@powersync/service-core 1.13.3 → 1.13.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/dist/auth/CachedKeyCollector.js +26 -2
- package/dist/auth/CachedKeyCollector.js.map +1 -1
- package/dist/auth/KeySpec.d.ts +1 -0
- package/dist/auth/KeySpec.js +12 -0
- package/dist/auth/KeySpec.js.map +1 -1
- package/dist/auth/KeyStore.js +2 -2
- package/dist/auth/KeyStore.js.map +1 -1
- package/dist/auth/RemoteJWKSCollector.js +6 -2
- package/dist/auth/RemoteJWKSCollector.js.map +1 -1
- package/dist/routes/auth.d.ts +1 -21
- package/dist/routes/auth.js +1 -97
- package/dist/routes/auth.js.map +1 -1
- package/dist/util/config/compound-config-collector.js +0 -13
- package/dist/util/config/compound-config-collector.js.map +1 -1
- package/dist/util/config/types.d.ts +0 -12
- package/dist/util/util-index.d.ts +1 -0
- package/dist/util/util-index.js +1 -0
- package/dist/util/util-index.js.map +1 -1
- package/dist/util/version.d.ts +1 -0
- package/dist/util/version.js +3 -0
- package/dist/util/version.js.map +1 -0
- package/package.json +4 -4
- package/src/auth/CachedKeyCollector.ts +25 -3
- package/src/auth/KeySpec.ts +14 -0
- package/src/auth/KeyStore.ts +2 -2
- package/src/auth/RemoteJWKSCollector.ts +6 -2
- package/src/routes/auth.ts +1 -124
- package/src/util/config/compound-config-collector.ts +0 -16
- package/src/util/config/types.ts +0 -11
- package/src/util/util-index.ts +1 -0
- package/src/util/version.ts +3 -0
- package/tsconfig.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,19 @@
|
|
|
1
1
|
# @powersync/service-core
|
|
2
2
|
|
|
3
|
+
## 1.13.4
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- a60f2c7: [MongoDB Storage] Improve error messages for checksum query timeouts
|
|
8
|
+
- 71cf892: Add 'powersync' or 'powersync-storage' as the app name for database connections.
|
|
9
|
+
- ba1ceef: Remove unused dev config.
|
|
10
|
+
- 60bf5f9: [MongoDB Replication] Fix resumeTokens going back in time on busy change streams.
|
|
11
|
+
- f1431b6: Improve diagnostics in logs for JWKS timeouts.
|
|
12
|
+
- Updated dependencies [ba1ceef]
|
|
13
|
+
- @powersync/service-types@0.12.1
|
|
14
|
+
- @powersync/lib-services-framework@0.7.1
|
|
15
|
+
- @powersync/service-rsocket-router@0.1.2
|
|
16
|
+
|
|
3
17
|
## 1.13.3
|
|
4
18
|
|
|
5
19
|
### Patch Changes
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import timers from 'timers/promises';
|
|
2
2
|
import { LeakyBucket } from './LeakyBucket.js';
|
|
3
|
+
import { AuthorizationError, ErrorCode, logger } from '@powersync/lib-services-framework';
|
|
3
4
|
import { mapAuthConfigError } from './utils.js';
|
|
4
5
|
/**
|
|
5
6
|
* Manages caching and refreshing for a key collector.
|
|
@@ -58,8 +59,23 @@ export class CachedKeyCollector {
|
|
|
58
59
|
// e.g. in the case of waiting for error retries.
|
|
59
60
|
// In the case of very slow requests, we don't wait for it to complete, but the
|
|
60
61
|
// request can still complete in the background.
|
|
61
|
-
const
|
|
62
|
-
|
|
62
|
+
const WAIT_TIMEOUT_SECONDS = 3;
|
|
63
|
+
const timeout = timers.setTimeout(WAIT_TIMEOUT_SECONDS * 1000).then(() => {
|
|
64
|
+
throw new AuthorizationError(ErrorCode.PSYNC_S2204, `JWKS request failed`, {
|
|
65
|
+
cause: { message: `Key request timed out in ${WAIT_TIMEOUT_SECONDS}s`, name: 'AbortError' }
|
|
66
|
+
});
|
|
67
|
+
});
|
|
68
|
+
try {
|
|
69
|
+
await Promise.race([this.refreshPromise, timeout]);
|
|
70
|
+
}
|
|
71
|
+
catch (e) {
|
|
72
|
+
if (e instanceof AuthorizationError) {
|
|
73
|
+
return { keys: this.currentKeys, errors: [...this.currentErrors, e] };
|
|
74
|
+
}
|
|
75
|
+
else {
|
|
76
|
+
throw e;
|
|
77
|
+
}
|
|
78
|
+
}
|
|
63
79
|
}
|
|
64
80
|
return { keys: this.currentKeys, errors: this.currentErrors };
|
|
65
81
|
}
|
|
@@ -86,8 +102,16 @@ export class CachedKeyCollector {
|
|
|
86
102
|
this.currentErrors = errors;
|
|
87
103
|
this.keyTimestamp = Date.now();
|
|
88
104
|
this.error = false;
|
|
105
|
+
// Due to caching and background refresh behavior, errors are not always propagated to the request handler,
|
|
106
|
+
// so we log them here.
|
|
107
|
+
for (let error of errors) {
|
|
108
|
+
logger.error(`Soft key refresh error`, error);
|
|
109
|
+
}
|
|
89
110
|
}
|
|
90
111
|
catch (e) {
|
|
112
|
+
// Due to caching and background refresh behavior, errors are not always propagated to the request handler,
|
|
113
|
+
// so we log them here.
