@okrlinkhub/agent-bridge 3.0.0 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +60 -0
- package/dist/client/index.d.ts +2 -1
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +1 -0
- package/dist/client/index.js.map +1 -1
- package/dist/client/userAuth.d.ts +47 -0
- package/dist/client/userAuth.d.ts.map +1 -0
- package/dist/client/userAuth.js +122 -0
- package/dist/client/userAuth.js.map +1 -0
- package/dist/component/agents.d.ts +2 -2
- package/dist/component/permissions.d.ts +1 -1
- package/dist/component/schema.d.ts +6 -6
- package/package.json +1 -1
- package/src/client/index.ts +18 -0
- package/src/client/userAuth.test.ts +77 -0
- package/src/client/userAuth.ts +192 -0
package/README.md
CHANGED
|
@@ -93,6 +93,15 @@ Header richiesti (strict-only):
|
|
|
93
93
|
- `X-Agent-Service-Key: <service-key>`
|
|
94
94
|
- `X-Agent-App: <app-key>` (es. `crm`, `billing`)
|
|
95
95
|
|
|
96
|
+
Header opzionale per contesto utente Convex:
|
|
97
|
+
|
|
98
|
+
- `Authorization: Bearer <user-jwt>`
|
|
99
|
+
|
|
100
|
+
Quando usarlo:
|
|
101
|
+
|
|
102
|
+
- Se la funzione target usa `ctx.auth.getUserIdentity()`, invia sempre `Authorization`.
|
|
103
|
+
- Se la funzione e service-only, `Authorization` puo essere omesso.
|
|
104
|
+
|
|
96
105
|
Body richiesto:
|
|
97
106
|
|
|
98
107
|
```json
|
|
@@ -109,6 +118,57 @@ Risposta:
|
|
|
109
118
|
|
|
110
119
|
Codici principali: `401`, `403`, `404`, `429`, `500`.
|
|
111
120
|
|
|
121
|
+
## User context cross-app (best practice)
|
|
122
|
+
|
|
123
|
+
Per usare Agent Bridge in app Convex con stack auth diversi, mantieni questo contratto:
|
|
124
|
+
|
|
125
|
+
1. **Service auth** (sempre): `X-Agent-Service-Id`, `X-Agent-Service-Key`, `X-Agent-App`
|
|
126
|
+
2. **User auth** (quando serve): `Authorization: Bearer <user-jwt>`
|
|
127
|
+
|
|
128
|
+
Token source comuni:
|
|
129
|
+
|
|
130
|
+
- `nextauth_convex`: leggi `session.convexToken` lato server
|
|
131
|
+
- `auth0`: usa access token Auth0 valido per Convex
|
|
132
|
+
- `custom_oidc`: usa token OIDC del provider dell'app
|
|
133
|
+
|
|
134
|
+
Il package include helper riusabili:
|
|
135
|
+
|
|
136
|
+
```ts
|
|
137
|
+
import {
|
|
138
|
+
buildAgentBridgeStrictHeaders,
|
|
139
|
+
createAuth0TokenAdapter,
|
|
140
|
+
createCustomOidcTokenAdapter,
|
|
141
|
+
createNextAuthConvexTokenAdapter,
|
|
142
|
+
resolveUserToken,
|
|
143
|
+
validateJwtClaims,
|
|
144
|
+
} from "@okrlinkhub/agent-bridge";
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
Esempio rapido:
|
|
148
|
+
|
|
149
|
+
```ts
|
|
150
|
+
const tokenAdapter = createNextAuthConvexTokenAdapter({
|
|
151
|
+
getSession: async () => session,
|
|
152
|
+
});
|
|
153
|
+
|
|
154
|
+
const userToken = await resolveUserToken(tokenAdapter);
|
|
155
|
+
const validation = userToken
|
|
156
|
+
? validateJwtClaims(userToken, { expectedAudience: "convex" })
|
|
157
|
+
: { valid: false };
|
|
158
|
+
|
|
159
|
+
const headers = buildAgentBridgeStrictHeaders({
|
|
160
|
+
serviceId: process.env.OPENCLAW_SERVICE_ID!,
|
|
161
|
+
serviceKey: process.env.OPENCLAW_SERVICE_KEY!,
|
|
162
|
+
appKey: "crm",
|
|
163
|
+
userToken: validation.valid ? userToken : null,
|
|
164
|
+
});
|
|
165
|
+
```
|
|
166
|
+
|
|
167
|
+
Note:
|
|
168
|
+
|
|
169
|
+
- `validateJwtClaims` controlla solo claim (`exp`, `iss`, `aud`) e non sostituisce la validazione crittografica di Convex.
|
|
170
|
+
- Non loggare mai token utente o service key.
|
|
171
|
+
|
|
112
172
|
## Setup OpenClaw multi-app (semplice su Railway)
|
|
113
173
|
|
|
114
174
|
Per piu istanze OpenClaw che gestiscono piu applicativi:
|
package/dist/client/index.d.ts
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import type { GenericDataModel, GenericMutationCtx, HttpRouter } from "convex/server";
|
|
2
2
|
import type { ComponentApi } from "../component/_generated/component.js";
|
|
3
|
+
export { buildAgentBridgeStrictHeaders, createAuth0TokenAdapter, createCustomOidcTokenAdapter, createNextAuthConvexTokenAdapter, decodeJwtClaims, resolveUserToken, validateJwtClaims, } from "./userAuth.js";
|
|
4
|
+
export type { AgentBridgeStrictHeadersInput, JwtClaimValidationOptions, JwtClaimValidationResult, JwtClaims, NextAuthSessionLike, TokenSource, TokenSourceAdapter, } from "./userAuth.js";
|
|
3
5
|
export type AgentBridgeFunctionType = "query" | "mutation" | "action";
|
|
4
6
|
type UnknownFunctionReference = unknown;
|
|
5
7
|
export interface AgentBridgeFunctionDefinition {
|
|
@@ -61,5 +63,4 @@ export declare function listConfiguredFunctions(config: AgentBridgeConfig): {
|
|
|
61
63
|
type: AgentBridgeFunctionType;
|
|
62
64
|
metadata: AgentBridgeFunctionMetadata | undefined;
|
|
63
65
|
}[];
|
|
64
|
-
export {};
|
|
65
66
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAEV,gBAAgB,EAChB,kBAAkB,EAClB,UAAU,EACX,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sCAAsC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAEV,gBAAgB,EAChB,kBAAkB,EAClB,UAAU,EACX,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sCAAsC,CAAC;AACzE,OAAO,EACL,6BAA6B,EAC7B,uBAAuB,EACvB,4BAA4B,EAC5B,gCAAgC,EAChC,eAAe,EACf,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,eAAe,CAAC;AACvB,YAAY,EACV,6BAA6B,EAC7B,yBAAyB,EACzB,wBAAwB,EACxB,SAAS,EACT,mBAAmB,EACnB,WAAW,EACX,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAEvB,MAAM,MAAM,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEtE,KAAK,wBAAwB,GAAG,OAAO,CAAC;AAExC,MAAM,WAAW,6BAA6B;IAC5C,GAAG,EAAE,wBAAwB,CAAC;IAC9B,IAAI,CAAC,EAAE,uBAAuB,CAAC;CAChC;AAED,MAAM,WAAW,2BAA2B;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CACf,MAAM,EACN,wBAAwB,GAAG,6BAA6B,CACzD,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAC;CACxD;AAED,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,iBAAiB,GACxB,iBAAiB,CAEnB;AAED,wBAAgB,mBAAmB,CAAC,MAAM,GAAE,MAAmB,GAAG,MAAM,CAEvE;AAED,wBAAgB,6BAA6B,CAC3C,MAAM,GAAE,MAAmB,GAC1B,MAAM,CAER;AAWD,KAAK,4BAA4B,GAAG;IAClC,GAAG,EAAE,wBAAwB,CAAC;IAC9B,IAAI,EAAE,uBAAuB,CAAC;IAC9B,QAAQ,CAAC,EAAE,2BAA2B,CAAC;CACxC,CAAC;AAEF,KAAK,2BAA2B,GAAG;IACjC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,4BAA4B,CAAC,CAAC;CACzD,CAAC;AAEF,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,wBAAwB,GAC9B,uBAAuB,GAAG,IAAI,CAiBhC;AAED,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,iBAAiB,GACxB,2BAA2B,CAsC7B;AAQD,KAAK,qBAAqB,GAAG;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,wBAAgB,cAAc,CAC5B,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,YAAY,EACvB,YAAY,EAAE,iBAAiB,EAC/B,OAAO,CAAC,EAAE,qBAAqB,QAwIhC;AAED,KAAK,cAAc,GAAG;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,OAAO,GAAG,MAAM,GAAG,cAAc,CAAC;IAC9C,eAAe,CAAC,EAAE;QAChB,eAAe,EAAE,MAAM,CAAC;QACxB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH,CAAC;AAEF,KAAK,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,EAAE,aAAa,CAAC,CAAC;AAE7E,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,WAAW,EAChB,SAAS,EAAE,YAAY,EACvB,IAAI,EAAE;IACJ,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,cAAc,EAAE,CAAC;IACxB,MAAM,EAAE,iBAAiB,CAAC;CAC3B,mBAQF;AAED,wBAAsB,oBAAoB,CACxC,GAAG,EAAE,WAAW,EAChB,SAAS,EAAE,YAAY,EACvB,IAAI,EAAE;IACJ,SAAS,EAAE,KAAK,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,OAAO,EAAE,OAAO,CAAC;QACjB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC,CAAC;IACH,MAAM,EAAE,iBAAiB,CAAC;CAC3B,mBAOF;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,iBAAiB;;;;IAShE"}
|
package/dist/client/index.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { httpActionGeneric } from "convex/server";
|
|
2
|
+
export { buildAgentBridgeStrictHeaders, createAuth0TokenAdapter, createCustomOidcTokenAdapter, createNextAuthConvexTokenAdapter, decodeJwtClaims, resolveUserToken, validateJwtClaims, } from "./userAuth.js";
|
|
2
3
|
export function defineAgentBridgeConfig(config) {
|
|
3
4
|
return config;
|
|
4
5
|
}
|
package/dist/client/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAgClD,MAAM,UAAU,uBAAuB,CACrC,MAAyB;IAEzB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,SAAiB,UAAU;IAC7D,OAAO,qBAAqB,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,6BAA6B,CAC3C,SAAiB,UAAU;IAE3B,OAAO,qBAAqB,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAc;IAC3C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SAC5B,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACjD,IAAI,CAAC,EAAE,CAAC,CAAC;IACZ,OAAO,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC;AAC9B,CAAC;AAYD,MAAM,UAAU,kBAAkB,CAChC,KAA+B;IAE/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,IAAI,KAAK,EAAE,CAAC;QACrB,MAAM,SAAS,GAAI,KAA6B,CAAC,KAAK,CAAC;QACvD,IACE,SAAS,KAAK,OAAO;YACrB,SAAS,KAAK,UAAU;YACxB,SAAS,KAAK,QAAQ,EACtB,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,MAAyB;IAEzB,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACzD,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,mBAAmB,GAAiD,EAAE,CAAC;IAC7E,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,iBAAiB,GACrB,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAK,KAAgB,CAAC;QACnE,MAAM,GAAG,GAAG,iBAAiB;YAC3B,CAAC,CAAE,KAAuC,CAAC,GAAG;YAC9C,CAAC,CAAC,KAAK,CAAC;QACV,MAAM,YAAY,GAAG,iBAAiB;YACpC,CAAC,CAAE,KAAuC,CAAC,IAAI;YAC/C,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,YAAY,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,YAAY,IAAI,YAAY,CAAC;QAClD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,oCAAoC,WAAW,yDAAyD,CACzG,CAAC;QACJ,CAAC;QAED,mBAAmB,CAAC,WAAW,CAAC,GAAG;YACjC,GAAG;YACH,IAAI,EAAE,YAAY;YAClB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC;AAC5C,CAAC;AAcD,MAAM,UAAU,cAAc,CAC5B,IAAgB,EAChB,SAAuB,EACvB,YAA+B,EAC/B,OAA+B;IAE/B,MAAM,MAAM,GAAG,OAAO,EAAE,UAAU,IAAI,QAAQ,CAAC;IAC/C,MAAM,qBAAqB,GAAG,4BAA4B,CAAC;QACzD,WAAW,EAAE,OAAO,EAAE,WAAW;QACjC,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,IAAI,gCAAgC;KAClF,CAAC,CAAC;IACH,MAAM,gBAAgB,GAAG,0BAA0B,CAAC,YAAY,CAAC,CAAC;IAClE,MAAM,qBAAqB,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAEtE,IAAI,CAAC,KAAK,CAAC;QACT,IAAI,EAAE,GAAG,MAAM,UAAU;QACzB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,iBAAiB,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAChD,IAAI,IAAwB,CAAC;YAC7B,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,YAAY,CACjB,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAC9C,GAAG,CACJ,CAAC;YACJ,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;YAC7C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,YAAY,CACjB,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,EAChE,GAAG,CACJ,CAAC;YACJ,CAAC;YAED,MAAM,WAAW,GAAG,gBAAgB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YAC5D,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,YAAY,CACjB,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,WAAW,aAAa,EAAE,EAChE,GAAG,CACJ,CAAC;YACJ,CAAC;YAED,MAAM,gBAAgB,GAAG,4BAA4B,CAAC;gBACpD,OAAO;gBACP,qBAAqB;aACtB,CAAC,CAAC;YACH,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;gBAC5B,OAAO,YAAY,CACjB,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,EAAE,EACjD,gBAAgB,CAAC,UAAU,CAC5B,CAAC;YACJ,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,iBAAiB,EAAE;gBAC5E,MAAM,EAAE,gBAAgB,CAAC,MAAM;gBAC/B,WAAW;gBACX,aAAa,EAAE,IAAI,CAAC,aAAa;aAClC,CAAC,CAAC;YAEH,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,YAAY,CAC3B,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,EAC3C,UAAU,CAAC,UAAU,CACtB,CAAC;gBACF,IAAI,UAAU,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAClC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,aAAa,EACb,MAAM,CAAC,UAAU,CAAC,iBAAiB,IAAI,IAAI,CAAC,CAC7C,CAAC;gBACJ,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;gBAC7B,IAAI,MAAe,CAAC;gBACpB,IAAI,WAAW,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBACjC,MAAM,GAAG,MAAM,GAAG,CAAC,QAAQ,CACzB,WAAW,CAAC,GAA8B,EAC1C,IAAI,CACL,CAAC;gBACJ,CAAC;qBAAM,IAAI,WAAW,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC3C,MAAM,GAAG,MAAM,GAAG,CAAC,WAAW,CAC5B,WAAW,CAAC,GAAiC,EAC7C,IAAI,CACL,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,CAC1B,WAAW,CAAC,GAA+B,EAC3C,IAAI,CACL,CAAC;gBACJ,CAAC;gBAED,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE;oBACjD,OAAO,EAAE,UAAU,CAAC,OAAgB;oBACpC,SAAS,EAAE,gBAAgB,CAAC,SAAS;oBACrC,WAAW;oBACX,IAAI;oBACJ,MAAM;oBACN,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;gBAEH,OAAO,YAAY,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAc,EAAE,CAAC;gBACxB,MAAM,YAAY,GAChB,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,SAAS,IAAI,KAAK;oBACtD,CAAC,CAAE,KAAK,CAAC,OAAkB;oBAC3B,CAAC,CAAC,eAAe,CAAC;gBAEtB,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE;oBACjD,OAAO,EAAE,UAAU,CAAC,OAAgB;oBACpC,SAAS,EAAE,gBAAgB,CAAC,SAAS;oBACrC,WAAW;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;oBACrB,KAAK,EAAE,YAAY;oBACnB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;gBAEH,OAAO,YAAY,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,GAAG,CAAC,CAAC;YACpE,CAAC;QACH,CAAC,