@hotfusion/modeller 0.0.13 → 0.0.16

package/dist/oidc/schemas/client.schema.json

@@ -0,0 +1,62 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "properties": {
+        "client_id": {
+            "type": "string"
+        },
+        "client_secret": {
+            "type": "string",
+            "private": true
+        },
+        "client_name": {
+            "type": "string"
+        },
+        "redirect_uris": {
+            "type": "array",
+            "hidden": true,
+            "items": { "type": "string" }
+        },
+        "post_logout_redirect_uris": {
+            "type": "array",
+            "hidden": true,
+            "items": { "type": "string" }
+        },
+        "grant_types": {
+            "type": "array",
+            "hidden": true,
+            "items": { "type": "string" }
+        },
+        "response_types": {
+            "type": "array",
+            "hidden": true,
+            "items": { "type": "string" }
+        },
+        "scopes": {
+            "type": "array",
+            "hidden": true,
+            "items": { "type": "string" }
+        },
+        "token_endpoint_auth_method": {
+            "type": "string",
+            "enum": ["client_secret_basic", "client_secret_post", "none"]
+        },
+        "providers": {
+            "type": "array",
+            "hidden": true,
+            "items": { "type": "string" }
+        },
+        "provider_configs": {
+            "type": "array",
+            "hidden": true,
+            "items": { "type": "object" }
+        },
+        "domainName": {
+            "type": "string"
+        },
+        "isActive": {
+            "type": "boolean"
+        }
+    },
+    "required": ["client_id", "client_secret", "redirect_uris"]
+}

package/dist/oidc/schemas/code.schema.json

@@ -0,0 +1,16 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "properties": {
+        "jti": { "type": "string" },
+        "accountId": { "type": "string" },
+        "clientId": { "type": "string" },
+        "redirectUri": { "type": "string" },
+        "scope": { "type": "string" },
+        "grantId": { "type": "string" },
+        "expiresAt": { "type": "string" },
+        "consumed": { "type": "boolean" },
+        "payload": { "type": "string", "private": true }
+    },
+    "required": ["jti"]
+}

package/dist/oidc/schemas/grant.schema.json

@@ -0,0 +1,13 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "properties": {
+        "jti": { "type": "string" },
+        "accountId": { "type": "string" },
+        "clientId": { "type": "string" },
+        "expiresAt": { "type": "string" },
+        "consumed": { "type": "boolean" },
+        "payload": { "type": "string", "private": true }
+    },
+    "required": ["jti"]
+}

package/dist/oidc/schemas/interaction.schema.json

@@ -0,0 +1,26 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "properties": {
+        "jti": {
+            "type": "string"
+        },
+        "uid": {
+            "type": "string"
+        },
+        "kind": {
+            "type": "string"
+        },
+        "expiresAt": {
+            "type": "string"
+        },
+        "consumed": {
+            "type": "boolean"
+        },
+        "payload": {
+            "type": "string",
+            "private": true
+        }
+    },
+    "required": ["jti"]
+}

package/dist/oidc/schemas/session.schema.json

@@ -0,0 +1,14 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "properties": {
+        "jti": { "type": "string" },
+        "uid": { "type": "string" },
+        "accountId": { "type": "string" },
+        "loginTs": { "type": "number" },
+        "expiresAt": { "type": "string" },
+        "consumed": { "type": "boolean" },
+        "payload": { "type": "string", "private": true }
+    },
+    "required": ["jti"]
+}

package/dist/oidc/schemas/token.schema.json

@@ -0,0 +1,16 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "properties": {
+        "jti": { "type": "string" },
+        "kind": { "type": "string" },
+        "accountId": { "type": "string" },
+        "clientId": { "type": "string" },
+        "scope": { "type": "string" },
+        "grantId": { "type": "string" },
+        "expiresAt": { "type": "string" },
+        "consumed": { "type": "boolean" },
+        "payload": { "type": "string", "private": true }
+    },
+    "required": ["jti"]
+}

