@leapdev/auth-agent 2.0.0-alpha.0 → 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +307 -6
- package/package.json +3 -3
- package/src/index.js +1 -4
- package/src/index.js.map +1 -1
- package/src/lib/auth-agent.d.ts +1 -0
- package/src/lib/auth-agent.js +19 -15
- package/src/lib/auth-agent.js.map +1 -1
- package/src/lib/auth.service.d.ts +7 -1
- package/src/lib/auth.service.js +83 -47
- package/src/lib/auth.service.js.map +1 -1
- package/src/lib/authentication.d.ts +5 -10
- package/src/lib/authentication.js +144 -108
- package/src/lib/authentication.js.map +1 -1
- package/src/lib/config.js +6 -9
- package/src/lib/config.js.map +1 -1
- package/src/lib/idle-timer.js +22 -26
- package/src/lib/idle-timer.js.map +1 -1
- package/src/lib/notification.js +32 -36
- package/src/lib/notification.js.map +1 -1
- package/src/lib/redirections.d.ts +2 -0
- package/src/lib/redirections.js +38 -0
- package/src/lib/redirections.js.map +1 -0
- package/src/lib/refresh-token.worker.d.ts +18 -0
- package/src/lib/refresh-token.worker.js +116 -0
- package/src/lib/refresh-token.worker.js.map +1 -0
- package/src/lib/types.d.ts +18 -0
- package/src/lib/types.js +1 -2
- package/src/lib/utils.d.ts +2 -0
- package/src/lib/utils.js +12 -0
- package/src/lib/utils.js.map +1 -0
package/src/lib/notification.js
CHANGED
|
@@ -1,51 +1,48 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
var _Notification_pubnubKeys, _Notification_pubnub, _Notification_eventListeners, _Notification_initFirmChannel, _Notification_initUserChannel, _Notification_initUniqueSessionChannel;
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
const auth_agent_1 = require("./auth-agent");
|
|
9
|
-
const lodash_1 = require("lodash");
|
|
2
|
+
import { __classPrivateFieldGet, __classPrivateFieldSet } from "tslib";
|
|
3
|
+
import { v4 as uuidv4 } from 'uuid';
|
|
4
|
+
import * as Pubnub from 'pubnub';
|
|
5
|
+
import { AuthAgent } from './auth-agent';
|
|
6
|
+
import { isFunction } from 'lodash';
|
|
10
7
|
const EMPTY_GUID = '00000000-0000-0000-0000-000000000000';
|
|
11
8
|
const USER_ACTION = {
|
|
12
9
|
USERNAME_CHANGED: '1',
|
|
13
10
|
PASSWORD_CHANGED: '2',
|
|
14
11
|
USER_DISABLED: '3', // 3 - User has been disabled
|
|
15
12
|
};
|
|
16
|
-
class Notification {
|
|
13
|
+
export class Notification {
|
|
17
14
|
constructor() {
|
|
18
15
|
_Notification_pubnubKeys.set(this, void 0);
|
|
19
16
|
_Notification_pubnub.set(this, void 0);
|
|
20
17
|
_Notification_eventListeners.set(this, []);
|
|
21
18
|
this.init = (params) => {
|
|
22
19
|
const { authHost, clientId, firmId, userId, uniqueSession } = params;
|
|
23
|
-
|
|
24
|
-
|
|
20
|
+
__classPrivateFieldGet(this, _Notification_initFirmChannel, "f").call(this, firmId, userId);
|
|
21
|
+
__classPrivateFieldGet(this, _Notification_initUserChannel, "f").call(this, userId);
|
|
25
22
|
if (uniqueSession) {
|
|
26
|
-
|
|
23
|
+
__classPrivateFieldGet(this, _Notification_initUniqueSessionChannel, "f").call(this, { authHost, clientId });
|
|
27
24
|
}
|
|
28
25
|
};
|
|
29
26
|
this.destroy = () => {
|
|
30
|
-
if (
|
|
31
|
-
|
|
32
|
-
|
|
27
|
+
if (__classPrivateFieldGet(this, _Notification_pubnub, "f")) {
|
|
28
|
+
__classPrivateFieldGet(this, _Notification_pubnub, "f").unsubscribeAll();
|
|
29
|
+
__classPrivateFieldSet(this, _Notification_eventListeners, [], "f");
|
|
33
30
|
}
|
|
34
31
|
};
|
|
35
32
|
this.registerEventListenerForUserChannel = (params) => {
|
|
36
33
|
const { topic, messageType, callback } = params;
|
|
37
|
-
if (!
