@nsshunt/stsoauth2plugin 0.0.3

package/src/Utils/QueryParams.ts

@@ -0,0 +1,48 @@
+// https://github.com/auth0/auth0-spa-js/blob/1de6427f81a8c5b005e9b6d10b9efb1e73542528/static/index.html
+// https://stackoverflow.com/questions/12446317/change-url-without-redirecting-using-javascript
+class QueryParams {
+	DecodeQueryParams = (params) => {
+		const retObj = { };
+		const arr = Object.keys(params)
+			.filter(k => typeof params[k] !== 'undefined')
+			.map(k => { 
+				retObj[decodeURIComponent(k)] = decodeURIComponent(params[k]);
+			});
+		return retObj;
+	}
+
+	CreateQueryParams = (params) => {
+		return Object.keys(params)
+			.filter(k => typeof params[k] !== 'undefined')
+			.map(k => {
+				if (Array.isArray(params[k])) {
+					return encodeURIComponent(k) + '=' + encodeURIComponent(params[k].join(' '))
+				} else {
+					return encodeURIComponent(k) + '=' + encodeURIComponent(params[k])
+				}
+			})
+			.join('&');
+	}
+
+	_GetQueryParams = (param) => {
+		let retVal = { };
+		const uri = param.split("?");
+		if (uri.length == 2) {
+			const vars = uri[1].split("&");
+			const getVars = {};
+			let tmp = "";
+			vars.forEach(function (v) {
+				tmp = v.split("=");
+				if (tmp.length == 2) getVars[tmp[0]] = tmp[1];
+			});
+			retVal = this.DecodeQueryParams(getVars);
+		}
+		return retVal;
+	}
+  
+	GetQueryParams = () => {
+		return this._GetQueryParams(window.location.href);
+	}
+}
+
+export default QueryParams;

package/src/index.test.ts

@@ -0,0 +1,10 @@
+
+describe("Test Latency Controller", () =>
+{
+	test('Testing Module', async () => 
+	{
+		expect.assertions(1);
+		expect(1).toEqual(1);
+	});
+});
+

package/src/index.ts

@@ -0,0 +1,3 @@
+export * from './stsoauth2types'
+export * from './stsoauth2manager'
+

