@semapps/auth 1.1.4 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +8 -0
- package/dist/index.js +9 -0
- package/dist/index.js.map +1 -0
- package/dist/middlewares/localLogout.d.ts +2 -0
- package/dist/middlewares/localLogout.js +6 -0
- package/dist/middlewares/localLogout.js.map +1 -0
- package/dist/middlewares/redirectToFront.d.ts +2 -0
- package/dist/middlewares/redirectToFront.js +15 -0
- package/dist/middlewares/redirectToFront.js.map +1 -0
- package/dist/middlewares/saveRedirectUrl.d.ts +2 -0
- package/dist/middlewares/saveRedirectUrl.js +9 -0
- package/dist/middlewares/saveRedirectUrl.js.map +1 -0
- package/dist/middlewares/sendToken.d.ts +2 -0
- package/dist/middlewares/sendToken.js +6 -0
- package/dist/middlewares/sendToken.js.map +1 -0
- package/dist/mixins/auth.d.ts +98 -0
- package/dist/mixins/auth.js +235 -0
- package/dist/mixins/auth.js.map +1 -0
- package/dist/mixins/auth.sso.d.ts +76 -0
- package/dist/mixins/auth.sso.js +82 -0
- package/dist/mixins/auth.sso.js.map +1 -0
- package/dist/services/account.d.ts +122 -0
- package/dist/services/account.js +324 -0
- package/dist/services/account.js.map +1 -0
- package/dist/services/auth.cas.d.ts +100 -0
- package/dist/services/auth.cas.js +43 -0
- package/dist/services/auth.cas.js.map +1 -0
- package/dist/services/auth.local.d.ts +143 -0
- package/dist/services/auth.local.js +229 -0
- package/dist/services/auth.local.js.map +1 -0
- package/dist/services/auth.oidc.d.ts +102 -0
- package/dist/services/auth.oidc.js +63 -0
- package/dist/services/auth.oidc.js.map +1 -0
- package/dist/services/jwt.d.ts +50 -0
- package/dist/services/jwt.js +111 -0
- package/dist/services/jwt.js.map +1 -0
- package/dist/services/mail.d.ts +31 -0
- package/dist/services/mail.js +52 -0
- package/dist/services/mail.js.map +1 -0
- package/dist/services/migration.d.ts +18 -0
- package/dist/services/migration.js +33 -0
- package/dist/services/migration.js.map +1 -0
- package/dist/tsconfig.tsbuildinfo +1 -0
- package/index.ts +17 -0
- package/middlewares/localLogout.ts +6 -0
- package/middlewares/{redirectToFront.js → redirectToFront.ts} +2 -2
- package/middlewares/{saveRedirectUrl.js → saveRedirectUrl.ts} +2 -2
- package/middlewares/{sendToken.js → sendToken.ts} +2 -2
- package/mixins/auth.sso.ts +100 -0
- package/mixins/{auth.js → auth.ts} +86 -67
- package/package.json +15 -9
- package/services/account.ts +382 -0
- package/services/auth.cas.ts +56 -0
- package/services/auth.local.ts +276 -0
- package/services/{auth.oidc.js → auth.oidc.ts} +21 -9
- package/services/jwt.ts +127 -0
- package/services/mail.ts +67 -0
- package/services/migration.ts +43 -0
- package/tsconfig.json +10 -0
- package/index.js +0 -9
- package/middlewares/localLogout.js +0 -6
- package/mixins/auth.sso.js +0 -93
- package/services/account.js +0 -315
- package/services/auth.cas.js +0 -45
- package/services/auth.local.js +0 -238
- package/services/jwt.js +0 -101
- package/services/mail.js +0 -49
- package/services/migration.js +0 -29
|
@@ -0,0 +1,143 @@
|
|
|
1
|
+
/** @type {import('moleculer').ServiceSchema} */
|
|
2
|
+
declare const AuthLocalService: {
|
|
3
|
+
name: "auth";
|
|
4
|
+
mixins: {
|
|
5
|
+
settings: {
|
|
6
|
+
baseUrl: null;
|
|
7
|
+
jwtPath: null;
|
|
8
|
+
capabilitiesPath: undefined;
|
|
9
|
+
registrationAllowed: boolean;
|
|
10
|
+
reservedUsernames: never[];
|
|
11
|
+
minPasswordLength: number;
|
|
12
|
+
minUsernameLength: number;
|
|
13
|
+
webIdSelection: never[];
|
|
14
|
+
accountSelection: never[];
|
|
15
|
+
accountsDataset: string;
|
|
16
|
+
podProvider: boolean;
|
|
17
|
+
};
|
|
18
|
+
dependencies: string[];
|
|
19
|
+
created(this: Moleculer.Service<Moleculer.ServiceSettingSchema>): Promise<void>;
|
|
20
|
+
started(this: Moleculer.Service<Moleculer.ServiceSettingSchema>): Promise<void>;
|
|
21
|
+
actions: {
|
|
22
|
+
authenticate: {
|
|
23
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
24
|
+
[x: string]: any;
|
|
25
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
26
