@schemavaults/auth-server-sdk 0.17.20 → 0.19.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/AccessTokenCookieNames.d.ts +1 -0
- package/dist/AccessTokenCookieNames.js +2 -0
- package/dist/AccessTokenCookieNames.js.map +1 -0
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.d.ts +3 -1
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js +7 -1
- package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js.map +1 -1
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.d.ts +2 -1
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js +25 -4
- package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js.map +1 -1
- package/dist/RefreshTokenCookieNames.d.ts +1 -3
- package/dist/RefreshTokenCookieNames.js +1 -3
- package/dist/RefreshTokenCookieNames.js.map +1 -1
- package/dist/codegen-templates/auth/auth-provider.tsx +9 -0
- package/dist/env/loadJwksAccessPrivateKey/index.d.ts +2 -0
- package/dist/env/loadJwksAccessPrivateKey/index.js +3 -0
- package/dist/env/loadJwksAccessPrivateKey/index.js.map +1 -0
- package/dist/env/loadJwksAccessPrivateKey/loadJwksAccessPrivateKey.js +42 -0
- package/dist/env/loadJwksAccessPrivateKey/loadJwksAccessPrivateKey.js.map +1 -0
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js +11 -8
- package/dist/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.js.map +1 -1
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.d.ts +1 -1
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js +1 -0
- package/dist/middleware/middlewares/withCorsSettings/isAllowedOrigin.js.map +1 -1
- package/dist/route_guards/assertValidRouteGuardType.d.ts +1 -0
- package/dist/route_guards/assertValidRouteGuardType.js +6 -0
- package/dist/route_guards/assertValidRouteGuardType.js.map +1 -0
- package/dist/route_guards/index.d.ts +2 -2
- package/dist/route_guards/index.js.map +1 -1
- package/dist/route_guards/route-guard-factory.d.ts +2 -2
- package/dist/route_guards/route-guard-factory.js +9 -3
- package/dist/route_guards/route-guard-factory.js.map +1 -1
- package/dist/route_guards/withAdminRouteGuard.d.ts +5 -21
- package/dist/route_guards/withAdminRouteGuard.js +5 -124
- package/dist/route_guards/withAdminRouteGuard.js.map +1 -1
- package/dist/route_guards/withAuthenticatedRouteGuard.d.ts +9 -16
- package/dist/route_guards/withAuthenticatedRouteGuard.js +169 -55
- package/dist/route_guards/withAuthenticatedRouteGuard.js.map +1 -1
- package/package.json +4 -5
- package/dist/env/loadJwksAccessPrivateKey.js +0 -33
- package/dist/env/loadJwksAccessPrivateKey.js.map +0 -1
- /package/dist/env/{loadJwksAccessPrivateKey.d.ts → loadJwksAccessPrivateKey/loadJwksAccessPrivateKey.d.ts} +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export { AccessTokenCookieName, AccessTokenExpiryCookieName, } from "@schemavaults/auth-common/AccessTokenCookieNames";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessTokenCookieNames.js","sourceRoot":"","sources":["../src/AccessTokenCookieNames.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,2BAA2B,GAC5B,MAAM,kDAAkD,CAAC"}
|
|
@@ -3,10 +3,12 @@ import type { JWKS } from "@schemavaults/jwt";
|
|
|
3
3
|
import { ApiServerId } from "@schemavaults/app-definitions";
|
|
4
4
|
export interface IRemoteJwtKeyManagerConstructorOpts {
|
|
5
5
|
auth_server_uri?: string;
|
|
6
|
+
debug?: boolean;
|
|
6
7
|
}
|
|
7
8
|
export declare class RemoteJwtKeyManager implements IJwtKeyManager {
|
|
8
9
|
private readonly auth_server_uri;
|
|
9
|
-
|
|
10
|
+
private readonly debug;
|
|
11
|
+
constructor({ auth_server_uri, ...opts }: IRemoteJwtKeyManagerConstructorOpts);
|
|
10
12
|
loadJwks(audienceId: ApiServerId): Promise<JWKS>;
|
|
11
13
|
}
|
|
12
14
|
export default RemoteJwtKeyManager;
|
|
@@ -4,13 +4,18 @@ import getSchemaVaultsAuthServerUri from "../../get-schemavaults-auth-server-uri
|
|
|
4
4
|
import loadJwksAccessPrivateKey from "../../env/loadJwksAccessPrivateKey";
|
|
5
5
|
export class RemoteJwtKeyManager {
|
|
6
6
|
auth_server_uri;
|
|
7
|
-
|
|
7
|
+
debug;
|
|
8
|
+
constructor({ auth_server_uri = getSchemaVaultsAuthServerUri(), ...opts }) {
|
|
8
9
|
this.auth_server_uri = auth_server_uri;
|
|
10
|
+
this.debug = typeof opts.debug === "boolean" ? opts.debug : false;
|
|
9
11
|
}
|
|
10
12
|
async loadJwks(audienceId) {
|
|
11
13
|
if (!apiServerIdSchema.safeParse(audienceId).success) {
|
|
12
14
|
throw new Error(`Invalid audience to load remote JWKS for: '${audienceId}'`);
|
|
13
15
|
}
|
|
16
|
+
if (this.debug) {
|
|
17
|
+
console.log(`[RemoteJwtKeyManager] loadJwks(audience_id='${audienceId}')`);
|
|
18
|
+
}
|
|
14
19
|
if (audienceId === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id) {
|
|
15
20
|
throw new Error(`Auth server doesn't need to load remote JWKS; it already has the keys.`);
|
|
16
21
|
}
|
|
@@ -26,6 +31,7 @@ export class RemoteJwtKeyManager {
|
|
|
26
31
|
auth_server_uri: this.auth_server_uri,
|
|
27
32
|
api_server_id: audienceId,
|
|
28
33
|
jwks_access_private_key,
|
|
34
|
+
debug: this.debug,
|
|
29
35
|
});
|
|
30
36
|
}
|
|
31
37
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RemoteJwtKeyManager.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.ts"],"names":[],"mappings":"AAEA,OAAO,cAAc,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAEL,iBAAiB,EACjB,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,4BAA4B,MAAM,oCAAoC,CAAC;AAC9E,OAAO,wBAAwB,MAAM,gCAAgC,CAAC;
|
|
1
|
+
{"version":3,"file":"RemoteJwtKeyManager.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.ts"],"names":[],"mappings":"AAEA,OAAO,cAAc,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAEL,iBAAiB,EACjB,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,4BAA4B,MAAM,oCAAoC,CAAC;AAC9E,OAAO,wBAAwB,MAAM,gCAAgC,CAAC;AAOtE,MAAM,OAAO,mBAAmB;IACb,eAAe,CAAS;IACxB,KAAK,CAAU;IAEhC,YAAmB,EACjB,eAAe,GAAG,4BAA4B,EAAE,EAChD,GAAG,IAAI,EAC6B;QACpC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;IACpE,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,UAAuB;QAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CACb,8CAA8C,UAAU,GAAG,CAC5D,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,+CAA+C,UAAU,IAAI,CAC9D,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;QACJ,CAAC;QAED,IAAI,uBAAkC,CAAC;QACvC,IAAI,CAAC;YACH,uBAAuB,GAAG,MAAM,wBAAwB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACjB,MAAM,IAAI,SAAS,CACjB,oEAAoE,CACrE,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,cAAc,CAAC;YAC1B,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,UAAU;YACzB,uBAAuB;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,mBAAmB,CAAC"}
|
|
@@ -4,6 +4,7 @@ export interface ILoadRemoteJwksOpts {
|
|
|
4
4
|
auth_server_uri: string;
|
|
5
5
|
api_server_id: ApiServerId;
|
|
6
6
|
jwks_access_private_key: CryptoKey;
|
|
7
|
+
debug?: boolean;
|
|
7
8
|
}
|
|
8
|
-
export declare function loadRemoteJwks({ auth_server_uri, api_server_id, jwks_access_private_key, }: ILoadRemoteJwksOpts): Promise<JWKS>;
|
|
9
|
+
export declare function loadRemoteJwks({ auth_server_uri, api_server_id, jwks_access_private_key, ...opts }: ILoadRemoteJwksOpts): Promise<JWKS>;
|
|
9
10
|
export default loadRemoteJwks;
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { createJwksAccessProofToken } from "@schemavaults/jwt";
|
|
2
2
|
import jwksEndpoint from "./jwksEndpoint";
|
|
3
3
|
import { apiServerIdSchema, } from "@schemavaults/app-definitions";
|
|
4
|
-
export async function loadRemoteJwks({ auth_server_uri, api_server_id, jwks_access_private_key, }) {
|
|
4
|
+
export async function loadRemoteJwks({ auth_server_uri, api_server_id, jwks_access_private_key, ...opts }) {
|
|
5
|
+
const debug = typeof opts.debug === "boolean" ? opts.debug : false;
|
|
5
6
|
if (typeof auth_server_uri !== "string") {
|
|
6
7
|
throw new TypeError("Expected 'auth_server_uri' to be a string!");
|
|
7
8
|
}
|
|
@@ -34,13 +35,33 @@ export async function loadRemoteJwks({ auth_server_uri, api_server_id, jwks_acce
|
|
|
34
35
|
}
|
|
35
36
|
const body = await response.json();
|
|
36
37
|
if (typeof body !== "object" || !body) {
|
|
37
|
-
throw new TypeError("Expected result of loading jwks.json to be
|
|
38
|
+
throw new TypeError("Expected result of loading jwks.json to be a JavaScript object!");
|
|
38
39
|
}
|
|
39
40
|
if (!("keys" in body) || !Array.isArray(body["keys"])) {
|
|
40
41
|
throw new Error("Expected response body of jwks.json to have a 'keys' array field!");
|
|
41
42
|
}
|
|
42
|
-
|
|
43
|
-
|
|
43
|
+
const nKeys = body["keys"].length;
|
|
44
|
+
if (nKeys === 0) {
|
|
45
|
+
return { keys: [] };
|
|
46
|
+
}
|
|
47
|
+
const allKeysHaveValidType = body["keys"].every((key) => typeof key === "object" && key ? true : false);
|
|
48
|
+
if (!allKeysHaveValidType) {
|
|
49
|
+
let errorMessage = `Not all items in 'keys' array (length=${nKeys}) are objects!`;
|
|
50
|
+
const existingTypesInBadKeysArray = new Set();
|
|
51
|
+
for (const key of body["keys"]) {
|
|
52
|
+
existingTypesInBadKeysArray.add(typeof key);
|
|
53
|
+
}
|
|
54
|
+
const badKeyTypes = [
|
|
55
|
+
...existingTypesInBadKeysArray.values(),
|
|
56
|
+
];
|
|
57
|
+
errorMessage += " ";
|
|
58
|
+
errorMessage +=
|
|
59
|
+
"Types in 'keys' array include: " +
|
|
60
|
+
badKeyTypes.map((t) => `"${t}"`).join(", ");
|
|
61
|
+
if (debug) {
|
|
62
|
+
console.error("Bad 'keys' array that caused error: ", body["keys"]);
|
|
63
|
+
}
|
|
64
|
+
throw new TypeError(errorMessage);
|
|
44
65
|
}
|
|
45
66
|
const keys = body["keys"];
|
|
46
67
|
