@nest-boot/auth 7.9.5 → 7.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/mikro-orm-adapter.js.map +1 -1
- package/dist/adapters/mikro-orm-adapter.spec.js +263 -11
- package/dist/adapters/mikro-orm-adapter.spec.js.map +1 -1
- package/dist/auth.guard.d.ts +6 -0
- package/dist/auth.guard.js +12 -4
- package/dist/auth.guard.js.map +1 -1
- package/dist/auth.guard.spec.js +66 -0
- package/dist/auth.guard.spec.js.map +1 -1
- package/dist/auth.middleware.spec.d.ts +1 -0
- package/dist/auth.middleware.spec.js +139 -0
- package/dist/auth.middleware.spec.js.map +1 -0
- package/dist/auth.module.d.ts +1 -1
- package/dist/auth.module.js +33 -20
- package/dist/auth.module.js.map +1 -1
- package/dist/auth.module.spec.d.ts +1 -0
- package/dist/auth.module.spec.js +611 -0
- package/dist/auth.module.spec.js.map +1 -0
- package/dist/auth.service.d.ts +1 -1
- package/dist/auth.service.spec.d.ts +1 -0
- package/dist/auth.service.spec.js +26 -0
- package/dist/auth.service.spec.js.map +1 -0
- package/dist/auth.transaction-context.spec.d.ts +1 -0
- package/dist/auth.transaction-context.spec.js +20 -0
- package/dist/auth.transaction-context.spec.js.map +1 -0
- package/dist/decorators/auth.decorators.spec.d.ts +1 -0
- package/dist/decorators/auth.decorators.spec.js +87 -0
- package/dist/decorators/auth.decorators.spec.js.map +1 -0
- package/dist/entities/entities.spec.d.ts +1 -0
- package/dist/entities/entities.spec.js +80 -0
- package/dist/entities/entities.spec.js.map +1 -0
- package/dist/index.spec.d.ts +1 -0
- package/dist/index.spec.js +73 -0
- package/dist/index.spec.js.map +1 -0
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/dist/utils/assert-no-duplicate-generic-oauth-plugin.d.ts +2 -0
- package/dist/utils/assert-no-duplicate-generic-oauth-plugin.js +11 -0
- package/dist/utils/assert-no-duplicate-generic-oauth-plugin.js.map +1 -0
- package/dist/utils/assert-no-duplicate-generic-oauth-plugin.spec.d.ts +1 -0
- package/dist/utils/assert-no-duplicate-generic-oauth-plugin.spec.js +29 -0
- package/dist/utils/assert-no-duplicate-generic-oauth-plugin.spec.js.map +1 -0
- package/dist/utils/create-email-and-password-config.d.ts +4 -0
- package/dist/utils/create-email-and-password-config.js +21 -0
- package/dist/utils/create-email-and-password-config.js.map +1 -0
- package/dist/utils/create-email-and-password-config.spec.d.ts +1 -0
- package/dist/utils/create-email-and-password-config.spec.js +66 -0
- package/dist/utils/create-email-and-password-config.spec.js.map +1 -0
- package/dist/utils/create-oidc-config.d.ts +2 -0
- package/dist/utils/create-oidc-config.js +22 -0
- package/dist/utils/create-oidc-config.js.map +1 -0
- package/dist/utils/create-oidc-config.spec.d.ts +1 -0
- package/dist/utils/create-oidc-config.spec.js +73 -0
- package/dist/utils/create-oidc-config.spec.js.map +1 -0
- package/dist/utils/create-social-provider-config.d.ts +6 -0
- package/dist/utils/create-social-provider-config.js +40 -0
- package/dist/utils/create-social-provider-config.js.map +1 -0
- package/dist/utils/create-social-provider-config.spec.d.ts +1 -0
- package/dist/utils/create-social-provider-config.spec.js +139 -0
- package/dist/utils/create-social-provider-config.spec.js.map +1 -0
- package/dist/utils/create-social-providers-config.d.ts +4 -0
- package/dist/utils/create-social-providers-config.js +17 -0
- package/dist/utils/create-social-providers-config.js.map +1 -0
- package/dist/utils/create-social-providers-config.spec.d.ts +1 -0
- package/dist/utils/create-social-providers-config.spec.js +63 -0
- package/dist/utils/create-social-providers-config.spec.js.map +1 -0
- package/dist/utils/estimate-entropy.spec.d.ts +1 -0
- package/dist/utils/estimate-entropy.spec.js +13 -0
- package/dist/utils/estimate-entropy.spec.js.map +1 -0
- package/dist/utils/generic-oauth-provider-config.type.d.ts +3 -0
- package/dist/utils/generic-oauth-provider-config.type.js +3 -0
- package/dist/utils/generic-oauth-provider-config.type.js.map +1 -0
- package/dist/utils/has-oidc-env-config.d.ts +1 -0
- package/dist/utils/has-oidc-env-config.js +8 -0
- package/dist/utils/has-oidc-env-config.js.map +1 -0
- package/dist/utils/has-oidc-env-config.spec.d.ts +1 -0
- package/dist/utils/has-oidc-env-config.spec.js +23 -0
- package/dist/utils/has-oidc-env-config.spec.js.map +1 -0
- package/dist/utils/has-social-provider-credential-env-config.d.ts +2 -0
- package/dist/utils/has-social-provider-credential-env-config.js +10 -0
- package/dist/utils/has-social-provider-credential-env-config.js.map +1 -0
- package/dist/utils/has-social-provider-credential-env-config.spec.d.ts +1 -0
- package/dist/utils/has-social-provider-credential-env-config.spec.js +33 -0
- package/dist/utils/has-social-provider-credential-env-config.spec.js.map +1 -0
- package/dist/utils/has-social-provider-env-config.d.ts +2 -0
- package/dist/utils/has-social-provider-env-config.js +8 -0
- package/dist/utils/has-social-provider-env-config.js.map +1 -0
