@ytsaurus/ui 1.12.2 → 1.13.0

package/build/cjs/@types/core.d.ts

@@ -72,6 +72,44 @@ export interface YTCoreConfig {
      * Enables YT-password authentication when defined
      */
     ytAuthCluster?: string;
+
+    /**
+     * OpenID Connect configuration
+     */
+    ytOAuthSettings?: {
+        /**
+         * URL of the OpenID connect server without the trailing slash
+         */
+        baseURL: string;
+        /**
+         *  Authorization endpoint
+         */
+        authPath: string;
+        /**
+         *  Authorization endpoint
+         */
+        logoutPath: string;
+        /**
+         *  Authorization endpoint
+         */
+        tokenPath: string;
+        /**
+         *  OpenID Client id
+         */
+        clientId: string;
+        /**
+         *  OpenID Client secret
+         */
+        clientSecret: string;
+        /**
+         *  OpenID Scope(Details https://auth0.com/docs/get-started/apis/scopes/openid-connect-scopes)
+         */
+        scope: string;
+        /**
+         *  Label on the Login via OpenID button
+         */
+        buttonLabel?: string;
+    };
     /**
      * Modifies headers of /api/yt/login request:
      * if enabled removes 'Secure'-option from 'Set-Cookie: YTCypressCookie=...; ...' response-header

package/build/cjs/server/components/layout-config.js

@@ -1,8 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getLayoutConfig = void 0;
-const utils_1 = require("../utils");
 const table_column_preset_1 = require("../controllers/table-column-preset");
+const utils_1 = require("../utils");
+const authorization_1 = require("../utils/authorization");
+const oauth_1 = require("./oauth");
 async function getLayoutConfig(req, params) {
     var _a;
     const { login, ytConfig, settings } = params;
@@ -15,6 +17,7 @@ async function getLayoutConfig(req, params) {
             version: uiVersion,
         },
         login,
+        authWay: (0, authorization_1.getAuthWay)(req),
     };
     const isProduction = (0, utils_1.isProductionEnv)();
     const res = {
@@ -39,6 +42,8 @@ async function getLayoutConfig(req, params) {
             uiSettings,
             metrikaCounterId: (_a = metrikaCounter === null || metrikaCounter === void 0 ? void 0 : metrikaCounter[0]) === null || _a === void 0 ? void 0 : _a.id,
             allowLoginDialog: Boolean(ytAuthCluster),
+            allowOAuth: (0, oauth_1.isOAuthAllowed)(req),
+            oauthButtonLabel: (0, oauth_1.isOAuthAllowed)(req) ? (0, oauth_1.getOAuthSettings)(req).buttonLabel : undefined,
             allowUserColumnPresets: (0, table_column_preset_1.isUserColumnPresetsEnabled)(req),
             odinPageEnabled: Boolean(odinBaseUrl),
         },

package/build/cjs/server/components/layout-config.js.map

@@ -1 +1 @@
-{"version":3,"names":["_utils","require","_tableColumnPreset","_interopRequireDefault","obj","__esModule","default","getLayoutConfig","_x","_x2","_getLayoutConfig","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee","req","params","_metrikaCounter$","login","ytConfig","settings","_ref","ytApiUseCORS","uiSettings","metrikaCounter","ytAuthCluster","odinBaseUrl","YT","uiVersion","parameters","isProduction","res","wrap","_callee$","_context","prev","next","ctx","config","getInterfaceVersion","version","isProductionEnv","bodyContent","root","title","lang","meta","name","content","inlineScripts","concat","JSON","stringify","data","metrikaCounterId","id","allowLoginDialog","Boolean","allowUserColumnPresets","isUserColumnPresetsEnabled","odinPageEnabled","pluginsOptions","yandexMetrika","counter","layout","abrupt","stop"],"sources":["layout-config.ts"],"sourcesContent":["import _ from 'lodash';\nimport {getInterfaceVersion, isProductionEnv} from '../utils';\nimport type {Request} from 'express';\nimport {YTCoreConfig} from '../../@types/core';\nimport {ConfigData, YTConfig} from '../../shared/yt-types';\nimport {AppLayoutConfig} from '../render-layout';\nimport {isUserColumnPresetsEnabled} from '../controllers/table-column-preset';\n\ninterface Params {\n    login?: string;\n    uid?: string;\n    cluster: string | undefined;\n    settings: ConfigData['settings'];\n    ytConfig: Partial<YTConfig>;\n}\n\nexport async function getLayoutConfig(req: Request, params: Params): Promise<AppLayoutConfig> {\n    const {login, ytConfig, settings} = params;\n    const {ytApiUseCORS, uiSettings, metrikaCounter, ytAuthCluster, odinBaseUrl} = req.ctx\n        .config as YTCoreConfig;\n    const YT = ytConfig;\n    const uiVersion = getInterfaceVersion();\n\n    const parameters = {\n        interface: {\n            version: uiVersion,\n        },\n        login,\n    };\n\n    const isProduction = isProductionEnv();\n\n    const res: AppLayoutConfig = {\n        bodyContent: {root: ''},\n        title: 'YT',\n        lang: 'en',\n        meta: [\n            {\n                name: 'viewport',\n                content: 'width=device-width, initial-scale=1.0',\n            },\n        ],\n        inlineScripts: [\n            `window.YT = Object.assign(window.YT || {}, ${JSON.stringify(YT)}, ${JSON.stringify({\n                parameters,\n            })});`,\n            `window.YT.environment = window.YT.environment || (${isProduction} ? 'production' : 'development');`,\n        ],\n        data: {\n            settings,\n            ytApiUseCORS,\n            uiSettings,\n            metrikaCounterId: metrikaCounter?.[0]?.id,\n            allowLoginDialog: Boolean(ytAuthCluster),\n            allowUserColumnPresets: isUserColumnPresetsEnabled(req),\n            odinPageEnabled: Boolean(odinBaseUrl),\n        },\n        pluginsOptions: {\n            yandexMetrika: {\n                counter: metrikaCounter,\n            },\n            layout: {\n                name: 'main',\n            },\n        },\n    };\n    return res;\n}\n"],"mappings":";;;;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AAKA,IAAAC,kBAAA,GAAAD,OAAA;AAA6E,SAAAE,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAU7E,SAAsBG,eAAeA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,gBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAmDpC,SAAAF,iBAAA;EAAAA,gBAAA,OAAAG,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CAnDM,SAAAC,QAA+BC,GAAY,EAAEC,MAAc;IAAA,IAAAC,gBAAA;IAAA,IAAAC,KAAA,EAAAC,QAAA,EAAAC,QAAA,EAAAC,IAAA,EAAAC,YAAA,EAAAC,UAAA,EAAAC,cAAA,EAAAC,aAAA,EAAAC,WAAA,EAAAC,EAAA,EAAAC,SAAA,EAAAC,UAAA,EAAAC,YAAA,EAAAC,GAAA;IAAA,OAAAnB,oBAAA,CAAAoB,IAAA,UAAAC,SAAAC,QAAA;MAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAE,IAAA;QAAA;UACvDlB,KAAK,GAAwBF,MAAM,CAAnCE,KAAK,EAAEC,QAAQ,GAAcH,MAAM,CAA5BG,QAAQ,EAAEC,QAAQ,GAAIJ,MAAM,CAAlBI,QAAQ;UAAAC,IAAA,GAC+CN,GAAG,CAACsB,GAAG,CACjFC,MAAM,EADJhB,YAAY,GAAAD,IAAA,CAAZC,YAAY,EAAEC,UAAU,GAAAF,IAAA,CAAVE,UAAU,EAAEC,cAAc,GAAAH,IAAA,CAAdG,cAAc,EAAEC,aAAa,GAAAJ,IAAA,CAAbI,aAAa,EAAEC,WAAW,GAAAL,IAAA,CAAXK,WAAW;UAErEC,EAAE,GAAGR,QAAQ;UACbS,SAAS,GAAG,IAAAW,0BAAmB,EAAC,CAAC;UAEjCV,UAAU,GAAG;YACf,aAAW;cACPW,OAAO,EAAEZ;YACb,CAAC;YACDV,KAAK,EAALA;UACJ,CAAC;UAEKY,YAAY,GAAG,IAAAW,sBAAe,EAAC,CAAC;UAEhCV,GAAoB,GAAG;YACzBW,WAAW,EAAE;cAACC,IAAI,EAAE;YAAE,CAAC;YACvBC,KAAK,EAAE,IAAI;YACXC,IAAI,EAAE,IAAI;YACVC,IAAI,EAAE,CACF;cACIC,IAAI,EAAE,UAAU;cAChBC,OAAO,EAAE;YACb,CAAC,CACJ;YACDC,aAAa,EAAE,+CAAAC,MAAA,CACmCC,IAAI,CAACC,SAAS,CAACzB,EAAE,CAAC,QAAAuB,MAAA,CAAKC,IAAI,CAACC,SAAS,CAAC;cAChFvB,UAAU,EAAVA;YACJ,CAAC,CAAC,8DAAAqB,MAAA,CACmDpB,YAAY,uCACpE;YACDuB,IAAI,EAAE;cACFjC,QAAQ,EAARA,QAAQ;cACRE,YAAY,EAAZA,YAAY;cACZC,UAAU,EAAVA,UAAU;cACV+B,gBAAgB,EAAE9B,cAAc,aAAdA,cAAc,gBAAAP,gBAAA,GAAdO,cAAc,CAAG,CAAC,CAAC,cAAAP,gBAAA,uBAAnBA,gBAAA,CAAqBsC,EAAE;cACzCC,gBAAgB,EAAEC,OAAO,CAAChC,aAAa,CAAC;cACxCiC,sBAAsB,EAAE,IAAAC,6CAA0B,EAAC5C,GAAG,CAAC;cACvD6C,eAAe,EAAEH,OAAO,CAAC/B,WAAW;YACxC,CAAC;YACDmC,cAAc,EAAE;cACZC,aAAa,EAAE;gBACXC,OAAO,EAAEvC;cACb,CAAC;cACDwC,MAAM,EAAE;gBACJjB,IAAI,EAAE;cACV;YACJ;UACJ,CAAC;UAAA,OAAAb,QAAA,CAAA+B,MAAA,WACMlC,GAAG;QAAA;QAAA;UAAA,OAAAG,QAAA,CAAAgC,IAAA;MAAA;IAAA,GAAApD,OAAA;EAAA,CACb;EAAA,OAAAN,gBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA"}
+{"version":3,"names":["_tableColumnPreset","require","_utils","_authorization","_oauth","_interopRequireDefault","obj","__esModule","default","getLayoutConfig","_x","_x2","_getLayoutConfig","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee","req","params","_metrikaCounter$","login","ytConfig","settings","_ref","ytApiUseCORS","uiSettings","metrikaCounter","ytAuthCluster","odinBaseUrl","YT","uiVersion","parameters","isProduction","res","wrap","_callee$","_context","prev","next","ctx","config","getInterfaceVersion","version","authWay","getAuthWay","isProductionEnv","bodyContent","root","title","lang","meta","name","content","inlineScripts","concat","JSON","stringify","data","metrikaCounterId","id","allowLoginDialog","Boolean","allowOAuth","isOAuthAllowed","oauthButtonLabel","getOAuthSettings","buttonLabel","undefined","allowUserColumnPresets","isUserColumnPresetsEnabled","odinPageEnabled","pluginsOptions","yandexMetrika","counter","layout","abrupt","stop"],"sources":["layout-config.ts"],"sourcesContent":["import type {Request} from 'express';\nimport {YTCoreConfig} from '../../@types/core';\nimport {ConfigData, YTConfig} from '../../shared/yt-types';\nimport {AppLayoutConfig} from '../render-layout';\nimport {isUserColumnPresetsEnabled} from '../controllers/table-column-preset';\nimport {getInterfaceVersion, isProductionEnv} from '../utils';\nimport {getAuthWay} from '../utils/authorization';\nimport {getOAuthSettings, isOAuthAllowed} from './oauth';\n\ninterface Params {\n    login?: string;\n    uid?: string;\n    cluster: string | undefined;\n    settings: ConfigData['settings'];\n    ytConfig: Partial<YTConfig>;\n}\n\nexport async function getLayoutConfig(req: Request, params: Params): Promise<AppLayoutConfig> {\n    const {login, ytConfig, settings} = params;\n    const {ytApiUseCORS, uiSettings, metrikaCounter, ytAuthCluster, odinBaseUrl} = req.ctx\n        .config as YTCoreConfig;\n    const YT = ytConfig;\n    const uiVersion = getInterfaceVersion();\n\n    const parameters = {\n        interface: {\n            version: uiVersion,\n        },\n        login,\n        authWay: getAuthWay(req),\n    };\n\n    const isProduction = isProductionEnv();\n\n    const res: AppLayoutConfig = {\n        bodyContent: {root: ''},\n        title: 'YT',\n        lang: 'en',\n        meta: [\n            {\n                name: 'viewport',\n                content: 'width=device-width, initial-scale=1.0',\n            },\n        ],\n        inlineScripts: [\n            `window.YT = Object.assign(window.YT || {}, ${JSON.stringify(YT)}, ${JSON.stringify({\n                parameters,\n            })});`,\n            `window.YT.environment = window.YT.environment || (${isProduction} ? 'production' : 'development');`,\n        ],\n        data: {\n            settings,\n            ytApiUseCORS,\n            uiSettings,\n            metrikaCounterId: metrikaCounter?.[0]?.id,\n            allowLoginDialog: Boolean(ytAuthCluster),\n            allowOAuth: isOAuthAllowed(req),\n            oauthButtonLabel: isOAuthAllowed(req) ? getOAuthSettings(req).buttonLabel : undefined,\n            allowUserColumnPresets: isUserColumnPresetsEnabled(req),\n            odinPageEnabled: Boolean(odinBaseUrl),\n        },\n        pluginsOptions: {\n            yandexMetrika: {\n                counter: metrikaCounter,\n            },\n            layout: {\n                name: 'main',\n            },\n        },\n    };\n    return res;\n}\n"],"mappings":";;;;;;;;AAIA,IAAAA,kBAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,cAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAAwD,SAAAI,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAUxD,SAAsBG,eAAeA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,gBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAsDpC,SAAAF,iBAAA;EAAAA,gBAAA,OAAAG,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CAtDM,SAAAC,QAA+BC,GAAY,EAAEC,MAAc;IAAA,IAAAC,gBAAA;IAAA,IAAAC,KAAA,EAAAC,QAAA,EAAAC,QAAA,EAAAC,IAAA,EAAAC,YAAA,EAAAC,UAAA,EAAAC,cAAA,EAAAC,aAAA,EAAAC,WAAA,EAAAC,EAAA,EAAAC,SAAA,EAAAC,UAAA,EAAAC,YAAA,EAAAC,GAAA;IAAA,OAAAnB,oBAAA,CAAAoB,IAAA,UAAAC,SAAAC,QAAA;MAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAE,IAAA;QAAA;UACvDlB,KAAK,GAAwBF,MAAM,CAAnCE,KAAK,EAAEC,QAAQ,GAAcH,MAAM,CAA5BG,QAAQ,EAAEC,QAAQ,GAAIJ,MAAM,CAAlBI,QAAQ;UAAAC,IAAA,GAC+CN,GAAG,CAACsB,GAAG,CACjFC,MAAM,EADJhB,YAAY,GAAAD,IAAA,CAAZC,YAAY,EAAEC,UAAU,GAAAF,IAAA,CAAVE,UAAU,EAAEC,cAAc,GAAAH,IAAA,CAAdG,cAAc,EAAEC,aAAa,GAAAJ,IAAA,CAAbI,aAAa,EAAEC,WAAW,GAAAL,IAAA,CAAXK,WAAW;UAErEC,EAAE,GAAGR,QAAQ;UACbS,SAAS,GAAG,IAAAW,0BAAmB,EAAC,CAAC;UAEjCV,UAAU,GAAG;YACf,aAAW;cACPW,OAAO,EAAEZ;YACb,CAAC;YACDV,KAAK,EAALA,KAAK;YACLuB,OAAO,EAAE,IAAAC,yBAAU,EAAC3B,GAAG;UAC3B,CAAC;UAEKe,YAAY,GAAG,IAAAa,sBAAe,EAAC,CAAC;UAEhCZ,GAAoB,GAAG;YACzBa,WAAW,EAAE;cAACC,IAAI,EAAE;YAAE,CAAC;YACvBC,KAAK,EAAE,IAAI;YACXC,IAAI,EAAE,IAAI;YACVC,IAAI,EAAE,CACF;cACIC,IAAI,EAAE,UAAU;cAChBC,OAAO,EAAE;YACb,CAAC,CACJ;YACDC,aAAa,EAAE,+CAAAC,MAAA,CACmCC,IAAI,CAACC,SAAS,CAAC3B,EAAE,CAAC,QAAAyB,MAAA,CAAKC,IAAI,CAACC,SAAS,CAAC;cAChFzB,UAAU,EAAVA;YACJ,CAAC,CAAC,8DAAAuB,MAAA,CACmDtB,YAAY,uCACpE;YACDyB,IAAI,EAAE;cACFnC,QAAQ,EAARA,QAAQ;cACRE,YAAY,EAAZA,YAAY;cACZC,UAAU,EAAVA,UAAU;cACViC,gBAAgB,EAAEhC,cAAc,aAAdA,cAAc,gBAAAP,gBAAA,GAAdO,cAAc,CAAG,CAAC,CAAC,cAAAP,gBAAA,uBAAnBA,gBAAA,CAAqBwC,EAAE;cACzCC,gBAAgB,EAAEC,OAAO,CAAClC,aAAa,CAAC;cACxCmC,UAAU,EAAE,IAAAC,qBAAc,EAAC9C,GAAG,CAAC;cAC/B+C,gBAAgB,EAAE,IAAAD,qBAAc,EAAC9C,GAAG,CAAC,GAAG,IAAAgD,uBAAgB,EAAChD,GAAG,CAAC,CAACiD,WAAW,GAAGC,SAAS;cACrFC,sBAAsB,EAAE,IAAAC,6CAA0B,EAACpD,GAAG,CAAC;cACvDqD,eAAe,EAAET,OAAO,CAACjC,WAAW;YACxC,CAAC;YACD2C,cAAc,EAAE;cACZC,aAAa,EAAE;gBACXC,OAAO,EAAE/C;cACb,CAAC;cACDgD,MAAM,EAAE;gBACJvB,IAAI,EAAE;cACV;YACJ;UACJ,CAAC;UAAA,OAAAf,QAAA,CAAAuC,MAAA,WACM1C,GAAG;QAAA;QAAA;UAAA,OAAAG,QAAA,CAAAwC,IAAA;MAAA;IAAA,GAAA5D,OAAA;EAAA,CACb;EAAA,OAAAN,gBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA"}

