@strapi/core 0.0.0-experimental.8478bb287dfba93afd007cad7697c0f88853a2d8 → 0.0.0-experimental.848e0ac442910c1ad22a7c5eaab07088827fb53c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @strapi/core might be problematic. Click here for more details.

Files changed (190) hide show
  1. package/dist/Strapi.d.ts +1 -0
  2. package/dist/Strapi.d.ts.map +1 -1
  3. package/dist/Strapi.js +20 -4
  4. package/dist/Strapi.js.map +1 -1
  5. package/dist/Strapi.mjs +20 -4
  6. package/dist/Strapi.mjs.map +1 -1
  7. package/dist/configuration/config-loader.js.map +1 -1
  8. package/dist/configuration/config-loader.mjs.map +1 -1
  9. package/dist/configuration/urls.js.map +1 -1
  10. package/dist/configuration/urls.mjs.map +1 -1
  11. package/dist/constants.d.ts +3 -0
  12. package/dist/constants.d.ts.map +1 -0
  13. package/dist/constants.js +6 -0
  14. package/dist/constants.js.map +1 -0
  15. package/dist/constants.mjs +4 -0
  16. package/dist/constants.mjs.map +1 -0
  17. package/dist/container.js.map +1 -1
  18. package/dist/container.mjs.map +1 -1
  19. package/dist/core-api/routes/index.js.map +1 -1
  20. package/dist/core-api/routes/index.mjs.map +1 -1
  21. package/dist/core-api/routes/validation/mappers.d.ts.map +1 -1
  22. package/dist/core-api/routes/validation/mappers.js +35 -0
  23. package/dist/core-api/routes/validation/mappers.js.map +1 -1
  24. package/dist/core-api/routes/validation/mappers.mjs +35 -0
  25. package/dist/core-api/routes/validation/mappers.mjs.map +1 -1
  26. package/dist/core-api/routes/validation/utils.js.map +1 -1
  27. package/dist/core-api/routes/validation/utils.mjs.map +1 -1
  28. package/dist/core-api/service/collection-type.js.map +1 -1
  29. package/dist/core-api/service/collection-type.mjs.map +1 -1
  30. package/dist/core-api/service/single-type.js.map +1 -1
  31. package/dist/core-api/service/single-type.mjs.map +1 -1
  32. package/dist/domain/content-type/index.js.map +1 -1
  33. package/dist/domain/content-type/index.mjs.map +1 -1
  34. package/dist/domain/module/index.js.map +1 -1
  35. package/dist/domain/module/index.mjs.map +1 -1
  36. package/dist/ee/index.js.map +1 -1
  37. package/dist/ee/index.mjs.map +1 -1
  38. package/dist/ee/license.js +1 -2
  39. package/dist/ee/license.js.map +1 -1
  40. package/dist/ee/license.mjs +1 -2
  41. package/dist/ee/license.mjs.map +1 -1
  42. package/dist/loaders/apis.js.map +1 -1
  43. package/dist/loaders/apis.mjs.map +1 -1
  44. package/dist/loaders/components.js.map +1 -1
  45. package/dist/loaders/components.mjs.map +1 -1
  46. package/dist/loaders/plugins/get-enabled-plugins.js.map +1 -1
  47. package/dist/loaders/plugins/get-enabled-plugins.mjs.map +1 -1
  48. package/dist/loaders/plugins/index.js +1 -1
  49. package/dist/loaders/plugins/index.js.map +1 -1
  50. package/dist/loaders/plugins/index.mjs +1 -1
  51. package/dist/loaders/plugins/index.mjs.map +1 -1
  52. package/dist/loaders/src-index.js.map +1 -1
  53. package/dist/loaders/src-index.mjs.map +1 -1
  54. package/dist/middlewares/logger.js.map +1 -1
  55. package/dist/middlewares/logger.mjs.map +1 -1
  56. package/dist/middlewares/response-time.js.map +1 -1
  57. package/dist/middlewares/response-time.mjs.map +1 -1
  58. package/dist/middlewares/security.d.ts.map +1 -1
  59. package/dist/middlewares/security.js +2 -15
  60. package/dist/middlewares/security.js.map +1 -1
  61. package/dist/middlewares/security.mjs +2 -15
  62. package/dist/middlewares/security.mjs.map +1 -1
  63. package/dist/migrations/database/5.0.0-discard-drafts.d.ts +21 -7
  64. package/dist/migrations/database/5.0.0-discard-drafts.d.ts.map +1 -1
  65. package/dist/migrations/database/5.0.0-discard-drafts.js +1144 -60
  66. package/dist/migrations/database/5.0.0-discard-drafts.js.map +1 -1
  67. package/dist/migrations/database/5.0.0-discard-drafts.mjs +1145 -61
  68. package/dist/migrations/database/5.0.0-discard-drafts.mjs.map +1 -1
  69. package/dist/migrations/first-published-at.js.map +1 -1
  70. package/dist/migrations/first-published-at.mjs.map +1 -1
  71. package/dist/package.json.js +13 -12
  72. package/dist/package.json.js.map +1 -1
  73. package/dist/package.json.mjs +13 -12
  74. package/dist/package.json.mjs.map +1 -1
  75. package/dist/providers/index.d.ts.map +1 -1
  76. package/dist/providers/index.js +2 -0
  77. package/dist/providers/index.js.map +1 -1
  78. package/dist/providers/index.mjs +2 -0
  79. package/dist/providers/index.mjs.map +1 -1
  80. package/dist/providers/session-manager.d.ts +3 -0
  81. package/dist/providers/session-manager.d.ts.map +1 -0
  82. package/dist/providers/session-manager.js +23 -0
  83. package/dist/providers/session-manager.js.map +1 -0
  84. package/dist/providers/session-manager.mjs +21 -0
  85. package/dist/providers/session-manager.mjs.map +1 -0
  86. package/dist/registries/apis.js.map +1 -1
  87. package/dist/registries/apis.mjs.map +1 -1
  88. package/dist/registries/custom-fields.js.map +1 -1
  89. package/dist/registries/custom-fields.mjs.map +1 -1
  90. package/dist/registries/namespace.js.map +1 -1
  91. package/dist/registries/namespace.mjs.map +1 -1
  92. package/dist/registries/plugins.js.map +1 -1
  93. package/dist/registries/plugins.mjs.map +1 -1
  94. package/dist/registries/policies.js.map +1 -1
  95. package/dist/registries/policies.mjs.map +1 -1
  96. package/dist/services/config.js.map +1 -1
  97. package/dist/services/config.mjs.map +1 -1
  98. package/dist/services/content-api/index.js.map +1 -1
  99. package/dist/services/content-api/index.mjs.map +1 -1
  100. package/dist/services/content-api/permissions/index.js.map +1 -1
  101. package/dist/services/content-api/permissions/index.mjs.map +1 -1
  102. package/dist/services/content-source-maps.d.ts +2 -1
  103. package/dist/services/content-source-maps.d.ts.map +1 -1
  104. package/dist/services/content-source-maps.js +34 -9
  105. package/dist/services/content-source-maps.js.map +1 -1
  106. package/dist/services/content-source-maps.mjs +34 -9
  107. package/dist/services/content-source-maps.mjs.map +1 -1
  108. package/dist/services/core-store.js.map +1 -1
  109. package/dist/services/core-store.mjs.map +1 -1
  110. package/dist/services/document-service/components.d.ts +31 -1
  111. package/dist/services/document-service/components.d.ts.map +1 -1
  112. package/dist/services/document-service/components.js +109 -0
  113. package/dist/services/document-service/components.js.map +1 -1
  114. package/dist/services/document-service/components.mjs +107 -1
  115. package/dist/services/document-service/components.mjs.map +1 -1
  116. package/dist/services/document-service/repository.d.ts.map +1 -1
  117. package/dist/services/document-service/repository.js +5 -1
  118. package/dist/services/document-service/repository.js.map +1 -1
  119. package/dist/services/document-service/repository.mjs +6 -2
  120. package/dist/services/document-service/repository.mjs.map +1 -1
  121. package/dist/services/document-service/transform/fields.js.map +1 -1
  122. package/dist/services/document-service/transform/fields.mjs.map +1 -1
  123. package/dist/services/document-service/transform/id-map.js.map +1 -1
  124. package/dist/services/document-service/transform/id-map.mjs.map +1 -1
  125. package/dist/services/document-service/utils/clean-component-join-table.d.ts +7 -0
  126. package/dist/services/document-service/utils/clean-component-join-table.d.ts.map +1 -0
  127. package/dist/services/document-service/utils/clean-component-join-table.js +145 -0
  128. package/dist/services/document-service/utils/clean-component-join-table.js.map +1 -0
  129. package/dist/services/document-service/utils/clean-component-join-table.mjs +143 -0
  130. package/dist/services/document-service/utils/clean-component-join-table.mjs.map +1 -0
  131. package/dist/services/document-service/utils/unidirectional-relations.d.ts +19 -2
  132. package/dist/services/document-service/utils/unidirectional-relations.d.ts.map +1 -1
  133. package/dist/services/document-service/utils/unidirectional-relations.js +21 -6
  134. package/dist/services/document-service/utils/unidirectional-relations.js.map +1 -1
  135. package/dist/services/document-service/utils/unidirectional-relations.mjs +21 -6
  136. package/dist/services/document-service/utils/unidirectional-relations.mjs.map +1 -1
  137. package/dist/services/entity-service/index.js.map +1 -1
  138. package/dist/services/entity-service/index.mjs.map +1 -1
  139. package/dist/services/entity-validator/blocks-validator.js.map +1 -1
  140. package/dist/services/entity-validator/blocks-validator.mjs.map +1 -1
  141. package/dist/services/entity-validator/index.js.map +1 -1
  142. package/dist/services/entity-validator/index.mjs.map +1 -1
  143. package/dist/services/metrics/index.js +2 -1
  144. package/dist/services/metrics/index.js.map +1 -1
  145. package/dist/services/metrics/index.mjs +2 -1
  146. package/dist/services/metrics/index.mjs.map +1 -1
  147. package/dist/services/metrics/middleware.d.ts +2 -1
  148. package/dist/services/metrics/middleware.d.ts.map +1 -1
  149. package/dist/services/metrics/middleware.js +2 -2
  150. package/dist/services/metrics/middleware.js.map +1 -1
  151. package/dist/services/metrics/middleware.mjs +2 -2
  152. package/dist/services/metrics/middleware.mjs.map +1 -1
  153. package/dist/services/metrics/sender.d.ts.map +1 -1
  154. package/dist/services/metrics/sender.js +2 -1
  155. package/dist/services/metrics/sender.js.map +1 -1
  156. package/dist/services/metrics/sender.mjs +2 -1
  157. package/dist/services/metrics/sender.mjs.map +1 -1
  158. package/dist/services/server/compose-endpoint.js.map +1 -1
  159. package/dist/services/server/compose-endpoint.mjs.map +1 -1
  160. package/dist/services/server/index.js.map +1 -1
  161. package/dist/services/server/index.mjs.map +1 -1
  162. package/dist/services/server/middleware.js.map +1 -1
  163. package/dist/services/server/middleware.mjs.map +1 -1
  164. package/dist/services/server/register-routes.js.map +1 -1
  165. package/dist/services/server/register-routes.mjs.map +1 -1
  166. package/dist/services/server/routing.js.map +1 -1
  167. package/dist/services/server/routing.mjs.map +1 -1
  168. package/dist/services/session-manager.d.ts +167 -0
  169. package/dist/services/session-manager.d.ts.map +1 -0
