@naylence/runtime 0.4.9 → 0.4.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.cjs +4 -58
- package/dist/browser/index.mjs +5 -58
- package/dist/cjs/naylence/fame/node/factory-commons.js +2 -3
- package/dist/cjs/naylence/fame/security/index.js +1 -2
- package/dist/cjs/naylence/fame/security/node-security-profile-factory.js +1 -52
- package/dist/cjs/version.js +2 -2
- package/dist/esm/naylence/fame/node/factory-commons.js +2 -3
- package/dist/esm/naylence/fame/security/index.js +1 -1
- package/dist/esm/naylence/fame/security/node-security-profile-factory.js +0 -51
- package/dist/esm/version.js +2 -2
- package/dist/node/index.cjs +4 -58
- package/dist/node/index.mjs +5 -58
- package/dist/node/node.cjs +4 -58
- package/dist/node/node.mjs +5 -58
- package/dist/types/naylence/fame/security/index.d.ts +1 -1
- package/dist/types/naylence/fame/security/node-security-profile-factory.d.ts +0 -1
- package/dist/types/version.d.ts +1 -1
- package/package.json +1 -1
package/dist/browser/index.cjs
CHANGED
|
@@ -525,12 +525,12 @@ async function ensureRuntimeFactoriesRegistered(registry = factory.Registry) {
|
|
|
525
525
|
}
|
|
526
526
|
|
|
527
527
|
// This file is auto-generated during build - do not edit manually
|
|
528
|
-
// Generated from package.json version: 0.4.
|
|
528
|
+
// Generated from package.json version: 0.4.10
|
|
529
529
|
/**
|
|
530
530
|
* The package version, injected at build time.
|
|
531
531
|
* @internal
|
|
532
532
|
*/
|
|
533
|
-
const VERSION = '0.4.
|
|
533
|
+
const VERSION = '0.4.10';
|
|
534
534
|
|
|
535
535
|
let initialized = false;
|
|
536
536
|
const runtimePlugin = {
|
|
@@ -14219,9 +14219,8 @@ function requiresCryptoProvider(config) {
|
|
|
14219
14219
|
const profile = record.profile;
|
|
14220
14220
|
if (typeof profile === 'string') {
|
|
14221
14221
|
const profileLower = profile.toLowerCase();
|
|
14222
|
-
// Overlay variants require crypto provider for envelope signing
|
|
14223
|
-
if (profileLower.includes('overlay')
|
|
14224
|
-
profileLower === 'strict-overlay') {
|
|
14222
|
+
// Overlay variants (including strict-overlay) require crypto provider for envelope signing
|
|
14223
|
+
if (profileLower.includes('overlay')) {
|
|
14225
14224
|
return true;
|
|
14226
14225
|
}
|
|
14227
14226
|
}
|
|
@@ -29683,61 +29682,11 @@ const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = 'FAME_JWT_REVERSE_AUTH_AUDIENCE';
|
|
|
29683
29682
|
const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = 'FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY';
|
|
29684
29683
|
const ENV_VAR_TRUSTED_CLIENT_SCOPE = 'FAME_TRUSTED_CLIENT_SCOPE';
|
|
29685
29684
|
const ENV_VAR_AUTHORIZATION_PROFILE = 'FAME_AUTHORIZATION_PROFILE';
|
|
29686
|
-
const PROFILE_NAME_STRICT_OVERLAY = 'strict-overlay';
|
|
29687
29685
|
const PROFILE_NAME_OVERLAY = 'overlay';
|
|
29688
29686
|
const PROFILE_NAME_OVERLAY_CALLBACK = 'overlay-callback';
|
|
29689
29687
|
const PROFILE_NAME_GATED = 'gated';
|
|
29690
29688
|
const PROFILE_NAME_GATED_CALLBACK = 'gated-callback';
|
|
29691
29689
|
const PROFILE_NAME_OPEN$1 = 'open';
|
|
29692
|
-
const STRICT_OVERLAY_PROFILE = {
|
|
29693
|
-
type: 'DefaultSecurityManager',
|
|
29694
|
-
security_policy: {
|
|
29695
|
-
type: 'DefaultSecurityPolicy',
|
|
29696
|
-
signing: {
|
|
29697
|
-
signing_material: 'x509-chain',
|
|
29698
|
-
require_cert_sid_match: true,
|
|
29699
|
-
inbound: {
|
|
29700
|
-
signature_policy: 'required',
|
|
29701
|
-
unsigned_violation_action: 'nack',
|
|
29702
|
-
invalid_signature_action: 'nack',
|
|
29703
|
-
},
|
|
29704
|
-
response: {
|
|
29705
|
-
mirror_request_signing: true,
|
|
29706
|
-
always_sign_responses: false,
|
|
29707
|
-
sign_error_responses: true,
|
|
29708
|
-
},
|
|
29709
|
-
outbound: {
|
|
29710
|
-
default_signing: true,
|
|
29711
|
-
sign_sensitive_operations: true,
|
|
29712
|
-
sign_if_recipient_expects: true,
|
|
29713
|
-
},
|
|
29714
|
-
},
|
|
29715
|
-
encryption: {
|
|
29716
|
-
inbound: {
|
|
29717
|
-
allow_plaintext: true,
|
|
29718
|
-
allow_channel: true,
|
|
29719
|
-
allow_sealed: true,
|
|
29720
|
-
plaintext_violation_action: 'nack',
|
|
29721
|
-
channel_violation_action: 'nack',
|
|
29722
|
-
sealed_violation_action: 'nack',
|
|
29723
|
-
},
|
|
29724
|
-
response: {
|
|
29725
|
-
mirror_request_level: true,
|
|
29726
|
-
minimum_response_level: 'plaintext',
|
|
29727
|
-
escalate_sealed_responses: false,
|
|
29728
|
-
},
|
|
29729
|
-
outbound: {
|
|
29730
|
-
default_level: factory.Expressions.env(ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, 'channel'),
|
|
29731
|
-
escalate_if_peer_supports: false,
|
|
29732
|
-
prefer_sealed_for_sensitive: false,
|
|
29733
|
-
},
|
|
29734
|
-
},
|
|
29735
|
-
},
|
|
29736
|
-
authorizer: {
|
|
29737
|
-
type: 'AuthorizationProfile',
|
|
29738
|
-
profile: factory.Expressions.env(ENV_VAR_AUTHORIZATION_PROFILE, 'jwt'),
|
|
29739
|
-
},
|
|
29740
|
-
};
|
|
29741
29690
|
const OVERLAY_PROFILE = {
|
|
29742
29691
|
type: 'DefaultSecurityManager',
|
|
29743
29692
|
security_policy: {
|
|
@@ -29940,7 +29889,6 @@ const OPEN_PROFILE$1 = {
|
|
|
29940
29889
|
};
|
|
29941
29890
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY, OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
29942
29891
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY_CALLBACK, OVERLAY_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
29943
|
-
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_STRICT_OVERLAY, STRICT_OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
29944
29892
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED, GATED_PROFILE, { source: 'node-security-profile-factory' });
|
|
29945
29893
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED_CALLBACK, GATED_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
29946
29894
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OPEN$1, OPEN_PROFILE$1, { source: 'node-security-profile-factory' });
|
|
@@ -30077,7 +30025,6 @@ var nodeSecurityProfileFactory = /*#__PURE__*/Object.freeze({
|
|
|
30077
30025
|
PROFILE_NAME_OPEN: PROFILE_NAME_OPEN$1,
|
|
30078
30026
|
PROFILE_NAME_OVERLAY: PROFILE_NAME_OVERLAY,
|
|
30079
30027
|
PROFILE_NAME_OVERLAY_CALLBACK: PROFILE_NAME_OVERLAY_CALLBACK,
|
|
30080
|
-
PROFILE_NAME_STRICT_OVERLAY: PROFILE_NAME_STRICT_OVERLAY,
|
|
30081
30028
|
default: NodeSecurityProfileFactory
|
|
30082
30029
|
});
|
|
30083
30030
|
|
|
@@ -43955,7 +43902,6 @@ exports.PROFILE_NAME_GATED_CALLBACK = PROFILE_NAME_GATED_CALLBACK;
|
|
|
43955
43902
|
exports.PROFILE_NAME_OPEN = PROFILE_NAME_OPEN$1;
|
|
43956
43903
|
exports.PROFILE_NAME_OVERLAY = PROFILE_NAME_OVERLAY;
|
|
43957
43904
|
exports.PROFILE_NAME_OVERLAY_CALLBACK = PROFILE_NAME_OVERLAY_CALLBACK;
|
|
43958
|
-
exports.PROFILE_NAME_STRICT_OVERLAY = PROFILE_NAME_STRICT_OVERLAY;
|
|
43959
43905
|
exports.PromptCredentialProvider = PromptCredentialProvider;
|
|
43960
43906
|
exports.REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE = REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE;
|
|
43961
43907
|
exports.REQUIRED_FIELDS_BY_KTY = REQUIRED_FIELDS_BY_KTY;
|
package/dist/browser/index.mjs
CHANGED
|
@@ -523,12 +523,12 @@ async function ensureRuntimeFactoriesRegistered(registry = Registry) {
|
|
|
523
523
|
}
|
|
524
524
|
|
|
525
525
|
// This file is auto-generated during build - do not edit manually
|
|
526
|
-
// Generated from package.json version: 0.4.
|
|
526
|
+
// Generated from package.json version: 0.4.10
|
|
527
527
|
/**
|
|
528
528
|
* The package version, injected at build time.
|
|
529
529
|
* @internal
|
|
530
530
|
*/
|
|
531
|
-
const VERSION = '0.4.