- package/dist/utils/has-social-provider-env-config.spec.d.ts +1 -0
- package/dist/utils/has-social-provider-env-config.spec.js +34 -0
- package/dist/utils/has-social-provider-env-config.spec.js.map +1 -0
- package/dist/utils/is-env-true.d.ts +1 -0
- package/dist/utils/is-env-true.js +7 -0
- package/dist/utils/is-env-true.js.map +1 -0
- package/dist/utils/is-env-true.spec.d.ts +1 -0
- package/dist/utils/is-env-true.spec.js +20 -0
- package/dist/utils/is-env-true.spec.js.map +1 -0
- package/dist/utils/oidc.constants.d.ts +5 -0
- package/dist/utils/oidc.constants.js +27 -0
- package/dist/utils/oidc.constants.js.map +1 -0
- package/dist/utils/resolve-oidc-prompt.d.ts +2 -0
- package/dist/utils/resolve-oidc-prompt.js +16 -0
- package/dist/utils/resolve-oidc-prompt.js.map +1 -0
- package/dist/utils/resolve-oidc-prompt.spec.d.ts +1 -0
- package/dist/utils/resolve-oidc-prompt.spec.js +28 -0
- package/dist/utils/resolve-oidc-prompt.spec.js.map +1 -0
- package/dist/utils/resolve-oidc-scopes.d.ts +1 -0
- package/dist/utils/resolve-oidc-scopes.js +10 -0
- package/dist/utils/resolve-oidc-scopes.js.map +1 -0
- package/dist/utils/resolve-oidc-scopes.spec.d.ts +1 -0
- package/dist/utils/resolve-oidc-scopes.spec.js +16 -0
- package/dist/utils/resolve-oidc-scopes.spec.js.map +1 -0
- package/dist/utils/resolve-required-oidc-env.d.ts +2 -0
- package/dist/utils/resolve-required-oidc-env.js +12 -0
- package/dist/utils/resolve-required-oidc-env.js.map +1 -0
- package/dist/utils/resolve-required-oidc-env.spec.d.ts +1 -0
- package/dist/utils/resolve-required-oidc-env.spec.js +22 -0
- package/dist/utils/resolve-required-oidc-env.spec.js.map +1 -0
- package/dist/utils/resolve-required-social-provider-env.d.ts +2 -0
- package/dist/utils/resolve-required-social-provider-env.js +15 -0
- package/dist/utils/resolve-required-social-provider-env.js.map +1 -0
- package/dist/utils/resolve-required-social-provider-env.spec.d.ts +1 -0
- package/dist/utils/resolve-required-social-provider-env.spec.js +29 -0
- package/dist/utils/resolve-required-social-provider-env.spec.js.map +1 -0
- package/dist/utils/resolve-secret.d.ts +2 -0
- package/dist/utils/resolve-secret.js +27 -0
- package/dist/utils/resolve-secret.js.map +1 -0
- package/dist/utils/resolve-secret.spec.d.ts +1 -0
- package/dist/utils/resolve-secret.spec.js +34 -0
- package/dist/utils/resolve-secret.spec.js.map +1 -0
- package/dist/utils/resolve-social-provider-enabled.d.ts +2 -0
- package/dist/utils/resolve-social-provider-enabled.js +9 -0
- package/dist/utils/resolve-social-provider-enabled.js.map +1 -0
- package/dist/utils/resolve-social-provider-enabled.spec.d.ts +1 -0
- package/dist/utils/resolve-social-provider-enabled.spec.js +20 -0
- package/dist/utils/resolve-social-provider-enabled.spec.js.map +1 -0
- package/dist/utils/social-provider.constants.d.ts +22 -0
- package/dist/utils/social-provider.constants.js +34 -0
- package/dist/utils/social-provider.constants.js.map +1 -0
- package/package.json +9 -8
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"generic-oauth-provider-config.type.js","sourceRoot":"","sources":["../../src/utils/generic-oauth-provider-config.type.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function hasOidcEnvConfig(): boolean;
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.hasOidcEnvConfig = hasOidcEnvConfig;
|
|
4
|
+
const oidc_constants_1 = require("./oidc.constants");
|
|
5
|
+
function hasOidcEnvConfig() {
|
|
6
|
+
return oidc_constants_1.OIDC_ENV_NAMES.some((name) => process.env[name] !== undefined);
|
|
7
|
+
}
|
|
8
|
+
//# sourceMappingURL=has-oidc-env-config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"has-oidc-env-config.js","sourceRoot":"","sources":["../../src/utils/has-oidc-env-config.ts"],"names":[],"mappings":";;AAEA,4CAEC;AAJD,qDAAkD;AAElD,SAAgB,gBAAgB;IAC9B,OAAO,+BAAc,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC;AACxE,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const has_oidc_env_config_1 = require("./has-oidc-env-config");
|
|
4
|
+
const oidc_constants_1 = require("./oidc.constants");
|
|
5
|
+
describe("hasOidcEnvConfig", () => {
|
|
6
|
+
beforeEach(() => {
|
|
7
|
+
delete process.env.AUTH_OIDC_CLIENT_ID;
|
|
8
|
+
delete process.env.AUTH_OIDC_CLIENT_SECRET;
|
|
9
|
+
delete process.env.AUTH_OIDC_DISCOVERY_URL;
|
|
10
|
+
delete process.env.AUTH_OIDC_DISABLE_SIGNUP;
|
|
11
|
+
delete process.env.AUTH_OIDC_ENABLED;
|
|
12
|
+
delete process.env.AUTH_OIDC_PROMPT;
|
|
13
|
+
delete process.env.AUTH_OIDC_SCOPES;
|
|
14
|
+
});
|
|
15
|
+
it("should return false when OIDC env is not configured", () => {
|
|
16
|
+
expect((0, has_oidc_env_config_1.hasOidcEnvConfig)()).toBe(false);
|
|
17
|
+
});
|
|
18
|
+
it.each(oidc_constants_1.OIDC_ENV_NAMES)("should return true when %s is configured", (name) => {
|
|
19
|
+
process.env[name] = "";
|
|
20
|
+
expect((0, has_oidc_env_config_1.hasOidcEnvConfig)()).toBe(true);
|
|
21
|
+
});
|
|
