@nsshunt/stsauthclient 1.0.40 → 1.0.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/stsauthclient.mjs +296 -316
  2. package/dist/stsauthclient.mjs.map +1 -1
  3. package/dist/stsauthclient.umd.js +299 -319
  4. package/dist/stsauthclient.umd.js.map +1 -1
  5. package/package.json +12 -12
package/dist/stsauthclient.umd.js CHANGED
@@ -1,19 +1,7 @@
1
1
  (function(global, factory) {
2
2
  typeof exports === "object" && typeof module !== "undefined" ? factory(exports, require("axios"), require("@nsshunt/stsutils"), require("tough-cookie"), require("jsonwebtoken"), require("jwt-decode"), require("jwks-rsa"), require("@nsshunt/stsconfig"), require("chalk"), require("@nsshunt/stsobservability")) : typeof define === "function" && define.amd ? define(["exports", "axios", "@nsshunt/stsutils", "tough-cookie", "jsonwebtoken", "jwt-decode", "jwks-rsa", "@nsshunt/stsconfig", "chalk", "@nsshunt/stsobservability"], factory) : (global = typeof globalThis !== "undefined" ? globalThis : global || self, factory(global["@nsshunt/stsauthclient"] = {}, global.axios, global.stsutils, global["tough-cookie"], global.jsonwebtoken, global["jwt-decode"], global["jwks-rsa"], global.stsconfig, global.chalk, global.stsobservability));
3
- })(this, function(exports2, axios, stsutils, tough, jwt, jwtDecode, jwksClient, stsconfig, chalk, stsobservability) {
4
- "use strict";var __defProp = Object.defineProperty;
5
- var __typeError = (msg) => {
6
- throw TypeError(msg);
7
- };
8
- var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
9
- var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
10
- var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
11
- var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
12
- var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
13
- var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
14
- var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
15
-
16
- var _options, _options2, _cache, _cacheTimeout, _cookiejar, _originRegex, _AuthUtilsNode_instances, LogDebugMessage_fn;
3
+ })(this, (function(exports2, axios, stsutils, tough, jwt, jwtDecode, jwksClient, stsconfig, chalk, stsobservability) {
4
+ "use strict";
17
5
  const iss = `https://stscore.stsmda.org/oauth2/v2.0`;
18
6
  const STSAuthClientErrorCode = Object.freeze({
19
7
  STS_AC_MISSING_PERMISSION: {
@@ -83,333 +71,165 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
83
71
  StatusCodes2[StatusCodes2["NETWORK_AUTHENTICATION_REQUIRED"] = 511] = "NETWORK_AUTHENTICATION_REQUIRED";
84
72
  })(StatusCodes || (StatusCodes = {}));
85
73
  class ResourceManager {
74
+ #options;
86
75
  constructor(options) {
87
- __privateAdd(this, _options);
88
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
89
- __publicField(this, "GetErrorMessage", (status, error, detail) => {
90
- return {
91
- status,
92
- error,
93
- detail
94
- };
95
- });
96
- __publicField(this, "GetHeaders", (access_token) => {
97
- const headers = {
98
- "Content-Type": "application/json"
99
- };
100
- if (access_token) {
101
- headers["Authorization"] = `Bearer ${access_token}`;
102
- }
103
- return headers;
104
- });
105
- __publicField(this, "GetResult", async (accessToken, url, method, requestData, errorCb) => {
106
- const axiosConfig = new stsutils.STSAxiosConfig(url, method, this.GetHeaders(accessToken), this.options.timeout);
107
- if (__privateGet(this, _options).agentManager) {
108
- axiosConfig.withAgentManager(__privateGet(this, _options).agentManager);
109
- }
110
- if (requestData !== null) {
111
- axiosConfig.withData(requestData);
112
- }
113
- const data = await axios(axiosConfig.config);
114
- if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {
115
