alepha 0.13.7 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -2
- package/assets/swagger-ui/swagger-ui-bundle.js +1 -1
- package/assets/swagger-ui/swagger-ui-standalone-preset.js +1 -1
- package/assets/swagger-ui/swagger-ui.css +1 -1
- package/dist/{api-audits → api/audits}/index.browser.js +4 -4
- package/dist/api/audits/index.browser.js.map +1 -0
- package/dist/{api-audits → api/audits}/index.d.ts +10 -9
- package/dist/api/audits/index.d.ts.map +1 -0
- package/dist/{api-audits → api/audits}/index.js +8 -8
- package/dist/api/audits/index.js.map +1 -0
- package/dist/{api-files → api/files}/index.browser.js +5 -5
- package/dist/api/files/index.browser.js.map +1 -0
- package/dist/{api-files → api/files}/index.d.ts +18 -10
- package/dist/api/files/index.d.ts.map +1 -0
- package/dist/{api-files → api/files}/index.js +10 -10
- package/dist/api/files/index.js.map +1 -0
- package/dist/{api-jobs → api/jobs}/index.browser.js +5 -5
- package/dist/api/jobs/index.browser.js.map +1 -0
- package/dist/{api-jobs → api/jobs}/index.d.ts +168 -167
- package/dist/api/jobs/index.d.ts.map +1 -0
- package/dist/{api-jobs → api/jobs}/index.js +9 -9
- package/dist/api/jobs/index.js.map +1 -0
- package/dist/{api-notifications → api/notifications}/index.browser.js +11 -11
- package/dist/api/notifications/index.browser.js.map +1 -0
- package/dist/api/notifications/index.d.ts +327 -0
- package/dist/api/notifications/index.d.ts.map +1 -0
- package/dist/{api-notifications → api/notifications}/index.js +11 -11
- package/dist/api/notifications/index.js.map +1 -0
- package/dist/{api-parameters → api/parameters}/index.browser.js +2 -2
- package/dist/api/parameters/index.browser.js.map +1 -0
- package/dist/{api-parameters → api/parameters}/index.d.ts +11 -11
- package/dist/api/parameters/index.d.ts.map +1 -0
- package/dist/{api-parameters → api/parameters}/index.js +7 -7
- package/dist/api/parameters/index.js.map +1 -0
- package/dist/{api-users → api/users}/index.browser.js +6 -6
- package/dist/api/users/index.browser.js.map +1 -0
- package/dist/{api-users → api/users}/index.d.ts +836 -836
- package/dist/api/users/index.d.ts.map +1 -0
- package/dist/{api-users → api/users}/index.js +99 -766
- package/dist/api/users/index.js.map +1 -0
- package/dist/{api-verifications → api/verifications}/index.browser.js +5 -5
- package/dist/api/verifications/index.browser.js.map +1 -0
- package/dist/api/verifications/index.d.ts +248 -0
- package/dist/api/verifications/index.d.ts.map +1 -0
- package/dist/{api-verifications → api/verifications}/index.js +11 -11
- package/dist/api/verifications/index.js.map +1 -0
- package/dist/batch/index.d.ts.map +1 -0
- package/dist/bucket/index.d.ts.map +1 -0
- package/dist/cache/{index.d.ts → core/index.d.ts} +4 -4
- package/dist/cache/core/index.d.ts.map +1 -0
- package/dist/cache/{index.js → core/index.js} +5 -5
- package/dist/cache/core/index.js.map +1 -0
- package/dist/{cache-redis → cache/redis}/index.d.ts +2 -2
- package/dist/cache/redis/index.d.ts.map +1 -0
- package/dist/{cache-redis → cache/redis}/index.js +2 -2
- package/dist/cache/redis/index.js.map +1 -0
- package/dist/cli/index.d.ts +78 -58
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +454 -154
- package/dist/cli/index.js.map +1 -1
- package/dist/command/index.d.ts +15 -5
- package/dist/command/index.d.ts.map +1 -0
- package/dist/command/index.js +45 -6
- package/dist/command/index.js.map +1 -1
- package/dist/core/index.browser.js +1334 -1318
- package/dist/core/index.browser.js.map +1 -1
- package/dist/core/index.d.ts +75 -71
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +1337 -1321
- package/dist/core/index.js.map +1 -1
- package/dist/core/index.native.js +1337 -1321
- package/dist/core/index.native.js.map +1 -1
- package/dist/datetime/index.d.ts.map +1 -0
- package/dist/email/index.d.ts.map +1 -0
- package/dist/fake/index.d.ts.map +1 -0
- package/dist/file/index.d.ts.map +1 -0
- package/dist/lock/{index.d.ts → core/index.d.ts} +5 -5
- package/dist/lock/core/index.d.ts.map +1 -0
- package/dist/lock/{index.js → core/index.js} +5 -5
- package/dist/lock/core/index.js.map +1 -0
- package/dist/{lock-redis → lock/redis}/index.d.ts +2 -2
- package/dist/lock/redis/index.d.ts.map +1 -0
- package/dist/{lock-redis → lock/redis}/index.js +2 -2
- package/dist/lock/redis/index.js.map +1 -0
- package/dist/logger/index.d.ts +1 -0
- package/dist/logger/index.d.ts.map +1 -0
- package/dist/mcp/index.d.ts +820 -0
- package/dist/mcp/index.d.ts.map +1 -0
- package/dist/mcp/index.js +978 -0
- package/dist/mcp/index.js.map +1 -0
- package/dist/orm/index.d.ts +180 -107
- package/dist/orm/index.d.ts.map +1 -0
- package/dist/orm/index.js +260 -174
- package/dist/orm/index.js.map +1 -1
- package/dist/queue/core/index.d.ts +548 -0
- package/dist/queue/core/index.d.ts.map +1 -0
- package/dist/queue/core/index.js +391 -0
- package/dist/queue/core/index.js.map +1 -0
- package/dist/queue/redis/index.d.ts +28 -0
- package/dist/queue/redis/index.d.ts.map +1 -0
- package/dist/queue/redis/index.js +43 -0
- package/dist/queue/redis/index.js.map +1 -0
- package/dist/redis/index.d.ts.map +1 -0
- package/dist/retry/index.d.ts.map +1 -0
- package/dist/router/index.d.ts.map +1 -0
- package/dist/scheduler/index.d.ts +1 -1
- package/dist/scheduler/index.d.ts.map +1 -0
- package/dist/scheduler/index.js +1 -393
- package/dist/scheduler/index.js.map +1 -1
- package/dist/security/index.d.ts +1 -1
- package/dist/security/index.d.ts.map +1 -0
- package/dist/security/index.js +2 -1413
- package/dist/security/index.js.map +1 -1
- package/dist/{server-auth → server/auth}/index.browser.js +6 -6
- package/dist/server/auth/index.browser.js.map +1 -0
- package/dist/{server-auth → server/auth}/index.d.ts +167 -167
- package/dist/server/auth/index.d.ts.map +1 -0
- package/dist/server/auth/index.js +742 -0
- package/dist/server/auth/index.js.map +1 -0
- package/dist/{server-cache → server/cache}/index.d.ts +2 -2
- package/dist/server/cache/index.d.ts.map +1 -0
- package/dist/{server-cache → server/cache}/index.js +2 -2
- package/dist/server/cache/index.js.map +1 -0
- package/dist/{server-compress → server/compress}/index.d.ts +2 -2
- package/dist/server/compress/index.d.ts.map +1 -0
- package/dist/{server-compress → server/compress}/index.js +2 -2
- package/dist/server/compress/index.js.map +1 -0
- package/dist/{server-cookies → server/cookies}/index.browser.js +3 -3
- package/dist/server/cookies/index.browser.js.map +1 -0
- package/dist/{server-cookies → server/cookies}/index.d.ts +4 -4
- package/dist/server/cookies/index.d.ts.map +1 -0
- package/dist/{server-cookies → server/cookies}/index.js +4 -4
- package/dist/server/cookies/index.js.map +1 -0
- package/dist/server/{index.browser.js → core/index.browser.js} +14 -14
- package/dist/server/core/index.browser.js.map +1 -0
- package/dist/server/{index.d.ts → core/index.d.ts} +36 -36
- package/dist/server/core/index.d.ts.map +1 -0
- package/dist/server/{index.js → core/index.js} +27 -27
- package/dist/server/core/index.js.map +1 -0
- package/dist/{server-cors → server/cors}/index.d.ts +3 -3
- package/dist/server/cors/index.d.ts.map +1 -0
- package/dist/{server-cors → server/cors}/index.js +3 -3
- package/dist/server/cors/index.js.map +1 -0
- package/dist/{server-health → server/health}/index.d.ts +3 -3
- package/dist/server/health/index.d.ts.map +1 -0
- package/dist/{server-health → server/health}/index.js +3 -3
- package/dist/server/health/index.js.map +1 -0
- package/dist/{server-helmet → server/helmet}/index.d.ts +2 -2
- package/dist/server/helmet/index.d.ts.map +1 -0
- package/dist/{server-helmet → server/helmet}/index.js +2 -2
- package/dist/server/helmet/index.js.map +1 -0
- package/dist/{server-links → server/links}/index.browser.js +5 -5
- package/dist/server/links/index.browser.js.map +1 -0
- package/dist/{server-links → server/links}/index.d.ts +40 -40
- package/dist/server/links/index.d.ts.map +1 -0
- package/dist/{server-links → server/links}/index.js +7 -7
- package/dist/server/links/index.js.map +1 -0
- package/dist/{server-metrics → server/metrics}/index.d.ts +2 -2
- package/dist/server/metrics/index.d.ts.map +1 -0
- package/dist/server/metrics/index.js +74 -0
- package/dist/server/metrics/index.js.map +1 -0
- package/dist/{server-multipart → server/multipart}/index.d.ts +2 -2
- package/dist/server/multipart/index.d.ts.map +1 -0
- package/dist/{server-multipart → server/multipart}/index.js +2 -2
- package/dist/server/multipart/index.js.map +1 -0
- package/dist/{server-proxy → server/proxy}/index.d.ts +3 -3
- package/dist/server/proxy/index.d.ts.map +1 -0
- package/dist/{server-proxy → server/proxy}/index.js +3 -3
- package/dist/server/proxy/index.js.map +1 -0
