@tern-secure/auth 1.1.0-canary.v20251020170039 → 1.1.0-canary.v20251024005655
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/index.js +3 -0
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/instance/TernAuth.js +78 -136
- package/dist/cjs/instance/TernAuth.js.map +1 -1
- package/dist/cjs/resources/SignIn.js +78 -36
- package/dist/cjs/resources/SignIn.js.map +1 -1
- package/dist/cjs/utils/construct.js +91 -4
- package/dist/cjs/utils/construct.js.map +1 -1
- package/dist/cjs/utils/index.js +5 -1
- package/dist/cjs/utils/index.js.map +1 -1
- package/dist/cjs/utils/redirectUrls.js +156 -0
- package/dist/cjs/utils/redirectUrls.js.map +1 -0
- package/dist/cjs/utils/windowNavigate.js +45 -0
- package/dist/cjs/utils/windowNavigate.js.map +1 -0
- package/dist/esm/index.js +2 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/instance/TernAuth.js +79 -136
- package/dist/esm/instance/TernAuth.js.map +1 -1
- package/dist/esm/resources/SignIn.js +78 -36
- package/dist/esm/resources/SignIn.js.map +1 -1
- package/dist/esm/utils/construct.js +84 -4
- package/dist/esm/utils/construct.js.map +1 -1
- package/dist/esm/utils/index.js +2 -0
- package/dist/esm/utils/index.js.map +1 -1
- package/dist/esm/utils/redirectUrls.js +132 -0
- package/dist/esm/utils/redirectUrls.js.map +1 -0
- package/dist/esm/utils/windowNavigate.js +19 -0
- package/dist/esm/utils/windowNavigate.js.map +1 -0
- package/dist/types/index.d.ts +2 -1
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/instance/TernAuth.d.ts +10 -10
- package/dist/types/instance/TernAuth.d.ts.map +1 -1
- package/dist/types/resources/SignIn.d.ts +26 -5
- package/dist/types/resources/SignIn.d.ts.map +1 -1
- package/dist/types/utils/construct.d.ts +31 -0
- package/dist/types/utils/construct.d.ts.map +1 -1
- package/dist/types/utils/index.d.ts +2 -0
- package/dist/types/utils/index.d.ts.map +1 -1
- package/dist/types/utils/redirectUrls.d.ts +23 -0
- package/dist/types/utils/redirectUrls.d.ts.map +1 -0
- package/dist/types/utils/windowNavigate.d.ts +12 -0
- package/dist/types/utils/windowNavigate.d.ts.map +1 -0
- package/package.json +3 -3
|
@@ -11,7 +11,7 @@ import {
|
|
|
11
11
|
import { TernSecureBase } from "./Base";
|
|
12
12
|
class SignIn extends TernSecureBase {
|
|
13
13
|
pathRoot = "/sessions/createsession";
|
|
14
|
-
status;
|
|
14
|
+
status = null;
|
|
15
15
|
auth;
|
|
16
16
|
csrfToken;
|
|
17
17
|
_currentUser = null;
|
|
@@ -66,24 +66,17 @@ class SignIn extends TernSecureBase {
|
|
|
66
66
|
console.error(authError);
|
|
67
67
|
}
|
|
68
68
|
};
|
|
69
|
-
withSocialProvider = async (provider, options) => {
|
|
69
|
+
withSocialProvider = async (provider, options = {}) => {
|
|
70
70
|
try {
|
|
71
|
-
|
|
71
|
+
const { mode = "popup" } = options;
|
|
72
|
+
if (mode === "redirect") {
|
|
72
73
|
const redirectResult = await this.authRedirectResult();
|
|
73
74
|
if (redirectResult) {
|
|
74
|
-
if (redirectResult.status === "success") {
|
|
75
|
-
console.log("Redirect after sign in");
|
|
76
|
-
}
|
|
77
75
|
return redirectResult;
|
|
78
76
|
}
|
|
79
|
-
await this._signInWithRedirect(provider);
|
|
80
|
-
return;
|
|
77
|
+
return await this._signInWithRedirect(provider, options);
|
|
81
78
|
} else {
|
|
82
|
-
await this._signInWithPopUp(provider);
|
|
83
|
-
return {
|
|
84
|
-
status: "success",
|
|
85
|
-
message: "Sign in successful"
|
|
86
|
-
};
|
|
79
|
+
return await this._signInWithPopUp(provider, options);
|
|
87
80
|
}
|
|
88
81
|
} catch (error) {
|
|
89
82
|
return {
|
|
@@ -124,22 +117,27 @@ class SignIn extends TernSecureBase {
|
|
|
124
117
|
switch (providerName.toLowerCase()) {
|
|
125
118
|
case "google": {
|
|
126
119
|
const googleProvider = new GoogleAuthProvider();
|
|
127
|
-
return {
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
}
|
|
133
|
-
};
|
|
120
|
+
return { provider: googleProvider };
|
|
121
|
+
}
|
|
122
|
+
case "apple": {
|
|
123
|
+
const appleProvider = new OAuthProvider("apple.com");
|
|
124
|
+
return { provider: appleProvider };
|
|
134
125
|
}
|
|
135
126
|
case "microsoft": {
|
|
136
127
|
const microsoftProvider = new OAuthProvider("microsoft.com");
|
|
137
|
-
return {
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
128
|
+
return { provider: microsoftProvider };
|
|
129
|
+
}
|
|
130
|
+
case "github": {
|
|
131
|
+
const githubProvider = new OAuthProvider("github.com");
|
|
132
|
+
return { provider: githubProvider };
|
|
133
|
+
}
|
|
134
|
+
case "twitter": {
|
|
135
|
+
const twitterProvider = new OAuthProvider("twitter.com");
|
|
136
|
+
return { provider: twitterProvider };
|
|
137
|
+
}
|
|
138
|
+
case "facebook": {
|
|
139
|
+
const facebookProvider = new OAuthProvider("facebook.com");
|
|
140
|
+
return { provider: facebookProvider };
|
|
143
141
|
}
|
|
144
142
|
default:
|
|
145
143
|
throw new Error(`Unsupported provider: ${providerName}`);
|
|
@@ -167,12 +165,56 @@ class SignIn extends TernSecureBase {
|
|
|
167
165
|
};
|
|
168
166
|
}
|
|
169
167
|
}
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
168
|
+
/**
|
|
169
|
+
* Sets custom OAuth parameters on the provider if provided by consumer
|
|
170
|
+
* @param provider - Firebase auth provider instance
|
|
171
|
+
* @param customParameters - Consumer-provided OAuth parameters
|
|
172
|
+
*/
|
|
173
|
+
setProviderCustomParameters(provider, customParameters) {
|
|
174
|
+
if (!customParameters || Object.keys(customParameters).length === 0) {
|
|
175
|
+
return;
|
|
176
|
+
}
|
|
177
|
+
provider.setCustomParameters(customParameters);
|
|
178
|
+
}
|
|
179
|
+
/**
|
|
180
|
+
* Adds OAuth scopes to the provider if provided by consumer
|
|
181
|
+
* Handles provider-specific scope setting logic
|
|
182
|
+
* @param provider - Firebase auth provider instance
|
|
183
|
+
* @param scopes - Array of OAuth scopes to request
|
|
184
|
+
*/
|
|
185
|
+
setProviderScopes(provider, scopes) {
|
|
186
|
+
if (!scopes || scopes.length === 0) {
|
|
187
|
+
return;
|
|
188
|
+
}
|
|
189
|
+
if (provider instanceof GoogleAuthProvider) {
|
|
190
|
+
scopes.forEach((scope) => {
|
|
191
|
+
provider.addScope(scope);
|
|
192
|
+
});
|
|
193
|
+
} else if (provider instanceof OAuthProvider) {
|
|
194
|
+
provider.addScope(scopes.join(" "));
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
/**
|
|
198
|
+
* Configures OAuth provider with consumer-provided options
|
|
199
|
+
* @param provider - Firebase auth provider instance
|
|
200
|
+
* @param options - Consumer options containing custom parameters and scopes
|
|
201
|
+
*/
|
|
202
|
+
configureProvider(provider, options) {
|
|
203
|
+
this.setProviderCustomParameters(provider, options.customParameters);
|
|
204
|
+
this.setProviderScopes(provider, options.scopes);
|
|
205
|
+
}
|
|
206
|
+
executeAuthMethod = async (authMethod, providerName, options = {}) => {
|
|
173
207
|
try {
|
|
174
|
-
|
|
175
|
-
|
|
208
|
+
const config = this.getProviderConfig(providerName);
|
|
209
|
+
this.configureProvider(config.provider, options);
|
|
210
|
+
const { user, providerId, operationType } = await authMethod(this.auth, config.provider);
|
|
211
|
+
return {
|
|
212
|
+
status: "success",
|
|
213
|
+
message: "Authentication successful",
|
|
214
|
+
user,
|
|
215
|
+
providerId,
|
|
216
|
+
operationType
|
|
217
|
+
};
|
|
176
218
|
} catch (error) {
|
|
177
219
|
const authError = handleFirebaseAuthError(error);
|
|
178
220
|
return {
|
|
@@ -181,12 +223,12 @@ class SignIn extends TernSecureBase {
|
|
|
181
223
|
error: authError.code
|
|
182
224
|
};
|
|
183
225
|
}
|
|
226
|
+
};
|
|
227
|
+
async _signInWithRedirect(providerName, options = {}) {
|
|
228
|
+
return this.executeAuthMethod(signInWithRedirect, providerName, options);
|
|
184
229
|
}
|
|
185
|
-
async
|
|
186
|
-
return this.executeAuthMethod(
|
|
187
|
-
}
|
|
188
|
-
async _signInWithPopUp(providerName) {
|
|
189
|
-
return this.executeAuthMethod(signInWithPopup, providerName);
|
|
230
|
+
async _signInWithPopUp(providerName, options = {}) {
|
|
231
|
+
return this.executeAuthMethod(signInWithPopup, providerName, options);
|
|
190
232
|
}
|
|
191
233
|
async checkRedirectResult() {
|
|
192
234
|
return this.authRedirectResult();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/resources/SignIn.ts"],"sourcesContent":["import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport type {\n ResendEmailVerification,\n SignInFormValues,\n SignInResource,\n SignInResponse as SignInResponseFromTypes,\n SignInStatus,\n TernSecureUser,\n} from '@tern-secure/types';\nimport type { Auth, UserCredential } from 'firebase/auth';\nimport {\n getRedirectResult,\n GoogleAuthProvider,\n OAuthProvider,\n sendEmailVerification,\n signInWithEmailAndPassword,\n signInWithPopup,\n signInWithRedirect,\n} from 'firebase/auth';\n\nimport { TernSecureBase } from './Base';\n\ntype SignInResponse = SignInResponseFromTypes;\n\ninterface ProviderConfig {\n provider: GoogleAuthProvider | OAuthProvider;\n customParameters: Record<string, string>;\n}\n\nexport type TernRequestInit = RequestInit;\n\nexport type SignInParams = {\n idToken: string;\n csrfToken: string | undefined;\n};\n\ntype FirebaseAuthResult = UserCredential | void;\n\ntype AuthMethodFunction = (\n auth: Auth,\n provider: GoogleAuthProvider | OAuthProvider,\n) => Promise<FirebaseAuthResult>;\n\nexport class SignIn extends TernSecureBase implements SignInResource {\n pathRoot = '/sessions/createsession';\n\n status?: SignInStatus | undefined;\n private auth: Auth;\n private csrfToken: string | undefined;\n private _currentUser: TernSecureUser | null = null;\n\n constructor(auth: Auth, csrfToken: string | undefined) {\n super();\n this.auth = auth;\n this.csrfToken = csrfToken;\n }\n\n signInWithCredential = async (credential: UserCredential) => {\n const idToken = await credential.user.getIdToken();\n const params = {\n idToken: idToken,\n csrfToken: this.csrfToken,\n };\n\n return this._post({\n path: this.pathRoot,\n body: params,\n });\n };\n\n withEmailAndPassword = async (params: SignInFormValues): Promise<SignInResponse> => {\n try {\n const { email, password } = params;\n const { user, providerId, operationType } = await signInWithEmailAndPassword(\n this.auth,\n email,\n password,\n );\n return {\n status: 'success',\n user,\n providerId,\n operationType,\n message: 'Authentication successful',\n error: !user.emailVerified ? 