@zuplo/cli 6.70.41 → 6.70.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/@protobufjs/eventemitter/CHANGELOG.md +8 -0
- package/node_modules/@protobufjs/eventemitter/index.d.ts +10 -8
- package/node_modules/@protobufjs/eventemitter/index.js +17 -7
- package/node_modules/@protobufjs/eventemitter/package.json +2 -2
- package/node_modules/@protobufjs/eventemitter/tests/index.js +39 -3
- package/node_modules/@zuplo/core/package.json +1 -1
- package/node_modules/@zuplo/graphql/package.json +1 -1
- package/node_modules/@zuplo/openapi-tools/package.json +1 -1
- package/node_modules/@zuplo/otel/package.json +1 -1
- package/node_modules/@zuplo/runtime/out/esm/browser-login-idp-SQ4CJMPN.js +26 -0
- package/node_modules/@zuplo/runtime/out/esm/browser-login-idp-SQ4CJMPN.js.map +1 -0
- package/node_modules/@zuplo/runtime/out/esm/{chunk-A6TMPOZH.js → chunk-J7JE2DD5.js} +52 -52
- package/node_modules/@zuplo/runtime/out/esm/chunk-J7JE2DD5.js.map +1 -0
- package/node_modules/@zuplo/runtime/out/esm/chunk-LU6CEICL.js +30 -0
- package/node_modules/@zuplo/runtime/out/esm/chunk-LU6CEICL.js.map +1 -0
- package/node_modules/@zuplo/runtime/out/esm/index.js +1 -1
- package/node_modules/@zuplo/runtime/out/esm/mcp-gateway/index.js +23 -3
- package/node_modules/@zuplo/runtime/out/esm/mcp-gateway/index.js.map +1 -1
- package/node_modules/@zuplo/runtime/out/types/mcp-gateway/index.d.ts +164 -12
- package/node_modules/@zuplo/runtime/package.json +1 -1
- package/node_modules/es-object-atoms/CHANGELOG.md +21 -14
- package/node_modules/es-object-atoms/isObject.d.ts +1 -1
- package/node_modules/es-object-atoms/package.json +6 -7
- package/node_modules/es-object-atoms/tsconfig.json +1 -0
- package/node_modules/hono/dist/adapter/deno/websocket.js +5 -1
- package/node_modules/hono/dist/cjs/adapter/deno/websocket.js +5 -1
- package/node_modules/hono/dist/cjs/middleware/compress/index.js +21 -1
- package/node_modules/hono/dist/cjs/utils/compress.js +1 -1
- package/node_modules/hono/dist/cjs/utils/mime.js +15 -17
- package/node_modules/hono/dist/middleware/compress/index.js +21 -1
- package/node_modules/hono/dist/tsconfig.build.tsbuildinfo +1 -1
- package/node_modules/hono/dist/types/middleware/compress/index.d.ts +2 -1
- package/node_modules/hono/dist/types/utils/mime.d.ts +11 -11
- package/node_modules/hono/dist/utils/compress.js +1 -1
- package/node_modules/hono/dist/utils/mime.js +15 -17
- package/node_modules/hono/package.json +3 -3
- package/node_modules/protobufjs/dist/light/protobuf.js +127 -69
- package/node_modules/protobufjs/dist/light/protobuf.js.map +1 -1
- package/node_modules/protobufjs/dist/light/protobuf.min.js +3 -3
- package/node_modules/protobufjs/dist/light/protobuf.min.js.map +1 -1
- package/node_modules/protobufjs/dist/minimal/protobuf.js +62 -25
- package/node_modules/protobufjs/dist/minimal/protobuf.js.map +1 -1
- package/node_modules/protobufjs/dist/minimal/protobuf.min.js +3 -3
- package/node_modules/protobufjs/dist/minimal/protobuf.min.js.map +1 -1
- package/node_modules/protobufjs/dist/protobuf.js +148 -76
- package/node_modules/protobufjs/dist/protobuf.js.map +1 -1
