npm - @hitchy/plugin-auth - Versions diffs - 0.3.7 → 0.3.8 - Mend

@hitchy/plugin-auth 0.3.7 → 0.3.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/.editorconfig ADDED Viewed

@@ -0,0 +1,9 @@
+root = true
+[*]
+indent_size = 4
+indent_style = tab
+end_of_line = lf
+charset = utf-8
+ij_javascript_use_double_quotes = true
+ij_javascript_force_quote_style = true

package/api/model/authorization/rule.js CHANGED Viewed

@@ -2,7 +2,7 @@
 module.exports = function() {
 	const api = this;
-	const { services } = api.runtime;
+	const { services } = api;
 	/**
 	 * Implements properties and behavior of a single authorization rule

package/api/model/role.js CHANGED Viewed

@@ -7,7 +7,7 @@
  */
 module.exports = function() {
 	const api = this;
-	const { models } = api.runtime;
+	const { models } = api;
 	/**
 	 * Implements model of a role users can have for common authorization.

package/api/model/user.js CHANGED Viewed

@@ -9,7 +9,7 @@ const crypto = require( "crypto" );
  */
 module.exports = function() {
 	const api = this;
-	const { services, models } = api.runtime;
+	const { services, models } = api;
 	/**
 	 * Implements model of a user suitable for authenticating as.

package/api/policy/authentication.js CHANGED Viewed

@@ -2,10 +2,10 @@
 module.exports = function() {
 	const api = this;
-	const { models, services } = api.runtime;
+	const { models, service } = api;
-	const logAlert = api.log( "hitchy:plugin:auth:alert" );
-	const logDebug = api.log( "hitchy:plugin:auth:debug" );
+	const logAlert = api.log( "hitchy:auth:alert" );
+	const logDebug = api.log( "hitchy:auth:debug" );
 	/**
 	 * Implements policy handlers transparently managing authentication process
@@ -28,7 +28,7 @@ module.exports = function() {
 			this.local.passportInjected = true;
-			const { AuthenticationPassport } = services;
+			const { AuthenticationPassport } = service;
 			AuthenticationPassport.initialize()( req, res, initializeError => {
 				if ( initializeError ) {
@@ -42,7 +42,7 @@ module.exports = function() {
 							res.set( "X-Authorized-As", roles.join( "," ) );
 						}
-						next( sessionError );
+						this.updateSessionId( req, res, error => next( sessionError || error ) );
 					} );
 				}
 			} );
@@ -76,7 +76,7 @@ module.exports = function() {
 				return;
 			}
-			services.AuthManager.checkAuthentication( parts[1], parts[2] )
+			service.AuthManager.checkAuthentication( parts[1], parts[2] )
 				.then( user => {
 					req.user = user; // eslint-disable-line no-param-reassign
@@ -96,7 +96,7 @@ module.exports = function() {
 		 */
 		static login( req, res, next ) {
 			const { strategy } = req.params;
-			const { AuthenticationStrategies, AuthenticationPassport } = services;
+			const { AuthenticationStrategies, AuthenticationPassport } = service;
 			const defaultStrategy = AuthenticationStrategies.defaultStrategy();
 			req.fetchBody()
@@ -119,7 +119,7 @@ module.exports = function() {
 						} );
 					} );
 				} )
-				.then( next )
+				.then( () => this.updateSessionId( req, res, next ) )
 				.catch( err => {
 					logAlert( err );
@@ -146,7 +146,7 @@ module.exports = function() {
 			if ( req.user ) {
 				const { uuid, name } = req.user;
-				services.AuthManager.listRolesOfUser( new models.User( uuid ) )
+				service.AuthManager.listRolesOfUser( new models.User( uuid ) )
 					.then( roles => {
 						req.user.roles = roles; // eslint-disable-line no-param-reassign
@@ -192,21 +192,52 @@ module.exports = function() {
 				.then( async willLogoutInFuture => {
 					if ( !willLogoutInFuture ) {
 						if ( typeof req.logout === "function" ) {
-							await req.logout();
+							await new Promise( ( resolve, reject ) => {
+								req.logout( error => ( error ? reject( error ) : resolve() ) );
+							} );
+						} else {
+							// re-generating session on change of user authentication mitigates session-related attacks
+							// -> passport's logout does not seem to exist, so we can't rely on passport regenerating the session
+							await new Promise( ( resolve, reject ) => req.session.regenerate( error => ( error ? reject( error ) : resolve() ) ) );
 						}
-						req.session.drop();
 						req.user = undefined; // eslint-disable-line no-param-reassign
 						res.set( "X-Authenticated-As", undefined );
 						res.set( "X-Authorized-As", undefined );
-						next();
 					}
+					this.updateSessionId( req, res, next );
 				} )
 				.catch( next );
 		}
+		/**
+		 * Promotes current session's ID in case it has changed compared to what
+		 * the request was providing.
+		 *
+		 * @param {Hitchy.Core.IncomingMessage} req request descriptor
+		 * @param {Hitchy.Core.ServerResponse} res response manager
+		 * @param {Hitchy.Core.ContinuationHandler} next callback to invoke to continue processing a request
+		 * @returns {void}
+		 */
+		static updateSessionId( req, res, next ) {
+			const { Session } = service;
+			const sid = req.session?.id;
+			if ( sid != null ) {
+				if ( sid !== Session.getSessionIdOfRequest( req ) ) {
+					// session might have been re-generated, hence its ID has
+					// changed and we need to inform the client to use a
+					// different session ID on next request
+					req.session.$promoteSessionIdInResponse( res );
+				}
+			}
+			next();
+		}
 		/**
 		 * Ensures current request's user has authenticated.
 		 *

