@schemavaults/auth-common 0.7.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/audience-schema.d.ts +3 -0
- package/dist/audience-schema.js +12 -0
- package/dist/audience-schema.js.map +1 -0
- package/dist/auth_acquire_tokens_grant_types.d.ts +80 -0
- package/dist/auth_acquire_tokens_grant_types.js +48 -0
- package/dist/auth_acquire_tokens_grant_types.js.map +1 -0
- package/dist/authenticate_result.d.ts +15 -0
- package/dist/authenticate_result.js +12 -0
- package/dist/authenticate_result.js.map +1 -0
- package/dist/credentials/email_credentials.d.ts +12 -0
- package/dist/credentials/email_credentials.js +10 -0
- package/dist/credentials/email_credentials.js.map +1 -0
- package/dist/credentials/index.d.ts +3 -0
- package/dist/credentials/index.js +4 -0
- package/dist/credentials/index.js.map +1 -0
- package/dist/credentials/password_requirements.d.ts +2 -0
- package/dist/credentials/password_requirements.js +17 -0
- package/dist/credentials/password_requirements.js.map +1 -0
- package/dist/credentials/register_credentials.d.ts +28 -0
- package/dist/credentials/register_credentials.js +13 -0
- package/dist/credentials/register_credentials.js.map +1 -0
- package/dist/frontend-client-state.d.ts +4 -0
- package/dist/frontend-client-state.js +2 -0
- package/dist/frontend-client-state.js.map +1 -0
- package/dist/index.d.ts +21 -0
- package/dist/index.js +15 -0
- package/dist/index.js.map +1 -0
- package/dist/invite-code/index.d.ts +4 -0
- package/dist/invite-code/index.js +3 -0
- package/dist/invite-code/index.js.map +1 -0
- package/dist/invite-code/invite-code-definition.d.ts +21 -0
- package/dist/invite-code/invite-code-definition.js +18 -0
- package/dist/invite-code/invite-code-definition.js.map +1 -0
- package/dist/invite-code/invite-code-format.d.ts +3 -0
- package/dist/invite-code/invite-code-format.js +9 -0
- package/dist/invite-code/invite-code-format.js.map +1 -0
- package/dist/is_crypto_api_available.d.ts +1 -0
- package/dist/is_crypto_api_available.js +31 -0
- package/dist/is_crypto_api_available.js.map +1 -0
- package/dist/middleware/auth-middleware-error.d.ts +4 -0
- package/dist/middleware/auth-middleware-error.js +12 -0
- package/dist/middleware/auth-middleware-error.js.map +1 -0
- package/dist/middleware/auth-middleware.d.ts +36 -0
- package/dist/middleware/auth-middleware.js +177 -0
- package/dist/middleware/auth-middleware.js.map +1 -0
- package/dist/middleware/compare-path.d.ts +2 -0
- package/dist/middleware/compare-path.js +14 -0
- package/dist/middleware/compare-path.js.map +1 -0
- package/dist/middleware/decode-first-of-several-jwts.d.ts +10 -0
- package/dist/middleware/decode-first-of-several-jwts.js +56 -0
- package/dist/middleware/decode-first-of-several-jwts.js.map +1 -0
- package/dist/middleware/decode-token-type.d.ts +9 -0
- package/dist/middleware/decode-token-type.js +2 -0
- package/dist/middleware/decode-token-type.js.map +1 -0
- package/dist/middleware/default-auth-middleware-rules.d.ts +7 -0
- package/dist/middleware/default-auth-middleware-rules.js +24 -0
- package/dist/middleware/default-auth-middleware-rules.js.map +1 -0
- package/dist/middleware/determine-auth-status.d.ts +13 -0
- package/dist/middleware/determine-auth-status.js +91 -0
- package/dist/middleware/determine-auth-status.js.map +1 -0
- package/dist/middleware/index.d.ts +10 -0
- package/dist/middleware/index.js +6 -0
- package/dist/middleware/index.js.map +1 -0
- package/dist/middleware/middleware-rules.d.ts +30 -0
- package/dist/middleware/middleware-rules.js +117 -0
- package/dist/middleware/middleware-rules.js.map +1 -0
- package/dist/middleware/parse-navigation-path.d.ts +3 -0
- package/dist/middleware/parse-navigation-path.js +28 -0
- package/dist/middleware/parse-navigation-path.js.map +1 -0
- package/dist/middleware/token-source.d.ts +6 -0
- package/dist/middleware/token-source.js +2 -0
- package/dist/middleware/token-source.js.map +1 -0
- package/dist/organizations/index.d.ts +5 -0
- package/dist/organizations/index.js +4 -0
- package/dist/organizations/index.js.map +1 -0
- package/dist/organizations/organization_constants.d.ts +4 -0
- package/dist/organizations/organization_constants.js +5 -0
- package/dist/organizations/organization_constants.js.map +1 -0
- package/dist/organizations/organization_definition.d.ts +15 -0
- package/dist/organizations/organization_definition.js +20 -0
- package/dist/organizations/organization_definition.js.map +1 -0