package/build/cjs/server/components/oauth.d.ts

@@ -0,0 +1,26 @@
+import type { Request, Response } from 'express';
+export declare function isOAuthAllowed(req: Request): boolean;
+export declare function getOAuthSettings(req: Request): {
+    baseURL: string;
+    authPath: string;
+    logoutPath: string;
+    tokenPath: string;
+    clientId: string;
+    clientSecret: string;
+    scope: string;
+    buttonLabel?: string | undefined;
+};
+export type OAuthAuthorizationTokens = {
+    access_token: string;
+    expires_in: number;
+    refresh_token: string;
+    refresh_expires_in: number;
+};
+export declare function isUserOAuthLogged(req: Request): boolean;
+export declare function getOAuthAccessToken(req: Request, res: Response): Promise<any>;
+export declare function removeOAuthCookies(res: Response): void;
+export declare function saveOAuthTokensInCookies(res: Response, tokens: OAuthAuthorizationTokens): void;
+export declare function getOAuthLoginPath(req: Request): string;
+export declare function getOAuthLogoutPath(req: Request): string;
+export declare function refreshOAuthToken(req: Request, token: string): Promise<OAuthAuthorizationTokens>;
+export declare function exchangeOAuthToken(req: Request, code: string): Promise<OAuthAuthorizationTokens>;

package/build/cjs/server/components/oauth.js

@@ -0,0 +1,123 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exchangeOAuthToken = exports.refreshOAuthToken = exports.getOAuthLogoutPath = exports.getOAuthLoginPath = exports.saveOAuthTokensInCookies = exports.removeOAuthCookies = exports.getOAuthAccessToken = exports.isUserOAuthLogged = exports.getOAuthSettings = exports.isOAuthAllowed = void 0;
+const axios_1 = __importDefault(require("axios"));
+const constants_1 = require("../../shared/constants");
+function isOAuthAllowed(req) {
+    const config = req.ctx.config.ytOAuthSettings;
+    return Boolean(config &&
+        config.baseURL &&
+        config.authPath &&
+        config.tokenPath &&
+        config.clientId &&
+        config.clientSecret);
+}
+exports.isOAuthAllowed = isOAuthAllowed;
+function getOAuthSettings(req) {
+    const config = req.ctx.config.ytOAuthSettings;
+    if (!config) {
+        throw new Error('OAuth settings is not specified');
+    }
+    return config;
+}
+exports.getOAuthSettings = getOAuthSettings;
+function isUserOAuthLogged(req) {
+    return (Boolean(req.cookies[constants_1.YT_OAUTH_ACCESS_TOKEN_NAME]) ||
+        Boolean(req.cookies[constants_1.YT_OAUTH_REFRESH_TOKEN_NAME]));
+}
+exports.isUserOAuthLogged = isUserOAuthLogged;
+async function getOAuthAccessToken(req, res) {
+    if (req.cookies[constants_1.YT_OAUTH_ACCESS_TOKEN_NAME]) {
+        return req.cookies[constants_1.YT_OAUTH_ACCESS_TOKEN_NAME];
+    }
+    else if (req.cookies[constants_1.YT_OAUTH_REFRESH_TOKEN_NAME]) {
+        const tokens = await refreshOAuthToken(req, req.cookies[constants_1.YT_OAUTH_REFRESH_TOKEN_NAME]);
+        saveOAuthTokensInCookies(res, tokens);
+        return tokens.access_token;
+    }
+    return undefined;
+}
+exports.getOAuthAccessToken = getOAuthAccessToken;
+function removeOAuthCookies(res) {
+    res.clearCookie(constants_1.YT_OAUTH_ACCESS_TOKEN_NAME);
+    res.clearCookie(constants_1.YT_OAUTH_REFRESH_TOKEN_NAME);
+}
+exports.removeOAuthCookies = removeOAuthCookies;
+function saveOAuthTokensInCookies(res, tokens) {
+    res.cookie(constants_1.YT_OAUTH_ACCESS_TOKEN_NAME, tokens.access_token, {
+        maxAge: tokens.expires_in * 1000,
+        httpOnly: true,
+        secure: true,
+    });
+    if (tokens.refresh_token) {
+        res.cookie(constants_1.YT_OAUTH_REFRESH_TOKEN_NAME, tokens.refresh_token, {
+            maxAge: tokens.refresh_expires_in,
+            httpOnly: true,
+            secure: true,
+        });
+    }
+}
+exports.saveOAuthTokensInCookies = saveOAuthTokensInCookies;
+function getOAuthLoginPath(req) {
+    const config = getOAuthSettings(req);
+    const host = req.get('host');
+    const params = new URLSearchParams({
+        response_type: 'code',
+        client_id: config.clientId,
+        scope: config.scope,
+        redirect_uri: `https://${host}/api/oauth/callback`,
+    });
+    const url = new URL(config.authPath, config.baseURL);
+    url.search = params.toString();
+    return url.toString();
+}
+exports.getOAuthLoginPath = getOAuthLoginPath;
+function getOAuthLogoutPath(req) {
+    const config = getOAuthSettings(req);
+    const host = req.get('host');
+    const params = new URLSearchParams({
+        post_logout_redirect_uri: `https://${host}/api/oauth/logout/callback`,
+        client_id: config.clientId,
+    });
+    const url = new URL(config.logoutPath, config.baseURL);
+    url.search = params.toString();
+    return url.toString();
+}
+exports.getOAuthLogoutPath = getOAuthLogoutPath;
+async function refreshOAuthToken(req, token) {
+    const config = getOAuthSettings(req);
+    const params = new URLSearchParams({
+        grant_type: 'refresh_token',
+        client_id: config === null || config === void 0 ? void 0 : config.clientId,
+        refresh_token: token,
+        client_secret: config === null || config === void 0 ? void 0 : config.clientSecret,
+    });
+    const { data } = await axios_1.default.post(new URL(config.tokenPath, config.baseURL).toString(), params.toString(), {
+        headers: {
+            'Content-type': 'application/x-www-form-urlencoded',
+        },
+    });
+    return data;
+}
+exports.refreshOAuthToken = refreshOAuthToken;
+async function exchangeOAuthToken(req, code) {
+    const config = getOAuthSettings(req);
+    const host = req.get('host');
+    const params = new URLSearchParams({
+        grant_type: 'authorization_code',
+        client_id: config.clientId,
+        code: code,
+        client_secret: config.clientSecret,
+        redirect_uri: `https://${host}/api/oauth/callback`,
+    });
+    const { data } = await axios_1.default.post(new URL(config.tokenPath, config.baseURL).toString(), params.toString(), {
+        headers: {
+            'Content-type': 'application/x-www-form-urlencoded',
+        },
+    });
+    return data;
+}
+exports.exchangeOAuthToken = exchangeOAuthToken;

