@rudderjs/passport 0.0.4 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/Passport.d.ts +48 -0
- package/dist/Passport.d.ts.map +1 -1
- package/dist/Passport.js +71 -1
- package/dist/Passport.js.map +1 -1
- package/dist/commands/client.d.ts +1 -1
- package/dist/commands/client.d.ts.map +1 -1
- package/dist/commands/client.js +3 -2
- package/dist/commands/client.js.map +1 -1
- package/dist/commands/purge.d.ts.map +1 -1
- package/dist/commands/purge.js +13 -12
- package/dist/commands/purge.js.map +1 -1
- package/dist/grants/authorization-code.d.ts +1 -1
- package/dist/grants/authorization-code.d.ts.map +1 -1
- package/dist/grants/authorization-code.js +10 -7
- package/dist/grants/authorization-code.js.map +1 -1
- package/dist/grants/client-credentials.d.ts.map +1 -1
- package/dist/grants/client-credentials.js +3 -2
- package/dist/grants/client-credentials.js.map +1 -1
- package/dist/grants/device-code.d.ts.map +1 -1
- package/dist/grants/device-code.js +12 -9
- package/dist/grants/device-code.js.map +1 -1
- package/dist/grants/issue-tokens.d.ts.map +1 -1
- package/dist/grants/issue-tokens.js +4 -4
- package/dist/grants/issue-tokens.js.map +1 -1
- package/dist/grants/refresh-token.d.ts.map +1 -1
- package/dist/grants/refresh-token.js +9 -8
- package/dist/grants/refresh-token.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/middleware/bearer.d.ts.map +1 -1
- package/dist/middleware/bearer.js +5 -3
- package/dist/middleware/bearer.js.map +1 -1
- package/dist/personal-access-tokens.d.ts +8 -20
- package/dist/personal-access-tokens.d.ts.map +1 -1
- package/dist/personal-access-tokens.js +12 -23
- package/dist/personal-access-tokens.js.map +1 -1
- package/dist/routes.d.ts +13 -2
- package/dist/routes.d.ts.map +1 -1
- package/dist/routes.js +221 -186
- package/dist/routes.js.map +1 -1
- package/package.json +4 -4
package/dist/Passport.d.ts
CHANGED
|
@@ -1,7 +1,25 @@
|
|
|
1
|
+
import type { OAuthClient } from './models/OAuthClient.js';
|
|
2
|
+
import type { AccessToken } from './models/AccessToken.js';
|
|
3
|
+
import type { RefreshToken } from './models/RefreshToken.js';
|
|
4
|
+
import type { AuthCode } from './models/AuthCode.js';
|
|
5
|
+
import type { DeviceCode } from './models/DeviceCode.js';
|
|
1
6
|
export interface PassportScope {
|
|
2
7
|
id: string;
|
|
3
8
|
description: string;
|
|
4
9
|
}
|
|
10
|
+
export interface AuthorizationViewContext {
|
|
11
|
+
client: {
|
|
12
|
+
id: string;
|
|
13
|
+
name: string;
|
|
14
|
+
};
|
|
15
|
+
scopes: string[];
|
|
16
|
+
redirectUri: string;
|
|
17
|
+
state?: string;
|
|
18
|
+
codeChallenge?: string;
|
|
19
|
+
codeChallengeMethod?: string;
|
|
20
|
+
request: unknown;
|
|
21
|
+
}
|
|
22
|
+
export type AuthorizationViewFn = (ctx: AuthorizationViewContext) => unknown | Promise<unknown>;
|
|
5
23
|
export declare class Passport {
|
|
6
24
|
private static _scopes;
|
|
7
25
|
private static _tokenLifetime;
|
|
@@ -10,6 +28,13 @@ export declare class Passport {
|
|
|
10
28
|
private static _keyPath;
|
|
11
29
|
private static _privateKey;
|
|
12
30
|
private static _publicKey;
|
|
31
|
+
private static _clientModel;
|
|
32
|
+
private static _tokenModel;
|
|
33
|
+
private static _refreshTokenModel;
|
|
34
|
+
private static _authCodeModel;
|
|
35
|
+
private static _deviceCodeModel;
|
|
36
|
+
private static _authorizationView;
|
|
37
|
+
private static _routesIgnored;
|
|
13
38
|
/** Define available OAuth scopes. */
|
|
14
39
|
static tokensCan(scopes: Record<string, string>): void;
|
|
15
40
|
/** Check if a scope is defined. */
|
|
@@ -35,6 +60,29 @@ export declare class Passport {
|
|
|
35
60
|
privateKey: string;
|
|
36
61
|
publicKey: string;
|
|
37
62
|
}>;
|
|
63
|
+
static useClientModel(cls: typeof OAuthClient): void;
|
|
64
|
+
static useTokenModel(cls: typeof AccessToken): void;
|
|
65
|
+
static useRefreshTokenModel(cls: typeof RefreshToken): void;
|
|
66
|
+
static useAuthCodeModel(cls: typeof AuthCode): void;
|
|
67
|
+
static useDeviceCodeModel(cls: typeof DeviceCode): void;
|
|
68
|
+
static clientModel(): Promise<typeof OAuthClient>;
|
|
69
|
+
static tokenModel(): Promise<typeof AccessToken>;
|
|
70
|
+
static refreshTokenModel(): Promise<typeof RefreshToken>;
|
|
71
|
+
static authCodeModel(): Promise<typeof AuthCode>;
|
|
72
|
+
static deviceCodeModel(): Promise<typeof DeviceCode>;
|
|
73
|
+
/**
|
|
74
|
+
* Register a custom consent screen renderer for GET /oauth/authorize.
|
|
75
|
+
* Return a ViewResponse (from @rudderjs/view) or any value the router accepts.
|
|
76
|
+
* When unset, GET /oauth/authorize returns JSON with the validated request.
|
|
77
|
+
*/
|
|
78
|
+
static authorizationView(fn: AuthorizationViewFn): void;
|
|
79
|
+
static authorizationViewFn(): AuthorizationViewFn | null;
|
|
80
|
+
/**
|
|
81
|
+
* Disable route registration. When set, registerPassportRoutes() is a no-op,
|
|
82
|
+
* letting the application wire OAuth routes manually.
