@redocly/redoc 0.132.0-next.8 → 0.132.0-next.9

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @redocly/redoc
 
+## 0.132.0-next.9
+
+### Patch Changes
+
+- 3367cbdaba3: Fixed `residency` configuration causing build failures.
+
 ## 0.132.0-next.8
 
 ### Patch Changes

package/dist/bin.d.ts

@@ -1,5 +1,4 @@
 #!/usr/bin/env node
 import './server/utils/set-execution-mode.js';
 import './cli/utils/node-version-check.js';
-import './server/node-fetch-polyfill.js';
 //# sourceMappingURL=bin.d.ts.map

package/dist/bin.js

@@ -1,2 +1,2 @@
 #!/usr/bin/env node
-import"./server/utils/set-execution-mode.js";import"./cli/utils/node-version-check.js";import o from"mri";import*as r from"node:path";import{tmpdir as T}from"node:os";import*as u from"node:fs";import"./server/node-fetch-polyfill.js";import{cliCommandNames as C}from"./constants/common.js";import{initPlugins as S}from"./server/plugins/lifecycle.js";import{loadEnvVariables as k}from"./server/utils/envs/load-env-variables.js";import{PORTAL_VERSION as I}from"./server/version.js";import{logger as i}from"./server/tools/notifiers/logger.js";import{reporter as t}from"./server/tools/notifiers/reporter.js";import{sha as V}from"./server/utils/crypto/sha.js";import{envConfig as L}from"./server/config/env-config.js";import{PACKAGE_NAME as w}from"./config/product-gates.js";import{develop as R}from"./cli/develop.js";import{eject as _}from"./cli/eject/index.js";import{beforeCommand as E}from"./server/utils/lifecycle-hooks.js";import{Store as j}from"./server/store.js";import{build as M}from"./cli/build/index.js";import{fromCurrentDir as N}from"./server/utils/paths.js";import{translationsCliOpts as F}from"./cli/translations/options.js";import{generateTranslations as U}from"./cli/translations/index.js";import{EntitlementsProvider as $}from"./server/entitlements/entitlements-provider.js";import{isValidPlan as B}from"./server/entitlements/is-valid-plan.js";import{stopAllCompilers as G}from"./server/esbuild/esbuild.js";import{copyLibsqlPrebuiltBinary as q}from"./cli/build/libsql/copy-prebuilt-binary.js";import{telemetry as f}from"./cli/telemetry/index.js";import{stats as K}from"./cli/stats/index.js";import{statsCliOpts as Y}from"./cli/stats/options.js";const c=process.argv[2];let a;const v={alias:{d:"project-dir",p:"port"},default:{"project-dir":L.REDOCLY_CONTENT_DIR||process.cwd(),outdir:"public"}},z={alias:v.alias,default:{...v.default,plan:"enterprise"}},H={alias:{d:"buildDir"},default:{buildDir:"public"}},J={boolean:["force"],alias:{f:"force",d:"project-dir"},default:{"project-dir":process.cwd()}};process.on("uncaughtException",async function(e){e?.code==="ERR_INVALID_STATE"?console.log("Ignore premature close error"):(i.error("Uncaught exception occurred. Stopping compilers."),await G(),i.error("Exiting due to uncaught exception"),await t.panic(e))});try{c||await t.panicOnContentError("Command not specified.");const e=$.instance();switch(["build","prepare","serve","stats"].includes(c)&&await e.init(),["eject","translate"].includes(c)&&await e.init({developModePlan:"enterprise"}),c){case"develop":case"preview":const s=o(process.argv.slice(3),z),O=r.resolve(s["project-dir"]),h=encodeURIComponent(V(O)),p=r.join(T(),"redocly-public-"+h);u.existsSync(p)&&(i.verbose("Cleaning temporary output directory..."),u.rmSync(p,{recursive:!0,force:!0}),i.verbose("Temporary output directory cleaned."));const m=s.plan.toLowerCase();B(m)||await t.panicOnContentError(`Invalid --plan argument value '${m}'.`),await e.init({developModePlan:m}),a=new j({contentDir:r.resolve(s["project-dir"]),outdir:p,serverOutDir:N(import.meta.url,"./server/esbuild/cache/server")}),await E(C.DEVELOP,s,a),await R(s,a);break;case"build":case"prepare":const n=o(process.argv.slice(3),v),g=r.resolve(r.join(n.outdir,"server"));a=new j({contentDir:r.resolve(n["project-dir"]),outdir:r.resolve(n.outdir,"client"),serverOutDir:g}),await E(C.BUILD,n,a),q(g),await M(n,a);break;case"serve":await k();const A=o(process.argv.slice(3),H),D=r.resolve(A.buildDir);f.sendServeCliCommandExecutedMessage();const b=r.join(D,"server","index.mjs");u.existsSync(b)||await t.panic(`Server not found. Please run \`${w} build\` first (or \`${w} prepare\` for the deprecated command)`),import(b).catch(async l=>{await t.panic("Failed to load server",l)});break;case"eject":e.canAccessFeature("themeEjecting")||await t.panicOnContentError('The "eject" command is not available for this project');const d=o(process.argv.slice(3),J),{lifecycleContext:{getConfig:y,fs:P}}=await S({outdir:"",contentDir:r.resolve(d["project-dir"]),setGlobalConfig:()=>null});P.dispose(),f.sendCliCommandEjectExecutedMessage([{object:"cli_command",arguments:d}]),await _({...d,config:await y()}),i.clearAllTimeouts();break;case"translate":if(e.canAccessFeature("l10n")){const l=o(process.argv.slice(3),F);f.sendCliCommandTranslateExecutedMessage({arguments:l}),await U(l)}else await t.panicOnContentError('The "translate" command is not available for this project');break;case"stats":const x=o(process.argv.slice(3),Y);await K(x);break;case"--version":console.log(I);break;default:await t.panicOnContentError(`Unknown command "${c}"`)}}catch(e){i.error("Exiting due to uncaught exception"),await t.panic(e)}
