@qlover/oauth-wrapper 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client.cjs +3 -1
- package/dist/client.d.ts +1 -1
- package/dist/client.js +3 -1
- package/dist/core.cjs +20 -4
- package/dist/core.d.ts +92 -117
- package/dist/core.js +17 -3
- package/dist/index.cjs +513 -447
- package/dist/index.d.ts +97 -34
- package/dist/index.js +510 -447
- package/package.json +3 -3
package/dist/index.d.ts
CHANGED
|
@@ -1,8 +1,80 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
1
|
+
import { LoginParams } from '@qlover/corekit-bridge/core';
|
|
2
|
+
import { OAuthSessionPayload, OAuthProviderInterface, OAuthTokenRequest, OAuthTokenResponse, OAuthWrapperRepositoryInterface, OAuthUserInfoResponse, OAuthAuthorizeQuery, OAuthConsentBody, OAuthAuthorizePageData, OAuthAuthorizeValidationError, OAuthConsentResult, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientListItem, OAuthClientDetail, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientUpdate, OAuthClientSecretRotateResponse, OAuthTokenServiceInterface, OAuthSessionInterface, OAuthRfcCodeType, OAuthClientRow } from './core.js';
|
|
3
|
+
export { CreateAuthorizationCodeInput, CreateOAuthRefreshTokenInput, OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, OAuthAuthorizeQuerySchema, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, OAuthClientDetailSchema, OAuthClientListItemSchema, OAuthClientRowSchema, OAuthClientSecretRotateResponseSchema, OAuthClientUpdateSchema, OAuthConsentBodySchema, OAuthOTPProviderInterface, OAuthRefreshTokenRow, OAuthRefreshTokenSchema, OAuthRfcCodes, OAuthRfcErrorCodesType, OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, OAuthTokenRequestSchema, OAuthTokenResponseSchema, OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, OAuthUserCredentialsRow, OAuthUserCredentialsSchema, OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, OAuthUserInfoResponseSchema, ResolveAuthorizePageResult, SignOtpResult, SignWithEmailOtpSchema, SignWithOtpParams, SignWithOtpSchema, SignWithPhoneOtpSchema, VerifyEmailOtpParams, VerifyMobileOtpParams, VerifyOtpParams, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState, signWithEmailOtpSchema, signWithPhoneOtpSchema } from './core.js';
|
|
3
4
|
import { EncryptorInterface, ExecutorError } from '@qlover/fe-corekit';
|
|
4
5
|
import 'zod';
|
|
5
|
-
|
|
6
|
+
|
|
7
|
+
type OAuthUserProfile = {
|
|
8
|
+
id: string | number;
|
|
9
|
+
email?: string | null;
|
|
10
|
+
name?: string | null;
|
|
11
|
+
roles?: string[];
|
|
12
|
+
[key: string]: unknown;
|
|
13
|
+
};
|
|
14
|
+
type OAuthUserCredentials = {
|
|
15
|
+
token: string;
|
|
16
|
+
[key: string]: unknown;
|
|
17
|
+
};
|
|
18
|
+
type OAuthUserAccessToken = {
|
|
19
|
+
access_token: string;
|
|
20
|
+
expires_in: number;
|
|
21
|
+
refresh_token?: string | null;
|
|
22
|
+
[key: string]: unknown;
|
|
23
|
+
};
|
|
24
|
+
declare abstract class OAuthAbstractProvider<SessionPayload extends OAuthSessionPayload> implements OAuthProviderInterface<SessionPayload> {
|
|
25
|
+
protected authCodeTTLMs: number;
|
|
26
|
+
/**
|
|
27
|
+
* @override
|
|
28
|
+
*/
|
|
29
|
+
abstract exchangeToken(_rawFields: Record<string, string> | OAuthTokenRequest): Promise<OAuthTokenResponse>;
|
|
30
|
+
/**
|
|
31
|
+
* @override
|
|
32
|
+
*/
|
|
33
|
+
abstract revokeToken(_rawFields: Record<string, string>): Promise<void>;
|
|
34
|
+
/**
|
|
35
|
+
* @override
|
|
36
|
+
*/
|
|
37
|
+
abstract getOAuthRepo(): OAuthWrapperRepositoryInterface;
|
|
38
|
+
/**
|
|
39
|
+
* @override
|
|
40
|
+
*/
|
|
41
|
+
