@pureq/auth 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +293 -0
- package/dist/adapter/capabilities.d.ts +23 -0
- package/dist/adapter/capabilities.d.ts.map +1 -0
- package/dist/adapter/capabilities.js +77 -0
- package/dist/adapter/capabilities.js.map +1 -0
- package/dist/adapter/index.d.ts +12 -0
- package/dist/adapter/index.d.ts.map +1 -0
- package/dist/adapter/index.js +121 -0
- package/dist/adapter/index.js.map +1 -0
- package/dist/adapter/sql.d.ts +36 -0
- package/dist/adapter/sql.d.ts.map +1 -0
- package/dist/adapter/sql.js +268 -0
- package/dist/adapter/sql.js.map +1 -0
- package/dist/adapters/index.d.ts +4 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js +42 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/authorization/index.d.ts +8 -0
- package/dist/authorization/index.d.ts.map +1 -0
- package/dist/authorization/index.js +49 -0
- package/dist/authorization/index.js.map +1 -0
- package/dist/bridge/index.d.ts +23 -0
- package/dist/bridge/index.d.ts.map +1 -0
- package/dist/bridge/index.js +124 -0
- package/dist/bridge/index.js.map +1 -0
- package/dist/callbacks/index.d.ts +8 -0
- package/dist/callbacks/index.d.ts.map +1 -0
- package/dist/callbacks/index.js +53 -0
- package/dist/callbacks/index.js.map +1 -0
- package/dist/core/index.d.ts +12 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +481 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/kit.d.ts +7 -0
- package/dist/core/kit.d.ts.map +1 -0
- package/dist/core/kit.js +145 -0
- package/dist/core/kit.js.map +1 -0
- package/dist/core/starter.d.ts +28 -0
- package/dist/core/starter.d.ts.map +1 -0
- package/dist/core/starter.js +67 -0
- package/dist/core/starter.js.map +1 -0
- package/dist/csrf/index.d.ts +7 -0
- package/dist/csrf/index.d.ts.map +1 -0
- package/dist/csrf/index.js +126 -0
- package/dist/csrf/index.js.map +1 -0
- package/dist/debug/index.d.ts +8 -0
- package/dist/debug/index.d.ts.map +1 -0
- package/dist/debug/index.js +21 -0
- package/dist/debug/index.js.map +1 -0
- package/dist/encryption/index.d.ts +8 -0
- package/dist/encryption/index.d.ts.map +1 -0
- package/dist/encryption/index.js +43 -0
- package/dist/encryption/index.js.map +1 -0
- package/dist/events/index.d.ts +22 -0
- package/dist/events/index.d.ts.map +1 -0
- package/dist/events/index.js +53 -0
- package/dist/events/index.js.map +1 -0
- package/dist/framework/index.d.ts +10 -0
- package/dist/framework/index.d.ts.map +1 -0
- package/dist/framework/index.js +68 -0
- package/dist/framework/index.js.map +1 -0
- package/dist/framework/packs.d.ts +54 -0
- package/dist/framework/packs.d.ts.map +1 -0
- package/dist/framework/packs.js +124 -0
- package/dist/framework/packs.js.map +1 -0
- package/dist/framework/recipes.d.ts +6 -0
- package/dist/framework/recipes.d.ts.map +1 -0
- package/dist/framework/recipes.js +108 -0
- package/dist/framework/recipes.js.map +1 -0
- package/dist/hooks/index.d.ts +11 -0
- package/dist/hooks/index.d.ts.map +1 -0
- package/dist/hooks/index.js +95 -0
- package/dist/hooks/index.js.map +1 -0
- package/dist/hooks/react.d.ts +9 -0
- package/dist/hooks/react.d.ts.map +1 -0
- package/dist/hooks/react.js +24 -0
- package/dist/hooks/react.js.map +1 -0
- package/dist/hooks/vue.d.ts +4 -0
- package/dist/hooks/vue.d.ts.map +1 -0
- package/dist/hooks/vue.js +32 -0
- package/dist/hooks/vue.js.map +1 -0
- package/dist/index.d.ts +36 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +31 -0
- package/dist/index.js.map +1 -0
- package/dist/jwt/index.d.ts +13 -0
- package/dist/jwt/index.d.ts.map +1 -0
- package/dist/jwt/index.js +82 -0
- package/dist/jwt/index.js.map +1 -0
- package/dist/middleware/authBasic.d.ts +5 -0
- package/dist/middleware/authBasic.d.ts.map +1 -0
- package/dist/middleware/authBasic.js +25 -0
- package/dist/middleware/authBasic.js.map +1 -0
- package/dist/middleware/authBearer.d.ts +4 -0
- package/dist/middleware/authBearer.d.ts.map +1 -0
- package/dist/middleware/authBearer.js +26 -0
- package/dist/middleware/authBearer.js.map +1 -0
- package/dist/middleware/authCustom.d.ts +4 -0
- package/dist/middleware/authCustom.d.ts.map +1 -0
- package/dist/middleware/authCustom.js +22 -0
- package/dist/middleware/authCustom.js.map +1 -0
- package/dist/middleware/authRefresh.d.ts +4 -0
- package/dist/middleware/authRefresh.d.ts.map +1 -0
- package/dist/middleware/authRefresh.js +68 -0
- package/dist/middleware/authRefresh.js.map +1 -0
- package/dist/middleware/authSession.d.ts +5 -0
- package/dist/middleware/authSession.d.ts.map +1 -0
- package/dist/middleware/authSession.js +35 -0
- package/dist/middleware/authSession.js.map +1 -0
- package/dist/middleware/broadcastSync.d.ts +7 -0
- package/dist/middleware/broadcastSync.d.ts.map +1 -0
- package/dist/middleware/broadcastSync.js +36 -0
- package/dist/middleware/broadcastSync.js.map +1 -0
- package/dist/middleware/common.d.ts +3 -0
- package/dist/middleware/common.d.ts.map +1 -0
- package/dist/middleware/common.js +10 -0
- package/dist/middleware/common.js.map +1 -0
- package/dist/middleware/index.d.ts +8 -0
- package/dist/middleware/index.d.ts.map +1 -0
- package/dist/middleware/index.js +8 -0
- package/dist/middleware/index.js.map +1 -0
- package/dist/middleware/tokenLifecycle.d.ts +4 -0
- package/dist/middleware/tokenLifecycle.d.ts.map +1 -0
- package/dist/middleware/tokenLifecycle.js +52 -0
- package/dist/middleware/tokenLifecycle.js.map +1 -0
- package/dist/migration/index.d.ts +40 -0
- package/dist/migration/index.d.ts.map +1 -0
- package/dist/migration/index.js +136 -0
- package/dist/migration/index.js.map +1 -0
- package/dist/oidc/index.d.ts +25 -0
- package/dist/oidc/index.d.ts.map +1 -0
- package/dist/oidc/index.js +392 -0
- package/dist/oidc/index.js.map +1 -0
- package/dist/oidc/providers.d.ts +21 -0
- package/dist/oidc/providers.d.ts.map +1 -0
