@tinyrack/tinyauth-server 0.3.1 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/entities/background-job.entity.d.ts.map +1 -1
- package/dist/entities/background-job.entity.js +15 -3
- package/dist/entities/background-job.entity.js.map +1 -1
- package/dist/entities/oauth-client.entity.d.ts +147 -0
- package/dist/entities/oauth-client.entity.d.ts.map +1 -1
- package/dist/entities/oauth-client.entity.js +10 -0
- package/dist/entities/oauth-client.entity.js.map +1 -1
- package/dist/entities/oauth-code.entity.d.ts +147 -0
- package/dist/entities/oauth-code.entity.d.ts.map +1 -1
- package/dist/entities/oauth-device-code.entity.d.ts +1737 -0
- package/dist/entities/oauth-device-code.entity.d.ts.map +1 -0
- package/dist/entities/oauth-device-code.entity.js +61 -0
- package/dist/entities/oauth-device-code.entity.js.map +1 -0
- package/dist/entities/revoked-token.entity.d.ts +147 -0
- package/dist/entities/revoked-token.entity.d.ts.map +1 -1
- package/dist/entities/scheduler-job.entity.d.ts.map +1 -1
- package/dist/entities/scheduler-job.entity.js +10 -2
- package/dist/entities/scheduler-job.entity.js.map +1 -1
- package/dist/entities/user-consent.entity.d.ts +147 -0
- package/dist/entities/user-consent.entity.d.ts.map +1 -1
- package/dist/entities/user-oauth.entity.d.ts.map +1 -1
- package/dist/entities/user-oauth.entity.js +2 -1
- package/dist/entities/user-oauth.entity.js.map +1 -1
- package/dist/entrypoints/app.d.ts +127 -20
- package/dist/entrypoints/app.d.ts.map +1 -1
- package/dist/entrypoints/app.js +72 -5
- package/dist/entrypoints/app.js.map +1 -1
- package/dist/entrypoints/database/postgres/cli.js +5 -5
- package/dist/entrypoints/database/postgres/cli.js.map +1 -1
- package/dist/entrypoints/database/postgres/compiled-functions.d.ts +146 -94
- package/dist/entrypoints/database/postgres/compiled-functions.d.ts.map +1 -1
- package/dist/entrypoints/database/postgres/compiled-functions.js +881 -122
- package/dist/entrypoints/database/postgres/compiled-functions.js.map +1 -1
- package/dist/entrypoints/database/sqlite/cli.js +2 -2
- package/dist/entrypoints/database/sqlite/cli.js.map +1 -1
- package/dist/entrypoints/database/sqlite/compiled-functions.d.ts +146 -94
- package/dist/entrypoints/database/sqlite/compiled-functions.d.ts.map +1 -1
- package/dist/entrypoints/database/sqlite/compiled-functions.js +881 -122
- package/dist/entrypoints/database/sqlite/compiled-functions.js.map +1 -1
- package/dist/lib/config/client.d.ts +28 -6
- package/dist/lib/config/client.d.ts.map +1 -1
- package/dist/lib/config/client.js +133 -7
- package/dist/lib/config/client.js.map +1 -1
- package/dist/lib/config/resolved.d.ts +14 -3
- package/dist/lib/config/resolved.d.ts.map +1 -1
- package/dist/lib/config/security.d.ts.map +1 -1
- package/dist/lib/config/security.js +25 -2
- package/dist/lib/config/security.js.map +1 -1
- package/dist/lib/crypto.d.ts.map +1 -1
- package/dist/lib/crypto.js +11 -1
- package/dist/lib/crypto.js.map +1 -1
- package/dist/lib/database/entities.d.ts.map +1 -1
- package/dist/lib/database/entities.js +2 -0
- package/dist/lib/database/entities.js.map +1 -1
- package/dist/lib/escape-html.d.ts +7 -0
- package/dist/lib/escape-html.d.ts.map +1 -0
- package/dist/lib/escape-html.js +14 -0
- package/dist/lib/escape-html.js.map +1 -0
- package/dist/migrations/postgres/Migration20260619075007.d.ts +6 -0
- package/dist/migrations/postgres/Migration20260619075007.d.ts.map +1 -0
- package/dist/migrations/postgres/Migration20260619075007.js +86 -0
- package/dist/migrations/postgres/Migration20260619075007.js.map +1 -0
- package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.d.ts +6 -0
- package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.d.ts.map +1 -0
- package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.js +12 -0
- package/dist/migrations/postgres/Migration20260619191600_unique_oauth_client_client_id.js.map +1 -0
- package/dist/migrations/postgres/index.d.ts.map +1 -1
- package/dist/migrations/postgres/index.js +4 -0
- package/dist/migrations/postgres/index.js.map +1 -1
- package/dist/migrations/sqlite/Migration20260619075330.d.ts +6 -0
- package/dist/migrations/sqlite/Migration20260619075330.d.ts.map +1 -0
- package/dist/migrations/sqlite/Migration20260619075330.js +57 -0
- package/dist/migrations/sqlite/Migration20260619075330.js.map +1 -0
- package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.d.ts +6 -0
- package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.d.ts.map +1 -0
- package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.js +12 -0
- package/dist/migrations/sqlite/Migration20260619191600_unique_oauth_client_client_id.js.map +1 -0
- package/dist/migrations/sqlite/index.d.ts.map +1 -1
- package/dist/migrations/sqlite/index.js +4 -0
- package/dist/migrations/sqlite/index.js.map +1 -1
- package/dist/repositories/oauth-device-code.repository.d.ts +20 -0
- package/dist/repositories/oauth-device-code.repository.d.ts.map +1 -0
- package/dist/repositories/oauth-device-code.repository.js +55 -0
- package/dist/repositories/oauth-device-code.repository.js.map +1 -0
- package/dist/routes/.well-known/index.d.ts +29 -3
- package/dist/routes/.well-known/index.d.ts.map +1 -1
- package/dist/routes/.well-known/openid-configuration/get.d.ts +30 -4
- package/dist/routes/.well-known/openid-configuration/get.d.ts.map +1 -1
- package/dist/routes/.well-known/openid-configuration/get.js +5 -2
- package/dist/routes/.well-known/openid-configuration/get.js.map +1 -1
- package/dist/routes/index.d.ts +123 -18
- package/dist/routes/index.d.ts.map +1 -1
- package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts +33 -0
- package/dist/routes/oauth/.well-known/openid-configuration/get.d.ts.map +1 -1
- package/dist/routes/oauth/.well-known/openid-configuration/get.js +78 -40
- package/dist/routes/oauth/.well-known/openid-configuration/get.js.map +1 -1
- package/dist/routes/oauth/authorize/get.d.ts +8 -26
- package/dist/routes/oauth/authorize/get.d.ts.map +1 -1
- package/dist/routes/oauth/authorize/get.js +34 -3
