@typekcz-nocobase-plugins/plugin-oidc-plus 1.0.3 → 1.0.4

package/src/server/plugin.ts

@@ -0,0 +1,63 @@
+import { Gateway, InstallOptions, Plugin } from '@nocobase/server';
+import { getAuthUrl } from './actions/getAuthUrl';
+import { redirect } from './actions/redirect';
+import { authType } from '../constants';
+import { OIDCAuth } from './oidc-auth';
+import { resolve } from 'path';
+
+export class PluginOIDCServer extends Plugin {
+  afterAdd() {}
+
+  beforeLoad() {}
+
+  async load() {
+    this.db.addMigrations({
+      namespace: 'auth',
+      directory: resolve(__dirname, 'migrations'),
+      context: {
+        plugin: this,
+      },
+    });
+
+    this.app.authManager.registerTypes(authType, {
+      auth: OIDCAuth,
+    });
+
+    this.app.resource({
+      name: 'oidc',
+      actions: {
+        getAuthUrl,
+        redirect,
+      },
+    });
+
+    this.app.acl.allow('oidc', '*', 'public');
+
+    /* istanbul ignore next -- @preserve */
+    Gateway.getInstance().addAppSelectorMiddleware(async (ctx, next) => {
+      const { req } = ctx;
+      const url = new URL(req.url, `http://${req.headers.host}`);
+      const params = url.searchParams;
+      const state = params.get('state');
+      if (!state) {
+        return next();
+      }
+      const search = new URLSearchParams(state);
+      const appName = search.get('app');
+      if (appName) {
+        ctx.resolvedAppName = appName;
+      }
+      await next();
+    });
+  }
+
+  async install(options?: InstallOptions) {}
+
+  async afterEnable() {}
+
+  async afterDisable() {}
+
+  async remove() {}
+}
+
+export default PluginOIDCServer;

package/src/swagger/index.ts

@@ -0,0 +1,157 @@
+const user = {
+  type: 'object',
+  description: '用户',
+  properties: {
+    id: {
+      type: 'integer',
+      description: 'ID',
+    },
+    nickname: {
+      type: 'string',
+      description: '昵称',
+    },
+    email: {
+      type: 'string',
+      description: '邮箱',
+    },
+    phone: {
+      type: 'string',
+      description: '手机号',
+    },
+    appLang: {
+      type: 'string',
+      description: '用户使用语言',
+    },
+    systemSettings: {
+      type: 'object',
+      description: '系统设置',
+      properties: {
+        theme: {
+          type: 'string',
+          description: '用户使用主题',
+        },
+      },
+    },
+    createdAt: {
+      type: 'string',
+      format: 'date-time',
+      description: '创建时间',
+    },
+    updatedAt: {
+      type: 'string',
+      format: 'date-time',
+      description: '更新时间',
+    },
+    createdById: {
+      type: 'integer',
+      description: '创建人',
+    },
+    updatedById: {
+      type: 'integer',
+      description: '更新人',
+    },
+  },
+};
+
+export default {
+  info: {
+    title: 'NocoBase API - OIDC plugin',
+  },
+  paths: {
+    '/oidc:getAuthUrl': {
+      security: [],
+      get: {
+        description: 'Get OIDC authorization url',
+        tags: ['OIDC'],
+        parameters: [
+          {
+            name: 'X-Authenticator',
+            description: '登录方式标识',
+            in: 'header',
+            schema: {
+              type: 'string',
+            },
+            required: true,
+          },
+        ],
+        responses: {
+          200: {
+            description: 'ok',
+            content: {
+              'application/json': {
+                schema: {
+                  type: 'string',
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+    '/auth:signIn': {
+      security: [],
+      post: {
+        description: 'OIDC sign in',
+        tags: ['OIDC'],
+        parameters: [
+          {
+            name: 'X-Authenticator',
+            description: '登录方式标识',
+            in: 'header',
+            schema: {
+              type: 'string',
+            },
+            required: true,
+          },
+          {
+            name: 'nocobase_oidc',
+            description: 'state校验值',
+            in: 'cookie',
+            schema: {
+              type: 'string',
+            },
+            required: true,
+          },
+        ],
+        requestBody: {
+          content: {
+            'application/json': {
+              schema: {
+                type: 'object',
+                properties: {
+                  code: {
+                    type: 'string',
+                  },
+                  state: {
+                    type: 'string',
+                  },
+                  iss: {
+                    type: 'string',
+                  },
+                },
+              },
+            },
+          },
+        },
+        responses: {
+          200: {
+            description: 'ok',
+            content: {
+              'application/json': {
+                schema: {
+                  type: 'object',
+                  properties: {
+                    token: {
+                      type: 'string',
+                    },
+                    user,
+                  },
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+};

