@schemavaults/auth-server-sdk 0.17.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/DatabaseResourceGroup/IDatabaseResourceGroup.d.ts +4 -0
- package/dist/DatabaseResourceGroup/IDatabaseResourceGroup.js +2 -0
- package/dist/DatabaseResourceGroup/IDatabaseResourceGroup.js.map +1 -0
- package/dist/DatabaseResourceGroup/index.d.ts +1 -0
- package/dist/DatabaseResourceGroup/index.js +2 -0
- package/dist/DatabaseResourceGroup/index.js.map +1 -0
- package/dist/JwtKeyManager/DatabaseConnectedJwtKeyManager.d.ts +12 -0
- package/dist/JwtKeyManager/DatabaseConnectedJwtKeyManager.js +17 -0
- package/dist/JwtKeyManager/DatabaseConnectedJwtKeyManager.js.map +1 -0
- package/dist/JwtKeyManager/IJwtKeyManager.d.ts +4 -0
- package/dist/JwtKeyManager/IJwtKeyManager.js +2 -0
- package/dist/JwtKeyManager/IJwtKeyManager.js.map +1 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.d.ts +16 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.js +14 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.js.map +1 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/IJsonWebKeySetsStore.d.ts +12 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/IJsonWebKeySetsStore.js +2 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/IJsonWebKeySetsStore.js.map +1 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/MockJwtKeySetsStore.d.ts +15 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/MockJwtKeySetsStore.js +88 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/MockJwtKeySetsStore.js.map +1 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/index.d.ts +2 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/index.js +2 -0
- package/dist/JwtKeyManager/JsonWebKeySetsStore/index.js.map +1 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.d.ts +11 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js +21 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js.map +1 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/index.d.ts +2 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/index.js +3 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/index.js.map +1 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.d.ts +7 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js +22 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js.map +1 -0
- package/dist/JwtKeyManager/index.d.ts +6 -0
- package/dist/JwtKeyManager/index.js +5 -0
- package/dist/JwtKeyManager/index.js.map +1 -0
- package/dist/JwtKeyManager/loadJwtDecodingKeys.d.ts +19 -0
- package/dist/JwtKeyManager/loadJwtDecodingKeys.js +52 -0
- package/dist/JwtKeyManager/loadJwtDecodingKeys.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -0
- package/dist/middleware/index.d.ts +5 -0
- package/dist/middleware/index.js +3 -0
- package/dist/middleware/index.js.map +1 -0
- package/dist/middleware/middleware_chain/index.d.ts +2 -0
- package/dist/middleware/middleware_chain/index.js +2 -0
- package/dist/middleware/middleware_chain/index.js.map +1 -0
- package/dist/middleware/middleware_chain/middleware_chain.d.ts +13 -0
- package/dist/middleware/middleware_chain/middleware_chain.js +53 -0
- package/dist/middleware/middleware_chain/middleware_chain.js.map +1 -0
- package/dist/middleware/middleware_types.d.ts +21 -0
- package/dist/middleware/middleware_types.js +2 -0
- package/dist/middleware/middleware_types.js.map +1 -0
- package/dist/middleware/middlewares/BaseMiddleware.d.ts +24 -0
- package/dist/middleware/middlewares/BaseMiddleware.js +53 -0
- package/dist/middleware/middlewares/BaseMiddleware.js.map +1 -0
- package/dist/middleware/middlewares/default_middleware.d.ts +10 -0
- package/dist/middleware/middlewares/default_middleware.js +25 -0
- package/dist/middleware/middlewares/default_middleware.js.map +1 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/index.d.ts +1 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/index.js +2 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/index.js.map +1 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.d.ts +32 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js +245 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/applyCorsHeaders.d.ts +12 -0
- package/dist/middleware/middlewares/withCorsSettings/applyCorsHeaders.js +46 -0
- package/dist/middleware/middlewares/withCorsSettings/applyCorsHeaders.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/assertNoOriginSet.d.ts +1 -0
- package/dist/middleware/middlewares/withCorsSettings/assertNoOriginSet.js +7 -0
- package/dist/middleware/middlewares/withCorsSettings/assertNoOriginSet.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/cors-policies.d.ts +8 -0
- package/dist/middleware/middlewares/withCorsSettings/cors-policies.js +21 -0
- package/dist/middleware/middlewares/withCorsSettings/cors-policies.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/ensureHttpsInProd.d.ts +3 -0
- package/dist/middleware/middlewares/withCorsSettings/ensureHttpsInProd.js +22 -0
