@sphereon/ssi-express-support 0.33.1-feature.vcdm2.tsup.31 → 0.33.1-next.2

package/dist/static-bearer-auth.js

@@ -0,0 +1,146 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MapBasedStaticBearerUserProvider = exports.StaticBearerAuth = void 0;
+const passport_1 = __importDefault(require("passport"));
+const u8a = __importStar(require("uint8arrays"));
+class StaticBearerAuth {
+    static init(strategy, provider) {
+        return new StaticBearerAuth(strategy !== null && strategy !== void 0 ? strategy : 'bearer', provider !== null && provider !== void 0 ? provider : new MapBasedStaticBearerUserProvider(strategy));
+    }
+    constructor(strategy, provider) {
+        this.hashTokens = false;
+        this.strategy = strategy;
+        if (StaticBearerAuth.providers.has(strategy)) {
+            if (StaticBearerAuth.providers.get(strategy) !== provider) {
+                throw Error('Cannot register another user provider for strategy: ' + strategy);
+            }
+        }
+        else {
+            StaticBearerAuth.providers.set(strategy, provider);
+        }
+    }
+    get provider() {
+        const provider = StaticBearerAuth.providers.get(this.strategy);
+        if (!provider) {
+            throw Error('Could not get user provider for ' + this.strategy);
+        }
+        return provider;
+    }
+    withHashTokens(hashTokens) {
+        this.hashTokens = hashTokens;
+        return this;
+    }
+    withUsers(users) {
+        this.addUser(users);
+        return this;
+    }
+    addUser(user) {
+        this.provider.addUser(user);
+        return this;
+    }
+    withVerifyOptions(options) {
+        StaticBearerAuth.verifyOptions.set(this.strategy, options);
+        return this;
+    }
+    connectPassport() {
+        const _provider = this.provider;
+        function findUser(token, cb) {
+            const user = _provider.getUser(token);
+            if (user) {
+                return cb(null, user);
+            }
+            return cb('bearer token not found or incorrect', false);
+        }
+        Promise.resolve().then(() => __importStar(require('passport-http-bearer'))).then((httpBearer) => {
+            var _a;
+            const hashTokens = (_a = this.hashTokens) !== null && _a !== void 0 ? _a : false;
+            passport_1.default.use(this.strategy, new httpBearer.Strategy({ passReqToCallback: false }, function (token, cb) {
+                if (hashTokens) {
+                    Promise.resolve().then(() => __importStar(require('@noble/hashes/sha256'))).then((hash) => {
+                        findUser(u8a.toString(hash.sha256(token)), cb);
+                    })
+                        .catch((error) => {
+                        console.log(`hash problem: ${error}`);
+                        throw Error('Did you include @noble/hashes in package.json?');
+                    });
+                }
+                else {
+                    findUser(token, cb);
+                }
+            }));
+        })
+            .catch((error) => {
+            console.log(`passport-http-bearer package problem: ${error}`);
+            throw Error('Did you include passport-http-bearer in package.json?');
+        });
+    }
+}
+exports.StaticBearerAuth = StaticBearerAuth;
+StaticBearerAuth.providers = new Map();
+StaticBearerAuth.verifyOptions = new Map();
+class MapBasedStaticBearerUserProvider {
+    constructor(strategy, hashedTokens) {
+        this._users = [];
+        this._strategy = strategy;
+        this._hashedTokens = hashedTokens !== null && hashedTokens !== void 0 ? hashedTokens : false;
+    }
+    get users() {
+        return this._users;
+    }
+    get hashedTokens() {
+        return this._hashedTokens;
+    }
+    get strategy() {
+        return this._strategy;
+    }
+    getUser(token) {
