@zshannon/streamstore 0.22.3 → 0.22.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/auth/biscuit.d.ts +7 -5
- package/dist/cjs/auth/biscuit.d.ts.map +1 -1
- package/dist/cjs/auth/biscuit.js +136 -39
- package/dist/cjs/auth/biscuit.js.map +1 -1
- package/dist/cjs/auth/index.d.ts +3 -3
- package/dist/cjs/auth/index.d.ts.map +1 -1
- package/dist/cjs/auth/index.js +4 -4
- package/dist/cjs/auth/index.js.map +1 -1
- package/dist/cjs/auth/pki-auth.d.ts +1 -1
- package/dist/cjs/auth/pki-auth.d.ts.map +1 -1
- package/dist/cjs/auth/pki-auth.js +23 -5
- package/dist/cjs/auth/pki-auth.js.map +1 -1
- package/dist/cjs/auth/proto/schema_pb.d.ts +1052 -0
- package/dist/cjs/auth/proto/schema_pb.d.ts.map +1 -0
- package/dist/cjs/auth/proto/schema_pb.js +413 -0
- package/dist/cjs/auth/proto/schema_pb.js.map +1 -0
- package/dist/cjs/auth/sign.d.ts.map +1 -1
- package/dist/cjs/auth/sign.js +6 -1
- package/dist/cjs/auth/sign.js.map +1 -1
- package/dist/cjs/basin.d.ts.map +1 -1
- package/dist/cjs/basin.js.map +1 -1
- package/dist/cjs/basins.d.ts.map +1 -1
- package/dist/cjs/basins.js +6 -2
- package/dist/cjs/basins.js.map +1 -1
- package/dist/cjs/error.d.ts.map +1 -1
- package/dist/cjs/error.js +9 -1
- package/dist/cjs/error.js.map +1 -1
- package/dist/cjs/generated/types.gen.d.ts +4 -9
- package/dist/cjs/generated/types.gen.d.ts.map +1 -1
- package/dist/cjs/index.d.ts +1 -1
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +4 -4
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/internal/mappers.d.ts +0 -1
- package/dist/cjs/internal/mappers.d.ts.map +1 -1
- package/dist/cjs/internal/mappers.js +0 -3
- package/dist/cjs/internal/mappers.js.map +1 -1
- package/dist/cjs/lib/event-stream.js +37 -11
- package/dist/cjs/lib/event-stream.js.map +1 -1
- package/dist/cjs/lib/paginate.d.ts +9 -0
- package/dist/cjs/lib/paginate.d.ts.map +1 -1
- package/dist/cjs/lib/paginate.js +20 -0
- package/dist/cjs/lib/paginate.js.map +1 -1
- package/dist/cjs/lib/retry.d.ts +1 -0
- package/dist/cjs/lib/retry.d.ts.map +1 -1
- package/dist/cjs/lib/retry.js +34 -32
- package/dist/cjs/lib/retry.js.map +1 -1
- package/dist/cjs/lib/stream/runtime.d.ts +1 -1
- package/dist/cjs/lib/stream/runtime.d.ts.map +1 -1
- package/dist/cjs/lib/stream/runtime.js +4 -1
- package/dist/cjs/lib/stream/runtime.js.map +1 -1
- package/dist/cjs/lib/stream/transport/fetch/index.d.ts.map +1 -1
- package/dist/cjs/lib/stream/transport/fetch/index.js +2 -18
- package/dist/cjs/lib/stream/transport/fetch/index.js.map +1 -1
- package/dist/cjs/lib/stream/transport/fetch/shared.js +6 -6
- package/dist/cjs/lib/stream/transport/fetch/shared.js.map +1 -1
- package/dist/cjs/lib/stream/transport/proto.d.ts +15 -1
- package/dist/cjs/lib/stream/transport/proto.d.ts.map +1 -1
- package/dist/cjs/lib/stream/transport/proto.js +33 -0
- package/dist/cjs/lib/stream/transport/proto.js.map +1 -1
- package/dist/cjs/lib/stream/transport/s2s/index.d.ts.map +1 -1
- package/dist/cjs/lib/stream/transport/s2s/index.js +5 -25
- package/dist/cjs/lib/stream/transport/s2s/index.js.map +1 -1
- package/dist/cjs/lib/stream/types.d.ts +1 -0
- package/dist/cjs/lib/stream/types.d.ts.map +1 -1
- package/dist/cjs/lib/stream/types.js.map +1 -1
- package/dist/cjs/s2.d.ts.map +1 -1
- package/dist/cjs/s2.js +5 -1
- package/dist/cjs/s2.js.map +1 -1
- package/dist/cjs/stream.d.ts.map +1 -1
- package/dist/cjs/stream.js +10 -1
- package/dist/cjs/stream.js.map +1 -1
- package/dist/cjs/streams.d.ts.map +1 -1
- package/dist/cjs/streams.js +6 -2
- package/dist/cjs/streams.js.map +1 -1
- package/dist/cjs/tests/helpers.d.ts +8 -0
- package/dist/cjs/tests/helpers.d.ts.map +1 -0
- package/dist/cjs/tests/helpers.js +42 -0
- package/dist/cjs/tests/helpers.js.map +1 -0
- package/dist/cjs/types.d.ts.map +1 -1
- package/dist/cjs/types.js +10 -0
- package/dist/cjs/types.js.map +1 -1
- package/dist/cjs/utils.d.ts +7 -0
- package/dist/cjs/utils.d.ts.map +1 -1
- package/dist/cjs/utils.js +22 -17
- package/dist/cjs/utils.js.map +1 -1
- package/dist/cjs/version.d.ts +1 -1
- package/dist/cjs/version.js +1 -1
- package/dist/esm/auth/biscuit.d.ts +7 -5
- package/dist/esm/auth/biscuit.d.ts.map +1 -1
