@jezweb/oauth-token-manager 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/errors.d.ts +12 -0
- package/dist/errors.d.ts.map +1 -1
- package/dist/errors.js +18 -0
- package/dist/errors.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/providers/github.d.ts +4 -4
- package/dist/providers/github.d.ts.map +1 -1
- package/dist/providers/github.js +9 -6
- package/dist/providers/github.js.map +1 -1
- package/dist/providers/google.d.ts +2 -2
- package/dist/providers/google.d.ts.map +1 -1
- package/dist/providers/google.js +33 -36
- package/dist/providers/google.js.map +1 -1
- package/dist/providers/microsoft.d.ts +2 -2
- package/dist/providers/microsoft.d.ts.map +1 -1
- package/dist/providers/microsoft.js +40 -36
- package/dist/providers/microsoft.js.map +1 -1
- package/dist/storage/kv.d.ts +26 -6
- package/dist/storage/kv.d.ts.map +1 -1
- package/dist/storage/kv.js +94 -31
- package/dist/storage/kv.js.map +1 -1
- package/dist/token-manager.d.ts +10 -1
- package/dist/token-manager.d.ts.map +1 -1
- package/dist/token-manager.js +38 -15
- package/dist/token-manager.js.map +1 -1
- package/dist/types.d.ts +40 -11
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/errors.d.ts
CHANGED
|
@@ -32,6 +32,18 @@ export declare class TokenExpiredError extends TokenManagerError {
|
|
|
32
32
|
readonly reason: 'no_refresh_token' | 'refresh_failed' | 'refresh_token_expired';
|
|
33
33
|
constructor(userId: string, provider: string, reason: 'no_refresh_token' | 'refresh_failed' | 'refresh_token_expired');
|
|
34
34
|
}
|
|
35
|
+
/**
|
|
36
|
+
* Token was revoked by the user or admin
|
|
37
|
+
*
|
|
38
|
+
* This is a permanent failure - the token has been deleted from storage.
|
|
39
|
+
* Recovery: Redirect user to OAuth flow to re-authenticate
|
|
40
|
+
*/
|
|
41
|
+
export declare class TokenRevokedError extends TokenManagerError {
|
|
42
|
+
readonly userId: string;
|
|
43
|
+
readonly provider: string;
|
|
44
|
+
readonly providerError?: string | undefined;
|
|
45
|
+
constructor(userId: string, provider: string, providerError?: string | undefined);
|
|
46
|
+
}
|
|
35
47
|
/**
|
|
36
48
|
* Token exists but doesn't have the required scopes
|
|
37
49
|
*
|
package/dist/errors.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;aAGxB,IAAI,EAAE,MAAM;gBAD5B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM;CAK/B;AAED;;;;GAIG;AACH,qBAAa,kBAAmB,SAAQ,iBAAiB;aAErC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;gBADhB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM;CAQnC;AAED;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,iBAAiB;aAEpC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,MAAM,EAAE,kBAAkB,GAAG,gBAAgB,GAAG,uBAAuB;gBAFvE,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,kBAAkB,GAAG,gBAAgB,GAAG,uBAAuB;CAa1F;AAED;;;;GAIG;AACH,qBAAa,uBAAwB,SAAQ,iBAAiB;aAE1C,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,cAAc,EAAE,MAAM,EAAE;aACxB,aAAa,EAAE,MAAM,EAAE;gBAHvB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,EAAE,EACxB,aAAa,EAAE,MAAM,EAAE;IAUzC,IAAI,aAAa,IAAI,MAAM,EAAE,CAE5B;CACF;AAED;;;;GAIG;AACH,qBAAa,0BAA2B,SAAQ,iBAAiB;aACnC,QAAQ,EAAE,MAAM;gBAAhB,QAAQ,EAAE,MAAM;CAO7C;AAED;;;;GAIG;AACH,qBAAa,WAAY,SAAQ,iBAAiB;aAG9B,KAAK,CAAC,EAAE,KAAK;gBAD7B,SAAS,EAAE,SAAS,GAAG,SAAS,EAChB,KAAK,CAAC,EAAE,KAAK,YAAA;CAQhC;AAED;;;;GAIG;AACH,qBAAa,YAAa,SAAQ,iBAAiB;aAG/B,KAAK,CAAC,EAAE,KAAK;gBAD7B,SAAS,EAAE,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,EAC5B,KAAK,CAAC,EAAE,KAAK,YAAA;CAQhC"}
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;aAGxB,IAAI,EAAE,MAAM;gBAD5B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM;CAK/B;AAED;;;;GAIG;AACH,qBAAa,kBAAmB,SAAQ,iBAAiB;aAErC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;gBADhB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM;CAQnC;AAED;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,iBAAiB;aAEpC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,MAAM,EAAE,kBAAkB,GAAG,gBAAgB,GAAG,uBAAuB;gBAFvE,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,kBAAkB,GAAG,gBAAgB,GAAG,uBAAuB;CAa1F;AAED;;;;;GAKG;AACH,qBAAa,iBAAkB,SAAQ,iBAAiB;aAEpC,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,aAAa,CAAC,EAAE,MAAM;gBAFtB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,aAAa,CAAC,EAAE,MAAM,YAAA;CAQzC;AAED;;;;GAIG;AACH,qBAAa,uBAAwB,SAAQ,iBAAiB;aAE1C,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM;aAChB,cAAc,EAAE,MAAM,EAAE;aACxB,aAAa,EAAE,MAAM,EAAE;gBAHvB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,EAAE,EACxB,aAAa,EAAE,MAAM,EAAE;IAUzC,IAAI,aAAa,IAAI,MAAM,EAAE,CAE5B;CACF;AAED;;;;GAIG;AACH,qBAAa,0BAA2B,SAAQ,iBAAiB;aACnC,QAAQ,EAAE,MAAM;gBAAhB,QAAQ,EAAE,MAAM;CAO7C;AAED;;;;GAIG;AACH,qBAAa,WAAY,SAAQ,iBAAiB;aAG9B,KAAK,CAAC,EAAE,KAAK;gBAD7B,SAAS,EAAE,SAAS,GAAG,SAAS,EAChB,KAAK,CAAC,EAAE,KAAK,YAAA;CAQhC;AAED;;;;GAIG;AACH,qBAAa,YAAa,SAAQ,iBAAiB;aAG/B,KAAK,CAAC,EAAE,KAAK;gBAD7B,SAAS,EAAE,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,EAC5B,KAAK,CAAC,EAAE,KAAK,YAAA;CAQhC"}
|
package/dist/errors.js
CHANGED
|
@@ -52,6 +52,24 @@ export class TokenExpiredError extends TokenManagerError {
|
|
|
52
52
|
this.name = 'TokenExpiredError';
|
|
53
53
|
}
|
|
54
54
|
}
|
|
55
|
+
/**
|
|
56
|
+
* Token was revoked by the user or admin
|
|
57
|
+
*
|
|
58
|
+
* This is a permanent failure - the token has been deleted from storage.