|
+
};
|
|
27
|
+
authorize: {
|
|
28
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
29
|
+
[x: string]: any;
|
|
30
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
31
|
+
};
|
|
32
|
+
impersonate: {
|
|
33
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
34
|
+
[x: string]: any;
|
|
35
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
36
|
+
};
|
|
37
|
+
};
|
|
38
|
+
methods: {
|
|
39
|
+
validateCapability(ctx: any, token: any): Promise<any>;
|
|
40
|
+
getStrategy(): never;
|
|
41
|
+
getApiRoutes(): never;
|
|
42
|
+
pickWebIdData(data: any): any;
|
|
43
|
+
pickAccountData(data: any): {
|
|
44
|
+
[k: string]: any;
|
|
45
|
+
};
|
|
46
|
+
};
|
|
47
|
+
}[];
|
|
48
|
+
settings: {
|
|
49
|
+
baseUrl: null;
|
|
50
|
+
jwtPath: null;
|
|
51
|
+
registrationAllowed: boolean;
|
|
52
|
+
reservedUsernames: never[];
|
|
53
|
+
minPasswordLength: number;
|
|
54
|
+
minUsernameLength: number;
|
|
55
|
+
webIdSelection: never[];
|
|
56
|
+
accountSelection: never[];
|
|
57
|
+
formUrl: null;
|
|
58
|
+
mail: {
|
|
59
|
+
from: null;
|
|
60
|
+
transport: {
|
|
61
|
+
host: null;
|
|
62
|
+
port: null;
|
|
63
|
+
};
|
|
64
|
+
defaults: {
|
|
65
|
+
locale: null;
|
|
66
|
+
frontUrl: null;
|
|
67
|
+
};
|
|
68
|
+
};
|
|
69
|
+
};
|
|
70
|
+
dependencies: string[];
|
|
71
|
+
created(this: Moleculer.Service<Moleculer.ServiceSettingSchema>): Promise<void>;
|
|
72
|
+
actions: {
|
|
73
|
+
signup: {
|
|
74
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
75
|
+
[x: string]: any;
|
|
76
|
+
}>, {}, Moleculer.GenericObject>): Promise<{
|
|
77
|
+
token: any;
|
|
78
|
+
webId: any;
|
|
79
|
+
newUser: boolean;
|
|
80
|
+
}>;
|
|
81
|
+
};
|
|
82
|
+
login: {
|
|
83
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
84
|
+
[x: string]: any;
|
|
85
|
+
}>, {}, Moleculer.GenericObject>): Promise<{
|
|
86
|
+
token: any;
|
|
87
|
+
webId: any;
|
|
88
|
+
newUser: boolean;
|
|
89
|
+
}>;
|
|
90
|
+
};
|
|
91
|
+
logout: {
|
|
92
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
93
|
+
[x: string]: any;
|
|
94
|
+
}>, {}, Moleculer.GenericObject>): Promise<void>;
|
|
95
|
+
};
|
|
96
|
+
redirectToForm: {
|
|
97
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
98
|
+
[x: string]: any;
|
|
99
|
+
}>, {}, Moleculer.GenericObject>): Promise<void>;
|
|
100
|
+
};
|
|
101
|
+
resetPassword: {
|
|
102
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
103
|
+
[x: string]: any;
|
|
104
|
+
}>, {}, Moleculer.GenericObject>): Promise<void>;
|
|
105
|
+
};
|
|
106
|
+
setNewPassword: {
|
|
107
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
108
|
+
[x: string]: any;
|
|
109
|
+
}>, {}, Moleculer.GenericObject>): Promise<void>;
|
|
110
|
+
};
|
|
111
|
+
};
|
|
112
|
+
methods: {
|
|
113
|
+
getStrategy(): any;
|
|
114
|
+
getApiRoutes(basePath: any): ({
|
|
115
|
+
path: string;
|
|
116
|
+
name: string;
|
|
117
|
+
use: any[];
|
|
118
|
+
aliases: {
|
|
119
|
+
'POST /': any[];
|
|
120
|
+
};
|
|
121
|
+
} | {
|
|
122
|
+
path: string;
|
|
123
|
+
name: string;
|
|
124
|
+
aliases: {
|
|
125
|
+
'GET /': string;
|
|
126
|
+
};
|
|
127
|
+
} | {
|
|
128
|
+
path: string;
|
|
129
|
+
name: string;
|
|
130
|
+
aliases: {
|
|
131
|
+
'POST /': string;
|
|
132
|
+
};
|
|
133
|
+
})[];
|
|
134
|
+
};
|
|
135
|
+
};
|
|
136
|
+
export default AuthLocalService;
|
|
137
|
+
declare global {
|
|
138
|
+
export namespace Moleculer {
|
|
139
|
+
interface AllServices {
|
|
140
|
+
[AuthLocalService.name]: typeof AuthLocalService;
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
}
|
|
@@ -0,0 +1,229 @@
|
|
|
1
|
+
import path from 'path';
|
|
2
|
+
// @ts-expect-error TS(7016): Could not find a declaration file for module 'pass... Remove this comment to see the full error message
|
|
3
|
+
import { Strategy } from 'passport-local';
|
|
4
|
+
import AuthMixin from "../mixins/auth.js";
|
|
5
|
+
import sendToken from "../middlewares/sendToken.js";
|
|
6
|
+
import AuthMailService from "./mail.js";
|
|
7
|
+
