@rudderjs/passport 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/grants/authorization-code.d.ts +56 -0
- package/dist/grants/authorization-code.d.ts.map +1 -0
- package/dist/grants/authorization-code.js +152 -0
- package/dist/grants/authorization-code.js.map +1 -0
- package/dist/grants/client-credentials.d.ts +13 -0
- package/dist/grants/client-credentials.d.ts.map +1 -0
- package/dist/grants/client-credentials.js +37 -0
- package/dist/grants/client-credentials.js.map +1 -0
- package/dist/grants/device-code.d.ts +43 -0
- package/dist/grants/device-code.d.ts.map +1 -0
- package/dist/grants/device-code.js +120 -0
- package/dist/grants/device-code.js.map +1 -0
- package/dist/grants/index.d.ts +11 -0
- package/dist/grants/index.d.ts.map +1 -0
- package/dist/grants/index.js +6 -0
- package/dist/grants/index.js.map +1 -0
- package/dist/grants/issue-tokens.d.ts +18 -0
- package/dist/grants/issue-tokens.d.ts.map +1 -0
- package/dist/grants/issue-tokens.js +45 -0
- package/dist/grants/issue-tokens.js.map +1 -0
- package/dist/grants/refresh-token.d.ts +14 -0
- package/dist/grants/refresh-token.d.ts.map +1 -0
- package/dist/grants/refresh-token.js +72 -0
- package/dist/grants/refresh-token.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -1
- package/dist/index.js.map +1 -1
- package/dist/models/AccessToken.d.ts.map +1 -1
- package/dist/models/AccessToken.js +1 -1
- package/dist/models/AccessToken.js.map +1 -1
- package/dist/models/AuthCode.d.ts.map +1 -1
- package/dist/models/AuthCode.js +1 -1
- package/dist/models/AuthCode.js.map +1 -1
- package/dist/models/DeviceCode.d.ts.map +1 -1
- package/dist/models/DeviceCode.js +1 -1
- package/dist/models/DeviceCode.js.map +1 -1
- package/dist/models/OAuthClient.d.ts.map +1 -1
- package/dist/models/OAuthClient.js +1 -1
- package/dist/models/OAuthClient.js.map +1 -1
- package/dist/models/RefreshToken.d.ts.map +1 -1
- package/dist/models/RefreshToken.js +1 -1
- package/dist/models/RefreshToken.js.map +1 -1
- package/dist/models/helpers.d.ts +77 -0
- package/dist/models/helpers.d.ts.map +1 -0
- package/dist/models/helpers.js +53 -0
- package/dist/models/helpers.js.map +1 -0
- package/dist/personal-access-tokens.d.ts +42 -0
- package/dist/personal-access-tokens.d.ts.map +1 -0
- package/dist/personal-access-tokens.js +106 -0
- package/dist/personal-access-tokens.js.map +1 -0
- package/dist/routes.d.ts +22 -0
- package/dist/routes.d.ts.map +1 -0
- package/dist/routes.js +215 -0
- package/dist/routes.js.map +1 -0
- package/package.json +9 -5
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { OAuthClient } from '../models/OAuthClient.js';
|
|
2
|
+
import { AccessToken } from '../models/AccessToken.js';
|
|
3
|
+
import { RefreshToken } from '../models/RefreshToken.js';
|
|
4
|
+
import { accessTokenHelpers, refreshTokenHelpers } from '../models/helpers.js';
|
|
5
|
+
import { issueTokens } from './issue-tokens.js';
|
|
6
|
+
import { OAuthError } from './authorization-code.js';
|
|
7
|
+
/**
|
|
8
|
+
* Refresh token grant — exchange a refresh token for a new access + refresh token pair.
|
|
9
|
+
* The old refresh token is revoked.
|
|
10
|
+
*/
|
|
11
|
+
export async function refreshTokenGrant(params) {
|
|
12
|
+
if (params.grantType !== 'refresh_token') {
|
|
13
|
+
throw new OAuthError('unsupported_grant_type', 'Expected grant_type=refresh_token.');
|
|
14
|
+
}
|
|
15
|
+
// Validate client
|
|
16
|
+
const client = await OAuthClient.where('id', params.clientId).first();
|
|
17
|
+
if (!client || client.revoked) {
|
|
18
|
+
throw new OAuthError('invalid_client', 'Client not found.', 401);
|
|
19
|
+
}
|
|
20
|
+
// Confidential clients must provide a valid secret
|
|
21
|
+
if (client.confidential) {
|
|
22
|
+
if (!params.clientSecret) {
|
|
23
|
+
throw new OAuthError('invalid_client', 'Client secret required.', 401);
|
|
24
|
+
}
|
|
25
|
+
const { createHash } = await import('node:crypto');
|
|
26
|
+
const hashed = createHash('sha256').update(params.clientSecret).digest('hex');
|
|
27
|
+
if (hashed !== client.secret) {
|
|
28
|
+
throw new OAuthError('invalid_client', 'Invalid client secret.', 401);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
// Find refresh token
|
|
32
|
+
const refreshToken = await RefreshToken.where('id', params.refreshToken).first();
|
|
33
|
+
if (!refreshToken) {
|
|
34
|
+
throw new OAuthError('invalid_grant', 'Refresh token not found.');
|
|
35
|
+
}
|
|
36
|
+
if (refreshToken.revoked) {
|
|
37
|
+
throw new OAuthError('invalid_grant', 'Refresh token has been revoked.');
|
|
38
|
+
}
|
|
39
|
+
if (refreshTokenHelpers.isExpired(refreshToken)) {
|
|
40
|
+
throw new OAuthError('invalid_grant', 'Refresh token has expired.');
|
|
41
|
+
}
|
|
42
|
+
// Find the access token this refresh token belongs to
|
|
43
|
+
const accessToken = await AccessToken.where('id', refreshToken.accessTokenId).first();
|
|
44
|
+
if (!accessToken) {
|
|
45
|
+
throw new OAuthError('invalid_grant', 'Associated access token not found.');
|
|
46
|
+
}
|
|
47
|
+
if (accessToken.clientId !== params.clientId) {
|
|
48
|
+
throw new OAuthError('invalid_grant', 'Refresh token was not issued to this client.');
|
|
49
|
+
}
|
|
50
|
+
// Determine scopes — can only narrow, not widen
|
|
51
|
+
const originalScopes = accessTokenHelpers.getScopes(accessToken);
|
|
52
|
+
let scopes = originalScopes;
|
|
53
|
+
if (params.scope) {
|
|
54
|
+
const requested = params.scope.split(' ').filter(Boolean);
|
|
55
|
+
const invalid = requested.filter(s => !originalScopes.includes(s) && !originalScopes.includes('*'));
|
|
56
|
+
if (invalid.length > 0) {
|
|
57
|
+
throw new OAuthError('invalid_scope', `Cannot request scopes not in original token: ${invalid.join(', ')}`);
|
|
58
|
+
}
|
|
59
|
+
scopes = requested;
|
|
60
|
+
}
|
|
61
|
+
// Revoke old tokens
|
|
62
|
+
await RefreshToken.update(refreshToken.id, { revoked: true });
|
|
63
|
+
await AccessToken.update(accessToken.id, { revoked: true });
|
|
64
|
+
// Issue new pair
|
|
65
|
+
return issueTokens({
|
|
66
|
+
userId: accessToken.userId,
|
|
67
|
+
clientId: params.clientId,
|
|
68
|
+
scopes,
|
|
69
|
+
includeRefresh: true,
|
|
70
|
+
});