|
|
59
|
+
* Recovery: Redirect user to OAuth flow to re-authenticate
|
|
60
|
+
*/
|
|
61
|
+
export class TokenRevokedError extends TokenManagerError {
|
|
62
|
+
userId;
|
|
63
|
+
provider;
|
|
64
|
+
providerError;
|
|
65
|
+
constructor(userId, provider, providerError) {
|
|
66
|
+
super(`Token for user "${userId}" and provider "${provider}" was revoked. ${providerError ? `Provider error: ${providerError}. ` : ''}User needs to re-authenticate.`, 'TOKEN_REVOKED');
|
|
67
|
+
this.userId = userId;
|
|
68
|
+
this.provider = provider;
|
|
69
|
+
this.providerError = providerError;
|
|
70
|
+
this.name = 'TokenRevokedError';
|
|
71
|
+
}
|
|
72
|
+
}
|
|
55
73
|
/**
|
|
56
74
|
* Token exists but doesn't have the required scopes
|
|
57
75
|
*
|
package/dist/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAGxB;IAFlB,YACE,OAAe,EACC,IAAY;QAE5B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,SAAI,GAAJ,IAAI,CAAQ;QAG5B,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,kBAAmB,SAAQ,iBAAiB;IAErC;IACA;IAFlB,YACkB,MAAc,EACd,QAAgB;QAEhC,KAAK,CACH,4BAA4B,MAAM,mBAAmB,QAAQ,yCAAyC,EACtG,iBAAiB,CAClB,CAAC;QANc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAMhC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,iBAAkB,SAAQ,iBAAiB;IAEpC;IACA;IACA;IAHlB,YACkB,MAAc,EACd,QAAgB,EAChB,MAAuE;QAEvF,MAAM,OAAO,GAAG;YACd,gBAAgB,EAAE,4BAA4B;YAC9C,cAAc,EAAE,8BAA8B;YAC9C,qBAAqB,EAAE,2BAA2B;SACnD,CAAC;QACF,KAAK,CACH,2BAA2B,MAAM,mBAAmB,QAAQ,MAAM,OAAO,CAAC,MAAM,CAAC,kCAAkC,EACnH,eAAe,CAChB,CAAC;QAZc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAiE;QAWvF,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,uBAAwB,SAAQ,iBAAiB;IAE1C;IACA;IACA;IACA;IAJlB,YACkB,MAAc,EACd,QAAgB,EAChB,cAAwB,EACxB,aAAuB;QAEvC,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACzE,KAAK,CACH,mBAAmB,MAAM,mBAAmB,QAAQ,iCAAiC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,+CAA+C,EACtJ,qBAAqB,CACtB,CAAC;QATc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,mBAAc,GAAd,cAAc,CAAU;QACxB,kBAAa,GAAb,aAAa,CAAU;QAOvC,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;IAED,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,iBAAiB;IACnC;IAA5B,YAA4B,QAAgB;QAC1C,KAAK,CACH,aAAa,QAAQ,mEAAmE,EACxF,yBAAyB,CAC1B,CAAC;QAJwB,aAAQ,GAAR,QAAQ,CAAQ;QAK1C,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAC;IAC3C,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,WAAY,SAAQ,iBAAiB;IAG9B;IAFlB,YACE,SAAgC,EAChB,KAAa;QAE7B,KAAK,CACH,aAAa,SAAS,+EAA+E,EACrG,cAAc,CACf,CAAC;QALc,UAAK,GAAL,KAAK,CAAQ;QAM7B,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,YAAa,SAAQ,iBAAiB;IAG/B;IAFlB,YACE,SAA4C,EAC5B,KAAa;QAE7B,KAAK,CACH,sBAAsB,SAAS,qDAAqD,EACpF,eAAe,CAChB,CAAC;QALc,UAAK,GAAL,KAAK,CAAQ;QAM7B,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAGxB;IAFlB,YACE,OAAe,EACC,IAAY;QAE5B,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,SAAI,GAAJ,IAAI,CAAQ;QAG5B,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,kBAAmB,SAAQ,iBAAiB;IAErC;IACA;IAFlB,YACkB,MAAc,EACd,QAAgB;QAEhC,KAAK,CACH,4BAA4B,MAAM,mBAAmB,QAAQ,yCAAyC,EACtG,iBAAiB,CAClB,CAAC;QANc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAMhC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,iBAAkB,SAAQ,iBAAiB;IAEpC;IACA;IACA;IAHlB,YACkB,MAAc,EACd,QAAgB,EAChB,MAAuE;QAEvF,MAAM,OAAO,GAAG;YACd,gBAAgB,EAAE,4BAA4B;YAC9C,cAAc,EAAE,8BAA8B;YAC9C,qBAAqB,EAAE,2BAA2B;SACnD,CAAC;QACF,KAAK,CACH,2BAA2B,MAAM,mBAAmB,QAAQ,MAAM,OAAO,CAAC,MAAM,CAAC,kCAAkC,EACnH,eAAe,CAChB,CAAC;QAZc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAiE;QAWvF,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,iBAAkB,SAAQ,iBAAiB;IAEpC;IACA;IACA;IAHlB,YACkB,MAAc,EACd,QAAgB,EAChB,aAAsB;QAEtC,KAAK,CACH,mBAAmB,MAAM,mBAAmB,QAAQ,kBAAkB,aAAa,CAAC,CAAC,CAAC,mBAAmB,aAAa,IAAI,CAAC,CAAC,CAAC,EAAE,gCAAgC,EAC/J,eAAe,CAChB,CAAC;QAPc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,kBAAa,GAAb,aAAa,CAAS;QAMtC,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,uBAAwB,SAAQ,iBAAiB;IAE1C;IACA;IACA;IACA;IAJlB,YACkB,MAAc,EACd,QAAgB,EAChB,cAAwB,EACxB,aAAuB;QAEvC,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACzE,KAAK,CACH,mBAAmB,MAAM,mBAAmB,QAAQ,iCAAiC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,+CAA+C,EACtJ,qBAAqB,CACtB,CAAC;QATc,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,mBAAc,GAAd,cAAc,CAAU;QACxB,kBAAa,GAAb,aAAa,CAAU;QAOvC,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;IAED,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,iBAAiB;IACnC;IAA5B,YAA4B,QAAgB;QAC1C,KAAK,CACH,aAAa,QAAQ,mEAAmE,EACxF,yBAAyB,CAC1B,CAAC;QAJwB,aAAQ,GAAR,QAAQ,CAAQ;QAK1C,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAC;IAC3C,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,WAAY,SAAQ,iBAAiB;IAG9B;IAFlB,YACE,SAAgC,EAChB,KAAa;QAE7B,KAAK,CACH,aAAa,SAAS,+EAA+E,EACrG,cAAc,CACf,CAAC;QALc,UAAK,GAAL,KAAK,CAAQ;QAM7B,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,YAAa,SAAQ,iBAAiB;IAG/B;IAFlB,YACE,SAA4C,EAC5B,KAAa;QAE7B,KAAK,CACH,sBAAsB,SAAS,qDAAqD,EACpF,eAAe,CAChB,CAAC;QALc,UAAK,GAAL,KAAK,CAAQ;QAM7B,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF"}
|
package/dist/index.d.ts
CHANGED
|
@@ -44,8 +44,8 @@
|
|
|
44
44
|
* @packageDocumentation
|
|
45
45
|
*/
|
|
46
46
|
export { TokenManager } from './token-manager';
|
|
47
|
-
export type { TokenManagerConfig, TokenStorage, TokenProvider, ProviderConfig, StoredToken, TokenData, StoreTokenOptions, GetTokenOptions, ListTokensOptions, ConnectedProvider, RevokeTokenOptions, RefreshResult, } from './types';
|
|
48
|
-
export { TokenManagerError, TokenNotFoundError, TokenExpiredError, InsufficientScopesError, ProviderNotConfiguredError, CryptoError, StorageError, } from './errors';
|
|
47
|
+
export type { TokenManagerConfig, TokenStorage, TokenProvider, ProviderConfig, StoredToken, TokenData, StoreTokenOptions, GetTokenOptions, ListTokensOptions, ConnectedProvider, RevokeTokenOptions, RefreshResult, RefreshFailure, } from './types';
|
|
48
|
+
export { TokenManagerError, TokenNotFoundError, TokenExpiredError, TokenRevokedError, InsufficientScopesError, ProviderNotConfiguredError, CryptoError, StorageError, } from './errors';
|
|
49
49
|
export { encrypt, decrypt, encryptObject, decryptObject } from './crypto';
|
|
50
50
|
export { KVStorage, type KVStorageOptions } from './storage/kv';
|
|
51
51
|
export { GoogleProvider, googleProvider } from './providers/google';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG/C,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,aAAa,EACb,cAAc,EACd,WAAW,EACX,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,aAAa,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG/C,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,aAAa,EACb,cAAc,EACd,WAAW,EACX,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,aAAa,EACb,cAAc,GACf,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,EAC1B,WAAW,EACX,YAAY,GACb,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAG1E,OAAO,EAAE,SAAS,EAAE,KAAK,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC7E,OAAO,EACL,cAAc,EACd,cAAc,EACd,iBAAiB,GAClB,MAAM,oBAAoB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -46,7 +46,7 @@
|
|
|
46
46
|
// Main class
|
|
47
47
|
export { TokenManager } from './token-manager';
|
|
48
48
|
// Errors
|
|
49
|
-
export { TokenManagerError, TokenNotFoundError, TokenExpiredError, InsufficientScopesError, ProviderNotConfiguredError, CryptoError, StorageError, } from './errors';
|
|
49
|
+
export { TokenManagerError, TokenNotFoundError, TokenExpiredError, TokenRevokedError, InsufficientScopesError, ProviderNotConfiguredError, CryptoError, StorageError, } from './errors';
|
|
50
50
|
// Crypto utilities (for advanced usage)
|
|
51
51
|
export { encrypt, decrypt, encryptObject, decryptObject } from './crypto';
|
|
52
52
|
// Storage adapters (re-exported for convenience)
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,aAAa;AACb,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,aAAa;AACb,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAmB/C,SAAS;AACT,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,EAC1B,WAAW,EACX,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,wCAAwC;AACxC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAE1E,iDAAiD;AACjD,OAAO,EAAE,SAAS,EAAyB,MAAM,cAAc,CAAC;AAEhE,2CAA2C;AAC3C,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC7E,OAAO,EACL,cAAc,EACd,cAAc,EACd,iBAAiB,GAClB,MAAM,oBAAoB,CAAC"}
|
|
@@ -14,17 +14,17 @@
|
|
|
14
14
|
* To revoke a token programmatically, use the GitHub API:
|
|
15
15
|
* DELETE /applications/{client_id}/token
|
|
16
16
|
*/
|
|
17
|
-
import type { TokenProvider, ProviderConfig, RefreshResult } from '../types';
|
|
17
|
+
import type { TokenProvider, ProviderConfig, RefreshResult, RefreshFailure } from '../types';
|
|
18
18
|
/**
|
|
19
19
|
* GitHub OAuth token provider
|
|
20
20
|
*
|
|
21
|
-
* Note: GitHub tokens don't expire, so refresh()
|
|
22
|
-
*
|
|
21
|
+
* Note: GitHub tokens don't expire, so refresh() should never be called.
|
|
22
|
+
* If it is called, the token must have been revoked.
|
|
23
23
|
*/
|
|
24
24
|
export declare class GitHubProvider implements TokenProvider {
|
|
25
25
|
readonly id = "github";
|
|
26
26
|
readonly supportsRefresh = false;
|
|
27
|
-
refresh(_refreshToken: string, _config: ProviderConfig): Promise<RefreshResult |
|
|
27
|
+
refresh(_refreshToken: string, _config: ProviderConfig): Promise<RefreshResult | RefreshFailure>;
|
|
28
28
|
}
|
|
29
29
|
/**
|
|
30
30
|
* Default GitHub provider instance
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../src/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../src/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE7F;;;;;GAKG;AACH,qBAAa,cAAe,YAAW,aAAa;IAClD,QAAQ,CAAC,EAAE,YAAY;IACvB,QAAQ,CAAC,eAAe,SAAS;IAE3B,OAAO,CACX,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;CAY3C;AAED;;GAEG;AACH,eAAO,MAAM,cAAc,gBAAuB,CAAC;AAEnD;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC,CAuBlB"}
|
package/dist/providers/github.js
CHANGED
|
@@ -17,18 +17,21 @@
|
|
|
17
17
|
/**
|
|
18
18
|
* GitHub OAuth token provider
|
|
19
19
|
*
|
|
20
|
-
* Note: GitHub tokens don't expire, so refresh()
|
|
21
|
-
*
|
|
20
|
+
* Note: GitHub tokens don't expire, so refresh() should never be called.