package/src/stsStorage.ts

@@ -0,0 +1,158 @@
+import Debug from "debug";
+const debug = Debug(`proc:${process.pid}:storage.ts`);
+
+import * as Cookies from 'es-cookie';
+import { JSONObject } from "@nsshunt/stsutils";
+
+export interface IStsStorage<T> {
+	get(key: string): T
+	set(key: string, value: T, options?: JSONObject): void
+	remove(key: string): void
+}
+
+export enum ClientStorageType {
+	LOCAL_STORAGE = 'LocalStorage', //@@ todo
+	SESSION_STORAGE = 'SessionStorage',
+	COOKIE_STORAGE = 'CookieStorage',
+	MEMORY_STORAGE = 'MemoryStorage' //@@ todo
+}
+
+class CookieStorage<T> implements IStsStorage<T>
+{
+	get = (key: string): T => {
+		const raw = Cookies.get(key);
+		if (raw) {
+			return JSON.parse(raw);
+		} else {
+			return null;
+		}
+	}
+
+	set = (key: string, value: T, options: JSONObject = { }) => {
+		let cookieAttributes: Cookies.CookieAttributes = { };
+		if ('https:' === window.location.protocol) {
+			cookieAttributes = {
+				secure: true,
+				sameSite: 'none'
+			};
+		}
+	
+		if (options && options.daysUntilExpire) {
+			cookieAttributes.expires = options.daysUntilExpire;
+		} else {
+			cookieAttributes.expires = 1;
+		}
+		debug(`CookieStorage.set: key: ${key}, value: [${value}]`);
+		Cookies.set(key, JSON.stringify(value), cookieAttributes);
+	}
+
+	remove = (key: string): void => {
+		Cookies.remove(key);
+	}
+}
+
+class SessionStorage<T> implements IStsStorage<T>
+{
+	get = (key: string): T => {
+		const value: string = sessionStorage.getItem(key);
+		if (typeof value === 'undefined') {
+			return null;
+		}
+		if (value === null) {
+			return null;
+		}
+		return JSON.parse(value);
+	}
+  
+	set = (key: string, value: T): void => {
+		debug(`SessionStorage.set: key: ${key}, value: [${value}]`);
+		sessionStorage.setItem(key, JSON.stringify(value));
+	}
+  
+	remove = (key: string): void => {
+	  sessionStorage.removeItem(key);
+	}
+}
+
+class LocalStorage<T> implements IStsStorage<T>
+{
+	get = (key: string): T => {
+		const value: string = localStorage.getItem(key);
+		if (typeof value === 'undefined') {
+			return null;
+		}
+		if (value === null) {
+			return null;
+		}
+		return JSON.parse(value);
+	}
+  
+	set = (key: string, value: T): void => {
+		debug(`LocalStorage.set: key: ${key}, value: [${value}]`);
+		localStorage.setItem(key, JSON.stringify(value));
+	}
+  
+	remove = (key: string): void => {
+		localStorage.removeItem(key);
+	}
+}
+
+class MemoryStorage<T> implements IStsStorage<T>
+{
+	#store: Record<string, T> = { };
+
+	get = (key: string): T => {
+		const value: T = this.#store[key];
+		if (typeof value === 'undefined') {
+			return null;
+		}
+		if (value === null) {
+			return null;
+		}
+		return value;
+	}
+  
+	set = (key: string, value: T): void => {
+		debug(`MemoryStorage.set: key: ${key}, value: [${value}]`);
+		this.#store[key] = value;
+	}
+  
+	remove = (key: string): void => {
+		delete this.#store[key];
+	}
+}
+
+export class ClientStorageOptions {
+	clientStorageType: ClientStorageType = ClientStorageType.MEMORY_STORAGE;
+	storageOptions?: JSONObject
+}
+
+export class ClientStorageFactory<T>
+{
+	#storage = null;
+
+	constructor(options: ClientStorageOptions) {
+		switch (options.clientStorageType) {
+		case ClientStorageType.SESSION_STORAGE :
+			this.#storage = new SessionStorage<T>();
+			break;
+		case ClientStorageType.LOCAL_STORAGE :
+			this.#storage = new LocalStorage<T>();
+			break;
+		case ClientStorageType.COOKIE_STORAGE :
+			this.#storage = new CookieStorage<T>();
+			break;
+		case ClientStorageType.MEMORY_STORAGE :
+			this.#storage = new MemoryStorage<T>();
+			break;
+		default:
+			throw new Error(`Unknown [${options.clientStorageType}] storage type.`);
+		}
+		return;
+	}
+
+	GetStorage(): IStsStorage<T>
+	{
+		return this.#storage;
+	}
+}