package/api/policy/user.js CHANGED Viewed

@@ -2,7 +2,7 @@
 module.exports = function() {
 	const api = this;
-	const { models } = api.runtime;
+	const { models } = api;
 	return {
 		/**

package/api/service/auth/manager.js CHANGED Viewed

@@ -2,9 +2,9 @@
 module.exports = function() {
 	const api = this;
-	const { models, services } = api.runtime;
+	const { models, services } = api;
-	const logDebug = api.log( "hitchy:plugin:auth:debug" );
+	const logDebug = api.log( "hitchy:auth:debug" );
 	/**
 	 * Implements several helper methods meant to simplify user/role management.

package/api/service/authentication/passport.js CHANGED Viewed

@@ -5,8 +5,8 @@ const PassportLib = require( "passport" );
 module.exports = function() {
 	const api = this;
-	const logAlert = api.log( "hitchy:plugin:auth:alert" );
-	const logDebug = api.log( "hitchy:plugin:auth:debug" );
+	const logAlert = api.log( "hitchy:auth:alert" );
+	const logDebug = api.log( "hitchy:auth:debug" );
 	const passport = new PassportLib.Passport();
@@ -16,7 +16,7 @@ module.exports = function() {
 	 * @returns {void}
 	 */
 	passport.integrateWithHitchy = () => {
-		const { models: { User }, services: { AuthManager } } = api.runtime;
+		const { models: { User }, services: { AuthManager } } = api;
 		const { strategies } = api.config.auth;

package/api/service/authentication/strategies.js CHANGED Viewed

@@ -17,9 +17,9 @@ const RemoteAuthCustomData = new Map();
 module.exports = function() {
 	const api = this;
-	const { models, services } = api.runtime;
+	const { models, services } = api;
-	const logAlert = api.log( "hitchy:plugin:auth:alert" );
+	const logAlert = api.log( "hitchy:auth:alert" );
 	/**
 	 * Fetches named user's local profile.
@@ -232,7 +232,7 @@ module.exports = function() {
 				getLocalProfile( strategyName, userInfo.preferred_username, true, done );
 			};
-			const { Issuer, Strategy } = require( "openid-client" );
+			const { Issuer, Strategy, generators } = require( "openid-client" );
 			const issuer = await Issuer.discover( config.discovery_url );
 			const client = new issuer.Client( config );
@@ -248,7 +248,7 @@ module.exports = function() {
 					return Promise.resolve( false );
 				}
-				const state = req.session[key] = require( "crypto" ).randomBytes( 32 ).toString( "base64" ); // eslint-disable-line no-param-reassign
+				const state = req.session[key] = generators.state( 32 ); // eslint-disable-line no-param-reassign
 				// redirect user to discovered end_session_url of IdP
 				req.context.response.redirect( 302, client.endSessionUrl( { state } ) );