- package/dist/esm/auth/biscuit.js +136 -39
- package/dist/esm/auth/biscuit.js.map +1 -1
- package/dist/esm/auth/index.d.ts +3 -3
- package/dist/esm/auth/index.d.ts.map +1 -1
- package/dist/esm/auth/index.js +3 -3
- package/dist/esm/auth/index.js.map +1 -1
- package/dist/esm/auth/pki-auth.d.ts +1 -1
- package/dist/esm/auth/pki-auth.d.ts.map +1 -1
- package/dist/esm/auth/pki-auth.js +24 -6
- package/dist/esm/auth/pki-auth.js.map +1 -1
- package/dist/esm/auth/proto/schema_pb.d.ts +1052 -0
- package/dist/esm/auth/proto/schema_pb.d.ts.map +1 -0
- package/dist/esm/auth/proto/schema_pb.js +410 -0
- package/dist/esm/auth/proto/schema_pb.js.map +1 -0
- package/dist/esm/auth/sign.d.ts.map +1 -1
- package/dist/esm/auth/sign.js +6 -1
- package/dist/esm/auth/sign.js.map +1 -1
- package/dist/esm/basin.d.ts.map +1 -1
- package/dist/esm/basin.js +2 -2
- package/dist/esm/basin.js.map +1 -1
- package/dist/esm/basins.d.ts.map +1 -1
- package/dist/esm/basins.js +7 -3
- package/dist/esm/basins.js.map +1 -1
- package/dist/esm/error.d.ts.map +1 -1
- package/dist/esm/error.js +9 -1
- package/dist/esm/error.js.map +1 -1
- package/dist/esm/generated/types.gen.d.ts +4 -9
- package/dist/esm/generated/types.gen.d.ts.map +1 -1
- package/dist/esm/index.d.ts +1 -1
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +1 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/internal/mappers.d.ts +0 -1
- package/dist/esm/internal/mappers.d.ts.map +1 -1
- package/dist/esm/internal/mappers.js +0 -3
- package/dist/esm/internal/mappers.js.map +1 -1
- package/dist/esm/lib/event-stream.js +37 -11
- package/dist/esm/lib/event-stream.js.map +1 -1
- package/dist/esm/lib/paginate.d.ts +9 -0
- package/dist/esm/lib/paginate.d.ts.map +1 -1
- package/dist/esm/lib/paginate.js +19 -0
- package/dist/esm/lib/paginate.js.map +1 -1
- package/dist/esm/lib/retry.d.ts +1 -0
- package/dist/esm/lib/retry.d.ts.map +1 -1
- package/dist/esm/lib/retry.js +35 -33
- package/dist/esm/lib/retry.js.map +1 -1
- package/dist/esm/lib/stream/runtime.d.ts +1 -1
- package/dist/esm/lib/stream/runtime.d.ts.map +1 -1
- package/dist/esm/lib/stream/runtime.js +4 -1
- package/dist/esm/lib/stream/runtime.js.map +1 -1
- package/dist/esm/lib/stream/transport/fetch/index.d.ts.map +1 -1
- package/dist/esm/lib/stream/transport/fetch/index.js +4 -20
- package/dist/esm/lib/stream/transport/fetch/index.js.map +1 -1
- package/dist/esm/lib/stream/transport/fetch/shared.js +6 -6
- package/dist/esm/lib/stream/transport/fetch/shared.js.map +1 -1
- package/dist/esm/lib/stream/transport/proto.d.ts +15 -1
- package/dist/esm/lib/stream/transport/proto.d.ts.map +1 -1
- package/dist/esm/lib/stream/transport/proto.js +32 -1
- package/dist/esm/lib/stream/transport/proto.js.map +1 -1
- package/dist/esm/lib/stream/transport/s2s/index.d.ts.map +1 -1
- package/dist/esm/lib/stream/transport/s2s/index.js +6 -26
- package/dist/esm/lib/stream/transport/s2s/index.js.map +1 -1
- package/dist/esm/lib/stream/types.d.ts +1 -0
- package/dist/esm/lib/stream/types.d.ts.map +1 -1
- package/dist/esm/lib/stream/types.js.map +1 -1
- package/dist/esm/s2.d.ts.map +1 -1
- package/dist/esm/s2.js +7 -3
- package/dist/esm/s2.js.map +1 -1
- package/dist/esm/stream.d.ts.map +1 -1
- package/dist/esm/stream.js +10 -1
- package/dist/esm/stream.js.map +1 -1
- package/dist/esm/streams.d.ts.map +1 -1
- package/dist/esm/streams.js +7 -3
- package/dist/esm/streams.js.map +1 -1
- package/dist/esm/tests/helpers.d.ts +8 -0
- package/dist/esm/tests/helpers.d.ts.map +1 -0
- package/dist/esm/tests/helpers.js +34 -0
- package/dist/esm/tests/helpers.js.map +1 -0
- package/dist/esm/types.d.ts.map +1 -1
- package/dist/esm/types.js +11 -1
- package/dist/esm/types.js.map +1 -1
- package/dist/esm/utils.d.ts +7 -0
- package/dist/esm/utils.d.ts.map +1 -1
- package/dist/esm/utils.js +21 -17
- package/dist/esm/utils.js.map +1 -1
- package/dist/esm/version.d.ts +1 -1
- package/dist/esm/version.js +1 -1
- package/package.json +7 -3
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Native TypeScript Biscuit token creation using @bufbuild/protobuf + @noble/curves.
|
|
3
|
+
* No WASM dependency.
