@tachybase/plugin-auth-oidc 0.23.8

package/.turbo/turbo-build.log

@@ -0,0 +1,12 @@
+
+
+> @tachybase/plugin-auth-oidc@0.23.2 build /Users/seal/Documents/projects/tachybase/packages/plugin-auth-oidc
+> tachybase-build --no-dts @tachybase/plugin-auth-oidc
+
+The CJS build of Vite's Node API is deprecated. See https://vitejs.dev/guide/troubleshooting.html#vite-cjs-node-api-deprecated for more details.
+@tachybase/plugin-auth-oidc: plugin-auth-oidc build start
+@tachybase/plugin-auth-oidc: build plugin client
+@tachybase/plugin-auth-oidc: build plugin server source
+@tachybase/plugin-auth-oidc: delete server files
+@tachybase/plugin-auth-oidc: build plugin server dependencies
+@tachybase/plugin-auth-oidc: These packages openid-client, nanoid will be bundled to dist/node_modules. These packages @tachybase/auth, @tachybase/module-auth, @tachybase/server, @tachybase/actions will be exclude.

package/README.md

@@ -0,0 +1,11 @@
+# oidc
+
+English | [中文](./README.zh-CN.md)
+
+## 安装激活
+
+```bash
+yarn pm enable oidc
+```
+
+## 使用方法

package/README.zh-CN.md

@@ -0,0 +1,38 @@
+# OIDC
+提供标准Open ConnectID接入登录功能。  
+本插件登录流程使用**授权码模式 (Authorization Code Flow)**.
+
+## 依赖
+- `@tachybase/module-auth` 提供表，模型函数复用等
+
+## 使用方法
+> 以Sign in with Google为例  
+> https://developers.google.com/identity/openid-connect/openid-connect
+
+### 获取Google OAuth 2.0凭据
+[Google Cloud控制台](https://console.cloud.google.com/apis/credentials) - 创建凭据 - OAuth客户端ID
+
+<img src="https://s2.loli.net/2023/06/19/8KPGut6noqgBlDL.png"/>  
+
+进入到配置界面，填写**授权重定向URL**. 重定向URL可以在Tachybase，新增认证器时获取，通常情况下为`http(s)://host:port/api/oidc:redirect`.
+
+<img src="https://s2.loli.net/2023/06/19/cB1Mv3SAOa7H6Vb.png"/>
+
+完成后复制**客户端ID**和**客户端密钥**。
+
+### 在TachyBase上新增认证器
+插件设置 - 认证 - 新增 - OIDC
+
+<img src="https://s2.loli.net/2023/06/19/sBMURatC372GyEd.png"/>
+依次填写  
+
+- Issuer - issuer由IdP提供，通常以`/.well-known/openid-configuration`结尾，Google的为[https://accounts.google.com/.well-known/openid-configuration](https://accounts.google.com/.well-known/openid-configuration)
+- Client ID - 客户端ID
+- Client Secret - 客户端密钥
+- scope - 选填，默认为openid email profile
+- id_token signed response algorithm - id_token的签名方法，默认为RS256
+- HTTP - 回调地址是否为http协议，默认https
+- Port - 回调地址端口，默认为443/80
+- Field Map - 如果需要将用户相关字段映射，可以在这里配置，默认昵称为openid.
+
+在有email的情况下，登录时将尝试匹配已有用户，否则创建新用户。

package/client.d.ts

@@ -0,0 +1,2 @@
+export * from './dist/client';
+export { default } from './dist/client';

package/client.js

@@ -0,0 +1 @@
+module.exports = require('./dist/client/index.js');

package/dist/client/OIDCButton.d.ts

@@ -0,0 +1,9 @@
+import React from 'react';
+import { Authenticator } from '@tachybase/module-auth/client';
+export interface OIDCProvider {
+    clientId: string;
+    title: string;
+}
+export declare const OIDCButton: ({ authenticator }: {
+    authenticator: Authenticator;
+}) => React.JSX.Element;

package/dist/client/Options.d.ts

@@ -0,0 +1,2 @@
+import React from 'react';
+export declare const Options: () => React.JSX.Element;

package/dist/client/index.d.ts

@@ -0,0 +1,5 @@
+import { Plugin } from '@tachybase/client';
+export declare class OidcPlugin extends Plugin {
+    load(): Promise<void>;
+}
+export default OidcPlugin;

