@undefineds.co/xpod 0.3.1 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/cli.json +1 -1
- package/config/local.json +8 -8
- package/config/resolver.json +2 -2
- package/config/xpod.json +8 -8
- package/dist/api/chatkit/service.js +3 -9
- package/dist/api/chatkit/service.js.map +1 -1
- package/dist/api/container/common.js +1 -0
- package/dist/api/container/common.js.map +1 -1
- package/dist/api/container/routes.js +1 -1
- package/dist/api/container/routes.js.map +1 -1
- package/dist/api/handlers/InngestHandler.js +8 -0
- package/dist/api/handlers/InngestHandler.js.map +1 -1
- package/dist/api/runs/EmbeddedInngestService.d.ts +5 -4
- package/dist/api/runs/EmbeddedInngestService.js +18 -6
- package/dist/api/runs/EmbeddedInngestService.js.map +1 -1
- package/dist/api/runs/InngestRunExecutionBackend.d.ts +1 -0
- package/dist/api/runs/InngestRunExecutionBackend.js +1 -1
- package/dist/api/runs/InngestRunExecutionBackend.js.map +1 -1
- package/dist/api/runs/RunStateCenter.js +2 -5
- package/dist/api/runs/RunStateCenter.js.map +1 -1
- package/dist/api/runtime.js +6 -1
- package/dist/api/runtime.js.map +1 -1
- package/dist/cli/commands/start.js +20 -20
- package/dist/cli/commands/start.js.map +1 -1
- package/dist/components/context.jsonld +8 -8
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.d.ts +4 -4
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.js +7 -7
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.js.map +1 -1
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld +6 -6
- package/dist/identity/oidc/AutoDetectOidcHandler.d.ts +4 -4
- package/dist/identity/oidc/AutoDetectOidcHandler.js +6 -6
- package/dist/identity/oidc/AutoDetectOidcHandler.js.map +1 -1
- package/dist/identity/oidc/AutoDetectOidcHandler.jsonld +6 -6
- package/dist/main.js +22 -19
- package/dist/main.js.map +1 -1
- package/dist/runtime/bootstrap.js +1 -1
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/css-process.d.ts +24 -0
- package/dist/runtime/css-process.js +52 -0
- package/dist/runtime/css-process.js.map +1 -0
- package/package.json +2 -2
|
@@ -8,6 +8,7 @@ const path_1 = __importDefault(require("path"));
|
|
|
8
8
|
const fs_1 = __importDefault(require("fs"));
|
|
9
9
|
const supervisor_1 = require("../../supervisor");
|
|
10
10
|
const runtime_1 = require("../../runtime");
|
|
11
|
+
const css_process_1 = require("../../runtime/css-process");
|
|
11
12
|
const oidc_issuer_1 = require("../../runtime/oidc-issuer");
|
|
12
13
|
const childJsRuntime = typeof globalThis.Bun !== 'undefined'
|
|
13
14
|
? (process.env.XPOD_NODE_BINARY ?? 'node')
|
|
@@ -88,29 +89,29 @@ exports.startCommand = {
|
|
|
88
89
|
const apiPort = await (0, runtime_1.getFreePort)(cssPort + 1, argv.host);
|
|
89
90
|
const baseUrl = process.env.CSS_BASE_URL || `http://${argv.host}:${mainPort}/`;
|
|
90
91
|
// SP 模式:CSS_OIDC_ISSUER 显式指定外部 IdP;Cloud API 地址不再隐式当作 issuer。
|
|
91
|
-
const
|
|
92
|
+
const externalOidcIssuer = (0, oidc_issuer_1.resolveExternalOidcIssuer)(process.env);
|
|
92
93
|
console.log('Starting xpod...');
|
|
93
94
|
console.log(` Gateway: ${baseUrl} (${argv.host}:${mainPort})`);
|
|
94
95
|
console.log(` CSS (internal): http://localhost:${cssPort}`);
|
|
95
96
|
console.log(` API (internal): http://localhost:${apiPort}`);
|
|
96
|
-
if (
|
|
97
|
-
console.log(` SP mode: Cloud IdP = ${
|
|
97
|
+
if (externalOidcIssuer) {
|
|
98
|
+
console.log(` SP mode: Cloud IdP = ${externalOidcIssuer}`);
|
|
98
99
|
}
|
|
99
100
|
const supervisor = new supervisor_1.Supervisor();
|
|
100
101
|
const cssBinary = require.resolve('@solid/community-server/bin/server.js');
|
|
101
|
-
const cssArgs =
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
102
|
+
const cssArgs = (0, css_process_1.buildCssArgs)({
|
|
103
|
+
cssBinary,
|
|
104
|
+
configPath,
|
|
105
|
+
cssModuleRoot: runtime_1.PACKAGE_ROOT,
|
|
106
|
+
cssPort,
|
|
107
|
+
baseUrl,
|
|
108
|
+
externalOidcIssuer,
|
|
109
|
+
});
|
|
105
110
|
supervisor.register({
|
|
106
111
|
name: 'css',
|
|
107
112
|
command: childJsRuntime,
|
|
108
113
|
args: cssArgs,
|
|
109
|
-
env:
|
|
110
|
-
...process.env,
|
|
111
|
-
CSS_PORT: cssPort.toString(),
|
|
112
|
-
CSS_BASE_URL: baseUrl,
|
|
113
|
-
},
|
|
114
|
+
env: (0, css_process_1.buildCssChildEnv)(baseUrl, cssPort),
|
|
114
115
|
});
|
|
115
116
|
const isDevMode = __filename.endsWith('.ts');
|
|
116
117
|
const apiArgs = isDevMode
|
|
@@ -124,14 +125,13 @@ exports.startCommand = {
|
|
|
124
125
|
name: 'api',
|
|
125
126
|
command: childJsRuntime,
|
|
126
127
|
args: apiArgs,
|
|
127
|
-
env: {
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
},
|
|
128
|
+
env: (0, css_process_1.buildApiChildEnv)({
|
|
129
|
+
apiPort,
|
|
130
|
+
mainPort,
|
|
131
|
+
cssPort,
|
|
132
|
+
baseUrl,
|
|
133
|
+
externalOidcIssuer,
|
|
134
|
+
}),
|
|
135
135
|
});
|
|
136
136
|
const proxy = new runtime_1.GatewayProxy(mainPort, supervisor, '0.0.0.0', {
|
|
137
137
|
exitOnStop: true,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"start.js","sourceRoot":"","sources":["../../../src/cli/commands/start.ts"],"names":[],"mappings":";;;;;;AACA,gDAAwB;AACxB,4CAAoB;AACpB,iDAA8C;AAC9C,2CAAwE;AACxE,2DAAyF;AAUzF,MAAM,cAAc,GAAG,OAAQ,UAAgC,CAAC,GAAG,KAAK,WAAW;IACjF,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC;IAC1C,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;AAErB,SAAS,WAAW,CAAC,OAAe;IAClC,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,uBAAuB,OAAO,EAAE,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IACD,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAClD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;AACH,CAAC;AAEY,QAAA,YAAY,GAAqC;IAC5D,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,qBAAqB;IAC/B,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,MAAM,EAAE;QACd,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC3B,WAAW,EAAE,UAAU;KACxB,CAAC;SACD,MAAM,CAAC,QAAQ,EAAE;QAChB,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,wCAAwC;KACtD,CAAC;SACD,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,mBAAmB;KACjC,CAAC;SACD,MAAM,CAAC,MAAM,EAAE;QACd,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,cAAc;QAC3B,OAAO,EAAE,IAAI;KACd,CAAC;SACD,MAAM,CAAC,MAAM,EAAE;QACd,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,cAAc;QAC3B,OAAO,EAAE,WAAW;KACrB,CAAC;IACN,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;QAED,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,KAAK,IAAI;YAChB,CAAC,CAAC,IAAI,CAAC,IAAI;YACX,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;QAExE,IAAI,UAAkB,CAAC;QACvB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC;QAC3B,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACrB,UAAU,GAAG,cAAI,