npm - @redocly/realm - Versions diffs - 0.129.2 → 0.130.0-custom.2 - Mend

@redocly/realm 0.129.2 → 0.130.0-custom.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (464) hide show

package/dist/server/utils/envs/get-api-route-allowed-env-variables.js CHANGED Viewed

	@@ -1 +1 @@
1	- const A=["AUTH_URL","~~BH_API_URL","~~HOME","HOSTNAME","INSPECT_MODE","INTERNAL_API_USERNAME","JWT_SECRET_KEY","METRICS_API_PORT","NODE","NODE_OPTIONS","NODE_VERSION","NOMAD_ADDR_http","NOMAD_ADDR_http_metrics_api","NOMAD_ALLOC_DIR","NOMAD_ALLOC_ID","NOMAD_ALLOC_INDEX","NOMAD_ALLOC_NAME","NOMAD_ALLOC_PORT_http","NOMAD_ALLOC_PORT_http-metrics-api","NOMAD_CPU_CORES","NOMAD_CPU_LIMIT","NOMAD_DC","NOMAD_GROUP_NAME","NOMAD_HOST_ADDR_http","NOMAD_HOST_ADDR_http-metrics-api","NOMAD_HOST_IP_http-metrics-api","NOMAD_HOST_PORT_http","NOMAD_HOST_PORT_http_metrics_api","NOMAD_IP_http","NOMAD_IP_http_metrics_api","NOMAD_JOB_ID","NOMAD_JOB_NAME","NOMAD_MEMORY_LIMIT","NOMAD_MEMORY_MAX_LIMIT","NOMAD_META_ARTIFACT_URL","NOMAD_META_BUILD_ID","NOMAD_META_ORGANIZATION_ID","NOMAD_META_build_id","NOMAD_META_deploy_time","NOMAD_META_job_type","NOMAD_META_portal_id","NOMAD_META_subscription_in_trial","NOMAD_NAMESPACE","NOMAD_PARENT_CGROUP","NOMAD_PORT_http","NOMAD_PORT_http_metrics_api","NOMAD_REGION","NOMAD_SECRETS_DIR","NOMAD_SHORT_ALLOC_ID","NOMAD_TASK_DIR","NOMAD_TASK_NAME","OAUTH_CLIENT_ID","OAUTH_CLIENT_SECRET","PATH","PLAN_GATES","PORTAL_ID","PWD","SERVER_EDITOR_APP_URL","SHLVL","SUBSCRIPTION_IN_TRIAL","TERM","TYPESENSE_API_URL","UV_USE_IO_URING","VAULT_TOKEN","WEB_SERVER_IDLE_TIMEOUT","YARN_VERSION","npm_config_cache","npm_config_local_prefix","npm_config_user_agent","npm_execpath","npm_node_execpath","npm_package_json","npm_package_name","npm_package_version","NOMAD_META_project_id","NOMAD_META_JOB_TYPE","NOMAD_META_SUBSCRIPTION_IN_TRIAL","NOMAD_HOST_IP_http","NOMAD_META_PROJECT_ID","NOMAD_META_artifact_url","NOMAD_META_PORTAL_ID","NOMAD_META_DEPLOY_TIME","NOMAD_META_organization_id"];function O(){return Object.fromEntries(Object.entries(process.env).filter(([_])=>!A.includes(_)))}export{A as EXCLUDED_ENV_VARS,O as getAllowedEnvs};
1	+ const A=["AUTH_URL","HOME","HOSTNAME","INSPECT_MODE","INTERNAL_API_USERNAME","JWT_SECRET_KEY","METRICS_API_PORT","NODE","NODE_OPTIONS","NODE_VERSION","NOMAD_ADDR_http","NOMAD_ADDR_http_metrics_api","NOMAD_ALLOC_DIR","NOMAD_ALLOC_ID","NOMAD_ALLOC_INDEX","NOMAD_ALLOC_NAME","NOMAD_ALLOC_PORT_http","NOMAD_ALLOC_PORT_http-metrics-api","NOMAD_CPU_CORES","NOMAD_CPU_LIMIT","NOMAD_DC","NOMAD_GROUP_NAME","NOMAD_HOST_ADDR_http","NOMAD_HOST_ADDR_http-metrics-api","NOMAD_HOST_IP_http-metrics-api","NOMAD_HOST_PORT_http","NOMAD_HOST_PORT_http_metrics_api","NOMAD_IP_http","NOMAD_IP_http_metrics_api","NOMAD_JOB_ID","NOMAD_JOB_NAME","NOMAD_MEMORY_LIMIT","NOMAD_MEMORY_MAX_LIMIT","NOMAD_META_ARTIFACT_URL","NOMAD_META_BUILD_ID","NOMAD_META_ORGANIZATION_ID","NOMAD_META_build_id","NOMAD_META_deploy_time","NOMAD_META_job_type","NOMAD_META_portal_id","NOMAD_META_subscription_in_trial","NOMAD_NAMESPACE","NOMAD_PARENT_CGROUP","NOMAD_PORT_http","NOMAD_PORT_http_metrics_api","NOMAD_REGION","NOMAD_SECRETS_DIR","NOMAD_SHORT_ALLOC_ID","NOMAD_TASK_DIR","NOMAD_TASK_NAME","OAUTH_CLIENT_ID","OAUTH_CLIENT_SECRET","PATH","PLAN_GATES","PORTAL_ID","PWD","SERVER_EDITOR_APP_URL","SHLVL","SUBSCRIPTION_IN_TRIAL","TERM","TYPESENSE_API_URL","UV_USE_IO_URING","VAULT_TOKEN","WEB_SERVER_IDLE_TIMEOUT","YARN_VERSION","npm_config_cache","npm_config_local_prefix","npm_config_user_agent","npm_execpath","npm_node_execpath","npm_package_json","npm_package_name","npm_package_version","NOMAD_META_project_id","NOMAD_META_JOB_TYPE","NOMAD_META_SUBSCRIPTION_IN_TRIAL","NOMAD_HOST_IP_http","NOMAD_META_PROJECT_ID","NOMAD_META_artifact_url","NOMAD_META_PORTAL_ID","NOMAD_META_DEPLOY_TIME","NOMAD_META_organization_id"];function O(){return Object.fromEntries(Object.entries(process.env).filter(([_])=>!A.includes(_)))}export{A as EXCLUDED_ENV_VARS,O as getAllowedEnvs};

package/dist/server/utils/envs/load-env-variables.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export declare function loadEnvVariables(pathToEnvFile?: string): void;
+export declare function loadEnvVariables(cwd?: string): Promise<void>;
 //# sourceMappingURL=load-env-variables.d.ts.map

package/dist/server/utils/envs/load-env-variables.js CHANGED Viewed

	@@ -1 +1 @@
1	- importas r from"dotenv";importas a from"path";import{~~readEnvVariable~~ as t}from"../../utils/envs/~~read~~-~~env~~-~~variable~~.js";function i(o){r.config({path:a.resolve(o??"",".env")});const n=t("~~REDOCLY_ENV~~");let e;switch(n){case"production":e=".env.production";break;case"preview":e=".env.preview";break;case"development":default:e=".env.development";break}r.config({path:a.resolve(o??"",e)})}export{i as loadEnvVariables};
1	+ importas n from"dotenv";importas a from"path";import{simpleGit as s}from"simple-git";import{envConfig as o}from"../../../config/env-config.js";import{sanitizeBranchName as v}from"../../utils/envs/sanitize-branch-name.js";async function p(e){try{return(await s(e??process.cwd()).revparse(["--abbrev-ref","HEAD"])).trim()}catch{return""}}async function m(e){n.config({path:a.resolve(e??"",".env")});const t=o.PUBLIC_REDOCLY_BRANCH_NAME\|\|await p(e);if(t){const c=v(t);n.config({path:a.resolve(e??"",`.env.branch.${c}`),override:!0})}const i=o.redoclyEnv;let r;switch(i){case"production":r=".env.production";break;case"preview":r=".env.preview";break;case"development":default:r=".env.development";break}n.config({path:a.resolve(e??"",r),override:!0})}m();export{m as loadEnvVariables};

package/dist/server/utils/envs/sanitize-branch-name.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Sanitizes a branch name for use in env file names and config keys.
+ * Replaces `/` with `-` to support branches like `feature/my-branch`.
+ */
+export declare function sanitizeBranchName(branchName: string): string;
+//# sourceMappingURL=sanitize-branch-name.d.ts.map

package/dist/server/utils/envs/sanitize-branch-name.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ function n(e){return e.replace(/\//g,"-")}export{n as sanitizeBranchName};

package/dist/server/utils/globs.js CHANGED Viewed

	@@ -1 +1 @@
1	- import s from"picomatch";import~~{minimatch~~ ~~as f}from"minimatch";import~~ u from"is-glob";import c from"path";import{removeTrailingSlash as a}from"../../utils/url/remove-trailing-slash.js";import{removeLeadingSlash as m}from"../../utils/url/remove-leading-slash.js";const p=(t,r)=>{const n=t.tokens??[],o=r.tokens??[];if(t.isGlob!==r.isGlob)return t.isGlob?r:t;if(n.length!==o.length)return n.length>o.length?t:r;for(let e=0;e<n.length;e++){if(n[e].isGlob!==o[e].isGlob)return n[e].isGlob?r:t;if(n[e].value!==o[e].value)return n[e].value.length>o[e].value.length?t:r}return t};function h(t,r){if(u(r)){if(f(t,r))return!0}else{const n=a(m(c.posix.normalize(r))),o=t.startsWith(n+"/");if(t~~===~~n~~\|\|o~~)return!0}return!1}function x(t,r){let n={},o={};if(!r)return n;for(const[e,i]of Object.entries(r))h(t,e)&&(o[e]=i);if(Object.keys(o).length){const e=Object.keys(o).map(i~~=>s~~.scan(i,{tokens:!0,parts:!0}));if(e.length){let i=e[0];for(const l of e)i=p(i,l);n=o[i.input]}}return n}function P(t){const r=s.makeRe(t);return r\|\|void 0}export{P as convertGlobToRegex,p as getDeeperGlobPattern,h as pathMatchesGlobPattern,x as resolveMetadataGlobs};
1	+ import i from"picomatch";import u from"is-glob";import f from"path";import{removeTrailingSlash as a}from"../../utils/url/remove-trailing-slash.js";import{removeLeadingSlash as m}from"../../utils/url/remove-leading-slash.js";const l={},p=(o,e)=>{const t=o.tokens??[],n=e.tokens??[];if(o.isGlob!==e.isGlob)return o.isGlob?e:o;if(t.length!==n.length)return t.length>n.length?o:e;for(let r=0;r<t.length;r++){if(t[r].isGlob!==n[r].isGlob)return t[r].isGlob?e:o;if(t[r].value!==n[r].value)return t[r].value.length>n[r].value.length?o:e}return o};function h(o,e){if(u(e)){const t=l[e]??i(e);if(l[e]=t,t(o))return!0}else{const t=a(m(f.posix.normalize(e))),n=o.startsWith(t+"/");if(o===t\|\|n)return!0}return!1}function v(o,e){let t={},n={};if(!e)return t;for(const[r,s]of Object.entries(e))h(o,r)&&(n[r]=s);if(Object.keys(n).length){const r=Object.keys(n).map(s=>i.scan(s,{tokens:!0,parts:!0}));if(r.length){let s=r[0];for(const c of r)s=p(s,c);t=n[s.input]}}return t}function x(o){const e=i.makeRe(o);return e\|\|void 0}export{x as convertGlobToRegex,p as getDeeperGlobPattern,h as pathMatchesGlobPattern,v as resolveMetadataGlobs};

package/dist/server/utils/is-catalog-entities-enabled.js CHANGED Viewed

	@@ -1 +1 @@
1	- function e(){return ~~process~~.~~env.~~NEW_CATALOG_ENABLED==="true"}export{e as isCatalogEntitiesEnabled};
1	+ import{envConfig as t}from"../../config/env-config.js";function e(){return t.NEW_CATALOG_ENABLED==="true"}export{e as isCatalogEntitiesEnabled};

package/dist/server/utils/is-scorecards-enabled.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{~~isCatalogEntitiesEnabled~~ as e}from"./is-catalog-entities-enabled.js";function a(r){return e()&&~~process~~.~~env.~~NEW_SCORECARDS_ENABLED==="true"&&Array.isArray(r.scorecards)&&r.scorecards.length>0}export{a as isScorecardsEnabled};
1	+ import{envConfig as e}from"../../config/env-config.js";import{isCatalogEntitiesEnabled as o}from"./is-catalog-entities-enabled.js";function s(r){return o()&&e.NEW_SCORECARDS_ENABLED==="true"&&Array.isArray(r.scorecards)&&r.scorecards.length>0}export{s as isScorecardsEnabled};

