@goldstack/template-user-management 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/codeChallenge.d.ts +3 -0
- package/dist/src/codeChallenge.d.ts.map +1 -0
- package/dist/src/codeChallenge.js +60 -0
- package/dist/src/codeChallenge.js.map +1 -0
- package/dist/src/cognitoClientAuth.d.ts +21 -0
- package/dist/src/cognitoClientAuth.d.ts.map +1 -0
- package/dist/src/cognitoClientAuth.js +66 -0
- package/dist/src/cognitoClientAuth.js.map +1 -0
- package/dist/src/cognitoEndpoints.d.ts +9 -0
- package/dist/src/cognitoEndpoints.d.ts.map +1 -0
- package/dist/src/cognitoEndpoints.js +38 -0
- package/dist/src/cognitoEndpoints.js.map +1 -0
- package/dist/src/cognitoTokenVerify.d.ts +34 -0
- package/dist/src/cognitoTokenVerify.d.ts.map +1 -0
- package/dist/src/cognitoTokenVerify.js +105 -0
- package/dist/src/cognitoTokenVerify.js.map +1 -0
- package/dist/src/templateUserManagement.d.ts +54 -0
- package/dist/src/templateUserManagement.d.ts.map +1 -0
- package/dist/src/templateUserManagement.js +162 -0
- package/dist/src/templateUserManagement.js.map +1 -0
- package/dist/src/types/UserManagementDeployment.d.ts +11 -0
- package/dist/src/types/UserManagementDeployment.d.ts.map +1 -0
- package/dist/src/types/UserManagementDeployment.js +3 -0
- package/dist/src/types/UserManagementDeployment.js.map +1 -0
- package/dist/src/types/UserManagementDeploymentConfiguration.d.ts +38 -0
- package/dist/src/types/UserManagementDeploymentConfiguration.d.ts.map +1 -0
- package/dist/src/types/UserManagementDeploymentConfiguration.js +3 -0
- package/dist/src/types/UserManagementDeploymentConfiguration.js.map +1 -0
- package/dist/src/types/UserManagementPackage.d.ts +22 -0
- package/dist/src/types/UserManagementPackage.d.ts.map +1 -0
- package/dist/src/types/UserManagementPackage.js +3 -0
- package/dist/src/types/UserManagementPackage.js.map +1 -0
- package/dist/src/types/UserManagementPackageConfiguration.d.ts +14 -0
- package/dist/src/types/UserManagementPackageConfiguration.d.ts.map +1 -0
- package/dist/src/types/UserManagementPackageConfiguration.js +3 -0
- package/dist/src/types/UserManagementPackageConfiguration.js.map +1 -0
- package/dist/src/userManagementConfig.d.ts +3 -0
- package/dist/src/userManagementConfig.d.ts.map +1 -0
- package/dist/src/userManagementConfig.js +27 -0
- package/dist/src/userManagementConfig.js.map +1 -0
- package/package.json +68 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"codeChallenge.d.ts","sourceRoot":"","sources":["../../src/codeChallenge.ts"],"names":[],"mappings":"AA+CA,wBAAsB,gBAAgB,oBAErC;AAED,wBAAsB,eAAe,oBAsBpC"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getCodeVerifier = exports.getCodeChallenge = void 0;
|
|
4
|
+
// based on https://github.com/curityio/pkce-javascript-example/blob/master/index.html
|
|
5
|
+
const utils_esbuild_1 = require("@goldstack/utils-esbuild");
|
|
6
|
+
function generateRandomString(length) {
|
|
7
|
+
let text = '';
|
|
8
|
+
const possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
|
9
|
+
for (let i = 0; i < length; i++) {
|
|
10
|
+
text += possible.charAt(Math.floor(Math.random() * possible.length));
|
|
11
|
+
}
|
|
12
|
+
return text;
|
|
13
|
+
}
|
|
14
|
+
async function generateCodeChallenge(randomString) {
|
|
15
|
+
let digest;
|
|
16
|
+
// make this work both in the browser and Node.js (for unit tests)
|
|
17
|
+
// see https://remarkablemark.medium.com/how-to-generate-a-sha-256-hash-with-javascript-d3b2696382fd
|
|
18
|
+
if (typeof window !== 'undefined') {
|
|
19
|
+
digest = String.fromCharCode(...new Uint8Array(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(randomString))));
|
|
20
|
+
return btoa(digest)
|
|
21
|
+
.replace(/=/g, '')
|
|
22
|
+
.replace(/\+/g, '-')
|
|
23
|
+
.replace(/\//g, '_');
|
|
24
|
+
}
|
|
25
|
+
else {
|
|
26
|
+
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
|
27
|
+
const { createHash } = require((0, utils_esbuild_1.excludeInBundle)('crypto'));
|
|
28
|
+
digest = createHash('sha256').update(randomString).digest('hex');
|
|
29
|
+
return Buffer.from(digest, 'utf8')
|
|
30
|
+
.toString('base64')
|
|
31
|
+
.replace(/=/g, '')
|
|
32
|
+
.replace(/\+/g, '-')
|
|
33
|
+
.replace(/\//g, '_');
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
let codeVerifier = undefined;
|
|
37
|
+
async function getCodeChallenge() {
|
|
38
|
+
return await generateCodeChallenge(await getCodeVerifier());
|
|
39
|
+
}
|
|
40
|
+
exports.getCodeChallenge = getCodeChallenge;
|
|
41
|
+
async function getCodeVerifier() {
|
|
42
|
+
if (codeVerifier) {
|
|
43
|
+
return codeVerifier;
|
|
44
|
+
}
|
|
45
|
+
if (typeof window !== 'undefined' && window.sessionStorage) {
|
|
46
|
+
const inSessionStorage = window.sessionStorage.getItem('goldstack_code_verifier');
|
|
47
|
+
if (inSessionStorage) {
|
|
48
|
+
codeVerifier = inSessionStorage;
|
|
49
|
+
return codeVerifier;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
const newCodeVerifier = generateRandomString(64);
|
|
53
|
+
codeVerifier = newCodeVerifier;
|
|
54
|
+
if (typeof window !== 'undefined' && window.sessionStorage) {
|
|
55
|
+
window.sessionStorage.setItem('goldstack_code_verifier', codeVerifier);
|
|
56
|
+
}
|
|
57
|
+
return codeVerifier;
|
|
58
|
+
}
|
|
59
|
+
exports.getCodeVerifier = getCodeVerifier;
|
|
60
|
+
//# sourceMappingURL=codeChallenge.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"codeChallenge.js","sourceRoot":"","sources":["../../src/codeChallenge.ts"],"names":[],"mappings":";;;AAAA,sFAAsF;AACtF,4DAA2D;AAE3D,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,MAAM,QAAQ,GACZ,gEAAgE,CAAC;IAEnE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE;QAC/B,IAAI,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;KACtE;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,YAAoB;IACvD,IAAI,MAAc,CAAC;IAEnB,kEAAkE;IAClE,oGAAoG;IACpG,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,MAAM,GAAG,MAAM,CAAC,YAAY,CAC1B,GAAG,IAAI,UAAU,CACf,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACxB,SAAS,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CACvC,CACF,CACF,CAAC;QACF,OAAO,IAAI,CAAC,MAAM,CAAC;aAChB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;aACjB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;KACxB;SAAM;QACL,8DAA8D;QAC9D,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,IAAA,+BAAe,EAAC,QAAQ,CAAC,CAAC,CAAC;QAC1D,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;aAC/B,QAAQ,CAAC,QAAQ,CAAC;aAClB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;aACjB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;KACxB;AACH,CAAC;AAED,IAAI,YAAY,GAAuB,SAAS,CAAC;AAE1C,KAAK,UAAU,gBAAgB;IACpC,OAAO,MAAM,qBAAqB,CAAC,MAAM,eAAe,EAAE,CAAC,CAAC;AAC9D,CAAC;AAFD,4CAEC;AAEM,KAAK,UAAU,eAAe;IACnC,IAAI,YAAY,EAAE;QAChB,OAAO,YAAY,CAAC;KACrB;IAED,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,cAAc,EAAE;QAC1D,MAAM,gBAAgB,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CACpD,yBAAyB,CAC1B,CAAC;QACF,IAAI,gBAAgB,EAAE;YACpB,YAAY,GAAG,gBAAgB,CAAC;YAChC,OAAO,YAAY,CAAC;SACrB;KACF;IAED,MAAM,eAAe,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAC;IACjD,YAAY,GAAG,eAAe,CAAC;IAE/B,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,cAAc,EAAE;QAC1D,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,yBAAyB,EAAE,YAAY,CAAC,CAAC;KACxE;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAtBD,0CAsBC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export interface GetTokenResults {