- package/dist/routes/oauth/authorize/get.js.map +1 -1
- package/dist/routes/oauth/cors.d.ts +9 -0
- package/dist/routes/oauth/cors.d.ts.map +1 -0
- package/dist/routes/oauth/cors.js +50 -0
- package/dist/routes/oauth/cors.js.map +1 -0
- package/dist/routes/oauth/device/get-post.d.ts +28 -0
- package/dist/routes/oauth/device/get-post.d.ts.map +1 -0
- package/dist/routes/oauth/device/get-post.js +67 -0
- package/dist/routes/oauth/device/get-post.js.map +1 -0
- package/dist/routes/oauth/device-authorization/post.d.ts +25 -0
- package/dist/routes/oauth/device-authorization/post.d.ts.map +1 -0
- package/dist/routes/oauth/device-authorization/post.js +87 -0
- package/dist/routes/oauth/device-authorization/post.js.map +1 -0
- package/dist/routes/oauth/end-session/get.d.ts +34 -0
- package/dist/routes/oauth/end-session/get.d.ts.map +1 -0
- package/dist/routes/oauth/end-session/get.js +74 -0
- package/dist/routes/oauth/end-session/get.js.map +1 -0
- package/dist/routes/oauth/index.d.ts +95 -16
- package/dist/routes/oauth/index.d.ts.map +1 -1
- package/dist/routes/oauth/index.js +8 -0
- package/dist/routes/oauth/index.js.map +1 -1
- package/dist/routes/oauth/introspect/post.d.ts.map +1 -1
- package/dist/routes/oauth/introspect/post.js +2 -0
- package/dist/routes/oauth/introspect/post.js.map +1 -1
- package/dist/routes/oauth/revoke/post.d.ts.map +1 -1
- package/dist/routes/oauth/revoke/post.js +2 -0
- package/dist/routes/oauth/revoke/post.js.map +1 -1
- package/dist/routes/oauth/token/post.d.ts +2 -0
- package/dist/routes/oauth/token/post.d.ts.map +1 -1
- package/dist/routes/oauth/token/post.js +46 -0
- package/dist/routes/oauth/token/post.js.map +1 -1
- package/dist/routes/oauth/userinfo/get.d.ts +16 -4
- package/dist/routes/oauth/userinfo/get.d.ts.map +1 -1
- package/dist/routes/oauth/userinfo/get.js +50 -30
- package/dist/routes/oauth/userinfo/get.js.map +1 -1
- package/dist/schemas/error.d.ts +100 -0
- package/dist/schemas/error.d.ts.map +1 -1
- package/dist/schemas/error.js +4 -0
- package/dist/schemas/error.js.map +1 -1
- package/dist/schemas/field.d.ts +2 -0
- package/dist/schemas/field.d.ts.map +1 -1
- package/dist/schemas/field.js +6 -1
- package/dist/schemas/field.js.map +1 -1
- package/dist/schemas/response.d.ts +2 -0
- package/dist/schemas/response.d.ts.map +1 -1
- package/dist/schemas/response.js +4 -0
- package/dist/schemas/response.js.map +1 -1
- package/dist/seeders/config.seeder.js +2 -0
- package/dist/seeders/config.seeder.js.map +1 -1
- package/dist/services/container.d.ts +4 -2
- package/dist/services/container.d.ts.map +1 -1
- package/dist/services/jwt.service.d.ts +4 -0
- package/dist/services/jwt.service.d.ts.map +1 -1
- package/dist/services/jwt.service.js +27 -6
- package/dist/services/jwt.service.js.map +1 -1
- package/dist/services/mikro.service.d.ts +2 -0
- package/dist/services/mikro.service.d.ts.map +1 -1
- package/dist/services/mikro.service.js +3 -0
- package/dist/services/mikro.service.js.map +1 -1
- package/dist/services/oauth-authorize.service.d.ts +9 -1
- package/dist/services/oauth-authorize.service.d.ts.map +1 -1
- package/dist/services/oauth-authorize.service.js +113 -18
- package/dist/services/oauth-authorize.service.js.map +1 -1
- package/dist/services/oauth-client.service.d.ts +3 -0
- package/dist/services/oauth-client.service.d.ts.map +1 -1
- package/dist/services/oauth-client.service.js +16 -0
- package/dist/services/oauth-client.service.js.map +1 -1
- package/dist/services/oauth-token.service.d.ts +11 -0
- package/dist/services/oauth-token.service.d.ts.map +1 -1
- package/dist/services/oauth-token.service.js +69 -1
- package/dist/services/oauth-token.service.js.map +1 -1
- package/dist/services/security.service.d.ts +1 -1
- package/dist/services/security.service.d.ts.map +1 -1
- package/dist/services/security.service.js +2 -0
- package/dist/services/security.service.js.map +1 -1
- package/package.json +3 -3
- package/readme.md +5 -1
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import type { AppEnv } from '../../../lib/app-env.js';
|
|
2
|
+
export declare const endSessionGet: import("hono/hono-base").HonoBase<AppEnv, {
|
|
3
|
+
"/end_session": {
|
|
4
|
+
$get: {
|
|
5
|
+
input: {
|
|
6
|
+
query: {
|
|
7
|
+
client_id?: string | string[];
|
|
8
|
+
post_logout_redirect_uri?: string | string[];
|
|
9
|
+
id_token_hint?: string | string[];
|
|
10
|
+
state?: string | string[];
|
|
11
|
+
};
|
|
12
|
+
};
|
|
13
|
+
output: undefined;
|
|
14
|
+
outputFormat: "redirect";
|
|
15
|
+
status: 302;
|
|
16
|
+
} | {
|
|
17
|
+
input: {
|
|
18
|
+
query: {
|
|
19
|
+
client_id?: string | string[];
|
|
20
|
+
post_logout_redirect_uri?: string | string[];
|
|
21
|
+
id_token_hint?: string | string[];
|
|
22
|
+
state?: string | string[];
|
|
23
|
+
};
|
|
24
|
+
};
|
|
25
|
+
output: {
|
|
26
|
+
error: string;
|
|
27
|
+
error_description: string;
|
|
28
|
+
};
|
|
29
|
+
outputFormat: "json";
|
|
30
|
+
status: 400;
|
|
31
|
+
};
|
|
32
|
+
};
|
|
33
|
+
}, "/", "/end_session">;
|
|
34
|
+
//# sourceMappingURL=get.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/end-session/get.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAItD,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;uBAiGzB,CAAC"}
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import { Hono } from 'hono';
|
|
2
|
+
import { deleteCookie } from 'hono/cookie';
|
|
3
|
+
import { describeRoute, resolver, validator } from 'hono-openapi';
|
|
4
|
+
import { z } from 'zod';
|
|
5
|
+
import { TAGS } from '../../../lib/swagger-tags.js';
|
|
6
|
+
import { r } from '../../../schemas/response.js';
|
|
7
|
+
export const endSessionGet = new Hono().get('/end_session', describeRoute({
|
|
8
|
+
tags: [TAGS.OPENID],
|
|
9
|
+
summary: 'End Session',
|
|
10
|
+
description: 'RP-initiated logout endpoint',
|
|
11
|
+
responses: {
|
|
12
|
+
302: { description: 'Redirect after logout' },
|
|
13
|
+
400: {
|
|
14
|
+
content: {
|
|
15
|
+
'application/json': {
|
|
16
|
+
schema: resolver(r.OAuthError),
|
|
17
|
+
},
|
|
18
|
+
},
|
|
19
|
+
description: 'Invalid logout request',
