@redocly/redoc 0.130.1 → 0.131.0-next.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +33 -0
- package/dist/bin.d.ts +1 -0
- package/dist/bin.js +1 -1
- package/dist/cli/develop.js +1 -1
- package/dist/cli/prepare/copy-env-files.js +1 -1
- package/dist/cli/prepare/index.js +1 -1
- package/dist/cli/telemetry/index.js +1 -1
- package/dist/client/App.js +1 -1
- package/dist/client/ErrorBoundary.js +1 -1
- package/dist/client/app/Sidebar/helpers/filter-out-versioned-items.js +1 -1
- package/dist/client/app/hooks/useRouteChangeTracker.js +1 -1
- package/dist/client/app/search/useAiSearch.js +1 -1
- package/dist/client/browser-entry.js +5 -5
- package/dist/client/providers/hooks.js +1 -1
- package/dist/client/runtime/loader.js +1 -1
- package/dist/config/env-config.d.ts +17 -0
- package/dist/config/env-config.js +1 -0
- package/dist/config/env-schema.d.ts +242 -0
- package/dist/config/env-schema.js +3 -0
- package/dist/config/env-schemas/api-urls.d.ts +24 -0
- package/dist/config/env-schemas/api-urls.js +1 -0
- package/dist/config/env-schemas/auth.d.ts +42 -0
- package/dist/config/env-schemas/auth.js +1 -0
- package/dist/config/env-schemas/catalog.d.ts +12 -0
- package/dist/config/env-schemas/catalog.js +1 -0
- package/dist/config/env-schemas/database.d.ts +15 -0
- package/dist/config/env-schemas/database.js +1 -0
- package/dist/config/env-schemas/environment-detection.d.ts +24 -0
- package/dist/config/env-schemas/environment-detection.js +1 -0
- package/dist/config/env-schemas/feature-flags.d.ts +24 -0
- package/dist/config/env-schemas/feature-flags.js +1 -0
- package/dist/config/env-schemas/organization-project.d.ts +27 -0
- package/dist/config/env-schemas/organization-project.js +1 -0
- package/dist/config/env-schemas/scorecards.d.ts +12 -0
- package/dist/config/env-schemas/scorecards.js +1 -0
- package/dist/config/env-schemas/search.d.ts +21 -0
- package/dist/config/env-schemas/search.js +1 -0
- package/dist/config/env-schemas/server-config.d.ts +51 -0
- package/dist/config/env-schemas/server-config.js +1 -0
- package/dist/config/env-schemas/site.d.ts +12 -0
- package/dist/config/env-schemas/site.js +1 -0
- package/dist/config/env-schemas/ssr.d.ts +18 -0
- package/dist/config/env-schemas/ssr.js +1 -0
- package/dist/config/env-schemas/telemetry.d.ts +15 -0
- package/dist/config/env-schemas/telemetry.js +1 -0
- package/dist/config/env-schemas/test.d.ts +22 -0
- package/dist/config/env-schemas/test.js +1 -0
- package/dist/constants/common.d.ts +1 -1
- package/dist/constants/common.js +1 -1
- package/dist/server/api-routes/import-api-routes-handlers.js +1 -1
- package/dist/server/api-routes/run-api-routes-worker.js +1 -1
- package/dist/server/constants/common.js +1 -1
- package/dist/server/entitlements/entitlements-provider.js +1 -1
- package/dist/server/esbuild/esbuild-logger.js +2 -2
- package/dist/server/esbuild/esbuild.js +2 -2
- package/dist/server/esbuild/plugins/assets-resolver.js +1 -1
- package/dist/server/esbuild/plugins/esbuild-compile-resolver.js +1 -1
- package/dist/server/esbuild/plugins/styled-components-ssr.js +1 -1
- package/dist/server/fs/last-modified-tracker.js +1 -1
- package/dist/server/fs/utils/is-loader-cache-enabled.js +1 -1
- package/dist/server/node-bundle-entry.js +1 -1
- package/dist/server/plugins/analytics/adobe/index.js +1 -1
- package/dist/server/plugins/analytics/amplitude/index.js +1 -1
- package/dist/server/plugins/analytics/fullstory/index.js +1 -1
- package/dist/server/plugins/analytics/ga/index.js +1 -1
- package/dist/server/plugins/analytics/gtm/browser-hooks.js +1 -1
- package/dist/server/plugins/analytics/gtm/index.js +1 -1
- package/dist/server/plugins/analytics/heap/index.js +1 -1
- package/dist/server/plugins/analytics/rudderstack/index.js +1 -1
- package/dist/server/plugins/analytics/segment/index.js +1 -1
- package/dist/server/plugins/catalog-entities/database/catalog-entities-service.d.ts +4 -52
- package/dist/server/plugins/catalog-entities/database/catalog-entities-service.js +1 -1
- package/dist/server/plugins/catalog-entities/database/mappers/create-entity-db-record.d.ts +1 -0
- package/dist/server/plugins/catalog-entities/database/mappers/create-entity-read-model.js +1 -1
- package/dist/server/plugins/catalog-entities/database/mappers/{create-entity-relation.d.ts → create-entity-relation-read-model.d.ts} +2 -2
- package/dist/server/plugins/catalog-entities/database/mappers/create-entity-relation-read-model.js +1 -0
- package/dist/server/plugins/catalog-entities/database/repositories/local/catalog-entities-local-read-repository.js +3 -3
- package/dist/server/plugins/catalog-entities/database/repositories/local/catalog-entities-local-repository.d.ts +5 -31
- package/dist/server/plugins/catalog-entities/database/repositories/local/catalog-entities-local-write-repository.js +1 -1
- package/dist/server/plugins/catalog-entities/database/repositories/remote/catalog-entities-remote-repository.d.ts +3 -4
- package/dist/server/plugins/catalog-entities/database/repositories/remote/catalog-entities-remote-repository.js +1 -1
- package/dist/server/plugins/catalog-entities/extensions/extractors/api-description/asyncapi-entities-extractor.js +1 -1
- package/dist/server/plugins/catalog-entities/extensions/extractors/api-description/base.d.ts +2 -1
- package/dist/server/plugins/catalog-entities/extensions/extractors/api-description/base.js +1 -1
- package/dist/server/plugins/catalog-entities/extensions/extractors/api-description/openapi-entities-extractor.js +1 -1
- package/dist/server/plugins/catalog-entities/extensions/extractors/fs-entities-extractor.js +1 -1
- package/dist/server/plugins/catalog-entities/plugin.js +1 -1
- package/dist/server/plugins/catalog-entities/schemas/read-model-schemas.d.ts +25 -164
- package/dist/server/plugins/catalog-entities/schemas/read-model-schemas.js +0 -1
- package/dist/server/plugins/config-parser/loaders/utils/read-and-validate-config.js +1 -1
- package/dist/server/plugins/default-theme/index.js +1 -1
- package/dist/server/plugins/entitlements/index.js +1 -1
- package/dist/server/plugins/lifecycle.js +2 -2
- package/dist/server/plugins/markdown/markdoc/import-user-tags.js +1 -1
- package/dist/server/plugins/markdown/markdoc/plugins/render-mermaid.js +1 -1
- package/dist/server/plugins/mcp/auth/auth-handlers.js +1 -1
- package/dist/server/plugins/mcp/handlers/handle-mcp-request.js +1 -1
- package/dist/server/plugins/nav-utils.js +1 -1
- package/dist/server/plugins/openapi-docs/index.js +1 -1
- package/dist/server/plugins/scorecard-classic/index.js +1 -1
- package/dist/server/plugins/scorecards/plugin.js +1 -1
- package/dist/server/plugins/scorecards/workers/run-scorecards-worker.js +1 -1
- package/dist/server/plugins/search/ai-indexer/prepare-ai-search-documents.js +1 -1
- package/dist/server/plugins/search/documents/search-documents.js +1 -1
- package/dist/server/plugins/search/engines/flexsearch/index.js +1 -1
- package/dist/server/plugins/search/engines/typesense/index.js +1 -1
- package/dist/server/plugins/search/index.js +1 -1
- package/dist/server/plugins/search/llmstxt/index.js +5 -5
- package/dist/server/plugins/search/utils.js +1 -1
- package/dist/server/plugins/sidebars/index.js +2 -2
- package/dist/server/plugins/sso/index.js +1 -1
- package/dist/server/providers/database/base-repository.js +1 -1
- package/dist/server/providers/database/database-connection-factory.js +1 -1
- package/dist/server/providers/database/database-preconnect-service.js +1 -1
- package/dist/server/providers/database/databases/sqld-sqlite/drizzle.config.js +1 -1
- package/dist/server/ssr/render.js +1 -1
- package/dist/server/ssr/server-side-props/get-server-props-from-user-handler.js +1 -1
- package/dist/server/ssr/utils.js +8 -8
- package/dist/server/store.d.ts +4 -4
