@qlover/oauth-wrapper 0.5.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.ts CHANGED
@@ -1,81 +1,9 @@
1
- import { LoginParams } from '@qlover/corekit-bridge/core';
2
- import { OAuthSessionPayload, OAuthProviderInterface, OAuthTokenRequest, OAuthTokenResponse, OAuthWrapperRepositoryInterface, OAuthUserInfoResponse, OAuthAuthorizeQuery, OAuthConsentBody, OAuthAuthorizePageData, OAuthAuthorizeValidationError, OAuthConsentResult, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientListItem, OAuthClientDetail, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientUpdate, OAuthClientSecretRotateResponse, OAuthTokenServiceInterface, OAuthSessionInterface, OAuthRfcCodeType, OAuthClientRow } from './core.js';
3
- export { CreateAuthorizationCodeInput, CreateOAuthRefreshTokenInput, OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, OAuthAuthorizeQuerySchema, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, OAuthClientDetailSchema, OAuthClientListItemSchema, OAuthClientRowSchema, OAuthClientSecretRotateResponseSchema, OAuthClientUpdateSchema, OAuthConsentBodySchema, OAuthOTPProviderInterface, OAuthRefreshTokenRow, OAuthRefreshTokenSchema, OAuthRfcCodes, OAuthRfcErrorCodesType, OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, OAuthTokenRequestSchema, OAuthTokenResponseSchema, OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, OAuthUserCredentialsRow, OAuthUserCredentialsSchema, OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, OAuthUserInfoResponseSchema, ResolveAuthorizePageResult, SignOtpResult, SignWithEmailOtpSchema, SignWithOtpParams, SignWithOtpSchema, SignWithPhoneOtpSchema, VerifyEmailOtpParams, VerifyMobileOtpParams, VerifyOtpParams, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState, signWithEmailOtpSchema, signWithPhoneOtpSchema } from './core.js';
1
+ import { OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientListItem, OAuthClientDetail, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientUpdate, OAuthClientSecretRotateResponse, OAuthSessionPayload, OAuthTokenServiceInterface, OAuthWrapperRepositoryInterface, OAuthTokenResponse, OAuthTokenRequest, OAuthProviderInterface, OAuthSessionInterface, WithUserSession, OAuthAuthorizeQuery, OAuthConsentBody, OAuthAuthorizePageData, OAuthAuthorizeValidationError, OAuthConsentResult, OAuthRfcCodeType, OAuthClientRow } from './core.js';
2
+ export { CreateAuthorizationCodeInput, CreateOAuthRefreshTokenInput, OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, OAuthAuthorizeQuerySchema, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, OAuthClientDetailSchema, OAuthClientListItemSchema, OAuthClientRowSchema, OAuthClientSecretRotateResponseSchema, OAuthClientUpdateSchema, OAuthConsentBodySchema, OAuthOTPProviderInterface, OAuthRefreshTokenRow, OAuthRefreshTokenSchema, OAuthRfcCodes, OAuthRfcErrorCodesType, OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, OAuthTokenRequestSchema, OAuthTokenResponseSchema, OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, OAuthUserCredentialsRow, OAuthUserCredentialsSchema, OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, OAuthUserInfoResponse, OAuthUserInfoResponseSchema, ResolveAuthorizePageResult, SignOtpResult, SignWithEmailOtpSchema, SignWithOtpParams, SignWithOtpSchema, SignWithPhoneOtpSchema, VerifyEmailOtpParams, VerifyMobileOtpParams, VerifyOtpParams, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState, signWithEmailOtpSchema, signWithPhoneOtpSchema } from './core.js';
4
3
  import { EncryptorInterface, ExecutorError } from '@qlover/fe-corekit';
4
+ import { LoginParams } from '@qlover/corekit-bridge/core';
5
5
  import 'zod';
6
6
 