+        return this.users.find((user) => user.token === token);
+    }
+    addUser(user, hashToken) {
+        const users = Array.isArray(user) ? user : [user];
+        if (hashToken) {
+            if (!this.hashedTokens) {
+                throw Error('Cannot hash token, when hashed tokens is not enabled on the user provider for strategy ' + this.strategy);
+            }
+            Promise.resolve().then(() => __importStar(require('@noble/hashes/sha256'))).then((hash) => {
+                users.forEach((user) => (user.token = u8a.toString(hash.sha256(user.token))));
+            })
+                .catch((error) => {
+                console.log(`hash problem: ${error}`);
+                throw Error('Did you include @noble/hashes in package.json?');
+            });
+        }
+        this._users.push(...users);
+    }
+    getUsers() {
+        return this._users;
+    }
+}
+exports.MapBasedStaticBearerUserProvider = MapBasedStaticBearerUserProvider;
+//# sourceMappingURL=static-bearer-auth.js.map

package/dist/static-bearer-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"static-bearer-auth.js","sourceRoot":"","sources":["../src/static-bearer-auth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA+B;AAC/B,iDAAkC;AAElC,MAAa,gBAAgB;IAMpB,MAAM,CAAC,IAAI,CAAC,QAAgB,EAAE,QAAmC;QACtE,OAAO,IAAI,gBAAgB,CAAC,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,QAAQ,EAAE,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,IAAI,gCAAgC,CAAC,QAAQ,CAAC,CAAC,CAAA;IAC/G,CAAC;IAED,YAAoB,QAAgB,EAAE,QAAkC;QANhE,eAAU,GAAa,KAAK,CAAA;QAOlC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,gBAAgB,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7C,IAAI,gBAAgB,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1D,MAAM,KAAK,CAAC,sDAAsD,GAAG,QAAQ,CAAC,CAAA;YAChF,CAAC;QACH,CAAC;aAAM,CAAC;YACN,gBAAgB,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACpD,CAAC;IACH,CAAC;IAED,IAAI,QAAQ;QACV,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC9D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,KAAK,CAAC,kCAAkC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAA;QACjE,CAAC;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,cAAc,CAAC,UAAmB;QAChC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,OAAO,IAAI,CAAA;IACb,CAAC;IAED,SAAS,CAAC,KAAgC;QACxC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO,CAAC,IAA+B;QACrC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QAC3B,OAAO,IAAI,CAAA;IACb,CAAC;IAED,iBAAiB,CAAC,OAA4C;QAC5D,gBAAgB,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;QAC1D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,eAAe;QACb,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAA;QAC/B,SAAS,QAAQ,CAAC,KAAa,EAAE,EAAkF;YACjH,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;YACrC,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;YACvB,CAAC;YACD,OAAO,EAAE,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAA;QACzD,CAAC;QAED,kDAAO,sBAAsB,IAC1B,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE;;YACnB,MAAM,UAAU,GAAG,MAAA,IAAI,CAAC,UAAU,mCAAI,KAAK,CAAA;YAC3C,kBAAQ,CAAC,GAAG,CACV,IAAI,CAAC,QAAQ,EACb,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,iBAAiB,EAAE,KAAK,EAAE,EAAE,UACpD,KAAa,EACb,EAAkF;gBAElF,IAAI,UAAU,EAAE,CAAC;oBACf,kDAAO,sBAAsB,IAC1B,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;wBACb,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;oBAChD,CAAC,CAAC;yBACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;wBACf,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,EAAE,CAAC,CAAA;wBACrC,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAA;oBAC/D,CAAC,CAAC,CAAA;gBACN,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;gBACrB,CAAC;YACH,CAAC,CAAC,CACH,CAAA;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACf,OAAO,CAAC,GAAG,CAAC,yCAAyC,KAAK,EAAE,CAAC,CAAA;YAC7D,MAAM,KAAK,CAAC,uDAAuD,CAAC,CAAA;QACtE,CAAC,CAAC,CAAA;IACN,CAAC;;AAvFH,4CAwFC;AAtFgB,0BAAS,GAA0C,IAAI,GAAG,EAAE,AAAnD,CAAmD;AAC5D,8BAAa,GAAqD,IAAI,GAAG,EAAE,AAA9D,CAA8D;AAiG5F,MAAa,gCAAgC;IAK3C,YAAY,QAAgB,EAAE,YAAsB;QAHnC,WAAM,GAAiB,EAAE,CAAA;QAIxC,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAA;QACzB,IAAI,CAAC,aAAa,GAAG,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,KAAK,CAAA;IAC5C,CAAC;IAED,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAA;IAC3B,CAAC;IAED,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAED,OAAO,CAAC,KAAa;QACnB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,KAAK,KAAK,CAAC,CAAA;IACxD,CAAC;IAED,OAAO,CAAC,IAA+B,EAAE,SAAmB;QAC1D,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;QACjD,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACvB,MAAM,KAAK,CAAC,yFAAyF,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAA;YACxH,CAAC;YACD,kDAAO,sBAAsB,IAC1B,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;gBACb,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;YAC/E,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACf,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,EAAE,CAAC,CAAA;gBACrC,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAA;YAC/D,CAAC,CAAC,CAAA;QACN,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAA;IAC5B,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;CACF;AA/CD,4EA+CC"}

package/dist/types.d.ts

@@ -0,0 +1,193 @@
+import { Enforcer } from 'casbin';
+import { Express, RequestHandler } from 'express';
+import { ParamsDictionary } from 'express-serve-static-core';
+import http from 'http';
+import { HttpTerminator } from 'http-terminator';
+import { AuthenticateCallback, Strategy } from 'passport';
+import { ParsedQs } from 'qs';
+export interface IExpressServerOpts {
+    port?: number;
+    cookieSigningKey?: string;
+    hostname?: string;
+    basePath?: string;
+    existingExpress?: Express;
+    listenCallback?: () => void;
+    startListening?: boolean;
+}
+export declare function hasEndpointOpts(opts: any): any;
+export type HasEndpointOpts = {
+    endpointOpts?: IEndpointOpts & SingleEndpoints;
+} & Record<string, any>;
+export type SingleEndpoints = Record<string, ISingleEndpointOpts | any>;
+export interface IEndpointOpts {
+    basePath?: string;
+    baseUrl?: string | URL;
+    globalAuth?: GenericAuthArgs;
+}
+export interface ExpressSupport {
+    express: Express;
+    port: number;
+    hostname: string;
+    userIsInRole?: string | string[];
+    startListening: boolean;
+    server?: http.Server;
+    enforcer?: Enforcer;
+    start: (opts?: {
+        disableErrorHandler?: boolean;
+        doNotStartListening?: boolean;
+    }) => {
+        server: http.Server;
+        terminator: HttpTerminator;
+    };
+    stop: (terminator?: HttpTerminator) => Promise<boolean>;
+}
+export interface ISingleEndpointOpts extends GenericAuthArgs {
+    endpoint?: EndpointArgs;
+    enabled?: boolean;
+    path?: string;
+    disableGlobalAuth?: boolean;
+}
+export interface GenericAuthArgs {
+    authentication?: {
+        callback?: AuthenticateCallback | ((...args: any[]) => any);
+        useDefaultCallback?: boolean;
+        enabled?: boolean;
+        strategy?: string | string[] | Strategy;
+        strategyOptions?: Record<string, any> | any;
+        authInfo?: boolean;
+        session?: boolean;
+    };
+    authorization?: {
+        enabled?: boolean;
+        requireUserInRoles?: string | string[];
+        enforcer?: Enforcer;
+    };
+}
+export interface EndpointArgs extends GenericAuthArgs {
+    resource?: string;
+    operation?: string;
+    handlers?: RequestHandler<ParamsDictionary, any, any, ParsedQs, Record<string, any>>[];
+}
+export interface BearerUser extends Express.User {
+    id: string | number;
+    name?: string;
+    token: string;
+}
+export interface IStaticBearerVerifyOptions {
+    message?: string | undefined;
