@tsed/oidc-provider 8.0.1 → 8.0.3

package/package.json

@@ -2,13 +2,14 @@
   "name": "@tsed/oidc-provider",
   "description": "OIDC provider package for Ts.ED framework",
   "type": "module",
-  "version": "8.0.1",
+  "version": "8.0.3",
   "source": "./src/index.ts",
   "main": "./lib/esm/index.js",
   "module": "./lib/esm/index.js",
   "typings": "./lib/types/index.d.ts",
   "exports": {
     ".": {
+      "@tsed/source": "./src/index.ts",
       "types": "./lib/types/index.d.ts",
       "import": "./lib/esm/index.js",
       "default": "./lib/esm/index.js"
@@ -23,7 +24,7 @@
     "test:ci": "vitest run --coverage.thresholds.autoUpdate=true"
   },
   "dependencies": {
-    "@tsed/adapters": "8.0.1",
+    "@tsed/adapters": "8.0.3",
     "express-urlrewrite": "^2.0.3",
     "jose2": "npm:jose@^2.0.4",
     "koa-mount": "^4.0.0",
@@ -33,13 +34,13 @@
     "uuid": "^10.0.0"
   },
   "devDependencies": {
-    "@tsed/barrels": "8.0.1",
-    "@tsed/core": "8.0.1",
-    "@tsed/di": "8.0.1",
-    "@tsed/exceptions": "8.0.1",
-    "@tsed/jwks": "8.0.1",
-    "@tsed/platform-http": "8.0.1",
-    "@tsed/typescript": "8.0.1",
+    "@tsed/barrels": "8.0.3",
+    "@tsed/core": "8.0.3",
+    "@tsed/di": "8.0.3",
+    "@tsed/exceptions": "8.0.3",
+    "@tsed/jwks": "8.0.3",
+    "@tsed/platform-http": "8.0.3",
+    "@tsed/typescript": "8.0.3",
     "@types/lowdb": "1.0.15",
     "@types/oidc-provider": "8.5.2",
     "@types/uuid": "10.0.0",
@@ -51,12 +52,12 @@
     "vitest": "2.1.2"
   },
   "peerDependencies": {
-    "@tsed/ajv": "8.0.1",
-    "@tsed/core": "8.0.1",
-    "@tsed/di": "8.0.1",
-    "@tsed/json-mapper": "8.0.1",
-    "@tsed/platform-http": "8.0.1",
-    "@tsed/schema": "8.0.1",
+    "@tsed/ajv": "8.0.3",
+    "@tsed/core": "8.0.3",
+    "@tsed/di": "8.0.3",
+    "@tsed/json-mapper": "8.0.3",
+    "@tsed/platform-http": "8.0.3",
+    "@tsed/schema": "8.0.3",
     "oidc-provider": ">=8.0.0"
   },
   "peerDependenciesMeta": {