- package/dist/middleware/middlewares/withCorsSettings/ensureHttpsInProd.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/index.d.ts +4 -0
- package/dist/middleware/middlewares/withCorsSettings/index.js +3 -0
- package/dist/middleware/middlewares/withCorsSettings/index.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.d.ts +11 -0
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js +105 -0
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/pretty-print-available-policies.d.ts +1 -0
- package/dist/middleware/middlewares/withCorsSettings/pretty-print-available-policies.js +32 -0
- package/dist/middleware/middlewares/withCorsSettings/pretty-print-available-policies.js.map +1 -0
- package/dist/middleware/middlewares/withCorsSettings/withCorsSettings.d.ts +25 -0
- package/dist/middleware/middlewares/withCorsSettings/withCorsSettings.js +231 -0
- package/dist/middleware/middlewares/withCorsSettings/withCorsSettings.js.map +1 -0
- package/dist/middleware/middlewares/withLogging.d.ts +6 -0
- package/dist/middleware/middlewares/withLogging.js +31 -0
- package/dist/middleware/middlewares/withLogging.js.map +1 -0
- package/dist/middleware/server-middleware.d.ts +23 -0
- package/dist/middleware/server-middleware.js +103 -0
- package/dist/middleware/server-middleware.js.map +1 -0
- package/dist/route_guards/admin.d.ts +5 -0
- package/dist/route_guards/admin.js +13 -0
- package/dist/route_guards/admin.js.map +1 -0
- package/dist/route_guards/authenticated.d.ts +5 -0
- package/dist/route_guards/authenticated.js +11 -0
- package/dist/route_guards/authenticated.js.map +1 -0
- package/dist/route_guards/base-route-guard.d.ts +15 -0
- package/dist/route_guards/base-route-guard.js +24 -0
- package/dist/route_guards/base-route-guard.js.map +1 -0
- package/dist/route_guards/index.d.ts +4 -0
- package/dist/route_guards/index.js +4 -0
- package/dist/route_guards/index.js.map +1 -0
- package/dist/route_guards/init_route_guard_check_options.d.ts +6 -0
- package/dist/route_guards/init_route_guard_check_options.js +2 -0
- package/dist/route_guards/init_route_guard_check_options.js.map +1 -0
- package/dist/route_guards/route-guard-factory.d.ts +25 -0
- package/dist/route_guards/route-guard-factory.js +155 -0
- package/dist/route_guards/route-guard-factory.js.map +1 -0
- package/package.json +45 -0
package/README.md
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"IDatabaseResourceGroup.js","sourceRoot":"","sources":["../../src/DatabaseResourceGroup/IDatabaseResourceGroup.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export type { IDatabaseResourceGroup } from "./IDatabaseResourceGroup";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/DatabaseResourceGroup/index.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { JWKS } from "@schemavaults/jwt";
|
|
2
|
+
import type { IJsonWebKeySetsStore } from "./JsonWebKeySetsStore";
|
|
3
|
+
import type { IJwtKeyManager } from "./IJwtKeyManager";
|
|
4
|
+
import type { IDatabaseResourceGroup } from "../DatabaseResourceGroup";
|
|
5
|
+
export declare class DatabaseConnectedJwtKeyManager implements IJwtKeyManager, IDatabaseResourceGroup {
|
|
6
|
+
protected readonly store: IJsonWebKeySetsStore & IDatabaseResourceGroup;
|
|
7
|
+
constructor(store: IJsonWebKeySetsStore & IDatabaseResourceGroup);
|
|
8
|
+
loadJwks(audienceId: string): Promise<JWKS>;
|
|
9
|
+
hasBeenInitialized(): Promise<boolean>;
|
|
10
|
+
performSetupTasks(): Promise<void>;
|
|
11
|
+
}
|
|
12
|
+
export default DatabaseConnectedJwtKeyManager;
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
export class DatabaseConnectedJwtKeyManager {
|
|
2
|
+
store;
|
|
3
|
+
constructor(store) {
|
|
4
|
+
this.store = store;
|
|
5
|
+
}
|
|
6
|
+
async loadJwks(audienceId) {
|
|
7
|
+
return await this.store.getJwks(audienceId);
|
|
8
|
+
}
|
|
9
|
+
async hasBeenInitialized() {
|
|
10
|
+
return await this.store.hasBeenInitialized();
|
|
11
|
+
}
|
|
12
|
+
async performSetupTasks() {
|
|
13
|
+
return await this.store.performSetupTasks();
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
export default DatabaseConnectedJwtKeyManager;
|
|
17
|
+
//# sourceMappingURL=DatabaseConnectedJwtKeyManager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"DatabaseConnectedJwtKeyManager.js","sourceRoot":"","sources":["../../src/JwtKeyManager/DatabaseConnectedJwtKeyManager.ts"],"names":[],"mappings":"AAKA,MAAM,OAAO,8BAA8B;IAGtB,KAAK,CAAgD;IAExE,YAAmB,KAAoD;QACrE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,UAAkB;QACtC,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9C,CAAC;IAEM,KAAK,CAAC,kBAAkB;QAC7B,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,iBAAiB;QAC5B,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;IAC9C,CAAC;CACF;AAED,eAAe,8BAA8B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"IJwtKeyManager.js","sourceRoot":"","sources":["../../src/JwtKeyManager/IJwtKeyManager.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import type { IJsonWebKeySetsStore } from "./IJsonWebKeySetsStore";