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,KAAK,CAAC;QACT,IAAI,EAAE,GAAG,MAAM,YAAY;QAC3B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC,KAAK,IAAI,EAAE;YACpC,MAAM,SAAS,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;gBAC5D,WAAW;gBACX,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,IAAI;gBAClD,QAAQ,EAAE,gBAAgB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,QAAQ;aAC3D,CAAC,CAAC,CAAC;YACJ,OAAO,YAAY,CAAC,EAAE,SAAS,EAAE,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC,CAAC;KACH,CAAC,CAAC;AACL,CAAC;AAaD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAgB,EAChB,SAAuB,EACvB,IAIC;IAED,MAAM,qBAAqB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjE,OAAO,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,mBAAmB,EAAE;QACtE,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,qBAAqB;KACtB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,GAAgB,EAChB,SAAuB,EACvB,IAOC;IAED,MAAM,qBAAqB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjE,OAAO,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,oBAAoB,EAAE;QACvE,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,qBAAqB;KACtB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,MAAyB;IAC/D,MAAM,gBAAgB,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;IAC5D,OAAO,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,GAAG,CACnD,CAAC,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/B,WAAW;QACX,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,QAAQ,EAAE,WAAW,CAAC,QAAQ;KAC/B,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,IAAa,EAAE,MAAc;IACjD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,4BAA4B,CAAC,IAKrC;IAGC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,CAAC;IACzE,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO;SAC5C,GAAG,CAAC,qBAAqB,CAAC;QAC3B,EAAE,IAAI,EAAE,CAAC;IACX,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,CAAC;IAE/D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,6CAA6C;YACpD,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,8CAA8C;YACrD,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,sCAAsC;YAC7C,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,EAAE,EAAE,CAAC;QACnC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,IAAI,CAAC,qBAAqB,CAAC,KAAK;YACvC,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IAED,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;IACjF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,uBAAuB,SAAS,EAAE;YACzC,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IACD,IAAI,kBAAkB,KAAK,kBAAkB,EAAE,CAAC;QAC9C,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,qBAAqB;YAC5B,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,SAAS;QACT,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,YAAY,GAAI,UAA6D;SAChF,OAAO,CAAC;IACX,MAAM,KAAK,GAAG,YAAY,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;AAClD,CAAC;AAED,SAAS,4BAA4B,CAAC,IAGrC;IAGC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,OAAO,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACpD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,0FAA0F,IAAI,CAAC,iBAAiB,EAAE;SAC1H,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,mBAAmB,IAAI,CAAC,iBAAiB,EAAE;SACnD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,GAAG,IAAI,CAAC,iBAAiB,wDAAwD;SACzF,CAAC;IACJ,CAAC;IAED,OAAO,sBAAsB,CAAC,MAAiC,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,sBAAsB,CAC7B,KAA8B;IAE9B,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,YAAY,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,kCAAkC,YAAY,GAAG;aACzD,CAAC;QACJ,CAAC;QACD,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;YAC9B,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,8CAA8C;aACtD,CAAC;QACJ,CAAC;QACD,eAAe,CAAC,SAAS,CAAC,GAAG,UAAU,CAAC;IAC1C,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,6CAA6C;SACrD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;AACvC,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAQlD,OAAO,EACL,6BAA6B,EAC7B,uBAAuB,EACvB,4BAA4B,EAC5B,gCAAgC,EAChC,eAAe,EACf,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAkCvB,MAAM,UAAU,uBAAuB,CACrC,MAAyB;IAEzB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,SAAiB,UAAU;IAC7D,OAAO,qBAAqB,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,6BAA6B,CAC3C,SAAiB,UAAU;IAE3B,OAAO,qBAAqB,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAc;IAC3C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SAC5B,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACjD,IAAI,CAAC,EAAE,CAAC,CAAC;IACZ,OAAO,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC;AAC9B,CAAC;AAYD,MAAM,UAAU,kBAAkB,CAChC,KAA+B;IAE/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,IAAI,KAAK,EAAE,CAAC;QACrB,MAAM,SAAS,GAAI,KAA6B,CAAC,KAAK,CAAC;QACvD,IACE,SAAS,KAAK,OAAO;YACrB,SAAS,KAAK,UAAU;YACxB,SAAS,KAAK,QAAQ,EACtB,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,MAAyB;IAEzB,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACzD,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,mBAAmB,GAAiD,EAAE,CAAC;IAC7E,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,iBAAiB,GACrB,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAK,KAAgB,CAAC;QACnE,MAAM,GAAG,GAAG,iBAAiB;YAC3B,CAAC,CAAE,KAAuC,CAAC,GAAG;YAC9C,CAAC,CAAC,KAAK,CAAC;QACV,MAAM,YAAY,GAAG,iBAAiB;YACpC,CAAC,CAAE,KAAuC,CAAC,IAAI;YAC/C,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,YAAY,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,YAAY,IAAI,YAAY,CAAC;QAClD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,oCAAoC,WAAW,yDAAyD,CACzG,CAAC;QACJ,CAAC;QAED,mBAAmB,CAAC,WAAW,CAAC,GAAG;YACjC,GAAG;YACH,IAAI,EAAE,YAAY;YAClB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC;AAC5C,CAAC;AAcD,MAAM,UAAU,cAAc,CAC5B,IAAgB,EAChB,SAAuB,EACvB,YAA+B,EAC/B,OAA+B;IAE/B,MAAM,MAAM,GAAG,OAAO,EAAE,UAAU,IAAI,QAAQ,CAAC;IAC/C,MAAM,qBAAqB,GAAG,4BAA4B,CAAC;QACzD,WAAW,EAAE,OAAO,EAAE,WAAW;QACjC,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,IAAI,gCAAgC;KAClF,CAAC,CAAC;IACH,MAAM,gBAAgB,GAAG,0BAA0B,CAAC,YAAY,CAAC,CAAC;IAClE,MAAM,qBAAqB,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAEtE,IAAI,CAAC,KAAK,CAAC;QACT,IAAI,EAAE,GAAG,MAAM,UAAU;QACzB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,iBAAiB,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAChD,IAAI,IAAwB,CAAC;YAC7B,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,YAAY,CACjB,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAC9C,GAAG,CACJ,CAAC;YACJ,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