- package/dist/{server-rate-limit → server/rate-limit}/index.d.ts +4 -4
- package/dist/server/rate-limit/index.d.ts.map +1 -0
- package/dist/{server-rate-limit → server/rate-limit}/index.js +4 -4
- package/dist/server/rate-limit/index.js.map +1 -0
- package/dist/{server-security → server/security}/index.browser.js +1 -1
- package/dist/server/security/index.browser.js.map +1 -0
- package/dist/{server-security → server/security}/index.d.ts +4 -4
- package/dist/server/security/index.d.ts.map +1 -0
- package/dist/{server-security → server/security}/index.js +4 -4
- package/dist/server/security/index.js.map +1 -0
- package/dist/{server-static → server/static}/index.d.ts +3 -3
- package/dist/server/static/index.d.ts.map +1 -0
- package/dist/{server-static → server/static}/index.js +3 -3
- package/dist/server/static/index.js.map +1 -0
- package/dist/{server-swagger → server/swagger}/index.d.ts +3 -3
- package/dist/server/swagger/index.d.ts.map +1 -0
- package/dist/{server-swagger → server/swagger}/index.js +4 -4
- package/dist/server/swagger/index.js.map +1 -0
- package/dist/sms/index.d.ts.map +1 -0
- package/dist/thread/index.d.ts.map +1 -0
- package/dist/topic/{index.d.ts → core/index.d.ts} +6 -6
- package/dist/topic/core/index.d.ts.map +1 -0
- package/dist/topic/{index.js → core/index.js} +6 -6
- package/dist/topic/core/index.js.map +1 -0
- package/dist/{topic-redis → topic/redis}/index.d.ts +2 -2
- package/dist/topic/redis/index.d.ts.map +1 -0
- package/dist/{topic-redis → topic/redis}/index.js +2 -2
- package/dist/topic/redis/index.js.map +1 -0
- package/dist/vite/index.d.ts +21 -2
- package/dist/vite/index.d.ts.map +1 -0
- package/dist/vite/index.js +48 -19
- package/dist/vite/index.js.map +1 -1
- package/dist/websocket/index.d.ts.map +1 -0
- package/package.json +162 -158
- package/src/{api-files → api/files}/index.ts +1 -0
- package/src/{api-parameters → api/parameters}/index.ts +1 -1
- package/src/{api-users → api/users}/primitives/$userRealm.ts +1 -1
- package/src/{api-users → api/users}/providers/UserRealmProvider.ts +6 -7
- package/src/{api-verifications → api/verifications}/index.ts +2 -0
- package/src/cli/apps/AlephaCli.ts +2 -0
- package/src/cli/apps/AlephaPackageBuilderCli.ts +83 -54
- package/src/cli/assets/appRouterTs.ts +1 -1
- package/src/cli/assets/biomeJson.ts +1 -1
- package/src/cli/assets/indexHtml.ts +1 -1
- package/src/cli/assets/mainBrowserTs.ts +1 -1
- package/src/cli/assets/mainTs.ts +9 -10
- package/src/cli/assets/viteConfigTs.ts +1 -1
- package/src/cli/commands/ChangelogCommands.ts +389 -0
- package/src/cli/commands/CoreCommands.ts +10 -6
- package/src/cli/commands/DrizzleCommands.ts +204 -4
- package/src/cli/commands/VerifyCommands.ts +4 -1
- package/src/cli/commands/ViteCommands.ts +46 -25
- package/src/cli/services/AlephaCliUtils.ts +52 -164
- package/src/command/providers/CliProvider.ts +76 -5
- package/src/core/providers/SchemaValidator.ts +24 -2
- package/src/mcp/errors/McpError.ts +72 -0
- package/src/mcp/helpers/jsonrpc.ts +163 -0
- package/src/mcp/index.ts +132 -0
- package/src/mcp/interfaces/McpTypes.ts +248 -0
- package/src/mcp/primitives/$prompt.ts +188 -0
- package/src/mcp/primitives/$resource.ts +171 -0
- package/src/mcp/primitives/$tool.ts +285 -0
- package/src/mcp/providers/McpServerProvider.ts +382 -0
- package/src/mcp/transports/SseMcpTransport.ts +172 -0
- package/src/mcp/transports/StdioMcpTransport.ts +126 -0
- package/src/orm/index.ts +12 -0
- package/src/orm/providers/drivers/CloudflareD1Provider.ts +164 -0
- package/src/orm/providers/drivers/NodeSqliteProvider.ts +3 -1
- package/src/queue/{index.ts → core/index.ts} +2 -3
- package/src/queue/{primitives → core/primitives}/$queue.ts +17 -162
- package/src/queue/core/providers/MemoryQueueProvider.ts +19 -0
- package/src/queue/core/providers/QueueProvider.ts +23 -0
- package/src/queue/core/providers/WorkerProvider.ts +244 -0
- package/src/queue/redis/providers/RedisQueueProvider.ts +31 -0
- package/src/server/{index.ts → core/index.ts} +1 -0
- package/src/{server-rate-limit → server/rate-limit}/index.ts +1 -1
- package/src/{server-swagger → server/swagger}/providers/ServerSwaggerProvider.ts +1 -0
- package/src/vite/plugins/viteAlephaBuild.ts +8 -2
- package/src/vite/plugins/viteAlephaDev.ts +6 -2
- package/src/vite/tasks/buildServer.ts +1 -1
- package/src/vite/tasks/copyAssets.ts +32 -8
- package/src/vite/tasks/generateCloudflare.ts +43 -15
- package/src/vite/tasks/runAlepha.ts +1 -0
- package/dist/api-audits/index.browser.js.map +0 -1
- package/dist/api-audits/index.js.map +0 -1
- package/dist/api-files/index.browser.js.map +0 -1
- package/dist/api-files/index.js.map +0 -1
- package/dist/api-jobs/index.browser.js.map +0 -1
- package/dist/api-jobs/index.js.map +0 -1
- package/dist/api-notifications/index.browser.js.map +0 -1
- package/dist/api-notifications/index.d.ts +0 -327
- package/dist/api-notifications/index.js.map +0 -1
- package/dist/api-parameters/index.browser.js.map +0 -1
- package/dist/api-parameters/index.js.map +0 -1
- package/dist/api-users/index.browser.js.map +0 -1
- package/dist/api-users/index.js.map +0 -1
- package/dist/api-verifications/index.browser.js.map +0 -1
- package/dist/api-verifications/index.d.ts +0 -229
- package/dist/api-verifications/index.js.map +0 -1
- package/dist/cache/index.js.map +0 -1
- package/dist/cache-redis/index.js.map +0 -1
- package/dist/lock/index.js.map +0 -1
- package/dist/lock-redis/index.js.map +0 -1
- package/dist/queue/index.d.ts +0 -1265
- package/dist/queue/index.js +0 -1037
- package/dist/queue/index.js.map +0 -1
- package/dist/queue-redis/index.d.ts +0 -82
- package/dist/queue-redis/index.js +0 -872
- package/dist/queue-redis/index.js.map +0 -1
- package/dist/server/index.browser.js.map +0 -1
- package/dist/server/index.js.map +0 -1
- package/dist/server-auth/index.browser.js.map +0 -1
- package/dist/server-auth/index.js +0 -1973
- package/dist/server-auth/index.js.map +0 -1
- package/dist/server-cache/index.js.map +0 -1
- package/dist/server-compress/index.js.map +0 -1
- package/dist/server-cookies/index.browser.js.map +0 -1
- package/dist/server-cookies/index.js.map +0 -1
- package/dist/server-cors/index.js.map +0 -1
- package/dist/server-health/index.js.map +0 -1
- package/dist/server-helmet/index.js.map +0 -1
- package/dist/server-links/index.browser.js.map +0 -1
- package/dist/server-links/index.js.map +0 -1
- package/dist/server-metrics/index.js +0 -4532
- package/dist/server-metrics/index.js.map +0 -1
- package/dist/server-multipart/index.js.map +0 -1
- package/dist/server-proxy/index.js.map +0 -1
- package/dist/server-rate-limit/index.js.map +0 -1
- package/dist/server-security/index.browser.js.map +0 -1
- package/dist/server-security/index.js.map +0 -1
- package/dist/server-static/index.js.map +0 -1
- package/dist/server-swagger/index.js.map +0 -1
- package/dist/topic/index.js.map +0 -1
- package/dist/topic-redis/index.js.map +0 -1
- package/src/queue/interfaces/QueueJob.ts +0 -459
- package/src/queue/providers/MemoryQueueProvider.ts +0 -850
- package/src/queue/providers/QueueProvider.ts +0 -319
- package/src/queue/providers/WorkerProvider.ts +0 -344
- package/src/queue-redis/providers/RedisQueueProvider.ts +0 -1209
- /package/src/{api-audits → api/audits}/controllers/AuditController.ts +0 -0
- /package/src/{api-audits → api/audits}/entities/audits.ts +0 -0
- /package/src/{api-audits → api/audits}/index.browser.ts +0 -0
- /package/src/{api-audits → api/audits}/index.ts +0 -0
- /package/src/{api-audits → api/audits}/primitives/$audit.ts +0 -0
- /package/src/{api-audits → api/audits}/schemas/auditQuerySchema.ts +0 -0
- /package/src/{api-audits → api/audits}/schemas/auditResourceSchema.ts +0 -0
- /package/src/{api-audits → api/audits}/schemas/createAuditSchema.ts +0 -0
- /package/src/{api-audits → api/audits}/services/AuditService.ts +0 -0
- /package/src/{api-files → api/files}/controllers/FileController.ts +0 -0
- /package/src/{api-files → api/files}/controllers/StorageStatsController.ts +0 -0
- /package/src/{api-files → api/files}/entities/files.ts +0 -0
- /package/src/{api-files → api/files}/index.browser.ts +0 -0
- /package/src/{api-files → api/files}/jobs/FileJobs.ts +0 -0
- /package/src/{api-files → api/files}/schemas/fileQuerySchema.ts +0 -0
- /package/src/{api-files → api/files}/schemas/fileResourceSchema.ts +0 -0
- /package/src/{api-files → api/files}/schemas/storageStatsSchema.ts +0 -0
- /package/src/{api-files → api/files}/services/FileService.ts +0 -0
- /package/src/{api-jobs → api/jobs}/controllers/JobController.ts +0 -0
- /package/src/{api-jobs → api/jobs}/entities/jobExecutions.ts +0 -0
- /package/src/{api-jobs → api/jobs}/index.browser.ts +0 -0
- /package/src/{api-jobs → api/jobs}/index.ts +0 -0
- /package/src/{api-jobs → api/jobs}/primitives/$job.ts +0 -0
