@monocloud/auth-core 0.1.8 → 0.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +1 -1
- package/dist/{types-txr_P9Iq.d.mts → types-BVOv1R0s.d.mts} +5 -5
- package/dist/utils/index.d.mts +1 -1
- package/dist/utils/internal.cjs +1 -1
- package/dist/utils/internal.cjs.map +1 -1
- package/dist/utils/internal.d.mts +1 -1
- package/dist/utils/internal.mjs +1 -1
- package/dist/utils/internal.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { A as PushedAuthorizationParams, B as ValidateJwtAccessTokenOptions, C as MonoCloudOidcBackendClientOptions, D as OnSessionCreating, E as MonoCloudUser, F as ResponseTypes, I as SecurityAlgorithms, L as TokenValidationOptionsBase, M as RefreshGrantOptions, N as RefreshSessionOptions, O as ParResponse, P as ResponseModes, R as Tokens, S as MonoCloudClientOptionsBase, T as MonoCloudSession, _ as IssuerMetadata, a as AuthenticateOptions, b as JwsHeaderParameters, c as CallbackParams, d as DisplayOptions, f as EndSessionParameters, g as IsUserInGroupOptions, h as IntrospectOptions, i as AuthState, j as RefetchUserInfoOptions, k as Prompt, l as ClientAuthMethod, m as IdTokenClaims, n as AccessTokenClaims, o as Authenticators, p as Group, r as Address, s as AuthorizationParams, t as AccessToken, u as CodeChallengeMethod, v as Jwk, w as MonoCloudOidcClientOptions, x as JwtClaims, y as Jwks, z as UserinfoResponse } from "./types-
|
|
1
|
+
import { A as PushedAuthorizationParams, B as ValidateJwtAccessTokenOptions, C as MonoCloudOidcBackendClientOptions, D as OnSessionCreating, E as MonoCloudUser, F as ResponseTypes, I as SecurityAlgorithms, L as TokenValidationOptionsBase, M as RefreshGrantOptions, N as RefreshSessionOptions, O as ParResponse, P as ResponseModes, R as Tokens, S as MonoCloudClientOptionsBase, T as MonoCloudSession, _ as IssuerMetadata, a as AuthenticateOptions, b as JwsHeaderParameters, c as CallbackParams, d as DisplayOptions, f as EndSessionParameters, g as IsUserInGroupOptions, h as IntrospectOptions, i as AuthState, j as RefetchUserInfoOptions, k as Prompt, l as ClientAuthMethod, m as IdTokenClaims, n as AccessTokenClaims, o as Authenticators, p as Group, r as Address, s as AuthorizationParams, t as AccessToken, u as CodeChallengeMethod, v as Jwk, w as MonoCloudOidcClientOptions, x as JwtClaims, y as Jwks, z as UserinfoResponse } from "./types-BVOv1R0s.mjs";
|
|
2
2
|
|
|
3
3
|
//#region src/errors/monocloud-auth-base-error.d.ts
|
|
4
4
|
/**
|
|
@@ -628,10 +628,6 @@ interface JwtClaims {
|
|
|
628
628
|
* Not-before time (Unix epoch seconds).
|
|
629
629
|
*/
|
|
630
630
|
nbf?: number;
|
|
631
|
-
/**
|
|
632
|
-
* JWT ID (unique identifier for the token).
|
|
633
|
-
*/
|
|
634
|
-
jti?: string;
|
|
635
631
|
/**
|
|
636
632
|
* Additional custom or provider-specific claims.
|
|
637
633
|
*/
|
|
@@ -690,6 +686,10 @@ interface AccessTokenClaims extends JwtClaims {
|
|
|
690
686
|
* Client ID of the application the token was issued to.
|
|
691
687
|
*/
|
|
692
688
|
client_id?: string;
|
|
689
|
+
/**
|
|
690
|
+
* JWT ID (unique identifier for the token).
|
|
691
|
+
*/
|
|
692
|
+
jti?: string;
|
|
693
693
|
}
|
|
694
694
|
/**
|
|
695
695
|
* OAuth 2.0 / OpenID Connect token endpoint response.
|
|
@@ -1391,4 +1391,4 @@ interface ValidateJwtAccessTokenOptions extends TokenValidationOptionsBase {
|
|
|
1391
1391
|
interface IntrospectOptions extends TokenValidationOptionsBase {}
|
|
1392
1392
|
//#endregion
|
|
1393
1393
|
export { PushedAuthorizationParams as A, ValidateJwtAccessTokenOptions as B, MonoCloudOidcBackendClientOptions as C, OnSessionCreating as D, MonoCloudUser as E, ResponseTypes as F, SecurityAlgorithms as I, TokenValidationOptionsBase as L, RefreshGrantOptions as M, RefreshSessionOptions as N, ParResponse as O, ResponseModes as P, Tokens as R, MonoCloudClientOptionsBase as S, MonoCloudSession as T, IssuerMetadata as _, AuthenticateOptions as a, JwsHeaderParameters as b, CallbackParams as c, DisplayOptions as d, EndSessionParameters as f, IsUserInGroupOptions as g, IntrospectOptions as h, AuthState as i, RefetchUserInfoOptions as j, Prompt as k, ClientAuthMethod as l, IdTokenClaims as m, AccessTokenClaims as n, Authenticators as o, Group as p, Address as r, AuthorizationParams as s, AccessToken as t, CodeChallengeMethod as u, Jwk as v, MonoCloudOidcClientOptions as w, JwtClaims as x, Jwks as y, UserinfoResponse as z };
|
|
1394
|
-
//# sourceMappingURL=types-
|
|
1394
|
+
//# sourceMappingURL=types-BVOv1R0s.d.mts.map
|
package/dist/utils/index.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { E as MonoCloudUser, T as MonoCloudSession, c as CallbackParams, i as AuthState, m as IdTokenClaims } from "../types-
|
|
1
|
+
import { E as MonoCloudUser, T as MonoCloudSession, c as CallbackParams, i as AuthState, m as IdTokenClaims } from "../types-BVOv1R0s.mjs";
|
|
2
2
|
|
|
3
3
|
//#region src/utils/index.d.ts
|
|
4
4
|
/**
|
package/dist/utils/internal.cjs
CHANGED
|
@@ -166,7 +166,7 @@ const arrayBufferToBase64 = (buffer) => {
|
|
|
166
166
|
*
|
|
167
167
|
* @returns The current timestamp.
|
|
168
168
|
*/
|
|
169
|
-
const now = () => Math.
|
|
169
|
+
const now = () => Math.floor(Date.now() / 1e3);
|
|
170
170
|
const SUPPORTED_JWS_ALGS = [
|
|
171
171
|
"RS256",
|
|
172
172
|
"RS384",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal.cjs","names":[],"sources":["../../src/utils/internal.ts"],"sourcesContent":["import type {\n AccessToken,\n IdTokenClaims,\n Jwk,\n MonoCloudUser,\n SecurityAlgorithms,\n JwsHeaderParameters,\n} from '../types';\n\n/**\n * @ignore\n * Converts a string to a Base64URL encoded string.\n *\n * @param input - The string to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const toB64Url = (input: string): string =>\n input.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\n/**\n * @ignore\n * Parses a string value into a boolean.\n *\n * @param value - The string value to parse.\n *\n * @returns `true` if \"true\", `false` if \"false\", otherwise `undefined`.\n */\nexport const getBoolean = (value?: string): boolean | undefined => {\n const v = value?.toLowerCase()?.trim();\n\n if (v === 'true') {\n return true;\n }\n\n if (v === 'false') {\n return false;\n }\n\n return undefined;\n};\n\n/**\n * @ignore\n * Parses a string value into a number.\n *\n * @param value - The string value to parse.\n *\n * @returns The parsed number, or `undefined` if empty or invalid.\n */\nexport const getNumber = (value?: string): number | undefined => {\n const v = value?.trim();\n\n if (v === undefined || v.length === 0) {\n return undefined;\n }\n\n const p = parseInt(v, 10);\n\n return Number.isNaN(p) ? undefined : p;\n};\n\n/**\n * @ignore\n * Ensures that a string has a leading forward slash.\n *\n * @param val - The string to check.\n *\n * @returns The string with a leading slash.\n */\nexport const ensureLeadingSlash = (val?: string): string => {\n const v = val?.trim();\n\n if (!v) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return v!;\n }\n\n return v.startsWith('/') ? v : `/${v}`;\n};\n\n/**\n * @ignore\n * Removes a trailing forward slash from a string.\n *\n * @param val - The string to check.\n *\n * @returns The string without a trailing slash.\n */\nexport const removeTrailingSlash = (val?: string): string => {\n const v = val?.trim();\n\n if (!v) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return v!;\n }\n\n return v.endsWith('/') ? v.substring(0, v.length - 1) : v;\n};\n\n/**\n * @ignore\n * Checks if a value is present (not null, undefined, or an empty string).\n *\n * @param value - The value to check.\n *\n * @returns `true` if the value is present, `false` otherwise.\n */\nexport const isPresent = (value?: string | number | boolean): boolean => {\n if (typeof value === 'boolean' || typeof value === 'number') {\n return true;\n }\n const v = value?.trim();\n return v !== undefined && v !== null && v.length > 0;\n};\n\n/**\n * @ignore\n * Checks if a URL is an absolute URL (starts with http:// or https://).\n *\n * @param url - The URL to check.\n *\n * @returns `true` if absolute, `false` otherwise.\n */\nexport const isAbsoluteUrl = (url: string): boolean =>\n (url?.startsWith('http://') || url?.startsWith('https://')) ?? false;\n\n/**\n * @ignore\n * Checks if two URLs have the same origin (host and port).\n *\n * @param url - The first URL.\n * @param urlToCheck - The second URL to compare against.\n *\n * @returns `true` if they share the same origin, `false` otherwise.\n */\nexport const isSameHost = (url: string, urlToCheck: string): boolean => {\n try {\n const u = new URL(url);\n const u2 = new URL(urlToCheck);\n\n return u.origin === u2.origin;\n } catch {\n return false;\n }\n};\n\n/**\n * @ignore\n * Converts a string to a Uint8Array using TextEncoder.\n *\n * @param str - The string to convert.\n *\n * @returns A Uint8Array representation of the string.\n */\nexport const stringToArrayBuffer = (str: string): Uint8Array => {\n const encoder = new TextEncoder();\n return encoder.encode(str);\n};\n\n/**\n * @ignore\n * Converts an ArrayBuffer to a string using TextDecoder.\n *\n * @param buffer - The buffer to convert.\n *\n * @returns The decoded string.\n */\nexport const arrayBufferToString = (buffer: ArrayBuffer): string => {\n const decoder = new TextDecoder();\n return decoder.decode(buffer);\n};\n\n/**\n * @ignore\n * Converts a Base64URL string back to a standard Base64 string with padding.\n *\n * @param input - The Base64URL string.\n *\n * @returns A standard Base64 string.\n */\nexport const fromB64Url = (input: string): string => {\n let str = input;\n if (str.length % 4 !== 0) {\n str += '==='.slice(0, 4 - (str.length % 4));\n }\n\n str = str.replace(/-/g, '+').replace(/_/g, '/');\n\n return str;\n};\n\n/**\n * @ignore\n * Decodes a Base64URL encoded string.\n *\n * @param input - The Base64URL string to decode.\n *\n * @returns The decoded plaintext string.\n */\nexport const decodeBase64Url = (input: string): string =>\n atob(fromB64Url(input).replace(/\\s/g, ''));\n\n/**\n * @ignore\n * Converts a Uint8Array to a Base64URL encoded string.\n *\n * @param buffer - The buffer to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const arrayBufferToBase64 = (buffer: Uint8Array): string => {\n const bytes = new Uint8Array(buffer);\n const binary = bytes.reduce(\n (acc, byte) => acc + String.fromCharCode(byte),\n ''\n );\n return btoa(binary).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Gets the current Unix timestamp in seconds.