;YAC7C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,YAAY,CACjB,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,EAChE,GAAG,CACJ,CAAC;YACJ,CAAC;YAED,MAAM,WAAW,GAAG,gBAAgB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YAC5D,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,YAAY,CACjB,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,WAAW,aAAa,EAAE,EAChE,GAAG,CACJ,CAAC;YACJ,CAAC;YAED,MAAM,gBAAgB,GAAG,4BAA4B,CAAC;gBACpD,OAAO;gBACP,qBAAqB;aACtB,CAAC,CAAC;YACH,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;gBAC5B,OAAO,YAAY,CACjB,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,EAAE,EACjD,gBAAgB,CAAC,UAAU,CAC5B,CAAC;YACJ,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,iBAAiB,EAAE;gBAC5E,MAAM,EAAE,gBAAgB,CAAC,MAAM;gBAC/B,WAAW;gBACX,aAAa,EAAE,IAAI,CAAC,aAAa;aAClC,CAAC,CAAC;YAEH,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,YAAY,CAC3B,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,EAC3C,UAAU,CAAC,UAAU,CACtB,CAAC;gBACF,IAAI,UAAU,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;oBAClC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,aAAa,EACb,MAAM,CAAC,UAAU,CAAC,iBAAiB,IAAI,IAAI,CAAC,CAC7C,CAAC;gBACJ,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;gBAC7B,IAAI,MAAe,CAAC;gBACpB,IAAI,WAAW,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBACjC,MAAM,GAAG,MAAM,GAAG,CAAC,QAAQ,CACzB,WAAW,CAAC,GAA8B,EAC1C,IAAI,CACL,CAAC;gBACJ,CAAC;qBAAM,IAAI,WAAW,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC3C,MAAM,GAAG,MAAM,GAAG,CAAC,WAAW,CAC5B,WAAW,CAAC,GAAiC,EAC7C,IAAI,CACL,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,CAC1B,WAAW,CAAC,GAA+B,EAC3C,IAAI,CACL,CAAC;gBACJ,CAAC;gBAED,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE;oBACjD,OAAO,EAAE,UAAU,CAAC,OAAgB;oBACpC,SAAS,EAAE,gBAAgB,CAAC,SAAS;oBACrC,WAAW;oBACX,IAAI;oBACJ,MAAM;oBACN,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;gBAEH,OAAO,YAAY,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAc,EAAE,CAAC;gBACxB,MAAM,YAAY,GAChB,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,SAAS,IAAI,KAAK;oBACtD,CAAC,CAAE,KAAK,CAAC,OAAkB;oBAC3B,CAAC,CAAC,eAAe,CAAC;gBAEtB,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE;oBACjD,OAAO,EAAE,UAAU,CAAC,OAAgB;oBACpC,SAAS,EAAE,gBAAgB,CAAC,SAAS;oBACrC,WAAW;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;oBACrB,KAAK,EAAE,YAAY;oBACnB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;oBAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;gBAEH,OAAO,YAAY,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,GAAG,CAAC,CAAC;YACpE,CAAC;QACH,CAAC,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,KAAK,CAAC;QACT,IAAI,EAAE,GAAG,MAAM,YAAY;QAC3B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,iBAAiB,CAAC,KAAK,IAAI,EAAE;YACpC,MAAM,SAAS,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;gBAC5D,WAAW;gBACX,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,IAAI;gBAClD,QAAQ,EAAE,gBAAgB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,QAAQ;aAC3D,CAAC,CAAC,CAAC;YACJ,OAAO,YAAY,CAAC,EAAE,SAAS,EAAE,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC,CAAC;KACH,CAAC,CAAC;AACL,CAAC;AAaD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAgB,EAChB,SAAuB,EACvB,IAIC;IAED,MAAM,qBAAqB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjE,OAAO,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,mBAAmB,EAAE;QACtE,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,qBAAqB;KACtB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,GAAgB,EAChB,SAAuB,EACvB,IAOC;IAED,MAAM,qBAAqB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjE,OAAO,MAAM,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,oBAAoB,EAAE;QACvE,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,qBAAqB;KACtB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,MAAyB;IAC/D,MAAM,gBAAgB,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;IAC5D,OAAO,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,GAAG,CACnD,CAAC,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/B,WAAW;QACX,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,QAAQ,EAAE,WAAW,CAAC,QAAQ;KAC/B,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,IAAa,EAAE,MAAc;IACjD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,4BAA4B,CAAC,IAKrC;IAGC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,CAAC;IACzE,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO;SAC5C,GAAG,CAAC,qBAAqB,CAAC;QAC3B,EAAE,IAAI,EAAE,CAAC;IACX,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,CAAC;IAE/D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,6CAA6C;YACpD,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,8CAA8C;YACrD,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,sCAAsC;YAC7C,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,EAAE,EAAE,CAAC;QACnC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,IAAI,CAAC,qBAAqB,CAAC,KAAK;YACvC,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IAED,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;IACjF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,uBAAuB,SAAS,EAAE;YACzC,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IACD,IAAI,kBAAkB,KAAK,kBAAkB,EAAE,CAAC;QAC9C,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,qBAAqB;YAC5B,UAAU,EAAE,GAAG;SAChB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,SAAS;QACT,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,YAAY,GAAI,UAA6D;SAChF,OAAO,CAAC;IACX,MAAM,KAAK,GAAG,YAAY,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;AAClD,CAAC;AAED,SAAS,4BAA4B,CAAC,IAGrC;IAGC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,OAAO,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACpD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,0FAA0F,IAAI,CAAC,iBAAiB,EAAE;SAC1H,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,mBAAmB,IAAI,CAAC,iBAAiB,EAAE;SACnD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,GAAG,IAAI,CAAC,iBAAiB,wDAAwD;SACzF,CAAC;IACJ,CAAC;IAED,OAAO,sBAAsB,CAAC,MAAiC,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,sBAAsB,CAC7B,KAA8B;IAE9B,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,YAAY,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,kCAAkC,YAAY,GAAG;aACzD,CAAC;QACJ,CAAC;QACD,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;YAC9B,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,8CAA8C;aACtD,CAAC;QACJ,CAAC;QACD,eAAe,CAAC,SAAS,CAAC,GAAG,UAAU,CAAC;IAC1C,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,6CAA6C;SACrD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;AACvC,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