|
|
21
|
+
* If it is called, the token must have been revoked.
|
|
22
22
|
*/
|
|
23
23
|
export class GitHubProvider {
|
|
24
24
|
id = 'github';
|
|
25
25
|
supportsRefresh = false;
|
|
26
26
|
async refresh(_refreshToken, _config) {
|
|
27
|
-
// GitHub tokens don't expire -
|
|
28
|
-
// If a token is invalid, user needs to re-authenticate
|
|
27
|
+
// GitHub tokens don't expire - if we're here, the token was revoked
|
|
29
28
|
console.warn('[GitHubProvider] refresh() called but GitHub tokens do not expire. ' +
|
|
30
|
-
'
|
|
31
|
-
return
|
|
29
|
+
'The token must have been revoked.');
|
|
30
|
+
return {
|
|
31
|
+
revoked: true,
|
|
32
|
+
errorCode: 'github_tokens_dont_expire',
|
|
33
|
+
errorMessage: 'GitHub tokens do not expire. If invalid, the token was revoked.',
|
|
34
|
+
};
|
|
32
35
|
}
|
|
33
36
|
}
|
|
34
37
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"github.js","sourceRoot":"","sources":["../../src/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IAChB,EAAE,GAAG,QAAQ,CAAC;IACd,eAAe,GAAG,KAAK,CAAC;IAEjC,KAAK,CAAC,OAAO,CACX,aAAqB,EACrB,OAAuB;QAEvB,
|
|
1
|
+
{"version":3,"file":"github.js","sourceRoot":"","sources":["../../src/providers/github.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IAChB,EAAE,GAAG,QAAQ,CAAC;IACd,eAAe,GAAG,KAAK,CAAC;IAEjC,KAAK,CAAC,OAAO,CACX,aAAqB,EACrB,OAAuB;QAEvB,oEAAoE;QACpE,OAAO,CAAC,IAAI,CACV,qEAAqE;YACnE,mCAAmC,CACtC,CAAC;QACF,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,2BAA2B;YACtC,YAAY,EAAE,iEAAiE;SAChF,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;AAEnD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,WAAmB,EACnB,QAAgB,EAChB,YAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,uCAAuC,QAAQ,QAAQ,EACvD;YACE,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE;gBACP,MAAM,EAAE,6BAA6B;gBACrC,sBAAsB,EAAE,YAAY;gBACpC,aAAa,EAAE,SAAS,IAAI,CAAC,GAAG,QAAQ,IAAI,YAAY,EAAE,CAAC,EAAE;gBAC7D,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;SACpD,CACF,CAAC;QAEF,2BAA2B;QAC3B,sCAAsC;QACtC,OAAO,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC;IAC5D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
|
@@ -8,14 +8,14 @@
|
|
|
8
8
|
*
|
|
9
9
|
* Requires `access_type=offline` during initial OAuth to get refresh token
|
|
10
10
|
*/
|
|
11
|
-
import type { TokenProvider, ProviderConfig, RefreshResult } from '../types';
|
|
11
|
+
import type { TokenProvider, ProviderConfig, RefreshResult, RefreshFailure } from '../types';
|
|
12
12
|
/**
|
|
13
13
|
* Google OAuth token provider
|
|
14
14
|
*/
|
|
15
15
|
export declare class GoogleProvider implements TokenProvider {
|
|
16
16
|
readonly id = "google";
|
|
17
17
|
readonly supportsRefresh = true;
|
|
18
|
-
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult |
|
|
18
|
+
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult | RefreshFailure>;
|
|
19
19
|
}
|
|
20
20
|
/**
|
|
21
21
|
* Default Google provider instance
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../src/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../src/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAoB7F;;GAEG;AACH,qBAAa,cAAe,YAAW,aAAa;IAClD,QAAQ,CAAC,EAAE,YAAY;IACvB,QAAQ,CAAC,eAAe,QAAQ;IAE1B,OAAO,CACX,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;CA0C3C;AAED;;GAEG;AACH,eAAO,MAAM,cAAc,gBAAuB,CAAC"}
|
package/dist/providers/google.js
CHANGED
|
@@ -9,6 +9,8 @@
|
|
|
9
9
|
* Requires `access_type=offline` during initial OAuth to get refresh token
|
|
10
10
|
*/
|
|
11
11
|
const TOKEN_URL = 'https://oauth2.googleapis.com/token';
|
|
12
|
+
/** Google error codes that indicate permanent token revocation */
|
|
13
|
+
const REVOCATION_ERRORS = ['invalid_grant', 'unauthorized_client'];
|
|
12
14
|
/**
|
|
13
15
|
* Google OAuth token provider
|
|
14
16
|
*/
|
|
@@ -16,44 +18,39 @@ export class GoogleProvider {
|
|
|
16
18
|
id = 'google';
|
|
17
19
|
supportsRefresh = true;
|
|
18
20
|
async refresh(refreshToken, config) {
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
}
|
|
41
|
-
// Other errors - throw to retry later
|
|
42
|
-
throw new Error(`Token refresh failed: ${error.error}`);
|
|
21
|
+
const response = await fetch(TOKEN_URL, {
|
|
22
|
+
method: 'POST',
|
|
23
|
+
headers: {
|
|
24
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
25
|
+
},
|
|
26
|
+
body: new URLSearchParams({
|
|
27
|
+
client_id: config.clientId,
|
|
28
|
+
client_secret: config.clientSecret,
|
|
29
|
+
refresh_token: refreshToken,
|
|
30
|
+
grant_type: 'refresh_token',
|
|
31
|
+
}).toString(),
|
|
32
|
+
});
|
|
33
|
+
if (!response.ok) {
|
|
34
|
+
const error = (await response.json());
|
|
35
|
+
console.error(`[GoogleProvider] Token refresh failed: ${error.error} - ${error.error_description}`);
|
|
36
|
+
// Check for permanent revocation errors
|
|
37
|
+
if (REVOCATION_ERRORS.includes(error.error)) {
|
|
38
|
+
return {
|
|
39
|
+
revoked: true,
|
|
40
|
+
errorCode: error.error,
|
|
41
|
+
errorMessage: error.error_description,
|
|
42
|
+
};
|
|
43
43
|
}
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
accessToken: data.access_token,
|
|
47
|
-
// Google may return a new refresh token (rare, but handle it)
|
|
48
|
-
refreshToken: data.refresh_token,
|
|
49
|
-
expiresAt: Date.now() + data.expires_in * 1000,
|
|
50
|
-
};
|
|
51
|
-
}
|
|
52
|
-
catch (error) {
|
|
53
|
-
console.error('[GoogleProvider] Refresh error:', error);
|
|
54
|
-
// Network errors or unexpected issues - return null to trigger re-auth
|
|
55
|
-
return null;
|
|
44
|
+
// Other errors (rate limit, server error) - throw for retry
|
|
45
|
+
throw new Error(`Token refresh failed: ${error.error} - ${error.error_description || ''}`);
|
|
56
46
|
}
|
|
47
|
+
const data = (await response.json());
|
|
48
|
+
return {
|
|
49
|
+
accessToken: data.access_token,
|
|
50
|
+
// Google may return a new refresh token (rare, but handle it)
|
|
51
|
+
refreshToken: data.refresh_token,
|
|
52
|
+
expiresAt: Date.now() + data.expires_in * 1000,
|
|
53
|
+
};
|
|
57
54
|
}
|
|
58
55
|
}
|
|
59
56
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,MAAM,SAAS,GAAG,qCAAqC,CAAC;AAexD;;GAEG;AACH,MAAM,OAAO,cAAc;IAChB,EAAE,GAAG,QAAQ,CAAC;IACd,eAAe,GAAG,IAAI,CAAC;IAEhC,KAAK,CAAC,OAAO,CACX,YAAoB,EACpB,MAAsB;QAEtB,
|
|
1
|
+
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,MAAM,SAAS,GAAG,qCAAqC,CAAC;AAexD,kEAAkE;AAClE,MAAM,iBAAiB,GAAG,CAAC,eAAe,EAAE,qBAAqB,CAAC,CAAC;AAEnE;;GAEG;AACH,MAAM,OAAO,cAAc;IAChB,EAAE,GAAG,QAAQ,CAAC;IACd,eAAe,GAAG,IAAI,CAAC;IAEhC,KAAK,CAAC,OAAO,CACX,YAAoB,EACpB,MAAsB;QAEtB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACtC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,MAAM,CAAC,QAAQ;gBAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,aAAa,EAAE,YAAY;gBAC3B,UAAU,EAAE,eAAe;aAC5B,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;YAC7D,OAAO,CAAC,KAAK,CACX,0CAA0C,KAAK,CAAC,KAAK,MAAM,KAAK,CAAC,iBAAiB,EAAE,CACrF,CAAC;YAEF,wCAAwC;YACxC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,KAAK,CAAC,KAAK;oBACtB,YAAY,EAAE,KAAK,CAAC,iBAAiB;iBACtC,CAAC;YACJ,CAAC;YAED,4DAA4D;YAC5D,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,KAAK,MAAM,KAAK,CAAC,iBAAiB,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;QAE5D,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,8DAA8D;YAC9D,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;SAC/C,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC"}
|
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
* - 'consumers': Personal Microsoft accounts only
|
|
13
13
|
* - '{tenant-id}': Specific organization only
|
|
14
14
|
*/
|
|
15
|
-
import type { TokenProvider, ProviderConfig, RefreshResult } from '../types';
|
|
15
|
+
import type { TokenProvider, ProviderConfig, RefreshResult, RefreshFailure } from '../types';
|
|
16
16
|
/**
|
|
17
17
|
* Microsoft OAuth token provider
|
|
18
18
|
*/
|
|
@@ -20,7 +20,7 @@ export declare class MicrosoftProvider implements TokenProvider {
|
|
|
20
20
|
readonly id = "microsoft";
|
|
21
21
|
readonly supportsRefresh = true;
|
|
22
22
|
private getTokenUrl;
|
|
23
|
-
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult |
|
|
23
|
+
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult | RefreshFailure>;
|
|
24
24
|
}
|
|
25
25
|
/**
|
|
26
26
|
* Default Microsoft provider instance
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../src/providers/microsoft.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../src/providers/microsoft.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AA0B7F;;GAEG;AACH,qBAAa,iBAAkB,YAAW,aAAa;IACrD,QAAQ,CAAC,EAAE,eAAe;IAC1B,QAAQ,CAAC,eAAe,QAAQ;IAEhC,OAAO,CAAC,WAAW;IAIb,OAAO,CACX,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;CAiD3C;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,mBAA0B,CAAC"}
|
|
@@ -13,6 +13,13 @@
|
|
|
13
13
|
* - '{tenant-id}': Specific organization only
|
|
14
14
|
*/
|
|
15
15
|
const DEFAULT_TENANT = 'common';
|
|
16
|
+
/**
|
|
17
|
+
* Microsoft AADSTS error codes that indicate permanent token revocation
|
|
18
|
+
* - 70000: Refresh token expired
|
|
19
|
+
* - 50173: Refresh token expired (password change)
|
|
20
|
+
* - 700082: Refresh token expired (inactivity)
|
|
21
|
+
*/
|
|
22
|
+
const REVOCATION_ERROR_CODES = [70000, 50173, 700082];
|
|
16
23
|
/**
|
|
17
24
|
* Microsoft OAuth token provider
|
|
18
25
|
*/
|
|
@@ -25,44 +32,41 @@ export class MicrosoftProvider {
|
|
|
25
32
|
async refresh(refreshToken, config) {
|
|
26
33
|
const tenantId = config.tenantId ?? DEFAULT_TENANT;
|
|
27
34
|
const tokenUrl = this.getTokenUrl(tenantId);
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
error.