\n *\n * @returns The current timestamp.\n */\nexport const now = (): number => Math.ceil(Date.now() / 1000);\n\nconst SUPPORTED_JWS_ALGS: SecurityAlgorithms[] = [\n 'RS256',\n 'RS384',\n 'RS512',\n 'PS256',\n 'PS384',\n 'PS512',\n 'ES256',\n 'ES384',\n 'ES512',\n];\n\n/**\n * Retrieves a public CryptoKey from a JWK set based on the JWS header.\n *\n * @param jwks - The set of JSON Web Keys.\n * @param header - The JWS header containing the algorithm and key ID.\n *\n * @returns A promise that resolves to the CryptoKey.\n *\n * @throws If no applicable key or multiple keys are found or the algorithm is unsupported.\n */\nexport const getPublicSigKeyFromIssuerJwks = async (\n jwks: Jwk[],\n header: JwsHeaderParameters\n): Promise<CryptoKey> => {\n const { alg, kid } = header;\n\n if (!SUPPORTED_JWS_ALGS.includes(alg)) {\n throw new Error('unsupported JWS \"alg\" identifier');\n }\n\n let kty: string;\n switch (alg.slice(0, 2)) {\n case 'RS': // Fall through\n case 'PS':\n kty = 'RSA';\n break;\n case 'ES':\n kty = 'EC';\n break;\n }\n\n const candidates = jwks.filter(jwk => {\n // filter keys based on the mapping of signature algorithms to Key Type\n if (jwk.kty !== kty) {\n return false;\n }\n\n // filter keys based on the JWK Key ID in the header\n if (kid !== undefined && kid !== jwk.kid) {\n return false;\n }\n\n // filter keys based on the key's declared Algorithm\n if (jwk.alg !== undefined && alg !== jwk.alg) {\n return false;\n }\n\n // filter keys based on the key's declared Public Key Use\n if (jwk.use !== undefined && jwk.use !== 'sig') {\n return false;\n }\n\n // filter keys based on the key's declared Key Operations\n if (jwk.key_ops?.includes('verify') === false) {\n return false;\n }\n\n // filter keys based on alg-specific key requirements\n switch (true) {\n case alg === 'ES256' && jwk.crv !== 'P-256': // Fall through\n case alg === 'ES384' && jwk.crv !== 'P-384': // Fall through\n case alg === 'ES512' && jwk.crv !== 'P-521': // Fall through\n return false;\n }\n\n return true;\n });\n\n const { 0: jwk, length } = candidates;\n\n if (length !== 1) {\n throw new Error(\n 'error when selecting a JWT verification key, multiple applicable keys found, a \"kid\" JWT Header Parameter is required'\n );\n }\n\n let algorithm:\n | RsaHashedImportParams\n | EcKeyImportParams\n | AlgorithmIdentifier;\n\n switch (alg) {\n case 'PS256': // Fall through\n case 'PS384': // Fall through\n case 'PS512':\n algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };\n break;\n case 'RS256': // Fall through\n case 'RS384': // Fall through\n case 'RS512':\n algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };\n break;\n case 'ES256': // Fall through\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: `P-${alg.slice(-3)}` };\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n break;\n }\n\n const { ext, key_ops, use, ...k } = jwk;\n\n const key = await crypto.subtle.importKey('jwk', k, algorithm, true, [\n 'verify',\n ]);\n\n if (key.type !== 'public') {\n throw new Error('jwks_uri must only contain public keys');\n }\n\n return key;\n};\n\nconst CHUNK_SIZE = 0x8000;\n\n/**\n * @ignore\n * Encodes a Uint8Array or ArrayBuffer into a Base64URL string using chunked processing.\n *\n * @param input - The data to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const encodeBase64Url = (input: Uint8Array | ArrayBuffer): string => {\n if (input instanceof ArrayBuffer) {\n // eslint-disable-next-line no-param-reassign\n input = new Uint8Array(input);\n }\n\n const arr = [];\n for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {\n arr.push(\n String.fromCharCode.apply(\n null,\n Array.from(new Uint8Array(input.slice(i, i + CHUNK_SIZE)))\n )\n );\n }\n return btoa(arr.join(''))\n .replace(/=/g, '')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Computes a SHA-256 hash of the input string and returns it as a Base64URL encoded string.\n *\n * @param input - The string to hash.\n *\n * @returns The Base64URL encoded SHA-256 hash.\n */\nexport const sha256 = async (input: string): Promise<string> =>\n encodeBase64Url(\n await crypto.subtle.digest(\n 'SHA-256',\n stringToArrayBuffer(input) as BufferSource\n )\n );\n\n/**\n * @ignore\n * Generates a random Base64URL encoded string.\n *\n * @param length - The number of random bytes to generate.\n *\n * @returns A random Base64URL string.\n */\nexport const randomBytes = (length = 32): string =>\n encodeBase64Url(crypto.getRandomValues(new Uint8Array(length)));\n\n/**\n * @ignore\n * Checks if a value is a non-null, non-array JSON object.\n *\n * @param input - The value to check.\n *\n * @returns `true` if the value is a JSON object.\n */\nexport const isJsonObject = <T>(input: unknown): input is T => {\n if (input === null || typeof input !== 'object' || Array.isArray(input)) {\n return false;\n }\n\n return true;\n};\n\n/**\n * @ignore\n * Parses a space-separated string into an array of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns An array of strings, or `undefined` if input is empty.\n */\nexport const parseSpaceSeparated = (s?: string): string[] | undefined =>\n s\n ?.split(/\\s+/)\n .map(x => x.trim())\n .filter(Boolean);\n\n/**\n * @ignore\n * Parses a space-separated string into a Set of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns A Set containing the unique strings.\n */\nexport const parseSpaceSeparatedSet = (s?: string): Set<string> => {\n if (!s) {\n return new Set();\n }\n\n return new Set(parseSpaceSeparated(s));\n};\n\n/**\n * @ignore\n * Compares two Sets for equality.\n *\n * @param a - The first Set.\n * @param b - The second Set.\n * @param strict - If `true`, requires both sets to be the same size. Defaults to `true`.\n *\n * @returns `true` if the sets are equal.\n */\nexport const setsEqual = (\n a: Set<string>,\n b: Set<string>,\n strict = true\n): boolean => {\n if (strict && a.size !== b.size) {\n return false;\n }\n\n for (const v of a) {\n if (!b.has(v)) {\n return false;\n }\n }\n\n return true;\n};\n\n/**\n * Finds a specific access token in an array based on resource and scopes.\n *\n * @param tokens - The array of access tokens.\n * @param resource - Space-separated resource indicators.\n * @param scopes - Space-separated scopes.\n *\n * @returns The matching AccessToken, or `undefined` if not found.\n */\nexport const findToken = (\n tokens?: AccessToken[],\n resource?: string,\n scopes?: string\n): AccessToken | undefined => {\n if (!Array.isArray(tokens) || tokens.length === 0) {\n return undefined;\n }\n\n const desiredResource = parseSpaceSeparatedSet(resource);\n const desiredScopes = parseSpaceSeparatedSet(scopes);\n\n return tokens.find(\n t =>\n setsEqual(desiredResource, parseSpaceSeparatedSet(t.resource)) &&\n setsEqual(desiredScopes, parseSpaceSeparatedSet(t.requestedScopes))\n );\n};\n\n/**\n * @ignore\n * Builds the session user claims from existing claims and newly fetched claims.\n *\n * @param existingUser - Existing session user claims.\n * @param idTokenClaims - Claims extracted from ID token.\n * @param userinfoClaims - Claims fetched from UserInfo endpoint.\n * @param strict - If `true`, creates claims from new inputs only (falls back to existing when none). If `false`, merges into existing claims.\n *\n * @returns Updated user claims for the session.\n */\nexport const profileSync = (\n existingUser?: MonoCloudUser,\n idTokenClaims?: Partial<IdTokenClaims>,\n userinfoClaims?: Partial<MonoCloudUser>,\n strict = false\n): MonoCloudUser => {\n const hasIdTokenClaims =\n !!idTokenClaims && Object.keys(idTokenClaims).length > 0;\n const hasUserinfoClaims =\n !!userinfoClaims && Object.keys(userinfoClaims).length > 0;\n\n if (!hasIdTokenClaims && !hasUserinfoClaims) {\n return existingUser ?? ({} as MonoCloudUser);\n }\n\n if (strict) {\n return {\n ...(idTokenClaims ?? {}),\n ...(userinfoClaims ?? {}),\n } as MonoCloudUser;\n }\n\n return {\n ...(existingUser ?? {}),\n ...(idTokenClaims ?? {}),\n ...(userinfoClaims ?? {}),\n } as MonoCloudUser;\n};\n"],"mappings":";;;;;;;;;;;AAiBA,MAAa,YAAY,UACvB,MAAM,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,GAAG;;;;;;;;;AAUlE,MAAa,cAAc,UAAwC;CACjE,MAAM,IAAI,OAAO,aAAa,EAAE,MAAM;AAEtC,KAAI,MAAM,OACR,QAAO;AAGT,KAAI,MAAM,QACR,QAAO;;;;;;;;;;AAcX,MAAa,aAAa,UAAuC;CAC/D,MAAM,IAAI,OAAO,MAAM;AAEvB,KAAI,MAAM,UAAa,EAAE,WAAW,EAClC;CAGF,MAAM,IAAI,SAAS,GAAG,GAAG;AAEzB,QAAO,OAAO,MAAM,EAAE,GAAG,SAAY;;;;;;;;;;AAWvC,MAAa,sBAAsB,QAAyB;CAC1D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,WAAW,IAAI,GAAG,IAAI,IAAI;;;;;;;;;;AAWrC,MAAa,uBAAuB,QAAyB;CAC3D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,SAAS,IAAI,GAAG,EAAE,UAAU,GAAG,EAAE,SAAS,EAAE,GAAG;;;;;;;;;;AAW1D,MAAa,aAAa,UAA+C;AACvE,KAAI,OAAO,UAAU,aAAa,OAAO,UAAU,SACjD,QAAO;CAET,MAAM,IAAI,OAAO,MAAM;AACvB,QAAO,MAAM,UAAa,MAAM,QAAQ,EAAE,SAAS;;;;;;;;;;AAWrD,MAAa,iBAAiB,SAC3B,KAAK,WAAW,UAAU,IAAI,KAAK,WAAW,WAAW,KAAK;;;;;;;;;;AAWjE,MAAa,cAAc,KAAa,eAAgC;AACtE,KAAI;EACF,MAAM,IAAI,IAAI,IAAI,IAAI;EACtB,MAAM,KAAK,IAAI,IAAI,WAAW;AAE9B,SAAO,EAAE,WAAW,GAAG;SACjB;AACN,SAAO;;;;;;;;;;;AAYX,MAAa,uBAAuB,QAA4B;AAE9D,QADgB,IAAI,aAAa,CAClB,OAAO,IAAI;;;;;;;;;;AAW5B,MAAa,uBAAuB,WAAgC;AAElE,QADgB,IAAI,aAAa,CAClB,OAAO,OAAO;;;;;;;;;;AAW/B,MAAa,cAAc,UAA0B;CACnD,IAAI,MAAM;AACV,KAAI,IAAI,SAAS,MAAM,EACrB,QAAO,MAAM,MAAM,GAAG,IAAK,IAAI,SAAS,EAAG;AAG7C,OAAM,IAAI,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI;AAE/C,QAAO;;;;;;;;;;AAWT,MAAa,mBAAmB,UAC9B,KAAK,WAAW,MAAM,CAAC,QAAQ,OAAO,GAAG,CAAC;;;;;;;;;AAU5C,MAAa,uBAAuB,WAA+B;CAEjE,MAAM,SADQ,IAAI,WAAW,OAAO,CACf,QAClB,KAAK,SAAS,MAAM,OAAO,aAAa,KAAK,EAC9C,GACD;AACD,QAAO,KAAK,OAAO,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;;;;;;;;AAS/E,MAAa,YAAoB,KAAK,KAAK,KAAK,KAAK,GAAG,IAAK;AAE7D,MAAM,qBAA2C;CAC/C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;;;;;;;;AAYD,MAAa,gCAAgC,OAC3C,MACA,WACuB;CACvB,MAAM,EAAE,KAAK,QAAQ;AAErB,KAAI,CAAC,mBAAmB,SAAS,IAAI,CACnC,OAAM,IAAI,MAAM,qCAAmC;CAGrD,IAAI;AACJ,SAAQ,IAAI,MAAM,GAAG,EAAE,EAAvB;EACE,KAAK;EACL,KAAK;AACH,SAAM;AACN;EACF,KAAK;AACH,SAAM;AACN;;CAwCJ,MAAM,EAAE,GAAG,KAAK,WArCG,KAAK,QAAO,QAAO;AAEpC,MAAI,IAAI,QAAQ,IACd,QAAO;AAIT,MAAI,QAAQ,UAAa,QAAQ,IAAI,IACnC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,QAAQ,IAAI,IACvC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,IAAI,QAAQ,MACvC,QAAO;AAIT,MAAI,IAAI,SAAS,SAAS,SAAS,KAAK,MACtC,QAAO;AAIT,UAAQ,MAAR;GACE,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ,QAClC,QAAO;;AAGX,SAAO;GACP;AAIF,KAAI,WAAW,EACb,OAAM,IAAI,MACR,0HACD;CAGH,IAAI;AAKJ,SAAQ,KAAR;EACE,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAW,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AAC7D;EACF,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAqB,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AACvE;EACF,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY,KAAK,IAAI,MAAM,GAAG;IAAI;AAC/D;EACF,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY;IAAS;AAClD;;CAGJ,MAAM,EAAE,KAAK,SAAS,KAAK,GAAG,MAAM;CAEpC,MAAM,MAAM,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,WAAW,MAAM,CACnE,SACD,CAAC;AAEF,KAAI,IAAI,SAAS,SACf,OAAM,IAAI,MAAM,yCAAyC;AAG3D,QAAO;;AAGT,MAAM,aAAa;;;;;;;;;AAUnB,MAAa,mBAAmB,UAA4C;AAC1E,KAAI,iBAAiB,YAEnB,SAAQ,IAAI,WAAW,MAAM;CAG/B,MAAM,MAAM,EAAE;AACd,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK,WACzC,KAAI,KACF,OAAO,aAAa,MAClB,MACA,MAAM,KAAK,IAAI,WAAW,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,CAAC,CAC3D,CACF;AAEH,QAAO,KAAK,IAAI,KAAK,GAAG,CAAC,CACtB,QAAQ,MAAM,GAAG,CACjB,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,IAAI;;;;;;;;;;AAWxB,MAAa,SAAS,OAAO,UAC3B,gBACE,MAAM,OAAO,OAAO,OAClB,WACA,oBAAoB,MAAM,CAC3B,CACF;;;;;;;;;AAUH,MAAa,eAAe,SAAS,OACnC,gBAAgB,OAAO,gBAAgB,IAAI,WAAW,OAAO,CAAC,CAAC;;;;;;;;;AAUjE,MAAa,gBAAmB,UAA+B;AAC7D,KAAI,UAAU,QAAQ,OAAO,UAAU,YAAY,MAAM,QAAQ,MAAM,CACrE,QAAO;AAGT,QAAO;;;;;;;;;;AAWT,MAAa,uBAAuB,MAClC,GACI,MAAM,MAAM,CACb,KAAI,MAAK,EAAE,MAAM,CAAC,CAClB,OAAO,QAAQ;;;;;;;;;AAUpB,MAAa,0BAA0B,MAA4B;AACjE,KAAI,CAAC,EACH,wBAAO,IAAI,KAAK;AAGlB,QAAO,IAAI,IAAI,oBAAoB,EAAE,CAAC;;;;;;;;;;;;AAaxC,MAAa,aACX,GACA,GACA,SAAS,SACG;AACZ,KAAI,UAAU,EAAE,SAAS,EAAE,KACzB,QAAO;AAGT,MAAK,MAAM,KAAK,EACd,KAAI,CAAC,EAAE,IAAI,EAAE,CACX,QAAO;AAIX,QAAO;;;;;;;;;;;AAYT,MAAa,aACX,QACA,UACA,WAC4B;AAC5B,KAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,OAAO,WAAW,EAC9C;CAGF,MAAM,kBAAkB,uBAAuB,SAAS;CACxD,MAAM,gBAAgB,uBAAuB,OAAO;AAEpD,QAAO,OAAO,MACZ,MACE,UAAU,iBAAiB,uBAAuB,EAAE,SAAS,CAAC,IAC9D,UAAU,eAAe,uBAAuB,EAAE,gBAAgB,CAAC,CACtE;;;;;;;;;;;;;AAcH,MAAa,eACX,cACA,eACA,gBACA,SAAS,UACS;CAClB,MAAM,mBACJ,CAAC,CAAC,iBAAiB,OAAO,KAAK,cAAc,CAAC,SAAS;CACzD,MAAM,oBACJ,CAAC,CAAC,kBAAkB,OAAO,KAAK,eAAe,CAAC,SAAS;AAE3D,KAAI,CAAC,oBAAoB,CAAC,kBACxB,QAAO,gBAAiB,EAAE;AAG5B,KAAI,OACF,QAAO;EACL,GAAI,iBAAiB,EAAE;EACvB,GAAI,kBAAkB,EAAE;EACzB;AAGH,QAAO;EACL,GAAI,gBAAgB,EAAE;EACtB,GAAI,iBAAiB,EAAE;EACvB,GAAI,kBAAkB,EAAE;EACzB"}
|
|
1
|
+
{"version":3,"file":"internal.cjs","names":[],"sources":["../../src/utils/internal.ts"],"sourcesContent":["import type {\n AccessToken,\n IdTokenClaims,\n Jwk,\n MonoCloudUser,\n SecurityAlgorithms,\n JwsHeaderParameters,\n} from '../types';\n\n/**\n * @ignore\n * Converts a string to a Base64URL encoded string.\n *\n * @param input - The string to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const toB64Url = (input: string): string =>\n input.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\n/**\n * @ignore\n * Parses a string value into a boolean.\n *\n * @param value - The string value to parse.\n *\n * @returns `true` if \"true\", `false` if \"false\", otherwise `undefined`.\n */\nexport const getBoolean = (value?: string): boolean | undefined => {\n const v = value?.toLowerCase()?.trim();\n\n if (v === 'true') {\n return true;\n }\n\n if (v === 'false') {\n return false;\n }\n\n return undefined;\n};\n\n/**\n * @ignore\n * Parses a string value into a number.\n *\n * @param value - The string value to parse.\n *\n * @returns The parsed number, or `undefined` if empty or invalid.\n */\nexport const getNumber = (value?: string): number | undefined => {\n const v = value?.trim();\n\n if (v === undefined || v.length === 0) {\n return undefined;\n }\n\n const p = parseInt(v, 10);\n\n return Number.isNaN(p) ? undefined : p;\n};\n\n/**\n * @ignore\n * Ensures that a string has a leading forward slash.\n *\n * @param val - The string to check.\n *\n * @returns The string with a leading slash.\n */\nexport const ensureLeadingSlash = (val?: string): string => {\n const v = val?.trim();\n\n if (!v) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return v!;\n }\n\n return v.startsWith('/') ? v : `/${v}`;\n};\n\n/**\n * @ignore\n * Removes a trailing forward slash from a string.\n *\n * @param val - The string to check.\n *\n * @returns The string without a trailing slash.\n */\nexport const removeTrailingSlash = (val?: string): string => {\n const v = val?.trim();\n\n if (!v) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return v!;\n }\n\n return v.endsWith('/') ? v.substring(0, v.length - 1) : v;\n};\n\n/**\n * @ignore\n * Checks if a value is present (not null, undefined, or an empty string).\n *\n * @param value - The value to check.\n *\n * @returns `true` if the value is present, `false` otherwise.\n */\nexport const isPresent = (value?: string | number | boolean): boolean => {\n if (typeof value === 'boolean' || typeof value === 'number') {\n return true;\n }\n const v = value?.trim();\n return v !== undefined && v !== null && v.length > 0;\n};\n\n/**\n * @ignore\n * Checks if a URL is an absolute URL (starts with http:// or https://).\n *\n * @param url - The URL to check.\n *\n * @returns `true` if absolute, `false` otherwise.\n */\nexport const isAbsoluteUrl = (url: string): boolean =>\n (url?.startsWith('http://') || url?.startsWith('https://')) ?? false;\n\n/**\n * @ignore\n * Checks if two URLs have the same origin (host and port).\n *\n * @param url - The first URL.\n * @param urlToCheck - The second URL to compare against.\n *\n * @returns `true` if they share the same origin, `false` otherwise.\n */\nexport const isSameHost = (url: string, urlToCheck: string): boolean => {\n try {\n const u = new URL(url);\n const u2 = new URL(urlToCheck);\n\n return u.origin === u2.origin;\n } catch {\n return false;\n }\n};\n\n/**\n * @ignore\n * Converts a string to a Uint8Array using TextEncoder.\n *\n * @param str - The string to convert.\n *\n * @returns A Uint8Array representation of the string.\n */\nexport const stringToArrayBuffer = (str: string): Uint8Array => {\n const encoder = new TextEncoder();\n return encoder.encode(str);\n};\n\n/**\n * @ignore\n * Converts an ArrayBuffer to a string using TextDecoder.\n *\n * @param buffer - The buffer to convert.\n *\n * @returns The decoded string.\n */\nexport const arrayBufferToString = (buffer: ArrayBuffer): string => {\n const decoder = new TextDecoder();\n return decoder.decode(buffer);\n};\n\n/**\n * @ignore\n * Converts a Base64URL string back to a standard Base64 string with padding.\n *\n * @param input - The Base64URL string.\n *\n * @returns A standard Base64 string.\n */\nexport const fromB64Url = (input: string): string => {\n let str = input;\n if (str.length % 4 !== 0) {\n str += '==='.slice(0, 4 - (str.length % 4));\n }\n\n str = str.replace(/-/g, '+').replace(/_/g, '/');\n\n return str;\n};\n\n/**\n * @ignore\n * Decodes a Base64URL encoded string.\n *\n * @param input - The Base64URL string to decode.\n *\n * @returns The decoded plaintext string.\n */\nexport const decodeBase64Url = (input: string): string =>\n atob(fromB64Url(input).replace(/\\s/g, ''));\n\n/**\n * @ignore\n * Converts a Uint8Array to a Base64URL encoded string.\n *\n * @param buffer - The buffer to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const arrayBufferToBase64 = (buffer: Uint8Array): string => {\n const bytes = new Uint8Array(buffer);\n const binary = bytes.reduce(\n (acc, byte) => acc + String.fromCharCode(byte),\n ''\n );\n return btoa(binary).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Gets the current Unix timestamp in seconds.\n *\n * @returns The current timestamp.\n */\nexport const now = (): number => Math.floor(Date.now() / 1000);\n\nconst SUPPORTED_JWS_ALGS: SecurityAlgorithms[] = [\n 'RS256',\n 'RS384',\n 'RS512',\n 'PS256',\n 'PS384',\n 'PS512',\n 'ES256',\n 'ES384',\n 'ES512',\n];\n\n/**\n * Retrieves a public CryptoKey from a JWK set based on the JWS header.\n *\n * @param jwks - The set of JSON Web Keys.\n * @param header - The JWS header containing the algorithm and key ID.\n *\n * @returns A promise that resolves to the CryptoKey.\n *\n * @throws If no applicable key or multiple keys are found or the algorithm is unsupported.\n */\nexport const getPublicSigKeyFromIssuerJwks = async (\n jwks: Jwk[],\n header: JwsHeaderParameters\n): Promise<CryptoKey> => {\n const { alg, kid } = header;\n\n if (!SUPPORTED_JWS_ALGS.includes(alg)) {\n throw new Error('unsupported JWS \"alg\" identifier');\n }\n\n let kty: string;\n switch (alg.slice(0, 2)) {\n case 'RS': // Fall through\n case 'PS':\n kty = 'RSA';\n break;\n case 'ES':\n kty = 'EC';\n break;\n }\n\n const candidates = jwks.filter(jwk => {\n // filter keys based on the mapping of signature algorithms to Key Type\n if (jwk.kty !== kty) {\n return false;\n }\n\n // filter keys based on the JWK Key ID in the header\n if (kid !== undefined && kid !== jwk.kid) {\n return false;\n }\n\n // filter keys based on the key's declared Algorithm\n if (jwk.alg !== undefined && alg !== jwk.alg) {\n return false;\n }\n\n // filter keys based on the key's declared Public Key Use\n if (jwk.use !== undefined && jwk.use !== 'sig') {\n return false;\n }\n\n // filter keys based on the key's declared Key Operations\n if (jwk.key_ops?.includes('verify') === false) {\n return false;\n }\n\n // filter keys based on alg-specific key requirements\n switch (true) {\n case alg === 'ES256' && jwk.crv !== 'P-256': // Fall through\n case alg === 'ES384' && jwk.crv !== 'P-384': // Fall through\n case alg === 'ES512' && jwk.crv !== 'P-521': // Fall through\n return false;\n }\n\n return true;\n });\n\n const { 0: jwk, length } = candidates;\n\n if (length !== 1) {\n throw new Error(\n 'error when selecting a JWT verification key, multiple applicable keys found, a \"kid\" JWT Header Parameter is required'\n );\n }\n\n let algorithm:\n | RsaHashedImportParams\n | EcKeyImportParams\n | AlgorithmIdentifier;\n\n switch (alg) {\n case 'PS256': // Fall through\n case 'PS384': // Fall through\n case 'PS512':\n algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };\n break;\n case 'RS256': // Fall through\n case 'RS384': // Fall through\n case 'RS512':\n algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };\n break;\n case 'ES256': // Fall through\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: `P-${alg.slice(-3)}` };\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n break;\n }\n\n const { ext, key_ops, use, ...k } = jwk;\n\n const key = await crypto.subtle.importKey('jwk', k, algorithm, true, [\n 'verify',\n ]);\n\n if (key.type !