7
- type OAuthUserProfile = {
8
- id: string | number;
9
- email?: string | null;
10
- name?: string | null;
11
- roles?: string[];
12
- [key: string]: unknown;
13
- };
14
- type OAuthUserCredentials = {
15
- token: string;
16
- [key: string]: unknown;
17
- };
18
- type OAuthUserAccessToken = {
19
- access_token: string;
20
- expires_in: number;
21
- refresh_token?: string | null;
22
- [key: string]: unknown;
23
- };
24
- declare abstract class OAuthAbstractProvider<SessionPayload extends OAuthSessionPayload> implements OAuthProviderInterface<SessionPayload> {
25
- protected authCodeTTLMs: number;
26
- /**
27
- * @override
28
- */
29
- abstract exchangeToken(_rawFields: Record<string, string> | OAuthTokenRequest): Promise<OAuthTokenResponse>;
30
- /**
31
- * @override
32
- */
33
- abstract revokeToken(_rawFields: Record<string, string>): Promise<void>;
34
- /**
35
- * @override
36
- */
37
- abstract getOAuthRepo(): OAuthWrapperRepositoryInterface;
38
- /**
39
- * @override
40
- */
41
- abstract clearSession(): Promise<void>;
42
- /**
43
- * @override
44
- */
45
- abstract getSession(): Promise<SessionPayload | null>;
46
- /**
47
- * @override
48
- */
49
- abstract login(params: LoginParams): Promise<SessionPayload>;
50
- /**
51
- * @override
52
- */
53
- abstract getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
54
- protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
55
- protected isValidateConsent(value: unknown): value is OAuthConsentBody;
56
- protected generageSessionPayload(userInfo: OAuthUserProfile & {
57
- sessionToken: string;
58
- }): SessionPayload;
59
- /**
60
- * @override
61
- */
62
- logout(userId: string): Promise<void>;
63
- /**
64
- * @override
65
- */
66
- resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<{
67
- ok: true;
68
- data: OAuthAuthorizePageData;
69
- } | {
70
- ok: false;
71
- error: OAuthAuthorizeValidationError;
72
- }>;
73
- /**
74
- * @override
75
- */
76
- processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
77
- }
78
-
79
7
  /**
80
8
  * Business logic for OAuth client management in developer console.
81
9
  */
@@ -115,10 +43,30 @@ declare class OAuthClientsService implements OAuthClientsInterface {
115
43
  private mapToDetail;
116
44
  }
117
45
 
118
- type ExchangeProviderAccessToken = (params: {
119
- token: string;
120
- lang?: string;
121
- }) => Promise<OAuthUserAccessToken>;
46
+ /**
47
+ * 主要用于标识交换的 access_token 包装层类型
48
+ */
49
+ interface OAuthWrapperAccessToken {
50
+ provider_token?: string;
51
+ provider_refresh_token?: string;
52
+ /**
53
+ * 用于请求 api 时的 key 名字
54
+ */
55
+ token_type: string;
56
+ /**
57
+ * access_token 值
58
+ */
59
+ access_token: string;
60
+ /**
61
+ * 过期时间
62
+ */
63
+ expires_in: number;
64
+ /**
65
+ * 刷新 token
66
+ */
67
+ refresh_token: string;
68
+ }
69
+ type ExchangeProviderAccessToken = (params: OAuthSessionPayload) => Promise<OAuthWrapperAccessToken>;
122
70
  /**
123
71
  * OAuth 2.0 token endpoint (`POST /oauth/token`).
124
72
  *
@@ -153,6 +101,7 @@ declare class OAuthTokenService implements OAuthTokenServiceInterface {
153
101
  }>, verifiedClientId: string): Promise<OAuthTokenResponse>;
154
102
  protected fetchProviderAccessToken(userId: string): Promise<{
155
103
  access_token: string;
104
+ refresh_token: string;
156
105
  expires_in: number;
157
106
  }>;
158
107
  protected issueMiddlewareRefreshToken(clientId: string, userId: string): Promise<string>;
@@ -163,18 +112,22 @@ declare class OAuthTokenService implements OAuthTokenServiceInterface {
163
112
  revokeToken(rawFields: Record<string, string>): Promise<void>;
164
113
  }
165
114
 