package/api/service/authorization/node.js CHANGED Viewed

@@ -146,36 +146,44 @@ module.exports = function() {
 		 * @returns {number} >0 on accepting user(s)/role(s) explicitly, <0 on rejecting explicitly, ==0 on missing explicit impact on user(s)/role(s)
 		 */
 		isAuthorized( userName, roleName ) {
+			const state = { accept: 0, reject: 0 };
+			if ( this.users.accept?.["*"] > 0 || this.roles.accept?.["*"] > 0 ) {
+				state.accept = 1;
+			}
+			if ( this.users.reject?.["*"] > 0 || this.roles.reject?.["*"] > 0 ) {
+				state.reject = 1;
+			}
 			const users = Array.isArray( userName ) ? userName : userName ? [userName] : [];
 			const roles = Array.isArray( roleName ) ? roleName : roleName ? [roleName] : [];
-			const actions = [ "accept", "reject" ];
-			const state = { accept: false, reject: false };
-			for ( const [ names, rules ] of [ [ users, this.users ], [ roles, this.roles ] ] ) {
-				for ( let i = 0, length = names.length; i < length; i++ ) {
-					const name = names[i];
-					if ( name && typeof name === "string" && name.trim().length > 0 ) {
-						for ( let j = 0; j < 2; j++ ) {
-							const action = actions[j];
+			for ( const [ names, rules, level ] of [ [ users, this.users, 3 ], [ roles, this.roles, 2 ] ] ) {
+				for ( const name of names ) {
+					if ( name && typeof name === "string" ) {
+						const _name = name.trim();
-							if ( rules[action][name] > 0 ) {
-								state[action] = true;
+						if ( _name !== "" ) {
+							for ( const action of [ "accept", "reject" ] ) {
+								if ( rules[action][_name] > 0 ) {
+									state[action] = Math.max( state[action], level );
+								}
 							}
 						}
 					}
 				}
 			}
-			if ( state.accept ) {
-				if ( state.reject ) {
-					throw new Error( `granting and revoking access on "${this.path()}" to/from user(s) "${userName || "<none>"}" and/or role(s) "${roleName || "<none>"}"` );
-				}
+			if ( state.accept > 0 && state.reject === state.accept ) {
+				throw new Error( `granting and revoking access on "${this.path()}" to/from user(s) "${userName || "<none>"}" and/or role(s) "${roleName || "<none>"}"` );
+			}
+			if ( state.accept > state.reject ) {
 				return 1;
 			}
-			if ( state.reject ) {
+			if ( state.accept < state.reject ) {
 				return -1;
 			}
@@ -183,7 +191,7 @@ module.exports = function() {
 		}
 		/**
-		 * Indicates if current node has any viable information.
+		 * Indicates if current node lacks any viable information.
 		 *
 		 * @returns {boolean} true if node hasn't any viable information affecting authorization checks
 		 */

package/api/service/authorization/tree.js CHANGED Viewed

@@ -2,10 +2,10 @@
 module.exports = function() {
 	const api = this;
-	const { services, models } = api.runtime;
+	const { services, models } = api;
-	const logAlert = api.log( "hitchy:plugin:auth:alert" );
-	const logDebug = api.log( "hitchy:plugin:auth:debug" );
+	const logAlert = api.log( "hitchy:auth:alert" );
+	const logDebug = api.log( "hitchy:auth:debug" );
 	let cachedTree;
@@ -153,16 +153,16 @@ module.exports = function() {
 		 *
 		 * @param {string} selector selector of authorization, full-stop-separated sequence of names
 		 * @param {string|string[]} user names(s) of zero or more users to check
-		 * @param {string|string[]} role names of zero or more roles to check
+		 * @param {string|string[]} roles names of zero or more roles to check
 		 * @param {boolean} acceptByDefault fallback result ro return if neither rule is affecting selected user(s) or role(s)
 		 * @returns {boolean} true if authorization is granted to user(s)/role(s), false if it's rejected
 		 */
-		isAuthorized( selector, user, role, acceptByDefault = false ) {
+		isAuthorized( selector, user, roles, acceptByDefault = false ) {
 			let result = 0;
 			try {
 				this.selectNode( selector, false, node => {
-					const localResult = node.isAuthorized( user, role, acceptByDefault );
+					const localResult = node.isAuthorized( user, roles, acceptByDefault );
 					if ( localResult !== 0 ) {
 						result = localResult;
@@ -267,10 +267,12 @@ module.exports = function() {
 							continue;
 						}
-						const list = String( items ).trim().split( /\s*,[,\s]*/ ).filter( i => i != null && i !== "" );
+						const list = String( items ).trim().split( "," )
+							.map( i => String( i ?? "" ).trim().replace( /([+-])\s*/, "$1" ) ) // remove whitespace here to mitigate ReDOS vulnerability in pattern below
+							.filter( i => i != null && i !== "" );
 						for ( const who of list ) {
-							const [ all, mode, role, id ] = /^\s*([+-]?)\s*(@?)\s*([^\s@,+-][^\s@,]*)\s*$/.exec( who ) || [];
+							const [ all, mode, role, id ] = /^([+-]?)(@?)\s*([^\s@,+-][^\s@,]*)$/.exec( who ) || [];
 							if ( all ) {
 								const isGranting = mode ? mode !== "-" : key !== "revoke";

