@schemavaults/auth-server-sdk 0.17.15 → 0.19.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/AccessTokenCookieNames.d.ts +1 -0
- package/dist/AccessTokenCookieNames.js +2 -0
- package/dist/AccessTokenCookieNames.js.map +1 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.d.ts +3 -1
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js +4 -1
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js.map +1 -1
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.d.ts +2 -1
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js +25 -4
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js.map +1 -1
- package/dist/MaximumBrowserCookieSize.d.ts +1 -1
- package/dist/MaximumBrowserCookieSize.js +1 -1
- package/dist/MaximumBrowserCookieSize.js.map +1 -1
- package/dist/NextjsAppDirectoryPlugin/NextjsAppDirectoryPlugin.d.ts +5 -0
- package/dist/NextjsAppDirectoryPlugin/NextjsAppDirectoryPlugin.js +8 -0
- package/dist/NextjsAppDirectoryPlugin/NextjsAppDirectoryPlugin.js.map +1 -0
- package/dist/NextjsAppDirectoryPlugin/codegen.d.ts +4 -0
- package/dist/NextjsAppDirectoryPlugin/codegen.js +80 -0
- package/dist/NextjsAppDirectoryPlugin/codegen.js.map +1 -0
- package/dist/NextjsAppDirectoryPlugin/index.d.ts +2 -0
- package/dist/NextjsAppDirectoryPlugin/index.js +2 -0
- package/dist/NextjsAppDirectoryPlugin/index.js.map +1 -0
- package/dist/NextjsAppDirectoryPlugin/resolve-app-directory.d.ts +1 -0
- package/dist/NextjsAppDirectoryPlugin/resolve-app-directory.js +29 -0
- package/dist/NextjsAppDirectoryPlugin/resolve-app-directory.js.map +1 -0
- package/dist/NextjsAppDirectoryPlugin/resolve-codegen-templates-directory.d.ts +1 -0
- package/dist/NextjsAppDirectoryPlugin/resolve-codegen-templates-directory.js +6 -0
- package/dist/NextjsAppDirectoryPlugin/resolve-codegen-templates-directory.js.map +1 -0
- package/dist/RefreshTokenCookieNames.d.ts +1 -3
- package/dist/RefreshTokenCookieNames.js +1 -3
- package/dist/RefreshTokenCookieNames.js.map +1 -1
- package/dist/codegen-templates/auth/auth-provider.tsx +57 -0
- package/dist/codegen-templates/auth/authorize/page.tsx +54 -0
- package/dist/codegen-templates/auth/login/page.tsx +27 -0
- package/dist/codegen-templates/auth/logout/page.tsx +11 -0
- package/dist/codegen-templates/auth/register/page.tsx +29 -0
- package/dist/env/loadJwksAccessPrivateKey/index.d.ts +2 -0
- package/dist/env/loadJwksAccessPrivateKey/index.js +3 -0
- package/dist/env/loadJwksAccessPrivateKey/index.js.map +1 -0
- package/dist/env/loadJwksAccessPrivateKey/loadJwksAccessPrivateKey.js +42 -0
- package/dist/env/loadJwksAccessPrivateKey/loadJwksAccessPrivateKey.js.map +1 -0
- package/dist/get-app-environment.d.ts +2 -0
- package/dist/get-app-environment.js +2 -0
- package/dist/get-app-environment.js.map +1 -0
- package/dist/get-schemavaults-client-application-id.d.ts +10 -0
- package/dist/get-schemavaults-client-application-id.js +21 -0
- package/dist/get-schemavaults-client-application-id.js.map +1 -0
- package/dist/index.d.ts +4 -0
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js +11 -8
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js.map +1 -1
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.d.ts +1 -1
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js +1 -0
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js.map +1 -1
- package/dist/route_guards/assertValidRouteGuardType.d.ts +1 -0
- package/dist/route_guards/assertValidRouteGuardType.js +6 -0
- package/dist/route_guards/assertValidRouteGuardType.js.map +1 -0