|
|
2
|
+
import { to_public_jwks, type I_JWT_Keys } from "@schemavaults/jwt";
|
|
3
|
+
import type { IDatabaseResourceGroup } from "../../DatabaseResourceGroup";
|
|
4
|
+
type JWKS = Awaited<ReturnType<typeof to_public_jwks>>;
|
|
5
|
+
export declare abstract class AbstractJsonWebKeySetsStore implements IJsonWebKeySetsStore, IDatabaseResourceGroup {
|
|
6
|
+
abstract get(audienceId: string, keySetId: string): Promise<I_JWT_Keys | null>;
|
|
7
|
+
abstract has(audienceId: string, keySetId: string): Promise<boolean>;
|
|
8
|
+
abstract storeKeySet(keys: I_JWT_Keys): Promise<void>;
|
|
9
|
+
abstract delete(audienceId: string, keySetId: string): Promise<void>;
|
|
10
|
+
abstract listActiveKeySets(audienceId: string, currentTimestamp?: number): Promise<readonly I_JWT_Keys[]>;
|
|
11
|
+
abstract clearOutdatedKeySets(currentTimestamp?: number): Promise<void>;
|
|
12
|
+
getJwks(audienceId: string): Promise<JWKS>;
|
|
13
|
+
abstract hasBeenInitialized(): Promise<boolean>;
|
|
14
|
+
abstract performSetupTasks(): Promise<void>;
|
|
15
|
+
}
|
|
16
|
+
export default AbstractJsonWebKeySetsStore;
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { apiServerIdSchema } from "@schemavaults/app-definitions";
|
|
2
|
+
import { to_public_jwks } from "@schemavaults/jwt";
|
|
3
|
+
export class AbstractJsonWebKeySetsStore {
|
|
4
|
+
async getJwks(audienceId) {
|
|
5
|
+
if (!apiServerIdSchema.safeParse(audienceId).success) {
|
|
6
|
+
throw new Error("Invalid audience ID to load JWKS for!");
|
|
7
|
+
}
|
|
8
|
+
const keysets = await this.listActiveKeySets(audienceId);
|
|
9
|
+
const jwks_promise = to_public_jwks(keysets);
|
|
10
|
+
return await jwks_promise;
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
export default AbstractJsonWebKeySetsStore;
|
|
14
|
+
//# sourceMappingURL=AbstractJsonWebKeySetsStore.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AbstractJsonWebKeySetsStore.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAElE,OAAO,EAAE,cAAc,EAAmB,MAAM,mBAAmB,CAAC;AAKpE,MAAM,OAAgB,2BAA2B;IAgBxC,KAAK,CAAC,OAAO,CAAC,UAAkB;QACrC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,OAAO,GACX,MAAM,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,YAAY,GAAkB,cAAc,CAAC,OAAO,CAAC,CAAC;QAC5D,OAAO,MAAM,YAAY,CAAC;IAC5B,CAAC;CAIF;AAED,eAAe,2BAA2B,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { I_JWT_Keys, to_public_jwks } from "@schemavaults/jwt";
|
|
2
|
+
type JWKS = Awaited<ReturnType<typeof to_public_jwks>>;
|
|
3
|
+
export interface IJsonWebKeySetsStore {
|
|
4
|
+
get(audienceId: string, keySetId: string): Promise<I_JWT_Keys | null>;
|
|
5
|
+
has(audienceId: string, keySetId: string): Promise<boolean>;
|
|
6
|
+
storeKeySet(keys: I_JWT_Keys): Promise<void>;
|
|
7
|
+
delete(audienceId: string, keySetId: string): Promise<void>;
|
|
8
|
+
listActiveKeySets(audienceId: string, currentTimestamp?: number): Promise<readonly I_JWT_Keys[]>;
|
|
9
|
+
clearOutdatedKeySets(currentTimestamp?: number): Promise<void>;
|
|
10
|
+
getJwks(audienceId: string): Promise<JWKS>;
|
|
11
|
+
}
|
|
12
|
+
export {};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"IJsonWebKeySetsStore.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/JsonWebKeySetsStore/IJsonWebKeySetsStore.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { I_JWT_Keys } from "@schemavaults/jwt";
|
|
2
|
+
import AbstractJsonWebKeySetsStore from "./AbstractJsonWebKeySetsStore";
|
|
3
|
+
import { IJsonWebKeySetsStore } from "./IJsonWebKeySetsStore";
|
|
4
|
+
export declare class MockJwtKeySetsStore extends AbstractJsonWebKeySetsStore implements IJsonWebKeySetsStore {
|
|
5
|
+
hasBeenInitialized(): Promise<boolean>;
|
|
6
|
+
performSetupTasks(): Promise<void>;
|
|
7
|
+
private _map;
|
|
8
|
+
get(audienceId: string, keySetId: string): Promise<I_JWT_Keys | null>;
|
|
9
|
+
has(audienceId: string, keySetId: string): Promise<boolean>;
|
|
10
|
+
storeKeySet(keys: I_JWT_Keys): Promise<void>;
|
|
11
|
+
delete(audienceId: string, keySetId: string): Promise<void>;
|
|
12
|
+
listActiveKeySets(audienceId: string, currentTimestamp?: number): Promise<readonly I_JWT_Keys[]>;
|
|
13
|
+
clearOutdatedKeySets(currentTimestamp?: number): Promise<void>;
|
|
14
|
+
}
|
|
15
|
+
export default MockJwtKeySetsStore;
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
import AbstractJsonWebKeySetsStore from "./AbstractJsonWebKeySetsStore";
|
|
2
|
+
export class MockJwtKeySetsStore extends AbstractJsonWebKeySetsStore {
|
|
3
|
+
async hasBeenInitialized() {
|
|
4
|
+
return true;
|
|
5
|
+
}
|
|
6
|
+
async performSetupTasks() {
|
|
7
|
+
return;
|
|
8
|
+
}
|
|
9
|
+
_map = new Map();
|
|
10
|
+
get(audienceId, keySetId) {
|
|
11
|
+
return new Promise((resolve) => {
|
|
12
|
+
