(thisArg, body) {
|
|
|
2148
2148
|
if (!existing) {
|
|
2149
2149
|
throw new Error('Client not found.');
|
|
2150
2150
|
}
|
|
2151
|
-
newSecret =
|
|
2151
|
+
newSecret = node_crypto.randomBytes(64).toString('base64url');
|
|
2152
2152
|
updatedMetadata = _object_spread_props$2(_object_spread$5({}, existing), {
|
|
2153
2153
|
client_secret: newSecret,
|
|
2154
2154
|
client_secret_expires_at: 0
|
|
@@ -2348,7 +2348,7 @@ function _class_call_check$9(instance, Constructor) {
|
|
|
2348
2348
|
throw new TypeError("Cannot call a class as a function");
|
|
2349
2349
|
}
|
|
2350
2350
|
}
|
|
2351
|
-
function _defineProperties$
|
|
2351
|
+
function _defineProperties$8(target, props) {
|
|
2352
2352
|
for(var i = 0; i < props.length; i++){
|
|
2353
2353
|
var descriptor = props[i];
|
|
2354
2354
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -2357,8 +2357,8 @@ function _defineProperties$9(target, props) {
|
|
|
2357
2357
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
2358
2358
|
}
|
|
2359
2359
|
}
|
|
2360
|
-
function _create_class$
|
|
2361
|
-
if (protoProps) _defineProperties$
|
|
2360
|
+
function _create_class$8(Constructor, protoProps, staticProps) {
|
|
2361
|
+
if (protoProps) _defineProperties$8(Constructor.prototype, protoProps);
|
|
2362
2362
|
return Constructor;
|
|
2363
2363
|
}
|
|
2364
2364
|
function _define_property$a(obj, key, value) {
|
|
@@ -2530,7 +2530,7 @@ function _ts_generator$6(thisArg, body) {
|
|
|
2530
2530
|
this.name = name;
|
|
2531
2531
|
this.collection = collections.oidcEntryCollection;
|
|
2532
2532
|
}
|
|
2533
|
-
_create_class$
|
|
2533
|
+
_create_class$8(FirestoreAdapter, [
|
|
2534
2534
|
{
|
|
2535
2535
|
key: "upsert",
|
|
2536
2536
|
value: function upsert(id, payload, expiresIn) {
|
|
@@ -2770,20 +2770,20 @@ function _ts_generator$6(thisArg, body) {
|
|
|
2770
2770
|
return FirestoreAdapter;
|
|
2771
2771
|
}
|
|
2772
2772
|
|
|
2773
|
-
function _array_like_to_array$
|
|
2773
|
+
function _array_like_to_array$4(arr, len) {
|
|
2774
2774
|
if (len == null || len > arr.length) len = arr.length;
|
|
2775
2775
|
for(var i = 0, arr2 = new Array(len); i < len; i++)arr2[i] = arr[i];
|
|
2776
2776
|
return arr2;
|
|
2777
2777
|
}
|
|
2778
|
-
function _array_without_holes$
|
|
2779
|
-
if (Array.isArray(arr)) return _array_like_to_array$
|
|
2778
|
+
function _array_without_holes$3(arr) {
|
|
2779
|
+
if (Array.isArray(arr)) return _array_like_to_array$4(arr);
|
|
2780
2780
|
}
|
|
2781
2781
|
function _class_call_check$8(instance, Constructor) {
|
|
2782
2782
|
if (!(instance instanceof Constructor)) {
|
|
2783
2783
|
throw new TypeError("Cannot call a class as a function");
|
|
2784
2784
|
}
|
|
2785
2785
|
}
|
|
2786
|
-
function _defineProperties$
|
|
2786
|
+
function _defineProperties$7(target, props) {
|
|
2787
2787
|
for(var i = 0; i < props.length; i++){
|
|
2788
2788
|
var descriptor = props[i];
|
|
2789
2789
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -2792,8 +2792,8 @@ function _defineProperties$8(target, props) {
|
|
|
2792
2792
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
2793
2793
|
}
|
|
2794
2794
|
}
|
|
2795
|
-
function _create_class$
|
|
2796
|
-
if (protoProps) _defineProperties$
|
|
2795
|
+
function _create_class$7(Constructor, protoProps, staticProps) {
|
|
2796
|
+
if (protoProps) _defineProperties$7(Constructor.prototype, protoProps);
|
|
2797
2797
|
return Constructor;
|
|
2798
2798
|
}
|
|
2799
2799
|
function _define_property$9(obj, key, value) {
|
|
@@ -2809,22 +2809,22 @@ function _define_property$9(obj, key, value) {
|
|
|
2809
2809
|
}
|
|
2810
2810
|
return obj;
|
|
2811
2811
|
}
|
|
2812
|
-
function _iterable_to_array$
|
|
2812
|
+
function _iterable_to_array$3(iter) {
|
|
2813
2813
|
if (typeof Symbol !== "undefined" && iter[Symbol.iterator] != null || iter["@@iterator"] != null) return Array.from(iter);
|
|
2814
2814
|
}
|
|
2815
|
-
function _non_iterable_spread$
|
|
2815
|
+
function _non_iterable_spread$3() {
|
|
2816
2816
|
throw new TypeError("Invalid attempt to spread non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
|
|
2817
2817
|
}
|
|
2818
|
-
function _to_consumable_array$
|
|
2819
|
-
return _array_without_holes$
|
|
2818
|
+
function _to_consumable_array$3(arr) {
|
|
2819
|
+
return _array_without_holes$3(arr) || _iterable_to_array$3(arr) || _unsupported_iterable_to_array$4(arr) || _non_iterable_spread$3();
|
|
2820
2820
|
}
|
|
2821
|
-
function _unsupported_iterable_to_array$
|
|
2821
|
+
function _unsupported_iterable_to_array$4(o, minLen) {
