carta-controller 5.1.1 → 6.0.0-beta.1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/build.yml +43 -0
- package/COPYING.md +636 -0
- package/biome.jsonc +37 -0
- package/dist/auth/external.js +10 -4
- package/dist/auth/external.js.map +1 -1
- package/dist/auth/google.js +18 -11
- package/dist/auth/google.js.map +1 -1
- package/dist/auth/index.js +12 -12
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/ldap.js +6 -3
- package/dist/auth/ldap.js.map +1 -1
- package/dist/auth/local.js +30 -14
- package/dist/auth/local.js.map +1 -1
- package/dist/auth/oidc.js +95 -91
- package/dist/auth/oidc.js.map +1 -1
- package/dist/auth/oidcRefreshManager.js +21 -24
- package/dist/auth/oidcRefreshManager.js.map +1 -1
- package/dist/auth/pam.js +8 -5
- package/dist/auth/pam.js.map +1 -1
- package/dist/config.js +17 -16
- package/dist/controllerTests.js +10 -10
- package/dist/database.js +50 -22
- package/dist/index.js +24 -23
- package/dist/serverHandlers.js +70 -33
- package/dist/util.js +14 -5
- package/npm-shrinkwrap.json +4855 -20113
- package/package.json +12 -9
- package/public/dashboard.js +47 -48
- package/public/templated.css +155 -143
- package/test/auth.external.test.ts +19 -18
- package/.prettierrc.json +0 -18
package/biome.jsonc
ADDED
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://biomejs.dev/schemas/2.1.4/schema.json",
|
|
3
|
+
"vcs": { "enabled": false, "clientKind": "git", "useIgnoreFile": false },
|
|
4
|
+
"files": {
|
|
5
|
+
"ignoreUnknown": false,
|
|
6
|
+
"includes": ["**", "!**/node_modules", "!**/dist", "!**/build", "!**/coverage", "!**/.git", "!**/.idea", "!**/.vscode", "!**/.github", "!**/public/notyf.min*", "!**/schemas", "!**/package.json", "!**/package-lock.json"]
|
|
7
|
+
},
|
|
8
|
+
"formatter": {
|
|
9
|
+
"enabled": true,
|
|
10
|
+
"formatWithErrors": false,
|
|
11
|
+
"indentStyle": "space",
|
|
12
|
+
"indentWidth": 4,
|
|
13
|
+
"lineEnding": "lf",
|
|
14
|
+
"lineWidth": 240,
|
|
15
|
+
"attributePosition": "auto",
|
|
16
|
+
"bracketSameLine": false,
|
|
17
|
+
"bracketSpacing": true,
|
|
18
|
+
"expand": "auto",
|
|
19
|
+
"useEditorconfig": true
|
|
20
|
+
},
|
|
21
|
+
"linter": { "enabled": true, "rules": { "recommended": true } },
|
|
22
|
+
"javascript": {
|
|
23
|
+
"formatter": {
|
|
24
|
+
"jsxQuoteStyle": "double",
|
|
25
|
+
"quoteProperties": "asNeeded",
|
|
26
|
+
"trailingCommas": "none",
|
|
27
|
+
"semicolons": "always",
|
|
28
|
+
"arrowParentheses": "asNeeded",
|
|
29
|
+
"bracketSameLine": false,
|
|
30
|
+
"quoteStyle": "double",
|
|
31
|
+
"attributePosition": "auto",
|
|
32
|
+
"bracketSpacing": false
|
|
33
|
+
}
|
|
34
|
+
},
|
|
35
|
+
"html": { "formatter": { "selfCloseVoidElements": "always" } },
|
|
36
|
+
"assist": { "enabled": null, "actions": { "source": { "organizeImports": "on" } } }
|
|
37
|
+
}
|
package/dist/auth/external.js
CHANGED
|
@@ -32,12 +32,15 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
32
32
|
return result;
|
|
33
33
|
};
|
|
34
34
|
})();
|
|
35
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
36
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
37
|
+
};
|
|
35
38
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
39
|
exports.populateUserMap = populateUserMap;
|
|
37
40
|
exports.watchUserTable = watchUserTable;
|
|
38
41
|
exports.generateExternalVerifiers = generateExternalVerifiers;
|
|
39
|
-
const fs = __importStar(require("fs"));
|
|
40
|
-
const
|
|
42
|
+
const fs = __importStar(require("node:fs"));
|
|
43
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
41
44
|
const util_1 = require("../util");
|
|
42
45
|
function populateUserMap(userMaps, issuer, filename) {
|
|
43
46
|
const userMap = new Map();
|
|
@@ -70,6 +73,7 @@ function populateUserMap(userMaps, issuer, filename) {
|
|
|
70
73
|
util_1.logger.info(`Updated usermap with ${userMap.size} entries`);
|
|
71
74
|
}
|
|
72
75
|
catch (e) {
|
|
76
|
+
util_1.logger.debug(e);
|
|
73
77
|
util_1.logger.error(`Error reading user table`);
|
|
74
78
|
}
|
|
75
79
|
if (Array.isArray(issuer)) {
|
|
@@ -88,8 +92,10 @@ function watchUserTable(userMaps, issuers, filename) {
|
|
|
88
92
|
function generateExternalVerifiers(verifierMap, authConf) {
|
|
89
93
|
const publicKey = fs.readFileSync(authConf.publicKeyLocation);
|
|
90
94
|
const verifier = (cookieString) => {
|
|
91
|
-
const payload =
|
|
92
|
-
|
|
95
|
+