|
|
20
|
+
},
|
|
21
|
+
},
|
|
22
|
+
}), validator('query', z.object({
|
|
23
|
+
client_id: z.string().min(1).optional(),
|
|
24
|
+
post_logout_redirect_uri: z.url().optional(),
|
|
25
|
+
id_token_hint: z.string().min(1).optional(),
|
|
26
|
+
state: z.string().min(1).optional(),
|
|
27
|
+
})), async (c) => {
|
|
28
|
+
const query = c.req.valid('query');
|
|
29
|
+
const { config, jwtService, oauthClientService } = c.var.services;
|
|
30
|
+
if (!query.post_logout_redirect_uri) {
|
|
31
|
+
deleteCookie(c, 'session', { path: '/' });
|
|
32
|
+
return c.redirect(config.server.public_origin);
|
|
33
|
+
}
|
|
34
|
+
if (!query.client_id) {
|
|
35
|
+
return c.json({
|
|
36
|
+
error: 'invalid_request',
|
|
37
|
+
error_description: 'client_id is required for post_logout_redirect_uri.',
|
|
38
|
+
}, 400);
|
|
39
|
+
}
|
|
40
|
+
const client = await oauthClientService.findByClientId(query.client_id);
|
|
41
|
+
if (query.id_token_hint) {
|
|
42
|
+
try {
|
|
43
|
+
const idTokenPayload = await jwtService.verifyIdToken(query.id_token_hint);
|
|
44
|
+
if (idTokenPayload.aud !== query.client_id) {
|
|
45
|
+
return c.json({
|
|
46
|
+
error: 'invalid_request',
|
|
47
|
+
error_description: 'id_token_hint audience does not match client_id.',
|
|
48
|
+
}, 400);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
catch {
|
|
52
|
+
return c.json({
|
|
53
|
+
error: 'invalid_request',
|
|
54
|
+
error_description: 'Invalid id_token_hint.',
|
|
55
|
+
}, 400);
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
try {
|
|
59
|
+
oauthClientService.validatePostLogoutRedirectUri(client, query.post_logout_redirect_uri);
|
|
60
|
+
}
|
|
61
|
+
catch {
|
|
62
|
+
return c.json({
|
|
63
|
+
error: 'invalid_request',
|
|
64
|
+
error_description: 'Invalid post_logout_redirect_uri.',
|
|
65
|
+
}, 400);
|
|
66
|
+
}
|
|
67
|
+
const redirectUrl = new URL(query.post_logout_redirect_uri);
|
|
68
|
+
if (query.state) {
|
|
69
|
+
redirectUrl.searchParams.set('state', query.state);
|
|
70
|
+
}
|
|
71
|
+
deleteCookie(c, 'session', { path: '/' });
|
|
72
|
+
return c.redirect(redirectUrl.toString());
|
|
73
|
+
});
|
|
74
|
+
//# sourceMappingURL=get.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"get.js","sourceRoot":"","sources":["../../../../src/routes/oauth/end-session/get.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AAEjD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,IAAI,EAAU,CAAC,GAAG,CACjD,cAAc,EACd,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACnB,OAAO,EAAE,aAAa;IACtB,WAAW,EAAE,8BAA8B;IAC3C,SAAS,EAAE;QACT,GAAG,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE;QAC7C,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;iBAC/B;aACF;YACD,WAAW,EAAE,wBAAwB;SACtC;KACF;CACF,CAAC,EACF,SAAS,CACP,OAAO,EACP,CAAC,CAAC,MAAM,CAAC;IACP,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,wBAAwB,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC5C,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC3C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACpC,CAAC,CACH,EACD,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IAElE,IAAI,CAAC,KAAK,CAAC,wBAAwB,EAAE,CAAC;QACpC,YAAY,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EACf,qDAAqD;SACxD,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACxE,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,aAAa,CACnD,KAAK,CAAC,aAAa,CACpB,CAAC;YACF,IAAI,cAAc,CAAC,GAAG,KAAK,KAAK,CAAC,SAAS,EAAE,CAAC;gBAC3C,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,KAAK,EAAE,iBAAiB;oBACxB,iBAAiB,EACf,kDAAkD;iBACrD,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,KAAK,EAAE,iBAAiB;gBACxB,iBAAiB,EAAE,wBAAwB;aAC5C,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,kBAAkB,CAAC,6BAA6B,CAC9C,MAAM,EACN,KAAK,CAAC,wBAAwB,CAC/B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC,IAAI,CACX;YACE,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,mCAAmC;SACvD,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5D,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC;IAED,YAAY,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;IAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;AAC5C,CAAC,CACF,CAAC"}
|
|
@@ -16,6 +16,74 @@ export declare const oauthApplicationRoutes: import("hono/hono-base").HonoBase<A
|
|
|
16
16
|
max_age?: string | string[];
|
|
17
17
|
reauthenticated?: string | string[];
|
|
18
18
|
display?: string | string[];
|
|
19
|
+
response_mode?: string | string[];
|
|
20
|
+
login_hint?: string | string[];
|
|
21
|
+
ui_locales?: string | string[];
|
|
22
|
+
id_token_hint?: string | string[];
|
|
23
|
+
acr_values?: string | string[];
|
|
24
|
+
};
|
|
25
|
+
};
|
|
26
|
+
output: {};
|
|
27
|
+
outputFormat: string;
|
|
28
|
+
status: import("hono/utils/http-status").StatusCode;
|
|
29
|
+
};
|
|
30
|
+
};
|
|
31
|
+
}, "/"> | import("hono/types").MergeSchemaPath<{
|
|
32
|
+
"/device_authorization": {
|
|
33
|
+
$post: {
|
|
34
|
+
input: {
|
|
35
|
+
form: {
|
|
36
|
+
client_id?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
37
|
+
client_secret?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
38
|
+
scope?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
39
|
+
};
|
|
40
|
+
};
|
|
41
|
+
output: {
|
|
42
|
+
device_code: string;
|
|
43
|
+
user_code: string;
|
|
44
|
+
verification_uri: string;
|
|
45
|
+
verification_uri_complete: string;
|
|
46
|
+
expires_in: number;
|
|
47
|
+
interval: number;
|
|
48
|
+
};
|
|
49
|
+
outputFormat: "json";
|
|
50
|
+
status: 200;
|
|
51
|
+
};
|
|
52
|
+
};
|
|
53
|
+
}, "/"> | import("hono/types").MergeSchemaPath<{
|
|
54
|
+
"/device": {
|
|
55
|
+
$get: {
|
|
56
|
+
input: {};
|
|
57
|
+
output: {};
|
|
58
|
+
outputFormat: string;
|
|
59
|
+
status: import("hono/utils/http-status").StatusCode;
|
|
60
|
+
};
|
|
61
|
+
};
|
|
62
|
+
} & {
|
|
63
|
+
"/device": {
|
|
64
|
+
$post: {
|
|
65
|
+
input: {
|
|
66
|
+
form: {
|
|
67
|
+
user_code: string;
|
|
68
|
+
};
|
|
69
|
+
};
|
|
70
|
+
output: {
|
|
71
|
+
status: string;
|
|
72
|
+
client_id: string;
|
|
73
|
+
};
|
|
74
|
+
outputFormat: "json";