+    scope: string | Array<string>;
+}
+export interface IBaseStrategyOption {
+    identityMetadata: string;
+    clientID: string;
+    isB2C?: boolean | undefined;
+    validateIssuer?: boolean | undefined;
+    issuer?: string | string[] | undefined;
+    loggingLevel?: 'info' | 'warn' | 'error' | undefined;
+    loggingNoPII?: boolean | undefined;
+    clockSkew?: number | undefined;
+}
+export interface ITokenPayload {
+    /** An App ID URI. Identifies the intended recipient of the token. */
+    aud?: string | undefined;
+    /** A security token service(STS) URI. Identifies the STS that constructs and returns the token,
+     * and the Azure AD tenant in which the user was authenticated.*/
+    iss?: string | undefined;
+    /** The identity provider that authenticated the subject of the token*/
+    idp?: string | undefined;
+    /** "Issued At" indicates when the authentication for this token occurred. */
+    iat?: number | undefined;
+    /** The "nbf" (not before) claim identifies the time before which the JWT must not be accepted for processing. */
+    nbf?: number | undefined;
+    /** The "exp" (expiration time) claim identifies the expiration time on or after which the JWT must not be accepted for processing. */
+    exp?: number | undefined;
+    /** An internal claim used by Azure AD to record data for token reuse. */
+    aio?: string | undefined;
+    /** Only present in v1.0 tokens. The "Authentication context class" claim. A value of "0" indicates the end-user authentication did not meet the requirements of ISO/IEC 29115. */
+    acr?: '0' | '1' | undefined;
+    /** Only present in v1.0 tokens. Identifies how the subject of the token was authenticated.  */
+    amr?: string[] | undefined;
+    /** Only present in v1.0 tokens. GUID represents the application ID of the client using the token. */
+    appid?: string | undefined;
+    /** Only present in v2.0 tokens. The application ID of the client using the token. */
+    azp?: string | undefined;
+    /** Only present in v1.0 tokens. Indicates how the client was authenticated. For a public client, the value is "0".
+     * If client ID and client secret are used, the value is "1". If a client certificate was used for authentication, the value is "2". */
+    appidacr?: '0' | '1' | '2' | undefined;
+    /** Only present in v2.0 tokens. Indicates how the client was authenticated.
+     * For a public client, the value is "0". If client ID and client secret are used, the value is "1". If a client certificate was used for authentication, the value is "2". */
+    azpacr?: '0' | '1' | '2' | undefined;
+    /** Only present in v2.0 tokens. The primary username that represents the user. It could be an email address, phone number, or a generic username without a specified format */
+    preferred_username?: string | undefined;
+    /** Provides a human-readable value that identifies the subject of the token.
+     * The value is not guaranteed to be unique, it is mutable, and it's designed to be used only for display purposes. The profile scope is required in order to receive this claim. */
+    name?: string | undefined;
+    /** The set of scopes exposed by your application for which the client application has requested (and received) consent. */
+    scp?: string | undefined;
+    /** The set of permissions exposed by your application that the requesting application has been given permission to call. */
+    roles?: string[] | undefined;
+    /** Provides object IDs that represent the subject's group memberships. */
+    groups?: string | string[] | undefined;
+    /** Denoting the user is in at least one group. */
+    hasgroups?: true | undefined;
+    /** The principal about which the token asserts information, such as the user of an app. This value is immutable and cannot be reassigned or reused.
