@scalar/api-client 2.1.40 → 2.1.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +9 -0
  2. package/dist/views/Request/ResponseSection/ResponseEmpty.vue2.js +1 -1
  3. package/dist/views/Request/libs/oauth2.d.ts.map +1 -1
  4. package/dist/views/Request/libs/oauth2.js +40 -42
  5. package/package.json +4 -4
package/CHANGELOG.md CHANGED
@@ -1,5 +1,14 @@
1
1
  # @scalar/api-client
2
2
 
3
+ ## 2.1.41
4
+
5
+ ### Patch Changes
6
+
7
+ - 823c14d: fix: add tests for oauth2 flows, ensure we reject on state mismatch
8
+ - Updated dependencies [823c14d]
9
+ - Updated dependencies [997cd35]
10
+ - @scalar/oas-utils@0.2.67
11
+
3
12
  ## 2.1.40
4
13
 
5
14
  ### Patch Changes
package/dist/views/Request/ResponseSection/ResponseEmpty.vue2.js CHANGED
@@ -14,7 +14,7 @@ const B = { class: "relative col-1 flex-center gap-6 p-2 capitalize" }, S = { cl
14
14
  s.commandPalette.emit({ commandName: "Create Request" });
15
15
  }, c = (n) => {
16
16
  n != null && n.createNew && y.name === "request" && m();
17
- }, k = "2.1.40";
17
+ }, k = "2.1.41";
18
18
  return _(() => s.hotKeys.on(c)), b(() => s.hotKeys.off(c)), (n, e) => (r(), l("div", B, [
19
19
  t("div", S, [
20
20
  o(f).isReadOnly ? u("", !0) : (r(), l("div", h, [
package/dist/views/Request/libs/oauth2.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth2.d.ts","sourceRoot":"","sources":["../../../../src/views/Request/libs/oauth2.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,oBAAoB,EACpB,gCAAgC,EAChC,MAAM,EACP,MAAM,iCAAiC,CAAA;AAExC,qDAAqD;AACrD,KAAK,+BAA+B,GAAG,IAAI,CAAC,oBAAoB,EAAE,MAAM,CAAC,GAAG;IAC1E,IAAI,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE;QAAE,IAAI,EAAE,UAAU,CAAA;KAAE,CAAC,CAAA;CAClE,CAAA;AAED,6CAA6C;AAC7C,eAAO,MAAM,eAAe,YACjB,0BAA0B,KAClC,OAAO,IAAI,gCACoB,CAAA;AAElC;;;;GAIG;AACH,eAAO,MAAM,eAAe,WAClB,oBAAoB,WACnB,gCAAgC,gBAE3B,MAAM,oBAiHlB,CAAA;AAEJ;;;GAGG;AACH,eAAO,MAAM,gBAAgB,WACnB,+BAA+B,WAC9B,gCAAgC,UACjC,MAAM,SACP,MAAM,KACZ,OAAO,CAAC,MAAM,CAqDhB,CAAA"}
1
+ {"version":3,"file":"oauth2.d.ts","sourceRoot":"","sources":["../../../../src/views/Request/libs/oauth2.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,0BAA0B,EAC1B,oBAAoB,EACpB,gCAAgC,EAChC,MAAM,EACP,MAAM,iCAAiC,CAAA;AAExC,qDAAqD;AACrD,KAAK,+BAA+B,GAAG,IAAI,CAAC,oBAAoB,EAAE,MAAM,CAAC,GAAG;IAC1E,IAAI,EAAE,OAAO,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE;QAAE,IAAI,EAAE,UAAU,CAAA;KAAE,CAAC,CAAA;CAClE,CAAA;AAED,6CAA6C;AAC7C,eAAO,MAAM,eAAe,YACjB,0BAA0B,KAClC,OAAO,IAAI,gCACoB,CAAA;AAElC;;;;GAIG;AACH,eAAO,MAAM,eAAe,WAClB,oBAAoB,WACnB,gCAAgC,gBAE3B,MAAM,oBA4HlB,CAAA;AAEJ;;;GAGG;AACH,eAAO,MAAM,gBAAgB,WACnB,+BAA+B,WAC9B,gCAAgC,UACjC,MAAM,SACP,MAAM,KACZ,OAAO,CAAC,MAAM,CAqDhB,CAAA"}
package/dist/views/Request/libs/oauth2.js CHANGED
@@ -1,73 +1,71 @@
1
- const _ = (t) => t.type.startsWith("oauth"), g = (t, r, f) => new Promise((s, e) => {
2
- const i = t.flow.selectedScopes.join(" ");
1
+ const y = (t) => t.type.startsWith("oauth"), P = (t, r, f) => new Promise((i, e) => {
2
+ const n = t.flow.selectedScopes.join(" ");
3
3
  if (t.flow.type === "clientCredentials" || t.flow.type === "password")
4
4
  p(
5
5
  t,
6
6
  r,
7
- i
8
- ).then(s).catch(e);
7
+ n
8
+ ).then(i).catch(e);
9
9
  else {
10
