@nsshunt/stsoauth2plugin 0.1.65 → 0.1.68

package/src/stsoauth2manager.ts

@@ -1,437 +0,0 @@
-import Debug from "debug";
-const debug = Debug(`proc:${process.pid}:stsoauth2manager.ts`);
-
-import { JSONObject, OAuth2ParameterType } from '@nsshunt/stsutils';
-
-import CryptoUtils from './Utils/CryptoUtils'
-import QueryParams from './Utils/QueryParams';
-
-import { IAuthorizeOptions, IAuthorizeResponse, IAuthorizeErrorResponse, AuthenticateEvent,
-	ISTSOAuth2ManagerOptions, IOauth2ListenerMessage, IOauth2ListenerMessageResponse, 
-	IOauth2ListenerCommand, ISTSOAuth2WorkerMessage, StsOauth2WorkerFactory } from './stsoauth2types'
-
-import { IStsStorage, ClientStorageType, ClientStorageFactory } from './stsStorage'
-
-import { Gauge, InstrumentBaseTelemetry } from '@nsshunt/stsinstrumentation'
-
-import jwt_decode from "jwt-decode";
-
-import { createPinia, defineStore } from 'pinia'
-import piniaPersist from 'pinia-plugin-persist'
-
-// STS Client SDK for SPAs
-export class STSOAuth2Manager {
-	#storageManager = null;
-	#router: any = null;
-	#store = null;
-	#cUtils = new CryptoUtils();
-	#qParams = new QueryParams();
-	#STORAGE_AUTHORIZE_OPTIONS_KEY = 'authorize_options.stsmda.com.au';
-	#STORAGE_SESSION_KEY = 'session.stsmda.com.au';
-	#aic = null;
-	#options: ISTSOAuth2ManagerOptions = null;
-	#messages: Record<number, IOauth2ListenerMessage> = { };
-	#oauth2ManagerPort: MessagePort;
-	#messageId = 0;
-	#messageHandlers: Record<number, any> = { }; // keyed by messageId
-	#messageTimeout = 1000;
-	#worker: Worker = null;
-	#transactionStore: IStsStorage<IAuthorizeOptions> = null; // Transient transaction data used to establish a session via OAuth2 authorize handshake
-	#auth2Store = null;
-
-	constructor(app, options: ISTSOAuth2ManagerOptions) {
-		this.#options = options;
-		this.#storageManager = app.config.globalProperties.$sts.storage;
-		this.#store = app.config.globalProperties.$store;
-		this.#aic = app.config.globalProperties.$sts.aic.PrimaryPublishInstrumentController;
-		this.#router = app.config.globalProperties.$router;
-
-		// Use session storage for the transient nature of the OAuth2 authorize handshake. Once completed, the storage will be removed.
-		this.#transactionStore = new ClientStorageFactory<IAuthorizeOptions>({clientStorageType: ClientStorageType.SESSION_STORAGE}).GetStorage();
-
-		this.#worker = this.#options.workerFactory();
-		
-		this.#worker.onmessage = (data: MessageEvent) => {
-			console.log(`this.#worker.onmessage = [${data}]`); // green
-		};
-
-		this.#worker.onerror = function(error) {
-			console.log(`this.#worker.onerror = [${JSON.stringify(error)}]`); // green
-		};
-
-		const { 
-			port1: oauth2ManagerPort, // process message port
-			port2: oauth2WorkerPort  // collector message port
-		} = new MessageChannel();
-		this.#oauth2ManagerPort = oauth2ManagerPort;
-
-		const workerMessage: ISTSOAuth2WorkerMessage = {
-			workerPort: oauth2WorkerPort,
-			options: this.#options.workerOptions
