carta-controller 5.1.1 → 6.0.0-beta.1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/build.yml +43 -0
- package/COPYING.md +636 -0
- package/biome.jsonc +37 -0
- package/dist/auth/external.js +10 -4
- package/dist/auth/external.js.map +1 -1
- package/dist/auth/google.js +18 -11
- package/dist/auth/google.js.map +1 -1
- package/dist/auth/index.js +12 -12
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/ldap.js +6 -3
- package/dist/auth/ldap.js.map +1 -1
- package/dist/auth/local.js +30 -14
- package/dist/auth/local.js.map +1 -1
- package/dist/auth/oidc.js +95 -91
- package/dist/auth/oidc.js.map +1 -1
- package/dist/auth/oidcRefreshManager.js +21 -24
- package/dist/auth/oidcRefreshManager.js.map +1 -1
- package/dist/auth/pam.js +8 -5
- package/dist/auth/pam.js.map +1 -1
- package/dist/config.js +17 -16
- package/dist/controllerTests.js +10 -10
- package/dist/database.js +50 -22
- package/dist/index.js +24 -23
- package/dist/serverHandlers.js +70 -33
- package/dist/util.js +14 -5
- package/npm-shrinkwrap.json +4855 -20113
- package/package.json +12 -9
- package/public/dashboard.js +47 -48
- package/public/templated.css +155 -143
- package/test/auth.external.test.ts +19 -18
- package/.prettierrc.json +0 -18
package/dist/auth/oidc.js
CHANGED
|
@@ -51,12 +51,12 @@ exports.generateLocalOidcVerifier = generateLocalOidcVerifier;
|
|
|
51
51
|
exports.oidcLoginStart = oidcLoginStart;
|
|
52
52
|
exports.oidcCallbackHandler = oidcCallbackHandler;
|
|
53
53
|
exports.oidcLogoutHandler = oidcLogoutHandler;
|
|
54
|
+
const node_crypto_1 = require("node:crypto");
|
|
55
|
+
const fs = __importStar(require("node:fs"));
|
|
54
56
|
const axios_1 = __importDefault(require("axios"));
|
|
55
|
-
const fs = __importStar(require("fs"));
|
|
56
57
|
const jose = __importStar(require("jose"));
|
|
57
|
-
const util_1 = require("../util");
|
|
58
58
|
const config_1 = require("../config");
|
|
59
|
-
const
|
|
59
|
+
const util_1 = require("../util");
|
|
60
60
|
const oidcRefreshManager_1 = require("./oidcRefreshManager");
|
|
61
61
|
let privateKey;
|
|
62
62
|
let publicKey;
|
|
@@ -71,36 +71,54 @@ function initOidc(authConf) {
|
|
|
71
71
|
return __awaiter(this, void 0, void 0, function* () {
|
|
72
72
|
var _a;
|
|
73
73
|
// Load public & private keys
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
74
|
+
try {
|
|
75
|
+
publicKey = (0, node_crypto_1.createPublicKey)(fs.readFileSync(authConf.localPublicKeyLocation));
|
|
76
|
+
}
|
|
77
|
+
catch (e) {
|
|
78
|
+
util_1.logger.crit(`Failed to read public key: ${e.message}`);
|
|
79
|
+
process.exit(1);
|
|
80
|
+
}
|
|
81
|
+
try {
|
|
82
|
+
privateKey = (0, node_crypto_1.createPrivateKey)(fs.readFileSync(authConf.localPrivateKeyLocation));
|
|
83
|
+
}
|
|
84
|
+
catch (e) {
|
|
85
|
+
util_1.logger.crit(`Failed to read private key: ${e.message}`);
|
|
86
|
+
process.exit(1);
|
|
87
|
+
}
|
|
88
|
+
try {
|
|
89
|
+
symmetricKey = (0, node_crypto_1.createSecretKey)(Buffer.from(fs.readFileSync(authConf.symmetricKeyLocation, "utf-8"), "base64"));
|
|
90
|
+
}
|
|
91
|
+
catch (e) {
|
|
92
|
+
util_1.logger.crit(`Failed to read symmetric key: ${e.message}`);
|
|
93
|
+
process.exit(1);
|
|
94
|
+
}
|
|
77
95
|
// Parse details of IdP from metadata URL
|
|
78
|
-
const idpConfig = yield axios_1.default.get(authConf.idpUrl
|
|
79
|
-
oidcAuthEndpoint = idpConfig.data
|
|
80
|
-
oidcIssuer = idpConfig.data
|
|
81
|
-
oidcLogoutEndpoint = idpConfig.data
|
|
82
|
-
oidcTokenEndpoint = idpConfig.data
|
|
96
|
+
const idpConfig = yield axios_1.default.get(`${authConf.idpUrl}/.well-known/openid-configuration`);
|
|
97
|
+
oidcAuthEndpoint = idpConfig.data.authorization_endpoint;
|
|
98
|
+
oidcIssuer = idpConfig.data.issuer;
|
|
99
|
+
oidcLogoutEndpoint = idpConfig.data.end_session_endpoint;
|
|
100
|
+
oidcTokenEndpoint = idpConfig.data.token_endpoint;
|
|
83
101
|
// Init JWKS key management
|
|
84
|
-
util_1.logger.info(`Setting up JWKS management for ${idpConfig.data
|
|
85
|
-
jwksManager = jose.createRemoteJWKSet(new URL(idpConfig.data
|
|
102
|
+
util_1.logger.info(`Setting up JWKS management for ${idpConfig.data.jwks_uri}`);
|
|
103
|
+
jwksManager = jose.createRemoteJWKSet(new URL(idpConfig.data.jwks_uri));
|
|
86
104
|
// Set logout redirect URL
|
|
87
105
|
if (authConf.postLogoutRedirect !== undefined) {
|
|
88
106
|
postLogoutRedirect = authConf.postLogoutRedirect;
|
|
89
107
|
}
|
|
90
108
|
else {
|
|
91
|
-
postLogoutRedirect = (_a = config_1.ServerConfig.serverAddress) !== null && _a !== void 0 ? _a :
|
|
109
|
+
postLogoutRedirect = (_a = config_1.ServerConfig.serverAddress) !== null && _a !== void 0 ? _a : "";
|
|
92
110
|
}
|
|
93
111
|
// Init refresh token management
|
|
94
112
|
yield (0, oidcRefreshManager_1.initRefreshManager)();
|
|
95
113
|
});
|
|
96
114
|
}
|
|
97
115
|
function returnErrorMsg(req, res, statusCode, msg) {
|
|
98
|
-
if (req.header(
|
|
116
|
+
if (req.header("accept") === "application/json") {
|
|
99
117
|
return res.status(statusCode).json({ statusCode: statusCode, message: msg });
|
|
100
118
|
}
|
|
101
119
|
else {
|
|
102
120
|
// Errors are presented to the user on the dashboard rather than returned via JSON messages
|
|
103
|
-
return res.redirect(`${new URL(`${config_1.RuntimeConfig.dashboardAddress}`, config_1.ServerConfig.serverAddress).href}?${new URLSearchParams({
|
|
121
|
+
return res.redirect(`${new URL(`${config_1.RuntimeConfig.dashboardAddress}`, config_1.ServerConfig.serverAddress).href}?${new URLSearchParams({ err: msg }).toString()}`);
|
|
104
122
|
}
|
|
105
123
|
}
|
|
106
124
|
// A helper function as initial call to the IdP token endpoint and renewals are mostly the same
|
|
@@ -112,32 +130,31 @@ function callIdpTokenEndpoint(usp_1, req_1, res_1, authConf_1) {
|
|
|
112
130
|
usp.set("scope", authConf.scope);
|
|
113
131
|
try {
|
|
114
132
|
const result = yield axios_1.default.post(`${oidcTokenEndpoint}`, usp);
|
|
115
|
-
if (result.status
|
|
133
|
+
if (result.status !== 200) {
|
|
116
134
|
return returnErrorMsg(req, res, 500, "Authentication error");
|
|
117
135
|
}
|
|
118
|
-
const { payload
|
|
119
|
-
issuer: oidcIssuer
|
|
136
|
+
const { payload } = yield jose.jwtVerify(result.data.id_token, jwksManager, {
|
|
137
|
+
issuer: oidcIssuer
|
|
120
138
|
});
|
|
121
139
|
// Check audience
|
|
122
|
-
if (payload.aud
|
|
140
|
+
if (payload.aud !== authConf.clientId) {
|
|
123
141
|
return returnErrorMsg(req, res, 500, "Service received an ID token directed to a different service");
|
|
124
142
|
}
|
|
125
143
|
// Create / retrieve session encryption key
|
|
126
144
|
if (sessionEncKey === undefined) {
|
|
127
|
-
sessionEncKey = (0,
|
|
145
|
+
sessionEncKey = (0, node_crypto_1.randomBytes)(32);
|
|
128
146
|
}
|
|
129
|
-
|
|
147
|
+
const username = payload[authConf.uniqueField];
|
|
130
148
|
if (username === undefined) {
|
|
131
149
|
return returnErrorMsg(req, res, 500, "Unable to match to a local user");
|
|
132
150
|
}
|
|
133
151
|
// Update DB to reflect new token + associated access token expiry
|
|
134
|
-
if (result.data
|
|
135
|
-