22
|
+
});
|
|
23
|
+
//# sourceMappingURL=has-oidc-env-config.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"has-oidc-env-config.spec.js","sourceRoot":"","sources":["../../src/utils/has-oidc-env-config.spec.ts"],"names":[],"mappings":";;AAAA,+DAAyD;AACzD,qDAAkD;AAElD,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACvC,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QAC3C,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QAC3C,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;QAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACrC,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QACpC,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,CAAC,IAAA,sCAAgB,GAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,IAAI,CAAC,+BAAc,CAAC,CACrB,0CAA0C,EAC1C,CAAC,IAAI,EAAE,EAAE;QACP,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,CAAC,IAAA,sCAAgB,GAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.hasSocialProviderCredentialEnvConfig = hasSocialProviderCredentialEnvConfig;
|
|
4
|
+
const social_provider_constants_1 = require("./social-provider.constants");
|
|
5
|
+
function hasSocialProviderCredentialEnvConfig(provider) {
|
|
6
|
+
const config = social_provider_constants_1.SOCIAL_PROVIDER_ENV_CONFIGS[provider];
|
|
7
|
+
return (process.env[config.clientId] !== undefined ||
|
|
8
|
+
process.env[config.clientSecret] !== undefined);
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=has-social-provider-credential-env-config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"has-social-provider-credential-env-config.js","sourceRoot":"","sources":["../../src/utils/has-social-provider-credential-env-config.ts"],"names":[],"mappings":";;AAKA,oFASC;AAdD,2EAGqC;AAErC,SAAgB,oCAAoC,CAClD,QAA0B;IAE1B,MAAM,MAAM,GAAG,uDAA2B,CAAC,QAAQ,CAAC,CAAC;IAErD,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,SAAS;QAC1C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,SAAS,CAC/C,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const has_social_provider_credential_env_config_1 = require("./has-social-provider-credential-env-config");
|
|
4
|
+
describe("hasSocialProviderCredentialEnvConfig", () => {
|
|
5
|
+
beforeEach(() => {
|
|
6
|
+
delete process.env.AUTH_GITHUB_CLIENT_ID;
|
|
7
|
+
delete process.env.AUTH_GITHUB_CLIENT_SECRET;
|
|
8
|
+
delete process.env.AUTH_GITHUB_DISABLE_SIGNUP;
|
|
9
|
+
delete process.env.AUTH_GITHUB_ENABLED;
|
|
10
|
+
delete process.env.AUTH_GOOGLE_CLIENT_ID;
|
|
11
|
+
delete process.env.AUTH_GOOGLE_CLIENT_SECRET;
|
|
12
|
+
delete process.env.AUTH_GOOGLE_DISABLE_SIGNUP;
|
|
13
|
+
delete process.env.AUTH_GOOGLE_ENABLED;
|
|
14
|
+
});
|
|
15
|
+
it("should return false when only disable signup env is configured", () => {
|
|
16
|
+
process.env.AUTH_GOOGLE_DISABLE_SIGNUP = "true";
|
|
17
|
+
expect((0, has_social_provider_credential_env_config_1.hasSocialProviderCredentialEnvConfig)("google")).toBe(false);
|
|
18
|
+
});
|
|
19
|
+
it("should return false when only enabled env is configured", () => {
|
|
20
|
+
process.env.AUTH_GOOGLE_ENABLED = "true";
|
|
21
|
+
expect((0, has_social_provider_credential_env_config_1.hasSocialProviderCredentialEnvConfig)("google")).toBe(false);
|
|
22
|
+
});
|
|
23
|
+
it.each([
|
|
24
|
+
["github", "AUTH_GITHUB_CLIENT_ID"],
|
|
25
|
+
["github", "AUTH_GITHUB_CLIENT_SECRET"],
|
|
26
|
+
["google", "AUTH_GOOGLE_CLIENT_ID"],
|
|
27
|
+
["google", "AUTH_GOOGLE_CLIENT_SECRET"],
|
|
28
|
+
])("should return true when %s credential env %s is configured", (provider, name) => {
|
|
29
|
+
process.env[name] = "";
|
|
30
|
+
expect((0, has_social_provider_credential_env_config_1.hasSocialProviderCredentialEnvConfig)(provider)).toBe(true);
|
|
31
|
+
});
|
|
32
|
+
});
|
|
33
|
+
//# sourceMappingURL=has-social-provider-credential-env-config.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"has-social-provider-credential-env-config.spec.js","sourceRoot":"","sources":["../../src/utils/has-social-provider-credential-env-config.spec.ts"],"names":[],"mappings":";;AAAA,2GAAmG;AAEnG,QAAQ,CAAC,sCAAsC,EAAE,GAAG,EAAE;IACpD,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QACzC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAC7C,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACvC,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QACzC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAC7C,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,OAAO,CAAC,GAAG,CAAC,0BAA0B,GAAG,MAAM,CAAC;QAEhD,MAAM,CAAC,IAAA,gFAAoC,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,MAAM,CAAC;QAEzC,MAAM,CAAC,IAAA,gFAAoC,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,IAAI,CAAC;QACN,CAAC,QAAQ,EAAE,uBAAuB,CAAC;QACnC,CAAC,QAAQ,EAAE,2BAA2B,CAAC;QACvC,CAAC,QAAQ,EAAE,uBAAuB,CAAC;QACnC,CAAC,QAAQ,EAAE,2BAA2B,CAAC;KAC/B,CAAC,CACT,4DAA4D,EAC5D,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,CAAC,IAAA,gFAAoC,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpE,CAAC,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.hasSocialProviderEnvConfig = hasSocialProviderEnvConfig;