- package/node_modules/protobufjs/dist/protobuf.min.js +3 -3
- package/node_modules/protobufjs/dist/protobuf.min.js.map +1 -1
- package/node_modules/protobufjs/ext/descriptor/index.js +7 -2
- package/node_modules/protobufjs/index.d.ts +12 -3
- package/node_modules/protobufjs/package.json +2 -2
- package/node_modules/protobufjs/src/converter.js +8 -5
- package/node_modules/protobufjs/src/encoder.js +8 -5
- package/node_modules/protobufjs/src/enum.js +2 -2
- package/node_modules/protobufjs/src/field.js +1 -1
- package/node_modules/protobufjs/src/namespace.js +2 -0
- package/node_modules/protobufjs/src/object.js +6 -6
- package/node_modules/protobufjs/src/parse.js +19 -5
- package/node_modules/protobufjs/src/root.js +14 -8
- package/node_modules/protobufjs/src/type.js +8 -5
- package/node_modules/protobufjs/src/util/minimal.js +32 -7
- package/node_modules/protobufjs/src/util/patterns.js +0 -1
- package/node_modules/protobufjs/src/util.js +4 -3
- package/node_modules/protobufjs/src/wrappers.js +11 -7
- package/node_modules/protobufjs/src/writer.js +11 -9
- package/node_modules/ws/lib/receiver.js +54 -0
- package/node_modules/ws/lib/websocket-server.js +8 -0
- package/node_modules/ws/lib/websocket.js +14 -0
- package/node_modules/ws/package.json +1 -1
- package/package.json +6 -6
- package/node_modules/@zuplo/runtime/out/esm/browser-login-idp-SD2N5PY4.js +0 -26
- package/node_modules/@zuplo/runtime/out/esm/browser-login-idp-SD2N5PY4.js.map +0 -1
- package/node_modules/@zuplo/runtime/out/esm/chunk-A6TMPOZH.js.map +0 -1
- package/node_modules/@zuplo/runtime/out/esm/chunk-DLCMRCIL.js +0 -30
- package/node_modules/@zuplo/runtime/out/esm/chunk-DLCMRCIL.js.map +0 -1
- /package/node_modules/@zuplo/runtime/out/esm/{chunk-A6TMPOZH.js.LEGAL.txt → chunk-J7JE2DD5.js.LEGAL.txt} +0 -0
|
@@ -40,6 +40,10 @@ class Receiver extends Writable {
|
|
|
40
40
|
* extensions
|
|
41
41
|
* @param {Boolean} [options.isServer=false] Specifies whether to operate in
|
|
42
42
|
* client or server mode
|
|
43
|
+
* @param {Number} [options.maxBufferedChunks=0] The maximum number of
|
|
44
|
+
* buffered data chunks
|
|
45
|
+
* @param {Number} [options.maxFragments=0] The maximum number of message
|
|
46
|
+
* fragments
|
|
43
47
|
* @param {Number} [options.maxPayload=0] The maximum allowed message length
|
|
44
48
|
* @param {Boolean} [options.skipUTF8Validation=false] Specifies whether or
|
|
45
49
|
* not to skip UTF-8 validation for text and close messages
|
|
@@ -54,6 +58,8 @@ class Receiver extends Writable {
|
|
|
54
58
|
this._binaryType = options.binaryType || BINARY_TYPES[0];
|
|
55
59
|
this._extensions = options.extensions || {};
|
|
56
60
|
this._isServer = !!options.isServer;
|
|
61
|
+
this._maxBufferedChunks = options.maxBufferedChunks | 0;
|
|
62
|
+
this._maxFragments = options.maxFragments | 0;
|
|
57
63
|
this._maxPayload = options.maxPayload | 0;
|
|
58
64
|
this._skipUTF8Validation = !!options.skipUTF8Validation;
|
|
59
65
|
this[kWebSocket] = undefined;
|
|
@@ -89,6 +95,22 @@ class Receiver extends Writable {
|
|
|
89
95
|