- package/dist/server/store.js +1 -1
- package/dist/server/telemetry/index.js +1 -1
- package/dist/server/tools/notifiers/formatter.js +3 -3
- package/dist/server/tools/notifiers/helpers/colors.js +1 -1
- package/dist/server/tools/notifiers/logger.js +2 -2
- package/dist/server/tools/notifiers/reporter.js +6 -6
- package/dist/server/tools/notifiers/terminal-manager.js +4 -4
- package/dist/server/utils/envs/load-env-variables.js +1 -1
- package/dist/server/utils/is-catalog-entities-enabled.js +1 -1
- package/dist/server/utils/is-scorecards-enabled.js +1 -1
- package/dist/server/utils/lifecycle-hooks.js +1 -1
- package/dist/server/utils/report-all-errors.js +1 -1
- package/dist/server/utils/set-execution-mode.d.ts +5 -0
- package/dist/server/utils/set-execution-mode.js +1 -0
- package/dist/server/version.js +1 -1
- package/dist/server/web-server/handle-api-route-request.js +1 -1
- package/dist/server/web-server/http.js +2 -2
- package/dist/server/web-server/middleware/apiKeyMiddleware.js +1 -1
- package/dist/server/web-server/middleware/catalogAuthMiddleware.js +1 -1
- package/dist/server/web-server/middleware/corsMiddleware.js +1 -1
- package/dist/server/web-server/middleware/dynamic-middleware/dynamic-middleware.js +1 -1
- package/dist/server/web-server/middleware/idleTimeoutMiddleware.js +1 -1
- package/dist/server/web-server/routes/auth.js +1 -1
- package/dist/server/web-server/routes/catalog/catalog-relations.js +1 -1
- package/dist/server/web-server/routes/catalog/catalog.js +1 -1
- package/dist/server/web-server/routes/catalog/dto/read-entity-dto.d.ts +3 -0
- package/dist/server/web-server/routes/catalog/dto/read-entity-dto.js +0 -0
- package/dist/server/web-server/routes/catalog/helpers/create-entity-relation-update-schema.d.ts +43 -0
- package/dist/server/web-server/routes/catalog/helpers/create-entity-relation-update-schema.js +1 -0
- package/dist/server/web-server/routes/catalog/helpers/create-entity-schema.d.ts +6823 -0
- package/dist/server/web-server/routes/catalog/helpers/create-entity-schema.js +1 -0
- package/dist/server/web-server/routes/catalog/helpers/create-entity-update-schema.d.ts +1102 -0
- package/dist/server/web-server/routes/catalog/helpers/create-entity-update-schema.js +1 -0
- package/dist/server/web-server/routes/catalog/mappers/map-entity-read-model-schema-to-entity-read-dto.d.ts +4 -0
- package/dist/server/web-server/routes/catalog/mappers/map-entity-read-model-schema-to-entity-read-dto.js +1 -0
- package/dist/server/web-server/routes/catalog/parsers/entities/parse-entities.d.ts +4 -0
- package/dist/server/web-server/routes/catalog/parsers/entities/parse-entities.js +1 -0
- package/dist/server/web-server/routes/catalog/parsers/entities/parse-entity-update-data.d.ts +4 -0
- package/dist/server/web-server/routes/catalog/parsers/entities/parse-entity-update-data.js +1 -0
- package/dist/server/web-server/routes/catalog/parsers/entities/parse-entity.d.ts +4 -0
- package/dist/server/web-server/routes/catalog/parsers/entities/parse-entity.js +1 -0
- package/dist/server/web-server/routes/catalog/parsers/relations/parse-entities-relations.d.ts +13 -0
- package/dist/server/web-server/routes/catalog/parsers/relations/parse-entities-relations.js +1 -0
- package/dist/server/web-server/routes/catalog/parsers/relations/parse-entity-relation-update-data.d.ts +13 -0
- package/dist/server/web-server/routes/catalog/parsers/relations/parse-entity-relation-update-data.js +1 -0
- package/dist/server/web-server/routes/catalog/parsers/relations/parse-entity-relation.d.ts +13 -0
- package/dist/server/web-server/routes/catalog/parsers/relations/parse-entity-relation.js +1 -0
- package/dist/server/web-server/routes/dynamic-route.js +1 -1
- package/dist/server/web-server/routes/error.js +1 -1
- package/dist/server/web-server/routes/index.js +1 -1
- package/dist/server/web-server/routes/info.js +1 -1
- package/dist/server/web-server/routes/mcp-oauth.js +1 -1
- package/dist/server/web-server/routes/otel/otel.js +1 -1
- package/dist/server/web-server/routes/page-data.js +1 -1
- package/dist/server/web-server/routes/path-prefix-redirect.js +1 -1
- package/dist/server/workers/worker-pool.js +1 -1
- package/package.json +11 -10
- package/dist/server/plugins/catalog-entities/database/mappers/create-entity-relation.js +0 -1
- package/dist/server/plugins/catalog-entities/entities/validate-entity.d.ts +0 -8
- package/dist/server/plugins/catalog-entities/entities/validate-entity.js +0 -1
- package/dist/server/utils/envs/is-build-mode.d.ts +0 -2
- package/dist/server/utils/envs/is-build-mode.js +0 -1
- package/dist/server/utils/envs/is-develop-mode.d.ts +0 -7
- package/dist/server/utils/envs/is-develop-mode.js +0 -1
- package/dist/server/utils/envs/is-production-mode.d.ts +0 -10
- package/dist/server/utils/envs/is-production-mode.js +0 -1
- package/dist/utils/env/is-local-development.d.ts +0 -13
- package/dist/utils/env/is-local-development.js +0 -1
- package/dist/utils/env/is-production.d.ts +0 -13
- package/dist/utils/env/is-production.js +0 -1
- package/dist/utils/env/is-web-view.d.ts +0 -14
- package/dist/utils/env/is-web-view.js +0 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
const e=process.argv[2];e==="prepare"||e==="build"?process.env.REDOCLY_EXECUTION_MODE="build":e==="develop"&&(process.env.REDOCLY_EXECUTION_MODE="develop");
|
package/dist/server/version.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{createRequire as
|
|
1
|
+
import{createRequire as o}from"module";import{envConfig as r}from"../config/env-config.js";const i=r.REDOCLY_INTERNAL_DEV==="true"?"local":o(import.meta.url)("../../package.json").version;export{i as PORTAL_VERSION};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{logger as n}from"../tools/notifiers/logger.js";import{
|
|
1
|
+
import{logger as n}from"../tools/notifiers/logger.js";import{envConfig as o}from"../../config/env-config.js";import{runApiRoutesWorker as m}from"../api-routes/run-api-routes-worker.js";import{MCP_DOCS_SERVER_HANDLER_ID as i}from"../plugins/mcp/index.js";import{handleMcpRequest as u}from"../plugins/mcp/handlers/handle-mcp-request.js";async function l(r,s,a){try{const e=n.startTiming(),t=r.requestHandlerId===i?await u(r,s,a):await m(r,s,a);return n.infoTime(e,`API request handled "${new URL(s.req.url).pathname}" with status "${t.status}" and content type "${t.headers?.get("content-type")}"`),t.headers.set("X-Source","REALM_API_FUNCTION"),t}catch(e){return n.error(`[${r.requestHandlerId}] ${e.stack}`),e.name==="RequestBodySizeLimitError"?s.json({message:e.message},{status:413}):e.name==="ResponseSizeLimitError"?s.json({message:e.message},{status:500}):e.name==="MemoryUsageLimitError"?s.json({message:e.message},{status:502}):e.name==="TimeoutExceededError"?s.json({message:e.message},{status:504}):o.isDevelopMode?s.json({message:e.message},{status:500}):s.json({message:"Internal server error"},{status:500})}}export{l as handleApiRouteRequest};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import*as E from"node:http";import{AsyncLocalStorage as A}from"node:async_hooks";import{Readable as u,Stream as
|
|
2
|
-
%s`,e.message,e.stack))}const w=r.headers.origin;w&&L.some(e=>w===e)&&(t.setHeader("Access-Control-Allow-Origin",w),t.setHeader("Access-Control-Allow-Credentials","true"));for(const[e,o]of s.headers||[])try{e==="set-cookie"?t.setHeader(e,s.headers.getSetCookie(e)):t.setHeader(e,o)}catch(f){d.error(`Error while setting header: ${f?.message}`)}if(t.setHeader("Vary","Cookie"),t.statusCode=s.status||500,s.body)try{if(P(s)){const e=new
|
|
1
|
+
