@kaapi/oauth2-auth-design 0.0.35 → 0.0.36

package/lib/generators/oauth2-util-generator.js

@@ -0,0 +1,240 @@
+"use strict";
+var _OAuth2UtilGenerator_instances, _OAuth2UtilGenerator_values, _OAuth2UtilGenerator_getDpopReplayDetectorContent, _OAuth2UtilGenerator_getJwksKeyStoreContent, _OAuth2UtilGenerator_getJwksRotationTimestampStoreContent;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuth2UtilGenerator = void 0;
+const tslib_1 = require("tslib");
+const definitions_1 = require("@kaapi/cli/definitions");
+const utils_1 = require("@kaapi/cli/utils");
+var KIND_ENUM;
+(function (KIND_ENUM) {
+    KIND_ENUM["dpopReplayDetector"] = "dpop-replay-detector";
+    KIND_ENUM["jwksKeyStore"] = "jwks-key-store";
+    KIND_ENUM["jwksRotationTimestampStore"] = "jwks-rotation-timestamp-store";
+})(KIND_ENUM || (KIND_ENUM = {}));
+const KIND_OPTIONS = [
+    {
+        value: KIND_ENUM.dpopReplayDetector,
+        label: 'DPoP Replay Detector',
+        hint: ''
+    },
+    {
+        value: KIND_ENUM.jwksKeyStore,
+        label: 'Jwks Key Store',
+        hint: ''
+    },
+    {
+        value: KIND_ENUM.jwksRotationTimestampStore,
+        label: 'Jwks Rotation Timestamp Store',
+        hint: ''
+    },
+];
+class OAuth2UtilGenerator {
+    constructor() {
+        _OAuth2UtilGenerator_instances.add(this);
+        _OAuth2UtilGenerator_values.set(this, {
+            name: '',
+            kind: ''
+        });
+    }
+    get type() {
+        return 'others';
+    }
+    get name() {
+        return 'oauth2-util';
+    }
+    get description() {
+        return 'Creates util.';
+    }
+    get notes() {
+        return [
+            'Allowed values for --kind:',
+            ...KIND_OPTIONS.map(o => `  - ${o.value}`)
+        ];
+    }
+    get options() {
+        return {
+            name: 'The name',
+            kind: 'The kind'
+        };
+    }
+    init(options) {
+        if (typeof options['name'] == 'string') {
+            tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").name = (0, utils_1.camelCase)(options['name']);
+        }
+        if (typeof options['kind'] == 'string') {
+            if (!KIND_OPTIONS.map(v => v.value).includes(options['kind'])) {
+                throw new Error(`Invalid value for '--kind'. Allowed values are: ${KIND_OPTIONS.map(v => v.value).join(', ')}.`);
+            }
+            tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").kind = options['kind'];
+        }
+    }
+    isValid() {
+        return !!(tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").name && tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").kind);
+    }
+    getFileContent() {
+        if (tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").kind === KIND_ENUM.dpopReplayDetector)
+            return tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_instances, "m", _OAuth2UtilGenerator_getDpopReplayDetectorContent).call(this);
+        else if (tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").kind === KIND_ENUM.jwksKeyStore)
+            return tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_instances, "m", _OAuth2UtilGenerator_getJwksKeyStoreContent).call(this);
+        else if (tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").kind === KIND_ENUM.jwksRotationTimestampStore)
+            return tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_instances, "m", _OAuth2UtilGenerator_getJwksRotationTimestampStoreContent).call(this);
+        else
+            return '';
+    }
+    getQuestions() {
+        const r = [];
+        if (!(tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").kind && KIND_OPTIONS.map(v => v.value).includes(tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").kind))) {
+            r.push({
+                type: definitions_1.QuestionType.select,
+                options: {
+                    message: 'The kind?',
+                    options: KIND_OPTIONS
+                },
+                setValue: (value) => {
+                    tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").kind = `${value}`;
+                }
+            });
+        }
+        if (!tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").name) {
+            const camelCasedType = (0, utils_1.camelCase)(tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").kind || 'custom-util');
+            r.push({
+                type: definitions_1.QuestionType.text,
+                options: {
+                    message: 'The name?',
+                    defaultValue: camelCasedType,
+                    placeholder: camelCasedType
+                },
+                setValue: (pluginName) => {
+                    tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").name = (0, utils_1.camelCase)(pluginName);
+                }
+            });
+        }
+        return r;
+    }
+    getFilename() {
+        return (0, utils_1.kebabCase)(`${tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").name}`) + '.ts';
+    }
+}
+exports.OAuth2UtilGenerator = OAuth2UtilGenerator;
+_OAuth2UtilGenerator_values = new WeakMap(), _OAuth2UtilGenerator_instances = new WeakSet(), _OAuth2UtilGenerator_getDpopReplayDetectorContent = function _OAuth2UtilGenerator_getDpopReplayDetectorContent() {
+    return `// generated by @kaapi/oauth2-auth-design
+
+import { ReplayDetector } from '@kaapi/oauth2-auth-design'
+
+/**
+ * A custom implementation of a DPoP (Demonstration of Proof-of-Possession) replay detector.
