@oslokommune/auth-bff 1.6.1 → 2.0.0-beta2

package/dist/middleware/oidc.mjs

@@ -1,220 +0,0 @@
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
-    if (kind === "m") throw new TypeError("Private method is not writable");
-    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
-    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
-    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
-};
-var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
-    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
-    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
-    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
-};
-var _OidcMiddleware_instances, _OidcMiddleware_clientManager, _OidcMiddleware_config, _OidcMiddleware_refreshPromises, _OidcMiddleware_refreshTokenSet, _OidcMiddleware_getFreshTokenSet;
-import { generators, TokenSet } from "openid-client";
-import { OidcClientManager } from "../client.mjs";
-import { redact } from "../utils.js";
-export class OidcMiddleware {
-    /**
-     * @private
-     * @param config
-     * @param clientManager
-     */
-    constructor(config, clientManager) {
-        _OidcMiddleware_instances.add(this);
-        _OidcMiddleware_clientManager.set(this, void 0);
-        _OidcMiddleware_config.set(this, void 0);
-        _OidcMiddleware_refreshPromises.set(this, {}
-        /**
-         * @private
-         * @param config
-         * @param clientManager
-         */
-        );
-        __classPrivateFieldSet(this, _OidcMiddleware_clientManager, clientManager, "f");
-        __classPrivateFieldSet(this, _OidcMiddleware_config, config, "f");
-    }
-    static create(config) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const clientManager = new OidcClientManager(config);
-            yield clientManager.init();
-            return new OidcMiddleware(config, clientManager);
-        });
-    }
-    get ensureFreshToken() {
-        return (req, res, next) => {
-            __classPrivateFieldGet(this, _OidcMiddleware_instances, "m", _OidcMiddleware_getFreshTokenSet).call(this, req).then(tokenSet => {
-                if (tokenSet) {
-                    req.tokenSet = tokenSet;
-                    next();
-                }
-                else {
-                    console.warn(`401: No valid tokenSet in session sid=${redact(req.session.id)}`);
-                    res.sendStatus(401);
-                }
-            }).catch(next);
-        };
-    }
-    get login() {
-        return (req, res) => {
-            const codeVerifier = generators.codeVerifier();
-            const codeChallenge = generators.codeChallenge(codeVerifier);
-            const stateKey = generators.state();
-            const redirectUrl = req.query.redirectUrl;
-            const authorizationUrl = __classPrivateFieldGet(this, _OidcMiddleware_clientManager, "f").client.authorizationUrl({
-                scope: "openid profile",
-                code_challenge: codeChallenge,
-                code_challenge_method: "S256",
-                resource: __classPrivateFieldGet(this, _OidcMiddleware_config, "f").resources,
-                state: stateKey
-            });
-            req.session.codeVerifier = codeVerifier;
-            req.session.stateKey = stateKey;
-            req.session.stateValue = { redirectUrl };
-            req.session.save(() => {
-                res.redirect(authorizationUrl);
-            });
-        };
-    }
-    get callback() {
-        return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
-            try {
-                const params = __classPrivateFieldGet(this, _OidcMiddleware_clientManager, "f").client.callbackParams(req);
-                const { codeVerifier, stateKey, stateValue } = req.session;
-                const redirectUri = `${req.protocol}://${req.headers.host}${__classPrivateFieldGet(this, _OidcMiddleware_config, "f").basePath}/auth/callback`;
-                const tokenSet = yield __classPrivateFieldGet(this, _OidcMiddleware_clientManager, "f").client.callback(redirectUri, params, {
-                    code_verifier: codeVerifier,
-                    state: stateKey
-                });
-                req.session.tokenSet = tokenSet;
-                const parsedTokenSet = new TokenSet(tokenSet);
-                req.session["idp-sid"] = parsedTokenSet.claims().sid;
-                delete req.session.codeVerifier;
-                delete req.session.stateKey;
-                delete req.session.stateValue;
-                req.session.save(() => {
-                    let redirectUrl = stateValue.redirectUrl;
-                    //only allow relative redirecturls:
-                    const absoluteUrlRegex = /^(?:[a-z+]+:)?\/\//;
-                    if (!redirectUrl || absoluteUrlRegex.test(redirectUrl)) {
-                        redirectUrl = __classPrivateFieldGet(this, _OidcMiddleware_config, "f").basePath || "/";
-                    }
-                    res.redirect(redirectUrl);