- package/dist/oidc/providers.js +51 -0
- package/dist/oidc/providers.js.map +1 -0
- package/dist/presets/index.d.ts +13 -0
- package/dist/presets/index.d.ts.map +1 -0
- package/dist/presets/index.js +12 -0
- package/dist/presets/index.js.map +1 -0
- package/dist/providers/callbackContracts.d.ts +14 -0
- package/dist/providers/callbackContracts.d.ts.map +1 -0
- package/dist/providers/callbackContracts.js +14 -0
- package/dist/providers/callbackContracts.js.map +1 -0
- package/dist/providers/errors.d.ts +9 -0
- package/dist/providers/errors.d.ts.map +1 -0
- package/dist/providers/errors.js +66 -0
- package/dist/providers/errors.js.map +1 -0
- package/dist/providers/index.d.ts +28 -0
- package/dist/providers/index.d.ts.map +1 -0
- package/dist/providers/index.js +29 -0
- package/dist/providers/index.js.map +1 -0
- package/dist/providers/presets.d.ts +17 -0
- package/dist/providers/presets.d.ts.map +1 -0
- package/dist/providers/presets.js +84 -0
- package/dist/providers/presets.js.map +1 -0
- package/dist/revocation/index.d.ts +10 -0
- package/dist/revocation/index.d.ts.map +1 -0
- package/dist/revocation/index.js +182 -0
- package/dist/revocation/index.js.map +1 -0
- package/dist/session/exporters.d.ts +15 -0
- package/dist/session/exporters.d.ts.map +1 -0
- package/dist/session/exporters.js +62 -0
- package/dist/session/exporters.js.map +1 -0
- package/dist/session/index.d.ts +11 -0
- package/dist/session/index.d.ts.map +1 -0
- package/dist/session/index.js +324 -0
- package/dist/session/index.js.map +1 -0
- package/dist/shared/encoding.d.ts +5 -0
- package/dist/shared/encoding.d.ts.map +1 -0
- package/dist/shared/encoding.js +27 -0
- package/dist/shared/encoding.js.map +1 -0
- package/dist/shared/errors.d.ts +13 -0
- package/dist/shared/errors.d.ts.map +1 -0
- package/dist/shared/errors.js +12 -0
- package/dist/shared/errors.js.map +1 -0
- package/dist/shared/index.d.ts +5 -0
- package/dist/shared/index.d.ts.map +1 -0
- package/dist/shared/index.js +5 -0
- package/dist/shared/index.js.map +1 -0
- package/dist/shared/types.d.ts +585 -0
- package/dist/shared/types.d.ts.map +1 -0
- package/dist/shared/types.js +2 -0
- package/dist/shared/types.js.map +1 -0
- package/dist/shared/values.d.ts +3 -0
- package/dist/shared/values.d.ts.map +1 -0
- package/dist/shared/values.js +23 -0
- package/dist/shared/values.js.map +1 -0
- package/dist/storage/index.d.ts +44 -0
- package/dist/storage/index.d.ts.map +1 -0
- package/dist/storage/index.js +318 -0
- package/dist/storage/index.js.map +1 -0
- package/dist/templates/index.d.ts +9 -0
- package/dist/templates/index.d.ts.map +1 -0
- package/dist/templates/index.js +146 -0
- package/dist/templates/index.js.map +1 -0
- package/package.json +173 -0
|
@@ -0,0 +1,182 @@
|
|
|
1
|
+
import { markPolicyMiddleware } from "@pureq/pureq";
|
|
2
|
+
import { createAuthError } from "../shared";
|
|
3
|
+
function isExpired(expiresAt, now) {
|
|
4
|
+
return expiresAt !== null && expiresAt <= now;
|
|
5
|
+
}
|
|
6
|
+
function clearBucket(bucket, now) {
|
|
7
|
+
for (const [key, expiresAt] of bucket) {
|
|
8
|
+
if (isExpired(expiresAt, now)) {
|
|
9
|
+
bucket.delete(key);
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
/** SEC-H3: In-memory revocation registry backend. */
|
|
14
|
+
function createInMemoryBackend() {
|
|
15
|
+
const buckets = new Map();
|
|
16
|
+
const getBucket = (name) => {
|
|
17
|
+
let bucket = buckets.get(name);
|
|
18
|
+
if (!bucket) {
|
|
19
|
+
bucket = new Map();
|
|
20
|
+
buckets.set(name, bucket);
|
|
21
|
+
}
|
|
22
|
+
return bucket;
|
|
23
|
+
};
|
|
24
|
+
return {
|
|
25
|
+
set(bucket, key, expiresAt) {
|
|
26
|
+
getBucket(bucket).set(key, expiresAt);
|
|
27
|
+
},
|
|
28
|
+
has(bucket, key) {
|
|
29
|
+
const b = buckets.get(bucket);
|
|
30
|
+
if (!b) {
|
|
31
|
+
return false;
|
|
32
|
+
}
|
|
33
|
+
const expiresAt = b.get(key);
|
|
34
|
+
if (expiresAt === undefined) {
|
|
35
|
+
return false;
|
|
36
|
+
}
|
|
37
|
+
if (isExpired(expiresAt, Date.now())) {
|
|
38
|
+
b.delete(key);
|
|
39
|
+
return false;
|
|
40
|
+
}
|
|
41
|
+
return true;
|
|
42
|
+
},
|
|
43
|
+
delete(bucket, key) {
|
|
44
|
+
buckets.get(bucket)?.delete(key);
|
|
45
|
+
},
|
|
46
|
+
clear(bucket) {
|
|
47
|
+
buckets.get(bucket)?.clear();
|
|
48
|
+
},
|
|
49
|
+
keys(bucket) {
|
|
50
|
+
return Array.from(buckets.get(bucket)?.keys() ?? []);
|
|
51
|
+
},
|
|
52
|
+
};
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Create a revocation registry.
|
|
56
|
+
* SEC-H3: Accepts an optional pluggable backend for distributed deployments (Redis, DB, etc.).
|
|
57
|
+
* Default is in-memory.
|
|
58
|
+
*/
|
|
59
|
+
export function createAuthRevocationRegistry(backend) {
|
|
60
|
+
// When using custom backend, delegate fully
|
|
61
|
+
if (backend) {
|
|
62
|
+
return {
|
|
63
|
+
revokeToken(tokenId, expiresAt) {
|
|
64
|
+
void backend.set("tokens", tokenId, expiresAt ?? null);
|
|
65
|
+
},
|
|
66
|
+
revokeSession(sessionId, expiresAt) {
|
|
67
|
+
void backend.set("sessions", sessionId, expiresAt ?? null);
|
|
68
|
+
},
|
|
69
|
+
revokeSubject(subject, expiresAt) {
|
|
70
|
+
void backend.set("subjects", subject, expiresAt ?? null);
|
|
71
|
+
},
|
|
72
|
+
isRevoked(claims) {
|
|
73
|
+
const tokenRevoked = claims.jti ? backend.has("tokens", claims.jti) : false;
|
|
74
|
+
const sessionRevoked = claims.sid ? backend.has("sessions", claims.sid) : false;
|
|
75
|
+
const subjectRevoked = claims.sub ? backend.has("subjects", claims.sub) : false;
|
|
76
|
+
// Handle both sync and async backends — sync for backward compat
|
|
77
|
+
if (typeof tokenRevoked === "boolean") {
|
|
78
|
+
return tokenRevoked || sessionRevoked || subjectRevoked;
|
|
79
|
+
}
|
|
80
|
+
// For async backends, callers must check promises. Sync path only for in-memory.
