@nsshunt/stsappframework 2.19.163 → 2.19.165
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authutilsnode.js +130 -3
- package/dist/authutilsnode.js.map +1 -1
- package/package.json +5 -1
- package/src/authutilsnode.ts +137 -1
- package/types/authutilsnode.d.ts +19 -0
- package/types/authutilsnode.d.ts.map +1 -1
package/dist/authutilsnode.js
CHANGED
|
@@ -22,16 +22,58 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
22
22
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
23
23
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
24
24
|
};
|
|
25
|
-
var _AuthUtilsNode_cookiejar;
|
|
25
|
+
var _AuthUtilsNode_cookiejar, _AuthUtilsNode_httpsAgent, _AuthUtilsNode_debug, _AuthUtilsNode_GetHttpsAgent;
|
|
26
26
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
27
|
-
exports.AuthUtilsNode = void 0;
|
|
27
|
+
exports.AuthUtilsNode = exports.STSClientID = void 0;
|
|
28
28
|
const tough_cookie_1 = __importDefault(require("tough-cookie"));
|
|
29
|
+
const https_1 = __importDefault(require("https"));
|
|
30
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
31
|
+
const jwt_decode_1 = __importDefault(require("jwt-decode"));
|
|
32
|
+
const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
|
|
33
|
+
const axios_1 = __importDefault(require("axios"));
|
|
34
|
+
const stsconfig_1 = require("@nsshunt/stsconfig");
|
|
35
|
+
const goptions = (0, stsconfig_1.$Options)();
|
|
36
|
+
const debug_1 = __importDefault(require("debug"));
|
|
29
37
|
const stsutils_1 = require("@nsshunt/stsutils");
|
|
30
38
|
const errors_1 = require("./validation/errors");
|
|
31
39
|
const http_status_codes_1 = require("http-status-codes");
|
|
40
|
+
var STSClientID;
|
|
41
|
+
(function (STSClientID) {
|
|
42
|
+
STSClientID["STSRest01Service"] = "KgSyRECcvnJwwOZqf7GPqUw508sx7VBFEbDC0iP4oeY=";
|
|
43
|
+
STSClientID["STSAuthService"] = "q6a9F0kksXDDcrsCUKRwHKDnTNh7yZfxCShAgIJqfGg=";
|
|
44
|
+
STSClientID["STSUITerminal"] = "U0E4c4cuRKlBsGo7OhOl3qTkoNGFBXjORUS/T4R4xyA=";
|
|
45
|
+
STSClientID["STSCLI"] = "EcCpnQOIQFizAnWphlFJ4tSylosgVnwKTSNtgwuL2tw=";
|
|
46
|
+
STSClientID["STSUIWebApp"] = "lww8Je8n2P0OI/KEfJ+4p/bqsk8uE/noeq13tl4zlQ0=";
|
|
47
|
+
STSClientID["XXSTSUserAgentRunnerX"] = "y1h2nNr1BzTVPIzNmP/f041uxbnyZYTJeF/5GcwRCtw=";
|
|
48
|
+
STSClientID["STSInstrumentManagerService"] = "l8u2E912eR44ZYRHUkSBCCnDOXxQqYOPahDVQzYowrw=";
|
|
49
|
+
STSClientID["STSTestOrchestratorService"] = "CU1sVlS6vsEe3O3VvNzKFdBnQd9pQ83w9RyVx/7tJfc=";
|
|
50
|
+
STSClientID["STSTestRunnerNode"] = "aX9dJbsT06V1G4j06xEIQ/rZ2CDlpzggU58aLtZ8fzE=";
|
|
51
|
+
STSClientID["STSBrokerService"] = "TRppBuvxcjL7jrY9lCASJ5st8JpU8WlhAUAWoX/KKQ4=";
|
|
52
|
+
STSClientID["STSTestingService"] = "4Mtb3ABdSzZvSz4T51HPJhT14znVnqVDRFiZsvDNAOg=";
|
|
53
|
+
STSClientID["XXSTSAuthenticateSPAXX"] = "v4qBrds3Autl/i86xT+5z0K53kJ/2hHTfxNo0QO/0Jk=";
|
|
54
|
+
STSClientID["STSTestRunnerAgentSPA"] = "yDbklCH3awzDNuHICuco9mjDqhdzCa8m7w/UE9Opexc=";
|
|
55
|
+
STSClientID["STSClientApp01SPA"] = "FDX/CPyDb3m6d9G2k+wDX8Uvey+yCkllaT4EuEt4QyU=";
|
|
56
|
+
STSClientID["PowerPlatformCustomConnectorSPA"] = "fcdcebb5-d154-4699-b99d-87d29e5e148f";
|
|
57
|
+
})(STSClientID = exports.STSClientID || (exports.STSClientID = {}));
|
|
32
58
|
class AuthUtilsNode {
|
|
33
59
|
constructor() {
|
|
34
60
|
_AuthUtilsNode_cookiejar.set(this, void 0);
