@simulacrum/auth0-simulator 0.2.1 → 0.4.0

package/src/handlers/openid-handlers.ts

@@ -1,39 +0,0 @@
-import type { HttpHandler } from '@simulacrum/server';
-import { Options } from 'src/types';
-import { JWKS } from '../auth/constants';
-import { getServiceUrl } from './get-service-url';
-import { removeTrailingSlash } from './url';
-
-type Routes =
-  | '/jwks.json'
-  | '/openid-configuration'
-
-export type OpenIdRoutes = `${`/.well-known`}${Routes}`
-
-export interface OpenIdConfiguration {
-  issuer: string;
-  authorization_endpoint: string;
-  token_endpoint: string;
-  userinfo_endpoint: string;
-  jwks_uri: string;
-}
-
-export const createOpenIdHandlers = (options: Options): Record<OpenIdRoutes, HttpHandler> => {
-  return {
-    ['/.well-known/jwks.json']: function* (_, res) {
-      res.json(JWKS);
-    },
-
-    ['/.well-known/openid-configuration']: function* (_, res) {
-      let url = removeTrailingSlash(getServiceUrl(options).toString());
-
-      res.json({
-        issuer: `${url}/`,
-        authorization_endpoint: [url, "authorize"].join('/'),
-        token_endpoint: [url, "oauth", "token"].join('/'),
-        userinfo_endpoint: [url, "userinfo"].join('/'),
-        jwks_uri: [url, ".well-known", "jwks.json"].join('/'),
-      });
-    }
-  };
-};

package/src/handlers/url.ts

@@ -1 +0,0 @@
-export const removeTrailingSlash = (url: string): string => url.replace(/\/$/, '');

package/src/handlers/web-message.ts

@@ -1,31 +0,0 @@
-import { Middleware } from '@simulacrum/server';
-import { assert } from 'assert-ts';
-import { encode } from 'base64-url';
-import { QueryParams } from 'src/types';
-import { webMessage } from '../views/web-message';
-
-export const createWebMessageHandler = (): Middleware =>
-  function* (req, res) {
-    assert(!!req.session, "no session");
-
-    let username = req.session.username;
-
-    assert(!!username, `no username in authorise`);
-
-    let {
-      redirect_uri,
-      state,
-      nonce
-    } = req.query as QueryParams;
-
-    res.set("Content-Type", "text/html");
-
-    let message = webMessage({
-      code: encode(`${nonce}:${username}`),
-      state,
-      redirect_uri,
-      nonce,
-    });
-
-    res.status(200).send(Buffer.from(message));
-  };

package/src/index.ts

@@ -1,70 +0,0 @@
-import type { Simulator, Service } from '@simulacrum/server';
-import { createHttpApp } from '@simulacrum/server';
-import { urlencoded, json } from 'express';
-import { createAuth0Handlers } from './handlers/auth0-handlers';
-import { person } from '@simulacrum/server';
-import { createSession } from './middleware/session';
-import path from 'path';
-import express from 'express';
-import { Options } from './types';
-import { createCors } from './middleware/create-cors';
-import { noCache } from './middleware/no-cache';
-import { createOpenIdHandlers } from './handlers/openid-handlers';
-
-
-const publicDir = path.join(__dirname, 'views', 'public');
-
-const DefaultOptions = {
-  clientId: '00000000000000000000000000000000',
-  audience: 'https://thefrontside.auth0.com/api/v1/',
-  scope: "openid profile email offline_access",
-};
-
-const createAuth0Service = (handlers: ReturnType<typeof createAuth0Handlers> & ReturnType<typeof createOpenIdHandlers>): Service => {
-  return {
-    protocol: 'https',
-    app: createHttpApp()
-          .use(express.static(publicDir))
-          .use(createSession())
-          .use(createCors())
-          .use(noCache())
-          .use(json())
-          .use(urlencoded({ extended: true }))
-          .get('/heartbeat', handlers['/heartbeat'])
-          .get('/authorize', handlers['/authorize'])
-          .get('/login', handlers['/login'])
-          .get('/u/login', handlers['/usernamepassword/login'])
-          .post('/usernamepassword/login', handlers['/usernamepassword/login'])
-          .post('/login/callback', handlers['/login/callback'])
-          .post('/oauth/token', handlers['/oauth/token'])
-          .get('/v2/logout', handlers['/v2/logout'])
-          .get('/.well-known/jwks.json', handlers['/.well-known/jwks.json'])
-          .get('/.well-known/openid-configuration', handlers['/.well-known/openid-configuration'])
-
-  } as const;
-};
-
-export const auth0: Simulator<Options> = (slice, options) => {
-  let store = slice.slice('store');
-  let services = slice.slice('services');
-
-  let handlersOptions = { ...DefaultOptions, ...options, store, services };
-
-  let auth0Handlers = createAuth0Handlers(handlersOptions);
-  let openIdHandlers = createOpenIdHandlers(handlersOptions);
-
-  return {
-    services: { auth0: createAuth0Service({ ...auth0Handlers, ...openIdHandlers }) },
-    scenarios: {
-      /**
-       * Here we just wrap the internal `person` scenario to augment
-       * it with a username and password
-       * but what we really need to have some way to _react_ to the person
-       * having been created and augment the record at that point.
-       */
-      *person(store, faker) {
-        return yield person(store, faker);
-      }
-    }
-  };
-};