package/build/cjs/server/components/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_axios","_interopRequireDefault","require","_constants","obj","__esModule","default","isOAuthAllowed","req","config","ctx","ytOAuthSettings","Boolean","baseURL","authPath","tokenPath","clientId","clientSecret","getOAuthSettings","Error","isUserOAuthLogged","cookies","YT_OAUTH_ACCESS_TOKEN_NAME","YT_OAUTH_REFRESH_TOKEN_NAME","getOAuthAccessToken","_x","_x2","_getOAuthAccessToken","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee","res","tokens","wrap","_callee$","_context","prev","next","abrupt","refreshOAuthToken","sent","saveOAuthTokensInCookies","access_token","undefined","stop","removeOAuthCookies","clearCookie","cookie","maxAge","expires_in","httpOnly","secure","refresh_token","refresh_expires_in","getOAuthLoginPath","host","get","params","URLSearchParams","response_type","client_id","scope","redirect_uri","concat","url","URL","search","toString","getOAuthLogoutPath","post_logout_redirect_uri","logoutPath","_x3","_x4","_refreshOAuthToken","_callee2","token","_yield$axios$post","data","_callee2$","_context2","grant_type","client_secret","axios","post","headers","exchangeOAuthToken","_x5","_x6","_exchangeOAuthToken","_callee3","code","_yield$axios$post2","_callee3$","_context3"],"sources":["oauth.ts"],"sourcesContent":["import axios from 'axios';\nimport type {Request, Response} from 'express';\nimport {YT_OAUTH_ACCESS_TOKEN_NAME, YT_OAUTH_REFRESH_TOKEN_NAME} from '../../shared/constants';\n\nexport function isOAuthAllowed(req: Request) {\n    const config = req.ctx.config.ytOAuthSettings;\n    return Boolean(\n        config &&\n            config.baseURL &&\n            config.authPath &&\n            config.tokenPath &&\n            config.clientId &&\n            config.clientSecret,\n    );\n}\n\nexport function getOAuthSettings(req: Request) {\n    const config = req.ctx.config.ytOAuthSettings;\n    if (!config) {\n        throw new Error('OAuth settings is not specified');\n    }\n    return config;\n}\n\n// See https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.3.3\nexport type OAuthAuthorizationTokens = {\n    access_token: string;\n    expires_in: number;\n    refresh_token: string;\n    refresh_expires_in: number;\n};\n\nexport function isUserOAuthLogged(req: Request) {\n    return (\n        Boolean(req.cookies[YT_OAUTH_ACCESS_TOKEN_NAME]) ||\n        Boolean(req.cookies[YT_OAUTH_REFRESH_TOKEN_NAME])\n    );\n}\n\nexport async function getOAuthAccessToken(req: Request, res: Response) {\n    if (req.cookies[YT_OAUTH_ACCESS_TOKEN_NAME]) {\n        return req.cookies[YT_OAUTH_ACCESS_TOKEN_NAME];\n    } else if (req.cookies[YT_OAUTH_REFRESH_TOKEN_NAME]) {\n        const tokens = await refreshOAuthToken(\n            req,\n            req.cookies[YT_OAUTH_REFRESH_TOKEN_NAME] as string,\n        );\n        saveOAuthTokensInCookies(res, tokens);\n        return tokens.access_token;\n    }\n    return undefined;\n}\n\nexport function removeOAuthCookies(res: Response) {\n    res.clearCookie(YT_OAUTH_ACCESS_TOKEN_NAME);\n    res.clearCookie(YT_OAUTH_REFRESH_TOKEN_NAME);\n}\n\nexport function saveOAuthTokensInCookies(res: Response, tokens: OAuthAuthorizationTokens) {\n    res.cookie(YT_OAUTH_ACCESS_TOKEN_NAME, tokens.access_token, {\n        maxAge: tokens.expires_in * 1000,\n        httpOnly: true,\n        secure: true,\n    });\n\n    if (tokens.refresh_token) {\n        res.cookie(YT_OAUTH_REFRESH_TOKEN_NAME, tokens.refresh_token, {\n            maxAge: tokens.refresh_expires_in,\n            httpOnly: true,\n            secure: true,\n        });\n    }\n}\n\nexport function getOAuthLoginPath(req: Request) {\n    const config = getOAuthSettings(req);\n    const host = req.get('host');\n    const params = new URLSearchParams({\n        response_type: 'code',\n        client_id: config.clientId,\n        scope: config.scope,\n        redirect_uri: `https://${host}/api/oauth/callback`,\n    });\n\n    const url = new URL(config.authPath, config.baseURL);\n    url.search = params.toString();\n\n    return url.toString();\n}\n\nexport function getOAuthLogoutPath(req: Request) {\n    const config = getOAuthSettings(req);\n    const host = req.get('host');\n    const params = new URLSearchParams({\n        post_logout_redirect_uri: `https://${host}/api/oauth/logout/callback`,\n        client_id: config.clientId,\n    });\n\n    const url = new URL(config.logoutPath, config.baseURL);\n    url.search = params.toString();\n\n    return url.toString();\n}\n\nexport async function refreshOAuthToken(\n    req: Request,\n    token: string,\n): Promise<OAuthAuthorizationTokens> {\n    const config = getOAuthSettings(req);\n    const params = new URLSearchParams({\n        grant_type: 'refresh_token',\n        client_id: config?.clientId,\n        refresh_token: token,\n        client_secret: config?.clientSecret,\n    });\n    const {data} = await axios.post(\n        new URL(config.tokenPath, config.baseURL).toString(),\n        params.toString(),\n        {\n            headers: {\n                'Content-type': 'application/x-www-form-urlencoded',\n            },\n        },\n    );\n    return data;\n}\n\nexport async function exchangeOAuthToken(\n    req: Request,\n    code: string,\n): Promise<OAuthAuthorizationTokens> {\n    const config = getOAuthSettings(req);\n    const host = req.get('host');\n    const params = new URLSearchParams({\n        grant_type: 'authorization_code',\n        client_id: config.clientId,\n        code: code as string,\n        client_secret: config.clientSecret,\n        redirect_uri: `https://${host}/api/oauth/callback`,\n    });\n\n    const {data} = await axios.post(\n        new URL(config.tokenPath, config.baseURL).toString(),\n        params.toString(),\n        {\n            headers: {\n                'Content-type': 'application/x-www-form-urlencoded',\n            },\n        },\n    );\n    return data;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAAA,IAAAA,MAAA,GAAAC,sBAAA,CAAAC,OAAA;AAEA,IAAAC,UAAA,GAAAD,OAAA;AAA8F,SAAAD,uBAAAG,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAEvF,SAASG,cAAcA,CAACC,GAAY,EAAE;EACzC,IAAMC,MAAM,GAAGD,GAAG,CAACE,GAAG,CAACD,MAAM,CAACE,eAAe;EAC7C,OAAOC,OAAO,CACVH,MAAM,IACFA,MAAM,CAACI,OAAO,IACdJ,MAAM,CAACK,QAAQ,IACfL,MAAM,CAACM,SAAS,IAChBN,MAAM,CAACO,QAAQ,IACfP,MAAM,CAACQ,YACf,CAAC;AACL;AAEO,SAASC,gBAAgBA,CAACV,GAAY,EAAE;EAC3C,IAAMC,MAAM,GAAGD,GAAG,CAACE,GAAG,CAACD,MAAM,CAACE,eAAe;EAC7C,IAAI,CAACF,MAAM,EAAE;IACT,MAAM,IAAIU,KAAK,CAAC,iCAAiC,CAAC;EACtD;EACA,OAAOV,MAAM;AACjB;;AAEA;;AAQO,SAASW,iBAAiBA,CAACZ,GAAY,EAAE;EAC5C,OACII,OAAO,CAACJ,GAAG,CAACa,OAAO,CAACC,qCAA0B,CAAC,CAAC,IAChDV,OAAO,CAACJ,GAAG,CAACa,OAAO,CAACE,sCAA2B,CAAC,CAAC;AAEzD;AAEA,SAAsBC,mBAAmBA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,oBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAYxC,SAAAF,qBAAA;EAAAA,oBAAA,OAAAG,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CAZM,SAAAC,QAAmCzB,GAAY,EAAE0B,GAAa;IAAA,IAAAC,MAAA;IAAA,OAAAJ,oBAAA,CAAAK,IAAA,UAAAC,SAAAC,QAAA;MAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAE,IAAA;QAAA;UAAA,KAC7DhC,GAAG,CAACa,OAAO,CAACC,qCAA0B,CAAC;YAAAgB,QAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,OAAAF,QAAA,CAAAG,MAAA,WAChCjC,GAAG,CAACa,OAAO,CAACC,qCAA0B,CAAC;QAAA;UAAA,KACvCd,GAAG,CAACa,OAAO,CAACE,sCAA2B,CAAC;YAAAe,QAAA,CAAAE,IAAA;YAAA;UAAA;UAAAF,QAAA,CAAAE,IAAA;UAAA,OAC1BE,iBAAiB,CAClClC,GAAG,EACHA,GAAG,CAACa,OAAO,CAACE,sCAA2B,CAC3C,CAAC;QAAA;UAHKY,MAAM,GAAAG,QAAA,CAAAK,IAAA;UAIZC,wBAAwB,CAACV,GAAG,EAAEC,MAAM,CAAC;UAAC,OAAAG,QAAA,CAAAG,MAAA,WAC/BN,MAAM,CAACU,YAAY;QAAA;UAAA,OAAAP,QAAA,CAAAG,MAAA,WAEvBK,SAAS;QAAA;QAAA;UAAA,OAAAR,QAAA,CAAAS,IAAA;MAAA;IAAA,GAAAd,OAAA;EAAA,CACnB;EAAA,OAAAN,oBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAEM,SAASmB,kBAAkBA,CAACd,GAAa,EAAE;EAC9CA,GAAG,CAACe,WAAW,CAAC3B,qCAA0B,CAAC;EAC3CY,GAAG,CAACe,WAAW,CAAC1B,sCAA2B,CAAC;AAChD;AAEO,SAASqB,wBAAwBA,CAACV,GAAa,EAAEC,MAAgC,EAAE;EACtFD,GAAG,CAACgB,MAAM,CAAC5B,qCAA0B,EAAEa,MAAM,CAACU,YAAY,EAAE;IACxDM,MAAM,EAAEhB,MAAM,CAACiB,UAAU,GAAG,IAAI;IAChCC,QAAQ,EAAE,IAAI;IACdC,MAAM,EAAE;EACZ,CAAC,CAAC;EAEF,IAAInB,MAAM,CAACoB,aAAa,EAAE;IACtBrB,GAAG,CAACgB,MAAM,CAAC3B,sCAA2B,EAAEY,MAAM,CAACoB,aAAa,EAAE;MAC1DJ,MAAM,EAAEhB,MAAM,CAACqB,kBAAkB;MACjCH,QAAQ,EAAE,IAAI;MACdC,MAAM,EAAE;IACZ,CAAC,CAAC;EACN;AACJ;AAEO,SAASG,iBAAiBA,CAACjD,GAAY,EAAE;EAC5C,IAAMC,MAAM,GAAGS,gBAAgB,CAACV,GAAG,CAAC;EACpC,IAAMkD,IAAI,GAAGlD,GAAG,CAACmD,GAAG,CAAC,MAAM,CAAC;EAC5B,IAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IAC/BC,aAAa,EAAE,MAAM;IACrBC,SAAS,EAAEtD,MAAM,CAACO,QAAQ;IAC1BgD,KAAK,EAAEvD,MAAM,CAACuD,KAAK;IACnBC,YAAY,aAAAC,MAAA,CAAaR,IAAI;EACjC,CAAC,CAAC;EAEF,IAAMS,GAAG,GAAG,IAAIC,GAAG,CAAC3D,MAAM,CAACK,QAAQ,EAAEL,MAAM,CAACI,OAAO,CAAC;EACpDsD,GAAG,CAACE,MAAM,GAAGT,MAAM,CAACU,QAAQ,CAAC,CAAC;EAE9B,OAAOH,GAAG,CAACG,QAAQ,CAAC,CAAC;AACzB;AAEO,SAASC,kBAAkBA,CAAC/D,GAAY,EAAE;EAC7C,IAAMC,MAAM,GAAGS,gBAAgB,CAACV,GAAG,CAAC;EACpC,IAAMkD,IAAI,GAAGlD,GAAG,CAACmD,GAAG,CAAC,MAAM,CAAC;EAC5B,IAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IAC/BW,wBAAwB,aAAAN,MAAA,CAAaR,IAAI,+BAA4B;IACrEK,SAAS,EAAEtD,MAAM,CAACO;EACtB,CAAC,CAAC;EAEF,IAAMmD,GAAG,GAAG,IAAIC,GAAG,CAAC3D,MAAM,CAACgE,UAAU,EAAEhE,MAAM,CAACI,OAAO,CAAC;EACtDsD,GAAG,CAACE,MAAM,GAAGT,MAAM,CAACU,QAAQ,CAAC,CAAC;EAE9B,OAAOH,GAAG,CAACG,QAAQ,CAAC,CAAC;AACzB;AAEA,SAAsB5B,iBAAiBA,CAAAgC,GAAA,EAAAC,GAAA;EAAA,OAAAC,kBAAA,CAAAhD,KAAA,OAAAC,SAAA;AAAA;AAqBtC,SAAA+C,mBAAA;EAAAA,kBAAA,OAAA9C,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CArBM,SAAA6C,SACHrE,GAAY,EACZsE,KAAa;IAAA,IAAArE,MAAA,EAAAmD,MAAA,EAAAmB,iBAAA,EAAAC,IAAA;IAAA,OAAAjD,oBAAA,CAAAK,IAAA,UAAA6C,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAA3C,IAAA,GAAA2C,SAAA,CAAA1C,IAAA;QAAA;UAEP/B,MAAM,GAAGS,gBAAgB,CAACV,GAAG,CAAC;UAC9BoD,MAAM,GAAG,IAAIC,eAAe,CAAC;YAC/BsB,UAAU,EAAE,eAAe;YAC3BpB,SAAS,EAAEtD,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEO,QAAQ;YAC3BuC,aAAa,EAAEuB,KAAK;YACpBM,aAAa,EAAE3E,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEQ;UAC3B,CAAC,CAAC;UAAAiE,SAAA,CAAA1C,IAAA;UAAA,OACmB6C,cAAK,CAACC,IAAI,CAC3B,IAAIlB,GAAG,CAAC3D,MAAM,CAACM,SAAS,EAAEN,MAAM,CAACI,OAAO,CAAC,CAACyD,QAAQ,CAAC,CAAC,EACpDV,MAAM,CAACU,QAAQ,CAAC,CAAC,EACjB;YACIiB,OAAO,EAAE;cACL,cAAc,EAAE;YACpB;UACJ,CACJ,CAAC;QAAA;UAAAR,iBAAA,GAAAG,SAAA,CAAAvC,IAAA;UARMqC,IAAI,GAAAD,iBAAA,CAAJC,IAAI;UAAA,OAAAE,SAAA,CAAAzC,MAAA,WASJuC,IAAI;QAAA;QAAA;UAAA,OAAAE,SAAA,CAAAnC,IAAA;MAAA;IAAA,GAAA8B,QAAA;EAAA,CACd;EAAA,OAAAD,kBAAA,CAAAhD,KAAA,OAAAC,SAAA;AAAA;AAED,SAAsB2D,kBAAkBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,mBAAA,CAAA/D,KAAA,OAAAC,SAAA;AAAA;AAwBvC,SAAA8D,oBAAA;EAAAA,mBAAA,OAAA7D,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CAxBM,SAAA4D,SACHpF,GAAY,EACZqF,IAAY;IAAA,IAAApF,MAAA,EAAAiD,IAAA,EAAAE,MAAA,EAAAkC,kBAAA,EAAAd,IAAA;IAAA,OAAAjD,oBAAA,CAAAK,IAAA,UAAA2D,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAzD,IAAA,GAAAyD,SAAA,CAAAxD,IAAA;QAAA;UAEN/B,MAAM,GAAGS,gBAAgB,CAACV,GAAG,CAAC;UAC9BkD,IAAI,GAAGlD,GAAG,CAACmD,GAAG,CAAC,MAAM,CAAC;UACtBC,MAAM,GAAG,IAAIC,eAAe,CAAC;YAC/BsB,UAAU,EAAE,oBAAoB;YAChCpB,SAAS,EAAEtD,MAAM,CAACO,QAAQ;YAC1B6E,IAAI,EAAEA,IAAc;YACpBT,aAAa,EAAE3E,MAAM,CAACQ,YAAY;YAClCgD,YAAY,aAAAC,MAAA,CAAaR,IAAI;UACjC,CAAC,CAAC;UAAAsC,SAAA,CAAAxD,IAAA;UAAA,OAEmB6C,cAAK,CAACC,IAAI,CAC3B,IAAIlB,GAAG,CAAC3D,MAAM,CAACM,SAAS,EAAEN,MAAM,CAACI,OAAO,CAAC,CAACyD,QAAQ,CAAC,CAAC,EACpDV,MAAM,CAACU,QAAQ,CAAC,CAAC,EACjB;YACIiB,OAAO,EAAE;cACL,cAAc,EAAE;YACpB;UACJ,CACJ,CAAC;QAAA;UAAAO,kBAAA,GAAAE,SAAA,CAAArD,IAAA;UARMqC,IAAI,GAAAc,kBAAA,CAAJd,IAAI;UAAA,OAAAgB,SAAA,CAAAvD,MAAA,WASJuC,IAAI;QAAA;QAAA;UAAA,OAAAgB,SAAA,CAAAjD,IAAA;MAAA;IAAA,GAAA6C,QAAA;EAAA,CACd;EAAA,OAAAD,mBAAA,CAAA/D,KAAA,OAAAC,SAAA;AAAA"}