export type TokenSource = "nextauth_convex" | "auth0" | "custom_oidc";
|
|
2
|
+
export type JwtAudience = string | Array<string>;
|
|
3
|
+
export interface JwtClaims {
|
|
4
|
+
sub?: string;
|
|
5
|
+
iss?: string;
|
|
6
|
+
aud?: JwtAudience;
|
|
7
|
+
exp?: number;
|
|
8
|
+
[key: string]: unknown;
|
|
9
|
+
}
|
|
10
|
+
export interface JwtClaimValidationOptions {
|
|
11
|
+
expectedIssuer?: string;
|
|
12
|
+
expectedAudience?: string;
|
|
13
|
+
nowMs?: number;
|
|
14
|
+
}
|
|
15
|
+
export interface JwtClaimValidationResult {
|
|
16
|
+
valid: boolean;
|
|
17
|
+
reason?: "malformed_token" | "expired" | "issuer_mismatch" | "audience_mismatch";
|
|
18
|
+
claims: JwtClaims | null;
|
|
19
|
+
}
|
|
20
|
+
export interface AgentBridgeStrictHeadersInput {
|
|
21
|
+
serviceId: string;
|
|
22
|
+
serviceKey: string;
|
|
23
|
+
appKey: string;
|
|
24
|
+
userToken?: string | null;
|
|
25
|
+
}
|
|
26
|
+
export interface NextAuthSessionLike {
|
|
27
|
+
convexToken?: string | null;
|
|
28
|
+
}
|
|
29
|
+
export type UserTokenResolver = () => Promise<string | null>;
|
|
30
|
+
export interface TokenSourceAdapter {
|
|
31
|
+
tokenSource: TokenSource;
|
|
32
|
+
resolveUserToken: UserTokenResolver;
|
|
33
|
+
}
|
|
34
|
+
export declare function buildAgentBridgeStrictHeaders(input: AgentBridgeStrictHeadersInput): Record<string, string>;
|
|
35
|
+
export declare function decodeJwtClaims(token: string): JwtClaims | null;
|
|
36
|
+
export declare function validateJwtClaims(token: string, options?: JwtClaimValidationOptions): JwtClaimValidationResult;
|
|
37
|
+
export declare function createNextAuthConvexTokenAdapter(args: {
|
|
38
|
+
getSession: () => Promise<NextAuthSessionLike | null | undefined>;
|
|
39
|
+
}): TokenSourceAdapter;
|
|
40
|
+
export declare function createAuth0TokenAdapter(args: {
|
|
41
|
+
getAccessToken: () => Promise<string | null | undefined>;
|
|
42
|
+
}): TokenSourceAdapter;
|
|
43
|
+
export declare function createCustomOidcTokenAdapter(args: {
|
|
44
|
+
getToken: () => Promise<string | null | undefined>;
|
|
45
|
+
}): TokenSourceAdapter;
|
|
46
|
+
export declare function resolveUserToken(adapter: TokenSourceAdapter): Promise<string | null>;
|
|
47
|
+
//# sourceMappingURL=userAuth.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"userAuth.d.ts","sourceRoot":"","sources":["../../src/client/userAuth.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,GAAG,iBAAiB,GAAG,OAAO,GAAG,aAAa,CAAC;AAEtE,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;AAEjD,MAAM,WAAW,SAAS;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,WAAW,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,yBAAyB;IACxC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,iBAAiB,GAAG,SAAS,GAAG,iBAAiB,GAAG,mBAAmB,CAAC;IACjF,MAAM,EAAE,SAAS,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,6BAA6B;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;AAE7D,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,WAAW,CAAC;IACzB,gBAAgB,EAAE,iBAAiB,CAAC;CACrC;AAED,wBAAgB,6BAA6B,CAC3C,KAAK,EAAE,6BAA6B,GACnC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAaxB;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,CAa/D;AAED,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,yBAAyB,GAClC,wBAAwB,CAiD1B;AAED,wBAAgB,gCAAgC,CAAC,IAAI,EAAE;IACrD,UAAU,EAAE,MAAM,OAAO,CAAC,mBAAmB,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;CACnE,GAAG,kBAAkB,CAYrB;AAED,wBAAgB,uBAAuB,CAAC,IAAI,EAAE;IAC5C,cAAc,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;CAC1D,GAAG,kBAAkB,CAWrB;AAED,wBAAgB,4BAA4B,CAAC,IAAI,EAAE;IACjD,QAAQ,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;CACpD,GAAG,kBAAkB,CAWrB;AAED,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAExB"}
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
export function buildAgentBridgeStrictHeaders(input) {
|
|
2
|
+
const headers = {
|
|
3
|
+
"Content-Type": "application/json",
|
|
4
|
+
"X-Agent-Service-Id": input.serviceId,
|
|
5
|
+
"X-Agent-Service-Key": input.serviceKey,
|
|
6
|
+
"X-Agent-App": input.appKey,
|
|
7
|
+
};
|
|
8
|
+
if (input.userToken) {
|
|
9
|
+
headers.Authorization = `Bearer ${input.userToken}`;
|
|
10
|
+
}
|
|
11
|
+
return headers;
|
|
12
|
+
}
|
|
13
|
+
export function decodeJwtClaims(token) {
|
|
14
|
+
const parts = token.split(".");
|
|
15
|
+
if (parts.length !== 3 || !parts[1]) {
|
|
16
|
+
return null;
|
|
17
|
+
}
|
|
18
|
+
try {
|
|
19
|
+
const payload = decodeBase64Url(parts[1]);
|
|
20
|
+
const claims = JSON.parse(payload);
|
|
21
|
+
return claims;
|
|
22
|
+
}
|
|
23
|
+
catch {
|
|
24
|
+
return null;
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
export function validateJwtClaims(token, options) {
|
|
28
|
+
const claims = decodeJwtClaims(token);
|
|
29
|
+
if (!claims) {
|
|
30
|
+
return {
|
|
31
|
+
valid: false,
|
|
32
|
+
reason: "malformed_token",
|
|
33
|
+
claims: null,
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
const nowMs = options?.nowMs ?? Date.now();
|
|
37
|
+
if (typeof claims.exp === "number") {
|
|
38
|
+
const expiresAtMs = claims.exp * 1000;
|
|
39
|
+
if (expiresAtMs <= nowMs) {
|
|
40
|
+
return {
|
|
41
|
+
valid: false,
|
|
42
|
+
reason: "expired",
|
|
43
|
+
claims,
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
if (options?.expectedIssuer && claims.iss !== options.expectedIssuer) {
|
|
48
|
+
return {
|
|
49
|
+
valid: false,
|
|
50
|
+
reason: "issuer_mismatch",
|
|
51
|
+
claims,
|
|
52
|
+
};
|
|
53
|
+
}
|
|
54
|
+
if (options?.expectedAudience) {
|
|
55
|
+
const audience = claims.aud;
|
|
56
|
+
const hasAudienceMatch = Array.isArray(audience)
|
|
57
|
+
? audience.includes(options.expectedAudience)
|
|
58
|
+
: audience === options.expectedAudience;
|
|
59
|
+
if (!hasAudienceMatch) {
|
|
60
|
+
return {
|
|
61
|
+
valid: false,
|
|
62
|
+
reason: "audience_mismatch",
|
|
63
|
+
claims,
|
|
64
|
+
};
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
return {
|
|
68
|
+
valid: true,
|
|
69
|
+
claims,
|
|
70
|
+
};
|
|
71
|
+
}
|
|
72
|
+
export function createNextAuthConvexTokenAdapter(args) {
|
|
73
|
+
return {
|
|
74
|
+
tokenSource: "nextauth_convex",
|
|
75
|
+
resolveUserToken: async () => {
|
|
76
|
+
const session = await args.getSession();
|
|
77