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=refresh-token.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"refresh-token.js","sourceRoot":"","sources":["../../src/grants/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAA;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAA;AACxD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC9E,OAAO,EAAE,WAAW,EAAqB,MAAM,mBAAmB,CAAA;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAUpD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAA2B;IACjE,IAAI,MAAM,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;QACzC,MAAM,IAAI,UAAU,CAAC,wBAAwB,EAAE,oCAAoC,CAAC,CAAA;IACtF,CAAC;IAED,kBAAkB;IAClB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAwB,CAAA;IAC3F,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAA;IAClE,CAAC;IAED,mDAAmD;IACnD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,yBAAyB,EAAE,GAAG,CAAC,CAAA;QACxE,CAAC;QACD,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC7E,IAAI,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;YAC7B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,wBAAwB,EAAE,GAAG,CAAC,CAAA;QACvE,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,EAAyB,CAAA;IACvG,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAA;IACnE,CAAC;IACD,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,iCAAiC,CAAC,CAAA;IAC1E,CAAC;IACD,IAAI,mBAAmB,CAAC,SAAS,CAAC,YAAmB,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,4BAA4B,CAAC,CAAA;IACrE,CAAC;IAED,sDAAsD;IACtD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC,aAAa,CAAC,CAAC,KAAK,EAAwB,CAAA;IAC3G,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,oCAAoC,CAAC,CAAA;IAC7E,CAAC;IACD,IAAI,WAAW,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC7C,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,8CAA8C,CAAC,CAAA;IACvF,CAAC;IAED,gDAAgD;IAChD,MAAM,cAAc,GAAG,kBAAkB,CAAC,SAAS,CAAC,WAAkB,CAAC,CAAA;IACvE,IAAI,MAAM,GAAG,cAAc,CAAA;IAC3B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QACzD,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAA;QACnG,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,gDAAgD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC7G,CAAC;QACD,MAAM,GAAG,SAAS,CAAA;IACpB,CAAC;IAED,oBAAoB;IACpB,MAAM,YAAY,CAAC,MAAM,CAAE,YAAoB,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;IAC7E,MAAM,WAAW,CAAC,MAAM,CAAE,WAAmB,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;IAE3E,iBAAiB;IACjB,OAAO,WAAW,CAAC;QACjB,MAAM,EAAU,WAAW,CAAC,MAAM;QAClC,QAAQ,EAAQ,MAAM,CAAC,QAAQ;QAC/B,MAAM;QACN,cAAc,EAAE,IAAI;KACrB,CAAC,CAAA;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -14,6 +14,12 @@ export { generateKeys } from './commands/keys.js';
|
|
|
14
14
|
export { createClient } from './commands/client.js';
|
|
15
15
|
export type { CreateClientOpts } from './commands/client.js';
|
|
16
16
|
export { purgeTokens } from './commands/purge.js';
|
|
17
|
+
export { issueTokens, validateAuthorizationRequest, issueAuthCode, exchangeAuthCode, OAuthError, clientCredentialsGrant, refreshTokenGrant, requestDeviceCode, approveDeviceCode, pollDeviceCode, } from './grants/index.js';
|
|
18
|
+
export type { IssuedTokens, AuthorizationRequest, ValidatedAuthRequest, TokenExchangeRequest, ClientCredentialsRequest, RefreshTokenRequest, DeviceAuthorizationResponse, DevicePollResult, } from './grants/index.js';
|
|
19
|
+
export { HasApiTokens, resetPersonalAccessClient } from './personal-access-tokens.js';
|
|
20
|
+
export type { NewPersonalAccessToken } from './personal-access-tokens.js';
|
|
21
|
+
export { registerPassportRoutes } from './routes.js';
|
|
22
|
+
export type { PassportRouteOptions } from './routes.js';
|
|
17
23
|
export interface PassportConfig {
|
|
18
24
|
/** Directory where RSA keys are stored (default: 'storage') */
|
|
19
25
|
keyPath?: string;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAU,MAAM,gBAAgB,CAAA;AAIxD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAElD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAClE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAEvD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAA;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AACnD,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAU,MAAM,gBAAgB,CAAA;AAIxD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAElD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAClE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAEvD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAA;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AACnD,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAGjD,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EACV,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,wBAAwB,EACxB,mBAAmB,EACnB,2BAA2B,EAC3B,gBAAgB,GACjB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA;AACrF,YAAY,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAA;AAGzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAA;AACpD,YAAY,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AAIvD,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,yCAAyC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,gEAAgE;IAChE,4BAA4B,CAAC,EAAE,MAAM,CAAA;IACrC,+CAA+C;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAID,qBAAa,gBAAiB,SAAQ,eAAe;IACnD,QAAQ,IAAI,IAAI;IAEV,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAsG5B"}
|
package/dist/index.js
CHANGED
|
@@ -12,6 +12,12 @@ export { scope } from './middleware/scope.js';
|
|
|
12
12
|
export { generateKeys } from './commands/keys.js';
|
|
13
13
|
export { createClient } from './commands/client.js';
|
|
14
14
|
export { purgeTokens } from './commands/purge.js';
|
|
15
|
+
// Grants
|
|
16
|
+
export { issueTokens, validateAuthorizationRequest, issueAuthCode, exchangeAuthCode, OAuthError, clientCredentialsGrant, refreshTokenGrant, requestDeviceCode, approveDeviceCode, pollDeviceCode, } from './grants/index.js';
|
|
17
|
+
// Personal access tokens
|
|
18
|
+
export { HasApiTokens, resetPersonalAccessClient } from './personal-access-tokens.js';
|
|
19
|
+
// Routes
|
|
20
|
+
export { registerPassportRoutes } from './routes.js';
|
|
15
21
|
// ─── Service Provider ─────────────────────────────────────
|
|
16
22
|
export class PassportProvider extends ServiceProvider {
|
|
17
23
|
register() { }
|
|
@@ -52,11 +58,14 @@ export class PassportProvider extends ServiceProvider {
|
|
|
52
58
|
const isPublic = args.includes('--public');
|
|
53
59
|
const isDevice = args.includes('--device');
|
|
54
60
|
const isPersonal = args.includes('--personal');
|
|
61
|
+
const isM2M = args.includes('--client-credentials');
|
|
55
62
|
const grantTypes = isDevice
|
|
56
63
|
? ['urn:ietf:params:oauth:grant-type:device_code']
|
|
57
64
|
: isPersonal
|
|
58
65
|
? ['personal_access']
|
|
59
|
-
:
|
|
66
|
+
: isM2M
|
|
67
|
+
? ['client_credentials']
|
|
68
|
+
: ['authorization_code', 'refresh_token'];
|
|
60
69
|
const { createClient } = await import('./commands/client.js');
|
|
61
70
|
const { client, secret } = await createClient({
|
|
62
71
|
name,
