alepha 0.14.3 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -5
- package/dist/api/audits/index.d.ts +620 -811
- package/dist/api/audits/index.d.ts.map +1 -1
- package/dist/api/files/index.d.ts +185 -377
- package/dist/api/files/index.d.ts.map +1 -1
- package/dist/api/files/index.js +0 -1
- package/dist/api/files/index.js.map +1 -1
- package/dist/api/jobs/index.d.ts +245 -435
- package/dist/api/jobs/index.d.ts.map +1 -1
- package/dist/api/notifications/index.d.ts +238 -429
- package/dist/api/notifications/index.d.ts.map +1 -1
- package/dist/api/parameters/index.d.ts +236 -427
- package/dist/api/parameters/index.d.ts.map +1 -1
- package/dist/api/users/index.browser.js +1 -2
- package/dist/api/users/index.browser.js.map +1 -1
- package/dist/api/users/index.d.ts +1010 -1196
- package/dist/api/users/index.d.ts.map +1 -1
- package/dist/api/users/index.js +178 -151
- package/dist/api/users/index.js.map +1 -1
- package/dist/api/verifications/index.d.ts +17 -17
- package/dist/api/verifications/index.d.ts.map +1 -1
- package/dist/batch/index.d.ts +122 -122
- package/dist/batch/index.d.ts.map +1 -1
- package/dist/batch/index.js +1 -2
- package/dist/batch/index.js.map +1 -1
- package/dist/bucket/index.d.ts +163 -163
- package/dist/bucket/index.d.ts.map +1 -1
- package/dist/cache/core/index.d.ts +46 -46
- package/dist/cache/core/index.d.ts.map +1 -1
- package/dist/cache/redis/index.d.ts.map +1 -1
- package/dist/cli/index.d.ts +384 -285
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +1113 -623
- package/dist/cli/index.js.map +1 -1
- package/dist/command/index.d.ts +299 -300
- package/dist/command/index.d.ts.map +1 -1
- package/dist/command/index.js +13 -9
- package/dist/command/index.js.map +1 -1
- package/dist/core/index.browser.js +445 -103
- package/dist/core/index.browser.js.map +1 -1
- package/dist/core/index.d.ts +733 -625
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +446 -103
- package/dist/core/index.js.map +1 -1
- package/dist/core/index.native.js +445 -103
- package/dist/core/index.native.js.map +1 -1
- package/dist/datetime/index.d.ts +44 -44
- package/dist/datetime/index.d.ts.map +1 -1
- package/dist/datetime/index.js +4 -4
- package/dist/datetime/index.js.map +1 -1
- package/dist/email/index.d.ts +97 -50
- package/dist/email/index.d.ts.map +1 -1
- package/dist/email/index.js +129 -33
- package/dist/email/index.js.map +1 -1
- package/dist/fake/index.d.ts +7981 -14
- package/dist/fake/index.d.ts.map +1 -1
- package/dist/file/index.d.ts +523 -390
- package/dist/file/index.d.ts.map +1 -1
- package/dist/file/index.js +253 -1
- package/dist/file/index.js.map +1 -1
- package/dist/lock/core/index.d.ts +208 -208
- package/dist/lock/core/index.d.ts.map +1 -1
- package/dist/lock/redis/index.d.ts.map +1 -1
- package/dist/logger/index.d.ts +25 -26
- package/dist/logger/index.d.ts.map +1 -1
- package/dist/logger/index.js +12 -2
- package/dist/logger/index.js.map +1 -1
- package/dist/mcp/index.d.ts +197 -197
- package/dist/mcp/index.d.ts.map +1 -1
- package/dist/mcp/index.js +1 -1
- package/dist/mcp/index.js.map +1 -1
- package/dist/orm/chunk-DtkW-qnP.js +38 -0
- package/dist/orm/index.browser.js.map +1 -1
- package/dist/orm/index.bun.js +2814 -0
- package/dist/orm/index.bun.js.map +1 -0
- package/dist/orm/index.d.ts +1228 -1216
- package/dist/orm/index.d.ts.map +1 -1
- package/dist/orm/index.js +2041 -1967
- package/dist/orm/index.js.map +1 -1
- package/dist/queue/core/index.d.ts +248 -248
- package/dist/queue/core/index.d.ts.map +1 -1
- package/dist/queue/redis/index.d.ts.map +1 -1
- package/dist/redis/index.bun.js +285 -0
- package/dist/redis/index.bun.js.map +1 -0
- package/dist/redis/index.d.ts +118 -136
- package/dist/redis/index.d.ts.map +1 -1
- package/dist/redis/index.js +18 -38
- package/dist/redis/index.js.map +1 -1
- package/dist/retry/index.d.ts +69 -69
- package/dist/retry/index.d.ts.map +1 -1
- package/dist/router/index.d.ts +6 -6
- package/dist/router/index.d.ts.map +1 -1
- package/dist/scheduler/index.d.ts +25 -25
- package/dist/scheduler/index.d.ts.map +1 -1
- package/dist/security/index.browser.js +5 -1
- package/dist/security/index.browser.js.map +1 -1
- package/dist/security/index.d.ts +417 -254
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +386 -86
- package/dist/security/index.js.map +1 -1
- package/dist/server/auth/index.d.ts +110 -110
- package/dist/server/auth/index.d.ts.map +1 -1
- package/dist/server/auth/index.js +20 -20
- package/dist/server/auth/index.js.map +1 -1
- package/dist/server/cache/index.d.ts +62 -47
- package/dist/server/cache/index.d.ts.map +1 -1
- package/dist/server/cache/index.js +56 -3
- package/dist/server/cache/index.js.map +1 -1
- package/dist/server/compress/index.d.ts +6 -0
- package/dist/server/compress/index.d.ts.map +1 -1
- package/dist/server/compress/index.js +36 -1
- package/dist/server/compress/index.js.map +1 -1
- package/dist/server/cookies/index.d.ts +6 -6
- package/dist/server/cookies/index.d.ts.map +1 -1
- package/dist/server/cookies/index.js +3 -3
- package/dist/server/cookies/index.js.map +1 -1
- package/dist/server/core/index.browser.js +2 -2
- package/dist/server/core/index.browser.js.map +1 -1
- package/dist/server/core/index.d.ts +242 -150
- package/dist/server/core/index.d.ts.map +1 -1
- package/dist/server/core/index.js +294 -125
- package/dist/server/core/index.js.map +1 -1
- package/dist/server/cors/index.d.ts +11 -12
- package/dist/server/cors/index.d.ts.map +1 -1
- package/dist/server/health/index.d.ts +0 -1
- package/dist/server/health/index.d.ts.map +1 -1
- package/dist/server/helmet/index.d.ts +2 -2
- package/dist/server/helmet/index.d.ts.map +1 -1