package/src/stsoauth2manager.ts

@@ -0,0 +1,350 @@
+import Debug from "debug";
+const debug = Debug(`proc:${process.pid}:stsoauth2manager.ts`);
+
+import { JSONObject, OAuth2ParameterType } from '@nsshunt/stsutils';
+
+import CryptoUtils from './Utils/CryptoUtils'
+import QueryParams from './Utils/QueryParams';
+
+import { IAuthorizeOptions, IAuthorizeResponse, IAuthorizeErrorResponse, AuthenticateEvent,
+	ISTSOAuth2ManagerOptions, IOauth2ListenerMessage, IOauth2ListenerMessageResponse, IOauth2ListenerCommand } from './stsoauth2types'
+
+import { Router } from 'vue-router' //@@ only need the type
+
+import { IStsStorage, ClientStorageType, ClientStorageFactory } from './stsStorage'
+
+//import createPersistedState from "vuex-persistedstate"; // https://www.npmjs.com/package/vuex-persistedstate
+import jwt_decode from "jwt-decode";
+//import { transformWithEsbuild } from "vite";
+
+// STS Client SDK for SPAs
+class STSOAuth2Manager {
+	#storageManager = null;
+	#router: Router = null;
+	#store = null;
+	#cUtils = new CryptoUtils();
+	#qParams = new QueryParams();
+	#STORAGE_AUTHORIZE_OPTIONS_KEY = 'authorize_options.stsmda.com.au';
+	#STORAGE_SESSION_KEY = 'session.stsmda.com.au';
+	#aic = null;
+	#options: ISTSOAuth2ManagerOptions = null;
+	#messages: Record<number, IOauth2ListenerMessage> = { };
+	#oauth2ManagerPort: MessagePort;
+	#messageId = 0;
+	#messageHandlers: Record<number, any> = { }; // keyed by messageId
+	#messageTimeout = 1000;
+	#worker: Worker = null;
+	#transactionStore: IStsStorage<IAuthorizeOptions> = null; // Transient transaction data used to establish a session via OAuth2 authorize handshake
+
+	constructor(app, options: ISTSOAuth2ManagerOptions) {
+		this.#options = options;
+		this.#storageManager = app.config.globalProperties.$sts.storage;
+		this.#store = app.config.globalProperties.$store;
+		this.#aic = app.config.globalProperties.$sts.aic.PrimaryPublishInstrumentController;
+		this.#router = app.config.globalProperties.$router;
+
+		// Use session storage for the transient nature of the OAuth2 authorize handshake. Once completed, the storage will be removed.
+		this.#transactionStore = new ClientStorageFactory<IAuthorizeOptions>({clientStorageType: ClientStorageType.SESSION_STORAGE}).GetStorage();
+
+		this.#worker = new Worker(new URL('./stsoauth2worker.ts', import.meta.url), {
+			type: 'module'
+		});
+
+		this.#worker.onmessage = (data: MessageEvent) => {
+			console.log(`this.#worker.onmessage = [${data}]`.green);
+		};
+
+		this.#worker.onerror = function(error) {
+			console.log(`this.#worker.onerror = [${error}]`.green);
+		};
+
+		const { 
+			port1: oauth2ManagerPort, // process message port
+			port2: oauth2WorkerPort  // collector message port
+		} = new MessageChannel();
+		this.#oauth2ManagerPort = oauth2ManagerPort;
+
+		this.#worker.postMessage(oauth2WorkerPort, [ oauth2WorkerPort ]);
+
+		this.#oauth2ManagerPort.onmessage = (data: MessageEvent) => {
+			this.#ProcessMessageResponse(data);
+		}
+
+
+		this.#SetupStoreNamespace();
+		this.#SetupRoute(app, options.router);
+	}
+
+	#ProcessMessageResponse = (data: MessageEvent) => {
+		const messageResponse: IOauth2ListenerMessageResponse = data.data as IOauth2ListenerMessageResponse;
+		if (messageResponse.messageId === -1) {
+			// unsolicted message
+			switch (messageResponse.command) {
+			case IOauth2ListenerCommand.AUTHENTICATE_EVENT :
+				this.#HandleAuthenticateEvent(messageResponse.payload as string);
+				break;
+			case IOauth2ListenerCommand.ERROR :
+				this.#HandleErrorEvent(messageResponse.payload as JSONObject);
+				break;
+			default :
+				throw new Error(`ProcessMessageResponse command [${messageResponse.command}] not valid.`);
+			}
+		} else {
+			const callBack = this.#messageHandlers[messageResponse.messageId];
+			if (callBack) {
+				callBack(messageResponse);