-		}
-
-		this.#worker.postMessage(workerMessage, [ oauth2WorkerPort ]);
-
-		this.#oauth2ManagerPort.onmessage = (data: MessageEvent) => {
-			this.#ProcessMessageResponse(data);
-		}
-
-		this.#SetupStoreNamespace();
-
-		this.#SetupPiniaStoreNamespace();
-
-		this.#SetupRoute(app, this.#router);
-	}
-
-	#ProcessMessageResponse = (data: MessageEvent) => {
-		const messageResponse: IOauth2ListenerMessageResponse = data.data as IOauth2ListenerMessageResponse;
-		if (messageResponse.messageId === -1) {
-			// unsolicted message
-			switch (messageResponse.command) {
-			case IOauth2ListenerCommand.AUTHENTICATE_EVENT :
-				this.#HandleAuthenticateEvent(messageResponse.payload as string);
-				break;
-			case IOauth2ListenerCommand.ERROR :
-				this.#HandleErrorEvent(messageResponse.payload as JSONObject);
-				break;
-			case IOauth2ListenerCommand.LOG :
-				this.#HandleLogEvent(messageResponse.payload as string);
-				break;
-			case IOauth2ListenerCommand.UPDATE_INSTRUMENT :
-				this.#HandleUpdateInstrumentEvent(messageResponse.payload.instrumentName, messageResponse.payload.telemetry);
-				break;
-			default :
-				throw new Error(`ProcessMessageResponse command [${messageResponse.command}] not valid.`);
-			}
-		} else {
-			const callBack = this.#messageHandlers[messageResponse.messageId];
-			if (callBack) {
-				callBack(messageResponse);
-			} else {
-				throw new Error(`Message: [${messageResponse.messageId}] does not exists in callBacks.`);
-			}
-		}
-	}
-
-	#PostMessage = (message: IOauth2ListenerMessage): Promise<IOauth2ListenerMessageResponse> => {
-		message.messageId = this.#messageId++;
-
-		return new Promise<IOauth2ListenerMessageResponse>((resolve, reject) => {
-			// Setup message timeout
-			const timeout: NodeJS.Timeout = setTimeout(() => {
-				delete this.#messageHandlers[message.messageId];
-				reject(`Message: [${message.messageId}] timeout error after: [${this.#messageTimeout}] ms.`);
-			}, this.#messageTimeout);
-
-			// Setup message callback based on messageId
-			this.#messageHandlers[message.messageId] = (response: IOauth2ListenerMessageResponse) => {
-				clearTimeout(timeout);
-				delete this.#messageHandlers[message.messageId];
-				resolve(response);
-			}
-
-			// Send the message
-			this.#oauth2ManagerPort.postMessage(message);	
-		});
-	}
-
-	#HandleLogEvent = (message: string): void => {
-		if (this.#aic) {
-			this.#aic.LogEx(message);
-		}
-		debug(message);
-	}
-
-	// UpdateInstrument = (instrumentName: Gauge, telemetry: InstrumentBaseTelemetry): void => {
-	#HandleUpdateInstrumentEvent = (instrumentName: Gauge, telemetry: InstrumentBaseTelemetry): void => {
-		if (this.#aic) {
-			this.#aic.UpdateInstrument(instrumentName, telemetry);
-		}
-	}
-
-	// Will come from message channel
-	#HandleErrorEvent = (error: JSONObject): void => {
-		this.#store.commit('AuthorizeError', { // Authorize applications store
-			message: error
-		});
-
-		// plugin to do this ...