+ * Provides methods to track and prevent replay attacks by storing and checking unique values
+ * with a defined time-to-live.
+ */
+export const ${tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").name}: ReplayDetector = {
+    /**
+     * Checks whether a given value has already been seen (i.e., replayed).
+     *
+     * @param {string} value - The unique identifier to check for replay.
+     * @returns {Promise<boolean>} A promise that resolves to \`true\` if the value exists
+     * (indicating a replay), or \`false\` if it has not been seen before.
+     */
+    has(value: string): Promise<boolean> {
+        throw new Error('Method not implemented.');
+    },
+
+    /**
+     * Deletes a previously stored value from the replay detector.
+     *
+     * @param {string} value - The unique identifier to remove from storage.
+     * @returns {Promise<void>} A promise that resolves when the value has been deleted.
+     */
+    delete(value: string): Promise<void> {
+        throw new Error('Method not implemented.');
+    },
+
+    /**
+     * Adds a new value to the replay detector with a specified time-to-live.
+     *
+     * @param {string} value - The unique identifier to store for replay detection.
+     * @param {number} ttlSeconds - The time-to-live in seconds, after which the value expires.
+     * @returns {Promise<void>} A promise that resolves when the value has been stored.
+     */
+    add(value: string, ttlSeconds: number): Promise<void> {
+        throw new Error('Method not implemented.');
+    }
+};
+`;
+}, _OAuth2UtilGenerator_getJwksKeyStoreContent = function _OAuth2UtilGenerator_getJwksKeyStoreContent() {
+    return `// generated by @kaapi/oauth2-auth-design
+
+import { JwksKeyStore } from '@kaapi/oauth2-auth-design';
+
+/**
+ * A custom implementation of a JSON Web Key Store (JWKS).
+ * Provides methods to store and retrieve key pairs used for signing and verifying JWTs.
+ */
+export const ${tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").name}: JwksKeyStore = {
+    /**
+     * Stores a key pair (private and public keys) in the JWKS with a given key ID and time-to-live.
+     *
+     * @param {string} kid - The Key ID (KID) used to uniquely identify the key pair.
+     * @param {object} privateKey - The private key object used for signing tokens.
+     * @param {object} publicKey - The public key object used for verifying tokens.
+     * @param {number} ttl - The time-to-live (in seconds) for how long the key pair should remain valid.
+     * @returns {void | Promise<void>} Returns nothing or a promise that resolves when the key pair is stored.
+     */
+    storeKeyPair(kid: string, privateKey: object, publicKey: object, ttl: number): void | Promise<void> {
+        throw new Error('Function not implemented.');
+    },
+
+    /**
+     * Retrieves the private key currently stored in the JWKS.
+     *
+     * @returns {Promise<object | undefined>} A promise that resolves to the private key object,
+     * or \`undefined\` if no private key is available.
+     */
+    getPrivateKey(): Promise<object | undefined> {
+        throw new Error('Function not implemented.');
+    },
+
+    /**
+     * Retrieves all public keys currently stored in the JWKS.
+     *
+     * @returns {Promise<object[]>} A promise that resolves to an array of public key objects.
+     */
+    getPublicKeys(): Promise<object[]> {
+        throw new Error('Function not implemented.');
+    }
+};
+`;
+}, _OAuth2UtilGenerator_getJwksRotationTimestampStoreContent = function _OAuth2UtilGenerator_getJwksRotationTimestampStoreContent() {
+    return `// generated by @kaapi/oauth2-auth-design
+
+import { JwksRotationTimestampStore } from '@kaapi/oauth2-auth-design';
+
+/**
+ * A custom implementation of a JWKS rotation timestamp store.