  170. package/dist/services/session-manager.js +529 -0
  171. package/dist/services/session-manager.js.map +1 -0
  172. package/dist/services/session-manager.mjs +526 -0
  173. package/dist/services/session-manager.mjs.map +1 -0
  174. package/dist/services/webhook-runner.js +2 -2
  175. package/dist/services/webhook-runner.js.map +1 -1
  176. package/dist/services/webhook-runner.mjs +2 -2
  177. package/dist/services/webhook-runner.mjs.map +1 -1
  178. package/dist/services/worker-queue.js +2 -2
  179. package/dist/services/worker-queue.js.map +1 -1
  180. package/dist/services/worker-queue.mjs +2 -2
  181. package/dist/services/worker-queue.mjs.map +1 -1
  182. package/dist/utils/fetch.js.map +1 -1
  183. package/dist/utils/fetch.mjs.map +1 -1
  184. package/dist/utils/filepath-to-prop-path.js.map +1 -1
  185. package/dist/utils/filepath-to-prop-path.mjs.map +1 -1
  186. package/dist/utils/load-config-file.js.map +1 -1
  187. package/dist/utils/load-config-file.mjs.map +1 -1
  188. package/dist/utils/startup-logger.js.map +1 -1
  189. package/dist/utils/startup-logger.mjs.map +1 -1
  190. package/package.json +13 -12
package/dist/services/session-manager.mjs ADDED
@@ -0,0 +1,526 @@
1
+ import crypto from 'crypto';
2
+ import jwt from 'jsonwebtoken';
3
+ import { DEFAULT_ALGORITHM } from '../constants.mjs';
4
+
5
+ class DatabaseSessionProvider {
6
+ async create(session) {
7
+ const result = await this.db.query(this.contentType).create({
8
+ data: session
9
+ });
10
+ return result;
11
+ }
12
+ async findBySessionId(sessionId) {
13
+ const result = await this.db.query(this.contentType).findOne({
14
+ where: {
15
+ sessionId
16
+ }
17
+ });
18
+ return result;
19
+ }
20
+ async updateBySessionId(sessionId, data) {
21
+ await this.db.query(this.contentType).update({
22
+ where: {
23
+ sessionId
24
+ },
25
+ data
26
+ });
27
+ }
28
+ async deleteBySessionId(sessionId) {
29
+ await this.db.query(this.contentType).delete({
30
+ where: {
31
+ sessionId
32
+ }
33
+ });
34
+ }
35
+ async deleteExpired() {
36
+ await this.db.query(this.contentType).deleteMany({
37
+ where: {
38
+ absoluteExpiresAt: {
39
+ $lt: new Date()
40
+ }
41
+ }
42
+ });
43
+ }
44
+ async deleteBy(criteria) {
45
+ await this.db.query(this.contentType).deleteMany({
46
+ where: {
47
+ ...criteria.userId ? {
48
+ userId: criteria.userId
49
+ } : {},
50
+ ...criteria.origin ? {
51
+ origin: criteria.origin
52
+ } : {},
53
+ ...criteria.deviceId ? {
54
+ deviceId: criteria.deviceId
55
+ } : {}
56
+ }
57
+ });
58
+ }
59
+ constructor(db, contentType){
60
+ this.db = db;
61
+ this.contentType = contentType;
62
+ }
63
+ }
64
+ class OriginSessionManager {
65
+ async generateRefreshToken(userId, deviceId, options) {
66
+ return this.sessionManager.generateRefreshToken(userId, deviceId, this.origin, options);
67
+ }
68
+ async generateAccessToken(refreshToken) {
69
+ return this.sessionManager.generateAccessToken(refreshToken, this.origin);
70
+ }
71
+ async rotateRefreshToken(refreshToken) {
72
+ return this.sessionManager.rotateRefreshToken(refreshToken, this.origin);
73
+ }
74
+ validateAccessToken(token) {
75
+ return this.sessionManager.validateAccessToken(token, this.origin);
76
+ }
77
+ async validateRefreshToken(token) {
78
+ return this.sessionManager.validateRefreshToken(token, this.origin);
79
+ }
80
+ async invalidateRefreshToken(userId, deviceId) {
81
+ return this.sessionManager.invalidateRefreshToken(this.origin, userId, deviceId);
82
+ }
83
+ /**
84
+ * Returns true when a session exists and is not expired for this origin.
85
+ * If the session exists but is expired, it will be deleted as part of this check.
86
+ */ async isSessionActive(sessionId) {
87
+ return this.sessionManager.isSessionActive(sessionId, this.origin);
88
+ }
89
+ constructor(sessionManager, origin){
90
+ this.sessionManager = sessionManager;
91
+ this.origin = origin;
92
+ }
93
+ }
94
+ class SessionManager {
95
+ /**
96
+ * Define configuration for a specific origin
97
+ */ defineOrigin(origin, config) {
98
+ this.originConfigs.set(origin, config);
99
+ }
100
+ /**
101
+ * Check if an origin is defined
102
+ */ hasOrigin(origin) {
103
+ return this.originConfigs.has(origin);
104
+ }
105
+ /**
106
+ * Get configuration for a specific origin, throw error if not defined
107
+ */ getConfigForOrigin(origin) {
108
+ const originConfig = this.originConfigs.get(origin);
109
+ if (originConfig) {
110
+ return originConfig;
111
+ }
112
+ throw new Error(`SessionManager: Origin '${origin}' is not defined. Please define it using defineOrigin('${origin}', config).`);
113
+ }
114
+ /**
115
+ * Get the appropriate JWT key based on the algorithm
116
+ */ getJwtKey(config, algorithm, operation) {
117
+ const isAsymmetric = algorithm.startsWith('RS') || algorithm.startsWith('ES') || algorithm.startsWith('PS');
118
+ if (isAsymmetric) {
119
+ // For asymmetric algorithms, check if user has provided proper key configuration
120
+ if (operation === 'sign') {
121
+ const privateKey = config.jwtOptions?.privateKey;
122
+ if (privateKey) {
123
+ return privateKey;
124
+ }
125
+ throw new Error(`SessionManager: Private key is required for asymmetric algorithm ${algorithm}. Please configure admin.auth.options.privateKey.`);
126
+ } else {
127
+ const publicKey = config.jwtOptions?.publicKey;
128
+ if (publicKey) {
129
+ return publicKey;
130
+ }
131
+ throw new Error(`SessionManager: Public key is required for asymmetric algorithm ${algorithm}. Please configure admin.auth.options.publicKey.`);
132
+ }
133
+ } else {
134
+ if (!config.jwtSecret) {
135
+ throw new Error(`SessionManager: Secret key is required for symmetric algorithm ${algorithm}`);
136
+ }
137
+ return config.jwtSecret;
138
+ }
139
+ }
140
+ generateSessionId() {
141
+ return crypto.randomBytes(16).toString('hex');
142
+ }
143
+ async maybeCleanupExpired() {
144
+ this.cleanupInvocationCounter += 1;
145
+ if (this.cleanupInvocationCounter >= this.cleanupEveryCalls) {
146
+ this.cleanupInvocationCounter = 0;
147
+ await this.provider.deleteExpired();
148
+ }
149
+ }
150
+ /**
151
+ * Get the cleanup every calls threshold
152
+ */ get cleanupThreshold() {
153
+ return this.cleanupEveryCalls;
154
+ }
155
+ async generateRefreshToken(userId, deviceId, origin, options) {
156
+ if (!origin || typeof origin !== 'string') {
157
+ throw new Error('SessionManager: Origin parameter is required and must be a non-empty string');
158
+ }
159
+ await this.maybeCleanupExpired();
160
+ const config = this.getConfigForOrigin(origin);
161
+ const algorithm = config.algorithm || DEFAULT_ALGORITHM;
162
+ const jwtKey = this.getJwtKey(config, algorithm, 'sign');
163
+ const sessionId = this.generateSessionId();
164
+ const tokenType = options?.type ?? 'refresh';
165
+ const isRefresh = tokenType === 'refresh';
166
+ const idleLifespan = isRefresh ? config.idleRefreshTokenLifespan : config.idleSessionLifespan;
167
+ const maxLifespan = isRefresh ? config.maxRefreshTokenLifespan : config.maxSessionLifespan;
168
+ const now = Date.now();
169
+ const expiresAt = new Date(now + idleLifespan * 1000);
170
+ const absoluteExpiresAt = new Date(now + maxLifespan * 1000);
171
+ // Create the root record first so createdAt can be used for signing.
172
+ const record = await this.provider.create({
173
+ userId,
174
+ sessionId,
175
+ ...deviceId && {
176
+ deviceId
177
+ },
178
+ origin,
179
+ childId: null,
180
+ type: tokenType,
181
+ status: 'active',
182
+ expiresAt,
183
+ absoluteExpiresAt
184
+ });
185
+ const issuedAtSeconds = Math.floor(new Date(record.createdAt ?? new Date()).getTime() / 1000);
186
+ const expiresAtSeconds = Math.floor(new Date(record.expiresAt).getTime() / 1000);
187
+ const payload = {
188
+ userId,
189
+ sessionId,
190
+ type: 'refresh',
191
+ iat: issuedAtSeconds,
192
+ exp: expiresAtSeconds
193
+ };
194
+ // Filter out conflicting options that are already handled by the payload or used for key selection
195
+ const jwtOptions = config.jwtOptions || {};
196
+ const { expiresIn, privateKey, publicKey, ...jwtSignOptions } = jwtOptions;
197
+ const token = jwt.sign(payload, jwtKey, {
198
+ algorithm,
199
+ noTimestamp: true,
200
+ ...jwtSignOptions
201
+ });
202
+ return {
203
+ token,
204
+ sessionId,
205
+ absoluteExpiresAt: absoluteExpiresAt.toISOString()
206
+ };
207
+ }
208
+ validateAccessToken(token, origin) {
209
+ if (!origin || typeof origin !== 'string') {
210
+ throw new Error('SessionManager: Origin parameter is required and must be a non-empty string');
211
+ }
212
+ try {
213
+ const config = this.getConfigForOrigin(origin);
214
+ const algorithm = config.algorithm || DEFAULT_ALGORITHM;
215
+ const jwtKey = this.getJwtKey(config, algorithm, 'verify');
216
+ const payload = jwt.verify(token, jwtKey, {
217
+ algorithms: [
218
+ algorithm
219
+ ],
220
+ ...config.jwtOptions
221
+ });
222
+ // Ensure this is an access token
223
+ if (!payload || payload.type !== 'access') {
224
+ return {
225
+ isValid: false,
226
+ payload: null
227
+ };
228
+ }
229
+ return {
230
+ isValid: true,
231
+ payload
232
+ };
233
+ } catch (err) {
234
+ return {
235
+ isValid: false,
236
+ payload: null
237
+ };
238
+ }
239
+ }
240
+ async validateRefreshToken(token, origin) {
241
+ if (!origin || typeof origin !== 'string') {
242
+ throw new Error('SessionManager: Origin parameter is required and must be a non-empty string');
243
+ }
244
+ try {
245
+ const config = this.getConfigForOrigin(origin);
246
+ const algorithm = config.algorithm || DEFAULT_ALGORITHM;
247
+ const jwtKey = this.getJwtKey(config, algorithm, 'verify');
248
+ const verifyOptions = {
249
+ algorithms: [
250
+ algorithm
251
+ ],
252
+ ...config.jwtOptions
253
+ };
254
+ const payload = jwt.verify(token, jwtKey, verifyOptions);
255
+ if (payload.type !== 'refresh') {
256
+ return {
257
+ isValid: false
258
+ };
259
+ }
260
+ const session = await this.provider.findBySessionId(payload.sessionId);
261
+ if (!session) {
262
+ return {
263
+ isValid: false
264
+ };
265
+ }
266
+ const now = new Date();
267
+ if (new Date(session.expiresAt) <= now) {
268
+ return {
269
+ isValid: false
270
+ };
271
+ }
272
+ // Absolute family expiry check
273
+ if (session.absoluteExpiresAt && new Date(session.absoluteExpiresAt) <= now) {
274
+ return {
275
+ isValid: false
276
+ };
277
+ }
278
+ // Only 'active' sessions are eligible to create access tokens.
