@redocly/realm 0.130.0-next.8 → 0.130.0-next.9

package/CHANGELOG.md

@@ -1,5 +1,22 @@
 # @redocly/realm
 
+## 0.130.0-next.9
+
+### Patch Changes
+
+- 9f91c53c96: Updated `@redocly/openapi-core` to version `2.15.1`.
+- 39a6b03569: Fixed `id_token` audience validation to support organization ID alongside slug, preventing auth failures after slug changes.
+- 864165169a: Fixed an issue where deep links would open pages in an incorrect position if a banner was present.
+- ab5975a273: Fixed an issue where a schema wouldn't be displayed when it was an only item in a `oneOf`.
+- d7fada1899: Fixed an issue where `KV.set` would fail when not provided with a third argument in transactions.
+- Updated dependencies [9f91c53c96]
+- Updated dependencies [864165169a]
+- Updated dependencies [ab5975a273]
+  - @redocly/openapi-docs@3.18.0-next.8
+  - @redocly/asyncapi-docs@1.7.0-next.8
+  - @redocly/graphql-docs@1.7.0-next.1
+  - @redocly/portal-plugin-mock-server@0.15.0-next.8
+
 ## 0.130.0-next.8
 
 ### Minor Changes

package/dist/cli/develop.js

@@ -1 +1 @@
-import{logger as n}from"../server/tools/notifiers/logger.js";import{reporter as u}from"../server/tools/notifiers/reporter.js";import{green as g}from"../server/tools/notifiers/helpers/colors.js";import{resolveCache as v}from"../server/esbuild/plugins/themes-resolver.js";import{getBilledPagesCount as m}from"../server/utils/index.js";import{createClientCompiler as w,createServerCompiler as h}from"../server/esbuild/esbuild.js";import{initPlugins as C,runPlugins as p,writeClientEntries as y}from"../server/plugins/lifecycle.js";import{startDevServer as S}from"../server/web-server/dev-server.js";import{validateAllMarkdowns as f}from"../server/plugins/markdown/compiler.js";import{reportAllErrors as b}from"../server/utils/report-all-errors.js";import{copyMigrationsFolder as R}from"../server/providers/database/copy-migrations.js";async function G(i,e){n.info("Starting project preview mode."),y(e),n.startTiming("initial-js"),await E(e),n.infoTime("initial-js","JavaScript compiled");const{pluginInstances:l,lifecycleContext:t}=await C({contentDir:e.contentDir,outdir:e.outdir,serverOutDir:void 0,devLogin:i["dev-login"]!==!1,setGlobalConfig:e.setGlobalConfig});e.lifecycleContext=t,R(e),await p(l,e,t,{failFast:!0});const d=async()=>{const r=performance.now();u.clearErrors(),await p(l,e,t),await f(e,t),P().then(async()=>{await b(t);const a=m(e.getAllRoutes()),o=u.summary(`  \u{1F440} Last change processed in ${g(Math.round(performance.now()-r)+"ms")}`,a);e.runListeners("errors-updated",void 0,o),e.runListeners("pages-updated",void 0,a),e.runListeners("routes-updated")})};await f(e,t),await b(t);const s=m(e.getAllRoutes());u.summary("  \u{1F440} Watching for changes...",s),e.runListeners("pages-updated",void 0,s),t.fs.watch(async()=>{v.clear(),await d()}),n.verbose("Starting development server."),await S(e,t,{port:Number(i.port||4e3)}),u.listenStdin()}async function E(i){let e=!0,l=!0;const t=r=>{r==="client"?e=!0:l=!0,i.runListeners("build-started"),e!=l&&(i.startEsbuildRun(),n.startTiming("rebuild"))},d=async r=>{r==="client"?e=!1:l=!1,!(e||l)&&(i.finishEsbuildRun(),i.buildRevision++,n.infoTime("rebuild","JavaScript re-compiled"),await i.reloadMarkdocOptions(),i.markUserCodeReady(),i.runListeners("build-updated"),i.lifecycleContext&&i.buildRevision>1&&i.lifecycleContext.fs.emitCodeUpdated())},s=[new Promise((r,a)=>{const o={label:"client",buildStart(){n.verbose("Start compiling client code."),n.startTiming(this.label)},buildEnd(){n.verboseTime(this.label,"Client compiled"),r(!0)},rebuildStart:()=>t("client"),rebuildEnd:()=>d("client")};w(i,i.outdir,"development",o).then(c=>c.watch()).catch(a)}),new Promise((r,a)=>{const o={label:"server",buildStart(){n.verbose("Start compiling server code."),n.startTiming(this.label)},buildEnd(){n.verboseTime(this.label,"Server compiled"),r(!0)},rebuildStart:()=>t("server"),rebuildEnd:()=>d("server")};h(i,i.serverOutDir,"development",o).then(c=>c.watch()).catch(a)})];await Promise.all(s),await i.reloadMarkdocOptions()}function P(){return new Promise(i=>{setTimeout(i,0)})}export{G as develop};
+import{logger as t}from"../server/tools/notifiers/logger.js";import{reporter as u}from"../server/tools/notifiers/reporter.js";import{green as v}from"../server/tools/notifiers/helpers/colors.js";import{resolveCache as g}from"../server/esbuild/plugins/themes-resolver.js";import{getBilledPagesCount as m}from"../server/utils/index.js";import{createClientCompiler as w,createServerCompiler as C}from"../server/esbuild/esbuild.js";import{initPlugins as h,runPlugins as p,writeClientEntries as S}from"../server/plugins/lifecycle.js";import{startDevServer as E}from"../server/web-server/dev-server.js";import{validateAllMarkdowns as f}from"../server/plugins/markdown/compiler.js";import{reportAllErrors as b}from"../server/utils/report-all-errors.js";import{copyMigrationsFolder as R}from"../server/providers/database/copy-migrations.js";async function j(i,e){t.info("Starting project preview mode."),S(e),t.startTiming("initial-js"),await y(e),t.infoTime("initial-js","JavaScript compiled");const{pluginInstances:a,lifecycleContext:n}=await h({contentDir:e.contentDir,outdir:e.outdir,serverOutDir:void 0,devLogin:i["dev-login"]!==!1,setGlobalConfig:e.setGlobalConfig});e.lifecycleContext=n,R(e),await p(a,e,n,{failFast:!0});const s=async()=>{const r=performance.now();u.clearErrors(),await p(a,e,n),process.env.REDOCLY_EXP_DISABLE_MD_VALIDATION!=="true"?await f(e,n):t.info("Skipping markdown validation step"),L().then(async()=>{await b(n);const l=m(e.getAllRoutes()),o=u.summary(`  \u{1F440} Last change processed in ${v(Math.round(performance.now()-r)+"ms")}`,l);e.runListeners("errors-updated",void 0,o),e.runListeners("pages-updated",void 0,l),e.runListeners("routes-updated")})};process.env.REDOCLY_EXP_DISABLE_MD_VALIDATION!=="true"?await f(e,n):t.info("Skipping markdown validation step"),await b(n);const d=m(e.getAllRoutes());u.summary("  \u{1F440} Watching for changes...",d),e.runListeners("pages-updated",void 0,d),n.fs.watch(async()=>{g.clear(),await s()}),t.verbose("Starting development server."),await E(e,n,{port:Number(i.port||4e3)}),u.listenStdin()}async function y(i){let e=!0,a=!0;const n=r=>{r==="client"?e=!0:a=!0,i.runListeners("build-started"),e!=a&&(i.startEsbuildRun(),t.startTiming("rebuild"))},s=async r=>{r==="client"?e=!1:a=!1,!(e||a)&&(i.finishEsbuildRun(),i.buildRevision++,t.infoTime("rebuild","JavaScript re-compiled"),await i.reloadMarkdocOptions(),i.markUserCodeReady(),i.runListeners("build-updated"),i.lifecycleContext&&i.buildRevision>1&&i.lifecycleContext.fs.emitCodeUpdated())},d=[new Promise((r,l)=>{const o={label:"client",buildStart(){t.verbose("Start compiling client code."),t.startTiming(this.label)},buildEnd(){t.verboseTime(this.label,"Client compiled"),r(!0)},rebuildStart:()=>n("client"),rebuildEnd:()=>s("client")};w(i,i.outdir,"development",o).then(c=>c.watch()).catch(l)}),new Promise((r,l)=>{const o={label:"server",buildStart(){t.verbose("Start compiling server code."),t.startTiming(this.label)},buildEnd(){t.verboseTime(this.label,"Server compiled"),r(!0)},rebuildStart:()=>n("server"),rebuildEnd:()=>s("server")};C(i,i.serverOutDir,"development",o).then(c=>c.watch()).catch(l)})];await Promise.all(d),await i.reloadMarkdocOptions()}function L(){return new Promise(i=>{setTimeout(i,0)})}export{j as develop};

