@fonoster/identity 0.6.1-alpha.0

package/dist/errors.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.permissionDeniedError = exports.unauthenticatedError = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const common_1 = require("@fonoster/common");
+const grpc_js_1 = require("@grpc/grpc-js");
+const unauthenticatedError = (call) => (0, common_1.createInterceptingCall)({
+    call,
+    code: grpc_js_1.status.UNAUTHENTICATED,
+    details: "Invalid or expired token"
+});
+exports.unauthenticatedError = unauthenticatedError;
+const permissionDeniedError = (call) => (0, common_1.createInterceptingCall)({
+    call,
+    code: grpc_js_1.status.PERMISSION_DENIED,
+    details: "Permission denied"
+});
+exports.permissionDeniedError = permissionDeniedError;

package/dist/exchanges/TokenUseEnum.d.ts

@@ -0,0 +1,6 @@
+declare enum TokenUseEnum {
+    ID = "id",
+    ACCESS = "access",
+    REFRESH = "refresh"
+}
+export { TokenUseEnum };

package/dist/exchanges/TokenUseEnum.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenUseEnum = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var TokenUseEnum;
+(function (TokenUseEnum) {
+    TokenUseEnum["ID"] = "id";
+    TokenUseEnum["ACCESS"] = "access";
+    TokenUseEnum["REFRESH"] = "refresh";
+})(TokenUseEnum || (exports.TokenUseEnum = TokenUseEnum = {}));

package/dist/exchanges/exchangeApiKey.d.ts

@@ -0,0 +1,24 @@
+import { GrpcErrorMessage } from "@fonoster/common";
+import { z } from "zod";
+import { IdentityConfig } from "./types";
+import { Prisma } from "../db";
+declare const ExchangeApiKeysRequestSchema: z.ZodObject<{
+    accessKeyId: z.ZodString;
+    accessKeySecret: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    accessKeyId?: string;
+    accessKeySecret?: string;
+}, {
+    accessKeyId?: string;
+    accessKeySecret?: string;
+}>;
+type ExchangeApiKeysRequest = z.infer<typeof ExchangeApiKeysRequestSchema>;
+type ExchangeApiKeysResponse = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+};
+declare function exchangeApiKey(prisma: Prisma, identityConfig: IdentityConfig): (call: {
+    request: ExchangeApiKeysRequest;
+}, callback: (error: GrpcErrorMessage, response?: ExchangeApiKeysResponse) => void) => Promise<void>;
+export { exchangeApiKey };

package/dist/exchanges/exchangeApiKey.js

@@ -0,0 +1,86 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exchangeApiKey = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const common_1 = require("@fonoster/common");
+const logger_1 = require("@fonoster/logger");
+const grpc = __importStar(require("@grpc/grpc-js"));
+const zod_1 = require("zod");
+const exchangeTokens_1 = require("./exchangeTokens");
+const getApiKeyByAccessKeyId_1 = require("../utils/getApiKeyByAccessKeyId");
+const logger = (0, logger_1.getLogger)({ service: "identity", filePath: __filename });
+const ExchangeApiKeysRequestSchema = zod_1.z.object({
+    accessKeyId: zod_1.z.string(),
+    accessKeySecret: zod_1.z.string()
+});
+const invalidApiKeyError = {
+    code: grpc.status.PERMISSION_DENIED,
+    message: "Invalid credentials"
+};
+function exchangeApiKey(prisma, identityConfig) {
+    return (call, callback) => __awaiter(this, void 0, void 0, function* () {
+        try {
+            const validatedRequest = ExchangeApiKeysRequestSchema.parse(call.request);
+            const { accessKeyId, accessKeySecret } = validatedRequest;
+            logger.verbose("call to exchangeApiKey", { accessKeyId });
+            const key = yield (0, getApiKeyByAccessKeyId_1.getApiKeyByAccessKeyId)(prisma)(accessKeyId);
+            if ((key === null || key === void 0 ? void 0 : key.accessKeySecret) !== (accessKeySecret === null || accessKeySecret === void 0 ? void 0 : accessKeySecret.trim())) {
+                return callback(invalidApiKeyError);
+            }
+            return callback(null, yield (0, exchangeTokens_1.exchangeTokens)(prisma, identityConfig)(accessKeyId));
+        }
+        catch (error) {
+            (0, common_1.handleError)(error, callback);
+        }
+    });
+}
+exports.exchangeApiKey = exchangeApiKey;