package/dist/oidc/schemas/user.schema.json

@@ -0,0 +1,44 @@
+{
+    "required": ["email", "password"],
+    "properties": {
+        "_pid": {
+            "type": "string",
+            "static": true,
+            "label": "Parent ID"
+        },
+        "username": { "type": "string", "label": "Username" },
+        "email": { "type": "string", "format": "email", "label": "Email" },
+        "password": { "type": "string", "private": true, "label": "Password hash" },
+        "emailVerified": { "type": "boolean", "label": "Email verified" },
+        "phoneNumber": { "type": "string", "label": "Phone number" },
+        "phoneVerified": { "type": "boolean", "label": "Phone verified" },
+        "name": { "type": "string", "label": "Full name" },
+        "givenName": { "type": "string", "label": "Given name" },
+        "familyName": { "type": "string", "label": "Family name" },
+        "middleName": { "type": "string", "label": "Middle name" },
+        "nickname": { "type": "string", "label": "Nickname" },
+        "picture": { "type": "string", "label": "Profile picture URL" },
+        "website": { "type": "string", "label": "Website URL" },
+        "gender": { "type": "string", "label": "Gender" },
+        "birthdate": { "type": "string", "label": "Birthdate" },
+        "zoneinfo": { "type": "string", "label": "Time zone" },
+        "locale": { "type": "string", "label": "Locale" },
+        "address": {
+            "type": "object",
+            "label": "Address",
+            "properties": {
+                "formatted": { "type": "string" },
+                "streetAddress": { "type": "string" },
+                "locality": { "type": "string" },
+                "region": { "type": "string" },
+                "postalCode": { "type": "string" },
+                "country": { "type": "string" }
+            }
+        },
+        "isActive": { "type": "boolean", "label": "Active" },
+        "roles": { "type": "string", "label": "Roles" },
+        "failedLoginAttempts": { "type": "number", "private": true, "label": "Failed login attempts" },
+        "lastLogin": { "type": "string", "label": "Last login" },
+        "updatedAt": { "type": "string", "label": "Last updated" }
+    }
+}

package/dist/oidc/session.js

@@ -0,0 +1,36 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionModel = void 0;
+const model_1 = require("../model");
+const session_schema_json_1 = __importDefault(require("./schemas/session.schema.json"));
+const cipher_1 = require("./adapters/cipher");
+const utils_1 = require("./utils");
+exports.SessionModel = new model_1.Model('session', session_schema_json_1.default, {
+    adapter: cipher_1.CipherAdapter,
+    trash: false
+})
+    .hook('session-before-insert', {
+    on: 'before:insert',
+    callback: async (payload) => {
+        if (payload.data._sync)
+            return;
+        try {
+            const { jti } = payload.data;
+            if (!jti)
+                throw { code: 'MISSING_REQUIRED_FIELDS' };
+            if (payload.data.consumed === undefined)
+                payload.data.consumed = false;
+        }
+        catch (err) {
+            throw {
+                code: 'SESSION_INSERT_FAILED',
+                message: (0, utils_1.extractError)(err),
+                details: err
+            };
+        }
+    }
+});
+//# sourceMappingURL=session.js.map

package/dist/oidc/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/oidc/session.ts"],"names":[],"mappings":";;;;;;AAAA,oCAAiC;AACjC,wFAAmD;AACnD,8CAAkD;AAClD,mCAAuC;AAE1B,QAAA,YAAY,GAAG,IAAI,aAAK,CAAC,SAAS,EAAE,6BAAM,EAAE;IACrD,OAAO,EAAE,sBAAa;IACtB,KAAK,EAAE,KAAK;CACf,CAAC;KACG,IAAI,CAAC,uBAAuB,EAAE;IAC3B,EAAE,EAAE,eAAe;IACnB,QAAQ,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QAC7B,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QAC/B,IAAI,CAAC;YACD,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;YAC7B,IAAI,CAAC,GAAG;gBAAE,MAAM,EAAE,IAAI,EAAE,yBAAyB,EAAE,CAAC;YACpD,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS;gBAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;QAC3E,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,MAAM;gBACF,IAAI,EAAE,uBAAuB;gBAC7B,OAAO,EAAE,IAAA,oBAAY,EAAC,GAAG,CAAC;gBAC1B,OAAO,EAAE,GAAG;aACf,CAAC;QACN,CAAC;IACL,CAAC;CACJ,CAAC,CAAC"}

package/dist/oidc/session.token.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionTokenModel = void 0;
+const model_1 = require("../model");
+const cipher_1 = require("./adapters/cipher");
+const schema = {
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "properties": {
+        "jti": { "type": "string" },
+        "uid": { "type": "string" },
+        "grantId": { "type": "string" },
+        "userCode": { "type": "string" },
+        "consumed": { "type": "boolean" },
+        "expiresAt": { "type": "string" },
+        "payload": { "type": "string", "private": true }
+    },
+    "required": ["jti"]
+};
+exports.SessionTokenModel = new model_1.Model('session_tokens', schema, {
+    adapter: cipher_1.CipherAdapter,
+    trash: false,
+});
+//# sourceMappingURL=session.token.js.map