-		setTimeout(() => {
-			this.#router.replace('/error'); //@@ was push
-		}, 0);
-	}
-
-	#HandleAuthenticateEvent: AuthenticateEvent = (id_token: string): void => {
-		if (this.#options.authenticateEvent) {
-			this.#options.authenticateEvent(id_token);
-		}
-		this.#store.commit('stsOAuth2SDK/SessionData', id_token);
-
-		//@@ new version here
-		this.#auth2Store.UpdateSessionData(id_token);
-	}
-
-	#SetupRoute = (app, router) => {
-		router.beforeEach(async (to, from) => {
-			const store = app.config.globalProperties.$store;
-			const sts = app.config.globalProperties.$sts;
-	
-			debug(`beforeEach: from: [${from.path}], to: [${to.path}]`); // gray
-			if (store.getters['stsOAuth2SDK/LoggedIn'] === false) {
-				console.log(`Not logged in`);
-				// Not logged in
-				if (to.path.localeCompare('/authorize') === 0) {
-					console.log(`to = /authorize`);
-					return true;
-				} else if (to.path.localeCompare('/consent') === 0) {
-					// Need to check if we are in the correct state, if not - drop back to the start of the process
-					if (typeof store.getters.Session.sessionId !== 'undefined') {
-						return true;
-					}
-				}
-				if (to.path.localeCompare('/logout') === 0) {
-					return true;
-				}
-				if (to.path.localeCompare('/error') === 0) {
-					return true;
-				}
-				if (to.path.localeCompare('/logout') === 0) {
-					return true;
-				}
-		
-				const str = to.query;
-				// Check if this route is from a redirect from the authorization server
-				if (str[OAuth2ParameterType.CODE] || str[OAuth2ParameterType.ERROR]) {
-			
-					console.log(`#SetupRout:str = [${str}]`);
-
-					const retVal: boolean = await sts.om.HandleRedirect(str);
-					if (retVal) {
-						// Success
-						setTimeout(() => {
-							window.history.replaceState(
-								{},
-								document.title,
-								window.location.origin + '/');
-						}, 0);
-						return true;
-					} else {
-						// Error
-						//@@ need the error data here - or use the vuex store ?
-						this.#router.replace('/error'); //@@ was push
-
-						//@@ should replaceState be used as in above?
-						return false;
-					}
-				}
-		
-				const sessionRestored = await sts.om.RestoreSession();
-				console.log(`#SetupRoute:sessionRestored [${sessionRestored}]`);
-
-				if (sessionRestored !== true) {
-					console.log('Session not restored - Need to Authorize');
-					sts.om.Authorize();
-					return false;
-				} else {
-					return '/';
-					//router.replace({ path: '/' })
-				}
-			} else {
-				// Prevent pages if already logged in
-				if (to.path.localeCompare('/consent') === 0) {
-					return '/';
-					/*
-					router.replace({ path: '/' })
-					return false;
-					*/
-				}
-				if (to.path.localeCompare('/authorize') === 0) {
-					router.replace({ path: '/' })
-					return false;
-				}
-				if (to.path.localeCompare('/logout') === 0) {
-					router.replace({ path: '/' })
-					return false;
-				}
-				return true;
-		
-				/*
-				if (to.path.localeCompare('/') === 0) {
-					// In case press the back button in the browser shows previous query string params, replace them ...
-					setTimeout(() => {
-						window.history.replaceState(
-							{},
-							document.title,
-							window.location.origin + '/');
-					}, 0);
-					return true;
-				}
-				*/
-			}
-		})
-	}
-
-	// Replace with pinia
-	// https://pinia.vuejs.org/
-	// https://seb-l.github.io/pinia-plugin-persist/
-	#SetupStoreNamespace = () => {
-		this.#store.registerModule('stsOAuth2SDK', {
-			namespaced: true,
-		
-			state () {
-				return {
-					// STS Client SDK options. These are parameters initiated by the client SPA and used for the end-to-end transaction processing.
