@health-samurai/aidbox-client 0.0.0-alpha.2 → 0.0.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +295 -66
- package/dist/src/auth-providers.d.ts +22 -0
- package/dist/src/auth-providers.d.ts.map +1 -1
- package/dist/src/auth-providers.js +149 -13
- package/dist/src/client.d.ts +504 -31
- package/dist/src/client.d.ts.map +1 -1
- package/dist/src/client.js +1455 -934
- package/dist/src/fhir-types/hl7-fhir-r4-core/Address.d.ts +26 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/Address.d.ts.map +1 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/Address.js +5 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/ContactPoint.d.ts +16 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/ContactPoint.d.ts.map +1 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/ContactPoint.js +5 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/DomainResource.d.ts +1 -1
- package/dist/src/fhir-types/hl7-fhir-r4-core/DomainResource.d.ts.map +1 -1
- package/dist/src/fhir-types/hl7-fhir-r4-core/HumanName.d.ts +20 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/HumanName.d.ts.map +1 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/HumanName.js +5 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/Patient.d.ts +58 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/Patient.d.ts.map +1 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/Patient.js +10 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/Resource.d.ts +1 -1
- package/dist/src/fhir-types/hl7-fhir-r4-core/Resource.d.ts.map +1 -1
- package/dist/src/fhir-types/hl7-fhir-r4-core/index.d.ts +5 -0
- package/dist/src/fhir-types/hl7-fhir-r4-core/index.d.ts.map +1 -1
- package/dist/src/fhir-types/hl7-fhir-r4-core/index.js +1 -0
- package/dist/src/index.d.ts +1 -0
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +1 -0
- package/dist/src/result.d.ts +114 -3
- package/dist/src/result.d.ts.map +1 -1
- package/dist/src/result.js +6 -2
- package/dist/src/smart-backend-services.d.ts +44 -0
- package/dist/src/smart-backend-services.d.ts.map +1 -0
- package/dist/src/smart-backend-services.js +685 -0
- package/dist/src/types.d.ts +104 -70
- package/dist/src/types.d.ts.map +1 -1
- package/dist/src/types.js +10 -2
- package/dist/src/utils.d.ts +10 -0
- package/dist/src/utils.d.ts.map +1 -1
- package/dist/src/utils.js +22 -0
- package/dist/test/auth-providers.test.d.ts +2 -0
- package/dist/test/auth-providers.test.d.ts.map +1 -0
- package/dist/test/basic-auth.test.d.ts +2 -0
- package/dist/test/basic-auth.test.d.ts.map +1 -0
- package/dist/test/smart-backend-services.test.d.ts +2 -0
- package/dist/test/smart-backend-services.test.d.ts.map +1 -0
- package/dist/test/utils.test.d.ts +2 -0
- package/dist/test/utils.test.d.ts.map +1 -0
- package/package.json +3 -1
- package/dist/src/fhir-http.d.ts +0 -96
- package/dist/src/fhir-http.d.ts.map +0 -1
- package/dist/src/fhir-http.js +0 -1
|
@@ -0,0 +1,685 @@
|
|
|
1
|
+
function _array_like_to_array(arr, len) {
|
|
2
|
+
if (len == null || len > arr.length) len = arr.length;
|
|
3
|
+
for(var i = 0, arr2 = new Array(len); i < len; i++)arr2[i] = arr[i];
|
|
4
|
+
return arr2;
|
|
5
|
+
}
|
|
6
|
+
function _array_with_holes(arr) {
|
|
7
|
+
if (Array.isArray(arr)) return arr;
|
|
8
|
+
}
|
|
9
|
+
function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
|
|
10
|
+
try {
|
|
11
|
+
var info = gen[key](arg);
|
|
12
|
+
var value = info.value;
|
|
13
|
+
} catch (error) {
|
|
14
|
+
reject(error);
|
|
15
|
+
return;
|
|
16
|
+
}
|
|
17
|
+
if (info.done) {
|
|
18
|
+
resolve(value);
|
|
19
|
+
} else {
|
|
20
|
+
Promise.resolve(value).then(_next, _throw);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
function _async_to_generator(fn) {
|
|
24
|
+
return function() {
|
|
25
|
+
var self = this, args = arguments;
|
|
26
|
+
