@typekcz-nocobase-plugins/plugin-oidc-plus 1.0.2 → 1.0.4

package/dist/client/index.js

@@ -7,6 +7,4 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-(function(o,n){typeof exports=="object"&&typeof module!="undefined"?n(exports,require("@nocobase/client"),require("@nocobase/plugin-auth/client"),require("react/jsx-runtime"),require("@ant-design/icons"),require("antd"),require("react"),require("react-i18next"),require("react-router-dom"),require("@formily/antd-v5"),require("@formily/react")):typeof define=="function"&&define.amd?define(["exports","@nocobase/client","@nocobase/plugin-auth/client","react/jsx-runtime","@ant-design/icons","antd","react","react-i18next","react-router-dom","@formily/antd-v5","@formily/react"],n):(o=typeof globalThis!="undefined"?globalThis:o||self,n(o["@typekcz-nocobase-plugins/plugin-oidc-plus"]={},o["@nocobase/client"],o["@nocobase/plugin-auth"],o.jsxRuntime,o["@ant-design/icons"],o.antd,o.react,o["react-i18next"],o["react-router-dom"],o["@formily/antd-v5"],o["@formily/react"]))})(this,function(o,n,h,s,v,u,b,I,d,y,U){"use strict";var w=(o,n,h)=>new Promise((s,v)=>{var u=d=>{try{I(h.next(d))}catch(y){v(y)}},b=d=>{try{I(h.throw(d))}catch(y){v(y)}},I=d=>d.done?s(d.value):Promise.resolve(d.value).then(u,b);I((h=h.apply(o,n)).next())});const j="OIDC+",T="tnp_oidc_plus_logout",P="oidc";function c(e){return n.i18n.t(e,{ns:P})}function C(){return I.useTranslation(P)}/*! js-cookie v3.0.5 | MIT */function S(e){for(var a=1;a<arguments.length;a++){var l=arguments[a];for(var m in l)e[m]=l[m]}return e}var q={read:function(e){return e[0]==='"'&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}};function F(e,a){function l(t,x,r){if(typeof document!="undefined"){r=S({},a,r),typeof r.expires=="number"&&(r.expires=new Date(Date.now()+r.expires*864e5)),r.expires&&(r.expires=r.expires.toUTCString()),t=encodeURIComponent(t).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var p in r)r[p]&&(i+="; "+p,r[p]!==!0&&(i+="="+r[p].split(";")[0]));return document.cookie=t+"="+e.write(x,t)+i}}function m(t){if(!(typeof document=="undefined"||arguments.length&&!t)){for(var x=document.cookie?document.cookie.split("; "):[],r={},i=0;i<x.length;i++){var p=x[i].split("="),f=p.slice(1).join("=");try{var g=decodeURIComponent(p[0]);if(r[g]=e.read(f,g),t===g)break}catch(D){}}return t?r[t]:r}}return Object.create({set:l,get:m,remove:function(t,x){l(t,"",S({},x,{expires:-1}))},withAttributes:function(t){return F(this.converter,S({},this.attributes,t))},withConverter:function(t){return F(S({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(a)},converter:{value:Object.freeze(e)}})}var k=F(q,{path:"/"});const E=({authenticator:e})=>{const{t:a}=C(),l=n.useAPIClient(),m=d.useLocation(),t=new URLSearchParams(m.search),x=t.get("redirect"),r=()=>w(this,null,function*(){var f;const i=yield l.request({method:"post",url:"oidc:getAuthUrl",headers:{"X-Authenticator":e.name},data:{redirect:x}}),p=(f=i==null?void 0:i.data)==null?void 0:f.data;window.location.replace(p)});return b.useEffect(()=>{const i=k.get(T);if(i){const g=new URL(i);g.searchParams.set("post_logout_redirect_uri",window.location.href),console.log(T,{domain:window.location.hostname}),k.remove(T,{domain:window.location.hostname}),window.location.href=g.href}const p=t.get("authenticator"),f=t.get("error");if(p===e.name&&f){u.message.error(a(f));return}}),s.jsx(u.Space,{direction:"vertical",className:n.css`
-        display: flex;
-      `,children:s.jsx(u.Button,{shape:"round",block:!0,icon:s.jsx(v.LoginOutlined,{}),onClick:r,children:a(e.title)})})},O={type:"object",properties:{public:{type:"object",properties:{autoSignup:{"x-decorator":"FormItem",type:"boolean",title:'{{t("Sign up automatically when the user does not exist")}}',"x-component":"Checkbox",default:!0}}},oidc:{type:"object",properties:{collapse:{type:"void","x-component":"FormTab",properties:{basic:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:c("Basic configuration")},properties:{issuer:{type:"string",title:'{{t("Issuer")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientId:{type:"string",title:'{{t("Client ID")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientSecret:{type:"string",title:'{{t("Client Secret")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},scope:{type:"string",title:'{{t("scope")}}',"x-component":"Input","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Default: openid profile email")}}'}},idTokenSignedResponseAlg:{type:"string",title:'{{t("id_token signed response algorithm")}}',"x-component":"Select","x-decorator":"FormItem",enum:[{label:"HS256",value:"HS256"},{label:"HS384",value:"HS384"},{label:"HS512",value:"HS512"},{label:"RS256",value:"RS256"},{label:"RS384",value:"RS384"},{label:"RS512",value:"RS512"},{label:"ES256",value:"ES256"},{label:"ES384",value:"ES384"},{label:"ES512",value:"ES512"},{label:"PS256",value:"PS256"},{label:"PS384",value:"PS384"},{label:"PS512",value:"PS512"}]}}},mapping:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:c("Field mapping")},properties:{fieldMap:{title:'{{t("Field Map")}}',type:"array","x-decorator":"FormItem","x-component":"ArrayItems",items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{source:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("source")}}'}},target:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("target")}}'}},remove:{type:"void","x-decorator":"FormItem","x-component":"ArrayItems.Remove"}}}}},properties:{add:{type:"void",title:"Add","x-component":"ArrayItems.Addition"}}},userBindField:{type:"string",title:'{{t("Use this field to bind the