|
|
2
|
+
accessToken: string;
|
|
3
|
+
refreshToken: string;
|
|
4
|
+
idToken: string;
|
|
5
|
+
}
|
|
6
|
+
export declare function getToken(args: {
|
|
7
|
+
goldstackConfig: any;
|
|
8
|
+
code?: string;
|
|
9
|
+
refreshToken?: string;
|
|
10
|
+
packageSchema: any;
|
|
11
|
+
deploymentsOutput: any;
|
|
12
|
+
deploymentName?: string;
|
|
13
|
+
}): Promise<GetTokenResults>;
|
|
14
|
+
export declare function executeTokenRequest(args: {
|
|
15
|
+
tokenEndpoint: string;
|
|
16
|
+
clientId: string;
|
|
17
|
+
code?: string;
|
|
18
|
+
refreshToken?: string;
|
|
19
|
+
redirectUri: string;
|
|
20
|
+
}): Promise<GetTokenResults>;
|
|
21
|
+
//# sourceMappingURL=cognitoClientAuth.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cognitoClientAuth.d.ts","sourceRoot":"","sources":["../../src/cognitoClientAuth.ts"],"names":[],"mappings":"AAYA,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,QAAQ,CAAC,IAAI,EAAE;IACnC,eAAe,EAAE,GAAG,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CAAC,eAAe,CAAC,CAsC3B;AAED,wBAAsB,mBAAmB,CAAC,IAAI,EAAE;IAC9C,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,eAAe,CAAC,CAmC3B"}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.executeTokenRequest = exports.getToken = void 0;
|
|
4
|
+
const utils_package_config_embedded_1 = require("@goldstack/utils-package-config-embedded");
|
|
5
|
+
const codeChallenge_1 = require("./codeChallenge");
|
|
6
|
+
const cognitoEndpoints_1 = require("./cognitoEndpoints");
|
|
7
|
+
const userManagementConfig_1 = require("./userManagementConfig");
|
|
8
|
+
async function getToken(args) {
|
|
9
|
+
const deploymentName = (0, userManagementConfig_1.getDeploymentName)(args.deploymentName);
|
|
10
|
+
if (deploymentName === 'local') {
|
|
11
|
+
if (args.code !== 'dummy-client-token') {
|
|
12
|
+
throw new Error(`Unexpected code for client auth: '${args.code}'. Expected: dummy-client-token`);
|
|
13
|
+
}
|
|
14
|
+
return {
|
|
15
|
+
accessToken: 'dummyToken',
|
|
16
|
+
refreshToken: 'dummyRefreshToken',
|
|
17
|
+
idToken: 'dummyIdToken',
|
|
18
|
+
};
|
|
19
|
+
}
|
|
20
|
+
const packageConfig = new utils_package_config_embedded_1.EmbeddedPackageConfig({
|
|
21
|
+
goldstackJson: args.goldstackConfig,
|
|
22
|
+
packageSchema: args.packageSchema,
|
|
23
|
+
});
|
|
24
|
+
const deploymentOutput = (0, userManagementConfig_1.getDeploymentsOutput)(args.deploymentsOutput, deploymentName);
|
|
25
|
+
const deployment = packageConfig.getDeployment(deploymentName);
|
|
26
|
+
return await executeTokenRequest({
|
|
27
|
+
tokenEndpoint: await (0, cognitoEndpoints_1.getEndpoint)({ ...args, endpoint: 'token' }),
|
|
28
|
+
clientId: deploymentOutput.terraform.user_pool_client_id.value,
|
|
29
|
+
code: args.code,
|
|
30
|
+
refreshToken: args.refreshToken,
|
|
31
|
+
redirectUri: deployment.configuration.callbackUrl,
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
exports.getToken = getToken;
|
|
35
|
+
async function executeTokenRequest(args) {
|
|
36
|
+
const xhr = new XMLHttpRequest();
|
|
37
|
+
return new Promise(async (resolve, reject) => {
|
|
38
|
+
xhr.onload = function () {
|
|
39
|
+
const response = xhr.response;
|
|
40
|
+
if (xhr.status == 200) {
|
|
41
|
+
resolve({
|
|
42
|
+
accessToken: response.access_token,
|
|
43
|
+
refreshToken: args.refreshToken || response.refresh_token,
|
|
44
|
+
idToken: response.id_token,
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
else {
|
|
48
|
+
reject(new Error(`Cannot obtain token ${response.error_description} (${response.error})`));
|
|
49
|
+
}
|
|
50
|
+
};
|
|
51
|
+
xhr.responseType = 'json';
|
|
52
|
+
xhr.open('POST', args.tokenEndpoint, true);
|
|
53
|
+
xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
|
|
54
|
+
const codeVerifier = await (0, codeChallenge_1.getCodeVerifier)();
|
|
55
|
+
xhr.send(new URLSearchParams({
|
|
56
|
+
client_id: args.clientId,
|
|
57
|
+
code_verifier: args.code ? codeVerifier : '',
|
|
58
|
+
grant_type: args.code ? 'authorization_code' : 'refresh_token',
|
|
59
|
+
redirect_uri: args.redirectUri,
|
|
60
|
+
refresh_token: args.refreshToken || '',
|
|
61
|
+
code: args.code || '',
|
|
62
|
+
}));
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
exports.executeTokenRequest = executeTokenRequest;
|
|
66
|
+
//# sourceMappingURL=cognitoClientAuth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cognitoClientAuth.js","sourceRoot":"","sources":["../../src/cognitoClientAuth.ts"],"names":[],"mappings":";;;AAAA,4FAAiF;AACjF,mDAAkD;AAClD,yDAAiD;AAKjD,iEAGgC;AAQzB,KAAK,UAAU,QAAQ,CAAC,IAO9B;IACC,MAAM,cAAc,GAAG,IAAA,wCAAiB,EAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE9D,IAAI,cAAc,KAAK,OAAO,EAAE;QAC9B,IAAI,IAAI,CAAC,IAAI,KAAK,oBAAoB,EAAE;YACtC,MAAM,IAAI,KAAK,CACb,qCAAqC,IAAI,CAAC,IAAI,iCAAiC,CAChF,CAAC;SACH;QACD,OAAO;YACL,WAAW,EAAE,YAAY;YACzB,YAAY,EAAE,mBAAmB;YACjC,OAAO,EAAE,cAAc;SACxB,CAAC;KACH;IAED,MAAM,aAAa,GAAG,IAAI,qDAAqB,CAG7C;QACA,aAAa,EAAE,IAAI,CAAC,eAAe;QACnC,aAAa,EAAE,IAAI,CAAC,aAAa;KAClC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,IAAA,2CAAoB,EAC3C,IAAI,CAAC,iBAAiB,EACtB,cAAc,CACf,CAAC;IAEF,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;IAE/D,OAAO,MAAM,mBAAmB,CAAC;QAC/B,aAAa,EAAE,MAAM,IAAA,8BAAW,EAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;QAChE,QAAQ,EAAE,gBAAgB,CAAC,SAAS,CAAC,mBAAmB,CAAC,KAAK;QAC9D,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,UAAU,CAAC,aAAa,CAAC,WAAW;KAClD,CAAC,CAAC;AACL,CAAC;AA7CD,4BA6CC;AAEM,KAAK,UAAU,mBAAmB,CAAC,IAMzC;IACC,MAAM,GAAG,GAAG,IAAI,cAAc,EAAE,CAAC;IAEjC,OAAO,IAAI,OAAO,CAAkB,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE;QAC5D,GAAG,CAAC,MAAM,GAAG;YACX,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;YAC9B,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE;gBACrB,OAAO,CAAC;oBACN,WAAW,EAAE,QAAQ,CAAC,YAAY;oBAClC,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,QAAQ,CAAC,aAAa;oBACzD,OAAO,EAAE,QAAQ,CAAC,QAAQ;iBAC3B,CAAC,CAAC;aACJ;iBAAM;gBACL,MAAM,CACJ,IAAI,KAAK,CACP,uBAAuB,QAAQ,CAAC,iBAAiB,KAAK,QAAQ,CAAC,KAAK,GAAG,CACxE,CACF,CAAC;aACH;QACH,CAAC,CAAC;QACF,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC;QAC1B,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QAC3C,GAAG,CAAC,gBAAgB,CAAC,cAAc,EAAE,mCAAmC,CAAC,CAAC;QAC1E,MAAM,YAAY,GAAG,MAAM,IAAA,+BAAe,GAAE,CAAC;QAC7C,GAAG,CAAC,IAAI,CACN,IAAI,eAAe,CAAC;YAClB,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE;YAC5C,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,eAAe;YAC9D,YAAY,EAAE,IAAI,CAAC,WAAW;YAC9B,aAAa,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE;YACtC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;SACtB,CAAC,CACH,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAzCD,kDAyCC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { Endpoint } from './templateUserManagement';
|
|
2
|
+
export declare function getEndpoint(args: {
|
|
3
|
+
goldstackConfig: any;
|
|
4
|
+
endpoint: Endpoint;
|
|
5
|
+
packageSchema: any;
|
|
6
|
+
deploymentsOutput: any;
|
|
7
|
+
deploymentName?: string;
|
|
8
|
+
}): Promise<string>;
|
|
9
|
+
//# sourceMappingURL=cognitoEndpoints.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cognitoEndpoints.d.ts","sourceRoot":"","sources":["../../src/cognitoEndpoints.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,QAAQ,EAGT,MAAM,0BAA0B,CAAC;AAMlC,wBAAsB,WAAW,CAAC,IAAI,EAAE;IACtC,eAAe,EAAE,GAAG,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CAAC,MAAM,CAAC,CA4ClB"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getEndpoint = void 0;