== 'public') {\n throw new Error('jwks_uri must only contain public keys');\n }\n\n return key;\n};\n\nconst CHUNK_SIZE = 0x8000;\n\n/**\n * @ignore\n * Encodes a Uint8Array or ArrayBuffer into a Base64URL string using chunked processing.\n *\n * @param input - The data to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const encodeBase64Url = (input: Uint8Array | ArrayBuffer): string => {\n if (input instanceof ArrayBuffer) {\n // eslint-disable-next-line no-param-reassign\n input = new Uint8Array(input);\n }\n\n const arr = [];\n for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {\n arr.push(\n String.fromCharCode.apply(\n null,\n Array.from(new Uint8Array(input.slice(i, i + CHUNK_SIZE)))\n )\n );\n }\n return btoa(arr.join(''))\n .replace(/=/g, '')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Computes a SHA-256 hash of the input string and returns it as a Base64URL encoded string.\n *\n * @param input - The string to hash.\n *\n * @returns The Base64URL encoded SHA-256 hash.\n */\nexport const sha256 = async (input: string): Promise<string> =>\n encodeBase64Url(\n await crypto.subtle.digest(\n 'SHA-256',\n stringToArrayBuffer(input) as BufferSource\n )\n );\n\n/**\n * @ignore\n * Generates a random Base64URL encoded string.\n *\n * @param length - The number of random bytes to generate.\n *\n * @returns A random Base64URL string.\n */\nexport const randomBytes = (length = 32): string =>\n encodeBase64Url(crypto.getRandomValues(new Uint8Array(length)));\n\n/**\n * @ignore\n * Checks if a value is a non-null, non-array JSON object.\n *\n * @param input - The value to check.\n *\n * @returns `true` if the value is a JSON object.\n */\nexport const isJsonObject = <T>(input: unknown): input is T => {\n if (input === null || typeof input !== 'object' || Array.isArray(input)) {\n return false;\n }\n\n return true;\n};\n\n/**\n * @ignore\n * Parses a space-separated string into an array of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns An array of strings, or `undefined` if input is empty.\n */\nexport const parseSpaceSeparated = (s?: string): string[] | undefined =>\n s\n ?.split(/\\s+/)\n .map(x => x.trim())\n .filter(Boolean);\n\n/**\n * @ignore\n * Parses a space-separated string into a Set of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns A Set containing the unique strings.\n */\nexport const parseSpaceSeparatedSet = (s?: string): Set<string> => {\n if (!s) {\n return new Set();\n }\n\n return new Set(parseSpaceSeparated(s));\n};\n\n/**\n * @ignore\n * Compares two Sets for equality.\n *\n * @param a - The first Set.\n * @param b - The second Set.\n * @param strict - If `true`, requires both sets to be the same size. Defaults to `true`.\n *\n * @returns `true` if the sets are equal.\n */\nexport const setsEqual = (\n a: Set<string>,\n b: Set<string>,\n strict = true\n): boolean => {\n if (strict && a.size !== b.size) {\n return false;\n }\n\n for (const v of a) {\n if (!b.has(v)) {\n return false;\n }\n }\n\n return true;\n};\n\n/**\n * Finds a specific access token in an array based on resource and scopes.\n *\n * @param tokens - The array of access tokens.\n * @param resource - Space-separated resource indicators.\n * @param scopes - Space-separated scopes.\n *\n * @returns The matching AccessToken, or `undefined` if not found.\n */\nexport const findToken = (\n tokens?: AccessToken[],\n resource?: string,\n scopes?: string\n): AccessToken | undefined => {\n if (!Array.isArray(tokens) || tokens.length === 0) {\n return undefined;\n }\n\n const desiredResource = parseSpaceSeparatedSet(resource);\n const desiredScopes = parseSpaceSeparatedSet(scopes);\n\n return tokens.find(\n t =>\n setsEqual(desiredResource, parseSpaceSeparatedSet(t.resource)) &&\n setsEqual(desiredScopes, parseSpaceSeparatedSet(t.requestedScopes))\n );\n};\n\n/**\n * @ignore\n * Builds the session user claims from existing claims and newly fetched claims.\n *\n * @param existingUser - Existing session user claims.\n * @param idTokenClaims - Claims extracted from ID token.\n * @param userinfoClaims - Claims fetched from UserInfo endpoint.\n * @param strict - If `true`, creates claims from new inputs only (falls back to existing when none). If `false`, merges into existing claims.\n *\n * @returns Updated user claims for the session.\n */\nexport const profileSync = (\n existingUser?: MonoCloudUser,\n idTokenClaims?: Partial<IdTokenClaims>,\n userinfoClaims?: Partial<MonoCloudUser>,\n strict = false\n): MonoCloudUser => {\n const hasIdTokenClaims =\n !!idTokenClaims && Object.keys(idTokenClaims).length > 0;\n const hasUserinfoClaims =\n !!userinfoClaims && Object.keys(userinfoClaims).length > 0;\n\n if (!hasIdTokenClaims && !hasUserinfoClaims) {\n return existingUser ?? ({} as MonoCloudUser);\n }\n\n if (strict) {\n return {\n ...(idTokenClaims ?? {}),\n ...(userinfoClaims ?? {}),\n } as MonoCloudUser;\n }\n\n return {\n ...(existingUser ?? {}),\n ...(idTokenClaims ?? {}),\n ...(userinfoClaims ?? {}),\n } as MonoCloudUser;\n};\n"],"mappings":";;;;;;;;;;;AAiBA,MAAa,YAAY,UACvB,MAAM,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,GAAG;;;;;;;;;AAUlE,MAAa,cAAc,UAAwC;CACjE,MAAM,IAAI,OAAO,aAAa,EAAE,MAAM;AAEtC,KAAI,MAAM,OACR,QAAO;AAGT,KAAI,MAAM,QACR,QAAO;;;;;;;;;;AAcX,MAAa,aAAa,UAAuC;CAC/D,MAAM,IAAI,OAAO,MAAM;AAEvB,KAAI,MAAM,UAAa,EAAE,WAAW,EAClC;CAGF,MAAM,IAAI,SAAS,GAAG,GAAG;AAEzB,QAAO,OAAO,MAAM,EAAE,GAAG,SAAY;;;;;;;;;;AAWvC,MAAa,sBAAsB,QAAyB;CAC1D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,WAAW,IAAI,GAAG,IAAI,IAAI;;;;;;;;;;AAWrC,MAAa,uBAAuB,QAAyB;CAC3D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,SAAS,IAAI,GAAG,EAAE,UAAU,GAAG,EAAE,SAAS,EAAE,GAAG;;;;;;;;;;AAW1D,MAAa,aAAa,UAA+C;AACvE,KAAI,OAAO,UAAU,aAAa,OAAO,UAAU,SACjD,QAAO;CAET,MAAM,IAAI,OAAO,MAAM;AACvB,QAAO,MAAM,UAAa,MAAM,QAAQ,EAAE,SAAS;;;;;;;;;;AAWrD,MAAa,iBAAiB,SAC3B,KAAK,WAAW,UAAU,IAAI,KAAK,WAAW,WAAW,KAAK;;;;;;;;;;AAWjE,MAAa,cAAc,KAAa,eAAgC;AACtE,KAAI;EACF,MAAM,IAAI,IAAI,IAAI,IAAI;EACtB,MAAM,KAAK,IAAI,IAAI,WAAW;AAE9B,SAAO,EAAE,WAAW,GAAG;SACjB;AACN,SAAO;;;;;;;;;;;AAYX,MAAa,uBAAuB,QAA4B;AAE9D,QADgB,IAAI,aAAa,CAClB,OAAO,IAAI;;;;;;;;;;AAW5B,MAAa,uBAAuB,WAAgC;AAElE,QADgB,IAAI,aAAa,CAClB,OAAO,OAAO;;;;;;;;;;AAW/B,MAAa,cAAc,UAA0B;CACnD,IAAI,MAAM;AACV,KAAI,IAAI,SAAS,MAAM,EACrB,QAAO,MAAM,MAAM,GAAG,IAAK,IAAI,SAAS,EAAG;AAG7C,OAAM,IAAI,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI;AAE/C,QAAO;;;;;;;;;;AAWT,MAAa,mBAAmB,UAC9B,KAAK,WAAW,MAAM,CAAC,QAAQ,OAAO,GAAG,CAAC;;;;;;;;;AAU5C,MAAa,uBAAuB,WAA+B;CAEjE,MAAM,SADQ,IAAI,WAAW,OAAO,CACf,QAClB,KAAK,SAAS,MAAM,OAAO,aAAa,KAAK,EAC9C,GACD;AACD,QAAO,KAAK,OAAO,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;;;;;;;;AAS/E,MAAa,YAAoB,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;AAE9D,MAAM,qBAA2C;CAC/C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;;;;;;;;AAYD,MAAa,gCAAgC,OAC3C,MACA,WACuB;CACvB,MAAM,EAAE,KAAK,QAAQ;AAErB,KAAI,CAAC,mBAAmB,SAAS,IAAI,CACnC,OAAM,IAAI,MAAM,qCAAmC;CAGrD,IAAI;AACJ,SAAQ,IAAI,MAAM,GAAG,EAAE,EAAvB;EACE,KAAK;EACL,KAAK;AACH,SAAM;AACN;EACF,KAAK;AACH,SAAM;AACN;;CAwCJ,MAAM,EAAE,GAAG,KAAK,WArCG,KAAK,QAAO,QAAO;AAEpC,MAAI,IAAI,QAAQ,IACd,QAAO;AAIT,MAAI,QAAQ,UAAa,QAAQ,IAAI,IACnC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,QAAQ,IAAI,IACvC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,IAAI,QAAQ,MACvC,QAAO;AAIT,MAAI,IAAI,SAAS,SAAS,SAAS,KAAK,MACtC,QAAO;AAIT,UAAQ,MAAR;GACE,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ,QAClC,QAAO;;AAGX,SAAO;GACP;AAIF,KAAI,WAAW,EACb,OAAM,IAAI,MACR,0HACD;CAGH,IAAI;AAKJ,SAAQ,KAAR;EACE,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAW,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AAC7D;EACF,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAqB,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AACvE;EACF,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY,KAAK,IAAI,MAAM,GAAG;IAAI;AAC/D;EACF,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY;IAAS;AAClD;;CAGJ,MAAM,EAAE,KAAK,SAAS,KAAK,GAAG,MAAM;CAEpC,MAAM,MAAM,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,WAAW,MAAM,CACnE,SACD,CAAC;AAEF,KAAI,IAAI,SAAS,SACf,OAAM,IAAI,MAAM,yCAAyC;AAG3D,QAAO;;AAGT,MAAM,aAAa;;;;;;;;;AAUnB,MAAa,mBAAmB,UAA4C;AAC1E,KAAI,iBAAiB,YAEnB,SAAQ,IAAI,WAAW,MAAM;CAG/B,MAAM,MAAM,EAAE;AACd,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK,WACzC,KAAI,KACF,OAAO,aAAa,MAClB,MACA,MAAM,KAAK,IAAI,WAAW,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,CAAC,CAC3D,CACF;AAEH,QAAO,KAAK,IAAI,KAAK,GAAG,CAAC,CACtB,QAAQ,MAAM,GAAG,CACjB,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,IAAI;;;;;;;;;;AAWxB,MAAa,SAAS,OAAO,UAC3B,gBACE,MAAM,OAAO,OAAO,OAClB,WACA,oBAAoB,MAAM,CAC3B,CACF;;;;;;;;;AAUH,MAAa,eAAe,SAAS,OACnC,gBAAgB,OAAO,gBAAgB,IAAI,WAAW,OAAO,CAAC,CAAC;;;;;;;;;AAUjE,MAAa,gBAAmB,UAA+B;AAC7D,KAAI,UAAU,QAAQ,OAAO,UAAU,YAAY,MAAM,QAAQ,MAAM,CACrE,QAAO;AAGT,QAAO;;;;;;;;;;AAWT,MAAa,uBAAuB,MAClC,GACI,MAAM,MAAM,CACb,KAAI,MAAK,EAAE,MAAM,CAAC,CAClB,OAAO,QAAQ;;;;;;;;;AAUpB,MAAa,0BAA0B,MAA4B;AACjE,KAAI,CAAC,EACH,wBAAO,IAAI,KAAK;AAGlB,QAAO,IAAI,IAAI,oBAAoB,EAAE,CAAC;;;;;;;;;;;;AAaxC,MAAa,aACX,GACA,GACA,SAAS,SACG;AACZ,KAAI,UAAU,EAAE,SAAS,EAAE,KACzB,QAAO;AAGT,MAAK,MAAM,KAAK,EACd,KAAI,CAAC,EAAE,IAAI,EAAE,CACX,QAAO;AAIX,QAAO;;;;;;;;;;;AAYT,MAAa,aACX,QACA,UACA,WAC4B;AAC5B,KAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,OAAO,WAAW,EAC9C;CAGF,MAAM,kBAAkB,uBAAuB,SAAS;CACxD,MAAM,gBAAgB,uBAAuB,OAAO;AAEpD,QAAO,OAAO,MACZ,MACE,UAAU,iBAAiB,uBAAuB,EAAE,SAAS,CAAC,IAC9D,UAAU,eAAe,uBAAuB,EAAE,gBAAgB,CAAC,CACtE;;;;;;;;;;;;;AAcH,MAAa,eACX,cACA,eACA,gBACA,SAAS,UACS;CAClB,MAAM,mBACJ,CAAC,CAAC,iBAAiB,OAAO,KAAK,cAAc,CAAC,SAAS;CACzD,MAAM,oBACJ,CAAC,CAAC,kBAAkB,OAAO,KAAK,eAAe,CAAC,SAAS;AAE3D,KAAI,CAAC,oBAAoB,CAAC,kBACxB,QAAO,gBAAiB,EAAE;AAG5B,KAAI,OACF,QAAO;EACL,GAAI,iBAAiB,EAAE;EACvB,GAAI,kBAAkB,EAAE;EACzB;AAGH,QAAO;EACL,GAAI,gBAAgB,EAAE;EACtB,GAAI,iBAAiB,EAAE;EACvB,GAAI,kBAAkB,EAAE;EACzB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { E as MonoCloudUser, b as JwsHeaderParameters, m as IdTokenClaims, t as AccessToken, v as Jwk } from "../types-
|
|
1
|
+
import { E as MonoCloudUser, b as JwsHeaderParameters, m as IdTokenClaims, t as AccessToken, v as Jwk } from "../types-BVOv1R0s.mjs";
|
|
2
2
|
|
|
3
3
|
//#region src/utils/internal.d.ts
|
|
4
4
|
/**
|
package/dist/utils/internal.mjs
CHANGED
|
@@ -164,7 +164,7 @@ const arrayBufferToBase64 = (buffer) => {
|
|
|
164
164
|
*
|
|
165
165
|
* @returns The current timestamp.