user")}}',"x-component":"Select","x-decorator":"FormItem",default:"email",enum:[{label:c("Email"),value:"email"},{label:c("Username"),value:"username"}],required:!0}}},advanced:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:c("Advanced configuration")},properties:{logout:{type:"boolean",title:'{{t("RP-initiated logout")}}',"x-component":"Checkbox","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Performs logout on the issuer (uses end_session_endpoint in the issuer configuration)")}}'}},http:{type:"boolean",title:'{{t("HTTP")}}',"x-component":"Checkbox","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Check if NocoBase is running on HTTP protocol")}}'}},port:{type:"number",title:'{{t("Port")}}',"x-component":"InputNumber","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("The port number of the NocoBase service if it is not 80 or 443")}}'},"x-component-props":{style:{width:"15%",minWidth:"100px"}}},stateToken:{type:"string",title:'{{t("State token")}}',"x-component":"Input","x-decorator":"FormItem",description:c("The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.")},exchangeBodyKeys:{type:"array",title:'{{t("Pass parameters in the authorization code grant exchange")}}',"x-decorator":"FormItem","x-component":"ArrayItems",default:[{paramName:"",optionsKey:"clientId"},{paramName:"",optionsKey:"clientSecret"}],items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{enabled:{type:"boolean","x-decorator":"FormItem","x-component":"Checkbox"},optionsKey:{type:"string","x-decorator":"FormItem","x-decorator-props":{style:{width:"100px"}},"x-component":"Select","x-read-pretty":!0,enum:[{label:c("Client ID"),value:"clientId"},{label:c("Client Secret"),value:"clientSecret"}]},paramName:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("Parameter name")}}'}}}}}}},userInfoMethod:{type:"string",title:'{{t("Method to call the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"GET",enum:[{label:"GET",value:"GET"},{label:"POST",value:"POST"}],"x-reactions":[{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "query"}}',fulfill:{state:{value:"GET"}}},{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "body"}}',fulfill:{state:{value:"POST"}}}]},accessTokenVia:{type:"string",title:'{{t("Where to put the access token when calling the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"header",enum:[{label:c("Header"),value:"header"},{label:c("Body (Use with POST method)"),value:"body"},{label:c("Query parameters (Use with GET method)"),value:"query"}]}}}}}}},usage:{type:"void","x-component":"Usage"}}},R=U.observer(()=>{const{t:e}=C(),a=n.useApp(),l=b.useMemo(()=>a.getApiUrl("oidc:redirect"),[a]),m=t=>{navigator.clipboard.writeText(t),u.message.success(e("Copied"))};return s.jsx(u.Card,{title:e("Usage"),type:"inner",children:s.jsx(n.FormItem,{label:e("Redirect URL"),children:s.jsx(n.Input,{value:l,disabled:!0,addonBefore:s.jsx(v.CopyOutlined,{onClick:()=>m(l)})})})})},{displayName:"Usage"}),B=()=>{const{t:e}=C();return s.jsx(n.SchemaComponent,{scope:{t:e},components:{Usage:R,ArrayItems:y.ArrayItems,Space:u.Space,FormTab:y.FormTab},schema:O})};class A extends n.Plugin{load(){return w(this,null,function*(){this.app.pm.get(h).registerType(j,{components:{SignInButton:E,AdminSettingsForm:B}})})}}o.PluginOIDCClient=A,o.default=A,Object.defineProperties(o,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}})});
+!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("react-i18next"),require("@nocobase/plugin-auth/client"),require("@nocobase/client"),require("react-router-dom"),require("react"),require("@formily/antd-v5"),require("@formily/react"),require("@ant-design/icons"),require("antd")):"function"==typeof define&&define.amd?define("@typekcz-nocobase-plugins/plugin-oidc-plus",["react-i18next","@nocobase/plugin-auth/client","@nocobase/client","react-router-dom","react","@formily/antd-v5","@formily/react","@ant-design/icons","antd"],t):"object"==typeof exports?exports["@typekcz-nocobase-plugins/plugin-oidc-plus"]=t(require("react-i18next"),require("@nocobase/plugin-auth/client"),require("@nocobase/client"),require("react-router-dom"),require("react"),require("@formily/antd-v5"),require("@formily/react"),require("@ant-design/icons"),require("antd")):e["@typekcz-nocobase-plugins/plugin-oidc-plus"]=t(e["react-i18next"],e["@nocobase/plugin-auth/client"],e["@nocobase/client"],e["react-router-dom"],e.react,e["@formily/antd-v5"],e["@formily/react"],e["@ant-design/icons"],e.antd)}(self,function(e,t,r,o,n,i,a,c,u){return function(){"use strict";var l={482:function(e){e.exports=c},632:function(e){e.exports=i},505:function(e){e.exports=a},772:function(e){e.exports=r},689:function(e){e.exports=t},721:function(e){e.exports=u},156:function(e){e.exports=n},238:function(t){t.exports=e},128:function(e){e.exports=o}},p={};function s(e){var t=p[e];if(void 0!==t)return t.exports;var r=p[e]={exports:{}};return l[e](r,r.exports,s),r.exports}s.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return s.d(t,{a:t}),t},s.d=function(e,t){for(var r in t)s.o(t,r)&&!s.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},s.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},s.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})};var d={};return!function(){s.r(d),s.d(d,{default:function(){return R},PluginOIDCClient:function(){return j}});var e=s(772),t=s(689),r=s.n(t),o="tnp_oidc_plus_logout",n=s(482),i=s(721),a=s(156),c=s.n(a),u=s(238),l="oidc";function p(t){return e.i18n.t(t,{ns:l})}function f(){return(0,u.useTranslation)(l)}var m=s(128);function y(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var o in r)e[o]=r[o]}return e}var b=function e(t,r){function o(e,o,n){if("undefined"!