+     * It can be used to perform authorization checks safely, such as when the token is used to access a resource,
+     * and can be used as a key in database tables. Because the subject is always present in the tokens that Azure AD issues,
+     * we recommend using this value in a general-purpose authorization system. The subject is, however, a pairwise identifier - it is unique to a particular application ID.   */
+    sub?: string | undefined;
+    /** GUID represents a user. This ID uniquely identifies the user across applications. */
+    oid?: string | undefined;
+    /** Represents the Azure AD tenant that the user is from. */
+    tid?: string | undefined;
+    /** Only present in v1.0 tokens. Provides a human readable value that identifies the subject of the token.  */
+    unique_name?: string | undefined;
+    /** An internal claim used by Azure to revalidate tokens. */
+    uti?: string | undefined;
+    /** An internal claim used by Azure to revalidate tokens. */
+    rh?: string | undefined;
+    /** Indicates the version of the access token. */
+    ver?: '1.0' | '2.0' | undefined;
+    /** v1.0 basic claims */
+    /** The IP address the user authenticated from. */
+    ipaddr?: string | undefined;
+    /** In cases where the user has an on-premises authentication, this claim provides their SID. */
+    onprem_sid?: string | undefined;
+    /** Indicates when the user's password expires. */
+    pwd_exp?: number | undefined;
+    /** A URL where users can be sent to reset their password. */
+    pwd_url?: string | undefined;
+    /** Signals if the client is logging in from the corporate network. If they aren't, the claim isn't included. */
+    in_corp?: string | undefined;
+    /** An additional name for the user, separate from first or last name */
+    nickname?: string | undefined;
+    /** Provides the last name, surname, or family name of the user as defined on the user object. */
+    family_name?: string | undefined;
+    /** Provides the first or given name of the user, as set on the user object. */
+    given_name?: string | undefined;
+    /** The username of the user. May be a phone number, email address, or unformatted string. */
+    upn?: string | undefined;
+}
+export interface IBaseStrategyOption {
+    identityMetadata: string;
+    clientID: string;
+    isB2C?: boolean | undefined;
+    validateIssuer?: boolean | undefined;
+    issuer?: string | string[] | undefined;
+    loggingLevel?: 'info' | 'warn' | 'error' | undefined;
+    loggingNoPII?: boolean | undefined;
+    clockSkew?: number | undefined;
+}
+export interface IBearerStrategyOption extends IBaseStrategyOption {
+    audience?: string | string[] | undefined;
+    policyName?: String | undefined;
+    allowMultiAudiencesInToken?: boolean | undefined;
+    scope?: string[] | undefined;
+}
+export interface IBearerStrategyOptionWithRequest extends IBearerStrategyOption {
+    passReqToCallback: boolean;
+}
+export type VerifyBearerFunction = (token: ITokenPayload, done: VerifyCallback) => void;
+export interface VerifyCallback {
+    (error: any, user?: any, info?: any): void;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAA;AACjC,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAChD,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAA;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAA;AAE7B,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,eAAe,CAAC,EAAE,OAAO,CAAA;IACzB,cAAc,CAAC,EAAE,MAAM,IAAI,CAAA;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAA;CAEzB;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,GAAG,OAExC;AAED,MAAM,MAAM,eAAe,GAAG;IAAE,YAAY,CAAC,EAAE,aAAa,GAAG,eAAe,CAAA;CAAE,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAEtG,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,GAAG,CAAC,CAAA;AACvE,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,OAAO,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;IACtB,UAAU,CAAC,EAAE,eAAe,CAAA;CAC7B;AACD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IAChC,cAAc,EAAE,OAAO,CAAA;IACvB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE;QAAE,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAAC,mBAAmB,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK;QAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC;QAAC,UAAU,EAAE,cAAc,CAAA;KAAE,CAAA;IACvI,IAAI,EAAE,CAAC,UAAU,CAAC,