return new Promise(function(resolve, reject) {
|
|
27
|
+
var gen = fn.apply(self, args);
|
|
28
|
+
function _next(value) {
|
|
29
|
+
asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
|
|
30
|
+
}
|
|
31
|
+
function _throw(err) {
|
|
32
|
+
asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
|
|
33
|
+
}
|
|
34
|
+
_next(undefined);
|
|
35
|
+
});
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
function _check_private_redeclaration(obj, privateCollection) {
|
|
39
|
+
if (privateCollection.has(obj)) {
|
|
40
|
+
throw new TypeError("Cannot initialize the same private elements twice on an object");
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
function _class_apply_descriptor_get(receiver, descriptor) {
|
|
44
|
+
if (descriptor.get) {
|
|
45
|
+
return descriptor.get.call(receiver);
|
|
46
|
+
}
|
|
47
|
+
return descriptor.value;
|
|
48
|
+
}
|
|
49
|
+
function _class_apply_descriptor_set(receiver, descriptor, value) {
|
|
50
|
+
if (descriptor.set) {
|
|
51
|
+
descriptor.set.call(receiver, value);
|
|
52
|
+
} else {
|
|
53
|
+
if (!descriptor.writable) {
|
|
54
|
+
throw new TypeError("attempted to set read only private field");
|
|
55
|
+
}
|
|
56
|
+
descriptor.value = value;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
function _class_call_check(instance, Constructor) {
|
|
60
|
+
if (!(instance instanceof Constructor)) {
|
|
61
|
+
throw new TypeError("Cannot call a class as a function");
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
function _class_extract_field_descriptor(receiver, privateMap, action) {
|
|
65
|
+
if (!privateMap.has(receiver)) {
|
|
66
|
+
throw new TypeError("attempted to " + action + " private field on non-instance");
|
|
67
|
+
}
|
|
68
|
+
return privateMap.get(receiver);
|
|
69
|
+
}
|
|
70
|
+
function _class_private_field_get(receiver, privateMap) {
|
|
71
|
+
var descriptor = _class_extract_field_descriptor(receiver, privateMap, "get");
|
|
72
|
+
return _class_apply_descriptor_get(receiver, descriptor);
|
|
73
|
+
}
|
|
74
|
+
function _class_private_field_init(obj, privateMap, value) {
|
|
75
|
+
_check_private_redeclaration(obj, privateMap);
|
|
76
|
+
privateMap.set(obj, value);
|
|
77
|
+
}
|
|
78
|
+
function _class_private_field_set(receiver, privateMap, value) {
|
|
79
|
+
var descriptor = _class_extract_field_descriptor(receiver, privateMap, "set");
|
|
80
|
+
_class_apply_descriptor_set(receiver, descriptor, value);
|
|
81
|
+
return value;
|
|
82
|
+
}
|
|
83
|
+
function _class_private_method_get(receiver, privateSet, fn) {
|
|
84
|
+
if (!privateSet.has(receiver)) {
|
|
85
|
+
throw new TypeError("attempted to get private field on non-instance");
|
|
86
|
+
}
|
|
87
|
+
return fn;
|
|
88
|
+
}
|
|
89
|
+
function _class_private_method_init(obj, privateSet) {
|
|
90
|
+
_check_private_redeclaration(obj, privateSet);
|
|
91
|
+
privateSet.add(obj);
|
|
92
|
+
}
|
|
93
|
+
function _defineProperties(target, props) {
|
|
94
|
+
for(var i = 0; i < props.length; i++){
|
|
95
|
+
var descriptor = props[i];
|
|
96
|
+
descriptor.enumerable = descriptor.enumerable || false;
|
|
97
|
+
descriptor.configurable = true;
|
|
98
|
+
if ("value" in descriptor) descriptor.writable = true;
|
|
99
|
+
Object.defineProperty(target, descriptor.key, descriptor);
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
function _create_class(Constructor, protoProps, staticProps) {
|
|
103
|
+
if (protoProps) _defineProperties(Constructor.prototype, protoProps);
|
|
104
|
+
if (staticProps) _defineProperties(Constructor, staticProps);
|
|
105
|
+
return Constructor;
|
|
106
|
+
}
|
|
107
|
+
function _define_property(obj, key, value) {
|
|
108
|
+
if (key in obj) {
|
|
109
|
+
Object.defineProperty(obj, key, {
|
|
110
|
+
value: value,
|
|
111
|
+
enumerable: true,
|
|
112