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAExD,6DAA6D;AAE7D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAGxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAGlE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAA;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AAEnD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAExD,6DAA6D;AAE7D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAGxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAGlE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAA;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AAEnD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAEjD,SAAS;AACT,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAY1B,yBAAyB;AACzB,OAAO,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA;AAGrF,SAAS;AACT,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAA;AAqBpD,6DAA6D;AAE7D,MAAM,OAAO,gBAAiB,SAAQ,eAAe;IACnD,QAAQ,KAAU,CAAC;IAEnB,KAAK,CAAC,IAAI;QACR,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAA;QAElD,MAAM,GAAG,GAAG,MAAM,CAAiB,UAAU,CAAC,CAAA;QAE9C,iBAAiB;QACjB,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YACpC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAA;QACjD,CAAC;aAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YACvB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACpC,CAAC;QAED,sBAAsB;QACtB,IAAI,GAAG,CAAC,cAAc;YAAE,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;QACnE,IAAI,GAAG,CAAC,qBAAqB;YAAE,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QACxF,IAAI,GAAG,CAAC,4BAA4B;YAAE,QAAQ,CAAC,4BAA4B,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;QAE7G,mBAAmB;QACnB,IAAI,GAAG,CAAC,MAAM;YAAE,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAE9C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;QAEvC,wBAAwB;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAA;YAEjD,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,EAAE,IAAc,EAAE,EAAE;gBACvD,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;gBACtC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAA;gBAC3D,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,CAAA;gBACjE,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;gBACpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;gBAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAA;YAC3C,CAAC,CAAC,CAAC,WAAW,CAAC,+CAA+C,CAAC,CAAA;YAE/D,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,EAAE,IAAc,EAAE,EAAE;gBACzD,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAA;gBAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;gBAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;gBAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;gBAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;gBAEnD,MAAM,UAAU,GAAG,QAAQ;oBACzB,CAAC,CAAC,CAAC,8CAA8C,CAAC;oBAClD,CAAC,CAAC,UAAU;wBACV,CAAC,CAAC,CAAC,iBAAiB,CAAC;wBACrB,CAAC,CAAC,KAAK;4BACL,CAAC,CAAC,CAAC,oBAAoB,CAAC;4BACxB,CAAC,CAAC,CAAC,oBAAoB,EAAE,eAAe,CAAC,CAAA;gBAE/C,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAA;gBAC7D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC;oBAC5C,IAAI;oBACJ,YAAY,EAAE,CAAC,QAAQ,IAAI,CAAC,QAAQ;oBACpC,UAAU;iBACX,CAAC,CAAA;gBAEF,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAA;gBACtC,OAAO,CAAC,GAAG,CAAC,kBAAmB,MAAc,CAAC,EAAE,EAAE,CAAC,CAAA;gBACnD,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;gBAC5C,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAA;oBACvC,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAA;gBACnE,CAAC;YACH,CAAC,CAAC,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAA;YAE3C,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,KAAK,IAAI,EAAE;gBAC1C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAA;gBAC3D,MAAM,MAAM,GAAG,MAAM,WAAW,EAAE,CAAA;gBAClC,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,WAAW,CAAA;gBAChG,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,6BAA6B,CAAC,CAAA;gBAC3D,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAA;gBACzD,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,aAAa,EAAE,CAAC,CAAA;gBAC1D,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAA;gBACtD,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAA;YAC1D,CAAC,CAAC,CAAC,WAAW,CAAC,sCAAsC,CAAC,CAAA;YAEtD,0CAA0C;YAC1C,IAAI,CAAC;gBACH,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAA;gBAC9D,iBAAiB,CAAC;oBAChB,OAAO,EAAM,sBAAsB;oBACnC,WAAW,EAAE,kCAAkC;oBAC/C,KAAK,EAAQ,gCAAgC;oBAC7C,SAAS,EAAI,aAAa;oBAC1B,IAAI,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC;;wBAEP,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE;;;;;;;;;;CAUrE;iBACQ,CAAC,CAAA;YACJ,CAAC;YAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;IACxC,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessToken.d.ts","sourceRoot":"","sources":["../../src/models/AccessToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,WAAY,SAAQ,KAAK;IACpC,OAAgB,KAAK,
|
|
1
|
+
{"version":3,"file":"AccessToken.d.ts","sourceRoot":"","sources":["../../src/models/AccessToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,WAAY,SAAQ,KAAK;IACpC,OAAgB,KAAK,SAAqB;IAE1C,OAAgB,QAAQ,WAAmE;IAEnF,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,IAAI,CAAA;IAEvB,2BAA2B;IAC3B,SAAS,IAAI,MAAM,EAAE;IAMrB,+CAA+C;IAC/C,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAK3B,sDAAsD;IACtD,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAI5B,yBAAyB;IACnB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAK7B,sCAAsC;IACtC,SAAS,IAAI,OAAO;IAIpB,iEAAiE;IACjE,OAAO,IAAI,OAAO;CAGnB"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export class AccessToken extends Model {
|
|
3
|
-
static table = '
|
|
3
|
+
static table = 'oAuthAccessToken';
|
|
4
4
|
static fillable = ['userId', 'clientId', 'name', 'scopes', 'revoked', 'expiresAt'];
|
|
5
5
|
/** Parsed scopes array. */
|
|
6
6
|
getScopes() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessToken.js","sourceRoot":"","sources":["../../src/models/AccessToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"AccessToken.js","sourceRoot":"","sources":["../../src/models/AccessToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,MAAM,CAAU,KAAK,GAAG,kBAAkB,CAAA;IAE1C,MAAM,CAAU,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;IAQ3F,2BAA2B;IAC3B,SAAS;QACP,MAAM,GAAG,GAAI,IAA2C,CAAC,QAAQ,CAAC,CAAA;QAClE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,+CAA+C;IAC/C,GAAG,CAAC,KAAa;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAA;QAC/B,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IACvD,CAAC;IAED,sDAAsD;IACtD,IAAI,CAAC,KAAa;QAChB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;IACzB,CAAC;IAED,yBAAyB;IACzB,KAAK,CAAC,MAAM;QACV,IAAI,CAAC,OAAO,GAAG,IAAI,CAAA;QACnB,MAAO,IAAI,CAAC,WAAkC,CAAC,MAAM,CAAE,IAAY,CAAC,EAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;IAC7G,CAAC;IAED,sCAAsC;IACtC,SAAS;QACP,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAA;IACzD,CAAC;IAED,iEAAiE;IACjE,OAAO;QACL,OAAO,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAA;IAC3C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthCode.d.ts","sourceRoot":"","sources":["../../src/models/AuthCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,QAAS,SAAQ,KAAK;IACjC,OAAgB,KAAK,