=typeof document){"number"==typeof(n=y({},r,n)).expires&&(n.expires=new Date(Date.now()+864e5*n.expires)),n.expires&&(n.expires=n.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var a in n)n[a]&&(i+="; "+a,!0!==n[a]&&(i+="="+n[a].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var r=document.cookie?document.cookie.split("; "):[],o={},n=0;n<r.length;n++){var i=r[n].split("="),a=i.slice(1).join("=");try{var c=decodeURIComponent(i[0]);if(o[c]=t.read(a,c),e===c)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",y({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,y({},this.attributes,t))},withConverter:function(t){return e(y({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(r)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});function v(e,t,r,o,n,i,a){try{var c=e[i](a),u=c.value}catch(e){r(e);return}c.done?t(u):Promise.resolve(u).then(o,n)}function h(){var e,t,r=(e=["\n        display: flex;\n      "],t||(t=e.slice(0)),Object.freeze(Object.defineProperties(e,{raw:{value:Object.freeze(t)}})));return h=function(){return r},r}var x=function(t){var r,u,l=t.authenticator,p=f().t,s=(0,e.useAPIClient)(),d=new URLSearchParams((0,m.useLocation)().search),y=d.get("redirect"),x=(r=function(){var e,t,r;return function(e,t){var r,o,n,i,a={label:0,sent:function(){if(1&n[0])throw n[1];return n[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){var u=[i,c];if(r)throw TypeError("Generator is already executing.");for(;a;)try{if(r=1,o&&(n=2&u[0]?o.return:u[0]?o.throw||((n=o.return)&&n.call(o),0):o.next)&&!(n=n.call(o,u[1])).done)return n;switch(o=0,n&&(u=[2&u[0],n.value]),u[0]){case 0:case 1:n=u;break;case 4:return a.label++,{value:u[1],done:!1};case 5:a.label++,o=u[1],u=[0];continue;case 7:u=a.ops.pop(),a.trys.pop();continue;default:if(!(n=(n=a.trys).length>0&&n[n.length-1])&&(6===u[0]||2===u[0])){a=0;continue}if(3===u[0]&&(!n||u[1]>n[0]&&u[1]<n[3])){a.label=u[1];break}if(6===u[0]&&a.label<n[1]){a.label=n[1],n=u;break}if(n&&a.label<n[2]){a.label=n[2],a.ops.push(u);break}n[2]&&a.ops.pop(),a.trys.pop();continue}u=t.call(e,a)}catch(e){u=[6,e],o=0}finally{r=n=0}if(5&u[0])throw u[1];return{value:u[0]?u[1]:void 0,done:!0}}}}(this,function(o){switch(o.label){case 0:return[4,s.request({method:"post",url:"oidc:getAuthUrl",headers:{"X-Authenticator":l.name},data:{redirect:y}})];case 1:return r=null==(t=o.sent())||null==(e=t.data)?void 0:e.data,window.location.replace(r),[2]}})},u=function(){var e=this,t=arguments;return new Promise(function(o,n){var i=r.apply(e,t);function a(e){v(i,o,n,a,c,"next",e)}function c(e){v(i,o,n,a,c,"throw",e)}a(void 0)})},function(){return u.apply(this,arguments)});return(0,a.useEffect)(function(){var e=b.get(o);if(e){var t=new URL(e);t.searchParams.set("post_logout_redirect_uri",window.location.href),b.remove(o,{domain:window.location.hostname}),window.location.href=t.href}var r=d.get("authenticator"),n=d.get("error");if(r===l.name&&n)return void i.message.error(p(n))}),c().createElement(i.Space,{direction:"vertical",className:(0,e.css)(h())},c().createElement(i.Button,{shape:"round",block:!0,icon:c().createElement(n.LoginOutlined,null),onClick:x},p(l.title)))},g=s(632),S=s(505),I={type:"object",properties:{public:{type:"object",properties:{autoSignup:{"x-decorator":"FormItem",type:"boolean",title:'{{t("Sign up automatically when the user does not exist")}}',"x-component":"Checkbox",default:!0}}},oidc:{type:"object",properties:{collapse:{type:"void","x-component":"FormTab",properties:{basic:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:p("Basic configuration")},properties:{issuer:{type:"string",title:'{{t("Issuer")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientId:{type:"string",title:'{{t("Client ID")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientSecret:{type:"string",title:'{{t("Client Secret")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},scope:{type:"string",title:'{{t("scope")}}',"x-component":"Input","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Default: openid profile email")}}'}},idTokenSignedResponseAlg:{type:"string",title:'{{t("id_token signed response algorithm")}}',"x-component":"Select","x-decorator":"FormItem",enum:[{label:"HS256",value:"HS256"},{label:"HS384",value:"HS384"},{label:"HS512",value:"HS512"},{label:"RS256",value:"RS256"},{label:"RS384",value:"RS384"},{label:"RS512",value:"RS512"},{label:"ES256",value:"ES256"},{label:"ES384",value:"ES384"},{label:"ES512",value:"ES512"},{label:"PS256",value:"PS256"},{label:"PS384",value:"PS384"},{label:"PS512",value:"PS512"}]}}},mapping:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:p("Field mapping")},properties:{fieldMap:{title:'{{t("Field Map")}}',type:"array","x-decorator":"FormItem","x-component":"ArrayItems",items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{source:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("source")}}'}},target:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("target")}}'}},remove:{type:"void","x-decorator":"FormItem","x-component":"ArrayItems.Remove"}}}}},properties:{add:{type:"void",title:"Add","x-component":"ArrayItems.Addition"}}},userBindField:{type:"string",title:'{{t("Use this field to bind the user")}}',"x-component":"Select","x-decorator":"FormItem",default:"email",enum:[{label:p("Email"),value:"email"},{label:p("Username"),value:"username"}],required:!0}}},advanced:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:p("Advanced configuration")},properties:{logout:{type:"boolean",title:'{{t("RP-initiated logout")}}',"x-component":"Checkbox","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Performs logout on the issuer (uses end_session_endpoint in the issuer configuration)")}}'}},http:{type:"boolean",title:'{{t("HTTP")}}',"x-component":"Checkbox","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Check if NocoBase is running on HTTP protocol")}}'}},port:{type:"number",title:'{{t("Port")}}',"x-component":"InputNumber","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("The port number of the NocoBase service if it is not 80 or 443")}}'},"x-component-props":{style:{width:"15%",minWidth:"100px"}}},stateToken:{type:"string",title:'{{t("State token")}}',"x-component":"Input","x-decorator":"FormItem",description:p("The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.")