+import"./server/utils/set-execution-mode.js";import"./cli/utils/node-version-check.js";import o from"mri";import*as r from"node:path";import{tmpdir as T}from"node:os";import*as u from"node:fs";import{cliCommandNames as C}from"./constants/common.js";import{initPlugins as S}from"./server/plugins/lifecycle.js";import{loadEnvVariables as k}from"./server/utils/envs/load-env-variables.js";import{PORTAL_VERSION as I}from"./server/version.js";import{logger as i}from"./server/tools/notifiers/logger.js";import{reporter as t}from"./server/tools/notifiers/reporter.js";import{sha as V}from"./server/utils/crypto/sha.js";import{envConfig as L}from"./server/config/env-config.js";import{PACKAGE_NAME as w}from"./config/product-gates.js";import{develop as R}from"./cli/develop.js";import{eject as _}from"./cli/eject/index.js";import{beforeCommand as E}from"./server/utils/lifecycle-hooks.js";import{Store as j}from"./server/store.js";import{build as M}from"./cli/build/index.js";import{fromCurrentDir as N}from"./server/utils/paths.js";import{translationsCliOpts as F}from"./cli/translations/options.js";import{generateTranslations as U}from"./cli/translations/index.js";import{EntitlementsProvider as $}from"./server/entitlements/entitlements-provider.js";import{isValidPlan as B}from"./server/entitlements/is-valid-plan.js";import{stopAllCompilers as G}from"./server/esbuild/esbuild.js";import{copyLibsqlPrebuiltBinary as q}from"./cli/build/libsql/copy-prebuilt-binary.js";import{telemetry as f}from"./cli/telemetry/index.js";import{stats as K}from"./cli/stats/index.js";import{statsCliOpts as Y}from"./cli/stats/options.js";const c=process.argv[2];let a;const v={alias:{d:"project-dir",p:"port"},default:{"project-dir":L.REDOCLY_CONTENT_DIR||process.cwd(),outdir:"public"}},z={alias:v.alias,default:{...v.default,plan:"enterprise"}},H={alias:{d:"buildDir"},default:{buildDir:"public"}},J={boolean:["force"],alias:{f:"force",d:"project-dir"},default:{"project-dir":process.cwd()}};process.on("uncaughtException",async function(e){e?.code==="ERR_INVALID_STATE"?console.log("Ignore premature close error"):(i.error("Uncaught exception occurred. Stopping compilers."),await G(),i.error("Exiting due to uncaught exception"),await t.panic(e))});try{c||await t.panicOnContentError("Command not specified.");const e=$.instance();switch(["build","prepare","serve","stats"].includes(c)&&await e.init(),["eject","translate"].includes(c)&&await e.init({developModePlan:"enterprise"}),c){case"develop":case"preview":const s=o(process.argv.slice(3),z),O=r.resolve(s["project-dir"]),h=encodeURIComponent(V(O)),p=r.join(T(),"redocly-public-"+h);u.existsSync(p)&&(i.verbose("Cleaning temporary output directory..."),u.rmSync(p,{recursive:!0,force:!0}),i.verbose("Temporary output directory cleaned."));const m=s.plan.toLowerCase();B(m)||await t.panicOnContentError(`Invalid --plan argument value '${m}'.`),await e.init({developModePlan:m}),a=new j({contentDir:r.resolve(s["project-dir"]),outdir:p,serverOutDir:N(import.meta.url,"./server/esbuild/cache/server")}),await E(C.DEVELOP,s,a),await R(s,a);break;case"build":case"prepare":const n=o(process.argv.slice(3),v),g=r.resolve(r.join(n.outdir,"server"));a=new j({contentDir:r.resolve(n["project-dir"]),outdir:r.resolve(n.outdir,"client"),serverOutDir:g}),await E(C.BUILD,n,a),q(g),await M(n,a);break;case"serve":await k();const A=o(process.argv.slice(3),H),D=r.resolve(A.buildDir);f.sendServeCliCommandExecutedMessage();const b=r.join(D,"server","index.mjs");u.existsSync(b)||await t.panic(`Server not found. Please run \`${w} build\` first (or \`${w} prepare\` for the deprecated command)`),import(b).catch(async l=>{await t.panic("Failed to load server",l)});break;case"eject":e.canAccessFeature("themeEjecting")||await t.panicOnContentError('The "eject" command is not available for this project');const d=o(process.argv.slice(3),J),{lifecycleContext:{getConfig:y,fs:P}}=await S({outdir:"",contentDir:r.resolve(d["project-dir"]),setGlobalConfig:()=>null});P.dispose(),f.sendCliCommandEjectExecutedMessage([{object:"cli_command",arguments:d}]),await _({...d,config:await y()}),i.clearAllTimeouts();break;case"translate":if(e.canAccessFeature("l10n")){const l=o(process.argv.slice(3),F);f.sendCliCommandTranslateExecutedMessage({arguments:l}),await U(l)}else await t.panicOnContentError('The "translate" command is not available for this project');break;case"stats":const x=o(process.argv.slice(3),Y);await K(x);break;case"--version":console.log(I);break;default:await t.panicOnContentError(`Unknown command "${c}"`)}}catch(e){i.error("Exiting due to uncaught exception"),await t.panic(e)}

