@oslokommune/auth-bff 2.1.0 → 2.2.1

package/README.md

@@ -81,7 +81,7 @@ WORKDIR /application
 EXPOSE 8080
 COPY --from=build /home/app/dist /application/dist
 ENV NODE_ENV=production
-RUN npm install -g @oslokommune/auth-bff@2.1.0
+RUN npm install -g @oslokommune/auth-bff@<version>
 COPY bff.config.json /application/
 CMD ["auth-bff"]
 ```
@@ -164,7 +164,7 @@ This loads from the configured AWS environment. For this to work on your local m
 variable must be set, and you must be signed in to that profile
 
 > [!NOTE]  
->️ See [`config.ts`](src/config.ts) for a description of all config parameters
+>️ See [`config.ts`](src/config/config.ts) for a description of all config parameters
 
 ### Mixing public and protected routes
 
@@ -419,4 +419,39 @@ To use a nonce in your app, use `__CSP_NONCE__` in your html. It will be replace
 <script nonce="__CSP_NONCE__">
     ...
 </script>
-```
+```
+
+## Inject config
+
+If your application requires configuration that needs to be determined at runtime, you can use `injectConfig` to inject
+these values into a served html file:
+
+```json
+{
+  "injectConfig": {
+    "enableSomeFeature": true,
+    "publicToken": "{env:MY_PUBLIC_TOKEN}"
+  }
+}
+```
+
+Then add something this to your `index.html`:
+```html
+<script nonce="__CSP_NONCE__">
+    const injectedConfig = __INJECTED_CONFIG__
+</script>
+```
+
+When rendered, `__INJECTED_CONFIG__` will be replaced with the values from `injectConfig`: 
+
+```html
+<script nonce="abcdef123456">
+    const injectedConfig = {
+        "enableSomeFeature": true,
+        "publicToken": "pub123abc"
+    }
+</script>
+```
+
+> [!WARNING]  
+> Do not put any secrets or other sensitive values in the injected config, they will be publicly visible.

package/dist/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@oslokommune/auth-bff",
-    "version": "2.1.0",
+    "version": "2.2.1",
     "repository": "https://github.com/oslokommune/auth-bff.git",
     "publishConfig": {
         "access": "public"

package/dist/src/OpenIdConfigManager.d.ts

@@ -1,5 +1,5 @@
 import * as client from 'openid-client';
-import { BffConfig } from "./config.js";
+import { BffConfig } from "./config/config.js";
 export declare class OpenIdConfigManager {
     #private;
     constructor(config: BffConfig, serverMetadata?: client.ServerMetadata);

package/dist/src/OpenIdConfigManager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"OpenIdConfigManager.d.ts","sourceRoot":"","sources":["../../src/OpenIdConfigManager.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,MAAM,MAAM,eAAe,CAAA;AACvC,OAAO,EAAC,SAAS,EAAkB,MAAM,aAAa,CAAC;AASvD,qBAAa,mBAAmB;;gBAMlB,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,cAAc;IAK/D,IAAI;IA4BJ,kBAAkB;IAuCxB,IAAI,YAAY,yBAEf;CAEF"}
+{"version":3,"file":"OpenIdConfigManager.d.ts","sourceRoot":"","sources":["../../src/OpenIdConfigManager.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,MAAM,MAAM,eAAe,CAAA;AACvC,OAAO,EAAC,SAAS,EAAC,MAAM,oBAAoB,CAAC;AAU7C,qBAAa,mBAAmB;;gBAMlB,MAAM,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,cAAc;IAK/D,IAAI;IA4BJ,kBAAkB;IAuCxB,IAAI,YAAY,yBAEf;CAEF"}

package/dist/src/OpenIdConfigManager.js

@@ -14,7 +14,7 @@ var _OpenIdConfigManager_instances, _OpenIdConfigManager_bffConfig, _OpenIdConfi
 import forge from 'node-forge';
 import * as jose from 'jose';
 import * as client from 'openid-client';
-import { getSsmParameter } from "./config.js";
+import { getSsmParameter } from "./config/variable-loaders.js";
 export class OpenIdConfigManager {
     constructor(config, serverMetadata) {
         _OpenIdConfigManager_instances.add(this);
@@ -29,7 +29,7 @@ export class OpenIdConfigManager {
         if (__classPrivateFieldGet(this, _OpenIdConfigManager_bffConfig, "f").okDataIdPortenKeyName) {
             setInterval(async () => {
                 await this.updateOpenIdConfig();
-            }, 5 * 60 * 1000);
+            }, 5 * 60 * 1000).unref();
         }
     }
     async updateOpenIdConfig() {

package/dist/src/config/config.d.ts

@@ -0,0 +1,147 @@
+import { HelmetOptions } from "helmet";
+import session from "express-session";
+export type BffConfig = {
+    /**
+     * The port at which the app will be served. Only used in standalone mode, to change the port used during development,
+     * set it in your vite config instead.