package/dist/oidc/session.token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.token.js","sourceRoot":"","sources":["../../src/oidc/session.token.ts"],"names":[],"mappings":";;;AAAA,oCAAyC;AACzC,8CAAkD;AAElD,MAAM,MAAM,GAAG;IACX,SAAS,EAAM,yCAAyC;IACxD,MAAM,EAAS,QAAQ;IACvB,YAAY,EAAG;QACX,KAAK,EAAQ,EAAE,MAAM,EAAE,QAAQ,EAAG;QAClC,KAAK,EAAQ,EAAE,MAAM,EAAE,QAAQ,EAAG;QAClC,SAAS,EAAI,EAAE,MAAM,EAAE,QAAQ,EAAG;QAClC,UAAU,EAAG,EAAE,MAAM,EAAE,QAAQ,EAAG;QAClC,UAAU,EAAG,EAAE,MAAM,EAAE,SAAS,EAAE;QAClC,WAAW,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAG;QAClC,SAAS,EAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE;KACrD;IACD,UAAU,EAAE,CAAC,KAAK,CAAC;CACtB,CAAC;AAEW,QAAA,iBAAiB,GAAG,IAAI,aAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE;IACjE,OAAO,EAAG,sBAAa;IACvB,KAAK,EAAK,KAAK;CAClB,CAAC,CAAC"}

package/dist/oidc/token.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenModel = void 0;
+const model_1 = require("../model");
+const cipher_1 = require("./adapters/cipher");
+const schema = {
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "properties": {
+        "accountId": { "type": "string", "label": "Account ID" },
+        "provider": { "type": "string", "label": "Provider", "description": "local, google, github" },
+        "appId": { "type": "string", "label": "App ID", "description": "client_id of the app" },
+        "refreshToken": { "type": "string", "label": "Refresh Token", "private": true },
+        "scope": { "type": "string", "label": "Scope" },
+        "expiresAt": { "type": "string", "label": "Expires At" }
+    },
+    "required": ["accountId", "provider", "appId", "refreshToken"]
+};
+exports.TokenModel = new model_1.Model('oidc_tokens', schema, {
+    adapter: cipher_1.CipherAdapter,
+    trash: false,
+});
+//# sourceMappingURL=token.js.map

package/dist/oidc/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/oidc/token.ts"],"names":[],"mappings":";;;AAAA,oCAAyC;AACzC,8CAAkD;AAClD,MAAM,MAAM,GAAG;IACX,SAAS,EAAM,yCAAyC;IACxD,MAAM,EAAS,QAAQ;IACvB,YAAY,EAAG;QACX,WAAW,EAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAA6C;QACvG,UAAU,EAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAM,aAAa,EAAE,uBAAuB,EAAG;QACvG,OAAO,EAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAQ,aAAa,EAAE,sBAAsB,EAAI;QACvG,cAAc,EAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAC,SAAS,EAAE,IAAI,EAA0B;QACvG,OAAO,EAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAkD;QACvG,WAAW,EAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAA6C;KAC1G;IACD,UAAU,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,CAAC;CACjE,CAAC;AAEW,QAAA,UAAU,GAAG,IAAI,aAAK,CAAC,aAAa,EAAE,MAAM,EAAE;IACvD,OAAO,EAAG,sBAAa;IACvB,KAAK,EAAK,KAAK;CAClB,CAAC,CAAA"}

