@niledatabase/server 5.1.0 → 5.2.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +12 -2
- package/dist/index.d.ts +12 -2
- package/dist/index.js +169 -78
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +169 -78
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/index.d.mts
CHANGED
|
@@ -78,6 +78,7 @@ type Routes = {
|
|
|
78
78
|
VERIFY_EMAIL: string;
|
|
79
79
|
INVITES: string;
|
|
80
80
|
INVITE: string;
|
|
81
|
+
MULTI_FACTOR: string;
|
|
81
82
|
};
|
|
82
83
|
|
|
83
84
|
interface CreateBasicUserRequest {
|
|
@@ -124,6 +125,7 @@ interface User {
|
|
|
124
125
|
created: string;
|
|
125
126
|
updated?: string;
|
|
126
127
|
emailVerified?: string | null;
|
|
128
|
+
multiFactor?: string | null;
|
|
127
129
|
tenants: string[];
|
|
128
130
|
}
|
|
129
131
|
|
|
@@ -362,6 +364,13 @@ type ActiveSession = {
|
|
|
362
364
|
};
|
|
363
365
|
};
|
|
364
366
|
|
|
367
|
+
type MfaPayload = {
|
|
368
|
+
token?: string;
|
|
369
|
+
scope?: 'setup' | 'challenge';
|
|
370
|
+
method?: 'authenticator' | 'email';
|
|
371
|
+
code?: string;
|
|
372
|
+
remove?: boolean;
|
|
373
|
+
};
|
|
365
374
|
type SignUpPayload = {
|
|
366
375
|
email: string;
|
|
367
376
|
password: string;
|
|
@@ -495,6 +504,7 @@ declare class Auth {
|
|
|
495
504
|
email: string;
|
|
496
505
|
password: string;
|
|
497
506
|
}, rawResponse?: true): Promise<T>;
|
|
507
|
+
mfa<T = Response>(params: MfaPayload, rawResponse?: true): Promise<T>;
|
|
498
508
|
}
|
|
499
509
|
/**
|
|
500
510
|
* Extract the CSRF cookie from a set of headers.
|
|
@@ -592,7 +602,7 @@ type ExtensionResult<TParams> = {
|
|
|
592
602
|
onRequest?: (params: TParams, ctx: CTX) => void | Promise<void | RequestInit>;
|
|
593
603
|
onResponse?: (params: TParams, ctx: CTX) => void | Promise<void>;
|
|
594
604
|
onHandleRequest?: (params?: TParams) => RouteReturn | Promise<RouteReturn>;
|
|
595
|
-
onConfigure?: (
|
|
605
|
+
onConfigure?: (instance: Server) => void;
|
|
596
606
|
withUserId?: () => string;
|
|
597
607
|
withTenantId?: () => string;
|
|
598
608
|
replace?: {
|
|
@@ -602,7 +612,7 @@ type ExtensionResult<TParams> = {
|
|
|
602
612
|
type NileHandlers = RouteFunctions & {
|
|
603
613
|
withContext: CTXHandlerType;
|
|
604
614
|
};
|
|
605
|
-
type Extension<TParams = Any> = (
|
|
615
|
+
type Extension<TParams = Any> = (params?: TParams) => ExtensionResult<TParams>;
|
|
606
616
|
declare enum ExtensionState {
|
|
607
617
|
onHandleRequest = "onHandleRequest",
|
|
608
618
|
onRequest = "onRequest",
|
package/dist/index.d.ts
CHANGED
|
@@ -78,6 +78,7 @@ type Routes = {
|
|
|
78
78
|
VERIFY_EMAIL: string;
|
|
79
79
|
INVITES: string;
|
|
80
80
|
INVITE: string;
|
|
81
|
+
MULTI_FACTOR: string;
|
|
81
82
|
};
|
|
82
83
|
|
|
83
84
|
interface CreateBasicUserRequest {
|
|
@@ -124,6 +125,7 @@ interface User {
|
|
|
124
125
|
created: string;
|
|
125
126
|
updated?: string;
|
|
126
127
|
emailVerified?: string | null;
|
|
128
|
+
multiFactor?: string | null;
|
|
127
129
|
tenants: string[];
|
|
128
130
|
}
|
|
129
131
|
|
|
@@ -362,6 +364,13 @@ type ActiveSession = {
|
|
|
362
364
|
};
|
|
363
365
|
};
|
|
364
366
|
|
|
367
|
+
type MfaPayload = {
|
|
368
|
+
token?: string;
|
|
369
|
+
scope?: 'setup' | 'challenge';
|
|
370
|
+
method?: 'authenticator' | 'email';
|
|
371
|
+
code?: string;
|
|
372
|
+
remove?: boolean;
|
|
373
|
+
};
|
|
365
374
|
type SignUpPayload = {
|
|
366
375
|
email: string;
|
|
367
376
|
password: string;
|
|
@@ -495,6 +504,7 @@ declare class Auth {
|
|
|
495
504
|
email: string;
|
|
496
505
|
password: string;
|
|
497
506
|
}, rawResponse?: true): Promise<T>;
|
|
507
|
+
mfa<T = Response>(params: MfaPayload, rawResponse?: true): Promise<T>;
|
|
498
508
|
}
|
|
499
509
|
/**
|
|
500
510
|
* Extract the CSRF cookie from a set of headers.