|
|
50
|
-
|
|
51
|
-
}
|
|
52
|
-
throw new Error(`Token refresh failed: ${error.error}`);
|
|
35
|
+
const response = await fetch(tokenUrl, {
|
|
36
|
+
method: 'POST',
|
|
37
|
+
headers: {
|
|
38
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
39
|
+
},
|
|
40
|
+
body: new URLSearchParams({
|
|
41
|
+
client_id: config.clientId,
|
|
42
|
+
client_secret: config.clientSecret,
|
|
43
|
+
refresh_token: refreshToken,
|
|
44
|
+
grant_type: 'refresh_token',
|
|
45
|
+
}).toString(),
|
|
46
|
+
});
|
|
47
|
+
if (!response.ok) {
|
|
48
|
+
const error = (await response.json());
|
|
49
|
+
console.error(`[MicrosoftProvider] Token refresh failed: ${error.error} - ${error.error_description}`);
|
|
50
|
+
// Check for permanent revocation errors
|
|
51
|
+
const isRevoked = error.error === 'invalid_grant' ||
|
|
52
|
+
error.error_codes?.some((code) => REVOCATION_ERROR_CODES.includes(code));
|
|
53
|
+
if (isRevoked) {
|
|
54
|
+
return {
|
|
55
|
+
revoked: true,
|
|
56
|
+
errorCode: error.error,
|
|
57
|
+
errorMessage: error.error_description,
|
|
58
|
+
};
|
|
53
59
|
}
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
accessToken: data.access_token,
|
|
57
|
-
// Microsoft typically returns a new refresh token - always use it!
|
|
58
|
-
refreshToken: data.refresh_token,
|
|
59
|
-
expiresAt: Date.now() + data.expires_in * 1000,
|
|
60
|
-
};
|
|
61
|
-
}
|
|
62
|
-
catch (error) {
|
|
63
|
-
console.error('[MicrosoftProvider] Refresh error:', error);
|
|
64
|
-
return null;
|
|
60
|
+
// Other errors (rate limit, server error) - throw for retry
|
|
61
|
+
throw new Error(`Token refresh failed: ${error.error} - ${error.error_description || ''}`);
|
|
65
62
|
}
|
|
63
|
+
const data = (await response.json());
|
|
64
|
+
return {
|
|
65
|
+
accessToken: data.access_token,
|
|
66
|
+
// Microsoft typically returns a new refresh token - always use it!
|
|
67
|
+
refreshToken: data.refresh_token,
|
|
68
|
+
expiresAt: Date.now() + data.expires_in * 1000,
|
|
69
|
+
};
|
|
66
70
|
}
|
|
67
71
|
}
|
|
68
72
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"microsoft.js","sourceRoot":"","sources":["../../src/providers/microsoft.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,MAAM,cAAc,GAAG,QAAQ,CAAC;AAgBhC;;GAEG;AACH,MAAM,OAAO,iBAAiB;IACnB,EAAE,GAAG,WAAW,CAAC;IACjB,eAAe,GAAG,IAAI,CAAC;IAExB,WAAW,CAAC,QAAgB;QAClC,OAAO,qCAAqC,QAAQ,oBAAoB,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,OAAO,CACX,YAAoB,EACpB,MAAsB;QAEtB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,cAAc,CAAC;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,
|
|
1
|
+
{"version":3,"file":"microsoft.js","sourceRoot":"","sources":["../../src/providers/microsoft.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,MAAM,cAAc,GAAG,QAAQ,CAAC;AAgBhC;;;;;GAKG;AACH,MAAM,sBAAsB,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;AAEtD;;GAEG;AACH,MAAM,OAAO,iBAAiB;IACnB,EAAE,GAAG,WAAW,CAAC;IACjB,eAAe,GAAG,IAAI,CAAC;IAExB,WAAW,CAAC,QAAgB;QAClC,OAAO,qCAAqC,QAAQ,oBAAoB,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,OAAO,CACX,YAAoB,EACpB,MAAsB;QAEtB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,cAAc,CAAC;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,MAAM,CAAC,QAAQ;gBAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,aAAa,EAAE,YAAY;gBAC3B,UAAU,EAAE,eAAe;aAC5B,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2B,CAAC;YAChE,OAAO,CAAC,KAAK,CACX,6CAA6C,KAAK,CAAC,KAAK,MAAM,KAAK,CAAC,iBAAiB,EAAE,CACxF,CAAC;YAEF,wCAAwC;YACxC,MAAM,SAAS,GACb,KAAK,CAAC,KAAK,KAAK,eAAe;gBAC/B,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAE3E,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,KAAK,CAAC,KAAK;oBACtB,YAAY,EAAE,KAAK,CAAC,iBAAiB;iBACtC,CAAC;YACJ,CAAC;YAED,4DAA4D;YAC5D,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,KAAK,MAAM,KAAK,CAAC,iBAAiB,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2B,CAAC;QAE/D,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,mEAAmE;YACnE,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;SAC/C,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,iBAAiB,EAAE,CAAC"}
|
package/dist/storage/kv.d.ts
CHANGED
|
@@ -1,9 +1,13 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Cloudflare KV Storage Adapter
|
|
3
3
|
*
|
|
4
|
-
* Key structure:
|
|
5
|
-
* - tokens:{userId}:{provider} → encrypted token data
|
|
6
|
-
* - token-index:{userId} → JSON array of provider
|
|
4
|
+
* Key structure (multi-account support):
|
|
5
|
+
* - tokens:{userId}:{provider}:{alias} → encrypted token data
|
|
6
|
+
* - token-index:{userId} → JSON array of "provider:alias" strings (for listing)
|
|
7
|
+
*
|
|
8
|
+
* Backward compatibility:
|
|
9
|
+
* - Missing alias defaults to 'default'
|
|
10
|
+
* - Old keys (without alias) are migrated on access
|
|
7
11
|
*
|
|
8
12
|
* Note: KV is eventually consistent. For strict consistency needs, use D1 adapter.
