@owox/idp-owox 0.12.0-next-20251105161542 → 0.12.0-next-20251106101648
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/AuthorizationStore.d.ts +3 -2
- package/dist/auth/AuthorizationStore.d.ts.map +1 -1
- package/dist/auth/MysqlAuthorizationStore.d.ts +2 -1
- package/dist/auth/MysqlAuthorizationStore.d.ts.map +1 -1
- package/dist/auth/MysqlAuthorizationStore.js +4 -4
- package/dist/auth/SqliteAuthorizationStore.d.ts +2 -1
- package/dist/auth/SqliteAuthorizationStore.d.ts.map +1 -1
- package/dist/auth/SqliteAuthorizationStore.js +4 -4
- package/dist/auth/StoreResult.d.ts +12 -0
- package/dist/auth/StoreResult.d.ts.map +1 -0
- package/dist/auth/StoreResult.js +22 -0
- package/dist/client/IdentityOwoxClient.d.ts.map +1 -1
- package/dist/client/IdentityOwoxClient.js +21 -2
- package/dist/exception.d.ts +17 -0
- package/dist/exception.d.ts.map +1 -0
- package/dist/exception.js +25 -0
- package/dist/owoxIdp.d.ts.map +1 -1
- package/dist/owoxIdp.js +36 -7
- package/package.json +3 -3
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
* Storage for mapping state -> code_verifier (PKCE).
|
|
3
3
|
* No ORM usage.
|
|
4
4
|
*/
|
|
5
|
+
import type { StoreResult } from './StoreResult';
|
|
5
6
|
export interface AuthorizationStore {
|
|
6
7
|
/**
|
|
7
8
|
* Initialize connections/resources and create schema if needed.
|
|
@@ -21,9 +22,9 @@ export interface AuthorizationStore {
|
|
|
21
22
|
save(state: string, codeVerifier: string, expiresAt?: Date | null): Promise<void>;
|
|
22
23
|
/**
|
|
23
24
|
* Get code_verifier by state.
|
|
24
|
-
*
|
|
25
|
+
* Returns StoreResult with either code (reason=null) or reason when code is not available.
|
|
25
26
|
*/
|
|
26
|
-
get(state: string): Promise<
|
|
27
|
+
get(state: string): Promise<StoreResult>;
|
|
27
28
|
/**
|
|
28
29
|
* Delete a record by state.
|
|
29
30
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthorizationStore.d.ts","sourceRoot":"","sources":["../../src/auth/AuthorizationStore.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;OAEG;IACH,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAE9B;;;;;;OAMG;IACH,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElF;;;OAGG;IACH,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"AuthorizationStore.d.ts","sourceRoot":"","sources":["../../src/auth/AuthorizationStore.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAEjD,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;OAEG;IACH,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAE9B;;;;;;OAMG;IACH,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElF;;;OAGG;IACH,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAEzC;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErC;;;OAGG;IACH,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhC;;OAEG;IACH,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import type { AuthorizationStore } from './AuthorizationStore';
|
|
2
2
|
import type { MysqlConfig } from '../config';
|
|
3
|
+
import { StoreResult } from './StoreResult';
|
|
3
4
|
/**
|
|
4
5
|
* MySQL implementation (mysql2/promise, no ORM).
