@qlover/oauth-wrapper 0.5.0 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core.cjs +1 -1
- package/dist/core.d.ts +64 -23
- package/dist/core.js +1 -1
- package/dist/index.cjs +392 -414
- package/dist/index.d.ts +65 -92
- package/dist/index.js +389 -410
- package/package.json +2 -2
package/dist/index.d.ts
CHANGED
|
@@ -1,81 +1,9 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
3
|
-
export { CreateAuthorizationCodeInput, CreateOAuthRefreshTokenInput, OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, OAuthAuthorizeQuerySchema, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, OAuthClientDetailSchema, OAuthClientListItemSchema, OAuthClientRowSchema, OAuthClientSecretRotateResponseSchema, OAuthClientUpdateSchema, OAuthConsentBodySchema, OAuthOTPProviderInterface, OAuthRefreshTokenRow, OAuthRefreshTokenSchema, OAuthRfcCodes, OAuthRfcErrorCodesType, OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, OAuthTokenRequestSchema, OAuthTokenResponseSchema, OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, OAuthUserCredentialsRow, OAuthUserCredentialsSchema, OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, OAuthUserInfoResponseSchema, ResolveAuthorizePageResult, SignOtpResult, SignWithEmailOtpSchema, SignWithOtpParams, SignWithOtpSchema, SignWithPhoneOtpSchema, VerifyEmailOtpParams, VerifyMobileOtpParams, VerifyOtpParams, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState, signWithEmailOtpSchema, signWithPhoneOtpSchema } from './core.js';
|
|
1
|
+
import { OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientListItem, OAuthClientDetail, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientUpdate, OAuthClientSecretRotateResponse, OAuthSessionPayload, OAuthTokenServiceInterface, OAuthWrapperRepositoryInterface, OAuthTokenResponse, OAuthTokenRequest, OAuthProviderInterface, OAuthSessionInterface, WithUserSession, OAuthAuthorizeQuery, OAuthConsentBody, OAuthAuthorizePageData, OAuthAuthorizeValidationError, OAuthConsentResult, OAuthRfcCodeType, OAuthClientRow } from './core.js';
|
|
2
|
+
export { CreateAuthorizationCodeInput, CreateOAuthRefreshTokenInput, OAuthAuthorizationCodeRow, OAuthAuthorizationCodeRowSchema, OAuthAuthorizeQuerySchema, OAuthClientCreateResponseSchema, OAuthClientCreateSchema, OAuthClientDetailSchema, OAuthClientListItemSchema, OAuthClientRowSchema, OAuthClientSecretRotateResponseSchema, OAuthClientUpdateSchema, OAuthConsentBodySchema, OAuthOTPProviderInterface, OAuthRefreshTokenRow, OAuthRefreshTokenSchema, OAuthRfcCodes, OAuthRfcErrorCodesType, OAuthTokenAuthorizationCodeRequest, OAuthTokenAuthorizationCodeSchema, OAuthTokenErrorResponse, OAuthTokenErrorResponseSchema, OAuthTokenRefreshRequest, OAuthTokenRefreshSchema, OAuthTokenRequestSchema, OAuthTokenResponseSchema, OAuthTokenRevokeRequest, OAuthTokenRevokeSchema, OAuthUserCredentialsRow, OAuthUserCredentialsSchema, OAuthUserInfoErrorResponse, OAuthUserInfoErrorResponseSchema, OAuthUserInfoResponse, OAuthUserInfoResponseSchema, ResolveAuthorizePageResult, SignOtpResult, SignWithEmailOtpSchema, SignWithOtpParams, SignWithOtpSchema, SignWithPhoneOtpSchema, VerifyEmailOtpParams, VerifyMobileOtpParams, VerifyOtpParams, computePkceS256Challenge, generatePkceVerifier, isOAuthRedirectUri, randomOAuthState, signWithEmailOtpSchema, signWithPhoneOtpSchema } from './core.js';