package/dist/oidc/user.js

@@ -0,0 +1,95 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserModel = void 0;
+const model_1 = require("../model");
+const user_schema_json_1 = __importDefault(require("./schemas/user.schema.json"));
+const cipher_1 = require("./adapters/cipher");
+const utils_1 = require("./utils");
+// ==============================================================================
+// USER MODEL
+// ==============================================================================
+exports.UserModel = new model_1.Model('user', user_schema_json_1.default, {
+    adapter: cipher_1.CipherAdapter,
+    trash: false
+})
+    // Before Insert: Hash password + validate
+    .hook('user-before-insert', {
+    on: 'before:insert',
+    callback: async (payload) => {
+        if (payload.data._sync)
+            return;
+        try {
+            const validation = (0, utils_1.validateUserInput)(payload.data);
+            if (!validation.valid) {
+                throw {
+                    code: 'INVALID_USER_DATA',
+                    errors: validation.errors
+                };
+            }
+            const hashedPassword = await (0, utils_1.hashPassword)(payload.data.password);
+            payload.data.password = hashedPassword;
+            if (!payload.data.isActive)
+                payload.data.isActive = true;
+            if (!payload.data.roles)
+                payload.data.roles = 'user';
+            console.log(`[User] Created user: ${payload.data.username}`);
+        }
+        catch (err) {
+            throw {
+                code: 'USER_INSERT_FAILED',
+                message: (0, utils_1.extractError)(err),
+                details: err
+            };
+        }
+    }
+})
+    // Before Delete: Log deletion
+    .hook('user-before-delete', {
+    on: 'before:delete',
+    callback: async (payload) => {
+        if (payload.key?._sync)
+            return;
+        try {
+            const user = await exports.UserModel.get({ _id: payload.key._id });
+            console.log(`[User] Deleting user: ${user.username}`);
+        }
+        catch (err) {
+            throw {
+                code: 'USER_DELETE_FAILED',
+                message: (0, utils_1.extractError)(err)
+            };
+        }
+    }
+})
+    // Method: Verify user credentials (login)
+    .method('verify', {
+    handler: async (filters, model) => {
+        try {
+            const { username, password } = filters;
+            if (!username || !password) {
+                throw { code: 'MISSING_CREDENTIALS' };
+            }
+            const user = await model.get({ username }, { private: true });
+            if (!user) {
+                throw { code: 'USER_NOT_FOUND' };
+            }
+            const isValid = await (0, utils_1.verifyPassword)(password, user.password);
+            if (!isValid) {
+                throw { code: 'INVALID_PASSWORD' };
+            }
+            await model.update({ _id: user._id }, { lastLogin: new Date().toISOString() });
+            const { password: _, ...userPublic } = user;
+            return { ok: true, user: userPublic };
+        }
+        catch (err) {
+            return {
+                ok: false,
+                error: err.code || (0, utils_1.extractError)(err)
+            };
+        }
+    }
+});
+//# sourceMappingURL=user.js.map

package/dist/oidc/user.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.js","sourceRoot":"","sources":["../../src/oidc/user.ts"],"names":[],"mappings":";;;;;;AAAA,oCAAiC;AACjC,kFAAqD;AACrD,8CAAkD;AAClD,mCAKiB;AAEjB,iFAAiF;AACjF,aAAa;AACb,iFAAiF;AAEpE,QAAA,SAAS,GAAG,IAAI,aAAK,CAAC,MAAM,EAAE,0BAAW,EAAE;IACpD,OAAO,EAAE,sBAAa;IACtB,KAAK,EAAE,KAAK;CACf,CAAC;IACE,0CAA0C;KACzC,IAAI,CAAC,oBAAoB,EAAE;IACxB,EAAE,EAAE,eAAe;IACnB,QAAQ,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QAC7B,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO;QAE/B,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,IAAA,yBAAiB,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACnD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACpB,MAAM;oBACF,IAAI,EAAE,mBAAmB;oBACzB,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC5B,CAAC;YACN,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,IAAA,oBAAY,EAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC;YAEvC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ;gBAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;YACzD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK;gBAAK,OAAO,CAAC,IAAI,CAAC,KAAK,GAAM,MAAM,CAAC;YAE3D,OAAO,CAAC,GAAG,CAAC,wBAAwB,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,MAAM;gBACF,IAAI,EAAM,oBAAoB;gBAC9B,OAAO,EAAG,IAAA,oBAAY,EAAC,GAAG,CAAC;gBAC3B,OAAO,EAAG,GAAG;aAChB,CAAC;QACN,CAAC;IACL,CAAC;CACJ,CAAC;IAEF,8BAA8B;KAC7B,IAAI,CAAC,oBAAoB,EAAE;IACxB,EAAE,EAAE,eAAe;IACnB,QAAQ,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QAC7B,IAAI,OAAO,CAAC,GAAG,EAAE,KAAK;YAAE,OAAO;QAE/B,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,iBAAS,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,MAAM;gBACF,IAAI,EAAM,oBAAoB;gBAC9B,OAAO,EAAG,IAAA,oBAAY,EAAC,GAAG,CAAC;aAC9B,CAAC;QACN,CAAC;IACL,CAAC;CACJ,CAAC;IAEF,0CAA0C;KACzC,MAAM,CAAC,QAAQ,EAAE;IACd,OAAO,EAAE,KAAK,EAAE,OAAY,EAAE,KAAU,EAAE,EAAE;QACxC,IAAI,CAAC;YACD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;YAEvC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACzB,MAAM,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC;YAC1C,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9D,IAAI,CAAC,IAAI,EAAE,CAAC;gBACR,MAAM,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;YACrC,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAA,sBAAc,EAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,MAAM,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC;YACvC,CAAC;YAED,MAAM,KAAK,CAAC,MAAM,CACd,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,EACjB,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAC1C,CAAC;YAEF,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,UAAU,EAAE,GAAG,IAAI,CAAC;YAC5C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;QAC1C,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,OAAO;gBACH,EAAE,EAAM,KAAK;gBACb,KAAK,EAAG,GAAG,CAAC,IAAI,IAAI,IAAA,oBAAY,EAAC,GAAG,CAAC;aACxC,CAAC;QACN,CAAC;IACL,CAAC;CACJ,CAAC,CAAC"}

