@easecation/iam-client 1.0.3 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ApiKeyRotationHelper.d.ts +75 -0
- package/dist/ApiKeyRotationHelper.d.ts.map +1 -0
- package/dist/ApiKeyRotationHelper.js +102 -0
- package/dist/ApiKeyRotationHelper.js.map +1 -0
- package/dist/IamClient.d.ts +43 -4
- package/dist/IamClient.d.ts.map +1 -1
- package/dist/IamClient.js +119 -3
- package/dist/IamClient.js.map +1 -1
- package/dist/index.d.ts +5 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware.d.ts +30 -0
- package/dist/middleware.d.ts.map +1 -1
- package/dist/middleware.js +89 -0
- package/dist/middleware.js.map +1 -1
- package/dist/types.d.ts +80 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ApiKeyRotationHelper
|
|
3
|
+
*
|
|
4
|
+
* Utility class that assists with zero-downtime API key rotation.
|
|
5
|
+
*
|
|
6
|
+
* Rotation workflow:
|
|
7
|
+
* 1. Create a new key via IAM management API.
|
|
8
|
+
* 2. Update the consuming service's config with the new key
|
|
9
|
+
* (e.g. update env var, restart service, or use hot-reload).
|
|
10
|
+
* 3. After the grace period (>= permissionCacheTtlMs = 5 min), revoke the old key.
|
|
11
|
+
*
|
|
12
|
+
* This helper does NOT talk to IAM directly — it is purely a coordination
|
|
13
|
+
* wrapper around your own deployment/config update mechanism.
|
|
14
|
+
*
|
|
15
|
+
* Usage example:
|
|
16
|
+
* const helper = new ApiKeyRotationHelper(iamClient, {
|
|
17
|
+
* iamBaseUrl: 'http://authapi.easecation.net',
|
|
18
|
+
* adminJwt: process.env.IAM_ADMIN_JWT,
|
|
19
|
+
* });
|
|
20
|
+
* const { newKeyId, newKeyValue } = await helper.createNewKey({ name: 'HR Cron v2' });
|
|
21
|
+
* // ... deploy newKeyValue to HR service ...
|
|
22
|
+
* await helper.revokeOldKey(oldKeyId, { gracePeriodMs: 5 * 60 * 1000 });
|
|
23
|
+
*/
|
|
24
|
+
import type { IamClient } from './IamClient';
|
|
25
|
+
import type { ApiKeyData, ApiKeyCreatedData } from './types';
|
|
26
|
+
export interface RotationHelperConfig {
|
|
27
|
+
/** IAM backend URL */
|
|
28
|
+
iamBaseUrl: string;
|
|
29
|
+
/**
|
|
30
|
+
* IAM admin JWT for management endpoints.
|
|
31
|
+
* Must have `apikey.manage` permission.
|
|
32
|
+
*/
|
|
33
|
+
adminJwt: string;
|
|
34
|
+
/**
|
|
35
|
+
* Timeout for management API calls (ms). Defaults to 10000.
|
|
36
|
+
*/
|
|
37
|
+
timeoutMs?: number;
|
|
38
|
+
}
|
|
39
|
+
export interface CreateKeyOptions {
|
|
40
|
+
name: string;
|
|
41
|
+
description?: string;
|
|
42
|
+
owner_id?: number;
|
|
43
|
+
scopes?: string[];
|
|
44
|
+
expires_at?: string;
|
|
45
|
+
}
|
|
46
|
+
export declare class ApiKeyRotationHelper {
|
|
47
|
+
private readonly client;
|
|
48
|
+
private readonly config;
|
|
49
|
+
constructor(client: IamClient, config: RotationHelperConfig);
|
|
50
|
+
private get http();
|
|
51
|
+
/**
|
|
52
|
+
* Create a new API key via the IAM management endpoint.
|
|
53
|
+
*
|
|
54
|
+
* @returns The created key data including the one-time `key_value`.
|
|
55
|
+
* Store `key_value` securely — it cannot be retrieved later.
|
|
56
|
+
*/
|
|
57
|
+
createNewKey(options: CreateKeyOptions): Promise<ApiKeyCreatedData>;
|
|
58
|
+
/**
|
|
59
|
+
* Revoke an API key by its key_id.
|
|
60
|
+
*
|
|
61
|
+
* @param keyId The short key_id (ec_xxxxxxxx).
|
|
62
|
+
* @param options.gracePeriodMs Wait this long before revoking (default 0).
|
|
63
|
+
* Use >= 5 min for zero-downtime rotation.
|
|
64
|
+
* @param options.reason Human-readable reason for audit log.
|
|
65
|
+
*/
|
|
66
|
+
revokeKey(keyId: string, options?: {
|
|
67
|
+
gracePeriodMs?: number;
|
|
68
|
+
reason?: string;
|
|
69
|
+
}): Promise<void>;
|
|
70
|
+
/**
|
|
71
|
+
* List active API keys for a given owner_id.
|
|
72
|
+
*/
|
|
73
|
+
listActiveKeys(ownerId?: number): Promise<ApiKeyData[]>;
|
|
74
|
+
}
|
|
75
|
+
//# sourceMappingURL=ApiKeyRotationHelper.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ApiKeyRotationHelper.d.ts","sourceRoot":"","sources":["../src/ApiKeyRotationHelper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,KAAK,EAAkB,UAAU,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAE7E,MAAM,WAAW,oBAAoB;IACnC,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAY;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiC;gBAE5C,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,oBAAoB;IAQ3D,OAAO,KAAK,IAAI,GASf;IAED;;;;;OAKG;IACG,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAczE;;;;;;;OAOG;IACG,SAAS,CACb,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;QAAE,aAAa,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAO,GACxD,OAAO,CAAC,IAAI,CAAC;IAuBhB;;OAEG;IACG,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAkB9D"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* ApiKeyRotationHelper
|
|
4
|
+
*
|
|
5
|
+
* Utility class that assists with zero-downtime API key rotation.
|
|
6
|
+
*
|
|
7
|
+
* Rotation workflow:
|
|
8
|
+
* 1. Create a new key via IAM management API.
|
|
9
|
+
* 2. Update the consuming service's config with the new key
|
|
10
|
+
* (e.g. update env var, restart service, or use hot-reload).
|
|
11
|
+
* 3. After the grace period (>= permissionCacheTtlMs = 5 min), revoke the old key.
|
|
12
|
+
*
|
|
13
|
+
* This helper does NOT talk to IAM directly — it is purely a coordination
|
|
14
|
+
* wrapper around your own deployment/config update mechanism.
|
|
15
|
+
*
|
|
16
|
+
* Usage example:
|
|
17
|
+
* const helper = new ApiKeyRotationHelper(iamClient, {
|
|
18
|
+
* iamBaseUrl: 'http://authapi.easecation.net',
|
|
19
|
+
* adminJwt: process.env.IAM_ADMIN_JWT,
|
|
20
|
+
* });
|
|
21
|
+
* const { newKeyId, newKeyValue } = await helper.createNewKey({ name: 'HR Cron v2' });
|
|
22
|
+
* // ... deploy newKeyValue to HR service ...