|
|
61
|
+
_AuthUtilsNode_httpsAgent.set(this, null);
|
|
62
|
+
_AuthUtilsNode_debug.set(this, (0, debug_1.default)(`proc:${process.pid}:AuthUtilsNode`));
|
|
63
|
+
_AuthUtilsNode_GetHttpsAgent.set(this, () => {
|
|
64
|
+
if (__classPrivateFieldGet(this, _AuthUtilsNode_httpsAgent, "f") === null) {
|
|
65
|
+
// https://nodejs.org/api/http.html#class-httpagent
|
|
66
|
+
__classPrivateFieldSet(this, _AuthUtilsNode_httpsAgent, new https_1.default.Agent({
|
|
67
|
+
keepAlive: goptions.keepAlive,
|
|
68
|
+
maxSockets: goptions.maxSockets,
|
|
69
|
+
maxTotalSockets: goptions.maxTotalSockets,
|
|
70
|
+
maxFreeSockets: goptions.maxFreeSockets,
|
|
71
|
+
timeout: goptions.timeout,
|
|
72
|
+
rejectUnauthorized: false
|
|
73
|
+
}), "f");
|
|
74
|
+
}
|
|
75
|
+
return __classPrivateFieldGet(this, _AuthUtilsNode_httpsAgent, "f");
|
|
76
|
+
});
|
|
35
77
|
this.SetCookiesToJar = (headers, endpoint) => __awaiter(this, void 0, void 0, function* () {
|
|
36
78
|
if (headers['set-cookie']) {
|
|
37
79
|
headers['set-cookie'].map((headerCookie) => {
|
|
@@ -48,6 +90,91 @@ class AuthUtilsNode {
|
|
|
48
90
|
this.GetCookiesFromJar = (endpoint) => __awaiter(this, void 0, void 0, function* () {
|
|
49
91
|
return __classPrivateFieldGet(this, _AuthUtilsNode_cookiejar, "f").getCookies(endpoint);
|
|
50
92
|
});
|
|
93
|
+
this.ValidateJWT = (token, audience, endpoint) => __awaiter(this, void 0, void 0, function* () {
|
|
94
|
+
const jwksClientUri = (endpoint
|
|
95
|
+
? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`
|
|
96
|
+
: `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);
|
|
97
|
+
const jwks = (0, jwks_rsa_1.default)({
|
|
98
|
+
cache: true,
|
|
99
|
+
cacheMaxEntries: 5,
|
|
100
|
+
cacheMaxAge: 600000,
|
|
101
|
+
rateLimit: true,
|
|
102
|
+
jwksRequestsPerMinute: 10,
|
|
103
|
+
jwksUri: jwksClientUri,
|
|
104
|
+
timeout: 30000,
|
|
105
|
+
requestAgent: __classPrivateFieldGet(this, _AuthUtilsNode_GetHttpsAgent, "f").call(this)
|
|
106
|
+
});
|
|
107
|
+
// Use decode to get the kid
|
|
108
|
+
const decodedRefreshToken = (0, jwt_decode_1.default)(token, { header: true });
|
|
109
|
+
const kid = decodedRefreshToken.kid;
|
|
110
|
+
const key = yield jwks.getSigningKey(kid);
|
|
111
|
+
const signingKey = key.getPublicKey();
|
|
112
|
+
const verifyOptions = {
|
|
113
|
+
issuer: 'https://stsmda.com.au/stsauth/',
|
|
114
|
+
//subject: s,
|
|
115
|
+
audience: audience,
|
|
116
|
+
//expiresIn: 600, // 10 minutes
|
|
117
|
+
algorithm: ["RS256"] // RSASSA [ "RS256", "RS384", "RS512" ]
|
|
118
|
+
};
|
|
119
|
+
return jsonwebtoken_1.default.verify(token, signingKey, verifyOptions);
|
|
120
|
+
});
|
|
121
|
+
this.GetAPITokenFromAuthServer = (clientId, authClientSecret, audience, endPoint) => __awaiter(this, void 0, void 0, function* () {
|
|
122
|
+
try {
|
|
123
|
+
const headers = { 'Content-Type': 'application/json' };
|
|
124
|
+
const payload = {
|
|
125
|
+
client_id: clientId,
|
|
126
|
+
client_secret: authClientSecret,
|
|
127
|
+
//client_secret: goptions.brokerclientsecret, // Broker service client secret
|
|
128
|
+
audience: audience,
|
|
129
|
+
//@@ remove audience
|
|
130
|
+
//@@ need scope to be the API identifier
|
|
131
|
+
grant_type: "client_credentials"
|
|
132
|
+
};
|
|
133
|
+
const url = (endPoint
|
|
134
|
+