package/dist/server/utils/lifecycle-hooks.js CHANGED Viewed

	@@ -1 +1 @@
1	- import*as i from"path";import{cliCommandNames as r}from"../../constants/common.js";import{PUBLIC_STATIC_FOLDER as t}from"../constants/common.js";import{logger as n}from"../tools/notifiers/logger.js";import{blue as s,gray as c}from"../tools/notifiers/helpers/colors.js";import{loadEnvVariables as f}from"./envs/load-env-variables.js";import{copyFolderRecursiveSync as l}from"./fs.js";import{validateInstalledVersion as a}from"./validate-installed-version.js";import{PACKAGE_NAME as E}from"../../config/product-gates.js";import{PORTAL_VERSION as P}from"../version.js";function u(e){return e?"true":"false"}function v(e){e["log-level"]&&(process.env.REDOCLY_LOG_LEVEL=String(e["log-level"])),process.env.INSPECT_MODE="inspect"in e?u(e.inspect):"false",e.pathPrefix&&(process.env.REDOCLY_PREFIX_PATHS=e.pathPrefix)}function L({contentDir:e,outdir:o}){l(i.join(e,t),i.join(o,t))}async function N(e,o,p){f(o["project-dir"])~~,process.env.REDOCLY_RUNNING_COMMAND=e~~;const m=e===r.DEVELOP?" Previewing with":"Building with";switch(n.logInFooter("product",`${m} ${s(`${E}@${P}`)}`),n.logInFooter("server",` \u{1F310} Preview URL: ${c("server starting...")}`),e){case r.DEVELOP:case r.BUILD:case r.PREPARE:v(o);break;default:break}await a(),L(p)}export{N as beforeCommand};
1	+ import*as i from"path";import{cliCommandNames as r}from"../../constants/common.js";import{PUBLIC_STATIC_FOLDER as t}from"../constants/common.js";import{logger as n}from"../tools/notifiers/logger.js";import{blue as a,gray as c}from"../tools/notifiers/helpers/colors.js";import{loadEnvVariables as f}from"./envs/load-env-variables.js";import{copyFolderRecursiveSync as l}from"./fs.js";import{validateInstalledVersion as s}from"./validate-installed-version.js";import{PACKAGE_NAME as E}from"../../config/product-gates.js";import{PORTAL_VERSION as P}from"../version.js";function u(e){return e?"true":"false"}function v(e){e["log-level"]&&(process.env.REDOCLY_LOG_LEVEL=String(e["log-level"])),process.env.INSPECT_MODE="inspect"in e?u(e.inspect):"false",e.pathPrefix&&(process.env.REDOCLY_PREFIX_PATHS=e.pathPrefix)}function L({contentDir:e,outdir:o}){l(i.join(e,t),i.join(o,t))}async function h(e,o,m){await f(o["project-dir"]);const p=e===r.DEVELOP?" Previewing with":"Building with";switch(n.logInFooter("product",`${p} ${a(`${E}@${P}`)}`),n.logInFooter("server",` \u{1F310} Preview URL: ${c("server starting...")}`),e){case r.DEVELOP:case r.BUILD:case r.PREPARE:v(o);break;default:break}await s(),L(m)}export{h as beforeCommand};

package/dist/server/utils/rbac.d.ts CHANGED Viewed

@@ -1,15 +1,16 @@
 import '../node-crypto-polyfill.js';
 import { REDOCLY_TEAMS_RBAC, REDOCLY_ROUTE_RBAC } from '@redocly/config';
-import type { PageProps, PageStaticData, RbacConfig, RbacScopeItems, RedoclyConfig, SsoConfig } from '@redocly/config';
-import type { AuthDetails, PageRouteDetails } from '../types';
+import type { RbacConfig, RbacScopeItems, RedoclyConfig, SsoConfig } from '@redocly/config';
+import type { AuthDetails } from '../types';
 import type { ContentFs } from '../fs/content-fs.js';
 import type { RbacFeatures } from '../../constants/common.js';
 export type ProjectRole = 'NONE' | 'READ' | 'TRIAGE' | 'WRITE' | 'MAINTAIN' | 'ADMIN';
 export declare const PROJECT_ROLES_ORDERED_BY_ACCESS_LEVEL: string[];
 export declare function getHigherRole(a: ProjectRole, b: ProjectRole): ProjectRole;
-export declare function getAllowedTeamsForRoute(rbacConfig: RbacConfig | undefined, resource: {
-    [REDOCLY_ROUTE_RBAC]?: PageRouteDetails<PageStaticData, PageProps>[typeof REDOCLY_ROUTE_RBAC];
-} | undefined): RbacScopeItems;
+export declare function getScopeItemsForResource(rbacConfig: RbacConfig | undefined, resource: {
+    fsPath?: string;
+    slug?: string;
+}): RbacScopeItems;
 export declare function canAccessFeature(feature: RbacFeatures, auth: AuthDetails, rbacConfig?: RbacConfig, requiresLogin?: boolean): boolean;
 export declare function isResourcePubliclyAccessible(resource: {
     slug: string;
@@ -64,6 +65,71 @@ export declare const normalizeRbacConfig: (rbacConfig: RbacConfig) => {
     reunite?: {
         [x: string]: string;
     } | undefined;
+    entitiesCatalog?: {
+        catalogs?: {
+            [x: string]: unknown;
+            all?: {
+                [x: string]: string;
+            } | undefined;
+            services?: {
+                [x: string]: string;
+            } | undefined;
+            domains?: {
+                [x: string]: string;
+            } | undefined;
+            teams?: {
+                [x: string]: string;
+            } | undefined;
+            users?: {
+                [x: string]: string;
+            } | undefined;
+            apiDescriptions?: {
+                [x: string]: string;
+            } | undefined;
+            dataSchemas?: {
+                [x: string]: string;
+            } | undefined;
+            apiOperations?: {
+                [x: string]: string;
+            } | undefined;
+        } | undefined;
+        entities?: {
+            [x: string]: unknown;
+            "**"?: {
+                [x: string]: string;
+            } | undefined;
+        } | undefined;
+        entitiesTypes?: {
+            [x: string]: unknown;
+            user?: {
+                [x: string]: string;
+            } | undefined;
+            service?: {
+                [x: string]: string;
+            } | undefined;
+            domain?: {
+                [x: string]: string;
+            } | undefined;
+            team?: {
+                [x: string]: string;
+            } | undefined;
+            apiDescription?: {
+                [x: string]: string;
+            } | undefined;
+            apiOperation?: {
+                [x: string]: string;
+            } | undefined;
+            dataSchema?: {
+                [x: string]: string;
+            } | undefined;
+        } | undefined;
+        entitiesGroups?: {
+            entities?: string[] | undefined;
+            config?: {
+                [x: string]: string;
+            } | undefined;
+        }[] | undefined;
+    } | undefined;
     content?: {
         [x: string]: unknown;
         "**"?: {
@@ -84,7 +150,10 @@ export declare const normalizeRbacConfig: (rbacConfig: RbacConfig) => {
         } | undefined;
     } | undefined;
 };
-export declare function getRbacTeamsForSearch(route: PageRouteDetails<PageStaticData, PageProps>, rbacConfig: RbacConfig): string[];
-export declare function extractTeamsForSearch(scopeItems: RbacScopeItems | undefined): string[];
+export declare function getRbacTeamsListForResource(resource: {
+    fsPath?: string;
+    slug?: string;
+}, rbacConfig: RbacConfig): string[];
+export declare function extractTeamsFromScopeItems(scopeItems: RbacScopeItems | undefined): string[];
 export declare function expandTeamsForRead(rbacConfig: RbacConfig, teamNames: string[]): string[];
 //# sourceMappingURL=rbac.d.ts.map

