@schemavaults/auth-server-sdk 0.17.2 → 0.17.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.d.ts +2 -2
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js +2 -1
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js.map +1 -1
- package/dist/JwtKeyManager/loadJwtDecodingKeys.js +49 -17
- package/dist/JwtKeyManager/loadJwtDecodingKeys.js.map +1 -1
- package/dist/MaximumBrowserCookieSize.d.ts +3 -0
- package/dist/MaximumBrowserCookieSize.js +4 -0
- package/dist/MaximumBrowserCookieSize.js.map +1 -0
- package/dist/RefreshTokenCookieNames.d.ts +3 -0
- package/dist/RefreshTokenCookieNames.js +4 -0
- package/dist/RefreshTokenCookieNames.js.map +1 -0
- package/dist/auth-server-error-message-catalog.d.ts +5 -0
- package/dist/auth-server-error-message-catalog.js +20 -0
- package/dist/auth-server-error-message-catalog.js.map +1 -0
- package/dist/get-schemavaults-api-server-id.d.ts +8 -0
- package/dist/get-schemavaults-api-server-id.js +19 -0
- package/dist/get-schemavaults-api-server-id.js.map +1 -0
- package/dist/get-schemavaults-auth-server-uri.d.ts +1 -0
- package/dist/get-schemavaults-auth-server-uri.js +21 -0
- package/dist/get-schemavaults-auth-server-uri.js.map +1 -0
- package/dist/getStringByteSize.d.ts +1 -0
- package/dist/getStringByteSize.js +4 -0
- package/dist/getStringByteSize.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.js +7 -0
- package/dist/index.js.map +1 -1
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js +4 -3
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js.map +1 -1
- package/dist/redirect-with-error.d.ts +5 -0
- package/dist/redirect-with-error.js +22 -0
- package/dist/redirect-with-error.js.map +1 -0
- package/dist/route_guards/IRouteGuard.d.ts +6 -0
- package/dist/route_guards/IRouteGuard.js +2 -0
- package/dist/route_guards/IRouteGuard.js.map +1 -0
- package/dist/route_guards/base-route-guard.d.ts +7 -7
- package/dist/route_guards/base-route-guard.js +6 -1
- package/dist/route_guards/base-route-guard.js.map +1 -1
- package/dist/route_guards/index.d.ts +5 -1
- package/dist/route_guards/index.js +2 -0
- package/dist/route_guards/index.js.map +1 -1
- package/dist/route_guards/init_route_guard_check_options.d.ts +2 -1
- package/dist/route_guards/route-guard-factory.d.ts +2 -1
- package/dist/route_guards/route-guard-factory.js +19 -3
- package/dist/route_guards/route-guard-factory.js.map +1 -1
- package/dist/route_guards/withAdminRouteGuard.d.ts +25 -0
- package/dist/route_guards/withAdminRouteGuard.js +124 -0
- package/dist/route_guards/withAdminRouteGuard.js.map +1 -0
- package/dist/route_guards/withAuthenticatedRouteGuard.d.ts +26 -0
- package/dist/route_guards/withAuthenticatedRouteGuard.js +124 -0
- package/dist/route_guards/withAuthenticatedRouteGuard.js.map +1 -0
- package/package.json +80 -6
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import type { IJwtKeyManager } from "../../JwtKeyManager/IJwtKeyManager";
|
|
2
2
|
import type { JWKS } from "@schemavaults/jwt";
|
|
3
3
|
export interface IRemoteJwtKeyManagerConstructorOpts {
|
|
4
|
-
auth_server_uri
|
|
4
|
+
auth_server_uri?: string;
|
|
5
5
|
}
|
|
6
6
|
export declare class RemoteJwtKeyManager implements IJwtKeyManager {
|
|
7
7
|
private readonly auth_server_uri;
|
|
8
|
-
constructor({ auth_server_uri }: IRemoteJwtKeyManagerConstructorOpts);
|
|
8
|
+
constructor({ auth_server_uri, }: IRemoteJwtKeyManagerConstructorOpts);
|
|
9
9
|
loadJwks(audienceId: string): Promise<JWKS>;
|
|
10
10
|
}
|
|
11
11
|
export default RemoteJwtKeyManager;
|
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
import loadRemoteJwks from "./loadRemoteJwks";
|
|
2
2
|
import { apiServerIdSchema, SCHEMAVAULTS_AUTH_APP_DEFINITION, } from "@schemavaults/app-definitions";
|
|
3
|
+
import getSchemaVaultsAuthServerUri from "../../get-schemavaults-auth-server-uri";
|
|
3
4
|
export class RemoteJwtKeyManager {
|
|
4
5
|
auth_server_uri;
|
|
5
|
-
constructor({ auth_server_uri }) {
|
|
6
|
+
constructor({ auth_server_uri = getSchemaVaultsAuthServerUri(), }) {
|
|
6
7
|
this.auth_server_uri = auth_server_uri;
|
|
7
8
|
}
|
|
8
9
|
async loadJwks(audienceId) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RemoteJwtKeyManager.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.ts"],"names":[],"mappings":"AAEA,OAAO,cAAc,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EACL,iBAAiB,EACjB,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"RemoteJwtKeyManager.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.ts"],"names":[],"mappings":"AAEA,OAAO,cAAc,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EACL,iBAAiB,EACjB,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,4BAA4B,MAAM,oCAAoC,CAAC;AAM9E,MAAM,OAAO,mBAAmB;IACb,eAAe,CAAS;IAEzC,YAAmB,EACjB,eAAe,GAAG,4BAA4B,EAAE,GACZ;QACpC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,UAAkB;QACtC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CACb,8CAA8C,UAAU,GAAG,CAC5D,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,cAAc,CAAC;YAC1B,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,mBAAmB,CAAC"}
|
|
@@ -1,38 +1,69 @@
|
|
|
1
1
|
import { apiServerIdSchema } from "@schemavaults/app-definitions";
|
|
2
2
|
import { importAsymmetricJWK } from "@schemavaults/jwt";
|
|
3
3
|
export async function loadJwtDecodingKeysFromJwks({ keyset_id, jwks, }, debug = false) {
|
|
4
|
-
|
|
5
|
-
|
|
4
|
+
if (jwks.keys.length === 0) {
|
|
5
|
+
throw new Error("JWKS appears to be empty, cannot extract decoding keys from empty set!");
|
|
6
|
+
}
|
|
7
|
+
// Loop over keys in JWKS and find the required keys
|
|
6
8
|
let verification_key = undefined;
|
|
7
9
|
let decryption_key = undefined;
|
|
10
|
+
function allRequiredKeysFound() {
|
|
11
|
+
return verification_key && decryption_key ? true : false;
|
|
12
|
+
}
|
|
8
13
|
for (const key of jwks.keys) {
|
|
9
14
|
const kid = key.kid;
|
|
10
15
|
if (typeof kid !== "string") {
|
|
11
16
|
throw new TypeError(`Invalid JWK in JWKS; missing 'kid' string!`);
|
|
12
17
|
}
|
|
13
|
-
if (kid ===
|
|
18
|
+
if (kid === `${keyset_id}-verification`) {
|
|
14
19
|
verification_key = await importAsymmetricJWK(key);
|
|
20
|
+
if (allRequiredKeysFound()) {
|
|
21
|
+
break; // exit early if keys have been found
|
|
22
|
+
}
|
|
23
|
+
else {
|
|
24
|
+
continue;
|
|
25
|
+
}
|
|
15
26
|
}
|
|
16
|
-
else if (kid ===
|
|
27
|
+
else if (kid === `${keyset_id}-decryption`) {
|
|
17
28
|
decryption_key = await importAsymmetricJWK(key);
|
|
29
|
+
if (allRequiredKeysFound()) {
|
|
30
|
+
break; // exit early if keys have been found
|
|
31
|
+
}
|
|
32
|
+
else {
|
|
33
|
+
continue;
|
|
34
|
+
}
|
|
18
35
|
}
|
|
19
36
|
else {
|
|
20
37
|
continue; // not a match
|
|
21
38
|
}
|
|
22
39
|
}
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
40
|
+
const foundRequiredDecodingKeys = allRequiredKeysFound();
|
|
41
|
+
if (foundRequiredDecodingKeys && verification_key && decryption_key) {
|
|
42
|
+
return {
|
|
43
|
+
keyset_id,
|
|
44
|
+
verification_key,
|
|
45
|
+
decryption_key,
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
// Else, not all keys were found-- handle failure gracefully
|
|
49
|
+
const listOfKidsInJwks = jwks.keys
|
|
50
|
+
.map((k) => `'${k.kid}'`)
|
|
51
|
+
.join(", ");
|
|
52
|
+
if (!verification_key && !decryption_key) {
|
|
53
|
+
console.error(`Missing both verification and decryption keys for keyset '${keyset_id}' from available keys: `, listOfKidsInJwks);
|
|
54
|
+
throw new Error(`Missing both verification and decryption keys for keyset '${keyset_id}'`);
|
|
55
|
+
}
|
|
56
|
+
else if (!verification_key) {
|
|
57
|
+
console.error(`Missing verification key for keyset '${keyset_id}' from available keys: `, listOfKidsInJwks);
|
|
58
|
+
throw new Error(`Missing verification key for keyset '${keyset_id}'`);
|
|
59
|
+
}
|
|
60
|
+
else if (!decryption_key) {
|
|
61
|
+
console.error(`Missing decryption key for keyset '${keyset_id}' from available keys: `, listOfKidsInJwks);
|
|
62
|
+
throw new Error(`Missing decryption key for keyset '${keyset_id}'`);
|
|
63
|
+
}
|
|
64
|
+
else {
|
|
65
|
+
throw new Error("Error handling missing JWT decoding keys gracefully!");
|
|
30
66
|
}
|
|
31
|
-
return {
|
|
32
|
-
keyset_id,
|
|
33
|
-
verification_key,
|
|
34
|
-
decryption_key,
|
|
35
|
-
};
|
|
36
67
|
}
|
|
37
68
|
export async function loadJwtDecodingKeys({ keys_manager, keyset_id, audience_id, ...opts }) {
|
|
38
69
|
const debug = opts.debug ?? false;
|
|
@@ -46,7 +77,8 @@ export async function loadJwtDecodingKeys({ keys_manager, keyset_id, audience_id
|
|
|
46
77
|
!Array.isArray(jwks.keys)) {
|
|
47
78
|
throw new TypeError("Invalid JWKS; not an object or missing 'keys' array!");
|
|
48
79
|
}
|
|
49
|
-
|
|
80
|
+
const jwt_decoding_keys = await loadJwtDecodingKeysFromJwks({ keyset_id, jwks }, debug);
|
|
81
|
+
return jwt_decoding_keys;
|
|
50
82
|
}
|
|
51
83
|
export default loadJwtDecodingKeys;
|
|
52
84
|
//# sourceMappingURL=loadJwtDecodingKeys.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loadJwtDecodingKeys.js","sourceRoot":"","sources":["../../src/JwtKeyManager/loadJwtDecodingKeys.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAa,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAenE,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,EACE,SAAS,EACT,IAAI,GAIL,EACD,QAAiB,KAAK;IAEtB,
|
|
1
|
+
