@qlover/oauth-wrapper 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -0
- package/README.md +313 -0
- package/README_EN.md +313 -0
- package/dist/client.cjs +835 -0
- package/dist/client.d.ts +341 -0
- package/dist/client.js +791 -0
- package/dist/core.cjs +301 -0
- package/dist/core.d.ts +460 -0
- package/dist/core.js +250 -0
- package/dist/index.cjs +1043 -0
- package/dist/index.d.ts +194 -0
- package/dist/index.js +977 -0
- package/package.json +72 -0
package/dist/core.js
ADDED
|
@@ -0,0 +1,250 @@
|
|
|
1
|
+
// src/core/schema/OAuthAuthorizeSchema.ts
|
|
2
|
+
import { z } from "zod";
|
|
3
|
+
function isOAuthRedirectUri(value) {
|
|
4
|
+
const trimmed = value.trim();
|
|
5
|
+
if (!trimmed) {
|
|
6
|
+
return false;
|
|
7
|
+
}
|
|
8
|
+
try {
|
|
9
|
+
const parsed = new URL(trimmed);
|
|
10
|
+
return Boolean(parsed.protocol && parsed.protocol.endsWith(":"));
|
|
11
|
+
} catch {
|
|
12
|
+
return /^[a-zA-Z][a-zA-Z0-9+.-]*:/.test(trimmed);
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
var oauthRedirectUriSchema = z.string().min(1).refine(isOAuthRedirectUri, { message: "Invalid redirect URI" });
|
|
16
|
+
var OAuthClientRowSchema = z.object({
|
|
17
|
+
id: z.number(),
|
|
18
|
+
client_id: z.string(),
|
|
19
|
+
client_secret_hash: z.string().nullable().optional(),
|
|
20
|
+
client_name: z.string(),
|
|
21
|
+
client_uri: z.string().nullable().optional(),
|
|
22
|
+
logo_uri: z.string().nullable().optional(),
|
|
23
|
+
redirect_uris: z.array(z.string()),
|
|
24
|
+
grant_types: z.array(z.string()),
|
|
25
|
+
scopes: z.array(z.string()),
|
|
26
|
+
confidential: z.boolean(),
|
|
27
|
+
owner_user_id: z.number(),
|
|
28
|
+
created_at: z.string(),
|
|
29
|
+
updated_at: z.string()
|
|
30
|
+
});
|
|
31
|
+
var OAuthClientListItemSchema = z.object({
|
|
32
|
+
client_id: z.string(),
|
|
33
|
+
client_name: z.string(),
|
|
34
|
+
client_uri: z.string().nullable().optional(),
|
|
35
|
+
logo_uri: z.string().nullable().optional(),
|
|
36
|
+
redirect_uris: z.array(z.string()),
|
|
37
|
+
confidential: z.boolean(),
|
|
38
|
+
created_at: z.string(),
|
|
39
|
+
updated_at: z.string()
|
|
40
|
+
});
|
|
41
|
+
var OAuthClientDetailSchema = z.object({
|
|
42
|
+
client_id: z.string(),
|
|
43
|
+
client_name: z.string(),
|
|
44
|
+
client_uri: z.string().nullable().optional(),
|
|
45
|
+
logo_uri: z.string().nullable().optional(),
|
|
46
|
+
redirect_uris: z.array(z.string()),
|
|
47
|
+
grant_types: z.array(z.string()),
|
|
48
|
+
scopes: z.array(z.string()),
|
|
49
|
+
confidential: z.boolean(),
|
|
50
|
+
created_at: z.string(),
|
|
51
|
+
updated_at: z.string()
|
|
52
|
+
});
|
|
53
|
+
var OAuthClientCreateSchema = z.object({
|
|
54
|
+
client_name: z.string().min(1).max(100),
|
|
55
|
+