- /package/src/{api-jobs → api/jobs}/providers/JobProvider.ts +0 -0
- /package/src/{api-jobs → api/jobs}/schemas/jobExecutionQuerySchema.ts +0 -0
- /package/src/{api-jobs → api/jobs}/schemas/jobExecutionResourceSchema.ts +0 -0
- /package/src/{api-jobs → api/jobs}/schemas/triggerJobSchema.ts +0 -0
- /package/src/{api-jobs → api/jobs}/services/JobService.ts +0 -0
- /package/src/{api-notifications → api/notifications}/controllers/NotificationController.ts +0 -0
- /package/src/{api-notifications → api/notifications}/entities/notifications.ts +0 -0
- /package/src/{api-notifications → api/notifications}/index.browser.ts +0 -0
- /package/src/{api-notifications → api/notifications}/index.ts +0 -0
- /package/src/{api-notifications → api/notifications}/jobs/NotificationJobs.ts +0 -0
- /package/src/{api-notifications → api/notifications}/primitives/$notification.ts +0 -0
- /package/src/{api-notifications → api/notifications}/queues/NotificationQueues.ts +0 -0
- /package/src/{api-notifications → api/notifications}/schemas/notificationContactPreferencesSchema.ts +0 -0
- /package/src/{api-notifications → api/notifications}/schemas/notificationContactSchema.ts +0 -0
- /package/src/{api-notifications → api/notifications}/schemas/notificationCreateSchema.ts +0 -0
- /package/src/{api-notifications → api/notifications}/schemas/notificationQuerySchema.ts +0 -0
- /package/src/{api-notifications → api/notifications}/services/NotificationSenderService.ts +0 -0
- /package/src/{api-notifications → api/notifications}/services/NotificationService.ts +0 -0
- /package/src/{api-parameters → api/parameters}/controllers/ConfigController.ts +0 -0
- /package/src/{api-parameters → api/parameters}/entities/parameters.ts +0 -0
- /package/src/{api-parameters → api/parameters}/index.browser.ts +0 -0
- /package/src/{api-parameters → api/parameters}/primitives/$config.ts +0 -0
- /package/src/{api-parameters → api/parameters}/schedulers/ConfigActivationScheduler.ts +0 -0
- /package/src/{api-parameters → api/parameters}/services/ConfigStore.ts +0 -0
- /package/src/{api-users → api/users}/atoms/realmAuthSettingsAtom.ts +0 -0
- /package/src/{api-users → api/users}/controllers/IdentityController.ts +0 -0
- /package/src/{api-users → api/users}/controllers/SessionController.ts +0 -0
- /package/src/{api-users → api/users}/controllers/UserController.ts +0 -0
- /package/src/{api-users → api/users}/controllers/UserRealmController.ts +0 -0
- /package/src/{api-users → api/users}/entities/identities.ts +0 -0
- /package/src/{api-users → api/users}/entities/sessions.ts +0 -0
- /package/src/{api-users → api/users}/entities/users.ts +0 -0
- /package/src/{api-users → api/users}/index.browser.ts +0 -0
- /package/src/{api-users → api/users}/index.ts +0 -0
- /package/src/{api-users → api/users}/notifications/UserNotifications.ts +0 -0
- /package/src/{api-users → api/users}/schemas/completePasswordResetRequestSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/completeRegistrationRequestSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/createUserSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/identityQuerySchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/identityResourceSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/loginSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/passwordResetIntentResponseSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/registerQuerySchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/registerRequestSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/registerResponseSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/registerSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/registrationIntentResponseSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/resetPasswordSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/sessionQuerySchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/sessionResourceSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/updateUserSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/userQuerySchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/userRealmConfigSchema.ts +0 -0
- /package/src/{api-users → api/users}/schemas/userResourceSchema.ts +0 -0
- /package/src/{api-users → api/users}/services/CredentialService.ts +0 -0
- /package/src/{api-users → api/users}/services/IdentityService.ts +0 -0
- /package/src/{api-users → api/users}/services/RegistrationService.ts +0 -0
- /package/src/{api-users → api/users}/services/SessionCrudService.ts +0 -0
- /package/src/{api-users → api/users}/services/SessionService.ts +0 -0
- /package/src/{api-users → api/users}/services/UserService.ts +0 -0
- /package/src/{api-verifications → api/verifications}/controllers/VerificationController.ts +0 -0
- /package/src/{api-verifications → api/verifications}/entities/verifications.ts +0 -0
- /package/src/{api-verifications → api/verifications}/index.browser.ts +0 -0
- /package/src/{api-verifications → api/verifications}/jobs/VerificationJobs.ts +0 -0
- /package/src/{api-verifications → api/verifications}/parameters/VerificationParameters.ts +0 -0
- /package/src/{api-verifications → api/verifications}/schemas/requestVerificationCodeResponseSchema.ts +0 -0
- /package/src/{api-verifications → api/verifications}/schemas/validateVerificationCodeResponseSchema.ts +0 -0
- /package/src/{api-verifications → api/verifications}/schemas/verificationSettingsSchema.ts +0 -0
- /package/src/{api-verifications → api/verifications}/schemas/verificationTypeEnumSchema.ts +0 -0
- /package/src/{api-verifications → api/verifications}/services/VerificationService.ts +0 -0
- /package/src/cache/{errors → core/errors}/CacheError.ts +0 -0
- /package/src/cache/{index.ts → core/index.ts} +0 -0
- /package/src/cache/{primitives → core/primitives}/$cache.ts +0 -0
- /package/src/cache/{providers → core/providers}/CacheProvider.ts +0 -0
- /package/src/cache/{providers → core/providers}/MemoryCacheProvider.ts +0 -0
- /package/src/{cache-redis → cache/redis}/index.ts +0 -0
- /package/src/{cache-redis → cache/redis}/providers/RedisCacheProvider.ts +0 -0
- /package/src/lock/{index.ts → core/index.ts} +0 -0
- /package/src/lock/{primitives → core/primitives}/$lock.ts +0 -0
- /package/src/lock/{providers → core/providers}/LockProvider.ts +0 -0
- /package/src/lock/{providers → core/providers}/LockTopicProvider.ts +0 -0
- /package/src/lock/{providers → core/providers}/MemoryLockProvider.ts +0 -0
- /package/src/{lock-redis → lock/redis}/index.ts +0 -0
- /package/src/{lock-redis → lock/redis}/providers/RedisLockProvider.ts +0 -0
- /package/src/queue/{primitives → core/primitives}/$consumer.ts +0 -0
- /package/src/{queue-redis → queue/redis}/index.ts +0 -0
- /package/src/{server-auth → server/auth}/constants/routes.ts +0 -0
- /package/src/{server-auth → server/auth}/index.browser.ts +0 -0
- /package/src/{server-auth → server/auth}/index.shared.ts +0 -0
- /package/src/{server-auth → server/auth}/index.ts +0 -0
- /package/src/{server-auth → server/auth}/primitives/$auth.ts +0 -0
- /package/src/{server-auth → server/auth}/primitives/$authApple.ts +0 -0
- /package/src/{server-auth → server/auth}/primitives/$authCredentials.ts +0 -0
- /package/src/{server-auth → server/auth}/primitives/$authGithub.ts +0 -0
- /package/src/{server-auth → server/auth}/primitives/$authGoogle.ts +0 -0
- /package/src/{server-auth → server/auth}/providers/ServerAuthProvider.ts +0 -0
- /package/src/{server-auth → server/auth}/schemas/authenticationProviderSchema.ts +0 -0
- /package/src/{server-auth → server/auth}/schemas/tokenResponseSchema.ts +0 -0
- /package/src/{server-auth → server/auth}/schemas/tokensSchema.ts +0 -0
- /package/src/{server-auth → server/auth}/schemas/userinfoResponseSchema.ts +0 -0
- /package/src/{server-cache → server/cache}/index.ts +0 -0
- /package/src/{server-cache → server/cache}/providers/ServerCacheProvider.ts +0 -0
- /package/src/{server-compress → server/compress}/index.ts +0 -0
- /package/src/{server-compress → server/compress}/providers/ServerCompressProvider.ts +0 -0
- /package/src/{server-cookies → server/cookies}/index.browser.ts +0 -0
- /package/src/{server-cookies → server/cookies}/index.ts +0 -0
- /package/src/{server-cookies → server/cookies}/primitives/$cookie.browser.ts +0 -0
- /package/src/{server-cookies → server/cookies}/primitives/$cookie.ts +0 -0
- /package/src/{server-cookies → server/cookies}/providers/ServerCookiesProvider.ts +0 -0
- /package/src/{server-cookies → server/cookies}/services/CookieParser.ts +0 -0
- /package/src/server/{constants → core/constants}/routeMethods.ts +0 -0
- /package/src/server/{errors → core/errors}/BadRequestError.ts +0 -0
- /package/src/server/{errors → core/errors}/ConflictError.ts +0 -0