const payload = jsonwebtoken_1.default.verify(cookieString, publicKey, {
|
|
96
|
+
algorithm: authConf.keyAlgorithm
|
|
97
|
+
});
|
|
98
|
+
if (typeof payload !== "string" && payload.iss && authConf.issuers.includes(payload.iss)) {
|
|
93
99
|
// substitute unique field in for username
|
|
94
100
|
if (authConf.uniqueField) {
|
|
95
101
|
payload.username = payload[authConf.uniqueField];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"external.js","sourceRoot":"","sources":["../../src/auth/external.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"external.js","sourceRoot":"","sources":["../../src/auth/external.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,0CA+CC;AAED,wCAGC;AAED,8DAoBC;AA/ED,4CAA8B;AAC9B,gEAAsE;AAEtE,kCAA+B;AAE/B,SAAgB,eAAe,CAAC,QAA8B,EAAE,MAAyB,EAAE,QAAgB;IACvG,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE1C,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAEjD,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACnC,KAAK,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;YACrB,uCAAuC;YACvC,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAEnB,iBAAiB;YACjB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;YAEtC,mBAAmB;YACnB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACR,SAAS;YACb,CAAC;YAED,8CAA8C;YAC9C,+CAA+C;YAC/C,uEAAuE;YACvE,uDAAuD;YACvD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACrC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACT,aAAM,CAAC,OAAO,CAAC,oCAAoC,IAAI,EAAE,CAAC,CAAC;gBAC3D,SAAS;YACb,CAAC;YAED,uDAAuD;YACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QACD,aAAM,CAAC,IAAI,CAAC,wBAAwB,OAAO,CAAC,IAAI,UAAU,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChB,aAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACvB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC/B,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;AACL,CAAC;AAED,SAAgB,cAAc,CAAC,QAA8B,EAAE,OAA0B,EAAE,QAAgB;IACvG,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC7C,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,SAAgB,yBAAyB,CAAC,WAAkC,EAAE,QAAiC;IAC3G,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,CAAC,YAAoB,EAAE,EAAE;QACtC,MAAM,OAAO,GAAwB,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,EAAE;YACrE,SAAS,EAAE,QAAQ,CAAC,YAAY;SAClB,CAAC,CAAC;QACpB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvF,0CAA0C;YAC1C,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACvB,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,OAAO,CAAC;QACnB,CAAC;aAAM,CAAC;YACJ,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACjC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;AACL,CAAC"}
|
package/dist/auth/google.js
CHANGED
|
@@ -14,35 +14,38 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.googleCallbackHandler = googleCallbackHandler;
|
|
16
16
|
exports.generateGoogleRefreshHandler = generateGoogleRefreshHandler;
|
|
17
|
-
const config_1 = require("../config");
|
|
18
|
-
const types_1 = require("../types");
|
|
19
17
|
const google_auth_library_1 = require("google-auth-library");
|
|
20
|
-
const local_1 = require("./local");
|
|
21
|
-
const index_1 = require("./index");
|
|
22
18
|
const ms_1 = __importDefault(require("ms"));
|
|
19
|
+
const config_1 = require("../config");
|
|
20
|
+
const types_1 = require("../types");
|
|
23
21
|
const util_1 = require("../util");
|
|
22
|
+
const index_1 = require("./index");
|
|
23
|
+
const local_1 = require("./local");
|
|
24
24
|
function googleCallbackHandler(req, res, authConf) {
|
|
25
25
|
return __awaiter(this, void 0, void 0, function* () {
|
|
26
26
|
var _a;
|
|
27
27
|
// Check for g_csrf_token match between cookie and body
|
|
28
|
-
if (!req.cookies
|
|
29
|
-
return res.status(400).json({
|
|
28
|
+
if (!req.cookies.g_csrf_token || !req.body.g_csrf_token || req.cookies.g_csrf_token !== req.body.g_csrf_token) {
|
|
29
|
+
return res.status(400).json({ error: "Missing or non-matching CSRF token" });
|
|
30
30
|
}
|
|
31
31
|
const oAuth2Client = new google_auth_library_1.OAuth2Client();
|
|
32
32
|
try {
|
|
33
|
-
const result = yield oAuth2Client.verifyIdToken({
|
|
33
|
+
const result = yield oAuth2Client.verifyIdToken({
|
|
34
|
+
idToken: (_a = req === null || req === void 0 ? void 0 : req.body) === null || _a === void 0 ? void 0 : _a.credential,
|
|
35
|
+
audience: authConf.clientId
|
|
36
|
+
});
|
|
34
37
|
const payload = result.getPayload();
|
|
35
38
|