|
|
531
|
+
const VERSION = '0.4.10';
|
|
532
532
|
|
|
533
533
|
let initialized = false;
|
|
534
534
|
const runtimePlugin = {
|
|
@@ -14217,9 +14217,8 @@ function requiresCryptoProvider(config) {
|
|
|
14217
14217
|
const profile = record.profile;
|
|
14218
14218
|
if (typeof profile === 'string') {
|
|
14219
14219
|
const profileLower = profile.toLowerCase();
|
|
14220
|
-
// Overlay variants require crypto provider for envelope signing
|
|
14221
|
-
if (profileLower.includes('overlay')
|
|
14222
|
-
profileLower === 'strict-overlay') {
|
|
14220
|
+
// Overlay variants (including strict-overlay) require crypto provider for envelope signing
|
|
14221
|
+
if (profileLower.includes('overlay')) {
|
|
14223
14222
|
return true;
|
|
14224
14223
|
}
|
|
14225
14224
|
}
|
|
@@ -29681,61 +29680,11 @@ const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = 'FAME_JWT_REVERSE_AUTH_AUDIENCE';
|
|
|
29681
29680
|
const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = 'FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY';
|
|
29682
29681
|
const ENV_VAR_TRUSTED_CLIENT_SCOPE = 'FAME_TRUSTED_CLIENT_SCOPE';
|
|
29683
29682
|
const ENV_VAR_AUTHORIZATION_PROFILE = 'FAME_AUTHORIZATION_PROFILE';
|
|
29684
|
-
const PROFILE_NAME_STRICT_OVERLAY = 'strict-overlay';
|
|
29685
29683
|
const PROFILE_NAME_OVERLAY = 'overlay';
|
|
29686
29684
|
const PROFILE_NAME_OVERLAY_CALLBACK = 'overlay-callback';
|
|
29687
29685
|
const PROFILE_NAME_GATED = 'gated';
|
|
29688
29686
|
const PROFILE_NAME_GATED_CALLBACK = 'gated-callback';
|
|
29689
29687
|
const PROFILE_NAME_OPEN$1 = 'open';
|
|
29690
|
-
const STRICT_OVERLAY_PROFILE = {
|
|
29691
|
-
type: 'DefaultSecurityManager',
|
|
29692
|
-
security_policy: {
|
|
29693
|
-
type: 'DefaultSecurityPolicy',
|
|
29694
|
-
signing: {
|
|
29695
|
-
signing_material: 'x509-chain',
|
|
29696
|
-
require_cert_sid_match: true,
|
|
29697
|
-
inbound: {
|
|
29698
|
-
signature_policy: 'required',
|
|
29699
|
-
unsigned_violation_action: 'nack',
|
|
29700
|
-
invalid_signature_action: 'nack',
|
|
29701
|
-
},
|
|
29702
|
-
response: {
|
|
29703
|
-
mirror_request_signing: true,
|
|
29704
|
-
always_sign_responses: false,
|
|
29705
|
-
sign_error_responses: true,
|
|
29706
|
-
},
|
|
29707
|
-
outbound: {
|
|
29708
|
-
default_signing: true,
|
|
29709
|
-
sign_sensitive_operations: true,
|
|
29710
|
-
sign_if_recipient_expects: true,
|
|
29711
|
-
},
|
|
29712
|
-
},
|
|
29713
|
-
encryption: {
|
|
29714
|
-
inbound: {
|
|
29715
|
-
allow_plaintext: true,
|
|
29716
|
-
allow_channel: true,
|
|
29717
|
-
allow_sealed: true,
|
|
29718
|
-
plaintext_violation_action: 'nack',
|
|
29719
|
-
channel_violation_action: 'nack',
|
|
29720
|
-
sealed_violation_action: 'nack',
|
|
29721
|
-
},
|
|
29722
|
-
response: {
|
|
29723
|
-
mirror_request_level: true,
|
|
29724
|
-
minimum_response_level: 'plaintext',
|
|
29725
|
-
escalate_sealed_responses: false,
|
|
29726
|
-
},
|
|
29727
|
-
outbound: {
|
|
29728
|
-
default_level: Expressions.env(ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, 'channel'),
|
|
29729
|
-
escalate_if_peer_supports: false,
|
|
29730
|
-
prefer_sealed_for_sensitive: false,
|
|
29731
|
-
},
|
|
29732
|
-
},
|
|
29733
|
-
},
|
|
29734
|
-
authorizer: {
|
|
29735
|
-
type: 'AuthorizationProfile',
|
|
29736
|
-
profile: Expressions.env(ENV_VAR_AUTHORIZATION_PROFILE, 'jwt'),
|
|
29737
|
-
},
|
|
29738
|
-
};
|
|
29739
29688
|
const OVERLAY_PROFILE = {
|
|
29740
29689
|
type: 'DefaultSecurityManager',
|
|
29741
29690
|
security_policy: {
|
|
@@ -29938,7 +29887,6 @@ const OPEN_PROFILE$1 = {
|
|
|
29938
29887
|
};
|
|
29939
29888
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY, OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
29940
29889
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY_CALLBACK, OVERLAY_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
29941
|
-
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_STRICT_OVERLAY, STRICT_OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
29942
29890
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED, GATED_PROFILE, { source: 'node-security-profile-factory' });
|
|
29943
29891
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED_CALLBACK, GATED_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
29944
29892
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OPEN$1, OPEN_PROFILE$1, { source: 'node-security-profile-factory' });
|
|
@@ -30075,7 +30023,6 @@ var nodeSecurityProfileFactory = /*#__PURE__*/Object.freeze({
|
|
|
30075
30023
|
PROFILE_NAME_OPEN: PROFILE_NAME_OPEN$1,
|
|
30076
30024
|
PROFILE_NAME_OVERLAY: PROFILE_NAME_OVERLAY,
|
|
30077
30025
|
PROFILE_NAME_OVERLAY_CALLBACK: PROFILE_NAME_OVERLAY_CALLBACK,
|
|
30078
|
-
PROFILE_NAME_STRICT_OVERLAY: PROFILE_NAME_STRICT_OVERLAY,
|
|
30079
30026
|
default: NodeSecurityProfileFactory
|
|
30080
30027
|
});
|
|
30081
30028
|
|
|
@@ -43795,4 +43742,4 @@ var otelSetup = /*#__PURE__*/Object.freeze({
|
|
|
43795
43742
|
setupOtel: setupOtel
|
|
43796
43743
|
});
|
|
43797
43744
|
|
|
43798
|
-
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY$1 as AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY, ENV_VAR_HMAC_SECRET$1 as AUTH_PROFILE_ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL$1 as AUTH_PROFILE_ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$1 as AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_TRUSTED_CLIENT_SCOPE$1 as AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE, PROFILE_NAME_DEFAULT as AUTH_PROFILE_NAME_DEFAULT, PROFILE_NAME_NOOP$2 as AUTH_PROFILE_NAME_NOOP, PROFILE_NAME_OAUTH2 as AUTH_PROFILE_NAME_OAUTH2, PROFILE_NAME_OAUTH2_CALLBACK as AUTH_PROFILE_NAME_OAUTH2_CALLBACK, PROFILE_NAME_OAUTH2_GATED as AUTH_PROFILE_NAME_OAUTH2_GATED, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizationPolicyFactory, AuthorizationPolicySourceFactory, AuthorizationProfileFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, FACTORY_META$$ as BROADCAST_CHANNEL_CONNECTOR_FACTORY_META, BROADCAST_CHANNEL_CONNECTOR_TYPE, FACTORY_META$Z as BROADCAST_CHANNEL_LISTENER_FACTORY_META, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BasicAuthorizationPolicy, BasicAuthorizationPolicyFactory, BindingManager, BindingStoreEntryRecord, BroadcastChannelConnector, BroadcastChannelConnectorFactory, BroadcastChannelListener, BroadcastChannelListenerFactory, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CONNECTION_RETRY_POLICY_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectionRetryPolicyFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$11 as DEFAULT_WELCOME_FACTORY_META, DefaultConnectionRetryPolicy, DefaultConnectionRetryPolicyFactory, DefaultCryptoProvider, DefaultKeyManager, DefaultNodeIdentityPolicy, DefaultNodeIdentityPolicyFactory, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_AUTHORIZATION_PROFILE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$1 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SESSION_MAX_INITIAL_ATTEMPTS, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$12 as FACTORY_META, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, INPAGE_CONNECTION_GRANT_TYPE, FACTORY_META$10 as INPAGE_CONNECTOR_FACTORY_META, INPAGE_CONNECTOR_TYPE, FACTORY_META$_ as INPAGE_LISTENER_FACTORY_META, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageConnectorFactory, InPageListener, InPageListenerFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KNOWN_POLICY_FIELDS, KNOWN_RULE_FIELDS, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MAX_SCOPE_NESTING_DEPTH, MemoryMetricsEmitter, NODE_IDENTITY_POLICY_FACTORY_BASE_TYPE, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodeIdentityPolicyFactory, NodeIdentityPolicyProfileFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NoopTrustStoreProvider, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenSubjectNodeIdentityPolicy, TokenSubjectNodeIdentityPolicyFactory, TokenVerifierFactory, TransportProvisionerFactory, TrustStoreProviderFactory, TtlValidationError, UpstreamSessionManager, VALID_ACTIONS, VALID_CURVES_BY_KTY, VALID_EFFECTS, VALID_KEY_USES, VALID_ORIGIN_TYPES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, assertNotRegexPattern, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, clearProfiles, color, compareCryptoLevels, compileGlobOnlyScopeRequirement, compileGlobPattern, compilePattern, compileScopeRequirement, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createLogicalUri, createNodeDeliveryContext, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, evaluateScopeRequirement, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCompiledGlobPattern, getCurrentEnvelope, getFabricForNode, getFameRoot, getKeyProvider, getKeyStore, getLogger, getProfile, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isIdentityExposingTokenProvider, isInPageConnectionGrant, isNodeLike, isPlainObject$4 as isPlainObject, isPoolAddress, isPoolLogical, isRegexPattern, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, listProfiles, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchPattern, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeScopeRequirement, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerProfile, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, safeColor, safeImport, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
|
|
43745
|
+