|
|
4
|
+
const social_provider_constants_1 = require("./social-provider.constants");
|
|
5
|
+
function hasSocialProviderEnvConfig(provider) {
|
|
6
|
+
return social_provider_constants_1.SOCIAL_PROVIDER_ENV_CONFIGS[provider].envNames.some((name) => process.env[name] !== undefined);
|
|
7
|
+
}
|
|
8
|
+
//# sourceMappingURL=has-social-provider-env-config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"has-social-provider-env-config.js","sourceRoot":"","sources":["../../src/utils/has-social-provider-env-config.ts"],"names":[],"mappings":";;AAKA,gEAMC;AAXD,2EAGqC;AAErC,SAAgB,0BAA0B,CACxC,QAA0B;IAE1B,OAAO,uDAA2B,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CACxD,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,SAAS,CAC1C,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const has_social_provider_env_config_1 = require("./has-social-provider-env-config");
|
|
4
|
+
const socialProviderIds = ["github", "google"];
|
|
5
|
+
const socialProviderEnvCases = [
|
|
6
|
+
["github", "AUTH_GITHUB_CLIENT_ID"],
|
|
7
|
+
["github", "AUTH_GITHUB_CLIENT_SECRET"],
|
|
8
|
+
["github", "AUTH_GITHUB_DISABLE_SIGNUP"],
|
|
9
|
+
["github", "AUTH_GITHUB_ENABLED"],
|
|
10
|
+
["google", "AUTH_GOOGLE_CLIENT_ID"],
|
|
11
|
+
["google", "AUTH_GOOGLE_CLIENT_SECRET"],
|
|
12
|
+
["google", "AUTH_GOOGLE_DISABLE_SIGNUP"],
|
|
13
|
+
["google", "AUTH_GOOGLE_ENABLED"],
|
|
14
|
+
];
|
|
15
|
+
describe("hasSocialProviderEnvConfig", () => {
|
|
16
|
+
beforeEach(() => {
|
|
17
|
+
delete process.env.AUTH_GITHUB_CLIENT_ID;
|
|
18
|
+
delete process.env.AUTH_GITHUB_CLIENT_SECRET;
|
|
19
|
+
delete process.env.AUTH_GITHUB_DISABLE_SIGNUP;
|
|
20
|
+
delete process.env.AUTH_GITHUB_ENABLED;
|
|
21
|
+
delete process.env.AUTH_GOOGLE_CLIENT_ID;
|
|
22
|
+
delete process.env.AUTH_GOOGLE_CLIENT_SECRET;
|
|
23
|
+
delete process.env.AUTH_GOOGLE_DISABLE_SIGNUP;
|
|
24
|
+
delete process.env.AUTH_GOOGLE_ENABLED;
|
|
25
|
+
});
|
|
26
|
+
it.each(socialProviderIds)("should return false when %s env is not configured", (provider) => {
|
|
27
|
+
expect((0, has_social_provider_env_config_1.hasSocialProviderEnvConfig)(provider)).toBe(false);
|
|
28
|
+
});
|
|
29
|
+
it.each(socialProviderEnvCases)("should return true when %s env %s is configured", (provider, name) => {
|
|
30
|
+
process.env[name] = "";
|
|
31
|
+
expect((0, has_social_provider_env_config_1.hasSocialProviderEnvConfig)(provider)).toBe(true);
|
|
32
|
+
});
|
|
33
|
+
});
|
|
34
|
+
//# sourceMappingURL=has-social-provider-env-config.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"has-social-provider-env-config.spec.js","sourceRoot":"","sources":["../../src/utils/has-social-provider-env-config.spec.ts"],"names":[],"mappings":";;AAAA,qFAA8E;AAE9E,MAAM,iBAAiB,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAU,CAAC;AACxD,MAAM,sBAAsB,GAAG;IAC7B,CAAC,QAAQ,EAAE,uBAAuB,CAAC;IACnC,CAAC,QAAQ,EAAE,2BAA2B,CAAC;IACvC,CAAC,QAAQ,EAAE,4BAA4B,CAAC;IACxC,CAAC,QAAQ,EAAE,qBAAqB,CAAC;IACjC,CAAC,QAAQ,EAAE,uBAAuB,CAAC;IACnC,CAAC,QAAQ,EAAE,2BAA2B,CAAC;IACvC,CAAC,QAAQ,EAAE,4BAA4B,CAAC;IACxC,CAAC,QAAQ,EAAE,qBAAqB,CAAC;CACzB,CAAC;AAEX,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IAC1C,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QACzC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAC7C,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACvC,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QACzC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAC7C,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,CACxB,mDAAmD,EACnD,CAAC,QAAQ,EAAE,EAAE;QACX,MAAM,CAAC,IAAA,2DAA0B,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3D,CAAC,CACF,CAAC;IAEF,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAC7B,iDAAiD,EACjD,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,CAAC,IAAA,2DAA0B,EAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function isEnvTrue(name: string): boolean;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"is-env-true.js","sourceRoot":"","sources":["../../src/utils/is-env-true.ts"],"names":[],"mappings":";;AAAA,8BAEC;AAFD,SAAgB,SAAS,CAAC,IAAY;IACpC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC;AACtC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const is_env_true_1 = require("./is-env-true");
|
|
4
|
+
describe("isEnvTrue", () => {
|
|
5
|
+
beforeEach(() => {
|
|
6
|
+
delete process.env.TEST_ENV_BOOLEAN;
|
|
7
|
+
});
|
|
8
|
+
it("should return true only when the env value is true", () => {
|
|
9
|
+
process.env.TEST_ENV_BOOLEAN = "true";
|
|
10
|
+
expect((0, is_env_true_1.isEnvTrue)("TEST_ENV_BOOLEAN")).toBe(true);
|
|
11
|
+
});
|
|
12
|
+
it.each(["false", "1", "TRUE", ""])("should return false for %s", (value) => {
|
|
13
|
+
process.env.TEST_ENV_BOOLEAN = value;
|
|
14
|
+
expect((0, is_env_true_1.isEnvTrue)("TEST_ENV_BOOLEAN")).toBe(false);
|
|