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;CACxD;AAED,MAAM,WAAW,mBAAoB,SAAQ,eAAe;IAC1D,QAAQ,CAAC,EAAE,YAAY,CAAA;IACvB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,CAAC,EAAE;QACf,QAAQ,CAAC,EAAE,oBAAoB,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAC,CAAA;QAC3D,kBAAkB,CAAC,EAAE,OAAO,CAAA;QAC5B,OAAO,CAAC,EAAE,OAAO,CAAA;QACjB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,QAAQ,CAAA;QACvC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,CAAA;QAC3C,QAAQ,CAAC,EAAE,OAAO,CAAA;QAClB,OAAO,CAAC,EAAE,OAAO,CAAA;KAClB,CAAA;IACD,aAAa,CAAC,EAAE;QACd,OAAO,CAAC,EAAE,OAAO,CAAA;QACjB,kBAAkB,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;QACtC,QAAQ,CAAC,EAAE,QAAQ,CAAA;KACpB,CAAA;CACF;AAED,MAAM,WAAW,YAAa,SAAQ,eAAe;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,QAAQ,CAAC,EAAE,cAAc,CAAC,gBAAgB,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAA;CACvF;AAED,MAAM,WAAW,UAAW,SAAQ,OAAO,CAAC,IAAI;IAC9C,EAAE,EAAE,MAAM,GAAG,MAAM,CAAA;IACnB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,0BAA0B;IACzC,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,KAAK,EAAE,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAA;CAC9B;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAA;IACxB,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC3B,cAAc,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IACpC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAA;IACtC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAA;IACpD,YAAY,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAClC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC/B;AAED,MAAM,WAAW,aAAa;IAC5B,qEAAqE;IACrE,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB;qEACiE;IACjE,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,uEAAuE;IACvE,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,iHAAiH;IACjH,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,sIAAsI;IACtI,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,yEAAyE;IACzE,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,kLAAkL;IAClL,GAAG,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,SAAS,CAAA;IAC3B,+FAA+F;IAC/F,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAA;IAC1B,qGAAqG;IACrG,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,qFAAqF;IACrF,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB;2IACuI;IACvI,QAAQ,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,SAAS,CAAA;IACtC;kLAC8K;IAC9K,MAAM,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,SAAS,CAAA;IACpC,+KAA+K;IAC/K,kBAAkB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACvC;wLACoL;IACpL,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACzB,2HAA2H;IAC3H,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,4HAA4H;IAC5H,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAA;IAC5B,0EAA0E;IAC1E,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAA;IACtC,kDAAkD;IAClD,SAAS,CAAC,EAAE,IAAI,GAAG,SAAS,CAAA;IAC5B;;;kLAG8K;IAC9K,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,wFAAwF;IACxF,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,4DAA4D;IAC5D,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,8GAA8G;IAC9G,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,4DAA4D;IAC5D,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxB,4DAA4D;IAC5D,EAAE,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACvB,iDAAiD;IACjD,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,SAAS,CAAA;IAE/B,wBAAwB;IAExB,kDAAkD;IAClD,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,gGAAgG;IAChG,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC/B,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,gHAAgH;IAChH,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC5B,wEAAwE;IACxE,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,iGAAiG;IACjG,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAChC,+EAA+E;IAC/E,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC/B,6FAA6F;IAC7F,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACzB;AACD,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAA;IACxB,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAC3B,cAAc,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IACpC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAA;IACtC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAA;IACpD,YAAY,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAClC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC/B;AAED,MAAM,WAAW,qBAAsB,SAAQ,mBAAmB;IAChE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAA;IACxC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC/B,0BAA0B,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;IAChD,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAA;CAC7B;AAED,MAAM,WAAW,gCAAiC,SAAQ,qBAAqB;IAC7E,iBAAiB,EAAE,OAAO,CAAA;CAC3B;AACD,MAAM,MAAM,oBAAoB,GAAG,CAAC,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,cAAc,KAAK,IAAI,CAAA;AACvF,MAAM,WAAW,cAAc;IAC7B,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,GAAG,GAAG,IAAI,CAAA;CAC3C"}