- package/dist/organizations/organization_id.d.ts +4 -0
- package/dist/organizations/organization_id.js +17 -0
- package/dist/organizations/organization_id.js.map +1 -0
- package/dist/organizations/schemavaults_org_id.d.ts +1 -0
- package/dist/organizations/schemavaults_org_id.js +2 -0
- package/dist/organizations/schemavaults_org_id.js.map +1 -0
- package/dist/pkce/code_challenge.d.ts +31 -0
- package/dist/pkce/code_challenge.js +43 -0
- package/dist/pkce/code_challenge.js.map +1 -0
- package/dist/pkce/code_verifier.d.ts +27 -0
- package/dist/pkce/code_verifier.js +76 -0
- package/dist/pkce/code_verifier.js.map +1 -0
- package/dist/pkce/index.d.ts +5 -0
- package/dist/pkce/index.js +3 -0
- package/dist/pkce/index.js.map +1 -0
- package/dist/pkce/pkce.d.ts +63 -0
- package/dist/pkce/pkce.js +141 -0
- package/dist/pkce/pkce.js.map +1 -0
- package/dist/pkce/sha256_digest/index.d.ts +1 -0
- package/dist/pkce/sha256_digest/index.js +2 -0
- package/dist/pkce/sha256_digest/index.js.map +1 -0
- package/dist/pkce/sha256_digest/sha256_digest.d.ts +3 -0
- package/dist/pkce/sha256_digest/sha256_digest.js +30 -0
- package/dist/pkce/sha256_digest/sha256_digest.js.map +1 -0
- package/dist/request_tokens_result.d.ts +342 -0
- package/dist/request_tokens_result.js +52 -0
- package/dist/request_tokens_result.js.map +1 -0
- package/dist/sha256_digest/cryptojs_pkg_sha256.d.ts +2 -0
- package/dist/sha256_digest/cryptojs_pkg_sha256.js +11 -0
- package/dist/sha256_digest/cryptojs_pkg_sha256.js.map +1 -0
- package/dist/sha256_digest/index.d.ts +1 -0
- package/dist/sha256_digest/index.js +2 -0
- package/dist/sha256_digest/index.js.map +1 -0
- package/dist/sha256_digest/sha256_digest.d.ts +3 -0
- package/dist/sha256_digest/sha256_digest.js +28 -0
- package/dist/sha256_digest/sha256_digest.js.map +1 -0
- package/dist/sha256_digest/webcrypto_sha256.d.ts +1 -0
- package/dist/sha256_digest/webcrypto_sha256.js +5 -0
- package/dist/sha256_digest/webcrypto_sha256.js.map +1 -0
- package/dist/token-data/index.d.ts +3 -0
- package/dist/token-data/index.js +3 -0
- package/dist/token-data/index.js.map +1 -0
- package/dist/token-data/token-data.d.ts +102 -0
- package/dist/token-data/token-data.js +29 -0
- package/dist/token-data/token-data.js.map +1 -0
- package/dist/token-data/token-expiry.d.ts +16 -0
- package/dist/token-data/token-expiry.js +48 -0
- package/dist/token-data/token-expiry.js.map +1 -0
- package/dist/user_data/index.d.ts +1 -0
- package/dist/user_data/index.js +2 -0
- package/dist/user_data/index.js.map +1 -0
- package/dist/user_data/user_data.d.ts +58 -0
- package/dist/user_data/user_data.js +33 -0
- package/dist/user_data/user_data.js.map +1 -0
- package/dist/utils/maybeStripQuotes.d.ts +2 -0
- package/dist/utils/maybeStripQuotes.js +14 -0
- package/dist/utils/maybeStripQuotes.js.map +1 -0
- package/package.json +43 -0
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export declare const audienceRefSchema: z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>;
|
|
3
|
+
export declare const audienceSchema: z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, "many">]>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { apiServerIdSchema } from "@schemavaults/app-definitions";
|
|
2
|
+
import { z } from "zod";
|
|
3
|
+
export const audienceRefSchema = apiServerIdSchema;
|
|
4
|
+
const MAX_APPS_IN_AUDIENCE_LIST = 10;
|
|
5
|
+
export const audienceSchema = z.union([
|
|
6
|
+
audienceRefSchema,
|
|
7
|
+
audienceRefSchema
|
|
8
|
+
.array()
|
|
9
|
+
.min(1, "Audience list may not be empty")
|
|
10
|
+
.max(MAX_APPS_IN_AUDIENCE_LIST, `Audience list may not contain more than ${MAX_APPS_IN_AUDIENCE_LIST} audience references.`),
|
|
11
|
+
]);
|
|
12
|
+
//# sourceMappingURL=audience-schema.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audience-schema.js","sourceRoot":"","sources":["../src/audience-schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,iBAAiB,GAAG,iBAAiB,CAAC;AAEnD,MAAM,yBAAyB,GAAG,EAA4B,CAAC;AAE/D,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC;IACpC,iBAAiB;IACjB,iBAAiB;SACd,KAAK,EAAE;SACP,GAAG,CAAC,CAAC,EAAE,gCAAgC,CAAC;SACxC,GAAG,CACF,yBAAyB,EACzB,2CAA2C,yBAAyB,uBAAuB,CAC5F;CACJ,CAAC,CAAC"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export declare const grant_types: readonly ["authorization_code", "refresh_token"];
|
|
3
|
+
export declare const authorizationCodePOSTbody: z.ZodObject<{