import { Errors } from 'moleculer';
|
|
8
|
+
const { MoleculerError } = Errors;
|
|
9
|
+
/** @type {import('moleculer').ServiceSchema} */
|
|
10
|
+
const AuthLocalService = {
|
|
11
|
+
name: 'auth',
|
|
12
|
+
mixins: [AuthMixin],
|
|
13
|
+
settings: {
|
|
14
|
+
baseUrl: null,
|
|
15
|
+
jwtPath: null,
|
|
16
|
+
registrationAllowed: true,
|
|
17
|
+
reservedUsernames: [],
|
|
18
|
+
minPasswordLength: 1,
|
|
19
|
+
minUsernameLength: 1,
|
|
20
|
+
webIdSelection: [],
|
|
21
|
+
accountSelection: [],
|
|
22
|
+
formUrl: null,
|
|
23
|
+
mail: {
|
|
24
|
+
from: null,
|
|
25
|
+
transport: {
|
|
26
|
+
host: null,
|
|
27
|
+
port: null
|
|
28
|
+
},
|
|
29
|
+
defaults: {
|
|
30
|
+
locale: null,
|
|
31
|
+
frontUrl: null
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
},
|
|
35
|
+
dependencies: ['webid'],
|
|
36
|
+
async created() {
|
|
37
|
+
const { mail } = this.settings;
|
|
38
|
+
this.passportId = 'local';
|
|
39
|
+
if (mail !== false) {
|
|
40
|
+
// @ts-expect-error TS(2345): Argument of type '{ mixins: { name: "auth.mail"; m... Remove this comment to see the full error message
|
|
41
|
+
this.broker.createService({
|
|
42
|
+
mixins: [AuthMailService],
|
|
43
|
+
settings: {
|
|
44
|
+
...mail
|
|
45
|
+
}
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
},
|
|
49
|
+
actions: {
|
|
50
|
+
signup: {
|
|
51
|
+
async handler(ctx) {
|
|
52
|
+
const { username, email, password, ...rest } = ctx.params;
|
|
53
|
+
// This is going to get in our way otherwise when waiting for completions.
|
|
54
|
+
// @ts-expect-error TS(2339): Property 'skipObjectsWatcher' does not exist on ty... Remove this comment to see the full error message
|
|
55
|
+
ctx.meta.skipObjectsWatcher = true;
|
|
56
|
+
let accountData = await ctx.call('auth.account.create', {
|
|
57
|
+
username,
|
|
58
|
+
email,
|
|
59
|
+
password,
|
|
60
|
+
...this.pickAccountData(rest)
|
|
61
|
+
});
|
|
62
|
+
try {
|
|
63
|
+
const profileData = { nick: accountData.username, email: accountData.email, ...rest };
|
|
64
|
+
const webId = await ctx.call('webid.createWebId', this.pickWebIdData(profileData), {
|
|
65
|
+
meta: {
|
|
66
|
+
isSignup: true // Allow services to handle directly the webId creation if it is generated by the AuthService
|
|
67
|
+
}
|
|
68
|
+
});
|
|
69
|
+
// Link the webId with the account
|
|
70
|
+
accountData = await ctx.call('auth.account.attachWebId', { accountUri: accountData['@id'], webId });
|
|
71
|
+
ctx.emit('auth.registered', { webId, profileData, accountData });
|
|
72
|
+
const token = await ctx.call('auth.jwt.generateServerSignedToken', { payload: { webId } });
|
|
73
|
+
return { token, webId, newUser: true };
|
|
74
|
+
}
|
|
75
|
+
catch (e) {
|
|
76
|
+
// Delete account if resource creation failed, or it may cause problems when retrying
|
|
77
|
+
await ctx.call('auth.account.remove', { id: accountData['@id'] });
|
|
78
|
+
throw e;
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
},
|
|
82
|
+
login: {
|
|
83
|
+
async handler(ctx) {
|
|
84
|
+
const { username, password } = ctx.params;
|
|
85
|
+
const accountData = await ctx.call('auth.account.verify', { username, password });
|
|
86
|
+
ctx.emit('auth.connected', { webId: accountData.webId, accountData }, { meta: { webId: null, dataset: null } });
|
|
87
|
+
const token = await ctx.call('auth.jwt.generateServerSignedToken', { payload: { webId: accountData.webId } });
|
|
88
|
+
return { token, webId: accountData.webId, newUser: false };
|
|
89
|
+
}
|
|
90
|
+
},
|
|
91
|
+
logout: {
|
|
92
|
+
async handler(ctx) {
|
|
93
|
+
// @ts-expect-error TS(2339): Property '$statusCode' does not exist on type '{}'... Remove this comment to see the full error message
|
|
94
|
+
ctx.meta.$statusCode = 302;
|
|
95
|
+
// @ts-expect-error TS(2339): Property '$location' does not exist on type '{}'.
|
|
96
|
+
ctx.meta.$location = ctx.params.redirectUrl || this.settings.formUrl;
|
|
97
|
+
// @ts-expect-error TS(2339): Property 'webId' does not exist on type '{}'.