package/dist/server/persistence/kv/services/kv-service.js

@@ -1 +1 @@
-import{KvRemoteRepository as l}from"../repositories/kv-remote-repository.js";import{kvKeyValidator as a,kvListOptionsValidator as h,kvListSelectorValidator as u,kvSetOptionsValidator as c}from"../schemas/kv-schemas.js";class i{static#s;#t;constructor(t){this.#t=t}static async#r(t){const s=await l.getInstance(t),n=new i(s);i.#s=n}static async getInstance(t){return i.#s||await i.#r(t),i.#s}async get(t){const s=a.parse(t);return await this.#t?.sync(),await this.#t?.get(s)??null}async getMany(t){if(t.length===0)return[];const s=t.map(n=>a.parse(n));return await this.#t?.sync(),await this.#t?.getMany(s)??[]}async list(t,s){const n=u.parse(t),e=h.parse(s??{});return await this.#t?.sync(),await this.#t?.list(n,e)??{items:[],total:0,cursor:null}}async set(t,s,n){const e=a.parse(t),r=c.parse(n??{});return this.#e(s),this.#n(s),await this.#t?.set(e,s,r)??null}async delete(t){const s=a.parse(t);return this.#t?.delete(s)}async clearExpired(){return await this.#t?.clearExpired()}async transaction(t){if(!this.#t)throw new Error("Remote repository not available for transactions");return await this.#t.sync(),this.#t.transaction(async s=>t({get:async e=>{const r=a.parse(e);return s.get(r)},getMany:async e=>{const r=e.map(o=>a.parse(o));return s.getMany(r)},set:async(e,r,o)=>{const y=a.parse(e),p=c.parse(o);return this.#e(r),this.#n(r),s.set(y,r,p)},delete:async e=>{const r=a.parse(e);return s.delete(r)}}))}#e(t){try{JSON.stringify(t)}catch(s){const n=s instanceof Error?s.message:"Unknown error";throw new Error(`Value is not JSON serializable: ${n}`)}}#n(t){const n=JSON.stringify(t),e=Buffer.byteLength(n,"utf8");if(e>1048576){const r=(e/1024).toFixed(2);throw new Error(`Value size (${r} KB) exceeds the maximum allowed size of 1 MB (1024 KB)`)}}}export{i as KvService};
+import{KvRemoteRepository as l}from"../repositories/kv-remote-repository.js";import{kvKeyValidator as a,kvListOptionsValidator as h,kvListSelectorValidator as u,kvSetOptionsValidator as c}from"../schemas/kv-schemas.js";class i{static#s;#t;constructor(t){this.#t=t}static async#r(t){const s=await l.getInstance(t),n=new i(s);i.#s=n}static async getInstance(t){return i.#s||await i.#r(t),i.#s}async get(t){const s=a.parse(t);return await this.#t?.sync(),await this.#t?.get(s)??null}async getMany(t){if(t.length===0)return[];const s=t.map(n=>a.parse(n));return await this.#t?.sync(),await this.#t?.getMany(s)??[]}async list(t,s){const n=u.parse(t),e=h.parse(s??{});return await this.#t?.sync(),await this.#t?.list(n,e)??{items:[],total:0,cursor:null}}async set(t,s,n){const e=a.parse(t),r=c.parse(n??{});return this.#e(s),this.#n(s),await this.#t?.set(e,s,r)??null}async delete(t){const s=a.parse(t);return this.#t?.delete(s)}async clearExpired(){return await this.#t?.clearExpired()}async transaction(t){if(!this.#t)throw new Error("Remote repository not available for transactions");return await this.#t.sync(),this.#t.transaction(async s=>t({get:async e=>{const r=a.parse(e);return s.get(r)},getMany:async e=>{const r=e.map(o=>a.parse(o));return s.getMany(r)},set:async(e,r,o)=>{const y=a.parse(e),p=c.parse(o??{});return this.#e(r),this.#n(r),s.set(y,r,p)},delete:async e=>{const r=a.parse(e);return s.delete(r)}}))}#e(t){try{JSON.stringify(t)}catch(s){const n=s instanceof Error?s.message:"Unknown error";throw new Error(`Value is not JSON serializable: ${n}`)}}#n(t){const n=JSON.stringify(t),e=Buffer.byteLength(n,"utf8");if(e>1048576){const r=(e/1024).toFixed(2);throw new Error(`Value size (${r} KB) exceeds the maximum allowed size of 1 MB (1024 KB)`)}}}export{i as KvService};

package/dist/server/plugins/asyncapi-docs/template/AsyncApiDocs.js

@@ -1,9 +1,11 @@
-import l from"styled-components";import*as o from"react";import{RedoclyAsyncAPIDocs as d}from"@redocly/asyncapi-docs";import{withPathPrefix as m}from"@redocly/theme/core/utils";import{usePageSharedData as p}from"../../../../client/app/hooks";import{useCollectMarkdocOptions as f}from"./helpers";function u({pageProps:t}){const a=p("AsyncApiDefinition"),{document:i,apiItems:r,protocol:e,downloadUrls:n}=a,c=m(t?.settings?.baseUrlPath),s=f(t);return o.createElement(h,null,o.createElement(d,{pageProps:t,document:i,apiItems:r,routingBasePath:c,protocol:e,downloadUrls:n,markdocOptions:s}))}const h=l.div`
+import l from"styled-components";import*as o from"react";import{RedoclyAsyncAPIDocs as d}from"@redocly/asyncapi-docs";import{withPathPrefix as m}from"@redocly/theme/core/utils";import{usePageSharedData as p}from"../../../../client/app/hooks";import{useCollectMarkdocOptions as f}from"./helpers";function h({pageProps:t}){const a=p("AsyncApiDefinition"),{document:i,apiItems:r,protocol:e,downloadUrls:n}=a,c=m(t?.settings?.baseUrlPath),s=f(t);return o.createElement(u,null,o.createElement(d,{pageProps:t,document:i,apiItems:r,routingBasePath:c,protocol:e,downloadUrls:n,markdocOptions:s}))}const u=l.div`
   a[id],
   a[data-section-id],
   div[data-section-id] {
-    scroll-margin-top: calc(var(--navbar-height) + var(--panel-gap-vertical));
+    scroll-margin-top: calc(
+      var(--navbar-height) + var(--banner-height) + var(--panel-gap-vertical)
+    );
   }
 
   --sidebar-width: 0px;
-`;export{u as default};
+`;export{h as default};

package/dist/server/plugins/openapi-docs/template/OpenAPIDocs.js

@@ -1,14 +1,18 @@
-import*as a from"react";import i from"styled-components";import{RedoclyOpenAPIDocs as c}from"@redocly/openapi-docs";import{LayoutVariant as s}from"@redocly/config";import{ThreePanelLayout as m}from"@redocly/theme/layouts/ThreePanelLayout";import{CatalogClassicInfoBlock as p}from"@redocly/theme/components/CatalogClassic/CatalogClassicInfoBlock";import{useUserClaims as u}from"../../../../client/app/hooks";import{usePageSharedData as d}from"../../../../client/providers/page-data/hooks";import{usePatchedStore as f}from"./helpers.js";function h({pageProps:t}){const o=u(),e=d("openAPIDocsStore"),n=a.useMemo(()=>({layout:t.apiOptions?.layout,userClaims:o}),[t.apiOptions?.layout,o]),r=f(e,t);if(!e)return"Something went wrong";const l=t.apiOptions?.layout;return a.createElement(g,null,a.createElement(v,{layout:l},a.createElement(p,{metadata:t.metadata})),a.createElement(c,{store:{options:r.options,definition:r.definition,withState:n}}))}const v=i(m)`
+import*as a from"react";import i from"styled-components";import{RedoclyOpenAPIDocs as c}from"@redocly/openapi-docs";import{LayoutVariant as s}from"@redocly/config";import{ThreePanelLayout as m}from"@redocly/theme/layouts/ThreePanelLayout";import{CatalogClassicInfoBlock as p}from"@redocly/theme/components/CatalogClassic/CatalogClassicInfoBlock";import{useUserClaims as h}from"../../../../client/app/hooks";import{usePageSharedData as u}from"../../../../client/providers/page-data/hooks";import{usePatchedStore as d}from"./helpers.js";function f({pageProps:t}){const o=h(),e=u("openAPIDocsStore"),n=a.useMemo(()=>({layout:t.apiOptions?.layout,userClaims:o}),[t.apiOptions?.layout,o]),r=d(e,t);if(!e)return"Something went wrong";const l=t.apiOptions?.layout;return a.createElement(g,null,a.createElement(v,{layout:l},a.createElement(p,{metadata:t.metadata})),a.createElement(c,{store:{options:r.options,definition:r.definition,withState:n}}))}const v=i(m)`
   && {
     padding-right: ${({layout:t})=>t===s.THREE_PANEL?"calc(var(--panel-gap-horizontal) * 2)":"var(--panel-gap-horizontal)"};
   }
 `,g=i.div`
   div[id] {
-    scroll-margin-top: calc(var(--navbar-height) - var(--panel-gap-vertical));
+    scroll-margin-top: calc(
+      var(--navbar-height) + var(--banner-height) - var(--panel-gap-vertical)
+    );
   }
   a[id] {
-    scroll-margin-top: calc(var(--navbar-height) + var(--panel-gap-vertical));
+    scroll-margin-top: calc(
+      var(--navbar-height) + var(--banner-height) + var(--panel-gap-vertical)
+    );
   }
 
   --sidebar-width: 0px;
-`;export{h as default};
+`;export{f as default};

package/dist/server/plugins/scorecard-classic/types.d.ts

@@ -1,9 +1,9 @@
 import type { NormalizedProblem } from '@redocly/openapi-core';
 import type { ProblemWithCodeframe } from './lint';
 export declare enum ScorecardStatus {
-    BelowMinimum = "Below minimum",
-    Highest = "Highest",
-    Minimum = "Minimum"
+    BelowMinimum = "BELOW_MINIMUM",
+    Highest = "HIGHEST",
+    Minimum = "MINIMUM"
 }
 export type ProblemSummary = Pick<NormalizedProblem, 'ruleId' | 'severity'>;
 export type ScorecardLevel = {

package/dist/server/plugins/scorecard-classic/types.js

@@ -1 +1 @@
-var m;(function(i){i.BelowMinimum="Below minimum",i.Highest="Highest",i.Minimum="Minimum"})(m||(m={}));export{m as ScorecardStatus};
+var i;(function(M){M.BelowMinimum="BELOW_MINIMUM",M.Highest="HIGHEST",M.Minimum="MINIMUM"})(i||(i={}));export{i as ScorecardStatus};

