npm - @stackwright-pro/auth - Versions diffs - 0.2.0-alpha.1 → 0.2.0-alpha.2 - Mend

@stackwright-pro/auth 0.2.0-alpha.1 → 0.2.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.mjs CHANGED Viewed

@@ -1,86 +1,11 @@
-import { z } from 'zod';
+export { authConfigSchema, authSessionSchema, authUserSchema, componentAuthSchema, oidcConfigSchema, pkiConfigSchema, rbacConfigSchema } from '@stackwright-pro/types';
 import { X509Certificate } from '@peculiar/x509';
 import * as crypto3 from 'crypto';
 import * as jose3 from 'jose';
 import { createContext, useContext, useMemo } from 'react';
 import { jsx } from 'react/jsx-runtime';
-// src/schemas/auth-schemas.ts
-var pkiConfigSchema = z.object({
-  type: z.literal("pki"),
-  profile: z.enum(["dod_cac", "piv", "custom"]),
-  source: z.enum(["gateway_headers", "direct_tls"]),
-  headerPrefix: z.string().optional().default("x-client-cert-"),
-  verifiedHeader: z.string().optional().default("x-client-cert-verified"),
-  requiredValue: z.string().optional().default("SUCCESS"),
-  caChain: z.string().optional(),
-  requiredOU: z.array(z.string()).optional(),
-  allowedIssuers: z.array(z.string()).optional(),
-  headerSigning: z.object({
-    secret: z.string().min(32, "Header signing secret must be at least 32 characters"),
-    signatureHeader: z.string().optional(),
-    timestampHeader: z.string().optional(),
-    maxAge: z.number().min(5).max(300).optional(),
-    headerPrefix: z.string().optional()
-  }).optional().describe("HMAC signing config for verifying gateway-provided cert headers")
-});
-var oidcConfigSchema = z.object({
-  type: z.literal("oidc"),
-  provider: z.enum(["cognito", "azure_ad", "authentik", "keycloak", "okta", "auth0", "custom"]),
-  discoveryUrl: z.string().url(),
-  clientId: z.string(),
-  clientSecret: z.string(),
-  redirectUri: z.string().optional(),
-  claimsMapping: z.object({
-    user_id: z.string().optional(),
-    email: z.string().optional(),
-    name: z.string().optional(),
-    roles: z.string().optional()
-  }).optional(),
-  quirks: z.object({
-    skipIssuerCheck: z.boolean().optional(),
-    useRefreshTokenRotation: z.boolean().optional()
-  }).optional(),
-  requireState: z.boolean().optional().describe(
-    "When true (default), authenticate() throws if expectedState is missing from context."
-  )
-});
-var authConfigSchema = z.discriminatedUnion("type", [pkiConfigSchema, oidcConfigSchema]);
-var componentAuthSchema = z.object({
-  required_roles: z.array(z.string()).optional(),
-  required_permissions: z.array(z.string()).optional(),
-  fallback: z.enum(["hide", "placeholder", "message"]).optional().default("hide"),
-  fallback_message: z.string().optional()
-}).optional();
-var rbacConfigSchema = z.object({
-  roles: z.array(
-    z.object({
-      name: z.string(),
-      permissions: z.array(z.string()).optional()
-    })
-  ),
-  protected_routes: z.array(
-    z.object({
-      path: z.string(),
-      roles: z.array(z.string())
-    })
-  ).optional(),
-  public_routes: z.array(z.string()).optional()
-});
-var authUserSchema = z.object({
-  id: z.string(),
-  email: z.string().email().optional(),
-  name: z.string().optional(),
-  roles: z.array(z.string()),
-  permissions: z.array(z.string()).optional(),
-  metadata: z.record(z.string(), z.any()).optional()
-});
-var authSessionSchema = z.object({
-  user: authUserSchema,
-  expiresAt: z.number(),
-  issuedAt: z.number(),
-  refreshToken: z.string().optional()
-});
+// src/schemas/index.ts
 function parseCertificate(pemOrDer) {
   const cert = new X509Certificate(pemOrDer);
   const subjectAttrs = cert.subject.split(",").map((s) => s.trim());
@@ -1615,6 +1540,6 @@ function hasAuthConfig(item) {
   return "auth" in item;
 }
-export { AuditEventType, AuthContext, AuthProvider, CompositeAuditLogger, ConsoleAuditLogger, DOD_CAC_PROFILE, InMemoryRevocationStore, KeycloakAdapter, NoopAuditLogger, OIDCProvider, PKIProvider, RBACEngine, SessionManager, authConfigSchema, authSessionSchema, authUserSchema, buildAuthorizationUrl, clearCookie, componentAuthSchema, createAuditEvent, createDoDCACConfig, createDoDCACDevConfig, decryptToken, deriveEncryptionKey, discoverOIDC, encryptToken, exchangeCodeForTokens, extractEDIPI, generateCodeChallenge, generateCodeVerifier, generateJti, generateNonce, generateState, getAuthDecorator, hasAuthConfig, maybeWrapWithAuth, oidcConfigSchema, parseCertFromHeaders, parseCertificate, parseCookies, pkiConfigSchema, rbacConfigSchema, refreshAccessToken, registerAuthDecorator, serializeCookie, signCertHeaders, useAuth, useRequireAuth, validateDoDCAC, validateIdToken, verifyCertHeaders, verifyState, withAuth, withAuthFallback };
+export { AuditEventType, AuthContext, AuthProvider, CompositeAuditLogger, ConsoleAuditLogger, DOD_CAC_PROFILE, InMemoryRevocationStore, KeycloakAdapter, NoopAuditLogger, OIDCProvider, PKIProvider, RBACEngine, SessionManager, buildAuthorizationUrl, clearCookie, createAuditEvent, createDoDCACConfig, createDoDCACDevConfig, decryptToken, deriveEncryptionKey, discoverOIDC, encryptToken, exchangeCodeForTokens, extractEDIPI, generateCodeChallenge, generateCodeVerifier, generateJti, generateNonce, generateState, getAuthDecorator, hasAuthConfig, maybeWrapWithAuth, parseCertFromHeaders, parseCertificate, parseCookies, refreshAccessToken, registerAuthDecorator, serializeCookie, signCertHeaders, useAuth, useRequireAuth, validateDoDCAC, validateIdToken, verifyCertHeaders, verifyState, withAuth, withAuthFallback };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map