CAAC,IAAI,CAAC,sBAAY,EAAE,UAAU,IAAI,CAAC,IAAI,OAAO,CAAC,CAAC;QACnE,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,cAAI,CAAC,IAAI,CAAC,sBAAY,EAAE,mBAAmB,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,qBAAW,EAAC,QAAQ,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,MAAM,IAAA,qBAAW,EAAC,OAAO,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAE1D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,UAAU,IAAI,CAAC,IAAI,IAAI,QAAQ,GAAG,CAAC;QAE/E,8DAA8D;QAC9D,MAAM,UAAU,GAAG,IAAA,uCAAyB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAE1D,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,KAAK,IAAI,CAAC,IAAI,IAAI,QAAQ,GAAG,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,CAAC,sCAAsC,OAAO,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,sCAAsC,OAAO,EAAE,CAAC,CAAC;QAC7D,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,uBAAU,EAAE,CAAC;QACpC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,uCAAuC,CAAC,CAAC;QAC3E,MAAM,OAAO,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,sBAAY,EAAE,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3G,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;QAC3C,CAAC;QAED,UAAU,CAAC,QAAQ,CAAC;YAClB,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,cAAc;YACvB,IAAI,EAAE,OAAO;YACb,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAA6B;gBACxC,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE;gBAC5B,YAAY,EAAE,OAAO;aACtB;SACF,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,SAAS;YACvB,CAAC,CAAC;gBACE,IAAI;gBACJ,OAAO,CAAC,OAAO,CAAC,iCAAiC,CAAC;gBAClD,cAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC;aACtD;YACH,CAAC,CAAC,CAAC,cAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;QAE5D,UAAU,CAAC,QAAQ,CAAC;YAClB,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,cAAc;YACvB,IAAI,EAAE,OAAO;YACb,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAA6B;gBACxC,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE;gBAC5B,cAAc,EAAE,QAAQ,CAAC,QAAQ,EAAE;gBACnC,gBAAgB,EAAE,oBAAoB,OAAO,EAAE;gBAC/C,YAAY,EAAE,OAAO;gBACrB,kBAAkB,EAAE,UAAU,CAAC,CAAC,CAAC,IAAA,+BAAiB,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,aAAa;aACzF;SACF,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,sBAAY,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE;YAC9D,UAAU,EAAE,IAAI;YAChB,OAAO;SACR,CAAC,CAAC;QACH,KAAK,CAAC,UAAU,CAAC;YACf,GAAG,EAAE,oBAAoB,OAAO,EAAE;YAClC,GAAG,EAAE,oBAAoB,OAAO,EAAE;SACnC,CAAC,CAAC;QAEH,MAAM,UAAU,CAAC,QAAQ,EAAE,CAAC;QAC5B,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;QAEpB,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAc,EAAiB,EAAE;YACvD,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,oBAAoB,CAAC,CAAC;YACtD,MAAM,UAAU,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC;QAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjD,CAAC;CACF,CAAC","sourcesContent":["import type { CommandModule } from 'yargs';\nimport path from 'path';\nimport fs from 'fs';\nimport { Supervisor } from '../../supervisor';\nimport { GatewayProxy, getFreePort, PACKAGE_ROOT } from '../../runtime';\nimport { oidcTokenEndpoint, resolveExternalOidcIssuer } from '../../runtime/oidc-issuer';\n\ninterface StartArgs {\n mode?: string;\n config?: string;\n env?: string;\n port: number;\n host: string;\n}\n\nconst childJsRuntime = typeof (globalThis as { Bun?: unknown }).Bun !== 'undefined'\n ? (process.env.XPOD_NODE_BINARY ?? 'node')\n : process.execPath;\n\nfunction loadEnvFile(envPath: string): void {\n if (!fs.existsSync(envPath)) {\n console.warn(`Env file not found: ${envPath}`);\n return;\n }\n const content = fs.readFileSync(envPath, 'utf-8');\n for (const line of content.split('\\n')) {\n const trimmed = line.trim();\n if (!trimmed || trimmed.startsWith('#')) continue;\n const eqIndex = trimmed.indexOf('=');\n if (eqIndex === -1) continue;\n const key = trimmed.slice(0, eqIndex).trim();\n let value = trimmed.slice(eqIndex + 1).trim();\n if (\n (value.startsWith('\"') && value.endsWith('\"')) ||\n (value.startsWith(\"'\") && value.endsWith(\"'\"))\n ) {\n value = value.slice(1, -1);\n }\n if (!process.env[key]) {\n process.env[key] = value;\n }\n }\n}\n\nexport const startCommand: CommandModule<object, StartArgs> = {\n command: 'start',\n describe: 'Start xpod services',\n builder: (yargs) =>\n yargs\n .option('mode', {\n alias: 'm',\n type: 'string',\n choices: ['local', 'cloud'],\n description: 'Run mode',\n })\n .option('config', {\n alias: 'c',\n type: 'string',\n description: 'Path to config file (overrides --mode)',\n })\n .option('env', {\n alias: 'e',\n type: 'string',\n description: 'Path to .env file',\n })\n .option('port', {\n alias: 'p',\n type: 'number',\n description: 'Gateway port',\n default: 3000,\n })\n .option('host', {\n type: 'string',\n description: 'Gateway host',\n default: 'localhost',\n }),\n handler: async (argv) => {\n if (argv.env) {\n loadEnvFile(argv.env);\n }\n\n const mainPort =\n argv.port !== 3000\n ? argv.port\n : parseInt(process.env.XPOD_PORT ?? process.env.PORT ?? '3000', 10);\n\n let configPath: string;\n if (argv.config) {\n configPath = argv.config;\n } else if (argv.mode) {\n configPath = path.join(PACKAGE_ROOT, `config/${argv.mode}.json`);\n } else {\n configPath = path.join(PACKAGE_ROOT, 'config/local.json');\n }\n\n const cssPort = await getFreePort(mainPort + 1, argv.host);\n const apiPort = await getFreePort(cssPort + 1, argv.host);\n\n const baseUrl = process.env.CSS_BASE_URL || `http://${argv.host}:${mainPort}/`;\n\n // SP 模式:CSS_OIDC_ISSUER 显式指定外部 IdP;Cloud API 地址不再隐式当作 issuer。\n const oidcIssuer = resolveExternalOidcIssuer(process.env);\n\n console.log('Starting xpod...');\n console.log(` Gateway: ${baseUrl} (${argv.host}:${mainPort})`);\n console.log(` CSS (internal): http://localhost:${cssPort}`);\n console.log(` API (internal): http://localhost:${apiPort}`);\n if (oidcIssuer) {\n console.log(` SP mode: Cloud IdP = ${oidcIssuer}`);\n }\n\n const supervisor = new Supervisor();\n const cssBinary = require.resolve('@solid/community-server/bin/server.js');\n const cssArgs = [cssBinary, '-c', configPath, '-m', PACKAGE_ROOT, '-p', cssPort.toString(), '-b', baseUrl];\n if (oidcIssuer) {\n cssArgs.push('--oidcIssuer', oidcIssuer);\n }\n\n supervisor.register({\n name: 'css',\n command: childJsRuntime,\n args: cssArgs,\n env: {\n ...process.env as Record<string, string>,\n CSS_PORT: cssPort.toString(),\n CSS_BASE_URL: baseUrl,\n },\n });\n\n const isDevMode = __filename.endsWith('.ts');\n const apiArgs = isDevMode\n ? [\n '-r',\n require.resolve('ts-node/register/transpile-only'),\n path.resolve(__dirname, '..', '..', 'api', 'main.ts'),\n ]\n : [path.resolve(__dirname, '..', '..', 'api', 'main.js')];\n\n supervisor.register({\n name: 'api',\n command: childJsRuntime,\n args: apiArgs,\n env: {\n ...process.env as Record<string, string>,\n API_PORT: apiPort.toString(),\n XPOD_MAIN_PORT: mainPort.toString(),\n CSS_INTERNAL_URL: `http://localhost:${cssPort}`,\n CSS_BASE_URL: baseUrl,\n CSS_TOKEN_ENDPOINT: oidcIssuer ? oidcTokenEndpoint(oidcIssuer) : `${baseUrl}.oidc/token`,\n },\n });\n\n const proxy = new GatewayProxy(mainPort, supervisor, '0.0.0.0', {\n exitOnStop: true,\n baseUrl,\n });\n proxy.setTargets({\n css: `http://localhost:${cssPort}`,\n api: `http://localhost:${apiPort}`,\n });\n\n await supervisor.startAll();\n await proxy.start();\n\n const shutdown = async (signal: string): Promise<void> => {\n console.log(`\\nReceived ${signal}, shutting down...`);\n await supervisor.stopAll();\n process.exit(0);\n };\n\n process.on('SIGTERM', () => shutdown('SIGTERM'));\n process.on('SIGINT', () => shutdown('SIGINT'));\n },\n};\n"]}