? `${endPoint}${goptions.asoauthapiroot}/token`
|
|
135
|
+
: `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);
|
|
136
|
+
const retVal = yield (0, axios_1.default)({
|
|
137
|
+
url,
|
|
138
|
+
method: 'post',
|
|
139
|
+
data: payload,
|
|
140
|
+
headers: headers,
|
|
141
|
+
httpsAgent: __classPrivateFieldGet(this, _AuthUtilsNode_GetHttpsAgent, "f").call(this)
|
|
142
|
+
});
|
|
143
|
+
if (retVal.status) {
|
|
144
|
+
if (retVal.status !== 200) {
|
|
145
|
+
// Just provide a warning here
|
|
146
|
+
__classPrivateFieldGet(this, _AuthUtilsNode_debug, "f").call(this, `Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`.magenta);
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
else {
|
|
150
|
+
const msg = `Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`.red;
|
|
151
|
+
__classPrivateFieldGet(this, _AuthUtilsNode_debug, "f").call(this, msg);
|
|
152
|
+
throw new Error(msg);
|
|
153
|
+
}
|
|
154
|
+
if (retVal.data) {
|
|
155
|
+
if (retVal.data.access_token) {
|
|
156
|
+
return retVal.data.access_token;
|
|
157
|
+
}
|
|
158
|
+
else {
|
|
159
|
+
const msg = `Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`.red;
|
|
160
|
+
__classPrivateFieldGet(this, _AuthUtilsNode_debug, "f").call(this, msg);
|
|
161
|
+
throw new Error(msg);
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
else {
|
|
165
|
+
const msg = `Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`.red;
|
|
166
|
+
__classPrivateFieldGet(this, _AuthUtilsNode_debug, "f").call(this, msg);
|
|
167
|
+
throw new Error(msg);
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
catch (error) {
|
|
171
|
+
__classPrivateFieldGet(this, _AuthUtilsNode_debug, "f").call(this, `Error (AuthUtilsNode:GetAPITokenFromServer:catch): ${error}`.red);
|
|
172
|
+
if (error.response && error.response.data) {
|
|
173
|
+
__classPrivateFieldGet(this, _AuthUtilsNode_debug, "f").call(this, `Details: [${JSON.stringify(error.response.data)}]`.red);
|
|
174
|
+
}
|
|
175
|
+
throw error;
|
|
176
|
+
}
|
|
177
|
+
});
|
|
51
178
|
__classPrivateFieldSet(this, _AuthUtilsNode_cookiejar, new tough_cookie_1.default.CookieJar(), "f");
|
|
52
179
|
}
|
|
53
180
|
VerifyRequestMiddlewareFactory(options) {
|
|
@@ -114,5 +241,5 @@ class AuthUtilsNode {
|
|
|
114
241
|
}
|
|
115
242
|
}
|
|
116
243
|
exports.AuthUtilsNode = AuthUtilsNode;
|
|
117
|
-
_AuthUtilsNode_cookiejar = new WeakMap();
|
|
244
|
+
_AuthUtilsNode_cookiejar = new WeakMap(), _AuthUtilsNode_httpsAgent = new WeakMap(), _AuthUtilsNode_debug = new WeakMap(), _AuthUtilsNode_GetHttpsAgent = new WeakMap();
|
|
118
245
|
//# sourceMappingURL=authutilsnode.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authutilsnode.js","sourceRoot":"","sources":["../src/authutilsnode.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gEAAiC;
|
|
1
|
+
{"version":3,"file":"authutilsnode.js","sourceRoot":"","sources":["../src/authutilsnode.