- package/dist/server/links/index.browser.js.map +1 -1
- package/dist/server/links/index.d.ts +123 -124
- package/dist/server/links/index.d.ts.map +1 -1
- package/dist/server/links/index.js +1 -2
- package/dist/server/links/index.js.map +1 -1
- package/dist/server/metrics/index.d.ts.map +1 -1
- package/dist/server/multipart/index.d.ts +6 -6
- package/dist/server/multipart/index.d.ts.map +1 -1
- package/dist/server/proxy/index.d.ts +102 -103
- package/dist/server/proxy/index.d.ts.map +1 -1
- package/dist/server/rate-limit/index.d.ts +16 -16
- package/dist/server/rate-limit/index.d.ts.map +1 -1
- package/dist/server/static/index.d.ts +44 -44
- package/dist/server/static/index.d.ts.map +1 -1
- package/dist/server/static/index.js +4 -0
- package/dist/server/static/index.js.map +1 -1
- package/dist/server/swagger/index.d.ts +48 -49
- package/dist/server/swagger/index.d.ts.map +1 -1
- package/dist/server/swagger/index.js +3 -5
- package/dist/server/swagger/index.js.map +1 -1
- package/dist/sms/index.d.ts +13 -11
- package/dist/sms/index.d.ts.map +1 -1
- package/dist/sms/index.js +7 -7
- package/dist/sms/index.js.map +1 -1
- package/dist/thread/index.d.ts +71 -72
- package/dist/thread/index.d.ts.map +1 -1
- package/dist/topic/core/index.d.ts +318 -318
- package/dist/topic/core/index.d.ts.map +1 -1
- package/dist/topic/redis/index.d.ts +6 -6
- package/dist/topic/redis/index.d.ts.map +1 -1
- package/dist/vite/index.d.ts +5805 -249
- package/dist/vite/index.d.ts.map +1 -1
- package/dist/vite/index.js +599 -513
- package/dist/vite/index.js.map +1 -1
- package/dist/websocket/index.browser.js +6 -6
- package/dist/websocket/index.browser.js.map +1 -1
- package/dist/websocket/index.d.ts +247 -247
- package/dist/websocket/index.d.ts.map +1 -1
- package/dist/websocket/index.js +6 -6
- package/dist/websocket/index.js.map +1 -1
- package/package.json +9 -14
- package/src/api/files/controllers/AdminFileStatsController.ts +0 -1
- package/src/api/users/atoms/realmAuthSettingsAtom.ts +5 -0
- package/src/api/users/controllers/{UserRealmController.ts → RealmController.ts} +11 -11
- package/src/api/users/entities/users.ts +1 -1
- package/src/api/users/index.ts +8 -8
- package/src/api/users/primitives/{$userRealm.ts → $realm.ts} +17 -19
- package/src/api/users/providers/{UserRealmProvider.ts → RealmProvider.ts} +26 -30
- package/src/api/users/schemas/{userRealmConfigSchema.ts → realmConfigSchema.ts} +2 -2
- package/src/api/users/services/CredentialService.ts +7 -7
- package/src/api/users/services/IdentityService.ts +4 -4
- package/src/api/users/services/RegistrationService.spec.ts +25 -27
- package/src/api/users/services/RegistrationService.ts +38 -27
- package/src/api/users/services/SessionCrudService.ts +3 -3
- package/src/api/users/services/SessionService.spec.ts +3 -3
- package/src/api/users/services/SessionService.ts +28 -9
- package/src/api/users/services/UserService.ts +7 -7
- package/src/batch/providers/BatchProvider.ts +1 -2
- package/src/cli/apps/AlephaCli.ts +0 -2
- package/src/cli/apps/AlephaPackageBuilderCli.ts +38 -19
- package/src/cli/assets/apiHelloControllerTs.ts +18 -0
- package/src/cli/assets/apiIndexTs.ts +16 -0
- package/src/cli/assets/claudeMd.ts +303 -0
- package/src/cli/assets/mainBrowserTs.ts +2 -2
- package/src/cli/assets/mainServerTs.ts +24 -0
- package/src/cli/assets/webAppRouterTs.ts +15 -0
- package/src/cli/assets/webHelloComponentTsx.ts +16 -0
- package/src/cli/assets/webIndexTs.ts +16 -0
- package/src/cli/atoms/buildOptions.ts +88 -0
- package/src/cli/commands/build.ts +70 -87
- package/src/cli/commands/db.ts +21 -22
- package/src/cli/commands/deploy.ts +17 -5
- package/src/cli/commands/dev.ts +22 -14
- package/src/cli/commands/format.ts +8 -2
- package/src/cli/commands/gen/env.ts +53 -0
- package/src/cli/commands/gen/openapi.ts +1 -1
- package/src/cli/commands/gen/resource.ts +15 -0
- package/src/cli/commands/gen.ts +7 -1
- package/src/cli/commands/init.ts +74 -30
- package/src/cli/commands/lint.ts +8 -2
- package/src/cli/commands/test.ts +8 -3
- package/src/cli/commands/typecheck.ts +5 -1
- package/src/cli/commands/verify.ts +5 -3
- package/src/cli/defineConfig.ts +49 -7
- package/src/cli/index.ts +0 -1
- package/src/cli/services/AlephaCliUtils.ts +39 -589
- package/src/cli/services/PackageManagerUtils.ts +301 -0
- package/src/cli/services/ProjectScaffolder.ts +306 -0
- package/src/command/helpers/Runner.spec.ts +2 -2
- package/src/command/helpers/Runner.ts +16 -4
- package/src/command/primitives/$command.ts +0 -6
- package/src/command/providers/CliProvider.ts +1 -3
- package/src/core/Alepha.ts +42 -0
- package/src/core/__tests__/Alepha-graph.spec.ts +4 -0
- package/src/core/index.shared.ts +1 -0
- package/src/core/index.ts +2 -0
- package/src/core/primitives/$hook.ts +6 -2
- package/src/core/primitives/$module.spec.ts +4 -0
- package/src/core/providers/AlsProvider.ts +1 -1
- package/src/core/providers/CodecManager.spec.ts +12 -6
- package/src/core/providers/CodecManager.ts +26 -6
- package/src/core/providers/EventManager.ts +169 -13
- package/src/core/providers/KeylessJsonSchemaCodec.spec.ts +621 -0
- package/src/core/providers/KeylessJsonSchemaCodec.ts +407 -0
- package/src/core/providers/StateManager.spec.ts +27 -16
- package/src/email/providers/LocalEmailProvider.spec.ts +111 -87
- package/src/email/providers/LocalEmailProvider.ts +52 -15
- package/src/email/providers/NodemailerEmailProvider.ts +167 -56
- package/src/file/errors/FileError.ts +7 -0
- package/src/file/index.ts +9 -1
- package/src/file/providers/MemoryFileSystemProvider.ts +393 -0
- package/src/logger/index.ts +15 -3
- package/src/mcp/transports/StdioMcpTransport.ts +1 -1
- package/src/orm/index.browser.ts +1 -19