- /package/src/server/{errors → core/errors}/ForbiddenError.ts +0 -0
- /package/src/server/{errors → core/errors}/HttpError.ts +0 -0
- /package/src/server/{errors → core/errors}/NotFoundError.ts +0 -0
- /package/src/server/{errors → core/errors}/UnauthorizedError.ts +0 -0
- /package/src/server/{errors → core/errors}/ValidationError.ts +0 -0
- /package/src/server/{helpers → core/helpers}/ServerReply.ts +0 -0
- /package/src/server/{helpers → core/helpers}/isMultipart.ts +0 -0
- /package/src/server/{index.browser.ts → core/index.browser.ts} +0 -0
- /package/src/server/{index.shared.ts → core/index.shared.ts} +0 -0
- /package/src/server/{interfaces → core/interfaces}/ServerRequest.ts +0 -0
- /package/src/server/{primitives → core/primitives}/$action.ts +0 -0
- /package/src/server/{primitives → core/primitives}/$route.ts +0 -0
- /package/src/server/{providers → core/providers}/BunHttpServerProvider.ts +0 -0
- /package/src/server/{providers → core/providers}/NodeHttpServerProvider.ts +0 -0
- /package/src/server/{providers → core/providers}/ServerBodyParserProvider.ts +0 -0
- /package/src/server/{providers → core/providers}/ServerLoggerProvider.ts +0 -0
- /package/src/server/{providers → core/providers}/ServerNotReadyProvider.ts +0 -0
- /package/src/server/{providers → core/providers}/ServerProvider.ts +0 -0
- /package/src/server/{providers → core/providers}/ServerRouterProvider.ts +0 -0
- /package/src/server/{providers → core/providers}/ServerTimingProvider.ts +0 -0
- /package/src/server/{schemas → core/schemas}/errorSchema.ts +0 -0
- /package/src/server/{schemas → core/schemas}/okSchema.ts +0 -0
- /package/src/server/{services → core/services}/HttpClient.ts +0 -0
- /package/src/server/{services → core/services}/ServerRequestParser.ts +0 -0
- /package/src/server/{services → core/services}/UserAgentParser.ts +0 -0
- /package/src/{server-cors → server/cors}/index.ts +0 -0
- /package/src/{server-cors → server/cors}/primitives/$cors.ts +0 -0
- /package/src/{server-cors → server/cors}/providers/ServerCorsProvider.ts +0 -0
- /package/src/{server-health → server/health}/index.ts +0 -0
- /package/src/{server-health → server/health}/providers/ServerHealthProvider.ts +0 -0
- /package/src/{server-health → server/health}/schemas/healthSchema.ts +0 -0
- /package/src/{server-helmet → server/helmet}/index.ts +0 -0
- /package/src/{server-helmet → server/helmet}/providers/ServerHelmetProvider.ts +0 -0
- /package/src/{server-links → server/links}/index.browser.ts +0 -0
- /package/src/{server-links → server/links}/index.ts +0 -0
- /package/src/{server-links → server/links}/primitives/$client.ts +0 -0
- /package/src/{server-links → server/links}/primitives/$remote.ts +0 -0
- /package/src/{server-links → server/links}/providers/LinkProvider.ts +0 -0
- /package/src/{server-links → server/links}/providers/RemotePrimitiveProvider.ts +0 -0
- /package/src/{server-links → server/links}/providers/ServerLinksProvider.ts +0 -0
- /package/src/{server-links → server/links}/schemas/apiLinksResponseSchema.ts +0 -0
- /package/src/{server-metrics → server/metrics}/index.ts +0 -0
- /package/src/{server-metrics → server/metrics}/providers/ServerMetricsProvider.ts +0 -0
- /package/src/{server-multipart → server/multipart}/index.ts +0 -0
- /package/src/{server-multipart → server/multipart}/providers/ServerMultipartProvider.ts +0 -0
- /package/src/{server-proxy → server/proxy}/index.ts +0 -0
- /package/src/{server-proxy → server/proxy}/primitives/$proxy.ts +0 -0
- /package/src/{server-proxy → server/proxy}/providers/ServerProxyProvider.ts +0 -0
- /package/src/{server-rate-limit → server/rate-limit}/primitives/$rateLimit.ts +0 -0
- /package/src/{server-rate-limit → server/rate-limit}/providers/ServerRateLimitProvider.ts +0 -0
- /package/src/{server-security → server/security}/index.browser.ts +0 -0
- /package/src/{server-security → server/security}/index.ts +0 -0
- /package/src/{server-security → server/security}/primitives/$basicAuth.ts +0 -0
- /package/src/{server-security → server/security}/providers/ServerBasicAuthProvider.ts +0 -0
- /package/src/{server-security → server/security}/providers/ServerSecurityProvider.ts +0 -0
- /package/src/{server-static → server/static}/index.ts +0 -0
- /package/src/{server-static → server/static}/primitives/$serve.ts +0 -0
- /package/src/{server-static → server/static}/providers/ServerStaticProvider.ts +0 -0
- /package/src/{server-swagger → server/swagger}/index.ts +0 -0
- /package/src/{server-swagger → server/swagger}/primitives/$swagger.ts +0 -0
- /package/src/topic/{errors → core/errors}/TopicTimeoutError.ts +0 -0
- /package/src/topic/{index.ts → core/index.ts} +0 -0
- /package/src/topic/{primitives → core/primitives}/$subscriber.ts +0 -0
- /package/src/topic/{primitives → core/primitives}/$topic.ts +0 -0
- /package/src/topic/{providers → core/providers}/MemoryTopicProvider.ts +0 -0
- /package/src/topic/{providers → core/providers}/TopicProvider.ts +0 -0
- /package/src/{topic-redis → topic/redis}/index.ts +0 -0
- /package/src/{topic-redis → topic/redis}/providers/RedisTopicProvider.ts +0 -0
|
@@ -0,0 +1,742 @@
|
|
|
1
|
+
import { $context, $hook, $inject, $module, Alepha, AlephaError, KIND, Primitive, createPrimitive, t } from "alepha";
|
|
2
|
+
import { $cookie, AlephaServerCookies, ServerCookiesProvider } from "alepha/server/cookies";
|
|
3
|
+
import { DateTimeProvider } from "alepha/datetime";
|
|
4
|
+
import { InvalidCredentialsError, SecurityError, SecurityProvider, userAccountInfoSchema } from "alepha/security";
|
|
5
|
+
import { Configuration, allowInsecureRequests, authorizationCodeGrant, buildAuthorizationUrl, buildEndSessionUrl, calculatePKCECodeChallenge, discovery, randomPKCECodeVerifier, randomState, refreshTokenGrant } from "openid-client";
|
|
6
|
+
import { $logger } from "alepha/logger";
|
|
7
|
+
import { $route, BadRequestError } from "alepha/server";
|
|
8
|
+
import { ServerLinksProvider, apiLinksResponseSchema } from "alepha/server/links";
|
|
9
|
+
|
|
10
|
+
//#region ../../src/server/auth/primitives/$auth.ts
|
|
11
|
+
/**
|
|
12
|
+
* Creates an authentication provider primitive for handling user login flows.
|
|
13
|
+
*
|
|
14
|
+
* Supports multiple authentication strategies: credentials (username/password), OAuth2,
|
|
15
|
+
* and OIDC (OpenID Connect). Handles token management, user profile retrieval, and
|
|
16
|
+
* integration with both external identity providers (Auth0, Keycloak) and internal realms.
|
|
17
|
+
*
|
|
18
|
+
* **Authentication Types**: Credentials, OAuth2 (Google, GitHub), OIDC, External providers
|
|
19
|
+
*
|
|
20
|
+
* @example
|
|
21
|
+
* ```ts
|
|
22
|
+
* class AuthProviders {
|
|
23
|
+
* // Internal credentials-based auth
|
|
24
|
+
* credentials = $auth({
|
|
25
|
+
* realm: this.userRealm,
|
|
26
|
+
* credentials: {
|
|
27
|
+
* account: async ({ username, password }) => {
|
|
28
|
+
* return await this.validateUser(username, password);
|
|
29
|
+
* }
|
|
30
|
+
* }
|
|
31
|
+
* });
|
|
32
|
+
*
|
|
33
|
+
* // External OIDC provider
|
|
34
|
+
* keycloak = $auth({
|
|
35
|
+
* oidc: {
|
|
36
|
+
* issuer: "https://auth.example.com",
|
|
37
|
+
* clientId: "my-app",
|
|
38
|
+
* clientSecret: "secret",
|
|
39
|
+
* redirectUri: "/auth/callback"
|
|
40
|
+
* }
|
|
41
|
+
* });
|
|
42
|
+
* }
|
|
43
|
+
* ```
|
|
44
|
+
*/
|
|
45
|
+
const $auth = (options) => {
|
|
46
|
+
return createPrimitive(AuthPrimitive, options);
|
|
47
|
+
};
|
|
48
|
+
var AuthPrimitive = class extends Primitive {
|
|
49
|
+
securityProvider = $inject(SecurityProvider);
|
|
50
|
+
dateTimeProvider = $inject(DateTimeProvider);
|
|
51
|
+
oauth;
|
|
52
|
+
get name() {
|
|
53
|
+
return this.options.name ?? this.config.propertyKey;
|
|
54
|
+
}
|
|
55
|
+
get realm() {
|
|
56
|
+
if ("realm" in this.options) return this.options.realm;
|
|
57
|
+
}
|
|
58
|
+
get jwks_uri() {
|
|
59
|
+
const jwks = this.oauth?.serverMetadata().jwks_uri;
|
|
60
|
+
if (!jwks) throw new AlephaError("No JWKS URI available for the auth provider");
|
|
61
|
+
return jwks;
|
|
62
|
+
}
|
|
63
|
+
get scope() {
|
|
64
|
+
if ("oauth" in this.options) return this.options.oauth.scope;
|
|
65
|
+
if ("oidc" in this.options) return this.options.oidc.scope || "openid profile email";
|
|
66
|
+
throw new AlephaError("No OAuth2 or OIDC configuration available for the auth provider");
|
|
67
|
+
}
|
|
68
|
+
get redirect_uri() {
|
|
69
|
+
if ("oauth" in this.options) return this.options.oauth.redirectUri;
|
|
70
|
+
if ("oidc" in this.options) return this.options.oidc.redirectUri;
|
|
71
|
+
throw new AlephaError("No OAuth2 or OIDC configuration available for the auth provider");
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Refreshes the access token using the refresh token.