|
|
114
|
+
logger.error(`Hard key refresh error`, e);
|
|
91
115
|
this.error = true;
|
|
92
116
|
// No result - keep previous keys
|
|
93
117
|
this.currentErrors = [mapAuthConfigError(e)];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CachedKeyCollector.js","sourceRoot":"","sources":["../../src/auth/CachedKeyCollector.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,iBAAiB,CAAC;AAErC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"CachedKeyCollector.js","sourceRoot":"","sources":["../../src/auth/CachedKeyCollector.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,iBAAiB,CAAC;AAErC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC1F,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEhD;;;;;;;;;GASG;AAEH,MAAM,OAAO,kBAAkB;IAgCT;IA/BZ,WAAW,GAAc,EAAE,CAAC;IACpC;;OAEG;IACK,YAAY,GAAW,CAAC,CAAC;IAEjC;;OAEG;IACK,yBAAyB,GAAG,MAAM,CAAC;IAE3C;;;;OAIG;IACK,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAE5E;;OAEG;IACK,SAAS,GAAG,OAAO,CAAC;IAEpB,aAAa,GAAyB,EAAE,CAAC;IACjD;;OAEG;IACK,KAAK,GAAG,KAAK,CAAC;IAEd,cAAc,GAA8B,SAAS,CAAC;IAE9D,YAAoB,MAAoB;QAApB,WAAM,GAAN,MAAM,CAAc;IAAG,CAAC;IAE5C,KAAK,CAAC,OAAO;QACX,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,GAAG,GAAG,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC7C,4BAA4B;YAC5B,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;QACxB,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACxB,8BAA8B;YAC9B,gCAAgC;YAChC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC;QAED,IAAI,GAAG,GAAG,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC7C,iDAAiD;YACjD,0DAA0D;YAC1D,iDAAiD;YACjD,+EAA+E;YAC/E,gDAAgD;YAChD,MAAM,oBAAoB,GAAG,CAAC,CAAC;YAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;gBACvE,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,qBAAqB,EAAE;oBACzE,KAAK,EAAE,EAAE,OAAO,EAAE,4BAA4B,oBAAoB,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE;iBAC5F,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,kBAAkB,EAAE,CAAC;oBACpC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,CAAC;gBACxE,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC;IAChE,CAAC;IAEO,OAAO;QACb,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,EAAE,CAAC;YAChC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;gBAChC,OAAO;YACT,CAAC;YACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;gBACrD,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;YAClC,CAAC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,UAAU;QACd,8CAA8C;QAC9C,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;IACvB,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACrD,yBAAyB;YACzB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;YAC5B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC/B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YAEnB,2GAA2G;YAC3G,uBAAuB;YACvB,KAAK,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;gBACzB,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,2GAA2G;YAC3G,uBAAuB;YACvB,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,iCAAiC;YACjC,IAAI,CAAC,aAAa,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAEO,YAAY;QAClB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,IAAI,CAAC,yBAAyB,EAAE,CAAC;YACvF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAY;QAChC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC;QAC1B,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,IAAI,CAAC;QAC5C,MAAM,IAAI,CAAC,cAAc,CAAC;IAC5B,CAAC;CACF"}
|
package/dist/auth/KeySpec.d.ts
CHANGED
|
@@ -23,6 +23,7 @@ export declare class KeySpec {
|
|
|
23
23
|
static importKey(key: jose.JWK, options?: KeyOptions): Promise<KeySpec>;
|
|
24
24
|
constructor(source: jose.JWK, key: jose.KeyLike, options?: KeyOptions);
|
|
25
25
|
get kid(): string | undefined;
|
|
26
|
+
get description(): string;
|
|
26
27
|
matchesAlgorithm(jwtAlg: string): boolean;
|
|
27
28
|
isValidSignature(token: string): Promise<boolean>;
|
|
28
29
|
}
|
package/dist/auth/KeySpec.js
CHANGED
|
@@ -20,6 +20,18 @@ export class KeySpec {
|
|
|
20
20
|
get kid() {
|
|
21
21
|
return this.source.kid;
|
|
22
22
|
}
|
|
23
|
+
get description() {
|
|
24
|
+
let details = [];
|
|
25
|
+
details.push(`kid: ${this.kid ?? '*'}`);
|
|
26
|
+
details.push(`kty: ${this.source.kty}`);
|
|
27
|
+
if (this.source.alg != null) {
|
|
28
|
+
details.push(`alg: ${this.source.alg}`);
|
|
29
|
+
}
|
|
30
|
+
if (this.options.requiresAudience != null) {
|
|
31
|
+
details.push(`aud: ${this.options.requiresAudience.join(', ')}`);
|
|
32
|
+
}
|
|
33
|
+
return `<${details.filter((x) => x != null).join(', ')}>`;
|
|
34
|
+
}
|
|
23
35
|
matchesAlgorithm(jwtAlg) {
|
|
24
36
|
if (this.source.alg) {
|
|
25
37
|
return jwtAlg === this.source.alg;
|
package/dist/auth/KeySpec.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"KeySpec.js","sourceRoot":"","sources":["../../src/auth/KeySpec.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC1D,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,CAAC;AACxC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,GAAG,cAAc,CAAC,CAAC;AAgB/G,MAAM,OAAO,OAAO;IAClB,GAAG,CAAe;IAClB,MAAM,CAAW;IACjB,OAAO,CAAa;IAEpB,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAa,EAAE,OAAoB;QACxD,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAiB,CAAC;QAC3D,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,YAAY,MAAgB,EAAE,GAAiB,EAAE,OAAoB;QACnE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IAC/B,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;IACzB,CAAC;IAED,gBAAgB,CAAC,MAAc;QAC7B,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACpB,OAAO,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;QACpC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,CAAC,IAAI,KAAK,uCAAuC,EAAE,CAAC;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,iCAAiC;gBACjC,MAAM,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"KeySpec.js","sourceRoot":"","sources":["../../src/auth/KeySpec.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC1D,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,CAAC;AACxC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,GAAG,cAAc,CAAC,CAAC;AAgB/G,MAAM,OAAO,OAAO;IAClB,GAAG,CAAe;IAClB,MAAM,CAAW;IACjB,OAAO,CAAa;IAEpB,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAa,EAAE,OAAoB;QACxD,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAiB,CAAC;QAC3D,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,YAAY,MAAgB,EAAE,GAAiB,EAAE,OAAoB;QACnE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IAC/B,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;IACzB,CAAC;IAED,IAAI,WAAW;QACb,IAAI,OAAO,GAAa,EAAE,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IAC5D,CAAC;IAED,gBAAgB,CAAC,MAAc;QAC7B,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACpB,OAAO,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;QACpC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,CAAC,IAAI,KAAK,uCAAuC,EAAE,CAAC;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,iCAAiC;gBACjC,MAAM,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;CACF"}