279
+ if (session.status !== 'active') {
280
+ return {
281
+ isValid: false
282
+ };
283
+ }
284
+ if (session.userId !== payload.userId) {
285
+ return {
286
+ isValid: false
287
+ };
288
+ }
289
+ return {
290
+ isValid: true,
291
+ userId: payload.userId,
292
+ sessionId: payload.sessionId
293
+ };
294
+ } catch (error) {
295
+ if (error instanceof jwt.JsonWebTokenError) {
296
+ return {
297
+ isValid: false
298
+ };
299
+ }
300
+ throw error;
301
+ }
302
+ }
303
+ async invalidateRefreshToken(origin, userId, deviceId) {
304
+ await this.provider.deleteBy({
305
+ userId,
306
+ origin,
307
+ deviceId
308
+ });
309
+ }
310
+ async generateAccessToken(refreshToken, origin) {
311
+ if (!origin || typeof origin !== 'string') {
312
+ throw new Error('SessionManager: Origin parameter is required and must be a non-empty string');
313
+ }
314
+ const validation = await this.validateRefreshToken(refreshToken, origin);
315
+ if (!validation.isValid) {
316
+ return {
317
+ error: 'invalid_refresh_token'
318
+ };
319
+ }
320
+ const payload = {
321
+ userId: String(validation.userId),
322
+ sessionId: validation.sessionId,
323
+ type: 'access'
324
+ };
325
+ const config = this.getConfigForOrigin(origin);
326
+ const algorithm = config.algorithm || DEFAULT_ALGORITHM;
327
+ const jwtKey = this.getJwtKey(config, algorithm, 'sign');
328
+ // Filter out conflicting options that are already handled by the payload or used for key selection
329
+ const jwtOptions = config.jwtOptions || {};
330
+ const { expiresIn, privateKey, publicKey, ...jwtSignOptions } = jwtOptions;
331
+ const token = jwt.sign(payload, jwtKey, {
332
+ algorithm,
333
+ expiresIn: config.accessTokenLifespan,
334
+ ...jwtSignOptions
335
+ });
336
+ return {
337
+ token
338
+ };
339
+ }
340
+ async rotateRefreshToken(refreshToken, origin) {
341
+ if (!origin || typeof origin !== 'string') {
342
+ throw new Error('SessionManager: Origin parameter is required and must be a non-empty string');
343
+ }
344
+ try {
345
+ const config = this.getConfigForOrigin(origin);
346
+ const algorithm = config.algorithm || DEFAULT_ALGORITHM;
347
+ const jwtKey = this.getJwtKey(config, algorithm, 'verify');
348
+ const payload = jwt.verify(refreshToken, jwtKey, {
349
+ algorithms: [
350
+ algorithm
351
+ ],
352
+ ...config.jwtOptions
353
+ });
354
+ if (!payload || payload.type !== 'refresh') {
355
+ return {
356
+ error: 'invalid_refresh_token'
357
+ };
358
+ }
359
+ const current = await this.provider.findBySessionId(payload.sessionId);
360
+ if (!current) {
361
+ return {
362
+ error: 'invalid_refresh_token'
363
+ };
364
+ }
365
+ // If parent already has a child, return the same child token
366
+ if (current.childId) {
367
+ const child = await this.provider.findBySessionId(current.childId);
368
+ if (child) {
369
+ const childIat = Math.floor(new Date(child.createdAt ?? new Date()).getTime() / 1000);
370
+ const childExp = Math.floor(new Date(child.expiresAt).getTime() / 1000);
371
+ const childPayload = {
372
+ userId: child.userId,
373
+ sessionId: child.sessionId,
374
+ type: 'refresh',
375
+ iat: childIat,
376
+ exp: childExp
377
+ };
378
+ // Filter out conflicting options that are already handled by the payload
379
+ const { expiresIn, ...jwtSignOptions } = config.jwtOptions || {};
380
+ const childToken = jwt.sign(childPayload, jwtKey, {
381
+ algorithm,
382
+ noTimestamp: true,
383
+ ...jwtSignOptions
384
+ });
385
+ let absoluteExpiresAt;
386
+ if (child.absoluteExpiresAt) {
387
+ absoluteExpiresAt = typeof child.absoluteExpiresAt === 'string' ? child.absoluteExpiresAt : child.absoluteExpiresAt.toISOString();
388
+ } else {
389
+ absoluteExpiresAt = new Date(0).toISOString();
390
+ }
391
+ return {
392
+ token: childToken,
393
+ sessionId: child.sessionId,
394
+ absoluteExpiresAt,
395
+ type: child.type ?? 'refresh'
396
+ };
397
+ }
398
+ }
399
+ const now = Date.now();
400
+ const tokenType = current.type ?? 'refresh';
401
+ const idleLifespan = tokenType === 'refresh' ? config.idleRefreshTokenLifespan : config.idleSessionLifespan;
402
+ // Enforce idle window since creation of the current token
403
+ if (current.createdAt && now - new Date(current.createdAt).getTime() > idleLifespan * 1000) {
404
+ return {
405
+ error: 'idle_window_elapsed'
406
+ };
407
+ }
408
+ // Enforce max family window using absoluteExpiresAt
409
+ const absolute = current.absoluteExpiresAt ? new Date(current.absoluteExpiresAt).getTime() : now;
410
+ if (absolute <= now) {
411
+ return {
412
+ error: 'max_window_elapsed'
413
+ };
414
+ }
415
+ // Create child token
416
+ const childSessionId = this.generateSessionId();
417
+ const childExpiresAt = new Date(now + idleLifespan * 1000);
418
+ const childRecord = await this.provider.create({
419
+ userId: current.userId,
420
+ sessionId: childSessionId,
421
+ ...current.deviceId && {
422
+ deviceId: current.deviceId
423
+ },
424
+ origin: current.origin,
425
+ childId: null,
426
+ type: tokenType,
427
+ status: 'active',
428
+ expiresAt: childExpiresAt,
429
+ absoluteExpiresAt: current.absoluteExpiresAt ?? new Date(absolute)
430
+ });
431
+ const childIat = Math.floor(new Date(childRecord.createdAt ?? new Date()).getTime() / 1000);
432
+ const childExp = Math.floor(new Date(childRecord.expiresAt).getTime() / 1000);
433
+ const payloadOut = {
434
+ userId: current.userId,
435
+ sessionId: childSessionId,
436
+ type: 'refresh',
437
+ iat: childIat,
438
+ exp: childExp
439
+ };
440
+ // Filter out conflicting options that are already handled by the payload
441
+ const { expiresIn, ...jwtSignOptions } = config.jwtOptions || {};
442
+ const childToken = jwt.sign(payloadOut, jwtKey, {
443
+ algorithm,
444
+ noTimestamp: true,
445
+ ...jwtSignOptions
446
+ });
447
+ await this.provider.updateBySessionId(current.sessionId, {
448
+ status: 'rotated',
449
+ childId: childSessionId
450
+ });
451
+ let absoluteExpiresAt;
452
+ if (childRecord.absoluteExpiresAt) {
453
+ absoluteExpiresAt = typeof childRecord.absoluteExpiresAt === 'string' ? childRecord.absoluteExpiresAt : childRecord.absoluteExpiresAt.toISOString();
454
+ } else {
455
+ absoluteExpiresAt = new Date(absolute).toISOString();
456
+ }
457
+ return {
458
+ token: childToken,
459
+ sessionId: childSessionId,
460
+ absoluteExpiresAt,
461
+ type: tokenType
462
+ };
463
+ } catch {
464
+ return {
465
+ error: 'invalid_refresh_token'
466
+ };
467
+ }
468
+ }
469
+ /**
470
+ * Returns true when a session exists and is not expired.
471
+ * If the session exists but is expired, it will be deleted as part of this check.
472
+ */ async isSessionActive(sessionId, origin) {
473
+ const session = await this.provider.findBySessionId(sessionId);
474
+ if (!session) {
475
+ return false;
476
+ }
477
+ if (session.origin !== origin) {
478
+ return false;
479
+ }
480
+ if (new Date(session.expiresAt) <= new Date()) {
481
+ // Clean up expired session eagerly
482
+ await this.provider.deleteBySessionId(sessionId);
483
+ return false;
484
+ }
485
+ return true;
486
+ }
487
+ constructor(provider){
488
+ // Store origin-specific configurations
489
+ this.originConfigs = new Map();
490
+ // Run expired cleanup only every N calls to avoid extra queries
491
+ this.cleanupInvocationCounter = 0;
492
+ this.cleanupEveryCalls = 50;
493
+ this.provider = provider;
494
+ }
495
+ }
496
+ const createDatabaseProvider = (db, contentType)=>{
497
+ return new DatabaseSessionProvider(db, contentType);
498
+ };
499
+ const createSessionManager = ({ db })=>{
500
+ const provider = createDatabaseProvider(db, 'admin::session');
501
+ const sessionManager = new SessionManager(provider);
502
+ // Add callable functionality
503
+ const fluentApi = (origin)=>{
504
+ if (!origin || typeof origin !== 'string') {
505
+ throw new Error('SessionManager: Origin parameter is required and must be a non-empty string');
506
+ }
507