const audienceKeysets = this._map.get(audienceId) ?? null;
|
|
13
|
+
if (!audienceKeysets) {
|
|
14
|
+
return resolve(null);
|
|
15
|
+
}
|
|
16
|
+
const keyset = audienceKeysets.get(keySetId) ?? null;
|
|
17
|
+
return resolve(keyset ?? null);
|
|
18
|
+
});
|
|
19
|
+
}
|
|
20
|
+
has(audienceId, keySetId) {
|
|
21
|
+
return new Promise((resolve) => {
|
|
22
|
+
const audienceKeysets = this._map.get(audienceId) ?? null;
|
|
23
|
+
if (!audienceKeysets) {
|
|
24
|
+
return resolve(false);
|
|
25
|
+
}
|
|
26
|
+
return resolve(audienceKeysets.has(keySetId));
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
storeKeySet(keys) {
|
|
30
|
+
const audience_id = keys.audience_id;
|
|
31
|
+
const keyset_id = keys.keyset_id;
|
|
32
|
+
return new Promise((resolve, reject) => {
|
|
33
|
+
// create keysets map for audience if it doesnt exist
|
|
34
|
+
if (!this._map.has(audience_id)) {
|
|
35
|
+
this._map.set(audience_id, new Map([[keyset_id, keys]]));
|
|
36
|
+
return resolve();
|
|
37
|
+
}
|
|
38
|
+
else {
|
|
39
|
+
// already exists, throw if keyset already exists
|
|
40
|
+
const keyset_map = this._map.get(audience_id);
|
|
41
|
+
if (keyset_map.has(keyset_id)) {
|
|
42
|
+
reject(new Error(`Keyset ${keyset_id} already exists for audience ${audience_id}`));
|
|
43
|
+
}
|
|
44
|
+
keyset_map.set(keyset_id, keys);
|
|
45
|
+
return resolve();
|
|
46
|
+
}
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
delete(audienceId, keySetId) {
|
|
50
|
+
return new Promise((resolve) => {
|
|
51
|
+
const audienceKeysetsMap = this._map.get(audienceId);
|
|
52
|
+
if (!audienceKeysetsMap) {
|
|
53
|
+
resolve();
|
|
54
|
+
return;
|
|
55
|
+
}
|
|
56
|
+
audienceKeysetsMap.delete(keySetId);
|
|
57
|
+
resolve();
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
listActiveKeySets(audienceId, currentTimestamp) {
|
|
61
|
+
return new Promise((resolve) => {
|
|
62
|
+
const now = typeof currentTimestamp === "number" ? currentTimestamp : Date.now();
|
|
63
|
+
const audienceKeysetsMap = this._map.get(audienceId);
|
|
64
|
+
if (!audienceKeysetsMap) {
|
|
65
|
+
return resolve([]);
|
|
66
|
+
}
|
|
67
|
+
const activeKeySets = audienceKeysetsMap
|
|
68
|
+
.values()
|
|
69
|
+
.filter((keyset) => keyset.keyset_expiry > now);
|
|
70
|
+
return resolve([...activeKeySets]);
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
clearOutdatedKeySets(currentTimestamp) {
|
|
74
|
+
return new Promise((resolve) => {
|
|
75
|
+
const now = typeof currentTimestamp === "number" ? currentTimestamp : Date.now();
|
|
76
|
+
for (const audienceKeysetsMap of this._map.values()) {
|
|
77
|
+
for (const keyset of audienceKeysetsMap.values()) {
|
|
78
|
+
if (keyset.keyset_expiry <= now) {
|
|
79
|
+
audienceKeysetsMap.delete(keyset.keyset_id);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
resolve();
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
export default MockJwtKeySetsStore;
|
|
88
|
+
//# sourceMappingURL=MockJwtKeySetsStore.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"MockJwtKeySetsStore.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/JsonWebKeySetsStore/MockJwtKeySetsStore.ts"],"names":[],"mappings":"AACA,OAAO,2BAA2B,MAAM,+BAA+B,CAAC;AAGxE,MAAM,OAAO,mBACX,SAAQ,2BAA2B;IAG5B,KAAK,CAAC,kBAAkB;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,iBAAiB;QAC5B,OAAO;IACT,CAAC;IACO,IAAI,GAAyC,IAAI,GAAG,EAAE,CAAC;IAExD,GAAG,CAAC,UAAkB,EAAE,QAAgB;QAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAQ,EAAE;YACnC,MAAM,eAAe,GACnB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;YACpC,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;YACD,MAAM,MAAM,GAAsB,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;YACxE,OAAO,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,GAAG,CAAC,UAAkB,EAAE,QAAgB;QAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAQ,EAAE;YACnC,MAAM,eAAe,GACnB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;YACpC,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC;YACxB,CAAC;YACD,OAAO,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,WAAW,CAAC,IAAgB;QACjC,MAAM,WAAW,GAAW,IAAI,CAAC,WAAW,CAAC;QAC7C,MAAM,SAAS,GAAW,IAAI,CAAC,SAAS,CAAC;QACzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAQ,EAAE;YAC3C,qDAAqD;YACrD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzD,OAAO,OAAO,EAAE,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,iDAAiD;gBACjD,MAAM,UAAU,GAA4B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAE,CAAC;gBACxE,IAAI,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9B,MAAM,CACJ,IAAI,KAAK,CACP,UAAU,SAAS,gCAAgC,WAAW,EAAE,CACjE,CACF,CAAC;gBACJ,CAAC;gBACD,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;gBAChC,OAAO,OAAO,EAAE,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,UAAkB,EAAE,QAAgB;QAChD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAQ,EAAE;YACnC,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACrD,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