|
|
34
|
+
if (!isFunction(callback)) {
|
|
38
35
|
throw Error(`Registering Event Listener ${topic} ${messageType}: callback needs to be a function`);
|
|
39
36
|
}
|
|
40
|
-
|
|
37
|
+
__classPrivateFieldGet(this, _Notification_eventListeners, "f").push({ topic, messageType, callback });
|
|
41
38
|
};
|
|
42
39
|
_Notification_initFirmChannel.set(this, (firmId, userId) => {
|
|
43
|
-
|
|
40
|
+
__classPrivateFieldGet(this, _Notification_pubnub, "f").addListener({
|
|
44
41
|
presence: (presenceEvent) => {
|
|
45
42
|
//* handle presence
|
|
46
43
|
const { action, uuid } = presenceEvent;
|
|
47
44
|
//* the message was sent from the current pubnub instance
|
|
48
|
-
if (uuid ===
|
|
45
|
+
if (uuid === __classPrivateFieldGet(this, _Notification_pubnubKeys, "f").uuid) {
|
|
49
46
|
return;
|
|
50
47
|
}
|
|
51
48
|
//* handle action 'leave' and 'timeout'
|
|
@@ -61,50 +58,50 @@ class Notification {
|
|
|
61
58
|
instanceGuidFromPresence === EMPTY_GUID &&
|
|
62
59
|
isUserActionRequiredLogout) {
|
|
63
60
|
//* User Information has been changed, force user to logout
|
|
64
|
-
|
|
61
|
+
AuthAgent.logout(true); // call logout with force=true (because the logout is forced)
|
|
65
62
|
}
|
|
66
63
|
}
|
|
67
64
|
},
|
|
68
65
|
});
|
|
69
|
-
|
|
66
|
+
__classPrivateFieldGet(this, _Notification_pubnub, "f").subscribe({
|
|
70
67
|
channels: [firmId],
|
|
71
68
|
withPresence: true,
|
|
72
69
|
});
|
|
73
70
|
});
|
|
74
71
|
_Notification_initUserChannel.set(this, (userId) => {
|
|
75
|
-
|
|
72
|
+
__classPrivateFieldGet(this, _Notification_pubnub, "f").addListener({
|
|
76
73
|
message: (data) => {
|
|
77
74
|
const { content } = data.message;
|
|
78
75
|
if (content && content.topic && content.messageType && content.data) {
|
|
79
|
-
for (const eventListener of
|
|
76
|
+
for (const eventListener of __classPrivateFieldGet(this, _Notification_eventListeners, "f")) {
|
|
80
77
|
if (eventListener.topic === content.topic &&
|
|
81
78
|
eventListener.messageType === content.messageType &&
|
|
82
79
|
eventListener.callback &&
|
|
83
|
-
|
|
80
|
+
isFunction(eventListener.callback)) {
|
|
84
81
|
return eventListener.callback(content.data);
|
|
85
82
|
}
|
|
86
83
|
}
|
|
87
84
|
}
|
|
88
85
|
},
|
|
89
86
|
});
|
|
90
|
-
|
|
87
|
+
__classPrivateFieldGet(this, _Notification_pubnub, "f").subscribe({
|
|
91
88
|
channels: [`user_${userId}`],
|
|
92
89
|
withPresence: false,
|
|
93
90
|
});
|
|
94
91
|
});
|
|
95
92
|
_Notification_initUniqueSessionChannel.set(this, (params) => {
|
|
96
|
-
const decodedToken =
|
|
93
|
+
const decodedToken = AuthAgent.getDecodedAccessToken();
|
|
97
94
|
const { authHost: myAuthHost, clientId: myClientId } = params;
|
|
98
95
|
const { userId: myUserId, sessionId: mySessionId, impersonatorId: myImpersonatorId, } = decodedToken;
|
|
99
96
|
if (!decodedToken) {
|
|
100
97
|
return;
|
|
101
98
|
}
|
|
102
99
|
const channel = `auth-session-${myUserId}`;
|
|
103
|
-
|
|
100
|
+
__classPrivateFieldGet(this, _Notification_pubnub, "f").addListener({
|
|
104
101
|
message: (data) => {
|
|
105
|
-
const decodedToken =
|
|
102
|
+
const decodedToken = AuthAgent.getDecodedAccessToken();
|
|
106
103
|
if (!decodedToken) {
|
|
107
|
-
|
|
104
|
+
AuthAgent.logout(true); // call logout with force=true (because the logout is forced)
|
|
108
105
|
}
|
|
109
106
|
const { sessionId: mySessionId, impersonatorId: myImpersonatorId, userId: myUserId, } = decodedToken;
|
|
110
107
|
if (mySessionId && data && data.message) {
|