package/dist/node_modules/nanoid/.devcontainer.json

@@ -1,23 +0,0 @@
-{
-  "image": "localhost/ai-opensource:latest",
-  "forwardPorts": [],
-  "mounts": [
-    {
-      "source": "pnpm-store",
-      "target": "/home/ai/.local/share/pnpm/store",
-      "type": "volume"
-    },
-    {
-      "source": "shell-history",
-      "target": "/home/ai/.local/share/history/",
-      "type": "volume"
-    }
-  ],
-  "workspaceMount": "",
-  "runArgs": [
-    "--userns=keep-id:uid=1000,gid=1000",
-    "--volume=${localWorkspaceFolder}:/workspaces/${localWorkspaceFolderBasename}:Z",
-    "--network=host",
-    "--ulimit=host"
-  ]
-}

package/dist/node_modules/nanoid/LICENSE

@@ -1,20 +0,0 @@
-The MIT License (MIT)
-
-Copyright 2017 Andrey Sitnik <andrey@sitnik.ru>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/dist/node_modules/nanoid/async/index.browser.cjs

@@ -1,69 +0,0 @@
-let random = async bytes => crypto.getRandomValues(new Uint8Array(bytes))
-
-let customAlphabet = (alphabet, defaultSize = 21) => {
-  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
-  // values closer to the alphabet size. The bitmask calculates the closest
-  // `2^31 - 1` number, which exceeds the alphabet size.
-  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
-  // `Math.clz32` is not used, because it is not available in browsers.
-  let mask = (2 << (Math.log(alphabet.length - 1) / Math.LN2)) - 1
-  // Though, the bitmask solution is not perfect since the bytes exceeding
-  // the alphabet size are refused. Therefore, to reliably generate the ID,
-  // the random bytes redundancy has to be satisfied.
-
-  // Note: every hardware random generator call is performance expensive,
-  // because the system call for entropy collection takes a lot of time.
-  // So, to avoid additional system calls, extra bytes are requested in advance.
-
-  // Next, a step determines how many random bytes to generate.
-  // The number of random bytes gets decided upon the ID size, mask,
-  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
-  // according to benchmarks).
-
-  // `-~f => Math.ceil(f)` if f is a float
-  // `-~i => i + 1` if i is an integer
-  let step = -~((1.6 * mask * defaultSize) / alphabet.length)
-
-  return async (size = defaultSize) => {
-    let id = ''
-    while (true) {
-      let bytes = crypto.getRandomValues(new Uint8Array(step))
-      // A compact alternative for `for (var i = 0; i < step; i++)`.
-      let i = step | 0
-      while (i--) {
-        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
-        id += alphabet[bytes[i] & mask] || ''
-        if (id.length === size) return id
-      }
-    }
-  }
-}
-
-let nanoid = async (size = 21) => {
-  let id = ''
-  let bytes = crypto.getRandomValues(new Uint8Array((size |= 0)))
-
-  // A compact alternative for `for (var i = 0; i < step; i++)`.
-  while (size--) {
-    // It is incorrect to use bytes exceeding the alphabet size.
-    // The following mask reduces the random byte in the 0-255 value
-    // range to the 0-63 value range. Therefore, adding hacks, such
-    // as empty string fallback or magic numbers, is unneccessary because
-    // the bitmask trims bytes down to the alphabet size.
-    let byte = bytes[size] & 63
-    if (byte < 36) {
-      // `0-9a-z`
-      id += byte.toString(36)
-    } else if (byte < 62) {
-      // `A-Z`
-      id += (byte - 26).toString(36).toUpperCase()
-    } else if (byte < 63) {
-      id += '_'
-    } else {
-      id += '-'
-    }
-  }
-  return id
-}
-
-module.exports = { nanoid, customAlphabet, random }