package/dist/exchanges/exchangeCredentials.d.ts

@@ -0,0 +1,24 @@
+import { GrpcErrorMessage } from "@fonoster/common";
+import { z } from "zod";
+import { IdentityConfig } from "./types";
+import { Prisma } from "../db";
+declare const ExchangeCredentialsRequestSchema: z.ZodObject<{
+    username: z.ZodString;
+    password: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    password?: string;
+    username?: string;
+}, {
+    password?: string;
+    username?: string;
+}>;
+type ExchangeCredentialsRequest = z.infer<typeof ExchangeCredentialsRequestSchema>;
+type ExchangeCredentialsResponse = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+};
+declare function exchangeCredentials(prisma: Prisma, identityConfig: IdentityConfig): (call: {
+    request: ExchangeCredentialsRequest;
+}, callback: (error: GrpcErrorMessage, response?: ExchangeCredentialsResponse) => void) => Promise<void>;
+export { exchangeCredentials };

package/dist/exchanges/exchangeCredentials.js

@@ -0,0 +1,86 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exchangeCredentials = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const common_1 = require("@fonoster/common");
+const logger_1 = require("@fonoster/logger");
+const grpc = __importStar(require("@grpc/grpc-js"));
+const zod_1 = require("zod");
+const exchangeTokens_1 = require("./exchangeTokens");
+const getUserByEmail_1 = require("../utils/getUserByEmail");
+const logger = (0, logger_1.getLogger)({ service: "identity", filePath: __filename });
+const ExchangeCredentialsRequestSchema = zod_1.z.object({
+    username: zod_1.z.string(),
+    password: zod_1.z.string()
+});
+const invalidCredentialsError = {
+    code: grpc.status.PERMISSION_DENIED,
+    message: "Invalid credentials"
+};
+function exchangeCredentials(prisma, identityConfig) {
+    return (call, callback) => __awaiter(this, void 0, void 0, function* () {
+        try {
+            const validatedRequest = ExchangeCredentialsRequestSchema.parse(call.request);
+            const { username, password } = validatedRequest;
+            logger.verbose("call to exchangeCredentials", { username });
+            const user = yield (0, getUserByEmail_1.getUserByEmail)(prisma)(username);
+            if (!user || user.password !== (password === null || password === void 0 ? void 0 : password.trim())) {
+                return callback(invalidCredentialsError);
+            }
+            return callback(null, yield (0, exchangeTokens_1.exchangeTokens)(prisma, identityConfig)(user.accessKeyId));
+        }
+        catch (error) {
+            (0, common_1.handleError)(error, callback);
+        }
+    });
+}
+exports.exchangeCredentials = exchangeCredentials;

package/dist/exchanges/exchangeRefreshToken.d.ts

@@ -0,0 +1,21 @@
+import { GrpcErrorMessage } from "@fonoster/common";
+import { z } from "zod";
+import { IdentityConfig } from "./types";
+import { Prisma } from "../db";
+declare const ExchangeRefreshTokenRequestSchema: z.ZodObject<{
+    refreshToken: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    refreshToken?: string;
+}, {
+    refreshToken?: string;
+}>;
+type ExchangeRefreshTokenRequest = z.infer<typeof ExchangeRefreshTokenRequestSchema>;
+type ExchangeCredentialsResponse = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+};
+declare function exchangeRefreshToken(prisma: Prisma, identityConfig: IdentityConfig): (call: {
+    request: ExchangeRefreshTokenRequest;
+}, callback: (error: GrpcErrorMessage, response?: ExchangeCredentialsResponse) => void) => Promise<void>;
+export { exchangeRefreshToken };