|
|
166
166
|
*/
|
|
167
|
-
const now = () => Math.
|
|
167
|
+
const now = () => Math.floor(Date.now() / 1e3);
|
|
168
168
|
const SUPPORTED_JWS_ALGS = [
|
|
169
169
|
"RS256",
|
|
170
170
|
"RS384",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal.mjs","names":[],"sources":["../../src/utils/internal.ts"],"sourcesContent":["import type {\n AccessToken,\n IdTokenClaims,\n Jwk,\n MonoCloudUser,\n SecurityAlgorithms,\n JwsHeaderParameters,\n} from '../types';\n\n/**\n * @ignore\n * Converts a string to a Base64URL encoded string.\n *\n * @param input - The string to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const toB64Url = (input: string): string =>\n input.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\n/**\n * @ignore\n * Parses a string value into a boolean.\n *\n * @param value - The string value to parse.\n *\n * @returns `true` if \"true\", `false` if \"false\", otherwise `undefined`.\n */\nexport const getBoolean = (value?: string): boolean | undefined => {\n const v = value?.toLowerCase()?.trim();\n\n if (v === 'true') {\n return true;\n }\n\n if (v === 'false') {\n return false;\n }\n\n return undefined;\n};\n\n/**\n * @ignore\n * Parses a string value into a number.\n *\n * @param value - The string value to parse.\n *\n * @returns The parsed number, or `undefined` if empty or invalid.\n */\nexport const getNumber = (value?: string): number | undefined => {\n const v = value?.trim();\n\n if (v === undefined || v.length === 0) {\n return undefined;\n }\n\n const p = parseInt(v, 10);\n\n return Number.isNaN(p) ? undefined : p;\n};\n\n/**\n * @ignore\n * Ensures that a string has a leading forward slash.\n *\n * @param val - The string to check.\n *\n * @returns The string with a leading slash.\n */\nexport const ensureLeadingSlash = (val?: string): string => {\n const v = val?.trim();\n\n if (!v) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return v!;\n }\n\n return v.startsWith('/') ? v : `/${v}`;\n};\n\n/**\n * @ignore\n * Removes a trailing forward slash from a string.\n *\n * @param val - The string to check.\n *\n * @returns The string without a trailing slash.\n */\nexport const removeTrailingSlash = (val?: string): string => {\n const v = val?.trim();\n\n if (!v) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return v!;\n }\n\n return v.endsWith('/') ? v.substring(0, v.length - 1) : v;\n};\n\n/**\n * @ignore\n * Checks if a value is present (not null, undefined, or an empty string).\n *\n * @param value - The value to check.\n *\n * @returns `true` if the value is present, `false` otherwise.\n */\nexport const isPresent = (value?: string | number | boolean): boolean => {\n if (typeof value === 'boolean' || typeof value === 'number') {\n return true;\n }\n const v = value?.trim();\n return v !== undefined && v !== null && v.length > 0;\n};\n\n/**\n * @ignore\n * Checks if a URL is an absolute URL (starts with http:// or https://).\n *\n * @param url - The URL to check.\n *\n * @returns `true` if absolute, `false` otherwise.\n */\nexport const isAbsoluteUrl = (url: string): boolean =>\n (url?.startsWith('http://') || url?.startsWith('https://')) ?? false;\n\n/**\n * @ignore\n * Checks if two URLs have the same origin (host and port).\n *\n * @param url - The first URL.\n * @param urlToCheck - The second URL to compare against.\n *\n * @returns `true` if they share the same origin, `false` otherwise.\n */\nexport const isSameHost = (url: string, urlToCheck: string): boolean => {\n try {\n const u = new URL(url);\n const u2 = new URL(urlToCheck);\n\n return u.origin === u2.origin;\n } catch {\n return false;\n }\n};\n\n/**\n * @ignore\n * Converts a string to a Uint8Array using TextEncoder.\n *\n * @param str - The string to convert.\n *\n * @returns A Uint8Array representation of the string.\n */\nexport const stringToArrayBuffer = (str: string): Uint8Array => {\n const encoder = new TextEncoder();\n return encoder.encode(str);\n};\n\n/**\n * @ignore\n * Converts an ArrayBuffer to a string using TextDecoder.\n *\n * @param buffer - The buffer to convert.\n *\n * @returns The decoded string.\n */\nexport const arrayBufferToString = (buffer: ArrayBuffer): string => {\n const decoder = new TextDecoder();\n return decoder.decode(buffer);\n};\n\n/**\n * @ignore\n * Converts a Base64URL string back to a standard Base64 string with padding.\n *\n * @param input - The Base64URL string.\n *\n * @returns A standard Base64 string.\n */\nexport const fromB64Url = (input: string): string => {\n let str = input;\n if (str.length % 4 !== 0) {\n str += '==='.slice(0, 4 - (str.length % 4));\n }\n\n str = str.replace(/-/g, '+').replace(/_/g, '/');\n\n return str;\n};\n\n/**\n * @ignore\n * Decodes a Base64URL encoded string.\n *\n * @param input - The Base64URL string to decode.\n *\n * @returns The decoded plaintext string.\n */\nexport const decodeBase64Url = (input: string): string =>\n atob(fromB64Url(input).replace(/\\s/g, ''));\n\n/**\n * @ignore\n * Converts a Uint8Array to a Base64URL encoded string.\n *\n * @param buffer - The buffer to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const arrayBufferToBase64 = (buffer: Uint8Array): string => {\n const bytes = new Uint8Array(buffer);\n const binary = bytes.reduce(\n (acc, byte) => acc + String.fromCharCode(byte),\n ''\n );\n return btoa(binary).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Gets the current Unix timestamp in seconds.\n *\n * @returns The current timestamp.\n */\nexport const now = (): number => Math.ceil(Date.now() / 1000);\n\nconst SUPPORTED_JWS_ALGS: SecurityAlgorithms[] = [\n 'RS256',\n 'RS384',\n 'RS512',\n 'PS256',\n 'PS384',\n 'PS512',\n 'ES256',\n 'ES384',\n 'ES512',\n];\n\n/**\n * Retrieves a public CryptoKey from a JWK set based on the JWS header.\n *\n * @param jwks - The set of JSON Web Keys.\n * @param header - The JWS header containing the algorithm and key ID.\n *\n * @returns A promise that resolves to the CryptoKey.\n *\n * @throws If no applicable key or multiple keys are found or the algorithm is unsupported.\n */\nexport const getPublicSigKeyFromIssuerJwks = async (\n jwks: Jwk[],\n header: JwsHeaderParameters\n): Promise<CryptoKey> => {\n const { alg, kid } = header;\n\n if (!SUPPORTED_JWS_ALGS.includes(alg)) {\n throw new Error('unsupported JWS \"alg\" identifier');\n }\n\n let kty: string;\n switch (alg.slice(0, 2)) {\n case 'RS': // Fall through\n case 'PS':\n kty = 'RSA';\n break;\n case 'ES':\n kty = 'EC';\n break;\n }\n\n const candidates = jwks.filter(jwk => {\n // filter keys based on the mapping of signature algorithms to Key Type\n if (jwk.kty !== kty) {\n return false;\n }\n\n // filter keys based on the JWK Key ID in the header\n if (kid !== undefined && kid !== jwk.kid) {\n return false;\n }\n\n // filter keys based on the key's declared Algorithm\n if (jwk.alg !== undefined && alg !== jwk.alg) {\n return false;\n }\n\n // filter keys based on the key's declared Public Key Use\n if (jwk.use !== undefined && jwk.use !== 'sig') {\n return false;\n }\n\n // filter keys based on the key's declared Key Operations\n if (jwk.key_ops?.includes('verify') === false) {\n return false;\n }\n\n // filter keys based on alg-specific key requirements\n switch (true) {\n case alg === 'ES256' && jwk.crv !== 'P-256': // Fall through\n case alg === 'ES384' && jwk.crv !== 'P-384': // Fall through\n case alg === 'ES512' && jwk.crv !== 'P-521': // Fall through\n return false;\n }\n\n return true;\n });\n\n const { 0: jwk, length } = candidates;\n\n if (length !== 1) {\n throw new Error(\n 'error when selecting a JWT verification key, multiple applicable keys found, a \"kid\" JWT Header Parameter is required'\n );\n }\n\n let algorithm:\n | RsaHashedImportParams\n | EcKeyImportParams\n | AlgorithmIdentifier;\n\n switch (alg) {\n case 'PS256': // Fall through\n case 'PS384': // Fall through\n case 'PS512':\n algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };\n break;\n case 'RS256': // Fall through\n case 'RS384': // Fall through\n case 'RS512':\n algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };\n break;\n case 'ES256': // Fall through\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: `P-${alg.slice(-3)}` };\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n break;\n }\n\n const { ext, key_ops, use, ...k } = jwk;\n\n const key = await crypto.subtle.importKey('jwk', k, algorithm, true, [\n 'verify',\n ]);\n\n if (key.type !== 'public') {\n throw new Error('jwks_uri must only contain public keys');\n }\n\n return key;\n};\n\nconst CHUNK_SIZE = 0x8000;\n\n/**\n * @ignore\n * Encodes a Uint8Array or ArrayBuffer into a Base64URL string using chunked processing.\n *\n * @param input - The data to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const encodeBase64Url = (input: Uint8Array | ArrayBuffer): string => {\n if (input instanceof ArrayBuffer) {\n // eslint-disable-next-line no-param-reassign\n input = new Uint8Array(input);\n }\n\n const arr = [];\n for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {\n arr.push(\n String.fromCharCode.apply(\n null,\n Array.from(new Uint8Array(input.slice(i, i + CHUNK_SIZE)))\n )\n );\n }\n return btoa(arr.join(''))\n .replace(/=/g, '')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Computes a SHA-256 hash of the input string and returns it as a Base64URL encoded string.