@mantiq/oauth 0.1.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +29 -8
- package/src/OAuthServiceProvider.ts +28 -1
- package/src/grants/GrantHandler.ts +2 -2
- package/src/jwt/JwtPayload.ts +7 -7
- package/src/jwt/JwtSigner.ts +2 -2
- package/src/models/AccessToken.ts +2 -0
- package/src/models/AuthCode.ts +2 -0
- package/src/models/Client.ts +2 -0
- package/src/models/RefreshToken.ts +2 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mantiq/oauth",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.0",
|
|
4
4
|
"description": "OAuth 2.0 server — authorization code (PKCE), client credentials, JWT access tokens, scopes",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
@@ -14,12 +14,30 @@
|
|
|
14
14
|
"bugs": {
|
|
15
15
|
"url": "https://github.com/mantiqjs/mantiq/issues"
|
|
16
16
|
},
|
|
17
|
-
"keywords": [
|
|
18
|
-
|
|
17
|
+
"keywords": [
|
|
18
|
+
"mantiq",
|
|
19
|
+
"oauth",
|
|
20
|
+
"oauth2",
|
|
21
|
+
"jwt",
|
|
22
|
+
"authorization",
|
|
23
|
+
"token"
|
|
24
|
+
],
|
|
25
|
+
"engines": {
|
|
26
|
+
"bun": ">=1.1.0"
|
|
27
|
+
},
|
|
19
28
|
"main": "./src/index.ts",
|
|
20
29
|
"types": "./src/index.ts",
|
|
21
|
-
"exports": {
|
|
22
|
-
|
|
30
|
+
"exports": {
|
|
31
|
+
".": {
|
|
32
|
+
"bun": "./src/index.ts",
|
|
33
|
+
"default": "./src/index.ts"
|
|
34
|
+
}
|
|
35
|
+
},
|
|
36
|
+
"files": [
|
|
37
|
+
"src/",
|
|
38
|
+
"package.json",
|
|
39
|
+
"README.md"
|
|
40
|
+
],
|
|
23
41
|
"scripts": {
|
|
24
42
|
"build": "bun build ./src/index.ts --outdir ./dist --target bun --packages=external",
|
|
25
43
|
"test": "bun test",
|
|
@@ -27,9 +45,9 @@
|
|
|
27
45
|
"clean": "rm -rf dist"
|
|
28
46
|
},
|
|
29
47
|
"peerDependencies": {
|
|
30
|
-
"@mantiq/core": "^0.
|
|
31
|
-
"@mantiq/database": "^0.
|
|
32
|
-
"@mantiq/auth": "^0.
|
|
48
|
+
"@mantiq/core": "^0.5.0",
|
|
49
|
+
"@mantiq/database": "^0.5.0",
|
|
50
|
+
"@mantiq/auth": "^0.5.0"
|
|
33
51
|
},
|
|
34
52
|
"devDependencies": {
|
|
35
53
|
"bun-types": "latest",
|
|
@@ -37,5 +55,8 @@
|
|
|
37
55
|
"@mantiq/core": "workspace:*",
|
|
38
56
|
"@mantiq/database": "workspace:*",
|
|
39
57
|
"@mantiq/auth": "workspace:*"
|
|
58
|
+
},
|
|
59
|
+
"mantiq": {
|
|
60
|
+
"provider": "OAuthServiceProvider"
|
|
40
61
|
}
|
|
41
62
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { ServiceProvider, ConfigRepository } from '@mantiq/core'
|
|
1
|
+
import { ServiceProvider, ConfigRepository, HttpKernel } from '@mantiq/core'
|
|
2
2
|
import type { Router } from '@mantiq/core'
|
|
3
3
|
import { ROUTER } from '@mantiq/core'
|
|
4
4
|
import { AuthManager } from '@mantiq/auth'
|
|
@@ -15,6 +15,11 @@ import { RefreshTokenGrant } from './grants/RefreshTokenGrant.ts'
|
|
|
15
15
|
import { PersonalAccessGrant } from './grants/PersonalAccessGrant.ts'
|
|
16
16
|
import { oauthRoutes } from './routes/oauthRoutes.ts'
|
|
17
17
|
import { OAUTH_SERVER } from './helpers/oauth.ts'
|
|
18
|
+
import { registerCommands } from '@mantiq/cli'
|
|
19
|
+
import { OAuthClientCommand } from './commands/OAuthClientCommand.ts'
|
|
20
|
+
import { OAuthInstallCommand } from './commands/OAuthInstallCommand.ts'
|
|
21
|
+
import { OAuthKeysCommand } from './commands/OAuthKeysCommand.ts'
|
|
22
|
+
import { OAuthPurgeCommand } from './commands/OAuthPurgeCommand.ts'
|
|
18
23
|
import { readFile } from 'node:fs/promises'
|
|
19
24
|
|
|
20
25
|
const DEFAULT_CONFIG: OAuthConfig = {
|
|
@@ -85,5 +90,27 @@ export class OAuthServiceProvider extends ServiceProvider {
|
|
|
85
90
|
} catch {
|
|
86
91
|
// Router not available
|
|
87
92
|
}
|
|
93
|
+
|
|
94
|
+
// Register middleware aliases