|
|
@@ -592,7 +602,7 @@ type ExtensionResult<TParams> = {
|
|
|
592
602
|
onRequest?: (params: TParams, ctx: CTX) => void | Promise<void | RequestInit>;
|
|
593
603
|
onResponse?: (params: TParams, ctx: CTX) => void | Promise<void>;
|
|
594
604
|
onHandleRequest?: (params?: TParams) => RouteReturn | Promise<RouteReturn>;
|
|
595
|
-
onConfigure?: (
|
|
605
|
+
onConfigure?: (instance: Server) => void;
|
|
596
606
|
withUserId?: () => string;
|
|
597
607
|
withTenantId?: () => string;
|
|
598
608
|
replace?: {
|
|
@@ -602,7 +612,7 @@ type ExtensionResult<TParams> = {
|
|
|
602
612
|
type NileHandlers = RouteFunctions & {
|
|
603
613
|
withContext: CTXHandlerType;
|
|
604
614
|
};
|
|
605
|
-
type Extension<TParams = Any> = (
|
|
615
|
+
type Extension<TParams = Any> = (params?: TParams) => ExtensionResult<TParams>;
|
|
606
616
|
declare enum ExtensionState {
|
|
607
617
|
onHandleRequest = "onHandleRequest",
|
|
608
618
|
onRequest = "onRequest",
|
package/dist/index.js
CHANGED
|
@@ -57,6 +57,7 @@ var appRoutes = (prefix = DEFAULT_PREFIX) => ({
|
|
|
57
57
|
CSRF: `${prefix}${"/auth/csrf" /* CSRF */}`,
|
|
58
58
|
CALLBACK: `${prefix}${"/auth/callback" /* CALLBACK */}`,
|
|
59
59
|
SIGNOUT: `${prefix}${"/auth/signout" /* SIGNOUT */}`,
|
|
60
|
+
MULTI_FACTOR: `${prefix}${"/auth/mfa" /* MULTI_FACTOR */}`,
|
|
60
61
|
ERROR: `${prefix}/auth/error`,
|
|
61
62
|
VERIFY_REQUEST: `${prefix}/auth/verify-request`,
|
|
62
63
|
VERIFY_EMAIL: `${prefix}${"/auth/verify-email" /* VERIFY_EMAIL */}`,
|
|
@@ -96,7 +97,8 @@ var proxyRoutes = (config) => ({
|
|
|
96
97
|
ERROR: makeRestUrl(config, "/auth/error"),
|
|
97
98
|
VERIFY_REQUEST: makeRestUrl(config, "/auth/verify-request"),
|
|
98
99
|
PASSWORD_RESET: makeRestUrl(config, "/auth/reset-password" /* PASSWORD_RESET */),
|
|
99
|
-
VERIFY_EMAIL: makeRestUrl(config, "/auth/verify-email" /* VERIFY_EMAIL */)
|
|
100
|
+
VERIFY_EMAIL: makeRestUrl(config, "/auth/verify-email" /* VERIFY_EMAIL */),
|
|
101
|
+
MULTI_FACTOR: makeRestUrl(config, "/auth/mfa" /* MULTI_FACTOR */)
|
|
100
102
|
});
|
|
101
103
|
function filterNullUndefined(obj) {
|
|
102
104
|
if (!obj) {
|
|
@@ -121,9 +123,9 @@ function makeRestUrl(apiUrl, path, qp) {
|
|
|
121
123
|
const strParams = params.toString();
|
|
122
124
|
return `${[url, path.substring(1, path.length)].join("/")}${strParams ? `?${strParams}` : ""}`;
|
|
123
125
|
}
|
|
124
|
-
function urlMatches(requestUrl,
|
|
126
|
+
function urlMatches(requestUrl, route21) {
|
|
125
127
|
const url = new URL(requestUrl);
|
|
126
|
-
return url.pathname.startsWith(
|
|
128
|
+
return url.pathname.startsWith(route21);
|
|
127
129
|
}
|
|
128
130
|
function isUUID(value) {
|
|
129
131
|
if (!value) {
|
|
@@ -255,7 +257,10 @@ function bindRunExtensions(instance) {
|
|
|
255
257
|
continue;
|
|
256
258
|
}
|
|
257
259
|
const previousHeaders = new Headers(previousContext.headers);
|
|
258
|
-
|
|
260
|
+
try {
|
|
261
|
+
await ext.onRequest(_init.request, ctx);
|
|
262
|
+
} catch {
|
|
263
|
+
}
|
|
259
264
|
const updatedContext = ctx.get();
|
|
260
265
|
if (updatedContext?.headers) {
|
|
261
266
|
const cookie = updatedContext.headers.get("cookie");
|
|
@@ -298,8 +303,8 @@ function mergeCookies(...cookieStrings) {
|
|
|
298
303
|
for (const str of cookieStrings) {
|
|
299
304
|
if (!str) continue;