|
|
1
|
+
{"version":3,"file":"start.js","sourceRoot":"","sources":["../../../src/cli/commands/start.ts"],"names":[],"mappings":";;;;;;AACA,gDAAwB;AACxB,4CAAoB;AACpB,iDAA8C;AAC9C,2CAAwE;AACxE,2DAA6F;AAC7F,2DAAsE;AAUtE,MAAM,cAAc,GAAG,OAAQ,UAAgC,CAAC,GAAG,KAAK,WAAW;IACjF,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC;IAC1C,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;AAErB,SAAS,WAAW,CAAC,OAAe;IAClC,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,uBAAuB,OAAO,EAAE,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IACD,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAClD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;AACH,CAAC;AAEY,QAAA,YAAY,GAAqC;IAC5D,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,qBAAqB;IAC/B,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,KAAK;SACF,MAAM,CAAC,MAAM,EAAE;QACd,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAC3B,WAAW,EAAE,UAAU;KACxB,CAAC;SACD,MAAM,CAAC,QAAQ,EAAE;QAChB,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,wCAAwC;KACtD,CAAC;SACD,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,mBAAmB;KACjC,CAAC;SACD,MAAM,CAAC,MAAM,EAAE;QACd,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,cAAc;QAC3B,OAAO,EAAE,IAAI;KACd,CAAC;SACD,MAAM,CAAC,MAAM,EAAE;QACd,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,cAAc;QAC3B,OAAO,EAAE,WAAW;KACrB,CAAC;IACN,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;QAED,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,KAAK,IAAI;YAChB,CAAC,CAAC,IAAI,CAAC,IAAI;YACX,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;QAExE,IAAI,UAAkB,CAAC;QACvB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC;QAC3B,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACrB,UAAU,GAAG,cAAI,CAAC,IAAI,CAAC,sBAAY,EAAE,UAAU,IAAI,CAAC,IAAI,OAAO,CAAC,CAAC;QACnE,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,cAAI,CAAC,IAAI,CAAC,sBAAY,EAAE,mBAAmB,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,qBAAW,EAAC,QAAQ,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,MAAM,IAAA,qBAAW,EAAC,OAAO,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAE1D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,UAAU,IAAI,CAAC,IAAI,IAAI,QAAQ,GAAG,CAAC;QAE/E,8DAA8D;QAC9D,MAAM,kBAAkB,GAAG,IAAA,uCAAyB,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAElE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,KAAK,IAAI,CAAC,IAAI,IAAI,QAAQ,GAAG,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,CAAC,sCAAsC,OAAO,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,sCAAsC,OAAO,EAAE,CAAC,CAAC;QAC7D,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,0BAA0B,kBAAkB,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,uBAAU,EAAE,CAAC;QACpC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,uCAAuC,CAAC,CAAC;QAC3E,MAAM,OAAO,GAAG,IAAA,0BAAY,EAAC;YAC3B,SAAS;YACT,UAAU;YACV,aAAa,EAAE,sBAAY;YAC3B,OAAO;YACP,OAAO;YACP,kBAAkB;SACnB,CAAC,CAAC;QAEH,UAAU,CAAC,QAAQ,CAAC;YAClB,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,cAAc;YACvB,IAAI,EAAE,OAAO;YACb,GAAG,EAAE,IAAA,8BAAgB,EAAC,OAAO,EAAE,OAAO,CAAC;SACxC,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,SAAS;YACvB,CAAC,CAAC;gBACE,IAAI;gBACJ,OAAO,CAAC,OAAO,CAAC,iCAAiC,CAAC;gBAClD,cAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC;aACtD;YACH,CAAC,CAAC,CAAC,cAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;QAE5D,UAAU,CAAC,QAAQ,CAAC;YAClB,IAAI,EAAE,KAAK;YACX,OAAO,EAAE,cAAc;YACvB,IAAI,EAAE,OAAO;YACb,GAAG,EAAE,IAAA,8BAAgB,EAAC;gBACpB,OAAO;gBACP,QAAQ;gBACR,OAAO;gBACP,OAAO;gBACP,kBAAkB;aACnB,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,sBAAY,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE;YAC9D,UAAU,EAAE,IAAI;YAChB,OAAO;SACR,CAAC,CAAC;QACH,KAAK,CAAC,UAAU,CAAC;YACf,GAAG,EAAE,oBAAoB,OAAO,EAAE;YAClC,GAAG,EAAE,oBAAoB,OAAO,EAAE;SACnC,CAAC,CAAC;QAEH,MAAM,UAAU,CAAC,QAAQ,EAAE,CAAC;QAC5B,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;QAEpB,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAc,EAAiB,EAAE;YACvD,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,oBAAoB,CAAC,CAAC;YACtD,MAAM,UAAU,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC;QAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjD,CAAC;CACF,CAAC","sourcesContent":["import type { CommandModule } from 'yargs';\nimport path from 'path';\nimport fs from 'fs';\nimport { Supervisor } from '../../supervisor';\nimport { GatewayProxy, getFreePort, PACKAGE_ROOT } from '../../runtime';\nimport { buildApiChildEnv, buildCssArgs, buildCssChildEnv } from '../../runtime/css-process';\nimport { resolveExternalOidcIssuer } from '../../runtime/oidc-issuer';\n\ninterface StartArgs {\n mode?: string;\n config?: string;\n env?: string;\n port: number;\n host: string;\n}\n\nconst childJsRuntime = typeof (globalThis as { Bun?: unknown }).Bun !== 'undefined'\n ? (process.env.XPOD_NODE_BINARY ?? 'node')\n : process.execPath;\n\nfunction loadEnvFile(envPath: string): void {\n if (!fs.existsSync(envPath)) {\n console.warn(`Env file not found: ${envPath}`);\n return;\n }\n const content = fs.readFileSync(envPath, 'utf-8');\n for (const line of content.split('\\n')) {\n const trimmed = line.trim();\n if (!trimmed || trimmed.startsWith('#')) continue;\n const eqIndex = trimmed.indexOf('=');\n if (eqIndex === -1) continue;\n const key = trimmed.slice(0, eqIndex).trim();\n let value = trimmed.slice(eqIndex + 1).trim();\n if (\n (value.startsWith('\"') && value.endsWith('\"')) ||\n (value.startsWith(\"'\") && value.endsWith(\"'\"))\n ) {\n value = value.slice(1, -1);\n }\n if (!process.env[key]) {\n process.env[key] = value;\n }\n }\n}\n\nexport const startCommand: CommandModule<object, StartArgs> = {\n command: 'start',\n describe: 'Start xpod services',\n builder: (yargs) =>\n yargs\n .option('mode', {\n alias: 'm',\n type: 'string',\n choices: ['local', 'cloud'],\n description: 'Run mode',\n })\n .option('config', {\n alias: 'c',\n type: 'string',\n description: 'Path to config file (overrides --mode)',\n })\n .option('env', {\n alias: 'e',\n type: 'string',\n description: 'Path to .env file',\n })\n .option('port', {\n alias: 'p',\n type: 'number',\n description: 'Gateway port',\n default: 3000,\n })\n .option('host', {\n type: 'string',\n description: 'Gateway host',\n default: 'localhost',\n }),\n handler: async (argv) => {\n if (argv.env) {\n loadEnvFile(argv.env);\n }\n\n const mainPort =\n argv.port !