package/dist/server/utils/rbac.js CHANGED Viewed

	@@ -1 +1 @@
1	- import A from"path";import O from"picomatch";import"../node-crypto-polyfill.js";import{REDOCLY_TEAMS_RBAC as D,REDOCLY_ROUTE_RBAC as R}from"@redocly/config";import{DEFAULT_ANONYMOUS_VISITOR_TEAM as P,ServerRoutes as I,PUBLIC_RBAC_SCOPE_ITEM as d,RBAC_ALL_OTHER_TEAMS as u,DEFAULT_RBAC_SCOPE as _}from"../../constants/common.js";import{DEPRECATED_PUBLIC_API_DEFINITIONS_FOLDER as g,PUBLIC_API_DEFINITIONS_FOLDER as L,PUBLIC_ASSETS_FOLDER as F}from"../constants/common.js";import{removeTrailingSlash as w}from"../../utils/url/remove-trailing-slash.js";import{parsePathVersions as N}from"../../utils/path/parse-path-versions.js";import{reporter as B}from"../tools/notifiers/reporter.js";import{bold as k}from"../tools/notifiers/helpers/colors.js";import{shaDirPathShort as W}from"../utils/crypto/sha-dir-path-short.js";import{canExpandConfig as U,expandRbacConfig as b,getTeamFolderDefaults as M,parseTeamFoldersTemplate as $,parseTeamNameTemplate as v}from"./rbac-expand.js";import{getUserParamsFromCookies as Y}from"../web-server/auth.js";import{getDeeperGlobPattern as z}from"./globs.js";import{EntitlementsProvider as H}from"../entitlements/entitlements-provider.js";const S=["NONE","READ","TRIAGE","WRITE","MAINTAIN","ADMIN"],G=new Set(["x-parsed-md-description","x-parsed-md-summary"]);function mt(t,e){const n=S.indexOf(t.toUpperCase()),r=S.indexOf(e.toUpperCase());return n>r?t:e}const j={};function y(t,e){if(!t~~\|\|!e~~)return d;const n=t.content~~;if(!n)return d;const~~{slug:r,fsPath:s}=e~~[R]??{}~~;if(!r&&!s)return d;const o=f=>{const m=j[f]\|\|O(f);return j[f]=m,!!(r&&m(r))\|\|!!(s&&m(s))};if(K(r\|\|s\|\|"")&&Object.keys(n).filter(T=>o(T)).length===0)return n[_]\|\|d;const c=Object.keys(n).filter(f=>o(f));if(c.length==0)return d;const l=c.map(f=>O.scan(f,{tokens:!0,parts:!0}));let p=l[0];for(let f=1;f<l.length;f++)p=z(p,l[f]);return n[p.input]}function pt(t,e,n={},r=!1){if(r&&Object.keys(n).length===0)return e.isAuthenticated;const s=n.features?.[t];return s?e.teams.some(o=>s[o]&&s[o].toLowerCase()!=="none"):!0}function dt(t,e){return E(t,{isAuthenticated:!1,teams:[P]},e.rbac\|\|{},e.requiresLogin\|\|!1)}function E(t,e={},n={},r=!1){if(t.slug&&typeof t.slug=="string"&&Object.values(I).some(c=>{const l=c.split(":")[0].replace(/\/$/,"");return t.slug===l\|\|t.slug?.startsWith(c)})\|\|typeof t.slug=="string"&&t.slug?.endsWith("/mcp")&&H.instance().canAccessFeature("mcp"))return!0;if(r&&Object.keys(n).length===0)return!!e.isAuthenticated;const s=b(n,e.teams\|\|[]),o=t[D]\|\|y(s,t);if(Object.keys(o\|\|{}).length===0)return!1;if(Object.keys(o).length===1&&o[u]&&o[u].toLowerCase()!=="none")return!0;const a=(e?.email?[...e?.teams\|\|[],e?.email]:e?.teams)\|\|[],i=[];for(const c of a??[])o[c]?i.push(~~o[c]~~):o[u]&&c!==e?.email&&i.push(o[u]);return i.length?i.some(c=>c.toLowerCase()!=="none"):!1}function ht(t,e,n,r){if(!t.startsWith(L)&&!t.startsWith(g))return!0;const s=t.replace(new RegExp(`^${L}/`),"").replace(new RegExp(`^${g}/`),""),a=s==="."?"":s,i={[R]:{slug:t,fsPath:a},slug:t};return E(i,r,e,n)}function At(t,e,n,~~r,s~~){if(!t.startsWith(F))return!0;const o=t.match(/.*\..{64}\.([A-Fa-f0-9]{8})\.[^\.]+$/)?.[1];if(!o)return!0;const a=r[o];if(!a)return!0;const{base:i,ext:c}=A.parse(t),l=i.split(".")[0],p=c.split(".").join(""),m=a==="."?"":a,T={[R]:{slug:t,fsPath:A.posix.join(m,`${l}.${p}`)},slug:t};return E(T,s,e,n)}async function Rt(t,e){const{isAuthenticated:n=!1,idpAccessToken:r,federatedAccessToken:s,federatedIdToken:o,...a}=await Y(t,e),{teams:i=[]}=a;let c;return n?c=i.filter(l=>l!==P):c=[P],{isAuthenticated:n,idpAccessToken:r,teams:c,claims:a}}function C(t,e,n={},r=!1){if(!t)return t;if(Array.isArray(t)){const s=[];for(const o of t){const a=C(o,e,n,r);a!==void 0&&s.push(a)}return s}if(typeof t=="object"){if(!E(t,e,n,r))return;let s=!1;const o={};for(const a in t){if(a===D\|\|a===R)continue;if(G.has(a)){o[a]=t[a];continue}const i=C(t[a],e,n,r);if(a==="items"&&Array.isArray(i)&&i.length===0&&t[a].length!==0){s=!0;continue}i!==void 0&&(o[a]=i)}return s?void 0:o}return t}function yt(t){return typeof t=="string"?t.split(" ").filter(Boolean):Array.isArray(t)?t.map(e=>e.toString()):[]}function Et(t,e){if(!e)return;const n=e.content;if(!n)return e;const r=Object.entries(n).flatMap(([o,a])=>o===_?[[o,a]]:[[o,a],...t.localeFolders.map(i=>[o.startsWith("/")?`/${i.toLocaleLowerCase()}${o}`:A.posix.join(t.localizationFolder,i,o),a])]),s=Object.fromEntries(r);return{...e,content:s}}async function Tt(t,e){if(!e)return{};const n={},r=new Set((await t.scan()).flatMap(({relativePath:s})=>{const{versionFolderPath:o}=N(s)\|\|{},a=A.dirname(s);return o?[o,a]:a}));for(const s of r)n[W(s)]=s;return n}const h=t=>typeof t=="object"&&t!==null&&!Array.isArray(t);function K(t){return t?t.split("/").filter(Boolean).some(n=>n.startsWith(".")):!1}const V=t=>{if(t&&h(t)&&("content"in t&&h(t.content)\|\|"reunite"in t&&h(t.reunite)\|\|"features"in t&&h(t.features)\|\|t.teamFolders&&t.teamNamePatterns)){const e=Object.values(t.content\|\|{});if(e.length===0)return!0;if(e.every(h))return e.every(n=>Object.values(n).every(r=>typeof r=="string"))}return!1},Pt=async t=>{if(t){if(Object.keys(t).length===0)return{};if(V(t))return J(t);await B.panicOnContentError(`You are using an incorrect format of ${k("rbac:")} configuration. See: https://redocly.com/docs/realm/access`)}},J=t=>{const e={...t};if(e.content){const n={};for(const r in e.content)if(e.content[r]!==void 0){const s=w(r);n[s]=e.content[r]}e.content=n}return e};function xt(t,e){const n=t.fsPath,r=t.slug,s=[];if(U(e)){const ~~o=$(e~~,[n,r]);if(o){const a=e?.teamNamePatterns?.map(c=>c.replace("{teamPathSegment}",o.teamPathSegment).replace("{projectRole}","read"))??[];s.push(...a);const i=y({content:{~~...M~~(e),...e.content}},t);s.push(...x(i))}else{const a=y(e,t);s.push(...x(a))}}else{const o=y(e,t);s.push(...x(o))}return Q(e,s)}function x(t){if(!t)return[];const e=[],n=u in t?{authenticated:t[u],anonymous:t[u]}:{};for(const[r,s]of Object.entries({...n,...t}))s.toLowerCase()!=="none"&&r!==u&&e.push(r);return e}function Q(t,e){return e.map(r=>v(t,r)??{teamName:r}).map(r=>r.projectRole&&r.projectRole!=="READ"?r.teamName?.toLowerCase().replace(r.projectRole?.toLowerCase?.()??"","read")??"":r.teamName?.toLowerCase()??"")}export{S as PROJECT_ROLES_ORDERED_BY_ACCESS_LEVEL,Et as applyL10nToRbacConfig,At as canAccessAsset,pt as canAccessFeature,E as canAccessResource,ht as canDownloadApiDefinition,Q as expandTeamsForRead,x as ~~extractTeamsForSearch~~,C as filterDataByAccessDeep,y as ~~getAllowedTeamsForRoute~~,Rt as ~~getAuthDetailsFromCookies~~,mt as ~~getHigherRole~~,xt as ~~getRbacTeamsForSearch~~,V as isRbacConfigValid,dt as isResourcePubliclyAccessible,J as normalizeRbacConfig,Pt as parseRbacConfig,yt as parseTeamClaimToArray,Tt as resolveDirectoryHashes};
1	+ import h from"path";import x from"picomatch";import"../node-crypto-polyfill.js";import{REDOCLY_TEAMS_RBAC as _,REDOCLY_ROUTE_RBAC as R}from"@redocly/config";import{DEFAULT_ANONYMOUS_VISITOR_TEAM as O,ServerRoutes as C,PUBLIC_RBAC_SCOPE_ITEM as A,RBAC_ALL_OTHER_TEAMS as u,DEFAULT_RBAC_SCOPE as L}from"../../constants/common.js";import{DEPRECATED_PUBLIC_API_DEFINITIONS_FOLDER as g,PUBLIC_API_DEFINITIONS_FOLDER as S,PUBLIC_ASSETS_FOLDER as F}from"../constants/common.js";import{removeTrailingSlash as w}from"../../utils/url/remove-trailing-slash.js";import{parsePathVersions as N}from"../../utils/path/parse-path-versions.js";import{reporter as B}from"../tools/notifiers/reporter.js";import{bold as k}from"../tools/notifiers/helpers/colors.js";import{shaDirPathShort as W}from"../utils/crypto/sha-dir-path-short.js";import{isTruthy as b}from"../../utils/guards/is-truthy.js";import{canExpandConfig as U,expandRbacConfig as M,getTeamFolderDefaults as $,parseTeamFoldersTemplate as v,parseTeamNameTemplate as Y}from"./rbac-expand.js";import{getUserParamsFromCookies as z}from"../web-server/auth.js";import{getDeeperGlobPattern as G}from"./globs.js";import{EntitlementsProvider as H}from"../entitlements/entitlements-provider.js";const I=["NONE","READ","TRIAGE","WRITE","MAINTAIN","ADMIN"],K=new Set(["x-parsed-md-description","x-parsed-md-summary","scorecard"]);function ht(t,e){const r=I.indexOf(t.toUpperCase()),n=I.indexOf(e.toUpperCase());return r>n?t:e}const y={};function E(t,e){if(!t?.content)return A;const r=t.content,{slug:n,fsPath:o}=e;if(!n&&!o)return A;const s=l=>{const m=y[l]\|\|x(l);return y[l]=m,!!(n&&m(n))\|\|!!(o&&m(o))};if(J(n\|\|o\|\|"")&&Object.keys(r).filter(P=>s(P)).length===0)return r[L]\|\|A;const c=Object.keys(r).filter(l=>s(l));if(c.length==0)return A;const f=c.map(l=>x.scan(l,{tokens:!0,parts:!0}));let p=f[0];for(let l=1;l<f.length;l++)p=G(p,f[l]);return r[p.input]}function Rt(t,e,r={},n=!1){if(n&&Object.keys(r).length===0)return e.isAuthenticated;const o=r.features?.[t];return o?e.teams.some(s=>o[s]&&o[s].toLowerCase()!=="none"):!0}function At(t,e){return T(t,{isAuthenticated:!1,teams:[O]},e.rbac\|\|{},e.requiresLogin\|\|!1)}function V(t,e){for(const[r,n]of Object.entries(t))if(r.includes("")){const o=y[r]??x(r);if(y[r]=o,o(e))return n}return null}function T(t,e={},r={},n=!1){if(t.slug&&typeof t.slug=="string"&&Object.values(C).some(c=>{const f=c.split(":")[0].replace(/\/$/,"");return t.slug===f\|\|t.slug?.startsWith(c)})\|\|typeof t.slug=="string"&&t.slug?.endsWith("/mcp")&&H.instance().canAccessFeature("mcp"))return!0;if(n&&Object.keys(r).length===0)return!!e.isAuthenticated;const o=M(r,e.teams\|\|[]),s=t[_]\|\|E(o,t[R]\|\|{});if(Object.keys(s\|\|{}).length===0)return!1;if(Object.keys(s).length===1&&s[u]&&s[u].toLowerCase()!=="none")return!0;const i=(e?.email?[...e?.teams\|\|[],e?.email]:e?.teams)\|\|[],a=[];for(const c of i??[]){const f=s[c]\|\|V(s,c);f?a.push(f):s[u]&&c!==e?.email&&a.push(s[u])}return a.length?a.some(c=>c.toLowerCase()!=="none"):!1}function yt(t,e,r,n){if(!t.startsWith(S)&&!t.startsWith(g))return!0;const o=t.replace(new RegExp(`^${S}/`),"").replace(new RegExp(`^${g}/`),""),i=o==="."?"":o,a={[R]:{slug:t,fsPath:i},slug:t};return T(a,n,e,r)}function Et(t,e,r,n,o){if(!t.startsWith(F))return!0;const s=t.match(/.\..{64}\.([A-Fa-f0-9]{8})\.[^\.]+$/)?.[1];if(!s)return!0;const i=n[s];if(!i)return!0;const{base:a,ext:c}=h.parse(t),f=a.split(".")[0],p=c.split(".").join(""),m=i==="."?"":i,P={[R]:{slug:t,fsPath:h.posix.join(m,`${f}.${p}`)},slug:t};return T(P,o,e,r)}async function Tt(t,e){const{isAuthenticated:r=!1,idpAccessToken:n,federatedAccessToken:o,federatedIdToken:s,...i}=await z(t,e),{teams:a=[]}=i;let c;return r?c=a.filter(f=>f!==O):c=[O],{isAuthenticated:r,idpAccessToken:n,teams:c,claims:i}}function j(t,e,r={},n=!1){if(!t)return t;if(Array.isArray(t)){const o=[];for(const s of t){const i=j(s,e,r,n);i!==void 0&&o.push(i)}return o}if(typeof t=="object"){if(!T(t,e,r,n))return;let o=!1;const s={};for(const i in t){if(i===_\|\|i===R)continue;if(K.has(i)){s[i]=t[i];continue}const a=j(t[i],e,r,n);if(i==="items"&&Array.isArray(a)&&a.length===0&&t[i].length!==0){o=!0;continue}a!==void 0&&(s[i]=a)}return o?void 0:s}return t}function Pt(t){return typeof t=="string"?t.split(" ").filter(Boolean):Array.isArray(t)?t.map(e=>e.toString()):[]}function xt(t,e){if(!e)return;const r=e.content;if(!r)return e;const n=Object.entries(r).flatMap(([s,i])=>s===L?[[s,i]]:[[s,i],...t.localeFolders.map(a=>[s.startsWith("/")?`/${a.toLocaleLowerCase()}${s}`:h.posix.join(t.localizationFolder,a,s),i])]),o=Object.fromEntries(n);return{...e,content:o}}async function Ot(t,e){if(!e)return{};const r={},n=new Set((await t.scan()).flatMap(({relativePath:o})=>{const{versionFolderPath:s}=N(o)\|\|{},i=h.dirname(o);return s?[s,i]:i}));for(const o of n)r[W(o)]=o;return r}const d=t=>typeof t=="object"&&t!==null&&!Array.isArray(t);function J(t){return t?t.split("/").filter(Boolean).some(r=>r.startsWith(".")):!1}const Q=t=>{if(t&&d(t)&&("content"in t&&d(t.content)\|\|"reunite"in t&&d(t.reunite)\|\|"features"in t&&d(t.features)\|\|t.teamFolders&&t.teamNamePatterns)){const e=Object.values(t.content\|\|{});if(e.length===0)return!0;if(e.every(d))return e.every(r=>Object.values(r).every(n=>typeof n=="string"))}return!1},Dt=async t=>{if(t){if(Object.keys(t).length===0)return{};if(Q(t))return X(t);await B.panicOnContentError(`You are using an incorrect format of ${k("rbac:")} configuration. See: https://redocly.com/docs/realm/access`)}},X=t=>{const e={...t};if(e.content){const r={};for(const n in e.content)if(e.content[n]!==void 0){const o=w(n);r[o]=e.content[n]}e.content=r}return e};function _t(t,e){const r=t.fsPath,n=t.slug,o=[];if(U(e)&&(r\|\|n)){const s=[r,n].filter(b),i=v(e,s);if(i){const a=e?.teamNamePatterns?.map(f=>f.replace("{teamPathSegment}",i.teamPathSegment).replace("{projectRole}","read"))??[];o.push(...a);const c=E({content:{...$(e),...e.content}},t);o.push(...D(c))}else{const a=E(e,t);o.push(...D(a))}}else{const s=E(e,t);o.push(...D(s))}return Z(e,o)}function D(t){if(!t)return[];const e=[],r=u in t?{authenticated:t[u],anonymous:t[u]}:{};for(const[n,o]of Object.entries({...r,...t}))o.toLowerCase()!=="none"&&n!==u&&e.push(n);return e}function Z(t,e){return e.map(n=>Y(t,n)??{teamName:n}).map(n=>n.projectRole&&n.projectRole!=="READ"?n.teamName?.toLowerCase().replace(n.projectRole?.toLowerCase?.()??"","read")??"":n.teamName?.toLowerCase()??"")}export{I as PROJECT_ROLES_ORDERED_BY_ACCESS_LEVEL,xt as applyL10nToRbacConfig,Et as canAccessAsset,Rt as canAccessFeature,T as canAccessResource,yt as canDownloadApiDefinition,Z as expandTeamsForRead,D as extractTeamsFromScopeItems,j as filterDataByAccessDeep,Tt as getAuthDetailsFromCookies,ht as getHigherRole,_t as getRbacTeamsListForResource,E as getScopeItemsForResource,Q as isRbacConfigValid,At as isResourcePubliclyAccessible,X as normalizeRbacConfig,Dt as parseRbacConfig,Pt as parseTeamClaimToArray,Ot as resolveDirectoryHashes};