{"version":3,"file":"loadJwtDecodingKeys.js","sourceRoot":"","sources":["../../src/JwtKeyManager/loadJwtDecodingKeys.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAa,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAenE,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,EACE,SAAS,EACT,IAAI,GAIL,EACD,QAAiB,KAAK;IAEtB,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;IACJ,CAAC;IAED,oDAAoD;IACpD,IAAI,gBAAgB,GAA0B,SAAS,CAAC;IACxD,IAAI,cAAc,GAA0B,SAAS,CAAC;IACtD,SAAS,oBAAoB;QAC3B,OAAO,gBAAgB,IAAI,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC;IAC3D,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,4CAA4C,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,GAAG,KAAK,GAAG,SAAS,eAAe,EAAE,CAAC;YACxC,gBAAgB,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAClD,IAAI,oBAAoB,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,qCAAqC;YAC9C,CAAC;iBAAM,CAAC;gBACN,SAAS;YACX,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,KAAK,GAAG,SAAS,aAAa,EAAE,CAAC;YAC7C,cAAc,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,oBAAoB,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,qCAAqC;YAC9C,CAAC;iBAAM,CAAC;gBACN,SAAS;YACX,CAAC;QACH,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,cAAc;QAC1B,CAAC;IACH,CAAC;IAED,MAAM,yBAAyB,GAAY,oBAAoB,EAAE,CAAC;IAClE,IAAI,yBAAyB,IAAI,gBAAgB,IAAI,cAAc,EAAE,CAAC;QACpE,OAAO;YACL,SAAS;YACT,gBAAgB;YAChB,cAAc;SACgB,CAAC;IACnC,CAAC;IAED,4DAA4D;IAE5D,MAAM,gBAAgB,GAAW,IAAI,CAAC,IAAI;SACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;SACxB,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,IAAI,CAAC,gBAAgB,IAAI,CAAC,cAAc,EAAE,CAAC;QACzC,OAAO,CAAC,KAAK,CACX,6DAA6D,SAAS,yBAAyB,EAC/F,gBAAgB,CACjB,CAAC;QACF,MAAM,IAAI,KAAK,CACb,6DAA6D,SAAS,GAAG,CAC1E,CAAC;IACJ,CAAC;SAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC7B,OAAO,CAAC,KAAK,CACX,wCAAwC,SAAS,yBAAyB,EAC1E,gBAAgB,CACjB,CAAC;QACF,MAAM,IAAI,KAAK,CAAC,wCAAwC,SAAS,GAAG,CAAC,CAAC;IACxE,CAAC;SAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CACX,sCAAsC,SAAS,yBAAyB,EACxE,gBAAgB,CACjB,CAAC;QACF,MAAM,IAAI,KAAK,CAAC,sCAAsC,SAAS,GAAG,CAAC,CAAC;IACtE,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EACxC,YAAY,EACZ,SAAS,EACT,WAAW,EACX,GAAG,IAAI,EACqB;IAC5B,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;IAE3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,uDAAuD,WAAW,GAAG,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAS,MAAM,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,IACE,CAAC,IAAI;QACL,OAAO,IAAI,KAAK,QAAQ;QACxB,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EACzB,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,sDAAsD,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,iBAAiB,GACrB,MAAM,2BAA2B,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;IAEhE,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,eAAe,mBAAmB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"MaximumBrowserCookieSize.js","sourceRoot":"","sources":["../src/MaximumBrowserCookieSize.ts"],"names":[],"mappings":"AAAA,MAAM,wBAAwB,GAAG,IAAI,CAAC,CAAC,MAAM;AAE7C,OAAO,EAAE,wBAAwB,EAAE,CAAC;AACpC,eAAe,wBAAwB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"RefreshTokenCookieNames.js","sourceRoot":"","sources":["../src/RefreshTokenCookieNames.ts"],"names":[],"mappings":"AACA,MAAM,CAAC,MAAM,sBAAsB,GAAG,eAAyC,CAAC;AAChF,MAAM,CAAC,MAAM,4BAA4B,GAAG,sBAAgD,CAAC;AAE7F,eAAe,sBAAsB,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
declare const ERROR_IDS: readonly ["unknown", "app_id_not_found", "unauthenticated", "forbidden", "load_user_data_failure", "internal_server_error"];
|
|
2
|
+
export type SchemaVaultsAuthErrorId = (typeof ERROR_IDS)[number];
|
|
3
|
+
export declare const ERROR_MESSAGE_CATALOG: Record<SchemaVaultsAuthErrorId, string>;
|
|
4
|
+
export declare function isValidErrorId(id: string): id is SchemaVaultsAuthErrorId;
|
|
5
|
+
export {};
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
const ERROR_IDS = [
|
|
2
|
+
"unknown",
|
|
3
|
+
"app_id_not_found",
|
|
4
|
+
"unauthenticated",
|
|
5
|
+
"forbidden",
|
|
6
|
+
"load_user_data_failure",
|
|
7
|
+
"internal_server_error",
|
|
8
|
+
];
|
|
9
|
+
export const ERROR_MESSAGE_CATALOG = {
|
|
10
|
+
unknown: "An unknown error occurred",
|
|
11
|
+
app_id_not_found: "App with specified ID not found!",
|
|
12
|
+
unauthenticated: "Failed to authenticate to figure out who you are! Try logging in again or contacting support...",
|
|
13
|
+
forbidden: "Oops! You don't have permission to do that action! Get in touch with support if you believe this is a mistake!",
|
|
14
|
+
load_user_data_failure: "There was an error loading data associated with your SchemaVaults account!",
|
|
15
|
+
internal_server_error: "There was a problem in the SchemaVaults backend logic and something caused a crash!",
|
|
16
|
+
};
|
|
17
|
+
export function isValidErrorId(id) {
|
|
18
|
+
return ERROR_IDS.includes(id);
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=auth-server-error-message-catalog.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-server-error-message-catalog.js","sourceRoot":"","sources":["../src/auth-server-error-message-catalog.ts"],"names":[],"mappings":"AAAA,MAAM,SAAS,GAAG;IAChB,SAAS;IACT,kBAAkB;IAClB,iBAAiB;IACjB,WAAW;IACX,wBAAwB;IACxB,uBAAuB;CACa,CAAC;AAIvC,MAAM,CAAC,MAAM,qBAAqB,GAA4C;IAC5E,OAAO,EAAE,2BAA2B;IACpC,gBAAgB,EAAE,kCAAkC;IACpD,eAAe,EACb,iGAAiG;IACnG,SAAS,EACP,gHAAgH;IAClH,sBAAsB,EACpB,4EAA4E;IAC9E,qBAAqB,EACnB,qFAAqF;CACxF,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,EAAU;IACvC,OAAO,SAAS,CAAC,QAAQ,CAAC,EAA8C,CAAC,CAAC;AAC5E,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { type ApiServerId } from "@schemavaults/app-definitions";
|
|
2
|
+
export { type ApiServerId } from "@schemavaults/app-definitions";
|
|
3
|
+
/**
|
|
4
|
+
* @returns Parsed value of process.env.SCHEMAVAULTS_API_SERVER_ID
|
|
5
|
+
*/
|
|
6
|
+
declare function getSchemavaultsApiServerId(): ApiServerId;
|
|
7
|
+
export { getSchemavaultsApiServerId };
|
|
8
|
+
export default getSchemavaultsApiServerId;
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { apiServerIdSchema, } from "@schemavaults/app-definitions";
|
|
2
|
+
/**
|
|
3
|
+
* @returns Parsed value of process.env.SCHEMAVAULTS_API_SERVER_ID
|
|
4
|
+
*/
|
|
5
|
+
function getSchemavaultsApiServerId() {
|
|
6
|
+
const apiServerIdEnvVar = process.env.SCHEMAVAULTS_API_SERVER_ID;
|
|
7
|
+
if (apiServerIdEnvVar && typeof apiServerIdEnvVar === "string") {
|
|
8
|
+
if (!apiServerIdSchema.safeParse(apiServerIdEnvVar).success) {
|
|
9
|
+
throw new TypeError("Invalid API server ID to use from 'SCHEMAVAULTS_API_SERVER_ID' environment variable!");
|
|
10
|
+
}
|
|
11
|
+
return apiServerIdEnvVar;
|
|
12
|
+
}
|
|
13
|
+
else {
|
|
14
|
+
throw new TypeError("Environment variable 'SCHEMAVAULTS_API_SERVER_ID' is not set!");
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
export { getSchemavaultsApiServerId };
|
|
18
|
+
export default getSchemavaultsApiServerId;
|
|
19
|
+
//# sourceMappingURL=get-schemavaults-api-server-id.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"get-schemavaults-api-server-id.js","sourceRoot":"","sources":["../src/get-schemavaults-api-server-id.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AAGvC;;GAEG;AACH,SAAS,0BAA0B;IACjC,MAAM,iBAAiB,GACrB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;IACzC,IAAI,iBAAiB,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QAC/D,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC,OAAO,EAAE,CAAC;YAC5D,MAAM,IAAI,SAAS,CACjB,sFAAsF,CACvF,CAAC;QACJ,CAAC;QACD,OAAO,iBAAiB,CAAC;IAC3B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,SAAS,CACjB,+DAA+D,CAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,OAAO,EAAE,0BAA0B,EAAE,CAAC;AACtC,eAAe,0BAA0B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export default function getSchemaVaultsAuthServerUri(): string;
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { getAppEnvironment, } from "@schemavaults/app-definitions/get-app-environment";
|
|
2
|
+
import { getHardcodedClientWebAppDomain, SCHEMAVAULTS_AUTH_APP_DEFINITION, } from "@schemavaults/app-definitions";
|
|
3
|
+
export default function getSchemaVaultsAuthServerUri() {
|
|
4
|
+
const environment = getAppEnvironment();
|
|
5
|
+
if (process.env.SCHEMAVAULTS_AUTH_SERVER_URI &&
|
|
6
|
+
typeof process.env.SCHEMAVAULTS_AUTH_SERVER_URI === "string" &&
|
|
7
|
+
process.env.SCHEMAVAULTS_AUTH_SERVER_URI.length > 0) {
|
|
8
|
+
if (!process.env.SCHEMAVAULTS_AUTH_SERVER_URI.startsWith("http://") &&
|
|
9
|
+
!process.env.SCHEMAVAULTS_AUTH_SERVER_URI.startsWith("https://")) {
|
|
10
|
+
throw new TypeError("Expected auth server URI to to use HTTP or HTTPS!");
|
|
11
|
+
}
|
|
12
|
+
if (environment !== "development" &&
|
|
13
|
+
environment !== "test" &&
|
|
14
|
+
!process.env.SCHEMAVAULTS_AUTH_SERVER_URI.startsWith("https://")) {
|
|
15
|
+
throw new Error("Expected auth server URI to use https in production/staging environments!");
|
|
16
|
+
}
|
|
17
|
+
return process.env.SCHEMAVAULTS_AUTH_SERVER_URI;
|
|
18
|
+
}
|
|
19
|
+
return getHardcodedClientWebAppDomain(SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id, environment);
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=get-schemavaults-auth-server-uri.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"get-schemavaults-auth-server-uri.js","sourceRoot":"","sources":["../src/get-schemavaults-auth-server-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,GAElB,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EACL,8BAA8B,EAC9B,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;AAEvC,MAAM,CAAC,OAAO,UAAU,4BAA4B;IAClD,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;IACpE,IACE,OAAO,CAAC,GAAG,CAAC,4BAA4B;QACxC,OAAO,OAAO,CAAC,GAAG,CAAC,4BAA4B,KAAK,QAAQ;QAC5D,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,MAAM,GAAG,CAAC,EACnD,CAAC;QACD,IACE,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,UAAU,CAAC,SAAS,CAAC;YAC/D,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,UAAU,CAAC,UAAU,CAAC,EAChE,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,mDAAmD,CAAC,CAAC;QAC3E,CAAC;QAED,IACE,WAAW,KAAK,aAAa;YAC7B,WAAW,KAAK,MAAM;YACtB,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,UAAU,CAAC,UAAU,CAAC,EAChE,CAAC;YACD,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;QACJ,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;IAClD,CAAC;IAED,OAAO,8BAA8B,CACnC,gCAAgC,CAAC,MAAM,EACvC,WAAW,CACZ,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export default function getStringByteSize(str: string): number;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"getStringByteSize.js","sourceRoot":"","sources":["../src/getStringByteSize.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,OAAO,UAAU,iBAAiB,CAAC,GAAW;IACnD,OAAO,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;AAC9B,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -6,3 +6,13 @@ export * from "./JwtKeyManager";
