@microsoft/teams.apps 2.0.0-preview.7 → 2.0.0-preview.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app.d.ts +47 -41
- package/dist/app.js +27 -3
- package/dist/app.process.js +13 -19
- package/dist/contexts/activity.d.ts +7 -2
- package/dist/contexts/activity.js +5 -4
- package/dist/middleware/auth/jwt-validator.d.ts +60 -0
- package/dist/middleware/auth/jwt-validator.js +213 -0
- package/dist/middleware/index.d.ts +1 -0
- package/dist/middleware/index.js +2 -1
- package/dist/middleware/jwt-validation-middleware.d.ts +11 -0
- package/dist/middleware/jwt-validation-middleware.js +46 -0
- package/dist/plugins/http/plugin.d.ts +9 -3
- package/dist/plugins/http/plugin.js +30 -12
- package/dist/plugins/http/stream.d.ts +1 -0
- package/dist/plugins/http/stream.js +46 -38
- package/dist/utils/asserts.d.ts +1 -0
- package/dist/utils/asserts.js +12 -0
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.js +3 -2
- package/package.json +5 -5
|
@@ -39,8 +39,8 @@ class ActivityContext {
|
|
|
39
39
|
value.activity = teams_api_1.TypingActivity.from(value.activity).toInterface();
|
|
40
40
|
}
|
|
41
41
|
}
|
|
42
|
-
async send(activity) {
|
|
43
|
-
return await this._plugin.send((0, teams_api_1.toActivityParams)(activity), this.ref);
|
|
42
|
+
async send(activity, conversationRef) {
|
|
43
|
+
return await this._plugin.send((0, teams_api_1.toActivityParams)(activity), conversationRef ?? this.ref);
|
|
44
44
|
}
|
|
45
45
|
async reply(activity) {
|
|
46
46
|
activity = (0, teams_api_1.toActivityParams)(activity);
|
|
@@ -94,6 +94,7 @@ class ActivityContext {
|
|
|
94
94
|
type: 'message',
|
|
95
95
|
inputHint: 'acceptingInput',
|
|
96
96
|
recipient: this.activity.from,
|
|
97
|
+
conversation: convo.conversation,
|
|
97
98
|
attachments: [
|
|
98
99
|
(0, teams_api_1.cardAttachment)('oauth', {
|
|
99
100
|
text: oauthCardText,
|
|
@@ -109,7 +110,7 @@ class ActivityContext {
|
|
|
109
110
|
],
|
|
110
111
|
}),
|
|
111
112
|
],
|
|
112
|
-
});
|
|
113
|
+
}, convo);
|
|
113
114
|
}
|
|
114
115
|
async signout() {
|
|
115
116
|
await this.api.users.token.signOut({
|
|
@@ -156,4 +157,4 @@ class ActivityContext {
|
|
|
156
157
|
}
|
|
157
158
|
}
|
|
158
159
|
exports.ActivityContext = ActivityContext;
|
|
159
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
160
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWN0aXZpdHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY29udGV4dHMvYWN0aXZpdHkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsb0RBZ0I4QjtBQXVJakIsUUFBQSxzQkFBc0IsR0FBa0I7SUFDbkQsYUFBYSxFQUFFLG1CQUFtQjtJQUNsQyxnQkFBZ0IsRUFBRSxTQUFTO0NBQzVCLENBQUM7QUFFRixNQUFhLGVBQWU7SUFFMUIsS0FBSyxDQUFVO0lBQ2YsUUFBUSxDQUFLO0lBQ2IsR0FBRyxDQUF5QjtJQUM1QixHQUFHLENBQVc7SUFDZCxHQUFHLENBQWE7SUFDaEIsUUFBUSxDQUFlO0lBQ3ZCLFNBQVMsQ0FBZTtJQUN4QixPQUFPLENBQVk7SUFDbkIsTUFBTSxDQUFZO0lBQ2xCLFVBQVUsQ0FBVztJQUNyQixjQUFjLENBQVM7SUFDdkIsSUFBSSxDQUUwRDtJQUdwRCxPQUFPLENBQVU7SUFDakIsS0FBSyxDQUUrQztJQUU5RCxZQUFZLE1BQWUsRUFBRSxLQUE4QjtRQUN6RCxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQztRQUMzQixJQUFJLENBQUMsT0FBTyxHQUFHLE1BQU0sQ0FBQztRQUN0QixJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzdDLElBQUksQ0FBQyxjQUFjLEdBQUcsS0FBSyxDQUFDLGNBQWMsQ0FBQztRQUUzQyxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3RDLEtBQUssQ0FBQyxRQUFRLEdBQUcsMkJBQWUsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ3RFLENBQUM7UUFFRCxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBSSxLQUFLLGVBQWUsRUFBRSxDQUFDO1lBQzVDLEtBQUssQ0FBQyxRQUFRLEdBQUcsaUNBQXFCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUM1RSxDQUFDO1FBRUQsSUFBSSxLQUFLLENBQUMsUUFBUSxDQUFDLElBQUksS0FBSyxlQUFlLEVBQUUsQ0FBQztZQUM1QyxLQUFLLENBQUMsUUFBUSxHQUFHLGlDQUFxQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDNUUsQ0FBQztRQUVELElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDckMsS0FBSyxDQUFDLFFBQVEsR0FBRywwQkFBYyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDckUsQ0FBQztJQUNILENBQUM7SUFFRCxLQUFLLENBQUMsSUFBSSxDQUFDLFFBQXNCLEVBQUUsZUFBdUM7UUFDeEUsT0FBTyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUEsNEJBQWdCLEVBQUMsUUFBUSxDQUFDLEVBQUUsZUFBZSxJQUFJLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMxRixDQUFDO0lBRUQsS0FBSyxDQUFDLEtBQUssQ0FBQyxRQUFzQjtRQUNoQyxRQUFRLEdBQUcsSUFBQSw0QkFBZ0IsRUFBQyxRQUFRLENBQUMsQ0FBQztRQUN0QyxRQUFRLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ3RDLElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxTQUFTLElBQUksUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2pELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQywwQkFBMEIsRUFBRSxDQUFDO1lBQ3JELElBQUksVUFBVSxFQUFFLENBQUM7Z0JBQ2YsUUFBUSxDQUFDLElBQUksR0FBRyxHQUFHLFVBQVUsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDdEQsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDN0IsQ0FBQztJQUVELEtBQUssQ0FBQyxNQUFNLENBQUMsT0FBZ0M7UUFDM0MsTUFBTSxFQUFFLGFBQWEsRUFBRSxnQkFBZ0IsRUFBRSxzQkFBc0IsRUFBRSxHQUFHO1lBQ2xFLEdBQUcsOEJBQXNCO1lBQ3pCLEdBQUcsT0FBTztTQUNYLENBQUM7UUFFRixNQUFNLEtBQUssR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBRTlCLElBQUksQ0FBQztZQUNILE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQztnQkFDekMsU0FBUyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUztnQkFDbEMsTUFBTSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEVBQUU7Z0JBQzdCLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYzthQUNwQyxDQUFDLENBQUM7WUFFSCxPQUFPLEdBQUcsQ0FBQyxLQUFLLENBQUM7UUFDbkIsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sa0JBQWtCLEdBQXVCO1lBQzdDLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztZQUNuQyxZQUFZLEVBQUUsS0FBSztZQUNuQixTQUFTLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTO1lBQ2xDLE9BQU8sRUFBRSxJQUFJLENBQUMsS0FBSztTQUNwQixDQUFDO1FBRUYsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN2QyxrREFBa0Q7WUFDbEQsdUNBQXVDO1lBQ3ZDLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDO2dCQUM5QyxRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsUUFBUTtnQkFDN0MsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsR0FBRyxFQUFFLEVBQUUsRUFBRSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRTtnQkFDdkMsT0FBTyxFQUFFLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUM7YUFDOUIsQ0FBQyxDQUFDO1lBRUgsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztZQUMxRCxLQUFLLENBQUMsWUFBWSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsQ0FBQyxFQUFFLEVBQXlCLENBQUM7UUFDN0QsQ0FBQztRQUVELE1BQU0sS0FBSyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUNwRSxRQUFRLENBQ1QsQ0FBQztRQUNGLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUM7UUFFbkUsