@tinyrack/tinyauth-server 0.3.1 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/entities/background-job.entity.d.ts.map +1 -1
- package/dist/entities/background-job.entity.js +15 -3
- package/dist/entities/background-job.entity.js.map +1 -1
- package/dist/entities/oauth-client.entity.d.ts +147 -0
- package/dist/entities/oauth-client.entity.d.ts.map +1 -1
- package/dist/entities/oauth-client.entity.js +10 -0
- package/dist/entities/oauth-client.entity.js.map +1 -1
- package/dist/entities/oauth-code.entity.d.ts +147 -0
- package/dist/entities/oauth-code.entity.d.ts.map +1 -1
- package/dist/entities/oauth-device-code.entity.d.ts +1737 -0
- package/dist/entities/oauth-device-code.entity.d.ts.map +1 -0
- package/dist/entities/oauth-device-code.entity.js +61 -0
- package/dist/entities/oauth-device-code.entity.js.map +1 -0
- package/dist/entities/revoked-token.entity.d.ts +147 -0
- package/dist/entities/revoked-token.entity.d.ts.map +1 -1
- package/dist/entities/scheduler-job.entity.d.ts.map +1 -1
- package/dist/entities/scheduler-job.entity.js +10 -2
- package/dist/entities/scheduler-job.entity.js.map +1 -1
- package/dist/entities/user-consent.entity.d.ts +147 -0
- package/dist/entities/user-consent.entity.d.ts.map +1 -1
- package/dist/entities/user-oauth.entity.d.ts.map +1 -1
- package/dist/entities/user-oauth.entity.js +2 -1
- package/dist/entities/user-oauth.entity.js.map +1 -1
- package/dist/entrypoints/app.d.ts +127 -20
- package/dist/entrypoints/app.d.ts.map +1 -1
- package/dist/entrypoints/app.js +72 -5
- package/dist/entrypoints/app.js.map +1 -1
- package/dist/entrypoints/database/postgres/cli.js +5 -5
- package/dist/entrypoints/database/postgres/cli.js.map +1 -1
- package/dist/entrypoints/database/postgres/compiled-functions.d.ts +146 -94
- package/dist/entrypoints/database/postgres/compiled-functions.d.ts.map +1 -1
- package/dist/entrypoints/database/postgres/compiled-functions.js +881 -122
- package/dist/entrypoints/database/postgres/compiled-functions.js.map +1 -1
- package/dist/entrypoints/database/sqlite/cli.js +2 -2
- package/dist/entrypoints/database/sqlite/cli.js.map +1 -1
- package/dist/entrypoints/database/sqlite/compiled-functions.d.ts +146 -94
- package/dist/entrypoints/database/sqlite/compiled-functions.d.ts.map +1 -1
- package/dist/entrypoints/database/sqlite/compiled-functions.js +881 -122
- package/dist/entrypoints/database/sqlite/compiled-functions.js.map +1 -1
- package/dist/lib/config/client.d.ts +28 -6
- package/dist/lib/config/client.d.ts.map +1 -1
- package/dist/lib/config/client.js +133 -7
- package/dist/lib/config/client.js.map +1 -1
- package/dist/lib/config/resolved.d.ts +14 -3
- package/dist/lib/config/resolved.d.ts.map +1 -1
- package/dist/lib/config/security.d.ts.map +1 -1
- package/dist/lib/config/security.js +25 -2
- package/dist/lib/config/security.js.map +1 -1
- package/dist/lib/crypto.d.ts.map +1 -1
- package/dist/lib/crypto.js +11 -1
- package/dist/lib/crypto.js.map +1 -1
- package/dist/lib/database/entities.d.ts.map +1 -1
- package/dist/lib/database/entities.js +2 -0
- package/dist/lib/database/entities.js.map +1 -1
- package/dist/lib/escape-html.d.ts +7 -0
- package/dist/lib/escape-html.d.ts.map +1 -0
- package/dist/lib/escape-html.js +14 -0
- package/dist/lib/escape-html.js.map +1 -0
- package/dist/migrations/postgres/Migration20260619075007.d.ts +6 -0
- package/dist/migrations/postgres/Migration20260619075007.d.ts.map +1 -0
- package/dist/migrations/postgres/Migration20260619075007.js +86 -0
- package/dist/migrations/postgres/Migration20260619075007.js.map +1 -0
- package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.d.ts +6 -0
- package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.d.ts.map +1 -0
- package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.js +12 -0
- package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.js.map +1 -0
- package/dist/migrations/postgres/index.d.ts.map +1 -1
- package/dist/migrations/postgres/index.js +4 -0
- package/dist/migrations/postgres/index.js.map +1 -1
- package/dist/migrations/sqlite/Migration20260619075330.d.ts +6 -0
- package/dist/migrations/sqlite/Migration20260619075330.d.ts.map +1 -0
- package/dist/migrations/sqlite/Migration20260619075330.js +57 -0
- package/dist/migrations/sqlite/Migration20260619075330.js.map +1 -0
- package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.d.ts +6 -0
- package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.d.ts.map +1 -0
- package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.js +12 -0
- package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.js.map +1 -0
- package/dist/migrations/sqlite/index.d.ts.map +1 -1
- package/dist/migrations/sqlite/index.js +4 -0
- package/dist/migrations/sqlite/index.js.map +1 -1
- package/dist/repositories/oauth-device-code.repository.d.ts +20 -0
- package/dist/repositories/oauth-device-code.repository.d.ts.map +1 -0
- package/dist/repositories/oauth-device-code.repository.js +55 -0
- package/dist/repositories/oauth-device-code.repository.js.map +1 -0
- package/dist/routes/.well-known/index.d.ts +29 -3
- package/dist/routes/.well-known/index.d.ts.map +1 -1
- package/dist/routes/.well-known/openid-configuration/get.d.ts +30 -4
- package/dist/routes/.well-known/openid-configuration/get.d.ts.map +1 -1
- package/dist/routes/.well-known/openid-configuration/get.js +5 -2
- package/dist/routes/.well-known/openid-configuration/get.js.map +1 -1
- package/dist/routes/index.d.ts +123 -18
- package/dist/routes/index.d.ts.map +1 -1
- package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts +33 -0
- package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts.map +1 -1
- package/dist/routes/oauth/.well-known/openid-configuration/get.js +78 -40
- package/dist/routes/oauth/.well-known/openid-configuration/get.js.map +1 -1
- package/dist/routes/oauth/authorize/get.d.ts +8 -26
- package/dist/routes/oauth/authorize/get.d.ts.map +1 -1
- package/dist/routes/oauth/authorize/get.js +34 -3
- package/dist/routes/oauth/authorize/get.js.map +1 -1
- package/dist/routes/oauth/cors.d.ts +9 -0
- package/dist/routes/oauth/cors.d.ts.map +1 -0
- package/dist/routes/oauth/cors.js +50 -0
- package/dist/routes/oauth/cors.js.map +1 -0
- package/dist/routes/oauth/device/get-post.d.ts +28 -0
- package/dist/routes/oauth/device/get-post.d.ts.map +1 -0
- package/dist/routes/oauth/device/get-post.js +67 -0
- package/dist/routes/oauth/device/get-post.js.map +1 -0
- package/dist/routes/oauth/device-authorization/post.d.ts +25 -0
- package/dist/routes/oauth/device-authorization/post.d.ts.map +1 -0
- package/dist/routes/oauth/device-authorization/post.js +87 -0
- package/dist/routes/oauth/device-authorization/post.js.map +1 -0
- package/dist/routes/oauth/end-session/get.d.ts +34 -0
- package/dist/routes/oauth/end-session/get.d.ts.map +1 -0
- package/dist/routes/oauth/end-session/get.js +74 -0
- package/dist/routes/oauth/end-session/get.js.map +1 -0
- package/dist/routes/oauth/index.d.ts +95 -16
- package/dist/routes/oauth/index.d.ts.map +1 -1
- package/dist/routes/oauth/index.js +8 -0
- package/dist/routes/oauth/index.js.map +1 -1
- package/dist/routes/oauth/introspect/post.d.ts.map +1 -1
- package/dist/routes/oauth/introspect/post.js +2 -0
- package/dist/routes/oauth/introspect/post.js.map +1 -1
- package/dist/routes/oauth/revoke/post.d.ts.map +1 -1
