@julr/sesame 0.2.1 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -7
- package/build/{authorize_controller-BNWhlPZQ.js → authorize_controller-CfV9v3R2.js} +1 -1
- package/build/commands/sesame_purge.js +1 -1
- package/build/{consent_controller-COvvkpHM.js → consent_controller-DBtvczID.js} +1 -1
- package/build/index.js +2 -3
- package/build/{introspect_controller-JjAAXFIV.js → introspect_controller-D2SihAxt.js} +1 -1
- package/build/{user_provider-DXAOfv8-.js → main-ix9EOujk.js} +12 -1
- package/build/{metadata_controller-BzCjyqUG.js → metadata_controller-CekEP9i9.js} +1 -1
- package/build/providers/sesame_provider.js +3 -3
- package/build/{register_controller-DOlN9wNl.js → register_controller-Cmkyy0Pv.js} +1 -1
- package/build/{revoke_controller-B281b8ZO.js → revoke_controller-CzRid0SB.js} +1 -1
- package/build/services/main.d.ts +3 -0
- package/build/services/main.js +9 -0
- package/build/sesame_manager-Blf8pkgS.js +4 -0
- package/build/{sesame_manager-CFq4VEIZ.js → sesame_manager-Br0DIJgM.js} +17 -27
- package/build/src/guard/main.js +1 -12
- package/build/src/sesame_manager.d.ts +5 -5
- package/build/{token_controller-ll9sjcvn.js → token_controller-BEiR1lGn.js} +1 -1
- package/package.json +3 -1
package/README.md
CHANGED
|
@@ -80,17 +80,15 @@ The `SesameScopes` augmentation gives you type-safe scope names throughout your
|
|
|
80
80
|
Register OAuth routes from your `start/routes.ts` file:
|
|
81
81
|
|
|
82
82
|
```ts
|
|
83
|
-
import
|
|
84
|
-
|
|
85
|
-
const sesame = await app.container.make(SesameManager)
|
|
83
|
+
import sesame from '@julr/sesame/services/main'
|
|
86
84
|
|
|
87
85
|
// OAuth endpoints under /oauth
|
|
88
86
|
router.group(() => {
|
|
89
|
-
sesame.registerRoutes(
|
|
87
|
+
sesame.registerRoutes()
|
|
90
88
|
}).prefix('/oauth')
|
|
91
89
|
|
|
92
90
|
// Discovery endpoints at the root
|
|
93
|
-
sesame.registerWellKnownRoutes(
|
|
91
|
+
sesame.registerWellKnownRoutes()
|
|
94
92
|
```
|
|
95
93
|
|
|
96
94
|
This registers the following endpoints:
|
|
@@ -161,7 +159,7 @@ router
|
|
|
161
159
|
For MCP (Model Context Protocol) servers, register per-resource discovery:
|
|
162
160
|
|
|
163
161
|
```ts
|
|
164
|
-
sesame.registerProtectedResource(
|
|
162
|
+
sesame.registerProtectedResource({
|
|
165
163
|
resource: '/api/mcp',
|
|
166
164
|
scopes: ['read:mcp'],
|
|
167
165
|
})
|
|
@@ -193,7 +191,8 @@ node ace sesame:purge --retention-hours=168
|
|
|
193
191
|
You can also call it programmatically:
|
|
194
192
|
|
|
195
193
|
```ts
|
|
196
|
-
|
|
194
|
+
import sesame from '@julr/sesame/services/main'
|
|
195
|
+
|
|
197
196
|
const result = await sesame.purgeTokens({ retentionHours: 168 })
|
|
198
197
|
```
|
|
199
198
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { i as OAuthAuthorizationCode, n as OAuthPendingAuthorizationRequest, r as OAuthConsent, t as SesameManager } from "./sesame_manager-Br0DIJgM.js";
|
|
2
2
|
import "./decorate-BKZEjPRg.js";
|
|
3
3
|
import "./oauth_access_token-bsoM5KeU.js";
|
|
4
4
|
import { d as E_UNSUPPORTED_RESPONSE_TYPE, o as E_INVALID_REQUEST, r as E_INVALID_CLIENT } from "./oauth_error-CnJ3L8tf.js";
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { t as SesameManager } from "../sesame_manager-
|
|
1
|
+
import { t as SesameManager } from "../sesame_manager-Br0DIJgM.js";
|
|
2
2
|
import { t as __decorate } from "../decorate-BKZEjPRg.js";
|
|
3
3
|
import "../oauth_access_token-bsoM5KeU.js";
|
|
4
4
|
import { BaseCommand, flags } from "@adonisjs/core/ace";