package/dist/server/plugins/sso/index.js

@@ -1 +1 @@
-import{DEFAULT_SSO_IDP_TITLE as d}from"../../../constants/common.js";import{telemetryTraceStep as u}from"../../../cli/telemetry/helpers/trace-step.js";const f="https://auth.cloud.redocly.com/oidc/.well-known/openid-configuration",y="https://auth.cloud.redocly.com/api/sso/oidc/introspect";async function _(g){return{id:"sso",async processContent(e){await u("build.plugin.sso",async c=>{const o=e.getConfig();if(c?.setAttribute("config",`{"ssoDirect": ${JSON.stringify(o.ssoDirect||{})}}, {"sso": ${JSON.stringify(o.sso||{})}}`),o.ssoDirect&&typeof o.ssoDirect=="object"&&Object.keys(o.ssoDirect).length!==0||o.sso&&Array.isArray(o.sso)&&!o.sso.length)return;const a=!!(o.rbac&&typeof o.rbac=="object"&&Object.keys(o.rbac).length!==0),p=o.requiresLogin;if(!a&&!p)return;let n=f,i=process.env.REDOCLY_OAUTH_USE_INTROSPECT?y:"";const s=o.residency;if(s){const r=s.endsWith("/")?s.slice(0,-1):s;n=`${r.replace("app.","auth.")}/oidc/.well-known/openid-configuration`,i=process.env.REDOCLY_OAUTH_USE_INTROSPECT?`${r}/api/sso/oidc/introspect`:""}let t="AUTO";o.sso&&(Array.isArray(o.sso)?t=o.sso.join(","):t=o.sso);const l={oidc:{title:d,type:"OIDC",configurationUrl:n,clientId:"{{ process.env.OAUTH_CLIENT_ID }}",clientSecret:"{{ process.env.OAUTH_CLIENT_SECRET }}",teamsClaimName:"https://redocly.com/sso/teams",scopes:["openid"],authorizationRequestCustomParams:{login_hint:"{{ process.env.ORGANIZATION_SLUG }}",login_type:t,prompt:"login"},audience:"{{ process.env.ORGANIZATION_SLUG }}",introspectEndpoint:i}};e.setGlobalConfig({ssoDirect:l})})},async afterRoutesCreated(e){}}}export{_ as ssoPlugin};
+import{DEFAULT_SSO_IDP_TITLE as d}from"../../../constants/common.js";import{telemetryTraceStep as u}from"../../../cli/telemetry/helpers/trace-step.js";const f="https://auth.cloud.redocly.com/oidc/.well-known/openid-configuration",y="https://auth.cloud.redocly.com/api/sso/oidc/introspect";async function _(g){return{id:"sso",async processContent(e){await u("build.plugin.sso",async c=>{const o=e.getConfig();if(c?.setAttribute("config",`{"ssoDirect": ${JSON.stringify(o.ssoDirect||{})}}, {"sso": ${JSON.stringify(o.sso||{})}}`),o.ssoDirect&&typeof o.ssoDirect=="object"&&Object.keys(o.ssoDirect).length!==0||o.sso&&Array.isArray(o.sso)&&!o.sso.length)return;const a=!!(o.rbac&&typeof o.rbac=="object"&&Object.keys(o.rbac).length!==0),p=o.requiresLogin;if(!a&&!p)return;let n=f,i=process.env.REDOCLY_OAUTH_USE_INTROSPECT?y:"";const s=o.residency;if(s){const r=s.endsWith("/")?s.slice(0,-1):s;n=`${r.replace("app.","auth.")}/oidc/.well-known/openid-configuration`,i=process.env.REDOCLY_OAUTH_USE_INTROSPECT?`${r}/api/sso/oidc/introspect`:""}let t="AUTO";o.sso&&(Array.isArray(o.sso)?t=o.sso.join(","):t=o.sso);const l={oidc:{title:d,type:"OIDC",configurationUrl:n,clientId:"{{ process.env.OAUTH_CLIENT_ID }}",clientSecret:"{{ process.env.OAUTH_CLIENT_SECRET }}",teamsClaimName:"https://redocly.com/sso/teams",scopes:["openid"],authorizationRequestCustomParams:{login_hint:"{{ process.env.ORGANIZATION_ID }}",login_type:t,prompt:"login"},audience:"{{ process.env.ORGANIZATION_ID }}",introspectEndpoint:i}};e.setGlobalConfig({ssoDirect:l})})},async afterRoutesCreated(e){}}}export{_ as ssoPlugin};