|
@@ -120,18 +117,18 @@ class Notification {
|
|
|
120
117
|
console.log('user ' + impersonatorId + ' impersonating user ' + myUserId);
|
|
121
118
|
}
|
|
122
119
|
else {
|
|
123
|
-
|
|
120
|
+
AuthAgent.logout(true); // call logout with force=true (because the logout is forced)
|
|
124
121
|
}
|
|
125
122
|
}
|
|
126
123
|
}
|
|
127
124
|
}
|
|
128
125
|
},
|
|
129
126
|
});
|
|
130
|
-
|
|
127
|
+
__classPrivateFieldGet(this, _Notification_pubnub, "f").subscribe({
|
|
131
128
|
channels: [channel],
|
|
132
129
|
withPresence: true,
|
|
133
130
|
});
|
|
134
|
-
|
|
131
|
+
__classPrivateFieldGet(this, _Notification_pubnub, "f").publish({
|
|
135
132
|
message: {
|
|
136
133
|
authHost: myAuthHost,
|
|
137
134
|
clientId: myClientId,
|
|
@@ -145,14 +142,13 @@ class Notification {
|
|
|
145
142
|
}
|
|
146
143
|
});
|
|
147
144
|
});
|
|
148
|
-
|
|
145
|
+
__classPrivateFieldSet(this, _Notification_pubnubKeys, {
|
|
149
146
|
publishKey: 'pub-13f5288e-cd88-4ef9-9e68-0c11cd03ddb8',
|
|
150
147
|
subscribeKey: 'sub-a456f002-0095-11e2-9638-9581afc33ebf',
|
|
151
|
-
uuid: (
|
|
148
|
+
uuid: uuidv4(),
|
|
152
149
|
}, "f");
|
|
153
|
-
|
|
150
|
+
__classPrivateFieldSet(this, _Notification_pubnub, new Pubnub(__classPrivateFieldGet(this, _Notification_pubnubKeys, "f")), "f");
|
|
154
151
|
}
|
|
155
152
|
}
|
|
156
|
-
exports.Notification = Notification;
|
|
157
153
|
_Notification_pubnubKeys = new WeakMap(), _Notification_pubnub = new WeakMap(), _Notification_eventListeners = new WeakMap(), _Notification_initFirmChannel = new WeakMap(), _Notification_initUserChannel = new WeakMap(), _Notification_initUniqueSessionChannel = new WeakMap();
|
|
158
154
|
//# sourceMappingURL=notification.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"notification.js","sourceRoot":"","sources":["../../../../../packages/auth-agent/src/lib/notification.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"notification.js","sourceRoot":"","sources":["../../../../../packages/auth-agent/src/lib/notification.ts"],"names":[],"mappings":";;AAAA,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,MAAM,UAAU,GAAG,sCAAsC,CAAC;AAC1D,MAAM,WAAW,GAAG;IAClB,gBAAgB,EAAE,GAAG;IACrB,gBAAgB,EAAE,GAAG;IACrB,aAAa,EAAE,GAAG,EAAE,iCAAiC;CACtD,CAAC;AAEF,MAAM,OAAO,YAAY;IASvB;QARA,2CAAwE;QACxE,uCAAgB;QAChB,uCAIK,EAAE,EAAC;QAWR,SAAI,GAAG,CAAC,MAMP,EAAQ,EAAE;YACT,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;YACrE,uBAAA,IAAI,qCAAiB,MAArB,IAAI,EAAkB,MAAM,EAAE,MAAM,CAAC,CAAC;YACtC,uBAAA,IAAI,qCAAiB,MAArB,IAAI,EAAkB,MAAM,CAAC,CAAC;YAC9B,IAAI,aAAa,EAAE;gBACjB,uBAAA,IAAI,8CAA0B,MAA9B,IAAI,EAA2B,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;aACxD;QACH,CAAC,CAAC;QAEF,YAAO,GAAG,GAAS,EAAE;YACnB,IAAI,uBAAA,IAAI,4BAAQ,EAAE;gBAChB,uBAAA,IAAI,4BAAQ,CAAC,cAAc,EAAE,CAAC;gBAC9B,uBAAA,IAAI,gCAAmB,EAAE,MAAA,CAAC;aAC3B;QACH,CAAC,CAAC;QAEF,wCAAmC,GAAG,CAAC,MAItC,EAAQ,EAAE;YACT,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;YAChD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;gBACzB,MAAM,KAAK,CACT,8BAA8B,KAAK,IAAI,WAAW,mCAAmC,CACtF,CAAC;aACH;YACD,uBAAA,IAAI,oCAAgB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC,CAAC;QAEF,wCAAmB,CAAC,MAAc,EAAE,MAAc,EAAQ,EAAE;YAC1D,uBAAA,IAAI,4BAAQ,CAAC,WAAW,CAAC;gBACvB,QAAQ,EAAE,CAAC,aAAmC,EAAE,EAAE;oBAChD,mBAAmB;oBACnB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC;oBAEvC,yDAAyD;oBACzD,IAAI,IAAI,KAAK,uBAAA,IAAI,gCAAY,CAAC,IAAI,EAAE;wBAClC,OAAO;qBACR;oBAED,uCAAuC;oBACvC,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,SAAS,EAAE;wBAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;wBACnC,MAAM,kBAAkB,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;wBAC/C,MAAM,wBAAwB,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;wBACrD,MAAM,sBAAsB,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;wBACnD,MAAM,0BAA0B,GAC9B,sBAAsB,KAAK,WAAW,CAAC,gBAAgB;4BACvD,sBAAsB,KAAK,WAAW,CAAC,gBAAgB;4BACvD,sBAAsB,KAAK,WAAW,CAAC,aAAa,CAAC;wBAEvD,IACE,kBAAkB,KAAK,MAAM;4BAC7B,wBAAwB,KAAK,UAAU;4BACvC,0BAA0B,EAC1B;4BACA,2DAA2D;4BAC3D,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,6DAA6D;yBACtF;qBACF;gBACH,CAAC;aACF,CAAC,CAAC;YAEH,uBAAA,IAAI,4BAAQ,CAAC,SAAS,CAAC;gBACrB,QAAQ,EAAE,CAAC,MAAM,CAAC;gBAClB,YAAY,EAAE,IAAI;aACnB,CAAC,CAAC;QACL,CAAC,EAAC;QAEF,wCAAmB,CAAC,MAAc,EAAQ,EAAE;YAC1C,uBAAA,IAAI,4BAAQ,CAAC,WAAW,CAAC;gBACvB,OAAO,EAAE,CAAC,IAAyB,EAAE,EAAE;oBACrC,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;oBACjC,IAAI,OAAO,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI,EAAE;wBACnE,KAAK,MAAM,aAAa,IAAI,uBAAA,IAAI,oCAAgB,EAAE;4BAChD,IACE,aAAa,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK;gCACrC,aAAa,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW;gCACjD,aAAa,CAAC,QAAQ;gCACtB,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,EAClC;gCACA,OAAO,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;6BAC7C;yBACF;qBACF;gBACH,CAAC;aACF,CAAC,CAAC;YAEH,uBAAA,IAAI,4BAAQ,CAAC,SAAS,CAAC;gBACrB,QAAQ,EAAE,CAAC,QAAQ,MAAM,EAAE,CAAC;gBAC5B,YAAY,EAAE,KAAK;aACpB,CAAC,CAAC;QACL,CAAC,EAAC;QAEF,iDAA4B,CAAC,MAG5B,EAAQ,EAAE;YACT,MAAM,YAAY,GAAG,SAAS,CAAC,qBAAqB,EAAE,CAAC;YACvD,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC;YAC9D,MAAM,EACJ,MAAM,EAAE,QAAQ,EAChB,SAAS,EAAE,WAAW,EACtB,cAAc,EAAE,gBAAgB,GACjC,GAAG,YAAY,CAAC;YACjB,IAAI,CAAC,YAAY,EAAE;gBACjB,OAAO;aACR;YAED,MAAM,OAAO,GAAG,gBAAgB,QAAQ,EAAE,CAAC;YAE3C,uBAAA,IAAI,4BAAQ,CAAC,WAAW,CAAC;gBACvB,OAAO,EAAE,CAAC,IAAyB,EAAE,EAAE;oBACrC,MAAM,YAAY,GAAG,SAAS,CAAC,qBAAqB,EAAE,CAAC;oBACvD,IAAI,CAAC,YAAY,EAAE;wBACjB,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,6DAA6D;qBACtF;oBAED,MAAM,EACJ,SAAS,EAAE,WAAW,EACtB,cAAc,EAAE,gBAAgB,EAChC,MAAM,EAAE,QAAQ,GACjB,GAAG,YAAY,CAAC;oBAEjB,IAAI,WAAW,IAAI,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE;wBACvC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EACtC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAChC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAChC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAC5B,cAAc,GAAG,gBAAgB;4BAC/B,CAAC,CAAC,gBAAgB;4BAClB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;wBAElC,IAAI,QAAQ,KAAK,UAAU,EAAE;4BAC3B,IACE,CAAC,QAAQ,KAAK,UAAU,IAAI,SAAS,KAAK,WAAW,CAAC,IAAI,yEAAyE;gCACnI,CAAC,QAAQ,KAAK,UAAU,IAAI,SAAS,KAAK,WAAW,IAAI,MAAM,CAAC,CAAC,8FAA8F;8BAC/J;gCACA,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,KAAK,EAAE,EAAE;oCACzD,2FAA2F;oCAC3F,OAAO,CAAC,GAAG,CACT,OAAO,GAAG,cAAc,GAAG,sBAAsB,GAAG,QAAQ,CAC7D,CAAC;iCACH;qCAAM;oCACL,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,6DAA6D;iCACtF;6BACF;yBACF;qBACF;gBACH,CAAC;aACF,CAAC,CAAC;YAEH,uBAAA,IAAI,4BAAQ,CAAC,SAAS,CAAC;gBACrB,QAAQ,EAAE,CAAC,OAAO,CAAC;gBACnB,YAAY,EAAE,IAAI;aACnB,CAAC,CAAC;YAEH,uBAAA,IAAI,4BAAQ,CAAC,OAAO,CAClB;gBACE,OAAO,EAAE;oBACP,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,UAAU;oBACpB,SAAS,EAAE,WAAW;oBACtB,cAAc,EAAE,gBAAgB;iBACjC;gBACD,OAAO,EAAE,OAAO;aACjB,EACD,CAAC,MAA2B,EAAE,EAAE;gBAC9B,IAAI,MAAM,CAAC,KAAK,EAAE;oBAChB,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;iBAC7B;YACH,CAAC,CACF,CAAC;QACJ,CAAC,EAAC;QA5LA,uBAAA,IAAI,4BAAe;YACjB,UAAU,EAAE,0CAA0C;YACtD,YAAY,EAAE,0CAA0C;YACxD,IAAI,EAAE,MAAM,EAAE;SACf,MAAA,CAAC;QACF,uBAAA,IAAI,wBAAW,IAAI,MAAM,CAAC,uBAAA,IAAI,gCAAY,CAAC,MAAA,CAAC;IAC9C,CAAC;CAuLF"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