package/dist/server/utils/report-all-errors.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{~~isBuildMode~~ as p}from"~~../utils~~/~~envs/is~~-~~build-mode~~.js";import{reporter as r}from"../tools/notifiers/reporter.js";import{isMarkdocError as d}from"../plugins/markdown/errors.js";import{telemetryTraceStep as m}from"../../cli/telemetry/helpers/trace-step.js";async function k(i){await m("build.validation_errors",async s=>{let e=0;for(const[a,c]of i.cache.errors.entries()){const f=a.split(":")[1];for(const o of c)d(o)?(r.reportMarkdocProblem(o),o.type!=="BROKEN_LINK"&&e++):await r.panicOnBuild(o.message,f)}const n=await i.getConfig();if(!p())return;const t=r.getPageRenderProblems().length;s?.setAttribute("markdocErrors",e.toString()),s?.setAttribute("pageRenderErrors",t.toString()),e>0&&!n?.reunite?.ignoreMarkdocErrors?(r.printErrors(),await r.panic(`Need to fix ${e} Markdoc issue(s) or set the \`ignoreMarkdocErrors\` option to \`true\` in the \`reunite\` section of your \`redocly.yaml\``)):t>0&&(r.printErrors(),await r.panic(`Need to fix ${t} runtime error(s) in React pages`))})}export{k as reportAllErrors};
1	+ import{envConfig as p}from"../../config/env-config.js";import{reporter as r}from"../tools/notifiers/reporter.js";import{isMarkdocError as d}from"../plugins/markdown/errors.js";import{telemetryTraceStep as m}from"../../cli/telemetry/helpers/trace-step.js";async function k(i){await m("build.validation_errors",async n=>{let e=0;for(const[a,c]of i.cache.errors.entries()){const f=a.split(":")[1];for(const o of c)d(o)?(r.reportMarkdocProblem(o),o.type!=="BROKEN_LINK"&&e++):await r.panicOnBuild(o.message,f)}const s=await i.getConfig();if(!p.isBuildMode)return;const t=r.getPageRenderProblems().length;n?.setAttribute("markdocErrors",e.toString()),n?.setAttribute("pageRenderErrors",t.toString()),e>0&&!s?.reunite?.ignoreMarkdocErrors?(r.printErrors(),await r.panic(`Need to fix ${e} Markdoc issue(s) or set the \`ignoreMarkdocErrors\` option to \`true\` in the \`reunite\` section of your \`redocly.yaml\``)):t>0&&(r.printErrors(),await r.panic(`Need to fix ${t} runtime error(s) in React pages`))})}export{k as reportAllErrors};

package/dist/server/utils/set-execution-mode.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+/**
+ * Must run before any module that reads envConfig.
+ */
+declare const command: string;
+//# sourceMappingURL=set-execution-mode.d.ts.map

package/dist/server/utils/set-execution-mode.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ const e=process.argv[2];e==="prepare"\|\|e==="build"?process.env.REDOCLY_EXECUTION_MODE="build":e==="develop"&&(process.env.REDOCLY_EXECUTION_MODE="develop");

package/dist/server/utils/time/with-timestamp.d.ts CHANGED Viewed

@@ -1,25 +1,57 @@
+type TimestampField = 'createdAt' | 'updatedAt' | 'archivedAt';
+type TimestampFieldsOptions = {
+    fields?: TimestampField[];
+    dates?: {
+        createdAt?: Date;
+        updatedAt?: Date;
+        archivedAt?: Date;
+    };
+};
+type TimestampFieldsMap = {
+    createdAt: string;
+    updatedAt: string;
+    archivedAt: string;
+};
+type WithTimestampResult<T, F extends TimestampField[]> = T & Pick<TimestampFieldsMap, F[number]>;
 /**
- * Adds timestamp fields (createdAt and updatedAt) to an object.
+ * Adds timestamp fields (createdAt, updatedAt, and/or archivedAt) to an object.
  *
  * @param data - The object to add timestamps to
- * @param updatedAtDate - Optional custom date for the updatedAt field. Defaults to current date
- * @param createdAtDate - Optional custom date for the createdAt field. Defaults to current date
- * @returns A new object containing all properties from the input data plus updatedAt and createdAt fields in ISO format
+ * @param options - Optional configuration object
+ * @param options.fields - Array of timestamp fields to include. Defaults to ['createdAt', 'updatedAt']
+ * @param options.dates - Optional custom dates for specific timestamp fields
+ * @returns A new object containing all properties from the input data plus the specified timestamp fields in ISO format
  *
  * @example
  * ```ts
- * // Add current timestamps
+ * // Add current timestamps (default: createdAt and updatedAt)
  * const result = withTimestamp({ id: 1, name: 'Test' });
  * // Returns { id: 1, name: 'Test', updatedAt: '2025-10-21T10:00:00.000Z', createdAt: '2025-10-21T10:00:00.000Z' }
  *
+ * // Only add updatedAt when updating data
+ * const result = withTimestamp({ id: 1, name: 'Updated' }, { fields: ['updatedAt'] });
+ * // Returns { id: 1, name: 'Updated', updatedAt: '2025-10-21T10:00:00.000Z' }
+ *
+ * // Only add archivedAt when archiving data
+ * const result = withTimestamp({ id: 1 }, { fields: ['archivedAt'] });
+ * // Returns { id: 1, archivedAt: '2025-10-21T10:00:00.000Z' }
+ *
  * // Use custom dates
  * const customDate = new Date('2025-01-01');
- * const result = withTimestamp({ id: 1 }, customDate, customDate);
+ * const result = withTimestamp({ id: 1 }, {
+ *   fields: ['createdAt', 'updatedAt'],
+ *   dates: { createdAt: customDate, updatedAt: customDate }
+ * });
  * // Returns { id: 1, updatedAt: '2025-01-01T00:00:00.000Z', createdAt: '2025-01-01T00:00:00.000Z' }
+ *
+ * // Add all three timestamps
+ * const result = withTimestamp({ id: 1 }, { fields: ['createdAt', 'updatedAt', 'archivedAt'] });
+ * // Returns { id: 1, createdAt: '...', updatedAt: '...', archivedAt: '...' }
  * ```
  */
-export declare const withTimestamp: <T extends Record<string, unknown>>(data: T, updatedAtDate?: Date, createdAtDate?: Date) => T & {
-    updatedAt: string;
-    createdAt: string;
-};
+export declare function withTimestamp<T extends Record<string, unknown>>(data: T, options?: TimestampFieldsOptions): WithTimestampResult<T, ['createdAt', 'updatedAt']>;
+export declare function withTimestamp<T extends Record<string, unknown>, F extends TimestampField[]>(data: T, options: {
+    fields: F;
+} & TimestampFieldsOptions): WithTimestampResult<T, F>;
+export {};
 //# sourceMappingURL=with-timestamp.d.ts.map

package/dist/server/utils/time/with-timestamp.js CHANGED Viewed

	@@ -1 +1 @@
1	- ~~const~~ s=(S,t,n)=>{const o=new Date,r=t?t.toISOString():o.~~toISOString~~(),i=~~n?n~~.toISOString():o.toISOString();return~~{...S,updatedAt:r,createdAt:i~~}};export{s as withTimestamp};
1	+ function s(i,n){const d=new Date,a=n?.fields??["createdAt","updatedAt"],c=n?.dates??{},e={...i};if(a.includes("createdAt")){const t=c.createdAt??d;e.createdAt=t.toISOString()}if(a.includes("updatedAt")){const t=c.updatedAt??d;e.updatedAt=t.toISOString()}if(a.includes("archivedAt")){const t=c.archivedAt??d;e.archivedAt=t.toISOString()}return e}export{s as withTimestamp};

package/dist/server/version.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{createRequire as e}from"module";const o=~~process~~.~~env.REDOCLY_LOCAL_DEV~~==="true"?"local":e(import.meta.url)("../../package.json").version;export{o as PORTAL_VERSION};
1	+ import{createRequire as o}from"module";import{envConfig as r}from"../config/env-config.js";const i=r.REDOCLY_INTERNAL_DEV==="true"?"local":o(import.meta.url)("../../package.json").version;export{i as PORTAL_VERSION};