package/build/cjs/server/components/yt-auth.d.ts

@@ -0,0 +1,6 @@
+import { AppConfig } from '@gravity-ui/nodekit';
+import type { Response } from 'express';
+export declare function isYtAuthEnabled(config: AppConfig): boolean;
+export declare function assertAuthEnabled(ytAuthCluster?: string): asserts ytAuthCluster is string;
+export declare function getAuthCluster(config: AppConfig): string;
+export declare function YTAuthLogout(res: Response): void;

package/build/cjs/server/components/yt-auth.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.YTAuthLogout = exports.getAuthCluster = exports.assertAuthEnabled = exports.isYtAuthEnabled = void 0;
+const constants_1 = require("../../shared/constants");
+function isYtAuthEnabled(config) {
+    return Boolean(config.ytAuthCluster);
+}
+exports.isYtAuthEnabled = isYtAuthEnabled;
+function assertAuthEnabled(ytAuthCluster) {
+    if (!ytAuthCluster) {
+        throw new Error('Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.');
+    }
+}
+exports.assertAuthEnabled = assertAuthEnabled;
+function getAuthCluster(config) {
+    assertAuthEnabled(config.ytAuthCluster);
+    return config.ytAuthCluster;
+}
+exports.getAuthCluster = getAuthCluster;
+function YTAuthLogout(res) {
+    res.setHeader('set-cookie', `${constants_1.YT_CYPRESS_COOKIE_NAME}=deleted; Path=/; Max-Age=0;`);
+}
+exports.YTAuthLogout = YTAuthLogout;

package/build/cjs/server/components/yt-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_constants","require","isYtAuthEnabled","config","Boolean","ytAuthCluster","assertAuthEnabled","Error","getAuthCluster","YTAuthLogout","res","setHeader","concat","YT_CYPRESS_COOKIE_NAME"],"sources":["yt-auth.ts"],"sourcesContent":["import {AppConfig} from '@gravity-ui/nodekit';\nimport type {Response} from 'express';\nimport {YT_CYPRESS_COOKIE_NAME} from '../../shared/constants';\n\nexport function isYtAuthEnabled(config: AppConfig) {\n    return Boolean(config.ytAuthCluster);\n}\n\nexport function assertAuthEnabled(ytAuthCluster?: string): asserts ytAuthCluster is string {\n    if (!ytAuthCluster) {\n        throw new Error(\n            'Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.',\n        );\n    }\n}\n\nexport function getAuthCluster(config: AppConfig) {\n    assertAuthEnabled(config.ytAuthCluster);\n    return config.ytAuthCluster;\n}\n\nexport function YTAuthLogout(res: Response) {\n    res.setHeader('set-cookie', `${YT_CYPRESS_COOKIE_NAME}=deleted; Path=/; Max-Age=0;`);\n}\n"],"mappings":";;;;;;;;;AAEA,IAAAA,UAAA,GAAAC,OAAA;AAEO,SAASC,eAAeA,CAACC,MAAiB,EAAE;EAC/C,OAAOC,OAAO,CAACD,MAAM,CAACE,aAAa,CAAC;AACxC;AAEO,SAASC,iBAAiBA,CAACD,aAAsB,EAAmC;EACvF,IAAI,CAACA,aAAa,EAAE;IAChB,MAAM,IAAIE,KAAK,CACX,8FACJ,CAAC;EACL;AACJ;AAEO,SAASC,cAAcA,CAACL,MAAiB,EAAE;EAC9CG,iBAAiB,CAACH,MAAM,CAACE,aAAa,CAAC;EACvC,OAAOF,MAAM,CAACE,aAAa;AAC/B;AAEO,SAASI,YAAYA,CAACC,GAAa,EAAE;EACxCA,GAAG,CAACC,SAAS,CAAC,YAAY,KAAAC,MAAA,CAAKC,iCAAsB,iCAA8B,CAAC;AACxF"}

package/build/cjs/server/controllers/login.d.ts

@@ -1,4 +1,3 @@
 import type { Request, Response } from 'express';
 export declare function handleLogin(req: Request, res: Response): Promise<void>;
-export declare function handleLogout(req: Request, res: Response): Promise<void>;
 export declare function handleChangePassword(req: Request, res: Response): Promise<void>;

package/build/cjs/server/controllers/login.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.handleChangePassword = exports.handleLogout = exports.handleLogin = void 0;
+exports.handleChangePassword = exports.handleLogin = void 0;
 const axios_1 = __importDefault(require("axios"));
 const lodash_1 = __importDefault(require("lodash"));
 const constants_1 = require("../../shared/constants");
@@ -13,16 +13,11 @@ const crypto_1 = __importDefault(require("crypto"));
 // @ts-ignore
 const javascript_wrapper_1 = __importDefault(require("@ytsaurus/javascript-wrapper"));
 const cluster_queries_1 = require("../components/cluster-queries");
+const yt_auth_1 = require("../components/yt-auth");
 const yt = (0, javascript_wrapper_1.default)();
-function throwAuthDisabled() {
-    throw new Error('Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.');
-}
 async function handleLogin(req, res) {
     try {
-        const { ytAuthCluster } = req.ctx.config;
-        if (!ytAuthCluster) {
-            return throwAuthDisabled();
-        }
+        const ytAuthCluster = (0, yt_auth_1.getAuthCluster)(req.ctx.config);
         const { username, password } = JSON.parse(req.body) || {};
         if (!username || !password) {
             throw new Error('Username and password must not be empty');
@@ -72,26 +67,9 @@ function removeSecureFlagIfOriginInsecure(req, headers) {
         return acc;
     }, {});
 }
-async function handleLogout(req, res) {
-    try {
-        const { ytAuthCluster } = req.ctx.config;
-        if (!ytAuthCluster) {
-            return throwAuthDisabled();
-        }
-        res.setHeader('set-cookie', `${constants_1.YT_CYPRESS_COOKIE_NAME}=deleted; Path=/; Max-Age=0;`);
-        res.status(401).send('Logout');
-    }
-    catch (e) {
-        (0, utils_1.sendAndLogError)(req.ctx, res, 500, e);
-    }
-}
-exports.handleLogout = handleLogout;
 async function handleChangePassword(req, res) {
     try {
-        const { ytAuthCluster } = req.ctx.config;
-        if (!ytAuthCluster) {
-            return throwAuthDisabled();
-        }
+        const ytAuthCluster = (0, yt_auth_1.getAuthCluster)(req.ctx.config);
         const { newPassword, currentPassword } = JSON.parse(req.body) || {};
         if (!newPassword || !currentPassword) {
             throw new Error('New and current password must not be empty');