|
+
configurable: true,
|
|
113
|
+
writable: true
|
|
114
|
+
});
|
|
115
|
+
} else {
|
|
116
|
+
obj[key] = value;
|
|
117
|
+
}
|
|
118
|
+
return obj;
|
|
119
|
+
}
|
|
120
|
+
function _instanceof(left, right) {
|
|
121
|
+
if (right != null && typeof Symbol !== "undefined" && right[Symbol.hasInstance]) {
|
|
122
|
+
return !!right[Symbol.hasInstance](left);
|
|
123
|
+
} else {
|
|
124
|
+
return left instanceof right;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
function _iterable_to_array_limit(arr, i) {
|
|
128
|
+
var _i = arr == null ? null : typeof Symbol !== "undefined" && arr[Symbol.iterator] || arr["@@iterator"];
|
|
129
|
+
if (_i == null) return;
|
|
130
|
+
var _arr = [];
|
|
131
|
+
var _n = true;
|
|
132
|
+
var _d = false;
|
|
133
|
+
var _s, _e;
|
|
134
|
+
try {
|
|
135
|
+
for(_i = _i.call(arr); !(_n = (_s = _i.next()).done); _n = true){
|
|
136
|
+
_arr.push(_s.value);
|
|
137
|
+
if (i && _arr.length === i) break;
|
|
138
|
+
}
|
|
139
|
+
} catch (err) {
|
|
140
|
+
_d = true;
|
|
141
|
+
_e = err;
|
|
142
|
+
} finally{
|
|
143
|
+
try {
|
|
144
|
+
if (!_n && _i["return"] != null) _i["return"]();
|
|
145
|
+
} finally{
|
|
146
|
+
if (_d) throw _e;
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
return _arr;
|
|
150
|
+
}
|
|
151
|
+
function _non_iterable_rest() {
|
|
152
|
+
throw new TypeError("Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
|
|
153
|
+
}
|
|
154
|
+
function _object_without_properties(source, excluded) {
|
|
155
|
+
if (source == null) return {};
|
|
156
|
+
var target = _object_without_properties_loose(source, excluded);
|
|
157
|
+
var key, i;
|
|
158
|
+
if (Object.getOwnPropertySymbols) {
|
|
159
|
+
var sourceSymbolKeys = Object.getOwnPropertySymbols(source);
|
|
160
|
+
for(i = 0; i < sourceSymbolKeys.length; i++){
|
|
161
|
+
key = sourceSymbolKeys[i];
|
|
162
|
+
if (excluded.indexOf(key) >= 0) continue;
|
|
163
|
+
if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;
|
|
164
|
+
target[key] = source[key];
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
return target;
|
|
168
|
+
}
|
|
169
|
+
function _object_without_properties_loose(source, excluded) {
|
|
170
|
+
if (source == null) return {};
|
|
171
|
+
var target = {};
|
|
172
|
+
var sourceKeys = Object.keys(source);
|
|
173
|
+
var key, i;
|
|
174
|
+
for(i = 0; i < sourceKeys.length; i++){
|
|
175
|
+
key = sourceKeys[i];
|
|
176
|
+
if (excluded.indexOf(key) >= 0) continue;
|
|
177
|
+
target[key] = source[key];
|
|
178
|
+
}
|
|
179
|
+
return target;
|
|
180
|
+
}
|
|
181
|
+
function _sliced_to_array(arr, i) {
|
|
182
|
+
return _array_with_holes(arr) || _iterable_to_array_limit(arr, i) || _unsupported_iterable_to_array(arr, i) || _non_iterable_rest();
|
|
183
|
+
}
|
|
184
|
+
function _unsupported_iterable_to_array(o, minLen) {
|
|
185
|
+
if (!o) return;
|
|
186
|
+
if (typeof o === "string") return _array_like_to_array(o, minLen);
|
|
187
|
+
var n = Object.prototype.toString.call(o).slice(8, -1);
|
|
188
|
+
if (n === "Object" && o.constructor) n = o.constructor.name;
|
|
189
|
+
if (n === "Map" || n === "Set") return Array.from(n);
|
|
190
|
+
if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array(o, minLen);
|
|
191
|
+
}
|
|
192
|
+
function _ts_generator(thisArg, body) {
|
|
193
|
+
var f, y, t, _ = {
|
|
194
|
+
label: 0,
|
|
195
|
+
sent: function() {
|
|
196
|
+
if (t[0] & 1) throw t[1];
|
|
197
|
+
return t[1];
|
|
198
|
+
},
|
|
199
|
+
trys: [],
|
|
200
|
+
ops: []
|
|
201
|
+
}, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
|
|
202
|
+
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() {
|
|
203
|
+
return this;
|
|
204
|
+
}), g;
|
|
205
|
+
function verb(n) {
|
|
206
|
+
return function(v) {
|
|
207
|
+
return step([
|
|
208
|
+
n,
|
|
209
|
+
v
|
|