package/dist/server/web-server/auth.js CHANGED Viewed

@@ -1,7 +1,7 @@
-import"../node-crypto-polyfill.js";import{DOMParser as U}from"@xmldom/xmldom";import{SignedXml as B}from"xml-crypto";import F from"xpath";import{deflateSync as J,inflateSync as q}from"fflate";import{createHash as H}from"crypto";import{ulid as W}from"ulid";import{AuthProviderType as u,DEFAULT_TEAM_CLAIM_NAME as K}from"@redocly/config";import{AUTH_URL as Q,JWT_SECRET_KEY as _}from"../constants/common.js";import{getPathPrefix as X,withPathPrefix as Y}from"@redocly/theme/core/utils";import{DEFAULT_AUTHENTICATED_TEAM as G,REQUIRED_OIDC_SCOPES as D,ServerRoutes as P}from"../../constants/common.js";import{appendQueryParams as Z}from"../../utils/url/append-query-params.js";import{logger as ee}from"../tools/notifiers/logger.js";import{randomString as te}from"../utils/crypto/random-string.js";import{randomUUID as R}from"../utils/crypto/random-uuid.js";import{AlgorithmTypes as I,JwtTokenExpired as ne}from"./jwt/types.js";import*as p from"./jwt/jwt.js";import{parseTeamClaimToArray as re}from"../utils/index.js";import{arrayBufferToBase64 as ae,decodeBase64 as v,encodeBase64URL as oe,urlSafeBase64 as j}from"./jwt/encode.js";import{formatSamlCertificate as se}from"./utils/format-saml-certificate.js";function N(e){return e?.type===u.OIDC}function ie(e){return e?.type===u.SAML2}async function ze(e,t){if(N(t))return ce(e,t);if(ie(t))return ue(e,t)}async function ce(e,t){const n=await V(e,t),r=new Set((t.scopes||[]).concat(D)),a=t.authorizationRequestCustomParams||{};return{type:u.OIDC,idpId:e,name:"OAuth provider",authorizationEndpoint:n.authorization_endpoint,clientId:t.clientId,responseType:"code",scope:Array.from(r).join(" "),extraParams:a,pkce:t.pkce}}function ue(e,t){return{type:u.SAML2,idpId:e,name:"SAML2 provider",ssoUrl:t.ssoUrl,issuerId:t.issuerId,entityId:t.entityId||t.issuerId}}async function Be(e,t,n,r,a={}){const o=new Set((r.scopes||[]).concat(D));return await fetch(e,{method:"POST",body:new URLSearchParams({client_id:r.clientId,scope:Array.from(o).join(" "),code:t,redirect_uri:E(n),grant_type:"authorization_code",...r.clientSecret?{client_secret:r.clientSecret}:{},...a}).toString(),headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"}}).then(s=>s.json())}function de(e,{authorizationEndpoint:t,clientId:n,responseType:r,scope:a,extraParams:o,idpId:s,pkce:l},m,A,w){if(!t||!n||!r||!a)return{loginUrl:void 0};const c=new URL(t),f=w?.redirectUriOverride??`${e}${Y(P.OIDC_CALLBACK)}`,S={state:R(),idpId:s,redirectUri:f,redirectTo:m,branch:w?.branchOverride??me(e),inviteCode:A,source:w?.sourceOverride??"portal"},h={};if(l){const d=j(te(50)),g=j(H("sha256").update(d).digest("base64")),x="S256";c.searchParams.append("code_challenge",g),c.searchParams.append("code_challenge_method",x),h.code_verifier={value:d,options:{secure:!0,httpOnly:!0,expires:new Date(Date.now()+1e3*60*10),path:X()||"/"}}}c.searchParams.append("client_id",n),c.searchParams.append("scope",a),c.searchParams.append("response_type",r),c.searchParams.append("redirect_uri",E(f)),c.searchParams.append("state",oe(JSON.stringify(S)));for(const d in o)o[d]!==void 0&&c.searchParams.append(d,o[d]);return{loginUrl:c.toString(),cookies:h}}function Fe(e,t,n,r){const a=new URL(e);return a.searchParams.append("post_logout_redirect_uri",t),r&&a.searchParams.append("state",r),a.searchParams.append("id_token_hint",n),a.toString()}async function Je(e){const t=Math.floor(Date.now()/1e3),n=t+(e.ttlSec??600);return p.sign({type:"mcp_auth_code",client_id:e.clientId,redirect_uri:e.redirectUri,id_token:e.idToken,iat:t,exp:n},_)}async function qe(e){const{header:t,payload:n}=p.decode(e),a=Object.values(I).includes(t.alg)?t.alg:I.HS256;if(await p.verify(e,_,a),n.type!=="mcp_auth_code")throw new Error("Invalid authorization code type");if(!n.client_id||!n.redirect_uri)throw new Error("Authorization code missing required claims");if(typeof n.exp=="number"&&Date.now()>=n.exp*1e3)throw new Error("Authorization code expired");return n}function He(e){const t=e||W(),n=t.startsWith("mcp_")?t:`mcp_${t}`;return{id:n,object:"mcp_session",uri:`urn:redocly:realm:mcp:session:${n}`}}function E(e){return e.match(/^https:\/\/preview-[^\.]+--/)?"https://previewauth--"+e.split("--")[1]:e.match(/^(https:\/\/[^\.]+)--[^\.]+\.preview\./)?e.replace(/^(https:\/\/[^\.]+?)--[^\.]+\.preview\./,"$1.previewauth."):e}function me(e){return e.match(/^(https:\/\/[^\.]+)--([^\.]+)\.preview\./)?.[2]||void 0}function le(e){return e.type===u.OIDC}function pe(e){return e.type===u.SAML2}function We(e,t,n,r){return le(e)?de(t,e,n,r):pe(e)?fe(t,e,n,r):{}}function fe(e,t,n,r){const o=`<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+import"../node-crypto-polyfill.js";import{DOMParser as D}from"@xmldom/xmldom";import{SignedXml as B}from"xml-crypto";import F from"xpath";import{deflateSync as H,inflateSync as J}from"fflate";import{createHash as q}from"crypto";import{ulid as W}from"ulid";import{AuthProviderType as u,DEFAULT_TEAM_CLAIM_NAME as K}from"@redocly/config";import{AUTH_URL as Q,JWT_SECRET_KEY as I}from"../constants/common.js";import{getPathPrefix as X,withPathPrefix as Y}from"@redocly/theme/core/utils";import{DEFAULT_AUTHENTICATED_TEAM as G,REQUIRED_OIDC_SCOPES as N,ServerRoutes as P}from"../../constants/common.js";import{appendQueryParams as Z}from"../../utils/url/append-query-params.js";import{logger as ee}from"../tools/notifiers/logger.js";import{randomString as te}from"../utils/crypto/random-string.js";import{randomUUID as k}from"../utils/crypto/random-uuid.js";import{AlgorithmTypes as y,JwtTokenExpired as ne}from"./jwt/types.js";import*as p from"./jwt/jwt.js";import{parseTeamClaimToArray as re}from"../utils/index.js";import{arrayBufferToBase64 as ae,decodeBase64 as R,encodeBase64URL as oe,urlSafeBase64 as v}from"./jwt/encode.js";import{formatSamlCertificate as se}from"./utils/format-saml-certificate.js";function j(e){return e?.type===u.OIDC}function ie(e){return e?.type===u.SAML2}async function ze(e,t){if(j(t))return ce(e,t);if(ie(t))return ue(e,t)}async function ce(e,t){const r=await V(e,t),n=new Set((t.scopes||[]).concat(N)),a=t.authorizationRequestCustomParams||{};return{type:u.OIDC,idpId:e,name:"OAuth provider",authorizationEndpoint:r.authorization_endpoint,clientId:t.clientId,responseType:"code",scope:Array.from(n).join(" "),extraParams:a,pkce:t.pkce}}function ue(e,t){return{type:u.SAML2,idpId:e,name:"SAML2 provider",ssoUrl:t.ssoUrl,issuerId:t.issuerId,entityId:t.entityId||t.issuerId}}async function Be(e,t,r,n,a={}){const o=new Set((n.scopes||[]).concat(N));return await fetch(e,{method:"POST",body:new URLSearchParams({client_id:n.clientId,scope:Array.from(o).join(" "),code:t,redirect_uri:E(r),grant_type:"authorization_code",...n.clientSecret?{client_secret:n.clientSecret}:{},...a}).toString(),headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"}}).then(s=>s.json())}function de(e,{authorizationEndpoint:t,clientId:r,responseType:n,scope:a,extraParams:o,idpId:s,pkce:l},m,A,S){if(!t||!r||!n||!a)return{loginUrl:void 0};const c=new URL(t),f=S?.redirectUriOverride??`${e}${Y(P.OIDC_CALLBACK)}`,x={state:k(),idpId:s,redirectUri:f,redirectTo:m,branch:S?.branchOverride??me(e),inviteCode:A,source:S?.sourceOverride??"portal"},h={};if(l){const d=v(te(50)),_=v(q("sha256").update(d).digest("base64")),g="S256";c.searchParams.append("code_challenge",_),c.searchParams.append("code_challenge_method",g),h.code_verifier={value:d,options:{secure:!0,httpOnly:!0,expires:new Date(Date.now()+1e3*60*10),path:X()||"/"}}}c.searchParams.append("client_id",r),c.searchParams.append("scope",a),c.searchParams.append("response_type",n),c.searchParams.append("redirect_uri",E(f)),c.searchParams.append("state",oe(JSON.stringify(x)));for(const d in o)o[d]!==void 0&&c.searchParams.append(d,o[d]);return{loginUrl:c.toString(),cookies:h}}function Fe(e,t,r,n){const a=new URL(e);return a.searchParams.append("post_logout_redirect_uri",t),n&&a.searchParams.append("state",n),a.searchParams.append("id_token_hint",r),a.toString()}async function He(e){const t=Math.floor(Date.now()/1e3),r=t+(e.ttlSec??600);return p.sign({type:"mcp_auth_code",client_id:e.clientId,redirect_uri:e.redirectUri,id_token:e.idToken,iat:t,exp:r},I,y.HS256)}async function Je(e){await p.verify(e,I,y.HS256);const{payload:t}=p.decode(e);if(t.type!=="mcp_auth_code")throw new Error("Invalid authorization code type");if(!t.client_id||!t.redirect_uri)throw new Error("Authorization code missing required claims");if(typeof t.exp=="number"&&Date.now()>=t.exp*1e3)throw new Error("Authorization code expired");return t}function qe(e){const t=e||W(),r=t.startsWith("mcp_")?t:`mcp_${t}`;return{id:r,object:"mcp_session",uri:`urn:redocly:realm:mcp:session:${r}`}}function E(e){return e.match(/^https:\/\/preview-[^\.]+--/)?"https://previewauth--"+e.split("--")[1]:e.match(/^(https:\/\/[^\.]+)--[^\.]+\.preview\./)?e.replace(/^(https:\/\/[^\.]+?)--[^\.]+\.preview\./,"$1.previewauth."):e}function me(e){return e.match(/^(https:\/\/[^\.]+?)--([^\.]+)\.preview\./)?.[2]||void 0}function le(e){return e.type===u.OIDC}function pe(e){return e.type===u.SAML2}function We(e,t,r,n){return le(e)?de(t,e,r,n):pe(e)?fe(t,e,r,n):{}}function fe(e,t,r,n){const o=`<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
     Version="2.0"
-    ID="_${R()}"
+    ID="_${k()}"
     IssueInstant="${new Date().toISOString()}"
     AssertionConsumerServiceURL="${e}${P.SAML_CALLBACK}"
     AttributeConsumingServiceIndex="0">
@@ -9,4 +9,4 @@ import"../node-crypto-polyfill.js";import{DOMParser as U}from"@xmldom/xmldom";im
     <samlp:NameIDPolicy
       AllowCreate="true"
       Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
-  </samlp:AuthnRequest>`,s=he(o);return{loginUrl:Z(t.ssoUrl,{SAMLRequest:s,RelayState:JSON.stringify({idpId:t.idpId,redirectTo:n,inviteCode:r,source:"portal"})})}}function he(e){return ae(J(new TextEncoder().encode(e)).buffer)}function Ke(e){const t=v(e);if(t.startsWith("<samlp:Response")||t.indexOf("<saml2p:Response")>-1)return t;const n=q(new Uint8Array(atob(e).split("").map(r=>r.charCodeAt(0))));return new TextDecoder().decode(n)}function Qe(e){try{return JSON.parse(v(e||""))}catch{throw new Error("Invalid OAuth2 state")}}function Xe(e){const t=new U().parseFromString(e,"application/xml"),r=i(t,"//*[local-name(.)='StatusCode']/@Value")[0]?.nodeValue?.endsWith("Success")||!1,o=i(t,"//*[local-name(.)='Response']/@Destination")[0]?.nodeValue||"",s=i(t,"//*[local-name(.)='Assertion']//*[local-name(.)='Issuer']/text()")[0],l=s&&s.nodeValue||void 0,m=i(t,"//*[local-name(.)='Audience']/text()")[0],A=m&&m.nodeValue||void 0,c=i(t,"//*[local-name(.)='Assertion']//*[local-name(.)='X509Certificate']/text()")[0]?.nodeValue||"",f=i(t,"//*[local-name(.)='Subject']//*[local-name(.)='NameID']/text()")[0],S=f&&f.nodeValue||"",h=i(t,"//*[local-name(.)='Subject']//*[local-name(.)='NameID']/@Format")[0],d=h&&h.nodeValue||"",g=i(t,"//*[local-name(.)='Conditions']/@NotOnOrAfter")[0],x=ye(g),k={},T=i(t,"//*[local-name(.)='AttributeStatement']//*[local-name(.)='Attribute']");if(T.length)for(const C of T){const O=i(C,"./@Name")[0];if(O.nodeValue){const b=i(C,"./*[local-name(.)='AttributeValue']/text()")[0];b?.nodeValue&&(k[O.nodeValue]=b.nodeValue)}}return{uid:S,success:r,expiresAt:x,issuerId:l,entityId:A,attrs:k,cert:c,nameFormat:d,destination:o}}function ye(e){const t=typeof e?.nodeValue=="string"&&L(Date.parse(e.nodeValue)),n=L(Date.now()),r=L(Date.now()+720*60*1e3);return t?t>n&&t<r?r:t:n}function L(e){return Math.floor(e/1e3)}const M={},y={jwks:{}};async function V(e,t){return M[e]||(M[e]=t.configurationUrl?await $(t.configurationUrl):t.configuration),M[e]}async function we(e){for(const t of Object.keys(e)){const n=e[t];if(!N(n))continue;const r=await V(t,n);if(r.jwks_uri){const a=await $(r.jwks_uri);for(const o of a.keys)y.jwks[o.kid]={...o,idpId:t}}}}async function $(e){return fetch(e,{headers:{Accept:"application/json"}}).then(t=>t.json())}async function Ye(e){return fetch(`${Q}/oidc/userinfo`,{headers:{Accept:"application/json",Authorization:`Bearer ${e}`}}).then(t=>t.status===200?t.json():void 0).catch(()=>{})}function Ge(e){if(!e.configurationUrl)return!1;const t=new URL(e.configurationUrl);return["localhost","127.0.0.1","blueharvest.cloud","bhstage.cloud","cloud.redocly.com","beta.redocly.com","cloud.eu.redocly.com","beta.eu.redocly.com","cba.au.redocly.com"].some(r=>Ae(t.hostname,r))}function Ae(e,t){return e===t||e.endsWith(`.${t}`)}async function Ze(e,t){const n=new U().parseFromString(e),r=i(n,"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];if(!r)throw new Error("Cannot find Signature in the SAML response");const a=se(t),o=new B({publicCert:a});o.loadSignature(r);try{return o.checkSignature(e)}catch{return!1}}function et(e,t,n,r){t==="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"&&(e=n["http://schemas.microsoft.com/identity/claims/objectidentifier"]);let a;(t==="urn:oasis:names:tc:SAML:2.0:nameid-format:email"||t==="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")&&(a=e),t==="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"&&e?.match(/.+@.+/)&&(a=e);const o=n["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"],s=o?.match(/.+@.+/);return a=a||n["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]||(s?o:void 0),a=a?.toLowerCase(),{sub:e,given_name:n["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"],family_name:n["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"],name:n["http://schemas.microsoft.com/identity/claims/displayname"]||o,email:a,email_verified:!0,teams:r?re(n[r]):[]}}function z(e,t={}){return e.map(n=>t[n]||n)}async function tt(e,t){if(!t)return{};const n=t.authorization;if(!n)return{};try{const r=p.decode(n);if(r.header.alg===I.RS256){y.jwks[r.header.kid]===void 0&&await we(e);const m=y.jwks[r.header.kid];if(!m)return y.jwks[r.header.kid]=null,{};await p.verify(n,m,r.header.alg)}else await p.verify(n,_,r.header.alg);const a=r.payload.idpId||y.jwks[r.header.kid]?.idpId,o=e[a]||{},s=xe(o),l=ge(o);return{...r.payload,email:r.payload.email?.toLowerCase(),idpId:a,teams:Array.from(new Set([...z(r.payload.teams||[],l),..."defaultTeams"in o&&o.defaultTeams||[],...z("teamsClaimName"in o&&r.payload[s||""]||[],l),G])),name:Se(r.payload),isAuthenticated:!0,idpAccessToken:t.idp_access_token,federatedAccessToken:t.federated_access_token,federatedIdToken:t.federated_id_token,authCookie:n}}catch(r){r instanceof ne||ee.error("Malformed JWT token: %s",r.message)}return{}}function Se(e){return e.name||e.given_name||e.email}function ge(e){switch(e.type){case u.SAML2:return e.teamsAttributeMap;case u.OIDC:return e.teamsClaimMap;default:return}}function xe(e){switch(e.type){case u.SAML2:return e.teamsAttributeName;case u.OIDC:return e.teamsClaimName;default:return K}}function i(e,t){return F.select(t,e)||[]}export{We as buildLoginUrl,de as buildOidcLoginUrl,Fe as buildOidcLogoutUrl,fe as buildSAML2LoginUrl,Je as createMcpAuthorizationCode,He as createMcpSessionResource,Ke as decodeSamlResponse,he as encodeSAML2,et as extractUserClaims,ze as getAuthProviderLoginParams,ce as getOidcLoginParams,V as getOidcMetadata,Ye as getRedoclyTokenPayload,ue as getSaml2LoginParams,tt as getUserParamsFromCookies,Se as getUsernameFromPayload,N as isOidcProviderConfig,Ge as isRedoclySso,ie as isSaml2ProviderConfig,Be as oidcExchangeCodeForToken,Qe as parseOidcState,me as parsePreviewBranch,Xe as parseSamlResponse,E as rewritePreviewAuthRedirectUri,qe as verifyMcpAuthorizationCode,Ze as verifySAMLResponse};
+  </samlp:AuthnRequest>`,s=he(o);return{loginUrl:Z(t.ssoUrl,{SAMLRequest:s,RelayState:JSON.stringify({idpId:t.idpId,redirectTo:r,inviteCode:n,source:"portal"})})}}function he(e){return ae(H(new TextEncoder().encode(e)).buffer)}function Ke(e){const t=R(e);if(t.startsWith("<samlp:Response")||t.indexOf("<saml2p:Response")>-1)return t;const r=J(new Uint8Array(atob(e).split("").map(n=>n.charCodeAt(0))));return new TextDecoder().decode(r)}function Qe(e){try{return JSON.parse(R(e||""))}catch{throw new Error("Invalid OAuth2 state")}}function Xe(e){const t=new D().parseFromString(e,"application/xml"),n=i(t,"//*[local-name(.)='StatusCode']/@Value")[0]?.nodeValue?.endsWith("Success")||!1,o=i(t,"//*[local-name(.)='Response']/@Destination")[0]?.nodeValue||"",s=i(t,"//*[local-name(.)='Assertion']//*[local-name(.)='Issuer']/text()")[0],l=s&&s.nodeValue||void 0,m=i(t,"//*[local-name(.)='Audience']/text()")[0],A=m&&m.nodeValue||void 0,c=i(t,"//*[local-name(.)='Assertion']//*[local-name(.)='X509Certificate']/text()")[0]?.nodeValue||"",f=i(t,"//*[local-name(.)='Subject']//*[local-name(.)='NameID']/text()")[0],x=f&&f.nodeValue||"",h=i(t,"//*[local-name(.)='Subject']//*[local-name(.)='NameID']/@Format")[0],d=h&&h.nodeValue||"",_=i(t,"//*[local-name(.)='Conditions']/@NotOnOrAfter")[0],g=ye(_),T={},C=i(t,"//*[local-name(.)='AttributeStatement']//*[local-name(.)='Attribute']");if(C.length)for(const O of C){const U=i(O,"./@Name")[0];if(U.nodeValue){const b=i(O,"./*[local-name(.)='AttributeValue']/text()")[0];b?.nodeValue&&(T[U.nodeValue]=b.nodeValue)}}return{uid:x,success:n,expiresAt:g,issuerId:l,entityId:A,attrs:T,cert:c,nameFormat:d,destination:o}}function ye(e){const t=typeof e?.nodeValue=="string"&&L(Date.parse(e.nodeValue)),r=L(Date.now()),n=L(Date.now()+720*60*1e3);return t?t>r&&t<n?n:t:r}function L(e){return Math.floor(e/1e3)}const M={},w={jwks:{}};async function V(e,t){return M[e]||(M[e]=t.configurationUrl?await $(t.configurationUrl):t.configuration),M[e]}async function we(e){for(const t of Object.keys(e)){const r=e[t];if(!j(r))continue;const n=await V(t,r);if(n.jwks_uri){const a=await $(n.jwks_uri);for(const o of a.keys)w.jwks[o.kid]={...o,idpId:t}}}}async function $(e){return fetch(e,{headers:{Accept:"application/json"}}).then(t=>t.json())}async function Ye(e){return fetch(`${Q}/oidc/userinfo`,{headers:{Accept:"application/json",Authorization:`Bearer ${e}`}}).then(t=>t.status===200?t.json():void 0).catch(()=>{})}function Ge(e){if(!e.configurationUrl)return!1;const t=new URL(e.configurationUrl);return["localhost","127.0.0.1","blueharvest.cloud","bhstage.cloud","cloud.redocly.com","beta.redocly.com","cloud.eu.redocly.com","beta.eu.redocly.com","cba.au.redocly.com"].some(n=>Se(t.hostname,n))}function Se(e,t){return e===t||e.endsWith(`.${t}`)}async function Ze(e,t){const r=new D().parseFromString(e),n=i(r,"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];if(!n)throw new Error("Cannot find Signature in the SAML response");const a=se(t),o=new B({publicCert:a});o.loadSignature(n);try{return o.checkSignature(e)}catch{return!1}}function et(e,t,r,n){t==="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"&&(e=r["http://schemas.microsoft.com/identity/claims/objectidentifier"]);let a;(t==="urn:oasis:names:tc:SAML:2.0:nameid-format:email"||t==="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")&&(a=e),t==="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"&&e?.match(/.+@.+/)&&(a=e);const o=r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"],s=o?.match(/.+@.+/);return a=a||r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]||(s?o:void 0),a=a?.toLowerCase(),{sub:e,given_name:r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"],family_name:r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"],name:r["http://schemas.microsoft.com/identity/claims/displayname"]||o,email:a,email_verified:!0,teams:n?re(r[n]):[]}}function z(e,t={}){return e.map(r=>t[r]||r)}async function tt(e,t){if(!t)return{};const r=t.authorization;if(!r)return{};try{const n=p.decode(r);if(n.header.alg===y.RS256){w.jwks[n.header.kid]===void 0&&await we(e);const m=w.jwks[n.header.kid];if(!m)return w.jwks[n.header.kid]=null,{};await p.verify(r,m,y.RS256)}else await p.verify(r,I,y.HS256);const a=n.payload.idpId||w.jwks[n.header.kid]?.idpId,o=e[a]||{},s=_e(o),l=xe(o);return{...n.payload,email:n.payload.email?.toLowerCase(),idpId:a,teams:Array.from(new Set([...z(n.payload.teams||[],l),..."defaultTeams"in o&&o.defaultTeams||[],...z("teamsClaimName"in o&&n.payload[s||""]||[],l),G])),name:Ae(n.payload),isAuthenticated:!0,idpAccessToken:t.idp_access_token,federatedAccessToken:t.federated_access_token,federatedIdToken:t.federated_id_token,authCookie:r}}catch(n){n instanceof ne||ee.error("Malformed JWT token: %s",n.message)}return{}}function Ae(e){return(e.firstName&&e.lastName?`${e.firstName} ${e.lastName}`:e.name||e.given_name||e.firstName||e.lastName)||e.email}function xe(e){switch(e.type){case u.SAML2:return e.teamsAttributeMap;case u.OIDC:return e.teamsClaimMap;default:return}}function _e(e){switch(e.type){case u.SAML2:return e.teamsAttributeName;case u.OIDC:return e.teamsClaimName;default:return K}}function i(e,t){return F.select(t,e)||[]}export{We as buildLoginUrl,de as buildOidcLoginUrl,Fe as buildOidcLogoutUrl,fe as buildSAML2LoginUrl,He as createMcpAuthorizationCode,qe as createMcpSessionResource,Ke as decodeSamlResponse,he as encodeSAML2,et as extractUserClaims,ze as getAuthProviderLoginParams,ce as getOidcLoginParams,V as getOidcMetadata,Ye as getRedoclyTokenPayload,ue as getSaml2LoginParams,tt as getUserParamsFromCookies,Ae as getUsernameFromPayload,j as isOidcProviderConfig,Ge as isRedoclySso,ie as isSaml2ProviderConfig,Be as oidcExchangeCodeForToken,Qe as parseOidcState,me as parsePreviewBranch,Xe as parseSamlResponse,E as rewritePreviewAuthRedirectUri,Je as verifyMcpAuthorizationCode,Ze as verifySAMLResponse};