- const sessionDataRaw = data.data.detail;
116
- if (sessionDataRaw) {
117
- try {
118
- const sessionData = JSON.parse(sessionDataRaw);
119
- return sessionData;
120
- } catch (error) {
121
- errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetResult(): Could not parse session data.", error));
122
- return null;
123
- }
124
- } else {
125
- errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetResult(): No session data returned.", null));
126
- return null;
127
- }
128
- } else {
129
- const { status, error, detail } = data.data;
130
- errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));
131
- return null;
132
- }
133
- });
134
- __privateSet(this, _options, options);
135
- this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(__privateGet(this, _options))}]`);
76
+ this.#options = options;
77
+ this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);
136
78
  }
137
79
  get agentManager() {
138
- if (__privateGet(this, _options).agentManager) {
139
- return __privateGet(this, _options).agentManager;
80
+ if (this.#options.agentManager) {
81
+ return this.#options.agentManager;
140
82
  } else {
141
83
  return null;
142
84
  }
143
85
  }
144
86
  get options() {
145
- return __privateGet(this, _options);
87
+ return this.#options;
146
88
  }
147
89
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
148
90
  LogDebugMessage(message) {
149
- __privateGet(this, _options).logger.debug(message);
91
+ this.#options.logger.debug(message);
150
92
  }
151
93
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
152
94
  LogInfoMessage(message) {
153
- __privateGet(this, _options).logger.info(message);
95
+ this.#options.logger.info(message);
154
96
  }
155
97
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
156
98
  LogErrorMessage(message) {
157
- __privateGet(this, _options).logger.error(message);
99
+ this.#options.logger.error(message);
158
100
  }
101
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
102
+ GetErrorMessage = (status, error, detail) => {
103
+ return {
104
+ status,
105
+ error,
106
+ detail
107
+ };
108
+ };
109
+ GetHeaders = (access_token) => {
110
+ const headers = {
111
+ "Content-Type": "application/json"
112
+ };
113
+ if (access_token) {
114
+ headers["Authorization"] = `Bearer ${access_token}`;
115
+ }
116
+ return headers;
117
+ };
118
+ GetResult = async (accessToken, url, method, requestData, errorCb) => {
119
+ const axiosConfig = new stsutils.STSAxiosConfig(url, method, this.GetHeaders(accessToken), this.options.timeout);
120
+ if (this.#options.agentManager) {
121
+ axiosConfig.withAgentManager(this.#options.agentManager);
122
+ }
123
+ if (requestData !== null) {
124
+ axiosConfig.withData(requestData);
125
+ }
126
+ const data = await axios(axiosConfig.config);
127
+ if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {
128
+ const sessionDataRaw = data.data.detail;
129
+ if (sessionDataRaw) {
130
+ try {
131
+ const sessionData = JSON.parse(sessionDataRaw);
132
+ return sessionData;
133
+ } catch (error) {
134
+ errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetResult(): Could not parse session data.", error));
135
+ return null;
136
+ }
137
+ } else {
138
+ errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetResult(): No session data returned.", null));
139
+ return null;
140
+ }
141
+ } else {
142
+ const { status, error, detail } = data.data;
143
+ errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));
144
+ return null;
145
+ }
146
+ };
159
147
  }
160
- _options = new WeakMap();
161
148
  class SessionManager extends ResourceManager {
162
149
  constructor(options) {
163
150
  super(options);
164
- __publicField(this, "GetSession", async (access_token, sessionId, errorCb) => {