== 3000\n ? argv.port\n : parseInt(process.env.XPOD_PORT ?? process.env.PORT ?? '3000', 10);\n\n let configPath: string;\n if (argv.config) {\n configPath = argv.config;\n } else if (argv.mode) {\n configPath = path.join(PACKAGE_ROOT, `config/${argv.mode}.json`);\n } else {\n configPath = path.join(PACKAGE_ROOT, 'config/local.json');\n }\n\n const cssPort = await getFreePort(mainPort + 1, argv.host);\n const apiPort = await getFreePort(cssPort + 1, argv.host);\n\n const baseUrl = process.env.CSS_BASE_URL || `http://${argv.host}:${mainPort}/`;\n\n // SP 模式:CSS_OIDC_ISSUER 显式指定外部 IdP;Cloud API 地址不再隐式当作 issuer。\n const externalOidcIssuer = resolveExternalOidcIssuer(process.env);\n\n console.log('Starting xpod...');\n console.log(` Gateway: ${baseUrl} (${argv.host}:${mainPort})`);\n console.log(` CSS (internal): http://localhost:${cssPort}`);\n console.log(` API (internal): http://localhost:${apiPort}`);\n if (externalOidcIssuer) {\n console.log(` SP mode: Cloud IdP = ${externalOidcIssuer}`);\n }\n\n const supervisor = new Supervisor();\n const cssBinary = require.resolve('@solid/community-server/bin/server.js');\n const cssArgs = buildCssArgs({\n cssBinary,\n configPath,\n cssModuleRoot: PACKAGE_ROOT,\n cssPort,\n baseUrl,\n externalOidcIssuer,\n });\n\n supervisor.register({\n name: 'css',\n command: childJsRuntime,\n args: cssArgs,\n env: buildCssChildEnv(baseUrl, cssPort),\n });\n\n const isDevMode = __filename.endsWith('.ts');\n const apiArgs = isDevMode\n ? [\n '-r',\n require.resolve('ts-node/register/transpile-only'),\n path.resolve(__dirname, '..', '..', 'api', 'main.ts'),\n ]\n : [path.resolve(__dirname, '..', '..', 'api', 'main.js')];\n\n supervisor.register({\n name: 'api',\n command: childJsRuntime,\n args: apiArgs,\n env: buildApiChildEnv({\n apiPort,\n mainPort,\n cssPort,\n baseUrl,\n externalOidcIssuer,\n }),\n });\n\n const proxy = new GatewayProxy(mainPort, supervisor, '0.0.0.0', {\n exitOnStop: true,\n baseUrl,\n });\n proxy.setTargets({\n css: `http://localhost:${cssPort}`,\n api: `http://localhost:${apiPort}`,\n });\n\n await supervisor.startAll();\n await proxy.start();\n\n const shutdown = async (signal: string): Promise<void> => {\n console.log(`\\nReceived ${signal}, shutting down...`);\n await supervisor.stopAll();\n process.exit(0);\n };\n\n process.on('SIGTERM', () => shutdown('SIGTERM'));\n process.on('SIGINT', () => shutdown('SIGINT'));\n },\n};\n"]}
|
|
@@ -1837,8 +1837,8 @@
|
|
|
1837
1837
|
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler",
|
|
1838
1838
|
"@prefix": true,
|
|
1839
1839
|
"@context": {
|
|
1840
|
-
"
|
|
1841
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#
|
|
1840
|
+
"options_idpUrl": {
|
|
1841
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler_options_idpUrl"
|
|
1842
1842
|
},
|
|
1843
1843
|
"options_message": {
|
|
1844
1844
|
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler_options_message"
|
|
@@ -1846,8 +1846,8 @@
|
|
|
1846
1846
|
"options_cacheMs": {
|
|
1847
1847
|
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler_options_cacheMs"
|
|
1848
1848
|
},
|
|
1849
|
-
"
|
|
1850
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#
|
|
1849
|
+
"idpUrl": {
|
|
1850
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler_options_idpUrl"
|
|
1851
1851
|
},
|
|
1852
1852
|
"message": {
|
|
1853
1853
|
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler_options_message"
|
|
@@ -1861,8 +1861,8 @@
|
|
|
1861
1861
|
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler",
|
|
1862
1862
|
"@prefix": true,
|
|
1863
1863
|
"@context": {
|
|
1864
|
-
"
|
|
1865
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#
|
|
1864
|
+
"options_idpUrl": {
|
|
1865
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler_options_idpUrl"
|
|
1866
1866
|
},
|
|
1867
1867
|
"options_message": {
|
|
1868
1868
|
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler_options_message"
|
|
@@ -1870,8 +1870,8 @@
|
|
|
1870
1870
|
"options_source": {
|
|
1871
1871
|
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler_options_source"
|
|
1872
1872
|
},
|
|
1873
|
-
"
|
|
1874
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#
|
|
1873
|
+
"idpUrl": {
|
|
1874
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler_options_idpUrl"
|
|
1875
1875
|
},
|
|
1876
1876
|
"message": {
|
|
1877
1877
|
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler_options_message"
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { HttpHandler, type HttpHandlerInput } from '@solid/community-server';
|
|
2
2
|
export interface AutoDetectIdentityProviderHandlerOptions {
|
|
3
3
|
/** 外部 IdP 的基础 URL,如果提供则启用 SP 模式 */
|
|
4
|
-
|
|
4
|
+
idpUrl?: string;
|
|
5
5
|
/** 禁用时的消息 */
|
|
6
6
|
message?: string;
|
|
7
7
|
/** CSS 默认的 IdentityProviderHandler,标准模式下委托给它 */
|
|
@@ -11,12 +11,12 @@ export interface AutoDetectIdentityProviderHandlerOptions {
|
|
|
11
11
|
* Auto-detect Identity Provider Handler
|
|
12
12
|
*
|
|
13
13
|
* 自动检测运行模式:
|
|
14
|
-
* - 如果配置了
|
|
15
|
-
* - 如果没有配置
|
|
14
|
+
* - 如果配置了 idpUrl -> SP 模式:禁用本地账户管理
|
|
15
|
+
* - 如果没有配置 idpUrl -> 标准模式:委托给 CSS 默认 Handler
|
|
16
16
|
*/
|
|
17
17
|
export declare class AutoDetectIdentityProviderHandler extends HttpHandler {
|
|
18
18
|
private readonly logger;
|
|
19
|
-
private readonly
|
|
19
|
+
private readonly idpUrl?;
|
|
20
20
|
private readonly message;
|
|
21
21
|
private readonly source?;
|
|
22
22
|
constructor(options?: AutoDetectIdentityProviderHandlerOptions);
|
|
@@ -7,18 +7,18 @@ const community_server_1 = require("@solid/community-server");
|
|
|
7
7
|
* Auto-detect Identity Provider Handler
|
|
8
8
|
*
|
|
9
9
|
* 自动检测运行模式:
|
|
10
|
-
* - 如果配置了
|
|
11
|
-
* - 如果没有配置
|
|
10
|
+
* - 如果配置了 idpUrl -> SP 模式:禁用本地账户管理
|
|
11
|
+
* - 如果没有配置 idpUrl -> 标准模式:委托给 CSS 默认 Handler
|
|
12
12
|
*/
|
|
13
13
|
class AutoDetectIdentityProviderHandler extends community_server_1.HttpHandler {
|
|
14
14
|
constructor(options = {}) {
|
|
15
15
|
super();
|
|
16
16
|
this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
|
|
17
|
-
this.