package/dist/server/web-server/dev-server.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{ServerRoutes as c}from"../../constants/common.js";import{reporter as n}from"../tools/notifiers/reporter.js";import{telemetry as s}from"../telemetry/index.js";import{installDevRoutes as p,installProdRoutes as f}from"./routes/index.js";import{createRouter as v}from"./router.js";import{readStaticAsset as l}from"./node-asset-reader.js";import{startHttpServer as u}from"./http.js";import{listenStore as S}from"./store-ws.js";import{ejectComponentDataHandler as D}from"./routes/eject.js";import{attachWsServer as d}from"./ws.js";import{DatabasePreconnectService as w}from"../providers/database/database-preconnect-service.js";import{KvService as E}from"../persistence/kv/services/kv-service.js";import{runScorecardsWorker as R}from"../plugins/scorecards/workers/run-scorecards-worker.js";import{isCatalogEntitiesEnabled as b}from"../utils/is-catalog-entities-enabled.js";import{isScorecardsEnabled as C}from"../utils/is-scorecards-enabled.js";async function J(r,o,i){s.initialize(!0);const{port:a=4e3}=i,e=v();if(e.get(c.EJECT_COMPONENT,D(r)),p(e,r),f(e,r,{readStaticAsset:l,resolveRouteData:t=>r.resolveRouteStaticData(t,o)}),b()){await w.init(r.serverOutDir);const t=await E.getInstance({baseDbDir:r.serverOutDir});setInterval(()=>t.clearExpired(),300*1e3)}try{await r.userCodeReady;const t=await u(e,a),m=d(t);S(r,m),C(r.config)&&await R(r.serverOutDir)}catch(t){await n.panic(t)}}export{J as startDevServer};
1	+ import{ServerRoutes as c}from"../../constants/common.js";import{reporter as n}from"../tools/notifiers/reporter.js";import{telemetry as s}from"../telemetry/index.js";import{installDevRoutes as p,installProdRoutes as f}from"./routes/index.js";import{createRouter as v}from"./router.js";import{readStaticAsset as l}from"./node-asset-reader.js";import{startHttpServer as u}from"./http.js";import{listenStore as S}from"./store-ws.js";import{ejectComponentDataHandler as d}from"./routes/eject.js";import{attachWsServer as D}from"./ws.js";import{DatabasePreconnectService as w}from"../providers/database/database-preconnect-service.js";import{KvService as E}from"../persistence/kv/services/kv-service.js";import{runScorecardsWorker as R}from"../plugins/scorecards/workers/run-scorecards-worker.js";import{isCatalogEntitiesEnabled as b}from"../utils/is-catalog-entities-enabled.js";import{isScorecardsEnabled as g}from"../utils/is-scorecards-enabled.js";async function J(r,o,i){s.initialize(!0);const{port:a=4e3}=i,e=v();if(e.get(c.EJECT_COMPONENT,d(r)),p(e,r),f(e,r,{readStaticAsset:l,resolveRouteData:t=>r.resolveRouteStaticData(t,o)}),b()){await w.init(r.serverOutDir);const t=await E.getInstance({baseDbDir:r.serverOutDir});setInterval(()=>t.clearExpired(),300*1e3)}try{await r.userCodeReady;const t=await u(e,a),m=D(t);S(r,m),g(r.config)&&await R(r.serverOutDir,r.config.scorecards)}catch(t){await n.panic(t)}}export{J as startDevServer};