package/dist/server/config/env-schema.d.ts

@@ -42,7 +42,7 @@ export declare const envSchema: z.ZodObject<{
     LOCALHOST_LOGIN: z.ZodOptional<z.ZodEnum<["true", "false"]>>;
     REDOCLY_OAUTH_USE_INTROSPECT: z.ZodOptional<z.ZodString>;
     REDOCLY_ENFORCE_LOGIN: z.ZodOptional<z.ZodEnum<["true", "false"]>>;
-    REDOCLY_ENFORCE_RESIDENCY: z.ZodOptional<z.ZodString>;
+    REDOCLY_ENFORCE_RESIDENCY: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodLiteral<"">]>>;
 } & {
     REDOCLY_SSR_RENDER_MODE: z.ZodOptional<z.ZodEnum<["worker", "main"]>>;
     REDOCLY_SSR_WORKERS_MIN: z.ZodOptional<z.ZodNumber>;
@@ -124,7 +124,7 @@ export declare const envSchema: z.ZodObject<{
     LOCALHOST_LOGIN: z.ZodOptional<z.ZodEnum<["true", "false"]>>;
     REDOCLY_OAUTH_USE_INTROSPECT: z.ZodOptional<z.ZodString>;
     REDOCLY_ENFORCE_LOGIN: z.ZodOptional<z.ZodEnum<["true", "false"]>>;
-    REDOCLY_ENFORCE_RESIDENCY: z.ZodOptional<z.ZodString>;
+    REDOCLY_ENFORCE_RESIDENCY: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodLiteral<"">]>>;
 } & {
     REDOCLY_SSR_RENDER_MODE: z.ZodOptional<z.ZodEnum<["worker", "main"]>>;
     REDOCLY_SSR_WORKERS_MIN: z.ZodOptional<z.ZodNumber>;
@@ -206,7 +206,7 @@ export declare const envSchema: z.ZodObject<{
     LOCALHOST_LOGIN: z.ZodOptional<z.ZodEnum<["true", "false"]>>;
     REDOCLY_OAUTH_USE_INTROSPECT: z.ZodOptional<z.ZodString>;
     REDOCLY_ENFORCE_LOGIN: z.ZodOptional<z.ZodEnum<["true", "false"]>>;
-    REDOCLY_ENFORCE_RESIDENCY: z.ZodOptional<z.ZodString>;
+    REDOCLY_ENFORCE_RESIDENCY: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodLiteral<"">]>>;
 } & {
     REDOCLY_SSR_RENDER_MODE: z.ZodOptional<z.ZodEnum<["worker", "main"]>>;
     REDOCLY_SSR_WORKERS_MIN: z.ZodOptional<z.ZodNumber>;