package/dist/oidc/utils.js

@@ -0,0 +1,154 @@
+"use strict";
+/**
+ * Authorization Plugin Utilities
+ * Helpers for credential validation, password operations, and parsing
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isValidClientId = isValidClientId;
+exports.isValidDomain = isValidDomain;
+exports.isValidEmail = isValidEmail;
+exports.hashPassword = hashPassword;
+exports.verifyPassword = verifyPassword;
+exports.parseScopes = parseScopes;
+exports.validateScopes = validateScopes;
+exports.generateToken = generateToken;
+exports.verifyClientCredentials = verifyClientCredentials;
+exports.extractError = extractError;
+exports.validateUserInput = validateUserInput;
+exports.dedup = dedup;
+const crypto_1 = require("crypto");
+// ?? Credential Validators
+/**
+ * Validate client credentials format
+ */
+function isValidClientId(clientId) {
+    return typeof clientId === 'string' && clientId.length >= 8 && /^[a-zA-Z0-9_-]+$/.test(clientId);
+}
+function isValidDomain(domain) {
+    const domainRegex = /^(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$/i;
+    return domainRegex.test(domain);
+}
+function isValidEmail(email) {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    return emailRegex.test(email);
+}
+// ?? Password Hashing
+/**
+ * Hash a plaintext password using SHA256 + salt
+ * In production, use bcrypt or argon2
+ */
+async function hashPassword(password) {
+    if (!password || password.length < 8) {
+        throw new Error('Password must be at least 8 characters');
+    }
+    const hash = (0, crypto_1.createHash)('sha256').update(password).digest('hex');
+    return hash;
+}
+/**
+ * Verify plaintext password against hash
+ */
+async function verifyPassword(plaintext, hash) {
+    const computed = await hashPassword(plaintext);
+    return computed === hash;
+}
+// ?? OAuth Scope Parsers
+/**
+ * Parse comma-separated scopes into array
+ */
+function parseScopes(scopeString) {
+    if (!scopeString)
+        return [];
+    return scopeString.split(',').map(s => s.trim()).filter(s => s);
+}
+/**
+ * Check if requested scopes are allowed
+ */
+function validateScopes(requested, allowed) {
+    return requested.every(scope => allowed.includes(scope));
+}
+// ?? Token Helpers
+/**
+ * Generate a random token (for API keys, etc.)
+ */
+function generateToken(length = 32) {
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    let token = '';
+    for (let i = 0; i < length; i++) {
+        token += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return token;
+}
+// ?? Credential Verification (Stub)
+/**
+ * Verify client credentials against external service
+ * This would call your modeller server in production
+ */
+async function verifyClientCredentials(clientId, clientSecret, externalServiceUrl) {
+    try {
+        // Validate format
+        if (!isValidClientId(clientId)) {
+            return { valid: false, error: 'Invalid clientId format' };
+        }
+        if (!clientSecret || clientSecret.length < 16) {
+            return { valid: false, error: 'Invalid clientSecret format' };
+        }
+        // In production, call external verification service
+        // const response = await fetch(externalServiceUrl, { ... });
+        // For example, return success
+        return { valid: true, token: generateToken() };
+    }
+    catch (error) {
+        return { valid: false, error: error.message };
+    }
+}
+// ?? Error Extraction
+/**
+ * Extract error message from various error formats
+ */
+function extractError(error) {
+    if (typeof error === 'string')
+        return error;
+    if (error?.message)
+        return error.message;
+    if (error?.code)
+        return error.code;
+    return 'Unknown error';
+}
+// ?? User Data Validation
+/**
+ * Validate user registration data
+ */
+function validateUserInput(data) {
+    const errors = [];
+    if (!data.username || typeof data.username !== 'string') {
+        errors.push('Username is required and must be a string');
+    }
+    else if (data.username.length < 3) {
+        errors.push('Username must be at least 3 characters');
+    }
+    if (!data.email || !isValidEmail(data.email)) {
+        errors.push('Email must be a valid email address');
+    }
+    if (!data.password || data.password.length < 8) {
+        errors.push('Password must be at least 8 characters');
+    }
+    return {
+        valid: errors.length === 0,
+        errors
+    };
+}
+// ?? Deduplication
+/**
+ * Check for duplicate users in list
+ */
+function dedup(users, key = 'email') {
+    const seen = new Set();
+    return users.filter(user => {
+        const value = user[key];
+        if (seen.has(value))
+            return false;
+        seen.add(value);
+        return true;
+    });
+}
+//# sourceMappingURL=utils.js.map