// Do the mapping
|
|
36
39
|
const username = authConf.useEmailAsId ? payload === null || payload === void 0 ? void 0 : payload.email : payload === null || payload === void 0 ? void 0 : payload.sub;
|
|
37
40
|
// check that username exists and email is verified
|
|
38
41
|
if (!username || !(payload === null || payload === void 0 ? void 0 : payload.email_verified)) {
|
|
39
42
|
util_1.logger.warning("Google auth rejected due to lack of unique ID or email verification");
|
|
40
|
-
return res.status(500).json({
|
|
43
|
+
return res.status(500).json({ error: "An error occured processing your login" });
|
|
41
44
|
}
|
|
42
45
|
// check that domain is valid
|
|
43
46
|
if (authConf.validDomain && authConf.validDomain !== payload.hd) {
|
|
44
47
|
util_1.logger.warning(`Google auth rejected due to incorrect domain: ${payload.hd}`);
|
|
45
|
-
return res.status(500).json({
|
|
48
|
+
return res.status(500).json({ error: "An error occured processing your login" });
|
|
46
49
|
}
|
|
47
50
|
// create initial refresh token
|
|
48
51
|
const refreshToken = (0, local_1.generateToken)(authConf, username, local_1.TokenType.Refresh);
|
|
@@ -57,7 +60,7 @@ function googleCallbackHandler(req, res, authConf) {
|
|
|
57
60
|
}
|
|
58
61
|
catch (e) {
|
|
59
62
|
util_1.logger.debug(e);
|
|
60
|
-
return res.status(500).json({
|
|
63
|
+
return res.status(500).json({ error: "An error occured processing your login" });
|
|
61
64
|
}
|
|
62
65
|
});
|
|
63
66
|
}
|
|
@@ -73,7 +76,10 @@ function generateGoogleRefreshHandler(authConf) {
|
|
|
73
76
|
next({ statusCode: 403, message: "Not authorized" });
|
|
74
77
|
}
|
|
75
78
|
else if (scriptingToken && config_1.ServerConfig.scriptingAccess !== types_1.ScriptingAccess.Enabled) {
|
|
76
|
-
next({
|
|
79
|
+
next({
|
|
80
|
+
statusCode: 500,
|
|
81
|
+
message: "Scripting access not enabled for this server"
|
|
82
|
+
});
|
|
77
83
|
}
|
|
78
84
|
else {
|
|
79
85
|
const access_token = (0, local_1.generateToken)(authConf, refreshToken.username, scriptingToken ? local_1.TokenType.Scripting : local_1.TokenType.Access);
|
|
@@ -87,6 +93,7 @@ function generateGoogleRefreshHandler(authConf) {
|
|
|
87
93
|
}
|
|
88
94
|
}
|
|
89
95
|
catch (err) {
|
|
96
|
+
util_1.logger.debug(err);
|
|
90
97
|
next({ statusCode: 400, message: "Invalid refresh token" });
|
|
91
98
|
}
|
|
92
99
|
}
|
package/dist/auth/google.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/auth/google.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AASA,
|
|
1
|
+
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/auth/google.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AASA,sDA4CC;AAED,oEAgCC;AAtFD,6DAAiD;AACjD,4CAAoB;AACpB,sCAAsD;AACtD,oCAAqE;AACrE,kCAA+B;AAC/B,mCAAoC;AACpC,mCAAiD;AAEjD,SAAsB,qBAAqB,CAAC,GAAY,EAAE,GAAa,EAAE,QAA+B;;;QACpG,uDAAuD;QACvD,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,KAAK,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5G,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,oCAAoC,EAAC,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,kCAAY,EAAE,CAAC;QACxC,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC;gBAC5C,OAAO,EAAE,MAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,IAAI,0CAAE,UAAU;gBAC9B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;aAC9B,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;YAEpC,iBAAiB;YACjB,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,CAAC,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,GAAG,CAAC;YAEvE,mDAAmD;YACnD,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,CAAA,EAAE,CAAC;gBACxC,aAAM,CAAC,OAAO,CAAC,qEAAqE,CAAC,CAAC;gBACtF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,wCAAwC,EAAC,CAAC,CAAC;YACnF,CAAC;YAED,6BAA6B;YAC7B,IAAI,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW,KAAK,OAAO,CAAC,EAAE,EAAE,CAAC;gBAC9D,aAAM,CAAC,OAAO,CAAC,iDAAiD,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,wCAAwC,EAAC,CAAC,CAAC;YACnF,CAAC;YAED,+BAA+B;YAC/B,MAAM,YAAY,GAAG,IAAA,qBAAa,EAAC,QAAQ,EAAE,QAAQ,EAAE,iBAAS,CAAC,OAAO,CAAC,CAAC;YAC1E,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,EAAE;gBACtC,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,IAAA,YAAE,EAAC,QAAQ,CAAC,eAAyB,CAAC;gBAC9C,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,sBAAa,CAAC,gBAAgB,eAAe,QAAQ,EAAE,CAAC,CAAC;QACpF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,KAAK,EAAE,wCAAwC,EAAC,CAAC