return { keys };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loadRemoteJwks.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAa,MAAM,mBAAmB,CAAC;AAC1E,OAAO,YAAY,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAEL,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"loadRemoteJwks.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAa,MAAM,mBAAmB,CAAC;AAC1E,OAAO,YAAY,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAEL,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AASvC,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,EACnC,eAAe,EACf,aAAa,EACb,uBAAuB,EACvB,GAAG,IAAI,EACa;IACpB,MAAM,KAAK,GAAY,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;IAE5E,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,SAAS,CAAC,4CAA4C,CAAC,CAAC;IACpE,CAAC;SAAM,IACL,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC;QACtC,CAAC,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,EACvC,CAAC;QACD,MAAM,IAAI,SAAS,CACjB,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC;QACxD,MAAM,IAAI,SAAS,CAAC,gDAAgD,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,uBAA+B,CAAC;IACpC,IAAI,CAAC;QACH,uBAAuB,GAAG,MAAM,0BAA0B,CAAC;YACzD,aAAa;YACb,WAAW,EAAE,uBAAuB;SACrC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,QAAQ,GAAa,MAAM,KAAK,CACpC,GAAG,eAAe,GAAG,YAAY,CAAC,aAAa,CAAC,EAAE,EAClD;QACE,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,IAAI,OAAO,CAAC;YACnB,aAAa,EAAE,UAAU,uBAAuB,EAAE;SACnD,CAAC;KACH,CACF,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CACb,8CAA8C,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CACvF,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC5C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,IAAI,SAAS,CACjB,iEAAiE,CAClE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAW,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IACtB,CAAC;IACD,MAAM,oBAAoB,GAAY,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,CACtD,CAAC,GAAY,EAAiB,EAAE,CAC9B,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAChD,CAAC;IACF,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC1B,IAAI,YAAY,GAAW,yCAAyC,KAAK,gBAAgB,CAAC;QAC1F,MAAM,2BAA2B,GAAG,IAAI,GAAG,EAAU,CAAC;QACtD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,2BAA2B,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC;QAC9C,CAAC;QACD,MAAM,WAAW,GAAsB;YACrC,GAAG,2BAA2B,CAAC,MAAM,EAAE;SACxC,CAAC;QACF,YAAY,IAAI,GAAG,CAAC;QACpB,YAAY;YACV,iCAAiC;gBACjC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAU,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACtE,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,IAAI,GAAa,IAAI,CAAC,MAAM,CAAC,CAAC;IACpC,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AAED,eAAe,cAAc,CAAC"}
|
|
@@ -1,3 +1 @@
|
|
|
1
|
-
export
|
|
2
|
-
export declare const RefreshTokenExpiryCookieName: "refresh_token_expiry";
|
|
3
|
-
export default RefreshTokenCookieName;
|
|
1
|
+
export { RefreshTokenCookieName, RefreshTokenExpiryCookieName, } from "@schemavaults/auth-common/RefreshTokenCookieNames";
|
|
@@ -1,4 +1,2 @@
|
|
|
1
|
-
export
|
|
2
|
-
export const RefreshTokenExpiryCookieName = "refresh_token_expiry";
|
|
3
|
-
export default RefreshTokenCookieName;
|
|
1
|
+
export { RefreshTokenCookieName, RefreshTokenExpiryCookieName, } from "@schemavaults/auth-common/RefreshTokenCookieNames";
|
|
4
2
|
//# sourceMappingURL=RefreshTokenCookieNames.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RefreshTokenCookieNames.js","sourceRoot":"","sources":["../src/RefreshTokenCookieNames.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"RefreshTokenCookieNames.js","sourceRoot":"","sources":["../src/RefreshTokenCookieNames.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,mDAAmD,CAAC"}
|
|
@@ -15,6 +15,8 @@ export interface IAppAuthProviderProps extends PropsWithChildren {
|
|
|
15
15
|
debug?: boolean;
|
|
16
16
|
authed_on_unauthed_redirect_uri: string;
|
|
17
17
|
unauthed_on_authed_redirect_uri: string;
|
|
18
|
+
successful_logout_redirect_uri: string;
|
|
19
|
+
successful_authentication_redirect_uri: string;
|
|
18
20
|
authorize_uri: string;
|
|
19
21
|
}
|
|
20
22
|
|
|
@@ -35,12 +37,19 @@ export default function AppAuthProvider({
|
|
|
35
37
|
app_id={app_id}
|
|
36
38
|
authed_on_unauthed_redirect_uri={props.authed_on_unauthed_redirect_uri}
|
|
37
39
|
unauthed_on_authed_redirect_uri={props.unauthed_on_authed_redirect_uri}
|
|
40
|
+
successful_logout_redirect_uri={props.successful_logout_redirect_uri}
|
|
41
|
+
successful_authentication_redirect_uri={
|
|
42
|
+
props.successful_authentication_redirect_uri
|
|
43
|
+
}
|
|
38
44
|
authorize_uri={props.authorize_uri}
|
|
39
45
|
router={router}
|
|
40
46
|
path={path}
|
|
41
47
|
default_audiences={props.default_audiences}
|
|
42
48
|
debug={debug}
|
|
43
49
|
environment={environment}
|
|
50
|
+
fetch={async (url: string, init: RequestInit | undefined) =>
|
|
51
|
+
await fetch(url, init)
|
|
52
|
+
}
|
|
44
53
|
>
|
|
45
54
|
{props.children}
|
|
46
55
|
</AuthProvider>
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/env/loadJwksAccessPrivateKey/index.ts"],"names":[],"mappings":"AAAA,OAAO,wBAAwB,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,wBAAwB,IAAI,OAAO,EAAE,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { importPKCS8, isValidBase64UrlEncoding, PEMFormat, sign_verify_alg, } from "@schemavaults/jwt";
|
|
2
|
+
const key = "SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY";
|
|
3
|
+
export default async function loadJwksAccessPrivateKey(env = process.env) {
|
|
4
|
+
const debug = "NODE_ENV" in env &&
|
|
5
|
+
(env["NODE_ENV"] === "development" || env["NODE_ENV"] === "test");
|
|
6
|
+
if (typeof env === "object" &&
|
|
7
|
+
key in env &&
|
|
8
|
+
typeof env[key] === "string" &&
|
|
9
|
+
env[key].length > 0) {
|
|
10
|
+
const environmentVariable = env[key];
|
|
11
|
+
if (debug) {
|
|
12
|
+
console.log(`[loadJwksAccessPrivateKey] Found env var with key '${key}'!`);
|
|
13
|
+
}
|
|
14
|
+
let pem;
|
|
15
|
+
if (PEMFormat.isPemFormat(environmentVariable, "PRIVATE", debug)) {
|
|
16
|
+
try {
|
|
17
|
+
pem = PEMFormat.parsePem(environmentVariable, "PRIVATE");
|
|
18
|
+
}
|
|
19
|
+
catch (e) {
|
|
20
|
+
console.error(`Failed to import environment variable '${key}' from PEM-encoded environment variable: `, e);
|
|
21
|
+
throw new TypeError(`Failed to import environment variable '${key}' from PEM-encoded environment variable!`);
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
else if (isValidBase64UrlEncoding(environmentVariable)) {
|
|
25
|
+
try {
|
|
26
|
+
pem = PEMFormat.fromBase64Url(environmentVariable, "PRIVATE", debug);
|
|
27
|
+
}
|
|
28
|
+
catch (e) {
|
|
29
|
+
console.error(`Failed to convert base64url-formatted private key into PEM-format: `, e);
|
|
30
|
+
throw new TypeError(`Failed to import environment variable '${key}' from base64url-encoded environment variable!`);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
else {
|
|
34
|
+
throw new TypeError(`Failed to determine what format the key in environment variable '${key}' is in!`);
|
|
35
|
+
}
|
|
36
|
+
return await importPKCS8(pem.value, sign_verify_alg);
|
|
37
|
+
}
|
|
38
|
+
else {
|
|
39
|
+
throw new TypeError(`Environment variable '${key}' missing!`);
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=loadJwksAccessPrivateKey.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loadJwksAccessPrivateKey.js","sourceRoot":"","sources":["../../../src/env/loadJwksAccessPrivateKey/loadJwksAccessPrivateKey.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,SAAS,EACT,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAE3B,MAAM,GAAG,GAAG,2CAAoD,CAAC;AAEjE,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,wBAAwB,CACpD,MAAc,OAAO,CAAC,GAAG;IAEzB,MAAM,KAAK,GACT,UAAU,IAAI,GAAG;QACjB,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC,CAAC;IAEpE,IACE,OAAO,GAAG,KAAK,QAAQ;QACvB,GAAG,IAAI,GAAG;QACV,OAAO,GAAG,CAAC,GAAG,CAAC,KAAK,QAAQ;QAC5B,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EACnB,CAAC;QACD,MAAM,mBAAmB,GAAW,GAAG,CAAC,GAAG,CAAC,CAAC;QAE7C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,sDAAsD,GAAG,IAAI,CAC9D,CAAC;QACJ,CAAC;QAED,IAAI,GAAc,CAAC;QACnB,IAAI,SAAS,CAAC,WAAW,CAAC,mBAAmB,EAAE,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YACjE,IAAI,CAAC;gBACH,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;YAC3D,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,0CAA0C,GAAG,2CAA2C,EACxF,CAAC,CACF,CAAC;gBACF,MAAM,IAAI,SAAS,CACjB,0CAA0C,GAAG,0CAA0C,CACxF,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,wBAAwB,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACzD,IAAI,CAAC;gBACH,GAAG,GAAG,SAAS,CAAC,aAAa,CAAC,mBAAmB,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,qEAAqE,EACrE,CAAC,CACF,CAAC;gBACF,MAAM,IAAI,SAAS,CACjB,0CAA0C,GAAG,gDAAgD,CAC9F,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,SAAS,CACjB,oEAAoE,GAAG,UAAU,CAClF,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,SAAS,CAAC,yBAAyB,GAAG,YAAY,CAAC,CAAC;IAChE,CAAC;AACH,CAAC"}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
import { AuthMiddleware, defaultAuthMiddlewareRules, determineAuthStatus, audienceSchema, } from "@schemavaults/auth-common";
|
|
2
2
|
import { decodeJWT, getKeysetIdFromToken, } from "@schemavaults/jwt";
|
|
3
|
-
import { apiServerIdSchema, } from "@schemavaults/app-definitions";
|
|
3
|
+
import { apiServerIdSchema, SCHEMAVAULTS_AUTH_APP_DEFINITION, } from "@schemavaults/app-definitions";
|
|
4
4
|
import BaseMiddleware from "../BaseMiddleware";
|
|
5
5
|
import doLoadJwtDecodingKeys from "../../../JwtKeyManager/loadJwtDecodingKeys";
|
|
6
|
+
import { RefreshTokenCookieName } from "../../../RefreshTokenCookieNames";
|
|
6
7
|
class AuthJwtValidationMiddleware extends BaseMiddleware {
|
|
7
8
|
audience;
|
|
8
9
|
middleware_rules;
|
|
@@ -50,14 +51,16 @@ class AuthJwtValidationMiddleware extends BaseMiddleware {
|
|
|
50
51
|
// Initialize array to store tokens from different sources
|
|
51
52
|
const token_sources = [];
|
|
52
53
|
// Load Tokens from cookies
|
|
53
|
-
let refresh_token = req.cookies.get("refresh_token")?.value;
|
|
54
54
|
let access_token = req.cookies.get("access_token")?.value;
|
|
55
|
-
if (
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
55
|
+
if (this.audience === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id) {
|
|
56
|
+
const refresh_token = req.cookies.get(RefreshTokenCookieName(SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id))?.value;
|
|
57
|
+
if (typeof refresh_token === "string") {
|
|
58
|
+
token_sources.push({
|
|
59
|
+
token: refresh_token,
|
|
60
|
+
type: "refresh",
|
|
61
|
+
sourceHint: "Refresh Token Cookie",
|
|
62
|
+
});
|
|
63
|
+
}
|
|
61
64
|
}
|
|
62
65
|
if (typeof access_token === "string") {
|
|
63
66
|
token_sources.push({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"withAuthJwtValidation.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.ts"],"names":[],"mappings":"AACA,OAAO,EACL,cAAc,EAGd,0BAA0B,EAC1B,mBAAmB,EAGnB,cAAc,GAGf,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,SAAS,EACT,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,
|
|
1
|
+