|
|
300
305
|
for (const part of str.split(";")) {
|
|
301
|
-
const [
|
|
302
|
-
if (
|
|
306
|
+
const [key18, value] = part.split("=").map((s) => s.trim());
|
|
307
|
+
if (key18 && value) cookieMap.set(key18, value);
|
|
303
308
|
}
|
|
304
309
|
}
|
|
305
310
|
return [...cookieMap.entries()].map(([k, v]) => `${k}=${v}`).join("; ");
|
|
@@ -359,8 +364,8 @@ var ctx = {
|
|
|
359
364
|
if (partial.headers === null) {
|
|
360
365
|
store.headers = new Headers();
|
|
361
366
|
} else if (partial.headers && store.headers instanceof Headers) {
|
|
362
|
-
for (const [
|
|
363
|
-
if (
|
|
367
|
+
for (const [key18, value] of new Headers(partial.headers).entries()) {
|
|
368
|
+
if (key18.toLowerCase() === "cookie") {
|
|
364
369
|
const existingCookies = parseCookieHeader(
|
|
365
370
|
store.headers.get("cookie") || ""
|
|
366
371
|
);
|
|
@@ -368,7 +373,7 @@ var ctx = {
|
|
|
368
373
|
const mergedCookies = { ...existingCookies, ...newCookies };
|
|
369
374
|
store.headers.set("cookie", serializeCookies(mergedCookies));
|
|
370
375
|
} else {
|
|
371
|
-
store.headers.set(
|
|
376
|
+
store.headers.set(key18, value);
|
|
372
377
|
}
|
|
373
378
|
}
|
|
374
379
|
}
|
|
@@ -388,16 +393,16 @@ async function withNileContext(config, fn, name = "unknown") {
|
|
|
388
393
|
let tenantId = existing.tenantId;
|
|
389
394
|
let userId = existing.userId;
|
|
390
395
|
if (initialContext instanceof Request) {
|
|
391
|
-
initialContext.headers.forEach((value,
|
|
392
|
-
mergedHeaders.set(
|
|
396
|
+
initialContext.headers.forEach((value, key18) => {
|
|
397
|
+
mergedHeaders.set(key18, value);
|
|
393
398
|
});
|
|
394
399
|
} else {
|
|
395
400
|
if (initialContext.headers === null) {
|
|
396
401
|
mergedHeaders = new Headers();
|
|
397
402
|
} else if (initialContext.headers) {
|
|
398
403
|
const incoming = initialContext.headers instanceof Headers ? initialContext.headers : new Headers(initialContext.headers);
|
|
399
|
-
incoming.forEach((value,
|
|
400
|
-
mergedHeaders.set(
|
|
404
|
+
incoming.forEach((value, key18) => {
|
|
405
|
+
mergedHeaders.set(key18, value);
|
|
401
406
|
});
|
|
402
407
|
}
|
|
403
408
|
if ("tenantId" in initialContext) {
|
|
@@ -408,11 +413,11 @@ async function withNileContext(config, fn, name = "unknown") {
|
|
|
408
413
|
}
|
|
409
414
|
}
|
|
410
415
|
if (extensionOverrides?.headers) {
|
|
411
|
-
for (const
|
|
412
|
-
mergedHeaders.delete(
|
|
416
|
+
for (const key18 of extensionOverrides.headers.removed) {
|
|
417
|
+
mergedHeaders.delete(key18);
|
|
413
418
|
}
|
|
414
|
-
for (const [
|
|
415
|
-
mergedHeaders.set(
|
|
419
|
+
for (const [key18, value] of extensionOverrides.headers.set) {
|
|
420
|
+
mergedHeaders.set(key18, value);
|
|
416
421
|
}
|
|
417
422
|
}
|
|
418
423
|
if (extensionOverrides?.tenantId) {
|
|
@@ -435,8 +440,8 @@ async function withNileContext(config, fn, name = "unknown") {
|
|
|
435
440
|
function serializeContext(context) {
|
|
436
441
|
const headers = {};
|
|
437
442
|
const rawHeaders = new Headers(context.headers);
|
|
438
|
-
rawHeaders.forEach((value,
|
|
439
|
-
headers[
|
|
443
|
+
rawHeaders.forEach((value, key18) => {
|
|
444
|
+
headers[key18] = value;
|
|
440
445
|
});
|
|
441
446
|
return JSON.stringify({
|
|
442
447
|
headers,
|
|
@@ -446,8 +451,8 @@ function serializeContext(context) {