package/dist/server/store.js

@@ -1 +1 @@
-import b from"@markdoc/markdoc";import{getPathnameForLocale as A}from"@redocly/theme/core/utils";import{DEFAULT_LOCALE_PLACEHOLDER as u}from"../constants/common.js";import{DEFAULT_TITLE as C}from"./constants/common.js";import{GATED_MARKDOC_TAGS as D}from"./constants/entitlements.js";import{isObject as O}from"../utils/guards/is-object.js";import{mapObject as T}from"../utils/object/map-object.js";import{getValueDeep as S}from"../utils/object/get-value-deep.js";import{removeTrailingSlash as M}from"../utils/url/remove-trailing-slash.js";import{normalizeRouteSlug as f}from"../utils/path/normalize-route-slug.js";import{isLocalLink as L}from"../utils/path/is-local-link.js";import{reporter as w}from"./tools/notifiers/reporter.js";import{logger as p}from"./tools/notifiers/logger.js";import{sha1 as k}from"./utils/crypto/sha1.js";import{writeEnvVariable as _}from"./utils/envs/write-env-variable.js";import{readEnvVariable as F}from"./utils/envs/read-env-variable.js";import{KvService as G}from"./persistence/kv/services/kv-service.js";import{writeSharedData as B}from"./utils/index.js";import{renderComponents as I}from"./ssr/render.js";import{readStaticData as N,writeStaticData as V}from"./utils/static-data.js";import{parseAndResolveMarkdoc as j}from"./plugins/markdown/compiler.js";import{getMarkdocOptions as H}from"./plugins/markdown/markdoc/markdoc-options.js";import{EntitlementsProvider as y}from"./entitlements/entitlements-provider.js";import{isL10nPath as K}from"./fs/utils/is-l10n-path.js";import{resolveMetadataGlobs as U}from"./utils/globs.js";import{replaceEnvVariablesDeep as J}from"./utils/envs/replace-env-variables-deep.js";import{findRedirect as x}from"./utils/redirects/find-redirect.js";import{addWildcardRedirectToTree as q}from"./utils/redirects/add-wildcard-redirect-to-tree.js";import{telemetryTraceStep as $}from"../cli/telemetry/helpers/trace-step.js";const R={routesBySlug:"map",apiRoutes:"object",middleware:"object",routesByFsPath:"map",routesSharedData:"map",globalData:"object",config:"object",ssr:"object",searchFacets:"map",routesPartials:"map"},g="markdown/partials",bt="markdown/partials-deps",v="PLAN_GATES",W=["OAUTH_CLIENT_ID","OAUTH_CLIENT_SECRET","ORGANIZATION_SLUG","ORG_ID"],At="userDefinedApiFunctions";class E{routesBySlug=new Map;replacedEnvVars={};unsetEnvVars=new Set;lifecycleContext;newRoutes=[];#t={};routesByFsPath=new Map;apiRoutes=[];middleware=[];routesSharedData=new Map;sharedDataDeps=new Map;sharedDataMarkdocComponents=new Map;routesDynamicComponents=new Map;routesPartials=new Map;ssr={preBodyTags:[],postBodyTags:[],headTags:[]};searchFacets=new Map;searchEngine;templates=new Map;browserPlugins=new Set;apiRoutesRequestHandlers=new Map;serverPropsGetters=new Map;pagePropsGetters=new Map;listeners=new Map;globalData={};#s=void 0;config={configFilePath:"",redirects:{},wildcardRedirectsTree:{},rbac:{},directoryPermissions:{},devLogin:!1,ssoDirect:{}};#r;serverMode;serverOutDir;outdir;buildRevision=0;hasSitemap=!1;compilationErrors=[];#a;userCodeReady;#o=Promise.resolve();#i;#n=Promise.resolve();#c;#e=new Map;constructor({outdir:t,contentDir:e,serverMode:s=!1,serverOutDir:r}){this.#r=e,this.outdir=t,this.serverMode=s,this.serverOutDir=r,this.userCodeReady=new Promise(a=>{this.#a=a})}on(t,e){const s=this.listeners.get(t);s?s.add(e):this.listeners.set(t,new Set([e]))}queueEvent=(t,e,...s)=>{this.#e.set(t+String(e),[t,e,...s])};runListeners=(t,e,...s)=>{for(const r of this.listeners.get(t)||new Set)e?r(e,...s):r(...s)};startPluginsRun(){this.clear(),this.#o=new Promise(t=>{this.#i=t})}waitForPluginsLifecycle(){return Promise.all([this.#o,this.#n])}finishPluginsRun(){this.#i?.();for(const t of this.#e.values())this.runListeners(...t);this.#e.clear()}startEsbuildRun(){this.#n=new Promise(t=>{this.#c=t})}finishEsbuildRun(){this.#c?.()}get contentDir(){if(this.serverMode)throw new Error("contentDir should not be used in server mode");return this.#r}markUserCodeReady(){this.#a?.(!0)}async reloadMarkdocOptions(){await $("build.reload_markdoc_options",async()=>{const t=y.instance(),e=await H(this.serverOutDir),s=Object.fromEntries(Object.entries(e.tags).filter(([r])=>D[r]!=null?t.canAccessFeature(D[r]):!0));this.#s={...e,tags:s}})}get markdocOptions(){return{...this.#s,partials:this.getGlobalConfig(g),themeConfig:this.config.markdown}}setGlobalData=t=>{const e=this.globalData,s={...this.globalData,...t};this.globalData=s,JSON.stringify(s)!==JSON.stringify(e)&&this.queueEvent("global-data-updated",void 0,s)};getGlobalData=()=>this.globalData;getKv=async()=>G.getInstance({baseDbDir:this.serverOutDir});parseMarkdoc=async(t,e,s)=>{const{data:{info:r,ast:a},compoundHash:c}=await j(t,this.markdocOptions,{actions:this,context:e});for(const o of r.sharedDataDeps||[]){for(const i of s?.routeSlugs||[])this.addRouteSharedData(i,o,o);for(const i of s?.sharedDataIds||[]){const n=this.sharedDataDeps.get(i)||new Set;n.add(o),this.sharedDataDeps.set(i,n)}}for(const o of r.dynamicMarkdocComponents||[]){for(const i of s?.routeSlugs||[]){const n=this.routesDynamicComponents.get(i)||new Set;n.add(o),this.routesDynamicComponents.set(i,n)}for(const i of s?.sharedDataIds||[]){const n=this.sharedDataMarkdocComponents.get(i)||new Set;n.add(o),this.sharedDataMarkdocComponents.set(i,n)}}if(s?.routeSlugs&&r.partials?.length)for(const o of s.routeSlugs){const i=this.routesPartials.get(o)||[];for(const n of r.partials)i.includes(n)||i.push(n);this.routesPartials.set(o,i)}return{info:r,ast:a,compoundHash:c}};async loadOpenApiDefinitions(t){return(await t.cache.load(".","load-oas-docs")).data}async loadAsyncApiDefinitions(t){return(await t.cache.load(".","asyncapi-docs")).data}setSearchEngine(t){this.searchEngine=t}setSearchFacets=t=>{this.searchFacets=t};setGlobalConfig=t=>{const e=Object.keys(t);for(const c of e)for(const o in this.replacedEnvVars)if(o===c||o.startsWith(`${c}:`)){const i=o.split(":"),{error:n,value:l}=S(t,i);(n||l!==this.replacedEnvVars[o].replaced)&&delete this.replacedEnvVars[o]}const{resolvedObj:s,unsetEnvVars:r,replacedValues:a}=J(t);for(const c of r)this.unsetEnvVars.add(c);Object.assign(this.replacedEnvVars,a),Object.assign(this.config,s)};getConfig=()=>this.config;getGlobalConfig=t=>this.config[t];getSearchFacets=()=>this.searchFacets;addRedirect=(t,e)=>{if(!y.instance().canAccessFeature("redirects")&&t!=="/")return;this.config.redirects||(this.config.redirects={});const a=f(t).toLowerCase();this.config.redirects[a]=e,a.endsWith("*")&&q(this.config.wildcardRedirectsTree,a)};getRedirect=t=>{const e=f(t).toLowerCase();return x(e,this.config.redirects,this.config.wildcardRedirectsTree)};createSharedData=async(t,e,s)=>{if(s&&this.#t[t]===s)return t;const r=JSON.stringify(e),a=s??k(r);return this.#t[t]===a||(this.#t[t]=a,await B(t,r,this.outdir),this.queueEvent("shared-data-updated",t)),t};addRouteSharedData=(t,e,s)=>{const r=M(t),a=this.routesSharedData.get(r)||{};a[e]=s,this.routesSharedData.set(r,a),p.verbose(`Adding shared data to ${t}, ${e}, ${s}`)};getRouteSharedDataByFsPath=t=>{const e=this.routesByFsPath.get(t);return e?this.routesSharedData.get(e)||{}:{}};getPartialsForRoute=t=>{const e=this.getGlobalConfig(g)||{},s=this.routesPartials.get(t);if(!s||s.length===0)return{};const r={};for(const a of s)e[a]&&(r[a]=e[a]);return r};addRoute=t=>{const s={...U(t.fsPath,this.config.metadataGlobs),...t.metadata||{}};this.newRoutes.push({...t,metadata:s}),p.verbose("Created route %s",t.slug)};addRouteSharedDataToAllLocales=(t,e,s)=>{const r=[u,...this.lifecycleContext?.fs.localeFolders||[]].map(a=>({code:a,name:a}));for(const a of r){const c=A(t,u,a.code,r);this.addRouteSharedData(c,e,s)}};addApiRoute=t=>{this.apiRoutes.push(t),p.verbose("Created API route %s",t.slug)};addMiddleware=t=>{this.middleware.push(t),p.verbose("Created middleware %s",t.id)};getRouteByFsPath=t=>{const e=this.routesByFsPath.get(t);return e?this.getRouteBySlug(e):void 0};getRouteBySlug=(t,e={})=>{const{followRedirect:s=!0}=e,r=this.getRedirect(t);return s&&r?this.routesBySlug.get(f(r.to)):this.routesBySlug.get(t)};slugHasRouteOrRedirect=t=>{if(this.routesBySlug.has(t))return!0;const e=this.getRedirect(t);if(!e)return!1;if(!L(e.to))return!0;const s=f(e.to);return this.routesBySlug.has(s)};getRoutesByTemplateId=t=>this.newRoutes.filter(e=>e.templateId===t);getAllRoutesForLocale=(t=u)=>{const e=Array.from(this.routesBySlug.values()),s=t.toLowerCase();return e.filter(r=>t===u?!K(r.fsPath):r.slug.startsWith(`/${s}`))};getAllRoutes=()=>Array.from(this.routesBySlug.values());getAllApiRoutes=()=>this.apiRoutes;getAllMiddleware=()=>this.middleware;getTemplate=t=>this.templates.get(t);getRequestHandler=t=>this.apiRoutesRequestHandlers.get(t);createTemplate=(t,e)=>(this.templates.set(t,e),t);addBrowserPlugin=t=>{this.browserPlugins.add(t)};createRequestHandler=(t,e)=>(this.apiRoutesRequestHandlers.set(t,e),t);registerServerPropsGetter=(t,e)=>(this.serverPropsGetters.set(t,e),t);registerPagePropsGetter=(t,e)=>{this.pagePropsGetters.set(t,e)};async writeRouteStaticData(t,e){const s=await this.resolveRouteStaticData(t,e,!1);s&&V(t.slug,s,this.outdir)}async resolveRouteStaticData(t,e,s){if(this.serverMode)return N(t.slug,this.outdir);const r={...this,contentDir:this.contentDir,parseMarkdoc:(l,d)=>this.parseMarkdoc(l,d,{routeSlugs:[t.slug]})},a=await t.getStaticData?.(t,r)||{},c=new Set(this.routesDynamicComponents.get(t.slug)),o=this.routesSharedData.get(t.slug)||{};for(const l of Object.values(o)){const d=this.sharedDataMarkdocComponents.get(l);d&&d.forEach(h=>c.add(h));const m=this.sharedDataDeps.get(l);m&&m.forEach(h=>this.addRouteSharedData(t.slug,h,h))}const i=this.getGlobalConfig("seo"),n=a?.frontmatter||{};return{...a,frontmatter:{...n,seo:{...n?.seo,title:n?.seo?.title||await t.getNavText?.()}},props:{...a.props,dynamicMarkdocComponents:Array.from(c),metadata:{...a?.props?.metadata,...t.metadata},seo:{title:C,...i,...a.props?.seo},compilationErrors:this.compilationErrors},lastModified:s||!t.fsPath?null:await this.lifecycleContext?.fs.getLastModified(t.fsPath)}}addSsrComponents(t,e){if(!t?.length)return;const s=typeof t[0]=="string"?t.join(""):I(t);s&&(e==="head"?this.ssr.headTags.push(s):e==="preBody"?this.ssr.preBodyTags.push(s):this.ssr.postBodyTags.push(s))}clear=()=>{this.routesByFsPath.clear(),this.templates.clear(),this.newRoutes=[],this.routesBySlug.clear(),this.apiRoutes=[],this.middleware=[],this.routesSharedData.clear(),this.sharedDataDeps.clear(),this.sharedDataMarkdocComponents.clear(),this.routesDynamicComponents.clear(),this.routesPartials.clear(),this.config.redirects={},this.config.wildcardRedirectsTree={},this.config.directoryPermissions={},this.ssr={preBodyTags:[],postBodyTags:[],headTags:[]}};async toJson(){const t=[];for(const[s,r]of Object.entries(R))switch(r){case"map":const a=Array.from(this[s].entries());t.push([s,a]);break;case"object":s==="config"&&t.push([s,await this.getConfigWithEnvPlaceholders()]),t.push([s,this[s]]);break;default:throw new Error("Invalid format")}const e=Object.fromEntries(t);return e[v]=F("PLAN_GATES"),e}static fromJson(t,e){const s=new E(e);for(const[a,c]of Object.entries(R))switch(c){case"map":s[a]=new Map(t[a]);break;case"object":if(a==="config"){s.setGlobalConfig(t[a]);break}s[a]=t[a];break;default:throw new Error("Invalid format")}s.config[g]=z(s.config[g]||{});const r=t[v];return r&&_("PLAN_GATES",r),s}async getConfigWithEnvPlaceholders(){const t=JSON.parse(JSON.stringify(this.config));for(const e in this.replacedEnvVars){const{original:s}=this.replacedEnvVars[e],r=e.split(":"),a=r.pop(),{error:c,value:o}=S(t,r);if(c||!O(o)&&!Array.isArray(o)){await w.panicOnBuild(`Failed to replace env var with env name for ${e}`);continue}o[a]=s}return t}async reportUnsetEnvVars(){if(this.unsetEnvVars.size===0)return;const t=Array.from(this.unsetEnvVars).filter(s=>!W.includes(s));if(t.length===0)return;const e=`Failed to resolve config. The following environment variables are not set: ${t.join(", ")}`;await w.panicOnBuildContentError(e)}}function z(P){return T(P,t=>b.Ast.fromJSON(JSON.stringify(t)))}export{g as MARKDOC_PARTIALS_DATA_KEY,bt as MARKDOC_PARTIALS_DEPS_KEY,E as Store,At as USER_DEFINED_API_FUNCTIONS_COUNTER_KEY};