{"version":3,"file":"withAuthJwtValidation.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withAuthJwtValidation/withAuthJwtValidation.ts"],"names":[],"mappings":"AACA,OAAO,EACL,cAAc,EAGd,0BAA0B,EAC1B,mBAAmB,EAGnB,cAAc,GAGf,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,SAAS,EACT,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,iBAAiB,EACjB,gCAAgC,GAEjC,MAAM,+BAA+B,CAAC;AAMvC,OAAO,cAAc,MAAM,8BAA8B,CAAC;AAE1D,OAAO,qBAEN,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAenE,MAAM,2BACJ,SAAQ,cAAc;IAGL,QAAQ,CAAS;IACjB,gBAAgB,CAAsB;IACtC,YAAY,CAAiB;IAE9C,YAAmB,EACjB,IAAI,EACJ,QAAQ,EACR,GAAG,IAAI,EAC0B;QACjC,KAAK,CAAC;YACJ,GAAG,IAAI;YACP,IAAI,EAAE,6BAAsC;YAC5C,IAAI;SACL,CAAC,CAAC;QAEH,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;aAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC;YAC1D,MAAM,IAAI,SAAS,CACjB,sDAAsD,CACvD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,IAAI,0BAA0B,CAAC;QAC5E,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;IACxC,CAAC;IAES,KAAK,CAAC,mBAAmB,CACjC,SAAiB;QAEjB,MAAM,WAAW,GAAW,IAAI,CAAC,QAAQ,CAAC;QAC1C,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,CAAC;QAClC,MAAM,aAAa,GAAyB,MAAM,qBAAqB,CAAC;YACtE,SAAS;YACT,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,WAAW;YACX,KAAK;SACN,CAAC,CAAC;QACH,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,EAClB,GAAG,EACH,IAAI,EACJ,QAAQ,EACR,GAAG,MAAM,EACuB;QAChC,MAAM,WAAW,GAA+B,IAAI,CAAC,WAAW,CAAC;QACjE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,IAAI,IAAI,CAAC,IAAI,uCAAuC,GAAG,CAAC,OAAO,CAAC,QAAQ,GAAG,CAC5E,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,sBAAsB,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrE,OAAO,IAAI,CACT;gBACE,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,uCAAuC;aACjD,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,0DAA0D;QAC1D,MAAM,aAAa,GAAkC,EAAE,CAAC;QAExD,2BAA2B;QAC3B,IAAI,YAAY,GACd,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC;QAEzC,IAAI,IAAI,CAAC,QAAQ,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,aAAa,GAAuB,GAAG,CAAC,OAAO,CAAC,GAAG,CACvD,sBAAsB,CAAC,gCAAgC,CAAC,MAAM,CAAC,CAChE,EAAE,KAAK,CAAC;YACT,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;gBACtC,aAAa,CAAC,IAAI,CAAC;oBACjB,KAAK,EAAE,aAAa;oBACpB,IAAI,EAAE,SAAS;oBACf,UAAU,EAAE,sBAAsB;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACrC,aAAa,CAAC,IAAI,CAAC;gBACjB,KAAK,EAAE,YAAY;gBACnB,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,qBAAqB;aAClC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,wBAAwB,GAAuB,SAAS,CAAC;QAC7D,MAAM,mBAAmB,GACvB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;YAChC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;YAChC,IAAI,CAAC;QACP,IAAI,OAAO,mBAAmB,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,YAAY,GAAG,SAAkB,CAAC;YACxC,IAAI,mBAAmB,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjD,IAAI,mBAAmB,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC;oBACrD,MAAM,aAAa,GAAW,mBAAmB,CAAC,KAAK,CACrD,YAAY,CAAC,MAAM,CACpB,CAAC;oBACF,wBAAwB,GAAG,aAA8B,CAAC;gBAC5D,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,OAAO,wBAAwB,KAAK,QAAQ,EAAE,CAAC;YACjD,aAAa,CAAC,IAAI,CAAC;gBACjB,KAAK,EAAE,wBAAwB;gBAC/B,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,0CAA0C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;QACnC,MAAM,mBAAmB,GACvB,MAAM,cAAc,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QACpD,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,CAAC;YACjC,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;QACJ,CAAC;QAED,IAAI,UAA+C,CAAC;QACpD,IAAI,CAAC;YACH,MAAM,iCAAiC,GAAG;gBACxC,WAAW,EAAE,QAAiB;gBAC9B,aAAa;gBACb,KAAK,EAAE,IAAI,CAAC,KAAuB;aACkC,CAAC;YAExE,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CACT,sEAAsE,EACtE,iCAAiC,CAClC,CAAC;YACJ,CAAC;YAED,UAAU,GAAG,MAAM,mBAAmB,CAAC;gBACrC,GAAG,iCAAiC;gBACpC,SAAS,EAAE,KAAK,EAAE,EAChB,KAAK,EACL,IAAI,EACJ,YAAY,GACb,EAA+C,EAAE;oBAChD,IAAI,SAAiB,CAAC;oBACtB,IAAI,CAAC;wBACH,SAAS,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;oBAC1C,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;wBACjE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;oBACjE,CAAC;oBAED,IAAI,YAAkC,CAAC;oBACvC,IAAI,CAAC;wBACH,YAAY,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;wBACzD,IAAI,YAAY,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;4BACzC,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CACX,gEAAgE,SAAS,KAAK,EAC9E,CAAC,CACF,CAAC;wBACF,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;oBACJ,CAAC;oBACD,MAAM,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,YAAY,CAAC;oBAE1D,IAAI,CAAC;wBACH,MAAM,OAAO,GAAqB,MAAM,SAAS,CAAC;4BAChD,GAAG,EAAE,KAAK;4BACV,IAAI;4BACJ,QAAQ,EAAE,YAAY;4BACtB,GAAG,EAAE,WAAW;4BAChB,cAAc;4BACd,gBAAgB;4BAChB,SAAS;yBACV,CAAC,CAAC;wBACH,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;oBACxB,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,KAAK,CACX,gDAAgD,EAChD,CAAC,CACF,CAAC;wBACJ,CAAC;wBACD,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;oBACpE,CAAC;gBACH,CAAC;gBACD,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,gFAAgF,EAChF,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,oBAA0C,CAAC;QAC/C,IAAI,CAAC;YACH,oBAAoB,GAAG,cAAc,CAAC;gBACpC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ;gBAC1B,UAAU;gBACV,KAAK,EAAE,IAAI,CAAC,gBAAgB;gBAC5B,+BAA+B,EAAE,UAAmB;gBACpD,+BAA+B,EAAE,aAAsB;gBACvD,aAAa,EAAE,iBAA0B;gBACzC,8BAA8B,EAAE,GAAY;gBAC5C,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CACT,uCAAuC,EACvC,oBAAoB,CACrB,CAAC;gBACF,IACE,oBAAoB;oBACpB,oBAAoB,CAAC,MAAM;oBAC3B,GAAG,EAAE,OAAO,EAAE,QAAQ,EACtB,CAAC;oBACD,OAAO,CAAC,GAAG,CACT,6CAA6C,EAC7C,GAAG,CAAC,OAAO,CAAC,QAAQ,CACrB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;YACjE,OAAO,IAAI,CACT;gBACE,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,+BAA+B;aACzC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,oBAAoB,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,IAAI,CAAC,2BAA2B,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAED,IAAI,oBAAoB,CAAC,QAAQ,EAAE,CAAC;YAClC,yBAAyB;YACzB,MAAM,kBAAkB,GAAW,oBAAoB,CAAC,UAAU,CAAC;YAEnE,MAAM,IAAI,GAAW,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC;YAEtC,IAAI,QAAQ,GAAqB,OAAO,CAAC;YAEzC,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,IAAI,IAAI,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;gBACtE,QAAQ,GAAG,MAAM,CAAC;YACpB,CAAC;YACD,MAAM,UAAU,GAAW,QAAQ,GAAG,KAAK,GAAG,IAAI,GAAG,kBAAkB,CAAC;YACxE,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;gBACvC,OAAO,CAAC,GAAG,CAAC,gCAAgC,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC;YACnE,CAAC;YACD,OAAO,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,gDAAgD,EAChD,GAAG,CAAC,OAAO,CAAC,QAAQ,CACrB,CAAC;QACJ,CAAC;QAED,IAAI,oBAAoB,CAAC,KAAK,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAwB,oBAAoB,CAAC,KAAK,CAAC;YAClE,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;gBACjC,OAAO,IAAI,CACT;oBACE,KAAK,EAAE,cAAc;iBACtB,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;iBAAM,IAAI,SAAS,KAAK,WAAW,EAAE,CAAC;gBACrC,OAAO,IAAI,CACT;oBACE,KAAK,EAAE,WAAW;iBACnB,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,SAAS,CAAC,CAAC;YAC5D,OAAO,IAAI,CACT;gBACE,KAAK,EAAE,+BAA+B;aACvC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;CACF;AAED,MAAM,OAAO,kCAAkC;IAG7B,IAAI,GAAG,oBAA6B,CAAC;IAE7C,cAAc,CAAqC;IAE3D,YAAmB,IAAwC;QACzD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAEM,MAAM,CAAC,IAA6B;QACzC,OAAO,IAAI,2BAA2B,CAAC;YACrC,GAAG,IAAI,CAAC,cAAc;YACtB,IAAI;SACL,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,kCAAkC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isAllowedOrigin.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/isAllowedOrigin.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,8BAA8B,EAC9B,gCAAgC,EAChC,gCAAgC,EAChC,4BAA4B,EAC5B,gBAAgB,GAEjB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAEL,mCAAmC,IAAI,QAAQ,GAChD,MAAM,iBAAiB,CAAC;AAUzB,KAAK,UAAU,8BAA8B,
|
|
1
|
+
{"version":3,"file":"isAllowedOrigin.js","sourceRoot":"","sources":["../../../../src/middleware/middlewares/withCorsSettings/isAllowedOrigin.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,8BAA8B,EAC9B,gCAAgC,EAChC,gCAAgC,EAChC,4BAA4B,EAC5B,gBAAgB,GAEjB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAEL,mCAAmC,IAAI,QAAQ,GAChD,MAAM,iBAAiB,CAAC;AAUzB,KAAK,UAAU,8BAA8B,CAC3C,IAAmC;IAEnC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;IACtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAuB,CAAC;IAExB,MAAM,WAAW,GAAG,gCAAgC,CAAC,MAAM,CAAC;IAC5D,MAAM,eAAe,GAAW,8BAA8B,CAC5D,WAAW,EACX,WAAW,CACZ,CAAC;IAEF,IAAI,MAAM,KAAK,eAAe,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC3D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,0FAA0F,CAC3F,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3C,MAAM,WAAW,GAAW,8BAA8B,CACxD,UAAU,EACV,WAAW,CACZ,CAAC;IAEF,wEAAwE;IACxE,IAAI,MAAM,KAAK,WAAW,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QACvD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,gGAAgG,CACjG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,KAAK,WAAW,IAAI,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,qGAAqG,CACtG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+EAA+E;IAC/E,MAAM,eAAe,GAAG,4BAA4B,CAAC,aAAa,CAAC;IACnE,IAAI,MAAM,KAAK,WAAW,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;QAC3D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,wGAAwG,CACzG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gFAAgF;IAChF,MAAM,WAAW,GAAG,gCAAgC,CAAC,MAAM,CAAC;IAC5D,IAAI,MAAM,KAAK,WAAW,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QACvD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,oGAAoG,CACrG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,YAAY,GAAW,8BAA8B,CACzD,WAAW,EACX,WAAW,CACZ,CAAC;IAEF,6EAA6E;IAC7E,IAAI,MAAM,KAAK,YAAY,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QACxD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,wGAAwG,CACzG,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,IAAI,CACV,mHAAmH,CACpH,CAAC;IAEF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,IAAmC;IAEnC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;IACtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACrE,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,IAAI,iBAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,iBAAiB,GAAG,8BAA8B,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAC5E,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,KAAK,CAAC,CAAC,CAAC,iDAAiD;IAC3D,CAAC;IAED,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QAC1C,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;aAAM,CAAC;YACN,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,IAAI,CACV,0GAA0G,iBAAiB,IAAI,CAChI,CAAC;YACJ,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,yGAAyG,CAC1G,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAmC;IAEnC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;IAE5C,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,0CAA0C,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IAC7E,CAAC;IAED,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,QAAQ,CAAC,QAAQ;YACpB,OAAO,IAAI,CAAC;QAEd,KAAK,QAAQ,CAAC,8BAA8B;YAC1C,OAAO,MAAM,8BAA8B,CAAC,IAAI,CAAC,CAAC;QAEpD,KAAK,QAAQ,CAAC,yBAAyB;YACrC,OAAO,MAAM,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAE/C;YACE,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAED,eAAe,eAAe,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export default function assertValidRouteGuardType(route_guard_type: "authenticated" | "admin"): void;