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY$1 as AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY, ENV_VAR_HMAC_SECRET$1 as AUTH_PROFILE_ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL$1 as AUTH_PROFILE_ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$1 as AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_TRUSTED_CLIENT_SCOPE$1 as AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE, PROFILE_NAME_DEFAULT as AUTH_PROFILE_NAME_DEFAULT, PROFILE_NAME_NOOP$2 as AUTH_PROFILE_NAME_NOOP, PROFILE_NAME_OAUTH2 as AUTH_PROFILE_NAME_OAUTH2, PROFILE_NAME_OAUTH2_CALLBACK as AUTH_PROFILE_NAME_OAUTH2_CALLBACK, PROFILE_NAME_OAUTH2_GATED as AUTH_PROFILE_NAME_OAUTH2_GATED, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizationPolicyFactory, AuthorizationPolicySourceFactory, AuthorizationProfileFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, FACTORY_META$$ as BROADCAST_CHANNEL_CONNECTOR_FACTORY_META, BROADCAST_CHANNEL_CONNECTOR_TYPE, FACTORY_META$Z as BROADCAST_CHANNEL_LISTENER_FACTORY_META, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BasicAuthorizationPolicy, BasicAuthorizationPolicyFactory, BindingManager, BindingStoreEntryRecord, BroadcastChannelConnector, BroadcastChannelConnectorFactory, BroadcastChannelListener, BroadcastChannelListenerFactory, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CONNECTION_RETRY_POLICY_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectionRetryPolicyFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$11 as DEFAULT_WELCOME_FACTORY_META, DefaultConnectionRetryPolicy, DefaultConnectionRetryPolicyFactory, DefaultCryptoProvider, DefaultKeyManager, DefaultNodeIdentityPolicy, DefaultNodeIdentityPolicyFactory, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_AUTHORIZATION_PROFILE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$1 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SESSION_MAX_INITIAL_ATTEMPTS, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$12 as FACTORY_META, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, INPAGE_CONNECTION_GRANT_TYPE, FACTORY_META$10 as INPAGE_CONNECTOR_FACTORY_META, INPAGE_CONNECTOR_TYPE, FACTORY_META$_ as INPAGE_LISTENER_FACTORY_META, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageConnectorFactory, InPageListener, InPageListenerFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KNOWN_POLICY_FIELDS, KNOWN_RULE_FIELDS, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MAX_SCOPE_NESTING_DEPTH, MemoryMetricsEmitter, NODE_IDENTITY_POLICY_FACTORY_BASE_TYPE, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodeIdentityPolicyFactory, NodeIdentityPolicyProfileFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NoopTrustStoreProvider, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PromptCredentialProvider, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenSubjectNodeIdentityPolicy, TokenSubjectNodeIdentityPolicyFactory, TokenVerifierFactory, TransportProvisionerFactory, TrustStoreProviderFactory, TtlValidationError, UpstreamSessionManager, VALID_ACTIONS, VALID_CURVES_BY_KTY, VALID_EFFECTS, VALID_KEY_USES, VALID_ORIGIN_TYPES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, assertNotRegexPattern, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, clearProfiles, color, compareCryptoLevels, compileGlobOnlyScopeRequirement, compileGlobPattern, compilePattern, compileScopeRequirement, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createLogicalUri, createNodeDeliveryContext, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, evaluateScopeRequirement, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCompiledGlobPattern, getCurrentEnvelope, getFabricForNode, getFameRoot, getKeyProvider, getKeyStore, getLogger, getProfile, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isIdentityExposingTokenProvider, isInPageConnectionGrant, isNodeLike, isPlainObject$4 as isPlainObject, isPoolAddress, isPoolLogical, isRegexPattern, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, listProfiles, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchPattern, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeScopeRequirement, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerProfile, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, safeColor, safeImport, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
|
|
@@ -496,9 +496,8 @@ function requiresCryptoProvider(config) {
|
|
|
496
496
|
const profile = record.profile;
|
|
497
497
|
if (typeof profile === 'string') {
|
|
498
498
|
const profileLower = profile.toLowerCase();
|
|
499
|
-
// Overlay variants require crypto provider for envelope signing
|
|
500
|
-
if (profileLower.includes('overlay')
|
|
501
|
-
profileLower === 'strict-overlay') {
|
|
499
|
+
// Overlay variants (including strict-overlay) require crypto provider for envelope signing
|
|
500
|
+
if (profileLower.includes('overlay')) {
|
|
502
501
|
return true;
|
|
503
502
|
}
|
|
504
503
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.ENV_VAR_JWKS_URL = exports.ENV_VAR_JWT_AUDIENCE = exports.ENV_VAR_JWT_ALGORITHM = exports.ENV_VAR_JWT_TRUSTED_ISSUER = exports.CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE = exports.EdDSAEnvelopeSigner = exports.encodeUtf8 = exports.immutableHeaders = exports.frameDigest = exports.decodeBase64Url = exports.canonicalJson = exports.SigningConfigClass = exports.SECURITY_MANAGER_FACTORY_BASE_TYPE = exports.SECURITY_POLICY_FACTORY_BASE_TYPE = exports.KEY_STORE_FACTORY_BASE_TYPE = exports.ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE = exports.KEY_MANAGER_FACTORY_BASE_TYPE = exports.SecureChannelManagerFactory = exports.SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE = exports.ENCRYPTION_MANAGER_FACTORY_BASE_TYPE = exports.NoopTrustStoreProvider = exports.TrustStoreProviderFactory = exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = exports.CertificateManagerFactory = exports.CERTIFICATE_MANAGER_FACTORY_BASE_TYPE = exports.TokenProviderFactory = exports.TOKEN_PROVIDER_FACTORY_BASE_TYPE = exports.TokenVerifierFactory = exports.TOKEN_VERIFIER_FACTORY_BASE_TYPE = exports.TokenIssuerFactory = exports.TOKEN_ISSUER_FACTORY_BASE_TYPE = exports.AuthInjectionStrategyFactory = exports.AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE = exports.AUTH_PROFILE_ENV_VAR_HMAC_SECRET = exports.AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = exports.AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = exports.AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE = exports.AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = exports.AUTH_PROFILE_ENV_VAR_JWKS_URL = exports.AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE = exports.AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM = exports.AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER = exports.AUTH_PROFILE_NAME_NOOP = exports.AUTH_PROFILE_NAME_OAUTH2_CALLBACK = exports.AUTH_PROFILE_NAME_OAUTH2_GATED = exports.AUTH_PROFILE_NAME_OAUTH2 = exports.AUTH_PROFILE_NAME_DEFAULT = exports.AuthorizationProfileFactory = exports.AuthorizerFactory = exports.AUTHORIZER_FACTORY_BASE_TYPE = void 0;
|
|
4
|
-
exports.PROFILE_NAME_OPEN = exports.PROFILE_NAME_GATED_CALLBACK = exports.PROFILE_NAME_GATED = exports.PROFILE_NAME_OVERLAY_CALLBACK = exports.PROFILE_NAME_OVERLAY = exports.
|
|
4
|
+
exports.PROFILE_NAME_OPEN = exports.PROFILE_NAME_GATED_CALLBACK = exports.PROFILE_NAME_GATED = exports.PROFILE_NAME_OVERLAY_CALLBACK = exports.PROFILE_NAME_OVERLAY = exports.ENV_VAR_AUTHORIZATION_PROFILE = exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = exports.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = exports.ENV_VAR_HMAC_SECRET = exports.ENV_VAR_DEFAULT_ENCRYPTION_LEVEL = void 0;
|
|
5
5
|
const tslib_1 = require("tslib");
|
|
6
6
|
tslib_1.__exportStar(require("./auth/authorizer.js"), exports);
|
|
7
7
|
tslib_1.__exportStar(require("./auth/auth-identity.js"), exports);
|
|
@@ -130,7 +130,6 @@ Object.defineProperty(exports, "ENV_VAR_HMAC_SECRET", { enumerable: true, get: f
|
|
|
130
130
|
Object.defineProperty(exports, "ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER", { enumerable: true, get: function () { return node_security_profile_factory_js_1.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER; } });
|
|
131
131
|
Object.defineProperty(exports, "ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE", { enumerable: true, get: function () { return node_security_profile_factory_js_1.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE; } });
|
|
132
132
|
Object.defineProperty(exports, "ENV_VAR_AUTHORIZATION_PROFILE", { enumerable: true, get: function () { return node_security_profile_factory_js_1.ENV_VAR_AUTHORIZATION_PROFILE; } });
|
|
133
|
-
Object.defineProperty(exports, "PROFILE_NAME_STRICT_OVERLAY", { enumerable: true, get: function () { return node_security_profile_factory_js_1.PROFILE_NAME_STRICT_OVERLAY; } });
|
|
134
133
|
Object.defineProperty(exports, "PROFILE_NAME_OVERLAY", { enumerable: true, get: function () { return node_security_profile_factory_js_1.PROFILE_NAME_OVERLAY; } });
|
|
135
134
|
Object.defineProperty(exports, "PROFILE_NAME_OVERLAY_CALLBACK", { enumerable: true, get: function () { return node_security_profile_factory_js_1.PROFILE_NAME_OVERLAY_CALLBACK; } });
|
|
136
135
|
Object.defineProperty(exports, "PROFILE_NAME_GATED", { enumerable: true, get: function () { return node_security_profile_factory_js_1.PROFILE_NAME_GATED; } });
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.NodeSecurityProfileFactory = exports.FACTORY_META = exports.PROFILE_NAME_OPEN = exports.PROFILE_NAME_GATED_CALLBACK = exports.PROFILE_NAME_GATED = exports.PROFILE_NAME_OVERLAY_CALLBACK = exports.PROFILE_NAME_OVERLAY = exports.