- const w = (Math.random() + 1).toString(36).substring(7), o = new URL(t.flow.authorizationUrl);
11
- if (t.flow.type === "implicit" ? o.searchParams.set("response_type", "token") : t.flow.type === "authorizationCode" && o.searchParams.set("response_type", "code"), t.flow["x-scalar-redirect-uri"].startsWith("/")) {
12
- const d = f.url || window.location.origin + window.location.pathname, a = new URL(
10
+ const c = (Math.random() + 1).toString(36).substring(7), a = new URL(t.flow.authorizationUrl);
11
+ if (t.flow.type === "implicit" ? a.searchParams.set("response_type", "token") : t.flow.type === "authorizationCode" && a.searchParams.set("response_type", "code"), t.flow["x-scalar-redirect-uri"].startsWith("/")) {
12
+ const d = f.url || window.location.origin + window.location.pathname, s = new URL(
13
13
  t.flow["x-scalar-redirect-uri"],
14
14
  d
15
15
  ).toString();
16
- o.searchParams.set("redirect_uri", a);
16
+ a.searchParams.set("redirect_uri", s);
17
17
  } else
18
- o.searchParams.set(
18
+ a.searchParams.set(
19
19
  "redirect_uri",
20
20
  t.flow["x-scalar-redirect-uri"]
21
21
  );
22
- o.searchParams.set("client_id", t["x-scalar-client-id"]), o.searchParams.set("scope", i), o.searchParams.set("state", w);
23
- const n = window.open(o, "openAuth2Window", "left=100,top=100,width=800,height=600");
24
- if (n) {
22
+ a.searchParams.set("client_id", t["x-scalar-client-id"]), a.searchParams.set("scope", n), a.searchParams.set("state", c);
23
+ const o = window.open(a, "openAuth2Window", "left=100,top=100,width=800,height=600");
24
+ if (o) {
25
25
  const d = setInterval(function() {
26
- var u;
27
- let a = null, c = null;
26
+ var h;
27
+ let s = null, l = null;
28
28
  try {
29
- const l = new URL(n.location.href).searchParams;
30
- a = l.get("access_token"), c = l.get("code");
31
- const h = new URLSearchParams(
32
- n.location.href.split("#")[1]
29
+ const w = new URL(o.location.href).searchParams;
30
+ s = w.get("access_token"), l = w.get("code");
31
+ const u = new URLSearchParams(
32
+ o.location.href.split("#")[1]
33
33
  );
34
- a || (a = h.get("access_token")), c || (c = h.get("code"));
34
+ s || (s = u.get("access_token")), l || (l = u.get("code"));
35
35
  } catch {
36
36
  }
37
- if (n.closed || a || c)
38
- if (clearInterval(d), n.close(), a) {
39
- const l = (u = n.location.href.match(/state=([^&]*)/)) == null ? void 0 : u[1];
40
- a && l === w && s(a);
41
- } else c ? p(
42
- t,
43
- r,
44
- i,
45
- c
46
- ).then(s).catch(e) : (clearInterval(d), e(
47
- new Error("Window was closed without granting authorization")
48
- ));
37
+ (o.closed || s || l) && (clearInterval(d), o.close(), s ? ((h = o.location.href.match(/state=([^&]*)/)) == null ? void 0 : h[1]) === c ? i(s) : e(new Error("State mismatch")) : l ? new URL(o.location.href).searchParams.get(
38
+ "state"
39
+ ) === c ? p(
40
+ t,
41
+ r,
42
+ n,
43
+ l
44
+ ).then(i).catch(e) : e(new Error("State mismatch")) : (clearInterval(d), e(
45
+ new Error("Window was closed without granting authorization")
46
+ )));
49
47
  }, 200);
50
48
  }
51
49
  }
52
- }), p = async (t, r, f, s) => {
50
+ }), p = async (t, r, f, i) => {
53
51
  if (!("clientSecret" in r))
54
52
  throw new Error(