|
|
75
|
+
* Can be used on oauth2, oidc or credentials auth providers.
|
|
76
|
+
*/
|
|
77
|
+
async refresh(refreshToken, accessToken) {
|
|
78
|
+
if ("realm" in this.options) return this.options.realm.refreshToken(refreshToken, accessToken).then((it) => it.tokens).catch((error) => {
|
|
79
|
+
throw new SecurityError("Failed to refresh access token using the refresh token (realm)", { cause: error });
|
|
80
|
+
});
|
|
81
|
+
else if (this.oauth) try {
|
|
82
|
+
return {
|
|
83
|
+
...await refreshTokenGrant(this.oauth, refreshToken),
|
|
84
|
+
issued_at: this.dateTimeProvider.now().unix()
|
|
85
|
+
};
|
|
86
|
+
} catch (error) {
|
|
87
|
+
throw new SecurityError("Failed to refresh access token using the refresh token (oauth2)", { cause: error });
|
|
88
|
+
}
|
|
89
|
+
throw new AlephaError("No realm or OAuth2 configuration available for refreshing the access token");
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Extracts user information from the access token.
|
|
93
|
+
* This is used to create a user account from the access token.
|
|
94
|
+
*/
|
|
95
|
+
async user(tokens) {
|
|
96
|
+
try {
|
|
97
|
+
if ("oauth" in this.options) {
|
|
98
|
+
const profile = await this.options.oauth.userinfo(tokens);
|
|
99
|
+
if (this.options.oauth.account) return this.options.oauth.account({
|
|
100
|
+
...tokens,
|
|
101
|
+
user: profile
|
|
102
|
+
});
|
|
103
|
+
return this.securityProvider.createUserFromPayload(profile);
|
|
104
|
+
}
|
|
105
|
+
if ("oidc" in this.options) {
|
|
106
|
+
const payload = this.getUserFromIdToken(tokens.id_token || "");
|
|
107
|
+
if (this.options.oidc.account) return this.options.oidc.account({
|
|
108
|
+
...tokens,
|
|
109
|
+
user: payload
|
|
110
|
+
});
|
|
111
|
+
return this.securityProvider.createUserFromPayload(payload);
|
|
112
|
+
}
|
|
113
|
+
} catch (error) {
|
|
114
|
+
throw new SecurityError("Failed to extract user from identity provider tokens", { cause: error });
|
|
115
|
+
}
|
|
116
|
+
throw new AlephaError("This authentication does not support user extraction from tokens");
|
|
117
|
+
}
|
|
118
|
+
getUserFromIdToken(idToken) {
|
|
119
|
+
try {
|
|
120
|
+
return JSON.parse(Buffer.from(idToken.split(".")[1], "base64").toString("utf8"));
|
|
121
|
+
} catch (error) {
|
|
122
|
+
throw new AlephaError("Failed to parse ID Token payload", { cause: error });
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
async prepare() {
|
|
126
|
+
const addons = [];
|
|
127
|
+
addons.push(allowInsecureRequests);
|
|
128
|
+
if ("oidc" in this.options) {
|
|
129
|
+
const { oidc } = this.options;
|
|
130
|
+
this.oauth = await discovery(new URL(oidc.issuer), oidc.clientId, { client_secret: oidc.clientSecret }, void 0, { execute: addons });
|
|
131
|
+
}
|
|
132
|
+
if ("oauth" in this.options) {
|
|
133
|
+
const { oauth } = this.options;
|
|
134
|
+
this.oauth = new Configuration({
|
|
135
|
+
authorization_endpoint: oauth.authorization,
|
|
136
|
+
token_endpoint: oauth.token,
|
|
137
|
+
issuer: oauth.authorization,
|
|
138
|
+
jwks_uri: void 0,
|
|
139
|
+
end_session_endpoint: void 0
|
|
140
|
+
}, oauth.clientId, { client_secret: oauth.clientSecret });
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
};
|
|
144
|
+
$auth[KIND] = AuthPrimitive;
|
|
145
|
+
|
|
146
|
+
//#endregion
|
|
147
|
+
//#region ../../src/server/auth/constants/routes.ts
|
|
148
|
+
const alephaServerAuthRoutes = {
|
|
149
|
+
login: "/oauth/login",
|
|
150
|
+
callback: "/oauth/callback",
|
|
151
|
+
logout: "/oauth/logout",
|
|
152
|
+
token: "/_auth/token",
|
|
153
|
+
refresh: "/_auth/refresh",
|
|
154
|
+
userinfo: "/_auth/userinfo"
|
|
155
|
+
};
|
|
156
|
+
|
|
157
|
+
//#endregion
|
|
158
|
+
//#region ../../src/server/auth/schemas/tokensSchema.ts
|
|
159
|
+
const tokensSchema = t.object({
|
|
160
|
+
provider: t.text(),
|
|
161
|
+
access_token: t.text({ size: "rich" }),
|
|
162
|
+
issued_at: t.number(),
|
|
163
|
+
expires_in: t.optional(t.number()),
|
|
164
|
+
refresh_token: t.optional(t.text({ size: "rich" })),
|
|
165
|
+
refresh_token_expires_in: t.optional(t.number()),
|
|
166
|
+
refresh_expires_in: t.optional(t.number({ description: "Alias of `refresh_token_expires_in` for compatibility with some providers." })),
|
|
167
|
+
id_token: t.optional(t.text({ size: "rich" })),
|
|
168
|
+
scope: t.optional(t.text())
|
|
169
|
+
});
|
|
170
|
+
|
|
171
|
+
//#endregion
|
|
172
|
+
//#region ../../src/server/auth/schemas/tokenResponseSchema.ts
|
|
173
|
+
const tokenResponseSchema = t.extend(tokensSchema, {
|
|
174
|
+
user: userAccountInfoSchema,
|
|
175
|
+
api: apiLinksResponseSchema
|
|
176
|
+
});
|
|
177
|
+
|
|
178
|
+
//#endregion
|
|
179
|
+
//#region ../../src/server/auth/schemas/userinfoResponseSchema.ts
|
|
180
|
+
const userinfoResponseSchema = t.object({
|
|
181
|
+
user: t.optional(userAccountInfoSchema),
|
|
182
|
+
api: apiLinksResponseSchema
|
|
183
|
+
});
|
|
184
|
+
|
|
185
|
+
//#endregion
|
|
186
|
+
//#region ../../src/server/auth/providers/ServerAuthProvider.ts
|
|
187
|
+
var ServerAuthProvider = class {
|
|
188
|
+
log = $logger();
|
|
189
|
+
alepha = $inject(Alepha);
|
|
190
|
+
serverCookiesProvider = $inject(ServerCookiesProvider);
|
|
191
|
+
dateTimeProvider = $inject(DateTimeProvider);
|
|
192
|
+
serverLinksProvider = $inject(ServerLinksProvider);
|
|
193
|
+
authorizationCode = $cookie({
|
|
194
|
+
name: "authorizationCode",
|
|
195
|
+
ttl: [15, "minutes"],
|
|
196
|
+
httpOnly: true,
|
|
197
|
+
schema: t.object({
|
|
198
|
+
provider: t.text(),
|
|
199
|
+
realm: t.optional(t.text()),
|
|
200
|
+
codeVerifier: t.optional(t.text({ size: "long" })),
|
|
201
|
+
redirectUri: t.optional(t.text({ size: "long" })),
|
|
202
|
+
state: t.optional(t.text()),
|
|
203
|
+
nonce: t.optional(t.text())
|
|
204
|
+
})
|
|
205
|
+
});
|
|
206
|
+
tokens = $cookie({
|
|
207
|
+
name: "tokens",
|
|
208
|
+
ttl: [30, "days"],
|
|
209
|
+
httpOnly: true,
|
|
210
|
+
compress: true,
|
|
211
|
+
encrypt: true,
|
|
212
|
+
schema: tokensSchema
|
|
213
|
+
});
|
|
214
|
+
get identities() {
|
|
215
|
+
return this.alepha.primitives($auth).filter((auth) => !auth.options.disabled);
|
|
216
|
+
}
|
|
217
|
+
getAuthenticationProviders(filters = {}) {
|
|
218
|
+
const providers = [];
|
|
219
|
+
for (const identity of this.identities) {
|
|
220
|
+
if (filters.realmName) {
|
|
221
|
+
const realm = "realm" in identity.options && identity.options.realm;
|
|
222
|
+
if (!realm || realm.name !== filters.realmName) continue;
|
|
223
|
+
}
|
|
224
|
+
const type = "oidc" in identity.options ? "OIDC" : "oauth" in identity.options ? "OAUTH2" : "credentials" in identity.options ? "CREDENTIALS" : void 0;
|
|
225
|
+
if (!type) continue;
|
|
226
|
+
providers.push({
|
|
227
|
+
name: identity.name,
|
|
228
|
+
type
|
|
229
|
+
});
|
|
230
|
+
}
|
|
231
|
+
return providers;
|
|
232
|
+
}
|
|
233
|
+
configure = $hook({
|
|
234
|
+
on: "configure",
|
|
235
|
+
handler: async () => {
|
|
236
|
+
for (const identity of this.identities) await identity.prepare();
|
|
237
|
+
}
|
|
238
|
+
});
|
|
239
|
+
getAccessTokens(tokens) {
|
|
240
|
+
const idp = this.provider(tokens.provider);
|
|
241
|
+
if ("oidc" in idp.options && !("realm" in idp.options) && idp.options.oidc?.useIdToken) return tokens.id_token;
|
|
242
|
+
return tokens.access_token;
|
|
243
|
+
}
|
|
244
|
+
/**
|
|
245
|
+
* Fill request headers with access token from cookies or fallback to provider's fallback function.