,OAAO,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YACD,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,iBAAiB,CACtB,UAAkB,EAClB,gBAAyB;QAEzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAQ,EAAE;YACnC,MAAM,GAAG,GACP,OAAO,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAEvE,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACrD,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,OAAO,OAAO,CAAC,EAAE,CAAC,CAAC;YACrB,CAAC;YAED,MAAM,aAAa,GAAG,kBAAkB;iBACrC,MAAM,EAAE;iBACR,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC;YAClD,OAAO,OAAO,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,oBAAoB,CAAC,gBAAyB;QACnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,GAAG,GACP,OAAO,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAEvE,KAAK,MAAM,kBAAkB,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBACpD,KAAK,MAAM,MAAM,IAAI,kBAAkB,CAAC,MAAM,EAAE,EAAE,CAAC;oBACjD,IAAI,MAAM,CAAC,aAAa,IAAI,GAAG,EAAE,CAAC;wBAChC,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;oBAC9C,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,mBAAmB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/JsonWebKeySetsStore/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { IJwtKeyManager } from "../../JwtKeyManager/IJwtKeyManager";
|
|
2
|
+
import type { JWKS } from "@schemavaults/jwt";
|
|
3
|
+
export interface IRemoteJwtKeyManagerConstructorOpts {
|
|
4
|
+
auth_server_uri: string;
|
|
5
|
+
}
|
|
6
|
+
export declare class RemoteJwtKeyManager implements IJwtKeyManager {
|
|
7
|
+
private readonly auth_server_uri;
|
|
8
|
+
constructor({ auth_server_uri }: IRemoteJwtKeyManagerConstructorOpts);
|
|
9
|
+
loadJwks(audienceId: string): Promise<JWKS>;
|
|
10
|
+
}
|
|
11
|
+
export default RemoteJwtKeyManager;
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import loadRemoteJwks from "./loadRemoteJwks";
|
|
2
|
+
import { apiServerIdSchema, SCHEMAVAULTS_AUTH_APP_DEFINITION, } from "@schemavaults/app-definitions";
|
|
3
|
+
export class RemoteJwtKeyManager {
|
|
4
|
+
auth_server_uri;
|
|
5
|
+
constructor({ auth_server_uri }) {
|
|
6
|
+
this.auth_server_uri = auth_server_uri;
|
|
7
|
+
}
|
|
8
|
+
async loadJwks(audienceId) {
|
|
9
|
+
if (!apiServerIdSchema.safeParse(audienceId).success) {
|
|
10
|
+
throw new Error(`Invalid audience to load remote JWKS for: '${audienceId}'`);
|
|
11
|
+
}
|
|
12
|
+
if (audienceId === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id) {
|
|
13
|
+
throw new Error(`Auth server doesn't need to load remote JWKS; it already has the keys.`);
|
|
14
|
+
}
|
|
15
|
+
return await loadRemoteJwks({
|
|
16
|
+
auth_server_uri: this.auth_server_uri,
|
|
17
|
+
});
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
export default RemoteJwtKeyManager;
|
|
21
|
+
//# sourceMappingURL=RemoteJwtKeyManager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"RemoteJwtKeyManager.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.ts"],"names":[],"mappings":"AAEA,OAAO,cAAc,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EACL,iBAAiB,EACjB,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;AAMvC,MAAM,OAAO,mBAAmB;IACb,eAAe,CAAS;IAEzC,YAAmB,EAAE,eAAe,EAAuC;QACzE,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,UAAkB;QACtC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CACb,8CAA8C,UAAU,GAAG,CAC5D,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,cAAc,CAAC;YAC1B,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,mBAAmB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,IAAI,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAE5F,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { JWKS } from "@schemavaults/jwt";
|
|
2
|
+
export interface ILoadRemoteJwksOpts {
|
|
3
|
+
auth_server_uri: string;
|
|
4
|
+
jwks_endpoint?: string;
|
|
5
|
+
}
|
|
6
|
+
export declare function loadRemoteJwks({ auth_server_uri, ...opts }: ILoadRemoteJwksOpts): Promise<JWKS>;
|
|
7
|
+
export default loadRemoteJwks;
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
const DEFAULT_REMOTE_JWKS_ENDPOINT = "/.well-known/jwks.json";
|
|
2
|
+
export async function loadRemoteJwks({ auth_server_uri, ...opts }) {
|
|
3
|
+
const jwks_endpoint = typeof opts.jwks_endpoint === 'string' ? opts.jwks_endpoint : DEFAULT_REMOTE_JWKS_ENDPOINT;
|
|
4
|
+
const response = await fetch(`${auth_server_uri}${jwks_endpoint}`, { method: "GET" });
|
|
5
|
+
if (!response.ok || response.status !== 200) {
|
|
6
|
+
throw new Error("Failed to load jwks.json from auth server!");
|
|
7
|
+
}
|
|
8
|
+
const body = await response.json();
|
|
9
|
+
if (typeof body !== 'object' || !body) {
|
|
10
|
+
throw new TypeError("Expected result of loading jwks.json to be an object!");
|
|
11
|
+
}
|
|
12
|
+
if (!("keys" in body) || !Array.isArray(body['keys'])) {
|
|
13
|
+
throw new Error("Expected response body of jwks.json to have a 'keys' array field!");
|
|
14
|
+
}
|
|
15
|
+