166
- declare abstract class OAuthWrapperService<SessionPayload extends OAuthSessionPayload = OAuthSessionPayload> extends OAuthAbstractProvider<SessionPayload> {
167
- protected oauthSession: OAuthSessionInterface<SessionPayload>;
115
+ declare abstract class OAuthWrapperService<User, SessionPayload extends OAuthSessionPayload = OAuthSessionPayload> implements OAuthProviderInterface<User, SessionPayload> {
116
+ protected oauthSession: OAuthSessionInterface<SessionPayload, User>;
168
117
  protected oauthRepo: OAuthWrapperRepositoryInterface;
118
+ protected authCodeTTLMs: number;
169
119
  protected tokenService: OAuthTokenServiceInterface;
170
- constructor(oauthSession: OAuthSessionInterface<SessionPayload>, tokenEncryption: EncryptorInterface<string, string>, oauthRepo: OAuthWrapperRepositoryInterface);
171
- protected abstract providerLogin(params: LoginParams): Promise<OAuthUserCredentials>;
172
- protected abstract providerExchangeAccessToken(params: {
173
- token: string;
174
- lang?: string;
175
- }): Promise<OAuthUserAccessToken>;
176
- protected abstract providerGetUserInfo(sessionToken: string): Promise<OAuthUserProfile>;
177
- protected abstract providerGetUserInfoByAccessToken(accessToken: string): Promise<OAuthUserProfile>;
120
+ constructor(oauthSession: OAuthSessionInterface<SessionPayload, User>, tokenEncryption: EncryptorInterface<string, string>, oauthRepo: OAuthWrapperRepositoryInterface);
121
+ protected abstract providerLogin(params: LoginParams): Promise<WithUserSession<SessionPayload, User>>;
122
+ protected abstract providerExchangeAccessToken(params: SessionPayload): Promise<OAuthWrapperAccessToken>;
123
+ protected abstract providerGetUserInfo(sessionToken: string): Promise<User>;
124
+ protected abstract providerGetUserInfoByAccessToken(accessToken: string): Promise<User>;
125
+ /**
126
+ * @override
127
+ */
128
+ abstract refreshUser(params?: {
129
+ refresh_token: string;
130
+ }): Promise<WithUserSession<SessionPayload, User>>;
178
131
  /**
179
132
  * @override
180
133
  */
@@ -203,8 +156,28 @@ declare abstract class OAuthWrapperService<SessionPayload extends OAuthSessionPa
203
156
  /**
204
157
  * @override
205
158
  */
206
- getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
207
- protected toUserInfoResponse(profile: OAuthUserProfile): OAuthUserInfoResponse;
159
+ getUserInfoWithAccessToken(accessToken: string): Promise<User>;
160
+ protected toUser(profile: unknown): User;
161
+ protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
162
+ protected isValidateConsent(value: unknown): value is OAuthConsentBody;
163
+ /**
164
+ * @override
165
+ */
166
+ logout(userId: string): Promise<void>;
167
+ /**
168
+ * @override
169
+ */
170
+ resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<{
171
+ ok: true;
172
+ data: OAuthAuthorizePageData;
173
+ } | {
174
+ ok: false;
175
+ error: OAuthAuthorizeValidationError;
176
+ }>;
177
+ /**
178
+ * @override
179
+ */
180
+ processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
208
181
  }
209
182
 
210
183
  declare class OAuthWrapperError extends ExecutorError {
@@ -255,4 +228,4 @@ declare function computeS256CodeChallenge(verifier: string): string;
255
228
  */
256
229
  declare function verifyPkceS256(verifier: string, challenge: string): boolean;
257
230
 
258
- export { type ExchangeProviderAccessToken, OAuthAbstractProvider, OAuthAuthorizePageData, OAuthAuthorizeQuery, OAuthAuthorizeValidationError, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientDetail, OAuthClientListItem, OAuthClientRow, OAuthClientSecretRotateResponse, OAuthClientUpdate, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientsService, OAuthConsentBody, OAuthConsentResult, OAuthProviderInterface, OAuthRfcCodeType, OAuthSessionInterface, OAuthSessionPayload, OAuthTokenRequest, OAuthTokenResponse, OAuthTokenService, OAuthTokenServiceInterface, type OAuthUserAccessToken, type OAuthUserCredentials, OAuthUserInfoResponse, type OAuthUserProfile, OAuthWrapperError, OAuthWrapperRepositoryInterface, OAuthWrapperService, buildOAuthRedirectUrl, computeS256CodeChallenge, hashClientSecret, isRedirectUriAllowed, isValidCodeChallenge, isValidCodeVerifier, normalizeQuery, parseScopeList, validatePkceParams, verifyClientSecret, verifyPkceS256 };
231
+ export { type ExchangeProviderAccessToken, OAuthAuthorizePageData, OAuthAuthorizeQuery, OAuthAuthorizeValidationError, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientDetail, OAuthClientListItem, OAuthClientRow, OAuthClientSecretRotateResponse, OAuthClientUpdate, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientsService, OAuthConsentBody, OAuthConsentResult, OAuthProviderInterface, OAuthRfcCodeType, OAuthSessionInterface, OAuthSessionPayload, OAuthTokenRequest, OAuthTokenResponse, OAuthTokenService, OAuthTokenServiceInterface, type OAuthWrapperAccessToken, OAuthWrapperError, OAuthWrapperRepositoryInterface, OAuthWrapperService, WithUserSession, buildOAuthRedirectUrl, computeS256CodeChallenge, hashClientSecret, isRedirectUriAllowed, isValidCodeChallenge, isValidCodeVerifier, normalizeQuery, parseScopeList, validatePkceParams, verifyClientSecret, verifyPkceS256 };