|
|
|
446
451
|
}
|
|
447
452
|
function parseCookieHeader(header) {
|
|
448
453
|
return header.split(";").map((c) => c.trim()).filter(Boolean).reduce((acc, curr) => {
|
|
449
|
-
const [
|
|
450
|
-
if (
|
|
454
|
+
const [key18, ...val] = curr.split("=");
|
|
455
|
+
if (key18) acc[key18] = val.join("=");
|
|
451
456
|
return acc;
|
|
452
457
|
}, {});
|
|
453
458
|
}
|
|
@@ -503,14 +508,14 @@ function diffHeaders(before, after) {
|
|
|
503
508
|
const afterMap = headersToMap(after);
|
|
504
509
|
const set = [];
|
|
505
510
|
const removed = [];
|
|
506
|
-
for (const [
|
|
507
|
-
if (beforeMap.get(
|
|
508
|
-
set.push([
|
|
511
|
+
for (const [key18, value] of afterMap.entries()) {
|
|
512
|
+
if (beforeMap.get(key18) !== value) {
|
|
513
|
+
set.push([key18, value]);
|
|
509
514
|
}
|
|
510
515
|
}
|
|
511
|
-
for (const
|
|
512
|
-
if (!afterMap.has(
|
|
513
|
-
removed.push(
|
|
516
|
+
for (const key18 of beforeMap.keys()) {
|
|
517
|
+
if (!afterMap.has(key18)) {
|
|
518
|
+
removed.push(key18);
|
|
514
519
|
}
|
|
515
520
|
}
|
|
516
521
|
if (set.length === 0 && removed.length === 0) {
|
|
@@ -520,8 +525,8 @@ function diffHeaders(before, after) {
|
|
|
520
525
|
}
|
|
521
526
|
function headersToMap(headers) {
|
|
522
527
|
const map = /* @__PURE__ */ new Map();
|
|
523
|
-
headers.forEach((value,
|
|
524
|
-
map.set(
|
|
528
|
+
headers.forEach((value, key18) => {
|
|
529
|
+
map.set(key18.toLowerCase(), value);
|
|
525
530
|
});
|
|
526
531
|
return map;
|
|
527
532
|
}
|
|
@@ -645,7 +650,7 @@ async function request(url, _init, config) {
|
|
|
645
650
|
}
|
|
646
651
|
}
|
|
647
652
|
function getProtocolFromHeaders(headers) {
|
|
648
|
-
const get = (
|
|
653
|
+
const get = (key18) => headers instanceof Headers ? headers.get(key18) : headers[key18.toLowerCase()];
|
|
649
654
|
const xfp = get("x-forwarded-proto");
|
|
650
655
|
if (xfp) return xfp.toLowerCase();
|
|
651
656
|
const forwarded = get("forwarded");
|
|
@@ -865,11 +870,11 @@ async function route3(request2, config) {
|
|
|
865
870
|
function matches3(configRoutes, request2) {
|
|
866
871
|
const url = new URL(request2.url);
|
|
867
872
|
const [userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
|
|
868
|
-
let
|
|
873
|
+
let route21 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
|
|
869
874
|
if (userId === "users") {
|
|
870
|
-
|
|
875
|
+
route21 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
|
|
871
876
|
}
|
|
872
|
-
return urlMatches(request2.url,
|
|
877
|
+
return urlMatches(request2.url, route21);
|
|
873
878
|
}
|
|
874
879
|
async function fetchTenantUsers(config, method, payload) {
|
|
875
880
|
const { body, params } = {};
|
|
@@ -958,8 +963,8 @@ async function route4(request2, config) {
|
|
|
958
963
|
function matches4(configRoutes, request2) {
|
|
959
964
|
const url = new URL(request2.url);
|
|
960
965
|
const [, tenantId] = url.pathname.split("/").reverse();
|
|
961
|
-
const
|
|
962
|
-
return urlMatches(request2.url,
|
|
966
|
+
const route21 = configRoutes[key4].replace("{tenantId}", tenantId);
|
|
967
|
+
return urlMatches(request2.url, route21);
|
|
963
968
|
}
|
|
964
969
|
async function fetchInvite(config, method, body) {
|
|
965
970
|
const { headers, tenantId } = ctx.get();
|
|