|
|
2822
2822
|
if (!o) return;
|
|
2823
|
-
if (typeof o === "string") return _array_like_to_array$
|
|
2823
|
+
if (typeof o === "string") return _array_like_to_array$4(o, minLen);
|
|
2824
2824
|
var n = Object.prototype.toString.call(o).slice(8, -1);
|
|
2825
2825
|
if (n === "Object" && o.constructor) n = o.constructor.name;
|
|
2826
2826
|
if (n === "Map" || n === "Set") return Array.from(n);
|
|
2827
|
-
if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array$
|
|
2827
|
+
if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array$4(o, minLen);
|
|
2828
2828
|
}
|
|
2829
2829
|
// MARK: Encrypted Fields
|
|
2830
2830
|
/**
|
|
@@ -2852,10 +2852,10 @@ function _unsupported_iterable_to_array$5(o, minLen) {
|
|
|
2852
2852
|
this.provider = nestjs.createAesStringEncryptionProvider(config.jwksKeyConverterConfig.encryptionSecret);
|
|
2853
2853
|
this.adapterPayloadEncryptor = util.selectiveFieldEncryptor({
|
|
2854
2854
|
provider: this.provider,
|
|
2855
|
-
fields: _to_consumable_array$
|
|
2855
|
+
fields: _to_consumable_array$3(OIDC_ENCRYPTED_PAYLOAD_FIELDS)
|
|
2856
2856
|
});
|
|
2857
2857
|
}
|
|
2858
|
-
_create_class$
|
|
2858
|
+
_create_class$7(OidcEncryptionService, [
|
|
2859
2859
|
{
|
|
2860
2860
|
/**
|
|
2861
2861
|
* Encrypts sensitive fields in an adapter payload and returns it as a {@link JsonSerializableObject}
|
|
@@ -2888,20 +2888,20 @@ exports.OidcEncryptionService = __decorate([
|
|
|
2888
2888
|
__param(0, common.Inject(OidcModuleConfig))
|
|
2889
2889
|
], exports.OidcEncryptionService);
|
|
2890
2890
|
|
|
2891
|
-
function _array_like_to_array$
|
|
2891
|
+
function _array_like_to_array$3(arr, len) {
|
|
2892
2892
|
if (len == null || len > arr.length) len = arr.length;
|
|
2893
2893
|
for(var i = 0, arr2 = new Array(len); i < len; i++)arr2[i] = arr[i];
|
|
2894
2894
|
return arr2;
|
|
2895
2895
|
}
|
|
2896
|
-
function _array_without_holes$
|
|
2897
|
-
if (Array.isArray(arr)) return _array_like_to_array$
|
|
2896
|
+
function _array_without_holes$2(arr) {
|
|
2897
|
+
if (Array.isArray(arr)) return _array_like_to_array$3(arr);
|
|
2898
2898
|
}
|
|
2899
2899
|
function _class_call_check$7(instance, Constructor) {
|
|
2900
2900
|
if (!(instance instanceof Constructor)) {
|
|
2901
2901
|
throw new TypeError("Cannot call a class as a function");
|
|
2902
2902
|
}
|
|
2903
2903
|
}
|
|
2904
|
-
function _defineProperties$
|
|
2904
|
+
function _defineProperties$6(target, props) {
|
|
2905
2905
|
for(var i = 0; i < props.length; i++){
|
|
2906
2906
|
var descriptor = props[i];
|
|
2907
2907
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -2910,8 +2910,8 @@ function _defineProperties$7(target, props) {
|
|
|
2910
2910
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
2911
2911
|
}
|
|
2912
2912
|
}
|
|
2913
|
-
function _create_class$
|
|
2914
|
-
if (protoProps) _defineProperties$
|
|
2913
|
+
function _create_class$6(Constructor, protoProps, staticProps) {
|
|
2914
|
+
if (protoProps) _defineProperties$6(Constructor.prototype, protoProps);
|
|
2915
2915
|
return Constructor;
|
|
2916
2916
|
}
|
|
2917
2917
|
function _define_property$8(obj, key, value) {
|
|
@@ -2927,22 +2927,22 @@ function _define_property$8(obj, key, value) {
|
|
|
2927
2927
|
}
|
|
2928
2928
|
return obj;
|
|
2929
2929
|
}
|
|
2930
|
-
function _iterable_to_array$
|
|
2930
|
+
function _iterable_to_array$2(iter) {
|
|
2931
2931
|
if (typeof Symbol !== "undefined" && iter[Symbol.iterator] != null || iter["@@iterator"] != null) return Array.from(iter);
|
|
2932
2932
|
}
|
|
2933
|
-
function _non_iterable_spread$
|
|
2933
|
+
function _non_iterable_spread$2() {
|
|
2934
2934
|
throw new TypeError("Invalid attempt to spread non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
|
|
2935
2935
|
}
|
|
2936
|
-
function _to_consumable_array$
|
|
2937
|
-
return _array_without_holes$
|
|
2936
|
+
function _to_consumable_array$2(arr) {
|
|
2937
|
+
return _array_without_holes$2(arr) || _iterable_to_array$2(arr) || _unsupported_iterable_to_array$3(arr) || _non_iterable_spread$2();
|
|
2938
2938
|
}
|
|
2939
|
-
function _unsupported_iterable_to_array$
|
|
2939
|
+
function _unsupported_iterable_to_array$3(o, minLen) {
|
|
2940
2940
|
if (!o) return;
|
|
2941
|
-
if (typeof o === "string") return _array_like_to_array$
|
|
2941
|
+
if (typeof o === "string") return _array_like_to_array$3(o, minLen);
|
|
2942
2942
|
var n = Object.prototype.toString.call(o).slice(8, -1);
|
|
2943
2943
|
if (n === "Object" && o.constructor) n = o.constructor.name;
|
|
