@hanzo/iam 0.9.0 → 0.9.2

package/dist/passport.js

@@ -1,67 +1,41 @@
-/**
- * Passport.js OAuth2 strategy factory for Hanzo IAM.
- *
- * Creates a pre-configured passport-oauth2 strategy that authenticates
- * against hanzo.id with PKCE and fetches user info on callback.
- *
- * @example
- * ```ts
- * import passport from "passport";
- * import { createIamPassportStrategy } from "@hanzo/iam/passport";
- *
- * passport.use("iam", createIamPassportStrategy({
- *   serverUrl: "https://hanzo.id",
- *   clientId: "hanzo-kms-client-id",
- *   clientSecret: process.env.IAM_CLIENT_SECRET!,
- *   callbackUrl: "https://kms.hanzo.ai/api/v1/sso/oidc/callback",
- * }));
- * ```
- *
- * @packageDocumentation
- */
-/**
- * Create a Passport OAuth2 strategy for Hanzo IAM.
- *
- * Requires `passport-oauth2` as a peer dependency.
- * Returns an OAuth2Strategy instance ready to pass to `passport.use()`.
- *
- * The verify callback fetches userinfo from the IAM server and passes
- * `{ accessToken, refreshToken, userinfo }` as the user object.
- */
-export function createIamPassportStrategy(config) {
-    // Dynamic import to keep passport-oauth2 as optional peer dep.
-    // eslint-disable-next-line @typescript-eslint/no-require-imports
-    const { Strategy: OAuth2Strategy } = require("passport-oauth2");
-    const baseUrl = config.serverUrl.replace(/\/+$/, "");
-    const verify = async (...args) => {
-        // passReqToCallback=true: (req, accessToken, refreshToken, profile, done)
-        const accessToken = args[1];
-        const refreshToken = args[2];
-        const done = args[4];
-        try {
-            const res = await fetch(`${baseUrl}/oauth/userinfo`, {
-                headers: { Authorization: `Bearer ${accessToken}` },
-            });
-            if (!res.ok) {
-                return done(new Error(`IAM userinfo failed: ${res.status}`));
-            }
-            const userinfo = (await res.json());
-            done(null, { accessToken, refreshToken, userinfo });
-        }
-        catch (err) {
-            done(err instanceof Error ? err : new Error(String(err)));
-        }
-    };
-    return new OAuth2Strategy({
-        authorizationURL: `${baseUrl}/oauth/authorize`,
-        tokenURL: `${baseUrl}/oauth/token`,
-        clientID: config.clientId,
-        clientSecret: config.clientSecret ?? "",
-        callbackURL: config.callbackUrl,
-        scope: config.scope ?? "openid profile email",
-        state: true,
-        pkce: true,
-        passReqToCallback: true,
-    }, verify);
+import OAuth2Strategy from 'passport-oauth2';
+
+// src/passport.ts
+function createIamPassportStrategy(config) {
+  const baseUrl = config.serverUrl.replace(/\/+$/, "");
+  const verify = async (...args) => {
+    const accessToken = args[1];
+    const refreshToken = args[2];
+    const done = args[4];
+    try {
+      const res = await fetch(`${baseUrl}/oauth/userinfo`, {
+        headers: { Authorization: `Bearer ${accessToken}` }
+      });
+      if (!res.ok) {
+        return done(new Error(`IAM userinfo failed: ${res.status}`));
+      }
+      const userinfo = await res.json();
+      done(null, { accessToken, refreshToken, userinfo });
+    } catch (err) {
+      done(err instanceof Error ? err : new Error(String(err)));
+    }
+  };
+  return new OAuth2Strategy(
+    {
+      authorizationURL: `${baseUrl}/oauth/authorize`,
+      tokenURL: `${baseUrl}/oauth/token`,
+      clientID: config.clientId,
+      clientSecret: config.clientSecret ?? "",
+      callbackURL: config.callbackUrl,
+      scope: config.scope ?? "openid profile email",
+      state: true,
+      pkce: true,
+      passReqToCallback: true
+    },
+    verify
+  );
 }
+
+export { createIamPassportStrategy };
+//# sourceMappingURL=passport.js.map
 //# sourceMappingURL=passport.js.map