210
|
+
]);
|
|
211
|
+
};
|
|
212
|
+
}
|
|
213
|
+
function step(op) {
|
|
214
|
+
if (f) throw new TypeError("Generator is already executing.");
|
|
215
|
+
while(g && (g = 0, op[0] && (_ = 0)), _)try {
|
|
216
|
+
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
217
|
+
if (y = 0, t) op = [
|
|
218
|
+
op[0] & 2,
|
|
219
|
+
t.value
|
|
220
|
+
];
|
|
221
|
+
switch(op[0]){
|
|
222
|
+
case 0:
|
|
223
|
+
case 1:
|
|
224
|
+
t = op;
|
|
225
|
+
break;
|
|
226
|
+
case 4:
|
|
227
|
+
_.label++;
|
|
228
|
+
return {
|
|
229
|
+
value: op[1],
|
|
230
|
+
done: false
|
|
231
|
+
};
|
|
232
|
+
case 5:
|
|
233
|
+
_.label++;
|
|
234
|
+
y = op[1];
|
|
235
|
+
op = [
|
|
236
|
+
0
|
|
237
|
+
];
|
|
238
|
+
continue;
|
|
239
|
+
case 7:
|
|
240
|
+
op = _.ops.pop();
|
|
241
|
+
_.trys.pop();
|
|
242
|
+
continue;
|
|
243
|
+
default:
|
|
244
|
+
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
|
|
245
|
+
_ = 0;
|
|
246
|
+
continue;
|
|
247
|
+
}
|
|
248
|
+
if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
|
|
249
|
+
_.label = op[1];
|
|
250
|
+
break;
|
|
251
|
+
}
|
|
252
|
+
if (op[0] === 6 && _.label < t[1]) {
|
|
253
|
+
_.label = t[1];
|
|
254
|
+
t = op;
|
|
255
|
+
break;
|
|
256
|
+
}
|
|
257
|
+
if (t && _.label < t[2]) {
|
|
258
|
+
_.label = t[2];
|
|
259
|
+
_.ops.push(op);
|
|
260
|
+
break;
|
|
261
|
+
}
|
|
262
|
+
if (t[2]) _.ops.pop();
|
|
263
|
+
_.trys.pop();
|
|
264
|
+
continue;
|
|
265
|
+
}
|
|
266
|
+
op = body.call(thisArg, _);
|
|
267
|
+
} catch (e) {
|
|
268
|
+
op = [
|
|
269
|
+
6,
|
|
270
|
+
e
|
|
271
|
+
];
|
|
272
|
+
y = 0;
|
|
273
|
+
} finally{
|
|
274
|
+
f = t = 0;
|
|
275
|
+
}
|
|
276
|
+
if (op[0] & 5) throw op[1];
|
|
277
|
+
return {
|
|
278
|
+
value: op[0] ? op[1] : void 0,
|
|
279
|
+
done: true
|
|
280
|
+
};
|
|
281
|
+
}
|
|
282
|
+
}
|
|
283
|
+
import * as oauth from "oauth4webapi";
|
|
284
|
+
import { mergeHeaders, validateBaseUrl } from "./utils";
|
|
285
|
+
var _config = /*#__PURE__*/ new WeakMap(), _cachedToken = /*#__PURE__*/ new WeakMap(), _pendingTokenRequest = /*#__PURE__*/ new WeakMap(), _discoverAuthServer = /*#__PURE__*/ new WeakSet(), _requestToken = /*#__PURE__*/ new WeakSet(), _sanitizeTokenResponse = /*#__PURE__*/ new WeakSet(), /**
|
|
286
|
+
* Get valid cached token if not expired, or null if needs refresh.
|
|
287
|
+
*/ _getValidCachedToken = /*#__PURE__*/ new WeakSet(), _getAccessToken = /*#__PURE__*/ new WeakSet(), _fetchAndCacheToken = /*#__PURE__*/ new WeakSet();
|
|
288
|
+
/**
|
|
289
|
+
* SMART Backend Services authentication provider.
|
|
290
|
+
*
|
|
291
|
+
* Implements OAuth 2.0 client_credentials grant with JWT bearer assertion
|
|
292
|
+
* for server-to-server authentication per SMART Backend Services spec.
|
|
293
|
+
*
|
|
294
|
+
* @see https://hl7.org/fhir/smart-app-launch/backend-services.html
|
|
295
|
+
*/ export var SmartBackendServicesAuthProvider = /*#__PURE__*/ function() {
|
|
296
|
+
"use strict";
|
|
297
|
+
function SmartBackendServicesAuthProvider(config) {
|
|
298
|
+
_class_call_check(this, SmartBackendServicesAuthProvider);
|
|
299
|
+
_class_private_method_init(this, _discoverAuthServer);
|
|
300
|
+
/**
|
|
301
|
+
* Request access token from token endpoint using client_credentials grant.
|
|
302
|
+
*/ _class_private_method_init(this, _requestToken);
|
|
303
|
+
/**
|
|
304
|
+
* Fixes "refresh_token" = null which does not work with oauth4webapi
|
|
305
|
+
* Fixed in Aidbox 2601, but kept for backwards compatibility.
|
|
306
|
+
*/ _class_private_method_init(this, _sanitizeTokenResponse);
|
|
307
|
+
_class_private_method_init(this, _getValidCachedToken);
|
|
308
|
+
/**
|
|
309
|
+
* Get a valid access token, refreshing if necessary.
|
|
310
|
+
* Deduplicates concurrent requests to prevent thundering herd.
