@zuplo/runtime 6.70.48 → 6.70.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/out/esm/browser-login-idp-NPHGGA54.js +26 -0
- package/out/esm/{browser-login-idp-WT4H7RKW.js.map → browser-login-idp-NPHGGA54.js.map} +1 -1
- package/out/esm/chunk-GK7ZF3JA.js +26 -0
- package/out/esm/chunk-GK7ZF3JA.js.map +1 -0
- package/out/esm/chunk-OATPYDFL.js +322 -0
- package/out/esm/chunk-OATPYDFL.js.map +1 -0
- package/out/esm/index.js +1 -1
- package/out/esm/index.js.map +1 -1
- package/out/esm/mcp-gateway/index.js +8 -8
- package/out/esm/mcp-gateway/index.js.map +1 -1
- package/out/types/index.d.ts +949 -0
- package/out/types/mcp-gateway/index.d.ts +717 -0
- package/package.json +1 -1
- package/out/esm/browser-login-idp-WT4H7RKW.js +0 -26
- package/out/esm/chunk-J7JE2DD5.js +0 -318
- package/out/esm/chunk-J7JE2DD5.js.map +0 -1
- package/out/esm/chunk-WU5PDK6Z.js +0 -30
- package/out/esm/chunk-WU5PDK6Z.js.map +0 -1
- /package/out/esm/{chunk-J7JE2DD5.js.LEGAL.txt → chunk-OATPYDFL.js.LEGAL.txt} +0 -0
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
|
|
2
|
+
/*---------------------------------------------------------------------------------------------
|
|
3
|
+
* Copyright (c) Zuplo, Inc. All rights reserved.
|
|
4
|
+
*
|
|
5
|
+
* This software and associated documentation files (the "Software") is intended to be used
|
|
6
|
+
* only by Zuplo customers solely to develop and test applications that will be deployed
|
|
7
|
+
* to Zuplo hosted services. You and others in your organization may use these files on your
|
|
8
|
+
* Development Devices solely for the above stated purpose.
|
|
9
|
+
*
|
|
10
|
+
* Outside of uses stated above, no license is granted for any other purpose including
|
|
11
|
+
* without limitation the rights to use, copy, modify, merge, publish, distribute,
|
|
12
|
+
* sublicense, host, and/or sell copies of the Software.
|
|
13
|
+
*
|
|
14
|
+
* The software may include third party components with separate legal notices or governed by
|
|
15
|
+
* other agreements, as described in licenses either embedded in or accompanying the Software.
|
|
16
|
+
*
|
|
17
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
|
|
18
|
+
* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
|
|
19
|
+
* PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
|
|
20
|
+
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|
21
|
+
* OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
22
|
+
* DEALINGS IN THE SOFTWARE.
|
|
23
|
+
*--------------------------------------------------------------------------------------------*/
|
|
24
|
+
|
|
25
|
+
import{f as v,i as u}from"./chunk-GK7ZF3JA.js";import{Gc as y,Hc as x,S as r,T as j,ec as h,fc as k,gc as l,jb as m,jc as b,kc as f}from"./chunk-OATPYDFL.js";import"./chunk-JRXZBVXH.js";import"./chunk-4SACVMDH.js";import{a}from"./chunk-ZIKV2LUM.js";j();import{createRemoteJWKSet as C,errors as d,jwtVerify as T}from"jose";var I=r.object({id_token:r.string().min(1),token_type:r.string().min(1).optional(),expires_in:r.number().optional(),access_token:r.string().min(1).optional(),refresh_token:r.string().min(1).optional(),scope:r.string().min(1).optional()}),U=r.object({error:r.string().min(1).optional(),error_description:r.string().min(1).optional(),error_uri:r.string().min(1).optional()});function J(e){let t=U.safeParse(e);if(!t.success)return{};let n={};return t.data.error!==void 0&&(n.idpError=t.data.error),t.data.error_description!==void 0&&(n.idpErrorDescription=t.data.error_description.slice(0,256)),t.data.error_uri!==void 0&&(n.idpErrorUri=t.data.error_uri.slice(0,256)),n}a(J,"readIdpErrorFields");function M(e){return e instanceof d.JWTExpired?"expired":e instanceof d.JWTClaimValidationFailed?"claim":e instanceof d.JWSSignatureVerificationFailed?"signature":e instanceof d.JWKSNoMatchingKey?"jwks_no_match":e instanceof d.JWTInvalid?"invalid":e instanceof r.ZodError?"schema":"other"}a(M,"readJwtFailureKind");var P=r.object({sub:y,nonce:r.string().min(1)}).catchall(r.unknown()),p;function q(e){return e instanceof Error&&"cause"in e?e.cause:e}a(q,"readErrorCause");function H(e){if(e!==null&&typeof e=="object"&&"extensionMembers"in e)return e.extensionMembers?.gatewayCode}a(H,"readRuntimeGatewayCode");function L(){if(!p){let e=m();p=C(new URL(e.oidc.jwksUrl),{timeoutDuration:e.browserLogin.remoteTimeoutMs})}return p}a(L,"readFederatedJwks");async function Z(e){let t=m(),n=u("tokenUrl"),w=u("clientId"),E=u("clientSecret"),F=new URL("/oauth/callback",h(e.requestUrl,e.requestHeaders)).toString(),R=new URLSearchParams({grant_type:"authorization_code",code:e.code,redirect_uri:F,client_id:w,client_secret:E});try{let{response:i,json:s}=await v(n,{method:"POST",headers:{accept:"application/json","content-type":"application/x-www-form-urlencoded"},body:R},{maxResponseBytes:32768,problemCode:"browser_login_verification_failed",timeoutMs:t.browserLogin.remoteTimeoutMs,...e.context===void 0?{}:{context:e.context}});if(!i.ok){let o=J(s);throw e.context?.log.warn({event:"federated_token_exchange_failed",code:"provider_access_denied",idpHost:l(n),idpStatus:i.status,...o},"Federated browser login token exchange returned non-2xx from the identity provider"),f({code:"provider_access_denied",privateDetail:"Federated browser login token exchange failed.",cause:new Error(`IdP token exchange failed (status=${i.status}${o.idpError?` idp_error=${o.idpError}`:""}${o.idpErrorDescription?` idp_error_description=${o.idpErrorDescription}`:""})`)})}let S=I.parse(s),c;try{({payload:c}=await T(S.id_token,L(),{issuer:t.oidc.issuer,audience:w}))}catch(o){let _={};throw k(_,"error",o),e.context?.log.warn({event:"federated_id_token_verification_failed",code:"browser_login_verification_failed",failureKind:M(o),idpHost:l(n),expectedIssuer:t.oidc.issuer,..._},"Federated id_token failed jose verification"),o}if(c.nonce!==e.nonce)throw e.context?.log.warn({event:"federated_nonce_mismatch",code:"oauth_callback_mismatch",idpHost:l(n),nonceMissingFromIdToken:c.nonce===void 0},"Federated id_token nonce did not match the signed gateway state"),f("oauth_callback_mismatch","Federated browser login nonce did not match the signed gateway state.");let g=P.parse(c);return x({sub:g.sub,data:g},e.requestUrl)}catch(i){let s=b(i)??H(i);throw s!==void 0&&s!=="browser_login_verification_failed"?i:f("browser_login_verification_failed","Federated browser login callback could not be verified.",q(i))}}a(Z,"exchangeFederatedAuthorizationCode");export{Z as exchangeFederatedAuthorizationCode};