'REQUIRES_VERIFICATION' : 'AUTHENTICATED',\n };\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n };\n\n withCredential = async (params: SignInFormValues): Promise<void> => {\n try {\n const { email, password } = params;\n const userCredential = await signInWithEmailAndPassword(this.auth, email, password);\n await this.signInWithCredential(userCredential);\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n console.error(authError);\n }\n };\n\n withSocialProvider = async (\n provider: string,\n options?: {\n mode?: 'popup' | 'redirect';\n },\n ): Promise<SignInResponse | void> => {\n try {\n if (options?.mode === 'redirect') {\n const redirectResult = await this.authRedirectResult();\n\n if (redirectResult) {\n if (redirectResult.status === 'success') {\n console.log('Redirect after sign in');\n }\n return redirectResult;\n }\n\n await this._signInWithRedirect(provider);\n return;\n } else {\n await this._signInWithPopUp(provider);\n return {\n status: 'success',\n message: 'Sign in successful',\n };\n }\n } catch (error: any) {\n return {\n status: 'error',\n message: error.message || `Sign in with ${provider} failed`,\n error,\n };\n }\n };\n\n completeMfaSignIn = async (_mfaToken: string, _mfaContext?: any): Promise<SignInResponse> => {\n throw new Error('Method not implemented.');\n };\n\n sendPasswordResetEmail = async (email: string): Promise<void> => {\n console.log(`Sending password reset email to ${email}`);\n };\n\n resendEmailVerification = async (): Promise<ResendEmailVerification> => {\n const user = this._currentUser;\n if (!user) {\n throw new Error('No user is currently signed in');\n }\n\n await user.reload();\n\n if (user.emailVerified) {\n return {\n isVerified: true,\n };\n }\n\n const actionCodeSettings = {\n url: '/sign-in', // TODO: Make this configurable\n handleCodeInApp: true,\n };\n\n await sendEmailVerification(user, actionCodeSettings);\n return {\n isVerified: false,\n };\n };\n\n private getProviderConfig(providerName: string): ProviderConfig {\n switch (providerName.toLowerCase()) {\n case 'google': {\n const googleProvider = new GoogleAuthProvider();\n return {\n provider: googleProvider,\n customParameters: {\n login_hint: 'user@example.com',\n prompt: 'select_account',\n },\n };\n }\n case 'microsoft': {\n const microsoftProvider = new OAuthProvider('microsoft.com');\n return {\n provider: microsoftProvider,\n customParameters: {\n prompt: 'consent',\n },\n };\n }\n default:\n throw new Error(`Unsupported provider: ${providerName}`);\n }\n }\n\n private async authRedirectResult(): Promise<SignInResponse | null> {\n try {\n const result = await getRedirectResult(this.auth);\n\n if (result) {\n const { user, providerId, operationType } = result;\n return {\n status: 'success',\n user,\n providerId,\n operationType,\n };\n }\n return null;\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n }\n\n private async executeAuthMethod(\n authMethod: AuthMethodFunction,\n providerName: string,\n ): Promise<SignInResponse> {\n const config = this.getProviderConfig(providerName);\n config.provider.setCustomParameters(config.customParameters);\n try {\n await authMethod(this.auth, config.provider);\n return { status: 'success', message: 'Authentication initiated' };\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n }\n\n private async _signInWithRedirect(providerName: string): Promise<SignInResponse> {\n return this.executeAuthMethod(signInWithRedirect, providerName);\n }\n\n private async _signInWithPopUp(providerName: string): Promise<SignInResponse> {\n return this.executeAuthMethod(signInWithPopup, providerName);\n }\n\n public async checkRedirectResult(): Promise<SignInResponse | null> {\n return this.authRedirectResult();\n }\n}\n"],"mappings":"AAAA,SAAS,+BAA+B;AAUxC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,sBAAsB;AAuBxB,MAAM,eAAe,eAAyC;AAAA,EACnE,WAAW;AAAA,EAEX;AAAA,EACQ;AAAA,EACA;AAAA,EACA,eAAsC;AAAA,EAE9C,YAAY,MAAY,WAA+B;AACrD,UAAM;AACN,SAAK,OAAO;AACZ,SAAK,YAAY;AAAA,EACnB;AAAA,EAEA,uBAAuB,OAAO,eAA+B;AAC3D,UAAM,UAAU,MAAM,WAAW,KAAK,WAAW;AACjD,UAAM,SAAS;AAAA,MACb;AAAA,MACA,WAAW,KAAK;AAAA,IAClB;AAEA,WAAO,KAAK,MAAM;AAAA,MAChB,MAAM,KAAK;AAAA,MACX,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA,EAEA,uBAAuB,OAAO,WAAsD;AAClF,QAAI;AACF,YAAM,EAAE,OAAO,SAAS,IAAI;AAC5B,YAAM,EAAE,MAAM,YAAY,cAAc,IAAI,MAAM;AAAA,QAChD,KAAK;AAAA,QACL;AAAA,QACA;AAAA,MACF;AACA,aAAO;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,OAAO,CAAC,KAAK,gBAAgB,0BAA0B;AAAA,MACzD;AAAA,IACF,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,iBAAiB,OAAO,WAA4C;AAClE,QAAI;AACF,YAAM,EAAE,OAAO,SAAS,IAAI;AAC5B,YAAM,iBAAiB,MAAM,2BAA2B,KAAK,MAAM,OAAO,QAAQ;AAClF,YAAM,KAAK,qBAAqB,cAAc;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,cAAQ,MAAM,SAAS;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,qBAAqB,OACnB,UACA,YAGmC;AACnC,QAAI;AACF,WAAI,mCAAS,UAAS,YAAY;AAChC,cAAM,iBAAiB,MAAM,KAAK,mBAAmB;AAErD,YAAI,gBAAgB;AAClB,cAAI,eAAe,WAAW,WAAW;AACvC,oBAAQ,IAAI,wBAAwB;AAAA,UACtC;AACA,iBAAO;AAAA,QACT;AAEA,cAAM,KAAK,oBAAoB,QAAQ;AACvC;AAAA,MACF,OAAO;AACL,cAAM,KAAK,iBAAiB,QAAQ;AACpC,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF,SAAS,OAAY;AACnB,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,MAAM,WAAW,gBAAgB,QAAQ;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,oBAAoB,OAAO,WAAmB,gBAA+C;AAC3F,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAAA,EAEA,yBAAyB,OAAO,UAAiC;AAC/D,YAAQ,IAAI,mCAAmC,KAAK,EAAE;AAAA,EACxD;AAAA,EAEA,0BAA0B,YAA8C;AACtE,UAAM,OAAO,KAAK;AAClB,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,gCAAgC;AAAA,IAClD;AAEA,UAAM,KAAK,OAAO;AAElB,QAAI,KAAK,eAAe;AACtB,aAAO;AAAA,QACL,YAAY;AAAA,MACd;AAAA,IACF;AAEA,UAAM,qBAAqB;AAAA,MACzB,KAAK;AAAA;AAAA,MACL,iBAAiB;AAAA,IACnB;AAEA,UAAM,sBAAsB,MAAM,kBAAkB;AACpD,WAAO;AAAA,MACL,YAAY;AAAA,IACd;AAAA,EACF;AAAA,EAEQ,kBAAkB,cAAsC;AAC9D,YAAQ,aAAa,YAAY,GAAG;AAAA,MAClC,KAAK,UAAU;AACb,cAAM,iBAAiB,IAAI,mBAAmB;AAC9C,eAAO;AAAA,UACL,UAAU;AAAA,UACV,kBAAkB;AAAA,YAChB,YAAY;AAAA,YACZ,QAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,MACA,KAAK,aAAa;AAChB,cAAM,oBAAoB,IAAI,cAAc,eAAe;AAC3D,eAAO;AAAA,UACL,UAAU;AAAA,UACV,kBAAkB;AAAA,YAChB,QAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,MACA;AACE,cAAM,IAAI,MAAM,yBAAyB,YAAY,EAAE;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAc,qBAAqD;AACjE,QAAI;AACF,YAAM,SAAS,MAAM,kBAAkB,KAAK,IAAI;AAEhD,UAAI,QAAQ;AACV,cAAM,EAAE,MAAM,YAAY,cAAc,IAAI;AAC5C,eAAO;AAAA,UACL,QAAQ;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,kBACZ,YACA,cACyB;AACzB,UAAM,SAAS,KAAK,kBAAkB,YAAY;AAClD,WAAO,SAAS,oBAAoB,OAAO,gBAAgB;AAC3D,QAAI;AACF,YAAM,WAAW,KAAK,MAAM,OAAO,QAAQ;AAC3C,aAAO,EAAE,QAAQ,WAAW,SAAS,2BAA2B;AAAA,IAClE,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,oBAAoB,cAA+C;AAC/E,WAAO,KAAK,kBAAkB,oBAAoB,YAAY;AAAA,EAChE;AAAA,EAEA,MAAc,iBAAiB,cAA+C;AAC5E,WAAO,KAAK,kBAAkB,iBAAiB,YAAY;AAAA,EAC7D;AAAA,EAEA,MAAa,sBAAsD;AACjE,WAAO,KAAK,mBAAmB;AAAA,EACjC;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/resources/SignIn.ts"],"sourcesContent":["import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport type {\n ResendEmailVerification,\n SignInFormValues,\n SignInResource,\n SignInResponse as SignInResponseFromTypes,\n SignInStatus,\n SocialProviderOptions,\n TernSecureUser,\n} from '@tern-secure/types';\nimport type { Auth, UserCredential } from 'firebase/auth';\nimport {\n getRedirectResult,\n GoogleAuthProvider,\n OAuthProvider,\n sendEmailVerification,\n signInWithEmailAndPassword,\n signInWithPopup,\n signInWithRedirect,\n} from 'firebase/auth';\n\nimport { TernSecureBase } from './Base';\n\ntype SignInResponse = SignInResponseFromTypes;\n\ninterface ProviderConfig {\n provider: GoogleAuthProvider | OAuthProvider;\n //customParameters: Record<string, string>;\n}\n\nexport type TernRequestInit = RequestInit;\n\nexport type SignInParams = {\n idToken: string;\n csrfToken: string | undefined;\n};\n\ntype FirebaseAuthResult = UserCredential;\n\ntype AuthMethodFunction = (\n auth: Auth,\n provider: GoogleAuthProvider | OAuthProvider,\n) => Promise<FirebaseAuthResult>;\n\n/**\n * Supported OAuth providers\n */\nexport type SupportedProvider =\n | 'google'\n | 'apple'\n | 'microsoft'\n | 'github'\n | 'twitter'\n | 'facebook'\n | string; // Allow custom providers like 'custom.provider.com'\n\nexport class SignIn extends TernSecureBase implements SignInResource {\n pathRoot = '/sessions/createsession';\n\n status: SignInStatus | null = null;\n private auth: Auth;\n private csrfToken: string | undefined;\n private _currentUser: TernSecureUser | null = null;\n\n constructor(auth: Auth, csrfToken: string | undefined) {\n super();\n this.auth = auth;\n this.csrfToken = csrfToken;\n }\n\n signInWithCredential = async (credential: UserCredential) => {\n const idToken = await credential.user.getIdToken();\n const params = {\n idToken: idToken,\n csrfToken: this.csrfToken,\n };\n\n return this._post({\n path: this.pathRoot,\n body: params,\n });\n };\n\n withEmailAndPassword = async (params: SignInFormValues): Promise<SignInResponse> => {\n try {\n const { email, password } = params;\n const { user, providerId, operationType } = await signInWithEmailAndPassword(\n this.auth,\n email,\n password,\n );\n return {\n status: 'success',\n user,\n providerId,\n operationType,\n message: 'Authentication successful',\n error: !user.emailVerified ? 