165
- try {
166
- return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get", null, errorCb);
167
- } catch (error) {
168
- errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
169
- return null;
170
- }
171
- });
172
- __publicField(this, "PatchSession", async (access_token, session, errorCb) => {
173
- try {
174
- if (!session.sessionId) {
175
- errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetSession(): sessionId not provided.", null));
176
- return null;
177
- }
178
- return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, "patch", session, errorCb);
179
- } catch (error) {
180
- errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
151
+ }
152
+ GetSession = async (access_token, sessionId, errorCb) => {
153
+ try {
154
+ return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get", null, errorCb);
155
+ } catch (error) {
156
+ errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
157
+ return null;
158
+ }
159
+ };
160
+ PatchSession = async (access_token, session, errorCb) => {
161
+ try {
162
+ if (!session.sessionId) {
163
+ errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetSession(): sessionId not provided.", null));
181
164
  return null;
182
165
  }
183
- });
184
- }
166
+ return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, "patch", session, errorCb);
167
+ } catch (error) {
168
+ errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
169
+ return null;
170
+ }
171
+ };
185
172
  }
186
173
  class AuthUtilsNode {
174
+ #options;
175
+ #cache = {};
176
+ #cacheTimeout = 1e3;
177
+ #cookiejar;
178
+ // Regular expression to match the origin
179
+ #originRegex = /^(api:\/\/\w+)/;
187
180
  constructor(options) {
188
- __privateAdd(this, _AuthUtilsNode_instances);
189
- __privateAdd(this, _options2);
190
- __privateAdd(this, _cache, {});
191
- __privateAdd(this, _cacheTimeout, 1e3);
192
- __privateAdd(this, _cookiejar);
193
- // Regular expression to match the origin
194
- __privateAdd(this, _originRegex, /^(api:\/\/\w+)/);
195
- __publicField(this, "ResetAgent", () => {
196
- if (__privateGet(this, _options2).agentManager) {
197
- __privateGet(this, _options2).agentManager.ResetAgent();
198
- }
199
- });
200
- __publicField(this, "VerifyRequestMiddlewareFactory", (options) => {
201
- return async (req, res, next) => {
202
- if (options.permissions) {
203
- const permissionsKey = options.permissions.join("_");
204
- const scopeKey = req.auth.scope.split(" ").join("_");
205
- if (__privateGet(this, _cache)[permissionsKey] && __privateGet(this, _cache)[permissionsKey].scopes[scopeKey]) {
206
- next();
207
- return;
208
- }
209
- const scopes = req.auth.scope.split(" ");
210
- const requiredPermissions = [];
211
- for (let i = 0; i < options.permissions.length; i++) {
212
- const permission = options.permissions[i];
213
- if (!scopes.includes(permission)) {
214
- requiredPermissions.push(permission);
215
- }
216
- }
217
- if (requiredPermissions.length > 0) {
218
- const errorPayload = stsutils.GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);
219
- res.status(StatusCodes.UNAUTHORIZED).send({ status: StatusCodes.UNAUTHORIZED, error: errorPayload });
220
- return;
221
- }
222
- if (!__privateGet(this, _cache)[permissionsKey]) {
223
- __privateGet(this, _cache)[permissionsKey] = {
224
- scopes: {}
225
- };
226
- }
227
- __privateGet(this, _cache)[permissionsKey].scopes[scopeKey] = {
228
- scope: scopeKey,
229
- timeout: setTimeout(() => {
230
- delete __privateGet(this, _cache)[permissionsKey].scopes[scopeKey];
231
- }, __privateGet(this, _cacheTimeout)).unref()
232
- };
233
- }
234
- next();
235
- };
236
- });
237
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
238