abstract clearSession(): Promise<void>;
|
|
42
|
+
/**
|
|
43
|
+
* @override
|
|
44
|
+
*/
|
|
45
|
+
abstract getSession(): Promise<SessionPayload | null>;
|
|
46
|
+
/**
|
|
47
|
+
* @override
|
|
48
|
+
*/
|
|
49
|
+
abstract login(params: LoginParams): Promise<SessionPayload>;
|
|
50
|
+
/**
|
|
51
|
+
* @override
|
|
52
|
+
*/
|
|
53
|
+
abstract getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
|
|
54
|
+
protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
|
|
55
|
+
protected isValidateConsent(value: unknown): value is OAuthConsentBody;
|
|
56
|
+
protected generageSessionPayload(userInfo: OAuthUserProfile & {
|
|
57
|
+
sessionToken: string;
|
|
58
|
+
}): SessionPayload;
|
|
59
|
+
/**
|
|
60
|
+
* @override
|
|
61
|
+
*/
|
|
62
|
+
logout(userId: string): Promise<void>;
|
|
63
|
+
/**
|
|
64
|
+
* @override
|
|
65
|
+
*/
|
|
66
|
+
resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<{
|
|
67
|
+
ok: true;
|
|
68
|
+
data: OAuthAuthorizePageData;
|
|
69
|
+
} | {
|
|
70
|
+
ok: false;
|
|
71
|
+
error: OAuthAuthorizeValidationError;
|
|
72
|
+
}>;
|
|
73
|
+
/**
|
|
74
|
+
* @override
|
|
75
|
+
*/
|
|
76
|
+
processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
|
|
77
|
+
}
|
|
6
78
|
|
|
7
79
|
/**
|
|
8
80
|
* Business logic for OAuth client management in developer console.
|
|
@@ -43,6 +115,10 @@ declare class OAuthClientsService implements OAuthClientsInterface {
|
|
|
43
115
|
private mapToDetail;
|
|
44
116
|
}
|
|
45
117
|
|
|
118
|
+
type ExchangeProviderAccessToken = (params: {
|
|
119
|
+
token: string;
|
|
120
|
+
lang?: string;
|
|
121
|
+
}) => Promise<OAuthUserAccessToken>;
|
|
46
122
|
/**
|
|
47
123
|
* OAuth 2.0 token endpoint (`POST /oauth/token`).
|
|
48
124
|
*
|
|
@@ -55,10 +131,10 @@ declare class OAuthClientsService implements OAuthClientsInterface {
|
|
|
55
131
|
*/
|
|
56
132
|
declare class OAuthTokenService implements OAuthTokenServiceInterface {
|
|
57
133
|
protected tokenEncryption: EncryptorInterface<string, string>;
|
|
58
|
-
protected
|
|
134
|
+
protected exchangeProviderAccessToken: ExchangeProviderAccessToken;
|
|
59
135
|
protected oauthRepo: OAuthWrapperRepositoryInterface;
|
|
60
136
|
protected static REFRESH_TOKEN_TTL_MS: number;
|
|
61
|
-
constructor(tokenEncryption: EncryptorInterface<string, string>,
|
|
137
|
+
constructor(tokenEncryption: EncryptorInterface<string, string>, exchangeProviderAccessToken: ExchangeProviderAccessToken, oauthRepo: OAuthWrapperRepositoryInterface);
|
|
62
138
|
/**
|
|
63
139
|
* @override
|
|
64
140
|
*/
|
|
@@ -87,60 +163,47 @@ declare class OAuthTokenService implements OAuthTokenServiceInterface {
|
|
|
87
163
|
revokeToken(rawFields: Record<string, string>): Promise<void>;
|
|
88
164
|
}
|
|
89
165
|
|
|
90
|
-
declare class OAuthWrapperService<SessionPayload extends OAuthSessionPayload = OAuthSessionPayload>
|
|
166
|
+
declare abstract class OAuthWrapperService<SessionPayload extends OAuthSessionPayload = OAuthSessionPayload> extends OAuthAbstractProvider<SessionPayload> {
|
|
91
167
|
protected oauthSession: OAuthSessionInterface<SessionPayload>;
|
|
92
|
-
protected userAdapter: OAuthUserAdapterInterface;
|
|
93
|
-
protected tokenService: OAuthTokenServiceInterface;
|
|
94
168
|
protected oauthRepo: OAuthWrapperRepositoryInterface;
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
169
|
+
protected tokenService: OAuthTokenServiceInterface;
|
|
170
|
+
constructor(oauthSession: OAuthSessionInterface<SessionPayload>, tokenEncryption: EncryptorInterface<string, string>, oauthRepo: OAuthWrapperRepositoryInterface);