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { i as OAuthAuthorizationCode, n as OAuthPendingAuthorizationRequest, r as OAuthConsent, t as SesameManager } from "./sesame_manager-Br0DIJgM.js";
|
|
2
2
|
import "./decorate-BKZEjPRg.js";
|
|
3
3
|
import "./oauth_access_token-bsoM5KeU.js";
|
|
4
4
|
import { a as E_INVALID_GRANT, o as E_INVALID_REQUEST, r as E_INVALID_CLIENT } from "./oauth_error-CnJ3L8tf.js";
|
package/build/index.js
CHANGED
|
@@ -1,12 +1,11 @@
|
|
|
1
|
-
import { a as OAuthAuthorizationCode, i as OAuthConsent, o as OAuthRefreshToken, t as SesameManager } from "./sesame_manager-CFq4VEIZ.js";
|
|
2
1
|
import { configure } from "./configure.js";
|
|
2
|
+
import { a as OAuthRefreshToken, i as OAuthAuthorizationCode, r as OAuthConsent, t as SesameManager } from "./sesame_manager-Br0DIJgM.js";
|
|
3
3
|
import "./decorate-BKZEjPRg.js";
|
|
4
4
|
import { t as OAuthAccessToken } from "./oauth_access_token-bsoM5KeU.js";
|
|
5
5
|
import { a as E_INVALID_GRANT, c as E_INVALID_TOKEN, d as E_UNSUPPORTED_RESPONSE_TYPE, f as OAuthError, i as E_INVALID_CLIENT_METADATA, l as E_SERVER_ERROR, n as E_INSUFFICIENT_SCOPE, o as E_INVALID_REQUEST, r as E_INVALID_CLIENT, s as E_INVALID_SCOPE, t as E_ACCESS_DENIED, u as E_UNSUPPORTED_GRANT_TYPE } from "./oauth_error-CnJ3L8tf.js";
|
|
6
6
|
import { t as OAuthClient } from "./oauth_client-BIoY5jBR.js";
|
|
7
7
|
import "./token_service-fhoA4slP.js";
|
|
8
|
-
import {
|
|
9
|
-
import { oauthGuard, oauthUserProvider } from "./src/guard/main.js";
|
|
8
|
+
import { i as OAuthGuard, n as oauthUserProvider, r as OAuthLucidUserProvider, t as oauthGuard } from "./main-ix9EOujk.js";
|
|
10
9
|
function defineConfig(config) {
|
|
11
10
|
return {
|
|
12
11
|
issuer: config.issuer,
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { a as OAuthRefreshToken, t as SesameManager } from "./sesame_manager-Br0DIJgM.js";
|
|
2
2
|
import "./decorate-BKZEjPRg.js";
|
|
3
3
|
import { t as OAuthAccessToken } from "./oauth_access_token-bsoM5KeU.js";
|
|
4
4
|
import { r as E_INVALID_CLIENT } from "./oauth_error-CnJ3L8tf.js";
|
|
@@ -147,4 +147,15 @@ var OAuthLucidUserProvider = class {
|
|
|
147
147
|
return this.createUserForGuard(user);
|
|
148
148
|
}
|
|
149
149
|
};
|
|
150
|
-
|
|
150
|
+
function oauthGuard(config) {
|
|
151
|
+
return { async resolver(name, app) {
|
|
152
|
+
const emitter = await app.container.make("emitter");
|
|
153
|
+
const { SesameManager } = await import("./sesame_manager-Blf8pkgS.js");
|
|
154
|
+
const manager = await app.container.make(SesameManager);
|
|
155
|
+
return (ctx) => new OAuthGuard(name, ctx, emitter, config.provider, manager, config.resource);
|
|
156
|
+
} };
|
|
157
|
+
}
|
|
158
|
+
function oauthUserProvider(options) {
|
|
159
|
+
return new OAuthLucidUserProvider(options);
|
|
160
|
+
}
|
|
161
|
+
export { OAuthGuard as i, oauthUserProvider as n, OAuthLucidUserProvider as r, oauthGuard as t };
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { t as SesameManager } from "./sesame_manager-
|
|
1
|
+
import { t as SesameManager } from "./sesame_manager-Br0DIJgM.js";
|
|
2
2
|
import "./decorate-BKZEjPRg.js";
|
|
3
3
|
import "./oauth_access_token-bsoM5KeU.js";
|
|
4
4
|
import { l as E_SERVER_ERROR } from "./oauth_error-CnJ3L8tf.js";
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { t as SesameManager } from "../sesame_manager-
|
|
1
|
+
import { t as SesameManager } from "../sesame_manager-Br0DIJgM.js";
|
|
2
2
|
import "../decorate-BKZEjPRg.js";
|
|
3
3
|
import "../oauth_access_token-bsoM5KeU.js";
|
|
4
4
|
var SesameProvider = class {
