@takaro/auth 0.0.1

package/README.md

@@ -0,0 +1 @@
+# @takaro/auth

package/dist/config.d.ts

@@ -0,0 +1,67 @@
+import { Config, IBaseConfig } from '@takaro/config';
+export interface IAuthConfig extends IBaseConfig {
+    kratos: {
+        publicUrl: string;
+        adminUrl: string;
+    };
+    hydra: {
+        publicUrl: string;
+        adminUrl: string;
+        adminClientId: string;
+        adminClientSecret: string;
+    };
+    takaro: {
+        url: string;
+    };
+}
+export declare const configSchema: {
+    kratos: {
+        publicUrl: {
+            doc: string;
+            format: StringConstructor;
+            default: string;
+            env: string;
+        };
+        adminUrl: {
+            doc: string;
+            format: StringConstructor;
+            default: string;
+            env: string;
+        };
+    };
+    hydra: {
+        publicUrl: {
+            doc: string;
+            format: StringConstructor;
+            default: string;
+            env: string;
+        };
+        adminUrl: {
+            doc: string;
+            format: StringConstructor;
+            default: string;
+            env: string;
+        };
+        adminClientId: {
+            doc: string;
+            format: StringConstructor;
+            default: null;
+            env: string;
+        };
+        adminClientSecret: {
+            doc: string;
+            format: StringConstructor;
+            default: null;
+            env: string;
+        };
+    };
+    takaro: {
+        url: {
+            doc: string;
+            format: StringConstructor;
+            default: string;
+            env: string;
+        };
+    };
+};
+export declare const config: Config<IAuthConfig>;

package/dist/config.js

@@ -0,0 +1,53 @@
+import { Config } from '@takaro/config';
+export const configSchema = {
+    kratos: {
+        publicUrl: {
+            doc: 'The URL of the Kratos public API',
+            format: String,
+            default: 'http://kratos:4433',
+            env: 'KRATOS_URL',
+        },
+        adminUrl: {
+            doc: 'The URL of the Kratos admin API',
+            format: String,
+            default: 'http://kratos:4434',
+            env: 'KRATOS_ADMIN_URL',
+        },
+    },
+    hydra: {
+        publicUrl: {
+            doc: 'The URL of the Takaro OAuth server',
+            format: String,
+            default: 'http://hydra:4444',
+            env: 'TAKARO_OAUTH_HOST',
+        },
+        adminUrl: {
+            doc: 'The URL of the Takaro OAuth admin server',
+            format: String,
+            default: 'http://hydra:4445',
+            env: 'TAKARO_OAUTH_ADMIN_HOST',
+        },
+        adminClientId: {
+            doc: 'The client ID to use when authenticating with the Takaro server',
+            format: String,
+            default: null,
+            env: 'ADMIN_CLIENT_ID',
+        },
+        adminClientSecret: {
+            doc: 'The client secret to use when authenticating with the Takaro server',
+            format: String,
+            default: null,
+            env: 'ADMIN_CLIENT_SECRET',
+        },
+    },
+    takaro: {
+        url: {
+            doc: 'The URL of the Takaro server',
+            format: String,
+            default: 'http://localhost:3000',
+            env: 'TAKARO_HOST',
+        },
+    },
+};
+export const config = new Config([configSchema]);
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAe,MAAM,gBAAgB,CAAC;AAkBrD,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,MAAM,EAAE;QACN,SAAS,EAAE;YACT,GAAG,EAAE,kCAAkC;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,oBAAoB;YAC7B,GAAG,EAAE,YAAY;SAClB;QACD,QAAQ,EAAE;YACR,GAAG,EAAE,iCAAiC;YACtC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,oBAAoB;YAC7B,GAAG,EAAE,kBAAkB;SACxB;KACF;IACD,KAAK,EAAE;QACL,SAAS,EAAE;YACT,GAAG,EAAE,oCAAoC;YACzC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,mBAAmB;YAC5B,GAAG,EAAE,mBAAmB;SACzB;QACD,QAAQ,EAAE;YACR,GAAG,EAAE,0CAA0C;YAC/C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,mBAAmB;YAC5B,GAAG,EAAE,yBAAyB;SAC/B;QACD,aAAa,EAAE;YACb,GAAG,EAAE,iEAAiE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI;YACb,GAAG,EAAE,iBAAiB;SACvB;QACD,iBAAiB,EAAE;YACjB,GAAG,EAAE,qEAAqE;YAC1E,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI;YACb,GAAG,EAAE,qBAAqB;SAC3B;KACF;IACD,MAAM,EAAE;QACN,GAAG,EAAE;YACH,GAAG,EAAE,8BAA8B;YACnC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,uBAAuB;YAChC,GAAG,EAAE,aAAa;SACnB;KACF;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,MAAM,CAAc,CAAC,YAAY,CAAC,CAAC,CAAC"}