-                });
-            }
-            catch (e) {
-                console.error(e);
-                req.session.destroy(() => {
-                    next(e);
-                });
-            }
-        });
-    }
-    get user() {
-        return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            try {
-                const tokenSet = yield __classPrivateFieldGet(this, _OidcMiddleware_instances, "m", _OidcMiddleware_getFreshTokenSet).call(this, req);
-                if (!tokenSet) {
-                    return res.sendStatus(401);
-                }
-                let claims = tokenSet.claims();
-                if (__classPrivateFieldGet(this, _OidcMiddleware_config, "f").userClaims) {
-                    claims = __classPrivateFieldGet(this, _OidcMiddleware_config, "f").userClaims.reduce((acc, claim) => {
-                        acc[claim] = claims[claim];
-                        return acc;
-                    }, {});
-                }
-                return res.send(claims);
-            }
-            catch (e) {
-                console.error(`Error in /user sid=${redact((_a = req.session) === null || _a === void 0 ? void 0 : _a.id)}`, e);
-                next(e);
-            }
-        });
-    }
-    get logout() {
-        return (req, res) => {
-            const tokenSet = req.session.tokenSet && new TokenSet(req.session.tokenSet);
-            req.session.destroy(() => {
-                res.redirect(__classPrivateFieldGet(this, _OidcMiddleware_clientManager, "f").client.endSessionUrl({
-                    id_token_hint: tokenSet === null || tokenSet === void 0 ? void 0 : tokenSet.id_token,
-                }));
-            });
-        };
-    }
-    get frontChannelLogout() {
-        return (req, res) => __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            const { iss, sid } = req.query;
-            console.log(`Front channel logout: params iss=${iss}, sid=${redact(sid)}`);
-            if (sid) {
-                try {
-                    yield ((_a = req.destroySessionByIdpSid) === null || _a === void 0 ? void 0 : _a.call(req, sid));
-                }
-                catch (e) {
-                    console.error("Failed to destroy session", e);
-                }
-            }
-            res.sendStatus(200);
-        });
-    }
-}
-_OidcMiddleware_clientManager = new WeakMap(), _OidcMiddleware_config = new WeakMap(), _OidcMiddleware_refreshPromises = new WeakMap(), _OidcMiddleware_instances = new WeakSet(), _OidcMiddleware_refreshTokenSet = function _OidcMiddleware_refreshTokenSet(req, tokenSet) {
-    return __awaiter(this, void 0, void 0, function* () {
-        var _a;
-        var _b;
-        const sessionId = req.session.id;
-        const refreshToken = tokenSet.refresh_token;
-        const doRefresh = () => __awaiter(this, void 0, void 0, function* () {
-            console.log(`Token refresh starting. sid=${redact(sessionId)}`);
-            try {
-                const refreshedTokenSet = yield __classPrivateFieldGet(this, _OidcMiddleware_clientManager, "f").client.refresh(refreshToken);
-                console.log(`Token refresh OK. sid=${redact(sessionId)}`);
-                return refreshedTokenSet;
-            }
-            catch (err) {
-                console.log(`Token refresh failed. sid=${redact(sessionId)}`, err);
-                return null;
-            }
-        });
-        const refreshPromise = (_a = (_b = __classPrivateFieldGet(this, _OidcMiddleware_refreshPromises, "f"))[refreshToken]) !== null && _a !== void 0 ? _a : (_b[refreshToken] = doRefresh().finally(() => {
-            console.log(`Token refresh finished. Cleaning up. sid=${redact(sessionId)}`);
-            setTimeout(() => {
-                delete __classPrivateFieldGet(this, _OidcMiddleware_refreshPromises, "f")[refreshToken];
-            }, 10000);
-        }));
-        const refreshedTokenSet = yield refreshPromise;
-        if (refreshedTokenSet) {
-            Object.assign(req.session.tokenSet, refreshedTokenSet);
-        }
-        else {
-            req.session.tokenSet = null;
-        }
-        return req.session.tokenSet;
-    });
-}, _OidcMiddleware_getFreshTokenSet = function _OidcMiddleware_getFreshTokenSet(req) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const tokenSet = req.session.tokenSet && new TokenSet(req.session.tokenSet);
-        if (!tokenSet) {
-            console.log(`No tokenSet found in session sid=${redact(req.session.id)}`);
-            return;
-        }
-        if (tokenSet.expired()) {
-            console.log(`TokenSet expired sid=${redact(req.session.id)}`);
-            const newTokenSet = yield __classPrivateFieldGet(this, _OidcMiddleware_instances, "m", _OidcMiddleware_refreshTokenSet).call(this, req, tokenSet);
-            return newTokenSet && new TokenSet(newTokenSet);
-        }
-        else {
-            return tokenSet;
-        }
-    });
-};

