@rudderjs/passport 1.1.9 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/boost/guidelines.md +1 -1
- package/dist/models/AccessToken.d.ts +1 -0
- package/dist/models/AccessToken.d.ts.map +1 -1
- package/dist/models/AccessToken.js +5 -1
- package/dist/models/AccessToken.js.map +1 -1
- package/dist/models/AuthCode.d.ts +1 -0
- package/dist/models/AuthCode.d.ts.map +1 -1
- package/dist/models/AuthCode.js +4 -1
- package/dist/models/AuthCode.js.map +1 -1
- package/dist/models/DeviceCode.d.ts +1 -0
- package/dist/models/DeviceCode.d.ts.map +1 -1
- package/dist/models/DeviceCode.js +4 -1
- package/dist/models/DeviceCode.js.map +1 -1
- package/dist/models/OAuthClient.d.ts +1 -0
- package/dist/models/OAuthClient.d.ts.map +1 -1
- package/dist/models/OAuthClient.js +7 -1
- package/dist/models/OAuthClient.js.map +1 -1
- package/dist/models/RefreshToken.d.ts +1 -0
- package/dist/models/RefreshToken.d.ts.map +1 -1
- package/dist/models/RefreshToken.js +4 -1
- package/dist/models/RefreshToken.js.map +1 -1
- package/package.json +6 -6
package/boost/guidelines.md
CHANGED
|
@@ -141,7 +141,7 @@ pnpm rudder make:passport-client # scaffold a client seede
|
|
|
141
141
|
- **PKCE required for public clients** — public clients (created with `--public`) must send `code_challenge` + `code_challenge_method=S256`. Missing PKCE → `invalid_request`.
|
|
142
142
|
- **Refresh token reuse** — rotation revokes the old refresh token atomically. Retrying with the old one returns `invalid_grant`.
|
|
143
143
|
- **ORM returns records, not Model instances** — `AccessToken.where(...).first()` returns a plain data object. Prototype methods don't work on query results. Use `@rudderjs/passport`'s `models/helpers.ts` helpers (e.g. `accessTokenHelpers.can(token, scope)`) rather than calling methods on the record.
|
|
144
|
-
- **
|
|
144
|
+
- **Passport models use SQL `@@map` table names** (`oauth_clients`, `oauth_access_tokens`, …) + `keyType: 'ulid'`, so they run on the native engine AND on Prisma (orm-prisma maps the SQL name → delegate via the runtime datamodel). On Prisma this needs `@rudderjs/orm-prisma` ≥ the SQL-name-fallback release; an older one 500s with `Prisma has no delegate for table "oauth_clients"`. New rows get a ulid id (not cuid) — both opaque strings, existing rows coexist.
|
|
145
145
|
- **Consent screen needs session** — `POST /oauth/authorize` and `POST /oauth/device/approve` both require `req.user`. If you mount OAuth routes on the `api` group, these two routes will 401. Either keep consent + device-approve on the `web` group, or mount `SessionMiddleware()` + `AuthMiddleware()` per-route.
|
|
146
146
|
- **Personal access client cache** — `_personalClientId` is cached module-level. `resetPersonalAccessClient()` is test-only; don't call it in production code.
|
|
147
147
|
- **Don't store plain-text JWTs** — `user.createToken()` returns `plainTextToken` once. The DB stores only the record (used for revocation lookup via `jti`). Show the JWT to the user; they must save it themselves.