import*as E from"node:http";import{AsyncLocalStorage as A}from"node:async_hooks";import{Readable as u,Stream as C}from"node:stream";import{pipeline as H}from"node:stream/promises";import{ReadableStream as k}from"node:stream/web";import{getPathPrefix as S}from"@redocly/theme/core/utils";import{ALLOWED_CORS_ORIGINS as L}from"../../constants/common.js";import{logger as d}from"../tools/notifiers/logger.js";import{shutdowner as x}from"../tools/shutdowner.js";import{envConfig as I}from"../../config/env-config.js";import{getClientIp as T}from"./utils/get-client-ip.js";import{normalizeIpAddress as $}from"./utils.js";const y=new A;globalThis.redoclyCookieStorage=y;function B(n,c=4e3){return new Promise((m,p)=>{const l=E.createServer(async(r,t)=>{const v=r.headers.cookie||"";y.run(v,async()=>{let s;try{const e=new URL(r.url||"",`http://${r.headers.host}`),o=[],f=r.rawHeaders.length;for(let i=0;i<f;i+=2)o.push([r.rawHeaders[i],r.rawHeaders[i+1]]);const a={headers:o,method:r.method};r.method==="GET"||r.method==="HEAD"||(a.body=u.toWeb(r),a.duplex="half");const h=new Request(e.toString(),a),R=T(h)||"127.0.0.1",b=h?.headers?.get("x-forwarded-host")||$(r.socket.remoteAddress);h.context={remoteAddr:{hostname:b,port:r.socket.localPort,ipAddress:R},url:e},s=await n.fetch(h)}catch(e){s=new Response(null,{status:500}),e instanceof Error&&(e.name==="TimeoutError"||e.constructor.name==="TimeoutError"?s=new Response(null,{status:504}):e.code==="ERR_INVALID_URL"&&(s=new Response("Invalid URL",{status:404})),d.error(`Error while handling request: %s
|
|
2
|
+
%s`,e.message,e.stack))}const w=r.headers.origin;w&&L.some(e=>w===e)&&(t.setHeader("Access-Control-Allow-Origin",w),t.setHeader("Access-Control-Allow-Credentials","true"));for(const[e,o]of s.headers||[])try{e==="set-cookie"?t.setHeader(e,s.headers.getSetCookie(e)):t.setHeader(e,o)}catch(f){d.error(`Error while setting header: ${f?.message}`)}if(t.setHeader("Vary","Cookie"),t.statusCode=s.status||500,s.body)try{if(P(s)){const e=new C.Transform({transform(o,f,a){if(t.closed||t.destroyed)return a();t.write(o,f)?process.nextTick(a):t.once("drain",a)},flush(o){if(t.closed||t.destroyed)return o();t.end(),o()}});await H(s.body instanceof k?u.fromWeb(s.body):s.body,e)}else{const e=await s.text();t.setHeader("Content-Length",Buffer.byteLength(e)),t.end(e)}}catch(e){console.error(e);const o=e instanceof Error?e:new Error("unknown error",{cause:e});t.destroy(o)}else t.end()})});x.registerShutdownCallback(()=>new Promise(r=>{d.verbose("Shutting down http server"),l.close(()=>{d.verbose("Http server shut down"),r()})})),l.listen(parseInt(String(c),10)).on("listening",()=>{I.isDevelopMode?d.logInFooter("server",` \u{1F310} Preview URL: http://127.0.0.1:${c}${S()}`):d.logInFooter("server",`Server started at: http://127.0.0.1:${c}${S()}`),m(l)}).on("error",p)})}function P(n){const c=n.headers.get("content-type")||"",m=n.headers.get("x-accel-buffering")||"",p=n.headers.get("content-encoding"),l=n.headers.get("content-length"),r=n.headers.get("transfer-encoding");return p||r||l||/^no$/i.test(m)||!/^(text\/(?!event-stream\b))/i.test(c)}export{B as startHttpServer};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
const
|
|
1
|
+
import{envConfig as o}from"../../../config/env-config.js";const t=(r,e)=>r.secureMethods?.includes(e)??!1;function f(r={}){return async(e,n)=>{const a=e.req.method;if(!t(r,a))return await n();const i=e.req.header("apiKey");if(!i)return e.json({message:"API key is required"},401);try{if(!o.BH_API_URL)return e.json({message:"API key validation service not configured"},500);const s=new URL("api-keys-verify",o.BH_API_URL).toString();if(!(await fetch(s,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({apiKey:i})})).ok)return e.json({message:"Invalid API key"},401);await n()}catch{return e.json({message:"API key validation failed"},400)}}}export{f as apiKeyMiddleware};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{KvService as
|
|
1
|
+
import{KvService as l}from"../../persistence/kv/services/kv-service.js";import{DEFAULT_AUTHENTICATED_TEAM as y}from"../../../constants/common.js";import{envConfig as s}from"../../../config/env-config.js";import{JWT_SECRET_KEY as I}from"../../constants/common.js";import*as m from"../jwt/jwt.js";import{AlgorithmTypes as T}from"../jwt/types.js";const h=60,p=e=>["POST","PUT","DELETE","PATCH"].includes(e),f=e=>["GET"].includes(e);function K({serverOutDir:e,protectReadMethods:t=!0}){return async(r,a)=>await w(r,a,e,t)}const w=async(e,t,r,a=!0)=>{const n=e.req.method,i=p(n)||f(n)&&a,o=e.req.header("apiKey");if(o)return await g(e,t,o,r);const u=e.req.header("authorization")?.replace("Bearer ","");return u?await E(e,t,u):i?e.json({message:"API key is required"},401):await t()},g=async(e,t,r,a)=>{if(!s.BH_API_URL||!s.ORGANIZATION_ID)return e.json({message:"API key validation service not configured"},500);try{const n=await l.getInstance({baseDbDir:a});let i=await _(n,r);if(i)return e.set("apiKeyTeams",i.teams),await t();const o=new URL(`/api/orgs/${s.ORGANIZATION_ID}/session`,s.BH_API_URL).toString(),c=await fetch(o,{method:"GET",headers:{Authorization:`Bearer ${r}`}});if(!c.ok)return e.json({message:"Invalid API key"},401);const A=(await c.json())?.user?.teams?.[s.ORGANIZATION_ID]??[],d=[y,...A];return e.set("apiKeyTeams",d),await n.set(["api-keys","reunite",r],{valid:!0,teams:d},{ttlInSeconds:h}),await t()}catch{return e.json({message:"API key validation failed"},400)}},E=async(e,t,r)=>{try{const a=await m.verify(r,I,T.HS256),n=m.decode(r).payload.isInternalConnection;return!a||!n?e.json({message:"API key is required"},401):await t()}catch{return e.json({message:"API key validation failed"},400)}},_=async(e,t)=>{try{return await e.get(["api-keys","reunite",t])}catch{return null}};export{K as catalogAuthMiddleware};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{cors as o}from"hono/cors";function
|
|
1
|
+
import{cors as o}from"hono/cors";import{envConfig as r}from"../../../config/env-config.js";function n(e){return r.PROJECT_URL?o({origin:r.PROJECT_URL,allowMethods:e.allowMethods}):o()}export{n as corsMiddleware};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{pathToFileURL as
|
|
1
|
+
import{pathToFileURL as l}from"url";import{isDefined as m}from"../../../../utils/guards/is-defined.js";import{slash as s}from"../../../../utils/path/slash.js";import{envConfig as o}from"../../../../config/env-config.js";import{compose as w}from"./hono-compose.js";function D(i){return async(e,a)=>{await i.waitForPluginsLifecycle();const n=await f(i.serverOutDir),d=(await Promise.all(i.getAllMiddleware().map(({id:t})=>n[t]).map(async t=>typeof t=="function"?(await t()).default:void 0))).filter(m),r=await w(d)(e,a,i);if(!r.finalized)throw new Error("Context is not finalized. Did you forget to return a Response object or `await next()`?");return r.res}}async function f(i){try{let e;return o.isRuntimeMode?e=await import("@portal/middleware"):e=await import(l(`${s(i)}/middleware-entry.js`)+"?"+new Date),e.middleware}catch(e){if(o.isDevelopMode)return{};throw e}}export{D as dynamicMiddleware};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{
|
|
1
|
+