|
|
246
|
+
*/
|
|
247
|
+
onRequest = $hook({
|
|
248
|
+
on: "server:onRequest",
|
|
249
|
+
after: this.serverCookiesProvider,
|
|
250
|
+
handler: async ({ request }) => {
|
|
251
|
+
const cookies = request.cookies;
|
|
252
|
+
if (cookies) {
|
|
253
|
+
const tokens = await this.cookiesToTokens(cookies);
|
|
254
|
+
if (tokens) {
|
|
255
|
+
request.headers.authorization = `Bearer ${this.getAccessTokens(tokens)}`;
|
|
256
|
+
this.log.trace("Access token set in request headers", { provider: tokens.provider });
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
if (!request.headers.authorization) {
|
|
260
|
+
for (const provider of this.identities) if (!("realm" in provider.options) && !!provider.options.fallback) {
|
|
261
|
+
const token = await provider.options.fallback();
|
|
262
|
+
if (token) {
|
|
263
|
+
request.headers.authorization = `Bearer ${token}`;
|
|
264
|
+
break;
|
|
265
|
+
}
|
|
266
|
+
}
|
|
267
|
+
}
|
|
268
|
+
}
|
|
269
|
+
});
|
|
270
|
+
/**
|
|
271
|
+
* Convert cookies to tokens.
|
|
272
|
+
* If the tokens are expired, try to refresh them using the refresh token.
|
|
273
|
+
*/
|
|
274
|
+
async cookiesToTokens(cookies) {
|
|
275
|
+
const tokens = this.getTokens(cookies);
|
|
276
|
+
if (!tokens) {
|
|
277
|
+
this.log.trace("No tokens found in cookies");
|
|
278
|
+
return;
|
|
279
|
+
}
|
|
280
|
+
this.log.trace("Tokens found in cookies", {
|
|
281
|
+
expires_in: tokens.expires_in,
|
|
282
|
+
issued_at: tokens.issued_at
|
|
283
|
+
});
|
|
284
|
+
const refreshedTokens = await this.refreshTokens(tokens);
|
|
285
|
+
if (!refreshedTokens) {
|
|
286
|
+
this.tokens.del({ cookies });
|
|
287
|
+
return;
|
|
288
|
+
}
|
|
289
|
+
if (refreshedTokens.access_token !== tokens.access_token) this.setTokens(refreshedTokens, cookies);
|
|
290
|
+
return refreshedTokens;
|
|
291
|
+
}
|
|
292
|
+
async refreshTokens(tokens) {
|
|
293
|
+
if (tokens.expires_in && tokens.issued_at) {
|
|
294
|
+
if (tokens.issued_at + (tokens.expires_in - 10) < this.dateTimeProvider.now().unix()) {
|
|
295
|
+
this.log.trace("Tokens are expired");
|
|
296
|
+
if (tokens.refresh_token) {
|
|
297
|
+
this.log.trace("Trying to refresh tokens using refresh token");
|
|
298
|
+
try {
|
|
299
|
+
const newTokens = {
|
|
300
|
+
...await this.provider(tokens).refresh(tokens.refresh_token, tokens.access_token),
|
|
301
|
+
provider: tokens.provider,
|
|
302
|
+
issued_at: this.dateTimeProvider.now().unix()
|
|
303
|
+
};
|
|
304
|
+
this.log.debug("Tokens refreshed successfully");
|
|
305
|
+
return newTokens;
|
|
306
|
+
} catch (e) {
|
|
307
|
+
this.log.warn("Failed to refresh token", e);
|
|
308
|
+
}
|
|
309
|
+
}
|
|
310
|
+
return;
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
if (!tokens.issued_at && tokens.access_token) return;
|
|
314
|
+
return tokens;
|
|
315
|
+
}
|
|
316
|
+
/**
|
|
317
|
+
* Get user information.
|
|
318
|
+
*/
|
|
319
|
+
userinfo = $route({
|
|
320
|
+
path: alephaServerAuthRoutes.userinfo,
|
|
321
|
+
schema: { response: userinfoResponseSchema },
|
|
322
|
+
handler: async ({ user, headers, cookies }) => {
|
|
323
|
+
const tokens = this.getTokens(cookies);
|
|
324
|
+
if (tokens) {
|
|
325
|
+
const provider = this.provider(tokens);
|
|
326
|
+
if (!("realm" in provider.options)) {
|
|
327
|
+
const user$1 = await provider.user(tokens);
|
|
328
|
+
return {
|
|
329
|
+
api: await this.serverLinksProvider.getUserApiLinks({
|
|
330
|
+
authorization: headers.authorization,
|
|
331
|
+
user: user$1
|
|
332
|
+
}),
|
|
333
|
+
user: user$1
|
|
334
|
+
};
|
|
335
|
+
}
|
|
336
|
+
}
|
|
337
|
+
return {
|
|
338
|
+
api: await this.serverLinksProvider.getUserApiLinks({
|
|
339
|
+
authorization: headers.authorization,
|
|
340
|
+
user
|
|
341
|
+
}),
|
|
342
|
+
user
|
|
343
|
+
};
|
|
344
|
+
}
|
|
345
|
+
});
|
|
346
|
+
/**
|
|
347
|
+
* Refresh a token for internal providers.
|
|
348
|
+
*/
|
|
349
|
+
refresh = $route({
|
|
350
|
+
path: alephaServerAuthRoutes.refresh,
|
|
351
|
+
method: "POST",
|
|
352
|
+
schema: {
|
|
353
|
+
query: t.object({ provider: t.text() }),
|
|
354
|
+
body: t.object({
|
|
355
|
+
refresh_token: t.text({ size: "rich" }),
|
|
356
|
+
access_token: t.optional(t.text({
|
|
357
|
+
size: "rich",
|
|
358
|
+
description: "Required if provider has stateless refresh token on credentials mode"
|
|
359
|
+
}))
|
|
360
|
+
}),
|
|
361
|
+
response: tokensSchema
|
|
362
|
+
},
|
|
363
|
+
handler: async ({ query, body, cookies }) => {
|
|
364
|
+
const provider = this.provider(query);
|
|
365
|
+
const tokens = {
|
|
366
|
+
provider: query.provider,
|
|
367
|
+
...await provider.refresh(body.refresh_token, body.access_token)
|
|
368
|
+
};
|
|
369
|
+
this.setTokens(tokens, cookies);
|
|
370
|
+
return tokens;
|
|
371
|
+
}
|
|
372
|
+
});
|
|
373
|
+
/**
|
|
374
|
+
* Login for local password-based authentication.
|
|
375
|
+
*/
|
|
376
|
+
token = $route({
|
|
377
|
+
path: alephaServerAuthRoutes.token,
|
|
378
|
+
method: "POST",
|
|
379
|
+
schema: {
|
|
380
|
+
query: t.object({
|
|
381
|
+
provider: t.text(),
|
|
382
|
+
realm: t.optional(t.text({ description: "Realm name for multi-realm setups" }))
|
|
383
|
+
}),
|
|
384
|
+
body: t.object({
|
|
385
|
+
username: t.text(),
|
|
386
|
+
password: t.text()
|
|
387
|
+
}),
|
|
388
|
+
response: tokenResponseSchema
|
|
389
|
+
},
|
|
390
|
+
handler: async ({ query, body, cookies }) => {
|
|
391
|
+
const provider = this.provider({
|
|
392
|
+
provider: query.provider,
|
|
393
|
+
realm: query.realm
|
|
394
|
+
});
|
|
395
|
+
const realm = "realm" in provider.options && provider.options.realm;
|
|
396
|
+
if (!realm) throw new SecurityError(`Auth provider '${query.provider}' does not support password grant`);
|
|
397
|
+
const credentials = "credentials" in provider.options && provider.options.credentials;
|
|
398
|
+
if (!credentials) throw new SecurityError(`Auth provider '${query.provider}' does not support password grant`);
|
|
399
|
+
console.log("->", body);
|
|
400
|
+
let user;
|
|
401
|
+
try {
|
|
402
|
+
user = await credentials.account(body);
|
|
403
|
+
} catch (e) {
|
|
404
|
+
if (e instanceof InvalidCredentialsError) throw e;
|
|
405
|
+
this.log.error("Failed to authenticate user", e);
|
|
406
|
+
throw new InvalidCredentialsError();
|
|
407
|
+
}
|
|
408
|
+
if (!user) throw new InvalidCredentialsError();
|
|
409
|
+
const tokens = {
|
|
410
|
+
provider: query.provider,
|
|
411
|
+
...await realm.createToken(user)
|
|
412
|
+
};
|
|
413
|
+
this.setTokens(tokens, cookies);
|
|
414
|
+
const api = await this.serverLinksProvider.getUserApiLinks({ user });
|
|
415
|
+
return {
|
|
416
|
+
...tokens,
|
|
417
|
+
user,
|
|
418
|
+
api
|
|
419
|
+
};
|
|
420
|
+
}
|
|
421
|
+
});
|
|
422
|
+
/**
|
|
423
|
+
* Oauth2/OIDC login route.