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gEAAiC;AACjC,kDAAyB;AACzB,gEAA+B;AAC/B,4DAAoC;AACpC,wDAAkC;AAElC,kDAA0B;AAE1B,kDAA6C;AAC7C,MAAM,QAAQ,GAAG,IAAA,oBAAQ,GAAE,CAAA;AAE3B,kDAA+B;AAE/B,gDAA+D;AAE/D,gDAA2D;AAE3D,yDAAgD;AAMhD,IAAY,WAgBX;AAhBD,WAAY,WAAW;IACnB,gFAAiE,CAAA;IACjE,8EAA+D,CAAA;IAC/D,6EAA8D,CAAA;IAC9D,sEAAuD,CAAA;IACvD,2EAA4D,CAAA;IAC5D,qFAAsE,CAAA;IACtE,2FAA4E,CAAA;IAC5E,0FAA2E,CAAA;IAC3E,iFAAkE,CAAA;IAClE,gFAAiE,CAAA;IACjE,iFAAkE,CAAA;IAClE,sFAAuE,CAAA;IACvE,qFAAsE,CAAA;IACtE,iFAAkE,CAAA;IAClE,uFAAwE,CAAA;AAC5E,CAAC,EAhBW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QAgBtB;AAED,MAAa,aAAa;IAMtB;QAJA,2CAA4B;QAC5B,oCAAkC,IAAI,EAAC;QACvC,+BAAS,IAAA,eAAW,EAAC,QAAQ,OAAO,CAAC,GAAG,gBAAgB,CAAC,EAAC;QAM1D,uCAAiB,GAAG,EAAE;YAElB,IAAI,uBAAA,IAAI,iCAAY,KAAK,IAAI,EAAE;gBAC3B,mDAAmD;gBACnD,uBAAA,IAAI,6BAAe,IAAI,eAAK,CAAC,KAAK,CAAC;oBAC/B,SAAS,EAAE,QAAQ,CAAC,SAAS;oBAC7B,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,eAAe,EAAE,QAAQ,CAAC,eAAe;oBACzC,cAAc,EAAE,QAAQ,CAAC,cAAc;oBACvC,OAAO,EAAE,QAAQ,CAAC,OAAO;oBACzB,kBAAkB,EAAE,KAAK;iBAC5B,CAAC,MAAA,CAAC;aACN;YACD,OAAO,uBAAA,IAAI,iCAAY,CAAC;QAC5B,CAAC,EAAA;QA+DD,oBAAe,GAAG,CAAO,OAA4B,EAAE,QAAgB,EAA2B,EAAE;YAEhG,IAAI,OAAO,CAAC,YAAY,CAAC,EAAE;gBACvB,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,YAAiB,EAAE,EAAE;oBAC5C,MAAM,MAAM,GAAQ,sBAAK,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;oBACrD,uBAAA,IAAI,gCAAW,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACpD,CAAC,CAAC,CAAC;aACN;iBAAM;gBACH,MAAM,MAAM,GAAQ,sBAAK,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC9D,uBAAA,IAAI,gCAAW,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACnD;YAED,OAAO,uBAAA,IAAI,gCAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC,CAAA,CAAC;QAEF,sBAAiB,GAAG,CAAO,QAAgB,EAA2B,EAAE;YAEpE,OAAO,uBAAA,IAAI,gCAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC,CAAA,CAAC;QAEF,gBAAW,GAAG,CAAO,KAAa,EAAE,QAAgB,EAAE,QAAiB,EAAmB,EAAE;YACxF,MAAM,aAAa,GAAG,CAAC,QAAQ;gBAC3B,CAAC,CAAC,GAAG,QAAQ,GAAG,QAAQ,CAAC,cAAc,GAAG,QAAQ,CAAC,cAAc,EAAE;gBACnE,CAAC,CAAC,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,cAAc,GAAG,QAAQ,CAAC,cAAc,EAAE,CAAC,CAAC;YAEvG,MAAM,IAAI,GAAG,IAAA,kBAAU,EAAC;gBACpB,KAAK,EAAE,IAAI;gBACX,eAAe,EAAE,CAAC;gBAClB,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,IAAI;gBACf,qBAAqB,EAAE,EAAE;gBACzB,OAAO,EAAE,aAAa;gBACtB,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,uBAAA,IAAI,oCAAe,MAAnB,IAAI,CAAiB;aACtC,CAAC,CAAC;YAEH,4BAA4B;YAC5B,MAAM,mBAAmB,GAAG,IAAA,oBAAU,EAAa,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5E,MAAM,GAAG,GAAG,mBAAmB,CAAC,GAAG,CAAC;YAEpC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;YAEtC,MAAM,aAAa,GAAG;gBAClB,MAAM,EAAG,gCAAgC;gBACzC,cAAc;gBACd,QAAQ,EAAG,QAAQ;gBACnB,gCAAgC;gBAChC,SAAS,EAAG,CAAC,OAAO,CAAC,CAAG,uCAAuC;aAClE,CAAC;YAEF,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,aAAa,CAAW,CAAC;QAClE,CAAC,CAAA,CAAA;QAED,8BAAyB,GAAG,CAAO,QAAqB,EAAE,gBAAwB,EAAE,QAAgB,EAAE,QAAiB,EAAmB,EAAE;YACxI,IAAI;gBACA,MAAM,OAAO,GAAG,EAAE,cAAc,EAAE,kBAAkB,EAAC,CAAC;gBACtD,MAAM,OAAO,GAAG;oBACZ,SAAS,EAAE,QAAQ;oBACnB,aAAa,EAAE,gBAAgB;oBAC/B,6EAA6E;oBAC7E,QAAQ,EAAE,QAAQ;oBAClB,oBAAoB;oBACpB,wCAAwC;oBACxC,UAAU,EAAE,oBAAoB;iBACnC,CAAA;gBACD,MAAM,GAAG,GAAG,CAAC,QAAQ;oBACjB,CAAC,CAAC,GAAG,QAAQ,GAAG,QAAQ,CAAC,cAAc,QAAQ;oBAC/C,CAAC,CAAC,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,cAAc,QAAQ,CAAC,CAAC;gBACnF,MAAM,MAAM,GAAG,MAAM,IAAA,eAAK,EAAC;oBACvB,GAAG;oBACF,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,OAAO;oBAChB,UAAU,EAAE,uBAAA,IAAI,oCAAe,MAAnB,IAAI,CAAiB;iBACrC,CAAC,CAAC;gBAEH,IAAI,MAAM,CAAC,MAAM,EAAE;oBACf,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE;wBACvB,8BAA8B;wBAC9B,uBAAA,IAAI,4BAAO,MAAX,IAAI,EAAQ,+EAA+E,MAAM,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC;qBACxH;iBACJ;qBAAM;oBACH,