@schemavaults/auth-server-sdk 0.20.0 → 0.20.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/decode-jwts-with-key-manager.d.ts +12 -0
- package/dist/decode-jwts-with-key-manager.js +109 -0
- package/dist/decode-jwts-with-key-manager.js.map +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/route_guards/base-route-guard.js +1 -0
- package/dist/route_guards/base-route-guard.js.map +1 -1
- package/dist/route_guards/route-guard-factory.d.ts +1 -1
- package/dist/route_guards/route-guard-factory.js +9 -96
- package/dist/route_guards/route-guard-factory.js.map +1 -1
- package/dist/route_guards/withAuthenticatedRouteGuard.d.ts +1 -1
- package/dist/route_guards/withAuthenticatedRouteGuard.js +13 -6
- package/dist/route_guards/withAuthenticatedRouteGuard.js.map +1 -1
- package/package.json +2 -2
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { type OrganizationID, type UserData, type PotentiallyValidTokenSource } from "@schemavaults/auth-common";
|
|
2
|
+
import { type IJwtKeyManager } from "./JwtKeyManager";
|
|
3
|
+
import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
4
|
+
export type IDecodeJWTsWithKeyManagerOutput = {
|
|
5
|
+
user: UserData;
|
|
6
|
+
user_organizations: readonly OrganizationID[];
|
|
7
|
+
} | {
|
|
8
|
+
user: null;
|
|
9
|
+
user_organizations: null;
|
|
10
|
+
};
|
|
11
|
+
export declare function decodeJWTsWithKeyManager(keys_manager: IJwtKeyManager, token_sources: readonly PotentiallyValidTokenSource[], jwt_audience?: string, environment?: SchemaVaultsAppEnvironment, debug?: boolean): Promise<IDecodeJWTsWithKeyManagerOutput>;
|
|
12
|
+
export default decodeJWTsWithKeyManager;
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
import { getAppEnvironment } from "./get-app-environment";
|
|
2
|
+
import { decodeJWTs, organizationIdSchema, } from "@schemavaults/auth-common";
|
|
3
|
+
import { JwtDecodingKeysetNotFoundError, loadJwtDecodingKeys, } from "./JwtKeyManager";
|
|
4
|
+
import { apiServerIdSchema, } from "@schemavaults/app-definitions";
|
|
5
|
+
import getSchemavaultsApiServerId from "./get-schemavaults-api-server-id";
|
|
6
|
+
import { decodeJWT as decodeSchemavaultsJwt, getKeysetIdFromToken, } from "@schemavaults/jwt";
|
|
7
|
+
import isValidUuid from "./is-valid-uuid";
|
|
8
|
+
export async function decodeJWTsWithKeyManager(keys_manager, token_sources, jwt_audience = getSchemavaultsApiServerId(), environment = getAppEnvironment(), debug = false) {
|
|
9
|
+
if (debug) {
|
|
10
|
+
console.log(`[decodeJWTsWithKeyManager] Attempting to decode JWTs from token sources: `, token_sources);
|
|
11
|
+
}
|
|
12
|
+
if (!apiServerIdSchema.safeParse(jwt_audience).success) {
|
|
13
|
+
throw new TypeError(`Invalid API server ID for 'jwt_audience': ${jwt_audience}`);
|
|
14
|
+
}
|
|
15
|
+
if (!keys_manager) {
|
|
16
|
+
throw new TypeError("Failed to resolve reference to JWT keys manager to load keys to perform decode!");
|
|
17
|
+
}
|
|
18
|
+
let user = null;
|
|
19
|
+
let user_organizations = null;
|
|
20
|
+
try {
|
|
21
|
+
user = await decodeJWTs({
|
|
22
|
+
token_sources,
|
|
23
|
+
jwt_audience,
|
|
24
|
+
decodeJWT: async (opts) => {
|
|
25
|
+
if (debug) {
|
|
26
|
+
let debugMessage = `[decodeJWTsWithKeyManager] Attempting to decode ${opts.type} JWT for audience: '${opts.jwt_audience}'`;
|
|
27
|
+
if (opts.sourceHint) {
|
|
28
|
+
debugMessage += ` (Source: '${opts.sourceHint}')`;
|
|
29
|
+
}
|
|
30
|
+
console.log(debugMessage);
|
|
31
|
+
}
|
|
32
|
+
let keyset_id;
|
|
33
|
+
try {
|
|
34
|
+
keyset_id = getKeysetIdFromToken(opts.token);
|
|
35
|
+
}
|
|
36
|
+
catch (e) {
|
|
37
|
+
console.error("Failed to load 'keyset_id' from auth token: ", e);
|
|
38
|
+
throw new Error("Failed to load 'keyset_id' from auth token!");
|
|
39
|
+
}
|
|
40
|
+
if (!keyset_id || !isValidUuid(keyset_id)) {
|
|
41
|
+
throw new TypeError("Expected 'keyset_id' from token to be a valid UUID!");
|
|
42
|
+
}
|
|
43
|
+
let decodingKeys;
|
|
44
|
+
try {
|
|
45
|
+
decodingKeys = await loadJwtDecodingKeys({
|
|
46
|
+
keyset_id,
|
|
47
|
+
keys_manager,
|
|
48
|
+
audience_id: jwt_audience,
|
|
49
|
+
debug,
|
|
50
|
+
});
|
|
51
|
+
if (decodingKeys.keyset_id !== keyset_id) {
|
|
52
|
+
throw new Error("Mismatch between the keyset ID of result and what was requested!");
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
catch (e) {
|
|
56
|
+