15
|
+
});
|
|
16
|
+
it("should return false when the env value is unset", () => {
|
|
17
|
+
expect((0, is_env_true_1.isEnvTrue)("TEST_ENV_BOOLEAN")).toBe(false);
|
|
18
|
+
});
|
|
19
|
+
});
|
|
20
|
+
//# sourceMappingURL=is-env-true.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"is-env-true.spec.js","sourceRoot":"","sources":["../../src/utils/is-env-true.spec.ts"],"names":[],"mappings":";;AAAA,+CAA0C;AAE1C,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;QAEtC,MAAM,CAAC,IAAA,uBAAS,EAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,4BAA4B,EAAE,CAAC,KAAK,EAAE,EAAE;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,KAAK,CAAC;QAErC,MAAM,CAAC,IAAA,uBAAS,EAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,CAAC,IAAA,uBAAS,EAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { OidcPrompt } from "./generic-oauth-provider-config.type";
|
|
2
|
+
export declare const OIDC_ENV_NAMES: readonly ["AUTH_OIDC_ENABLED", "AUTH_OIDC_CLIENT_ID", "AUTH_OIDC_CLIENT_SECRET", "AUTH_OIDC_DISCOVERY_URL", "AUTH_OIDC_DISABLE_SIGNUP", "AUTH_OIDC_PROMPT", "AUTH_OIDC_SCOPES"];
|
|
3
|
+
export declare const REQUIRED_OIDC_ENV_NAMES: readonly ["AUTH_OIDC_CLIENT_ID", "AUTH_OIDC_CLIENT_SECRET", "AUTH_OIDC_DISCOVERY_URL"];
|
|
4
|
+
export declare const OIDC_PROMPTS: readonly OidcPrompt[];
|
|
5
|
+
export type RequiredOidcEnvName = (typeof REQUIRED_OIDC_ENV_NAMES)[number];
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.OIDC_PROMPTS = exports.REQUIRED_OIDC_ENV_NAMES = exports.OIDC_ENV_NAMES = void 0;
|
|
4
|
+
exports.OIDC_ENV_NAMES = [
|
|
5
|
+
"AUTH_OIDC_ENABLED",
|
|
6
|
+
"AUTH_OIDC_CLIENT_ID",
|
|
7
|
+
"AUTH_OIDC_CLIENT_SECRET",
|
|
8
|
+
"AUTH_OIDC_DISCOVERY_URL",
|
|
9
|
+
"AUTH_OIDC_DISABLE_SIGNUP",
|
|
10
|
+
"AUTH_OIDC_PROMPT",
|
|
11
|
+
"AUTH_OIDC_SCOPES",
|
|
12
|
+
];
|
|
13
|
+
exports.REQUIRED_OIDC_ENV_NAMES = [
|
|
14
|
+
"AUTH_OIDC_CLIENT_ID",
|
|
15
|
+
"AUTH_OIDC_CLIENT_SECRET",
|
|
16
|
+
"AUTH_OIDC_DISCOVERY_URL",
|
|
17
|
+
];
|
|
18
|
+
exports.OIDC_PROMPTS = [
|
|
19
|
+
"none",
|
|
20
|
+
"login",
|
|
21
|
+
"create",
|
|
22
|
+
"consent",
|
|
23
|
+
"select_account",
|
|
24
|
+
"select_account consent",
|
|
25
|
+
"login consent",
|
|
26
|
+
];
|
|
27
|
+
//# sourceMappingURL=oidc.constants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oidc.constants.js","sourceRoot":"","sources":["../../src/utils/oidc.constants.ts"],"names":[],"mappings":";;;AAEa,QAAA,cAAc,GAAG;IAC5B,mBAAmB;IACnB,qBAAqB;IACrB,yBAAyB;IACzB,yBAAyB;IACzB,0BAA0B;IAC1B,kBAAkB;IAClB,kBAAkB;CACV,CAAC;AAEE,QAAA,uBAAuB,GAAG;IACrC,qBAAqB;IACrB,yBAAyB;IACzB,yBAAyB;CACjB,CAAC;AAEE,QAAA,YAAY,GAA0B;IACjD,MAAM;IACN,OAAO;IACP,QAAQ;IACR,SAAS;IACT,gBAAgB;IAChB,wBAAwB;IACxB,eAAe;CAChB,CAAC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.resolveOidcPrompt = resolveOidcPrompt;
|
|
4
|
+
const oidc_constants_1 = require("./oidc.constants");
|
|
5
|
+
function resolveOidcPrompt() {
|
|
6
|
+
const prompt = process.env.AUTH_OIDC_PROMPT;
|
|
7
|
+
if (!prompt) {
|
|
8
|
+
return undefined;
|
|
9
|
+
}
|
|
10
|
+
if (!oidc_constants_1.OIDC_PROMPTS.includes(prompt)) {
|
|
11
|
+
throw new Error("AUTH_OIDC_PROMPT is invalid.\n" +
|
|
12
|
+
`Set AUTH_OIDC_PROMPT to one of: ${oidc_constants_1.OIDC_PROMPTS.join(", ")}.`);
|
|
13
|
+
}
|
|
14
|
+
return prompt;
|
|
15
|
+
}
|
|
16
|
+
//# sourceMappingURL=resolve-oidc-prompt.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-oidc-prompt.js","sourceRoot":"","sources":["../../src/utils/resolve-oidc-prompt.ts"],"names":[],"mappings":";;AAMA,8CAeC;AAjBD,qDAAgD;AAEhD,SAAgB,iBAAiB;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAE5C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,6BAAY,CAAC,QAAQ,CAAC,MAAoB,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CACb,gCAAgC;YAC9B,mCAAmC,6BAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAChE,CAAC;IACJ,CAAC;IAED,OAAO,MAAoB,CAAC;AAC9B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const resolve_oidc_prompt_1 = require("./resolve-oidc-prompt");
|
|
4
|
+
describe("resolveOidcPrompt", () => {
|
|
5
|
+
beforeEach(() => {
|
|
6
|
+
delete process.env.AUTH_OIDC_PROMPT;
|
|
7
|
+
});
|
|
8
|
+
it("should return undefined when AUTH_OIDC_PROMPT is unset", () => {
|
|
9
|
+
expect((0, resolve_oidc_prompt_1.resolveOidcPrompt)()).toBeUndefined();
|
|
10
|
+
});
|
|
11
|
+
it.each([
|
|
12
|
+
"none",
|
|
13
|
+
"login",
|
|
14
|
+
"create",
|
|
15
|
+
"consent",
|
|
16
|
+
"select_account",
|
|
17
|
+
"select_account consent",
|
|
18
|
+
"login consent",
|
|
19
|
+
])("should return supported prompt %s", (prompt) => {
|
|
20
|
+
process.env.AUTH_OIDC_PROMPT = prompt;
|
|
21
|
+
expect((0, resolve_oidc_prompt_1.resolveOidcPrompt)()).toBe(prompt);
|
|
22
|
+
});
|
|
23
|
+
it("should reject unsupported prompt values", () => {
|
|
24
|
+
process.env.AUTH_OIDC_PROMPT = "invalid";
|
|
25
|
+
expect(() => (0, resolve_oidc_prompt_1.resolveOidcPrompt)()).toThrow("AUTH_OIDC_PROMPT");