MAAM,GAAG,GAAG,8DAA8D,CAAC,GAAG,CAAA;oBAC9E,uBAAA,IAAI,4BAAO,MAAX,IAAI,EAAQ,GAAG,CAAC,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;iBACxB;gBACD,IAAI,MAAM,CAAC,IAAI,EAAE;oBACb,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE;wBAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,YAAsB,CAAC;qBAC7C;yBAAM;wBACH,MAAM,GAAG,GAAG,yEAAyE,CAAC,GAAG,CAAA;wBACzF,uBAAA,IAAI,4BAAO,MAAX,IAAI,EAAQ,GAAG,CAAC,CAAC;wBACjB,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;qBACxB;iBACJ;qBAAM;oBACH,MAAM,GAAG,GAAG,4DAA4D,CAAC,GAAG,CAAA;oBAC5E,uBAAA,IAAI,4BAAO,MAAX,IAAI,EAAQ,GAAG,CAAC,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;iBACxB;aACJ;YAAC,OAAO,KAAU,EAAE;gBACjB,uBAAA,IAAI,4BAAO,MAAX,IAAI,EAAQ,sDAAsD,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;gBAC/E,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE;oBACvC,uBAAA,IAAI,4BAAO,MAAX,IAAI,EAAQ,aAAa,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;iBACxE;gBACD,MAAM,KAAK,CAAC;aACf;QACL,CAAC,CAAA,CAAA;QA3LG,uBAAA,IAAI,4BAAc,IAAI,sBAAK,CAAC,SAAS,EAAE,MAAA,CAAC;IAC5C,CAAC;IAkBD,8BAA8B,CAAC,OAA8B;QACzD,OAAO,UAAe,GAAQ,EAAE,GAAQ,EAAE,IAAS;;gBAC/C,IAAI,OAAO,CAAC,WAAW,EAAE;oBACrB,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACzC,MAAM,mBAAmB,GAAG,EAAG,CAAC;oBAChC,KAAK,IAAI,CAAC,GAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;wBAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;wBAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;4BAC9B,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;yBACxC;qBACJ;oBACD,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE;wBAChC,MAAM,YAAY,GAAG,IAAA,0BAAe,EAAC,8BAAqB,CAAC,+BAA+B,EAAE,mBAAmB,CAAC,CAAC;wBACjH,GAAG,CAAC,MAAM,CAAC,+BAAW,CAAC,YAAY,CAAC,CAAC,IAAI,CAAE,EAAE,MAAM,EAAE,+BAAW,CAAC,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;wBACtG,OAAO;qBACV;iBACJ;gBACD,IAAI,EAAE,CAAC;YACX,CAAC;SAAA,CAAA;IACL,CAAC;IACD;;;;;;;;;;;;;;;MAeD;IAEO,uBAAuB,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS;;YAEvD,IAAI,EAAE,CAAC;YACP;;;;;;;;;;;;;;;;;;cAkBJ;QACA,CAAC;KAAA;CAyMJ;AA9RD,sCA8RC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nsshunt/stsappframework",
|
|
3
|
-
"version": "2.19.
|
|
3
|
+
"version": "2.19.165",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "./types/index.d.ts",
|
|
@@ -29,6 +29,7 @@
|
|
|
29
29
|
"@types/debug": "^4.1.7",
|
|
30
30
|
"@types/express": "^4.17.17",
|
|
31
31
|
"@types/jest": "^29.5.0",
|
|
32
|
+
"@types/jsonwebtoken": "^9.0.1",
|
|
32
33
|
"@types/pg": "^8.6.6",
|
|
33
34
|
"@types/uuid": "^9.0.1",
|
|
34
35
|
"@typescript-eslint/eslint-plugin": "^5.58.0",
|
|
@@ -54,6 +55,9 @@
|
|
|
54
55
|
"debug": "^4.3.4",
|
|
55
56
|
"express": "^4.18.2",
|
|
56
57
|
"http-status-codes": "^2.2.0",
|
|
58
|
+
"jsonwebtoken": "^9.0.0",
|
|
59
|
+
"jwks-rsa": "^3.0.1",
|
|
60
|
+
"jwt-decode": "^3.1.2",
|
|
57
61
|
"pidusage": "^3.0.2",
|
|
58
62
|
"prom-client": "^14.2.0",
|
|
59
63
|
"socket.io": "^4.6.1",
|
package/src/authutilsnode.ts
CHANGED
|
@@ -1,6 +1,17 @@
|
|
|
1
1
|
import tough from 'tough-cookie';
|
|
2
|
+
import https from 'https'
|
|
3
|
+
import jwt from 'jsonwebtoken';
|
|
4
|
+
import jwt_decode from 'jwt-decode';
|
|
5
|
+
import jwksClient from 'jwks-rsa';
|
|
2
6
|
|
|
3
|
-
import
|
|
7
|
+
import axios from 'axios';
|
|
8
|
+
|
|
9
|
+
import { $Options } from '@nsshunt/stsconfig'
|
|
10
|
+