|
|
98
|
+
ctx.emit('auth.disconnected', { webId: ctx.meta.webId });
|
|
99
|
+
}
|
|
100
|
+
},
|
|
101
|
+
redirectToForm: {
|
|
102
|
+
async handler(ctx) {
|
|
103
|
+
if (this.settings.formUrl) {
|
|
104
|
+
const formUrl = new URL(this.settings.formUrl);
|
|
105
|
+
if (ctx.params) {
|
|
106
|
+
for (const [key, value] of Object.entries(ctx.params)) {
|
|
107
|
+
formUrl.searchParams.set(key, value);
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
// @ts-expect-error TS(2339): Property '$statusCode' does not exist on type '{}'... Remove this comment to see the full error message
|
|
111
|
+
ctx.meta.$statusCode = 302;
|
|
112
|
+
// @ts-expect-error TS(2339): Property '$location' does not exist on type '{}'.
|
|
113
|
+
ctx.meta.$location = formUrl.toString();
|
|
114
|
+
}
|
|
115
|
+
else {
|
|
116
|
+
throw new Error('No formUrl defined in auth.local settings');
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
},
|
|
120
|
+
resetPassword: {
|
|
121
|
+
async handler(ctx) {
|
|
122
|
+
const { email } = ctx.params;
|
|
123
|
+
const account = await ctx.call('auth.account.findByEmail', { email });
|
|
124
|
+
if (!account) {
|
|
125
|
+
throw new MoleculerError('email.not.exists', 400, 'BAD_REQUEST');
|
|
126
|
+
}
|
|
127
|
+
const token = await ctx.call('auth.account.generateResetPasswordToken', { webId: account.webId });
|
|
128
|
+
await ctx.call('auth.mail.sendResetPasswordEmail', {
|
|
129
|
+
account,
|
|
130
|
+
token
|
|
131
|
+
});
|
|
132
|
+
}
|
|
133
|
+
},
|
|
134
|
+
setNewPassword: {
|
|
135
|
+
async handler(ctx) {
|
|
136
|
+
const { email, token, password } = ctx.params;
|
|
137
|
+
const account = await ctx.call('auth.account.findByEmail', { email });
|
|
138
|
+
if (!account) {
|
|
139
|
+
throw new MoleculerError('email.not.exists', 400, 'BAD_REQUEST');
|
|
140
|
+
}
|
|
141
|
+
await ctx.call('auth.account.setNewPassword', { webId: account.webId, token, password });
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
},
|
|
145
|
+
methods: {
|
|
146
|
+
getStrategy() {
|
|
147
|
+
return new Strategy({
|
|
148
|
+
passReqToCallback: true // We want to have access to req below
|
|
149
|
+
}, (req, username, password, done) => {
|
|
150
|
+
req.$ctx
|
|
151
|
+
.call('auth.login', req.$params)
|
|
152
|
+
.then((returnedData) => {
|
|
153
|
+
done(null, returnedData);
|
|
154
|
+
})
|
|
155
|
+
.catch((e) => {
|
|
156
|
+
done(new MoleculerError(e.message, 401), false);
|
|
157
|
+
});
|
|
158
|
+
});
|
|
159
|
+
},
|
|
160
|
+
getApiRoutes(basePath) {
|
|
161
|
+
const loginRoute = {
|
|
162
|
+
path: path.join(basePath, '/auth/login'),
|
|
163
|
+
name: 'auth-login',
|
|
164
|
+
use: [this.passport.initialize()],
|
|
165
|
+
aliases: {
|
|
166
|
+
'POST /': [this.passport.authenticate(this.passportId, { session: false }), sendToken]
|
|
167
|
+
}
|
|
168
|
+
};
|
|
169
|
+
const logoutRoute = {
|
|
170
|
+
path: path.join(basePath, '/auth/logout'),
|
|
171
|
+
name: 'auth-logout',
|
|
172
|
+
aliases: {
|
|
173
|
+
'GET /': 'auth.logout'
|
|
174
|
+
}
|
|
175
|
+
};
|
|
176
|
+
const signupRoute = {
|
|
177
|
+
path: path.join(basePath, '/auth/signup'),
|
|
178
|
+
name: 'auth-signup',
|
|
179
|
+
aliases: {
|
|
180
|
+
'POST /': 'auth.signup'
|
|
181
|
+
}
|
|
182
|
+
};
|
|
183
|
+
const formRoute = {
|
|
184
|
+
path: path.join(basePath, '/auth'),
|
|
185
|
+
name: 'auth',
|
|
186
|
+
aliases: {
|
|
187
|
+
'GET /': 'auth.redirectToForm'
|
|
188
|
+
}
|
|
189
|
+
};
|
|
190
|
+
const resetPasswordRoute = {
|
|
191
|
+
path: path.join(basePath, '/auth/reset_password'),
|
|
192
|
+
name: 'auth-reset-password',
|
|
193
|
+
aliases: {
|
|
194
|
+
'POST /': 'auth.resetPassword'
|
|
195
|
+
}
|
|
196
|
+
};
|
|
197
|
+
const setNewPasswordRoute = {
|
|
198
|
+
path: path.join(basePath, '/auth/new_password'),
|
|
199
|
+
name: 'auth-new-password',
|
|
200
|
+
aliases: {
|
|
201
|
+
'POST /': 'auth.setNewPassword'
|
|
202
|
+
}
|
|
203
|
+
};
|
|
204
|
+
const accountSettingsRoute = {
|
|
205
|
+
path: path.join(basePath, '/auth/account'),
|
|
206
|
+
name: 'auth-account',
|
|
207
|
+
aliases: {
|
|
208
|
+
'GET /': 'auth.account.findSettingsByWebId',
|
|
209
|
+
'POST /': 'auth.account.updateAccountSettings'
|