client_uri: z.string().url().optional().or(z.literal("")),
|
|
56
|
+
redirect_uris: z.array(oauthRedirectUriSchema).min(1),
|
|
57
|
+
/** `true` = confidential (client_secret); `false` = public (PKCE required). */
|
|
58
|
+
confidential: z.boolean().default(true)
|
|
59
|
+
});
|
|
60
|
+
var OAuthClientUpdateSchema = z.object({
|
|
61
|
+
client_name: z.string().min(1).max(100),
|
|
62
|
+
client_uri: z.string().url().optional().or(z.literal("")),
|
|
63
|
+
redirect_uris: z.array(oauthRedirectUriSchema).min(1)
|
|
64
|
+
});
|
|
65
|
+
var OAuthClientCreateResponseSchema = z.object({
|
|
66
|
+
client_id: z.string(),
|
|
67
|
+
client_secret: z.string().optional(),
|
|
68
|
+
confidential: z.boolean(),
|
|
69
|
+
client_name: z.string(),
|
|
70
|
+
client_uri: z.string().nullable().optional(),
|
|
71
|
+
redirect_uris: z.array(z.string()),
|
|
72
|
+
created_at: z.string()
|
|
73
|
+
});
|
|
74
|
+
var OAuthClientSecretRotateResponseSchema = z.object({
|
|
75
|
+
client_id: z.string(),
|
|
76
|
+
client_secret: z.string()
|
|
77
|
+
});
|
|
78
|
+
var OAuthAuthorizeQuerySchema = z.object({
|
|
79
|
+
response_type: z.literal("code"),
|
|
80
|
+
client_id: z.string().min(1),
|
|
81
|
+
redirect_uri: oauthRedirectUriSchema,
|
|
82
|
+
scope: z.string().optional(),
|
|
83
|
+
state: z.string().optional(),
|
|
84
|
+
code_challenge: z.string().min(43).max(128).optional(),
|
|
85
|
+
code_challenge_method: z.literal("S256").optional()
|
|
86
|
+
});
|
|
87
|
+
var OAuthConsentBodySchema = z.object({
|
|
88
|
+
action: z.enum(["allow", "deny"]),
|
|
89
|
+
client_id: z.string().min(1),
|
|
90
|
+
redirect_uri: oauthRedirectUriSchema,
|
|
91
|
+
scope: z.string().optional(),
|
|
92
|
+
state: z.string().optional(),
|
|
93
|
+
trust: z.boolean().optional(),
|
|
94
|
+
code_challenge: z.string().min(43).max(128).optional(),
|
|
95
|
+
code_challenge_method: z.literal("S256").optional()
|
|
96
|
+
});
|
|
97
|
+
var OAuthAuthorizationCodeRowSchema = z.object({
|
|
98
|
+
code: z.string(),
|
|
99
|
+
client_id: z.string(),
|
|
100
|
+
user_id: z.number(),
|
|
101
|
+
redirect_uri: z.string(),
|
|
102
|
+
scope: z.string().nullable().optional(),
|
|
103
|
+
code_challenge: z.string().nullable().optional(),
|
|
104
|
+
code_challenge_method: z.string().nullable().optional(),
|
|
105
|
+
expires_at: z.string(),
|
|
106
|
+
used: z.boolean(),
|
|
107
|
+
created_at: z.string()
|
|
108
|
+
});
|
|
109
|
+
|
|
110
|
+
// src/core/schema/OAuthClientSchema.ts
|
|
111
|
+
import { z as z2 } from "zod";
|
|
112
|
+
var OAuthUserCredentialsSchema = z2.object({
|
|
113
|
+
user_id: z2.number(),
|
|
114
|
+
provider_refresh_token: z2.string().nullable().optional(),
|
|
115
|
+
provider_session_token: z2.string().nullable().optional(),