- package/dist/route_guards/index.d.ts +2 -2
- package/dist/route_guards/index.js.map +1 -1
- package/dist/route_guards/route-guard-factory.js +1 -0
- package/dist/route_guards/route-guard-factory.js.map +1 -1
- package/dist/route_guards/withAdminRouteGuard.d.ts +5 -21
- package/dist/route_guards/withAdminRouteGuard.js +5 -124
- package/dist/route_guards/withAdminRouteGuard.js.map +1 -1
- package/dist/route_guards/withAuthenticatedRouteGuard.d.ts +9 -16
- package/dist/route_guards/withAuthenticatedRouteGuard.js +146 -42
- package/dist/route_guards/withAuthenticatedRouteGuard.js.map +1 -1
- package/package.json +16 -6
- package/dist/env/loadJwksAccessPrivateKey.js +0 -33
- package/dist/env/loadJwksAccessPrivateKey.js.map +0 -1
- /package/dist/env/{loadJwksAccessPrivateKey.d.ts → loadJwksAccessPrivateKey/loadJwksAccessPrivateKey.d.ts} +0 -0
|
@@ -1,27 +1,63 @@
|
|
|
1
1
|
import "server-only";
|
|
2
|
-
import { SCHEMAVAULTS_AUTH_APP_DEFINITION, getAppEnvironment, } from "@schemavaults/app-definitions";
|
|
2
|
+
import { SCHEMAVAULTS_AUTH_APP_DEFINITION, getAppEnvironment, getHardcodedClientWebAppDomain, } from "@schemavaults/app-definitions";
|
|
3
3
|
import { cookies as loadCookies } from "next/headers";
|
|
4
4
|
import { redirectWithNextAppDirError } from "../redirect-with-error";
|
|
5
|
-
import RouteGuardFactory from "
|
|
5
|
+
import RouteGuardFactory from "./route-guard-factory";
|
|
6
6
|
import { NextResponse } from "next/server";
|
|
7
7
|
import getStringByteSize from "../getStringByteSize";
|
|
8
8
|
import MaximumBrowserCookieSize from "../MaximumBrowserCookieSize";
|
|
9
|
-
import
|
|
9
|
+
import { AccessTokenCookieName } from "../AccessTokenCookieNames";
|
|
10
|
+
import { RefreshTokenCookieName } from "../RefreshTokenCookieNames";
|
|
10
11
|
import getSchemavaultsApiServerId from "../get-schemavaults-api-server-id";
|
|
12
|
+
import { RemoteJwtKeyManager } from "../JwtKeyManager";
|
|
11
13
|
import redirectToLogin from "../redirect-to-login";
|
|
12
14
|
import { redirect } from "next/navigation";
|
|
13
|
-
|
|
15
|
+
import assertValidRouteGuardType from "./assertValidRouteGuardType";
|
|
16
|
+
// default key manager is RemoteJwtKeyManager-- makes it easier for external apps, we can overwrite this once for the auth server
|
|
17
|
+
export function initDefaultJwtKeyManagerForAuthenticatedRouteGuard(debug = process.env.NODE_ENV === "development") {
|
|
18
|
+
return new RemoteJwtKeyManager({
|
|
19
|
+
auth_server_uri: getHardcodedClientWebAppDomain(SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id, getAppEnvironment()),
|
|
20
|
+
debug,
|
|
21
|
+
});
|
|
22
|
+
}
|
|
23
|
+
export async function withAuthenticatedServerComponentRouteGuard(server_component, additional_custom_server_component_props, route_guard_type = "authenticated", custom_is_authorized_check = undefined, jwt_keys_manager = initDefaultJwtKeyManagerForAuthenticatedRouteGuard(), getApiServerId = getSchemavaultsApiServerId) {
|
|
24
|
+
assertValidRouteGuardType(route_guard_type);
|
|
14
25
|
const environment = getAppEnvironment();
|
|
15
26
|
const api_server_id = getApiServerId();
|
|
16
27
|
const cookies = await loadCookies();
|
|
17
28
|
const token_sources = [];
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
29
|
+
if (api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id) {
|
|
30
|
+
const refresh_token_cookie = cookies.get(RefreshTokenCookieName(SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id));