+import b from"@markdoc/markdoc";import{getPathnameForLocale as A}from"@redocly/theme/core/utils";import{DEFAULT_LOCALE_PLACEHOLDER as u}from"../constants/common.js";import{DEFAULT_TITLE as C}from"./constants/common.js";import{GATED_MARKDOC_TAGS as D}from"./constants/entitlements.js";import{isObject as O}from"../utils/guards/is-object.js";import{mapObject as T}from"../utils/object/map-object.js";import{getValueDeep as S}from"../utils/object/get-value-deep.js";import{removeTrailingSlash as M}from"../utils/url/remove-trailing-slash.js";import{normalizeRouteSlug as f}from"../utils/path/normalize-route-slug.js";import{isLocalLink as L}from"../utils/path/is-local-link.js";import{reporter as w}from"./tools/notifiers/reporter.js";import{logger as p}from"./tools/notifiers/logger.js";import{sha1 as k}from"./utils/crypto/sha1.js";import{writeEnvVariable as _}from"./utils/envs/write-env-variable.js";import{readEnvVariable as F}from"./utils/envs/read-env-variable.js";import{KvService as G}from"./persistence/kv/services/kv-service.js";import{writeSharedData as B}from"./utils/index.js";import{renderComponents as I}from"./ssr/render.js";import{readStaticData as N,writeStaticData as V}from"./utils/static-data.js";import{parseAndResolveMarkdoc as j}from"./plugins/markdown/compiler.js";import{getMarkdocOptions as H}from"./plugins/markdown/markdoc/markdoc-options.js";import{EntitlementsProvider as y}from"./entitlements/entitlements-provider.js";import{isL10nPath as K}from"./fs/utils/is-l10n-path.js";import{resolveMetadataGlobs as U}from"./utils/globs.js";import{replaceEnvVariablesDeep as J}from"./utils/envs/replace-env-variables-deep.js";import{findRedirect as x}from"./utils/redirects/find-redirect.js";import{addWildcardRedirectToTree as q}from"./utils/redirects/add-wildcard-redirect-to-tree.js";import{telemetryTraceStep as $}from"../cli/telemetry/helpers/trace-step.js";const R={routesBySlug:"map",apiRoutes:"object",middleware:"object",routesByFsPath:"map",routesSharedData:"map",globalData:"object",config:"object",ssr:"object",searchFacets:"map",routesPartials:"map"},g="markdown/partials",bt="markdown/partials-deps",v="PLAN_GATES",W=["OAUTH_CLIENT_ID","OAUTH_CLIENT_SECRET","ORGANIZATION_SLUG","ORGANIZATION_ID","ORG_ID"],At="userDefinedApiFunctions";class E{routesBySlug=new Map;replacedEnvVars={};unsetEnvVars=new Set;lifecycleContext;newRoutes=[];#t={};routesByFsPath=new Map;apiRoutes=[];middleware=[];routesSharedData=new Map;sharedDataDeps=new Map;sharedDataMarkdocComponents=new Map;routesDynamicComponents=new Map;routesPartials=new Map;ssr={preBodyTags:[],postBodyTags:[],headTags:[]};searchFacets=new Map;searchEngine;templates=new Map;browserPlugins=new Set;apiRoutesRequestHandlers=new Map;serverPropsGetters=new Map;pagePropsGetters=new Map;listeners=new Map;globalData={};#s=void 0;config={configFilePath:"",redirects:{},wildcardRedirectsTree:{},rbac:{},directoryPermissions:{},devLogin:!1,ssoDirect:{}};#r;serverMode;serverOutDir;outdir;buildRevision=0;hasSitemap=!1;compilationErrors=[];#a;userCodeReady;#o=Promise.resolve();#i;#n=Promise.resolve();#c;#e=new Map;constructor({outdir:t,contentDir:e,serverMode:s=!1,serverOutDir:r}){this.#r=e,this.outdir=t,this.serverMode=s,this.serverOutDir=r,this.userCodeReady=new Promise(a=>{this.#a=a})}on(t,e){const s=this.listeners.get(t);s?s.add(e):this.listeners.set(t,new Set([e]))}queueEvent=(t,e,...s)=>{this.#e.set(t+String(e),[t,e,...s])};runListeners=(t,e,...s)=>{for(const r of this.listeners.get(t)||new Set)e?r(e,...s):r(...s)};startPluginsRun(){this.clear(),this.#o=new Promise(t=>{this.#i=t})}waitForPluginsLifecycle(){return Promise.all([this.#o,this.#n])}finishPluginsRun(){this.#i?.();for(const t of this.#e.values())this.runListeners(...t);this.#e.clear()}startEsbuildRun(){this.#n=new Promise(t=>{this.#c=t})}finishEsbuildRun(){this.#c?.()}get contentDir(){if(this.serverMode)throw new Error("contentDir should not be used in server mode");return this.#r}markUserCodeReady(){this.#a?.(!0)}async reloadMarkdocOptions(){await $("build.reload_markdoc_options",async()=>{const t=y.instance(),e=await H(this.serverOutDir),s=Object.fromEntries(Object.entries(e.tags).filter(([r])=>D[r]!=null?t.canAccessFeature(D[r]):!0));this.#s={...e,tags:s}})}get markdocOptions(){return{...this.#s,partials:this.getGlobalConfig(g),themeConfig:this.config.markdown}}setGlobalData=t=>{const e=this.globalData,s={...this.globalData,...t};this.globalData=s,JSON.stringify(s)!==JSON.stringify(e)&&this.queueEvent("global-data-updated",void 0,s)};getGlobalData=()=>this.globalData;getKv=async()=>G.getInstance({baseDbDir:this.serverOutDir});parseMarkdoc=async(t,e,s)=>{const{data:{info:r,ast:a},compoundHash:c}=await j(t,this.markdocOptions,{actions:this,context:e});for(const o of r.sharedDataDeps||[]){for(const i of s?.routeSlugs||[])this.addRouteSharedData(i,o,o);for(const i of s?.sharedDataIds||[]){const n=this.sharedDataDeps.get(i)||new Set;n.add(o),this.sharedDataDeps.set(i,n)}}for(const o of r.dynamicMarkdocComponents||[]){for(const i of s?.routeSlugs||[]){const n=this.routesDynamicComponents.get(i)||new Set;n.add(o),this.routesDynamicComponents.set(i,n)}for(const i of s?.sharedDataIds||[]){const n=this.sharedDataMarkdocComponents.get(i)||new Set;n.add(o),this.sharedDataMarkdocComponents.set(i,n)}}if(s?.routeSlugs&&r.partials?.length)for(const o of s.routeSlugs){const i=this.routesPartials.get(o)||[];for(const n of r.partials)i.includes(n)||i.push(n);this.routesPartials.set(o,i)}return{info:r,ast:a,compoundHash:c}};async loadOpenApiDefinitions(t){return(await t.cache.load(".","load-oas-docs")).data}async loadAsyncApiDefinitions(t){return(await t.cache.load(".","asyncapi-docs")).data}setSearchEngine(t){this.searchEngine=t}setSearchFacets=t=>{this.searchFacets=t};setGlobalConfig=t=>{const e=Object.keys(t);for(const c of e)for(const o in this.replacedEnvVars)if(o===c||o.startsWith(`${c}:`)){const i=o.split(":"),{error:n,value:l}=S(t,i);(n||l!==this.replacedEnvVars[o].replaced)&&delete this.replacedEnvVars[o]}const{resolvedObj:s,unsetEnvVars:r,replacedValues:a}=J(t);for(const c of r)this.unsetEnvVars.add(c);Object.assign(this.replacedEnvVars,a),Object.assign(this.config,s)};getConfig=()=>this.config;getGlobalConfig=t=>this.config[t];getSearchFacets=()=>this.searchFacets;addRedirect=(t,e)=>{if(!y.instance().canAccessFeature("redirects")&&t!=="/")return;this.config.redirects||(this.config.redirects={});const a=f(t).toLowerCase();this.config.redirects[a]=e,a.endsWith("*")&&q(this.config.wildcardRedirectsTree,a)};getRedirect=t=>{const e=f(t).toLowerCase();return x(e,this.config.redirects,this.config.wildcardRedirectsTree)};createSharedData=async(t,e,s)=>{if(s&&this.#t[t]===s)return t;const r=JSON.stringify(e),a=s??k(r);return this.#t[t]===a||(this.#t[t]=a,await B(t,r,this.outdir),this.queueEvent("shared-data-updated",t)),t};addRouteSharedData=(t,e,s)=>{const r=M(t),a=this.routesSharedData.get(r)||{};a[e]=s,this.routesSharedData.set(r,a),p.verbose(`Adding shared data to ${t}, ${e}, ${s}`)};getRouteSharedDataByFsPath=t=>{const e=this.routesByFsPath.get(t);return e?this.routesSharedData.get(e)||{}:{}};getPartialsForRoute=t=>{const e=this.getGlobalConfig(g)||{},s=this.routesPartials.get(t);if(!s||s.length===0)return{};const r={};for(const a of s)e[a]&&(r[a]=e[a]);return r};addRoute=t=>{const s={...U(t.fsPath,this.config.metadataGlobs),...t.metadata||{}};this.newRoutes.push({...t,metadata:s}),p.verbose("Created route %s",t.slug)};addRouteSharedDataToAllLocales=(t,e,s)=>{const r=[u,...this.lifecycleContext?.fs.localeFolders||[]].map(a=>({code:a,name:a}));for(const a of r){const c=A(t,u,a.code,r);this.addRouteSharedData(c,e,s)}};addApiRoute=t=>{this.apiRoutes.push(t),p.verbose("Created API route %s",t.slug)};addMiddleware=t=>{this.middleware.push(t),p.verbose("Created middleware %s",t.id)};getRouteByFsPath=t=>{const e=this.routesByFsPath.get(t);return e?this.getRouteBySlug(e):void 0};getRouteBySlug=(t,e={})=>{const{followRedirect:s=!0}=e,r=this.getRedirect(t);return s&&r?this.routesBySlug.get(f(r.to)):this.routesBySlug.get(t)};slugHasRouteOrRedirect=t=>{if(this.routesBySlug.has(t))return!0;const e=this.getRedirect(t);if(!e)return!1;if(!L(e.to))return!0;const s=f(e.to);return this.routesBySlug.has(s)};getRoutesByTemplateId=t=>this.newRoutes.filter(e=>e.templateId===t);getAllRoutesForLocale=(t=u)=>{const e=Array.from(this.routesBySlug.values()),s=t.toLowerCase();return e.filter(r=>t===u?!K(r.fsPath):r.slug.startsWith(`/${s}`))};getAllRoutes=()=>Array.from(this.routesBySlug.values());getAllApiRoutes=()=>this.apiRoutes;getAllMiddleware=()=>this.middleware;getTemplate=t=>this.templates.get(t);getRequestHandler=t=>this.apiRoutesRequestHandlers.get(t);createTemplate=(t,e)=>(this.templates.set(t,e),t);addBrowserPlugin=t=>{this.browserPlugins.add(t)};createRequestHandler=(t,e)=>(this.apiRoutesRequestHandlers.set(t,e),t);registerServerPropsGetter=(t,e)=>(this.serverPropsGetters.set(t,e),t);registerPagePropsGetter=(t,e)=>{this.pagePropsGetters.set(t,e)};async writeRouteStaticData(t,e){const s=await this.resolveRouteStaticData(t,e,!1);s&&V(t.slug,s,this.outdir)}async resolveRouteStaticData(t,e,s){if(this.serverMode)return N(t.slug,this.outdir);const r={...this,contentDir:this.contentDir,parseMarkdoc:(l,d)=>this.parseMarkdoc(l,d,{routeSlugs:[t.slug]})},a=await t.getStaticData?.(t,r)||{},c=new Set(this.routesDynamicComponents.get(t.slug)),o=this.routesSharedData.get(t.slug)||{};for(const l of Object.values(o)){const d=this.sharedDataMarkdocComponents.get(l);d&&d.forEach(h=>c.add(h));const m=this.sharedDataDeps.get(l);m&&m.forEach(h=>this.addRouteSharedData(t.slug,h,h))}const i=this.getGlobalConfig("seo"),n=a?.frontmatter||{};return{...a,frontmatter:{...n,seo:{...n?.seo,title:n?.seo?.title||await t.getNavText?.()}},props:{...a.props,dynamicMarkdocComponents:Array.from(c),metadata:{...a?.props?.metadata,...t.metadata},seo:{title:C,...i,...a.props?.seo},compilationErrors:this.compilationErrors},lastModified:s||!t.fsPath?null:await this.lifecycleContext?.fs.getLastModified(t.fsPath)}}addSsrComponents(t,e){if(!t?.length)return;const s=typeof t[0]=="string"?t.join(""):I(t);s&&(e==="head"?this.ssr.headTags.push(s):e==="preBody"?this.ssr.preBodyTags.push(s):this.ssr.postBodyTags.push(s))}clear=()=>{this.routesByFsPath.clear(),this.templates.clear(),this.newRoutes=[],this.routesBySlug.clear(),this.apiRoutes=[],this.middleware=[],this.routesSharedData.clear(),this.sharedDataDeps.clear(),this.sharedDataMarkdocComponents.clear(),this.routesDynamicComponents.clear(),this.routesPartials.clear(),this.config.redirects={},this.config.wildcardRedirectsTree={},this.config.directoryPermissions={},this.ssr={preBodyTags:[],postBodyTags:[],headTags:[]}};async toJson(){const t=[];for(const[s,r]of Object.entries(R))switch(r){case"map":const a=Array.from(this[s].entries());t.push([s,a]);break;case"object":s==="config"&&t.push([s,await this.getConfigWithEnvPlaceholders()]),t.push([s,this[s]]);break;default:throw new Error("Invalid format")}const e=Object.fromEntries(t);return e[v]=F("PLAN_GATES"),e}static fromJson(t,e){const s=new E(e);for(const[a,c]of Object.entries(R))switch(c){case"map":s[a]=new Map(t[a]);break;case"object":if(a==="config"){s.setGlobalConfig(t[a]);break}s[a]=t[a];break;default:throw new Error("Invalid format")}s.config[g]=z(s.config[g]||{});const r=t[v];return r&&_("PLAN_GATES",r),s}async getConfigWithEnvPlaceholders(){const t=JSON.parse(JSON.stringify(this.config));for(const e in this.replacedEnvVars){const{original:s}=this.replacedEnvVars[e],r=e.split(":"),a=r.pop(),{error:c,value:o}=S(t,r);if(c||!O(o)&&!Array.isArray(o)){await w.panicOnBuild(`Failed to replace env var with env name for ${e}`);continue}o[a]=s}return t}async reportUnsetEnvVars(){if(this.unsetEnvVars.size===0)return;const t=Array.from(this.unsetEnvVars).filter(s=>!W.includes(s));if(t.length===0)return;const e=`Failed to resolve config. The following environment variables are not set: ${t.join(", ")}`;await w.panicOnBuildContentError(e)}}function z(P){return T(P,t=>b.Ast.fromJSON(JSON.stringify(t)))}export{g as MARKDOC_PARTIALS_DATA_KEY,bt as MARKDOC_PARTIALS_DEPS_KEY,E as Store,At as USER_DEFINED_API_FUNCTIONS_COUNTER_KEY};