|
|
171
|
+
protected abstract providerLogin(params: LoginParams): Promise<OAuthUserCredentials>;
|
|
172
|
+
protected abstract providerExchangeAccessToken(params: {
|
|
173
|
+
token: string;
|
|
174
|
+
lang?: string;
|
|
175
|
+
}): Promise<OAuthUserAccessToken>;
|
|
176
|
+
protected abstract providerGetUserInfo(sessionToken: string): Promise<OAuthUserProfile>;
|
|
177
|
+
protected abstract providerGetUserInfoByAccessToken(accessToken: string): Promise<OAuthUserProfile>;
|
|
104
178
|
/**
|
|
105
179
|
* @override
|
|
106
180
|
*/
|
|
107
|
-
|
|
181
|
+
login(params: LoginParams): Promise<SessionPayload>;
|
|
108
182
|
/**
|
|
109
183
|
* @override
|
|
110
184
|
*/
|
|
111
185
|
getOAuthRepo(): OAuthWrapperRepositoryInterface;
|
|
112
|
-
protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
|
|
113
|
-
protected isValidateConsent(value: unknown): value is OAuthConsentBody;
|
|
114
186
|
/**
|
|
115
187
|
* @override
|
|
116
188
|
*/
|
|
117
|
-
|
|
118
|
-
ok: true;
|
|
119
|
-
data: OAuthAuthorizePageData;
|
|
120
|
-
} | {
|
|
121
|
-
ok: false;
|
|
122
|
-
error: OAuthAuthorizeValidationError;
|
|
123
|
-
}>;
|
|
189
|
+
exchangeToken(rawFields: Record<string, string>): Promise<OAuthTokenResponse>;
|
|
124
190
|
/**
|
|
125
191
|
* @override
|
|
126
192
|
*/
|
|
127
|
-
|
|
193
|
+
getSession(): Promise<SessionPayload | null>;
|
|
128
194
|
/**
|
|
129
195
|
* @override
|
|
130
196
|
*/
|
|
131
|
-
|
|
197
|
+
clearSession(): Promise<void>;
|
|
132
198
|
/**
|
|
133
199
|
* @override
|
|
134
200
|
*/
|
|
135
201
|
revokeToken(rawFields: Record<string, string>): Promise<void>;
|
|
136
|
-
/**
|
|
137
|
-
* @override
|
|
138
|
-
*/
|
|
139
202
|
logoutUser(userId: string): Promise<void>;
|
|
140
203
|
/**
|
|
141
204
|
* @override
|
|
142
205
|
*/
|
|
143
|
-
|
|
206
|
+
getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
|
|
144
207
|
protected toUserInfoResponse(profile: OAuthUserProfile): OAuthUserInfoResponse;
|
|
145
208
|
}
|
|
146
209
|
|
|
@@ -192,4 +255,4 @@ declare function computeS256CodeChallenge(verifier: string): string;
|
|
|
192
255
|
*/
|
|
193
256
|
declare function verifyPkceS256(verifier: string, challenge: string): boolean;
|
|
194
257
|
|
|
195
|
-
export { OAuthAuthorizePageData, OAuthAuthorizeQuery, OAuthAuthorizeValidationError, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientDetail, OAuthClientListItem, OAuthClientRow, OAuthClientSecretRotateResponse, OAuthClientUpdate, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientsService, OAuthConsentBody, OAuthConsentResult,
|
|
258
|
+
export { type ExchangeProviderAccessToken, OAuthAbstractProvider, OAuthAuthorizePageData, OAuthAuthorizeQuery, OAuthAuthorizeValidationError, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientDetail, OAuthClientListItem, OAuthClientRow, OAuthClientSecretRotateResponse, OAuthClientUpdate, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientsService, OAuthConsentBody, OAuthConsentResult, OAuthProviderInterface, OAuthRfcCodeType, OAuthSessionInterface, OAuthSessionPayload, OAuthTokenRequest, OAuthTokenResponse, OAuthTokenService, OAuthTokenServiceInterface, type OAuthUserAccessToken, type OAuthUserCredentials, OAuthUserInfoResponse, type OAuthUserProfile, OAuthWrapperError, OAuthWrapperRepositoryInterface, OAuthWrapperService, buildOAuthRedirectUrl, computeS256CodeChallenge, hashClientSecret, isRedirectUriAllowed, isValidCodeChallenge, isValidCodeVerifier, normalizeQuery, parseScopeList, validatePkceParams, verifyClientSecret, verifyPkceS256 };
|