- __publicField(this, "SetCookiesToJar", async (headers, endpoint) => {
239
- if (headers["set-cookie"]) {
240
- headers["set-cookie"].map((headerCookie) => {
241
- const cookie = tough.Cookie.parse(headerCookie);
242
- __privateGet(this, _cookiejar).setCookieSync(cookie, endpoint);
243
- });
244
- } else {
245
- const cookie = tough.Cookie.parse(headers["set-cookie"]);
246
- __privateGet(this, _cookiejar).setCookieSync(cookie, endpoint);
247
- }
248
- return __privateGet(this, _cookiejar).getCookies(endpoint);
249
- });
250
- __publicField(this, "GetCookiesFromJar", async (endpoint) => {
251
- return __privateGet(this, _cookiejar).getCookies(endpoint);
252
- });
253
- __publicField(this, "ValidateJWT", async (token, audience, endpoint) => {
254
- const jwksClientUri = endpoint ? `${endpoint}${stsconfig.goptions.asoauthapiroot}${stsconfig.goptions.asjwksjsonpath}` : `${stsconfig.goptions.asendpoint}:${stsconfig.goptions.asport}${stsconfig.goptions.asoauthapiroot}${stsconfig.goptions.asjwksjsonpath}`;
255
- const jwksClientOptions = {
256
- cache: true,
257
- //@@ all config items
258
- cacheMaxEntries: 5,
259
- // Default value
260
- cacheMaxAge: 6e5,
261
- // Defaults to 10m
262
- rateLimit: true,
263
- jwksRequestsPerMinute: 10,
264
- // Default value
265
- jwksUri: jwksClientUri,
266
- timeout: 3e4
267
- //@@ config
268
- };
269
- if (__privateGet(this, _options2).agentManager) {
270
- jwksClientOptions.requestAgent = __privateGet(this, _options2).agentManager.GetAgent(jwksClientUri);
271
- }
272
- const jwks = jwksClient(jwksClientOptions);
273
- const decodedRefreshToken = jwtDecode.jwtDecode(token, { header: true });
274
- const kid = decodedRefreshToken.kid;
275
- const key = await jwks.getSigningKey(kid);
276
- const signingKey = key.getPublicKey();
277
- const verifyOptions = {
278
- issuer: iss,
279
- //subject: s,
280
- audience,
281
- //expiresIn: 600, // 10 minutes
282
- algorithm: ["RS256"]
283
- // RSASSA [ "RS256", "RS384", "RS512" ]
284
- };
285
- return jwt.verify(token, signingKey, verifyOptions);
286
- });
287
- // Function to extract the origin from a URI
288
- __publicField(this, "ExtractOrigin", (uri) => {
289
- const match = uri.match(__privateGet(this, _originRegex));
290
- return match ? match[1] : null;
291
- });
292
- __publicField(this, "GetAPITokenFromAuthServerUsingScope", async (options, errorCb) => {
293
- const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;
294
- let stage = "1";
295
- const invokeErrorCb = (error) => {
296
- __privateMethod(this, _AuthUtilsNode_instances, LogDebugMessage_fn).call(this, error);
297
- if (instrumentController) {
298
- instrumentController.UpdateInstrument(stsobservability.Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, {
299
- // auth error
300
- Inc: 1
301
- });
302
- }
303
- errorCb(error);
304
- };
305
- try {
306
- stage = "2";
307
- const scopes = scope.split(" ");
308
- let origin = null;
309
- let error = null;
310
- stage = "3";
311
- for (let i = 0; i < scopes.length; i++) {
312
- const s = scopes[i];
313
- if (!origin) {
314
- origin = this.ExtractOrigin(s);
315
- if (!origin) {
316
- error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);
317
- break;
318
- }
319
- } else {
320
- const nextOrigin = this.ExtractOrigin(s);
321
- if (!nextOrigin) {
322
- error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);
323
- break;
324
- } else {
325
- if (origin.localeCompare(nextOrigin) !== 0) {
326
- error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);
327
- break;
328
- }
329
- }
330
- }
331
- }
332
- stage = "4";
333
- if (error) {
334
- invokeErrorCb(error);
335
- return "";
336
- }
337
- stage = "5";
338
- const payload = {
339
- //@@ make a type