|
|
1
|
+
{"version":3,"file":"AuthCode.d.ts","sourceRoot":"","sources":["../../src/models/AuthCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,QAAS,SAAQ,KAAK;IACjC,OAAgB,KAAK,SAAkB;IAEvC,OAAgB,QAAQ,WAAmG;IAEnH,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,IAAI,CAAA;IACf,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAA;IAE1C,2BAA2B;IAC3B,SAAS,IAAI,MAAM,EAAE;IAMrB,0CAA0C;IAC1C,SAAS,IAAI,OAAO;IAIpB,6BAA6B;IAC7B,MAAM,IAAI,OAAO;CAGlB"}
|
package/dist/models/AuthCode.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export class AuthCode extends Model {
|
|
3
|
-
static table = '
|
|
3
|
+
static table = 'oAuthAuthCode';
|
|
4
4
|
static fillable = ['userId', 'clientId', 'scopes', 'revoked', 'expiresAt', 'codeChallenge', 'codeChallengeMethod'];
|
|
5
5
|
/** Parsed scopes array. */
|
|
6
6
|
getScopes() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthCode.js","sourceRoot":"","sources":["../../src/models/AuthCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"AuthCode.js","sourceRoot":"","sources":["../../src/models/AuthCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjC,MAAM,CAAU,KAAK,GAAG,eAAe,CAAA;IAEvC,MAAM,CAAU,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,qBAAqB,CAAC,CAAA;IAS3H,2BAA2B;IAC3B,SAAS;QACP,MAAM,GAAG,GAAI,IAA2C,CAAC,QAAQ,CAAC,CAAA;QAClE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,0CAA0C;IAC1C,SAAS;QACP,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAA;IACzD,CAAC;IAED,6BAA6B;IAC7B,MAAM;QACJ,OAAO,IAAI,CAAC,aAAa,KAAK,IAAI,CAAA;IACpC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DeviceCode.d.ts","sourceRoot":"","sources":["../../src/models/DeviceCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,UAAW,SAAQ,KAAK;IACnC,OAAgB,KAAK,
|
|
1
|
+
{"version":3,"file":"DeviceCode.d.ts","sourceRoot":"","sources":["../../src/models/DeviceCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,UAAW,SAAQ,KAAK;IACnC,OAAgB,KAAK,SAAoB;IAEzC,OAAgB,QAAQ,WAAsG;IAEtH,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,QAAQ,EAAE,OAAO,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,IAAI,CAAA;IACf,YAAY,EAAE,IAAI,GAAG,IAAI,CAAA;IAEjC,2BAA2B;IAC3B,SAAS,IAAI,MAAM,EAAE;IAMrB,4CAA4C;IAC5C,SAAS,IAAI,OAAO;IAIpB,iDAAiD;IACjD,UAAU,IAAI,OAAO;IAIrB,+CAA+C;IAC/C,QAAQ,IAAI,OAAO;IAInB,6CAA6C;IAC7C,SAAS,IAAI,OAAO;CAGrB"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export class DeviceCode extends Model {
|
|
3
|
-
static table = '
|
|
3
|
+
static table = 'oAuthDeviceCode';
|
|
4
4
|
static fillable = ['clientId', 'userCode', 'deviceCode', 'scopes', 'userId', 'approved', 'expiresAt', 'lastPolledAt'];
|
|
5
5
|
/** Parsed scopes array. */
|
|
6
6
|
getScopes() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DeviceCode.js","sourceRoot":"","sources":["../../src/models/DeviceCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,UAAW,SAAQ,KAAK;IACnC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"DeviceCode.js","sourceRoot":"","sources":["../../src/models/DeviceCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,UAAW,SAAQ,KAAK;IACnC,MAAM,CAAU,KAAK,GAAG,iBAAiB,CAAA;IAEzC,MAAM,CAAU,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,CAAC,CAAA;IAU9H,2BAA2B;IAC3B,SAAS;QACP,MAAM,GAAG,GAAI,IAA2C,CAAC,QAAQ,CAAC,CAAA;QAClE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,4CAA4C;IAC5C,SAAS;QACP,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAA;IACzD,CAAC;IAED,iDAAiD;IACjD,UAAU;QACR,OAAO,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAA;IAC/B,CAAC;IAED,+CAA+C;IAC/C,QAAQ;QACN,OAAO,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAA;IAChC,CAAC;IAED,6CAA6C;IAC7C,SAAS;QACP,OAAO,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAA;IAC/B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OAuthClient.d.ts","sourceRoot":"","sources":["../../src/models/OAuthClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAU,MAAM,eAAe,CAAA;AAE7C,qBAAa,WAAY,SAAQ,KAAK;IACpC,OAAgB,KAAK,
|
|
1
|
+
{"version":3,"file":"OAuthClient.d.ts","sourceRoot":"","sources":["../../src/models/OAuthClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAU,MAAM,eAAe,CAAA;AAE7C,qBAAa,WAAY,SAAQ,KAAK;IACpC,OAAgB,KAAK,SAAgB;IAErC,OAAgB,QAAQ,WAA6E;IAG7F,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IAErB,IAAI,EAAE,MAAM,CAAA;IACZ,YAAY,EAAE,OAAO,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAExB,4BAA4B;IAC5B,eAAe,IAAI,MAAM,EAAE;IAM3B,0BAA0B;IAC1B,aAAa,IAAI,MAAM,EAAE;IAMzB,qBAAqB;IACrB,SAAS,IAAI,MAAM,EAAE;IAMrB,sDAAsD;IACtD,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAInC,6DAA6D;IAC7D,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIpC,sEAAsE;IACtE,QAAQ,IAAI,OAAO;CAGpB"}
|
|
@@ -9,7 +9,7 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
};
|
|
10
10
|
import { Model, Hidden } from '@rudderjs/orm';
|
|
11
11
|
export class OAuthClient extends Model {
|
|
12
|
-
static table = '
|
|
12
|
+
static table = 'oAuthClient';
|
|
13
13
|
static fillable = ['name', 'secret', 'redirectUris', 'grantTypes', 'scopes', 'confidential'];
|
|
14
14
|
/** Parsed redirect URIs. */
|
|
15
15
|
getRedirectUris() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OAuthClient.js","sourceRoot":"","sources":["../../src/models/OAuthClient.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAE7C,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"OAuthClient.js","sourceRoot":"","sources":["../../src/models/OAuthClient.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAE7C,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,MAAM,CAAU,KAAK,GAAG,aAAa,CAAA;IAErC,MAAM,CAAU,QAAQ,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,YAAY,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IASrG,4BAA4B;IAC5B,eAAe;QACb,MAAM,GAAG,GAAI,IAA2C,CAAC,cAAc,CAAC,CAAA;QACxE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,0BAA0B;IAC1B,aAAa;QACX,MAAM,GAAG,GAAI,IAA2C,CAAC,YAAY,CAAC,CAAA;QACtE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,qBAAqB;IACrB,SAAS;QACP,MAAM,GAAG,GAAI,IAA2C,CAAC,QAAQ,CAAC,CAAA;QAClE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,sDAAsD;IACtD,YAAY,CAAC,IAAY;QACvB,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,6DAA6D;IAC7D,cAAc,CAAC,GAAW;QACxB,OAAO,IAAI,CAAC,eAAe,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IAC7C,CAAC;IAED,sEAAsE;IACtE,QAAQ;QACN,OAAO,CAAC,IAAI,CAAC,YAAY,CAAA;IAC3B,CAAC;;AAxCO;IADP,MAAM;;2CACsB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RefreshToken.d.ts","sourceRoot":"","sources":["../../src/models/RefreshToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,YAAa,SAAQ,KAAK;IACrC,OAAgB,KAAK,
