@owox/idp-owox 0.8.0-next-20250924101714 → 0.8.0-next-20250924115234

package/README.md

@@ -50,9 +50,27 @@ IDP_OWOX_MYSQL_PASSWORD=your-secret
 IDP_OWOX_MYSQL_DB=idp_owox
 # Optional
 IDP_OWOX_MYSQL_CONNECTION_LIMIT=10
-IDP_OWOX_MYSQL_SSL={"rejectUnauthorized":true}
+IDP_OWOX_MYSQL_SSL=
 ```
 
+#### MySQL SSL
+
+`IDP_OWOX_MYSQL_SSL` enables TLS for MySQL (mysql2). Supported formats:
+
+- Boolean-like (strings)
+  - `true` → `{}` (enable TLS with default options: `rejectUnauthorized: true`)
+  - `false` or empty → no `ssl` field (TLS disabled)
+
+- JSON object (forwarded to mysql2 TLS options)
+  - Strict CA verification:
+    - `{"rejectUnauthorized": true}`
+  - Custom CA bundle (inline PEM):
+    - `{"rejectUnauthorized": true, "ca": "-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\\n"}`
+  - Mutual TLS (client cert + key):
+    - `{"rejectUnauthorized": true, "cert": "-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\\n", "key": "-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----\\n"}`
+  - Minimum TLS version (TLS 1.2):
+    - `{"minVersion": "TLSv1.2", "rejectUnauthorized": true}`
+
 ### 3. Authentication Flow
 
 1. Sign In: User is redirected to OWOX Platform sign-in page (`IDP_OWOX_PLATFORM_SIGN_IN_URL`)

package/dist/auth/MysqlAuthorizationStore.js

@@ -20,7 +20,7 @@ class MysqlAuthorizationStore {
             database: this.config.database,
             waitForConnections: true,
             connectionLimit: this.config.connectionLimit ?? 10,
-            ssl: this.config.ssl,
+            ...(this.config.ssl === undefined ? {} : { ssl: this.config.ssl }),
         });
         await this.getPool().query(`
         CREATE TABLE IF NOT EXISTS auth_states (

package/dist/config.d.ts

@@ -50,6 +50,7 @@ export declare const DbEnvSchema: z.ZodEffects<z.ZodDiscriminatedUnion<"IDP_OWOX
 } | {
     type: "mysql";
     mysql: {
+        ssl?: string | import("mysql2/promise").SslOptions | undefined;
         type: "mysql";
         host: string;
         port: number | undefined;
@@ -57,7 +58,6 @@ export declare const DbEnvSchema: z.ZodEffects<z.ZodDiscriminatedUnion<"IDP_OWOX
         password: string;
         database: string;
         connectionLimit: number | undefined;
-        ssl: string | import("mysql2/promise").SslOptions | undefined;
     };
     sqlite?: undefined;
 }, {
@@ -85,6 +85,7 @@ export declare function loadDbConfigFromEnv(env?: NodeJS.ProcessEnv): {
 } | {
     type: "mysql";
     mysql: {
+        ssl?: string | import("mysql2/promise").SslOptions | undefined;
         type: "mysql";
         host: string;
         port: number | undefined;
@@ -92,7 +93,6 @@ export declare function loadDbConfigFromEnv(env?: NodeJS.ProcessEnv): {
         password: string;
         database: string;
         connectionLimit: number | undefined;
-        ssl: string | import("mysql2/promise").SslOptions | undefined;
     };
     sqlite?: undefined;
 };

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,MAAM,IAAI,CAAC;AAmEpB,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6CtB,CAAC;AAEH,wBAAgB,mBAAmB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB;;;;;;;;;;;;;;;;;;;;;EAGvE;AAED,gDAAgD;AAEhD,QAAA,MAAM,2BAA2B;;;;;;;;;;;;;;;mBAaoB,EAAE,CAAC,WAAW;;;;;EAE/D,CAAC;AAEL,sDAAsD;AAEtD,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;EAYb,CAAC;AAEN,uCAAuC;AAEvC,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;EAYb,CAAC;AAEN,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AACnD,MAAM,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,EAAE;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC3E,MAAM,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,EAAE;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,CAAC,CAAC,OAAO,CAAC,CAAC;AAExE,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AACnF,