340
- client_id: clientId,
341
- // The service calling this method
342
- client_secret: authClientSecret,
343
- // Auth service client secret
344
- //client_secret: goptions.brokerclientsecret, // Broker service client secret
345
- scope,
346
- // required API
347
- //@@ remove audience
348
- //@@ need scope to be the API identifier
349
- grant_type: "client_credentials"
350
- };
351
- stage = "6";
352
- const url = endPoint ? `${endPoint}${stsconfig.goptions.asoauthapiroot}/token` : `${stsconfig.goptions.asendpoint}:${stsconfig.goptions.asport}${stsconfig.goptions.asoauthapiroot}/token`;
353
- stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`;
354
- const axiosConfig = new stsutils.STSAxiosConfig(url, "post").withDefaultHeaders().withData(payload);
355
- if (__privateGet(this, _options2).agentManager) {
356
- axiosConfig.withAgentManager(__privateGet(this, _options2).agentManager);
181
+ this.#options = options;
182
+ this.#cookiejar = new tough.CookieJar();
183
+ }
184
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
185
+ #LogDebugMessage(message) {
186
+ this.#options.logger.debug(message);
187
+ }
188
+ get agentManager() {
189
+ return this.#options.agentManager;
190
+ }
191
+ ResetAgent = () => {
192
+ if (this.#options.agentManager) {
193
+ this.#options.agentManager.ResetAgent();
194
+ }
195
+ };
196
+ VerifyRequestMiddlewareFactory = (options) => {
197
+ return async (req, res, next) => {
198
+ if (options.permissions) {
199
+ const permissionsKey = options.permissions.join("_");
200
+ const scopeKey = req.auth.scope.split(" ").join("_");
201
+ if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {
202
+ next();
203
+ return;
357
204
  }
358
- const retVal = await axios(axiosConfig.config);
359
- stage = "7";
360
- if (retVal.status) {
361
- if (retVal.status !== 200) {
362
- __privateMethod(this, _AuthUtilsNode_instances, LogDebugMessage_fn).call(this, chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));
205
+ const scopes = req.auth.scope.split(" ");
206
+ const requiredPermissions = [];
207
+ for (let i = 0; i < options.permissions.length; i++) {
208
+ const permission = options.permissions[i];
209
+ if (!scopes.includes(permission)) {
210
+ requiredPermissions.push(permission);
363
211
  }
364
- } else {
365
- invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));
366
- return "";
367
212
  }
368
- stage = "8";
369
- if (retVal.data) {
370
- stage = "9";
371
- if (retVal.data.access_token) {
372
- stage = "10";
373
- if (instrumentController) {
374
- stage = "11";
375
- instrumentController.UpdateInstrument(stsobservability.Gauge.AUTHENTICATION_COUNT_GAUGE, {
376
- Inc: 1
377
- });
378
- }
379
- stage = "12";
380
- return retVal.data.access_token;
381
- } else {
382
- stage = "13";
383
- invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));
384
- return "";
385
- }
386
- } else {
387
- stage = "14";
388
- invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));
389
- return "";
390
- }
391
- } catch (error) {
392
- if (outputErrorsToConsole === true) {
393
- console.error(error);
213
+ if (requiredPermissions.length > 0) {
214
+ const errorPayload = stsutils.GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);
215
+ res.status(StatusCodes.UNAUTHORIZED).send({ status: StatusCodes.UNAUTHORIZED, error: errorPayload });
216
+ return;
394
217
  }
395
- let details = "None available.";
396
- if (error.response && error.response.data) {
397
- try {
398
- details = JSON.stringify(error.response.data);
399
- } catch (error2) {
400
- details = `Could not JSON.stringify(error.response.data)`;
401
- }
218
+ if (!this.#cache[permissionsKey]) {
219
+ this.#cache[permissionsKey] = {
220
+ scopes: {}