|
|
31
|
+
if (typeof refresh_token_cookie?.value === "string") {
|
|
32
|
+
token_sources.push({
|
|
33
|
+
sourceHint: "Auth Server Refresh Token",
|
|
34
|
+
type: "refresh",
|
|
35
|
+
token: refresh_token_cookie.value,
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
const access_token_cookie_name = AccessTokenCookieName(api_server_id);
|
|
40
|
+
const access_token_cookie = cookies.get(access_token_cookie_name);
|
|
41
|
+
if (typeof access_token_cookie?.value === "string" &&
|
|
42
|
+
access_token_cookie.value.length > 64) {
|
|
43
|
+
let jwt_string = null;
|
|
44
|
+
try {
|
|
45
|
+
const parsed = JSON.parse(access_token_cookie.value);
|
|
46
|
+
if (parsed && typeof parsed.token === "string") {
|
|
47
|
+
jwt_string = parsed.token;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
catch {
|
|
51
|
+
// Raw JWT string fallback
|
|
52
|
+
jwt_string = access_token_cookie.value;
|
|
53
|
+
}
|
|
54
|
+
if (jwt_string) {
|
|
55
|
+
token_sources.push({
|
|
56
|
+
sourceHint: `Access Token from cookie '${access_token_cookie_name}'`,
|
|
57
|
+
type: "access",
|
|
58
|
+
token: jwt_string,
|
|
59
|
+
});
|
|
60
|
+
}
|
|
25
61
|
}
|
|
26
62
|
if (token_sources.length === 0) {
|
|
27
63
|
redirectToLogin(redirect);
|
|
@@ -31,7 +67,7 @@ export async function withAuthenticatedServerComponentRouteGuard(input, dbh, jwt
|
|
|
31
67
|
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id,
|
|
32
68
|
jwt_keys_manager,
|
|
33
69
|
});
|
|
34
|
-
const route_guard = await route_guard_factory.createGuardFromTokenSources(
|
|
70
|
+
const route_guard = await route_guard_factory.createGuardFromTokenSources(route_guard_type, token_sources, api_server_id);
|
|
35
71
|
if (!route_guard.user) {
|
|
36
72
|
redirectToLogin(redirect);
|
|
37
73
|
}
|
|
@@ -39,53 +75,96 @@ export async function withAuthenticatedServerComponentRouteGuard(input, dbh, jwt
|
|
|
39
75
|
if (!route_guard.isAccessAllowed()) {
|
|
40
76
|
redirectWithNextAppDirError(403, "forbidden");
|
|
41
77
|
}
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
: input.ProtectedAuthenticatedPageServerComponent;
|
|
45
|
-
if (typeof ProtectedAuthenticatedPageServerComponent !== "function") {
|
|
46
|
-
throw new TypeError("Expected ProtectedAuthenticatedPageServerComponent to be a function");
|
|
78
|
+
if (typeof server_component !== "function") {
|
|
79
|
+
throw new TypeError("Expected 'server_component' passed to withAuthenticatedServerComponentRouteGuard to be a function");
|
|
47
80
|
}
|
|
48
|
-
|
|
81
|
+
const ProtectedAuthenticatedPageServerComponent = server_component;
|
|
82
|
+
const base_server_component_props = {
|
|
49
83
|
user,
|
|
50
|
-
dbh,
|
|
51
84
|
environment,
|
|
52
85
|
user_organizations: route_guard.user_organizations,
|
|
53
|
-
}
|
|
86
|
+
};
|
|
87
|
+
const server_component_props = {
|
|
88
|
+
...base_server_component_props,
|
|
89
|
+
...additional_custom_server_component_props,
|
|
90
|
+
};
|
|
91
|
+
if (typeof custom_is_authorized_check === "function") {
|
|
92
|
+
let is_authorized = false;
|
|
93
|
+
try {
|
|
94
|
+
is_authorized = await custom_is_authorized_check(server_component_props);
|
|
95
|
+
}
|
|
96
|
+
catch (e) {
|
|
97
|
+
console.error("Error in 'custom_is_authorized_check' handler: ", e);
|
|
98
|
+
redirectWithNextAppDirError(500, "internal_server_error");
|
|
99
|
+
}
|
|
100
|
+
if (!is_authorized) {
|
|
101
|
+
redirectWithNextAppDirError(403, "forbidden");