(0, oidcRefreshManager_1.setRefreshToken)(username, sessionId, result.data
|
|
152
|
+
if ("refresh_token" in result.data && result.data.refresh_token != null) {
|
|
153
|
+
(0, oidcRefreshManager_1.setRefreshToken)(username, sessionId, result.data.refresh_token, sessionEncKey, parseInt(result.data.refresh_expires_in));
|
|
136
154
|
}
|
|
137
|
-
const refreshExpiry = result.data
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
(0, oidcRefreshManager_1.setAccessTokenExpiry)(username, sessionId, parseInt(result.data['expires_in']));
|
|
155
|
+
const refreshExpiry = result.data.refresh_expires_in !== undefined ? result.data.refresh_expires_in : result.data.expires_in;
|
|
156
|
+
if ("expires_in" in result.data && result.data.expires_in != null) {
|
|
157
|
+
(0, oidcRefreshManager_1.setAccessTokenExpiry)(username, sessionId, parseInt(result.data.expires_in));
|
|
141
158
|
}
|
|
142
159
|
// Check group membership
|
|
143
160
|
if (authConf.requiredGroup !== undefined) {
|
|
@@ -160,14 +177,9 @@ function callIdpTokenEndpoint(usp_1, req_1, res_1, authConf_1) {
|
|
|
160
177
|
const refreshData = {
|
|
161
178
|
username,
|
|
162
179
|
sessionId,
|
|
163
|
-
sessionEncKey: sessionEncKey.toString(
|
|
180
|
+
sessionEncKey: sessionEncKey.toString("hex")
|
|
164
181
|
};
|
|
165
|
-
const rt = yield new jose.EncryptJWT(refreshData)
|
|
166
|
-
.setProtectedHeader({ alg: 'dir', enc: authConf.symmetricKeyType })
|
|
167
|
-
.setIssuedAt()
|
|
168
|
-
.setIssuer(authConf.issuer)
|
|
169
|
-
.setExpirationTime(`${refreshExpiry}s`)
|
|
170
|
-
.encrypt(symmetricKey);
|
|
182
|
+
const rt = yield new jose.EncryptJWT(refreshData).setProtectedHeader({ alg: "dir", enc: authConf.symmetricKeyType }).setIssuedAt().setIssuer(authConf.issuer).setExpirationTime(`${refreshExpiry}s`).encrypt(symmetricKey);
|
|
171
183
|
res.cookie("Refresh-Token", rt, {
|
|
172
184
|
path: config_1.RuntimeConfig.authPath,
|
|
173
185
|
maxAge: parseInt(refreshExpiry) * 1000,
|
|
@@ -175,8 +187,8 @@ function callIdpTokenEndpoint(usp_1, req_1, res_1, authConf_1) {
|
|
|
175
187
|
secure: !config_1.ServerConfig.httpOnly,
|
|
176
188
|
sameSite: "strict"
|
|
177
189
|
});
|
|
178
|
-
if (result.data
|
|
179
|
-
res.cookie("Logout-Token", result.data
|
|
190
|
+
if (result.data.id_token !== undefined) {
|
|
191
|
+
res.cookie("Logout-Token", result.data.id_token, {
|
|
180
192
|
path: config_1.RuntimeConfig.logoutAddress,
|
|
181
193
|
httpOnly: true,
|
|
182
194
|
secure: !config_1.ServerConfig.httpOnly,
|
|
@@ -186,32 +198,27 @@ function callIdpTokenEndpoint(usp_1, req_1, res_1, authConf_1) {
|
|
|
186
198
|
// After login redirect to the dashboard, but otherwise return a bearer token
|
|
187
199
|
if (isLogin) {
|
|
188
200
|
const loginUsp = new URLSearchParams();
|
|
189
|
-
loginUsp.set(
|
|
190
|
-
if (req.cookies
|
|
191
|
-
loginUsp.set(
|
|
192
|
-
res.cookie(
|
|
201
|
+
loginUsp.set("oidcuser", `${username}`);
|
|
202
|
+
if (req.cookies.redirectParams) {
|
|
203
|
+
loginUsp.set("redirectParams", req.cookies.redirectParams);
|
|
204
|
+
res.cookie("redirectParams", "", {
|
|
193
205
|
maxAge: 600000,
|
|
194
206
|
httpOnly: true,
|
|
195
|
-
secure: !config_1.ServerConfig.httpOnly
|
|
207
|
+
secure: !config_1.ServerConfig.httpOnly
|
|
196
208
|
});
|
|
197
209
|
}
|
|
198
210
|
return res.redirect(`${new URL(`${config_1.RuntimeConfig.dashboardAddress}`, config_1.ServerConfig.serverAddress).href}?${loginUsp.toString()}`);
|
|
199
211
|
}
|
|
200
212
|
else {
|
|
201
|
-
|
|
213
|
+
const newAccessToken = { username: `${username}` };
|
|
202
214
|
if (scriptingToken)
|
|
203
|
-
newAccessToken
|
|
204
|
-
const newAccessTokenJWT = yield new jose.SignJWT(newAccessToken)
|
|
205
|
-
.setProtectedHeader({ alg: authConf.keyAlgorithm })
|
|
206
|
-
.setIssuedAt()
|
|
207
|
-
.setIssuer(authConf.issuer)
|
|
208
|
-
.setExpirationTime(`${result.data['expires_in']}s`)
|
|
209
|
-
.sign(privateKey);
|
|
215
|
+
newAccessToken.scripting = true;
|
|
216
|
+
const newAccessTokenJWT = yield new jose.SignJWT(newAccessToken).setProtectedHeader({ alg: authConf.keyAlgorithm }).setIssuedAt().setIssuer(authConf.issuer).setExpirationTime(`${result.data.expires_in}s`).sign(privateKey);
|
|
210
217
|
return res.json({
|
|
211
218
|
access_token: newAccessTokenJWT,
|
|
212
219
|
token_type: "bearer",
|
|
213
220
|
username: payload.username,
|
|
214
|
-
expires_in: result.data
|
|
221
|
+
expires_in: result.data.expires_in
|
|
215
222
|
});
|
|
216
223
|
}
|
|
217
224
|
}
|
|
@@ -229,7 +236,7 @@ function generateLocalOidcRefreshHandler(authConf) {
|
|
|
229
236
|
if (refreshTokenCookie) {
|
|
230
237
|
try {
|
|
231
238
|
// Verify that the token is legit
|
|
232
|
-
const { payload
|
|
239
|
+
const { payload } = yield jose.jwtDecrypt(refreshTokenCookie, symmetricKey, {
|
|
233
240
|
issuer: authConf.issuer
|
|
234
241
|
});
|
|
235
242
|
try {
|
|
@@ -238,18 +245,19 @@ function generateLocalOidcRefreshHandler(authConf) {
|
|
|
238
245
|
}
|
|
239
246
|
}
|
|
240
247
|
catch (err) {
|
|
248
|
+
util_1.logger.debug(err);
|
|
241
249
|
return returnErrorMsg(req, res, 500, "Locking error");
|
|
242
250
|
}
|
|
243
251
|
try {
|
|
244
252
|
// Check if access token validity is there and at least cacheAccessTokenMinValidity seconds from expiry
|
|
245
253
|
const remainingValidity = yield (0, oidcRefreshManager_1.getAccessTokenExpiry)(payload.username, payload.sessionId);
|
|
246
254
|
if (remainingValidity > authConf.cacheAccessTokenMinValidity) {
|
|
247
|
-
|
|
248
|
-
username: payload.username
|
|
255
|
+
const newAccessToken = {
|
|
256
|
+
username: `${payload.username}`,
|
|
249
257
|
expires_in: remainingValidity
|
|
250
258
|
};
|
|
251
259
|
if (scriptingToken)
|
|
252
|
-
newAccessToken
|
|
260
|
+
newAccessToken.scripting = true;
|
|
253
261
|
const newAccessTokenJWT = yield new jose.SignJWT(newAccessToken)
|
|
254
262
|
.setProtectedHeader({ alg: authConf.keyAlgorithm })
|
|
255
263
|
.setIssuedAt()
|
|
@@ -266,10 +274,10 @@ function generateLocalOidcRefreshHandler(authConf) {
|
|
|
266
274
|
else {
|
|
267
275
|
// Need to request a new token from upstream
|
|
268
276
|
const usp = new URLSearchParams();
|
|
269
|
-
const sessionEncKey = Buffer.from(`${payload === null || payload === void 0 ? void 0 : payload.sessionEncKey}`,
|
|
277
|
+
const sessionEncKey = Buffer.from(`${payload === null || payload === void 0 ? void 0 : payload.sessionEncKey}`, "hex");
|
|
270
278
|
usp.set("grant_type", "refresh_token");
|
|
271
279
|
usp.set("refresh_token", `${yield (0, oidcRefreshManager_1.getRefreshToken)(payload.username, payload.sessionId, sessionEncKey)}`);
|
|
272
|
-
return yield callIdpTokenEndpoint(usp, req, res, authConf, scriptingToken, false, `${payload
|
|
280
|
+
return yield callIdpTokenEndpoint(usp, req, res, authConf, scriptingToken, false, `${payload.sessionId}`, sessionEncKey);
|
|
273
281
|
}
|
|
274
282
|
}
|
|
275
283
|
finally {
|
|
@@ -277,6 +285,7 @@ function generateLocalOidcRefreshHandler(authConf) {
|
|
|
277
285
|
}
|
|
278
286
|
}
|
|
279
287
|
catch (err) {
|
|
288
|
+
util_1.logger.debug(err);
|
|
280