package/dist/exchanges/exchangeRefreshToken.js

@@ -0,0 +1,62 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exchangeRefreshToken = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const common_1 = require("@fonoster/common");
+const logger_1 = require("@fonoster/logger");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const zod_1 = require("zod");
+const exchangeTokens_1 = require("./exchangeTokens");
+const logger = (0, logger_1.getLogger)({ service: "identity", filePath: __filename });
+const ExchangeRefreshTokenRequestSchema = zod_1.z.object({
+    refreshToken: zod_1.z.string()
+});
+const SIGN_ALGORITHM = "RS256";
+function exchangeRefreshToken(prisma, identityConfig) {
+    return (call, callback) => __awaiter(this, void 0, void 0, function* () {
+        try {
+            const validatedRequest = ExchangeRefreshTokenRequestSchema.parse(call.request);
+            const { refreshToken: oldRefreshToken } = validatedRequest;
+            const { privateKey } = identityConfig;
+            const oldRefreshTokenDecoded = jsonwebtoken_1.default.verify(oldRefreshToken, privateKey, {
+                algorithms: [SIGN_ALGORITHM]
+            });
+            const { accessKeyId } = oldRefreshTokenDecoded;
+            logger.verbose("call to exchangeRefreshToken", { accessKeyId });
+            return callback(null, yield (0, exchangeTokens_1.exchangeTokens)(prisma, identityConfig)(accessKeyId));
+        }
+        catch (error) {
+            (0, common_1.handleError)(error, callback);
+        }
+    });
+}
+exports.exchangeRefreshToken = exchangeRefreshToken;

package/dist/exchanges/exchangeTokens.d.ts

@@ -0,0 +1,8 @@
+import { IdentityConfig } from "./types";
+import { Prisma } from "../db";
+declare function exchangeTokens(prisma: Prisma, identityConfig: IdentityConfig): (accessKeyId: string) => Promise<{
+    idToken: any;
+    accessToken: any;
+    refreshToken: any;
+}>;
+export { exchangeTokens };

package/dist/exchanges/exchangeTokens.js

@@ -0,0 +1,92 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exchangeTokens = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const AK = __importStar(require("./payloads/apikeys"));
+const US = __importStar(require("./payloads/users"));
+const SIGN_ALGORITHM = "RS256";
+// prettier-ignore
+function exchangeTokens(prisma, identityConfig) {
+    return (accessKeyId) => __awaiter(this, void 0, void 0, function* () {
+        const { privateKey, idTokenExpiresIn, accessTokenExpiresIn, refreshTokenExpiresIn } = identityConfig;
+        const idTokenSignOptions = { algorithm: SIGN_ALGORITHM, expiresIn: idTokenExpiresIn };
+        const accessTokenSignOptions = { algorithm: SIGN_ALGORITHM, expiresIn: accessTokenExpiresIn };
+        const refreshTokenSignOptions = { algorithm: SIGN_ALGORITHM, expiresIn: refreshTokenExpiresIn };
+        let idToken = null;
+        let accessToken = null;
+        let refreshToken = null;
+        if (accessKeyId.startsWith("US")) {
+            const idTokenPayload = yield US.getIdTokenPayload(prisma, identityConfig)(accessKeyId);
+            const accessTokenPayload = yield US.getAccessTokenPayload(prisma, identityConfig)(accessKeyId);
+            const refreshTokenPayload = yield US.getRefreshTokenPayload(prisma, identityConfig)(accessKeyId);
+            idToken = jsonwebtoken_1.default.sign(idTokenPayload, privateKey, idTokenSignOptions);
+            accessToken = jsonwebtoken_1.default.sign(accessTokenPayload, privateKey, accessTokenSignOptions);
+            refreshToken = jsonwebtoken_1.default.sign(refreshTokenPayload, privateKey, refreshTokenSignOptions);
+        }
+        else {
+            const accessTokenPayload = yield AK.getAccessTokenPayload(prisma, identityConfig)(accessKeyId);
+            const refreshTokenPayload = yield AK.getRefreshTokenPayload(prisma, identityConfig)(accessKeyId);
+            accessToken = jsonwebtoken_1.default.sign(accessTokenPayload, privateKey, accessTokenSignOptions);
+            refreshToken = jsonwebtoken_1.default.sign(refreshTokenPayload, privateKey, refreshTokenSignOptions);
+        }
+        return {
+            idToken,
+            accessToken,
+            refreshToken
+        };
+    });
+}
+exports.exchangeTokens = exchangeTokens;