+			} else {
+				throw new Error(`Message: [${messageResponse.messageId}] does not exists in callBacks.`);
+			}
+		}
+	}
+
+	#PostMessage = (message: IOauth2ListenerMessage): Promise<IOauth2ListenerMessageResponse> => {
+		message.messageId = this.#messageId++;
+
+		return new Promise<IOauth2ListenerMessageResponse>((resolve, reject) => {
+			// Setup message timeout
+			const timeout: NodeJS.Timeout = setTimeout(() => {
+				delete this.#messageHandlers[message.messageId];
+				reject(`Message: [${message.messageId}] timeout error after: [${this.#messageTimeout}] ms.`);
+			}, this.#messageTimeout);
+
+			// Setup message callback based on messageId
+			this.#messageHandlers[message.messageId] = (response: IOauth2ListenerMessageResponse) => {
+				clearTimeout(timeout);
+				delete this.#messageHandlers[message.messageId];
+				resolve(response);
+			}
+
+			// Send the message
+			this.#oauth2ManagerPort.postMessage(message);	
+		});
+	}
+
+	// Will come from message channel
+	#HandleErrorEvent = (error: JSONObject): void => {
+		this.#store.commit('AuthorizeError', { 
+			message: error
+		});
+		// plugin to do this ...
+		setTimeout(() => {
+			this.#router.replace('/error'); //@@ was push
+		}, 0);
+	}
+
+	#HandleAuthenticateEvent: AuthenticateEvent = (id_token: string): void => {
+		if (this.#options.authenticateEvent) {
+			this.#options.authenticateEvent(id_token);
+		}
+		this.#store.commit('stsOAuth2SDK/SessionData', id_token);
+	}
+
+	#SetupRoute = (app, router) => {
+		router.beforeEach(async (to, from) => {
+			const store = app.config.globalProperties.$store;
+			const sts = app.config.globalProperties.$sts;
+	
+			debug(`beforeEach: from: [${from.path}], to: [${to.path}]`.gray);
+			if (store.getters['stsOAuth2SDK/LoggedIn'] === false) {
+				console.log(`Not logged in`);
+				// Not logged in
+				if (to.path.localeCompare('/authorize') === 0) {
+					console.log(`to = /authorize`);
+					return true;
+				} else if (to.path.localeCompare('/consent') === 0) {
+					// Need to check if we are in the correct state, if not - drop back to the start of the process
+					if (typeof store.getters.Session.sessionId !== 'undefined') {
+						return true;
+					}
+				}
+				if (to.path.localeCompare('/logout') === 0) {
+					return true;
+				}
+				if (to.path.localeCompare('/error') === 0) {
+					return true;
+				}
+				if (to.path.localeCompare('/logout') === 0) {
+					return true;
+				}
+		
+				const str = to.query;
+				// Check if this route is from a redirect from the authorization server
+				if (str[OAuth2ParameterType.CODE] || str[OAuth2ParameterType.ERROR]) {
+			
+					console.log(`#SetupRout:str = [${str}]`);
+
+					const retVal: boolean = await sts.om.HandleRedirect(str);
+					if (retVal) {
+						// Success
+						setTimeout(() => {
+							window.history.replaceState(
+								{},
+								document.title,
+								window.location.origin + '/');
+						}, 0);
+						return true;
+					} else {
+						// Error
+						//@@ need the error data here - or use the vuex store ?
+						this.#router.replace('/error'); //@@ was push
+
+						//@@ should replaceState be used as in above?
+						return false;
+					}
+				}
+		
+				const sessionRestored = await sts.om.RestoreSession();
+				console.log(`#SetupRoute:sessionRestored [${sessionRestored}]`);
+
+				if (sessionRestored !== true) {
+					console.log('Session not restored - Need to Authorize');
+					sts.om.Authorize();
+					return false;
+				} else {
+					return '/';
+					//router.replace({ path: '/' })
+				}
+			} else {
+				// Prevent pages if already logged in
+				if (to.path.localeCompare('/consent') === 0) {
+					return '/';
+					/*
+					router.replace({ path: '/' })
+					return false;
+					*/
+				}
+				if (to.path.localeCompare('/authorize') === 0) {
+					router.replace({ path: '/' })