|
|
424
|
+
*/
|
|
425
|
+
login = $route({
|
|
426
|
+
path: alephaServerAuthRoutes.login,
|
|
427
|
+
schema: { query: t.object({
|
|
428
|
+
provider: t.text(),
|
|
429
|
+
realm: t.optional(t.text({ description: "Realm name for multi-realm setups" })),
|
|
430
|
+
redirect_uri: t.optional(t.text({ size: "rich" }))
|
|
431
|
+
}) },
|
|
432
|
+
handler: async ({ query, url, reply }) => {
|
|
433
|
+
const provider = this.provider({
|
|
434
|
+
provider: query.provider,
|
|
435
|
+
realm: query.realm
|
|
436
|
+
});
|
|
437
|
+
const oauth = provider.oauth;
|
|
438
|
+
if (!oauth) throw new SecurityError(`Auth provider '${query.provider}' does not support OAuth2`);
|
|
439
|
+
const scope = provider.scope;
|
|
440
|
+
let redirect_uri = provider.redirect_uri || alephaServerAuthRoutes.callback;
|
|
441
|
+
if (redirect_uri.startsWith("/")) redirect_uri = `${url.protocol}//${url.host}${redirect_uri}`;
|
|
442
|
+
const oidc = "oidc" in provider.options && provider.options.oidc;
|
|
443
|
+
if (!oauth.serverMetadata().supportsPKCE()) {
|
|
444
|
+
const state = randomState();
|
|
445
|
+
const parameters$1 = {
|
|
446
|
+
redirect_uri,
|
|
447
|
+
state
|
|
448
|
+
};
|
|
449
|
+
if (oidc) parameters$1.nonce = randomState();
|
|
450
|
+
if (scope) parameters$1.scope = scope;
|
|
451
|
+
this.authorizationCode.set({
|
|
452
|
+
state,
|
|
453
|
+
nonce: parameters$1.nonce,
|
|
454
|
+
redirectUri: query.redirect_uri ?? "/",
|
|
455
|
+
provider: query.provider,
|
|
456
|
+
realm: query.realm
|
|
457
|
+
});
|
|
458
|
+
reply.redirect(buildAuthorizationUrl(oauth, parameters$1).toString());
|
|
459
|
+
return;
|
|
460
|
+
}
|
|
461
|
+
const codeVerifier = randomPKCECodeVerifier();
|
|
462
|
+
const codeChallenge = await calculatePKCECodeChallenge(codeVerifier);
|
|
463
|
+
const parameters = {
|
|
464
|
+
redirect_uri,
|
|
465
|
+
code_challenge: codeChallenge,
|
|
466
|
+
code_challenge_method: "S256"
|
|
467
|
+
};
|
|
468
|
+
if (scope) parameters.scope = scope;
|
|
469
|
+
this.authorizationCode.set({
|
|
470
|
+
codeVerifier,
|
|
471
|
+
redirectUri: query.redirect_uri ?? "/",
|
|
472
|
+
provider: query.provider,
|
|
473
|
+
realm: query.realm
|
|
474
|
+
});
|
|
475
|
+
reply.redirect(buildAuthorizationUrl(oauth, parameters).toString());
|
|
476
|
+
}
|
|
477
|
+
});
|
|
478
|
+
/**
|
|
479
|
+
* Callback for OAuth2/OIDC providers.
|
|
480
|
+
* It handles the authorization code flow and retrieves the access token.
|
|
481
|
+
*/
|
|
482
|
+
callback = $route({
|
|
483
|
+
path: alephaServerAuthRoutes.callback,
|
|
484
|
+
handler: async ({ url, reply, cookies }) => {
|
|
485
|
+
const authorizationCode = this.authorizationCode.get({ cookies });
|
|
486
|
+
if (!authorizationCode) throw new BadRequestError("Missing code verifier");
|
|
487
|
+
const provider = this.provider(authorizationCode);
|
|
488
|
+
const oauth = provider.oauth;
|
|
489
|
+
if (!oauth) throw new SecurityError(`Auth provider '${provider.name}' does not support OAuth2`);
|
|
490
|
+
const redirectUri = authorizationCode.redirectUri ?? "/";
|
|
491
|
+
const externalTokens = await authorizationCodeGrant(oauth, url, {
|
|
492
|
+
pkceCodeVerifier: authorizationCode.codeVerifier,
|
|
493
|
+
expectedState: authorizationCode.state,
|
|
494
|
+
expectedNonce: authorizationCode.nonce
|
|
495
|
+
}).then((tokens$1) => ({
|
|
496
|
+
issued_at: this.dateTimeProvider.now().unix(),
|
|
497
|
+
provider: provider.name,
|
|
498
|
+
...tokens$1
|
|
499
|
+
})).catch((e) => {
|
|
500
|
+
this.log.error("Failed to get access token", e);
|
|
501
|
+
throw new SecurityError("Failed to get access token", { cause: e });
|
|
502
|
+
});
|
|
503
|
+
this.authorizationCode.del({ cookies });
|
|
504
|
+
const realm = "realm" in provider.options && provider.options.realm;
|
|
505
|
+
if (!realm) {
|
|
506
|
+
this.setTokens(externalTokens, cookies);
|
|
507
|
+
reply.redirect(redirectUri);
|
|
508
|
+
return;
|
|
509
|
+
}
|
|
510
|
+
const user = await provider.user(externalTokens);
|
|
511
|
+
const tokens = await realm.createToken(user);
|
|
512
|
+
this.setTokens({
|
|
513
|
+
...tokens,
|
|
514
|
+
issued_at: this.dateTimeProvider.now().unix(),
|
|
515
|
+
provider: provider.name
|
|
516
|
+
}, cookies);
|
|
517
|
+
reply.redirect(redirectUri);
|
|
518
|
+
}
|
|
519
|
+
});
|
|
520
|
+
/**
|
|
521
|
+
* Logout route for OAuth2/OIDC providers.
|
|
522
|
+
*/
|
|
523
|
+
logout = $route({
|
|
524
|
+
path: alephaServerAuthRoutes.logout,
|
|
525
|
+
method: "GET",
|
|
526
|
+
schema: { query: t.object({ post_logout_redirect_uri: t.optional(t.text()) }) },
|
|
527
|
+
handler: async ({ query, reply, cookies }) => {
|
|
528
|
+
const redirect = query.post_logout_redirect_uri ?? "/";
|
|
529
|
+
const tokens = this.getTokens(cookies);
|
|
530
|
+
if (!tokens) {
|
|
531
|
+
reply.redirect(redirect);
|
|
532
|
+
return;
|
|
533
|
+
}
|
|
534
|
+
const provider = this.provider(tokens.provider);
|
|
535
|
+
this.tokens.del({ cookies });
|
|
536
|
+
if ("realm" in provider.options && tokens.refresh_token) {
|
|
537
|
+
const onDeleteSession = provider.options.realm.options.settings?.onDeleteSession;
|
|
538
|
+
if (onDeleteSession) try {
|
|
539
|
+
await onDeleteSession(tokens.refresh_token);
|
|
540
|
+
} catch (e) {
|
|
541
|
+
this.log.error("Failed to delete session", e);
|
|
542
|
+
}
|
|
543
|
+
}
|
|
544
|
+
const oauth = provider.oauth;
|
|
545
|
+
if (!oauth) {
|
|
546
|
+
reply.redirect(redirect);
|
|
547
|
+
return;
|
|
548
|
+
}
|
|
549
|
+
const params = new URLSearchParams();
|
|
550
|
+
const idToken = tokens?.id_token;
|
|
551
|
+
params.set("post_logout_redirect_uri", redirect);
|
|
552
|
+
if (idToken) params.set("id_token_hint", idToken);
|
|
553
|
+
const customLogoutUri = "oidc" in provider.options ? provider.options.oidc?.logoutUri : void 0;
|
|
554
|
+
if (customLogoutUri) {
|
|
555
|
+
reply.redirect(`${customLogoutUri}?${params}`);
|
|
556
|
+
return;
|
|
557
|
+
}
|
|
558
|
+
if (!oauth.serverMetadata().end_session_endpoint) {
|
|
559
|
+
reply.redirect(redirect);
|
|
560
|
+
return;
|
|
561
|
+
}
|
|
562
|
+
reply.redirect(buildEndSessionUrl(oauth, params).toString());
|
|
563
|
+
}
|
|
564
|
+
});
|
|
565
|
+
/**
|
|
566
|
+
* Find an auth provider by name and optionally by realm.
|
|
567
|
+
* When realm is specified, it filters providers by both name and realm.
|
|
568
|
+
* This enables multi-realm setups where multiple providers share the same name (e.g., "credentials").