package/dist/middleware/proxy-routes.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"proxy-routes.d.mts","sourceRoot":"","sources":["../../src/middleware/proxy-routes.mjs"],"names":[],"mappings":"AAGA,mEA4BC"}

package/dist/middleware/security-headers.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"security-headers.d.mts","sourceRoot":"","sources":["../../src/middleware/security-headers.mjs"],"names":[],"mappings":"AAGA,0FA+BC"}

package/dist/middleware/sessions/dynamoDbSessionStore.d.mts

@@ -1,2 +0,0 @@
-export function dynamoDbSessionStore(config?: {}): any;
-//# sourceMappingURL=dynamoDbSessionStore.d.mts.map

package/dist/middleware/sessions/dynamoDbSessionStore.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"dynamoDbSessionStore.d.mts","sourceRoot":"","sources":["../../../src/middleware/sessions/dynamoDbSessionStore.mjs"],"names":[],"mappings":"AA6BA,uDAcC"}

package/dist/middleware/sessions/memorySessionStore.d.mts

@@ -1,2 +0,0 @@
-export function memorySessionStore(config?: {}): any;
-//# sourceMappingURL=memorySessionStore.d.mts.map

package/dist/middleware/sessions/memorySessionStore.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"memorySessionStore.d.mts","sourceRoot":"","sources":["../../../src/middleware/sessions/memorySessionStore.mjs"],"names":[],"mappings":"AAQA,qDAIC"}

package/dist/middleware/sessions/sessions.d.mts

@@ -1,2 +0,0 @@
-export function sessions(config: any): any[];
-//# sourceMappingURL=sessions.d.mts.map

package/dist/middleware/sessions/sessions.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"sessions.d.mts","sourceRoot":"","sources":["../../../src/middleware/sessions/sessions.mjs"],"names":[],"mappings":"AAIA,6CAiCC"}

package/dist/middleware/static-routes.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"static-routes.d.mts","sourceRoot":"","sources":["../../src/middleware/static-routes.mjs"],"names":[],"mappings":"AAIA,+CAiBC"}

package/dist/react/AuthContext.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../src/react/AuthContext.tsx"],"names":[],"mappings":"AAGA,MAAM,MAAM,IAAI,GAAG;IACjB,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAA;CAC7B,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,SAAS,GAAG,eAAe,GAAG,iBAAiB,GAAG,SAAS,GAAG,OAAO,CAAC;IAC7E,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,EAAE,MAAM,IAAI,CAAA;IACjB,MAAM,EAAE,MAAM,IAAI,CAAA;CACnB,CAAA;AAED,eAAO,MAAM,WAAW,2CAAyD,CAAA"}

package/dist/react/AuthContextProvider.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AuthContextProvider.d.ts","sourceRoot":"","sources":["../../src/react/AuthContextProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAA8B,MAAM,OAAO,CAAC;AAK7D,KAAK,wBAAwB,GAAG;IAC9B,QAAQ,EAAE,SAAS,CAAA;IACnB,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,eAAe,EAAE,SAAS,CAAA;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED,wBAAgB,mBAAmB,CAAC,EACE,QAAQ,EACR,YAAoB,EACpB,eAAsB,EACtB,OAAY,EACZ,YAAY,EACb,EAAE,wBAAwB,+BA+F9D"}

package/dist/react/UseAuthContext.d.ts

@@ -1,2 +0,0 @@
-export declare function useAuthContext(required?: boolean): import("./AuthContext").AuthContextProps;
-//# sourceMappingURL=UseAuthContext.d.ts.map

package/dist/react/UseAuthContext.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"UseAuthContext.d.ts","sourceRoot":"","sources":["../../src/react/UseAuthContext.tsx"],"names":[],"mappings":"AAGA,wBAAgB,cAAc,CAAC,QAAQ,GAAE,OAAe,4CAOvD"}

package/dist/react/global-user.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"global-user.d.ts","sourceRoot":"","sources":["../../src/react/global-user.ts"],"names":[],"mappings":"AAEA,wBAAgB,cAAc,WAE7B;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,QAE1C"}

package/dist/react/index.d.ts

@@ -1,5 +0,0 @@
-export * from './AuthContext';
-export * from './AuthContextProvider';
-export * from './UseAuthContext';
-export { getCurrentUser } from './global-user';
-//# sourceMappingURL=index.d.ts.map