|
|
1
|
+
{"version":3,"file":"RefreshToken.d.ts","sourceRoot":"","sources":["../../src/models/RefreshToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,YAAa,SAAQ,KAAK;IACrC,OAAgB,KAAK,SAAsB;IAE3C,OAAgB,QAAQ,WAA4C;IAE5D,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,IAAI,CAAA;IAEvB,iCAAiC;IAC3B,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAK7B,sCAAsC;IACtC,SAAS,IAAI,OAAO;CAGrB"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export class RefreshToken extends Model {
|
|
3
|
-
static table = '
|
|
3
|
+
static table = 'oAuthRefreshToken';
|
|
4
4
|
static fillable = ['accessTokenId', 'revoked', 'expiresAt'];
|
|
5
5
|
/** Revoke this refresh token. */
|
|
6
6
|
async revoke() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RefreshToken.js","sourceRoot":"","sources":["../../src/models/RefreshToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,YAAa,SAAQ,KAAK;IACrC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"RefreshToken.js","sourceRoot":"","sources":["../../src/models/RefreshToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,YAAa,SAAQ,KAAK;IACrC,MAAM,CAAU,KAAK,GAAG,mBAAmB,CAAA;IAE3C,MAAM,CAAU,QAAQ,GAAG,CAAC,eAAe,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;IAMpE,iCAAiC;IACjC,KAAK,CAAC,MAAM;QACV,IAAI,CAAC,OAAO,GAAG,IAAI,CAAA;QACnB,MAAO,IAAI,CAAC,WAAmC,CAAC,MAAM,CAAE,IAAY,CAAC,EAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;IAC9G,CAAC;IAED,sCAAsC;IACtC,SAAS;QACP,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAA;IACzD,CAAC"}
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
export interface OAuthClientRecord {
|
|
2
|
+
id: string;
|
|
3
|
+
name: string;
|
|
4
|
+
secret: string | null;
|
|
5
|
+
redirectUris: string;
|
|
6
|
+
grantTypes: string;
|
|
7
|
+
scopes: string;
|
|
8
|
+
confidential: boolean;
|
|
9
|
+
revoked: boolean;
|
|
10
|
+
}
|
|
11
|
+
export interface AccessTokenRecord {
|
|
12
|
+
id: string;
|
|
13
|
+
userId: string | null;
|
|
14
|
+
clientId: string;
|
|
15
|
+
name: string | null;
|
|
16
|
+
scopes: string;
|
|
17
|
+
revoked: boolean;
|
|
18
|
+
expiresAt: Date;
|
|
19
|
+
createdAt: Date;
|
|
20
|
+
}
|
|
21
|
+
export interface RefreshTokenRecord {
|
|
22
|
+
id: string;
|
|
23
|
+
accessTokenId: string;
|
|
24
|
+
revoked: boolean;
|
|
25
|
+
expiresAt: Date;
|
|
26
|
+
}
|
|
27
|
+
export interface AuthCodeRecord {
|
|
28
|
+
id: string;
|
|
29
|
+
userId: string;
|
|
30
|
+
clientId: string;
|
|
31
|
+
scopes: string;
|
|
32
|
+
revoked: boolean;
|
|
33
|
+
expiresAt: Date;
|
|
34
|
+
codeChallenge: string | null;
|
|
35
|
+
codeChallengeMethod: string | null;
|
|
36
|
+
}
|
|
37
|
+
export interface DeviceCodeRecord {
|
|
38
|
+
id: string;
|
|
39
|
+
clientId: string;
|
|
40
|
+
userCode: string;
|
|
41
|
+
deviceCode: string;
|
|
42
|
+
scopes: string;
|
|
43
|
+
userId: string | null;
|
|
44
|
+
approved: boolean | null;
|
|
45
|
+
expiresAt: Date;
|
|
46
|
+
lastPolledAt: Date | null;
|
|
47
|
+
}
|
|
48
|
+
export declare const clientHelpers: {
|
|
49
|
+
getRedirectUris: (c: OAuthClientRecord) => string[];
|
|
50
|
+
getGrantTypes: (c: OAuthClientRecord) => string[];
|
|
51
|
+
getScopes: (c: OAuthClientRecord) => string[];
|
|
52
|
+
hasGrantType: (c: OAuthClientRecord, type: string) => boolean;
|
|
53
|
+
hasRedirectUri: (c: OAuthClientRecord, uri: string) => boolean;
|
|
54
|
+
isPublic: (c: OAuthClientRecord) => boolean;
|
|
55
|
+
};
|
|
56
|
+
export declare const accessTokenHelpers: {
|
|
57
|
+
getScopes: (t: AccessTokenRecord) => string[];
|
|
58
|
+
can: (t: AccessTokenRecord, scope: string) => boolean;
|
|
59
|
+
isExpired: (t: AccessTokenRecord) => boolean;
|
|
60
|
+
isValid: (t: AccessTokenRecord) => boolean;
|
|
61
|
+
};
|
|
62
|
+
export declare const refreshTokenHelpers: {
|
|
63
|
+
isExpired: (t: RefreshTokenRecord) => boolean;
|
|
64
|
+
};
|
|
65
|
+
export declare const authCodeHelpers: {
|
|
66
|
+
getScopes: (c: AuthCodeRecord) => string[];
|
|
67
|
+
isExpired: (c: AuthCodeRecord) => boolean;
|
|
68
|
+
isPkce: (c: AuthCodeRecord) => boolean;
|
|
69
|
+
};
|
|
70
|
+
export declare const deviceCodeHelpers: {
|
|
71
|
+
getScopes: (d: DeviceCodeRecord) => string[];
|
|
72
|
+
isExpired: (d: DeviceCodeRecord) => boolean;
|
|
73
|
+
isApproved: (d: DeviceCodeRecord) => boolean;
|
|
74
|
+
isDenied: (d: DeviceCodeRecord) => boolean;
|
|
75
|
+
isPending: (d: DeviceCodeRecord) => boolean;
|
|
76
|
+
};
|
|
77
|
+
//# sourceMappingURL=helpers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../src/models/helpers.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAY,MAAM,CAAA;IACpB,IAAI,EAAU,MAAM,CAAA;IACpB,MAAM,EAAQ,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAI,MAAM,CAAA;IACpB,MAAM,EAAQ,MAAM,CAAA;IACpB,YAAY,EAAE,OAAO,CAAA;IACrB,OAAO,EAAO,OAAO,CAAA;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAS,MAAM,CAAA;IACjB,MAAM,EAAK,MAAM,GAAG,IAAI,CAAA;IACxB,QAAQ,EAAG,MAAM,CAAA;IACjB,IAAI,EAAO,MAAM,GAAG,IAAI,CAAA;IACxB,MAAM,EAAK,MAAM,CAAA;IACjB,OAAO,EAAI,OAAO,CAAA;IAClB,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,CAAA;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAa,MAAM,CAAA;IACrB,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAQ,OAAO,CAAA;IACtB,SAAS,EAAM,IAAI,CAAA;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAmB,MAAM,CAAA;IAC3B,MAAM,EAAe,MAAM,CAAA;IAC3B,QAAQ,EAAa,MAAM,CAAA;IAC3B,MAAM,EAAe,MAAM,CAAA;IAC3B,OAAO,EAAc,OAAO,CAAA;IAC5B,SAAS,EAAY,IAAI,CAAA;IACzB,aAAa,EAAQ,MAAM,GAAG,IAAI,CAAA;IAClC,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAA;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAY,MAAM,CAAA;IACpB,QAAQ,EAAM,MAAM,CAAA;IACpB,QAAQ,EAAM,MAAM,CAAA;IACpB,UAAU,EAAI,MAAM,CAAA;IACpB,MAAM,EAAQ,MAAM,CAAA;IACpB,MAAM,EAAQ,MAAM,GAAG,IAAI,CAAA;IAC3B,QAAQ,EAAM,OAAO,GAAG,IAAI,CAAA;IAC5B,SAAS,EAAK,IAAI,CAAA;IAClB,YAAY,EAAE,IAAI,GAAG,IAAI,CAAA;CAC1B;AAcD,eAAO,MAAM,aAAa;yBACH,iBAAiB,KAAG,MAAM,EAAE;uBAC5B,iBAAiB,KAAG,MAAM,EAAE;mBAC5B,iBAAiB,KAAG,MAAM,EAAE;sBAE9B,iBAAiB,QAAQ,MAAM,KAAG,OAAO;wBACxC,iBAAiB,OAAO,MAAM,KAAG,OAAO;kBAE9C,iBAAiB,KAAG,OAAO;CAC1C,CAAA;AAID,eAAO,MAAM,kBAAkB;mBACd,iBAAiB,KAAG,MAAM,EAAE;aAElC,iBAAiB,SAAS,MAAM,KAAG,OAAO;mBAKpC,iBAAiB,KAAG,OAAO;iBAC3B,iBAAiB,KAAG,OAAO;CAC3C,CAAA;AAID,eAAO,MAAM,mBAAmB;mBACf,kBAAkB,KAAG,OAAO;CAC5C,CAAA;AAID,eAAO,MAAM,eAAe;mBACX,cAAc,KAAG,MAAM,EAAE;mBACzB,cAAc,KAAG,OAAO;gBACxB,cAAc,KAAG,OAAO;CACxC,CAAA;AAID,eAAO,MAAM,iBAAiB;mBACZ,gBAAgB,KAAG,MAAM,EAAE;mBAC3B,gBAAgB,KAAG,OAAO;oBAC1B,gBAAgB,KAAG,OAAO;kBAC1B,gBAAgB,KAAG,OAAO;mBAC1B,gBAAgB,KAAG,OAAO;CAC3C,CAAA"}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
// Helper functions that operate on raw OAuth records (ORM returns plain objects, not instances).