|
|
75
|
+
status: import("hono/utils/http-status").ContentfulStatusCode;
|
|
76
|
+
};
|
|
77
|
+
};
|
|
78
|
+
}, "/"> | import("hono/types").MergeSchemaPath<{
|
|
79
|
+
"/end_session": {
|
|
80
|
+
$get: {
|
|
81
|
+
input: {
|
|
82
|
+
query: {
|
|
83
|
+
client_id?: string | string[];
|
|
84
|
+
post_logout_redirect_uri?: string | string[];
|
|
85
|
+
id_token_hint?: string | string[];
|
|
86
|
+
state?: string | string[];
|
|
19
87
|
};
|
|
20
88
|
};
|
|
21
89
|
output: undefined;
|
|
@@ -24,18 +92,10 @@ export declare const oauthApplicationRoutes: import("hono/hono-base").HonoBase<A
|
|
|
24
92
|
} | {
|
|
25
93
|
input: {
|
|
26
94
|
query: {
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
95
|
+
client_id?: string | string[];
|
|
96
|
+
post_logout_redirect_uri?: string | string[];
|
|
97
|
+
id_token_hint?: string | string[];
|
|
30
98
|
state?: string | string[];
|
|
31
|
-
code_challenge?: string | string[];
|
|
32
|
-
code_challenge_method?: string | string[];
|
|
33
|
-
scope?: string | string[];
|
|
34
|
-
nonce?: string | string[];
|
|
35
|
-
prompt?: string | string[];
|
|
36
|
-
max_age?: string | string[];
|
|
37
|
-
reauthenticated?: string | string[];
|
|
38
|
-
display?: string | string[];
|
|
39
99
|
};
|
|
40
100
|
};
|
|
41
101
|
output: {
|
|
@@ -58,6 +118,8 @@ export declare const oauthApplicationRoutes: import("hono/hono-base").HonoBase<A
|
|
|
58
118
|
client_secret?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
59
119
|
code_verifier?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
60
120
|
refresh_token?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
121
|
+
scope?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
122
|
+
device_code?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
61
123
|
};
|
|
62
124
|
};
|
|
63
125
|
output: {
|
|
@@ -117,11 +179,23 @@ export declare const oauthApplicationRoutes: import("hono/hono-base").HonoBase<A
|
|
|
117
179
|
}, "/"> | import("hono/types").MergeSchemaPath<{
|
|
118
180
|
"/userinfo": {
|
|
119
181
|
$get: {
|
|
120
|
-
input: {
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
182
|
+
input: {};
|
|
183
|
+
output: {
|
|
184
|
+
sub: string;
|
|
185
|
+
email?: string | undefined;
|
|
186
|
+
email_verified?: boolean | undefined;
|
|
187
|
+
name?: string | undefined;
|
|
188
|
+
picture?: string | undefined;
|
|
189
|
+
preferred_username?: string | undefined;
|
|
124
190
|
};
|
|
191
|
+
outputFormat: "json";
|
|
192
|
+
status: 200;
|
|
193
|
+
};
|
|
194
|
+
};
|
|
195
|
+
} & {
|
|
196
|
+
"/userinfo": {
|
|
197
|
+
$post: {
|
|
198
|
+
input: {};
|
|
125
199
|
output: {
|
|
126
200
|
sub: string;
|
|
127
201
|
email?: string | undefined;
|
|
@@ -168,14 +242,19 @@ export declare const oauthApplicationRoutes: import("hono/hono-base").HonoBase<A
|
|
|
168
242
|
response_modes_supported: string[];
|
|
169
243
|
subject_types_supported: string[];
|
|
170
244
|
id_token_signing_alg_values_supported: string[];
|
|
245
|
+
userinfo_signing_alg_values_supported: string[];
|
|
171
246
|
userinfo_endpoint: string;
|
|
172
247
|
scopes_supported: string[];
|
|
173
248
|
claims_supported: string[];
|
|
174
249
|
grant_types_supported: string[];
|
|
175
250
|
token_endpoint_auth_methods_supported: string[];
|
|
251
|
+
introspection_endpoint_auth_methods_supported: string[];
|
|
252
|
+
revocation_endpoint_auth_methods_supported: string[];
|
|
176
253
|
code_challenge_methods_supported: string[];
|
|
177
254
|
introspection_endpoint: string;
|
|
178
255
|
revocation_endpoint: string;
|
|
256
|
+
end_session_endpoint: string;
|
|
257
|
+
device_authorization_endpoint: string;
|
|
179
258
|
ui_locales_supported: ("en" | "ko" | "ja")[];
|
|
180
259
|
request_parameter_supported: boolean;
|
|
181
260
|
request_uri_parameter_supported: boolean;
|
|
@@ -185,5 +264,5 @@ export declare const oauthApplicationRoutes: import("hono/hono-base").HonoBase<A
|
|
|
185
264
|
status: 200;
|
|
186
265
|
};
|
|
187
266
|
};
|
|
188
|
-
}, "/">, "/",
|
|
267
|
+
}, "/">, "/", any>;
|
|
189
268
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/routes/oauth/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/routes/oauth/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAanD,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAWP,CAAC"}
|
|
@@ -2,12 +2,20 @@ import { Hono } from 'hono';
|
|
|
2
2
|
import { jwksGet } from "./.well-known/jwks/get.js";
|
|
3
3
|
import { oidcConfigGet } from "./.well-known/openid-configuration/get.js";
|
|
4
4
|
import { authorizeGet } from "./authorize/get.js";
|
|
5
|
+
import { oauthCorsMiddleware } from './cors.js';
|
|
6
|
+
import { deviceGetPost } from './device/get-post.js';
|
|
7
|
+
import { deviceAuthorizationPost } from './device-authorization/post.js';
|
|
8
|
+
import { endSessionGet } from './end-session/get.js';
|
|
5
9
|
import { introspectPost } from "./introspect/post.js";
|
|
6
10
|
import { revokePost } from "./revoke/post.js";
|
|
7
11
|
import { tokenPost } from "./token/post.js";
|
|
8
12
|
import { userinfoGet } from "./userinfo/get.js";
|
|
9
13
|
export const oauthApplicationRoutes = new Hono()
|
|
14
|
+
.use('*', oauthCorsMiddleware)
|
|
10
15
|
.route('/', authorizeGet)
|
|
16
|
+
.route('/', deviceAuthorizationPost)
|
|
17
|
+
.route('/', deviceGetPost)
|
|
18
|
+
.route('/', endSessionGet)
|
|
11
19
|
.route('/', tokenPost)
|
|
12
20
|
.route('/', introspectPost)
|
|
13
21
|