package/dist/lib/ory.d.ts

@@ -0,0 +1,43 @@
+import { TakaroDTO } from '@takaro/util';
+import { Request } from 'express';
+export declare enum AUDIENCES {
+    TAKARO_API_ADMIN = "t:api:admin"
+}
+export interface ITakaroIdentity {
+    id: string;
+    email: string;
+    domainId: string;
+}
+export declare class TakaroTokenDTO extends TakaroDTO<TakaroTokenDTO> {
+    active: boolean;
+    clientId: string;
+    exp: number;
+    iat: number;
+    iss: string;
+    sub: string;
+    aud: string[];
+}
+declare class Ory {
+    private authToken;
+    private log;
+    private adminClient;
+    private identityClient;
+    private frontendClient;
+    constructor();
+    get OAuth2URL(): string;
+    deleteIdentitiesForDomain(domainId: string): Promise<void>;
+    getIdentity(id: string): Promise<ITakaroIdentity>;
+    createIdentity(email: string, domainId: string, password?: string): Promise<ITakaroIdentity>;
+    deleteIdentity(id: string): Promise<void>;
+    getIdentityFromReq(req: Request): Promise<ITakaroIdentity>;
+    submitApiLogin(username: string, password: string): Promise<import("axios").AxiosResponse<import("@ory/client").SuccessfulNativeLogin, any>>;
+    apiLogout(req: Request): Promise<true | import("axios").AxiosResponse<void, any>>;
+    introspectToken(token: string): Promise<TakaroTokenDTO>;
+    createOIDCClient(): Promise<{
+        clientId: string;
+        clientSecret: string;
+    }>;
+    getRecoveryFlow(id: string): Promise<import("@ory/client").RecoveryLinkForIdentity>;
+}
+export declare const ory: Ory;
+export {};