console.warn(`[createGuardFromTokenSources] Failed to load keys associated with token-associated keyset '${keyset_id}': `, e);
|
|
57
|
+
if (e instanceof JwtDecodingKeysetNotFoundError) {
|
|
58
|
+
throw e;
|
|
59
|
+
}
|
|
60
|
+
throw new Error("Failed to load keys associated with token-associated keyset!");
|
|
61
|
+
}
|
|
62
|
+
const { decryption_key, verification_key } = decodingKeys;
|
|
63
|
+
try {
|
|
64
|
+
return (await decodeSchemavaultsJwt({
|
|
65
|
+
jwt: opts.token,
|
|
66
|
+
type: opts.type,
|
|
67
|
+
audience: opts.jwt_audience,
|
|
68
|
+
decryption_key,
|
|
69
|
+
verification_key,
|
|
70
|
+
keyset_id,
|
|
71
|
+
env: environment,
|
|
72
|
+
}));
|
|
73
|
+
}
|
|
74
|
+
catch (e) {
|
|
75
|
+
console.error("Failed to decode JSON web token: ", e);
|
|
76
|
+
throw new Error("Failed to decode JSON web token!");
|
|
77
|
+
}
|
|
78
|
+
},
|
|
79
|
+
}, debug);
|
|
80
|
+
if (!("orgs" in user) || !Array.isArray(user.orgs)) {
|
|
81
|
+
throw new Error("No 'orgs' field in decoded user object!");
|
|
82
|
+
}
|
|
83
|
+
if (user.orgs.every((org_id) => typeof org_id === "string" &&
|
|
84
|
+
organizationIdSchema.safeParse(org_id).success)) {
|
|
85
|
+
user_organizations = user.orgs;
|
|
86
|
+
}
|
|
87
|
+
if (!Array.isArray(user_organizations)) {
|
|
88
|
+
throw new TypeError("Failed to load user organizations associated with user from token!");
|
|
89
|
+
}
|
|
90
|
+
return {
|
|
91
|
+
user: user,
|
|
92
|
+
user_organizations: user_organizations,
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
catch (e) {
|
|
96
|
+
if (e instanceof JwtDecodingKeysetNotFoundError) {
|
|
97
|
+
console.warn(`[createdGuardFromTokenSources] Failed to load keyset '${e.keyset_id}' associated with provided token: `, e);
|
|
98
|
+
}
|
|
99
|
+
else {
|
|
100
|
+
console.warn("No-op error creating route-guard... Failed to decode JWTs, setting user = null", e);
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
return {
|
|
104
|
+
user: null,
|
|
105
|
+
user_organizations: null,
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
export default decodeJWTsWithKeyManager;
|
|
109
|
+
//# sourceMappingURL=decode-jwts-with-key-manager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"decode-jwts-with-key-manager.js","sourceRoot":"","sources":["../src/decode-jwts-with-key-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EACL,UAAU,EAKV,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAEL,8BAA8B,EAC9B,mBAAmB,GAEpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,iBAAiB,GAElB,MAAM,+BAA+B,CAAC;AACvC,OAAO,0BAA0B,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAEL,SAAS,IAAI,qBAAqB,EAClC,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,WAAW,MAAM,iBAAiB,CAAC;AAc1C,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,YAA4B,EAC5B,aAAqD,EACrD,eAAuB,0BAA0B,EAAE,EACnD,cAA0C,iBAAiB,EAAE,EAC7D,QAAiB,KAAK;IAEtB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,2EAA2E,EAC3E,aAAa,CACd,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,YAA6B,CAAC,CAAC,OAAO,EAAE,CAAC;QACxE,MAAM,IAAI,SAAS,CACjB,6CAA6C,YAAY,EAAE,CAC5D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,SAAS,CACjB,iFAAiF,CAClF,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,GAAoB,IAAI,CAAC;IACjC,IAAI,kBAAkB,GAAqC,IAAI,CAAC;IAChE,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,UAAU,CACrB;YACE,aAAa;YACb,YAAY;YACZ,SAAS,EAAE,KAAK,EAAE,IAAI,EAAgC,EAAE;gBACtD,IAAI,KAAK,EAAE,CAAC;oBACV,IAAI,YAAY,GAAW,mDAAmD,IAAI,CAAC,IAAI,uBAAuB,IAAI,CAAC,YAAY,GAAG,CAAC;oBACnI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;wBACpB,YAAY,IAAI,cAAc,IAAI,CAAC,UAAU,IAAI,CAAC;oBACpD,CAAC;oBACD,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAC5B,CAAC;gBAED,IAAI,SAAiB,CAAC;gBACtB,IAAI,CAAC;oBACH,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,KAAsB,CAAC,CAAC;gBAChE,CAAC;gBAAC,OAAO,CAAU,EAAE,CAAC;oBACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;oBACjE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;gBACjE,CAAC;gBAED,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC1C,MAAM,IAAI,SAAS,CACjB,qDAAqD,CACtD,CAAC;gBACJ,CAAC;gBAED,IAAI,YAAkC,CAAC;gBACvC,IAAI,CAAC;oBACH,YAAY,GAAG,MAAM,mBAAmB,CAAC;wBACvC,SAAS;wBACT,YAAY;wBACZ,WAAW,EAAE,YAAY;wBACzB,KAAK;qBACN,CAAC,CAAC;oBACH,IAAI,YAAY,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;wBACzC,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,OAAO,CAAU,EAAE,CAAC;oBACpB,OAAO,CAAC,IAAI,CACV,8FAA8F,SAAS,KAAK,EAC5G,CAAC,CACF,CAAC;oBACF,IAAI,CAAC,YAAY,8BAA8B,EAAE,CAAC;wBAChD,MAAM,CAAC,CAAC;oBACV,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;gBACJ,CAAC;gBACD,MAAM,EAAE,cAAc,EAAE,gBAAgB,EAAE,GAAG,YAAY,CAAC;gBAE1D,IAAI,CAAC;oBACH,OAAO,CAAC,MAAM,qBAAqB,CAAC;wBAClC,GAAG,EAAE,IAAI,CAAC,KAAK;wBACf,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,QAAQ,EAAE,IAAI,CAAC,YAAY;wBAC3B,cAAc;wBACd,gBAAgB;wBAChB,SAAS;wBACT,GAAG,EAAE,WAAW;qBACjB,CAAC,CAA4B,CAAC;gBACjC,CAAC;gBAAC,OAAO,CAAU,EAAE,CAAC;oBACpB,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,CAAC,CAAC,CAAC;oBACtD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;SACF,EACD,KAAK,CACN,CAAC;QACF,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,IACE,IAAI,CAAC,IAAI,CAAC,KAAK,CACb,CAAC,MAAM,EAAE,EAAE,CACT,OAAO,MAAM,KAAK,QAAQ;YAC1B,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CACjD,EACD,CAAC;YACD,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC;QACjC,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CACjB,oEAAoE,CACrE,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,IAAuB;YAC7B,kBAAkB,EAChB,kBAAsD;SACzD,CAAC;IACJ,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,IAAI,CAAC,YAAY,8BAA8B,EAAE,CAAC;YAChD,OAAO,CAAC,IAAI,CACV,yDAAyD,CAAC,CAAC,SAAS,oCAAoC,EACxG,CAAC,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CACV,gFAAgF,EAChF,CAAC,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,IAAI;QACV,kBAAkB,EAAE,IAAI;KACzB,CAAC;AACJ,CAAC;AAED,eAAe,wBAAwB,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -22,3 +22,5 @@ export { redirectToLogin } from "./redirect-to-login";
|
|
|
22
22
|
export type * from "./redirect-with-error";
|
|
23
23
|
export { getAppEnvironment } from "./get-app-environment";
|
|
24
24
|
export type { SchemaVaultsAppEnvironment } from "./get-app-environment";
|
|
25
|
+
export { decodeJWTsWithKeyManager } from "./decode-jwts-with-key-manager";
|
|
26
|
+
export type { IDecodeJWTsWithKeyManagerOutput } from "./decode-jwts-with-key-manager";
|
package/dist/index.js
CHANGED
|
@@ -12,4 +12,5 @@ export { RefreshTokenCookieName, RefreshTokenExpiryCookieName, } from "./Refresh
|
|
|
12
12
|
export { default as getStringByteSize } from "./getStringByteSize";
|
|
13
13
|
export { redirectToLogin } from "./redirect-to-login";
|
|
14
14
|
export { getAppEnvironment } from "./get-app-environment";
|
|
15
|
+
export { decodeJWTsWithKeyManager } from "./decode-jwts-with-key-manager";
|
|
15
16
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAG7B,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,yBAAyB,CAAC;AAGxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,OAAO,EACL,qBAAqB,EACrB,cAAc,GACf,MAAM,qCAAqC,CAAC;AAG7C,OAAO,wBAAwB,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,CAAC;AAEpC,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAG9E,OAAO,EAAE,kCAAkC,EAAE,MAAM,0CAA0C,CAAC;AAG9F,OAAO,EACL,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAEnE,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAGtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAG7B,cAAc,gBAAgB,CAAC;AAG/B,cAAc,iBAAiB,CAAC;AAGhC,cAAc,yBAAyB,CAAC;AAGxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,OAAO,EACL,qBAAqB,EACrB,cAAc,GACf,MAAM,qCAAqC,CAAC;AAG7C,OAAO,wBAAwB,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,CAAC;AAEpC,OAAO,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AAG9E,OAAO,EAAE,kCAAkC,EAAE,MAAM,0CAA0C,CAAC;AAG9F,OAAO,EACL,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAEnE,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAGtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-route-guard.js","sourceRoot":"","sources":["../../src/route_guards/base-route-guard.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"base-route-guard.js","sourceRoot":"","sources":["../../src/route_guards/base-route-guard.ts"],"names":[],"mappings":"AAAA,sBAAsB;AAQtB,MAAM,OAAgB,cAAc;IACf,KAAK,CAAkB;IACvB,KAAK,CAA4B;IACnC,WAAW,CAA6B;IAEzD,YAAmB,EACjB,IAAI,EACJ,kBAAkB,EAClB,WAAW,GACgB;QAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,KAAK,GAAG,kBAAkB,IAAI,EAAE,CAAC;QACtC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,IAAc,eAAe;QAC3B,MAAM,SAAS,GAAY,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;QACxC,IAAI,IAAI,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;YACtC,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAc,OAAO;QACnB,OAAO,CACL,IAAI,CAAC,eAAe;YACpB,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,KAAK,SAAS;YACtC,IAAI,CAAC,KAAK,CAAC,KAAK,CACjB,CAAC;IACJ,CAAC;IAID,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAW,kBAAkB;QAC3B,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;CACF"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { IRouteGuard } from "./IRouteGuard";