|
|
4
|
+
code: z.ZodEffects<z.ZodString, string, string>;
|
|
5
|
+
challenge_time: z.ZodNumber;
|
|
6
|
+
code_verifier: z.ZodEffects<z.ZodString, string, string>;
|
|
7
|
+
audience: z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, "many">]>;
|
|
8
|
+
client_app_id: z.ZodUnion<readonly [z.ZodString, z.ZodEffects<z.ZodString, "schemavaults-auth" | "schemavaults-mail" | "schemavaults-web" | "schemavaults-cli", string>]>;
|
|
9
|
+
grant_type: z.ZodLiteral<"authorization_code">;
|
|
10
|
+
}, "strict", z.ZodTypeAny, {
|
|
11
|
+
code: string;
|
|
12
|
+
challenge_time: number;
|
|
13
|
+
code_verifier: string;
|
|
14
|
+
audience: string | string[];
|
|
15
|
+
client_app_id: string;
|
|
16
|
+
grant_type: "authorization_code";
|
|
17
|
+
}, {
|
|
18
|
+
code: string;
|
|
19
|
+
challenge_time: number;
|
|
20
|
+
code_verifier: string;
|
|
21
|
+
audience: string | string[];
|
|
22
|
+
client_app_id: string;
|
|
23
|
+
grant_type: "authorization_code";
|
|
24
|
+
}>;
|
|
25
|
+
export declare const refreshTokenPOSTbody: z.ZodObject<{
|
|
26
|
+
audience: z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, "many">]>;
|
|
27
|
+
client_app_id: z.ZodUnion<readonly [z.ZodString, z.ZodEffects<z.ZodString, "schemavaults-auth" | "schemavaults-mail" | "schemavaults-web" | "schemavaults-cli", string>]>;
|
|
28
|
+
grant_type: z.ZodLiteral<"refresh_token">;
|
|
29
|
+
replaceRefreshToo: z.ZodOptional<z.ZodBoolean>;
|
|
30
|
+
}, "strict", z.ZodTypeAny, {
|
|
31
|
+
audience: string | string[];
|
|
32
|
+
client_app_id: string;
|
|
33
|
+
grant_type: "refresh_token";
|
|
34
|
+
replaceRefreshToo?: boolean | undefined;
|
|
35
|
+
}, {
|
|
36
|
+
audience: string | string[];
|
|
37
|
+
client_app_id: string;
|
|
38
|
+
grant_type: "refresh_token";
|
|
39
|
+
replaceRefreshToo?: boolean | undefined;
|
|
40
|
+
}>;
|
|
41
|
+
export declare const grantTypePOSTbodySchemaMap: {
|
|
42
|
+
readonly authorization_code: z.ZodObject<{
|
|
43
|
+
code: z.ZodEffects<z.ZodString, string, string>;
|
|
44
|
+
challenge_time: z.ZodNumber;
|
|
45
|
+
code_verifier: z.ZodEffects<z.ZodString, string, string>;
|
|
46
|
+
audience: z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, "many">]>;
|
|
47
|
+
client_app_id: z.ZodUnion<readonly [z.ZodString, z.ZodEffects<z.ZodString, "schemavaults-auth" | "schemavaults-mail" | "schemavaults-web" | "schemavaults-cli", string>]>;
|
|
48
|
+
grant_type: z.ZodLiteral<"authorization_code">;
|
|
49
|
+
}, "strict", z.ZodTypeAny, {
|
|
50
|
+
code: string;
|
|
51
|
+
challenge_time: number;
|
|
52
|
+
code_verifier: string;
|
|
53
|
+
audience: string | string[];
|
|
54
|
+
client_app_id: string;
|
|
55
|
+
grant_type: "authorization_code";
|
|
56
|
+
}, {
|
|
57
|
+
code: string;
|
|
58
|
+
challenge_time: number;
|
|
59
|
+
code_verifier: string;
|
|
60
|
+
audience: string | string[];
|
|
61
|
+
client_app_id: string;
|
|
62
|
+
grant_type: "authorization_code";
|
|
63
|
+
}>;
|
|
64
|
+
readonly refresh_token: z.ZodObject<{
|
|
65
|
+
audience: z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, "many">]>;
|
|
66
|
+
client_app_id: z.ZodUnion<readonly [z.ZodString, z.ZodEffects<z.ZodString, "schemavaults-auth" | "schemavaults-mail" | "schemavaults-web" | "schemavaults-cli", string>]>;
|
|
67
|
+
grant_type: z.ZodLiteral<"refresh_token">;
|
|
68
|
+
replaceRefreshToo: z.ZodOptional<z.ZodBoolean>;
|
|
69
|
+
}, "strict", z.ZodTypeAny, {
|
|
70
|
+
audience: string | string[];
|
|
71
|
+
client_app_id: string;
|
|
72
|
+
grant_type: "refresh_token";
|
|
73
|
+
replaceRefreshToo?: boolean | undefined;
|
|
74
|
+
}, {
|
|
75
|
+
audience: string | string[];
|
|
76
|
+
client_app_id: string;
|
|
77
|
+
grant_type: "refresh_token";
|
|
78
|
+
replaceRefreshToo?: boolean | undefined;
|
|
79
|
+
}>;
|
|
80
|
+
};
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
import { PKCE_ProofKeyManager } from "./pkce";
|
|
2
|
+
import { z } from "zod";
|
|
3
|
+
import { audienceSchema } from "./audience-schema";
|
|
4
|
+
import { appIdSchema } from "@schemavaults/app-definitions";
|
|
5
|
+
export const grant_types = [
|
|
6
|
+
"authorization_code",
|
|
7
|
+
"refresh_token",
|
|
8
|
+
];
|
|
9
|
+
const _createTokenEndpointBaseSchema = z.object({
|
|
10
|
+
audience: audienceSchema,
|
|
11
|
+
client_app_id: appIdSchema,
|
|
12
|
+
});
|
|
13
|
+
export const authorizationCodePOSTbody = _createTokenEndpointBaseSchema