|
|
26
|
+
//# sourceMappingURL=browser-login-idp-NPHGGA54.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["@zuplo/runtime/mcp-gateway/v2/downstream-oauth/browser-login-idp.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"sources":["@zuplo/runtime/mcp-gateway/v2/downstream-oauth/browser-login-idp.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;yPAGAA,IADA,OAAS,sBAAAC,EAAoB,UAAUC,EAAY,aAAAC,MAAiB,OAqBpE,IAAMC,EAA+BC,EAAE,OAAO,CAC5C,SAAUA,EAAE,OAAO,EAAE,IAAI,CAAC,EAC1B,WAAYA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EACvC,WAAYA,EAAE,OAAO,EAAE,SAAS,EAChC,aAAcA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EACzC,cAAeA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAC1C,MAAOA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,CACpC,CAAC,EACKC,EAAoCD,EAAE,OAAO,CACjD,MAAOA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAClC,kBAAmBA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAC9C,UAAWA,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,CACxC,CAAC,EAED,SAASE,EAAmBC,EAAmD,CAC7E,IAAMC,EAASH,EAAkC,UAAUE,CAAI,EAC/D,GAAI,CAACC,EAAO,QACV,MAAO,CAAC,EAEV,IAAMC,EAA6C,CAAC,EACpD,OAAID,EAAO,KAAK,QAAU,SACxBC,EAAO,SAAWD,EAAO,KAAK,OAE5BA,EAAO,KAAK,oBAAsB,SACpCC,EAAO,oBAAsBD,EAAO,KAAK,kBAAkB,MAAM,EAAG,GAAG,GAErEA,EAAO,KAAK,YAAc,SAC5BC,EAAO,YAAcD,EAAO,KAAK,UAAU,MAAM,EAAG,GAAG,GAElDC,CACT,CAhBSC,EAAAJ,EAAA,sBAkBT,SAASK,EAAmBC,EAAwB,CAClD,OAAIA,aAAiBC,EAAW,WAAmB,UAC/CD,aAAiBC,EAAW,yBAAiC,QAC7DD,aAAiBC,EAAW,+BACvB,YACLD,aAAiBC,EAAW,kBAA0B,gBACtDD,aAAiBC,EAAW,WAAmB,UAC/CD,aAAiBR,EAAE,SAAiB,SACjC,OACT,CATSM,EAAAC,EAAA,sBAUT,IAAMG,EAA+BV,EAClC,OAAO,CACN,IAAKW,EACL,MAAOX,EAAE,OAAO,EAAE,IAAI,CAAC,CACzB,CAAC,EACA,SAASA,EAAE,QAAQ,CAAC,EAEnBY,EAEJ,SAASC,EAAeL,EAAyB,CAC/C,OAAOA,aAAiB,OAAS,UAAWA,EAAQA,EAAM,MAAQA,CACpE,CAFSF,EAAAO,EAAA,kBAIT,SAASC,EAAuBN,EAAyB,CACvD,GACEA,IAAU,MACV,OAAOA,GAAU,UACjB,qBAAsBA,EAKtB,OAFEA,EACA,kBACuB,WAG7B,CAZSF,EAAAQ,EAAA,0BAcT,SAASC,GAAoB,CAC3B,GAAI,CAACH,EAAqB,CACxB,IAAMI,EAASC,EAAsB,EACrCL,EAAsBM,EAAmB,IAAI,IAAIF,EAAO,KAAK,OAAO,EAAG,CACrE,gBAAiBA,EAAO,aAAa,eACvC,CAAC,CACH,CAEA,OAAOJ,CACT,CATSN,EAAAS,EAAA,qBAWT,eAAsBI,EAAmCC,EAM3B,CAC5B,IAAMJ,EAASC,EAAsB,EAC/BI,EAAWC,EAAyB,UAAU,EAC9CC,EAAWD,EAAyB,UAAU,EAC9CE,EAAeF,EAAyB,cAAc,EACtDG,EAAc,IAAI,IACtB,kBACAC,EAAuBN,EAAM,WAAYA,EAAM,cAAc,CAC/D,EAAE,SAAS,EACLO,EAAO,IAAI,gBAAgB,CAC/B,WAAY,qBACZ,KAAMP,EAAM,KACZ,aAAcK,EACd,UAAWF,EACX,cAAeC,CACjB,CAAC,EAED,GAAI,CACF,GAAM,CAAE,SAAAI,EAAU,KAAAzB,CAAK,EAAI,MAAM0B,EAC/BR,EACA,CACE,OAAQ,OACR,QAAS,CACP,OAAQ,mBACR,eAAgB,mCAClB,EACA,KAAAM,CACF,EACA,CACE,iBAAkB,MAClB,YAAa,oCACb,UAAWX,EAAO,aAAa,gBAC/B,GAAII,EAAM,UAAY,OAAY,CAAC,EAAI,CAAE,QAASA,EAAM,OAAQ,CAClE,CACF,EAEA,GAAI,CAACQ,EAAS,GAAI,CAChB,IAAME,EAAY5B,EAAmBC,CAAI,EACzC,MAAAiB,EAAM,SAAS,IAAI,KACjB,CACE,MAAO,kCACP,KAAM,yBACN,QAASW,EAASV,CAAQ,EAC1B,UAAWO,EAAS,OACpB,GAAGE,CACL,EACA,oFACF,EACME,EAA0B,CAC9B,KAAM,yBACN,cAAe,iDACf,MAAO,IAAI,MACT,qCAAqCJ,EAAS,MAAM,GAClDE,EAAU,SAAW,cAAcA,EAAU,QAAQ,GAAK,EAC5D,GACEA,EAAU,oBACN,0BAA0BA,EAAU,mBAAmB,GACvD,EACN,GACF,CACF,CAAC,CACH,CAEA,IAAMG,EAAUlC,EAA6B,MAAMI,CAAI,EACnD+B,EACJ,GAAI,EACD,CAAE,QAASA,CAAc,EAAI,MAAMC,EAClCF,EAAQ,SACRlB,EAAkB,EAClB,CACE,OAAQC,EAAO,KAAK,OACpB,SAAUO,CACZ,CACF,EACF,OAASa,EAAa,CACpB,IAAMC,EAAuC,CAAC,EAC9C,MAAAC,EAAkBD,EAAc,QAASD,CAAW,EACpDhB,EAAM,SAAS,IAAI,KACjB,CACE,MAAO,yCACP,KAAM,oCACN,YAAab,EAAmB6B,CAAW,EAC3C,QAASL,EAASV,CAAQ,EAC1B,eAAgBL,EAAO,KAAK,OAC5B,GAAGqB,CACL,EACA,6CACF,EACMD,CACR,CAEA,GAAIF,EAAc,QAAUd,EAAM,MAChC,MAAAA,EAAM,SAAS,IAAI,KACjB,CACE,MAAO,2BACP,KAAM,0BACN,QAASW,EAASV,CAAQ,EAC1B,wBAAyBa,EAAc,QAAU,MACnD,EACA,iEACF,EACMF,EACJ,0BACA,uEACF,EAGF,IAAMO,EACJ7B,EAA6B,MAAMwB,CAAa,EAElD,OACEM,EACE,CACE,IAAKD,EAAoB,IACzB,KAAMA,CACR,EACAnB,EAAM,UACR,CAEJ,OAASZ,EAAO,CACd,IAAMiC,EACJC,EAAuBlC,CAAK,GAAKM,EAAuBN,CAAK,EAC/D,MACEiC,IAAgB,QAChBA,IAAgB,oCAEVjC,EAGFwB,EACJ,oCACA,0DACAnB,EAAeL,CAAK,CACtB,CACF,CACF,CA7IsBF,EAAAa,EAAA","names":["init_v4","createRemoteJWKSet","joseErrors","jwtVerify","federatedTokenResponseSchema","external_exports","federatedTokenErrorResponseSchema","readIdpErrorFields","json","parsed","fields","__name","readJwtFailureKind","error","joseErrors","federatedIdTokenClaimsSchema","subjectIdSchema","cachedFederatedJwks","readErrorCause","readRuntimeGatewayCode","readFederatedJwks","config","getGatewayOAuthConfig","createRemoteJWKSet","exchangeFederatedAuthorizationCode","input","tokenUrl","requireBrowserLoginField","clientId","clientSecret","callbackUrl","readGatewayOAuthIssuer","body","response","fetchIdentityProviderJson","idpFields","safeHost","createGatewayRuntimeError","payload","idTokenClaims","jwtVerify","verifyError","verifyFields","addErrorLogFields","parsedIdTokenClaims","parseGatewayRequestUser","problemCode","readGatewayProblemCode"]}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
|
|
2
|
+
/*---------------------------------------------------------------------------------------------
|
|
3
|
+
* Copyright (c) Zuplo, Inc. All rights reserved.