-					//authorizeOptions: { },
-		
-					sessionData: { },
-				}
-			},
-		
-			getters: {
-				SessionData (state) {
-					return state.sessionData;
-				},
-				LoggedIn (state) {
-					if (typeof state.sessionData === 'undefined') {
-						return false;
-					}
-					if (state.sessionData === null) {
-						return false;
-					}
-					return true;
-				},
-				UserDetails (state) {
-					//if (state.sessionData && state.sessionData.id_token) {
-					if (state.sessionData) {
-						const id_token = state.sessionData;
-						const decodedIdToken = jwt_decode(id_token);
-						return decodedIdToken;
-					} else {
-						return null;
-					}
-				}
-			},
-		
-			mutations: {
-				SessionData (state, sessionData) {
-					state.sessionData = sessionData;
-					console.log(`commit [sessionData]: ${JSON.stringify(sessionData)}`)
-				},
-			}
-		}, { preserveState: true });
-	}
-
-	// Replace with pinia
-	// https://pinia.vuejs.org/
-	// https://seb-l.github.io/pinia-plugin-persist/
-	#SetupPiniaStoreNamespace = () => {
-		const store = defineStore('__pin_stsOAuth2SDK', {
-			state: () => {
-				return {
-					sessionData: { }
-				}
-			},
-			actions: {
-				UpdateSessionData(newState) {
-					this.sessionData = newState;
-				}
-			},
-			getters: {
-				SessionData: (state) => {
-					return state.sessionData;
-				},
-				LoggedIn: (state) => {
-					if (typeof state.sessionData === 'undefined') {
-						return false;
-					}
-					if (state.sessionData === null) {
-						return false;
-					}
-					return true;
-				},
-				UserDetails: (state) => {
-					//if (state.sessionData && state.sessionData.id_token) {
-					if (state.sessionData) {
-						const id_token = state.sessionData;
-						const decodedIdToken = jwt_decode(id_token);
-						return decodedIdToken;
-					} else {
-						return null;
-					}
-				}
-			},
-			persist: {
-				enabled: true
-			},
-		});
-
-		this.#auth2Store = store();
-		console.log(`================================= Pinia store setup`);
-		console.log(this.#auth2Store);
-	}
-
-	RestoreSession = async(): Promise<boolean> => {
-		try {
-			const response: IOauth2ListenerMessageResponse = await this.#PostMessage({ command: IOauth2ListenerCommand.RESTORE_SESSION });
-			return response.payload;
-		} catch (error) {
-			console.log(`RestoreSession Error: ${error}`); //red
-			return false;
-		}
-	}
-
-	Authorize = async (): Promise<void> => {
-		try {
-			const response: IOauth2ListenerMessageResponse = await this.#PostMessage({ command: IOauth2ListenerCommand.AUTHORIZE });
-			this.#transactionStore.set(this.#STORAGE_AUTHORIZE_OPTIONS_KEY, response.payload.authorizeOptions);
-			const url = response.payload.url;
-			window.location.replace(url);
-		} catch (error) {
-			console.log(`Authorize Error: ${error}`); // red
-		}
-	}
-
-	HandleRedirect = async (queryVars: JSONObject): Promise<boolean> => {
-		try {
-			let response: IOauth2ListenerMessageResponse = null;
-			if (queryVars[OAuth2ParameterType.CODE]) {
-
-				const authorizeOptions: IAuthorizeOptions = this.#transactionStore.get(this.#STORAGE_AUTHORIZE_OPTIONS_KEY) as IAuthorizeOptions;
-				this.#transactionStore.remove(this.#STORAGE_AUTHORIZE_OPTIONS_KEY);
-
-				response = await this.#PostMessage({ command: IOauth2ListenerCommand.HANDLE_REDIRECT, payload: {
-					queryVars: queryVars as IAuthorizeResponse,
-					authorizeOptions
-				}});
-			} else {
-				response = await this.#PostMessage({ command: IOauth2ListenerCommand.HANDLE_REDIRECT, payload: queryVars as IAuthorizeErrorResponse });
-			}
-			return response.payload;
-		} catch (error) {
-			console.log(`HandleRedirect Error: ${error}`); // red
-			return false;
-		}
-	}
-
-	Logout = async (): Promise<boolean> => {
-		try {
-			const response: IOauth2ListenerMessageResponse = await this.#PostMessage({ command: IOauth2ListenerCommand.LOGOUT });
-			return response.payload;
-		} catch (error) {
-			console.log(`Logout Error: ${error}`); // red
-			return false;
-		}
-	}
-
-	/*
-	GetIDToken = async (): Promise<string> => {
-		try {
-			const response: IOauth2ListenerMessageResponse = await this.#PostMessage({ command: IOauth2ListenerCommand.ID_TOKEN });
-			return response.payload;
-		} catch (error) {
-			console.log(`Logout Error: ${error}`); // red
-			return null;
-		}
-	}
-	*/
-}

package/src/stsoauth2types.ts

@@ -1,134 +0,0 @@
-export enum AuthorizeOptionsResponseType {
-	CODE = 'code',
-	ID_TOKEN = 'id_token',
-	TOKEN = 'token'
-}
-
-export enum AuthorizeOptionsResponseMode {
-	QUERY = 'query',
-	FRAGMENT = 'fragment',
-	FORM_POST = 'form_post'
-}
-
-// https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
-export interface IAuthorizeOptions {
-	client_id: string,
-	nonce: string,
-	response_type: AuthorizeOptionsResponseType[], // Must include: 'code' and may include: 'id_token' and/or 'token'
-	redirect_uri: string,
-	response_mode: AuthorizeOptionsResponseMode
-	scope: string, // A space-separated list of scopes that you want the user to consent to. For the /authorize leg of the request, this parameter can cover multiple resources. This value allows your app to get consent for multiple web APIs you want to call.