|
|
83
|
+
*/
|
|
84
|
+
static ignoreRoutes(): void;
|
|
85
|
+
static routesIgnored(): boolean;
|
|
38
86
|
/** @internal */
|
|
39
87
|
static reset(): void;
|
|
40
88
|
}
|
package/dist/Passport.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Passport.d.ts","sourceRoot":"","sources":["../src/Passport.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"Passport.d.ts","sourceRoot":"","sources":["../src/Passport.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAO,yBAAyB,CAAA;AAC3D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAO,yBAAyB,CAAA;AAC3D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAC5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAU,sBAAsB,CAAA;AACxD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAQ,wBAAwB,CAAA;AAI1D,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAW,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAA;IACpC,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;CACjB;AAED,MAAM,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE,wBAAwB,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;AAE/F,qBAAa,QAAQ;IACnB,OAAO,CAAC,MAAM,CAAC,OAAO,CAA4B;IAClD,OAAO,CAAC,MAAM,CAAC,cAAc,CAAiC;IAC9D,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAA2B;IAC/D,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAA+B;IACpE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAY;IACnC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAsB;IAChD,OAAO,CAAC,MAAM,CAAC,UAAU,CAAsB;IAG/C,OAAO,CAAC,MAAM,CAAC,YAAY,CAAyC;IACpE,OAAO,CAAC,MAAM,CAAC,WAAW,CAA0C;IACpE,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAmC;IACpE,OAAO,CAAC,MAAM,CAAC,cAAc,CAAuC;IACpE,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAqC;IAGpE,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAmC;IAGpE,OAAO,CAAC,MAAM,CAAC,cAAc,CAAQ;IAIrC,qCAAqC;IACrC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAMtD,mCAAmC;IACnC,MAAM,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAIpC,8BAA8B;IAC9B,MAAM,CAAC,MAAM,IAAI,aAAa,EAAE;IAIhC,+DAA+D;IAC/D,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;IAMjD,MAAM,CAAC,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IACvC,MAAM,CAAC,qBAAqB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAC9C,MAAM,CAAC,4BAA4B,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAErD,MAAM,CAAC,aAAa,IAAI,MAAM;IAC9B,MAAM,CAAC,oBAAoB,IAAI,MAAM;IACrC,MAAM,CAAC,qBAAqB,IAAI,MAAM;IAItC,mDAAmD;IACnD,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAEvC,mCAAmC;IACnC,MAAM,CAAC,OAAO,IAAI,MAAM;IAExB,sDAAsD;IACtD,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAK3D,sEAAsE;WACzD,IAAI,IAAI,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IA0BvE,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,WAAW,GAAU,IAAI;IAC3D,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,OAAO,WAAW,GAAW,IAAI;IAC3D,MAAM,CAAC,oBAAoB,CAAC,GAAG,EAAE,OAAO,YAAY,GAAG,IAAI;IAC3D,MAAM,CAAC,gBAAgB,CAAC,GAAG,EAAE,OAAO,QAAQ,GAAW,IAAI;IAC3D,MAAM,CAAC,kBAAkB,CAAC,GAAG,EAAE,OAAO,UAAU,GAAO,IAAI;WAE9C,WAAW,IAAI,OAAO,CAAC,OAAO,WAAW,CAAC;WAI1C,UAAU,IAAI,OAAO,CAAC,OAAO,WAAW,CAAC;WAIzC,iBAAiB,IAAI,OAAO,CAAC,OAAO,YAAY,CAAC;WAIjD,aAAa,IAAI,OAAO,CAAC,OAAO,QAAQ,CAAC;WAIzC,eAAe,IAAI,OAAO,CAAC,OAAO,UAAU,CAAC;IAO1D;;;;OAIG;IACH,MAAM,CAAC,iBAAiB,CAAC,EAAE,EAAE,mBAAmB,GAAG,IAAI;IAIvD,MAAM,CAAC,mBAAmB,IAAI,mBAAmB,GAAG,IAAI;IAMxD;;;OAGG;IACH,MAAM,CAAC,YAAY,IAAI,IAAI;IAI3B,MAAM,CAAC,aAAa,IAAI,OAAO;IAM/B,gBAAgB;IAChB,MAAM,CAAC,KAAK,IAAI,IAAI;CAgBrB"}
|
package/dist/Passport.js
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
// ─── Passport Configuration Singleton ─────────────────────
|
|
2
1
|
export class Passport {
|
|
3
2
|
static _scopes = new Map();
|
|
4
3
|
static _tokenLifetime = 15 * 24 * 60 * 60 * 1000; // 15 days
|
|
@@ -7,6 +6,16 @@ export class Passport {
|
|
|
7
6
|
static _keyPath = 'storage';
|
|
8
7
|
static _privateKey = null;
|
|
9
8
|
static _publicKey = null;
|
|
9
|
+
// Custom model overrides (lazy — resolved at use-site so the defaults aren't eagerly loaded).
|
|
10
|
+
static _clientModel = null;
|
|
11
|
+
static _tokenModel = null;
|
|
12
|
+
static _refreshTokenModel = null;
|
|
13
|
+
static _authCodeModel = null;
|
|
14
|
+
static _deviceCodeModel = null;
|
|
15
|
+
// Consent screen hook
|
|
16
|
+
static _authorizationView = null;
|
|
17
|
+
// Route auto-registration toggle
|
|
18
|
+
static _routesIgnored = false;
|
|
10
19
|
// ── Scopes ──────────────────────────────────────────────
|
|
11
20
|
/** Define available OAuth scopes. */
|
|
12
21
|
static tokensCan(scopes) {
|
|
@@ -62,6 +71,60 @@ export class Passport {
|
|
|
62
71
|
this._publicKey = publicKey;
|
|
63
72
|
return { privateKey, publicKey };
|
|
64
73
|
}
|
|
74
|
+
// ── Custom Models ───────────────────────────────────────
|
|
75
|
+
static useClientModel(cls) { this._clientModel = cls; }
|
|
76
|
+
static useTokenModel(cls) { this._tokenModel = cls; }
|
|
77
|
+
static useRefreshTokenModel(cls) { this._refreshTokenModel = cls; }
|
|
78
|
+
static useAuthCodeModel(cls) { this._authCodeModel = cls; }
|
|
79
|
+
static useDeviceCodeModel(cls) { this._deviceCodeModel = cls; }
|
|
80
|
+
static async clientModel() {
|
|
81
|
+
if (this._clientModel)
|
|
82
|
+
return this._clientModel;
|
|
83
|
+
return (await import('./models/OAuthClient.js')).OAuthClient;
|
|
84
|
+
}
|
|
85
|
+
static async tokenModel() {
|
|
86
|
+
if (this._tokenModel)
|
|
87
|
+
return this._tokenModel;
|
|
88
|
+
return (await import('./models/AccessToken.js')).AccessToken;
|
|
89
|
+
}
|
|
90
|
+
static async refreshTokenModel() {
|
|
91
|
+
if (this._refreshTokenModel)
|
|
92
|
+
return this._refreshTokenModel;
|
|
93
|
+
return (await import('./models/RefreshToken.js')).RefreshToken;
|
|
94
|
+
}
|
|
95
|
+
static async authCodeModel() {
|
|
96
|
+
if (this._authCodeModel)
|
|
97
|
+
return this._authCodeModel;
|
|
98
|
+
return (await import('./models/AuthCode.js')).AuthCode;
|
|
99
|
+
}
|
|
100
|
+
static async deviceCodeModel() {
|
|
101
|
+
if (this._deviceCodeModel)
|
|
102
|
+
return this._deviceCodeModel;
|
|
103
|
+
return (await import('./models/DeviceCode.js')).DeviceCode;
|
|
104
|
+
}
|
|
105
|
+
// ── Consent screen hook ─────────────────────────────────
|
|
106
|
+
/**
|
|
107
|
+
* Register a custom consent screen renderer for GET /oauth/authorize.
|
|
108
|
+
* Return a ViewResponse (from @rudderjs/view) or any value the router accepts.
|
|
109
|
+
* When unset, GET /oauth/authorize returns JSON with the validated request.
|
|
110
|
+
*/
|
|
111
|
+
static authorizationView(fn) {
|
|
112
|
+
this._authorizationView = fn;
|
|
113
|
+
}
|
|
114
|
+
static authorizationViewFn() {
|
|
115
|
+
return this._authorizationView;
|
|
116
|
+
}
|
|
117
|
+
// ── Route auto-registration toggle ──────────────────────
|
|
118
|
+
/**
|
|
119
|
+
* Disable route registration. When set, registerPassportRoutes() is a no-op,
|
|
120
|
+
* letting the application wire OAuth routes manually.