|
|
2
2
|
import type { InitRouteGuardCheckOptions } from "./init_route_guard_check_options";
|
|
3
|
-
import {
|
|
3
|
+
import type { PotentiallyValidTokenSource } from "@schemavaults/auth-common";
|
|
4
4
|
import { type ApiServerId, type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
5
5
|
import { type IJwtKeyManager } from "../JwtKeyManager";
|
|
6
6
|
export interface RouteGuardFactoryInitOptions {
|
|
@@ -1,12 +1,11 @@
|
|
|
1
|
+
// route-guard-factory.ts
|
|
1
2
|
import AdminRequiredRouteGuard from "./admin";
|
|
2
3
|
import AuthenticationRequiredRouteGuard from "./authenticated";
|
|
3
4
|
import { z } from "zod";
|
|
4
|
-
import {
|
|
5
|
-
import {
|
|
6
|
-
import
|
|
7
|
-
import
|
|
8
|
-
import { RemoteJwtKeyManager, JwtDecodingKeysetNotFoundError, } from "../JwtKeyManager";
|
|
9
|
-
import isValidUuid from "../is-valid-uuid";
|
|
5
|
+
import { apiServerIdSchema, getAppEnvironment, } from "@schemavaults/app-definitions";
|
|
6
|
+
import { RemoteJwtKeyManager } from "../JwtKeyManager";
|
|
7
|
+
import getSchemaVaultsAuthServerUri from "../get-schemavaults-auth-server-uri";
|
|
8
|
+
import decodeJWTsWithKeyManager from "../decode-jwts-with-key-manager";
|
|
10
9
|
const GUARD_TYPES = [
|
|
11
10
|
"authenticated",
|
|
12
11
|
"admin",
|
|
@@ -38,9 +37,8 @@ export class RouteGuardFactory {
|
|
|
38
37
|
if (this.is_auth_server) {
|
|
39
38
|
throw new TypeError("An argument for 'jwt_keys_manager' is required when 'is_auth_server' is true");
|
|
40
39
|
}
|
|
41
|
-
const auth_server_uri = getHardcodedClientWebAppDomain(SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id, environment);
|
|
42
40
|
this.jwt_keys_manager = new RemoteJwtKeyManager({
|
|
43
|
-
auth_server_uri,
|
|
41
|
+
auth_server_uri: getSchemaVaultsAuthServerUri(),
|
|
44
42
|
debug: this.debug,
|
|
45
43
|
});
|
|
46
44
|
}
|
|
@@ -62,101 +60,16 @@ export class RouteGuardFactory {
|
|
|
62
60
|
return RouteGuardFactory.createGuardFromOptions(type, opts);
|
|
63
61
|
}
|
|
64
62
|
async createGuardFromTokenSources(type, token_sources, jwt_audience) {
|
|
65
|
-
|
|
66
|
-
const debug = this.debug;
|
|
67
|
-
if (debug) {
|
|
63
|
+
if (this.debug) {
|
|
68
64
|
console.log(`[RouteGuardFactory] Initializing route guard from token sources: `, token_sources);
|
|
69
65
|
}
|
|
70
66
|
if (!apiServerIdSchema.safeParse(jwt_audience).success) {
|
|
71
67
|
throw new TypeError(`Invalid API server ID for 'jwt_audience': ${jwt_audience}`);
|
|
72
68
|
}
|
|
73
|
-
|
|
74
|
-
if (!keys_manager) {
|
|
69
|
+
if (!this.jwt_keys_manager) {
|
|
75
70
|
throw new Error("Failed to resolve reference to JWT keys manager to operate this route guard!");
|
|
76
71
|
}
|
|
77
|
-
|
|
78
|
-
let user_organizations = null;
|
|
79
|
-
try {
|
|
80
|
-
user = await decodeJWTs({
|
|
81
|
-
token_sources,
|
|
82
|
-
jwt_audience,
|
|
83
|
-
decodeJWT: async (opts) => {
|
|
84
|
-
if (debug) {
|
|
85
|
-
let debugMessage = `[RouteGuardFactory] Attempting to decode ${opts.type} JWT for audience: '${opts.jwt_audience}'`;
|
|
86
|
-
if (opts.sourceHint) {
|
|
87
|
-
debugMessage += ` (Source: '${opts.sourceHint}')`;
|
|
88
|
-
}
|
|
89
|
-
console.log(debugMessage);
|
|
90
|
-
}
|
|
91
|
-
let keyset_id;
|
|
92
|
-
try {
|
|
93
|
-
keyset_id = getKeysetIdFromToken(opts.token);
|
|
94
|
-
}
|
|
95
|
-
catch (e) {
|
|
96
|
-
console.error("Failed to load 'keyset_id' from auth token: ", e);
|
|
97
|
-
throw new Error("Failed to load 'keyset_id' from auth token!");
|
|
98
|
-
}
|
|
99
|
-
if (!keyset_id || !isValidUuid(keyset_id)) {
|
|
100
|
-
throw new TypeError("Expected 'keyset_id' from token to be a valid UUID!");
|
|
101
|
-
}
|
|
102
|
-
let decodingKeys;
|
|
103
|
-
try {
|
|
104
|
-
decodingKeys = await loadJwtDecodingKeys({
|
|
105
|
-
keyset_id,
|
|
106
|
-
keys_manager,
|
|
107
|
-
audience_id: jwt_audience,
|
|
108
|
-
debug,
|
|
109
|
-
});
|
|
110
|
-
if (decodingKeys.keyset_id !== keyset_id) {
|
|
111
|
-
throw new Error("Mismatch between the keyset ID of result and what was requested!");
|
|
112
|
-
}
|
|
113
|
-
}
|
|
114
|
-
catch (e) {
|
|
115
|
-
console.warn(`[createGuardFromTokenSources] Failed to load keys associated with token-associated keyset '${keyset_id}': `, e);