2944
2944
|
if (n === "Map" || n === "Set") return Array.from(n);
|
|
2945
|
-
if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array$
|
|
2945
|
+
if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array$3(o, minLen);
|
|
2946
2946
|
}
|
|
2947
2947
|
// MARK: Routes
|
|
2948
2948
|
/**
|
|
@@ -3019,7 +3019,7 @@ var DEFAULT_OIDC_CODE_CHALLENGE_METHODS = [
|
|
|
3019
3019
|
this.providerConfig = accountService.providerConfig;
|
|
3020
3020
|
this.scopesSupported = Object.keys(this.providerConfig.claims);
|
|
3021
3021
|
this.claimsSupported = Array.from(new Set(Object.values(this.providerConfig.claims).flat()));
|
|
3022
|
-
this.tokenEndpointAuthMethodsSupported = (_this_config_tokenEndpointAuthMethods = this.config.tokenEndpointAuthMethods) !== null && _this_config_tokenEndpointAuthMethods !== void 0 ? _this_config_tokenEndpointAuthMethods : _to_consumable_array$
|
|
3022
|
+
this.tokenEndpointAuthMethodsSupported = (_this_config_tokenEndpointAuthMethods = this.config.tokenEndpointAuthMethods) !== null && _this_config_tokenEndpointAuthMethods !== void 0 ? _this_config_tokenEndpointAuthMethods : _to_consumable_array$2(DEFAULT_OIDC_TOKEN_ENDPOINT_AUTH_METHODS);
|
|
3023
3023
|
var appUrl = envService.appUrl;
|
|
3024
3024
|
this.appLoginUrl = util.websiteUrlFromPaths(appUrl, [
|
|
3025
3025
|
this.config.appOAuthInteractionPath,
|
|
@@ -3031,7 +3031,7 @@ var DEFAULT_OIDC_CODE_CHALLENGE_METHODS = [
|
|
|
3031
3031
|
]);
|
|
3032
3032
|
this.oidcRegistrationRouteEnabled = config.registrationEnabled === true;
|
|
3033
3033
|
}
|
|
3034
|
-
_create_class$
|
|
3034
|
+
_create_class$6(OidcProviderConfigService, [
|
|
3035
3035
|
{
|
|
3036
3036
|
/**
|
|
3037
3037
|
* Builds the OpenID Connect Discovery metadata document.
|
|
@@ -3052,16 +3052,16 @@ var DEFAULT_OIDC_CODE_CHALLENGE_METHODS = [
|
|
|
3052
3052
|
jwks_uri: jwksUri !== null && jwksUri !== void 0 ? jwksUri : "".concat(issuer).concat(routes.jwks),
|
|
3053
3053
|
registration_endpoint: this.oidcRegistrationRouteEnabled ? "".concat(issuer).concat(routes.registration) : undefined,
|
|
3054
3054
|
scopes_supported: this.scopesSupported,
|
|
3055
|
-
response_types_supported: _to_consumable_array$
|
|
3055
|
+
response_types_supported: _to_consumable_array$2(providerConfig.responseTypes),
|
|
3056
3056
|
response_modes_supported: [
|
|
3057
3057
|
'query'
|
|
3058
3058
|
],
|
|
3059
|
-
grant_types_supported: _to_consumable_array$
|
|
3060
|
-
subject_types_supported: _to_consumable_array$
|
|
3061
|
-
id_token_signing_alg_values_supported: _to_consumable_array$
|
|
3062
|
-
token_endpoint_auth_methods_supported: _to_consumable_array$
|
|
3059
|
+
grant_types_supported: _to_consumable_array$2(providerConfig.grantTypes),
|
|
3060
|
+
subject_types_supported: _to_consumable_array$2(DEFAULT_OIDC_SUBJECT_TYPES),
|
|
3061
|
+
id_token_signing_alg_values_supported: _to_consumable_array$2(DEFAULT_OIDC_ID_TOKEN_SIGNING_ALG_VALUES),
|
|
3062
|
+
token_endpoint_auth_methods_supported: _to_consumable_array$2(this.tokenEndpointAuthMethodsSupported),
|
|
3063
3063
|
claims_supported: this.claimsSupported,
|
|
3064
|
-
code_challenge_methods_supported: _to_consumable_array$
|
|
3064
|
+
code_challenge_methods_supported: _to_consumable_array$2(DEFAULT_OIDC_CODE_CHALLENGE_METHODS)
|
|
3065
3065
|
};
|
|
3066
3066
|
}
|
|
3067
3067
|
}
|
|
@@ -3075,13 +3075,13 @@ exports.OidcProviderConfigService = __decorate([
|
|
|
3075
3075
|
__param(2, common.Inject(firebaseServer.FirebaseServerEnvService))
|
|
3076
3076
|
], exports.OidcProviderConfigService);
|
|
3077
3077
|
|
|
3078
|
-
function _array_like_to_array$
|
|
3078
|
+
function _array_like_to_array$2(arr, len) {
|
|
3079
3079
|
if (len == null || len > arr.length) len = arr.length;
|
|
3080
3080
|
for(var i = 0, arr2 = new Array(len); i < len; i++)arr2[i] = arr[i];
|
|
3081
3081
|
return arr2;
|
|
3082
3082
|
}
|
|
3083
|
-
function _array_without_holes$
|
|
3084
|
-
if (Array.isArray(arr)) return _array_like_to_array$
|
|
3083
|
+
function _array_without_holes$1(arr) {
|
|
3084
|
+
if (Array.isArray(arr)) return _array_like_to_array$2(arr);
|
|
3085
3085
|
}
|
|
3086
3086
|
function asyncGeneratorStep$5(gen, resolve, reject, _next, _throw, key, arg) {
|
|
3087
3087
|
try {
|
|
@@ -3117,7 +3117,7 @@ function _class_call_check$6(instance, Constructor) {
|
|
|
3117
3117
|
throw new TypeError("Cannot call a class as a function");
|
|
3118
3118
|
}
|
|
3119
3119
|
}
|
|
3120
|
-
function _defineProperties$
|
|
3120
|
+
function _defineProperties$5(target, props) {
|
|
3121