+ return new OriginSessionManager(sessionManager, origin);
508
+ };
509
+ // Attach only the public SessionManagerService API to the callable
510
+ const api = fluentApi;
511
+ api.generateSessionId = sessionManager.generateSessionId.bind(sessionManager);
512
+ api.defineOrigin = sessionManager.defineOrigin.bind(sessionManager);
513
+ api.hasOrigin = sessionManager.hasOrigin.bind(sessionManager);
514
+ // Note: isSessionActive is origin-scoped and exposed on OriginSessionManager only
515
+ // Forward the cleanupThreshold getter (used in tests)
516
+ Object.defineProperty(api, 'cleanupThreshold', {
517
+ get () {
518
+ return sessionManager.cleanupThreshold;
519
+ },
520
+ enumerable: true
521
+ });
522
+ return api;
523
+ };
524
+
525
+ export { createDatabaseProvider, createSessionManager };
526
+ //# sourceMappingURL=session-manager.mjs.map
package/dist/services/session-manager.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"session-manager.mjs","sources":["../../src/services/session-manager.ts"],"sourcesContent":["import crypto from 'crypto';\nimport jwt from 'jsonwebtoken';\nimport type { VerifyOptions, Algorithm } from 'jsonwebtoken';\nimport type { Database } from '@strapi/database';\nimport { DEFAULT_ALGORITHM } from '../constants';\n\nexport interface SessionProvider {\n create(session: SessionData): Promise<SessionData>;\n findBySessionId(sessionId: string): Promise<SessionData | null>;\n updateBySessionId(sessionId: string, data: Partial<SessionData>): Promise<void>;\n deleteBySessionId(sessionId: string): Promise<void>;\n deleteExpired(): Promise<void>;\n deleteBy(criteria: { userId?: string; origin?: string; deviceId?: string }): Promise<void>;\n}\n\nexport interface SessionData {\n id?: string;\n userId: string; // User ID stored as string (key-value store)\n sessionId: string;\n deviceId?: string; // Optional for origins that don't need device tracking\n origin: string;\n childId?: string | null;\n\n type?: 'refresh' | 'session';\n status?: 'active' | 'rotated' | 'revoked';\n expiresAt: Date;\n absoluteExpiresAt?: Date | null;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport interface RefreshTokenPayload {\n userId: string;\n sessionId: string;\n type: 'refresh';\n exp: number;\n iat: number;\n}\n\nexport interface AccessTokenPayload {\n userId: string;\n sessionId: string;\n type: 'access';\n exp: number;\n iat: number;\n}\n\nexport type TokenPayload = RefreshTokenPayload | AccessTokenPayload;\n\nexport interface ValidateRefreshTokenResult {\n isValid: boolean;\n userId?: string;\n sessionId?: string;\n error?:\n | 'invalid_token'\n | 'token_expired'\n | 'session_not_found'\n | 'session_expired'\n | 'wrong_token_type';\n}\n\nclass DatabaseSessionProvider implements SessionProvider {\n private db: Database;\n\n private contentType: string;\n\n constructor(db: Database, contentType: string) {\n this.db = db;\n this.contentType = contentType;\n }\n\n async create(session: SessionData): Promise<SessionData> {\n const result = await this.db.query(this.contentType).create({\n data: session,\n });\n return result as SessionData;\n }\n\n async findBySessionId(sessionId: string): Promise<SessionData | null> {\n const result = await this.db.query(this.contentType).findOne({\n where: { sessionId },\n });\n return result as SessionData | null;\n }\n\n async updateBySessionId(sessionId: string, data: Partial<SessionData>): Promise<void> {\n await this.db.query(this.contentType).update({ where: { sessionId }, data });\n }\n\n async deleteBySessionId(sessionId: string): Promise<void> {\n await this.db.query(this.contentType).delete({\n where: { sessionId },\n });\n }\n\n async deleteExpired(): Promise<void> {\n await this.db.query(this.contentType).deleteMany({\n where: { absoluteExpiresAt: { $lt: new Date() } },\n });\n }\n\n async deleteBy(criteria: { userId?: string; origin?: string; deviceId?: string }): Promise<void> {\n await this.db.query(this.contentType).deleteMany({\n where: {\n ...(criteria.userId ? { userId: criteria.userId } : {}),\n ...(criteria.origin ? { origin: criteria.origin } : {}),\n ...(criteria.deviceId ? { deviceId: criteria.deviceId } : {}),\n },\n });\n }\n}\n\nexport interface SessionManagerConfig {\n jwtSecret?: string;\n accessTokenLifespan: number;\n maxRefreshTokenLifespan: number;\n idleRefreshTokenLifespan: number;\n maxSessionLifespan: number;\n idleSessionLifespan: number;\n algorithm?: Algorithm;\n jwtOptions?: Record<string, unknown>;\n}\n\nclass OriginSessionManager {\n constructor(\n private sessionManager: SessionManager,\n private origin: string\n ) {}\n\n async generateRefreshToken(\n userId: string,\n deviceId: string | undefined,\n options?: { type?: 'refresh' | 'session' }\n ): Promise<{ token: string; sessionId: string; absoluteExpiresAt: string }> {\n return this.sessionManager.generateRefreshToken(userId, deviceId, this.origin, options);\n }\n\n async generateAccessToken(refreshToken: string): Promise<{ token: string } | { error: string }> {\n return this.sessionManager.generateAccessToken(refreshToken, this.origin);\n }\n\n async rotateRefreshToken(refreshToken: string): Promise<\n | {\n token: string;\n sessionId: string;\n absoluteExpiresAt: string;\n type: 'refresh' | 'session';\n }\n | { error: string }\n > {\n return this.sessionManager.rotateRefreshToken(refreshToken, this.origin);\n }\n\n validateAccessToken(\n token: string\n ): { isValid: true; payload: AccessTokenPayload } | { isValid: false; payload: null } {\n return this.sessionManager.validateAccessToken(token, this.origin);\n }\n\n async validateRefreshToken(token: string): Promise<ValidateRefreshTokenResult> {\n return this.sessionManager.validateRefreshToken(token, this.origin);\n }\n\n async invalidateRefreshToken(userId: string, deviceId?: string): Promise<void> {\n return this.sessionManager.invalidateRefreshToken(this.origin, userId, deviceId);\n }\n\n /**\n * Returns true when a session exists and is not expired for this origin.\n * If the session exists but is expired, it will be deleted as part of this check.\n */\n async isSessionActive(sessionId: string): Promise<boolean> {\n return this.sessionManager.isSessionActive(sessionId, this.origin);\n }\n}\n\nclass SessionManager {\n private provider: SessionProvider;\n\n // Store origin-specific configurations\n private originConfigs: Map<string, SessionManagerConfig> = new Map();\n\n // Run expired cleanup only every N calls to avoid extra queries\n private cleanupInvocationCounter: number = 0;\n\n private readonly cleanupEveryCalls: number = 50;\n\n constructor(provider: SessionProvider) {\n this.provider = provider;\n }\n\n /**\n * Define configuration for a specific origin\n */\n defineOrigin(origin: string, config: SessionManagerConfig): void {\n this.originConfigs.set(origin, config);\n }\n\n /**\n * Check if an origin is defined\n */\n hasOrigin(origin: string): boolean {\n return this.originConfigs.has(origin);\n }\n\n /**\n * Get configuration for a specific origin, throw error if not defined\n */\n private getConfigForOrigin(origin: string): SessionManagerConfig {\n const originConfig = this.originConfigs.get(origin);\n if (originConfig) {\n return originConfig;\n }\n throw new Error(\n `SessionManager: Origin '${origin}' is not defined. Please define it using defineOrigin('${origin}', config).`\n );\n }\n\n /**\n * Get the appropriate JWT key based on the algorithm\n */\n private getJwtKey(\n config: SessionManagerConfig,\n algorithm: Algorithm,\n operation: 'sign' | 'verify'\n ): string {\n const isAsymmetric =\n algorithm.startsWith('RS') || algorithm.startsWith('ES') || algorithm.startsWith('PS');\n\n if (isAsymmetric) {\n // For asymmetric algorithms, check if user has provided proper key configuration\n if (operation === 'sign') {\n const privateKey = config.jwtOptions?.privateKey as string;\n if (privateKey) {\n return privateKey;\n }\n throw new Error(\n `SessionManager: Private key is required for asymmetric algorithm ${algorithm}. Please configure admin.auth.options.privateKey.