|
|
311
|
+
*/ _class_private_method_init(this, _getAccessToken);
|
|
312
|
+
/**
|
|
313
|
+
* Fetch token from server and cache it.
|
|
314
|
+
*/ _class_private_method_init(this, _fetchAndCacheToken);
|
|
315
|
+
_define_property(this, "baseUrl", void 0);
|
|
316
|
+
_class_private_field_init(this, _config, {
|
|
317
|
+
writable: true,
|
|
318
|
+
value: void 0
|
|
319
|
+
});
|
|
320
|
+
_class_private_field_init(this, _cachedToken, {
|
|
321
|
+
writable: true,
|
|
322
|
+
value: null
|
|
323
|
+
});
|
|
324
|
+
_class_private_field_init(this, _pendingTokenRequest, {
|
|
325
|
+
writable: true,
|
|
326
|
+
value: null
|
|
327
|
+
});
|
|
328
|
+
this.baseUrl = config.baseUrl;
|
|
329
|
+
var _config_tokenExpirationBuffer, _config_allowInsecureRequests;
|
|
330
|
+
_class_private_field_set(this, _config, {
|
|
331
|
+
baseUrl: config.baseUrl,
|
|
332
|
+
clientId: config.clientId,
|
|
333
|
+
privateKey: config.privateKey,
|
|
334
|
+
keyId: config.keyId,
|
|
335
|
+
scope: config.scope,
|
|
336
|
+
tokenExpirationBuffer: (_config_tokenExpirationBuffer = config.tokenExpirationBuffer) !== null && _config_tokenExpirationBuffer !== void 0 ? _config_tokenExpirationBuffer : 30,
|
|
337
|
+
allowInsecureRequests: (_config_allowInsecureRequests = config.allowInsecureRequests) !== null && _config_allowInsecureRequests !== void 0 ? _config_allowInsecureRequests : false
|
|
338
|
+
});
|
|
339
|
+
}
|
|
340
|
+
_create_class(SmartBackendServicesAuthProvider, [
|
|
341
|
+
{
|
|
342
|
+
key: "establishSession",
|
|
343
|
+
value: /**
|
|
344
|
+
* Establish session - for Backend Services this means getting a token.
|
|
345
|
+
*/ function establishSession() {
|
|
346
|
+
return _async_to_generator(function() {
|
|
347
|
+
return _ts_generator(this, function(_state) {
|
|
348
|
+
switch(_state.label){
|
|
349
|
+
case 0:
|
|
350
|
+
return [
|
|
351
|
+
4,
|
|
352
|
+
_class_private_method_get(this, _getAccessToken, getAccessToken).call(this)
|
|
353
|
+
];
|
|
354
|
+
case 1:
|
|
355
|
+
_state.sent();
|
|
356
|
+
return [
|
|
357
|
+
2
|
|
358
|
+
];
|
|
359
|
+
}
|
|
360
|
+
});
|
|
361
|
+
}).call(this);
|
|
362
|
+
}
|
|
363
|
+
},
|
|
364
|
+
{
|
|
365
|
+
key: "revokeSession",
|
|
366
|
+
value: /**
|
|
367
|
+
* Revoke session - clear cached token.
|
|
368
|
+
*/ function revokeSession() {
|
|
369
|
+
return _async_to_generator(function() {
|
|
370
|
+
var pending, e;
|
|
371
|
+
return _ts_generator(this, function(_state) {
|
|
372
|
+
switch(_state.label){
|
|
373
|
+
case 0:
|
|
374
|
+
// Wait for any pending token request to settle before clearing
|
|
375
|
+
pending = _class_private_field_get(this, _pendingTokenRequest);
|
|
376
|
+
if (!pending) return [
|
|
377
|
+
3,
|
|
378
|
+
4
|
|
379
|
+
];
|
|
380
|
+
_state.label = 1;
|
|
381
|
+
case 1:
|
|
382
|
+
_state.trys.push([
|
|
383
|
+
1,
|
|
384
|
+
3,
|
|
385
|
+
,
|
|
386
|
+
4
|
|
387
|
+
]);
|
|
388
|
+
return [
|
|
389
|
+
4,
|
|
390
|
+
pending
|
|
391
|
+
];
|
|
392
|
+
case 2:
|
|
393
|
+
_state.sent();
|
|
394
|
+
return [
|
|
395
|
+
3,
|
|
396
|
+
4
|
|
397
|
+
];
|
|
398
|
+
case 3:
|
|
399
|
+
e = _state.sent();
|
|
400
|
+
return [
|
|
401
|
+
3,
|
|
402
|
+
4
|
|
403
|
+
];
|
|
404
|
+
case 4:
|
|
405
|
+
_class_private_field_set(this, _cachedToken, null);
|
|
406
|
+
return [
|
|
407
|
+
2
|
|
408
|
+
];
|
|
409
|
+
}
|
|
410
|
+
});
|
|
411
|
+
}).call(this);
|
|
412
|
+
}
|
|
413
|
+
},
|
|
414
|
+
{
|
|
415
|
+
key: "fetch",
|
|
416
|
+
value: /**
|
|
417
|
+
* Fetch wrapper that adds Bearer token authorization.