|
|
81
|
+
return false;
|
|
82
|
+
},
|
|
83
|
+
clearExpired() {
|
|
84
|
+
// delegated to backend implementation
|
|
85
|
+
},
|
|
86
|
+
clear() {
|
|
87
|
+
void backend.clear("tokens");
|
|
88
|
+
void backend.clear("sessions");
|
|
89
|
+
void backend.clear("subjects");
|
|
90
|
+
},
|
|
91
|
+
snapshot() {
|
|
92
|
+
const tokens = backend.keys("tokens");
|
|
93
|
+
const sessions = backend.keys("sessions");
|
|
94
|
+
const subjects = backend.keys("subjects");
|
|
95
|
+
return {
|
|
96
|
+
tokens: Array.isArray(tokens) ? tokens : [],
|
|
97
|
+
sessions: Array.isArray(sessions) ? sessions : [],
|
|
98
|
+
subjects: Array.isArray(subjects) ? subjects : [],
|
|
99
|
+
};
|
|
100
|
+
},
|
|
101
|
+
};
|
|
102
|
+
}
|
|
103
|
+
// Default in-memory implementation
|
|
104
|
+
const tokens = new Map();
|
|
105
|
+
const sessions = new Map();
|
|
106
|
+
const subjects = new Map();
|
|
107
|
+
const revoke = (bucket, key, expiresAt) => {
|
|
108
|
+
bucket.set(key, expiresAt ?? null);
|
|
109
|
+
};
|
|
110
|
+
const isBucketRevoked = (bucket, key, now) => {
|
|
111
|
+
if (!key) {
|
|
112
|
+
return false;
|
|
113
|
+
}
|
|
114
|
+
const expiresAt = bucket.get(key);
|
|
115
|
+
if (expiresAt === undefined) {
|
|
116
|
+
return false;
|
|
117
|
+
}
|
|
118
|
+
if (isExpired(expiresAt, now)) {
|
|
119
|
+
bucket.delete(key);
|
|
120
|
+
return false;
|
|
121
|
+
}
|
|
122
|
+
return true;
|
|
123
|
+
};
|
|
124
|
+
return {
|
|
125
|
+
revokeToken(tokenId, expiresAt) {
|
|
126
|
+
revoke(tokens, tokenId, expiresAt);
|
|
127
|
+
},
|
|
128
|
+
revokeSession(sessionId, expiresAt) {
|
|
129
|
+
revoke(sessions, sessionId, expiresAt);
|
|
130
|
+
},
|
|
131
|
+
revokeSubject(subject, expiresAt) {
|
|
132
|
+
revoke(subjects, subject, expiresAt);
|
|
133
|
+
},
|
|
134
|
+
isRevoked(claims) {
|
|
135
|
+
const now = Date.now();
|
|
136
|
+
clearBucket(tokens, now);
|
|
137
|
+
clearBucket(sessions, now);
|
|
138
|
+
clearBucket(subjects, now);
|
|
139
|
+
return (isBucketRevoked(tokens, claims.jti, now) ||
|
|
140
|
+
isBucketRevoked(sessions, claims.sid, now) ||
|
|
141
|
+
isBucketRevoked(subjects, claims.sub, now));
|
|
142
|
+
},
|
|
143
|
+
clearExpired(now = Date.now()) {
|
|
144
|
+
clearBucket(tokens, now);
|
|
145
|
+
clearBucket(sessions, now);
|
|
146
|
+
clearBucket(subjects, now);
|
|
147
|
+
},
|
|
148
|
+
clear() {
|
|
149
|
+
tokens.clear();
|
|
150
|
+
sessions.clear();
|
|
151
|
+
subjects.clear();
|
|
152
|
+
},
|
|
153
|
+
snapshot() {
|
|
154
|
+
return {
|
|
155
|
+
tokens: Array.from(tokens.keys()),
|
|
156
|
+
sessions: Array.from(sessions.keys()),
|
|
157
|
+
subjects: Array.from(subjects.keys()),
|
|
158
|
+
};
|
|
159
|
+
},
|
|
160
|
+
};
|
|
161
|
+
}
|
|
162
|
+
export function withRevocationGuard(options) {
|
|
163
|
+
const middleware = async (req, next) => {
|
|
164
|
+
const claims = await options.getClaims(req);
|
|
165
|
+
if (!claims) {
|
|
166
|
+
return next(req);
|
|
167
|
+
}
|
|
168
|
+
if (options.registry.isRevoked(claims)) {
|
|
169
|
+
await options.onRevoked?.(claims);
|
|
170
|
+
throw createAuthError("PUREQ_AUTH_REVOKED", "pureq: token or session has been revoked", {
|
|
171
|
+
details: {
|
|
172
|
+
...(claims.jti !== undefined ? { jti: claims.jti } : {}),
|
|
173
|
+
...(claims.sid !== undefined ? { sid: claims.sid } : {}),
|
|
174
|
+
...(claims.sub !== undefined ? { sub: claims.sub } : {}),
|
|
175
|
+
},
|
|
176
|
+
});
|
|
177
|
+
}
|
|
178
|
+
return next(req);
|
|
179
|
+
};
|
|
180
|
+
return markPolicyMiddleware(middleware, { name: "revocationGuard", kind: "auth" });
|
|
181
|
+
}
|
|
182
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/revocation/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAOpD,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAI5C,SAAS,SAAS,CAAC,SAAwB,EAAE,GAAW;IACtD,OAAO,SAAS,KAAK,IAAI,IAAI,SAAS,IAAI,GAAG,CAAC;AAChD,CAAC;AAED,SAAS,WAAW,CAAC,MAAwB,EAAE,GAAW;IACxD,KAAK,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,MAAM,EAAE,CAAC;QACtC,IAAI,SAAS,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;AACH,CAAC;AAED,qDAAqD;AACrD,SAAS,qBAAqB;IAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEpD,MAAM,SAAS,GAAG,CAAC,IAAY,EAAoB,EAAE;QACnD,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5B,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,OAAO;QACL,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS;YACxB,SAAS,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACxC,CAAC;QACD,GAAG,CAAC,MAAM,EAAE,GAAG;YACb,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9B,IAAI,CAAC,CAAC,EAAE,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,OAAO,KAAK,CAAC;YACf,CAAC;YACD,IAAI,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;gBACrC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACd,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,CAAC,MAAM,EAAE,GAAG;YAChB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QACD,KAAK,CAAC,MAAM;YACV,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC;QAC/B,CAAC;QACD,IAAI,CAAC,MAAM;YACT,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,4BAA4B,CAAC,OAAuC;IAClF,4CAA4C;IAC5C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO;YACL,WAAW,CAAC,OAAO,EAAE,SAAS;gBAC5B,KAAK,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;YACzD,CAAC;YACD,aAAa,CAAC,SAAS,EAAE,SAAS;gBAChC,KAAK,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;YAC7D,CAAC;YACD,aAAa,CAAC,OAAO,EAAE,SAAS;gBAC9B,KAAK,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;YAC3D,CAAC;YACD,SAAS,CAAC,MAAM;gBACd,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC5E,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBAChF,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBAChF,iEAAiE;gBACjE,IAAI,OAAO,YAAY,KAAK,SAAS,EAAE,CAAC;oBACtC,OAAO,YAAY,IAAK,cAA0B,IAAK,cAA0B,CAAC;gBACpF,CAAC;gBACD,iFAAiF;gBACjF,OAAO,KAAK,CAAC;YACf,CAAC;YACD,YAAY;gBACV,sCAAsC;YACxC,CAAC;YACD,KAAK;gBACH,KAAK,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAC7B,KAAK,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBAC/B,KAAK,