@rudderjs/passport 2.0.2 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +32 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +44 -9
- package/dist/index.js.map +1 -1
- package/dist/middleware/bearer.d.ts.map +1 -1
- package/dist/middleware/bearer.js +7 -1
- package/dist/middleware/bearer.js.map +1 -1
- package/package.json +3 -3
package/dist/index.d.ts
CHANGED
|
@@ -55,7 +55,39 @@ export interface PassportConfig {
|
|
|
55
55
|
* device flows where misbehaving clients warrant aggressive back-off.
|
|
56
56
|
*/
|
|
57
57
|
deviceMaxInterval?: number;
|
|
58
|
+
/**
|
|
59
|
+
* Refuse to boot when no OAuth signing keypair is reachable (no env vars and
|
|
60
|
+
* nothing on disk under `keyPath`). Default `false` — a missing keypair only
|
|
61
|
+
* warns, since passport may be installed but not actively serving OAuth. Set
|
|
62
|
+
* `true` for deployments that depend on OAuth so a missing keypair fails the
|
|
63
|
+
* deploy fast instead of 500-ing every `/oauth/*` request at runtime.
|
|
64
|
+
*/
|
|
65
|
+
requireKeys?: boolean;
|
|
58
66
|
}
|
|
67
|
+
/**
|
|
68
|
+
* Boot-time guard for the OAuth signing keypair.
|
|
69
|
+
*
|
|
70
|
+
* When keys are reachable → `null` (nothing to do). When they're missing:
|
|
71
|
+
*
|
|
72
|
+
* - `requireKeys: true` → THROW, failing the boot. An OAuth server that
|
|
73
|
+
* actually serves tokens should refuse to start without keys rather than
|
|
74
|
+
* "boot" and then 500 every `/oauth/*` request with a generic ENOENT deep
|
|
75
|
+
* in `Passport.keys()`. Opt in once your deployment depends on OAuth.
|
|
76
|
+
* - `requireKeys: false` (default) → return a warning string for the caller to
|
|
77
|
+
* surface via `bootNotice`, and keep booting. Deliberately the default:
|
|
78
|
+
* passport may be INSTALLED but not actively used (it ships with the
|
|
79
|
+
* framework demo), and `APP_ENV` defaults to `production`, so keying the throw
|
|
80
|
+
* off production-detection alone would break every app that pulls passport in
|
|
81
|
+
* without configuring OAuth.
|
|
82
|
+
*
|
|
83
|
+
* @returns a warning message when keys are missing and not required, else `null`.
|
|
84
|
+
* @throws when keys are missing and `requireKeys` is set.
|
|
85
|
+
*/
|
|
86
|
+
export declare function checkOAuthKeysAtBoot(opts: {
|
|
87
|
+
keysAvailable: boolean;
|
|
88
|
+
requireKeys: boolean;
|
|
89
|
+
keyPath: string;
|
|
90
|
+
}): string | null;
|
|
59
91
|
export declare class PassportProvider extends ServiceProvider {
|
|
60
92
|
register(): void;
|
|
61
93
|
boot(): Promise<void>;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAsB,MAAM,gBAAgB,CAAA;AAIpE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,YAAY,EAAE,aAAa,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAA;AAEjG,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AACrF,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAE3E,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAEvD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAA;AAC5E,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AACjD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAGnE,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EACV,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,wBAAwB,EACxB,mBAAmB,EACnB,2BAA2B,EAC3B,gBAAgB,GACjB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA;AACrF,YAAY,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAA;AAGzE,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAA;AAC1G,YAAY,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAI3E,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,yCAAyC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,gEAAgE;IAChE,4BAA4B,CAAC,EAAE,MAAM,CAAA;IACrC,+CAA+C;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC/B;;;;;;;;OAQG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;;;;;OAMG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAsB,MAAM,gBAAgB,CAAA;AAIpE,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,YAAY,EAAE,aAAa,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAA;AAEjG,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AACrF,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAE3E,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAEvD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAA;AAC5E,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AACjD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAGnE,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EACV,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,wBAAwB,EACxB,mBAAmB,EACnB,2BAA2B,EAC3B,gBAAgB,GACjB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA;AACrF,YAAY,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAA;AAGzE,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAA;AAC1G,YAAY,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAI3E,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,yCAAyC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,gEAAgE;IAChE,4BAA4B,CAAC,EAAE,MAAM,CAAA;IACrC,+CAA+C;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC/B;;;;;;;;OAQG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;;;;;OAMG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;CACtB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE;IACzC,aAAa,EAAE,OAAO,CAAA;IACtB,WAAW,EAAI,OAAO,CAAA;IACtB,OAAO,EAAQ,MAAM,CAAA;CACtB,GAAG,MAAM,GAAG,IAAI,CAahB;AAID,qBAAa,gBAAiB,SAAQ,eAAe;IACnD,QAAQ,IAAI,IAAI;IAEV,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAgJ5B"}
|
package/dist/index.js
CHANGED
|
@@ -21,6 +21,37 @@ export { issueTokens, validateAuthorizationRequest, issueAuthCode, exchangeAuthC
|
|
|
21
21
|
export { HasApiTokens, resetPersonalAccessClient } from './personal-access-tokens.js';
|
|
22
22
|
// Routes
|
|
23
23
|
export { registerPassportRoutes, registerPassportWebRoutes, registerPassportApiRoutes } from './routes.js';
|
|
24
|
+
/**
|
|
25
|
+
* Boot-time guard for the OAuth signing keypair.