|
|
23
|
+
* await helper.revokeOldKey(oldKeyId, { gracePeriodMs: 5 * 60 * 1000 });
|
|
24
|
+
*/
|
|
25
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
26
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
|
+
};
|
|
28
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
+
exports.ApiKeyRotationHelper = void 0;
|
|
30
|
+
const axios_1 = __importDefault(require("axios"));
|
|
31
|
+
class ApiKeyRotationHelper {
|
|
32
|
+
constructor(client, config) {
|
|
33
|
+
this.client = client;
|
|
34
|
+
this.config = {
|
|
35
|
+
timeoutMs: 10000,
|
|
36
|
+
...config,
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
get http() {
|
|
40
|
+
return axios_1.default.create({
|
|
41
|
+
baseURL: this.config.iamBaseUrl,
|
|
42
|
+
timeout: this.config.timeoutMs,
|
|
43
|
+
headers: {
|
|
44
|
+
'Content-Type': 'application/json',
|
|
45
|
+
'Authorization': `Bearer ${this.config.adminJwt}`,
|
|
46
|
+
},
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Create a new API key via the IAM management endpoint.
|
|
51
|
+
*
|
|
52
|
+
* @returns The created key data including the one-time `key_value`.
|
|
53
|
+
* Store `key_value` securely — it cannot be retrieved later.
|
|
54
|
+
*/
|
|
55
|
+
async createNewKey(options) {
|
|
56
|
+
const response = await this.http.post('/api/internal/apikeys', options);
|
|
57
|
+
const data = response.data;
|
|
58
|
+
if (!data.success || !data.data) {
|
|
59
|
+
throw new Error(`ApiKeyRotationHelper: createNewKey failed — ${data.message || data.code}`);
|
|
60
|
+
}
|
|
61
|
+
return data.data;
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Revoke an API key by its key_id.
|
|
65
|
+
*
|
|
66
|
+
* @param keyId The short key_id (ec_xxxxxxxx).
|
|
67
|
+
* @param options.gracePeriodMs Wait this long before revoking (default 0).
|
|
68
|
+
* Use >= 5 min for zero-downtime rotation.
|
|
69
|
+
* @param options.reason Human-readable reason for audit log.
|
|
70
|
+
*/
|
|
71
|
+
async revokeKey(keyId, options = {}) {
|
|
72
|
+
const { gracePeriodMs = 0, reason } = options;
|
|
73
|
+
if (gracePeriodMs > 0) {
|
|
74
|
+
await new Promise(resolve => setTimeout(resolve, gracePeriodMs));
|
|
75
|
+
}
|
|
76
|
+
const response = await this.http.post(`/api/internal/apikeys/${keyId}/revoke`, { reason });
|
|
77
|
+
const data = response.data;
|
|
78
|
+
if (!data.success) {
|
|
79
|
+
throw new Error(`ApiKeyRotationHelper: revokeKey failed — ${data.message || data.code}`);
|
|
80
|
+
}
|
|
81
|
+
// Evict from local cache immediately
|
|
82
|
+
// Note: the key_value is not stored here, so we can only clear the full cache
|
|
83
|
+
// In production, coordinate cache eviction via your deployment tooling
|
|
84
|
+
this.client.clearApiKeyCache();
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* List active API keys for a given owner_id.
|
|
88
|
+
*/
|
|
89
|
+
async listActiveKeys(ownerId) {
|
|
90
|
+
const params = new URLSearchParams({ status: 'active' });
|
|
91
|
+
if (ownerId !== undefined)
|
|
92
|
+
params.set('owner_id', String(ownerId));
|
|
93
|
+
const response = await this.http.get(`/api/internal/apikeys?${params.toString()}`);
|
|
94
|
+
const data = response.data;
|
|
95
|
+
if (!data.success || !data.data) {
|
|
96
|
+
throw new Error(`ApiKeyRotationHelper: listActiveKeys failed — ${data.message || data.code}`);
|
|
97
|
+
}
|
|
98
|
+
return data.data.items;
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
exports.ApiKeyRotationHelper = ApiKeyRotationHelper;
|
|
102
|
+
//# sourceMappingURL=ApiKeyRotationHelper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ApiKeyRotationHelper.js","sourceRoot":"","sources":["../src/ApiKeyRotationHelper.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;;;;;;AAEH,kDAA0B;AA0B1B,MAAa,oBAAoB;IAI/B,YAAY,MAAiB,EAAE,MAA4B;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,KAAM;YACjB,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED,IAAY,IAAI;QACd,OAAO,eAAK,CAAC,MAAM,CAAC;YAClB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU;YAC/B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAC9B,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;aAClD;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,OAAyB;QAC1C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,uBAAuB,EACvB,OAAO,CACR,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,+CAA+C,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9F,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,SAAS,CACb,KAAa,EACb,UAAuD,EAAE;QAEzD,MAAM,EAAE,aAAa,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAE9C,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,yBAAyB,KAAK,SAAS,EACvC,EAAE,MAAM,EAAE,CACX,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,qCAAqC;QACrC,8EAA8E;QAC9E,uEAAuE;QACvE,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,OAAgB;QACnC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzD,IAAI,OAAO,KAAK,SAAS;YAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAEnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAKhC,yBAAyB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAElD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,iDAAiD,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;IACzB,CAAC;CACF;AAlGD,oDAkGC"}
|
package/dist/IamClient.d.ts
CHANGED
|
@@ -3,9 +3,9 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Usage:
|
|
5
5
|
* const client = new IamClient({
|
|
6
|
-
* iamBaseUrl: 'http://
|
|
7
|
-
* clientId: '
|
|
8
|
-
* clientSecret: '
|
|
6
|
+
* iamBaseUrl: 'http://iamapi.easecation.net',
|
|
7
|
+
* clientId: 'YOUR_APP_CLIENT_ID',
|
|
8
|
+
* clientSecret: 'YOUR_APP_CLIENT_SECRET',
|
|
9
9
|
* });
|
|
10
10
|
*
|
|
11
11
|
* // Exchange OAuth code during login callback
|
|
@@ -14,14 +14,23 @@
|
|
|
14
14
|
* // Verify a token on each request
|
|
15
15
|
* const result = await client.verifyToken(accessToken);
|
|
16
16
|
*/
|
|
17
|
-
import { IamClientConfig, OAuthTokenData, VerifyTokenData, RefreshTokenData, JwksData, UserProfileData, UserBootstrapData } from './types';
|
|
17
|
+
import { IamClientConfig, OAuthTokenData, VerifyTokenData, RefreshTokenData, JwksData, UserProfileData, UserBootstrapData, HrBootstrapData, ApiKeyVerifyData } from './types';
|
|
18
18
|
export declare class IamClient {
|
|
19
19
|
private readonly config;
|
|
20
20
|
private readonly http;
|
|
21
21
|
/** Cached app session token */
|
|
22
22
|
private cachedAppToken;
|
|
23
|
+
/** Cached V1 app session token */
|
|
24
|
+
private cachedV1AppToken;
|
|
23
25
|
/** Permission/verify cache keyed by access_token */
|
|
24
26
|
private verifyCache;
|
|
27
|
+
/**
|
|
28
|
+
* API key verify cache keyed by key_value.
|
|
29
|
+
* Only valid=true results are cached (prevents cache-flooding with invalid keys).
|
|
30
|
+
* TTL matches permissionCacheTtlMs (default 5 min) which equals the revoke
|
|
31
|
+
* propagation window guaranteed by this library.
|
|
32
|
+
*/
|
|
33
|
+
private apiKeyCache;
|
|
25
34
|
constructor(config: IamClientConfig);
|
|
26
35
|
/**
|
|
27
36
|
* Get (or return cached) the App Session Token.
|
|
@@ -30,6 +39,13 @@ export declare class IamClient {
|
|
|
30
39
|
getAppSessionToken(): Promise<string>;
|
|
31
40
|
/** Invalidate the cached app session token (force re-auth on next call). */
|
|
32
41
|
invalidateAppToken(): void;
|
|
42
|
+
/**
|
|
43
|
+
* Get (or return cached) the V1 App Session Token.