export const getRedirectUri = (origin, decodedToken, redirectionConfig) => {
|
|
2
|
+
let result;
|
|
3
|
+
let redirection;
|
|
4
|
+
const topLevelDomains = redirectionConfig.topLevelDomains;
|
|
5
|
+
const redirections = redirectionConfig.environments;
|
|
6
|
+
const suffix = topLevelDomains.find((suffix) => origin.endsWith(suffix));
|
|
7
|
+
if (suffix) {
|
|
8
|
+
for (let i = 0; i < redirections.length; i++) {
|
|
9
|
+
const redir = redirections[i];
|
|
10
|
+
const tokenCriteriaMatched = containsKeys(decodedToken, redir.criteria);
|
|
11
|
+
if (tokenCriteriaMatched &&
|
|
12
|
+
redir.topLevelDomain !== suffix &&
|
|
13
|
+
containsApplication(redir.applications, origin)) {
|
|
14
|
+
redirection = redir;
|
|
15
|
+
break;
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
if (redirection) {
|
|
19
|
+
result = `${redirection.authHost}/oauth/passthrough?jti=${decodedToken.jti}&redirect=${encodeURIComponent(origin.replace(suffix, redirection.topLevelDomain))}`;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
return result;
|
|
23
|
+
};
|
|
24
|
+
const containsKeys = (obj1, obj2) => {
|
|
25
|
+
let result = true;
|
|
26
|
+
Object.keys(obj2).forEach((key) => {
|
|
27
|
+
if (obj1[key] !== obj2[key]) {
|
|
28
|
+
result = false;
|
|
29
|
+
}
|
|
30
|
+
});
|
|
31
|
+
return result;
|
|
32
|
+
};
|
|
33
|
+
const containsApplication = (list, app) => {
|
|
34
|
+
const index = list.findIndex((appName) => app.startsWith(`http://${appName}`) ||
|
|
35
|
+
app.startsWith(`https://${appName}`));
|
|
36
|
+
return index >= 0;
|
|
37
|
+
};
|
|
38
|
+
//# sourceMappingURL=redirections.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redirections.js","sourceRoot":"","sources":["../../../../../packages/auth-agent/src/lib/redirections.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,MAAc,EACd,YAAiB,EACjB,iBAA+B,EACX,EAAE;IACtB,IAAI,MAAM,CAAC;IACX,IAAI,WAAW,CAAC;IAChB,MAAM,eAAe,GAAG,iBAAiB,CAAC,eAAe,CAAC;IAC1D,MAAM,YAAY,GAAG,iBAAiB,CAAC,YAAY,CAAC;IACpD,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAEzE,IAAI,MAAM,EAAE;QACV,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC5C,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,oBAAoB,GAAG,YAAY,CAAC,YAAY,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YACxE,IACE,oBAAoB;gBACpB,KAAK,CAAC,cAAc,KAAK,MAAM;gBAC/B,mBAAmB,CAAC,KAAK,CAAC,YAAY,EAAE,MAAM,CAAC,EAC/C;gBACA,WAAW,GAAG,KAAK,CAAC;gBACpB,MAAM;aACP;SACF;QAED,IAAI,WAAW,EAAE;YACf,MAAM,GAAG,GAAG,WAAW,CAAC,QAAQ,0BAC9B,YAAY,CAAC,GACf,aAAa,kBAAkB,CAC7B,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC,cAAc,CAAC,CACnD,EAAE,CAAC;SACL;KACF;IACD,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,YAAY,GAAG,CAAC,IAAS,EAAE,IAAS,EAAW,EAAE;IACrD,IAAI,MAAM,GAAG,IAAI,CAAC;IAClB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QAChC,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE;YAC3B,MAAM,GAAG,KAAK,CAAC;SAChB;IACH,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAAC,IAAc,EAAE,GAAW,EAAW,EAAE;IACnE,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAC1B,CAAC,OAAO,EAAE,EAAE,CACV,GAAG,CAAC,UAAU,CAAC,UAAU,OAAO,EAAE,CAAC;QACnC,GAAG,CAAC,UAAU,CAAC,WAAW,OAAO,EAAE,CAAC,CACvC,CAAC;IACF,OAAO,KAAK,IAAI,CAAC,CAAC;AACpB,CAAC,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/// <reference types="node" />