|
|
3
|
+
exports.NodeSecurityProfileFactory = exports.FACTORY_META = exports.PROFILE_NAME_OPEN = exports.PROFILE_NAME_GATED_CALLBACK = exports.PROFILE_NAME_GATED = exports.PROFILE_NAME_OVERLAY_CALLBACK = exports.PROFILE_NAME_OVERLAY = exports.ENV_VAR_AUTHORIZATION_PROFILE = exports.ENV_VAR_TRUSTED_CLIENT_SCOPE = exports.ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = exports.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = exports.ENV_VAR_HMAC_SECRET = exports.ENV_VAR_DEFAULT_ENCRYPTION_LEVEL = exports.ENV_VAR_JWKS_URL = exports.ENV_VAR_JWT_AUDIENCE = exports.ENV_VAR_JWT_ALGORITHM = exports.ENV_VAR_JWT_TRUSTED_ISSUER = void 0;
|
|
4
4
|
const factory_1 = require("@naylence/factory");
|
|
5
5
|
const security_manager_factory_js_1 = require("./security-manager-factory.js");
|
|
6
6
|
const logging_js_1 = require("../util/logging.js");
|
|
@@ -17,61 +17,11 @@ exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = 'FAME_JWT_REVERSE_AUTH_AUDIENCE';
|
|
|
17
17
|
exports.ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = 'FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY';
|
|
18
18
|
exports.ENV_VAR_TRUSTED_CLIENT_SCOPE = 'FAME_TRUSTED_CLIENT_SCOPE';
|
|
19
19
|
exports.ENV_VAR_AUTHORIZATION_PROFILE = 'FAME_AUTHORIZATION_PROFILE';
|
|
20
|
-
exports.PROFILE_NAME_STRICT_OVERLAY = 'strict-overlay';
|
|
21
20
|
exports.PROFILE_NAME_OVERLAY = 'overlay';
|
|
22
21
|
exports.PROFILE_NAME_OVERLAY_CALLBACK = 'overlay-callback';
|
|
23
22
|
exports.PROFILE_NAME_GATED = 'gated';
|
|
24
23
|
exports.PROFILE_NAME_GATED_CALLBACK = 'gated-callback';
|
|
25
24
|
exports.PROFILE_NAME_OPEN = 'open';
|
|
26
|
-
const STRICT_OVERLAY_PROFILE = {
|
|
27
|
-
type: 'DefaultSecurityManager',
|
|
28
|
-
security_policy: {
|
|
29
|
-
type: 'DefaultSecurityPolicy',
|
|
30
|
-
signing: {
|
|
31
|
-
signing_material: 'x509-chain',
|
|
32
|
-
require_cert_sid_match: true,
|
|
33
|
-
inbound: {
|
|
34
|
-
signature_policy: 'required',
|
|
35
|
-
unsigned_violation_action: 'nack',
|
|
36
|
-
invalid_signature_action: 'nack',
|
|
37
|
-
},
|
|
38
|
-
response: {
|
|
39
|
-
mirror_request_signing: true,
|
|
40
|
-
always_sign_responses: false,
|
|
41
|
-
sign_error_responses: true,
|
|
42
|
-
},
|
|
43
|
-
outbound: {
|
|
44
|
-
default_signing: true,
|
|
45
|
-
sign_sensitive_operations: true,
|
|
46
|
-
sign_if_recipient_expects: true,
|
|
47
|
-
},
|
|
48
|
-
},
|
|
49
|
-
encryption: {
|
|
50
|
-
inbound: {
|
|
51
|
-
allow_plaintext: true,
|
|
52
|
-
allow_channel: true,
|
|
53
|
-
allow_sealed: true,
|
|
54
|
-
plaintext_violation_action: 'nack',
|
|
55
|
-
channel_violation_action: 'nack',
|
|
56
|
-
sealed_violation_action: 'nack',
|
|
57
|
-
},
|
|
58
|
-
response: {
|
|
59
|
-
mirror_request_level: true,
|
|
60
|
-
minimum_response_level: 'plaintext',
|
|
61
|
-
escalate_sealed_responses: false,
|
|
62
|
-
},
|
|
63
|
-
outbound: {
|
|
64
|
-
default_level: factory_1.Expressions.env(exports.ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, 'channel'),
|
|
65
|
-
escalate_if_peer_supports: false,
|
|
66
|
-
prefer_sealed_for_sensitive: false,
|
|
67
|
-
},
|
|
68
|
-
},
|
|
69
|
-
},
|
|
70
|
-
authorizer: {
|
|
71
|
-
type: 'AuthorizationProfile',
|
|
72
|
-
profile: factory_1.Expressions.env(exports.ENV_VAR_AUTHORIZATION_PROFILE, 'jwt'),
|
|
73
|
-
},
|
|
74
|
-
};
|
|
75
25
|
const OVERLAY_PROFILE = {
|
|
76
26
|
type: 'DefaultSecurityManager',
|
|
77
27
|
security_policy: {
|
|
@@ -274,7 +224,6 @@ const OPEN_PROFILE = {
|
|
|
274
224
|
};
|
|
275
225
|
(0, profile_registry_js_1.registerProfile)(security_manager_factory_js_1.SECURITY_MANAGER_FACTORY_BASE_TYPE, exports.PROFILE_NAME_OVERLAY, OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
276
226
|
(0, profile_registry_js_1.registerProfile)(security_manager_factory_js_1.SECURITY_MANAGER_FACTORY_BASE_TYPE, exports.PROFILE_NAME_OVERLAY_CALLBACK, OVERLAY_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
277
|
-
(0, profile_registry_js_1.registerProfile)(security_manager_factory_js_1.SECURITY_MANAGER_FACTORY_BASE_TYPE, exports.PROFILE_NAME_STRICT_OVERLAY, STRICT_OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
278
227
|
(0, profile_registry_js_1.registerProfile)(security_manager_factory_js_1.SECURITY_MANAGER_FACTORY_BASE_TYPE, exports.PROFILE_NAME_GATED, GATED_PROFILE, { source: 'node-security-profile-factory' });
|
|
279
228
|
(0, profile_registry_js_1.registerProfile)(security_manager_factory_js_1.SECURITY_MANAGER_FACTORY_BASE_TYPE, exports.PROFILE_NAME_GATED_CALLBACK, GATED_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
280
229
|
(0, profile_registry_js_1.registerProfile)(security_manager_factory_js_1.SECURITY_MANAGER_FACTORY_BASE_TYPE, exports.PROFILE_NAME_OPEN, OPEN_PROFILE, { source: 'node-security-profile-factory' });
|
package/dist/cjs/version.js
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
// This file is auto-generated during build - do not edit manually
|
|
3
|
-
// Generated from package.json version: 0.4.
|
|
3
|
+
// Generated from package.json version: 0.4.10
|
|
4
4
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
5
|
exports.VERSION = void 0;
|
|
6
6
|
/**
|
|
7
7
|
* The package version, injected at build time.
|
|
8
8
|
* @internal
|
|
9
9
|
*/
|
|
10
|
-
exports.VERSION = '0.4.
|
|
10
|
+
exports.VERSION = '0.4.10';
|
|
@@ -460,9 +460,8 @@ function requiresCryptoProvider(config) {
|
|
|
460
460
|
const profile = record.profile;
|
|
461
461
|
if (typeof profile === 'string') {
|
|
462
462
|
const profileLower = profile.toLowerCase();
|
|
463
|
-
// Overlay variants require crypto provider for envelope signing
|
|
464
|
-
if (profileLower.includes('overlay')
|
|
465
|
-
profileLower === 'strict-overlay') {
|
|
463
|
+
// Overlay variants (including strict-overlay) require crypto provider for envelope signing
|
|
464
|
+
if (profileLower.includes('overlay')) {
|
|
466
465
|
return true;
|
|
467
466
|
}
|
|
468
467
|
}
|
|
@@ -69,4 +69,4 @@ export * from './credential/browser-auto-key-credential-provider.js';
|
|
|
69
69
|
export * from './credential/browser-wrapped-key-credential-provider.js';
|
|
70
70
|
export * from './credential/session-key-credential-provider.js';
|
|
71
71
|
export * from './credential/dev-fixed-key-credential-provider.js';
|
|
72
|
-
export { ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWKS_URL, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_AUTHORIZATION_PROFILE,
|
|
72
|
+
export { ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWKS_URL, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_AUTHORIZATION_PROFILE, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN, } from './node-security-profile-factory.js';
|
|
@@ -14,61 +14,11 @@ export const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = 'FAME_JWT_REVERSE_AUTH_AUDIENCE
|
|
|
14
14
|
export const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = 'FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY';
|
|
15
15
|
export const ENV_VAR_TRUSTED_CLIENT_SCOPE = 'FAME_TRUSTED_CLIENT_SCOPE';
|
|
16
16
|
export const ENV_VAR_AUTHORIZATION_PROFILE = 'FAME_AUTHORIZATION_PROFILE';
|
|
17
|
-
export const PROFILE_NAME_STRICT_OVERLAY = 'strict-overlay';
|
|
18
17
|
export const PROFILE_NAME_OVERLAY = 'overlay';
|
|
19
18
|
export const PROFILE_NAME_OVERLAY_CALLBACK = 'overlay-callback';
|
|
20
19
|
export const PROFILE_NAME_GATED = 'gated';
|
|
21
20
|
export const PROFILE_NAME_GATED_CALLBACK = 'gated-callback';
|
|
22
21
|
export const PROFILE_NAME_OPEN = 'open';
|
|
23
|
-
const STRICT_OVERLAY_PROFILE = {
|
|
24
|
-
type: 'DefaultSecurityManager',
|
|
25
|
-
security_policy: {
|
|
26
|
-
type: 'DefaultSecurityPolicy',
|
|
27
|
-
signing: {
|
|
28
|
-
signing_material: 'x509-chain',
|
|
29
|
-
require_cert_sid_match: true,
|
|
30
|
-
inbound: {
|
|
31
|
-
signature_policy: 'required',
|
|
32
|
-
unsigned_violation_action: 'nack',
|
|
33
|
-
invalid_signature_action: 'nack',
|
|
34
|
-
},
|
|
35
|
-
response: {
|
|
36
|
-
mirror_request_signing: true,
|
|
37
|
-
always_sign_responses: false,
|
|
38
|
-
sign_error_responses: true,
|
|
39
|
-
},
|
|
40
|
-
outbound: {
|
|
41
|
-
default_signing: true,
|
|
42
|
-
sign_sensitive_operations: true,
|
|
43
|
-
sign_if_recipient_expects: true,
|
|
44
|
-
},
|
|
45
|
-
},
|
|
46
|
-
encryption: {
|
|
47
|
-
inbound: {
|
|
48
|
-
allow_plaintext: true,
|
|
49
|
-
allow_channel: true,
|
|
50
|
-
allow_sealed: true,
|
|
51
|
-
plaintext_violation_action: 'nack',
|
|
52
|
-
channel_violation_action: 'nack',
|
|
53
|
-
sealed_violation_action: 'nack',
|
|
54
|
-
},
|
|
55
|
-
response: {
|
|
56
|
-
mirror_request_level: true,
|
|
57
|
-
minimum_response_level: 'plaintext',
|
|
58
|
-
escalate_sealed_responses: false,
|
|
59
|
-
},
|
|
60
|
-
outbound: {
|
|
61
|
-
default_level: Expressions.env(ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, 'channel'),
|
|
62
|
-
escalate_if_peer_supports: false,
|
|
63
|
-
prefer_sealed_for_sensitive: false,
|
|
64
|
-
},
|
|
65
|
-
},
|
|
66
|
-
},
|
|
67
|
-
authorizer: {
|
|
68
|
-
type: 'AuthorizationProfile',
|
|
69
|
-
profile: Expressions.env(ENV_VAR_AUTHORIZATION_PROFILE, 'jwt'),
|
|
70
|
-
},
|
|
71
|
-
};
|
|
72
22
|
const OVERLAY_PROFILE = {
|
|
73
23
|
type: 'DefaultSecurityManager',
|
|
74
24
|
security_policy: {
|
|
@@ -271,7 +221,6 @@ const OPEN_PROFILE = {
|
|
|
271
221
|
};
|
|
272
222
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY, OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
273
223
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY_CALLBACK, OVERLAY_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
274
|
-
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_STRICT_OVERLAY, STRICT_OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
275
224
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED, GATED_PROFILE, { source: 'node-security-profile-factory' });
|
|
276
225
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED_CALLBACK, GATED_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
277
226
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OPEN, OPEN_PROFILE, { source: 'node-security-profile-factory' });
|
package/dist/esm/version.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
// This file is auto-generated during build - do not edit manually
|
|
2
|
-
// Generated from package.json version: 0.4.
|
|
2
|
+
// Generated from package.json version: 0.4.10
|
|
3
3
|
/**
|
|
4
4
|
* The package version, injected at build time.
|
|
5
5
|
* @internal
|
|
6
6
|
*/
|
|
7
|
-
export const VERSION = '0.4.
|
|
7
|
+
export const VERSION = '0.4.10';
|
package/dist/node/index.cjs
CHANGED
|
@@ -14,12 +14,12 @@ var fastify = require('fastify');
|
|
|
14
14
|
var websocketPlugin = require('@fastify/websocket');
|
|
15
15
|
|
|
16
16
|
// This file is auto-generated during build - do not edit manually
|
|
17
|
-
// Generated from package.json version: 0.4.
|
|
17
|
+
// Generated from package.json version: 0.4.10
|
|
18
18
|
/**
|
|
19
19
|
* The package version, injected at build time.