package/build/cjs/server/controllers/login.js.map

@@ -1 +1 @@
-{"version":3,"names":["_axios","_interopRequireDefault","require","_constants","_requestsSetup","_utils","_crypto","_javascriptWrapper","_clusterQueries","obj","__esModule","default","yt","ytLib","throwAuthDisabled","Error","handleLogin","_x","_x2","_handleLogin","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee2","req","res","ytAuthCluster","_ref","username","password","_getYTApiClusterSetup","proxyBaseUrl","requestUrl","basicAuth","wrap","_callee2$","_context2","prev","next","ctx","config","abrupt","JSON","parse","body","getYTApiClusterSetup","concat","Buffer","from","toString","axios","request","url","method","headers","_objectSpread","getMetadata","Authorization","timeout","responseType","then","_ref2","_callee","response","pipedSize","_callee$","_context","pipeAxiosResponse","undefined","removeSecureFlagIfOriginInsecure","sent","UNEXPECTED_PIPE_AXIOS_RESPONSE","stop","_x7","t0","sendAndLogError","ytAuthAllowInsecure","origin","startsWith","_reduce","acc","v","k","tmp","_map","item","YT_CYPRESS_COOKIE_NAME","replace","handleLogout","_x3","_x4","_handleLogout","_callee3","_callee3$","_context3","setHeader","status","send","handleChangePassword","_x5","_x6","_handleChangePassword","_callee4","_ref3","newPassword","currentPassword","new_password_sha256","current_password_sha256","cfg","_cfg","setup","_yield$getXSRFToken","login","csrf_token","_callee4$","_context4","crypto","createHash","update","digest","getUserYTApiSetup","getXSRFToken","createOption","v4","setUserPassword","parameters","user","result","err","t1"],"sources":["login.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport axios from 'axios';\nimport _ from 'lodash';\nimport {YT_CYPRESS_COOKIE_NAME} from '../../shared/constants';\nimport {getUserYTApiSetup, getYTApiClusterSetup} from '../components/requestsSetup';\nimport {UNEXPECTED_PIPE_AXIOS_RESPONSE, pipeAxiosResponse, sendAndLogError} from '../utils';\nimport crypto from 'crypto';\n\n// @ts-ignore\nimport ytLib from '@ytsaurus/javascript-wrapper';\nimport {getXSRFToken} from '../components/cluster-queries';\n\nconst yt = ytLib();\n\nfunction throwAuthDisabled() {\n    throw new Error(\n        'Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.',\n    );\n}\n\nexport async function handleLogin(req: Request, res: Response) {\n    try {\n        const {ytAuthCluster} = req.ctx.config;\n        if (!ytAuthCluster) {\n            return throwAuthDisabled();\n        }\n\n        const {username, password} = JSON.parse(req.body) || {};\n        if (!username || !password) {\n            throw new Error('Username and password must not be empty');\n        }\n\n        const {proxyBaseUrl} = getYTApiClusterSetup(ytAuthCluster);\n        const requestUrl = `${proxyBaseUrl}/login`;\n\n        const basicAuth = Buffer.from(`${username}:${password}`).toString('base64');\n\n        await axios\n            .request({\n                url: requestUrl,\n                method: req.method as any,\n                headers: {...req.ctx.getMetadata(), Authorization: `Basic ${basicAuth}`},\n                timeout: 10000,\n                responseType: 'stream',\n            })\n            .then(async (response) => {\n                const pipedSize = await pipeAxiosResponse(\n                    req.ctx,\n                    res,\n                    response,\n                    undefined,\n                    (headers) => removeSecureFlagIfOriginInsecure(req, headers),\n                );\n                if (!pipedSize) {\n                    throw new Error(UNEXPECTED_PIPE_AXIOS_RESPONSE);\n                }\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n\nfunction removeSecureFlagIfOriginInsecure(\n    req: Request,\n    headers: Record<string, string | Array<string>>,\n) {\n    const {ytAuthAllowInsecure} = req.ctx.config;\n    const {origin} = req.headers;\n\n    if (!ytAuthAllowInsecure || 'string' !== typeof origin || !origin.startsWith('http://')) {\n        return headers;\n    }\n\n    return _.reduce(\n        headers,\n        (acc, v, k) => {\n            if (k !== 'set-cookie') {\n                acc[k] = v;\n            } else {\n                const tmp = _.map(v as Array<string>, (item) => {\n                    if (item.startsWith(YT_CYPRESS_COOKIE_NAME)) {\n                        return item.replace(/\\s*Secure;/, '');\n                    }\n                    return item;\n                });\n                acc[k] = tmp;\n            }\n            return acc;\n        },\n        {} as typeof headers,\n    );\n}\n\nexport async function handleLogout(req: Request, res: Response) {\n    try {\n        const {ytAuthCluster} = req.ctx.config;\n        if (!ytAuthCluster) {\n            return throwAuthDisabled();\n        }\n        res.setHeader('set-cookie', `${YT_CYPRESS_COOKIE_NAME}=deleted; Path=/; Max-Age=0;`);\n        res.status(401).send('Logout');\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n\nexport async function handleChangePassword(req: Request, res: Response) {\n    try {\n        const {ytAuthCluster} = req.ctx.config;\n        if (!ytAuthCluster) {\n            return throwAuthDisabled();\n        }\n\n        const {newPassword, currentPassword} = JSON.parse(req.body) || {};\n        if (!newPassword || !currentPassword) {\n            throw new Error('New and current password must not be empty');\n        }\n\n        const new_password_sha256 = crypto.createHash('sha256').update(newPassword).digest('hex');\n        const current_password_sha256 = crypto\n            .createHash('sha256')\n            .update(currentPassword)\n            .digest('hex');\n\n        let cfg;\n        try {\n            cfg = getUserYTApiSetup(ytAuthCluster, req);\n        } catch (e: any) {\n            sendAndLogError(req.ctx, res, 400, e);\n            return;\n        }\n\n        const {setup} = cfg;\n        const {login, csrf_token} = await getXSRFToken(req, cfg);\n\n        yt.setup.createOption('requestHeaders', 'object', {\n            'X-Csrf-Token': csrf_token,\n        });\n\n        await yt.v4\n            .setUserPassword({\n                setup,\n                parameters: {user: login, new_password_sha256, current_password_sha256},\n            })\n            .then((result: unknown) => {\n                res.status(200).send({result});\n            })\n            .catch((err: any) => {\n                sendAndLogError(req.ctx, res, 500, err);\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n"],"mappings":";;;;;;;;;;;;;AACA,IAAAA,MAAA,GAAAC,sBAAA,CAAAC,OAAA;AAEA,IAAAC,UAAA,GAAAD,OAAA;AACA,IAAAE,cAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAL,sBAAA,CAAAC,OAAA;AAGA,IAAAK,kBAAA,GAAAN,sBAAA,CAAAC,OAAA;AACA,IAAAM,eAAA,GAAAN,OAAA;AAA0D,SAAAD,uBAAAQ,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAF1D;;AAIA,IAAMG,EAAE,GAAG,IAAAC,0BAAK,EAAC,CAAC;AAElB,SAASC,iBAAiBA,CAAA,EAAG;EACzB,MAAM,IAAIC,KAAK,CACX,8FACJ,CAAC;AACL;AAEA,SAAsBC,WAAWA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAwChC,SAAAF,aAAA;EAAAA,YAAA,OAAAG,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CAxCM,SAAAC,SAA2BC,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAAC,IAAA,EAAAC,QAAA,EAAAC,QAAA,EAAAC,qBAAA,EAAAC,YAAA,EAAAC,UAAA,EAAAC,SAAA;IAAA,OAAAZ,oBAAA,CAAAa,IAAA,UAAAC,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAC,IAAA,GAAAD,SAAA,CAAAE,IAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAE9CX,aAAa,GAAIF,GAAG,CAACe,GAAG,CAACC,MAAM,CAA/Bd,aAAa;UAAA,IACfA,aAAa;YAAAU,SAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,OAAAF,SAAA,CAAAK,MAAA,WACP7B,iBAAiB,CAAC,CAAC;QAAA;UAAAe,IAAA,GAGDe,IAAI,CAACC,KAAK,CAACnB,GAAG,CAACoB,IAAI,CAAC,IAAI,CAAC,CAAC,EAAhDhB,QAAQ,GAAAD,IAAA,CAARC,QAAQ,EAAEC,QAAQ,GAAAF,IAAA,CAARE,QAAQ;UAAA,MACrB,CAACD,QAAQ,IAAI,CAACC,QAAQ;YAAAO,SAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,MAChB,IAAIzB,KAAK,CAAC,yCAAyC,CAAC;QAAA;UAAAiB,qBAAA,GAGvC,IAAAe,mCAAoB,EAACnB,aAAa,CAAC,EAAnDK,YAAY,GAAAD,qBAAA,CAAZC,YAAY;UACbC,UAAU,MAAAc,MAAA,CAAMf,YAAY;UAE5BE,SAAS,GAAGc,MAAM,CAACC,IAAI,IAAAF,MAAA,CAAIlB,QAAQ,OAAAkB,MAAA,CAAIjB,QAAQ,CAAE,CAAC,CAACoB,QAAQ,CAAC,QAAQ,CAAC;UAAAb,SAAA,CAAAE,IAAA;UAAA,OAErEY,cAAK,CACNC,OAAO,CAAC;YACLC,GAAG,EAAEpB,UAAU;YACfqB,MAAM,EAAE7B,GAAG,CAAC6B,MAAa;YACzBC,OAAO,MAAAC,sBAAA,MAAAA,sBAAA,MAAM/B,GAAG,CAACe,GAAG,CAACiB,WAAW,CAAC,CAAC;cAAEC,aAAa,WAAAX,MAAA,CAAWb,SAAS;YAAE,EAAC;YACxEyB,OAAO,EAAE,KAAK;YACdC,YAAY,EAAE;UAClB,CAAC,CAAC,CACDC,IAAI;YAAA,IAAAC,KAAA,OAAAzC,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CAAC,SAAAwC,QAAOC,QAAQ;cAAA,IAAAC,SAAA;cAAA,OAAA3C,oBAAA,CAAAa,IAAA,UAAA+B,SAAAC,QAAA;gBAAA,kBAAAA,QAAA,CAAA7B,IAAA,GAAA6B,QAAA,CAAA5B,IAAA;kBAAA;oBAAA4B,QAAA,CAAA5B,IAAA;oBAAA,OACO,IAAA6B,wBAAiB,EACrC3C,GAAG,CAACe,GAAG,EACPd,GAAG,EACHsC,QAAQ,EACRK,SAAS,EACT,UAACd,OAAO;sBAAA,OAAKe,gCAAgC,CAAC7C,GAAG,EAAE8B,OAAO,CAAC;oBAAA,CAC/D,CAAC;kBAAA;oBANKU,SAAS,GAAAE,QAAA,CAAAI,IAAA;oBAAA,IAOVN,SAAS;sBAAAE,QAAA,CAAA5B,IAAA;sBAAA;oBAAA;oBAAA,MACJ,IAAIzB,KAAK,CAAC0D,qCAA8B,CAAC;kBAAA;kBAAA;oBAAA,OAAAL,QAAA,CAAAM,IAAA;gBAAA;cAAA,GAAAV,OAAA;YAAA,CAEtD;YAAA,iBAAAW,GAAA;cAAA,OAAAZ,KAAA,CAAA3C,KAAA,OAAAC,SAAA;YAAA;UAAA,IAAC;QAAA;UAAAiB,SAAA,CAAAE,IAAA;UAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAAAD,SAAA,CAAAsC,EAAA,GAAAtC,SAAA;UAEN,IAAAuC,sBAAe,EAACnD,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAW,SAAA,CAAAsC,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAtC,SAAA,CAAAoC,IAAA;MAAA;IAAA,GAAAjD,QAAA;EAAA,CAE7C;EAAA,OAAAN,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,SAASkD,gCAAgCA,CACrC7C,GAAY,EACZ8B,OAA+C,EACjD;EACE,IAAOsB,mBAAmB,GAAIpD,GAAG,CAACe,GAAG,CAACC,MAAM,CAArCoC,mBAAmB;EAC1B,IAAOC,MAAM,GAAIrD,GAAG,CAAC8B,OAAO,CAArBuB,MAAM;EAEb,IAAI,CAACD,mBAAmB,IAAI,QAAQ,KAAK,OAAOC,MAAM,IAAI,CAACA,MAAM,CAACC,UAAU,CAAC,SAAS,CAAC,EAAE;IACrF,OAAOxB,OAAO;EAClB;EAEA,OAAO,IAAAyB,gBAAA,EACHzB,OAAO,EACP,UAAC0B,GAAG,EAAEC,CAAC,EAAEC,CAAC,EAAK;IACX,IAAIA,CAAC,KAAK,YAAY,EAAE;MACpBF,GAAG,CAACE,CAAC,CAAC,GAAGD,CAAC;IACd,CAAC,MAAM;MACH,IAAME,GAAG,GAAG,IAAAC,aAAA,EAAMH,CAAC,EAAmB,UAACI,IAAI,EAAK;QAC5C,IAAIA,IAAI,CAACP,UAAU,CAACQ,iCAAsB,CAAC,EAAE;UACzC,OAAOD,IAAI,CAACE,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;QACzC;QACA,OAAOF,IAAI;MACf,CAAC,CAAC;MACFL,GAAG,CAACE,CAAC,CAAC,GAAGC,GAAG;IAChB;IACA,OAAOH,GAAG;EACd,CAAC,EACD,CAAC,CACL,CAAC;AACL;AAEA,SAAsBQ,YAAYA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,aAAA,CAAAzE,KAAA,OAAAC,SAAA;AAAA;AAWjC,SAAAwE,cAAA;EAAAA,aAAA,OAAAvE,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CAXM,SAAAsE,SAA4BpE,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA;IAAA,OAAAL,oBAAA,CAAAa,IAAA,UAAA2D,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAzD,IAAA,GAAAyD,SAAA,CAAAxD,IAAA;QAAA;UAAAwD,SAAA,CAAAzD,IAAA;UAE/CX,aAAa,GAAIF,GAAG,CAACe,GAAG,CAACC,MAAM,CAA/Bd,aAAa;UAAA,IACfA,aAAa;YAAAoE,SAAA,CAAAxD,IAAA;YAAA;UAAA;UAAA,OAAAwD,SAAA,CAAArD,MAAA,WACP7B,iBAAiB,CAAC,CAAC;QAAA;UAE9Ba,GAAG,CAACsE,SAAS,CAAC,YAAY,KAAAjD,MAAA,CAAKwC,iCAAsB,iCAA8B,CAAC;UACpF7D,GAAG,CAACuE,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAAC,QAAQ,CAAC;UAACH,SAAA,CAAAxD,IAAA;UAAA;QAAA;UAAAwD,SAAA,CAAAzD,IAAA;UAAAyD,SAAA,CAAApB,EAAA,GAAAoB,SAAA;UAE/B,IAAAnB,sBAAe,EAACnD,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAqE,SAAA,CAAApB,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAoB,SAAA,CAAAtB,IAAA;MAAA;IAAA,GAAAoB,QAAA;EAAA,CAE7C;EAAA,OAAAD,aAAA,CAAAzE,KAAA,OAAAC,SAAA;AAAA;AAED,SAAsB+E,oBAAoBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,qBAAA,CAAAnF,KAAA,OAAAC,SAAA;AAAA;AA+CzC,SAAAkF,sBAAA;EAAAA,qBAAA,OAAAjF,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CA/CM,SAAAgF,SAAoC9E,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAA6E,KAAA,EAAAC,WAAA,EAAAC,eAAA,EAAAC,mBAAA,EAAAC,uBAAA,EAAAC,GAAA,EAAAC,IAAA,EAAAC,KAAA,EAAAC,mBAAA,EAAAC,KAAA,EAAAC,UAAA;IAAA,OAAA5F,oBAAA,CAAAa,IAAA,UAAAgF,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAA9E,IAAA,GAAA8E,SAAA,CAAA7E,IAAA;QAAA;UAAA6E,SAAA,CAAA9E,IAAA;UAEvDX,aAAa,GAAIF,GAAG,CAACe,GAAG,CAACC,MAAM,CAA/Bd,aAAa;UAAA,IACfA,aAAa;YAAAyF,SAAA,CAAA7E,IAAA;YAAA;UAAA;UAAA,OAAA6E,SAAA,CAAA1E,MAAA,WACP7B,iBAAiB,CAAC,CAAC;QAAA;UAAA2F,KAAA,GAGS7D,IAAI,CAACC,KAAK,CAACnB,GAAG,CAACoB,IAAI,CAAC,IAAI,CAAC,CAAC,EAA1D4D,WAAW,GAAAD,KAAA,CAAXC,WAAW,EAAEC,eAAe,GAAAF,KAAA,CAAfE,eAAe;UAAA,MAC/B,CAACD,WAAW,IAAI,CAACC,eAAe;YAAAU,SAAA,CAAA7E,IAAA;YAAA;UAAA;UAAA,MAC1B,IAAIzB,KAAK,CAAC,4CAA4C,CAAC;QAAA;UAG3D6F,mBAAmB,GAAGU,eAAM,CAACC,UAAU,CAAC,QAAQ,CAAC,CAACC,MAAM,CAACd,WAAW,CAAC,CAACe,MAAM,CAAC,KAAK,CAAC;UACnFZ,uBAAuB,GAAGS,eAAM,CACjCC,UAAU,CAAC,QAAQ,CAAC,CACpBC,MAAM,CAACb,eAAe,CAAC,CACvBc,MAAM,CAAC,KAAK,CAAC;UAAAJ,SAAA,CAAA9E,IAAA;UAIduE,GAAG,GAAG,IAAAY,gCAAiB,EAAC9F,aAAa,EAAEF,GAAG,CAAC;UAAC2F,SAAA,CAAA7E,IAAA;UAAA;QAAA;UAAA6E,SAAA,CAAA9E,IAAA;UAAA8E,SAAA,CAAAzC,EAAA,GAAAyC,SAAA;UAE5C,IAAAxC,sBAAe,EAACnD,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAA0F,SAAA,CAAAzC,EAAG,CAAC;UAAC,OAAAyC,SAAA,CAAA1E,MAAA;QAAA;UAAAoE,IAAA,GAI1BD,GAAG,EAAZE,KAAK,GAAAD,IAAA,CAALC,KAAK;UAAAK,SAAA,CAAA7E,IAAA;UAAA,OACsB,IAAAmF,4BAAY,EAACjG,GAAG,EAAEoF,GAAG,CAAC;QAAA;UAAAG,mBAAA,GAAAI,SAAA,CAAA7C,IAAA;UAAjD0C,KAAK,GAAAD,mBAAA,CAALC,KAAK;UAAEC,UAAU,GAAAF,mBAAA,CAAVE,UAAU;UAExBvG,EAAE,CAACoG,KAAK,CAACY,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE;YAC9C,cAAc,EAAET;UACpB,CAAC,CAAC;UAACE,SAAA,CAAA7E,IAAA;UAAA,OAEG5B,EAAE,CAACiH,EAAE,CACNC,eAAe,CAAC;YACbd,KAAK,EAALA,KAAK;YACLe,UAAU,EAAE;cAACC,IAAI,EAAEd,KAAK;cAAEN,mBAAmB,EAAnBA,mBAAmB;cAAEC,uBAAuB,EAAvBA;YAAuB;UAC1E,CAAC,CAAC,CACD/C,IAAI,CAAC,UAACmE,MAAe,EAAK;YACvBtG,GAAG,CAACuE,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAAC;cAAC8B,MAAM,EAANA;YAAM,CAAC,CAAC;UAClC,CAAC,CAAC,SACI,CAAC,UAACC,GAAQ,EAAK;YACjB,IAAArD,sBAAe,EAACnD,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAEuG,GAAG,CAAC;UAC3C,CAAC,CAAC;QAAA;UAAAb,SAAA,CAAA7E,IAAA;UAAA;QAAA;UAAA6E,SAAA,CAAA9E,IAAA;UAAA8E,SAAA,CAAAc,EAAA,GAAAd,SAAA;UAEN,IAAAxC,sBAAe,EAACnD,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAA0F,SAAA,CAAAc,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAd,SAAA,CAAA3C,IAAA;MAAA;IAAA,GAAA8B,QAAA;EAAA,CAE7C;EAAA,OAAAD,qBAAA,CAAAnF,KAAA,OAAAC,SAAA;AAAA"}