|
|
2
|
+
declare let refreshTokenInstance: RefreshToken | undefined;
|
|
3
|
+
declare let timer: NodeJS.Timeout | undefined;
|
|
4
|
+
declare const SECONDS_BEFORE_EXPIRE = 10;
|
|
5
|
+
declare const startRefreshAccessTokenProcess: (expireIn: number) => void;
|
|
6
|
+
declare const destroyRefreshAccessTokenProcess: () => void;
|
|
7
|
+
declare class RefreshToken {
|
|
8
|
+
#private;
|
|
9
|
+
constructor(params: {
|
|
10
|
+
verifier: string;
|
|
11
|
+
clientId: string;
|
|
12
|
+
authHost: string;
|
|
13
|
+
refreshToken: string;
|
|
14
|
+
expireIn: number;
|
|
15
|
+
});
|
|
16
|
+
getExpireId: () => number;
|
|
17
|
+
renewAccessToken: () => Promise<any>;
|
|
18
|
+
}
|
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
12
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
13
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
14
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
15
|
+
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
16
|
+
};
|
|
17
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
18
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
19
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
20
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
21
|
+
};
|
|
22
|
+
var _RefreshToken_verifier, _RefreshToken_clientId, _RefreshToken_authHost, _RefreshToken_refreshToken, _RefreshToken_expireIn;
|
|
23
|
+
let refreshTokenInstance;
|
|
24
|
+
let timer;
|
|
25
|
+
const SECONDS_BEFORE_EXPIRE = 10;
|
|
26
|
+
self.onmessage = (e) => {
|
|
27
|
+
const workerData = e.data;
|
|
28
|
+
postMessage('[WORKER] Web worker onmessage established');
|
|
29
|
+
switch (workerData.connectionStatus) {
|
|
30
|
+
case 'init':
|
|
31
|
+
refreshTokenInstance = new RefreshToken({
|
|
32
|
+
authHost: workerData.authHost,
|
|
33
|
+
clientId: workerData.clientId,
|
|
34
|
+
verifier: workerData.verifier,
|
|
35
|
+
refreshToken: workerData.refreshToken,
|
|
36
|
+
expireIn: workerData.expireId,
|
|
37
|
+
});
|
|
38
|
+
startRefreshAccessTokenProcess(refreshTokenInstance.getExpireId());
|
|
39
|
+
break;
|
|
40
|
+
case 'destroy':
|
|
41
|
+
destroyRefreshAccessTokenProcess();
|
|
42
|
+
postMessage({ status: 'destroy_process' });
|
|
43
|
+
break;
|
|
44
|
+
default:
|
|
45
|
+
return;
|
|
46
|
+
}
|
|
47
|
+
};
|
|
48
|
+
const startRefreshAccessTokenProcess = (expireIn) => {
|
|
49
|
+
if (timer) {
|
|
50
|
+
clearTimeout(timer);
|
|
51
|
+
}
|
|
52
|
+
if (!refreshTokenInstance) {
|
|
53
|
+
return;
|
|
54
|
+
}
|
|
55
|
+
const waitBeforeExecuting = (expireIn - SECONDS_BEFORE_EXPIRE) * 1000;
|
|
56
|
+
timer = setTimeout(() => {
|
|
57
|
+
if (!refreshTokenInstance) {
|
|
58
|
+
return;
|
|
59
|
+
}
|
|
60
|
+
refreshTokenInstance.renewAccessToken().then((res) => {
|
|
61
|
+
const { access_token, expires_in } = res;
|
|
62
|
+
postMessage({ status: 'update_access_token', accessToken: access_token });
|
|
63
|
+
startRefreshAccessTokenProcess(expires_in);
|
|
64
|
+
});
|
|
65
|
+
}, waitBeforeExecuting);
|
|
66
|
+
};
|
|
67
|
+
const destroyRefreshAccessTokenProcess = () => {
|
|
68
|
+
if (timer) {
|
|
69
|
+
clearTimeout(timer);
|
|
70
|
+
}
|
|
71
|
+
refreshTokenInstance = undefined;
|
|
72
|
+
};
|
|
73
|
+
class RefreshToken {
|
|
74
|
+
constructor(params) {
|
|
75
|
+
_RefreshToken_verifier.set(this, void 0);
|
|
76
|
+
_RefreshToken_clientId.set(this, void 0);
|
|
77
|
+
_RefreshToken_authHost.set(this, void 0);
|
|
78
|
+
_RefreshToken_refreshToken.set(this, void 0);
|
|
79
|
+