|
|
9
13
|
*/
|
|
@@ -26,12 +30,28 @@ export declare class KVStorage implements TokenStorage {
|
|
|
26
30
|
constructor(options: KVStorageOptions);
|
|
27
31
|
private tokenKey;
|
|
28
32
|
private indexKey;
|
|
29
|
-
|
|
33
|
+
/**
|
|
34
|
+
* Parse a provider:alias index entry
|
|
35
|
+
*/
|
|
36
|
+
private parseIndexEntry;
|
|
37
|
+
/**
|
|
38
|
+
* Create a provider:alias index entry
|
|
39
|
+
*/
|
|
40
|
+
private indexEntry;
|
|
41
|
+
get(userId: string, provider: string, alias?: string): Promise<StoredToken | null>;
|
|
42
|
+
/**
|
|
43
|
+
* Decrypt a stored token
|
|
44
|
+
*/
|
|
45
|
+
private decryptToken;
|
|
46
|
+
/**
|
|
47
|
+
* Migrate old index entries (provider only) to new format (provider:alias)
|
|
48
|
+
*/
|
|
49
|
+
private migrateIndex;
|
|
30
50
|
set(token: StoredToken): Promise<void>;
|
|
31
|
-
delete(userId: string, provider: string): Promise<void>;
|
|
51
|
+
delete(userId: string, provider: string, alias?: string): Promise<void>;
|
|
32
52
|
list(userId: string): Promise<ConnectedProvider[]>;
|
|
33
53
|
/**
|
|
34
|
-
* Update the provider index for a user
|
|
54
|
+
* Update the provider:alias index for a user
|
|
35
55
|
*/
|
|
36
56
|
private updateIndex;
|
|
37
57
|
}
|
package/dist/storage/kv.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kv.d.ts","sourceRoot":"","sources":["../../src/storage/kv.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"kv.d.ts","sourceRoot":"","sources":["../../src/storage/kv.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,WAAW,EACX,iBAAiB,EAClB,MAAM,UAAU,CAAC;AA+BlB,MAAM,WAAW,gBAAgB;IAC/B,sCAAsC;IACtC,SAAS,EAAE,WAAW,CAAC;IACvB,oCAAoC;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,8CAA8C;IAC9C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,qBAAa,SAAU,YAAW,YAAY;IAC5C,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAc;IACjC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,OAAO,EAAE,gBAAgB;IAMrC,OAAO,CAAC,QAAQ;IAIhB,OAAO,CAAC,QAAQ;IAIhB;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,UAAU;IAIZ,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,GAAE,MAAsB,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IA8BvG;;OAEG;YACW,YAAY;IAa1B;;OAEG;YACW,YAAY;IAapB,GAAG,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAqCtC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,GAAE,MAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAUtF,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAiCxD;;OAEG;YACW,WAAW;CA2B1B"}
|
package/dist/storage/kv.js
CHANGED
|
@@ -1,9 +1,13 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Cloudflare KV Storage Adapter
|
|
3
3
|
*
|
|
4
|
-
* Key structure:
|
|
5
|
-
* - tokens:{userId}:{provider} → encrypted token data
|
|
6
|
-
* - token-index:{userId} → JSON array of provider
|
|
4
|
+
* Key structure (multi-account support):
|
|
5
|
+
* - tokens:{userId}:{provider}:{alias} → encrypted token data
|
|
6
|
+
* - token-index:{userId} → JSON array of "provider:alias" strings (for listing)
|
|
7
|
+
*
|
|
8
|
+
* Backward compatibility:
|
|
9
|
+
* - Missing alias defaults to 'default'
|
|
10
|
+
* - Old keys (without alias) are migrated on access
|
|
7
11
|
*
|
|
8
12
|
* Note: KV is eventually consistent. For strict consistency needs, use D1 adapter.
|
|
9
13
|
*/
|
|
@@ -11,6 +15,7 @@ import { StorageError } from '../errors';
|
|
|
11
15
|
import { encrypt, decrypt } from '../crypto';
|
|
12
16
|
const KEY_PREFIX = 'tokens';
|
|
13
17
|
const INDEX_PREFIX = 'token-index';
|
|
18
|
+
const DEFAULT_ALIAS = 'default';
|
|
14
19
|
/**
|
|
15
20
|
* KV Storage adapter for Cloudflare Workers KV
|
|
16
21
|
*/
|
|
@@ -23,37 +28,89 @@ export class KVStorage {
|
|
|
23
28
|
this.encryptionKey = options.encryptionKey;
|
|
24
29
|
this.keyPrefix = options.keyPrefix ?? KEY_PREFIX;
|
|
25
30
|
}
|
|
26
|
-
tokenKey(userId, provider) {
|
|
27
|
-
return `${this.keyPrefix}:${userId}:${provider}`;
|
|
31
|
+
tokenKey(userId, provider, alias = DEFAULT_ALIAS) {
|
|
32
|
+
return `${this.keyPrefix}:${userId}:${provider}:${alias}`;
|
|
28
33
|
}
|
|
29
34
|
indexKey(userId) {
|
|
30
35
|
return `${INDEX_PREFIX}:${userId}`;
|
|
31
36
|
}
|
|
32
|
-
|
|
37
|
+
/**
|
|
38
|
+
* Parse a provider:alias index entry
|
|
39
|
+
*/
|
|
40
|
+
parseIndexEntry(entry) {
|
|
41
|
+
const parts = entry.split(':');
|
|
42
|
+
if (parts.length === 2) {
|
|
43
|
+
return { provider: parts[0], alias: parts[1] };
|
|
44
|
+
}
|
|
45
|
+
// Backward compatibility: old entries without alias
|
|
46
|
+
return { provider: entry, alias: DEFAULT_ALIAS };
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Create a provider:alias index entry
|
|
50
|
+
*/
|
|
51
|
+
indexEntry(provider, alias) {
|
|
52
|
+
return `${provider}:${alias}`;
|
|
53
|
+
}
|
|
54
|
+
async get(userId, provider, alias = DEFAULT_ALIAS) {
|
|
33
55
|
try {
|
|
34
|
-
const key = this.tokenKey(userId, provider);
|
|
56
|
+
const key = this.tokenKey(userId, provider, alias);
|
|
35
57
|
const data = await this.kv.get(key, 'json');
|
|
36
58
|
if (!data) {
|
|
59
|
+
// Backward compatibility: try old key format (without alias) if looking for default
|
|
60
|
+
if (alias === DEFAULT_ALIAS) {
|
|
61
|
+
const oldKey = `${this.keyPrefix}:${userId}:${provider}`;
|
|
62
|
+
const oldData = await this.kv.get(oldKey, 'json');
|
|
63
|
+
if (oldData) {
|
|
64
|
+
// Migrate to new format
|
|
65
|
+
const migratedToken = { ...oldData, alias: DEFAULT_ALIAS };
|
|
66
|
+
await this.kv.put(key, JSON.stringify(migratedToken));
|
|
67
|
+
await this.kv.delete(oldKey);
|
|
68
|
+
// Also update the index
|
|
69
|
+
await this.migrateIndex(userId, provider);
|
|
70
|
+
// Now decrypt and return
|
|
71
|
+
return this.decryptToken(migratedToken);
|
|
72
|
+
}
|
|
73
|
+
}
|
|
37
74
|
return null;
|
|
38
75
|
}
|
|
39
|
-
|
|
40
|
-
const accessToken = await decrypt(data.accessToken, this.encryptionKey);
|
|
41
|
-
const refreshToken = data.refreshToken
|
|
42
|
-
? await decrypt(data.refreshToken, this.encryptionKey)
|
|
43
|
-
: undefined;
|
|
44
|
-
return {
|
|
45
|
-
...data,
|
|
46
|
-
accessToken,
|
|
47
|
-
refreshToken,
|
|
48
|
-
};
|
|
76
|
+
return this.decryptToken(data);
|
|
49
77
|
}
|
|
50
78
|
catch (error) {
|
|
51
79
|
throw new StorageError('get', error instanceof Error ? error : undefined);
|
|
52
80
|
}
|
|
53
81
|
}
|
|
82
|
+
/**
|
|
83
|
+
* Decrypt a stored token
|
|
84
|
+
*/
|
|
85
|
+
async decryptToken(data) {
|
|
86
|
+
const accessToken = await decrypt(data.accessToken, this.encryptionKey);
|
|
87
|
+
const refreshToken = data.refreshToken
|
|
88
|
+
? await decrypt(data.refreshToken, this.encryptionKey)
|
|
89
|
+
: undefined;
|
|
90
|
+
return {
|
|
91
|
+
...data,
|
|
92
|
+
accessToken,
|
|
93
|
+
refreshToken,
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* Migrate old index entries (provider only) to new format (provider:alias)
|
|
98
|
+
*/
|
|
99
|
+
async migrateIndex(userId, provider) {
|
|
100
|
+
const indexKey = this.indexKey(userId);
|
|
101
|
+
const current = (await this.kv.get(indexKey, 'json')) ?? [];
|
|
102
|
+
// Check if old format exists
|
|
103
|
+
const oldIndex = current.indexOf(provider);
|
|
104
|
+
if (oldIndex !== -1) {
|
|
105
|
+
// Replace with new format
|
|
106
|
+
current[oldIndex] = this.indexEntry(provider, DEFAULT_ALIAS);
|
|
107
|
+
await this.kv.put(indexKey, JSON.stringify(current));
|
|
108
|
+
}
|
|
109
|
+
}
|
|
54
110
|
async set(token) {
|
|
55
111
|
try {
|
|
56
|
-
const
|
|
112
|
+
const alias = token.alias ?? DEFAULT_ALIAS;
|
|
113
|
+
const key = this.tokenKey(token.userId, token.provider, alias);
|
|
57
114
|
// Encrypt sensitive fields
|
|
58
115
|
const encryptedAccessToken = await encrypt(token.accessToken, this.encryptionKey);
|
|
59
116
|
const encryptedRefreshToken = token.refreshToken
|
|
@@ -62,6 +119,8 @@ export class KVStorage {
|
|
|
62
119
|
const data = {
|
|
63
120
|
userId: token.userId,
|
|
64
121
|
provider: token.provider,
|
|
122
|
+
alias,
|
|
123
|
+
displayName: token.displayName,
|
|
65
124
|
accessToken: encryptedAccessToken,
|
|
66
125
|
refreshToken: encryptedRefreshToken,
|
|
67
126
|
expiresAt: token.expiresAt,
|
|
@@ -72,17 +131,17 @@ export class KVStorage {
|
|
|
72
131
|
// Store the token
|
|
73
132
|
await this.kv.put(key, JSON.stringify(data));
|
|
74
133
|
// Update the index
|
|
75
|
-
await this.updateIndex(token.userId, token.provider, 'add');
|
|
134
|
+
await this.updateIndex(token.userId, token.provider, alias, 'add');
|
|
76
135
|
}
|
|
77
136
|
catch (error) {
|
|
78
137
|
throw new StorageError('set', error instanceof Error ? error : undefined);
|
|
79
138
|
}
|
|
80
139
|
}
|
|
81
|
-
async delete(userId, provider) {
|
|
140
|
+
async delete(userId, provider, alias = DEFAULT_ALIAS) {
|
|
82
141
|
try {
|
|
83
|
-
const key = this.tokenKey(userId, provider);
|
|
142
|
+
const key = this.tokenKey(userId, provider, alias);
|
|
84
143
|
await this.kv.delete(key);
|
|
85
|
-
await this.updateIndex(userId, provider, 'remove');
|
|
144
|
+
await this.updateIndex(userId, provider, alias, 'remove');
|
|
86
145
|
}
|
|
87
146
|
catch (error) {
|
|
88
147
|
throw new StorageError('delete', error instanceof Error ? error : undefined);
|
|
@@ -91,17 +150,20 @@ export class KVStorage {
|
|
|
91
150
|
async list(userId) {
|
|
92
151
|
try {
|
|
93
152
|
const indexKey = this.indexKey(userId);
|
|
94
|
-
const
|
|
95
|
-
if (!