package/dist/node_modules/nanoid/async/index.browser.js

@@ -1,69 +0,0 @@
-let random = async bytes => crypto.getRandomValues(new Uint8Array(bytes))
-
-let customAlphabet = (alphabet, defaultSize = 21) => {
-  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
-  // values closer to the alphabet size. The bitmask calculates the closest
-  // `2^31 - 1` number, which exceeds the alphabet size.
-  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
-  // `Math.clz32` is not used, because it is not available in browsers.
-  let mask = (2 << (Math.log(alphabet.length - 1) / Math.LN2)) - 1
-  // Though, the bitmask solution is not perfect since the bytes exceeding
-  // the alphabet size are refused. Therefore, to reliably generate the ID,
-  // the random bytes redundancy has to be satisfied.
-
-  // Note: every hardware random generator call is performance expensive,
-  // because the system call for entropy collection takes a lot of time.
-  // So, to avoid additional system calls, extra bytes are requested in advance.
-
-  // Next, a step determines how many random bytes to generate.
-  // The number of random bytes gets decided upon the ID size, mask,
-  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
-  // according to benchmarks).
-
-  // `-~f => Math.ceil(f)` if f is a float
-  // `-~i => i + 1` if i is an integer
-  let step = -~((1.6 * mask * defaultSize) / alphabet.length)
-
-  return async (size = defaultSize) => {
-    let id = ''
-    while (true) {
-      let bytes = crypto.getRandomValues(new Uint8Array(step))
-      // A compact alternative for `for (var i = 0; i < step; i++)`.
-      let i = step | 0
-      while (i--) {
-        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
-        id += alphabet[bytes[i] & mask] || ''
-        if (id.length === size) return id
-      }
-    }
-  }
-}
-
-let nanoid = async (size = 21) => {
-  let id = ''
-  let bytes = crypto.getRandomValues(new Uint8Array((size |= 0)))
-
-  // A compact alternative for `for (var i = 0; i < step; i++)`.
-  while (size--) {
-    // It is incorrect to use bytes exceeding the alphabet size.
-    // The following mask reduces the random byte in the 0-255 value
-    // range to the 0-63 value range. Therefore, adding hacks, such
-    // as empty string fallback or magic numbers, is unneccessary because
-    // the bitmask trims bytes down to the alphabet size.
-    let byte = bytes[size] & 63
-    if (byte < 36) {
-      // `0-9a-z`
-      id += byte.toString(36)
-    } else if (byte < 62) {
-      // `A-Z`
-      id += (byte - 26).toString(36).toUpperCase()
-    } else if (byte < 63) {
-      id += '_'
-    } else {
-      id += '-'
-    }
-  }
-  return id
-}
-
-export { nanoid, customAlphabet, random }

package/dist/node_modules/nanoid/async/index.cjs

@@ -1,71 +0,0 @@
-let crypto = require('crypto')
-
-let { urlAlphabet } = require('../url-alphabet/index.cjs')
-
-// `crypto.randomFill()` is a little faster than `crypto.randomBytes()`,
-// because it is possible to use in combination with `Buffer.allocUnsafe()`.
-let random = bytes =>
-  new Promise((resolve, reject) => {
-    // `Buffer.allocUnsafe()` is faster because it doesn’t flush the memory.
-    // Memory flushing is unnecessary since the buffer allocation itself resets
-    // the memory with the new bytes.
-    crypto.randomFill(Buffer.allocUnsafe(bytes), (err, buf) => {
-      if (err) {
-        reject(err)
-      } else {
-        resolve(buf)
-      }
-    })
-  })
-
-let customAlphabet = (alphabet, defaultSize = 21) => {
-  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
-  // values closer to the alphabet size. The bitmask calculates the closest
-  // `2^31 - 1` number, which exceeds the alphabet size.
-  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
-  let mask = (2 << (31 - Math.clz32((alphabet.length - 1) | 1))) - 1
-  // Though, the bitmask solution is not perfect since the bytes exceeding
-  // the alphabet size are refused. Therefore, to reliably generate the ID,
-  // the random bytes redundancy has to be satisfied.
-
-  // Note: every hardware random generator call is performance expensive,
-  // because the system call for entropy collection takes a lot of time.
-  // So, to avoid additional system calls, extra bytes are requested in advance.
-
-  // Next, a step determines how many random bytes to generate.
-  // The number of random bytes gets decided upon the ID size, mask,
-  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
-  // according to benchmarks).
-  let step = Math.ceil((1.6 * mask * defaultSize) / alphabet.length)
-
-  let tick = (id, size = defaultSize) =>
-    random(step).then(bytes => {
-      // A compact alternative for `for (var i = 0; i < step; i++)`.
-      let i = step
-      while (i--) {
-        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
-        id += alphabet[bytes[i] & mask] || ''
-        if (id.length >= size) return id
-      }
-      return tick(id, size)
-    })
-
-  return size => tick('', size)
-}
-
-let nanoid = (size = 21) =>
-  random((size |= 0)).then(bytes => {
-    let id = ''
-    // A compact alternative for `for (var i = 0; i < step; i++)`.
-    while (size--) {
-      // It is incorrect to use bytes exceeding the alphabet size.
-      // The following mask reduces the random byte in the 0-255 value
-      // range to the 0-63 value range. Therefore, adding hacks, such
-      // as empty string fallback or magic numbers, is unneccessary because
-      // the bitmask trims bytes down to the alphabet size.
-      id += urlAlphabet[bytes[size] & 63]
-    }
-    return id
-  })
-
-module.exports = { nanoid, customAlphabet, random }