|
|
4
|
+
*/
|
|
1
5
|
export type BiscuitTokenOptions = {
|
|
2
6
|
/** P256 private key as base58-encoded 32 bytes */
|
|
3
7
|
privateKey: string;
|
|
@@ -7,8 +11,8 @@ export type BiscuitTokenOptions = {
|
|
|
7
11
|
expiresIn?: number;
|
|
8
12
|
/** Operation groups to grant (default: all read+write) */
|
|
9
13
|
opGroups?: Array<{
|
|
10
|
-
level: string;
|
|
11
14
|
access: string;
|
|
15
|
+
level: string;
|
|
12
16
|
}>;
|
|
13
17
|
/** Basin scope (default: prefix "" = all basins) */
|
|
14
18
|
basinScope?: {
|
|
@@ -27,12 +31,10 @@ export type BiscuitTokenOptions = {
|
|
|
27
31
|
};
|
|
28
32
|
};
|
|
29
33
|
/**
|
|
30
|
-
* Creates
|
|
31
|
-
* This enables bootstrap mode where the admin can operate without a pre-existing token.
|
|
32
|
-
*
|
|
34
|
+
* Creates a Biscuit authority token signed with P-256.
|
|
33
35
|
* @returns Base64-encoded Biscuit token
|
|
34
36
|
*/
|
|
35
|
-
export declare function createBiscuitToken(options: BiscuitTokenOptions):
|
|
37
|
+
export declare function createBiscuitToken(options: BiscuitTokenOptions): string;
|
|
36
38
|
/**
|
|
37
39
|
* Derives the public key from a private key.
|
|
38
40
|
* @param privateKey Base58-encoded P256 private key (32 bytes)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"biscuit.d.ts","sourceRoot":"","sources":["../../../src/auth/biscuit.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"biscuit.d.ts","sourceRoot":"","sources":["../../../src/auth/biscuit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAgGH,MAAM,MAAM,mBAAmB,GAAG;IACjC,kDAAkD;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,0FAA0F;IAC1F,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpD,oDAAoD;IACpD,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAClE,sDAAsD;IACtD,WAAW,CAAC,EAAE;QAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE,2DAA2D;IAC3D,gBAAgB,CAAC,EAAE;QAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CACxE,CAAC;AAEF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM,CA+FvE;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE1D"}
|
package/dist/cjs/auth/biscuit.js
CHANGED
|
@@ -1,29 +1,76 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Native TypeScript Biscuit token creation using @bufbuild/protobuf + @noble/curves.
|
|
4
|
+
* No WASM dependency.
|
|
5
|
+
*/
|
|
2
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
7
|
exports.createBiscuitToken = createBiscuitToken;
|
|
4
8
|
exports.derivePublicKey = derivePublicKey;
|
|
9
|
+
const protobuf_1 = require("@bufbuild/protobuf");
|
|
10
|
+
const nist_js_1 = require("@noble/curves/nist.js");
|
|
5
11
|
const base_1 = require("@scure/base");
|
|
12
|
+
const schema_pb_js_1 = require("./proto/schema_pb.js");
|
|
6
13
|
const signing_key_js_1 = require("./signing-key.js");
|
|
7
|
-
//
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
14
|
+
// ─── Symbol table ───
|
|
15
|
+
const DEFAULT_SYMBOLS = [
|
|
16
|
+
"read", "write", "resource", "operation", "right", "time", "role", "owner",
|
|
17
|
+
"tenant", "namespace", "user", "team", "service", "admin", "email", "group",
|
|
18
|
+
"member", "ip_address", "client", "client_ip", "domain", "path", "version",
|
|
19
|
+
"cluster", "node", "hostname", "nonce", "query",
|
|
20
|
+
];
|
|
21
|
+
const CUSTOM_SYMBOL_START = 1024;
|
|
22
|
+
class SymbolTable {
|
|
23
|
+
#symbols = [...DEFAULT_SYMBOLS];
|
|
24
|
+
#nextCustom = CUSTOM_SYMBOL_START;
|
|
25
|
+
intern(name) {
|
|
26
|
+
const defaultIdx = DEFAULT_SYMBOLS.indexOf(name);
|
|
27
|
+
if (defaultIdx !== -1)
|
|
28
|
+
return defaultIdx;
|
|
29
|
+
for (let i = DEFAULT_SYMBOLS.length; i < this.#symbols.length; i++) {
|
|
30
|
+
if (this.#symbols[i] === name)
|
|
31
|
+
return CUSTOM_SYMBOL_START + (i - DEFAULT_SYMBOLS.length);
|
|
15
32
|
}
|
|
16
|
-
|
|
33
|
+
this.#symbols.push(name);
|
|
34
|
+
return this.#nextCustom++;
|
|
35
|
+
}
|
|
36
|
+
customSymbols() {
|
|
37
|
+
return this.#symbols.slice(DEFAULT_SYMBOLS.length);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
// ─── Signature payload (V1 tagged format) ───
|
|
41
|
+
const encoder = new TextEncoder();
|
|
42
|
+
function tagged(tag, data) {
|
|
43
|
+
const tagBytes = encoder.encode(`\0${tag}\0`);
|
|
44
|
+
const result = new Uint8Array(tagBytes.length + data.length);
|
|
45
|
+
result.set(tagBytes);
|
|
46
|
+
result.set(data, tagBytes.length);
|
|
47
|
+
return result;
|
|
48
|
+
}
|
|
49
|
+
function u32le(n) {
|
|
50
|
+
const buf = new Uint8Array(4);
|
|
51
|
+
new DataView(buf.buffer).setUint32(0, n, true);
|
|
52
|
+
return buf;
|
|
53
|
+
}
|
|
54
|
+
function concat(...arrays) {
|
|
55
|
+
let length = 0;
|
|
56
|
+
for (const arr of arrays)
|
|
57
|
+
length += arr.length;
|
|
58
|
+
const result = new Uint8Array(length);
|
|
59
|
+
let offset = 0;
|
|
60
|
+
for (const arr of arrays) {
|
|
61
|
+
result.set(arr, offset);
|
|
62
|
+
offset += arr.length;
|
|
17
63
|
}
|
|
18
|
-
return
|
|
64
|
+
return result;
|
|
65
|
+
}
|
|
66
|
+
function signaturePayloadV1(blockData, nextKeyAlgorithm, nextKeyBytes) {
|
|
67
|
+
return concat(tagged("BLOCK", tagged("VERSION", u32le(1))), tagged("PAYLOAD", blockData), tagged("ALGORITHM", u32le(nextKeyAlgorithm)), tagged("NEXTKEY", nextKeyBytes));
|
|
19
68
|
}
|
|
20
69
|
/**
|
|
21
|
-
* Creates
|
|
22
|
-
* This enables bootstrap mode where the admin can operate without a pre-existing token.