|
|
44
|
+
* Used for legacy V1 endpoints (e.g. verify-iam-token).
|
|
45
|
+
*/
|
|
46
|
+
getV1AppSessionToken(): Promise<string>;
|
|
47
|
+
/** Invalidate cached V1 app session token. */
|
|
48
|
+
invalidateV1AppToken(): void;
|
|
33
49
|
/**
|
|
34
50
|
* Exchange an OAuth2 authorization code for a V2 token pair.
|
|
35
51
|
* Returns { access_token, expires_in, refresh_token, refresh_token_expires_in }.
|
|
@@ -63,11 +79,34 @@ export declare class IamClient {
|
|
|
63
79
|
* Get user profile plus requested user_data keys for the target application.
|
|
64
80
|
*/
|
|
65
81
|
getUserBootstrap(accessToken: string, dataCodes: string[], targetApplicationId?: number): Promise<UserBootstrapData>;
|
|
82
|
+
/**
|
|
83
|
+
* HR helper: fetch bootstrap data and normalize HR fields.
|
|
84
|
+
*/
|
|
85
|
+
getHrBootstrapData(accessToken: string, dataAppId?: number): Promise<HrBootstrapData>;
|
|
86
|
+
/**
|
|
87
|
+
* Verify IAM callback token (legacy V1 endpoint).
|
|
88
|
+
*/
|
|
89
|
+
verifyIamCallbackToken(iamToken: string): Promise<boolean>;
|
|
66
90
|
/**
|
|
67
91
|
* Get permissions for a specific user+application.
|
|
68
92
|
* @param userId IAM uid
|
|
69
93
|
* @param targetApplicationId Defaults to the calling application.
|
|
70
94
|
*/
|
|
71
95
|
getUserPermissions(userId: number, targetApplicationId?: number): Promise<string[]>;
|
|
96
|
+
/**
|
|
97
|
+
* Verify an API key by calling IAM's internal verify endpoint.
|
|
98
|
+
*
|
|
99
|
+
* - Only **valid** results are cached (5-min TTL by default).
|
|
100
|
+
* This prevents cache-flooding attacks with invalid keys.
|
|
101
|
+
* - Revocation propagates within `permissionCacheTtlMs` (default 5 min).
|
|
102
|
+
*
|
|
103
|
+
* @param keyValue The full API key value (ec_...).
|
|
104
|
+
* @returns The verify result data, or throws if invalid/network error.
|
|
105
|
+
*/
|
|
106
|
+
verifyApiKey(keyValue: string): Promise<ApiKeyVerifyData>;
|
|
107
|
+
/** Evict a specific API key from the local cache (e.g. after rotation). */
|
|
108
|
+
evictApiKeyFromCache(keyValue: string): void;
|
|
109
|
+
/** Clear the entire API key cache (e.g. after bulk revocation). */
|
|
110
|
+
clearApiKeyCache(): void;
|
|
72
111
|
}
|
|
73
112
|
//# sourceMappingURL=IamClient.d.ts.map
|
package/dist/IamClient.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IamClient.d.ts","sourceRoot":"","sources":["../src/IamClient.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,eAAe,EAGf,cAAc,EACd,eAAe,EACf,gBAAgB,EAEhB,QAAQ,EACR,eAAe,EAEf,iBAAiB,
|
|
1
|
+
{"version":3,"file":"IamClient.d.ts","sourceRoot":"","sources":["../src/IamClient.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,eAAe,EAGf,cAAc,EACd,eAAe,EACf,gBAAgB,EAEhB,QAAQ,EACR,eAAe,EAEf,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAEjB,MAAM,SAAS,CAAC;AAYjB,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA4B;IACnD,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAgB;IAErC,+BAA+B;IAC/B,OAAO,CAAC,cAAc,CAA+B;IAErD,kCAAkC;IAClC,OAAO,CAAC,gBAAgB,CAA+B;IAEvD,oDAAoD;IACpD,OAAO,CAAC,WAAW,CAAyC;IAE5D;;;;;OAKG;IACH,OAAO,CAAC,WAAW,CAAyC;gBAEhD,MAAM,EAAE,eAAe;IAiBnC;;;OAGG;IACG,kBAAkB,IAAI,OAAO,CAAC,MAAM,CAAC;IA2B3C,4EAA4E;IAC5E,kBAAkB,IAAI,IAAI;IAM1B;;;OAGG;IACG,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC;IA2B7C,8CAA8C;IAC9C,oBAAoB,IAAI,IAAI;IAM5B;;;OAGG;IACG,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAmBnF;;;OAGG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAoChE,sEAAsE;IACtE,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAM/C;;OAEG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAmBnE;;OAEG;IACG,WAAW,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAezD;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC;IAOlC;;OAEG;IACG,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAmBnE;;OAEG;IACG,gBAAgB,CACpB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EAAE,EACnB,mBAAmB,CAAC,EAAE,MAAM,GAC3B,OAAO,CAAC,iBAAiB,CAAC;IAyB7B;;OAEG;IACG,kBAAkB,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,GAAE,MAAU,GAAG,OAAO,CAAC,eAAe,CAAC;IAiC9F;;OAEG;IACG,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAchE;;;;OAIG;IACG,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,mBAAmB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAwBzF;;;;;;;;;OASG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAsC/D,2EAA2E;IAC3E,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAI5C,mEAAmE;IACnE,gBAAgB,IAAI,IAAI;CAGzB"}
|
package/dist/IamClient.js
CHANGED
|
@@ -4,9 +4,9 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Usage:
|
|
6
6
|
* const client = new IamClient({
|
|
7
|
-
* iamBaseUrl: 'http://
|
|
8
|
-
* clientId: '
|
|
9
|
-
* clientSecret: '
|
|
7
|
+
* iamBaseUrl: 'http://iamapi.easecation.net',
|
|
8
|
+
* clientId: 'YOUR_APP_CLIENT_ID',
|
|
9
|
+
* clientSecret: 'YOUR_APP_CLIENT_SECRET',
|
|
10
10
|
* });
|
|
11
11
|
*
|
|
12
12
|
* // Exchange OAuth code during login callback
|
|
@@ -25,8 +25,17 @@ class IamClient {
|
|
|
25
25
|
constructor(config) {
|
|
26
26
|
/** Cached app session token */
|
|
27
27
|
this.cachedAppToken = null;
|
|
28
|
+
/** Cached V1 app session token */
|
|
29
|
+
this.cachedV1AppToken = null;
|
|
28
30
|
/** Permission/verify cache keyed by access_token */
|
|
29
31
|
this.verifyCache = new Map();
|
|
32
|
+
/**
|
|
33
|
+
* API key verify cache keyed by key_value.
|
|
34
|
+
* Only valid=true results are cached (prevents cache-flooding with invalid keys).
|
|
35
|
+
* TTL matches permissionCacheTtlMs (default 5 min) which equals the revoke
|
|
36
|
+
* propagation window guaranteed by this library.
|
|
37
|
+
*/
|
|
38
|
+
this.apiKeyCache = new Map();
|
|
30
39
|
this.config = {
|
|
31
40
|
appTokenCacheTtlMs: 55 * 60 * 1000, // 55 minutes
|
|
32
41
|
permissionCacheTtlMs: 5 * 60 * 1000, // 5 minutes
|
|
@@ -67,6 +76,34 @@ class IamClient {
|
|
|
67
76
|
invalidateAppToken() {
|
|
68
77
|
this.cachedAppToken = null;
|
|
69
78
|
}
|
|
79
|
+
// ── V1 App Session Token ───────────────────────────────────────────────────
|
|
80
|
+
/**
|
|
81
|
+
* Get (or return cached) the V1 App Session Token.