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export default function assertValidRouteGuardType(route_guard_type) {
|
|
2
|
+
if (route_guard_type !== "authenticated" && route_guard_type !== "admin") {
|
|
3
|
+
throw new TypeError("Expected 'route_guard_type' to be either 'authenticated' or 'admin!'");
|
|
4
|
+
}
|
|
5
|
+
}
|
|
6
|
+
//# sourceMappingURL=assertValidRouteGuardType.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"assertValidRouteGuardType.js","sourceRoot":"","sources":["../../src/route_guards/assertValidRouteGuardType.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,OAAO,UAAU,yBAAyB,CAC/C,gBAA2C;IAE3C,IAAI,gBAAgB,KAAK,eAAe,IAAI,gBAAgB,KAAK,OAAO,EAAE,CAAC;QACzE,MAAM,IAAI,SAAS,CACjB,sEAAsE,CACvE,CAAC;IACJ,CAAC;AACH,CAAC"}
|
|
@@ -3,6 +3,6 @@ export { AuthenticationRequiredRouteGuard } from "./authenticated";
|
|
|
3
3
|
export { AdminRequiredRouteGuard } from "./admin";
|
|
4
4
|
export { RouteGuardFactory, RouteGuardFactory as default, } from "./route-guard-factory";
|
|
5
5
|
export { withAuthenticatedServerComponentRouteGuard, withAuthenticatedApiRouteGuard, } from "./withAuthenticatedRouteGuard";
|
|
6
|
-
export type
|
|
6
|
+
export type { TProtectedAuthenticatedPageServerComponent, TProtectedAuthenticatedApiRoute, IBaseProtectedAuthenticatedServerComponentPageProps, IBaseProtectedAuthenticatedApiRouteInputs, } from "./withAuthenticatedRouteGuard";
|
|
7
7
|
export { withAdminServerComponentRouteGuard, withAdminApiRouteGuard, } from "./withAdminRouteGuard";
|
|
8
|
-
export type
|
|
8
|
+
export type { TProtectedAdminPageServerComponent, TProtectedAdminApiRoute, IBaseProtectedAdminServerComponentPageProps, IBaseProtectedAdminApiRouteInputs, } from "./withAdminRouteGuard";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/route_guards/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gCAAgC,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAElD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,IAAI,OAAO,GAC7B,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,0CAA0C,EAC1C,8BAA8B,GAC/B,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/route_guards/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gCAAgC,EAAE,MAAM,iBAAiB,CAAC;AACnE,OAAO,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAElD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,IAAI,OAAO,GAC7B,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,0CAA0C,EAC1C,8BAA8B,GAC/B,MAAM,+BAA+B,CAAC;AAQvC,OAAO,EACL,kCAAkC,EAClC,sBAAsB,GACvB,MAAM,uBAAuB,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type { IRouteGuard } from "./IRouteGuard";
|
|
2
2
|
import type { InitRouteGuardCheckOptions } from "./init_route_guard_check_options";
|
|
3
3
|
import { type PotentiallyValidTokenSource } from "@schemavaults/auth-common";
|
|
4
|
-
import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
4
|
+
import { type ApiServerId, type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
5
5
|
import { type IJwtKeyManager } from "../JwtKeyManager";
|
|
6
6
|
export interface RouteGuardFactoryInitOptions {
|
|
7
7
|
environment: SchemaVaultsAppEnvironment;
|
|
@@ -20,7 +20,7 @@ export declare class RouteGuardFactory {
|
|
|
20
20
|
private static isValidRouteGuardType;
|
|
21
21
|
static createGuardFromOptions(type: RouteGuardType, opts: InitRouteGuardCheckOptions): IRouteGuard;
|
|
22
22
|
createGuardFromOptions(type: RouteGuardType, opts: InitRouteGuardCheckOptions): IRouteGuard;
|
|
23
|
-
createGuardFromTokenSources(type: RouteGuardType, token_sources: readonly PotentiallyValidTokenSource[], jwt_audience:
|
|
23
|
+
createGuardFromTokenSources(type: RouteGuardType, token_sources: readonly PotentiallyValidTokenSource[], jwt_audience: ApiServerId): Promise<IRouteGuard>;
|
|
24
24
|
createGuardFromAuthHeader(type: RouteGuardType, authHeader: string | null, jwt_audience: string): Promise<IRouteGuard>;
|
|
25
25
|
}
|
|
26
26
|
export default RouteGuardFactory;
|
|
@@ -38,8 +38,10 @@ export class RouteGuardFactory {
|
|
|
38
38
|
if (this.is_auth_server) {
|
|
39
39
|
throw new TypeError("An argument for 'jwt_keys_manager' is required when 'is_auth_server' is true");
|
|
40
40
|
}
|
|
41
|
+
const auth_server_uri = getHardcodedClientWebAppDomain(SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id, environment);
|
|
41
42
|
this.jwt_keys_manager = new RemoteJwtKeyManager({
|
|
42
|
-
auth_server_uri
|
|
43
|
+
auth_server_uri,
|
|
44
|
+
debug: this.debug,
|
|
43
45
|
});
|
|
44
46
|
}
|
|
45
47
|
}
|
|
@@ -79,8 +81,12 @@ export class RouteGuardFactory {
|
|
|
79
81
|
token_sources,
|
|
80
82
|
jwt_audience,
|
|
81
83
|
decodeJWT: async (opts) => {
|
|
82
|
-
if (
|
|
83
|
-
|
|
84
|
+
if (debug) {
|
|
85
|
+
let debugMessage = `[RouteGuardFactory] Attempting to decode ${opts.type} JWT for audience: '${opts.jwt_audience}'`;
|
|
86
|
+
if (opts.sourceHint) {
|
|
87
|
+
debugMessage += ` (Source: '${opts.sourceHint}')`;
|
|
88
|
+
}
|
|
89
|
+
console.log(debugMessage);
|
|
84
90
|
}
|
|
85
91
|
let keyset_id;
|
|
86
92
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"route-guard-factory.js","sourceRoot":"","sources":["../../src/route_guards/route-guard-factory.ts"],"names":[],"mappings":"AAAA,OAAO,uBAAuB,MAAM,SAAS,CAAC;AAC9C,OAAO,gCAAgC,MAAM,iBAAiB,CAAC;AAE/D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,UAAU,EAKV,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,SAAS,IAAI,qBAAqB,EAClC,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,
|
|
1
|
+
{"version":3,"file":"route-guard-factory.js","sourceRoot":"","sources":["../../src/route_guards/route-guard-factory.ts"],"names":[],"mappings":"AAAA,OAAO,uBAAuB,MAAM,SAAS,CAAC;AAC9C,OAAO,gCAAgC,MAAM,iBAAiB,CAAC;AAE/D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,UAAU,EAKV,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,SAAS,IAAI,qBAAqB,EAClC,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAEL,iBAAiB,EACjB,iBAAiB,EACjB,8BAA8B,EAC9B,gCAAgC,GAEjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,mBAEN,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EACL,mBAAmB,EAEnB,8BAA8B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,OAAO,WAAW,MAAM,iBAAiB,CAAC;AAW1C,MAAM,WAAW,GAAG;IAClB,eAAe;IACf,OAAO;CAC6B,CAAC;AAGvC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,GAAG,EAAyB,EAAE;IAC5E,OACE,WACD,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,MAAM,MAAM,GAAG;IACb,aAAa,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,gCAAgC,CAAC,IAAI,CAAC;IACnE,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,uBAAuB,CAAC,IAAI,CAAC;CAInD,CAAC;AAEF,MAAM,OAAO,iBAAiB;IACX,gBAAgB,CAAiB;IACjC,WAAW,CAA6B;IACxC,KAAK,CAAU;IACf,cAAc,CAAU;IAEzC,YAAmB,EAAE,WAAW,EAAE,GAAG,IAAI,EAAgC;QACvE,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;QACjC,IACE,OAAO,IAAI,CAAC,cAAc,KAAK,SAAS;YACxC,OAAO,IAAI,CAAC,cAAc,KAAK,WAAW,EAC1C,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,KAAK,CAAC;QAEnD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,MAAM,IAAI,SAAS,CACjB,8EAA8E,CAC/E,CAAC;YACJ,CAAC;YACD,MAAM,eAAe,GAAW,8BAA8B,CAC5D,gCAAgC,CAAC,MAAM,EACvC,WAAW,CACZ,CAAC;YACF,IAAI,CAAC,gBAAgB,GAAG,IAAI,mBAAmB,CAAC;gBAC9C,eAAe;gBACf,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,qBAAqB,CAAC,IAAa;QAChD,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC3C,OAAO,oBAAoB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC;IACtD,CAAC;IAEM,MAAM,CAAC,sBAAsB,CAClC,IAAoB,EACpB,IAAgC;QAEhC,IAAI,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,+CAA+C,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxE,CAAC;QACJ,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,KAAK,GAAgB,YAAY,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,sBAAsB,CAC3B,IAAoB,EACpB,IAAgC;QAEhC,OAAO,iBAAiB,CAAC,sBAAsB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAEM,KAAK,CAAC,2BAA2B,CACtC,IAAoB,EACpB,aAAqD,EACrD,YAAyB;QAEzB,MAAM,WAAW,GAA+B,IAAI,CAAC,WAAW,CAAC;QACjE,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,mEAAmE,EACnE,aAAa,CACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,YAA6B,CAAC,CAAC,OAAO,EAAE,CAAC;YACxE,MAAM,IAAI,SAAS,CACjB,6CAA6C,YAAY,EAAE,CAC5D,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAmB,IAAI,CAAC,gBAAgB,CAAC;QAC3D,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,GAAoB,IAAI,CAAC;QACjC,IAAI,kBAAkB,GAAqC,IAAI,CAAC;QAChE,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,UAAU,CACrB;gBACE,aAAa;gBACb,YAAY;gBACZ,SAAS,EAAE,KAAK,EAAE,IAAI,EAAgC,EAAE;oBACtD,IAAI,KAAK,EAAE,CAAC;wBACV,IAAI,YAAY,GAAW,4CAA4C,IAAI,CAAC,IAAI,uBAAuB,IAAI,CAAC,YAAY,GAAG,CAAC;wBAC5H,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;4BACpB,YAAY,IAAI,cAAc,IAAI,CAAC,UAAU,IAAI,CAAC;wBACpD,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;oBAC5B,CAAC;oBAED,IAAI,SAAiB,CAAC;oBACtB,IAAI,CAAC;wBACH,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,KAAsB,CAAC,CAAC;oBAChE,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;wBACjE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;oBACjE,CAAC;oBAED,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC1C,MAAM,IAAI,SAAS,CACjB,qDAAqD,CACtD,CAAC;oBACJ,CAAC;oBAED,IAAI,YAAkC,CAAC;oBACvC,IAAI,CAAC;wBACH,YAAY,GAAG,MAAM,mBAAmB,CAAC;4BACvC,SAAS;4BACT,YAAY;4BACZ,WAAW,EAAE,YAAY;4BACzB,KAAK;yBACN,CAAC,CAAC;wBACH,IAAI,YAAY,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;4BACzC,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,IAAI,CACV,8FAA8F,SAAS,KAAK,EAC5G,CAAC,CACF,CAAC;wBACF,IAAI,CAAC,YAAY,8BAA8B,EAAE,CAAC;4BAChD,MAAM,CAAC,CAAC;wBACV,CAAC;wBACD,