package/api/service/session.js ADDED Viewed

@@ -0,0 +1,150 @@
+"use strict";
+module.exports = function( options, HitchyPluginSession ) {
+	const api = this;
+	const logDebug = api.log( "hitchy:auth:debug" );
+	const logError = api.log( "hitchy:auth:error" );
+	/**
+	 * Extends session implemented by `@hitchy/plugin-session` to provide
+	 * additional methods used by passport as it is assuming to work with
+	 * `express-session`.
+	 */
+	class PassportCompatibleSession extends HitchyPluginSession {
+		#id;
+		#user;
+		#data;
+		/**
+		 * @param {string} sessionId unique ID of session
+		 * @param {Object<string,any>} properties copy (!) of session's properties recovered from a session store
+		 */
+		constructor( sessionId, properties ) {
+			super( sessionId, properties, false );
+			this.#id = sessionId;
+			this.#data = properties;
+			Object.defineProperties( this, {
+				/**
+				 * Exposes ID of session.
+				 *
+				 * @name Session#id
+				 * @property {string}
+				 * @readonly
+				 */
+				id: { get: () => this.#id },
+				/**
+				 * Exposes authenticated user current session is associated with.
+				 *
+				 * @name Session#user
+				 * @property {{uuid:string}}
+				 */
+				user: {
+					get: () => this.#user,
+					set: newUser => {
+						if ( !newUser || typeof newUser !== "object" || !newUser.uuid ) {
+							throw new Error( "invalid user descriptor rejected" );
+						}
+						if ( this.#user != null ) {
+							if ( newUser.uuid === this.#user.uuid ) {
+								return;
+							}
+							throw new Error( "invalid request for replacing user of current session" );
+						}
+						this.#user = Object.freeze( { ...newUser } );
+					},
+				},
+				/**
+				 * Exposes space for saving additional custom data in context of
+				 * current session.
+				 *
+				 * @name Session#data
+				 * @property {object}
+				 * @readonly
+				 */
+				$data: { get: () => this.#data },
+			} );
+			// OIDC plugin for passport is using custom redirection that's
+			// preventing session from being persisted in late policy
+			// -> instantly persist any changes related to the OIDC integration
+			this.on( "data-changed", ( [key] ) => {
+				if ( key.startsWith( "oidc:" ) ) {
+					logDebug( "instantly persisting session on setting %s", key );
+					this.constructor.getStore().save( this.id, this.$data ).catch( cause => {
+						logError( "persisting session failed:", cause.stack );
+					} );
+				}
+			} );
+		}
+		/**
+		 * Drops any current session and creates a new one.
+		 *
+		 * This method is used by passport.
+		 *
+		 * @param {function(error: (Error|undefined)): void} doneFn callback invoked when session has been re-generated or some error occurred
+		 * @returns {void}
+		 */
+		regenerate( doneFn ) {
+			logDebug( "re-generating current user session" );
+			const store = this.constructor.getStore();
+			store.drop( this.#id )
+				.then( () => store.create() )
+				.then( sessionId => {
+					if ( !sessionId ) {
+						throw new Error( "failed to assign new session ID" );
+					}
+					return store.load( sessionId )
+						.then( record => {
+							if ( !record ) {
+								throw new Error( "failed to recover new session record" );
+							}
+							this.#id = sessionId;
+							this.#data = record;
+							this.#user = null;
+							logDebug( `new session ID is ${sessionId}` );
+							doneFn();
+						} );
+				} )
+				.catch( cause => {
+					logError( "re-generating current user session failed:", cause.stack );
+					doneFn( cause );
+				} );
+		}
+		/**
+		 * Explicitly triggers saving of current session to configured store.
+		 *
+		 * This method is used by passport.
+		 *
+		 * @param {function(error: (Error|undefined)): void} doneFn callback invoked when session has been saved or some error occurred
+		 * @returns {void}
+		 */
+		save( doneFn ) {
+			const store = this.constructor.getStore();
+			store.save( this.#id, this.#data )
+				.then( () => doneFn() )
+				.catch( doneFn );
+		}
+	}
+	return PassportCompatibleSession;
+};