,CAAC;QACnF,CAAC;IACL,CAAC;CAAA;AAED,SAAgB,4BAA4B,CAAC,QAA+B;IACxE,OAAO,CAAO,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;;QAC7D,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QACpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACD,MAAM,YAAY,GAAG,MAAM,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC;gBAC3D,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;oBACnE,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;gBACvD,CAAC;qBAAM,IAAI,cAAc,IAAI,qBAAY,CAAC,eAAe,KAAK,uBAAe,CAAC,OAAO,EAAE,CAAC;oBACpF,IAAI,CAAC;wBACD,UAAU,EAAE,GAAG;wBACf,OAAO,EAAE,8CAA8C;qBAC1D,CAAC,CAAC;gBACP,CAAC;qBAAM,CAAC;oBACJ,MAAM,YAAY,GAAG,IAAA,qBAAa,EAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,iBAAS,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAS,CAAC,MAAM,CAAC,CAAC;oBAC7H,aAAM,CAAC,IAAI,CAAC,aAAa,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,mBAAmB,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC;oBAC5G,GAAG,CAAC,IAAI,CAAC;wBACL,YAAY;wBACZ,UAAU,EAAE,QAAQ;wBACpB,QAAQ,EAAE,YAAY,CAAC,QAAQ;wBAC/B,UAAU,EAAE,IAAA,YAAE,EAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAE,QAAQ,CAAC,cAAyB,CAAC,GAAG,IAAI;qBAC3G,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAClB,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;YAC9D,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;QAC9D,CAAC;IACL,CAAC,CAAA,CAAC;AACN,CAAC"}
|
package/dist/auth/index.js
CHANGED
|
@@ -16,27 +16,27 @@ exports.authRouter = void 0;
|
|
|
16
16
|
exports.verifyToken = verifyToken;
|
|
17
17
|
exports.getUser = getUser;
|
|
18
18
|
exports.authGuard = authGuard;
|
|
19
|
-
const jwt = require("jsonwebtoken");
|
|
20
19
|
const express_1 = __importDefault(require("express"));
|
|
21
|
-
const
|
|
20
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
22
21
|
const config_1 = require("../config");
|
|
22
|
+
const util_1 = require("../util");
|
|
23
23
|
const external_1 = require("./external");
|
|
24
|
+
const google_1 = require("./google");
|
|
25
|
+
const ldap_1 = require("./ldap");
|
|
24
26
|
const local_1 = require("./local");
|
|
25
27
|
const oidc_1 = require("./oidc");
|
|
26
|
-
const ldap_1 = require("./ldap");
|
|
27
28
|
const pam_1 = require("./pam");
|
|
28
|
-
const google_1 = require("./google");
|
|
29
29
|
// maps JWT claim "iss" to a token verifier
|
|
30
30
|
const tokenVerifiers = new Map();
|
|
31
31
|
// maps JWT claim "iss" to a user map
|
|
32
32
|
const userMaps = new Map();
|
|
33
|
-
let loginHandler = (
|
|
33
|
+
let loginHandler = (_req, _res) => {
|
|
34
34
|
throw { statusCode: 501, message: "Login not implemented" };
|
|
35
35
|
};
|
|
36
|
-
let refreshHandler = (
|
|
36
|
+
let refreshHandler = (_req, _res) => {
|
|
37
37
|
throw { statusCode: 501, message: "Token refresh not implemented" };
|
|
38
38
|
};
|
|
39
|
-
let callbackHandler = (
|
|
39
|
+
let callbackHandler = (_req, _res) => {
|
|
40
40
|
throw { statusCode: 501, message: "Callback handler not implemented" };
|
|
41
41
|
};
|
|
42
42
|
// Local providers
|
|
@@ -88,8 +88,8 @@ if (!tokenVerifiers.size) {
|
|
|
88
88
|
}
|
|
89
89
|
function verifyToken(cookieString) {
|
|
90
90
|
return __awaiter(this, void 0, void 0, function* () {
|
|
91
|
-
const tokenJson =
|
|
92
|
-
if (tokenJson && tokenJson.iss) {
|
|
91
|
+
const tokenJson = jsonwebtoken_1.default.decode(cookieString);
|
|
92
|
+
if (typeof tokenJson !== "string" && typeof tokenJson !== "undefined" && (tokenJson === null || tokenJson === void 0 ? void 0 : tokenJson.iss)) {
|
|
93
93
|
const verifier = tokenVerifiers.get(tokenJson.iss);
|
|
94
94
|
if (verifier) {
|
|
95
95
|
return yield verifier(cookieString);
|
|
@@ -108,7 +108,7 @@ function getUser(username, issuer) {
|
|
|
108
108
|
}
|
|
109
109
|
}
|
|
110
110
|
// Express middleware to guard against unauthorized access. Writes the username to the request object
|
|
111
|
-
function authGuard(req,
|
|
111
|
+
function authGuard(req, _res, next) {
|
|
112
112
|
return __awaiter(this, void 0, void 0, function* () {
|
|
113
113
|
const tokenString = req.token;
|
|
114
114
|
if (tokenString) {
|
|
@@ -118,7 +118,7 @@ function authGuard(req, res, next) {
|
|
|
118
118
|
next({ statusCode: 403, message: "Not authorized" });
|
|
119
119
|
}
|
|
120
120
|
else {
|
|
121
|
-
req.username = getUser(token.username, token.iss);
|
|
121
|
+
req.username = getUser(token.username, `${token.iss}`);