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;oBACJ,CAAC;oBACD,MAAM,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,YAAY,CAAC;oBAE1D,IAAI,CAAC;wBACH,OAAO,CAAC,MAAM,qBAAqB,CAAC;4BAClC,GAAG,EAAE,IAAI,CAAC,KAAK;4BACf,IAAI,EAAE,IAAI,CAAC,IAAI;4BACf,QAAQ,EAAE,IAAI,CAAC,YAAY;4BAC3B,cAAc;4BACd,gBAAgB;4BAChB,SAAS;4BACT,GAAG,EAAE,WAAW;yBACjB,CAAC,CAA4B,CAAC;oBACjC,CAAC;oBAAC,OAAO,CAAU,EAAE,CAAC;wBACpB,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,CAAC,CAAC,CAAC;wBACtD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;oBACtD,CAAC;gBACH,CAAC;aACF,EACD,KAAK,CACN,CAAC;YACF,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;YAC7D,CAAC;YAED,IACE,IAAI,CAAC,IAAI,CAAC,KAAK,CACb,CAAC,MAAM,EAAE,EAAE,CACT,OAAO,MAAM,KAAK,QAAQ;gBAC1B,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CACjD,EACD,CAAC;gBACD,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC;YACjC,CAAC;YAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,SAAS,CACjB,oEAAoE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,IAAI,CAAC,YAAY,8BAA8B,EAAE,CAAC;gBAChD,OAAO,CAAC,IAAI,CACV,yDAAyD,CAAC,CAAC,SAAS,oCAAoC,EACxG,CAAC,CACF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CACV,gFAAgF,EAChF,CAAC,CACF,CAAC;YACJ,CAAC;YACD,IAAI,GAAG,IAAI,CAAC;YACZ,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QAED,MAAM,SAAS,GAA+B;YAC5C,IAAI;YACJ,WAAW,EAAE,iBAAiB,EAAE;YAChC,kBAAkB,EAAE,kBAAkB,IAAI,EAAE;SAC7C,CAAC;QAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8DAA8D,EAC9D,SAAS,CACV,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACtD,CAAC;IAEM,KAAK,CAAC,yBAAyB,CACpC,IAAoB,EACpB,UAAyB,EACzB,YAAoB;QAEpB,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,YAAY,GAAG,SAAkB,CAAC;QACxC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,KAAK,GAAW,UAAU,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAE5D,OAAO,MAAM,IAAI,CAAC,2BAA2B,CAC3C,IAAI,EACJ;YACE;gBACE,UAAU,EAAE,0BAA0B;gBACtC,KAAK;gBACL,IAAI,EAAE,QAAQ;aACf;SACF,EACD,YAAY,CACb,CAAC;IACJ,CAAC;CACF;AAED,eAAe,iBAAiB,CAAC"}
|
|
@@ -1,25 +1,9 @@
|
|
|
1
1
|
import "server-only";
|
|
2
|
-
import {
|
|
3
|
-
import type
|
|
2
|
+
import { type ApiServerId } from "@schemavaults/app-definitions";
|
|
3
|
+
import { type TProtectedAuthenticatedApiRoute, type IBaseProtectedAuthenticatedServerComponentPageProps, type TProtectedAuthenticatedPageServerComponent } from "./withAuthenticatedRouteGuard";
|
|
4
4
|
import type { ReactElement } from "react";
|
|
5
5
|
import { type NextRequest, NextResponse } from "next/server";
|
|
6
|
-
import type { SchemaVaultsPostgresNeonProxyAdapter } from "@schemavaults/dbh";
|
|
7
6
|
import type { IJwtKeyManager } from "../JwtKeyManager";
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
export
|
|
11
|
-
user: UserData;
|
|
12
|
-
dbh: Dbh<Db>;
|
|
13
|
-
environment: SchemaVaultsAppEnvironment;
|
|
14
|
-
}
|
|
15
|
-
export type TProtectedAdminPageServerComponent<Db extends object> = (props: IProtectedAdminServerComponentPageProps<Db>) => Promise<ReactElement>;
|
|
16
|
-
export interface IProtectedAdminApiRouteProps<Db extends object> extends IProtectedAdminServerComponentPageProps<Db> {
|
|
17
|
-
req: NextRequest;
|
|
18
|
-
}
|
|
19
|
-
export type TProtectedAdminApiRoute<Db extends object> = (props: IProtectedAdminApiRouteProps<Db>) => Promise<NextResponse>;
|
|
20
|
-
export interface IWithAdminRouteGuardUtilOpts<Db extends object> {
|
|
21
|
-
ProtectedAdminPageServerComponent: TProtectedAdminPageServerComponent<Db>;
|
|
22
|
-
}
|
|
23
|
-
export declare function withAdminServerComponentRouteGuard<Db extends object>(input: IWithAdminRouteGuardUtilOpts<Db> | TProtectedAdminPageServerComponent<Db>, dbh: Dbh<Db>, jwt_keys_manager: IJwtKeyManager, getApiServerId?: () => ApiServerId): Promise<ReactElement>;
|
|
24
|
-
export declare function withAdminApiRouteGuard<Db extends object>(input: TProtectedAdminApiRoute<Db>, dbh: Dbh<Db>, jwt_keys_manager: IJwtKeyManager, getApiServerId?: () => ApiServerId): (req: NextRequest) => Promise<NextResponse>;
|
|
25
|
-
export {};
|
|
7
|
+
export declare function withAdminServerComponentRouteGuard<TAdditionalCustomProps extends object>(server_component: TProtectedAuthenticatedPageServerComponent<TAdditionalCustomProps>, additional_custom_server_component_props: TAdditionalCustomProps, custom_is_authorized_check?: ((props: IBaseProtectedAuthenticatedServerComponentPageProps & TAdditionalCustomProps) => Promise<boolean>) | undefined, jwt_keys_manager?: IJwtKeyManager, getApiServerId?: () => ApiServerId): Promise<ReactElement>;
|
|
8
|
+
export declare function withAdminApiRouteGuard<TAdditionalCustomRouteInputs extends object>(api_route_handler: TProtectedAuthenticatedApiRoute<TAdditionalCustomRouteInputs>, additional_custom_api_route_inputs: TAdditionalCustomRouteInputs, custom_is_authorized_check?: ((route_inputs: IBaseProtectedAuthenticatedServerComponentPageProps & TAdditionalCustomRouteInputs) => Promise<boolean>) | undefined, jwt_keys_manager?: IJwtKeyManager, getApiServerId?: () => ApiServerId): (req: NextRequest) => Promise<NextResponse>;
|
|
9
|
+
export type { TProtectedAuthenticatedPageServerComponent as TProtectedAdminPageServerComponent, TProtectedAuthenticatedApiRoute as TProtectedAdminApiRoute, IBaseProtectedAuthenticatedServerComponentPageProps as IBaseProtectedAdminServerComponentPageProps, IBaseProtectedAuthenticatedApiRouteInputs as IBaseProtectedAdminApiRouteInputs, } from "./withAuthenticatedRouteGuard";
|
|
@@ -1,129 +1,10 @@
|
|
|
1
1
|
import "server-only";
|
|
2
|
-
import {
|
|
3
|
-
import { cookies as loadCookies } from "next/headers";
|
|
4
|
-
import { redirectWithNextAppDirError } from "../redirect-with-error";
|
|
5
|
-
import RouteGuardFactory from "../route_guards/route-guard-factory";
|
|
6
|
-
import { NextResponse } from "next/server";
|
|
7
|
-
import getStringByteSize from "../getStringByteSize";
|
|
8
|
-
import MaximumBrowserCookieSize from "../MaximumBrowserCookieSize";
|
|
9
|
-
import RefreshTokenCookieName from "../RefreshTokenCookieNames";
|
|
2
|
+
import { initDefaultJwtKeyManagerForAuthenticatedRouteGuard, withAuthenticatedServerComponentRouteGuard, withAuthenticatedApiRouteGuard, } from "./withAuthenticatedRouteGuard";
|
|
10
3
|
import getSchemavaultsApiServerId from "../get-schemavaults-api-server-id";
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
export async function withAdminServerComponentRouteGuard(input, dbh, jwt_keys_manager, getApiServerId = getSchemavaultsApiServerId) {
|
|
14
|
-
const environment = getAppEnvironment();
|
|
15
|
-
const api_server_id = getApiServerId();
|
|
16
|
-
const cookies = await loadCookies();
|
|
17
|
-
const token_sources = [];
|
|
18
|
-
const refresh_token_cookie = cookies.get("refresh_token");
|
|
19
|
-
if (typeof refresh_token_cookie?.value === "string") {
|
|
20
|
-
token_sources.push({
|
|
21
|
-
sourceHint: "Auth Server Refresh Token",
|
|
22
|
-
type: "refresh",
|
|
23
|
-
token: refresh_token_cookie.value,
|
|
24
|
-
});
|
|
25
|
-
}
|
|
26
|
-
if (token_sources.length === 0) {
|
|
27
|
-
redirectToLogin(redirect);
|
|
28
|
-
}
|
|
29
|
-
const route_guard_factory = new RouteGuardFactory({
|
|
30
|
-
environment,
|
|
31
|
-
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id,
|
|
32
|
-
jwt_keys_manager,
|
|
33
|
-
});
|
|
34
|
-
const route_guard = await route_guard_factory.createGuardFromTokenSources("admin", token_sources, SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id);
|
|
35
|
-
if (!route_guard.user) {
|
|
36
|
-
redirectToLogin(redirect);
|
|
37
|
-
}
|
|
38
|
-
const user = route_guard.user;
|
|
39
|
-
if (!Array.isArray(route_guard.user_organizations)) {
|
|
40
|
-
redirectToLogin(redirect);
|
|
41
|
-
}
|
|
42
|
-
if (!route_guard.isAccessAllowed() || !user.admin) {
|
|
43
|
-
redirectWithNextAppDirError(403, "forbidden");
|
|
44
|
-
}
|
|
45
|
-
const ProtectedAdminPageServerComponent = typeof input === "function"
|
|
46
|
-
? input
|
|
47
|
-
: input.ProtectedAdminPageServerComponent;
|
|
48
|
-
if (typeof ProtectedAdminPageServerComponent !== "function") {
|
|
49
|
-
throw new TypeError("Expected ProtectedAdminPageServerComponent to be a function");
|
|
50
|
-
}
|
|
51
|
-
return (await ProtectedAdminPageServerComponent({
|
|
52
|
-
user,
|
|
53
|
-
dbh,
|
|
54
|
-
environment,
|
|
55
|
-
}));
|
|
4
|
+
export async function withAdminServerComponentRouteGuard(server_component, additional_custom_server_component_props, custom_is_authorized_check = async (props) => props.user.admin === true, jwt_keys_manager = initDefaultJwtKeyManagerForAuthenticatedRouteGuard(), getApiServerId = getSchemavaultsApiServerId) {
|
|
5
|
+
return await withAuthenticatedServerComponentRouteGuard(server_component, additional_custom_server_component_props, "admin", custom_is_authorized_check, jwt_keys_manager, getApiServerId);
|
|
56
6
|
}
|
|
57
|
-
export function withAdminApiRouteGuard(
|
|
58
|
-
|
|
59
|
-
return async function ProtectedAdminApiRoute(req) {
|
|
60
|
-
const environment = getAppEnvironment();
|
|
61
|
-
const api_server_id = getApiServerId();
|
|
62
|
-
const token_sources = [];
|
|
63
|
-
const refresh_token_cookie = req.cookies.get(RefreshTokenCookieName);
|
|
64
|
-
if (typeof refresh_token_cookie?.value === "string" &&
|
|
65
|
-
refresh_token_cookie.value.length > 64 &&
|
|
66
|
-
getStringByteSize(refresh_token_cookie.value) <= MaximumBrowserCookieSize) {
|
|
67
|
-
token_sources.push({
|
|
68
|
-
sourceHint: "Auth Server Refresh Token",
|
|
69
|
-
type: "refresh",
|
|
70
|
-
token: refresh_token_cookie.value,
|
|
71
|
-
});
|
|
72
|
-
}
|
|
73
|
-
if (req.headers.has(RefreshTokenCookieName)) {
|
|
74
|
-
const auth_header = req.headers.get("Authorization");
|
|
75
|
-
if (!auth_header || typeof auth_header !== "string") {
|
|
76
|
-
throw new Error("Expected 'Authorization' to be non-empty string if set.");
|
|
77
|
-
}
|
|
78
|
-
if (!auth_header.startsWith("Bearer ")) {
|
|
79
|
-
throw new Error("Expected header 'Authorization' to start with 'Bearer '");
|
|
80
|
-
}
|
|
81
|
-
const refresh_token_from_header = typeof auth_header === "string" && auth_header.startsWith("Bearer ")
|
|
82
|
-
? auth_header.slice("Bearer ".length)
|
|
83
|
-
: "";
|
|
84
|
-
if (!refresh_token_from_header) {
|
|
85
|
-
throw new Error(`Refresh token cookie from header 'Authorization' appears to be empty!`);
|
|
86
|
-
}
|
|
87
|
-
token_sources.push({
|
|