|
|
82
|
+
* Used for legacy V1 endpoints (e.g. verify-iam-token).
|
|
83
|
+
*/
|
|
84
|
+
async getV1AppSessionToken() {
|
|
85
|
+
const now = Date.now();
|
|
86
|
+
if (this.cachedV1AppToken && now < this.cachedV1AppToken.expiresAt) {
|
|
87
|
+
return this.cachedV1AppToken.token;
|
|
88
|
+
}
|
|
89
|
+
const response = await this.http.post('/api/open/v1/token', {
|
|
90
|
+
client_id: this.config.clientId,
|
|
91
|
+
client_secret: this.config.clientSecret,
|
|
92
|
+
});
|
|
93
|
+
const data = response.data;
|
|
94
|
+
if (!data.success || !data.data?.applicationSessionToken) {
|
|
95
|
+
throw new Error(`IAM: Failed to get V1 app token: ${data.message || data.code}`);
|
|
96
|
+
}
|
|
97
|
+
this.cachedV1AppToken = {
|
|
98
|
+
token: data.data.applicationSessionToken,
|
|
99
|
+
expiresAt: now + this.config.appTokenCacheTtlMs,
|
|
100
|
+
};
|
|
101
|
+
return this.cachedV1AppToken.token;
|
|
102
|
+
}
|
|
103
|
+
/** Invalidate cached V1 app session token. */
|
|
104
|
+
invalidateV1AppToken() {
|
|
105
|
+
this.cachedV1AppToken = null;
|
|
106
|
+
}
|
|
70
107
|
// ── OAuth2 Code Exchange ─────────────────────────────────────────────────────
|
|
71
108
|
/**
|
|
72
109
|
* Exchange an OAuth2 authorization code for a V2 token pair.
|
|
@@ -181,6 +218,40 @@ class IamClient {
|
|
|
181
218
|
}
|
|
182
219
|
return data.data;
|
|
183
220
|
}
|
|
221
|
+
/**
|
|
222
|
+
* HR helper: fetch bootstrap data and normalize HR fields.
|
|
223
|
+
*/
|
|
224
|
+
async getHrBootstrapData(accessToken, dataAppId = 1) {
|
|
225
|
+
const bootstrap = await this.getUserBootstrap(accessToken, ['group', 'ECID', 'serverAdmin', 'serverAdminDue'], dataAppId);
|
|
226
|
+
const hrGroupRaw = bootstrap.user_data.group;
|
|
227
|
+
if (!hrGroupRaw) {
|
|
228
|
+
throw new Error('Failed to get user group');
|
|
229
|
+
}
|
|
230
|
+
const hrGroup = parseInt(String(hrGroupRaw), 10);
|
|
231
|
+
if (Number.isNaN(hrGroup)) {
|
|
232
|
+
throw new Error('Invalid user group');
|
|
233
|
+
}
|
|
234
|
+
return {
|
|
235
|
+
uid: bootstrap.uid,
|
|
236
|
+
name: bootstrap.name,
|
|
237
|
+
email: bootstrap.email,
|
|
238
|
+
hrGroup,
|
|
239
|
+
ECID: bootstrap.user_data.ECID ?? undefined,
|
|
240
|
+
serverAdmin: bootstrap.user_data.serverAdmin !== null && bootstrap.user_data.serverAdmin !== undefined
|
|
241
|
+
? Number(bootstrap.user_data.serverAdmin)
|
|
242
|
+
: undefined,
|
|
243
|
+
serverAdminDue: bootstrap.user_data.serverAdminDue ?? undefined,
|
|
244
|
+
};
|
|
245
|
+
}
|
|
246
|
+
// ── IAM Callback Verify (V1) ───────────────────────────────────────────────
|
|
247
|
+
/**
|
|
248
|
+
* Verify IAM callback token (legacy V1 endpoint).
|
|
249
|
+
*/
|
|
250
|
+
async verifyIamCallbackToken(iamToken) {
|
|
251
|
+
const appToken = await this.getV1AppSessionToken();
|
|
252
|
+
const response = await this.http.post('/api/open/v1/verify-iam-token', { iam_token: iamToken }, { headers: { 'X-App-Session-Token': appToken } });
|
|
253
|
+
return response.data?.data?.valid === true;
|
|
254
|
+
}
|
|
184
255
|
// ── User Permissions ──────────────────────────────────────────────────────────
|
|
185
256
|
/**
|
|
186
257
|
* Get permissions for a specific user+application.
|
|
@@ -200,6 +271,51 @@ class IamClient {
|
|
|
200
271
|
}
|
|
201
272
|
return data.data.permissions;
|
|
202
273
|
}
|
|
274
|
+
// ── API Key Verify ────────────────────────────────────────────────────────────
|
|
275
|
+
/**
|
|
276
|
+
* Verify an API key by calling IAM's internal verify endpoint.
|
|
277
|
+
*
|
|
278
|
+
* - Only **valid** results are cached (5-min TTL by default).
|
|
279
|
+
* This prevents cache-flooding attacks with invalid keys.
|
|
280
|
+
* - Revocation propagates within `permissionCacheTtlMs` (default 5 min).
|
|
281
|
+
*
|
|
282
|
+
* @param keyValue The full API key value (ec_...).
|
|
283
|
+
* @returns The verify result data, or throws if invalid/network error.