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACjC,CAAC;YACD,QAAQ;gBACN,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC1C,OAAO;oBACL,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;oBAC3C,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;oBACjD,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;iBAClD,CAAC;YACJ,CAAC;SACF,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,MAAM,GAAqB,IAAI,GAAG,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAqB,IAAI,GAAG,EAAE,CAAC;IAC7C,MAAM,QAAQ,GAAqB,IAAI,GAAG,EAAE,CAAC;IAE7C,MAAM,MAAM,GAAG,CAAC,MAAwB,EAAE,GAAW,EAAE,SAAkB,EAAQ,EAAE;QACjF,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC;IAEF,MAAM,eAAe,GAAG,CAAC,MAAwB,EAAE,GAAuB,EAAE,GAAW,EAAW,EAAE;QAClG,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,SAAS,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,OAAO;QACL,WAAW,CAAC,OAAe,EAAE,SAAkB;YAC7C,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACrC,CAAC;QAED,aAAa,CAAC,SAAiB,EAAE,SAAkB;YACjD,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACzC,CAAC;QAED,aAAa,CAAC,OAAe,EAAE,SAAkB;YAC/C,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACvC,CAAC;QAED,SAAS,CAAC,MAAsC;YAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACzB,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YAC3B,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YAE3B,OAAO,CACL,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC;gBACxC,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC;gBAC1C,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAC3C,CAAC;QACJ,CAAC;QAED,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;YAC3B,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACzB,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YAC3B,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC7B,CAAC;QAED,KAAK;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,KAAK,EAAE,CAAC;YACjB,QAAQ,CAAC,KAAK,EAAE,CAAC;QACnB,CAAC;QAED,QAAQ;YACN,OAAO;gBACL,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACjC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACrC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;aACtC,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAmC;IACrE,MAAM,UAAU,GAAe,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACjD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,eAAe,CAAC,oBAAoB,EAAE,0CAA0C,EAAE;gBACtF,OAAO,EAAE;oBACP,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxD,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxD,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACzD;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC,CAAC;IAEF,OAAO,oBAAoB,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;AACrF,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { AuthSessionEvent, AuthSessionEventAudit } from "../shared";
|
|
2
|
+
export interface SessionEventExporterOptions {
|
|
3
|
+
readonly sink: (events: readonly AuthSessionEvent[]) => void | Promise<void>;
|
|
4
|
+
readonly flushSize?: number;
|
|
5
|
+
}
|
|
6
|
+
export interface SessionEventBufferedExporter {
|
|
7
|
+
readonly auditEvent: AuthSessionEventAudit;
|
|
8
|
+
snapshot(): readonly AuthSessionEvent[];
|
|
9
|
+
flush(): Promise<void>;
|
|
10
|
+
clear(): void;
|
|
11
|
+
}
|
|
12
|
+
export declare function composeSessionEventAudits(...audits: readonly AuthSessionEventAudit[]): AuthSessionEventAudit;
|
|
13
|
+
export declare function createConsoleSessionEventAudit(logger?: Pick<Console, "info">): AuthSessionEventAudit;
|
|
14
|
+
export declare function createBufferedSessionEventExporter(options: SessionEventExporterOptions): SessionEventBufferedExporter;
|
|
15
|
+
//# sourceMappingURL=exporters.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exporters.d.ts","sourceRoot":"","sources":["../../src/session/exporters.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAEzE,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,SAAS,gBAAgB,EAAE,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7E,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,UAAU,EAAE,qBAAqB,CAAC;IAC3C,QAAQ,IAAI,SAAS,gBAAgB,EAAE,CAAC;IACxC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,KAAK,IAAI,IAAI,CAAC;CACf;AAED,wBAAgB,yBAAyB,CAAC,GAAG,MAAM,EAAE,SAAS,qBAAqB,EAAE,GAAG,qBAAqB,CAM5G;AAED,wBAAgB,8BAA8B,CAAC,MAAM,GAAE,IAAI,CAAC,OAAO,EAAE,MAAM,CAAW,GAAG,qBAAqB,CAU7G;AAED,wBAAgB,kCAAkC,CAChD,OAAO,EAAE,2BAA2B,GACnC,4BAA4B,CAmD9B"}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
export function composeSessionEventAudits(...audits) {
|
|
2
|
+
return async (event) => {
|
|
3
|
+
for (const audit of audits) {
|
|
4
|
+
await audit(event);
|
|
5
|
+
}
|
|
6
|
+
};
|
|
7
|
+
}
|
|
8
|
+
export function createConsoleSessionEventAudit(logger = console) {
|
|
9
|
+
return (event) => {
|
|
10
|
+
logger.info("[pureq/auth/session]", {
|
|
11
|
+
type: event.type,
|
|
12
|
+
source: event.source,
|
|
13
|
+
at: event.at,
|
|
14
|
+
...(event.reason !== undefined ? { reason: event.reason } : {}),
|
|
15
|
+
...(event.errorMessage !== undefined ? { errorMessage: event.errorMessage } : {}),
|
|
16
|
+
});
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
export function createBufferedSessionEventExporter(options) {
|
|
20
|
+
if (!options || typeof options.sink !== "function") {
|
|
21
|
+
throw new Error("pureq: session event exporter requires a sink function");
|
|
22
|
+
}
|
|
23
|
+
const flushSize = options.flushSize ?? 20;
|
|
24
|
+
if (!Number.isInteger(flushSize) || flushSize < 1) {
|
|
25
|
+
throw new Error("pureq: session event exporter flushSize must be a positive integer");
|
|
26
|
+
}
|
|
27
|
+
const buffer = [];
|
|
28
|
+
let flushing = null;
|
|
29
|
+
const flush = async () => {
|
|
30
|
+
if (buffer.length === 0) {
|
|
31
|
+
return;
|
|
32
|
+
}
|
|
33
|
+
const events = buffer.splice(0, buffer.length);
|
|
34
|
+
await options.sink(events);
|
|
35
|
+
};
|
|
36
|
+
const flushSerial = async () => {
|
|
37
|
+
if (!flushing) {
|
|
38
|
+
flushing = flush().finally(() => {
|
|
39
|
+
flushing = null;
|
|
40
|
+
});
|
|
41
|
+
}
|
|
42
|
+
await flushing;