+{"version":3,"names":["_axios","_interopRequireDefault","require","_constants","_requestsSetup","_utils","_crypto","_javascriptWrapper","_clusterQueries","_ytAuth","obj","__esModule","default","yt","ytLib","handleLogin","_x","_x2","_handleLogin","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee2","req","res","ytAuthCluster","_ref","username","password","_getYTApiClusterSetup","proxyBaseUrl","requestUrl","basicAuth","wrap","_callee2$","_context2","prev","next","getAuthCluster","ctx","config","JSON","parse","body","Error","getYTApiClusterSetup","concat","Buffer","from","toString","axios","request","url","method","headers","_objectSpread","getMetadata","Authorization","timeout","responseType","then","_ref2","_callee","response","pipedSize","_callee$","_context","pipeAxiosResponse","undefined","removeSecureFlagIfOriginInsecure","sent","UNEXPECTED_PIPE_AXIOS_RESPONSE","stop","_x5","t0","sendAndLogError","ytAuthAllowInsecure","origin","startsWith","_reduce","acc","v","k","tmp","_map","item","YT_CYPRESS_COOKIE_NAME","replace","handleChangePassword","_x3","_x4","_handleChangePassword","_callee3","_ref3","newPassword","currentPassword","new_password_sha256","current_password_sha256","cfg","_cfg","setup","_yield$getXSRFToken","login","csrf_token","_callee3$","_context3","crypto","createHash","update","digest","getUserYTApiSetup","abrupt","getXSRFToken","createOption","v4","setUserPassword","parameters","user","result","status","send","err","t1"],"sources":["login.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport axios from 'axios';\nimport _ from 'lodash';\nimport {YT_CYPRESS_COOKIE_NAME} from '../../shared/constants';\nimport {getUserYTApiSetup, getYTApiClusterSetup} from '../components/requestsSetup';\nimport {UNEXPECTED_PIPE_AXIOS_RESPONSE, pipeAxiosResponse, sendAndLogError} from '../utils';\nimport crypto from 'crypto';\n\n// @ts-ignore\nimport ytLib from '@ytsaurus/javascript-wrapper';\nimport {getXSRFToken} from '../components/cluster-queries';\nimport {getAuthCluster} from '../components/yt-auth';\n\nconst yt = ytLib();\n\nexport async function handleLogin(req: Request, res: Response) {\n    try {\n        const ytAuthCluster = getAuthCluster(req.ctx.config);\n\n        const {username, password} = JSON.parse(req.body) || {};\n        if (!username || !password) {\n            throw new Error('Username and password must not be empty');\n        }\n\n        const {proxyBaseUrl} = getYTApiClusterSetup(ytAuthCluster);\n        const requestUrl = `${proxyBaseUrl}/login`;\n\n        const basicAuth = Buffer.from(`${username}:${password}`).toString('base64');\n\n        await axios\n            .request({\n                url: requestUrl,\n                method: req.method as any,\n                headers: {...req.ctx.getMetadata(), Authorization: `Basic ${basicAuth}`},\n                timeout: 10000,\n                responseType: 'stream',\n            })\n            .then(async (response) => {\n                const pipedSize = await pipeAxiosResponse(\n                    req.ctx,\n                    res,\n                    response,\n                    undefined,\n                    (headers) => removeSecureFlagIfOriginInsecure(req, headers),\n                );\n                if (!pipedSize) {\n                    throw new Error(UNEXPECTED_PIPE_AXIOS_RESPONSE);\n                }\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n\nfunction removeSecureFlagIfOriginInsecure(\n    req: Request,\n    headers: Record<string, string | Array<string>>,\n) {\n    const {ytAuthAllowInsecure} = req.ctx.config;\n    const {origin} = req.headers;\n\n    if (!ytAuthAllowInsecure || 'string' !== typeof origin || !origin.startsWith('http://')) {\n        return headers;\n    }\n\n    return _.reduce(\n        headers,\n        (acc, v, k) => {\n            if (k !== 'set-cookie') {\n                acc[k] = v;\n            } else {\n                const tmp = _.map(v as Array<string>, (item) => {\n                    if (item.startsWith(YT_CYPRESS_COOKIE_NAME)) {\n                        return item.replace(/\\s*Secure;/, '');\n                    }\n                    return item;\n                });\n                acc[k] = tmp;\n            }\n            return acc;\n        },\n        {} as typeof headers,\n    );\n}\n\nexport async function handleChangePassword(req: Request, res: Response) {\n    try {\n        const ytAuthCluster = getAuthCluster(req.ctx.config);\n\n        const {newPassword, currentPassword} = JSON.parse(req.body) || {};\n        if (!newPassword || !currentPassword) {\n            throw new Error('New and current password must not be empty');\n        }\n\n        const new_password_sha256 = crypto.createHash('sha256').update(newPassword).digest('hex');\n        const current_password_sha256 = crypto\n            .createHash('sha256')\n            .update(currentPassword)\n            .digest('hex');\n\n        let cfg;\n        try {\n            cfg = getUserYTApiSetup(ytAuthCluster, req);\n        } catch (e: any) {\n            sendAndLogError(req.ctx, res, 400, e);\n            return;\n        }\n\n        const {setup} = cfg;\n        const {login, csrf_token} = await getXSRFToken(req, cfg);\n\n        yt.setup.createOption('requestHeaders', 'object', {\n            'X-Csrf-Token': csrf_token,\n        });\n\n        await yt.v4\n            .setUserPassword({\n                setup,\n                parameters: {user: login, new_password_sha256, current_password_sha256},\n            })\n            .then((result: unknown) => {\n                res.status(200).send({result});\n            })\n            .catch((err: any) => {\n                sendAndLogError(req.ctx, res, 500, err);\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n"],"mappings":";;;;;;;;;;;;AACA,IAAAA,MAAA,GAAAC,sBAAA,CAAAC,OAAA;AAEA,IAAAC,UAAA,GAAAD,OAAA;AACA,IAAAE,cAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAL,sBAAA,CAAAC,OAAA;AAGA,IAAAK,kBAAA,GAAAN,sBAAA,CAAAC,OAAA;AACA,IAAAM,eAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AAAoD,SAAAD,uBAAAS,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAHpD;;AAKA,IAAMG,EAAE,GAAG,IAAAC,0BAAK,EAAC,CAAC;AAElB,SAAsBC,WAAWA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAqChC,SAAAF,aAAA;EAAAA,YAAA,OAAAG,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CArCM,SAAAC,SAA2BC,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAAC,IAAA,EAAAC,QAAA,EAAAC,QAAA,EAAAC,qBAAA,EAAAC,YAAA,EAAAC,UAAA,EAAAC,SAAA;IAAA,OAAAZ,oBAAA,CAAAa,IAAA,UAAAC,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAC,IAAA,GAAAD,SAAA,CAAAE,IAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAE/CX,aAAa,GAAG,IAAAa,sBAAc,EAACf,GAAG,CAACgB,GAAG,CAACC,MAAM,CAAC;UAAAd,IAAA,GAEvBe,IAAI,CAACC,KAAK,CAACnB,GAAG,CAACoB,IAAI,CAAC,IAAI,CAAC,CAAC,EAAhDhB,QAAQ,GAAAD,IAAA,CAARC,QAAQ,EAAEC,QAAQ,GAAAF,IAAA,CAARE,QAAQ;UAAA,MACrB,CAACD,QAAQ,IAAI,CAACC,QAAQ;YAAAO,SAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,MAChB,IAAIO,KAAK,CAAC,yCAAyC,CAAC;QAAA;UAAAf,qBAAA,GAGvC,IAAAgB,mCAAoB,EAACpB,aAAa,CAAC,EAAnDK,YAAY,GAAAD,qBAAA,CAAZC,YAAY;UACbC,UAAU,MAAAe,MAAA,CAAMhB,YAAY;UAE5BE,SAAS,GAAGe,MAAM,CAACC,IAAI,IAAAF,MAAA,CAAInB,QAAQ,OAAAmB,MAAA,CAAIlB,QAAQ,CAAE,CAAC,CAACqB,QAAQ,CAAC,QAAQ,CAAC;UAAAd,SAAA,CAAAE,IAAA;UAAA,OAErEa,cAAK,CACNC,OAAO,CAAC;YACLC,GAAG,EAAErB,UAAU;YACfsB,MAAM,EAAE9B,GAAG,CAAC8B,MAAa;YACzBC,OAAO,MAAAC,sBAAA,MAAAA,sBAAA,MAAMhC,GAAG,CAACgB,GAAG,CAACiB,WAAW,CAAC,CAAC;cAAEC,aAAa,WAAAX,MAAA,CAAWd,SAAS;YAAE,EAAC;YACxE0B,OAAO,EAAE,KAAK;YACdC,YAAY,EAAE;UAClB,CAAC,CAAC,CACDC,IAAI;YAAA,IAAAC,KAAA,OAAA1C,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CAAC,SAAAyC,QAAOC,QAAQ;cAAA,IAAAC,SAAA;cAAA,OAAA5C,oBAAA,CAAAa,IAAA,UAAAgC,SAAAC,QAAA;gBAAA,kBAAAA,QAAA,CAAA9B,IAAA,GAAA8B,QAAA,CAAA7B,IAAA;kBAAA;oBAAA6B,QAAA,CAAA7B,IAAA;oBAAA,OACO,IAAA8B,wBAAiB,EACrC5C,GAAG,CAACgB,GAAG,EACPf,GAAG,EACHuC,QAAQ,EACRK,SAAS,EACT,UAACd,OAAO;sBAAA,OAAKe,gCAAgC,CAAC9C,GAAG,EAAE+B,OAAO,CAAC;oBAAA,CAC/D,CAAC;kBAAA;oBANKU,SAAS,GAAAE,QAAA,CAAAI,IAAA;oBAAA,IAOVN,SAAS;sBAAAE,QAAA,CAAA7B,IAAA;sBAAA;oBAAA;oBAAA,MACJ,IAAIO,KAAK,CAAC2B,qCAA8B,CAAC;kBAAA;kBAAA;oBAAA,OAAAL,QAAA,CAAAM,IAAA;gBAAA;cAAA,GAAAV,OAAA;YAAA,CAEtD;YAAA,iBAAAW,GAAA;cAAA,OAAAZ,KAAA,CAAA5C,KAAA,OAAAC,SAAA;YAAA;UAAA,IAAC;QAAA;UAAAiB,SAAA,CAAAE,IAAA;UAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAAAD,SAAA,CAAAuC,EAAA,GAAAvC,SAAA;UAEN,IAAAwC,sBAAe,EAACpD,GAAG,CAACgB,GAAG,EAAEf,GAAG,EAAE,GAAG,EAAAW,SAAA,CAAAuC,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAvC,SAAA,CAAAqC,IAAA;MAAA;IAAA,GAAAlD,QAAA;EAAA,CAE7C;EAAA,OAAAN,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,SAASmD,gCAAgCA,CACrC9C,GAAY,EACZ+B,OAA+C,EACjD;EACE,IAAOsB,mBAAmB,GAAIrD,GAAG,CAACgB,GAAG,CAACC,MAAM,CAArCoC,mBAAmB;EAC1B,IAAOC,MAAM,GAAItD,GAAG,CAAC+B,OAAO,CAArBuB,MAAM;EAEb,IAAI,CAACD,mBAAmB,IAAI,QAAQ,KAAK,OAAOC,MAAM,IAAI,CAACA,MAAM,CAACC,UAAU,CAAC,SAAS,CAAC,EAAE;IACrF,OAAOxB,OAAO;EAClB;EAEA,OAAO,IAAAyB,gBAAA,EACHzB,OAAO,EACP,UAAC0B,GAAG,EAAEC,CAAC,EAAEC,CAAC,EAAK;IACX,IAAIA,CAAC,KAAK,YAAY,EAAE;MACpBF,GAAG,CAACE,CAAC,CAAC,GAAGD,CAAC;IACd,CAAC,MAAM;MACH,IAAME,GAAG,GAAG,IAAAC,aAAA,EAAMH,CAAC,EAAmB,UAACI,IAAI,EAAK;QAC5C,IAAIA,IAAI,CAACP,UAAU,CAACQ,iCAAsB,CAAC,EAAE;UACzC,OAAOD,IAAI,CAACE,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;QACzC;QACA,OAAOF,IAAI;MACf,CAAC,CAAC;MACFL,GAAG,CAACE,CAAC,CAAC,GAAGC,GAAG;IAChB;IACA,OAAOH,GAAG;EACd,CAAC,EACD,CAAC,CACL,CAAC;AACL;AAEA,SAAsBQ,oBAAoBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,qBAAA,CAAA1E,KAAA,OAAAC,SAAA;AAAA;AA4CzC,SAAAyE,sBAAA;EAAAA,qBAAA,OAAAxE,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CA5CM,SAAAuE,SAAoCrE,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAAoE,KAAA,EAAAC,WAAA,EAAAC,eAAA,EAAAC,mBAAA,EAAAC,uBAAA,EAAAC,GAAA,EAAAC,IAAA,EAAAC,KAAA,EAAAC,mBAAA,EAAAC,KAAA,EAAAC,UAAA;IAAA,OAAAnF,oBAAA,CAAAa,IAAA,UAAAuE,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAArE,IAAA,GAAAqE,SAAA,CAAApE,IAAA;QAAA;UAAAoE,SAAA,CAAArE,IAAA;UAExDX,aAAa,GAAG,IAAAa,sBAAc,EAACf,GAAG,CAACgB,GAAG,CAACC,MAAM,CAAC;UAAAqD,KAAA,GAEbpD,IAAI,CAACC,KAAK,CAACnB,GAAG,CAACoB,IAAI,CAAC,IAAI,CAAC,CAAC,EAA1DmD,WAAW,GAAAD,KAAA,CAAXC,WAAW,EAAEC,eAAe,GAAAF,KAAA,CAAfE,eAAe;UAAA,MAC/B,CAACD,WAAW,IAAI,CAACC,eAAe;YAAAU,SAAA,CAAApE,IAAA;YAAA;UAAA;UAAA,MAC1B,IAAIO,KAAK,CAAC,4CAA4C,CAAC;QAAA;UAG3DoD,mBAAmB,GAAGU,eAAM,CAACC,UAAU,CAAC,QAAQ,CAAC,CAACC,MAAM,CAACd,WAAW,CAAC,CAACe,MAAM,CAAC,KAAK,CAAC;UACnFZ,uBAAuB,GAAGS,eAAM,CACjCC,UAAU,CAAC,QAAQ,CAAC,CACpBC,MAAM,CAACb,eAAe,CAAC,CACvBc,MAAM,CAAC,KAAK,CAAC;UAAAJ,SAAA,CAAArE,IAAA;UAId8D,GAAG,GAAG,IAAAY,gCAAiB,EAACrF,aAAa,EAAEF,GAAG,CAAC;UAACkF,SAAA,CAAApE,IAAA;UAAA;QAAA;UAAAoE,SAAA,CAAArE,IAAA;UAAAqE,SAAA,CAAA/B,EAAA,GAAA+B,SAAA;UAE5C,IAAA9B,sBAAe,EAACpD,GAAG,CAACgB,GAAG,EAAEf,GAAG,EAAE,GAAG,EAAAiF,SAAA,CAAA/B,EAAG,CAAC;UAAC,OAAA+B,SAAA,CAAAM,MAAA;QAAA;UAAAZ,IAAA,GAI1BD,GAAG,EAAZE,KAAK,GAAAD,IAAA,CAALC,KAAK;UAAAK,SAAA,CAAApE,IAAA;UAAA,OACsB,IAAA2E,4BAAY,EAACzF,GAAG,EAAE2E,GAAG,CAAC;QAAA;UAAAG,mBAAA,GAAAI,SAAA,CAAAnC,IAAA;UAAjDgC,KAAK,GAAAD,mBAAA,CAALC,KAAK;UAAEC,UAAU,GAAAF,mBAAA,CAAVE,UAAU;UAExB5F,EAAE,CAACyF,KAAK,CAACa,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE;YAC9C,cAAc,EAAEV;UACpB,CAAC,CAAC;UAACE,SAAA,CAAApE,IAAA;UAAA,OAEG1B,EAAE,CAACuG,EAAE,CACNC,eAAe,CAAC;YACbf,KAAK,EAALA,KAAK;YACLgB,UAAU,EAAE;cAACC,IAAI,EAAEf,KAAK;cAAEN,mBAAmB,EAAnBA,mBAAmB;cAAEC,uBAAuB,EAAvBA;YAAuB;UAC1E,CAAC,CAAC,CACDrC,IAAI,CAAC,UAAC0D,MAAe,EAAK;YACvB9F,GAAG,CAAC+F,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAAC;cAACF,MAAM,EAANA;YAAM,CAAC,CAAC;UAClC,CAAC,CAAC,SACI,CAAC,UAACG,GAAQ,EAAK;YACjB,IAAA9C,sBAAe,EAACpD,GAAG,CAACgB,GAAG,EAAEf,GAAG,EAAE,GAAG,EAAEiG,GAAG,CAAC;UAC3C,CAAC,CAAC;QAAA;UAAAhB,SAAA,CAAApE,IAAA;UAAA;QAAA;UAAAoE,SAAA,CAAArE,IAAA;UAAAqE,SAAA,CAAAiB,EAAA,GAAAjB,SAAA;UAEN,IAAA9B,sBAAe,EAACpD,GAAG,CAACgB,GAAG,EAAEf,GAAG,EAAE,GAAG,EAAAiF,SAAA,CAAAiB,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAjB,SAAA,CAAAjC,IAAA;MAAA;IAAA,GAAAoB,QAAA;EAAA,CAE7C;EAAA,OAAAD,qBAAA,CAAA1E,KAAA,OAAAC,SAAA;AAAA"}