package/dist/client/index.js

@@ -0,0 +1,3 @@
+(function(e,o){typeof exports=="object"&&typeof module!="undefined"?o(exports,require("@tachybase/client"),require("@tachybase/module-auth/client"),require("react/jsx-runtime"),require("react"),require("@ant-design/icons"),require("antd"),require("react-router-dom"),require("react-i18next"),require("@tachybase/components"),require("@tachybase/schema")):typeof define=="function"&&define.amd?define(["exports","@tachybase/client","@tachybase/module-auth/client","react/jsx-runtime","react","@ant-design/icons","antd","react-router-dom","react-i18next","@tachybase/components","@tachybase/schema"],o):(e=typeof globalThis!="undefined"?globalThis:e||self,o(e["@tachybase/plugin-auth-oidc"]={},e["@tachybase/client"],e["@tachybase/module-auth"],e.jsxRuntime,e.react,e["@ant-design/icons"],e.antd,e["react-router-dom"],e["react-i18next"],e["@tachybase/components"],e["@tachybase/schema"]))})(this,function(e,o,l,a,u,x,c,h,n,m,P){"use strict";var v=(e,o,l)=>new Promise((a,u)=>{var x=n=>{try{h(l.next(n))}catch(m){u(m)}},c=n=>{try{h(l.throw(n))}catch(m){u(m)}},h=n=>n.done?a(n.value):Promise.resolve(n.value).then(x,c);h((l=l.apply(e,o)).next())});const k="OIDC",f="oidc";function t(r){return o.i18n.t(r,{ns:f})}function S(){return n.useTranslation(f)}const C=({authenticator:r})=>{const{t:d}=S(),b=o.useAPIClient(),I=h.useLocation(),i=new URLSearchParams(I.search),y=i.get("redirect"),g=()=>v(this,null,function*(){var F;const s=yield b.request({method:"post",url:"oidc:getAuthUrl",headers:{"X-Authenticator":r.name},data:{redirect:y}}),p=(F=s==null?void 0:s.data)==null?void 0:F.data;window.location.replace(p)});return u.useEffect(()=>{const s=i.get("authenticator"),p=i.get("error");if(s===r.name&&p){c.message.error(d(p));return}}),a.jsx(c.Space,{direction:"vertical",className:o.css`
+        display: flex;
+      `,children:a.jsx(c.Button,{shape:"round",block:!0,icon:a.jsx(x.LoginOutlined,{}),onClick:g,children:d(r.title)})})},A={type:"object",properties:{public:{type:"object",properties:{autoSignup:{"x-decorator":"FormItem",type:"boolean",title:'{{t("Sign up automatically when the user does not exist")}}',"x-component":"Checkbox",default:!0}}},oidc:{type:"object",properties:{collapse:{type:"void","x-component":"FormTab",properties:{basic:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:t("Basic configuration")},properties:{issuer:{type:"string",title:'{{t("Issuer")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientId:{type:"string",title:'{{t("Client ID")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientSecret:{type:"string",title:'{{t("Client Secret")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},scope:{type:"string",title:'{{t("scope")}}',"x-component":"Input","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Default: openid profile email")}}'}},idTokenSignedResponseAlg:{type:"string",title:'{{t("id_token signed response algorithm")}}',"x-component":"Select","x-decorator":"FormItem",enum:[{label:"HS256",value:"HS256"},{label:"HS384",value:"HS384"},{label:"HS512",value:"HS512"},{label:"RS256",value:"RS256"},{label:"RS384",value:"RS384"},{label:"RS512",value:"RS512"},{label:"ES256",value:"ES256"},{label:"ES384",value:"ES384"},{label:"ES512",value:"ES512"},{label:"PS256",value:"PS256"},{label:"PS384",value:"PS384"},{label:"PS512",value:"PS512"}]}}},mapping:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:t("Field mapping")},properties:{fieldMap:{title:'{{t("Field