221
+ };
402
222
  }
403
- invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));
404
- return "";
223
+ this.#cache[permissionsKey].scopes[scopeKey] = {
224
+ scope: scopeKey,
225
+ timeout: setTimeout(() => {
226
+ delete this.#cache[permissionsKey].scopes[scopeKey];
227
+ }, this.#cacheTimeout).unref()
228
+ };
405
229
  }
406
- });
407
- __privateSet(this, _options2, options);
408
- __privateSet(this, _cookiejar, new tough.CookieJar());
409
- }
410
- get agentManager() {
411
- return __privateGet(this, _options2).agentManager;
412
- }
230
+ next();
231
+ };
232
+ };
413
233
  /*
414
234
  let cookies = await this.GetCookiesFromJar();
415
235
  const valid = this.#ValidateCookies(cookies);
@@ -430,21 +250,181 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
430
250
  async verifyRequestMiddleware(req, res, next) {
431
251
  next();
432
252
  }
253
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
254
+ SetCookiesToJar = async (headers, endpoint) => {
255
+ if (headers["set-cookie"]) {
256
+ headers["set-cookie"].map((headerCookie) => {
257
+ const cookie = tough.Cookie.parse(headerCookie);
258
+ this.#cookiejar.setCookieSync(cookie, endpoint);
259
+ });
260
+ } else {
261
+ const cookie = tough.Cookie.parse(headers["set-cookie"]);
262
+ this.#cookiejar.setCookieSync(cookie, endpoint);
263
+ }
264
+ return this.#cookiejar.getCookies(endpoint);
265
+ };
266
+ GetCookiesFromJar = async (endpoint) => {
267
+ return this.#cookiejar.getCookies(endpoint);
268
+ };
269
+ ValidateJWT = async (token, audience, endpoint) => {
270
+ const jwksClientUri = endpoint ? `${endpoint}${stsconfig.goptions.asoauthapiroot}${stsconfig.goptions.asjwksjsonpath}` : `${stsconfig.goptions.asendpoint}:${stsconfig.goptions.asport}${stsconfig.goptions.asoauthapiroot}${stsconfig.goptions.asjwksjsonpath}`;
271
+ const jwksClientOptions = {
272
+ cache: true,
273
+ //@@ all config items
274
+ cacheMaxEntries: 5,
275
+ // Default value
276
+ cacheMaxAge: 6e5,
277
+ // Defaults to 10m
278
+ rateLimit: true,
279
+ jwksRequestsPerMinute: 10,
280
+ // Default value
281
+ jwksUri: jwksClientUri,
282
+ timeout: 3e4
283
+ //@@ config
284
+ };
285
+ if (this.#options.agentManager) {
286
+ jwksClientOptions.requestAgent = this.#options.agentManager.GetAgent(jwksClientUri);
287
+ }
288
+ const jwks = jwksClient(jwksClientOptions);
289
+ const decodedRefreshToken = jwtDecode.jwtDecode(token, { header: true });
290
+ const kid = decodedRefreshToken.kid;
291
+ const key = await jwks.getSigningKey(kid);
292
+ const signingKey = key.getPublicKey();
293
+ const verifyOptions = {
294
+ issuer: iss,
295
+ //subject: s,
296
+ audience,
297
+ //expiresIn: 600, // 10 minutes
298
+ algorithm: ["RS256"]
299
+ // RSASSA [ "RS256", "RS384", "RS512" ]
300
+ };
301
+ return jwt.verify(token, signingKey, verifyOptions);
302
+ };
303
+ // Function to extract the origin from a URI
304
+ ExtractOrigin = (uri) => {
305
+ const match = uri.match(this.#originRegex);
306
+ return match ? match[1] : null;
307
+ };
308
+ GetAPITokenFromAuthServerUsingScope = async (options, errorCb) => {
309
+ const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;
310
+ let stage = "1";
311
+ const invokeErrorCb = (error) => {
312
+ this.#LogDebugMessage(error);
313
+ if (instrumentController) {
314
+ instrumentController.UpdateInstrument(stsobservability.Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, {
315
+ // auth error
316
+ Inc: 1
317
+ });
318
+ }
319
+ errorCb(error);
320
+ };
321
+ try {
322
+ stage = "2";
323
+ const scopes = scope.split(" ");
324
+ let origin = null;
325
+ let error = null;
326
+ stage = "3";
327
+ for (let i = 0; i < scopes.length; i++) {
328
+ const s = scopes[i];