const goptions = $Options()
|
|
11
|
+
|
|
12
|
+
import debugModule from 'debug'
|
|
13
|
+
|
|
14
|
+
import { GetErrorPayload, JSONObject } from '@nsshunt/stsutils'
|
|
4
15
|
|
|
5
16
|
import { AppFrameworkErrorCode } from './validation/errors'
|
|
6
17
|
|
|
@@ -10,14 +21,50 @@ export interface IAuthUtilsNodeOptions {
|
|
|
10
21
|
permissions: string[]
|
|
11
22
|
}
|
|
12
23
|
|
|
24
|
+
export enum STSClientID {
|
|
25
|
+
STSRest01Service = 'KgSyRECcvnJwwOZqf7GPqUw508sx7VBFEbDC0iP4oeY=',
|
|
26
|
+
STSAuthService = 'q6a9F0kksXDDcrsCUKRwHKDnTNh7yZfxCShAgIJqfGg=',
|
|
27
|
+
STSUITerminal = 'U0E4c4cuRKlBsGo7OhOl3qTkoNGFBXjORUS/T4R4xyA=',
|
|
28
|
+
STSCLI = 'EcCpnQOIQFizAnWphlFJ4tSylosgVnwKTSNtgwuL2tw=',
|
|
29
|
+
STSUIWebApp = 'lww8Je8n2P0OI/KEfJ+4p/bqsk8uE/noeq13tl4zlQ0=',
|
|
30
|
+
XXSTSUserAgentRunnerX = 'y1h2nNr1BzTVPIzNmP/f041uxbnyZYTJeF/5GcwRCtw=',
|
|
31
|
+
STSInstrumentManagerService = 'l8u2E912eR44ZYRHUkSBCCnDOXxQqYOPahDVQzYowrw=',
|
|
32
|
+
STSTestOrchestratorService = 'CU1sVlS6vsEe3O3VvNzKFdBnQd9pQ83w9RyVx/7tJfc=',
|
|
33
|
+
STSTestRunnerNode = 'aX9dJbsT06V1G4j06xEIQ/rZ2CDlpzggU58aLtZ8fzE=',
|
|
34
|
+
STSBrokerService = 'TRppBuvxcjL7jrY9lCASJ5st8JpU8WlhAUAWoX/KKQ4=',
|
|
35
|
+
STSTestingService = '4Mtb3ABdSzZvSz4T51HPJhT14znVnqVDRFiZsvDNAOg=',
|
|
36
|
+
XXSTSAuthenticateSPAXX = 'v4qBrds3Autl/i86xT+5z0K53kJ/2hHTfxNo0QO/0Jk=',
|
|
37
|
+
STSTestRunnerAgentSPA = 'yDbklCH3awzDNuHICuco9mjDqhdzCa8m7w/UE9Opexc=',
|
|
38
|
+
STSClientApp01SPA = 'FDX/CPyDb3m6d9G2k+wDX8Uvey+yCkllaT4EuEt4QyU=',
|
|
39
|
+
PowerPlatformCustomConnectorSPA = 'fcdcebb5-d154-4699-b99d-87d29e5e148f'
|
|
40
|
+
}
|
|
41
|
+
|
|
13
42
|
export class AuthUtilsNode
|
|
14
43
|
{
|
|
15
44
|
#cookiejar: tough.CookieJar;
|
|
45
|
+
#httpsAgent: https.Agent | null = null;
|
|
46
|
+
#debug = debugModule(`proc:${process.pid}:AuthUtilsNode`);
|
|
16
47
|
|
|
17
48
|
constructor() {
|
|
18
49
|
this.#cookiejar = new tough.CookieJar();
|
|
19
50
|
}
|
|
20
51
|
|
|
52
|
+
#GetHttpsAgent = () =>
|
|
53
|
+
{
|
|
54
|
+
if (this.#httpsAgent === null) {
|
|
55
|
+
// https://nodejs.org/api/http.html#class-httpagent
|
|
56
|
+
this.#httpsAgent = new https.Agent({
|
|
57
|
+
keepAlive: goptions.keepAlive,
|
|
58
|
+
maxSockets: goptions.maxSockets,
|
|
59
|
+
maxTotalSockets: goptions.maxTotalSockets,
|
|
60
|
+
maxFreeSockets: goptions.maxFreeSockets,
|
|
61
|
+
timeout: goptions.timeout,
|
|
62
|
+
rejectUnauthorized: false
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
return this.#httpsAgent;
|
|
66
|
+
}
|
|
67
|
+
|
|
21
68
|
VerifyRequestMiddlewareFactory(options: IAuthUtilsNodeOptions) {
|
|
22
69
|
return async function(req: any, res: any, next: any) {
|
|
23
70
|
if (options.permissions) {
|
|
@@ -99,6 +146,95 @@ export class AuthUtilsNode
|
|
|
99
146
|
return this.#cookiejar.getCookies(endpoint);
|
|
100
147
|
};
|
|
101
148
|
|
|
149
|
+
ValidateJWT = async (token: string, audience: string, endpoint?: string): Promise<string> => {
|
|
150
|
+
const jwksClientUri = (endpoint
|
|
151
|
+
? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`
|
|
152
|
+
: `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);
|
|
153
|
+
|
|
154
|
+
const jwks = jwksClient({
|
|
155
|
+
cache: true, //@@ all config items
|
|
156
|
+
cacheMaxEntries: 5, // Default value
|
|
157
|
+
cacheMaxAge: 600000, // Defaults to 10m