|
|
26
|
+
*
|
|
27
|
+
* When keys are reachable → `null` (nothing to do). When they're missing:
|
|
28
|
+
*
|
|
29
|
+
* - `requireKeys: true` → THROW, failing the boot. An OAuth server that
|
|
30
|
+
* actually serves tokens should refuse to start without keys rather than
|
|
31
|
+
* "boot" and then 500 every `/oauth/*` request with a generic ENOENT deep
|
|
32
|
+
* in `Passport.keys()`. Opt in once your deployment depends on OAuth.
|
|
33
|
+
* - `requireKeys: false` (default) → return a warning string for the caller to
|
|
34
|
+
* surface via `bootNotice`, and keep booting. Deliberately the default:
|
|
35
|
+
* passport may be INSTALLED but not actively used (it ships with the
|
|
36
|
+
* framework demo), and `APP_ENV` defaults to `production`, so keying the throw
|
|
37
|
+
* off production-detection alone would break every app that pulls passport in
|
|
38
|
+
* without configuring OAuth.
|
|
39
|
+
*
|
|
40
|
+
* @returns a warning message when keys are missing and not required, else `null`.
|
|
41
|
+
* @throws when keys are missing and `requireKeys` is set.
|
|
42
|
+
*/
|
|
43
|
+
export function checkOAuthKeysAtBoot(opts) {
|
|
44
|
+
if (opts.keysAvailable)
|
|
45
|
+
return null;
|
|
46
|
+
const base = `no RSA keypair found at "${opts.keyPath}/oauth-{private,public}.key" ` +
|
|
47
|
+
`and no PASSPORT_PRIVATE_KEY / PASSPORT_PUBLIC_KEY env vars set. ` +
|
|
48
|
+
`Run \`rudder passport:keys\` to generate one`;
|
|
49
|
+
if (opts.requireKeys) {
|
|
50
|
+
throw new Error(`[RudderJS] @rudderjs/passport: ${base}. ` +
|
|
51
|
+
`config('passport').requireKeys is set, so the app refuses to boot without OAuth signing keys.`);
|
|
52
|
+
}
|
|
53
|
+
return `${base} — token issuance and verification will fail until keys are present.`;
|
|
54
|
+
}
|
|
24
55
|
// ─── Service Provider ─────────────────────────────────────
|
|
25
56
|
export class PassportProvider extends ServiceProvider {
|
|
26
57
|
register() { }
|
|
@@ -34,15 +65,19 @@ export class PassportProvider extends ServiceProvider {
|
|
|
34
65
|
else if (cfg.keyPath) {
|
|
35
66
|
Passport.loadKeysFrom(cfg.keyPath);
|
|
36
67
|
}
|
|
37
|
-
//
|
|
38
|
-
//
|
|
39
|
-
//
|
|
40
|
-
// a generic ENOENT
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
68
|
+
// No reachable keypair (env vars unset AND nothing on disk under the
|
|
69
|
+
// configured path): fail-fast in production, warn-and-continue in dev.
|
|
70
|
+
// In prod, a boot that "succeeds" then fails every `/oauth/*` request with
|
|
71
|
+
// a generic ENOENT deep in `Passport.keys()` is a far worse failure mode
|
|
72
|
+
// than a deploy that refuses to come up; in dev, a fresh checkout must boot
|
|
73
|
+
// before `rudder passport:keys` has been run.