|
|
284
|
+
*/
|
|
285
|
+
async verifyApiKey(keyValue) {
|
|
286
|
+
const now = Date.now();
|
|
287
|
+
const cached = this.apiKeyCache.get(keyValue);
|
|
288
|
+
if (cached && now < cached.expiresAt) {
|
|
289
|
+
return cached.result;
|
|
290
|
+
}
|
|
291
|
+
const appToken = await this.getAppSessionToken();
|
|
292
|
+
const response = await this.http.post('/api/internal/apikeys/verify', { key: keyValue }, { headers: { 'X-App-Session-Token': appToken } });
|
|
293
|
+
const data = response.data;
|
|
294
|
+
if (!data.success || !data.data) {
|
|
295
|
+
// Do NOT cache invalid results
|
|
296
|
+
this.apiKeyCache.delete(keyValue);
|
|
297
|
+
throw new Error(`IAM: API key verification failed: ${data.message || data.code}`);
|
|
298
|
+
}
|
|
299
|
+
if (!data.data.valid) {
|
|
300
|
+
// Explicit invalid response — do not cache
|
|
301
|
+
this.apiKeyCache.delete(keyValue);
|
|
302
|
+
throw new Error(`IAM: API key verification failed: invalid key`);
|
|
303
|
+
}
|
|
304
|
+
// Cache only valid results
|
|
305
|
+
this.apiKeyCache.set(keyValue, {
|
|
306
|
+
result: data.data,
|
|
307
|
+
expiresAt: now + this.config.permissionCacheTtlMs,
|
|
308
|
+
});
|
|
309
|
+
return data.data;
|
|
310
|
+
}
|
|
311
|
+
/** Evict a specific API key from the local cache (e.g. after rotation). */
|
|
312
|
+
evictApiKeyFromCache(keyValue) {
|
|
313
|
+
this.apiKeyCache.delete(keyValue);
|
|
314
|
+
}
|
|
315
|
+
/** Clear the entire API key cache (e.g. after bulk revocation). */
|
|
316
|
+
clearApiKeyCache() {
|
|
317
|
+
this.apiKeyCache.clear();
|
|
318
|
+
}
|
|
203
319
|
}
|
|
204
320
|
exports.IamClient = IamClient;
|
|
205
321
|
//# sourceMappingURL=IamClient.js.map
|
package/dist/IamClient.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IamClient.js","sourceRoot":"","sources":["../src/IamClient.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;AAEH,kDAA6C;
|
|
1
|
+
{"version":3,"file":"IamClient.js","sourceRoot":"","sources":["../src/IamClient.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;AAEH,kDAA6C;AA4B7C,MAAa,SAAS;IAqBpB,YAAY,MAAuB;QAjBnC,+BAA+B;QACvB,mBAAc,GAA0B,IAAI,CAAC;QAErD,kCAAkC;QAC1B,qBAAgB,GAA0B,IAAI,CAAC;QAEvD,oDAAoD;QAC5C,gBAAW,GAAG,IAAI,GAAG,EAA8B,CAAC;QAE5D;;;;;WAKG;QACK,gBAAW,GAAG,IAAI,GAAG,EAA8B,CAAC;QAG1D,IAAI,CAAC,MAAM,GAAG;YACZ,kBAAkB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAI,aAAa;YACnD,oBAAoB,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAI,YAAY;YACnD,SAAS,EAAE,IAAI;YACf,GAAG,MAAM;SACV,CAAC;QAEF,IAAI,CAAC,IAAI,GAAG,eAAK,CAAC,MAAM,CAAC;YACvB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU;YAC/B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAC9B,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CAAC;IACL,CAAC;IAED,gFAAgF;IAEhF;;;OAGG;IACH,KAAK,CAAC,kBAAkB;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,cAAc,IAAI,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;QACnC,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,oBAAoB,EACpB;YACE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACxC,CACF,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,CAAC,cAAc,GAAG;YACpB,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,uBAAuB;YACxC,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,kBAAkB;SAChD,CAAC;QAEF,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;IACnC,CAAC;IAED,4EAA4E;IAC5E,kBAAkB;QAChB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACH,KAAK,CAAC,oBAAoB;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,gBAAgB,IAAI,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC;YACnE,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC;QACrC,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,oBAAoB,EACpB;YACE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACxC,CACF,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,oCAAoC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACnF,CAAC;QAED,IAAI,CAAC,gBAAgB,GAAG;YACtB,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,uBAAuB;YACxC,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,kBAAkB;SAChD,CAAC;QAEF,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC;IACrC,CAAC;IAED,8CAA8C;IAC9C,oBAAoB;QAClB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAC/B,CAAC;IAED,gFAAgF;IAEhF;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,IAAY,EAAE,WAAmB;QACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,0BAA0B,EAC1B,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,EACnC,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,oCAAoC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACnF,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,gFAAgF;IAEhF;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACjD,IAAI,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YACrC,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,qBAAqB,EACrB,EAAE,YAAY,EAAE,WAAW,EAAE,EAC7B,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,gEAAgE;YAChE,sEAAsE;YACtE,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,0DAA0D;QAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC;QACnC,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,KAAK,GAAG,IAAI,CAAC,CAAC;QACtF,IAAI,cAAc,GAAG,GAAG,EAAE,CAAC;YACzB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE;gBAChC,MAAM,EAAE,IAAI,CAAC,IAAI;gBACjB,SAAS,EAAE,cAAc;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,sEAAsE;IACtE,oBAAoB,CAAC,WAAmB;QACtC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACvC,CAAC;IAED,iFAAiF;IAEjF;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB;QACrC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,sBAAsB,EACtB,EAAE,aAAa,EAAE,YAAY,EAAE,EAC/B,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,iFAAiF;IAEjF;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,YAAoB;QACpC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,qBAAqB,EACrB,EAAE,aAAa,EAAE,YAAY,EAAE,EAC/B,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,iFAAiF;IAEjF;;;OAGG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAW,mBAAmB,CAAC,CAAC;QACpE,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAED,iFAAiF;IAEjF;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,WAAmB;QACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,2BAA2B,EAC3B,EAAE,YAAY,EAAE,WAAW,EAAE,EAC7B,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,gBAAgB,CACpB,WAAmB,EACnB,SAAmB,EACnB,mBAA4B;QAE5B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,IAAI,GAA4B;YACpC,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,SAAS;SACtB,CAAC;QACF,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC,qBAAqB,GAAG,mBAAmB,CAAC;QACnD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,6BAA6B,EAC7B,IAAI,EACJ,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,WAAmB,EAAE,YAAoB,CAAC;QACjE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAC3C,WAAW,EACX,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,gBAAgB,CAAC,EAClD,SAAS,CACV,CAAC;QAEF,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC;QAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC;QACjD,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,OAAO;YACL,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,OAAO;YACP,IAAI,EAAE,SAAS,CAAC,SAAS,CAAC,IAAI,IAAI,SAAS;YAC3C,WAAW,EACT,SAAS,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI,IAAI,SAAS,CAAC,SAAS,CAAC,WAAW,KAAK,SAAS;gBACvF,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC;gBACzC,CAAC,CAAC,SAAS;YACf,cAAc,EAAE,SAAS,CAAC,SAAS,CAAC,cAAc,IAAI,SAAS;SAChE,CAAC;IACJ,CAAC;IAED,8EAA8E;IAE9E;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,QAAgB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAEnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,+BAA+B,EAC/B,EAAE,SAAS,EAAE,QAAQ,EAAE,EACvB,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,KAAK,IAAI,CAAC;IAC7C,CAAC;IAED,iFAAiF;IAEjF;;;;OAIG;IACH,KAAK,CAAC,kBAAkB,CAAC,MAAc,EAAE,mBAA4B;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,IAAI,GAA4B,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;QAC1D,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC,qBAAqB,GAAG,mBAAmB,CAAC;QACnD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,+BAA+B,EAC/B,IAAI,EACJ,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;IAC/B,CAAC;IAED,iFAAiF;IAEjF;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YACrC,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,8BAA8B,EAC9B,EAAE,GAAG,EAAE,QAAQ,EAAE,EACjB,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAE3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,+BAA+B;YAC/B,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,qCAAqC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACpF,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACrB,2CAA2C;YAC3C,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE;YAC7B,MAAM,EAAE,IAAI,CAAC,IAAI;YACjB,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB;SAClD,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,2EAA2E;IAC3E,oBAAoB,CAAC,QAAgB;QACnC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,mEAAmE;IACnE,gBAAgB;QACd,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;CACF;AA5aD,8BA4aC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