'REQUIRES_VERIFICATION' : 'AUTHENTICATED',\n };\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n };\n\n withCredential = async (params: SignInFormValues): Promise<void> => {\n try {\n const { email, password } = params;\n const userCredential = await signInWithEmailAndPassword(this.auth, email, password);\n await this.signInWithCredential(userCredential);\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n console.error(authError);\n }\n };\n\n withSocialProvider = async (\n provider: SupportedProvider,\n options: SocialProviderOptions = {},\n ): Promise<SignInResponse> => {\n try {\n const { mode = 'popup' } = options;\n if (mode === 'redirect') {\n const redirectResult = await this.authRedirectResult();\n\n if (redirectResult) {\n return redirectResult;\n }\n\n return await this._signInWithRedirect(provider, options);\n } else {\n return await this._signInWithPopUp(provider, options);\n }\n } catch (error: any) {\n return {\n status: 'error',\n message: error.message || `Sign in with ${provider} failed`,\n error,\n };\n }\n };\n\n completeMfaSignIn = async (_mfaToken: string, _mfaContext?: any): Promise<SignInResponse> => {\n throw new Error('Method not implemented.');\n };\n\n sendPasswordResetEmail = async (email: string): Promise<void> => {\n console.log(`Sending password reset email to ${email}`);\n };\n\n resendEmailVerification = async (): Promise<ResendEmailVerification> => {\n const user = this._currentUser;\n if (!user) {\n throw new Error('No user is currently signed in');\n }\n\n await user.reload();\n\n if (user.emailVerified) {\n return {\n isVerified: true,\n };\n }\n\n const actionCodeSettings = {\n url: '/sign-in', // TODO: Make this configurable\n handleCodeInApp: true,\n };\n\n await sendEmailVerification(user, actionCodeSettings);\n return {\n isVerified: false,\n };\n };\n\n private getProviderConfig(providerName: SupportedProvider): ProviderConfig {\n switch (providerName.toLowerCase()) {\n case 'google': {\n const googleProvider = new GoogleAuthProvider();\n return { provider: googleProvider };\n }\n case 'apple': {\n const appleProvider = new OAuthProvider('apple.com');\n return { provider: appleProvider };\n }\n case 'microsoft': {\n const microsoftProvider = new OAuthProvider('microsoft.com');\n return { provider: microsoftProvider };\n }\n case 'github': {\n const githubProvider = new OAuthProvider('github.com');\n return { provider: githubProvider };\n }\n case 'twitter': {\n const twitterProvider = new OAuthProvider('twitter.com');\n return { provider: twitterProvider };\n }\n case 'facebook': {\n const facebookProvider = new OAuthProvider('facebook.com');\n return { provider: facebookProvider };\n }\n default:\n throw new Error(`Unsupported provider: ${providerName}`);\n }\n }\n\n private async authRedirectResult(): Promise<SignInResponse | null> {\n try {\n const result = await getRedirectResult(this.auth);\n\n if (result) {\n const { user, providerId, operationType } = result;\n return {\n status: 'success',\n user,\n providerId,\n operationType,\n };\n }\n return null;\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n }\n\n /**\n * Sets custom OAuth parameters on the provider if provided by consumer\n * @param provider - Firebase auth provider instance\n * @param customParameters - Consumer-provided OAuth parameters\n */\n private setProviderCustomParameters(\n provider: GoogleAuthProvider | OAuthProvider,\n customParameters?: Record<string, string>,\n ): void {\n if (!customParameters || Object.keys(customParameters).length === 0) {\n return;\n }\n\n provider.setCustomParameters(customParameters);\n }\n\n /**\n * Adds OAuth scopes to the provider if provided by consumer\n * Handles provider-specific scope setting logic\n * @param provider - Firebase auth provider instance\n * @param scopes - Array of OAuth scopes to request\n */\n private setProviderScopes(provider: GoogleAuthProvider | OAuthProvider, scopes?: string[]): void {\n if (!scopes || scopes.length === 0) {\n return;\n }\n\n if (provider instanceof GoogleAuthProvider) {\n // Google provider supports individual scope addition\n scopes.forEach(scope => {\n (provider as GoogleAuthProvider).addScope(scope);\n });\n } else if (provider instanceof OAuthProvider) {\n // OAuth providers expect space-separated scope string\n (provider as OAuthProvider).addScope(scopes.join(' '));\n }\n }\n\n /**\n * Configures OAuth provider with consumer-provided options\n * @param provider - Firebase auth provider instance\n * @param options - Consumer options containing custom parameters and scopes\n */\n private configureProvider(\n provider: GoogleAuthProvider | OAuthProvider,\n options: SocialProviderOptions,\n ): void {\n this.setProviderCustomParameters(provider, options.customParameters);\n this.setProviderScopes(provider, options.scopes);\n }\n\n private executeAuthMethod = async (\n authMethod: AuthMethodFunction,\n providerName: SupportedProvider,\n options: SocialProviderOptions = {},\n ): Promise<SignInResponse> => {\n try {\n const config = this.getProviderConfig(providerName);\n\n this.configureProvider(config.provider, options);\n\n const { user, providerId, operationType } = await authMethod(this.auth, config.provider);\n\n return {\n status: 'success',\n message: 'Authentication successful',\n user,\n providerId,\n operationType,\n };\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n };\n\n private async _signInWithRedirect(\n providerName: SupportedProvider,\n options: SocialProviderOptions = {},\n ): Promise<SignInResponse> {\n return this.executeAuthMethod(signInWithRedirect, providerName, options);\n }\n\n private async _signInWithPopUp(\n providerName: SupportedProvider,\n options: SocialProviderOptions = {},\n ): Promise<SignInResponse> {\n return this.executeAuthMethod(signInWithPopup, providerName, options);\n }\n\n public async checkRedirectResult(): Promise<SignInResponse | null> {\n return this.authRedirectResult();\n }\n}\n"],"mappings":"AAAA,SAAS,+BAA+B;AAWxC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,sBAAsB;AAmCxB,MAAM,eAAe,eAAyC;AAAA,EACnE,WAAW;AAAA,EAEX,SAA8B;AAAA,EACtB;AAAA,EACA;AAAA,EACA,eAAsC;AAAA,EAE9C,YAAY,MAAY,WAA+B;AACrD,UAAM;AACN,SAAK,OAAO;AACZ,SAAK,YAAY;AAAA,EACnB;AAAA,EAEA,uBAAuB,OAAO,eAA+B;AAC3D,UAAM,UAAU,MAAM,WAAW,KAAK,WAAW;AACjD,UAAM,SAAS;AAAA,MACb;AAAA,MACA,WAAW,KAAK;AAAA,IAClB;AAEA,WAAO,KAAK,MAAM;AAAA,MAChB,MAAM,KAAK;AAAA,MACX,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA,EAEA,uBAAuB,OAAO,WAAsD;AAClF,QAAI;AACF,YAAM,EAAE,OAAO,SAAS,IAAI;AAC5B,YAAM,EAAE,MAAM,YAAY,cAAc,IAAI,MAAM;AAAA,QAChD,KAAK;AAAA,QACL;AAAA,QACA;AAAA,MACF;AACA,aAAO;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,OAAO,CAAC,KAAK,gBAAgB,0BAA0B;AAAA,MACzD;AAAA,IACF,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,iBAAiB,OAAO,WAA4C;AAClE,QAAI;AACF,YAAM,EAAE,OAAO,SAAS,IAAI;AAC5B,YAAM,iBAAiB,MAAM,2BAA2B,KAAK,MAAM,OAAO,QAAQ;AAClF,YAAM,KAAK,qBAAqB,cAAc;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,cAAQ,MAAM,SAAS;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,qBAAqB,OACnB,UACA,UAAiC,CAAC,MACN;AAC5B,QAAI;AACF,YAAM,EAAE,OAAO,QAAQ,IAAI;AAC3B,UAAI,SAAS,YAAY;AACvB,cAAM,iBAAiB,MAAM,KAAK,mBAAmB;AAErD,YAAI,gBAAgB;AAClB,iBAAO;AAAA,QACT;AAEA,eAAO,MAAM,KAAK,oBAAoB,UAAU,OAAO;AAAA,MACzD,OAAO;AACL,eAAO,MAAM,KAAK,iBAAiB,UAAU,OAAO;AAAA,MACtD;AAAA,IACF,SAAS,OAAY;AACnB,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,MAAM,WAAW,gBAAgB,QAAQ;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,oBAAoB,OAAO,WAAmB,gBAA+C;AAC3F,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAAA,EAEA,yBAAyB,OAAO,UAAiC;AAC/D,YAAQ,IAAI,mCAAmC,KAAK,EAAE;AAAA,EACxD;AAAA,EAEA,0BAA0B,YAA8C;AACtE,UAAM,OAAO,KAAK;AAClB,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,gCAAgC;AAAA,IAClD;AAEA,UAAM,KAAK,OAAO;AAElB,QAAI,KAAK,eAAe;AACtB,aAAO;AAAA,QACL,YAAY;AAAA,MACd;AAAA,IACF;AAEA,UAAM,qBAAqB;AAAA,MACzB,KAAK;AAAA;AAAA,MACL,iBAAiB;AAAA,IACnB;AAEA,UAAM,sBAAsB,MAAM,kBAAkB;AACpD,WAAO;AAAA,MACL,YAAY;AAAA,IACd;AAAA,EACF;AAAA,EAEQ,kBAAkB,cAAiD;AACzE,YAAQ,aAAa,YAAY,GAAG;AAAA,MAClC,KAAK,UAAU;AACb,cAAM,iBAAiB,IAAI,mBAAmB;AAC9C,eAAO,EAAE,UAAU,eAAe;AAAA,MACpC;AAAA,MACA,KAAK,SAAS;AACZ,cAAM,gBAAgB,IAAI,cAAc,WAAW;AACnD,eAAO,EAAE,UAAU,cAAc;AAAA,MACnC;AAAA,MACA,KAAK,aAAa;AAChB,cAAM,oBAAoB,IAAI,cAAc,eAAe;AAC3D,eAAO,EAAE,UAAU,kBAAkB;AAAA,MACvC;AAAA,MACA,KAAK,UAAU;AACb,cAAM,iBAAiB,IAAI,cAAc,YAAY;AACrD,eAAO,EAAE,UAAU,eAAe;AAAA,MACpC;AAAA,MACA,KAAK,WAAW;AACd,cAAM,kBAAkB,IAAI,cAAc,aAAa;AACvD,eAAO,EAAE,UAAU,gBAAgB;AAAA,MACrC;AAAA,MACA,KAAK,YAAY;AACf,cAAM,mBAAmB,IAAI,cAAc,cAAc;AACzD,eAAO,EAAE,UAAU,iBAAiB;AAAA,MACtC;AAAA,MACA;AACE,cAAM,IAAI,MAAM,yBAAyB,YAAY,EAAE;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAc,qBAAqD;AACjE,QAAI;AACF,YAAM,SAAS,MAAM,kBAAkB,KAAK,IAAI;AAEhD,UAAI,QAAQ;AACV,cAAM,EAAE,MAAM,YAAY,cAAc,IAAI;AAC5C,eAAO;AAAA,UACL,QAAQ;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,4BACN,UACA,kBACM;AACN,QAAI,CAAC,oBAAoB,OAAO,KAAK,gBAAgB,EAAE,WAAW,GAAG;AACnE;AAAA,IACF;AAEA,aAAS,oBAAoB,gBAAgB;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,kBAAkB,UAA8C,QAAyB;AAC/F,QAAI,CAAC,UAAU,OAAO,WAAW,GAAG;AAClC;AAAA,IACF;AAEA,QAAI,oBAAoB,oBAAoB;AAE1C,aAAO,QAAQ,WAAS;AACtB,QAAC,SAAgC,SAAS,KAAK;AAAA,MACjD,CAAC;AAAA,IACH,WAAW,oBAAoB,eAAe;AAE5C,MAAC,SAA2B,SAAS,OAAO,KAAK,GAAG,CAAC;AAAA,IACvD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,kBACN,UACA,SACM;AACN,SAAK,4BAA4B,UAAU,QAAQ,gBAAgB;AACnE,SAAK,kBAAkB,UAAU,QAAQ,MAAM;AAAA,EACjD;AAAA,EAEQ,oBAAoB,OAC1B,YACA,cACA,UAAiC,CAAC,MACN;AAC5B,QAAI;AACF,YAAM,SAAS,KAAK,kBAAkB,YAAY;AAElD,WAAK,kBAAkB,OAAO,UAAU,OAAO;AAE/C,YAAM,EAAE,MAAM,YAAY,cAAc,IAAI,MAAM,WAAW,KAAK,MAAM,OAAO,QAAQ;AAEvF,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,oBACZ,cACA,UAAiC,CAAC,GACT;AACzB,WAAO,KAAK,kBAAkB,oBAAoB,cAAc,OAAO;AAAA,EACzE;AAAA,EAEA,MAAc,iBACZ,cACA,UAAiC,CAAC,GACT;AACzB,WAAO,KAAK,kBAAkB,iBAAiB,cAAc,OAAO;AAAA,EACtE;AAAA,EAEA,MAAa,sBAAsD;AACjE,WAAO,KAAK,mBAAmB;AAAA,EACjC;AACF;","names":[]}