- package/dist/routes/oauth/revoke/post.js +2 -0
- package/dist/routes/oauth/revoke/post.js.map +1 -1
- package/dist/routes/oauth/token/post.d.ts +2 -0
- package/dist/routes/oauth/token/post.d.ts.map +1 -1
- package/dist/routes/oauth/token/post.js +46 -0
- package/dist/routes/oauth/token/post.js.map +1 -1
- package/dist/routes/oauth/userinfo/get.d.ts +16 -4
- package/dist/routes/oauth/userinfo/get.d.ts.map +1 -1
- package/dist/routes/oauth/userinfo/get.js +50 -30
- package/dist/routes/oauth/userinfo/get.js.map +1 -1
- package/dist/schemas/error.d.ts +100 -0
- package/dist/schemas/error.d.ts.map +1 -1
- package/dist/schemas/error.js +4 -0
- package/dist/schemas/error.js.map +1 -1
- package/dist/schemas/field.d.ts +2 -0
- package/dist/schemas/field.d.ts.map +1 -1
- package/dist/schemas/field.js +6 -1
- package/dist/schemas/field.js.map +1 -1
- package/dist/schemas/response.d.ts +2 -0
- package/dist/schemas/response.d.ts.map +1 -1
- package/dist/schemas/response.js +4 -0
- package/dist/schemas/response.js.map +1 -1
- package/dist/seeders/config.seeder.js +2 -0
- package/dist/seeders/config.seeder.js.map +1 -1
- package/dist/services/container.d.ts +4 -2
- package/dist/services/container.d.ts.map +1 -1
- package/dist/services/jwt.service.d.ts +4 -0
- package/dist/services/jwt.service.d.ts.map +1 -1
- package/dist/services/jwt.service.js +27 -6
- package/dist/services/jwt.service.js.map +1 -1
- package/dist/services/mikro.service.d.ts +2 -0
- package/dist/services/mikro.service.d.ts.map +1 -1
- package/dist/services/mikro.service.js +3 -0
- package/dist/services/mikro.service.js.map +1 -1
- package/dist/services/oauth-authorize.service.d.ts +9 -1
- package/dist/services/oauth-authorize.service.d.ts.map +1 -1
- package/dist/services/oauth-authorize.service.js +113 -18
- package/dist/services/oauth-authorize.service.js.map +1 -1
- package/dist/services/oauth-client.service.d.ts +3 -0
- package/dist/services/oauth-client.service.d.ts.map +1 -1
- package/dist/services/oauth-client.service.js +16 -0
- package/dist/services/oauth-client.service.js.map +1 -1
- package/dist/services/oauth-token.service.d.ts +11 -0
- package/dist/services/oauth-token.service.d.ts.map +1 -1
- package/dist/services/oauth-token.service.js +69 -1
- package/dist/services/oauth-token.service.js.map +1 -1
- package/dist/services/security.service.d.ts +1 -1
- package/dist/services/security.service.d.ts.map +1 -1
- package/dist/services/security.service.js +2 -0
- package/dist/services/security.service.js.map +1 -1
- package/package.json +3 -3
- package/readme.md +5 -1
|
@@ -10,9 +10,20 @@ export declare const ClientConfigSchema: z.ZodObject<{
|
|
|
10
10
|
client_id: z.ZodString;
|
|
11
11
|
client_secret: z.ZodOptional<z.ZodString>;
|
|
12
12
|
redirect_uris: z.ZodArray<z.ZodString>;
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
post_logout_redirect_uris: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
14
|
+
web_origins: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
15
|
+
response_types: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
16
|
+
code: "code";
|
|
17
|
+
id_token: "id_token";
|
|
18
|
+
}>>>;
|
|
19
|
+
grant_types: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
20
|
+
refresh_token: "refresh_token";
|
|
21
|
+
implicit: "implicit";
|
|
22
|
+
authorization_code: "authorization_code";
|
|
23
|
+
client_credentials: "client_credentials";
|
|
24
|
+
"urn:ietf:params:oauth:grant-type:device_code": "urn:ietf:params:oauth:grant-type:device_code";
|
|
25
|
+
}>>>;
|
|
26
|
+
scope: z.ZodPipe<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>, z.ZodString>;
|
|
16
27
|
}, z.z.core.$strict>;
|
|
17
28
|
export type ClientConfig = z.infer<typeof ClientConfigSchema>;
|
|
18
29
|
export declare const CLIENT_CONFIGS_DEFAULT: ClientConfig[];
|
|
@@ -23,8 +34,19 @@ export declare const ClientConfigsSchema: z.ZodDefault<z.ZodArray<z.ZodObject<{
|
|
|
23
34
|
client_id: z.ZodString;
|
|
24
35
|
client_secret: z.ZodOptional<z.ZodString>;
|
|
25
36
|
redirect_uris: z.ZodArray<z.ZodString>;
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
37
|
+
post_logout_redirect_uris: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
38
|
+
web_origins: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
39
|
+
response_types: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
40
|
+
code: "code";
|
|
41
|
+
id_token: "id_token";
|
|
42
|
+
}>>>;
|
|
43
|
+
grant_types: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
44
|
+
refresh_token: "refresh_token";
|
|
45
|
+
implicit: "implicit";
|
|
46
|
+
authorization_code: "authorization_code";
|
|
47
|
+
client_credentials: "client_credentials";
|
|
48
|
+
"urn:ietf:params:oauth:grant-type:device_code": "urn:ietf:params:oauth:grant-type:device_code";
|
|
49
|
+
}>>>;
|
|
50
|
+
scope: z.ZodPipe<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>, z.ZodString>;
|
|
29
51
|
}, z.z.core.$strict>>>;
|
|
30
52
|
//# sourceMappingURL=client.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/lib/config/client.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/lib/config/client.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AA+DpB;;;GAGG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;oBAkH4B,CAAC;AAE5D,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAE9D,eAAO,MAAM,sBAAsB,EAAE,YAAY,EAAO,CAAC;AAEzD,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;sBA+BiC,CAAC"}
|
|
@@ -3,6 +3,45 @@ import { isSecureRedirectUri } from './url-policy.js';
|
|
|
3
3
|
const RedirectUriSchema = z.string().refine(isSecureRedirectUri, {
|
|
4
4
|
message: 'Redirect URI must use HTTPS or local HTTP and must not contain fragments or wildcards.',
|
|
5
5
|
});
|
|
6
|
+
const WebOriginSchema = z.string().refine((value) => {
|
|
7
|
+
try {
|
|
8
|
+
const url = new URL(value);
|
|
9
|
+
return url.origin === value && isSecureRedirectUri(value);
|
|
10
|
+
}
|
|
11
|
+
catch {
|
|
12
|
+
return false;
|
|
13
|
+
}
|
|
14
|
+
}, {
|
|
15
|
+
message: 'Web origin must be an exact URL origin such as https://app.example or http://localhost:3000, with no path, query, fragment, or trailing slash.',
|
|
16
|
+
});
|
|
17
|
+
const OAuthResponseTypeSchema = z.string().pipe(z.enum(['code', 'id_token']));
|
|
18
|
+
const OAuthGrantTypeSchema = z
|
|
19
|
+
.string()
|
|
20
|
+
.pipe(z.enum([
|
|
21
|
+
'authorization_code',
|
|
22
|
+
'implicit',
|
|
23
|
+
'refresh_token',
|
|
24
|
+
'client_credentials',
|
|
25
|
+
'urn:ietf:params:oauth:grant-type:device_code',
|
|
26
|
+
]));
|
|
27
|
+
function normalizeScopeList(scope) {
|
|
28
|
+
const trimmed = scope.trim();
|
|
29
|
+
if (/[\t\n\r\f\v]/.test(trimmed)) {
|
|
30
|
+
return scope;
|
|
31
|
+
}
|
|
32
|
+
return trimmed.split(/ +/).join(' ');
|
|
33
|
+
}
|
|
34
|
+
const ScopeSchema = z
|
|
35
|
+
.string()
|
|
36
|
+
.transform(normalizeScopeList)
|
|
37
|
+
.pipe(z
|
|
38
|
+
.string()
|
|
39
|
+
.min(1)
|
|
40
|
+
.refine((scope) => scope
|
|
41
|
+
.split(' ')
|
|
42
|
+
.every((token) => /^[\x21\x23-\x5B\x5D-\x7E]+$/.test(token)), {
|
|
43
|
+
message: 'Scope must be a space-separated list of valid OAuth scope-token values.',
|
|
44
|
+
}));
|
|
6
45
|
/**
|
|
7
46
|
* OAuth/OIDC client configuration.
|
|
8
47
|
* Defines applications that can authenticate through TinyAuth.