package/dist/exchanges/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./exchangeApiKey";
+export * from "./exchangeCredentials";
+export * from "./exchangeRefreshToken";
+export * from "./TokenUseEnum";
+export * from "./types";

package/dist/exchanges/index.js

@@ -0,0 +1,39 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+__exportStar(require("./exchangeApiKey"), exports);
+__exportStar(require("./exchangeCredentials"), exports);
+__exportStar(require("./exchangeRefreshToken"), exports);
+__exportStar(require("./TokenUseEnum"), exports);
+__exportStar(require("./types"), exports);

package/dist/exchanges/payloads/apikeys/getAccessTokenPayload.d.ts

@@ -0,0 +1,4 @@
+import { Prisma } from "../../../db";
+import { AccessToken, IdentityConfig } from "../../types";
+declare function getAccessTokenPayload(prisma: Prisma, identityConfig: IdentityConfig): (accessKeyId: string) => Promise<AccessToken>;
+export { getAccessTokenPayload };

package/dist/exchanges/payloads/apikeys/getAccessTokenPayload.js

@@ -0,0 +1,45 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAccessTokenPayload = void 0;
+const TokenUseEnum_1 = require("../../TokenUseEnum");
+function getAccessTokenPayload(prisma, identityConfig) {
+    return (accessKeyId) => __awaiter(this, void 0, void 0, function* () {
+        const apiKey = yield prisma.apiKey.findFirst({
+            where: {
+                accessKeyId
+            },
+            include: {
+                workspace: true
+            }
+        });
+        if (!apiKey) {
+            return null;
+        }
+        const { issuer, audience } = identityConfig;
+        const { ref, workspace } = apiKey;
+        const access = [
+            {
+                accessKeyId: workspace.accessKeyId,
+                role: apiKey.role
+            }
+        ];
+        return {
+            iss: issuer,
+            sub: ref,
+            aud: audience,
+            tokenUse: TokenUseEnum_1.TokenUseEnum.ACCESS,
+            accessKeyId,
+            access
+        };
+    });
+}
+exports.getAccessTokenPayload = getAccessTokenPayload;

package/dist/exchanges/payloads/apikeys/getRefreshTokenPayload.d.ts

@@ -0,0 +1,4 @@
+import { Prisma } from "../../../db";
+import { IdentityConfig, RefreshToken } from "../../types";
+declare function getRefreshTokenPayload(prisma: Prisma, identityConfig: IdentityConfig): (accessKeyId: string) => Promise<RefreshToken>;
+export { getRefreshTokenPayload };

package/dist/exchanges/payloads/apikeys/getRefreshTokenPayload.js

@@ -0,0 +1,32 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRefreshTokenPayload = void 0;
+const buildRefreshTokenPayload_1 = require("../buildRefreshTokenPayload");
+function getRefreshTokenPayload(prisma, identityConfig) {
+    return (accessKeyId) => __awaiter(this, void 0, void 0, function* () {
+        const apiKey = yield prisma.apiKey.findFirst({
+            where: {
+                accessKeyId
+            }
+        });
+        if (!apiKey) {
+            return null;
+        }
+        const { ref: identityRef } = apiKey;
+        return (0, buildRefreshTokenPayload_1.buildRefreshTokenPayload)({
+            identityConfig,
+            accessKeyId,
+            identityRef
+        });
+    });
+}
+exports.getRefreshTokenPayload = getRefreshTokenPayload;

package/dist/exchanges/payloads/apikeys/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./getAccessTokenPayload";
+export * from "./getRefreshTokenPayload";

package/dist/exchanges/payloads/apikeys/index.js

@@ -0,0 +1,36 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+__exportStar(require("./getAccessTokenPayload"), exports);
+__exportStar(require("./getRefreshTokenPayload"), exports);