|
|
17
|
+
this.idpUrl = options.idpUrl;
|
|
18
18
|
this.message = options.message ?? 'Account management handled by external IdP';
|
|
19
19
|
this.source = options.source;
|
|
20
|
-
if (this.
|
|
21
|
-
this.logger.info(`SP mode enabled: ${this.message}, external IdP: ${this.
|
|
20
|
+
if (this.idpUrl) {
|
|
21
|
+
this.logger.info(`SP mode enabled: ${this.message}, external IdP: ${this.idpUrl}`);
|
|
22
22
|
}
|
|
23
23
|
else {
|
|
24
24
|
this.logger.info('Standard mode enabled, delegating to source IdentityProviderHandler');
|
|
@@ -36,7 +36,7 @@ class AutoDetectIdentityProviderHandler extends community_server_1.HttpHandler {
|
|
|
36
36
|
throw new community_server_1.NotImplementedHttpError('Not an IdP request');
|
|
37
37
|
}
|
|
38
38
|
// SP 模式:接受 IdP 路径请求,在 handle 中返回 404
|
|
39
|
-
if (this.
|
|
39
|
+
if (this.idpUrl) {
|
|
40
40
|
return;
|
|
41
41
|
}
|
|
42
42
|
// 标准模式:委托给 source Handler
|
|
@@ -53,7 +53,7 @@ class AutoDetectIdentityProviderHandler extends community_server_1.HttpHandler {
|
|
|
53
53
|
* - 标准模式:委托给 source Handler
|
|
54
54
|
*/
|
|
55
55
|
async handle(input) {
|
|
56
|
-
if (this.
|
|
56
|
+
if (this.idpUrl) {
|
|
57
57
|
const { response } = input;
|
|
58
58
|
response.writeHead(404, { 'Content-Type': 'application/json' });
|
|
59
59
|
response.end(JSON.stringify({ error: this.message }));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AutoDetectIdentityProviderHandler.js","sourceRoot":"","sources":["../../../src/identity/oidc/AutoDetectIdentityProviderHandler.ts"],"names":[],"mappings":";;;AAAA,iEAAqD;AACrD,8DAIiC;AAWjC;;;;;;GAMG;AACH,MAAa,iCAAkC,SAAQ,8BAAW;IAMhE,YAAY,UAAoD,EAAE;QAChE,KAAK,EAAE,CAAC;QANO,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAO3C,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"AutoDetectIdentityProviderHandler.js","sourceRoot":"","sources":["../../../src/identity/oidc/AutoDetectIdentityProviderHandler.ts"],"names":[],"mappings":";;;AAAA,iEAAqD;AACrD,8DAIiC;AAWjC;;;;;;GAMG;AACH,MAAa,iCAAkC,SAAQ,8BAAW;IAMhE,YAAY,UAAoD,EAAE;QAChE,KAAK,EAAE,CAAC;QANO,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAO3C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,4CAA4C,CAAC;QAC/E,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE7B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,IAAI,CAAC,OAAO,mBAAmB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACrF,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IAED;;;;OAIG;IACa,KAAK,CAAC,SAAS,CAAC,KAAuB;QACrD,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC;QAEpC,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,0CAAuB,CAAC,oBAAoB,CAAC,CAAC;QAC1D,CAAC;QAED,qCAAqC;QACrC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO;QACT,CAAC;QAED,0BAA0B;QAC1B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,0CAAuB,CAAC,8CAA8C,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAED;;;;OAIG;IACa,KAAK,CAAC,MAAM,CAAC,KAAuB;QAClD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;YAC3B,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAChE,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACtD,OAAO;QACT,CAAC;QAED,0BAA0B;QAC1B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,0CAAuB,CAAC,8CAA8C,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,GAAW;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,OAAO,CACL,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAC5B,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC;YACjC,QAAQ,KAAK,WAAW;YACxB,QAAQ,KAAK,QAAQ;YACrB,QAAQ,KAAK,SAAS,CACvB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,GAAW;QAC7B,IAAI,CAAC;YACH,OAAO,IAAI,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;CACF;AA1FD,8EA0FC","sourcesContent":["import { getLoggerFor } from 'global-logger-factory';\nimport {\n HttpHandler,\n type HttpHandlerInput,\n NotImplementedHttpError,\n} from '@solid/community-server';\n\nexport interface AutoDetectIdentityProviderHandlerOptions {\n /** 外部 IdP 的基础 URL,如果提供则启用 SP 模式 */\n idpUrl?: string;\n /** 禁用时的消息 */\n message?: string;\n /** CSS 默认的 IdentityProviderHandler,标准模式下委托给它 */\n source?: HttpHandler;\n}\n\n/**\n * Auto-detect Identity Provider Handler\n *\n * 自动检测运行模式:\n * - 如果配置了 idpUrl -> SP 模式:禁用本地账户管理\n * - 如果没有配置 idpUrl -> 标准模式:委托给 CSS 默认 Handler\n */\nexport class AutoDetectIdentityProviderHandler extends HttpHandler {\n private readonly logger = getLoggerFor(this);\n private readonly idpUrl?: string;\n private readonly message: string;\n private readonly source?: HttpHandler;\n\n constructor(options: AutoDetectIdentityProviderHandlerOptions = {}) {\n super();\n this.idpUrl = options.idpUrl;\n this.message = options.message ?? 