package/dist/lib/ory.js

@@ -0,0 +1,240 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { Configuration, FrontendApi, IdentityApi, OAuth2Api } from '@ory/client';
+import { config } from '../config.js';
+import { errors, logger, TakaroDTO } from '@takaro/util';
+import { createAxiosClient } from './oryAxiosClient.js';
+import { paginateIdentities } from './paginationHelpers.js';
+import { IsBoolean, IsNumber, IsString } from 'class-validator';
+var IDENTITY_SCHEMA;
+(function (IDENTITY_SCHEMA) {
+    IDENTITY_SCHEMA["USER"] = "user_v0";
+})(IDENTITY_SCHEMA || (IDENTITY_SCHEMA = {}));
+export var AUDIENCES;
+(function (AUDIENCES) {
+    // Used for various sysadmin tasks in the Takaro API
+    AUDIENCES["TAKARO_API_ADMIN"] = "t:api:admin";
+})(AUDIENCES || (AUDIENCES = {}));
+export class TakaroTokenDTO extends TakaroDTO {
+}
+__decorate([
+    IsBoolean(),
+    __metadata("design:type", Boolean)
+], TakaroTokenDTO.prototype, "active", void 0);
+__decorate([
+    IsString(),
+    __metadata("design:type", String)
+], TakaroTokenDTO.prototype, "clientId", void 0);
+__decorate([
+    IsNumber(),
+    __metadata("design:type", Number)
+], TakaroTokenDTO.prototype, "exp", void 0);
+__decorate([
+    IsNumber(),
+    __metadata("design:type", Number)
+], TakaroTokenDTO.prototype, "iat", void 0);
+__decorate([
+    IsString(),
+    __metadata("design:type", String)
+], TakaroTokenDTO.prototype, "iss", void 0);
+__decorate([
+    IsString(),
+    __metadata("design:type", String)
+], TakaroTokenDTO.prototype, "sub", void 0);
+__decorate([
+    IsString({ each: true }),
+    __metadata("design:type", Array)
+], TakaroTokenDTO.prototype, "aud", void 0);
+function metadataTypeguard(metadata) {
+    return typeof metadata === 'object' && metadata !== null && 'domainId' in metadata;
+}
+class Ory {
+    constructor() {
+        this.authToken = null;
+        this.log = logger('ory');
+        this.identityClient = new IdentityApi(new Configuration({
+            basePath: config.get('kratos.adminUrl'),
+        }), undefined, createAxiosClient(config.get('kratos.adminUrl')));
+        this.frontendClient = new FrontendApi(new Configuration({
+            basePath: config.get('kratos.publicUrl'),
+        }), undefined, createAxiosClient(config.get('kratos.publicUrl')));
+        this.adminClient = new OAuth2Api(new Configuration({
+            basePath: config.get('hydra.adminUrl'),
+        }), undefined, createAxiosClient(config.get('hydra.adminUrl')));
+    }
+    get OAuth2URL() {
+        return config.get('hydra.publicUrl');
+    }
+    async deleteIdentitiesForDomain(domainId) {
+        for await (const identities of paginateIdentities(this.identityClient)) {
+            for (const identity of identities) {
+                if (identity.metadata_public &&
+                    metadataTypeguard(identity.metadata_public) &&
+                    identity.metadata_public.domainId === domainId) {
+                    await this.deleteIdentity(identity.id);
+                }
+            }
+        }
+    }
+    async getIdentity(id) {
+        const res = await this.identityClient.getIdentity({
+            id,
+        });
+        if (!res.data.metadata_public) {
+            this.log.warn('Identity has no metadata_public', {
+                identity: res.data.id,
+            });
+            throw new errors.ForbiddenError();
+        }
+        if (!metadataTypeguard(res.data.metadata_public)) {
+            this.log.warn('Identity metadata_public is not of type {domainId: string}', { identity: res.data.id });
+            throw new errors.ForbiddenError();
+        }
+        return {
+            id: res.data.id,
+            email: res.data.traits.email,
+            domainId: res.data.metadata_public.domainId,
+        };
+    }
+    async createIdentity(email, domainId, password) {
+        const body = {
+            schema_id: IDENTITY_SCHEMA.USER,
+            traits: {
+                email,
+            },
+            metadata_public: {
+                domainId,
+            },
+        };
+        if (password) {
+            body.credentials = {
+                password: {
+                    config: {
+                        password,
+                    },
+                },