|
|
153
|
+
const entries = await this.kv.get(indexKey, 'json');
|
|
154
|
+
if (!entries || entries.length === 0) {
|
|
96
155
|
return [];
|
|
97
156
|
}
|
|
98
157
|
// Fetch each provider's token data
|
|
99
158
|
const results = [];
|
|
100
|
-
for (const
|
|
101
|
-
const
|
|
159
|
+
for (const entry of entries) {
|
|
160
|
+
const { provider, alias } = this.parseIndexEntry(entry);
|
|
161
|
+
const token = await this.get(userId, provider, alias);
|
|
102
162
|
if (token) {
|
|
103
163
|
results.push({
|
|
104
164
|
provider: token.provider,
|
|
165
|
+
alias: token.alias ?? DEFAULT_ALIAS,
|
|
166
|
+
displayName: token.displayName,
|
|
105
167
|
scopes: token.scopes,
|
|
106
168
|
connectedAt: token.createdAt,
|
|
107
169
|
expiresAt: token.expiresAt,
|
|
@@ -115,22 +177,23 @@ export class KVStorage {
|
|
|
115
177
|
}
|
|
116
178
|
}
|
|
117
179
|
/**
|
|
118
|
-
* Update the provider index for a user
|
|
180
|
+
* Update the provider:alias index for a user
|
|
119
181
|
*/
|
|
120
|
-
async updateIndex(userId, provider, action) {
|
|
182
|
+
async updateIndex(userId, provider, alias, action) {
|
|
121
183
|
const indexKey = this.indexKey(userId);
|
|
122
184
|
const current = (await this.kv.get(indexKey, 'json')) ?? [];
|
|
185
|
+
const entry = this.indexEntry(provider, alias);
|
|
123
186
|
let updated;
|
|
124
187
|
if (action === 'add') {
|
|
125
|
-
if (!current.includes(
|
|
126
|
-
updated = [...current,
|
|
188
|
+
if (!current.includes(entry)) {
|
|
189
|
+
updated = [...current, entry];
|
|
127
190
|
}
|
|
128
191
|
else {
|
|
129
192
|
return; // Already in index
|
|
130
193
|
}
|
|
131
194
|
}
|
|
132
195
|
else {
|
|
133
|
-
updated = current.filter((
|
|
196
|
+
updated = current.filter((e) => e !== entry);
|
|
134
197
|
}
|
|
135
198
|
if (updated.length === 0) {
|
|
136
199
|
await this.kv.delete(indexKey);
|
package/dist/storage/kv.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kv.js","sourceRoot":"","sources":["../../src/storage/kv.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"kv.js","sourceRoot":"","sources":["../../src/storage/kv.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAOH,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE7C,MAAM,UAAU,GAAG,QAAQ,CAAC;AAC5B,MAAM,YAAY,GAAG,aAAa,CAAC;AAEnC,MAAM,aAAa,GAAG,SAAS,CAAC;AAiChC;;GAEG;AACH,MAAM,OAAO,SAAS;IACH,EAAE,CAAc;IAChB,aAAa,CAAS;IACtB,SAAS,CAAS;IAEnC,YAAY,OAAyB;QACnC,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC;QAC5B,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,UAAU,CAAC;IACnD,CAAC;IAEO,QAAQ,CAAC,MAAc,EAAE,QAAgB,EAAE,QAAgB,aAAa;QAC9E,OAAO,GAAG,IAAI,CAAC,SAAS,IAAI,MAAM,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;IAC5D,CAAC;IAEO,QAAQ,CAAC,MAAc;QAC7B,OAAO,GAAG,YAAY,IAAI,MAAM,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAa;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,CAAC;QACD,oDAAoD;QACpD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;IACnD,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,QAAgB,EAAE,KAAa;QAChD,OAAO,GAAG,QAAQ,IAAI,KAAK,EAAE,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,QAAgB,EAAE,QAAgB,aAAa;QACvE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YACnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAuB,GAAG,EAAE,MAAM,CAAC,CAAC;YAElE,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,oFAAoF;gBACpF,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;oBAC5B,MAAM,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,IAAI,MAAM,IAAI,QAAQ,EAAE,CAAC;oBACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAuB,MAAM,EAAE,MAAM,CAAC,CAAC;oBACxE,IAAI,OAAO,EAAE,CAAC;wBACZ,wBAAwB;wBACxB,MAAM,aAAa,GAAG,EAAE,GAAG,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;wBAC3D,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;wBACtD,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;wBAC7B,wBAAwB;wBACxB,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;wBAC1C,yBAAyB;wBACzB,OAAO,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;oBAC1C,CAAC;gBACH,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CAAC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,IAA0B;QACnD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACxE,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY;YACpC,CAAC,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;QAEd,OAAO;YACL,GAAG,IAAI;YACP,WAAW;YACX,YAAY;SACb,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,QAAgB;QACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAW,QAAQ,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAEtE,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,0BAA0B;YAC1B,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;YAC7D,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAAkB;QAC1B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,aAAa,CAAC;YAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAE/D,2BAA2B;YAC3B,MAAM,oBAAoB,GAAG,MAAM,OAAO,CACxC,KAAK,CAAC,WAAW,EACjB,IAAI,CAAC,aAAa,CACnB,CAAC;YACF,MAAM,qBAAqB,GAAG,KAAK,CAAC,YAAY;gBAC9C,CAAC,CAAC,MAAM,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC;gBACvD,CAAC,CAAC,SAAS,CAAC;YAEd,MAAM,IAAI,GAAyB;gBACjC,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,KAAK;gBACL,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,WAAW,EAAE,oBAAoB;gBACjC,YAAY,EAAE,qBAAqB;gBACnC,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B,CAAC;YAEF,kBAAkB;YAClB,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAE7C,mBAAmB;YACnB,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QACrE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CAAC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,QAAgB,EAAE,QAAgB,aAAa;QAC1E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YACnD,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC1B,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CAAC,QAAQ,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,MAAc;QACvB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAW,QAAQ,EAAE,MAAM,CAAC,CAAC;YAE9D,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrC,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,mCAAmC;YACnC,MAAM,OAAO,GAAwB,EAAE,CAAC;YAExC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;gBACxD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;gBACtD,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,IAAI,CAAC;wBACX,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,aAAa;wBACnC,WAAW,EAAE,KAAK,CAAC,WAAW;wBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;wBACpB,WAAW,EAAE,KAAK,CAAC,SAAS;wBAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;qBAC3B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CAAC,MAAM,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CACvB,MAAc,EACd,QAAgB,EAChB,KAAa,EACb,MAAwB;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAW,QAAQ,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACtE,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAE/C,IAAI,OAAiB,CAAC;QACtB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC7B,OAAO,GAAG,CAAC,GAAG,OAAO,EAAE,KAAK,CAAC,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,mBAAmB;YAC7B,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;CACF"}
|
package/dist/token-manager.d.ts
CHANGED
|
@@ -73,11 +73,20 @@ export declare class TokenManager {
|
|
|
73
73
|
/**
|
|
74
74
|
* Check if a user has a token for a provider (without retrieving it)
|
|
75
75
|
*/
|
|
76
|
-
has(userId: string, provider: string): Promise<boolean>;
|
|
76
|
+
has(userId: string, provider: string, alias?: string): Promise<boolean>;
|
|
77
77
|
/**
|
|
78
78
|
* Refresh an expired token
|
|
79
|
+
*
|
|
80
|
+
* Handles three outcomes:
|
|
81
|
+
* 1. Success: Returns new token data, updates storage
|
|
82
|
+
* 2. Revoked: Deletes token from storage, throws TokenRevokedError
|
|
83
|
+
* 3. Temporary error: Re-throws error (caller can retry)
|
|
79
84
|
*/
|
|
80
85
|
private refreshToken;
|
|
86
|
+
/**
|
|
87
|
+
* Type guard for RefreshFailure
|
|
88
|
+
*/
|
|
89
|
+
private isRefreshFailure;
|
|
81
90
|
/**
|
|
82
91
|
* Register a custom provider implementation
|
|
83
92
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAElB,aAAa,EAGb,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,
|
|
1
|
+
{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAElB,aAAa,EAGb,SAAS,EACT,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAEnB,MAAM,SAAS,CAAC;AA0BjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAe;IACvC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA8B;IACxD,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAS;gBAElC,MAAM,EAAE,kBAAkB;IAMtC;;;;OAIG;IACG,KAAK,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBtD;;;;;;;;;;;OAWG;IACG,GAAG,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC;IA0CvD;;OAEG;IACG,IAAI,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAIpE;;;;;;OAMG;IACG,MAAM,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAKxD;;OAEG;IACG,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,GAAE,MAAkB,GAAG,OAAO,CAAC,OAAO,CAAC;IAKxF;;;;;;;OAOG;YACW,YAAY;IA8D1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IASxB;;;;OAIG;IACH,MAAM,CAAC,gBAAgB,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI;CAGvD"}
|
package/dist/token-manager.js
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Main entry point for storing, retrieving, and refreshing OAuth tokens
|
|
5
5
|
* for downstream API access in Cloudflare Workers.