|
+
const token = session?.convexToken;
|
|
78
|
+
if (typeof token !== "string" || token.trim().length === 0) {
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
return token;
|
|
82
|
+
},
|
|
83
|
+
};
|
|
84
|
+
}
|
|
85
|
+
export function createAuth0TokenAdapter(args) {
|
|
86
|
+
return {
|
|
87
|
+
tokenSource: "auth0",
|
|
88
|
+
resolveUserToken: async () => {
|
|
89
|
+
const token = await args.getAccessToken();
|
|
90
|
+
if (typeof token !== "string" || token.trim().length === 0) {
|
|
91
|
+
return null;
|
|
92
|
+
}
|
|
93
|
+
return token;
|
|
94
|
+
},
|
|
95
|
+
};
|
|
96
|
+
}
|
|
97
|
+
export function createCustomOidcTokenAdapter(args) {
|
|
98
|
+
return {
|
|
99
|
+
tokenSource: "custom_oidc",
|
|
100
|
+
resolveUserToken: async () => {
|
|
101
|
+
const token = await args.getToken();
|
|
102
|
+
if (typeof token !== "string" || token.trim().length === 0) {
|
|
103
|
+
return null;
|
|
104
|
+
}
|
|
105
|
+
return token;
|
|
106
|
+
},
|
|
107
|
+
};
|
|
108
|
+
}
|
|
109
|
+
export async function resolveUserToken(adapter) {
|
|
110
|
+
return await adapter.resolveUserToken();
|
|
111
|
+
}
|
|
112
|
+
function decodeBase64Url(value) {
|
|
113
|
+
const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
|
|
114
|
+
const paddingLength = (4 - (normalized.length % 4)) % 4;
|
|
115
|
+
const padded = normalized + "=".repeat(paddingLength);
|
|
116
|
+
if (typeof atob === "function") {
|
|
117
|
+
return atob(padded);
|
|
118
|
+
}
|
|
119
|
+
const buffer = Buffer.from(padded, "base64");
|
|
120
|
+
return buffer.toString("utf-8");
|
|
121
|
+
}
|
|
122
|
+
//# sourceMappingURL=userAuth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"userAuth.js","sourceRoot":"","sources":["../../src/client/userAuth.ts"],"names":[],"mappings":"AA0CA,MAAM,UAAU,6BAA6B,CAC3C,KAAoC;IAEpC,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;QAClC,oBAAoB,EAAE,KAAK,CAAC,SAAS;QACrC,qBAAqB,EAAE,KAAK,CAAC,UAAU;QACvC,aAAa,EAAE,KAAK,CAAC,MAAM;KAC5B,CAAC;IAEF,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACpB,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,CAAC,SAAS,EAAE,CAAC;IACtD,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAc,CAAC;QAChD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAAa,EACb,OAAmC;IAEnC,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,iBAAiB;YACzB,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IAC3C,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC;QACtC,IAAI,WAAW,IAAI,KAAK,EAAE,CAAC;YACzB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,SAAS;gBACjB,MAAM;aACP,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,OAAO,EAAE,cAAc,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO,CAAC,cAAc,EAAE,CAAC;QACrE,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,iBAAiB;YACzB,MAAM;SACP,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,EAAE,gBAAgB,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC;QAC5B,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC9C,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC;YAC7C,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,gBAAgB,CAAC;QAE1C,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,mBAAmB;gBAC3B,MAAM;aACP,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,MAAM;KACP,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gCAAgC,CAAC,IAEhD;IACC,OAAO;QACL,WAAW,EAAE,iBAAiB;QAC9B,gBAAgB,EAAE,KAAK,IAAI,EAAE;YAC3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,OAAO,EAAE,WAAW,CAAC;YACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,IAEvC;IACC,OAAO;QACL,WAAW,EAAE,OAAO;QACpB,gBAAgB,EAAE,KAAK,IAAI,EAAE;YAC3B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAC1C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,IAE5C;IACC,OAAO;QACL,WAAW,EAAE,aAAa;QAC1B,gBAAgB,EAAE,KAAK,IAAI,EAAE;YAC3B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAA2B;IAE3B,OAAO,MAAM,OAAO,CAAC,gBAAgB,EAAE,CAAC;AAC1C,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC/D,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,MAAM,GAAG,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEtD,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7C,OAAO,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC"}
|
|
@@ -2,8 +2,8 @@ export declare const createAgent: import("convex/server").RegisteredMutation<"pu
|
|
|
2
2
|
appKey?: string | undefined;
|
|
3
3
|
enabled?: boolean | undefined;
|
|
4
4
|
rateLimit?: number | undefined;
|
|
5
|
-
name: string;
|
|
6
5
|
apiKey: string;
|
|
6
|
+
name: string;
|
|
7
7
|
}, Promise<{
|
|
8
8
|
agentId: import("convex/values").GenericId<"agents">;
|
|
9
9
|
}>>;
|
|
@@ -12,9 +12,9 @@ export declare const rotateApiKey: import("convex/server").RegisteredMutation<"p
|
|
|
12
12
|
newApiKey: string;
|
|
13
13
|
}, Promise<null>>;
|
|
14
14
|
export declare const updateAgent: import("convex/server").RegisteredMutation<"public", {
|
|
15
|
-
name?: string | undefined;
|
|
16
15
|
appKey?: string | undefined;
|
|
17
16
|
enabled?: boolean | undefined;
|
|
17
|
+
name?: string | undefined;
|
|
18
18
|
rateLimit?: number | undefined;
|
|
19
19
|
agentId: import("convex/values").GenericId<"agents">;
|
|
20
20
|
}, Promise<null>>;
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
export declare const setAgentPermissions: import("convex/server").RegisteredMutation<"public", {
|
|
2
2
|
agentId: import("convex/values").GenericId<"agents">;
|
|
3
|
+
availableFunctionKeys: string[];
|
|
3
4
|
rules: {
|
|
4
5
|
rateLimitConfig?: {
|
|
5
6
|
tokenBudget?: number | undefined;
|
|
@@ -8,7 +9,6 @@ export declare const setAgentPermissions: import("convex/server").RegisteredMuta
|
|
|
8
9
|
permission: "allow" | "deny" | "rate_limited";
|
|
9
10
|
pattern: string;
|
|
10
11
|
}[];
|
|
11
|
-
availableFunctionKeys: string[];
|
|
12
12
|
}, Promise<number>>;
|
|
13
13
|
export declare const listAgentPermissions: import("convex/server").RegisteredQuery<"public", {
|
|
14
14
|
agentId: import("convex/values").GenericId<"agents">;
|
|
@@ -2,10 +2,10 @@ declare const _default: import("convex/server").SchemaDefinition<{
|
|
|
2
2
|
agents: import("convex/server").TableDefinition<import("convex/values").VObject<{
|
|
3
3
|
appKey?: string | undefined;
|
|
4
4
|
lastUsed?: number | undefined;
|
|
5
|
-
name: string;
|
|
6
|
-
apiKeyHash: string;
|
|
7
5
|
enabled: boolean;
|
|
6
|
+
name: string;
|
|
8
7
|
rateLimit: number;
|
|
8
|
+