|
|
569
|
+
*/
|
|
570
|
+
provider(opts) {
|
|
571
|
+
const name = typeof opts === "string" ? opts : opts.provider;
|
|
572
|
+
const realmName = typeof opts === "string" ? void 0 : opts.realm;
|
|
573
|
+
const identity = this.identities.find((identity$1) => {
|
|
574
|
+
if (identity$1.name !== name) return false;
|
|
575
|
+
if (realmName && identity$1.realm?.name !== realmName) return false;
|
|
576
|
+
return true;
|
|
577
|
+
});
|
|
578
|
+
if (!identity) throw new SecurityError(`Auth provider '${name}'${realmName ? ` for realm '${realmName}'` : ""} not found`);
|
|
579
|
+
return identity;
|
|
580
|
+
}
|
|
581
|
+
getTokens(cookies) {
|
|
582
|
+
return this.tokens.get({ cookies });
|
|
583
|
+
}
|
|
584
|
+
setTokens(tokens, cookies) {
|
|
585
|
+
const exp = tokens.refresh_token_expires_in || tokens.refresh_expires_in || tokens.expires_in;
|
|
586
|
+
const ttl = exp ? this.dateTimeProvider.duration(exp, "seconds") : void 0;
|
|
587
|
+
this.tokens.set(tokens, {
|
|
588
|
+
cookies,
|
|
589
|
+
ttl
|
|
590
|
+
});
|
|
591
|
+
}
|
|
592
|
+
};
|
|
593
|
+
|
|
594
|
+
//#endregion
|
|
595
|
+
//#region ../../src/server/auth/schemas/authenticationProviderSchema.ts
|
|
596
|
+
const authenticationProviderSchema = t.object({
|
|
597
|
+
name: t.text({ description: "Name of the authentication provider." }),
|
|
598
|
+
type: t.enum([
|
|
599
|
+
"OAUTH2",
|
|
600
|
+
"OIDC",
|
|
601
|
+
"CREDENTIALS"
|
|
602
|
+
], { description: "Type of the authentication provider." })
|
|
603
|
+
}, { title: "AuthenticationProvider" });
|
|
604
|
+
|
|
605
|
+
//#endregion
|
|
606
|
+
//#region ../../src/server/auth/primitives/$authCredentials.ts
|
|
607
|
+
/**
|
|
608
|
+
* Already configured Credentials authentication primitive.
|
|
609
|
+
*
|
|
610
|
+
* Uses username and password to authenticate users.
|
|
611
|
+
*/
|
|
612
|
+
const $authCredentials = (realm, options = {}) => {
|
|
613
|
+
const name = "credentials";
|
|
614
|
+
const account = realm.login ? realm.login(name) : options.account;
|
|
615
|
+
if (!account) throw new AlephaError("Credentials authentication requires a login function in the realm primitive.");
|
|
616
|
+
return $auth({
|
|
617
|
+
realm,
|
|
618
|
+
name,
|
|
619
|
+
credentials: { account }
|
|
620
|
+
});
|
|
621
|
+
};
|
|
622
|
+
|
|
623
|
+
//#endregion
|
|
624
|
+
//#region ../../src/server/auth/primitives/$authGithub.ts
|
|
625
|
+
/**
|
|
626
|
+
* Already configured GitHub authentication primitive.
|
|
627
|
+
*
|
|
628
|
+
* Uses OAuth2 to authenticate users via their GitHub accounts.
|
|
629
|
+
* Upon successful authentication, it links the GitHub account to a user session.
|
|
630
|
+
*
|
|
631
|
+
* Environment Variables:
|
|
632
|
+
* - `GITHUB_CLIENT_ID`: The client ID obtained from the GitHub Developer Settings.
|
|
633
|
+
* - `GITHUB_CLIENT_SECRET`: The client secret obtained from the GitHub Developer Settings.
|
|
634
|
+
*/
|
|
635
|
+
const $authGithub = (realm, options = {}) => {
|
|
636
|
+
const { alepha } = $context();
|
|
637
|
+
const env = alepha.parseEnv(t.object({
|
|
638
|
+
GITHUB_CLIENT_ID: t.optional(t.text()),
|
|
639
|
+
GITHUB_CLIENT_SECRET: t.optional(t.text())
|
|
640
|
+
}));
|
|
641
|
+
const disabled = !env.GITHUB_CLIENT_ID || !env.GITHUB_CLIENT_SECRET;
|
|
642
|
+
const name = "github";
|
|
643
|
+
const account = options.account ?? (realm.link ? realm.link(name) : void 0);
|
|
644
|
+
if (!account) throw new AlephaError("Authentication requires a link function in the realm primitive.");
|
|
645
|
+
return $auth({
|
|
646
|
+
realm,
|
|
647
|
+
name,
|
|
648
|
+
oauth: {
|
|
649
|
+
clientId: env.GITHUB_CLIENT_ID,
|
|
650
|
+
clientSecret: env.GITHUB_CLIENT_SECRET,
|
|
651
|
+
authorization: "https://github.com/login/oauth/authorize",
|
|
652
|
+
token: "https://github.com/login/oauth/access_token",
|
|
653
|
+
scope: "read:user user:email",
|
|
654
|
+
userinfo: async (tokens) => {
|
|
655
|
+
const BASE_URL = "https://api.github.com";
|
|
656
|
+
const res = await fetch(`${BASE_URL}/user`, { headers: {
|
|
657
|
+
Authorization: `Bearer ${tokens.access_token}`,
|
|
658
|
+
"User-Agent": "Alepha"
|
|
659
|
+
} }).then((res$1) => res$1.json());
|
|
660
|
+
const user = { sub: res.id.toString() };
|
|
661
|
+
if (res.email) user.email = res.email;
|
|
662
|
+
if (res.name) user.name = res.name.trim();
|
|
663
|
+
if (res.avatar_url) user.picture = res.avatar_url;
|
|
664
|
+
if (!user.email) {
|
|
665
|
+
const res$1 = await fetch(`${BASE_URL}/user/emails`, { headers: {
|
|
666
|
+
Authorization: `Bearer ${tokens.access_token}`,
|
|
667
|
+
"User-Agent": "Alepha"
|
|
668
|
+
} });
|
|
669
|
+
if (res$1.ok) {
|
|
670
|
+
const emails = await res$1.json();
|
|
671
|
+
user.email = (emails.find((e) => e.primary) ?? emails[0]).email;
|
|
672
|
+
}
|
|
673
|
+
}
|
|
674
|
+
return user;
|
|
675
|
+
},
|
|
676
|
+
...options,
|
|
677
|
+
account
|
|
678
|
+
},
|
|
679
|
+
disabled
|
|
680
|
+
});
|
|
681
|
+
};
|
|
682
|
+
|
|
683
|
+
//#endregion
|
|
684
|
+
//#region ../../src/server/auth/primitives/$authGoogle.ts
|
|
685
|
+
/**
|
|
686
|
+
* Already configured Google authentication primitive.
|
|
687
|
+
*
|
|
688
|
+
* Uses OpenID Connect (OIDC) to authenticate users via their Google accounts.
|
|
689
|
+
* Upon successful authentication, it links the Google account to a user session.
|
|
690
|
+
*
|
|
691
|
+
* Environment Variables:
|
|
692
|
+
* - `GOOGLE_CLIENT_ID`: The client ID obtained from the Google Developer Console.
|
|
693
|
+
* - `GOOGLE_CLIENT_SECRET`: The client secret obtained from the Google Developer Console.
|
|
694
|
+
*/
|
|
695
|
+
const $authGoogle = (realm, options = {}) => {
|
|
696
|
+
const { alepha } = $context();
|
|
697
|
+
const env = alepha.parseEnv(t.object({
|
|
698
|
+
GOOGLE_CLIENT_ID: t.optional(t.text()),
|
|
699
|
+
GOOGLE_CLIENT_SECRET: t.optional(t.text())
|
|
700
|
+
}));
|
|
701
|
+
const disabled = !env.GOOGLE_CLIENT_ID || !env.GOOGLE_CLIENT_SECRET;
|
|
702
|
+
const name = "google";
|
|
703
|
+
const account = options.account ?? (realm.link ? realm.link(name) : void 0);
|
|
704
|
+
if (!account) throw new AlephaError("Authentication requires a link function in the realm primitive.");
|
|
705
|
+
return $auth({
|
|
706
|
+
realm,
|
|
707
|
+
name,
|
|
708
|
+
oidc: {
|
|
709
|
+
issuer: "https://accounts.google.com",
|
|
710
|
+
clientId: env.GOOGLE_CLIENT_ID,
|
|
711
|
+
clientSecret: env.GOOGLE_CLIENT_SECRET,
|
|
712
|
+
...options,
|
|
713
|
+
account
|
|
714
|
+
},
|
|
715
|
+
disabled
|
|
716
|
+
});
|
|
717
|
+
};
|
|
718
|
+
|
|
719
|
+
//#endregion
|
|
720
|
+
//#region ../../src/server/auth/index.ts
|
|
721
|
+
/**
|
|
722
|
+
* Allow authentication services for server applications.
|
|
723
|
+
* It provides login and logout functionalities.
|
|
724
|
+
*
|
|
725
|
+
* There are multiple authentication providers available (e.g., Google, GitHub).
|
|
726
|
+
* You can also delegate authentication to your own OIDC/OAuth2, for example using Keycloak or Auth0.
|
|
727
|
+
*
|
|
728
|
+
* It's cookie-based and SSR friendly.
|
|
729
|
+
*
|
|
730
|
+
* @see {@link $auth}
|
|
731
|
+
* @see {@link ServerAuthProvider}
|
|
732
|
+
* @module alepha.server.auth
|
|
733
|
+
*/
|
|
734
|
+
const AlephaServerAuth = $module({
|
|
735
|
+
name: "alepha.server.auth",
|
|
736
|
+
primitives: [$auth],
|
|
737
|
+
services: [AlephaServerCookies, ServerAuthProvider]
|
|
738
|
+
});
|
|
739
|
+
|
|
740
|
+
//#endregion
|
|
741
|
+
export { $auth, $authCredentials, $authGithub, $authGoogle, AlephaServerAuth, AuthPrimitive, ServerAuthProvider, alephaServerAuthRoutes, authenticationProviderSchema, tokenResponseSchema, tokensSchema, userinfoResponseSchema };
|
|
742
|
+
//# sourceMappingURL=index.js.map
|