@@ -1014,8 +1019,8 @@ async function route5(request2, config) {
|
|
|
1014
1019
|
function matches5(configRoutes, request2) {
|
|
1015
1020
|
const url = new URL(request2.url);
|
|
1016
1021
|
const [, tenantId] = url.pathname.split("/").reverse();
|
|
1017
|
-
const
|
|
1018
|
-
return url.pathname.endsWith(
|
|
1022
|
+
const route21 = configRoutes[key5].replace("{tenantId}", tenantId);
|
|
1023
|
+
return url.pathname.endsWith(route21);
|
|
1019
1024
|
}
|
|
1020
1025
|
async function fetchInvites(config) {
|
|
1021
1026
|
const { tenantId, headers } = ctx.get();
|
|
@@ -1472,6 +1477,33 @@ async function fetchVerifyEmail(config, method, body) {
|
|
|
1472
1477
|
return await config.handlers[method](req);
|
|
1473
1478
|
}
|
|
1474
1479
|
|
|
1480
|
+
// src/api/routes/auth/mfa.ts
|
|
1481
|
+
var key14 = "MULTI_FACTOR";
|
|
1482
|
+
async function route17(req, config) {
|
|
1483
|
+
return request(
|
|
1484
|
+
proxyRoutes(config.apiUrl)[key14],
|
|
1485
|
+
{
|
|
1486
|
+
method: req.method,
|
|
1487
|
+
request: req
|
|
1488
|
+
},
|
|
1489
|
+
config
|
|
1490
|
+
);
|
|
1491
|
+
}
|
|
1492
|
+
function matches17(configRoutes, request2) {
|
|
1493
|
+
return urlMatches(request2.url, configRoutes[key14]);
|
|
1494
|
+
}
|
|
1495
|
+
async function fetchMfa(config, method, body) {
|
|
1496
|
+
const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/mfa" /* MULTI_FACTOR */}`;
|
|
1497
|
+
const { headers } = ctx.get();
|
|
1498
|
+
const init = {
|
|
1499
|
+
headers,
|
|
1500
|
+
method,
|
|
1501
|
+
body
|
|
1502
|
+
};
|
|
1503
|
+
const req = new Request(clientUrl, init);
|
|
1504
|
+
return await config.handlers[method](req);
|
|
1505
|
+
}
|
|
1506
|
+
|
|
1475
1507
|
// src/api/handlers/GET.ts
|
|
1476
1508
|
function GETTER(configRoutes, config) {
|
|
1477
1509
|
const { error, info, warn: warn2 } = config.logger("[GET MATCHER]");
|
|
@@ -1567,8 +1599,8 @@ async function POST5(config, init) {
|
|
|
1567
1599
|
}
|
|
1568
1600
|
|
|
1569
1601
|
// src/api/routes/signup/index.tsx
|
|
1570
|
-
var
|
|
1571
|
-
async function
|
|
1602
|
+
var key15 = "SIGNUP";
|
|
1603
|
+
async function route18(request2, config) {
|
|
1572
1604
|
switch (request2.method) {
|
|
1573
1605
|
case "POST":
|
|
1574
1606
|
return await POST5(config, { request: request2 });
|
|
@@ -1576,8 +1608,8 @@ async function route17(request2, config) {
|
|
|
1576
1608
|
return new Response("method not allowed", { status: 405 });
|
|
1577
1609
|
}
|
|
1578
1610
|
}
|
|
1579
|
-
function
|
|
1580
|
-
return urlMatches(request2.url, configRoutes[
|
|
1611
|
+
function matches18(configRoutes, request2) {
|
|
1612
|
+
return urlMatches(request2.url, configRoutes[key15]);
|
|
1581
1613
|
}
|
|
1582
1614
|
async function fetchSignUp(config, payload) {
|
|
1583
1615
|
const { body, params } = payload ?? {};
|
|
@@ -1632,9 +1664,9 @@ function POSTER(configRoutes, config) {
|
|
|
1632
1664
|
info("matches tenant invite");
|
|
1633
1665
|
return route4(req, config);
|
|
1634
1666
|
}
|
|
1635
|
-
if (
|
|
1667
|
+
if (matches18(configRoutes, req)) {
|
|
1636
1668
|
info("matches signup");
|
|
1637
|
-
return
|
|
1669
|
+
return route18(req, config);
|
|
1638
1670
|
}
|
|
1639
1671
|
if (matches6(configRoutes, req)) {
|
|
1640
1672
|
info("matches tenants");
|
|
@@ -1648,6 +1680,10 @@ function POSTER(configRoutes, config) {