|
|
5
6
|
*/
|
|
@@ -9,7 +10,7 @@ export declare class MysqlAuthorizationStore implements AuthorizationStore {
|
|
|
9
10
|
constructor(config: MysqlConfig);
|
|
10
11
|
initialize(): Promise<void>;
|
|
11
12
|
save(state: string, codeVerifier: string, expiresAt?: Date | null): Promise<void>;
|
|
12
|
-
get(state: string): Promise<
|
|
13
|
+
get(state: string): Promise<StoreResult>;
|
|
13
14
|
delete(state: string): Promise<void>;
|
|
14
15
|
purgeExpired(): Promise<number>;
|
|
15
16
|
shutdown(): Promise<void>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MysqlAuthorizationStore.d.ts","sourceRoot":"","sources":["../../src/auth/MysqlAuthorizationStore.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"MysqlAuthorizationStore.d.ts","sourceRoot":"","sources":["../../src/auth/MysqlAuthorizationStore.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C;;GAEG;AACH,qBAAa,uBAAwB,YAAW,kBAAkB;IAGpD,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,OAAO,CAAC,IAAI,CAAC,CAAO;gBAES,MAAM,EAAE,WAAW;IAE1C,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAgC3B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAcjF,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAqBxC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpC,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAO/B,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAOzB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IASnC,OAAO,CAAC,OAAO;CAIhB;AAED,eAAe,uBAAuB,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.MysqlAuthorizationStore = void 0;
|
|
4
|
+
const StoreResult_1 = require("./StoreResult");
|
|
4
5
|
/**
|
|
5
6
|
* MySQL implementation (mysql2/promise, no ORM).
|
|
6
7
|
*/
|
|
@@ -47,19 +48,18 @@ class MysqlAuthorizationStore {
|
|
|
47
48
|
created_at = CURRENT_TIMESTAMP`, [state, codeVerifier, exp]);
|
|
48
49
|
}
|
|
49
50
|
async get(state) {
|
|
50
|
-
await this.purgeExpired();
|
|
51
51
|
const [rows] = await this.getPool().execute(`SELECT code_verifier, expires_at FROM auth_states WHERE state = ? LIMIT 1`, [state]);
|
|
52
52
|
const row = Array.isArray(rows) && rows.length > 0
|
|
53
53
|
? rows[0]
|
|
54
54
|
: null;
|
|
55
55
|
if (!row)
|
|
56
|
-
return
|
|
56
|
+
return StoreResult_1.StoreResult.notFound();
|
|
57
57
|
const exp = row.expires_at ? new Date(row.expires_at) : null;
|
|
58
58
|
if (exp && exp.getTime() <= Date.now()) {
|
|
59
59
|
await this.delete(state);
|
|
60
|
-
return
|
|
60
|
+
return StoreResult_1.StoreResult.expired();
|
|
61
61
|
}
|
|
62
|
-
return row.code_verifier;
|
|
62
|
+
return StoreResult_1.StoreResult.withCode(row.code_verifier);
|
|
63
63
|
}
|
|
64
64
|
async delete(state) {
|
|
65
65
|
await this.getPool().execute(`DELETE FROM auth_states WHERE state = ?`, [state]);
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import type { AuthorizationStore } from './AuthorizationStore';
|
|
2
2
|
import type { SqliteConfig } from '../config';
|
|
3
|
+
import { StoreResult } from './StoreResult';
|
|
3
4
|
/**
|
|
4
5
|
* SQLite implementation (better-sqlite3, no ORM).
|
|
5
6
|
*/
|
|
@@ -9,7 +10,7 @@ export declare class SqliteAuthorizationStore implements AuthorizationStore {
|
|
|
9
10
|
constructor(config: SqliteConfig);
|
|
10
11
|
initialize(): Promise<void>;
|
|
11
12
|
save(state: string, codeVerifier: string, expiresAt?: Date | null): Promise<void>;
|
|
12
|
-
get(state: string): Promise<
|
|
13
|
+
get(state: string): Promise<StoreResult>;
|
|
13
14
|
delete(state: string): Promise<void>;
|
|
14
15
|
purgeExpired(): Promise<number>;
|
|
15
16
|
shutdown(): Promise<void>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SqliteAuthorizationStore.d.ts","sourceRoot":"","sources":["../../src/auth/SqliteAuthorizationStore.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"SqliteAuthorizationStore.d.ts","sourceRoot":"","sources":["../../src/auth/SqliteAuthorizationStore.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAE9C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C;;GAEG;AACH,qBAAa,wBAAyB,YAAW,kBAAkB;IAGrD,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,OAAO,CAAC,EAAE,CAAC,CAAW;gBAEO,MAAM,EAAE,YAAY;IAE3C,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB3B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAcjF,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAiBxC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpC,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAQ/B,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAOzB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IASnC,OAAO,CAAC,OAAO;IAKf,OAAO,CAAC,KAAK;CAId;AAED,eAAe,wBAAwB,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.SqliteAuthorizationStore = void 0;
|
|
4
|
+
const StoreResult_1 = require("./StoreResult");
|
|
4
5
|
/**
|
|
5
6
|
* SQLite implementation (better-sqlite3, no ORM).