|
|
20
20
|
* @internal
|
|
21
21
|
*/
|
|
22
|
-
const VERSION = '0.4.
|
|
22
|
+
const VERSION = '0.4.10';
|
|
23
23
|
|
|
24
24
|
/**
|
|
25
25
|
* Fame protocol specific error classes with WebSocket close codes and proper inheritance.
|
|
@@ -13681,9 +13681,8 @@ function requiresCryptoProvider(config) {
|
|
|
13681
13681
|
const profile = record.profile;
|
|
13682
13682
|
if (typeof profile === 'string') {
|
|
13683
13683
|
const profileLower = profile.toLowerCase();
|
|
13684
|
-
// Overlay variants require crypto provider for envelope signing
|
|
13685
|
-
if (profileLower.includes('overlay')
|
|
13686
|
-
profileLower === 'strict-overlay') {
|
|
13684
|
+
// Overlay variants (including strict-overlay) require crypto provider for envelope signing
|
|
13685
|
+
if (profileLower.includes('overlay')) {
|
|
13687
13686
|
return true;
|
|
13688
13687
|
}
|
|
13689
13688
|
}
|
|
@@ -29570,61 +29569,11 @@ const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = 'FAME_JWT_REVERSE_AUTH_AUDIENCE';
|
|
|
29570
29569
|
const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = 'FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY';
|
|
29571
29570
|
const ENV_VAR_TRUSTED_CLIENT_SCOPE = 'FAME_TRUSTED_CLIENT_SCOPE';
|
|
29572
29571
|
const ENV_VAR_AUTHORIZATION_PROFILE = 'FAME_AUTHORIZATION_PROFILE';
|
|
29573
|
-
const PROFILE_NAME_STRICT_OVERLAY = 'strict-overlay';
|
|
29574
29572
|
const PROFILE_NAME_OVERLAY = 'overlay';
|
|
29575
29573
|
const PROFILE_NAME_OVERLAY_CALLBACK = 'overlay-callback';
|
|
29576
29574
|
const PROFILE_NAME_GATED = 'gated';
|
|
29577
29575
|
const PROFILE_NAME_GATED_CALLBACK = 'gated-callback';
|
|
29578
29576
|
const PROFILE_NAME_OPEN$1 = 'open';
|
|
29579
|
-
const STRICT_OVERLAY_PROFILE = {
|
|
29580
|
-
type: 'DefaultSecurityManager',
|
|
29581
|
-
security_policy: {
|
|
29582
|
-
type: 'DefaultSecurityPolicy',
|
|
29583
|
-
signing: {
|
|
29584
|
-
signing_material: 'x509-chain',
|
|
29585
|
-
require_cert_sid_match: true,
|
|
29586
|
-
inbound: {
|
|
29587
|
-
signature_policy: 'required',
|
|
29588
|
-
unsigned_violation_action: 'nack',
|
|
29589
|
-
invalid_signature_action: 'nack',
|
|
29590
|
-
},
|
|
29591
|
-
response: {
|
|
29592
|
-
mirror_request_signing: true,
|
|
29593
|
-
always_sign_responses: false,
|
|
29594
|
-
sign_error_responses: true,
|
|
29595
|
-
},
|
|
29596
|
-
outbound: {
|
|
29597
|
-
default_signing: true,
|
|
29598
|
-
sign_sensitive_operations: true,
|
|
29599
|
-
sign_if_recipient_expects: true,
|
|
29600
|
-
},
|
|
29601
|
-
},
|
|
29602
|
-
encryption: {
|
|
29603
|
-
inbound: {
|
|
29604
|
-
allow_plaintext: true,
|
|
29605
|
-
allow_channel: true,
|
|
29606
|
-
allow_sealed: true,
|
|
29607
|
-
plaintext_violation_action: 'nack',
|
|
29608
|
-
channel_violation_action: 'nack',
|
|
29609
|
-
sealed_violation_action: 'nack',
|
|
29610
|
-
},
|
|
29611
|
-
response: {
|
|
29612
|
-
mirror_request_level: true,
|
|
29613
|
-
minimum_response_level: 'plaintext',
|
|
29614
|
-
escalate_sealed_responses: false,
|
|
29615
|
-
},
|
|
29616
|
-
outbound: {
|
|
29617
|
-
default_level: factory.Expressions.env(ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, 'channel'),
|
|
29618
|
-
escalate_if_peer_supports: false,
|
|
29619
|
-
prefer_sealed_for_sensitive: false,
|
|
29620
|
-
},
|
|
29621
|
-
},
|
|
29622
|
-
},
|
|
29623
|
-
authorizer: {
|
|
29624
|
-
type: 'AuthorizationProfile',
|
|
29625
|
-
profile: factory.Expressions.env(ENV_VAR_AUTHORIZATION_PROFILE, 'jwt'),
|
|
29626
|
-
},
|
|
29627
|
-
};
|
|
29628
29577
|
const OVERLAY_PROFILE = {
|
|
29629
29578
|
type: 'DefaultSecurityManager',
|
|
29630
29579
|
security_policy: {
|
|
@@ -29827,7 +29776,6 @@ const OPEN_PROFILE$1 = {
|
|
|
29827
29776
|
};
|
|
29828
29777
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY, OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
29829
29778
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY_CALLBACK, OVERLAY_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
29830
|
-
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_STRICT_OVERLAY, STRICT_OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
29831
29779
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED, GATED_PROFILE, { source: 'node-security-profile-factory' });
|
|
29832
29780
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED_CALLBACK, GATED_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
29833
29781
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OPEN$1, OPEN_PROFILE$1, { source: 'node-security-profile-factory' });
|
|
@@ -29964,7 +29912,6 @@ var nodeSecurityProfileFactory = /*#__PURE__*/Object.freeze({
|
|
|
29964
29912
|
PROFILE_NAME_OPEN: PROFILE_NAME_OPEN$1,
|
|
29965
29913
|
PROFILE_NAME_OVERLAY: PROFILE_NAME_OVERLAY,
|
|
29966
29914
|
PROFILE_NAME_OVERLAY_CALLBACK: PROFILE_NAME_OVERLAY_CALLBACK,
|
|
29967
|
-
PROFILE_NAME_STRICT_OVERLAY: PROFILE_NAME_STRICT_OVERLAY,
|
|
29968
29915
|
default: NodeSecurityProfileFactory
|
|
29969
29916
|
});
|
|
29970
29917
|
|
|
@@ -43845,7 +43792,6 @@ exports.PROFILE_NAME_GATED_CALLBACK = PROFILE_NAME_GATED_CALLBACK;
|
|
|
43845
43792
|
exports.PROFILE_NAME_OPEN = PROFILE_NAME_OPEN$1;
|
|
43846
43793
|
exports.PROFILE_NAME_OVERLAY = PROFILE_NAME_OVERLAY;
|
|
43847
43794
|
exports.PROFILE_NAME_OVERLAY_CALLBACK = PROFILE_NAME_OVERLAY_CALLBACK;
|
|
43848
|
-
exports.PROFILE_NAME_STRICT_OVERLAY = PROFILE_NAME_STRICT_OVERLAY;
|
|
43849
43795
|
exports.PromptCredentialProvider = PromptCredentialProvider;
|
|
43850
43796
|
exports.REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE = REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE;
|
|
43851
43797
|
exports.REQUIRED_FIELDS_BY_KTY = REQUIRED_FIELDS_BY_KTY;
|
package/dist/node/index.mjs
CHANGED
|
@@ -13,12 +13,12 @@ import fastify from 'fastify';
|
|
|
13
13
|
import websocketPlugin from '@fastify/websocket';
|
|
14
14
|
|
|
15
15
|
// This file is auto-generated during build - do not edit manually
|
|
16
|
-
// Generated from package.json version: 0.4.
|
|
16
|
+
// Generated from package.json version: 0.4.10
|
|
17
17
|
/**
|
|
18
18
|
* The package version, injected at build time.
|
|
19
19
|
* @internal
|
|
20
20
|
*/
|
|
21
|
-
const VERSION = '0.4.
|
|
21
|
+
const VERSION = '0.4.10';
|
|
22
22
|
|
|
23
23
|
/**
|
|
24
24
|
* Fame protocol specific error classes with WebSocket close codes and proper inheritance.