+            };
+        }
+        const res = await this.identityClient.createIdentity({
+            createIdentityBody: body,
+        });
+        return {
+            id: res.data.id,
+            email: res.data.traits.email,
+            domainId,
+        };
+    }
+    async deleteIdentity(id) {
+        await this.identityClient.deleteIdentity({
+            id,
+        });
+    }
+    async getIdentityFromReq(req) {
+        const tokenFromAuthHeader = req.headers['authorization']?.replace('Bearer ', '');
+        const sessionRes = await this.frontendClient.toSession({
+            cookie: req.headers.cookie,
+            xSessionToken: tokenFromAuthHeader,
+        });
+        if (!sessionRes.data.identity.metadata_public) {
+            this.log.warn('Identity has no metadata_public', {
+                identity: sessionRes.data.identity.id,
+            });
+            throw new errors.ForbiddenError();
+        }
+        if (!metadataTypeguard(sessionRes.data.identity.metadata_public)) {
+            this.log.warn('Identity metadata_public is not of type {domainId: string}', {
+                identity: sessionRes.data.identity.id,
+            });
+            throw new errors.ForbiddenError();
+        }
+        return {
+            id: sessionRes.data.identity.id,
+            email: sessionRes.data.identity.traits.email,
+            domainId: sessionRes.data.identity.metadata_public.domainId,
+        };
+    }
+    async submitApiLogin(username, password) {
+        const flow = await this.frontendClient.createNativeLoginFlow({
+            refresh: true,
+        });
+        return this.frontendClient.updateLoginFlow({
+            flow: flow.data.id,
+            updateLoginFlowBody: {
+                password,
+                identifier: username,
+                method: 'password',
+            },
+        });
+    }
+    async apiLogout(req) {
+        const tokenFromAuthHeader = req.headers['authorization']?.replace('Bearer ', '');
+        if (!tokenFromAuthHeader)
+            return true;
+        return this.frontendClient.performNativeLogout({
+            performNativeLogoutBody: {
+                session_token: tokenFromAuthHeader,
+            },
+        });
+    }
+    async introspectToken(token) {
+        const introspectRes = await this.adminClient.introspectOAuth2Token({
+            token,
+        });
+        const data = new TakaroTokenDTO({
+            active: introspectRes.data.active,
+            clientId: introspectRes.data.client_id,
+            aud: introspectRes.data.aud,
+            exp: introspectRes.data.exp,
+            iat: introspectRes.data.iat,
+            iss: introspectRes.data.iss,
+            sub: introspectRes.data.sub,
+        });
+        try {
+            // Check for correctness of the data
+            // DOES NOT CHECK FOR EXPIRATION
+            await data.validate();
+        }
+        catch (error) {
+            this.log.warn('Introspected token has invalid shape', { error });
+            throw new errors.ForbiddenError();
+        }
+        return data;
+    }
+    // Currently, this is only used for creating the admin-auth client.
+    // ...In the future we should make this more generic and allow for
+    // creating any API client perhaps?
+    async createOIDCClient() {
+        const client = await this.adminClient.createOAuth2Client({
+            oAuth2Client: {
+                grant_types: ['client_credentials'],
+                audience: [AUDIENCES.TAKARO_API_ADMIN],
+            },
+        });
+        if (!client.data.client_id || !client.data.client_secret) {
+            this.log.error('Could not create OIDC client', { client });
+            throw new errors.InternalServerError();
+        }
+        return {
+            clientId: client.data.client_id,
+            clientSecret: client.data.client_secret,
+        };
+    }
+    async getRecoveryFlow(id) {
+        const recoveryRes = await this.identityClient.createRecoveryLinkForIdentity({
+            createRecoveryLinkForIdentityBody: {
+                identity_id: id,
+                expires_in: '24h',
+            },
+        });
+        return recoveryRes.data;
+    }
+}
+export const ory = new Ory();
+//# sourceMappingURL=ory.js.map