|
|
4
|
+
*
|
|
5
|
+
* This software and associated documentation files (the "Software") is intended to be used
|
|
6
|
+
* only by Zuplo customers solely to develop and test applications that will be deployed
|
|
7
|
+
* to Zuplo hosted services. You and others in your organization may use these files on your
|
|
8
|
+
* Development Devices solely for the above stated purpose.
|
|
9
|
+
*
|
|
10
|
+
* Outside of uses stated above, no license is granted for any other purpose including
|
|
11
|
+
* without limitation the rights to use, copy, modify, merge, publish, distribute,
|
|
12
|
+
* sublicense, host, and/or sell copies of the Software.
|
|
13
|
+
*
|
|
14
|
+
* The software may include third party components with separate legal notices or governed by
|
|
15
|
+
* other agreements, as described in licenses either embedded in or accompanying the Software.
|
|
16
|
+
*
|
|
17
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
|
|
18
|
+
* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
|
|
19
|
+
* PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
|
|
20
|
+
* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|
21
|
+
* OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
22
|
+
* DEALINGS IN THE SOFTWARE.
|
|
23
|
+
*--------------------------------------------------------------------------------------------*/
|
|
24
|
+
|
|
25
|
+
import{Eb as q,fc as N,gb as w,gc as b,hb as U,jb as H,kc as G,zb as u}from"./chunk-OATPYDFL.js";import{d as L}from"./chunk-JRXZBVXH.js";import{a as n,aa as d}from"./chunk-ZIKV2LUM.js";function l(e){return new d({message:e,extensionMembers:{[u]:"invalid_request"}})}n(l,"invalidOutboundUrl");function X(){let e=L.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP??globalThis.process?.env?.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_IDP;return typeof e=="string"&&e==="1"}n(X,"isTestOnlyAllowHttpLoopbackIdpEnabled");function Z(){let e=L.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_CIMD??globalThis.process?.env?.__TEST_ONLY_MCP_GATEWAY_ALLOW_HTTP_LOOPBACK_CIMD;return typeof e=="string"&&e==="1"}n(Z,"isTestOnlyAllowHttpLoopbackCimdEnabled");var Q=new Set(["undefined","null","nan"]);function E(e,t){if(!e.hostname)throw l(`Outbound URL has an empty hostname (got ${JSON.stringify(t)}). This typically indicates an unset $env(...) reference or a JS template literal coercing \`undefined\` into a URL. Check the policy options or runtime config that produced this URL.`);if(Q.has(e.hostname.toLowerCase()))throw l(`Outbound URL hostname is ${JSON.stringify(e.hostname)} (from ${JSON.stringify(t)}). This almost always means an environment variable referenced by $env(...) is unset and a JS value was string-coerced into a URL. Set the missing env var or fix the policy option that produced this URL.`)}n(E,"assertSafeOutboundHostname");var ee=new Set(["localhost","169.254.169.254","metadata.google.internal","metadata"]),te=[{first:0},{first:10},{first:127},{first:169,secondMin:254,secondMax:254},{first:172,secondMin:16,secondMax:31},{first:192,secondMin:168,secondMax:168},{first:100,secondMin:64,secondMax:127},{first:224,firstMax:239},{first:240,firstMax:255}];function F(e){if(!/^\d+\.\d+\.\d+\.\d+$/.test(e))return;let t=e.split(".").map(r=>Number(r));if(!(t.length!==4||t.some(r=>Number.isNaN(r)||r<0||r>255)))return t}n(F,"parseIpv4Octets");function re([e,t],r){let o=r.firstMax??r.first;return e<r.first||e>o?!1:r.secondMin===void 0||r.secondMax===void 0?!0:t>=r.secondMin&&t<=r.secondMax}n(re,"ipv4RangeMatches");function j(e){let t=F(e);return t!==void 0&&te.some(r=>re(t,r))}n(j,"isPrivateIpv4");function P(e){if(!e||e.length>4)return;let t=Number.parseInt(e,16);return Number.isNaN(t)||t<0||t>65535?void 0:t}n(P,"parseIpv6Word");function ne(e,t){return[e>>8&255,e&255,t>>8&255,t&255].join(".")}n(ne,"formatIpv4FromWords");function oe(e){let t=e.slice(7),r=F(t);if(r!==void 0)return r.join(".");let[o,s,i]=t.split(":"),c=P(o),m=P(s);return i===void 0&&c!==void 0&&m!==void 0?ne(c,m):void 0}n(oe,"parseIpv6MappedIpv4");function se(e){return P(e.split(":").find(Boolean))}n(se,"readFirstIpv6Hextet");function ie(e){let t=w(e);if(!t.includes(":"))return!1;if(t==="::"||t==="::1")return!0;if(t.startsWith("::ffff:")){let o=oe(t);return o===void 0||j(o)}let r=se(t);return r===void 0?!1:(r&65024)===64512||(r&65472)===65152}n(ie,"isPrivateIpv6");function S(e){let t=w(e);return ee.has(t)||t.endsWith(".internal")||j(t)||ie(t)}n(S,"isBlockedOutboundHostname");function D(e){let t=new URL(e);if(t.protocol!=="https:"&&t.protocol!