3121
|
for(var i = 0; i < props.length; i++){
|
|
3122
3122
|
var descriptor = props[i];
|
|
3123
3123
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -3126,8 +3126,8 @@ function _defineProperties$6(target, props) {
|
|
|
3126
3126
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
3127
3127
|
}
|
|
3128
3128
|
}
|
|
3129
|
-
function _create_class$
|
|
3130
|
-
if (protoProps) _defineProperties$
|
|
3129
|
+
function _create_class$5(Constructor, protoProps, staticProps) {
|
|
3130
|
+
if (protoProps) _defineProperties$5(Constructor.prototype, protoProps);
|
|
3131
3131
|
return Constructor;
|
|
3132
3132
|
}
|
|
3133
3133
|
function _define_property$7(obj, key, value) {
|
|
@@ -3143,10 +3143,10 @@ function _define_property$7(obj, key, value) {
|
|
|
3143
3143
|
}
|
|
3144
3144
|
return obj;
|
|
3145
3145
|
}
|
|
3146
|
-
function _iterable_to_array$
|
|
3146
|
+
function _iterable_to_array$1(iter) {
|
|
3147
3147
|
if (typeof Symbol !== "undefined" && iter[Symbol.iterator] != null || iter["@@iterator"] != null) return Array.from(iter);
|
|
3148
3148
|
}
|
|
3149
|
-
function _non_iterable_spread$
|
|
3149
|
+
function _non_iterable_spread$1() {
|
|
3150
3150
|
throw new TypeError("Invalid attempt to spread non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
|
|
3151
3151
|
}
|
|
3152
3152
|
function _object_spread$2(target) {
|
|
@@ -3183,16 +3183,52 @@ function _object_spread_props(target, source) {
|
|
|
3183
3183
|
}
|
|
3184
3184
|
return target;
|
|
3185
3185
|
}
|
|
3186
|
-
function
|
|
3187
|
-
|
|
3186
|
+
function _object_without_properties(source, excluded) {
|
|
3187
|
+
if (source == null) return {};
|
|
3188
|
+
var target = {}, sourceKeys, key, i;
|
|
3189
|
+
if (typeof Reflect !== "undefined" && Reflect.ownKeys) {
|
|
3190
|
+
sourceKeys = Reflect.ownKeys(Object(source));
|
|
3191
|
+
for(i = 0; i < sourceKeys.length; i++){
|
|
3192
|
+
key = sourceKeys[i];
|
|
3193
|
+
if (excluded.indexOf(key) >= 0) continue;
|
|
3194
|
+
if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;
|
|
3195
|
+
target[key] = source[key];
|
|
3196
|
+
}
|
|
3197
|
+
return target;
|
|
3198
|
+
}
|
|
3199
|
+
target = _object_without_properties_loose(source, excluded);
|
|
3200
|
+
if (Object.getOwnPropertySymbols) {
|
|
3201
|
+
sourceKeys = Object.getOwnPropertySymbols(source);
|
|
3202
|
+
for(i = 0; i < sourceKeys.length; i++){
|
|
3203
|
+
key = sourceKeys[i];
|
|
3204
|
+
if (excluded.indexOf(key) >= 0) continue;
|
|
3205
|
+
if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;
|
|
3206
|
+
target[key] = source[key];
|
|
3207
|
+
}
|
|
3208
|
+
}
|
|
3209
|
+
return target;
|
|
3188
3210
|
}
|
|
3189
|
-
function
|
|
3211
|
+
function _object_without_properties_loose(source, excluded) {
|
|
3212
|
+
if (source == null) return {};
|
|
3213
|
+
var target = {}, sourceKeys = Object.getOwnPropertyNames(source), key, i;
|
|
3214
|
+
for(i = 0; i < sourceKeys.length; i++){
|
|
3215
|
+
key = sourceKeys[i];
|
|
3216
|
+
if (excluded.indexOf(key) >= 0) continue;
|
|
3217
|
+
if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;
|
|
3218
|
+
target[key] = source[key];
|
|
3219
|
+
}
|
|
3220
|
+
return target;
|
|
3221
|
+
}
|
|
3222
|
+
function _to_consumable_array$1(arr) {
|
|
3223
|
+
return _array_without_holes$1(arr) || _iterable_to_array$1(arr) || _unsupported_iterable_to_array$2(arr) || _non_iterable_spread$1();
|
|
3224
|
+
}
|
|
3225
|
+
function _unsupported_iterable_to_array$2(o, minLen) {
|
|
3190
3226
|
if (!o) return;
|
|
3191
|
-
if (typeof o === "string") return _array_like_to_array$
|
|
3227
|
+
if (typeof o === "string") return _array_like_to_array$2(o, minLen);
|
|
3192
3228
|
var n = Object.prototype.toString.call(o).slice(8, -1);
|
|
3193
3229
|
if (n === "Object" && o.constructor) n = o.constructor.name;
|
|
3194
3230
|
if (n === "Map" || n === "Set") return Array.from(n);
|
|
3195
|
-
if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array$
|
|
3231
|
+
if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array$2(o, minLen);
|
|
3196
3232
|
}
|
|
3197
3233
|
function _ts_generator$5(thisArg, body) {
|
|
3198
3234
|
var f, y, t, _ = {
|
|
@@ -3317,7 +3353,7 @@ function _ts_generator$5(thisArg, body) {
|
|
|
3317
3353
|
this.collections = collections;
|
|
3318
3354
|
this.encryptionService = encryptionService;
|
|
3319
3355
|
}
|
|
3320
|
-
_create_class$
|
|
3356
|
+
_create_class$5(OidcService, [
|
|
3321
3357
|
{
|
|
3322
3358
|
/**
|
|
3323
3359
|
* Returns the oidc-provider instance, initializing it on first access.