- package/src/orm/index.bun.ts +77 -0
- package/src/orm/index.shared-server.ts +22 -0
- package/src/orm/index.shared.ts +15 -0
- package/src/orm/index.ts +13 -39
- package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -5
- package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
- package/src/orm/providers/drivers/CloudflareD1Provider.ts +4 -0
- package/src/orm/providers/drivers/DatabaseProvider.ts +4 -0
- package/src/orm/providers/drivers/PglitePostgresProvider.ts +4 -0
- package/src/orm/services/Repository.ts +8 -0
- package/src/queue/core/providers/WorkerProvider.spec.ts +48 -32
- package/src/redis/index.bun.ts +35 -0
- package/src/redis/providers/BunRedisProvider.ts +12 -43
- package/src/redis/providers/BunRedisSubscriberProvider.ts +2 -3
- package/src/redis/providers/NodeRedisProvider.ts +16 -34
- package/src/{server/security → security}/__tests__/BasicAuth.spec.ts +11 -11
- package/src/{server/security → security}/__tests__/ServerSecurityProvider-realm.spec.ts +21 -16
- package/src/{server/security/providers → security/__tests__}/ServerSecurityProvider.spec.ts +5 -5
- package/src/security/index.browser.ts +5 -0
- package/src/security/index.ts +90 -7
- package/src/security/primitives/{$realm.spec.ts → $issuer.spec.ts} +11 -11
- package/src/security/primitives/{$realm.ts → $issuer.ts} +20 -17
- package/src/security/primitives/$role.ts +5 -5
- package/src/security/primitives/$serviceAccount.spec.ts +5 -5
- package/src/security/primitives/$serviceAccount.ts +3 -3
- package/src/{server/security → security}/providers/ServerSecurityProvider.ts +5 -7
- package/src/server/auth/primitives/$auth.ts +10 -10
- package/src/server/auth/primitives/$authCredentials.ts +3 -3
- package/src/server/auth/primitives/$authGithub.ts +3 -3
- package/src/server/auth/primitives/$authGoogle.ts +3 -3
- package/src/server/auth/providers/ServerAuthProvider.ts +13 -13
- package/src/server/cache/providers/ServerCacheProvider.spec.ts +183 -0
- package/src/server/cache/providers/ServerCacheProvider.ts +95 -10
- package/src/server/compress/providers/ServerCompressProvider.ts +61 -2
- package/src/server/cookies/providers/ServerCookiesProvider.ts +3 -3
- package/src/server/core/helpers/ServerReply.ts +2 -2
- package/src/server/core/providers/NodeHttpServerProvider.ts +25 -6
- package/src/server/core/providers/ServerBodyParserProvider.ts +19 -23
- package/src/server/core/providers/ServerLoggerProvider.ts +23 -19
- package/src/server/core/providers/ServerProvider.ts +155 -22
- package/src/server/core/providers/ServerRouterProvider.ts +259 -115
- package/src/server/core/providers/ServerTimingProvider.ts +2 -2
- package/src/server/links/index.ts +1 -1
- package/src/server/links/providers/LinkProvider.ts +1 -1
- package/src/server/static/providers/ServerStaticProvider.ts +10 -0
- package/src/server/swagger/index.ts +1 -1
- package/src/server/swagger/providers/ServerSwaggerProvider.ts +5 -8
- package/src/sms/providers/LocalSmsProvider.spec.ts +153 -111
- package/src/sms/providers/LocalSmsProvider.ts +8 -7
- package/src/vite/helpers/boot.ts +28 -17
- package/src/vite/helpers/importViteReact.ts +13 -0
- package/src/vite/index.ts +1 -21
- package/src/vite/plugins/viteAlephaDev.ts +16 -1
- package/src/vite/plugins/viteAlephaSsrPreload.ts +222 -0
- package/src/vite/tasks/buildClient.ts +11 -0
- package/src/vite/tasks/buildServer.ts +59 -4
- package/src/vite/tasks/devServer.ts +71 -0
- package/src/vite/tasks/generateCloudflare.ts +7 -0
- package/src/vite/tasks/index.ts +2 -1
- package/dist/server/security/index.browser.js +0 -13
- package/dist/server/security/index.browser.js.map +0 -1
- package/dist/server/security/index.d.ts +0 -173
- package/dist/server/security/index.d.ts.map +0 -1
- package/dist/server/security/index.js +0 -311
- package/dist/server/security/index.js.map +0 -1
- package/src/cli/assets/appRouterTs.ts +0 -9
- package/src/cli/assets/mainTs.ts +0 -13
- package/src/cli/assets/viteConfigTs.ts +0 -14
- package/src/cli/commands/run.ts +0 -24
- package/src/server/security/index.browser.ts +0 -10
- package/src/server/security/index.ts +0 -94
- package/src/vite/plugins/viteAlepha.ts +0 -37
- package/src/vite/plugins/viteAlephaBuild.ts +0 -281
- /package/src/{server/security → security}/primitives/$basicAuth.ts +0 -0
- /package/src/{server/security → security}/providers/ServerBasicAuthProvider.ts +0 -0
|
@@ -3,7 +3,7 @@ import { Alepha, Async, KIND, Primitive, Static } from "alepha";
|
|
|
3
3
|
import * as alepha_server_cookies0 from "alepha/server/cookies";
|
|
4
4
|
import { Cookies, ServerCookiesProvider } from "alepha/server/cookies";
|
|
5
5
|
import { DateTimeProvider } from "alepha/datetime";
|
|
6
|
-
import { AccessTokenResponse,
|
|
6
|
+
import { AccessTokenResponse, IssuerPrimitive, SecurityProvider, UserAccount } from "alepha/security";
|
|
7
7
|
import { Configuration } from "openid-client";
|
|
8
8
|
import * as alepha_logger0 from "alepha/logger";
|
|
9
9
|
import * as alepha_server0 from "alepha/server";
|
|
@@ -142,18 +142,18 @@ declare class ServerAuthProvider {
|
|
|
142
142
|
protected readonly configure: alepha181.HookPrimitive<"configure">;
|
|
143
143
|
protected getAccessTokens(tokens: Tokens): string | undefined;
|
|
144
144
|
/**
|
|
145
|
-
|
|
146
|
-
|
|
145
|
+
* Fill request headers with access token from cookies or fallback to provider's fallback function.
|
|
146
|
+
*/
|
|
147
147
|
protected readonly onRequest: alepha181.HookPrimitive<"server:onRequest">;
|
|
148
148
|
/**
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
149
|
+
* Convert cookies to tokens.
|
|
150
|
+
* If the tokens are expired, try to refresh them using the refresh token.