|
|
4
|
+
const utils_package_config_embedded_1 = require("@goldstack/utils-package-config-embedded");
|
|
5
|
+
const codeChallenge_1 = require("./codeChallenge");
|
|
6
|
+
const userManagementConfig_1 = require("./userManagementConfig");
|
|
7
|
+
async function getEndpoint(args) {
|
|
8
|
+
const deploymentName = (0, userManagementConfig_1.getDeploymentName)(args.deploymentName);
|
|
9
|
+
if (deploymentName === 'local') {
|
|
10
|
+
return 'https://localhost';
|
|
11
|
+
}
|
|
12
|
+
const packageConfig = new utils_package_config_embedded_1.EmbeddedPackageConfig({
|
|
13
|
+
goldstackJson: args.goldstackConfig,
|
|
14
|
+
packageSchema: args.packageSchema,
|
|
15
|
+
});
|
|
16
|
+
const deploymentOutput = (0, userManagementConfig_1.getDeploymentsOutput)(args.deploymentsOutput, deploymentName);
|
|
17
|
+
// const baseUrl = `https://${deploymentOutput.terraform.endpoint.value}`;
|
|
18
|
+
const deployment = packageConfig.getDeployment(deploymentName);
|
|
19
|
+
const baseUrl = `https://${deployment.configuration.cognitoDomain}`;
|
|
20
|
+
switch (args.endpoint) {
|
|
21
|
+
case 'authorize':
|
|
22
|
+
return (`${baseUrl}/oauth2/authorize?response_type=code` +
|
|
23
|
+
`&client_id=${deploymentOutput.terraform.user_pool_client_id.value}` +
|
|
24
|
+
`&redirect_uri=${deployment.configuration.callbackUrl}` +
|
|
25
|
+
'&code_challenge_method=S256' +
|
|
26
|
+
`&code_challenge=${await (0, codeChallenge_1.getCodeChallenge)()}`);
|
|
27
|
+
case 'token':
|
|
28
|
+
return `${baseUrl}/oauth2/token`;
|
|
29
|
+
case 'logout':
|
|
30
|
+
return (`${baseUrl}/logout?response_type=code` +
|
|
31
|
+
`&client_id=${deploymentOutput.terraform.user_pool_client_id.value}` +
|
|
32
|
+
`&redirect_uri=${deployment.configuration.callbackUrl}` +
|
|
33
|
+
'&code_challenge_method=S256' +
|
|
34
|
+
`&code_challenge=${await (0, codeChallenge_1.getCodeChallenge)()}`);
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
exports.getEndpoint = getEndpoint;
|
|
38
|
+
//# sourceMappingURL=cognitoEndpoints.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cognitoEndpoints.js","sourceRoot":"","sources":["../../src/cognitoEndpoints.ts"],"names":[],"mappings":";;;AAAA,4FAAiF;AACjF,mDAAmD;AAMnD,iEAGgC;AAEzB,KAAK,UAAU,WAAW,CAAC,IAMjC;IACC,MAAM,cAAc,GAAG,IAAA,wCAAiB,EAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE9D,IAAI,cAAc,KAAK,OAAO,EAAE;QAC9B,OAAO,mBAAmB,CAAC;KAC5B;IAED,MAAM,aAAa,GAAG,IAAI,qDAAqB,CAG7C;QACA,aAAa,EAAE,IAAI,CAAC,eAAe;QACnC,aAAa,EAAE,IAAI,CAAC,aAAa;KAClC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,IAAA,2CAAoB,EAC3C,IAAI,CAAC,iBAAiB,EACtB,cAAc,CACf,CAAC;IAEF,0EAA0E;IAE1E,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAG,WAAW,UAAU,CAAC,aAAa,CAAC,aAAa,EAAE,CAAC;IACpE,QAAQ,IAAI,CAAC,QAAQ,EAAE;QACrB,KAAK,WAAW;YACd,OAAO,CACL,GAAG,OAAO,sCAAsC;gBAChD,cAAc,gBAAgB,CAAC,SAAS,CAAC,mBAAmB,CAAC,KAAK,EAAE;gBACpE,iBAAiB,UAAU,CAAC,aAAa,CAAC,WAAW,EAAE;gBACvD,6BAA6B;gBAC7B,mBAAmB,MAAM,IAAA,gCAAgB,GAAE,EAAE,CAC9C,CAAC;QACJ,KAAK,OAAO;YACV,OAAO,GAAG,OAAO,eAAe,CAAC;QACnC,KAAK,QAAQ;YACX,OAAO,CACL,GAAG,OAAO,4BAA4B;gBACtC,cAAc,gBAAgB,CAAC,SAAS,CAAC,mBAAmB,CAAC,KAAK,EAAE;gBACpE,iBAAiB,UAAU,CAAC,aAAa,CAAC,WAAW,EAAE;gBACvD,6BAA6B;gBAC7B,mBAAmB,MAAM,IAAA,gCAAgB,GAAE,EAAE,CAC9C,CAAC;KACL;AACH,CAAC;AAlDD,kCAkDC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import { CognitoJwtVerifier } from 'aws-jwt-verify';
|
|
2
|
+
import type { CognitoAccessTokenPayload, CognitoIdTokenPayload } from 'aws-jwt-verify/jwt-model';
|
|
3
|
+
export declare function connectWithCognito({ goldstackConfig, packageSchema, deploymentsOutput, deploymentName, }: {
|
|
4
|
+
goldstackConfig: any;
|
|
5
|
+
packageSchema: any;
|
|
6
|
+
deploymentsOutput: any;
|
|
7
|
+
deploymentName?: string;
|
|
8
|
+
}): Promise<CognitoManager>;
|
|
9
|
+
export interface CognitoManager {
|
|
10
|
+
validate(accessToken: string): Promise<CognitoAccessTokenPayload>;
|
|
11
|
+
/**
|
|
12
|
+
* Validates an id token without validating it. On the server, ensure to validate the <i>accessToken</i> as well.
|
|
13
|
+
* It is not recommended practice to assert authentication for an API using an id token only.
|
|
14
|
+
*/
|
|
15
|
+
validateIdToken(idToken: string): Promise<CognitoIdTokenPayload & {
|
|
16
|
+
email: string;
|
|
17
|
+
}>;
|
|
18
|
+
}
|
|
19
|
+
export declare class CognitoManagerImpl implements CognitoManager {
|
|
20
|
+
accessTokenVerifier: CognitoJwtVerifier<any, any, any>;
|
|
21
|
+
idTokenVerifier: CognitoJwtVerifier<any, any, any>;
|
|
22
|
+
constructor(accessTokenVerifier: CognitoJwtVerifier<any, any, any>, idTokenVerifier: CognitoJwtVerifier<any, any, any>);
|
|
23
|
+
validate(jwtToken: string): Promise<CognitoAccessTokenPayload>;
|
|
24
|
+
validateIdToken(jwtToken: string): Promise<CognitoIdTokenPayload & {
|
|
25
|
+
email: string;
|
|
26
|
+
}>;
|
|
27
|
+
}
|
|
28
|
+
export declare class LocalUserManagerImpl implements CognitoManager {
|
|
29
|
+
validateIdToken(idToken: string): Promise<CognitoIdTokenPayload & {
|
|
30
|
+
email: string;
|
|
31
|
+
}>;
|
|
32
|
+
validate(jwtToken: string): Promise<CognitoAccessTokenPayload>;
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=cognitoTokenVerify.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cognitoTokenVerify.d.ts","sourceRoot":"","sources":["../../src/cognitoTokenVerify.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAGpD,OAAO,KAAK,EACV,yBAAyB,EACzB,qBAAqB,EACtB,MAAM,0BAA0B,CAAC;AAYlC,wBAAsB,kBAAkB,CAAC,EACvC,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,cAAc,GACf,EAAE;IACD,eAAe,EAAE,GAAG,CAAC;IACrB,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CAAC,cAAc,CAAC,CAqC1B;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC;IAClE;;;OAGG;IACH,eAAe,CACb,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,qBAAqB,GAAG;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACvD;AAED,qBAAa,kBAAmB,YAAW,cAAc;IACvD,mBAAmB,EAAE,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACvD,eAAe,EAAE,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;gBAGjD,mBAAmB,EAAE,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACtD,eAAe,EAAE,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;IAM9C,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAS9D,eAAe,CACnB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,qBAAqB,GAAG;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CAQtD;AAED,qBAAa,oBAAqB,YAAW,cAAc;IACnD,eAAe,CACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,qBAAqB,GAAG;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAsB/C,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC;CAgBrE"}
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/* eslint-disable @typescript-eslint/no-unused-vars */
|
|
3
|
+
/* esbuild-ignore ui */
|
|
4
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
|
+
exports.LocalUserManagerImpl = exports.CognitoManagerImpl = exports.connectWithCognito = void 0;
|
|
6
|
+
const aws_jwt_verify_1 = require("aws-jwt-verify");
|
|
7
|
+
const jwk_1 = require("aws-jwt-verify/jwk");
|
|
8
|
+
const userManagementConfig_1 = require("./userManagementConfig");
|
|
9
|
+
/**
|
|
10
|
+
* We want to keep only one JWKS cache globally for our application.