|
|
@@ -3341,7 +3377,7 @@ function _ts_generator$5(thisArg, body) {
|
|
|
3341
3377
|
* @returns The auth context, or `undefined` if the token is invalid or expired.
|
|
3342
3378
|
*/ function verifyAccessToken(rawToken) {
|
|
3343
3379
|
return _async_to_generator$5(function() {
|
|
3344
|
-
var _accessToken_exp, provider, accessToken, token;
|
|
3380
|
+
var _accessToken_extra, _accessToken_exp, provider, accessToken, accountClaims, token;
|
|
3345
3381
|
return _ts_generator$5(this, function(_state) {
|
|
3346
3382
|
switch(_state.label){
|
|
3347
3383
|
case 0:
|
|
@@ -3363,7 +3399,12 @@ function _ts_generator$5(thisArg, body) {
|
|
|
3363
3399
|
undefined
|
|
3364
3400
|
];
|
|
3365
3401
|
}
|
|
3366
|
-
token
|
|
3402
|
+
// Extract account claims baked into the access token at issuance time.
|
|
3403
|
+
// These are the claims built by OidcAccountServiceDelegate.buildClaimsForUser()
|
|
3404
|
+
// (e.g., `a` for admin, `o` for onboarded) based on the granted scopes.
|
|
3405
|
+
// Read the account claims baked into the token at issuance time via extraAccessTokenClaims.
|
|
3406
|
+
accountClaims = (_accessToken_extra = accessToken.extra) !== null && _accessToken_extra !== void 0 ? _accessToken_extra : {};
|
|
3407
|
+
token = _object_spread_props(_object_spread$2({}, accountClaims), {
|
|
3367
3408
|
// Standard JWT claims — sourced from the access token
|
|
3368
3409
|
aud: util.firstValue(accessToken.aud),
|
|
3369
3410
|
iss: this.config.issuer,
|
|
@@ -3381,18 +3422,18 @@ function _ts_generator$5(thisArg, body) {
|
|
|
3381
3422
|
identities: {},
|
|
3382
3423
|
sign_in_provider: 'dbx_oidc'
|
|
3383
3424
|
}
|
|
3384
|
-
};
|
|
3425
|
+
});
|
|
3385
3426
|
return [
|
|
3386
3427
|
2,
|
|
3387
3428
|
{
|
|
3388
3429
|
uid: accessToken.accountId,
|
|
3389
3430
|
token: token,
|
|
3390
3431
|
rawToken: rawToken,
|
|
3391
|
-
oidcValidatedToken: {
|
|
3432
|
+
oidcValidatedToken: _object_spread$2({
|
|
3392
3433
|
sub: accessToken.accountId,
|
|
3393
3434
|
scope: accessToken.scope,
|
|
3394
3435
|
client_id: accessToken.clientId
|
|
3395
|
-
}
|
|
3436
|
+
}, accountClaims)
|
|
3396
3437
|
}
|
|
3397
3438
|
];
|
|
3398
3439
|
}
|
|
@@ -3463,10 +3504,10 @@ function _ts_generator$5(thisArg, body) {
|
|
|
3463
3504
|
var _this = this;
|
|
3464
3505
|
var config = this.config;
|
|
3465
3506
|
var providerConfig = this.providerConfigService.providerConfig;
|
|
3466
|
-
return _object_spread$2({
|
|
3507
|
+
return _object_spread_props(_object_spread$2({
|
|
3467
3508
|
routes: _object_spread$2({}, this.providerConfigService.routes),
|
|
3468
3509
|
claims: _object_spread$2({}, providerConfig.claims),
|
|
3469
|
-
responseTypes: _to_consumable_array$
|
|
3510
|
+
responseTypes: _to_consumable_array$1(providerConfig.responseTypes),
|
|
3470
3511
|
pkce: {
|
|
3471
3512
|
required: function required() {
|
|
3472
3513
|
return true;
|
|
@@ -3552,7 +3593,55 @@ function _ts_generator$5(thisArg, body) {
|
|
|
3552
3593
|
}
|
|
3553
3594
|
}, config.renderError ? {
|
|
3554
3595
|
renderError: config.renderError
|
|
3555
|
-
} : {})
|
|
3596
|
+
} : {}), {
|
|
3597
|
+
// Bake account claims into the access token at issuance time so they're
|
|
3598
|
+
// available via `accessToken.extra` during verification without an extra DB call.