|
|
|
6
6
|
export type * from "./JwtKeyManager";
|
|
7
7
|
export * from "./DatabaseResourceGroup";
|
|
8
8
|
export type * from "./DatabaseResourceGroup";
|
|
9
|
+
export { redirectWithError } from "./redirect-with-error";
|
|
10
|
+
export type * from "./redirect-with-error";
|
|
11
|
+
export { ERROR_MESSAGE_CATALOG, isValidErrorId, } from "./auth-server-error-message-catalog";
|
|
12
|
+
export type { SchemaVaultsAuthErrorId } from "./auth-server-error-message-catalog";
|
|
13
|
+
import MaximumBrowserCookieSize from "./MaximumBrowserCookieSize";
|
|
14
|
+
export { MaximumBrowserCookieSize };
|
|
15
|
+
export { getSchemavaultsApiServerId } from "./get-schemavaults-api-server-id";
|
|
16
|
+
export type { ApiServerId } from "@schemavaults/app-definitions";
|
|
17
|
+
export { RefreshTokenCookieName, RefreshTokenExpiryCookieName, } from "./RefreshTokenCookieNames";
|
|
18
|
+
export { default as getStringByteSize } from "./getStringByteSize";
|
package/dist/index.js
CHANGED
|
@@ -2,4 +2,11 @@ export * from "./middleware";
|
|
|
2
2
|
export * from "./route_guards";
|
|
3
3
|
export * from "./JwtKeyManager";
|
|
4
4
|
export * from "./DatabaseResourceGroup";
|
|
5
|
+
export { redirectWithError } from "./redirect-with-error";
|
|
6
|
+
export { ERROR_MESSAGE_CATALOG, isValidErrorId, } from "./auth-server-error-message-catalog";
|
|
7
|
+
import MaximumBrowserCookieSize from "./MaximumBrowserCookieSize";
|
|
8
|
+
export { MaximumBrowserCookieSize };
|
|
9
|
+
export { getSchemavaultsApiServerId } from "./get-schemavaults-api-server-id";
|
|
10
|
+
export { RefreshTokenCookieName, RefreshTokenExpiryCookieName, } from "./RefreshTokenCookieNames";
|
|
11
|
+
export { default as getStringByteSize } from "./getStringByteSize";
|
|
5
12
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAG7B,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,yBAAyB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAG7B,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,yBAAyB,CAAC;AAGxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,OAAO,EACL,qBAAqB,EACrB,cAAc,GACf,MAAM,qCAAqC,CAAC;AAG7C,OAAO,wBAAwB,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,CAAC;AAEpC,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAG9E,OAAO,EACL,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,qBAAqB,CAAC"}
|
|
@@ -2,7 +2,7 @@ import { AuthMiddleware, defaultAuthMiddlewareRules, determineAuthStatus, audien
|
|
|
2
2
|
import { decodeJWT, getKeysetIdFromToken, } from "@schemavaults/jwt";
|
|
3
3
|
import { apiServerIdSchema, } from "@schemavaults/app-definitions";
|
|
4
4
|
import BaseMiddleware from "../BaseMiddleware";
|
|
5
|
-
import
|
|
5
|
+
import doLoadJwtDecodingKeys from "../../../JwtKeyManager/loadJwtDecodingKeys";
|
|
6
6
|
class AuthJwtValidationMiddleware extends BaseMiddleware {
|
|
7
7
|
audience;
|
|
8
8
|
middleware_rules;
|
|
@@ -25,11 +25,12 @@ class AuthJwtValidationMiddleware extends BaseMiddleware {
|
|
|
25
25
|
}
|
|
26
26
|
async loadJwtDecodingKeys(keyset_id) {
|
|
27
27
|
const audience_id = this.audience;
|
|
28
|
-
const
|
|
28
|
+
const debug = this.debug;
|
|
29
|
+
const decoding_keys = await doLoadJwtDecodingKeys({
|
|
29
30
|
keyset_id,
|
|
30
31
|
keys_manager: this.keys_manager,
|
|
31
32
|
audience_id,
|
|
32
|
-
debug
|
|
33
|
+
debug,
|
|
33
34
|
});
|
|
34
35
|
return decoding_keys;
|
|
35
36
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"withAuthJwtValidation.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.ts"],"names":[],"mappings":"AACA,OAAO,EACL,cAAc,EAGd,0BAA0B,EAC1B,mBAAmB,EAGnB,cAAc,GAGf,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,SAAS,EACT,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,GAElB,MAAM,+BAA+B,CAAC;AAMvC,OAAO,cAAc,MAAM,8BAA8B,CAAC;AAE1D,OAAO,
|
|
1
|
+
{"version":3,"file":"withAuthJwtValidation.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.ts"],"names":[],"mappings":"AACA,OAAO,EACL,cAAc,EAGd,0BAA0B,EAC1B,mBAAmB,EAGnB,cAAc,GAGf,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,SAAS,EACT,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,GAElB,MAAM,+BAA+B,CAAC;AAMvC,OAAO,cAAc,MAAM,8BAA8B,CAAC;AAE1D,OAAO,qBAEN,MAAM,qCAAqC,CAAC;AAe7C,MAAM,2BACJ,SAAQ,cAAc;IAGL,QAAQ,CAAS;IACjB,gBAAgB,CAAsB;IACtC,YAAY,CAAiB;IAE9C,YAAmB,EACjB,IAAI,EACJ,QAAQ,EACR,GAAG,IAAI,EAC0B;QACjC,KAAK,CAAC;YACJ,GAAG,IAAI;YACP,IAAI,EAAE,6BAAsC;YAC5C,IAAI;SACL,CAAC,CAAC;QAEH,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;aAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC;YAC1D,MAAM,IAAI,SAAS,CACjB,sDAAsD,CACvD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,IAAI,0BAA0B,CAAC;QAC5E,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;IACxC,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,SAAiB;QAEjB,MAAM,WAAW,GAAW,IAAI,CAAC,QAAQ,CAAC;QAC1C,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,CAAC;QAClC,MAAM,aAAa,GAAyB,MAAM,qBAAqB,CAAC;YACtE,SAAS;YACT,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,WAAW;YACX,KAAK;SACN,CAAC,CAAC;QACH,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,EAClB,GAAG,EACH,IAAI,EACJ,QAAQ,EACR,GAAG,MAAM,EACuB;QAChC,MAAM,WAAW,GAA+B,IAAI,CAAC,WAAW,CAAC;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,IAAI,IAAI,CAAC,IAAI,uCAAuC,GAAG,CAAC,OAAO,CAAC,QAAQ,GAAG,CAC5E,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,sBAAsB,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrE,OAAO,IAAI,CACT;gBACE,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,uCAAuC;aACjD,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,0DAA0D;QAC1D,MAAM,aAAa,GAAkC,EAAE,CAAC;QAExD,2BAA2B;QAC3B,IAAI,aAAa,GACf,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC;QAC1C,IAAI,YAAY,GACd,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC;QAEzC,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;YACtC,aAAa,CAAC,IAAI,CAAC;gBACjB,KAAK,EAAE,aAAa;gBACpB,IAAI,EAAE,SAAS;gBACf,UAAU,EAAE,sBAAsB;aACnC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACrC,aAAa,CAAC,IAAI,CAAC;gBACjB,KAAK,EAAE,YAAY;gBACnB,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,qBAAqB;aAClC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,wBAAwB,GAAuB,SAAS,CAAC;QAC7D,MAAM,mBAAmB,GACvB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;YAChC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;YAChC,IAAI,CAAC;QACP,IAAI,OAAO,mBAAmB,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,YAAY,GAAG,SAAkB,CAAC;YACxC,IAAI,mBAAmB,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjD,IAAI,mBAAmB,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC;oBACrD,MAAM,aAAa,GAAW,mBAAmB,CAAC,KAAK,CACrD,YAAY,CAAC,MAAM,CACpB,CAAC;oBACF,wBAAwB,GAAG,aAA8B,CAAC;gBAC5D,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,OAAO,wBAAwB,KAAK,QAAQ,EAAE,CAAC;YACjD,aAAa,CAAC,IAAI,CAAC;gBACjB,KAAK,EAAE,wBAAwB;gBAC/B,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,0CAA0C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;QACnC,MAAM,mBAAmB,GACvB,MAAM,cAAc,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QACpD,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;QACJ,CAAC;QAED,IAAI,UAA+C,CAAC;QACpD,IAAI,CAAC;YACH,MAAM,iCAAiC,GAAG;gBACxC,WAAW,EAAE,QAAiB;gBAC9B,aAAa;gBACb,KAAK,EAAE,IAAI,CAAC,KAAuB;aACkC,CAAC;YAExE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CACT,sEAAsE,EACtE,iCAAiC,CAClC,CAAC;YACJ,CAAC;YAED,UAAU,GAAG,MAAM,mBAAmB,CAAC;gBACrC,GAAG,iCAAiC;gBACpC,SAAS,EAAE,KAAK,EAAE,EAChB,KAAK,EACL,IAAI,EACJ,YAAY,GACb,EAA+C,EAAE;oBAChD,IAAI,SAAiB,CAAC;oBACtB,IAAI,CAAC;wBACH,SAAS,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;oBAC1C,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;wBACjE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;oBACjE,CAAC;oBAED,IAAI,YAAkC,CAAC;oBACvC,IAAI,CAAC;wBACH,YAAY,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;wBACzD,IAAI,YAAY,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;4BACzC,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CACX,gEAAgE,SAAS,KAAK,EAC9E,CAAC,CACF,CAAC;wBACF,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;oBACJ,CAAC;oBACD,MAAM,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,YAAY,CAAC;oBAE1D,IAAI,CAAC;wBACH,MAAM,OAAO,GAAqB,MAAM,SAAS,CAAC;4BAChD,GAAG,EAAE,KAAK;4BACV,IAAI;4BACJ,QAAQ,EAAE,YAAY;4BACtB,GAAG,EAAE,WAAW;4BAChB,cAAc;4BACd,gBAAgB;4BAChB,SAAS;yBACV,CAAC,CAAC;wBACH,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;oBACxB,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,KAAK,CACX,gDAAgD,EAChD,CAAC,CACF,CAAC;wBACJ,CAAC;wBACD,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;oBACpE,CAAC;gBACH,CAAC;gBACD,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,gFAAgF,EAChF,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,oBAA0C,CAAC;QAC/C,IAAI,CAAC;YACH,oBAAoB,GAAG,cAAc,CAAC;gBACpC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ;gBAC1B,UAAU;gBACV,KAAK,EAAE,IAAI,CAAC,gBAAgB;gBAC5B,+BAA+B,EAAE,UAAmB;gBACpD,+BAA+B,EAAE,aAAsB;gBACvD,aAAa,EAAE,iBAA0B;gBACzC,8BAA8B,EAAE,GAAY;gBAC5C,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CACT,uCAAuC,EACvC,oBAAoB,CACrB,CAAC;gBACF,IACE,oBAAoB;oBACpB,oBAAoB,CAAC,MAAM;oBAC3B,GAAG,EAAE,OAAO,EAAE,QAAQ,EACtB,CAAC;oBACD,OAAO,CAAC,GAAG,CACT,6CAA6C,EAC7C,GAAG,CAAC,OAAO,CAAC,QAAQ,CACrB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;YACjE,OAAO,IAAI,CACT;gBACE,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,+BAA+B;aACzC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,oBAAoB,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,IAAI,CAAC,2BAA2B,