'Account management handled by external IdP';\n this.source = options.source;\n\n if (this.idpUrl) {\n this.logger.info(`SP mode enabled: ${this.message}, external IdP: ${this.idpUrl}`);\n } else {\n this.logger.info('Standard mode enabled, delegating to source IdentityProviderHandler');\n }\n }\n\n /**\n * 判断是否处理请求\n * - SP 模式:拒绝所有 IdP 请求\n * - 标准模式:委托给 source Handler\n */\n public override async canHandle(input: HttpHandlerInput): Promise<void> {\n const url = input.request.url ?? '';\n\n // 检查是否是 IdP 路径\n if (!this.isIdpPath(url)) {\n throw new NotImplementedHttpError('Not an IdP request');\n }\n\n // SP 模式:接受 IdP 路径请求,在 handle 中返回 404\n if (this.idpUrl) {\n return;\n }\n\n // 标准模式:委托给 source Handler\n if (this.source) {\n await this.source.canHandle(input);\n } else {\n throw new NotImplementedHttpError('No source IdentityProviderHandler configured');\n }\n }\n\n /**\n * 处理请求\n * - SP 模式:不应该到达这里\n * - 标准模式:委托给 source Handler\n */\n public override async handle(input: HttpHandlerInput): Promise<void> {\n if (this.idpUrl) {\n const { response } = input;\n response.writeHead(404, { 'Content-Type': 'application/json' });\n response.end(JSON.stringify({ error: this.message }));\n return;\n }\n\n // 标准模式:委托给 source Handler\n if (this.source) {\n await this.source.handle(input);\n } else {\n throw new NotImplementedHttpError('No source IdentityProviderHandler configured');\n }\n }\n\n /**\n * 检查是否是 IdP 路径\n */\n private isIdpPath(url: string): boolean {\n const pathname = this.getPathname(url);\n return (\n pathname.startsWith('/idp/') ||\n pathname.startsWith('/.account/') ||\n pathname === '/register' ||\n pathname === '/login' ||\n pathname === '/logout'\n );\n }\n\n /**\n * 从 URL 提取 pathname\n */\n private getPathname(url: string): string {\n try {\n return new URL(url, 'http://localhost').pathname;\n } catch {\n return url.split('?')[0];\n }\n }\n}\n"]}
|
|
@@ -12,10 +12,10 @@
|
|
|
12
12
|
"extends": [
|
|
13
13
|
"css:dist/server/HttpHandler.jsonld#HttpHandler"
|
|
14
14
|
],
|
|
15
|
-
"comment": "Auto-detect Identity Provider Handler 自动检测运行模式: - 如果配置了
|
|
15
|
+
"comment": "Auto-detect Identity Provider Handler 自动检测运行模式: - 如果配置了 idpUrl -> SP 模式:禁用本地账户管理 - 如果没有配置 idpUrl -> 标准模式:委托给 CSS 默认 Handler",
|
|
16
16
|
"parameters": [
|
|
17
17
|
{
|
|
18
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#
|
|
18
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler_options_idpUrl",
|
|
19
19
|
"range": {
|
|
20
20
|
"@type": "ParameterRangeUnion",
|
|
21
21
|
"parameterRangeElements": [
|
|
@@ -60,8 +60,8 @@
|
|
|
60
60
|
"memberFieldName": "logger"
|
|
61
61
|
},
|
|
62
62
|
{
|
|
63
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#
|
|
64
|
-
"memberFieldName": "
|
|
63
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler__member_idpUrl",
|
|
64
|
+
"memberFieldName": "idpUrl"
|
|
65
65
|
},
|
|
66
66
|
{
|
|
67
67
|
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler__member_message",
|
|
@@ -97,9 +97,9 @@
|
|
|
97
97
|
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler_options__constructorArgument",
|
|
98
98
|
"fields": [
|
|
99
99
|
{
|
|
100
|
-
"keyRaw": "
|
|
100
|
+
"keyRaw": "idpUrl",
|
|
101
101
|
"value": {
|
|
102
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#
|
|
102
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld#AutoDetectIdentityProviderHandler_options_idpUrl"
|
|
103
103
|
}
|
|
104
104
|
},
|
|
105
105
|
{
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { HttpHandler, type HttpHandlerInput } from '@solid/community-server';
|
|
2
2
|
export interface AutoDetectOidcHandlerOptions {
|
|
3
3
|
/** 外部 IdP 的基础 URL,如果提供则启用 SP 模式 */
|
|
4
|
-
|
|
4
|
+
idpUrl?: string;
|
|
5
5
|
/** 禁用原因说明 */
|
|
6
6
|
message?: string;
|
|
7
7
|
/** JWKS 缓存时间 (ms) */
|
|
@@ -11,14 +11,14 @@ export interface AutoDetectOidcHandlerOptions {
|
|
|
11
11
|
* Auto-detect OIDC Handler
|
|
12
12
|
*
|
|
13
13
|
* 自动检测运行模式:
|
|
14
|
-
* - 如果配置了
|
|
15
|
-
* - 如果没有配置
|
|
14
|
+
* - 如果配置了 idpUrl -> SP 模式:禁用本地 OIDC,代理外部 IdP 的 JWKS
|
|
15
|
+
* - 如果没有配置 idpUrl -> 标准模式:所有 OIDC 请求透传(由 CSS 默认 Handler 处理)
|
|
16
16
|
*
|
|
17
17
|
* 使用方式:在 HTTP pipeline 中替换默认的 OidcHandler
|
|
18
18
|
*/
|
|
19
19
|
export declare class AutoDetectOidcHandler extends HttpHandler {
|
|
20
20
|
private readonly logger;
|
|
21
|
-
private readonly
|
|
21
|
+
private readonly idpUrl?;
|
|
22
22
|
private readonly jwksUrl?;
|
|
23
23
|
private readonly message;
|
|
24
24
|
private readonly cacheMs;
|
|
@@ -8,8 +8,8 @@ const community_server_1 = require("@solid/community-server");
|
|
|
8
8
|
* Auto-detect OIDC Handler
|
|
9
9
|
*
|
|
10
10
|
* 自动检测运行模式:
|
|
11
|
-
* - 如果配置了
|
|
12
|
-
* - 如果没有配置
|
|
11
|
+
* - 如果配置了 idpUrl -> SP 模式:禁用本地 OIDC,代理外部 IdP 的 JWKS
|
|
12
|
+
* - 如果没有配置 idpUrl -> 标准模式:所有 OIDC 请求透传(由 CSS 默认 Handler 处理)
|
|
13
13
|
*
|
|
14
14
|
* 使用方式:在 HTTP pipeline 中替换默认的 OidcHandler
|
|
15
15
|
*/
|
|
@@ -17,12 +17,12 @@ class AutoDetectOidcHandler extends community_server_1.HttpHandler {
|
|
|
17
17
|
constructor(options = {}) {
|
|
18
18
|
super();
|
|
19
19
|
this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
|
|
20
|
-
this.
|
|
21
|
-
this.jwksUrl = this.
|
|
20
|
+
this.idpUrl = options.idpUrl;
|
|
21
|
+
this.jwksUrl = this.idpUrl ? `${this.idpUrl.replace(/\/$/, '')}/.oidc/jwks` : undefined;
|
|
22
22
|
this.message = options.message ?? 'OIDC disabled in storage provider mode';
|
|
23
23
|
this.cacheMs = options.cacheMs ?? 300000; // 默认 5 分钟
|
|
24
|
-
if (this.
|
|
25
|
-
this.logger.info(`SP mode enabled, external IdP: ${this.