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUNiLHNCQUFzQixFQUFFLENBQ3RCLFFBQVEsQ0FBQyxxQkFBcUIsRUFDOUIsUUFBUSxDQUFDLGlCQUFpQixFQUMxQixRQUFRLENBQUMsVUFBVSxDQUNwQixJQUFJO1lBQ0gsSUFBSSxFQUFFLFNBQVM7WUFDZixTQUFTLEVBQUUsZ0JBQWdCO1lBQzNCLFNBQVMsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUk7WUFDN0IsWUFBWSxFQUFFLEtBQUssQ0FBQyxZQUFZO1lBQ2hDLFdBQVcsRUFBRTtnQkFDWCxJQUFBLDBCQUFjLEVBQUMsT0FBTyxFQUFFO29CQUN0QixJQUFJLEVBQUUsYUFBYTtvQkFDbkIsY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO29CQUNuQyxxQkFBcUIsRUFBRSxRQUFRLENBQUMscUJBQXFCO29CQUNyRCxpQkFBaUIsRUFBRSxRQUFRLENBQUMsaUJBQWlCO29CQUM3QyxPQUFPLEVBQUU7d0JBQ1A7NEJBQ0UsSUFBSSxFQUFFLFFBQVE7NEJBQ2QsS0FBSyxFQUFFLGdCQUFnQjs0QkFDdkIsS0FBSyxFQUFFLFFBQVEsQ0FBQyxVQUFVO3lCQUMzQjtxQkFDRjtpQkFDRixDQUFDO2FBQ0g7U0FDRixFQUFFLEtBQUssQ0FDVCxDQUFDO0lBQ0osQ0FBQztJQUVELEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDO1lBQ2pDLFNBQVMsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVM7WUFDbEMsTUFBTSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEVBQUU7WUFDN0IsY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO1NBQ3BDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxXQUFXO1FBQ1QsT0FBTztZQUNMLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixHQUFHLEVBQUUsSUFBSSxDQUFDLEdBQUc7WUFDYixRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVE7WUFDdkIsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLEtBQUssRUFBRSxJQUFJLENBQUMsS0FBSztZQUNqQixHQUFHLEVBQUUsSUFBSSxDQUFDLEdBQUc7WUFDYixHQUFHLEVBQUUsSUFBSSxDQUFDLEdBQUc7WUFDYixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO1lBQ25CLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixjQUFjLEVBQUUsSUFBSSxDQUFDLGNBQWM7WUFDbkMsSUFBSSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQztZQUMxQixLQUFLLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO1lBQzVCLElBQUksRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUM7WUFDMUIsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQztZQUM5QixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO1NBQ2pDLENBQUM7SUFDSixDQUFDO0lBRU8sMEJBQTBCO1FBQ2hDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEtBQUssU0FBUyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDM0QsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDO1lBQ3RCLE1BQU0sYUFBYSxHQUNqQixJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxNQUFNLEdBQUcsU0FBUztnQkFDbkMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxTQUFTLENBQUMsS0FBSztnQkFDcEQsQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDO1lBRXpCLE9BQU8sNkVBQTZFLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRTtpQ0FDekUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsRUFBRSxLQUFLLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksMENBQTBDLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRTt3QkFDcEgsYUFBYTtjQUN2QixDQUFDO1FBQ1gsQ0FBQzthQUFNLENBQUM7WUFDTixJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxpREFBaUQsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3hGLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7Q0FDRjtBQXhMRCwwQ0F3TEMifQ==
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
import { type JwtPayload } from 'jsonwebtoken';
|
|
2
|
+
import { ILogger } from '@microsoft/teams.common';
|
|
3
|
+
export interface IJwtValidationOptions {
|
|
4
|
+
/** Required: Application/Client ID for audience validation */
|
|
5
|
+
clientId: string;
|
|
6
|
+
/**
|
|
7
|
+
* This may be 'common', 'organizations', 'consumers' for multi-tenant apps,
|
|
8
|
+
* or a specific tenant ID for single-tenant apps.
|
|
9
|
+
*/
|
|
10
|
+
tenantId?: string;
|
|
11
|
+
/**
|
|
12
|
+
* JWKS URI options for fetching public keys
|
|
13
|
+
*/
|
|
14
|
+
jwksUriOptions: {
|
|
15
|
+
type: 'tenantId';
|
|
16
|
+
} | {
|
|
17
|
+
type: 'uri';
|
|
18
|
+
uri: string;
|
|
19
|
+
};
|
|
20
|
+
/** Optional: Validate required scope in token */
|
|
21
|
+
validateScope?: {
|
|
22
|
+
requiredScope: string;
|
|
23
|
+
};
|
|
24
|
+
/** Optional: Validate service URL (Bot Framework specific) */
|
|
25
|
+
validateServiceUrl?: {
|
|
26
|
+
expectedServiceUrl: string;
|
|
27
|
+
};
|
|
28
|
+
/** Optional: Custom issuer validation */
|
|
29
|
+
validateIssuer?: {
|
|
30
|
+
/** Allowed */
|
|
31
|
+
allowedIssuer: string;
|
|
32
|
+
} | {
|
|
33
|
+
/** For multi-tenant apps, restrict to specific tenant IDs */
|
|
34
|
+
allowedTenantIds?: string[];
|
|
35
|
+
};
|
|
36
|
+
/** Optional: Clock tolerance in seconds (default: 300) */
|
|
37
|
+
clockTolerance?: number;
|
|
38
|
+
}
|
|
39
|
+
export declare class JwtValidator {
|
|
40
|
+
readonly options: IJwtValidationOptions;
|
|
41
|
+
private readonly logger?;
|
|
42
|
+
private readonly jwksCache;
|
|
43
|
+
constructor(options: IJwtValidationOptions, logger?: ILogger);
|
|
44
|
+
/**
|
|
45
|
+
* Validates a JWT token using the configured options
|
|
46
|
+
*/
|
|
47
|
+
validateAccessToken(rawToken: string, overrideOptions?: Pick<IJwtValidationOptions, 'validateServiceUrl' | 'validateScope'>): Promise<JwtPayload | null>;
|
|
48
|
+
private getJwksClient;
|
|
49
|
+
private getSigningKey;
|
|
50
|
+
private validateIssuer;
|
|
51
|
+
private validateScope;
|
|
52
|
+
private validateServiceUrl;
|
|
53
|
+
private performCustomValidations;
|
|
54
|
+
}
|
|
55
|
+
export declare const createEntraTokenValidator: (tenantId: string, clientId: string, options?: {
|
|
56
|
+
allowedTenantIds?: string[];
|
|
57
|
+
requiredScope?: string;
|
|
58
|
+
logger?: ILogger;
|
|
59
|
+
}) => JwtValidator;
|
|
60
|
+
export declare const createServiceTokenValidator: (appId: string, tenantId?: string, serviceUrl?: string, logger?: ILogger) => JwtValidator;
|
|
@@ -0,0 +1,213 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.createServiceTokenValidator = exports.createEntraTokenValidator = exports.JwtValidator = void 0;
|
|
7
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
8
|
+
const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
|
|
9
|
+
const teams_common_1 = require("@microsoft/teams.common");
|
|
10
|
+
const asserts_1 = require("../../utils/asserts");
|
|
11
|
+
const DEFAULTS = {
|
|
12
|
+
clockTolerance: 300 // 5 minutes
|
|
13
|
+
};
|
|
14
|
+
class JwtValidator {
|
|
15
|
+
options;
|
|
16
|
+
logger;
|
|
17
|
+
jwksCache = new Map();
|
|
18
|
+
constructor(options, logger) {
|
|
19
|
+
this.options = options;
|
|
20
|
+
this.logger = logger?.child('jwt-validator') ?? new teams_common_1.ConsoleLogger('jwt-validator');
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Validates a JWT token using the configured options