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAED,IAAI,oBAAoB,CAAC,QAAQ,EAAE,CAAC;YAClC,yBAAyB;YACzB,MAAM,kBAAkB,GAAW,oBAAoB,CAAC,UAAU,CAAC;YAEnE,MAAM,IAAI,GAAW,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC;YAEtC,IAAI,QAAQ,GAAqB,OAAO,CAAC;YAEzC,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,IAAI,IAAI,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;gBACtE,QAAQ,GAAG,MAAM,CAAC;YACpB,CAAC;YACD,MAAM,UAAU,GAAW,QAAQ,GAAG,KAAK,GAAG,IAAI,GAAG,kBAAkB,CAAC;YACxE,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;gBACvC,OAAO,CAAC,GAAG,CAAC,gCAAgC,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC;YACnE,CAAC;YACD,OAAO,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,gDAAgD,EAChD,GAAG,CAAC,OAAO,CAAC,QAAQ,CACrB,CAAC;QACJ,CAAC;QAED,IAAI,oBAAoB,CAAC,KAAK,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAwB,oBAAoB,CAAC,KAAK,CAAC;YAClE,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;gBACjC,OAAO,IAAI,CACT;oBACE,KAAK,EAAE,cAAc;iBACtB,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;iBAAM,IAAI,SAAS,KAAK,WAAW,EAAE,CAAC;gBACrC,OAAO,IAAI,CACT;oBACE,KAAK,EAAE,WAAW;iBACnB,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,SAAS,CAAC,CAAC;YAC5D,OAAO,IAAI,CACT;gBACE,KAAK,EAAE,+BAA+B;aACvC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;CACF;AAED,MAAM,OAAO,kCAAkC;IAG7B,IAAI,GAAG,oBAA6B,CAAC;IAE7C,cAAc,CAAqC;IAE3D,YAAmB,IAAwC;QACzD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAEM,MAAM,CAAC,IAA6B;QACzC,OAAO,IAAI,2BAA2B,CAAC;YACrC,GAAG,IAAI,CAAC,cAAc;YACtB,IAAI;SACL,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,kCAAkC,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { type RedirectType } from "next/navigation";
|
|
2
|
+
import { type SchemaVaultsAuthErrorId } from "./auth-server-error-message-catalog";
|
|
3
|
+
export declare function redirectWithError(redirect: (url: string, redirect_type?: RedirectType) => never, error_code?: number, error_id?: SchemaVaultsAuthErrorId, error_page_url?: string): never;
|
|
4
|
+
export declare function redirectWithNextAppDirError(error_code?: number, error_id?: SchemaVaultsAuthErrorId, error_page_url?: string): never;
|
|
5
|
+
export default redirectWithError;
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { redirect } from "next/navigation";
|
|
2
|
+
import { isValidErrorId, } from "./auth-server-error-message-catalog";
|
|
3
|
+
import { getAppEnvironment, } from "@schemavaults/app-definitions";
|
|
4
|
+
export function redirectWithError(redirect, error_code = 500, error_id = "unknown", error_page_url = "/error") {
|
|
5
|
+
const environment = getAppEnvironment();
|
|
6
|
+
if (!isValidErrorId(error_id)) {
|
|
7
|
+
throw new Error("Invalid error ID to redirect to error page with!");
|
|
8
|
+
}
|
|
9
|
+
const searchParams = new URLSearchParams();
|
|
10
|
+
searchParams.set("error", `${error_code}`);
|
|
11
|
+
searchParams.set("error_id", error_id);
|
|
12
|
+
const errorPageUrl = `${error_page_url}?${searchParams.toString()}`;
|
|
13
|
+
if (environment === "development") {
|
|
14
|
+
console.log("[redirectWithError] Redirecting to URL: ", errorPageUrl);
|
|
15
|
+
}
|
|
16
|
+
redirect(errorPageUrl);
|
|
17
|
+
}
|
|
18
|
+
export function redirectWithNextAppDirError(error_code = 500, error_id = "unknown", error_page_url = "/error") {
|
|
19
|
+
return redirectWithError(redirect, error_code, error_id, error_page_url);
|
|
20
|
+
}
|
|
21
|
+
export default redirectWithError;
|
|
22
|
+
//# sourceMappingURL=redirect-with-error.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redirect-with-error.js","sourceRoot":"","sources":["../src/redirect-with-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAqB,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EACL,cAAc,GAEf,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EACL,iBAAiB,GAElB,MAAM,+BAA+B,CAAC;AAEvC,MAAM,UAAU,iBAAiB,CAC/B,QAA8D,EAC9D,aAAqB,GAAG,EACxB,WAAoC,SAAS,EAC7C,iBAAyB,QAAQ;IAEjC,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;IACpE,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAC;IAE3C,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,UAAU,EAAW,CAAC,CAAC;IACpD,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAEvC,MAAM,YAAY,GAAG,GAAG,cAAc,IAAI,YAAY,CAAC,QAAQ,EAAE,EAAW,CAAC;IAE7E,IAAI,WAAW,KAAK,aAAa,EAAE,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,0CAA0C,EAAE,YAAY,CAAC,CAAC;IACxE,CAAC;IACD,QAAQ,CAAC,YAAY,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,aAAqB,GAAG,EACxB,WAAoC,SAAS,EAC7C,iBAAyB,QAAQ;IAEjC,OAAO,iBAAiB,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;AAC3E,CAAC;AAED,eAAe,iBAAiB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"IRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/IRouteGuard.ts"],"names":[],"mappings":""}
|
|
@@ -1,15 +1,15 @@
|
|
|
1
|
-
import type { UserData } from "@schemavaults/auth-common";
|
|
1
|
+
import type { OrganizationID, UserData } from "@schemavaults/auth-common";
|
|
2
2
|
import type { InitRouteGuardCheckOptions } from "./init_route_guard_check_options";
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
user: UserData | null;
|
|
6
|
-
}
|
|
3
|
+
import type { IRouteGuard } from "./IRouteGuard";
|
|
4
|
+
export type { IRouteGuard } from "./IRouteGuard";
|
|
7
5
|
export declare abstract class BaseRouteGuard implements IRouteGuard {
|
|
8
|
-
protected _user: UserData | null;
|
|
6
|
+
protected readonly _user: UserData | null;
|
|
7
|
+
protected readonly _orgs: readonly OrganizationID[];
|
|
9
8
|
private readonly environment;
|
|
10
|
-
constructor({ user, environment }: InitRouteGuardCheckOptions);
|
|
9
|
+
constructor({ user, user_organizations, environment, }: InitRouteGuardCheckOptions);
|
|
11
10
|
protected get isAuthenticated(): boolean;
|
|
12
11
|
protected get isAdmin(): boolean;
|
|
13
12
|
abstract isAccessAllowed(): boolean;
|
|
14
13
|
get user(): UserData | null;
|
|
14
|
+
get user_organizations(): readonly OrganizationID[];
|
|
15
15
|
}
|
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
export class BaseRouteGuard {
|
|
2
2
|
_user;
|
|
3
|
+
_orgs;
|
|
3
4
|
environment;
|
|
4
|
-
constructor({ user, environment }) {
|
|
5
|
+
constructor({ user, user_organizations, environment, }) {
|
|
5
6
|
this._user = user;
|
|
7
|
+
this._orgs = user_organizations ?? [];
|
|
6
8
|
this.environment = environment;
|
|
7
9
|
}
|
|
8
10
|
get isAuthenticated() {
|
|
@@ -20,5 +22,8 @@ export class BaseRouteGuard {
|
|
|
20
22
|
get user() {
|
|
21
23
|
return this._user;
|
|
22
24
|
}
|
|
25
|
+
get user_organizations() {
|
|
26
|
+
return this._orgs;
|
|
27
|
+
}
|
|
23
28
|
}
|
|
24
29
|
//# sourceMappingURL=base-route-guard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-route-guard.js","sourceRoot":"","sources":["../../src/route_guards/base-route-guard.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"base-route-guard.js","sourceRoot":"","sources":["../../src/route_guards/base-route-guard.ts"],"names":[],"mappings":"AAMA,MAAM,OAAgB,cAAc;IACf,KAAK,CAAkB;IACvB,KAAK,CAA4B;IACnC,WAAW,CAA6B;IAEzD,YAAmB,EACjB,IAAI,EACJ,kBAAkB,EAClB,WAAW,GACgB;QAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,KAAK,GAAG,kBAAkB,IAAI,EAAE,CAAC;QACtC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,IAAc,eAAe;QAC3B,MAAM,SAAS,GAAY,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;QACxC,IAAI,IAAI,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;YACtC,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAc,OAAO;QACnB,OAAO,CACL,IAAI,CAAC,eAAe;YACpB,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,KAAK,SAAS;YACtC,IAAI,CAAC,KAAK,CAAC,KAAK,CACjB,CAAC;IACJ,CAAC;IAID,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAW,kBAAkB;QAC3B,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;CACF"}
|
|
@@ -1,4 +1,8 @@
|
|
|
1
|
-
export type { IRouteGuard } from "./
|
|
1
|
+
export type { IRouteGuard } from "./IRouteGuard";
|
|
2
2
|
export { AuthenticationRequiredRouteGuard } from "./authenticated";
|
|
3
3
|
export { AdminRequiredRouteGuard } from "./admin";
|
|
4
4
|
export { RouteGuardFactory, RouteGuardFactory as default, } from "./route-guard-factory";
|
|
5
|
+
export { withAuthenticatedServerComponentRouteGuard, withAuthenticatedApiRouteGuard, } from "./withAuthenticatedRouteGuard";
|
|
6
|
+
export type * from "./withAuthenticatedRouteGuard";
|
|
7
|
+
export { withAdminServerComponentRouteGuard, withAdminApiRouteGuard, } from "./withAdminRouteGuard";
|
|
8
|
+
export type * from "./withAdminRouteGuard";
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
export { AuthenticationRequiredRouteGuard } from "./authenticated";
|
|
2
2
|
export { AdminRequiredRouteGuard } from "./admin";
|
|
3
3
|
export { RouteGuardFactory, RouteGuardFactory as default, } from "./route-guard-factory";
|
|
4
|
+
export { withAuthenticatedServerComponentRouteGuard, withAuthenticatedApiRouteGuard, } from "./withAuthenticatedRouteGuard";
|
|
5
|
+
export { withAdminServerComponentRouteGuard, withAdminApiRouteGuard, } from "./withAdminRouteGuard";
|
|
4
6
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/route_guards/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gCAAgC,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAElD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,IAAI,OAAO,GAC7B,MAAM,uBAAuB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/route_guards/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gCAAgC,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAElD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,IAAI,OAAO,GAC7B,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,0CAA0C,EAC1C,8BAA8B,GAC/B,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EACL,kCAAkC,EAClC,sBAAsB,GACvB,MAAM,uBAAuB,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import type { SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
2
|
-
import type { UserData } from "@schemavaults/auth-common";
|
|
2
|
+