|
|
158
|
+
rateLimit: true,
|
|
159
|
+
jwksRequestsPerMinute: 10, // Default value
|
|
160
|
+
jwksUri: jwksClientUri,
|
|
161
|
+
timeout: 30000, //@@ config
|
|
162
|
+
requestAgent: this.#GetHttpsAgent()
|
|
163
|
+
});
|
|
164
|
+
|
|
165
|
+
// Use decode to get the kid
|
|
166
|
+
const decodedRefreshToken = jwt_decode<JSONObject>(token, { header: true });
|
|
167
|
+
const kid = decodedRefreshToken.kid;
|
|
168
|
+
|
|
169
|
+
const key = await jwks.getSigningKey(kid);
|
|
170
|
+
const signingKey = key.getPublicKey();
|
|
171
|
+
|
|
172
|
+
const verifyOptions = {
|
|
173
|
+
issuer: 'https://stsmda.com.au/stsauth/',
|
|
174
|
+
//subject: s,
|
|
175
|
+
audience: audience,
|
|
176
|
+
//expiresIn: 600, // 10 minutes
|
|
177
|
+
algorithm: ["RS256"] // RSASSA [ "RS256", "RS384", "RS512" ]
|
|
178
|
+
};
|
|
179
|
+
|
|
180
|
+
return jwt.verify(token, signingKey, verifyOptions) as string;
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
GetAPITokenFromAuthServer = async (clientId: STSClientID, authClientSecret: string, audience: string, endPoint?: string): Promise<string> => {
|
|
184
|
+
try {
|
|
185
|
+
const headers = { 'Content-Type': 'application/json'};
|
|
186
|
+
const payload = { //@@ make a type
|
|
187
|
+
client_id: clientId, // The service calling this method
|
|
188
|
+
client_secret: authClientSecret, // Auth service client secret
|
|
189
|
+
//client_secret: goptions.brokerclientsecret, // Broker service client secret
|
|
190
|
+
audience: audience, // required API
|
|
191
|
+
//@@ remove audience
|
|
192
|
+
//@@ need scope to be the API identifier
|
|
193
|
+
grant_type: "client_credentials"
|
|
194
|
+
}
|
|
195
|
+
const url = (endPoint
|
|
196
|
+
? `${endPoint}${goptions.asoauthapiroot}/token`
|
|
197
|
+
: `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);
|
|
198
|
+
const retVal = await axios({
|
|
199
|
+
url
|
|
200
|
+
,method: 'post'
|
|
201
|
+
,data: payload
|
|
202
|
+
,headers: headers
|
|
203
|
+
,httpsAgent: this.#GetHttpsAgent()
|
|
204
|
+
});
|
|
205
|
+
|
|
206
|
+
if (retVal.status) {
|
|
207
|
+
if (retVal.status !== 200) {
|
|
208
|
+
// Just provide a warning here
|
|
209
|
+
this.#debug(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`.magenta);
|
|
210
|
+
}
|
|
211
|
+
} else {
|
|
212
|
+
const msg = `Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`.red
|
|
213
|
+
this.#debug(msg);
|
|
214
|
+
throw new Error(msg);
|
|
215
|
+
}
|
|
216
|
+
if (retVal.data) {
|
|
217
|
+
if (retVal.data.access_token) {
|
|
218
|
+
return retVal.data.access_token as string;
|
|
219
|
+
} else {
|
|
220
|
+
const msg = `Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`.red
|
|
221
|
+
this.#debug(msg);
|
|
222
|
+
throw new Error(msg);
|
|
223
|
+
}
|
|
224
|
+
} else {
|
|
225
|
+
const msg = `Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`.red
|
|
226
|
+
this.#debug(msg);
|
|
227
|
+
throw new Error(msg);
|
|
228
|
+
}
|
|
229
|
+
} catch (error: any) {
|
|
230
|
+
this.#debug(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): ${error}`.red);
|
|
231
|
+
if (error.response && error.response.data) {
|
|
232
|
+
this.#debug(`Details: [${JSON.stringify(error.response.data)}]`.red);
|
|
233
|
+
}
|
|
234
|
+
throw error;
|
|
235
|
+
}
|
|
236
|
+
}
|
|
237
|
+
|
|
102
238
|
/*
|
|
103
239
|