|
|
116
|
+
updated_at: z2.string()
|
|
117
|
+
});
|
|
118
|
+
var OAuthRefreshTokenSchema = z2.object({
|
|
119
|
+
id: z2.number(),
|
|
120
|
+
refresh_token: z2.string(),
|
|
121
|
+
client_id: z2.string(),
|
|
122
|
+
user_id: z2.number(),
|
|
123
|
+
expires_at: z2.string(),
|
|
124
|
+
revoked: z2.boolean(),
|
|
125
|
+
created_at: z2.string()
|
|
126
|
+
});
|
|
127
|
+
var OAuthTokenResponseSchema = z2.object({
|
|
128
|
+
access_token: z2.string(),
|
|
129
|
+
token_type: z2.literal("Bearer"),
|
|
130
|
+
expires_in: z2.number(),
|
|
131
|
+
refresh_token: z2.string().optional(),
|
|
132
|
+
scope: z2.string().optional()
|
|
133
|
+
});
|
|
134
|
+
|
|
135
|
+
// src/core/schema/OAuthUserInfoSchema.ts
|
|
136
|
+
import { z as z3 } from "zod";
|
|
137
|
+
var OAuthUserInfoResponseSchema = z3.object({
|
|
138
|
+
sub: z3.string(),
|
|
139
|
+
email: z3.string().email(),
|
|
140
|
+
name: z3.string(),
|
|
141
|
+
roles: z3.array(z3.string()).optional()
|
|
142
|
+
});
|
|
143
|
+
var OAuthUserInfoErrorResponseSchema = z3.object({
|
|
144
|
+
error: z3.literal("invalid_token"),
|
|
145
|
+
error_id: z3.string().optional()
|
|
146
|
+
});
|
|
147
|
+
|
|
148
|
+
// src/core/schema/OAuthTokenSchema.ts
|
|
149
|
+
import { z as z4 } from "zod";
|
|
150
|
+
var OAuthTokenAuthorizationCodeSchema = z4.object({
|
|
151
|
+
grant_type: z4.literal("authorization_code"),
|
|
152
|
+
code: z4.string().min(1),
|
|
153
|
+
redirect_uri: z4.string().min(1),
|
|
154
|
+
client_id: z4.string().min(1),
|
|
155
|
+
client_secret: z4.string().min(1).optional(),
|
|
156
|
+
code_verifier: z4.string().min(43).max(128).optional()
|
|
157
|
+
});
|
|
158
|
+
var OAuthTokenRefreshSchema = z4.object({
|
|
159
|
+
grant_type: z4.literal("refresh_token"),
|
|
160
|
+
refresh_token: z4.string().min(1),
|
|
161
|
+
client_id: z4.string().min(1),
|
|
162
|
+
client_secret: z4.string().min(1).optional()
|
|
163
|
+
});
|
|
164
|
+
var OAuthTokenRequestSchema = z4.discriminatedUnion("grant_type", [
|
|
165
|
+
OAuthTokenAuthorizationCodeSchema,
|
|
166
|
+
OAuthTokenRefreshSchema
|
|
167
|
+
]);
|
|
168
|
+
var OAuthTokenErrorResponseSchema = z4.object({
|
|
169
|
+
error: z4.string(),
|
|
170
|
+
error_id: z4.string().optional(),
|
|
171
|
+
error_description: z4.string().optional()
|
|
172
|
+
});
|
|
173
|
+
var OAuthTokenRevokeSchema = z4.object({
|
|
174
|
+
token: z4.string().min(1),
|
|
175
|
+
token_type_hint: z4.enum(["access_token", "refresh_token"]).optional(),
|
|
176
|
+
client_id: z4.string().min(1),
|
|
177
|
+
client_secret: z4.string().min(1).optional()
|
|
178
|
+
});
|
|
179
|
+
|
|
180
|
+
// src/core/config.ts
|
|
181
|
+
var OAuthRfcCodes = {
|
|
182
|
+
INVALID_REQUEST: "invalid_request",
|
|
183
|
+