package/dist/types.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasEndpointOpts = hasEndpointOpts;
+function hasEndpointOpts(opts) {
+    return 'endpointOpts' in opts && opts.endpointOpts;
+}
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";;AAmBA,0CAEC;AAFD,SAAgB,eAAe,CAAC,IAAS;IACvC,OAAO,cAAc,IAAI,IAAI,IAAI,IAAI,CAAC,YAAY,CAAA;AACpD,CAAC"}

package/package.json

@@ -1,28 +1,16 @@
 {
   "name": "@sphereon/ssi-express-support",
-  "version": "0.33.1-feature.vcdm2.tsup.31+71b615ad",
+  "version": "0.33.1-next.2+6f7f40b9",
   "source": "src/index.ts",
-  "type": "module",
-  "main": "./dist/index.cjs",
-  "module": "./dist/index.js",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    "import": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.js"
-    },
-    "require": {
-      "types": "./dist/index.d.cts",
-      "require": "./dist/index.cjs"
-    }
-  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "scripts": {
-    "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json",
+    "build": "tsc --build",
+    "build:clean": "tsc --build --clean && tsc --build",
     "start:dev": "cross-env ENVIRONMENT=dev NODE_ENV=local ts-node __tests__/index.ts",
     "start:energyshr": "cross-env ENVIRONMENT=EnergySHR NODE_ENV=energyshr node --experimental-specifier-resolution=node --loader ts-node/esm __tests__/index.ts"
   },
   "dependencies": {
-    "@sphereon/ssi-types": "^0.33.1-feature.vcdm2.tsup.31+71b615ad",
     "body-parser": "^1.20.2",
     "casbin": "^5.30.0",
     "cookie-session": "^2.1.0",
@@ -53,7 +41,7 @@
     "@types/qs": "^6.9.15",
     "cross-env": "^7.0.3",
     "jose": "^4.15.9",
-    "typescript": "5.8.3"
+    "typescript": "5.4.2"
   },
   "peerDependencies": {
     "@noble/hashes": "1.6.1",
@@ -72,8 +60,8 @@
     }
   },
   "files": [
-    "dist",
-    "src",
+    "dist/**/*",
+    "src/**/*",
     "README.md",
     "LICENSE"
   ],
@@ -88,5 +76,6 @@
     "SSI",
     "Agent"
   ],
-  "gitHead": "71b615adbfef8ecd843edb2f3d0c58cb6453cff9"
+  "nx": {},
+  "gitHead": "6f7f40b94beb385369fede046c3912bd0c053408"
 }

package/src/openid-connect-rp.ts

@@ -2,7 +2,6 @@ import { TAgent } from '@veramo/core'
 import express, { Express, NextFunction, Router } from 'express'
 import { BaseClient, ClientMetadata, ClientOptions, Issuer } from 'openid-client'
 import passport from 'passport'
-import { JsonWebKey } from '@sphereon/ssi-types'
 import { copyGlobalAuthToEndpoints, isUserAuthenticated } from './auth-utils'
 import { sendErrorResponse } from './express-utils'
 import { env } from './functions'

package/src/static-bearer-auth.ts

@@ -1,8 +1,6 @@
 import passport from 'passport'
-// @ts-ignore
-import { toString } from 'uint8arrays/to-string'
+import * as u8a from 'uint8arrays'
 import { BearerUser, IStaticBearerVerifyOptions } from './types'
-
 export class StaticBearerAuth {
   private readonly strategy: string
   private static providers: Map<string, StaticBearerUserProvider> = new Map()
@@ -74,7 +72,7 @@ export class StaticBearerAuth {
             if (hashTokens) {
               import('@noble/hashes/sha256')
                 .then((hash) => {
-                  findUser(toString(hash.sha256(token)), cb)
+                  findUser(u8a.toString(hash.sha256(token)), cb)
                 })
                 .catch((error) => {
                   console.log(`hash problem: ${error}`)
@@ -137,7 +135,7 @@ export class MapBasedStaticBearerUserProvider implements StaticBearerUserProvide
       }
       import('@noble/hashes/sha256')
         .then((hash) => {
-          users.forEach((user) => (user.token = toString(hash.sha256(user.token))))
+          users.forEach((user) => (user.token = u8a.toString(hash.sha256(user.token))))
         })
         .catch((error) => {
           console.log(`hash problem: ${error}`)