|
|
151
|
+
*/
|
|
152
152
|
protected cookiesToTokens(cookies: Cookies): Promise<Tokens | undefined>;
|
|
153
153
|
protected refreshTokens(tokens: Tokens): Promise<Tokens | undefined>;
|
|
154
154
|
/**
|
|
155
|
-
|
|
156
|
-
|
|
155
|
+
* Get user information.
|
|
156
|
+
*/
|
|
157
157
|
readonly userinfo: alepha_server0.RoutePrimitive<{
|
|
158
158
|
response: alepha181.TObject<{
|
|
159
159
|
user: alepha181.TOptional<alepha181.TObject<{
|
|
@@ -184,8 +184,8 @@ declare class ServerAuthProvider {
|
|
|
184
184
|
}>;
|
|
185
185
|
}>;
|
|
186
186
|
/**
|
|
187
|
-
|
|
188
|
-
|
|
187
|
+
* Refresh a token for internal providers.
|
|
188
|
+
*/
|
|
189
189
|
readonly refresh: alepha_server0.RoutePrimitive<{
|
|
190
190
|
query: alepha181.TObject<{
|
|
191
191
|
provider: alepha181.TString;
|
|
@@ -207,8 +207,8 @@ declare class ServerAuthProvider {
|
|
|
207
207
|
}>;
|
|
208
208
|
}>;
|
|
209
209
|
/**
|
|
210
|
-
|
|
211
|
-
|
|
210
|
+
* Login for local password-based authentication.
|
|
211
|
+
*/
|
|
212
212
|
readonly token: alepha_server0.RoutePrimitive<{
|
|
213
213
|
query: alepha181.TObject<{
|
|
214
214
|
provider: alepha181.TString;
|
|
@@ -256,8 +256,8 @@ declare class ServerAuthProvider {
|
|
|
256
256
|
}>;
|
|
257
257
|
}>;
|
|
258
258
|
/**
|
|
259
|
-
|
|
260
|
-
|
|
259
|
+
* Oauth2/OIDC login route.
|
|
260
|
+
*/
|
|
261
261
|
readonly login: alepha_server0.RoutePrimitive<{
|
|
262
262
|
query: alepha181.TObject<{
|
|
263
263
|
provider: alepha181.TString;
|
|
@@ -266,23 +266,23 @@ declare class ServerAuthProvider {
|
|
|
266
266
|
}>;
|
|
267
267
|
}>;
|
|
268
268
|
/**
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
269
|
+
* Callback for OAuth2/OIDC providers.
|
|
270
|
+
* It handles the authorization code flow and retrieves the access token.
|
|
271
|
+
*/
|
|
272
272
|
readonly callback: alepha_server0.RoutePrimitive<alepha_server0.RequestConfigSchema>;
|
|
273
273
|
/**
|
|
274
|
-
|
|
275
|
-
|
|
274
|
+
* Logout route for OAuth2/OIDC providers.
|
|
275
|
+
*/
|
|
276
276
|
readonly logout: alepha_server0.RoutePrimitive<{
|
|
277
277
|
query: alepha181.TObject<{
|
|
278
278
|
post_logout_redirect_uri: alepha181.TOptional<alepha181.TString>;
|
|
279
279
|
}>;
|
|
280
280
|
}>;
|
|
281
281
|
/**
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
282
|
+
* Find an auth provider by name and optionally by realm.
|
|
283
|
+
* When realm is specified, it filters providers by both name and realm.
|
|
284
|
+
* This enables multi-realm setups where multiple providers share the same name (e.g., "credentials").
|
|
285
|
+
*/
|
|
286
286
|
protected provider(opts: string | {
|
|
287
287
|
provider: string;
|
|
288
288
|
realm?: string;
|
|
@@ -362,13 +362,13 @@ declare const $auth: {
|
|
|
362
362
|
};
|
|
363
363
|
type AuthPrimitiveOptions = {
|
|
364
364
|
/**
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
365
|
+
* Name of the identity provider.
|
|
366
|
+
* If not provided, it will be derived from the property key.
|
|
367
|
+
*/
|
|
368
368
|
name?: string;
|
|
369
369
|
/**
|
|
370
|
-
|
|
371
|
-
|
|
370
|
+
* If true, auth provider will be skipped.
|
|
371
|
+
*/
|
|
372
372
|
disabled?: boolean;
|
|
373
373
|
} & (AuthExternal | AuthInternal);
|
|
374
374
|
/**
|
|
@@ -376,60 +376,60 @@ type AuthPrimitiveOptions = {
|
|
|
376
376
|
*/
|
|
377
377
|
type AuthExternal = {
|
|
378
378
|
/**
|
|
379
|
-
|
|
380
|
-
|
|
379
|
+
* Only OIDC is supported for external authentication.
|
|
380
|
+
*/
|
|
381
381
|
oidc: OidcOptions;
|
|
382
382
|
/**
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
383
|
+
* For anonymous access, this will expect a service account access token.
|
|
384
|
+
*
|
|
385
|
+
* ```ts
|
|
386
|
+
* class App {
|
|
387
|
+
* anonymous = $serviceAccount(...);
|
|
388
|
+
* auth = $auth({
|
|
389
|
+
* // ... config ...
|
|
390
|
+
* fallback: this.anonymous,
|
|
391
|
+
* })
|
|
392
|
+
* }
|
|
393
|
+
* ```
|
|
394
|
+
*/
|
|
395
395
|
fallback?: () => Async<AccessToken>;
|
|
396
396
|
};
|
|
397
397
|
/**
|
|
398
398
|
* When using your own authentication system, e.g. using a database to store user accounts.
|
|
399
399
|
* This is usually used with a custom login form.
|
|
400
400
|
*
|
|
401
|
-
* This relies on the `
|
|
401
|
+
* This relies on the `issuer`, which is used to create/verify the access token.
|
|
402
402
|
*/
|
|
403
403
|
type AuthInternal = {
|
|
404
|
-
|
|
404
|
+
issuer: IssuerPrimitive;
|
|
405
405
|
} & ({
|
|
406
406
|
/**
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
407
|
+
* The common username/password authentication.
|
|
408
|
+
*
|
|
409
|
+
* - It uses the OAuth2 Client Credentials flow to obtain an access token.
|
|
410
|
+
*
|
|
411
|
+
* This is usually used with a custom login form on your website or mobile app.
|
|
412
|
+
*/
|
|
413
413
|
credentials: CredentialsOptions;
|
|
414
414
|
} | {
|
|
415
415
|
/**
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
416
|
+
* OAuth2 authentication. Delegates authentication to an OAuth2 provider. (e.g. Google, GitHub, etc.)
|
|
417
|
+
*
|
|
418
|
+
* - It uses the OAuth2 Authorization Code flow to obtain an access token and user information.
|
|
419
|
+
*
|
|
420
|
+
* This is usually used with a login button that redirects to the OAuth2 provider.