|
|
24
|
+
if (this.idpUrl) {
|
|
25
|
+
this.logger.info(`SP mode enabled, external IdP: ${this.idpUrl}, JWKS: ${this.jwksUrl}`);
|
|
26
26
|
}
|
|
27
27
|
else {
|
|
28
28
|
this.logger.info('Standard mode enabled, OIDC requests will pass through');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AutoDetectOidcHandler.js","sourceRoot":"","sources":["../../../src/identity/oidc/AutoDetectOidcHandler.ts"],"names":[],"mappings":";;;AAAA,uCAA+B;AAC/B,iEAAqD;AACrD,8DAKiC;AAgBjC;;;;;;;;GAQG;AACH,MAAa,qBAAsB,SAAQ,8BAAW;IAQpD,YAAY,UAAwC,EAAE;QACpD,KAAK,EAAE,CAAC;QARO,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAS3C,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"AutoDetectOidcHandler.js","sourceRoot":"","sources":["../../../src/identity/oidc/AutoDetectOidcHandler.ts"],"names":[],"mappings":";;;AAAA,uCAA+B;AAC/B,iEAAqD;AACrD,8DAKiC;AAgBjC;;;;;;;;GAQG;AACH,MAAa,qBAAsB,SAAQ,8BAAW;IAQpD,YAAY,UAAwC,EAAE;QACpD,KAAK,EAAE,CAAC;QARO,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAS3C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;QACxF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,wCAAwC,CAAC;QAC3E,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC,UAAU;QAEpD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kCAAkC,IAAI,CAAC,MAAM,WAAW,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3F,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED;;;;OAIG;IACa,KAAK,CAAC,SAAS,CAAC,EAAE,OAAO,EAAoB;QAC3D,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC;QAE9B,gBAAgB;QAChB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,0CAAuB,CAAC,qBAAqB,CAAC,CAAC;QAC3D,CAAC;QAED,8BAA8B;QAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,0CAAuB,CAAC,sCAAsC,CAAC,CAAC;QAC5E,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,0CAAuB,CAC/B,sBAAsB,IAAI,CAAC,OAAO,2CAA2C,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACa,KAAK,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAoB;QACzD,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,sCAAmB,CAAC,mEAAmE,CAAC,CAAC;QACrG,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YAEpC,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;YAC1B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YACvD,QAAQ,CAAC,SAAS,CAAC,eAAe,EAAE,mBAAmB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC;YAC1F,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAEnC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAuB,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,MAAM,IAAI,sCAAmB,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS;QACrB,OAAO;QACP,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QACvC,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAExD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE;YACpC,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAyB,CAAC;QAErD,aAAa;QACb,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO;QACP,IAAI,CAAC,SAAS,GAAG;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO;SACrC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,IAAI,CAAC,MAAM,OAAO,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,GAAW;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,OAAO,CACL,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC;YAC9B,QAAQ,KAAK,mCAAmC;YAChD,QAAQ,KAAK,yCAAyC;YACtD,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAC7B,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,GAAW;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,OAAO,QAAQ,KAAK,aAAa,IAAI,QAAQ,KAAK,kBAAkB,CAAC;IACvE,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,GAAW;QAC7B,IAAI,CAAC;YACH,OAAO,IAAI,cAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;YAC3B,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;CACF;AAnJD,sDAmJC","sourcesContent":["import { URL } from 'node:url';\nimport { getLoggerFor } from 'global-logger-factory';\nimport {\n HttpHandler,\n type HttpHandlerInput,\n NotImplementedHttpError,\n InternalServerError,\n} from '@solid/community-server';\n\nexport interface AutoDetectOidcHandlerOptions {\n /** 外部 IdP 的基础 URL,如果提供则启用 SP 模式 */\n idpUrl?: string;\n /** 禁用原因说明 */\n message?: string;\n /** JWKS 缓存时间 (ms) */\n cacheMs?: number;\n}\n\ninterface JwksCache {\n keys: unknown[];\n expiresAt: number;\n}\n\n/**\n * Auto-detect OIDC Handler\n *\n * 自动检测运行模式:\n * - 如果配置了 idpUrl -> SP 模式:禁用本地 OIDC,代理外部 IdP 的 JWKS\n * - 如果没有配置 idpUrl -> 标准模式:所有 OIDC 请求透传(由 CSS 默认 Handler 处理)\n *\n * 使用方式:在 HTTP pipeline 中替换默认的 OidcHandler\n */\nexport class AutoDetectOidcHandler extends HttpHandler {\n private readonly logger = getLoggerFor(this);\n private readonly idpUrl?: string;\n private readonly jwksUrl?: string;\n private readonly message: string;\n private readonly cacheMs: number;\n private jwksCache?: JwksCache;\n\n constructor(options: AutoDetectOidcHandlerOptions = {}) {\n super();\n this.idpUrl = options.idpUrl;\n this.jwksUrl = this.idpUrl ? `${this.idpUrl.replace(/\\/$/, '')}/.oidc/jwks` : undefined;\n this.message = options.message ?? 'OIDC disabled in storage provider mode';\n this.cacheMs = options.cacheMs ?? 300000; // 默认 5 分钟\n\n if (this.idpUrl) {\n this.logger.info(`SP mode enabled, external IdP: ${this.idpUrl}, JWKS: ${this.jwksUrl}`);\n } else {\n this.logger.info('Standard mode enabled, OIDC requests will pass through');\n }\n }\n\n /**\n * 判断是否处理请求\n * - SP 模式:只处理 JWKS 请求,其他 OIDC 请求返回 501\n * - 标准模式:不处理任何请求(透传给 CSS 默认 Handler)\n */\n public override async canHandle({ request }: HttpHandlerInput): Promise<void> {\n const url = request.url ?? '';\n\n // 检查是否是 OIDC 路径\n if (!this.isOidcPath(url)) {\n throw new NotImplementedHttpError('Not an OIDC request');\n }\n\n // 标准模式:不处理,透传给 CSS 默认 Handler\n if (!this.jwksUrl) {\n throw new NotImplementedHttpError('Pass through to default OIDC handler');\n }\n\n // SP 模式:只有 JWKS 请求可以处理\n if (!this.isJwksPath(url)) {\n throw new NotImplementedHttpError(\n `External IdP mode: ${this.message}. Authentication handled by external IdP.