+ * Provides methods to persist and retrieve the last rotation timestamp
+ * for JSON Web Key Sets (JWKS).
+ */
+export const ${tslib_1.__classPrivateFieldGet(this, _OAuth2UtilGenerator_values, "f").name}: JwksRotationTimestampStore = {
+    /**
+     * Retrieves the timestamp of the last JWKS rotation.
+     *
+     * @returns {Promise<number>} A promise that resolves to the last rotation timestamp
+     * in milliseconds since the Unix epoch.
+     */
+    getLastRotationTimestamp: function (): Promise<number> {
+        throw new Error('Function not implemented.');
+    },
+
+    /**
+     * Sets the timestamp of the last JWKS rotation.
+     *
+     * @param {number} rotationTimestamp - The rotation timestamp to store,
+     * expressed in milliseconds since the Unix epoch.
+     * @returns {Promise<void>} A promise that resolves when the timestamp has been stored.
+     */
+    setLastRotationTimestamp: function (rotationTimestamp: number): Promise<void> {
+        throw new Error('Function not implemented.');
+    }
+};
+`;
+};
+//# sourceMappingURL=oauth2-util-generator.js.map

package/lib/generators/oauth2-util-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2-util-generator.js","sourceRoot":"","sources":["../../src/generators/oauth2-util-generator.ts"],"names":[],"mappings":";;;;;AAAA,wDAAiG;AACjG,4CAAuD;AAEvD,IAAK,SAIJ;AAJD,WAAK,SAAS;IACV,wDAA2C,CAAA;IAC3C,4CAA+B,CAAA;IAC/B,yEAA4D,CAAA;AAChE,CAAC,EAJI,SAAS,KAAT,SAAS,QAIb;AAED,MAAM,YAAY,GAIZ;IACE;QACI,KAAK,EAAE,SAAS,CAAC,kBAAkB;QACnC,KAAK,EAAE,sBAAsB;QAC7B,IAAI,EAAE,EAAE;KACX;IACD;QACI,KAAK,EAAE,SAAS,CAAC,YAAY;QAC7B,KAAK,EAAE,gBAAgB;QACvB,IAAI,EAAE,EAAE;KACX;IACD;QACI,KAAK,EAAE,SAAS,CAAC,0BAA0B;QAC3C,KAAK,EAAE,+BAA+B;QACtC,IAAI,EAAE,EAAE;KACX;CACJ,CAAC;AAEN,MAAa,mBAAmB;IAAhC;;QA4BI,sCAAU;YACN,IAAI,EAAE,EAAE;YACR,IAAI,EAAE,EAAE;SACX,EAAA;IAgML,CAAC;IA7NG,IAAI,IAAI;QACJ,OAAO,QAAQ,CAAA;IACnB,CAAC;IAED,IAAI,IAAI;QACJ,OAAO,aAAa,CAAA;IACxB,CAAC;IAED,IAAI,WAAW;QACX,OAAO,eAAe,CAAA;IAC1B,CAAC;IAED,IAAI,KAAK;QACL,OAAO;YACH,4BAA4B;YAC5B,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC;SAC7C,CAAA;IACL,CAAC;IAED,IAAI,OAAO;QACP,OAAO;YACH,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,UAAU;SACnB,CAAA;IACL,CAAC;IAOD,IAAI,CAAC,OAAgC;QACjC,IAAI,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACrC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,GAAG,IAAA,iBAAS,EAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAA;QAClD,CAAC;QACD,IAAI,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACrC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;gBAC5D,MAAM,IAAI,KAAK,CAAC,mDAAmD,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACpH,CAAC;YACD,+BAAA,IAAI,mCAAQ,CAAC,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