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import { camelToSnake } from "@tern-secure/shared/caseUtils";
|
|
2
|
+
import { globs } from "@tern-secure/shared/globs";
|
|
3
|
+
import { logger } from "@tern-secure/shared/logger";
|
|
2
4
|
import { joinPaths } from "./path";
|
|
3
5
|
import { getQueryParams } from "./querystring";
|
|
4
6
|
const DUMMY_URL_BASE = "http://ternsecure-dummy";
|
|
7
|
+
const BANNED_URI_PROTOCOLS = ["javascript:"];
|
|
5
8
|
function buildURL(params, options = {}) {
|
|
6
9
|
const { base, hashPath, hashSearch, searchParams, hashSearchParams, ...rest } = params;
|
|
7
|
-
const { stringify, skipOrigin } = options;
|
|
8
10
|
let baseFallback = "";
|
|
9
11
|
if (typeof window !== "undefined" && !!window.location) {
|
|
10
12
|
baseFallback = window.location.href;
|
|
@@ -15,7 +17,7 @@ function buildURL(params, options = {}) {
|
|
|
15
17
|
if (searchParams instanceof URLSearchParams) {
|
|
16
18
|
searchParams.forEach((value, key) => {
|
|
17
19
|
if (value !== null && value !== void 0) {
|
|
18
|
-
url.searchParams.set(key, value);
|
|
20
|
+
url.searchParams.set(camelToSnake(key), value);
|
|
19
21
|
}
|
|
20
22
|
});
|
|
21
23
|
}
|
|
@@ -27,8 +29,6 @@ function buildURL(params, options = {}) {
|
|
|
27
29
|
for (const [key, val] of Object.entries(searchParamsFromHashSearchString)) {
|
|
28
30
|
dummyUrlForHash.searchParams.append(key, val);
|
|
29
31
|
}
|
|
30
|
-
const finalHashPath = hashPath || "";
|
|
31
|
-
const queryForHash = new URLSearchParams(hashSearch || "");
|
|
32
32
|
if (hashSearchParams) {
|
|
33
33
|
const paramsArr = Array.isArray(hashSearchParams) ? hashSearchParams : [hashSearchParams];
|
|
34
34
|
for (const _params of paramsArr) {
|
|
@@ -48,6 +48,7 @@ function buildURL(params, options = {}) {
|
|
|
48
48
|
url.hash = newHash;
|
|
49
49
|
}
|
|
50
50
|
}
|
|
51
|
+
const { stringify, skipOrigin } = options;
|
|
51
52
|
if (stringify) {
|
|
52
53
|
return skipOrigin ? url.href.replace(url.origin, "") : url.href;
|
|
53
54
|
}
|
|
@@ -122,14 +123,93 @@ const validateUrl = (url) => {
|
|
|
122
123
|
function toURL(url) {
|
|
123
124
|
return new URL(url.toString(), window.location.origin);
|
|
124
125
|
}
|
|
126
|
+
function stripOrigin(url) {
|
|
127
|
+
url = toURL(url);
|
|
128
|
+
return url.href.replace(url.origin, "");
|
|
129
|
+
}
|
|
130
|
+
const trimTrailingSlash = (path) => {
|
|
131
|
+
return (path || "").replace(/\/+$/, "");
|
|
132
|
+
};
|
|
133
|
+
function isValidUrl(val) {
|
|
134
|
+
if (!val) {
|
|
135
|
+
return false;
|
|
136
|
+
}
|
|
137
|
+
try {
|
|
138
|
+
new URL(val);
|
|
139
|
+
return true;
|
|
140
|
+
} catch {
|
|
141
|
+
return false;
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
function relativeToAbsoluteUrl(url, origin) {
|
|
145
|
+
try {
|
|
146
|
+
return new URL(url);
|
|
147
|
+
} catch {
|
|
148
|
+
return new URL(url, origin);
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
const disallowedPatterns = [
|
|
152
|
+
/\0/,
|
|
153
|
+
// Null bytes
|
|
154
|
+
/^\/\//,
|
|
155
|
+
// Protocol-relative
|
|
156
|
+
// eslint-disable-next-line no-control-regex
|
|
157
|
+
/[\x00-\x1F]/
|
|
158
|
+
// Control characters
|
|
159
|
+
];
|
|
160
|
+
function isProblematicUrl(url) {
|
|
161
|
+
if (hasBannedProtocol(url)) {
|
|
162
|
+
return true;
|
|
163
|
+
}
|
|
164
|
+
for (const pattern of disallowedPatterns) {
|
|
165
|
+
if (pattern.test(url.pathname)) {
|
|
166
|
+
return true;
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
return false;
|
|
170
|
+
}
|
|
171
|
+
function hasBannedProtocol(val) {
|
|
172
|
+
if (!isValidUrl(val)) {
|
|
173
|
+
return false;
|
|
174
|
+
}
|
|
175
|
+
const protocol = new URL(val).protocol;
|
|
176
|
+
return BANNED_URI_PROTOCOLS.some((bp) => bp === protocol);
|
|
177
|
+
}
|
|
178
|
+
const isAllowedRedirect = (allowedRedirectOrigins, currentOrigin) => (_url) => {
|
|
179
|
+
if (!currentOrigin) return true;
|
|
180
|
+
let url = _url;
|
|
181
|
+
if (typeof url === "string") {
|
|
182
|
+
url = relativeToAbsoluteUrl(url, currentOrigin);
|
|
183
|
+
}
|
|
184
|
+
if (!allowedRedirectOrigins) {
|
|
185
|
+
return true;
|
|
186
|
+
}
|
|
187
|
+
const isSameOrigin = currentOrigin === url.origin;
|
|
188
|
+
const isAllowed = !isProblematicUrl(url) && (isSameOrigin || allowedRedirectOrigins.map(
|
|
189
|
+
(origin) => typeof origin === "string" ? globs.toRegexp(trimTrailingSlash(origin)) : origin
|
|
190
|
+
).some((origin) => origin.test(trimTrailingSlash(url.origin))));
|
|
191
|
+
if (!isAllowed) {
|
|
192
|
+
logger.warnOnce(
|
|
193
|
+
`Clerk: Redirect URL ${url} is not on one of the allowedRedirectOrigins, falling back to the default redirect URL.`
|
|
194
|
+
);
|
|
195
|
+
}
|
|
196
|
+
return isAllowed;
|
|
197
|
+
};
|
|
125
198
|
export {
|
|
126
199
|
buildURL,
|
|
127
200
|
constructFullUrl,
|
|
128
201
|
getPreviousPath,
|
|
129
202
|
getValidRedirectUrl,
|
|
203
|
+
hasBannedProtocol,
|
|
130
204
|
hasRedirectLoop,
|
|
205
|
+
isAllowedRedirect,
|
|
206
|
+
isProblematicUrl,
|
|
207
|
+
isValidUrl,
|
|
208
|
+
relativeToAbsoluteUrl,
|
|
131
209
|
storePreviousPath,
|
|
210
|
+
stripOrigin,
|
|
132
211
|
toURL,
|
|
212
|
+
trimTrailingSlash,
|
|
133
213
|
urlWithRedirect
|
|
134
214
|
};
|
|
135
215
|
//# sourceMappingURL=construct.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/utils/construct.ts"],"sourcesContent":["import { camelToSnake } from '@tern-secure/shared/caseUtils'\n\nimport { joinPaths } from './path';\nimport { getQueryParams } from './querystring';\n\nconst DUMMY_URL_BASE = 'http://ternsecure-dummy';\n\nexport type constructUrlWithRedirectProps = {\n signInUrl: string;\n signInPathParam?: string;\n currentPath: string;\n signUpUrl?: string;\n signUpPathParam?: string;\n};\n\ninterface BuildURLParams extends Partial<URL> {\n base?: string;\n hashPath?: string;\n hashSearch?: string;\n hashSearchParams?:\n | URLSearchParams\n | Record<string, string>\n | Array<URLSearchParams | Record<string, string>>;\n}\n\ninterface BuildURLOptions<T> {\n skipOrigin?: boolean;\n stringify?: T;\n}\n\n/**\n *\n * buildURL(params: URLParams, options: BuildURLOptions): string\n *\n * Builds a URL safely by using the native URL() constructor. It can\n * also build a secondary path and search URL that lives inside the hash\n * of the main URL. For example:\n *\n * https://foo.com/bar?qux=42#/hash-bar?hash-qux=42\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param {BuildURLParams} params\n * @param {BuildURLOptions} options\n * @returns {URL | string} Returns the URL href\n */\nexport function buildURL<B extends boolean>(\n params: BuildURLParams,\n options?: BuildURLOptions<B>,\n): B extends true ? string : URL;\n\n/**\n * Builds a URL from given parameters, handling search and hash parameters\n * @param params - The parameters to construct the URL\n * @param options - Options for building the URL\n * @returns The constructed URL as a string or URL object\n */\nexport function buildURL(\n params: BuildURLParams,\n options: BuildURLOptions<boolean> = {},\n): URL | string {\n const { base, hashPath, hashSearch, searchParams, hashSearchParams, ...rest } = params;\n const { stringify, skipOrigin } = options;\n\n let baseFallback = '';\n if (typeof window !== 'undefined' && !!window.location) {\n baseFallback = window.location.href;\n } else {\n baseFallback = 'http://react-native-fake-base-url';\n }\n\n const url = new URL(base || '', baseFallback);\n\n // Handle search parameters\n // params.searchParams comes from Partial<URL>, so it's URLSearchParams | undefined\n if (searchParams instanceof URLSearchParams) {\n searchParams.forEach((value, key) => {\n if (value !== null && value !== undefined) {\n url.searchParams.set(key, value); //camelToSnake(key), value\n }\n });\n }\n\n Object.assign(url, rest);\n\n // Handle hash-related parameters\n if (hashPath || hashSearch || hashSearchParams) {\n const dummyUrlForHash = new URL(DUMMY_URL_BASE + url.hash.substring(1));\n\n dummyUrlForHash.pathname = joinPaths(dummyUrlForHash.pathname, hashPath || '');\n\n const searchParamsFromHashSearchString = getQueryParams(hashSearch || '');\n\n for (const [key, val] of Object.entries(searchParamsFromHashSearchString)) {\n dummyUrlForHash.searchParams.append(key, val);\n }\n const finalHashPath = hashPath || '';\n const queryForHash = new URLSearchParams(hashSearch || '');\n\n if (hashSearchParams) {\n const paramsArr = Array.isArray(hashSearchParams) ? hashSearchParams : [hashSearchParams];\n for (const _params of paramsArr) {\n if (!(_params instanceof URLSearchParams) && typeof _params !== 'object') {\n continue;\n }\n const params = new URLSearchParams(_params);\n params.forEach((value, key) => {\n if (value !== null && value !== undefined) {\n dummyUrlForHash.searchParams.set(camelToSnake(key), value);\n }\n });\n }\n }\n\n const newHash = dummyUrlForHash.href.replace(DUMMY_URL_BASE, '');\n if (newHash !== '/') {\n // Assign them to the hash of the main url\n url.hash = newHash;\n }\n }\n\n if (stringify) {\n return skipOrigin ? url.href.replace(url.origin, '') : url.href;\n }\n return url;\n}\n\n/**\n * Constructs a full URL with the current origin\n * @param path - The path to construct the URL for\n * @returns The full URL with origin\n */\nexport const constructFullUrl = (path: string) => {\n if (typeof window === 'undefined') return path;\n const baseUrl = window.location.origin;\n if (path.startsWith('http')) {\n return path;\n }\n return `${baseUrl}${path.startsWith('/') ? path : `/${path}`}`;\n};\n\n/**\n * Checks if the current URL has a redirect loop\n * @param currentPath - The current pathname\n * @param redirectPath - The path we're trying to redirect to\n * @returns boolean indicating if there's a redirect loop\n */\nexport const hasRedirectLoop = (currentPath: string, redirectPath: string): boolean => {\n if (!currentPath || !redirectPath) return false;\n\n // Remove any query parameters for comparison\n const cleanCurrentPath = currentPath.split('?')