|
|
418
|
+
* Automatically obtains token on first request and retries once on 401.
|
|
419
|
+
*/ function fetch1(input, init) {
|
|
420
|
+
return _async_to_generator(function() {
|
|
421
|
+
var accessToken, requestInit, baseHeaders, initHeaders, mergedHeaders, clonedInput, retryBody, _requestInit_body_tee, stream1, stream2, response, newToken;
|
|
422
|
+
return _ts_generator(this, function(_state) {
|
|
423
|
+
switch(_state.label){
|
|
424
|
+
case 0:
|
|
425
|
+
validateBaseUrl(input, this.baseUrl);
|
|
426
|
+
return [
|
|
427
|
+
4,
|
|
428
|
+
_class_private_method_get(this, _getAccessToken, getAccessToken).call(this)
|
|
429
|
+
];
|
|
430
|
+
case 1:
|
|
431
|
+
accessToken = _state.sent();
|
|
432
|
+
requestInit = init !== null && init !== void 0 ? init : {};
|
|
433
|
+
baseHeaders = _instanceof(input, Request) ? input.headers : undefined;
|
|
434
|
+
initHeaders = requestInit.headers ? new Headers(requestInit.headers) : undefined;
|
|
435
|
+
mergedHeaders = mergeHeaders(baseHeaders, initHeaders);
|
|
436
|
+
mergedHeaders.set("Authorization", "Bearer ".concat(accessToken));
|
|
437
|
+
requestInit.headers = mergedHeaders;
|
|
438
|
+
// Clone input/body to preserve for potential retry
|
|
439
|
+
clonedInput = _instanceof(input, Request) ? input.clone() : input;
|
|
440
|
+
retryBody = requestInit.body;
|
|
441
|
+
// If body is a ReadableStream, tee it for potential retry
|
|
442
|
+
if (_instanceof(requestInit.body, ReadableStream)) {
|
|
443
|
+
_requestInit_body_tee = _sliced_to_array(requestInit.body.tee(), 2), stream1 = _requestInit_body_tee[0], stream2 = _requestInit_body_tee[1];
|
|
444
|
+
requestInit.body = stream1;
|
|
445
|
+
retryBody = stream2;
|
|
446
|
+
}
|
|
447
|
+
return [
|
|
448
|
+
4,
|
|
449
|
+
fetch(clonedInput, requestInit)
|
|
450
|
+
];
|
|
451
|
+
case 2:
|
|
452
|
+
response = _state.sent();
|
|
453
|
+
if (!(response.status === 401)) return [
|
|
454
|
+
3,
|
|
455
|
+
5
|
|
456
|
+
];
|
|
457
|
+
_class_private_field_set(this, _cachedToken, null);
|
|
458
|
+
return [
|
|
459
|
+
4,
|
|
460
|
+
_class_private_method_get(this, _getAccessToken, getAccessToken).call(this)
|
|
461
|
+
];
|
|
462
|
+
case 3:
|
|
463
|
+
newToken = _state.sent();
|
|
464
|
+
mergedHeaders.set("Authorization", "Bearer ".concat(newToken));
|
|
465
|
+
if (retryBody !== undefined) {
|
|
466
|
+
requestInit.body = retryBody;
|
|
467
|
+
}
|
|
468
|
+
return [
|
|
469
|
+
4,
|
|
470
|
+
fetch(input, requestInit)
|
|
471
|
+
];
|
|
472
|
+
case 4:
|
|
473
|
+
response = _state.sent();
|
|
474
|
+
_state.label = 5;
|
|
475
|
+
case 5:
|
|
476
|
+
return [
|
|
477
|
+
2,
|
|
478
|
+
response
|
|
479
|
+
];
|
|
480
|
+
}
|
|
481
|
+
});
|
|
482
|
+
}).call(this);
|
|
483
|
+
}
|
|
484
|
+
}
|
|
485
|
+
]);
|
|
486
|
+
return SmartBackendServicesAuthProvider;
|
|
487
|
+
}();
|
|
488
|
+
function discoverAuthServer() {
|
|
489
|
+
return _async_to_generator(function() {
|
|
490
|
+
var url, response, metadata;
|
|
491
|
+
return _ts_generator(this, function(_state) {
|
|
492
|
+
switch(_state.label){
|
|
493
|
+
case 0:
|
|
494
|
+
url = new URL(_class_private_field_get(this, _config).baseUrl);
|
|
495
|
+
return [
|
|
496
|
+
4,
|
|
497
|
+
oauth.discoveryRequest(url, _define_property({
|
|
498
|
+
algorithm: "oauth2"
|
|
499
|
+