Map")}}',type:"array","x-decorator":"FormItem","x-component":"ArrayItems",items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{source:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("source")}}'}},target:{type:"string","x-decorator":"FormItem","x-component":"Select","x-component-props":{placeholder:'{{t("target")}}'},enum:[{label:t("Nickname"),value:"nickname"},{label:t("Email"),value:"email"},{label:t("Phone"),value:"phone"},{label:t("Username"),value:"username"}]},remove:{type:"void","x-decorator":"FormItem","x-component":"ArrayItems.Remove"}}}}},properties:{add:{type:"void",title:"Add","x-component":"ArrayItems.Addition"}}},userBindField:{type:"string",title:'{{t("Use this field to bind the user")}}',"x-component":"Select","x-decorator":"FormItem",default:"email",enum:[{label:t("Email"),value:"email"},{label:t("Username"),value:"username"}],required:!0}}},advanced:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:t("Advanced configuration")},properties:{http:{type:"boolean",title:'{{t("HTTP")}}',"x-component":"Checkbox","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Check if TachyBase is running on HTTP protocol")}}'}},port:{type:"number",title:'{{t("Port")}}',"x-component":"InputNumber","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("The port number of the TachyBase service if it is not 80 or 443")}}'},"x-component-props":{style:{width:"15%",minWidth:"100px"}}},stateToken:{type:"string",title:'{{t("State token")}}',"x-component":"Input","x-decorator":"FormItem",description:t("The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.")},exchangeBodyKeys:{type:"array",title:'{{t("Pass parameters in the authorization code grant exchange")}}',"x-decorator":"FormItem","x-component":"ArrayItems",default:[{paramName:"",optionsKey:"clientId"},{paramName:"",optionsKey:"clientSecret"}],items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{enabled:{type:"boolean","x-decorator":"FormItem","x-component":"Checkbox"},optionsKey:{type:"string","x-decorator":"FormItem","x-decorator-props":{style:{width:"100px"}},"x-component":"Select","x-read-pretty":!0,enum:[{label:t("Client ID"),value:"clientId"},{label:t("Client Secret"),value:"clientSecret"}]},paramName:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("Parameter name")}}'}}}}}}},userInfoMethod:{type:"string",title:'{{t("Method to call the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"GET",enum:[{label:"GET",value:"GET"},{label:"POST",value:"POST"}],"x-reactions":[{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "query"}}',fulfill:{state:{value:"GET"}}},{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "body"}}',fulfill:{state:{value:"POST"}}}]},accessTokenVia:{type:"string",title:'{{t("Where to put the access token when calling the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"header",enum:[{label:t("Header"),value:"header"},{label:t("Body (Use with POST method)"),value:"body"},{label:t("Query parameters (Use with GET method)"),value:"query"}]}}}}}}},usage:{type:"void","x-component":"Usage"}}},q=P.observer(()=>{const{t:r}=S(),d=o.useApp(),b=u.useMemo(()=>{var p;const i=d.getOptions(),y=(p=i==null?void 0:i.apiClient)==null?void 0:p.baseURL,{protocol:g,host:s}=window.location;return y.startsWith("http")?`${y}oidc:redirect`:`${g}//${s}${y}oidc:redirect`},[d]),I=i=>{navigator.clipboard.writeText(i),c.message.success(r("Copied"))};return a.jsx(c.Card,{title:r("Usage"),type:"inner",children:a.jsx(o.FormItem,{label:r("Redirect URL"),children:a.jsx(o.Input,{value:b,disabled:!0,addonBefore:a.jsx(x.CopyOutlined,{onClick:()=>I(b)})})})})},{displayName:"Usage"}),E=()=>{const{t:r}=S();return a.jsx(o.SchemaComponent,{scope:{t:r},components:{Usage:q,ArrayItems:m.ArrayItems,Space:c.Space,FormTab:m.FormTab},schema:A})};class T extends o.Plugin{load(){return v(this,null,function*(){this.app.pm.get(l).registerType(k,{components:{SignInButton:C,AdminSettingsForm:E}})})}}e.OidcPlugin=T,e.default=T,Object.defineProperties(e,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}})});