|
|
95
|
+
try {
|
|
96
|
+
const kernel = this.app.make(HttpKernel)
|
|
97
|
+
kernel.registerMiddleware('scopes', CheckScopes as any)
|
|
98
|
+
kernel.registerMiddleware('scope', CheckForAnyScope as any)
|
|
99
|
+
kernel.registerMiddleware('client', CheckClientCredentials as any)
|
|
100
|
+
} catch {
|
|
101
|
+
// HttpKernel may not be available in non-HTTP contexts
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
// Register commands
|
|
105
|
+
try {
|
|
106
|
+
registerCommands([
|
|
107
|
+
new OAuthClientCommand(),
|
|
108
|
+
new OAuthInstallCommand(),
|
|
109
|
+
new OAuthKeysCommand(),
|
|
110
|
+
new OAuthPurgeCommand(),
|
|
111
|
+
])
|
|
112
|
+
} catch {
|
|
113
|
+
// @mantiq/cli may not be available
|
|
114
|
+
}
|
|
88
115
|
}
|
|
89
116
|
}
|
package/src/jwt/JwtPayload.ts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
export interface JwtPayload {
|
|
2
|
-
iss?: string
|
|
3
|
-
sub?: string
|
|
4
|
-
aud?: string
|
|
5
|
-
exp?: number
|
|
6
|
-
iat?: number
|
|
7
|
-
jti?: string
|
|
8
|
-
scopes?: string[]
|
|
2
|
+
iss?: string | undefined
|
|
3
|
+
sub?: string | undefined
|
|
4
|
+
aud?: string | undefined
|
|
5
|
+
exp?: number | undefined
|
|
6
|
+
iat?: number | undefined
|
|
7
|
+
jti?: string | undefined
|
|
8
|
+
scopes?: string[] | undefined
|
|
9
9
|
}
|
package/src/jwt/JwtSigner.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type { JwtPayload } from './JwtPayload.ts'
|
|
2
2
|
import { base64UrlEncode, base64UrlDecode, base64UrlEncodeString } from './JwtEncoder.ts'
|
|
3
3
|
|
|
4
|
-
const ALGORITHM:
|
|
4
|
+
const ALGORITHM: { name: string; hash: string } = {
|
|
5
5
|
name: 'RSASSA-PKCS1-v1_5',
|
|
6
6
|
hash: 'SHA-256',
|
|
7
7
|
}
|
|
@@ -74,7 +74,7 @@ export class JwtSigner {
|
|
|
74
74
|
const valid = await crypto.subtle.verify(
|
|
75
75
|
ALGORITHM.name,
|
|
76
76
|
this.publicKey,
|
|
77
|
-
signature,
|
|
77
|
+
signature as any,
|
|
78
78
|
data,
|
|
79
79
|
)
|
|
80
80
|
|
|
@@ -4,7 +4,9 @@ export class AccessToken extends Model {
|
|
|
4
4
|
static override table = 'oauth_access_tokens'
|
|
5
5
|
static override keyType = 'string' as const
|
|
6
6
|
static override incrementing = false
|
|
7
|
+
static override guarded = [] as string[]
|
|
7
8
|
static override fillable = [
|
|
9
|
+
'id',
|
|
8
10
|
'user_id',
|
|
9
11
|
'client_id',
|
|
10
12
|
'name',
|
package/src/models/AuthCode.ts
CHANGED
|
@@ -4,7 +4,9 @@ export class AuthCode extends Model {
|
|
|
4
4
|
static override table = 'oauth_auth_codes'
|
|
5
5
|
static override keyType = 'string' as const
|
|
6
6
|
static override incrementing = false
|
|
7
|
+
static override guarded = [] as string[]
|
|
7
8
|
static override fillable = [
|
|
9
|
+
'id',
|
|
8
10
|
'user_id',
|
|
9
11
|
'client_id',
|
|
10
12
|
'scopes',
|
package/src/models/Client.ts
CHANGED
|
@@ -4,7 +4,9 @@ export class Client extends Model {
|
|
|
4
4
|
static override table = 'oauth_clients'
|
|
5
5
|
static override keyType = 'string' as const
|
|
6
6
|
static override incrementing = false
|
|
7
|
+
static override guarded = [] as string[]
|
|
7
8
|
static override fillable = [
|
|
9
|
+
'id',
|
|
8
10
|
'name',
|
|
9
11
|
'secret',
|
|
10
12
|
'redirect',
|
|
@@ -4,7 +4,9 @@ export class RefreshToken extends Model {
|
|
|
4
4
|
static override table = 'oauth_refresh_tokens'
|
|
5
5
|
static override keyType = 'string' as const
|
|
6
6
|
static override incrementing = false
|
|
7
|
+
static override guarded = [] as string[]
|
|
7
8
|
static override fillable = [
|
|
9
|
+
'id',
|
|
8
10
|
'access_token_id',
|
|
9
11
|
'revoked',
|
|
10
12
|
'expires_at',
|