|
package/dist/auth/KeyStore.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AuthorizationError, ErrorCode, logger } from '@powersync/lib-services-framework';
|
|
2
2
|
import * as jose from 'jose';
|
|
3
3
|
import secs from '../util/secs.js';
|
|
4
4
|
import { SUPPORTED_ALGORITHMS } from './KeySpec.js';
|
|
@@ -138,7 +138,7 @@ export class KeyStore {
|
|
|
138
138
|
logger.error(`Failed to refresh keys`, e);
|
|
139
139
|
});
|
|
140
140
|
throw new AuthorizationError(ErrorCode.PSYNC_S2101, 'Could not find an appropriate key in the keystore. The key is missing or no key matched the token KID', {
|
|
141
|
-
configurationDetails: `Known
|
|
141
|
+
configurationDetails: `Known keys: ${keys.map((key) => key.description).join(', ')}`
|
|
142
142
|
// tokenDetails automatically populated later
|
|
143
143
|
});
|
|
144
144
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"KeyStore.js","sourceRoot":"","sources":["../../src/auth/KeyStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"KeyStore.js","sourceRoot":"","sources":["../../src/auth/KeyStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC1F,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,IAAI,MAAM,iBAAiB,CAAC;AAGnC,OAAO,EAAuB,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,OAAO,QAAQ;IACnB;;OAEG;IACH,SAAS,CAAY;IAErB,YAAY,SAAoB;QAC9B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,OAAuD;QACpF,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE;YAC9D,oFAAoF;YACpF,sCAAsC;YACtC,cAAc,EAAE,EAAE;YAClB,0EAA0E;YAC1E,UAAU,EAAE,oBAAoB;YAChC,oFAAoF;YACpF,cAAc,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;SACtC,CAAC,CAAC;QAEH,IAAI,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACzC,IAAI,UAAU,CAAC,gBAAgB,EAAE,CAAC;YAChC,kCAAkC;YAClC,SAAS,GAAG,UAAU,CAAC,gBAAgB,CAAC;QAC1C,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC;QAEpC,IAAI,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC;QAC3B,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,+CAA+C,EAAE;gBACnG,oBAAoB,EAAE,uDAAuD,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;aACzG,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,CAAC;QACD,IACE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YACd,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC,CAAC,EACF,CAAC;YACD,MAAM,IAAI,kBAAkB,CAC1B,SAAS,CAAC,WAAW,EACrB,iCAAiC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EACnE,EAAE,oBAAoB,EAAE,uDAAuD,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,EAAE,CAC7G,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,GAAI,GAAG,YAAY,CAAC,GAAI,CAAC;QAE5D,wFAAwF;QACxF,8BAA8B;QAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,kBAAkB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,IAAI,aAAa,GAAG,MAAM,EAAE,CAAC;YAC3B,MAAM,IAAI,kBAAkB,CAC1B,SAAS,CAAC,WAAW,EACrB,qCAAqC,MAAM,iBAAiB,aAAa,GAAG,CAC7E,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC;QAC3C,IAAI,UAAU,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,OAAO,UAAU,IAAI,QAAQ,CAAC,EAAE,CAAC;YACvF,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,sCAAsC,CAAC,CAAC;QAC9F,CAAC;QAED,OAAO,YAA0B,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,OAA8B;QACxE,IAAI,UAAU,GAA2B,SAAS,CAAC;QACnD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CACjC,KAAK,EACL,KAAK,EAAE,MAAM,EAAE,EAAE;gBACf,IAAI,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBACjD,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC;gBACzB,OAAO,GAAG,CAAC,GAAG,CAAC;YACjB,CAAC,EACD,OAAO,CACR,CAAC;YACF,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,UAAW,EAAE,CAAC;QAC7C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,KAAa,EAAE,MAAgC;QACxE,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACvB,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QACxD,IAAI,GAAG,EAAE,CAAC;YACR,sDAAsD;YACtD,wCAAwC;YACxC,KAAK,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;oBACnB,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;wBACtC,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,8BAA8B,MAAM,CAAC,GAAG,EAAE,EAAE;4BAC9F,oBAAoB,EAAE,YAAY,GAAG,CAAC,MAAM,CAAC,GAAG,UAAU,GAAG,CAAC,MAAM,CAAC,GAAG,UAAU,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;4BAClG,kDAAkD;yBACnD,CAAC,CAAC;oBACL,CAAC;oBACD,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;YACrB,iCAAiC;YACjC,IAAI,GAAG,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;gBACpB,qBAAqB;gBACrB,SAAS;YACX,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtC,SAAS;YACX,CAAC;YAED,IAAI,MAAM,GAAG,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtC,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,MAAM,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,eAAe;YACf,oEAAoE;YACpE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACxC,yDAAyD;gBACzD,6CAA6C;gBAC7C,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,CAAC,CAAC,CAAC;YAC5C,CAAC,CAAC,CAAC;YAEH,MAAM,IAAI,kBAAkB,CAC1B,SAAS,CAAC,WAAW,EACrB,uGAAuG,EACvG;gBACE,oBAAoB,EAAE,eAAe,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACpF,6CAA6C;aAC9C,CACF,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
|
|
@@ -27,9 +27,10 @@ export class RemoteJWKSCollector {
|
|
|
27
27
|
}
|
|
28
28
|
async getJwksData() {
|
|
29
29
|
const abortController = new AbortController();
|
|
30
|
+
const REQUEST_TIMEOUT_SECONDS = 30;
|
|
30
31
|
const timeout = setTimeout(() => {
|
|
31
32
|
abortController.abort();
|
|
32
|
-
},
|
|
33
|
+
}, REQUEST_TIMEOUT_SECONDS * 1000);
|
|
33
34
|
try {
|
|
34
35
|
const res = await fetch(this.url, {
|
|
35
36
|
method: 'GET',
|
|
@@ -47,11 +48,14 @@ export class RemoteJWKSCollector {
|
|
|
47
48
|
return (await res.json());
|
|
48
49
|
}
|
|
49
50
|
catch (e) {
|
|
51
|
+
if (e instanceof Error && e.name === 'AbortError') {
|
|
52
|
+
e = { message: `Request timed out in ${REQUEST_TIMEOUT_SECONDS}s`, name: 'AbortError' };
|
|
53
|
+
}
|
|
50
54
|
throw new AuthorizationError(ErrorCode.PSYNC_S2204, `JWKS request failed`, {
|
|
51
55
|
configurationDetails: `JWKS URL: ${this.url}`,
|
|
52
56
|
// This covers most cases of FetchError
|
|
53
57
|
// `cause: e` could lose the error message
|
|
54
|
-
cause: { message: e.message, code: e.code }
|
|
58
|
+
cause: { message: e.message, code: e.code, name: e.name }
|
|
55
59
|
});
|
|
56
60
|
}
|
|
57
61
|
finally {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RemoteJWKSCollector.js","sourceRoot":"","sources":["../../src/auth/RemoteJWKSCollector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,MAAM,YAAY,CAAC;AAE/B,OAAO,EACL,kBAAkB,EAClB,SAAS,EAET,0BAA0B,EAC1B,qBAAqB,EACrB,YAAY,EACb,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAMvC;;GAEG;AACH,MAAM,OAAO,mBAAmB;IAMlB;IALJ,GAAG,CAAM;IACT,KAAK,CAAa;IAE1B,YACE,GAAW,EACD,OAAoC;QAApC,YAAO,GAAP,OAAO,CAA6B;QAE9C,IAAI,CAAC;YACH,IAAI,CAAC,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,IAAI,YAAY,CAAC,SAAS,CAAC,WAAW,EAAE,qBAAqB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAClH,CAAC;QAED,sDAAsD;QACtD,kEAAkE;QAClE,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,EAAE,CAAC;YAClE,MAAM,IAAI,YAAY,CACpB,SAAS,CAAC,WAAW,EACrB,gDAAgD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CACtE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,eAAe,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC,EAAE,