package/dist/lib/ory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ory.js","sourceRoot":"","sources":["../../src/lib/ory.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,aAAa,EAAsB,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACrG,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE5D,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAEhE,IAAK,eAEJ;AAFD,WAAK,eAAe;IAClB,mCAAgB,CAAA;AAClB,CAAC,EAFI,eAAe,KAAf,eAAe,QAEnB;AAED,MAAM,CAAN,IAAY,SAGX;AAHD,WAAY,SAAS;IACnB,oDAAoD;IACpD,6CAAgC,CAAA;AAClC,CAAC,EAHW,SAAS,KAAT,SAAS,QAGpB;AAQD,MAAM,OAAO,cAAe,SAAQ,SAAyB;CAe5D;AAbC;IADC,SAAS,EAAE;;8CACI;AAEhB;IADC,QAAQ,EAAE;;gDACM;AAEjB;IADC,QAAQ,EAAE;;2CACC;AAEZ;IADC,QAAQ,EAAE;;2CACC;AAEZ;IADC,QAAQ,EAAE;;2CACC;AAEZ;IADC,QAAQ,EAAE;;2CACC;AAEZ;IADC,QAAQ,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;;2CACX;AAGhB,SAAS,iBAAiB,CAAC,QAAiB;IAC1C,OAAO,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,IAAI,UAAU,IAAI,QAAQ,CAAC;AACrF,CAAC;AAED,MAAM,GAAG;IAQP;QAPQ,cAAS,GAAkB,IAAI,CAAC;QAChC,QAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QAO1B,IAAI,CAAC,cAAc,GAAG,IAAI,WAAW,CACnC,IAAI,aAAa,CAAC;YAChB,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC;SACxC,CAAC,EACF,SAAS,EACT,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CACjD,CAAC;QAEF,IAAI,CAAC,cAAc,GAAG,IAAI,WAAW,CACnC,IAAI,aAAa,CAAC;YAChB,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC;SACzC,CAAC,EACF,SAAS,EACT,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAClD,CAAC;QACF,IAAI,CAAC,WAAW,GAAG,IAAI,SAAS,CAC9B,IAAI,aAAa,CAAC;YAChB,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC;SACvC,CAAC,EACF,SAAS,EACT,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAChD,CAAC;IACJ,CAAC;IAED,IAAI,SAAS;QACX,OAAO,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,QAAgB;QAC9C,IAAI,KAAK,EAAE,MAAM,UAAU,IAAI,kBAAkB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACvE,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;gBAClC,IACE,QAAQ,CAAC,eAAe;oBACxB,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC;oBAC3C,QAAQ,CAAC,eAAe,CAAC,QAAQ,KAAK,QAAQ,EAC9C,CAAC;oBACD,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAU;QAC1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC;YAChD,EAAE;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,iCAAiC,EAAE;gBAC/C,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;aACtB,CAAC,CAAC;YACH,MAAM,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACpC,CAAC;QAED,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YACjD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,4DAA4D,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YACvG,MAAM,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACpC,CAAC;QAED,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;YACf,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK;YAC5B,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ;SAC5C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,QAAgB,EAAE,QAAiB;QACrE,MAAM,IAAI,GAAuB;YAC/B,SAAS,EAAE,eAAe,CAAC,IAAI;YAC/B,MAAM,EAAE;gBACN,KAAK;aACN;YACD,eAAe,EAAE;gBACf,QAAQ;aACT;SACF,CAAC;QAEF,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,WAAW,GAAG;gBACjB,QAAQ,EAAE;oBACR,MAAM,EAAE;wBACN,QAAQ;qBACT;iBACF;aACF,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC;YACnD,kBAAkB,EAAE,IAAI;SACzB,CAAC,CAAC;QAEH,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;YACf,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK;YAC5B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,EAAU;QAC7B,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC;YACvC,EAAE;SACH,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,GAAY;QACnC,MAAM,mBAAmB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAEjF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC;YACrD,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;YAC1B,aAAa,EAAE,mBAAmB;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAS,CAAC,eAAe,EAAE,CAAC;YAC/C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,iCAAiC,EAAE;gBAC/C,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,QAAS,CAAC,EAAE;aACvC,CAAC,CAAC;YACH,MAAM,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACpC,CAAC;QAED,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,QAAS,CAAC,eAAe,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,4DAA4D,EAAE;gBAC1E,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,QAAS,CAAC,EAAE;aACvC,CAAC,CAAC;YACH,MAAM,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACpC,CAAC;QAED,OAAO;YACL,EAAE,EAAE,UAAU,CAAC,IAAI,CAAC,QAAS,CAAC,EAAE;YAChC,KAAK,EAAE,UAAU,CAAC,IAAI,CAAC,QAAS,CAAC,MAAM,CAAC,KAAK;YAC7C,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,QAAS,CAAC,eAAe,CAAC,QAAQ;SAC7D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,QAAgB;QACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,qBAAqB,CAAC;YAC3D,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC;YACzC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;YAClB,mBAAmB,EAAE;gBACnB,QAAQ;gBACR,UAAU,EAAE,QAAQ;gBACpB,MAAM,EAAE,UAAU;aACnB;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAY;QAC1B,MAAM,mBAAmB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAEjF,IAAI,CAAC,mBAAmB;YAAE,OAAO,IAAI,CAAC;QAEtC,OAAO,IAAI,CAAC,cAAc,CAAC,mBAAmB,CAAC;YAC7C,uBAAuB,EAAE;gBACvB,aAAa,EAAE,mBAAmB;aACnC;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,KAAa;QACjC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAAC;YACjE,KAAK;SACN,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,IAAI,cAAc,CAAC;YAC9B,MAAM,EAAE,aAAa,CAAC,IAAI,CAAC,MAAM;YACjC,QAAQ,EAAE,aAAa,CAAC,IAAI,CAAC,SAAS;YACtC,GAAG,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG;YAC3B,GAAG,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG;YAC3B,GAAG,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG;YAC3B,GAAG,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG;YAC3B,GAAG,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,oCAAoC;YACpC,gCAAgC;YAChC,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACjE,MAAM,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QACpC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,mEAAmE;IACnE,kEAAkE;IAClE,mCAAmC;IACnC,KAAK,CAAC,gBAAgB;QAIpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;YACvD,YAAY,EAAE;gBACZ,WAAW,EAAE,CAAC,oBAAoB,CAAC;gBACnC,QAAQ,EAAE,CAAC,SAAS,CAAC,gBAAgB,CAAC;aACvC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACzD,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;YAC3D,MAAM,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QACzC,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS;YAC/B,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,EAAU;QAC9B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,6BAA6B,CAAC;YAC1E,iCAAiC,EAAE;gBACjC,WAAW,EAAE,EAAE;gBACf,UAAU,EAAE,KAAK;aAClB;SACF,CAAC,CAAC;QAEH,OAAO,WAAW,CAAC,IAAI,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,CAAC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC"}