package/src/OidcModule.spec.ts

@@ -0,0 +1,116 @@
+import {PlatformTest} from "@tsed/platform-http/testing";
+import expressRewrite from "express-urlrewrite";
+import koaMount from "koa-mount";
+// @ts-ignore
+import koaRewrite from "koa-rewrite";
+
+import {OidcModule} from "./OidcModule.js";
+import {OidcProvider} from "./services/OidcProvider.js";
+
+vi.mock("express-urlrewrite", () => {
+  return {default: vi.fn().mockReturnValue(vi.fn())};
+});
+vi.mock("koa-rewrite", () => {
+  return {default: vi.fn().mockReturnValue(vi.fn())};
+});
+vi.mock("koa-mount", () => {
+  return {default: vi.fn().mockReturnValue(vi.fn())};
+});
+
+describe("OidcModule", () => {
+  describe("with express", () => {
+    beforeEach(() =>
+      PlatformTest.create({
+        PLATFORM_NAME: "express",
+        oidc: {
+          path: "/oidc"
+        }
+      })
+    );
+
+    afterEach(() => PlatformTest.reset());
+    describe('when path "/oidc"', () => {
+      it("should register the appropriate rewrite middleware", async () => {
+        const mdl = await PlatformTest.invoke<any>(OidcModule);
+
+        vi.spyOn(mdl.app, "use").mockReturnValue(undefined);
+
+        await mdl.$onRoutesInit();
+
+        expect(expressRewrite).toHaveBeenCalledWith("/.well-known/*", "/oidc/.well-known/$1");
+        expect(mdl.app.use).toHaveBeenCalledWith(expect.any(Function));
+      });
+      it("should mount the oidc provider server to application", async () => {
+        const provider = {
+          app: "app",
+          callback: vi.fn().mockReturnValue("callback")
+        };
+        const oidcProvider = {
+          hasConfiguration: vi.fn().mockReturnValue(true),
+          get: vi.fn().mockReturnValue(provider),
+          create: vi.fn()
+        };
+        const mdl = await PlatformTest.invoke<any>(OidcModule, [
+          {
+            token: OidcProvider,
+            use: oidcProvider
+          }
+        ]);
+
+        vi.spyOn(mdl.app, "use").mockReturnValue(undefined);
+
+        await mdl.$afterRoutesInit();
+
+        expect(mdl.app.use).toHaveBeenCalledWith("/oidc", "callback");
+      });
+    });
+  });
+  describe("with koa", () => {
+    beforeEach(() =>
+      PlatformTest.create({
+        PLATFORM_NAME: "koa",
+        oidc: {
+          path: "/oidc"
+        }
+      })
+    );
+
+    afterEach(() => PlatformTest.reset());
+    describe('when path "/oidc"', () => {
+      it("should register the appropriate rewrite middleware", async () => {
+        const mdl = await PlatformTest.invoke<any>(OidcModule);
+
+        vi.spyOn(mdl.app, "use").mockReturnValue(undefined);
+
+        await mdl.$onRoutesInit();
+
+        expect(koaRewrite).toHaveBeenCalledWith("/.well-known/(.*)", "/oidc/.well-known/$1");
+        expect(mdl.app.use).toHaveBeenCalledWith(expect.any(Function));
+      });
+      it("should mount the oidc provider server to application", async () => {
+        const provider = {
+          app: "app",
+          callback: vi.fn().mockReturnValue("callback")
+        };
+        const oidcProvider = {
+          hasConfiguration: vi.fn().mockReturnValue(true),
+          get: vi.fn().mockReturnValue(provider),
+          create: vi.fn()
+        };
+        const mdl = await PlatformTest.invoke<any>(OidcModule, [
+          {
+            token: OidcProvider,
+            use: oidcProvider
+          }
+        ]);
+
+        vi.spyOn(mdl.app, "use").mockReturnValue(undefined);
+
+        await mdl.$afterRoutesInit();
+
+        expect(koaMount).toHaveBeenCalledWith("/oidc", "app");
+        expect(mdl.app.use).toHaveBeenCalledWith(expect.any(Function));
+      });
+    });
+  });
+});

package/src/OidcModule.ts

@@ -0,0 +1,70 @@
+import {constant, inject, injector, Module} from "@tsed/di";
+import {PlatformApplication} from "@tsed/platform-http";
+import koaMount from "koa-mount";
+
+import {OidcAdapters} from "./services/OidcAdapters.js";
+import {OidcJwks} from "./services/OidcJwks.js";
+import {OidcProvider} from "./services/OidcProvider.js";
+
+@Module({
+  imports: [OidcProvider, OidcAdapters, OidcJwks]
+})
+export class OidcModule {
+  protected app: PlatformApplication = inject(PlatformApplication);
+  protected platformName = constant<string>("PLATFORM_NAME");
+  protected basePath = constant("oidc.path", "/oidc");
+  protected oidcProvider = inject(OidcProvider);
+
+  async $onInit() {
+    if (this.oidcProvider.hasConfiguration()) {
+      await this.oidcProvider.create();
+    }
+  }
+
+  async $onRoutesInit() {
+    if (this.basePath !== "/") {
+      this.app.use(await this.getRewriteMiddleware());
+    }
+  }
+
+  $afterRoutesInit() {
+    if (this.oidcProvider.hasConfiguration()) {
+      const provider = this.oidcProvider.get();
+
+      switch (this.platformName) {
+        default:
+        case "express":
+          this.app.use(this.basePath, provider.callback());
+          break;
+        case "koa":
+          this.app.use(koaMount(this.basePath, provider.app));
+          break;
+      }
+    }
+  }
+
+  $onReady() {
+    const inj = injector();
+
+    if (this.oidcProvider.hasConfiguration() && "getBestHost" in inj.settings) {
+      // @ts-ignore
+      const host = inj.settings.getBestHost();
+      const url = host.toString();
+
+      inj.logger.info(`WellKnown is available on ${url}/.well-known/openid-configuration`);
+    }
+  }
+
+  private async getRewriteMiddleware() {
+    switch (this.platformName) {
+      default:
+      case "express":
+        const {default: expressUrlRewrite} = await import("express-urlrewrite");
+        return expressUrlRewrite("/.well-known/*", `${this.basePath}/.well-known/$1`);
+      case "koa":
+        // @ts-ignore
+        const {default: koaUrlRewrite} = await import("koa-rewrite");
+        return koaUrlRewrite("/.well-known/(.*)", `${this.basePath}/.well-known/$1`);
+    }
+  }
+}

