@nocobase/plugin-idp-oauth 2.1.0-alpha.17 → 2.1.0-alpha.19

package/dist/server/db-adapter.js

@@ -0,0 +1,156 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var db_adapter_exports = {};
+__export(db_adapter_exports, {
+  createDbAdapter: () => createDbAdapter
+});
+module.exports = __toCommonJS(db_adapter_exports);
+function epochTime(date = Date.now()) {
+  return Math.floor(date / 1e3);
+}
+function createDbAdapter(app, collectionName = "oidcStates") {
+  return class DbAdapter {
+    model;
+    constructor(model) {
+      this.model = model;
+    }
+    get repo() {
+      return app.db.getRepository(collectionName);
+    }
+    isExpired(record) {
+      if (!(record == null ? void 0 : record.expiresAt)) {
+        return false;
+      }
+      const value = record.expiresAt instanceof Date ? record.expiresAt.getTime() : new Date(record.expiresAt).getTime();
+      return value <= Date.now();
+    }
+    async destroyExpired(record) {
+      if (!(record == null ? void 0 : record.id)) {
+        return;
+      }
+      await this.repo.destroy({
+        filterByTk: record.id
+      });
+    }
+    async findRecord(filter) {
+      const record = await this.repo.findOne({
+        filter
+      });
+      if (!record) {
+        return void 0;
+      }
+      if (this.isExpired(record)) {
+        await this.destroyExpired(record);
+        return void 0;
+      }
+      return record;
+    }
+    async destroy(id) {
+      const record = await this.repo.findOne({
+        filter: {
+          model: this.model,
+          oidcId: id
+        }
+      });
+      if (!record) {
+        return;
+      }
+      await this.repo.destroy({
+        filterByTk: record.get("id")
+      });
+    }
+    async consume(id) {
+      const record = await this.findRecord({
+        model: this.model,
+        oidcId: id
+      });
+      if (!record) {
+        return;
+      }
+      const payload = {
+        ...record.get("payload") || {},
+        consumed: epochTime()
+      };
+      await this.repo.update({
+        filterByTk: record.get("id"),
+        values: {
+          payload,
+          consumedAt: Math.floor(Date.now() / 1e3)
+        }
+      });
+    }
+    async find(id) {
+      const record = await this.findRecord({
+        model: this.model,
+        oidcId: id
+      });
+      return record == null ? void 0 : record.get("payload");
+    }
+    async findByUid(uid) {
+      const record = await this.findRecord({
+        model: this.model,
+        uid
+      });
+      return record == null ? void 0 : record.get("payload");
+    }
+    async findByUserCode(userCode) {
+      const record = await this.findRecord({
+        model: this.model,
+        userCode
+      });
+      return record == null ? void 0 : record.get("payload");
+    }
+    async upsert(id, payload, expiresIn) {
+      await this.repo.updateOrCreate({
+        filterKeys: ["model", "oidcId"],
+        values: {
+          model: this.model,
+          oidcId: id,
+          payload,
+          grantId: payload.grantId || null,
+          uid: payload.uid || null,
+          userCode: payload.userCode || null,
+          expiresAt: typeof expiresIn === "number" && Number.isFinite(expiresIn) ? Math.floor(Date.now() / 1e3) + expiresIn : null
+        }
+      });
+    }
+    async revokeByGrantId(grantId) {
+      if (!grantId) {
+        return;
+      }
+      await this.repo.destroy({
+        filter: {
+          grantId
+        }
+      });
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createDbAdapter
+});