|
|
2
|
+
// ─── Parsing helpers ──────────────────────────────────────
|
|
3
|
+
function parseJsonArray(raw) {
|
|
4
|
+
if (Array.isArray(raw))
|
|
5
|
+
return raw;
|
|
6
|
+
if (typeof raw === 'string') {
|
|
7
|
+
try {
|
|
8
|
+
return JSON.parse(raw);
|
|
9
|
+
}
|
|
10
|
+
catch {
|
|
11
|
+
return [];
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
return [];
|
|
15
|
+
}
|
|
16
|
+
// ─── OAuthClient helpers ──────────────────────────────────
|
|
17
|
+
export const clientHelpers = {
|
|
18
|
+
getRedirectUris: (c) => parseJsonArray(c.redirectUris),
|
|
19
|
+
getGrantTypes: (c) => parseJsonArray(c.grantTypes),
|
|
20
|
+
getScopes: (c) => parseJsonArray(c.scopes),
|
|
21
|
+
hasGrantType: (c, type) => clientHelpers.getGrantTypes(c).includes(type),
|
|
22
|
+
hasRedirectUri: (c, uri) => clientHelpers.getRedirectUris(c).includes(uri),
|
|
23
|
+
isPublic: (c) => !c.confidential,
|
|
24
|
+
};
|
|
25
|
+
// ─── AccessToken helpers ──────────────────────────────────
|
|
26
|
+
export const accessTokenHelpers = {
|
|
27
|
+
getScopes: (t) => parseJsonArray(t.scopes),
|
|
28
|
+
can: (t, scope) => {
|
|
29
|
+
const scopes = accessTokenHelpers.getScopes(t);
|
|
30
|
+
return scopes.includes('*') || scopes.includes(scope);
|
|
31
|
+
},
|
|
32
|
+
isExpired: (t) => new Date(t.expiresAt).getTime() <= Date.now(),
|
|
33
|
+
isValid: (t) => !t.revoked && !accessTokenHelpers.isExpired(t),
|
|
34
|
+
};
|
|
35
|
+
// ─── RefreshToken helpers ─────────────────────────────────
|
|
36
|
+
export const refreshTokenHelpers = {
|
|
37
|
+
isExpired: (t) => new Date(t.expiresAt).getTime() <= Date.now(),
|
|
38
|
+
};
|
|
39
|
+
// ─── AuthCode helpers ─────────────────────────────────────
|
|
40
|
+
export const authCodeHelpers = {
|
|
41
|
+
getScopes: (c) => parseJsonArray(c.scopes),
|
|
42
|
+
isExpired: (c) => new Date(c.expiresAt).getTime() <= Date.now(),
|
|
43
|
+
isPkce: (c) => c.codeChallenge !== null,
|
|
44
|
+
};
|
|
45
|
+
// ─── DeviceCode helpers ───────────────────────────────────
|
|
46
|
+
export const deviceCodeHelpers = {
|
|
47
|
+
getScopes: (d) => parseJsonArray(d.scopes),
|
|
48
|
+
isExpired: (d) => new Date(d.expiresAt).getTime() <= Date.now(),
|
|
49
|
+
isApproved: (d) => d.approved === true,
|
|
50
|
+
isDenied: (d) => d.approved === false,
|
|
51
|
+
isPending: (d) => d.approved === null,
|
|
52
|
+
};
|
|
53
|
+
//# sourceMappingURL=helpers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../src/models/helpers.ts"],"names":[],"mappings":"AAAA,iGAAiG;AAsDjG,6DAA6D;AAE7D,SAAS,cAAc,CAAC,GAAY;IAClC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAe,CAAA;IAC9C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YAAC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO,EAAE,CAAA;QAAC,CAAC;IAChE,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED,6DAA6D;AAE7D,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,eAAe,EAAE,CAAC,CAAoB,EAAY,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC;IACnF,aAAa,EAAI,CAAC,CAAoB,EAAY,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;IACjF,SAAS,EAAQ,CAAC,CAAoB,EAAY,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;IAE7E,YAAY,EAAG,CAAC,CAAoB,EAAE,IAAY,EAAW,EAAE,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC7G,cAAc,EAAE,CAAC,CAAoB,EAAE,GAAW,EAAW,EAAE,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;IAE9G,QAAQ,EAAE,CAAC,CAAoB,EAAW,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY;CAC7D,CAAA;AAED,6DAA6D;AAE7D,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,SAAS,EAAE,CAAC,CAAoB,EAAY,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;IAEvE,GAAG,EAAE,CAAC,CAAoB,EAAE,KAAa,EAAW,EAAE;QACpD,MAAM,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAC9C,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IACvD,CAAC;IAED,SAAS,EAAE,CAAC,CAAoB,EAAW,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE;IAC3F,OAAO,EAAI,CAAC,CAAoB,EAAW,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAC;CAC7F,CAAA;AAED,6DAA6D;AAE7D,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,SAAS,EAAE,CAAC,CAAqB,EAAW,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE;CAC7F,CAAA;AAED,6DAA6D;AAE7D,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,SAAS,EAAE,CAAC,CAAiB,EAAY,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;IACpE,SAAS,EAAE,CAAC,CAAiB,EAAW,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE;IACxF,MAAM,EAAK,CAAC,CAAiB,EAAW,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,IAAI;CACpE,CAAA;AAED,6DAA6D;AAE7D,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,SAAS,EAAG,CAAC,CAAmB,EAAY,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;IACvE,SAAS,EAAG,CAAC,CAAmB,EAAW,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE;IAC3F,UAAU,EAAE,CAAC,CAAmB,EAAW,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,IAAI;IACjE,QAAQ,EAAI,CAAC,CAAmB,EAAW,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK;IAClE,SAAS,EAAG,CAAC,CAAmB,EAAW,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,IAAI;CAClE,CAAA"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { AccessToken } from './models/AccessToken.js';
|
|
2
|
+
export interface NewPersonalAccessToken {
|
|
3
|
+
/** The persisted token record. */
|
|
4
|
+
token: AccessToken;
|
|
5
|
+
/** The plain-text JWT — shown once, never stored. */
|
|
6
|
+
plainTextToken: string;
|
|
7
|
+
}
|
|
8
|
+
/**
|
|
9
|
+
* Mixin that adds personal access token methods to a user model.