apiKeyHash: string;
|
|
9
9
|
createdAt: number;
|
|
10
10
|
}, {
|
|
11
11
|
name: import("convex/values").VString<string, "required">;
|
|
@@ -15,7 +15,7 @@ declare const _default: import("convex/server").SchemaDefinition<{
|
|
|
15
15
|
rateLimit: import("convex/values").VFloat64<number, "required">;
|
|
16
16
|
lastUsed: import("convex/values").VFloat64<number | undefined, "optional">;
|
|
17
17
|
createdAt: import("convex/values").VFloat64<number, "required">;
|
|
18
|
-
}, "required", "
|
|
18
|
+
}, "required", "appKey" | "enabled" | "name" | "rateLimit" | "apiKeyHash" | "lastUsed" | "createdAt">, {
|
|
19
19
|
by_apiKeyHash: ["apiKeyHash", "_creationTime"];
|
|
20
20
|
by_appKey: ["appKey", "_creationTime"];
|
|
21
21
|
by_enabled: ["enabled", "_creationTime"];
|
|
@@ -56,9 +56,9 @@ declare const _default: import("convex/server").SchemaDefinition<{
|
|
|
56
56
|
by_key: ["key", "_creationTime"];
|
|
57
57
|
}, {}, {}>;
|
|
58
58
|
agentLogs: import("convex/server").TableDefinition<import("convex/values").VObject<{
|
|
59
|
-
serviceId?: string | undefined;
|
|
60
|
-
result?: any;
|
|
61
59
|
error?: string | undefined;
|
|
60
|
+
result?: any;
|
|
61
|
+
serviceId?: string | undefined;
|
|
62
62
|
agentId: import("convex/values").GenericId<"agents">;
|
|
63
63
|
functionKey: string;
|
|
64
64
|
args: any;
|
|
@@ -73,7 +73,7 @@ declare const _default: import("convex/server").SchemaDefinition<{
|
|
|
73
73
|
error: import("convex/values").VString<string | undefined, "optional">;
|
|
74
74
|
duration: import("convex/values").VFloat64<number, "required">;
|
|
75
75
|
timestamp: import("convex/values").VFloat64<number, "required">;
|
|
76
|
-
}, "required", "agentId" | "
|
|
76
|
+
}, "required", "agentId" | "functionKey" | "args" | "duration" | "error" | "result" | "serviceId" | "timestamp" | `args.${string}` | `result.${string}`>, {
|
|
77
77
|
by_agentId_and_timestamp: ["agentId", "timestamp", "_creationTime"];
|
|
78
78
|
by_serviceId_and_timestamp: ["serviceId", "timestamp", "_creationTime"];
|
|
79
79
|
by_functionKey: ["functionKey", "_creationTime"];
|
package/package.json
CHANGED
package/src/client/index.ts
CHANGED
|
@@ -6,6 +6,24 @@ import type {
|
|
|
6
6
|
HttpRouter,
|
|
7
7
|
} from "convex/server";
|
|
8
8
|
import type { ComponentApi } from "../component/_generated/component.js";
|
|
9
|
+
export {
|
|
10
|
+
buildAgentBridgeStrictHeaders,
|
|
11
|
+
createAuth0TokenAdapter,
|
|
12
|
+
createCustomOidcTokenAdapter,
|
|
13
|
+
createNextAuthConvexTokenAdapter,
|
|
14
|
+
decodeJwtClaims,
|
|
15
|
+
resolveUserToken,
|
|
16
|
+
validateJwtClaims,
|
|
17
|
+
} from "./userAuth.js";
|
|
18
|
+
export type {
|
|
19
|
+
AgentBridgeStrictHeadersInput,
|
|
20
|
+
JwtClaimValidationOptions,
|
|
21
|
+
JwtClaimValidationResult,
|
|
22
|
+
JwtClaims,
|
|
23
|
+
NextAuthSessionLike,
|
|
24
|
+
TokenSource,
|
|
25
|
+
TokenSourceAdapter,
|
|
26
|
+
} from "./userAuth.js";
|
|
9
27
|
|
|
10
28
|
export type AgentBridgeFunctionType = "query" | "mutation" | "action";
|
|
11
29
|
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
import { describe, expect, test } from "vitest";
|
|
2
|
+
import {
|
|
3
|
+
buildAgentBridgeStrictHeaders,
|
|
4
|
+
createAuth0TokenAdapter,
|
|
5
|
+
createCustomOidcTokenAdapter,
|
|
6
|
+
createNextAuthConvexTokenAdapter,
|
|
7
|
+
decodeJwtClaims,
|
|
8
|
+
resolveUserToken,
|
|
9
|
+
validateJwtClaims,
|
|
10
|
+
} from "./userAuth.js";
|
|
11
|
+
|
|
12
|
+
const TEST_JWT =
|
|
13
|
+
"eyJhbGciOiJub25lIn0.eyJzdWIiOiJ1c2VyXzEyMyIsImlzcyI6Imh0dHBzOi8vZGVtby5jb252ZXguc2l0ZSIsImF1ZCI6ImNvbnZleCIsImV4cCI6NDA3MDkwODgwMH0.";
|
|
14
|
+
|
|
15
|
+
describe("user auth helpers", () => {
|
|
16
|
+
test("builds strict headers and includes bearer when provided", () => {
|
|
17
|
+
const headers = buildAgentBridgeStrictHeaders({
|
|
18
|
+
serviceId: "openclaw-prod",
|
|
19
|
+
serviceKey: "abs_live_example",
|
|
20
|
+
appKey: "crm",
|
|
21
|
+
userToken: "jwt_token",
|
|
22
|
+
});
|
|
23
|
+
|
|
24
|
+
expect(headers["X-Agent-Service-Id"]).toBe("openclaw-prod");
|
|
25
|
+
expect(headers["X-Agent-Service-Key"]).toBe("abs_live_example");
|
|
26
|
+
expect(headers["X-Agent-App"]).toBe("crm");
|
|
27
|
+
expect(headers.Authorization).toBe("Bearer jwt_token");
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
test("decodes jwt claims", () => {
|
|
31
|
+
const claims = decodeJwtClaims(TEST_JWT);
|
|
32
|
+
expect(claims?.sub).toBe("user_123");
|
|
33
|
+
expect(claims?.iss).toBe("https://demo.convex.site");
|
|
34
|
+
expect(claims?.aud).toBe("convex");
|
|
35
|
+
});
|
|
36
|
+
|
|
37
|
+
test("validates jwt claims with issuer and audience", () => {
|
|
38
|
+
const validation = validateJwtClaims(TEST_JWT, {
|
|
39
|
+
expectedIssuer: "https://demo.convex.site",
|
|
40
|
+
expectedAudience: "convex",
|
|
41
|
+
nowMs: Date.UTC(2026, 0, 1),
|
|
42
|
+
});
|
|
43
|
+
expect(validation.valid).toBe(true);
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
test("fails when jwt is expired", () => {
|
|
47
|
+
const expired = validateJwtClaims(TEST_JWT, {
|
|
48
|
+
nowMs: Date.UTC(2100, 0, 1),
|
|
49
|
+
});
|
|
50
|
+
expect(expired.valid).toBe(false);
|
|
51
|
+
expect(expired.reason).toBe("expired");
|
|
52
|
+
});
|
|
53
|
+
|
|
54
|
+
test("resolves nextauth convex token", async () => {
|
|
55
|
+
const adapter = createNextAuthConvexTokenAdapter({
|
|
56
|
+
getSession: async () => ({ convexToken: "convex_jwt" }),
|
|
57
|
+
});
|
|
58
|
+
const token = await resolveUserToken(adapter);
|
|
59
|
+
expect(token).toBe("convex_jwt");
|
|
60
|
+
});
|
|
61
|
+
|
|
62
|
+
test("resolves auth0 token", async () => {
|
|
63
|
+
const adapter = createAuth0TokenAdapter({
|
|
64
|
+
getAccessToken: async () => "auth0_jwt",
|
|
65
|
+
});
|
|
66
|
+
const token = await resolveUserToken(adapter);
|
|
67
|
+
expect(token).toBe("auth0_jwt");
|
|
68
|
+
});
|
|
69
|
+
|
|
70
|
+
test("resolves custom oidc token", async () => {
|
|
71
|
+
const adapter = createCustomOidcTokenAdapter({
|
|
72
|
+
getToken: async () => "oidc_jwt",
|
|
73
|
+
});
|
|
74
|
+
const token = await resolveUserToken(adapter);
|
|
75
|
+
expect(token).toBe("oidc_jwt");
|
|
76
|
+
});
|
|
77
|
+
});
|
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
export type TokenSource = "nextauth_convex" | "auth0" | "custom_oidc";
|
|
2
|
+
|
|
3
|
+
export type JwtAudience = string | Array<string>;