|
|
74
|
+
const keyWarning = checkOAuthKeysAtBoot({
|
|
75
|
+
keysAvailable: await Passport.keysAvailable(),
|
|
76
|
+
requireKeys: cfg.requireKeys === true,
|
|
77
|
+
keyPath: Passport.keyPath(),
|
|
78
|
+
});
|
|
79
|
+
if (keyWarning)
|
|
80
|
+
bootNotice('passport', keyWarning);
|
|
46
81
|
// Configure lifetimes
|
|
47
82
|
if (cfg.tokensExpireIn)
|
|
48
83
|
Passport.tokensExpireIn(cfg.tokensExpireIn);
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEpE,6DAA6D;AAE7D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAGxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAGrF,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAEvD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAA;AAE5E,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AACjD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAEnE,SAAS;AACT,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAY1B,yBAAyB;AACzB,OAAO,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA;AAGrF,SAAS;AACT,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEpE,6DAA6D;AAE7D,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAGxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAGrF,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAEvD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAA;AAE5E,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AACjD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AACzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAEnE,SAAS;AACT,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAY1B,yBAAyB;AACzB,OAAO,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA;AAGrF,SAAS;AACT,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAA;AA+C1G;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAIpC;IACC,IAAI,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAA;IACnC,MAAM,IAAI,GACR,4BAA4B,IAAI,CAAC,OAAO,+BAA+B;QACvE,kEAAkE;QAClE,8CAA8C,CAAA;IAChD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CACb,kCAAkC,IAAI,IAAI;YAC1C,+FAA+F,CAChG,CAAA;IACH,CAAC;IACD,OAAO,GAAG,IAAI,sEAAsE,CAAA;AACtF,CAAC;AAED,6DAA6D;AAE7D,MAAM,OAAO,gBAAiB,SAAQ,eAAe;IACnD,QAAQ,KAAU,CAAC;IAEnB,KAAK,CAAC,IAAI;QACR,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAA;QAElD,MAAM,GAAG,GAAG,MAAM,CAAiB,UAAU,CAAC,CAAA;QAE9C,iBAAiB;QACjB,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YACpC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAA;QACjD,CAAC;aAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YACvB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACpC,CAAC;QAED,qEAAqE;QACrE,uEAAuE;QACvE,2EAA2E;QAC3E,yEAAyE;QACzE,4EAA4E;QAC5E,8CAA8C;QAC9C,MAAM,UAAU,GAAG,oBAAoB,CAAC;YACtC,aAAa,EAAE,MAAM,QAAQ,CAAC,aAAa,EAAE;YAC7C,WAAW,EAAI,GAAG,CAAC,WAAW,KAAK,IAAI;YACvC,OAAO,EAAQ,QAAQ,CAAC,OAAO,EAAE;SAClC,CAAC,CAAA;QACF,IAAI,UAAU;YAAE,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,CAAA;QAElD,sBAAsB;QACtB,IAAI,GAAG,CAAC,cAAc;YAAE,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;QACnE,IAAI,GAAG,CAAC,qBAAqB;YAAE,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;QACxF,IAAI,GAAG,CAAC,4BAA4B;YAAE,QAAQ,CAAC,4BAA4B,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;QAE7G,mBAAmB;QACnB,IAAI,GAAG,CAAC,MAAM;YAAE,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAE9C,2DAA2D;QAC3D,IAAI,GAAG,CAAC,MAAM;YAAE,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAE9C,wEAAwE;QACxE,IAAI,GAAG,CAAC,iBAAiB,KAAK,SAAS;YAAE,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;QAE1F,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;QAEvC,mEAAmE;QACnE,yEAAyE;QACzE,qEAAqE;QACrE,uEAAuE;QACvE,uEAAuE;QACvE,wEAAwE;QACxE,yEAAyE;QACzE,iBAAiB;QACjB,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAA;QACvD,aAAa,CAAC,QAAQ,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAA;QACpD,aAAa,CAAC,QAAQ,CAAC,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAA;QACnD,aAAa,CAAC,QAAQ,CAAC,MAAM,QAAQ,CAAC,iBAAiB,EAAE,CAAC,CAAA;QAC1D,aAAa,CAAC,QAAQ,CAAC,MAAM,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAA;QACtD,aAAa,CAAC,QAAQ,CAAC,MAAM,QAAQ,CAAC,eAAe,EAAE,CAAC,CAAA;QAExD,sEAAsE;QACtE,uEAAuE;QACvE,sEAAsE;QACtE,qEAAqE;QACrE,uEAAuE;QACvE,kEAAkE;QAClE,qDAAqD;QACrD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAA;QAEjD,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,EAAE,IAAc,EAAE,EAAE;YACvD,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;YACtC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAA;YAC3D,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,CAAA;YAC7F,