|
210
|
+
},
|
|
211
|
+
authorization: true
|
|
212
|
+
};
|
|
213
|
+
const routes = [
|
|
214
|
+
loginRoute,
|
|
215
|
+
logoutRoute,
|
|
216
|
+
formRoute,
|
|
217
|
+
resetPasswordRoute,
|
|
218
|
+
setNewPasswordRoute,
|
|
219
|
+
accountSettingsRoute
|
|
220
|
+
];
|
|
221
|
+
if (this.settings.registrationAllowed) {
|
|
222
|
+
return [...routes, signupRoute];
|
|
223
|
+
}
|
|
224
|
+
return routes;
|
|
225
|
+
}
|
|
226
|
+
}
|
|
227
|
+
};
|
|
228
|
+
export default AuthLocalService;
|
|
229
|
+
//# sourceMappingURL=auth.local.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.local.js","sourceRoot":"","sources":["../../services/auth.local.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,qIAAqI;AACrI,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,SAAS,MAAM,mBAAmB,CAAC;AAC1C,OAAO,SAAS,MAAM,6BAA6B,CAAC;AACpD,OAAO,eAAe,MAAM,WAAW,CAAC;AAExC,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAEnC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;AAElC,gDAAgD;AAChD,MAAM,gBAAgB,GAAG;IACvB,IAAI,EAAE,MAAe;IACrB,MAAM,EAAE,CAAC,SAAS,CAAC;IACnB,QAAQ,EAAE;QACR,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,IAAI;QACb,mBAAmB,EAAE,IAAI;QACzB,iBAAiB,EAAE,EAAE;QACrB,iBAAiB,EAAE,CAAC;QACpB,iBAAiB,EAAE,CAAC;QACpB,cAAc,EAAE,EAAE;QAClB,gBAAgB,EAAE,EAAE;QACpB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE;YACJ,IAAI,EAAE,IAAI;YACV,SAAS,EAAE;gBACT,IAAI,EAAE,IAAI;gBACV,IAAI,EAAE,IAAI;aACX;YACD,QAAQ,EAAE;gBACR,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,IAAI;aACf;SACF;KACF;IACD,YAAY,EAAE,CAAC,OAAO,CAAC;IACvB,KAAK,CAAC,OAAO;QACX,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAE/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC;QAE1B,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACnB,qIAAqI;YACrI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;gBACxB,MAAM,EAAE,CAAC,eAAe,CAAC;gBACzB,QAAQ,EAAE;oBACR,GAAG,IAAI;iBACR;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,EAAE;QACP,MAAM,EAAE;YACN,KAAK,CAAC,OAAO,CAAC,GAAG;gBACf,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBAE1D,0EAA0E;gBAC1E,qIAAqI;gBACrI,GAAG,CAAC,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBAEnC,IAAI,WAAW,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE;oBACtD,QAAQ;oBACR,KAAK;oBACL,QAAQ;oBACR,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;iBAC9B,CAAC,CAAC;gBAEH,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,EAAE,IAAI,EAAE,WAAW,CAAC,QAAQ,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,GAAG,IAAI,EAAE,CAAC;oBACtF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE;wBACjF,IAAI,EAAE;4BACJ,QAAQ,EAAE,IAAI,CAAC,6FAA6F;yBAC7G;qBACF,CAAC,CAAC;oBAEH,kCAAkC;oBAClC,WAAW,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,UAAU,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;oBAEpG,GAAG,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC,CAAC;oBAEjE,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;oBAE3F,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;gBACzC,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,qFAAqF;oBACrF,MAAM,GAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,EAAE,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBAClE,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;SACF;QAED,KAAK,EAAE;YACL,KAAK,CAAC,OAAO,CAAC,GAAG;gBACf,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBAE1C,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAElF,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;gBAEhH,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBAE9G,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;YAC7D,CAAC;SACF;QAED,MAAM,EAAE;YACN,KAAK,CAAC,OAAO,CAAC,GAAG;gBACf,qIAAqI;gBACrI,GAAG,CAAC,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC;gBAC3B,+EAA+E;gBAC/E,GAAG,CAAC,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACrE,2EAA2E;gBAC3E,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YAC3D,CAAC;SACF;QAED,cAAc,EAAE;YACd,KAAK,CAAC,OAAO,CAAC,GAAG;gBACf,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;oBAC1B,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAC/C,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;wBACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;4BACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;wBACvC,CAAC;oBACH,CAAC;oBACD,qIAAqI;oBACrI,GAAG,CAAC,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC;oBAC3B,+EAA+E;oBAC/E,GAAG,CAAC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAC1C,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;SACF;QAED,aAAa,EAAE;YACb,KAAK,CAAC,OAAO,CAAC,GAAG;gBACf,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBAE7B,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBAEtE,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;gBACnE,CAAC;gBAED,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,yCAAyC,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;gBAElG,MAAM,GAAG,CAAC,IAAI,CAAC,kCAAkC,EAAE;oBACjD,OAAO;oBACP,KAAK;iBACN,CAAC,CAAC;YACL,CAAC;SACF;QAED,cAAc,EAAE;YACd,KAAK,CAAC,OAAO,CAAC,GAAG;gBACf,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBAE9C,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;gBAEtE,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;gBACnE,CAAC;gBAED,MAAM,GAAG,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC3F,CAAC;SACF;KACF;IACD,OAAO,EAAE;QACP,WAAW;YACT,OAAO,IAAI,QAAQ,CACjB;gBACE,iBAAiB,EAAE,IAAI,CAAC,sCAAsC;aAC/D,EACD,CAAC,GAAQ,EAAE,QAAa,EAAE,QAAa,EAAE,IAAS,EAAE,EAAE;gBACpD,GAAG,CAAC,IAAI;qBACL,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,OAAO,CAAC;qBAC/B,IAAI,CAAC,CAAC,YAAiB,EAAE,EAAE;oBAC1B,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;gBAC3B,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,CAAM,EAAE,EAAE;oBAChB,IAAI,CAAC,IAAI,cAAc,CAAC,CAAC,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;gBAClD,CAAC,CAAC,CAAC;YACP,CAAC,CACF,CAAC;QACJ,CAAC;QACD,YAAY,CAAC,QAAQ;YACnB,MAAM,UAAU,GAAG;gBACjB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC;gBACxC,IAAI,EAAE,YAAY;gBAClB,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;gBACjC,OAAO,EAAE;oBACP,QAAQ,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,CAAC;iBACvF;aACF,CAAC;YAEF,MAAM,WAAW,GAAG;gBAClB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC;gBACzC,IAAI,EAAE,aAAa;gBACnB,OAAO,EAAE;oBACP,OAAO,EAAE,aAAa;iBACvB;aACF,CAAC;YAEF,MAAM,WAAW,GAAG;gBAClB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC;gBACzC,IAAI,EAAE,aAAa;gBACnB,OAAO,EAAE;oBACP,QAAQ,EAAE,aAAa;iBACxB;aACF,CAAC;YAEF,MAAM,SAAS,GAAG;gBAChB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC;gBAClC,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP,OAAO,EAAE,qBAAqB;iBAC/B;aACF,CAAC;YAEF,MAAM,kBAAkB,GAAG;gBACzB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,sBAAsB,CAAC;gBACjD,IAAI,EAAE,qBAAqB;gBAC3B,OAAO,EAAE;oBACP,QAAQ,EAAE,oBAAoB;iBAC/B;aACF,CAAC;YACF,MAAM,mBAAmB,GAAG;gBAC1B,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC;gBAC/C,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE;oBACP,QAAQ,EAAE,qBAAqB;iBAChC;aACF,CAAC;YAEF,MAAM,oBAAoB,GAAG;gBAC3B,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC;gBAC1C,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE;oBACP,OAAO,EAAE,kCAAkC;oBAC3C,QAAQ,EAAE,oCAAoC;iBAC/C;gBACD,aAAa,EAAE,IAAI;aACpB,CAAC;YAEF,MAAM,MAAM,GAAG;gBACb,UAAU;gBACV,WAAW;gBACX,SAAS;gBACT,kBAAkB;gBAClB,mBAAmB;gBACnB,oBAAoB;aACrB,CAAC;YAEF,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;gBACtC,OAAO,CAAC,GAAG,MAAM,EAAE,WAAW,CAAC,CAAC;YAClC,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;KACF;CACsB,CAAC;AAE1B,eAAe,gBAAgB,CAAC"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
declare const AuthOIDCService: {
|
|
2
|
+
name: "auth";
|
|
3
|
+
mixins: {
|
|
4
|
+
mixins: {
|
|
5
|
+
settings: {
|
|
6
|
+
baseUrl: null;
|
|
7
|
+
jwtPath: null;
|
|
8
|
+
capabilitiesPath: undefined;
|
|
9
|
+
registrationAllowed: boolean;
|
|
10
|
+
reservedUsernames: never[];
|
|
11
|
+
minPasswordLength: number;
|
|
12
|
+
minUsernameLength: number;
|
|
13
|
+
webIdSelection: never[];
|
|
14
|
+
accountSelection: never[];
|
|
15
|
+
accountsDataset: string;
|
|
16
|
+
podProvider: boolean;
|
|
17
|
+
};
|
|
18
|
+
dependencies: string[];
|
|
19
|
+
created(this: Moleculer.Service<Moleculer.ServiceSettingSchema>): Promise<void>;
|
|
20
|
+
started(this: Moleculer.Service<Moleculer.ServiceSettingSchema>): Promise<void>;
|
|
21
|
+
actions: {
|
|
22
|
+
authenticate: {
|
|
23
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
24
|
+
[x: string]: any;
|
|
25