package/dist/server/web-server/routes/auth.js

@@ -1 +1 @@
-import{setCookie as L,deleteCookie as T}from"hono/cookie";import{AuthProviderType as G}from"@redocly/config";import{withPathPrefix as R,getPathPrefix as _}from"@redocly/theme/core/utils";import{compareURIs as X}from"../../../utils/url/compare-uris.js";import{ensureArray as q}from"../../../utils/array/ensure-array.js";import{ALTERNATIVE_AUD_CLAIM_NAME as E,JWT_SECRET_KEY as v,ORG_SLUG as W}from"../../constants/common.js";import{DEFAULT_COOKIE_EXPIRATION as F,ServerRoutes as D}from"../../../constants/common.js";import{sanitizeRedirectPathname as B}from"../../../utils/url/sanitize-redirect-pathname.js";import{telemetry as k}from"../../telemetry/index.js";import{getAuthProviderLoginParams as Y,isOidcProviderConfig as $,isSaml2ProviderConfig as Q,oidcExchangeCodeForToken as Z,buildLoginUrl as x,decodeSamlResponse as ee,extractUserClaims as re,parseSamlResponse as oe,parseOidcState as ne,verifySAMLResponse as te,getUsernameFromPayload as ie,buildOidcLogoutUrl as se,getOidcMetadata as z,getRedoclyTokenPayload as ae,isRedoclySso as de,rewritePreviewAuthRedirectUri as ce,parsePreviewBranch as N,buildOidcLoginUrl as le,createMcpSessionResource as I}from"../auth.js";import*as S from"../jwt/jwt.js";import{AlgorithmTypes as ue}from"../jwt/types.js";import{handleErrorPageRender as pe}from"../utils.js";import{encodeBase64URL as ge}from"../jwt/encode.js";async function Oe(i){if(process.env.NODE_ENV==="production")return i.newResponse(null,404,{});const{password:e,...r}=await i.req.json(),a=await S.sign({...r,name:r.username||r.email||"Unknown"},v);return L(i,"authorization",a,{path:_()||"/",httpOnly:!0,secure:!0,sameSite:"none"}),i.newResponse(null,200,{})}function Pe(){return async i=>{const e=i.get("logger"),r=encodeURIComponent(i.req.query("message")||"");e.error(`Login error: ${r}`);const a=`${D.LOGIN}/?error=${encodeURIComponent(r)}`;return i.newResponse(null,301,{Location:a})}}function H(i){if(!i||!i.includes(D.MCP_CALLBACK))return null;try{const e=i.split("/"),r=e[e.length-1];if(r){const a=Buffer.from(r,"base64url").toString("utf-8");return JSON.parse(a).mcpSessionId||null}}catch{}return null}function Se(i){return async e=>{const r=e.get("logger"),a=i.getConfig().ssoDirect,n=ne(e.req.query("state")),f=n.idpId,t=n.source==="mcp"||n.redirectTo&&typeof n.redirectTo=="string"&&n.redirectTo.includes(D.MCP_CALLBACK),c=t?H(typeof n.redirectTo=="string"?n.redirectTo:void 0):null,s=a?.[f];if(!$(s))return r.error("OIDC login error: missing OIDC provider config"),e.text("Forbidden",403);const d=await z(f,s);if(a&&!d.token_endpoint){const p="Invalid OIDC configuration: token_endpoint is required";return r.error(`OIDC login error: ${p}`),e.text(p,500)}try{const p=d.token_endpoint,l=e.req.query("code"),m=e.req.query("error");if(m)return t&&k.sendMcpAuthorizationFailedMessage({...I(c),error:`OIDC error: ${m}`,error_details:e.req.query("error_description")||null}),pe(e,i,{slug:"/"},403,"403OIDC");if(!l){const h="Code is expected but not present";return r.error(`OIDC login error: ${h}`),t&&k.sendMcpAuthorizationFailedMessage({...I(c),error:h,error_details:null}),new Response(`Forbidden: ${h}`,{status:403})}const y=e.req.header("x-forwarded-host"),g=e.req.header("x-forwarded-proto")||"https",A=t&&typeof n.redirectUri=="string"?n.redirectUri:new URL(R(D.OIDC_CALLBACK),y?`${g}://${y}`:e.req.url).toString(),C=e.get("cookies")?.code_verifier,u=await Z(p,l,A,s,{...s.tokenRequestCustomParams,...C?{code_verifier:C}:{}});if(u.error)return r.error(`Error from OIDC provider: "${u.error}"`),t&&k.sendMcpAuthorizationFailedMessage({...I(c),error:`Token exchange error: ${u.error}`,error_details:u.error_description||null}),e.text(`Forbidden: ${u.error_description||u.error}`,403);if(!u?.id_token){const h="No id_token, please, add openid to scopes";return r.error(`OIDC login error: ${h}`),t&&k.sendMcpAuthorizationFailedMessage({...I(c),error:h,error_details:null}),new Response(`Forbidden: ${h}`,{status:403})}const{payload:o,header:U}=S.decode(u.id_token),j=U.alg===ue.RS256;if(s.audience?.length&&![...q(o.aud||[]),...q(o[E]||[])].some(M=>s.audience?.includes(M))){const M="No valid audience found in id_token";return r.error(`OIDC login error: ${M}`),t&&k.sendMcpAuthorizationFailedMessage({...I(c),error:M,error_details:null}),new Response(`Forbidden: ${M}`)}const b=j?u.id_token:await S.sign({...o,idpId:f},v);ie(o)||r.warn("To display your username, the required 'email' or 'full_profile' scope must be added to the identity provider configuration");const O=s?.tokenExpirationTime?Date.now()+s.tokenExpirationTime*1e3:o.exp*1e3||Date.now()+F*1e3;if(s.introspectEndpoint){const h=await fetch(s.introspectEndpoint,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({access_token:u.access_token})});if(h.ok){const P=(await h.json()).ext?.federatedIdentity;P&&(L(e,"federated_access_token",P.access_token||"",{path:_()||"/",httpOnly:!1,expires:new Date(O)}),L(e,"federated_id_token",P.id_token||"",{path:_()||"/",httpOnly:!1,expires:new Date(O)}))}else r.warn(`OIDC introspect error: ${h.statusText}`)}if(L(e,"authorization",b,{path:_()||"/",httpOnly:!0,expires:new Date(O)}),b!==u.id_token&&L(e,"idp_id_token",u.id_token||"",{path:_()||"/",httpOnly:!0,expires:new Date(O)}),L(e,"idp_access_token",u.access_token||"",{path:_()||"/",httpOnly:!0,expires:new Date(O)}),T(e,"code_verifier",{path:_()||"/"}),t&&n.redirectTo&&typeof n.redirectTo=="string"&&n.redirectTo.includes(D.MCP_CALLBACK)){const h=e.req.url.split("?")[0].replace(D.OIDC_CALLBACK,""),M=R(n.redirectTo),P=`${h}${M}`;return e.newResponse(null,302,{Location:P})}const K=typeof n.redirectTo=="string"?n.redirectTo:void 0;let J=B(new URL(K||"/",e.req.url).pathname);const V=e.newResponse(null,302,{Location:J});return r.updateContext({email:o.email,subject:o.sub}),r.info("OIDC login successful"),V}catch(p){const l=p instanceof Error?p.message:String(p),m=p instanceof Error?p.stack:String(p);if(r.error(`OIDC login error: ${l}`),t&&k.sendMcpAuthorizationFailedMessage({...I(c),error:l,error_details:m}),p.error==="access_denied")return r.info("Access denied"),e.text("Forbidden",403)}const w="Something went wrong";return r.error(`OIDC login error: ${w}`),t&&k.sendMcpAuthorizationFailedMessage({...I(c),error:w,error_details:null}),e.text(w,500)}}function ve(i){return async e=>{const r=e.get("logger"),n=e.get("auth").claims?.idpId,t=i.getConfig().ssoDirect?.[n];if(e.req.method==="POST")return $(t)||T(e,"authorization",{path:_()||"/"}),r.info("Logout successful"),e.newResponse(null,200,{});let c;if($(t)){const s=(await z(n,t)).end_session_endpoint;if(s){const d=new URL(e.req.url),w=e.req.header("x-forwarded-proto")||d.protocol.slice(0,-1)||"https",p=e.req.header("x-forwarded-host")||d.host,l=`${w}://${p}`,m=N(l),y=m?ge(JSON.stringify({branch:N(l)})):void 0,g=m?`${ce(l)}/_auth/logout`:`${l}/post-logout`;c=se(s,g,e.get("cookies")?.idp_id_token||e.get("cookies")?.authorization||"",y)}}return r.info("Logout successful"),T(e,"authorization",{path:_()||"/"}),e.newResponse(null,302,{Location:c||R("/")})}}function $e(i){return async e=>{const r=i.getConfig().logoutReturnUrl,a=r||R("/");return e.newResponse(null,302,{Location:a})}}function Ue(i){return async e=>{const r=e.get("logger"),a=e.req.param("code"),n=process.env.BH_API_URL,f=(t,c,s)=>t&&c?`${t} ${c.charAt(0)}`:s;try{if(!n)throw new Error("BH_API_URL is not set");const t=i.getConfig().ssoDirect;if(!t||!Object.keys(t).length)return r.warn("Invite no sso configured to handle"),e.redirect(R("/"));const c=await fetch(`${n}/user-invites/public/${a}`);if(!c.ok)return c.status===404?(r.warn(`Invite ${a} not found redirect to homepage`),e.redirect(R("/"))):(r.error("Invite error",await c.text()),e.redirect(R("/")));const s=await c.json(),d=new URL(R("/invite"),e.req.url);return d.searchParams.set("code",a),d.searchParams.set("org",s.organization.name),d.searchParams.set("invitedBy",f(s.invitedBy.firstName,s.invitedBy.lastName,s.invitedBy.name)),e.newResponse(null,302,{Location:d.toString()})}catch(t){return r.error("Error processing invite",{error:t,inviteCode:a}),e.text(t.message||"Failed to process invite",400)}}}function Te(i){return async e=>{const r=e.get("logger"),a=i.getConfig().ssoDirect,n=new URL(e.req.url),f=e.req.query("inviteCode"),t=e.req.header("x-forwarded-proto")||n.protocol.slice(0,-1)||"https",c=e.req.header("x-forwarded-host")||n.host,s=`${t}://${c}`;let d=n.searchParams.get("idpId");const w=n.searchParams.get("redirectTo"),p=Object.keys(a||{})[0];d=d||p;const l=n.searchParams.get("mcp_redirect_uri"),m=!!l;if(!a?.