|
|
43
|
+
};
|
|
44
|
+
return {
|
|
45
|
+
auditEvent(event) {
|
|
46
|
+
buffer.push(event);
|
|
47
|
+
if (buffer.length >= flushSize) {
|
|
48
|
+
void flushSerial();
|
|
49
|
+
}
|
|
50
|
+
},
|
|
51
|
+
snapshot() {
|
|
52
|
+
return buffer.slice();
|
|
53
|
+
},
|
|
54
|
+
async flush() {
|
|
55
|
+
await flushSerial();
|
|
56
|
+
},
|
|
57
|
+
clear() {
|
|
58
|
+
buffer.splice(0, buffer.length);
|
|
59
|
+
},
|
|
60
|
+
};
|
|
61
|
+
}
|
|
62
|
+
//# sourceMappingURL=exporters.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exporters.js","sourceRoot":"","sources":["../../src/session/exporters.ts"],"names":[],"mappings":"AAcA,MAAM,UAAU,yBAAyB,CAAC,GAAG,MAAwC;IACnF,OAAO,KAAK,EAAE,KAAK,EAAE,EAAE;QACrB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,KAAK,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,SAAgC,OAAO;IACpF,OAAO,CAAC,KAAK,EAAE,EAAE;QACf,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;YAClC,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,GAAG,CAAC,KAAK,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClF,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kCAAkC,CAChD,OAAoC;IAEpC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;IAED,MAAM,MAAM,GAAuB,EAAE,CAAC;IACtC,IAAI,QAAQ,GAAyB,IAAI,CAAC;IAE1C,MAAM,KAAK,GAAG,KAAK,IAAmB,EAAE;QACtC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK,IAAmB,EAAE;QAC5C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,QAAQ,GAAG,KAAK,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;gBAC9B,QAAQ,GAAG,IAAI,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC;QACD,MAAM,QAAQ,CAAC;IACjB,CAAC,CAAC;IAEF,OAAO;QACL,UAAU,CAAC,KAAK;YACd,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACnB,IAAI,MAAM,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAC/B,KAAK,WAAW,EAAE,CAAC;YACrB,CAAC;QACH,CAAC;QAED,QAAQ;YACN,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;QAED,KAAK,CAAC,KAAK;YACT,MAAM,WAAW,EAAE,CAAC;QACtB,CAAC;QAED,KAAK;YACH,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { AuthSessionManager, AuthSessionManagerOptions, AuthStore } from "../shared";
|
|
2
|
+
/**
|
|
3
|
+
* Create a session manager with token storage, event broadcasting, and lifecycle management.
|
|
4
|
+
*
|
|
5
|
+
* Includes: refresh deduplication, rate limiting (SEC-M3), session regeneration (SEC-M1),
|
|
6
|
+
* sliding window (FEAT-M10), idle timeout (FEAT-L5), signed broadcast (SEC-H7).
|
|
7
|
+
*/
|
|
8
|
+
export declare function createAuthSessionManager(storage: AuthStore, options?: AuthSessionManagerOptions): AuthSessionManager;
|
|
9
|
+
export { composeSessionEventAudits, createConsoleSessionEventAudit, createBufferedSessionEventExporter, } from "./exporters";
|
|
10
|
+
export type { SessionEventBufferedExporter, SessionEventExporterOptions } from "./exporters";
|
|
11
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/session/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAGV,kBAAkB,EAClB,yBAAyB,EAEzB,SAAS,EAGV,MAAM,WAAW,CAAC;AAoHnB;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,SAAS,EAClB,OAAO,GAAE,yBAA8B,GACtC,kBAAkB,CAiRpB;AAED,OAAO,EACL,yBAAyB,EACzB,8BAA8B,EAC9B,kCAAkC,GACnC,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,4BAA4B,EAAE,2BAA2B,EAAE,MAAM,aAAa,CAAC"}
|
|
@@ -0,0 +1,324 @@
|
|
|
1
|
+
import { decodeJwt } from "../jwt";
|
|
2
|
+
function tokenExpiresAt(token) {
|
|
3
|
+
if (!token) {
|
|
4
|
+
return undefined;
|
|
5
|
+
}
|
|
6
|
+
try {
|
|
7
|
+
const claims = decodeJwt(token);
|
|
8
|
+
if (typeof claims.exp !== "number") {
|
|
9
|
+
return undefined;
|
|
10
|
+
}
|
|
11
|
+
return claims.exp * 1000;
|
|
12
|
+
}
|
|
13
|
+
catch {
|
|
14
|
+
return undefined;
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
async function readState(storage) {
|
|
18
|
+
const accessToken = await storage.get();
|
|
19
|
+
const refreshToken = await storage.getRefresh();
|
|
20
|
+
const expiresAt = tokenExpiresAt(accessToken);
|
|
21
|
+
return {
|
|
22
|
+
accessToken,
|
|
23
|
+
refreshToken,
|
|
24
|
+
...(expiresAt !== undefined ? { expiresAt } : {}),
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
async function rotateTokensInternal(storage, tokens, policy) {
|
|
28
|
+
await storage.set(tokens.accessToken);
|
|
29
|
+
if (tokens.refreshToken !== undefined) {
|
|
30
|
+
await storage.setRefresh(tokens.refreshToken);
|
|
31
|
+
return readState(storage);
|
|
32
|
+
}
|
|
33
|
+
if (policy === "clear-refresh-token") {
|
|
34
|
+
await storage.clearRefresh();
|
|
35
|
+
return readState(storage);
|
|
36
|
+
}
|
|
37
|
+
if (policy === "require-refresh-token") {
|
|
38
|
+
const existing = await storage.getRefresh();
|
|
39
|
+
if (!existing) {
|
|
40
|
+
throw new Error("pureq: refresh token is required by rotation policy");
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
return readState(storage);
|
|
44
|
+
}
|
|
45
|
+
/** SEC-H7: HMAC-based broadcast message signing. */
|
|
46
|
+
async function signMessage(payload, secret) {
|
|
47
|
+
const encoder = new TextEncoder();
|
|
48
|
+
const key = await crypto.subtle.importKey("raw", encoder.encode(secret), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
|
|
49
|
+
const sig = await crypto.subtle.sign("HMAC", key, encoder.encode(payload));
|
|
50
|
+
const arr = new Uint8Array(sig);
|
|
51
|
+
let result = "";
|
|
52
|
+
for (const byte of arr) {
|
|
53
|
+
result += byte.toString(16).padStart(2, "0");
|
|
54
|
+
}
|
|
55
|
+
return result;
|
|
56
|
+
}
|
|
57
|
+
async function verifySignature(payload, signature, secret) {
|
|
58
|
+
const expected = await signMessage(payload, secret);
|
|
59
|
+
// constant length comparison
|
|
60
|
+
if (expected.length !== signature.length) {
|
|
61
|
+
return false;
|
|
62
|
+
}
|
|
63
|
+
let diff = 0;
|
|
64
|
+
for (let i = 0; i < expected.length; i++) {
|
|
65
|
+
diff |= expected.charCodeAt(i) ^ signature.charCodeAt(i);
|
|
66
|
+
}
|
|
67
|
+
return diff === 0;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Create a session manager with token storage, event broadcasting, and lifecycle management.