|
|
@@ -16,6 +55,7 @@ export const ClientConfigSchema = z
|
|
|
16
55
|
.describe('Internal identifier for the client.'),
|
|
17
56
|
name: z
|
|
18
57
|
.string()
|
|
58
|
+
.min(1)
|
|
19
59
|
.describe('Human-readable name for the client application.'),
|
|
20
60
|
logo_uri: z
|
|
21
61
|
.string()
|
|
@@ -23,29 +63,115 @@ export const ClientConfigSchema = z
|
|
|
23
63
|
.describe('URL to the client application logo.'),
|
|
24
64
|
client_id: z
|
|
25
65
|
.string()
|
|
66
|
+
.min(1)
|
|
26
67
|
.describe('OAuth client_id used in authorization requests.'),
|
|
27
68
|
client_secret: z
|
|
28
69
|
.string()
|
|
70
|
+
.min(16)
|
|
29
71
|
.optional()
|
|
30
72
|
.describe('OAuth client_secret for confidential clients. Omit for public clients.'),
|
|
31
73
|
redirect_uris: z
|
|
32
74
|
.array(RedirectUriSchema)
|
|
75
|
+
.nonempty()
|
|
33
76
|
.describe('Allowed redirect URIs after authorization.'),
|
|
77
|
+
post_logout_redirect_uris: z
|
|
78
|
+
.array(RedirectUriSchema)
|
|
79
|
+
.default([])
|
|
80
|
+
.describe('Allowed redirect URIs after RP-initiated logout.'),
|
|
81
|
+
web_origins: z
|
|
82
|
+
.array(WebOriginSchema)
|
|
83
|
+
.default([])
|
|
84
|
+
.describe('Allowed browser origins for OAuth CORS requests.'),
|
|
34
85
|
response_types: z
|
|
35
|
-
.array(
|
|
36
|
-
.
|
|
86
|
+
.array(OAuthResponseTypeSchema)
|
|
87
|
+
.nonempty()
|
|
88
|
+
.describe('Allowed OAuth response types (e.g., "code" or "id_token").'),
|
|
37
89
|
grant_types: z
|
|
38
|
-
.array(
|
|
39
|
-
.
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
.describe('Space-separated list of allowed scopes for this client.'),
|
|
90
|
+
.array(OAuthGrantTypeSchema)
|
|
91
|
+
.nonempty()
|
|
92
|
+
.describe('Allowed OAuth grant types (e.g., "authorization_code", "implicit", "refresh_token").'),
|
|
93
|
+
scope: ScopeSchema.describe('Space-separated list of allowed OAuth scope-token values for this client.'),
|
|
43
94
|
})
|
|
44
95
|
.strict()
|
|
96
|
+
.superRefine((client, ctx) => {
|
|
97
|
+
const responseTypes = new Set(client.response_types);
|
|
98
|
+
const grantTypes = new Set(client.grant_types);
|
|
99
|
+
if (responseTypes.has('code') && !grantTypes.has('authorization_code')) {
|
|
100
|
+
ctx.addIssue({
|
|
101
|
+
code: 'custom',
|
|
102
|
+
path: ['grant_types'],
|
|
103
|
+
message: 'Clients that support response_type "code" must allow grant_type "authorization_code".',
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
if (grantTypes.has('authorization_code') && !responseTypes.has('code')) {
|
|
107
|
+
ctx.addIssue({
|
|
108
|
+
code: 'custom',
|
|
109
|
+
path: ['response_types'],
|
|
110
|
+
message: 'Clients that allow grant_type "authorization_code" must support response_type "code".',
|
|
111
|
+
});
|
|
112
|
+
}
|
|
113
|
+
if (responseTypes.has('id_token') && !grantTypes.has('implicit')) {
|
|
114
|
+
ctx.addIssue({
|
|
115
|
+
code: 'custom',
|
|
116
|
+
path: ['grant_types'],
|
|
117
|
+
message: 'Clients that support response_type "id_token" must allow grant_type "implicit".',
|
|
118
|
+
});
|
|
119
|
+
}
|
|
120
|
+
if (grantTypes.has('implicit') && !responseTypes.has('id_token')) {
|
|
121
|
+
ctx.addIssue({
|
|
122
|
+
code: 'custom',
|
|
123
|
+
path: ['response_types'],
|
|
124
|
+
message: 'Clients that allow grant_type "implicit" must support response_type "id_token".',
|
|
125
|
+
});
|
|
126
|
+
}
|
|
127
|
+
if (grantTypes.has('refresh_token') &&
|
|
128
|
+
!grantTypes.has('authorization_code')) {
|
|
129
|
+
ctx.addIssue({
|
|
130
|
+
code: 'custom',
|
|
131
|
+
path: ['grant_types'],
|
|
132
|
+
message: 'Clients that allow grant_type "refresh_token" must also allow "authorization_code".',
|
|
133
|
+
});
|
|
134
|
+
}
|
|
135
|
+
if (grantTypes.has('client_credentials') && !client.client_secret) {
|
|
136
|
+
ctx.addIssue({
|
|
137
|
+
code: 'custom',
|
|
138
|
+
path: ['client_secret'],
|
|
139
|
+
message: 'Clients that allow grant_type "client_credentials" must be confidential and define client_secret.',
|
|
140
|
+
});
|
|
141
|
+
}
|
|
142
|
+
})
|
|
45
143
|
.describe('OAuth/OIDC client application configuration.');
|
|
46
144
|
export const CLIENT_CONFIGS_DEFAULT = [];
|
|
47
145
|
export const ClientConfigsSchema = z
|
|
48
146
|
.array(ClientConfigSchema)
|
|
147
|
+
.superRefine((clients, ctx) => {
|
|
148
|
+
const seenIds = new Map();
|
|
149
|
+
const seenClientIds = new Map();
|
|
150
|
+
clients.forEach((client, index) => {
|
|
151
|
+
const firstIdIndex = seenIds.get(client.id);
|
|
152
|
+
if (firstIdIndex !== undefined) {
|
|
153
|
+
ctx.addIssue({
|
|
154
|
+
code: 'custom',
|
|
155
|
+
path: [index, 'id'],
|
|
156
|
+
message: `OAuth client id must be unique. Duplicate value also appears at clients.${firstIdIndex}.id.`,
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
else {
|
|
160
|
+
seenIds.set(client.id, index);
|
|
161
|
+
}
|
|
162
|
+
const firstClientIdIndex = seenClientIds.get(client.client_id);
|
|
163
|
+
if (firstClientIdIndex !== undefined) {
|
|
164
|
+
ctx.addIssue({
|
|
165
|
+
code: 'custom',
|
|
166
|
+
path: [index, 'client_id'],
|
|
167
|
+
message: `OAuth client client_id must be unique. Duplicate value also appears at clients.${firstClientIdIndex}.client_id.`,
|
|
168
|
+
});
|
|
169
|
+
}
|
|
170
|
+
else {
|
|
171
|
+
seenClientIds.set(client.client_id, index);
|
|
172
|
+
}
|
|
173
|
+
});
|
|
174
|
+
})
|
|
49
175
|
.default(CLIENT_CONFIGS_DEFAULT)
|
|
50
176
|
.describe('List of registered OAuth/OIDC client applications.');
|
|
51
177
|
//# sourceMappingURL=client.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/lib/config/client.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAEtD,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,mBAAmB,EAAE;IAC/D,OAAO,EACL,wFAAwF;CAC3F,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC;KAChC,MAAM,CAAC;IACN,EAAE,EAAE,CAAC;SACF,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,GAAG,CAAC;SACR,QAAQ,CAAC,qCAAqC,CAAC;IAClD,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,QAAQ,CAAC,iDAAiD,CAAC;IAC9D,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,qCAAqC,CAAC;IAClD,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,CAAC,iDAAiD,CAAC;IAC9D,aAAa,EAAE,CAAC;SACb,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CACP,wEAAwE,CACzE;IACH,aAAa,EAAE,CAAC;SACb,KAAK,CAAC,iBAAiB,CAAC;SACxB,QAAQ,CAAC,4CAA4C,CAAC;IACzD,