INVALID_CLIENT: "invalid_client",
|
|
184
|
+
INVALID_GRANT: "invalid_grant",
|
|
185
|
+
INVALID_TOKEN: "invalid_token",
|
|
186
|
+
UNAUTHORIZED_CLIENT: "unauthorized_client",
|
|
187
|
+
INVALID_SCOPE: "invalid_scope",
|
|
188
|
+
ACCESS_DENIED: "access_denied",
|
|
189
|
+
UNSUPPORTED_RESPONSE_TYPE: "unsupported_response_type",
|
|
190
|
+
UNSUPPORTED_GRANT_TYPE: "unsupported_grant_type",
|
|
191
|
+
OAUTH_ERROR: "oauth_error"
|
|
192
|
+
};
|
|
193
|
+
|
|
194
|
+
// src/core/utils/pkce.ts
|
|
195
|
+
var PKCE_CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
|
|
196
|
+
function generatePkceVerifier(length = 64) {
|
|
197
|
+
const size = Math.min(128, Math.max(43, length));
|
|
198
|
+
const values = new Uint8Array(size);
|
|
199
|
+
crypto.getRandomValues(values);
|
|
200
|
+
let result = "";
|
|
201
|
+
for (let i = 0; i < size; i++) {
|
|
202
|
+
result += PKCE_CHARSET[values[i] % PKCE_CHARSET.length];
|
|
203
|
+
}
|
|
204
|
+
return result;
|
|
205
|
+
}
|
|
206
|
+
function base64UrlEncode(buffer) {
|
|
207
|
+
const bytes = new Uint8Array(buffer);
|
|
208
|
+
let binary = "";
|
|
209
|
+
for (const byte of bytes) {
|
|
210
|
+
binary += String.fromCharCode(byte);
|
|
211
|
+
}
|
|
212
|
+
return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
213
|
+
}
|
|
214
|
+
async function computePkceS256Challenge(verifier) {
|
|
215
|
+
const data = new TextEncoder().encode(verifier);
|
|
216
|
+
const digest = await crypto.subtle.digest("SHA-256", data);
|
|
217
|
+
return base64UrlEncode(digest);
|
|
218
|
+
}
|
|
219
|
+
function randomOAuthState() {
|
|
220
|
+
const bytes = new Uint8Array(16);
|
|
221
|
+
crypto.getRandomValues(bytes);
|
|
222
|
+
return Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
|
|
223
|
+
}
|
|
224
|
+
export {
|
|
225
|
+
OAuthAuthorizationCodeRowSchema,
|
|
226
|
+
OAuthAuthorizeQuerySchema,
|
|
227
|
+
OAuthClientCreateResponseSchema,
|
|
228
|
+
OAuthClientCreateSchema,
|
|
229
|
+
OAuthClientDetailSchema,
|
|
230
|
+
OAuthClientListItemSchema,
|
|
231
|
+
OAuthClientRowSchema,
|
|
232
|
+
OAuthClientSecretRotateResponseSchema,
|
|
233
|
+
OAuthClientUpdateSchema,
|
|
234
|
+
OAuthConsentBodySchema,
|
|
235
|
+
OAuthRefreshTokenSchema,
|
|
236
|
+
OAuthRfcCodes,
|
|
237
|
+
OAuthTokenAuthorizationCodeSchema,
|
|
238
|
+
OAuthTokenErrorResponseSchema,
|
|
239
|
+
OAuthTokenRefreshSchema,
|
|
240
|
+
OAuthTokenRequestSchema,
|
|
241
|
+
OAuthTokenResponseSchema,
|
|
242
|
+
OAuthTokenRevokeSchema,
|
|
243
|
+
OAuthUserCredentialsSchema,
|
|
244
|
+
OAuthUserInfoErrorResponseSchema,
|
|
245
|
+
OAuthUserInfoResponseSchema,
|
|
246
|
+
computePkceS256Challenge,
|
|
247
|
+
generatePkceVerifier,
|
|
248
|
+
isOAuthRedirectUri,
|
|
249
|
+
randomOAuthState
|
|
250
|
+
};
|