|
|
10
|
+
*
|
|
11
|
+
* @example
|
|
12
|
+
* import { Model } from '@rudderjs/orm'
|
|
13
|
+
* import { HasApiTokens } from '@rudderjs/passport'
|
|
14
|
+
*
|
|
15
|
+
* class User extends HasApiTokens(Model) {
|
|
16
|
+
* // ...
|
|
17
|
+
* }
|
|
18
|
+
*
|
|
19
|
+
* const { plainTextToken } = await user.createToken('my-app', ['read', 'write'])
|
|
20
|
+
*/
|
|
21
|
+
export declare function HasApiTokens<T extends new (...args: any[]) => any>(Base: T): {
|
|
22
|
+
new (...args: any[]): {
|
|
23
|
+
[x: string]: any;
|
|
24
|
+
/**
|
|
25
|
+
* Create a personal access token for this user.
|
|
26
|
+
* Returns the JWT (shown once) and the persisted record.
|
|
27
|
+
*/
|
|
28
|
+
createToken(name: string, scopes?: string[], expiresInMs?: number): Promise<NewPersonalAccessToken>;
|
|
29
|
+
/** Get all personal access tokens for this user. */
|
|
30
|
+
tokens(): Promise<AccessToken[]>;
|
|
31
|
+
/** Revoke all personal access tokens for this user. */
|
|
32
|
+
revokeAllTokens(): Promise<number>;
|
|
33
|
+
/**
|
|
34
|
+
* Check if this user's current token has a specific scope.
|
|
35
|
+
* Only works inside a request that went through BearerMiddleware.
|
|
36
|
+
*/
|
|
37
|
+
tokenCan(scope: string): boolean;
|
|
38
|
+
};
|
|
39
|
+
} & T;
|
|
40
|
+
/** @internal — reset cached client ID (for testing). */
|
|
41
|
+
export declare function resetPersonalAccessClient(): void;
|
|
42
|
+
//# sourceMappingURL=personal-access-tokens.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"personal-access-tokens.d.ts","sourceRoot":"","sources":["../src/personal-access-tokens.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAMrD,MAAM,WAAW,sBAAsB;IACrC,kCAAkC;IAClC,KAAK,EAAE,WAAW,CAAA;IAClB,qDAAqD;IACrD,cAAc,EAAE,MAAM,CAAA;CACvB;AAID;;;;;;;;;;;;GAYG;AACH,wBAAgB,YAAY,CAAC,CAAC,SAAS,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,EAAE,IAAI,EAAE,CAAC;kBAAtB,GAAG,EAAE;;QAEtD;;;WAGG;0BACqB,MAAM,WAAU,MAAM,EAAE,gBAAwB,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;QA8BhH,oDAAoD;kBACpC,OAAO,CAAC,WAAW,EAAE,CAAC;QAKtC,uDAAuD;2BAC9B,OAAO,CAAC,MAAM,CAAC;QAQxC;;;WAGG;wBACa,MAAM,GAAG,OAAO;;MAMnC;AAoCD,wDAAwD;AACxD,wBAAgB,yBAAyB,IAAI,IAAI,CAEhD"}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
import { Passport } from './Passport.js';
|
|
2
|
+
import { AccessToken } from './models/AccessToken.js';
|
|
3
|
+
import { accessTokenHelpers } from './models/helpers.js';
|
|
4
|
+
import { createToken } from './token.js';
|
|
5
|
+
// ─── HasApiTokens Mixin ──────────────────────────────────
|
|
6
|
+
/**
|
|
7
|
+
* Mixin that adds personal access token methods to a user model.
|
|
8
|
+
*
|
|
9
|
+
* @example
|
|
10
|
+
* import { Model } from '@rudderjs/orm'
|
|
11
|
+
* import { HasApiTokens } from '@rudderjs/passport'
|
|
12
|
+
*
|
|
13
|
+
* class User extends HasApiTokens(Model) {
|
|
14
|
+
* // ...
|
|
15
|
+
* }
|
|
16
|
+
*
|
|
17
|
+
* const { plainTextToken } = await user.createToken('my-app', ['read', 'write'])
|
|
18
|
+
*/
|
|
19
|
+
export function HasApiTokens(Base) {
|
|
20
|
+
return class extends Base {
|
|
21
|
+
/**
|
|
22
|
+
* Create a personal access token for this user.
|
|
23
|
+
* Returns the JWT (shown once) and the persisted record.
|
|
24
|
+
*/
|
|
25
|
+
async createToken(name, scopes = ['*'], expiresInMs) {
|
|
26
|
+
const userId = this.id;
|
|
27
|
+
const lifetime = expiresInMs ?? Passport.personalTokenLifetime();
|
|
28
|
+
const expiresAt = new Date(Date.now() + lifetime);
|
|
29
|
+
// Find or use a dedicated "personal access" client
|
|
30
|
+
const clientId = await getPersonalAccessClientId();
|
|
31
|
+
const tokenRecord = await AccessToken.create({
|
|
32
|
+
userId,
|
|
33
|
+
clientId,
|
|
34
|
+
name,
|
|
35
|
+
scopes: JSON.stringify(scopes),
|
|
36
|
+
revoked: false,
|
|
37
|
+
expiresAt,
|
|
38
|
+
});
|
|
39
|
+
const tokenId = tokenRecord.id;
|
|
40
|
+
const jwt = await createToken({
|
|
41
|
+
tokenId,
|
|
42
|
+
userId,
|
|
43
|
+
clientId,
|
|
44
|
+
scopes,
|
|
45
|
+
expiresAt,
|
|
46
|
+
});
|
|
47
|
+
return { token: tokenRecord, plainTextToken: jwt };
|
|
48
|
+
}
|
|
49
|
+
/** Get all personal access tokens for this user. */
|
|
50
|
+
async tokens() {
|
|
51
|
+
const userId = this.id;
|
|
52
|
+
return AccessToken.where('userId', userId).get();
|
|
53
|
+
}
|
|
54
|
+
/** Revoke all personal access tokens for this user. */
|
|
55
|
+
async revokeAllTokens() {
|
|
56
|
+
const tokens = await this.tokens();
|
|
57
|
+
for (const t of tokens) {
|
|
58
|
+
await AccessToken.update(t.id, { revoked: true });
|
|
59
|
+
}
|
|
60
|
+
return tokens.length;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Check if this user's current token has a specific scope.
|
|
64
|
+
* Only works inside a request that went through BearerMiddleware.