package/dist/client/locale/index.d.ts

@@ -0,0 +1,3 @@
+export declare const NAMESPACE = "oidc";
+export declare function lang(key: string): string;
+export declare function useOidcTranslation(): import("react-i18next").UseTranslationResponse<"oidc", undefined>;

package/dist/constants.d.ts

@@ -0,0 +1,3 @@
+export declare const authType = "OIDC";
+export declare const cookieName = "tachybase_oidc";
+export declare const namespace: string;

package/dist/constants.js

@@ -0,0 +1,34 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name2 in all)
+    __defProp(target, name2, { get: all[name2], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var constants_exports = {};
+__export(constants_exports, {
+  authType: () => authType,
+  cookieName: () => cookieName,
+  namespace: () => namespace
+});
+module.exports = __toCommonJS(constants_exports);
+var import_package = require("../package.json");
+const authType = "OIDC";
+const cookieName = "tachybase_oidc";
+const namespace = import_package.name;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  authType,
+  cookieName,
+  namespace
+});

package/dist/externalVersion.js

@@ -0,0 +1,14 @@
+module.exports = {
+  "react": "18.3.1",
+  "@tachybase/client": "0.23.8",
+  "@tachybase/module-auth": "0.23.8",
+  "@ant-design/icons": "5.3.7",
+  "antd": "5.22.5",
+  "react-router-dom": "6.28.1",
+  "@tachybase/components": "0.23.8",
+  "@tachybase/schema": "0.23.8",
+  "@tachybase/auth": "0.23.8",
+  "@tachybase/server": "0.23.8",
+  "react-i18next": "15.2.0",
+  "@tachybase/actions": "0.23.8"
+};

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from './server';
+export { default } from './server';

package/dist/index.js

@@ -0,0 +1,39 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var src_exports = {};
+__export(src_exports, {
+  default: () => import_server.default
+});
+module.exports = __toCommonJS(src_exports);
+__reExport(src_exports, require("./server"), module.exports);
+var import_server = __toESM(require("./server"));
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ...require("./server")
+});

package/dist/locale/en-US.json

@@ -0,0 +1,40 @@
+{
+  "Access token endpoint": "Access token endpoint",
+  "Add provider": "Add",
+  "Advanced configuration": "Advanced configuration",
+  "Authorization endpoint": "Authorization endpoint",
+  "Basic configuration": "Basic configuration",
+  "Body (Use with POST method)": "Body (Use with POST method)",
+  "Check if TachyBase is running on HTTP protocol": "Check if TachyBase is running on HTTP protocol",
+  "Client id": "Client id",
+  "Client secret": "Client secret",
+  "Delete provider": "Delete",
+  "Edit provider": "Edit",
+  "Enable": "Enable",
+  "Field mapping": "Field mapping",
+  "Header": "Header",
+  "Id token sign alg": "Id token sign alg",
+  "Issuer": "Issuer",
+  "JWKS endpoint": "JWKS endpoint",
+  "Logout endpoint": "Logout endpoint",
+  "Method to call the user info endpoint": "Method to call the user info endpoint",
+  "OIDC Providers": "OIDC Providers",
+  "OIDC manager": "OIDC manager",
+  "Openid configuration": "Openid configuration",
+  "Parameter name": "Parameter name",
+  "Pass parameters in the authorization code grant exchange": "Pass parameters in the authorization code grant exchange",
+  "Provider name": "Name",
+  "Query parameters (Use with GET method)": "Query parameters (Use with GET method)",
+  "Redirect URL": "Redirect URL",
+  "Redirect url": "Redirect url",
+  "Sign in button name, which will be displayed on the sign in page": "Sign in button name, which will be displayed on the sign in page",
+  "Sign up automatically when the user does not exist": "Sign up automatically when the user does not exist",
+  "The port number of the TachyBase service if it is not 80 or 443": "The port number of the TachyBase service if it is not 80 or 443",
+  "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.": "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.",
+  "Usage": "Usage",
+  "Use this field to bind the user": "Use this field to bind the user",
+  "User not found": "User not found",
+  "Userinfo endpoint": "Userinfo endpoint",
+  "Username must be 2-16 characters in length (excluding @.<>\"'/)": "Username must be 2-16 characters in length (excluding @.<>\"'/)",
+  "Where to put the access token when calling the user info endpoint": "Where to put the access token when calling the user info endpoint"
+}

package/dist/locale/es-ES.json

@@ -0,0 +1,25 @@
+{
+  "Access token endpoint": "Endpoint de token de acceso",
+  "Actions": "Acciones",
+  "Add provider": "Añadir Proveedor",
+  "Authorization endpoint": "Endpoint de autorización ",
+  "Button title": "Título del botón",
+  "Client id": "Id de cliente",
+  "Client secret": "Secreto del cliente",
+  "Delete": "Borrar",
+  "Delete provider": "Borrar Proveedor",
+  "Edit": "Editar",
+  "Edit provider": "Editar Proveedor",
+  "Enable": "Activar",
+  "Id token sign alg": "Id token sign alg",
+  "Issuer": "Emisor",
+  "JWKS endpoint": "Endpoint de JWKS",
+  "Logout endpoint": "Endpoint de cierre de sesión",
+  "OIDC Providers": "Proveedores OIDC",
+  "OIDC manager": "Gestor OIDC",
+  "Openid configuration": "Configuración Openid",
+  "Provider name": "Nombre",
+  "Redirect url": "Redirect url",
+  "Sign in button name, which will be displayed on the sign in page": "Nombre del botón de inicio de sesión, que se mostrará en la página de inicio de sesión",
+  "Userinfo endpoint": "Userinfo endpoint"
+}