|
|
1
|
+
{"version":3,"file":"RemoteJWKSCollector.js","sourceRoot":"","sources":["../../src/auth/RemoteJWKSCollector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,MAAM,YAAY,CAAC;AAE/B,OAAO,EACL,kBAAkB,EAClB,SAAS,EAET,0BAA0B,EAC1B,qBAAqB,EACrB,YAAY,EACb,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAMvC;;GAEG;AACH,MAAM,OAAO,mBAAmB;IAMlB;IALJ,GAAG,CAAM;IACT,KAAK,CAAa;IAE1B,YACE,GAAW,EACD,OAAoC;QAApC,YAAO,GAAP,OAAO,CAA6B;QAE9C,IAAI,CAAC;YACH,IAAI,CAAC,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,IAAI,YAAY,CAAC,SAAS,CAAC,WAAW,EAAE,qBAAqB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAClH,CAAC;QAED,sDAAsD;QACtD,kEAAkE;QAClE,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,EAAE,CAAC;YAClE,MAAM,IAAI,YAAY,CACpB,SAAS,CAAC,WAAW,EACrB,gDAAgD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CACtE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,uBAAuB,GAAG,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,eAAe,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC,EAAE,uBAAuB,GAAG,IAAI,CAAC,CAAC;QAEnC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;iBAC3B;gBACD,MAAM,EAAE,eAAe,CAAC,MAAM;gBAC9B,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,4BAA4B,GAAG,CAAC,UAAU,EAAE,EAAE;oBAChG,oBAAoB,EAAE,aAAa,IAAI,CAAC,GAAG,EAAE;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAQ,CAAC;QACnC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAClD,CAAC,GAAG,EAAE,OAAO,EAAE,wBAAwB,uBAAuB,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;YAC1F,CAAC;YACD,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,qBAAqB,EAAE;gBACzE,oBAAoB,EAAE,aAAa,IAAI,CAAC,GAAG,EAAE;gBAC7C,uCAAuC;gBACvC,0CAA0C;gBAC1C,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;aAC1D,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEtC,oGAAoG;QACpG,IACE,IAAI,CAAC,IAAI,IAAI,IAAI;YACjB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YACzB,CAAE,IAAI,CAAC,IAAc,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,GAAG,IAAI,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EACnF,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,EAAE;gBACR,MAAM,EAAE;oBACN,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,uBAAuB,EAAE;wBACrE,oBAAoB,EAAE,aAAa,IAAI,CAAC,GAAG,gBAAgB,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;qBAC3F,CAAC;iBACH;aACF,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,GAAc,EAAE,CAAC;QACzB,KAAK,IAAI,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,OAAO,CAAC,GAAG,IAAI,KAAK,IAAI,OAAO,CAAC,GAAG,IAAI,KAAK,IAAI,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;gBACxE,uDAAuD;gBACvD,SAAS;YACX,CAAC;YAED,IAAI,OAAO,OAAO,CAAC,GAAG,IAAI,QAAQ,EAAE,CAAC;gBACnC,IAAI,OAAO,CAAC,GAAG,IAAI,KAAK,EAAE,CAAC;oBACzB,SAAS;gBACX,CAAC;YACH,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACxC,SAAS;gBACX,CAAC;YACH,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACpC,CAAC;IAED;;;;;OAKG;IACH,YAAY;QACV,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,aAAa,IAAI,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC;QAC9E,MAAM,MAAM,GAAG,0BAA0B,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAE5E,MAAM,OAAO,GAAsB;YACjC,MAAM;SACP,CAAC;QAEF,QAAQ,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC1B,KAAK,OAAO;gBACV,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACjC,KAAK,QAAQ;gBACX,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;QACD,4DAA4D;QAC5D,MAAM,IAAI,qBAAqB,CAAC,gDAAgD,CAAC,CAAC;IACpF,CAAC;CACF"}
|
package/dist/routes/auth.d.ts
CHANGED
|
@@ -1,18 +1,8 @@
|
|
|
1
|
+
import { AuthorizationError, AuthorizationResponse } from '@powersync/lib-services-framework';
|
|
1
2
|
import * as auth from '../auth/auth-index.js';
|
|
2
3
|
import { ServiceContext } from '../system/ServiceContext.js';
|
|
3
|
-
import * as util from '../util/util-index.js';
|
|
4
4
|
import { BasicRouterRequest, Context, RequestEndpointHandlerPayload } from './router.js';
|
|
5
|
-
import { AuthorizationError, AuthorizationResponse } from '@powersync/lib-services-framework';
|
|
6
5
|
export declare function endpoint(req: BasicRouterRequest): string;
|
|
7
|
-
/**
|
|
8
|
-
* @deprecated
|
|
9
|
-
*
|
|
10
|
-
* Will be replaced by temporary tokens issued by PowerSync Management service.
|
|
11
|
-
*/
|
|
12
|
-
export declare function issueDevToken(req: BasicRouterRequest, user_id: string, config: util.ResolvedPowerSyncConfig): Promise<string>;
|
|
13
|
-
/** @deprecated */
|
|
14
|
-
export declare function issueLegacyDevToken(req: BasicRouterRequest, user_id: string, config: util.ResolvedPowerSyncConfig): Promise<string>;
|
|
15
|
-
export declare function issuePowerSyncToken(req: BasicRouterRequest, user_id: string, config: util.ResolvedPowerSyncConfig): Promise<string>;
|
|
16
6
|
export declare function getTokenFromHeader(authHeader?: string): string | null;
|
|
17
7
|
export declare const authUser: (payload: RequestEndpointHandlerPayload) => Promise<AuthorizationResponse>;
|
|
18
8
|
export declare function authorizeUser(context: Context, authHeader?: string): Promise<AuthorizationResponse>;
|
|
@@ -26,16 +16,6 @@ export declare function generateContext(serviceContext: ServiceContext, token: s
|
|
|
26
16
|
context: null;
|
|
27
17
|
tokenError: AuthorizationError;
|
|
28
18
|
}>;
|
|
29
|
-
/**
|
|
30
|
-
* @deprecated
|
|
31
|
-
*/
|
|
32
|
-
export declare const authDevUser: (payload: RequestEndpointHandlerPayload) => Promise<{
|
|
33
|
-
authorized: boolean;
|
|
34
|
-
errors: any[];
|
|
35
|
-
} | {
|
|
36
|
-
authorized: boolean;
|
|
37
|
-
errors?: undefined;
|
|
38
|
-
}>;
|
|
39
19
|
export declare const authApi: (payload: RequestEndpointHandlerPayload) => {
|
|
40
20
|
authorized: boolean;
|
|
41
21
|
errors: string[];
|
package/dist/routes/auth.js
CHANGED
|
@@ -1,69 +1,10 @@
|
|
|
1
|
-
import * as jose from 'jose';
|
|
2
|
-
import * as auth from '../auth/auth-index.js';
|
|
3
1
|
import { AuthorizationError, ErrorCode } from '@powersync/lib-services-framework';
|
|
2
|
+
import * as auth from '../auth/auth-index.js';
|
|
4
3
|
export function endpoint(req) {
|
|
5
4
|
const protocol = req.headers['x-forwarded-proto'] ?? req.protocol;
|
|
6
5
|
const host = req.hostname;
|
|
7
6
|
return `${protocol}://${host}`;
|
|
8
7
|
}
|
|
9
|
-
function devAudience(req) {
|
|
10
|
-
return `${endpoint(req)}/dev`;
|
|
11
|
-
}
|
|
12
|
-
/**
|
|
13
|
-
* @deprecated
|
|
14
|
-
*
|
|
15
|
-
* Will be replaced by temporary tokens issued by PowerSync Management service.