package/dist/lib/oryAxiosClient.d.ts

@@ -0,0 +1 @@
+export declare function createAxiosClient(baseURL: string): import("axios").AxiosInstance;

package/dist/lib/oryAxiosClient.js

@@ -0,0 +1,50 @@
+import axios from 'axios';
+import { addCounterToAxios, errors, logger } from '@takaro/util';
+const log = logger('ory:http');
+export function createAxiosClient(baseURL) {
+    const client = axios.create({
+        baseURL,
+        headers: {
+            'Content-Type': 'application/json',
+            'User-Agent': 'Takaro-Agent',
+        },
+    });
+    addCounterToAxios(client, {
+        name: 'ory_api_requests_total',
+        help: 'Total number of requests to the Ory API',
+    });
+    client.interceptors.request.use((request) => {
+        log.silly(`➡️ ${request.method?.toUpperCase()} ${request.url}`, {
+            method: request.method,
+            url: request.url,
+        });
+        return request;
+    });
+    client.interceptors.response.use((response) => {
+        log.silly(`⬅️ ${response.request.method?.toUpperCase()} ${response.request.path} ${response.status} ${response.statusText}`, {
+            status: response.status,
+            method: response.request.method,
+            url: response.request.url,
+        });
+        return response;
+    }, (error) => {
+        let details = {};
+        if (error.response?.data) {
+            const data = error.response.data;
+            details = JSON.stringify(data.error_description);
+        }
+        log.error(`☠️ Request errored: [${error.response?.status}] ${details}`, {
+            status: error.response?.status,
+            statusText: error.response?.statusText,
+            method: error.config?.method,
+            url: error.config?.url,
+            response: error.response?.data,
+        });
+        if (error.response?.status === 409) {
+            return Promise.reject(new errors.ConflictError('User with this identifier already exists'));
+        }
+        return Promise.reject(error);
+    });
+    return client;
+}
+//# sourceMappingURL=oryAxiosClient.js.map

package/dist/lib/oryAxiosClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oryAxiosClient.js","sourceRoot":"","sources":["../../src/lib/oryAxiosClient.ts"],"names":[],"mappings":"AAAA,OAAO,KAAqB,MAAM,OAAO,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEjE,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;AAE/B,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QAC1B,OAAO;QACP,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,YAAY,EAAE,cAAc;SAC7B;KACF,CAAC,CAAC;IAEH,iBAAiB,CAAC,MAAM,EAAE;QACxB,IAAI,EAAE,wBAAwB;QAC9B,IAAI,EAAE,yCAAyC;KAChD,CAAC,CAAC;IAEH,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QAC1C,GAAG,CAAC,KAAK,CAAC,MAAM,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE;YAC9D,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,GAAG,EAAE,OAAO,CAAC,GAAG;SACjB,CAAC,CAAC;QACH,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAC9B,CAAC,QAAQ,EAAE,EAAE;QACX,GAAG,CAAC,KAAK,CACP,MAAM,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,QAAQ,CAAC,MAAM,IACtF,QAAQ,CAAC,UACX,EAAE,EACF;YACE,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM;YAC/B,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG;SAC1B,CACF,CAAC;QAEF,OAAO,QAAQ,CAAC;IAClB,CAAC,EACD,CAAC,KAAiB,EAAE,EAAE;QACpB,IAAI,OAAO,GAAG,EAAE,CAAC;QAEjB,IAAI,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC,IAA+B,CAAC;YAC5D,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACnD,CAAC;QAED,GAAG,CAAC,KAAK,CAAC,wBAAwB,KAAK,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,EAAE,EAAE;YACtE,MAAM,EAAE,KAAK,CAAC,QAAQ,EAAE,MAAM;YAC9B,UAAU,EAAE,KAAK,CAAC,QAAQ,EAAE,UAAU;YACtC,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM;YAC5B,GAAG,EAAE,KAAK,CAAC,MAAM,EAAE,GAAG;YACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,IAAI;SAC/B,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;YACnC,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;QAC9F,CAAC;QAED,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,CACF,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/lib/paginationHelpers.d.ts