|
|
23
|
-
*
|
|
70
|
+
* Creates a Biscuit authority token signed with P-256.
|
|
24
71
|
* @returns Base64-encoded Biscuit token
|
|
25
72
|
*/
|
|
26
|
-
|
|
73
|
+
function createBiscuitToken(options) {
|
|
27
74
|
const { privateKey, publicKey: providedPublicKey, expiresIn = 3600, opGroups = [
|
|
28
75
|
{ level: "account", access: "read" },
|
|
29
76
|
{ level: "account", access: "write" },
|
|
@@ -32,34 +79,71 @@ async function createBiscuitToken(options) {
|
|
|
32
79
|
{ level: "stream", access: "read" },
|
|
33
80
|
{ level: "stream", access: "write" },
|
|
34
81
|
], basinScope = { type: "prefix", value: "" }, streamScope = { type: "prefix", value: "" }, accessTokenScope = { type: "prefix", value: "" }, } = options;
|
|
35
|
-
const biscuit = await getBiscuit();
|
|
36
|
-
// Use SigningKey for validation and key derivation
|
|
37
82
|
const signingKey = signing_key_js_1.SigningKey.fromBase58(privateKey);
|
|
38
|
-
const
|
|
83
|
+
const rootKeyBytes = signingKey.getPrivateKeyBytes();
|
|
39
84
|
const publicKeyBase58 = providedPublicKey ?? signingKey.publicKeyBase58();
|
|
40
|
-
// Create Biscuit private key (P256 = secp256r1)
|
|
41
|
-
const biscuitPrivateKey = biscuit.PrivateKey.fromBytes(privateKeyBytes, biscuit.SignatureAlgorithm.Secp256r1);
|
|
42
|
-
// Build the token
|
|
43
85
|
const expiresTs = Math.floor(Date.now() / 1000) + expiresIn;
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
86
|
+
// Build authority block
|
|
87
|
+
const symbols = new SymbolTable();
|
|
88
|
+
const facts = [
|
|
89
|
+
makeFact(symbols, "public_key", [{ type: "string", value: publicKeyBase58 }]),
|
|
90
|
+
makeFact(symbols, "expires", [{ type: "integer", value: expiresTs }]),
|
|
91
|
+
...opGroups.map(({ level, access }) => makeFact(symbols, "op_group", [{ type: "string", value: level }, { type: "string", value: access }])),
|
|
92
|
+
makeFact(symbols, "basin_scope", [{ type: "string", value: basinScope.type }, { type: "string", value: basinScope.value }]),
|
|
93
|
+
makeFact(symbols, "stream_scope", [{ type: "string", value: streamScope.type }, { type: "string", value: streamScope.value }]),
|
|
94
|
+
makeFact(symbols, "access_token_scope", [{ type: "string", value: accessTokenScope.type }, { type: "string", value: accessTokenScope.value }]),
|
|
95
|
+
];
|
|
96
|
+
// check if time($t), $t < expiresTs
|
|
97
|
+
const tVar = symbols.intern("t");
|
|
98
|
+
const checks = [(0, protobuf_1.create)(schema_pb_js_1.CheckSchema, {
|
|
99
|
+
kind: schema_pb_js_1.Check_Kind.One,
|
|
100
|
+
queries: [(0, protobuf_1.create)(schema_pb_js_1.RuleSchema, {
|
|
101
|
+
body: [(0, protobuf_1.create)(schema_pb_js_1.PredicateSchema, {
|
|
102
|
+
name: BigInt(symbols.intern("time")),
|
|
103
|
+
terms: [(0, protobuf_1.create)(schema_pb_js_1.TermSchema, { Content: { case: "variable", value: tVar } })],
|
|
104
|
+
})],
|
|
105
|
+
expressions: [(0, protobuf_1.create)(schema_pb_js_1.ExpressionSchema, {
|
|
106
|
+
ops: [
|
|
107
|
+
(0, protobuf_1.create)(schema_pb_js_1.OpSchema, { Content: { case: "value", value: (0, protobuf_1.create)(schema_pb_js_1.TermSchema, { Content: { case: "variable", value: tVar } }) } }),
|
|
108
|
+
(0, protobuf_1.create)(schema_pb_js_1.OpSchema, { Content: { case: "value", value: (0, protobuf_1.create)(schema_pb_js_1.TermSchema, { Content: { case: "integer", value: BigInt(expiresTs) } }) } }),
|
|
109
|
+
(0, protobuf_1.create)(schema_pb_js_1.OpSchema, { Content: { case: "Binary", value: { kind: schema_pb_js_1.OpBinary_Kind.LessThan, ffiName: 0n, $typeName: "biscuit.format.schema.OpBinary" } } }),
|
|
110
|
+
],
|
|
111
|
+
})],
|
|
112
|
+
head: (0, protobuf_1.create)(schema_pb_js_1.PredicateSchema, { name: BigInt(symbols.intern("query")), terms: [] }),
|
|
113
|
+
scope: [],
|
|
114
|
+
})],
|
|
115
|
+
})];
|
|
116
|
+
const blockData = (0, protobuf_1.toBinary)(schema_pb_js_1.BlockSchema, (0, protobuf_1.create)(schema_pb_js_1.BlockSchema, {
|
|
117
|
+
checks,
|
|
118
|
+
facts,
|
|
119
|
+
publicKeys: [],
|
|
120
|
+
rules: [],
|
|
121
|
+
scope: [],
|
|
122
|
+
symbols: symbols.customSymbols(),
|
|
123
|
+
version: 3,
|
|
124
|
+
}));
|
|
125
|
+
// Ephemeral next key
|
|
126
|
+
const nextPrivKey = nist_js_1.p256.utils.randomSecretKey();
|
|
127
|
+
const nextPubKey = nist_js_1.p256.getPublicKey(nextPrivKey, true);
|
|
128
|
+
// Sign
|
|
129
|
+
const payload = signaturePayloadV1(blockData, schema_pb_js_1.PublicKey_Algorithm.SECP256R1, nextPubKey);
|
|
130
|
+
const signature = nist_js_1.p256.sign(payload, rootKeyBytes, { format: "der", lowS: true });
|
|
131
|
+
// Assemble
|
|
132
|
+
const signedBlock = (0, protobuf_1.create)(schema_pb_js_1.SignedBlockSchema, {
|
|
133
|
+
block: blockData,
|