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/lib/config/client.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAEtD,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,mBAAmB,EAAE;IAC/D,OAAO,EACL,wFAAwF;CAC3F,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CACvC,CAAC,KAAK,EAAE,EAAE;IACR,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,EACD;IACE,OAAO,EACL,gJAAgJ;CACnJ,CACF,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;AAC9E,MAAM,oBAAoB,GAAG,CAAC;KAC3B,MAAM,EAAE;KACR,IAAI,CACH,CAAC,CAAC,IAAI,CAAC;IACL,oBAAoB;IACpB,UAAU;IACV,eAAe;IACf,oBAAoB;IACpB,8CAA8C;CAC/C,CAAC,CACH,CAAC;AAEJ,SAAS,kBAAkB,CAAC,KAAa;IACvC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,WAAW,GAAG,CAAC;KAClB,MAAM,EAAE;KACR,SAAS,CAAC,kBAAkB,CAAC;KAC7B,IAAI,CACH,CAAC;KACE,MAAM,EAAE;KACR,GAAG,CAAC,CAAC,CAAC;KACN,MAAM,CACL,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;KACF,KAAK,CAAC,GAAG,CAAC;KACV,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,6BAA6B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAChE;IACE,OAAO,EACL,yEAAyE;CAC5E,CACF,CACJ,CAAC;AAEJ;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC;KAChC,MAAM,CAAC;IACN,EAAE,EAAE,CAAC;SACF,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,GAAG,CAAC;SACR,QAAQ,CAAC,qCAAqC,CAAC;IAClD,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CAAC,iDAAiD,CAAC;IAC9D,QAAQ,EAAE,CAAC;SACR,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,qCAAqC,CAAC;IAClD,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CAAC,iDAAiD,CAAC;IAC9D,aAAa,EAAE,CAAC;SACb,MAAM,EAAE;SACR,GAAG,CAAC,EAAE,CAAC;SACP,QAAQ,EAAE;SACV,QAAQ,CACP,wEAAwE,CACzE;IACH,aAAa,EAAE,CAAC;SACb,KAAK,CAAC,iBAAiB,CAAC;SACxB,QAAQ,EAAE;SACV,QAAQ,CAAC,4CAA4C,CAAC;IACzD,yBAAyB,EAAE,CAAC;SACzB,KAAK,CAAC,iBAAiB,CAAC;SACxB,OAAO,CAAC,EAAE,CAAC;SACX,QAAQ,CAAC,kDAAkD,CAAC;IAC/D,WAAW,EAAE,CAAC;SACX,KAAK,CAAC,eAAe,CAAC;SACtB,OAAO,CAAC,EAAE,CAAC;SACX,QAAQ,CAAC,kDAAkD,CAAC;IAC/D,cAAc,EAAE,CAAC;SACd,KAAK,CAAC,uBAAuB,CAAC;SAC9B,QAAQ,EAAE;SACV,QAAQ,CAAC,4DAA4D,CAAC;IACzE,WAAW,EAAE,CAAC;SACX,KAAK,CAAC,oBAAoB,CAAC;SAC3B,QAAQ,EAAE;SACV,QAAQ,CACP,sFAAsF,CACvF;IACH,KAAK,EAAE,WAAW,CAAC,QAAQ,CACzB,2EAA2E,CAC5E;CACF,CAAC;KACD,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAC3B,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAE/C,IAAI,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACvE,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,aAAa,CAAC;YACrB,OAAO,EACL,uFAAuF;SAC1F,CAAC,CAAC;IACL,CAAC;IAED,IAAI,UAAU,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACvE,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,gBAAgB,CAAC;YACxB,OAAO,EACL,uFAAuF;SAC1F,CAAC,CAAC;IACL,CAAC;IAED,IAAI,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,aAAa,CAAC;YACrB,OAAO,EACL,iFAAiF;SACpF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,gBAAgB,CAAC;YACxB,OAAO,EACL,iFAAiF;SACpF,CAAC,CAAC;IACL,CAAC;IAED,IACE,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC;QAC/B,CAAC,UAAU,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACrC,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,aAAa,CAAC;YACrB,OAAO,EACL,qFAAqF;SACxF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,UAAU,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAClE,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,eAAe,CAAC;YACvB,OAAO,EACL,mGAAmG;SACtG,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC;KACD,QAAQ,CAAC,8CAA8C,CAAC,CAAC;AAI5D,MAAM,CAAC,MAAM,sBAAsB,GAAmB,EAAE,CAAC;AAEzD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,KAAK,CAAC,kBAAkB,CAAC;KACzB,WAAW,CAAC,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE;IAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEhD,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE;QAChC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5C,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;gBACnB,OAAO,EAAE,2EAA2E,YAAY,MAAM;aACvG,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,kBAAkB,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/D,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;YACrC,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,KAAK,EAAE,WAAW,CAAC;gBAC1B,OAAO,EAAE,kFAAkF,kBAAkB,aAAa;aAC3H,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;KACD,OAAO,CAAC,sBAAsB,CAAC;KAC/B,QAAQ,CAAC,oDAAoD,CAAC,CAAC"}
|
|
@@ -221,9 +221,20 @@ export declare const TinyAuthRuntimeConfigSchema: z.ZodObject<{
|
|
|
221
221
|
client_id: z.ZodString;
|
|
222
222
|
client_secret: z.ZodOptional<z.ZodString>;
|
|
223
223
|
redirect_uris: z.ZodArray<z.ZodString>;
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
224
|
+
post_logout_redirect_uris: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
225
|
+
web_origins: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
226
|
+
response_types: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
227
|
+
code: "code";
|
|
228
|
+
id_token: "id_token";
|
|
229
|
+
}>>>;
|
|
230
|
+
grant_types: z.ZodArray<z.ZodPipe<z.ZodString, z.ZodEnum<{
|
|
231
|
+
refresh_token: "refresh_token";
|
|
232
|
+
implicit: "implicit";
|
|
233
|
+
authorization_code: "authorization_code";
|
|
234
|
+
client_credentials: "client_credentials";
|
|
235
|
+
"urn:ietf:params:oauth:grant-type:device_code": "urn:ietf:params:oauth:grant-type:device_code";
|
|
236
|
+
}>>>;
|
|
237
|
+
scope: z.ZodPipe<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>, z.ZodString>;
|
|
227
238
|
}, z.z.core.$strict>>>;
|
|
228
239
|
users: z.ZodDefault<z.ZodArray<z.ZodObject<{
|
|
229
240
|
sub: z.ZodString;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolved.d.ts","sourceRoot":"","sources":["../../../src/lib/config/resolved.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAqBpB,eAAO,MAAM,2BAA2B
|
|
1
|
+
{"version":3,"file":"resolved.d.ts","sourceRoot":"","sources":["../../../src/lib/config/resolved.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAqBpB,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAyCM,CAAC;AAE/C,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAC9C,OAAO,2BAA2B,CACnC,CAAC;AACF,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAC1C,OAAO,2BAA2B,CACnC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/lib/config/security.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAIpB,eAAO,MAAM,uBAAuB;;CAEnC,CAAC;AAEF,eAAO,MAAM,oBAAoB;;;;
|
|
1
|
+
{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/lib/config/security.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAIpB,eAAO,MAAM,uBAAuB;;CAEnC,CAAC;AAEF,eAAO,MAAM,oBAAoB;;;;oBA4D4C,CAAC;AAE9E,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC"}
|
|
@@ -8,8 +8,31 @@ export const SecurityConfigSchema = z
|
|
|
8
8
|
.object({
|
|
9
9
|
session_secret: z
|
|
10
10
|
.string()
|
|
11
|
-
.min(
|
|
12
|
-
.describe('
|
|
11
|
+
.min(1)
|
|
12
|
+
.describe('Hex-encoded secret key for encrypting session cookies (AES-GCM). Must decode to 16, 24, or 32 bytes (32, 48, or 64 hex characters) for AES-128/192/256.')