[0];\n const cleanRedirectPath = redirectPath.split('?')[0];\n\n return cleanCurrentPath === cleanRedirectPath;\n};\n\nexport const urlWithRedirect = (options: constructUrlWithRedirectProps): string => {\n const {\n signInUrl,\n signInPathParam = '/sign-in',\n currentPath,\n signUpUrl,\n signUpPathParam = '/sign-up',\n } = options;\n\n const baseUrl = window.location.origin;\n\n if (typeof window === 'undefined') {\n return signInUrl;\n }\n\n const url = new URL(signInUrl, baseUrl);\n\n if (!currentPath.includes(signInPathParam) && !currentPath.includes(signUpPathParam)) {\n url.searchParams.set('redirect', currentPath);\n }\n\n return url.toString();\n};\n\n/**\n * Stores the current path before signing out\n */\nexport const storePreviousPath = (path: string): void => {\n if (typeof window !== 'undefined') {\n sessionStorage.setItem('previousPath', path);\n }\n};\n\n/**\n * Gets the stored previous path\n */\nexport const getPreviousPath = (): string | null => {\n if (typeof window !== 'undefined') {\n return sessionStorage.getItem('previousPath');\n }\n return null;\n};\n\n/**\n * Gets a validated redirect URL ensuring it's from the same origin\n * @param redirectUrl - The URL to validate\n * @param searchParams - The search parameters to check for redirect\n * @returns A validated redirect URL\n */\nexport const getValidRedirectUrl = (\n searchParams: URLSearchParams,\n configuredRedirect?: string,\n): string => {\n // Check URL search param first (highest priority)\n const urlRedirect = searchParams.get('redirect');\n if (urlRedirect) {\n return validateUrl(urlRedirect);\n }\n\n // Then check configured redirect (for first visits)\n if (configuredRedirect) {\n return validateUrl(configuredRedirect);\n }\n\n // Default fallback\n return '/';\n};\n\n/**\n * Validates and sanitizes URLs\n */\nconst validateUrl = (url: string): string => {\n try {\n // For absolute URLs\n if (url.startsWith('http')) {\n const urlObj = new URL(url);\n if (typeof window !== 'undefined' && urlObj.origin !== window.location.origin) {\n return '/';\n }\n }\n\n // For relative URLs\n return '/';\n } catch {\n return '/';\n }\n};\n\nexport function toURL(url: string | URL): URL {\n return new URL(url.toString(), window.location.origin);\n}\n"],"mappings":"AAAA,SAAS,oBAAoB;AAE7B,SAAS,iBAAiB;AAC1B,SAAS,sBAAsB;AAE/B,MAAM,iBAAiB;AAqDhB,SAAS,SACd,QACA,UAAoC,CAAC,GACvB;AACd,QAAM,EAAE,MAAM,UAAU,YAAY,cAAc,kBAAkB,GAAG,KAAK,IAAI;AAChF,QAAM,EAAE,WAAW,WAAW,IAAI;AAElC,MAAI,eAAe;AACnB,MAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,UAAU;AACtD,mBAAe,OAAO,SAAS;AAAA,EACjC,OAAO;AACL,mBAAe;AAAA,EACjB;AAEA,QAAM,MAAM,IAAI,IAAI,QAAQ,IAAI,YAAY;AAI5C,MAAI,wBAAwB,iBAAiB;AAC3C,iBAAa,QAAQ,CAAC,OAAO,QAAQ;AACnC,UAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,YAAI,aAAa,IAAI,KAAK,KAAK;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO,OAAO,KAAK,IAAI;AAGvB,MAAI,YAAY,cAAc,kBAAkB;AAC9C,UAAM,kBAAkB,IAAI,IAAI,iBAAiB,IAAI,KAAK,UAAU,CAAC,CAAC;AAEtE,oBAAgB,WAAW,UAAU,gBAAgB,UAAU,YAAY,EAAE;AAE7E,UAAM,mCAAmC,eAAe,cAAc,EAAE;AAExE,eAAW,CAAC,KAAK,GAAG,KAAK,OAAO,QAAQ,gCAAgC,GAAG;AACzE,sBAAgB,aAAa,OAAO,KAAK,GAAG;AAAA,IAC9C;AACA,UAAM,gBAAgB,YAAY;AAClC,UAAM,eAAe,IAAI,gBAAgB,cAAc,EAAE;AAEzD,QAAI,kBAAkB;AACpB,YAAM,YAAY,MAAM,QAAQ,gBAAgB,IAAI,mBAAmB,CAAC,gBAAgB;AACxF,iBAAW,WAAW,WAAW;AAC/B,YAAI,EAAE,mBAAmB,oBAAoB,OAAO,YAAY,UAAU;AACxE;AAAA,QACF;AACA,cAAMA,UAAS,IAAI,gBAAgB,OAAO;AAC1C,QAAAA,QAAO,QAAQ,CAAC,OAAO,QAAQ;AAC7B,cAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,4BAAgB,aAAa,IAAI,aAAa,GAAG,GAAG,KAAK;AAAA,UAC3D;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,UAAU,gBAAgB,KAAK,QAAQ,gBAAgB,EAAE;AAC/D,QAAI,YAAY,KAAK;AAEnB,UAAI,OAAO;AAAA,IACb;AAAA,EACF;AAEA,MAAI,WAAW;AACb,WAAO,aAAa,IAAI,KAAK,QAAQ,IAAI,QAAQ,EAAE,IAAI,IAAI;AAAA,EAC7D;AACA,SAAO;AACT;AAOO,MAAM,mBAAmB,CAAC,SAAiB;AAChD,MAAI,OAAO,WAAW,YAAa,QAAO;AAC1C,QAAM,UAAU,OAAO,SAAS;AAChC,MAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,WAAO;AAAA,EACT;AACA,SAAO,GAAG,OAAO,GAAG,KAAK,WAAW,GAAG,IAAI,OAAO,IAAI,IAAI,EAAE;AAC9D;AAQO,MAAM,kBAAkB,CAAC,aAAqB,iBAAkC;AACrF,MAAI,CAAC,eAAe,CAAC,aAAc,QAAO;AAG1C,QAAM,mBAAmB,YAAY,MAAM,GAAG,EAAE,CAAC;AACjD,QAAM,oBAAoB,aAAa,MAAM,GAAG,EAAE,CAAC;AAEnD,SAAO,qBAAqB;AAC9B;AAEO,MAAM,kBAAkB,CAAC,YAAmD;AACjF,QAAM;AAAA,IACJ;AAAA,IACA,kBAAkB;AAAA,IAClB;AAAA,IACA;AAAA,IACA,kBAAkB;AAAA,EACpB,IAAI;AAEJ,QAAM,UAAU,OAAO,SAAS;AAEhC,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO;AAAA,EACT;AAEA,QAAM,MAAM,IAAI,IAAI,WAAW,OAAO;AAEtC,MAAI,CAAC,YAAY,SAAS,eAAe,KAAK,CAAC,YAAY,SAAS,eAAe,GAAG;AACpF,QAAI,aAAa,IAAI,YAAY,WAAW;AAAA,EAC9C;AAEA,SAAO,IAAI,SAAS;AACtB;AAKO,MAAM,oBAAoB,CAAC,SAAuB;AACvD,MAAI,OAAO,WAAW,aAAa;AACjC,mBAAe,QAAQ,gBAAgB,IAAI;AAAA,EAC7C;AACF;AAKO,MAAM,kBAAkB,MAAqB;AAClD,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,eAAe,QAAQ,cAAc;AAAA,EAC9C;AACA,SAAO;AACT;AAQO,MAAM,sBAAsB,CACjC,cACA,uBACW;AAEX,QAAM,cAAc,aAAa,IAAI,UAAU;AAC/C,MAAI,aAAa;AACf,WAAO,YAAY,WAAW;AAAA,EAChC;AAGA,MAAI,oBAAoB;AACtB,WAAO,YAAY,kBAAkB;AAAA,EACvC;AAGA,SAAO;AACT;AAKA,MAAM,cAAc,CAAC,QAAwB;AAC3C,MAAI;AAEF,QAAI,IAAI,WAAW,MAAM,GAAG;AAC1B,YAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,UAAI,OAAO,WAAW,eAAe,OAAO,WAAW,OAAO,SAAS,QAAQ;AAC7E,eAAO;AAAA,MACT;AAAA,IACF;AAGA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,MAAM,KAAwB;AAC5C,SAAO,IAAI,IAAI,IAAI,SAAS,GAAG,OAAO,SAAS,MAAM;AACvD;","names":["params"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/construct.ts"],"sourcesContent":["import { camelToSnake } from '@tern-secure/shared/caseUtils';\nimport { globs } from '@tern-secure/shared/globs';\nimport { logger } from '@tern-secure/shared/logger';\n\nimport { joinPaths } from './path';\nimport { getQueryParams } from './querystring';\n\nconst DUMMY_URL_BASE = 'http://ternsecure-dummy';\n\nconst BANNED_URI_PROTOCOLS = ['javascript:'] as const;\n\nexport type constructUrlWithRedirectProps = {\n signInUrl: string;\n signInPathParam?: string;\n currentPath: string;\n signUpUrl?: string;\n signUpPathParam?: string;\n};\n\ninterface BuildURLParams extends Partial<URL> {\n base?: string;\n hashPath?: string;\n hashSearch?: string;\n hashSearchParams?:\n | URLSearchParams\n | Record<string, string>\n | Array<URLSearchParams | Record<string, string>>;\n}\n\ninterface BuildURLOptions<T> {\n skipOrigin?: boolean;\n stringify?: T;\n}\n\n/**\n *\n * buildURL(params: URLParams, options: BuildURLOptions): string\n *\n * Builds a URL safely by using the native URL() constructor. It can\n * also build a secondary path and search URL that lives inside the hash\n * of the main URL. For example:\n *\n * https://foo.com/bar?qux=42#/hash-bar?hash-qux=42\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param {BuildURLParams} params\n * @param {BuildURLOptions} options\n * @returns {URL | string} Returns the URL href\n */\nexport function buildURL<B extends boolean>(\n params: BuildURLParams,\n options?: BuildURLOptions<B>,\n): B extends true ? string : URL;\n\nexport function buildURL(\n params: BuildURLParams,\n options: BuildURLOptions<boolean> = {},\n): URL | string {\n const { base, hashPath, hashSearch, searchParams, hashSearchParams, ...rest } = params;\n\n let baseFallback = '';\n if (typeof window !== 'undefined' && !!window.location) {\n baseFallback = window.location.href;\n } else {\n baseFallback = 'http://react-native-fake-base-url';\n }\n\n const url = new URL(base || '', baseFallback);\n\n // Handle search parameters\n // params.searchParams comes from Partial<URL>, so it's URLSearchParams | undefined\n if (searchParams instanceof URLSearchParams) {\n searchParams.forEach((value, key) => {\n if (value !== null && value !== undefined) {\n url.searchParams.set(camelToSnake(key), value);\n }\n });\n }\n\n Object.assign(url, rest);\n\n // Handle hash-related parameters\n if (hashPath || hashSearch || hashSearchParams) {\n const dummyUrlForHash = new URL(DUMMY_URL_BASE + url.hash.substring(1));\n\n dummyUrlForHash.pathname = joinPaths(dummyUrlForHash.pathname, hashPath || '');\n\n const searchParamsFromHashSearchString = getQueryParams(hashSearch || '');\n\n for (const [key, val] of Object.entries(searchParamsFromHashSearchString)) {\n dummyUrlForHash.searchParams.append(key, val);\n }\n\n if (hashSearchParams) {\n const paramsArr = Array.isArray(hashSearchParams) ? hashSearchParams : [hashSearchParams];\n for (const _params of paramsArr) {\n if (!(_params instanceof URLSearchParams) && typeof _params !== 'object') {\n continue;\n }\n const params = new URLSearchParams(_params);\n params.forEach((value, key) => {\n if (value !== null && value !== undefined) {\n dummyUrlForHash.searchParams.set(camelToSnake(key), value);\n }\n });\n }\n }\n\n const newHash = dummyUrlForHash.href.replace(DUMMY_URL_BASE, '');\n if (newHash !== '/') {\n // Assign them to the hash of the main url\n url.hash = newHash;\n }\n }\n\n const { stringify, skipOrigin } = options;\n if (stringify) {\n return skipOrigin ? url.href.replace(url.origin, '') : url.href;\n }\n return url;\n}\n\n/**\n * Constructs a full URL with the current origin\n * @param path - The path to construct the URL for\n * @returns The full URL with origin\n */\nexport const constructFullUrl = (path: string) => {\n if (typeof window === 'undefined') return path;\n const baseUrl = window.location.origin;\n if (path.startsWith('http')) {\n return path;\n }\n return `${baseUrl}${path.startsWith('/') ? path : `/${path}`}`;\n};\n\n/**\n * Checks if the current URL has a redirect loop\n * @param currentPath - The current pathname\n * @param redirectPath - The path we're trying to redirect to\n * @returns boolean indicating if there's a redirect loop\n */\nexport const hasRedirectLoop = (currentPath: string, redirectPath: string): boolean => {\n if (!currentPath || !redirectPath) return false;\n\n // Remove any query parameters for comparison\n const cleanCurrentPath = currentPath.split('?')