package/dist/server/service.js

@@ -44,8 +44,9 @@ var import_node_fs = __toESM(require("node:fs"));
 var import_light_my_request = __toESM(require("light-my-request"));
 var import_node_crypto = require("node:crypto");
 var import_node_path = __toESM(require("node:path"));
-var import_cache_adapter = require("./cache-adapter");
-var import_utils = require("./utils");
+var import_utils = require("@nocobase/utils");
+var import_db_adapter = require("./db-adapter");
+var import_utils2 = require("./utils");
 let oidcModulePromise = null;
 let joseModulePromise = null;
 function getOidcModule() {
@@ -79,7 +80,7 @@ class IdpOauthService {
     return process.env.APP_PUBLIC_ORIGIN || `${protocol}://${host}`;
   }
   getApiBasePath() {
-    return (0, import_utils.normalizeBasePath)(process.env.API_BASE_PATH || "/api");
+    return (0, import_utils2.normalizeBasePath)(process.env.API_BASE_PATH || "/api");
   }
   getRequestPath(ctx) {
     var _a, _b;
@@ -212,17 +213,17 @@ class IdpOauthService {
       return void 0;
     }
     const normalizedPath = config.path.startsWith("/") ? config.path : `/${config.path}`;
-    return `${(0, import_utils.normalizeBasePath)(process.env.API_BASE_PATH || "/api")}${normalizedPath}`;
+    return `${(0, import_utils2.normalizeBasePath)(process.env.API_BASE_PATH || "/api")}${normalizedPath}`;
   }
   getRequestResourceConfig(ctx) {
-    const requestPath = (0, import_utils.normalizeBasePath)(ctx.path || this.getRequestPath(ctx) || "/");
+    const requestPath = (0, import_utils2.normalizeBasePath)(ctx.path || this.getRequestPath(ctx) || "/");
     for (const config of this.resourceServers.values()) {
       const resourcePath = this.getResourcePath(config);
       if (!resourcePath) {
         continue;
       }
-      const normalizedResourcePath = (0, import_utils.normalizeBasePath)(resourcePath);
-      const isRootResource = normalizedResourcePath === (0, import_utils.normalizeBasePath)(`${this.getApiBasePath()}/`);
+      const normalizedResourcePath = (0, import_utils2.normalizeBasePath)(resourcePath);
+      const isRootResource = normalizedResourcePath === (0, import_utils2.normalizeBasePath)(`${this.getApiBasePath()}/`);
       const matches = requestPath === normalizedResourcePath || requestPath.startsWith(`${normalizedResourcePath}/`) || isRootResource && requestPath.startsWith(`${this.getApiBasePath()}/`);
       if (matches) {
         return config;
@@ -235,7 +236,7 @@ class IdpOauthService {
       return this.resourceJwks.get(provider.issuer);
     }
     const { createLocalJWKSet } = await getJoseModule();
-    const issuerPath = (0, import_utils.normalizeBasePath)(new URL(provider.issuer).pathname || "/");
+    const issuerPath = (0, import_utils2.normalizeBasePath)(new URL(provider.issuer).pathname || "/");
     const jwksPath = provider.pathFor("jwks");
     const internalJwksPath = jwksPath === issuerPath ? "/" : jwksPath.startsWith(`${issuerPath}/`) ? jwksPath.slice(issuerPath.length) || "/" : jwksPath;
     const response = await (0, import_light_my_request.default)(provider.callback(), {
@@ -267,7 +268,7 @@ class IdpOauthService {
     };
   }
   getDefaultJwksPath(appName) {
-    return import_node_path.default.resolve(process.cwd(), "storage", "apps", appName, "idp_oauth_jwks.json");
+    return (0, import_utils.storagePathJoin)("apps", appName, "idp_oauth_jwks.json");
   }
   async getProviderSigningJwks(appName) {
     const parseJwks = (value, source) => {
@@ -469,7 +470,7 @@ class IdpOauthService {
     }
     const jwks = await this.getProviderSigningJwks(appName);
     return {
-      adapter: (0, import_cache_adapter.createCacheAdapter)(this.app.cache, "idp-oauth"),
+      adapter: (0, import_db_adapter.createDbAdapter)(this.app, "oidcStates"),
       clients: [],
       scopes: this.getSupportedScopes(),
       jwks,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nocobase/plugin-idp-oauth",
-  "version": "2.1.0-alpha.17",
+  "version": "2.1.0-alpha.19",
   "main": "dist/server/index.js",
   "displayName": "IdP: OAuth",
   "displayName.zh-CN": "IdP: OAuth",
@@ -20,5 +20,5 @@
   "keywords": [
     "Authentication"
   ],
-  "gitHead": "586cb00f56557e66168b9720d0e0193a1b752067"
+  "gitHead": "3d13700360eac1c0f9dbf6a5f167ed396a294a3c"
 }

package/dist/server/cache-adapter.d.ts

@@ -1,33 +0,0 @@
-/**
- * This file is part of the NocoBase (R) project.
- * Copyright (c) 2020-2024 NocoBase Co., Ltd.
- * Authors: NocoBase Team.
- *
- * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
- * For more information, please refer to: https://www.nocobase.com/agreement.
- */
-import type { Cache } from '@nocobase/cache';
-type StoredPayload = Record<string, any> & {
-    __expiresAt?: number;
-};
-export declare function createCacheAdapter(cache: Cache, namespace: string): {
-    new (model: string): {
-        model: string;
-        key(id: string): string;
-        read(id: string): Promise<StoredPayload>;
-        destroy(id: string): Promise<void>;
-        consume(id: string): Promise<void>;
-        find(id: string): Promise<{
-            [x: string]: any;
-        }>;
-        findByUid(uid: string): Promise<{
-            [x: string]: any;
-        }>;
-        findByUserCode(userCode: string): Promise<{
-            [x: string]: any;
-        }>;
-        upsert(id: string, payload: Record<string, any>, expiresIn: number): Promise<void>;
-        revokeByGrantId(grantId: string): Promise<void>;
-    };
-};
-export {};