|
|
6
7
|
*/
|
|
@@ -45,17 +46,16 @@ class SqliteAuthorizationStore {
|
|
|
45
46
|
async get(state) {
|
|
46
47
|
this.getDb();
|
|
47
48
|
const now = this.getTime();
|
|
48
|
-
await this.purgeExpired();
|
|
49
49
|
const row = this.getDb()
|
|
50
50
|
.prepare(`SELECT code_verifier, expires_at FROM auth_states WHERE state = ?`)
|
|
51
51
|
.get(state);
|
|
52
52
|
if (!row)
|
|
53
|
-
return
|
|
53
|
+
return StoreResult_1.StoreResult.notFound();
|
|
54
54
|
if (row.expires_at != null && row.expires_at <= now) {
|
|
55
55
|
await this.delete(state);
|
|
56
|
-
return
|
|
56
|
+
return StoreResult_1.StoreResult.expired();
|
|
57
57
|
}
|
|
58
|
-
return row.code_verifier;
|
|
58
|
+
return StoreResult_1.StoreResult.withCode(row.code_verifier);
|
|
59
59
|
}
|
|
60
60
|
async delete(state) {
|
|
61
61
|
this.getDb().prepare(`DELETE FROM auth_states WHERE state = ?`).run(state);
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export declare enum StoreReason {
|
|
2
|
+
NOT_FOUND = "not_found",
|
|
3
|
+
EXPIRED = "expired"
|
|
4
|
+
}
|
|
5
|
+
export declare class StoreResult {
|
|
6
|
+
code: string | null;
|
|
7
|
+
reason: StoreReason | null;
|
|
8
|
+
static withCode(code: string): StoreResult;
|
|
9
|
+
static notFound(): StoreResult;
|
|
10
|
+
static expired(): StoreResult;
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=StoreResult.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"StoreResult.d.ts","sourceRoot":"","sources":["../../src/auth/StoreResult.ts"],"names":[],"mappings":"AAAA,oBAAY,WAAW;IACrB,SAAS,cAAc;IACvB,OAAO,YAAY;CACpB;AAED,qBAAa,WAAW;IACtB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,EAAE,WAAW,GAAG,IAAI,CAAC;IAE3B,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW;IAG1C,MAAM,CAAC,QAAQ,IAAI,WAAW;IAG9B,MAAM,CAAC,OAAO,IAAI,WAAW;CAG9B"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.StoreResult = exports.StoreReason = void 0;
|
|
4
|
+
var StoreReason;
|
|
5
|
+
(function (StoreReason) {
|
|
6
|
+
StoreReason["NOT_FOUND"] = "not_found";
|
|
7
|
+
StoreReason["EXPIRED"] = "expired";
|
|
8
|
+
})(StoreReason || (exports.StoreReason = StoreReason = {}));
|
|
9
|
+
class StoreResult {
|
|
10
|
+
code;
|
|
11
|
+
reason;
|
|
12
|
+
static withCode(code) {
|
|
13
|
+
return { code, reason: null };
|
|
14
|
+
}
|
|
15
|
+
static notFound() {
|
|
16
|
+
return { code: null, reason: StoreReason.NOT_FOUND };
|
|
17
|
+
}
|
|
18
|
+
static expired() {
|
|
19
|
+
return { code: null, reason: StoreReason.EXPIRED };
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
exports.StoreResult = StoreResult;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IdentityOwoxClient.d.ts","sourceRoot":"","sources":["../../src/client/IdentityOwoxClient.ts"],"names":[],"mappings":"AACA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,YAAY,EAIb,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,wBAAwB,EAAE,MAAM,WAAW,CAAC;AAErD,OAAO,EAAE,QAAQ,EAAkB,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"IdentityOwoxClient.d.ts","sourceRoot":"","sources":["../../src/client/IdentityOwoxClient.ts"],"names":[],"mappings":"AACA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACrB,YAAY,EAIb,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,wBAAwB,EAAE,MAAM,WAAW,CAAC;AAErD,OAAO,EAAE,QAAQ,EAAkB,MAAM,oBAAoB,CAAC;AAG9D;;;GAGG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAgB;gBAEzB,MAAM,EAAE,wBAAwB;IAW5C;;OAEG;IACG,QAAQ,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;IAyBzD;;OAEG;IACG,WAAW,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAKtE;;OAEG;IACG,eAAe,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAUhF;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAUzD;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,YAAY,CAAC;CAIvC"}