},exchangeBodyKeys:{type:"array",title:'{{t("Pass parameters in the authorization code grant exchange")}}',"x-decorator":"FormItem","x-component":"ArrayItems",default:[{paramName:"",optionsKey:"clientId"},{paramName:"",optionsKey:"clientSecret"}],items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{enabled:{type:"boolean","x-decorator":"FormItem","x-component":"Checkbox"},optionsKey:{type:"string","x-decorator":"FormItem","x-decorator-props":{style:{width:"100px"}},"x-component":"Select","x-read-pretty":!0,enum:[{label:p("Client ID"),value:"clientId"},{label:p("Client Secret"),value:"clientSecret"}]},paramName:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("Parameter name")}}'}}}}}}},userInfoMethod:{type:"string",title:'{{t("Method to call the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"GET",enum:[{label:"GET",value:"GET"},{label:"POST",value:"POST"}],"x-reactions":[{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "query"}}',fulfill:{state:{value:"GET"}}},{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "body"}}',fulfill:{state:{value:"POST"}}}]},accessTokenVia:{type:"string",title:'{{t("Where to put the access token when calling the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"header",enum:[{label:p("Header"),value:"header"},{label:p("Body (Use with POST method)"),value:"body"},{label:p("Query parameters (Use with GET method)"),value:"query"}]}}}}}}},usage:{type:"void","x-component":"Usage"}}},w=(0,S.observer)(function(){var t=f().t,r=(0,e.useApp)(),o=(0,a.useMemo)(function(){return r.getApiUrl("oidc:redirect")},[r]),u=function(e){navigator.clipboard.writeText(e),i.message.success(t("Copied"))};return c().createElement(i.Card,{title:t("Usage"),type:"inner"},c().createElement(e.FormItem,{label:t("Redirect URL")},c().createElement(e.Input,{value:o,disabled:!0,addonBefore:c().createElement(n.CopyOutlined,{onClick:function(){return u(o)}})})))},{displayName:"Usage"}),T=function(){var t=f().t;return c().createElement(e.SchemaComponent,{scope:{t:t},components:{Usage:w,ArrayItems:g.ArrayItems,Space:i.Space,FormTab:g.FormTab},schema:I})};function P(e,t,r,o,n,i,a){try{var c=e[i](a),u=c.value}catch(e){r(e);return}c.done?t(u):Promise.resolve(u).then(o,n)}function F(e,t,r){return(F=E()?Reflect.construct:function(e,t,r){var o=[null];o.push.apply(o,t);var n=new(Function.bind.apply(e,o));return r&&C(n,r.prototype),n}).apply(null,arguments)}function k(e){return(k=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function C(e,t){return(C=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function O(e){var t="function"==typeof Map?new Map:void 0;return(O=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return F(e,arguments,k(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),C(r,e)})(e)}function E(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch(e){}return(E=function(){return!!e})()}var j=function(e){var t;if("function"!=typeof e&&null!==e)throw TypeError("Super expression must either be null or a function");function o(){var e,t;if(!(this instanceof o))throw TypeError("Cannot call a class as a function");return e=o,t=arguments,e=k(e),function(e,t){var r;if(t&&("object"==((r=t)&&"undefined"!=typeof Symbol&&r.constructor===Symbol?"symbol":typeof r)||"function"==typeof t))return t;if(void 0===e)throw ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(this,E()?Reflect.construct(e,t||[],k(this).constructor):e.apply(this,t))}return o.prototype=Object.create(e&&e.prototype,{constructor:{value:o,writable:!0,configurable:!0}}),e&&C(o,e),t=[{key:"load",value:function(){var e,t=this;return(e=function(){return function(e,t){var r,o,n,i,a={label:0,sent:function(){if(1&n[0])throw n[1];return n[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){var u=[i,c];if(r)throw TypeError("Generator is already executing.");for(;a;)try{if(r=1,o&&(n=2&u[0]?o.return:u[0]?o.throw||((n=o.return)&&n.call(o),0):o.next)&&!(n=n.call(o,u[1])).done)return n;switch(o=0,n&&(u=[2&u[0],n.value]),u[0]){case 0:case 1:n=u;break;case 4:return a.label++,{value:u[1],done:!1};case 5:a.label++,o=u[1],u=[0];continue;case 7:u=a.ops.pop(),a.trys.pop();continue;default:if(!(n=(n=a.trys).length>0&&n[n.length-1])&&(6===u[0]||2===u[0])){a=0;continue}if(3===u[0]&&(!n||u[1]>n[0]&&u[1]<n[3])){a.label=u[1];break}if(6===u[0]&&a.label<n[1]){a.label=n[1],n=u;break}if(n&&a.label<n[2]){a.label=n[2],a.ops.push(u);break}n[2]&&a.ops.pop(),a.trys.pop();continue}u=t.call(e,a)}catch(e){u=[6,e],o=0}finally{r=n=0}if(5&u[0])throw u[1];return{value:u[0]?u[1]:void 0,done:!0}}}}(this,function(e){return t.app.pm.get(r()).registerType("OIDC+",{components:{SignInButton:x,AdminSettingsForm:T}}),[2]})},function(){var t=this,r=arguments;return new Promise(function(o,n){var i=e.apply(t,r);function a(e){P(i,o,n,a,c,"next",e)}function c(e){P(i,o,n,a,c,"throw",e)}a(void 0)})})()}}],function(e,t){for(var r=0;r<t.length;r++){var o=t[r];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(e,o.key,o)}}(o.prototype,t),o}(O(e.Plugin)),R=j}(),d}()});