if (!body['keys'].every(key => typeof key !== 'object' || !key)) {
|
|
16
|
+
throw new Error("Expected every item in 'keys' array to be an object!");
|
|
17
|
+
}
|
|
18
|
+
const keys = body['keys'];
|
|
19
|
+
return { keys };
|
|
20
|
+
}
|
|
21
|
+
export default loadRemoteJwks;
|
|
22
|
+
//# sourceMappingURL=loadRemoteJwks.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loadRemoteJwks.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.ts"],"names":[],"mappings":"AAOA,MAAM,4BAA4B,GAAG,wBAAkD,CAAC;AAExF,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,EAAE,eAAe,EAAE,GAAG,IAAI,EAAuB;IACpF,MAAM,aAAa,GAAG,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B,CAAA;IAChH,MAAM,QAAQ,GAAa,MAAM,KAAK,CACpC,GAAG,eAAe,GAAG,aAAa,EAAE,EACpC,EAAE,MAAM,EAAE,KAAK,EAAE,CAClB,CAAA;IACD,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;IAC/D,CAAC;IACD,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC5C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,IAAI,SAAS,CAAC,uDAAuD,CAAC,CAAA;IAC9E,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAA;IACtF,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;IACzE,CAAC;IACD,MAAM,IAAI,GAAa,IAAI,CAAC,MAAM,CAAC,CAAC;IACpC,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AAED,eAAe,cAAc,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export { AbstractJsonWebKeySetsStore } from './JsonWebKeySetsStore';
|
|
2
|
+
export type { IJsonWebKeySetsStore } from './JsonWebKeySetsStore';
|
|
3
|
+
export type { IJwtKeyManager } from "./IJwtKeyManager";
|
|
4
|
+
export { DatabaseConnectedJwtKeyManager } from './DatabaseConnectedJwtKeyManager';
|
|
5
|
+
export { RemoteJwtKeyManager } from './RemoteJwtKeyManager';
|
|
6
|
+
export { loadJwtDecodingKeys, type IDecodeAuthTokenKeys } from './loadJwtDecodingKeys';
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export { AbstractJsonWebKeySetsStore } from './JsonWebKeySetsStore';
|
|
2
|
+
export { DatabaseConnectedJwtKeyManager } from './DatabaseConnectedJwtKeyManager';
|
|
3
|
+
export { RemoteJwtKeyManager } from './RemoteJwtKeyManager';
|
|
4
|
+
export { loadJwtDecodingKeys } from './loadJwtDecodingKeys';
|
|
5
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/JwtKeyManager/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AAKpE,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,OAAO,EAAE,mBAAmB,EAA6B,MAAM,uBAAuB,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { IJwtKeyManager } from "../JwtKeyManager";
|
|
2
|
+
import { type JWKS } from "@schemavaults/jwt";
|
|
3
|
+
export interface ILoadJwtDecodingKeysOptions {
|
|
4
|
+
audience_id: string;
|
|
5
|
+
keyset_id: string;
|
|
6
|
+
keys_manager: IJwtKeyManager;
|
|
7
|
+
debug?: boolean;
|
|
8
|
+
}
|
|
9
|
+
export interface IDecodeAuthTokenKeys {
|
|
10
|
+
keyset_id: string;
|
|
11
|
+
verification_key: CryptoKey;
|
|
12
|
+
decryption_key: CryptoKey;
|
|
13
|
+
}
|
|
14
|
+
export declare function loadJwtDecodingKeysFromJwks({ keyset_id, jwks, }: {
|
|
15
|
+
keyset_id: string;
|
|
16
|
+
jwks: JWKS;
|
|
17
|
+
}, debug?: boolean): Promise<IDecodeAuthTokenKeys>;
|
|
18
|
+
export declare function loadJwtDecodingKeys({ keys_manager, keyset_id, audience_id, ...opts }: ILoadJwtDecodingKeysOptions): Promise<IDecodeAuthTokenKeys>;
|
|
19
|
+
export default loadJwtDecodingKeys;
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
import { apiServerIdSchema } from "@schemavaults/app-definitions";
|
|
2
|
+
import { importAsymmetricJWK } from "@schemavaults/jwt";
|
|
3
|
+
export async function loadJwtDecodingKeysFromJwks({ keyset_id, jwks, }, debug = false) {
|
|
4
|
+
const verification_kid = `${keyset_id}-verification`;
|
|
5
|
+
const decryption_kid = `${keyset_id}-decryption`;
|
|
6
|
+
let verification_key = undefined;
|
|
7
|
+
let decryption_key = undefined;
|
|
8
|
+
for (const key of jwks.keys) {
|
|
9
|
+
const kid = key.kid;
|
|
10
|
+
if (typeof kid !== "string") {
|
|
11
|
+
throw new TypeError(`Invalid JWK in JWKS; missing 'kid' string!`);
|
|
12
|
+
}
|
|
13
|
+
if (kid === verification_kid) {
|
|
14
|
+
verification_key = await importAsymmetricJWK(key);
|
|
15
|
+
}
|
|
16
|
+
else if (kid === decryption_kid) {
|
|
17
|
+
decryption_key = await importAsymmetricJWK(key);
|
|
18
|
+
}
|
|
19
|
+
else {
|
|
20
|
+
continue; // not a match
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
if (!verification_key || !decryption_key) {
|
|
24
|
+
if (debug) {
|
|
25
|
+
console.group(`loadJwtDecodingKeysFromJwks(keyset_id=${keyset_id}) failed due to missing verification_key or decryption_key`);
|
|
26
|
+
console.error("jwks.keys[].kid = ", jwks.keys.map((k) => `'${k.kid}'`).join(", "));
|
|
27
|
+
console.groupEnd();
|
|
28
|
+
}
|
|
29
|
+
throw new Error(`Missing verification or decryption key for keyset '${keyset_id}'`);
|
|
30
|
+
}
|
|
31
|
+
return {
|
|
32
|
+
keyset_id,
|
|
33
|
+
verification_key,
|
|
34
|
+
decryption_key,