package/dist/server/cache-adapter.js

@@ -1,159 +0,0 @@
-/**
- * This file is part of the NocoBase (R) project.
- * Copyright (c) 2020-2024 NocoBase Co., Ltd.
- * Authors: NocoBase Team.
- *
- * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
- * For more information, please refer to: https://www.nocobase.com/agreement.
- */
-
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var cache_adapter_exports = {};
-__export(cache_adapter_exports, {
-  createCacheAdapter: () => createCacheAdapter
-});
-module.exports = __toCommonJS(cache_adapter_exports);
-const grantable = /* @__PURE__ */ new Set([
-  "AccessToken",
-  "AuthorizationCode",
-  "RefreshToken",
-  "DeviceCode",
-  "BackchannelAuthenticationRequest"
-]);
-function epochTime(date = Date.now()) {
-  return Math.floor(date / 1e3);
-}
-function createCacheAdapter(cache, namespace) {
-  const keyFor = (model, id) => `${namespace}:${model}:${id}`;
-  const grantKeyFor = (grantId) => `${namespace}:grant:${grantId}`;
-  const sessionUidKeyFor = (uid) => `${namespace}:sessionUid:${uid}`;
-  const userCodeKeyFor = (userCode) => `${namespace}:userCode:${userCode}`;
-  const normalize = (payload) => {
-    if (!payload) {
-      return void 0;
-    }
-    if (payload.__expiresAt && payload.__expiresAt <= Date.now()) {
-      return void 0;
-    }
-    const { __expiresAt, ...data } = payload;
-    return data;
-  };
-  const getRemainingTtl = (payload) => {
-    if (!(payload == null ? void 0 : payload.__expiresAt)) {
-      return void 0;
-    }
-    const ttl = payload.__expiresAt - Date.now();
-    return ttl > 0 ? ttl : void 0;
-  };
-  return class CacheAdapter {
-    model;
-    constructor(model) {
-      this.model = model;
-    }
-    key(id) {
-      return keyFor(this.model, id);
-    }
-    async read(id) {
-      const payload = await cache.get(this.key(id));
-      if (!payload) {
-        return void 0;
-      }
-      if (payload.__expiresAt && payload.__expiresAt <= Date.now()) {
-        await this.destroy(id);
-        return void 0;
-      }
-      return payload;
-    }
-    async destroy(id) {
-      const payload = await cache.get(this.key(id));
-      await cache.del(this.key(id));
-      if ((payload == null ? void 0 : payload.uid) && this.model === "Session") {
-        await cache.del(sessionUidKeyFor(payload.uid));
-      }
-      if (payload == null ? void 0 : payload.userCode) {
-        await cache.del(userCodeKeyFor(payload.userCode));
-      }
-    }
-    async consume(id) {
-      const payload = await this.read(id);
-      if (!payload) {
-        return;
-      }
-      payload.consumed = epochTime();
-      await cache.set(this.key(id), payload, getRemainingTtl(payload));
-    }
-    async find(id) {
-      return normalize(await this.read(id));
-    }
-    async findByUid(uid) {
-      const id = await cache.get(sessionUidKeyFor(uid));
-      if (!id) {
-        return void 0;
-      }
-      return this.find(id);
-    }
-    async findByUserCode(userCode) {
-      const id = await cache.get(userCodeKeyFor(userCode));
-      if (!id) {
-        return void 0;
-      }
-      return this.find(id);
-    }
-    async upsert(id, payload, expiresIn) {
-      const ttl = expiresIn * 1e3;
-      const stored = {
-        ...payload,
-        __expiresAt: Date.now() + ttl
-      };
-      if (this.model === "Session" && payload.uid) {
-        await cache.set(sessionUidKeyFor(payload.uid), id, ttl);
-      }
-      if (grantable.has(this.model) && payload.grantId) {
-        const grantKey = grantKeyFor(payload.grantId);
-        const grant = (await cache.get(grantKey) || []).filter(Boolean);
-        if (!grant.includes(this.key(id))) {
-          grant.push(this.key(id));
-        }
-        await cache.set(grantKey, grant, ttl);
-      }
-      if (payload.userCode) {
-        await cache.set(userCodeKeyFor(payload.userCode), id, ttl);
-      }
-      await cache.set(this.key(id), stored, ttl);
-    }
-    async revokeByGrantId(grantId) {
-      const grantKey = grantKeyFor(grantId);
-      const grant = await cache.get(grantKey);
-      if (!(grant == null ? void 0 : grant.length)) {
-        return;
-      }
-      await Promise.all(
-        grant.map((tokenKey) => {
-          const id = tokenKey.slice(this.key("").length);
-          return this.destroy(id);
-        })
-      );
-      await cache.del(grantKey);
-    }
-  };
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  createCacheAdapter
-});