+					return false;
+				}
+				if (to.path.localeCompare('/logout') === 0) {
+					router.replace({ path: '/' })
+					return false;
+				}
+				return true;
+		
+				/*
+				if (to.path.localeCompare('/') === 0) {
+					// In case press the back button in the browser shows previous query string params, replace them ...
+					setTimeout(() => {
+						window.history.replaceState(
+							{},
+							document.title,
+							window.location.origin + '/');
+					}, 0);
+					return true;
+				}
+				*/
+			}
+		})
+	}
+
+	#SetupStoreNamespace = () => {
+		this.#store.registerModule('stsOAuth2SDK', {
+			namespaced: true,
+		
+			state () {
+				return {
+					// STS Client SDK options. These are parameters initiated by the client SPA and used for the end-to-end transaction processing.
+					//authorizeOptions: { },
+		
+					sessionData: { },
+				}
+			},
+		
+			getters: {
+				SessionData (state) {
+					return state.sessionData;
+				},
+				LoggedIn (state) {
+					if (typeof state.sessionData === 'undefined') {
+						return false;
+					}
+					if (state.sessionData === null) {
+						return false;
+					}
+					return true;
+				},
+				UserDetails (state) {
+					//if (state.sessionData && state.sessionData.id_token) {
+					if (state.sessionData) {
+						const id_token = state.sessionData;
+						const decodedIdToken = jwt_decode(id_token);
+						return decodedIdToken;
+					} else {
+						return null;
+					}
+				}
+			},
+		
+			mutations: {
+				SessionData (state, sessionData) {
+					state.sessionData = sessionData;
+					console.log(`commit [sessionData]: ${JSON.stringify(sessionData)}`)
+				},
+			}
+		}, { preserveState: true });
+	}
+		
+	RestoreSession = async(): Promise<boolean> => {
+		try {
+			const response: IOauth2ListenerMessageResponse = await this.#PostMessage({ command: IOauth2ListenerCommand.RESTORE_SESSION });
+			return response.payload;
+		} catch (error) {
+			console.log(`RestoreSession Error: ${error}`.red);
+			return false;
+		}
+	}
+
+	Authorize = async (): Promise<void> => {
+		try {
+			const response: IOauth2ListenerMessageResponse = await this.#PostMessage({ command: IOauth2ListenerCommand.AUTHORIZE });
+			this.#transactionStore.set(this.#STORAGE_AUTHORIZE_OPTIONS_KEY, response.payload.authorizeOptions);
+			const url = response.payload.url;
+			window.location.replace(url);
+		} catch (error) {
+			console.log(`Authorize Error: ${error}`.red);
+		}
+	}
+
+	HandleRedirect = async (queryVars: JSONObject): Promise<boolean> => {
+		try {
+			let response: IOauth2ListenerMessageResponse = null;
+			if (queryVars[OAuth2ParameterType.CODE]) {
+
+				const authorizeOptions: IAuthorizeOptions = this.#transactionStore.get(this.#STORAGE_AUTHORIZE_OPTIONS_KEY) as IAuthorizeOptions;
+				this.#transactionStore.remove(this.#STORAGE_AUTHORIZE_OPTIONS_KEY);
+
+				response = await this.#PostMessage({ command: IOauth2ListenerCommand.HANDLE_REDIRECT, payload: {
+					queryVars: queryVars as IAuthorizeResponse,
+					authorizeOptions
+				}});
+			} else {
+				response = await this.#PostMessage({ command: IOauth2ListenerCommand.HANDLE_REDIRECT, payload: queryVars as IAuthorizeErrorResponse });
+			}
+			return response.payload;
+		} catch (error) {
+			console.log(`HandleRedirect Error: ${error}`.red);
+			return false;
+		}
+	}
+
+	Logout = async (): Promise<boolean> => {
+		try {
+			const response: IOauth2ListenerMessageResponse = await this.#PostMessage({ command: IOauth2ListenerCommand.LOGOUT });
+			return response.payload;
+		} catch (error) {
+			console.log(`Logout Error: ${error}`.red);
+			return false;
+		}
+	}
+}
+
+const STSOAuth2ManagerPlugin = {
+	install: (app, router) => {
+		const om = new STSOAuth2Manager(app, router);
+		app.config.globalProperties.$sts.om = om;
+	}
+}
+
+export default STSOAuth2ManagerPlugin;