|
|
26
|
+
});
|
|
27
|
+
});
|
|
28
|
+
//# sourceMappingURL=resolve-oidc-prompt.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-oidc-prompt.spec.js","sourceRoot":"","sources":["../../src/utils/resolve-oidc-prompt.spec.ts"],"names":[],"mappings":";;AAAA,+DAA0D;AAE1D,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,CAAC,IAAA,uCAAiB,GAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,IAAI,CAAC;QACN,MAAM;QACN,OAAO;QACP,QAAQ;QACR,SAAS;QACT,gBAAgB;QAChB,wBAAwB;QACxB,eAAe;KAChB,CAAC,CAAC,mCAAmC,EAAE,CAAC,MAAM,EAAE,EAAE;QACjD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;QAEtC,MAAM,CAAC,IAAA,uCAAiB,GAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,SAAS,CAAC;QAEzC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,uCAAiB,GAAE,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function resolveOidcScopes(): string[];
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.resolveOidcScopes = resolveOidcScopes;
|
|
4
|
+
function resolveOidcScopes() {
|
|
5
|
+
return (process.env.AUTH_OIDC_SCOPES ?? "openid,profile,email")
|
|
6
|
+
.split(",")
|
|
7
|
+
.map((scope) => scope.trim())
|
|
8
|
+
.filter(Boolean);
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=resolve-oidc-scopes.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-oidc-scopes.js","sourceRoot":"","sources":["../../src/utils/resolve-oidc-scopes.ts"],"names":[],"mappings":";;AAAA,8CAKC;AALD,SAAgB,iBAAiB;IAC/B,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,sBAAsB,CAAC;SAC5D,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const resolve_oidc_scopes_1 = require("./resolve-oidc-scopes");
|
|
4
|
+
describe("resolveOidcScopes", () => {
|
|
5
|
+
beforeEach(() => {
|
|
6
|
+
delete process.env.AUTH_OIDC_SCOPES;
|
|
7
|
+
});
|
|
8
|
+
it("should return default scopes when AUTH_OIDC_SCOPES is unset", () => {
|
|
9
|
+
expect((0, resolve_oidc_scopes_1.resolveOidcScopes)()).toEqual(["openid", "profile", "email"]);
|
|
10
|
+
});
|
|
11
|
+
it("should trim comma-separated scopes and drop blanks", () => {
|
|
12
|
+
process.env.AUTH_OIDC_SCOPES = "openid, profile, email,";
|
|
13
|
+
expect((0, resolve_oidc_scopes_1.resolveOidcScopes)()).toEqual(["openid", "profile", "email"]);
|
|
14
|
+
});
|
|
15
|
+
});
|
|
16
|
+
//# sourceMappingURL=resolve-oidc-scopes.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-oidc-scopes.spec.js","sourceRoot":"","sources":["../../src/utils/resolve-oidc-scopes.spec.ts"],"names":[],"mappings":";;AAAA,+DAA0D;AAE1D,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,CAAC,IAAA,uCAAiB,GAAE,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,yBAAyB,CAAC;QAEzD,MAAM,CAAC,IAAA,uCAAiB,GAAE,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.resolveRequiredOidcEnv = resolveRequiredOidcEnv;
|
|
4
|
+
function resolveRequiredOidcEnv(name) {
|
|
5
|
+
const value = process.env[name];
|
|
6
|
+
if (!value) {
|
|
7
|
+
throw new Error(`${name} is required when OIDC auth is configured.\n` +
|
|
8
|
+
`Set ${name} environment variable, or set AUTH_OIDC_ENABLED=false to disable OIDC auth.`);
|
|
9
|
+
}
|
|
10
|
+
return value;
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=resolve-required-oidc-env.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-required-oidc-env.js","sourceRoot":"","sources":["../../src/utils/resolve-required-oidc-env.ts"],"names":[],"mappings":";;AAEA,wDAWC;AAXD,SAAgB,sBAAsB,CAAC,IAAyB;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEhC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,8CAA8C;YACnD,OAAO,IAAI,6EAA6E,CAC3F,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const resolve_required_oidc_env_1 = require("./resolve-required-oidc-env");
|
|
4
|
+
describe("resolveRequiredOidcEnv", () => {
|
|
5
|
+
beforeEach(() => {
|
|
6
|
+
delete process.env.AUTH_OIDC_CLIENT_ID;
|
|
7
|
+
});
|
|
8
|
+
it("should return the configured env value", () => {
|
|
9
|
+
process.env.AUTH_OIDC_CLIENT_ID = "client-id";
|
|
10
|
+
expect((0, resolve_required_oidc_env_1.resolveRequiredOidcEnv)("AUTH_OIDC_CLIENT_ID")).toBe("client-id");
|
|
11
|
+
});
|
|
12
|
+
it.each([undefined, ""])("should reject missing values", (value) => {
|
|
13
|
+
if (value === undefined) {
|
|
14
|
+
delete process.env.AUTH_OIDC_CLIENT_ID;
|
|
15
|
+
}
|
|
16
|
+
else {
|
|
17
|
+
process.env.AUTH_OIDC_CLIENT_ID = value;
|
|
18
|
+
}
|
|
19
|
+
expect(() => (0, resolve_required_oidc_env_1.resolveRequiredOidcEnv)("AUTH_OIDC_CLIENT_ID")).toThrow("AUTH_OIDC_CLIENT_ID");
|
|
20
|
+
});
|
|
21
|
+
});
|
|
22
|
+
//# sourceMappingURL=resolve-required-oidc-env.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-required-oidc-env.spec.js","sourceRoot":"","sources":["../../src/utils/resolve-required-oidc-env.spec.ts"],"names":[],"mappings":";;AAAA,2EAAqE;AAErE,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,WAAW,CAAC;QAE9C,MAAM,CAAC,IAAA,kDAAsB,EAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,8BAA8B,EAAE,CAAC,KAAK,EAAE,EAAE;QACjE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,KAAK,CAAC;QAC1C,CAAC;QAED,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,kDAAsB,EAAC,qBAAqB,CAAC,CAAC,CAAC,OAAO,CACjE,qBAAqB,CACtB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.resolveRequiredSocialProviderEnv = resolveRequiredSocialProviderEnv;