package/dist/passport.js.map

@@ -1 +1 @@
-{"version":3,"file":"passport.js","sourceRoot":"","sources":["../src/passport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAiBH;;;;;;;;GAQG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAyB;IAEzB,+DAA+D;IAC/D,iEAAiE;IACjE,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAK7D,CAAC;IAEF,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,KAAK,EAClB,GAAG,IAAe,EACH,EAAE;QACjB,0EAA0E;QAC1E,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAW,CAAC;QACtC,MAAM,YAAY,GAAG,IAAI,CAAC,CAAC,CAAuB,CAAC;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAwD,CAAC;QAE5E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,iBAAiB,EAAE;gBACnD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;aACpD,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,IAAI,CAAC,IAAI,KAAK,CAAC,wBAAwB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,QAAQ,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;YAC/D,IAAI,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,IAAI,cAAc,CACvB;QACE,gBAAgB,EAAE,GAAG,OAAO,kBAAkB;QAC9C,QAAQ,EAAE,GAAG,OAAO,cAAc;QAClC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;QACvC,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,sBAAsB;QAC7C,KAAK,EAAE,IAAI;QACX,IAAI,EAAE,IAAI;QACV,iBAAiB,EAAE,IAAI;KACxB,EACD,MAAM,CACP,CAAC;AACJ,CAAC"}
+{"version":3,"sources":["../src/passport.ts"],"names":[],"mappings":";;;AAmDO,SAAS,0BACd,MAAA,EACS;AAET,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,SAAA,CAAU,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAEnD,EAAA,MAAM,MAAA,GAAS,UACV,IAAA,KACe;AAElB,IAAA,MAAM,WAAA,GAAc,KAAK,CAAC,CAAA;AAC1B,IAAA,MAAM,YAAA,GAAe,KAAK,CAAC,CAAA;AAC3B,IAAA,MAAM,IAAA,GAAO,KAAK,CAAC,CAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,OAAO,CAAA,eAAA,CAAA,EAAmB;AAAA,QACnD,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,WAAW,CAAA,CAAA;AAAG,OACnD,CAAA;AACD,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,OAAO,KAAK,IAAI,KAAA,CAAM,wBAAwB,GAAA,CAAI,MAAM,EAAE,CAAC,CAAA;AAAA,MAC7D;AACA,MAAA,MAAM,QAAA,GAAY,MAAM,GAAA,CAAI,IAAA,EAAK;AACjC,MAAA,IAAA,CAAK,IAAA,EAAM,EAAE,WAAA,EAAa,YAAA,EAAc,UAAU,CAAA;AAAA,IACpD,SAAS,GAAA,EAAK;AACZ,MAAA,IAAA,CAAK,GAAA,YAAe,QAAQ,GAAA,GAAM,IAAI,MAAM,MAAA,CAAO,GAAG,CAAC,CAAC,CAAA;AAAA,IAC1D;AAAA,EACF,CAAA;AAEA,EAAA,OAAO,IAAI,cAAA;AAAA,IACT;AAAA,MACE,gBAAA,EAAkB,GAAG,OAAO,CAAA,gBAAA,CAAA;AAAA,MAC5B,QAAA,EAAU,GAAG,OAAO,CAAA,YAAA,CAAA;AAAA,MACpB,UAAU,MAAA,CAAO,QAAA;AAAA,MACjB,YAAA,EAAc,OAAO,YAAA,IAAgB,EAAA;AAAA,MACrC,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,KAAA,EAAO,OAAO,KAAA,IAAS,sBAAA;AAAA,MACvB,KAAA,EAAO,IAAA;AAAA,MACP,IAAA,EAAM,IAAA;AAAA,MACN,iBAAA,EAAmB;AAAA,KACrB;AAAA,IACA;AAAA,GACF;AACF","file":"passport.js","sourcesContent":["/**\n * Passport.js OAuth2 strategy factory for Hanzo IAM.\n *\n * Creates a pre-configured passport-oauth2 strategy that authenticates\n * against hanzo.id with PKCE and fetches user info on callback.\n *\n * @example\n * ```ts\n * import passport from \"passport\";\n * import { createIamPassportStrategy } from \"@hanzo/iam/passport\";\n *\n * passport.use(\"iam\", createIamPassportStrategy({\n *   serverUrl: \"https://hanzo.id\",\n *   clientId: \"hanzo-kms-client-id\",\n *   clientSecret: process.env.IAM_CLIENT_SECRET!,\n *   callbackUrl: \"https://kms.hanzo.ai/api/v1/sso/oidc/callback\",\n * }));\n * ```\n *\n * @packageDocumentation\n */\n\nimport OAuth2Strategy from \"passport-oauth2\";\n\nimport type { IamConfig } from \"./types.js\";\n\nexport interface IamPassportConfig extends IamConfig {\n  /** Full callback URL for OAuth2 redirect. */\n  callbackUrl: string;\n  /** OAuth2 scopes. Default: \"openid profile email\". */\n  scope?: string;\n}\n\nexport interface IamPassportUser {\n  accessToken: string;\n  refreshToken?: string;\n  userinfo: Record<string, unknown>;\n}\n\n/**\n * Create a Passport OAuth2 strategy for Hanzo IAM.\n *\n * Returns an OAuth2Strategy instance ready to pass to `passport.use()`.\n * The verify callback fetches userinfo from the IAM server and passes\n * `{ accessToken, refreshToken, userinfo }` as the user object.\n *\n * `passport-oauth2` is a runtime dependency of this entry — using a\n * static import lets downstream bundlers (esbuild, webpack, etc.)\n * statically resolve and bundle it. Consumers who don't need passport\n * can import from `@hanzo/iam` directly to avoid pulling it in.\n */\nexport function createIamPassportStrategy(\n  config: IamPassportConfig,\n): unknown {\n\n  const baseUrl = config.serverUrl.replace(/\\/+$/, \"\");\n\n  const verify = async (\n    ...args: unknown[]\n  ): Promise<void> => {\n    // passReqToCallback=true: (req, accessToken, refreshToken, profile, done)\n    const accessToken = args[1] as string;\n    const refreshToken = args[2] as string | undefined;\n    const done = args[4] as (err: Error | null, user?: IamPassportUser) => void;\n\n    try {\n      const res = await fetch(`${baseUrl}/oauth/userinfo`, {\n        headers: { Authorization: `Bearer ${accessToken}` },\n      });\n      if (!res.ok) {\n        return done(new Error(`IAM userinfo failed: ${res.status}`));\n      }\n      const userinfo = (await res.json()) as Record<string, unknown>;\n      done(null, { accessToken, refreshToken, userinfo });\n    } catch (err) {\n      done(err instanceof Error ? err : new Error(String(err)));\n    }\n  };\n\n  return new OAuth2Strategy(\n    {\n      authorizationURL: `${baseUrl}/oauth/authorize`,\n      tokenURL: `${baseUrl}/oauth/token`,\n      clientID: config.clientId,\n      clientSecret: config.clientSecret ?? \"\",\n      callbackURL: config.callbackUrl,\n      scope: config.scope ?? \"openid profile email\",\n      state: true,\n      pkce: true,\n      passReqToCallback: true,\n    },\n    verify,\n  );\n}\n"]}