=="http:")throw l(`Unsupported outbound protocol: ${t.protocol}`);E(t,e);let r=U(t);if(t.protocol==="http:"&&!r)throw l("Configured outbound HTTP URLs must target loopback hosts.");let o=w(t.hostname);if(!r&&S(o))throw l(`Blocked outbound host: ${o}`);return t}n(D,"validateConfiguredOutboundUrl");function W(e){let t=new URL(e),r=U(t),o=r&&X();if(t.protocol!=="https:"&&!o)throw l("Identity provider URLs must use https.");if(t.username||t.password||t.search||t.hash)throw l("Identity provider URLs must not include credentials, query params, or fragments.");E(t,e);let s=w(t.hostname);if(!r&&S(s))throw l(`Blocked identity provider host: ${s}`);return t}n(W,"validateIdentityProviderUrl");function J(e,t){let r=new URL(e),o=r.protocol==="http:"&&U(r)&&Z();if(r.protocol!=="https:"&&!o||r.pathname==="/"||r.username||r.password||r.hash)throw l(`CIMD ${t} must be an HTTPS URL with a path and no credentials or fragment.`);if(E(r,e),!o&&S(r.hostname))throw l(`CIMD ${t} points at a blocked host.`);return r}n(J,"validateCimdUrl");function $(e){return J(e,"client_id")}n($,"validateCimdClientMetadataUrl");function Y(e){return J(e,"jwks_uri")}n(Y,"validateCimdClientJwksUrl");function z(e,t){if(!t)return;if(t.aborted){e.abort(t.reason);return}let r=n(()=>e.abort(t.reason),"abort");return t.addEventListener("abort",r,{once:!0}),()=>t.removeEventListener("abort",r)}n(z,"mergeAbortSignals");async function ae(e){try{await e.cancel()}catch{}}n(ae,"cancelReader");async function K(e,t){if(!e)return new Uint8Array;let r=e.getReader(),o=[],s=0,i=await r.read();for(;!i.done;){let a=i.value;if(s+=a.byteLength,s>t.maxBytes)throw await ae(r),t.createLimitError();o.push(a),i=await r.read()}let c=new Uint8Array(s),m=0;for(let a of o)c.set(a,m),m+=a.byteLength;return c}n(K,"readBoundedByteStream");var de=2,ue=1024*1024,ce=1e4,fe=new Set([301,302,303,307,308]),le=["authorization","proxy-authorization","cookie","cookie2"];function T(e){return typeof e=="string"?e:e instanceof URL?e.toString():e.url}n(T,"readRequestUrl");function y(e,t){return t?.method!==void 0?t.method.toUpperCase():e instanceof Request?e.method.toUpperCase():"GET"}n(y,"readRequestMethod");function me(e,t,r){let o=e.headers.get("content-length");if(!o)return;let s=Number.parseInt(o,10);if(Number.isFinite(s)&&s>t)throw new d({message:"Outbound response exceeded the maximum allowed size.",extensionMembers:{[u]:r}})}n(me,"assertContentLengthWithinLimit");async function pe(e,t,r){return me(e,t,r),K(e.body,{maxBytes:t,createLimitError:n(()=>new d({message:"Outbound response exceeded the maximum allowed size.",extensionMembers:{[u]:r}}),"createLimitError")})}n(pe,"readBoundedResponseBody");function he(e,t){let r=new ArrayBuffer(t.byteLength);return new Uint8Array(r).set(t),new Response(r,{status:e.status,statusText:e.statusText,headers:e.headers})}n(he,"responseFromBufferedBody");function be(e,t){if(!fe.has(e.status))return;let r=e.headers.get("location");if(r)return new URL(r,t).toString()}n(be,"resolveRedirectUrl");function V(e,t){try{return t.validateUrl(e)}catch(r){throw new d({message:"Outbound URL was not allowed.",extensionMembers:{[u]:t.problemCode}},{cause:r})}}n(V,"validateOutboundUrl");function ge(e,t){throw e instanceof d&&q(e.extensionMembers?.[u])?e:new d({message:"Outbound fetch failed.",extensionMembers:{[u]:t}},{cause:e})}n(ge,"normalizeFetchError");function O(e,t){if(e===void 0)return;let r={event:t.event,code:t.problemCode,method:t.method};if(t.host!==void 0&&(r.host=t.host),t.extra!==void 0)for(let[o,s]of Object.entries(t.extra))s!==void 0&&(r[o]=s);t.error!==void 0&&N(r,"error",t.error),e.log.warn(r,"Outbound HTTP exchange rejected")}n(O,"logOutboundFailure");async function ye(e,t,r,o,s,i,c){let m=y(r,o);try{return await t(r,o)}catch(a){let g=a instanceof DOMException&&a.name==="AbortError";O(e,{event:g?"outbound_fetch_aborted":"outbound_fetch_failed",problemCode:s,method:m,host:b(i),error:a,extra:{abortReason:c()}}),ge(a,s)}}n(ye,"fetchWithNormalizedError");function Re(e){if(e.redirects>=e.maxRedirects)throw new d({message:"Outbound redirects exceeded the maximum allowed depth.",extensionMembers:{[u]:e.problemCode}});if(e.method!=="GET"&&e.method!=="HEAD")throw new d({message:"Outbound redirect after a non-idempotent request was blocked.",extensionMembers:{[u]:e.problemCode}})}n(Re,"assertRedirectAllowed");function xe(e,t){let r=new Headers(e);for(let o of le)r.delete(o);for(let o of t)r.delete(o);return r}n(xe,"stripCrossOriginHeaders");function we(e,t,r,o,s){let i={...e,method:t,redirect:"manual",signal:r};return o&&(i.headers=xe(e.headers,s)),i}n(we,"buildRedirectInit");function Oe(e,t,r){let o={...t,redirect:"manual",signal:r};return o.headers===void 0&&e instanceof Request&&(o.headers=e.headers),o}n(Oe,"buildInitialRequestInit");function ve(e){let t=y(e.currentInput,e.currentInit);Re({redirects:e.redirects,maxRedirects:e.maxRedirects,method:t,problemCode:e.problemCode});let r=V(e.redirectUrl,{problemCode:e.problemCode,validateUrl:e.validateUrl}),o=new URL(e.currentUrl),s=r.origin!