import type { OrganizationID, UserData } from "@schemavaults/auth-common";
|
|
3
3
|
export interface InitRouteGuardCheckOptions {
|
|
4
4
|
user: UserData | null;
|
|
5
|
+
user_organizations: readonly OrganizationID[] | null;
|
|
5
6
|
environment: SchemaVaultsAppEnvironment;
|
|
6
7
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { IRouteGuard } from "./
|
|
1
|
+
import type { IRouteGuard } from "./IRouteGuard";
|
|
2
2
|
import type { InitRouteGuardCheckOptions } from "./init_route_guard_check_options";
|
|
3
3
|
import { type PotentiallyValidTokenSource } from "@schemavaults/auth-common";
|
|
4
4
|
import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
@@ -18,6 +18,7 @@ export declare class RouteGuardFactory {
|
|
|
18
18
|
private readonly is_auth_server;
|
|
19
19
|
constructor({ environment, ...opts }: RouteGuardFactoryInitOptions);
|
|
20
20
|
private static isValidRouteGuardType;
|
|
21
|
+
static createGuardFromOptions(type: RouteGuardType, opts: InitRouteGuardCheckOptions): IRouteGuard;
|
|
21
22
|
createGuardFromOptions(type: RouteGuardType, opts: InitRouteGuardCheckOptions): IRouteGuard;
|
|
22
23
|
createGuardFromTokenSources(type: RouteGuardType, token_sources: readonly PotentiallyValidTokenSource[], jwt_audience: string): Promise<IRouteGuard>;
|
|
23
24
|
createGuardFromAuthHeader(type: RouteGuardType, authHeader: string | null, jwt_audience: string): Promise<IRouteGuard>;
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import AdminRequiredRouteGuard from "./admin";
|
|
2
2
|
import AuthenticationRequiredRouteGuard from "./authenticated";
|
|
3
3
|
import { z } from "zod";
|
|
4
|
-
import { decodeFirstOfSeveralJwts, } from "@schemavaults/auth-common";
|
|
4
|
+
import { decodeFirstOfSeveralJwts, organizationIdSchema, } from "@schemavaults/auth-common";
|
|
5
5
|
import { decodeJWT as decodeSchemavaultsJwt, getKeysetIdFromToken, } from "@schemavaults/jwt";
|
|
6
6
|
import { apiServerIdSchema, getAppEnvironment, getHardcodedClientWebAppDomain, SCHEMAVAULTS_AUTH_APP_DEFINITION, } from "@schemavaults/app-definitions";
|
|
7
7
|
import loadJwtDecodingKeys from "../JwtKeyManager/loadJwtDecodingKeys";
|
|
@@ -47,7 +47,7 @@ export class RouteGuardFactory {
|
|
|
47
47
|
return false;
|
|
48
48
|
return validGuardTypeSchema.safeParse(type).success;
|
|
49
49
|
}
|
|
50
|
-
createGuardFromOptions(type, opts) {
|
|
50
|
+
static createGuardFromOptions(type, opts) {
|
|
51
51
|
if (!RouteGuardFactory.isValidRouteGuardType(type)) {
|
|
52
52
|
throw new Error(`Invalid route guard type, should be one of: ${GUARD_TYPES.join(", ")}`);
|
|
53
53
|
}
|
|
@@ -55,6 +55,9 @@ export class RouteGuardFactory {
|
|
|
55
55
|
const GUARD = GUARD_LOADER(opts);
|
|
56
56
|
return GUARD;
|
|
57
57
|
}
|
|
58
|
+
createGuardFromOptions(type, opts) {
|
|
59
|
+
return RouteGuardFactory.createGuardFromOptions(type, opts);
|
|
60
|
+
}
|
|
58
61
|
async createGuardFromTokenSources(type, token_sources, jwt_audience) {
|
|
59
62
|
const environment = this.environment;
|
|
60
63
|
const debug = this.debug;
|
|
@@ -65,6 +68,7 @@ export class RouteGuardFactory {
|
|
|
65
68
|
throw new TypeError(`Invalid API server ID for 'jwt_audience': ${jwt_audience}`);
|
|
66
69
|
}
|
|
67
70
|
let user = null;
|
|
71
|
+
let user_organizations = null;
|
|
68
72
|
try {
|
|
69
73
|
user = await decodeFirstOfSeveralJwts({
|
|
70
74
|
token_sources,
|
|
@@ -119,16 +123,28 @@ export class RouteGuardFactory {
|
|
|
119
123
|
}
|
|
120
124
|
},
|
|
121
125
|
}, debug);
|
|
126
|
+
if (!("orgs" in user) || !Array.isArray(user.orgs)) {
|
|
127
|
+
throw new Error("No 'orgs' field in decoded user object!");
|
|
128
|
+
}
|
|
129
|
+
if (user.orgs.every((org_id) => typeof org_id === "string" &&
|
|
130
|
+
organizationIdSchema.safeParse(org_id).success)) {
|
|
131
|
+
user_organizations = user.orgs;
|
|
132
|
+
}
|
|
133
|
+
if (!Array.isArray(user_organizations)) {
|
|
134
|
+
throw new TypeError("Failed to load user organizations associated with user from token!");
|
|
135
|
+
}
|
|
122
136
|
}
|
|
123
137
|
catch (e) {
|
|
124
138
|
console.error("No-op error creating route-guard... Failed to decode JWTs, setting user = null", e);
|
|
125
139
|
user = null;
|
|
140
|
+
user_organizations = null;
|
|
126
141
|
}
|
|
127
142
|
const init_opts = {
|
|
128
143
|
user,
|
|
129
144
|
environment: getAppEnvironment(),
|
|
145
|
+
user_organizations: user_organizations ?? [],
|
|
130
146
|
};
|
|
131
|
-
if (this.
|
|
147
|
+
if (this.debug) {
|
|
132
148
|
console.log(`[RouteGuardFactory] Creating route guard with init options: `, init_opts);
|
|
133
149
|
}
|
|
134
150
|
return this.createGuardFromOptions(type, init_opts);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"route-guard-factory.js","sourceRoot":"","sources":["../../src/route_guards/route-guard-factory.ts"],"names":[],"mappings":"AAAA,OAAO,uBAAuB,MAAM,SAAS,CAAC;AAC9C,OAAO,gCAAgC,MAAM,iBAAiB,CAAC;AAE/D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,wBAAwB,
|
|
1
|
+
{"version":3,"file":"route-guard-factory.js","sourceRoot":"","sources":["../../src/route_guards/route-guard-factory.ts"],"names":[],"mappings":"AAAA,OAAO,uBAAuB,MAAM,SAAS,CAAC;AAC9C,OAAO,gCAAgC,MAAM,iBAAiB,CAAC;AAE/D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,wBAAwB,EAKxB,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,SAAS,IAAI,qBAAqB,EAClC,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,8BAA8B,EAC9B,gCAAgC,GAEjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,mBAEN,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAAE,mBAAmB,EAAuB,MAAM,iBAAiB,CAAC;AAW3E,MAAM,WAAW,GAAG;IAClB,eAAe;IACf,OAAO;CAC6B,CAAC;AAGvC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,GAAG,EAAyB,EAAE;IAC5E,OACE,WACD,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,MAAM,MAAM,GAAG;IACb,aAAa,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,gCAAgC,CAAC,IAAI,CAAC;IACnE,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,uBAAuB,CAAC,IAAI,CAAC;CAInD,CAAC;AAEF,MAAM,OAAO,iBAAiB;IACX,gBAAgB,CAAiB;IACjC,WAAW,CAA6B;IACxC,KAAK,CAAU;IACf,cAAc,CAAU;IAEzC,YAAmB,EAAE,WAAW,EAAE,GAAG,IAAI,EAAgC;QACvE,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;QACjC,IACE,OAAO,IAAI,CAAC,cAAc,KAAK,SAAS;YACxC,OAAO,IAAI,CAAC,cAAc,KAAK,WAAW,EAC1C,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,KAAK,CAAC;QAEnD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,MAAM,IAAI,SAAS,CACjB,8EAA8E,CAC/E,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,gBAAgB,GAAG,IAAI,mBAAmB,CAAC;gBAC9C,eAAe,EAAE,8BAA8B,CAC7C,gCAAgC,CAAC,MAAM,EACvC,WAAW,CACZ;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,qBAAqB,CAAC,IAAa;QAChD,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC3C,OAAO,oBAAoB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC;IACtD,CAAC;IAEM,MAAM,CAAC,sBAAsB,CAClC,IAAoB,EACpB,IAAgC;QAEhC,IAAI,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,+CAA+C,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxE,CAAC;QACJ,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,KAAK,GAAgB,YAAY,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,sBAAsB,CAC3B,IAAoB,EACpB,IAAgC;QAEhC,OAAO,iBAAiB,CAAC,sBAAsB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAEM,KAAK,CAAC,2BAA2B,CACtC,IAAoB,EACpB,aAAqD,EACrD,YAAoB;QAEpB,MAAM,WAAW,GAA+B,IAAI,CAAC,WAAW,CAAC;QACjE,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,mEAAmE,EACnE,aAAa,CACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,YAA6B,CAAC,CAAC,OAAO,EAAE,CAAC;YACxE,MAAM,IAAI,SAAS,CACjB,6CAA6C,YAAY,EAAE,CAC5D,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,GAAoB,IAAI,CAAC;QACjC,IAAI,kBAAkB,GAAqC,IAAI,CAAC;QAChE,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,wBAAwB,CACnC;gBACE,aAAa;gBACb,YAAY;gBACZ,SAAS,EAAE,KAAK,EAAE,IAAI,EAAgC,EAAE;oBACtD,IAAI,WAAW,KAAK,YAAY,EAAE,CAAC;wBACjC,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;oBACjE,CAAC;oBAED,IAAI,SAAiB,CAAC;oBACtB,IAAI,CAAC;wBACH,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,KAAsB,CAAC,CAAC;oBAChE,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;wBACjE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;oBACjE,CAAC;oBAED,MAAM,YAAY,GAAmB,IAAI,CAAC,gBAAgB,CAAC;oBAC3D,IAAI,CAAC,YAAY,EAAE,CAAC;wBAClB,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;oBACJ,CAAC;oBAED,IAAI,YAAkC,CAAC;oBACvC,IAAI,CAAC;wBACH,YAAY,GAAG,MAAM,mBAAmB,CAAC;4BACvC,SAAS;4BACT,YAAY;4BACZ,WAAW,EAAE,YAAY;4BACzB,KAAK;yBACN,CAAC,CAAC;wBACH,IAAI,YAAY,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;4BACzC,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CACX,gEAAgE,SAAS,KAAK,EAC9E,CAAC,CACF,CAAC;wBACF,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;oBACJ,CAAC;oBACD,MAAM,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,YAAY,CAAC;oBAE1D,IAAI,CAAC;wBACH,OAAO,CAAC,MAAM,qBAAqB,CAAC;4BAClC,GAAG,EAAE,IAAI,CAAC,KAAK;4BACf,IAAI,EAAE,IAAI,CAAC,IAAI;4BACf,QAAQ,EAAE,IAAI,CAAC,YAAY;4BAC3B,cAAc;4BACd,gBAAgB;4BAChB,SAAS;4BACT,GAAG,EAAE,WAAW;yBACjB,CAAC,CAA4B,CAAC;oBACjC,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,CAAC,CAAC,CAAC;wBACtD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;oBACtD,CAAC;gBACH,CAAC;aACF,EACD,KAAK,CACN,CAAC;YACF,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;YAC7D,CAAC;YAED,IACE,IAAI,CAAC,IAAI,CAAC,KAAK,CACb,CAAC,MAAM,EAAE,EAAE,CACT,OAAO,MAAM,KAAK,QAAQ;gBAC1B,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CACjD,EACD,CAAC;gBACD,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC;YACjC,CAAC;YAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,SAAS,CACjB,oEAAoE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,gFAAgF,EAChF,CAAC,CACF,CAAC;YACF,IAAI,GAAG,IAAI,CAAC;YACZ,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QAED,MAAM,SAAS,GAA+B;YAC5C,IAAI;YACJ,WAAW,EAAE,iBAAiB,EAAE;YAChC,kBAAkB,EAAE,kBAAkB,IAAI,EAAE;SAC7C,CAAC;QAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8DAA8D,EAC9D,SAAS,CACV,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACtD,CAAC;IAEM,KAAK,CAAC,yBAAyB,CACpC,IAAoB,EACpB,UAAyB,EACzB,YAAoB;QAEpB,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,YAAY,GAAG,SAAkB,CAAC;QACxC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,KAAK,GAAW,UAAU,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAE5D,OAAO,MAAM,IAAI,CAAC,2BAA2B,CAC3C,IAAI,EACJ;YACE;gBACE,UAAU,EAAE,0BAA0B;gBACtC,KAAK;gBACL,IAAI,EAAE,QAAQ;aACf;SACF,EACD,YAAY,CACb,CAAC;IACJ,CAAC;CACF;AAED,eAAe,iBAAiB,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import "server-only";