|
|
6
6
|
*/
|
|
7
|
-
import { TokenNotFoundError, TokenExpiredError, InsufficientScopesError, ProviderNotConfiguredError, } from './errors';
|
|
7
|
+
import { TokenNotFoundError, TokenExpiredError, TokenRevokedError, InsufficientScopesError, ProviderNotConfiguredError, } from './errors';
|
|
8
8
|
import { GoogleProvider } from './providers/google';
|
|
9
9
|
import { MicrosoftProvider } from './providers/microsoft';
|
|
10
10
|
import { GitHubProvider } from './providers/github';
|
|
@@ -63,11 +63,14 @@ export class TokenManager {
|
|
|
63
63
|
*/
|
|
64
64
|
async store(options) {
|
|
65
65
|
const now = Date.now();
|
|
66
|
+
const alias = options.alias ?? 'default';
|
|
66
67
|
// Check if token already exists (update vs create)
|
|
67
|
-
const existing = await this.storage.get(options.userId, options.provider);
|
|
68
|
+
const existing = await this.storage.get(options.userId, options.provider, alias);
|
|
68
69
|
const token = {
|
|
69
70
|
userId: options.userId,
|
|
70
71
|
provider: options.provider,
|
|
72
|
+
alias,
|
|
73
|
+
displayName: options.displayName,
|
|
71
74
|
accessToken: options.accessToken,
|
|
72
75
|
refreshToken: options.refreshToken,
|
|
73
76
|
expiresAt: options.expiresAt,
|
|
@@ -90,9 +93,9 @@ export class TokenManager {
|
|
|
90
93
|
* @throws ProviderNotConfiguredError - Provider not in config (for refresh)
|
|
91
94
|
*/
|
|
92
95
|
async get(options) {
|
|
93
|
-
const { userId, provider, requiredScopes, refreshBuffer } = options;
|
|
96
|
+
const { userId, provider, alias = 'default', requiredScopes, refreshBuffer } = options;
|
|
94
97
|
// Fetch stored token
|
|
95
|
-
const stored = await this.storage.get(userId, provider);
|
|
98
|
+
const stored = await this.storage.get(userId, provider, alias);
|
|
96
99
|
if (!stored) {
|
|
97
100
|
throw new TokenNotFoundError(userId, provider);
|
|
98
101
|
}
|
|
@@ -130,20 +133,26 @@ export class TokenManager {
|
|
|
130
133
|
* the provider's revocation endpoint.
|
|
131
134
|
*/
|
|
132
135
|
async revoke(options) {
|
|
133
|
-
|
|
136
|
+
const alias = options.alias ?? 'default';
|
|
137
|
+
await this.storage.delete(options.userId, options.provider, alias);
|
|
134
138
|
}
|
|
135
139
|
/**
|
|
136
140
|
* Check if a user has a token for a provider (without retrieving it)
|
|
137
141
|
*/
|
|
138
|
-
async has(userId, provider) {
|
|
139
|
-
const token = await this.storage.get(userId, provider);
|
|
142
|
+
async has(userId, provider, alias = 'default') {
|
|
143
|
+
const token = await this.storage.get(userId, provider, alias);
|
|
140
144
|
return token !== null;
|
|
141
145
|
}
|
|
142
146
|
/**
|
|
143
147
|
* Refresh an expired token
|
|
148
|
+
*
|
|
149
|
+
* Handles three outcomes:
|
|
150
|
+
* 1. Success: Returns new token data, updates storage
|
|
151
|
+
* 2. Revoked: Deletes token from storage, throws TokenRevokedError
|
|
152
|
+
* 3. Temporary error: Re-throws error (caller can retry)
|
|
144
153
|
*/
|
|
145
154
|
async refreshToken(stored) {
|
|
146
|
-
const { userId, provider, refreshToken } = stored;
|
|
155
|
+
const { userId, provider, alias = 'default', refreshToken } = stored;
|
|
147
156
|
// Check for refresh token
|
|
148
157
|
if (!refreshToken) {
|
|
149
158
|
throw new TokenExpiredError(userId, provider, 'no_refresh_token');
|
|
@@ -166,17 +175,22 @@ export class TokenManager {
|
|
|
166
175
|
// If we got here, the token must be invalid
|
|
167
176
|
throw new TokenExpiredError(userId, provider, 'refresh_failed');
|
|
168
177
|
}
|
|
169
|
-
// Attempt refresh
|
|
170
|
-
const
|
|
171
|
-
if
|
|
172
|
-
|
|
178
|
+
// Attempt refresh - may throw for temporary errors (network, rate limit)
|
|
179
|
+
const result = await providerImpl.refresh(refreshToken, providerConfig);
|
|
180
|
+
// Check if token was revoked
|
|
181
|
+
if (this.isRefreshFailure(result)) {
|
|
182
|
+
// Auto-delete the dead token from storage
|
|
183
|
+
await this.storage.delete(userId, provider, alias);
|
|
184
|
+
console.log(`[TokenManager] Token revoked for ${userId}/${provider}/${alias}, deleted from storage. ` +
|
|
185
|
+
`Error: ${result.errorCode}`);
|
|
186
|
+
throw new TokenRevokedError(userId, provider, result.errorCode);
|
|
173
187
|
}
|
|
174
188
|
// Update stored token with new values
|
|
175
189
|
const updatedToken = {
|
|
176
190
|
...stored,
|
|
177
|
-
accessToken:
|
|
178
|
-
refreshToken:
|
|
179
|
-
expiresAt:
|
|
191
|
+
accessToken: result.accessToken,
|
|
192
|
+
refreshToken: result.refreshToken ?? stored.refreshToken,
|
|
193
|
+
expiresAt: result.expiresAt,
|
|
180
194
|
updatedAt: Date.now(),
|
|
181
195
|
};
|
|
182
196
|
await this.storage.set(updatedToken);
|
|
@@ -187,6 +201,15 @@ export class TokenManager {
|
|
|
187
201
|
scopes: updatedToken.scopes,
|
|
188
202
|
};
|
|
189
203
|
}
|
|
204
|
+
/**
|
|
205
|
+
* Type guard for RefreshFailure
|
|
206
|
+
*/
|
|
207
|
+
isRefreshFailure(result) {
|
|
208
|
+
return (typeof result === 'object' &&
|
|
209
|
+
result !== null &&
|
|
210
|
+
'revoked' in result &&
|
|
211
|
+
result.revoked === true);
|
|
212
|
+
}
|
|
190
213
|
/**
|
|
191
214
|
* Register a custom provider implementation
|
|
192
215
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,kDAAkD;AAClD,MAAM,yBAAyB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEhD;;GAEG;AACH,MAAM,gBAAgB,GAAkC;IACtD,MAAM,EAAE,IAAI,cAAc,EAAE;IAC5B,SAAS,EAAE,IAAI,iBAAiB,EAAE;IAClC,MAAM,EAAE,IAAI,cAAc,EAAE;CAC7B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,OAAO,YAAY;IACN,OAAO,CAAe;IACtB,SAAS,CAA8B;IACvC,oBAAoB,CAAS;IAE9C,YAAY,MAA0B;QACpC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAA+B,CAAC,CAAC;QAC5H,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,oBAAoB,IAAI,yBAAyB,CAAC;IACvF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK,CAAC,OAA0B;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,SAAS,CAAC;QAEzC,mDAAmD;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEjF,MAAM,KAAK,GAAgB;YACzB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,KAAK;YACL,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,QAAQ,EAAE,SAAS,IAAI,GAAG;YACrC,SAAS,EAAE,GAAG;SACf,CAAC;QAEF,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,GAAG,CAAC,OAAwB;QAChC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,GAAG,SAAS,EAAE,cAAc,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;QAEvF,qBAAqB;QACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAE/D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACjD,CAAC;QAED,wBAAwB;QACxB,IAAI,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAClD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAC9B,CAAC;YACF,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,IAAI,uBAAuB,CAC/B,MAAM,EACN,QAAQ,EACR,cAAc,EACd,MAAM,CAAC,MAAM,CACd,CAAC;YACJ,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,aAAa,IAAI,IAAI,CAAC,oBAAoB,CAAC;QAC5D,MAAM,YAAY,GAChB,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC;QAEhE,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,OAAO;YACL,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAA0B;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,OAA2B;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,SAAS,CAAC;QACzC,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,MAAc,EAAE,QAAgB,EAAE,QAAgB,SAAS;QACnE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC9D,OAAO,KAAK,KAAK,IAAI,CAAC;IACxB,CAAC;IAED;;;;;;;OAOG;IACK,KAAK,CAAC,YAAY,CAAC,MAAmB;QAC5C,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,GAAG,SAAS,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QAErE,0BAA0B;QAC1B,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QACpE,CAAC;QAED,sBAAsB;QACtB,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACjD,CAAC;QAED,8BAA8B;QAC9B,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,wDAAwD;YACxD,mDAAmD;YACnD,MAAM,IAAI,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAClE,CAAC;QAED,qCAAqC;QACrC,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;YAClC,8CAA8C;YAC9C,4CAA4C;YAC5C,MAAM,IAAI,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAClE,CAAC;QAED,yEAAyE;QACzE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;QAExE,6BAA6B;QAC7B,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,0CAA0C;YAC1C,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CACT,oCAAoC,MAAM,IAAI,QAAQ,IAAI,KAAK,0BAA0B;gBACvF,UAAU,MAAM,CAAC,SAAS,EAAE,CAC/B,CAAC;YACF,MAAM,IAAI,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAClE,CAAC;QAED,sCAAsC;QACtC,MAAM,YAAY,GAAgB;YAChC,GAAG,MAAM;YACT,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY;YACxD,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;QAEF,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAErC,OAAO;YACL,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,YAAY,EAAE,YAAY,CAAC,YAAY;YACvC,SAAS,EAAE,YAAY,CAAC,SAAS;YACjC,MAAM,EAAE,YAAY,CAAC,MAAM;SAC5B,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,MAAe;QACtC,OAAO,CACL,OAAO,MAAM,KAAK,QAAQ;YAC1B,MAAM,KAAK,IAAI;YACf,SAAS,IAAI,MAAM;YAClB,MAAyB,CAAC,OAAO,KAAK,IAAI,CAC5C,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,gBAAgB,CAAC,QAAuB;QAC7C,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC;IAC3C,CAAC;CACF"}