import{envConfig as o}from"../../../config/env-config.js";import{shutdowner as r}from"../../tools/shutdowner.js";import{logger as n}from"../../tools/notifiers/logger.js";let t=null;const e=o.WEB_SERVER_IDLE_TIMEOUT;function m(){if(e){if(isNaN(+e))throw new Error(`IDLE_TIMEOUT must be a number, got ${e}`);t&&clearTimeout(t),t=setTimeout(()=>{n.info("Server is idle, stopping..."),r.exitWithCode(0)},+e)}}function T(){return async(u,i)=>{m(),await i()}}export{T as idleTimeoutMiddleware,m as startIdleTimeout};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{setCookie as R,deleteCookie as q}from"hono/cookie";import{AuthProviderType as X}from"@redocly/config";import{withPathPrefix as L,getPathPrefix as C}from"@redocly/theme/core/utils";import{compareURIs as W}from"../../../utils/url/compare-uris.js";import{ensureArray as b}from"../../../utils/array/ensure-array.js";import{ALTERNATIVE_AUD_CLAIM_NAME as F,JWT_SECRET_KEY as $,ORG_SLUG as Y,ORG_ID as Q}from"../../constants/common.js";import{DEFAULT_COOKIE_EXPIRATION as B,ServerRoutes as S}from"../../../constants/common.js";import{sanitizeRedirectPathname as z}from"../../../utils/url/sanitize-redirect-pathname.js";import{telemetry as M}from"../../telemetry/index.js";import{getAuthProviderLoginParams as Z,isOidcProviderConfig as U,isSaml2ProviderConfig as x,oidcExchangeCodeForToken as ee,buildLoginUrl as re,decodeSamlResponse as oe,extractUserClaims as ne,parseSamlResponse as te,parseOidcState as ie,verifySAMLResponse as se,getUsernameFromPayload as ae,buildOidcLogoutUrl as de,getOidcMetadata as H,getRedoclyTokenPayload as ce,isRedoclySso as le,rewritePreviewAuthRedirectUri as ue,parsePreviewBranch as N,buildOidcLoginUrl as pe,createMcpSessionResource as k}from"../auth.js";import*as P from"../jwt/jwt.js";import{AlgorithmTypes as v}from"../jwt/types.js";import{handleErrorPageRender as ge}from"../utils.js";import{encodeBase64URL as fe}from"../jwt/encode.js";async function Oe(i){if(process.env.NODE_ENV==="production")return i.newResponse(null,404,{});const{password:e,...r}=await i.req.json(),a=await P.sign({...r,name:r.username||r.email||"Unknown"},$,v.HS256);return R(i,"authorization",a,{path:C()||"/",httpOnly:!0,secure:!0,sameSite:"none"}),i.newResponse(null,200,{})}function Pe(){return async i=>{const e=i.get("logger"),r=encodeURIComponent(i.req.query("message")||"");e.error(`Login error: ${r}`);const a=`${S.LOGIN}/?error=${encodeURIComponent(r)}`;return i.newResponse(null,301,{Location:a})}}function j(i){if(!i||!i.includes(S.MCP_CALLBACK))return null;try{const e=i.split("/"),r=e[e.length-1];if(r){const a=Buffer.from(r,"base64url").toString("utf-8");return JSON.parse(a).mcpSessionId||null}}catch{}return null}function ve(i){return async e=>{const r=e.get("logger"),a=i.getConfig().ssoDirect,n=ie(e.req.query("state")),f=n.idpId,t=n.source==="mcp"||n.redirectTo&&typeof n.redirectTo=="string"&&n.redirectTo.includes(S.MCP_CALLBACK),c=t?j(typeof n.redirectTo=="string"?n.redirectTo:void 0):null,s=a?.[f];if(!U(s))return r.error("OIDC login error: missing OIDC provider config"),e.text("Forbidden",403);const d=await H(f,s);if(a&&!d.token_endpoint){const p="Invalid OIDC configuration: token_endpoint is required";return r.error(`OIDC login error: ${p}`),e.text(p,500)}try{const p=d.token_endpoint,l=e.req.query("code"),m=e.req.query("error");if(m)return t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:`OIDC error: ${m}`,error_details:e.req.query("error_description")||null}]),ge(e,i,{slug:"/"},403,"403OIDC");if(!l){const h="Code is expected but not present";return r.error(`OIDC login error: ${h}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:h,error_details:null}]),new Response(`Forbidden: ${h}`,{status:403})}const w=e.req.header("x-forwarded-host"),g=e.req.header("x-forwarded-proto")||"https",A=t&&typeof n.redirectUri=="string"?n.redirectUri:new URL(L(S.OIDC_CALLBACK),w?`${g}://${w}`:e.req.url).toString(),_=e.get("cookies")?.code_verifier,u=await ee(p,l,A,s,{...s.tokenRequestCustomParams,..._?{code_verifier:_}:{}});if(u.error)return r.error(`Error from OIDC provider: "${u.error}"`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:`Token exchange error: ${u.error}`,error_details:u.error_description||null}]),e.text(`Forbidden: ${u.error_description||u.error}`,403);if(!u?.id_token){const h="No id_token, please, add openid to scopes";return r.error(`OIDC login error: ${h}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:h,error_details:null}]),new Response(`Forbidden: ${h}`,{status:403})}const{payload:o,header:T}=P.decode(u.id_token),K=T.alg===v.RS256;if(s.audience?.length&&![...b(o.aud||[]),...b(o[F]||[])].some(I=>s.audience?.includes(I))){const I="No valid audience found in id_token";return r.error(`OIDC login error: ${I}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:I,error_details:null}]),new Response(`Forbidden: ${I}`)}const E=K?u.id_token:await P.sign({...o,idpId:f},$,v.HS256);ae(o)||r.warn("To display your username, the required 'email' or 'full_profile' scope must be added to the identity provider configuration");const D=s?.tokenExpirationTime?Date.now()+s.tokenExpirationTime*1e3:o.exp*1e3||Date.now()+B*1e3;if(s.introspectEndpoint){const h=await fetch(s.introspectEndpoint,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({access_token:u.access_token})});if(h.ok){const O=(await h.json()).ext?.federatedIdentity;O&&(R(e,"federated_access_token",O.access_token||"",{path:C()||"/",httpOnly:!1,expires:new Date(D)}),R(e,"federated_id_token",O.id_token||"",{path:C()||"/",httpOnly:!1,expires:new Date(D)}))}else r.warn(`OIDC introspect error: ${h.statusText}`)}if(R(e,"authorization",E,{path:C()||"/",httpOnly:!0,expires:new Date(D)}),E!==u.id_token&&R(e,"idp_id_token",u.id_token||"",{path:C()||"/",httpOnly:!0,expires:new Date(D)}),R(e,"idp_access_token",u.access_token||"",{path:C()||"/",httpOnly:!0,expires:new Date(D)}),q(e,"code_verifier",{path:C()||"/"}),t&&n.redirectTo&&typeof n.redirectTo=="string"&&n.redirectTo.includes(S.MCP_CALLBACK)){const h=e.req.url.split("?")[0].replace(S.OIDC_CALLBACK,""),I=L(n.redirectTo),O=`${h}${I}`;return e.newResponse(null,302,{Location:O})}const J=typeof n.redirectTo=="string"?n.redirectTo:void 0;let V=z(new URL(J||"/",e.req.url).pathname);const G=e.newResponse(null,302,{Location:V});return r.updateContext({email:o.email,subject:o.sub}),r.info("OIDC login successful"),G}catch(p){const l=p instanceof Error?p.message:String(p),m=p instanceof Error?p.stack:String(p);if(r.error(`OIDC login error: ${l}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:l,error_details:m}]),p.error==="access_denied")return r.info("Access denied"),e.text("Forbidden",403)}const y="Something went wrong";return r.error(`OIDC login error: ${y}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:y,error_details:null}]),e.text(y,500)}}function $e(i){return async e=>{const r=e.get("logger"),n=e.get("auth").claims?.idpId,t=i.getConfig().ssoDirect?.[n];if(e.req.method==="POST")return U(t)||q(e,"authorization",{path:C()||"/"}),r.info("Logout successful"),e.newResponse(null,200,{});let c;if(U(t)){const s=(await H(n,t)).end_session_endpoint;if(s){const d=new URL(e.req.url),y=e.req.header("x-forwarded-proto")||d.protocol.slice(0,-1)||"https",p=e.req.header("x-forwarded-host")||d.host,l=`${y}://${p}`,m=N(l),w=m?fe(JSON.stringify({branch:N(l)})):void 0,g=m?`${ue(l)}/_auth/logout`:`${l}/post-logout`;c=de(s,g,e.get("cookies")?.idp_id_token||e.get("cookies")?.authorization||"",w)}}return r.info("Logout successful"),q(e,"authorization",{path:C()||"/"}),e.newResponse(null,302,{Location:c||L("/")})}}function Ue(i){return async e=>{const r=i.getConfig().logoutReturnUrl,a=r||L("/");return e.newResponse(null,302,{Location:a})}}function Te(i){return async e=>{const r=e.get("logger"),a=e.req.param("code"),n=process.env.BH_API_URL,f=(t,c,s)=>t&&c?`${t} ${c.charAt(0)}`:s;try{if(!n)throw new Error("BH_API_URL is not set");const t=i.getConfig().ssoDirect;if(!t||!Object.keys(t).length)return r.warn("Invite no sso configured to handle"),e.redirect(L("/"));const c=await fetch(`${n}/user-invites/public/${a}`);if(!c.ok)return c.status===404?(r.warn(`Invite ${a} not found redirect to homepage`),e.redirect(L("/"))):(r.error("Invite error",await c.text()),e.redirect(L("/")));const s=await c.json(),d=new URL(L("/invite"),e.req.url);return d.searchParams.set("code",a),d.searchParams.set("org",s.organization.name),d.searchParams.set("invitedBy",f(s.invitedBy.firstName,s.invitedBy.lastName,s.invitedBy.name)),e.newResponse(null,302,{Location:d.toString()})}catch(t){return r.error("Error processing invite",{error:t,inviteCode:a}),e.text(t.message||"Failed to process invite",400)}}}function qe(i){return async e=>{const r=e.get("logger"),a=i.getConfig().ssoDirect,n=new URL(e.req.url),f=e.req.query("inviteCode"),t=e.req.header("x-forwarded-proto")||n.protocol.slice(0,-1)||"https",c=e.req.header("x-forwarded-host")||n.host,s=`${t}://${c}`;let d=n.searchParams.get("idpId");const y=n.searchParams.get("redirectTo"),p=Object.keys(a||{})[0];d=d||p;const l=n.searchParams.get("mcp_redirect_uri"),m=!!l;if(!a?.