|
|
71
|
+
*
|
|
72
|
+
* Includes: refresh deduplication, rate limiting (SEC-M3), session regeneration (SEC-M1),
|
|
73
|
+
* sliding window (FEAT-M10), idle timeout (FEAT-L5), signed broadcast (SEC-H7).
|
|
74
|
+
*/
|
|
75
|
+
export function createAuthSessionManager(storage, options = {}) {
|
|
76
|
+
let disposed = false;
|
|
77
|
+
let refreshLock = null;
|
|
78
|
+
let lastRefreshAt = 0;
|
|
79
|
+
let lastAccessAt = Date.now();
|
|
80
|
+
const rotationPolicy = options.rotationPolicy ?? "preserve-refresh-token";
|
|
81
|
+
const listeners = new Set();
|
|
82
|
+
const channelName = options.broadcastChannel ?? "pureq:auth:session";
|
|
83
|
+
const channel = typeof BroadcastChannel === "function" ? new BroadcastChannel(channelName) : null;
|
|
84
|
+
const auditEvent = options.auditEvent;
|
|
85
|
+
const exporter = options.exporter;
|
|
86
|
+
const instanceId = options.instanceId ?? `session-${Math.random().toString(16).slice(2)}`;
|
|
87
|
+
const minRefreshIntervalMs = options.minRefreshIntervalMs ?? 10000;
|
|
88
|
+
const slidingWindowMs = options.slidingWindowMs;
|
|
89
|
+
const idleTimeoutMs = options.idleTimeoutMs;
|
|
90
|
+
// SEC-H7: broadcast secret for HMAC signing
|
|
91
|
+
const broadcastSecret = options.broadcastSecret ?? `pureq-bc-${instanceId}-${Math.random().toString(36).slice(2)}`;
|
|
92
|
+
const assertActive = () => {
|
|
93
|
+
if (disposed) {
|
|
94
|
+
throw new Error("pureq: session manager has been disposed");
|
|
95
|
+
}
|
|
96
|
+
};
|
|
97
|
+
const notify = (event) => {
|
|
98
|
+
void auditEvent?.(event);
|
|
99
|
+
void exporter?.export(event);
|
|
100
|
+
for (const listener of listeners) {
|
|
101
|
+
void listener(event);
|
|
102
|
+
}
|
|
103
|
+
};
|
|
104
|
+
const broadcast = async (message) => {
|
|
105
|
+
if (!channel) {
|
|
106
|
+
return;
|
|
107
|
+
}
|
|
108
|
+
const payload = JSON.stringify(message);
|
|
109
|
+
const sig = await signMessage(payload, broadcastSecret);
|
|
110
|
+
try {
|
|
111
|
+
channel.postMessage({
|
|
112
|
+
...message,
|
|
113
|
+
from: instanceId,
|
|
114
|
+
sig,
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
catch {
|
|
118
|
+
// Ignore post-dispose async broadcasts.
|
|
119
|
+
}
|
|
120
|
+
};
|
|
121
|
+
if (channel) {
|
|
122
|
+
channel.onmessage = (event) => {
|
|
123
|
+
const message = event.data;
|
|
124
|
+
if (!message || typeof message !== "object") {
|
|
125
|
+
return;
|
|
126
|
+
}
|
|
127
|
+
if (message.from === instanceId) {
|
|
128
|
+
return;
|
|
129
|
+
}
|
|
130
|
+
// SEC-H7: Verify broadcast signature
|
|
131
|
+
const { sig, from, ...payloadFields } = message;
|
|
132
|
+
void verifySignature(JSON.stringify(payloadFields), sig, broadcastSecret).then((valid) => {
|
|
133
|
+
if (!valid) {
|
|
134
|
+
return;
|
|
135
|
+
}
|
|
136
|
+
if (message.kind === "rotate") {
|
|
137
|
+
void rotateTokensInternal(storage, message.tokens, message.policy)
|
|
138
|
+
.then((state) => {
|
|
139
|
+
notify({
|
|
140
|
+
type: "tokens-updated",
|
|
141
|
+
at: Date.now(),
|
|
142
|
+
source: "remote",
|
|
143
|
+
state,
|
|
144
|
+
});
|
|
145
|
+
})
|
|
146
|
+
.catch((error) => {
|
|
147
|
+
notify({
|
|
148
|
+
type: "session-refresh-failed",
|
|
149
|
+
at: Date.now(),
|
|
150
|
+
source: "remote",
|
|
151
|
+
errorMessage: error instanceof Error ? error.message : String(error),
|
|
152
|
+
});
|
|
153
|
+
});
|
|
154
|
+
return;
|
|
155
|
+
}
|
|
156
|
+
if (message.kind === "logout") {
|
|
157
|
+
void storage
|
|
158
|
+
.clear()
|
|
159
|
+
.then(() => storage.clearRefresh())
|
|
160
|
+
.then(() => {
|
|
161
|
+
notify({
|
|
162
|
+
type: "session-logout",
|
|
163
|
+
at: Date.now(),
|
|
164
|
+
source: "remote",
|
|
165
|
+
...(message.reason !== undefined ? { reason: message.reason } : {}),
|
|
166
|
+
});
|
|
167
|
+
});
|
|
168
|
+
}
|
|
169
|
+
});
|
|
170
|
+
};
|
|
171
|
+
}
|
|
172
|
+
return {
|
|
173
|
+
async getState() {
|
|
174
|
+
assertActive();
|
|
175
|
+
lastAccessAt = Date.now();
|
|
176
|
+
const state = await readState(storage);
|
|
177
|
+
// FEAT-L5: idle timeout check
|
|
178
|
+
if (idleTimeoutMs !== undefined && Date.now() - lastAccessAt > idleTimeoutMs) {
|
|
179
|
+
return { accessToken: null, refreshToken: null };
|
|
180
|
+
}
|
|
181
|
+
// FEAT-M10: sliding window extension
|
|
182
|
+
if (slidingWindowMs !== undefined && typeof state.expiresAt === "number") {
|
|
183
|
+
const remaining = state.expiresAt - Date.now();
|
|
184
|
+
if (remaining > 0 && remaining < slidingWindowMs) {
|
|
185
|
+
// Extend the session by re-storing the token (triggers new expiry tracking)
|
|
186
|
+
if (state.accessToken) {
|
|
187
|
+
await storage.set(state.accessToken);
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
return state;
|
|
192
|
+
},
|
|
193
|
+
async setTokens(tokens) {
|
|
194
|
+
assertActive();
|
|
195
|
+
const state = await rotateTokensInternal(storage, tokens, rotationPolicy);
|
|
196
|
+
notify({
|
|
197
|
+
type: "tokens-updated",
|
|
198
|
+
at: Date.now(),
|
|
199
|
+
source: "local",
|
|
200
|
+
state,
|
|
201
|
+
});
|
|
202
|
+
void broadcast({ kind: "rotate", tokens, policy: rotationPolicy });
|
|
203
|
+
},
|
|
204
|
+
async rotateTokens(tokens, policy) {
|
|
205
|
+
assertActive();
|
|
206
|
+
const nextPolicy = policy ?? rotationPolicy;
|
|
207
|
+
const state = await rotateTokensInternal(storage, tokens, nextPolicy);
|
|
208
|
+
notify({
|
|
209
|
+
type: "tokens-updated",
|
|
210
|
+
at: Date.now(),
|
|
211
|
+
source: "local",
|
|
212
|
+
state,
|
|
213
|
+
});
|
|
214
|
+
void broadcast({ kind: "rotate", tokens, policy: nextPolicy });
|
|
215
|
+
return state;
|
|
216
|
+
},
|
|
217
|
+
async clear() {
|
|
218
|
+
assertActive();
|
|
219
|
+
await storage.clear();
|
|
220
|
+
await storage.clearRefresh();
|
|
221
|
+
notify({
|
|
222
|
+
type: "tokens-cleared",
|
|
223
|
+
at: Date.now(),
|
|
224
|
+
source: "local",
|
|
225
|
+
});
|
|
226
|
+
},
|
|
227
|
+
async logout(reason) {
|
|
228
|
+
assertActive();
|
|
229
|
+
await this.clear();
|
|
230
|
+
notify({
|
|
231
|
+
type: "session-logout",
|
|
232
|
+
at: Date.now(),
|
|
233
|
+
source: "local",
|
|
234
|
+
...(reason !== undefined ? { reason } : {}),
|
|
235
|
+
});
|
|
236
|
+
void broadcast({
|
|
237