@@ -0,0 +1,2 @@
+import { IdentityApi } from '@ory/client';
+export declare function paginateIdentities(adminClient: IdentityApi, page?: undefined, perPage?: number): AsyncGenerator<import("@ory/client").Identity[], void, unknown>;

package/dist/lib/paginationHelpers.js

@@ -0,0 +1,38 @@
+import { parse, URLSearchParams } from 'url';
+export async function* paginateIdentities(adminClient, page = undefined, perPage = 100) {
+    let nextPage = page;
+    while (true) {
+        const response = await adminClient.listIdentities({
+            page: nextPage,
+            perPage,
+        });
+        if (response.data.length === 0) {
+            // Stop the iteration if there are no more items
+            break;
+        }
+        yield response.data;
+        // Parse Link header
+        const linkHeader = response.headers.link;
+        const links = linkHeader.split(',');
+        const nextLink = links.find((link) => link.includes('rel="next"'));
+        if (!nextLink) {
+            break;
+        }
+        // Extract the 'next' page URL
+        const match = nextLink.match(/<(.*)>/);
+        const url = match ? match[1] : undefined;
+        if (!url) {
+            break;
+        }
+        const parsedUrl = parse(url);
+        const params = new URLSearchParams(parsedUrl.query || '');
+        const nextPageToken = params.get('page');
+        if (nextPageToken) {
+            nextPage = parseInt(nextPageToken, 10);
+        }
+        else {
+            break; // stop if there is no next page
+        }
+    }
+}
+//# sourceMappingURL=paginationHelpers.js.map

package/dist/lib/paginationHelpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paginationHelpers.js","sourceRoot":"","sources":["../../src/lib/paginationHelpers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,KAAK,CAAC;AAE7C,MAAM,CAAC,KAAK,SAAS,CAAC,CAAC,kBAAkB,CAAC,WAAwB,EAAE,IAAI,GAAG,SAAS,EAAE,OAAO,GAAG,GAAG;IACjG,IAAI,QAAQ,GAAuB,IAAI,CAAC;IAExC,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,cAAc,CAAC;YAChD,IAAI,EAAE,QAAQ;YACd,OAAO;SACR,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,gDAAgD;YAChD,MAAM;QACR,CAAC;QAED,MAAM,QAAQ,CAAC,IAAI,CAAC;QAEpB,oBAAoB;QACpB,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QAE3E,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM;QACR,CAAC;QAED,8BAA8B;QAC9B,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACvC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEzC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM;QACR,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,aAAa,EAAE,CAAC;YAClB,QAAQ,GAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,gCAAgC;QACzC,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/lib/permissions.d.ts

@@ -0,0 +1,27 @@
+export declare enum PERMISSIONS {
+    'ROOT' = "ROOT",
+    'MANAGE_USERS' = "MANAGE_USERS",
+    'READ_USERS' = "READ_USERS",
+    'MANAGE_ROLES' = "MANAGE_ROLES",
+    'READ_ROLES' = "READ_ROLES",
+    'MANAGE_GAMESERVERS' = "MANAGE_GAMESERVERS",
+    'READ_GAMESERVERS' = "READ_GAMESERVERS",
+    'READ_MODULES' = "READ_MODULES",
+    'MANAGE_MODULES' = "MANAGE_MODULES",
+    'READ_PLAYERS' = "READ_PLAYERS",
+    'MANAGE_PLAYERS' = "MANAGE_PLAYERS",
+    'MANAGE_SETTINGS' = "MANAGE_SETTINGS",
+    'READ_SETTINGS' = "READ_SETTINGS",
+    'READ_VARIABLES' = "READ_VARIABLES",
+    'MANAGE_VARIABLES' = "MANAGE_VARIABLES",
+    'READ_EVENTS' = "READ_EVENTS",
+    'MANAGE_EVENTS' = "MANAGE_EVENTS",
+    'READ_ITEMS' = "READ_ITEMS",
+    'MANAGE_ITEMS' = "MANAGE_ITEMS"
+}
+export interface IPermissionDetails {
+    permission: string;
+    friendlyName: string;
+    description: string;
+}
+export declare const PERMISSION_DETAILS: Record<PERMISSIONS, IPermissionDetails>;