|
|
|
1648
1680
|
info("matches signin");
|
|
1649
1681
|
return route7(req, config);
|
|
1650
1682
|
}
|
|
1683
|
+
if (matches17(configRoutes, req)) {
|
|
1684
|
+
info("matches mfa");
|
|
1685
|
+
return route17(req, config);
|
|
1686
|
+
}
|
|
1651
1687
|
if (matches15(configRoutes, req)) {
|
|
1652
1688
|
info("matches password reset");
|
|
1653
1689
|
return route15(req, config);
|
|
@@ -1696,9 +1732,9 @@ async function PUT5(config, init) {
|
|
|
1696
1732
|
}
|
|
1697
1733
|
|
|
1698
1734
|
// src/api/routes/tenants/[tenantId]/users/[userId]/index.ts
|
|
1699
|
-
var
|
|
1700
|
-
async function
|
|
1701
|
-
const { info } = config.logger(`[ROUTES][${
|
|
1735
|
+
var key16 = "TENANT_USER";
|
|
1736
|
+
async function route19(request2, config) {
|
|
1737
|
+
const { info } = config.logger(`[ROUTES][${key16}]`);
|
|
1702
1738
|
const session = await auth(request2, config);
|
|
1703
1739
|
if (!session) {
|
|
1704
1740
|
info("401");
|
|
@@ -1719,14 +1755,14 @@ async function route18(request2, config) {
|
|
|
1719
1755
|
return new Response("method not allowed", { status: 405 });
|
|
1720
1756
|
}
|
|
1721
1757
|
}
|
|
1722
|
-
function
|
|
1758
|
+
function matches19(configRoutes, request2) {
|
|
1723
1759
|
const url = new URL(request2.url);
|
|
1724
1760
|
const [, userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
|
|
1725
|
-
let
|
|
1761
|
+
let route21 = configRoutes[key16].replace("{tenantId}", tenantId).replace("{userId}", userId);
|
|
1726
1762
|
if (userId === "users") {
|
|
1727
|
-
|
|
1763
|
+
route21 = configRoutes[key16].replace("{tenantId}", possibleTenantId);
|
|
1728
1764
|
}
|
|
1729
|
-
return urlMatches(request2.url,
|
|
1765
|
+
return urlMatches(request2.url, route21);
|
|
1730
1766
|
}
|
|
1731
1767
|
async function fetchTenantUser(config, method) {
|
|
1732
1768
|
const { headers, tenantId, userId } = ctx.get();
|
|
@@ -1765,8 +1801,8 @@ async function DELETE4(config, init) {
|
|
|
1765
1801
|
}
|
|
1766
1802
|
|
|
1767
1803
|
// src/api/routes/tenants/[tenantId]/invite/[inviteId]/index.ts
|
|
1768
|
-
var
|
|
1769
|
-
async function
|
|
1804
|
+
var key17 = "INVITE";
|
|
1805
|
+
async function route20(request2, config) {
|
|
1770
1806
|
switch (request2.method) {
|
|
1771
1807
|
case "DELETE":
|
|
1772
1808
|
return await DELETE4(config, { request: request2 });
|
|
@@ -1774,11 +1810,11 @@ async function route19(request2, config) {
|
|
|
1774
1810
|
return new Response("method not allowed", { status: 405 });
|
|
1775
1811
|
}
|
|
1776
1812
|
}
|
|
1777
|
-
function
|
|
1813
|
+
function matches20(configRoutes, request2) {
|
|
1778
1814
|
const url = new URL(request2.url);
|
|
1779
1815
|
const [inviteId, , tenantId] = url.pathname.split("/").reverse();
|
|
1780
|
-
const
|
|
1781
|
-
return urlMatches(request2.url,
|
|
1816
|
+
const route21 = configRoutes[key17].replace("{tenantId}", tenantId).replace("{inviteId}", inviteId);
|
|
1817
|
+
return urlMatches(request2.url, route21);
|
|
1782
1818
|
}
|
|
1783
1819
|
|
|
1784
1820
|
// src/api/handlers/DELETE.ts
|
|
@@ -1798,13 +1834,17 @@ function DELETER(configRoutes, config) {
|
|
|
1798
1834
|
error("Proxy requests failed, a Request object was not passed.");
|
|
1799
1835
|
return;
|
|
1800
1836
|
}
|
|
1801
|
-
if (
|
|
1837
|
+