export { IamClient } from './IamClient';
|
|
2
|
-
export { createIamAuthMiddleware } from './middleware';
|
|
3
|
-
export type { IamRequest } from './middleware';
|
|
4
|
-
export
|
|
2
|
+
export { createIamAuthMiddleware, createApiKeyMiddleware } from './middleware';
|
|
3
|
+
export type { IamRequest, ApiKeyAuthRequest } from './middleware';
|
|
4
|
+
export { ApiKeyRotationHelper } from './ApiKeyRotationHelper';
|
|
5
|
+
export type { RotationHelperConfig, CreateKeyOptions } from './ApiKeyRotationHelper';
|
|
6
|
+
export type { IamClientConfig, IamApiResponse, AppTokenData, OAuthTokenData, VerifyTokenData, RefreshTokenData, RevokeTokenData, JwkData, JwksData, UserProfileData, UserPermissionsData, UserBootstrapData, HrBootstrapData, DecodedAccessToken, IamAuthRequest, ApiKeyOwnerType, ApiKeyStatus, ApiKeyVerifyData, CachedApiKeyResult, ApiKeyVerifyRequest, ApiKeyData, ApiKeyCreatedData, ApiKeyRequest, ApiKeyMiddlewareOptions, } from './types';
|
|
5
7
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAC/E,YAAY,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACrF,YAAY,EACV,eAAe,EACf,cAAc,EACd,YAAY,EACZ,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,OAAO,EACP,QAAQ,EACR,eAAe,EACf,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,cAAc,EAEd,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,UAAU,EACV,iBAAiB,EACjB,aAAa,EACb,uBAAuB,GACxB,MAAM,SAAS,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.createIamAuthMiddleware = exports.IamClient = void 0;
|
|
3
|
+
exports.ApiKeyRotationHelper = exports.createApiKeyMiddleware = exports.createIamAuthMiddleware = exports.IamClient = void 0;
|
|
4
4
|
var IamClient_1 = require("./IamClient");
|
|
5
5
|
Object.defineProperty(exports, "IamClient", { enumerable: true, get: function () { return IamClient_1.IamClient; } });
|
|
6
6
|
var middleware_1 = require("./middleware");
|
|
7
7
|
Object.defineProperty(exports, "createIamAuthMiddleware", { enumerable: true, get: function () { return middleware_1.createIamAuthMiddleware; } });
|
|
8
|
+
Object.defineProperty(exports, "createApiKeyMiddleware", { enumerable: true, get: function () { return middleware_1.createApiKeyMiddleware; } });
|
|
9
|
+
var ApiKeyRotationHelper_1 = require("./ApiKeyRotationHelper");
|
|
10
|
+
Object.defineProperty(exports, "ApiKeyRotationHelper", { enumerable: true, get: function () { return ApiKeyRotationHelper_1.ApiKeyRotationHelper; } });
|
|
8
11
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yCAAwC;AAA/B,sGAAA,SAAS,OAAA;AAClB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yCAAwC;AAA/B,sGAAA,SAAS,OAAA;AAClB,2CAA+E;AAAtE,qHAAA,uBAAuB,OAAA;AAAE,oHAAA,sBAAsB,OAAA;AAExD,+DAA8D;AAArD,4HAAA,oBAAoB,OAAA"}
|
package/dist/middleware.d.ts
CHANGED
|
@@ -14,6 +14,7 @@
|
|
|
14
14
|
*/
|
|
15
15
|
import type { Request, Response, NextFunction } from 'express';
|
|
16
16
|
import { IamClient } from './IamClient';
|
|
17
|
+
import type { ApiKeyRequest, ApiKeyMiddlewareOptions } from './types';
|
|
17
18
|
/** Express Request extended with IAM claims */
|
|
18
19
|
export interface IamRequest extends Request {
|
|
19
20
|
iamUid: number;
|
|
@@ -29,5 +30,34 @@ type IamMiddlewareFn = (req: Request, res: Response, next: NextFunction) => Prom
|
|
|
29
30
|
* @returns A function `iamAuth(requiredPermissions?)` that returns an Express middleware.
|
|
30
31
|
*/
|
|
31
32
|
export declare function createIamAuthMiddleware(client: IamClient): (requiredPermissions?: string[]) => IamMiddlewareFn;
|
|
33
|
+
/** Express Request extended with API key claims */
|
|
34
|
+
export interface ApiKeyAuthRequest extends Request, ApiKeyRequest {
|
|
35
|
+
}
|
|
36
|
+
type ApiKeyMiddlewareFn = (req: Request, res: Response, next: NextFunction) => Promise<void>;
|
|
37
|
+
/**
|
|
38
|
+
* Create an API key auth middleware factory bound to an IamClient instance.
|
|
39
|
+
*
|
|
40
|
+
* Usage:
|
|
41
|
+
* const apiKeyAuth = createApiKeyMiddleware(iamClient);
|
|
42
|
+
*
|
|
43
|
+
* // Protect a route (no scope requirements)
|
|
44
|
+
* router.get('/sync', apiKeyAuth(), handler);
|
|
45
|
+
*
|
|
46
|
+
* // Protect a route and require specific scopes
|
|
47
|
+
* router.post('/admin', apiKeyAuth({ requiredScopes: ['admin.write'] }), handler);
|
|
48
|
+
*
|
|
49
|
+
* // Customise error format (e.g. for HR service responseWithResult)
|
|
50
|
+
* router.get('/data', apiKeyAuth({
|
|
51
|
+
* onAuthError: (req, res, status, msg) => responseWithResult(res, null, status, msg)
|
|
52
|
+
* }), handler);
|
|
53
|
+
*
|
|
54
|
+
* Notes:
|
|
55
|
+
* - Only valid=true results are cached (prevents cache-flooding).
|
|
56
|
+
* - Revocation propagates within permissionCacheTtlMs (default 5 min).
|
|
57
|
+
* - Attaches apiKeyId, apiKeyOwnerType, apiKeyOwnerId, apiKeyScopes to req.
|
|
58
|
+
*
|
|
59
|
+
* @param client Configured IamClient.
|
|
60
|
+
*/
|
|
61
|
+
export declare function createApiKeyMiddleware(client: IamClient): (options?: ApiKeyMiddlewareOptions) => ApiKeyMiddlewareFn;
|
|
32
62
|
export {};
|
|
33
63
|
//# sourceMappingURL=middleware.d.ts.map
|
package/dist/middleware.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,KAAK,EAAE,aAAa,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAEtE,+CAA+C;AAC/C,MAAM,WAAW,UAAW,SAAQ,OAAO;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,KAAK,eAAe,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAI1F;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,SAAS,IAC/B,sBAAqB,MAAM,EAAO,KAAG,eAAe,CAwE7E;AAID,mDAAmD;AACnD,MAAM,WAAW,iBAAkB,SAAQ,OAAO,EAAE,aAAa;CAAG;AAEpE,KAAK,kBAAkB,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAE7F;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,SAAS,IAC3B,UAAS,uBAA4B,KAAG,kBAAkB,CA4EtF"}
|
package/dist/middleware.js
CHANGED
|
@@ -15,6 +15,8 @@
|
|
|
15
15
|
*/
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
exports.createIamAuthMiddleware = createIamAuthMiddleware;
|
|
18
|
+
exports.createApiKeyMiddleware = createApiKeyMiddleware;
|
|
19
|
+
// ── IAM JWT middleware ────────────────────────────────────────────────────────
|
|
18
20
|
/**
|
|
19
21
|
* Create an auth middleware factory bound to an IamClient instance.
|
|
20
22
|
*
|
|
@@ -84,4 +86,91 @@ function createIamAuthMiddleware(client) {
|
|
|
84
86
|
};
|
|
85
87
|
};
|
|
86
88
|
}
|
|
89
|
+
/**
|
|
90
|
+
* Create an API key auth middleware factory bound to an IamClient instance.
|
|
91
|
+
*
|
|
92
|
+
* Usage:
|
|
93
|
+
* const apiKeyAuth = createApiKeyMiddleware(iamClient);
|
|
94
|
+
*
|
|
95
|
+
* // Protect a route (no scope requirements)
|
|
96
|
+
* router.get('/sync', apiKeyAuth(), handler);
|
|
97
|
+
*
|
|
98
|
+
* // Protect a route and require specific scopes
|
|
99
|
+
* router.post('/admin', apiKeyAuth({ requiredScopes: ['admin.write'] }), handler);
|
|
100
|
+
*
|
|
101
|
+
* // Customise error format (e.g. for HR service responseWithResult)
|
|
102
|
+
* router.get('/data', apiKeyAuth({
|
|
103
|
+
* onAuthError: (req, res, status, msg) => responseWithResult(res, null, status, msg)
|
|
104
|
+
* }), handler);
|
|
105
|
+
*
|
|
106
|
+
* Notes:
|
|
107
|
+
* - Only valid=true results are cached (prevents cache-flooding).