|
+
kind: "logout",
|
|
238
|
+
...(reason !== undefined ? { reason } : {}),
|
|
239
|
+
});
|
|
240
|
+
},
|
|
241
|
+
async isExpired() {
|
|
242
|
+
assertActive();
|
|
243
|
+
const state = await readState(storage);
|
|
244
|
+
return typeof state.expiresAt === "number" ? state.expiresAt <= Date.now() : false;
|
|
245
|
+
},
|
|
246
|
+
async needsRefresh(thresholdMs = 60000) {
|
|
247
|
+
assertActive();
|
|
248
|
+
const state = await readState(storage);
|
|
249
|
+
if (typeof state.expiresAt !== "number") {
|
|
250
|
+
return false;
|
|
251
|
+
}
|
|
252
|
+
return state.expiresAt - Date.now() <= thresholdMs;
|
|
253
|
+
},
|
|
254
|
+
async refreshIfNeeded(refresh, thresholdMs = 60000) {
|
|
255
|
+
assertActive();
|
|
256
|
+
const shouldRefresh = await this.needsRefresh(thresholdMs);
|
|
257
|
+
if (!shouldRefresh) {
|
|
258
|
+
return this.getState();
|
|
259
|
+
}
|
|
260
|
+
if (refreshLock) {
|
|
261
|
+
return refreshLock;
|
|
262
|
+
}
|
|
263
|
+
// SEC-M3: rate limiting
|
|
264
|
+
const now = Date.now();
|
|
265
|
+
if (now - lastRefreshAt < minRefreshIntervalMs) {
|
|
266
|
+
return this.getState();
|
|
267
|
+
}
|
|
268
|
+
if (!refreshLock) {
|
|
269
|
+
refreshLock = (async () => {
|
|
270
|
+
lastRefreshAt = Date.now();
|
|
271
|
+
const tokens = await refresh();
|
|
272
|
+
const state = await this.rotateTokens(tokens, rotationPolicy);
|
|
273
|
+
notify({
|
|
274
|
+
type: "session-refreshed",
|
|
275
|
+
at: Date.now(),
|
|
276
|
+
source: "local",
|
|
277
|
+
state,
|
|
278
|
+
});
|
|
279
|
+
return state;
|
|
280
|
+
})().finally(() => {
|
|
281
|
+
refreshLock = null;
|
|
282
|
+
});
|
|
283
|
+
}
|
|
284
|
+
return refreshLock;
|
|
285
|
+
},
|
|
286
|
+
/** SEC-M1: Regenerate session — clear and re-initialize with new tokens. */
|
|
287
|
+
async regenerateSession(newTokens) {
|
|
288
|
+
assertActive();
|
|
289
|
+
await storage.clear();
|
|
290
|
+
await storage.clearRefresh();
|
|
291
|
+
const state = await rotateTokensInternal(storage, newTokens, rotationPolicy);
|
|
292
|
+
notify({
|
|
293
|
+
type: "session-regenerated",
|
|
294
|
+
at: Date.now(),
|
|
295
|
+
source: "local",
|
|
296
|
+
state,
|
|
297
|
+
});
|
|
298
|
+
return state;
|
|
299
|
+
},
|
|
300
|
+
onEvent(listener) {
|
|
301
|
+
assertActive();
|
|
302
|
+
listeners.add(listener);
|
|
303
|
+
return () => {
|
|
304
|
+
listeners.delete(listener);
|
|
305
|
+
};
|
|
306
|
+
},
|
|
307
|
+
dispose() {
|
|
308
|
+
if (disposed) {
|
|
309
|
+
return;
|
|
310
|
+
}
|
|
311
|
+
disposed = true;
|
|
312
|
+
listeners.clear();
|
|
313
|
+
if (channel) {
|
|
314
|
+
channel.onmessage = null;
|
|
315
|
+
channel.close();
|
|
316
|
+
}
|
|
317
|
+
// DX-M4: flush before dispose
|
|
318
|
+
void exporter?.flush?.();
|
|
319
|
+
exporter?.dispose?.();
|
|
320
|
+
},
|
|
321
|
+
};
|
|
322
|
+
}
|
|
323
|
+
export { composeSessionEventAudits, createConsoleSessionEventAudit, createBufferedSessionEventExporter, } from "./exporters";
|
|
324
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/session/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AA4BnC,SAAS,cAAc,CAAC,KAAoB;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAA4B,KAAK,CAAC,CAAC;QAC3D,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,OAAkB;IACzC,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;IAChD,MAAM,SAAS,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;IAE9C,OAAO;QACL,WAAW;QACX,YAAY;QACZ,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,OAAkB,EAClB,MAAkB,EAClB,MAA+B;IAE/B,MAAM,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAEtC,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACtC,MAAM,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC9C,OAAO,SAAS,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI,MAAM,KAAK,qBAAqB,EAAE,CAAC;QACrC,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI,MAAM,KAAK,uBAAuB,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;QAC5C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,oDAAoD;AACpD,KAAK,UAAU,WAAW,CAAC,OAAe,EAAE,MAAc;IACxD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3E,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,OAAe,EAAE,SAAiB,EAAE,MAAc;IAC/E,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpD,6BAA6B;IAC7B,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,IAAI,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAAkB,EAClB,UAAqC,EAAE;IAEvC,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,WAAW,GAAqC,IAAI,CAAC;IACzD,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC9B,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,wBAAwB,CAAC;IAC1E,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4B,CAAC;IACtD,MAAM,WAAW,GAAG,OAAO,CAAC,gBAAgB,IAAI,oBAAoB,CAAC;IACrE,MAAM,OAAO,GAAG,OAAO,gBAAgB,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAClG,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,MAAM,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,IAAI,KAAM,CAAC;IACpE,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;IAChD,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,4CAA4C;IAC5C,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,YAAY,UAAU,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IAEnH,MAAM,YAAY,GAAG,GAAS,EAAE;QAC9B,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,MAAM,GAAG,CAAC,KAAuB,EAAQ,EAAE;QAC/C,KAAK,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC;QACzB,KAAK,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC7B,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,KAAK,QAAQ,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,SAAS,GAAG,KAAK,EAAE,OAAgC,EAAiB,EAAE;QAC1E,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,OAAO,CAAC,WAAW,CAAC;gBAClB,GAAG,OAAO;gBACV,IAAI,EAAE,UAAU;gBAChB,GAAG;aACJ,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,wCAAwC;QAC1C,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,SAAS,GAAG,CAAC,KAAK,EAAE,EAAE;YAC5B,MAAM,OAAO,GAAG,KAAK,CAAC,IAA+B,CAAC;YACtD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC5C,OAAO;YACT,CAAC;YAED,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,qCAAqC;YACrC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,aAAa,EAAE,GAAG,OAAO,CAAC;YAChD,KAAK,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;gBACvF,