`\n );\n } else {\n const publicKey = config.jwtOptions?.publicKey as string;\n if (publicKey) {\n return publicKey;\n }\n throw new Error(\n `SessionManager: Public key is required for asymmetric algorithm ${algorithm}. Please configure admin.auth.options.publicKey.`\n );\n }\n } else {\n if (!config.jwtSecret) {\n throw new Error(\n `SessionManager: Secret key is required for symmetric algorithm ${algorithm}`\n );\n }\n return config.jwtSecret;\n }\n }\n\n generateSessionId(): string {\n return crypto.randomBytes(16).toString('hex');\n }\n\n private async maybeCleanupExpired(): Promise<void> {\n this.cleanupInvocationCounter += 1;\n if (this.cleanupInvocationCounter >= this.cleanupEveryCalls) {\n this.cleanupInvocationCounter = 0;\n\n await this.provider.deleteExpired();\n }\n }\n\n /**\n * Get the cleanup every calls threshold\n */\n get cleanupThreshold(): number {\n return this.cleanupEveryCalls;\n }\n\n async generateRefreshToken(\n userId: string,\n deviceId: string | undefined,\n origin: string,\n options?: { type?: 'refresh' | 'session' }\n ): Promise<{ token: string; sessionId: string; absoluteExpiresAt: string }> {\n if (!origin || typeof origin !== 'string') {\n throw new Error(\n 'SessionManager: Origin parameter is required and must be a non-empty string'\n );\n }\n\n await this.maybeCleanupExpired();\n\n const config = this.getConfigForOrigin(origin);\n const algorithm = config.algorithm || DEFAULT_ALGORITHM;\n const jwtKey = this.getJwtKey(config, algorithm, 'sign');\n const sessionId = this.generateSessionId();\n const tokenType = options?.type ?? 'refresh';\n const isRefresh = tokenType === 'refresh';\n\n const idleLifespan = isRefresh ? config.idleRefreshTokenLifespan : config.idleSessionLifespan;\n\n const maxLifespan = isRefresh ? config.maxRefreshTokenLifespan : config.maxSessionLifespan;\n\n const now = Date.now();\n const expiresAt = new Date(now + idleLifespan * 1000);\n const absoluteExpiresAt = new Date(now + maxLifespan * 1000);\n\n // Create the root record first so createdAt can be used for signing.\n const record = await this.provider.create({\n userId,\n sessionId,\n ...(deviceId && { deviceId }),\n origin,\n childId: null,\n type: tokenType,\n status: 'active',\n expiresAt,\n absoluteExpiresAt,\n });\n\n const issuedAtSeconds = Math.floor(new Date(record.createdAt ?? new Date()).getTime() / 1000);\n const expiresAtSeconds = Math.floor(new Date(record.expiresAt).getTime() / 1000);\n\n const payload: RefreshTokenPayload = {\n userId,\n sessionId,\n type: 'refresh',\n iat: issuedAtSeconds,\n exp: expiresAtSeconds,\n };\n\n // Filter out conflicting options that are already handled by the payload or used for key selection\n const jwtOptions = config.jwtOptions || {};\n const { expiresIn, privateKey, publicKey, ...jwtSignOptions } = jwtOptions;\n\n const token = jwt.sign(payload, jwtKey, {\n algorithm,\n noTimestamp: true,\n ...jwtSignOptions,\n });\n\n return {\n token,\n sessionId,\n absoluteExpiresAt: absoluteExpiresAt.toISOString(),\n };\n }\n\n validateAccessToken(\n token: string,\n origin: string\n ): { isValid: true; payload: AccessTokenPayload } | { isValid: false; payload: null } {\n if (!origin || typeof origin !== 'string') {\n throw new Error(\n 'SessionManager: Origin parameter is required and must be a non-empty string'\n );\n }\n\n try {\n const config = this.getConfigForOrigin(origin);\n const algorithm = config.algorithm || DEFAULT_ALGORITHM;\n const jwtKey = this.getJwtKey(config, algorithm, 'verify');\n const payload = jwt.verify(token, jwtKey, {\n algorithms: [algorithm],\n ...config.jwtOptions,\n }) as TokenPayload;\n\n // Ensure this is an access token\n if (!payload || payload.type !== 'access') {\n return { isValid: false, payload: null };\n }\n\n return { isValid: true, payload };\n } catch (err) {\n return { isValid: false, payload: null };\n }\n }\n\n async validateRefreshToken(token: string, origin: string): Promise<ValidateRefreshTokenResult> {\n if (!origin || typeof origin !== 'string') {\n throw new Error(\n 'SessionManager: Origin parameter is required and must be a non-empty string'\n );\n }\n\n try {\n const config = this.getConfigForOrigin(origin);\n const algorithm = config.algorithm || DEFAULT_ALGORITHM;\n const jwtKey = this.getJwtKey(config, algorithm, 'verify');\n const verifyOptions: VerifyOptions = {\n algorithms: [algorithm],\n ...config.jwtOptions,\n };\n\n const payload = jwt.verify(token, jwtKey, verifyOptions) as RefreshTokenPayload;\n\n if (payload.type !== 'refresh') {\n return { isValid: false };\n }\n\n const session = await this.provider.findBySessionId(payload.sessionId);\n if (!session) {\n return { isValid: false };\n }\n\n const now = new Date();\n if (new Date(session.expiresAt) <= now) {\n return { isValid: false };\n }\n\n // Absolute family expiry check\n if (session.absoluteExpiresAt && new Date(session.absoluteExpiresAt) <= now) {\n return { isValid: false };\n }\n\n // Only 'active' sessions are eligible to create access tokens.\n if (session.status !== 'active') {\n return { isValid: false };\n }\n\n if (session.userId !== payload.userId) {\n return { isValid: false };\n }\n\n return {\n isValid: true,\n userId: payload.userId,\n sessionId: payload.sessionId,\n };\n } catch (error: any) {\n if (error instanceof jwt.JsonWebTokenError) {\n return { isValid: false };\n }\n\n throw error;\n }\n }\n\n async invalidateRefreshToken(origin: string, userId: string, deviceId?: string): Promise<void> {\n await this.provider.deleteBy({ userId, origin, deviceId });\n }\n\n async generateAccessToken(\n refreshToken: string,\n origin: string\n ): Promise<{ token: string } | { error: string }> {\n if (!origin || typeof origin !== 'string') {\n throw new Error(\n 'SessionManager: Origin parameter is required and must be a non-empty string'\n );\n }\n\n const validation = await this.validateRefreshToken(refreshToken, origin);\n\n if (!validation.isValid) {\n return { error: 'invalid_refresh_token' };\n }\n\n const payload: Omit<AccessTokenPayload, 'iat' | 'exp'> = {\n userId: String(validation.userId!),\n sessionId: validation.sessionId!,\n type: 'access',\n };\n\n const config = this.getConfigForOrigin(origin);\n const algorithm = config.algorithm || DEFAULT_ALGORITHM;\n const jwtKey = this.getJwtKey(config, algorithm, 'sign');\n // Filter out conflicting options that are already handled by the payload or used for key selection\n const jwtOptions = config.jwtOptions || {};\n const { expiresIn, privateKey, publicKey, ...jwtSignOptions } = jwtOptions;\n\n const token = jwt.sign(payload, jwtKey, {\n algorithm,\n expiresIn: config.accessTokenLifespan,\n ...jwtSignOptions,\n });\n\n return { token };\n }\n\n async rotateRefreshToken(\n refreshToken: string,\n origin: string\n ): Promise<\n | {\n token: string;\n sessionId: string;\n absoluteExpiresAt: string;\n type: 'refresh' | 'session';\n }\n | { error: string }\n > {\n if (!origin || typeof origin !== 'string') {\n throw new Error(\n 'SessionManager: Origin parameter is required and must be a non-empty string'\n );\n }\n\n try {\n const config = this.getConfigForOrigin(origin);\n const algorithm = config.algorithm || DEFAULT_ALGORITHM;\n const jwtKey = this.getJwtKey(config, algorithm, 'verify');\n const payload = jwt.verify(refreshToken, jwtKey, {\n algorithms: [algorithm],\n ...config.jwtOptions,\n }) as RefreshTokenPayload;\n\n if (!payload || payload.type !