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
return (await ProtectedAuthenticatedPageServerComponent(server_component_props));
|
|
54
105
|
}
|
|
55
|
-
export function withAuthenticatedApiRouteGuard(
|
|
56
|
-
|
|
106
|
+
export function withAuthenticatedApiRouteGuard(api_route_handler, additional_custom_api_route_inputs, route_guard_type = "authenticated", custom_is_authorized_check = undefined, jwt_keys_manager = initDefaultJwtKeyManagerForAuthenticatedRouteGuard(), getApiServerId = getSchemavaultsApiServerId) {
|
|
107
|
+
assertValidRouteGuardType(route_guard_type);
|
|
108
|
+
const AuthenticatedApiRoute = api_route_handler;
|
|
57
109
|
return async function ProtectedAuthenticatedApiRoute(req) {
|
|
58
110
|
const environment = getAppEnvironment();
|
|
59
111
|
const api_server_id = getApiServerId();
|
|
60
112
|
const token_sources = [];
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
refresh_token_cookie
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
113
|
+
if (api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id) {
|
|
114
|
+
const refresh_token_cookie = req.cookies.get(RefreshTokenCookieName(SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id));
|
|
115
|
+
if (typeof refresh_token_cookie?.value === "string" &&
|
|
116
|
+
refresh_token_cookie.value.length > 64 &&
|
|
117
|
+
getStringByteSize(refresh_token_cookie.value) <=
|
|
118
|
+
MaximumBrowserCookieSize) {
|
|
119
|
+
token_sources.push({
|
|
120
|
+
sourceHint: "Auth Server Refresh Token",
|
|
121
|
+
type: "refresh",
|
|
122
|
+
token: refresh_token_cookie.value,
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
const access_token_cookie_name = AccessTokenCookieName(api_server_id);
|
|
127
|
+
const access_token_cookie = req.cookies.get(access_token_cookie_name);
|
|
128
|
+
if (typeof access_token_cookie?.value === "string" &&
|
|
129
|
+
access_token_cookie.value.length > 64 &&
|
|
130
|
+
getStringByteSize(access_token_cookie.value) <= MaximumBrowserCookieSize) {
|
|
131
|
+
let jwt_string = null;
|
|
132
|
+
try {
|
|
133
|
+
const parsed = JSON.parse(access_token_cookie.value);
|
|
134
|
+
if (parsed && typeof parsed.token === "string") {
|
|
135
|
+
jwt_string = parsed.token;
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
catch {
|
|
139
|
+
// Raw JWT string fallback
|
|
140
|
+
jwt_string = access_token_cookie.value;
|
|
141
|
+
}
|
|
142
|
+
if (jwt_string) {
|
|
143
|
+
token_sources.push({
|
|
144
|
+
sourceHint: `Access Token from cookie '${access_token_cookie_name}'`,
|
|
145
|
+
type: "access",
|
|
146
|
+
token: jwt_string,
|
|
147
|
+
});
|
|
148
|
+
}
|
|
70
149
|
}
|
|
71
|
-
if (req.headers.has(
|
|
72
|
-
const auth_header = req.headers.get("Authorization");
|
|
150
|
+
if (req.headers.has("Authorization") || req.headers.has("authorization")) {
|
|
151
|
+
const auth_header = req.headers.get("Authorization") ?? req.headers.get("authorization");
|
|
73
152
|
if (!auth_header || typeof auth_header !== "string") {
|
|
74
153
|
throw new Error("Expected 'Authorization' to be non-empty string if set.");
|
|
75
154
|
}
|
|
76
155
|
if (!auth_header.startsWith("Bearer ")) {
|
|
77
156
|
throw new Error("Expected header 'Authorization' to start with 'Bearer '");
|
|
78
157
|
}
|
|
79
|
-
const
|
|
158
|
+
const access_token_from_header = typeof auth_header === "string" && auth_header.startsWith("Bearer ")
|
|
80
159
|
? auth_header.slice("Bearer ".length)
|
|
81
160
|
: "";
|
|
82
|
-
if (!