package/src/constants/constants.ts

@@ -0,0 +1,10 @@
+export const INTERACTION_CONTEXT = "interactionContext";
+export const INTERACTION_PARAMS = "interactionParams";
+export const INTERACTION_GRANT_ID = "interactionGrantId";
+export const INTERACTION_PROMPT = "interactionPrompt";
+export const INTERACTION_UID = "interactionUid";
+export const INTERACTION_SESSION = "interactionSession";
+export const INTERACTION_DETAILS = "interactionDetails";
+export const INTERACTION_OPTIONS = "interactionOptions";
+export const INTERACTION = "interaction";
+export const INTERACTIONS = "interactions";

package/src/decorators/grantId.spec.ts

@@ -0,0 +1,17 @@
+import {JsonParameterStore} from "@tsed/schema";
+
+import {INTERACTION_GRANT_ID} from "../constants/constants.js";
+import {GrantId} from "./grantId.js";
+
+describe("@GrandId", () => {
+  it("should inject grantId", () => {
+    class MyInteraction {
+      $prompt(@GrantId() grandId: string) {}
+    }
+
+    const entity = JsonParameterStore.get(MyInteraction, "$prompt", 0);
+
+    expect(entity.paramType).toEqual("$CTX");
+    expect(entity.expression).toEqual(INTERACTION_GRANT_ID);
+  });
+});

package/src/decorators/grantId.ts

@@ -0,0 +1,10 @@
+import {useDecorators} from "@tsed/core";
+import {Context} from "@tsed/platform-params";
+
+import {INTERACTION_GRANT_ID, INTERACTION_PARAMS} from "../constants/constants.js";
+
+export function GrantId(): ParameterDecorator {
+  return useDecorators(Context(INTERACTION_GRANT_ID));
+}
+
+export type GrantId = string;

package/src/decorators/interaction.spec.ts

@@ -0,0 +1,27 @@
+import {Store} from "@tsed/core";
+import {GlobalProviders} from "@tsed/di";
+
+import {INTERACTION_OPTIONS} from "../constants/constants.js";
+import {OidcInteractionMethods} from "../domain/OidcInteractionMethods.js";
+import {Interaction} from "./interaction.js";
+
+describe("@Interaction", () => {
+  it("should create an interaction", () => {
+    @Interaction({
+      name: "login",
+      requestable: true,
+      priority: 0
+    })
+    class CustomInteraction implements OidcInteractionMethods {}
+
+    const store = Store.from(CustomInteraction);
+    const provider = GlobalProviders.get(CustomInteraction)!;
+
+    expect(provider.subType).toEqual("interaction");
+    expect(store.get(INTERACTION_OPTIONS)).toEqual({
+      name: "login",
+      requestable: true,
+      priority: 0
+    });
+  });
+});

package/src/decorators/interaction.ts

@@ -0,0 +1,18 @@
+import {StoreMerge, useDecorators} from "@tsed/core";
+import {Controller} from "@tsed/di";
+
+import {INTERACTION, INTERACTION_OPTIONS} from "../constants/constants.js";
+import {OidcInteractionOptions} from "../domain/OidcInteractionOptions.js";
+
+/**
+ * @Oidc
+ */
+export function Interaction(options: OidcInteractionOptions): ClassDecorator {
+  return useDecorators(
+    Controller({
+      path: "/",
+      subType: INTERACTION
+    }),
+    StoreMerge(INTERACTION_OPTIONS, options)
+  );
+}

package/src/decorators/interactions.spec.ts

@@ -0,0 +1,23 @@
+import "../../test/app/controllers/oidc/InteractionsCtrl.js";
+
+import {PlatformTest} from "@tsed/platform-http/testing";
+
+describe("@Interactions", () => {
+  beforeEach(() =>
+    PlatformTest.create({
+      oidc: {
+        options: {
+          claims: {}
+        }
+      } as any
+    })
+  );
+  afterEach(() => PlatformTest.create());
+  it("should create interactions", () => {
+    PlatformTest.injector.resolveConfiguration();
+
+    const oidc = PlatformTest.injector.settings.get("oidc");
+
+    expect(oidc.options.claims).toEqual({});
+  });
+});