.route('/', revokePost)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/routes/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,2CAA2C,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,IAAI,EAAU;KACrD,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC;KACxB,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC;KACrB,KAAK,CAAC,GAAG,EAAE,cAAc,CAAC;KAC1B,KAAK,CAAC,GAAG,EAAE,UAAU,CAAC;KACtB,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC;KACvB,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC;KACnB,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/routes/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,2CAA2C,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,IAAI,EAAU;KACrD,GAAG,CAAC,GAAG,EAAE,mBAAmB,CAAC;KAC7B,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC;KACxB,KAAK,CAAC,GAAG,EAAE,uBAAuB,CAAC;KACnC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC;KACzB,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC;KACzB,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC;KACrB,KAAK,CAAC,GAAG,EAAE,cAAc,CAAC;KAC1B,KAAK,CAAC,GAAG,EAAE,UAAU,CAAC;KACtB,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC;KACvB,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC;KACnB,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/introspect/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAoBtD,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/introspect/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAoBtD,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;sBAuG1B,CAAC"}
|
|
@@ -88,6 +88,8 @@ export const introspectPost = new Hono().post('/introspect', describeRoute({
|
|
|
88
88
|
throw err;
|
|
89
89
|
}
|
|
90
90
|
const result = await oauthTokenService.introspectToken(body.token, body.token_type_hint, clientId);
|
|
91
|
+
c.header('Cache-Control', 'no-store');
|
|
92
|
+
c.header('Pragma', 'no-cache');
|
|
91
93
|
return c.json(result, 200);
|
|
92
94
|
});
|
|
93
95
|
//# sourceMappingURL=post.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../src/routes/oauth/introspect/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AACjD,OAAO,EACL,2BAA2B,EAC3B,qDAAqD,EACrD,+CAA+C,GAChD,MAAM,mBAAmB,CAAC;AAE3B,MAAM,wBAAwB,GAAG,CAAC;KAC/B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,KAAK;IACd,eAAe,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,EAAE;IAC3C,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE;IAChC,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;CACzC,CAAC;KACD,QAAQ,CAAC,4CAA4C,CAAC,CAAC;AAE1D,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CACnD,aAAa,EACb,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACnB,OAAO,EAAE,qBAAqB;IAC9B,WAAW,EACT,gFAAgF;IAClF,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC;iBAC1C;aACF;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,mBAAmB,CAAC,MAAM;qBAC7B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,oCAAoC;SAClD;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC;iBACpD;aACF;YACD,WAAW,EAAE,4BAA4B;SAC1C;KACF;CACF,CAAC,EACF,SAAS,CAAC,MAAM,EAAE,wBAAwB,CAAC,EAC3C,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IACjE,MAAM,mBAAmB,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAC1D,MAAM,gBAAgB,GAAG,2BAA2B,CAAC,mBAAmB,CAAC,CAAC;IAE1E,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,+CAA+C,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,gBAAgB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3C,+CAA+C,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,gBAAgB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,gBAAgB,CAAC,QAAQ,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACjD,+CAA+C,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,gBAAgB,EAAE,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC;IAC9D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IAEjE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,MAAM,YAAY,GAAG,gBAAgB,EAAE,YAAY,IAAI,IAAI,CAAC,aAAa,CAAC;IAE1E,IAAI,CAAC;QACH,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,MAAM,mBAAmB,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,CACrE,QAAQ,EACR,YAAY,CACb,CAAC;QAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,mBAAmB,EAAE,CAAC;YACxB,qDAAqD,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,eAAe,CACpD,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,eAAe,EACpB,QAAQ,CACT,CAAC;IAEF,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC7B,CAAC,CACF,CAAC"}
|
|
1
|
+
{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../src/routes/oauth/introspect/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AACjD,OAAO,EACL,2BAA2B,EAC3B,qDAAqD,EACrD,+CAA+C,GAChD,MAAM,mBAAmB,CAAC;AAE3B,MAAM,wBAAwB,GAAG,CAAC;KAC/B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,KAAK;IACd,eAAe,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,EAAE;IAC3C,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE;IAChC,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;CACzC,CAAC;KACD,QAAQ,CAAC,4CAA4C,CAAC,CAAC;AAE1D,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CACnD,aAAa,EACb,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACnB,OAAO,EAAE,qBAAqB;IAC9B,WAAW,EACT,gFAAgF;IAClF,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC;iBAC1C;aACF;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,mBAAmB,CAAC,MAAM;qBAC7B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,oCAAoC;SAClD;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC;iBACpD;aACF;YACD,WAAW,EAAE,4BAA4B;SAC1C;KACF;CACF,CAAC,EACF,SAAS,CAAC,MAAM,EAAE,wBAAwB,CAAC,EAC3C,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IACjE,MAAM,mBAAmB,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAC1D,MAAM,gBAAgB,GAAG,2BAA2B,CAAC,mBAAmB,CAAC,CAAC;IAE1E,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,+CAA+C,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,gBAAgB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3C,+CAA+C,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,gBAAgB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,gBAAgB,CAAC,QAAQ,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACjD,+CAA+C,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,gBAAgB,EAAE,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC;IAC9D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IAEjE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,MAAM,YAAY,GAAG,gBAAgB,EAAE,YAAY,IAAI,IAAI,CAAC,aAAa,CAAC;IAE1E,IAAI,CAAC;QACH,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QAED,MAAM,mBAAmB,GAAG,MAAM,kBAAkB,CAAC,kBAAkB,CACrE,QAAQ,EACR,YAAY,CACb,CAAC;QAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,mBAAmB,EAAE,CAAC;YACxB,qDAAqD,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,eAAe,CACpD,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,eAAe,EACpB,QAAQ,CACT,CAAC;IAEF,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IACtC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC7B,CAAC,CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/revoke/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/revoke/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAoBtD;;GAEG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;kBAoGtB,CAAC"}
