@mereb/shared-packages 0.0.42 → 0.0.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +1 -1
  2. package/dist/auth/jwks.d.ts +3 -2
  3. package/dist/auth/jwks.d.ts.map +1 -1
  4. package/dist/auth/jwks.js +15 -1
  5. package/package.json +1 -1
package/README.md CHANGED
@@ -49,7 +49,7 @@ pnpm --filter @mereb/shared-packages version:bump minor
49
49
  pnpm --filter @mereb/shared-packages version:bump major
50
50
  ```
51
51
 
52
- The repository includes Jenkins + `.ci/ci.yml` automation for tag/release/publish flow.
52
+ The repository includes Jenkins + `.ci/ci.mjc` automation for tag/release/publish flow.
53
53
 
54
54
  ## Manual publish fallback
55
55
 
package/dist/auth/jwks.d.ts CHANGED
@@ -4,11 +4,12 @@ export declare const FULL_ADMIN_ROLES: readonly ["admin", "mereb.admin", "realm-
4
4
  export declare const LIMITED_ADMIN_ROLES: readonly ["moderator", "support", "admin.viewer", "mereb.staff"];
5
5
  export declare const READ_ONLY_ADMIN_ROLES: readonly ["admin", "mereb.admin", "realm-admin", "moderator", "support", "admin.viewer", "mereb.staff"];
6
6
  export interface VerifyJwtOptions {
7
- issuer: string;
7
+ issuer: string | string[];
8
8
  audience?: string | string[];
9
9
  cacheTtlMs?: number;
10
10
  }
11
- export declare function initJwks(issuer: string): Promise<void>;
11
+ export declare function parseIssuerEnv(value: string): string | string[];
12
+ export declare function initJwks(issuer: string | string[]): Promise<void>;
12
13
  export declare function verifyJwt(token: string, { issuer, audience }: VerifyJwtOptions): Promise<JWTPayload>;
13
14
  export declare function extractUserId(payload: JWTPayload): string | undefined;
14
15
  export declare function extractJwtRoles(payload: JWTPayload): string[];
package/dist/auth/jwks.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"jwks.d.ts","sourceRoot":"","sources":["../../src/auth/jwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiC,KAAK,UAAU,EAAE,MAAM,MAAM,CAAC;AACtE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAIrD,eAAO,MAAM,gBAAgB,kDAAmD,CAAC;AACjF,eAAO,MAAM,mBAAmB,kEAKtB,CAAC;AACX,eAAO,MAAM,qBAAqB,yGAAyD,CAAC;AAE5F,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAsB,QAAQ,CAAC,MAAM,EAAE,MAAM,iBAI5C;AAED,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,gBAAgB,uBAYvC;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,UAAU,sBAEhD;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,EAAE,CAS7D;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,EAAE,YAAY,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAKzG;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,GAAG,OAAO,CAEhF;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,GAAG,OAAO,CAEhF;AAED,wBAAgB,eAAe,CAC7B,OAAO,EAAE,mBAAmB,GAC3B,MAAM,GAAG,SAAS,CAMpB"}
1
+ {"version":3,"file":"jwks.d.ts","sourceRoot":"","sources":["../../src/auth/jwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiC,KAAK,UAAU,EAAE,MAAM,MAAM,CAAC;AACtE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAIrD,eAAO,MAAM,gBAAgB,kDAAmD,CAAC;AACjF,eAAO,MAAM,mBAAmB,kEAKtB,CAAC;AACX,eAAO,MAAM,qBAAqB,yGAAyD,CAAC;AAE5F,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAMD,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,CAW/D;AAED,wBAAsB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,iBAKvD;AAED,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,gBAAgB,uBAYvC;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,UAAU,sBAEhD;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,EAAE,CAS7D;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,EAAE,YAAY,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAKzG;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,GAAG,OAAO,CAEhF;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,GAAG,OAAO,CAEhF;AAED,wBAAgB,eAAe,CAC7B,OAAO,EAAE,mBAAmB,GAC3B,MAAM,GAAG,SAAS,CAMpB"}
package/dist/auth/jwks.js CHANGED
@@ -8,8 +8,22 @@ export const LIMITED_ADMIN_ROLES = [
8
8
  'mereb.staff'
9
9
  ];
10
10
  export const READ_ONLY_ADMIN_ROLES = [...FULL_ADMIN_ROLES, ...LIMITED_ADMIN_ROLES];
11
+ function normalizeIssuers(issuer) {
12
+ return Array.isArray(issuer) ? issuer : [issuer];
13
+ }
14
+ export function parseIssuerEnv(value) {
15
+ const issuers = value
16
+ .split(',')
17
+ .map((entry) => entry.trim())
18
+ .filter(Boolean);
19
+ if (issuers.length === 0) {
20
+ throw new Error('OIDC_ISSUER env var required');
21
+ }
22
+ return issuers.length === 1 ? issuers[0] : issuers;
23
+ }
11
24
  export async function initJwks(issuer) {
12
- jwks = createRemoteJWKSet(new URL(`${issuer.replace(/\/$/, '')}/protocol/openid-connect/certs`));
25
+ const [jwksIssuer] = normalizeIssuers(issuer);
26
+ jwks = createRemoteJWKSet(new URL(`${jwksIssuer.replace(/\/$/, '')}/protocol/openid-connect/certs`));
13
27
  }
14
28
  export async function verifyJwt(token, { issuer, audience }) {
15
29
  if (!jwks) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mereb/shared-packages",
3
- "version": "0.0.42",
3
+ "version": "0.0.44",
4
4
  "type": "module",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",