[d]){const o="Invalid idpId";if(r.error(`IdP login error: ${o}`),m){const T=j(y||void 0);M.sendMcpAuthorizationFailedMessage([{...k(T),error:o,error_details:null}])}return e.text(`Forbidden: ${o}`,403)}const g=d&&a?await Z(d,a[d]):void 0,A={};for(const o of Object.keys(g?.extraParams||{}))A[o]=n.searchParams.get(o)||g?.extraParams?.[o]||void 0;let _,u={};if(m&&l&&g&&g.type===X.OIDC){r.info(`Building MCP OAuth login URL with redirect_uri: ${l}`);const o=pe("",{...g,extraParams:A},y,f,{redirectUriOverride:l,sourceOverride:"mcp",branchOverride:void 0});_=o.loginUrl,u=o.cookies||{}}else if(g){const o=re({...g,extraParams:A},s,y,f);_=o.loginUrl,u=o.cookies||{}}return Object.keys(u).forEach(o=>{R(e,o,u[o].value,u[o].options)}),r.info(`IdP login initiated for ID '${d}'`),e.newResponse(null,302,{Location:_||new URL(e.req.url).pathname})}}function be(i){return async e=>{const r=e.get("logger"),a=await e.req.formData(),n=a.get("SAMLResponse"),f=a.get("RelayState");if(typeof n!="string"||typeof f!="string"){const o="SAMLResponse is required";return r.error(`SAML2 login error: ${o}`),e.text(`Bad request: ${o}`,400)}const t=oe(n),{success:c,uid:s,nameFormat:d,attrs:y,issuerId:p,expiresAt:l}=te(t),{idpId:m,redirectTo:w}=JSON.parse(f);if(!c){const o="SAML2 assertion is not successful";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!l||Math.ceil(Date.now()/1e3)>=l){const o="SAML2 Token Expired";return r.error(`SAML2 login error: ${o}`),e.text(o,401)}const g=i.getConfig().ssoDirect?.[m];if(!g||!x(g)){const o="Cannot find valid IdP";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!(g.issuerId&&p&&W(g.issuerId,p))){const o="IssuerID is misconfigured or untrusted assertions issuer received";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!await se(t,g.x509PublicCert)){const o="SAMLResponse signature invalid";return r.error(`SAML2 login error: ${o}`),e.text(o,401)}const _=ne(s,d,y,g.teamsAttributeName);if(!_.sub){const o="The provider did not return a valid user identity.";return r.error(`SAML2 login error: ${o}`),e.text(o,400)}if(!_.email){const o="The provider did not return a valid user email.";return r.error(`SAML2 login error: ${o}`),e.text(o,400)}const u=await P.sign({..._,idpId:m},$,v.HS256);return R(e,"authorization",u,{path:C()||"/",httpOnly:!0,expires:new Date(l*1e3)}),r.updateContext({email:_.email,subject:_.sub}),r.info("SAML2 login successful"),e.newResponse(null,302,{Location:w||"/"})}}function Ee(i){return async e=>{const r=e.get("logger"),a=new URL(e.req.query("redirectTo")||"/",e.req.url),n=L(z(a.pathname)),f=i.getConfig().ssoDirect,t=Object.entries(f||{}).find(([,w])=>U(w)&&le(w));if(!(f&&t))return e.newResponse(null,302,{Location:n});const s=e.req.query("token"),d=s&&await ce(s);if(!d)return e.newResponse(null,302,{Location:n});if(!b(d[F]||[]).some(w=>w===Y||w===Q))return e.newResponse(null,302,{Location:n});const l=await P.sign({...d,idpId:t?.at(0)},$,v.HS256),m=Date.now()+B*1e3;return R(e,"authorization",l,{path:C()||"/",httpOnly:!0,expires:new Date(m),sameSite:"None",secure:!0}),r.info("Token login successful"),e.newResponse(null,302,{Location:n})}}export{Oe as authorizeHandler,qe as idpLoginHandler,Te as inviteHandler,$e as logoutHandler,ve as oidcCallbackHandler,Ue as postLogoutHandler,Pe as redoclyLoginCallbackHandler,Ee as redoclyTokenLoginHandler,be as samlCallbackHandler};
|
|
1
|
+
import{setCookie as _,deleteCookie as q}from"hono/cookie";import{AuthProviderType as W}from"@redocly/config";import{withPathPrefix as I,getPathPrefix as R}from"@redocly/theme/core/utils";import{compareURIs as Y}from"../../../utils/url/compare-uris.js";import{ensureArray as b}from"../../../utils/array/ensure-array.js";import{ALTERNATIVE_AUD_CLAIM_NAME as F,JWT_SECRET_KEY as v,ORG_SLUG as Q,ORG_ID as Z}from"../../constants/common.js";import{DEFAULT_COOKIE_EXPIRATION as B,ServerRoutes as S}from"../../../constants/common.js";import{sanitizeRedirectPathname as z}from"../../../utils/url/sanitize-redirect-pathname.js";import{telemetry as M}from"../../telemetry/index.js";import{envConfig as H}from"../../../config/env-config.js";import{getAuthProviderLoginParams as x,isOidcProviderConfig as $,isSaml2ProviderConfig as ee,oidcExchangeCodeForToken as re,buildLoginUrl as oe,decodeSamlResponse as ne,extractUserClaims as te,parseSamlResponse as ie,parseOidcState as se,verifySAMLResponse as ae,getUsernameFromPayload as de,buildOidcLogoutUrl as ce,getOidcMetadata as j,getRedoclyTokenPayload as le,isRedoclySso as ue,rewritePreviewAuthRedirectUri as pe,parsePreviewBranch as N,buildOidcLoginUrl as ge,createMcpSessionResource as k}from"../auth.js";import*as O from"../jwt/jwt.js";import{AlgorithmTypes as P}from"../jwt/types.js";import{handleErrorPageRender as fe}from"../utils.js";import{encodeBase64URL as me}from"../jwt/encode.js";async function ve(i){if(H.isProductionEnv)return i.newResponse(null,404,{});const{password:e,...r}=await i.req.json(),a=await O.sign({...r,name:r.username||r.email||"Unknown"},v,P.HS256);return _(i,"authorization",a,{path:R()||"/",httpOnly:!0,secure:!0,sameSite:"none"}),i.newResponse(null,200,{})}function $e(){return async i=>{const e=i.get("logger"),r=encodeURIComponent(i.req.query("message")||"");e.error(`Login error: ${r}`);const a=`${S.LOGIN}/?error=${encodeURIComponent(r)}`;return i.newResponse(null,301,{Location:a})}}function K(i){if(!i||!i.includes(S.MCP_CALLBACK))return null;try{const e=i.split("/"),r=e[e.length-1];if(r){const a=Buffer.from(r,"base64url").toString("utf-8");return JSON.parse(a).mcpSessionId||null}}catch{}return null}function Ue(i){return async e=>{const r=e.get("logger"),a=i.getConfig().ssoDirect,n=se(e.req.query("state")),f=n.idpId,t=n.source==="mcp"||n.redirectTo&&typeof n.redirectTo=="string"&&n.redirectTo.includes(S.MCP_CALLBACK),c=t?K(typeof n.redirectTo=="string"?n.redirectTo:void 0):null,s=a?.[f];if(!$(s))return r.error("OIDC login error: missing OIDC provider config"),e.text("Forbidden",403);const d=await j(f,s);if(a&&!d.token_endpoint){const p="Invalid OIDC configuration: token_endpoint is required";return r.error(`OIDC login error: ${p}`),e.text(p,500)}try{const p=d.token_endpoint,l=e.req.query("code"),m=e.req.query("error");if(m)return t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:`OIDC error: ${m}`,error_details:e.req.query("error_description")||null}]),fe(e,i,{slug:"/"},403,"403OIDC");if(!l){const w="Code is expected but not present";return r.error(`OIDC login error: ${w}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:w,error_details:null}]),new Response(`Forbidden: ${w}`,{status:403})}const h=e.req.header("x-forwarded-host"),g=e.req.header("x-forwarded-proto")||"https",A=t&&typeof n.redirectUri=="string"?n.redirectUri:new URL(I(S.OIDC_CALLBACK),h?`${g}://${h}`:e.req.url).toString(),C=e.get("cookies")?.code_verifier,u=await re(p,l,A,s,{...s.tokenRequestCustomParams,...C?