package/dist/server/config/env-schemas/auth.d.ts

@@ -15,7 +15,7 @@ export declare const authSchema: z.ZodObject<{
     LOCALHOST_LOGIN: z.ZodOptional<z.ZodEnum<["true", "false"]>>;
     REDOCLY_OAUTH_USE_INTROSPECT: z.ZodOptional<z.ZodString>;
     REDOCLY_ENFORCE_LOGIN: z.ZodOptional<z.ZodEnum<["true", "false"]>>;
-    REDOCLY_ENFORCE_RESIDENCY: z.ZodOptional<z.ZodString>;
+    REDOCLY_ENFORCE_RESIDENCY: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodLiteral<"">]>>;
 }, "strip", z.ZodTypeAny, {
     JWT_SECRET_KEY?: string | undefined;
     AUTH_URL?: string | undefined;

package/dist/server/config/env-schemas/auth.js

@@ -1 +1 @@
-import{z as o}from"zod";const n=o.object({JWT_SECRET_KEY:o.string().optional(),AUTH_URL:o.string().url().optional(),BH_API_URL:o.string().url().optional(),ENTITLEMENTS_JWKS_CDN_URL:o.string().url().optional(),OAUTH_CLIENT_ID:o.string().optional(),OAUTH_CLIENT_SECRET:o.string().optional(),OIDC_CLIENT_ID:o.string().optional(),OIDC_CLIENT_SECRET:o.string().optional(),OIDC_ISSUER_URL:o.string().url().optional(),LOCALHOST_LOGIN:o.enum(["true","false"]).optional(),REDOCLY_OAUTH_USE_INTROSPECT:o.string().optional(),REDOCLY_ENFORCE_LOGIN:o.enum(["true","false"]).optional(),REDOCLY_ENFORCE_RESIDENCY:o.string().url().optional()});export{n as authSchema};
+import{z as o}from"zod";const n=o.object({JWT_SECRET_KEY:o.string().optional(),AUTH_URL:o.string().url().optional(),BH_API_URL:o.string().url().optional(),ENTITLEMENTS_JWKS_CDN_URL:o.string().url().optional(),OAUTH_CLIENT_ID:o.string().optional(),OAUTH_CLIENT_SECRET:o.string().optional(),OIDC_CLIENT_ID:o.string().optional(),OIDC_CLIENT_SECRET:o.string().optional(),OIDC_ISSUER_URL:o.string().url().optional(),LOCALHOST_LOGIN:o.enum(["true","false"]).optional(),REDOCLY_OAUTH_USE_INTROSPECT:o.string().optional(),REDOCLY_ENFORCE_LOGIN:o.enum(["true","false"]).optional(),REDOCLY_ENFORCE_RESIDENCY:o.union([o.string().url(),o.literal("")]).optional()});export{n as authSchema};