|
|
@@ -6,8 +6,8 @@ var SesameProvider = class {
|
|
|
6
6
|
this.app = app;
|
|
7
7
|
}
|
|
8
8
|
register() {
|
|
9
|
-
this.app.container.singleton(SesameManager, () => {
|
|
10
|
-
return new SesameManager(this.app.config.get("sesame"));
|
|
9
|
+
this.app.container.singleton(SesameManager, async () => {
|
|
10
|
+
return new SesameManager(this.app.config.get("sesame"), await this.app.container.make("router"));
|
|
11
11
|
});
|
|
12
12
|
}
|
|
13
13
|
};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { t as SesameManager } from "./sesame_manager-
|
|
1
|
+
import { t as SesameManager } from "./sesame_manager-Br0DIJgM.js";
|
|
2
2
|
import "./decorate-BKZEjPRg.js";
|
|
3
3
|
import "./oauth_access_token-bsoM5KeU.js";
|
|
4
4
|
import { i as E_INVALID_CLIENT_METADATA, o as E_INVALID_REQUEST, s as E_INVALID_SCOPE, t as E_ACCESS_DENIED } from "./oauth_error-CnJ3L8tf.js";
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { a as OAuthRefreshToken, t as SesameManager } from "./sesame_manager-Br0DIJgM.js";
|
|
2
2
|
import "./decorate-BKZEjPRg.js";
|
|
3
3
|
import { t as OAuthAccessToken } from "./oauth_access_token-bsoM5KeU.js";
|
|
4
4
|
import { r as E_INVALID_CLIENT } from "./oauth_error-CnJ3L8tf.js";
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { t as SesameManager } from "../sesame_manager-Br0DIJgM.js";
|
|
2
|
+
import "../decorate-BKZEjPRg.js";
|
|
3
|
+
import "../oauth_access_token-bsoM5KeU.js";
|
|
4
|
+
import app from "@adonisjs/core/services/app";
|
|
5
|
+
let sesame;
|
|
6
|
+
await app.booted(async () => {
|
|
7
|
+
sesame = await app.container.make(SesameManager);
|
|
8
|
+
});
|
|
9
|
+
export { sesame as default };
|
|
@@ -1,26 +1,15 @@
|
|
|
1
1
|
import { n as json, t as __decorate } from "./decorate-BKZEjPRg.js";
|
|
2
2
|
import { t as OAuthAccessToken } from "./oauth_access_token-bsoM5KeU.js";
|
|
3
|
-
import "node:module";
|
|
4
3
|
import { DateTime } from "luxon";
|
|
5
4
|
import { BaseModel, column } from "@adonisjs/lucid/orm";
|
|
6
|
-
var __defProp = Object.defineProperty;
|
|
7
|
-
var __exportAll = (all, no_symbols) => {
|
|
8
|
-
let target = {};
|
|
9
|
-
for (var name in all) __defProp(target, name, {
|
|
10
|
-
get: all[name],
|
|
11
|
-
enumerable: true
|
|
12
|
-
});
|
|
13
|
-
if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
|
|
14
|
-
return target;
|
|
15
|
-
};
|
|
16
5
|
const controllers = {
|
|
17
|
-
token: () => import("./token_controller-
|
|
18
|
-
authorize: () => import("./authorize_controller-
|
|
19
|
-
consent: () => import("./consent_controller-
|
|
20
|
-
introspect: () => import("./introspect_controller-
|
|
21
|
-
revoke: () => import("./revoke_controller-
|
|
22
|
-
register: () => import("./register_controller-
|
|
23
|
-
metadata: () => import("./metadata_controller-
|
|
6
|
+
token: () => import("./token_controller-BEiR1lGn.js"),
|
|
7
|
+
authorize: () => import("./authorize_controller-CfV9v3R2.js"),
|
|
8
|
+
consent: () => import("./consent_controller-DBtvczID.js"),
|
|
9
|
+
introspect: () => import("./introspect_controller-D2SihAxt.js"),
|
|
10
|
+
revoke: () => import("./revoke_controller-CzRid0SB.js"),
|
|
11
|
+
register: () => import("./register_controller-Cmkyy0Pv.js"),
|
|
12
|
+
metadata: () => import("./metadata_controller-CekEP9i9.js"),
|
|
24
13
|
clientInfo: () => import("./client_info_controller-BucHGx4u.js")
|
|
25
14
|
};
|
|
26
15
|
function registerOAuthRoutes(router) {
|
|
@@ -96,11 +85,12 @@ __decorate([column()], OAuthPendingAuthorizationRequest.prototype, "codeChalleng
|
|
|
96
85