|
|
16
|
-
*/
|
|
17
|
-
export async function issueDevToken(req, user_id, config) {
|
|
18
|
-
const iss = devAudience(req);
|
|
19
|
-
const aud = devAudience(req);
|
|
20
|
-
const key = config.dev.dev_key;
|
|
21
|
-
if (key == null) {
|
|
22
|
-
throw new Error('Auth disabled');
|
|
23
|
-
}
|
|
24
|
-
return await new jose.SignJWT({})
|
|
25
|
-
.setProtectedHeader({ alg: key.source.alg, kid: key.kid })
|
|
26
|
-
.setSubject(user_id)
|
|
27
|
-
.setIssuedAt()
|
|
28
|
-
.setIssuer(iss)
|
|
29
|
-
.setAudience(aud)
|
|
30
|
-
.setExpirationTime('30d')
|
|
31
|
-
.sign(key.key);
|
|
32
|
-
}
|
|
33
|
-
/** @deprecated */
|
|
34
|
-
export async function issueLegacyDevToken(req, user_id, config) {
|
|
35
|
-
const iss = devAudience(req);
|
|
36
|
-
const aud = config.jwt_audiences[0];
|
|
37
|
-
const key = config.dev.dev_key;
|
|
38
|
-
if (key == null || aud == null) {
|
|
39
|
-
throw new Error('Auth disabled');
|
|
40
|
-
}
|
|
41
|
-
return await new jose.SignJWT({})
|
|
42
|
-
.setProtectedHeader({ alg: key.source.alg, kid: key.kid })
|
|
43
|
-
.setSubject(user_id)
|
|
44
|
-
.setIssuedAt()
|
|
45
|
-
.setIssuer(iss)
|
|
46
|
-
.setAudience(aud)
|
|
47
|
-
.setExpirationTime('60m')
|
|
48
|
-
.sign(key.key);
|
|
49
|
-
}
|
|
50
|
-
export async function issuePowerSyncToken(req, user_id, config) {
|
|
51
|
-
const iss = devAudience(req);
|
|
52
|
-
const aud = config.jwt_audiences[0];
|
|
53
|
-
const key = config.dev.dev_key;
|
|
54
|
-
if (key == null || aud == null) {
|
|
55
|
-
throw new Error('Auth disabled');
|
|
56
|
-
}
|
|
57
|
-
const jwt = await new jose.SignJWT({})
|
|
58
|
-
.setProtectedHeader({ alg: key.source.alg, kid: key.kid })
|
|
59
|
-
.setSubject(user_id)
|
|
60
|
-
.setIssuedAt()
|
|
61
|
-
.setIssuer(iss)
|
|
62
|
-
.setAudience(aud)
|
|
63
|
-
.setExpirationTime('5m')
|
|
64
|
-
.sign(key.key);
|
|
65
|
-
return jwt;
|
|
66
|
-
}
|
|
67
8
|
export function getTokenFromHeader(authHeader = '') {
|
|
68
9
|
const tokenMatch = /^(Token|Bearer) (\S+)$/.exec(authHeader);
|
|
69
10
|
if (!tokenMatch) {
|
|
@@ -116,43 +57,6 @@ export async function generateContext(serviceContext, token) {
|
|
|
116
57
|
};
|
|
117
58
|
}
|
|
118
59
|
}
|
|
119
|
-
/**
|
|
120
|
-
* @deprecated
|
|
121
|
-
*/
|
|
122
|
-
export const authDevUser = async (payload) => {
|
|
123
|
-
const { context: { service_context: { configuration } } } = payload;
|
|
124
|
-
const token = getTokenFromHeader(payload.request.headers.authorization);
|
|
125
|
-
if (!configuration.dev.demo_auth) {
|
|
126
|
-
return {
|
|
127
|
-
authorized: false,
|
|
128
|
-
errors: ['Authentication disabled']
|
|
129
|
-
};
|
|
130
|
-
}
|
|
131
|
-
if (token == null) {
|
|
132
|
-
return {
|
|
133
|
-
authorized: false,
|
|
134
|
-
errors: ['Authentication required']
|
|
135
|
-
};
|
|
136
|
-
}
|
|
137
|
-
// Different from the configured audience.
|
|
138
|
-
// Should also not be changed by keys
|
|
139
|
-
const audience = [devAudience(payload.request)];
|
|
140
|
-
let tokenPayload;
|
|
141
|
-
try {
|
|
142
|
-
tokenPayload = await configuration.dev_client_keystore.verifyJwt(token, {
|
|
143
|
-
defaultAudiences: audience,
|
|
144
|
-
maxAge: '31d'
|
|
145
|
-
});
|
|
146
|
-
}
|
|
147
|
-
catch (err) {
|
|
148
|
-
return {
|
|
149
|
-
authorized: false,
|
|
150
|
-
errors: [err.message]
|
|
151
|
-
};
|
|
152
|
-
}
|
|
153
|
-
payload.context.user_id = tokenPayload.sub;
|
|
154
|
-
return { authorized: true };
|
|
155
|
-
};
|
|
156
60
|
export const authApi = (payload) => {
|
|
157
61
|
const { context: { service_context: { configuration } } } = payload;
|
|
158
62
|
const api_keys = configuration.api_tokens;
|
package/dist/routes/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/routes/auth.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/routes/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAyB,SAAS,EAAE,MAAM,mCAAmC,CAAC;AACzG,OAAO,KAAK,IAAI,MAAM,uBAAuB,CAAC;AAI9C,MAAM,UAAU,QAAQ,CAAC,GAAuB;IAC9C,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC;IAClE,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;IAC1B,OAAO,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,aAAqB,EAAE;IACxD,MAAM,UAAU,GAAG,wBAAwB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC7D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAC5B,OAAO,KAAK,IAAI,IAAI,CAAC;AACvB,CAAC;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,EAAE,OAAsC,EAAkC,EAAE;IACvG,OAAO,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAuB,CAAC,CAAC;AACzF,CAAC,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAgB,EAAE,aAAqB,EAAE;IAC3E,MAAM,KAAK,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QAClB,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,yBAAyB,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAEpG,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,UAAU;SAClB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IACrC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,cAA8B,EAAE,KAAa;IACjF,MAAM,EAAE,aAAa,EAAE,GAAG,cAAc,CAAC;IAEzC,IAAI,YAA6B,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,aAAa,CAAC,oBAAoB,CAAC;QAClD,YAAY,GAAG,MAAM,aAAa,CAAC,eAAe,CAAC,SAAS,CAAC,KAAK,EAAE;YAClE,gBAAgB,EAAE,aAAa,CAAC,aAAa;YAC7C,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE;gBACP,OAAO,EAAE,YAAY,CAAC,GAAG;gBACzB,aAAa,EAAE,YAAY;aAC5B;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC;SAC1C,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,OAAsC,EAAE,EAAE;IAChE,MAAM,EACJ,OAAO,EAAE,EACP,eAAe,EAAE,EAAE,aAAa,EAAE,EACnC,EACF,GAAG,OAAO,CAAC;IACZ,MAAM,QAAQ,GAAG,aAAa,CAAC,UAAU,CAAC;IAC1C,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,CAAC,yBAAyB,CAAC;SACpC,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAwB,IAAI,EAAE,CAAC;IAErE,MAAM,UAAU,GAAG,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,CAAC,yBAAyB,CAAC;SACpC,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,CAAC,uBAAuB,CAAC;SAClC,CAAC;IACJ,CAAC;AACH,CAAC,CAAC"}
|
|
@@ -7,7 +7,6 @@ import { DEFAULT_MAX_BUCKETS_PER_CONNECTION, DEFAULT_MAX_CONCURRENT_CONNECTIONS,
|
|
|
7
7
|
import { Base64SyncRulesCollector } from './sync-rules/impl/base64-sync-rules-collector.js';
|
|
8
8
|
import { FileSystemSyncRulesCollector } from './sync-rules/impl/filesystem-sync-rules-collector.js';
|
|
9
9
|
import { InlineSyncRulesCollector } from './sync-rules/impl/inline-sync-rules-collector.js';
|
|
10
|
-
const POWERSYNC_DEV_KID = 'powersync-dev';
|
|
11
10
|
const DEFAULT_COLLECTOR_OPTIONS = {
|
|
12
11
|
configCollectors: [new Base64ConfigCollector(), new FileSystemConfigCollector(), new FallbackConfigCollector()],
|
|
13
12
|
syncRulesCollectors: [
|
|
@@ -71,11 +70,6 @@ export class CompoundConfigCollector {
|
|
|
71
70
|
for (let uri of jwks_uris) {
|
|
72
71
|
collectors.add(new auth.CachedKeyCollector(new auth.RemoteJWKSCollector(uri, { lookupOptions: jwksLookup })));
|
|
73
72
|
}
|
|
74
|
-
const baseDevKey = (baseConfig.client_auth?.jwks?.keys ?? []).find((key) => key.kid == POWERSYNC_DEV_KID);
|
|
75
|
-
let devKey;
|
|
76
|
-
if (baseConfig.dev?.demo_auth && baseDevKey != null && baseDevKey.kty == 'oct') {
|
|
77
|
-
devKey = await auth.KeySpec.importKey(baseDevKey);
|
|
78
|
-
}
|
|
79
73
|
const sync_rules = await this.collectSyncRules(baseConfig, runnerConfig);
|
|
80
74
|
let jwt_audiences = baseConfig.client_auth?.audience ?? [];
|
|
81
75
|
let config = {
|
|
@@ -88,14 +82,7 @@ export class CompoundConfigCollector {
|
|
|
88
82
|
}
|
|
89
83
|
},
|
|
90
84
|
client_keystore: keyStore,
|
|
91
|
-
// Dev tokens only use the static keys, no external key sources
|
|
92
|
-
// We may restrict this even further to only the powersync-dev key.