package/index.js CHANGED Viewed

@@ -10,7 +10,7 @@ module.exports = function( options, plugins ) {
 			const { strategies } = api.config.auth;
 			if ( !strategies.local ) {
-				strategies.local = api.runtime.services.AuthenticationStrategies.generateLocal();
+				strategies.local = api.services.AuthenticationStrategies.generateLocal();
 			}
 		},
@@ -22,7 +22,7 @@ module.exports = function( options, plugins ) {
 		async initialize() {
 			const {
 				services: { AuthorizationTree, AuthenticationPassport, AuthManager },
-			} = api.runtime;
+			} = api;
 			const { current } = AuthorizationTree;
 			AuthenticationPassport.integrateWithHitchy();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@hitchy/plugin-auth",
-	"version": "0.3.7",
+	"version": "0.3.8",
 	"description": "user authentication and authorization for Hitchy",
 	"main": "index.js",
 	"types": "index.d.ts",
@@ -8,8 +8,8 @@
 		"lint": "eslint .",
 		"test": "hitchy-pm session cookies odem --exec c8 -r text -r html mocha --recursive --exclude **/*.dist.js ./test/scripts --ui bdd",
 		"test:smoke": "hitchy-pm session cookies odem --exec hitchy --project test/project/testbed --plugins . --plugin . --debug",
-		"docs:dev": "vuepress dev docs",
-		"docs:build": "vuepress build docs"
+		"docs:dev": "vitepress dev docs",
+		"docs:build": "vitepress build docs"
 	},
 	"repository": {
 		"type": "git",
@@ -25,24 +25,24 @@
 		"@hitchy/core": "0.8.x"
 	},
 	"devDependencies": {
-		"@hitchy/server-dev-tools": "^0.4.8",
+		"@hitchy/server-dev-tools": "^0.4.9",
 		"@hitchy/types": "^0.1.3",
-		"c8": "^8.0.1",
-		"eslint": "^8.47.0",
-		"eslint-config-cepharum": "^1.0.13",
+		"c8": "^10.1.2",
+		"eslint": "^8.57.0",
+		"eslint-config-cepharum": "^1.0.14",
 		"eslint-plugin-promise": "^6.1.1",
-		"mocha": "^10.2.0",
-		"openid-client": "^5.4.3",
+		"mocha": "^10.6.0",
+		"openid-client": "^5.6.5",
 		"passport-saml": "^3.2.4",
 		"should": "^13.2.3",
 		"should-http": "^0.1.1",
-		"vuepress": "^1.9.10"
+		"vitepress": "^1.3.1"
 	},
 	"dependencies": {
 		"@hitchy/plugin-cookies": "^0.1.8",
 		"@hitchy/plugin-odem": "^0.7.8",
-		"@hitchy/plugin-session": "^0.1.12",
-		"passport": "^0.5.3",
+		"@hitchy/plugin-session": "^0.4.0",
+		"passport": "^0.7.0",
 		"passport-local": "^1.0.0"
 	}
 }