|
|
121
|
+
*/
|
|
122
|
+
static ignoreRoutes() {
|
|
123
|
+
this._routesIgnored = true;
|
|
124
|
+
}
|
|
125
|
+
static routesIgnored() {
|
|
126
|
+
return this._routesIgnored;
|
|
127
|
+
}
|
|
65
128
|
// ── Reset (testing) ─────────────────────────────────────
|
|
66
129
|
/** @internal */
|
|
67
130
|
static reset() {
|
|
@@ -72,6 +135,13 @@ export class Passport {
|
|
|
72
135
|
this._keyPath = 'storage';
|
|
73
136
|
this._privateKey = null;
|
|
74
137
|
this._publicKey = null;
|
|
138
|
+
this._clientModel = null;
|
|
139
|
+
this._tokenModel = null;
|
|
140
|
+
this._refreshTokenModel = null;
|
|
141
|
+
this._authCodeModel = null;
|
|
142
|
+
this._deviceCodeModel = null;
|
|
143
|
+
this._authorizationView = null;
|
|
144
|
+
this._routesIgnored = false;
|
|
75
145
|
}
|
|
76
146
|
}
|
|
77
147
|
//# sourceMappingURL=Passport.js.map
|
package/dist/Passport.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Passport.js","sourceRoot":"","sources":["../src/Passport.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"Passport.js","sourceRoot":"","sources":["../src/Passport.ts"],"names":[],"mappings":"AAyBA,MAAM,OAAO,QAAQ;IACX,MAAM,CAAC,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAA;IAC1C,MAAM,CAAC,cAAc,GAAS,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAG,UAAU;IACnE,MAAM,CAAC,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAE,UAAU;IACnE,MAAM,CAAC,sBAAsB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,YAAY;IACzE,MAAM,CAAC,QAAQ,GAAG,SAAS,CAAA;IAC3B,MAAM,CAAC,WAAW,GAAkB,IAAI,CAAA;IACxC,MAAM,CAAC,UAAU,GAAkB,IAAI,CAAA;IAE/C,8FAA8F;IACtF,MAAM,CAAC,YAAY,GAAqC,IAAI,CAAA;IAC5D,MAAM,CAAC,WAAW,GAAsC,IAAI,CAAA;IAC5D,MAAM,CAAC,kBAAkB,GAA+B,IAAI,CAAA;IAC5D,MAAM,CAAC,cAAc,GAAmC,IAAI,CAAA;IAC5D,MAAM,CAAC,gBAAgB,GAAiC,IAAI,CAAA;IAEpE,sBAAsB;IACd,MAAM,CAAC,kBAAkB,GAA+B,IAAI,CAAA;IAEpE,iCAAiC;IACzB,MAAM,CAAC,cAAc,GAAG,KAAK,CAAA;IAErC,2DAA2D;IAE3D,qCAAqC;IACrC,MAAM,CAAC,SAAS,CAAC,MAA8B;QAC7C,KAAK,MAAM,CAAC,EAAE,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,WAAW,CAAC,CAAA;QACnC,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,MAAM,CAAC,QAAQ,CAAC,EAAU;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC7B,CAAC;IAED,8BAA8B;IAC9B,MAAM,CAAC,MAAM;QACX,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC,CAAA;IACtF,CAAC;IAED,+DAA+D;IAC/D,MAAM,CAAC,WAAW,CAAC,SAAmB;QACpC,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAA;IAChE,CAAC;IAED,2DAA2D;IAE3D,MAAM,CAAC,cAAc,CAAC,EAAU,IAAU,IAAI,CAAC,cAAc,GAAG,EAAE,CAAA,CAAC,CAAC;IACpE,MAAM,CAAC,qBAAqB,CAAC,EAAU,IAAU,IAAI,CAAC,qBAAqB,GAAG,EAAE,CAAA,CAAC,CAAC;IAClF,MAAM,CAAC,4BAA4B,CAAC,EAAU,IAAU,IAAI,CAAC,sBAAsB,GAAG,EAAE,CAAA,CAAC,CAAC;IAE1F,MAAM,CAAC,aAAa,KAAa,OAAO,IAAI,CAAC,cAAc,CAAA,CAAC,CAAC;IAC7D,MAAM,CAAC,oBAAoB,KAAa,OAAO,IAAI,CAAC,qBAAqB,CAAA,CAAC,CAAC;IAC3E,MAAM,CAAC,qBAAqB,KAAa,OAAO,IAAI,CAAC,sBAAsB,CAAA,CAAC,CAAC;IAE7E,2DAA2D;IAE3D,mDAAmD;IACnD,MAAM,CAAC,YAAY,CAAC,IAAY,IAAU,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAA,CAAC,CAAC;IAEhE,mCAAmC;IACnC,MAAM,CAAC,OAAO,KAAa,OAAO,IAAI,CAAC,QAAQ,CAAA,CAAC,CAAC;IAEjD,sDAAsD;IACtD,MAAM,CAAC,OAAO,CAAC,UAAkB,EAAE,SAAiB;QAClD,IAAI,CAAC,WAAW,GAAG,UAAU,CAAA;QAC7B,IAAI,CAAC,UAAU,GAAG,SAAS,CAAA;IAC7B,CAAC;IAED,sEAAsE;IACtE,MAAM,CAAC,KAAK,CAAC,IAAI;QACf,6CAA6C;QAC7C,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,CAAA;QACrE,CAAC;QAED,uBAAuB;QACvB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAA;QACrD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAA;QAE1C,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAA;QAC3E,MAAM,UAAU,GAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAA;QAE1E,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAChD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;YAC7B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;SAC7B,CAAC,CAAA;QAEF,IAAI,CAAC,WAAW,GAAG,UAAU,CAAA;QAC7B,IAAI,CAAC,UAAU,GAAG,SAAS,CAAA;QAE3B,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAA;IAClC,CAAC;IAED,2DAA2D;IAE3D,MAAM,CAAC,cAAc,CAAC,GAAuB,IAAiB,IAAI,CAAC,YAAY,GAAG,GAAG,CAAA,CAAC,CAAC;IACvF,MAAM,CAAC,aAAa,CAAC,GAAuB,IAAkB,IAAI,CAAC,WAAW,GAAG,GAAG,CAAA,CAAC,CAAC;IACtF,MAAM,CAAC,oBAAoB,CAAC,GAAwB,IAAU,IAAI,CAAC,kBAAkB,GAAG,GAAG,CAAA,CAAC,CAAC;IAC7F,MAAM,CAAC,gBAAgB,CAAC,GAAoB,IAAkB,IAAI,CAAC,cAAc,GAAG,GAAG,CAAA,CAAC,CAAC;IACzF,MAAM,CAAC,kBAAkB,CAAC,GAAsB,IAAc,IAAI,CAAC,gBAAgB,GAAG,GAAG,CAAA,CAAC,CAAC;IAE3F,MAAM,CAAC,KAAK,CAAC,WAAW;QACtB,IAAI,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC,YAAY,CAAA;QAC/C,OAAO,CAAC,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,WAAW,CAAA;IAC9D,CAAC;IACD,MAAM,CAAC,KAAK,CAAC,UAAU;QACrB,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC,WAAW,CAAA;QAC7C,OAAO,CAAC,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,WAAW,CAAA;IAC9D,CAAC;IACD,MAAM,CAAC,KAAK,CAAC,iBAAiB;QAC5B,IAAI,IAAI,CAAC,kBAAkB;YAAE,OAAO,IAAI,CAAC,kBAAkB,CAAA;QAC3D,OAAO,CAAC,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC,CAAC,YAAY,CAAA;IAChE,CAAC;IACD,MAAM,CAAC,KAAK,CAAC,aAAa;QACxB,IAAI,IAAI,CAAC,cAAc;YAAE,OAAO,IAAI,CAAC,cAAc,CAAA;QACnD,OAAO,CAAC,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC,QAAQ,CAAA;IACxD,CAAC;IACD,MAAM,CAAC,KAAK,CAAC,eAAe;QAC1B,IAAI,IAAI,CAAC,gBAAgB;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAA;QACvD,OAAO,CAAC,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC,CAAC,UAAU,CAAA;IAC5D,CAAC;IAED,2DAA2D;IAE3D;;;;OAIG;IACH,MAAM,CAAC,iBAAiB,CAAC,EAAuB;QAC9C,IAAI,CAAC,kBAAkB,GAAG,EAAE,CAAA;IAC9B,CAAC;IAED,MAAM,CAAC,mBAAmB;QACxB,OAAO,IAAI,CAAC,kBAAkB,CAAA;IAChC,CAAC;IAED,2DAA2D;IAE3D;;;OAGG;IACH,MAAM,CAAC,YAAY;QACjB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAA;IAC5B,CAAC;IAED,MAAM,CAAC,aAAa;QAClB,OAAO,IAAI,CAAC,cAAc,CAAA;IAC5B,CAAC;IAED,2DAA2D;IAE3D,gBAAgB;IAChB,MAAM,CAAC,KAAK;QACV,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAA;QACpB,IAAI,CAAC,cAAc,GAAW,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QACtD,IAAI,CAAC,qBAAqB,GAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QACtD,IAAI,CAAC,sBAAsB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QAC1D,IAAI,CAAC,QAAQ,GAAM,SAAS,CAAA;QAC5B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAA;QACvB,IAAI,CAAC,UAAU,GAAI,IAAI,CAAA;QACvB,IAAI,CAAC,YAAY,GAAS,IAAI,CAAA;QAC9B,IAAI,CAAC,WAAW,GAAU,IAAI,CAAA;QAC9B,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAA;QAC9B,IAAI,CAAC,cAAc,GAAO,IAAI,CAAA;QAC9B,IAAI,CAAC,gBAAgB,GAAK,IAAI,CAAA;QAC9B,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAA;QAC9B,IAAI,CAAC,cAAc,GAAO,KAAK,CAAA;IACjC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/commands/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/commands/client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAA;AAE3D,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAU,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,UAAU,CAAC,EAAG,MAAM,EAAE,CAAA;IACtB,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC;IAClE,MAAM,EAAE,WAAW,CAAA;IACnB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;CACtB,CAAC,CAuBD"}
|
package/dist/commands/client.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Passport } from '../Passport.js';
|
|
2
2
|
/**
|
|
3
3
|
* Create an OAuth client programmatically.