_RefreshToken_expireIn.set(this, void 0);
|
|
80
|
+
this.getExpireId = () => {
|
|
81
|
+
return __classPrivateFieldGet(this, _RefreshToken_expireIn, "f");
|
|
82
|
+
};
|
|
83
|
+
this.renewAccessToken = () => __awaiter(this, void 0, void 0, function* () {
|
|
84
|
+
const url = `${__classPrivateFieldGet(this, _RefreshToken_authHost, "f")}/oauth/token`;
|
|
85
|
+
const body = `grant_type=refresh_token&refresh_token=${__classPrivateFieldGet(this, _RefreshToken_refreshToken, "f")}&client_id=${__classPrivateFieldGet(this, _RefreshToken_clientId, "f")}&code_verifier=${__classPrivateFieldGet(this, _RefreshToken_verifier, "f")}`;
|
|
86
|
+
const response = yield fetch(url, {
|
|
87
|
+
method: 'POST',
|
|
88
|
+
headers: {
|
|
89
|
+
Accept: 'application/json',
|
|
90
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
91
|
+
},
|
|
92
|
+
body: body,
|
|
93
|
+
});
|
|
94
|
+
const { ok } = response;
|
|
95
|
+
if (!ok) {
|
|
96
|
+
throw new Error('Unable to get access token');
|
|
97
|
+
}
|
|
98
|
+
const resBody = yield response.json();
|
|
99
|
+
if (!!resBody && !!resBody.Error) {
|
|
100
|
+
throw new Error(resBody.Error);
|
|
101
|
+
}
|
|
102
|
+
const { refresh_token, expires_in } = resBody;
|
|
103
|
+
__classPrivateFieldSet(this, _RefreshToken_refreshToken, refresh_token, "f");
|
|
104
|
+
__classPrivateFieldSet(this, _RefreshToken_expireIn, expires_in, "f");
|
|
105
|
+
return resBody;
|
|
106
|
+
});
|
|
107
|
+
const { verifier, clientId, expireIn, authHost, refreshToken } = params;
|
|
108
|
+
__classPrivateFieldSet(this, _RefreshToken_verifier, verifier, "f");
|
|
109
|
+
__classPrivateFieldSet(this, _RefreshToken_clientId, clientId, "f");
|
|
110
|
+
__classPrivateFieldSet(this, _RefreshToken_authHost, authHost, "f");
|
|
111
|
+
__classPrivateFieldSet(this, _RefreshToken_refreshToken, refreshToken, "f");
|
|
112
|
+
__classPrivateFieldSet(this, _RefreshToken_expireIn, expireIn, "f");
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
_RefreshToken_verifier = new WeakMap(), _RefreshToken_clientId = new WeakMap(), _RefreshToken_authHost = new WeakMap(), _RefreshToken_refreshToken = new WeakMap(), _RefreshToken_expireIn = new WeakMap();
|
|
116
|
+
//# sourceMappingURL=refresh-token.worker.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"refresh-token.worker.js","sourceRoot":"","sources":["../../../../../packages/auth-agent/src/lib/refresh-token.worker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,IAAI,oBAA8C,CAAC;AACnD,IAAI,KAAiC,CAAC;AACtC,MAAM,qBAAqB,GAAG,EAAE,CAAC;AAEjC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,EAAQ,EAAE;IAC3B,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC;IAC1B,WAAW,CAAC,2CAA2C,CAAC,CAAC;IACzD,QAAQ,UAAU,CAAC,gBAAgB,EAAE;QACnC,KAAK,MAAM;YACT,oBAAoB,GAAG,IAAI,YAAY,CAAC;gBACtC,QAAQ,EAAE,UAAU,CAAC,QAAQ;gBAC7B,QAAQ,EAAE,UAAU,CAAC,QAAQ;gBAC7B,QAAQ,EAAE,UAAU,CAAC,QAAQ;gBAC7B,YAAY,EAAE,UAAU,CAAC,YAAY;gBACrC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC,CAAC;YACH,8BAA8B,CAAC,oBAAoB,CAAC,WAAW,EAAE,CAAC,CAAC;YACnE,MAAM;QAER,KAAK,SAAS;YACZ,gCAAgC,EAAE,CAAC;YACnC,WAAW,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC;YAC3C,MAAM;QAER;YACE,OAAO;KACV;AACH,CAAC,CAAC;AAEF,MAAM,8BAA8B,GAAG,CAAC,QAAgB,EAAE,EAAE;IAC1D,IAAI,KAAK,EAAE;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;KACrB;IAED,IAAI,CAAC,oBAAoB,EAAE;QACzB,OAAO;KACR;IAED,MAAM,mBAAmB,GAAG,CAAC,QAAQ,GAAG,qBAAqB,CAAC,GAAG,IAAI,CAAC;IAEtE,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;QACtB,IAAI,CAAC,oBAAoB,EAAE;YACzB,OAAO;SACR;QACD,oBAAoB,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC;YACzC,WAAW,CAAC,EAAE,MAAM,EAAE,qBAAqB,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC,CAAC;YAC1E,8BAA8B,CAAC,UAAU,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,mBAAmB,CAAC,CAAC;AAC1B,CAAC,CAAC;AAEF,MAAM,gCAAgC,GAAG,GAAG,EAAE;IAC5C,IAAI,KAAK,EAAE;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;KACrB;IAED,oBAAoB,GAAG,SAAS,CAAC;AACnC,CAAC,CAAC;AAEF,MAAM,YAAY;IAOhB,YAAY,MAMX;QAZD,yCAAkB;QAClB,yCAAkB;QAClB,yCAAkB;QAClB,6CAAsB;QACtB,yCAAkB;QAiBlB,gBAAW,GAAG,GAAW,EAAE;YACzB,OAAO,uBAAA,IAAI,8BAAU,CAAC;QACxB,CAAC,CAAC;QAEF,qBAAgB,GAAG,GAAS,EAAE;YAC5B,MAAM,GAAG,GAAG,GAAG,uBAAA,IAAI,8BAAU,cAAc,CAAC;YAC5C,MAAM,IAAI,GAAG,0CACX,uBAAA,IAAI,kCACN,cAAc,uBAAA,IAAI,8BAAU,kBAAkB,uBAAA,IAAI,8BAAU,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,IAAI;aACX,CAAC,CAAC;YACH,MAAM,EAAE,EAAE,EAAE,GAAG,QAAQ,CAAC;YACxB,IAAI,CAAC,EAAE,EAAE;gBACP,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;aAC/C;YAED,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACtC,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;aAChC;YAED,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;YAC9C,uBAAA,IAAI,8BAAiB,aAAa,MAAA,CAAC;YACnC,uBAAA,IAAI,0BAAa,UAAU,MAAA,CAAC;YAC5B,OAAO,OAAO,CAAC;QACjB,CAAC,CAAA,CAAC;QAvCA,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QACxE,uBAAA,IAAI,0BAAa,QAAQ,MAAA,CAAC;QAC1B,uBAAA,IAAI,0BAAa,QAAQ,MAAA,CAAC;QAC1B,uBAAA,IAAI,0BAAa,QAAQ,MAAA,CAAC;QAC1B,uBAAA,IAAI,8BAAiB,YAAY,MAAA,CAAC;QAClC,uBAAA,IAAI,0BAAa,QAAQ,MAAA,CAAC;IAC5B,CAAC;CAkCF"}
|
package/src/lib/types.d.ts
CHANGED
|
@@ -10,6 +10,7 @@ export declare type InitOptions = {
|
|
|
10
10
|
authHost: string;
|
|
11
11
|
clientId: string;
|
|
12
12
|
scopes: string[];
|
|
13
|
+
autoRefreshToken?: boolean;
|
|
13
14
|
autoLogin?: boolean;
|
|
14
15
|
autoLogout?: boolean;
|
|
15
16
|
idleTimeoutInMinutes?: number;
|
|
@@ -53,3 +54,20 @@ export declare type AccountLink = {
|
|
|
53
54
|
staffId?: string;
|
|
54
55
|
};
|
|
55
56
|
};
|
|
57
|
+
export declare type LeapToken = {
|
|
58
|
+
access_token: string;
|
|
59
|
+
expires_in: number;
|
|
60
|
+
refresh_token: string;
|
|
61
|
+
};
|
|
62
|
+
export declare type Redirections = {
|
|
63
|
+
topLevelDomains: Array<string>;
|
|
64
|
+
environments: Array<{
|
|
65
|
+
criteria: {
|
|
66
|
+
region: string;
|
|
67
|
+
environment: string;
|
|
68
|
+
};
|
|
69
|
+
topLevelDomain: string;
|
|
70
|
+
authHost: string;
|
|
71
|
+
applications: Array<string>;
|
|
72
|
+
}>;
|
|
73
|
+
};
|
package/src/lib/types.js
CHANGED
package/src/lib/utils.js
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import cryptoRandomString from 'crypto-random-string';
|
|
2
|
+
import { sha256 } from 'js-sha256';
|
|
3
|
+
export const createCodeVerifier = (size) => {
|
|
4
|
+
return cryptoRandomString({
|
|
5
|
+
length: size,
|
|
6
|
+
type: 'alphanumeric',
|
|
7
|
+
});
|
|
8
|
+
};
|
|
9
|
+
export const createCodeChallenge = (verifier) => {
|
|
10
|
+
return btoa(sha256(verifier).toLowerCase());
|
|
11
|
+
};
|
|
12
|
+
//# sourceMappingURL=utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../../packages/auth-agent/src/lib/utils.ts"],"names":[],"mappings":"AAAA,OAAO,kBAAkB,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAU,EAAE;IACzD,OAAO,kBAAkB,CAAC;QACxB,MAAM,EAAE,IAAI;QACZ,IAAI,EAAE,cAAc;KACrB,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,QAAgB,EAAU,EAAE;IAC9D,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;AAC9C,CAAC,CAAC"}
|