|
134
|
+
nextKey: (0, protobuf_1.create)(schema_pb_js_1.PublicKeySchema, { algorithm: schema_pb_js_1.PublicKey_Algorithm.SECP256R1, key: nextPubKey }),
|
|
135
|
+
signature,
|
|
136
|
+
version: 1,
|
|
137
|
+
});
|
|
138
|
+
const proof = (0, protobuf_1.create)(schema_pb_js_1.ProofSchema, {
|
|
139
|
+
Content: { case: "nextSecret", value: nextPrivKey },
|
|
140
|
+
});
|
|
141
|
+
const biscuit = (0, protobuf_1.create)(schema_pb_js_1.BiscuitSchema, {
|
|
142
|
+
authority: signedBlock,
|
|
143
|
+
blocks: [],
|
|
144
|
+
proof,
|
|
145
|
+
});
|
|
146
|
+
return base_1.base64.encode((0, protobuf_1.toBinary)(schema_pb_js_1.BiscuitSchema, biscuit));
|
|
63
147
|
}
|
|
64
148
|
/**
|
|
65
149
|
* Derives the public key from a private key.
|
|
@@ -69,4 +153,17 @@ async function createBiscuitToken(options) {
|
|
|
69
153
|
function derivePublicKey(privateKey) {
|
|
70
154
|
return signing_key_js_1.SigningKey.fromBase58(privateKey).publicKeyBase58();
|
|
71
155
|
}
|
|
156
|
+
function makeFact(symbols, name, terms) {
|
|
157
|
+
return (0, protobuf_1.create)(schema_pb_js_1.FactSchema, {
|
|
158
|
+
predicate: (0, protobuf_1.create)(schema_pb_js_1.PredicateSchema, {
|
|
159
|
+
name: BigInt(symbols.intern(name)),
|
|
160
|
+
terms: terms.map((t) => {
|
|
161
|
+
if (t.type === "string") {
|
|
162
|
+
return (0, protobuf_1.create)(schema_pb_js_1.TermSchema, { Content: { case: "string", value: BigInt(symbols.intern(t.value)) } });
|
|
163
|
+
}
|
|
164
|
+
return (0, protobuf_1.create)(schema_pb_js_1.TermSchema, { Content: { case: "integer", value: BigInt(t.value) } });
|
|
165
|
+
}),
|
|
166
|
+
}),
|
|
167
|
+
});
|
|
168
|
+
}
|
|
72
169
|
//# sourceMappingURL=biscuit.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"biscuit.js","sourceRoot":"","sources":["../../../src/auth/biscuit.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"biscuit.js","sourceRoot":"","sources":["../../../src/auth/biscuit.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAqHH,gDA+FC;AAOD,0CAEC;AA3ND,iDAAsD;AACtD,mDAA6C;AAC7C,sCAAqC;AACrC,uDAgB8B;AAC9B,qDAA8C;AAE9C,uBAAuB;AAEvB,MAAM,eAAe,GAAG;IACvB,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO;IAC1E,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC3E,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS;IAC1E,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO;CAC/C,CAAC;AAEF,MAAM,mBAAmB,GAAG,IAAI,CAAC;AAEjC,MAAM,WAAW;IAChB,QAAQ,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC;IAChC,WAAW,GAAG,mBAAmB,CAAC;IAElC,MAAM,CAAC,IAAY;QAClB,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,UAAU,KAAK,CAAC,CAAC;YAAE,OAAO,UAAU,CAAC;QACzC,KAAK,IAAI,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACpE,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI;gBAAE,OAAO,mBAAmB,GAAG,CAAC,CAAC,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;IAC3B,CAAC;IAED,aAAa;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;CACD;AAED,+CAA+C;AAE/C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,SAAS,MAAM,CAAC,GAAW,EAAE,IAAgB;IAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrB,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,MAAM,CAAC;AACf,CAAC;AAED,SAAS,KAAK,CAAC,CAAS;IACvB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC/C,OAAO,GAAG,CAAC;AACZ,CAAC;AAED,SAAS,MAAM,CAAC,GAAG,MAAoB;IACtC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,GAAG,IAAI,MAAM;QAAE,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;QAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAAC,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC;IAAC,CAAC;IAC5E,OAAO,MAAM,CAAC;AACf,CAAC;AAED,SAAS,kBAAkB,CAC1B,SAAqB,EACrB,gBAAwB,EACxB,YAAwB;IAExB,OAAO,MAAM,CACZ,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAC5C,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,EAC5B,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC,EAC5C,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAC/B,CAAC;AACH,CAAC;AAqBD;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,OAA4B;IAC9D,MAAM,EACL,UAAU,EACV,SAAS,EAAE,iBAAiB,EAC5B,SAAS,GAAG,IAAI,EAChB,QAAQ,GAAG;QACV,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE;QACpC,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE;QACrC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE;QAClC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE;QACnC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE;QACnC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;KACpC,EACD,UAAU,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,EAC1C,WAAW,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,EAC3C,gBAAgB,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,GAChD,GAAG,OAAO,CAAC;IAEZ,MAAM,UAAU,GAAG,2BAAU,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