|
__decorate([column()], OAuthPendingAuthorizationRequest.prototype, "codeChallengeMethod", void 0);
|
|
97
86
|
__decorate([column.dateTime()], OAuthPendingAuthorizationRequest.prototype, "expiresAt", void 0);
|
|
98
87
|
__decorate([column.dateTime({ autoCreate: true })], OAuthPendingAuthorizationRequest.prototype, "createdAt", void 0);
|
|
99
|
-
var sesame_manager_exports = /* @__PURE__ */ __exportAll({ SesameManager: () => SesameManager });
|
|
100
88
|
var SesameManager = class {
|
|
101
89
|
#config;
|
|
102
|
-
|
|
90
|
+
#router;
|
|
91
|
+
constructor(config, router) {
|
|
103
92
|
this.#config = config;
|
|
93
|
+
this.#router = router;
|
|
104
94
|
}
|
|
105
95
|
get config() {
|
|
106
96
|
return this.#config;
|
|
@@ -151,15 +141,15 @@ var SesameManager = class {
|
|
|
151
141
|
pendingRequests
|
|
152
142
|
};
|
|
153
143
|
}
|
|
154
|
-
registerRoutes(
|
|
155
|
-
registerOAuthRoutes(router);
|
|
144
|
+
registerRoutes() {
|
|
145
|
+
registerOAuthRoutes(this.#router);
|
|
156
146
|
}
|
|
157
|
-
registerWellKnownRoutes(
|
|
158
|
-
registerWellKnownRoutes(router);
|
|
147
|
+
registerWellKnownRoutes() {
|
|
148
|
+
registerWellKnownRoutes(this.#router);
|
|
159
149
|
}
|
|
160
|
-
registerProtectedResource(
|
|
150
|
+
registerProtectedResource(options) {
|
|
161
151
|
const wellKnownPath = `/.well-known/oauth-protected-resource${options.resource}`;
|
|
162
|
-
router.get(wellKnownPath, async (ctx) => {
|
|
152
|
+
this.#router.get(wellKnownPath, async (ctx) => {
|
|
163
153
|
ctx.response.header("Cache-Control", "public, max-age=15, stale-while-revalidate=15, stale-if-error=86400");
|
|
164
154
|
return {
|
|
165
155
|
resource: `${this.#config.issuer}${options.resource}`,
|
|
@@ -173,4 +163,4 @@ var SesameManager = class {
|
|
|
173
163
|
return result.then((r) => Array.isArray(r) ? Number(r[0] ?? 0) : Number(r));
|
|
174
164
|
}
|
|
175
165
|
};
|
|
176
|
-
export {
|
|
166
|
+
export { OAuthRefreshToken as a, OAuthAuthorizationCode as i, OAuthPendingAuthorizationRequest as n, OAuthConsent as r, SesameManager as t };
|
package/build/src/guard/main.js
CHANGED
|
@@ -2,16 +2,5 @@ import "../../decorate-BKZEjPRg.js";
|
|
|
2
2
|
import "../../oauth_access_token-bsoM5KeU.js";
|
|
3
3
|
import "../../oauth_client-BIoY5jBR.js";
|
|
4
4
|
import "../../token_service-fhoA4slP.js";
|
|
5
|
-
import {
|
|
6
|
-
function oauthGuard(config) {
|
|
7
|
-
return { async resolver(name, app) {
|
|
8
|
-
const emitter = await app.container.make("emitter");
|
|
9
|
-
const { SesameManager } = await import("../../sesame_manager-CFq4VEIZ.js").then((n) => n.n);
|
|
10
|
-
const manager = await app.container.make(SesameManager);
|
|
11
|
-
return (ctx) => new OAuthGuard(name, ctx, emitter, config.provider, manager, config.resource);
|
|
12
|
-
} };
|
|
13
|
-
}
|
|
14
|
-
function oauthUserProvider(options) {
|
|
15
|
-
return new OAuthLucidUserProvider(options);
|
|
16
|
-
}
|
|
5
|
+
import { i as OAuthGuard, n as oauthUserProvider, r as OAuthLucidUserProvider, t as oauthGuard } from "../../main-ix9EOujk.js";
|
|
17
6
|
export { OAuthGuard, OAuthLucidUserProvider, oauthGuard, oauthUserProvider };
|
|
@@ -14,7 +14,7 @@ export interface PurgeResult {
|
|
|
14
14
|
*/
|
|
15
15
|
export declare class SesameManager {
|
|
16
16
|
#private;
|
|
17
|
-
constructor(config: ResolvedSesameConfig);
|
|
17
|
+
constructor(config: ResolvedSesameConfig, router: Router);
|
|
18
18
|
get config(): ResolvedSesameConfig;
|
|
19
19
|
/**
|
|
20
20
|
* Check if a scope is registered in the server configuration.