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AACrD,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAErD,MAAM,MAAM,aAAa,GAAG;IAC1B,SAAS,EAAE,SAAS,CAAC;IACrB,wBAAwB,EAAE,wBAAwB,CAAC;IACnD,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,aAAa,CAgB5F"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,MAAM,IAAI,CAAC;AA6DpB,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqCtB,CAAC;AAEH,wBAAgB,mBAAmB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB;;;;;;;;;;;;;;;;;;;;;EAGvE;AAED,gDAAgD;AAEhD,QAAA,MAAM,2BAA2B;;;;;;;;;;;;;;;mBAaoB,EAAE,CAAC,WAAW;;;;;EAE/D,CAAC;AAEL,sDAAsD;AAEtD,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;EAYb,CAAC;AAEN,uCAAuC;AAEvC,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;EAYb,CAAC;AAEN,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AACnD,MAAM,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,EAAE;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC3E,MAAM,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,EAAE;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,CAAC,CAAC,OAAO,CAAC,CAAC;AAExE,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AACnF,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AACrD,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAErD,MAAM,MAAM,aAAa,GAAG;IAC1B,SAAS,EAAE,SAAS,CAAC;IACrB,wBAAwB,EAAE,wBAAwB,CAAC;IACnD,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,aAAa,CAgB5F"}

package/dist/config.js

@@ -11,6 +11,7 @@ const ms_1 = __importDefault(require("ms"));
 const env_paths_1 = __importDefault(require("env-paths"));
 const path_1 = require("path");
 const fs_1 = require("fs");
+const internal_helpers_1 = require("@owox/internal-helpers");
 const zMsString = zod_1.z
     .string()
     .refine((s) => (0, ms_1.default)(s) !== undefined, {
@@ -21,15 +22,6 @@ const parseCommaString = zod_1.z.string().transform(s => s
     .split(',')
     .map(x => x.trim())
     .filter(Boolean));
-function normalizeSsl(input) {
-    if (input == null || input === false)
-        return undefined;
-    if (input === true)
-        return {};
-    if (typeof input === 'string')
-        return input;
-    return undefined;
-}
 function getSqliteDefaultDbPath() {
     const paths = (0, env_paths_1.default)('owox', { suffix: '' });
     const dbPath = (0, path_1.join)(paths.data, 'sqlite', 'idp-owox.db');
@@ -81,15 +73,7 @@ exports.DbEnvSchema = DbEnvRaw.transform(e => {
     const connectionLimit = e.IDP_OWOX_MYSQL_CONNECTION_LIMIT
         ? Number(e.IDP_OWOX_MYSQL_CONNECTION_LIMIT)
         : undefined;
-    let sslRaw = undefined;
-    if (e.IDP_OWOX_MYSQL_SSL) {
-        try {
-            sslRaw = JSON.parse(e.IDP_OWOX_MYSQL_SSL);
-        }
-        catch {
-            sslRaw = e.IDP_OWOX_MYSQL_SSL;
-        }
-    }
+    const ssl = (0, internal_helpers_1.parseMysqlSslEnv)(e.IDP_OWOX_MYSQL_SSL);
     return {
         type: 'mysql',
         mysql: {
@@ -100,7 +84,7 @@ exports.DbEnvSchema = DbEnvRaw.transform(e => {
             password: e.IDP_OWOX_MYSQL_PASSWORD,
             database: e.IDP_OWOX_MYSQL_DB,
             connectionLimit,
-            ssl: normalizeSsl(sslRaw),
+            ...(ssl === undefined ? {} : { ssl }),
         },
     };
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@owox/idp-owox",
-  "version": "0.8.0-next-20250924101714",
+  "version": "0.8.0-next-20250924115234",
   "description": "Identity Provider implementation from OWOX",
   "author": "OWOX",
   "license": "ELv2",
@@ -21,7 +21,8 @@
     "prepublishOnly": "npm audit && npm run lint && npm run typecheck"
   },
   "dependencies": {
-    "@owox/idp-protocol": "0.8.0-next-20250924101714",
+    "@owox/idp-protocol": "0.8.0-next-20250924115234",
+    "@owox/internal-helpers": "0.8.0-next-20250924115234",
     "pkce-challenge": "^5.0.0",
     "cookie-parser": "^1.4.7",
     "env-paths": "^3.0.0",