[0];\n const cleanRedirectPath = redirectPath.split('?')[0];\n\n return cleanCurrentPath === cleanRedirectPath;\n};\n\nexport const urlWithRedirect = (options: constructUrlWithRedirectProps): string => {\n const {\n signInUrl,\n signInPathParam = '/sign-in',\n currentPath,\n signUpUrl,\n signUpPathParam = '/sign-up',\n } = options;\n\n const baseUrl = window.location.origin;\n\n if (typeof window === 'undefined') {\n return signInUrl;\n }\n\n const url = new URL(signInUrl, baseUrl);\n\n if (!currentPath.includes(signInPathParam) && !currentPath.includes(signUpPathParam)) {\n url.searchParams.set('redirect', currentPath);\n }\n\n return url.toString();\n};\n\n/**\n * Stores the current path before signing out\n */\nexport const storePreviousPath = (path: string): void => {\n if (typeof window !== 'undefined') {\n sessionStorage.setItem('previousPath', path);\n }\n};\n\n/**\n * Gets the stored previous path\n */\nexport const getPreviousPath = (): string | null => {\n if (typeof window !== 'undefined') {\n return sessionStorage.getItem('previousPath');\n }\n return null;\n};\n\n/**\n * Gets a validated redirect URL ensuring it's from the same origin\n * @param redirectUrl - The URL to validate\n * @param searchParams - The search parameters to check for redirect\n * @returns A validated redirect URL\n */\nexport const getValidRedirectUrl = (\n searchParams: URLSearchParams,\n configuredRedirect?: string,\n): string => {\n // Check URL search param first (highest priority)\n const urlRedirect = searchParams.get('redirect');\n if (urlRedirect) {\n return validateUrl(urlRedirect);\n }\n\n // Then check configured redirect (for first visits)\n if (configuredRedirect) {\n return validateUrl(configuredRedirect);\n }\n\n // Default fallback\n return '/';\n};\n\n/**\n * Validates and sanitizes URLs\n */\nconst validateUrl = (url: string): string => {\n try {\n // For absolute URLs\n if (url.startsWith('http')) {\n const urlObj = new URL(url);\n if (typeof window !== 'undefined' && urlObj.origin !== window.location.origin) {\n return '/';\n }\n }\n\n // For relative URLs\n return '/';\n } catch {\n return '/';\n }\n};\n\nexport function toURL(url: string | URL): URL {\n return new URL(url.toString(), window.location.origin);\n}\n\n/**\n *\n * stripOrigin(url: URL | string): string\n *\n * Strips the origin part of a URL and preserves path, search and hash is applicable\n *\n * References:\n * https://developer.mozilla.org/en-US/docs/Web/API/URL\n *\n * @param {URL | string} url\n * @returns {string} Returns the URL href without the origin\n */\nexport function stripOrigin(url: URL | string): string {\n url = toURL(url);\n return url.href.replace(url.origin, '');\n}\n\n/**\n * trimTrailingSlash(path: string): string\n *\n * Strips the trailing slashes from a string\n *\n * @returns {string} Returns the string without trailing slashes\n * @param path\n */\nexport const trimTrailingSlash = (path: string): string => {\n return (path || '').replace(/\\/+$/, '');\n};\n\nexport function isValidUrl(val: unknown): val is string {\n if (!val) {\n return false;\n }\n\n try {\n new URL(val as string);\n return true;\n } catch {\n return false;\n }\n}\n\nexport function relativeToAbsoluteUrl(url: string, origin: string | URL): URL {\n try {\n return new URL(url);\n } catch {\n return new URL(url, origin);\n }\n}\n\n// Regular expression to detect disallowed patterns\nconst disallowedPatterns = [\n /\\0/, // Null bytes\n /^\\/\\//, // Protocol-relative\n // eslint-disable-next-line no-control-regex\n /[\\x00-\\x1F]/, // Control characters\n];\n\n/**\n * Check for potentially problematic URLs that could have been crafted to intentionally bypass the origin check. Note that the URLs passed to this\n * function are assumed to be from an \"allowed origin\", so we are not executing origin-specific checks here.\n */\nexport function isProblematicUrl(url: URL): boolean {\n if (hasBannedProtocol(url)) {\n return true;\n }\n // Check against disallowed patterns\n for (const pattern of disallowedPatterns) {\n if (pattern.test(url.pathname)) {\n return true;\n }\n }\n\n return false;\n}\n\nexport function hasBannedProtocol(val: string | URL) {\n if (!isValidUrl(val)) {\n return false;\n }\n const protocol = new URL(val).protocol;\n return BANNED_URI_PROTOCOLS.some(bp => bp === protocol);\n}\n\nexport const isAllowedRedirect =\n (allowedRedirectOrigins: Array<string | RegExp> | undefined, currentOrigin: string) =>\n (_url: URL | string) => {\n // On server-side (no origin), allow all redirects\n // They will be validated on client-side\n if (!currentOrigin) return true;\n\n let url = _url;\n if (typeof url === 'string') {\n url = relativeToAbsoluteUrl(url, currentOrigin);\n }\n\n if (!allowedRedirectOrigins) {\n return true;\n }\n\n const isSameOrigin = currentOrigin === url.origin;\n\n const isAllowed =\n !isProblematicUrl(url) &&\n (isSameOrigin ||\n allowedRedirectOrigins\n .map(origin =>\n typeof origin === 'string' ? globs.toRegexp(trimTrailingSlash(origin)) : origin,\n )\n .some(origin => origin.test(trimTrailingSlash(url.origin))));\n\n if (!isAllowed) {\n logger.warnOnce(\n `Clerk: Redirect URL ${url} is not on one of the allowedRedirectOrigins, falling back to the default redirect URL.`,\n );\n }\n return isAllowed;\n };\n"],"mappings":"AAAA,SAAS,oBAAoB;AAC7B,SAAS,aAAa;AACtB,SAAS,cAAc;AAEvB,SAAS,iBAAiB;AAC1B,SAAS,sBAAsB;AAE/B,MAAM,iBAAiB;AAEvB,MAAM,uBAAuB,CAAC,aAAa;AA+CpC,SAAS,SACd,QACA,UAAoC,CAAC,GACvB;AACd,QAAM,EAAE,MAAM,UAAU,YAAY,cAAc,kBAAkB,GAAG,KAAK,IAAI;AAEhF,MAAI,eAAe;AACnB,MAAI,OAAO,WAAW,eAAe,CAAC,CAAC,OAAO,UAAU;AACtD,mBAAe,OAAO,SAAS;AAAA,EACjC,OAAO;AACL,mBAAe;AAAA,EACjB;AAEA,QAAM,MAAM,IAAI,IAAI,QAAQ,IAAI,YAAY;AAI5C,MAAI,wBAAwB,iBAAiB;AAC3C,iBAAa,QAAQ,CAAC,OAAO,QAAQ;AACnC,UAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,YAAI,aAAa,IAAI,aAAa,GAAG,GAAG,KAAK;AAAA,MAC/C;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO,OAAO,KAAK,IAAI;AAGvB,MAAI,YAAY,cAAc,kBAAkB;AAC9C,UAAM,kBAAkB,IAAI,IAAI,iBAAiB,IAAI,KAAK,UAAU,CAAC,CAAC;AAEtE,oBAAgB,WAAW,UAAU,gBAAgB,UAAU,YAAY,EAAE;AAE7E,UAAM,mCAAmC,eAAe,cAAc,EAAE;AAExE,eAAW,CAAC,KAAK,GAAG,KAAK,OAAO,QAAQ,gCAAgC,GAAG;AACzE,sBAAgB,aAAa,OAAO,KAAK,GAAG;AAAA,IAC9C;AAEA,QAAI,kBAAkB;AACpB,YAAM,YAAY,MAAM,QAAQ,gBAAgB,IAAI,mBAAmB,CAAC,gBAAgB;AACxF,iBAAW,WAAW,WAAW;AAC/B,YAAI,EAAE,mBAAmB,oBAAoB,OAAO,YAAY,UAAU;AACxE;AAAA,QACF;AACA,cAAMA,UAAS,IAAI,gBAAgB,OAAO;AAC1C,QAAAA,QAAO,QAAQ,CAAC,OAAO,QAAQ;AAC7B,cAAI,UAAU,QAAQ,UAAU,QAAW;AACzC,4BAAgB,aAAa,IAAI,aAAa,GAAG,GAAG,KAAK;AAAA,UAC3D;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,UAAU,gBAAgB,KAAK,QAAQ,gBAAgB,EAAE;AAC/D,QAAI,YAAY,KAAK;AAEnB,UAAI,OAAO;AAAA,IACb;AAAA,EACF;AAEA,QAAM,EAAE,WAAW,WAAW,IAAI;AAClC,MAAI,WAAW;AACb,WAAO,aAAa,IAAI,KAAK,QAAQ,IAAI,QAAQ,EAAE,IAAI,IAAI;AAAA,EAC7D;AACA,SAAO;AACT;AAOO,MAAM,mBAAmB,CAAC,SAAiB;AAChD,MAAI,OAAO,WAAW,YAAa,QAAO;AAC1C,QAAM,UAAU,OAAO,SAAS;AAChC,MAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,WAAO;AAAA,EACT;AACA,SAAO,GAAG,OAAO,GAAG,KAAK,WAAW,GAAG,IAAI,OAAO,IAAI,IAAI,EAAE;AAC9D;AAQO,MAAM,kBAAkB,CAAC,aAAqB,iBAAkC;AACrF,MAAI,CAAC,eAAe,CAAC,aAAc,QAAO;AAG1C,QAAM,mBAAmB,YAAY,MAAM,GAAG,EAAE,CAAC;AACjD,QAAM,oBAAoB,aAAa,MAAM,GAAG,EAAE,CAAC;AAEnD,SAAO,qBAAqB;AAC9B;AAEO,MAAM,kBAAkB,CAAC,YAAmD;AACjF,QAAM;AAAA,IACJ;AAAA,IACA,kBAAkB;AAAA,IAClB;AAAA,IACA;AAAA,IACA,kBAAkB;AAAA,EACpB,IAAI;AAEJ,QAAM,UAAU,OAAO,SAAS;AAEhC,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO;AAAA,EACT;AAEA,QAAM,MAAM,IAAI,IAAI,WAAW,OAAO;AAEtC,MAAI,CAAC,YAAY,SAAS,eAAe,KAAK,CAAC,YAAY,SAAS,eAAe,GAAG;AACpF,QAAI,aAAa,IAAI,YAAY,WAAW;AAAA,EAC9C;AAEA,SAAO,IAAI,SAAS;AACtB;AAKO,MAAM,oBAAoB,CAAC,SAAuB;AACvD,MAAI,OAAO,WAAW,aAAa;AACjC,mBAAe,QAAQ,gBAAgB,IAAI;AAAA,EAC7C;AACF;AAKO,MAAM,kBAAkB,MAAqB;AAClD,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,eAAe,QAAQ,cAAc;AAAA,EAC9C;AACA,SAAO;AACT;AAQO,MAAM,sBAAsB,CACjC,cACA,uBACW;AAEX,QAAM,cAAc,aAAa,IAAI,UAAU;AAC/C,MAAI,aAAa;AACf,WAAO,YAAY,WAAW;AAAA,EAChC;AAGA,MAAI,oBAAoB;AACtB,WAAO,YAAY,kBAAkB;AAAA,EACvC;AAGA,SAAO;AACT;AAKA,MAAM,cAAc,CAAC,QAAwB;AAC3C,MAAI;AAEF,QAAI,IAAI,WAAW,MAAM,GAAG;AAC1B,YAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,UAAI,OAAO,WAAW,eAAe,OAAO,WAAW,OAAO,SAAS,QAAQ;AAC7E,eAAO;AAAA,MACT;AAAA,IACF;AAGA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,MAAM,KAAwB;AAC5C,SAAO,IAAI,IAAI,IAAI,SAAS,GAAG,OAAO,SAAS,MAAM;AACvD;AAcO,SAAS,YAAY,KAA2B;AACrD,QAAM,MAAM,GAAG;AACf,SAAO,IAAI,KAAK,QAAQ,IAAI,QAAQ,EAAE;AACxC;AAUO,MAAM,oBAAoB,CAAC,SAAyB;AACzD,UAAQ,QAAQ,IAAI,QAAQ,QAAQ,EAAE;AACxC;AAEO,SAAS,WAAW,KAA6B;AACtD,MAAI,CAAC,KAAK;AACR,WAAO;AAAA,EACT;AAEA,MAAI;AACF,QAAI,IAAI,GAAa;AACrB,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,sBAAsB,KAAa,QAA2B;AAC5E,MAAI;AACF,WAAO,IAAI,IAAI,GAAG;AAAA,EACpB,QAAQ;AACN,WAAO,IAAI,IAAI,KAAK,MAAM;AAAA,EAC5B;AACF;AAGA,MAAM,qBAAqB;AAAA,EACzB;AAAA;AAAA,EACA;AAAA;AAAA;AAAA,EAEA;AAAA;AACF;AAMO,SAAS,iBAAiB,KAAmB;AAClD,MAAI,kBAAkB,GAAG,GAAG;AAC1B,WAAO;AAAA,EACT;AAEA,aAAW,WAAW,oBAAoB;AACxC,QAAI,QAAQ,KAAK,IAAI,QAAQ,GAAG;AAC9B,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,kBAAkB,KAAmB;AACnD,MAAI,CAAC,WAAW,GAAG,GAAG;AACpB,WAAO;AAAA,EACT;AACA,QAAM,WAAW,IAAI,IAAI,GAAG,EAAE;AAC9B,SAAO,qBAAqB,KAAK,QAAM,OAAO,QAAQ;AACxD;AAEO,MAAM,oBACX,CAAC,wBAA4D,kBAC7D,CAAC,SAAuB;AAGtB,MAAI,CAAC,cAAe,QAAO;AAE3B,MAAI,MAAM;AACV,MAAI,OAAO,QAAQ,UAAU;AAC3B,UAAM,sBAAsB,KAAK,aAAa;AAAA,EAChD;AAEA,MAAI,CAAC,wBAAwB;AAC3B,WAAO;AAAA,EACT;AAEA,QAAM,eAAe,kBAAkB,IAAI;AAE3C,QAAM,YACJ,CAAC,iBAAiB,GAAG,MACpB,gBACC,uBACG;AAAA,IAAI,YACH,OAAO,WAAW,WAAW,MAAM,SAAS,kBAAkB,MAAM,CAAC,IAAI;AAAA,EAC3E,EACC,KAAK,YAAU,OAAO,KAAK,kBAAkB,IAAI,MAAM,CAAC,CAAC;AAEhE,MAAI,CAAC,WAAW;AACd,WAAO;AAAA,MACL,uBAAuB,GAAG;AAAA,IAC5B;AAAA,EACF;AACA,SAAO;AACT;","names":["params"]}