|
|
@@ -5,6 +5,7 @@ import { TAGS } from "../../../lib/swagger-tags.js";
|
|
|
5
5
|
import { e } from "../../../schemas/error.js";
|
|
6
6
|
import { f } from "../../../schemas/field.js";
|
|
7
7
|
import { parseBasicClientCredentials, setBasicClientAuthChallengeIfInvalidClientCredentials, throwInvalidClientCredentialsWithBasicChallenge, } from '../client-auth.js';
|
|
8
|
+
import { setOAuthClientCorsHeaders } from '../cors.js';
|
|
8
9
|
const RevokeRequestBody = z
|
|
9
10
|
.object({
|
|
10
11
|
token: f.token,
|
|
@@ -72,6 +73,7 @@ export const revokePost = new Hono().post('/revoke', describeRoute({
|
|
|
72
73
|
throw new e.InvalidClientCredentials.Error();
|
|
73
74
|
}
|
|
74
75
|
const client = await oauthClientService.findByClientId(clientId);
|
|
76
|
+
setOAuthClientCorsHeaders(c, client);
|
|
75
77
|
if (!client.enabled) {
|
|
76
78
|
throw new e.OAuthClientDisabled.Error();
|
|
77
79
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../src/routes/oauth/revoke/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EACL,2BAA2B,EAC3B,qDAAqD,EACrD,+CAA+C,GAChD,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../src/routes/oauth/revoke/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EACL,2BAA2B,EAC3B,qDAAqD,EACrD,+CAA+C,GAChD,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAEvD,MAAM,iBAAiB,GAAG,CAAC;KACxB,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,KAAK;IACd,eAAe,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,EAAE;IAC3C,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE;IAChC,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;CACzC,CAAC;KACD,QAAQ,CAAC,yCAAyC,CAAC,CAAC;AAEvD;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CAC/C,SAAS,EACT,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACnB,OAAO,EAAE,kBAAkB;IAC3B,WAAW,EACT,mFAAmF;IACrF,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC;yBACE,MAAM,CAAC,EAAE,CAAC;yBACV,QAAQ,CACP,0DAA0D,CAC3D,CACJ;iBACF;aACF;YACD,WAAW,EAAE,eAAe;SAC7B;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,mBAAmB,CAAC,MAAM;qBAC7B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EAAE,oCAAoC;SAClD;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC;iBACpD;aACF;YACD,WAAW,EAAE,4BAA4B;SAC1C;KACF;CACF,CAAC,EACF,SAAS,CAAC,MAAM,EAAE,iBAAiB,CAAC,EACpC,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IACjE,MAAM,mBAAmB,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAC1D,MAAM,gBAAgB,GAAG,2BAA2B,CAAC,mBAAmB,CAAC,CAAC;IAE1E,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,+CAA+C,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,gBAAgB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3C,+CAA+C,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,gBAAgB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,gBAAgB,CAAC,QAAQ,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACjD,+CAA+C,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,gBAAgB,EAAE,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC;IAC9D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACjE,yBAAyB,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAErC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,MAAM,YAAY,GAAG,gBAAgB,EAAE,YAAY,IAAI,IAAI,CAAC,aAAa,CAAC;IAE1E,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,8BAA8B,CACrD,QAAQ,EACR,YAAY,CACb,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,mBAAmB,EAAE,CAAC;YACxB,qDAAqD,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,MAAM,iBAAiB,CAAC,WAAW,CACjC,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,eAAe,EACpB,QAAQ,CACT,CAAC;IAEF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;AACzB,CAAC,CACF,CAAC"}
|
|
@@ -11,6 +11,8 @@ export declare const tokenPost: import("hono/hono-base").HonoBase<AppEnv, {
|
|
|
11
11
|
client_secret?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
12
12
|
code_verifier?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
13
13
|
refresh_token?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
14
|
+
scope?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
15
|
+
device_code?: import("hono/types").ParsedFormValue | import("hono/types").ParsedFormValue[];
|
|
14
16
|
};
|
|
15
17
|
};
|
|
16
18
|
output: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/token/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/token/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAiCtD,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA6KrB,CAAC"}
|
|
@@ -6,6 +6,13 @@ import { e } from "../../../schemas/error.js";
|
|
|
6
6
|
import { f } from "../../../schemas/field.js";
|
|
7
7
|
import { r } from "../../../schemas/response.js";
|
|
8
8
|
import { parseBasicClientCredentials, setBasicClientAuthChallengeIfInvalidClientCredentials, throwInvalidClientCredentialsWithBasicChallenge, } from '../client-auth.js';
|
|
9
|
+
import { setOAuthClientCorsHeaders } from '../cors.js';
|
|
10
|
+
const END_USER_SCOPES_FOR_CLIENT_CREDENTIALS = new Set([
|
|
11
|
+
'openid',
|
|
12
|
+
'profile',
|
|
13
|
+
'email',
|
|
14
|
+
'offline_access',
|
|
15
|
+
]);
|
|
9
16
|
const TokenRequestBody = z
|
|
10
17
|
.object({
|
|
11
18
|
grant_type: f.grantType,
|
|
@@ -15,6 +22,8 @@ const TokenRequestBody = z
|
|
|
15
22
|
client_secret: f.clientSecret.optional(),
|
|
16
23
|
code_verifier: f.codeVerifier.optional(),
|
|
17
24
|
refresh_token: f.token.optional(),
|
|
25
|
+
scope: f.scope.optional(),
|
|
26
|
+
device_code: z.string().min(1).max(1000).optional(),
|
|
18
27
|
})
|
|
19
28
|
.describe('OAuth2 token request payload');
|
|
20
29
|
export const tokenPost = new Hono().post('/token', describeRoute({
|
|
@@ -38,6 +47,7 @@ export const tokenPost = new Hono().post('/token', describeRoute({