|
|
4
3
|
import { EncryptorInterface, ExecutorError } from '@qlover/fe-corekit';
|
|
4
|
+
import { LoginParams } from '@qlover/corekit-bridge/core';
|
|
5
5
|
import 'zod';
|
|
6
6
|
|
|
7
|
-
type OAuthUserProfile = {
|
|
8
|
-
id: string | number;
|
|
9
|
-
email?: string | null;
|
|
10
|
-
name?: string | null;
|
|
11
|
-
roles?: string[];
|
|
12
|
-
[key: string]: unknown;
|
|
13
|
-
};
|
|
14
|
-
type OAuthUserCredentials = {
|
|
15
|
-
token: string;
|
|
16
|
-
[key: string]: unknown;
|
|
17
|
-
};
|
|
18
|
-
type OAuthUserAccessToken = {
|
|
19
|
-
access_token: string;
|
|
20
|
-
expires_in: number;
|
|
21
|
-
refresh_token?: string | null;
|
|
22
|
-
[key: string]: unknown;
|
|
23
|
-
};
|
|
24
|
-
declare abstract class OAuthAbstractProvider<SessionPayload extends OAuthSessionPayload> implements OAuthProviderInterface<SessionPayload> {
|
|
25
|
-
protected authCodeTTLMs: number;
|
|
26
|
-
/**
|
|
27
|
-
* @override
|
|
28
|
-
*/
|
|
29
|
-
abstract exchangeToken(_rawFields: Record<string, string> | OAuthTokenRequest): Promise<OAuthTokenResponse>;
|
|
30
|
-
/**
|
|
31
|
-
* @override
|
|
32
|
-
*/
|
|
33
|
-
abstract revokeToken(_rawFields: Record<string, string>): Promise<void>;
|
|
34
|
-
/**
|
|
35
|
-
* @override
|
|
36
|
-
*/
|
|
37
|
-
abstract getOAuthRepo(): OAuthWrapperRepositoryInterface;
|
|
38
|
-
/**
|
|
39
|
-
* @override
|
|
40
|
-
*/
|
|
41
|
-
abstract clearSession(): Promise<void>;
|
|
42
|
-
/**
|
|
43
|
-
* @override
|
|
44
|
-
*/
|
|
45
|
-
abstract getSession(): Promise<SessionPayload | null>;
|
|
46
|
-
/**
|
|
47
|
-
* @override
|
|
48
|
-
*/
|
|
49
|
-
abstract login(params: LoginParams): Promise<SessionPayload>;
|
|
50
|
-
/**
|
|
51
|
-
* @override
|
|
52
|
-
*/
|
|
53
|
-
abstract getUserInfoWithAccessToken(accessToken: string): Promise<OAuthUserInfoResponse>;
|
|
54
|
-
protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
|
|
55
|
-
protected isValidateConsent(value: unknown): value is OAuthConsentBody;
|
|
56
|
-
protected generageSessionPayload(userInfo: OAuthUserProfile & {
|
|
57
|
-
sessionToken: string;
|
|
58
|
-
}): SessionPayload;
|
|
59
|
-
/**
|
|
60
|
-
* @override
|
|
61
|
-
*/
|
|
62
|
-
logout(userId: string): Promise<void>;
|
|
63
|
-
/**
|
|
64
|
-
* @override
|
|
65
|
-
*/
|
|
66
|
-
resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<{
|
|
67
|
-
ok: true;
|
|
68
|
-
data: OAuthAuthorizePageData;
|
|
69
|
-
} | {
|
|
70
|
-
ok: false;
|
|
71
|
-
error: OAuthAuthorizeValidationError;
|
|
72
|
-
}>;
|
|
73
|
-
/**
|
|
74
|
-
* @override
|
|
75
|
-
*/
|
|
76
|
-
processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
|
|
77
|
-
}
|
|
78
|
-
|
|
79
7
|
/**
|
|
80
8
|
* Business logic for OAuth client management in developer console.