|
package/dist/esm/utils/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/utils/index.ts"],"sourcesContent":["export * from './construct';\nexport * from './querystring';\n"],"mappings":"AAAA,cAAc;AACd,cAAc;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/index.ts"],"sourcesContent":["export * from './construct';\nexport * from './querystring';\nexport * from './redirectUrls';\nexport * from './windowNavigate';\n"],"mappings":"AAAA,cAAc;AACd,cAAc;AACd,cAAc;AACd,cAAc;","names":[]}
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
import { camelToSnake } from "@tern-secure/shared/caseUtils";
|
|
2
|
+
import { applyFunctionToObj, filterProps, removeUndefined } from "@tern-secure/shared/object";
|
|
3
|
+
import { isAllowedRedirect, relativeToAbsoluteUrl } from "./construct";
|
|
4
|
+
class RedirectUrls {
|
|
5
|
+
static keys = [
|
|
6
|
+
"signInForceRedirectUrl",
|
|
7
|
+
"signInFallbackRedirectUrl",
|
|
8
|
+
"signUpForceRedirectUrl",
|
|
9
|
+
"signUpFallbackRedirectUrl",
|
|
10
|
+
"afterSignInUrl",
|
|
11
|
+
"afterSignUpUrl",
|
|
12
|
+
"redirectUrl"
|
|
13
|
+
];
|
|
14
|
+
static preserved = ["redirectUrl"];
|
|
15
|
+
options;
|
|
16
|
+
fromOptions;
|
|
17
|
+
fromProps;
|
|
18
|
+
fromSearchParams;
|
|
19
|
+
constructor(options, props = {}, searchParams = {}) {
|
|
20
|
+
this.options = options;
|
|
21
|
+
this.fromOptions = this.#parse(options || {});
|
|
22
|
+
this.fromProps = this.#parse(props || {});
|
|
23
|
+
this.fromSearchParams = this.#parseSearchParams(searchParams || {});
|
|
24
|
+
}
|
|
25
|
+
getAfterSignInUrl() {
|
|
26
|
+
return this.#getRedirectUrl("signIn");
|
|
27
|
+
}
|
|
28
|
+
getAfterSignUpUrl() {
|
|
29
|
+
return this.#getRedirectUrl("signUp");
|
|
30
|
+
}
|
|
31
|
+
getPreservedSearchParams() {
|
|
32
|
+
return this.#toSearchParams(this.#flattenPreserved());
|
|
33
|
+
}
|
|
34
|
+
toSearchParams() {
|
|
35
|
+
return this.#toSearchParams(this.#flattenAll());
|
|
36
|
+
}
|
|
37
|
+
#toSearchParams(obj) {
|
|
38
|
+
const camelCased = Object.fromEntries(
|
|
39
|
+
Object.entries(obj).map(([key, value]) => [camelToSnake(key), value])
|
|
40
|
+
);
|
|
41
|
+
return new URLSearchParams(removeUndefined(camelCased));
|
|
42
|
+
}
|
|
43
|
+
#flattenPreserved() {
|
|
44
|
+
return Object.fromEntries(
|
|
45
|
+
Object.entries({ ...this.fromSearchParams }).filter(
|
|
46
|
+
([key]) => RedirectUrls.preserved.includes(key)
|
|
47
|
+
)
|
|
48
|
+
);
|
|
49
|
+
}
|
|
50
|
+
#flattenAll() {
|
|
51
|
+
const signUpForceRedirectUrl = this.fromSearchParams.signUpForceRedirectUrl || this.fromProps.signUpForceRedirectUrl || this.fromOptions.signUpForceRedirectUrl;
|
|
52
|
+
const signUpFallbackRedirectUrl = this.fromSearchParams.signUpFallbackRedirectUrl || this.fromProps.signUpFallbackRedirectUrl || this.fromOptions.signUpFallbackRedirectUrl;
|
|
53
|
+
const signInForceRedirectUrl = this.fromSearchParams.signInForceRedirectUrl || this.fromProps.signInForceRedirectUrl || this.fromOptions.signInForceRedirectUrl;
|
|
54
|
+
const signInFallbackRedirectUrl = this.fromSearchParams.signInFallbackRedirectUrl || this.fromProps.signInFallbackRedirectUrl || this.fromOptions.signInFallbackRedirectUrl;
|
|
55
|
+
const afterSignInUrl = this.fromSearchParams.afterSignInUrl || this.fromProps.afterSignInUrl || this.fromOptions.afterSignInUrl;
|
|
56
|
+
const afterSignUpUrl = this.fromSearchParams.afterSignUpUrl || this.fromProps.afterSignUpUrl || this.fromOptions.afterSignUpUrl;
|
|
57
|
+
const redirectUrl = this.fromSearchParams.redirectUrl || this.fromProps.redirectUrl || this.fromOptions.redirectUrl;
|
|
58
|
+
const res = {
|
|
59
|
+
signUpForceRedirectUrl,
|
|
60
|
+
signUpFallbackRedirectUrl,
|
|
61
|
+
signInForceRedirectUrl,
|
|
62
|
+
signInFallbackRedirectUrl,
|
|
63
|
+
afterSignInUrl,
|
|
64
|
+
afterSignUpUrl,
|
|
65
|
+
redirectUrl
|
|
66
|
+
};
|
|
67
|
+
return res;
|
|
68
|
+
}
|
|
69
|
+
#getRedirectUrl(prefix) {
|
|
70
|
+
const forceKey = `${prefix}ForceRedirectUrl`;
|
|
71
|
+
const fallbackKey = `${prefix}FallbackRedirectUrl`;
|
|
72
|
+
let newKeyInUse;
|
|
73
|
+
let result;
|
|
74
|
+
result = this.fromSearchParams[forceKey] || this.fromProps[forceKey] || this.fromOptions[forceKey];
|
|
75
|
+
if (result) {
|
|
76
|
+
newKeyInUse = forceKey;
|
|
77
|
+
}
|
|
78
|
+
result ||= this.fromSearchParams.redirectUrl;
|
|
79
|
+
if (result) {
|
|
80
|
+
newKeyInUse = "redirectUrl";
|
|
81
|
+
}
|
|
82
|
+
result ||= this.fromSearchParams[fallbackKey] || this.fromProps[fallbackKey] || this.fromOptions[fallbackKey];
|
|
83
|
+
if (result) {
|
|
84
|
+
newKeyInUse = fallbackKey;
|
|
85
|
+
}
|
|
86
|
+
if (!result) {
|
|
87
|
+
if (typeof window === "undefined") {
|
|
88
|
+
return "/";
|
|
89
|
+
}
|
|
90
|
+
return window.location.href;
|
|
91
|
+
}
|
|
92
|
+
return result || "/";
|
|
93
|
+
}
|
|
94
|
+
#parse(obj) {
|
|
95
|
+
const res = {};
|
|
96
|
+
RedirectUrls.keys.forEach((key) => {
|
|
97
|
+
res[key] = obj[key];
|
|
98
|
+
});
|
|
99
|
+
return applyFunctionToObj(
|
|
100
|
+
this.#filterRedirects(this.#toAbsoluteUrls(filterProps(res, Boolean))),
|
|
101
|
+
(val) => val.toString()
|
|
102
|
+
);
|
|
103
|
+
}
|
|
104
|
+
#parseSearchParams(obj) {
|
|
105
|
+
const res = {};
|
|
106
|
+
RedirectUrls.keys.forEach((key) => {
|
|
107
|
+
if (obj instanceof URLSearchParams) {
|
|
108
|
+
res[key] = obj.get(camelToSnake(key));
|
|
109
|
+
} else {
|
|
110
|
+
res[key] = obj[camelToSnake(key)];
|
|
111
|
+
}
|
|
112
|
+
});
|
|
113
|
+
return applyFunctionToObj(
|
|
114
|
+
this.#filterRedirects(this.#toAbsoluteUrls(filterProps(res, Boolean))),
|
|
115
|
+
(val) => val.toString()
|
|
116
|
+
);
|
|
117
|
+
}
|
|
118
|
+
#toAbsoluteUrls(obj) {
|
|
119
|
+
const origin = typeof window !== "undefined" ? window.location.origin : "";
|
|
120
|
+
if (!origin) return obj;
|
|
121
|
+
return applyFunctionToObj(obj, (url) => relativeToAbsoluteUrl(url, origin));
|
|
122
|
+
}
|
|
123
|
+
#filterRedirects = (obj) => {
|
|
124
|
+
var _a;
|
|
125
|
+
const origin = typeof window !== "undefined" ? window.location.origin : "";
|
|
126
|
+
return filterProps(obj, isAllowedRedirect((_a = this.options) == null ? void 0 : _a.allowedRedirectOrigins, origin));
|
|
127
|
+
};
|
|
128
|
+
}
|
|
129
|
+
export {
|
|
130
|
+
RedirectUrls
|
|
131
|
+
};
|
|
132
|
+
//# sourceMappingURL=redirectUrls.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/redirectUrls.ts"],"sourcesContent":["import { camelToSnake } from '@tern-secure/shared/caseUtils';\nimport { applyFunctionToObj, filterProps, removeUndefined } from '@tern-secure/shared/object';\nimport type { RedirectOptions, TernSecureAuthOptions } from '@tern-secure/types';\n\nimport { isAllowedRedirect, relativeToAbsoluteUrl } from './construct';\n\n/**\n * RedirectUrls class handles all redirect URL construction logic\n * for sign-in, sign-up, and post-authentication flows.\n *\n * This class centralizes the redirect logic previously scattered across\n * multiple methods, making it reusable and maintainable.\n */\nexport class RedirectUrls {\n private static keys: (keyof RedirectOptions)[] = [\n 'signInForceRedirectUrl',\n 'signInFallbackRedirectUrl',\n 'signUpForceRedirectUrl',\n 'signUpFallbackRedirectUrl',\n 'afterSignInUrl',\n 'afterSignUpUrl',\n 'redirectUrl',\n ];\n\n private static preserved = ['redirectUrl'];\n\n private readonly options: TernSecureAuthOptions;\n private readonly fromOptions: RedirectOptions;\n private readonly fromProps: RedirectOptions;\n private readonly fromSearchParams: RedirectOptions & { redirectUrl?: string | null };\n\n constructor(options: TernSecureAuthOptions, props: RedirectOptions = {}, searchParams: any = {}) {\n this.options = options;\n this.fromOptions = this.#parse(options || {});\n this.fromProps = this.#parse(props || {});\n this.fromSearchParams = this.#parseSearchParams(searchParams || {});\n }\n\n getAfterSignInUrl() {\n return this.#getRedirectUrl('signIn');\n }\n\n getAfterSignUpUrl() {\n return this.#getRedirectUrl('signUp');\n }\n\n getPreservedSearchParams() {\n return this.#toSearchParams(this.#flattenPreserved());\n }\n\n toSearchParams() {\n return this.#toSearchParams(this.