|
|
2
|
+
import { ApiServerId, type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
3
|
+
import type { UserData } from "@schemavaults/auth-common";
|
|
4
|
+
import type { ReactElement } from "react";
|
|
5
|
+
import { type NextRequest, NextResponse } from "next/server";
|
|
6
|
+
import type { SchemaVaultsPostgresNeonProxyAdapter } from "@schemavaults/dbh";
|
|
7
|
+
import { IJwtKeyManager } from "../JwtKeyManager";
|
|
8
|
+
interface Dbh<Db extends object> extends AsyncDisposable, SchemaVaultsPostgresNeonProxyAdapter<Db> {
|
|
9
|
+
}
|
|
10
|
+
export interface IProtectedAdminServerComponentPageProps<Db extends object> {
|
|
11
|
+
user: UserData;
|
|
12
|
+
dbh: Dbh<Db>;
|
|
13
|
+
environment: SchemaVaultsAppEnvironment;
|
|
14
|
+
}
|
|
15
|
+
export type TProtectedAdminPageServerComponent<Db extends object> = (props: IProtectedAdminServerComponentPageProps<Db>) => Promise<ReactElement>;
|
|
16
|
+
export interface IProtectedAdminApiRouteProps<Db extends object> extends IProtectedAdminServerComponentPageProps<Db> {
|
|
17
|
+
req: NextRequest;
|
|
18
|
+
}
|
|
19
|
+
export type TProtectedAdminApiRoute<Db extends object> = (props: IProtectedAdminApiRouteProps<Db>) => Promise<NextResponse>;
|
|
20
|
+
export interface IWithAdminRouteGuardUtilOpts<Db extends object> {
|
|
21
|
+
ProtectedAdminPageServerComponent: TProtectedAdminPageServerComponent<Db>;
|
|
22
|
+
}
|
|
23
|
+
export declare function withAdminServerComponentRouteGuard<Db extends object>(input: IWithAdminRouteGuardUtilOpts<Db> | TProtectedAdminPageServerComponent<Db>, dbh: Dbh<Db>, jwt_keys_manager: IJwtKeyManager, getApiServerId?: () => ApiServerId): Promise<ReactElement>;
|
|
24
|
+
export declare function withAdminApiRouteGuard<Db extends object>(input: TProtectedAdminApiRoute<Db>, dbh: Dbh<Db>, jwt_keys_manager: IJwtKeyManager, getApiServerId?: () => ApiServerId): (req: NextRequest) => Promise<NextResponse>;
|
|
25
|
+
export {};
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
import "server-only";
|
|
2
|
+
import { SCHEMAVAULTS_AUTH_APP_DEFINITION, getAppEnvironment, } from "@schemavaults/app-definitions";
|
|
3
|
+
import { cookies as loadCookies } from "next/headers";
|
|
4
|
+
import { redirectWithNextAppDirError } from "../redirect-with-error";
|
|
5
|
+
import RouteGuardFactory from "../route_guards/route-guard-factory";
|
|
6
|
+
import { NextResponse } from "next/server";
|
|
7
|
+
import getStringByteSize from "../getStringByteSize";
|
|
8
|
+
import MaximumBrowserCookieSize from "../MaximumBrowserCookieSize";
|
|
9
|
+
import RefreshTokenCookieName from "../RefreshTokenCookieNames";
|
|
10
|
+
import getSchemavaultsApiServerId from "../get-schemavaults-api-server-id";
|
|
11
|
+
export async function withAdminServerComponentRouteGuard(input, dbh, jwt_keys_manager, getApiServerId = getSchemavaultsApiServerId) {
|
|
12
|
+
const environment = getAppEnvironment();
|
|
13
|
+
const api_server_id = getApiServerId();
|
|
14
|
+
const cookies = await loadCookies();
|
|
15
|
+
const token_sources = [];
|
|
16
|
+
const refresh_token_cookie = cookies.get("refresh_token");
|
|
17
|
+
if (typeof refresh_token_cookie?.value === "string") {
|
|
18
|
+
token_sources.push({
|
|
19
|
+
sourceHint: "Auth Server Refresh Token",
|
|
20
|
+
type: "refresh",
|
|
21
|
+
token: refresh_token_cookie.value,
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
const route_guard_factory = new RouteGuardFactory({
|
|
25
|
+
environment,
|
|
26
|
+
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id,
|
|
27
|
+
jwt_keys_manager,
|
|
28
|
+
});
|
|
29
|
+
const route_guard = await route_guard_factory.createGuardFromTokenSources("admin", token_sources, SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id);
|
|
30
|
+
if (!route_guard.user) {
|
|
31
|
+
redirectWithNextAppDirError(401, "unauthenticated");
|
|
32
|
+
}
|
|
33
|
+
const user = route_guard.user;
|
|
34
|
+
if (!Array.isArray(route_guard.user_organizations)) {
|
|
35
|
+
redirectWithNextAppDirError(401, "unauthenticated");
|
|
36
|
+
}
|
|
37
|
+
if (!route_guard.isAccessAllowed() || !user.admin) {
|
|
38
|
+
redirectWithNextAppDirError(403, "forbidden");
|
|
39
|
+
}
|
|
40
|
+
const ProtectedAdminPageServerComponent = typeof input === "function"
|
|
41
|
+
? input
|
|
42
|
+
: input.ProtectedAdminPageServerComponent;
|
|
43
|
+
if (typeof ProtectedAdminPageServerComponent !== "function") {
|
|
44
|
+
throw new TypeError("Expected ProtectedAdminPageServerComponent to be a function");
|
|
45
|
+
}
|
|
46
|
+
return (await ProtectedAdminPageServerComponent({
|
|
47
|
+
user,
|
|
48
|
+
dbh,
|
|
49
|
+
environment,
|
|
50
|
+
}));
|
|
51
|
+
}
|
|
52
|
+
export function withAdminApiRouteGuard(input, dbh, jwt_keys_manager, getApiServerId = getSchemavaultsApiServerId) {
|
|
53
|
+
const AdminApiRoute = input;
|
|
54
|
+
return async function ProtectedAdminApiRoute(req) {
|
|
55
|
+
const environment = getAppEnvironment();
|
|
56
|
+
const api_server_id = getApiServerId();
|
|
57
|
+
const token_sources = [];
|
|
58
|
+
const refresh_token_cookie = req.cookies.get(RefreshTokenCookieName);
|
|
59
|
+
if (typeof refresh_token_cookie?.value === "string" &&
|
|
60
|
+
refresh_token_cookie.value.length > 64 &&
|
|
61
|
+
getStringByteSize(refresh_token_cookie.value) <= MaximumBrowserCookieSize) {
|
|
62
|
+
token_sources.push({
|
|
63
|
+
sourceHint: "Auth Server Refresh Token",
|
|
64
|
+
type: "refresh",
|
|
65
|
+
token: refresh_token_cookie.value,
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
if (req.headers.has(RefreshTokenCookieName)) {
|
|
69
|
+
const auth_header = req.headers.get("Authorization");
|
|
70
|
+
if (!auth_header || typeof auth_header !== "string") {
|
|
71
|
+
throw new Error("Expected 'Authorization' to be non-empty string if set.");
|
|
72
|
+
}
|
|
73
|
+
if (!auth_header.startsWith("Bearer ")) {
|
|
74
|
+
throw new Error("Expected header 'Authorization' to start with 'Bearer '");
|
|
75
|
+
}
|
|
76
|
+
const refresh_token_from_header = typeof auth_header === "string" && auth_header.startsWith("Bearer ")
|
|
77
|
+
? auth_header.slice("Bearer ".length)
|
|
78
|
+
: "";
|
|
79
|
+
if (!refresh_token_from_header) {
|
|
80
|
+
throw new Error(`Refresh token cookie from header 'Authorization' appears to be empty!`);
|
|
81
|
+
}
|
|
82
|
+
token_sources.push({
|
|
83
|
+
sourceHint: "Auth Server Access Token",
|
|
84
|
+
type: "access",
|
|
85
|
+
token: refresh_token_from_header,
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
const route_guard_factory = new RouteGuardFactory({
|
|
89
|
+
environment,
|
|
90
|
+
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id,
|
|
91
|
+
jwt_keys_manager,
|
|
92
|
+
});
|
|
93
|
+
const route_guard = await route_guard_factory.createGuardFromTokenSources("admin", token_sources, SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id);
|
|
94
|
+
if (!route_guard.user) {
|
|
95
|
+
return NextResponse.json({
|
|
96
|
+
success: false,
|
|
97
|
+
error: true,
|
|
98
|
+
message: "Authentication failed, unknown user",
|
|
99
|
+
}, { status: 401 });
|
|
100
|
+
}
|
|
101
|
+
const user = route_guard.user;
|
|
102
|
+
if (!Array.isArray(route_guard.user_organizations)) {
|
|
103
|
+
return NextResponse.json({
|
|
104
|
+
success: false,
|
|
105
|
+
error: true,
|
|
106
|
+
message: "Authentication failed, failed to load user organizations",
|
|
107
|
+
}, { status: 401 });
|
|
108
|
+
}
|
|
109
|
+
if (!route_guard.isAccessAllowed() || !route_guard.user.admin) {
|
|
110
|
+
return NextResponse.json({
|
|
111
|
+
success: false,
|
|
112
|
+
error: true,
|
|
113
|
+
message: "Access is not allowed",
|
|
114
|
+
}, { status: 403 });
|
|
115
|
+
}
|
|
116
|
+
return (await AdminApiRoute({
|
|
117
|
+
req,
|
|
118
|
+
user,
|
|
119
|
+
dbh,
|
|
120
|
+
environment,
|
|
121
|
+
}));
|
|
122
|
+
};
|
|
123
|
+
}
|
|
124
|
+
//# sourceMappingURL=withAdminRouteGuard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"withAdminRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAdminRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAErB,OAAO,EAEL,gCAAgC,EAEhC,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AAMvC,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,cAAc,CAAC;AAEtD,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,iBAAiB,MAAM,oCAAoC,CAAC;AACnE,OAAO,EAAoB,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,iBAAiB,MAAM,qBAAqB,CAAC;AACpD,OAAO,wBAAwB,MAAM,4BAA4B,CAAC;AAClE,OAAO,sBAAsB,MAAM,2BAA2B,CAAC;AAC/D,OAAO,0BAA0B,MAAM,kCAAkC,CAAC;AA+B1E,MAAM,CAAC,KAAK,UAAU,kCAAkC,CACtD,KAE0C,EAC1C,GAAY,EACZ,gBAAgC,EAChC,iBAAoC,0BAA0B;IAE9D,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;IACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;IACpD,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,aAAa,GAAkC,EAAE,CAAC;IAExD,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC1D,IAAI,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;QACpD,aAAa,CAAC,IAAI,CAAC;YACjB,UAAU,EAAE,2BAA2B;YACvC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,oBAAoB,CAAC,KAAK;SAClC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;QAChD,WAAW;QACX,cAAc,EAAE,aAAa,KAAK,gCAAgC,CAAC,MAAM;QACzE,gBAAgB;KACjB,CAAC,CAAC;IACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,OAAO,EACP,aAAa,EACb,gCAAgC,CAAC,MAAM,CACxC,CAAC;IAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACtB,2BAA2B,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;IAExC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACnD,2BAA2B,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAClD,2BAA2B,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,iCAAiC,GACrC,OAAO,KAAK,KAAK,UAAU;QACzB,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,KAAK,CAAC,iCAAiC,CAAC;IAC9C,IAAI,OAAO,iCAAiC,KAAK,UAAU,EAAE,CAAC;QAC5D,MAAM,IAAI,SAAS,CACjB,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,MAAM,iCAAiC,CAAC;QAC9C,IAAI;QACJ,GAAG;QACH,WAAW;KACZ,CAAC,CAAwB,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,KAAkC,EAClC,GAAY,EACZ,gBAAgC,EAChC,iBAAoC,0BAA0B;IAE9D,MAAM,aAAa,GAAgC,KAAK,CAAC;IACzD,OAAO,KAAK,UAAU,sBAAsB,CAC1C,GAAgB;QAEhB,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;QACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;QAEpD,MAAM,aAAa,GAAkC,EAAE,CAAC;QAExD,MAAM,oBAAoB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACrE,IACE,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ;YAC/C,oBAAoB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;YACtC,iBAAiB,CAAC,oBAAoB,CAAC,KAAK,CAAC,IAAI,wBAAwB,EACzE,CAAC;YACD,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,2BAA2B;gBACvC,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,oBAAoB,CAAC,KAAsB;aACnD,CAAC,CAAC;QACL,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC5C,MAAM,WAAW,GAAkB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACpE,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACpD,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;YACD,MAAM,yBAAyB,GAC7B,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC;gBAClE,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC;gBACrC,CAAC,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;YACJ,CAAC;YACD,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,0BAA0B;gBACtC,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,yBAA0C;aAClD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;YAChD,WAAW;YACX,cAAc,EAAE,aAAa,KAAK,gCAAgC,CAAC,MAAM;YACzE,gBAAgB;SACjB,CAAC,CAAC;QACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,OAAO,EACP,aAAa,EACb,gCAAgC,CAAC,MAAM,CACxC,CAAC;QAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACtB,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,qCAAqC;aAC/C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;QAExC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACnD,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,0DAA0D;aACpE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9D,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,uBAAuB;aACjC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,aAAa,CAAC;YAC1B,GAAG;YACH,IAAI;YACJ,GAAG;YACH,WAAW;SACZ,CAAC,CAAwB,CAAC;IAC7B,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import "server-only";
|
|
2
|
+
import { ApiServerId, type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
3
|
+
import type { OrganizationID, UserData } from "@schemavaults/auth-common";
|
|
4
|
+
import type { ReactElement } from "react";
|
|
5
|
+
import { type NextRequest, NextResponse } from "next/server";
|
|
6
|
+
import type { SchemaVaultsPostgresNeonProxyAdapter } from "@schemavaults/dbh";
|
|
7
|
+
import { IJwtKeyManager } from "../JwtKeyManager";
|
|
8
|
+
interface Dbh<Db extends object> extends AsyncDisposable, SchemaVaultsPostgresNeonProxyAdapter<Db> {
|
|
9
|
+
}
|
|
10
|
+
export interface IProtectedAuthenticatedServerComponentPageProps<Db extends object> {
|
|
11
|
+
user: UserData;
|
|
12
|
+
user_organizations: readonly OrganizationID[];
|
|
13
|
+
dbh: Dbh<Db>;
|
|
14
|
+
environment: SchemaVaultsAppEnvironment;
|
|
15
|
+
}
|
|
16
|
+
export type TProtectedAuthenticatedPageServerComponent<Db extends object> = (props: IProtectedAuthenticatedServerComponentPageProps<Db>) => Promise<ReactElement>;
|
|
17
|
+
export interface IProtectedAuthenticatedApiRouteProps<Db extends object> extends IProtectedAuthenticatedServerComponentPageProps<Db> {
|
|
18
|
+
req: NextRequest;
|
|
19
|
+
}
|
|
20
|
+
export type TProtectedAuthenticatedApiRoute<Db extends object> = (props: IProtectedAuthenticatedApiRouteProps<Db>) => Promise<NextResponse>;
|
|
21
|
+
export interface IWithAuthenticatedRouteGuardUtilOpts<Db extends object> {
|
|
22
|
+
ProtectedAuthenticatedPageServerComponent: TProtectedAuthenticatedPageServerComponent<Db>;
|
|
23
|
+
}
|
|
24
|
+
export declare function withAuthenticatedServerComponentRouteGuard<Db extends object>(input: IWithAuthenticatedRouteGuardUtilOpts<Db> | TProtectedAuthenticatedPageServerComponent<Db>, dbh: Dbh<Db>, jwt_keys_manager: IJwtKeyManager, getApiServerId?: () => ApiServerId): Promise<ReactElement>;
|
|
25
|
+
export declare function withAuthenticatedApiRouteGuard<Db extends object>(input: TProtectedAuthenticatedApiRoute<Db>, dbh: Dbh<Db>, jwt_keys_manager: IJwtKeyManager, getApiServerId?: () => ApiServerId): (req: NextRequest) => Promise<NextResponse>;
|
|
26
|
+
export {};
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
import "server-only";
|
|
2
|
+
import { SCHEMAVAULTS_AUTH_APP_DEFINITION, getAppEnvironment, } from "@schemavaults/app-definitions";
|
|
3
|
+
import { cookies as loadCookies } from "next/headers";
|
|
4
|
+
import { redirectWithNextAppDirError } from "../redirect-with-error";
|
|
5
|
+
import RouteGuardFactory from "../route_guards/route-guard-factory";
|
|
6
|
+
import { NextResponse } from "next/server";
|
|
7
|
+
import getStringByteSize from "../getStringByteSize";
|
|
8
|
+
import MaximumBrowserCookieSize from "../MaximumBrowserCookieSize";
|
|
9
|
+
import RefreshTokenCookieName from "../RefreshTokenCookieNames";
|
|
10
|
+
import getSchemavaultsApiServerId from "../get-schemavaults-api-server-id";
|
|
11
|
+
export async function withAuthenticatedServerComponentRouteGuard(input, dbh, jwt_keys_manager, getApiServerId = getSchemavaultsApiServerId) {
|
|
12
|
+
const environment = getAppEnvironment();
|
|
13
|
+
const api_server_id = getApiServerId();
|
|
14
|
+
const cookies = await loadCookies();
|
|
15
|
+
const token_sources = [];
|
|
16
|
+
const refresh_token_cookie = cookies.get("refresh_token");
|
|
17
|
+
if (typeof refresh_token_cookie?.value === "string") {
|
|
18
|
+
token_sources.push({
|
|
19
|
+
sourceHint: "Auth Server Refresh Token",
|
|
20
|
+
type: "refresh",
|
|
21
|
+
token: refresh_token_cookie.value,
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
const route_guard_factory = new RouteGuardFactory({
|
|
25
|
+
environment,
|
|
26
|
+
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id,
|
|
27
|
+
jwt_keys_manager,
|
|
28
|
+
});
|
|
29
|
+
const route_guard = await route_guard_factory.createGuardFromTokenSources("authenticated", token_sources, api_server_id);
|
|
30
|
+
if (!route_guard.user) {
|
|
31
|
+
redirectWithNextAppDirError(401, "unauthenticated");
|
|
32
|
+
}
|
|
33
|
+
const user = route_guard.user;
|
|
34
|
+
if (!route_guard.isAccessAllowed()) {
|
|
35
|
+
redirectWithNextAppDirError(403, "forbidden");
|
|
36
|
+
}
|
|
37
|
+
const ProtectedAuthenticatedPageServerComponent = typeof input === "function"
|
|
38
|
+
? input
|
|
39
|
+
: input.ProtectedAuthenticatedPageServerComponent;
|
|
40
|
+
if (typeof ProtectedAuthenticatedPageServerComponent !== "function") {
|
|
41
|
+
throw new TypeError("Expected ProtectedAuthenticatedPageServerComponent to be a function");
|
|
42
|
+
}
|
|
43
|
+
return (await ProtectedAuthenticatedPageServerComponent({
|
|
44
|
+
user,
|
|
45
|
+
dbh,
|
|
46
|
+
environment,
|
|
47
|
+
user_organizations: route_guard.user_organizations,
|
|
48
|
+
}));
|
|
49
|
+
}
|
|
50
|
+
export function withAuthenticatedApiRouteGuard(input, dbh, jwt_keys_manager, getApiServerId = getSchemavaultsApiServerId) {
|
|
51
|
+
const AuthenticatedApiRoute = input;
|
|
52
|
+
return async function ProtectedAuthenticatedApiRoute(req) {
|
|
53
|
+
const environment = getAppEnvironment();
|
|
54
|
+
const api_server_id = getApiServerId();
|
|
55
|
+
const token_sources = [];
|
|
56
|
+
const refresh_token_cookie = req.cookies.get(RefreshTokenCookieName);
|
|
57
|
+
if (typeof refresh_token_cookie?.value === "string" &&
|
|
58
|
+
refresh_token_cookie.value.length > 64 &&
|
|
59
|
+
getStringByteSize(refresh_token_cookie.value) <= MaximumBrowserCookieSize) {
|
|
60
|
+
token_sources.push({
|
|
61
|
+
sourceHint: "Auth Server Refresh Token",
|
|
62
|
+
type: "refresh",
|
|
63
|
+
token: refresh_token_cookie.value,
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
if (req.headers.has(RefreshTokenCookieName)) {
|
|
67
|
+
const auth_header = req.headers.get("Authorization");
|
|
68
|
+
if (!auth_header || typeof auth_header !== "string") {
|
|
69
|
+
throw new Error("Expected 'Authorization' to be non-empty string if set.");
|
|
70
|
+
}
|
|
71
|
+
if (!auth_header.startsWith("Bearer ")) {
|
|
72
|
+
throw new Error("Expected header 'Authorization' to start with 'Bearer '");
|
|
73
|
+
}
|
|
74
|
+
const refresh_token_from_header = typeof auth_header === "string" && auth_header.startsWith("Bearer ")
|
|
75
|
+
? auth_header.slice("Bearer ".length)
|
|
76
|
+
: "";
|
|
77
|
+
if (!refresh_token_from_header) {
|
|
78
|
+
throw new Error(`Refresh token cookie from header 'Authorization' appears to be empty!`);
|
|
79
|
+
}
|
|
80
|
+
token_sources.push({
|
|
81
|
+
sourceHint: "Auth Server Access Token",
|
|
82
|
+
type: "access",
|
|
83
|
+
token: refresh_token_from_header,
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
const route_guard_factory = new RouteGuardFactory({
|
|
87
|
+
environment,
|
|
88
|
+
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id,
|
|
89
|
+
jwt_keys_manager,
|
|
90
|
+
});
|
|
91
|
+
const route_guard = await route_guard_factory.createGuardFromTokenSources("authenticated", token_sources, SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id);
|
|
92
|
+
if (!route_guard.user) {
|
|
93
|
+
return NextResponse.json({
|
|
94
|
+