_write(chunk, encoding, cb) {
|
|
90
96
|
if (this._opcode === 0x08 && this._state == GET_INFO) return cb();
|
|
91
97
|
|
|
98
|
+
if (
|
|
99
|
+
this._maxBufferedChunks > 0 &&
|
|
100
|
+
this._buffers.length >= this._maxBufferedChunks
|
|
101
|
+
) {
|
|
102
|
+
cb(
|
|
103
|
+
this.createError(
|
|
104
|
+
RangeError,
|
|
105
|
+
'Too many buffered chunks',
|
|
106
|
+
false,
|
|
107
|
+
1008,
|
|
108
|
+
'WS_ERR_TOO_MANY_BUFFERED_PARTS'
|
|
109
|
+
)
|
|
110
|
+
);
|
|
111
|
+
return;
|
|
112
|
+
}
|
|
113
|
+
|
|
92
114
|
this._bufferedBytes += chunk.length;
|
|
93
115
|
this._buffers.push(chunk);
|
|
94
116
|
this.startLoop(cb);
|
|
@@ -485,6 +507,22 @@ class Receiver extends Writable {
|
|
|
485
507
|
}
|
|
486
508
|
|
|
487
509
|
if (data.length) {
|
|
510
|
+
if (
|
|
511
|
+
this._maxFragments > 0 &&
|
|
512
|
+
this._fragments.length >= this._maxFragments
|
|
513
|
+
) {
|
|
514
|
+
const error = this.createError(
|
|
515
|
+
RangeError,
|
|
516
|
+
'Too many message fragments',
|
|
517
|
+
false,
|
|
518
|
+
1008,
|
|
519
|
+
'WS_ERR_TOO_MANY_BUFFERED_PARTS'
|
|
520
|
+
);
|
|
521
|
+
|
|
522
|
+
cb(error);
|
|
523
|
+
return;
|
|
524
|
+
}
|
|
525
|
+
|
|
488
526
|
//
|
|
489
527
|
// This message is not compressed so its length is the sum of the payload
|
|
490
528
|
// length of all fragments.
|
|
@@ -524,6 +562,22 @@ class Receiver extends Writable {
|
|
|
524
562
|
return;
|
|
525
563
|
}
|
|
526
564
|
|
|
565
|
+
if (
|
|
566
|
+
this._maxFragments > 0 &&
|
|
567
|
+
this._fragments.length >= this._maxFragments
|
|
568
|
+
) {
|
|
569
|
+
const error = this.createError(
|
|
570
|
+
RangeError,
|
|
571
|
+
'Too many message fragments',
|
|
572
|
+
false,
|
|
573
|
+
1008,
|
|
574
|
+
'WS_ERR_TOO_MANY_BUFFERED_PARTS'
|
|
575
|
+
);
|
|
576
|
+
|
|
577
|
+
cb(error);
|
|
578
|
+
return;
|
|
579
|
+
}
|
|
580
|
+
|
|
527
581
|
this._fragments.push(buf);
|
|
528
582
|
}
|
|
529
583
|
|
|
@@ -43,6 +43,10 @@ class WebSocketServer extends EventEmitter {
|
|
|
43
43
|
* called
|
|
44
44
|
* @param {Function} [options.handleProtocols] A hook to handle protocols
|
|
45
45
|
* @param {String} [options.host] The hostname where to bind the server
|
|
46
|
+
* @param {Number} [options.maxBufferedChunks=1048576] The maximum number of
|
|
47
|
+
* buffered data chunks
|
|
48
|
+
* @param {Number} [options.maxFragments=131072] The maximum number of message
|
|
49
|
+
* fragments
|
|
46
50
|
* @param {Number} [options.maxPayload=104857600] The maximum allowed message
|
|
47
51
|
* size
|
|
48
52
|
* @param {Boolean} [options.noServer=false] Enable no server mode
|
|
@@ -65,6 +69,8 @@ class WebSocketServer extends EventEmitter {
|
|
|
65
69
|
options = {
|
|
66
70
|
allowSynchronousEvents: true,
|
|
67
71
|
autoPong: true,
|
|
72
|
+
maxBufferedChunks: 1024 * 1024,
|
|
73
|
+
maxFragments: 128 * 1024,
|
|
68
74
|
maxPayload: 100 * 1024 * 1024,
|
|
69
75
|
skipUTF8Validation: false,
|
|
70
76
|
perMessageDeflate: false,
|
|
@@ -424,6 +430,8 @@ class WebSocketServer extends EventEmitter {
|
|
|
424
430
|
|
|
425
431
|
ws.setSocket(socket, head, {
|
|
426