|
|
13
|
+
.superRefine((value, ctx) => {
|
|
14
|
+
if (!/^[0-9a-fA-F]+$/.test(value)) {
|
|
15
|
+
ctx.addIssue({
|
|
16
|
+
code: 'custom',
|
|
17
|
+
message: 'session_secret must be a valid hex string (only 0-9, a-f, A-F characters)',
|
|
18
|
+
});
|
|
19
|
+
return;
|
|
20
|
+
}
|
|
21
|
+
if (value.length % 2 !== 0) {
|
|
22
|
+
ctx.addIssue({
|
|
23
|
+
code: 'custom',
|
|
24
|
+
message: 'session_secret must have an even number of hex characters',
|
|
25
|
+
});
|
|
26
|
+
return;
|
|
27
|
+
}
|
|
28
|
+
const byteLength = value.length / 2;
|
|
29
|
+
if (![16, 24, 32].includes(byteLength)) {
|
|
30
|
+
ctx.addIssue({
|
|
31
|
+
code: 'custom',
|
|
32
|
+
message: `session_secret must decode to 16, 24, or 32 bytes for AES-128/192/256, got ${byteLength} bytes (${value.length} hex characters)`,
|
|
33
|
+
});
|
|
34
|
+
}
|
|
35
|
+
}),
|
|
13
36
|
hash_secret: z
|
|
14
37
|
.string()
|
|
15
38
|
.min(1)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.js","sourceRoot":"","sources":["../../../src/lib/config/security.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,EAAE,EAAE,MAAM,2BAA2B,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,iBAAiB,EAAE,MAAM;CAC1B,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC;KAClC,MAAM,CAAC;IACN,cAAc,EAAE,CAAC;SACd,MAAM,EAAE;SACR,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"security.js","sourceRoot":"","sources":["../../../src/lib/config/security.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,EAAE,EAAE,MAAM,2BAA2B,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,iBAAiB,EAAE,MAAM;CAC1B,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC;KAClC,MAAM,CAAC;IACN,cAAc,EAAE,CAAC;SACd,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CACP,yJAAyJ,CAC1J;SACA,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,OAAO,EACL,2EAA2E;aAC9E,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,OAAO,EACL,2DAA2D;aAC9D,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,8EAA8E,UAAU,WAAW,KAAK,CAAC,MAAM,kBAAkB;aAC3I,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IACJ,WAAW,EAAE,CAAC;SACX,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,CAAC,yDAAyD,CAAC;SACnE,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YACrC,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC1B,GAAG,CAAC,QAAQ,CAAC;oBACX,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,wDAAwD;iBAClE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,sDAAsD;aAChE,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IACJ,iBAAiB,EAAE,CAAC;SACjB,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;SAC/B,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;SAClD,OAAO,CAAC,uBAAuB,CAAC,iBAAiB,CAAC;SAClD,QAAQ,CAAC,mDAAmD,CAAC;CACjE,CAAC;KACD,MAAM,EAAE;KACR,QAAQ,CAAC,gEAAgE,CAAC,CAAC"}
|
package/dist/lib/crypto.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAqChD,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA8B3E;AAED,wBAAsB,OAAO,CAC3B,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA6BxB;AAMD;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,UAAU,EAChB,KAAK,EAAE,UAAU,GAChB,OAAO,CAkBT;AAqCD;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,EACZ,iBAAiB,EAAE,MAAM,GAEvB;IACE,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;CACpB,GACD,SAAS,CAqCZ;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;CACpB,GAAG,MAAM,CAQT;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,UAAU,CAAC;CACpB,GAAG,MAAM,CAMT;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAE1D;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,UAAU,EACxB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CAqBrB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,UAAU,EAChB,UAAU,EAAE,MAAM,EAClB,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,UAAU,CAAC,CAqBrB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,UAAU,CAAC,CAmBrB"}
|
package/dist/lib/crypto.js
CHANGED
|
@@ -6,9 +6,19 @@ const AUTH_TAG_LENGTH = 16;
|
|
|
6
6
|
/**
|
|
7
7
|
* Import a hex-encoded key for AES-GCM operations
|
|
8
8
|
* using the Web Crypto API.
|
|
9
|
+
*
|
|
10
|
+
* @throws {Error} if the key is not valid hex or decodes to an
|
|
11
|
+
* unsupported AES key length (must be 16, 24, or 32 bytes).
|
|
9
12
|
*/
|
|
10
13
|
async function importAesKey(keyHex, usage) {
|
|
11
|
-
|
|
14
|
+
if (!/^[0-9a-fA-F]*$/.test(keyHex) || keyHex.length % 2 !== 0) {
|
|
15
|
+
throw new Error('session_secret must be a valid hex string with an even number of characters');
|
|
16
|
+
}
|
|
17
|
+
const keyBytes = hexToBytes(keyHex);
|
|
18
|
+
if (![16, 24, 32].includes(keyBytes.byteLength)) {
|
|
19
|
+
throw new Error(`session_secret must decode to 16, 24, or 32 bytes for AES-128/192/256, got ${keyBytes.byteLength} bytes (${keyHex.length} hex characters)`);
|
|
20
|
+
}
|
|
21
|
+
return crypto.subtle.importKey('raw', toArrayBuffer(keyBytes), { name: ALGORITHM }, false, [usage]);
|
|
12
22
|
}
|
|
13
23
|
export async function encrypt(data, keyHex) {
|
|
14
24
|
const key = await importAesKey(keyHex, 'encrypt');
|
package/dist/lib/crypto.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,WAAW,EACX,aAAa,EACb,cAAc,EACd,UAAU,EACV,aAAa,EACb,aAAa,EACb,WAAW,GACZ,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhD,MAAM,SAAS,GAAG,SAAS,CAAC;AAC5B,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,eAAe,GAAG,EAAE,CAAC;AAE3B
|
|
1
|
+
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,WAAW,EACX,aAAa,EACb,cAAc,EACd,UAAU,EACV,aAAa,EACb,aAAa,EACb,WAAW,GACZ,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhD,MAAM,SAAS,GAAG,SAAS,CAAC;AAC5B,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,eAAe,GAAG,EAAE,CAAC;AAE3B;;;;;;GAMG;AACH,KAAK,UAAU,YAAY,CACzB,MAAc,EACd,KAA4B;IAE5B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CACb,6EAA6E,CAC9E,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACpC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CACb,8EAA8E,QAAQ,CAAC,UAAU,WAAW,MAAM,CAAC,MAAM,kBAAkB,CAC5I,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL,aAAa,CAAC,QAAQ,CAAC,EACvB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,KAAK,CAAC,CACR,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAY,EAAE,MAAc;IACxD,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAClD,MAAM,EAAE,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAEtC,4DAA4D;IAC5D,MAAM,aAAa,GAAG,IAAI,UAAU,CAClC,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACzB;QACE,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC;QACrB,SAAS,EAAE,eAAe,GAAG,CAAC;KAC/B,EACD,GAAG,EACH,aAAa,CAAC,SAAS,CAAC,CACzB,CACF,CAAC;IAEF,mEAAmE;IACnE,sCAAsC;IACtC,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CACnC,CAAC,EACD,aAAa,CAAC,UAAU,GAAG,eAAe,CAC3C,CAAC;IACF,MAAM,OAAO,GAAG,aAAa,CAAC,KAAK,CACjC,aAAa,CAAC,UAAU,GAAG,eAAe,CAC3C,CAAC;IAEF,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IACrD,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,OAAe,EACf,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,QAAQ,CAAC,UAAU,GAAG,SAAS,GAAG,eAAe,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,EAAE,SAAS,GAAG,eAAe,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,GAAG,eAAe,CAAC,CAAC;QAE9D,uDAAuD;QACvD,MAAM,aAAa,GAAG,WAAW,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAEtD,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACzB;YACE,IAAI,EAAE,SAAS;YACf,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC;YACrB,SAAS,EAAE,eAAe,GAAG,CAAC;SAC/B,EACD,GAAG,EACH,aAAa,CAAC,aAAa,CAAC,CAC7B,CACF,CAAC;QACF,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB,CAClC,IAAgB,EAChB,KAAiB;IAEjB,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAE/B,IAAI,QAAQ,KAAK,SAAS,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YACtD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