package/build/cjs/server/controllers/logout.d.ts

@@ -0,0 +1,2 @@
+import type { Request, Response } from 'express';
+export declare function handleLogout(req: Request, res: Response): void;

package/build/cjs/server/controllers/logout.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleLogout = void 0;
+const oauth_1 = require("../components/oauth");
+const yt_auth_1 = require("../components/yt-auth");
+function handleLogout(req, res) {
+    if ((0, oauth_1.isOAuthAllowed)(req) && (0, oauth_1.isUserOAuthLogged)(req)) {
+        res.redirect((0, oauth_1.getOAuthLogoutPath)(req));
+    }
+    else if ((0, yt_auth_1.isYtAuthEnabled)(req.ctx.config)) {
+        (0, yt_auth_1.YTAuthLogout)(res);
+    }
+    res.redirect('/');
+}
+exports.handleLogout = handleLogout;

package/build/cjs/server/controllers/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_oauth","require","_ytAuth","handleLogout","req","res","isOAuthAllowed","isUserOAuthLogged","redirect","getOAuthLogoutPath","isYtAuthEnabled","ctx","config","YTAuthLogout"],"sources":["logout.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport {getOAuthLogoutPath, isOAuthAllowed, isUserOAuthLogged} from '../components/oauth';\nimport {YTAuthLogout, isYtAuthEnabled} from '../components/yt-auth';\n\nexport function handleLogout(req: Request, res: Response) {\n    if (isOAuthAllowed(req) && isUserOAuthLogged(req)) {\n        res.redirect(getOAuthLogoutPath(req));\n    } else if (isYtAuthEnabled(req.ctx.config)) {\n        YTAuthLogout(res);\n    }\n    res.redirect('/');\n}\n"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AAEO,SAASE,YAAYA,CAACC,GAAY,EAAEC,GAAa,EAAE;EACtD,IAAI,IAAAC,qBAAc,EAACF,GAAG,CAAC,IAAI,IAAAG,wBAAiB,EAACH,GAAG,CAAC,EAAE;IAC/CC,GAAG,CAACG,QAAQ,CAAC,IAAAC,yBAAkB,EAACL,GAAG,CAAC,CAAC;EACzC,CAAC,MAAM,IAAI,IAAAM,uBAAe,EAACN,GAAG,CAACO,GAAG,CAACC,MAAM,CAAC,EAAE;IACxC,IAAAC,oBAAY,EAACR,GAAG,CAAC;EACrB;EACAA,GAAG,CAACG,QAAQ,CAAC,GAAG,CAAC;AACrB"}

package/build/cjs/server/controllers/oauth-login.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response } from 'express';
+export declare function oauthLogin(req: Request, res: Response): void;
+export declare function oauthLogout(_: Request, res: Response): void;
+export declare function oauthCallback(req: Request, res: Response): Promise<void>;

package/build/cjs/server/controllers/oauth-login.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.oauthCallback = exports.oauthLogout = exports.oauthLogin = void 0;
+const oauth_1 = require("../components/oauth");
+function oauthLogin(req, res) {
+    res.redirect((0, oauth_1.getOAuthLoginPath)(req));
+}
+exports.oauthLogin = oauthLogin;
+function oauthLogout(_, res) {
+    (0, oauth_1.removeOAuthCookies)(res);
+    res.redirect('/');
+}
+exports.oauthLogout = oauthLogout;
+async function oauthCallback(req, res) {
+    const { code } = req.query;
+    if (!code) {
+        throw new Error('Authorization code is not specified');
+    }
+    try {
+        const tokens = await (0, oauth_1.exchangeOAuthToken)(req, code);
+        (0, oauth_1.saveOAuthTokensInCookies)(res, tokens);
+        res.redirect('/');
+    }
+    catch (e) {
+        req.ctx.logError('exchange token error', e);
+        const message = e instanceof Error ? e.message : 'Unknown error';
+        res.status(500).send(message);
+    }
+}
+exports.oauthCallback = oauthCallback;

package/build/cjs/server/controllers/oauth-login.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_oauth","require","_interopRequireDefault","obj","__esModule","default","oauthLogin","req","res","redirect","getOAuthLoginPath","oauthLogout","_","removeOAuthCookies","oauthCallback","_x","_x2","_oauthCallback","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee","code","tokens","message","wrap","_callee$","_context","prev","next","query","Error","exchangeOAuthToken","sent","saveOAuthTokensInCookies","t0","ctx","logError","status","send","stop"],"sources":["oauth-login.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport {\n    exchangeOAuthToken,\n    getOAuthLoginPath,\n    removeOAuthCookies,\n    saveOAuthTokensInCookies,\n} from '../components/oauth';\n\nexport function oauthLogin(req: Request, res: Response) {\n    res.redirect(getOAuthLoginPath(req));\n}\n\nexport function oauthLogout(_: Request, res: Response) {\n    removeOAuthCookies(res);\n    res.redirect('/');\n}\n\nexport async function oauthCallback(req: Request, res: Response) {\n    const {code} = req.query;\n    if (!code) {\n        throw new Error('Authorization code is not specified');\n    }\n\n    try {\n        const tokens = await exchangeOAuthToken(req, code as string);\n\n        saveOAuthTokensInCookies(res, tokens);\n\n        res.redirect('/');\n    } catch (e) {\n        req.ctx.logError('exchange token error', e);\n        const message = e instanceof Error ? e.message : 'Unknown error';\n        res.status(500).send(message);\n    }\n}\n"],"mappings":";;;;;;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AAK4B,SAAAC,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAErB,SAASG,UAAUA,CAACC,GAAY,EAAEC,GAAa,EAAE;EACpDA,GAAG,CAACC,QAAQ,CAAC,IAAAC,wBAAiB,EAACH,GAAG,CAAC,CAAC;AACxC;AAEO,SAASI,WAAWA,CAACC,CAAU,EAAEJ,GAAa,EAAE;EACnD,IAAAK,yBAAkB,EAACL,GAAG,CAAC;EACvBA,GAAG,CAACC,QAAQ,CAAC,GAAG,CAAC;AACrB;AAEA,SAAsBK,aAAaA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,cAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAiBlC,SAAAF,eAAA;EAAAA,cAAA,OAAAG,0BAAA,gBAAAC,oBAAA,CAAAC,IAAA,CAjBM,SAAAC,QAA6BhB,GAAY,EAAEC,GAAa;IAAA,IAAAgB,IAAA,EAAAC,MAAA,EAAAC,OAAA;IAAA,OAAAL,oBAAA,CAAAM,IAAA,UAAAC,SAAAC,QAAA;MAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAE,IAAA;QAAA;UACpDP,IAAI,GAAIjB,GAAG,CAACyB,KAAK,CAAjBR,IAAI;UAAA,IACNA,IAAI;YAAAK,QAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,MACC,IAAIE,KAAK,CAAC,qCAAqC,CAAC;QAAA;UAAAJ,QAAA,CAAAC,IAAA;UAAAD,QAAA,CAAAE,IAAA;UAAA,OAIjC,IAAAG,yBAAkB,EAAC3B,GAAG,EAAEiB,IAAc,CAAC;QAAA;UAAtDC,MAAM,GAAAI,QAAA,CAAAM,IAAA;UAEZ,IAAAC,+BAAwB,EAAC5B,GAAG,EAAEiB,MAAM,CAAC;UAErCjB,GAAG,CAACC,QAAQ,CAAC,GAAG,CAAC;UAACoB,QAAA,CAAAE,IAAA;UAAA;QAAA;UAAAF,QAAA,CAAAC,IAAA;UAAAD,QAAA,CAAAQ,EAAA,GAAAR,QAAA;UAElBtB,GAAG,CAAC+B,GAAG,CAACC,QAAQ,CAAC,sBAAsB,EAAAV,QAAA,CAAAQ,EAAG,CAAC;UACrCX,OAAO,GAAGG,QAAA,CAAAQ,EAAA,YAAaJ,KAAK,GAAGJ,QAAA,CAAAQ,EAAA,CAAEX,OAAO,GAAG,eAAe;UAChElB,GAAG,CAACgC,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAACf,OAAO,CAAC;QAAC;QAAA;UAAA,OAAAG,QAAA,CAAAa,IAAA;MAAA;IAAA,GAAAnB,OAAA;EAAA,CAErC;EAAA,OAAAN,cAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA"}