package/dist/externalVersion.js

@@ -8,16 +8,16 @@
  */
 
 module.exports = {
-  "@ant-design/icons": "5.2.6",
-  "@nocobase/client": "1.3.19-beta",
-  "antd": "5.12.8",
+  "@ant-design/icons": "5.6.1",
+  "@nocobase/client": "1.8.23",
+  "antd": "5.24.2",
   "react": "18.2.0",
-  "react-router-dom": "6.21.0",
-  "@nocobase/plugin-auth": "1.3.19-beta",
-  "@formily/antd-v5": "1.1.9",
+  "react-router-dom": "6.28.1",
+  "@nocobase/plugin-auth": "1.8.23",
+  "@formily/antd-v5": "1.2.3",
   "@formily/react": "2.3.0",
-  "@nocobase/auth": "1.3.19-beta",
-  "@nocobase/server": "1.3.19-beta",
+  "@nocobase/auth": "1.8.23",
+  "@nocobase/server": "1.8.23",
   "react-i18next": "11.18.6",
-  "@nocobase/actions": "1.3.19-beta"
+  "@nocobase/actions": "1.8.23"
 };

package/package.json

@@ -2,29 +2,29 @@
   "name": "@typekcz-nocobase-plugins/plugin-oidc-plus",
   "displayName": "Auth: OIDC Plus",
   "description": "OIDC (OpenID Connect) authentication with extra features.",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "license": "AGPL-3.0",
   "main": "dist/server/index.js",
   "devDependencies": {
     "@ant-design/icons": "5.x",
     "@formily/antd-v5": "1.x",
     "@formily/react": "2.x",
-    "ahooks": "3.7.2",
+    "ahooks": "^3.7.2",
     "antd": "5.x",
-    "nanoid": "3.3.4",
+    "nanoid": "^3.3.4",
     "openid-client": "^5.4.2",
     "react": "18.x",
     "react-i18next": "^11.15.1",
     "js-cookie": "^3.0.5"
   },
   "peerDependencies": {
-    "@nocobase/actions": "^1.3.19-beta",
-    "@nocobase/auth": "^1.3.19-beta",
-    "@nocobase/client": "^1.3.19-beta",
-    "@nocobase/database": "^1.3.19-beta",
-    "@nocobase/plugin-auth": "^1.3.19-beta",
-    "@nocobase/server": "^1.3.19-beta",
-    "@nocobase/test": "^1.3.19-beta"
+    "@nocobase/actions": "1.x",
+    "@nocobase/auth": "1.x",
+    "@nocobase/client": "1.x",
+    "@nocobase/database": "1.x",
+    "@nocobase/plugin-auth": "1.x",
+    "@nocobase/server": "1.x",
+    "@nocobase/test": "1.x"
   },
   "keywords": [
     "Authentication"

package/src/client/OIDCButton.tsx

@@ -0,0 +1,70 @@
+import { LoginOutlined } from '@ant-design/icons';
+import { css, useAPIClient } from '@nocobase/client';
+import { Button, Space, message } from 'antd';
+import React, { useEffect } from 'react';
+import { useOidcTranslation } from './locale';
+import { useLocation } from 'react-router-dom';
+import { Authenticator } from '@nocobase/plugin-auth/client';
+import Cookies from 'js-cookie';
+import { logoutCookieName } from '../constants';
+
+export interface OIDCProvider {
+  clientId: string;
+  title: string;
+}
+
+export const OIDCButton = ({ authenticator }: { authenticator: Authenticator }) => {
+  const { t } = useOidcTranslation();
+  const api = useAPIClient();
+  const location = useLocation();
+  const params = new URLSearchParams(location.search);
+  const redirect = params.get('redirect');
+
+  const login = async () => {
+    const response = await api.request({
+      method: 'post',
+      url: 'oidc:getAuthUrl',
+      headers: {
+        'X-Authenticator': authenticator.name,
+      },
+      data: {
+        redirect,
+      },
+    });
+
+    const authUrl = response?.data?.data;
+    window.location.replace(authUrl);
+  };
+
+  useEffect(() => {
+    const logoutUrl = Cookies.get(logoutCookieName);
+    if (logoutUrl) {
+      const logoutUrlObj = new URL(logoutUrl);
+      logoutUrlObj.searchParams.set('post_logout_redirect_uri', window.location.href);
+      Cookies.remove(logoutCookieName, { domain: window.location.hostname });
+      window.location.href = logoutUrlObj.href;
+    }
+    const name = params.get('authenticator');
+    const error = params.get('error');
+    if (name !== authenticator.name) {
+      return;
+    }
+    if (error) {
+      message.error(t(error));
+      return;
+    }
+  });
+
+  return (
+    <Space
+      direction="vertical"
+      className={css`
+        display: flex;
+      `}
+    >
+      <Button shape="round" block icon={<LoginOutlined />} onClick={login}>
+        {t(authenticator.title)}
+      </Button>
+    </Space>
+  );
+};