432
|
allowSynchronousEvents: this.options.allowSynchronousEvents,
|
|
433
|
+
maxBufferedChunks: this.options.maxBufferedChunks,
|
|
434
|
+
maxFragments: this.options.maxFragments,
|
|
427
435
|
maxPayload: this.options.maxPayload,
|
|
428
436
|
skipUTF8Validation: this.options.skipUTF8Validation
|
|
429
437
|
});
|
|
@@ -201,6 +201,10 @@ class WebSocket extends EventEmitter {
|
|
|
201
201
|
* multiple times in the same tick
|
|
202
202
|
* @param {Function} [options.generateMask] The function used to generate the
|
|
203
203
|
* masking key
|
|
204
|
+
* @param {Number} [options.maxBufferedChunks=0] The maximum number of
|
|
205
|
+
* buffered data chunks
|
|
206
|
+
* @param {Number} [options.maxFragments=0] The maximum number of message
|
|
207
|
+
* fragments
|
|
204
208
|
* @param {Number} [options.maxPayload=0] The maximum allowed message size
|
|
205
209
|
* @param {Boolean} [options.skipUTF8Validation=false] Specifies whether or
|
|
206
210
|
* not to skip UTF-8 validation for text and close messages
|
|
@@ -212,6 +216,8 @@ class WebSocket extends EventEmitter {
|
|
|
212
216
|
binaryType: this.binaryType,
|
|
213
217
|
extensions: this._extensions,
|
|
214
218
|
isServer: this._isServer,
|
|
219
|
+
maxBufferedChunks: options.maxBufferedChunks,
|
|
220
|
+
maxFragments: options.maxFragments,
|
|
215
221
|
maxPayload: options.maxPayload,
|
|
216
222
|
skipUTF8Validation: options.skipUTF8Validation
|
|
217
223
|
});
|
|
@@ -640,6 +646,10 @@ module.exports = WebSocket;
|
|
|
640
646
|
* masking key
|
|
641
647
|
* @param {Number} [options.handshakeTimeout] Timeout in milliseconds for the
|
|
642
648
|
* handshake request
|
|
649
|
+
* @param {Number} [options.maxBufferedChunks=1048576] The maximum number of
|
|
650
|
+
* buffered data chunks
|
|
651
|
+
* @param {Number} [options.maxFragments=131072] The maximum number of message
|
|
652
|
+
* fragments
|
|
643
653
|
* @param {Number} [options.maxPayload=104857600] The maximum allowed message
|
|
644
654
|
* size
|
|
645
655
|
* @param {Number} [options.maxRedirects=10] The maximum number of redirects
|
|
@@ -660,6 +670,8 @@ function initAsClient(websocket, address, protocols, options) {
|
|
|
660
670
|
autoPong: true,
|
|
661
671
|
closeTimeout: CLOSE_TIMEOUT,
|
|
662
672
|
protocolVersion: protocolVersions[1],
|
|
673
|
+
maxBufferedChunks: 1024 * 1024,
|
|
674
|
+
maxFragments: 128 * 1024,
|
|
663
675
|
maxPayload: 100 * 1024 * 1024,
|
|
664
676
|
skipUTF8Validation: false,
|
|
665
677
|
perMessageDeflate: true,
|
|
@@ -1017,6 +1029,8 @@ function initAsClient(websocket, address, protocols, options) {
|
|
|
1017
1029
|
websocket.setSocket(socket, head, {
|
|
1018
1030
|
allowSynchronousEvents: opts.allowSynchronousEvents,
|
|
1019
1031
|
generateMask: opts.generateMask,
|
|
1032
|
+
maxBufferedChunks: opts.maxBufferedChunks,
|
|
1033
|
+
maxFragments: opts.maxFragments,
|
|
1020
1034
|
maxPayload: opts.maxPayload,
|
|
1021
1035
|
skipUTF8Validation: opts.skipUTF8Validation
|
|
1022
1036
|
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@zuplo/cli",
|
|
3
|
-
"version": "6.70.