package/dist/server/web-server/handle-api-route-request.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{logger as n}from"../tools/notifiers/logger.js";import{~~runApiRoutesWorker~~ as o}from"../api-routes/run-api-routes-worker.js";import{~~runMcpWorker~~ as m}from"../plugins/mcp/~~workers/run-api-routes-worker~~.js";import{~~MCP_DOCS_SERVER_HANDLER_ID~~ as i}from"../plugins/mcp/~~index~~.js";async function f(t,s,a){try{const e=n.startTiming(),r=t.requestHandlerId===i?await m(t,s,a):await o(t,s,a);return n.infoTime(e,`API request handled "${new URL(s.req.url).pathname}" with status "${r.status}" and content type "${r.headers?.get("content-type")}"`),r.headers.set("X-Source","REALM_API_FUNCTION"),r}catch(e){return n.error(`[${t.requestHandlerId}] ${e.stack}`),e.name==="RequestBodySizeLimitError"?s.json({message:e.message},{status:413}):e.name==="ResponseSizeLimitError"?s.json({message:e.message},{status:500}):e.name==="MemoryUsageLimitError"?s.json({message:e.message},{status:502}):e.name==="TimeoutExceededError"?s.json({message:e.message},{status:504}):~~process~~.~~env.NODE_ENV==="development"~~?s.json({message:e.message},{status:500}):s.json({message:"Internal server error"},{status:500})}}export{f as handleApiRouteRequest};
1	+ import{logger as n}from"../tools/notifiers/logger.js";import{envConfig as o}from"../../config/env-config.js";import{runApiRoutesWorker as m}from"../api-routes/run-api-routes-worker.js";import{MCP_DOCS_SERVER_HANDLER_ID as i}from"../plugins/mcp/index.js";import{handleMcpRequest as u}from"../plugins/mcp/handlers/handle-mcp-request.js";async function l(r,s,a){try{const e=n.startTiming(),t=r.requestHandlerId===i?await u(r,s,a):await m(r,s,a);return n.infoTime(e,`API request handled "${new URL(s.req.url).pathname}" with status "${t.status}" and content type "${t.headers?.get("content-type")}"`),t.headers.set("X-Source","REALM_API_FUNCTION"),t}catch(e){return n.error(`[${r.requestHandlerId}] ${e.stack}`),e.name==="RequestBodySizeLimitError"?s.json({message:e.message},{status:413}):e.name==="ResponseSizeLimitError"?s.json({message:e.message},{status:500}):e.name==="MemoryUsageLimitError"?s.json({message:e.message},{status:502}):e.name==="TimeoutExceededError"?s.json({message:e.message},{status:504}):o.isDevelopMode?s.json({message:e.message},{status:500}):s.json({message:"Internal server error"},{status:500})}}export{l as handleApiRouteRequest};

package/dist/server/web-server/http.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import*as E from"node:http";import{AsyncLocalStorage as A}from"node:async_hooks";import{Readable as u,Stream as H}from"node:stream";import{pipeline as k}from"node:stream/promises";import{ReadableStream as C}from"node:stream/web";import{getPathPrefix as S}from"@redocly/theme/core/utils";import{ALLOWED_CORS_ORIGINS as L}from"../../constants/common.js";import{logger as d}from"../tools/notifiers/logger.js";import{shutdowner as x}from"../tools/shutdowner.js";import{isDevelopMode as I}from"../utils/envs/is-develop-mode.js";import{getClientIp as T}from"./utils/get-client-ip.js";import{normalizeIpAddress as $}from"./utils.js";const y=new A;globalThis.redoclyCookieStorage=y;function B(n,c=4e3){return new Promise((m,p)=>{const l=E.createServer(async(r,t)=>{const R=r.headers.cookie||"";y.run(R,async()=>{let s;try{const e=new URL(r.url||"",`http://${r.headers.host}`),o=[],f=r.rawHeaders.length;for(let i=0;i<f;i+=2)o.push([r.rawHeaders[i],r.rawHeaders[i+1]]);const a={headers:o,method:r.method};r.method==="GET"||r.method==="HEAD"||(a.body=u.toWeb(r),a.duplex="half");const h=new Request(e.toString(),a),b=T(h)||"127.0.0.1",v=h?.headers?.get("x-forwarded-host")||$(r.socket.remoteAddress);h.context={remoteAddr:{hostname:v,port:r.socket.localPort,ipAddress:b},url:e},s=await n.fetch(h)}catch(e){s=new Response(null,{status:500}),e instanceof Error&&(e.name==="TimeoutError"||e.constructor.name==="TimeoutError"?s=new Response(null,{status:504}):e.code==="ERR_INVALID_URL"&&(s=new Response("Invalid URL",{status:404})),d.error(`Error while handling request: %s
-%s`,e.message,e.stack))}const w=r.headers.origin;w&&L.some(e=>w===e)&&(t.setHeader("Access-Control-Allow-Origin",w),t.setHeader("Access-Control-Allow-Credentials","true"));for(const[e,o]of s.headers||[])try{e==="set-cookie"?t.setHeader(e,s.headers.getSetCookie(e)):t.setHeader(e,o)}catch(f){d.error(`Error while setting header: ${f?.message}`)}if(t.setHeader("Vary","Cookie"),t.statusCode=s.status||500,s.body)try{if(P(s)){const e=new H.Transform({transform(o,f,a){if(t.closed||t.destroyed)return a();t.write(o,f)?process.nextTick(a):t.once("drain",a)},flush(o){if(t.closed||t.destroyed)return o();t.end(),o()}});await k(s.body instanceof C?u.fromWeb(s.body):s.body,e)}else{const e=await s.text();t.setHeader("Content-Length",Buffer.byteLength(e)),t.end(e)}}catch(e){console.error(e);const o=e instanceof Error?e:new Error("unknown error",{cause:e});t.destroy(o)}else t.end()})});x.registerShutdownCallback(()=>new Promise(r=>{d.verbose("Shutting down http server"),l.close(()=>{d.verbose("Http server shut down"),r()})})),l.listen(parseInt(String(c),10)).on("listening",()=>{I()?d.logInFooter("server",`  \u{1F310} Preview URL: http://127.0.0.1:${c}${S()}`):d.logInFooter("server",`Server started at: http://127.0.0.1:${c}${S()}`),m(l)}).on("error",p)})}function P(n){const c=n.headers.get("content-type")||"",m=n.headers.get("x-accel-buffering")||"",p=n.headers.get("content-encoding"),l=n.headers.get("content-length"),r=n.headers.get("transfer-encoding");return p||r||l||/^no$/i.test(m)||!/^(text\/(?!event-stream\b))/i.test(c)}export{B as startHttpServer};
+import*as E from"node:http";import{AsyncLocalStorage as A}from"node:async_hooks";import{Readable as u,Stream as C}from"node:stream";import{pipeline as H}from"node:stream/promises";import{ReadableStream as k}from"node:stream/web";import{getPathPrefix as S}from"@redocly/theme/core/utils";import{ALLOWED_CORS_ORIGINS as L}from"../../constants/common.js";import{logger as d}from"../tools/notifiers/logger.js";import{shutdowner as x}from"../tools/shutdowner.js";import{envConfig as I}from"../../config/env-config.js";import{getClientIp as T}from"./utils/get-client-ip.js";import{normalizeIpAddress as $}from"./utils.js";const y=new A;globalThis.redoclyCookieStorage=y;function B(n,c=4e3){return new Promise((m,p)=>{const l=E.createServer(async(r,t)=>{const v=r.headers.cookie||"";y.run(v,async()=>{let s;try{const e=new URL(r.url||"",`http://${r.headers.host}`),o=[],f=r.rawHeaders.length;for(let i=0;i<f;i+=2)o.push([r.rawHeaders[i],r.rawHeaders[i+1]]);const a={headers:o,method:r.method};r.method==="GET"||r.method==="HEAD"||(a.body=u.toWeb(r),a.duplex="half");const h=new Request(e.toString(),a),R=T(h)||"127.0.0.1",b=h?.headers?.get("x-forwarded-host")||$(r.socket.remoteAddress);h.context={remoteAddr:{hostname:b,port:r.socket.localPort,ipAddress:R},url:e},s=await n.fetch(h)}catch(e){s=new Response(null,{status:500}),e instanceof Error&&(e.name==="TimeoutError"||e.constructor.name==="TimeoutError"?s=new Response(null,{status:504}):e.code==="ERR_INVALID_URL"&&(s=new Response("Invalid URL",{status:404})),d.error(`Error while handling request: %s
+%s`,e.message,e.stack))}const w=r.headers.origin;w&&L.some(e=>w===e)&&(t.setHeader("Access-Control-Allow-Origin",w),t.setHeader("Access-Control-Allow-Credentials","true"));for(const[e,o]of s.headers||[])try{e==="set-cookie"?t.setHeader(e,s.headers.getSetCookie(e)):t.setHeader(e,o)}catch(f){d.error(`Error while setting header: ${f?.message}`)}if(t.setHeader("Vary","Cookie"),t.statusCode=s.status||500,s.body)try{if(P(s)){const e=new C.Transform({transform(o,f,a){if(t.closed||t.destroyed)return a();t.write(o,f)?process.nextTick(a):t.once("drain",a)},flush(o){if(t.closed||t.destroyed)return o();t.end(),o()}});await H(s.body instanceof k?u.fromWeb(s.body):s.body,e)}else{const e=await s.text();t.setHeader("Content-Length",Buffer.byteLength(e)),t.end(e)}}catch(e){console.error(e);const o=e instanceof Error?e:new Error("unknown error",{cause:e});t.destroy(o)}else t.end()})});x.registerShutdownCallback(()=>new Promise(r=>{d.verbose("Shutting down http server"),l.close(()=>{d.verbose("Http server shut down"),r()})})),l.listen(parseInt(String(c),10)).on("listening",()=>{I.isDevelopMode?d.logInFooter("server",`  \u{1F310} Preview URL: http://127.0.0.1:${c}${S()}`):d.logInFooter("server",`Server started at: http://127.0.0.1:${c}${S()}`),m(l)}).on("error",p)})}function P(n){const c=n.headers.get("content-type")||"",m=n.headers.get("x-accel-buffering")||"",p=n.headers.get("content-encoding"),l=n.headers.get("content-length"),r=n.headers.get("transfer-encoding");return p||r||l||/^no$/i.test(m)||!/^(text\/(?!event-stream\b))/i.test(c)}export{B as startHttpServer};

package/dist/server/web-server/middleware/apiKeyMiddleware.js CHANGED Viewed

	@@ -1 +1 @@
1	- const a=(r,e)=>r.secureMethods?.includes(e)??!1;function d(r={}){return async(e,s)=>{const o=e.req.method;if(!a(r,o))return await s();const n=e.req.header("apiKey");if(!n)return e.json({message:"API key is required"},401);try{if(!~~process~~.~~env.~~BH_API_URL)return e.json({message:"API key validation service not configured"},500);const i=new URL("api-keys-verify",~~process~~.~~env.~~BH_API_URL).toString();if(!(await fetch(i,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({apiKey:n})})).ok)return e.json({message:"Invalid API key"},401);await s()}catch{return e.json({message:"API key validation failed"},400)}}}export{d as apiKeyMiddleware};
1	+ import{envConfig as o}from"../../../config/env-config.js";const t=(r,e)=>r.secureMethods?.includes(e)??!1;function f(r={}){return async(e,n)=>{const a=e.req.method;if(!t(r,a))return await n();const i=e.req.header("apiKey");if(!i)return e.json({message:"API key is required"},401);try{if(!o.BH_API_URL)return e.json({message:"API key validation service not configured"},500);const s=new URL("api-keys-verify",o.BH_API_URL).toString();if(!(await fetch(s,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({apiKey:i})})).ok)return e.json({message:"Invalid API key"},401);await n()}catch{return e.json({message:"API key validation failed"},400)}}}export{f as apiKeyMiddleware};

package/dist/server/web-server/middleware/catalogAuthMiddleware.d.ts CHANGED Viewed