+     */
+    port: number;
+    /**
+     * The base root path. Change if app is served from a non-root path.
+     *
+     * Default: `/`
+     */
+    basePath?: string;
+    /**
+     * The root path of the static resources to be served
+     *
+     * Default: `/dist`
+     */
+    staticRootPath?: string;
+    /**
+     * The issuer
+     *
+     * Example: `https://test.idporten.no/`
+     */
+    issuer: string;
+    /**
+     * The ID of the client
+     */
+    clientId: string;
+    /**
+     * Sets the scope parameter. Values are case-sensitive. Multiple values must be sepratated by space. Default: `openid profile`
+     */
+    scope: string;
+    /**
+     * The client secret. Not used if `okDataIdPortenKeyName` is set.
+     */
+    clientSecret?: string;
+    /**
+     * The redirect uri configured for the client
+     */
+    redirectUri: string;
+    /**
+     * The intended audience for the tokens. Value(s) set here can be used to verify audience on the recipient end.
+     * See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-indicators-05.
+     *
+     * Example: `["https://example.com/api1", "https://example.com/api2"]`
+     */
+    resources?: Array<string>;
+    /**
+     * express-session cookie options, note that if this is set, the below cookie*-options will have no effect
+     */
+    cookie?: session.CookieOptions;
+    /**
+     * Sets the Path attribute of the cookie. Should most likely be the same as basePath. See https://expressjs.com/en/resources/middleware/session.html
+     *
+     * Default: `/`
+     */
+    cookiePath?: string;
+    /**
+     * Sets the Secure attribute of the cookie. See https://expressjs.com/en/resources/middleware/session.html
+     *
+     * Default: `true`
+     */
+    cookieSecure?: boolean;
+    /**
+     * Sets the SameSite attribute of the cookie. See https://expressjs.com/en/resources/middleware/session.html
+     *
+     * Default: `"lax"`
+     */
+    cookieSameSite: boolean | "lax" | "none" | "strict";
+    /**
+     * The post logout redirect uri configured for the client
+     */
+    postLogoutRedirectUri: string;
+    /**
+     * The name of the key that okdata stored in parameter store.
+     *
+     * Example: `/okdata/maskinporten/11111111-2222-3333-4444-555555555555/key.json`
+     */
+    okDataIdPortenKeyName?: string;
+    /**
+     * Secret used to sign sessions. This can be any string, but should have at least 32 bytes of entropy in production.
+     */
+    sessionSecret: string;
+    /**
+     * The type of session store used. Only `memory` and `dynamodb` currently supported. `memory` is only for dev use
+     */
+    sessionStoreType: 'memory' | 'dynamodb';
+    /**
+     * Options that will be passed to the chosen sessionStore. Options depend on the type of store chosen
+     *
+     * Example: `{"table": "my-custom-dynamodb-table"}`
+     */
+    sessionStoreOptions?: object;
+    /**
+     * Map of paths and remote targets that will be forwarded by the proxy
+     *
+     * Example: `{'/api': 'http://example.com/api'}`
+     */
+    proxyTargets: {
+        [path: string]: string;
+    };
+    /**
+     * Like `proxyTargets`, but requests pass through anonymously — no session lookup, no Authorization
+     * header. Registered before `proxyTargets`, so a public path takes precedence over an overlapping
+     * protected one.