|
|
4
|
+
|
|
5
|
+
export interface JwtClaims {
|
|
6
|
+
sub?: string;
|
|
7
|
+
iss?: string;
|
|
8
|
+
aud?: JwtAudience;
|
|
9
|
+
exp?: number;
|
|
10
|
+
[key: string]: unknown;
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
export interface JwtClaimValidationOptions {
|
|
14
|
+
expectedIssuer?: string;
|
|
15
|
+
expectedAudience?: string;
|
|
16
|
+
nowMs?: number;
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
export interface JwtClaimValidationResult {
|
|
20
|
+
valid: boolean;
|
|
21
|
+
reason?: "malformed_token" | "expired" | "issuer_mismatch" | "audience_mismatch";
|
|
22
|
+
claims: JwtClaims | null;
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
export interface AgentBridgeStrictHeadersInput {
|
|
26
|
+
serviceId: string;
|
|
27
|
+
serviceKey: string;
|
|
28
|
+
appKey: string;
|
|
29
|
+
userToken?: string | null;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
export interface NextAuthSessionLike {
|
|
33
|
+
convexToken?: string | null;
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
export type UserTokenResolver = () => Promise<string | null>;
|
|
37
|
+
|
|
38
|
+
export interface TokenSourceAdapter {
|
|
39
|
+
tokenSource: TokenSource;
|
|
40
|
+
resolveUserToken: UserTokenResolver;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
export function buildAgentBridgeStrictHeaders(
|
|
44
|
+
input: AgentBridgeStrictHeadersInput,
|
|
45
|
+
): Record<string, string> {
|
|
46
|
+
const headers: Record<string, string> = {
|
|
47
|
+
"Content-Type": "application/json",
|
|
48
|
+
"X-Agent-Service-Id": input.serviceId,
|
|
49
|
+
"X-Agent-Service-Key": input.serviceKey,
|
|
50
|
+
"X-Agent-App": input.appKey,
|
|
51
|
+
};
|
|
52
|
+
|
|
53
|
+
if (input.userToken) {
|
|
54
|
+
headers.Authorization = `Bearer ${input.userToken}`;
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
return headers;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
export function decodeJwtClaims(token: string): JwtClaims | null {
|
|
61
|
+
const parts = token.split(".");
|
|
62
|
+
if (parts.length !== 3 || !parts[1]) {
|
|
63
|
+
return null;
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
try {
|
|
67
|
+
const payload = decodeBase64Url(parts[1]);
|
|
68
|
+
const claims = JSON.parse(payload) as JwtClaims;
|
|
69
|
+
return claims;
|
|
70
|
+
} catch {
|
|
71
|
+
return null;
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
export function validateJwtClaims(
|
|
76
|
+
token: string,
|
|
77
|
+
options?: JwtClaimValidationOptions,
|
|
78
|
+
): JwtClaimValidationResult {
|
|
79
|
+
const claims = decodeJwtClaims(token);
|
|
80
|
+
if (!claims) {
|
|
81
|
+
return {
|
|
82
|
+
valid: false,
|
|
83
|
+
reason: "malformed_token",
|
|
84
|
+
claims: null,
|
|
85
|
+
};
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
const nowMs = options?.nowMs ?? Date.now();
|
|
89
|
+
if (typeof claims.exp === "number") {
|
|
90
|
+
const expiresAtMs = claims.exp * 1000;
|
|
91
|
+
if (expiresAtMs <= nowMs) {
|
|
92
|
+
return {
|
|
93
|
+
valid: false,
|
|
94
|
+
reason: "expired",
|
|
95
|
+
claims,
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
if (options?.expectedIssuer && claims.iss !== options.expectedIssuer) {
|
|
101
|
+
return {
|
|
102
|
+
valid: false,
|
|
103
|
+
reason: "issuer_mismatch",
|
|
104
|
+
claims,
|
|
105
|
+
};
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
if (options?.expectedAudience) {
|
|
109
|
+
const audience = claims.aud;
|
|
110
|
+
const hasAudienceMatch = Array.isArray(audience)
|
|
111
|
+
? audience.includes(options.expectedAudience)
|
|
112
|
+
: audience === options.expectedAudience;
|
|
113
|
+
|
|
114
|
+
if (!hasAudienceMatch) {
|
|
115
|
+
return {
|
|
116
|
+
valid: false,
|
|
117
|
+
reason: "audience_mismatch",
|
|
118
|
+
claims,
|
|
119
|
+
};
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
|
|
123
|
+
return {
|
|
124
|
+
valid: true,
|
|
125
|
+
claims,
|
|
126
|
+
};
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
export function createNextAuthConvexTokenAdapter(args: {
|
|
130
|
+
getSession: () => Promise<NextAuthSessionLike | null | undefined>;
|
|
131
|
+
}): TokenSourceAdapter {
|
|
132
|
+
return {
|
|
133
|
+
tokenSource: "nextauth_convex",
|
|
134
|
+
resolveUserToken: async () => {
|
|
135
|
+
const session = await args.getSession();
|
|
136
|
+
const token = session?.convexToken;
|
|
137
|
+
if (typeof token !== "string" || token.trim().length === 0) {
|
|
138
|
+
return null;
|
|
139
|
+
}
|
|
140
|
+
return token;
|
|
141
|
+
},
|
|
142
|
+
};
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
export function createAuth0TokenAdapter(args: {
|
|
146
|
+
getAccessToken: () => Promise<string | null | undefined>;
|
|
147
|
+
}): TokenSourceAdapter {
|
|
148
|
+
return {
|
|
149
|
+
tokenSource: "auth0",
|
|
150
|
+
resolveUserToken: async () => {
|
|
151
|
+
const token = await args.getAccessToken();
|
|
152
|
+
if (typeof token !== "string" || token.trim().length === 0) {
|
|
153
|
+
return null;
|
|
154
|
+
}
|
|
155
|
+
return token;
|
|
156
|
+
},
|
|
157
|
+
};
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
export function createCustomOidcTokenAdapter(args: {
|
|
161
|
+
getToken: () => Promise<string | null | undefined>;
|
|
162
|
+
}): TokenSourceAdapter {
|
|
163
|
+
return {
|
|
164
|
+
tokenSource: "custom_oidc",
|
|
165
|
+
resolveUserToken: async () => {
|
|
166
|
+
const token = await args.getToken();
|
|
167
|
+
if (typeof token !== "string" || token.trim().length === 0) {
|
|
168
|
+
return null;
|
|
169
|
+
}
|
|
170
|
+
return token;
|
|
171
|
+
},
|
|
172
|
+
};
|
|
173
|
+
}
|
|
174
|
+
|
|
175
|
+
export async function resolveUserToken(
|
|
176
|
+
adapter: TokenSourceAdapter,
|
|
177
|
+
): Promise<string | null> {
|
|
178
|
+
return await adapter.resolveUserToken();
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
function decodeBase64Url(value: string): string {
|
|
182
|
+
const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
|
|
183
|
+
const paddingLength = (4 - (normalized.length % 4)) % 4;
|
|
184
|
+
const padded = normalized + "=".repeat(paddingLength);
|
|
185
|
+
|
|
186
|
+
if (typeof atob === "function") {
|
|
187
|
+
return atob(padded);
|
|
188
|
+
}
|
|
189
|
+
|
|
190
|
+
const buffer = Buffer.from(padded, "base64");
|
|
191
|
+
return buffer.toString("utf-8");
|
|
192
|
+
}
|