package/public/404.html ADDED Viewed

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en-US" dir="ltr">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <title>404 | Hitchy Auth Manual</title>
+    <meta name="description" content="Not Found">
+    <meta name="generator" content="VitePress v1.3.1">
+    <link rel="preload stylesheet" href="/assets/style.C4vbPc5Z.css" as="style">
+    <script type="module" src="/assets/app.Bnek3cfe.js"></script>
+    <link rel="preload" href="/assets/inter-roman-latin.Di8DUHzh.woff2" as="font" type="font/woff2" crossorigin="">
+    <script id="check-dark-mode">(()=>{const e=localStorage.getItem("vitepress-theme-appearance")||"auto",a=window.matchMedia("(prefers-color-scheme: dark)").matches;(!e||e==="auto"?a:e==="dark")&&document.documentElement.classList.add("dark")})();</script>
+    <script id="check-mac-os">document.documentElement.classList.toggle("mac",/Mac|iPhone|iPod|iPad/i.test(navigator.platform));</script>
+  </head>
+  <body>
+    <div id="app"></div>
+    <script>window.__VP_HASH_MAP__=JSON.parse("{\"api_config.md\":\"BiPnBhyk\",\"api_controller_index.md\":\"mhiyhr_C\",\"api_controller_user.md\":\"BiFYPTow\",\"api_index.md\":\"j6eBaebO\",\"api_model_authorization-rule.md\":\"CFNqudsp\",\"api_model_index.md\":\"Dw3UH73J\",\"api_model_role.md\":\"DFCGXTBA\",\"api_model_user-to-role.md\":\"QNC96rs-\",\"api_model_user.md\":\"C2GSzwZj\",\"api_policy_authentication.md\":\"Ccj8Rneb\",\"api_policy_authorization.md\":\"CP3y7VOT\",\"api_policy_index.md\":\"CmaeRtru\",\"api_policy_user.md\":\"ePU_LHGT\",\"api_routing.md\":\"BP98xeNw\",\"api_service_auth-manager.md\":\"CcpV6slZ\",\"api_service_authentication-passport.md\":\"DvhoW1TR\",\"api_service_authentication-strategies.md\":\"DjDT2F9g\",\"api_service_authorization-node.md\":\"DAN4WdDZ\",\"api_service_authorization-policy-generator.md\":\"IaQjgxfZ\",\"api_service_authorization-tree.md\":\"I7ff4vao\",\"api_service_index.md\":\"Bfk1E4Zn\",\"guides_getting-started.md\":\"BMwF59kE\",\"guides_index.md\":\"CUqoqPFW\",\"guides_openid-connect.md\":\"CWezg52j\",\"guides_saml.md\":\"BBlq_CTl\",\"index.md\":\"B8uyAhM4\",\"introduction.md\":\"DjcXFFe8\"}");window.__VP_SITE_DATA__=JSON.parse("{\"lang\":\"en-US\",\"dir\":\"ltr\",\"title\":\"Hitchy Auth Manual\",\"description\":\"A VitePress site\",\"base\":\"/\",\"head\":[],\"router\":{\"prefetchLinks\":true},\"appearance\":true,\"themeConfig\":{\"displayAllHeaders\":true,\"socialLinks\":[{\"icon\":{\"svg\":\"<svg xmlns=\\\"http://www.w3.org/2000/svg\\\" viewBox=\\\"0 0 512 512\\\"><!--!Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d=\\\"M503.5 204.6L502.8 202.8L433.1 21C431.7 17.5 429.2 14.4 425.9 12.4C423.5 10.8 420.8 9.9 417.9 9.6C415 9.3 412.2 9.7 409.5 10.7C406.8 11.7 404.4 13.3 402.4 15.5C400.5 17.6 399.1 20.1 398.3 22.9L351.3 166.9H160.8L113.7 22.9C112.9 20.1 111.5 17.6 109.6 15.5C107.6 13.4 105.2 11.7 102.5 10.7C99.9 9.7 97 9.3 94.1 9.6C91.3 9.9 88.5 10.8 86.1 12.4C82.8 14.4 80.3 17.5 78.9 21L9.3 202.8L8.5 204.6C-1.5 230.8-2.7 259.6 5 286.6C12.8 313.5 29.1 337.3 51.5 354.2L51.7 354.4L52.3 354.8L158.3 434.3L210.9 474L242.9 498.2C246.6 500.1 251.2 502.5 255.9 502.5C260.6 502.5 265.2 500.1 268.9 498.2L300.9 474L353.5 434.3L460.2 354.4L460.5 354.1C482.9 337.2 499.2 313.5 506.1 286.6C514.7 259.6 513.5 230.8 503.5 204.6z\\\"/></svg>\"},\"link\":\"https://gitlab.com/hitchy/plugin-auth\",\"ariaLabel\":\"Link to code repository\"}],\"nav\":[{\"text\":\"Home\",\"link\":\"/\"},{\"text\":\"Guides\",\"link\":\"/guides/\"},{\"text\":\"API\",\"link\":\"/api/\"},{\"text\":\"Hitchy\",\"items\":[{\"text\":\"Core\",\"link\":\"https://core.hitchy.org/\"},{\"text\":\"Plugins\",\"items\":[{\"text\":\"Odem\",\"link\":\"https://odem.hitchy.org/\"},{\"text\":\"Auth\",\"link\":\"/\"}]},{\"text\":\"Tools\",\"items\":[{\"text\":\"SDT\",\"link\":\"https://sdt.hitchy.org/\"}]}]}]},\"locales\":{},\"scrollOffset\":134,\"cleanUrls\":false}");</script>
+  </body>
+</html>