88
|
-
sourceHint: "Auth Server Access Token",
|
|
89
|
-
type: "access",
|
|
90
|
-
token: refresh_token_from_header,
|
|
91
|
-
});
|
|
92
|
-
}
|
|
93
|
-
const route_guard_factory = new RouteGuardFactory({
|
|
94
|
-
environment,
|
|
95
|
-
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id,
|
|
96
|
-
jwt_keys_manager,
|
|
97
|
-
});
|
|
98
|
-
const route_guard = await route_guard_factory.createGuardFromTokenSources("admin", token_sources, SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id);
|
|
99
|
-
if (!route_guard.user) {
|
|
100
|
-
return NextResponse.json({
|
|
101
|
-
success: false,
|
|
102
|
-
error: true,
|
|
103
|
-
message: "Authentication failed, unknown user",
|
|
104
|
-
}, { status: 401 });
|
|
105
|
-
}
|
|
106
|
-
const user = route_guard.user;
|
|
107
|
-
if (!Array.isArray(route_guard.user_organizations)) {
|
|
108
|
-
return NextResponse.json({
|
|
109
|
-
success: false,
|
|
110
|
-
error: true,
|
|
111
|
-
message: "Authentication failed, failed to load user organizations",
|
|
112
|
-
}, { status: 401 });
|
|
113
|
-
}
|
|
114
|
-
if (!route_guard.isAccessAllowed() || !route_guard.user.admin) {
|
|
115
|
-
return NextResponse.json({
|
|
116
|
-
success: false,
|
|
117
|
-
error: true,
|
|
118
|
-
message: "Access is not allowed",
|
|
119
|
-
}, { status: 403 });
|
|
120
|
-
}
|
|
121
|
-
return (await AdminApiRoute({
|
|
122
|
-
req,
|
|
123
|
-
user,
|
|
124
|
-
dbh,
|
|
125
|
-
environment,
|
|
126
|
-
}));
|
|
127
|
-
};
|
|
7
|
+
export function withAdminApiRouteGuard(api_route_handler, additional_custom_api_route_inputs, custom_is_authorized_check = async (inputs) => inputs.user.admin === true, jwt_keys_manager = initDefaultJwtKeyManagerForAuthenticatedRouteGuard(), getApiServerId = getSchemavaultsApiServerId) {
|
|
8
|
+
return withAuthenticatedApiRouteGuard(api_route_handler, additional_custom_api_route_inputs, "admin", custom_is_authorized_check, jwt_keys_manager, getApiServerId);
|
|
128
9
|
}
|
|
129
10
|
//# sourceMappingURL=withAdminRouteGuard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"withAdminRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAdminRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"withAdminRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAdminRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAGrB,OAAO,EACL,kDAAkD,EAElD,0CAA0C,EAC1C,8BAA8B,GAG/B,MAAM,+BAA+B,CAAC;AAGvC,OAAO,0BAA0B,MAAM,kCAAkC,CAAC;AAG1E,MAAM,CAAC,KAAK,UAAU,kCAAkC,CAGtD,gBAAoF,EACpF,wCAAgE,EAChE,6BAKgB,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,IAAI,EAC1D,mBAAmC,kDAAkD,EAAE,EACvF,iBAAoC,0BAA0B;IAE9D,OAAO,MAAM,0CAA0C,CACrD,gBAAgB,EAChB,wCAAwC,EACxC,OAAO,EACP,0BAA0B,EAC1B,gBAAgB,EAChB,cAAc,CACf,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAGpC,iBAAgF,EAChF,kCAAgE,EAChE,6BAKgB,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,KAAK,IAAI,EAC5D,mBAAmC,kDAAkD,EAAE,EACvF,iBAAoC,0BAA0B;IAE9D,OAAO,8BAA8B,CACnC,iBAAiB,EACjB,kCAAkC,EAClC,OAAO,EACP,0BAA0B,EAC1B,gBAAgB,EAChB,cAAc,CACf,CAAC;AACJ,CAAC"}
|
|
@@ -1,26 +1,19 @@
|
|
|
1
1
|
import "server-only";
|
|
2
|
-
import { ApiServerId, type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
2
|
+
import { type ApiServerId, type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
3
3
|
import type { OrganizationID, UserData } from "@schemavaults/auth-common";
|
|
4
4
|
import type { ReactElement } from "react";
|
|
5
5
|
import { type NextRequest, NextResponse } from "next/server";
|
|
6
|
-
import type
|
|
7
|
-
|
|
8
|
-
interface Dbh<Db extends object> extends AsyncDisposable, SchemaVaultsPostgresNeonProxyAdapter<Db> {
|
|
9
|
-
}
|
|
10
|
-
export interface IProtectedAuthenticatedServerComponentPageProps<Db extends object> {
|
|
6
|
+
import { type IJwtKeyManager } from "../JwtKeyManager";
|
|
7
|
+
export interface IBaseProtectedAuthenticatedServerComponentPageProps {
|
|
11
8
|
user: UserData;
|
|
12
9
|
user_organizations: readonly OrganizationID[];
|
|
13
|
-
dbh: Dbh<Db>;
|
|
14
10
|
environment: SchemaVaultsAppEnvironment;
|
|
15
11
|
}
|
|
16
|
-
export type TProtectedAuthenticatedPageServerComponent<
|
|
17
|
-
export interface
|
|
12
|
+
export type TProtectedAuthenticatedPageServerComponent<TAdditionalCustomProps extends object> = (props: IBaseProtectedAuthenticatedServerComponentPageProps & TAdditionalCustomProps) => Promise<ReactElement>;
|
|
13
|
+
export interface IBaseProtectedAuthenticatedApiRouteInputs extends IBaseProtectedAuthenticatedServerComponentPageProps {
|
|
18
14
|
req: NextRequest;
|
|
19
15
|
}
|
|
20
|
-
export type TProtectedAuthenticatedApiRoute<
|
|
21
|
-
export
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
export declare function withAuthenticatedServerComponentRouteGuard<Db extends object>(input: IWithAuthenticatedRouteGuardUtilOpts<Db> | TProtectedAuthenticatedPageServerComponent<Db>, dbh: Dbh<Db>, jwt_keys_manager: IJwtKeyManager, getApiServerId?: () => ApiServerId): Promise<ReactElement>;
|
|
25
|
-
export declare function withAuthenticatedApiRouteGuard<Db extends object>(input: TProtectedAuthenticatedApiRoute<Db>, dbh: Dbh<Db>, jwt_keys_manager: IJwtKeyManager, getApiServerId?: () => ApiServerId): (req: NextRequest) => Promise<NextResponse>;
|
|
26
|
-
export {};
|
|
16
|
+
export type TProtectedAuthenticatedApiRoute<TAdditionalCustomRouteInputs extends object> = (route_inputs: TAdditionalCustomRouteInputs & IBaseProtectedAuthenticatedApiRouteInputs) => Promise<NextResponse>;
|
|
17
|
+
export declare function initDefaultJwtKeyManagerForAuthenticatedRouteGuard(debug?: boolean): IJwtKeyManager;
|
|
18
|
+
export declare function withAuthenticatedServerComponentRouteGuard<TAdditionalCustomProps extends object>(server_component: TProtectedAuthenticatedPageServerComponent<TAdditionalCustomProps>, additional_custom_server_component_props: TAdditionalCustomProps, route_guard_type?: "authenticated" | "admin", custom_is_authorized_check?: ((props: IBaseProtectedAuthenticatedServerComponentPageProps & TAdditionalCustomProps) => Promise<boolean>) | undefined, jwt_keys_manager?: IJwtKeyManager, getApiServerId?: () => ApiServerId): Promise<ReactElement>;
|
|
19
|
+
export declare function withAuthenticatedApiRouteGuard<TAdditionalCustomRouteInputs extends object>(api_route_handler: TProtectedAuthenticatedApiRoute<TAdditionalCustomRouteInputs>, additional_custom_api_route_inputs: TAdditionalCustomRouteInputs, route_guard_type?: "authenticated" | "admin", custom_is_authorized_check?: ((route_inputs: IBaseProtectedAuthenticatedServerComponentPageProps & TAdditionalCustomRouteInputs) => Promise<boolean>) | undefined, jwt_keys_manager?: IJwtKeyManager, getApiServerId?: () => ApiServerId): (req: NextRequest) => Promise<NextResponse>;
|
|
@@ -1,37 +1,75 @@
|
|
|
1
1
|
import "server-only";
|
|
2
|
-
import {
|
|
2
|
+
import { SCHEMAVAULTS_AUTH_APP_ID, getAppEnvironment, getHardcodedClientWebAppDomain, } from "@schemavaults/app-definitions";
|
|
3
3
|
import { cookies as loadCookies } from "next/headers";
|
|
4
4
|
import { redirectWithNextAppDirError } from "../redirect-with-error";
|
|
5
|
-
import RouteGuardFactory from "
|
|
5
|
+
import RouteGuardFactory from "./route-guard-factory";
|
|
6
6
|
import { NextResponse } from "next/server";
|
|
7
7
|
import getStringByteSize from "../getStringByteSize";
|
|
8
8
|
import MaximumBrowserCookieSize from "../MaximumBrowserCookieSize";
|
|
9
|
-
import
|
|
9
|
+
import { AccessTokenCookieName } from "../AccessTokenCookieNames";
|
|
10
|
+
import { RefreshTokenCookieName } from "../RefreshTokenCookieNames";
|
|
10
11
|
import getSchemavaultsApiServerId from "../get-schemavaults-api-server-id";
|
|
12
|
+
import { RemoteJwtKeyManager } from "../JwtKeyManager";
|
|
11
13
|
import redirectToLogin from "../redirect-to-login";
|
|
12
14
|
import { redirect } from "next/navigation";
|
|
13
|
-
|
|
15
|
+
import assertValidRouteGuardType from "./assertValidRouteGuardType";
|
|
16
|
+
// default key manager is RemoteJwtKeyManager-- makes it easier for external apps, we can overwrite this once for the auth server
|
|
17
|
+
export function initDefaultJwtKeyManagerForAuthenticatedRouteGuard(debug = process.env.NODE_ENV === "development") {
|
|
18
|
+
return new RemoteJwtKeyManager({
|
|
19
|
+
auth_server_uri: getHardcodedClientWebAppDomain(SCHEMAVAULTS_AUTH_APP_ID, getAppEnvironment()),
|
|
20
|
+
debug,
|
|
21
|
+
});
|
|
22
|
+
}
|
|
23
|
+
export async function withAuthenticatedServerComponentRouteGuard(server_component, additional_custom_server_component_props, route_guard_type = "authenticated", custom_is_authorized_check = undefined, jwt_keys_manager = initDefaultJwtKeyManagerForAuthenticatedRouteGuard(), getApiServerId = getSchemavaultsApiServerId) {
|
|
24
|
+
assertValidRouteGuardType(route_guard_type);
|
|
14
25
|
const environment = getAppEnvironment();
|
|
15
26
|
const api_server_id = getApiServerId();
|
|
16
27
|
const cookies = await loadCookies();
|
|
17
28
|
const token_sources = [];
|
|
18
|
-
|
|
19
|
-
if (
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
29
|
+
// Load Refresh Token for Auth Server
|
|
30
|
+
if (api_server_id === SCHEMAVAULTS_AUTH_APP_ID) {
|
|
31
|
+
const refresh_token_cookie = cookies.get(RefreshTokenCookieName(SCHEMAVAULTS_AUTH_APP_ID));
|
|
32
|
+
if (typeof refresh_token_cookie?.value === "string") {
|
|
33
|
+
token_sources.push({
|
|
34
|
+
sourceHint: "Auth Server Refresh Token",
|
|
35
|
+
type: "refresh",
|
|
36
|
+
token: refresh_token_cookie.value,
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
// Load Access Token from designated cookie for current server
|
|
41
|
+
const access_token_cookie_name = AccessTokenCookieName(api_server_id);
|
|
42
|
+
const access_token_cookie = cookies.get(access_token_cookie_name);
|
|
43
|
+
if (typeof access_token_cookie?.value === "string" &&
|
|
44
|
+
access_token_cookie.value.length > 64) {
|
|
45
|
+
let jwt_string = null;
|
|
46
|
+
try {
|
|
47
|
+
const parsed = JSON.parse(access_token_cookie.value);
|
|
48
|
+
if (parsed && typeof parsed.token === "string") {
|
|
49
|
+
jwt_string = parsed.token;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
catch {
|
|
53
|
+
// Raw JWT string fallback
|
|
54
|
+
jwt_string = access_token_cookie.value;
|
|
55
|
+
}
|
|
56
|
+
if (jwt_string) {
|
|
57
|
+
token_sources.push({
|
|
58
|
+