,UAAU,CAAC,kBAAkB,EAAE,CAAC;IACrD,MAAM,eAAe,GAAG,iBAAiB,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;IAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,SAAS,CAAC;IAE5D,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAElC,MAAM,KAAK,GAAG;QACb,QAAQ,CAAC,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QAC7E,QAAQ,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QACrE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CACrC,QAAQ,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CACpG;QACD,QAAQ,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;QAC3H,QAAQ,CAAC,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9H,QAAQ,CAAC,OAAO,EAAE,oBAAoB,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,EAAE,CAAC,CAAC;KAC9I,CAAC;IAEF,oCAAoC;IACpC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,CAAC,IAAA,iBAAM,EAAC,0BAAW,EAAE;YACnC,IAAI,EAAE,yBAAU,CAAC,GAAG;YACpB,OAAO,EAAE,CAAC,IAAA,iBAAM,EAAC,yBAAU,EAAE;oBAC5B,IAAI,EAAE,CAAC,IAAA,iBAAM,EAAC,8BAAe,EAAE;4BAC9B,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;4BACpC,KAAK,EAAE,CAAC,IAAA,iBAAM,EAAC,yBAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;yBAC3E,CAAC,CAAC;oBACH,WAAW,EAAE,CAAC,IAAA,iBAAM,EAAC,+BAAgB,EAAE;4BACtC,GAAG,EAAE;gCACJ,IAAA,iBAAM,EAAC,uBAAQ,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAA,iBAAM,EAAC,yBAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;gCAC3H,IAAA,iBAAM,EAAC,uBAAQ,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAA,iBAAM,EAAC,yBAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;gCACvI,IAAA,iBAAM,EAAC,uBAAQ,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,4BAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,gCAAgC,EAAE,EAAE,EAAE,CAAC;6BACpJ;yBACD,CAAC,CAAC;oBACH,IAAI,EAAE,IAAA,iBAAM,EAAC,8BAAe,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;oBACnF,KAAK,EAAE,EAAE;iBACT,CAAC,CAAC;SACH,CAAC,CAAC,CAAC;IAEJ,MAAM,SAAS,GAAG,IAAA,mBAAQ,EAAC,0BAAW,EAAE,IAAA,iBAAM,EAAC,0BAAW,EAAE;QAC3D,MAAM;QACN,KAAK;QACL,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,KAAK,EAAE,EAAE;QACT,OAAO,EAAE,OAAO,CAAC,aAAa,EAAE;QAChC,OAAO,EAAE,CAAC;KACV,CAAC,CAAC,CAAC;IAEJ,qBAAqB;IACrB,MAAM,WAAW,GAAG,cAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,cAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAExD,OAAO;IACP,MAAM,OAAO,GAAG,kBAAkB,CAAC,SAAS,EAAE,kCAAmB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACzF,MAAM,SAAS,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAElF,WAAW;IACX,MAAM,WAAW,GAAG,IAAA,iBAAM,EAAC,gCAAiB,EAAE;QAC7C,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,IAAA,iBAAM,EAAC,8BAAe,EAAE,EAAE,SAAS,EAAE,kCAAmB,CAAC,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;QAC/F,SAAS;QACT,OAAO,EAAE,CAAC;KACV,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,IAAA,iBAAM,EAAC,0BAAW,EAAE;QACjC,OAAO,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE;KACnD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAA,iBAAM,EAAC,4BAAa,EAAE;QACrC,SAAS,EAAE,WAAW;QACtB,MAAM,EAAE,EAAE;QACV,KAAK;KACL,CAAC,CAAC;IAEH,OAAO,aAAM,CAAC,MAAM,CAAC,IAAA,mBAAQ,EAAC,4BAAa,EAAE,OAAO,CAAC,CAAC,CAAC;AACxD,CAAC;AAED;;;;GAIG;AACH,SAAgB,eAAe,CAAC,UAAkB;IACjD,OAAO,2BAAU,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,eAAe,EAAE,CAAC;AAC5D,CAAC;AAQD,SAAS,QAAQ,CAAC,OAAoB,EAAE,IAAY,EAAE,KAAkB;IACvE,OAAO,IAAA,iBAAM,EAAC,yBAAU,EAAE;QACzB,SAAS,EAAE,IAAA,iBAAM,EAAC,8BAAe,EAAE;YAClC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACtB,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACzB,OAAO,IAAA,iBAAM,EAAC,yBAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACpG,CAAC;gBACD,OAAO,IAAA,iBAAM,EAAC,yBAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACrF,CAAC,CAAC;SACF,CAAC;KACF,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/cjs/auth/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export { createBiscuitToken, derivePublicKey,
|
|
2
|
-
export {
|
|
3
|
-
export {
|
|
1
|
+
export { type BiscuitTokenOptions, createBiscuitToken, derivePublicKey, } from "./biscuit.js";
|
|
2
|
+
export { createPkiAuth, type PkiAuthConfig, type PkiAuthContext, } from "./pki-auth.js";
|
|
3
|
+
export { type SignHeadersOptions, type SignRequestOptions, signHeaders, signRequest, } from "./sign.js";
|
|
4
4
|
export { SigningKey } from "./signing-key.js";
|
|
5
5
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,KAAK,mBAAmB,EACxB,kBAAkB,EAClB,eAAe,GACf,MAAM,cAAc,CAAC;AACtB,OAAO,EACN,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,cAAc,GACnB,MAAM,eAAe,CAAC;AACvB,OAAO,EACN,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,WAAW,EACX,WAAW,GACX,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}
|
package/dist/cjs/auth/index.js
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SigningKey = exports.