|
|
421
|
+
*/
|
|
422
422
|
oauth: OAuth2Options;
|
|
423
423
|
} | {
|
|
424
424
|
/**
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
425
|
+
* Like OAuth2, but uses OIDC (OpenID Connect) for authentication and user information retrieval.
|
|
426
|
+
* OIDC is an identity layer on top of OAuth2, providing user authentication and profile information.
|
|
427
|
+
*
|
|
428
|
+
* - It uses the OAuth2 Authorization Code flow to obtain an access token and user information.
|
|
429
|
+
* - PCKE (Proof Key for Code Exchange) is recommended for security.
|
|
430
|
+
*
|
|
431
|
+
* This is usually used with a login button that redirects to the OIDC provider.
|
|
432
|
+
*/
|
|
433
433
|
oidc: OidcOptions;
|
|
434
434
|
});
|
|
435
435
|
type CredentialsOptions = {
|
|
@@ -442,36 +442,36 @@ interface Credentials {
|
|
|
442
442
|
}
|
|
443
443
|
interface OidcOptions {
|
|
444
444
|
/**
|
|
445
|
-
|
|
446
|
-
|
|
445
|
+
* URL of the OIDC issuer.
|
|
446
|
+
*/
|
|
447
447
|
issuer: string;
|
|
448
448
|
/**
|
|
449
|
-
|
|
450
|
-
|
|
449
|
+
* Client ID for the OIDC client.
|
|
450
|
+
*/
|
|
451
451
|
clientId: string;
|
|
452
452
|
/**
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
453
|
+
* Client secret for the OIDC client.
|
|
454
|
+
* Optional if PKCE (Proof Key for Code Exchange) is used.
|
|
455
|
+
*/
|
|
456
456
|
clientSecret?: string;
|
|
457
457
|
/**
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
458
|
+
* Redirect URI for the OIDC client.
|
|
459
|
+
* This is where the user will be redirected after authentication.
|
|
460
|
+
*/
|
|
461
461
|
redirectUri?: string;
|
|
462
462
|
/**
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
463
|
+
* For external auth providers only.
|
|
464
|
+
* Take the ID token instead of the access token for validation.
|
|
465
|
+
*/
|
|
466
466
|
useIdToken?: boolean;
|
|
467
467
|
/**
|
|
468
|
-
|
|
469
|
-
|
|
468
|
+
* URI to redirect the user after logout.
|
|
469
|
+
*/
|
|
470
470
|
logoutUri?: string;
|
|
471
471
|
/**
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
472
|
+
* Optional scope for the OIDC client.
|
|
473
|
+
* @default "openid profile email".
|
|
474
|
+
*/
|
|
475
475
|
scope?: string;
|
|
476
476
|
account?: LinkAccountFn;
|
|
477
477
|
}
|
|
@@ -485,33 +485,33 @@ interface LinkAccountOptions {
|
|
|
485
485
|
type LinkAccountFn = (tokens: LinkAccountOptions) => Async<UserAccount>;
|
|
486
486
|
interface OAuth2Options {
|
|
487
487
|
/**
|
|
488
|
-
|
|
489
|
-
|
|
488
|
+
* URL of the OAuth2 authorization endpoint.
|
|
489
|
+
*/
|
|
490
490
|
clientId: string;
|
|
491
491
|
/**
|
|
492
|
-
|
|
493
|
-
|
|
492
|
+
* Client secret for the OAuth2 client.
|
|
493
|
+
*/
|
|
494
494
|
clientSecret: string;
|
|
495
495
|
/**
|
|
496
|
-
|
|
497
|
-
|
|
496
|
+
* URL of the OAuth2 authorization endpoint.
|
|
497
|
+
*/
|
|
498
498
|
authorization: string;
|
|
499
499
|
/**
|
|
500
|
-
|
|
501
|
-
|
|
500
|
+
* URL of the OAuth2 token endpoint.
|
|
501
|
+
*/
|
|
502
502
|
token: string;
|
|
503
503
|
/**
|
|
504
|
-
|
|
505
|
-
|
|
504
|
+
* Function to retrieve user profile information from the OAuth2 tokens.
|
|
505
|
+
*/
|
|
506
506
|
userinfo: (tokens: Tokens) => Async<OAuth2Profile>;
|
|
507
507
|
account?: LinkAccountFn;
|
|
508
508
|
/**
|
|
509
|
-
|
|
510
|
-
|
|
509
|
+
* URL of the OAuth2 authorization endpoint.
|
|
510
|
+
*/
|
|
511
511
|
redirectUri?: string;
|
|
512
512
|
/**
|
|
513
|
-
|
|
514
|
-
|
|
513
|
+
* URL of the OAuth2 authorization endpoint.
|
|
514
|
+
*/
|
|
515
515
|
scope?: string;
|
|
516
516
|
}
|
|
517
517
|
declare class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
|
|
@@ -519,19 +519,19 @@ declare class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
|
|
|
519
519
|
protected readonly dateTimeProvider: DateTimeProvider;
|
|
520
520
|
oauth?: Configuration;
|
|
521
521
|
get name(): string;
|
|
522
|
-
get
|
|
522
|
+
get issuer(): IssuerPrimitive | undefined;
|
|
523
523
|
get jwks_uri(): string;
|
|
524
524
|
get scope(): string | undefined;
|
|
525
525
|
get redirect_uri(): string | undefined;
|
|
526
526
|
/**
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
527
|
+
* Refreshes the access token using the refresh token.
|
|
528
|
+
* Can be used on oauth2, oidc or credentials auth providers.
|
|
529
|
+
*/
|
|
530
530
|
refresh(refreshToken: string, accessToken?: string): Promise<AccessTokenResponse>;
|
|
531
531
|
/**
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
532
|
+
* Extracts user information from the access token.
|
|
533
|
+
* This is used to create a user account from the access token.
|
|
534
|
+
*/
|
|
535
535
|
user(tokens: Tokens): Promise<UserAccount>;
|
|
536
536
|
protected getUserFromIdToken(idToken: string): OAuth2Profile;
|
|
537
537
|
prepare(): Promise<void>;
|
|
@@ -552,7 +552,7 @@ interface WithLoginFn {
|
|
|
552
552
|
*
|
|
553
553
|
* Uses username and password to authenticate users.
|
|
554
554
|
*/
|
|
555
|
-
declare const $authCredentials: (realm:
|
|
555
|
+
declare const $authCredentials: (realm: IssuerPrimitive & WithLoginFn, options?: Partial<CredentialsOptions>) => AuthPrimitive;
|
|
556
556
|
//#endregion
|
|
557
557
|
//#region ../../src/server/auth/primitives/$authGithub.d.ts
|
|
558
558
|
/**
|
|
@@ -565,7 +565,7 @@ declare const $authCredentials: (realm: RealmPrimitive & WithLoginFn, options?:
|
|
|
565
565
|
* - `GITHUB_CLIENT_ID`: The client ID obtained from the GitHub Developer Settings.