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;YACpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,WAAW,EAAE,CAAC,CAAA;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAA;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAA;gBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAA;gBACjD,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,UAAU,EAAE,CAAC,CAAA;gBAChD,IAAI,kBAAkB,EAAE,CAAC;oBACvB,OAAO,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAA;oBACxE,OAAO,CAAC,GAAG,CAAC,OAAO,kBAAkB,EAAE,CAAC,CAAA;oBACxC,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAA;oBACjF,OAAO,CAAC,GAAG,CAAC,+EAA+E,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC,WAAW,CAAC,+CAA+C,CAAC,CAAA;QAE/D,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,EAAE,IAAc,EAAE,EAAE;YACzD,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAA;YAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;YAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;YAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;YAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAA;YAEnD,yEAAyE;YACzE,sEAAsE;YACtE,qEAAqE;YACrE,8DAA8D;YAC9D,2DAA2D;YAC3D,kEAAkE;YAClE,qEAAqE;YACrE,mEAAmE;YACnE,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAA;gBAC7E,OAAO,CAAC,GAAG,CAAC,uEAAuE,CAAC,CAAA;gBACpF,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAA;gBACjF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;gBACf,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAA;gBACvF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;gBACf,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAA;gBAClE,OAAM;YACR,CAAC;YAED,MAAM,EAAE,YAAY,EAAE,uBAAuB,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAA;YACtF,MAAM,UAAU,GAAG,uBAAuB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAA;YAC/D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC;gBAC5C,IAAI;gBACJ,YAAY,EAAE,CAAC,QAAQ,IAAI,CAAC,QAAQ;gBACpC,UAAU;aACX,CAAC,CAAA;YAEF,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAA;YACtC,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,EAAE,EAAE,CAAC,CAAA;YAC1C,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;YAC5C,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAA;gBACvC,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAA;YACnE,CAAC;QACH,CAAC,CAAC,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAA;QAE3C,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAA;YAC3D,MAAM,MAAM,GAAG,MAAM,WAAW,EAAE,CAAA;YAClC,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,WAAW,CAAA;YAChG,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,6BAA6B,CAAC,CAAA;YAC3D,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAA;YACzD,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,aAAa,EAAE,CAAC,CAAA;YAC1D,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAA;YACtD,OAAO,CAAC,GAAG,CAAC,uBAAuB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAA;QAC1D,CAAC,CAAC,CAAC,WAAW,CAAC,sCAAsC,CAAC,CAAA;QAEtD,sEAAsE;QACtE,oEAAoE;QACpE,uEAAuE;QACvE,sDAAsD;IACxD,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearer.d.ts","sourceRoot":"","sources":["../../src/middleware/bearer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAc,MAAM,qBAAqB,CAAA;
|
|
1
|
+
{"version":3,"file":"bearer.d.ts","sourceRoot":"","sources":["../../src/middleware/bearer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAc,MAAM,qBAAqB,CAAA;AA4IxE;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,iBAAiB,CAKpD;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,iBAAiB,CAkBjD"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { verifyToken } from '../token.js';
|
|
2
2
|
import { Passport } from '../Passport.js';
|
|
3
|
+
import { accessTokenHelpers } from '../models/helpers.js';
|
|
3
4
|
/**
|
|
4
5
|
* Extract the Bearer-scheme credential from an Authorization header.
|
|
5
6
|
* RFC 6750 §2.1 / RFC 7235 §2.1 — the auth scheme is a token and must be
|
|
@@ -53,7 +54,12 @@ async function authenticateBearer(req) {
|
|
|
53
54
|
return { kind: 'revoked' };
|
|
54
55
|
const raw = req.raw;
|
|
55
56
|
raw.__passport_token = token;
|
|
56
|
-
|
|
57
|
+
// Enforce scopes from the LIVE DB row, not the JWT claim. The row is the same
|
|
58
|
+
// mutable authority `revoked` lives on, so narrowing a token's scopes there
|
|
59
|
+
// (operator action) takes effect on the next request instead of being inert
|
|
60
|
+
// until the JWT naturally expires. For a normally-issued token the two are
|
|
61
|
+
// identical (issue-tokens writes the same scopes to both).
|
|
62
|
+
raw.__passport_scopes = accessTokenHelpers.getScopes(token);
|
|
57
63
|
raw.__passport_user_id = payload.sub;
|
|
58
64
|
if (payload.sub) {
|
|
59
65
|
await resolveAndStampUser(req, raw, payload.sub, token);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearer.js","sourceRoot":"","sources":["../../src/middleware/bearer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"bearer.js","sourceRoot":"","sources":["../../src/middleware/bearer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAGzD;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,UAA8B;IACnD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAA;IAC5B,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IACtC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,SAAS;QAAE,OAAO,IAAI,CAAA;IACnE,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,IAAI,CAAA;AAC3C,CAAC;AAaD;;;;;;;;;;GAUG;AACH,KAAK,UAAU,kBAAkB,CAAC,GAAe;IAC/C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAuB,CAAA;IACrE,MAAM,GAAG,GAAG,aAAa,CAAC,UAAU,CAAC,CAAA;IACrC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAA;IAEtC,IAAI,OAAgD,CAAA;IACpD,IAAI,CAAC;QACH,6DAA6D;QAC7D,gEAAgE;QAChE,gEAAgE;QAChE,6CAA6C;QAC7C,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAA;QAChC,OAAO,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;IACnF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;IAC5B,CAAC;IAED,qEAAqE;IACrE,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;IAClD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE;SACvC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;SACxB,KAAK,EAAwB,CAAA;IAEhC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;IAEvD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAiB,CAAA;IACjC,GAAG,CAAC,gBAAgB,GAAG,KAAK,CAAA;IAC5B,8EAA8E;IAC9E,4EAA4E;IAC5E,4EAA4E;IAC5E,2EAA2E;IAC3E,2DAA2D;IAC3D,GAAG,CAAC,iBAAiB,GAAG,kBAAkB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IAC3D,GAAG,CAAC,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAA;IAEpC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,mBAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAA;AAClC,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,KAAK,UAAU,mBAAmB,CAChC,GAAe,EACf,GAAe,EACf,MAAc,EACd,KAAkB;IAElB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAA;QAC9C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,CAA4E,cAAc,CAAC,CAAA;QACrH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAChE,IAAI,CAAC,IAAI;YAAE,OAEV;QAAC,IAAgC,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAA;QAC9D,MAAM,KAAK,GAA4B,EAAE,CAAA;QACzC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAA+B,CAAC,EAAE,CAAC;YACrE,IAAI,OAAO,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,UAAU;gBAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAC/D,CAAC;QACD,GAAG,CAAC,UAAU,GAAG,KAAK,CAAA;QACtB,IAAI,CAAC;YACH,CAAC;YAAC,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,oEAAoE;YACpE,gEAAgE;QAClE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;IACpE,CAAC;AACH,CAAC;AAcD;;;;GAIG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,KAAK,UAAU,gBAAgB,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI;QACpD,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAC7B,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,KAAK,UAAU,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QAChD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAC7C,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;YACrB,KAAK,eAAe;gBAClB,MAAM,IAAI,EAAE,CAAA;gBACZ,OAAM;YACR,KAAK,WAAW;gBACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBACrF,OAAM;YACR,KAAK,SAAS;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAA;gBACtF,OAAM;YACR,KAAK,SAAS;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC,CAAA;gBACxF,OAAM;QACV,CAAC;IACH,CAAC,CAAA;AACH,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rudderjs/passport",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.4",
|
|
4
4
|
"rudderjs": {
|
|
5
5
|
"provider": "PassportProvider",
|
|
6
6
|
"stage": "infrastructure",
|
|
@@ -41,9 +41,9 @@
|
|
|
41
41
|
}
|
|
42
42
|
},
|
|
43
43
|
"dependencies": {
|
|
44
|
-
"@rudderjs/orm": "^1.21.2",
|
|
45
44
|
"@rudderjs/core": "^1.13.0",
|
|
46
|
-
"@rudderjs/contracts": "^1.17.1"
|
|
45
|
+
"@rudderjs/contracts": "^1.17.1",
|
|
46
|
+
"@rudderjs/orm": "^1.21.2"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
49
|
"@types/node": "^20.0.0",
|