289
|
return returnErrorMsg(req, res, 400, "Invalid refresh token");
|
|
281
290
|
}
|
|
282
291
|
}
|
|
@@ -300,43 +309,38 @@ function oidcLoginStart(req, res, authConf) {
|
|
|
300
309
|
try {
|
|
301
310
|
const usp = new URLSearchParams();
|
|
302
311
|
// Generate PKCE verifier & challenge
|
|
303
|
-
const
|
|
304
|
-
const
|
|
305
|
-
|
|
306
|
-
.setProtectedHeader({ alg: 'RSA-OAEP', enc: 'A128GCM' })
|
|
307
|
-
.encrypt(publicKey);
|
|
308
|
-
res.cookie('oidcVerifier', encryptedCodeVerifier, {
|
|
312
|
+
const codeVerifier = (0, util_1.generateUrlSafeString)(64);
|
|
313
|
+
const encryptedCodeVerifier = yield new jose.CompactEncrypt(new TextEncoder().encode(codeVerifier)).setProtectedHeader({ alg: "RSA-OAEP", enc: "A128GCM" }).encrypt(publicKey);
|
|
314
|
+
res.cookie("oidcVerifier", encryptedCodeVerifier, {
|
|
309
315
|
maxAge: 600000,
|
|
310
316
|
httpOnly: true,
|
|
311
|
-
secure: !config_1.ServerConfig.httpOnly
|
|
317
|
+
secure: !config_1.ServerConfig.httpOnly
|
|
312
318
|
});
|
|
313
|
-
const codeChallenge = (0,
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
usp.set('code_challenge_method', 'S256');
|
|
317
|
-
usp.set('code_challenge', codeChallenge);
|
|
319
|
+
const codeChallenge = (0, node_crypto_1.createHash)("sha256").update(codeVerifier, "utf-8").digest("base64url");
|
|
320
|
+
usp.set("code_challenge_method", "S256");
|
|
321
|
+
usp.set("code_challenge", codeChallenge);
|
|
318
322
|
// Create session key
|
|
319
|
-
const sessionId =
|
|
320
|
-
res.cookie(
|
|
323
|
+
const sessionId = (0, util_1.generateUrlSafeString)(32);
|
|
324
|
+
res.cookie("sessionId", sessionId, {
|
|
321
325
|
maxAge: 600000,
|
|
322
326
|
httpOnly: true,
|
|
323
|
-
secure: !config_1.ServerConfig.httpOnly
|
|
327
|
+
secure: !config_1.ServerConfig.httpOnly
|
|
324
328
|
});
|
|
325
|
-
usp.set(
|
|
326
|
-
usp.set(
|
|
327
|
-
usp.set(
|
|
328
|
-
usp.set(
|
|
329
|
-
usp.set(
|
|
329
|
+
usp.set("state", sessionId);
|
|
330
|
+
usp.set("client_id", authConf.clientId);
|
|
331
|
+
usp.set("redirect_uri", new URL(`${config_1.RuntimeConfig.apiAddress}/auth/oidcCallback`, config_1.ServerConfig.serverAddress).href);
|
|
332
|
+
usp.set("response_type", "code");
|
|
333
|
+
usp.set("scope", authConf.scope);
|
|
330
334
|
// Allow arbitrary params to be passed for IdPs like Google that require additional ones
|
|
331
335
|
for (const item of authConf.additionalAuthParams) {
|
|
332
336
|
usp.set(item[0], item[1]);
|
|
333
337
|
}
|
|
334
338
|
// Store redirectParams to redirect post-login
|
|
335
|
-
if (
|
|
336
|
-
res.cookie(
|
|
339
|
+
if ("redirectParams" in req.query) {
|
|
340
|
+
res.cookie("redirectParams", req.query.redirectParams, {
|
|
337
341
|
maxAge: 600000,
|
|
338
342
|
httpOnly: true,
|
|
339
|
-
secure: !config_1.ServerConfig.httpOnly
|
|
343
|
+
secure: !config_1.ServerConfig.httpOnly
|
|
340
344
|
});
|
|
341
345
|
}
|
|
342
346
|
// Return redirect
|
|
@@ -352,25 +356,25 @@ function oidcCallbackHandler(req, res, authConf) {
|
|
|
352
356
|
return __awaiter(this, void 0, void 0, function* () {
|
|
353
357
|
try {
|
|
354
358
|
const usp = new URLSearchParams();
|
|
355
|
-
if (req.cookies
|
|
359
|
+
if (req.cookies.oidcVerifier === undefined) {
|
|
356
360
|
return returnErrorMsg(req, res, 400, "Missing OIDC verifier");
|
|
357
361
|
}
|
|
358
|
-
if (req.cookies
|
|
362
|
+
if (req.cookies.sessionId === undefined) {
|
|
359
363
|
return returnErrorMsg(req, res, 400, "Missing session ID");
|
|
360
364
|
}
|
|
361
|
-
else if (req.cookies
|
|
365
|
+
else if (`${req.cookies.sessionId}` !== `${req.query.state}`) {
|
|
362
366
|
return returnErrorMsg(req, res, 400, "Invalid session ID");
|
|
363
367
|
}
|
|
364
368
|
else {
|
|
365
|
-
res.clearCookie(
|
|
369
|
+
res.clearCookie("sessionId");
|
|
366
370
|
}
|
|
367
|
-
const decryptedCodeVerifier = yield jose.compactDecrypt(req.cookies
|
|
371
|
+
const decryptedCodeVerifier = yield jose.compactDecrypt(req.cookies.oidcVerifier, privateKey);
|
|
368
372
|
const codeVerifier = new TextDecoder().decode(decryptedCodeVerifier.plaintext);
|
|
369
|
-
usp.set(
|
|
373
|
+
usp.set("code_verifier", codeVerifier);
|
|
370
374
|
res.clearCookie("oidcVerifier");
|
|
371
375
|
usp.set("code", `${req.query.code}`);
|
|
372
376
|
usp.set("grant_type", "authorization_code");
|
|
373
|
-
usp.set(
|
|
377
|
+
usp.set("redirect_uri", new URL(`${config_1.RuntimeConfig.apiAddress}/auth/oidcCallback`, config_1.ServerConfig.serverAddress).href);
|
|
374
378
|
return yield callIdpTokenEndpoint(usp, req, res, authConf, false, true, `${req.query.state}`, undefined);
|
|
375
379
|
}
|
|
376
380
|
catch (err) {
|
|
@@ -391,11 +395,11 @@ function oidcLogoutHandler(req, res) {
|
|
|
391
395
|
});
|
|
392
396
|
if (oidcLogoutEndpoint !== undefined) {
|
|
393
397
|
// Redirect to the IdP to perform the logout
|
|
394
|
-
|
|
395
|
-
if (req.cookies[
|
|
396
|
-
usp.set(
|
|
398
|
+
const usp = new URLSearchParams();
|
|
399
|
+
if (req.cookies["Logout-Token"] !== undefined) {
|
|
400
|
+
usp.set("id_token_hint", req.cookies["Logout-Token"]);
|
|
397
401
|
}
|
|
398
|
-
usp.set(
|
|
402
|
+
usp.set("post_logout_redirect_uri", postLogoutRedirect);
|
|
399
403
|
res.cookie("Logout-Token", "", {
|
|
400
404
|
path: config_1.RuntimeConfig.logoutAddress,
|
|
401
405
|
maxAge: 0,
|
package/dist/auth/oidc.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../src/auth/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,4BA2BC;AAiJD,0EA6DC;AAED,8DASC;AAED,wCAwDC;AAED,kDA6BC;AAED,8CAoCC;AA5YD,kDAA0B;AAE1B,uCAAyB;AACzB,2CAA6B;AAG7B,kCAAiC;AAEjC,sCAAsD;AAEtD,mCAAgH;AAChH,6DAA2L;AAE3L,IAAI,UAAqB,CAAC;AAC1B,IAAI,SAAoB,CAAC;AACzB,IAAI,YAAuB,CAAC;AAC5B,IAAI,WAA6E,CAAC;AAElF,IAAI,gBAAwB,CAAC;AAC7B,IAAI,UAAkB,CAAC;AACvB,IAAI,kBAA0B,CAAC;AAC/B,IAAI,iBAAyB,CAAC;AAE9B,IAAI,kBAA0B,CAAC;AAE/B,SAAsB,QAAQ,CAAC,QAA6B;;;QACxD,6BAA6B;QAC7B,SAAS,GAAG,IAAA,wBAAe,EAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAC9E,UAAU,GAAG,IAAA,yBAAgB,EAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CAAC;QACjF,YAAY,GAAG,IAAA,wBAAe,EAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAE/G,yCAAyC;QACzC,MAAM,SAAS,GAAG,MAAM,eAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,mCAAmC,CAAC,CAAC;QACzF,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAC5D,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtC,kBAAkB,GAAG,SAAS,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC5D,iBAAiB,GAAG,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAErD,2BAA2B;QAC3B,aAAM,CAAC,IAAI,CAAC,kCAAkC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC5E,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAE3E,0BAA0B;QAC1B,IAAI,QAAQ,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAC5C,kBAAkB,GAAG,QAAQ,CAAC,kBAAkB,CAAC;QACrD,CAAC;aACI,CAAC;YACF,kBAAkB,GAAG,MAAA,qBAAY,CAAC,aAAa,mCAAI,EAAE,CAAC;QAC1D,CAAC;QAED,gCAAgC;QAChC,MAAM,IAAA,uCAAkB,GAAE,CAAC;IAC/B,CAAC;CAAA;AAED,SAAS,cAAc,CAAE,GAAY,EAAE,GAAa,EAAE,UAAkB,EAAE,GAAW;IACjF,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,kBAAkB,EAAE,CAAC;QAC7C,OAAO,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAA;IAChF,CAAC;SACI,CAAC;QACF,2FAA2F;QAC3F,OAAO,GAAG,CAAC,QAAQ,CACf,GAAG,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,IAAI,eAAe,CAAC,EAAC,KAAK,EAAC,GAAG,EAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,CACpI,CAAC;IACN,CAAC;AACL,CAAC;AAED,+FAA+F;AAC/F,SAAe,oBAAoB;yDAAE,GAAoB,EAAE,GAAY,EAAE,GAAa,EACjD,QAA6B,EAAE,iBAA0B,KAAK,EAC9D,UAAmB,KAAK,EAAE,SAAiB,EAAE,aAAiC;QAE/G,sCAAsC;QACtC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,YAAY,CAAC,CAAC;QAChD,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;QAEjC,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,eAAK,CAAC,IAAI,CAAC,GAAG,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;gBACvB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,sBAAsB,CAAC,CAAC;YACjE,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,WAAW,EAAE;gBAC5F,MAAM,EAAE,UAAU;aACrB,CAAC,CAAC;YAEH,iBAAiB;YACjB,IAAI,OAAO,CAAC,GAAG,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACnC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8DAA8D,CAAC,CAAC;YACzG,CAAC;YAED,2CAA2C;YAC3C,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC9B,aAAa,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;YACpC,CAAC;YAED,IAAI,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC7C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACzB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,iCAAiC,CAAC,CAAC;YAC5E,CAAC;YAED,kEAAkE;YAClE,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC7C,IAAA,oCAAe,EAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EACjD,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;YAChF,CAAC;YAED,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACtI,uGAAuG;YACvG,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC1C,IAAA,yCAAoB,EAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACnF,CAAC;YAED,yBAAyB;YACzB,IAAI,QAAQ,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBACvC,IAAI,OAAO,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,SAAS,EAAE,CAAC;oBACnD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,mDAAmD,CAAC,CAAC;gBAC9F,CAAC;gBACD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;gBACrD,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC3B,MAAM,SAAS,GAAa,SAAS,CAAC;oBACtC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,aAAa,EAAE,CAAC,EAAE,CAAC;wBACnD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,4BAA4B,CAAC,CAAC;oBACvE,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACJ,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wCAAwC,CAAC,CAAC;gBACnF,CAAC;YACL,CAAC;YAED,sBAAsB;YACtB,mGAAmG;YACnG,MAAM,WAAW,GAAG;gBAChB,QAAQ;gBACR,SAAS;gBACT,aAAa,EAAE,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC;aAC/C,CAAC;YACF,MAAM,EAAE,GAAG,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;iBAC5C,kBAAkB,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,gBAAgB,EAAE,CAAC;iBAClE,WAAW,EAAE;iBACb,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;iBAC1B,iBAAiB,CAAC,GAAG,aAAa,GAAG,CAAC;iBACtC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC3B,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;gBAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,GAAG,IAAI;gBACtC,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;gBACxC,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;oBAChD,IAAI,EAAE,sBAAa,CAAC,aAAa;oBACjC,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;oBAC9B,QAAQ,EAAE,QAAQ;iBACrB,CAAC,CAAC;YACP,CAAC;YAED,6EAA6E;YAC7E,IAAI,OAAO,EAAE,CAAC;gBACV,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;gBACvC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAC,GAAG,QAAQ,EAAE,CAAC,CAAC;gBACvC,IAAI,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBAChC,QAAQ,CAAC,GAAG,CAAC,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;oBAC9D,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,EAAE,EAAE;wBAC7B,MAAM,EAAE,MAAM;wBACd,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;qBACjC,CAAC,CAAC;gBACP,CAAC;gBACD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACnI,CAAC;iBACI,CAAC;gBACF,IAAI,cAAc,GAAG,EAAE,QAAQ,EAAE,CAAC;gBAClC,IAAI,cAAc;oBACd,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC;gBACvC,MAAM,iBAAiB,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;qBAC3D,kBAAkB,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC;qBAClD,WAAW,EAAE;qBACb,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;qBAC1B,iBAAiB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;qBAClD,IAAI,CAAC,UAAU,CAAC,CAAC;gBACtB,OAAO,GAAG,CAAC,IAAI,CAAC;oBACZ,YAAY,EAAE,iBAAiB;oBAC/B,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;iBACxC,CAAC,CAAC;YACP,CAAC;QAEL,CAAC;QAAC,OAAM,GAAG,EAAE,CAAC;YACV,aAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,gDAAgD,CAAC,CAAC;QAC3F,CAAC;IACL,CAAC;CAAA;AAED,SAAgB,+BAA+B,CAAE,QAA6B;IAC1E,OAAO,CAAO,GAAY,EAAE,GAAa,EAAE,EAAE;;QACzC,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QAEpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACD,iCAAiC;gBACjC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,YAAY,EAAE;oBACzF,MAAM,EAAE,QAAQ,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,IAAI,CAAC;oBACD,IAAI,CAAE,CAAA,MAAM,IAAA,uCAAkB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAC,EAAE,CAAC,CAAA,EAAE,CAAC;wBACpD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,mCAAmC,CAAC,CAAC;oBAC9E,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACX,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;gBAC1D,CAAC;gBAED,IAAI,CAAC;oBACD,uGAAuG;oBACvG,MAAM,iBAAiB,GAAG,MAAM,IAAA,yCAAoB,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;oBAC1F,IAAI,iBAAiB,GAAG,QAAQ,CAAC,2BAA2B,EAAE,CAAC;wBAC3D,IAAI,cAAc,GAAG;4BACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,UAAU,EAAE,iBAAiB;yBAChC,CAAC;wBACF,IAAI,cAAc;4BACd,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC;wBACvC,MAAM,iBAAiB,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;6BAC3D,kBAAkB,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC;6BAClD,WAAW,EAAE;6BACb,SAAS,CAAC,GAAG,MAAA,qBAAY,CAAC,aAAa,CAAC,IAAI,0CAAE,MAAM,EAAE,CAAC;6BACvD,iBAAiB,CAAC,GAAG,iBAAiB,GAAG,CAAC;6BAC1C,IAAI,CAAC,UAAU,CAAC,CAAC;wBAEtB,OAAO,GAAG,CAAC,IAAI,CAAC;4BACZ,YAAY,EAAE,iBAAiB;4BAC/B,UAAU,EAAE,QAAQ;4BACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,UAAU,EAAE,iBAAiB;yBAChC,CAAC,CAAC;oBACP,CAAC;yBAAM,CAAC;wBACJ,4CAA4C;wBAC5C,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;wBAClC,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;wBACtE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;wBACvC,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,MAAM,IAAA,oCAAe,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;wBACzG,OAAO,MAAM,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;oBAChI,CAAC;gBACL,CAAC;wBAAS,CAAC;oBACP,MAAM,IAAA,uCAAkB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC;gBACjD,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;YAClE,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QAClE,CAAC;IACL,CAAC,CAAA,CAAA;AACL,CAAC;AAED,SAAgB,yBAAyB,CAAE,WAAkC,EAAE,QAA6B;IACxG,wEAAwE;IACxE,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAM,YAAY,EAAC,EAAE;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,EAAE;YAC1D,