|
|
116
|
-
if (e instanceof JwtDecodingKeysetNotFoundError) {
|
|
117
|
-
throw e;
|
|
118
|
-
}
|
|
119
|
-
throw new Error("Failed to load keys associated with token-associated keyset!");
|
|
120
|
-
}
|
|
121
|
-
const { decryption_key, verification_key } = decodingKeys;
|
|
122
|
-
try {
|
|
123
|
-
return (await decodeSchemavaultsJwt({
|
|
124
|
-
jwt: opts.token,
|
|
125
|
-
type: opts.type,
|
|
126
|
-
audience: opts.jwt_audience,
|
|
127
|
-
decryption_key,
|
|
128
|
-
verification_key,
|
|
129
|
-
keyset_id,
|
|
130
|
-
env: environment,
|
|
131
|
-
}));
|
|
132
|
-
}
|
|
133
|
-
catch (e) {
|
|
134
|
-
console.error("Failed to decode JSON web token: ", e);
|
|
135
|
-
throw new Error("Failed to decode JSON web token!");
|
|
136
|
-
}
|
|
137
|
-
},
|
|
138
|
-
}, debug);
|
|
139
|
-
if (!("orgs" in user) || !Array.isArray(user.orgs)) {
|
|
140
|
-
throw new Error("No 'orgs' field in decoded user object!");
|
|
141
|
-
}
|
|
142
|
-
if (user.orgs.every((org_id) => typeof org_id === "string" &&
|
|
143
|
-
organizationIdSchema.safeParse(org_id).success)) {
|
|
144
|
-
user_organizations = user.orgs;
|
|
145
|
-
}
|
|
146
|
-
if (!Array.isArray(user_organizations)) {
|
|
147
|
-
throw new TypeError("Failed to load user organizations associated with user from token!");
|
|
148
|
-
}
|
|
149
|
-
}
|
|
150
|
-
catch (e) {
|
|
151
|
-
if (e instanceof JwtDecodingKeysetNotFoundError) {
|
|
152
|
-
console.warn(`[createdGuardFromTokenSources] Failed to load keyset '${e.keyset_id}' associated with provided token: `, e);
|
|
153
|
-
}
|
|
154
|
-
else {
|
|
155
|
-
console.warn("No-op error creating route-guard... Failed to decode JWTs, setting user = null", e);
|
|
156
|
-
}
|
|
157
|
-
user = null;
|
|
158
|
-
user_organizations = null;
|
|
159
|
-
}
|
|
72
|
+
const { user, user_organizations } = await decodeJWTsWithKeyManager(this.jwt_keys_manager, token_sources, jwt_audience, this.environment, this.debug);
|
|
160
73
|
const init_opts = {
|
|
161
74
|
user,
|
|
162
75
|
environment: getAppEnvironment(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"route-guard-factory.js","sourceRoot":"","sources":["../../src/route_guards/route-guard-factory.ts"],"names":[],"mappings":"AAAA,OAAO,uBAAuB,MAAM,SAAS,CAAC;AAC9C,OAAO,gCAAgC,MAAM,iBAAiB,CAAC;AAE/D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"route-guard-factory.js","sourceRoot":"","sources":["../../src/route_guards/route-guard-factory.ts"],"names":[],"mappings":"AAAA,yBAAyB;AAEzB,OAAO,uBAAuB,MAAM,SAAS,CAAC;AAC9C,OAAO,gCAAgC,MAAM,iBAAiB,CAAC;AAE/D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAEL,iBAAiB,EACjB,iBAAiB,GAElB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAuB,MAAM,iBAAiB,CAAC;AAC3E,OAAO,4BAA4B,MAAM,oCAAoC,CAAC;AAC9E,OAAO,wBAAwB,MAAM,gCAAgC,CAAC;AAStE,MAAM,WAAW,GAAG;IAClB,eAAe;IACf,OAAO;CAC6B,CAAC;AAGvC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,GAAG,EAAyB,EAAE;IAC5E,OACE,WACD,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,MAAM,MAAM,GAAG;IACb,aAAa,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,gCAAgC,CAAC,IAAI,CAAC;IACnE,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,uBAAuB,CAAC,IAAI,CAAC;CAInD,CAAC;AAEF,MAAM,OAAO,iBAAiB;IACX,gBAAgB,CAAiB;IACjC,WAAW,CAA6B;IACxC,KAAK,CAAU;IACf,cAAc,CAAU;IAEzC,YAAmB,EAAE,WAAW,EAAE,GAAG,IAAI,EAAgC;QACvE,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;QACjC,IACE,OAAO,IAAI,CAAC,cAAc,KAAK,SAAS;YACxC,OAAO,IAAI,CAAC,cAAc,KAAK,WAAW,EAC1C,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,KAAK,CAAC;QAEnD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,MAAM,IAAI,SAAS,CACjB,8EAA8E,CAC/E,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,gBAAgB,GAAG,IAAI,mBAAmB,CAAC;gBAC9C,eAAe,EAAE,4BAA4B,EAAE;gBAC/C,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,qBAAqB,CAAC,IAAa;QAChD,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC3C,OAAO,oBAAoB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC;IACtD,CAAC;IAEM,MAAM,CAAC,sBAAsB,CAClC,IAAoB,EACpB,IAAgC;QAEhC,IAAI,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,+CAA+C,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxE,CAAC;QACJ,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,KAAK,GAAgB,YAAY,CAAC,IAAI,CAAC,CAAC;QAE9C,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,sBAAsB,CAC3B,IAAoB,EACpB,IAAgC;QAEhC,OAAO,iBAAiB,CAAC,sBAAsB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAEM,KAAK,CAAC,2BAA2B,CACtC,