package/src/middleware/create-cors.ts

@@ -1,14 +0,0 @@
-import { RequestHandler } from 'express';
-import cors from "cors";
-
-export const createCors = (): RequestHandler =>
-  cors({
-    origin: (origin, cb) => {
-      if (typeof origin === "string") {
-        return cb(null, [origin]);
-      }
-
-      cb(null, "*");
-    },
-    credentials: true,
-  });

package/src/middleware/no-cache.ts

@@ -1,7 +0,0 @@
-import type { RequestHandler } from 'express';
-
-export const noCache: () => RequestHandler = () => (_, res, next) => {
-  res.set("Pragma", "no-cache");
-  res.set("Cache-Control", "no-cache, no-store");
-  next();
-};

package/src/middleware/session.ts

@@ -1,14 +0,0 @@
-import type { RequestHandler } from 'express';
-import cookieSession from "cookie-session";
-const twentyFourHours = 24 * 60 * 60 * 1000;
-
-export const createSession = (): RequestHandler => {
-  return cookieSession({
-    name: "session",
-    keys: ["shhh"],
-    secure: true,
-    httpOnly: false,
-    maxAge: twentyFourHours,
-    sameSite: "none",
- });
-};

package/src/rules/extensionless-file-name.ts

@@ -1,4 +0,0 @@
-export const extensionlessFileName = (fileName: string): string =>
-  fileName.indexOf(".") === -1
-    ? fileName
-    : fileName.split(".").slice(0, -1).join(".");

package/src/rules/parse-rules-files.ts

@@ -1,40 +0,0 @@
-import { extensionlessFileName } from './extensionless-file-name';
-import { assert } from 'assert-ts';
-import fs from "fs";
-import path from "path";
-
-
-export function parseRulesFiles(rulesPath: string): {code: string, filename: string}[] {
-  let ruleFiles = fs
-  .readdirSync(rulesPath)
-  .filter((f) => path.extname(f) === ".js");
-
-  return ruleFiles
-    .map((r) => {
-      let filename = path.join(rulesPath, r);
-
-      let jsonFile = `${extensionlessFileName(filename)}.json`;
-
-      assert(!!jsonFile, `no corresponding rule file for ${r}`);
-
-      let rawRule = fs.readFileSync(jsonFile, 'utf8');
-
-      let {
-        enabled,
-        order = 0,
-        stage = "login_success",
-      } = JSON.parse(rawRule);
-
-      if (!enabled) {
-        return undefined;
-      }
-
-      let code = fs.readFileSync(filename, {
-        encoding: "utf-8",
-      });
-
-      return { code, filename, order, stage };
-    })
-    .flatMap(x => !!x ? x : [])
-    .sort((left, right) => left.order - right.order) ?? [];
-}