|
|
3
|
+
"version": "6.70.43",
|
|
4
4
|
"repository": "https://github.com/zuplo/zuplo",
|
|
5
5
|
"author": "Zuplo, Inc.",
|
|
6
6
|
"type": "module",
|
|
@@ -29,10 +29,10 @@
|
|
|
29
29
|
"@opentelemetry/api": "1.9.0",
|
|
30
30
|
"@sentry/node": "9.22.0",
|
|
31
31
|
"@swc/core": "1.10.18",
|
|
32
|
-
"@zuplo/core": "6.70.
|
|
32
|
+
"@zuplo/core": "6.70.43",
|
|
33
33
|
"@zuplo/editor": "1.0.20821740935",
|
|
34
|
-
"@zuplo/openapi-tools": "6.70.
|
|
35
|
-
"@zuplo/runtime": "6.70.
|
|
34
|
+
"@zuplo/openapi-tools": "6.70.43",
|
|
35
|
+
"@zuplo/runtime": "6.70.43",
|
|
36
36
|
"chalk": "5.4.1",
|
|
37
37
|
"chokidar": "3.5.3",
|
|
38
38
|
"cookie": "1.0.2",
|
|
@@ -66,8 +66,8 @@
|
|
|
66
66
|
"workerd": "1.20241230.0",
|
|
67
67
|
"yargs": "17.7.2",
|
|
68
68
|
"zod": "3.25.76",
|
|
69
|
-
"@zuplo/graphql": "6.70.
|
|
70
|
-
"@zuplo/otel": "6.70.
|
|
69
|
+
"@zuplo/graphql": "6.70.43",
|
|
70
|
+
"@zuplo/otel": "6.70.43"
|
|
71
71
|
},
|
|
72
72
|
"bundleDependencies": [
|
|
73
73
|
"@fastify/cors",
|
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
|
|
2
|
-
/*---------------------------------------------------------------------------------------------
|
|
3
|
-
* Copyright (c) Zuplo, Inc. All rights reserved.
|
|
4
|
-
*
|
|
5
|
-
* This software and associated documentation files (the "Software") is intended to be used
|
|
6
|
-
* only by Zuplo customers solely to develop and test applications that will be deployed
|
|
7
|
-
* to Zuplo hosted services. You and others in your organization may use these files on your
|
|
8
|
-
* Development Devices solely for the above stated purpose.
|
|
9
|
-
*
|
|
10
|
-
* Outside of uses stated above, no license is granted for any other purpose including
|
|
11
|
-
* without limitation the rights to use, copy, modify, merge, publish, distribute,
|
|
12
|
-
* sublicense, host, and/or sell copies of the Software.
|
|
13
|
-
*
|
|
14
|
-
* The software may include third party components with separate legal notices or governed by
|
|
15
|
-
* other agreements, as described in licenses either embedded in or accompanying the Software.
|
|
16
|
-
*
|
|
17
|
-
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
|
|
18
|
-
* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
|
|
19
|
-
* PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
|
|
20
|
-
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|
21
|
-
* OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
22
|
-
* DEALINGS IN THE SOFTWARE.