|
|
83
|
-
throw new Error(`
|
|
161
|
+
if (!access_token_from_header) {
|
|
162
|
+
throw new Error(`Header 'Authorization' appears to be empty!`);
|
|
84
163
|
}
|
|
85
164
|
token_sources.push({
|
|
86
|
-
sourceHint: "
|
|
165
|
+
sourceHint: "Access Token from Authorization Bearer header",
|
|
87
166
|
type: "access",
|
|
88
|
-
token:
|
|
167
|
+
token: access_token_from_header,
|
|
89
168
|
});
|
|
90
169
|
}
|
|
91
170
|
const route_guard_factory = new RouteGuardFactory({
|
|
@@ -93,7 +172,7 @@ export function withAuthenticatedApiRouteGuard(input, dbh, jwt_keys_manager, get
|
|
|
93
172
|
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id,
|
|
94
173
|
jwt_keys_manager,
|
|
95
174
|
});
|
|
96
|
-
const route_guard = await route_guard_factory.createGuardFromTokenSources(
|
|
175
|
+
const route_guard = await route_guard_factory.createGuardFromTokenSources(route_guard_type, token_sources, SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id);
|
|
97
176
|
if (!route_guard.user) {
|
|
98
177
|
return NextResponse.json({
|
|
99
178
|
success: false,
|
|
@@ -117,13 +196,38 @@ export function withAuthenticatedApiRouteGuard(input, dbh, jwt_keys_manager, get
|
|
|
117
196
|
}, { status: 403 });
|
|
118
197
|
}
|
|
119
198
|
const user_organizations = route_guard.user_organizations;
|
|
120
|
-
|
|
199
|
+
const base_api_route_inputs = {
|
|
121
200
|
req,
|
|
122
201
|
user,
|
|
123
|
-
dbh,
|
|
124
202
|
environment,
|
|
125
203
|
user_organizations,
|
|
126
|
-
}
|
|
204
|
+
};
|
|
205
|
+
const api_route_inputs = {
|
|
206
|
+
...base_api_route_inputs,
|
|
207
|
+
...additional_custom_api_route_inputs,
|
|
208
|
+
};
|
|
209
|
+
if (typeof custom_is_authorized_check === "function") {
|
|
210
|
+
let is_authorized = false;
|
|
211
|
+
try {
|
|
212
|
+
is_authorized = await custom_is_authorized_check(api_route_inputs);
|
|
213
|
+
}
|
|
214
|
+
catch (e) {
|
|
215
|
+
console.error("Error in 'custom_is_authorized_check' handler: ", e);
|
|
216
|
+
return NextResponse.json({
|
|
217
|
+
success: false,
|
|
218
|
+
error: true,
|
|
219
|
+
message: "Error while checking if access is allowed",
|
|
220
|
+
}, { status: 500 });
|
|
221
|
+
}
|
|
222
|
+
if (!is_authorized) {
|
|
223
|
+
return NextResponse.json({
|
|
224
|
+
success: false,
|
|
225
|
+
error: true,
|
|
226
|
+
message: "Access is not allowed",
|
|
227
|
+
}, { status: 403 });
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
return (await AuthenticatedApiRoute(api_route_inputs));
|
|
127
231
|
};
|
|
128
232
|
}
|
|
129
233
|
//# sourceMappingURL=withAuthenticatedRouteGuard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"withAuthenticatedRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAuthenticatedRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAErB,OAAO,EAEL,gCAAgC,EAEhC,iBAAiB,
|
|
1
|
+
{"version":3,"file":"withAuthenticatedRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAuthenticatedRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAErB,OAAO,EAEL,gCAAgC,EAEhC,iBAAiB,EACjB,8BAA8B,GAC/B,MAAM,+BAA+B,CAAC;AAOvC,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,cAAc,CAAC;AAEtD,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,iBAAiB,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAoB,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,iBAAiB,MAAM,qBAAqB,CAAC;AACpD,OAAO,wBAAwB,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,0BAA0B,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAuB,MAAM,iBAAiB,CAAC;AAC3E,OAAO,eAAe,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,yBAAyB,MAAM,6BAA6B,CAAC;AA2BpE,iIAAiI;AACjI,MAAM,UAAU,kDAAkD,CAChE,QAAiB,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa;IAEvD,OAAO,IAAI,mBAAmB,CAAC;QAC7B,eAAe,EAAE,8BAA8B,CAC7C,gCAAgC,CAAC,MAAM,EACvC,iBAAiB,EAAE,CACpB;QACD,KAAK;KACN,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0CAA0C,CAG9D,gBAAoF,EACpF,wCAAgE,EAChE,mBAA8C,eAAe,EAC7D,6BAKgB,SAAS,EACzB,mBAAmC,kDAAkD,EAAE,EACvF,iBAAoC,0BAA0B;IAE9D,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;IAE5C,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;IACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;IACpD,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,aAAa,GAAkC,EAAE,CAAC;IAExD,IAAI,aAAa,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CACtC,sBAAsB,CAAC,gCAAgC,CAAC,MAAM,CAAC,CAChE,CAAC;QACF,IAAI,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;YACpD,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,2BAA2B;gBACvC,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,oBAAoB,CAAC,KAAK;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,wBAAwB,GAAW,qBAAqB,CAAC,aAAa,CAAC,CAAC;IAC9E,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAClE,IACE,OAAO,mBAAmB,EAAE,KAAK,KAAK,QAAQ;QAC9C,mBAAmB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,EACrC,CAAC;QACD,IAAI,UAAU,GAAkB,IAAI,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACrD,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC/C,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;YAC1B,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;QACzC,CAAC;QACD,IAAI,UAAU,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,6BAA6B,wBAAwB,GAAG;gBACpE,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,UAAU;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;QAChD,WAAW;QACX,cAAc,EAAE,aAAa,KAAK,gCAAgC,CAAC,MAAM;QACzE,gBAAgB;KACjB,CAAC,CAAC;IACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,gBAAgB,EAChB,aAAa,EACb,aAAa,CACd,CAAC;IAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACtB,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;IAExC,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,EAAE,CAAC;QACnC,2BAA2B,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,OAAO,gBAAgB,KAAK,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,SAAS,CACjB,mGAAmG,CACpG,CAAC;IACJ,CAAC;IACD,MAAM,yCAAyC,GAAG,gBAAgB,CAAC;IAEnE,MAAM,2BAA2B,GAC/B;QACE,IAAI;QACJ,WAAW;QACX,kBAAkB,EAAE,WAAW,CAAC,kBAAkB;KACnD,CAAC;IAEJ,MAAM,sBAAsB,GACD;QACzB,GAAG,2BAA2B;QAC9B,GAAG,wCAAwC;KAC5C,CAAC;IAEF,IAAI,OAAO,0BAA0B,KAAK,UAAU,EAAE,CAAC;QACrD,IAAI,aAAa,GAAY,KAAK,CAAC;QACnC,IAAI,CAAC;YACH,aAAa,GAAG,MAAM,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;YACpE,2BAA2B,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,2BAA2B,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,OAAO,CAAC,MAAM,yCAAyC,CACrD,sBAAsB,CACvB,CAAwB,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,8BAA8B,CAG5C,iBAAgF,EAChF,kCAAgE,EAChE,mBAA8C,eAAe,EAC7D,6BAKgB,SAAS,EACzB,mBAAmC,kDAAkD,EAAE,EACvF,iBAAoC,0BAA0B;IAE9D,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;IAE5C,MAAM,qBAAqB,GACzB,iBAAiB,CAAC;IACpB,OAAO,KAAK,UAAU,8BAA8B,CAClD,GAAgB;QAEhB,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;QACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;QAEpD,MAAM,aAAa,GAAkC,EAAE,CAAC;QAExD,IAAI,aAAa,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,oBAAoB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAC1C,sBAAsB,CAAC,gCAAgC,CAAC,MAAM,CAAC,CAChE,CAAC;YACF,IACE,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ;gBAC/C,oBAAoB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBACtC,iBAAiB,CAAC,oBAAoB,CAAC,KAAK,CAAC;oBAC3C,wBAAwB,EAC1B,CAAC;gBACD,aAAa,CAAC,IAAI,CAAC;oBACjB,UAAU,EAAE,2BAA2B;oBACvC,IAAI,EAAE,SAAS;oBACf,KAAK,EAAE,oBAAoB,CAAC,KAAsB;iBACnD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,wBAAwB,GAC5B,qBAAqB,CAAC,aAAa,CAAC,CAAC;QACvC,MAAM,mBAAmB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtE,IACE,OAAO,mBAAmB,EAAE,KAAK,KAAK,QAAQ;YAC9C,mBAAmB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;YACrC,iBAAiB,CAAC,mBAAmB,CAAC,KAAK,CAAC,IAAI,wBAAwB,EACxE,CAAC;YACD,IAAI,UAAU,GAAkB,IAAI,CAAC;YACrC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