package/dist/oidc/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/oidc/utils.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAQH,0CAEC;AAED,sCAGC;AAED,oCAGC;AAOD,oCAOC;AAKD,wCAGC;AAMD,kCAGC;AAKD,wCAEC;AAMD,sCAOC;AAOD,0DAuBC;AAMD,oCAKC;AAMD,8CAqBC;AAMD,sBAQC;AAvJD,mCAAoC;AAEpC,2BAA2B;AAC3B;;GAEG;AACH,SAAgB,eAAe,CAAC,QAAgB;IAC5C,OAAO,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrG,CAAC;AAED,SAAgB,aAAa,CAAC,MAAc;IACxC,MAAM,WAAW,GAAG,oFAAoF,CAAC;IACzG,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,SAAgB,YAAY,CAAC,KAAa;IACtC,MAAM,UAAU,GAAG,4BAA4B,CAAC;IAChD,OAAO,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAClC,CAAC;AAED,sBAAsB;AACtB;;;GAGG;AACI,KAAK,UAAU,YAAY,CAAC,QAAgB;IAC/C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjE,OAAO,IAAI,CAAC;AAChB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,cAAc,CAAC,SAAiB,EAAE,IAAY;IAChE,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,CAAC;IAC/C,OAAO,QAAQ,KAAK,IAAI,CAAC;AAC7B,CAAC;AAED,yBAAyB;AACzB;;GAEG;AACH,SAAgB,WAAW,CAAC,WAAmB;IAC3C,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAC5B,OAAO,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,SAAmB,EAAE,OAAiB;IACjE,OAAO,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,mBAAmB;AACnB;;GAEG;AACH,SAAgB,aAAa,CAAC,SAAiB,EAAE;IAC7C,MAAM,KAAK,GAAG,gEAAgE,CAAC;IAC/E,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,oCAAoC;AACpC;;;GAGG;AACI,KAAK,UAAU,uBAAuB,CACzC,QAAgB,EAChB,YAAoB,EACpB,kBAA2B;IAE3B,IAAI,CAAC;QACD,kBAAkB;QAClB,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;QAC9D,CAAC;QAED,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC;QAClE,CAAC;QAED,oDAAoD;QACpD,6DAA6D;QAE7D,8BAA8B;QAC9B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,CAAC;IACnD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QAClB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC;IAClD,CAAC;AACL,CAAC;AAED,sBAAsB;AACtB;;GAEG;AACH,SAAgB,YAAY,CAAC,KAAU;IACnC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,KAAK,EAAE,OAAO;QAAE,OAAO,KAAK,CAAC,OAAO,CAAC;IACzC,IAAI,KAAK,EAAE,IAAI;QAAE,OAAO,KAAK,CAAC,IAAI,CAAC;IACnC,OAAO,eAAe,CAAC;AAC3B,CAAC;AAED,0BAA0B;AAC1B;;GAEG;AACH,SAAgB,iBAAiB,CAAC,IAAS;IACvC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC7D,CAAC;SAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IAC1D,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO;QACH,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;KACT,CAAC;AACN,CAAC;AAED,mBAAmB;AACnB;;GAEG;AACH,SAAgB,KAAK,CAAC,KAAY,EAAE,MAAc,OAAO;IACrD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;QACvB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAClC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAChB,OAAO,IAAI,CAAC;IAChB,CAAC,CAAC,CAAC;AACP,CAAC"}