|
|
14
|
+
.extend({
|
|
15
|
+
grant_type: z.literal("authorization_code"),
|
|
16
|
+
code: z
|
|
17
|
+
.string()
|
|
18
|
+
.min(64)
|
|
19
|
+
.max(1024)
|
|
20
|
+
.refine((value) => /^[A-Za-z0-9_-]+$/.test(value)),
|
|
21
|
+
code_verifier: PKCE_ProofKeyManager.codeChallengeSchema,
|
|
22
|
+
challenge_time: z.number().nonnegative(),
|
|
23
|
+
})
|
|
24
|
+
.required({
|
|
25
|
+
grant_type: true,
|
|
26
|
+
audience: true,
|
|
27
|
+
client_app_id: true,
|
|
28
|
+
code: true,
|
|
29
|
+
code_verifier: true,
|
|
30
|
+
challenge_time: true,
|
|
31
|
+
})
|
|
32
|
+
.strict();
|
|
33
|
+
export const refreshTokenPOSTbody = _createTokenEndpointBaseSchema
|
|
34
|
+
.extend({
|
|
35
|
+
grant_type: z.literal("refresh_token"),
|
|
36
|
+
replaceRefreshToo: z.boolean().optional(),
|
|
37
|
+
})
|
|
38
|
+
.required({
|
|
39
|
+
grant_type: true,
|
|
40
|
+
audience: true,
|
|
41
|
+
client_app_id: true,
|
|
42
|
+
})
|
|
43
|
+
.strict();
|
|
44
|
+
export const grantTypePOSTbodySchemaMap = {
|
|
45
|
+
authorization_code: authorizationCodePOSTbody,
|
|
46
|
+
refresh_token: refreshTokenPOSTbody,
|
|
47
|
+
};
|
|
48
|
+
//# sourceMappingURL=auth_acquire_tokens_grant_types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth_acquire_tokens_grant_types.js","sourceRoot":"","sources":["../src/auth_acquire_tokens_grant_types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAkB,CAAC,EAAE,MAAM,KAAK,CAAC;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAE5D,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,oBAAoB;IACpB,eAAe;CACqB,CAAC;AAEvC,MAAM,8BAA8B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,QAAQ,EAAE,cAAc;IACxB,aAAa,EAAE,WAAW;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,8BAA8B;KACpE,MAAM,CAAC;IACN,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC;IAC3C,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,GAAG,CAAC,EAAE,CAAC;SACP,GAAG,CAAC,IAAI,CAAC;SACT,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpD,aAAa,EAAE,oBAAoB,CAAC,mBAAmB;IACvD,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE;CACzC,CAAC;KACD,QAAQ,CAAC;IACR,UAAU,EAAE,IAAI;IAChB,QAAQ,EAAE,IAAI;IACd,aAAa,EAAE,IAAI;IACnB,IAAI,EAAE,IAAI;IACV,aAAa,EAAE,IAAI;IACnB,cAAc,EAAE,IAAI;CACrB,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,oBAAoB,GAAG,8BAA8B;KAC/D,MAAM,CAAC;IACN,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC;IACtC,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC1C,CAAC;KACD,QAAQ,CAAC;IACR,UAAU,EAAE,IAAI;IAChB,QAAQ,EAAE,IAAI;IACd,aAAa,EAAE,IAAI;CACpB,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,kBAAkB,EAAE,yBAAyB;IAC7C,aAAa,EAAE,oBAAoB;CAC+B,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export declare const authenticateResultSchema: z.ZodObject<{
|
|
3
|
+
message: z.ZodString;
|
|
4
|
+
authorization_code: z.ZodOptional<z.ZodString>;
|
|
5
|
+
success: z.ZodBoolean;
|
|
6
|
+
}, "strict", z.ZodTypeAny, {
|
|
7
|
+
message: string;
|
|
8
|
+
success: boolean;
|
|
9
|
+
authorization_code?: string | undefined;
|
|
10
|
+
}, {
|
|
11
|
+
message: string;
|
|
12
|
+
success: boolean;
|
|
13
|
+
authorization_code?: string | undefined;
|
|
14
|
+
}>;
|
|
15
|
+
export type AuthenticateResult = z.infer<typeof authenticateResultSchema>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export const authenticateResultSchema = z.object({
|
|
3
|
+
success: z.boolean(),
|
|
4
|
+
message: z.string(),
|
|
5
|
+
authorization_code: z.string()
|
|
6
|
+
.min(43, 'Authorization code must be at least 43 characters long')
|
|
7
|
+
.optional()
|
|
8
|
+
}).required({
|
|
9
|
+
success: true,
|
|
10
|
+
message: true
|
|
11
|
+
}).strict();
|
|
12
|
+
//# sourceMappingURL=authenticate_result.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authenticate_result.js","sourceRoot":"","sources":["../src/authenticate_result.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE;IACpB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE;SAC3B,GAAG,CAAC,EAAE,EAAE,wDAAwD,CAAC;SACjE,QAAQ,EAAE;CACd,CAAC,CAAC,QAAQ,CAAC;IACV,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,IAAI;CACd,CAAC,CAAC,MAAM,EAAE,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
export declare const emailCredentialsSchema: z.ZodObject<{
|
|
3
|
+
email: z.ZodString;
|
|
4
|
+
password: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, string, string>, string, string>;
|
|
5
|
+