+     *
+     * Example: `{'/api/public': 'http://example.com/api/public'}`
+     */
+    publicProxyTargets?: {
+        [path: string]: string;
+    };
+    /**
+     * List of claims in the id_token that are returned by the /user-endpoint. By default all are returned
+     *
+     * Example: `["pid"]`
+     */
+    userClaims?: Array<string>;
+    /**
+     * Content security policy configuration passed to helmet.
+     * See https://github.com/helmetjs/helmet for details. Note that since the config in limited to json,
+     * some features are not supported. To set a nonce value, use the special value `"{nonce}"` instead.
+     *
+     *
+     * Example:
+     * ```json
+     *     {
+     *       "directives": {
+     *         "default-src": ["'self'", "https://*.oslo.kommune.no", "https://*.oslo.systems"],
+     *         "script-src": ["'self'", "{nonce}"],
+     *       ...
+     *       }
+     *     }
+     * ```
+     */
+    contentSecurityPolicy?: Exclude<HelmetOptions['contentSecurityPolicy'], Boolean>;
+    /**
+     * These values will be injected into index.html, replacing any `__INJECTED_CONFIG__` if present
+     */
+    injectConfig?: string | boolean | number | null | {
+        [k: string]: string | boolean | number | null;
+    };
+};
+export declare function replaceConfigValues(value: unknown): any;
+export declare function loadConfig(configFile?: string | Array<string>): Promise<BffConfig>;
+//# sourceMappingURL=config.d.ts.map

package/dist/src/config/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/config/config.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,aAAa,EAAC,MAAM,QAAQ,CAAC;AACrC,OAAO,OAAO,MAAM,iBAAiB,CAAC;AAGtC,MAAM,MAAM,SAAS,GAAG;IACtB;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAA;IACZ;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;IACnB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IACzB;;OAEG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAA;IAC9B;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB;;;;OAIG;IACH,cAAc,EAAE,OAAO,GAAG,KAAK,GAAG,MAAM,GAAG,QAAQ,CAAA;IACnD;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAA;IAC7B;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B;;OAEG;IACH,aAAa,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,gBAAgB,EAAE,QAAQ,GAAG,UAAU,CAAA;IACvC;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B;;;;OAIG;IACH,YAAY,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;IACxC;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;IAC/C;;;;OAIG;IACH,UAAU,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IAC1B;;;;;;;;;;;;;;;;OAgBG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC,CAAA;IAChF;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,IAAI,GAAG;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,IAAI,CAAA;KAAC,CAAA;CAClG,CAAA;AAaD,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,OAAO,OAuBvD;AAED,wBAAsB,UAAU,CAAC,UAAU,GAAE,MAAM,GAAG,KAAK,CAAC,MAAM,CAAqB,sBActF"}

package/dist/src/config/config.js

@@ -0,0 +1,54 @@
+import { findUp } from 'find-up';
+import { getEnv, getSsmParameter } from "./variable-loaders.js";
+const defaultConfig = {
+    basePath: "",
+    cookiePath: '/',
+    cookieSecure: true,
+    cookieSameSite: 'lax',
+    staticRootPath: './dist',
+    scope: 'openid profile'
+};
+let config;
+export async function replaceConfigValues(value) {
+    if (typeof value === "string") {
+        const [, varType, varName] = value.match(/\{(\w+):(.*)}/) ?? [];
+        if (varType === 'env') {
+            return getEnv(varName);
+        }
+        else if (varType === 'ssm') {
+            return await getSsmParameter(varName);
+        }
+        else if (varType) {
+            throw Error(`unknown varType: ${varType}`);
+        }
+        else {
+            return value;
+        }
+    }