|
|
@@ -25,6 +25,7 @@ import { Model } from '@rudderjs/orm';
|
|
|
25
25
|
*/
|
|
26
26
|
export declare class AccessToken extends Model {
|
|
27
27
|
static table: string;
|
|
28
|
+
static keyType: "ulid";
|
|
28
29
|
static fillable: string[];
|
|
29
30
|
/** `MassPrunable` — bulk `deleteAll()` per chunk; mirrors `passport:purge`. */
|
|
30
31
|
static pruneMode: "mass";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessToken.d.ts","sourceRoot":"","sources":["../../src/models/AccessToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAU,MAAM,eAAe,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,WAAY,SAAQ,KAAK;
|
|
1
|
+
{"version":3,"file":"AccessToken.d.ts","sourceRoot":"","sources":["../../src/models/AccessToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAU,MAAM,eAAe,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,WAAY,SAAQ,KAAK;IAIpC,OAAgB,KAAK,SAAwB;IAC7C,OAAgB,OAAO,EAAG,MAAM,CAAS;IAQzC,OAAgB,QAAQ,WAAwD;IAEhF,+EAA+E;IAC/E,MAAM,CAAC,SAAS,EAAG,MAAM,CAAS;IAElC,mFAAmF;IACnF,MAAM,CAAC,QAAQ;;;;IAMP,EAAE,EAAE,MAAM,CAAA;IAQV,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IAGrB,QAAQ,EAAE,MAAM,CAAA;IAEhB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,IAAI,CAAA;IAEvB,2BAA2B;IAC3B,SAAS,IAAI,MAAM,EAAE;IAMrB,+CAA+C;IAC/C,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAK3B,sDAAsD;IACtD,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAI5B,yBAAyB;IACnB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAU7B,sCAAsC;IACtC,SAAS,IAAI,OAAO;IAIpB,iEAAiE;IACjE,OAAO,IAAI,OAAO;CAGnB"}
|
|
@@ -33,7 +33,11 @@ import { Model, Hidden } from '@rudderjs/orm';
|
|
|
33
33
|
* no JWT verification step, use `@rudderjs/sanctum` instead.
|
|
34
34
|
*/
|
|
35
35
|
export class AccessToken extends Model {
|
|
36
|
-
|
|
36
|
+
// SQL `@@map` table name (native + Prisma; see OAuthClient.ts). `keyType =
|
|
37
|
+
// 'ulid'` stamps the id on insert — the row id is the JWT subject (`tokenId`),
|
|
38
|
+
// so it must never be NULL on the native engine.
|
|
39
|
+
static table = 'oauth_access_tokens';
|
|
40
|
+
static keyType = 'ulid';
|
|
37
41
|
// `revoked` is intentionally NOT fillable — flipping it is a privileged
|
|
38
42
|
// lifecycle operation that should only happen through `revoke()` (instance
|
|
39
43
|
// method) or `forceFill({ revoked: true })`. Allowing mass-assignment here
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessToken.js","sourceRoot":"","sources":["../../src/models/AccessToken.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"AccessToken.js","sourceRoot":"","sources":["../../src/models/AccessToken.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,2EAA2E;IAC3E,+EAA+E;IAC/E,iDAAiD;IACjD,MAAM,CAAU,KAAK,GAAG,qBAAqB,CAAA;IAC7C,MAAM,CAAU,OAAO,GAAG,MAAe,CAAA;IAEzC,wEAAwE;IACxE,2EAA2E;IAC3E,2EAA2E;IAC3E,sEAAsE;IACtE,wEAAwE;IACxE,8BAA8B;IAC9B,MAAM,CAAU,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAA;IAEhF,+EAA+E;IAC/E,MAAM,CAAC,SAAS,GAAG,MAAe,CAAA;IAElC,mFAAmF;IACnF,MAAM,CAAC,QAAQ;QACb,OAAO,IAAI,CAAC,KAAK,EAAE;aAChB,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC;aACnC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IAC7B,CAAC;IAmBD,2BAA2B;IAC3B,SAAS;QACP,MAAM,GAAG,GAAI,IAA2C,CAAC,QAAQ,CAAC,CAAA;QAClE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,+CAA+C;IAC/C,GAAG,CAAC,KAAa;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAA;QAC/B,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IACvD,CAAC;IAED,sDAAsD;IACtD,IAAI,CAAC,KAAa;QAChB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;IACzB,CAAC;IAED,yBAAyB;IACzB,KAAK,CAAC,MAAM;QACV,0EAA0E;QAC1E,wEAAwE;QACxE,0EAA0E;QAC1E,oEAAoE;QACpE,sEAAsE;QACtE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAA;QACnB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAA;IACnB,CAAC;IAED,sCAAsC;IACtC,SAAS;QACP,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAA;IACzD,CAAC;IAED,iEAAiE;IACjE,OAAO;QACL,OAAO,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAA;IAC3C,CAAC;;AA9CO;IADP,MAAM;;2CACsB;AAGrB;IADP,MAAM;;6CACiB"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export declare class AuthCode extends Model {
|
|
3
3
|
static table: string;
|
|
4
|
+
static keyType: "ulid";
|
|
4