|
|
@@ -13680,9 +13680,8 @@ function requiresCryptoProvider(config) {
|
|
|
13680
13680
|
const profile = record.profile;
|
|
13681
13681
|
if (typeof profile === 'string') {
|
|
13682
13682
|
const profileLower = profile.toLowerCase();
|
|
13683
|
-
// Overlay variants require crypto provider for envelope signing
|
|
13684
|
-
if (profileLower.includes('overlay')
|
|
13685
|
-
profileLower === 'strict-overlay') {
|
|
13683
|
+
// Overlay variants (including strict-overlay) require crypto provider for envelope signing
|
|
13684
|
+
if (profileLower.includes('overlay')) {
|
|
13686
13685
|
return true;
|
|
13687
13686
|
}
|
|
13688
13687
|
}
|
|
@@ -29569,61 +29568,11 @@ const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = 'FAME_JWT_REVERSE_AUTH_AUDIENCE';
|
|
|
29569
29568
|
const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = 'FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY';
|
|
29570
29569
|
const ENV_VAR_TRUSTED_CLIENT_SCOPE = 'FAME_TRUSTED_CLIENT_SCOPE';
|
|
29571
29570
|
const ENV_VAR_AUTHORIZATION_PROFILE = 'FAME_AUTHORIZATION_PROFILE';
|
|
29572
|
-
const PROFILE_NAME_STRICT_OVERLAY = 'strict-overlay';
|
|
29573
29571
|
const PROFILE_NAME_OVERLAY = 'overlay';
|
|
29574
29572
|
const PROFILE_NAME_OVERLAY_CALLBACK = 'overlay-callback';
|
|
29575
29573
|
const PROFILE_NAME_GATED = 'gated';
|
|
29576
29574
|
const PROFILE_NAME_GATED_CALLBACK = 'gated-callback';
|
|
29577
29575
|
const PROFILE_NAME_OPEN$1 = 'open';
|
|
29578
|
-
const STRICT_OVERLAY_PROFILE = {
|
|
29579
|
-
type: 'DefaultSecurityManager',
|
|
29580
|
-
security_policy: {
|
|
29581
|
-
type: 'DefaultSecurityPolicy',
|
|
29582
|
-
signing: {
|
|
29583
|
-
signing_material: 'x509-chain',
|
|
29584
|
-
require_cert_sid_match: true,
|
|
29585
|
-
inbound: {
|
|
29586
|
-
signature_policy: 'required',
|
|
29587
|
-
unsigned_violation_action: 'nack',
|
|
29588
|
-
invalid_signature_action: 'nack',
|
|
29589
|
-
},
|
|
29590
|
-
response: {
|
|
29591
|
-
mirror_request_signing: true,
|
|
29592
|
-
always_sign_responses: false,
|
|
29593
|
-
sign_error_responses: true,
|
|
29594
|
-
},
|
|
29595
|
-
outbound: {
|
|
29596
|
-
default_signing: true,
|
|
29597
|
-
sign_sensitive_operations: true,
|
|
29598
|
-
sign_if_recipient_expects: true,
|
|
29599
|
-
},
|
|
29600
|
-
},
|
|
29601
|
-
encryption: {
|
|
29602
|
-
inbound: {
|
|
29603
|
-
allow_plaintext: true,
|
|
29604
|
-
allow_channel: true,
|
|
29605
|
-
allow_sealed: true,
|
|
29606
|
-
plaintext_violation_action: 'nack',
|
|
29607
|
-
channel_violation_action: 'nack',
|
|
29608
|
-
sealed_violation_action: 'nack',
|
|
29609
|
-
},
|
|
29610
|
-
response: {
|
|
29611
|
-
mirror_request_level: true,
|
|
29612
|
-
minimum_response_level: 'plaintext',
|
|
29613
|
-
escalate_sealed_responses: false,
|
|
29614
|
-
},
|
|
29615
|
-
outbound: {
|
|
29616
|
-
default_level: Expressions.env(ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, 'channel'),
|
|
29617
|
-
escalate_if_peer_supports: false,
|
|
29618
|
-
prefer_sealed_for_sensitive: false,
|
|
29619
|
-
},
|
|
29620
|
-
},
|
|
29621
|
-
},
|
|
29622
|
-
authorizer: {
|
|
29623
|
-
type: 'AuthorizationProfile',
|
|
29624
|
-
profile: Expressions.env(ENV_VAR_AUTHORIZATION_PROFILE, 'jwt'),
|
|
29625
|
-
},
|
|
29626
|
-
};
|
|
29627
29576
|
const OVERLAY_PROFILE = {
|
|
29628
29577
|
type: 'DefaultSecurityManager',
|
|
29629
29578
|
security_policy: {
|
|
@@ -29826,7 +29775,6 @@ const OPEN_PROFILE$1 = {
|
|
|
29826
29775
|
};
|
|
29827
29776
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY, OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
29828
29777
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY_CALLBACK, OVERLAY_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
29829
|
-
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_STRICT_OVERLAY, STRICT_OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
29830
29778
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED, GATED_PROFILE, { source: 'node-security-profile-factory' });
|
|
29831
29779
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED_CALLBACK, GATED_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
29832
29780
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OPEN$1, OPEN_PROFILE$1, { source: 'node-security-profile-factory' });
|
|
@@ -29963,7 +29911,6 @@ var nodeSecurityProfileFactory = /*#__PURE__*/Object.freeze({
|
|
|
29963
29911
|
PROFILE_NAME_OPEN: PROFILE_NAME_OPEN$1,
|
|
29964
29912
|
PROFILE_NAME_OVERLAY: PROFILE_NAME_OVERLAY,
|
|
29965
29913
|
PROFILE_NAME_OVERLAY_CALLBACK: PROFILE_NAME_OVERLAY_CALLBACK,
|
|
29966
|
-
PROFILE_NAME_STRICT_OVERLAY: PROFILE_NAME_STRICT_OVERLAY,
|
|
29967
29914
|
default: NodeSecurityProfileFactory
|
|
29968
29915
|
});
|
|
29969
29916
|
|
|
@@ -43698,4 +43645,4 @@ var websocketTransportProvisioner = /*#__PURE__*/Object.freeze({
|
|
|
43698
43645
|
WebSocketTransportProvisionerFactory: WebSocketTransportProvisionerFactory
|
|
43699
43646
|
});
|
|
43700
43647
|
|
|
43701
|
-
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY$1 as AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY, ENV_VAR_HMAC_SECRET$1 as AUTH_PROFILE_ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL$1 as AUTH_PROFILE_ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$1 as AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_TRUSTED_CLIENT_SCOPE$1 as AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE, PROFILE_NAME_DEFAULT as AUTH_PROFILE_NAME_DEFAULT, PROFILE_NAME_NOOP$2 as AUTH_PROFILE_NAME_NOOP, PROFILE_NAME_OAUTH2 as AUTH_PROFILE_NAME_OAUTH2, PROFILE_NAME_OAUTH2_CALLBACK as AUTH_PROFILE_NAME_OAUTH2_CALLBACK, PROFILE_NAME_OAUTH2_GATED as AUTH_PROFILE_NAME_OAUTH2_GATED, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizationPolicyFactory, AuthorizationPolicySourceFactory, AuthorizationProfileFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BasicAuthorizationPolicy, BasicAuthorizationPolicyFactory, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CONNECTION_RETRY_POLICY_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectionRetryPolicyFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$11 as DEFAULT_WELCOME_FACTORY_META, DefaultConnectionRetryPolicy, DefaultConnectionRetryPolicyFactory, DefaultCryptoProvider, DefaultKeyManager, DefaultNodeIdentityPolicy, DefaultNodeIdentityPolicyFactory, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_AUTHORIZATION_PROFILE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$1 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SESSION_MAX_INITIAL_ATTEMPTS, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$12 as FACTORY_META, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KNOWN_POLICY_FIELDS, KNOWN_RULE_FIELDS, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MAX_SCOPE_NESTING_DEPTH, MemoryMetricsEmitter, NODE_IDENTITY_POLICY_FACTORY_BASE_TYPE, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodeIdentityPolicyFactory, NodeIdentityPolicyProfileFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NoopTrustStoreProvider, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK,
|
|
43648
|
+
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY$1 as AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY, ENV_VAR_HMAC_SECRET$1 as AUTH_PROFILE_ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL$1 as AUTH_PROFILE_ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$1 as AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_TRUSTED_CLIENT_SCOPE$1 as AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE, PROFILE_NAME_DEFAULT as AUTH_PROFILE_NAME_DEFAULT, PROFILE_NAME_NOOP$2 as AUTH_PROFILE_NAME_NOOP, PROFILE_NAME_OAUTH2 as AUTH_PROFILE_NAME_OAUTH2, PROFILE_NAME_OAUTH2_CALLBACK as AUTH_PROFILE_NAME_OAUTH2_CALLBACK, PROFILE_NAME_OAUTH2_GATED as AUTH_PROFILE_NAME_OAUTH2_GATED, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizationPolicyFactory, AuthorizationPolicySourceFactory, AuthorizationProfileFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BasicAuthorizationPolicy, BasicAuthorizationPolicyFactory, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CONNECTION_RETRY_POLICY_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectionRetryPolicyFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$11 as DEFAULT_WELCOME_FACTORY_META, DefaultConnectionRetryPolicy, DefaultConnectionRetryPolicyFactory, DefaultCryptoProvider, DefaultKeyManager, DefaultNodeIdentityPolicy, DefaultNodeIdentityPolicyFactory, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_AUTHORIZATION_PROFILE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$1 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SESSION_MAX_INITIAL_ATTEMPTS, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$12 as FACTORY_META, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KNOWN_POLICY_FIELDS, KNOWN_RULE_FIELDS, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MAX_SCOPE_NESTING_DEPTH, MemoryMetricsEmitter, NODE_IDENTITY_POLICY_FACTORY_BASE_TYPE, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodeIdentityPolicyFactory, NodeIdentityPolicyProfileFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NoopTrustStoreProvider, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PromptCredentialProvider, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenSubjectNodeIdentityPolicy, TokenSubjectNodeIdentityPolicyFactory, TokenVerifierFactory, TransportProvisionerFactory, TrustStoreProviderFactory, TtlValidationError, UpstreamSessionManager, VALID_ACTIONS, VALID_CURVES_BY_KTY, VALID_EFFECTS, VALID_KEY_USES, VALID_ORIGIN_TYPES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, assertNotRegexPattern, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, clearProfiles, color, compareCryptoLevels, compileGlobOnlyScopeRequirement, compileGlobPattern, compilePattern, compileScopeRequirement, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createLogicalUri, createNodeDeliveryContext, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, evaluateScopeRequirement, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCompiledGlobPattern, getCurrentEnvelope, getFabricForNode, getFameRoot, getKeyProvider, getKeyStore, getLogger, getProfile, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isIdentityExposingTokenProvider, isInPageConnectionGrant, isNodeLike, isPlainObject$4 as isPlainObject, isPoolAddress, isPoolLogical, isRegexPattern, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, listProfiles, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchPattern, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeScopeRequirement, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerProfile, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, safeColor, safeImport, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
|
package/dist/node/node.cjs
CHANGED
|
@@ -4436,12 +4436,12 @@ async function ensureRuntimeFactoriesRegistered(registry = factory.Registry) {
|
|
|
4436
4436
|
}
|
|
4437
4437
|
|
|
4438
4438
|
// This file is auto-generated during build - do not edit manually
|
|
4439
|
-
// Generated from package.json version: 0.4.
|
|
4439
|
+
// Generated from package.json version: 0.4.10
|
|
4440
4440
|
/**
|
|
4441
4441
|
* The package version, injected at build time.
|
|
4442
4442
|
* @internal
|
|
4443
4443
|
*/
|
|
4444
|
-
const VERSION = '0.4.