+    else if (Array.isArray(value)) {
+        return Promise.all(value.map(replaceConfigValues));
+    }
+    else if (typeof value === "object" && value != null) {
+        const res = {};
+        for (const [key, val] of Object.entries(value)) {
+            res[key] = await replaceConfigValues(val);
+        }
+        return res;
+    }
+    else {
+        return value;
+    }
+}
+export async function loadConfig(configFile = 'bff.config.json') {
+    if (config)
+        return config;
+    const userConfigPath = await findUp(configFile);
+    if (!userConfigPath) {
+        throw Error(`Could not find config file ${configFile}`);
+    }
+    console.log('Loading config at', userConfigPath);
+    const { default: loadedConfig } = await import(userConfigPath, { with: { type: 'json' } });
+    const processedConfig = await replaceConfigValues(loadedConfig);
+    config = { ...defaultConfig, ...processedConfig };
+    return config;
+}

package/dist/src/config/variable-loaders.d.ts

@@ -0,0 +1,3 @@
+export declare function getEnv(env: string, defaultVal?: string, parseFn?: (val: string) => string): string;
+export declare function getSsmParameter(name: string, withDecryption?: boolean): Promise<string>;
+//# sourceMappingURL=variable-loaders.d.ts.map

package/dist/src/config/variable-loaders.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"variable-loaders.d.ts","sourceRoot":"","sources":["../../../src/config/variable-loaders.ts"],"names":[],"mappings":"AAEA,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,UAQzF;AAID,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,GAAE,OAAc,mBAMjF"}

package/dist/src/config/variable-loaders.js

@@ -0,0 +1,20 @@
+import { GetParameterCommand, SSMClient } from "@aws-sdk/client-ssm";
+export function getEnv(env, defaultVal, parseFn) {
+    if (process.env[env]) {
+        return parseFn ? parseFn(process.env[env]) : process.env[env];
+    }
+    else if (defaultVal !== undefined) {
+        return defaultVal;
+    }
+    else {
+        throw Error(`Missing env var: ${env}`);
+    }
+}
+let ssmClient;
+export async function getSsmParameter(name, withDecryption = true) {
+    ssmClient ?? (ssmClient = new SSMClient({}));
+    return ssmClient.send(new GetParameterCommand({
+        Name: name,
+        WithDecryption: withDecryption
+    })).then(p => p.Parameter.Value);
+}

package/dist/src/config.d.ts

@@ -135,8 +135,15 @@ export type BffConfig = {
      * ```
      */
     contentSecurityPolicy?: Exclude<HelmetOptions['contentSecurityPolicy'], Boolean>;
+    /**
+     * These values will be injected into index.html, replacing any `__INJECTED_CONFIG__` if present
+     */
+    injectConfig?: string | {
+        [k: string]: any;
+    };
 };
 export declare function getEnv(env: string, defaultVal?: string, parseFn?: (val: string) => string): string;
 export declare function getSsmParameter(name: string, withDecryption?: boolean): Promise<string>;
+export declare function replaceConfigValues(value: unknown): any;
 export declare function loadConfig(configFile?: string | Array<string>): Promise<BffConfig>;
 //# sourceMappingURL=config.d.ts.map

package/dist/src/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,aAAa,EAAC,MAAM,QAAQ,CAAC;AACrC,OAAO,OAAO,MAAM,iBAAiB,CAAC;AAEtC,MAAM,MAAM,SAAS,GAAG;IACtB;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAA;IACZ;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;IACnB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IACzB;;OAEG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAA;IAC9B;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB;;;;OAIG;IACH,cAAc,EAAE,OAAO,GAAG,KAAK,GAAG,MAAM,GAAG,QAAQ,CAAA;IACnD;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAA;IAC7B;;;;OAIG;IACH,qBAAqB,EAAE,MAAM,CAAA;IAC7B;;OAEG;IACH,aAAa,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