,IAAI,QAAQ,GAAG,SAAS,CAAC;IAC/B,CAAC;IAED,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AAED,8EAA8E;AAC9E,iCAAiC;AACjC,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,OAAe,EAAE,GAAW;IACvD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IACpD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QAC3C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,OAAe,EAAE,GAAW;IACtD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,IAAY,EACZ,iBAAyB;IASzB,MAAM,CACJ,SAAS,GAAG,EAAE,EACd,OAAO,GAAG,EAAE,EACZ,UAAU,GAAG,EAAE,EACf,IAAI,GAAG,EAAE,EACT,MAAM,GAAG,EAAE,EACZ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEpB,IAAI,SAAS,KAAK,iBAAiB,EAAE,CAAC;QACpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,aAAa,GAAG,mBAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACjD,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAErD,IACE,aAAa,KAAK,SAAS;QAC3B,gBAAgB,KAAK,SAAS;QAC9B,UAAU,KAAK,SAAS;QACxB,YAAY,KAAK,SAAS,EAC1B,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC;QACH,OAAO;YACL,OAAO,EAAE,aAAa;YACtB,UAAU,EAAE,gBAAgB;YAC5B,IAAI,EAAE,aAAa,CAAC,UAAU,CAAC;YAC/B,MAAM,EAAE,aAAa,CAAC,YAAY,CAAC;SACpC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAMhC;IACC,OAAO;QACL,MAAM,CAAC,SAAS;QAChB,KAAK,MAAM,CAAC,OAAO,EAAE;QACrB,KAAK,MAAM,CAAC,UAAU,EAAE;QACxB,KAAK,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;QAC/B,KAAK,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;KAClC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAIhC;IACC,OAAO;QACL,MAAM,CAAC,SAAS;QAChB,KAAK,MAAM,CAAC,OAAO,EAAE;QACrB,KAAK,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;KAClC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,OAAO,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,MAAc,EACd,YAAwB,EACxB,QAAgB,EAChB,QAAgB,EAChB,eAAuB;IAEvB,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,aAAa,CAAC,YAAY,CAAC,EAC3B,MAAM,EACN,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAC;IAEF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CACzC;QACE,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;KAC7C,EACD,OAAO,EACP,eAAe,GAAG,CAAC,CACpB,CAAC;IAEF,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAc,EACd,UAAsB,EACtB,MAAc,EACd,IAAgB,EAChB,UAAkB,EAClB,eAAuB;IAEvB,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/C,KAAK,EACL,aAAa,CAAC,WAAW,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,UAAU,CAAC,CAAC,EAC/D,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAC;IAEF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAC5C;QACE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,SAAS;QACf,UAAU;QACV,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC;KAC1B,EACD,WAAW,EACX,eAAe,GAAG,CAAC,CACpB,CAAC;IAEF,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,MAAc,EACd,UAAsB,EACtB,KAAa;IAEb,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,EACzB;QACE,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,SAAS;KAChB,EACD,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;IAEF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACxC,MAAM,EACN,OAAO,EACP,aAAa,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CACtC,CAAC;IAEF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;AACnC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entities.d.ts","sourceRoot":"","sources":["../../../src/lib/database/entities.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"entities.d.ts","sourceRoot":"","sources":["../../../src/lib/database/entities.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAsBlD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AA2BD,wBAAgB,mBAAmB,IAAI,SAAS,UAAU,EAAE,CAE3D;AAED,wBAAgB,+BAA+B,IAAI,SAAS,qBAAqB,EAAE,CAElF"}
|
|
@@ -4,6 +4,7 @@ import { EmailVerificationEntitySchema } from "../../entities/email-verification
|
|
|
4
4
|
import { JwtKeyEntitySchema } from "../../entities/jwt-key.entity.js";
|
|
5
5
|
import { OAuthClientEntitySchema } from "../../entities/oauth-client.entity.js";
|
|
6
6
|
import { OAuthCodeEntitySchema } from "../../entities/oauth-code.entity.js";
|
|
7
|
+
import { OAuthDeviceCodeEntitySchema } from "../../entities/oauth-device-code.entity.js";
|
|
7
8
|
import { PasswordResetEntitySchema } from "../../entities/password-reset.entity.js";
|
|
8
9
|
import { PendingOAuthRegistrationEntitySchema } from "../../entities/pending-oauth-registration.entity.js";
|
|
9
10
|
import { RevokedTokenEntitySchema } from "../../entities/revoked-token.entity.js";
|
|
@@ -22,6 +23,7 @@ function createDatabaseEntities() {
|
|
|
22
23
|
UserEntitySchema,
|
|
23
24
|
OAuthClientEntitySchema,
|
|
24
25
|
OAuthCodeEntitySchema,
|
|
26
|
+
OAuthDeviceCodeEntitySchema,
|
|
25
27
|
JwtKeyEntitySchema,
|
|
26
28
|
EmailVerificationEntitySchema,
|
|
27
29
|
PasswordResetEntitySchema,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entities.js","sourceRoot":"","sources":["../../../src/lib/database/entities.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AACpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,OAAO,EAAE,6BAA6B,EAAE,MAAM,6CAA6C,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AACpF,OAAO,EAAE,oCAAoC,EAAE,MAAM,qDAAqD,CAAC;AAC3G,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,4BAA4B,EAAE,MAAM,6CAA6C,CAAC;AAC3F,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,gCAAgC,EAAE,MAAM,kDAAkD,CAAC;AASpG,SAAS,sBAAsB;IAC7B,OAAO;QACL,gBAAgB;QAChB,uBAAuB;QACvB,qBAAqB;QACrB,kBAAkB;QAClB,6BAA6B;QAC7B,yBAAyB;QACzB,oCAAoC;QACpC,wBAAwB;QACxB,yBAAyB;QACzB,wBAAwB;QACxB,iBAAiB;QACjB,wBAAwB;QACxB,uBAAuB;QACvB,qBAAqB;QACrB,uBAAuB;QACvB,4BAA4B;QAC5B,gCAAgC;QAChC,oBAAoB;QACpB,0BAA0B;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,sBAAsB,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,+BAA+B;IAC7C,OAAO,sBAAsB,EAAE,CAAC;AAClC,CAAC"}
|
|
1
|
+
{"version":3,"file":"entities.js","sourceRoot":"","sources":["../../../src/lib/database/entities.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AACpF,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,OAAO,EAAE,6BAA6B,EAAE,MAAM,6CAA6C,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,2BAA2B,EAAE,MAAM,4CAA4C,CAAC;AACzF,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AACpF,OAAO,EAAE,oCAAoC,EAAE,MAAM,qDAAqD,CAAC;AAC3G,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,4BAA4B,EAAE,MAAM,6CAA6C,CAAC;AAC3F,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,gCAAgC,EAAE,MAAM,kDAAkD,CAAC;AASpG,SAAS,sBAAsB;IAC7B,OAAO;QACL,gBAAgB;QAChB,uBAAuB;QACvB,qBAAqB;QACrB,2BAA2B;QAC3B,kBAAkB;QAClB,6BAA6B;QAC7B,yBAAyB;QACzB,oCAAoC;QACpC,wBAAwB;QACxB,yBAAyB;QACzB,wBAAwB;QACxB,iBAAiB;QACjB,wBAAwB;QACxB,uBAAuB;QACvB,qBAAqB;QACrB,uBAAuB;QACvB,4BAA4B;QAC5B,gCAAgC;QAChC,oBAAoB;QACpB,0BAA0B;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,sBAAsB,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,+BAA+B;IAC7C,OAAO,sBAAsB,EAAE,CAAC;AAClC,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Minimal HTML-escape for content placed inside attribute values and text nodes.
|
|
3
|
+
* Does not cover every HTML context but is sufficient for form-post and
|
|
4
|
+
* device-verification replies where only simple attribute values appear.
|
|
5
|
+
*/
|
|
6
|
+
export declare function escapeHtml(value: string): string;
|
|
7
|
+
//# sourceMappingURL=escape-html.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"escape-html.d.ts","sourceRoot":"","sources":["../../src/lib/escape-html.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAOhD"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Minimal HTML-escape for content placed inside attribute values and text nodes.
|
|
3
|
+
* Does not cover every HTML context but is sufficient for form-post and
|
|
4
|
+
* device-verification replies where only simple attribute values appear.