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;SACtC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,OAAO,CAAC;IAC1B,CAAC,CAAA,CAAC,CAAC;AACP,CAAC;AAED,SAAsB,cAAc,CAAE,GAAY,EAAE,GAAa,EAAE,QAA6B;;QAC5F,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;YAElC,qCAAqC;YACrC,MAAM,YAAY,GAAG,oEAAoE,CAAC;YAC1F,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,EAAC,MAAM,EAAC,EAAE,EAAC,EAAE,CAAC,CAAC,EAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC9H,MAAM,qBAAqB,GAAG,MAAM,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;iBAC9D,kBAAkB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;iBACvD,OAAO,CAAC,SAAS,CAAC,CAAC;YAExD,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,qBAAqB,EAAE;gBAC9C,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;aACjC,CAAC,CAAC;YACH,MAAM,aAAa,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC;iBACrB,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC;iBAC7B,MAAM,CAAC,WAAW,CAAC,CAAA;YACxC,GAAG,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;YACzC,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;YAEzC,qBAAqB;YACrB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,EAAC,MAAM,EAAC,EAAE,EAAC,EAAE,CAAC,CAAC,EAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3H,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;aACjC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAE5B,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxC,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,IAAI,GAAG,CAAC,sBAAa,CAAC,UAAU,GAAG,oBAAoB,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACrH,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACjC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEjC,wFAAwF;YACxF,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,oBAAoB,EAAE,CAAC;gBAC/C,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;YAC5B,CAAC;YAED,8CAA8C;YAC9C,IAAI,gBAAgB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAChC,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE;oBACtD,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;iBACjC,CAAC,CAAC;YACP,CAAC;YAED,kBAAkB;YAClB,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,gBAAgB,IAAI,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,mBAAmB,CAAC,GAAY,EAAE,GAAa,EAAE,QAA6B;;QAChG,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;YAElC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC5C,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,SAAS,EAAE,CAAC;gBACzC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAC/D,CAAC;iBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;gBAC1D,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YACjC,CAAC;YAED,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,UAAU,CAAC,CAAC;YACjG,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC;YAE/E,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;YACvC,GAAG,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YAChC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACrC,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;YAC5C,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,IAAI,GAAG,CAAC,sBAAa,CAAC,UAAU,GAAG,oBAAoB,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAErH,OAAO,MAAM,oBAAoB,CAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9G,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,iBAAiB,CAAC,GAAY,EAAE,GAAa;;QAC/D,IAAI,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;gBAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBACnC,4CAA4C;gBAC5C,IAAI,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;gBAChC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,SAAS,EAAE,CAAC;oBAC5C,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAA;gBACzD,CAAC;gBAED,GAAG,CAAC,GAAG,CAAC,0BAA0B,EAAE,kBAAkB,CAAC,CAAC;gBAExD,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,EAAE;oBAC3B,IAAI,EAAE,sBAAa,CAAC,aAAa;oBACjC,MAAM,EAAE,CAAC;oBACT,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;oBAC9B,QAAQ,EAAE,QAAQ;iBACrB,CAAC,CAAC;gBAEH,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,kBAAkB,IAAI,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAEnE,CAAC;iBAAM,CAAC;gBACJ,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,qBAAY,CAAC,aAAa,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA"}
|
|
1
|
+
{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../src/auth/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuBA,4BAyCC;AA4HD,0EA8DC;AAED,8DASC;AAED,wCAmDC;AAED,kDA6BC;AAED,8CAmCC;AA9XD,6CAAwH;AACxH,4CAA8B;AAC9B,kDAA0B;AAE1B,2CAA6B;AAE7B,sCAAsD;AAEtD,kCAAsD;AACtD,6DAA8K;AAE9K,IAAI,UAAqB,CAAC;AAC1B,IAAI,SAAoB,CAAC;AACzB,IAAI,YAAuB,CAAC;AAC5B,IAAI,WAA6E,CAAC;AAElF,IAAI,gBAAwB,CAAC;AAC7B,IAAI,UAAkB,CAAC;AACvB,IAAI,kBAA0B,CAAC;AAC/B,IAAI,iBAAyB,CAAC;AAE9B,IAAI,kBAA0B,CAAC;AAE/B,SAAsB,QAAQ,CAAC,QAA6B;;;QACxD,6BAA6B;QAC7B,IAAI,CAAC;YACD,SAAS,GAAG,IAAA,6BAAe,EAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAClF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QACD,IAAI,CAAC;YACD,UAAU,GAAG,IAAA,8BAAgB,EAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QACD,IAAI,CAAC;YACD,YAAY,GAAG,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QACnH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QAED,yCAAyC;QACzC,MAAM,SAAS,GAAG,MAAM,eAAK,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,MAAM,mCAAmC,CAAC,CAAC;QACzF,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,sBAAsB,CAAC;QACzD,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;QACnC,kBAAkB,GAAG,SAAS,CAAC,IAAI,CAAC,oBAAoB,CAAC;QACzD,iBAAiB,GAAG,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC;QAElD,2BAA2B;QAC3B,aAAM,CAAC,IAAI,CAAC,kCAAkC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzE,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAExE,0BAA0B;QAC1B,IAAI,QAAQ,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAC5C,kBAAkB,GAAG,QAAQ,CAAC,kBAAkB,CAAC;QACrD,CAAC;aAAM,CAAC;YACJ,kBAAkB,GAAG,MAAA,qBAAY,CAAC,aAAa,mCAAI,EAAE,CAAC;QAC1D,CAAC;QAED,gCAAgC;QAChC,MAAM,IAAA,uCAAkB,GAAE,CAAC;IAC/B,CAAC;CAAA;AAED,SAAS,cAAc,CAAC,GAAY,EAAE,GAAa,EAAE,UAAkB,EAAE,GAAW;IAChF,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC9C,OAAO,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAC,CAAC,CAAC;IAC/E,CAAC;SAAM,CAAC;QACJ,2FAA2F;QAC3F,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,IAAI,eAAe,CAAC,EAAC,GAAG,EAAE,GAAG,EAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC1J,CAAC;AACL,CAAC;AAED,+FAA+F;AAC/F,SAAe,oBAAoB;yDAAC,GAAoB,EAAE,GAAY,EAAE,GAAa,EAAE,QAA6B,EAAE,iBAA0B,KAAK,EAAE,UAAmB,KAAK,EAAE,SAAiB,EAAE,aAAiC;QACjO,sCAAsC;QACtC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,YAAY,CAAC,CAAC;QAChD,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;QAEjC,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,eAAK,CAAC,IAAI,CAAC,GAAG,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACxB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,sBAAsB,CAAC,CAAC;YACjE,CAAC;YAED,MAAM,EAAC,OAAO,EAAC,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,EAAE;gBACtE,MAAM,EAAE,UAAU;aACrB,CAAC,CAAC;YAEH,iBAAiB;YACjB,IAAI,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACpC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8DAA8