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
26
|
+
};
|
|
27
|
+
authorize: {
|
|
28
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
29
|
+
[x: string]: any;
|
|
30
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
31
|
+
};
|
|
32
|
+
impersonate: {
|
|
33
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
34
|
+
[x: string]: any;
|
|
35
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
36
|
+
};
|
|
37
|
+
};
|
|
38
|
+
methods: {
|
|
39
|
+
validateCapability(ctx: any, token: any): Promise<any>;
|
|
40
|
+
getStrategy(): never;
|
|
41
|
+
getApiRoutes(): never;
|
|
42
|
+
pickWebIdData(data: any): any;
|
|
43
|
+
pickAccountData(data: any): {
|
|
44
|
+
[k: string]: any;
|
|
45
|
+
};
|
|
46
|
+
};
|
|
47
|
+
}[];
|
|
48
|
+
settings: {
|
|
49
|
+
baseUrl: null;
|
|
50
|
+
jwtPath: null;
|
|
51
|
+
registrationAllowed: boolean;
|
|
52
|
+
reservedUsernames: never[];
|
|
53
|
+
webIdSelection: never[];
|
|
54
|
+
sessionSecret: string;
|
|
55
|
+
selectSsoData: null;
|
|
56
|
+
};
|
|
57
|
+
actions: {
|
|
58
|
+
loginOrSignup: {
|
|
59
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
60
|
+
[x: string]: any;
|
|
61
|
+
}>, {}, Moleculer.GenericObject>): Promise<{
|
|
62
|
+
token: any;
|
|
63
|
+
newUser: boolean;
|
|
64
|
+
}>;
|
|
65
|
+
};
|
|
66
|
+
};
|
|
67
|
+
methods: {
|
|
68
|
+
getApiRoutes(basePath: any): {
|
|
69
|
+
path: string;
|
|
70
|
+
name: string;
|
|
71
|
+
use: any[];
|
|
72
|
+
aliases: {
|
|
73
|
+
'GET /': any[];
|
|
74
|
+
};
|
|
75
|
+
}[];
|
|
76
|
+
};
|
|
77
|
+
}[];
|
|
78
|
+
settings: {
|
|
79
|
+
baseUrl: null;
|
|
80
|
+
jwtPath: null;
|
|
81
|
+
registrationAllowed: boolean;
|
|
82
|
+
reservedUsernames: never[];
|
|
83
|
+
webIdSelection: never[];
|
|
84
|
+
sessionSecret: string;
|
|
85
|
+
selectSsoData: null;
|
|
86
|
+
issuer: null;
|
|
87
|
+
clientId: null;
|
|
88
|
+
clientSecret: null;
|
|
89
|
+
};
|
|
90
|
+
created(this: Moleculer.Service<Moleculer.ServiceSettingSchema>): Promise<void>;
|
|
91
|
+
methods: {
|
|
92
|
+
getStrategy(): Promise<any>;
|
|
93
|
+
};
|
|
94
|
+
};
|
|
95
|
+
export default AuthOIDCService;
|
|
96
|
+
declare global {
|
|
97
|
+
export namespace Moleculer {
|
|
98
|
+
interface AllServices {
|
|
99
|
+
[AuthOIDCService.name]: typeof AuthOIDCService;
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
import urlJoin from 'url-join';
|
|
2
|
+
// @ts-expect-error TS(7016): Could not find a declaration file for module 'open... Remove this comment to see the full error message
|
|
3
|
+
import { Issuer, Strategy, custom } from 'openid-client';
|
|
4
|
+
import AuthSSOMixin from "../mixins/auth.sso.js";
|
|
5
|
+
custom.setHttpOptionsDefaults({
|
|
6
|
+
timeout: 10000
|
|
7
|
+
});
|
|
8
|
+
const AuthOIDCService = {
|
|
9
|
+
name: 'auth',
|
|
10
|
+
mixins: [AuthSSOMixin],
|
|
11
|
+
settings: {
|
|
12
|
+
baseUrl: null,
|
|
13
|
+
jwtPath: null,
|
|
14
|
+
registrationAllowed: true,
|
|
15
|
+
reservedUsernames: [],
|
|
16
|
+
webIdSelection: [],
|
|
17
|
+
// SSO-specific settings
|
|
18
|
+
sessionSecret: 's€m@pps',
|
|
19
|
+
selectSsoData: null,
|
|
20
|
+
// OIDC-specific settings
|
|
21
|
+
issuer: null,
|
|
22
|
+
clientId: null,
|
|
23
|
+
clientSecret: null
|
|
24
|
+
},
|
|
25
|
+
async created() {
|
|
26
|
+
this.passportId = 'oidc';
|
|
27
|
+
},
|
|
28
|
+
methods: {
|
|
29
|
+
async getStrategy() {
|
|
30
|
+
const issuer = await Issuer.discover(this.settings.issuer);
|
|
31
|
+
const client = new issuer.Client({
|
|
32
|
+
client_id: this.settings.clientId,
|
|
33
|
+
client_secret: this.settings.clientSecret,
|
|
34
|
+
redirect_uri: urlJoin(this.settings.baseUrl, 'auth'),
|
|
35
|
+
token_endpoint_auth_method: this.settings.clientSecret ? undefined : 'none'
|
|
36
|
+
});
|
|
37
|
+
const params = {
|
|
38
|
+
// ... any authorization params override client properties
|
|
39
|
+
// client_id defaults to client.client_id
|
|
40
|
+
// redirect_uri defaults to client.redirect_uris[0]
|
|
41
|
+
// response type defaults to client.response_types[0], then 'code'
|
|
42
|
+
// scope defaults to 'openid'
|
|
43
|
+
};
|
|
44
|
+
return new Strategy({
|
|
45
|
+
client,
|
|
46
|
+
params,
|
|
47
|
+
passReqToCallback: true
|
|
48
|
+