|
|
11
|
+
*/
|
|
12
|
+
let sharedJwksCache = undefined;
|
|
13
|
+
async function connectWithCognito({ goldstackConfig, packageSchema, deploymentsOutput, deploymentName, }) {
|
|
14
|
+
deploymentName = (0, userManagementConfig_1.getDeploymentName)(deploymentName);
|
|
15
|
+
if (deploymentName === 'local') {
|
|
16
|
+
return new LocalUserManagerImpl();
|
|
17
|
+
}
|
|
18
|
+
const deploymentOutput = (0, userManagementConfig_1.getDeploymentsOutput)(deploymentsOutput, deploymentName);
|
|
19
|
+
if (!sharedJwksCache) {
|
|
20
|
+
sharedJwksCache = new jwk_1.SimpleJwksCache();
|
|
21
|
+
}
|
|
22
|
+
const accessTokenVerifier = aws_jwt_verify_1.CognitoJwtVerifier.create({
|
|
23
|
+
userPoolId: deploymentOutput.terraform.user_pool_id.value,
|
|
24
|
+
tokenUse: 'access',
|
|
25
|
+
clientId: deploymentOutput.terraform.user_pool_client_id.value,
|
|
26
|
+
}, {
|
|
27
|
+
jwksCache: sharedJwksCache,
|
|
28
|
+
});
|
|
29
|
+
const idTokenVerifier = aws_jwt_verify_1.CognitoJwtVerifier.create({
|
|
30
|
+
userPoolId: deploymentOutput.terraform.user_pool_id.value,
|
|
31
|
+
tokenUse: 'id',
|
|
32
|
+
clientId: deploymentOutput.terraform.user_pool_client_id.value,
|
|
33
|
+
}, {
|
|
34
|
+
jwksCache: sharedJwksCache,
|
|
35
|
+
});
|
|
36
|
+
return new CognitoManagerImpl(accessTokenVerifier, idTokenVerifier);
|
|
37
|
+
}
|
|
38
|
+
exports.connectWithCognito = connectWithCognito;
|
|
39
|
+
class CognitoManagerImpl {
|
|
40
|
+
constructor(accessTokenVerifier, idTokenVerifier) {
|
|
41
|
+
this.accessTokenVerifier = accessTokenVerifier;
|
|
42
|
+
this.idTokenVerifier = idTokenVerifier;
|
|
43
|
+
}
|
|
44
|
+
async validate(jwtToken) {
|
|
45
|
+
try {
|
|
46
|
+
const payload = await this.accessTokenVerifier.verify(jwtToken);
|
|
47
|
+
return payload;
|
|
48
|
+
}
|
|
49
|
+
catch {
|
|
50
|
+
throw new Error('Invalid token');
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
async validateIdToken(jwtToken) {
|
|
54
|
+
try {
|
|
55
|
+
const payload = await this.idTokenVerifier.verify(jwtToken);
|
|
56
|
+
return payload;
|
|
57
|
+
}
|
|
58
|
+
catch {
|
|
59
|
+
throw new Error('Invalid token');
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
exports.CognitoManagerImpl = CognitoManagerImpl;
|
|
64
|
+
class LocalUserManagerImpl {
|
|
65
|
+
async validateIdToken(idToken) {
|
|
66
|
+
return {
|
|
67
|
+
at_hash: 'NixgfrD9129y_3vcIILTIg',
|
|
68
|
+
sub: '9ad18936-07ce-4c17-8ed9-278fdd35406a',
|
|
69
|
+
email_verified: true,
|
|
70
|
+
phone_number_verified: false,
|
|
71
|
+
'cognito:preferred_role': '',
|
|
72
|
+
'cognito:roles': [],
|
|
73
|
+
identities: [],
|
|
74
|
+
iss: 'https://cognito-idp.us-west-2.amazonaws.com/us-west-2_AnBhna7ph',
|
|
75
|
+
'cognito:username': '9ad18936-07ce-4c17-8ed9-278fdd35406a',
|
|
76
|
+
origin_jti: '72408fc1-2223-4a04-9a45-f10aaefd77ee',
|
|
77
|
+
aud: '7cuiqmug2c50sgqi93igjk16mf',
|
|
78
|
+
event_id: '4dcbf59b-53a8-4674-94c9-81eb2171b66d',
|
|
79
|
+
token_use: 'id',
|
|
80
|
+
auth_time: Math.floor(Date.now() / 1000),
|
|
81
|
+
exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24,
|
|
82
|
+
iat: Math.floor(Date.now() / 1000),
|
|
83
|
+
jti: '17fdf966-9882-4114-8095-ecc9ac19aa7b',
|
|
84
|
+
email: 'dummy@dummy.com',
|
|
85
|
+
};
|
|
86
|
+
}
|
|
87
|
+
async validate(jwtToken) {
|
|
88
|
+
return {
|
|
89
|
+
auth_time: Math.floor(Date.now() / 1000),
|
|
90
|
+
client_id: '7cuiqmug2c50sgqi93igjk16mf',
|
|
91
|
+
exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24,
|
|
92
|
+
iat: Math.floor(Date.now() / 1000),
|
|
93
|
+
iss: 'https://cognito-idp.us-west-2.amazonaws.com/us-west-2_AnBhna7ph',
|
|
94
|
+
jti: '53b68584-3a9e-4b97-b7de-10924c57d191',
|
|
95
|
+
origin_jti: '4ee806c2-6948-4d57-886b-1e94eb0f5193',
|
|
96
|
+
scope: 'openid email',
|
|
97
|
+
sub: '9ad18936-07ce-4c17-8ed9-278fdd35406a',
|
|
98
|
+
username: '9ad18936-07ce-4c17-8ed9-278fdd35406a',
|
|
99
|
+
token_use: 'access',
|
|
100
|
+
version: 2,
|
|
101
|
+
};
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
exports.LocalUserManagerImpl = LocalUserManagerImpl;
|
|
105
|
+
//# sourceMappingURL=cognitoTokenVerify.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cognitoTokenVerify.js","sourceRoot":"","sources":["../../src/cognitoTokenVerify.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,uBAAuB;;;AAEvB,mDAAoD;AACpD,4CAAqD;AAOrD,iEAGgC;AAEhC;;GAEG;AACH,IAAI,eAAe,GAAgC,SAAS,CAAC;AAEtD,KAAK,UAAU,kBAAkB,CAAC,EACvC,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,cAAc,GAMf;IACC,cAAc,GAAG,IAAA,wCAAiB,EAAC,cAAc,CAAC,CAAC;IAEnD,IAAI,cAAc,KAAK,OAAO,EAAE;QAC9B,OAAO,IAAI,oBAAoB,EAAE,CAAC;KACnC;IAED,MAAM,gBAAgB,GAAG,IAAA,2CAAoB,EAC3C,iBAAiB,EACjB,cAAc,CACf,CAAC;IAEF,IAAI,CAAC,eAAe,EAAE;QACpB,eAAe,GAAG,IAAI,qBAAe,EAAE,CAAC;KACzC;IAED,MAAM,mBAAmB,GAAG,mCAAkB,CAAC,MAAM,CACnD;QACE,UAAU,EAAE,gBAAgB,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK;QACzD,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,gBAAgB,CAAC,SAAS,CAAC,mBAAmB,CAAC,KAAK;KAC/D,EACD;QACE,SAAS,EAAE,eAAe;KAC3B,CACF,CAAC;IACF,MAAM,eAAe,GAAG,mCAAkB,CAAC,MAAM,CAC/C;QACE,UAAU,EAAE,gBAAgB,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK;QACzD,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,gBAAgB,CAAC,SAAS,CAAC,mBAAmB,CAAC,KAAK;KAC/D,EACD;QACE,SAAS,EAAE,eAAe;KAC3B,CACF,CAAC;IACF,OAAO,IAAI,kBAAkB,CAAC,mBAAmB,EAAE,eAAe,CAAC,CAAC;AACtE,CAAC;AA/CD,gDA+CC;AAaD,MAAa,kBAAkB;IAI7B,YACE,mBAAsD,EACtD,eAAkD;QAElD,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;QAC/C,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,QAAgB;QAC7B,IAAI;YACF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAChE,OAAO,OAAc,CAAC;SACvB;QAAC,MAAM;YACN,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;SAClC;IACH,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,QAAgB;QAEhB,IAAI;YACF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC5D,OAAO,OAAc,CAAC;SACvB;QAAC,MAAM;YACN,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;SAClC;IACH,CAAC;CACF;AA/BD,gDA+BC;AAED,MAAa,oBAAoB;IAC/B,KAAK,CAAC,eAAe,CACnB,OAAe;QAEf,OAAO;YACL,OAAO,EAAE,wBAAwB;YACjC,GAAG,EAAE,sCAAsC;YAC3C,cAAc,EAAE,IAAI;YACpB,qBAAqB,EAAE,KAAK;YAC5B,wBAAwB,EAAE,EAAE;YAC5B,eAAe,EAAE,EAAE;YACnB,UAAU,EAAE,EAAE;YACd,GAAG,EAAE,iEAAiE;YACtE,kBAAkB,EAAE,sCAAsC;YAC1D,UAAU,EAAE,sCAAsC;YAClD,GAAG,EAAE,4BAA4B;YACjC,QAAQ,EAAE,sCAAsC;YAChD,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YACjD,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAClC,GAAG,EAAE,sCAAsC;YAC3C,KAAK,EAAE,iBAAiB;SACzB,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,QAAQ,CAAC,QAAgB;QAC7B,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxC,SAAS,EAAE,4BAA4B;YACvC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YACjD,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAClC,GAAG,EAAE,iEAAiE;YACtE,GAAG,EAAE,sCAAsC;YAC3C,UAAU,EAAE,sCAAsC;YAClD,KAAK,EAAE,cAAc;YACrB,GAAG,EAAE,sCAAsC;YAC3C,QAAQ,EAAE,sCAAsC;YAChD,SAAS,EAAE,QAAQ;YACnB,OAAO,EAAE,CAAC;SACX,CAAC;IACJ,CAAC;CACF;AAzCD,oDAyCC"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