}, "strict", z.ZodTypeAny, {
|
|
6
|
+
email: string;
|
|
7
|
+
password: string;
|
|
8
|
+
}, {
|
|
9
|
+
email: string;
|
|
10
|
+
password: string;
|
|
11
|
+
}>;
|
|
12
|
+
export type EmailCredentials = z.infer<typeof emailCredentialsSchema>;
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import { passwordSchema } from './password_requirements';
|
|
3
|
+
export const emailCredentialsSchema = z.object({
|
|
4
|
+
email: z.string().email(),
|
|
5
|
+
password: passwordSchema
|
|
6
|
+
}).required({
|
|
7
|
+
email: true,
|
|
8
|
+
password: true
|
|
9
|
+
}).strict();
|
|
10
|
+
//# sourceMappingURL=email_credentials.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"email_credentials.js","sourceRoot":"","sources":["../../src/credentials/email_credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAEzD,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;IACzB,QAAQ,EAAE,cAAc;CACzB,CAAC,CAAC,QAAQ,CAAC;IACV,KAAK,EAAE,IAAI;IACX,QAAQ,EAAE,IAAI;CACf,CAAC,CAAC,MAAM,EAAE,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/credentials/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,qBAAqB,CAAC;AACpF,OAAO,EAAE,kCAAkC,EAAqC,MAAM,wBAAwB,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export const passwordSchema = z.string()
|
|
3
|
+
.min(10, "Password must be at least 10 characters long")
|
|
4
|
+
.max(255, "Password must be at most 255 characters long")
|
|
5
|
+
.refine((password) => {
|
|
6
|
+
return /[a-z]/.test(password);
|
|
7
|
+
}, "Password must contain at least one lowercase letter")
|
|
8
|
+
.refine((password) => {
|
|
9
|
+
return /[A-Z]/.test(password);
|
|
10
|
+
}, "Password must contain at least one uppercase letter")
|
|
11
|
+
.refine((password) => {
|
|
12
|
+
return /[0-9]/.test(password);
|
|
13
|
+
}, "Password must contain at least one number")
|
|
14
|
+
.refine((password) => {
|
|
15
|
+
return /[^a-zA-Z0-9]/.test(password);
|
|
16
|
+
}, "Password must contain at least one special character");
|
|
17
|
+
//# sourceMappingURL=password_requirements.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"password_requirements.js","sourceRoot":"","sources":["../../src/credentials/password_requirements.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,EAAE;KACrC,GAAG,CAAC,EAAE,EAAE,8CAA8C,CAAC;KACvD,GAAG,CAAC,GAAG,EAAE,8CAA8C,CAAC;KACxD,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;IACnB,OAAO,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC,EAAE,qDAAqD,CAAC;KACxD,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;IACnB,OAAO,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC,EAAE,qDAAqD,CAAC;KACxD,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;IACnB,OAAO,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC,EAAE,2CAA2C,CAAC;KAC9C,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;IACnB,OAAO,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACvC,CAAC,EAAE,sDAAsD,CAAC,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
export declare const emailRegistrationCredentialsSchema: z.ZodEffects<z.ZodObject<{
|
|
3
|
+
email: z.ZodString;
|
|
4
|
+
invite_code: z.ZodString;
|
|
5
|
+
password: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, string, string>, string, string>;
|
|
6
|
+
confirm: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, string, string>, string, string>;
|
|
7
|
+
}, "strict", z.ZodTypeAny, {
|
|
8
|
+
email: string;
|
|
9
|
+
invite_code: string;
|
|
10
|
+
password: string;
|
|
11
|
+
confirm: string;
|
|
12
|
+
}, {
|
|
13
|
+
email: string;
|
|
14
|
+
invite_code: string;
|
|
15
|
+
password: string;
|
|
16
|
+
confirm: string;
|
|
17
|
+
}>, {
|
|
18
|
+
email: string;
|
|
19
|
+
invite_code: string;
|
|
20
|
+
password: string;
|
|
21
|
+
confirm: string;
|
|
22
|
+
}, {
|
|
23
|
+
email: string;
|
|
24
|
+
invite_code: string;
|
|
25
|
+
password: string;
|
|
26
|
+
confirm: string;
|
|
27
|
+
}>;
|
|
28
|
+
export type EmailRegistrationCredentials = z.infer<typeof emailRegistrationCredentialsSchema>;
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { emailCredentialsSchema } from "./email_credentials";
|
|
2
|
+
import { passwordSchema } from "./password_requirements";
|
|
3
|
+
import { z } from 'zod';
|
|
4
|
+
export const emailRegistrationCredentialsSchema = emailCredentialsSchema.extend({
|
|
5
|
+
confirm: passwordSchema,
|
|
6
|
+
invite_code: z.string().min(5, "Invite code must be at least 5 characters long.")