,gBAAgB,EAAE,QAAQ,GAAG,UAAU,CAAA;IACvC;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B;;;;OAIG;IACH,YAAY,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;IACxC;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;IAC/C;;;;OAIG;IACH,UAAU,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IAC1B;;;;;;;;;;;;;;;;OAgBG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC,CAAA;CACjF,CAAA;AAWD,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,UAQzF;AAID,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,GAAE,OAAc,mBAMjF;AAID,wBAAsB,UAAU,CAAC,UAAU,GAAE,MAAM,GAAG,KAAK,CAAC,MAAM,CAAqB,sBAyBtF"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,aAAa,EAAC,MAAM,QAAQ,CAAC;AACrC,OAAO,OAAO,MAAM,iBAAiB,CAAC;AAEtC,MAAM,MAAM,SAAS,GAAG;IACtB;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAA;IACZ;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IACb;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,WAAW,EAAE,MAAM,CAAA;IACnB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IACzB;;OAEG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAA;IAC9B;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB;;;;OAIG;IACH,cAAc,EAAE,OAAO,GAAG,KAAK,GAAG,MAAM,GAAG,QAAQ,CAAA;IACnD;;OAEG;IACH,qBAAqB,EAAE,MAAM,CAAA;IAC7B;;;;OAIG;IACH,qBAAqB,EAAE,MAAM,CAAA;IAC7B;;OAEG;IACH,aAAa,EAAE,MAAM,CAAA;IACrB;;OAEG;IACH,gBAAgB,EAAE,QAAQ,GAAG,UAAU,CAAA;IACvC;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B;;;;OAIG;IACH,YAAY,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;IACxC;;;;;;OAMG;IACH,kBAAkB,CAAC,EAAE;QAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;IAC/C;;;;OAIG;IACH,UAAU,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IAC1B;;;;;;;;;;;;;;;;OAgBG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC,CAAA;IAChF;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,GAAG;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;KAAC,CAAA;CAC3C,CAAA;AAWD,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,UAQzF;AAID,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,GAAE,OAAc,mBAMjF;AAID,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,OAAO,OAuBvD;AAED,wBAAsB,UAAU,CAAC,UAAU,GAAE,MAAM,GAAG,KAAK,CAAC,MAAM,CAAqB,sBActF"}

package/dist/src/config.js

@@ -28,6 +28,36 @@ export async function getSsmParameter(name, withDecryption = true) {
     })).then(p => p.Parameter.Value);
 }
 let config;
+export async function replaceConfigValues(value) {
+    if (typeof value === "string") {
+        const [, varType, varName] = value.match(/\{(\w+):(.*)}/) ?? [];
+        if (varType === 'env') {
+            return getEnv(varName);
+        }
+        else if (varType === 'ssm') {
+            return await getSsmParameter(varName);
+        }
+        else if (varType) {
+            throw Error(`unknown varType: ${varType}`);
+        }
+        else {
+            return value;
+        }
+    }
+    else if (Array.isArray(value)) {
+        return Promise.all(value.map(replaceConfigValues));
+    }
+    else if (typeof value === "object" && value != null) {
+        const res = {};
+        for (const [key, val] of Object.entries(value)) {
+            res[key] = await replaceConfigValues(val);
+        }
+        return res;
+    }
+    else {
+        return value;
+    }
+}
 export async function loadConfig(configFile = 'bff.config.json') {
     if (config)
         return config;
@@ -37,20 +67,7 @@ export async function loadConfig(configFile = 'bff.config.json') {
     }
     console.log('Loading config at', userConfigPath);
     const { default: loadedConfig } = await import(userConfigPath, { with: { type: 'json' } });
-    for (const [key, value] of Object.entries(loadedConfig)) {
-        if (typeof value === "string") {
-            const [, varType, varName] = value.match(/\{(\w+):(.*)}/) ?? [];