|
|
108
|
+
* - Revocation propagates within permissionCacheTtlMs (default 5 min).
|
|
109
|
+
* - Attaches apiKeyId, apiKeyOwnerType, apiKeyOwnerId, apiKeyScopes to req.
|
|
110
|
+
*
|
|
111
|
+
* @param client Configured IamClient.
|
|
112
|
+
*/
|
|
113
|
+
function createApiKeyMiddleware(client) {
|
|
114
|
+
return function apiKeyAuth(options = {}) {
|
|
115
|
+
const { cacheTtlMs: _cacheTtlMs, // informational — actual TTL lives in IamClient
|
|
116
|
+
headerName = 'x-api-key', requiredScopes = [], onAuthError, } = options;
|
|
117
|
+
const sendError = (req, res, status, message) => {
|
|
118
|
+
if (onAuthError) {
|
|
119
|
+
onAuthError(req, res, status, message);
|
|
120
|
+
}
|
|
121
|
+
else {
|
|
122
|
+
res.status(status).json({ success: false, message });
|
|
123
|
+
}
|
|
124
|
+
};
|
|
125
|
+
return async (req, res, next) => {
|
|
126
|
+
const keyValue = req.headers[headerName];
|
|
127
|
+
if (!keyValue) {
|
|
128
|
+
sendError(req, res, 401, `Missing ${headerName} header`);
|
|
129
|
+
return;
|
|
130
|
+
}
|
|
131
|
+
if (!keyValue.startsWith('ec_')) {
|
|
132
|
+
sendError(req, res, 401, 'Invalid API key format');
|
|
133
|
+
return;
|
|
134
|
+
}
|
|
135
|
+
try {
|
|
136
|
+
const result = await client.verifyApiKey(keyValue);
|
|
137
|
+
// Scope check: null scopes on the key = unrestricted
|
|
138
|
+
if (requiredScopes.length > 0 && result.scopes !== null) {
|
|
139
|
+
const hasAll = requiredScopes.every(s => result.scopes.includes(s));
|
|
140
|
+
if (!hasAll) {
|
|
141
|
+
sendError(req, res, 403, 'API key does not have required scopes');
|
|
142
|
+
return;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
// Attach claims to request
|
|
146
|
+
const apiKeyReq = req;
|
|
147
|
+
apiKeyReq.apiKeyId = result.key_id;
|
|
148
|
+
apiKeyReq.apiKeyOwnerType = result.owner_type;
|
|
149
|
+
apiKeyReq.apiKeyOwnerId = result.owner_id;
|
|
150
|
+
apiKeyReq.apiKeyScopes = result.scopes;
|
|
151
|
+
next();
|
|
152
|
+
}
|
|
153
|
+
catch (error) {
|
|
154
|
+
const msg = error?.message || '';
|
|
155
|
+
const isKeyError = msg.includes('API key verification failed') ||
|
|
156
|
+
msg.includes('invalid key');
|
|
157
|
+
const isNetworkError = error?.code === 'ECONNREFUSED' ||
|
|
158
|
+
error?.code === 'ENOTFOUND' ||
|
|
159
|
+
error?.code === 'ETIMEDOUT' ||
|
|
160
|
+
(error?.response?.status != null && error.response.status >= 500);
|
|
161
|
+
if (isKeyError) {
|
|
162
|
+
sendError(req, res, 401, 'Invalid or revoked API key');
|
|
163
|
+
return;
|
|
164
|
+
}
|
|
165
|
+
if (isNetworkError) {
|
|
166
|
+
console.error('[IamClient] IAM unreachable during API key verify:', error?.code || error?.message);
|
|
167
|
+
sendError(req, res, 503, 'Authentication service temporarily unavailable');
|
|
168
|
+
return;
|
|
169
|
+
}
|
|
170
|
+
console.error('[IamClient] API key middleware error:', error);
|
|
171
|
+
sendError(req, res, 500, 'Authentication service error');
|
|
172
|
+
}
|
|
173
|
+
};
|
|
174
|
+
};
|
|
175
|
+
}
|
|
87
176
|
//# sourceMappingURL=middleware.js.map
|
package/dist/middleware.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAwBH,0DAyEC;AAiCD,wDA6EC;AA/LD,iFAAiF;AAEjF;;;;;GAKG;AACH,SAAgB,uBAAuB,CAAC,MAAiB;IACvD,OAAO,SAAS,OAAO,CAAC,sBAAgC,EAAE;QACxD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;YAC9E,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAChD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAC;gBAClF,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAChD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAC;gBAClF,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;gBAErD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;oBAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;oBAC1E,OAAO;gBACT,CAAC;gBAED,mBAAmB;gBACnB,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACnC,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC9E,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC,CAAC;wBAC9E,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,2BAA2B;gBAC3B,MAAM,MAAM,GAAG,GAAiB,CAAC;gBACjC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC;gBAC3B,MAAM,CAAC,gBAAgB,GAAG,MAAM,CAAC,cAAc,CAAC;gBAChD,MAAM,CAAC,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC;gBAC3C,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC;gBAEhC,IAAI,EAAE,CAAC;YACT,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,sEAAsE;gBACtE,wEAAwE;gBACxE,mEAAmE;gBACnE,MAAM,GAAG,GAAW,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;gBACzC,MAAM,YAAY,GAChB,GAAG,CAAC,UAAU,CAAC,iCAAiC,CAAC;oBACjD,GAAG,KAAK,wDAAwD;oBAChE,GAAG,KAAK,wDAAwD,CAAC;gBACnE,MAAM,cAAc,GAClB,KAAK,EAAE,IAAI,KAAK,cAAc;oBAC9B,KAAK,EAAE,IAAI,KAAK,WAAW;oBAC3B,KAAK,EAAE,IAAI,KAAK,WAAW;oBAC3B,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,IAAI,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC;gBAEpE,IAAI,YAAY,EAAE,CAAC;oBACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,iCAAiC,EAAE,CAAC,CAAC;oBACrF,OAAO;gBACT,CAAC;gBAED,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,EAAE,IAAI,IAAI,KAAK,EAAE,OAAO,CAAC,CAAC;oBAC7E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,gDAAgD,EAAE,CAAC,CAAC;oBACpG,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;gBAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AASD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,SAAgB,sBAAsB,CAAC,MAAiB;IACtD,OAAO,SAAS,UAAU,CAAC,UAAmC,EAAE;QAC9D,MAAM,EACJ,UAAU,EAAE,WAAW,EAAG,gDAAgD;QAC1E,UAAU,GAAG,WAAW,EACxB,cAAc,GAAG,EAAE,EACnB,WAAW,GACZ,GAAG,OAAO,CAAC;QAEZ,MAAM,SAAS,GAAG,CAAC,GAAY,EAAE,GAAa,EAAE,MAAc,EAAE,OAAe,EAAQ,EAAE;YACvF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC,CAAC;QAEF,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;YAC9E,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAuB,CAAC;YAE/D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,WAAW,UAAU,SAAS,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;gBAEnD,qDAAqD;gBACrD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;oBACxD,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;oBACrE,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uCAAuC,CAAC,CAAC;wBAClE,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,2BAA2B;gBAC3B,MAAM,SAAS,GAAG,GAAwB,CAAC;gBAC3C,SAAS,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;gBACnC,SAAS,CAAC,eAAe,GAAG,MAAM,CAAC,UAAU,CAAC;gBAC9C,SAAS,CAAC,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC;gBAC1C,SAAS,CAAC,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;gBAEvC,IAAI,EAAE,CAAC;YACT,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,MAAM,GAAG,GAAW,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;gBACzC,MAAM,UAAU,GACd,GAAG,CAAC,QAAQ,CAAC,6BAA6B,CAAC;oBAC3C,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;gBAC9B,MAAM,cAAc,GAClB,KAAK,EAAE,IAAI,KAAK,cAAc;oBAC9B,KAAK,EAAE,IAAI,KAAK,WAAW;oBAC3B,KAAK,EAAE,IAAI,KAAK,WAAW;oBAC3B,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,IAAI,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC;gBAEpE,IAAI,UAAU,EAAE,CAAC;oBACf,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,4BAA4B,CAAC,CAAC;oBACvD,OAAO;gBACT,CAAC;gBAED,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,CAAC,KAAK,CAAC,oDAAoD,EAAE,KAAK,EAAE,IAAI,IAAI,KAAK,EAAE,OAAO,CAAC,CAAC;oBACnG,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,gDAAgD,CAAC,CAAC;oBAC3E,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;gBAC9D,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -63,6 +63,15 @@ export interface UserBootstrapData {