5
|
static fillable: string[];
|
|
5
6
|
/** `MassPrunable` — bulk `deleteAll()` per chunk; mirrors `passport:purge`. */
|
|
6
7
|
static pruneMode: "mass";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthCode.d.ts","sourceRoot":"","sources":["../../src/models/AuthCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,QAAS,SAAQ,KAAK;
|
|
1
|
+
{"version":3,"file":"AuthCode.d.ts","sourceRoot":"","sources":["../../src/models/AuthCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,QAAS,SAAQ,KAAK;IAGjC,OAAgB,KAAK,SAAqB;IAC1C,OAAgB,OAAO,EAAG,MAAM,CAAS;IAOzC,OAAgB,QAAQ,WAAoH;IAE5I,+EAA+E;IAC/E,MAAM,CAAC,SAAS,EAAG,MAAM,CAAS;IAElC;;;;;OAKG;IACH,MAAM,CAAC,QAAQ;;;;IAIP,EAAE,EAAE,MAAM,CAAA;IAClB,8EAA8E;IACtE,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,IAAI,CAAA;IACf,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAA;IAE1C,2BAA2B;IAC3B,SAAS,IAAI,MAAM,EAAE;IAMrB,0CAA0C;IAC1C,SAAS,IAAI,OAAO;IAIpB,6BAA6B;IAC7B,MAAM,IAAI,OAAO;CAGlB"}
|
package/dist/models/AuthCode.js
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export class AuthCode extends Model {
|
|
3
|
-
|
|
3
|
+
// SQL `@@map` table name (native + Prisma; see OAuthClient.ts). `keyType =
|
|
4
|
+
// 'ulid'` stamps the id on insert (native has no `@default(cuid())`).
|
|
5
|
+
static table = 'oauth_auth_codes';
|
|
6
|
+
static keyType = 'ulid';
|
|
4
7
|
// `revoked` is intentionally NOT fillable — see AccessToken.ts for the
|
|
5
8
|
// rationale. Auth codes are revoked atomically through
|
|
6
9
|
// `QueryBuilder.where(...).updateAll(...)` in `exchangeAuthCode` (see M3
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthCode.js","sourceRoot":"","sources":["../../src/models/AuthCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"AuthCode.js","sourceRoot":"","sources":["../../src/models/AuthCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjC,2EAA2E;IAC3E,sEAAsE;IACtE,MAAM,CAAU,KAAK,GAAG,kBAAkB,CAAA;IAC1C,MAAM,CAAU,OAAO,GAAG,MAAe,CAAA;IAEzC,uEAAuE;IACvE,uDAAuD;IACvD,yEAAyE;IACzE,uEAAuE;IACvE,oCAAoC;IACpC,MAAM,CAAU,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,qBAAqB,CAAC,CAAA;IAE5I,+EAA+E;IAC/E,MAAM,CAAC,SAAS,GAAG,MAAe,CAAA;IAElC;;;;;OAKG;IACH,MAAM,CAAC,QAAQ;QACb,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC,CAAA;IACzD,CAAC;IAaD,2BAA2B;IAC3B,SAAS;QACP,MAAM,GAAG,GAAI,IAA2C,CAAC,QAAQ,CAAC,CAAA;QAClE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,0CAA0C;IAC1C,SAAS;QACP,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAA;IACzD,CAAC;IAED,6BAA6B;IAC7B,MAAM;QACJ,OAAO,IAAI,CAAC,aAAa,KAAK,IAAI,CAAA;IACpC,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export declare class DeviceCode extends Model {
|
|
3
3
|
static table: string;
|
|
4
|
+
static keyType: "ulid";
|
|
4
5
|
static fillable: string[];
|
|
5
6
|
/** `MassPrunable` — bulk `deleteAll()` per chunk; mirrors `passport:purge`. */
|
|
6
7
|
static pruneMode: "mass";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DeviceCode.d.ts","sourceRoot":"","sources":["../../src/models/DeviceCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,UAAW,SAAQ,KAAK;
|
|
1
|
+
{"version":3,"file":"DeviceCode.d.ts","sourceRoot":"","sources":["../../src/models/DeviceCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,UAAW,SAAQ,KAAK;IAGnC,OAAgB,KAAK,SAAuB;IAC5C,OAAgB,OAAO,EAAG,MAAM,CAAS;IAEzC,OAAgB,QAAQ,WAA0H;IAElJ,+EAA+E;IAC/E,MAAM,CAAC,SAAS,EAAG,MAAM,CAAS;IAElC,iFAAiF;IACjF,MAAM,CAAC,QAAQ;;;;IAIP,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAKhB,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAA;IACtB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,QAAQ,EAAE,OAAO,GAAG,IAAI,CAAA;IAChC,mFAAmF;IAC3E,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,IAAI,CAAA;IACf,YAAY,EAAE,IAAI,GAAG,IAAI,CAAA;IAEjC,2BAA2B;IAC3B,SAAS,IAAI,MAAM,EAAE;IAMrB,4CAA4C;IAC5C,SAAS,IAAI,OAAO;IAIpB,iDAAiD;IACjD,UAAU,IAAI,OAAO;IAIrB,+CAA+C;IAC/C,QAAQ,IAAI,OAAO;IAInB,6CAA6C;IAC7C,SAAS,IAAI,OAAO;CAGrB"}
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export class DeviceCode extends Model {
|
|
3
|
-
|
|
3
|
+
// SQL `@@map` table name (native + Prisma; see OAuthClient.ts). `keyType =
|
|
4
|
+
// 'ulid'` stamps the id on insert (native has no `@default(cuid())`).