==o.origin,i=r.toString();return{currentInput:i,currentUrl:i,currentInit:we(e.currentInit,t,e.signal,s,e.additionalCrossOriginStrippedHeaders),redirects:e.redirects+1}}n(ve,"followRedirect");async function M(e,t,r){let o=r.problemCode??"invalid_request",s=r.maxRedirects??de,i=r.maxResponseBytes??ue,c=r.timeoutMs??ce,m=r.fetchImpl??fetch,a=r.additionalCrossOriginStrippedHeaders??[],g=r.context,v=new AbortController,A=z(v,t.signal),B=!1,k=setTimeout(()=>{B=!0,v.abort()},c),R=e,x=Oe(e,t,v.signal),p;try{p=V(T(e),{problemCode:o,validateUrl:r.validateUrl}).toString()}catch(h){throw O(g,{event:"outbound_url_blocked",problemCode:o,method:y(e,t),host:b(T(e)),error:h}),clearTimeout(k),A?.(),h}let C=0;try{for(;;){let h=await ye(g,m,R,x,o,p,()=>B?`timeout_after_${c}ms`:void 0),I=be(h,p);if(I!==void 0)try{let f=ve({currentInput:R,currentInit:x,currentUrl:p,redirectUrl:I,redirects:C,maxRedirects:s,problemCode:o,validateUrl:r.validateUrl,signal:v.signal,additionalCrossOriginStrippedHeaders:a});R=f.currentInput,x=f.currentInit,p=f.currentUrl,C=f.redirects;continue}catch(f){throw O(g,{event:"outbound_redirect_blocked",problemCode:o,method:y(R,x),host:b(p),error:f,extra:{redirects:C,maxRedirects:s,redirectTargetHost:b(I)}}),f}try{return he(h,await pe(h,i,o))}catch(f){throw O(g,{event:"outbound_response_size_exceeded",problemCode:o,method:y(R,x),host:b(p),error:f,extra:{maxResponseBytes:i,status:h.status}}),f}}}finally{clearTimeout(k),A?.()}}n(M,"runSafeOutboundExchange");async function _(e,t,r){let o=await M(e,t,r);try{return{response:o,json:await o.clone().json()}}catch(s){throw O(r.context,{event:"outbound_json_parse_failed",problemCode:r.problemCode??"invalid_request",method:y(e,t),host:b(T(e)),error:s,extra:{status:o.status,contentType:o.headers.get("content-type")??void 0}}),new d({message:"Outbound JSON response could not be parsed.",extensionMembers:{[u]:r.problemCode??"invalid_request"}},{cause:s})}}n(_,"runSafeOutboundJsonExchange");function je(e,t={},r={}){return M(e,t,{...r,validateUrl:D})}n(je,"fetchConfiguredOutbound");function De(e,t={},r={}){return _(e,t,{...r,validateUrl:W})}n(De,"fetchIdentityProviderJson");function We(e,t={},r={}){return _(e,t,{...r,validateUrl:$})}n(We,"fetchCimdClientMetadataJson");function Je(e,t={},r={}){return _(e,t,{...r,validateUrl:Y})}n(Je,"fetchCimdClientJwksJson");function Ve(e){let t=H().browserLogin[e];if(typeof t=="string"&&t.length>0)return t;throw G("internal_server_error",`browserLogin.${e} is required for federated browser login. Set it on the mcp-oauth-inbound policy options.`)}n(Ve,"requireBrowserLoginField");export{D as a,$ as b,Y as c,K as d,je as e,De as f,We as g,Je as h,Ve as i};
|
|
26
|
+
//# sourceMappingURL=chunk-GK7ZF3JA.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["@zuplo/runtime/mcp-gateway/v2/runtime-utils/outbound-network-policy.ts","@zuplo/runtime/utils/abort-signal.ts","@zuplo/runtime/utils/bounded-stream.ts","@zuplo/runtime/mcp-gateway/v2/runtime-utils/safe-outbound-exchange.ts","@zuplo/runtime/mcp-gateway/v2/runtime-utils/outbound-http.ts","@zuplo/runtime/mcp-gateway/v2/downstream-oauth/browser-login-context.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;yLAOA,SAASA,EAAmBC,EAA+B,CACzD,OAAO,IAAIC,EAAa,CACtB,QAAAD,EACA,iBAAkB,CAChB,CAACE,CAAqC,EAAG,iBAC3C,CACF,CAAC,CACH,CAPSC,EAAAJ,EAAA,sBAiBT,SAASK,GAAiD,CACxD,IAAMC,EACJC,EAAY,iDACX,WACE,SAAS,KAAK,gDACnB,OAAO,OAAOD,GAAU,UAAYA,IAAU,GAChD,CANSF,EAAAC,EAAA,yCAQT,SAASG,GAAkD,CACzD,IAAMF,EACJC,EAAY,kDACX,WACE,SAAS,KAAK,iDACnB,OAAO,OAAOD,GAAU,UAAYA,IAAU,GAChD,CANSF,EAAAI,EAAA,0CA2BT,IAAMC,EAA0B,IAAI,IAAI,CAAC,YAAa,OAAQ,KAAK,CAAC,EAc7D,SAASC,EAA2BC,EAAUC,EAAsB,CACzE,GAAI,CAACD,EAAI,SACP,MAAMX,EACJ,2CAA2C,KAAK,UAAUY,CAAM,CAAC,yLAInE,EAGF,GAAIH,EAAwB,IAAIE,EAAI,SAAS,YAAY,CAAC,EACxD,MAAMX,EACJ,4BAA4B,KAAK,UAAUW,EAAI,QAAQ,CAAC,UAC7C,KAAK,UAAUC,CAAM,CAAC,6MAInC,CAEJ,CAnBgBR,EAAAM,EAAA,8BAqBhB,IAAMG,GAAyB,IAAI,IAAI,CACrC,YACA,kBACA,2BACA,UACF,CAAC,EASKC,GAA4C,CAChD,CAAE,MAAO,CAAE,EACX,CAAE,MAAO,EAAG,EACZ,CAAE,MAAO,GAAI,EACb,CAAE,MAAO,IAAK,UAAW,IAAK,UAAW,GAAI,EAC7C,CAAE,MAAO,IAAK,UAAW,GAAI,UAAW,EAAG,EAC3C,CAAE,MAAO,IAAK,UAAW,IAAK,UAAW,GAAI,EAI7C,CAAE,MAAO,IAAK,UAAW,GAAI,UAAW,GAAI,EAE5C,CAAE,MAAO,IAAK,SAAU,GAAI,EAI5B,CAAE,MAAO,IAAK,SAAU,GAAI,CAC9B,EAEA,SAASC,EACPC,EAC8C,CAC9C,GAAI,CAAC,uBAAuB,KAAKA,CAAQ,EACvC,OAGF,IAAMC,EAAWD,EAAS,MAAM,GAAG,EAAE,IAAKE,GAAY,OAAOA,CAAO,CAAC,EACrE,GACE,EAAAD,EAAS,SAAW,GACpBA,EAAS,KACNC,GAAY,OAAO,MAAMA,CAAO,GAAKA,EAAU,GAAKA,EAAU,GACjE,GAKF,OAAOD,CACT,CAlBSb,EAAAW,EAAA,mBAoBT,SAASI,GACP,CAACC,EAAOC,CAAM,EACdC,EACS,CACT,IAAMC,EAAWD,EAAM,UAAYA,EAAM,MACzC,OAAIF,EAAQE,EAAM,OAASF,EAAQG,EAC1B,GAGLD,EAAM,YAAc,QAAaA,EAAM,YAAc,OAChD,GAGFD,GAAUC,EAAM,WAAaD,GAAUC,EAAM,SACtD,CAdSlB,EAAAe,GAAA,oBAgBT,SAASK,EAAcR,EAA2B,CAChD,IAAMS,EAASV,EAAgBC,CAAQ,EAEvC,OACES,IAAW,QACXX,GAAoB,KAAMQ,GAAUH,GAAiBM,EAAQH,CAAK,CAAC,CAEvE,CAPSlB,EAAAoB,EAAA,iBAST,SAASE,EAAcC,EAAkD,CACvE,GAAI,CAACA,GAAYA,EAAS,OAAS,EACjC,OAGF,IAAMrB,EAAQ,OAAO,SAASqB,EAAU,EAAE,EAE1C,OAAO,OAAO,MAAMrB,CAAK,GAAKA,EAAQ,GAAKA,EAAQ,MAAS,OAAYA,CAC1E,CARSF,EAAAsB,EAAA,iBAUT,SAASE,GAAoBC,EAAcC,EAAqB,CAC9D,MAAO,CAAED,GAAQ,EAAK,IAAMA,EAAO,IAAOC,GAAO,EAAK,IAAMA,EAAM,GAAI,EAAE,KACtE,GACF,CACF,CAJS1B,EAAAwB,GAAA,uBAMT,SAASG,GAAoBC,EAAqC,CAChE,IAAMC,EAASD,EAAQ,MAAM,CAAgB,EACvCE,EAAenB,EAAgBkB,CAAM,EAC3C,GAAIC,IAAiB,OACnB,OAAOA,EAAa,KAAK,GAAG,EAG9B,GAAM,CAACC,EAASC,EAAQC,CAAK,EAAIJ,EAAO,MAAM,GAAG,EAC3CJ,EAAOH,EAAcS,CAAO,EAC5BL,EAAMJ,EAAcU,CAAM,EAEhC,OAAOC,IAAU,QAAaR,IAAS,QAAaC,IAAQ,OACxDF,GAAoBC,EAAMC,CAAG,EAC7B,MACN,CAdS1B,EAAA2B,GAAA,uBAgBT,SAASO,GAAoBN,EAAqC,CAChE,OAAON,EAAcM,EAAQ,MAAM,GAAG,EAAE,KAAK,OAAO,CAAC,CACvD,CAFS5B,EAAAkC,GAAA,uBAIT,SAASC,GAAcvB,EAA2B,CAChD,IAAMgB,EAAUQ,EAAkBxB,CAAQ,EAC1C,GAAI,CAACgB,EAAQ,SAAS,GAAG,EACvB,MAAO,GAGT,GAAIA,IAAY,MAAQA,IAAY,MAClC,MAAO,GAGT,GAAIA,EAAQ,WAAW,SAAS,EAAG,CACjC,IAAMS,EAAaV,GAAoBC,CAAO,EAC9C,OAAOS,IAAe,QAAajB,EAAciB,CAAU,CAC7D,CAEA,IAAMC,EAAmBJ,GAAoBN,CAAO,EACpD,OAAIU,IAAqB,OAChB,IAINA,EAAmB,SAAY,QAC/BA,EAAmB,SAAY,KAEpC,CAxBStC,EAAAmC,GAAA,iBA0BT,SAASI,EAA0B3B,EAA2B,CAC5D,IAAM4B,EAAqBJ,EAAkBxB,CAAQ,EAErD,OACEH,GAAuB,IAAI+B,CAAkB,GAC7CA,EAAmB,SAAS,WAAW,GACvCpB,EAAcoB,CAAkB,GAChCL,GAAcK,CAAkB,CAEpC,CATSxC,EAAAuC,EAAA,6BAWF,SAASE,EAA8BjC,EAAqB,CACjE,IAAMD,EAAM,IAAI,IAAIC,CAAM,EAK1B,GAAID,EAAI,WAAa,UAAYA,EAAI,WAAa,QAChD,MAAMX,EAAmB,kCAAkCW,EAAI,QAAQ,EAAE,EAE3ED,EAA2BC,EAAKC,CAAM,EAEtC,IAAMkC,EAAiBC,EAAkBpC,CAAG,EAC5C,GAAIA,EAAI,WAAa,SAAW,CAACmC,EAC/B,MAAM9C,EACJ,2DACF,EAGF,IAAMgB,EAAWwB,EAAkB7B,EAAI,QAAQ,EAC/C,GAAI,CAACmC,GAAkBH,EAA0B3B,CAAQ,EACvD,MAAMhB,EAAmB,0BAA0BgB,CAAQ,EAAE,EAG/D,OAAOL,CACT,CAxBgBP,EAAAyC,EAAA,iCA0BT,SAASG,EAA4BpC,EAAqB,CAC/D,IAAMD,EAAM,IAAI,IAAIC,CAAM,EACpBkC,EAAiBC,EAAkBpC,CAAG,EAQtCsC,EACJH,GAAkBzC,EAAsC,EAE1D,GAAIM,EAAI,WAAa,UAAY,CAACsC,EAChC,MAAMjD,EAAmB,wCAAwC,EAGnE,GAAIW,EAAI,UAAYA,EAAI,UAAYA,EAAI,QAAUA,EAAI,KACpD,MAAMX,EACJ,kFACF,EAKFU,EAA2BC,EAAKC,CAAM,EAEtC,IAAMI,EAAWwB,EAAkB7B,EAAI,QAAQ,EAC/C,GAAI,CAACmC,GAAkBH,EAA0B3B,CAAQ,EACvD,MAAMhB,EAAmB,mCAAmCgB,CAAQ,EAAE,EAGxE,OAAOL,CACT,CAjCgBP,EAAA4C,EAAA,+BAmChB,SAASE,EACPtC,EACAuC,EACK,CACL,IAAMxC,EAAM,IAAI,IAAIC,CAAM,EACpBwC,EACJzC,EAAI,WAAa,SACjBoC,EAAkBpC,CAAG,GACrBH,EAAuC,EAEzC,GACGG,EAAI,WAAa,UAAY,CAACyC,GAC/BzC,EAAI,WAAa,KACjBA,EAAI,UACJA,EAAI,UACJA,EAAI,KAEJ,MAAMX,EACJ,QAAQmD,CAAS,mEACnB,EASF,GAFAzC,EAA2BC,EAAKC,CAAM,EAElC,CAACwC,GAAsBT,EAA0BhC,EAAI,QAAQ,EAC/D,MAAMX,EAAmB,QAAQmD,CAAS,4BAA4B,EAQxE,OAAOxC,CACT,CAtCSP,EAAA8C,EAAA,mBAwCF,SAASG,EAA8BzC,EAAqB,CACjE,OAAOsC,EAAgBtC,EAAQ,WAAW,CAC5C,CAFgBR,EAAAiD,EAAA,iCAIT,SAASC,EAA0B1C,EAAqB,CAC7D,OAAOsC,EAAgBtC,EAAQ,UAAU,CAC3C,CAFgBR,EAAAkD,EAAA,6BCpVT,SAASC,EACdC,EACAC,EAC0B,CAC1B,GAAI,CAACA,EACH,OAGF,GAAIA,EAAO,QAAS,CAClBD,EAAW,MAAMC,EAAO,MAAM,EAC9B,MACF,CAEA,IAAMC,EAAQC,EAAA,IAAMH,EAAW,MAAMC,EAAO,MAAM,EAApC,SACd,OAAAA,EAAO,iBAAiB,QAASC,EAAO,CAAE,KAAM,EAAK,CAAC,EAE/C,IAAMD,EAAO,oBAAoB,QAASC,CAAK,CACxD,CAjBgBC,EAAAJ,EAAA,qBCLhB,eAAeK,GACbC,EACe,CACf,GAAI,CACF,MAAMA,EAAO,OAAO,CACtB,MAAQ,CAER,CACF,CAReC,EAAAF,GAAA,gBAkBf,eAAsBG,EACpBC,EACAC,EACqB,CACrB,GAAI,CAACD,EACH,OAAO,IAAI,WAGb,IAAMH,EAASG,EAAO,UAAU,EAC1BE,EAAuB,CAAC,EAC1BC,EAAgB,EAEhBC,EAAY,MAAMP,EAAO,KAAK,EAClC,KAAO,CAACO,EAAU,MAAM,CACtB,IAAMC,EAAQD,EAAU,MAExB,GADAD,GAAiBE,EAAM,WACnBF,EAAgBF,EAAQ,SAC1B,YAAML,GAAaC,CAAM,EACnBI,EAAQ,iBAAiB,EAGjCC,EAAO,KAAKG,CAAK,EACjBD,EAAY,MAAMP,EAAO,KAAK,CAChC,CAEA,IAAMS,EAAO,IAAI,WAAWH,CAAa,EACrCI,EAAS,EACb,QAAWC,KAASN,EAClBI,EAAK,IAAIE,EAAOD,CAAM,EACtBA,GAAUC,EAAM,WAGlB,OAAOF,CACT,CAjCsBR,EAAAC,EAAA,yBCuBtB,IAAMU,GAAwB,EACxBC,GAA6B,KAAO,KACpCC,GAAqB,IACrBC,GAAoB,IAAI,IAAI,CAAC,IAAK,IAAK,IAAK,IAAK,GAAG,CAAC,EACrDC,GAAmD,CACvD,gBACA,sBACA,SACA,SACF,EAEA,SAASC,EAAeC,EAA4C,CAClE,OAAI,OAAOA,GAAU,SACZA,EAGLA,aAAiB,IACZA,EAAM,SAAS,EAGjBA,EAAM,GACf,CAVSC,EAAAF,EAAA,kBAYT,SAASG,EACPF,EACAG,EACQ,CACR,OAAIA,GAAM,SAAW,OACZA,EAAK,OAAO,YAAY,EAG7BH,aAAiB,QACZA,EAAM,OAAO,YAAY,EAG3B,KACT,CAbSC,EAAAC,EAAA,qBAeT,SAASE,GACPC,EACAC,EACAC,EACM,CACN,IAAMC,EAAgBH,EAAS,QAAQ,IAAI,gBAAgB,EAC3D,GAAI,CAACG,EACH,OAGF,IAAMC,EAAS,OAAO,SAASD,EAAe,EAAE,EAChD,GAAI,OAAO,SAASC,CAAM,GAAKA,EAASH,EACtC,MAAM,IAAII,EAAa,CACrB,QAAS,uDACT,iBAAkB,CAChB,CAACC,CAAqC,EAAGJ,CAC3C,CACF,CAAC,CAEL,CAnBSN,EAAAG,GAAA,kCAqBT,eAAeQ,GACbP,EACAC,EACAC,EACqB,CACrB,OAAAH,GAA+BC,EAAUC,EAAkBC,CAAW,EAE/DM,EAAsBR,EAAS,KAAM,CAC1C,SAAUC,EACV,iBAAkBL,EAAA,IAChB,IAAIS,EAAa,CACf,QAAS,uDACT,iBAAkB,CAChB,CAACC,CAAqC,EAAGJ,CAC3C,CACF,CAAC,EANe,mBAOpB,CAAC,CACH,CAjBeN,EAAAW,GAAA,2BAmBf,SAASE,GACPT,EACAU,EACU,CACV,IAAMC,EAAc,IAAI,YAAYD,EAAK,UAAU,EACnD,WAAI,WAAWC,CAAW,EAAE,IAAID,CAAI,EAE7B,IAAI,SAASC,EAAa,CAC/B,OAAQX,EAAS,OACjB,WAAYA,EAAS,WACrB,QAASA,EAAS,OACpB,CAAC,CACH,CAZSJ,EAAAa,GAAA,4BAcT,SAASG,GACPZ,EACAa,EACoB,CACpB,GAAI,CAACrB,GAAkB,IAAIQ,EAAS,MAAM,EACxC,OAGF,IAAMc,EAAWd,EAAS,QAAQ,IAAI,UAAU,EAChD,GAAKc,EAIL,OAAO,IAAI,IAAIA,EAAUD,CAAO,EAAE,SAAS,CAC7C,CAdSjB,EAAAgB,GAAA,sBAgBT,SAASG,EACPC,EACAC,EAIK,CACL,GAAI,CACF,OAAOA,EAAQ,YAAYD,CAAM,CACnC,OAASE,EAAO,CACd,MAAM,IAAIb,EACR,CACE,QAAS,gCACT,iBAAkB,CAChB,CAACC,CAAqC,EAAGW,EAAQ,WACnD,CACF,EACA,CAAE,MAAOC,CAAM,CACjB,CACF,CACF,CApBStB,EAAAmB,EAAA,uBAsBT,SAASI,GACPD,EACAhB,EACO,CACP,MACEgB,aAAiBb,GACjBe,EACEF,EAAM,mBAAmBZ,CAAqC,CAChE,EAEMY,EAGF,IAAIb,EACR,CACE,QAAS,yBACT,iBAAkB,CAChB,CAACC,CAAqC,EAAGJ,CAC3C,CACF,EACA,CAAE,MAAOgB,CAAM,CACjB,CACF,CAtBStB,EAAAuB,GAAA,uBAwBT,SAASE,EACPC,EACAL,EAQM,CACN,GAAIK,IAAY,OACd,OAEF,IAAMC,EAAoD,CACxD,MAAON,EAAQ,MACf,KAAMA,EAAQ,YACd,OAAQA,EAAQ,MAClB,EAIA,GAHIA,EAAQ,OAAS,SACnBM,EAAO,KAAON,EAAQ,MAEpBA,EAAQ,QAAU,OACpB,OAAW,CAACO,EAAKC,CAAK,IAAK,OAAO,QAAQR,EAAQ,KAAK,EACjDQ,IAAU,SACZF,EAAOC,CAAG,EAAIC,GAIhBR,EAAQ,QAAU,QACpBS,EAAkBH,EAAQ,QAASN,EAAQ,KAAK,EAElDK,EAAQ,IAAI,KAAKC,EAAQ,iCAAiC,CAC5D,CAjCS3B,EAAAyB,EAAA,sBAmCT,eAAeM,GACbL,EACAM,EACAjC,EACAG,EACAI,EACA2B,EACAC,EACmB,CACnB,IAAMC,EAASlC,EAAkBF,EAAOG,CAAI,EAC5C,GAAI,CACF,OAAO,MAAM8B,EAAUjC,EAAOG,CAAI,CACpC,OAASoB,EAAO,CACd,IAAMc,EACJd,aAAiB,cAAgBA,EAAM,OAAS,aAClDG,EAAmBC,EAAS,CAC1B,MAAOU,EAAU,yBAA2B,wBAC5C,YAAA9B,EACA,OAAA6B,EACA,KAAME,EAASJ,CAAG,EAClB,MAAAX,EACA,MAAO,CAAE,YAAaY,EAAY,CAAE,CACtC,CAAC,EACDX,GAAoBD,EAAOhB,CAAW,CACxC,CACF,CAzBeN,EAAA+B,GAAA,4BA2Bf,SAASO,GAAsBvC,EAKtB,CACP,GAAIA,EAAM,WAAaA,EAAM,aAC3B,MAAM,IAAIU,EAAa,CACrB,QAAS,yDACT,iBAAkB,CAChB,CAACC,CAAqC,EAAGX,EAAM,WACjD,CACF,CAAC,EAGH,GAAIA,EAAM,SAAW,OAASA,EAAM,SAAW,OAC7C,MAAM,IAAIU,EAAa,CACrB,QAAS,gEACT,iBAAkB,CAChB,CAACC,CAAqC,EAAGX,EAAM,WACjD,CACF,CAAC,CAEL,CAvBSC,EAAAsC,GAAA,yBAyBT,SAASC,GACPC,EACAC,EACS,CACT,IAAMC,EAAW,IAAI,QAAQF,CAAO,EACpC,QAAWG,KAAc9C,GACvB6C,EAAS,OAAOC,CAAU,EAE5B,QAAWA,KAAcF,EACvBC,EAAS,OAAOC,CAAU,EAG5B,OAAOD,CACT,CAbS1C,EAAAuC,GAAA,2BAeT,SAASK,GACPC,EACAV,EACAW,EACAC,EACAN,EACa,CACb,IAAMO,EAAoB,CACxB,GAAGH,EACH,OAAAV,EACA,SAAU,SACV,OAAAW,CACF,EAEA,OAAIC,IACFC,EAAK,QAAUT,GACbM,EAAa,QACbJ,CACF,GAGKO,CACT,CAtBShD,EAAA4C,GAAA,qBAwBT,SAASK,GACPlD,EACAG,EACA4C,EACa,CACb,IAAME,EAAoB,CACxB,GAAG9C,EACH,SAAU,SACV,OAAA4C,CACF,EAEA,OAAIE,EAAK,UAAY,QAAajD,aAAiB,UACjDiD,EAAK,QAAUjD,EAAM,SAGhBiD,CACT,CAhBShD,EAAAiD,GAAA,2BAkBT,SAASC,GAAenD,EAgBtB,CACA,IAAMoC,EAASlC,EAAkBF,EAAM,aAAcA,EAAM,WAAW,EACtEuC,GAAsB,CACpB,UAAWvC,EAAM,UACjB,aAAcA,EAAM,aACpB,OAAAoC,EACA,YAAapC,EAAM,WACrB,CAAC,EACD,IAAMoD,EAAUhC,EAAoBpB,EAAM,YAAa,CACrD,YAAaA,EAAM,YACnB,YAAaA,EAAM,WACrB,CAAC,EACKqD,EAAc,IAAI,IAAIrD,EAAM,UAAU,EACtCgD,EAAgBI,EAAQ,SAAWC,EAAY,OAC/CC,EAAgBF,EAAQ,SAAS,EAEvC,MAAO,CACL,aAAcE,EACd,WAAYA,EACZ,YAAaT,GACX7C,EAAM,YACNoC,EACApC,EAAM,OACNgD,EACAhD,EAAM,oCACR,EACA,UAAWA,EAAM,UAAY,CAC/B,CACF,CA5CSC,EAAAkD,GAAA,kBA8CT,eAAsBI,EACpBvD,EACAG,EACAmB,EACmB,CACnB,IAAMf,EAAce,EAAQ,aAAe,kBACrCkC,EAAelC,EAAQ,cAAgB5B,GACvCY,EACJgB,EAAQ,kBAAoB3B,GACxB8D,EAAYnC,EAAQ,WAAa1B,GACjCqC,EAAYX,EAAQ,WAAa,MACjCoC,EACJpC,EAAQ,sCAAwC,CAAC,EAC7CK,EAAUL,EAAQ,QAElBqC,EAAa,IAAI,gBACjBC,EAAuBC,EAAkBF,EAAYxD,EAAK,MAAM,EAClE2D,EAAW,GACTC,EAAU,WAAW,IAAM,CAC/BD,EAAW,GACXH,EAAW,MAAM,CACnB,EAAGF,CAAS,EACRO,EAAehE,EACfiE,EAAcf,GAAwBlD,EAAOG,EAAMwD,EAAW,MAAM,EACpEO,EACJ,GAAI,CACFA,EAAa9C,EAAoBrB,EAAeC,CAAK,EAAG,CACtD,YAAAO,EACA,YAAae,EAAQ,WACvB,CAAC,EAAE,SAAS,CACd,OAASC,EAAO,CACd,MAAAG,EAAmBC,EAAS,CAC1B,MAAO,uBACP,YAAApB,EACA,OAAQL,EAAkBF,EAAOG,CAAI,EACrC,KAAMmC,EAASvC,EAAeC,CAAK,CAAC,EACpC,MAAAuB,CACF,CAAC,EACD,aAAawC,CAAO,EACpBH,IAAuB,EACjBrC,CACR,CACA,IAAI4C,EAAY,EAEhB,GAAI,CACF,OAAa,CACX,IAAM9D,EAAW,MAAM2B,GACrBL,EACAM,EACA+B,EACAC,EACA1D,EACA2D,EACA,IAAOJ,EAAW,iBAAiBL,CAAS,KAAO,MACrD,EAEMW,EAAcnD,GAAmBZ,EAAU6D,CAAU,EAC3D,GAAIE,IAAgB,OAClB,GAAI,CACF,IAAMnB,EAAOE,GAAe,CAC1B,aAAAa,EACA,YAAAC,EACA,WAAAC,EACA,YAAAE,EACA,UAAAD,EACA,aAAAX,EACA,YAAAjD,EACA,YAAae,EAAQ,YACrB,OAAQqC,EAAW,OACnB,qCAAAD,CACF,CAAC,EACDM,EAAef,EAAK,aACpBgB,EAAchB,EAAK,YACnBiB,EAAajB,EAAK,WAClBkB,EAAYlB,EAAK,UACjB,QACF,OAAS1B,EAAO,CACd,MAAAG,EAAmBC,EAAS,CAC1B,MAAO,4BACP,YAAApB,EACA,OAAQL,EAAkB8D,EAAcC,CAAW,EACnD,KAAM3B,EAAS4B,CAAU,EACzB,MAAA3C,EACA,MAAO,CACL,UAAA4C,EACA,aAAAX,EACA,mBAAoBlB,EAAS8B,CAAW,CAC1C,CACF,CAAC,EACK7C,CACR,CAGF,GAAI,CACF,OAAOT,GACLT,EACA,MAAMO,GAAwBP,EAAUC,EAAkBC,CAAW,CACvE,CACF,OAASgB,EAAO,CACd,MAAAG,EAAmBC,EAAS,CAC1B,MAAO,kCACP,YAAApB,EACA,OAAQL,EAAkB8D,EAAcC,CAAW,EACnD,KAAM3B,EAAS4B,CAAU,EACzB,MAAA3C,EACA,MAAO,CAAE,iBAAAjB,EAAkB,OAAQD,EAAS,MAAO,CACrD,CAAC,EACKkB,CACR,CACF,CACF,QAAE,CACA,aAAawC,CAAO,EACpBH,IAAuB,CACzB,CACF,CAlHsB3D,EAAAsD,EAAA,2BAoHtB,eAAsBc,EACpBrE,EACAG,EACAmB,EACgD,CAChD,IAAMjB,EAAW,MAAMkD,EAAwBvD,EAAOG,EAAMmB,CAAO,EAEnE,GAAI,CACF,MAAO,CACL,SAAAjB,EACA,KAAM,MAAMA,EAAS,MAAM,EAAE,KAAK,CACpC,CACF,OAASkB,EAAO,CACd,MAAAG,EAAmBJ,EAAQ,QAAS,CAClC,MAAO,6BACP,YAAaA,EAAQ,aAAe,kBACpC,OAAQpB,EAAkBF,EAAOG,CAAI,EACrC,KAAMmC,EAASvC,EAAeC,CAAK,CAAC,EACpC,MAAAuB,EACA,MAAO,CACL,OAAQlB,EAAS,OACjB,YAAaA,EAAS,QAAQ,IAAI,cAAc,GAAK,MACvD,CACF,CAAC,EACK,IAAIK,EACR,CACE,QAAS,8CACT,iBAAkB,CAChB,CAACC,CAAqC,EACpCW,EAAQ,aAAe,iBAC3B,CACF,EACA,CAAE,MAAOC,CAAM,CACjB,CACF,CACF,CAnCsBtB,EAAAoE,EAAA,+BC1ef,SAASC,GACdC,EACAC,EAAoB,CAAC,EACrBC,EAAgC,CAAC,EACd,CACnB,OAAOC,EAAwBH,EAAOC,EAAM,CAC1C,GAAGC,EACH,YAAaE,CACf,CAAC,CACH,CATgBC,EAAAN,GAAA,2BAiCT,SAASO,GACdC,EACAC,EAAoB,CAAC,EACrBC,EAAgC,CAAC,EACe,CAChD,OAAOC,EAA4BH,EAAOC,EAAM,CAC9C,GAAGC,EACH,YAAaE,CACf,CAAC,CACH,CATgBC,EAAAN,GAAA,6BAWT,SAASO,GACdN,EACAC,EAAoB,CAAC,EACrBC,EAAgC,CAAC,EACe,CAChD,OAAOC,EAA4BH,EAAOC,EAAM,CAC9C,GAAGC,EACH,YAAaK,CACf,CAAC,CACH,CATgBF,EAAAC,GAAA,+BAWT,SAASE,GACdR,EACAC,EAAoB,CAAC,EACrBC,EAAgC,CAAC,EACe,CAChD,OAAOC,EAA4BH,EAAOC,EAAM,CAC9C,GAAGC,EACH,YAAaO,CACf,CAAC,CACH,CATgBJ,EAAAG,GAAA,2BCvDT,SAASE,GAAyBC,EAAkC,CACzE,IAAMC,EAAQC,EAAsB,EAAE,aAAaF,CAAK,EACxD,GAAI,OAAOC,GAAU,UAAYA,EAAM,OAAS,EAC9C,OAAOA,EAGT,MAAME,EACJ,wBACA,gBAAgBH,CAAK,2FACvB,CACF,CAVgBI,EAAAL,GAAA","names":["invalidOutboundUrl","message","RuntimeError","GATEWAY_PROBLEM_CODE_EXTENSION_MEMBER","__name","isTestOnlyAllowHttpLoopbackIdpEnabled","value","environment","isTestOnlyAllowHttpLoopbackCimdEnabled","HOSTNAME_LOOKS_LIKE_BUG","assertSafeOutboundHostname","url","rawUrl","BLOCKED_OUTBOUND_HOSTS","PRIVATE_IPV4_RANGES","parseIpv4Octets","hostname","segments","segment","ipv4RangeMatches","first","second","range","firstMax","isPrivateIpv4","octets","parseIpv6Word","rawValue","formatIpv4FromWords","high","low","parseIpv6MappedIpv4","literal","suffix","dottedOctets","highRaw","lowRaw","extra","readFirstIpv6Hextet","isPrivateIpv6","normalizeHostname","mappedIpv4","firstHextetValue","isBlockedOutboundHostname","normalizedHostname","validateConfiguredOutboundUrl","isLoopbackHttp","isLoopbackHttpUrl","validateIdentityProviderUrl","allowLoopbackHttpForTests","validateCimdUrl","fieldName","isTestLoopbackHttp","validateCimdClientMetadataUrl","validateCimdClientJwksUrl","mergeAbortSignals","controller","signal","abort","__name","cancelReader","reader","__name","readBoundedByteStream","stream","options","chunks","receivedBytes","nextChunk","value","body","offset","chunk","DEFAULT_MAX_REDIRECTS","DEFAULT_MAX_RESPONSE_BYTES","DEFAULT_TIMEOUT_MS","REDIRECT_STATUSES","CROSS_ORIGIN_STRIPPED_HEADERS","readRequestUrl","input","__name","readRequestMethod","init","assertContentLengthWithinLimit","response","maxResponseBytes","problemCode","contentLength","parsed","RuntimeError","GATEWAY_PROBLEM_CODE_EXTENSION_MEMBER","readBoundedResponseBody","readBoundedByteStream","responseFromBufferedBody","body","arrayBuffer","resolveRedirectUrl","baseUrl","location","validateOutboundUrl","rawUrl","options","error","normalizeFetchError","isGatewayProblemCode","logOutboundFailure","context","fields","key","value","addErrorLogFields","fetchWithNormalizedError","fetchImpl","url","abortReason","method","isAbort","safeHost","assertRedirectAllowed","stripCrossOriginHeaders","headers","additionalStrippedHeaders","stripped","headerName","buildRedirectInit","previousInit","signal","isCrossOrigin","next","buildInitialRequestInit","followRedirect","nextUrl","previousUrl","nextUrlString","runSafeOutboundExchange","maxRedirects","timeoutMs","additionalCrossOriginStrippedHeaders","controller","removeSignalListener","mergeAbortSignals","timedOut","timeout","currentInput","currentInit","currentUrl","redirects","redirectUrl","runSafeOutboundJsonExchange","fetchConfiguredOutbound","input","init","options","runSafeOutboundExchange","validateConfiguredOutboundUrl","__name","fetchIdentityProviderJson","input","init","options","runSafeOutboundJsonExchange","validateIdentityProviderUrl","__name","fetchCimdClientMetadataJson","validateCimdClientMetadataUrl","fetchCimdClientJwksJson","validateCimdClientJwksUrl","requireBrowserLoginField","field","value","getGatewayOAuthConfig","createGatewayRuntimeError","__name"]}
|