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO;gBACT,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC9B,KAAK,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC;yBAC/D,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;wBACd,MAAM,CAAC;4BACL,IAAI,EAAE,gBAAgB;4BACtB,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;4BACd,MAAM,EAAE,QAAQ;4BAChB,KAAK;yBACN,CAAC,CAAC;oBACL,CAAC,CAAC;yBACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;wBACf,MAAM,CAAC;4BACL,IAAI,EAAE,wBAAwB;4BAC9B,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;4BACd,MAAM,EAAE,QAAQ;4BAChB,YAAY,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;yBACrE,CAAC,CAAC;oBACL,CAAC,CAAC,CAAC;oBACL,OAAO;gBACT,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC9B,KAAK,OAAO;yBACT,KAAK,EAAE;yBACP,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;yBAClC,IAAI,CAAC,GAAG,EAAE;wBACT,MAAM,CAAC;4BACL,IAAI,EAAE,gBAAgB;4BACtB,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;4BACd,MAAM,EAAE,QAAQ;4BAChB,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;yBACpE,CAAC,CAAC;oBACL,CAAC,CAAC,CAAC;gBACP,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,CAAC,QAAQ;YACZ,YAAY,EAAE,CAAC;YACf,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;YAEvC,8BAA8B;YAC9B,IAAI,aAAa,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,YAAY,GAAG,aAAa,EAAE,CAAC;gBAC7E,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;YACnD,CAAC;YAED,qCAAqC;YACrC,IAAI,eAAe,KAAK,SAAS,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBACzE,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAC/C,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,GAAG,eAAe,EAAE,CAAC;oBACjD,4EAA4E;oBAC5E,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;wBACtB,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;oBACvC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,MAAkB;YAChC,YAAY,EAAE,CAAC;YACf,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;YAC1E,MAAM,CAAC;gBACL,IAAI,EAAE,gBAAgB;gBACtB,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;gBACd,MAAM,EAAE,OAAO;gBACf,KAAK;aACN,CAAC,CAAC;YACH,KAAK,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,MAAkB,EAAE,MAAgC;YACrE,YAAY,EAAE,CAAC;YACf,MAAM,UAAU,GAAG,MAAM,IAAI,cAAc,CAAC;YAC5C,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;YACtE,MAAM,CAAC;gBACL,IAAI,EAAE,gBAAgB;gBACtB,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;gBACd,MAAM,EAAE,OAAO;gBACf,KAAK;aACN,CAAC,CAAC;YACH,KAAK,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;YAC/D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,CAAC,KAAK;YACT,YAAY,EAAE,CAAC;YACf,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC;YAC7B,MAAM,CAAC;gBACL,IAAI,EAAE,gBAAgB;gBACtB,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;gBACd,MAAM,EAAE,OAAO;aAChB,CAAC,CAAC;QACL,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,MAAe;YAC1B,YAAY,EAAE,CAAC;YACf,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,CAAC;gBACL,IAAI,EAAE,gBAAgB;gBACtB,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;gBACd,MAAM,EAAE,OAAO;gBACf,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5C,CAAC,CAAC;YACH,KAAK,SAAS,CAAC;gBACb,IAAI,EAAE,QAAQ;gBACd,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,KAAK,CAAC,SAAS;YACb,YAAY,EAAE,CAAC;YACf,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;YACvC,OAAO,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;QACrF,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,WAAW,GAAG,KAAM;YACrC,YAAY,EAAE,CAAC;YACf,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBACxC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,WAAW,CAAC;QACrD,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,OAAkC,EAAE,WAAW,GAAG,KAAM;YAC5E,YAAY,EAAE,CAAC;YACf,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;YAC3D,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,WAAW,CAAC;YACrB,CAAC;YAED,wBAAwB;YACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,GAAG,GAAG,aAAa,GAAG,oBAAoB,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,CAAC;YAED,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,WAAW,GAAG,CAAC,KAAK,IAAI,EAAE;oBACxB,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;oBAC3B,MAAM,MAAM,GAAG,MAAM,OAAO,EAAE,CAAC;oBAC/B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;oBAC9D,MAAM,CAAC;wBACL,IAAI,EAAE,mBAAmB;wBACzB,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;wBACd,MAAM,EAAE,OAAO;wBACf,KAAK;qBACN,CAAC,CAAC;oBACH,OAAO,KAAK,CAAC;gBACf,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;oBAChB,WAAW,GAAG,IAAI,CAAC;gBACrB,CAAC,CAAC,CAAC;YACL,CAAC;YAED,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,4EAA4E;QAC5E,KAAK,CAAC,iBAAiB,CAAC,SAAqB;YAC3C,YAAY,EAAE,CAAC;YACf,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;YAC7E,MAAM,CAAC;gBACL,IAAI,EAAE,qBAAqB;gBAC3B,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;gBACd,MAAM,EAAE,OAAO;gBACf,KAAK;aACN,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,CAAC,QAAkC;YACxC,YAAY,EAAE,CAAC;YACf,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,GAAG,EAAE;gBACV,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC7B,CAAC,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,QAAQ,GAAG,IAAI,CAAC;YAChB,SAAS,CAAC,KAAK,EAAE,CAAC;YAClB,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;gBACzB,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,CAAC;YACD,8BAA8B;YAC9B,KAAK,QAAQ,EAAE,KAAK,EAAE,EAAE,CAAC;YACzB,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC;QACxB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,OAAO,EACL,yBAAyB,EACzB,8BAA8B,EAC9B,kCAAkC,GACnC,MAAM,aAAa,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export declare function base64Encode(input: string): string;
|
|
2
|
+
export declare function base64Decode(input: string): string;
|
|
3
|
+
export declare function base64UrlEncode(bytes: Uint8Array): string;
|
|
4
|
+
export declare function base64UrlDecode(input: string): Uint8Array;
|
|
5
|
+
//# sourceMappingURL=encoding.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../../src/shared/encoding.ts"],"names":[],"mappings":"AAAA,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMlD;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMlD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CASzD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAMzD"}
|