|
|
@@ -8,6 +8,7 @@ const axios_1 = __importDefault(require("axios"));
|
|
|
8
8
|
const dto_1 = require("./dto");
|
|
9
9
|
const ms_1 = __importDefault(require("ms"));
|
|
10
10
|
const idp_protocol_1 = require("@owox/idp-protocol");
|
|
11
|
+
const exception_1 = require("../exception");
|
|
11
12
|
/**
|
|
12
13
|
* Represents a client for interacting with the Identity OWOX API.
|
|
13
14
|
* Provides methods for token management, validation, and retrieval of key sets.
|
|
@@ -28,8 +29,26 @@ class IdentityOwoxClient {
|
|
|
28
29
|
* POST /api/idp/token
|
|
29
30
|
*/
|
|
30
31
|
async getToken(req) {
|
|
31
|
-
|
|
32
|
-
|
|
32
|
+
try {
|
|
33
|
+
const { data } = await this.http.post('/api/idp/token', req);
|
|
34
|
+
return dto_1.TokenResponseSchema.parse(data);
|
|
35
|
+
}
|
|
36
|
+
catch (err) {
|
|
37
|
+
if (axios_1.default.isAxiosError(err)) {
|
|
38
|
+
const status = err.response?.status;
|
|
39
|
+
if (status === 401) {
|
|
40
|
+
throw new exception_1.AuthenticationException('Invalid or expired credentials', {
|
|
41
|
+
cause: err,
|
|
42
|
+
context: { req },
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
throw new exception_1.IdpFailedException(`Failed to get token: ${status}`, {
|
|
46
|
+
cause: err,
|
|
47
|
+
context: { req },
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
throw err;
|
|
51
|
+
}
|
|
33
52
|
}
|
|
34
53
|
/**
|
|
35
54
|
* POST /api/idp/revocation
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
export declare class AuthenticationException extends Error {
|
|
2
|
+
readonly cause?: unknown;
|
|
3
|
+
readonly context?: Record<string, unknown>;
|
|
4
|
+
constructor(message: string, opts?: {
|
|
5
|
+
cause?: unknown;
|
|
6
|
+
context?: Record<string, unknown>;
|
|
7
|
+
});
|
|
8
|
+
}
|
|
9
|
+
export declare class IdpFailedException extends Error {
|
|
10
|
+
readonly cause?: unknown;
|
|
11
|
+
readonly context?: Record<string, unknown>;
|
|
12
|
+
constructor(message: string, opts?: {
|
|
13
|
+
cause?: unknown;
|
|
14
|
+
context?: Record<string, unknown>;
|
|
15
|
+
});
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=exception.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exception.d.ts","sourceRoot":"","sources":["../src/exception.ts"],"names":[],"mappings":"AAAA,qBAAa,uBAAwB,SAAQ,KAAK;IAChD,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE/B,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE;CAM3F;AAED,qBAAa,kBAAmB,SAAQ,KAAK;IAC3C,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAE/B,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE;CAM3F"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.IdpFailedException = exports.AuthenticationException = void 0;
|
|
4
|
+
class AuthenticationException extends Error {
|
|
5
|
+
cause;
|
|
6
|
+
context;
|
|
7
|
+
constructor(message, opts) {
|
|
8
|
+