package/dist/node_modules/nanoid/async/index.d.ts

@@ -1,56 +0,0 @@
-/**
- * Generate secure URL-friendly unique ID. The non-blocking version.
- *
- * By default, the ID will have 21 symbols to have a collision probability
- * similar to UUID v4.
- *
- * ```js
- * import { nanoid } from 'nanoid/async'
- * nanoid().then(id => {
- *   model.id = id
- * })
- * ```
- *
- * @param size Size of the ID. The default size is 21.
- * @returns A promise with a random string.
- */
-export function nanoid(size?: number): Promise<string>
-
-/**
- * A low-level function.
- * Generate secure unique ID with custom alphabet. The non-blocking version.
- *
- * Alphabet must contain 256 symbols or less. Otherwise, the generator
- * will not be secure.
- *
- * @param alphabet Alphabet used to generate the ID.
- * @param defaultSize Size of the ID. The default size is 21.
- * @returns A function that returns a promise with a random string.
- *
- * ```js
- * import { customAlphabet } from 'nanoid/async'
- * const nanoid = customAlphabet('0123456789абвгдеё', 5)
- * nanoid().then(id => {
- *   model.id = id //=> "8ё56а"
- * })
- * ```
- */
-export function customAlphabet(
-  alphabet: string,
-  defaultSize?: number
-): (size?: number) => Promise<string>
-
-/**
- * Generate an array of random bytes collected from hardware noise.
- *
- * ```js
- * import { random } from 'nanoid/async'
- * random(5).then(bytes => {
- *   bytes //=> [10, 67, 212, 67, 89]
- * })
- * ```
- *
- * @param bytes Size of the array.
- * @returns A promise with a random bytes array.
- */
-export function random(bytes: number): Promise<Uint8Array>

package/dist/node_modules/nanoid/async/index.js

@@ -1,71 +0,0 @@
-import crypto from 'crypto'
-
-import { urlAlphabet } from '../url-alphabet/index.js'
-
-// `crypto.randomFill()` is a little faster than `crypto.randomBytes()`,
-// because it is possible to use in combination with `Buffer.allocUnsafe()`.
-let random = bytes =>
-  new Promise((resolve, reject) => {
-    // `Buffer.allocUnsafe()` is faster because it doesn’t flush the memory.
-    // Memory flushing is unnecessary since the buffer allocation itself resets
-    // the memory with the new bytes.
-    crypto.randomFill(Buffer.allocUnsafe(bytes), (err, buf) => {
-      if (err) {
-        reject(err)
-      } else {
-        resolve(buf)
-      }
-    })
-  })
-
-let customAlphabet = (alphabet, defaultSize = 21) => {
-  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
-  // values closer to the alphabet size. The bitmask calculates the closest
-  // `2^31 - 1` number, which exceeds the alphabet size.
-  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
-  let mask = (2 << (31 - Math.clz32((alphabet.length - 1) | 1))) - 1
-  // Though, the bitmask solution is not perfect since the bytes exceeding
-  // the alphabet size are refused. Therefore, to reliably generate the ID,
-  // the random bytes redundancy has to be satisfied.
-
-  // Note: every hardware random generator call is performance expensive,
-  // because the system call for entropy collection takes a lot of time.
-  // So, to avoid additional system calls, extra bytes are requested in advance.
-
-  // Next, a step determines how many random bytes to generate.
-  // The number of random bytes gets decided upon the ID size, mask,
-  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
-  // according to benchmarks).
-  let step = Math.ceil((1.6 * mask * defaultSize) / alphabet.length)
-
-  let tick = (id, size = defaultSize) =>
-    random(step).then(bytes => {
-      // A compact alternative for `for (var i = 0; i < step; i++)`.
-      let i = step
-      while (i--) {
-        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
-        id += alphabet[bytes[i] & mask] || ''
-        if (id.length >= size) return id
-      }
-      return tick(id, size)
-    })
-
-  return size => tick('', size)
-}
-
-let nanoid = (size = 21) =>
-  random((size |= 0)).then(bytes => {
-    let id = ''
-    // A compact alternative for `for (var i = 0; i < step; i++)`.
-    while (size--) {
-      // It is incorrect to use bytes exceeding the alphabet size.
-      // The following mask reduces the random byte in the 0-255 value
-      // range to the 0-63 value range. Therefore, adding hacks, such
-      // as empty string fallback or magic numbers, is unneccessary because
-      // the bitmask trims bytes down to the alphabet size.
-      id += urlAlphabet[bytes[size] & 63]
-    }
-    return id
-  })
-
-export { nanoid, customAlphabet, random }