|
|
23
|
-
*--------------------------------------------------------------------------------------------*/
|
|
24
|
-
|
|
25
|
-
import{Ka as v,L as h,M as k,N as l,Na as u,P as b,Q as f,d as p,ka as y,la as x}from"./chunk-DLCMRCIL.js";import{ea as r,fa as j}from"./chunk-A6TMPOZH.js";import"./chunk-JRXZBVXH.js";import"./chunk-4SACVMDH.js";import{a}from"./chunk-ZIKV2LUM.js";j();import{createRemoteJWKSet as C,errors as d,jwtVerify as T}from"jose";var I=r.object({id_token:r.string().min(1),token_type:r.string().min(1).optional(),expires_in:r.number().optional(),access_token:r.string().min(1).optional(),refresh_token:r.string().min(1).optional(),scope:r.string().min(1).optional()}),J=r.object({error:r.string().min(1).optional(),error_description:r.string().min(1).optional(),error_uri:r.string().min(1).optional()});function P(e){let n=J.safeParse(e);if(!n.success)return{};let t={};return n.data.error!==void 0&&(t.idpError=n.data.error),n.data.error_description!==void 0&&(t.idpErrorDescription=n.data.error_description.slice(0,256)),n.data.error_uri!==void 0&&(t.idpErrorUri=n.data.error_uri.slice(0,256)),t}a(P,"readIdpErrorFields");function U(e){return e instanceof d.JWTExpired?"expired":e instanceof d.JWTClaimValidationFailed?"claim":e instanceof d.JWSSignatureVerificationFailed?"signature":e instanceof d.JWKSNoMatchingKey?"jwks_no_match":e instanceof d.JWTInvalid?"invalid":e instanceof r.ZodError?"schema":"other"}a(U,"readJwtFailureKind");var M=r.object({sub:y,nonce:r.string().min(1)}).catchall(r.unknown()),m;function L(e){return e instanceof Error&&"cause"in e?e.cause:e}a(L,"readErrorCause");function W(e){if(e!==null&&typeof e=="object"&&"extensionMembers"in e)return e.extensionMembers?.gatewayCode}a(W,"readRuntimeGatewayCode");function G(){if(!m){let e=p();m=C(new URL(e.oidc.jwksUrl),{timeoutDuration:e.browserLogin.remoteTimeoutMs})}return m}a(G,"readFederatedJwks");async function Z(e){let n=p(),t=u("tokenUrl"),w=u("clientId"),E=u("clientSecret"),F=new URL("/oauth/callback",h(e.requestUrl)).toString(),R=new URLSearchParams({grant_type:"authorization_code",code:e.code,redirect_uri:F,client_id:w,client_secret:E});try{let{response:i,json:s}=await v(t,{method:"POST",headers:{accept:"application/json","content-type":"application/x-www-form-urlencoded"},body:R},{maxResponseBytes:32768,problemCode:"browser_login_verification_failed",timeoutMs:n.browserLogin.remoteTimeoutMs,...e.context===void 0?{}:{context:e.context}});if(!i.ok){let o=P(s);throw e.context?.log.warn({event:"federated_token_exchange_failed",code:"provider_access_denied",idpHost:l(t),idpStatus:i.status,...o},"Federated browser login token exchange returned non-2xx from the identity provider"),f({code:"provider_access_denied",privateDetail:"Federated browser login token exchange failed.",cause:new Error(`IdP token exchange failed (status=${i.status}${o.idpError?