-            if (varType === 'env') {
-                loadedConfig[key] = getEnv(varName);
-            }
-            else if (varType === 'ssm') {
-                loadedConfig[key] = await getSsmParameter(varName);
-            }
-            else if (varType) {
-                throw Error(`unknown varType: ${varType}`);
-            }
-        }
-    }
-    config = { ...defaultConfig, ...loadedConfig };
+    const processedConfig = await replaceConfigValues(loadedConfig);
+    config = { ...defaultConfig, ...processedConfig };
     return config;
 }

package/dist/src/middleware/OidcMiddleware.d.ts

@@ -1,5 +1,5 @@
 import { OpenIdConfigManager } from "../OpenIdConfigManager.js";
-import { BffConfig } from "../config.js";
+import { BffConfig } from "../config/config.js";
 import type { Request, Response, NextFunction } from 'express';
 export declare class OidcMiddleware {
     #private;

package/dist/src/middleware/OidcMiddleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"OidcMiddleware.d.ts","sourceRoot":"","sources":["../../../src/middleware/OidcMiddleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,mBAAmB,EAAC,MAAM,2BAA2B,CAAC;AAE9D,OAAO,EAAC,SAAS,EAAC,MAAM,cAAc,CAAC;AACvC,OAAO,KAAK,EAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAC,MAAM,SAAS,CAAA;AAK5D,qBAAa,cAAc;;IAKzB;;;;OAIG;gBACS,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,mBAAmB;WASpD,MAAM,CAAC,MAAM,EAAE,SAAS;IAgErC,IAAI,gBAAgB,KACV,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,UAWxD;IAED,IAAI,KAAK,KACO,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBA+B9D;IAqBD,IAAI,QAAQ,KACI,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBAuC9D;IAED,IAAI,IAAI,KACQ,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,iDAc9D;IAED,IAAI,MAAM,KACA,KAAK,OAAO,EAAE,KAAK,QAAQ,UASpC;IAED,IAAI,kBAAkB,KACN,KAAK,OAAO,EAAE,KAAK,QAAQ,mBAc1C;CACF"}
+{"version":3,"file":"OidcMiddleware.d.ts","sourceRoot":"","sources":["../../../src/middleware/OidcMiddleware.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,mBAAmB,EAAC,MAAM,2BAA2B,CAAC;AAE9D,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,KAAK,EAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAC,MAAM,SAAS,CAAA;AAK5D,qBAAa,cAAc;;IAKzB;;;;OAIG;gBACS,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,mBAAmB;WASpD,MAAM,CAAC,MAAM,EAAE,SAAS;IAgErC,IAAI,gBAAgB,KACV,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,UAWxD;IAED,IAAI,KAAK,KACO,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBA+B9D;IAqBD,IAAI,QAAQ,KACI,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBAuC9D;IAED,IAAI,IAAI,KACQ,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,iDAc9D;IAED,IAAI,MAAM,KACA,KAAK,OAAO,EAAE,KAAK,QAAQ,UASpC;IAED,IAAI,kBAAkB,KACN,KAAK,OAAO,EAAE,KAAK,QAAQ,mBAc1C;CACF"}

package/dist/src/middleware/inject-config.d.ts

@@ -0,0 +1,4 @@
+import { BffConfig } from "../config/config.js";
+import { Request, Response } from "express";
+export declare function injectConfig(config: BffConfig): (req: Request, originalResponse: Response, next: import("express").NextFunction) => void;
+//# sourceMappingURL=inject-config.d.ts.map

package/dist/src/middleware/inject-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"inject-config.d.ts","sourceRoot":"","sources":["../../../src/middleware/inject-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,MAAM,SAAS,CAAC;AAG1C,wBAAgB,YAAY,CAAC,MAAM,EAAE,SAAS,4FAQ7C"}

package/dist/src/middleware/inject-config.js

@@ -0,0 +1,10 @@
+import { stringReplace } from "string-replace-middleware";
+export function injectConfig(config) {
+    const injectConfigString = JSON.stringify(config.injectConfig)?.replace(/[&'<>]/g, '_ILLEGAL_CHAR_');
+    return stringReplace({
+        '__CSP_NONCE__': (_, res) => res.locals.cspNonce,
+        '__INJECTED_CONFIG__': injectConfigString,
+    }, {