super(message);
|
|
9
|
+
this.name = 'AuthenticationException';
|
|
10
|
+
this.cause = opts?.cause;
|
|
11
|
+
this.context = opts?.context;
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
exports.AuthenticationException = AuthenticationException;
|
|
15
|
+
class IdpFailedException extends Error {
|
|
16
|
+
cause;
|
|
17
|
+
context;
|
|
18
|
+
constructor(message, opts) {
|
|
19
|
+
super(message);
|
|
20
|
+
this.name = 'IdpRequestFailedException';
|
|
21
|
+
this.cause = opts?.cause;
|
|
22
|
+
this.context = opts?.context;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
exports.IdpFailedException = IdpFailedException;
|
package/dist/owoxIdp.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"owoxIdp.d.ts","sourceRoot":"","sources":["../src/owoxIdp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAiB,MAAM,oBAAoB,CAAC;AAC/F,OAAO,CAAC,EAAE,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"owoxIdp.d.ts","sourceRoot":"","sources":["../src/owoxIdp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAiB,MAAM,oBAAoB,CAAC;AAC/F,OAAO,CAAC,EAAE,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAoBzC,qBAAa,OAAQ,YAAW,WAAW;IAK7B,OAAO,CAAC,QAAQ,CAAC,MAAM;IAJnC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAqB;IAC3C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAqB;IACpD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;gBAEH,MAAM,EAAE,aAAa;IAMlD,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAIrB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAW7D,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAU5C,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAiBvD,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK/C,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAInB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IAI7B,gBAAgB,CACpB,GAAG,EAAE,CAAC,CAAC,OAAO,EACd,GAAG,EAAE,CAAC,CAAC,QAAQ,EACf,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC;IAIvB,gBAAgB,CACpB,GAAG,EAAE,CAAC,CAAC,OAAO,EACd,GAAG,EAAE,CAAC,CAAC,QAAQ,EACf,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC;IAIvB,iBAAiB,CACrB,GAAG,EAAE,CAAC,CAAC,OAAO,EACd,GAAG,EAAE,CAAC,CAAC,QAAQ,EACf,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC;IASvB,iBAAiB,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAchF,qBAAqB,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAWrF,qBAAqB,CACzB,GAAG,EAAE,CAAC,CAAC,OAAO,EACd,GAAG,EAAE,CAAC,CAAC,QAAQ,EACf,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC;IA4C7B,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,GAAG,IAAI;YAuCtB,iBAAiB;YAyBjB,cAAc;IAmB5B,OAAO,CAAC,gBAAgB;IAiBxB,OAAO,CAAC,cAAc;IAItB,OAAO,CAAC,WAAW;CAOpB"}
|
package/dist/owoxIdp.js
CHANGED
|
@@ -12,6 +12,8 @@ const parseToken_1 = require("./token/parseToken");
|
|
|
12
12
|
const pkce_1 = require("./pkce");
|
|
13
13
|
const idpOwoxPayloadToPayloadMapper_1 = require("./mappers/idpOwoxPayloadToPayloadMapper");
|
|
14
14
|
const ms_1 = __importDefault(require("ms"));
|
|
15
|
+
const exception_1 = require("./exception");
|
|
16
|
+
const StoreResult_1 = require("./auth/StoreResult");
|
|
15
17
|
const COOKIE_NAME = 'refreshToken';
|
|
16
18
|
class OwoxIdp {
|
|
17
19
|
config;
|
|
@@ -119,9 +121,21 @@ class OwoxIdp {
|
|
|
119
121
|
return res.json(auth);
|
|
120
122
|
}
|
|
121
123
|
catch (error) {
|
|
122
|
-