D,CAAC,CAAC;YACzG,CAAC;YAED,2CAA2C;YAC3C,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC9B,aAAa,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC;YACpC,CAAC;YAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC/C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACzB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,iCAAiC,CAAC,CAAC;YAC5E,CAAC;YAED,kEAAkE;YAClE,IAAI,eAAe,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,EAAE,CAAC;gBACtE,IAAA,oCAAe,EAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAC7H,CAAC;YAED,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7H,IAAI,YAAY,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC;gBAChE,IAAA,yCAAoB,EAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAChF,CAAC;YAED,yBAAyB;YACzB,IAAI,QAAQ,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBACvC,IAAI,OAAO,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,SAAS,EAAE,CAAC;oBACnD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,mDAAmD,CAAC,CAAC;gBAC9F,CAAC;gBACD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;gBACrD,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC3B,MAAM,SAAS,GAAa,SAAS,CAAC;oBACtC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,aAAa,EAAE,CAAC,EAAE,CAAC;wBACnD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,4BAA4B,CAAC,CAAC;oBACvE,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACJ,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wCAAwC,CAAC,CAAC;gBACnF,CAAC;YACL,CAAC;YAED,sBAAsB;YACtB,mGAAmG;YACnG,MAAM,WAAW,GAAG;gBAChB,QAAQ;gBACR,SAAS;gBACT,aAAa,EAAE,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC;aAC/C,CAAC;YACF,MAAM,EAAE,GAAG,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,kBAAkB,CAAC,EAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,gBAAgB,EAAC,CAAC,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,GAAG,aAAa,GAAG,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YACzN,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;gBAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,GAAG,IAAI;gBACtC,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACrC,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE;oBAC7C,IAAI,EAAE,sBAAa,CAAC,aAAa;oBACjC,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;oBAC9B,QAAQ,EAAE,QAAQ;iBACrB,CAAC,CAAC;YACP,CAAC;YAED,6EAA6E;YAC7E,IAAI,OAAO,EAAE,CAAC;gBACV,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;gBACvC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,QAAQ,EAAE,CAAC,CAAC;gBACxC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;oBAC7B,QAAQ,CAAC,GAAG,CAAC,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;oBAC3D,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,EAAE,EAAE;wBAC7B,MAAM,EAAE,MAAM;wBACd,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;qBACjC,CAAC,CAAC;gBACP,CAAC;gBACD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACnI,CAAC;iBAAM,CAAC;gBACJ,MAAM,cAAc,GAAiB,EAAC,QAAQ,EAAE,GAAG,QAAQ,EAAE,EAAC,CAAC;gBAC/D,IAAI,cAAc;oBAAE,cAAc,CAAC,SAAS,GAAG,IAAI,CAAC;gBACpD,MAAM,iBAAiB,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,kBAAkB,CAAC,EAAC,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAC,CAAC,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC5N,OAAO,GAAG,CAAC,IAAI,CAAC;oBACZ,YAAY,EAAE,iBAAiB;oBAC/B,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;iBACrC,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,gDAAgD,CAAC,CAAC;QAC3F,CAAC;IACL,CAAC;CAAA;AAED,SAAgB,+BAA+B,CAAC,QAA6B;IACzE,OAAO,CAAO,GAAY,EAAE,GAAa,EAAE,EAAE;;QACzC,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QAEpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACD,iCAAiC;gBACjC,MAAM,EAAC,OAAO,EAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,YAAY,EAAE;oBACtE,MAAM,EAAE,QAAQ,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,IAAI,CAAC;oBACD,IAAI,CAAC,CAAC,MAAM,IAAA,uCAAkB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;wBACtD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,mCAAmC,CAAC,CAAC;oBAC9E,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;gBAC1D,CAAC;gBAED,IAAI,CAAC;oBACD,uGAAuG;oBACvG,MAAM,iBAAiB,GAAG,MAAM,IAAA,yCAAoB,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;oBAC1F,IAAI,iBAAiB,GAAG,QAAQ,CAAC,2BAA2B,EAAE,CAAC;wBAC3D,MAAM,cAAc,GAAiB;4BACjC,QAAQ,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE;4BAC/B,UAAU,EAAE,iBAAiB;yBAChC,CAAC;wBACF,IAAI,cAAc;4BAAE,cAAc,CAAC,SAAS,GAAG,IAAI,CAAC;wBACpD,MAAM,iBAAiB,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;6BAC3D,kBAAkB,CAAC,EAAC,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAC,CAAC;6BAChD,WAAW,EAAE;6BACb,SAAS,CAAC,GAAG,MAAA,qBAAY,CAAC,aAAa,CAAC,IAAI,0CAAE,MAAM,EAAE,CAAC;6BACvD,iBAAiB,CAAC,GAAG,iBAAiB,GAAG,CAAC;6BAC1C,IAAI,CAAC,UAAU,CAAC,CAAC;wBAEtB,OAAO,GAAG,CAAC,IAAI,CAAC;4BACZ,YAAY,EAAE,iBAAiB;4BAC/B,UAAU,EAAE,QAAQ;4BACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,UAAU,EAAE,iBAAiB;yBAChC,CAAC,CAAC;oBACP,CAAC;yBAAM,CAAC;wBACJ,4CAA4C;wBAC5C,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;wBAClC,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;wBACtE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;wBACvC,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,MAAM,IAAA,oCAAe,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;wBACzG,OAAO,MAAM,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,EAAE,aAAa,CAAC,CAAC;oBAC7H,CAAC;gBACL,CAAC;wBAAS,CAAC;oBACP,MAAM,IAAA,uCAAkB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC;gBACjD,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;YAClE,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QAClE,CAAC;IACL,CAAC,CAAA,CAAC;AACN,CAAC;AAED,SAAgB,yBAAyB,CAAC,WAAkC,EAAE,QAA6B;IACvG,wEAAwE;IACxE,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAM,YAAY,EAAC,EAAE;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,EAAE;YAC1D,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;SACtC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,OAAO,CAAC;IAC1B,CAAC,CAAA,CAAC,CAAC;AACP,CAAC;AAED,SAAsB,cAAc,CAAC,GAAY,EAAE,GAAa,EAAE,QAA6B;;QAC3F,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;YAElC,qCAAqC;YACrC,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,EAAE,CAAC,CAAC;YAC/C,MAAM,qBAAqB,GAAG,MAAM,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,EAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAE7K,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,qBAAqB,EAAE;gBAC9C,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;aACjC,CAAC,CAAC;YACH,MAAM,aAAa,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAC7F,GAAG,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;YACzC,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;YAEzC,qBAAqB;YACrB,MAAM,SAAS,GAAG,IAAA,4BAAqB,EAAC,EAAE,CAAC,CAAC;YAC5C,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;aACjC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAE5B,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxC,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,UAAU,oBAAoB,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC;YACnH,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACjC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEjC,wFAAwF;YACxF,