package/src/rules/rules-runner.ts

@@ -1,72 +0,0 @@
-import path from "path";
-import vm from "vm";
-import fs from 'fs';
-import { assert } from "assert-ts";
-import { parseRulesFiles } from './parse-rules-files';
-import { RuleContext, RuleUser } from './types';
-
-export type RulesRunner = <A, I>(user: RuleUser, context: RuleContext<A, I>) => void;
-
-export function createRulesRunner (rulesPath?: string): RulesRunner {
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  let callback = (_user: RuleUser, _context: RuleContext<unknown, unknown>) => {};
-
-  if(typeof rulesPath === 'undefined') {
-    return callback;
-  }
-
-  let fullPath = path.join(process.cwd(), rulesPath);
-
-  assert(fs.existsSync(fullPath), `no rules directory at ${fullPath}`);
-
-  let rules = parseRulesFiles(rulesPath);
-
-  if(rules.length === 0) {
-    return callback;
-  }
-
-  return <A, I>(user: RuleUser, context: RuleContext<A, I>) => {
-    console.debug(`applying ${rules.length} rules`);
-
-    let vmContext = vm.createContext({
-      process,
-      Buffer,
-      clearImmediate,
-      clearInterval,
-      clearTimeout,
-      setImmediate,
-      setInterval,
-      setTimeout,
-      console,
-      require,
-      module,
-      __simulator: {
-        ...{
-          user,
-          context: { ...context, },
-          callback,
-        },
-      },
-    });
-
-    for (let rule of rules) {
-      assert(typeof rule !== "undefined", "undefined rule");
-
-      let { code, filename } = rule;
-
-      console.debug(`executing rule ${path.basename(filename)}`);
-
-      let script = new vm.Script(
-        `(function(exports) {
-            (${code})(__simulator.user, __simulator.context, __simulator.callback)
-          }
-          (module.exports));
-        `
-      );
-
-      script.runInContext(vmContext, {
-        filename,
-      });
-    }
-  };
-}

package/src/rules/types.ts

@@ -1,25 +0,0 @@
-export interface RuleUser {
-  email?: string | undefined;
-  username?: string | undefined;
-  email_verified?: boolean | undefined;
-  verify_email?: boolean | undefined;
-  user_id?: string | undefined;
-  blocked?: boolean | undefined;
-  nickname?: string | undefined;
-  picture?: string | undefined;
-  password?: string | undefined;
-  phone_number?: string | undefined;
-  phone_verified?: boolean | undefined;
-  given_name?: string | undefined;
-  family_name?: string | undefined;
-  name?: string | undefined;
-}
-
-export interface RuleContext<A, I> {
-  clientID: string
-  accessToken: {
-    scope: string | string[]
-  } & A
-
-  idToken: I
-}

package/src/start.ts

@@ -1,19 +0,0 @@
-import { main } from 'effection';
-import { createSimulationServer, Server } from '@simulacrum/server';
-import { auth0 } from '.';
-
-const port = process.env.PORT ? parseInt(process.env.PORT) : undefined;
-
-main(function*() {
-  let server: Server = yield createSimulationServer({
-    seed: 1,
-    port,
-    simulators: { auth0 }
-  });
-
-  let url = `http://localhost:${server.address.port}`;
-
-  console.log(`simulation server running at ${url}`);
-
-  yield;
-});

package/src/types.ts

@@ -1,29 +0,0 @@
-import type { SimulationState, Store } from '@simulacrum/server';
-import type { Slice } from '@effection/atom';
-
-export interface Options {
-  scope: string;
-  port?: number;
-  audience: string;
-  clientId: string;
-  store: Store;
-  services: Slice<SimulationState['services']>;
-  rulesDirectory?: string;
-}
-
-export type ResponseModes = 'query' | 'web_message';
-
-export type QueryParams = {
-  state: string;
-  code: string;
-  redirect_uri: string;
-  code_challenge: string;
-  scope: string;
-  client_id: string;
-  nonce: string;
-  code_challenge_method: string;
-  response_type: string;
-  response_mode: ResponseModes;
-  auth0Client: string;
-  audience: string;
-};