package/dist/server/web-server/auth.js

@@ -9,4 +9,4 @@ import"../node-crypto-polyfill.js";import{DOMParser as b}from"@xmldom/xmldom";im
     <samlp:NameIDPolicy
       AllowCreate="true"
       Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
-  </samlp:AuthnRequest>`,s=ye(a);return{loginUrl:ee(t.ssoUrl,{SAMLRequest:s,RelayState:JSON.stringify({idpId:t.idpId,redirectTo:r,inviteCode:n,source:"portal"})})}}function ye(e){return ae(H(new TextEncoder().encode(e)).buffer)}function Ge(e){const t=P(e);if(t.startsWith("<samlp:Response")||t.indexOf("<saml2p:Response")>-1)return t;const r=J(new Uint8Array(atob(e).split("").map(n=>n.charCodeAt(0))));return new TextDecoder().decode(r)}function Ze(e){try{return JSON.parse(P(e||""))}catch{throw new Error("Invalid OAuth2 state")}}function et(e){const t=new b().parseFromString(e,"application/xml"),n=i(t,"//*[local-name(.)='StatusCode']/@Value")[0]?.nodeValue?.endsWith("Success")||!1,a=i(t,"//*[local-name(.)='Response']/@Destination")[0]?.nodeValue||"",s=i(t,"//*[local-name(.)='Assertion']//*[local-name(.)='Issuer']/text()")[0],l=s&&s.nodeValue||void 0,m=i(t,"//*[local-name(.)='Audience']/text()")[0],A=m&&m.nodeValue||void 0,c=i(t,"//*[local-name(.)='Assertion']//*[local-name(.)='X509Certificate']/text()")[0]?.nodeValue||"",f=i(t,"//*[local-name(.)='Subject']//*[local-name(.)='NameID']/text()")[0],_=f&&f.nodeValue||"",h=i(t,"//*[local-name(.)='Subject']//*[local-name(.)='NameID']/@Format")[0],d=h&&h.nodeValue||"",x=i(t,"//*[local-name(.)='Conditions']/@NotOnOrAfter")[0],g=we(x),M={},C=i(t,"//*[local-name(.)='AttributeStatement']//*[local-name(.)='Attribute']");if(C.length)for(const T of C){const D=i(T,"./@Name")[0];if(D.nodeValue){const O=i(T,"./*[local-name(.)='AttributeValue']/text()")[0];O?.nodeValue&&(M[D.nodeValue]=O.nodeValue)}}return{uid:_,success:n,expiresAt:g,issuerId:l,entityId:A,attrs:M,cert:c,nameFormat:d,destination:a}}function we(e){const t=typeof e?.nodeValue=="string"&&L(Date.parse(e.nodeValue)),r=L(Date.now()),n=L(Date.now()+720*60*1e3);return t?t>r&&t<n?n:t:r}function L(e){return Math.floor(e/1e3)}const k={},w={jwks:{}};async function V(e,t){if(!k[e]){const r=t.configurationUrl?await $(t.configurationUrl):t.configuration;k[e]=Se()?Ae(r):r}return k[e]}function Se(){const e=Q.REDOCLY_ENFORCE_RESIDENCY;return!!e&&e.includes("host.docker.internal")}function Ae(e){if(typeof e!="object"||e===null)return e;const t={...e};for(const r of Object.keys(t)){const n=t[r];typeof n=="string"&&n.includes("://localhost")&&(t[r]=n.replace("://localhost","://host.docker.internal"))}return t}async function _e(e){for(const t of Object.keys(e)){const r=e[t];if(!E(r))continue;const n=await V(t,r);if(n.jwks_uri){const o=await $(n.jwks_uri);for(const a of o.keys)w.jwks[a.kid]={...a,idpId:t}}}}async function $(e){return fetch(e,{headers:{Accept:"application/json"}}).then(t=>t.json())}async function tt(e){return fetch(`${Y}/oidc/userinfo`,{headers:{Accept:"application/json",Authorization:`Bearer ${e}`}}).then(t=>t.status===200?t.json():void 0).catch(()=>{})}function nt(e){if(!e.configurationUrl)return!1;const t=new URL(e.configurationUrl);return["localhost","127.0.0.1","blueharvest.cloud","bhstage.cloud","cloud.redocly.com","beta.redocly.com","cloud.eu.redocly.com","beta.eu.redocly.com","cba.au.redocly.com"].some(n=>xe(t.hostname,n))}function xe(e,t){return e===t||e.endsWith(`.