|
|
566
566
|
* - `GITHUB_CLIENT_SECRET`: The client secret obtained from the GitHub Developer Settings.
|
|
567
567
|
*/
|
|
568
|
-
declare const $authGithub: (realm:
|
|
568
|
+
declare const $authGithub: (realm: IssuerPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
|
|
569
569
|
//#endregion
|
|
570
570
|
//#region ../../src/server/auth/primitives/$authGoogle.d.ts
|
|
571
571
|
/**
|
|
@@ -578,16 +578,16 @@ declare const $authGithub: (realm: RealmPrimitive & WithLinkFn, options?: Partia
|
|
|
578
578
|
* - `GOOGLE_CLIENT_ID`: The client ID obtained from the Google Developer Console.
|
|
579
579
|
* - `GOOGLE_CLIENT_SECRET`: The client secret obtained from the Google Developer Console.
|
|
580
580
|
*/
|
|
581
|
-
declare const $authGoogle: (realm:
|
|
581
|
+
declare const $authGoogle: (realm: IssuerPrimitive & WithLinkFn, options?: Partial<OidcOptions>) => AuthPrimitive;
|
|
582
582
|
//#endregion
|
|
583
583
|
//#region ../../src/server/auth/index.d.ts
|
|
584
584
|
declare module "alepha" {
|
|
585
585
|
interface State {
|
|
586
586
|
/**
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
|
|
590
|
-
|
|
587
|
+
* The authenticated user account attached to the server request state.
|
|
588
|
+
*
|
|
589
|
+
* @internal
|
|
590
|
+
*/
|
|
591
591
|
"alepha.server.request.user"?: UserAccount;
|
|
592
592
|
}
|
|
593
593
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/index.ts"],"
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/index.ts"],"mappings":";;;;;;;;;;;;cAAa,sBAAA;EAAA,KAAA;EAAA,QAAA;EAAA,MAAA;EAAA,KAAA;EAAA,OAAA;EAAA,QAAA;AAAA;;;cCEA,4BAAA,YAA4B,OAAA;EAAA,IAAA,EAYxC,SAAA,CAAA,OAAA;EAAA,IAAA;;KAEW,sBAAA,GAAyB,MAAA,QAC5B,4BAAA;;;cCZI,mBAAA,YAAmB,OAAA;EAAA,QAAA,EAG9B,SAAA,CAAA,OAAA;EAAA,YAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAEU,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;cCP7B,YAAA,YAAY,OAAA;EAAA,QAAA,EAevB,SAAA,CAAA,OAAA;EAAA,YAAA;;;;;;;;;KAEU,MAAA,GAAS,MAAA,QAAc,YAAA;;;cChBtB,sBAAA,YAAsB,OAAA;EAAA,IAAA;QAGjC,SAAA,CAAA,OAAA;IAAA,IAAA;;;;;;;;;;;;;;;;;;;;;;;;KAEU,gBAAA,GAAmB,MAAA,QAAc,sBAAA;;;cCqBhC,kBAAA;EAAA,mBAAA,GAAA,EAAkB,cAAA,CACP,MAAA;EAAA,mBAAA,MAAA,EACG,MAAA;EAAA,mBAAA,qBAAA,EACe,qBAAA;EAAA,mBAAA,gBAAA,EACL,gBAAA;EAAA,mBAAA,mBAAA,EACG,mBAAA;EAAA,mBAAA,iBAAA,EAEF,sBAAA,CAAA,uBAAA,WAAA,OAAA;IAAA,QAAA,EAFE,SAAA,CAAA,OAAA;IAAA,KAAA;;;;;;mBAgBhB,sBAAA,CAAA,uBAAA,WAAA,OAAA;IAAA,QAAA,EAdc,SAAA,CAAA,OAAA;IAAA,YAAA;;;;;;;;;oBAuBX,KAAA,CAAM,aAAA;EAAA,2BAAA,OAAA;IAAA,SAAA;EAAA,IAQ5B,sBAAA;EAAA,mBAAA,SAAA,EAAsB,SAAA,CAiCG,aAAA;EAAA,UAAA,gBAAA,MAAA,EASM,MAAA;EAAA;;;EAAA,mBAAA,SAAA,EAAM,SAAA,CAiBZ,aAAA;EAAA;;;;EAAA,UAAA,gBAAA,OAAA,EAqCjB,OAAA,GACR,OAAA,CAAQ,MAAA;EAAA,UAAA,cAAA,MAAA,EA8B2B,MAAA,GAAS,OAAA,CAAQ,MAAA;EAAA;;;EAAA,SAAA,QAAA,iBAiD/B,cAAA;IAAA,QAAA;;YAjD8B,SAAA,CAAA,OAAA;QAAA,IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;mCAsF/B,cAAA;IAAA,KAAA;gBArCC,SAAA,CAAA,OAAA;IAAA;IAAA,IAAA;;;;;;;;;;;;;;;;;;;iCA4EH,cAAA;IAAA,KAAA;gBAvCE,SAAA,CAAA,OAAA;MAAA,KAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAoHF,cAAA;IAAA,KAAA;gBA7EA,SAAA,CAAA,OAAA;MAAA,KAAA;;;;;;;;qBAoKG,cAAA,CAAA,cAAA,CAvFH,cAAA,CAuFG,mBAAA;EAAA;;;EAAA,SAAA,MAAA,iBAmEF,cAAA;IAAA,KAAA;oDAnEE,SAAA,CAAA,OAAA;IAAA;EAAA;EAAA;;;;;EAAA,UAAA,SAAA,IAAA;IAAA,QAAA;IAAA,KAAA;EAAA,IAgJrB,aAAA;EAAA,UAAA,UAAA,OAAA,GAyB2B,OAAA,GAAU,MAAA;EAAA,UAAA,UAAA,MAAA,EAIZ,MAAA,EAAA,OAAA,GAAkB,OAAA;AAAA;AAAA,UAiB/B,aAAA;EAAA,GAAA;EAAA,KAAA;EAAA,IAAA;EAAA,UAAA;EAAA,WAAA;EAAA,WAAA;EAAA,QAAA;EAAA,kBAAA;EAAA,OAAA;EAAA,OAAA;EAAA,OAAA;EAAA,cAAA;EAAA,MAAA;EAAA,SAAA;EAAA,QAAA;EAAA,MAAA;EAAA,YAAA;EAAA,qBAAA;EAAA,OAAA;IAAA,SAAA;IAAA,cAAA;IAAA,QAAA;IAAA,MAAA;IAAA,WAAA;IAAA,OAAA;EAAA;EAAA,UAAA;EAAA,CAAA,GAAA;AAAA;;;;ACvmBjB;;;;;;AAMA;AAgBA;;;;;AA4BA;;;;;;AAqCA;AAIA;;;;;AAIA;AAKA;AA2CA;AAQA;;;;;AAEA;cAzJa,KAAA;EAAA,CAAA,OAAA,EAAkB,oBAAA,GAAuB,aAAA;