|
|
|
38
47
|
e.MissingAuthorizationCode.Schema,
|
|
39
48
|
e.MissingRedirectUri.Schema,
|
|
40
49
|
e.MissingRefreshToken.Schema,
|
|
50
|
+
e.MissingDeviceCode.Schema,
|
|
41
51
|
e.UnsupportedGrantType.Schema,
|
|
42
52
|
])),
|
|
43
53
|
},
|
|
@@ -75,6 +85,7 @@ export const tokenPost = new Hono().post('/token', describeRoute({
|
|
|
75
85
|
}
|
|
76
86
|
// 1. Validate client
|
|
77
87
|
const client = await oauthClientService.findByClientId(clientId);
|
|
88
|
+
setOAuthClientCorsHeaders(c, client);
|
|
78
89
|
if (!client.enabled) {
|
|
79
90
|
throw new e.OAuthClientDisabled.Error();
|
|
80
91
|
}
|
|
@@ -104,6 +115,8 @@ export const tokenPost = new Hono().post('/token', describeRoute({
|
|
|
104
115
|
clientId,
|
|
105
116
|
codeVerifier: body.code_verifier ?? undefined,
|
|
106
117
|
});
|
|
118
|
+
c.header('Cache-Control', 'no-store');
|
|
119
|
+
c.header('Pragma', 'no-cache');
|
|
107
120
|
return c.json(tokens, 200);
|
|
108
121
|
}
|
|
109
122
|
if (body.grant_type === 'refresh_token') {
|
|
@@ -113,7 +126,40 @@ export const tokenPost = new Hono().post('/token', describeRoute({
|
|
|
113
126
|
const tokens = await oauthTokenService.refreshAccessToken({
|
|
114
127
|
refreshToken: body.refresh_token,
|
|
115
128
|
clientId,
|
|
129
|
+
scope: body.scope ? body.scope.split(' ') : undefined,
|
|
116
130
|
});
|
|
131
|
+
c.header('Cache-Control', 'no-store');
|
|
132
|
+
c.header('Pragma', 'no-cache');
|
|
133
|
+
return c.json(tokens, 200);
|
|
134
|
+
}
|
|
135
|
+
if (body.grant_type === 'client_credentials') {
|
|
136
|
+
await oauthClientService.validateConfidentialClient(clientId);
|
|
137
|
+
const requestedScopes = body.scope ? body.scope.split(' ') : [];
|
|
138
|
+
const endUserScopes = requestedScopes.filter((scope) => END_USER_SCOPES_FOR_CLIENT_CREDENTIALS.has(scope));
|
|
139
|
+
if (endUserScopes.length > 0) {
|
|
140
|
+
throw new e.InvalidScope.Error({
|
|
141
|
+
invalidScopes: endUserScopes,
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
oauthClientService.validateScopes(client, requestedScopes);
|
|
145
|
+
const tokens = await oauthTokenService.issueClientCredentialsToken({
|
|
146
|
+
clientId,
|
|
147
|
+
scope: requestedScopes,
|
|
148
|
+
});
|
|
149
|
+
c.header('Cache-Control', 'no-store');
|
|
150
|
+
c.header('Pragma', 'no-cache');
|
|
151
|
+
return c.json(tokens, 200);
|
|
152
|
+
}
|
|
153
|
+
if (body.grant_type === 'urn:ietf:params:oauth:grant-type:device_code') {
|
|
154
|
+
if (!body.device_code) {
|
|
155
|
+
throw new e.MissingDeviceCode.Error();
|
|
156
|
+
}
|
|
157
|
+
const tokens = await oauthTokenService.exchangeDeviceCode({
|
|
158
|
+
deviceCode: body.device_code,
|
|
159
|
+
clientId,
|
|
160
|
+
});
|
|
161
|
+
c.header('Cache-Control', 'no-store');
|
|
162
|
+
c.header('Pragma', 'no-cache');
|
|
117
163
|
return c.json(tokens, 200);
|
|
118
164
|
}
|
|
119
165
|
throw new e.UnsupportedGrantType.Error();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../src/routes/oauth/token/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AACjD,OAAO,EACL,2BAA2B,EAC3B,qDAAqD,EACrD,+CAA+C,GAChD,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"post.js","sourceRoot":"","sources":["../../../../src/routes/oauth/token/post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,8BAA8B,CAAC;AACpD,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,2BAA2B,CAAC;AAC9C,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AACjD,OAAO,EACL,2BAA2B,EAC3B,qDAAqD,EACrD,+CAA+C,GAChD,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAEvD,MAAM,sCAAsC,GAAG,IAAI,GAAG,CAAC;IACrD,QAAQ;IACR,SAAS;IACT,OAAO;IACP,gBAAgB;CACjB,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,CAAC;KACvB,MAAM,CAAC;IACN,UAAU,EAAE,CAAC,CAAC,SAAS;IACvB,IAAI,EAAE,CAAC,CAAC,iBAAiB,CAAC,QAAQ,EAAE;IACpC,YAAY,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE;IAChC,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;IACxC,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;IACxC,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE;IACzB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;CACpD,CAAC;KACD,QAAQ,CAAC,8BAA8B,CAAC,CAAC;AAE5C,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CAC9C,QAAQ,EACR,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;IACnB,OAAO,EAAE,OAAO;IAChB,WAAW,EACT,mGAAmG;IACrG,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC;iBAClC;aACF;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC;wBACN,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,wBAAwB,CAAC,MAAM;wBACjC,CAAC,CAAC,kBAAkB,CAAC,MAAM;wBAC3B,CAAC,CAAC,mBAAmB,CAAC,MAAM;wBAC5B,CAAC,CAAC,iBAAiB,CAAC,MAAM;wBAC1B,CAAC,CAAC,oBAAoB,CAAC,MAAM;qBAC9B,CAAC,CACH;iBACF;aACF;YACD,WAAW,EACT,6EAA6E;SAChF;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAwB,CAAC,MAAM,CAAC;iBACpD;aACF;YACD,WAAW,EAAE,4BAA4B;SAC1C;KACF;CACF,CAAC,EACF,SAAS,CAAC,MAAM,EAAE,gBAAgB,CAAC,EACnC,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IAEjE,MAAM,mBAAmB,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAC1D,MAAM,gBAAgB,GAAG,2BAA2B,CAAC,mBAAmB,CAAC,CAAC;IAE1E,IAAI,gBAAgB,KAAK,IAAI,EAAE,CAAC;QAC9B,+CAA+C,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,gBAAgB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3C,+CAA+C,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,gBAAgB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,gBAAgB,CAAC,QAAQ,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACjD,+CAA+C,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,gBAAgB,EAAE,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC;IAC9D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;IAC/C,CAAC;IAED,qBAAqB;IACrB,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACjE,yBAAyB,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAErC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,sEAAsE;IACtE,MAAM,YAAY,GAAG,gBAAgB,EAAE,YAAY,IAAI,IAAI,CAAC,aAAa,CAAC;IAE1E,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,8BAA8B,CACrD,QAAQ,EACR,YAAY,CACb,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,mBAAmB,EAAE,CAAC;YACxB,qDAAqD,