package/src/client/Options.tsx

@@ -0,0 +1,359 @@
+import { CopyOutlined } from '@ant-design/icons';
+import { ArrayItems, FormTab } from '@formily/antd-v5';
+import { observer } from '@formily/react';
+import { FormItem, Input, SchemaComponent, useApp } from '@nocobase/client';
+import { Card, Space, message } from 'antd';
+import React, { useMemo } from 'react';
+import { lang, useOidcTranslation } from './locale';
+
+const schema = {
+  type: 'object',
+  properties: {
+    public: {
+      type: 'object',
+      properties: {
+        autoSignup: {
+          'x-decorator': 'FormItem',
+          type: 'boolean',
+          title: '{{t("Sign up automatically when the user does not exist")}}',
+          'x-component': 'Checkbox',
+          default: true,
+        },
+      },
+    },
+    oidc: {
+      type: 'object',
+      properties: {
+        collapse: {
+          type: 'void',
+          'x-component': 'FormTab',
+          properties: {
+            basic: {
+              type: 'void',
+              'x-component': 'FormTab.TabPane',
+              'x-component-props': {
+                tab: lang('Basic configuration'),
+              },
+              properties: {
+                issuer: {
+                  type: 'string',
+                  title: '{{t("Issuer")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  required: true,
+                },
+                clientId: {
+                  type: 'string',
+                  title: '{{t("Client ID")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  required: true,
+                },
+                clientSecret: {
+                  type: 'string',
+                  title: '{{t("Client Secret")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  required: true,
+                },
+                scope: {
+                  type: 'string',
+                  title: '{{t("scope")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip: '{{t("Default: openid profile email")}}',
+                  },
+                },
+                idTokenSignedResponseAlg: {
+                  type: 'string',
+                  title: '{{t("id_token signed response algorithm")}}',
+                  'x-component': 'Select',
+                  'x-decorator': 'FormItem',
+                  enum: [
+                    { label: 'HS256', value: 'HS256' },
+                    { label: 'HS384', value: 'HS384' },
+                    { label: 'HS512', value: 'HS512' },
+                    { label: 'RS256', value: 'RS256' },
+                    { label: 'RS384', value: 'RS384' },
+                    { label: 'RS512', value: 'RS512' },
+                    { label: 'ES256', value: 'ES256' },
+                    { label: 'ES384', value: 'ES384' },
+                    { label: 'ES512', value: 'ES512' },
+                    { label: 'PS256', value: 'PS256' },
+                    { label: 'PS384', value: 'PS384' },
+                    { label: 'PS512', value: 'PS512' },
+                  ],
+                },
+              },
+            },
+            mapping: {
+              type: 'void',
+              'x-component': 'FormTab.TabPane',
+              'x-component-props': {
+                tab: lang('Field mapping'),
+              },
+              properties: {
+                fieldMap: {
+                  title: '{{t("Field Map")}}',
+                  type: 'array',
+                  'x-decorator': 'FormItem',
+                  'x-component': 'ArrayItems',
+                  items: {
+                    type: 'object',
+                    'x-decorator': 'ArrayItems.Item',
+                    properties: {
+                      space: {
+                        type: 'void',
+                        'x-component': 'Space',
+                        properties: {
+                          source: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Input',
+                            'x-component-props': {
+                              placeholder: '{{t("source")}}',
+                            },
+                          },
+                          target: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Input',
+                            'x-component-props': {
+                              placeholder: '{{t("target")}}',
+                            },
+                          },
+                          remove: {
+                            type: 'void',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'ArrayItems.Remove',
+                          },
+                        },
+                      },
+                    },
+                  },
+                  properties: {
+                    add: {
+                      type: 'void',
+                      title: 'Add',
+                      'x-component': 'ArrayItems.Addition',
+                    },
+                  },
+                },
+                userBindField: {
+                  type: 'string',
+                  title: '{{t("Use this field to bind the user")}}',
+                  'x-component': 'Select',
+                  'x-decorator': 'FormItem',
+                  default: 'email',
+                  enum: [
+                    { label: lang('Email'), value: 'email' },
+                    { label: lang('Username'), value: 'username' },
+                  ],
+                  required: true,
+                },
+              },
+            },
+            advanced: {
+              type: 'void',
+              'x-component': 'FormTab.TabPane',
+              'x-component-props': {
+                tab: lang('Advanced configuration'),
+              },
+              properties: {
+                logout: {
+                  type: 'boolean',
+                  title: '{{t("RP-initiated logout")}}',
+                  'x-component': 'Checkbox',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip:
+                      '{{t("Performs logout on the issuer (uses end_session_endpoint in the issuer configuration)")}}',
+                  },
+                },
+                http: {
+                  type: 'boolean',
+                  title: '{{t("HTTP")}}',