|
|
122
122
|
if (token.scripting) {
|
|
123
123
|
req.scripting = true;
|
|
124
124
|
}
|
|
@@ -134,7 +134,7 @@ function authGuard(req, res, next) {
|
|
|
134
134
|
}
|
|
135
135
|
});
|
|
136
136
|
}
|
|
137
|
-
function logoutHandler(
|
|
137
|
+
function logoutHandler(_req, res) {
|
|
138
138
|
res.cookie("Refresh-Token", "", {
|
|
139
139
|
path: config_1.RuntimeConfig.authPath,
|
|
140
140
|
maxAge: 0,
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AA0EA,kCAUC;AAED,0BAOC;AAGD,8BAqBC;AArHD,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AA0EA,kCAUC;AAED,0BAOC;AAGD,8BAqBC;AArHD,sDAA8B;AAC9B,gEAAkD;AAClD,sCAAsD;AAEtD,kCAAwC;AACxC,yCAAqE;AACrE,qCAA6E;AAC7E,iCAA2C;AAC3C,mCAA2E;AAC3E,iCAAoJ;AACpJ,+BAAyC;AAEzC,2CAA2C;AAC3C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAoB,CAAC;AACnD,qCAAqC;AACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;AAE5C,IAAI,YAAY,GAAmB,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE;IAC9C,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,IAAI,cAAc,GAAwB,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE;IACrD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,+BAA+B,EAAC,CAAC;AACtE,CAAC,CAAC;AAEF,IAAI,eAAe,GAAwB,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE;IACtD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,kCAAkC,EAAC,CAAC;AACzE,CAAC,CAAC;AAEF,kBAAkB;AAClB,IAAI,qBAAY,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC;IACjC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,GAAG,CAAC;IAChD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,IAAA,wBAAkB,EAAC,QAAQ,CAAC,CAAC;IAC5C,cAAc,GAAG,IAAA,mCAA2B,EAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC;IACjD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,IAAA,0BAAmB,EAAC,QAAQ,CAAC,CAAC;IAC7C,cAAc,GAAG,IAAA,mCAA2B,EAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,MAAM,CAAC;IACnD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,cAAc,GAAG,IAAA,qCAA4B,EAAC,QAAQ,CAAC,CAAC;IACxD,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAA,8BAAqB,EAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC1E,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QAC3B,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;IACxE,CAAC;AACL,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;IAC7C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,QAAQ,CAAC;IACrD,IAAA,oCAAyB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;IAC3C,IAAI,SAAS,EAAE,CAAC;QACZ,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC1D,CAAC;AACL,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC;IACjD,IAAA,gCAAyB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,cAAc,GAAG,IAAA,sCAA+B,EAAC,QAAQ,CAAC,CAAC;IAC3D,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAA,qBAAc,EAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAChE,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAA,0BAAmB,EAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxE,IAAA,eAAQ,EAAC,QAAQ,CAAC,CAAC;IACnB,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QAC3B,aAAM,CAAC,IAAI,CAAC,SAAS,QAAQ,CAAC,eAAe,mBAAmB,CAAC,CAAC;QAClE,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;IACxE,CAAC;AACL,CAAC;AAED,iCAAiC;AACjC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACvB,aAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,SAAsB,WAAW,CAAC,YAAoB;;QAClD,MAAM,SAAS,GAA+B,sBAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAEvE,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,OAAO,SAAS,KAAK,WAAW,KAAI,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,GAAG,CAAA,EAAE,CAAC;YACtF,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACX,OAAO,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;YACxC,CAAC;QACL,CAAC;QACD,OAAO,SAAS,CAAC;IACrB,CAAC;CAAA;AAED,SAAgB,OAAO,CAAC,QAAgB,EAAE,MAAc;IACpD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,OAAO,EAAE,CAAC;QACV,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACJ,OAAO,QAAQ,CAAC;IACpB,CAAC;AACL,CAAC;AAED,qGAAqG;AACrG,SAAsB,SAAS,CAAC,GAAyB,EAAE,IAAsB,EAAE,IAA0B;;QACzG,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC;QAC9B,IAAI,WAAW,EAAE,CAAC;YACd,IAAI,CAAC;gBACD,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;gBAE7C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;oBAC5B,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;gBACvD,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;oBACvD,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