${t}`)}async function rt(e,t){const r=new b().parseFromString(e),n=i(r,"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];if(!n)throw new Error("Cannot find Signature in the SAML response");const o=ie(t),a=new B({publicCert:o});a.loadSignature(n);try{return a.checkSignature(e)}catch{return!1}}function ot(e,t,r,n){t==="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"&&(e=r["http://schemas.microsoft.com/identity/claims/objectidentifier"]);let o;(t==="urn:oasis:names:tc:SAML:2.0:nameid-format:email"||t==="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")&&(o=e),t==="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"&&e?.match(/.+@.+/)&&(o=e);const a=r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"],s=a?.match(/.+@.+/);return o=o||r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]||(s?a:void 0),o=o?.toLowerCase(),{sub:e,given_name:r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"],family_name:r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"],name:r["http://schemas.microsoft.com/identity/claims/displayname"]||a,email:o,email_verified:!0,teams:n?oe(r[n]):[]}}function z(e,t={}){return e.map(r=>t[r]||r)}async function at(e,t){if(!t)return{};const r=t.authorization;if(!r)return{};try{const n=p.decode(r);if(n.header.alg===y.RS256){w.jwks[n.header.kid]===void 0&&await _e(e);const m=w.jwks[n.header.kid];if(!m)return w.jwks[n.header.kid]=null,{};await p.verify(r,m,y.RS256)}else await p.verify(r,I,y.HS256);const o=n.payload.idpId||w.jwks[n.header.kid]?.idpId,a=e[o]||{},s=Le(a),l=Ie(a);return{...n.payload,email:n.payload.email?.toLowerCase(),idpId:o,teams:Array.from(new Set([...z(n.payload.teams||[],l),..."defaultTeams"in a&&a.defaultTeams||[],...z("teamsClaimName"in a&&n.payload[s||""]||[],l),Z])),name:ge(n.payload),isAuthenticated:!0,idpAccessToken:n.payload.idp_access_token||t.idp_access_token,federatedAccessToken:t.federated_access_token,federatedIdToken:t.federated_id_token,authCookie:r}}catch(n){n instanceof re||te.error("Malformed JWT token: %s",n.message)}return{}}function ge(e){return(e.firstName&&e.lastName?`${e.firstName} ${e.lastName}`:e.name||e.given_name||e.firstName||e.lastName)||e.email}function Ie(e){switch(e.type){case u.SAML2:return e.teamsAttributeMap;case u.OIDC:return e.teamsClaimMap;default:return}}function Le(e){switch(e.type){case u.SAML2:return e.teamsAttributeName;case u.OIDC:return e.teamsClaimName;default:return K}}function i(e,t){return F.select(t,e)||[]}export{Xe as buildLoginUrl,me as buildOidcLoginUrl,We as buildOidcLogoutUrl,he as buildSAML2LoginUrl,Ke as createMcpAuthorizationCode,Qe as createMcpSessionResource,Ge as decodeSamlResponse,ye as encodeSAML2,ot as extractUserClaims,Je as getAuthProviderLoginParams,ue as getOidcLoginParams,V as getOidcMetadata,tt as getRedoclyTokenPayload,de as getSaml2LoginParams,at as getUserParamsFromCookies,ge as getUsernameFromPayload,E as isOidcProviderConfig,nt as isRedoclySso,ce as isSaml2ProviderConfig,qe as oidcExchangeCodeForToken,w as oidcJwksCache,k as oidcMetadataCache,Ze as parseOidcState,le as parsePreviewBranch,et as parseSamlResponse,j as rewritePreviewAuthRedirectUri,Ye as verifyMcpAuthorizationCode,rt as verifySAMLResponse};