[d]){const o="Invalid idpId";if(r.error(`IdP login error: ${o}`),m){const U=H(w||void 0);k.sendMcpAuthorizationFailedMessage({...I(U),error:o,error_details:null})}return e.text(`Forbidden: ${o}`,403)}const g=d&&a?await Y(d,a[d]):void 0,A={};for(const o of Object.keys(g?.extraParams||{}))A[o]=n.searchParams.get(o)||g?.extraParams?.[o]||void 0;let C,u={};if(m&&l&&g&&g.type===G.OIDC){r.info(`Building MCP OAuth login URL with redirect_uri: ${l}`);const o=le("",{...g,extraParams:A},w,f,{redirectUriOverride:l,sourceOverride:"mcp",branchOverride:void 0});C=o.loginUrl,u=o.cookies||{}}else if(g){const o=x({...g,extraParams:A},s,w,f);C=o.loginUrl,u=o.cookies||{}}return Object.keys(u).forEach(o=>{L(e,o,u[o].value,u[o].options)}),r.info(`IdP login initiated for ID '${d}'`),e.newResponse(null,302,{Location:C||new URL(e.req.url).pathname})}}function qe(i){return async e=>{const r=e.get("logger"),a=await e.req.formData(),n=a.get("SAMLResponse"),f=a.get("RelayState");if(typeof n!="string"||typeof f!="string"){const o="SAMLResponse is required";return r.error(`SAML2 login error: ${o}`),e.text(`Bad request: ${o}`,400)}const t=ee(n),{success:c,uid:s,nameFormat:d,attrs:w,issuerId:p,expiresAt:l}=oe(t),{idpId:m,redirectTo:y}=JSON.parse(f);if(!c){const o="SAML2 assertion is not successful";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!l||Math.ceil(Date.now()/1e3)>=l){const o="SAML2 Token Expired";return r.error(`SAML2 login error: ${o}`),e.text(o,401)}const g=i.getConfig().ssoDirect?.[m];if(!g||!Q(g)){const o="Cannot find valid IdP";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!(g.issuerId&&p&&X(g.issuerId,p))){const o="IssuerID is misconfigured or untrusted assertions issuer received";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!await te(t,g.x509PublicCert)){const o="SAMLResponse signature invalid";return r.error(`SAML2 login error: ${o}`),e.text(o,401)}const C=re(s,d,w,g.teamsAttributeName);if(!C.sub){const o="The provider did not return a valid user identity.";return r.error(`SAML2 login error: ${o}`),e.text(o,400)}if(!C.email){const o="The provider did not return a valid user email.";return r.error(`SAML2 login error: ${o}`),e.text(o,400)}const u=await S.sign({...C,idpId:m},v);return L(e,"authorization",u,{path:_()||"/",httpOnly:!0,expires:new Date(l*1e3)}),r.updateContext({email:C.email,subject:C.sub}),r.info("SAML2 login successful"),e.newResponse(null,302,{Location:y||"/"})}}function be(i){return async e=>{const r=e.get("logger"),a=new URL(e.req.query("redirectTo")||"/",e.req.url),n=R(B(a.pathname)),f=i.getConfig().ssoDirect,t=Object.entries(f||{}).find(([,y])=>$(y)&&de(y));if(!(f&&t))return e.newResponse(null,302,{Location:n});const s=e.req.query("token"),d=s&&await ae(s);if(!d)return e.newResponse(null,302,{Location:n});if(!q(d[E]||[]).some(y=>y===W))return e.newResponse(null,302,{Location:n});const l=await S.sign({...d,idpId:t?.at(0)},v),m=Date.now()+F*1e3;return L(e,"authorization",l,{path:_()||"/",httpOnly:!0,expires:new Date(m),sameSite:"None",secure:!0}),r.info("Token login successful"),e.newResponse(null,302,{Location:n})}}export{Oe as authorizeHandler,Te as idpLoginHandler,Ue as inviteHandler,ve as logoutHandler,Se as oidcCallbackHandler,$e as postLogoutHandler,Pe as redoclyLoginCallbackHandler,be as redoclyTokenLoginHandler,qe as samlCallbackHandler};
+import{setCookie as R,deleteCookie as T}from"hono/cookie";import{AuthProviderType as G}from"@redocly/config";import{withPathPrefix as L,getPathPrefix as C}from"@redocly/theme/core/utils";import{compareURIs as X}from"../../../utils/url/compare-uris.js";import{ensureArray as q}from"../../../utils/array/ensure-array.js";import{ALTERNATIVE_AUD_CLAIM_NAME as E,JWT_SECRET_KEY as v,ORG_SLUG as W,ORG_ID as Y}from"../../constants/common.js";import{DEFAULT_COOKIE_EXPIRATION as F,ServerRoutes as D}from"../../../constants/common.js";import{sanitizeRedirectPathname as B}from"../../../utils/url/sanitize-redirect-pathname.js";import{telemetry as M}from"../../telemetry/index.js";import{getAuthProviderLoginParams as Q,isOidcProviderConfig as $,isSaml2ProviderConfig as Z,oidcExchangeCodeForToken as x,buildLoginUrl as ee,decodeSamlResponse as re,extractUserClaims as oe,parseSamlResponse as ne,parseOidcState as te,verifySAMLResponse as ie,getUsernameFromPayload as se,buildOidcLogoutUrl as ae,getOidcMetadata as z,getRedoclyTokenPayload as de,isRedoclySso as ce,rewritePreviewAuthRedirectUri as le,parsePreviewBranch as N,buildOidcLoginUrl as ue,createMcpSessionResource as k}from"../auth.js";import*as S from"../jwt/jwt.js";import{AlgorithmTypes as pe}from"../jwt/types.js";import{handleErrorPageRender as ge}from"../utils.js";import{encodeBase64URL as fe}from"../jwt/encode.js";async function Pe(i){if(process.env.NODE_ENV==="production")return i.newResponse(null,404,{});const{password:e,...r}=await i.req.json(),a=await S.sign({...r,name:r.username||r.email||"Unknown"},v);return R(i,"authorization",a,{path:C()||"/",httpOnly:!0,secure:!0,sameSite:"none"}),i.newResponse(null,200,{})}function Se(){return async i=>{const e=i.get("logger"),r=encodeURIComponent(i.req.query("message")||"");e.error(`Login error: ${r}`);const a=`${D.LOGIN}/?error=${encodeURIComponent(r)}`;return i.newResponse(null,301,{Location:a})}}function H(i){if(!i||!i.includes(D.MCP_CALLBACK))return null;try{const e=i.split("/"),r=e[e.length-1];if(r){const a=Buffer.from(r,"base64url").toString("utf-8");return JSON.parse(a).mcpSessionId||null}}catch{}return null}function ve(i){return async e=>{const r=e.get("logger"),a=i.getConfig().ssoDirect,n=te(e.req.query("state")),f=n.idpId,t=n.source==="mcp"||n.redirectTo&&typeof n.redirectTo=="string"&&n.redirectTo.includes(D.MCP_CALLBACK),c=t?H(typeof n.redirectTo=="string"?n.redirectTo:void 0):null,s=a?.[f];if(!$(s))return r.error("OIDC login error: missing OIDC provider config"),e.text("Forbidden",403);const d=await z(f,s);if(a&&!d.token_endpoint){const p="Invalid OIDC configuration: token_endpoint is required";return r.error(`OIDC login error: ${p}`),e.text(p,500)}try{const p=d.token_endpoint,l=e.req.query("code"),m=e.req.query("error");if(m)return t&&M.sendMcpAuthorizationFailedMessage({...k(c),error:`OIDC error: ${m}`,error_details:e.req.query("error_description")||null}),ge(e,i,{slug:"/"},403,"403OIDC");if(!l){const h="Code is expected but not present";return r.error(`OIDC login error: ${h}`),t&&M.sendMcpAuthorizationFailedMessage({...k(c),error:h,error_details:null}),new Response(`Forbidden: ${h}`,{status:403})}const w=e.req.header("x-forwarded-host"),g=e.req.header("x-forwarded-proto")||"https",A=t&&typeof n.redirectUri=="string"?n.redirectUri:new URL(L(D.OIDC_CALLBACK),w?`${g}://${w}`:e.req.url).toString(),_=e.get("cookies")?.code_verifier,u=await x(p,l,A,s,{...s.tokenRequestCustomParams,..._?{code_verifier:_}:{}});if(u.error)return r.error(`Error from OIDC provider: "${u.error}"`),t&&M.sendMcpAuthorizationFailedMessage({...k(c),error:`Token exchange error: ${u.error}`,error_details:u.error_description||null}),e.text(`Forbidden: ${u.error_description||u.error}`,403);if(!u?.id_token){const h="No id_token, please, add openid to scopes";return r.error(`OIDC login error: ${h}`),t&&M.sendMcpAuthorizationFailedMessage({...k(c),error:h,error_details:null}),new Response(`Forbidden: ${h}`,{status:403})}const{payload:o,header:U}=S.decode(u.id_token),j=U.alg===pe.RS256;if(s.audience?.length&&![...q(o.aud||[]),...q(o[E]||[])].some(I=>s.audience?.includes(I))){const I="No valid audience found in id_token";return r.error(`OIDC login error: ${I}`),t&&M.sendMcpAuthorizationFailedMessage({...k(c),error:I,error_details:null}),new Response(`Forbidden: ${I}`)}const b=j?u.id_token:await S.sign({...o,idpId:f},v);se(o)||r.warn("To display your username, the required 'email' or 'full_profile' scope must be added to the identity provider configuration");const O=s?.tokenExpirationTime?Date.now()+s.tokenExpirationTime*1e3:o.exp*1e3||Date.now()+F*1e3;if(s.introspectEndpoint){const h=await fetch(s.introspectEndpoint,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({access_token:u.access_token})});if(h.ok){const P=(await h.json()).ext?.federatedIdentity;P&&(R(e,"federated_access_token",P.access_token||"",{path:C()||"/",httpOnly:!1,expires:new Date(O)}),R(e,"federated_id_token",P.id_token||"",{path:C()||"/",httpOnly:!1,expires:new Date(O)}))}else r.warn(`OIDC introspect error: ${h.statusText}`)}if(R(e,"authorization",b,{path:C()||"/",httpOnly:!0,expires:new Date(O)}),b!