package/dist/node_modules/nanoid/async/index.native.js

@@ -1,57 +0,0 @@
-import { getRandomBytesAsync } from 'expo-random'
-
-import { urlAlphabet } from '../url-alphabet/index.js'
-
-let random = getRandomBytesAsync
-
-let customAlphabet = (alphabet, defaultSize = 21) => {
-  // First, a bitmask is necessary to generate the ID. The bitmask makes bytes
-  // values closer to the alphabet size. The bitmask calculates the closest
-  // `2^31 - 1` number, which exceeds the alphabet size.
-  // For example, the bitmask for the alphabet size 30 is 31 (00011111).
-  let mask = (2 << (31 - Math.clz32((alphabet.length - 1) | 1))) - 1
-  // Though, the bitmask solution is not perfect since the bytes exceeding
-  // the alphabet size are refused. Therefore, to reliably generate the ID,
-  // the random bytes redundancy has to be satisfied.
-
-  // Note: every hardware random generator call is performance expensive,
-  // because the system call for entropy collection takes a lot of time.
-  // So, to avoid additional system calls, extra bytes are requested in advance.
-
-  // Next, a step determines how many random bytes to generate.
-  // The number of random bytes gets decided upon the ID size, mask,
-  // alphabet size, and magic number 1.6 (using 1.6 peaks at performance
-  // according to benchmarks).
-  let step = Math.ceil((1.6 * mask * defaultSize) / alphabet.length)
-
-  let tick = (id, size = defaultSize) =>
-    random(step).then(bytes => {
-      // A compact alternative for `for (var i = 0; i < step; i++)`.
-      let i = step
-      while (i--) {
-        // Adding `|| ''` refuses a random byte that exceeds the alphabet size.
-        id += alphabet[bytes[i] & mask] || ''
-        if (id.length >= size) return id
-      }
-      return tick(id, size)
-    })
-
-  return size => tick('', size)
-}
-
-let nanoid = (size = 21) =>
-  random((size |= 0)).then(bytes => {
-    let id = ''
-    // A compact alternative for `for (var i = 0; i < step; i++)`.
-    while (size--) {
-      // It is incorrect to use bytes exceeding the alphabet size.
-      // The following mask reduces the random byte in the 0-255 value
-      // range to the 0-63 value range. Therefore, adding hacks, such
-      // as empty string fallback or magic numbers, is unneccessary because
-      // the bitmask trims bytes down to the alphabet size.
-      id += urlAlphabet[bytes[size] & 63]
-    }
-    return id
-  })
-
-export { nanoid, customAlphabet, random }

package/dist/node_modules/nanoid/async/package.json

@@ -1,12 +0,0 @@
-{
-  "type": "module",
-  "main": "index.cjs",
-  "module": "index.js",
-  "react-native": {
-    "./index.js": "./index.native.js"
-  },
-  "browser": {
-    "./index.js": "./index.browser.js",
-    "./index.cjs": "./index.browser.cjs"
-  }
-}