|
|
4444
|
+
const VERSION = '0.4.10';
|
|
4445
4445
|
|
|
4446
4446
|
let initialized = false;
|
|
4447
4447
|
const runtimePlugin = {
|
|
@@ -15828,9 +15828,8 @@ function requiresCryptoProvider(config) {
|
|
|
15828
15828
|
const profile = record.profile;
|
|
15829
15829
|
if (typeof profile === 'string') {
|
|
15830
15830
|
const profileLower = profile.toLowerCase();
|
|
15831
|
-
// Overlay variants require crypto provider for envelope signing
|
|
15832
|
-
if (profileLower.includes('overlay')
|
|
15833
|
-
profileLower === 'strict-overlay') {
|
|
15831
|
+
// Overlay variants (including strict-overlay) require crypto provider for envelope signing
|
|
15832
|
+
if (profileLower.includes('overlay')) {
|
|
15834
15833
|
return true;
|
|
15835
15834
|
}
|
|
15836
15835
|
}
|
|
@@ -30792,61 +30791,11 @@ const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = 'FAME_JWT_REVERSE_AUTH_AUDIENCE';
|
|
|
30792
30791
|
const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = 'FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY';
|
|
30793
30792
|
const ENV_VAR_TRUSTED_CLIENT_SCOPE = 'FAME_TRUSTED_CLIENT_SCOPE';
|
|
30794
30793
|
const ENV_VAR_AUTHORIZATION_PROFILE = 'FAME_AUTHORIZATION_PROFILE';
|
|
30795
|
-
const PROFILE_NAME_STRICT_OVERLAY = 'strict-overlay';
|
|
30796
30794
|
const PROFILE_NAME_OVERLAY = 'overlay';
|
|
30797
30795
|
const PROFILE_NAME_OVERLAY_CALLBACK = 'overlay-callback';
|
|
30798
30796
|
const PROFILE_NAME_GATED = 'gated';
|
|
30799
30797
|
const PROFILE_NAME_GATED_CALLBACK = 'gated-callback';
|
|
30800
30798
|
const PROFILE_NAME_OPEN$1 = 'open';
|
|
30801
|
-
const STRICT_OVERLAY_PROFILE = {
|
|
30802
|
-
type: 'DefaultSecurityManager',
|
|
30803
|
-
security_policy: {
|
|
30804
|
-
type: 'DefaultSecurityPolicy',
|
|
30805
|
-
signing: {
|
|
30806
|
-
signing_material: 'x509-chain',
|
|
30807
|
-
require_cert_sid_match: true,
|
|
30808
|
-
inbound: {
|
|
30809
|
-
signature_policy: 'required',
|
|
30810
|
-
unsigned_violation_action: 'nack',
|
|
30811
|
-
invalid_signature_action: 'nack',
|
|
30812
|
-
},
|
|
30813
|
-
response: {
|
|
30814
|
-
mirror_request_signing: true,
|
|
30815
|
-
always_sign_responses: false,
|
|
30816
|
-
sign_error_responses: true,
|
|
30817
|
-
},
|
|
30818
|
-
outbound: {
|
|
30819
|
-
default_signing: true,
|
|
30820
|
-
sign_sensitive_operations: true,
|
|
30821
|
-
sign_if_recipient_expects: true,
|
|
30822
|
-
},
|
|
30823
|
-
},
|
|
30824
|
-
encryption: {
|
|
30825
|
-
inbound: {
|
|
30826
|
-
allow_plaintext: true,
|
|
30827
|
-
allow_channel: true,
|
|
30828
|
-
allow_sealed: true,
|
|
30829
|
-
plaintext_violation_action: 'nack',
|
|
30830
|
-
channel_violation_action: 'nack',
|
|
30831
|
-
sealed_violation_action: 'nack',
|
|
30832
|
-
},
|
|
30833
|
-
response: {
|
|
30834
|
-
mirror_request_level: true,
|
|
30835
|
-
minimum_response_level: 'plaintext',
|
|
30836
|
-
escalate_sealed_responses: false,
|
|
30837
|
-
},
|
|
30838
|
-
outbound: {
|
|
30839
|
-
default_level: factory.Expressions.env(ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, 'channel'),
|
|
30840
|
-
escalate_if_peer_supports: false,
|
|
30841
|
-
prefer_sealed_for_sensitive: false,
|
|
30842
|
-
},
|
|
30843
|
-
},
|
|
30844
|
-
},
|
|
30845
|
-
authorizer: {
|
|
30846
|
-
type: 'AuthorizationProfile',
|
|
30847
|
-
profile: factory.Expressions.env(ENV_VAR_AUTHORIZATION_PROFILE, 'jwt'),
|
|
30848
|
-
},
|
|
30849
|
-
};
|
|
30850
30799
|
const OVERLAY_PROFILE = {
|
|
30851
30800
|
type: 'DefaultSecurityManager',
|
|
30852
30801
|
security_policy: {
|
|
@@ -31049,7 +30998,6 @@ const OPEN_PROFILE$1 = {
|
|
|
31049
30998
|
};
|
|
31050
30999
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY, OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
31051
31000
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY_CALLBACK, OVERLAY_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
31052
|
-
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_STRICT_OVERLAY, STRICT_OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
31053
31001
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED, GATED_PROFILE, { source: 'node-security-profile-factory' });
|
|
31054
31002
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED_CALLBACK, GATED_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
31055
31003
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OPEN$1, OPEN_PROFILE$1, { source: 'node-security-profile-factory' });
|
|
@@ -31186,7 +31134,6 @@ var nodeSecurityProfileFactory = /*#__PURE__*/Object.freeze({
|
|
|
31186
31134
|
PROFILE_NAME_OPEN: PROFILE_NAME_OPEN$1,
|
|
31187
31135
|
PROFILE_NAME_OVERLAY: PROFILE_NAME_OVERLAY,
|
|
31188
31136
|
PROFILE_NAME_OVERLAY_CALLBACK: PROFILE_NAME_OVERLAY_CALLBACK,
|
|
31189
|
-
PROFILE_NAME_STRICT_OVERLAY: PROFILE_NAME_STRICT_OVERLAY,
|
|
31190
31137
|
default: NodeSecurityProfileFactory
|
|
31191
31138
|
});
|
|
31192
31139
|
|
|
@@ -46110,7 +46057,6 @@ exports.PROFILE_NAME_GATED_CALLBACK = PROFILE_NAME_GATED_CALLBACK;
|
|
|
46110
46057
|
exports.PROFILE_NAME_OPEN = PROFILE_NAME_OPEN$1;
|
|
46111
46058
|
exports.PROFILE_NAME_OVERLAY = PROFILE_NAME_OVERLAY;
|
|
46112
46059
|
exports.PROFILE_NAME_OVERLAY_CALLBACK = PROFILE_NAME_OVERLAY_CALLBACK;
|
|
46113
|
-
exports.PROFILE_NAME_STRICT_OVERLAY = PROFILE_NAME_STRICT_OVERLAY;
|
|
46114
46060
|
exports.PromptCredentialProvider = PromptCredentialProvider;
|
|
46115
46061
|
exports.QueueFullError = QueueFullError;
|
|
46116
46062
|
exports.REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE = REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE;
|
package/dist/node/node.mjs
CHANGED
|
@@ -4435,12 +4435,12 @@ async function ensureRuntimeFactoriesRegistered(registry = Registry) {
|
|
|
4435
4435
|
}
|
|
4436
4436
|
|
|
4437
4437
|
// This file is auto-generated during build - do not edit manually
|
|
4438
|
-
// Generated from package.json version: 0.4.
|
|
4438
|
+
// Generated from package.json version: 0.4.10
|
|
4439
4439
|
/**
|
|
4440
4440
|
* The package version, injected at build time.
|
|
4441
4441
|
* @internal
|
|
4442
4442
|
*/
|
|
4443
|
-
const VERSION = '0.4.
|
|
4443
|
+
const VERSION = '0.4.10';
|
|
4444
4444
|
|
|
4445
4445
|
let initialized = false;
|
|
4446
4446
|
const runtimePlugin = {
|
|
@@ -15827,9 +15827,8 @@ function requiresCryptoProvider(config) {
|
|
|
15827
15827
|
const profile = record.profile;
|
|
15828
15828
|
if (typeof profile === 'string') {
|
|
15829
15829
|
const profileLower = profile.toLowerCase();
|
|
15830
|
-
// Overlay variants require crypto provider for envelope signing
|
|
15831
|
-
if (profileLower.includes('overlay')
|
|
15832
|
-
profileLower === 'strict-overlay') {
|
|
15830
|
+
// Overlay variants (including strict-overlay) require crypto provider for envelope signing
|
|
15831
|
+
if (profileLower.includes('overlay')) {
|
|
15833
15832
|
return true;
|
|
15834
15833
|
}
|
|
15835
15834
|
}
|
|
@@ -30791,61 +30790,11 @@ const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = 'FAME_JWT_REVERSE_AUTH_AUDIENCE';
|
|
|
30791
30790
|
const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = 'FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY';
|
|
30792
30791
|
const ENV_VAR_TRUSTED_CLIENT_SCOPE = 'FAME_TRUSTED_CLIENT_SCOPE';
|
|
30793
30792
|
const ENV_VAR_AUTHORIZATION_PROFILE = 'FAME_AUTHORIZATION_PROFILE';
|
|
30794
|
-
const PROFILE_NAME_STRICT_OVERLAY = 'strict-overlay';
|
|
30795
30793
|
const PROFILE_NAME_OVERLAY = 'overlay';
|
|
30796
30794
|
const PROFILE_NAME_OVERLAY_CALLBACK = 'overlay-callback';
|
|
30797
30795
|
const PROFILE_NAME_GATED = 'gated';
|
|
30798
30796
|
const PROFILE_NAME_GATED_CALLBACK = 'gated-callback';
|
|
30799
30797
|
const PROFILE_NAME_OPEN$1 = 'open';
|
|
30800
|
-
const STRICT_OVERLAY_PROFILE = {
|
|
30801
|
-
type: 'DefaultSecurityManager',
|
|
30802
|
-
security_policy: {
|
|
30803
|
-
type: 'DefaultSecurityPolicy',
|
|
30804
|
-
signing: {
|
|
30805
|
-
signing_material: 'x509-chain',
|
|
30806
|
-
require_cert_sid_match: true,
|
|
30807
|
-
inbound: {
|
|
30808
|
-
signature_policy: 'required',
|
|
30809
|
-
unsigned_violation_action: 'nack',
|
|
30810
|
-
invalid_signature_action: 'nack',
|
|
30811
|
-
},
|
|
30812
|
-
response: {
|
|
30813
|
-
mirror_request_signing: true,
|
|
30814
|
-
always_sign_responses: false,
|
|
30815
|
-
sign_error_responses: true,
|
|
30816
|
-
},
|
|
30817
|
-
outbound: {
|
|
30818
|
-
default_signing: true,
|
|
30819
|
-
sign_sensitive_operations: true,
|
|
30820
|
-
sign_if_recipient_expects: true,
|
|
30821
|
-
},
|
|
30822
|
-
},
|
|
30823
|
-
encryption: {
|
|
30824
|
-
inbound: {
|
|
30825
|
-
allow_plaintext: true,
|
|
30826
|
-
allow_channel: true,
|
|
30827
|
-
allow_sealed: true,
|
|
30828
|
-
plaintext_violation_action: 'nack',
|
|
30829
|
-
channel_violation_action: 'nack',
|
|
30830
|
-
sealed_violation_action: 'nack',
|
|
30831
|
-
},
|
|
30832
|
-
response: {
|
|
30833
|
-
mirror_request_level: true,
|
|
30834
|
-
minimum_response_level: 'plaintext',
|
|
30835
|
-
escalate_sealed_responses: false,
|
|
30836
|
-
},
|
|
30837
|
-
outbound: {
|
|
30838
|
-
default_level: Expressions.env(ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, 'channel'),
|
|
30839
|
-
escalate_if_peer_supports: false,
|
|
30840
|
-
prefer_sealed_for_sensitive: false,
|
|
30841
|
-
},
|
|
30842
|
-
},
|
|
30843
|
-
},
|
|
30844
|
-
authorizer: {
|
|
30845
|
-
type: 'AuthorizationProfile',
|
|
30846
|
-
profile: Expressions.env(ENV_VAR_AUTHORIZATION_PROFILE, 'jwt'),
|
|
30847
|
-
},
|
|
30848
|
-
};
|
|
30849
30798
|
const OVERLAY_PROFILE = {
|
|
30850
30799
|
type: 'DefaultSecurityManager',
|
|
30851
30800
|
security_policy: {
|
|
@@ -31048,7 +30997,6 @@ const OPEN_PROFILE$1 = {
|
|
|
31048
30997
|
};
|
|
31049
30998
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY, OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
31050
30999
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY_CALLBACK, OVERLAY_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
31051
|
-
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_STRICT_OVERLAY, STRICT_OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
31052
31000
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED, GATED_PROFILE, { source: 'node-security-profile-factory' });
|
|
31053
31001
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED_CALLBACK, GATED_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
31054
31002
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OPEN$1, OPEN_PROFILE$1, { source: 'node-security-profile-factory' });
|
|
@@ -31185,7 +31133,6 @@ var nodeSecurityProfileFactory = /*#__PURE__*/Object.freeze({
|
|
|
31185
31133
|
PROFILE_NAME_OPEN: PROFILE_NAME_OPEN$1,
|
|
31186
31134
|
PROFILE_NAME_OVERLAY: PROFILE_NAME_OVERLAY,
|
|
31187
31135
|
PROFILE_NAME_OVERLAY_CALLBACK: PROFILE_NAME_OVERLAY_CALLBACK,
|
|
31188
|
-
PROFILE_NAME_STRICT_OVERLAY: PROFILE_NAME_STRICT_OVERLAY,