|
|
|
63
63
|
application_id: number;
|
|
64
64
|
user_data: Record<string, string | null>;
|
|
65
65
|
}
|
|
66
|
+
export interface HrBootstrapData {
|
|
67
|
+
uid: number;
|
|
68
|
+
name: string;
|
|
69
|
+
email: string;
|
|
70
|
+
hrGroup: number;
|
|
71
|
+
ECID?: string;
|
|
72
|
+
serverAdmin?: number;
|
|
73
|
+
serverAdminDue?: string;
|
|
74
|
+
}
|
|
66
75
|
export interface IamClientConfig {
|
|
67
76
|
/** IAM backend URL, e.g. http://authapi.easecation.net */
|
|
68
77
|
iamBaseUrl: string;
|
|
@@ -100,4 +109,75 @@ export interface IamAuthRequest {
|
|
|
100
109
|
iamPermissions: string[];
|
|
101
110
|
iamTokenExp: number;
|
|
102
111
|
}
|
|
112
|
+
export type ApiKeyOwnerType = 'app';
|
|
113
|
+
export type ApiKeyStatus = 'active' | 'revoked' | 'expired';
|
|
114
|
+
/** Response shape from POST /api/internal/apikeys/verify */
|
|
115
|
+
export interface ApiKeyVerifyData {
|
|
116
|
+
valid: boolean;
|
|
117
|
+
key_id: string;
|
|
118
|
+
owner_type: ApiKeyOwnerType;
|
|
119
|
+
owner_id: number;
|
|
120
|
+
scopes: string[] | null;
|
|
121
|
+
}
|
|
122
|
+
/** Cached result shape (only valid=true entries are cached) */
|
|
123
|
+
export interface CachedApiKeyResult {
|
|
124
|
+
result: ApiKeyVerifyData;
|
|
125
|
+
/** Unix ms timestamp after which the cached entry is stale */
|
|
126
|
+
expiresAt: number;
|
|
127
|
+
}
|
|
128
|
+
/** Request body for POST /api/internal/apikeys/verify */
|
|
129
|
+
export interface ApiKeyVerifyRequest {
|
|
130
|
+
key: string;
|
|
131
|
+
}
|
|
132
|
+
/** Safe key representation returned from management endpoints */
|
|
133
|
+
export interface ApiKeyData {
|
|
134
|
+
id: number;
|
|
135
|
+
key_id: string;
|
|
136
|
+
name: string;
|
|
137
|
+
description?: string | null;
|
|
138
|
+
owner_type: ApiKeyOwnerType;
|
|
139
|
+
owner_id: number;
|
|
140
|
+
scopes: string[] | null;
|
|
141
|
+
status: ApiKeyStatus;
|
|
142
|
+
expires_at: string | null;
|
|
143
|
+
last_used_at: string | null;
|
|
144
|
+
created_by: number;
|
|
145
|
+
created_at: string;
|
|
146
|
+
updated_at: string;
|
|
147
|
+
}
|
|
148
|
+
/** Returned once on creation (includes plaintext key_value) */
|
|
149
|
+
export interface ApiKeyCreatedData extends ApiKeyData {
|
|
150
|
+
key_value: string;
|
|
151
|
+
}
|
|
152
|
+
/** Augment Express Request with API Key claims */
|
|
153
|
+
export interface ApiKeyRequest {
|
|
154
|
+
apiKeyId: string;
|
|
155
|
+
apiKeyOwnerType: ApiKeyOwnerType;
|
|
156
|
+
apiKeyOwnerId: number;
|
|
157
|
+
apiKeyScopes: string[] | null;
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Options for createApiKeyMiddleware()
|
|
161
|
+
*/
|
|
162
|
+
export interface ApiKeyMiddlewareOptions {
|
|
163
|
+
/**
|
|
164
|
+
* How long (ms) to cache valid API key results.
|
|
165
|
+
* Defaults to 5 minutes — matches the revoke propagation window.
|
|
166
|
+
*/
|
|
167
|
+
cacheTtlMs?: number;
|
|
168
|
+
/**
|
|
169
|
+
* Header to read the key from. Defaults to 'x-api-key'.
|
|
170
|
+
*/
|
|
171
|
+
headerName?: string;
|
|
172
|
+
/**
|
|
173
|
+
* Required scopes that the key must include.
|
|
174
|
+
* null scopes on the key = unrestricted (passes all scope checks).
|
|
175
|
+
*/
|
|
176
|
+
requiredScopes?: string[];
|
|
177
|
+
/**
|
|
178
|
+
* Optional callback to customise the error response format.
|
|
179
|
+
* If not provided, responds with { success: false, message } JSON.
|
|
180
|
+
*/
|
|
181
|
+
onAuthError?: (req: import('express').Request, res: import('express').Response, status: number, message: string) => void;
|
|
182
|
+
}
|
|
103
183
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,cAAc,CAAC,CAAC,GAAG,OAAO;IACzC,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,uBAAuB,EAAE,MAAM,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,UAAU,EAAE,QAAQ,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,QAAQ,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,OAAO,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;CAC1C;AAID,MAAM,WAAW,eAAe;IAC9B,0DAA0D;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAID,8CAA8C;AAC9C,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,cAAc,CAAC,CAAC,GAAG,OAAO;IACzC,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,uBAAuB,EAAE,MAAM,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,UAAU,EAAE,QAAQ,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,QAAQ,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,OAAO,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;CAC1C;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAID,MAAM,WAAW,eAAe;IAC9B,0DAA0D;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAID,8CAA8C;AAC9C,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,MAAM,MAAM,eAAe,GAAG,KAAK,CAAC;AACpC,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAE5D,4DAA4D;AAC5D,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,eAAe,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;CACzB;AAED,+DAA+D;AAC/D,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,gBAAgB,CAAC;IACzB,8DAA8D;IAC9D,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,yDAAyD;AACzD,MAAM,WAAW,mBAAmB;IAClC,GAAG,EAAE,MAAM,CAAC;CACb;AAED,iEAAiE;AACjE,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,eAAe,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,YAAY,CAAC;IACrB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,+DAA+D;AAC/D,MAAM,WAAW,iBAAkB,SAAQ,UAAU;IACnD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,kDAAkD;AAClD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,eAAe,CAAC;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B;;;OAGG;IACH,WAAW,CAAC,EAAE,CACZ,GAAG,EAAE,OAAO,SAAS,EAAE,OAAO,EAC9B,GAAG,EAAE,OAAO,SAAS,EAAE,QAAQ,EAC/B,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,KACZ,IAAI,CAAC;CACX"}
|