;gBACrD,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC/C,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC;gBAC5B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,0BAA0B;gBAC1B,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;YACzC,CAAC;YACD,IAAI,UAAU,EAAE,CAAC;gBACf,aAAa,CAAC,IAAI,CAAC;oBACjB,UAAU,EAAE,6BAA6B,wBAAwB,GAAG;oBACpE,IAAI,EAAE,QAAQ;oBACd,KAAK,EAAE,UAAU;iBAClB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;YACzE,MAAM,WAAW,GACf,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACvE,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACpD,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;YACD,MAAM,wBAAwB,GAC5B,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC;gBAClE,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC;gBACrC,CAAC,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,wBAAwB,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACjE,CAAC;YACD,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,+CAA+C;gBAC3D,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,wBAAyC;aACjD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;YAChD,WAAW;YACX,cAAc,EAAE,aAAa,KAAK,gCAAgC,CAAC,MAAM;YACzE,gBAAgB;SACjB,CAAC,CAAC;QACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,gBAAgB,EAChB,aAAa,EACb,gCAAgC,CAAC,MAAM,CACxC,CAAC;QAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACtB,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,qCAAqC;aAC/C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;QAExC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACnD,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EACL,qEAAqE;aACxE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACxD,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,uBAAuB;aACjC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,MAAM,kBAAkB,GACtB,WAAW,CAAC,kBAAkB,CAAC;QAEjC,MAAM,qBAAqB,GAA8C;YACvE,GAAG;YACH,IAAI;YACJ,WAAW;YACX,kBAAkB;SACnB,CAAC;QAEF,MAAM,gBAAgB,GACW;YAC/B,GAAG,qBAAqB;YACxB,GAAG,kCAAkC;SACtC,CAAC;QAEF,IAAI,OAAO,0BAA0B,KAAK,UAAU,EAAE,CAAC;YACrD,IAAI,aAAa,GAAY,KAAK,CAAC;YACnC,IAAI,CAAC;gBACH,aAAa,GAAG,MAAM,0BAA0B,CAAC,gBAAgB,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;gBACpE,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,IAAI;oBACX,OAAO,EAAE,2CAA2C;iBACrD,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,IAAI;oBACX,OAAO,EAAE,uBAAuB;iBACjC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,CAAC,MAAM,qBAAqB,CACjC,gBAAgB,CACjB,CAAwB,CAAC;IAC5B,CAAC,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@schemavaults/auth-server-sdk",
|
|
3
3
|
"description": "TypeScript SDK for building authenticated endpoints/middlewares for the Auth Server and Resource Servers",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.19.2",
|
|
5
5
|
"license": "UNLICENSED",
|
|
6
6
|
"private": false,
|
|
7
7
|
"repository": {
|
|
@@ -15,12 +15,13 @@
|
|
|
15
15
|
"types": "dist/index.d.ts",
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"zod": "3.23.8",
|
|
18
|
-
"@schemavaults/jwt": "0.6.
|
|
19
|
-
"@schemavaults/auth-common": "0.8.
|
|
20
|
-
"@schemavaults/app-definitions": "0.6.
|
|
18
|
+
"@schemavaults/jwt": "0.6.27",
|
|
19
|
+
"@schemavaults/auth-common": "0.8.6",
|
|
20
|
+
"@schemavaults/app-definitions": "0.6.14"
|
|
21
21
|
},
|
|
22
22
|
"scripts": {
|
|
23
|
-
"build": "tsc --project tsconfig.json && tsc-alias --project tsconfig.json",
|
|
23
|
+
"build": "tsc --project tsconfig.json && tsc-alias --project tsconfig.json && bun run copy-codegen-templates",
|
|
24
|
+
"copy-codegen-templates": "/bin/bash ./copy-codegen-templates.sh",
|
|
24
25
|
"test": "NODE_ENV=test bun test",
|
|
25
26
|
"cleanup:compiled-tests-output": "find ./dist -type f \\( -name \"*.test.js\" -o -name \"*.test.js.map\" -o -name \"*.test.d.ts\" \\) -delete",
|
|
26
27
|
"cleanup": "bun run cleanup:compiled-tests-output",
|
|
@@ -29,7 +30,6 @@
|
|
|
29