}, oauth.allowInsecureRequests, _class_private_field_get(this, _config).allowInsecureRequests))
|
|
500
|
+
];
|
|
501
|
+
case 1:
|
|
502
|
+
response = _state.sent();
|
|
503
|
+
return [
|
|
504
|
+
4,
|
|
505
|
+
oauth.processDiscoveryResponse(url, response)
|
|
506
|
+
];
|
|
507
|
+
case 2:
|
|
508
|
+
metadata = _state.sent();
|
|
509
|
+
if (!metadata.token_endpoint) {
|
|
510
|
+
throw new Error("Discovery response missing token_endpoint");
|
|
511
|
+
}
|
|
512
|
+
return [
|
|
513
|
+
2,
|
|
514
|
+
metadata
|
|
515
|
+
];
|
|
516
|
+
}
|
|
517
|
+
});
|
|
518
|
+
}).call(this);
|
|
519
|
+
}
|
|
520
|
+
function requestToken() {
|
|
521
|
+
return _async_to_generator(function() {
|
|
522
|
+
var as, client, privateKey, clientAuth, params, response, sanitizedResponse;
|
|
523
|
+
return _ts_generator(this, function(_state) {
|
|
524
|
+
switch(_state.label){
|
|
525
|
+
case 0:
|
|
526
|
+
return [
|
|
527
|
+
4,
|
|
528
|
+
_class_private_method_get(this, _discoverAuthServer, discoverAuthServer).call(this)
|
|
529
|
+
];
|
|
530
|
+
case 1:
|
|
531
|
+
as = _state.sent();
|
|
532
|
+
client = {
|
|
533
|
+
client_id: _class_private_field_get(this, _config).clientId
|
|
534
|
+
};
|
|
535
|
+
privateKey = {
|
|
536
|
+
key: _class_private_field_get(this, _config).privateKey,
|
|
537
|
+
kid: _class_private_field_get(this, _config).keyId
|
|
538
|
+
};
|
|
539
|
+
// Aidbox requires typ: "JWT" in the client assertion JWT header.
|
|
540
|
+
// oauth.modifyAssertion is a Symbol that allows customizing the JWT before signing.
|
|
541
|
+
clientAuth = oauth.PrivateKeyJwt(privateKey, _define_property({}, oauth.modifyAssertion, function(header) {
|
|
542
|
+
header.typ = "JWT";
|
|
543
|
+
}));
|
|
544
|
+
// Request parameters
|
|
545
|
+
params = new URLSearchParams();
|
|
546
|
+
params.set("scope", _class_private_field_get(this, _config).scope);
|
|
547
|
+
return [
|
|
548
|
+
4,
|
|
549
|
+
oauth.clientCredentialsGrantRequest(as, client, clientAuth, params, _define_property({}, oauth.allowInsecureRequests, _class_private_field_get(this, _config).allowInsecureRequests))
|
|
550
|
+
];
|
|
551
|
+
case 2:
|
|
552
|
+
response = _state.sent();
|
|
553
|
+
return [
|
|
554
|
+
4,
|
|
555
|
+
_class_private_method_get(this, _sanitizeTokenResponse, sanitizeTokenResponse).call(this, response)
|
|
556
|
+
];
|
|
557
|
+
case 3:
|
|
558
|
+
sanitizedResponse = _state.sent();
|
|
559
|
+
return [
|
|
560
|
+
2,
|
|
561
|
+
oauth.processClientCredentialsResponse(as, client, sanitizedResponse)
|
|
562
|
+
];
|
|
563
|
+
}
|
|
564
|
+
});
|
|
565
|
+
}).call(this);
|
|
566
|
+
}
|
|
567
|
+
function sanitizeTokenResponse(response) {
|
|
568
|
+
return _async_to_generator(function() {
|
|
569
|
+
var cloned, body, _, sanitized;
|
|
570
|
+
return _ts_generator(this, function(_state) {
|
|
571
|
+
switch(_state.label){
|
|
572
|
+
case 0:
|
|
573
|
+
cloned = response.clone();
|
|
574
|
+
return [
|
|
575
|
+
4,
|
|
576
|
+
cloned.json()
|
|
577
|
+
];
|
|
578
|
+
case 1:
|
|
579
|
+
body = _state.sent();
|
|
580
|
+
if (!("refresh_token" in body) || body.refresh_token !== null) {
|
|
581
|
+
return [
|
|
582
|
+
2,
|
|
583
|
+
response
|
|
584
|
+
];
|
|
585
|
+
}
|
|
586
|
+
_ = body.refresh_token, sanitized = _object_without_properties(body, [
|
|
587
|
+
"refresh_token"
|
|
588
|
+
]);
|
|
589
|
+
return [
|
|