{code_verifier:C}:{}});if(u.error)return r.error(`Error from OIDC provider: "${u.error}"`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:`Token exchange error: ${u.error}`,error_details:u.error_description||null}]),e.text(`Forbidden: ${u.error_description||u.error}`,403);if(!u?.id_token){const w="No id_token, please, add openid to scopes";return r.error(`OIDC login error: ${w}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:w,error_details:null}]),new Response(`Forbidden: ${w}`,{status:403})}const{payload:o,header:U}=O.decode(u.id_token),J=U.alg===P.RS256;if(s.audience?.length&&![...b(o.aud||[]),...b(o[F]||[])].some(L=>s.audience?.includes(L))){const L="No valid audience found in id_token";return r.error(`OIDC login error: ${L}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:L,error_details:null}]),new Response(`Forbidden: ${L}`)}const E=J?u.id_token:await O.sign({...o,idpId:f},v,P.HS256);de(o)||r.warn("To display your username, the required 'email' or 'full_profile' scope must be added to the identity provider configuration");const D=s?.tokenExpirationTime?Date.now()+s.tokenExpirationTime*1e3:o.exp*1e3||Date.now()+B*1e3;if(s.introspectEndpoint){const w=await fetch(s.introspectEndpoint,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({access_token:u.access_token})});if(w.ok){const T=(await w.json()).ext?.federatedIdentity;T&&(_(e,"federated_access_token",T.access_token||"",{path:R()||"/",httpOnly:!1,expires:new Date(D)}),_(e,"federated_id_token",T.id_token||"",{path:R()||"/",httpOnly:!1,expires:new Date(D)}))}else r.warn(`OIDC introspect error: ${w.statusText}`)}if(_(e,"authorization",E,{path:R()||"/",httpOnly:!0,expires:new Date(D)}),E!==u.id_token&&_(e,"idp_id_token",u.id_token||"",{path:R()||"/",httpOnly:!0,expires:new Date(D)}),_(e,"idp_access_token",u.access_token||"",{path:R()||"/",httpOnly:!0,expires:new Date(D)}),q(e,"code_verifier",{path:R()||"/"}),t&&n.redirectTo&&typeof n.redirectTo=="string"&&n.redirectTo.includes(S.MCP_CALLBACK)){const L=`${e.req.url.split("?")[0].replace(S.OIDC_CALLBACK,"")}${n.redirectTo}`;return e.newResponse(null,302,{Location:L})}const G=typeof n.redirectTo=="string"?n.redirectTo:void 0;let V=z(new URL(G||"/",e.req.url).pathname);const X=e.newResponse(null,302,{Location:V});return r.updateContext({email:o.email,subject:o.sub}),r.info("OIDC login successful"),X}catch(p){const l=p instanceof Error?p.message:String(p),m=p instanceof Error?p.stack:String(p);if(r.error(`OIDC login error: ${l}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:l,error_details:m}]),p.error==="access_denied")return r.info("Access denied"),e.text("Forbidden",403)}const y="Something went wrong";return r.error(`OIDC login error: ${y}`),t&&M.sendMcpAuthorizationFailedMessage([{...k(c),error:y,error_details:null}]),e.text(y,500)}}function Te(i){return async e=>{const r=e.get("logger"),n=e.get("auth").claims?.idpId,t=i.getConfig().ssoDirect?.[n];if(e.req.method==="POST")return $(t)||q(e,"authorization",{path:R()||"/"}),r.info("Logout successful"),e.newResponse(null,200,{});let c;if($(t)){const s=(await j(n,t)).end_session_endpoint;if(s){const d=new URL(e.req.url),y=e.req.header("x-forwarded-proto")||d.protocol.slice(0,-1)||"https",p=e.req.header("x-forwarded-host")||d.host,l=`${y}://${p}`,m=N(l),h=m?me(JSON.stringify({branch:N(l)})):void 0,g=m?`${pe(l)}/_auth/logout`:`${l}/post-logout`;c=ce(s,g,e.get("cookies")?.idp_id_token||e.get("cookies")?.authorization||"",h)}}return r.info("Logout successful"),q(e,"authorization",{path:R()||"/"}),e.newResponse(null,302,{Location:c||I("/")})}}function qe(i){return async e=>{const r=i.getConfig().logoutReturnUrl,a=r||I("/");return e.newResponse(null,302,{Location:a})}}function be(i){return async e=>{const r=e.get("logger"),a=e.req.param("code"),n=H.BH_API_URL,f=(t,c,s)=>t&&c?`${t} ${c.charAt(0)}`:s;try{if(!n)throw new Error("BH_API_URL is not set");const t=i.getConfig().ssoDirect;if(!t||!Object.keys(t).length)return r.warn("Invite no sso configured to handle"),e.redirect(I("/"));const c=await fetch(`${n}/user-invites/public/${a}`);if(!c.ok)return c.status===404?(r.warn(`Invite ${a} not found redirect to homepage`),e.redirect(I("/"))):(r.error("Invite error",await c.text()),e.redirect(I("/")));const s=await c.json(),d=new URL(I("/invite"),e.req.url);return d.searchParams.set("code",a),d.searchParams.set("org",s.organization.name),d.searchParams.set("invitedBy",f(s.invitedBy.firstName,s.invitedBy.lastName,s.invitedBy.name)),e.newResponse(null,302,{Location:d.toString()})}catch(t){return r.error("Error processing invite",{error:t,inviteCode:a}),e.text(t.message||"Failed to process invite",400)}}}function Ee(i){return async e=>{const r=e.get("logger"),a=i.getConfig().ssoDirect,n=new URL(e.req.url),f=e.req.query("inviteCode"),t=e.req.header("x-forwarded-proto")||n.protocol.slice(0,-1)||"https",c=e.req.header("x-forwarded-host")||n.host,s=`${t}://${c}`;let d=n.searchParams.get("idpId");const y=n.searchParams.get("redirectTo"),p=Object.keys(a||{})[0];d=d||p;const l=n.searchParams.get("mcp_redirect_uri"),m=!!l;if(!a?.[d]){const o="Invalid idpId";if(r.error(`IdP login error: ${o}`),m){const U=K(y||void 0);M.sendMcpAuthorizationFailedMessage([{...k(U),error:o,error_details:null}])}return e.text(`Forbidden: ${o}`,403)}const g=d&&a?await x(d,a[d]):void 0,A={};for(const o of Object.keys(g?.extraParams||{}))A[o]=n.searchParams.get(o)||g?.extraParams?.[o]||void 0;let C,u={};if(m&&l&&g&&g.type===W.OIDC){r.info(`Building MCP OAuth login URL with redirect_uri: ${l}`);const o=ge("",{...g,extraParams:A},y,f,{redirectUriOverride:l,sourceOverride:"mcp",branchOverride:void 0});C=o.loginUrl,u=o.cookies||{}}else if(g){const o=oe({...g,extraParams:A},s,y,f);C=o.loginUrl,u=o.cookies||{}}return Object.keys(u).forEach(o=>{_(e,o,u[o].value,u[o].options)}),r.info(`IdP login initiated for ID '${d}'`),e.newResponse(null,302,{Location:C||new URL(e.req.url).pathname})}}function Fe(i){return async e=>{const r=e.get("logger"),a=await e.req.formData(),n=a.get("SAMLResponse"),f=a.get("RelayState");if(typeof n!="string"||typeof f!="string"){const o="SAMLResponse is required";return r.error(`SAML2 login error: ${o}`),e.text(`Bad request: ${o}`,400)}const t=ne(n),{success:c,uid:s,nameFormat:d,attrs:y,issuerId:p,expiresAt:l}=ie(t),{idpId:m,redirectTo:h}=JSON.parse(f);if(!c){const o="SAML2 assertion is not successful";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!l||Math.ceil(Date.now()/1e3)>=l){const o="SAML2 Token Expired";return r.error(`SAML2 login error: ${o}`),e.text(o,401)}const g=i.getConfig().ssoDirect?.[m];if(!g||!ee(g)){const o="Cannot find valid IdP";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!(g.issuerId&&p&&Y(g.issuerId,p))){const o="IssuerID is misconfigured or untrusted assertions issuer received";return r.error(`SAML2 login error: ${o}`),e.text(`Permission denied: ${o}`,401)}if(!await ae(t,g.x509PublicCert)){const o="SAMLResponse signature invalid";return r.error(`SAML2 login error: ${o}`),e.text(o,401)}const C=te(s,d,y,g.teamsAttributeName);if(!C.sub){const o="The provider did not return a valid user identity.";return r.error(`SAML2 login error: ${o}`),e.text(o,400)}if(!C.email){const o="The provider did not return a valid user email.";return r.error(`SAML2 login error: ${o}`),e.text(o,400)}const u=await O.sign({...C,idpId:m},v,P.HS256);return _(e,"authorization",u,{path:R()||"/",httpOnly:!0,expires:new Date(l*1e3)}),r.updateContext({email:C.email,subject:C.sub}),r.info("SAML2 login successful"),e.newResponse(null,302,{Location:h||"/"})}}function Be(i){return async e=>{const r=e.get("logger"),a=new URL(e.req.query("redirectTo")||"/",e.req.url),n=I(z(a.pathname)),f=i.getConfig().ssoDirect,t=Object.entries(f||{}).find(([,h])=>$(h)&&ue(h));if(!(f&&t))return e.newResponse(null,302,{Location:n});const s=e.req.query("token"),d=s&&await le(s);if(!d)return e.newResponse(null,302,{Location:n});if(!b(d[F]||[]).some(h=>h===Q||h===Z))return e.newResponse(null,302,{Location:n});const l=await O.sign({...d,idpId:t?.at(0)},v,P.HS256),m=Date.now()+B*1e3;return _(e,"authorization",l,{path:R()||"/",httpOnly:!0,expires:new Date(m),sameSite:"None",secure:!0}),r.info("Token login successful"),e.newResponse(null,302,{Location:n})}}export{ve as authorizeHandler,Ee as idpLoginHandler,be as inviteHandler,Te as logoutHandler,Ue as oidcCallbackHandler,qe as postLogoutHandler,$e as redoclyLoginCallbackHandler,Be as redoclyTokenLoginHandler,Fe as samlCallbackHandler};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{telemetryTraceStep as l}from"../../../telemetry/helpers/trace-step.js";import{CATALOG_ENTITY_RELATION_ID as