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,kBAAkB,CAAC,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAE9D,uBAAuB;IACvB,IAAI,IAAI,CAAC,UAAU,KAAK,oBAAoB,EAAE,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,EAAE,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,yBAAyB,CAAC;YAC/D,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,QAAQ;YACR,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,SAAS;SAC9C,CAAC,CAAC;QAEH,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACtC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,KAAK,eAAe,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,kBAAkB,CAAC;YACxD,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,QAAQ;YACR,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;SACtD,CAAC,CAAC;QAEH,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACtC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,KAAK,oBAAoB,EAAE,CAAC;QAC7C,MAAM,kBAAkB,CAAC,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,MAAM,aAAa,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CACrD,sCAAsC,CAAC,GAAG,CAAC,KAAK,CAAC,CAClD,CAAC;QACF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC;gBAC7B,aAAa,EAAE,aAAa;aAC7B,CAAC,CAAC;QACL,CAAC;QACD,kBAAkB,CAAC,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,2BAA2B,CAAC;YACjE,QAAQ;YACR,KAAK,EAAE,eAAe;SACvB,CAAC,CAAC;QAEH,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACtC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,KAAK,8CAA8C,EAAE,CAAC;QACvE,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;QACxC,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,kBAAkB,CAAC;YACxD,UAAU,EAAE,IAAI,CAAC,WAAW;YAC5B,QAAQ;SACT,CAAC,CAAC;QAEH,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACtC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,IAAI,CAAC,CAAC,oBAAoB,CAAC,KAAK,EAAE,CAAC;AAC3C,CAAC,CACF,CAAC"}
|
|
@@ -2,11 +2,23 @@ import type { AppEnv } from '../../../lib/app-env.ts';
|
|
|
2
2
|
export declare const userinfoGet: import("hono/hono-base").HonoBase<AppEnv, {
|
|
3
3
|
"/userinfo": {
|
|
4
4
|
$get: {
|
|
5
|
-
input: {
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
input: {};
|
|
6
|
+
output: {
|
|
7
|
+
sub: string;
|
|
8
|
+
email?: string | undefined;
|
|
9
|
+
email_verified?: boolean | undefined;
|
|
10
|
+
name?: string | undefined;
|
|
11
|
+
picture?: string | undefined;
|
|
12
|
+
preferred_username?: string | undefined;
|
|
9
13
|
};
|
|
14
|
+
outputFormat: "json";
|
|
15
|
+
status: 200;
|
|
16
|
+
};
|
|
17
|
+
};
|
|
18
|
+
} & {
|
|
19
|
+
"/userinfo": {
|
|
20
|
+
$post: {
|
|
21
|
+
input: {};
|
|
10
22
|
output: {
|
|
11
23
|
sub: string;
|
|
12
24
|
email?: string | undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/userinfo/get.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../src/routes/oauth/userinfo/get.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAiDtD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBA2DrB,CAAC"}
|
|
@@ -5,7 +5,39 @@ import { TAGS } from "../../../lib/swagger-tags.js";
|
|
|
5
5
|
import { e } from "../../../schemas/error.js";
|
|
6
6
|
import { h } from "../../../schemas/header.js";
|
|
7
7
|
import { r } from "../../../schemas/response.js";
|
|
8
|
-
|
|
8
|
+
const userinfoHandler = async (c) => {
|
|
9
|
+
const { jwtService, mikro, userService } = c.var.services;
|
|
10
|
+
// Validate Bearer token
|
|
11
|
+
const authorization = c.req.header('authorization');
|
|
12
|
+
const tokenPayload = await jwtService.validateBearerToken({
|
|
13
|
+
headers: authorization ? { authorization } : {},
|
|
14
|
+
});
|
|
15
|
+
// Load user
|
|
16
|
+
const userEntity = await mikro.user.verifyBySub(tokenPayload.sub);
|
|
17
|
+
const userData = await userService.userEntityToSessionUser(userEntity);
|
|
18
|
+
// Parse scopes from token
|
|
19
|
+
const scopes = tokenPayload.scope.split(' ');
|
|
20
|
+
if (!scopes.includes('openid')) {
|
|
21
|
+
throw new e.InsufficientScope.Error();
|
|
22
|
+
}
|
|
23
|
+
// Build response based on granted scopes
|
|
24
|
+
const userInfo = {
|
|
25
|
+
sub: userData.sub,
|
|
26
|
+
};
|
|
27
|
+
if (scopes.includes('email')) {
|
|
28
|
+
userInfo.email = userData.email;
|
|
29
|
+
userInfo.email_verified = userData.email_verified;
|
|
30
|
+
}
|
|
31
|
+
if (scopes.includes('profile')) {
|
|
32
|
+
userInfo.name = userData.email;
|
|
33
|
+
userInfo.preferred_username = userData.email;
|
|
34
|
+
}
|
|
35
|
+
c.header('Cache-Control', 'no-store');
|
|
36
|
+
c.header('Pragma', 'no-cache');
|
|
37
|
+
return c.json(userInfo, 200);
|
|
38
|
+
};
|
|
39
|
+
export const userinfoGet = new Hono()
|
|
40
|
+
.get('/userinfo', describeRoute({
|
|
9
41
|
tags: [TAGS.OPENID],
|
|
10
42
|
security: OPENAPI_SECURITY.bearer,
|
|
11
43
|
summary: 'User Info',
|
|
@@ -36,33 +68,21 @@ export const userinfoGet = new Hono().get('/userinfo', describeRoute({
|
|
|
36
68
|
description: 'User not found',
|
|
37
69
|
},
|
|
38
70
|
},
|
|
39
|
-
}), validator('header', h.BearerAuth),
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
sub: userData.sub,
|
|
57
|
-
};
|
|
58
|
-
if (scopes.includes('email')) {
|
|
59
|
-
userInfo.email = userData.email;
|
|
60
|
-
userInfo.email_verified = userData.email_verified;
|
|
61
|
-
}
|
|
62
|
-
if (scopes.includes('profile')) {
|
|
63
|
-
userInfo.name = userData.email;
|
|
64
|
-
userInfo.preferred_username = userData.email;
|
|
65
|
-
}
|
|
66
|
-
return c.json(userInfo, 200);
|
|
67
|
-
});
|
|
71
|
+
}), validator('header', h.BearerAuth), userinfoHandler)
|
|
72
|
+
.post('/userinfo', describeRoute({
|
|
73
|
+
tags: [TAGS.OPENID],
|
|
74
|
+
security: OPENAPI_SECURITY.bearer,
|
|
75
|
+
summary: 'User Info',
|
|
76
|
+
description: 'OIDC UserInfo Endpoint POST method',
|
|
77
|
+
responses: {
|
|
78
|
+
200: {
|
|
79
|
+
content: {
|
|
80
|
+
'application/json': {
|
|
81
|
+
schema: resolver(r.UserInfoResponse),
|
|
82
|
+
},
|
|
83
|
+
},
|
|
84
|
+
description: 'Success',
|
|
85
|
+
},
|
|
86
|
+
},
|
|
87
|
+
}), validator('header', h.BearerAuth), userinfoHandler);
|
|
68
88
|
//# sourceMappingURL=get.js.map
|