package/src/decorators/interactions.ts

@@ -0,0 +1,21 @@
+import {Type, useDecorators} from "@tsed/core";
+import {Controller} from "@tsed/di";
+import {UseBefore} from "@tsed/platform-middlewares";
+
+import {INTERACTIONS} from "../constants/constants.js";
+import {OidcInteractionMiddleware} from "../middlewares/OidcInteractionMiddleware.js";
+import {NoCache} from "./noCache.js";
+
+export interface InteractionsOptions {
+  path: string;
+  children: Type<any>[];
+}
+
+export function Interactions(options: InteractionsOptions): ClassDecorator {
+  const {path} = options;
+  return useDecorators(
+    Controller({path, children: options.children, subType: INTERACTIONS}),
+    NoCache(),
+    UseBefore(OidcInteractionMiddleware)
+  );
+}

package/src/decorators/noCache.ts

@@ -0,0 +1,7 @@
+import {UseBefore} from "@tsed/platform-middlewares";
+
+import {OidcNoCacheMiddleware} from "../middlewares/OidcNoCacheMiddleware.js";
+
+export function NoCache(): ClassDecorator {
+  return UseBefore(OidcNoCacheMiddleware) as ClassDecorator;
+}

package/src/decorators/oidcCtx.spec.ts

@@ -0,0 +1,17 @@
+import {JsonParameterStore} from "@tsed/schema";
+
+import {INTERACTION_CONTEXT} from "../constants/constants.js";
+import {OidcCtx} from "./oidcCtx.js";
+
+describe("@OidcCtx", () => {
+  it("should inject uid", () => {
+    class MyInteraction {
+      $prompt(@OidcCtx() oidcCtx: OidcCtx) {}
+    }
+
+    const entity = JsonParameterStore.get(MyInteraction, "$prompt", 0);
+
+    expect(entity.paramType).toEqual("$CTX");
+    expect(entity.expression).toEqual(INTERACTION_CONTEXT);
+  });
+});

package/src/decorators/oidcCtx.ts

@@ -0,0 +1,11 @@
+import {useDecorators} from "@tsed/core";
+import {Context} from "@tsed/platform-params";
+
+import {INTERACTION_CONTEXT} from "../constants/constants.js";
+import {OidcInteractionContext} from "../services/OidcInteractionContext.js";
+
+export function OidcCtx(): ParameterDecorator {
+  return useDecorators(Context(INTERACTION_CONTEXT));
+}
+
+export type OidcCtx = OidcInteractionContext;

package/src/decorators/oidcSession.spec.ts

@@ -0,0 +1,17 @@
+import {JsonParameterStore} from "@tsed/schema";
+
+import {INTERACTION_SESSION} from "../constants/constants.js";
+import {OidcSession} from "./oidcSession.js";
+
+describe("@OidcSession", () => {
+  it("should inject uid", () => {
+    class MyInteraction {
+      $prompt(@OidcSession() session: OidcSession) {}
+    }
+
+    const entity = JsonParameterStore.get(MyInteraction, "$prompt", 0);
+
+    expect(entity.paramType).toEqual("$CTX");
+    expect(entity.expression).toEqual(INTERACTION_SESSION);
+  });
+});

package/src/decorators/oidcSession.ts

@@ -0,0 +1,14 @@
+import {useDecorators} from "@tsed/core";
+import {Context} from "@tsed/platform-params";
+import type {default as Provider} from "oidc-provider";
+
+import {INTERACTION_SESSION} from "../constants/constants.js";
+
+/**
+ * @decorator
+ */
+export function OidcSession(expression?: string): ParameterDecorator {
+  return useDecorators(Context([INTERACTION_SESSION, expression].filter(Boolean).join(".")));
+}
+
+export type OidcSession = InstanceType<Provider["Session"]>;

package/src/decorators/params.spec.ts

@@ -0,0 +1,17 @@
+import {JsonParameterStore} from "@tsed/schema";
+
+import {INTERACTION_PARAMS} from "../constants/constants.js";
+import {Params} from "./params.js";
+
+describe("@Params", () => {
+  it("should inject uid", () => {
+    class MyInteraction {
+      $prompt(@Params() params: Params) {}
+    }
+
+    const entity = JsonParameterStore.get(MyInteraction, "$prompt", 0);
+
+    expect(entity.paramType).toEqual("$CTX");
+    expect(entity.expression).toEqual(INTERACTION_PARAMS);
+  });
+});

package/src/decorators/params.ts

@@ -0,0 +1,10 @@
+import {useDecorators} from "@tsed/core";
+import {Context} from "@tsed/platform-params";
+
+import {INTERACTION_PARAMS} from "../constants/constants.js";
+
+export function Params(expression?: string): ParameterDecorator {
+  return useDecorators(Context([INTERACTION_PARAMS, expression].filter(Boolean).join(".")));
+}
+
+export type Params = Record<string, any>;