|
|
3599
|
+
extraTokenClaims: function extraTokenClaims(_ctx, token) {
|
|
3600
|
+
return _async_to_generator$5(function() {
|
|
3601
|
+
var accountId, scope, account, claims, extraClaims;
|
|
3602
|
+
return _ts_generator$5(this, function(_state) {
|
|
3603
|
+
switch(_state.label){
|
|
3604
|
+
case 0:
|
|
3605
|
+
accountId = token.accountId;
|
|
3606
|
+
scope = token.scope;
|
|
3607
|
+
if (!(accountId && scope)) return [
|
|
3608
|
+
3,
|
|
3609
|
+
3
|
|
3610
|
+
];
|
|
3611
|
+
return [
|
|
3612
|
+
4,
|
|
3613
|
+
this.accountService.userContext(accountId).findAccount()
|
|
3614
|
+
];
|
|
3615
|
+
case 1:
|
|
3616
|
+
account = _state.sent();
|
|
3617
|
+
if (!account) return [
|
|
3618
|
+
3,
|
|
3619
|
+
3
|
|
3620
|
+
];
|
|
3621
|
+
return [
|
|
3622
|
+
4,
|
|
3623
|
+
account.claims('access_token', scope)
|
|
3624
|
+
];
|
|
3625
|
+
case 2:
|
|
3626
|
+
claims = _state.sent();
|
|
3627
|
+
claims.sub, extraClaims = _object_without_properties(claims, [
|
|
3628
|
+
"sub"
|
|
3629
|
+
]);
|
|
3630
|
+
// Filter out undefined values — the Firestore adapter cannot serialize them.
|
|
3631
|
+
return [
|
|
3632
|
+
2,
|
|
3633
|
+
util.filterUndefinedValues(extraClaims)
|
|
3634
|
+
];
|
|
3635
|
+
case 3:
|
|
3636
|
+
return [
|
|
3637
|
+
2,
|
|
3638
|
+
{}
|
|
3639
|
+
];
|
|
3640
|
+
}
|
|
3641
|
+
});
|
|
3642
|
+
}).call(_this);
|
|
3643
|
+
}
|
|
3644
|
+
});
|
|
3556
3645
|
}
|
|
3557
3646
|
},
|
|
3558
3647
|
{
|
|
@@ -3668,7 +3757,7 @@ function _class_call_check$5(instance, Constructor) {
|
|
|
3668
3757
|
throw new TypeError("Cannot call a class as a function");
|
|
3669
3758
|
}
|
|
3670
3759
|
}
|
|
3671
|
-
function _defineProperties$
|
|
3760
|
+
function _defineProperties$4(target, props) {
|
|
3672
3761
|
for(var i = 0; i < props.length; i++){
|
|
3673
3762
|
var descriptor = props[i];
|
|
3674
3763
|
descriptor.enumerable = descriptor.enumerable || false;
|
|
@@ -3677,8 +3766,8 @@ function _defineProperties$5(target, props) {
|
|
|
3677
3766
|
Object.defineProperty(target, descriptor.key, descriptor);
|
|
3678
3767
|
}
|
|
3679
3768
|
}
|
|
3680
|
-
function _create_class$
|
|
3681
|
-
if (protoProps) _defineProperties$
|
|
3769
|
+
function _create_class$4(Constructor, protoProps, staticProps) {
|
|
3770
|
+
if (protoProps) _defineProperties$4(Constructor.prototype, protoProps);
|
|
3682
3771
|
return Constructor;
|
|
3683
3772
|
}
|
|
3684
3773
|
function _define_property$6(obj, key, value) {
|
|
@@ -3818,7 +3907,7 @@ function _ts_generator$4(thisArg, body) {
|
|
|
3818
3907
|
_define_property$6(this, "logger", new common.Logger('OidcAuthBearerTokenMiddleware'));
|
|
3819
3908
|
this.oidcService = oidcService;
|
|
3820
3909
|
}
|
|
3821
|
-
_create_class$
|
|
3910
|
+
_create_class$4(OidcAuthBearerTokenMiddleware, [
|
|
3822
3911
|
{
|
|
3823
3912
|
key: "use",
|
|
3824
3913
|
value: function use(req, _res, next) {
|
|
@@ -3879,32 +3968,11 @@ exports.OidcAuthBearerTokenMiddleware = __decorate([
|
|
|
3879
3968
|
__param(0, common.Inject(exports.OidcService))
|
|
3880
3969
|
], exports.OidcAuthBearerTokenMiddleware);
|
|
3881
3970
|
|
|
3882
|
-
function _array_like_to_array$2(arr, len) {
|
|
3883
|
-
if (len == null || len > arr.length) len = arr.length;
|
|
3884
|
-
for(var i = 0, arr2 = new Array(len); i < len; i++)arr2[i] = arr[i];
|
|
3885
|
-
return arr2;
|
|
3886
|
-
}
|
|
3887
|
-
function _array_without_holes$1(arr) {
|
|
3888
|
-
if (Array.isArray(arr)) return _array_like_to_array$2(arr);
|
|
3889
|
-
}
|
|
3890
3971
|
function _class_call_check$4(instance, Constructor) {
|
|
3891
3972
|
if (!(instance instanceof Constructor)) {
|
|
3892
3973
|
throw new TypeError("Cannot call a class as a function");
|
|
3893
3974
|
}
|
|
3894
3975
|
}
|
|
3895
|
-
function _defineProperties$4(target, props) {
|
|
3896
|
-
for(var i = 0; i < props.length; i++){
|
|
3897
|
-
var descriptor = props[i];
|
|
3898
|
-
descriptor.enumerable = descriptor.enumerable || false;
|
|
3899
|
-
descriptor.configurable = true;
|
|
3900
|
-
if ("value" in descriptor) descriptor.writable = true;
|
|
3901
|
-
Object.defineProperty(target, descriptor.key, descriptor);
|
|
3902
|
-
}
|
|
3903
|
-
}
|
|
3904
|
-
function _create_class$4(Constructor, protoProps, staticProps) {
|
|
3905
|
-
if (protoProps) _defineProperties$4(Constructor.prototype, protoProps);
|
|
3906
|
-
return Constructor;
|
|
3907
|
-
}
|
|
3908
3976
|
function _define_property$5(obj, key, value) {
|
|
3909
3977
|
if (key in obj) {
|
|
3910
3978
|
Object.defineProperty(obj, key, {
|
|
@@ -3918,23 +3986,6 @@ function _define_property$5(obj, key, value) {
|
|
|
3918
3986
|
}
|
|
3919
3987
|
return obj;
|
|
3920
3988
|
}
|
|
3921
|
-
function _iterable_to_array$1(iter) {
|
|
3922
|
-
if (typeof Symbol !== "undefined" && iter[Symbol.iterator] != null || iter["@@iterator"] != null) return Array.from(iter);
|
|
3923
|
-
}
|
|
3924
|
-
function _non_iterable_spread$1() {
|
|
3925
|
-
throw new TypeError("Invalid attempt to spread non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
|
|
3926
|
-
}
|
|
3927
|
-
function _to_consumable_array$1(arr) {
|
|
3928
|
-
return _array_without_holes$1(arr) || _iterable_to_array$1(arr) || _unsupported_iterable_to_array$2(arr) || _non_iterable_spread$1();
|
|
3929
|
-
}
|
|
3930
|
-
function _unsupported_iterable_to_array$2(o, minLen) {
|
|
3931
|
-
if (!o) return;
|
|
3932
|
-
if (typeof o === "string") return _array_like_to_array$2(o, minLen);
|
|
3933
|
-
var n = Object.prototype.toString.call(o).slice(8, -1);
|
|
3934
|
-
if (n === "Object" && o.constructor) n = o.constructor.name;
|
|
3935
|
-
if (n === "Map" || n === "Set") return Array.from(n);
|
|
3936
|
-
if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array$2(o, minLen);
|
|
3937
|
-
}
|
|
3938
3989
|
// MARK: Config
|
|
3939
3990
|
/**
|
|
3940
3991
|
* Configuration for `OidcAuthBearerTokenMiddleware` route protection.