#getHttpsAgent = () =>
|
|
104
240
|
{
|
package/types/authutilsnode.d.ts
CHANGED
|
@@ -2,6 +2,23 @@ import tough from 'tough-cookie';
|
|
|
2
2
|
export interface IAuthUtilsNodeOptions {
|
|
3
3
|
permissions: string[];
|
|
4
4
|
}
|
|
5
|
+
export declare enum STSClientID {
|
|
6
|
+
STSRest01Service = "KgSyRECcvnJwwOZqf7GPqUw508sx7VBFEbDC0iP4oeY=",
|
|
7
|
+
STSAuthService = "q6a9F0kksXDDcrsCUKRwHKDnTNh7yZfxCShAgIJqfGg=",
|
|
8
|
+
STSUITerminal = "U0E4c4cuRKlBsGo7OhOl3qTkoNGFBXjORUS/T4R4xyA=",
|
|
9
|
+
STSCLI = "EcCpnQOIQFizAnWphlFJ4tSylosgVnwKTSNtgwuL2tw=",
|
|
10
|
+
STSUIWebApp = "lww8Je8n2P0OI/KEfJ+4p/bqsk8uE/noeq13tl4zlQ0=",
|
|
11
|
+
XXSTSUserAgentRunnerX = "y1h2nNr1BzTVPIzNmP/f041uxbnyZYTJeF/5GcwRCtw=",
|
|
12
|
+
STSInstrumentManagerService = "l8u2E912eR44ZYRHUkSBCCnDOXxQqYOPahDVQzYowrw=",
|
|
13
|
+
STSTestOrchestratorService = "CU1sVlS6vsEe3O3VvNzKFdBnQd9pQ83w9RyVx/7tJfc=",
|
|
14
|
+
STSTestRunnerNode = "aX9dJbsT06V1G4j06xEIQ/rZ2CDlpzggU58aLtZ8fzE=",
|
|
15
|
+
STSBrokerService = "TRppBuvxcjL7jrY9lCASJ5st8JpU8WlhAUAWoX/KKQ4=",
|
|
16
|
+
STSTestingService = "4Mtb3ABdSzZvSz4T51HPJhT14znVnqVDRFiZsvDNAOg=",
|
|
17
|
+
XXSTSAuthenticateSPAXX = "v4qBrds3Autl/i86xT+5z0K53kJ/2hHTfxNo0QO/0Jk=",
|
|
18
|
+
STSTestRunnerAgentSPA = "yDbklCH3awzDNuHICuco9mjDqhdzCa8m7w/UE9Opexc=",
|
|
19
|
+
STSClientApp01SPA = "FDX/CPyDb3m6d9G2k+wDX8Uvey+yCkllaT4EuEt4QyU=",
|
|
20
|
+
PowerPlatformCustomConnectorSPA = "fcdcebb5-d154-4699-b99d-87d29e5e148f"
|
|
21
|
+
}
|
|
5
22
|
export declare class AuthUtilsNode {
|
|
6
23
|
#private;
|
|
7
24
|
constructor();
|
|
@@ -9,5 +26,7 @@ export declare class AuthUtilsNode {
|
|
|
9
26
|
verifyRequestMiddleware(req: any, res: any, next: any): Promise<void>;
|
|
10
27
|
SetCookiesToJar: (headers: Record<string, any>, endpoint: string) => Promise<tough.Cookie[]>;
|
|
11
28
|
GetCookiesFromJar: (endpoint: string) => Promise<tough.Cookie[]>;
|
|
29
|
+
ValidateJWT: (token: string, audience: string, endpoint?: string) => Promise<string>;
|
|
30
|
+
GetAPITokenFromAuthServer: (clientId: STSClientID, authClientSecret: string, audience: string, endPoint?: string) => Promise<string>;
|
|
12
31
|
}
|
|
13
32
|
//# sourceMappingURL=authutilsnode.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authutilsnode.d.ts","sourceRoot":"","sources":["../src/authutilsnode.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"authutilsnode.d.ts","sourceRoot":"","sources":["../src/authutilsnode.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,cAAc,CAAC;AAmBjC,MAAM,WAAW,qBAAqB;IAClC,WAAW,EAAE,MAAM,EAAE,CAAA;CACxB;AAED,oBAAY,WAAW;IACnB,gBAAgB,iDAAiD;IACjE,cAAc,iDAAiD;IAC/D,aAAa,iDAAiD;IAC9D,MAAM,iDAAiD;IACvD,WAAW,iDAAiD;IAC5D,qBAAqB,iDAAiD;IACtE,2BAA2B,iDAAiD;IAC5E,0BAA0B,iDAAiD;IAC3E,iBAAiB,iDAAiD;IAClE,gBAAgB,iDAAiD;IACjE,iBAAiB,iDAAiD;IAClE,sBAAsB,iDAAiD;IACvE,qBAAqB,iDAAiD;IACtE,iBAAiB,iDAAiD;IAClE,+BAA+B,yCAAyC;CAC3E;AAED,qBAAa,aAAa;;;IA0BtB,8BAA8B,CAAC,OAAO,EAAE,qBAAqB,SAC9B,GAAG,OAAO,GAAG,QAAQ,GAAG;IAoCjD,uBAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;IAwB3D,eAAe,YAAmB,OAAO,MAAM,EAAE,GAAG,CAAC,YAAY,MAAM,KAAG,QAAQ,MAAM,MAAM,EAAE,CAAC,CAa/F;IAEF,iBAAiB,aAAoB,MAAM,KAAG,QAAQ,MAAM,MAAM,EAAE,CAAC,CAGnE;IAEF,WAAW,UAAiB,MAAM,YAAY,MAAM,aAAa,MAAM,KAAG,QAAQ,MAAM,CAAC,CAgCxF;IAED,yBAAyB,aAAoB,WAAW,oBAAoB,MAAM,YAAY,MAAM,aAAa,MAAM,KAAG,QAAQ,MAAM,CAAC,CAqDxI;CA4FJ"}
|