this.logger.error(this.formatError(error));
|
|
123
124
|
res.clearCookie(COOKIE_NAME);
|
|
124
|
-
|
|
125
|
+
if (error instanceof exception_1.AuthenticationException) {
|
|
126
|
+
this.logger.info(this.formatError(error), {
|
|
127
|
+
context: error.name,
|
|
128
|
+
params: error.context,
|
|
129
|
+
cause: error.cause,
|
|
130
|
+
});
|
|
131
|
+
return res.json({ reason: 'atm4' });
|
|
132
|
+
}
|
|
133
|
+
if (error instanceof exception_1.IdpFailedException) {
|
|
134
|
+
this.logger.error('Access Token middleware failed with unexpected code', error.context, error.cause);
|
|
135
|
+
return res.json({ reason: 'atm5' });
|
|
136
|
+
}
|
|
137
|
+
this.logger.error(this.formatError(error));
|
|
138
|
+
return res.json({ reason: 'atm6' });
|
|
125
139
|
}
|
|
126
140
|
}
|
|
127
141
|
registerRoutes(app) {
|
|
@@ -142,7 +156,19 @@ class OwoxIdp {
|
|
|
142
156
|
res.redirect('/');
|
|
143
157
|
}
|
|
144
158
|
catch (error) {
|
|
145
|
-
|
|
159
|
+
if (error instanceof exception_1.AuthenticationException) {
|
|
160
|
+
this.logger.info(this.formatError(error), {
|
|
161
|
+
context: error.name,
|
|
162
|
+
params: error.context,
|
|
163
|
+
cause: error.cause,
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
else if (error instanceof exception_1.IdpFailedException) {
|
|
167
|
+
this.logger.error('Token Exchange callback failed with unexpected code', error.context, error.cause);
|
|
168
|
+
}
|
|
169
|
+
else {
|
|
170
|
+
this.logger.error(this.formatError(error));
|
|
171
|
+
}
|
|
146
172
|
return res.redirect(idp_protocol_1.ProtocolRoute.SIGN_IN);
|
|
147
173
|
}
|
|
148
174
|
});
|
|
@@ -165,14 +191,17 @@ class OwoxIdp {
|
|
|
165
191
|
res.redirect(redirectUrl.toString());
|
|
166
192
|
}
|
|
167
193
|
async changeAuthCode(code, state) {
|
|
168
|
-
const
|
|
169
|
-
if (!
|
|
170
|
-
|
|
194
|
+
const res = await this.store.get(state);
|
|
195
|
+
if (!res.code) {
|
|
196
|
+
if (res.reason == StoreResult_1.StoreReason.EXPIRED) {
|
|
197
|
+
throw new exception_1.AuthenticationException('Code verifier has expired');
|
|
198
|
+
}
|
|
199
|
+
throw new exception_1.IdpFailedException(`Code verifier is not available: ${res.reason ?? 'unknown'}`);
|
|
171
200
|
}
|
|
172
201
|
const request = {
|
|
173
202
|
grantType: 'authorization_code',
|
|
174
203
|
authCode: code,
|
|
175
|
-
codeVerifier:
|
|
204
|
+
codeVerifier: res.code,
|
|
176
205
|
clientId: this.config.idpConfig.clientId,
|
|
177
206
|
};
|
|
178
207
|
return await this.identityClient.getToken(request);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@owox/idp-owox",
|
|
3
|
-
"version": "0.12.0-next-
|
|
3
|
+
"version": "0.12.0-next-20251106101648",
|
|
4
4
|
"description": "Identity Provider implementation from OWOX",
|
|
5
5
|
"author": "OWOX",
|
|
6
6
|
"license": "ELv2",
|
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
"prepublishOnly": "npm run lint && npm run typecheck"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@owox/idp-protocol": "0.12.0-next-
|
|
25
|
-
"@owox/internal-helpers": "0.12.0-next-
|
|
24
|
+
"@owox/idp-protocol": "0.12.0-next-20251106101648",
|
|
25
|
+
"@owox/internal-helpers": "0.12.0-next-20251106101648",
|
|
26
26
|
"pkce-challenge": "^5.0.0",
|
|
27
27
|
"cookie-parser": "^1.4.7",
|
|
28
28
|
"env-paths": "^3.0.0",
|