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,oBAAoB,EAAE,CAAC;gBAC/C,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9B,CAAC;YAED,8CAA8C;YAC9C,IAAI,gBAAgB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAChC,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,GAAG,CAAC,KAAK,CAAC,cAAc,EAAE;oBACnD,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;iBACjC,CAAC,CAAC;YACP,CAAC;YAED,kBAAkB;YAClB,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,gBAAgB,IAAI,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,mBAAmB,CAAC,GAAY,EAAE,GAAa,EAAE,QAA6B;;QAChG,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;YAElC,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;gBACzC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACtC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAC/D,CAAC;iBAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;gBAC7D,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YACjC,CAAC;YAED,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAC9F,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC;YAE/E,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;YACvC,GAAG,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YAChC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACrC,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;YAC5C,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,UAAU,oBAAoB,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC;YAEnH,OAAO,MAAM,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAC7G,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,iBAAiB,CAAC,GAAY,EAAE,GAAa;;QAC/D,IAAI,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;gBAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBACnC,4CAA4C;gBAC5C,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,SAAS,EAAE,CAAC;oBAC5C,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;gBAC1D,CAAC;gBAED,GAAG,CAAC,GAAG,CAAC,0BAA0B,EAAE,kBAAkB,CAAC,CAAC;gBAExD,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,EAAE;oBAC3B,IAAI,EAAE,sBAAa,CAAC,aAAa;oBACjC,MAAM,EAAE,CAAC;oBACT,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;oBAC9B,QAAQ,EAAE,QAAQ;iBACrB,CAAC,CAAC;gBAEH,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,kBAAkB,IAAI,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACnE,CAAC;iBAAM,CAAC;gBACJ,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,qBAAY,CAAC,aAAa,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA"}
|
|
@@ -16,10 +16,9 @@ exports.getRefreshToken = getRefreshToken;
|
|
|
16
16
|
exports.setRefreshToken = setRefreshToken;
|
|
17
17
|
exports.getAccessTokenExpiry = getAccessTokenExpiry;
|
|
18
18
|
exports.setAccessTokenExpiry = setAccessTokenExpiry;
|
|
19
|
-
|
|
20
|
-
const mongodb_1 = require("mongodb");
|
|
19
|
+
const node_crypto_1 = require("node:crypto");
|
|
21
20
|
const lodash_1 = require("lodash");
|
|
22
|
-
const
|
|
21
|
+
const mongodb_1 = require("mongodb");
|
|
23
22
|
const config_1 = require("../config");
|
|
24
23
|
const util_1 = require("../util");
|
|
25
24
|
let lockCollection;
|
|
@@ -62,10 +61,10 @@ function initRefreshManager() {
|
|
|
62
61
|
}
|
|
63
62
|
const hasLockExpiryIndex = yield lockCollection.indexExists("lockExpiry");
|
|
64
63
|
if (!hasLockExpiryIndex) {
|
|
65
|
-
yield lockCollection.createIndex({
|
|
64
|
+
yield lockCollection.createIndex({ expireAt: 1 }, { name: "lockExpiry", expireAfterSeconds: 0 });
|
|
66
65
|
util_1.logger.info("Created expiry index for lockSession collection");
|
|
67
66
|
}
|
|
68
|
-
for (
|
|
67
|
+
for (const coll of [refreshTokenCollection, accessTokenLifeTimesCollection]) {
|
|
69
68
|
const hasUserSessionIndex = yield coll.indexExists("userSession");
|
|
70
69
|
if (!hasUserSessionIndex) {
|
|
71
70
|
yield coll.createIndex({ username: 1, sessionid: 1 }, { name: "userSession", unique: true });
|
|
@@ -73,7 +72,7 @@ function initRefreshManager() {
|
|
|
73
72
|
}
|
|
74
73
|
const hasExpiryIndex = yield coll.indexExists("expiryIndex");
|
|
75
74
|
if (!hasExpiryIndex) {
|
|
76
|
-
yield coll.createIndex({
|
|
75
|
+
yield coll.createIndex({ expireAt: 1 }, { name: "expiryIndex", expireAfterSeconds: 0 });
|
|
77
76
|
util_1.logger.info(`Created index adding TTL for collection ${coll.collectionName}`);
|
|
78
77
|
}
|
|
79
78
|
}
|
|
@@ -138,12 +137,15 @@ function releaseRefreshLock(sessionid) {
|
|
|
138
137
|
function getRefreshToken(username, sessionid, symmKey) {
|
|
139
138
|
return __awaiter(this, void 0, void 0, function* () {
|
|
140
139
|
try {
|
|
141
|
-
|
|
140
|
+
const record = yield refreshTokenCollection.findOne({
|
|
141
|
+
username,
|
|
142
|
+
sessionid
|
|
143
|
+
});
|
|
142
144
|
if ((record === null || record === void 0 ? void 0 : record.expireAt) < Date.now()) {
|
|
143
145
|
// An already expired token that MongoDB hasn't clear out yet
|
|
144
146
|
return;
|
|
145
147
|
}
|
|
146
|
-
|
|
148
|
+
const decipher = (0, node_crypto_1.createDecipheriv)("aes-256-cbc", symmKey, record === null || record === void 0 ? void 0 : record.iv.buffer);
|
|
147
149
|
let decrypted = decipher.update(record === null || record === void 0 ? void 0 : record.refreshToken, "hex", "utf8");
|
|
148
150
|
decrypted += decipher.final("utf8");
|
|
149
151
|
return decrypted;
|
|
@@ -160,15 +162,17 @@ function setRefreshToken(username, sessionid, refreshToken, symmKey, expiresIn)
|
|
|
160
162
|
return __awaiter(this, void 0, void 0, function* () {
|
|
161
163
|
try {
|
|
162
164
|
// Encrypt the token so gaining access to mongo isn't enough to steal the refresh token
|
|
163
|
-
const iv = (0,
|
|
164
|
-
const cipher = (0,
|
|
165
|
-
const encrypted = cipher.update(refreshToken, "utf8", "hex") + cipher.final(
|
|
165
|
+
const iv = (0, node_crypto_1.randomBytes)(16);
|
|
166
|
+
const cipher = (0, node_crypto_1.createCipheriv)("aes-256-cbc", symmKey, iv);
|
|
167
|
+
const encrypted = cipher.update(refreshToken, "utf8", "hex") + cipher.final("hex");
|
|
166
168
|
const expireAt = new Date(Date.now() + expiresIn * 1000);
|
|
167
|
-
const updateResult = yield refreshTokenCollection.updateOne({ username, sessionid }, {
|
|
169
|
+
const updateResult = yield refreshTokenCollection.updateOne({ username, sessionid }, {
|
|
170
|
+
$set: {
|
|
168
171
|
expireAt,
|
|
169
172
|
refreshToken: encrypted,
|
|
170
173
|
iv: new mongodb_1.Binary(iv)
|
|
171
|
-
}
|
|
174
|
+
}
|
|
175
|
+
}, { upsert: true });
|
|
172
176
|
return updateResult.acknowledged;
|
|
173
177
|
}
|
|
174
178
|
catch (e) {
|
|
@@ -181,7 +185,10 @@ function getAccessTokenExpiry(username, sessionid) {
|
|
|
181
185
|
return __awaiter(this, void 0, void 0, function* () {
|
|
182
186
|
try {
|
|
183
187
|
// Lookup record in MongoDB using key
|
|
184
|
-
|
|
188
|
+
const record = yield accessTokenLifeTimesCollection.findOne({
|
|
189
|
+
username,
|
|
190
|
+
sessionid
|
|
191
|
+
});
|
|
185
192
|
// Calculate expiry by subtracting the current time from stored key's expiry time
|
|
186
193
|
const remaining = (0, lodash_1.floor)(((record === null || record === void 0 ? void 0 : record.expireAt.getTime()) - Date.now()) / 1000);
|
|
187
194
|
if (remaining > 0) {
|
|