+  </samlp:AuthnRequest>`,s=ye(a);return{loginUrl:ee(t.ssoUrl,{SAMLRequest:s,RelayState:JSON.stringify({idpId:t.idpId,redirectTo:r,inviteCode:n,source:"portal"})})}}function ye(e){return ae(H(new TextEncoder().encode(e)).buffer)}function Ge(e){const t=P(e);if(t.startsWith("<samlp:Response")||t.indexOf("<saml2p:Response")>-1)return t;const r=J(new Uint8Array(atob(e).split("").map(n=>n.charCodeAt(0))));return new TextDecoder().decode(r)}function Ze(e){try{return JSON.parse(P(e||""))}catch{throw new Error("Invalid OAuth2 state")}}function et(e){const t=new b().parseFromString(e,"application/xml"),n=i(t,"//*[local-name(.)='StatusCode']/@Value")[0]?.nodeValue?.endsWith("Success")||!1,a=i(t,"//*[local-name(.)='Response']/@Destination")[0]?.nodeValue||"",s=i(t,"//*[local-name(.)='Assertion']//*[local-name(.)='Issuer']/text()")[0],l=s&&s.nodeValue||void 0,m=i(t,"//*[local-name(.)='Audience']/text()")[0],A=m&&m.nodeValue||void 0,c=i(t,"//*[local-name(.)='Assertion']//*[local-name(.)='X509Certificate']/text()")[0]?.nodeValue||"",f=i(t,"//*[local-name(.)='Subject']//*[local-name(.)='NameID']/text()")[0],_=f&&f.nodeValue||"",h=i(t,"//*[local-name(.)='Subject']//*[local-name(.)='NameID']/@Format")[0],d=h&&h.nodeValue||"",x=i(t,"//*[local-name(.)='Conditions']/@NotOnOrAfter")[0],g=we(x),M={},C=i(t,"//*[local-name(.)='AttributeStatement']//*[local-name(.)='Attribute']");if(C.length)for(const T of C){const D=i(T,"./@Name")[0];if(D.nodeValue){const O=i(T,"./*[local-name(.)='AttributeValue']/text()")[0];O?.nodeValue&&(M[D.nodeValue]=O.nodeValue)}}return{uid:_,success:n,expiresAt:g,issuerId:l,entityId:A,attrs:M,cert:c,nameFormat:d,destination:a}}function we(e){const t=typeof e?.nodeValue=="string"&&L(Date.parse(e.nodeValue)),r=L(Date.now()),n=L(Date.now()+720*60*1e3);return t?t>r&&t<n?n:t:r}function L(e){return Math.floor(e/1e3)}const k={},w={jwks:{}};async function V(e,t){if(!k[e]){const r=t.configurationUrl?await $(t.configurationUrl):t.configuration;k[e]=Se()?Ae(r):r}return k[e]}function Se(){const e=Q.REDOCLY_ENFORCE_RESIDENCY;return!!e&&e.includes("host.docker.internal")}function Ae(e){if(typeof e!="object"||e===null)return e;const t={...e};for(const r of Object.keys(t)){const n=t[r];typeof n=="string"&&n.includes("://localhost")&&(t[r]=n.replace("://localhost","://host.docker.internal"))}return t}async function _e(e){for(const t of Object.keys(e)){const r=e[t];if(!E(r))continue;const n=await V(t,r);if(n.jwks_uri){const o=await $(n.jwks_uri);for(const a of o.keys)w.jwks[a.kid]={...a,idpId:t}}}}async function $(e){return fetch(e,{headers:{Accept:"application/json"}}).then(t=>t.json())}async function tt(e){return fetch(`${Y}/oidc/userinfo`,{headers:{Accept:"application/json",Authorization:`Bearer ${e}`}}).then(t=>t.status===200?t.json():void 0).catch(()=>{})}function nt(e){if(!e.configurationUrl)return!1;const t=new URL(e.configurationUrl);return["localhost","127.0.0.1","blueharvest.cloud","bhstage.cloud","cloud.redocly.com","beta.redocly.com","cloud.eu.redocly.com","beta.eu.redocly.com","cba.au.redocly.com"].some(n=>xe(t.hostname,n))}function xe(e,t){return e===t||e.endsWith(`.${t}`)}async function rt(e,t){const r=new b().parseFromString(e,"application/xml"),n=i(r,"//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];if(!n)throw new Error("Cannot find Signature in the SAML response");const o=ie(t),a=new B({publicCert:o});a.loadSignature(n);try{return a.checkSignature(e)}catch{return!1}}function ot(e,t,r,n){t==="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"&&(e=r["http://schemas.microsoft.com/identity/claims/objectidentifier"]);let o;(t==="urn:oasis:names:tc:SAML:2.0:nameid-format:email"||t==="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")&&(o=e),t==="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"&&e?.match(/.+@.+/)&&(o=e);const a=r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"],s=a?.match(/.+@.