==u.id_token&&R(e,"idp_id_token",u.id_token||"",{path:C()||"/",httpOnly:!0,expires:new Date(O)}),R(e,"idp_access_token",u.access_token||"",{path:C()||"/",httpOnly:!0,expires:new Date(O)}),T(e,"code_verifier",{path:C()||"/"}),t&&n.redirectTo&&typeof n.redirectTo=="string"&&n.redirectTo.includes(D.MCP_CALLBACK)){const h=e.req.url.split("?")[0].replace(D.OIDC_CALLBACK,""),I=L(n.redirectTo),P=`${h}${I}`;return e.newResponse(null,302,{Location:P})}const K=typeof n.redirectTo=="string"?n.redirectTo:void 0;let J=B(new URL(K||"/",e.req.url).pathname);const V=e.newResponse(null,302,{Location:J});return r.updateContext({email:o.email,subject:o.sub}),r.info("OIDC login successful"),V}catch(p){const l=p instanceof Error?p.message:String(p),m=p instanceof Error?p.stack:String(p);if(r.error(`OIDC login error: ${l}`),t&&M.sendMcpAuthorizationFailedMessage({...k(c),error:l,error_details:m}),p.error==="access_denied")return r.info("Access denied"),e.text("Forbidden",403)}const y="Something went wrong";return r.error(`OIDC login error: ${y}`),t&&M.sendMcpAuthorizationFailedMessage({...k(c),error:y,error_details:null}),e.text(y,500)}}function $e(i){return async e=>{const r=e.get("logger"),n=e.get("auth").claims?.idpId,t=i.getConfig().ssoDirect?.[n];if(e.req.method==="POST")return $(t)||T(e,"authorization",{path:C()||"/"}),r.info("Logout successful"),e.newResponse(null,200,{});let c;if($(t)){const s=(await z(n,t)).end_session_endpoint;if(s){const d=new URL(e.req.url),y=e.req.header("x-forwarded-proto")||d.protocol.slice(0,-1)||"https",p=e.req.header("x-forwarded-host")||d.host,l=`${y}://${p}`,m=N(l),w=m?fe(JSON.stringify({branch:N(l)})):void 0,g=m?`${le(l)}/_auth/logout`:`${l}/post-logout`;c=ae(s,g,e.get("cookies")?.idp_id_token||e.get("cookies")?.authorization||"",w)}}return r.info("Logout successful"),T(e,"authorization",{path:C()||"/"}),e.newResponse(null,302,{Location:c||L("/")})}}function Ue(i){return async e=>{const r=i.getConfig().logoutReturnUrl,a=r||L("/");return e.newResponse(null,302,{Location:a})}}function Te(i){return async e=>{const r=e.get("logger"),a=e.req.param("code"),n=process.env.BH_API_URL,f=(t,c,s)=>t&&c?`${t} ${c.charAt(0)}`:s;try{if(!n)throw new Error("BH_API_URL is not set");const t=i.getConfig().ssoDirect;if(!t||!Object.keys(t).length)return r.warn("Invite no sso configured to handle"),e.redirect(L("/"));const c=await fetch(`${n}/user-invites/public/${a}`);if(!c.ok)return c.status===404?(r.warn(`Invite ${a} not found redirect to homepage`),e.redirect(L("/"))):(r.error("Invite error",await c.text()),e.redirect(L("/")));const s=await c.json(),d=new URL(L("/invite"),e.req.url);return d.searchParams.set("code",a),d.searchParams.set("org",s.organization.name),d.searchParams.set("invitedBy",f(s.invitedBy.firstName,s.invitedBy.lastName,s.invitedBy.name)),e.newResponse(null,302,{Location:d.toString()})}catch(t){return r.error("Error processing invite",{error:t,inviteCode:a}),e.text(t.message||"Failed to process invite",400)}}}function qe(i){return async e=>{const r=e.get("logger"),a=i.getConfig().ssoDirect,n=new URL(e.req.url),f=e.req.query("inviteCode"),t=e.req.header("x-forwarded-proto")||n.protocol.slice(0,-1)||"https",c=e.req.header("x-forwarded-host")||n.host,s=`${t}://${c}`;let d=n.searchParams.get("idpId");const y=n.searchParams.get("redirectTo"),p=Object.keys(a||{})[0];d=d||p;const l=n.searchParams.get("mcp_redirect_uri"),m=!!l;if(!a?.[d]){const o="Invalid idpId";if(r.error(`IdP login error: ${o}`),m){const U=H(y||void 0);M.sendMcpAuthorizationFailedMessage({...k(U),error:o,error_details:null})}return e.text(`Forbidden: ${o}`,403)}const g=d&&a?await Q(d,a[d]):void 0,A={};for(const o of Object.keys(g?.extraParams||{}))A[o]=n.searchParams.get(o)||g?.extraParams?.[o]||void 0;let _,u={};if(m&&l&&g&&g.type===G.OIDC){r.info(`Building MCP OAuth login URL with redirect_uri: ${l}`);const o=ue("",{...g,extraParams:A},y,f,{redirectUriOverride:l,sourceOverride:"mcp",branchOverride:void 0});_=o.loginUrl,u=o.cookies||{}}else if(g){const o=ee({...g,extraParams:A},s,y,f);_=o.loginUrl,u=o.cookies||{}}return Object.keys(u).forEach(o=>{R(e,o,u[o].value,u[o].options)}),r.info(`IdP login initiated for ID '${d}'`),e.newResponse(null,302,{Location:_||new URL(e.req.url).pathname})}}function be(i){return async e=>{const r=e.get("logger"),a=await e.req.formData(),n=a.get("SAMLResponse"),f=a.get("RelayState");if(typeof n!="string"||typeof f!="string"){const o="SAMLResponse is required";return r.error(`SAML2 login error: ${o}`),e.text(`Bad request: ${o}`,400)}const t=re(n),{success:c,uid:s,nameFormat:d,attrs:y,issuerId:p,expiresAt:l}=ne(t),{idpId:m,redirectTo:w}=JSON.parse(f);if(!c){const o="SAML2 assertion is not successful";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!l||Math.ceil(Date.now()/1e3)>=l){const o="SAML2 Token Expired";return r.error(`SAML2 login error: ${o}`),e.text(o,401)}const g=i.getConfig().ssoDirect?.[m];if(!g||!Z(g)){const o="Cannot find valid IdP";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!(g.issuerId&&p&&X(g.issuerId,p))){const o="IssuerID is misconfigured or untrusted assertions issuer received";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!await ie(t,g.x509PublicCert)){const o="SAMLResponse signature invalid";return r.error(`SAML2 login error: ${o}`),e.text(o,401)}const _=oe(s,d,y,g.teamsAttributeName);if(!_.sub){const o="The provider did not return a valid user identity.";return r.error(`SAML2 login error: ${o}`),e.text(o,400)}if(!_.email){const o="The provider did not return a valid user email.";return r.error(`SAML2 login error: ${o}`),e.text(o,400)}const u=await S.sign({..._,idpId:m},v);return R(e,"authorization",u,{path:C()||"/",httpOnly:!0,expires:new Date(l*1e3)}),r.updateContext({email:_.email,subject:_.sub}),r.info("SAML2 login successful"),e.newResponse(null,302,{Location:w||"/"})}}function Ee(i){return async e=>{const r=e.get("logger"),a=new URL(e.req.query("redirectTo")||"/",e.req.url),n=L(B(a.pathname)),f=i.getConfig().ssoDirect,t=Object.entries(f||{}).find(([,w])=>$(w)&&ce(w));if(!(f&&t))return e.newResponse(null,302,{Location:n});const s=e.req.query("token"),d=s&&await de(s);if(!d)return e.newResponse(null,302,{Location:n});if(!q(d[E]||[]).some(w=>w===W||w===Y))return e.newResponse(null,302,{Location:n});const l=await S.sign({...d,idpId:t?.at(0)},v),m=Date.now()+F*1e3;return R(e,"authorization",l,{path:C()||"/",httpOnly:!0,expires:new Date(m),sameSite:"None",secure:!0}),r.info("Token login successful"),e.newResponse(null,302,{Location:n})}}export{Pe as authorizeHandler,qe as idpLoginHandler,Te as inviteHandler,$e as logoutHandler,ve as oidcCallbackHandler,Ue as postLogoutHandler,Se as redoclyLoginCallbackHandler,Ee as redoclyTokenLoginHandler,be as samlCallbackHandler};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@redocly/realm",
-  "version": "0.130.0-next.8",
+  "version": "0.130.0-next.9",
   "description": "",
   "type": "module",
   "bin": {
@@ -29,7 +29,7 @@
     "@opentelemetry/sdk-trace-web": "2.0.1",
     "@opentelemetry/semantic-conventions": "1.34.0",
     "@redocly/ajv": "8.17.2",
-    "@redocly/openapi-core": "0.0.0-snapshot.1769511679",
+    "@redocly/openapi-core": "2.15.1",
     "@shikijs/transformers": "3.21.0",
     "@tanstack/react-query": "5.62.3",
     "@tanstack/react-table": "8.21.3",
@@ -90,12 +90,12 @@
     "xml-crypto": "6.0.1",
     "xpath": "0.0.34",
     "yaml-ast-parser": "0.0.43",
-    "@redocly/asyncapi-docs": "1.7.0-next.7",
+    "@redocly/asyncapi-docs": "1.7.0-next.8",
     "@redocly/config": "0.41.4",
-    "@redocly/graphql-docs": "1.7.0-next.0",
-    "@redocly/openapi-docs": "3.18.0-next.7",
+    "@redocly/graphql-docs": "1.7.0-next.1",
+    "@redocly/openapi-docs": "3.18.0-next.8",
     "@redocly/portal-legacy-ui": "0.13.0-next.0",
-    "@redocly/portal-plugin-mock-server": "0.15.0-next.7",
+    "@redocly/portal-plugin-mock-server": "0.15.0-next.8",
     "@redocly/realm-asyncapi-sdk": "0.8.0-next.1",
     "@redocly/theme": "0.62.0-next.5"
   },