\n *\n * @param input - The string to hash.\n *\n * @returns The Base64URL encoded SHA-256 hash.\n */\nexport const sha256 = async (input: string): Promise<string> =>\n encodeBase64Url(\n await crypto.subtle.digest(\n 'SHA-256',\n stringToArrayBuffer(input) as BufferSource\n )\n );\n\n/**\n * @ignore\n * Generates a random Base64URL encoded string.\n *\n * @param length - The number of random bytes to generate.\n *\n * @returns A random Base64URL string.\n */\nexport const randomBytes = (length = 32): string =>\n encodeBase64Url(crypto.getRandomValues(new Uint8Array(length)));\n\n/**\n * @ignore\n * Checks if a value is a non-null, non-array JSON object.\n *\n * @param input - The value to check.\n *\n * @returns `true` if the value is a JSON object.\n */\nexport const isJsonObject = <T>(input: unknown): input is T => {\n if (input === null || typeof input !== 'object' || Array.isArray(input)) {\n return false;\n }\n\n return true;\n};\n\n/**\n * @ignore\n * Parses a space-separated string into an array of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns An array of strings, or `undefined` if input is empty.\n */\nexport const parseSpaceSeparated = (s?: string): string[] | undefined =>\n s\n ?.split(/\\s+/)\n .map(x => x.trim())\n .filter(Boolean);\n\n/**\n * @ignore\n * Parses a space-separated string into a Set of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns A Set containing the unique strings.\n */\nexport const parseSpaceSeparatedSet = (s?: string): Set<string> => {\n if (!s) {\n return new Set();\n }\n\n return new Set(parseSpaceSeparated(s));\n};\n\n/**\n * @ignore\n * Compares two Sets for equality.\n *\n * @param a - The first Set.\n * @param b - The second Set.\n * @param strict - If `true`, requires both sets to be the same size. Defaults to `true`.\n *\n * @returns `true` if the sets are equal.\n */\nexport const setsEqual = (\n a: Set<string>,\n b: Set<string>,\n strict = true\n): boolean => {\n if (strict && a.size !== b.size) {\n return false;\n }\n\n for (const v of a) {\n if (!b.has(v)) {\n return false;\n }\n }\n\n return true;\n};\n\n/**\n * Finds a specific access token in an array based on resource and scopes.\n *\n * @param tokens - The array of access tokens.\n * @param resource - Space-separated resource indicators.\n * @param scopes - Space-separated scopes.\n *\n * @returns The matching AccessToken, or `undefined` if not found.\n */\nexport const findToken = (\n tokens?: AccessToken[],\n resource?: string,\n scopes?: string\n): AccessToken | undefined => {\n if (!Array.isArray(tokens) || tokens.length === 0) {\n return undefined;\n }\n\n const desiredResource = parseSpaceSeparatedSet(resource);\n const desiredScopes = parseSpaceSeparatedSet(scopes);\n\n return tokens.find(\n t =>\n setsEqual(desiredResource, parseSpaceSeparatedSet(t.resource)) &&\n setsEqual(desiredScopes, parseSpaceSeparatedSet(t.requestedScopes))\n );\n};\n\n/**\n * @ignore\n * Builds the session user claims from existing claims and newly fetched claims.\n *\n * @param existingUser - Existing session user claims.\n * @param idTokenClaims - Claims extracted from ID token.\n * @param userinfoClaims - Claims fetched from UserInfo endpoint.\n * @param strict - If `true`, creates claims from new inputs only (falls back to existing when none). If `false`, merges into existing claims.\n *\n * @returns Updated user claims for the session.\n */\nexport const profileSync = (\n existingUser?: MonoCloudUser,\n idTokenClaims?: Partial<IdTokenClaims>,\n userinfoClaims?: Partial<MonoCloudUser>,\n strict = false\n): MonoCloudUser => {\n const hasIdTokenClaims =\n !!idTokenClaims && Object.keys(idTokenClaims).length > 0;\n const hasUserinfoClaims =\n !!userinfoClaims && Object.keys(userinfoClaims).length > 0;\n\n if (!hasIdTokenClaims && !hasUserinfoClaims) {\n return existingUser ?? ({} as MonoCloudUser);\n }\n\n if (strict) {\n return {\n ...(idTokenClaims ?? {}),\n ...(userinfoClaims ?? {}),\n } as MonoCloudUser;\n }\n\n return {\n ...(existingUser ?? {}),\n ...(idTokenClaims ?? {}),\n ...(userinfoClaims ?? {}),\n } as MonoCloudUser;\n};\n"],"mappings":";;;;;;;;;AAiBA,MAAa,YAAY,UACvB,MAAM,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,GAAG;;;;;;;;;AAUlE,MAAa,cAAc,UAAwC;CACjE,MAAM,IAAI,OAAO,aAAa,EAAE,MAAM;AAEtC,KAAI,MAAM,OACR,QAAO;AAGT,KAAI,MAAM,QACR,QAAO;;;;;;;;;;AAcX,MAAa,aAAa,UAAuC;CAC/D,MAAM,IAAI,OAAO,MAAM;AAEvB,KAAI,MAAM,UAAa,EAAE,WAAW,EAClC;CAGF,MAAM,IAAI,SAAS,GAAG,GAAG;AAEzB,QAAO,OAAO,MAAM,EAAE,GAAG,SAAY;;;;;;;;;;AAWvC,MAAa,sBAAsB,QAAyB;CAC1D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,WAAW,IAAI,GAAG,IAAI,IAAI;;;;;;;;;;AAWrC,MAAa,uBAAuB,QAAyB;CAC3D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,SAAS,IAAI,GAAG,EAAE,UAAU,GAAG,EAAE,SAAS,EAAE,GAAG;;;;;;;;;;AAW1D,MAAa,aAAa,UAA+C;AACvE,KAAI,OAAO,UAAU,aAAa,OAAO,UAAU,SACjD,QAAO;CAET,MAAM,IAAI,OAAO,MAAM;AACvB,QAAO,MAAM,UAAa,MAAM,QAAQ,EAAE,SAAS;;;;;;;;;;AAWrD,MAAa,iBAAiB,SAC3B,KAAK,WAAW,UAAU,IAAI,KAAK,WAAW,WAAW,KAAK;;;;;;;;;;AAWjE,MAAa,cAAc,KAAa,eAAgC;AACtE,KAAI;EACF,MAAM,IAAI,IAAI,IAAI,IAAI;EACtB,MAAM,KAAK,IAAI,IAAI,WAAW;AAE9B,SAAO,EAAE,WAAW,GAAG;SACjB;AACN,SAAO;;;;;;;;;;;AAYX,MAAa,uBAAuB,QAA4B;AAE9D,QADgB,IAAI,aAAa,CAClB,OAAO,IAAI;;;;;;;;;;AAW5B,MAAa,uBAAuB,WAAgC;AAElE,QADgB,IAAI,aAAa,CAClB,OAAO,OAAO;;;;;;;;;;AAW/B,MAAa,cAAc,UAA0B;CACnD,IAAI,MAAM;AACV,KAAI,IAAI,SAAS,MAAM,EACrB,QAAO,MAAM,MAAM,GAAG,IAAK,IAAI,SAAS,EAAG;AAG7C,OAAM,IAAI,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI;AAE/C,QAAO;;;;;;;;;;AAWT,MAAa,mBAAmB,UAC9B,KAAK,WAAW,MAAM,CAAC,QAAQ,OAAO,GAAG,CAAC;;;;;;;;;AAU5C,MAAa,uBAAuB,WAA+B;CAEjE,MAAM,SADQ,IAAI,WAAW,OAAO,CACf,QAClB,KAAK,SAAS,MAAM,OAAO,aAAa,KAAK,EAC9C,GACD;AACD,QAAO,KAAK,OAAO,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;;;;;;;;AAS/E,MAAa,YAAoB,KAAK,KAAK,KAAK,KAAK,GAAG,IAAK;AAE7D,MAAM,qBAA2C;CAC/C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;;;;;;;;AAYD,MAAa,gCAAgC,OAC3C,MACA,WACuB;CACvB,MAAM,EAAE,KAAK,QAAQ;AAErB,KAAI,CAAC,mBAAmB,SAAS,IAAI,CACnC,OAAM,IAAI,MAAM,qCAAmC;CAGrD,IAAI;AACJ,SAAQ,IAAI,MAAM,GAAG,EAAE,EAAvB;EACE,KAAK;EACL,KAAK;AACH,SAAM;AACN;EACF,KAAK;AACH,SAAM;AACN;;CAwCJ,MAAM,EAAE,GAAG,KAAK,WArCG,KAAK,QAAO,QAAO;AAEpC,MAAI,IAAI,QAAQ,IACd,QAAO;AAIT,MAAI,QAAQ,UAAa,QAAQ,IAAI,IACnC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,QAAQ,IAAI,IACvC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,IAAI,QAAQ,MACvC,QAAO;AAIT,MAAI,IAAI,SAAS,SAAS,SAAS,KAAK,MACtC,QAAO;AAIT,UAAQ,MAAR;GACE,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ,QAClC,QAAO;;AAGX,SAAO;GACP;AAIF,KAAI,WAAW,EACb,OAAM,IAAI,MACR,0HACD;CAGH,IAAI;AAKJ,SAAQ,KAAR;EACE,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAW,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AAC7D;EACF,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAqB,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AACvE;EACF,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY,KAAK,IAAI,MAAM,GAAG;IAAI;AAC/D;EACF,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY;IAAS;AAClD;;CAGJ,MAAM,EAAE,KAAK,SAAS,KAAK,GAAG,MAAM;CAEpC,MAAM,MAAM,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,WAAW,MAAM,CACnE,SACD,CAAC;AAEF,KAAI,IAAI,SAAS,SACf,OAAM,IAAI,MAAM,yCAAyC;AAG3D,QAAO;;AAGT,MAAM,aAAa;;;;;;;;;AAUnB,MAAa,mBAAmB,UAA4C;AAC1E,KAAI,iBAAiB,YAEnB,SAAQ,IAAI,WAAW,MAAM;CAG/B,MAAM,MAAM,EAAE;AACd,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK,WACzC,KAAI,KACF,OAAO,aAAa,MAClB,MACA,MAAM,KAAK,IAAI,WAAW,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,CAAC,CAC3D,CACF;AAEH,QAAO,KAAK,IAAI,KAAK,GAAG,CAAC,CACtB,QAAQ,MAAM,GAAG,CACjB,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,IAAI;;;;;;;;;;AAWxB,MAAa,SAAS,OAAO,UAC3B,gBACE,MAAM,OAAO,OAAO,OAClB,WACA,oBAAoB,MAAM,CAC3B,CACF;;;;;;;;;AAUH,MAAa,eAAe,SAAS,OACnC,gBAAgB,OAAO,gBAAgB,IAAI,WAAW,OAAO,CAAC,CAAC;;;;;;;;;AAUjE,MAAa,gBAAmB,UAA+B;AAC7D,KAAI,UAAU,QAAQ,OAAO,UAAU,YAAY,MAAM,QAAQ,MAAM,CACrE,QAAO;AAGT,QAAO;;;;;;;;;;AAWT,MAAa,uBAAuB,MAClC,GACI,MAAM,MAAM,CACb,KAAI,MAAK,EAAE,MAAM,CAAC,CAClB,OAAO,QAAQ;;;;;;;;;AAUpB,MAAa,0BAA0B,MAA4B;AACjE,KAAI,CAAC,EACH,wBAAO,IAAI,KAAK;AAGlB,QAAO,IAAI,IAAI,oBAAoB,EAAE,CAAC;;;;;;;;;;;;AAaxC,MAAa,aACX,GACA,GACA,SAAS,SACG;AACZ,KAAI,UAAU,EAAE,SAAS,EAAE,KACzB,QAAO;AAGT,MAAK,MAAM,KAAK,EACd,KAAI,CAAC,EAAE,IAAI,EAAE,CACX,QAAO;AAIX,QAAO;;;;;;;;;;;AAYT,MAAa,aACX,QACA,UACA,WAC4B;AAC5B,KAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,OAAO,WAAW,EAC9C;CAGF,MAAM,kBAAkB,uBAAuB,SAAS;CACxD,MAAM,gBAAgB,uBAAuB,OAAO;AAEpD,QAAO,OAAO,MACZ,MACE,UAAU,iBAAiB,uBAAuB,EAAE,SAAS,CAAC,IAC9D,UAAU,eAAe,uBAAuB,EAAE,gBAAgB,CAAC,CACtE;;;;;;;;;;;;;AAcH,MAAa,eACX,cACA,eACA,gBACA,SAAS,UACS;CAClB,MAAM,mBACJ,CAAC,CAAC,iBAAiB,OAAO,KAAK,cAAc,CAAC,SAAS;CACzD,MAAM,oBACJ,CAAC,CAAC,kBAAkB,OAAO,KAAK,eAAe,CAAC,SAAS;AAE3D,KAAI,CAAC,oBAAoB,CAAC,kBACxB,QAAO,gBAAiB,EAAE;AAG5B,KAAI,OACF,QAAO;EACL,GAAI,iBAAiB,EAAE;EACvB,GAAI,kBAAkB,EAAE;EACzB;AAGH,QAAO;EACL,GAAI,gBAAgB,EAAE;EACtB,GAAI,iBAAiB,EAAE;EACvB,GAAI,kBAAkB,EAAE;EACzB"}