package/dist/locale/fr-FR.json

@@ -0,0 +1,21 @@
+{
+  "Access token endpoint": "Access token endpoint",
+  "Add provider": "Ajouter",
+  "Authorization endpoint": "Authorization endpoint",
+  "Client id": "Client id",
+  "Client secret": "Client secret",
+  "Delete provider": "Supprimer",
+  "Edit provider": "Modifier",
+  "Enable": "Activer",
+  "Id token sign alg": "Id token sign alg",
+  "Issuer": "Issuer",
+  "JWKS endpoint": "JWKS endpoint",
+  "Logout endpoint": "Logout endpoint",
+  "OIDC Providers": "OIDC Providers",
+  "OIDC manager": "OIDC manager",
+  "Openid configuration": "Openid configuration",
+  "Provider name": "Nom",
+  "Redirect url": "Redirect url",
+  "Sign in button name, which will be displayed on the sign in page": "Nom du bouton de connexion, qui sera affiché sur la page de connexion",
+  "Userinfo endpoint": "Userinfo endpoint"
+}

package/dist/locale/ko_KR.json

@@ -0,0 +1,28 @@
+{
+  "Actions": "작업",
+  "Advanced configuration": "고급 설정",
+  "Basic configuration": "기본 설정",
+  "Body (Use with POST method)": "바디 (POST 방식과 함께 사용)",
+  "Check if TachyBase is running on HTTP protocol": "TachyBase가 HTTP 프로토콜에서 실행 중인지 확인",
+  "Copied": "복사됨",
+  "Delete": "삭제",
+  "Edit": "편집",
+  "Enable": "활성화",
+  "Field Map": "필드 매핑",
+  "Field mapping": "필드 매핑",
+  "Header": "헤더 (기본값)",
+  "Method to call the user info endpoint": "사용자 정보 엔드포인트를 호출하는 방법",
+  "Parameter name": "매개 변수 이름",
+  "Pass parameters in the authorization code grant exchange": "권한 부여 코드 교환 중에 매개 변수를 전달",
+  "Query parameters (Use with GET method)": "쿼리 매개 변수 (GET 방식과 함께 사용)",
+  "Redirect URL": "리디렉션 URL",
+  "Sign up automatically when the user does not exist": "사용자가 존재하지 않을 때 자동으로 가입",
+  "The port number of the TachyBase service if it is not 80 or 443": "TachyBase 서비스의 포트 번호, 기본값은 443/80",
+  "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.": "상태 토큰은 CSRF 공격을 방지하는 데 도움이 됩니다. 자동으로 무작위로 생성하려면 비워 두는 것이 좋습니다.",
+  "Usage": "사용 방법",
+  "Use this field to bind the user": "이 필드를 사용하여 사용자를 바인딩합니다",
+  "User not found": "사용자를 찾을 수 없음",
+  "Username must be 2-16 characters in length (excluding @.<>\"'/)": "사용자 이름은 2-16 자여야합니다 (@.<>\"'/ 제외)",
+  "Where to put the access token when calling the user info endpoint": "사용자 정보 엔드포인트를 호출할 때 access_token을 어디에 두어야 하는지",
+  "id_token signed response algorithm": "id_token 서명 응답 알고리즘"
+}

package/dist/locale/pt-BR.json

@@ -0,0 +1,21 @@
+{
+  "Access token endpoint": "Endpoint de token de acesso",
+  "Add provider": "Adicionar",
+  "Authorization endpoint": "Endpoint de autorização",
+  "Client id": "ID do cliente",
+  "Client secret": "Segredo do cliente",
+  "Delete provider": "Excluir",
+  "Edit provider": "Editar",
+  "Enable": "Habilitar",
+  "Id token sign alg": "Algoritmo de assinatura do token de ID",
+  "Issuer": "Emissor",
+  "JWKS endpoint": "Endpoint JWKS",
+  "Logout endpoint": "Endpoint de logout",
+  "OIDC Providers": "Provedores OIDC",
+  "OIDC manager": "Gerenciador OIDC",
+  "Openid configuration": "Configuração OpenID",
+  "Provider name": "Nome do provedor",
+  "Redirect url": "URL de redirecionamento",
+  "Sign in button name, which will be displayed on the sign in page": "Nome do botão de login, que será exibido na página de login",
+  "Userinfo endpoint": "Endpoint de informações do usuário"
+}