|
|
24
|
+
*/
|
|
25
|
+
async validateAccessToken(rawToken, overrideOptions) {
|
|
26
|
+
if (!rawToken) {
|
|
27
|
+
throw new Error('No token provided');
|
|
28
|
+
}
|
|
29
|
+
return new Promise((resolve) => {
|
|
30
|
+
const verifyOptions = {
|
|
31
|
+
audience: [
|
|
32
|
+
this.options.clientId,
|
|
33
|
+
`api://${this.options.clientId}`,
|
|
34
|
+
],
|
|
35
|
+
issuer: undefined,
|
|
36
|
+
ignoreExpiration: false,
|
|
37
|
+
algorithms: ['RS256'],
|
|
38
|
+
clockTolerance: this.options.clockTolerance ?? DEFAULTS.clockTolerance
|
|
39
|
+
};
|
|
40
|
+
this.logger?.debug('Validating JWT token with options:', {
|
|
41
|
+
audience: verifyOptions.audience,
|
|
42
|
+
clockTolerance: verifyOptions.clockTolerance,
|
|
43
|
+
algorithms: verifyOptions.algorithms
|
|
44
|
+
});
|
|
45
|
+
jsonwebtoken_1.default.verify(rawToken, this.getSigningKey.bind(this), verifyOptions, (err, decoded) => {
|
|
46
|
+
if (err) {
|
|
47
|
+
this.logger?.error('JWT verification failed:', err);
|
|
48
|
+
resolve(null);
|
|
49
|
+
return;
|
|
50
|
+
}
|
|
51
|
+
if (!decoded || typeof decoded !== 'object') {
|
|
52
|
+
this.logger?.error('Decoded token is not a valid object:', decoded);
|
|
53
|
+
resolve(null);
|
|
54
|
+
return;
|
|
55
|
+
}
|
|
56
|
+
this.logger?.debug('JWT verification succeeded');
|
|
57
|
+
const payload = decoded;
|
|
58
|
+
try {
|
|
59
|
+
this.performCustomValidations(payload, overrideOptions);
|
|
60
|
+
this.logger?.debug('Custom validations passed for token');
|
|
61
|
+
resolve(payload);
|
|
62
|
+
}
|
|
63
|
+
catch (validationError) {
|
|
64
|
+
this.logger?.error('Custom validation failed:', validationError);
|
|
65
|
+
resolve(null);
|
|
66
|
+
}
|
|
67
|
+
});
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
getJwksClient() {
|
|
71
|
+
switch (this.options.jwksUriOptions.type) {
|
|
72
|
+
case 'tenantId':
|
|
73
|
+
{
|
|
74
|
+
const cachedClient = this.jwksCache.get(`${this.options.tenantId}`);
|
|
75
|
+
if (cachedClient) {
|
|
76
|
+
this.logger?.debug(`Using cached JWKS client for tenant ID: ${this.options.tenantId}`);
|
|
77
|
+
return cachedClient;
|
|
78
|
+
}
|
|
79
|
+
this.jwksCache.set(`${this.options.tenantId}`, (0, jwks_rsa_1.default)({
|
|
80
|
+
jwksUri: `https://login.microsoftonline.com/${this.options.tenantId}/discovery/v2.0/keys`,
|
|
81
|
+
}));
|
|
82
|
+
return this.jwksCache.get(`${this.options.tenantId}`);
|
|
83
|
+
}
|
|
84
|
+
case 'uri':
|
|
85
|
+
{
|
|
86
|
+
const cachedClient = this.jwksCache.get(this.options.jwksUriOptions.uri);
|
|
87
|
+
if (cachedClient) {
|
|
88
|
+
this.logger?.debug(`Using cached JWKS client for URI: ${this.options.jwksUriOptions.uri}`);
|
|
89
|
+
return cachedClient;
|
|
90
|
+
}
|
|
91
|
+
this.jwksCache.set(this.options.jwksUriOptions.uri, (0, jwks_rsa_1.default)({
|
|
92
|
+
jwksUri: this.options.jwksUriOptions.uri,
|
|
93
|
+
}));
|
|
94
|
+
return this.jwksCache.get(this.options.jwksUriOptions.uri);
|
|
95
|
+
}
|
|
96
|
+
default:
|
|
97
|
+
(0, asserts_1.assertNever)(this.options.jwksUriOptions, `Unknown JWKS URI options type: ${this.options.jwksUriOptions}`);
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
getSigningKey(header, callback) {
|
|
101
|
+
const jwksClient = this.getJwksClient();
|
|
102
|
+
jwksClient?.getSigningKey(header.kid, (err, key) => {
|
|
103
|
+
if (err) {
|
|
104
|
+
this.logger?.error('Failed to get signing key:', err);
|
|
105
|
+
callback(err, undefined);
|
|
106
|
+
return;
|
|
107
|
+
}
|
|
108
|
+
const signingKey = key?.getPublicKey();
|
|
109
|
+
callback(null, signingKey);
|
|
110
|
+
});
|
|
111
|
+
}
|
|
112
|
+
validateIssuer(iss) {
|
|
113
|
+
if (!this.options.validateIssuer) {
|
|
114
|
+
return; // No issuer validation configured
|
|
115
|
+
}
|
|
116
|
+
if (!iss) {
|
|
117
|
+
throw new Error('Token missing issuer claim');
|
|
118
|
+
}
|
|
119
|
+
if ('allowedIssuer' in this.options.validateIssuer) {
|
|
120
|
+
// Validate against a specific allowed issuer
|
|
121
|
+
if (iss !== this.options.validateIssuer.allowedIssuer) {
|
|
122
|
+
throw new Error(`Token issuer '${iss}' does not match allowed issuer '${this.options.validateIssuer.allowedIssuer}'`);
|
|
123
|
+
}
|
|
124
|
+
return;
|
|
125
|
+
}
|
|
126
|
+
if (!this.options.tenantId) {
|
|
127
|
+
return;
|
|
128
|
+
}
|
|
129
|
+
const isMultiTenant = ['common', 'organizations', 'consumers'].includes(this.options.tenantId);
|
|
130
|
+
const allowedTenantIds = [];
|
|
131
|
+
if (isMultiTenant) {
|
|
132
|
+
if (this.options.validateIssuer.allowedTenantIds) {
|
|
133
|
+
// find which tenant ids are not 'common', 'organizations', or 'consumers'
|
|
134
|
+
for (const tenantId of this.options.validateIssuer.allowedTenantIds) {
|
|
135
|
+
if (!['common', 'organizations', 'consumers'].includes(tenantId)) {
|
|
136
|
+
allowedTenantIds.push(tenantId);
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
else {
|
|
142
|
+
// For single-tenant apps, only allow tokens issued by this app's tenant
|
|
143
|
+
// (ignore allowedTenantIds option for single-tenant apps)
|
|
144
|
+
allowedTenantIds.push(this.options.tenantId);
|
|
145
|
+
}
|
|
146
|
+
if (allowedTenantIds.length === 0) {
|
|
147
|
+
return; // No allowed tenant IDs configured, so no validation needed
|
|
148
|
+
}
|
|
149
|
+
else {
|
|
150
|
+
// Validate against allowed tenant IDs
|
|
151
|
+
if (!allowedTenantIds.some((tenantId) => iss.startsWith(`https://login.microsoftonline.com/${tenantId}/`))) {
|
|
152
|
+
throw new Error(`Token issuer '${iss}' not in allowed tenant IDs: ${allowedTenantIds.join(', ')}`);
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
validateScope(scp, overrideValidateScope) {
|
|
157
|
+
const validateScope = overrideValidateScope || this.options.validateScope;
|
|
158
|
+
if (validateScope) {
|
|
159
|
+
const scopes = scp ?? '';
|
|
160
|
+
if (!scopes.includes(validateScope.requiredScope)) {
|
|
161
|
+
throw new Error(`Token missing required scope: ${validateScope.requiredScope}`);
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
validateServiceUrl(serviceUrl, overrideValidateServiceUrl) {
|
|
166
|
+
const validateServiceUrl = overrideValidateServiceUrl || this.options.validateServiceUrl;
|
|
167
|
+
if (validateServiceUrl) {
|
|
168
|
+
if (!serviceUrl) {
|
|
169
|
+
throw new Error('Token missing serviceurl claim');
|
|
170
|
+
}
|
|
171
|
+
const normalizedTokenUrl = serviceUrl.replace(/\/$/, '').toLowerCase();