IAAoB,EACpB,aAAqD,EACrD,YAAyB;QAEzB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,mEAAmE,EACnE,aAAa,CACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,YAA6B,CAAC,CAAC,OAAO,EAAE,CAAC;YACxE,MAAM,IAAI,SAAS,CACjB,6CAA6C,YAAY,EAAE,CAC5D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,kBAAkB,EAAE,GAAG,MAAM,wBAAwB,CACjE,IAAI,CAAC,gBAAgB,EACrB,aAAa,EACb,YAAY,EACZ,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,KAAK,CACX,CAAC;QAEF,MAAM,SAAS,GAA+B;YAC5C,IAAI;YACJ,WAAW,EAAE,iBAAiB,EAAE;YAChC,kBAAkB,EAAE,kBAAkB,IAAI,EAAE;SAC7C,CAAC;QAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8DAA8D,EAC9D,SAAS,CACV,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,SAAS,CAAuB,CAAC;IAC5E,CAAC;IAEM,KAAK,CAAC,yBAAyB,CACpC,IAAoB,EACpB,UAAyB,EACzB,YAAoB;QAEpB,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,YAAY,GAAG,SAAkB,CAAC;QACxC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,KAAK,GAAW,UAAU,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAE5D,OAAO,MAAM,IAAI,CAAC,2BAA2B,CAC3C,IAAI,EACJ;YACE;gBACE,UAAU,EAAE,0BAA0B;gBACtC,KAAK;gBACL,IAAI,EAAE,QAAQ;aACf;SACF,EACD,YAAY,CACb,CAAC;IACJ,CAAC;CACF;AAED,eAAe,iBAAiB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import "server-only";
|
|
2
2
|
import { type ApiServerId, type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
|
|
3
|
-
import type
|
|
3
|
+
import { type OrganizationID, type UserData } from "@schemavaults/auth-common";
|
|
4
4
|
import type { ReactElement } from "react";
|
|
5
5
|
import { type NextRequest, NextResponse } from "next/server";
|
|
6
6
|
import { type IJwtKeyManager } from "../JwtKeyManager";
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import "server-only";
|
|
2
|
-
import { SCHEMAVAULTS_AUTH_APP_ID, getAppEnvironment,
|
|
2
|
+
import { SCHEMAVAULTS_AUTH_APP_ID, getAppEnvironment, } from "@schemavaults/app-definitions";
|
|
3
|
+
import { accessTokenDataSchema, } from "@schemavaults/auth-common";
|
|
3
4
|
import { cookies as loadCookies } from "next/headers";
|
|
4
5
|
import { redirectWithNextAppDirError } from "../redirect-with-error";
|
|
5
6
|
import RouteGuardFactory from "./route-guard-factory";
|
|
@@ -13,10 +14,11 @@ import { RemoteJwtKeyManager } from "../JwtKeyManager";
|
|
|
13
14
|
import redirectToLogin from "../redirect-to-login";
|
|
14
15
|
import { redirect } from "next/navigation";
|
|
15
16
|
import assertValidRouteGuardType from "./assertValidRouteGuardType";
|
|
17
|
+
import getSchemaVaultsAuthServerUri from "../get-schemavaults-auth-server-uri";
|
|
16
18
|
// default key manager is RemoteJwtKeyManager-- makes it easier for external apps, we can overwrite this once for the auth server
|
|
17
19
|
export function initDefaultJwtKeyManagerForAuthenticatedRouteGuard(debug = process.env.NODE_ENV === "development") {
|
|
18
20
|
return new RemoteJwtKeyManager({
|
|
19
|
-
auth_server_uri:
|
|
21
|
+
auth_server_uri: getSchemaVaultsAuthServerUri(),
|
|
20
22
|
debug,
|
|
21
23
|
});
|
|
22
24
|
}
|
|
@@ -127,7 +129,8 @@ export function withAuthenticatedApiRouteGuard(api_route_handler, additional_cus
|
|
|
127
129
|
}
|
|
128
130
|
}
|
|
129
131
|
// Load access token cookie for current server
|
|
130
|
-
|
|
132
|
+
// Access token cookie is set with JSON.stringify() of an AccessToken object-- need to parse the .token property
|
|
133
|
+
await (async function addAccessTokenFromCookieToSourcesIfFound() {
|
|
131
134
|
const access_token_cookie_name = AccessTokenCookieName(api_server_id);
|
|
132
135
|
const access_token_cookie = req.cookies.get(access_token_cookie_name);
|
|
133
136
|
if (typeof access_token_cookie?.value === "string" &&
|
|
@@ -135,9 +138,13 @@ export function withAuthenticatedApiRouteGuard(api_route_handler, additional_cus
|
|
|
135
138
|
getStringByteSize(access_token_cookie.value) <= MaximumBrowserCookieSize) {
|
|
136
139
|
let jwt_string = null;
|
|
137
140
|
try {
|
|
138
|
-
const parsed = JSON.parse(access_token_cookie.value);
|
|
139
|
-
if (parsed
|
|
140
|
-
|
|
141
|
+
const parsed = await accessTokenDataSchema.safeParseAsync(JSON.parse(access_token_cookie.value));
|
|
142
|
+
if (!parsed.success) {
|
|
143
|
+
throw parsed.error;
|
|
144
|
+
}
|
|
145
|
+
const parsed_access_token_object = parsed.data;
|
|
146
|
+
if (Date.now() < parsed_access_token_object.exp) {
|
|
147
|
+
jwt_string = parsed_access_token_object.token;
|
|
141
148
|
}
|
|
142
149
|
}
|
|
143
150
|