|
|
4
|
+
const social_provider_constants_1 = require("./social-provider.constants");
|
|
5
|
+
function resolveRequiredSocialProviderEnv(provider, key) {
|
|
6
|
+
const config = social_provider_constants_1.SOCIAL_PROVIDER_ENV_CONFIGS[provider];
|
|
7
|
+
const name = config[key];
|
|
8
|
+
const value = process.env[name];
|
|
9
|
+
if (!value) {
|
|
10
|
+
throw new Error(`${name} is required for ${config.displayName} auth.\n` +
|
|
11
|
+
`Set ${name} environment variable, or set ${config.enabled}=false to disable ${config.displayName} auth.`);
|
|
12
|
+
}
|
|
13
|
+
return value;
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=resolve-required-social-provider-env.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-required-social-provider-env.js","sourceRoot":"","sources":["../../src/utils/resolve-required-social-provider-env.ts"],"names":[],"mappings":";;AAMA,4EAgBC;AAtBD,2EAIqC;AAErC,SAAgB,gCAAgC,CAC9C,QAA0B,EAC1B,GAAiC;IAEjC,MAAM,MAAM,GAAG,uDAA2B,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEhC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,oBAAoB,MAAM,CAAC,WAAW,UAAU;YACrD,OAAO,IAAI,iCAAiC,MAAM,CAAC,OAAO,qBAAqB,MAAM,CAAC,WAAW,QAAQ,CAC5G,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const resolve_required_social_provider_env_1 = require("./resolve-required-social-provider-env");
|
|
4
|
+
describe("resolveRequiredSocialProviderEnv", () => {
|
|
5
|
+
beforeEach(() => {
|
|
6
|
+
delete process.env.AUTH_GITHUB_CLIENT_ID;
|
|
7
|
+
delete process.env.AUTH_GITHUB_CLIENT_SECRET;
|
|
8
|
+
delete process.env.AUTH_GITHUB_DISABLE_SIGNUP;
|
|
9
|
+
delete process.env.AUTH_GITHUB_ENABLED;
|
|
10
|
+
delete process.env.AUTH_GOOGLE_CLIENT_ID;
|
|
11
|
+
delete process.env.AUTH_GOOGLE_CLIENT_SECRET;
|
|
12
|
+
delete process.env.AUTH_GOOGLE_DISABLE_SIGNUP;
|
|
13
|
+
delete process.env.AUTH_GOOGLE_ENABLED;
|
|
14
|
+
});
|
|
15
|
+
it("should return the configured env value", () => {
|
|
16
|
+
process.env.AUTH_GOOGLE_CLIENT_ID = "google-client-id";
|
|
17
|
+
expect((0, resolve_required_social_provider_env_1.resolveRequiredSocialProviderEnv)("google", "clientId")).toBe("google-client-id");
|
|
18
|
+
});
|
|
19
|
+
it.each([undefined, ""])("should reject missing values", (value) => {
|
|
20
|
+
if (value === undefined) {
|
|
21
|
+
delete process.env.AUTH_GITHUB_CLIENT_SECRET;
|
|
22
|
+
}
|
|
23
|
+
else {
|
|
24
|
+
process.env.AUTH_GITHUB_CLIENT_SECRET = value;
|
|
25
|
+
}
|
|
26
|
+
expect(() => (0, resolve_required_social_provider_env_1.resolveRequiredSocialProviderEnv)("github", "clientSecret")).toThrow("AUTH_GITHUB_CLIENT_SECRET");
|
|
27
|
+
});
|
|
28
|
+
});
|
|
29
|
+
//# sourceMappingURL=resolve-required-social-provider-env.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-required-social-provider-env.spec.js","sourceRoot":"","sources":["../../src/utils/resolve-required-social-provider-env.spec.ts"],"names":[],"mappings":";;AAAA,iGAA0F;AAE1F,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;IAChD,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QACzC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAC7C,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACvC,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QACzC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAC7C,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAC9C,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,kBAAkB,CAAC;QAEvD,MAAM,CAAC,IAAA,uEAAgC,EAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,CACjE,kBAAkB,CACnB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,8BAA8B,EAAE,CAAC,KAAK,EAAE,EAAE;QACjE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC;QAChD,CAAC;QAED,MAAM,CAAC,GAAG,EAAE,CACV,IAAA,uEAAgC,EAAC,QAAQ,EAAE,cAAc,CAAC,CAC3D,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.resolveSecret = resolveSecret;
|
|
4
|
+
const estimate_entropy_1 = require("./estimate-entropy");
|
|
5
|
+
function resolveSecret(options) {
|
|
6
|
+
const secret = options.secret ?? process.env.AUTH_SECRET ?? process.env.APP_SECRET;
|
|
7
|
+
if (!secret) {
|
|
8
|
+
throw new Error("Auth secret is required.\n" +
|
|
9
|
+
"Set AUTH_SECRET or APP_SECRET environment variable, or pass a secret option.\n" +
|
|
10
|
+
"Generate a secure secret with:\n" +
|
|
11
|
+
" node -e \"console.log(require('crypto').randomBytes(32).toString('base64url'))\"");
|
|
12
|
+
}
|
|
13
|
+
if (secret.length < 32) {
|
|
14
|
+
throw new Error("Auth secret must be at least 32 characters long.\n" +
|
|
15
|
+
"Set AUTH_SECRET or APP_SECRET environment variable, or pass a secret option.\n" +
|
|
16
|
+
"Generate a secure secret with:\n" +