|
|
81
9
|
*/
|
|
@@ -115,10 +43,30 @@ declare class OAuthClientsService implements OAuthClientsInterface {
|
|
|
115
43
|
private mapToDetail;
|
|
116
44
|
}
|
|
117
45
|
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
46
|
+
/**
|
|
47
|
+
* 主要用于标识交换的 access_token 包装层类型
|
|
48
|
+
*/
|
|
49
|
+
interface OAuthWrapperAccessToken {
|
|
50
|
+
provider_token?: string;
|
|
51
|
+
provider_refresh_token?: string;
|
|
52
|
+
/**
|
|
53
|
+
* 用于请求 api 时的 key 名字
|
|
54
|
+
*/
|
|
55
|
+
token_type: string;
|
|
56
|
+
/**
|
|
57
|
+
* access_token 值
|
|
58
|
+
*/
|
|
59
|
+
access_token: string;
|
|
60
|
+
/**
|
|
61
|
+
* 过期时间
|
|
62
|
+
*/
|
|
63
|
+
expires_in: number;
|
|
64
|
+
/**
|
|
65
|
+
* 刷新 token
|
|
66
|
+
*/
|
|
67
|
+
refresh_token: string;
|
|
68
|
+
}
|
|
69
|
+
type ExchangeProviderAccessToken = (params: OAuthSessionPayload) => Promise<OAuthWrapperAccessToken>;
|
|
122
70
|
/**
|
|
123
71
|
* OAuth 2.0 token endpoint (`POST /oauth/token`).
|
|
124
72
|
*
|
|
@@ -153,6 +101,7 @@ declare class OAuthTokenService implements OAuthTokenServiceInterface {
|
|
|
153
101
|
}>, verifiedClientId: string): Promise<OAuthTokenResponse>;
|
|
154
102
|
protected fetchProviderAccessToken(userId: string): Promise<{
|
|
155
103
|
access_token: string;
|
|
104
|
+
refresh_token: string;
|
|
156
105
|
expires_in: number;
|
|
157
106
|
}>;
|
|
158
107
|
protected issueMiddlewareRefreshToken(clientId: string, userId: string): Promise<string>;
|
|
@@ -163,18 +112,22 @@ declare class OAuthTokenService implements OAuthTokenServiceInterface {
|
|
|
163
112
|
revokeToken(rawFields: Record<string, string>): Promise<void>;
|
|
164
113
|
}
|
|
165
114
|
|
|
166
|
-
declare abstract class OAuthWrapperService<SessionPayload extends OAuthSessionPayload = OAuthSessionPayload>
|
|
167
|
-
protected oauthSession: OAuthSessionInterface<SessionPayload>;
|
|
115
|
+
declare abstract class OAuthWrapperService<User, SessionPayload extends OAuthSessionPayload = OAuthSessionPayload> implements OAuthProviderInterface<User, SessionPayload> {
|
|
116
|
+
protected oauthSession: OAuthSessionInterface<SessionPayload, User>;
|
|
168
117
|
protected oauthRepo: OAuthWrapperRepositoryInterface;
|
|
118
|
+
protected authCodeTTLMs: number;
|
|
169
119
|
protected tokenService: OAuthTokenServiceInterface;
|
|
170
|
-
constructor(oauthSession: OAuthSessionInterface<SessionPayload>, tokenEncryption: EncryptorInterface<string, string>, oauthRepo: OAuthWrapperRepositoryInterface);
|
|
171
|
-
protected abstract providerLogin(params: LoginParams): Promise<
|
|
172
|
-
protected abstract providerExchangeAccessToken(params:
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
120
|
+
constructor(oauthSession: OAuthSessionInterface<SessionPayload, User>, tokenEncryption: EncryptorInterface<string, string>, oauthRepo: OAuthWrapperRepositoryInterface);
|
|
121
|
+
protected abstract providerLogin(params: LoginParams): Promise<WithUserSession<SessionPayload, User>>;