if (matches20(configRoutes, req)) {
|
|
1802
1838
|
info("matches tenant invite id");
|
|
1803
|
-
return
|
|
1839
|
+
return route20(req, config);
|
|
1804
1840
|
}
|
|
1805
|
-
if (
|
|
1841
|
+
if (matches17(configRoutes, req)) {
|
|
1842
|
+
info("matches MFA");
|
|
1843
|
+
return route17(req, config);
|
|
1844
|
+
}
|
|
1845
|
+
if (matches19(configRoutes, req)) {
|
|
1806
1846
|
info("matches tenant user");
|
|
1807
|
-
return
|
|
1847
|
+
return route19(req, config);
|
|
1808
1848
|
}
|
|
1809
1849
|
if (matches6(configRoutes, req)) {
|
|
1810
1850
|
info("matches tenants");
|
|
@@ -1840,9 +1880,9 @@ function PUTER(configRoutes, config) {
|
|
|
1840
1880
|
info("matches tenant invite");
|
|
1841
1881
|
return route4(req, config);
|
|
1842
1882
|
}
|
|
1843
|
-
if (
|
|
1883
|
+
if (matches19(configRoutes, req)) {
|
|
1844
1884
|
info("matches tenant user");
|
|
1845
|
-
return
|
|
1885
|
+
return route19(req, config);
|
|
1846
1886
|
}
|
|
1847
1887
|
if (matches3(configRoutes, req)) {
|
|
1848
1888
|
info("matches tenant users");
|
|
@@ -1860,6 +1900,10 @@ function PUTER(configRoutes, config) {
|
|
|
1860
1900
|
info("matches reset password");
|
|
1861
1901
|
return route15(req, config);
|
|
1862
1902
|
}
|
|
1903
|
+
if (matches17(configRoutes, req)) {
|
|
1904
|
+
info("matches mfa");
|
|
1905
|
+
return route17(req, config);
|
|
1906
|
+
}
|
|
1863
1907
|
warn2("No PUT routes matched");
|
|
1864
1908
|
return new Response(null, { status: 404 });
|
|
1865
1909
|
};
|
|
@@ -2811,6 +2855,17 @@ var Auth = class {
|
|
|
2811
2855
|
callbackUrl: credentials.callbackUrl
|
|
2812
2856
|
});
|
|
2813
2857
|
const signInRes = await this.callback(provider, body);
|
|
2858
|
+
const twoFactor = await is2FA(signInRes);
|
|
2859
|
+
if (twoFactor) {
|
|
2860
|
+
if (rawResponse) {
|
|
2861
|
+
return signInRes;
|
|
2862
|
+
}
|
|
2863
|
+
try {
|
|
2864
|
+
return await signInRes.clone().json();
|
|
2865
|
+
} catch {
|
|
2866
|
+
return signInRes;
|
|
2867
|
+
}
|
|
2868
|
+
}
|
|
2814
2869
|
const authCookie = signInRes?.headers.get("set-cookie");
|
|
2815
2870
|
if (!authCookie) {
|
|
2816
2871
|
throw new Error("authentication failed");
|
|
@@ -2862,6 +2917,30 @@ var Auth = class {
|
|
|
2862
2917
|
}
|
|
2863
2918
|
});
|
|
2864
2919
|
}
|
|
2920
|
+
async mfa(params, rawResponse) {
|
|
2921
|
+
return withNileContext(this.#config, async () => {
|
|
2922
|
+
let method = "POST";
|
|
2923
|
+
if (params.scope === "setup") {
|
|
2924
|
+
method = "PUT";
|
|
2925
|
+
}
|
|
2926
|
+
if (params.remove) {
|
|
2927
|
+
method = "DELETE";
|
|
2928
|
+
}
|
|
2929
|
+
const res = await fetchMfa(
|
|
2930
|
+
this.#config,
|
|
2931
|
+
method,
|
|
2932
|
+
JSON.stringify({ ...params, method: params.method ?? "authenticator" })
|
|
2933
|
+
);
|
|
2934
|
+
if (rawResponse) {
|
|
2935
|
+
return res;
|
|
2936
|
+
}
|
|
2937
|
+
try {
|
|
2938
|
+
return await res.clone().json();
|
|
2939
|
+
} catch {
|
|
2940
|
+
return res;
|
|
2941
|
+
}
|
|
2942
|
+
});
|
|
2943
|
+
}
|
|
2865
2944
|
};
|
|
2866
2945
|
function parseCSRF(headers) {
|
|
2867
2946
|
let cookie = headers?.get("set-cookie");
|
|
@@ -2951,6 +3030,17 @@ function fQUrl(path, config) {
|
|
|
2951
3030
|
}
|
|
2952
3031
|
return path;
|
|
2953
3032
|
}
|
|
3033
|
+
async function is2FA(signInRes) {
|
|
3034