-	state: string, // Client application state (if required)
-	code_challenge: string,
-	code_challenge_method: string, //@@ enum S256
-	code_verifier?: string
-}
-
-export interface IAuthorizeResponse {
-	state: string, // state passed to authorize end-point
-	code: string // authorization code
-}
-
-export interface IAuthorizeErrorResponse {
-	error: string, 
-	error_description: string 
-}
-
-export enum OAuthGrantTypes {
-	CLIENT_CREDENTIALS = 'client_credentials',
-	AUTHORIZATION_CODE = 'authorization_code',
-	REFRESH_TOKEN = 'refresh_token'
-}
-
-export interface IAuthorizationCodeFlowParameters {
-	client_id: string,
-	scope: string,
-	code: string,
-	redirect_uri: string, // URI
-	grant_type: OAuthGrantTypes, // 'authorization_code', //@@ need enum
-	code_verifier: string
-}
-
-export interface IRefreshFlowParameters {
-	client_id: string,
-	scope: string,
-	refresh_token: string, // JWT
-	grant_type: OAuthGrantTypes // 'refresh_token' //@@ enum
-}
-
-export interface ITokenResponse {
-    access_token: string, // JWT
-    token_type: string, //@@ "Bearer" only
-    expires_in: number,
-    scope: string,
-    refresh_token: string, // JWT
-    id_token: string, // JWT
-}
-
-export interface ITokenErrorResponse {
-	error: string,
-	error_description: string,
-	error_codes: number[],
-	timestamp: number
-	details: unknown //@@ STS attribute ?
-	//"trace_id": "255d1aef-8c98-452f-ac51-23d051240864", //@@ MS attribute
-	//"correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7" //@@ MS attribute
-}
-
-export type AuthenticateEvent = (id_token: string) => void;
-
-// ---------------
-
-export enum IOauth2ListenerCommand {
-	RESTORE_SESSION = 'RestoreSession',
-	AUTHORIZE = 'Authorize',
-	HANDLE_REDIRECT = 'HandleRedirect',
-	LOGOUT = 'Logout',
-	AUTHENTICATE_EVENT = 'AuthenticateEvent',
-	ERROR = 'Error',
-	LOG = '__LOG',
-	UPDATE_INSTRUMENT = '__UPDATE_INSTRUMENT',
-	ID_TOKEN = '__ID_TOKEN'
-}
-
-export interface IOauth2ListenerMessage {
-	messageId?: number
-	command: IOauth2ListenerCommand
-	payload?: any
-}
-
-export interface IOauth2ListenerMessageResponse {
-	messageId: number
-	command: IOauth2ListenerCommand
-	payload: any
-}
-
-export type StsOauth2WorkerFactory = () => Worker
-
-export interface ISTSOAuth2WorkerOptions {
-	client_id: string
-	scope: string
-	redirect_uri: string
-	audience: string
-	
-	brokerendpoint: string
-	brokerport: string
-	brokerapiroot: string
-	
-	authorizeendpoint: string
-	authorizeport: string
-	authorizeapiroot: string
-	
-	timeout: number
-}
-
-export interface ISTSOAuth2ManagerOptions {
-	authenticateEvent?: AuthenticateEvent
-	workerFactory?: StsOauth2WorkerFactory
-	workerOptions: ISTSOAuth2WorkerOptions
-}
-
-export interface ISTSOAuth2WorkerMessage {
-	workerPort: MessagePort,
-	options: ISTSOAuth2WorkerOptions
-}