== 'refresh') {\n return { error: 'invalid_refresh_token' };\n }\n\n const current = await this.provider.findBySessionId(payload.sessionId);\n if (!current) {\n return { error: 'invalid_refresh_token' };\n }\n\n // If parent already has a child, return the same child token\n if (current.childId) {\n const child = await this.provider.findBySessionId(current.childId);\n\n if (child) {\n const childIat = Math.floor(new Date(child.createdAt ?? new Date()).getTime() / 1000);\n const childExp = Math.floor(new Date(child.expiresAt).getTime() / 1000);\n\n const childPayload: RefreshTokenPayload = {\n userId: child.userId,\n sessionId: child.sessionId,\n type: 'refresh',\n iat: childIat,\n exp: childExp,\n };\n\n // Filter out conflicting options that are already handled by the payload\n const { expiresIn, ...jwtSignOptions } = config.jwtOptions || {};\n\n const childToken = jwt.sign(childPayload, jwtKey, {\n algorithm,\n noTimestamp: true,\n ...jwtSignOptions,\n });\n\n let absoluteExpiresAt;\n if (child.absoluteExpiresAt) {\n absoluteExpiresAt =\n typeof child.absoluteExpiresAt === 'string'\n ? child.absoluteExpiresAt\n : child.absoluteExpiresAt.toISOString();\n } else {\n absoluteExpiresAt = new Date(0).toISOString();\n }\n\n return {\n token: childToken,\n sessionId: child.sessionId,\n absoluteExpiresAt,\n type: child.type ?? 'refresh',\n };\n }\n }\n\n const now = Date.now();\n const tokenType = current.type ?? 'refresh';\n const idleLifespan =\n tokenType === 'refresh' ? config.idleRefreshTokenLifespan : config.idleSessionLifespan;\n\n // Enforce idle window since creation of the current token\n if (current.createdAt && now - new Date(current.createdAt).getTime() > idleLifespan * 1000) {\n return { error: 'idle_window_elapsed' };\n }\n\n // Enforce max family window using absoluteExpiresAt\n const absolute = current.absoluteExpiresAt\n ? new Date(current.absoluteExpiresAt).getTime()\n : now;\n if (absolute <= now) {\n return { error: 'max_window_elapsed' };\n }\n\n // Create child token\n const childSessionId = this.generateSessionId();\n const childExpiresAt = new Date(now + idleLifespan * 1000);\n\n const childRecord = await this.provider.create({\n userId: current.userId,\n sessionId: childSessionId,\n ...(current.deviceId && { deviceId: current.deviceId }),\n origin: current.origin,\n childId: null,\n type: tokenType,\n status: 'active',\n expiresAt: childExpiresAt,\n absoluteExpiresAt: current.absoluteExpiresAt ?? new Date(absolute),\n });\n\n const childIat = Math.floor(new Date(childRecord.createdAt ?? new Date()).getTime() / 1000);\n const childExp = Math.floor(new Date(childRecord.expiresAt).getTime() / 1000);\n const payloadOut: RefreshTokenPayload = {\n userId: current.userId,\n sessionId: childSessionId,\n type: 'refresh',\n iat: childIat,\n exp: childExp,\n };\n // Filter out conflicting options that are already handled by the payload\n const { expiresIn, ...jwtSignOptions } = config.jwtOptions || {};\n\n const childToken = jwt.sign(payloadOut, jwtKey, {\n algorithm,\n noTimestamp: true,\n ...jwtSignOptions,\n });\n\n await this.provider.updateBySessionId(current.sessionId, {\n status: 'rotated',\n childId: childSessionId,\n });\n\n let absoluteExpiresAt;\n if (childRecord.absoluteExpiresAt) {\n absoluteExpiresAt =\n typeof childRecord.absoluteExpiresAt === 'string'\n ? childRecord.absoluteExpiresAt\n : childRecord.absoluteExpiresAt.toISOString();\n } else {\n absoluteExpiresAt = new Date(absolute).toISOString();\n }\n\n return {\n token: childToken,\n sessionId: childSessionId,\n absoluteExpiresAt,\n type: tokenType,\n };\n } catch {\n return { error: 'invalid_refresh_token' };\n }\n }\n\n /**\n * Returns true when a session exists and is not expired.\n * If the session exists but is expired, it will be deleted as part of this check.\n */\n async isSessionActive(sessionId: string, origin: string): Promise<boolean> {\n const session = await this.provider.findBySessionId(sessionId);\n if (!session) {\n return false;\n }\n\n if (session.origin !== origin) {\n return false;\n }\n\n if (new Date(session.expiresAt) <= new Date()) {\n // Clean up expired session eagerly\n await this.provider.deleteBySessionId(sessionId);\n\n return false;\n }\n\n return true;\n }\n}\n\nconst createDatabaseProvider = (db: Database, contentType: string): SessionProvider => {\n return new DatabaseSessionProvider(db, contentType);\n};\n\nconst createSessionManager = ({\n db,\n}: {\n db: Database;\n}): SessionManager & ((origin: string) => OriginSessionManager) => {\n const provider = createDatabaseProvider(db, 'admin::session');\n const sessionManager = new SessionManager(provider);\n\n // Add callable functionality\n const fluentApi = (origin: string): OriginSessionManager => {\n if (!origin || typeof origin !== 'string') {\n throw new Error(\n 'SessionManager: Origin parameter is required and must be a non-empty string'\n );\n }\n return new OriginSessionManager(sessionManager, origin);\n };\n\n // Attach only the public SessionManagerService API to the callable\n const api = fluentApi as unknown as any;\n api.generateSessionId = sessionManager.generateSessionId.bind(sessionManager);\n api.defineOrigin = sessionManager.defineOrigin.bind(sessionManager);\n api.hasOrigin = sessionManager.hasOrigin.bind(sessionManager);\n // Note: isSessionActive is origin-scoped and exposed on OriginSessionManager only\n\n // Forward the cleanupThreshold getter (used in tests)\n Object.defineProperty(api, 'cleanupThreshold', {\n get() {\n return sessionManager.cleanupThreshold;\n },\n enumerable: true,\n });\n\n return api as SessionManager & ((origin: string) => OriginSessionManager);\n};\n\nexport { createSessionManager, createDatabaseProvider };\n"],"names":["DatabaseSessionProvider","create","session","result","db","query","contentType","data","findBySessionId","sessionId","findOne","where","updateBySessionId","update","deleteBySessionId","delete","deleteExpired","deleteMany","absoluteExpiresAt","$lt","Date","deleteBy","criteria","userId","origin","deviceId","OriginSessionManager","generateRefreshToken","options","sessionManager","generateAccessToken","refreshToken","rotateRefreshToken","validateAccessToken","token","validateRefreshToken","invalidateRefreshToken","isSessionActive","SessionManager","defineOrigin","config","originConfigs","set","hasOrigin","has","getConfigForOrigin","originConfig","get","Error","algorithm","operation","isAsymmetric","startsWith","privateKey","jwtOptions","publicKey","jwtSecret","generateSessionId","crypto","randomBytes","toString","maybeCleanupExpired","cleanupInvocationCounter","cleanupEveryCalls","provider","cleanupThreshold","DEFAULT_ALGORITHM","jwtKey","getJwtKey","tokenType","type","isRefresh","idleLifespan","idleRefreshTokenLifespan","idleSessionLifespan","maxLifespan","maxRefreshTokenLifespan","maxSessionLifespan","now","expiresAt","record","childId","status","issuedAtSeconds","Math","floor","createdAt","getTime","expiresAtSeconds","payload","iat","exp","expiresIn","jwtSignOptions","jwt","sign","noTimestamp","toISOString","verify","algorithms","isValid","err","verifyOptions","error","JsonWebTokenError","validation","String","accessTokenLifespan","current","child","childIat","childExp","childPayload","childToken","absolute","childSessionId","childExpiresAt","childRecord","payloadOut","Map","createDatabaseProvider","createSessionManager","fluentApi","api","bind","Object","defineProperty","enumerable"],"mappings":";;;;AA6DA,MAAMA,uBAAAA,CAAAA;IAUJ,MAAMC,MAAAA,CAAOC,OAAoB,EAAwB;AACvD,QAAA,MAAMC,MAAS,GAAA,MAAM,IAAI,CAACC,EAAE,CAACC,KAAK,CAAC,IAAI,CAACC,WAAW,CAAA,CAAEL,MAAM,CAAC;YAC1DM,IAAML,EAAAA;AACR,SAAA,CAAA;QACA,OAAOC,MAAAA;AACT;IAEA,MAAMK,eAAAA,CAAgBC,SAAiB,EAA+B;AACpE,QAAA,MAAMN,MAAS,GAAA,MAAM,IAAI,CAACC,EAAE,CAACC,KAAK,CAAC,IAAI,CAACC,WAAW,CAAA,CAAEI,OAAO,CAAC;YAC3DC,KAAO,EAAA;AAAEF,gBAAAA;AAAU;AACrB,SAAA,CAAA;QACA,OAAON,MAAAA;AACT;AAEA,IAAA,MAAMS,iBAAkBH,CAAAA,SAAiB,EAAEF,IAA0B,EAAiB;QACpF,MAAM,IAAI,CAACH,EAAE,CAACC,KAAK,CAAC,IAAI,CAACC,WAAW,CAAEO,CAAAA,MAAM,CAAC;YAAEF,KAAO,EAAA;AAAEF,gBAAAA;AAAU,aAAA;AAAGF,YAAAA;AAAK,SAAA,CAAA;AAC5E;IAEA,MAAMO,iBAAAA,CAAkBL,SAAiB,EAAiB;QACxD,MAAM,IAAI,CAACL,EAAE,CAACC,KAAK,CAAC,IAAI,CAACC,WAAW,CAAES,CAAAA,MAAM,CAAC;YAC3CJ,KAAO,EAAA;AAAEF,gBAAAA;AAAU;AACrB,SAAA,CAAA;AACF;AAEA,IAAA,MAAMO,aAA+B,GAAA;QACnC,MAAM,IAAI,CAACZ,EAAE,CAACC,KAAK,CAAC,IAAI,CAACC,WAAW,CAAEW,CAAAA,UAAU,CAAC;YAC/CN,KAAO,EAAA;gBAAEO,iBAAmB,EAAA;AAAEC,oBAAAA,GAAAA,EAAK,IAAIC,IAAAA;AAAO;AAAE;AAClD,SAAA,CAAA;AACF;IAEA,MAAMC,QAAAA,CAASC,QAAiE,EAAiB;QAC/F,MAAM,IAAI,CAAClB,EAAE,CAACC,KAAK,CAAC,IAAI,CAACC,WAAW,CAAEW,CAAAA,UAAU,CAAC;YAC/CN,KAAO,EAAA;gBACL,GAAIW,QAAAA,CAASC,MAAM,GAAG;AAAEA,oBAAAA,MAAAA,EAAQD,SAASC;AAAO,iBAAA,GAAI,EAAE;gBACtD,GAAID,QAAAA,CAASE,MAAM,GAAG;AAAEA,oBAAAA,MAAAA,EAAQF,SAASE;AAAO,iBAAA,GAAI,EAAE;gBACtD,GAAIF,QAAAA,CAASG,QAAQ,GAAG;AAAEA,oBAAAA,QAAAA,EAAUH,SAASG;AAAS,iBAAA,GAAI;AAC5D;AACF,SAAA,CAAA;AACF;IA3CA,WAAYrB,CAAAA,EAAY,EAAEE,WAAmB,CAAE;QAC7C,IAAI,CAACF,EAAE,GAAGA,EAAAA;QACV,IAAI,CAACE,WAAW,GAAGA,WAAAA;AACrB;AAyCF;AAaA,MAAMoB,oBAAAA,CAAAA;AAMJ,IAAA,MAAMC,qBACJJ,MAAc,EACdE,QAA4B,EAC5BG,OAA0C,EACgC;QAC1E,OAAO,IAAI,CAACC,cAAc,CAACF,oBAAoB,CAACJ,MAAAA,EAAQE,QAAU,EAAA,IAAI,CAACD,MAAM,EAAEI,OAAAA,CAAAA;AACjF;IAEA,MAAME,mBAAAA,CAAoBC,YAAoB,EAAkD;QAC9F,OAAO,IAAI,CAACF,cAAc,CAACC,mBAAmB,CAACC,YAAAA,EAAc,IAAI,CAACP,MAAM,CAAA;AAC1E;IAEA,MAAMQ,kBAAAA,CAAmBD,YAAoB,EAQ3C;QACA,OAAO,IAAI,CAACF,cAAc,CAACG,kBAAkB,CAACD,YAAAA,EAAc,IAAI,CAACP,MAAM,CAAA;AACzE;AAEAS,IAAAA,mBAAAA,CACEC,KAAa,EACuE;QACpF,OAAO,IAAI,CAACL,cAAc,CAACI,mBAAmB,CAACC,KAAAA,EAAO,IAAI,CAACV,MAAM,CAAA;AACnE;IAEA,MAAMW,oBAAAA,CAAqBD,KAAa,EAAuC;QAC7E,OAAO,IAAI,CAACL,cAAc,CAACM,oBAAoB,CAACD,KAAAA,EAAO,IAAI,CAACV,MAAM,CAAA;AACpE;AAEA,IAAA,MAAMY,sBAAuBb,CAAAA,MAAc,EAAEE,QAAiB,EAAiB;QAC7E,OAAO,IAAI,CAACI,cAAc,CAACO,sBAAsB,CAAC,IAAI,CAACZ,MAAM,EAAED,MAAQE,EAAAA,QAAAA,CAAAA;AACzE;AAEA;;;MAIA,MAAMY,eAAgB5B,CAAAA,SAAiB,EAAoB;QACzD,OAAO,IAAI,CAACoB,cAAc,CAACQ,eAAe,CAAC5B,SAAAA,EAAW,IAAI,CAACe,MAAM,CAAA;AACnE;AAjDA,IAAA,WAAA,CACE,cAAsC,EAC9BA,MAAc,CACtB;aAFQK,cAAAA,GAAAA,cAAAA;aACAL,MAAAA,GAAAA,MAAAA;AACP;AA+CL;AAEA,MAAMc,cAAAA,CAAAA;AAeJ;;AAEC,MACDC,YAAaf,CAAAA,MAAc,EAAEgB,MAA4B,EAAQ;AAC/D,QAAA,IAAI,CAACC,aAAa,CAACC,GAAG,CAAClB,MAAQgB,EAAAA,MAAAA,CAAAA;AACjC;AAEA;;MAGAG,SAAAA,CAAUnB,MAAc,EAAW;AACjC,QAAA,OAAO,IAAI,CAACiB,aAAa,CAACG,GAAG,CAACpB,MAAAA,CAAAA;AAChC;AAEA;;MAGQqB,kBAAmBrB,CAAAA,MAAc,EAAwB;AAC/D,QAAA,MAAMsB,eAAe,IAAI,CAACL,aAAa,CAACM,GAAG,CAACvB,MAAAA,CAAAA;AAC5C,QAAA,IAAIsB,YAAc,EAAA;YAChB,OAAOA,YAAAA;AACT;QACA,MAAM,IAAIE,KACR,CAAA,CAAC,wBAAwB,EAAExB,OAAO,uDAAuD,EAAEA,MAAO,CAAA,WAAW,CAAC,CAAA;AAElH;AAEA;;AAEC,MACD,SACEgB,CAAAA,MAA4B,EAC5BS,SAAoB,EACpBC,SAA4B,EACpB;QACR,MAAMC,YAAAA,GACJF,SAAUG,CAAAA,UAAU,CAAC,IAAA,CAAA,IAASH,SAAUG,CAAAA,UAAU,CAAC,IAAA,CAAA,IAASH,SAAUG,CAAAA,UAAU,CAAC,IAAA,CAAA;AAEnF,QAAA,IAAID,YAAc,EAAA;;AAEhB,YAAA,IAAID,cAAc,MAAQ,EAAA;gBACxB,MAAMG,UAAAA,GAAab,MAAOc,CAAAA,UAAU,EAAED,UAAAA;AACtC,gBAAA,IAAIA,UAAY,EAAA;oBACd,OAAOA,UAAAA;AACT;AACA,gBAAA,MAAM,IAAIL,KACR,CAAA,CAAC,iEAAiE,EAAEC,SAAAA,CAAU,iDAAiD,CAAC,CAAA;aAE7H,MAAA;gBACL,MAAMM,SAAAA,GAAYf,MAAOc,CAAAA,UAAU,EAAEC,SAAAA;AACrC,gBAAA,IAAIA,SAAW,EAAA;oBACb,OAAOA,SAAAA;AACT;AACA,gBAAA,MAAM,IAAIP,KACR,CAAA,CAAC,gEAAgE,EAAEC,SAAAA,CAAU,gDAAgD,CAAC,CAAA;AAElI;SACK,MAAA;YACL,IAAI,CAACT,MAAOgB,CAAAA,SAAS,EAAE;AACrB,gBAAA,MAAM,IAAIR,KAAAA,CACR,CAAC,+DAA+D,EAAEC,SAAW,CAAA,CAAA,CAAA;AAEjF;AACA,YAAA,OAAOT,OAAOgB,SAAS;AACzB;AACF;IAEAC,iBAA4B,GAAA;AAC1B,QAAA,OAAOC,MAAOC,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AACzC;AAEA,IAAA,MAAcC,mBAAqC,GAAA;QACjD,IAAI,CAACC,wBAAwB,IAAI,CAAA;AACjC,QAAA,IAAI,IAAI,CAACA,wBAAwB,IAAI,IAAI,CAACC,iBAAiB,EAAE;YAC3D,IAAI,CAACD,wBAAwB,GAAG,CAAA;AAEhC,YAAA,MAAM,IAAI,CAACE,QAAQ,CAAChD,aAAa,EAAA;AACnC;AACF;AAEA;;AAEC,MACD,IAAIiD,gBAA2B,GAAA;QAC7B,OAAO,IAAI,CAACF,iBAAiB;AAC/B;IAEA,MAAMpC,oBAAAA,CACJJ,MAAc,EACdE,QAA4B,EAC5BD,MAAc,EACdI,OAA0C,EACgC;AAC1E,QAAA,IAAI,CAACJ,MAAAA,IAAU,OAAOA,MAAAA,KAAW,QAAU,EAAA;AACzC,YAAA,MAAM,IAAIwB,KACR,CAAA,6EAAA,CAAA;AAEJ;QAEA,MAAM,IAAI,CAACa,mBAAmB,EAAA;AAE9B,QAAA,MAAMrB,MAAS,GAAA,IAAI,CAACK,kBAAkB,CAACrB,MAAAA,CAAAA;QACvC,MAAMyB,SAAAA,GAAYT,MAAOS,CAAAA,SAAS,IAAIiB,iBAAAA;AACtC,QAAA,MAAMC,SAAS,IAAI,CAACC,SAAS,CAAC5B,QAAQS,SAAW,EAAA,MAAA,CAAA;QACjD,MAAMxC,SAAAA,GAAY,IAAI,CAACgD,iBAAiB,EAAA;QACxC,MAAMY,SAAAA,GAAYzC,SAAS0C,IAAQ,IAAA,SAAA;AACnC,QAAA,MAAMC,YAAYF,SAAc,KAAA,SAAA;AAEhC,QAAA,MAAMG,eAAeD,SAAY/B,GAAAA,MAAAA,CAAOiC,wBAAwB,GAAGjC,OAAOkC,mBAAmB;AAE7F,QAAA,MAAMC,cAAcJ,SAAY/B,GAAAA,MAAAA,CAAOoC,uBAAuB,GAAGpC,OAAOqC,kBAAkB;QAE1F,MAAMC,GAAAA,GAAM1D,KAAK0D,GAAG,EAAA;AACpB,QAAA,MAAMC,SAAY,GAAA,IAAI3D,IAAK0D,CAAAA,GAAAA,GAAMN,YAAe,GAAA,IAAA,CAAA;AAChD,QAAA,MAAMtD,iBAAoB,GAAA,IAAIE,IAAK0D,CAAAA,GAAAA,GAAMH,WAAc,GAAA,IAAA,CAAA;;AAGvD,QAAA,MAAMK,SAAS,MAAM,IAAI,CAAChB,QAAQ,CAAC/D,MAAM,CAAC;AACxCsB,YAAAA,MAAAA;AACAd,YAAAA,SAAAA;AACA,YAAA,GAAIgB,QAAY,IAAA;AAAEA,gBAAAA;aAAU;AAC5BD,YAAAA,MAAAA;YACAyD,OAAS,EAAA,IAAA;YACTX,IAAMD,EAAAA,SAAAA;YACNa,MAAQ,EAAA,QAAA;AACRH,YAAAA,SAAAA;AACA7D,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMiE,eAAkBC,GAAAA,IAAAA,CAAKC,KAAK,CAAC,IAAIjE,IAAAA,CAAK4D,MAAOM,CAAAA,SAAS,IAAI,IAAIlE,IAAQmE,EAAAA,CAAAA,CAAAA,OAAO,EAAK,GAAA,IAAA,CAAA;QACxF,MAAMC,gBAAAA,GAAmBJ,IAAKC,CAAAA,KAAK,CAAC,IAAIjE,KAAK4D,MAAOD,CAAAA,SAAS,CAAEQ,CAAAA,OAAO,EAAK,GAAA,IAAA,CAAA;AAE3E,QAAA,MAAME,OAA+B,GAAA;AACnClE,YAAAA,MAAAA;AACAd,YAAAA,SAAAA;YACA6D,IAAM,EAAA,SAAA;YACNoB,GAAKP,EAAAA,eAAAA;YACLQ,GAAKH,EAAAA;AACP,SAAA;;AAGA,QAAA,MAAMlC,UAAad,GAAAA,MAAAA,CAAOc,UAAU,IAAI,EAAC;QACzC,MAAM,EAAEsC,SAAS,EAAEvC,UAAU,EAAEE,SAAS,EAAE,GAAGsC,cAAAA,EAAgB,GAAGvC,UAAAA;AAEhE,QAAA,MAAMpB,KAAQ4D,GAAAA,GAAAA,CAAIC,IAAI,CAACN,SAAStB,MAAQ,EAAA;AACtClB,YAAAA,SAAAA;YACA+C,WAAa,EAAA,IAAA;AACb,YAAA,GAAGH;AACL,SAAA,CAAA;QAEA,OAAO;AACL3D,YAAAA,KAAAA;AACAzB,YAAAA,SAAAA;AACAS,YAAAA,iBAAAA,EAAmBA,kBAAkB+E,WAAW;AAClD,SAAA;AACF;IAEAhE,mBACEC,CAAAA,KAAa,EACbV,MAAc,EACsE;AACpF,QAAA,IAAI,CAACA,MAAAA,IAAU,OAAOA,MAAAA,KAAW,QAAU,EAAA;AACzC,YAAA,MAAM,IAAIwB,KACR,CAAA,6EAAA,CAAA;AAEJ;QAEA,IAAI;AACF,YAAA,MAAMR,MAAS,GAAA,IAAI,CAACK,kBAAkB,CAACrB,MAAAA,CAAAA;YACvC,MAAMyB,SAAAA,GAAYT,MAAOS,CAAAA,SAAS,IAAIiB,iBAAAA;AACtC,YAAA,MAAMC,SAAS,IAAI,CAACC,SAAS,CAAC5B,QAAQS,SAAW,EAAA,QAAA,CAAA;AACjD,YAAA,MAAMwC,OAAUK,GAAAA,GAAAA,CAAII,MAAM,CAAChE,OAAOiC,MAAQ,EAAA;gBACxCgC,UAAY,EAAA;AAAClD,oBAAAA;AAAU,iBAAA;AACvB,gBAAA,GAAGT,OAAOc;AACZ,aAAA,CAAA;;AAGA,YAAA,IAAI,CAACmC,OAAAA,IAAWA,OAAQnB,CAAAA,IAAI,KAAK,QAAU,EAAA;gBACzC,OAAO;oBAAE8B,OAAS,EAAA,KAAA;oBAAOX,OAAS,EAAA;AAAK,iBAAA;AACzC;YAEA,OAAO;gBAAEW,OAAS,EAAA,IAAA;AAAMX,gBAAAA;AAAQ,aAAA;AAClC,SAAA,CAAE,OAAOY,GAAK,EAAA;YACZ,OAAO;gBAAED,OAAS,EAAA,KAAA;gBAAOX,OAAS,EAAA;AAAK,aAAA;AACzC;AACF;AAEA,IAAA,MAAMtD,oBAAqBD,CAAAA,KAAa,EAAEV,MAAc,EAAuC;AAC7F,QAAA,IAAI,CAACA,MAAAA,IAAU,OAAOA,MAAAA,KAAW,QAAU,EAAA;AACzC,YAAA,MAAM,IAAIwB,KACR,CAAA,6EAAA,CAAA;AAEJ;QAEA,IAAI;AACF,YAAA,MAAMR,MAAS,GAAA,IAAI,CAACK,kBAAkB,CAACrB,MAAAA,CAAAA;YACvC,MAAMyB,SAAAA,GAAYT,MAAOS,CAAAA,SAAS,IAAIiB,iBAAAA;AACtC,YAAA,MAAMC,SAAS,IAAI,CAACC,SAAS,CAAC5B,QAAQS,SAAW,EAAA,QAAA,CAAA;AACjD,YAAA,MAAMqD,aAA+B,GAAA;gBACnCH,UAAY,EAAA;AAAClD,oBAAAA;AAAU,iBAAA;AACvB,gBAAA,GAAGT,OAAOc;AACZ,aAAA;AAEA,YAAA,MAAMmC,OAAUK,GAAAA,GAAAA,CAAII,MAAM,CAAChE,OAAOiC,MAAQmC,EAAAA,aAAAA,CAAAA;YAE1C,IAAIb,OAAAA,CAAQnB,IAAI,KAAK,SAAW,EAAA;gBAC9B,OAAO;oBAAE8B,OAAS,EAAA;AAAM,iBAAA;AAC1B;YAEA,MAAMlG,OAAAA,GAAU,MAAM,IAAI,CAAC8D,QAAQ,CAACxD,eAAe,CAACiF,OAAAA,CAAQhF,SAAS,CAAA;AACrE,YAAA,IAAI,CAACP,OAAS,EAAA;gBACZ,OAAO;oBAAEkG,OAAS,EAAA;AAAM,iBAAA;AAC1B;AAEA,YAAA,MAAMtB,MAAM,IAAI1D,IAAAA,EAAAA;AAChB,YAAA,IAAI,IAAIA,IAAAA,CAAKlB,OAAQ6E,CAAAA,SAAS,KAAKD,GAAK,EAAA;gBACtC,OAAO;oBAAEsB,OAAS,EAAA;AAAM,iBAAA;AAC1B;;YAGA,IAAIlG,OAAAA,CAAQgB,iBAAiB,IAAI,IAAIE,KAAKlB,OAAQgB,CAAAA,iBAAiB,KAAK4D,GAAK,EAAA;gBAC3E,OAAO;oBAAEsB,OAAS,EAAA;AAAM,iBAAA;AAC1B;;YAGA,IAAIlG,OAAAA,CAAQgF,MAAM,KAAK,QAAU,EAAA;gBAC/B,OAAO;oBAAEkB,OAAS,EAAA;AAAM,iBAAA;AAC1B;AAEA,YAAA,IAAIlG,OAAQqB,CAAAA,MAAM,KAAKkE,OAAAA,CAAQlE,MAAM,EAAE;gBACrC,OAAO;oBAAE6E,OAAS,EAAA;AAAM,iBAAA;AAC1B;YAEA,OAAO;gBACLA,OAAS,EAAA,IAAA;AACT7E,gBAAAA,MAAAA,EAAQkE,QAAQlE,MAAM;AACtBd,gBAAAA,SAAAA,EAAWgF,QAAQhF;AACrB,aAAA;AACF,SAAA,CAAE,OAAO8F,KAAY,EAAA;YACnB,IAAIA,KAAAA,YAAiBT,GAAIU,CAAAA,iBAAiB,EAAE;gBAC1C,OAAO;oBAAEJ,OAAS,EAAA;AAAM,iBAAA;AAC1B;YAEA,MAAMG,KAAAA;AACR;AACF;AAEA,IAAA,MAAMnE,uBAAuBZ,MAAc,EAAED,MAAc,EAAEE,QAAiB,EAAiB;AAC7F,QAAA,MAAM,IAAI,CAACuC,QAAQ,CAAC3C,QAAQ,CAAC;AAAEE,YAAAA,MAAAA;AAAQC,YAAAA,MAAAA;AAAQC,YAAAA;AAAS,SAAA,CAAA;AAC1D;AAEA,IAAA,MAAMK,mBACJC,CAAAA,YAAoB,EACpBP,MAAc,EACkC;AAChD,QAAA,IAAI,CAACA,MAAAA,IAAU,OAAOA,MAAAA,KAAW,QAAU,EAAA;AACzC,YAAA,MAAM,IAAIwB,KACR,CAAA,6EAAA,CAAA;AAEJ;AAEA,QAAA,MAAMyD,aAAa,MAAM,IAAI,CAACtE,oBAAoB,CAACJ,YAAcP,EAAAA,MAAAA,CAAAA;QAEjE,IAAI,CAACiF,UAAWL,CAAAA,OAAO,EAAE;YACvB,OAAO;gBAAEG,KAAO,EAAA;AAAwB,aAAA;AAC1C;AAEA,QAAA,MAAMd,OAAmD,GAAA;YACvDlE,MAAQmF,EAAAA,MAAAA,CAAOD,WAAWlF,MAAM,CAAA;AAChCd,YAAAA,SAAAA,EAAWgG,WAAWhG,SAAS;YAC/B6D,IAAM,EAAA;AACR,SAAA;AAEA,QAAA,MAAM9B,MAAS,GAAA,IAAI,CAACK,kBAAkB,CAACrB,MAAAA,CAAAA;QACvC,MAAMyB,SAAAA,GAAYT,MAAOS,CAAAA,SAAS,IAAIiB,iBAAAA;AACtC,QAAA,MAAMC,SAAS,IAAI,CAACC,SAAS,CAAC5B,QAAQS,SAAW,EAAA,MAAA,CAAA;;AAEjD,QAAA,MAAMK,UAAad,GAAAA,MAAAA,CAAOc,UAAU,IAAI,EAAC;QACzC,MAAM,EAAEsC,SAAS,EAAEvC,UAAU,EAAEE,SAAS,EAAE,GAAGsC,cAAAA,EAAgB,GAAGvC,UAAAA;AAEhE,QAAA,MAAMpB,KAAQ4D,GAAAA,GAAAA,CAAIC,IAAI,CAACN,SAAStB,MAAQ,EAAA;AACtClB,YAAAA,SAAAA;AACA2C,YAAAA,SAAAA,EAAWpD,OAAOmE,mBAAmB;AACrC,YAAA,GAAGd;AACL,SAAA,CAAA;QAEA,OAAO;AAAE3D,YAAAA;AAAM,SAAA;AACjB;AAEA,IAAA,MAAMF,kBACJD,CAAAA,YAAoB,EACpBP,MAAc,EASd;AACA,QAAA,IAAI,CAACA,MAAAA,IAAU,OAAOA,MAAAA,KAAW,QAAU,EAAA;AACzC,YAAA,MAAM,IAAIwB,KACR,CAAA,6EAAA,CAAA;AAEJ;QAEA,IAAI;AACF,YAAA,MAAMR,MAAS,GAAA,IAAI,CAACK,kBAAkB,CAACrB,MAAAA,CAAAA;YACvC,MAAMyB,SAAAA,GAAYT,MAAOS,CAAAA,SAAS,IAAIiB,iBAAAA;AACtC,YAAA,MAAMC,SAAS,IAAI,CAACC,SAAS,CAAC5B,QAAQS,SAAW,EAAA,QAAA,CAAA;AACjD,YAAA,MAAMwC,OAAUK,GAAAA,GAAAA,CAAII,MAAM,CAACnE,cAAcoC,MAAQ,EAAA;gBAC/CgC,UAAY,EAAA;AAAClD,oBAAAA;AAAU,iBAAA;AACvB,gBAAA,GAAGT,OAAOc;AACZ,aAAA,CAAA;AAEA,YAAA,IAAI,CAACmC,OAAAA,IAAWA,OAAQnB,CAAAA,IAAI,KAAK,SAAW,EAAA;gBAC1C,OAAO;oBAAEiC,KAAO,EAAA;AAAwB,iBAAA;AAC1C;YAEA,MAAMK,OAAAA,GAAU,MAAM,IAAI,CAAC5C,QAAQ,CAACxD,eAAe,CAACiF,OAAAA,CAAQhF,SAAS,CAAA;AACrE,YAAA,IAAI,CAACmG,OAAS,EAAA;gBACZ,OAAO;oBAAEL,KAAO,EAAA;AAAwB,iBAAA;AAC1C;;YAGA,IAAIK,OAAAA,CAAQ3B,OAAO,EAAE;gBACnB,MAAM4B,KAAAA,GAAQ,MAAM,IAAI,CAAC7C,QAAQ,CAACxD,eAAe,CAACoG,OAAAA,CAAQ3B,OAAO,CAAA;AAEjE,gBAAA,IAAI4B,KAAO,EAAA;AACT,oBAAA,MAAMC,QAAW1B,GAAAA,IAAAA,CAAKC,KAAK,CAAC,IAAIjE,IAAAA,CAAKyF,KAAMvB,CAAAA,SAAS,IAAI,IAAIlE,IAAQmE,EAAAA,CAAAA,CAAAA,OAAO,EAAK,GAAA,IAAA,CAAA;oBAChF,MAAMwB,QAAAA,GAAW3B,IAAKC,CAAAA,KAAK,CAAC,IAAIjE,KAAKyF,KAAM9B,CAAAA,SAAS,CAAEQ,CAAAA,OAAO,EAAK,GAAA,IAAA,CAAA;AAElE,oBAAA,MAAMyB,YAAoC,GAAA;AACxCzF,wBAAAA,MAAAA,EAAQsF,MAAMtF,MAAM;AACpBd,wBAAAA,SAAAA,EAAWoG,MAAMpG,SAAS;wBAC1B6D,IAAM,EAAA,SAAA;wBACNoB,GAAKoB,EAAAA,QAAAA;wBACLnB,GAAKoB,EAAAA;AACP,qBAAA;;oBAGA,MAAM,EAAEnB,SAAS,EAAE,GAAGC,gBAAgB,GAAGrD,MAAAA,CAAOc,UAAU,IAAI,EAAC;AAE/D,oBAAA,MAAM2D,UAAanB,GAAAA,GAAAA,CAAIC,IAAI,CAACiB,cAAc7C,MAAQ,EAAA;AAChDlB,wBAAAA,SAAAA;wBACA+C,WAAa,EAAA,IAAA;AACb,wBAAA,GAAGH;AACL,qBAAA,CAAA;oBAEA,IAAI3E,iBAAAA;oBACJ,IAAI2F,KAAAA,CAAM3F,iBAAiB,EAAE;wBAC3BA,iBACE,GAAA,OAAO2F,KAAM3F,CAAAA,iBAAiB,KAAK,QAAA,GAC/B2F,KAAM3F,CAAAA,iBAAiB,GACvB2F,KAAAA,CAAM3F,iBAAiB,CAAC+E,WAAW,EAAA;qBACpC,MAAA;wBACL/E,iBAAoB,GAAA,IAAIE,IAAK,CAAA,CAAA,CAAA,CAAG6E,WAAW,EAAA;AAC7C;oBAEA,OAAO;wBACL/D,KAAO+E,EAAAA,UAAAA;AACPxG,wBAAAA,SAAAA,EAAWoG,MAAMpG,SAAS;AAC1BS,wBAAAA,iBAAAA;wBACAoD,IAAMuC,EAAAA,KAAAA,CAAMvC,IAAI,IAAI;AACtB,qBAAA;AACF;AACF;YAEA,MAAMQ,GAAAA,GAAM1D,KAAK0D,GAAG,EAAA;YACpB,MAAMT,SAAAA,GAAYuC,OAAQtC,CAAAA,IAAI,IAAI,SAAA;AAClC,YAAA,MAAME,eACJH,SAAc,KAAA,SAAA,GAAY7B,OAAOiC,wBAAwB,GAAGjC,OAAOkC,mBAAmB;;AAGxF,YAAA,IAAIkC,OAAQtB,CAAAA,SAAS,IAAIR,GAAAA,GAAM,IAAI1D,IAAAA,CAAKwF,OAAQtB,CAAAA,SAAS,CAAEC,CAAAA,OAAO,EAAKf,GAAAA,YAAAA,GAAe,IAAM,EAAA;gBAC1F,OAAO;oBAAE+B,KAAO,EAAA;AAAsB,iBAAA;AACxC;;YAGA,MAAMW,QAAAA,GAAWN,OAAQ1F,CAAAA,iBAAiB,GACtC,IAAIE,KAAKwF,OAAQ1F,CAAAA,iBAAiB,CAAEqE,CAAAA,OAAO,EAC3CT,GAAAA,GAAAA;AACJ,YAAA,IAAIoC,YAAYpC,GAAK,EAAA;gBACnB,OAAO;oBAAEyB,KAAO,EAAA;AAAqB,iBAAA;AACvC;;YAGA,MAAMY,cAAAA,GAAiB,IAAI,CAAC1D,iBAAiB,EAAA;AAC7C,YAAA,MAAM2D,cAAiB,GAAA,IAAIhG,IAAK0D,CAAAA,GAAAA,GAAMN,YAAe,GAAA,IAAA,CAAA;AAErD,YAAA,MAAM6C,cAAc,MAAM,IAAI,CAACrD,QAAQ,CAAC/D,MAAM,CAAC;AAC7CsB,gBAAAA,MAAAA,EAAQqF,QAAQrF,MAAM;gBACtBd,SAAW0G,EAAAA,cAAAA;gBACX,GAAIP,OAAAA,CAAQnF,QAAQ,IAAI;AAAEA,oBAAAA,QAAAA,EAAUmF,QAAQnF;iBAAU;AACtDD,gBAAAA,MAAAA,EAAQoF,QAAQpF,MAAM;gBACtByD,OAAS,EAAA,IAAA;gBACTX,IAAMD,EAAAA,SAAAA;gBACNa,MAAQ,EAAA,QAAA;gBACRH,SAAWqC,EAAAA,cAAAA;AACXlG,gBAAAA,iBAAAA,EAAmB0F,OAAQ1F,CAAAA,iBAAiB,IAAI,IAAIE,IAAK8F,CAAAA,QAAAA;AAC3D,aAAA,CAAA;AAEA,YAAA,MAAMJ,QAAW1B,GAAAA,IAAAA,CAAKC,KAAK,CAAC,IAAIjE,IAAAA,CAAKiG,WAAY/B,CAAAA,SAAS,IAAI,IAAIlE,IAAQmE,EAAAA,CAAAA,CAAAA,OAAO,EAAK,GAAA,IAAA,CAAA;YACtF,MAAMwB,QAAAA,GAAW3B,IAAKC,CAAAA,KAAK,CAAC,IAAIjE,KAAKiG,WAAYtC,CAAAA,SAAS,CAAEQ,CAAAA,OAAO,EAAK,GAAA,IAAA,CAAA;AACxE,YAAA,MAAM+B,UAAkC,GAAA;AACtC/F,gBAAAA,MAAAA,EAAQqF,QAAQrF,MAAM;gBACtBd,SAAW0G,EAAAA,cAAAA;gBACX7C,IAAM,EAAA,SAAA;gBACNoB,GAAKoB,EAAAA,QAAAA;gBACLnB,GAAKoB,EAAAA;AACP,aAAA;;YAEA,MAAM,EAAEnB,SAAS,EAAE,GAAGC,gBAAgB,GAAGrD,MAAAA,CAAOc,UAAU,IAAI,EAAC;AAE/D,YAAA,MAAM2D,UAAanB,GAAAA,GAAAA,CAAIC,IAAI,CAACuB,YAAYnD,MAAQ,EAAA;AAC9ClB,gBAAAA,SAAAA;gBACA+C,WAAa,EAAA,IAAA;AACb,gBAAA,GAAGH;AACL,aAAA,CAAA;YAEA,MAAM,IAAI,CAAC7B,QAAQ,CAACpD,iBAAiB,CAACgG,OAAAA,CAAQnG,SAAS,EAAE;gBACvDyE,MAAQ,EAAA,SAAA;gBACRD,OAASkC,EAAAA;AACX,aAAA,CAAA;YAEA,IAAIjG,iBAAAA;YACJ,IAAImG,WAAAA,CAAYnG,iBAAiB,EAAE;gBACjCA,iBACE,GAAA,OAAOmG,WAAYnG,CAAAA,iBAAiB,KAAK,QAAA,GACrCmG,WAAYnG,CAAAA,iBAAiB,GAC7BmG,WAAAA,CAAYnG,iBAAiB,CAAC+E,WAAW,EAAA;aAC1C,MAAA;gBACL/E,iBAAoB,GAAA,IAAIE,IAAK8F,CAAAA,QAAAA,CAAAA,CAAUjB,WAAW,EAAA;AACpD;YAEA,OAAO;gBACL/D,KAAO+E,EAAAA,UAAAA;gBACPxG,SAAW0G,EAAAA,cAAAA;AACXjG,gBAAAA,iBAAAA;gBACAoD,IAAMD,EAAAA;AACR,aAAA;AACF,SAAA,CAAE,OAAM;YACN,OAAO;gBAAEkC,KAAO,EAAA;AAAwB,aAAA;AAC1C;AACF;AAEA;;;AAGC,MACD,MAAMlE,eAAAA,CAAgB5B,SAAiB,EAAEe,MAAc,EAAoB;AACzE,QAAA,MAAMtB,UAAU,MAAM,IAAI,CAAC8D,QAAQ,CAACxD,eAAe,CAACC,SAAAA,CAAAA;AACpD,QAAA,IAAI,CAACP,OAAS,EAAA;YACZ,OAAO,KAAA;AACT;QAEA,IAAIA,OAAAA,CAAQsB,MAAM,KAAKA,MAAQ,EAAA;YAC7B,OAAO,KAAA;AACT;AAEA,QAAA,IAAI,IAAIJ,IAAKlB,CAAAA,OAAAA,CAAQ6E,SAAS,CAAA,IAAK,IAAI3D,IAAQ,EAAA,EAAA;;AAE7C,YAAA,MAAM,IAAI,CAAC4C,QAAQ,CAAClD,iBAAiB,CAACL,SAAAA,CAAAA;YAEtC,OAAO,KAAA;AACT;QAEA,OAAO,IAAA;AACT;AAzdA,IAAA,WAAA,CAAYuD,QAAyB,CAAE;;AAP/BvB,QAAAA,IAAAA,CAAAA,aAAAA,GAAmD,IAAI8E,GAAAA,EAAAA;;aAGvDzD,wBAAmC,GAAA,CAAA;aAE1BC,iBAA4B,GAAA,EAAA;QAG3C,IAAI,CAACC,QAAQ,GAAGA,QAAAA;AAClB;AAwdF;AAEMwD,MAAAA,sBAAAA,GAAyB,CAACpH,EAAcE,EAAAA,WAAAA,GAAAA;IAC5C,OAAO,IAAIN,wBAAwBI,EAAIE,EAAAA,WAAAA,CAAAA;AACzC;AAEA,MAAMmH,oBAAuB,GAAA,CAAC,EAC5BrH,EAAE,EAGH,GAAA;IACC,MAAM4D,QAAAA,GAAWwD,uBAAuBpH,EAAI,EAAA,gBAAA,CAAA;IAC5C,MAAMyB,cAAAA,GAAiB,IAAIS,cAAe0B,CAAAA,QAAAA,CAAAA;;AAG1C,IAAA,MAAM0D,YAAY,CAAClG,MAAAA,GAAAA;AACjB,QAAA,IAAI,CAACA,MAAAA,IAAU,OAAOA,MAAAA,KAAW,QAAU,EAAA;AACzC,YAAA,MAAM,IAAIwB,KACR,CAAA,6EAAA,CAAA;AAEJ;QACA,OAAO,IAAItB,qBAAqBG,cAAgBL,EAAAA,MAAAA,CAAAA;AAClD,KAAA;;AAGA,IAAA,MAAMmG,GAAMD,GAAAA,SAAAA;AACZC,IAAAA,GAAAA,CAAIlE,iBAAiB,GAAG5B,cAAAA,CAAe4B,iBAAiB,CAACmE,IAAI,CAAC/F,cAAAA,CAAAA;AAC9D8F,IAAAA,GAAAA,CAAIpF,YAAY,GAAGV,cAAAA,CAAeU,YAAY,CAACqF,IAAI,CAAC/F,cAAAA,CAAAA;AACpD8F,IAAAA,GAAAA,CAAIhF,SAAS,GAAGd,cAAAA,CAAec,SAAS,CAACiF,IAAI,CAAC/F,cAAAA,CAAAA;;;IAI9CgG,MAAOC,CAAAA,cAAc,CAACH,GAAAA,EAAK,kBAAoB,EAAA;AAC7C5E,QAAAA,GAAAA,CAAAA,GAAAA;AACE,YAAA,OAAOlB,eAAeoC,gBAAgB;AACxC,SAAA;QACA8D,UAAY,EAAA;AACd,KAAA,CAAA;IAEA,OAAOJ,GAAAA;AACT;;;;"}
package/dist/services/webhook-runner.js CHANGED
@@ -1,10 +1,10 @@
1
1
  'use strict';
2
2
 
3
- var createDebugger = require('debug');
3
+ var createDebug = require('debug');
4
4
  var _ = require('lodash');
5
5
  var workerQueue = require('./worker-queue.js');
6
6
 
7
- const debug = createDebugger('strapi:webhook');
7
+ const debug = createDebug('strapi:webhook');
8
8
  const defaultConfiguration = {
9
9
  defaultHeaders: {}
10
10
  };