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
export async function loadJwtDecodingKeys({ keys_manager, keyset_id, audience_id, ...opts }) {
|
|
38
|
+
const debug = opts.debug ?? false;
|
|
39
|
+
if (!apiServerIdSchema.safeParse(audience_id).success) {
|
|
40
|
+
throw new Error(`Invalid audience ID to load JWT decoding keys for: '${audience_id}'`);
|
|
41
|
+
}
|
|
42
|
+
const jwks = await keys_manager.loadJwks(audience_id);
|
|
43
|
+
if (!jwks ||
|
|
44
|
+
typeof jwks !== "object" ||
|
|
45
|
+
!("keys" in jwks) ||
|
|
46
|
+
!Array.isArray(jwks.keys)) {
|
|
47
|
+
throw new TypeError("Invalid JWKS; not an object or missing 'keys' array!");
|
|
48
|
+
}
|
|
49
|
+
return await loadJwtDecodingKeysFromJwks({ keyset_id, jwks }, debug);
|
|
50
|
+
}
|
|
51
|
+
export default loadJwtDecodingKeys;
|
|
52
|
+
//# sourceMappingURL=loadJwtDecodingKeys.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loadJwtDecodingKeys.js","sourceRoot":"","sources":["../../src/JwtKeyManager/loadJwtDecodingKeys.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAa,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAenE,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,EACE,SAAS,EACT,IAAI,GAIL,EACD,QAAiB,KAAK;IAEtB,MAAM,gBAAgB,GAAW,GAAG,SAAS,eAAe,CAAC;IAC7D,MAAM,cAAc,GAAW,GAAG,SAAS,aAAa,CAAC;IACzD,IAAI,gBAAgB,GAA0B,SAAS,CAAC;IACxD,IAAI,cAAc,GAA0B,SAAS,CAAC;IACtD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,4CAA4C,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,GAAG,KAAK,gBAAgB,EAAE,CAAC;YAC7B,gBAAgB,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;QACpD,CAAC;aAAM,IAAI,GAAG,KAAK,cAAc,EAAE,CAAC;YAClC,cAAc,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,cAAc;QAC1B,CAAC;IACH,CAAC;IAED,IAAI,CAAC,gBAAgB,IAAI,CAAC,cAAc,EAAE,CAAC;QACzC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CACX,yCAAyC,SAAS,4DAA4D,CAC/G,CAAC;YACF,OAAO,CAAC,KAAK,CACX,oBAAoB,EACpB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAC9C,CAAC;YACF,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,CAAC;QACD,MAAM,IAAI,KAAK,CACb,sDAAsD,SAAS,GAAG,CACnE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS;QACT,gBAAgB;QAChB,cAAc;KACf,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EACxC,YAAY,EACZ,SAAS,EACT,WAAW,EACX,GAAG,IAAI,EACqB;IAC5B,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;IAE3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,uDAAuD,WAAW,GAAG,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAS,MAAM,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,IACE,CAAC,IAAI;QACL,OAAO,IAAI,KAAK,QAAQ;QACxB,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EACzB,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,sDAAsD,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,MAAM,2BAA2B,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;AACvE,CAAC;AAED,eAAe,mBAAmB,CAAC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export * from "./middleware";
|
|
2
|
+
export type * from "./middleware";
|
|
3
|
+
export * from "./route_guards";
|
|
4
|
+
export type * from "./route_guards";
|
|
5
|
+
export * from "./JwtKeyManager";
|
|
6
|
+
export type * from "./JwtKeyManager";
|
|
7
|
+
export * from "./DatabaseResourceGroup";
|
|
8
|
+
export type * from "./DatabaseResourceGroup";
|
package/dist/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAG7B,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,yBAAyB,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export { SchemaVaultsServerMiddleware } from "./server-middleware";
|
|
2
|
+
export type { IServerMiddlewareInitializationOptions } from "./server-middleware";
|
|
3
|
+
export type { ISchemaVaultsMiddleware } from "./middleware_types";
|
|
4
|
+
export type { SchemaVaultsCORSEnforcementPolicy } from "./middlewares/withCorsSettings";
|
|
5
|
+
export { SchemaVaultsCORSEnforcementPolicies } from "./middlewares/withCorsSettings";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AAKnE,OAAO,EAAE,mCAAmC,EAAE,MAAM,gCAAgC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middleware/middleware_chain/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { NextResponse } from "next/server";
|
|
2
|
+
import type { ISchemaVaultsMiddleware, ISchemaVaultsMiddlewareFactory, ISchemaVaultsMiddlewareFnInputs } from "../middleware_types";
|
|
3
|
+
import { BaseMiddleware } from "../middlewares/BaseMiddleware";
|
|
4
|
+
export interface IMiddlewareChainInitOptions {
|
|
5
|
+
middlewares: readonly ISchemaVaultsMiddlewareFactory[];
|
|
6
|
+
debug?: boolean;
|
|
7
|
+
}
|
|
8
|
+
export declare class MiddlewareChain extends BaseMiddleware implements ISchemaVaultsMiddleware {
|
|
9
|
+
constructor(opts: IMiddlewareChainInitOptions);
|
|
10
|
+
private static stackMiddlewares;
|
|
11
|
+
private static combine;
|
|
12
|
+
handle({ req, json, ...inputs }: ISchemaVaultsMiddlewareFnInputs): Promise<NextResponse | Response>;
|
|
13
|
+
}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