|
|
4
4
|
* Returns the client and the plain-text secret (if confidential).
|
|
@@ -12,7 +12,8 @@ export async function createClient(opts) {
|
|
|
12
12
|
plainSecret = randomBytes(32).toString('hex');
|
|
13
13
|
hashedSecret = createHash('sha256').update(plainSecret).digest('hex');
|
|
14
14
|
}
|
|
15
|
-
const
|
|
15
|
+
const ClientCls = await Passport.clientModel();
|
|
16
|
+
const client = await ClientCls.create({
|
|
16
17
|
name: opts.name,
|
|
17
18
|
secret: hashedSecret,
|
|
18
19
|
redirectUris: JSON.stringify(opts.redirectUri ? [opts.redirectUri] : []),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/commands/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/commands/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAUzC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAsB;IAIvD,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;IAE/D,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAA;IAC9C,IAAI,WAAW,GAAkB,IAAI,CAAA;IACrC,IAAI,YAAY,GAAkB,IAAI,CAAA;IAEtC,IAAI,YAAY,EAAE,CAAC;QACjB,WAAW,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAC7C,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACvE,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;IAC9C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC;QACpC,IAAI,EAAU,IAAI,CAAC,IAAI;QACvB,MAAM,EAAQ,YAAY;QAC1B,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACxE,UAAU,EAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACvE,MAAM,EAAQ,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,YAAY;KACc,CAAgB,CAAA;IAE5C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AACxC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"purge.d.ts","sourceRoot":"","sources":["../../src/commands/purge.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"purge.d.ts","sourceRoot":"","sources":["../../src/commands/purge.ts"],"names":[],"mappings":"AAMA;;;GAGG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC;IAC3C,YAAY,EAAG,MAAM,CAAA;IACrB,aAAa,EAAE,MAAM,CAAA;IACrB,SAAS,EAAM,MAAM,CAAA;IACrB,WAAW,EAAI,MAAM,CAAA;CACtB,CAAC,CAgDD"}
|
package/dist/commands/purge.js
CHANGED
|
@@ -1,42 +1,43 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { RefreshToken } from '../models/RefreshToken.js';
|
|
3
|
-
import { AuthCode } from '../models/AuthCode.js';
|
|
4
|
-
import { DeviceCode } from '../models/DeviceCode.js';
|
|
1
|
+
import { Passport } from '../Passport.js';
|
|
5
2
|
/**
|
|
6
3
|
* Remove expired and revoked tokens from the database.
|
|
7
4
|
* Returns counts of purged records.
|
|
8
5
|
*/
|
|
9
6
|
export async function purgeTokens() {
|
|
10
7
|
const now = new Date();
|
|
8
|
+
const AccessTokenCls = await Passport.tokenModel();
|
|
9
|
+
const RefreshTokenCls = await Passport.refreshTokenModel();
|
|
10
|
+
const AuthCodeCls = await Passport.authCodeModel();
|
|
11
|
+
const DeviceCodeCls = await Passport.deviceCodeModel();
|
|
11
12
|
// Purge expired/revoked access tokens
|
|
12
|
-
const expiredAccess = await
|
|
13
|
+
const expiredAccess = await AccessTokenCls.query()
|
|
13
14
|
.where('expiresAt', '<', now)
|
|
14
15
|
.orWhere('revoked', true)
|
|
15
16
|
.get();
|
|
16
17
|
for (const t of expiredAccess) {
|
|
17
|
-
await
|
|
18
|
+
await AccessTokenCls.delete(t.id);
|
|
18
19
|
}
|
|
19
20
|
// Purge expired/revoked refresh tokens
|
|
20
|
-
const expiredRefresh = await
|
|
21
|
+
const expiredRefresh = await RefreshTokenCls.query()
|
|
21
22
|
.where('expiresAt', '<', now)
|
|
22
23
|
.orWhere('revoked', true)
|
|
23
24
|
.get();
|
|
24
25
|
for (const t of expiredRefresh) {
|
|
25
|
-
await
|
|
26
|
+
await RefreshTokenCls.delete(t.id);
|
|
26
27
|
}
|
|
27
28
|
// Purge expired auth codes
|
|
28
|
-
const expiredCodes = await
|
|
29
|
+
const expiredCodes = await AuthCodeCls.query()
|
|
29
30
|
.where('expiresAt', '<', now)
|
|
30
31
|
.get();
|
|
31
32
|
for (const c of expiredCodes) {
|
|
32
|
-
await
|
|
33
|
+
await AuthCodeCls.delete(c.id);
|
|
33
34
|
}
|
|
34
35
|
// Purge expired device codes
|
|
35
|
-
const expiredDevices = await
|
|
36
|
+
const expiredDevices = await DeviceCodeCls.query()
|
|
36
37
|
.where('expiresAt', '<', now)
|
|
37
38
|
.get();
|
|
38
39
|
for (const d of expiredDevices) {
|
|
39
|
-
await
|
|
40
|
+
await DeviceCodeCls.delete(d.id);
|
|
40
41
|
}
|
|
41
42
|
return {
|
|
42
43
|
accessTokens: expiredAccess.length,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"purge.js","sourceRoot":"","sources":["../../src/commands/purge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"purge.js","sourceRoot":"","sources":["../../src/commands/purge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAMzC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAM/B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;IAEtB,MAAM,cAAc,GAAI,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;IACnD,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,iBAAiB,EAAE,CAAA;IAC1D,MAAM,WAAW,GAAO,MAAM,QAAQ,CAAC,aAAa,EAAE,CAAA;IACtD,MAAM,aAAa,GAAK,MAAM,QAAQ,CAAC,eAAe,EAAE,CAAA;IAExD,sCAAsC;IACtC,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE;SAC/C,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC;SAC5B,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC;SACxB,GAAG,EAAmB,CAAA;IACzB,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,MAAM,cAAc,CAAC,MAAM,CAAE,CAAS,CAAC,EAAY,CAAC,CAAA;IACtD,CAAC;IAED,uCAAuC;IACvC,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE;SACjD,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC;SAC5B,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC;SACxB,GAAG,EAAoB,CAAA;IAC1B,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,MAAM,eAAe,CAAC,MAAM,CAAE,CAAS,CAAC,EAAY,CAAC,CAAA;IACvD,CAAC;IAED,2BAA2B;IAC3B,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE;SAC3C,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC;SAC5B,GAAG,EAAgB,CAAA;IACtB,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7B,MAAM,WAAW,CAAC,MAAM,CAAE,CAAS,CAAC,EAAY,CAAC,CAAA;IACnD,CAAC;IAED,6BAA6B;IAC7B,MAAM,cAAc,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE;SAC/C,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC;SAC5B,GAAG,EAAkB,CAAA;IACxB,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,MAAM,aAAa,CAAC,MAAM,CAAE,CAAS,CAAC,EAAY,CAAC,CAAA;IACrD,CAAC;IAED,OAAO;QACL,YAAY,EAAG,aAAa,CAAC,MAAM;QACnC,aAAa,EAAE,cAAc,CAAC,MAAM;QACpC,SAAS,EAAM,YAAY,CAAC,MAAM;QAClC,WAAW,EAAI,cAAc,CAAC,MAAM;KACrC,CAAA;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../src/grants/authorization-code.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../src/grants/authorization-code.