success: false,
|
|
95
|
+
error: true,
|
|
96
|
+
message: "Authentication failed, unknown user",
|
|
97
|
+
}, { status: 401 });
|
|
98
|
+
}
|
|
99
|
+
const user = route_guard.user;
|
|
100
|
+
if (!Array.isArray(route_guard.user_organizations)) {
|
|
101
|
+
return NextResponse.json({
|
|
102
|
+
success: false,
|
|
103
|
+
error: true,
|
|
104
|
+
message: "Authentication failed, failed to load associated user organizations",
|
|
105
|
+
}, { status: 401 });
|
|
106
|
+
}
|
|
107
|
+
if (!route_guard.isAccessAllowed() || !route_guard.user) {
|
|
108
|
+
return NextResponse.json({
|
|
109
|
+
success: false,
|
|
110
|
+
error: true,
|
|
111
|
+
message: "Access is not allowed",
|
|
112
|
+
}, { status: 403 });
|
|
113
|
+
}
|
|
114
|
+
const user_organizations = route_guard.user_organizations;
|
|
115
|
+
return (await AuthenticatedApiRoute({
|
|
116
|
+
req,
|
|
117
|
+
user,
|
|
118
|
+
dbh,
|
|
119
|
+
environment,
|
|
120
|
+
user_organizations,
|
|
121
|
+
}));
|
|
122
|
+
};
|
|
123
|
+
}
|
|
124
|
+
//# sourceMappingURL=withAuthenticatedRouteGuard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"withAuthenticatedRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAuthenticatedRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAErB,OAAO,EAEL,gCAAgC,EAEhC,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AAOvC,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,cAAc,CAAC;AAEtD,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,iBAAiB,MAAM,oCAAoC,CAAC;AACnE,OAAO,EAAoB,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,iBAAiB,MAAM,qBAAqB,CAAC;AACpD,OAAO,wBAAwB,MAAM,4BAA4B,CAAC;AAClE,OAAO,sBAAsB,MAAM,2BAA2B,CAAC;AAE/D,OAAO,0BAA0B,MAAM,kCAAkC,CAAC;AAiC1E,MAAM,CAAC,KAAK,UAAU,0CAA0C,CAG9D,KAEkD,EAClD,GAAY,EACZ,gBAAgC,EAChC,iBAAoC,0BAA0B;IAE9D,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;IACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;IACpD,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,aAAa,GAAkC,EAAE,CAAC;IAExD,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC1D,IAAI,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;QACpD,aAAa,CAAC,IAAI,CAAC;YACjB,UAAU,EAAE,2BAA2B;YACvC,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,oBAAoB,CAAC,KAAK;SAClC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;QAChD,WAAW;QACX,cAAc,EAAE,aAAa,KAAK,gCAAgC,CAAC,MAAM;QACzE,gBAAgB;KACjB,CAAC,CAAC;IACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,eAAe,EACf,aAAa,EACb,aAAa,CACd,CAAC;IAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACtB,2BAA2B,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;IAExC,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,EAAE,CAAC;QACnC,2BAA2B,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,yCAAyC,GAC7C,OAAO,KAAK,KAAK,UAAU;QACzB,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,KAAK,CAAC,yCAAyC,CAAC;IACtD,IAAI,OAAO,yCAAyC,KAAK,UAAU,EAAE,CAAC;QACpE,MAAM,IAAI,SAAS,CACjB,qEAAqE,CACtE,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,MAAM,yCAAyC,CAAC;QACtD,IAAI;QACJ,GAAG;QACH,WAAW;QACX,kBAAkB,EAAE,WAAW,CAAC,kBAAkB;KACnD,CAAC,CAAwB,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,8BAA8B,CAC5C,KAA0C,EAC1C,GAAY,EACZ,gBAAgC,EAChC,iBAAoC,0BAA0B;IAE9D,MAAM,qBAAqB,GAAwC,KAAK,CAAC;IACzE,OAAO,KAAK,UAAU,8BAA8B,CAClD,GAAgB;QAEhB,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;QACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;QAEpD,MAAM,aAAa,GAAkC,EAAE,CAAC;QAExD,MAAM,oBAAoB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACrE,IACE,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ;YAC/C,oBAAoB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;YACtC,iBAAiB,CAAC,oBAAoB,CAAC,KAAK,CAAC,IAAI,wBAAwB,EACzE,CAAC;YACD,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,2BAA2B;gBACvC,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,oBAAoB,CAAC,KAAsB;aACnD,CAAC,CAAC;QACL,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC5C,MAAM,WAAW,GAAkB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACpE,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACpD,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;YACD,MAAM,yBAAyB,GAC7B,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC;gBAClE,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC;gBACrC,CAAC,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,yBAAyB,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;YACJ,CAAC;YACD,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,0BAA0B;gBACtC,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,yBAA0C;aAClD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;YAChD,WAAW;YACX,cAAc,EAAE,aAAa,KAAK,gCAAgC,CAAC,MAAM;YACzE,gBAAgB;SACjB,CAAC,CAAC;QACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,eAAe,EACf,aAAa,EACb,gCAAgC,CAAC,MAAM,CACxC,CAAC;QAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACtB,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,qCAAqC;aAC/C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;QAExC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACnD,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EACL,qEAAqE;aACxE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACxD,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,uBAAuB;aACjC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,MAAM,kBAAkB,GACtB,WAAW,CAAC,kBAAkB,CAAC;QAEjC,OAAO,CAAC,MAAM,qBAAqB,CAAC;YAClC,GAAG;YACH,IAAI;YACJ,GAAG;YACH,WAAW;YACX,kBAAkB;SACnB,CAAC,CAAwB,CAAC;IAC7B,CAAC,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@schemavaults/auth-server-sdk",
|
|
3
3
|
"description": "TypeScript SDK for building authenticated endpoints/middlewares for the Auth Server and Resource Servers",
|
|
4
|
-
"version": "0.17.
|
|
4
|
+
"version": "0.17.6",
|
|
5
5
|
"license": "UNLICENSED",
|
|
6
6
|
"private": false,
|
|
7
7
|
"repository": {
|
|
@@ -15,9 +15,9 @@
|
|
|
15
15
|
"types": "dist/index.d.ts",
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"zod": "3.23.8",
|
|
18
|
-
"@schemavaults/jwt": "0.6.
|
|
19
|
-
"@schemavaults/auth-common": "0.7.
|
|
20
|
-
"@schemavaults/app-definitions": "0.6.
|
|
18
|
+
"@schemavaults/jwt": "0.6.15",
|
|
19
|
+
"@schemavaults/auth-common": "0.7.29",
|
|
20
|
+
"@schemavaults/app-definitions": "0.6.11"
|
|
21
21
|
},
|
|
22
22
|
"scripts": {
|
|
23
23
|
"build": "tsc --project tsconfig.json && tsc-alias --project tsconfig.json",
|
|
@@ -28,10 +28,12 @@
|
|
|
28
28
|
"lint": "eslint src --ext .ts,.tsx"
|
|
29
29
|
},
|
|
30
30
|
"devDependencies": {
|
|
31
|
+
"@schemavaults/dbh": "0.7.1",
|
|
31
32
|
"typescript": "5.9.3",
|
|
32
33
|
"bun-types": "1.3.6",
|
|
34
|
+
"@types/react": "19.0.0",
|
|
33
35
|
"tsc-alias": "1.8.15",
|
|
34
|
-
"next": "16.
|
|
36
|
+
"next": "16.1.4",
|
|
35
37
|
"eslint": "9.39.1",
|
|
36
38
|
"@eslint/js": "9.39.1",
|
|
37
39
|
"globals": "16.5.0",
|
|
@@ -41,5 +43,77 @@
|
|
|
41
43
|
"publishConfig": {
|
|
42
44
|
"access": "public"
|
|
43
45
|
},
|
|
44
|
-
"packageManager": "bun@1.3.6"
|
|
46
|
+
"packageManager": "bun@1.3.6",
|
|
47
|
+
"exports": {
|
|
48
|
+
".": {
|
|
49
|
+
"types": "./dist/index.d.ts",
|
|
50
|
+
"import": "./dist/index.js",
|
|
51
|
+
"require": "./dist/index.cjs"
|
|
52
|
+
},
|
|
53
|
+
"./*": {
|
|
54
|
+
"types": "./dist/*",
|
|
55
|
+
"import": "./dist/*",
|
|
56
|
+
"require": "./dist/*"
|
|
57
|
+
},
|
|
58
|
+
"./dist/*": {
|
|
59
|
+
"types": "./dist/*",
|
|
60
|
+
"import": "./dist/*",
|
|
61
|
+
"require": "./dist/*"
|
|
62
|
+
},
|
|
63
|
+
"./auth-server-error-message-catalog": {
|
|
64
|
+
"types": "./dist/auth-server-error-message-catalog.d.ts",
|
|
65
|
+
"import": "./dist/auth-server-error-message-catalog.js",
|
|
66
|
+
"require": "./dist/auth-server-error-message-catalog.js"
|
|
67
|
+
},
|
|
68
|
+
"./redirect-with-error": {
|
|
69
|
+
"types": "./dist/redirect-with-error.d.ts",
|
|
70
|
+
"import": "./dist/redirect-with-error.js",
|
|
71
|
+
"require": "./dist/redirect-with-error.js"
|
|
72
|
+
},
|
|
73
|
+
"./route_guards": {
|
|
74
|
+
"types": "./dist/route_guards/index.d.ts",
|
|
75
|
+
"import": "./dist/route_guards/index.js",
|
|
76
|
+
"require": "./dist/route_guards/index.js"
|
|
77
|
+
},
|
|
78
|
+
"./route_guards/*": {
|
|
79
|
+
"types": "./dist/route_guards/*",
|
|
80
|
+
"import": "./dist/route_guards/*",
|
|
81
|
+
"require": "./dist/route_guards/*"
|
|
82
|
+
},
|
|
83
|
+
"./middleware": {
|
|
84
|
+
"types": "./dist/middleware/index.d.ts",
|
|
85
|
+
"import": "./dist/middleware/index.js",
|
|
86
|
+
"require": "./dist/middleware/index.js"
|
|
87
|
+
},
|
|
88
|
+
"./middleware/*": {
|
|
89
|
+
"types": "./dist/middleware/*",
|
|
90
|
+
"import": "./dist/middleware/*",
|
|
91
|
+
"require": "./dist/middleware/*"
|
|
92
|
+
},
|
|
93
|
+
"./MaximumBrowserCookieSize": {
|
|
94
|
+
"types": "./dist/MaximumBrowserCookieSize.d.ts",
|
|
95
|
+
"import": "./dist/MaximumBrowserCookieSize.js",
|
|
96
|
+
"require": "./dist/MaximumBrowserCookieSize.js"
|
|
97
|
+
},
|
|
98
|
+
"./get-schemavaults-api-server-id": {
|
|
99
|
+
"types": "./dist/get-schemavaults-api-server-id.d.ts",
|
|
100
|
+
"import": "./dist/get-schemavaults-api-server-id.js",
|
|
101
|
+
"require": "./dist/get-schemavaults-api-server-id.js"
|
|
102
|
+
},
|
|
103
|
+
"./get-schemavaults-auth-server-uri": {
|
|
104
|
+
"types": "./dist/get-schemavaults-auth-server-uri.d.ts",
|
|
105
|
+
"import": "./dist/get-schemavaults-auth-server-uri.js",
|
|
106
|
+
"require": "./dist/get-schemavaults-auth-server-uri.js"
|
|
107
|
+
},
|
|
108
|
+
"./RefreshTokenCookieNames": {
|
|
109
|
+
"types": "./dist/RefreshTokenCookieNames.d.ts",
|
|
110
|
+
"import": "./dist/RefreshTokenCookieNames.js",
|
|
111
|
+
"require": "./dist/RefreshTokenCookieNames.js"
|
|
112
|
+
},
|
|
113
|
+
"./getStringByteSize": {
|
|
114
|
+
"types": "./dist/getStringByteSize.d.ts",
|
|
115
|
+
"import": "./dist/getStringByteSize.js",
|
|
116
|
+
"require": "./dist/getStringByteSize.js"
|
|
117
|
+
}
|
|
118
|
+
}
|
|
45
119
|
}
|