|
|
1
|
+
{"version":3,"file":"internal.mjs","names":[],"sources":["../../src/utils/internal.ts"],"sourcesContent":["import type {\n AccessToken,\n IdTokenClaims,\n Jwk,\n MonoCloudUser,\n SecurityAlgorithms,\n JwsHeaderParameters,\n} from '../types';\n\n/**\n * @ignore\n * Converts a string to a Base64URL encoded string.\n *\n * @param input - The string to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const toB64Url = (input: string): string =>\n input.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\n/**\n * @ignore\n * Parses a string value into a boolean.\n *\n * @param value - The string value to parse.\n *\n * @returns `true` if \"true\", `false` if \"false\", otherwise `undefined`.\n */\nexport const getBoolean = (value?: string): boolean | undefined => {\n const v = value?.toLowerCase()?.trim();\n\n if (v === 'true') {\n return true;\n }\n\n if (v === 'false') {\n return false;\n }\n\n return undefined;\n};\n\n/**\n * @ignore\n * Parses a string value into a number.\n *\n * @param value - The string value to parse.\n *\n * @returns The parsed number, or `undefined` if empty or invalid.\n */\nexport const getNumber = (value?: string): number | undefined => {\n const v = value?.trim();\n\n if (v === undefined || v.length === 0) {\n return undefined;\n }\n\n const p = parseInt(v, 10);\n\n return Number.isNaN(p) ? undefined : p;\n};\n\n/**\n * @ignore\n * Ensures that a string has a leading forward slash.\n *\n * @param val - The string to check.\n *\n * @returns The string with a leading slash.\n */\nexport const ensureLeadingSlash = (val?: string): string => {\n const v = val?.trim();\n\n if (!v) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return v!;\n }\n\n return v.startsWith('/') ? v : `/${v}`;\n};\n\n/**\n * @ignore\n * Removes a trailing forward slash from a string.\n *\n * @param val - The string to check.\n *\n * @returns The string without a trailing slash.\n */\nexport const removeTrailingSlash = (val?: string): string => {\n const v = val?.trim();\n\n if (!v) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return v!;\n }\n\n return v.endsWith('/') ? v.substring(0, v.length - 1) : v;\n};\n\n/**\n * @ignore\n * Checks if a value is present (not null, undefined, or an empty string).\n *\n * @param value - The value to check.\n *\n * @returns `true` if the value is present, `false` otherwise.\n */\nexport const isPresent = (value?: string | number | boolean): boolean => {\n if (typeof value === 'boolean' || typeof value === 'number') {\n return true;\n }\n const v = value?.trim();\n return v !== undefined && v !== null && v.length > 0;\n};\n\n/**\n * @ignore\n * Checks if a URL is an absolute URL (starts with http:// or https://).\n *\n * @param url - The URL to check.\n *\n * @returns `true` if absolute, `false` otherwise.\n */\nexport const isAbsoluteUrl = (url: string): boolean =>\n (url?.startsWith('http://') || url?.startsWith('https://')) ?? false;\n\n/**\n * @ignore\n * Checks if two URLs have the same origin (host and port).\n *\n * @param url - The first URL.\n * @param urlToCheck - The second URL to compare against.\n *\n * @returns `true` if they share the same origin, `false` otherwise.\n */\nexport const isSameHost = (url: string, urlToCheck: string): boolean => {\n try {\n const u = new URL(url);\n const u2 = new URL(urlToCheck);\n\n return u.origin === u2.origin;\n } catch {\n return false;\n }\n};\n\n/**\n * @ignore\n * Converts a string to a Uint8Array using TextEncoder.\n *\n * @param str - The string to convert.\n *\n * @returns A Uint8Array representation of the string.\n */\nexport const stringToArrayBuffer = (str: string): Uint8Array => {\n const encoder = new TextEncoder();\n return encoder.encode(str);\n};\n\n/**\n * @ignore\n * Converts an ArrayBuffer to a string using TextDecoder.\n *\n * @param buffer - The buffer to convert.\n *\n * @returns The decoded string.\n */\nexport const arrayBufferToString = (buffer: ArrayBuffer): string => {\n const decoder = new TextDecoder();\n return decoder.decode(buffer);\n};\n\n/**\n * @ignore\n * Converts a Base64URL string back to a standard Base64 string with padding.\n *\n * @param input - The Base64URL string.\n *\n * @returns A standard Base64 string.\n */\nexport const fromB64Url = (input: string): string => {\n let str = input;\n if (str.length % 4 !== 0) {\n str += '==='.slice(0, 4 - (str.length % 4));\n }\n\n str = str.replace(/-/g, '+').replace(/_/g, '/');\n\n return str;\n};\n\n/**\n * @ignore\n * Decodes a Base64URL encoded string.\n *\n * @param input - The Base64URL string to decode.\n *\n * @returns The decoded plaintext string.\n */\nexport const decodeBase64Url = (input: string): string =>\n atob(fromB64Url(input).replace(/\\s/g, ''));\n\n/**\n * @ignore\n * Converts a Uint8Array to a Base64URL encoded string.\n *\n * @param buffer - The buffer to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const arrayBufferToBase64 = (buffer: Uint8Array): string => {\n const bytes = new Uint8Array(buffer);\n const binary = bytes.reduce(\n (acc, byte) => acc + String.fromCharCode(byte),\n ''\n );\n return btoa(binary).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Gets the current Unix timestamp in seconds.\n *\n * @returns The current timestamp.\n */\nexport const now = (): number => Math.floor(Date.now() / 1000);\n\nconst SUPPORTED_JWS_ALGS: SecurityAlgorithms[] = [\n 'RS256',\n 'RS384',\n 'RS512',\n 'PS256',\n 'PS384',\n 'PS512',\n 'ES256',\n 'ES384',\n 'ES512',\n];\n\n/**\n * Retrieves a public CryptoKey from a JWK set based on the JWS header.\n *\n * @param jwks - The set of JSON Web Keys.\n * @param header - The JWS header containing the algorithm and key ID.\n *\n * @returns A promise that resolves to the CryptoKey.\n *\n * @throws If no applicable key or multiple keys are found or the algorithm is unsupported.\n */\nexport const getPublicSigKeyFromIssuerJwks = async (\n jwks: Jwk[],\n header: JwsHeaderParameters\n): Promise<CryptoKey> => {\n const { alg, kid } = header;\n\n if (!SUPPORTED_JWS_ALGS.includes(alg)) {\n throw new Error('unsupported JWS \"alg\" identifier');\n }\n\n let kty: string;\n switch (alg.slice(0, 2)) {\n case 'RS': // Fall through\n case 'PS':\n kty = 'RSA';\n break;\n case 'ES':\n kty = 'EC';\n break;\n }\n\n const candidates = jwks.filter(jwk => {\n // filter keys based on the mapping of signature algorithms to Key Type\n if (jwk.kty !== kty) {\n return false;\n }\n\n // filter keys based on the JWK Key ID in the header\n if (kid !== undefined && kid !== jwk.kid) {\n return false;\n }\n\n // filter keys based on the key's declared Algorithm\n if (jwk.alg !== undefined && alg !== jwk.alg) {\n return false;\n }\n\n // filter keys based on the key's declared Public Key Use\n if (jwk.use !== undefined && jwk.use !== 'sig') {\n return false;\n }\n\n // filter keys based on the key's declared Key Operations\n if (jwk.key_ops?.includes('verify') === false) {\n return false;\n }\n\n // filter keys based on alg-specific key requirements\n switch (true) {\n case alg === 'ES256' && jwk.crv !== 'P-256': // Fall through\n case alg === 'ES384' && jwk.crv !== 'P-384': // Fall through\n case alg === 'ES512' && jwk.crv !== 'P-521': // Fall through\n return false;\n }\n\n return true;\n });\n\n const { 0: jwk, length } = candidates;\n\n if (length !== 1) {\n throw new Error(\n 'error when selecting a JWT verification key, multiple applicable keys found, a \"kid\" JWT Header Parameter is required'\n );\n }\n\n let algorithm:\n | RsaHashedImportParams\n | EcKeyImportParams\n | AlgorithmIdentifier;\n\n switch (alg) {\n case 'PS256': // Fall through\n case 'PS384': // Fall through\n case 'PS512':\n algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };\n break;\n case 'RS256': // Fall through\n case 'RS384': // Fall through\n case 'RS512':\n algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };\n break;\n case 'ES256': // Fall through\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: `P-${alg.slice(-3)}` };\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n break;\n }\n\n const { ext, key_ops, use, ...k } = jwk;\n\n const key = await crypto.subtle.importKey('jwk', k, algorithm, true, [\n 'verify',\n ]);\n\n if (key.type !== 'public') {\n throw new Error('jwks_uri must only contain public keys');\n }\n\n return key;\n};\n\nconst CHUNK_SIZE = 0x8000;\n\n/**\n * @ignore\n * Encodes a Uint8Array or ArrayBuffer into a Base64URL string using chunked processing.\n *\n * @param input - The data to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const encodeBase64Url = (input: Uint8Array | ArrayBuffer): string => {\n if (input instanceof ArrayBuffer) {\n // eslint-disable-next-line no-param-reassign\n input = new Uint8Array(input);\n }\n\n const arr = [];\n for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {\n arr.push(\n String.fromCharCode.apply(\n null,\n Array.from(new Uint8Array(input.slice(i, i + CHUNK_SIZE)))\n )\n );\n }\n return btoa(arr.join(''))\n .replace(/=/g, '')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Computes a SHA-256 hash of the input string and returns it as a Base64URL encoded string.