` idp_error=${o.idpError}`:""}${o.idpErrorDescription?` idp_error_description=${o.idpErrorDescription}`:""})`)})}let S=I.parse(s),c;try{({payload:c}=await T(S.id_token,G(),{issuer:n.oidc.issuer,audience:w}))}catch(o){let _={};throw k(_,"error",o),e.context?.log.warn({event:"federated_id_token_verification_failed",code:"browser_login_verification_failed",failureKind:U(o),idpHost:l(t),expectedIssuer:n.oidc.issuer,..._},"Federated id_token failed jose verification"),o}if(c.nonce!==e.nonce)throw e.context?.log.warn({event:"federated_nonce_mismatch",code:"oauth_callback_mismatch",idpHost:l(t),nonceMissingFromIdToken:c.nonce===void 0},"Federated id_token nonce did not match the signed gateway state"),f("oauth_callback_mismatch","Federated browser login nonce did not match the signed gateway state.");let g=M.parse(c);return x({sub:g.sub,data:g},e.requestUrl)}catch(i){let s=b(i)??W(i);throw s!==void 0&&s!=="browser_login_verification_failed"?i:f("browser_login_verification_failed","Federated browser login callback could not be verified.",L(i))}}a(Z,"exchangeFederatedAuthorizationCode");export{Z as exchangeFederatedAuthorizationCode};
|
|
26
|
-
//# sourceMappingURL=browser-login-idp-SD2N5PY4.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["@zuplo/runtime/mcp-gateway/v2/downstream-oauth/browser-login-idp.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;uPAGAA,IADA,OAAS,sBAAAC,EAAoB,UAAUC,EAAY,aAAAC,MAAiB,OAqBpE,IAAMC,EAA+BC,EAAE,OAAO,CAC5C,SAAUA,EAAE,OAAO,EAAE,IAAI,CAAC,EAC1B,WAAYA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EACvC,WAAYA,EAAE,OAAO,EAAE,SAAS,EAChC,aAAcA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EACzC,cAAeA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAC1C,MAAOA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,CACpC,CAAC,EACKC,EAAoCD,EAAE,OAAO,CACjD,MAAOA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAClC,kBAAmBA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAC9C,UAAWA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,CACxC,CAAC,EAED,SAASE,EAAmBC,EAAmD,CAC7E,IAAMC,EAASH,EAAkC,UAAUE,CAAI,EAC/D,GAAI,CAACC,EAAO,QACV,MAAO,CAAC,EAEV,IAAMC,EAA6C,CAAC,EACpD,OAAID,EAAO,KAAK,QAAU,SACxBC,EAAO,SAAWD,EAAO,KAAK,OAE5BA,EAAO,KAAK,oBAAsB,SACpCC,EAAO,oBAAsBD,EAAO,KAAK,kBAAkB,MAAM,EAAG,GAAG,GAErEA,EAAO,KAAK,YAAc,SAC5BC,EAAO,YAAcD,EAAO,KAAK,UAAU,MAAM,EAAG,GAAG,GAElDC,CACT,CAhBSC,EAAAJ,EAAA,sBAkBT,SAASK,EAAmBC,EAAwB,CAClD,OAAIA,aAAiBC,EAAW,WAAmB,UAC/CD,aAAiBC,EAAW,yBAAiC,QAC7DD,aAAiBC,EAAW,+BACvB,YACLD,aAAiBC,EAAW,kBAA0B,gBACtDD,aAAiBC,EAAW,WAAmB,UAC/CD,aAAiBR,EAAE,SAAiB,SACjC,OACT,CATSM,EAAAC,EAAA,sBAUT,IAAMG,EAA+BV,EAClC,OAAO,CACN,IAAKW,EACL,MAAOX,EAAE,OAAO,EAAE,IAAI,CAAC,CACzB,CAAC,EACA,SAASA,EAAE,QAAQ,CAAC,EAEnBY,EAEJ,SAASC,EAAeL,EAAyB,CAC/C,OAAOA,aAAiB,OAAS,UAAWA,EAAQA,EAAM,MAAQA,CACpE,CAFSF,EAAAO,EAAA,kBAIT,SAASC,EAAuBN,EAAyB,CACvD,GACEA,IAAU,MACV,OAAOA