package/dist/locale/zh-CN.json

@@ -0,0 +1,28 @@
+{
+  "Actions": "操作",
+  "Advanced configuration": "高级配置",
+  "Basic configuration": "基础配置",
+  "Body (Use with POST method)": "请求体（Body, 配合 POST 方法使用）",
+  "Check if TachyBase is running on HTTP protocol": "TachyBase 应用为HTTP协议时勾选",
+  "Copied": "已复制",
+  "Delete": "删除",
+  "Edit": "编辑",
+  "Enable": "启用",
+  "Field Map": "字段映射",
+  "Field mapping": "字段映射",
+  "Header": "请求头 (Header, 默认)",
+  "Method to call the user info endpoint": "访问获取用户信息的 API 的 HTTP 方法",
+  "Parameter name": "参数名",
+  "Pass parameters in the authorization code grant exchange": "使用 code 交换 token 时需要传递的参数",
+  "Query parameters (Use with GET method)": "请求 URL 参数（Query, 配合 GET 方法使用）",
+  "Redirect URL": "回调 URL",
+  "Sign up automatically when the user does not exist": "用户不存在时自动注册",
+  "The port number of the TachyBase service if it is not 80 or 443": "TachyBase 应用端口，默认 443/80",
+  "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.": "state token 用于防止 CSRF 攻击，建议留空使用自动生成的随机值。",
+  "Usage": "使用",
+  "Use this field to bind the user": "使用此字段绑定用户",
+  "User not found": "用户不存在",
+  "Username must be 2-16 characters in length (excluding @.<>\"'/)": "用户名必须为2-16个字符并且不包含@.<>\"'/）",
+  "Where to put the access token when calling the user info endpoint": "访问获取用户信息的 API 时 access_token 的传递方式",
+  "id_token signed response algorithm": "id_token签名算法"
+}

package/dist/node_modules/nanoid/.devcontainer.json

@@ -0,0 +1,23 @@
+{
+  "image": "localhost/ai-opensource:latest",
+  "forwardPorts": [],
+  "mounts": [
+    {
+      "source": "pnpm-store",
+      "target": "/home/ai/.local/share/pnpm/store",
+      "type": "volume"
+    },
+    {
+      "source": "shell-history",
+      "target": "/home/ai/.local/share/history/",
+      "type": "volume"
+    }
+  ],
+  "workspaceMount": "",
+  "runArgs": [
+    "--userns=keep-id:uid=1000,gid=1000",
+    "--volume=${localWorkspaceFolder}:/workspaces/${localWorkspaceFolderBasename}:Z",
+    "--network=host",
+    "--ulimit=host"
+  ]
+}

package/dist/node_modules/nanoid/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright 2017 Andrey Sitnik <andrey@sitnik.ru>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/dist/node_modules/nanoid/async/index.browser.cjs