|
|
5
|
+
*/
|
|
6
|
+
export function escapeHtml(value) {
|
|
7
|
+
return value
|
|
8
|
+
.replaceAll('&', '&')
|
|
9
|
+
.replaceAll('"', '"')
|
|
10
|
+
.replaceAll("'", ''')
|
|
11
|
+
.replaceAll('<', '<')
|
|
12
|
+
.replaceAll('>', '>');
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=escape-html.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"escape-html.js","sourceRoot":"","sources":["../../src/lib/escape-html.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa;IACtC,OAAO,KAAK;SACT,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC;SACxB,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC;SACzB,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC;SACxB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC;SACvB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AAC7B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"Migration20260619075007.d.ts","sourceRoot":"","sources":["../../../src/migrations/postgres/Migration20260619075007.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,qBAAa,uBAAwB,SAAQ,SAAS;IAC3C,EAAE,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAsJ1B,IAAI,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CA0CtC"}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import { Migration } from '@mikro-orm/migrations';
|
|
2
|
+
export class Migration20260619075007 extends Migration {
|
|
3
|
+
up() {
|
|
4
|
+
this.addSql(`create table "oauth_device_code" ("id" uuid not null, "created_at" timestamptz not null, "updated_at" timestamptz not null, "device_code_hash" varchar(255) not null, "user_code_hash" varchar(255) not null, "client_id" varchar(255) not null, "scope" jsonb not null default '[]', "expires_at" timestamptz not null, "authorized_user_sub" varchar(255) null, "authorized_at" timestamptz null, "consumed_at" timestamptz null, primary key ("id"));`);
|
|
5
|
+
this.addSql(`comment on table "oauth_device_code" is 'Issued OAuth device authorization grants';`);
|
|
6
|
+
this.addSql(`comment on column "oauth_device_code"."created_at" is 'Timestamp when the entity was created';`);
|
|
7
|
+
this.addSql(`comment on column "oauth_device_code"."updated_at" is 'Timestamp when the entity was last updated';`);
|
|
8
|
+
this.addSql(`comment on column "oauth_device_code"."device_code_hash" is 'Hash of the issued device_code';`);
|
|
9
|
+
this.addSql(`comment on column "oauth_device_code"."user_code_hash" is 'Hash of the user-facing verification code';`);
|
|
10
|
+
this.addSql(`comment on column "oauth_device_code"."client_id" is 'Reference to the OAuth client that requested the device code';`);
|
|
11
|
+
this.addSql(`comment on column "oauth_device_code"."scope" is 'Scopes requested by the device authorization request';`);
|
|
12
|
+
this.addSql(`comment on column "oauth_device_code"."expires_at" is 'Absolute expiry timestamp for the code';`);
|
|
13
|
+
this.addSql(`comment on column "oauth_device_code"."authorized_user_sub" is 'User that approved the device authorization request';`);
|
|
14
|
+
this.addSql(`comment on column "oauth_device_code"."authorized_at" is 'Timestamp when the user approved the request';`);
|
|
15
|
+
this.addSql(`comment on column "oauth_device_code"."consumed_at" is 'Timestamp when the device code was exchanged';`);
|
|
16
|
+
this.addSql(`alter table "oauth_device_code" add constraint "oauth_device_code_device_code_hash_unique" unique ("device_code_hash");`);
|
|
17
|
+
this.addSql(`alter table "oauth_device_code" add constraint "oauth_device_code_user_code_hash_unique" unique ("user_code_hash");`);
|
|
18
|
+
this.addSql(`create index "oauth_device_code_device_hash_idx" on "oauth_device_code" ("device_code_hash");`);
|
|
19
|
+
this.addSql(`create index "oauth_device_code_user_hash_idx" on "oauth_device_code" ("user_code_hash");`);
|
|
20
|
+
this.addSql(`create index "oauth_device_code_expired_at_idx" on "oauth_device_code" ("expires_at");`);
|
|
21
|
+
this.addSql(`alter table "oauth_device_code" add constraint "oauth_device_code_client_id_foreign" foreign key ("client_id") references "oauth_client" ("id");`);
|
|
22
|
+
this.addSql(`alter table "oauth_device_code" add constraint "oauth_device_code_authorized_user_sub_foreign" foreign key ("authorized_user_sub") references "user" ("sub") on delete set null;`);
|
|
23
|
+
this.addSql(`comment on column "background_jobs"."id" is 'Stable background job execution id';`);
|
|
24
|
+
this.addSql(`comment on column "background_jobs"."created_at" is 'Timestamp when the entity was created';`);
|
|
25
|
+
this.addSql(`comment on column "background_jobs"."updated_at" is 'Timestamp when the entity was last updated';`);
|
|
26
|
+
this.addSql(`comment on column "background_jobs"."job_id" is 'Registered background job identifier';`);
|
|
27
|
+
this.addSql(`comment on column "background_jobs"."payload" is 'Serialized JSON job payload';`);
|
|
28
|
+
this.addSql(`comment on column "background_jobs"."available_at" is 'Earliest time this job can run';`);
|
|
29
|
+
this.addSql(`comment on column "background_jobs"."locked_by" is 'Scheduler instance holding the lease';`);
|
|
30
|
+
this.addSql(`comment on column "background_jobs"."locked_until" is 'Lease expiration timestamp';`);
|
|
31
|
+
this.addSql(`comment on column "background_jobs"."attempt_count" is 'Total run attempts';`);
|
|
32
|
+
this.addSql(`comment on column "background_jobs"."max_attempts" is 'Maximum run attempts';`);
|
|
33
|
+
this.addSql(`comment on column "background_jobs"."last_error" is 'Last failure message';`);
|
|
34
|
+
this.addSql(`comment on column "background_jobs"."completed_at" is 'Completion timestamp';`);
|
|
35
|
+
this.addSql(`alter table "oauth_client" add "post_logout_redirect_uris" jsonb not null default '[]', add "web_origins" jsonb not null default '[]';`);
|
|
36
|
+
this.addSql(`comment on column "scheduled_jobs"."id" is 'Stable scheduler job identifier';`);
|
|
37
|
+
this.addSql(`comment on column "scheduled_jobs"."created_at" is 'Timestamp when the entity was created';`);
|
|
38
|
+
this.addSql(`comment on column "scheduled_jobs"."updated_at" is 'Timestamp when the entity was last updated';`);
|
|
39
|
+
this.addSql(`comment on column "scheduled_jobs"."name" is 'Human-readable scheduler job name';`);
|
|
40
|
+
this.addSql(`comment on column "scheduled_jobs"."enabled" is 'Whether the scheduler job is enabled';`);
|
|
41
|
+
this.addSql(`comment on column "scheduled_jobs"."cron" is 'Cron expression for the job schedule';`);
|
|
42
|
+
this.addSql(`comment on column "scheduled_jobs"."next_run_at" is 'Next scheduled run timestamp';`);
|
|
43
|
+
this.addSql(`comment on column "scheduled_jobs"."last_run_at" is 'Last run start timestamp';`);
|
|
44
|
+
this.addSql(`comment on column "scheduled_jobs"."last_success_at" is 'Last successful completion timestamp';`);
|
|
45
|
+
this.addSql(`comment on column "scheduled_jobs"."last_error_at" is 'Last failed completion timestamp';`);
|
|
46
|
+
this.addSql(`comment on column "scheduled_jobs"."last_error" is 'Last failure message';`);
|
|
47
|
+
this.addSql(`comment on column "scheduled_jobs"."locked_by" is 'Scheduler instance holding the lease';`);
|
|
48
|
+
this.addSql(`comment on column "scheduled_jobs"."locked_until" is 'Lease expiration timestamp';`);
|
|
49
|
+
this.addSql(`comment on column "scheduled_jobs"."run_count" is 'Total run attempts';`);
|
|
50
|
+
this.addSql(`comment on column "scheduled_jobs"."failure_count" is 'Total failed run attempts';`);
|
|
51
|
+
this.addSql(`comment on table "user_oauth" is '';`);
|
|
52
|
+
}
|
|
53
|
+
down() {
|
|
54
|
+
this.addSql(`drop table if exists "oauth_device_code" cascade;`);
|
|
55
|
+
this.addSql(`comment on column "background_jobs"."id" is null;`);
|
|
56
|
+
this.addSql(`comment on column "background_jobs"."created_at" is null;`);
|
|
57
|
+
this.addSql(`comment on column "background_jobs"."updated_at" is null;`);
|
|
58
|
+
this.addSql(`comment on column "background_jobs"."job_id" is null;`);
|
|
59
|
+
this.addSql(`comment on column "background_jobs"."payload" is null;`);
|
|
60
|
+
this.addSql(`comment on column "background_jobs"."available_at" is null;`);
|
|
61
|
+
this.addSql(`comment on column "background_jobs"."locked_by" is null;`);
|
|
62
|
+
this.addSql(`comment on column "background_jobs"."locked_until" is null;`);
|
|
63
|
+
this.addSql(`comment on column "background_jobs"."attempt_count" is null;`);
|
|
64
|
+
this.addSql(`comment on column "background_jobs"."max_attempts" is null;`);