|
|
3
|
+
exports.SigningKey = exports.signRequest = exports.signHeaders = exports.createPkiAuth = exports.derivePublicKey = exports.createBiscuitToken = void 0;
|
|
4
4
|
var biscuit_js_1 = require("./biscuit.js");
|
|
5
5
|
Object.defineProperty(exports, "createBiscuitToken", { enumerable: true, get: function () { return biscuit_js_1.createBiscuitToken; } });
|
|
6
6
|
Object.defineProperty(exports, "derivePublicKey", { enumerable: true, get: function () { return biscuit_js_1.derivePublicKey; } });
|
|
7
|
-
var sign_js_1 = require("./sign.js");
|
|
8
|
-
Object.defineProperty(exports, "signRequest", { enumerable: true, get: function () { return sign_js_1.signRequest; } });
|
|
9
|
-
Object.defineProperty(exports, "signHeaders", { enumerable: true, get: function () { return sign_js_1.signHeaders; } });
|
|
10
7
|
var pki_auth_js_1 = require("./pki-auth.js");
|
|
11
8
|
Object.defineProperty(exports, "createPkiAuth", { enumerable: true, get: function () { return pki_auth_js_1.createPkiAuth; } });
|
|
9
|
+
var sign_js_1 = require("./sign.js");
|
|
10
|
+
Object.defineProperty(exports, "signHeaders", { enumerable: true, get: function () { return sign_js_1.signHeaders; } });
|
|
11
|
+
Object.defineProperty(exports, "signRequest", { enumerable: true, get: function () { return sign_js_1.signRequest; } });
|
|
12
12
|
var signing_key_js_1 = require("./signing-key.js");
|
|
13
13
|
Object.defineProperty(exports, "SigningKey", { enumerable: true, get: function () { return signing_key_js_1.SigningKey; } });
|
|
14
14
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;AAAA,2CAIsB;AAFrB,gHAAA,kBAAkB,OAAA;AAClB,6GAAA,eAAe,OAAA;AAEhB,6CAIuB;AAHtB,4GAAA,aAAa,OAAA;AAId,qCAKmB;AAFlB,sGAAA,WAAW,OAAA;AACX,sGAAA,WAAW,OAAA;AAEZ,mDAA8C;AAArC,4GAAA,UAAU,OAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pki-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"pki-auth.d.ts","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C;;;;;;;;;;GAUG;AACH,MAAM,MAAM,aAAa,GAAG;IAC3B,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6DAA6D;IAC7D,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,OAAO,CAAC;AAE3C,MAAM,MAAM,cAAc,GAAG;IAC5B,oBAAoB;IACpB,IAAI,EAAE,WAAW,CAAC;IAClB,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,2DAA2D;IAC3D,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,yDAAyD;IACzD,WAAW,EAAE,CACZ,OAAO,EAAE,IAAI,CAAC,kBAAkB,EAAE,YAAY,GAAG,WAAW,CAAC,KACzD,OAAO,CAAC,IAAI,CAAC,CAAC;IACnB,wEAAwE;IACxE,UAAU,EAAE,UAAU,CAAC;CACvB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,cAAc,CAoBnE"}
|
|
@@ -43,7 +43,9 @@ function createTokenAuth(token, signingKey, signatureExpiresIn) {
|
|
|
43
43
|
return /^\/v\d+\/access-tokens(\/[^\/]+)?$/.test(path);
|
|
44
44
|
}
|
|
45
45
|
function extractPath(urlOrRequest) {
|
|
46
|
-
const url = typeof urlOrRequest === "string"
|
|
46
|
+
const url = typeof urlOrRequest === "string"
|
|
47
|
+
? new URL(urlOrRequest)
|
|
48
|
+
: new URL(urlOrRequest.url);
|
|
47
49
|
return url.pathname;
|
|
48
50
|
}
|
|
49
51
|
return {
|
|
@@ -58,14 +60,22 @@ function createTokenAuth(token, signingKey, signatureExpiresIn) {
|
|
|
58
60
|
if (isAccessTokenEndpoint(path)) {
|
|
59
61
|
throw new Error("Token mode cannot be used for access token endpoints. Use root key mode instead.");
|
|
60
62
|
}
|
|
61
|
-
return (0, sign_js_1.signRequest)({
|
|
63
|
+
return (0, sign_js_1.signRequest)({
|
|
64
|
+
request,
|
|
65
|
+
signingKey,
|
|
66
|
+
expiresIn: signatureExpiresIn,
|
|
67
|
+
});
|
|
62
68
|
},
|
|
63
69
|
async signHeaders(options) {
|
|
64
70
|
const path = extractPath(options.url);
|
|
65
71
|
if (isAccessTokenEndpoint(path)) {
|
|
66
72
|
throw new Error("Token mode cannot be used for access token endpoints. Use root key mode instead.");
|
|
67
73
|
}
|
|
68
|
-
return (0, sign_js_1.signHeaders)({
|
|
74
|
+