export * from './types/UserManagementPackage';
|
|
2
|
+
import type { CognitoManager } from './cognitoTokenVerify';
|
|
3
|
+
export type { CognitoManager } from './cognitoTokenVerify';
|
|
4
|
+
import type { GetTokenResults } from './cognitoClientAuth';
|
|
5
|
+
export type { GetTokenResults };
|
|
6
|
+
export declare function connectWithCognito(args: {
|
|
7
|
+
goldstackConfig: any;
|
|
8
|
+
packageSchema: any;
|
|
9
|
+
deploymentsOutput: any;
|
|
10
|
+
deploymentName?: string;
|
|
11
|
+
}): Promise<CognitoManager>;
|
|
12
|
+
export declare type Endpoint = 'authorize' | 'token' | 'logout';
|
|
13
|
+
export declare function getEndpoint(args: {
|
|
14
|
+
goldstackConfig: any;
|
|
15
|
+
endpoint: Endpoint;
|
|
16
|
+
packageSchema: any;
|
|
17
|
+
deploymentsOutput: any;
|
|
18
|
+
deploymentName?: string;
|
|
19
|
+
}): Promise<string>;
|
|
20
|
+
export declare function getToken(args: {
|
|
21
|
+
goldstackConfig: any;
|
|
22
|
+
code?: string;
|
|
23
|
+
refreshToken?: string;
|
|
24
|
+
packageSchema: any;
|
|
25
|
+
deploymentsOutput: any;
|
|
26
|
+
deploymentName?: string;
|
|
27
|
+
}): Promise<GetTokenResults>;
|
|
28
|
+
export interface ClientAuthResult {
|
|
29
|
+
accessToken: string;
|
|
30
|
+
idToken: string;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* <p>Performs client-side authentication.
|
|
34
|
+
* <p>Will redirect to Cognito hosted UI for signin if required.
|
|
35
|
+
* <p>Sets client-side cookies and session variables.
|
|
36
|
+
* <p>For more control on what gets persisted on the client-side, use the method <code>getToken</code>.
|
|
37
|
+
*/
|
|
38
|
+
export declare function performClientAuth(args: {
|
|
39
|
+
goldstackConfig: any;
|
|
40
|
+
packageSchema: any;
|
|
41
|
+
deploymentsOutput: any;
|
|
42
|
+
deploymentName?: string;
|
|
43
|
+
}): Promise<ClientAuthResult | undefined>;
|
|
44
|
+
/**
|
|
45
|
+
* <p>Will clear all cached variables set in <code>performClientAuth</code> and redirect user to the sign in page.
|
|
46
|
+
* <p>If you manage your own client-side config, use <code>getEndpoint</code> to obtain the logout endpoint.
|
|
47
|
+
*/
|
|
48
|
+
export declare function performLogout(args: {
|
|
49
|
+
goldstackConfig: any;
|
|
50
|
+
packageSchema: any;
|
|
51
|
+
deploymentsOutput: any;
|
|
52
|
+
deploymentName?: string;
|
|
53
|
+
}): Promise<void>;
|
|
54
|
+
//# sourceMappingURL=templateUserManagement.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"templateUserManagement.d.ts","sourceRoot":"","sources":["../../src/templateUserManagement.ts"],"names":[],"mappings":"AAAA,cAAc,+BAA+B,CAAC;AAM9C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAM3D,YAAY,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE3D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,YAAY,EAAE,eAAe,EAAE,CAAC;AAEhC,wBAAsB,kBAAkB,CAAC,IAAI,EAAE;IAC7C,eAAe,EAAE,GAAG,CAAC;IACrB,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CAAC,cAAc,CAAC,CAE1B;AAED,oBAAY,QAAQ,GAChB,WAAW,GACX,OAAO,GACP,QAAQ,CAAC;AAEb,wBAAsB,WAAW,CAAC,IAAI,EAAE;IACtC,eAAe,EAAE,GAAG,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CAAC,MAAM,CAAC,CAElB;AAED,wBAAsB,QAAQ,CAAC,IAAI,EAAE;IACnC,eAAe,EAAE,GAAG,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CAAC,eAAe,CAAC,CAE3B;AAuBD,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,eAAe,EAAE,GAAG,CAAC;IACrB,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CA6FxC;AAED;;;GAGG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE;IACxC,eAAe,EAAE,GAAG,CAAC;IACrB,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,iBAQA"}
|
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
19
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
20
|
+
};
|
|
21
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
22
|
+
if (mod && mod.__esModule) return mod;
|
|
23
|
+
var result = {};
|
|
24
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
25
|
+
__setModuleDefault(result, mod);
|
|
26
|
+
return result;
|
|
27
|
+
};
|
|
28
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
+
exports.performLogout = exports.performClientAuth = exports.getToken = exports.getEndpoint = exports.connectWithCognito = void 0;
|
|
30
|
+
__exportStar(require("./types/UserManagementPackage"), exports);
|
|
31
|
+
const tokenVerify = __importStar(require("./cognitoTokenVerify"));
|
|
32
|
+
const cognitoEndpoints_1 = require("./cognitoEndpoints");
|
|
33
|
+
const cognitoClientAuth_1 = require("./cognitoClientAuth");
|
|
34
|
+
const userManagementConfig_1 = require("./userManagementConfig");
|
|
35
|
+
const utils_package_config_embedded_1 = require("@goldstack/utils-package-config-embedded");
|
|
36
|
+
async function connectWithCognito(args) {
|
|
37
|
+
return tokenVerify.connectWithCognito(args);
|
|
38
|
+
}
|
|
39
|
+
exports.connectWithCognito = connectWithCognito;
|
|
40
|
+
async function getEndpoint(args) {
|
|
41
|
+
return (0, cognitoEndpoints_1.getEndpoint)(args);
|
|
42
|
+
}
|
|
43
|
+
exports.getEndpoint = getEndpoint;
|
|
44
|
+
async function getToken(args) {
|
|
45
|
+
return (0, cognitoClientAuth_1.getToken)(args);
|
|
46
|
+
}
|
|
47
|
+
exports.getToken = getToken;
|
|
48
|
+
function setCookie(name, value, minutes) {
|
|
49
|
+
let expires;
|
|
50
|
+
if (minutes) {
|
|
51
|
+
const date = new Date();
|
|
52
|
+
date.setTime(date.getTime() + minutes * 60 * 1000);
|
|
53
|
+
expires = '; expires=' + date.toUTCString();
|
|
54
|
+
}
|
|
55
|
+
else {
|
|
56
|
+
expires = '';
|
|
57
|
+
}
|
|
58
|
+
document.cookie = name + '=' + value + expires + '; path=/';
|
|
59
|
+
}
|
|
60
|
+
function eraseCookie(name) {
|
|
61
|
+
document.cookie = name + '=; Max-Age=0';
|
|
62
|
+
}
|
|
63
|
+
/*
|
|
64
|
+
* Keeping this only in memory
|
|
65
|
+
*/
|
|
66
|
+
let refreshTokenStorage = undefined;
|
|
67
|
+
/**
|
|
68
|
+
* <p>Performs client-side authentication.