+        contentTypeFilterRegexp: /^text\/html/
+    });
+}

package/dist/src/middleware/proxy-routes.d.ts

@@ -1,4 +1,4 @@
-import { BffConfig } from "../config.js";
+import { BffConfig } from "../config/config.js";
 import { OidcMiddleware } from "./OidcMiddleware.js";
 export declare function proxyRoutes(config: BffConfig, oidcMiddleware: OidcMiddleware): import("express-serve-static-core").Router;
 //# sourceMappingURL=proxy-routes.d.ts.map

package/dist/src/middleware/proxy-routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"proxy-routes.d.ts","sourceRoot":"","sources":["../../../src/middleware/proxy-routes.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,SAAS,EAAC,MAAM,cAAc,CAAC;AACvC,OAAO,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAEnD,wBAAgB,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,8CAoD5E"}
+{"version":3,"file":"proxy-routes.d.ts","sourceRoot":"","sources":["../../../src/middleware/proxy-routes.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAEnD,wBAAgB,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,8CAoD5E"}

package/dist/src/middleware/security-headers.d.ts

@@ -1,4 +1,4 @@
 import { Request, Response, NextFunction } from 'express';
-import { BffConfig } from "../config.js";
+import { BffConfig } from "../config/config.js";
 export declare function securityHeaders(config: BffConfig): ((_: Request, res: Response, next: NextFunction) => void)[];
 //# sourceMappingURL=security-headers.d.ts.map

package/dist/src/middleware/security-headers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"security-headers.d.ts","sourceRoot":"","sources":["../../../src/middleware/security-headers.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAC,MAAM,SAAS,CAAA;AACvD,OAAO,EAAC,SAAS,EAAC,MAAM,cAAc,CAAC;AAEvC,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,QAcR,OAAO,OAAO,QAAQ,QAAQ,YAAY,aAkBlF"}
+{"version":3,"file":"security-headers.d.ts","sourceRoot":"","sources":["../../../src/middleware/security-headers.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAC,MAAM,SAAS,CAAA;AACvD,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAE9C,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,QAcR,OAAO,OAAO,QAAQ,QAAQ,YAAY,aAkBlF"}

package/dist/src/middleware/sessions/sessions.d.ts

@@ -1,3 +1,3 @@
-import { BffConfig } from "../../config.js";
+import { BffConfig } from "../../config/config.js";
 export declare function sessions(config: BffConfig): import("express").RequestHandler<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>[];
 //# sourceMappingURL=sessions.d.ts.map

package/dist/src/middleware/sessions/sessions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sessions.d.ts","sourceRoot":"","sources":["../../../../src/middleware/sessions/sessions.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAG1C,wBAAgB,QAAQ,CAAC,MAAM,EAAE,SAAS,kJAiCzC"}
+{"version":3,"file":"sessions.d.ts","sourceRoot":"","sources":["../../../../src/middleware/sessions/sessions.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,SAAS,EAAC,MAAM,wBAAwB,CAAC;AAGjD,wBAAgB,QAAQ,CAAC,MAAM,EAAE,SAAS,kJAiCzC"}

package/dist/src/middleware/static-routes.d.ts

@@ -1,3 +1,3 @@
-import { BffConfig } from "../config.js";
+import { BffConfig } from "../config/config.js";
 export declare function staticRoutes(config: BffConfig): import("express-serve-static-core").Router;
 //# sourceMappingURL=static-routes.d.ts.map

package/dist/src/middleware/static-routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"static-routes.d.ts","sourceRoot":"","sources":["../../../src/middleware/static-routes.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,SAAS,EAAC,MAAM,cAAc,CAAC;AAEvC,wBAAgB,YAAY,CAAC,MAAM,EAAE,SAAS,8CAiB7C"}
+{"version":3,"file":"static-routes.d.ts","sourceRoot":"","sources":["../../../src/middleware/static-routes.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAG9C,wBAAgB,YAAY,CAAC,MAAM,EAAE,SAAS,8CAY7C"}