|
|
31189
31136
|
default: NodeSecurityProfileFactory
|
|
31190
31137
|
});
|
|
31191
31138
|
|
|
@@ -45956,4 +45903,4 @@ var otelSetup = /*#__PURE__*/Object.freeze({
|
|
|
45956
45903
|
setupOtel: setupOtel
|
|
45957
45904
|
});
|
|
45958
45905
|
|
|
45959
|
-
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY$1 as AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY, ENV_VAR_HMAC_SECRET$1 as AUTH_PROFILE_ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL$1 as AUTH_PROFILE_ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$3 as AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$3 as AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_TRUSTED_CLIENT_SCOPE$1 as AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE, PROFILE_NAME_DEFAULT as AUTH_PROFILE_NAME_DEFAULT, PROFILE_NAME_NOOP$2 as AUTH_PROFILE_NAME_NOOP, PROFILE_NAME_OAUTH2 as AUTH_PROFILE_NAME_OAUTH2, PROFILE_NAME_OAUTH2_CALLBACK as AUTH_PROFILE_NAME_OAUTH2_CALLBACK, PROFILE_NAME_OAUTH2_GATED as AUTH_PROFILE_NAME_OAUTH2_GATED, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizationPolicyFactory, AuthorizationPolicySourceFactory, AuthorizationProfileFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BasicAuthorizationPolicy, BasicAuthorizationPolicyFactory, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CONNECTION_RETRY_POLICY_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectionRetryPolicyFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$10 as DEFAULT_WELCOME_FACTORY_META, DefaultConnectionRetryPolicy, DefaultConnectionRetryPolicyFactory, DefaultCryptoProvider, DefaultHttpServer, DefaultKeyManager, DefaultNodeIdentityPolicy, DefaultNodeIdentityPolicyFactory, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_AUTHORIZATION_PROFILE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$2 as ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SESSION_MAX_INITIAL_ATTEMPTS, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$11 as FACTORY_META, FAME_FABRIC_FACTORY_BASE_TYPE, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, HttpListener, HttpStatelessConnector, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageListener, InProcessFameFabric, InProcessFameFabricFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KNOWN_POLICY_FIELDS, KNOWN_RULE_FIELDS, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MAX_SCOPE_NESTING_DEPTH, MemoryMetricsEmitter, NODE_IDENTITY_POLICY_FACTORY_BASE_TYPE, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodeIdentityPolicyFactory, NodeIdentityPolicyProfileFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NoopTrustStoreProvider, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, QueueFullError, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, SQLiteKeyValueStore, SQLiteStorageProvider, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_LISTENER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenSubjectNodeIdentityPolicy, TokenSubjectNodeIdentityPolicyFactory, TokenVerifierFactory, TransportListener, TransportListenerFactory, TransportProvisionerFactory, TrustStoreProviderFactory, TtlValidationError, UpstreamSessionManager, VALID_ACTIONS, VALID_CURVES_BY_KTY, VALID_EFFECTS, VALID_KEY_USES, VALID_ORIGIN_TYPES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketListener, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, assertNotRegexPattern, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, clearProfiles, color, compareCryptoLevels, compileGlobOnlyScopeRequirement, compileGlobPattern, compilePattern, compileScopeRequirement, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createJwksRouter, createLogicalUri, createNodeDeliveryContext, createApp as createOAuth2ServerApp, createOAuth2TokenRouter, createOpenIDConfigurationRouter, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, evaluateScopeRequirement, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCompiledGlobPattern, getCurrentEnvelope, getFabricForNode, getFameRoot, getHttpListenerInstance, getInPageListenerInstance, getKeyProvider, getKeyStore, getLogger, getProfile, getWebsocketListenerInstance, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isIdentityExposingTokenProvider, isInPageConnectionGrant, isNodeLike, isPlainObject$4 as isPlainObject, isPoolAddress, isPoolLogical, isRegexPattern, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, listProfiles, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchPattern, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeExtendedFameConfig, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeScopeRequirement, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerProfile, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, main as runOAuth2Server, safeColor, safeImport, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
|
|
45906
|
+
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY$1 as AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY, ENV_VAR_HMAC_SECRET$1 as AUTH_PROFILE_ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL$1 as AUTH_PROFILE_ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$3 as AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$3 as AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_TRUSTED_CLIENT_SCOPE$1 as AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE, PROFILE_NAME_DEFAULT as AUTH_PROFILE_NAME_DEFAULT, PROFILE_NAME_NOOP$2 as AUTH_PROFILE_NAME_NOOP, PROFILE_NAME_OAUTH2 as AUTH_PROFILE_NAME_OAUTH2, PROFILE_NAME_OAUTH2_CALLBACK as AUTH_PROFILE_NAME_OAUTH2_CALLBACK, PROFILE_NAME_OAUTH2_GATED as AUTH_PROFILE_NAME_OAUTH2_GATED, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizationPolicyFactory, AuthorizationPolicySourceFactory, AuthorizationProfileFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BasicAuthorizationPolicy, BasicAuthorizationPolicyFactory, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CONNECTION_RETRY_POLICY_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectionRetryPolicyFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$10 as DEFAULT_WELCOME_FACTORY_META, DefaultConnectionRetryPolicy, DefaultConnectionRetryPolicyFactory, DefaultCryptoProvider, DefaultHttpServer, DefaultKeyManager, DefaultNodeIdentityPolicy, DefaultNodeIdentityPolicyFactory, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_AUTHORIZATION_PROFILE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$2 as ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SESSION_MAX_INITIAL_ATTEMPTS, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$11 as FACTORY_META, FAME_FABRIC_FACTORY_BASE_TYPE, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, HttpListener, HttpStatelessConnector, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageListener, InProcessFameFabric, InProcessFameFabricFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KNOWN_POLICY_FIELDS, KNOWN_RULE_FIELDS, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MAX_SCOPE_NESTING_DEPTH, MemoryMetricsEmitter, NODE_IDENTITY_POLICY_FACTORY_BASE_TYPE, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodeIdentityPolicyFactory, NodeIdentityPolicyProfileFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NoopTrustStoreProvider, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PromptCredentialProvider, QueueFullError, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, SQLiteKeyValueStore, SQLiteStorageProvider, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_LISTENER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenSubjectNodeIdentityPolicy, TokenSubjectNodeIdentityPolicyFactory, TokenVerifierFactory, TransportListener, TransportListenerFactory, TransportProvisionerFactory, TrustStoreProviderFactory, TtlValidationError, UpstreamSessionManager, VALID_ACTIONS, VALID_CURVES_BY_KTY, VALID_EFFECTS, VALID_KEY_USES, VALID_ORIGIN_TYPES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketListener, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, assertNotRegexPattern, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, clearProfiles, color, compareCryptoLevels, compileGlobOnlyScopeRequirement, compileGlobPattern, compilePattern, compileScopeRequirement, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createJwksRouter, createLogicalUri, createNodeDeliveryContext, createApp as createOAuth2ServerApp, createOAuth2TokenRouter, createOpenIDConfigurationRouter, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, evaluateScopeRequirement, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCompiledGlobPattern, getCurrentEnvelope, getFabricForNode, getFameRoot, getHttpListenerInstance, getInPageListenerInstance, getKeyProvider, getKeyStore, getLogger, getProfile, getWebsocketListenerInstance, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isIdentityExposingTokenProvider, isInPageConnectionGrant, isNodeLike, isPlainObject$4 as isPlainObject, isPoolAddress, isPoolLogical, isRegexPattern, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, listProfiles, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchPattern, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeExtendedFameConfig, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeScopeRequirement, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerProfile, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, main as runOAuth2Server, safeColor, safeImport, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
|
|
@@ -80,4 +80,4 @@ export * from './credential/browser-auto-key-credential-provider.js';
|
|
|
80
80
|
export * from './credential/browser-wrapped-key-credential-provider.js';
|
|
81
81
|
export * from './credential/session-key-credential-provider.js';
|
|
82
82
|
export * from './credential/dev-fixed-key-credential-provider.js';
|
|
83
|
-
export { ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWKS_URL, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_AUTHORIZATION_PROFILE,
|
|
83
|
+
export { ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWKS_URL, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_AUTHORIZATION_PROFILE, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN, } from './node-security-profile-factory.js';
|
|
@@ -13,7 +13,6 @@ export declare const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = "FAME_JWT_REVERSE_AUTH_
|
|
|
13
13
|
export declare const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = "FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY";
|
|
14
14
|
export declare const ENV_VAR_TRUSTED_CLIENT_SCOPE = "FAME_TRUSTED_CLIENT_SCOPE";
|
|
15
15
|
export declare const ENV_VAR_AUTHORIZATION_PROFILE = "FAME_AUTHORIZATION_PROFILE";
|
|
16
|
-
export declare const PROFILE_NAME_STRICT_OVERLAY = "strict-overlay";
|
|
17
16
|
export declare const PROFILE_NAME_OVERLAY = "overlay";
|
|
18
17
|
export declare const PROFILE_NAME_OVERLAY_CALLBACK = "overlay-callback";
|
|
19
18
|
export declare const PROFILE_NAME_GATED = "gated";
|
package/dist/types/version.d.ts
CHANGED