package/src/views/login.ts

@@ -1,107 +0,0 @@
-const html = String.raw;
-
-interface LoginViewProps {
-  domain: string;
-  scope: string;
-  redirectUri: string;
-  clientId: string;
-  audience: string;
-  loginFailed: boolean;
-}
-
-export const loginView = ({
-  domain,
-  scope,
-  redirectUri,
-  clientId,
-  audience,
-  loginFailed = false
-}: LoginViewProps): string => {
-  return html`
-    <html lang="en">
-      <head>
-        <meta charset="UTF-8" />
-        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-        <link
-          href="https://unpkg.com/tailwindcss@^2/dist/tailwind.min.css"
-          rel="stylesheet"
-        />
-        <script src="https://cdn.auth0.com/js/auth0/9.16.0/auth0.min.js"></script>
-      </head>
-      <title>login</title>
-      <body>
-        <main class="min-h-screen flex items-center justify-center bg-white py-12 px-4 sm:px-6 lg:px-8">
-          <div class="max-w-md w-full space-y-8">
-            <div class="flex justify-center">
-              <img alt="frontside" class="bg-transparent object-contain h-16" src="/img/frontside-logo.png" />
-            </div>
-            <h1 class="flex justify-center text-4xl">Welcome</h1>
-            <h2 class="flex justify-center">Log in to continue to frontside</h2>
-            <form id="the-form" class="mt-8 space-y-6">
-              <div class="rounded-md shadow-sm -space-y-px">
-                <div>
-                  <label for="username" class="sr-only">Email address</label>
-                  <input id="username" name="username" type="email" autocomplete="email" required="" value="" class="${loginFailed ? 'border-red-500' : ''} appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-blue-500 focus:border-blue-500 focus:z-10 sm:text-sm" placeholder="Email address">
-                </div>
-                <div>
-                  <label for="password" class="sr-only">Password</label>
-                  <input id="password" name="password" type="password" autocomplete="current-password" required="" class="my-4 ${loginFailed ? 'border-red-500' : ''} appearance-none rounded-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-md focus:outline-none focus:ring-blue-500 focus:border-blue-500 focus:z-10 sm:text-sm" placeholder="Password">
-                </div>
-              </div>
-              <div class="error bg-red-500 text-white p-3 ${loginFailed ? '' : 'hidden'}">Wrong email or password</div>
-
-              <div>
-                <button id="submit" type="button" class="group relative w-full flex justify-center py-2 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500">
-                  <span class="absolute left-0 inset-y-0 flex items-center pl-3">
-                    <svg class="h-5 w-5 text-blue-500 group-hover:text-blue-400" x-description="Heroicon name: solid/lock-closed" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true">
-                      <path fill-rule="evenodd" d="M5 9V7a5 5 0 0110 0v2a2 2 0 012 2v5a2 2 0 01-2 2H5a2 2 0 01-2-2v-5a2 2 0 012-2zm8-2v2H7V7a3 3 0 016 0z" clip-rule="evenodd"></path>
-                    </svg>
-                  </span>
-                  Sign in
-                </button>
-              </div>
-            </form>
-          </div>
-        </main>
-        <script>
-          document.addEventListener('DOMContentLoaded', function(){
-            var webAuth = new window.auth0.default.WebAuth({
-              domain: '${domain}',
-              clientID: '${clientId}',
-              redirectUri: '${redirectUri}',
-              audience: '${audience}',
-              responseType: 'token id_token',
-            });
-            var form = document.querySelector('#the-form');
-            var button = document.querySelector('#sumbit');
-
-            submit.addEventListener('click', function(e) {
-              let params = new URLSearchParams(window.location.search);
-
-              var username = document.querySelector('#username');
-              var password = document.querySelector('#password');
-
-              webAuth.login(
-                {
-                  username: username.value,
-                  password: password.value,
-                  realm: 'Username-Password-Authentication',
-                  scope: '${scope}',
-                  nonce: params.get('nonce'),
-                  state: params.get('state')
-                },
-                function(err, authResult) {
-                  if (err) {
-                    [username, password].forEach(e => e.classList.add('border-red-500'));
-                    document.querySelector('.error').classList.remove('hidden');
-                  }
-                }
-              );
-            });
-          });
-
-        </script>
-      </body>
-    </html>
-  `;
-};