+/);return o=o||r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]||(s?a:void 0),o=o?.toLowerCase(),{sub:e,given_name:r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"],family_name:r["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"],name:r["http://schemas.microsoft.com/identity/claims/displayname"]||a,email:o,email_verified:!0,teams:n?oe(r[n]):[]}}function z(e,t={}){return e.map(r=>t[r]||r)}async function at(e,t){if(!t)return{};const r=t.authorization;if(!r)return{};try{const n=p.decode(r);if(n.header.alg===y.RS256){w.jwks[n.header.kid]===void 0&&await _e(e);const m=w.jwks[n.header.kid];if(!m)return w.jwks[n.header.kid]=null,{};await p.verify(r,m,y.RS256)}else await p.verify(r,I,y.HS256);const o=n.payload.idpId||w.jwks[n.header.kid]?.idpId,a=e[o]||{},s=Le(a),l=Ie(a);return{...n.payload,email:n.payload.email?.toLowerCase(),idpId:o,teams:Array.from(new Set([...z(n.payload.teams||[],l),..."defaultTeams"in a&&a.defaultTeams||[],...z("teamsClaimName"in a&&n.payload[s||""]||[],l),Z])),name:ge(n.payload),isAuthenticated:!0,idpAccessToken:n.payload.idp_access_token||t.idp_access_token,federatedAccessToken:t.federated_access_token,federatedIdToken:t.federated_id_token,authCookie:r}}catch(n){n instanceof re||te.error("Malformed JWT token: %s",n.message)}return{}}function ge(e){return(e.firstName&&e.lastName?`${e.firstName} ${e.lastName}`:e.name||e.given_name||e.firstName||e.lastName)||e.email}function Ie(e){switch(e.type){case u.SAML2:return e.teamsAttributeMap;case u.OIDC:return e.teamsClaimMap;default:return}}function Le(e){switch(e.type){case u.SAML2:return e.teamsAttributeName;case u.OIDC:return e.teamsClaimName;default:return K}}function i(e,t){return F.select(t,e)||[]}export{Xe as buildLoginUrl,me as buildOidcLoginUrl,We as buildOidcLogoutUrl,he as buildSAML2LoginUrl,Ke as createMcpAuthorizationCode,Qe as createMcpSessionResource,Ge as decodeSamlResponse,ye as encodeSAML2,ot as extractUserClaims,Je as getAuthProviderLoginParams,ue as getOidcLoginParams,V as getOidcMetadata,tt as getRedoclyTokenPayload,de as getSaml2LoginParams,at as getUserParamsFromCookies,ge as getUsernameFromPayload,E as isOidcProviderConfig,nt as isRedoclySso,ce as isSaml2ProviderConfig,qe as oidcExchangeCodeForToken,w as oidcJwksCache,k as oidcMetadataCache,Ze as parseOidcState,le as parsePreviewBranch,et as parseSamlResponse,j as rewritePreviewAuthRedirectUri,Ye as verifyMcpAuthorizationCode,rt as verifySAMLResponse};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@redocly/redoc",
-  "version": "0.132.0-next.8",
+  "version": "0.132.0-next.9",
   "description": "",
   "type": "module",
   "bin": {
@@ -36,7 +36,7 @@
     "@tanstack/react-virtual": "3.13.0",
     "@redocly/mcp-typescript-sdk": "1.18.1",
     "@wojtekmaj/react-datetimerange-picker": "6.0.0",
-    "@xmldom/xmldom": "0.8.10",
+    "@xmldom/xmldom": "0.9.9",
     "ajv-formats": "^3.0.1",
     "anser": "^2.3.2",
     "babel-plugin-styled-components": "2.1.4",
@@ -62,7 +62,6 @@
     "minimatch": "10.2.4",
     "mri": "1.2.0",
     "nanoid": "5.0.9",
-    "node-fetch": "3.3.1",
     "nprogress": "0.2.0",
     "openapi-sampler": "^1.7.2",
     "os-browserify": "0.3.0",

package/dist/server/node-fetch-polyfill.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=node-fetch-polyfill.d.ts.map

package/dist/server/node-fetch-polyfill.js

@@ -1 +0,0 @@
-import e,{Headers as s,Request as l,Response as o}from"node-fetch";globalThis.fetch||(globalThis.fetch=e,globalThis.Headers=s,globalThis.Request=l,globalThis.Response=o);