|
|
122
|
+
protected abstract providerExchangeAccessToken(params: SessionPayload): Promise<OAuthWrapperAccessToken>;
|
|
123
|
+
protected abstract providerGetUserInfo(sessionToken: string): Promise<User>;
|
|
124
|
+
protected abstract providerGetUserInfoByAccessToken(accessToken: string): Promise<User>;
|
|
125
|
+
/**
|
|
126
|
+
* @override
|
|
127
|
+
*/
|
|
128
|
+
abstract refreshUser(params?: {
|
|
129
|
+
refresh_token: string;
|
|
130
|
+
}): Promise<WithUserSession<SessionPayload, User>>;
|
|
178
131
|
/**
|
|
179
132
|
* @override
|
|
180
133
|
*/
|
|
@@ -203,8 +156,28 @@ declare abstract class OAuthWrapperService<SessionPayload extends OAuthSessionPa
|
|
|
203
156
|
/**
|
|
204
157
|
* @override
|
|
205
158
|
*/
|
|
206
|
-
getUserInfoWithAccessToken(accessToken: string): Promise<
|
|
207
|
-
protected
|
|
159
|
+
getUserInfoWithAccessToken(accessToken: string): Promise<User>;
|
|
160
|
+
protected toUser(profile: unknown): User;
|
|
161
|
+
protected isQuery(query: unknown): query is OAuthAuthorizeQuery;
|
|
162
|
+
protected isValidateConsent(value: unknown): value is OAuthConsentBody;
|
|
163
|
+
/**
|
|
164
|
+
* @override
|
|
165
|
+
*/
|
|
166
|
+
logout(userId: string): Promise<void>;
|
|
167
|
+
/**
|
|
168
|
+
* @override
|
|
169
|
+
*/
|
|
170
|
+
resolveAuthorizePage(rawQuery: Record<string, string | string[] | undefined>): Promise<{
|
|
171
|
+
ok: true;
|
|
172
|
+
data: OAuthAuthorizePageData;
|
|
173
|
+
} | {
|
|
174
|
+
ok: false;
|
|
175
|
+
error: OAuthAuthorizeValidationError;
|
|
176
|
+
}>;
|
|
177
|
+
/**
|
|
178
|
+
* @override
|
|
179
|
+
*/
|
|
180
|
+
processConsent(requestBody: unknown): Promise<OAuthConsentResult>;
|
|
208
181
|
}
|
|
209
182
|
|
|
210
183
|
declare class OAuthWrapperError extends ExecutorError {
|
|
@@ -255,4 +228,4 @@ declare function computeS256CodeChallenge(verifier: string): string;
|
|
|
255
228
|
*/
|
|
256
229
|
declare function verifyPkceS256(verifier: string, challenge: string): boolean;
|
|
257
230
|
|
|
258
|
-
export { type ExchangeProviderAccessToken,
|
|
231
|
+
export { type ExchangeProviderAccessToken, OAuthAuthorizePageData, OAuthAuthorizeQuery, OAuthAuthorizeValidationError, OAuthClientCreate, OAuthClientCreateResponse, OAuthClientDetail, OAuthClientListItem, OAuthClientRow, OAuthClientSecretRotateResponse, OAuthClientUpdate, OAuthClientsInterface, OAuthClientsRepositoryInterface, OAuthClientsService, OAuthConsentBody, OAuthConsentResult, OAuthProviderInterface, OAuthRfcCodeType, OAuthSessionInterface, OAuthSessionPayload, OAuthTokenRequest, OAuthTokenResponse, OAuthTokenService, OAuthTokenServiceInterface, type OAuthWrapperAccessToken, OAuthWrapperError, OAuthWrapperRepositoryInterface, OAuthWrapperService, WithUserSession, buildOAuthRedirectUrl, computeS256CodeChallenge, hashClientSecret, isRedirectUriAllowed, isValidCodeChallenge, isValidCodeVerifier, normalizeQuery, parseScopeList, validatePkceParams, verifyClientSecret, verifyPkceS256 };
|