package/build/cjs/server/index.js

@@ -10,6 +10,9 @@ const expresskit_1 = require("@gravity-ui/expresskit");
 const configure_app_1 = require("./configure-app");
 const yt_auth_1 = require("./middlewares/yt-auth");
 const routes_1 = __importDefault(require("./routes"));
+const oauth_1 = require("./middlewares/oauth");
+const authorization_1 = require("./middlewares/authorization");
+const authorization_2 = require("./utils/authorization");
 const nodekit = new nodekit_1.NodeKit({ configsPath: path_1.default.resolve(__dirname, './configs') });
 const { appName, appEnv, appInstallation, appDevMode } = nodekit.config;
 nodekit.ctx.log('AppConfig details', {
@@ -23,7 +26,12 @@ if (ytAuthCluster) {
     if (appAuthHandler) {
         nodekit.ctx.fail(new Error('"appAuthHandler" option will be ignored cause "ytAuthCluster" option is provided.'));
     }
-    nodekit.config.appAuthHandler = (0, yt_auth_1.createYTAuthMiddleware)(ytAuthCluster);
+    nodekit.config.appBeforeAuthMiddleware = [
+        ...(nodekit.config.appBeforeAuthMiddleware || []),
+        (0, authorization_2.authorizationResolver)((0, oauth_1.createOAuthAuthorizationResolver)()),
+        (0, authorization_2.authorizationResolver)((0, yt_auth_1.createYTAuthorizationResolver)()),
+    ];
+    nodekit.config.appAuthHandler = (0, authorization_1.createAuthMiddleware)(ytAuthCluster);
 }
 (_b = (_a = nodekit.config).adjustAppConfig) === null || _b === void 0 ? void 0 : _b.call(_a, nodekit);
 const app = new expresskit_1.ExpressKit(nodekit, routes_1.default);

package/build/cjs/server/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["_path","_interopRequireDefault","require","_nodekit","_expresskit","_configureApp","_ytAuth","_routes","obj","__esModule","default","nodekit","NodeKit","configsPath","path","resolve","__dirname","_nodekit$config","config","appName","appEnv","appInstallation","appDevMode","ctx","log","_nodekit$config2","ytAuthCluster","appAuthHandler","fail","Error","createYTAuthMiddleware","_nodekit$config$adjus","_nodekit$config3","adjustAppConfig","call","app","ExpressKit","routes","configureApp","main","module","run","_default","exports"],"sources":["index.ts"],"sourcesContent":["import path from 'path';\nimport _reduce from 'lodash/reduce';\nimport {NodeKit} from '@gravity-ui/nodekit';\nimport {ExpressKit} from '@gravity-ui/expresskit';\n\nimport {configureApp} from './configure-app';\n\nimport {createYTAuthMiddleware} from './middlewares/yt-auth';\nimport routes from './routes';\n\nconst nodekit = new NodeKit({configsPath: path.resolve(__dirname, './configs')});\n\nconst {appName, appEnv, appInstallation, appDevMode} = nodekit.config;\nnodekit.ctx.log('AppConfig details', {\n    appName,\n    appEnv,\n    appInstallation,\n    appDevMode,\n});\n\nconst {ytAuthCluster, appAuthHandler} = nodekit.config;\n\nif (ytAuthCluster) {\n    if (appAuthHandler) {\n        nodekit.ctx.fail(\n            new Error(\n                '\"appAuthHandler\" option will be ignored cause \"ytAuthCluster\" option is provided.',\n            ),\n        );\n    }\n\n    nodekit.config.appAuthHandler = createYTAuthMiddleware(ytAuthCluster);\n}\n\nnodekit.config.adjustAppConfig?.(nodekit);\n\nconst app = new ExpressKit(nodekit, routes);\nconfigureApp(app);\n\nif (require.main === module) {\n    app.run();\n}\n\nexport default app;\n"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AAEA,IAAAC,QAAA,GAAAD,OAAA;AACA,IAAAE,WAAA,GAAAF,OAAA;AAEA,IAAAG,aAAA,GAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAN,sBAAA,CAAAC,OAAA;AAA6B,SAAAD,uBAAAO,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;;AAE7B,IAAMG,OAAO,GAAG,IAAIC,gBAAO,CAAC;EAACC,WAAW,EAAEC,aAAI,CAACC,OAAO,CAACC,SAAS,EAAE,WAAW;AAAC,CAAC,CAAC;AAEhF,IAAAC,eAAA,GAAuDN,OAAO,CAACO,MAAM;EAA9DC,OAAO,GAAAF,eAAA,CAAPE,OAAO;EAAEC,MAAM,GAAAH,eAAA,CAANG,MAAM;EAAEC,eAAe,GAAAJ,eAAA,CAAfI,eAAe;EAAEC,UAAU,GAAAL,eAAA,CAAVK,UAAU;AACnDX,OAAO,CAACY,GAAG,CAACC,GAAG,CAAC,mBAAmB,EAAE;EACjCL,OAAO,EAAPA,OAAO;EACPC,MAAM,EAANA,MAAM;EACNC,eAAe,EAAfA,eAAe;EACfC,UAAU,EAAVA;AACJ,CAAC,CAAC;AAEF,IAAAG,gBAAA,GAAwCd,OAAO,CAACO,MAAM;EAA/CQ,aAAa,GAAAD,gBAAA,CAAbC,aAAa;EAAEC,cAAc,GAAAF,gBAAA,CAAdE,cAAc;AAEpC,IAAID,aAAa,EAAE;EACf,IAAIC,cAAc,EAAE;IAChBhB,OAAO,CAACY,GAAG,CAACK,IAAI,CACZ,IAAIC,KAAK,CACL,mFACJ,CACJ,CAAC;EACL;EAEAlB,OAAO,CAACO,MAAM,CAACS,cAAc,GAAG,IAAAG,8BAAsB,EAACJ,aAAa,CAAC;AACzE;AAEA,CAAAK,qBAAA,IAAAC,gBAAA,GAAArB,OAAO,CAACO,MAAM,EAACe,eAAe,cAAAF,qBAAA,eAA9BA,qBAAA,CAAAG,IAAA,CAAAF,gBAAA,EAAiCrB,OAAO,CAAC;AAEzC,IAAMwB,GAAG,GAAG,IAAIC,sBAAU,CAACzB,OAAO,EAAE0B,eAAM,CAAC;AAC3C,IAAAC,0BAAY,EAACH,GAAG,CAAC;AAEjB,IAAIjC,OAAO,CAACqC,IAAI,KAAKC,MAAM,EAAE;EACzBL,GAAG,CAACM,GAAG,CAAC,CAAC;AACb;AAAA,IAAAC,QAAA,GAAAC,OAAA,CAAAjC,OAAA,GAEeyB,GAAG"}
+{"version":3,"names":["_path","_interopRequireDefault","require","_nodekit","_expresskit","_configureApp","_ytAuth","_routes","_oauth","_authorization","_authorization2","obj","__esModule","default","nodekit","NodeKit","configsPath","path","resolve","__dirname","_nodekit$config","config","appName","appEnv","appInstallation","appDevMode","ctx","log","_nodekit$config2","ytAuthCluster","appAuthHandler","fail","Error","appBeforeAuthMiddleware","concat","_toConsumableArray","authorizationResolver","createOAuthAuthorizationResolver","createYTAuthorizationResolver","createAuthMiddleware","_nodekit$config$adjus","_nodekit$config3","adjustAppConfig","call","app","ExpressKit","routes","configureApp","main","module","run","_default","exports"],"sources":["index.ts"],"sourcesContent":["import path from 'path';\nimport _reduce from 'lodash/reduce';\nimport {NodeKit} from '@gravity-ui/nodekit';\nimport {ExpressKit} from '@gravity-ui/expresskit';\n\nimport {configureApp} from './configure-app';\n\nimport {createYTAuthorizationResolver} from './middlewares/yt-auth';\nimport routes from './routes';\nimport {createOAuthAuthorizationResolver} from './middlewares/oauth';\nimport {createAuthMiddleware} from './middlewares/authorization';\nimport {authorizationResolver} from './utils/authorization';\n\nconst nodekit = new NodeKit({configsPath: path.resolve(__dirname, './configs')});\n\nconst {appName, appEnv, appInstallation, appDevMode} = nodekit.config;\nnodekit.ctx.log('AppConfig details', {\n    appName,\n    appEnv,\n    appInstallation,\n    appDevMode,\n});\n\nconst {ytAuthCluster, appAuthHandler} = nodekit.config;\n\nif (ytAuthCluster) {\n    if (appAuthHandler) {\n        nodekit.ctx.fail(\n            new Error(\n                '\"appAuthHandler\" option will be ignored cause \"ytAuthCluster\" option is provided.',\n            ),\n        );\n    }\n\n    nodekit.config.appBeforeAuthMiddleware = [\n        ...(nodekit.config.appBeforeAuthMiddleware || []),\n        authorizationResolver(createOAuthAuthorizationResolver()),\n        authorizationResolver(createYTAuthorizationResolver()),\n    ];\n    nodekit.config.appAuthHandler = createAuthMiddleware(ytAuthCluster);\n}\n\nnodekit.config.adjustAppConfig?.(nodekit);\n\nconst app = new ExpressKit(nodekit, routes);\nconfigureApp(app);\n\nif (require.main === module) {\n    app.run();\n}\n\nexport default app;\n"],"mappings":";;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AAEA,IAAAC,QAAA,GAAAD,OAAA;AACA,IAAAE,WAAA,GAAAF,OAAA;AAEA,IAAAG,aAAA,GAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAN,sBAAA,CAAAC,OAAA;AACA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,cAAA,GAAAP,OAAA;AACA,IAAAQ,eAAA,GAAAR,OAAA;AAA2D,SAAAD,uBAAAU,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;;AAE3D,IAAMG,OAAO,GAAG,IAAIC,gBAAO,CAAC;EAACC,WAAW,EAAEC,aAAI,CAACC,OAAO,CAACC,SAAS,EAAE,WAAW;AAAC,CAAC,CAAC;AAEhF,IAAAC,eAAA,GAAuDN,OAAO,CAACO,MAAM;EAA9DC,OAAO,GAAAF,eAAA,CAAPE,OAAO;EAAEC,MAAM,GAAAH,eAAA,CAANG,MAAM;EAAEC,eAAe,GAAAJ,eAAA,CAAfI,eAAe;EAAEC,UAAU,GAAAL,eAAA,CAAVK,UAAU;AACnDX,OAAO,CAACY,GAAG,CAACC,GAAG,CAAC,mBAAmB,EAAE;EACjCL,OAAO,EAAPA,OAAO;EACPC,MAAM,EAANA,MAAM;EACNC,eAAe,EAAfA,eAAe;EACfC,UAAU,EAAVA;AACJ,CAAC,CAAC;AAEF,IAAAG,gBAAA,GAAwCd,OAAO,CAACO,MAAM;EAA/CQ,aAAa,GAAAD,gBAAA,CAAbC,aAAa;EAAEC,cAAc,GAAAF,gBAAA,CAAdE,cAAc;AAEpC,IAAID,aAAa,EAAE;EACf,IAAIC,cAAc,EAAE;IAChBhB,OAAO,CAACY,GAAG,CAACK,IAAI,CACZ,IAAIC,KAAK,CACL,mFACJ,CACJ,CAAC;EACL;EAEAlB,OAAO,CAACO,MAAM,CAACY,uBAAuB,MAAAC,MAAA,KAAAC,2BAAA,EAC9BrB,OAAO,CAACO,MAAM,CAACY,uBAAuB,IAAI,EAAE,IAChD,IAAAG,qCAAqB,EAAC,IAAAC,uCAAgC,EAAC,CAAC,CAAC,EACzD,IAAAD,qCAAqB,EAAC,IAAAE,qCAA6B,EAAC,CAAC,CAAC,EACzD;EACDxB,OAAO,CAACO,MAAM,CAACS,cAAc,GAAG,IAAAS,mCAAoB,EAACV,aAAa,CAAC;AACvE;AAEA,CAAAW,qBAAA,IAAAC,gBAAA,GAAA3B,OAAO,CAACO,MAAM,EAACqB,eAAe,cAAAF,qBAAA,eAA9BA,qBAAA,CAAAG,IAAA,CAAAF,gBAAA,EAAiC3B,OAAO,CAAC;AAEzC,IAAM8B,GAAG,GAAG,IAAIC,sBAAU,CAAC/B,OAAO,EAAEgC,eAAM,CAAC;AAC3C,IAAAC,0BAAY,EAACH,GAAG,CAAC;AAEjB,IAAI1C,OAAO,CAAC8C,IAAI,KAAKC,MAAM,EAAE;EACzBL,GAAG,CAACM,GAAG,CAAC,CAAC;AACb;AAAA,IAAAC,QAAA,GAAAC,OAAA,CAAAvC,OAAA,GAEe+B,GAAG"}

package/build/cjs/server/middlewares/authorization.d.ts

@@ -0,0 +1,2 @@
+import { AppMiddleware } from '@gravity-ui/expresskit';
+export declare function createAuthMiddleware(ytAuthCluster: string): AppMiddleware;

package/build/cjs/server/middlewares/authorization.js

@@ -0,0 +1,42 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthMiddleware = void 0;
+const axios_1 = __importDefault(require("axios"));
+const authorization_1 = require("../utils/authorization");
+const requestsSetup_1 = require("../components/requestsSetup");
+const cluster_queries_1 = require("../components/cluster-queries");
+const utils_1 = require("../utils");
+class AuthError extends Error {
+    constructor() {
+        super('Authorization required');
+    }
+}
+function isAuthError(e) {
+    var _a;
+    return e instanceof AuthError || (axios_1.default.isAxiosError(e) && ((_a = e.response) === null || _a === void 0 ? void 0 : _a.status) === 401);
+}
+function createAuthMiddleware(ytAuthCluster) {
+    return async function authMiddleware(req, res, next) {
+        try {
+            if (!(0, authorization_1.isAuthorized)(req)) {
+                throw new AuthError();
+            }
+            const cfg = (0, requestsSetup_1.getUserYTApiSetup)(ytAuthCluster, req);
+            const { login } = await (0, cluster_queries_1.getXSRFToken)(req, cfg);
+            req.yt.login = login;
+        }
+        catch (e) {
+            const isAuthFailed = isAuthError(e);
+            const error = isAuthFailed ? undefined : e;
+            if (!req.routeInfo.ui && isAuthFailed) {
+                (0, utils_1.sendError)(res, error, 401);
+                return;
+            }
+        }
+        next();
+    };
+}
+exports.createAuthMiddleware = createAuthMiddleware;