|
|
172
|
+
const normalizedExpectedUrl = validateServiceUrl.expectedServiceUrl.replace(/\/$/, '').toLowerCase();
|
|
173
|
+
if (normalizedTokenUrl !== normalizedExpectedUrl) {
|
|
174
|
+
throw new Error(`Service URL mismatch. Token: ${normalizedTokenUrl}, Expected: ${normalizedExpectedUrl}`);
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
performCustomValidations(payload, overrideOptions) {
|
|
179
|
+
this.validateIssuer(payload.iss);
|
|
180
|
+
this.validateScope(payload.scp, overrideOptions?.validateScope);
|
|
181
|
+
this.validateServiceUrl(payload.serviceurl, overrideOptions?.validateServiceUrl);
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
exports.JwtValidator = JwtValidator;
|
|
185
|
+
// Factory functions for common scenarios
|
|
186
|
+
const createEntraTokenValidator = (tenantId, clientId, options) => {
|
|
187
|
+
return new JwtValidator({
|
|
188
|
+
clientId,
|
|
189
|
+
tenantId,
|
|
190
|
+
validateIssuer: {
|
|
191
|
+
allowedTenantIds: options?.allowedTenantIds
|
|
192
|
+
},
|
|
193
|
+
validateScope: options?.requiredScope ? { requiredScope: options.requiredScope } : undefined,
|
|
194
|
+
jwksUriOptions: {
|
|
195
|
+
type: 'tenantId'
|
|
196
|
+
},
|
|
197
|
+
}, options?.logger);
|
|
198
|
+
};
|
|
199
|
+
exports.createEntraTokenValidator = createEntraTokenValidator;
|
|
200
|
+
const createServiceTokenValidator = (appId, tenantId, serviceUrl, logger) => {
|
|
201
|
+
return new JwtValidator({
|
|
202
|
+
clientId: appId,
|
|
203
|
+
tenantId,
|
|
204
|
+
validateIssuer: { allowedIssuer: 'https://api.botframework.com' },
|
|
205
|
+
validateServiceUrl: serviceUrl ? { expectedServiceUrl: serviceUrl } : undefined,
|
|
206
|
+
jwksUriOptions: {
|
|
207
|
+
type: 'uri',
|
|
208
|
+
uri: 'https://login.botframework.com/v1/.well-known/keys'
|
|
209
|
+
},
|
|
210
|
+
}, logger);
|
|
211
|
+
};
|
|
212
|
+
exports.createServiceTokenValidator = createServiceTokenValidator;
|
|
213
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiand0LXZhbGlkYXRvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9taWRkbGV3YXJlL2F1dGgvand0LXZhbGlkYXRvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSxnRUFBdUY7QUFDdkYsd0RBQTJEO0FBRTNELDBEQUFpRTtBQUVqRSxpREFBa0Q7QUFFbEQsTUFBTSxRQUFRLEdBQUc7SUFDZixjQUFjLEVBQUUsR0FBRyxDQUFDLFlBQVk7Q0FDakMsQ0FBQztBQXlDRixNQUFhLFlBQVk7SUFDUCxPQUFPLENBQXdCO0lBQzlCLE1BQU0sQ0FBVztJQUNqQixTQUFTLEdBQTRCLElBQUksR0FBRyxFQUFFLENBQUM7SUFFaEUsWUFBWSxPQUE4QixFQUFFLE1BQWdCO1FBQzFELElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxFQUFFLEtBQUssQ0FBQyxlQUFlLENBQUMsSUFBSSxJQUFJLDRCQUFhLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDckYsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLG1CQUFtQixDQUN2QixRQUFnQixFQUNoQixlQUFxRjtRQUVyRixJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDZCxNQUFNLElBQUksS0FBSyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDdkMsQ0FBQztRQUVELE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRTtZQUM3QixNQUFNLGFBQWEsR0FBc0I7Z0JBQ3ZDLFFBQVEsRUFBRTtvQkFDUixJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVE7b0JBQ3JCLFNBQVMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUU7aUJBQ2pDO2dCQUNELE1BQU0sRUFBRSxTQUFTO2dCQUNqQixnQkFBZ0IsRUFBRSxLQUFLO2dCQUN2QixVQUFVLEVBQUUsQ0FBQyxPQUFPLENBQUM7Z0JBQ3JCLGNBQWMsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsSUFBSSxRQUFRLENBQUMsY0FBYzthQUN2RSxDQUFDO1lBRUYsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsb0NBQW9DLEVBQUU7Z0JBQ3ZELFFBQVEsRUFBRSxhQUFhLENBQUMsUUFBUTtnQkFDaEMsY0FBYyxFQUFFLGFBQWEsQ0FBQyxjQUFjO2dCQUM1QyxVQUFVLEVBQUUsYUFBYSxDQUFDLFVBQVU7YUFDckMsQ0FBQyxDQUFDO1lBQ0gsc0JBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLElBQUksQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLGFBQWEsRUFBRSxDQUFDLEdBQUcsRUFBRSxPQUFPLEVBQUUsRUFBRTtnQkFDbEYsSUFBSSxHQUFHLEVBQUUsQ0FBQztvQkFDUixJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQywwQkFBMEIsRUFBRSxHQUFHLENBQUMsQ0FBQztvQkFDcEQsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNkLE9BQU87Z0JBQ1QsQ0FBQztnQkFFRCxJQUFJLENBQUMsT0FBTyxJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRSxDQUFDO29CQUM1QyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxzQ0FBc0MsRUFBRSxPQUFPLENBQUMsQ0FBQztvQkFDcEUsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNkLE9BQU87Z0JBQ1QsQ0FBQztnQkFDRCxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO2dCQUVqRCxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUM7Z0JBRXhCLElBQUksQ0FBQztvQkFDSCxJQUFJLENBQUMsd0JBQXdCLENBQUMsT0FBTyxFQUFFLGVBQWUsQ0FBQyxDQUFDO29CQUN4RCxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO29CQUMxRCxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQ25CLENBQUM7Z0JBQUMsT0FBTyxlQUFlLEVBQUUsQ0FBQztvQkFDekIsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsMkJBQTJCLEVBQUUsZUFBZSxDQUFDLENBQUM7b0JBQ2pFLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDaEIsQ0FBQztZQUNILENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRU8sYUFBYTtRQUNuQixRQUFRLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3pDLEtBQUssVUFBVTtnQkFDYixDQUFDO29CQUNDLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO29CQUNwRSxJQUFJLFlBQVksRUFBRSxDQUFDO3dCQUNqQixJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQywyQ0FBMkMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO3dCQUN2RixPQUFPLFlBQVksQ0FBQztvQkFDdEIsQ0FBQztvQkFDRCxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLEVBQUUsSUFBQSxrQkFBTyxFQUFDO3dCQUNyRCxPQUFPLEVBQUUscUNBQXFDLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxzQkFBc0I7cUJBQzFGLENBQUMsQ0FBQyxDQUFDO29CQUVKLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxDQUFFLENBQUM7Z0JBQ3pELENBQUM7WUFFSCxLQUFLLEtBQUs7Z0JBQ1IsQ0FBQztvQkFDQyxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQztvQkFDekUsSUFBSSxZQUFZLEVBQUUsQ0FBQzt3QkFDakIsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMscUNBQXFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUM7d0JBQzNGLE9BQU8sWUFBWSxDQUFDO29CQUN0QixDQUFDO29CQUNELElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLEdBQUcsRUFBRSxJQUFBLGtCQUFPLEVBQUM7d0JBQzFELE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxHQUFHO3FCQUN6QyxDQUFDLENBQUMsQ0FBQztvQkFFSixPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBRSxDQUFDO2dCQUM5RCxDQUFDO1lBQ0g7Z0JBQ0UsSUFBQSxxQkFBVyxFQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxFQUFFLGtDQUFrQyxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsRUFBRSxDQUFDLENBQUM7UUFDOUcsQ0FBQztJQUNILENBQUM7SUFFTyxhQUFhLENBQUMsTUFBaUIsRUFBRSxRQUFzQjtRQUM3RCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDeEMsVUFBVSxFQUFFLGFBQWEsQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUMsR0FBaUIsRUFBRSxHQUEyQixFQUFRLEVBQUU7WUFDN0YsSUFBSSxHQUFHLEVBQUUsQ0FBQztnQkFDUixJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyw0QkFBNEIsRUFBRSxHQUFHLENBQUMsQ0FBQztnQkFDdEQsUUFBUSxDQUFDLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQztnQkFDekIsT0FBTztZQUNULENBQUM7WUFDRCxNQUFNLFVBQVUsR0FBRyxHQUFHLEVBQUUsWUFBWSxFQUFFLENBQUM7WUFDdkMsUUFBUSxDQUFDLElBQUksRUFBRSxVQUFVLENBQUMsQ0FBQztRQUM3QixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFTyxjQUFjLENBQUMsR0FBdUI7UUFDNUMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxFQUFFLENBQUM7WUFDakMsT0FBTyxDQUFDLGtDQUFrQztRQUM1QyxDQUFDO1FBQ0QsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ1QsTUFBTSxJQUFJLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO1FBQ2hELENBQUM7UUFFRCxJQUFJLGVBQWUsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ25ELDZDQUE2QztZQUM3QyxJQUFJLEdBQUcsS0FBSyxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxhQUFhLEVBQUUsQ0FBQztnQkFDdEQsTUFBTSxJQUFJLEtBQUssQ0FBQyxpQkFBaUIsR0FBRyxvQ0FBb0MsSUFBSSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsYUFBYSxHQUFHLENBQUMsQ0FBQztZQUN4SCxDQUFDO1lBQ0QsT0FBTztRQUNULENBQUM7UUFFRCxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUMzQixPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLENBQUMsUUFBUSxFQUFFLGVBQWUsRUFBRSxXQUFXLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvRixNQUFNLGdCQUFnQixHQUFHLEVBQUUsQ0FBQztRQUM1QixJQUFJLGFBQWEsRUFBRSxDQUFDO1lBQ2xCLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDakQsMEVBQTBFO2dCQUMxRSxLQUFLLE1BQU0sUUFBUSxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLGdCQUFnQixFQUFFLENBQUM7b0JBQ3BFLElBQUksQ0FBQyxDQUFDLFFBQVEsRUFBRSxlQUFlLEVBQUUsV0FBVyxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7d0JBQ2pFLGdCQUFnQixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztvQkFDbEMsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7YUFBTSxDQUFDO1lBQ04sd0VBQXdFO1lBQ3hFLDBEQUEwRDtZQUMxRCxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvQyxDQUFDO1FBRUQsSUFBSSxnQkFBZ0IsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDbEMsT0FBTyxDQUFDLDREQUE0RDtRQUN0RSxDQUFDO2FBQU0sQ0FBQztZQUNOLHNDQUFzQztZQUN0QyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLHFDQUFxQyxRQUFRLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDM0csTUFBTSxJQUFJLEtBQUssQ0FBQyxpQkFBaUIsR0FBRyxnQ0FBZ0MsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNyRyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFTyxhQUFhLENBQUMsR0FBdUIsRUFBRSxxQkFBaUQ7UUFDOUYsTUFBTSxhQUFhLEdBQUcscUJBQXFCLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUM7UUFDMUUsSUFBSSxhQUFhLEVBQUUsQ0FBQztZQUNsQixNQUFNLE1BQU0sR0FBRyxHQUFHLElBQUksRUFBRSxDQUFDO1lBQ3pCLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDO2dCQUNsRCxNQUFNLElBQUksS0FBSyxDQUFDLGlDQUFpQyxhQUFhLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQztZQUNsRixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFTyxrQkFBa0IsQ0FBQyxVQUE4QixFQUFFLDBCQUEyRDtRQUNwSCxNQUFNLGtCQUFrQixHQUFHLDBCQUEwQixJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsa0JBQWtCLENBQUM7UUFDekYsSUFBSSxrQkFBa0IsRUFBRSxDQUFDO1lBQ3ZCLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDaEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1lBQ3BELENBQUM7WUFFRCxNQUFNLGtCQUFrQixHQUFHLFVBQVUsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3ZFLE1BQU0scUJBQXFCLEdBQUcsa0JBQWtCLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUVyRyxJQUFJLGtCQUFrQixLQUFLLHFCQUFxQixFQUFFLENBQUM7Z0JBQ2pELE1BQU0sSUFBSSxLQUFLLENBQUMsZ0NBQWdDLGtCQUFrQixlQUFlLHFCQUFxQixFQUFFLENBQUMsQ0FBQztZQUM1RyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFTyx3QkFBd0IsQ0FDOUIsT0FBbUIsRUFDbkIsZUFBcUY7UUFFckYsSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDakMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLGVBQWUsRUFBRSxhQUFhLENBQUMsQ0FBQztRQUNoRSxJQUFJLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLFVBQVUsRUFBRSxlQUFlLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztJQUNuRixDQUFDO0NBQ0Y7QUFsTUQsb0NBa01DO0FBRUQseUNBQXlDO0FBQ2xDLE1BQU0seUJBQXlCLEdBQUcsQ0FDdkMsUUFBZ0IsRUFDaEIsUUFBZ0IsRUFDaEIsT0FJQyxFQUNELEVBQUU7SUFDRixPQUFPLElBQUksWUFBWSxDQUFDO1FBQ3RCLFFBQVE7UUFDUixRQUFRO1FBQ1IsY0FBYyxFQUFFO1lBQ2QsZ0JBQWdCLEVBQUUsT0FBTyxFQUFFLGdCQUFnQjtTQUM1QztRQUNELGFBQWEsRUFBRSxPQUFPLEVBQUUsYUFBYSxDQUFDLENBQUMsQ0FBQyxFQUFFLGFBQWEsRUFBRSxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDNUYsY0FBYyxFQUFFO1lBQ2QsSUFBSSxFQUFFLFVBQVU7U0FDakI7S0FDRixFQUFFLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztBQUN0QixDQUFDLENBQUM7QUFwQlcsUUFBQSx5QkFBeUIsNkJBb0JwQztBQUVLLE1BQU0sMkJBQTJCLEdBQUcsQ0FDekMsS0FBYSxFQUNiLFFBQWlCLEVBQ2pCLFVBQW1CLEVBQ25CLE1BQWdCLEVBQ2hCLEVBQUU7SUFDRixPQUFPLElBQUksWUFBWSxDQUFDO1FBQ3RCLFFBQVEsRUFBRSxLQUFLO1FBQ2YsUUFBUTtRQUNSLGNBQWMsRUFBRSxFQUFFLGFBQWEsRUFBRSw4QkFBOEIsRUFBRTtRQUNqRSxrQkFBa0IsRUFBRSxVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQUUsa0JBQWtCLEVBQUUsVUFBVSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDL0UsY0FBYyxFQUFFO1lBQ2QsSUFBSSxFQUFFLEtBQUs7WUFDWCxHQUFHLEVBQUUsb0RBQW9EO1NBQzFEO0tBQ0YsRUFBRSxNQUFNLENBQUMsQ0FBQztBQUNiLENBQUMsQ0FBQztBQWhCVyxRQUFBLDJCQUEyQiwrQkFnQnRDIn0=
|
package/dist/middleware/index.js
CHANGED
|
@@ -17,6 +17,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
17
17
|
exports.EntraTokenValidator = void 0;
|
|
18
18
|
var entra_token_validator_1 = require("./entra-token-validator");
|
|
19
19
|
Object.defineProperty(exports, "EntraTokenValidator", { enumerable: true, get: function () { return entra_token_validator_1.EntraTokenValidator; } });
|
|
20
|
+
__exportStar(require("./jwt-validation-middleware"), exports);
|
|
20
21
|
__exportStar(require("./strip-mentions-text"), exports);
|
|
21
22
|
__exportStar(require("./with-client-auth"), exports);
|
|
22
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
23
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbWlkZGxld2FyZS9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLGlFQUE4RDtBQUFyRCw0SEFBQSxtQkFBbUIsT0FBQTtBQUM1Qiw4REFBNEM7QUFDNUMsd0RBQXNDO0FBQ3RDLHFEQUFtQyJ9
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import express from 'express';
|
|
2
|
+
import { Credentials, IToken } from '@microsoft/teams.api';
|
|
3
|
+
import { ILogger } from '@microsoft/teams.common';
|
|
4
|
+
export type JwtValidationParams = {
|
|
5
|
+
credentials?: Credentials;
|
|
6
|
+
logger: ILogger;
|
|
7
|
+
};
|
|
8
|
+
export type JwtValidatedRequest = express.Request & {
|
|
9
|
+