;wBAClB,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC;oBACzB,CAAC;oBACD,IAAI,EAAE,CAAC;gBACX,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAC,CAAC,CAAC;YAClD,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;QACvD,CAAC;IACL,CAAC;CAAA;AAED,SAAS,aAAa,CAAC,IAAqB,EAAE,GAAqB;IAC/D,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;QAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;QAC5B,MAAM,EAAE,CAAC;QACT,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;QAC9B,QAAQ,EAAE,QAAQ;KACrB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,eAAe,CAAC,GAAyB,EAAE,GAAqB;IACrE,GAAG,CAAC,IAAI,CAAC;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACzB,CAAC,CAAC;AACP,CAAC;AAEY,QAAA,UAAU,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;AAC3C,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IAClC,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,cAAO,EAAE,wBAAiB,CAAC,CAAC;IACtD,kBAAU,CAAC,GAAG,CAAC,eAAe,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC;IAC1D,kBAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAO,EAAE,YAAY,CAAC,CAAC;AACpD,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;IAC3C,kBAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC;IAC7D,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,cAAO,EAAE,aAAa,CAAC,CAAC;AACtD,CAAC;KAAM,CAAC;IACJ,kBAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAO,EAAE,YAAY,CAAC,CAAC;IACjD,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,cAAO,EAAE,aAAa,CAAC,CAAC;AACtD,CAAC;AACD,kBAAU,CAAC,IAAI,CAAC,UAAU,EAAE,cAAO,EAAE,cAAc,CAAC,CAAC;AACrD,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC"}
|
package/dist/auth/ldap.js
CHANGED
|
@@ -5,8 +5,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.getLdapLoginHandler = getLdapLoginHandler;
|
|
7
7
|
const ldapauth_fork_1 = __importDefault(require("ldapauth-fork"));
|
|
8
|
-
const local_1 = require("./local");
|
|
9
8
|
const util_1 = require("../util");
|
|
9
|
+
const local_1 = require("./local");
|
|
10
10
|
let ldap;
|
|
11
11
|
function getLdapLoginHandler(authConf) {
|
|
12
12
|
ldap = new ldapauth_fork_1.default(authConf.ldapOptions);
|
|
@@ -23,7 +23,7 @@ function getLdapLoginHandler(authConf) {
|
|
|
23
23
|
}, 2000);
|
|
24
24
|
return (req, res) => {
|
|
25
25
|
var _a, _b;
|
|
26
|
-
|
|
26
|
+
const username = (_a = req.body) === null || _a === void 0 ? void 0 : _a.username;
|
|
27
27
|
const password = (_b = req.body) === null || _b === void 0 ? void 0 : _b.password;
|
|
28
28
|
if (!username || !password) {
|
|
29
29
|
return res.status(400).json({ statusCode: 400, message: "Malformed login request" });
|
|
@@ -31,7 +31,10 @@ function getLdapLoginHandler(authConf) {
|
|
|
31
31
|
const handleAuth = (err, user) => {
|
|
32
32
|
if (err) {
|
|
33
33
|
util_1.logger.error(err);
|
|
34
|
-
return res.status(403).json({
|
|
34
|
+
return res.status(403).json({
|
|
35
|
+
statusCode: 403,
|
|
36
|
+
message: "Invalid username/password combo"
|
|
37
|
+
});
|
|
35
38
|
}
|
|
36
39
|
if ((user === null || user === void 0 ? void 0 : user.uid) !== username) {
|
|
37
40
|
util_1.logger.warning(`Returned user "uid ${user === null || user === void 0 ? void 0 : user.uid}" does not match username "${username}"`);
|
package/dist/auth/ldap.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;;;AAYA,kDA2DC;AAtED,kEAAqC;AAGrC,kCAA0C;AAC1C,mCAA4C;AAK5C,IAAI,IAAwB,CAAC;AAE7B,SAAgB,mBAAmB,CAAC,QAA6B;IAC7D,IAAI,GAAG,IAAI,uBAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,aAAM,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;IACzD,UAAU,CAAC,GAAG,EAAE;;QACZ,MAAM,aAAa,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW,0CAAE,SAAS,CAAC;QACnD,IAAI,aAAa,EAAE,CAAC;YAChB,aAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACJ,aAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACxC,CAAC;IACL,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAE,IAA8B,EAAE,EAAE;YACvE,IAAI,GAAG,EAAE,CAAC;gBACN,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAClB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACxB,UAAU,EAAE,GAAG;oBACf,OAAO,EAAE,iCAAiC;iBAC7C,CAAC,CAAC;YACP,CAAC;YACD,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,MAAK,QAAQ,EAAE,CAAC;gBACzB,aAAM,CAAC,OAAO,CAAC,sBAAsB,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,8BAA8B,QAAQ,GAAG,CAAC,CAAC;gBACzF,aAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;YACD,IAAI,CAAC;gBACD,MAAM,GAAG,GAAG,IAAA,gBAAS,EAAC,QAAQ,CAAC,CAAC;gBAChC,aAAM,CAAC,IAAI,CAAC,yBAAyB,QAAQ,aAAa,GAAG,aAAa,CAAC,CAAC;gBAC5E,OAAO,IAAA,2BAAmB,EAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;YACnF,CAAC;QACL,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;;YAClD,MAAM,QAAQ,GAAG,KAAc,CAAC;YAChC,oDAAoD;YACpD,IAAI,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,EAAE,CAAC;gBAC3D,aAAM,CAAC,OAAO,CAAC,yDAAyD,CAAC,CAAC;gBAC1E,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,IAAI,GAAG,IAAI,uBAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,aAAM,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;gBACzD,+CAA+C;gBAC/C,UAAU,CAAC,GAAG,EAAE;oBACZ,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACtD,CAAC,EAAE,GAAG,CAAC,CAAC;YACZ,CAAC;iBAAM,CAAC;gBACJ,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC5B,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC"}
|
package/dist/auth/local.js
CHANGED
|
@@ -50,14 +50,13 @@ exports.generateToken = generateToken;
|
|
|
50
50
|
exports.addTokensToResponse = addTokensToResponse;
|
|
51
51
|
exports.generateLocalVerifier = generateLocalVerifier;
|
|
52
52
|
exports.generateLocalRefreshHandler = generateLocalRefreshHandler;
|
|
53
|
-
const
|
|
54
|
-
const
|
|
55
|
-
const jwt = require("jsonwebtoken");
|
|
56
|
-
const index_1 = require("./index");
|
|
57
|
-
const config_1 = require("../config");
|
|
53
|
+
const fs = __importStar(require("node:fs"));
|
|
54
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
58
55
|
const ms_1 = __importDefault(require("ms"));
|
|
56
|
+
const config_1 = require("../config");
|
|
57
|
+
const types_1 = require("../types");
|
|
59
58
|
const util_1 = require("../util");
|
|
60
|
-
const
|
|
59
|
+
const index_1 = require("./index");
|
|
61
60
|
let privateKey;
|
|
62
61
|
var TokenType;
|
|
63
62
|
(function (TokenType) {
|
|
@@ -67,10 +66,21 @@ var TokenType;
|
|
|
67
66
|
})(TokenType || (exports.TokenType = TokenType = {}));
|
|
68
67
|
function generateToken(authConf, username, tokenType) {
|
|
69
68
|
if (!privateKey) {
|
|
70
|
-
|
|
69
|
+
try {
|
|
70
|
+
privateKey = fs.readFileSync(authConf.privateKeyLocation);
|
|
71
|
+
}
|
|
72
|
+
catch (error) {
|
|
73
|
+
util_1.logger.crit(`Failed to read private key: ${error.message}`);
|
|
74
|
+
process.exit(1);
|
|
75
|
+
}
|
|
76
|
+
if (!privateKey) {
|
|
77
|
+
util_1.logger.crit("Failed to read private key: No data");
|
|
78
|
+
process.exit(1);
|
|
79
|
+
}
|
|
71
80
|
}
|
|
72
|
-
if (!authConf
|
|
73
|
-
|
|
81
|
+
if (!authConf) {
|
|
82
|
+
util_1.logger.crit("No authentication configuration provided");
|
|
83
|
+
process.exit(1);
|
|
74
84
|
}
|
|
75
85
|
const payload = {
|
|
76
86
|
iss: authConf.issuer,
|
|
@@ -88,7 +98,7 @@ function generateToken(authConf, username, tokenType) {
|
|
|
88
98
|
payload.scripting = true;
|
|
89
99
|
options.expiresIn = authConf.scriptingTokenAge;
|
|
90
100
|
}
|
|
91
|
-
return
|
|
101
|
+
return jsonwebtoken_1.default.sign(payload, privateKey, options);
|
|
92
102
|
}
|
|
93
103
|
function addTokensToResponse(res, authConf, username) {
|
|
94
104
|
const refreshToken = generateToken(authConf, username, TokenType.Refresh);
|
|
@@ -109,8 +119,10 @@ function addTokensToResponse(res, authConf, username) {
|
|
|
109
119
|
function generateLocalVerifier(verifierMap, authConf) {
|
|
110
120
|
const publicKey = fs.readFileSync(authConf.publicKeyLocation);
|
|
111
121
|
verifierMap.set(authConf.issuer, cookieString => {
|
|
112
|
-
const payload =
|
|
113
|
-
|
|
122
|
+
const payload = jsonwebtoken_1.default.verify(cookieString, publicKey, {
|
|
123
|
+
algorithm: authConf.keyAlgorithm
|
|
124
|
+
});
|
|
125
|
+
if (typeof payload !== "string" && payload.iss === authConf.issuer) {
|
|
114
126
|
return payload;
|
|
115
127
|
}
|
|
116
128
|
else {
|
|
@@ -130,12 +142,15 @@ function generateLocalRefreshHandler(authConf) {
|
|
|
130
142
|
next({ statusCode: 403, message: "Not authorized" });
|
|
131
143
|
}
|
|
132
144
|
else if (scriptingToken && config_1.ServerConfig.scriptingAccess !== types_1.ScriptingAccess.Enabled) {
|
|
133
|
-
next({
|
|
145
|
+
next({
|
|
146
|
+
statusCode: 500,
|
|
147
|
+
message: "Scripting access not enabled for this server"
|
|
148
|
+
});
|
|
134
149
|
}
|
|
135
150
|
else {
|
|
136
151
|
const uid = (0, util_1.getUserId)(refreshToken.username);
|
|
137
152
|