|
|
17
|
+
" node -e \"console.log(require('crypto').randomBytes(32).toString('base64url'))\"");
|
|
18
|
+
}
|
|
19
|
+
if ((0, estimate_entropy_1.estimateEntropy)(secret) < 120) {
|
|
20
|
+
throw new Error("Auth secret appears low-entropy.\n" +
|
|
21
|
+
"Use a randomly generated secret for production.\n" +
|
|
22
|
+
"Generate a secure secret with:\n" +
|
|
23
|
+
" node -e \"console.log(require('crypto').randomBytes(32).toString('base64url'))\"");
|
|
24
|
+
}
|
|
25
|
+
return secret;
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=resolve-secret.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-secret.js","sourceRoot":"","sources":["../../src/utils/resolve-secret.ts"],"names":[],"mappings":";;AAGA,sCAgCC;AAlCD,yDAAqD;AAErD,SAAgB,aAAa,CAAC,OAA0B;IACtD,MAAM,MAAM,GACV,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAEtE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,4BAA4B;YAC1B,gFAAgF;YAChF,kCAAkC;YAClC,oFAAoF,CACvF,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CACb,oDAAoD;YAClD,gFAAgF;YAChF,kCAAkC;YAClC,oFAAoF,CACvF,CAAC;IACJ,CAAC;IAED,IAAI,IAAA,kCAAe,EAAC,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CACb,oCAAoC;YAClC,mDAAmD;YACnD,kCAAkC;YAClC,oFAAoF,CACvF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const resolve_secret_1 = require("./resolve-secret");
|
|
4
|
+
describe("resolveSecret", () => {
|
|
5
|
+
const secret = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_abcdefghijklmnopqrstuvwxyz";
|
|
6
|
+
beforeEach(() => {
|
|
7
|
+
delete process.env.APP_SECRET;
|
|
8
|
+
delete process.env.AUTH_SECRET;
|
|
9
|
+
});
|
|
10
|
+
it("should prefer the explicit module option", () => {
|
|
11
|
+
process.env.AUTH_SECRET =
|
|
12
|
+
"AUTHabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_";
|
|
13
|
+
expect((0, resolve_secret_1.resolveSecret)({
|
|
14
|
+
secret,
|
|
15
|
+
})).toBe(secret);
|
|
16
|
+
});
|
|
17
|
+
it("should fall back to AUTH_SECRET and APP_SECRET env values", () => {
|
|
18
|
+
process.env.AUTH_SECRET = secret;
|
|
19
|
+
expect((0, resolve_secret_1.resolveSecret)({})).toBe(secret);
|
|
20
|
+
delete process.env.AUTH_SECRET;
|
|
21
|
+
process.env.APP_SECRET = secret;
|
|
22
|
+
expect((0, resolve_secret_1.resolveSecret)({})).toBe(secret);
|
|
23
|
+
});
|
|
24
|
+
it("should reject missing, short, or low-entropy secrets", () => {
|
|
25
|
+
expect(() => (0, resolve_secret_1.resolveSecret)({})).toThrow("Auth secret is required");
|
|
26
|
+
expect(() => (0, resolve_secret_1.resolveSecret)({
|
|
27
|
+
secret: "short",
|
|
28
|
+
})).toThrow("Auth secret must be at least 32 characters long");
|
|
29
|
+
expect(() => (0, resolve_secret_1.resolveSecret)({
|
|
30
|
+
secret: "a".repeat(32),
|
|
31
|
+
})).toThrow("Auth secret appears low-entropy");
|
|
32
|
+
});
|
|
33
|
+
});
|
|
34
|
+
//# sourceMappingURL=resolve-secret.spec.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-secret.spec.js","sourceRoot":"","sources":["../../src/utils/resolve-secret.spec.ts"],"names":[],"mappings":";;AACA,qDAAiD;AAEjD,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,MAAM,MAAM,GACV,4FAA4F,CAAC;IAE/F,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;QAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,OAAO,CAAC,GAAG,CAAC,WAAW;YACrB,sEAAsE,CAAC;QAEzE,MAAM,CACJ,IAAA,8BAAa,EAAC;YACZ,MAAM;SACc,CAAC,CACxB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACnE,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,MAAM,CAAC;QAEjC,MAAM,CAAC,IAAA,8BAAa,EAAC,EAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE5D,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC;QAEhC,MAAM,CAAC,IAAA,8BAAa,EAAC,EAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,8BAAa,EAAC,EAAuB,CAAC,CAAC,CAAC,OAAO,CAC1D,yBAAyB,CAC1B,CAAC;QACF,MAAM,CAAC,GAAG,EAAE,CACV,IAAA,8BAAa,EAAC;YACZ,MAAM,EAAE,OAAO;SACK,CAAC,CACxB,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC;QAC7D,MAAM,CAAC,GAAG,EAAE,CACV,IAAA,8BAAa,EAAC;YACZ,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;SACF,CAAC,CACxB,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.resolveSocialProviderEnabled = resolveSocialProviderEnabled;
|
|
4
|
+
const social_provider_constants_1 = require("./social-provider.constants");
|
|
5
|
+
function resolveSocialProviderEnabled(provider) {
|
|
6
|
+
const value = process.env[social_provider_constants_1.SOCIAL_PROVIDER_ENV_CONFIGS[provider].enabled];
|
|
7
|
+
return value === "true";
|
|
8
|
+
}
|
|
9
|
+
//# sourceMappingURL=resolve-social-provider-enabled.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-social-provider-enabled.js","sourceRoot":"","sources":["../../src/utils/resolve-social-provider-enabled.ts"],"names":[],"mappings":";;AAKA,oEAMC;AAXD,2EAGqC;AAErC,SAAgB,4BAA4B,CAC1C,QAA0B;IAE1B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,uDAA2B,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC;IAEzE,OAAO,KAAK,KAAK,MAAM,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|