|
|
65
|
+
this.addSql(`comment on column "background_jobs"."last_error" is null;`);
|
|
66
|
+
this.addSql(`comment on column "background_jobs"."completed_at" is null;`);
|
|
67
|
+
this.addSql(`alter table "oauth_client" drop column "post_logout_redirect_uris", drop column "web_origins";`);
|
|
68
|
+
this.addSql(`comment on column "scheduled_jobs"."id" is null;`);
|
|
69
|
+
this.addSql(`comment on column "scheduled_jobs"."created_at" is null;`);
|
|
70
|
+
this.addSql(`comment on column "scheduled_jobs"."updated_at" is null;`);
|
|
71
|
+
this.addSql(`comment on column "scheduled_jobs"."name" is null;`);
|
|
72
|
+
this.addSql(`comment on column "scheduled_jobs"."enabled" is null;`);
|
|
73
|
+
this.addSql(`comment on column "scheduled_jobs"."cron" is null;`);
|
|
74
|
+
this.addSql(`comment on column "scheduled_jobs"."next_run_at" is null;`);
|
|
75
|
+
this.addSql(`comment on column "scheduled_jobs"."last_run_at" is null;`);
|
|
76
|
+
this.addSql(`comment on column "scheduled_jobs"."last_success_at" is null;`);
|
|
77
|
+
this.addSql(`comment on column "scheduled_jobs"."last_error_at" is null;`);
|
|
78
|
+
this.addSql(`comment on column "scheduled_jobs"."last_error" is null;`);
|
|
79
|
+
this.addSql(`comment on column "scheduled_jobs"."locked_by" is null;`);
|
|
80
|
+
this.addSql(`comment on column "scheduled_jobs"."locked_until" is null;`);
|
|
81
|
+
this.addSql(`comment on column "scheduled_jobs"."run_count" is null;`);
|
|
82
|
+
this.addSql(`comment on column "scheduled_jobs"."failure_count" is null;`);
|
|
83
|
+
this.addSql(`comment on table "user_oauth" is 'OAuth accounts linked to users';`);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
//# sourceMappingURL=Migration20260619075007.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"Migration20260619075007.js","sourceRoot":"","sources":["../../../src/migrations/postgres/Migration20260619075007.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,MAAM,OAAO,uBAAwB,SAAQ,SAAS;IAC3C,EAAE;QACT,IAAI,CAAC,MAAM,CACT,0bAA0b,CAC3b,CAAC;QACF,IAAI,CAAC,MAAM,CACT,qFAAqF,CACtF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,gGAAgG,CACjG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,qGAAqG,CACtG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,+FAA+F,CAChG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,wGAAwG,CACzG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,sHAAsH,CACvH,CAAC;QACF,IAAI,CAAC,MAAM,CACT,0GAA0G,CAC3G,CAAC;QACF,IAAI,CAAC,MAAM,CACT,iGAAiG,CAClG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,uHAAuH,CACxH,CAAC;QACF,IAAI,CAAC,MAAM,CACT,0GAA0G,CAC3G,CAAC;QACF,IAAI,CAAC,MAAM,CACT,wGAAwG,CACzG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,yHAAyH,CAC1H,CAAC;QACF,IAAI,CAAC,MAAM,CACT,qHAAqH,CACtH,CAAC;QACF,IAAI,CAAC,MAAM,CACT,+FAA+F,CAChG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,2FAA2F,CAC5F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,wFAAwF,CACzF,CAAC;QAEF,IAAI,CAAC,MAAM,CACT,kJAAkJ,CACnJ,CAAC;QACF,IAAI,CAAC,MAAM,CACT,kLAAkL,CACnL,CAAC;QAEF,IAAI,CAAC,MAAM,CACT,mFAAmF,CACpF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,8FAA8F,CAC/F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,mGAAmG,CACpG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,yFAAyF,CAC1F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,iFAAiF,CAClF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,yFAAyF,CAC1F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,4FAA4F,CAC7F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,qFAAqF,CACtF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,8EAA8E,CAC/E,CAAC;QACF,IAAI,CAAC,MAAM,CACT,+EAA+E,CAChF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,6EAA6E,CAC9E,CAAC;QACF,IAAI,CAAC,MAAM,CACT,+EAA+E,CAChF,CAAC;QAEF,IAAI,CAAC,MAAM,CACT,wIAAwI,CACzI,CAAC;QAEF,IAAI,CAAC,MAAM,CACT,+EAA+E,CAChF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,6FAA6F,CAC9F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,kGAAkG,CACnG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,mFAAmF,CACpF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,yFAAyF,CAC1F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,sFAAsF,CACvF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,qFAAqF,CACtF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,iFAAiF,CAClF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,iGAAiG,CAClG,CAAC;QACF,IAAI,CAAC,MAAM,CACT,2FAA2F,CAC5F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,4EAA4E,CAC7E,CAAC;QACF,IAAI,CAAC,MAAM,CACT,2FAA2F,CAC5F,CAAC;QACF,IAAI,CAAC,MAAM,CACT,oFAAoF,CACrF,CAAC;QACF,IAAI,CAAC,MAAM,CACT,yEAAyE,CAC1E,CAAC;QACF,IAAI,CAAC,MAAM,CACT,oFAAoF,CACrF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,sCAAsC,CAAC,CAAC;IACtD,CAAC;IAEQ,IAAI;QACX,IAAI,CAAC,MAAM,CAAC,mDAAmD,CAAC,CAAC;QAEjE,IAAI,CAAC,MAAM,CAAC,mDAAmD,CAAC,CAAC;QACjE,IAAI,CAAC,MAAM,CAAC,2DAA2D,CAAC,CAAC;QACzE,IAAI,CAAC,MAAM,CAAC,2DAA2D,CAAC,CAAC;QACzE,IAAI,CAAC,MAAM,CAAC,uDAAuD,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM,CAAC,wDAAwD,CAAC,CAAC;QACtE,IAAI,CAAC,MAAM,CAAC,6DAA6D,CAAC,CAAC;QAC3E,IAAI,CAAC,MAAM,CAAC,0DAA0D,CAAC,CAAC;QACxE,IAAI,CAAC,MAAM,CAAC,6DAA6D,CAAC,CAAC;QAC3E,IAAI,CAAC,MAAM,CAAC,8DAA8D,CAAC,CAAC;QAC5E,IAAI,CAAC,MAAM,CAAC,6DAA6D,CAAC,CAAC;QAC3E,IAAI,CAAC,MAAM,CAAC,2DAA2D,CAAC,CAAC;QACzE,IAAI,CAAC,MAAM,CAAC,6DAA6D,CAAC,CAAC;QAE3E,IAAI,CAAC,MAAM,CACT,gGAAgG,CACjG,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,kDAAkD,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,CAAC,0DAA0D,CAAC,CAAC;QACxE,IAAI,CAAC,MAAM,CAAC,0DAA0D,CAAC,CAAC;QACxE,IAAI,CAAC,MAAM,CAAC,oDAAoD,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM,CAAC,uDAAuD,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM,CAAC,oDAAoD,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM,CAAC,2DAA2D,CAAC,CAAC;QACzE,IAAI,CAAC,MAAM,CAAC,2DAA2D,CAAC,CAAC;QACzE,IAAI,CAAC,MAAM,CACT,+DAA+D,CAChE,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,6DAA6D,CAAC,CAAC;QAC3E,IAAI,CAAC,MAAM,CAAC,0DAA0D,CAAC,CAAC;QACxE,IAAI,CAAC,MAAM,CAAC,yDAAyD,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,4DAA4D,CAAC,CAAC;QAC1E,IAAI,CAAC,MAAM,CAAC,yDAAyD,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,6DAA6D,CAAC,CAAC;QAE3E,IAAI,CAAC,MAAM,CACT,oEAAoE,CACrE,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { Migration } from '@mikro-orm/migrations';
|
|
2
|
+
export declare class Migration20260619191600_unique_oauth_client_client_id extends Migration {
|
|
3
|
+
up(): void | Promise<void>;
|
|
4
|
+
down(): void | Promise<void>;
|
|
5
|
+
}
|
|
6
|
+
//# sourceMappingURL=Migration20260619191600_unique_oauth_client_client_id.d.ts.map
|
package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"Migration20260619191600_unique_oauth_client_client_id.d.ts","sourceRoot":"","sources":["../../../src/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,qBAAa,qDAAsD,SAAQ,SAAS;IACzE,EAAE,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAO1B,IAAI,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAMtC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { Migration } from '@mikro-orm/migrations';
|
|
2
|
+
export class Migration20260619191600_unique_oauth_client_client_id extends Migration {
|
|
3
|
+
up() {
|
|
4
|
+
this.addSql(`drop index if exists "client_client_id_unique";`);
|
|
5
|
+
this.addSql(`create unique index "client_client_id_unique" on "oauth_client" ("client_id");`);
|
|
6
|
+
}
|
|
7
|
+
down() {
|
|
8
|
+
this.addSql(`drop index if exists "client_client_id_unique";`);
|
|
9
|
+
this.addSql(`create index "client_client_id_unique" on "oauth_client" ("client_id");`);
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=Migration20260619191600_unique_oauth_client_client_id.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"Migration20260619191600_unique_oauth_client_client_id.js","sourceRoot":"","sources":["../../../src/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,MAAM,OAAO,qDAAsD,SAAQ,SAAS;IACzE,EAAE;QACT,IAAI,CAAC,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAC/D,IAAI,CAAC,MAAM,CACT,gFAAgF,CACjF,CAAC;IACJ,CAAC;IAEQ,IAAI;QACX,IAAI,CAAC,MAAM,CAAC,iDAAiD,CAAC,CAAC;QAC/D,IAAI,CAAC,MAAM,CACT,yEAAyE,CAC1E,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/migrations/postgres/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,sCAAsC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/migrations/postgres/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,sCAAsC,CAAC;AAKvF,eAAO,MAAM,mBAAmB,4CAK/B,CAAC"}
|