EAAA;;KAM1C,oBAAA;EAAA;AAgBZ;;;EAhBY,IAAA;EAAA;AAgBZ;;EAhBY,QAAA;AAAA,KAWP,YAAA,GAAe,YAAA;AAAA;AAKpB;;AALoB,KAKR,YAAA;EAAA;;;EAAA,IAAA,EAIJ,WAAA;EAAA;;;;AAwBR;;;;;;AAqCA;AAIA;;EAjEQ,QAAA,SAeW,KAAA,CAAM,WAAA;AAAA;AAAA;;;AASzB;;;AATyB,KASb,YAAA;EAAA,MAAA,EACF,eAAA;AAAA;EAAA;;;;;AAoCV;AAIA;EAxCU,WAAA,EAUS,kBAAA;AAAA;EAAA;;;;AA0BnB;AAIA;;EA9BmB,KAAA,EAUN,aAAA;AAAA;EAAA;;;AAgBb;AAIA;;;;;EApBa,IAAA,EAYD,WAAA;AAAA;AAAA,KAIA,kBAAA;EAAA,OAAA,EACD,aAAA;AAAA;AAAA,KAGC,aAAA,IAAA,WAAA,EACG,WAAA,KACV,KAAA,CAAM,WAAA;AAAA,UAEM,WAAA;EAAA,QAAA;EAAA,QAAA;AAAA;AAAA,UAKA,WAAA;EAAA;AA2CjB;AAQA;EAnDiB,MAAA;EAAA;AA2CjB;AAQA;EAnDiB,QAAA;EAAA;AA2CjB;AAQA;;EAnDiB,YAAA;EAAA;AA2CjB;AAQA;;EAnDiB,WAAA;EAAA;AA2CjB;AAQA;;EAnDiB,UAAA;EAAA;AA2CjB;AAQA;EAnDiB,SAAA;EAAA;AA2CjB;AAQA;;EAnDiB,KAAA;EAAA,OAAA,GAwCL,aAAA;AAAA;AAAA,UAGK,kBAAA;EAAA,YAAA;EAAA,IAAA,EAET,aAAA;EAAA,QAAA;EAAA,UAAA;EAAA,KAAA;AAAA;AAAA,KAMI,aAAA,IAAA,MAAA,EAAyB,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA,UAEjD,aAAA;EAAA;;;EAAA,QAAA;EAAA;;;EAAA,YAAA;EAAA;;;EAAA,aAAA;EAAA;;;EAAA,KAAA;EAAA;;;EAAA,QAAA,GAAA,MAAA,EAwBI,MAAA,KAAW,KAAA,CAAM,aAAA;EAAA,OAAA,GAE1B,aAAA;EAAA;;AAeZ;EAfY,WAAA;EAAA;;AAeZ;EAfY,KAAA;AAAA;AAAA,cAeC,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBAAA,gBAAA,EACR,gBAAA;EAAA,mBAAA,gBAAA,EACA,gBAAA;EAAA,KAAA,GAEpB,aAAA;EAAA,IAAA,KAAA;EAAA,IAAA,OAAA,GAMM,eAAA;EAAA,IAAA,SAAA;EAAA,IAAA,MAAA;EAAA,IAAA,aAAA;EAAA;;;;EAAA,QAAA,YAAA,UAAA,WAAA,YA8ClB,OAAA,CAAQ,mBAAA;EAAA;;;;EAAA,KAAA,MAAA,EAsCe,MAAA,GAAS,OAAA,CAAQ,WAAA;EAAA,UAAA,mBAAA,OAAA,WAyCI,aAAA;EAAA,QAAA,GAY3B,OAAA;AAAA;AAAA,KA8CV,WAAA;EAAA,KAAA,QAAsC,KAAA;AAAA;AAAA,UAEjC,UAAA;EAAA,IAAA,IAAA,IAAA,cAAA,IAAA,EACiB,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA;AAAA,UAG9C,WAAA;EAAA,KAAA,IAAA,QAAA,cAAA,KAAA,EAGF,WAAA,KAAgB,KAAA,CAAM,WAAA;AAAA;;;;ACzbrC;;;;cAAa,gBAAA,GAAA,KAAA,EACJ,eAAA,GAAkB,WAAA,EAAA,OAAA,GAChB,OAAA,CAAQ,kBAAA,MAAD,aAAA;;;;ACIlB;;;;;;;;;cAAa,WAAA,GAAA,KAAA,EACJ,eAAA,GAAkB,UAAA,EAAA,OAAA,GAChB,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;ACHlB;;;;;;;;;cAAa,WAAA,GAAA,KAAA,EACJ,eAAA,GAAkB,UAAA,EAAA,OAAA,GAChB,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;ACRgC;;;;mCAWf,WAAA;EAAA;AAAA;AAAA;;;AAmBnC;;;;;;;;;;AAnBmC,cAmBtB,gBAAA,EAAgB,SAAA,CAAA,OAAA,CAI3B,SAAA,CAJ2B,MAAA"}
|
|
@@ -52,8 +52,8 @@ var AuthPrimitive = class extends Primitive {
|
|
|
52
52
|
get name() {
|
|
53
53
|
return this.options.name ?? this.config.propertyKey;
|
|
54
54
|
}
|
|
55
|
-
get
|
|
56
|
-
if ("
|
|
55
|
+
get issuer() {
|
|
56
|
+
if ("issuer" in this.options) return this.options.issuer;
|
|
57
57
|
}
|
|
58
58
|
get jwks_uri() {
|
|
59
59
|
const jwks = this.oauth?.serverMetadata().jwks_uri;
|
|
@@ -75,8 +75,8 @@ var AuthPrimitive = class extends Primitive {
|
|
|
75
75
|
* Can be used on oauth2, oidc or credentials auth providers.
|
|
76
76
|
*/
|
|
77
77
|
async refresh(refreshToken, accessToken) {
|
|
78
|
-
if ("
|
|
79
|
-
throw new SecurityError("Failed to refresh access token using the refresh token (
|
|
78
|
+
if ("issuer" in this.options) return this.options.issuer.refreshToken(refreshToken, accessToken).then((it) => it.tokens).catch((error) => {
|
|
79
|
+
throw new SecurityError("Failed to refresh access token using the refresh token (issuer)", { cause: error });
|
|
80
80
|
});
|
|
81
81
|
else if (this.oauth) try {
|
|
82
82
|
return {
|
|
@@ -86,7 +86,7 @@ var AuthPrimitive = class extends Primitive {
|
|
|
86
86
|
} catch (error) {
|
|
87
87
|
throw new SecurityError("Failed to refresh access token using the refresh token (oauth2)", { cause: error });
|
|
88
88
|
}
|
|
89
|
-
throw new AlephaError("No
|
|
89
|
+
throw new AlephaError("No issuer or OAuth2 configuration available for refreshing the access token");
|
|
90
90
|
}
|
|
91
91
|
/**
|
|
92
92
|
* Extracts user information from the access token.