+                  'x-component': 'Checkbox',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip: '{{t("Check if NocoBase is running on HTTP protocol")}}',
+                  },
+                },
+                port: {
+                  type: 'number',
+                  title: '{{t("Port")}}',
+                  'x-component': 'InputNumber',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip: '{{t("The port number of the NocoBase service if it is not 80 or 443")}}',
+                  },
+                  'x-component-props': {
+                    style: {
+                      width: '15%',
+                      minWidth: '100px',
+                    },
+                  },
+                },
+                stateToken: {
+                  type: 'string',
+                  title: '{{t("State token")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  description: lang(
+                    "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.",
+                  ),
+                },
+                exchangeBodyKeys: {
+                  type: 'array',
+                  title: '{{t("Pass parameters in the authorization code grant exchange")}}',
+                  'x-decorator': 'FormItem',
+                  'x-component': 'ArrayItems',
+                  default: [
+                    { paramName: '', optionsKey: 'clientId' },
+                    {
+                      paramName: '',
+                      optionsKey: 'clientSecret',
+                    },
+                  ],
+                  items: {
+                    type: 'object',
+                    'x-decorator': 'ArrayItems.Item',
+                    properties: {
+                      space: {
+                        type: 'void',
+                        'x-component': 'Space',
+                        properties: {
+                          enabled: {
+                            type: 'boolean',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Checkbox',
+                          },
+                          optionsKey: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-decorator-props': {
+                              style: {
+                                width: '100px',
+                              },
+                            },
+                            'x-component': 'Select',
+                            'x-read-pretty': true,
+                            enum: [
+                              { label: lang('Client ID'), value: 'clientId' },
+                              { label: lang('Client Secret'), value: 'clientSecret' },
+                            ],
+                          },
+                          paramName: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Input',
+                            'x-component-props': {
+                              placeholder: '{{t("Parameter name")}}',
+                            },
+                          },
+                        },
+                      },
+                    },
+                  },
+                },
+                userInfoMethod: {
+                  type: 'string',
+                  title: '{{t("Method to call the user info endpoint")}}',
+                  'x- decorator': 'FormItem',
+                  'x-component': 'Radio.Group',
+                  default: 'GET',
+                  enum: [
+                    {
+                      label: 'GET',
+                      value: 'GET',
+                    },
+                    {
+                      label: 'POST',
+                      value: 'POST',
+                    },
+                  ],
+                  'x-reactions': [
+                    {
+                      dependencies: ['.accessTokenVia'],
+                      when: '{{$deps[0] === "query"}}',
+                      fulfill: {
+                        state: {
+                          value: 'GET',
+                        },
+                      },
+                    },
+                    {
+                      dependencies: ['.accessTokenVia'],
+                      when: '{{$deps[0] === "body"}}',
+                      fulfill: {
+                        state: {
+                          value: 'POST',
+                        },
+                      },
+                    },
+                  ],
+                },
+                accessTokenVia: {
+                  type: 'string',
+                  title: '{{t("Where to put the access token when calling the user info endpoint")}}',
+                  'x- decorator': 'FormItem',
+                  'x-component': 'Radio.Group',
+                  default: 'header',
+                  enum: [
+                    {
+                      label: lang('Header'),
+                      value: 'header',
+                    },
+                    {
+                      label: lang('Body (Use with POST method)'),
+                      value: 'body',
+                    },
+                    {
+                      label: lang('Query parameters (Use with GET method)'),
+                      value: 'query',
+                    },
+                  ],
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+    usage: {
+      type: 'void',
+      'x-component': 'Usage',
+    },
+  },
+};
+
+const Usage = observer(
+  () => {
+    const { t } = useOidcTranslation();
+    const app = useApp();
+
+    const url = useMemo(() => {
+      return app.getApiUrl('oidc:redirect');
+    }, [app]);
+
+    const copy = (text: string) => {
+      navigator.clipboard.writeText(text);
+      message.success(t('Copied'));
+    };
+
+    return (
+      <Card title={t('Usage')} type="inner">
+        <FormItem label={t('Redirect URL')}>
+          <Input value={url} disabled={true} addonBefore={<CopyOutlined onClick={() => copy(url)} />} />
+        </FormItem>
+      </Card>
+    );
+  },
+  { displayName: 'Usage' },
+);
+
+export const Options = () => {
+  const { t } = useOidcTranslation();
+  return <SchemaComponent scope={{ t }} components={{ Usage, ArrayItems, Space, FormTab }} schema={schema} />;
+};