|
|
7
|
+
}).required({
|
|
8
|
+
confirm: true,
|
|
9
|
+
invite_code: true
|
|
10
|
+
}).strict().refine((data) => {
|
|
11
|
+
return data.password === data.confirm;
|
|
12
|
+
}, "Passwords do not match");
|
|
13
|
+
//# sourceMappingURL=register_credentials.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"register_credentials.js","sourceRoot":"","sources":["../../src/credentials/register_credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,MAAM,CAAC,MAAM,kCAAkC,GAAG,sBAAsB,CAAC,MAAM,CAAC;IAC9E,OAAO,EAAE,cAAc;IACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,iDAAiD,CAAC;CAClF,CAAC,CAAC,QAAQ,CAAC;IACV,OAAO,EAAE,IAAI;IACb,WAAW,EAAE,IAAI;CAClB,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;IAC1B,OAAO,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,OAAO,CAAC;AACxC,CAAC,EAAE,wBAAwB,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"frontend-client-state.js","sourceRoot":"","sources":["../src/frontend-client-state.ts"],"names":[],"mappings":""}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export { userDataSchema, type UserData } from "./user_data";
|
|
2
|
+
export * from "./credentials";
|
|
3
|
+
export type * from "./credentials";
|
|
4
|
+
export * from "./token-data";
|
|
5
|
+
export type * from "./token-data";
|
|
6
|
+
export type { AuthClientState } from "./frontend-client-state";
|
|
7
|
+
export * from "./middleware";
|
|
8
|
+
export type * from "./middleware";
|
|
9
|
+
export * from "./pkce";
|
|
10
|
+
export type * from "./pkce";
|
|
11
|
+
export { authenticateResultSchema, type AuthenticateResult, } from "./authenticate_result";
|
|
12
|
+
export { requestTokensResultSchema, type RequestTokensResult, successfullyGeneratedTokensRecordSchema, type SuccessfullyGeneratedTokensRecord, } from "./request_tokens_result";
|
|
13
|
+
export * from "./auth_acquire_tokens_grant_types";
|
|
14
|
+
export type * from "./auth_acquire_tokens_grant_types";
|
|
15
|
+
export { PRODUCTION_AUTH_SERVER_URL } from "@schemavaults/app-definitions";
|
|
16
|
+
export { appIdSchema } from "@schemavaults/app-definitions";
|
|
17
|
+
export { audienceSchema, audienceRefSchema } from "./audience-schema";
|
|
18
|
+
export { inviteCodeFormatSchema, inviteCodeDefinitionSchema, } from "./invite-code";
|
|
19
|
+
export type { InviteCode, InviteCodeDefinition } from "./invite-code";
|
|
20
|
+
export { organizationIdSchema, isValidOrganizationID, organizationDefinitionSchema, SCHEMAVAULTS_ORGANIZATION_ID, } from "./organizations";
|
|
21
|
+
export type { OrganizationID, OrganizationDefinition } from "./organizations";
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export { userDataSchema } from "./user_data";
|
|
2
|
+
export * from "./credentials";
|
|
3
|
+
// Shapes of tokens
|
|
4
|
+
export * from "./token-data";
|
|
5
|
+
export * from "./middleware";
|
|
6
|
+
export * from "./pkce";
|
|
7
|
+
export { authenticateResultSchema, } from "./authenticate_result";
|
|
8
|
+
export { requestTokensResultSchema, successfullyGeneratedTokensRecordSchema, } from "./request_tokens_result";
|
|
9
|
+
export * from "./auth_acquire_tokens_grant_types";
|
|
10
|
+
export { PRODUCTION_AUTH_SERVER_URL } from "@schemavaults/app-definitions";
|
|
11
|
+
export { appIdSchema } from "@schemavaults/app-definitions";
|
|
12
|
+
export { audienceSchema, audienceRefSchema } from "./audience-schema";
|
|
13
|
+
export { inviteCodeFormatSchema, inviteCodeDefinitionSchema, } from "./invite-code";
|
|
14
|
+
export { organizationIdSchema, isValidOrganizationID, organizationDefinitionSchema, SCHEMAVAULTS_ORGANIZATION_ID, } from "./organizations";
|
|
15
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAiB,MAAM,aAAa,CAAC;AAE5D,cAAc,eAAe,CAAC;AAG9B,mBAAmB;AACnB,cAAc,cAAc,CAAC;AAM7B,cAAc,cAAc,CAAC;AAG7B,cAAc,QAAQ,CAAC;AAGvB,OAAO,EACL,wBAAwB,GAEzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,yBAAyB,EAEzB,uCAAuC,GAExC,MAAM,yBAAyB,CAAC;AAEjC,cAAc,mCAAmC,CAAC;AAGlD,OAAO,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAC3E,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAE5D,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtE,OAAO,EACL,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,4BAA4B,EAC5B,4BAA4B,GAC7B,MAAM,iBAAiB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/invite-code/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9D,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export declare const inviteCodeDefinitionSchema: z.ZodObject<{