sourceHint: `Access Token from cookie '${access_token_cookie_name}'`,
|
|
59
|
+
type: "access",
|
|
60
|
+
token: jwt_string,
|
|
61
|
+
});
|
|
62
|
+
}
|
|
25
63
|
}
|
|
26
64
|
if (token_sources.length === 0) {
|
|
27
65
|
redirectToLogin(redirect);
|
|
28
66
|
}
|
|
29
67
|
const route_guard_factory = new RouteGuardFactory({
|
|
30
68
|
environment,
|
|
31
|
-
is_auth_server: api_server_id ===
|
|
69
|
+
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_ID,
|
|
32
70
|
jwt_keys_manager,
|
|
33
71
|
});
|
|
34
|
-
const route_guard = await route_guard_factory.createGuardFromTokenSources(
|
|
72
|
+
const route_guard = await route_guard_factory.createGuardFromTokenSources(route_guard_type, token_sources, api_server_id);
|
|
35
73
|
if (!route_guard.user) {
|
|
36
74
|
redirectToLogin(redirect);
|
|
37
75
|
}
|
|
@@ -39,61 +77,112 @@ export async function withAuthenticatedServerComponentRouteGuard(input, dbh, jwt
|
|
|
39
77
|
if (!route_guard.isAccessAllowed()) {
|
|
40
78
|
redirectWithNextAppDirError(403, "forbidden");
|
|
41
79
|
}
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
: input.ProtectedAuthenticatedPageServerComponent;
|
|
45
|
-
if (typeof ProtectedAuthenticatedPageServerComponent !== "function") {
|
|
46
|
-
throw new TypeError("Expected ProtectedAuthenticatedPageServerComponent to be a function");
|
|
80
|
+
if (typeof server_component !== "function") {
|
|
81
|
+
throw new TypeError("Expected 'server_component' passed to withAuthenticatedServerComponentRouteGuard to be a function");
|
|
47
82
|
}
|
|
48
|
-
|
|
83
|
+
const ProtectedAuthenticatedPageServerComponent = server_component;
|
|
84
|
+
const base_server_component_props = {
|
|
49
85
|
user,
|
|
50
|
-
dbh,
|
|
51
86
|
environment,
|
|
52
87
|
user_organizations: route_guard.user_organizations,
|
|
53
|
-
}
|
|
88
|
+
};
|
|
89
|
+
const server_component_props = {
|
|
90
|
+
...base_server_component_props,
|
|
91
|
+
...additional_custom_server_component_props,
|
|
92
|
+
};
|
|
93
|
+
if (typeof custom_is_authorized_check === "function") {
|
|
94
|
+
let is_authorized = false;
|
|
95
|
+
try {
|
|
96
|
+
is_authorized = await custom_is_authorized_check(server_component_props);
|
|
97
|
+
}
|
|
98
|
+
catch (e) {
|
|
99
|
+
console.error("Error in 'custom_is_authorized_check' handler: ", e);
|
|
100
|
+
redirectWithNextAppDirError(500, "internal_server_error");
|
|
101
|
+
}
|
|
102
|
+
if (!is_authorized) {
|
|
103
|
+
redirectWithNextAppDirError(403, "forbidden");
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
return (await ProtectedAuthenticatedPageServerComponent(server_component_props));
|
|
54
107
|
}
|
|
55
|
-
export function withAuthenticatedApiRouteGuard(
|
|
56
|
-
|
|
108
|
+
export function withAuthenticatedApiRouteGuard(api_route_handler, additional_custom_api_route_inputs, route_guard_type = "authenticated", custom_is_authorized_check = undefined, jwt_keys_manager = initDefaultJwtKeyManagerForAuthenticatedRouteGuard(), getApiServerId = getSchemavaultsApiServerId) {
|
|
109
|
+
assertValidRouteGuardType(route_guard_type);
|
|
110
|
+
const AuthenticatedApiRoute = api_route_handler;
|
|
57
111
|
return async function ProtectedAuthenticatedApiRoute(req) {
|
|
58
112
|
const environment = getAppEnvironment();
|
|
59
113
|
const api_server_id = getApiServerId();
|
|
60
114
|
const token_sources = [];
|
|
61
|
-
|
|
62
|
-
if (
|
|
63
|
-
refresh_token_cookie.
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
if (!auth_header || typeof auth_header !== "string") {
|
|
74
|
-
throw new Error("Expected 'Authorization' to be non-empty string if set.");
|
|
115
|
+
// Load refresh token cookie for auth server
|
|
116
|
+
if (api_server_id === SCHEMAVAULTS_AUTH_APP_ID) {
|
|
117
|
+
const refresh_token_cookie = req.cookies.get(RefreshTokenCookieName(SCHEMAVAULTS_AUTH_APP_ID));
|
|
118
|
+
if (typeof refresh_token_cookie?.value === "string" &&
|
|
119
|
+
refresh_token_cookie.value.length > 64 &&
|
|
120
|
+
getStringByteSize(refresh_token_cookie.value) <=
|
|
121
|
+
MaximumBrowserCookieSize) {
|
|
122
|
+
token_sources.push({
|
|
123
|
+
sourceHint: "Auth Server Refresh Token",
|
|
124
|
+
type: "refresh",
|
|
125
|
+
token: refresh_token_cookie.value,
|
|
126
|
+
});
|
|
75
127
|
}
|
|
76
|
-
|
|
77
|
-
|
|
128
|
+
}
|
|
129
|
+
// Load access token cookie for current server
|
|
130
|
+
(function addAccessTokenFromCookieToSourcesIfFound() {
|
|
131
|
+
const access_token_cookie_name = AccessTokenCookieName(api_server_id);
|
|
132
|
+
const access_token_cookie = req.cookies.get(access_token_cookie_name);
|
|
133
|
+
if (typeof access_token_cookie?.value === "string" &&
|
|
134
|
+
access_token_cookie.value.length > 64 &&
|
|
135
|
+
getStringByteSize(access_token_cookie.value) <= MaximumBrowserCookieSize) {
|
|
136
|
+
let jwt_string = null;
|
|
137
|
+
try {
|
|
138
|
+
const parsed = JSON.parse(access_token_cookie.value);
|
|
139
|
+
if (parsed && typeof parsed.token === "string") {
|
|
140
|
+
jwt_string = parsed.token;
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
catch {
|
|
144
|
+
// Raw JWT string fallback
|
|
145
|
+
jwt_string = access_token_cookie.value;
|
|
146
|
+
}
|
|
147
|
+
if (jwt_string) {
|
|
148
|
+
token_sources.push({
|
|
149
|
+
sourceHint: `Access Token from cookie '${access_token_cookie_name}'`,
|
|
150
|
+
type: "access",
|
|
151
|
+
token: jwt_string,
|
|
152
|
+
});
|
|
153
|
+
}
|
|
78
154
|
}
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
if (
|
|
83
|
-
|
|
155
|
+
})();
|
|
156
|
+
// Load access token header for current server
|
|
157
|
+
(function addAccessTokenFromAuthorizationHeaderIfFound() {
|
|
158
|
+
if (req.headers.has("Authorization") ||
|
|
159
|
+
req.headers.has("authorization")) {
|
|
160
|
+
const auth_header = req.headers.get("Authorization") ?? req.headers.get("authorization");
|
|
161
|
+
if (!auth_header || typeof auth_header !== "string") {
|
|
162
|
+
throw new Error("Expected 'Authorization' to be non-empty string if set.");
|
|
163
|
+
}
|
|
164
|
+
if (!auth_header.startsWith("Bearer ")) {
|
|
165
|
+
throw new Error("Expected header 'Authorization' to start with 'Bearer '");
|
|
166
|
+
}
|
|
167
|
+
const access_token_from_header = typeof auth_header === "string" && auth_header.startsWith("Bearer ")
|
|
168
|
+
? auth_header.slice("Bearer ".length)
|
|
169
|
+
: "";
|
|
170
|
+
if (!access_token_from_header) {
|
|
171
|
+
throw new Error(`Header 'Authorization' appears to be empty!`);
|
|
172
|
+
}
|
|
173
|
+
token_sources.push({
|
|
174
|
+
sourceHint: "Access Token from Authorization Bearer header",
|
|
175
|
+
type: "access",
|
|
176
|
+
token: access_token_from_header,
|
|
177
|
+
});
|
|
84
178
|
}
|
|
85
|
-
|
|
86
|
-
sourceHint: "Auth Server Access Token",
|
|
87
|
-
type: "access",
|
|
88
|
-
token: refresh_token_from_header,
|
|
89
|
-
});
|
|
90
|
-
}
|
|
179
|
+
})();
|
|
91
180
|
const route_guard_factory = new RouteGuardFactory({
|
|
92
181
|
environment,
|
|
93
|
-
is_auth_server: api_server_id ===
|
|
182
|
+
is_auth_server: api_server_id === SCHEMAVAULTS_AUTH_APP_ID,
|
|
94
183
|
jwt_keys_manager,
|
|
95
184
|
});
|
|
96
|
-
const route_guard = await route_guard_factory.createGuardFromTokenSources(
|
|
185
|
+
const route_guard = await route_guard_factory.createGuardFromTokenSources(route_guard_type, token_sources, api_server_id);
|
|
97
186
|
if (!route_guard.user) {
|
|
98
187
|
return NextResponse.json({
|
|
99
188
|
success: false,
|
|
@@ -117,13 +206,38 @@ export function withAuthenticatedApiRouteGuard(input, dbh, jwt_keys_manager, get
|
|
|
117
206
|
}, { status: 403 });
|
|
118
207
|
}
|
|
119
208
|
const user_organizations = route_guard.user_organizations;
|
|
120
|
-
|
|
209
|
+
const base_api_route_inputs = {
|
|
121
210
|
req,
|
|
122
211
|
user,
|
|
123
|
-
dbh,
|
|
124
212
|
environment,
|
|
125
213
|
user_organizations,
|
|
126
|
-
}
|
|
214
|
+
};
|
|
215
|
+
const api_route_inputs = {
|
|
216
|
+
...base_api_route_inputs,
|
|
217
|
+
...additional_custom_api_route_inputs,
|
|
218
|
+
};
|
|
219
|
+
if (typeof custom_is_authorized_check === "function") {
|
|
220
|
+
let is_authorized = false;
|
|
221
|
+
try {
|
|
222
|
+
is_authorized = await custom_is_authorized_check(api_route_inputs);
|
|
223
|
+
}
|
|
224
|
+
catch (e) {
|
|
225
|
+
console.error("Error in 'custom_is_authorized_check' handler: ", e);
|
|
226
|
+
return NextResponse.json({
|
|
227
|
+
success: false,
|
|
228
|
+
error: true,
|
|
229
|
+
message: "Error while checking if access is allowed",
|
|
230
|
+
}, { status: 500 });
|
|
231
|
+
}
|
|
232
|
+
if (!is_authorized) {
|
|
233
|
+
return NextResponse.json({
|
|
234
|
+
success: false,
|
|
235
|
+
error: true,
|
|
236
|
+
message: "Access is not allowed",
|
|
237
|
+
}, { status: 403 });
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
return (await AuthenticatedApiRoute(api_route_inputs));
|
|
127
241
|
};
|
|
128
242
|
}
|
|
129
243
|
//# sourceMappingURL=withAuthenticatedRouteGuard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"withAuthenticatedRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAuthenticatedRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAErB,OAAO,EAEL,
|
|
1
|
+