@@ -1,8 +1,6 @@
 import type { Context, Next } from 'hono';
-import type { HttpMethod } from '../../../types/http.js';
-type CatalogAuthMiddlewareOptions = {
-    secureMethods?: HttpMethod[];
-};
-export declare function catalogAuthMiddleware(serverOutDir: string, options?: CatalogAuthMiddlewareOptions): (ctx: Context, next: Next) => Promise<Response | void>;
-export {};
+export declare function catalogAuthMiddleware({ serverOutDir, protectReadMethods, }: {
+    serverOutDir: string;
+    protectReadMethods?: boolean;
+}): (ctx: Context, next: Next) => Promise<Response | void>;
 //# sourceMappingURL=catalogAuthMiddleware.d.ts.map

package/dist/server/web-server/middleware/catalogAuthMiddleware.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{KvService as c}from"../../persistence/kv/services/kv-service.js";import{JWT_SECRET_KEY as d}from"../../constants/common.js";importas s from"../jwt/jwt.js";const u=144060,y=(e,a)=>e.~~secureMethods?.~~includes(a)~~??!1~~;function w(e,~~a={~~}){return async(r,t)=>~~{const n=r.req.method;return y(a,n)?~~await l(r,t,e~~):await~~ t()}}const l=async(e,a,r)=>{const t=e.req.header("apiKey");if(t)return await p(e,a,t,r);const i=e.req.header("authorization")?.replace("Bearer ","");return i?await f(e,a,i):e.json({message:"API key is required"},401)},p=async(e,a,r,t)=>{if(!~~process~~.~~env~~.~~BH_API_URL~~)return e.json({message:"API key validation service not configured"},500);try{const n=await c.getInstance({baseDbDir:t});if(~~await~~ n.~~get~~(["~~api-keys~~",~~"reunite"~~,~~r]))return~~ await a();const o=new URL("/api/~~api-keys-verify",process~~.~~env~~.BH_API_URL).toString()~~;return(~~await fetch(o,{method:"~~POST~~",headers:{~~"Content-Type"~~:"~~application/json~~"},~~body:JSON~~.~~stringify~~(~~{apiKey:r}~~)})).~~ok?~~(await n.set(["api-keys","reunite",r],{valid:!0},{ttlInSeconds:u}),await a()~~):e.json({message:"Invalid API key"~~}~~,401)}~~catch{return e.json({message:"API key validation failed"},400)}},f=async(e,a,r)=>{try{const t=await s.verify(r,d),n=s.decode(r).payload.isInternalConnection;return!t\|\|!n?e.json({message:"API key is required"},401):await a()}catch{return e.json({message:"API key validation failed"},400)}};export{w as catalogAuthMiddleware};
1	+ import{KvService as l}from"../../persistence/kv/services/kv-service.js";import{DEFAULT_AUTHENTICATED_TEAM as y}from"../../../constants/common.js";import{envConfig as s}from"../../../config/env-config.js";import{JWT_SECRET_KEY as I}from"../../constants/common.js";import*as m from"../jwt/jwt.js";import{AlgorithmTypes as T}from"../jwt/types.js";const h=60,p=e=>["POST","PUT","DELETE","PATCH"].includes(e),f=e=>["GET"].includes(e);function K({serverOutDir:e,protectReadMethods:t=!0}){return async(r,a)=>await w(r,a,e,t)}const w=async(e,t,r,a=!0)=>{const n=e.req.method,i=p(n)\|\|f(n)&&a,o=e.req.header("apiKey");if(o)return await g(e,t,o,r);const u=e.req.header("authorization")?.replace("Bearer ","");return u?await E(e,t,u):i?e.json({message:"API key is required"},401):await t()},g=async(e,t,r,a)=>{if(!s.BH_API_URL\|\|!s.ORGANIZATION_ID)return e.json({message:"API key validation service not configured"},500);try{const n=await l.getInstance({baseDbDir:a});let i=await _(n,r);if(i)return e.set("apiKeyTeams",i.teams),await t();const o=new URL(`/api/orgs/${s.ORGANIZATION_ID}/session`,s.BH_API_URL).toString(),c=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${r}`}});if(!c.ok)return e.json({message:"Invalid API key"},401);const A=(await c.json())?.user?.teams?.[s.ORGANIZATION_ID]??[],d=[y,...A];return e.set("apiKeyTeams",d),await n.set(["api-keys","reunite",r],{valid:!0,teams:d},{ttlInSeconds:h}),await t()}catch{return e.json({message:"API key validation failed"},400)}},E=async(e,t,r)=>{try{const a=await m.verify(r,I,T.HS256),n=m.decode(r).payload.isInternalConnection;return!a\|\|!n?e.json({message:"API key is required"},401):await t()}catch{return e.json({message:"API key validation failed"},400)}},_=async(e,t)=>{try{return await e.get(["api-keys","reunite",t])}catch{return null}};export{K as catalogAuthMiddleware};

package/dist/server/web-server/middleware/corsMiddleware.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{cors as o}from"hono/cors";function s(r){return ~~process~~.~~env.~~PROJECT_URL?o({origin:~~process~~.~~env.~~PROJECT_URL,allowMethods:r.allowMethods}):o()}export{s as corsMiddleware};
1	+ import{cors as o}from"hono/cors";import{envConfig as r}from"../../../config/env-config.js";function n(e){return r.PROJECT_URL?o({origin:r.PROJECT_URL,allowMethods:e.allowMethods}):o()}export{n as corsMiddleware};

package/dist/server/web-server/middleware/dynamic-middleware/dynamic-middleware.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{pathToFileURL as d}from"url";import{isDefined as l}from"../../../../utils/guards/is-defined.js";import{slash as m}from"../../../../utils/path/slash.js";import{~~isDevelopMode~~ as s}from"~~../../../utils~~/~~envs/is~~-~~develop-mode~~.js";import{compose as w}from"./hono-compose.js";function h(r){return async(e,o)=>{await r.waitForPluginsLifecycle();const a=await c(r.serverOutDir),n=(await Promise.all(r.getAllMiddleware().map(({id:t})=>a[t]).map(async t=>typeof t=="function"?(await t()).default:void 0))).filter(l),i=await w(n)(e,o,r);if(!i.finalized)throw new Error("Context is not finalized. Did you forget to return a Response object or `await next()`?");return i.res}}async function c(r){try{let e;return ~~process~~.~~env.REDOCLY_STATIC_BUNDLE~~?e=await import("@portal/middleware"):e=await import(d(`${m(r)}/middleware-entry.js`)+"?"+new Date),e.middleware}catch(e){if(s())return{};throw e}}export{h as dynamicMiddleware};
1	+ import{pathToFileURL as l}from"url";import{isDefined as m}from"../../../../utils/guards/is-defined.js";import{slash as s}from"../../../../utils/path/slash.js";import{envConfig as o}from"../../../../config/env-config.js";import{compose as w}from"./hono-compose.js";function D(i){return async(e,a)=>{await i.waitForPluginsLifecycle();const n=await f(i.serverOutDir),d=(await Promise.all(i.getAllMiddleware().map(({id:t})=>n[t]).map(async t=>typeof t=="function"?(await t()).default:void 0))).filter(m),r=await w(d)(e,a,i);if(!r.finalized)throw new Error("Context is not finalized. Did you forget to return a Response object or `await next()`?");return r.res}}async function f(i){try{let e;return o.isRuntimeMode?e=await import("@portal/middleware"):e=await import(l(`${s(i)}/middleware-entry.js`)+"?"+new Date),e.middleware}catch(e){if(o.isDevelopMode)return{};throw e}}export{D as dynamicMiddleware};

package/dist/server/web-server/middleware/idleTimeoutMiddleware.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{~~readEnvVariable~~ as r}from"~~../../utils~~/~~envs/read-~~env-~~variable~~.js";import{shutdowner as o}from"../../tools/shutdowner.js";import{logger as n}from"../../tools/notifiers/logger.js";let t=null;const e=~~r("~~WEB_SERVER_IDLE_TIMEOUT");function m(){if(e){if(isNaN(+e))throw new Error(`IDLE_TIMEOUT must be a number, got ${e}`);t&&clearTimeout(t),t=setTimeout(()=>{n.info("Server is idle, stopping..."),o.exitWithCode(0)},+e)}}function s(){return async(u,i)=>{m(),await i()}}export{s as idleTimeoutMiddleware,m as startIdleTimeout};
1	+ import{envConfig as o}from"../../../config/env-config.js";import{shutdowner as r}from"../../tools/shutdowner.js";import{logger as n}from"../../tools/notifiers/logger.js";let t=null;const e=o.WEB_SERVER_IDLE_TIMEOUT;function m(){if(e){if(isNaN(+e))throw new Error(`IDLE_TIMEOUT must be a number, got ${e}`);t&&clearTimeout(t),t=setTimeout(()=>{n.info("Server is idle, stopping..."),r.exitWithCode(0)},+e)}}function T(){return async(u,i)=>{m(),await i()}}export{T as idleTimeoutMiddleware,m as startIdleTimeout};

package/dist/server/web-server/routes/ask-ai.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{RbacFeatures as c}from"../../../constants/common.js";import{ASK_AI_API_URL as r}from"../../constants/common.js";import{canAccessFeature as p}from"../../utils/rbac.js";import{handleUnauthorizedApiRequest as u}from"../utils.js";import{isAiSearchEnabled as f}from"../../plugins/search/utils.js";function R(i){return async e=>{if(!r)return e.newResponse(null,404);const o=i.getConfig();if(!f(o))return e.newResponse(null,403,{});const s=e.get("auth");if(!p(c.AI_SEARCH,s,o.rbac,o.requiresLogin))return u(e);const t={"Content-Type":"application/json"};s.idpAccessToken&&(~~t.Cookie=`~~accessToken=${s.idpAccessToken}`);const a=await e.req.json(),n=await fetch(r,{method:"POST",body:JSON.stringify(a),headers:t});return n.ok?e.newResponse(n.body,200,{"Content-Type":"text/event-stream"}):e.newResponse(n.body,n.status,{"Content-Type":"application/json"})}}export{R as askAiHandler};
1	+ import{RbacFeatures as p}from"../../../constants/common.js";import{ASK_AI_API_URL as r}from"../../constants/common.js";import{canAccessFeature as u}from"../../utils/rbac.js";import{handleUnauthorizedApiRequest as f}from"../utils.js";import{isAiSearchEnabled as h}from"../../plugins/search/utils.js";function C(a){return async e=>{if(!r)return e.newResponse(null,404);const t=a.getConfig();if(!h(t))return e.newResponse(null,403,{});const o=e.get("auth");if(!u(p.AI_SEARCH,o,t.rbac,t.requiresLogin))return f(e);const i={"Content-Type":"application/json"},n=[];o.claims?.authCookie&&n.push(`authorization=${o.claims.authCookie}`),o.idpAccessToken&&n.push(`accessToken=${o.idpAccessToken}`),n.length>0&&(i.Cookie=n.join("; "));const c=await e.req.json(),s=await fetch(r,{method:"POST",body:JSON.stringify(c),headers:i});return s.ok?e.newResponse(s.body,200,{"Content-Type":"text/event-stream"}):e.newResponse(s.body,s.status,{"Content-Type":"application/json"})}}export{C as askAiHandler};