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAA;AAG3D,OAAO,EAAe,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAIlE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAO,MAAM,CAAA;IACrB,WAAW,EAAI,MAAM,CAAA;IACrB,YAAY,EAAG,MAAM,CAAA;IACrB,KAAK,EAAU,MAAM,CAAA;IACrB,KAAK,CAAC,EAAS,MAAM,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAC7B;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAS,WAAW,CAAA;IAC1B,WAAW,EAAI,MAAM,CAAA;IACrB,MAAM,EAAS,MAAM,EAAE,CAAA;IACvB,KAAK,CAAC,EAAS,MAAM,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAC7B;AAED;;;GAGG;AACH,wBAAsB,4BAA4B,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CA0C9G;AAID;;;GAGG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE;IACxC,MAAM,EAAK,MAAM,CAAA;IACjB,QAAQ,EAAG,MAAM,CAAA;IACjB,MAAM,EAAK,MAAM,EAAE,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,CAAC,MAAM,CAAC,CAelB;AAID,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAK,MAAM,CAAA;IACpB,IAAI,EAAU,MAAM,CAAA;IACpB,QAAQ,EAAM,MAAM,CAAA;IACpB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,WAAW,EAAG,MAAM,CAAA;IACpB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,YAAY,CAAC,CA0E1F;AAID,qBAAa,UAAW,SAAQ,KAAK;aAEjB,KAAK,EAAE,MAAM;aACb,gBAAgB,EAAE,MAAM;aACxB,UAAU,EAAE,MAAM;gBAFlB,KAAK,EAAE,MAAM,EACb,gBAAgB,EAAE,MAAM,EACxB,UAAU,GAAE,MAAY;IAM1C,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;CAMjC"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { AuthCode } from '../models/AuthCode.js';
|
|
1
|
+
import { Passport } from '../Passport.js';
|
|
3
2
|
import { clientHelpers, authCodeHelpers } from '../models/helpers.js';
|
|
4
3
|
import { issueTokens } from './issue-tokens.js';
|
|
5
4
|
/**
|
|
@@ -10,7 +9,8 @@ export async function validateAuthorizationRequest(params) {
|
|
|
10
9
|
if (params.responseType !== 'code') {
|
|
11
10
|
throw new OAuthError('unsupported_response_type', 'Only response_type=code is supported.');
|
|
12
11
|
}
|
|
13
|
-
const
|
|
12
|
+
const ClientCls = await Passport.clientModel();
|
|
13
|
+
const client = await ClientCls.where('id', params.clientId).first();
|
|
14
14
|
if (!client || client.revoked) {
|
|
15
15
|
throw new OAuthError('invalid_client', 'Client not found.');
|
|
16
16
|
}
|
|
@@ -52,7 +52,8 @@ export async function validateAuthorizationRequest(params) {
|
|
|
52
52
|
*/
|
|
53
53
|
export async function issueAuthCode(opts) {
|
|
54
54
|
const expiresAt = new Date(Date.now() + 10 * 60 * 1000); // 10 minutes
|
|
55
|
-
const
|
|
55
|
+
const AuthCodeCls = await Passport.authCodeModel();
|
|
56
|
+
const code = await AuthCodeCls.create({
|
|
56
57
|
userId: opts.userId,
|
|
57
58
|
clientId: opts.clientId,
|
|
58
59
|
scopes: JSON.stringify(opts.scopes),
|
|
@@ -70,8 +71,10 @@ export async function exchangeAuthCode(params) {
|
|
|
70
71
|
if (params.grantType !== 'authorization_code') {
|
|
71
72
|
throw new OAuthError('unsupported_grant_type', 'Expected grant_type=authorization_code.');
|
|
72
73
|
}
|
|
74
|
+
const ClientCls = await Passport.clientModel();
|
|
75
|
+
const AuthCodeCls = await Passport.authCodeModel();
|
|
73
76
|
// Validate client
|
|
74
|
-
const client = await
|
|
77
|
+
const client = await ClientCls.where('id', params.clientId).first();
|
|
75
78
|
if (!client || client.revoked) {
|
|
76
79
|
throw new OAuthError('invalid_client', 'Client not found.');
|
|
77
80
|
}
|
|
@@ -87,7 +90,7 @@ export async function exchangeAuthCode(params) {
|
|
|
87
90
|
}
|
|
88
91
|
}
|
|
89
92
|
// Validate auth code
|
|
90
|
-
const authCode = await
|
|
93
|
+
const authCode = await AuthCodeCls.where('id', params.code).first();
|
|
91
94
|
if (!authCode) {
|
|
92
95
|
throw new OAuthError('invalid_grant', 'Authorization code not found.');
|
|
93
96
|
}
|
|
@@ -121,7 +124,7 @@ export async function exchangeAuthCode(params) {
|
|
|
121
124
|
}
|
|
122
125
|
}
|
|
123
126
|
// Revoke the auth code (single-use)
|
|
124
|
-
await
|
|
127
|
+
await AuthCodeCls.update(authCode.id, { revoked: true });
|
|
125
128
|
// Issue tokens
|
|
126
129
|
return issueTokens({
|
|
127
130
|
userId: authCode.userId,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-code.js","sourceRoot":"","sources":["../../src/grants/authorization-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"authorization-code.js","sourceRoot":"","sources":["../../src/grants/authorization-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAGzC,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AACrE,OAAO,EAAE,WAAW,EAAqB,MAAM,mBAAmB,CAAA;AAuBlE;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAAC,MAA4B;IAC7E,IAAI,MAAM,CAAC,YAAY,KAAK,MAAM,EAAE,CAAC;QACnC,MAAM,IAAI,UAAU,CAAC,2BAA2B,EAAE,uCAAuC,CAAC,CAAA;IAC5F,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;IAC9C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAwB,CAAA;IACzF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,MAAa,EAAE,oBAAoB,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,wDAAwD,CAAC,CAAA;IACvG,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,MAAa,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,uBAAuB,CAAC,CAAA;IAClE,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QACzB,IAAI,MAAM,CAAC,mBAAmB,IAAI,MAAM,CAAC,mBAAmB,KAAK,MAAM,IAAI,MAAM,CAAC,mBAAmB,KAAK,OAAO,EAAE,CAAC;YAClH,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,uDAAuD,CAAC,CAAA;QAClG,CAAC;IACH,CAAC;SAAM,IAAI,aAAa,CAAC,QAAQ,CAAC,MAAa,CAAC,EAAE,CAAC;QACjD,+BAA+B;QAC/B,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,yDAAyD,CAAC,CAAA;IACpG,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAE1E,MAAM,MAAM,GAAyB;QACnC,MAAM;QACN,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,MAAM;KACP,CAAA;IACD,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS;QAAE,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAA;IAC3D,IAAI,MAAM,CAAC,aAAa,KAAK,SAAS;QAAE,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAA;IACnF,MAAM,MAAM,GAAG,MAAM,CAAC,mBAAmB,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;IACxF,IAAI,MAAM,KAAK,SAAS;QAAE,MAAM,CAAC,mBAAmB,GAAG,MAAM,CAAA;IAE7D,OAAO,MAAM,CAAA;AACf,CAAC;AAED,6DAA6D;AAE7D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAOnC;IACC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA,CAAC,aAAa;IAErE,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,aAAa,EAAE,CAAA;IAClD,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;QACpC,MAAM,EAAe,IAAI,CAAC,MAAM;QAChC,QAAQ,EAAa,IAAI,CAAC,QAAQ;QAClC,MAAM,EAAe,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;QAChD,OAAO,EAAc,KAAK;QAC1B,SAAS;QACT,aAAa,EAAQ,IAAI,CAAC,aAAa,IAAI,IAAI;QAC/C,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,IAAI,IAAI;KAC3B,CAAa,CAAA;IAEzC,OAAQ,IAAY,CAAC,EAAY,CAAA;AACnC,CAAC;AAaD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAA4B;IACjE,IAAI,MAAM,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;QAC9C,MAAM,IAAI,UAAU,CAAC,wBAAwB,EAAE,yCAAyC,CAAC,CAAA;IAC3F,CAAC;IAED,MAAM,SAAS,GAAK,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;IAChD,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,aAAa,EAAE,CAAA;IAElD,kBAAkB;IAClB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAwB,CAAA;IACzF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,CAAA;IAC7D,CAAC;IAED,mDAAmD;IACnD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,yBAAyB,CAAC,CAAA;QACnE,CAAC;QACD,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC7E,IAAI,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;YAC7B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,wBAAwB,CAAC,CAAA;QAClE,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAqB,CAAA;IACtF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,+BAA+B,CAAC,CAAA;IACxE,CAAC;IACD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,sCAAsC,CAAC,CAAA;IAC/E,CAAC;IACD,IAAI,eAAe,CAAC,SAAS,CAAC,QAAe,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,iCAAiC,CAAC,CAAA;IAC1E,CAAC;IACD,IAAI,QAAQ,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,mDAAmD,CAAC,CAAA;IAC5F,CAAC;IAED,oBAAoB;IACpB,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,8BAA8B,CAAC,CAAA;QACvE,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;QAClD,IAAI,QAAgB,CAAA;QAEpB,IAAI,QAAQ,CAAC,mBAAmB,KAAK,MAAM,EAAE,CAAC;YAC5C,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;iBAC5B,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC;iBAC3B,MAAM,CAAC,WAAW,CAAC,CAAA;QACxB,CAAC;aAAM,CAAC;YACN,QAAQ;YACR,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAA;QAChC,CAAC;QAED,IAAI,QAAQ,KAAK,QAAQ,CAAC,aAAa,EAAE,CAAC;YACxC,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,oCAAoC,CAAC,CAAA;QAC7E,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,MAAM,WAAW,CAAC,MAAM,CAAE,QAAgB,CAAC,EAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;IAElF,eAAe;IACf,OAAO,WAAW,CAAC;QACjB,MAAM,EAAI,QAAQ,CAAC,MAAM;QACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAI,eAAe,CAAC,SAAS,CAAC,QAAe,CAAC;QACpD,cAAc,EAAE,IAAI;KACrB,CAAC,CAAA;AACJ,CAAC;AAED,6DAA6D;AAE7D,MAAM,OAAO,UAAW,SAAQ,KAAK;IAEjB;IACA;IACA;IAHlB,YACkB,KAAa,EACb,gBAAwB,EACxB,aAAqB,GAAG;QAExC,KAAK,CAAC,gBAAgB,CAAC,CAAA;QAJP,UAAK,GAAL,KAAK,CAAQ;QACb,qBAAgB,GAAhB,gBAAgB,CAAQ;QACxB,eAAU,GAAV,UAAU,CAAc;QAGxC,IAAI,CAAC,IAAI,GAAG,YAAY,CAAA;IAC1B,CAAC;IAED,MAAM;QACJ,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,iBAAiB,EAAE,IAAI,CAAC,gBAAgB;SACzC,CAAA;IACH,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client-credentials.d.ts","sourceRoot":"","sources":["../../src/grants/client-credentials.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client-credentials.d.ts","sourceRoot":"","sources":["../../src/grants/client-credentials.ts"],"names":[],"mappings":"AAGA,OAAO,EAAe,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAGlE,MAAM,WAAW,wBAAwB;IACvC,SAAS,EAAK,MAAM,CAAA;IACpB,QAAQ,EAAM,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;IACpB,KAAK,CAAC,EAAQ,MAAM,CAAA;CACrB;AAED;;;GAGG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,EAAE,wBAAwB,GAAG,OAAO,CAAC,YAAY,CAAC,CAkCpG"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Passport } from '../Passport.js';
|
|
2
2
|
import { clientHelpers } from '../models/helpers.js';
|
|
3
3
|
import { issueTokens } from './issue-tokens.js';
|
|
4
4
|
import { OAuthError } from './authorization-code.js';
|
|
@@ -10,7 +10,8 @@ export async function clientCredentialsGrant(params) {
|
|
|
10
10
|
if (params.grantType !== 'client_credentials') {
|
|
11
11
|
throw new OAuthError('unsupported_grant_type', 'Expected grant_type=client_credentials.');
|
|
12
12
|
}
|
|
13
|
-
const
|
|
13
|
+
const ClientCls = await Passport.clientModel();
|
|
14
|
+
const client = await ClientCls.where('id', params.clientId).first();
|
|
14
15
|
if (!client || client.revoked) {
|
|
15
16
|
throw new OAuthError('invalid_client', 'Client not found.', 401);
|
|
16
17
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client-credentials.js","sourceRoot":"","sources":["../../src/grants/client-credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"client-credentials.js","sourceRoot":"","sources":["../../src/grants/client-credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAEzC,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpD,OAAO,EAAE,WAAW,EAAqB,MAAM,mBAAmB,CAAA;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AASpD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,MAAgC;IAC3E,IAAI,MAAM,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;QAC9C,MAAM,IAAI,UAAU,CAAC,wBAAwB,EAAE,yCAAyC,CAAC,CAAA;IAC3F,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;IAC9C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAwB,CAAA;IACzF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAA;IAClE,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,MAAa,EAAE,oBAAoB,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,wDAAwD,CAAC,CAAA;IACvG,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACzB,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,0DAA0D,CAAC,CAAA;IACpG,CAAC;IAED,gBAAgB;IAChB,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;IAClD,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC7E,IAAI,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,wBAAwB,EAAE,GAAG,CAAC,CAAA;IACvE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAE1E,OAAO,WAAW,CAAC;QACjB,MAAM,EAAU,IAAI,EAAE,kBAAkB;QACxC,QAAQ,EAAQ,MAAM,CAAC,QAAQ;QAC/B,MAAM;QACN,cAAc,EAAE,KAAK,EAAE,8CAA8C;KACtE,CAAC,CAAA;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"device-code.d.ts","sourceRoot":"","sources":["../../src/grants/device-code.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"device-code.d.ts","sourceRoot":"","sources":["../../src/grants/device-code.ts"],"names":[],"mappings":"AAIA,OAAO,EAAe,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAKlE,MAAM,WAAW,2BAA2B;IAC1C,WAAW,EAAiB,MAAM,CAAA;IAClC,SAAS,EAAmB,MAAM,CAAA;IAClC,gBAAgB,EAAY,MAAM,CAAA;IAClC,yBAAyB,CAAC,EAAE,MAAM,CAAA;IAClC,UAAU,EAAkB,MAAM,CAAA;IAClC,QAAQ,EAAoB,MAAM,CAAA;CACnC;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE;IAC9C,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAI,MAAM,CAAA;IAChB,eAAe,EAAE,MAAM,CAAA;CACxB,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAsCvC;AAID;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAiB1G;AAID,MAAM,MAAM,gBAAgB,GACxB;IAAE,MAAM,EAAE,YAAY,CAAC;IAAC,MAAM,EAAE,YAAY,CAAA;CAAE,GAC9C;IAAE,MAAM,EAAE,uBAAuB,CAAA;CAAE,GACnC;IAAE,MAAM,EAAE,WAAW,CAAA;CAAE,GACvB;IAAE,MAAM,EAAE,eAAe,CAAA;CAAE,GAC3B;IAAE,MAAM,EAAE,eAAe,CAAA;CAAE,CAAA;AAE/B;;GAEG;AACH,wBAAsB,cAAc,CAAC,MAAM,EAAE;IAC3C,SAAS,EAAG,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAI,MAAM,CAAA;CACnB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAkD5B"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { DeviceCode } from '../models/DeviceCode.js';
|
|
1
|
+
import { Passport } from '../Passport.js';
|
|
3
2
|
import { clientHelpers, deviceCodeHelpers } from '../models/helpers.js';
|
|
4
3
|
import { issueTokens } from './issue-tokens.js';
|
|
5
4
|
import { OAuthError } from './authorization-code.js';
|
|
@@ -8,7 +7,9 @@ import { OAuthError } from './authorization-code.js';
|
|
|
8
7
|
* Returns device_code + user_code for the user to enter.