const access_token = generateToken(authConf, refreshToken.username, scriptingToken ? TokenType.Scripting : TokenType.Access);
|
|
138
|
-
|
|
153
|
+
util_1.logger.info(`Refreshed ${scriptingToken ? "scripting" : "access"} token for user ${refreshToken.username} with uid ${uid}`);
|
|
139
154
|
res.json({
|
|
140
155
|
access_token,
|
|
141
156
|
token_type: "bearer",
|
|
@@ -145,6 +160,7 @@ function generateLocalRefreshHandler(authConf) {
|
|
|
145
160
|
}
|
|
146
161
|
}
|
|
147
162
|
catch (err) {
|
|
163
|
+
util_1.logger.debug(err);
|
|
148
164
|
next({ statusCode: 400, message: "Invalid refresh token" });
|
|
149
165
|
}
|
|
150
166
|
}
|
package/dist/auth/local.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/auth/local.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/auth/local.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA,sCAqCC;AAED,kDAiBC;AAED,sDAYC;AAED,kEAiCC;AA1HD,4CAA8B;AAE9B,gEAAsE;AACtE,4CAAoB;AACpB,sCAAsD;AACtD,oCAAsG;AACtG,kCAA0C;AAC1C,mCAAoC;AAEpC,IAAI,UAAkB,CAAC;AAEvB,IAAY,SAIX;AAJD,WAAY,SAAS;IACjB,6CAAM,CAAA;IACN,+CAAO,CAAA;IACP,mDAAS,CAAA;AACb,CAAC,EAJW,SAAS,yBAAT,SAAS,QAIpB;AAED,SAAgB,aAAa,CAAC,QAA8B,EAAE,QAAgB,EAAE,SAAoB;IAChG,IAAI,CAAC,UAAU,EAAE,CAAC;QACd,IAAI,CAAC;YACD,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;QAC9D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,aAAM,CAAC,IAAI,CAAC,+BAA+B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,aAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACL,CAAC;IACD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,aAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,MAAM,OAAO,GAAiB;QAC1B,GAAG,EAAE,QAAQ,CAAC,MAAM;QACpB,QAAQ;KACX,CAAC;IAEF,MAAM,OAAO,GAAoB;QAC7B,SAAS,EAAE,QAAQ,CAAC,YAAY;QAChC,SAAS,EAAE,QAAQ,CAAC,cAAc;KACrC,CAAC;IAEF,IAAI,SAAS,KAAK,SAAS,CAAC,OAAO,EAAE,CAAC;QAClC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;QACvB,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;IACjD,CAAC;SAAM,IAAI,SAAS,KAAK,SAAS,CAAC,SAAS,EAAE,CAAC;QAC3C,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,iBAAiB,CAAC;IACnD,CAAC;IAED,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC;AAED,SAAgB,mBAAmB,CAAC,GAAqB,EAAE,QAA8B,EAAE,QAAgB;IACvG,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;IAC1E,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,EAAE;QACtC,IAAI,EAAE,sBAAa,CAAC,QAAQ;QAC5B,MAAM,EAAE,IAAA,YAAE,EAAC,QAAQ,CAAC,eAAyB,CAAC;QAC9C,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;QAC9B,QAAQ,EAAE,QAAQ;KACrB,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAEzE,GAAG,CAAC,IAAI,CAAC;QACL,YAAY;QACZ,UAAU,EAAE,QAAQ;QACpB,UAAU,EAAE,IAAA,YAAE,EAAC,QAAQ,CAAC,cAAwB,CAAC,GAAG,IAAI;KAC3D,CAAC,CAAC;AACP,CAAC;AAED,SAAgB,qBAAqB,CAAC,WAAkC,EAAE,QAA8B;IACpG,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAC9D,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE;QAC5C,MAAM,OAAO,GAAwB,sBAAG,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,EAAE;YACrE,SAAS,EAAE,QAAQ,CAAC,YAAY;SAClB,CAAC,CAAC;QACpB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;YACjE,OAAO,OAAO,CAAC;QACnB,CAAC;aAAM,CAAC;YACJ,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAgB,2BAA2B,CAAC,QAA8B;IACtE,OAAO,CAAO,GAAoB,EAAE,GAAqB,EAAE,IAA0B,EAAE,EAAE;;QACrF,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QACpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACD,MAAM,YAAY,GAAG,MAAM,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC;gBAC3D,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;oBACnE,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;gBACvD,CAAC;qBAAM,IAAI,cAAc,IAAI,qBAAY,CAAC,eAAe,KAAK,uBAAe,CAAC,OAAO,EAAE,CAAC;oBACpF,IAAI,CAAC;wBACD,UAAU,EAAE,GAAG;wBACf,OAAO,EAAE,8CAA8C;qBAC1D,CAAC,CAAC;gBACP,CAAC;qBAAM,CAAC;oBACJ,MAAM,GAAG,GAAG,IAAA,gBAAS,EAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;oBAC7C,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;oBAC7H,aAAM,CAAC,IAAI,CAAC,aAAa,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,mBAAmB,YAAY,CAAC,QAAQ,aAAa,GAAG,EAAE,CAAC,CAAC;oBAC5H,GAAG,CAAC,IAAI,CAAC;wBACL,YAAY;wBACZ,UAAU,EAAE,QAAQ;wBACpB,QAAQ,EAAE,YAAY,CAAC,QAAQ;wBAC/B,UAAU,EAAE,IAAA,YAAE,EAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAE,QAAQ,CAAC,cAAyB,CAAC,GAAG,IAAI;qBAC3G,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAClB,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;YAC9D,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;QAC9D,CAAC;IACL,CAAC,CAAA,CAAC;AACN,CAAC"}
|