,GAAU,UACjB,qBAAsBA,EAKtB,OAFEA,EACA,kBACuB,WAG7B,CAZSF,EAAAQ,EAAA,0BAcT,SAASC,GAAoB,CAC3B,GAAI,CAACH,EAAqB,CACxB,IAAMI,EAASC,EAAsB,EACrCL,EAAsBM,EAAmB,IAAI,IAAIF,EAAO,KAAK,OAAO,EAAG,CACrE,gBAAiBA,EAAO,aAAa,eACvC,CAAC,CACH,CAEA,OAAOJ,CACT,CATSN,EAAAS,EAAA,qBAWT,eAAsBI,EAAmCC,EAK3B,CAC5B,IAAMJ,EAASC,EAAsB,EAC/BI,EAAWC,EAAyB,UAAU,EAC9CC,EAAWD,EAAyB,UAAU,EAC9CE,EAAeF,EAAyB,cAAc,EACtDG,EAAc,IAAI,IACtB,kBACAC,EAAuBN,EAAM,UAAU,CACzC,EAAE,SAAS,EACLO,EAAO,IAAI,gBAAgB,CAC/B,WAAY,qBACZ,KAAMP,EAAM,KACZ,aAAcK,EACd,UAAWF,EACX,cAAeC,CACjB,CAAC,EAED,GAAI,CACF,GAAM,CAAE,SAAAI,EAAU,KAAAzB,CAAK,EAAI,MAAM0B,EAC/BR,EACA,CACE,OAAQ,OACR,QAAS,CACP,OAAQ,mBACR,eAAgB,mCAClB,EACA,KAAAM,CACF,EACA,CACE,iBAAkB,MAClB,YAAa,oCACb,UAAWX,EAAO,aAAa,gBAC/B,GAAII,EAAM,UAAY,OAAY,CAAC,EAAI,CAAE,QAASA,EAAM,OAAQ,CAClE,CACF,EAEA,GAAI,CAACQ,EAAS,GAAI,CAChB,IAAME,EAAY5B,EAAmBC,CAAI,EACzC,MAAAiB,EAAM,SAAS,IAAI,KACjB,CACE,MAAO,kCACP,KAAM,yBACN,QAASW,EAASV,CAAQ,EAC1B,UAAWO,EAAS,OACpB,GAAGE,CACL,EACA,oFACF,EACME,EAA0B,CAC9B,KAAM,yBACN,cAAe,iDACf,MAAO,IAAI,MACT,qCAAqCJ,EAAS,MAAM,GAClDE,EAAU,SAAW,cAAcA,EAAU,QAAQ,GAAK,EAC5D,GACEA,EAAU,oBACN,0BAA0BA,EAAU,mBAAmB,GACvD,EACN,GACF,CACF,CAAC,CACH,CAEA,IAAMG,EAAUlC,EAA6B,MAAMI,CAAI,EACnD+B,EACJ,GAAI,EACD,CAAE,QAASA,CAAc,EAAI,MAAMC,EAClCF,EAAQ,SACRlB,EAAkB,EAClB,CACE,OAAQC,EAAO,KAAK,OACpB,SAAUO,CACZ,CACF,EACF,OAASa,EAAa,CACpB,IAAMC,EAAuC,CAAC,EAC9C,MAAAC,EAAkBD,EAAc,QAASD,CAAW,EACpDhB,EAAM,SAAS,IAAI,KACjB,CACE,MAAO,yCACP,KAAM,oCACN,YAAab,EAAmB6B,CAAW,EAC3C,QAASL,EAASV,CAAQ,EAC1B,eAAgBL,EAAO,KAAK,OAC5B,GAAGqB,CACL,EACA,6CACF,EACMD,CACR,CAEA,GAAIF,EAAc,QAAUd,EAAM,MAChC,MAAAA,EAAM,SAAS,IAAI,KACjB,CACE,MAAO,2BACP,KAAM,0BACN,QAASW,EAASV,CAAQ,EAC1B,wBAAyBa,EAAc,QAAU,MACnD,EACA,iEACF,EACMF,EACJ,0BACA,uEACF,EAGF,IAAMO,EACJ7B,EAA6B,MAAMwB,CAAa,EAElD,OACEM,EACE,CACE,IAAKD,EAAoB,IACzB,KAAMA,CACR,EACAnB,EAAM,UACR,CAEJ,OAASZ,EAAO,CACd,IAAMiC,EACJC,EAAuBlC,CAAK,GAAKM,EAAuBN,CAAK,EAC/D,MACEiC,IAAgB,QAChBA,IAAgB,oCAEVjC,EAGFwB,EACJ,oCACA,0DACAnB,EAAeL,CAAK,CACtB,CACF,CACF,CA5IsBF,EAAAa,EAAA","names":["init_v4","createRemoteJWKSet","joseErrors","jwtVerify","federatedTokenResponseSchema","external_exports","federatedTokenErrorResponseSchema","readIdpErrorFields","json","parsed","fields","__name","readJwtFailureKind","error","joseErrors","federatedIdTokenClaimsSchema","subjectIdSchema","cachedFederatedJwks","readErrorCause","readRuntimeGatewayCode","readFederatedJwks","config","getGatewayOAuthConfig","createRemoteJWKSet","exchangeFederatedAuthorizationCode","input","tokenUrl","requireBrowserLoginField","clientId","clientSecret","callbackUrl","readGatewayOAuthIssuer","body","response","fetchIdentityProviderJson","idpFields","safeHost","createGatewayRuntimeError","payload","idTokenClaims","jwtVerify","verifyError","verifyFields","addErrorLogFields","parsedIdTokenClaims","parseGatewayPrincipal","problemCode","readGatewayProblemCode"]}
|