|
|
5
|
+
static table = 'oauth_device_codes';
|
|
6
|
+
static keyType = 'ulid';
|
|
4
7
|
static fillable = ['clientId', 'userCodeHash', 'deviceCodeHash', 'scopes', 'userId', 'approved', 'interval', 'expiresAt', 'lastPolledAt'];
|
|
5
8
|
/** `MassPrunable` — bulk `deleteAll()` per chunk; mirrors `passport:purge`. */
|
|
6
9
|
static pruneMode = 'mass';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DeviceCode.js","sourceRoot":"","sources":["../../src/models/DeviceCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,UAAW,SAAQ,KAAK;IACnC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"DeviceCode.js","sourceRoot":"","sources":["../../src/models/DeviceCode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,UAAW,SAAQ,KAAK;IACnC,2EAA2E;IAC3E,sEAAsE;IACtE,MAAM,CAAU,KAAK,GAAG,oBAAoB,CAAA;IAC5C,MAAM,CAAU,OAAO,GAAG,MAAe,CAAA;IAEzC,MAAM,CAAU,QAAQ,GAAG,CAAC,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,CAAC,CAAA;IAElJ,+EAA+E;IAC/E,MAAM,CAAC,SAAS,GAAG,MAAe,CAAA;IAElC,iFAAiF;IACjF,MAAM,CAAC,QAAQ;QACb,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC,CAAA;IACzD,CAAC;IAiBD,2BAA2B;IAC3B,SAAS;QACP,MAAM,GAAG,GAAI,IAA2C,CAAC,QAAQ,CAAC,CAAA;QAClE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,4CAA4C;IAC5C,SAAS;QACP,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAA;IACzD,CAAC;IAED,iDAAiD;IACjD,UAAU;QACR,OAAO,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAA;IAC/B,CAAC;IAED,+CAA+C;IAC/C,QAAQ;QACN,OAAO,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAA;IAChC,CAAC;IAED,6CAA6C;IAC7C,SAAS;QACP,OAAO,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAA;IAC/B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OAuthClient.d.ts","sourceRoot":"","sources":["../../src/models/OAuthClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAgB,MAAM,eAAe,CAAA;AAEnD,qBAAa,WAAY,SAAQ,KAAK;
|
|
1
|
+
{"version":3,"file":"OAuthClient.d.ts","sourceRoot":"","sources":["../../src/models/OAuthClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAgB,MAAM,eAAe,CAAA;AAEnD,qBAAa,WAAY,SAAQ,KAAK;IAMpC,OAAgB,KAAK,SAAkB;IACvC,OAAgB,OAAO,EAAG,MAAM,CAAS;IAEzC,OAAgB,QAAQ,WAA6E;IAE7F,EAAE,EAAE,MAAM,CAAA;IAGV,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IASrB,YAAY,EAAE,MAAM,EAAE,CAAA;IAGtB,UAAU,EAAE,MAAM,EAAE,CAAA;IAGpB,MAAM,EAAE,MAAM,EAAE,CAAA;IAEhB,IAAI,EAAE,MAAM,CAAA;IACZ,YAAY,EAAE,OAAO,CAAA;IACrB,OAAO,EAAE,OAAO,CAAA;IAExB,4BAA4B;IAC5B,eAAe,IAAI,MAAM,EAAE;IAM3B,0BAA0B;IAC1B,aAAa,IAAI,MAAM,EAAE;IAMzB,qBAAqB;IACrB,SAAS,IAAI,MAAM,EAAE;IAMrB,sDAAsD;IACtD,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAInC,6DAA6D;IAC7D,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIpC,sEAAsE;IACtE,QAAQ,IAAI,OAAO;CAGpB"}
|
|
@@ -9,7 +9,13 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
};
|
|
10
10
|
import { Model, Hidden, Cast } from '@rudderjs/orm';
|
|
11
11
|
export class OAuthClient extends Model {
|
|
12
|
-
|
|
12
|
+
// SQL `@@map` table name — runs on the native engine (literal SQL name) AND
|
|
13
|
+
// on Prisma (orm-prisma maps the SQL name → `oAuthClient` delegate via the
|
|
14
|
+
// runtime datamodel). `keyType = 'ulid'` stamps the id on insert (the native
|
|
15
|
+
// engine has no `@default(cuid())`); on Prisma, new rows get a ulid instead
|
|
16
|
+
// of a cuid — both opaque strings, so existing cuid rows coexist.