return (0, sign_js_1.signHeaders)({
|
|
75
|
+
...options,
|
|
76
|
+
signingKey,
|
|
77
|
+
expiresIn: signatureExpiresIn,
|
|
78
|
+
});
|
|
69
79
|
},
|
|
70
80
|
};
|
|
71
81
|
}
|
|
@@ -92,10 +102,18 @@ function createRootKeyAuth(rootKey, tokenExpiresIn, signatureExpiresIn) {
|
|
|
92
102
|
signingKey: clientKey,
|
|
93
103
|
getToken,
|
|
94
104
|
async signRequest(request) {
|
|
95
|
-
return (0, sign_js_1.signRequest)({
|
|
105
|
+
return (0, sign_js_1.signRequest)({
|
|
106
|
+
request,
|
|
107
|
+
signingKey: clientKey,
|
|
108
|
+
expiresIn: signatureExpiresIn,
|
|
109
|
+
});
|
|
96
110
|
},
|
|
97
111
|
async signHeaders(options) {
|
|
98
|
-
return (0, sign_js_1.signHeaders)({
|
|
112
|
+
return (0, sign_js_1.signHeaders)({
|
|
113
|
+
...options,
|
|
114
|
+
signingKey: clientKey,
|
|
115
|
+
expiresIn: signatureExpiresIn,
|
|
116
|
+
});
|
|
99
117
|
},
|
|
100
118
|
};
|
|
101
119
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pki-auth.js","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"pki-auth.js","sourceRoot":"","sources":["../../../src/auth/pki-auth.ts"],"names":[],"mappings":";;AAkEA,sCAoBC;AAtFD,6CAAkD;AAElD,uCAAqD;AACrD,qDAA8C;AAgD9C;;;;;;;;;;;;;;GAcG;AACH,SAAgB,aAAa,CAAC,MAAqB;IAClD,MAAM,EAAE,kBAAkB,GAAG,GAAG,EAAE,GAAG,MAAM,CAAC;IAE5C,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACvC,OAAO,eAAe,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;IAC7E,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO,iBAAiB,CACvB,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,cAAc,IAAI,IAAI,EAC7B,kBAAkB,CAClB,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;SAAM,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACd,2DAA2D,CAC3D,CAAC;IACH,CAAC;AACF,CAAC;AAED,SAAS,eAAe,CACvB,KAAa,EACb,UAAsB,EACtB,kBAA0B;IAE1B,MAAM,SAAS,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC;IAE/C,SAAS,qBAAqB,CAAC,IAAY;QAC1C,OAAO,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,SAAS,WAAW,CAAC,YAA8B;QAClD,MAAM,GAAG,GACR,OAAO,YAAY,KAAK,QAAQ;YAC/B,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC;YACvB,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC9B,OAAO,GAAG,CAAC,QAAQ,CAAC;IACrB,CAAC;IAED,OAAO;QACN,IAAI,EAAE,OAAO;QACb,SAAS;QACT,UAAU;QAEV,KAAK,CAAC,QAAQ;YACb,OAAO,KAAK,CAAC;QACd,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAAgB;YACjC,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CACd,kFAAkF,CAClF,CAAC;YACH,CAAC;YACD,OAAO,IAAA,qBAAW,EAAC;gBAClB,OAAO;gBACP,UAAU;gBACV,SAAS,EAAE,kBAAkB;aAC7B,CAAC,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,WAAW,CAChB,OAA6D;YAE7D,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACtC,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CACd,kFAAkF,CAClF,CAAC;YACH,CAAC;YACD,OAAO,IAAA,qBAAW,EAAC;gBAClB,GAAG,OAAO;gBACV,UAAU;gBACV,SAAS,EAAE,kBAAkB;aAC7B,CAAC,CAAC;QACJ,CAAC;KACD,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CACzB,OAAe,EACf,cAAsB,EACtB,kBAA0B;IAE1B,MAAM,SAAS,GAAG,2BAAU,CAAC,QAAQ,EAAE,CAAC;IACxC,MAAM,eAAe,GAAG,SAAS,CAAC,eAAe,EAAE,CAAC;IAEpD,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,WAAW,GAAW,CAAC,CAAC;IAE5B,KAAK,UAAU,QAAQ;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,IAAI,GAAG,IAAI,WAAW,GAAG,KAAK,EAAE,CAAC;YAChD,WAAW,GAAG,MAAM,IAAA,+BAAkB,EAAC;gBACtC,UAAU,EAAE,OAAO;gBACnB,SAAS,EAAE,eAAe;gBAC1B,SAAS,EAAE,cAAc;aACzB,CAAC,CAAC;YACH,WAAW,GAAG,GAAG,GAAG,cAAc,GAAG,IAAI,CAAC;QAC3C,CAAC;QACD,OAAO,WAAW,CAAC;IACpB,CAAC;IAED,OAAO;QACN,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,eAAe;QAC1B,UAAU,EAAE,SAAS;QACrB,QAAQ;QAER,KAAK,CAAC,WAAW,CAAC,OAAgB;YACjC,OAAO,IAAA,qBAAW,EAAC;gBAClB,OAAO;gBACP,UAAU,EAAE,SAAS;gBACrB,SAAS,EAAE,kBAAkB;aAC7B,CAAC,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,WAAW,CAChB,OAA6D;YAE7D,OAAO,IAAA,qBAAW,EAAC;gBAClB,GAAG,OAAO;gBACV,UAAU,EAAE,SAAS;gBACrB,SAAS,EAAE,kBAAkB;aAC7B,CAAC,CAAC;QACJ,CAAC;KACD,CAAC;AACH,CAAC"}
|