package/dist/src/middleware/static-routes.js

@@ -1,19 +1,15 @@
 import express from "express";
-import { stringReplace } from "string-replace-middleware";
 import path from "path";
+import { injectConfig } from "./inject-config.js";
 export function staticRoutes(config) {
     const router = express.Router();
-    router.use(stringReplace({
-        '__CSP_NONCE__': (_, res) => res.locals.cspNonce
-    }, {
-        contentTypeFilterRegexp: /^text\/html/
-    }));
+    router.use(injectConfig(config));
     const staticPath = path.resolve(process.cwd(), config.staticRootPath);
     console.log(`Serving static content from '${staticPath}'`);
     router.use(express.static(staticPath, { index: false }));
     router.get('*', function (_, res) {
         res.set('Cache-Control', 'no-store');
-        res.sendFile(path.resolve(staticPath, 'index.html'));
+        res.sendFile(path.resolve(staticPath, 'index.html'), { etag: false });
     });
     return router;
 }

package/dist/src/server.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import express from "express";
 import compression from "compression";
-import { loadConfig } from './config.js';
+import { loadConfig } from './config/config.js';
 import { proxyRoutes } from "./middleware/proxy-routes.js";
 import { staticRoutes } from "./middleware/static-routes.js";
 import { securityHeaders } from "./middleware/security-headers.js";
@@ -35,9 +35,15 @@ app.use(basePath, staticRoutes(config));
 const server = app.listen(port, () => {
     console.log(`auth-bff ${packageJson.version} started on port ${port}`);
 });
-process.on('SIGTERM', () => {
-    console.log('SIGTERM received. Closing...');
+const shutdown = (signal) => {
+    console.log(`${signal} received. Closing...`);
     server.close(() => {
         console.log('Server closed');
     });
-});
+    setTimeout(() => {
+        console.warn('Forced shutdown after timeout');
+        process.exit();
+    }, 10000).unref();
+};
+process.on('SIGTERM', () => shutdown('SIGTERM'));
+process.on('SIGINT', () => shutdown('SIGINT'));

package/dist/src/vite-plugin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"vite-plugin.d.ts","sourceRoot":"","sources":["../../src/vite-plugin.ts"],"names":[],"mappings":"AAGA,OAAO,EAAgB,MAAM,EAAC,MAAM,MAAM,CAAA;AAsB1C,MAAM,CAAC,OAAO,UAAU,GAAG,CAAC,EAAC,UAAU,EAAC,GAAE;IAAC,UAAU,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAA;CAAM,GAAG,MAAM,CAO5F"}
+{"version":3,"file":"vite-plugin.d.ts","sourceRoot":"","sources":["../../src/vite-plugin.ts"],"names":[],"mappings":"AAGA,OAAO,EAAgB,MAAM,EAAC,MAAM,MAAM,CAAA;AAwB1C,MAAM,CAAC,OAAO,UAAU,GAAG,CAAC,EAAC,UAAU,EAAC,GAAE;IAAC,UAAU,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAA;CAAM,GAAG,MAAM,CAO5F"}

package/dist/src/vite-plugin.js

@@ -1,6 +1,7 @@
 import express from "express";
-import { loadConfig } from "./config.js";
+import { loadConfig } from "./config/config.js";
 import { OidcMiddleware } from "./middleware/OidcMiddleware.js";
+import { injectConfig } from "./middleware/inject-config.js";
 function configureServer(configFilePath) {
     return async ({ middlewares }) => {
         const { oidcRoutes } = await import("./middleware/oidc-routes.js");
@@ -13,6 +14,7 @@ function configureServer(configFilePath) {
         app.use(sessions(config));
         app.use(basePath, oidcRoutes(oidcMiddleware));
         app.use(basePath, proxyRoutes(config, oidcMiddleware));
+        app.use(basePath, injectConfig(config));
         middlewares.use(app);
     };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oslokommune/auth-bff",
-  "version": "2.1.0",
+  "version": "2.2.1",
   "repository": "https://github.com/oslokommune/auth-bff.git",
   "publishConfig": {
     "access": "public"