package/src/stsoauth2types.ts

@@ -0,0 +1,108 @@
+import { Router } from 'vue-router'
+
+export enum AuthorizeOptionsResponseType {
+	CODE = 'code',
+	ID_TOKEN = 'id_token',
+	TOKEN = 'token'
+}
+
+export enum AuthorizeOptionsResponseMode {
+	QUERY = 'query',
+	FRAGMENT = 'fragment',
+	FORM_POST = 'form_post'
+}
+
+// https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
+export interface IAuthorizeOptions {
+	client_id: string,
+	nonce: string,
+	response_type: AuthorizeOptionsResponseType[], // Must include: 'code' and may include: 'id_token' and/or 'token'
+	redirect_uri: string,
+	response_mode: AuthorizeOptionsResponseMode
+	scope: string, // A space-separated list of scopes that you want the user to consent to. For the /authorize leg of the request, this parameter can cover multiple resources. This value allows your app to get consent for multiple web APIs you want to call.
+	state: string, // Client application state (if required)
+	code_challenge: string,
+	code_challenge_method: string, //@@ enum S256
+	code_verifier?: string
+}
+
+export interface IAuthorizeResponse {
+	state: string, // state passed to authorize end-point
+	code: string // authorization code
+}
+
+export interface IAuthorizeErrorResponse {
+	error: string, 
+	error_description: string 
+}
+
+export enum OAuthGrantTypes {
+	CLIENT_CREDENTIALS = 'client_credentials',
+	AUTHORIZATION_CODE = 'authorization_code',
+	REFRESH_TOKEN = 'refresh_token'
+}
+
+export interface IAuthorizationCodeFlowParameters {
+	client_id: string,
+	scope: string,
+	code: string,
+	redirect_uri: string, // URI
+	grant_type: OAuthGrantTypes, // 'authorization_code', //@@ need enum
+	code_verifier: string
+}
+
+export interface IRefreshFlowParameters {
+	client_id: string,
+	scope: string,
+	refresh_token: string, // JWT
+	grant_type: OAuthGrantTypes // 'refresh_token' //@@ enum
+}
+
+export interface ITokenResponse {
+    access_token: string, // JWT
+    token_type: string, //@@ "Bearer" only
+    expires_in: number,
+    scope: string,
+    refresh_token: string, // JWT
+    id_token: string, // JWT
+}
+
+export interface ITokenErrorResponse {
+	error: string,
+	error_description: string,
+	error_codes: number[],
+	timestamp: number
+	details: unknown //@@ STS attribute ?
+	//"trace_id": "255d1aef-8c98-452f-ac51-23d051240864", //@@ MS attribute
+	//"correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7" //@@ MS attribute
+}
+
+export type AuthenticateEvent = (id_token: string) => void;
+
+// ---------------
+
+export enum IOauth2ListenerCommand {
+	RESTORE_SESSION = 'RestoreSession',
+	AUTHORIZE = 'Authorize',
+	HANDLE_REDIRECT = 'HandleRedirect',
+	LOGOUT = 'Logout',
+	AUTHENTICATE_EVENT = 'AuthenticateEvent',
+	ERROR = 'Error'
+}
+
+export interface IOauth2ListenerMessage {
+	messageId?: number
+	command: IOauth2ListenerCommand
+	payload?: any
+}
+
+export interface IOauth2ListenerMessageResponse {
+	messageId: number
+	command: IOauth2ListenerCommand
+	payload: any
+}
+
+export interface ISTSOAuth2ManagerOptions {
+	router: Router
+	authenticateEvent?: AuthenticateEvent
+}