|
|
17
|
+
static table = 'oauth_clients';
|
|
18
|
+
static keyType = 'ulid';
|
|
13
19
|
static fillable = ['name', 'secret', 'redirectUris', 'grantTypes', 'scopes', 'confidential'];
|
|
14
20
|
/** Parsed redirect URIs. */
|
|
15
21
|
getRedirectUris() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OAuthClient.js","sourceRoot":"","sources":["../../src/models/OAuthClient.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAEnD,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"OAuthClient.js","sourceRoot":"","sources":["../../src/models/OAuthClient.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAEnD,MAAM,OAAO,WAAY,SAAQ,KAAK;IACpC,4EAA4E;IAC5E,2EAA2E;IAC3E,6EAA6E;IAC7E,4EAA4E;IAC5E,kEAAkE;IAClE,MAAM,CAAU,KAAK,GAAG,eAAe,CAAA;IACvC,MAAM,CAAU,OAAO,GAAG,MAAe,CAAA;IAEzC,MAAM,CAAU,QAAQ,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,YAAY,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IA0BrG,4BAA4B;IAC5B,eAAe;QACb,MAAM,GAAG,GAAI,IAA2C,CAAC,cAAc,CAAC,CAAA;QACxE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,0BAA0B;IAC1B,aAAa;QACX,MAAM,GAAG,GAAI,IAA2C,CAAC,YAAY,CAAC,CAAA;QACtE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,qBAAqB;IACrB,SAAS;QACP,MAAM,GAAG,GAAI,IAA2C,CAAC,QAAQ,CAAC,CAAA;QAClE,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,CAAA;QAC/D,OAAQ,GAAgB,IAAI,EAAE,CAAA;IAChC,CAAC;IAED,sDAAsD;IACtD,YAAY,CAAC,IAAY;QACvB,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,6DAA6D;IAC7D,cAAc,CAAC,GAAW;QACxB,OAAO,IAAI,CAAC,eAAe,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IAC7C,CAAC;IAED,sEAAsE;IACtE,QAAQ;QACN,OAAO,CAAC,IAAI,CAAC,YAAY,CAAA;IAC3B,CAAC;;AAvDO;IADP,MAAM;;2CACsB;AASrB;IADP,IAAI,CAAC,MAAM,CAAC;;iDACiB;AAGtB;IADP,IAAI,CAAC,MAAM,CAAC;;+CACe;AAGpB;IADP,IAAI,CAAC,MAAM,CAAC;;2CACW"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export declare class RefreshToken extends Model {
|
|
3
3
|
static table: string;
|
|
4
|
+
static keyType: "ulid";
|
|
4
5
|
static fillable: string[];
|
|
5
6
|
/** `MassPrunable` — bulk `deleteAll()` per chunk; mirrors `passport:purge`. */
|
|
6
7
|
static pruneMode: "mass";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RefreshToken.d.ts","sourceRoot":"","sources":["../../src/models/RefreshToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,YAAa,SAAQ,KAAK;
|
|
1
|
+
{"version":3,"file":"RefreshToken.d.ts","sourceRoot":"","sources":["../../src/models/RefreshToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,qBAAa,YAAa,SAAQ,KAAK;IAGrC,OAAgB,KAAK,SAAyB;IAC9C,OAAgB,OAAO,EAAG,MAAM,CAAS;IAIzC,OAAgB,QAAQ,WAA0D;IAElF,+EAA+E;IAC/E,MAAM,CAAC,SAAS,EAAG,MAAM,CAAS;IAElC,mFAAmF;IACnF,MAAM,CAAC,QAAQ;;;;IAMP,EAAE,EAAE,MAAM,CAAA;IACV,aAAa,EAAE,MAAM,CAAA;IAC7B,yEAAyE;IACjE,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,IAAI,CAAA;IAEvB,iCAAiC;IAC3B,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAK7B,sCAAsC;IACtC,SAAS,IAAI,OAAO;CAGrB"}
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
import { Model } from '@rudderjs/orm';
|
|
2
2
|
export class RefreshToken extends Model {
|
|
3
|
-
|
|
3
|
+
// SQL `@@map` table name (native + Prisma; see OAuthClient.ts). `keyType =
|
|
4
|
+
// 'ulid'` stamps the id on insert (native has no `@default(cuid())`).