|
|
3
|
+
created_at: z.ZodNumber;
|
|
4
|
+
invite_code: z.ZodString;
|
|
5
|
+
max_uses: z.ZodNumber;
|
|
6
|
+
description: z.ZodOptional<z.ZodString>;
|
|
7
|
+
created_by: z.ZodOptional<z.ZodString>;
|
|
8
|
+
}, "strict", z.ZodTypeAny, {
|
|
9
|
+
created_at: number;
|
|
10
|
+
invite_code: string;
|
|
11
|
+
max_uses: number;
|
|
12
|
+
description?: string | undefined;
|
|
13
|
+
created_by?: string | undefined;
|
|
14
|
+
}, {
|
|
15
|
+
created_at: number;
|
|
16
|
+
invite_code: string;
|
|
17
|
+
max_uses: number;
|
|
18
|
+
description?: string | undefined;
|
|
19
|
+
created_by?: string | undefined;
|
|
20
|
+
}>;
|
|
21
|
+
export type InviteCodeDefinition = z.infer<typeof inviteCodeDefinitionSchema>;
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
import { inviteCodeFormatSchema } from "./invite-code-format";
|
|
3
|
+
const MAX_DESCRIPTION_LENGTH = 128;
|
|
4
|
+
export const inviteCodeDefinitionSchema = z
|
|
5
|
+
.object({
|
|
6
|
+
invite_code: inviteCodeFormatSchema,
|
|
7
|
+
created_at: z.number().nonnegative(),
|
|
8
|
+
max_uses: z.number().int().positive(),
|
|
9
|
+
description: z.string().max(MAX_DESCRIPTION_LENGTH).optional(),
|
|
10
|
+
created_by: z.string().uuid().optional(),
|
|
11
|
+
})
|
|
12
|
+
.required({
|
|
13
|
+
invite_code: true,
|
|
14
|
+
created_at: true,
|
|
15
|
+
max_uses: true,
|
|
16
|
+
})
|
|
17
|
+
.strict();
|
|
18
|
+
//# sourceMappingURL=invite-code-definition.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"invite-code-definition.js","sourceRoot":"","sources":["../../src/invite-code/invite-code-definition.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D,MAAM,sBAAsB,GAAW,GAAG,CAAC;AAE3C,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC;KACxC,MAAM,CAAC;IACN,WAAW,EAAE,sBAAsB;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE;IACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACrC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,QAAQ,EAAE;IAC9D,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;CACzC,CAAC;KACD,QAAQ,CAAC;IACR,WAAW,EAAE,IAAI;IACjB,UAAU,EAAE,IAAI;IAChB,QAAQ,EAAE,IAAI;CACf,CAAC;KACD,MAAM,EAAE,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
const MIN_INVITE_CODE_LENGTH = 8;
|
|
3
|
+
const MAX_INVITE_CODE_LENGTH = 64;
|
|
4
|
+
export const inviteCodeFormatSchema = z
|
|
5
|
+
.string()
|
|
6
|
+
.min(MIN_INVITE_CODE_LENGTH, `Invite code must be at least ${MIN_INVITE_CODE_LENGTH} characters long!`)
|
|
7
|
+
.max(MAX_INVITE_CODE_LENGTH, `Invite code may not be longer than ${MAX_INVITE_CODE_LENGTH} characters long!`)
|
|
8
|
+
.regex(/^[A-Za-z0-9_-]+$/, "Invite code may only contain alphanumeric characters, hyphens, or underscores!");
|
|
9
|
+
//# sourceMappingURL=invite-code-format.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"invite-code-format.js","sourceRoot":"","sources":["../../src/invite-code/invite-code-format.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,sBAAsB,GAAW,CAAC,CAAC;AACzC,MAAM,sBAAsB,GAAW,EAAE,CAAC;AAE1C,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC;KACpC,MAAM,EAAE;KACR,GAAG,CACF,sBAAsB,EACtB,gCAAgC,sBAAsB,mBAAmB,CAC1E;KACA,GAAG,CACF,sBAAsB,EACtB,sCAAsC,sBAAsB,mBAAmB,CAChF;KACA,KAAK,CACJ,kBAAkB,EAClB,gFAAgF,CACjF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export default function isCryptoApiAvailable(): boolean;
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
export default function isCryptoApiAvailable() {
|
|
2
|
+
// Check if this is a server-side environment-- assume crypto is available then
|
|
3
|
+
try {
|
|
4
|
+
if (!window || typeof window === "undefined") {
|
|
5
|
+
return true;
|
|
6
|
+
}
|
|
7
|
+
}
|
|
8
|
+
catch (e) {
|
|
9
|
+
void e; // an error means 'window' is not defined and threw-- this is a server
|
|
10
|
+
return true;
|
|
11
|
+
}
|
|
12
|
+
// Check if the browser supports the Web Crypto API
|
|
13
|
+
try {
|
|
14
|
+
if (window && typeof window.crypto !== "undefined") {
|
|
15
|
+
if (window.location.protocol === "https:") {
|
|
16
|
+
return true;
|
|
17
|
+
}
|
|
18
|
+
if (window.location.href.startsWith("https://")) {