|
|
69
|
+
* <p>Will redirect to Cognito hosted UI for signin if required.
|
|
70
|
+
* <p>Sets client-side cookies and session variables.
|
|
71
|
+
* <p>For more control on what gets persisted on the client-side, use the method <code>getToken</code>.
|
|
72
|
+
*/
|
|
73
|
+
async function performClientAuth(args) {
|
|
74
|
+
const deploymentName = (0, userManagementConfig_1.getDeploymentName)(args.deploymentName);
|
|
75
|
+
const params = new URLSearchParams(window.location.search);
|
|
76
|
+
const code = params.get('code');
|
|
77
|
+
const existingAccessToken = window.sessionStorage.getItem('goldstack_access_token');
|
|
78
|
+
const existingIdToken = window.sessionStorage.getItem('goldstack_id_token');
|
|
79
|
+
if (existingAccessToken && existingIdToken) {
|
|
80
|
+
// remove code from URL
|
|
81
|
+
if (code) {
|
|
82
|
+
const packageConfig = new utils_package_config_embedded_1.EmbeddedPackageConfig({
|
|
83
|
+
goldstackJson: args.goldstackConfig,
|
|
84
|
+
packageSchema: args.packageSchema,
|
|
85
|
+
});
|
|
86
|
+
const deployment = packageConfig.getDeployment(deploymentName);
|
|
87
|
+
window.location.href = deployment.configuration.callbackUrl;
|
|
88
|
+
return {
|
|
89
|
+
accessToken: existingAccessToken,
|
|
90
|
+
idToken: existingIdToken,
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
return {
|
|
94
|
+
accessToken: existingAccessToken,
|
|
95
|
+
idToken: existingIdToken,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
if (code) {
|
|
99
|
+
const token = await getToken({ ...args, code });
|
|
100
|
+
window.sessionStorage.setItem('goldstack_access_token', token.accessToken);
|
|
101
|
+
window.sessionStorage.setItem('goldstack_id_token', token.idToken);
|
|
102
|
+
refreshTokenStorage = token.refreshToken;
|
|
103
|
+
// only store access and id token in cookie
|
|
104
|
+
setCookie('goldstack_access_token', token.accessToken, 60);
|
|
105
|
+
setCookie('goldstack_id_token', token.idToken, 60);
|
|
106
|
+
const packageConfig = new utils_package_config_embedded_1.EmbeddedPackageConfig({
|
|
107
|
+
goldstackJson: args.goldstackConfig,
|
|
108
|
+
packageSchema: args.packageSchema,
|
|
109
|
+
});
|
|
110
|
+
const deployment = packageConfig.getDeployment(deploymentName);
|
|
111
|
+
window.location.href = deployment.configuration.callbackUrl;
|
|
112
|
+
return {
|
|
113
|
+
accessToken: token.accessToken,
|
|
114
|
+
idToken: token.idToken,
|
|
115
|
+
};
|
|
116
|
+
}
|
|
117
|
+
if (deploymentName === 'local') {
|
|
118
|
+
window.location.href = '?code=dummy-local-code';
|
|
119
|
+
return;
|
|
120
|
+
}
|
|
121
|
+
const refreshToken = refreshTokenStorage;
|
|
122
|
+
// if there is a refresh token, try to get a new token with that first before doing a redirect
|
|
123
|
+
if (refreshToken) {
|
|
124
|
+
try {
|
|
125
|
+
const token = await getToken({ ...args, refreshToken });
|
|
126
|
+
window.sessionStorage.setItem('goldstack_access_token', token.accessToken);
|
|
127
|
+
window.sessionStorage.setItem('goldstack_id_token', token.idToken);
|
|
128
|
+
refreshTokenStorage = token.refreshToken;
|
|
129
|
+
// only store access and id token in cookie
|
|
130
|
+
setCookie('goldstack_access_token', token.accessToken, 60);
|
|
131
|
+
setCookie('goldstack_id_token', token.idToken, 60);
|
|
132
|
+
return {
|
|
133
|
+
accessToken: token.accessToken,
|
|
134
|
+
idToken: token.idToken,
|
|
135
|
+
};
|
|
136
|
+
}
|
|
137
|
+
catch (e) {
|
|
138
|
+
// if there is an error, we better discard our refresh token, it could be expired
|
|
139
|
+
refreshTokenStorage = undefined;
|
|
140
|
+
// then we proceed with the redirect to login
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
const endpoint = await getEndpoint({ ...args, endpoint: 'authorize' });
|
|
144
|
+
window.location.href = endpoint;
|
|
145
|
+
return undefined;
|
|
146
|
+
}
|
|
147
|
+
exports.performClientAuth = performClientAuth;
|
|
148
|
+
/**
|
|
149
|
+
* <p>Will clear all cached variables set in <code>performClientAuth</code> and redirect user to the sign in page.
|
|
150
|
+
* <p>If you manage your own client-side config, use <code>getEndpoint</code> to obtain the logout endpoint.
|
|
151
|
+
*/
|
|
152
|
+
async function performLogout(args) {
|
|
153
|
+
refreshTokenStorage = undefined;
|
|
154
|
+
eraseCookie('goldstack_access_token');
|
|
155
|
+
eraseCookie('goldstack_id_token');
|
|
156
|
+
window.sessionStorage.removeItem('goldstack_access_token');
|
|
157
|
+
window.sessionStorage.removeItem('goldstack_id_token');
|
|
158
|
+
const endpoint = await getEndpoint({ ...args, endpoint: 'logout' });
|
|
159
|
+
window.location.href = endpoint;
|
|
160
|
+
}
|
|
161
|
+
exports.performLogout = performLogout;
|
|
162
|
+
//# sourceMappingURL=templateUserManagement.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"templateUserManagement.js","sourceRoot":"","sources":["../../src/templateUserManagement.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gEAA8C;AAE9C,kEAAoD;AAEpD,yDAAmE;AACnE,2DAA8D;AAE9D,iEAA2D;AAC3D,4FAAiF;AAS1E,KAAK,UAAU,kBAAkB,CAAC,IAKxC;IACC,OAAO,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC9C,CAAC;AAPD,gDAOC;AAOM,KAAK,UAAU,WAAW,CAAC,IAMjC;IACC,OAAO,IAAA,8BAAc,EAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AARD,kCAQC;AAEM,KAAK,UAAU,QAAQ,CAAC,IAO9B;IACC,OAAO,IAAA,4BAAW,EAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AATD,4BASC;AAED,SAAS,SAAS,CAAC,IAAY,EAAE,KAAa,EAAE,OAAe;IAC7D,IAAI,OAAe,CAAC;IACpB,IAAI,OAAO,EAAE;QACX,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QACxB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACnD,OAAO,GAAG,YAAY,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;KAC7C;SAAM;QACL,OAAO,GAAG,EAAE,CAAC;KACd;IACD,QAAQ,CAAC,MAAM,GAAG,IAAI,GAAG,GAAG,GAAG,KAAK,GAAG,OAAO,GAAG,UAAU,CAAC;AAC9D,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,QAAQ,CAAC,MAAM,GAAG,IAAI,GAAG,cAAc,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,IAAI,mBAAmB,GAAuB,SAAS,CAAC;AAOxD;;;;;GAKG;AACI,KAAK,UAAU,iBAAiB,CAAC,IAKvC;IACC,MAAM,cAAc,GAAG,IAAA,wCAAiB,EAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC3D,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAEhC,MAAM,mBAAmB,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CACvD,wBAAwB,CACzB,CAAC;IACF,MAAM,eAAe,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC5E,IAAI,mBAAmB,IAAI,eAAe,EAAE;QAC1C,uBAAuB;QACvB,IAAI,IAAI,EAAE;YACR,MAAM,aAAa,GAAG,IAAI,qDAAqB,CAG7C;gBACA,aAAa,EAAE,IAAI,CAAC,eAAe;gBACnC,aAAa,EAAE,IAAI,CAAC,aAAa;aAClC,CAAC,CAAC;YACH,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;YAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,UAAU,CAAC,aAAa,CAAC,WAAW,CAAC;YAC5D,OAAO;gBACL,WAAW,EAAE,mBAAmB;gBAChC,OAAO,EAAE,eAAe;aACzB,CAAC;SACH;QAED,OAAO;YACL,WAAW,EAAE,mBAAmB;YAChC,OAAO,EAAE,eAAe;SACzB,CAAC;KACH;IAED,IAAI,IAAI,EAAE;QACR,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,wBAAwB,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QAC3E,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,oBAAoB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QACnE,mBAAmB,GAAG,KAAK,CAAC,YAAY,CAAC;QACzC,2CAA2C;QAC3C,SAAS,CAAC,wBAAwB,EAAE,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC3D,SAAS,CAAC,oBAAoB,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACnD,MAAM,aAAa,GAAG,IAAI,qDAAqB,CAG7C;YACA,aAAa,EAAE,IAAI,CAAC,eAAe;YACnC,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;QAC/D,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,UAAU,CAAC,aAAa,CAAC,WAAW,CAAC;QAC5D,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC;KACH;IAED,IAAI,cAAc,KAAK,OAAO,EAAE;QAC9B,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,wBAAwB,CAAC;QAChD,OAAO;KACR;IAED,MAAM,YAAY,GAAG,mBAAmB,CAAC;IACzC,8FAA8F;IAC9F,IAAI,YAAY,EAAE;QAChB,IAAI;YACF,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,EAAE,GAAG,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;YAExD,MAAM,CAAC,cAAc,CAAC,OAAO,CAC3B,wBAAwB,EACxB,KAAK,CAAC,WAAW,CAClB,CAAC;YACF,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,oBAAoB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACnE,mBAAmB,GAAG,KAAK,CAAC,YAAY,CAAC;YACzC,2CAA2C;YAC3C,SAAS,CAAC,wBAAwB,EAAE,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC3D,SAAS,CAAC,oBAAoB,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAEnD,OAAO;gBACL,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;aACvB,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,iFAAiF;YACjF,mBAAmB,GAAG,SAAS,CAAC;YAChC,6CAA6C;SAC9C;KACF;IAED,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;IAEvE,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC;IAChC,OAAO,SAAS,CAAC;AACnB,CAAC;AAlGD,8CAkGC;AAED;;;GAGG;AACI,KAAK,UAAU,aAAa,CAAC,IAKnC;IACC,mBAAmB,GAAG,SAAS,CAAC;IAChC,WAAW,CAAC,wBAAwB,CAAC,CAAC;IACtC,WAAW,CAAC,oBAAoB,CAAC,CAAC;IAClC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;IAC3D,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IACpE,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC;AAClC,CAAC;AAbD,sCAaC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { AWSDeployment } from '@goldstack/infra-aws';
|
|
2
|
+
import type { TerraformDeployment } from '@goldstack/utils-terraform';
|
|
3
|
+
import type { Deployment } from '@goldstack/infra';
|
|
4
|
+
import type { UserManagementDeploymentConfiguration } from './UserManagementDeploymentConfiguration';
|
|
5
|
+
export type { AWSDeployment, TerraformDeployment, Deployment, UserManagementDeploymentConfiguration, };
|
|
6
|
+
export interface ThisDeployment extends Deployment, AWSDeployment, TerraformDeployment {
|
|
7
|
+
configuration: UserManagementDeploymentConfiguration;
|
|
8
|
+
}
|
|
9
|
+
export type { ThisDeployment as UserManagementDeployment };
|
|
10
|
+
export default ThisDeployment;
|
|
11
|
+
//# sourceMappingURL=UserManagementDeployment.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserManagementDeployment.d.ts","sourceRoot":"","sources":["../../../src/types/UserManagementDeployment.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEnD,OAAO,KAAK,EAAE,qCAAqC,EAAE,MAAM,yCAAyC,CAAC;AAErG,YAAY,EACV,aAAa,EACb,mBAAmB,EACnB,UAAU,EACV,qCAAqC,GACtC,CAAC;AAEF,MAAM,WAAW,cACf,SAAQ,UAAU,EAChB,aAAa,EACb,mBAAmB;IACrB,aAAa,EAAE,qCAAqC,CAAC;CACtD;AAED,YAAY,EAAE,cAAc,IAAI,wBAAwB,EAAE,CAAC;AAE3D,eAAe,cAAc,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserManagementDeployment.js","sourceRoot":"","sources":["../../../src/types/UserManagementDeployment.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import type { DeploymentConfiguration } from '@goldstack/infra';
|
|
2
|
+
export type { DeploymentConfiguration };
|
|
3
|
+
/**
|
|
4
|
+
* The name of the Cognito user pool.
|
|
5
|
+
*
|
|
6
|
+
* @title User Pool Name
|
|
7
|
+
* @pattern ^[A-Za-z0-9-]*$
|
|
8
|
+
*/
|
|
9
|
+
export declare type UserPoolName = string;
|
|
10
|
+
/**
|
|
11
|
+
* The domain name of the Route 53 hosted zone that the cognito domain should be added to.
|
|
12
|
+
*
|
|
13
|
+
* @title Hosted Zone Domain
|
|
14
|
+
* @pattern ^[^\s]*
|
|
15
|
+
*/
|
|
16
|
+
export declare type HostedZoneDomain = string;
|
|
17
|
+
/**
|
|
18
|
+
* The domain where Cognito will be deployed to
|
|
19
|
+
*
|
|
20
|
+
* @title Cognito Domain
|
|
21
|
+
* @pattern ^[^\s]*
|
|
22
|
+
*/
|
|
23
|
+
export declare type CognitoDomain = string;
|
|
24
|
+
/**
|
|
25
|
+
* URL that users should be redirected to after a successful login.
|
|
26
|
+
*
|
|
27
|
+
* @title Callback URL
|
|
28
|
+
* @pattern ^[^\s]*
|
|
29
|
+
*/
|
|
30
|
+
export declare type CallbackUrl = string;
|
|
31
|
+
export interface ThisDeploymentConfiguration extends DeploymentConfiguration {
|
|
32
|
+
userPoolName: UserPoolName;
|
|
33
|
+
hostedZoneDomain: HostedZoneDomain;
|
|
34
|
+
cognitoDomain: CognitoDomain;
|
|
35
|
+
callbackUrl: CallbackUrl;
|
|
36
|
+
}
|
|
37
|
+
export type { ThisDeploymentConfiguration as UserManagementDeploymentConfiguration };
|
|
38
|
+
//# sourceMappingURL=UserManagementDeploymentConfiguration.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserManagementDeploymentConfiguration.d.ts","sourceRoot":"","sources":["../../../src/types/UserManagementDeploymentConfiguration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAEhE,YAAY,EAAE,uBAAuB,EAAE,CAAC;AAExC;;;;;GAKG;AACH,oBAAY,YAAY,GAAG,MAAM,CAAC;AAElC;;;;;GAKG;AACH,oBAAY,gBAAgB,GAAG,MAAM,CAAC;AAEtC;;;;;GAKG;AACH,oBAAY,aAAa,GAAG,MAAM,CAAC;AAEnC;;;;;GAKG;AACH,oBAAY,WAAW,GAAG,MAAM,CAAC;AAEjC,MAAM,WAAW,2BAA4B,SAAQ,uBAAuB;IAC1E,YAAY,EAAE,YAAY,CAAC;IAC3B,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,aAAa,EAAE,aAAa,CAAC;IAC7B,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED,YAAY,EAAE,2BAA2B,IAAI,qCAAqC,EAAE,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserManagementDeploymentConfiguration.js","sourceRoot":"","sources":["../../../src/types/UserManagementDeploymentConfiguration.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import type { Package } from '@goldstack/utils-package';
|
|
2
|
+
import type { UserManagementConfiguration } from './UserManagementPackageConfiguration';
|
|
3
|
+
import type { UserManagementDeployment } from './UserManagementDeployment';
|
|
4
|
+
export type { UserManagementConfiguration, UserManagementDeployment };
|
|
5
|
+
/**
|
|
6
|
+
* Places where cognito should be deployed to.
|
|
7
|
+
*
|
|
8
|
+
* @title Deployments
|
|
9
|
+
*/
|
|
10
|
+
export declare type UserManagementDeployments = UserManagementDeployment[];
|
|
11
|
+
/**
|
|
12
|
+
* A cognito configuration.