#flattenAll());\n }\n\n #toSearchParams(obj: Record<string, string | undefined | null>): URLSearchParams {\n const camelCased = Object.fromEntries(\n Object.entries(obj).map(([key, value]) => [camelToSnake(key), value]),\n );\n return new URLSearchParams(removeUndefined(camelCased) as Record<string, string>);\n }\n\n #flattenPreserved() {\n return Object.fromEntries(\n Object.entries({ ...this.fromSearchParams }).filter(([key]) =>\n RedirectUrls.preserved.includes(key),\n ),\n );\n }\n\n #flattenAll() {\n const signUpForceRedirectUrl =\n this.fromSearchParams.signUpForceRedirectUrl ||\n this.fromProps.signUpForceRedirectUrl ||\n this.fromOptions.signUpForceRedirectUrl;\n const signUpFallbackRedirectUrl =\n this.fromSearchParams.signUpFallbackRedirectUrl ||\n this.fromProps.signUpFallbackRedirectUrl ||\n this.fromOptions.signUpFallbackRedirectUrl;\n const signInForceRedirectUrl =\n this.fromSearchParams.signInForceRedirectUrl ||\n this.fromProps.signInForceRedirectUrl ||\n this.fromOptions.signInForceRedirectUrl;\n const signInFallbackRedirectUrl =\n this.fromSearchParams.signInFallbackRedirectUrl ||\n this.fromProps.signInFallbackRedirectUrl ||\n this.fromOptions.signInFallbackRedirectUrl;\n const afterSignInUrl =\n this.fromSearchParams.afterSignInUrl ||\n this.fromProps.afterSignInUrl ||\n this.fromOptions.afterSignInUrl;\n const afterSignUpUrl =\n this.fromSearchParams.afterSignUpUrl ||\n this.fromProps.afterSignUpUrl ||\n this.fromOptions.afterSignUpUrl;\n const redirectUrl =\n this.fromSearchParams.redirectUrl ||\n this.fromProps.redirectUrl ||\n this.fromOptions.redirectUrl;\n\n const res: RedirectOptions = {\n signUpForceRedirectUrl,\n signUpFallbackRedirectUrl,\n signInForceRedirectUrl,\n signInFallbackRedirectUrl,\n afterSignInUrl,\n afterSignUpUrl,\n redirectUrl,\n };\n return res;\n }\n\n #getRedirectUrl(prefix: 'signIn' | 'signUp') {\n const forceKey = `${prefix}ForceRedirectUrl` as const;\n const fallbackKey = `${prefix}FallbackRedirectUrl` as const;\n\n let newKeyInUse: string | undefined;\n\n let result;\n // Prioritize forceRedirectUrl\n result =\n this.fromSearchParams[forceKey] || this.fromProps[forceKey] || this.fromOptions[forceKey];\n if (result) {\n newKeyInUse = forceKey;\n }\n\n // Try to get redirect_url, only allowed as a search param\n result ||= this.fromSearchParams.redirectUrl;\n if (result) {\n newKeyInUse = 'redirectUrl';\n }\n\n // Otherwise, fallback to fallbackRedirectUrl\n result ||=\n this.fromSearchParams[fallbackKey] ||\n this.fromProps[fallbackKey] ||\n this.fromOptions[fallbackKey];\n if (result) {\n newKeyInUse = fallbackKey;\n }\n\n if (!result) {\n if (typeof window === 'undefined') {\n return '/';\n }\n return window.location.href;\n }\n return result || '/';\n }\n\n #parse(obj: unknown) {\n const res = {} as RedirectOptions;\n RedirectUrls.keys.forEach(key => {\n // @ts-expect-error\n res[key] = obj[key];\n });\n\n //const absoluteUrls = this.#toAbsoluteUrls(filterProps(res, Boolean));\n //const filtered = this.#filterRedirects(absoluteUrls);\n //return applyFunctionToObj(filtered, val => val.toString());\n\n return applyFunctionToObj(\n this.#filterRedirects(this.#toAbsoluteUrls(filterProps(res, Boolean))),\n val => val.toString(),\n );\n }\n\n #parseSearchParams(obj: any) {\n const res = {} as typeof this.fromSearchParams;\n RedirectUrls.keys.forEach(key => {\n if (obj instanceof URLSearchParams) {\n res[key] = obj.get(camelToSnake(key));\n } else {\n res[key] = obj[camelToSnake(key)];\n }\n });\n\n return applyFunctionToObj(\n this.#filterRedirects(this.#toAbsoluteUrls(filterProps(res, Boolean))),\n val => val.toString(),\n );\n }\n\n #toAbsoluteUrls(obj: RedirectOptions) {\n const origin = typeof window !== 'undefined' ? window.location.origin : '';\n // If no origin (server-side), return URLs as-is without conversion\n // They will be properly converted on the client-side\n if (!origin) return obj;\n\n return applyFunctionToObj(obj, (url: string) => relativeToAbsoluteUrl(url, origin));\n }\n\n #filterRedirects = (obj: RedirectOptions) => {\n const origin = typeof window !== 'undefined' ? window.location.origin : '';\n return filterProps(obj, isAllowedRedirect(this.options?.allowedRedirectOrigins, origin));\n };\n}\n"],"mappings":"AAAA,SAAS,oBAAoB;AAC7B,SAAS,oBAAoB,aAAa,uBAAuB;AAGjE,SAAS,mBAAmB,6BAA6B;AASlD,MAAM,aAAa;AAAA,EACxB,OAAe,OAAkC;AAAA,IAC/C;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EAEA,OAAe,YAAY,CAAC,aAAa;AAAA,EAExB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAgC,QAAyB,CAAC,GAAG,eAAoB,CAAC,GAAG;AAC/F,SAAK,UAAU;AACf,SAAK,cAAc,KAAK,OAAO,WAAW,CAAC,CAAC;AAC5C,SAAK,YAAY,KAAK,OAAO,SAAS,CAAC,CAAC;AACxC,SAAK,mBAAmB,KAAK,mBAAmB,gBAAgB,CAAC,CAAC;AAAA,EACpE;AAAA,EAEA,oBAAoB;AAClB,WAAO,KAAK,gBAAgB,QAAQ;AAAA,EACtC;AAAA,EAEA,oBAAoB;AAClB,WAAO,KAAK,gBAAgB,QAAQ;AAAA,EACtC;AAAA,EAEA,2BAA2B;AACzB,WAAO,KAAK,gBAAgB,KAAK,kBAAkB,CAAC;AAAA,EACtD;AAAA,EAEA,iBAAiB;AACf,WAAO,KAAK,gBAAgB,KAAK,YAAY,CAAC;AAAA,EAChD;AAAA,EAEA,gBAAgB,KAAiE;AAC/E,UAAM,aAAa,OAAO;AAAA,MACxB,OAAO,QAAQ,GAAG,EAAE,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,aAAa,GAAG,GAAG,KAAK,CAAC;AAAA,IACtE;AACA,WAAO,IAAI,gBAAgB,gBAAgB,UAAU,CAA2B;AAAA,EAClF;AAAA,EAEA,oBAAoB;AAClB,WAAO,OAAO;AAAA,MACZ,OAAO,QAAQ,EAAE,GAAG,KAAK,iBAAiB,CAAC,EAAE;AAAA,QAAO,CAAC,CAAC,GAAG,MACvD,aAAa,UAAU,SAAS,GAAG;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,cAAc;AACZ,UAAM,yBACJ,KAAK,iBAAiB,0BACtB,KAAK,UAAU,0BACf,KAAK,YAAY;AACnB,UAAM,4BACJ,KAAK,iBAAiB,6BACtB,KAAK,UAAU,6BACf,KAAK,YAAY;AACnB,UAAM,yBACJ,KAAK,iBAAiB,0BACtB,KAAK,UAAU,0BACf,KAAK,YAAY;AACnB,UAAM,4BACJ,KAAK,iBAAiB,6BACtB,KAAK,UAAU,6BACf,KAAK,YAAY;AACnB,UAAM,iBACJ,KAAK,iBAAiB,kBACtB,KAAK,UAAU,kBACf,KAAK,YAAY;AACnB,UAAM,iBACJ,KAAK,iBAAiB,kBACtB,KAAK,UAAU,kBACf,KAAK,YAAY;AACnB,UAAM,cACJ,KAAK,iBAAiB,eACtB,KAAK,UAAU,eACf,KAAK,YAAY;AAEnB,UAAM,MAAuB;AAAA,MAC3B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EAEA,gBAAgB,QAA6B;AAC3C,UAAM,WAAW,GAAG,MAAM;AAC1B,UAAM,cAAc,GAAG,MAAM;AAE7B,QAAI;AAEJ,QAAI;AAEJ,aACE,KAAK,iBAAiB,QAAQ,KAAK,KAAK,UAAU,QAAQ,KAAK,KAAK,YAAY,QAAQ;AAC1F,QAAI,QAAQ;AACV,oBAAc;AAAA,IAChB;AAGA,eAAW,KAAK,iBAAiB;AACjC,QAAI,QAAQ;AACV,oBAAc;AAAA,IAChB;AAGA,eACE,KAAK,iBAAiB,WAAW,KACjC,KAAK,UAAU,WAAW,KAC1B,KAAK,YAAY,WAAW;AAC9B,QAAI,QAAQ;AACV,oBAAc;AAAA,IAChB;AAEA,QAAI,CAAC,QAAQ;AACX,UAAI,OAAO,WAAW,aAAa;AACjC,eAAO;AAAA,MACT;AACA,aAAO,OAAO,SAAS;AAAA,IACzB;AACA,WAAO,UAAU;AAAA,EACnB;AAAA,EAEA,OAAO,KAAc;AACnB,UAAM,MAAM,CAAC;AACb,iBAAa,KAAK,QAAQ,SAAO;AAE/B,UAAI,GAAG,IAAI,IAAI,GAAG;AAAA,IACpB,CAAC;AAMD,WAAO;AAAA,MACL,KAAK,iBAAiB,KAAK,gBAAgB,YAAY,KAAK,OAAO,CAAC,CAAC;AAAA,MACrE,SAAO,IAAI,SAAS;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,mBAAmB,KAAU;AAC3B,UAAM,MAAM,CAAC;AACb,iBAAa,KAAK,QAAQ,SAAO;AAC/B,UAAI,eAAe,iBAAiB;AAClC,YAAI,GAAG,IAAI,IAAI,IAAI,aAAa,GAAG,CAAC;AAAA,MACtC,OAAO;AACL,YAAI,GAAG,IAAI,IAAI,aAAa,GAAG,CAAC;AAAA,MAClC;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,KAAK,iBAAiB,KAAK,gBAAgB,YAAY,KAAK,OAAO,CAAC,CAAC;AAAA,MACrE,SAAO,IAAI,SAAS;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,gBAAgB,KAAsB;AACpC,UAAM,SAAS,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS;AAGxE,QAAI,CAAC,OAAQ,QAAO;AAEpB,WAAO,mBAAmB,KAAK,CAAC,QAAgB,sBAAsB,KAAK,MAAM,CAAC;AAAA,EACpF;AAAA,EAEA,mBAAmB,CAAC,QAAyB;AA/L/C;AAgMI,UAAM,SAAS,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS;AACxE,WAAO,YAAY,KAAK,mBAAkB,UAAK,YAAL,mBAAc,wBAAwB,MAAM,CAAC;AAAA,EACzF;AACF;","names":[]}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
const BEFORE_UNLOAD_EVENT = "ternsecure:beforeunload";
|
|
2
|
+
const ALLOWED_PROTOCOLS = [
|
|
3
|
+
"http:",
|
|
4
|
+
"https:",
|
|
5
|
+
// Refers to https://wails.io/
|
|
6
|
+
"wails:",
|
|
7
|
+
"chrome-extension:"
|
|
8
|
+
];
|
|
9
|
+
function windowNavigate(to) {
|
|
10
|
+
const toURL = new URL(to, window.location.href);
|
|
11
|
+
window.dispatchEvent(new CustomEvent(BEFORE_UNLOAD_EVENT));
|
|
12
|
+
window.location.href = toURL.href;
|
|
13
|
+
}
|
|
14
|
+
export {
|
|
15
|
+
ALLOWED_PROTOCOLS,
|
|
16
|
+
BEFORE_UNLOAD_EVENT,
|
|
17
|
+
windowNavigate
|
|
18
|
+
};
|
|
19
|
+
//# sourceMappingURL=windowNavigate.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/windowNavigate.ts"],"sourcesContent":["export const BEFORE_UNLOAD_EVENT = 'ternsecure:beforeunload';\n\n/**\n * Additional protocols can be provided using the `allowedRedirectProtocols` option.\n */\nexport const ALLOWED_PROTOCOLS = [\n 'http:',\n 'https:',\n // Refers to https://wails.io/\n 'wails:',\n 'chrome-extension:',\n];\n\n/**\n * Helper utility to navigate via window.location.href. Also dispatches a ternsecure:beforeunload custom event.\n *\n * Note that this utility should **never** be called with a user-provided URL. We make no specific checks against the contents of the URL here and assume it is safe.\n */\nexport function windowNavigate(to: URL | string): void {\n const toURL = new URL(to, window.location.href);\n window.dispatchEvent(new CustomEvent(BEFORE_UNLOAD_EVENT));\n window.location.href = toURL.href;\n}\n"],"mappings":"AAAO,MAAM,sBAAsB;AAK5B,MAAM,oBAAoB;AAAA,EAC/B;AAAA,EACA;AAAA;AAAA,EAEA;AAAA,EACA;AACF;AAOO,SAAS,eAAe,IAAwB;AACrD,QAAM,QAAQ,IAAI,IAAI,IAAI,OAAO,SAAS,IAAI;AAC9C,SAAO,cAAc,IAAI,YAAY,mBAAmB,CAAC;AACzD,SAAO,SAAS,OAAO,MAAM;AAC/B;","names":[]}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -5,5 +5,6 @@ export type { TernServerAuthOptions, AuthenticatedApp } from './instance/TernAut
|
|
|
5
5
|
export { CoreApiClient, coreApiClient } from './instance/coreApiClient';
|
|
6
6
|
export type { ApiResponse, ApiResponseJSON, RequestOptions, BeforeRequestHook, AfterResponseHook } from './instance/coreApiClient';
|
|
7
7
|
export { SignIn, TernSecureBase, buildURL } from './resources/internal';
|
|
8
|
-
export type { AuthErrorTree, TernSecureConfig, SignInFormValues, SignInProps, SignUpProps, SignInResponse,
|
|
8
|
+
export type { AuthErrorTree, TernSecureConfig, SignInFormValues, SignInProps, SignUpProps, SignInResponse, SignInForceRedirectUrl, SignUpForceRedirectUrl, SignInFallbackRedirectUrl, ResendEmailVerification, TernSecureUser, TernSecureState } from '@tern-secure/types';
|
|
9
|
+
export { RedirectUrls } from './utils/redirectUrls';
|
|
9
10
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,YAAY,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,YAAY,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAEzF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACxE,YAAY,EACR,WAAW,EACX,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAExE,YAAY,EACR,aAAa,EACb,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,cAAc,EACd,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,YAAY,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,YAAY,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAEzF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACxE,YAAY,EACR,WAAW,EACX,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAExE,YAAY,EACR,aAAa,EACb,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,cAAc,EACd,sBAAsB,EACtB,sBAAsB,EACtB,yBAAyB,EACzB,uBAAuB,EACvB,cAAc,EACd,eAAe,EAClB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC"}
|