|
|
9
8
|
*/
|
|
10
9
|
export async function requestDeviceCode(params) {
|
|
11
|
-
const
|
|
10
|
+
const ClientCls = await Passport.clientModel();
|
|
11
|
+
const DeviceCodeCls = await Passport.deviceCodeModel();
|
|
12
|
+
const client = await ClientCls.where('id', params.clientId).first();
|
|
12
13
|
if (!client || client.revoked) {
|
|
13
14
|
throw new OAuthError('invalid_client', 'Client not found.');
|
|
14
15
|
}
|
|
@@ -20,7 +21,7 @@ export async function requestDeviceCode(params) {
|
|
|
20
21
|
const userCode = await generateUserCode();
|
|
21
22
|
const scopes = params.scope ? params.scope.split(' ').filter(Boolean) : [];
|
|
22
23
|
const expiresAt = new Date(Date.now() + 15 * 60 * 1000); // 15 minutes
|
|
23
|
-
await
|
|
24
|
+
await DeviceCodeCls.create({
|
|
24
25
|
clientId: params.clientId,
|
|
25
26
|
deviceCode,
|
|
26
27
|
userCode,
|
|
@@ -44,7 +45,8 @@ export async function requestDeviceCode(params) {
|
|
|
44
45
|
* Step 2: User approves or denies the device (on the verification page).
|
|
45
46
|
*/
|
|
46
47
|
export async function approveDeviceCode(userCode, userId, approved) {
|
|
47
|
-
const
|
|
48
|
+
const DeviceCodeCls = await Passport.deviceCodeModel();
|
|
49
|
+
const device = await DeviceCodeCls.where('userCode', userCode).first();
|
|
48
50
|
if (!device) {
|
|
49
51
|
throw new OAuthError('invalid_request', 'Device code not found.');
|
|
50
52
|
}
|
|
@@ -54,7 +56,7 @@ export async function approveDeviceCode(userCode, userId, approved) {
|
|
|
54
56
|
if (!deviceCodeHelpers.isPending(device)) {
|
|
55
57
|
throw new OAuthError('invalid_request', 'Device code has already been used.');
|
|
56
58
|
}
|
|
57
|
-
await
|
|
59
|
+
await DeviceCodeCls.update(device.id, {
|
|
58
60
|
userId,
|
|
59
61
|
approved,
|
|
60
62
|
});
|
|
@@ -66,7 +68,8 @@ export async function pollDeviceCode(params) {
|
|
|
66
68
|
if (params.grantType !== 'urn:ietf:params:oauth:grant-type:device_code') {
|
|
67
69
|
throw new OAuthError('unsupported_grant_type', 'Expected grant_type=urn:ietf:params:oauth:grant-type:device_code.');
|
|
68
70
|
}
|
|
69
|
-
const
|
|
71
|
+
const DeviceCodeCls = await Passport.deviceCodeModel();
|
|
72
|
+
const device = await DeviceCodeCls.where('deviceCode', params.deviceCode).first();
|
|
70
73
|
if (!device) {
|
|
71
74
|
throw new OAuthError('invalid_grant', 'Device code not found.');
|
|
72
75
|
}
|
|
@@ -84,7 +87,7 @@ export async function pollDeviceCode(params) {
|
|
|
84
87
|
}
|
|
85
88
|
}
|
|
86
89
|
// Update last polled time
|
|
87
|
-
await
|
|
90
|
+
await DeviceCodeCls.update(device.id, {
|
|
88
91
|
lastPolledAt: new Date(),
|
|
89
92
|
});
|
|
90
93
|
if (deviceCodeHelpers.isPending(device)) {
|
|
@@ -101,7 +104,7 @@ export async function pollDeviceCode(params) {
|
|
|
101
104
|
includeRefresh: true,
|
|
102
105
|
});
|
|
103
106
|
// Clean up the device code
|
|
104
|
-
await
|
|
107
|
+
await DeviceCodeCls.delete(device.id);
|
|
105
108
|
return { status: 'authorized', tokens };
|
|
106
109
|
}
|
|
107
110
|
// ─── Helpers ──────────────────────────────────────────────
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"device-code.js","sourceRoot":"","sources":["../../src/grants/device-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"device-code.js","sourceRoot":"","sources":["../../src/grants/device-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAGzC,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACvE,OAAO,EAAE,WAAW,EAAqB,MAAM,mBAAmB,CAAA;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAapD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAIvC;IACC,MAAM,SAAS,GAAO,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;IAClD,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,CAAA;IAEtD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAwB,CAAA;IACzF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,MAAa,EAAE,8CAA8C,CAAC,EAAE,CAAC;QAC/F,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,0DAA0D,CAAC,CAAA;IACzG,CAAC;IAED,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;IACnD,MAAM,UAAU,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IAClD,MAAM,QAAQ,GAAK,MAAM,gBAAgB,EAAE,CAAA;IAC3C,MAAM,MAAM,GAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAC9E,MAAM,SAAS,GAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA,CAAC,aAAa;IAEtE,MAAM,aAAa,CAAC,MAAM,CAAC;QACzB,QAAQ,EAAI,MAAM,CAAC,QAAQ;QAC3B,UAAU;QACV,QAAQ;QACR,MAAM,EAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;QAClC,MAAM,EAAM,IAAI;QAChB,QAAQ,EAAI,IAAI;QAChB,SAAS;QACT,YAAY,EAAE,IAAI;KACQ,CAAC,CAAA;IAE7B,OAAO;QACL,WAAW,EAAO,UAAU;QAC5B,SAAS,EAAS,QAAQ;QAC1B,gBAAgB,EAAE,MAAM,CAAC,eAAe;QACxC,yBAAyB,EAAE,GAAG,MAAM,CAAC,eAAe,cAAc,QAAQ,EAAE;QAC5E,UAAU,EAAQ,EAAE,GAAG,EAAE,EAAE,wBAAwB;QACnD,QAAQ,EAAU,CAAC,EAAQ,uBAAuB;KACnD,CAAA;AACH,CAAC;AAED,6DAA6D;AAE7D;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAgB,EAAE,MAAc,EAAE,QAAiB;IACzF,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,CAAA;IACtD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,EAAuB,CAAA;IAC3F,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,wBAAwB,CAAC,CAAA;IACnE,CAAC;IACD,IAAI,iBAAiB,CAAC,SAAS,CAAC,MAAa,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAA;IACnE,CAAC;IACD,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,MAAa,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,oCAAoC,CAAC,CAAA;IAC/E,CAAC;IAED,MAAM,aAAa,CAAC,MAAM,CAAE,MAAc,CAAC,EAAY,EAAE;QACvD,MAAM;QACN,QAAQ;KACF,CAAC,CAAA;AACX,CAAC;AAWD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAIpC;IACC,IAAI,MAAM,CAAC,SAAS,KAAK,8CAA8C,EAAE,CAAC;QACxE,MAAM,IAAI,UAAU,CAAC,wBAAwB,EAAE,mEAAmE,CAAC,CAAA;IACrH,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,CAAA;IACtD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,EAAuB,CAAA;IACtG,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,wBAAwB,CAAC,CAAA;IACjE,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,4CAA4C,CAAC,CAAA;IACrF,CAAC;IACD,IAAI,iBAAiB,CAAC,SAAS,CAAC,MAAa,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,CAAA;IACpC,CAAC;IAED,2CAA2C;IAC3C,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE,CAAA;QACpE,IAAI,OAAO,GAAG,IAAI,EAAE,CAAC;YACnB,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;QAChC,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,aAAa,CAAC,MAAM,CAAE,MAAc,CAAC,EAAY,EAAE;QACvD,YAAY,EAAE,IAAI,IAAI,EAAE;KAClB,CAAC,CAAA;IAET,IAAI,iBAAiB,CAAC,SAAS,CAAC,MAAa,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAA;IAC5C,CAAC;IAED,IAAI,iBAAiB,CAAC,QAAQ,CAAC,MAAa,CAAC,EAAE,CAAC;QAC9C,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,CAAA;IACpC,CAAC;IAED,0BAA0B;IAC1B,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC;QAC/B,MAAM,EAAI,MAAM,CAAC,MAAM;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAI,iBAAiB,CAAC,SAAS,CAAC,MAAa,CAAC;QACpD,cAAc,EAAE,IAAI;KACrB,CAAC,CAAA;IAEF,2BAA2B;IAC3B,MAAM,aAAa,CAAC,MAAM,CAAE,MAAc,CAAC,EAAY,CAAC,CAAA;IAExD,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,CAAA;AACzC,CAAC;AAED,6DAA6D;AAE7D,oFAAoF;AACpF,KAAK,UAAU,gBAAgB;IAC7B,MAAM,KAAK,GAAG,kCAAkC,CAAA,CAAC,gBAAgB;IACjE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;IACjD,IAAI,IAAI,GAAG,EAAE,CAAA;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,IAAI,CAAC,KAAK,CAAC;YAAE,IAAI,IAAI,GAAG,CAAA,CAAC,mBAAmB;QAC5C,IAAI,IAAI,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;IACxC,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"issue-tokens.d.ts","sourceRoot":"","sources":["../../src/grants/issue-tokens.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAG,MAAM,CAAA;IACrB,UAAU,EAAK,QAAQ,CAAA;IACvB,UAAU,EAAK,MAAM,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE;IACtC,MAAM,EAAQ,MAAM,GAAG,IAAI,CAAA;IAC3B,QAAQ,EAAM,MAAM,CAAA;IACpB,MAAM,EAAQ,MAAM,EAAE,CAAA;IACtB,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,2CAA2C;IAC3C,QAAQ,CAAC,EAAK,MAAM,CAAA;CACrB,GAAG,OAAO,CAAC,YAAY,CAAC,
|
|
1
|
+
{"version":3,"file":"issue-tokens.d.ts","sourceRoot":"","sources":["../../src/grants/issue-tokens.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAG,MAAM,CAAA;IACrB,UAAU,EAAK,QAAQ,CAAA;IACvB,UAAU,EAAK,MAAM,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE;IACtC,MAAM,EAAQ,MAAM,GAAG,IAAI,CAAA;IAC3B,QAAQ,EAAM,MAAM,CAAA;IACpB,MAAM,EAAQ,MAAM,EAAE,CAAA;IACtB,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,2CAA2C;IAC3C,QAAQ,CAAC,EAAK,MAAM,CAAA;CACrB,GAAG,OAAO,CAAC,YAAY,CAAC,CA8CxB"}
|
|
@@ -1,6 +1,4 @@
|
|
|
1
1
|
import { Passport } from '../Passport.js';
|
|
2
|
-
import { AccessToken } from '../models/AccessToken.js';
|
|
3
|
-
import { RefreshToken } from '../models/RefreshToken.js';
|
|
4
2
|
import { createToken } from '../token.js';
|
|
5
3
|
/**
|
|
6
4
|
* Issue an access token (+ optional refresh token) and persist to DB.
|
|
@@ -8,8 +6,10 @@ import { createToken } from '../token.js';
|
|
|
8
6
|
export async function issueTokens(opts) {
|
|
9
7
|
const lifetime = opts.lifetime ?? Passport.tokenLifetime();
|
|
10
8
|
const expiresAt = new Date(Date.now() + lifetime);
|
|
9
|
+
const AccessTokenCls = await Passport.tokenModel();
|
|
10
|
+
const RefreshTokenCls = await Passport.refreshTokenModel();
|
|
11
11
|
// Create DB record
|
|
12
|
-
const tokenRecord = await
|
|
12
|
+
const tokenRecord = await AccessTokenCls.create({
|
|
13
13
|
userId: opts.userId,
|
|
14
14
|
clientId: opts.clientId,
|
|
15
15
|
scopes: JSON.stringify(opts.scopes),
|
|
@@ -33,7 +33,7 @@ export async function issueTokens(opts) {
|
|
|
33
33
|
// Issue refresh token
|
|
34
34
|
if (opts.includeRefresh !== false) {
|
|
35
35
|
const refreshExpiresAt = new Date(Date.now() + Passport.refreshTokenLifetime());
|
|
36
|
-
const refreshRecord = await
|
|
36
|
+
const refreshRecord = await RefreshTokenCls.create({
|
|
37
37
|
accessTokenId: tokenId,
|
|
38
38
|
revoked: false,
|
|
39
39
|
expiresAt: refreshExpiresAt,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"issue-tokens.js","sourceRoot":"","sources":["../../src/grants/issue-tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"issue-tokens.js","sourceRoot":"","sources":["../../src/grants/issue-tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAGzC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AASzC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAOjC;IACC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAA;IAC1D,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAA;IAEjD,MAAM,cAAc,GAAI,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;IACnD,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,iBAAiB,EAAE,CAAA;IAE1D,mBAAmB;IACnB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC;QAC9C,MAAM,EAAK,IAAI,CAAC,MAAM;QACtB,QAAQ,EAAG,IAAI,CAAC,QAAQ;QACxB,MAAM,EAAK,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;QACtC,OAAO,EAAI,KAAK;QAChB,SAAS;KACiB,CAAgB,CAAA;IAE5C,MAAM,OAAO,GAAI,WAAmB,CAAC,EAAY,CAAA;IAEjD,WAAW;IACX,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC;QAC5B,OAAO;QACP,MAAM,EAAI,IAAI,CAAC,MAAM;QACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM,EAAI,IAAI,CAAC,MAAM;QACrB,SAAS;KACV,CAAC,CAAA;IAEF,MAAM,MAAM,GAAiB;QAC3B,YAAY,EAAE,GAAG;QACjB,UAAU,EAAI,QAAQ;QACtB,UAAU,EAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;KAC1C,CAAA;IAED,sBAAsB;IACtB,IAAI,IAAI,CAAC,cAAc,KAAK,KAAK,EAAE,CAAC;QAClC,MAAM,gBAAgB,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,oBAAoB,EAAE,CAAC,CAAA;QAC/E,MAAM,aAAa,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC;YACjD,aAAa,EAAE,OAAO;YACtB,OAAO,EAAQ,KAAK;YACpB,SAAS,EAAM,gBAAgB;SACL,CAAiB,CAAA;QAE7C,MAAM,CAAC,aAAa,GAAI,aAAqB,CAAC,EAAY,CAAA;IAC5D,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"refresh-token.d.ts","sourceRoot":"","sources":["../../src/grants/refresh-token.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"refresh-token.d.ts","sourceRoot":"","sources":["../../src/grants/refresh-token.ts"],"names":[],"mappings":"AAKA,OAAO,EAAe,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAGlE,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAK,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAM,MAAM,CAAA;IACpB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,KAAK,CAAC,EAAQ,MAAM,CAAA;CACrB;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,YAAY,CAAC,CAuE1F"}
|