|
|
13
|
+
*
|
|
14
|
+
* @title User Management Package
|
|
15
|
+
*/
|
|
16
|
+
export interface ThisPackage extends Package {
|
|
17
|
+
configuration: UserManagementConfiguration;
|
|
18
|
+
deployments: UserManagementDeployments;
|
|
19
|
+
}
|
|
20
|
+
export type { ThisPackage as UserManagementPackage };
|
|
21
|
+
export default ThisPackage;
|
|
22
|
+
//# sourceMappingURL=UserManagementPackage.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserManagementPackage.d.ts","sourceRoot":"","sources":["../../../src/types/UserManagementPackage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAExD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACxF,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AAE3E,YAAY,EAAE,2BAA2B,EAAE,wBAAwB,EAAE,CAAC;AAEtE;;;;GAIG;AACH,oBAAY,yBAAyB,GAAG,wBAAwB,EAAE,CAAC;AAEnE;;;;GAIG;AACH,MAAM,WAAW,WAAY,SAAQ,OAAO;IAC1C,aAAa,EAAE,2BAA2B,CAAC;IAC3C,WAAW,EAAE,yBAAyB,CAAC;CACxC;AAED,YAAY,EAAE,WAAW,IAAI,qBAAqB,EAAE,CAAC;AAErD,eAAe,WAAW,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserManagementPackage.js","sourceRoot":"","sources":["../../../src/types/UserManagementPackage.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { Configuration } from '@goldstack/utils-package';
|
|
2
|
+
export type { Configuration };
|
|
3
|
+
/**
|
|
4
|
+
* User Management Configuration
|
|
5
|
+
*
|
|
6
|
+
* @title User Management Configuration
|
|
7
|
+
*
|
|
8
|
+
*/
|
|
9
|
+
export interface ThisPackageConfiguration extends Configuration {
|
|
10
|
+
[propName: string]: any;
|
|
11
|
+
}
|
|
12
|
+
export type { ThisPackageConfiguration as UserManagementConfiguration };
|
|
13
|
+
export default ThisPackageConfiguration;
|
|
14
|
+
//# sourceMappingURL=UserManagementPackageConfiguration.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserManagementPackageConfiguration.d.ts","sourceRoot":"","sources":["../../../src/types/UserManagementPackageConfiguration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD,YAAY,EAAE,aAAa,EAAE,CAAC;AAE9B;;;;;GAKG;AACH,MAAM,WAAW,wBAAyB,SAAQ,aAAa;IAC7D,CAAC,QAAQ,EAAE,MAAM,GAAG,GAAG,CAAC;CACzB;AAED,YAAY,EAAE,wBAAwB,IAAI,2BAA2B,EAAE,CAAC;AAExE,eAAe,wBAAwB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"UserManagementPackageConfiguration.js","sourceRoot":"","sources":["../../../src/types/UserManagementPackageConfiguration.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"userManagementConfig.d.ts","sourceRoot":"","sources":["../../src/userManagementConfig.ts"],"names":[],"mappings":"AAAA,wBAAgB,iBAAiB,CAAC,cAAc,CAAC,EAAE,MAAM,UAcxD;AAED,wBAAgB,oBAAoB,CAClC,iBAAiB,EAAE,GAAG,EACtB,cAAc,EAAE,MAAM,OAWvB"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getDeploymentsOutput = exports.getDeploymentName = void 0;
|
|
4
|
+
function getDeploymentName(deploymentName) {
|
|
5
|
+
if (!deploymentName) {
|
|
6
|
+
if (typeof window === 'undefined') {
|
|
7
|
+
deploymentName = process.env.GOLDSTACK_DEPLOYMENT;
|
|
8
|
+
}
|
|
9
|
+
else {
|
|
10
|
+
deploymentName = window.GOLDSTACK_DEPLOYMENT;
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
if (!deploymentName) {
|
|
14
|
+
throw new Error('Environment variable GOLDSTACK_DEPLOYMENT not defined.');
|
|
15
|
+
}
|
|
16
|
+
return deploymentName;
|
|
17
|
+
}
|
|
18
|
+
exports.getDeploymentName = getDeploymentName;
|
|
19
|
+
function getDeploymentsOutput(deploymentsOutput, deploymentName) {
|
|
20
|
+
const deploymentOutput = deploymentsOutput.find((deployment) => (deployment.name = deploymentName));
|
|
21
|
+
if (!deploymentOutput) {
|
|
22
|
+
throw new Error(`No outputs from Terraform Apply available for deployment '${deploymentName}'. Did you run 'yarn infra up' for this deployment?`);
|
|
23
|
+
}
|
|
24
|
+
return deploymentOutput;
|
|
25
|
+
}
|
|
26
|
+
exports.getDeploymentsOutput = getDeploymentsOutput;
|
|
27
|
+
//# sourceMappingURL=userManagementConfig.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"userManagementConfig.js","sourceRoot":"","sources":["../../src/userManagementConfig.ts"],"names":[],"mappings":";;;AAAA,SAAgB,iBAAiB,CAAC,cAAuB;IACvD,IAAI,CAAC,cAAc,EAAE;QACnB,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;YACjC,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;SACnD;aAAM;YACL,cAAc,GAAI,MAAc,CAAC,oBAAoB,CAAC;SACvD;KACF;IAED,IAAI,CAAC,cAAc,EAAE;QACnB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAdD,8CAcC;AAED,SAAgB,oBAAoB,CAClC,iBAAsB,EACtB,cAAsB;IAEtB,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,IAAI,CAC7C,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,IAAI,GAAG,cAAc,CAAC,CACnD,CAAC;IACF,IAAI,CAAC,gBAAgB,EAAE;QACrB,MAAM,IAAI,KAAK,CACb,6DAA6D,cAAc,qDAAqD,CACjI,CAAC;KACH;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAbD,oDAaC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@goldstack/template-user-management",
|
|
3
|
+
"version": "0.1.1",
|
|
4
|
+
"description": "Template utilities for user management",
|
|
5
|
+
"keywords": [
|
|
6
|
+
"goldstack",
|
|
7
|
+
"utility",
|
|
8
|
+
"infrastructure",
|
|
9
|
+
"cognito",
|
|
10
|
+
"aws",
|
|
11
|
+
"IaC",
|
|
12
|
+
"configuration"
|
|
13
|
+
],
|
|
14
|
+
"homepage": "https://goldstack.party",
|
|
15
|
+
"bugs": {
|
|
16
|
+
"url": "https://github.com/goldstack/goldstack/issues"
|
|
17
|
+
},
|
|
18
|
+
"repository": {
|
|
19
|
+
"type": "git",
|
|
20
|
+
"url": "https://github.com/goldstack/goldstack.git"
|
|
21
|
+
},
|
|
22
|
+
"license": "MIT",
|
|
23
|
+
"author": "Max Rohde",
|
|
24
|
+
"sideEffects": false,
|
|
25
|
+
"main": "dist/src/templateUserManagement.js",
|
|
26
|
+
"scripts": {
|
|
27
|
+
"build": "yarn clean && yarn compile",
|
|
28
|
+
"build:watch": "yarn clean && yarn compile-watch",
|
|
29
|
+
"clean": "rimraf ./dist",
|
|
30
|
+
"compile": "tsc -p tsconfig.json",
|
|
31
|
+
"compile-watch": "tsc -p tsconfig.json --watch",
|
|
32
|
+
"coverage": "jest --collect-coverage --passWithNoTests --config=./jest.config.js --runInBand",
|
|
33
|
+
"generate-schema": "ts-node scripts/generateSchemas.ts && cp schemas/* ../../../templates/packages/user-management/schemas",
|
|
34
|
+
"prepublishOnly": "yarn run build",
|
|
35
|
+
"publish": "utils-git changed --exec \"yarn npm publish $@\"",
|
|
36
|
+
"test-ci": "jest --passWithNoTests --config=./jest.config.js --runInBand",
|
|
37
|
+
"version:apply": "utils-git changed --exec \"yarn version $@ && yarn version apply\"",
|
|
38
|
+
"version:apply:force": "yarn version $@ && yarn version apply"
|
|
39
|
+
},
|
|
40
|
+
"dependencies": {
|
|
41
|
+
"@goldstack/infra": "0.4.4",
|
|
42
|
+
"@goldstack/infra-aws": "0.4.7",
|
|
43
|
+
"@goldstack/utils-esbuild": "0.5.4",
|
|
44
|
+
"@goldstack/utils-package": "0.4.4",
|
|
45
|
+
"@goldstack/utils-package-config-embedded": "0.5.5",
|
|
46
|
+
"@goldstack/utils-template": "0.4.4",
|
|
47
|
+
"@goldstack/utils-terraform": "0.4.7",
|
|
48
|
+
"aws-jwt-verify": "^3.2.0",
|
|
49
|
+
"aws-sdk": "^2.1222.0",
|
|
50
|
+
"source-map-support": "^0.5.21"
|
|
51
|
+
},
|
|
52
|
+
"devDependencies": {
|
|
53
|
+
"@goldstack/utils-docs-cli": "0.3.11",
|
|
54
|
+
"@goldstack/utils-git": "0.2.4",
|
|
55
|
+
"@goldstack/utils-package-config-generate": "0.3.4",
|
|
56
|
+
"@types/jest": "^29.0.1",
|
|
57
|
+
"@types/node": "^18.7.13",
|
|
58
|
+
"@types/yargs": "^17.0.10",
|
|
59
|
+
"jest": "^28.1.0",
|
|
60
|
+
"rimraf": "^3.0.2",
|
|
61
|
+
"ts-jest": "^28.0.2",
|
|
62
|
+
"ts-node": "^10.9.1",
|
|
63
|
+
"typescript": "^4.8.4"
|
|
64
|
+
},
|
|
65
|
+
"publishConfig": {
|
|
66
|
+
"main": "dist/src/templateUserManagement.js"
|
|
67
|
+
}
|
|
68
|
+
}
|