package/src/views/username-password.ts

@@ -1,54 +0,0 @@
-import { encode } from "html-entities";
-import { QueryParams } from '../types';
-
-export type UserNamePasswordForm = {
-  auth0Domain?: string;
-  audience?: string;
-  connection?: string;
-  response_type?: string;
-  tenant: string;
-} & Partial<QueryParams>;
-
-export const userNamePasswordForm = ({
-  auth0Domain = "/login/callback",
-  redirect_uri,
-  state,
-  nonce,
-  client_id,
-  scope,
-  audience,
-  connection,
-  response_type,
-  tenant,
-}: UserNamePasswordForm): string => {
-  let wctx = encode(
-    JSON.stringify({
-      strategy: "auth0",
-      tenant,
-      connection,
-      client_id,
-      response_type,
-      scope,
-      redirect_uri,
-      state,
-      nonce,
-      audience,
-      realm: connection,
-    })
-  );
-
-  return `
-  <form method="post" name="hiddenform" action="${auth0Domain}">
-    <input type="hidden" name="wa" value="wsignin1.0">
-    <input type="hidden" 
-           name="wresult" 
-           value="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyX2lkIjoiNjA1MzhjYWQ2YWI5ODQwMDY5OWIxZDZhIiwiZW1haWwiOiJpbXJhbi5zdWxlbWFuamlAcmVzaWRlby5jb20iLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInNpZCI6Im5zSHZTQ0lYT2NGSUZINUIyRzdVdUFEWDVQTlR4cmRPIiwiaWF0IjoxNjE2MTU0ODA0LCJleHAiOjE2MTYxNTQ4NjQsImF1ZCI6InVybjphdXRoMDpyZXNpZGVvOlVzZXJuYW1lLVBhc3N3b3JkLUF1dGhlbnRpY2F0aW9uIiwiaXNzIjoidXJuOmF1dGgwIn0.CTl0A1hDc4YrErsrFBCCEG0ekIUU3bv0x12p_vUgoyD6zOg_QhaSZjKeZI2elaeYnAi7KUcohgOP9TApj3VlQtm6GlGNuWIiQke4866FtfhufGo2_uLBWyf4nmOgbNcmhpIg2bvVJHUqM-6OCNfnzPWAoFW2_g-DeIo20WBfK2E">
-    <input type="hidden" name="wctx" value="${wctx}">
-    <noscript>
-        <p>
-            Script is disabled. Click Submit to continue.
-        </p>
-        <input type="submit" value="Submit">
-    </noscript>
-  </form>`;
-};

package/src/views/web-message.ts

@@ -1,72 +0,0 @@
-import jsesc from "jsesc";
-import { QueryParams } from '../types';
-
-export const webMessage = ({
-  state,
-  code,
-  redirect_uri,
-  nonce,
-}: Pick<
-  QueryParams,
-  "state" | "code" | "redirect_uri" | "nonce"
->): string => {
-  let data = jsesc(
-    {
-      redirect_uri,
-    },
-    { json: true, isScriptContext: true }
-  );
-
-  return `
-  <!DOCTYPE html>
-    <html lang="en">
-      <head>
-        <title>Authorization Response</title>
-      </head>
-      <body>
-      <script ${nonce ? `nonce="${nonce}"` : ""} type="application/javascript">
-        (function(window, document) {
-          var data = ${data};
-          var targetOrigin = data.redirect_uri;
-          var webMessageRequest = {};
-          
-          var authorizationResponse = {
-            type: "authorization_response",
-            response: {
-              "code":"${code}",
-              "state":"${state}"}
-            };
-            
-            var mainWin = (window.opener) ? window.opener : window.parent;
-            
-            if (webMessageRequest["web_message_uri"] && webMessageRequest["web_message_target"]) {
-              window.addEventListener("message", function(evt) {
-                if (evt.origin != targetOrigin) {
-                  return;
-                }
-                
-                switch (evt.data.type) {
-                  case "relay_response":
-                    var messageTargetWindow = evt.source.frames[webMessageRequest["web_message_target"]];
-                    
-                    if (messageTargetWindow) {
-                      messageTargetWindow.postMessage(authorizationResponse, webMessageRequest["web_message_uri"]);
-                      window.close();
-                    }
-                    break;
-                  }
-                }
-              );
-              
-              mainWin.postMessage({
-                type: "relay_request"
-              }, targetOrigin);
-            } else {
-              mainWin.postMessage(authorizationResponse, targetOrigin);
-            }
-          })(this, this.document);
-        </script>
-      </body>
-    </html>
-  `;
-};