catch {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"withAuthenticatedRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAuthenticatedRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAErB,OAAO,EAEL,wBAAwB,EAExB,iBAAiB,
|
|
1
|
+
{"version":3,"file":"withAuthenticatedRouteGuard.js","sourceRoot":"","sources":["../../src/route_guards/withAuthenticatedRouteGuard.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAErB,OAAO,EAEL,wBAAwB,EAExB,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAEL,qBAAqB,GAItB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,cAAc,CAAC;AAEtD,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,iBAAiB,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAoB,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,iBAAiB,MAAM,qBAAqB,CAAC;AACpD,OAAO,wBAAwB,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,0BAA0B,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAuB,MAAM,iBAAiB,CAAC;AAC3E,OAAO,eAAe,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,yBAAyB,MAAM,6BAA6B,CAAC;AACpE,OAAO,4BAA4B,MAAM,oCAAoC,CAAC;AA2B9E,iIAAiI;AACjI,MAAM,UAAU,kDAAkD,CAChE,QAAiB,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa;IAEvD,OAAO,IAAI,mBAAmB,CAAC;QAC7B,eAAe,EAAE,4BAA4B,EAAE;QAC/C,KAAK;KACN,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0CAA0C,CAG9D,gBAAoF,EACpF,wCAAgE,EAChE,mBAA8C,eAAe,EAC7D,6BAKgB,SAAS,EACzB,mBAAmC,kDAAkD,EAAE,EACvF,iBAAoC,0BAA0B;IAE9D,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;IAE5C,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;IACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;IACpD,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IAEpC,MAAM,aAAa,GAAkC,EAAE,CAAC;IAExD,qCAAqC;IACrC,IAAI,aAAa,KAAK,wBAAwB,EAAE,CAAC;QAC/C,MAAM,oBAAoB,GAAG,OAAO,CAAC,GAAG,CACtC,sBAAsB,CAAC,wBAAwB,CAAC,CACjD,CAAC;QACF,IAAI,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;YACpD,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,2BAA2B;gBACvC,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,oBAAoB,CAAC,KAAK;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,MAAM,wBAAwB,GAAW,qBAAqB,CAAC,aAAa,CAAC,CAAC;IAC9E,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAClE,IACE,OAAO,mBAAmB,EAAE,KAAK,KAAK,QAAQ;QAC9C,mBAAmB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,EACrC,CAAC;QACD,IAAI,UAAU,GAAkB,IAAI,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACrD,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC/C,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;YAC1B,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;QACzC,CAAC;QACD,IAAI,UAAU,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC;gBACjB,UAAU,EAAE,6BAA6B,wBAAwB,GAAG;gBACpE,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,UAAU;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;QAChD,WAAW;QACX,cAAc,EAAE,aAAa,KAAK,wBAAwB;QAC1D,gBAAgB;KACjB,CAAC,CAAC;IACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,gBAAgB,EAChB,aAAa,EACb,aAAa,CACd,CAAC;IAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACtB,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;IAExC,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,EAAE,CAAC;QACnC,2BAA2B,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,OAAO,gBAAgB,KAAK,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,SAAS,CACjB,mGAAmG,CACpG,CAAC;IACJ,CAAC;IACD,MAAM,yCAAyC,GAAG,gBAAgB,CAAC;IAEnE,MAAM,2BAA2B,GAC/B;QACE,IAAI;QACJ,WAAW;QACX,kBAAkB,EAAE,WAAW,CAAC,kBAAkB;KACnD,CAAC;IAEJ,MAAM,sBAAsB,GACD;QACzB,GAAG,2BAA2B;QAC9B,GAAG,wCAAwC;KAC5C,CAAC;IAEF,IAAI,OAAO,0BAA0B,KAAK,UAAU,EAAE,CAAC;QACrD,IAAI,aAAa,GAAY,KAAK,CAAC;QACnC,IAAI,CAAC;YACH,aAAa,GAAG,MAAM,0BAA0B,CAAC,sBAAsB,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;YACpE,2BAA2B,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,2BAA2B,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,OAAO,CAAC,MAAM,yCAAyC,CACrD,sBAAsB,CACvB,CAAwB,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,8BAA8B,CAG5C,iBAAgF,EAChF,kCAAgE,EAChE,mBAA8C,eAAe,EAC7D,6BAKgB,SAAS,EACzB,mBAAmC,kDAAkD,EAAE,EACvF,iBAAoC,0BAA0B;IAE9D,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;IAE5C,MAAM,qBAAqB,GACzB,iBAAiB,CAAC;IACpB,OAAO,KAAK,UAAU,8BAA8B,CAClD,GAAgB;QAEhB,MAAM,WAAW,GAA+B,iBAAiB,EAAE,CAAC;QACpE,MAAM,aAAa,GAAgB,cAAc,EAAE,CAAC;QAEpD,MAAM,aAAa,GAAkC,EAAE,CAAC;QAExD,4CAA4C;QAC5C,IAAI,aAAa,KAAK,wBAAwB,EAAE,CAAC;YAC/C,MAAM,oBAAoB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAC1C,sBAAsB,CAAC,wBAAwB,CAAC,CACjD,CAAC;YACF,IACE,OAAO,oBAAoB,EAAE,KAAK,KAAK,QAAQ;gBAC/C,oBAAoB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBACtC,iBAAiB,CAAC,oBAAoB,CAAC,KAAK,CAAC;oBAC3C,wBAAwB,EAC1B,CAAC;gBACD,aAAa,CAAC,IAAI,CAAC;oBACjB,UAAU,EAAE,2BAA2B;oBACvC,IAAI,EAAE,SAAS;oBACf,KAAK,EAAE,oBAAoB,CAAC,KAAsB;iBACnD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,gHAAgH;QAChH,MAAM,CAAC,KAAK,UAAU,wCAAwC;YAC5D,MAAM,wBAAwB,GAC5B,qBAAqB,CAAC,aAAa,CAAC,CAAC;YACvC,MAAM,mBAAmB,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;YACtE,IACE,OAAO,mBAAmB,EAAE,KAAK,KAAK,QAAQ;gBAC9C,mBAAmB,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBACrC,iBAAiB,CAAC,mBAAmB,CAAC,KAAK,CAAC,IAAI,wBAAwB,EACxE,CAAC;gBACD,IAAI,UAAU,GAAkB,IAAI,CAAC;gBACrC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,cAAc,CACvD,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,CACtC,CAAC;oBACF,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACpB,MAAM,MAAM,CAAC,KAAK,CAAC;oBACrB,CAAC;oBACD,MAAM,0BAA0B,GAAgB,MAAM,CAAC,IAAI,CAAC;oBAC5D,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,0BAA0B,CAAC,GAAG,EAAE,CAAC;wBAChD,UAAU,GAAG,0BAA0B,CAAC,KAAK,CAAC;oBAChD,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,0BAA0B;oBAC1B,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC;gBACzC,CAAC;gBACD,IAAI,UAAU,EAAE,CAAC;oBACf,aAAa,CAAC,IAAI,CAAC;wBACjB,UAAU,EAAE,6BAA6B,wBAAwB,GAAG;wBACpE,IAAI,EAAE,QAAQ;wBACd,KAAK,EAAE,UAAU;qBAClB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,8CAA8C;QAC9C,CAAC,SAAS,4CAA4C;YACpD,IACE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;gBAChC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAChC,CAAC;gBACD,MAAM,WAAW,GACf,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;gBACvE,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;oBACpD,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;gBACJ,CAAC;gBACD,MAAM,wBAAwB,GAC5B,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC;oBAClE,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC;oBACrC,CAAC,CAAC,EAAE,CAAC;gBACT,IAAI,CAAC,wBAAwB,EAAE,CAAC;oBAC9B,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;gBACjE,CAAC;gBACD,aAAa,CAAC,IAAI,CAAC;oBACjB,UAAU,EAAE,+CAA+C;oBAC3D,IAAI,EAAE,QAAQ;oBACd,KAAK,EAAE,wBAAyC;iBACjD,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QAEL,MAAM,mBAAmB,GAAG,IAAI,iBAAiB,CAAC;YAChD,WAAW;YACX,cAAc,EAAE,aAAa,KAAK,wBAAwB;YAC1D,gBAAgB;SACjB,CAAC,CAAC;QACH,MAAM,WAAW,GACf,MAAM,mBAAmB,CAAC,2BAA2B,CACnD,gBAAgB,EAChB,aAAa,EACb,aAAa,CACd,CAAC;QAEJ,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACtB,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,qCAAqC;aAC/C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAa,WAAW,CAAC,IAAI,CAAC;QAExC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACnD,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EACL,qEAAqE;aACxE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACxD,OAAO,YAAY,CAAC,IAAI,CACtB;gBACE,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,uBAAuB;aACjC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,MAAM,kBAAkB,GACtB,WAAW,CAAC,kBAAkB,CAAC;QAEjC,MAAM,qBAAqB,GAA8C;YACvE,GAAG;YACH,IAAI;YACJ,WAAW;YACX,kBAAkB;SACnB,CAAC;QAEF,MAAM,gBAAgB,GACW;YAC/B,GAAG,qBAAqB;YACxB,GAAG,kCAAkC;SACtC,CAAC;QAEF,IAAI,OAAO,0BAA0B,KAAK,UAAU,EAAE,CAAC;YACrD,IAAI,aAAa,GAAY,KAAK,CAAC;YACnC,IAAI,CAAC;gBACH,aAAa,GAAG,MAAM,0BAA0B,CAAC,gBAAgB,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;gBACpE,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,IAAI;oBACX,OAAO,EAAE,2CAA2C;iBACrD,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,YAAY,CAAC,IAAI,CACtB;oBACE,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,IAAI;oBACX,OAAO,EAAE,uBAAuB;iBACjC,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,CAAC,MAAM,qBAAqB,CACjC,gBAAgB,CACjB,CAAwB,CAAC;IAC5B,CAAC,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@schemavaults/auth-server-sdk",
|
|
3
3
|
"description": "TypeScript SDK for building authenticated endpoints/middlewares for the Auth Server and Resource Servers",
|
|
4
|
-
"version": "0.20.
|
|
4
|
+
"version": "0.20.4",
|
|
5
5
|
"license": "UNLICENSED",
|
|
6
6
|
"private": false,
|
|
7
7
|
"repository": {
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"dependencies": {
|
|
20
20
|
"zod": "3.23.8",
|
|
21
21
|
"@schemavaults/jwt": "0.6.30",
|
|
22
|
-
"@schemavaults/auth-common": "0.9.
|
|
22
|
+
"@schemavaults/auth-common": "0.9.1",
|
|
23
23
|
"@schemavaults/app-definitions": "0.6.17"
|
|
24
24
|
},
|
|
25
25
|
"scripts": {
|