package/src/client/index.tsx

@@ -0,0 +1,19 @@
+import { Plugin } from '@nocobase/client';
+import AuthPlugin from '@nocobase/plugin-auth/client';
+import { authType } from '../constants';
+import { OIDCButton } from './OIDCButton';
+import { Options } from './Options';
+
+export class PluginOIDCClient extends Plugin {
+  async load() {
+    const auth = this.app.pm.get(AuthPlugin);
+    auth.registerType(authType, {
+      components: {
+        SignInButton: OIDCButton,
+        AdminSettingsForm: Options,
+      },
+    });
+  }
+}
+
+export default PluginOIDCClient;

package/src/client/locale/index.ts

@@ -0,0 +1,18 @@
+import { i18n } from '@nocobase/client';
+import { useTranslation } from 'react-i18next';
+
+export const NAMESPACE = 'oidc';
+
+// i18n.addResources('zh-CN', NAMESPACE, zhCN);
+// i18n.addResources('en-US', NAMESPACE, enUS);
+// i18n.addResources('ja-JP', NAMESPACE, jaJP);
+// i18n.addResources('ru-RU', NAMESPACE, ruRU);
+// i18n.addResources('tr-TR', NAMESPACE, trTR);
+
+export function lang(key: string) {
+  return i18n.t(key, { ns: NAMESPACE });
+}
+
+export function useOidcTranslation() {
+  return useTranslation(NAMESPACE);
+}

package/src/constants.ts

@@ -0,0 +1,7 @@
+// @ts-ignore
+import { name } from '../package.json';
+
+export const authType = 'OIDC+';
+export const cookieName = 'tnp_oidc_plus';
+export const logoutCookieName = 'tnp_oidc_plus_logout';
+export const namespace = name;

package/src/index.ts

@@ -0,0 +1,2 @@
+export * from './server';
+export { default } from './server';