}, (req, tokenset, userinfo, done) => {
|
|
49
|
+
req.$ctx
|
|
50
|
+
.call('auth.loginOrSignup', { ssoData: userinfo })
|
|
51
|
+
.then((loginData) => {
|
|
52
|
+
done(null, loginData);
|
|
53
|
+
})
|
|
54
|
+
.catch((e) => {
|
|
55
|
+
console.error(e);
|
|
56
|
+
done(null, false);
|
|
57
|
+
});
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
};
|
|
62
|
+
export default AuthOIDCService;
|
|
63
|
+
//# sourceMappingURL=auth.oidc.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.oidc.js","sourceRoot":"","sources":["../../services/auth.oidc.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,UAAU,CAAC;AAC/B,qIAAqI;AACrI,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAGzD,OAAO,YAAY,MAAM,uBAAuB,CAAC;AAEjD,MAAM,CAAC,sBAAsB,CAAC;IAC5B,OAAO,EAAE,KAAK;CACf,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,MAAe;IACrB,MAAM,EAAE,CAAC,YAAY,CAAC;IACtB,QAAQ,EAAE;QACR,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,IAAI;QACb,mBAAmB,EAAE,IAAI;QACzB,iBAAiB,EAAE,EAAE;QACrB,cAAc,EAAE,EAAE;QAClB,wBAAwB;QACxB,aAAa,EAAE,SAAS;QACxB,aAAa,EAAE,IAAI;QACnB,yBAAyB;QACzB,MAAM,EAAE,IAAI;QACZ,QAAQ,EAAE,IAAI;QACd,YAAY,EAAE,IAAI;KACnB;IACD,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC;IAC3B,CAAC;IACD,OAAO,EAAE;QACP,KAAK,CAAC,WAAW;YACf,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAE3D,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC;gBAC/B,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBACjC,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY;gBACzC,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;gBACpD,0BAA0B,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;aAC5E,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG;YACb,0DAA0D;YAC1D,yCAAyC;YACzC,mDAAmD;YACnD,kEAAkE;YAClE,6BAA6B;aAC9B,CAAC;YAEF,OAAO,IAAI,QAAQ,CACjB;gBACE,MAAM;gBACN,MAAM;gBACN,iBAAiB,EAAE,IAAI;aACxB,EACD,CAAC,GAAQ,EAAE,QAAa,EAAE,QAAa,EAAE,IAAS,EAAE,EAAE;gBACpD,GAAG,CAAC,IAAI;qBACL,IAAI,CAAC,oBAAoB,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;qBACjD,IAAI,CAAC,CAAC,SAAc,EAAE,EAAE;oBACvB,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBACxB,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,CAAM,EAAE,EAAE;oBAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBACjB,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBACpB,CAAC,CAAC,CAAC;YACP,CAAC,CACF,CAAC;QACJ,CAAC;KACF;CACsB,CAAC;AAE1B,eAAe,eAAe,CAAC"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Service that creates and validates JSON web tokens(JWT).
|
|
3
|
+
* Tokens are signed against this server's keys.
|
|
4
|
+
* This is useful for generating/validating authentication tokens.
|
|
5
|
+
*
|
|
6
|
+
* TODO: Tokens do not expire.
|
|
7
|
+
*/
|
|
8
|
+
declare const AuthJwtSchema: {
|
|
9
|
+
name: "auth.jwt";
|
|
10
|
+
settings: {
|
|
11
|
+
jwtPath: null;
|
|
12
|
+
};
|
|
13
|
+
created(this: Moleculer.Service<Moleculer.ServiceSettingSchema>): Promise<void>;
|
|
14
|
+
actions: {
|
|
15
|
+
generateKeyPair: {
|
|
16
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
17
|
+
[x: string]: any;
|
|
18
|
+
}>, {}, Moleculer.GenericObject>): Promise<unknown>;
|
|
19
|
+
};
|
|
20
|
+
generateServerSignedToken: {
|
|
21
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
22
|
+
[x: string]: any;
|
|
23
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
24
|
+
};
|
|
25
|
+
verifyServerSignedToken: {
|
|
26
|
+
/** Verifies that the token was signed by this server. */
|
|
27
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
28
|
+
[x: string]: any;
|
|
29
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
30
|
+
};
|
|
31
|
+
generateUnsignedToken: {
|
|
32
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
33
|
+
[x: string]: any;
|
|
34
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
35
|
+
};
|
|
36
|
+
decodeToken: {
|
|
37
|
+
handler(ctx: Moleculer.Context<Optionalize<{
|
|
38
|
+
[x: string]: any;
|
|
39
|
+
}>, {}, Moleculer.GenericObject>): Promise<any>;
|
|
40
|
+
};
|
|
41
|
+
};
|
|
42
|
+
};
|
|
43
|
+
export default AuthJwtSchema;
|
|
44
|
+
declare global {
|
|
45
|
+
export namespace Moleculer {
|
|
46
|
+
interface AllServices {
|
|
47
|
+
[AuthJwtSchema.name]: typeof AuthJwtSchema;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
}
|