package/src/decorators/prompt.spec.ts

@@ -0,0 +1,17 @@
+import {JsonParameterStore} from "@tsed/schema";
+
+import {INTERACTION_PROMPT} from "../constants/constants.js";
+import {Prompt} from "./prompt.js";
+
+describe("@Prompt", () => {
+  it("should inject uid", () => {
+    class MyInteraction {
+      $prompt(@Prompt() uid: Prompt) {}
+    }
+
+    const entity = JsonParameterStore.get(MyInteraction, "$prompt", 0);
+
+    expect(entity.paramType).toEqual("$CTX");
+    expect(entity.expression).toEqual(INTERACTION_PROMPT);
+  });
+});

package/src/decorators/prompt.ts

@@ -0,0 +1,11 @@
+import {useDecorators} from "@tsed/core";
+import {Context} from "@tsed/platform-params";
+import type {PromptDetail as P} from "oidc-provider";
+
+import {INTERACTION_PROMPT} from "../constants/constants.js";
+
+export function Prompt(): ParameterDecorator {
+  return useDecorators(Context(INTERACTION_PROMPT));
+}
+
+export type Prompt = P;

package/src/decorators/uid.spec.ts

@@ -0,0 +1,17 @@
+import {JsonParameterStore} from "@tsed/schema";
+
+import {INTERACTION_UID} from "../constants/constants.js";
+import {Uid} from "./uid.js";
+
+describe("@Uid", () => {
+  it("should inject uid", () => {
+    class MyInteraction {
+      $prompt(@Uid() uid: string) {}
+    }
+
+    const entity = JsonParameterStore.get(MyInteraction, "$prompt", 0);
+
+    expect(entity.paramType).toEqual("$CTX");
+    expect(entity.expression).toEqual(INTERACTION_UID);
+  });
+});

package/src/decorators/uid.ts

@@ -0,0 +1,10 @@
+import {useDecorators} from "@tsed/core";
+import {Context} from "@tsed/platform-params";
+
+import {INTERACTION_UID} from "../constants/constants.js";
+
+export function Uid(): ParameterDecorator {
+  return useDecorators(Context(INTERACTION_UID));
+}
+
+export type Uid = string;

package/src/domain/InteractionMethods.ts

@@ -0,0 +1,11 @@
+import type {CanBePromise, interactionPolicy, KoaContextWithOIDC, UnknownObject} from "oidc-provider";
+
+export interface InteractionMethods {
+  details?: (ctx: KoaContextWithOIDC) => CanBePromise<UnknownObject>;
+  checks?: () => interactionPolicy.Check[];
+  $onCreate?: (prompt: interactionPolicy.Prompt) => void | Promise<void>;
+  /**
+   * @param args Injectable parameters
+   */
+  $prompt?: (...args: any[]) => any | Promise<any>;
+}

package/src/domain/OidcAccountsMethods.ts

@@ -0,0 +1,10 @@
+import type {Account, default as Provider} from "oidc-provider";
+
+import {AccessToken, AuthorizationCode, BackchannelAuthenticationRequest, DeviceCode} from "./interfaces.js";
+
+export interface OidcAccountsMethods {
+  findAccount(
+    id: string,
+    token: AuthorizationCode | AccessToken | DeviceCode | BackchannelAuthenticationRequest | undefined
+  ): Promise<Account | undefined>;
+}

package/src/domain/OidcBadInteractionName.ts

@@ -0,0 +1,3 @@
+import {BadRequest} from "@tsed/exceptions";
+
+export class OidcBadInteractionName extends BadRequest {}

package/src/domain/OidcInteractionMethods.ts

@@ -0,0 +1,3 @@
+export interface OidcInteractionMethods {
+  $prompts?(...args: unknown[]): void | unknown | Promise<unknown>;
+}

package/src/domain/OidcInteractionOptions.ts

@@ -0,0 +1,8 @@
+import type {CanBePromise, interactionPolicy, KoaContextWithOIDC, UnknownObject} from "oidc-provider";
+export interface OidcInteractionOptions {
+  name: string;
+  requestable?: boolean | undefined;
+  priority?: number;
+  details?: (ctx: KoaContextWithOIDC) => CanBePromise<UnknownObject>;
+  checks?: interactionPolicy.Check[];
+}

package/src/domain/OidcInteractionPromptProps.ts

@@ -0,0 +1,11 @@
+import type {UnknownObject} from "oidc-provider";
+
+import {OidcClient} from "./interfaces.js";
+
+export type OidcInteractionPromptProps<Props = Record<string, any>> = {
+  client: OidcClient;
+  uid: string;
+  grantId: string;
+  details: UnknownObject;
+  params: Record<string, any>;
+} & Props;