329
+ if (!origin) {
330
+ origin = this.ExtractOrigin(s);
331
+ if (!origin) {
332
+ error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);
333
+ break;
334
+ }
335
+ } else {
336
+ const nextOrigin = this.ExtractOrigin(s);
337
+ if (!nextOrigin) {
338
+ error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);
339
+ break;
340
+ } else {
341
+ if (origin.localeCompare(nextOrigin) !== 0) {
342
+ error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);
343
+ break;
344
+ }
345
+ }
346
+ }
347
+ }
348
+ stage = "4";
349
+ if (error) {
350
+ invokeErrorCb(error);
351
+ return "";
352
+ }
353
+ stage = "5";
354
+ const payload = {
355
+ //@@ make a type
356
+ client_id: clientId,
357
+ // The service calling this method
358
+ client_secret: authClientSecret,
359
+ // Auth service client secret
360
+ //client_secret: goptions.brokerclientsecret, // Broker service client secret
361
+ scope,
362
+ // required API
363
+ //@@ remove audience
364
+ //@@ need scope to be the API identifier
365
+ grant_type: "client_credentials"
366
+ };
367
+ stage = "6";
368
+ const url = endPoint ? `${endPoint}${stsconfig.goptions.asoauthapiroot}/token` : `${stsconfig.goptions.asendpoint}:${stsconfig.goptions.asport}${stsconfig.goptions.asoauthapiroot}/token`;
369
+ stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`;
370
+ const axiosConfig = new stsutils.STSAxiosConfig(url, "post").withDefaultHeaders().withData(payload);
371
+ if (this.#options.agentManager) {
372
+ axiosConfig.withAgentManager(this.#options.agentManager);
373
+ }
374
+ const retVal = await axios(axiosConfig.config);
375
+ stage = "7";
376
+ if (retVal.status) {
377
+ if (retVal.status !== 200) {
378
+ this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));
379
+ }
380
+ } else {
381
+ invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));
382
+ return "";
383
+ }
384
+ stage = "8";
385
+ if (retVal.data) {
386
+ stage = "9";
387
+ if (retVal.data.access_token) {
388
+ stage = "10";
389
+ if (instrumentController) {
390
+ stage = "11";
391
+ instrumentController.UpdateInstrument(stsobservability.Gauge.AUTHENTICATION_COUNT_GAUGE, {
392
+ Inc: 1
393
+ });
394
+ }
395
+ stage = "12";
396
+ return retVal.data.access_token;
397
+ } else {
398
+ stage = "13";
399
+ invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));
400
+ return "";
401
+ }
402
+ } else {
403
+ stage = "14";
404
+ invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));
405
+ return "";
406
+ }
407
+ } catch (error) {
408
+ if (outputErrorsToConsole === true) {
409
+ console.error(error);
410
+ }
411
+ let details = "None available.";
412
+ if (error.response && error.response.data) {
413
+ try {
414
+ details = JSON.stringify(error.response.data);
415
+ } catch (error2) {
416
+ details = `Could not JSON.stringify(error.response.data)`;
417
+ }
418
+ }
419
+ invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));
420
+ return "";
421
+ }
422
+ };
433
423
  }
434
- _options2 = new WeakMap();
435
- _cache = new WeakMap();
436
- _cacheTimeout = new WeakMap();
437
- _cookiejar = new WeakMap();
438
- _originRegex = new WeakMap();
439
- _AuthUtilsNode_instances = new WeakSet();
440
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
441
- LogDebugMessage_fn = function(message) {
442
- __privateGet(this, _options2).logger.debug(message);
443
- };
444
424
  exports2.AuthUtilsNode = AuthUtilsNode;
445
425
  exports2.STSAuthClientErrorCode = STSAuthClientErrorCode;
446
426
  exports2.SessionManager = SessionManager;
447
427
  exports2.iss = iss;
448
428
  Object.defineProperty(exports2, Symbol.toStringTag, { value: "Module" });
449
- });
429
+ }));
450
430
  //# sourceMappingURL=stsauthclient.umd.js.map