validatedToken?: IToken;
|
|
10
|
+
};
|
|
11
|
+
export declare function withJwtValidation(params: JwtValidationParams): (req: JwtValidatedRequest, res: express.Response, next: express.NextFunction) => Promise<void>;
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.withJwtValidation = withJwtValidation;
|
|
4
|
+
const teams_api_1 = require("@microsoft/teams.api");
|
|
5
|
+
const teams_common_1 = require("@microsoft/teams.common");
|
|
6
|
+
const jwt_validator_1 = require("./auth/jwt-validator");
|
|
7
|
+
function withJwtValidation(params) {
|
|
8
|
+
const { credentials, logger: inputLogger } = params;
|
|
9
|
+
const logger = inputLogger?.child('jwt-validation-middleware') ?? new teams_common_1.ConsoleLogger('jwt-validation-middleware');
|
|
10
|
+
// Create service token validator if credentials are provided
|
|
11
|
+
let serviceTokenValidator;
|
|
12
|
+
if (credentials?.clientId) {
|
|
13
|
+
serviceTokenValidator = (0, jwt_validator_1.createServiceTokenValidator)(credentials.clientId, credentials.tenantId, undefined, logger);
|
|
14
|
+
}
|
|
15
|
+
else {
|
|
16
|
+
logger.debug('No credentials provided, skipping service token validation');
|
|
17
|
+
serviceTokenValidator = null;
|
|
18
|
+
}
|
|
19
|
+
return async (req, res, next) => {
|
|
20
|
+
const authorization = req.headers.authorization?.replace('Bearer ', '');
|
|
21
|
+
if (!authorization) {
|
|
22
|
+
res.status(401).send('unauthorized');
|
|
23
|
+
return;
|
|
24
|
+
}
|
|
25
|
+
if (!serviceTokenValidator) {
|
|
26
|
+
logger.debug('No service token validator configured, skipping validation');
|
|
27
|
+
next();
|
|
28
|
+
return;
|
|
29
|
+
}
|
|
30
|
+
const activity = req.body;
|
|
31
|
+
// Use cached validator with per-request service URL validation
|
|
32
|
+
const validationResult = await serviceTokenValidator.validateAccessToken(authorization, activity.serviceUrl ? {
|
|
33
|
+
validateServiceUrl: { expectedServiceUrl: activity.serviceUrl }
|
|
34
|
+
} : undefined);
|
|
35
|
+
if (validationResult) {
|
|
36
|
+
logger.debug(`validated service token for activity ${activity.id}`);
|
|
37
|
+
// Store the validated token in the request for use in subsequent handlers
|
|
38
|
+
req.validatedToken = new teams_api_1.JsonWebToken(authorization);
|
|
39
|
+
next();
|
|
40
|
+
}
|
|
41
|
+
else {
|
|
42
|
+
res.status(401).send('Invalid token');
|
|
43
|
+
}
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiand0LXZhbGlkYXRpb24tbWlkZGxld2FyZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9taWRkbGV3YXJlL2p3dC12YWxpZGF0aW9uLW1pZGRsZXdhcmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFnQkEsOENBbURDO0FBakVELG9EQUFtRjtBQUNuRiwwREFBaUU7QUFFakUsd0RBQWlGO0FBV2pGLFNBQWdCLGlCQUFpQixDQUFDLE1BQTJCO0lBQzNELE1BQU0sRUFBRSxXQUFXLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sQ0FBQztJQUNwRCxNQUFNLE1BQU0sR0FBRyxXQUFXLEVBQUUsS0FBSyxDQUFDLDJCQUEyQixDQUFDLElBQUksSUFBSSw0QkFBYSxDQUFDLDJCQUEyQixDQUFDLENBQUM7SUFFakgsNkRBQTZEO0lBQzdELElBQUkscUJBQTBDLENBQUM7SUFDL0MsSUFBSSxXQUFXLEVBQUUsUUFBUSxFQUFFLENBQUM7UUFDMUIscUJBQXFCLEdBQUcsSUFBQSwyQ0FBMkIsRUFDakQsV0FBVyxDQUFDLFFBQVEsRUFDcEIsV0FBVyxDQUFDLFFBQVEsRUFDcEIsU0FBUyxFQUNULE1BQU0sQ0FDUCxDQUFDO0lBQ0osQ0FBQztTQUFNLENBQUM7UUFDTixNQUFNLENBQUMsS0FBSyxDQUFDLDREQUE0RCxDQUFDLENBQUM7UUFDM0UscUJBQXFCLEdBQUcsSUFBSSxDQUFDO0lBQy9CLENBQUM7SUFFRCxPQUFPLEtBQUssRUFDVixHQUF3QixFQUN4QixHQUFxQixFQUNyQixJQUEwQixFQUMxQixFQUFFO1FBQ0YsTUFBTSxhQUFhLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUV4RSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDbkIsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUM7WUFDckMsT0FBTztRQUNULENBQUM7UUFFRCxJQUFJLENBQUMscUJBQXFCLEVBQUUsQ0FBQztZQUMzQixNQUFNLENBQUMsS0FBSyxDQUFDLDREQUE0RCxDQUFDLENBQUM7WUFDM0UsSUFBSSxFQUFFLENBQUM7WUFDUCxPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFhLEdBQUcsQ0FBQyxJQUFJLENBQUM7UUFDcEMsK0RBQStEO1FBQy9ELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxxQkFBcUIsQ0FBQyxtQkFBbUIsQ0FBQyxhQUFhLEVBQUUsUUFBUSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7WUFDNUcsa0JBQWtCLEVBQUUsRUFBRSxrQkFBa0IsRUFBRSxRQUFRLENBQUMsVUFBVSxFQUFFO1NBQ2hFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRWYsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sQ0FBQyxLQUFLLENBQUMsd0NBQXdDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ3BFLDBFQUEwRTtZQUMxRSxHQUFHLENBQUMsY0FBYyxHQUFHLElBQUksd0JBQVksQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUNyRCxJQUFJLEVBQUUsQ0FBQztRQUNULENBQUM7YUFBTSxDQUFDO1lBQ04sR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUM7UUFDeEMsQ0FBQztJQUNILENBQUMsQ0FBQztBQUNKLENBQUMifQ==
|
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
import http from 'http';
|
|
2
2
|
import express from 'express';
|
|
3
|
-
import { ActivityParams, ConversationReference, IToken } from '@microsoft/teams.api';
|
|
3
|
+
import { ActivityParams, ConversationReference, Credentials, IToken } from '@microsoft/teams.api';
|
|
4
4
|
import { ILogger } from '@microsoft/teams.common';
|
|
5
5
|
import * as $http from '@microsoft/teams.common/http';
|
|
6
6
|
import { IActivityEvent, IErrorEvent } from '../../events';
|
|
7
7
|
import { Manifest } from '../../manifest';
|
|
8
|
+
import { JwtValidatedRequest } from '../../middleware/jwt-validation-middleware';
|
|
8
9
|
import { IPluginActivityResponseEvent, IPluginErrorEvent, IPluginStartEvent, ISender, IStreamer } from '../../types';
|
|
9
10
|
/**
|
|
10
11
|
* Can send/receive activities via http
|
|
@@ -13,6 +14,7 @@ export declare class HttpPlugin implements ISender {
|
|
|
13
14
|
readonly logger: ILogger;
|
|
14
15
|
readonly client: $http.Client;
|
|
15
16
|
readonly manifest: Partial<Manifest>;
|
|
17
|
+
readonly credentials?: Credentials;
|
|
16
18
|
readonly botToken?: () => IToken;
|
|
17
19
|
readonly graphToken?: () => IToken;
|
|
18
20
|
readonly $onError: (event: IErrorEvent) => void;
|
|
@@ -30,13 +32,17 @@ export declare class HttpPlugin implements ISender {
|
|
|
30
32
|
protected _port?: number;
|
|
31
33
|
protected express: express.Application;
|
|
32
34
|
protected pending: Record<string, express.Response>;
|
|
33
|
-
|
|
35
|
+
protected skipAuth: boolean;
|
|
36
|
+
constructor(server?: http.Server, options?: {
|
|
37
|
+
skipAuth?: boolean;
|
|
38
|
+
});
|
|
34
39
|
/**
|
|
35
40
|
* serve static files
|
|
36
41
|
* @param path the url path to serve
|
|
37
42
|
* @param dist the dist file path to serve
|
|
38
43
|
*/
|
|
39
44
|
static(path: string, dist: string): this;
|
|
45
|
+
onInit(): void;
|
|
40