{"version":3,"file":"withAuthenticatedRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAuthenticatedRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAErB,OAAO,EAEL,wBAAwB,EAExB,iBAAiB,EACjB,8BAA8B,GAC/B,MAAM,+BAA+B,CAAC;AAOvC,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,cAAc,CAAC;AAEtD,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,iBAAiB,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAoB,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,iBAAiB,MAAM,qBAAqB,CAAC;AACpD,OAAO,wBAAwB,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,0BAA0B,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAuB,MAAM,iBAAiB,CAAC;AAC3E,OAAO,eAAe,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,yBAAyB,MAAM,6BAA6B,CAAC;AA2BpE,iIAAiI;AACjI,MAAM,UAAU,kDAAkD,CAChE,QAAiB,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa;IAEvD,OAAO,IAAI,mBAAmB,CAAC;QAC7B,eAAe,EAAE,8BAA8B,CAC7C,wBAAwB,EACxB,iBAAiB,EAAE,CACpB;QACD,KAAK;KACN,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0CAA0C,CAG9D,gBAAoF,EACpF,wCAAgE,EAChE,mBAA8C,eAAe,EAC7D,6BAKgB,SAAS,EACzB,mBAAmC,kDAAkD,EAAE,EACvF,iBAAoC,0BAA0B;IAE9D,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;IAE5C,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;IACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;IACpD,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,aAAa,GAAkC,EAAE,CAAC;IAExD,qCAAqC;IACrC,IAAI,aAAa,KAAK,wBAAwB,EAAE,CAAC;QAC/C,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CACtC,sBAAsB,CAAC,wBAAwB,CAAC,CACjD,CAAC;QACF,IAAI,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;YACpD,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,2BAA2B;gBACvC,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,oBAAoB,CAAC,KAAK;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,MAAM,wBAAwB,GAAW,qBAAqB,CAAC,aAAa,CAAC,CAAC;IAC9E,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAClE,IACE,OAAO,mBAAmB,EAAE,KAAK,KAAK,QAAQ;QAC9C,mBAAmB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,EACrC,CAAC;QACD,IAAI,UAAU,GAAkB,IAAI,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACrD,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC/C,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;YAC1B,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;QACzC,CAAC;QACD,IAAI,UAAU,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,6BAA6B,wBAAwB,GAAG;gBACpE,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,UAAU;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;QAChD,WAAW;QACX,cAAc,EAAE,aAAa,KAAK,wBAAwB;QAC1D,gBAAgB;KACjB,CAAC,CAAC;IACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,gBAAgB,EAChB,aAAa,EACb,aAAa,CACd,CAAC;IAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACtB,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;IAExC,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,EAAE,CAAC;QACnC,2BAA2B,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,OAAO,gBAAgB,KAAK,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,SAAS,CACjB,mGAAmG,CACpG,CAAC;IACJ,CAAC;IACD,MAAM,yCAAyC,GAAG,gBAAgB,CAAC;IAEnE,MAAM,2BAA2B,GAC/B;QACE,IAAI;QACJ,WAAW;QACX,kBAAkB,EAAE,WAAW,CAAC,kBAAkB;KACnD,CAAC;IAEJ,MAAM,sBAAsB,GACD;QACzB,GAAG,2BAA2B;QAC9B,GAAG,wCAAwC;KAC5C,CAAC;IAEF,IAAI,OAAO,0BAA0B,KAAK,UAAU,EAAE,CAAC;QACrD,IAAI,aAAa,GAAY,KAAK,CAAC;QACnC,IAAI,CAAC;YACH,aAAa,GAAG,MAAM,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;YACpE,2BAA2B,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,2BAA2B,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,OAAO,CAAC,MAAM,yCAAyC,CACrD,sBAAsB,CACvB,CAAwB,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,8BAA8B,CAG5C,iBAAgF,EAChF,kCAAgE,EAChE,mBAA8C,eAAe,EAC7D,6BAKgB,SAAS,EACzB,mBAAmC,kDAAkD,EAAE,EACvF,iBAAoC,0BAA0B;IAE9D,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;IAE5C,MAAM,qBAAqB,GACzB,iBAAiB,CAAC;IACpB,OAAO,KAAK,UAAU,8BAA8B,CAClD,GAAgB;QAEhB,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;QACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;QAEpD,MAAM,aAAa,GAAkC,EAAE,CAAC;QAExD,4CAA4C;QAC5C,IAAI,aAAa,KAAK,wBAAwB,EAAE,CAAC;YAC/C,MAAM,oBAAoB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAC1C,sBAAsB,CAAC,wBAAwB,CAAC,CACjD,CAAC;YACF,IACE,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ;gBAC/C,oBAAoB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBACtC,iBAAiB,CAAC,oBAAoB,CAAC,KAAK,CAAC;oBAC3C,wBAAwB,EAC1B,CAAC;gBACD,aAAa,CAAC,IAAI,CAAC;oBACjB,UAAU,EAAE,2BAA2B;oBACvC,IAAI,EAAE,SAAS;oBACf,KAAK,EAAE,oBAAoB,CAAC,KAAsB;iBACnD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,CAAC,SAAS,wCAAwC;YAChD,MAAM,wBAAwB,GAC5B,qBAAqB,CAAC,aAAa,CAAC,CAAC;YACvC,MAAM,mBAAmB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;YACtE,IACE,OAAO,mBAAmB,EAAE,KAAK,KAAK,QAAQ;gBAC9C,mBAAmB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBACrC,iBAAiB,CAAC,mBAAmB,CAAC,KAAK,CAAC,IAAI,wBAAwB,EACxE,CAAC;gBACD,IAAI,UAAU,GAAkB,IAAI,CAAC;gBACrC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;oBACrD,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBAC/C,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,0BAA0B;oBAC1B,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;gBACzC,CAAC;gBACD,IAAI,UAAU,EAAE,CAAC;oBACf,aAAa,CAAC,IAAI,CAAC;wBACjB,UAAU,EAAE,6BAA6B,wBAAwB,GAAG;wBACpE,IAAI,EAAE,QAAQ;wBACd,KAAK,EAAE,UAAU;qBAClB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,8CAA8C;QAC9C,CAAC,SAAS,4CAA4C;YACpD,IACE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;gBAChC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAChC,CAAC;gBACD,MAAM,WAAW,GACf,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;gBACvE,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;oBACpD,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;gBACJ,CAAC;gBACD,MAAM,wBAAwB,GAC5B,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC;oBAClE,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC;oBACrC,CAAC,CAAC,EAAE,CAAC;gBACT,IAAI,CAAC,wBAAwB,EAAE,CAAC;oBAC9B,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;gBACjE,CAAC;gBACD,aAAa,CAAC,IAAI,CAAC;oBACjB,UAAU,EAAE,+CAA+C;oBAC3D,IAAI,EAAE,QAAQ;oBACd,KAAK,EAAE,wBAAyC;iBACjD,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;YAChD,WAAW;YACX,cAAc,EAAE,aAAa,KAAK,wBAAwB;YAC1D,gBAAgB;SACjB,CAAC,CAAC;QACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,gBAAgB,EAChB,aAAa,EACb,aAAa,CACd,CAAC;QAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACtB,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,qCAAqC;aAC/C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;QAExC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACnD,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EACL,qEAAqE;aACxE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACxD,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,uBAAuB;aACjC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,MAAM,kBAAkB,GACtB,WAAW,CAAC,kBAAkB,CAAC;QAEjC,MAAM,qBAAqB,GAA8C;YACvE,GAAG;YACH,IAAI;YACJ,WAAW;YACX,kBAAkB;SACnB,CAAC;QAEF,MAAM,gBAAgB,GACW;YAC/B,GAAG,qBAAqB;YACxB,GAAG,kCAAkC;SACtC,CAAC;QAEF,IAAI,OAAO,0BAA0B,KAAK,UAAU,EAAE,CAAC;YACrD,IAAI,aAAa,GAAY,KAAK,CAAC;YACnC,IAAI,CAAC;gBACH,aAAa,GAAG,MAAM,0BAA0B,CAAC,gBAAgB,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;gBACpE,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,IAAI;oBACX,OAAO,EAAE,2CAA2C;iBACrD,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,IAAI;oBACX,OAAO,EAAE,uBAAuB;iBACjC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,CAAC,MAAM,qBAAqB,CACjC,gBAAgB,CACjB,CAAwB,CAAC;IAC5B,CAAC,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@schemavaults/auth-server-sdk",
|
|
3
3
|
"description": "TypeScript SDK for building authenticated endpoints/middlewares for the Auth Server and Resource Servers",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.19.3",
|
|
5
5
|
"license": "UNLICENSED",
|
|
6
6
|
"private": false,
|
|
7
7
|
"repository": {
|
|
@@ -15,9 +15,9 @@
|
|
|
15
15
|
"types": "dist/index.d.ts",
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"zod": "3.23.8",
|
|
18
|
-
"@schemavaults/jwt": "0.6.
|
|
19
|
-
"@schemavaults/auth-common": "0.8.
|
|
20
|
-
"@schemavaults/app-definitions": "0.6.
|
|
18
|
+
"@schemavaults/jwt": "0.6.27",
|
|
19
|
+
"@schemavaults/auth-common": "0.8.6",
|
|
20
|
+
"@schemavaults/app-definitions": "0.6.14"
|
|
21
21
|
},
|
|
22
22
|
"scripts": {
|
|
23
23
|
"build": "tsc --project tsconfig.json && tsc-alias --project tsconfig.json && bun run copy-codegen-templates",
|
|
@@ -30,7 +30,6 @@
|
|
|
30
30
|
"typecheck": "tsc --project tsconfig.json --noEmit"
|
|
31
31
|
},
|
|
32
32
|
"devDependencies": {
|
|
33
|
-
"@schemavaults/dbh": "0.7.5",
|
|
34
33
|
"typescript": "5.9.3",
|
|
35
34
|
"bun-types": "1.3.6",
|
|
36
35
|
"@types/react": "19.0.0",
|
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
import { importPKCS8, PEMFormat, sign_verify_alg } from "@schemavaults/jwt";
|
|
2
|
-
export default async function loadJwksAccessPrivateKey(env = process.env) {
|
|
3
|
-
if (typeof env === "object" &&
|
|
4
|
-
"SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY" in env &&
|
|
5
|
-
typeof env["SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY"] === "string" &&
|
|
6
|
-
env["SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY"].length > 0) {
|
|
7
|
-
const environmentVariable = env["SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY"];
|
|
8
|
-
let pem;
|
|
9
|
-
if (PEMFormat.isPemFormat(environmentVariable, "PRIVATE")) {
|
|
10
|
-
try {
|
|
11
|
-
pem = PEMFormat.parsePem(environmentVariable, "PRIVATE");
|
|
12
|
-
}
|
|
13
|
-
catch (e) {
|
|
14
|
-
console.error(e);
|
|
15
|
-
throw new TypeError("Failed to import environment variable 'SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY' from PEM-encoded environment variable!");
|
|
16
|
-
}
|
|
17
|
-
}
|
|
18
|
-
else {
|
|
19
|
-
try {
|
|
20
|
-
pem = PEMFormat.fromBase64Url(environmentVariable, "PRIVATE");
|
|
21
|
-
}
|
|
22
|
-
catch (e) {
|
|
23
|
-
console.error(e);
|
|
24
|
-
throw new TypeError("Failed to import environment variable 'SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY' from base64url-encoded environment variable!");
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
return await importPKCS8(pem.value, sign_verify_alg);
|
|
28
|
-
}
|
|
29
|
-
else {
|
|
30
|
-
throw new TypeError("Environment variable 'SCHEMAVAULTS_AUTH_JWKS_ACCESS_PRIVATE_KEY' missing!");
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
|
-
//# sourceMappingURL=loadJwksAccessPrivateKey.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"loadJwksAccessPrivateKey.js","sourceRoot":"","sources":["../../src/env/loadJwksAccessPrivateKey.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAE5E,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,wBAAwB,CACpD,MAAc,OAAO,CAAC,GAAG;IAEzB,IACE,OAAO,GAAG,KAAK,QAAQ;QACvB,2CAA2C,IAAI,GAAG;QAClD,OAAO,GAAG,CAAC,2CAA2C,CAAC,KAAK,QAAQ;QACpE,GAAG,CAAC,2CAA2C,CAAC,CAAC,MAAM,GAAG,CAAC,EAC3D,CAAC;QACD,MAAM,mBAAmB,GACvB,GAAG,CAAC,2CAA2C,CAAC,CAAC;QAEnD,IAAI,GAAc,CAAC;QACnB,IAAI,SAAS,CAAC,WAAW,CAAC,mBAAmB,EAAE,SAAS,CAAC,EAAE,CAAC;YAC1D,IAAI,CAAC;gBACH,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;YAC3D,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,SAAS,CACjB,0HAA0H,CAC3H,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC;gBACH,GAAG,GAAG,SAAS,CAAC,aAAa,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;YAChE,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,SAAS,CACjB,gIAAgI,CACjI,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,SAAS,CACjB,2EAA2E,CAC5E,CAAC;IACJ,CAAC;AACH,CAAC"}
|
|
File without changes
|