|
|
@@ -218,8 +218,8 @@ var ServerAuthProvider = class {
|
|
|
218
218
|
const providers = [];
|
|
219
219
|
for (const identity of this.identities) {
|
|
220
220
|
if (filters.realmName) {
|
|
221
|
-
const
|
|
222
|
-
if (!
|
|
221
|
+
const issuer = identity.issuer;
|
|
222
|
+
if (!issuer || issuer.name !== filters.realmName) continue;
|
|
223
223
|
}
|
|
224
224
|
const type = "oidc" in identity.options ? "OIDC" : "oauth" in identity.options ? "OAUTH2" : "credentials" in identity.options ? "CREDENTIALS" : void 0;
|
|
225
225
|
if (!type) continue;
|
|
@@ -257,7 +257,7 @@ var ServerAuthProvider = class {
|
|
|
257
257
|
}
|
|
258
258
|
}
|
|
259
259
|
if (!request.headers.authorization) {
|
|
260
|
-
for (const provider of this.identities) if (
|
|
260
|
+
for (const provider of this.identities) if ("fallback" in provider.options && !!provider.options.fallback) {
|
|
261
261
|
const token = await provider.options.fallback();
|
|
262
262
|
if (token) {
|
|
263
263
|
request.headers.authorization = `Bearer ${token}`;
|
|
@@ -392,8 +392,8 @@ var ServerAuthProvider = class {
|
|
|
392
392
|
provider: query.provider,
|
|
393
393
|
realm: query.realm
|
|
394
394
|
});
|
|
395
|
-
const
|
|
396
|
-
if (!
|
|
395
|
+
const issuer = provider.issuer;
|
|
396
|
+
if (!issuer) throw new SecurityError(`Auth provider '${query.provider}' does not support password grant`);
|
|
397
397
|
const credentials = "credentials" in provider.options && provider.options.credentials;
|
|
398
398
|
if (!credentials) throw new SecurityError(`Auth provider '${query.provider}' does not support password grant`);
|
|
399
399
|
let user;
|
|
@@ -407,7 +407,7 @@ var ServerAuthProvider = class {
|
|
|
407
407
|
if (!user) throw new InvalidCredentialsError();
|
|
408
408
|
const tokens = {
|
|
409
409
|
provider: query.provider,
|
|
410
|
-
...await
|
|
410
|
+
...await issuer.createToken(user)
|
|
411
411
|
};
|
|
412
412
|
this.setTokens(tokens, cookies);
|
|
413
413
|
const api = await this.serverLinksProvider.getUserApiLinks({ user });
|
|
@@ -500,14 +500,14 @@ var ServerAuthProvider = class {
|
|
|
500
500
|
throw new SecurityError("Failed to get access token", { cause: e });
|
|
501
501
|
});
|
|
502
502
|
this.authorizationCode.del({ cookies });
|
|
503
|
-
const
|
|
504
|
-
if (!
|
|
503
|
+
const issuer = provider.issuer;
|
|
504
|
+
if (!issuer) {
|
|
505
505
|
this.setTokens(externalTokens, cookies);
|
|
506
506
|
reply.redirect(redirectUri);
|
|
507
507
|
return;
|
|
508
508
|
}
|
|
509
509
|
const user = await provider.user(externalTokens);
|
|
510
|
-
const tokens = await
|
|
510
|
+
const tokens = await issuer.createToken(user);
|
|
511
511
|
this.setTokens({
|
|
512
512
|
...tokens,
|
|
513
513
|
issued_at: this.dateTimeProvider.now().unix(),
|
|
@@ -532,8 +532,8 @@ var ServerAuthProvider = class {
|
|
|
532
532
|
}
|
|
533
533
|
const provider = this.provider(tokens.provider);
|
|
534
534
|
this.tokens.del({ cookies });
|
|
535
|
-
if (
|
|
536
|
-
const onDeleteSession = provider.
|
|
535
|
+
if (provider.issuer && tokens.refresh_token) {
|
|
536
|
+
const onDeleteSession = provider.issuer.options.settings?.onDeleteSession;
|
|
537
537
|
if (onDeleteSession) try {
|
|
538
538
|
await onDeleteSession(tokens.refresh_token);
|
|
539
539
|
} catch (e) {
|
|
@@ -571,7 +571,7 @@ var ServerAuthProvider = class {
|
|
|
571
571
|
const realmName = typeof opts === "string" ? void 0 : opts.realm;
|
|
572
572
|
const identity = this.identities.find((identity$1) => {
|
|
573
573
|
if (identity$1.name !== name) return false;
|
|
574
|
-
if (realmName && identity$1.
|
|
574
|
+
if (realmName && identity$1.issuer?.name !== realmName) return false;
|
|
575
575
|
return true;
|
|
576
576
|
});
|
|
577
577
|
if (!identity) throw new SecurityError(`Auth provider '${name}'${realmName ? ` for realm '${realmName}'` : ""} not found`);
|
|
@@ -613,7 +613,7 @@ const $authCredentials = (realm, options = {}) => {
|
|
|
613
613
|
const account = realm.login ? realm.login(name) : options.account;
|
|
614
614
|
if (!account) throw new AlephaError("Credentials authentication requires a login function in the realm primitive.");
|
|
615
615
|
return $auth({
|
|
616
|
-
realm,
|
|
616
|
+
issuer: realm,
|
|
617
617
|
name,
|
|
618
618
|
credentials: { account }
|
|
619
619
|
});
|
|
@@ -642,7 +642,7 @@ const $authGithub = (realm, options = {}) => {
|
|
|
642
642
|
const account = options.account ?? (realm.link ? realm.link(name) : void 0);
|
|
643
643
|
if (!account) throw new AlephaError("Authentication requires a link function in the realm primitive.");
|
|
644
644
|
return $auth({
|
|
645
|
-
realm,
|
|
645
|
+
issuer: realm,
|
|
646
646
|
name,
|
|
647
647
|
oauth: {
|
|
648
648
|
clientId: env.GITHUB_CLIENT_ID,
|
|
@@ -702,7 +702,7 @@ const $authGoogle = (realm, options = {}) => {
|
|
|
702
702
|
const account = options.account ?? (realm.link ? realm.link(name) : void 0);
|
|
703
703
|
if (!account) throw new AlephaError("Authentication requires a link function in the realm primitive.");
|
|
704
704
|
return $auth({
|
|
705
|
-
realm,
|
|
705
|
+
issuer: realm,
|
|
706
706
|
name,
|
|
707
707
|
oidc: {
|
|
708
708
|
issuer: "https://accounts.google.com",
|