|
|
1
|
+
import{telemetryTraceStep as l}from"../../../telemetry/helpers/trace-step.js";import{CATALOG_ENTITY_RELATION_ID as y}from"../../../../constants/common.js";import{CATALOG_FILTERS_CACHE_NAMESPACE as m,ALLOWED_CATALOG_QUERY_PARAMS as E}from"../../../constants/plugins/catalog-entities.js";import{allowlistObject as c}from"../../../../utils/object/allowlist-object.js";import{CatalogEntitiesService as f}from"../../../plugins/catalog-entities/database/catalog-entities-service.js";import{createPaginationParamsValidator as R}from"../../../providers/database/pagination/schemas.js";import{ENTITY_RELATION_TO_DATABASE as w}from"../../../plugins/catalog-entities/database/mappers/field-transformations.js";import{CacheService as A}from"../../../persistence/cache/services/cache-service.js";import{parseEntityRelation as _}from"./parsers/relations/parse-entity-relation.js";import{parseEntitiesRelations as j}from"./parsers/relations/parse-entities-relations.js";import{parseEntityRelationUpdateData as b}from"./parsers/relations/parse-entity-relation-update-data.js";const h=["id","organizationId","projectId","sourceKey","targetKey","type","createdAt","updatedAt"],g=async o=>{await(await A.getInstance({baseDbDir:o})).deleteByNamespace(m)},p=async({catalogEntitiesService:o,ctx:e})=>l("catalog_entities.relations.get_entity_relation",async n=>{const t=e.req.param(y);if(!t)return n?.error(new Error("Entity relation id is required")),e.json({message:"Entity relation id is required"},400);n?.setAttribute("pathParams",JSON.stringify({entityRelationId:t}));const i=await o.getEntityRelationById(t);return i?(n?.setAttribute("entityRelation",JSON.stringify(i)),e.json(i)):(n?.error(new Error("Entity relation not found")),e.json({message:"Entity relation not found"},404))}),O=async({catalogEntitiesService:o,ctx:e})=>l("catalog_entities.relations.get_entities_relations",async n=>{try{const t=e.req.query();n?.setAttribute("queryParams",JSON.stringify(c(t,E)));const i=R(h,w).parse(t),r=await o.getEntitiesRelations(i);return n?.setAttribute("entitiesRelationsCount",r.items.length),e.json(r)}catch(t){return console.error(t),n?.error(new Error("Failed to get entities relations")),e.json({message:"Failed to get entities relations"},500)}}),q=async({catalogEntitiesService:o,ctx:e,serverOutDir:n})=>l("catalog_entities.relations.create_entity_relation",async t=>{const i=e.get("logger");try{const r=await e.req.json();t?.setAttribute("requestBody",JSON.stringify(r));const a=_(r),s=await o.createEntityRelation(a);return s?(g(n),t?.setAttribute("entityRelation",JSON.stringify(s)),e.json(s)):(t?.error(new Error("Failed to create entity relation")),e.json({message:"Failed to create entity relation"},500))}catch(r){return i.error(r),r instanceof Error&&r.message.includes("validation failed")?(t?.error(new Error(r.message)),e.json({message:r.message},400)):(t?.error(r),e.json({message:"Failed to create entity relation"},500))}}),T=async({catalogEntitiesService:o,ctx:e,serverOutDir:n})=>l("catalog_entities.relations.bulk_upsert_entities_relations",async t=>{const i=e.get("logger");try{const r=await e.req.json();t?.setAttribute("requestBody",JSON.stringify(r));const a=j(r),s=await o.createEntitiesRelations(a);if(!s.length)return t?.error(new Error("Failed to create entity relations")),e.json({message:"Failed to create entity relations"},500);g(n);const u=s.filter(d=>d.status==="ok");return t?.setAttribute("totalSuccess",u.length),t?.setAttribute("totalFailed",s.length-u.length),e.json(s,207)}catch(r){return i.error(r),r instanceof Error&&r.message.includes("validation failed")?(t?.error(new Error(r.message)),e.json({message:r.message},400)):(t?.error(r),e.json({message:"Failed to create entity relations"},500))}}),N=async({catalogEntitiesService:o,ctx:e,serverOutDir:n})=>l("catalog_entities.relations.update_entity_relation",async t=>{const i=e.get("logger"),r=e.req.param(y);if(!r)return t?.error(new Error("Entity relation id is required")),e.json({message:"Entity relation id is required"},400);t?.setAttribute("pathParams",JSON.stringify({entityRelationId:r}));try{const a=await e.req.json();t?.setAttribute("requestBody",JSON.stringify(a));const s=await o.getEntityRelationById(r);if(!s)return t?.error(new Error(`Entity relation with id: ${r} not found`)),e.json({message:`Entity relation with id: ${r} not found`},404);const u=b(a),d=await o.updateEntityRelation(u,s);return d?(g(n),t?.setAttribute("entityRelation",JSON.stringify(d)),e.json(d)):(t?.error(new Error("Failed to update entity relation")),e.json({message:"Failed to update entity relation"},500))}catch(a){return i.error(a),a instanceof Error&&a.message.includes("validation failed")?(t?.error(new Error(a.message)),e.json({message:a.message},400)):(t?.error(a),e.json({message:a.message},500))}}),I=async({catalogEntitiesService:o,ctx:e,serverOutDir:n})=>l("catalog_entities.relations.delete_entity_relation",async t=>{const i=e.req.param(y);return i?(t?.setAttribute("pathParams",JSON.stringify({entityRelationId:i})),await o.deleteEntityRelation(i),g(n),new Response(null,{status:204})):(t?.error(new Error("Entity relation id is required")),e.json({message:"Entity relation id is required"},400))}),D={GET:O,POST:q,PUT:T},F={GET:p,DELETE:I,PATCH:N};function Y(o){return async e=>l("catalog_entities.relations",async n=>{n?.setAttribute("method",e.req.method);const t=await f.getInstance({baseDbDir:o.serverOutDir}),i=e.req.method,r=e.req.param(y)?F:D;return r[i]?await r[i]({catalogEntitiesService:t,ctx:e,serverOutDir:o.serverOutDir}):(n?.error(new Error("Method not allowed")),e.json({message:"Method not allowed"},405))})}export{Y as catalogRelationsHandler};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{getCompleteCatalogConfig as w}from"../../../plugins/catalog-entities/get-complete-catalog-config.js";import{
|
|
1
|
+
import{getCompleteCatalogConfig as w}from"../../../plugins/catalog-entities/get-complete-catalog-config.js";import{telemetryTraceStep as m}from"../../../telemetry/helpers/trace-step.js";import{CATALOG_FILTERS_CACHE_NAMESPACE as h,ALLOWED_CATALOG_QUERY_PARAMS as T}from"../../../constants/plugins/catalog-entities.js";import{CATALOG_ENTITY_ID as E}from"../../../../constants/common.js";import{allowlistObject as b}from"../../../../utils/object/allowlist-object.js";import{isValidIsoDate as j}from"../../../utils/is-valid-iso-date.js";import{CatalogEntitiesService as _}from"../../../plugins/catalog-entities/database/catalog-entities-service.js";import{createPaginationParamsValidator as q}from"../../../providers/database/pagination/schemas.js";import{createEntityRelationDtoFromFileSchema as O}from"../../../plugins/catalog-entities/database/mappers/create-entity-relation-dto-from-file-schema.js";import{CacheService as R}from"../../../persistence/cache/services/cache-service.js";import{hasAccessToEntity as f}from"./helpers/has-access-to-entity.js";import{getRbacRestrictionsDataForCatalog as p}from"../helpers/get-rbac-restrictions-data-for-catalog.js";import{mapEntityReadModelSchemaToEntityReadDto as g}from"./mappers/map-entity-read-model-schema-to-entity-read-dto.js";import{parseEntity as v}from"./parsers/entities/parse-entity.js";import{parseEntityUpdateData as C}from"./parsers/entities/parse-entity-update-data.js";import{parseEntities as F}from"./parsers/entities/parse-entities.js";const D=["type","key","title","summary","tags","metadata","metadata.