@@ -0,0 +1,69 @@
+let random = async bytes => crypto.getRandomValues(new Uint8Array(bytes))
+
+let customAlphabet = (alphabet, defaultSize = 21) => {
+  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
+  // values closer to the alphabet size. The bitmask calculates the closest
+  // `2^31 - 1` number, which exceeds the alphabet size.
+  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
+  // `Math.clz32` is not used, because it is not available in browsers.
+  let mask = (2 << (Math.log(alphabet.length - 1) / Math.LN2)) - 1
+  // Though, the bitmask solution is not perfect since the bytes exceeding
+  // the alphabet size are refused. Therefore, to reliably generate the ID,
+  // the random bytes redundancy has to be satisfied.
+
+  // Note: every hardware random generator call is performance expensive,
+  // because the system call for entropy collection takes a lot of time.
+  // So, to avoid additional system calls, extra bytes are requested in advance.
+
+  // Next, a step determines how many random bytes to generate.
+  // The number of random bytes gets decided upon the ID size, mask,
+  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
+  // according to benchmarks).
+
+  // `-~f => Math.ceil(f)` if f is a float
+  // `-~i => i + 1` if i is an integer
+  let step = -~((1.6 * mask * defaultSize) / alphabet.length)
+
+  return async (size = defaultSize) => {
+    let id = ''
+    while (true) {
+      let bytes = crypto.getRandomValues(new Uint8Array(step))
+      // A compact alternative for `for (var i = 0; i < step; i++)`.
+      let i = step | 0
+      while (i--) {
+        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
+        id += alphabet[bytes[i] & mask] || ''
+        if (id.length === size) return id
+      }
+    }
+  }
+}
+
+let nanoid = async (size = 21) => {
+  let id = ''
+  let bytes = crypto.getRandomValues(new Uint8Array((size |= 0)))
+
+  // A compact alternative for `for (var i = 0; i < step; i++)`.
+  while (size--) {
+    // It is incorrect to use bytes exceeding the alphabet size.
+    // The following mask reduces the random byte in the 0-255 value
+    // range to the 0-63 value range. Therefore, adding hacks, such
+    // as empty string fallback or magic numbers, is unneccessary because
+    // the bitmask trims bytes down to the alphabet size.
+    let byte = bytes[size] & 63
+    if (byte < 36) {
+      // `0-9a-z`
+      id += byte.toString(36)
+    } else if (byte < 62) {
+      // `A-Z`
+      id += (byte - 26).toString(36).toUpperCase()
+    } else if (byte < 63) {
+      id += '_'
+    } else {
+      id += '-'
+    }
+  }
+  return id
+}
+
+module.exports = { nanoid, customAlphabet, random }

package/dist/node_modules/nanoid/async/index.browser.js

@@ -0,0 +1,69 @@
+let random = async bytes => crypto.getRandomValues(new Uint8Array(bytes))
+
+let customAlphabet = (alphabet, defaultSize = 21) => {
+  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
+  // values closer to the alphabet size. The bitmask calculates the closest
+  // `2^31 - 1` number, which exceeds the alphabet size.
+  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
+  // `Math.clz32` is not used, because it is not available in browsers.
+  let mask = (2 << (Math.log(alphabet.length - 1) / Math.LN2)) - 1
+  // Though, the bitmask solution is not perfect since the bytes exceeding
+  // the alphabet size are refused. Therefore, to reliably generate the ID,
+  // the random bytes redundancy has to be satisfied.
+
+  // Note: every hardware random generator call is performance expensive,
+  // because the system call for entropy collection takes a lot of time.
+  // So, to avoid additional system calls, extra bytes are requested in advance.
+
+  // Next, a step determines how many random bytes to generate.
+  // The number of random bytes gets decided upon the ID size, mask,
+  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
+  // according to benchmarks).
+
+  // `-~f => Math.ceil(f)` if f is a float
+  // `-~i => i + 1` if i is an integer
+  let step = -~((1.6 * mask * defaultSize) / alphabet.length)
+
+  return async (size = defaultSize) => {
+    let id = ''
+    while (true) {
+      let bytes = crypto.getRandomValues(new Uint8Array(step))
+      // A compact alternative for `for (var i = 0; i < step; i++)`.
+      let i = step | 0
+      while (i--) {
+        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
+        id += alphabet[bytes[i] & mask] || ''
+        if (id.length === size) return id
+      }
+    }
+  }
+}
+
+let nanoid = async (size = 21) => {
+  let id = ''
+  let bytes = crypto.getRandomValues(new Uint8Array((size |= 0)))
+
+  // A compact alternative for `for (var i = 0; i < step; i++)`.
+  while (size--) {
+    // It is incorrect to use bytes exceeding the alphabet size.
+    // The following mask reduces the random byte in the 0-255 value
+    // range to the 0-63 value range. Therefore, adding hacks, such
+    // as empty string fallback or magic numbers, is unneccessary because
+    // the bitmask trims bytes down to the alphabet size.
+    let byte = bytes[size] & 63
+    if (byte < 36) {
+      // `0-9a-z`
+      id += byte.toString(36)
+    } else if (byte < 62) {
+      // `A-Z`
+      id += (byte - 26).toString(36).toUpperCase()
+    } else if (byte < 63) {
+      id += '_'
+    } else {
+      id += '-'
+    }
+  }
+  return id
+}
+
+export { nanoid, customAlphabet, random }