import { DefaultMiddleware } from "../middlewares/default_middleware";
|
|
2
|
+
import { BaseMiddleware } from "../middlewares/BaseMiddleware";
|
|
3
|
+
export class MiddlewareChain extends BaseMiddleware {
|
|
4
|
+
constructor(opts) {
|
|
5
|
+
super({
|
|
6
|
+
...opts,
|
|
7
|
+
name: "MiddlewareChain",
|
|
8
|
+
next: MiddlewareChain.combine(opts.middlewares),
|
|
9
|
+
});
|
|
10
|
+
}
|
|
11
|
+
static stackMiddlewares(middleware_factories, index = 0) {
|
|
12
|
+
const current = middleware_factories[index];
|
|
13
|
+
if (current) {
|
|
14
|
+
const next = MiddlewareChain.stackMiddlewares(middleware_factories, index + 1);
|
|
15
|
+
try {
|
|
16
|
+
return current.create(next);
|
|
17
|
+
}
|
|
18
|
+
catch (e) {
|
|
19
|
+
console.error(`[MiddlewareChain] Error in middleware chain at index ${index}: `, e);
|
|
20
|
+
throw new Error("[MiddlewareChain] Error in middleware chain");
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
return new DefaultMiddleware();
|
|
24
|
+
}
|
|
25
|
+
static combine(functions) {
|
|
26
|
+
return MiddlewareChain.stackMiddlewares(functions, 0);
|
|
27
|
+
}
|
|
28
|
+
async handle({ req, json, ...inputs }) {
|
|
29
|
+
if (this.debug) {
|
|
30
|
+
console.log("[MiddlewareChain] handle()");
|
|
31
|
+
}
|
|
32
|
+
const chained = this.next;
|
|
33
|
+
if (!chained ||
|
|
34
|
+
typeof chained !== "object" ||
|
|
35
|
+
chained.type !== "middleware") {
|
|
36
|
+
throw new Error("Expected 'chained' to be a SchemaVaultsMiddleware instance");
|
|
37
|
+
}
|
|
38
|
+
const next = chained;
|
|
39
|
+
try {
|
|
40
|
+
return await next.handle({ req, json, ...inputs });
|
|
41
|
+
}
|
|
42
|
+
catch (e) {
|
|
43
|
+
console.error("[MiddlewareChain] failed to execute chain: ", e);
|
|
44
|
+
return json({
|
|
45
|
+
success: false,
|
|
46
|
+
message: "An unhandled error occurred while running SchemaVaults server middleware!",
|
|
47
|
+
}, {
|
|
48
|
+
status: 500,
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
} // end of MiddlewareChain
|
|
53
|
+
//# sourceMappingURL=middleware_chain.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware_chain.js","sourceRoot":"","sources":["../../../src/middleware/middleware_chain/middleware_chain.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAOrE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAO9D,MAAM,OAAO,eACX,SAAQ,cAAc;IAGtB,YAAmB,IAAiC;QAClD,KAAK,CAAC;YACJ,GAAG,IAAI;YACP,IAAI,EAAE,iBAAiB;YACvB,IAAI,EAAE,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;SAChD,CAAC,CAAC;IACL,CAAC;IAEO,MAAM,CAAC,gBAAgB,CAC7B,oBAA+D,EAC/D,KAAK,GAAG,CAAC;QAET,MAAM,OAAO,GAAmC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAC5E,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,GAA4B,eAAe,CAAC,gBAAgB,CACpE,oBAAoB,EACpB,KAAK,GAAG,CAAC,CACV,CAAC;YACF,IAAI,CAAC;gBACH,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC9B,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,wDAAwD,KAAK,IAAI,EACjE,CAAC,CACF,CAAC;gBACF,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACjC,CAAC;IAEO,MAAM,CAAC,OAAO,CACpB,SAAoD;QAEpD,OAAO,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,EAClB,GAAG,EACH,IAAI,EACJ,GAAG,MAAM,EACuB;QAChC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,OAAO,GAAwC,IAAI,CAAC,IAAI,CAAC;QAC/D,IACE,CAAC,OAAO;YACR,OAAO,OAAO,KAAK,QAAQ;YAC3B,OAAO,CAAC,IAAI,KAAK,YAAY,EAC7B,CAAC;YACD,MAAM,IAAI,KAAK,CACb,4DAA4D,CAC7D,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAA4B,OAAO,CAAC;QAC9C,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,CAAC,CAAC,CAAC;YAChE,OAAO,IAAI,CACT;gBACE,OAAO,EAAE,KAAK;gBACd,OAAO,EACL,2EAA2E;aACjD,EAC9B;gBACE,MAAM,EAAE,GAAG;aACZ,CACF,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAC,yBAAyB"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import type { NextFetchEvent, NextRequest, NextResponse } from "next/server";
|
|
2
|
+
export interface ISchemaVaultsMiddlewareFnInputs {
|
|
3
|
+
req: NextRequest;
|
|
4
|
+
next: () => NextResponse;
|
|
5
|
+
event: NextFetchEvent;
|
|
6
|
+
json: typeof NextResponse.json;
|
|
7
|
+
redirect: typeof NextResponse.redirect;
|
|
8
|
+
rewrite: typeof NextResponse.rewrite;
|
|
9
|
+
}
|
|
10
|
+
export type SchemaVaultsMiddlewareHandlerFn = (middlewareInputs: ISchemaVaultsMiddlewareFnInputs) => Promise<NextResponse | Response>;
|
|
11
|
+
export interface ISchemaVaultsMiddleware {
|
|
12
|
+
handle: SchemaVaultsMiddlewareHandlerFn;
|
|
13
|
+
name: string;
|
|
14
|
+
height: number;
|
|
15
|
+
type: "middleware";
|
|
16
|
+
toMiddlewareFlowString: () => string;
|
|
17
|
+
}
|
|
18
|
+
export interface ISchemaVaultsMiddlewareFactory {
|
|
19
|
+
create: (next: ISchemaVaultsMiddleware) => ISchemaVaultsMiddleware;
|
|
20
|
+
type: "middleware-factory";
|
|
21
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware_types.js","sourceRoot":"","sources":["../../src/middleware/middleware_types.ts"],"names":[],"mappings":""}
|