*","git","contact","links","id","source","sourceFile","createdAt","updatedAt"],A=async n=>{await(await R.getInstance({baseDbDir:n})).deleteByNamespace(h)},I=async({catalogEntitiesService:n,ctx:e,store:y})=>m("catalog_entities.get_entities",async i=>{const a=e.get("logger");try{const t=e.req.query();i?.setAttribute("queryParams",JSON.stringify(b(t,T)));const{currentRbacTeamsForRead:o,excludedTypes:r,excludedEntities:s}=p({store:y,ctx:e}),c=q(D).parse(t),u=await n.getEntities({paginationParams:c,rbacTeams:o,excludedTypes:r,excludedEntities:s});return i?.setAttribute("entitiesCount",u.items.length),e.json({...u,items:u.items.map(g)})}catch(t){return a.error(t),i?.error(t),e.json({message:"Failed to get entities"},500)}}),P=async({catalogEntitiesService:n,ctx:e,store:y})=>m("catalog_entities.get_entity",async i=>{const a=e.req.param(E);if(!a)return i?.error(new Error("Entity id is required")),e.json({message:"Entity id is required"},400);i?.setAttribute("pathParams",JSON.stringify({entityId:a}));const{currentRbacTeamsForRead:t,excludedTypes:o,excludedEntities:r}=p({store:y,ctx:e}),s=await n.getEntityById(a,{rbacTeams:t,excludedTypes:o,excludedEntities:r});return s?(i?.setAttribute("entity",JSON.stringify(s)),e.json(g(s))):(i?.error(new Error("Entity not found")),e.json({message:"Entity not found"},404))}),N=async({catalogEntitiesService:n,ctx:e,catalogConfig:y,serverOutDir:i,store:a})=>m("catalog_entities.create_entity",async t=>{const o=e.get("logger");try{const r=await e.req.json();t?.setAttribute("requestBody",JSON.stringify(r));const s=v(r,y);if(!f({ctx:e,store:a,accessLevel:"WRITE",entityType:s.type,entityKey:s.key}))return t?.error(new Error("Access denied")),e.json({message:"Access denied"},403);const u=await n.createEntity(s),d=s.relations?.map(l=>O(s.key,l));return await n.createEntitiesRelations(d??[]),u?(A(i),t?.setAttribute("entity",JSON.stringify(u)),e.json(g(u))):(t?.error(new Error("Failed to create entity")),e.json({message:"Failed to create entity"},500))}catch(r){return o.error(r),r instanceof Error&&r.message.includes("validation failed")?(t?.error(new Error(r.message)),e.json({message:r.message},400)):(t?.error(r),e.json({message:"Failed to create entity"},500))}}),W=async({catalogEntitiesService:n,ctx:e,catalogConfig:y,serverOutDir:i,store:a})=>m("catalog_entities.bulk_upsert_entities",async t=>{const o=e.get("logger");try{const r=await e.req.json();t?.setAttribute("requestBody",JSON.stringify(r));const s=F(r,y);for(const d of s)if(!f({ctx:e,store:a,accessLevel:"WRITE",entityType:d.type,entityKey:d.key}))return t?.error(new Error("Access denied")),e.json({message:"Access denied"},403);const c=await n.createEntities(s);if(!c.length)return t?.error(new Error("Failed to create entities")),e.json({message:"Failed to create entities"},500);A(i);const u=c.filter(d=>d.status==="ok");return t?.setAttribute("totalSuccess",u.length),t?.setAttribute("totalFailed",c.length-u.length),e.json(u.map(d=>({...d,resource:g(d.resource)})),207)}catch(r){return o.error(r),r instanceof Error&&r.message.includes("validation failed")?(t?.error(new Error(r.message)),e.json({message:r.message},400)):(t?.error(r),e.json({message:"Failed to create entities"},500))}}),k=async({catalogEntitiesService:n,ctx:e,catalogConfig:y,serverOutDir:i,store:a})=>m("catalog_entities.update_entity",async t=>{const o=e.get("logger"),r=e.req.param(E);if(!r)return t?.error(new Error("Entity id is required")),e.json({message:"Entity id is required"},400);t?.setAttribute("pathParams",JSON.stringify({entityId:r}));try{const s=await e.req.json();t?.setAttribute("requestBody",JSON.stringify(s));const c=await n.getEntityById(r);if(!c)return t?.error(new Error(`Entity with id: ${r} not found`)),e.json({message:`Entity with id: ${r} not found`},404);if(!f({ctx:e,store:a,accessLevel:"WRITE",entityType:s.type??c.type,entityKey:s.key??c.key}))return t?.error(new Error("Access denied")),e.json({message:"Access denied"},403);const d=C(s,y,s?.type??c.type);if(d.revision&&!j(d.revision))throw new Error("Entity validation failed: 'entity.revision' must be a valid ISO 8601 date-time string");const l=await n.updateEntity(d,c);return l?(A(i),t?.setAttribute("entity",JSON.stringify(l)),e.json(g(l))):(t?.error(new Error("Failed to update entity")),e.json({message:"Failed to update entity"},500))}catch(s){return o.error(s),s instanceof Error&&s.message.includes("validation failed")?(t?.error(new Error(s.message)),e.json({message:s.message},400)):(t?.error(s),e.json({message:s.message},500))}}),L=async({catalogEntitiesService:n,ctx:e,serverOutDir:y,store:i})=>m("catalog_entities.delete_entity",async a=>{const t=e.req.param(E);if(!t)return a?.error(new Error("Entity id is required")),e.json({message:"Entity id is required"},400);a?.setAttribute("pathParams",JSON.stringify({entityId:t}));const o=await n.getEntityById(t);return o?f({ctx:e,store:i,accessLevel:"WRITE",entityType:o.type,entityKey:o.key})?(await n.deleteEntity(o),A(y),new Response(null,{status:204})):(a?.error(new Error("Access denied")),e.json({message:"Access denied"},403)):new Response(null,{status:204})}),J={GET:I,POST:N,PUT:W},B={GET:P,DELETE:L,PATCH:k};function re(n){return async e=>m("catalog_entities",async y=>{const i=await _.getInstance({baseDbDir:n.serverOutDir}),a=e.req.method;y?.setAttribute("method",a);const t=e.req.param(E)?B:J,o=w(n.config.entitiesCatalog),r=t[a];return r?await r({catalogEntitiesService:i,ctx:e,catalogConfig:o,serverOutDir:n.serverOutDir,store:n}):(y?.error(new Error("Method not allowed")),e.json({message:"Method not allowed"},405))})}export{re as catalogHandler};
|
|
File without changes
|
package/dist/server/web-server/routes/catalog/helpers/create-entity-relation-update-schema.d.ts
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
export declare function createEntityRelationUpdateSchema(): {
|
|
2
|
+
required: undefined;
|
|
3
|
+
type: "object";
|
|
4
|
+
properties: {
|
|
5
|
+
readonly type: {
|
|
6
|
+
readonly type: "string";
|
|
7
|
+
readonly enum: readonly ["partOf", "hasParts", "creates", "createdBy", "owns", "ownedBy", "implements", "implementedBy", "dependsOn", "dependencyOf", "uses", "usedBy", "produces", "consumes", "linksTo", "supersedes", "supersededBy", "compatibleWith", "extends", "extendedBy", "relatesTo", "hasMember", "memberOf", "triggers", "triggeredBy", "returns", "returnedBy"];
|
|
8
|
+
};
|
|
9
|
+
readonly sourceKey: {
|
|
10
|
+
readonly type: "string";
|
|
11
|
+
readonly minLength: 2;
|
|
12
|
+
readonly maxLength: 150;
|
|
13
|
+
};
|
|
14
|
+
readonly targetKey: {
|
|
15
|
+
readonly type: "string";
|
|
16
|
+
readonly minLength: 2;
|
|
17
|
+
readonly maxLength: 150;
|
|
18
|
+
};
|
|
19
|
+
readonly sourceVersion: {
|
|
20
|
+
readonly type: readonly ["string", "null"];
|
|
21
|
+
};
|
|
22
|
+
readonly sourceRevision: {
|
|
23
|
+
readonly type: readonly ["string", "null"];
|
|
24
|
+
};
|
|
25
|
+
readonly targetVersion: {
|
|
26
|
+
readonly type: readonly ["string", "null"];
|
|
27
|
+
};
|
|
28
|
+
readonly targetRevision: {
|
|
29
|
+
readonly type: readonly ["string", "null"];
|
|
30
|
+
};
|
|
31
|
+
readonly sourceFile: {
|
|
32
|
+
readonly type: readonly ["string", "null"];
|
|
33
|
+
};
|
|
34
|
+
readonly fileHash: {
|
|
35
|
+
readonly type: readonly ["string", "null"];
|
|
36
|
+
};
|
|
37
|
+
readonly isDeleted: {
|
|
38
|
+
readonly type: readonly ["boolean", "null"];
|
|
39
|
+
};
|
|
40
|
+
};
|
|
41
|
+
additionalProperties: false;
|
|
42
|
+
};
|
|
43
|
+
//# sourceMappingURL=create-entity-relation-update-schema.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{entityRelationDtoSchema as e}from"../../../../plugins/catalog-entities/schemas/dto-schemas.js";function n(){return{...e,required:void 0}}export{n as createEntityRelationUpdateSchema};
|