55
- "Authorize Servers only works for Client Credentials or Authorization Code flow"
53
+ "Authorize Servers only works for Password, Client Credentials or Authorization Code flow"
56
54
  );
57
55
  if (!t.flow) throw new Error("OAuth2 flow was not defined");
58
56
  const e = new URLSearchParams();
59
- e.set("client_id", t["x-scalar-client-id"]), e.set("scope", f), r.clientSecret && e.set("client_secret", r.clientSecret), "x-scalar-redirect-uri" in t.flow && e.set("redirect_uri", t.flow["x-scalar-redirect-uri"]), s ? (e.set("code", s), e.set("grant_type", "authorization_code")) : r.type === "oauth-password" ? (e.set("grant_type", "password"), e.set("username", r.username), e.set("password", r.password)) : e.set("grant_type", "client_credentials");
57
+ e.set("client_id", t["x-scalar-client-id"]), e.set("scope", f), r.clientSecret && e.set("client_secret", r.clientSecret), "x-scalar-redirect-uri" in t.flow && e.set("redirect_uri", t.flow["x-scalar-redirect-uri"]), i ? (e.set("code", i), e.set("grant_type", "authorization_code")) : r.type === "oauth-password" ? (e.set("grant_type", "password"), e.set("username", r.username), e.set("password", r.password)) : e.set("grant_type", "client_credentials");
60
58
  try {
61
- const i = {
59
+ const n = {
62
60
  "Content-Type": "application/x-www-form-urlencoded"
63
61
  };
64
- t["x-scalar-client-id"] && r.clientSecret && (i.Authorization = `Basic ${btoa(`${t["x-scalar-client-id"]}:${r.clientSecret}`)}`);
65
- const w = await fetch(t.flow.tokenUrl, {
62
+ t["x-scalar-client-id"] && r.clientSecret && (n.Authorization = `Basic ${btoa(`${t["x-scalar-client-id"]}:${r.clientSecret}`)}`);
63
+ const c = await fetch(t.flow.tokenUrl, {
66
64
  method: "POST",
67
- headers: i,
65
+ headers: n,
68
66
  body: e
69
- }), { access_token: o } = await w.json();
70
- return o;
67
+ }), { access_token: a } = await c.json();
68
+ return a;
71
69
  } catch {
72
70
  throw new Error(
73
71
  "Failed to get an access token. Please check your credentials."
@@ -75,7 +73,7 @@ const _ = (t) => t.type.startsWith("oauth"), g = (t, r, f) => new Promise((s, e)
75
73
  }
76
74
  };
77
75
  export {
78
- g as authorizeOauth2,
76
+ P as authorizeOauth2,
79
77
  p as authorizeServers,
80
- _ as isOauth2Example
78
+ y as isOauth2Example
81
79
  };
package/package.json CHANGED
@@ -18,7 +18,7 @@
18
18
  "rest",
19
19
  "testing"
20
20
  ],
21
- "version": "2.1.40",
21
+ "version": "2.1.41",
22
22
  "engines": {
23
23
  "node": ">=18"
24
24
  },
@@ -155,15 +155,15 @@
155
155
  "zod": "^3.23.8",
156
156
  "@scalar/components": "0.12.63",
157
157
  "@scalar/draggable": "0.1.6",
158
- "@scalar/import": "0.0.4",
159
- "@scalar/oas-utils": "0.2.66",
160
158
  "@scalar/icons": "0.1.1",
159
+ "@scalar/import": "0.0.4",
160
+ "@scalar/oas-utils": "0.2.67",
161
161
  "@scalar/object-utils": "1.1.11",
162
162
  "@scalar/openapi-parser": "0.8.8",
163
163
  "@scalar/openapi-types": "0.1.4",
164
164
  "@scalar/themes": "0.9.45",
165
- "@scalar/use-codemirror": "0.11.30",
166
165
  "@scalar/types": "0.0.18",
166
+ "@scalar/use-codemirror": "0.11.30",
167
167
  "@scalar/use-toasts": "0.7.7",
168
168
  "@scalar/use-tooltip": "1.0.3"
169
169
  },