|
|
65
|
+
*/
|
|
66
|
+
tokenCan(scope) {
|
|
67
|
+
const token = this.__currentToken;
|
|
68
|
+
if (!token)
|
|
69
|
+
return false;
|
|
70
|
+
return accessTokenHelpers.can(token, scope);
|
|
71
|
+
}
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
// ─── Personal Access Client ───────────────────────────────
|
|
75
|
+
let _personalClientId = null;
|
|
76
|
+
/**
|
|
77
|
+
* Get (or create) the internal "Personal Access" OAuth client.
|
|
78
|
+
* This is a non-confidential client used solely for personal access tokens.
|
|
79
|
+
*/
|
|
80
|
+
async function getPersonalAccessClientId() {
|
|
81
|
+
if (_personalClientId)
|
|
82
|
+
return _personalClientId;
|
|
83
|
+
const { OAuthClient } = await import('./models/OAuthClient.js');
|
|
84
|
+
// Look for existing personal access client
|
|
85
|
+
const existing = await OAuthClient.where('name', '__personal_access__').first();
|
|
86
|
+
if (existing) {
|
|
87
|
+
_personalClientId = existing.id;
|
|
88
|
+
return _personalClientId;
|
|
89
|
+
}
|
|
90
|
+
// Create one
|
|
91
|
+
const client = await OAuthClient.create({
|
|
92
|
+
name: '__personal_access__',
|
|
93
|
+
secret: null,
|
|
94
|
+
redirectUris: JSON.stringify([]),
|
|
95
|
+
grantTypes: JSON.stringify(['personal_access']),
|
|
96
|
+
scopes: JSON.stringify([]),
|
|
97
|
+
confidential: false,
|
|
98
|
+
});
|
|
99
|
+
_personalClientId = client.id;
|
|
100
|
+
return _personalClientId;
|
|
101
|
+
}
|
|
102
|
+
/** @internal — reset cached client ID (for testing). */
|
|
103
|
+
export function resetPersonalAccessClient() {
|
|
104
|
+
_personalClientId = null;
|
|
105
|
+
}
|
|
106
|
+
//# sourceMappingURL=personal-access-tokens.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"personal-access-tokens.js","sourceRoot":"","sources":["../src/personal-access-tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAA;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAWxC,4DAA4D;AAE5D;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,YAAY,CAAwC,IAAO;IACzE,OAAO,KAAM,SAAQ,IAAI;QACvB;;;WAGG;QACH,KAAK,CAAC,WAAW,CAAC,IAAY,EAAE,SAAmB,CAAC,GAAG,CAAC,EAAE,WAAoB;YAC5E,MAAM,MAAM,GAAI,IAAY,CAAC,EAAY,CAAA;YACzC,MAAM,QAAQ,GAAG,WAAW,IAAI,QAAQ,CAAC,qBAAqB,EAAE,CAAA;YAChE,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAA;YAEjD,mDAAmD;YACnD,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAA;YAElD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;gBAC3C,MAAM;gBACN,QAAQ;gBACR,IAAI;gBACJ,MAAM,EAAK,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;gBACjC,OAAO,EAAI,KAAK;gBAChB,SAAS;aACiB,CAAgB,CAAA;YAE5C,MAAM,OAAO,GAAI,WAAmB,CAAC,EAAY,CAAA;YAEjD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC;gBAC5B,OAAO;gBACP,MAAM;gBACN,QAAQ;gBACR,MAAM;gBACN,SAAS;aACV,CAAC,CAAA;YAEF,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,EAAE,CAAA;QACpD,CAAC;QAED,oDAAoD;QACpD,KAAK,CAAC,MAAM;YACV,MAAM,MAAM,GAAI,IAAY,CAAC,EAAY,CAAA;YACzC,OAAO,WAAW,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,GAAG,EAA4B,CAAA;QAC5E,CAAC;QAED,uDAAuD;QACvD,KAAK,CAAC,eAAe;YACnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;YAClC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvB,MAAM,WAAW,CAAC,MAAM,CAAE,CAAS,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;YACnE,CAAC;YACD,OAAO,MAAM,CAAC,MAAM,CAAA;QACtB,CAAC;QAED;;;WAGG;QACH,QAAQ,CAAC,KAAa;YACpB,MAAM,KAAK,GAAI,IAAY,CAAC,cAAyC,CAAA;YACrE,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAA;YACxB,OAAO,kBAAkB,CAAC,GAAG,CAAC,KAAY,EAAE,KAAK,CAAC,CAAA;QACpD,CAAC;KACF,CAAA;AACH,CAAC;AAED,6DAA6D;AAE7D,IAAI,iBAAiB,GAAkB,IAAI,CAAA;AAE3C;;;GAGG;AACH,KAAK,UAAU,yBAAyB;IACtC,IAAI,iBAAiB;QAAE,OAAO,iBAAiB,CAAA;IAE/C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAA;IAE/D,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC,KAAK,EAA0D,CAAA;IACvI,IAAI,QAAQ,EAAE,CAAC;QACb,iBAAiB,GAAI,QAAgB,CAAC,EAAY,CAAA;QAClD,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IAED,aAAa;IACb,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;QACtC,IAAI,EAAU,qBAAqB;QACnC,MAAM,EAAQ,IAAI;QAClB,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,UAAU,EAAI,IAAI,CAAC,SAAS,CAAC,CAAC,iBAAiB,CAAC,CAAC;QACjD,MAAM,EAAQ,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,YAAY,EAAE,KAAK;KACO,CAAkD,CAAA;IAE9E,iBAAiB,GAAI,MAAc,CAAC,EAAY,CAAA;IAChD,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,yBAAyB;IACvC,iBAAiB,GAAG,IAAI,CAAA;AAC1B,CAAC"}
|
package/dist/routes.d.ts
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
type RouteHandler = (req: any, res: any) => Promise<void>;
|
|
2
|
+
interface Router {
|
|
3
|
+
get(path: string, handler: RouteHandler, ...middleware: any[]): void;
|
|
4
|
+
post(path: string, handler: RouteHandler, ...middleware: any[]): void;
|
|
5
|
+
delete(path: string, handler: RouteHandler, ...middleware: any[]): void;
|
|
6
|
+
}
|
|
7
|
+
export interface PassportRouteOptions {
|
|
8
|
+
/** Base path for OAuth routes (default: '/oauth') */
|
|
9
|
+
prefix?: string;
|
|
10
|
+
/** Verification URI for device auth (default: '{origin}/oauth/device') */
|
|
11
|
+
verificationUri?: string;
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Register all Passport OAuth routes on the given router.
|
|
15
|
+
*
|
|
16
|
+
* @example
|
|
17
|
+
* import { registerPassportRoutes } from '@rudderjs/passport/routes'
|
|
18
|
+
* registerPassportRoutes(router)
|
|
19
|
+
*/
|
|
20
|
+
export declare function registerPassportRoutes(router: Router, opts?: PassportRouteOptions): void;
|
|
21
|
+
export {};
|
|
22
|
+
//# sourceMappingURL=routes.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAcA,KAAK,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;AAEzD,UAAU,MAAM;IACd,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,UAAU,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;IACpE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,UAAU,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;IACrE,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,UAAU,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;CACxE;AAED,MAAM,WAAW,oBAAoB;IACnC,qDAAqD;IACrD,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,0EAA0E;IAC1E,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,GAAE,oBAAyB,GAAG,IAAI,CAkN5F"}
|