|
|
@@ -71,18 +71,18 @@ export declare class SesameManager {
|
|
|
71
71
|
* @example
|
|
72
72
|
* ```ts
|
|
73
73
|
* router.group(() => {
|
|
74
|
-
* sesame.registerRoutes(
|
|
74
|
+
* sesame.registerRoutes()
|
|
75
75
|
* }).prefix('/oauth')
|
|
76
76
|
* ```
|
|
77
77
|
*/
|
|
78
|
-
registerRoutes(
|
|
78
|
+
registerRoutes(): void;
|
|
79
79
|
/**
|
|
80
80
|
* Register well-known discovery routes at the root level.
|
|
81
81
|
*
|
|
82
82
|
* Must be called outside any prefix group so endpoints
|
|
83
83
|
* remain at `/.well-known/...`.
|
|
84
84
|
*/
|
|
85
|
-
registerWellKnownRoutes(
|
|
85
|
+
registerWellKnownRoutes(): void;
|
|
86
86
|
/**
|
|
87
87
|
* Register a `/.well-known/oauth-protected-resource` endpoint
|
|
88
88
|
* for a specific resource path (RFC 9728). Useful for MCP
|
|
@@ -90,7 +90,7 @@ export declare class SesameManager {
|
|
|
90
90
|
*
|
|
91
91
|
* @see https://datatracker.ietf.org/doc/html/rfc9728
|
|
92
92
|
*/
|
|
93
|
-
registerProtectedResource(
|
|
93
|
+
registerProtectedResource(options: {
|
|
94
94
|
resource: string;
|
|
95
95
|
scopes?: Scope[];
|
|
96
96
|
}): void;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { a as
|
|
1
|
+
import { a as OAuthRefreshToken, i as OAuthAuthorizationCode, t as SesameManager } from "./sesame_manager-Br0DIJgM.js";
|
|
2
2
|
import "./decorate-BKZEjPRg.js";
|
|
3
3
|
import { t as OAuthAccessToken } from "./oauth_access_token-bsoM5KeU.js";
|
|
4
4
|
import { a as E_INVALID_GRANT, o as E_INVALID_REQUEST, r as E_INVALID_CLIENT, s as E_INVALID_SCOPE, u as E_UNSUPPORTED_GRANT_TYPE } from "./oauth_error-CnJ3L8tf.js";
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@julr/sesame",
|
|
3
3
|
"description": "OAuth 2.1 + OIDC server for AdonisJS",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.3.1",
|
|
5
5
|
"engines": {
|
|
6
6
|
"node": ">=24.0.0"
|
|
7
7
|
},
|
|
@@ -20,6 +20,7 @@
|
|
|
20
20
|
"./guard": "./build/src/guard/main.js",
|
|
21
21
|
"./scope_middleware": "./build/src/middleware/scope_middleware.js",
|
|
22
22
|
"./any_scope_middleware": "./build/src/middleware/any_scope_middleware.js",
|
|
23
|
+
"./services/main": "./build/services/main.js",
|
|
23
24
|
"./commands/*": "./build/commands/*.js",
|
|
24
25
|
"./commands": "./build/commands/main.js"
|
|
25
26
|
},
|
|
@@ -96,6 +97,7 @@
|
|
|
96
97
|
"./index.ts",
|
|
97
98
|
"./configure.ts",
|
|
98
99
|
"./providers/sesame_provider.ts",
|
|
100
|
+
"./services/main.ts",
|
|
99
101
|
"./src/guard/main.ts",
|
|
100
102
|
"./commands/sesame_purge.ts",
|
|
101
103
|
"./src/middleware/scope_middleware.ts",
|