|
|
5
|
+
static table = 'oauth_refresh_tokens';
|
|
6
|
+
static keyType = 'ulid';
|
|
4
7
|
// `revoked` is intentionally NOT fillable — see AccessToken.ts for the
|
|
5
8
|
// rationale. Lifecycle flips happen through `revoke()` or `forceFill`.
|
|
6
9
|
static fillable = ['accessTokenId', 'tokenHash', 'familyId', 'expiresAt'];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RefreshToken.js","sourceRoot":"","sources":["../../src/models/RefreshToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,YAAa,SAAQ,KAAK;IACrC,MAAM,CAAU,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"RefreshToken.js","sourceRoot":"","sources":["../../src/models/RefreshToken.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AAErC,MAAM,OAAO,YAAa,SAAQ,KAAK;IACrC,2EAA2E;IAC3E,sEAAsE;IACtE,MAAM,CAAU,KAAK,GAAG,sBAAsB,CAAA;IAC9C,MAAM,CAAU,OAAO,GAAG,MAAe,CAAA;IAEzC,uEAAuE;IACvE,uEAAuE;IACvE,MAAM,CAAU,QAAQ,GAAG,CAAC,eAAe,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,CAAC,CAAA;IAElF,+EAA+E;IAC/E,MAAM,CAAC,SAAS,GAAG,MAAe,CAAA;IAElC,mFAAmF;IACnF,MAAM,CAAC,QAAQ;QACb,OAAO,IAAI,CAAC,KAAK,EAAE;aAChB,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC;aACnC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IAC7B,CAAC;IAUD,iCAAiC;IACjC,KAAK,CAAC,MAAM;QACV,IAAI,CAAC,OAAO,GAAG,IAAI,CAAA;QACnB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAA;IACnB,CAAC;IAED,sCAAsC;IACtC,SAAS;QACP,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAA;IACzD,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rudderjs/passport",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "2.0.0",
|
|
4
4
|
"rudderjs": {
|
|
5
5
|
"provider": "PassportProvider",
|
|
6
6
|
"stage": "infrastructure",
|
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
},
|
|
18
18
|
"type": "module",
|
|
19
19
|
"engines": {
|
|
20
|
-
"node": "
|
|
20
|
+
"node": ">=22.12.0"
|
|
21
21
|
},
|
|
22
22
|
"files": [
|
|
23
23
|
"dist",
|
|
@@ -41,15 +41,15 @@
|
|
|
41
41
|
}
|
|
42
42
|
},
|
|
43
43
|
"dependencies": {
|
|
44
|
-
"@rudderjs/core": "^1.
|
|
45
|
-
"@rudderjs/contracts": "^1.
|
|
46
|
-
"@rudderjs/orm": "^1.
|
|
44
|
+
"@rudderjs/core": "^1.11.0",
|
|
45
|
+
"@rudderjs/contracts": "^1.15.0",
|
|
46
|
+
"@rudderjs/orm": "^1.20.0"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
49
|
"@types/node": "^20.0.0",
|
|
50
50
|
"typescript": "^5.4.0",
|
|
51
51
|
"tsx": "^4.0.0",
|
|
52
|
-
"@rudderjs/console": "^1.
|
|
52
|
+
"@rudderjs/console": "^1.4.0"
|
|
53
53
|
},
|
|
54
54
|
"author": "Suleiman Shahbari",
|
|
55
55
|
"scripts": {
|