590
|
+
2,
|
|
591
|
+
new Response(JSON.stringify(sanitized), {
|
|
592
|
+
status: response.status,
|
|
593
|
+
statusText: response.statusText,
|
|
594
|
+
headers: response.headers
|
|
595
|
+
})
|
|
596
|
+
];
|
|
597
|
+
}
|
|
598
|
+
});
|
|
599
|
+
})();
|
|
600
|
+
}
|
|
601
|
+
function getValidCachedToken() {
|
|
602
|
+
if (!_class_private_field_get(this, _cachedToken)) return null;
|
|
603
|
+
var bufferMs = _class_private_field_get(this, _config).tokenExpirationBuffer * 1000;
|
|
604
|
+
if (_class_private_field_get(this, _cachedToken).expiresAt > Date.now() + bufferMs) {
|
|
605
|
+
return _class_private_field_get(this, _cachedToken).accessToken;
|
|
606
|
+
}
|
|
607
|
+
return null;
|
|
608
|
+
}
|
|
609
|
+
function getAccessToken() {
|
|
610
|
+
return _async_to_generator(function() {
|
|
611
|
+
var validToken;
|
|
612
|
+
return _ts_generator(this, function(_state) {
|
|
613
|
+
switch(_state.label){
|
|
614
|
+
case 0:
|
|
615
|
+
validToken = _class_private_method_get(this, _getValidCachedToken, getValidCachedToken).call(this);
|
|
616
|
+
if (validToken) {
|
|
617
|
+
return [
|
|
618
|
+
2,
|
|
619
|
+
validToken
|
|
620
|
+
];
|
|
621
|
+
}
|
|
622
|
+
// If a token request is already in progress, wait for it
|
|
623
|
+
if (_class_private_field_get(this, _pendingTokenRequest)) {
|
|
624
|
+
return [
|
|
625
|
+
2,
|
|
626
|
+
_class_private_field_get(this, _pendingTokenRequest)
|
|
627
|
+
];
|
|
628
|
+
}
|
|
629
|
+
// Request new token, storing the promise to deduplicate concurrent calls
|
|
630
|
+
_class_private_field_set(this, _pendingTokenRequest, _class_private_method_get(this, _fetchAndCacheToken, fetchAndCacheToken).call(this));
|
|
631
|
+
_state.label = 1;
|
|
632
|
+
case 1:
|
|
633
|
+
_state.trys.push([
|
|
634
|
+
1,
|
|
635
|
+
,
|
|
636
|
+
3,
|
|
637
|
+
4
|
|
638
|
+
]);
|
|
639
|
+
return [
|
|
640
|
+
4,
|
|
641
|
+
_class_private_field_get(this, _pendingTokenRequest)
|
|
642
|
+
];
|
|
643
|
+
case 2:
|
|
644
|
+
return [
|
|
645
|
+
2,
|
|
646
|
+
_state.sent()
|
|
647
|
+
];
|
|
648
|
+
case 3:
|
|
649
|
+
_class_private_field_set(this, _pendingTokenRequest, null);
|
|
650
|
+
return [
|
|
651
|
+
7
|
|
652
|
+
];
|
|
653
|
+
case 4:
|
|
654
|
+
return [
|
|
655
|
+
2
|
|
656
|
+
];
|
|
657
|
+
}
|
|
658
|
+
});
|
|
659
|
+
}).call(this);
|
|
660
|
+
}
|
|
661
|
+
function fetchAndCacheToken() {
|
|
662
|
+
return _async_to_generator(function() {
|
|
663
|
+
var tokenResponse, now, _tokenResponse_expires_in;
|
|
664
|
+
return _ts_generator(this, function(_state) {
|
|
665
|
+
switch(_state.label){
|
|
666
|
+
case 0:
|
|
667
|
+
return [
|
|
668
|
+
4,
|
|
669
|
+
_class_private_method_get(this, _requestToken, requestToken).call(this)
|
|
670
|
+
];
|
|
671
|
+
case 1:
|
|
672
|
+
tokenResponse = _state.sent();
|
|
673
|
+
now = Date.now();
|
|
674
|
+
_class_private_field_set(this, _cachedToken, {
|
|
675
|
+
accessToken: tokenResponse.access_token,
|
|
676
|
+
expiresAt: now + ((_tokenResponse_expires_in = tokenResponse.expires_in) !== null && _tokenResponse_expires_in !== void 0 ? _tokenResponse_expires_in : 300) * 1000
|
|
677
|
+
});
|
|
678
|
+
return [
|
|
679
|
+
2,
|
|
680
|
+
_class_private_field_get(this, _cachedToken).accessToken
|
|
681
|
+
];
|
|
682
|
+
}
|
|
683
|
+
});
|
|
684
|
+
}).call(this);
|
|
685
|
+
}
|