|
|
93
|
-
dev_client_keystore: new auth.KeyStore(staticCollector),
|
|
94
85
|
api_tokens: baseConfig.api?.tokens ?? [],
|
|
95
|
-
dev: {
|
|
96
|
-
demo_auth: baseConfig.dev?.demo_auth ?? false,
|
|
97
|
-
dev_key: devKey
|
|
98
|
-
},
|
|
99
86
|
port: baseConfig.port ?? 8080,
|
|
100
87
|
sync_rules,
|
|
101
88
|
jwt_audiences,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"compound-config-collector.js","sourceRoot":"","sources":["../../../src/util/config/compound-config-collector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAiB,MAAM,mCAAmC,CAAC;AAE1E,OAAO,KAAK,IAAI,MAAM,0BAA0B,CAAC;AAEjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8CAA8C,CAAC;AACrF,OAAO,EAAE,uBAAuB,EAAE,MAAM,gDAAgD,CAAC;AACzF,OAAO,EAAE,yBAAyB,EAAE,MAAM,kDAAkD,CAAC;AAC7F,OAAO,EACL,kCAAkC,EAClC,kCAAkC,EAClC,kCAAkC,EAClC,mCAAmC,EACnC,qBAAqB,EACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AAC5F,OAAO,EAAE,4BAA4B,EAAE,MAAM,sDAAsD,CAAC;AACpG,OAAO,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AA4B5F,MAAM,
|
|
1
|
+
{"version":3,"file":"compound-config-collector.js","sourceRoot":"","sources":["../../../src/util/config/compound-config-collector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAiB,MAAM,mCAAmC,CAAC;AAE1E,OAAO,KAAK,IAAI,MAAM,0BAA0B,CAAC;AAEjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8CAA8C,CAAC;AACrF,OAAO,EAAE,uBAAuB,EAAE,MAAM,gDAAgD,CAAC;AACzF,OAAO,EAAE,yBAAyB,EAAE,MAAM,kDAAkD,CAAC;AAC7F,OAAO,EACL,kCAAkC,EAClC,kCAAkC,EAClC,kCAAkC,EAClC,mCAAmC,EACnC,qBAAqB,EACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AAC5F,OAAO,EAAE,4BAA4B,EAAE,MAAM,sDAAsD,CAAC;AACpG,OAAO,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AA4B5F,MAAM,yBAAyB,GAAmC;IAChE,gBAAgB,EAAE,CAAC,IAAI,qBAAqB,EAAE,EAAE,IAAI,yBAAyB,EAAE,EAAE,IAAI,uBAAuB,EAAE,CAAC;IAC/G,mBAAmB,EAAE;QACnB,IAAI,wBAAwB,EAAE;QAC9B,IAAI,4BAA4B,EAAE;QAClC,IAAI,wBAAwB,EAAE;KAC/B;CACF,CAAC;AAEF,MAAM,OAAO,uBAAuB;IACZ;IAAtB,YAAsB,UAA0C,yBAAyB;QAAnE,YAAO,GAAP,OAAO,CAA4D;IAAG,CAAC;IAE7F;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,eAA6B,EAAE;QACjD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QAE9D,MAAM,WAAW,GAAG,UAAU,CAAC,WAAW,EAAE,WAAW,IAAI,EAAE,CAAC;QAC9D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAE/C,MAAM,SAAS,GAAG,UAAU,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC;QAC3D,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC5E,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAEhC,IAAI,UAAU,CAAC,WAAW,EAAE,QAAQ,IAAI,UAAU,CAAC,WAAW,EAAE,mBAAmB,IAAI,IAAI,EAAE,CAAC;YAC5F,gFAAgF;YAChF,4EAA4E;YAC5E,4BAA4B;YAC5B,gFAAgF;YAChF,sCAAsC;YACtC,UAAU,CAAC,GAAG,CACZ,MAAM,IAAI,CAAC,0BAA0B,CAAC,UAAU,CAAC;gBAC/C;oBACE,GAAG,EAAE,KAAK;oBACV,GAAG,EAAE,OAAO;oBACZ,mDAAmD;oBACnD,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACxF,GAAG,EAAE,SAAS,CAAC,mCAAmC;iBACnD;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,GAAG,UAAU,CAAC,WAAW,EAAE,QAAQ,IAAI,EAAE,CAAC;QACvD,IAAI,OAAO,SAAS,IAAI,QAAQ,EAAE,CAAC;YACjC,SAAS,GAAG,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;QAED,IAAI,UAAU,GAAkB;YAC9B,gBAAgB,EAAE,EAAE;SACrB,CAAC;QAEF,IAAI,UAAU,CAAC,WAAW,EAAE,qBAAqB,IAAI,IAAI,EAAE,CAAC;YAC1D,UAAU,GAAG;gBACX,gBAAgB,EAAE,UAAU,CAAC,WAAW,EAAE,qBAAqB;aAChE,CAAC;QACJ,CAAC;QACD,IAAI,UAAU,CAAC,WAAW,EAAE,gBAAgB,EAAE,CAAC;YAC7C,gEAAgE;YAChE,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1C,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC;QAChC,CAAC;QAED,KAAK,IAAI,GAAG,IAAI,SAAS,EAAE,CAAC;YAC1B,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC;QAChH,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAEzE,IAAI,aAAa,GAAa,UAAU,CAAC,WAAW,EAAE,QAAQ,IAAI,EAAE,CAAC;QAErE,IAAI,MAAM,GAA4B;YACpC,WAAW,EAAE,UAAU;YACvB,WAAW,EAAE,UAAU,CAAC,WAAW,EAAE,WAAW,IAAI,EAAE;YACtD,OAAO,EAAE;gBACP,GAAG,UAAU,CAAC,OAAO;gBACrB,UAAU,EAAE;oBACV,aAAa,EAAE,UAAU,CAAC,OAAO,EAAE,UAAU,EAAE,aAAa,IAAI,qBAAqB;iBACtF;aACF;YACD,eAAe,EAAE,QAAQ;YACzB,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE,MAAM,IAAI,EAAE;YACxC,IAAI,EAAE,UAAU,CAAC,IAAI,IAAI,IAAI;YAC7B,UAAU;YACV,aAAa;YAEb,oBAAoB,EAAE,IAAI,EAAE,QAAQ;YACpC,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,EAAE;YACnC,UAAU,EAAE,UAAU,CAAC,UAAU;YACjC,SAAS,EAAE;gBACT,eAAe,EAAE,UAAU,CAAC,SAAS,EAAE,eAAe;gBACtD,yBAAyB,EAAE,UAAU,CAAC,SAAS,EAAE,yBAAyB,IAAI,KAAK;gBACnF,yBAAyB,EACvB,UAAU,CAAC,SAAS,EAAE,yBAAyB,IAAI,0CAA0C;aAChG;YACD,WAAW,EAAE;gBACX;;;mBAGG;gBACH,MAAM,EAAE,UAAU,CAAC,WAAW,EAAE,MAAM;oBACpC,CAAC,CAAC;wBACE,cAAc,EAAE,UAAU,CAAC,WAAW,CAAC,MAAM,CAAC,cAAc,IAAI,KAAK;wBACrE,QAAQ,EAAE,UAAU,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,IAAI,KAAK;wBACzD,UAAU,EAAE,UAAU,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,IAAI,KAAK;qBAC9D;oBACH,CAAC,CAAC;wBACE,cAAc,EAAE,KAAK;wBACrB,QAAQ,EAAE,KAAK;wBACf,UAAU,EAAE,IAAI;qBACjB;aACN;YACD,cAAc,EAAE;gBACd,0BAA0B,EACxB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,0BAA0B,IAAI,kCAAkC;gBAE9F,2BAA2B,EACzB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,2BAA2B,IAAI,mCAAmC;gBAChG,0BAA0B,EACxB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,0BAA0B,IAAI,kCAAkC;gBAC9F,0BAA0B,EACxB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,0BAA0B,IAAI,kCAAkC;aAC/F;YACD,0DAA0D;YAC1D,gBAAgB,EAAE,UAAU,CAAC,WAAW,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,gBAAgB,IAAI,YAAY;YAC5F,UAAU,EAAE,UAAU,CAAC,UAAU,IAAI,EAAE;SACxC,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACO,KAAK,CAAC,iBAAiB,CAAC,aAA2B;QAC3D,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YACtD,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;gBAC1D,IAAI,UAAU,EAAE,CAAC;oBACf,OAAO,UAAU,CAAC;gBACpB,CAAC;gBACD,MAAM,CAAC,KAAK,CACV,2CAA2C,SAAS,CAAC,IAAI,iDAAiD,CAC3G,CAAC;YACJ,CAAC;YAAC,OAAO,EAAE,EAAE,CAAC;gBACZ,yCAAyC;gBACzC,MAAM,IAAI,KAAK,CAAC,kCAAkC,SAAS,CAAC,IAAI,8BAA8B,EAAE,EAAE,CAAC,CAAC;YACtG,CAAC;QACH,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;IAC3G,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC9B,UAAsC,EACtC,YAA0B;QAE1B,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;YACzD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;gBACjE,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,MAAM,CAAC;gBAChB,CAAC;gBACD,MAAM,CAAC,KAAK,CACV,qCAAqC,SAAS,CAAC,IAAI,iDAAiD,CACrG,CAAC;YACJ,CAAC;YAAC,OAAO,EAAE,EAAE,CAAC;gBACZ,yCAAyC;gBACzC,MAAM,IAAI,KAAK,CAAC,sCAAsC,SAAS,CAAC,IAAI,8BAA8B,EAAE,EAAE,CAAC,CAAC;YAC1G,CAAC;QACH,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,IAAI;SACpB,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import { configFile } from '@powersync/service-types';
|
|
2
2
|
import { CompoundKeyCollector } from '../../auth/CompoundKeyCollector.js';
|
|
3
|
-
import { KeySpec } from '../../auth/KeySpec.js';
|
|
4
3
|
import { KeyStore } from '../../auth/KeyStore.js';
|
|
5
4
|
export declare enum ServiceRunner {
|
|
6
5
|
UNIFIED = "unified",
|
|
@@ -26,18 +25,7 @@ export type ResolvedPowerSyncConfig = {
|
|
|
26
25
|
base_config: configFile.PowerSyncConfig;
|
|
27
26
|
connections?: configFile.GenericDataSourceConfig[];
|
|
28
27
|
storage: configFile.GenericStorageConfig;
|
|
29
|
-
dev: {
|
|
30
|
-
demo_auth: boolean;
|
|
31
|
-
/**
|
|
32
|
-
* Only present when demo_auth == true
|
|
33
|
-
*/
|
|
34
|
-
dev_key?: KeySpec;
|
|
35
|
-
};
|
|
36
28
|
client_keystore: KeyStore<CompoundKeyCollector>;
|
|
37
|
-
/**
|
|
38
|
-
* Keystore for development tokens.
|
|
39
|
-
*/
|
|
40
|
-
dev_client_keystore: KeyStore;
|
|
41
29
|
port: number;
|
|
42
30
|
sync_rules: SyncRulesConfig;
|
|
43
31
|
api_tokens: string[];
|
|
@@ -6,6 +6,7 @@ export * from './protocol-types.js';
|
|
|
6
6
|
export * from './secs.js';
|
|
7
7
|
export * from './utils.js';
|
|
8
8
|
export * from './checkpointing.js';
|
|
9
|
+
export * from './version.js';
|
|
9
10
|
export * from './config.js';
|
|
10
11
|
export * from './config/compound-config-collector.js';
|
|
11
12
|
export * from './config/types.js';
|
package/dist/util/util-index.js
CHANGED
|
@@ -6,6 +6,7 @@ export * from './protocol-types.js';
|
|
|
6
6
|
export * from './secs.js';
|
|
7
7
|
export * from './utils.js';
|
|
8
8
|
export * from './checkpointing.js';
|
|
9
|
+
export * from './version.js';
|
|
9
10
|
export * from './config.js';
|
|
10
11
|
export * from './config/compound-config-collector.js';
|
|
11
12
|
export * from './config/types.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util-index.js","sourceRoot":"","sources":["../../src/util/util-index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,UAAU,CAAC;AACzB,cAAc,sBAAsB,CAAC;AACrC,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"util-index.js","sourceRoot":"","sources":["../../src/util/util-index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,UAAU,CAAC;AACzB,cAAc,sBAAsB,CAAC;AACrC,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,oBAAoB,CAAC;AACnC,cAAc,cAAc,CAAC;AAE7B,cAAc,aAAa,CAAC;AAC5B,cAAc,uCAAuC,CAAC;AACtD,cAAc,mBAAmB,CAAC;AAElC,cAAc,yCAAyC,CAAC;AACxD,cAAc,qDAAqD,CAAC;AACpE,cAAc,uDAAuD,CAAC;AACtE,cAAc,yDAAyD,CAAC;AAExE,cAAc,yDAAyD,CAAC;AACxE,cAAc,6DAA6D,CAAC;AAC5E,cAAc,yDAAyD,CAAC;AACxE,cAAc,uCAAuC,CAAC;AACtD,cAAc,4CAA4C,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const POWERSYNC_VERSION: string;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/util/version.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;AAE3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,GAAG,CAAC,OAAO,CAAC"}
|
package/package.json
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
"publishConfig": {
|
|
6
6
|
"access": "public"
|
|
7
7
|
},
|
|
8
|
-
"version": "1.13.