|
|
@@ -3942,12 +3993,6 @@ function _unsupported_iterable_to_array$2(o, minLen) {
|
|
|
3942
3993
|
* Works in reverse of `FirebaseAppCheckMiddlewareConfig`: instead of protecting
|
|
3943
3994
|
* all routes and ignoring some, this only protects explicitly specified paths.
|
|
3944
3995
|
* Routes under the global API prefix (protected by AppCheck) are excluded.
|
|
3945
|
-
*
|
|
3946
|
-
* @example
|
|
3947
|
-
* ```ts
|
|
3948
|
-
* // Provide in your module:
|
|
3949
|
-
* { provide: OidcAuthMiddlewareConfig, useValue: { protectedPaths: ['/mcp'] } }
|
|
3950
|
-
* ```
|
|
3951
3996
|
*/ var OidcAuthMiddlewareConfig = function OidcAuthMiddlewareConfig() {
|
|
3952
3997
|
_class_call_check$4(this, OidcAuthMiddlewareConfig);
|
|
3953
3998
|
/**
|
|
@@ -3959,56 +4004,75 @@ function _unsupported_iterable_to_array$2(o, minLen) {
|
|
|
3959
4004
|
*/ _define_property$5(this, "protectedPaths", void 0);
|
|
3960
4005
|
};
|
|
3961
4006
|
// MARK: Module
|
|
4007
|
+
var _logger = new common.Logger('applyOidcAuthMiddleware');
|
|
4008
|
+
// MARK: Express-Level Helper
|
|
3962
4009
|
/**
|
|
3963
|
-
*
|
|
3964
|
-
*
|
|
4010
|
+
* Applies OAuth bearer token verification as global Express middleware on
|
|
4011
|
+
* the given NestJS application.
|
|
3965
4012
|
*
|
|
3966
|
-
*
|
|
3967
|
-
*
|
|
3968
|
-
*
|
|
4013
|
+
* Resolves `OidcService` and `OidcAuthMiddlewareConfig` from the app's DI container,
|
|
4014
|
+
* then registers an Express middleware that verifies bearer tokens for the configured
|
|
4015
|
+
* protected paths and attaches auth data to `req.auth`.
|
|
4016
|
+
*
|
|
4017
|
+
* This is an alternative to {@link ConfigureOidcAuthMiddlewareModule} for cases where
|
|
4018
|
+
* NestJS module scoping makes the module approach impractical.
|
|
4019
|
+
*
|
|
4020
|
+
* @param nestApp - The NestJS application instance used to resolve dependencies and register the middleware.