46
|
onStart({ port }: IPluginStartEvent): Promise<void>;
|
|
41
47
|
onStop(): void;
|
|
42
48
|
onError({ error, activity }: IPluginErrorEvent): void;
|
|
@@ -982,5 +988,5 @@ export declare class HttpPlugin implements ISender {
|
|
|
982
988
|
* @param req the incoming http request
|
|
983
989
|
* @param res the http response
|
|
984
990
|
*/
|
|
985
|
-
protected onRequest(req:
|
|
991
|
+
protected onRequest(req: JwtValidatedRequest, res: express.Response, _next: express.NextFunction): Promise<void>;
|
|
986
992
|
}
|
|
@@ -52,6 +52,7 @@ const express_1 = __importDefault(require("express"));
|
|
|
52
52
|
const teams_api_1 = require("@microsoft/teams.api");
|
|
53
53
|
const $http = __importStar(require("@microsoft/teams.common/http"));
|
|
54
54
|
const package_json_1 = __importDefault(require("../../../package.json"));
|
|
55
|
+
const jwt_validation_middleware_1 = require("../../middleware/jwt-validation-middleware");
|
|
55
56
|
const types_1 = require("../../types");
|
|
56
57
|
const stream_1 = require("./stream");
|
|
57
58
|
/**
|
|
@@ -61,6 +62,7 @@ let HttpPlugin = class HttpPlugin {
|
|
|
61
62
|
logger;
|
|
62
63
|
client;
|
|
63
64
|
manifest;
|
|
65
|
+
credentials;
|
|
64
66
|
botToken;
|
|
65
67
|
graphToken;
|
|
66
68
|
$onError;
|
|
@@ -82,7 +84,9 @@ let HttpPlugin = class HttpPlugin {
|
|
|
82
84
|
_port;
|
|
83
85
|
express;
|
|
84
86
|
pending = {};
|
|
85
|
-
|
|
87
|
+
skipAuth;
|
|
88
|
+
constructor(server, options) {
|
|
89
|
+
this.skipAuth = options?.skipAuth ?? false;
|
|
86
90
|
this.express = (0, express_1.default)();
|
|
87
91
|
this._server = server || http_1.default.createServer();
|
|
88
92
|
this._server.on('request', this.express);
|
|
@@ -95,7 +99,6 @@ let HttpPlugin = class HttpPlugin {
|
|
|
95
99
|
this.use = this.express.use.bind(this.express);
|
|
96
100
|
this.express.use((0, cors_1.default)());
|
|
97
101
|
this.express.use('/api*', express_1.default.json());
|
|
98
|
-
this.express.post('/api/messages', this.onRequest.bind(this));
|
|
99
102
|
}
|
|
100
103
|
/**
|
|
101
104
|
* serve static files
|
|
@@ -106,6 +109,18 @@ let HttpPlugin = class HttpPlugin {
|
|
|
106
109
|
this.express.use(path, express_1.default.static(dist));
|
|
107
110
|
return this;
|
|
108
111
|
}
|
|
112
|
+
onInit() {
|
|
113
|
+
const messageHandlers = [this.onRequest.bind(this)];
|
|
114
|
+
if (!this.skipAuth) {
|
|
115
|
+
// Setup /api/messages route with JWT validation middleware
|
|
116
|
+
const jwtMiddleware = (0, jwt_validation_middleware_1.withJwtValidation)({
|
|
117
|
+
credentials: this.credentials,
|
|
118
|
+
logger: this.logger
|
|
119
|
+
});
|
|
120
|
+
messageHandlers.unshift(jwtMiddleware);
|
|
121
|
+
}
|
|
122
|
+
this.express.post('/api/messages', ...messageHandlers);
|
|
123
|
+
}
|
|
109
124
|
async onStart({ port }) {
|
|
110
125
|
this._port = port;
|
|
111
126
|
this.express.get('/', (_, res) => {
|
|
@@ -176,21 +191,20 @@ let HttpPlugin = class HttpPlugin {
|
|
|
176
191
|
* @param res the http response
|
|
177
192
|
*/
|
|
178
193
|
async onRequest(req, res, _next) {
|
|
179
|
-
const authorization = req.headers.authorization?.replace('Bearer ', '');
|
|
180
|
-
if (!authorization && process.env.NODE_ENV !== 'local') {
|
|
181
|
-
res.status(401).send('unauthorized');
|
|
182
|
-
return;
|
|
183
|
-
}
|
|
184
194
|
const activity = req.body;
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
195
|
+
let token;
|
|
196
|
+
if (req.validatedToken) {
|
|
197
|
+
token = req.validatedToken;
|
|
198
|
+
}
|
|
199
|
+
else {
|
|
200
|
+
token = {
|
|
188
201
|
appId: '',
|
|
189
202
|
from: 'azure',
|
|
190
203
|
fromId: '',
|
|
191
204
|
serviceUrl: activity.serviceUrl || '',
|
|
192
205
|
isExpired: () => false,
|
|
193
206
|
};
|
|
207
|
+
}
|
|
194
208
|
this.pending[activity.id] = res;
|
|
195
209
|
this.$onActivity({
|
|
196
210
|
sender: this,
|
|
@@ -212,6 +226,10 @@ __decorate([
|
|
|
212
226
|
(0, types_1.Dependency)(),
|
|
213
227
|
__metadata("design:type", Object)
|
|
214
228
|
], HttpPlugin.prototype, "manifest", void 0);
|
|
229
|
+
__decorate([
|
|
230
|
+
(0, types_1.Dependency)({ optional: true }),
|
|
231
|
+
__metadata("design:type", Object)
|
|
232
|
+
], HttpPlugin.prototype, "credentials", void 0);
|
|
215
233
|
__decorate([
|
|
216
234
|
(0, types_1.Dependency)({ optional: true }),
|
|
217
235
|
__metadata("design:type", Function)
|
|
@@ -234,6 +252,6 @@ exports.HttpPlugin = HttpPlugin = __decorate([
|
|
|
234
252
|
version: package_json_1.default.version,
|
|
235
253
|
description: 'the default plugin for sending/receiving activities',
|
|
236
254
|
}),
|
|
237
|
-
__metadata("design:paramtypes", [http_1.default.Server])
|
|
255
|
+
__metadata("design:paramtypes", [http_1.default.Server, Object])
|
|
238
256
|
], HttpPlugin);
|
|
239
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
257
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGx1Z2luLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3BsdWdpbnMvaHR0cC9wbHVnaW4udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsZ0RBQXdCO0FBRXhCLGdEQUF3QjtBQUN4QixzREFBOEI7QUFFOUIsb0RBTzhCO0FBRzlCLG9FQUFzRDtBQUV0RCx5RUFBd0M7QUFHeEMsMEZBQW9HO0FBQ3BHLHVDQVVxQjtBQUdyQixxQ0FBc0M7QUFFdEM7O0dBRUc7QUFNSSxJQUFNLFVBQVUsR0FBaEIsTUFBTSxVQUFVO0lBRVosTUFBTSxDQUFXO0lBR2pCLE1BQU0sQ0FBZ0I7SUFHdEIsUUFBUSxDQUFxQjtJQUc3QixXQUFXLENBQWU7SUFHMUIsUUFBUSxDQUFnQjtJQUd4QixVQUFVLENBQWdCO0lBRzFCLFFBQVEsQ0FBZ0M7SUFHeEMsV0FBVyxDQUFtQztJQUU5QyxHQUFHLENBQTZCO0lBQ2hDLElBQUksQ0FBOEI7SUFDbEMsS0FBSyxDQUErQjtJQUNwQyxHQUFHLENBQTZCO0lBQ2hDLE1BQU0sQ0FBZ0M7SUFDdEMsS0FBSyxDQUErQjtJQUNwQyxHQUFHLENBQTZCO0lBRXpDLElBQUksTUFBTTtRQUNSLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQztJQUN0QixDQUFDO0lBQ1MsT0FBTyxDQUFjO0lBRS9CLElBQUksSUFBSTtRQUNOLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQztJQUNwQixDQUFDO0lBQ1MsS0FBSyxDQUFVO0lBRWYsT0FBTyxDQUFzQjtJQUM3QixPQUFPLEdBQXFDLEVBQUUsQ0FBQztJQUMvQyxRQUFRLENBQVU7SUFFNUIsWUFBWSxNQUFvQixFQUFFLE9BQWdDO1FBQ2hFLElBQUksQ0FBQyxRQUFRLEdBQUcsT0FBTyxFQUFFLFFBQVEsSUFBSSxLQUFLLENBQUM7UUFDM0MsSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFBLGlCQUFPLEdBQUUsQ0FBQztRQUN6QixJQUFJLENBQUMsT0FBTyxHQUFHLE1BQU0sSUFBSSxjQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDN0MsSUFBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsU0FBUyxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN6QyxJQUFJLENBQUMsR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDL0MsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2pELElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNuRCxJQUFJLENBQUMsR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDL0MsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3JELElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNuRCxJQUFJLENBQUMsR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFL0MsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBQSxjQUFJLEdBQUUsQ0FBQyxDQUFDO1FBQ3pCLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxpQkFBTyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxNQUFNLENBQUMsSUFBWSxFQUFFLElBQVk7UUFDL0IsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxFQUFFLGlCQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7UUFDN0MsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQsTUFBTTtRQUNKLE1BQU0sZUFBZSxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUNwRCxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ25CLDJEQUEyRDtZQUMzRCxNQUFNLGFBQWEsR0FBRyxJQUFBLDZDQUFpQixFQUFDO2dCQUN0QyxXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVc7Z0JBQzdCLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTthQUNwQixDQUFDLENBQUM7WUFDSCxlQUFlLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3pDLENBQUM7UUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxlQUFlLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQsS0FBSyxDQUFDLE9BQU8sQ0FBQyxFQUFFLElBQUksRUFBcUI7UUFDdkMsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUM7UUFFbEIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUMsQ0FBQyxFQUFFLEdBQUcsRUFBRSxFQUFFO1lBQy9CLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzFCLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxNQUFNLElBQUksT0FBTyxDQUFPLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO1lBQ2pELElBQUksQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFO2dCQUMvQixJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsS0FBSyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7Z0JBQzlCLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUNkLENBQUMsQ0FBQyxDQUFDO1lBRUgsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLEdBQUcsRUFBRTtnQkFDN0IsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMscUJBQXFCLElBQUksS0FBSyxDQUFDLENBQUM7Z0JBQ2pELE9BQU8sRUFBRSxDQUFDO1lBQ1osQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxNQUFNO1FBQ0osSUFBSSxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUN2QixDQUFDO0lBRUQsT0FBTyxDQUFDLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBcUI7UUFDNUMsSUFBSSxDQUFDLFFBQVE7WUFBRSxPQUFPO1FBQ3RCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRXRDLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNULE9BQU87UUFDVCxDQUFDO1FBRUQsSUFBSSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNyQixHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEMsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVELGtCQUFrQixDQUFDLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBZ0M7UUFDckUsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7UUFFdEMsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ1QsT0FBTztRQUNULENBQUM7UUFFRCxJQUFJLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JCLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLE1BQU0sSUFBSSxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxDQUFDLENBQUM7UUFDakYsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDbkMsQ0FBQztJQUVELEtBQUssQ0FBQyxJQUFJLENBQUMsUUFBd0IsRUFBRSxHQUEwQjtRQUM3RCxNQUFNLEdBQUcsR0FBRyxJQUFJLGtCQUFNLENBQ3BCLEdBQUcsQ0FBQyxVQUFVLEVBQ2QsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUM7WUFDaEIsS0FBSyxFQUFFLElBQUksQ0FBQyxRQUFRO1NBQ3JCLENBQUMsQ0FDSCxDQUFDO1FBRUYsUUFBUSxHQUFHO1lBQ1QsR0FBRyxRQUFRO1lBQ1gsSUFBSSxFQUFFLEdBQUcsQ0FBQyxHQUFHO1lBQ2IsWUFBWSxFQUFFLEdBQUcsQ0FBQyxZQUFZO1NBQy9CLENBQUM7UUFFRixJQUFJLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNoQixNQUFNLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxhQUFhO2lCQUNoQyxVQUFVLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7aUJBQy9CLE1BQU0sQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBQ2pDLE9BQU8sRUFBRSxHQUFHLFFBQVEsRUFBRSxHQUFHLEdBQUcsRUFBRSxDQUFDO1FBQ2pDLENBQUM7UUFFRCxNQUFNLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3JGLE9BQU8sRUFBRSxHQUFHLFFBQVEsRUFBRSxHQUFHLEdBQUcsRUFBRSxDQUFDO0lBQ2pDLENBQUM7SUFFRCxZQUFZLENBQUMsR0FBMEI7UUFDckMsT0FBTyxJQUFJLG1CQUFVLENBQ25CLElBQUksa0JBQU0sQ0FDUixHQUFHLENBQUMsVUFBVSxFQUNkLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDO1lBQ2hCLEtBQUssRUFBRSxJQUFJLENBQUMsUUFBUTtTQUNyQixDQUFDLENBQ0gsRUFDRCxHQUFHLEVBQ0gsSUFBSSxDQUFDLE1BQU0sQ0FDWixDQUFDO0lBQ0osQ0FBQztJQUNEOzs7O09BSUc7SUFDTyxLQUFLLENBQUMsU0FBUyxDQUN2QixHQUF3QixFQUN4QixHQUFxQixFQUNyQixLQUEyQjtRQUUzQixNQUFNLFFBQVEsR0FBYSxHQUFHLENBQUMsSUFBSSxDQUFDO1FBQ3BDLElBQUksS0FBeUIsQ0FBQztRQUM5QixJQUFJLEdBQUcsQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUN2QixLQUFLLEdBQUcsR0FBRyxDQUFDLGNBQWMsQ0FBQztRQUM3QixDQUFDO2FBQU0sQ0FBQztZQUNOLEtBQUssR0FBRztnQkFDTixLQUFLLEVBQUUsRUFBRTtnQkFDVCxJQUFJLEVBQUUsT0FBTztnQkFDYixNQUFNLEVBQUUsRUFBRTtnQkFDVixVQUFVLEVBQUUsUUFBUSxDQUFDLFVBQVUsSUFBSSxFQUFFO2dCQUNyQyxTQUFTLEVBQUUsR0FBRyxFQUFFLENBQUMsS0FBSzthQUN2QixDQUFDO1FBQ0osQ0FBQztRQUVELElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxHQUFHLEdBQUcsQ0FBQztRQUNoQyxJQUFJLENBQUMsV0FBVyxDQUFDO1lBQ2YsTUFBTSxFQUFFLElBQUk7WUFDWixRQUFRO1lBQ1IsS0FBSztTQUNOLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRixDQUFBO0FBaE5ZLGdDQUFVO0FBRVo7SUFEUixJQUFBLGNBQU0sR0FBRTs7MENBQ2lCO0FBR2pCO0lBRFIsSUFBQSxrQkFBVSxHQUFFOzhCQUNLLEtBQUssQ0FBQyxNQUFNOzBDQUFDO0FBR3RCO0lBRFIsSUFBQSxrQkFBVSxHQUFFOzs0Q0FDeUI7QUFHN0I7SUFEUixJQUFBLGtCQUFVLEVBQUMsRUFBRSxRQUFRLEVBQUUsSUFBSSxFQUFFLENBQUM7OytDQUNJO0FBRzFCO0lBRFIsSUFBQSxrQkFBVSxFQUFDLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBRSxDQUFDOzs0Q0FDRTtBQUd4QjtJQURSLElBQUEsa0JBQVUsRUFBQyxFQUFFLFFBQVEsRUFBRSxJQUFJLEVBQUUsQ0FBQzs7OENBQ0k7QUFHMUI7SUFEUixJQUFBLGFBQUssRUFBQyxPQUFPLENBQUM7OzRDQUNrQztBQUd4QztJQURSLElBQUEsYUFBSyxFQUFDLFVBQVUsQ0FBQzs7K0NBQ3FDO3FCQXZCNUMsVUFBVTtJQUx0QixJQUFBLGNBQU0sRUFBQztRQUNOLElBQUksRUFBRSxNQUFNO1FBQ1osT0FBTyxFQUFFLHNCQUFHLENBQUMsT0FBTztRQUNwQixXQUFXLEVBQUUscURBQXFEO0tBQ25FLENBQUM7cUNBZ0RxQixjQUFJLENBQUMsTUFBTTtHQS9DckIsVUFBVSxDQWdOdEIifQ==
|
|
@@ -15,6 +15,7 @@ export declare class HttpStream implements IStreamer {
|
|
|
15
15
|
private _result?;
|
|
16
16
|
private _timeout?;
|
|
17
17
|
private _logger;
|
|
18
|
+
private _flushing;
|
|
18
19
|
constructor(client: Client, ref: ConversationReference, logger?: ILogger);
|
|
19
20
|
emit(activity: Partial<IMessageActivity> | string): void;
|
|
20
21
|
close(): Promise<SentActivity | undefined>;
|