|
|
8
|
+
"version": "1.13.4",
|
|
9
9
|
"main": "dist/index.js",
|
|
10
10
|
"license": "FSL-1.1-Apache-2.0",
|
|
11
11
|
"type": "module",
|
|
@@ -32,11 +32,11 @@
|
|
|
32
32
|
"uuid": "^11.1.0",
|
|
33
33
|
"winston": "^3.13.0",
|
|
34
34
|
"yaml": "^2.3.2",
|
|
35
|
-
"@powersync/lib-services-framework": "0.7.
|
|
35
|
+
"@powersync/lib-services-framework": "0.7.1",
|
|
36
36
|
"@powersync/service-jsonbig": "0.17.10",
|
|
37
|
-
"@powersync/service-rsocket-router": "0.1.
|
|
37
|
+
"@powersync/service-rsocket-router": "0.1.2",
|
|
38
38
|
"@powersync/service-sync-rules": "0.27.0",
|
|
39
|
-
"@powersync/service-types": "0.12.
|
|
39
|
+
"@powersync/service-types": "0.12.1"
|
|
40
40
|
},
|
|
41
41
|
"devDependencies": {
|
|
42
42
|
"@types/async": "^3.2.24",
|
|
@@ -3,7 +3,7 @@ import timers from 'timers/promises';
|
|
|
3
3
|
import { KeySpec } from './KeySpec.js';
|
|
4
4
|
import { LeakyBucket } from './LeakyBucket.js';
|
|
5
5
|
import { KeyCollector, KeyResult } from './KeyCollector.js';
|
|
6
|
-
import { AuthorizationError } from '@powersync/lib-services-framework';
|
|
6
|
+
import { AuthorizationError, ErrorCode, logger } from '@powersync/lib-services-framework';
|
|
7
7
|
import { mapAuthConfigError } from './utils.js';
|
|
8
8
|
|
|
9
9
|
/**
|
|
@@ -70,8 +70,21 @@ export class CachedKeyCollector implements KeyCollector {
|
|
|
70
70
|
// e.g. in the case of waiting for error retries.
|
|
71
71
|
// In the case of very slow requests, we don't wait for it to complete, but the
|
|
72
72
|
// request can still complete in the background.
|
|
73
|
-
const
|
|
74
|
-
|
|
73
|
+
const WAIT_TIMEOUT_SECONDS = 3;
|
|
74
|
+
const timeout = timers.setTimeout(WAIT_TIMEOUT_SECONDS * 1000).then(() => {
|
|
75
|
+
throw new AuthorizationError(ErrorCode.PSYNC_S2204, `JWKS request failed`, {
|
|
76
|
+
cause: { message: `Key request timed out in ${WAIT_TIMEOUT_SECONDS}s`, name: 'AbortError' }
|
|
77
|
+
});
|
|
78
|
+
});
|
|
79
|
+
try {
|
|
80
|
+
await Promise.race([this.refreshPromise, timeout]);
|
|
81
|
+
} catch (e) {
|
|
82
|
+
if (e instanceof AuthorizationError) {
|
|
83
|
+
return { keys: this.currentKeys, errors: [...this.currentErrors, e] };
|
|
84
|
+
} else {
|
|
85
|
+
throw e;
|
|
86
|
+
}
|
|
87
|
+
}
|
|
75
88
|
}
|
|
76
89
|
|
|
77
90
|
return { keys: this.currentKeys, errors: this.currentErrors };
|
|
@@ -102,7 +115,16 @@ export class CachedKeyCollector implements KeyCollector {
|
|
|
102
115
|
this.currentErrors = errors;
|
|
103
116
|
this.keyTimestamp = Date.now();
|
|
104
117
|
this.error = false;
|
|
118
|
+
|
|
119
|
+
// Due to caching and background refresh behavior, errors are not always propagated to the request handler,
|
|
120
|
+
// so we log them here.
|
|
121
|
+
for (let error of errors) {
|
|
122
|
+
logger.error(`Soft key refresh error`, error);
|
|
123
|
+
}
|
|
105
124
|
} catch (e) {
|
|
125
|
+
// Due to caching and background refresh behavior, errors are not always propagated to the request handler,
|
|
126
|
+
// so we log them here.
|
|
127
|
+
logger.error(`Hard key refresh error`, e);
|
|
106
128
|
this.error = true;
|
|
107
129
|
// No result - keep previous keys
|
|
108
130
|
this.currentErrors = [mapAuthConfigError(e)];
|
package/src/auth/KeySpec.ts
CHANGED
|
@@ -40,6 +40,20 @@ export class KeySpec {
|
|
|
40
40
|
return this.source.kid;
|
|
41
41
|
}
|
|
42
42
|
|
|
43
|
+
get description(): string {
|
|
44
|
+
let details: string[] = [];
|
|
45
|
+
details.push(`kid: ${this.kid ?? '*'}`);
|
|
46
|
+
details.push(`kty: ${this.source.kty}`);
|
|
47
|
+
if (this.source.alg != null) {
|
|
48
|
+
details.push(`alg: ${this.source.alg}`);
|
|
49
|
+
}
|
|
50
|
+
if (this.options.requiresAudience != null) {
|
|
51
|
+
details.push(`aud: ${this.options.requiresAudience.join(', ')}`);
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
return `<${details.filter((x) => x != null).join(', ')}>`;
|
|
55
|
+
}
|
|
56
|
+
|
|
43
57
|
matchesAlgorithm(jwtAlg: string): boolean {
|
|
44
58
|
if (this.source.alg) {
|
|
45
59
|
return jwtAlg === this.source.alg;
|
package/src/auth/KeyStore.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AuthorizationError, ErrorCode, logger } from '@powersync/lib-services-framework';
|
|
2
2
|
import * as jose from 'jose';
|
|
3
3
|
import secs from '../util/secs.js';
|
|
4
4
|
import { JwtPayload } from './JwtPayload.js';
|
|
@@ -169,7 +169,7 @@ export class KeyStore<Collector extends KeyCollector = KeyCollector> {
|
|
|
169
169
|
ErrorCode.PSYNC_S2101,
|
|
170
170
|
'Could not find an appropriate key in the keystore. The key is missing or no key matched the token KID',
|
|
171
171
|
{
|
|
172
|
-
configurationDetails: `Known
|
|
172
|
+
configurationDetails: `Known keys: ${keys.map((key) => key.description).join(', ')}`
|
|
173
173
|
// tokenDetails automatically populated later
|
|
174
174
|
}
|
|
175
175
|
);
|