|
package/dist/types.d.ts
CHANGED
|
@@ -9,6 +9,10 @@ export interface StoredToken {
|
|
|
9
9
|
userId: string;
|
|
10
10
|
/** Provider identifier (e.g., 'google', 'microsoft', 'github') */
|
|
11
11
|
provider: string;
|
|
12
|
+
/** Account alias for multi-account support (e.g., 'work', 'personal'). Default: 'default' */
|
|
13
|
+
alias?: string;
|
|
14
|
+
/** Display name for this account (e.g., email address) */
|
|
15
|
+
displayName?: string;
|
|
12
16
|
/** OAuth access token (encrypted) */
|
|
13
17
|
accessToken: string;
|
|
14
18
|
/** OAuth refresh token (encrypted, optional for providers like GitHub) */
|
|
@@ -37,6 +41,10 @@ export interface TokenData {
|
|
|
37
41
|
export interface StoreTokenOptions {
|
|
38
42
|
userId: string;
|
|
39
43
|
provider: string;
|
|
44
|
+
/** Account alias for multi-account support (e.g., 'work', 'personal'). Default: 'default' */
|
|
45
|
+
alias?: string;
|
|
46
|
+
/** Display name for this account (e.g., user's email address) */
|
|
47
|
+
displayName?: string;
|
|
40
48
|
accessToken: string;
|
|
41
49
|
refreshToken?: string;
|
|
42
50
|
expiresAt?: number;
|
|
@@ -48,6 +56,8 @@ export interface StoreTokenOptions {
|
|
|
48
56
|
export interface GetTokenOptions {
|
|
49
57
|
userId: string;
|
|
50
58
|
provider: string;
|
|
59
|
+
/** Account alias for multi-account support. Default: 'default' */
|
|
60
|
+
alias?: string;
|
|
51
61
|
/** If specified, verify these scopes are present */
|
|
52
62
|
requiredScopes?: string[];
|
|
53
63
|
/** Buffer time in ms before expiry to trigger refresh (default: 5 minutes) */
|
|
@@ -60,10 +70,14 @@ export interface ListTokensOptions {
|
|
|
60
70
|
userId: string;
|
|
61
71
|
}
|
|
62
72
|
/**
|
|
63
|
-
* Summary of a connected provider
|
|
73
|
+
* Summary of a connected provider/account
|
|
64
74
|
*/
|
|
65
75
|
export interface ConnectedProvider {
|
|
66
76
|
provider: string;
|
|
77
|
+
/** Account alias (e.g., 'work', 'personal'). Default: 'default' */
|
|
78
|
+
alias: string;
|
|
79
|
+
/** Display name for this account (e.g., email address) */
|
|
80
|
+
displayName?: string;
|
|
67
81
|
scopes: string[];
|
|
68
82
|
connectedAt: number;
|
|
69
83
|
expiresAt?: number;
|
|
@@ -74,6 +88,8 @@ export interface ConnectedProvider {
|
|
|
74
88
|
export interface RevokeTokenOptions {
|
|
75
89
|
userId: string;
|
|
76
90
|
provider: string;
|
|
91
|
+
/** Account alias. Default: 'default' */
|
|
92
|
+
alias?: string;
|
|
77
93
|
}
|
|
78
94
|
/**
|
|
79
95
|
* Provider configuration for token refresh
|
|
@@ -108,19 +124,21 @@ export interface TokenManagerConfig {
|
|
|
108
124
|
*/
|
|
109
125
|
export interface TokenStorage {
|
|
110
126
|
/**
|
|
111
|
-
* Get a stored token by user and
|
|
127
|
+
* Get a stored token by user, provider, and optional alias
|
|
128
|
+
* @param alias - Account alias. Default: 'default'
|
|
112
129
|
*/
|
|
113
|
-
get(userId: string, provider: string): Promise<StoredToken | null>;
|
|
130
|
+
get(userId: string, provider: string, alias?: string): Promise<StoredToken | null>;
|
|
114
131
|
/**
|
|
115
132
|
* Store or update a token
|
|
116
133
|
*/
|
|
117
134
|
set(token: StoredToken): Promise<void>;
|
|
118
135
|
/**
|
|
119
136
|
* Delete a token
|
|
137
|
+
* @param alias - Account alias. Default: 'default'
|
|
120
138
|
*/
|
|
121
|
-
delete(userId: string, provider: string): Promise<void>;
|
|
139
|
+
delete(userId: string, provider: string, alias?: string): Promise<void>;
|
|
122
140
|
/**
|
|
123
|
-
* List all
|
|
141
|
+
* List all connected accounts for a user
|
|
124
142
|
*/
|
|
125
143
|
list(userId: string): Promise<ConnectedProvider[]>;
|
|
126
144
|
}
|
|
@@ -132,13 +150,13 @@ export interface TokenProvider {
|
|
|
132
150
|
readonly id: string;
|
|
133
151
|
/**
|
|
134
152
|
* Refresh an expired access token
|
|
135
|
-
*
|
|
153
|
+
*
|
|
154
|
+
* @returns
|
|
155
|
+
* - RefreshResult: New token data on success
|
|
156
|
+
* - RefreshFailure: Token was permanently revoked (auto-cleanup recommended)
|
|
157
|
+
* - throws Error: Temporary failure (network, rate limit) - retry later
|
|
136
158
|
*/
|
|
137
|
-
refresh(refreshToken: string, config: ProviderConfig): Promise<
|
|
138
|
-
accessToken: string;
|
|
139
|
-
refreshToken?: string;
|
|
140
|
-
expiresAt?: number;
|
|
141
|
-
} | null>;
|
|
159
|
+
refresh(refreshToken: string, config: ProviderConfig): Promise<RefreshResult | RefreshFailure>;
|
|
142
160
|
/**
|
|
143
161
|
* Whether this provider supports token refresh
|
|
144
162
|
* (GitHub tokens don't expire, so no refresh needed)
|
|
@@ -155,4 +173,15 @@ export interface RefreshResult {
|
|
|
155
173
|
/** New expiration time */
|
|
156
174
|
expiresAt?: number;
|
|
157
175
|
}
|
|
176
|
+
/**
|
|
177
|
+
* Result when token refresh fails
|
|
178
|
+
*/
|
|
179
|
+
export interface RefreshFailure {
|
|
180
|
+
/** Token was permanently invalidated (revoked by user/admin) - should delete from storage */
|
|
181
|
+
revoked: true;
|
|
182
|
+
/** Error code from provider (e.g., 'invalid_grant') */
|
|
183
|
+
errorCode?: string;
|
|
184
|
+
/** Human-readable error message */
|
|
185
|
+
errorMessage?: string;
|
|
186
|
+
}
|
|
158
187
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,QAAQ,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,oDAAoD;IACpD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,QAAQ,EAAE,MAAM,CAAC;IACjB,6FAA6F;IAC7F,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0DAA0D;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,sCAAsC;IACtC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,6FAA6F;IAC7F,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,kEAAkE;IAClE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,oDAAoD;IACpD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,KAAK,EAAE,MAAM,CAAC;IACd,0DAA0D;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iCAAiC;IACjC,OAAO,EAAE,YAAY,CAAC;IACtB,sFAAsF;IACtF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,SAAS,EAAE;QACT,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,SAAS,CAAC,EAAE,cAAc,CAAC;QAC3B,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAAC;KAC3C,CAAC;IACF,gFAAgF;IAChF,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;;OAGG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAEnF;;OAEG;IACH,GAAG,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvC;;;OAGG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAExE;;OAEG;IACH,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;CACpD;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,OAAO,CACL,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC,CAAC;IAE3C;;;OAGG;IACH,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,6FAA6F;IAC7F,OAAO,EAAE,IAAI,CAAC;IACd,uDAAuD;IACvD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}
|
package/package.json
CHANGED