`\n );\n }\n }\n\n /**\n * 处理请求\n * - SP 模式:代理 JWKS\n * - 标准模式:不应该到达这里\n */\n public override async handle({ response }: HttpHandlerInput): Promise<void> {\n // 标准模式:不应该到达这里\n if (!this.jwksUrl) {\n throw new InternalServerError('AutoDetectOidcHandler should not handle requests in standard mode');\n }\n\n try {\n const jwks = await this.fetchJwks();\n\n response.statusCode = 200;\n response.setHeader('Content-Type', 'application/json');\n response.setHeader('Cache-Control', `public, max-age=${Math.floor(this.cacheMs / 1000)}`);\n response.end(JSON.stringify(jwks));\n\n this.logger.debug('JWKS proxy successful');\n } catch (error) {\n this.logger.error(`JWKS proxy failed: ${(error as Error).message}`);\n throw new InternalServerError('Failed to proxy JWKS request', { cause: error });\n }\n }\n\n /**\n * 获取并缓存 JWKS\n */\n private async fetchJwks(): Promise<{ keys: unknown[] }> {\n // 检查缓存\n if (this.jwksCache && this.jwksCache.expiresAt > Date.now()) {\n this.logger.debug('Returning cached JWKS');\n return { keys: this.jwksCache.keys };\n }\n\n if (!this.jwksUrl) {\n throw new Error('External JWKS URL not configured');\n }\n\n this.logger.debug(`Fetching JWKS from ${this.jwksUrl}`);\n\n const res = await fetch(this.jwksUrl, {\n headers: { Accept: 'application/json' },\n });\n\n if (!res.ok) {\n throw new Error(`Failed to fetch JWKS: ${res.status} ${res.statusText}`);\n }\n\n const jwks = await res.json() as { keys: unknown[] };\n\n // 验证 JWKS 格式\n if (!Array.isArray(jwks.keys)) {\n throw new Error('Invalid JWKS format: missing keys array');\n }\n\n // 更新缓存\n this.jwksCache = {\n keys: jwks.keys,\n expiresAt: Date.now() + this.cacheMs,\n };\n\n this.logger.debug(`JWKS cached with ${jwks.keys.length} keys`);\n return jwks;\n }\n\n /**\n * 检查是否是 OIDC 路径\n */\n private isOidcPath(url: string): boolean {\n const pathname = this.getPathname(url);\n return (\n pathname.startsWith('/.oidc/') ||\n pathname === '/.well-known/openid-configuration' ||\n pathname === '/.well-known/oauth-authorization-server' ||\n pathname.startsWith('/idp/')\n );\n }\n\n /**\n * 检查是否是 JWKS 路径\n */\n private isJwksPath(url: string): boolean {\n const pathname = this.getPathname(url);\n return pathname === '/.oidc/jwks' || pathname === '/.oidc/jwks.json';\n }\n\n /**\n * 从 URL 提取 pathname\n */\n private getPathname(url: string): string {\n try {\n return new URL(url, 'http://localhost').pathname;\n } catch {\n // 如果解析失败,直接返回 url(可能是相对路径)\n return url.split('?')[0];\n }\n }\n}\n"]}
|
|
@@ -12,10 +12,10 @@
|
|
|
12
12
|
"extends": [
|
|
13
13
|
"css:dist/server/HttpHandler.jsonld#HttpHandler"
|
|
14
14
|
],
|
|
15
|
-
"comment": "Auto-detect OIDC Handler 自动检测运行模式: - 如果配置了
|
|
15
|
+
"comment": "Auto-detect OIDC Handler 自动检测运行模式: - 如果配置了 idpUrl -> SP 模式:禁用本地 OIDC,代理外部 IdP 的 JWKS - 如果没有配置 idpUrl -> 标准模式:所有 OIDC 请求透传(由 CSS 默认 Handler 处理) 使用方式:在 HTTP pipeline 中替换默认的 OidcHandler",
|
|
16
16
|
"parameters": [
|
|
17
17
|
{
|
|
18
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#
|
|
18
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler_options_idpUrl",
|
|
19
19
|
"range": {
|
|
20
20
|
"@type": "ParameterRangeUnion",
|
|
21
21
|
"parameterRangeElements": [
|
|
@@ -60,8 +60,8 @@
|
|
|
60
60
|
"memberFieldName": "logger"
|
|
61
61
|
},
|
|
62
62
|
{
|
|
63
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#
|
|
64
|
-
"memberFieldName": "
|
|
63
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler__member_idpUrl",
|
|
64
|
+
"memberFieldName": "idpUrl"
|
|
65
65
|
},
|
|
66
66
|
{
|
|
67
67
|
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler__member_jwksUrl",
|
|
@@ -113,9 +113,9 @@
|
|
|
113
113
|
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler_options__constructorArgument",
|
|
114
114
|
"fields": [
|
|
115
115
|
{
|
|
116
|
-
"keyRaw": "
|
|
116
|
+
"keyRaw": "idpUrl",
|
|
117
117
|
"value": {
|
|
118
|
-
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#
|
|
118
|
+
"@id": "undefineds:dist/identity/oidc/AutoDetectOidcHandler.jsonld#AutoDetectOidcHandler_options_idpUrl"
|
|
119
119
|
}
|
|
120
120
|
},
|
|
121
121
|
{
|
package/dist/main.js
CHANGED
|
@@ -13,6 +13,8 @@ const global_logger_factory_1 = require("global-logger-factory");
|
|
|
13
13
|
const yargs_1 = __importDefault(require("yargs"));
|
|
14
14
|
const helpers_1 = require("yargs/helpers");
|
|
15
15
|
const runtime_1 = require("./runtime");
|
|
16
|
+
const css_process_1 = require("./runtime/css-process");
|
|
17
|
+
const oidc_issuer_1 = require("./runtime/oidc-issuer");
|
|
16
18
|
const ConfigurableLoggerFactory_1 = require("./logging/ConfigurableLoggerFactory");
|
|
17
19
|
const supervisor_1 = require("./supervisor");
|
|
18
20
|
const EXIT_OK = 0;
|
|
@@ -218,21 +220,23 @@ async function startRuntime(options) {
|
|
|
218
220
|
logger.info(` - API (internal): http://localhost:${apiPort}`);
|
|
219
221
|
const supervisor = new supervisor_1.Supervisor();
|
|
220
222
|
const cssBinary = require.resolve('@solid/community-server/bin/server.js');
|
|
223
|
+
const cssModuleRoot = path_1.default.dirname(require.resolve('@solid/community-server/package.json'));
|
|
224
|
+
const externalOidcIssuer = (0, oidc_issuer_1.resolveExternalOidcIssuer)(process.env);
|
|
225
|
+
if (externalOidcIssuer) {
|
|
226
|
+
logger.info(` - SP mode external IdP: ${externalOidcIssuer}`);
|
|
227
|
+
}
|
|
221
228
|
supervisor.register({
|
|
222
229
|
name: 'css',
|
|
223
230
|
command: childJsRuntime,
|
|
224
|
-
args:
|
|
231
|
+
args: (0, css_process_1.buildCssArgs)({
|
|
225
232
|
cssBinary,
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
CSS_PORT: cssPort.toString(),
|
|
234
|
-
CSS_BASE_URL: baseUrl,
|
|
235
|
-
},
|
|
233
|
+
configPath,
|
|
234
|
+
cssModuleRoot,
|
|
235
|
+
cssPort,
|
|
236
|
+
baseUrl,
|
|
237
|
+
externalOidcIssuer,
|
|
238
|
+
}),
|
|
239
|
+
env: (0, css_process_1.buildCssChildEnv)(baseUrl, cssPort),
|
|
236
240
|
});
|
|
237
241
|
// API server: resolve the entry point dynamically
|
|
238
242
|
// In dev (ts-node): use ts-node to run the .ts file
|
|
@@ -249,14 +253,13 @@ async function startRuntime(options) {
|
|
|
249
253
|
name: 'api',
|
|
250
254
|
command: childJsRuntime,
|
|
251
255
|
args: apiArgs,
|
|
252
|
-
env: {
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
},
|
|
256
|
+
env: (0, css_process_1.buildApiChildEnv)({
|
|
257
|
+
apiPort,
|
|
258
|
+
mainPort,
|
|
259
|
+
cssPort,
|
|
260
|
+
baseUrl,
|
|
261
|
+
externalOidcIssuer,
|
|
262
|
+
}),
|
|
260
263
|
});
|
|
261
264
|
// Bind host: use CLI --host value; if not explicitly set, derive from the public Base URL.
|
|
262
265
|
// In local dev/sandboxed environments, binding 0.0.0.0 can fail with EPERM.
|