|
|
3969
4021
|
*
|
|
3970
4022
|
* @example
|
|
3971
4023
|
* ```ts
|
|
3972
|
-
*
|
|
3973
|
-
*
|
|
3974
|
-
*
|
|
3975
|
-
*
|
|
3976
|
-
*
|
|
3977
|
-
* }
|
|
3978
|
-
* export class AppModule {}
|
|
4024
|
+
* export const APP_NEST_SERVER_CONFIG: NestServerInstanceConfig<AppModule> = {
|
|
4025
|
+
* moduleClass: AppModule,
|
|
4026
|
+
* configureNestServerInstance: (nestApp) => {
|
|
4027
|
+
* applyOidcAuthMiddleware(nestApp);
|
|
4028
|
+
* }
|
|
4029
|
+
* };
|
|
3979
4030
|
* ```
|
|
3980
|
-
*/
|
|
3981
|
-
|
|
3982
|
-
|
|
3983
|
-
|
|
3984
|
-
|
|
3985
|
-
|
|
4031
|
+
*/ function applyOidcAuthMiddleware(nestApp) {
|
|
4032
|
+
var _ref;
|
|
4033
|
+
var oidcService = nestApp.get(exports.OidcService);
|
|
4034
|
+
var config = nestApp.get(OidcAuthMiddlewareConfig);
|
|
4035
|
+
var protectedPaths = (_ref = config === null || config === void 0 ? void 0 : config.protectedPaths) !== null && _ref !== void 0 ? _ref : [];
|
|
4036
|
+
if (protectedPaths.length === 0) {
|
|
4037
|
+
return;
|
|
3986
4038
|
}
|
|
3987
|
-
|
|
3988
|
-
|
|
3989
|
-
|
|
3990
|
-
|
|
3991
|
-
|
|
3992
|
-
|
|
3993
|
-
|
|
3994
|
-
if (protectedPaths.length > 0) {
|
|
3995
|
-
var _consumer_apply;
|
|
3996
|
-
var routes = protectedPaths.map(function(path) {
|
|
3997
|
-
return "".concat(path, "/*path");
|
|
3998
|
-
});
|
|
3999
|
-
(_consumer_apply = consumer.apply(exports.OidcAuthBearerTokenMiddleware)).forRoutes.apply(_consumer_apply, _to_consumable_array$1(routes));
|
|
4000
|
-
this.logger.debug("Configured OAuth bearer token middleware for routes: ".concat(protectedPaths.join(', ')));
|
|
4001
|
-
}
|
|
4002
|
-
}
|
|
4039
|
+
var logger = new common.Logger('OidcAuthMiddleware');
|
|
4040
|
+
nestApp.use(function(req, res, next) {
|
|
4041
|
+
var isProtected = protectedPaths.some(function(prefix) {
|
|
4042
|
+
return req.path.startsWith(prefix);
|
|
4043
|
+
});
|
|
4044
|
+
if (!isProtected) {
|
|
4045
|
+
return next();
|
|
4003
4046
|
}
|
|
4004
|
-
|
|
4005
|
-
|
|
4006
|
-
|
|
4007
|
-
|
|
4008
|
-
|
|
4009
|
-
|
|
4010
|
-
|
|
4011
|
-
|
|
4047
|
+
var authHeader = req.headers.authorization;
|
|
4048
|
+
if (!(authHeader === null || authHeader === void 0 ? void 0 : authHeader.startsWith('Bearer '))) {
|
|
4049
|
+
res.status(401).json({
|
|
4050
|
+
statusCode: 401,
|
|
4051
|
+
message: 'Missing or invalid Authorization header'
|
|
4052
|
+
});
|
|
4053
|
+
return;
|
|
4054
|
+
}
|
|
4055
|
+
var token = authHeader.slice(7);
|
|
4056
|
+
oidcService.verifyAccessToken(token).then(function(oauthAuth) {
|
|
4057
|
+
if (!oauthAuth) {
|
|
4058
|
+
res.status(401).json({
|
|
4059
|
+
statusCode: 401,
|
|
4060
|
+
message: 'Invalid or expired access token'
|
|
4061
|
+
});
|
|
4062
|
+
return;
|
|
4063
|
+
}
|
|
4064
|
+
req.auth = oauthAuth;
|
|
4065
|
+
next();
|
|
4066
|
+
}).catch(function(err) {
|
|
4067
|
+
logger.error('Bearer token verification failed', err);
|
|
4068
|
+
res.status(401).json({
|
|
4069
|
+
statusCode: 401,
|
|
4070
|
+
message: 'Token verification failed'
|
|
4071
|
+
});
|
|
4072
|
+
});
|
|
4073
|
+
});
|
|
4074
|
+
_logger.debug("Applied OAuth bearer token middleware for paths: ".concat(protectedPaths.join(', ')));
|
|
4075
|
+
}
|
|
4012
4076
|
|
|
4013
4077
|
function asyncGeneratorStep$3(gen, resolve, reject, _next, _throw, key, arg) {
|
|
4014
4078
|
try {
|
|
@@ -5593,8 +5657,7 @@ function _unsupported_iterable_to_array(o, minLen) {
|
|
|
5593
5657
|
return {
|
|
5594
5658
|
imports: [
|
|
5595
5659
|
config.ConfigModule,
|
|
5596
|
-
firebaseServer.FirebaseServerFirestoreContextModule
|
|
5597
|
-
exports.ConfigureOidcAuthMiddlewareModule
|
|
5660
|
+
firebaseServer.FirebaseServerFirestoreContextModule
|
|
5598
5661
|
].concat(_to_consumable_array(dependencyModuleImport), _to_consumable_array(imports !== null && imports !== void 0 ? imports : [])),
|
|
5599
5662
|
controllers: [
|
|
5600
5663
|
exports.OidcWellKnownController,
|
|
@@ -5604,6 +5667,7 @@ function _unsupported_iterable_to_array(o, minLen) {
|
|
|
5604
5667
|
exports: [
|
|
5605
5668
|
OidcClientService,
|
|
5606
5669
|
OidcModuleConfig,
|
|
5670
|
+
OidcAuthMiddlewareConfig,
|
|
5607
5671
|
OidcServerFirestoreCollections
|
|
5608
5672
|
].concat(_to_consumable_array(exports$1 !== null && exports$1 !== void 0 ? exports$1 : [])),
|
|
5609
5673
|
providers: [
|
|
@@ -5698,6 +5762,7 @@ exports.OidcModuleConfig = OidcModuleConfig;
|
|
|
5698
5762
|
exports.OidcServerFirestoreCollections = OidcServerFirestoreCollections;
|
|
5699
5763
|
exports.activeJwksKeysQuery = activeJwksKeysQuery;
|
|
5700
5764
|
exports.appOidcModelModuleMetadata = appOidcModelModuleMetadata;
|
|
5765
|
+
exports.applyOidcAuthMiddleware = applyOidcAuthMiddleware;
|
|
5701
5766
|
exports.createAdapterFactory = createAdapterFactory;
|
|
5702
5767
|
exports.createOidcClientFactory = createOidcClientFactory;
|
|
5703
5768
|
exports.deleteOidcClientFactory = deleteOidcClientFactory;
|