|
+
try {
|
|
3035
|
+
const cloned = await signInRes.clone();
|
|
3036
|
+
const json = await cloned.json();
|
|
3037
|
+
if ("method" in json && "secret" in json) {
|
|
3038
|
+
return signInRes;
|
|
3039
|
+
}
|
|
3040
|
+
} catch {
|
|
3041
|
+
}
|
|
3042
|
+
return null;
|
|
3043
|
+
}
|
|
2954
3044
|
|
|
2955
3045
|
// src/auth/obtainCsrf.ts
|
|
2956
3046
|
async function obtainCsrf(config, rawResponse = false) {
|
|
@@ -3512,8 +3602,8 @@ function updateConfig(response, config) {
|
|
|
3512
3602
|
}
|
|
3513
3603
|
const setCookies = [];
|
|
3514
3604
|
if (response?.headers) {
|
|
3515
|
-
for (const [
|
|
3516
|
-
if (
|
|
3605
|
+
for (const [key18, value] of response.headers) {
|
|
3606
|
+
if (key18.toLowerCase() === "set-cookie") {
|
|
3517
3607
|
setCookies.push(value);
|
|
3518
3608
|
}
|
|
3519
3609
|
}
|
|
@@ -3577,9 +3667,10 @@ var Server = class {
|
|
|
3577
3667
|
if (typeof create2 !== "function") {
|
|
3578
3668
|
continue;
|
|
3579
3669
|
}
|
|
3580
|
-
const ext = create2(
|
|
3581
|
-
if (ext.onConfigure) {
|
|
3582
|
-
|
|
3670
|
+
const ext = create2();
|
|
3671
|
+
if (typeof ext.onConfigure === "function") {
|
|
3672
|
+
this.#config.logger("[EXTENSION]").debug(`configuring for ${ext.id}`);
|
|
3673
|
+
ext.onConfigure(this);
|
|
3583
3674
|
}
|
|
3584
3675
|
if (ext?.replace?.handlers) {
|
|
3585
3676
|
this.#config.logger("[EXTENSION]").debug(`${ext.id} replacing handlers`);
|
|
@@ -3619,7 +3710,7 @@ var Server = class {
|
|
|
3619
3710
|
return {
|
|
3620
3711
|
remove: async (id) => {
|
|
3621
3712
|
if (!this.#config.extensions) return;
|
|
3622
|
-
const resolved = this.#config.extensions.map((ext) => ext(
|
|
3713
|
+
const resolved = this.#config.extensions.map((ext) => ext());
|
|
3623
3714
|
const index = resolved.findIndex((ext) => ext.id === id);
|
|
3624
3715
|
if (index !== -1) {
|
|
3625
3716
|
this.#config.extensions.splice(index, 1);
|
|
@@ -3702,25 +3793,25 @@ var Server = class {
|
|
|
3702
3793
|
}
|
|
3703
3794
|
}
|
|
3704
3795
|
if (headers instanceof Headers) {
|
|
3705
|
-
headers.forEach((value,
|
|
3706
|
-
updates.push([
|
|
3796
|
+
headers.forEach((value, key18) => {
|
|
3797
|
+
updates.push([key18.toLowerCase(), value]);
|
|
3707
3798
|
});
|
|
3708
3799
|
} else {
|
|
3709
|
-
for (const [
|
|
3710
|
-
updates.push([
|
|
3800
|
+
for (const [key18, value] of Object.entries(headers ?? {})) {
|
|
3801
|
+
updates.push([key18.toLowerCase(), value]);
|
|
3711
3802
|
}
|
|
3712
3803
|
}
|
|
3713
3804
|
const merged = {};
|
|
3714
|
-
this.#config.context.headers?.forEach((value,
|
|
3715
|
-
if (
|
|
3716
|
-
merged[
|
|
3805
|
+
this.#config.context.headers?.forEach((value, key18) => {
|
|
3806
|
+
if (key18.toLowerCase() !== "cookie") {
|
|
3807
|
+
merged[key18.toLowerCase()] = value;
|
|
3717
3808
|
}
|
|
3718
3809
|
});
|
|
3719
|
-
for (const [
|
|
3720
|
-
merged[
|
|
3810
|
+
for (const [key18, value] of updates) {
|
|
3811
|
+
merged[key18] = value;
|
|
3721
3812
|
}
|
|
3722
|
-
for (const [
|
|
3723
|
-
this.#config.context.headers.set(
|
|
3813
|
+
for (const [key18, value] of Object.entries(merged)) {
|
|
3814
|
+
this.#config.context.headers.set(key18, value);
|
|
3724
3815
|
}
|
|
3725
3816
|
this.#config.logger("[handleHeaders]").debug(JSON.stringify(merged));
|
|
3726
3817
|
}
|