\n *\n * @param input - The string to hash.\n *\n * @returns The Base64URL encoded SHA-256 hash.\n */\nexport const sha256 = async (input: string): Promise<string> =>\n encodeBase64Url(\n await crypto.subtle.digest(\n 'SHA-256',\n stringToArrayBuffer(input) as BufferSource\n )\n );\n\n/**\n * @ignore\n * Generates a random Base64URL encoded string.\n *\n * @param length - The number of random bytes to generate.\n *\n * @returns A random Base64URL string.\n */\nexport const randomBytes = (length = 32): string =>\n encodeBase64Url(crypto.getRandomValues(new Uint8Array(length)));\n\n/**\n * @ignore\n * Checks if a value is a non-null, non-array JSON object.\n *\n * @param input - The value to check.\n *\n * @returns `true` if the value is a JSON object.\n */\nexport const isJsonObject = <T>(input: unknown): input is T => {\n if (input === null || typeof input !== 'object' || Array.isArray(input)) {\n return false;\n }\n\n return true;\n};\n\n/**\n * @ignore\n * Parses a space-separated string into an array of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns An array of strings, or `undefined` if input is empty.\n */\nexport const parseSpaceSeparated = (s?: string): string[] | undefined =>\n s\n ?.split(/\\s+/)\n .map(x => x.trim())\n .filter(Boolean);\n\n/**\n * @ignore\n * Parses a space-separated string into a Set of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns A Set containing the unique strings.\n */\nexport const parseSpaceSeparatedSet = (s?: string): Set<string> => {\n if (!s) {\n return new Set();\n }\n\n return new Set(parseSpaceSeparated(s));\n};\n\n/**\n * @ignore\n * Compares two Sets for equality.\n *\n * @param a - The first Set.\n * @param b - The second Set.\n * @param strict - If `true`, requires both sets to be the same size. Defaults to `true`.\n *\n * @returns `true` if the sets are equal.\n */\nexport const setsEqual = (\n a: Set<string>,\n b: Set<string>,\n strict = true\n): boolean => {\n if (strict && a.size !== b.size) {\n return false;\n }\n\n for (const v of a) {\n if (!b.has(v)) {\n return false;\n }\n }\n\n return true;\n};\n\n/**\n * Finds a specific access token in an array based on resource and scopes.\n *\n * @param tokens - The array of access tokens.\n * @param resource - Space-separated resource indicators.\n * @param scopes - Space-separated scopes.\n *\n * @returns The matching AccessToken, or `undefined` if not found.\n */\nexport const findToken = (\n tokens?: AccessToken[],\n resource?: string,\n scopes?: string\n): AccessToken | undefined => {\n if (!Array.isArray(tokens) || tokens.length === 0) {\n return undefined;\n }\n\n const desiredResource = parseSpaceSeparatedSet(resource);\n const desiredScopes = parseSpaceSeparatedSet(scopes);\n\n return tokens.find(\n t =>\n setsEqual(desiredResource, parseSpaceSeparatedSet(t.resource)) &&\n setsEqual(desiredScopes, parseSpaceSeparatedSet(t.requestedScopes))\n );\n};\n\n/**\n * @ignore\n * Builds the session user claims from existing claims and newly fetched claims.\n *\n * @param existingUser - Existing session user claims.\n * @param idTokenClaims - Claims extracted from ID token.\n * @param userinfoClaims - Claims fetched from UserInfo endpoint.\n * @param strict - If `true`, creates claims from new inputs only (falls back to existing when none). If `false`, merges into existing claims.\n *\n * @returns Updated user claims for the session.\n */\nexport const profileSync = (\n existingUser?: MonoCloudUser,\n idTokenClaims?: Partial<IdTokenClaims>,\n userinfoClaims?: Partial<MonoCloudUser>,\n strict = false\n): MonoCloudUser => {\n const hasIdTokenClaims =\n !!idTokenClaims && Object.keys(idTokenClaims).length > 0;\n const hasUserinfoClaims =\n !!userinfoClaims && Object.keys(userinfoClaims).length > 0;\n\n if (!hasIdTokenClaims && !hasUserinfoClaims) {\n return existingUser ?? ({} as MonoCloudUser);\n }\n\n if (strict) {\n return {\n ...(idTokenClaims ?? {}),\n ...(userinfoClaims ?? {}),\n } as MonoCloudUser;\n }\n\n return {\n ...(existingUser ?? {}),\n ...(idTokenClaims ?? {}),\n ...(userinfoClaims ?? {}),\n } as MonoCloudUser;\n};\n"],"mappings":";;;;;;;;;AAiBA,MAAa,YAAY,UACvB,MAAM,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,GAAG;;;;;;;;;AAUlE,MAAa,cAAc,UAAwC;CACjE,MAAM,IAAI,OAAO,aAAa,EAAE,MAAM;AAEtC,KAAI,MAAM,OACR,QAAO;AAGT,KAAI,MAAM,QACR,QAAO;;;;;;;;;;AAcX,MAAa,aAAa,UAAuC;CAC/D,MAAM,IAAI,OAAO,MAAM;AAEvB,KAAI,MAAM,UAAa,EAAE,WAAW,EAClC;CAGF,MAAM,IAAI,SAAS,GAAG,GAAG;AAEzB,QAAO,OAAO,MAAM,EAAE,GAAG,SAAY;;;;;;;;;;AAWvC,MAAa,sBAAsB,QAAyB;CAC1D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,WAAW,IAAI,GAAG,IAAI,IAAI;;;;;;;;;;AAWrC,MAAa,uBAAuB,QAAyB;CAC3D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,SAAS,IAAI,GAAG,EAAE,UAAU,GAAG,EAAE,SAAS,EAAE,GAAG;;;;;;;;;;AAW1D,MAAa,aAAa,UAA+C;AACvE,KAAI,OAAO,UAAU,aAAa,OAAO,UAAU,SACjD,QAAO;CAET,MAAM,IAAI,OAAO,MAAM;AACvB,QAAO,MAAM,UAAa,MAAM,QAAQ,EAAE,SAAS;;;;;;;;;;AAWrD,MAAa,iBAAiB,SAC3B,KAAK,WAAW,UAAU,IAAI,KAAK,WAAW,WAAW,KAAK;;;;;;;;;;AAWjE,MAAa,cAAc,KAAa,eAAgC;AACtE,KAAI;EACF,MAAM,IAAI,IAAI,IAAI,IAAI;EACtB,MAAM,KAAK,IAAI,IAAI,WAAW;AAE9B,SAAO,EAAE,WAAW,GAAG;SACjB;AACN,SAAO;;;;;;;;;;;AAYX,MAAa,uBAAuB,QAA4B;AAE9D,QADgB,IAAI,aAAa,CAClB,OAAO,IAAI;;;;;;;;;;AAW5B,MAAa,uBAAuB,WAAgC;AAElE,QADgB,IAAI,aAAa,CAClB,OAAO,OAAO;;;;;;;;;;AAW/B,MAAa,cAAc,UAA0B;CACnD,IAAI,MAAM;AACV,KAAI,IAAI,SAAS,MAAM,EACrB,QAAO,MAAM,MAAM,GAAG,IAAK,IAAI,SAAS,EAAG;AAG7C,OAAM,IAAI,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI;AAE/C,QAAO;;;;;;;;;;AAWT,MAAa,mBAAmB,UAC9B,KAAK,WAAW,MAAM,CAAC,QAAQ,OAAO,GAAG,CAAC;;;;;;;;;AAU5C,MAAa,uBAAuB,WAA+B;CAEjE,MAAM,SADQ,IAAI,WAAW,OAAO,CACf,QAClB,KAAK,SAAS,MAAM,OAAO,aAAa,KAAK,EAC9C,GACD;AACD,QAAO,KAAK,OAAO,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;;;;;;;;AAS/E,MAAa,YAAoB,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;AAE9D,MAAM,qBAA2C;CAC/C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;;;;;;;;AAYD,MAAa,gCAAgC,OAC3C,MACA,WACuB;CACvB,MAAM,EAAE,KAAK,QAAQ;AAErB,KAAI,CAAC,mBAAmB,SAAS,IAAI,CACnC,OAAM,IAAI,MAAM,qCAAmC;CAGrD,IAAI;AACJ,SAAQ,IAAI,MAAM,GAAG,EAAE,EAAvB;EACE,KAAK;EACL,KAAK;AACH,SAAM;AACN;EACF,KAAK;AACH,SAAM;AACN;;CAwCJ,MAAM,EAAE,GAAG,KAAK,WArCG,KAAK,QAAO,QAAO;AAEpC,MAAI,IAAI,QAAQ,IACd,QAAO;AAIT,MAAI,QAAQ,UAAa,QAAQ,IAAI,IACnC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,QAAQ,IAAI,IACvC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,IAAI,QAAQ,MACvC,QAAO;AAIT,MAAI,IAAI,SAAS,SAAS,SAAS,KAAK,MACtC,QAAO;AAIT,UAAQ,MAAR;GACE,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ,QAClC,QAAO;;AAGX,SAAO;GACP;AAIF,KAAI,WAAW,EACb,OAAM,IAAI,MACR,0HACD;CAGH,IAAI;AAKJ,SAAQ,KAAR;EACE,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAW,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AAC7D;EACF,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAqB,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AACvE;EACF,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY,KAAK,IAAI,MAAM,GAAG;IAAI;AAC/D;EACF,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY;IAAS;AAClD;;CAGJ,MAAM,EAAE,KAAK,SAAS,KAAK,GAAG,MAAM;CAEpC,MAAM,MAAM,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,WAAW,MAAM,CACnE,SACD,CAAC;AAEF,KAAI,IAAI,SAAS,SACf,OAAM,IAAI,MAAM,yCAAyC;AAG3D,QAAO;;AAGT,MAAM,aAAa;;;;;;;;;AAUnB,MAAa,mBAAmB,UAA4C;AAC1E,KAAI,iBAAiB,YAEnB,SAAQ,IAAI,WAAW,MAAM;CAG/B,MAAM,MAAM,EAAE;AACd,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK,WACzC,KAAI,KACF,OAAO,aAAa,MAClB,MACA,MAAM,KAAK,IAAI,WAAW,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,CAAC,CAC3D,CACF;AAEH,QAAO,KAAK,IAAI,KAAK,GAAG,CAAC,CACtB,QAAQ,MAAM,GAAG,CACjB,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,IAAI;;;;;;;;;;AAWxB,MAAa,SAAS,OAAO,UAC3B,gBACE,MAAM,OAAO,OAAO,OAClB,WACA,oBAAoB,MAAM,CAC3B,CACF;;;;;;;;;AAUH,MAAa,eAAe,SAAS,OACnC,gBAAgB,OAAO,gBAAgB,IAAI,WAAW,OAAO,CAAC,CAAC;;;;;;;;;AAUjE,MAAa,gBAAmB,UAA+B;AAC7D,KAAI,UAAU,QAAQ,OAAO,UAAU,YAAY,MAAM,QAAQ,MAAM,CACrE,QAAO;AAGT,QAAO;;;;;;;;;;AAWT,MAAa,uBAAuB,MAClC,GACI,MAAM,MAAM,CACb,KAAI,MAAK,EAAE,MAAM,CAAC,CAClB,OAAO,QAAQ;;;;;;;;;AAUpB,MAAa,0BAA0B,MAA4B;AACjE,KAAI,CAAC,EACH,wBAAO,IAAI,KAAK;AAGlB,QAAO,IAAI,IAAI,oBAAoB,EAAE,CAAC;;;;;;;;;;;;AAaxC,MAAa,aACX,GACA,GACA,SAAS,SACG;AACZ,KAAI,UAAU,EAAE,SAAS,EAAE,KACzB,QAAO;AAGT,MAAK,MAAM,KAAK,EACd,KAAI,CAAC,EAAE,IAAI,EAAE,CACX,QAAO;AAIX,QAAO;;;;;;;;;;;AAYT,MAAa,aACX,QACA,UACA,WAC4B;AAC5B,KAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,OAAO,WAAW,EAC9C;CAGF,MAAM,kBAAkB,uBAAuB,SAAS;CACxD,MAAM,gBAAgB,uBAAuB,OAAO;AAEpD,QAAO,OAAO,MACZ,MACE,UAAU,iBAAiB,uBAAuB,EAAE,SAAS,CAAC,IAC9D,UAAU,eAAe,uBAAuB,EAAE,gBAAgB,CAAC,CACtE;;;;;;;;;;;;;AAcH,MAAa,eACX,cACA,eACA,gBACA,SAAS,UACS;CAClB,MAAM,mBACJ,CAAC,CAAC,iBAAiB,OAAO,KAAK,cAAc,CAAC,SAAS;CACzD,MAAM,oBACJ,CAAC,CAAC,kBAAkB,OAAO,KAAK,eAAe,CAAC,SAAS;AAE3D,KAAI,CAAC,oBAAoB,CAAC,kBACxB,QAAO,gBAAiB,EAAE;AAG5B,KAAI,OACF,QAAO;EACL,GAAI,iBAAiB,EAAE;EACvB,GAAI,kBAAkB,EAAE;EACzB;AAGH,QAAO;EACL,GAAI,gBAAgB,EAAE;EACtB,GAAI,iBAAiB,EAAE;EACvB,GAAI,kBAAkB,EAAE;EACzB"}
|