;QACvC,CAAC;IACL,CAAC;IAED,OAAO;QACH,OAAO,CAAC,CAAC,CAAC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,IAAI,+BAAA,IAAI,mCAAQ,CAAC,IAAI,CAAC,CAAA;IACrD,CAAC;IAED,cAAc;QACV,IAAI,+BAAA,IAAI,mCAAQ,CAAC,IAAI,KAAK,SAAS,CAAC,kBAAkB;YAClD,OAAO,+BAAA,IAAI,yFAA8B,MAAlC,IAAI,CAAgC,CAAA;aAC1C,IAAI,+BAAA,IAAI,mCAAQ,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY;YACjD,OAAO,+BAAA,IAAI,mFAAwB,MAA5B,IAAI,CAA0B,CAAA;aACpC,IAAI,+BAAA,IAAI,mCAAQ,CAAC,IAAI,KAAK,SAAS,CAAC,0BAA0B;YAC/D,OAAO,+BAAA,IAAI,iGAAsC,MAA1C,IAAI,CAAwC,CAAA;;YAEnD,OAAO,EAAE,CAAA;IACjB,CAAC;IAED,YAAY;QACR,MAAM,CAAC,GAAe,EAAE,CAAA;QAExB,IAAI,CAAC,CAAC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACrF,CAAC,CAAC,IAAI,CAAC;gBACH,IAAI,EAAE,0BAAY,CAAC,MAAM;gBACzB,OAAO,EAAE;oBACL,OAAO,EAAE,WAAW;oBACpB,OAAO,EAAE,YAAY;iBACxB;gBACD,QAAQ,EAAE,CAAC,KAAK,EAAE,EAAE;oBAChB,+BAAA,IAAI,mCAAQ,CAAC,IAAI,GAAG,GAAG,KAAK,EAAE,CAAA;gBAClC,CAAC;aACJ,CAAC,CAAA;QACN,CAAC;QAED,IAAI,CAAC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,EAAE,CAAC;YACrB,MAAM,cAAc,GAAG,IAAA,iBAAS,EAAC,+BAAA,IAAI,mCAAQ,CAAC,IAAI,IAAI,aAAa,CAAC,CAAA;YACpE,CAAC,CAAC,IAAI,CAAC;gBACH,IAAI,EAAE,0BAAY,CAAC,IAAI;gBACvB,OAAO,EAAE;oBACL,OAAO,EAAE,WAAW;oBACpB,YAAY,EAAE,cAAc;oBAC5B,WAAW,EAAE,cAAc;iBAC9B;gBACD,QAAQ,EAAE,CAAC,UAAU,EAAE,EAAE;oBACrB,+BAAA,IAAI,mCAAQ,CAAC,IAAI,GAAG,IAAA,iBAAS,EAAC,UAAU,CAAC,CAAA;gBAC7C,CAAC;aACJ,CAAC,CAAA;QACN,CAAC;QAED,OAAO,CAAC,CAAA;IACZ,CAAC;IAED,WAAW;QACP,OAAO,IAAA,iBAAS,EAAC,GAAG,+BAAA,IAAI,mCAAQ,CAAC,IAAI,EAAE,CAAC,GAAG,KAAK,CAAA;IACpD,CAAC;CA+HJ;AA/ND,kDA+NC;;IA5HO,OAAO;;;;;;;;;eASA,+BAAA,IAAI,mCAAQ,CAAC,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiC/B,CAAA;AACG,CAAC;IAGG,OAAO;;;;;;;;eAQA,+BAAA,IAAI,mCAAQ,CAAC,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiC/B,CAAA;AACG,CAAC;IAGG,OAAO;;;;;;;;;eASA,+BAAA,IAAI,mCAAQ,CAAC,IAAI;;;;;;;;;;;;;;;;;;;;;;CAsB/B,CAAA;AACG,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kaapi/oauth2-auth-design",
-  "version": "0.0.35",
+  "version": "0.0.36",
   "private": false,
   "description": "OAuth2 auth design for kaapi",
   "main": "lib/index.js",
@@ -37,18 +37,18 @@
     "@hapi/hoek": "^11.0.7",
     "@novice1/api-doc-generator": "^1.2.5",
     "html-entities": "^2.6.0",
-    "jose": "^6.0.13",
+    "jose": "^6.1.3",
     "jwk-to-pem": "^2.0.7",
     "node-jose": "^2.2.0",
     "tslib": "^2.8.1",
-    "@kaapi/cli": "^0.0.35",
-    "@kaapi/kaapi": "^0.0.35"
+    "@kaapi/cli": "^0.0.36",
+    "@kaapi/kaapi": "^0.0.36"
   },
   "devDependencies": {
     "@types/jwk-to-pem": "^2.0.3",
     "@types/mocha": "^10.0.10",
     "@types/node-jose": "^1.1.13",
-    "uuid": "^11.1.0"
+    "uuid": "^13.0.0"
   },
   "scripts": {
     "lint": "eslint .",