package/dist/react/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAA;AAC7B,cAAc,uBAAuB,CAAA;AACrC,cAAc,kBAAkB,CAAA;AAChC,OAAO,EAAC,cAAc,EAAC,MAAM,eAAe,CAAA"}

package/dist/react/index.js

@@ -1,4 +0,0 @@
-export * from './AuthContext';
-export * from './AuthContextProvider';
-export * from './UseAuthContext';
-export { getCurrentUser } from './global-user';

package/dist/react/poller.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"poller.d.ts","sourceRoot":"","sources":["../../src/react/poller.ts"],"names":[],"mappings":"AAoBA,wBAAgB,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,EAAE,cAAc,EAAE,MAAM,QAK3G;AAED,wBAAgB,IAAI,SAEnB"}

package/dist/react/poller.js

@@ -1,39 +0,0 @@
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-let timer;
-let lastChecked = Date.now();
-let callback;
-let poller;
-let minInterval;
-function doPoll() {
-    return __awaiter(this, void 0, void 0, function* () {
-        const now = Date.now();
-        const diff = now - lastChecked;
-        clearInterval(timer);
-        if (diff > minInterval) {
-            const res = yield poller();
-            callback(res);
-            lastChecked = now;
-            timer = setInterval(doPoll, minInterval);
-        }
-        else {
-            timer = setInterval(doPoll, minInterval - diff);
-        }
-    });
-}
-export function start(newChecker, newCallback, newMinInterval) {
-    poller = newChecker;
-    callback = newCallback;
-    minInterval = newMinInterval;
-    doPoll();
-}
-export function stop() {
-    clearInterval(timer);
-}

package/dist/utils.d.ts

@@ -1,2 +0,0 @@
-export function redact(string: any, length?: number): string;
-//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.js"],"names":[],"mappings":"AAAA,6DAEC"}

package/dist/utils.js

@@ -1,3 +0,0 @@
-export function redact(string, length = 5) {
-    return (string === null || string === void 0 ? void 0 : string.substring(0, length)) + '***';
-}

package/dist/vite-plugin.d.mts.map

@@ -1 +0,0 @@
-{"version":3,"file":"vite-plugin.d.mts","sourceRoot":"","sources":["../src/vite-plugin.mjs"],"names":[],"mappings":"AAwBA;;;;;;;;GAQG;AACH,kDAPa;IACT,IAAI,EAAE,KAAK,CAAC;IACZ,KAAK,EAAE,OAAO,CAAC;IACf,eAAe,EAAE,CAAC,CAAC,CAAS,IAAgB,EAAhB;QAAC,WAAW,EAAE,GAAC,CAAA;KAAC,KAAG,OAAO,CAAC,IAAI,CAAC,CAAC,GAAC,GAAC,CAAC,CAAC;IACjE,sBAAsB,EAAE,CAAC,CAAC,CAAS,IAAgB,EAAhB;QAAC,WAAW,EAAE,GAAC,CAAA;KAAC,KAAG,OAAO,CAAC,IAAI,CAAC,CAAC,GAAC,GAAC,CAAC,CAAA;CACvE,CASH"}

package/dist/vite-plugin.mjs

@@ -1,44 +0,0 @@
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-import express from "express";
-import { loadConfig } from "./config.mjs";
-import { OidcMiddleware } from "./middleware/oidc.mjs";
-function configureServer(configFile) {
-    return (_a) => __awaiter(this, [_a], void 0, function* ({ middlewares }) {
-        const { oidcRoutes } = yield import("./middleware/oidc-routes.mjs");
-        const { proxyRoutes } = yield import("./middleware/proxy-routes.mjs");
-        const { sessions } = yield import("./middleware/sessions/sessions.mjs");
-        const config = yield loadConfig(configFile);
-        const oidcMiddleware = yield OidcMiddleware.create(config);
-        const basePath = config.basePath || "/";
-        const app = express();
-        app.use(sessions(config));
-        app.use(basePath, oidcRoutes(oidcMiddleware));
-        app.use(basePath, proxyRoutes(config, oidcMiddleware));
-        middlewares.use(app);
-    });
-}
-/**
- *
- * @returns {{
- *  name: 'bff',
- *  apply: 'serve',
- *  configureServer: ((function({middlewares: *}): Promise<void>)|*),
- *  configurePreviewServer: ((function({middlewares: *}): Promise<void>)|*)
- * }}
- */
-export default function bff({ configFile } = {}) {
-    return {
-        name: 'bff',
-        apply: 'serve',
-        configureServer: configureServer(configFile),
-        configurePreviewServer: configureServer(configFile)
-    };
-}