|
|
19
|
+
return true;
|
|
20
|
+
}
|
|
21
|
+
if (/^http:\/\/(localhost|127\.0\.0\.1)/.test(window.location.href)) {
|
|
22
|
+
return true;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
catch (e) {
|
|
27
|
+
void e;
|
|
28
|
+
}
|
|
29
|
+
return false;
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=is_crypto_api_available.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"is_crypto_api_available.js","sourceRoot":"","sources":["../src/is_crypto_api_available.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,OAAO,UAAU,oBAAoB;IAC1C,+EAA+E;IAC/E,IAAI,CAAC;QACH,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,KAAK,CAAC,CAAC,CAAC,sEAAsE;QAC9E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,mDAAmD;IACnD,IAAI,CAAC;QACH,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACnD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC1C,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,oCAAoC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,KAAK,CAAC,CAAC;IACT,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export declare const AuthMiddlewareErrorTypes: readonly ["Unauthorized", "Forbidden"];
|
|
3
|
+
export type AuthMiddlewareError = (typeof AuthMiddlewareErrorTypes)[number];
|
|
4
|
+
export declare const authMiddlewareErrorTypesSchema: z.ZodEffects<z.ZodString, "Unauthorized" | "Forbidden", string>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
2
|
+
export const AuthMiddlewareErrorTypes = [
|
|
3
|
+
"Unauthorized",
|
|
4
|
+
"Forbidden",
|
|
5
|
+
];
|
|
6
|
+
export const authMiddlewareErrorTypesSchema = z
|
|
7
|
+
.string()
|
|
8
|
+
.refine((str) => {
|
|
9
|
+
const errorTypes = AuthMiddlewareErrorTypes;
|
|
10
|
+
return errorTypes.includes(str);
|
|
11
|
+
});
|
|
12
|
+
//# sourceMappingURL=auth-middleware-error.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-middleware-error.js","sourceRoot":"","sources":["../../src/middleware/auth-middleware-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc;IACd,WAAW;CACyB,CAAC;AAIvC,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAC;KAC5C,MAAM,EAAE;KACR,MAAM,CAAC,CAAC,GAAG,EAA8B,EAAE;IAC1C,MAAM,UAAU,GAAsB,wBAAwB,CAAC;IAC/D,OAAO,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { type AuthMiddlewareRules, type AuthenticationStatus } from "./middleware-rules";
|
|
2
|
+
import type { SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
3
|
+
import { AuthMiddlewareError } from "./auth-middleware-error";
|
|
4
|
+
export interface AuthMiddlewareOptions {
|
|
5
|
+
/** The current path, e.g. /vaults/my-vault */
|
|
6
|
+
path: string;
|
|
7
|
+
/** Is the user logged in? */
|
|
8
|
+
authStatus: AuthenticationStatus;
|
|
9
|
+
/** Define what routes are public/unauthed/authed */
|
|
10
|
+
rules: AuthMiddlewareRules;
|
|
11
|
+
/** Where the user should be sent if they are logged in on a page for unauthenticated users */
|
|
12
|
+
authedOnUnauthedRouteRedirectTo: string;
|
|
13
|
+
/** Where the user should be sent if they are not logged in on a page for authenticated users */
|
|
14
|
+
unauthedOnAuthedRouteRedirectTo: string;
|
|
15
|
+
/** Page which handles authorizing an unauthorized user via search params */
|
|
16
|
+
authorize_uri: string;
|
|
17
|
+
/** Page which users should be sent to after successfully logging out */
|
|
18
|
+
successful_logout_redirect_uri?: string;
|
|
19
|
+
/** App Environment. This can usually be loaded from the env without passing it explicitly... but it might throw if not ¯\_(ツ)_/¯ */
|
|
20
|
+
environment: SchemaVaultsAppEnvironment;
|
|
21
|
+
/** Enable debug logging. Defaults to 'true' in non-production environments. */
|
|
22
|
+
debug?: boolean;
|
|
23
|
+
}
|
|
24
|
+
export type AuthMiddlewareResult = {
|
|
25
|
+
redirect: false;
|
|
26
|
+
remain: true;
|
|
27
|
+
} | {
|
|
28
|
+
redirect: true;
|
|
29
|
+
remain: false;
|
|
30
|
+
redirectTo: string;
|
|
31
|
+
} | {
|
|
32
|
+
redirect: false;
|
|
33
|
+
error: AuthMiddlewareError;
|
|
34
|
+
remain: undefined;
|
|
35
|
+
};
|
|
36
|
+
export declare function AuthMiddleware({ path, authStatus, rules, authedOnUnauthedRouteRedirectTo, unauthedOnAuthedRouteRedirectTo, authorize_uri, successful_logout_redirect_uri, environment, ...opts }: AuthMiddlewareOptions): AuthMiddlewareResult;
|