30
|
"typecheck": "tsc --project tsconfig.json --noEmit"
|
|
30
31
|
},
|
|
31
32
|
"devDependencies": {
|
|
32
|
-
"@schemavaults/dbh": "0.7.5",
|
|
33
33
|
"typescript": "5.9.3",
|
|
34
34
|
"bun-types": "1.3.6",
|
|
35
35
|
"@types/react": "19.0.0",
|
|
@@ -120,6 +120,16 @@
|
|
|
120
120
|
"types": "./dist/redirect-to-login.d.ts",
|
|
121
121
|
"import": "./dist/redirect-to-login.js",
|
|
122
122
|
"require": "./dist/redirect-to-login.js"
|
|
123
|
+
},
|
|
124
|
+
"./NextjsAppDirectoryPlugin": {
|
|
125
|
+
"types": "./dist/NextjsAppDirectoryPlugin/index.d.ts",
|
|
126
|
+
"import": "./dist/NextjsAppDirectoryPlugin/index.js",
|
|
127
|
+
"require": "./dist/NextjsAppDirectoryPlugin/index.js"
|
|
128
|
+
},
|
|
129
|
+
"./NextjsAppDirectoryPlugin/*": {
|
|
130
|
+
"types": "./dist/NextjsAppDirectoryPlugin/*",
|
|
131
|
+
"import": "./dist/NextjsAppDirectoryPlugin/*",
|
|
132
|
+
"require": "./dist/NextjsAppDirectoryPlugin/*"
|
|
123
133
|
}
|
|
124
134
|
}
|
|
125
135
|
}
|
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
import { importPKCS8, PEMFormat, sign_verify_alg } from "@schemavaults/jwt";
|
|
2
|
-
export default async function loadJwksAccessPrivateKey(env = process.env) {
|
|
3
|
-
if (typeof env === "object" &&
|
|
4
|
-
"SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY" in env &&
|
|
5
|
-
typeof env["SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY"] === "string" &&
|
|
6
|
-
env["SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY"].length > 0) {
|
|
7
|
-
const environmentVariable = env["SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY"];
|
|
8
|
-
let pem;
|
|
9
|
-
if (PEMFormat.isPemFormat(environmentVariable, "PRIVATE")) {
|
|
10
|
-
try {
|
|
11
|
-
pem = PEMFormat.parsePem(environmentVariable, "PRIVATE");
|
|
12
|
-
}
|
|
13
|
-
catch (e) {
|
|
14
|
-
console.error(e);
|
|
15
|
-
throw new TypeError("Failed to import environment variable 'SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY' from PEM-encoded environment variable!");
|
|
16
|
-
}
|
|
17
|
-
}
|
|
18
|
-
else {
|
|
19
|
-
try {
|
|
20
|
-
pem = PEMFormat.fromBase64Url(environmentVariable, "PRIVATE");
|
|
21
|
-
}
|
|
22
|
-
catch (e) {
|
|
23
|
-
console.error(e);
|
|
24
|
-
throw new TypeError("Failed to import environment variable 'SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY' from base64url-encoded environment variable!");
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
return await importPKCS8(pem.value, sign_verify_alg);
|
|
28
|
-
}
|
|
29
|
-
else {
|
|
30
|
-
throw new TypeError("Environment variable 'SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY' missing!");
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
|
-
//# sourceMappingURL=loadJwksAccessPrivateKey.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"loadJwksAccessPrivateKey.js","sourceRoot":"","sources":["../../src/env/loadJwksAccessPrivateKey.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAE5E,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,wBAAwB,CACpD,MAAc,OAAO,CAAC,GAAG;IAEzB,IACE,OAAO,GAAG,KAAK,QAAQ;QACvB,2CAA2C,IAAI,GAAG;QAClD,OAAO,GAAG,CAAC,2CAA2C,CAAC,KAAK,QAAQ;QACpE,GAAG,CAAC,2CAA2C,CAAC,CAAC,MAAM,GAAG,CAAC,EAC3D,CAAC;QACD,MAAM,mBAAmB,GACvB,GAAG,CAAC,2CAA2C,CAAC,CAAC;QAEnD,IAAI,GAAc,CAAC;QACnB,IAAI,SAAS,CAAC,WAAW,CAAC,mBAAmB,EAAE,SAAS,CAAC,EAAE,CAAC;YAC1D,IAAI,CAAC;gBACH,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;YAC3D,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,SAAS,CACjB,0HAA0H,CAC3H,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC;gBACH,GAAG,GAAG,SAAS,CAAC,aAAa,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;YAChE,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,SAAS,CACjB,gIAAgI,CACjI,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,SAAS,CACjB,2EAA2E,CAC5E,CAAC;IACJ,CAAC;AACH,CAAC"}
|
|
File without changes
|