@@ -210,14 +217,4 @@ function setAccessTokenExpiry(username, sessionid, expiresIn) {
|
|
|
210
217
|
}
|
|
211
218
|
});
|
|
212
219
|
}
|
|
213
|
-
function clearTokens(username, sessionid) {
|
|
214
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
215
|
-
yield Promise.all([
|
|
216
|
-
accessTokenLifeTimesCollection.deleteOne({ username, sessionid })
|
|
217
|
-
.catch(e => util_1.logger.error(e)),
|
|
218
|
-
refreshTokenCollection.deleteOne({ username, sessionid })
|
|
219
|
-
.catch(e => util_1.logger.error(e))
|
|
220
|
-
]);
|
|
221
|
-
});
|
|
222
|
-
}
|
|
223
220
|
//# sourceMappingURL=oidcRefreshManager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidcRefreshManager.js","sourceRoot":"","sources":["../../src/auth/oidcRefreshManager.ts"],"names":[],"mappings":";;;;;;;;;;;AAWA,
|
|
1
|
+
{"version":3,"file":"oidcRefreshManager.js","sourceRoot":"","sources":["../../src/auth/oidcRefreshManager.ts"],"names":[],"mappings":";;;;;;;;;;;AAWA,gDAwDC;AAOD,gDA8BC;AAED,gDASC;AAID,0CAqBC;AAID,0CAwBC;AAED,oDAmBC;AAED,oDASC;AAxMD,6CAA0E;AAC1E,mCAA6B;AAC7B,qCAA6D;AAE7D,sCAAuC;AACvC,kCAA+B;AAE/B,IAAI,cAA0B,CAAC;AAC/B,IAAI,sBAAkC,CAAC;AACvC,IAAI,8BAA0C,CAAC;AAE/C,SAAsB,kBAAkB;;QACpC,IAAI,CAAC;YACD,4EAA4E;YAC5E,wCAAwC;YACxC,MAAM,MAAM,GAAG,MAAM,qBAAW,CAAC,OAAO,CAAC,qBAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpE,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC,qBAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAEzD,iFAAiF;YACjF,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAC,IAAI,EAAE,WAAW,EAAC,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC/E,aAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;gBAC9C,cAAc,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC5D,CAAC;iBAAM,CAAC;gBACJ,cAAc,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YACtD,CAAC;YACD,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAC,IAAI,EAAE,eAAe,EAAC,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBACnF,aAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;gBAClD,sBAAsB,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;YACxE,CAAC;iBAAM,CAAC;gBACJ,sBAAsB,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAC,IAAI,EAAE,sBAAsB,EAAC,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC1F,aAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;gBAC5D,8BAA8B,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;YACvF,CAAC;iBAAM,CAAC;gBACJ,8BAA8B,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;YACjF,CAAC;YAED,iBAAiB;YACjB,MAAM,mBAAmB,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;YAC5E,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACvB,MAAM,cAAc,CAAC,WAAW,CAAC,EAAC,SAAS,EAAE,CAAC,EAAC,EAAE,EAAC,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;gBACtF,aAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;YACpE,CAAC;YACD,MAAM,kBAAkB,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YAC1E,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACtB,MAAM,cAAc,CAAC,WAAW,CAAC,EAAC,QAAQ,EAAE,CAAC,EAAC,EAAE,EAAC,IAAI,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAC,EAAC,CAAC,CAAC;gBAC7F,aAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YACnE,CAAC;YACD,KAAK,MAAM,IAAI,IAAI,CAAC,sBAAsB,EAAE,8BAA8B,CAAC,EAAE,CAAC;gBAC1E,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;gBAClE,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBACvB,MAAM,IAAI,CAAC,WAAW,CAAC,EAAC,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAC,EAAE,EAAC,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;oBACzF,aAAM,CAAC,IAAI,CAAC,iDAAiD,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;gBACxF,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;gBAC7D,IAAI,CAAC,cAAc,EAAE,CAAC;oBAClB,MAAM,IAAI,CAAC,WAAW,CAAC,EAAC,QAAQ,EAAE,CAAC,EAAC,EAAE,EAAC,IAAI,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC,EAAC,CAAC,CAAC;oBACpF,aAAM,CAAC,IAAI,CAAC,2CAA2C,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;gBAClF,CAAC;YACL,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC/C,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACL,CAAC;CAAA;AAED;;;;EAIE;AACF,SAAsB,kBAAkB;yDAAC,SAAS,EAAE,SAAS,EAAE,UAAU,GAAG,EAAE,EAAE,gBAAgB,GAAG,GAAG;QAClG,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC;QAEzD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC;gBACD,0EAA0E;gBAC1E,8BAA8B;gBAC9B,MAAM,cAAc,CAAC,UAAU,CAAC,EAAC,QAAQ,EAAE,EAAC,GAAG,EAAE,IAAI,IAAI,EAAE,EAAC,EAAC,CAAC,CAAC;gBAE/D,MAAM,cAAc,CAAC,SAAS,CAAC;oBAC3B,SAAS;oBACT,QAAQ;iBACX,CAAC,CAAC;gBAEH,2DAA2D;gBAC3D,OAAO,IAAI,CAAC;YAChB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAI,CAAC,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;oBACnB,iFAAiF;oBACjF,aAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBACtB,CAAC;YACL,CAAC;YACD,wDAAwD;YACxD,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE;gBACxB,UAAU,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;QACP,CAAC;QAED,oDAAoD;QACpD,OAAO,KAAK,CAAC;IACjB,CAAC;CAAA;AAED,SAAsB,kBAAkB,CAAC,SAAS;;QAC9C,6BAA6B;QAC7B,IAAI,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,EAAC,SAAS,EAAC,CAAC,CAAC;YACjE,OAAO,YAAY,CAAC,YAAY,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CAAA;AAED,4EAA4E;AAC5E,8BAA8B;AAC9B,SAAsB,eAAe,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO;;QAC9D,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC;gBAChD,QAAQ;gBACR,SAAS;aACZ,CAAC,CAAC;YAEH,IAAI,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,IAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAChC,6DAA6D;gBAC7D,OAAO;YACX,CAAC;YAED,MAAM,QAAQ,GAAG,IAAA,8BAAgB,EAAC,aAAa,EAAE,OAAO,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,EAAE,CAAC,MAAM,CAAC,CAAC;YAC7E,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACrE,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAEpC,OAAO,SAAS,CAAC;QACrB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO;QACX,CAAC;IACL,CAAC;CAAA;AAED,4EAA4E;AAC5E,8BAA8B;AAC9B,SAAsB,eAAe,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS;;QACvF,IAAI,CAAC;YACD,uFAAuF;YACvF,MAAM,EAAE,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC;YAC3B,MAAM,MAAM,GAAG,IAAA,4BAAc,EAAC,aAAa,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;YAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAEnF,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC;YACzD,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,SAAS,CACvD,EAAC,QAAQ,EAAE,SAAS,EAAC,EACrB;gBACI,IAAI,EAAE;oBACF,QAAQ;oBACR,YAAY,EAAE,SAAS;oBACvB,EAAE,EAAE,IAAI,gBAAM,CAAC,EAAE,CAAC;iBACrB;aACJ,EACD,EAAC,MAAM,EAAE,IAAI,EAAC,CACjB,CAAC;YACF,OAAO,YAAY,CAAC,YAAY,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,oBAAoB,CAAC,QAAQ,EAAE,SAAS;;QAC1D,IAAI,CAAC;YACD,qCAAqC;YACrC,MAAM,MAAM,GAAG,MAAM,8BAA8B,CAAC,OAAO,CAAC;gBACxD,QAAQ;gBACR,SAAS;aACZ,CAAC,CAAC;YACH,iFAAiF;YACjF,MAAM,SAAS,GAAG,IAAA,cAAK,EAAC,CAAC,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,CAAC,OAAO,EAAE,IAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;YAC1E,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;gBAChB,OAAO,SAAS,CAAC;YACrB,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,6DAA6D;YAC7D,OAAO,CAAC,CAAC;QACb,CAAC;QACD,6DAA6D;QAC7D,OAAO,CAAC,CAAC;IACb,CAAC;CAAA;AAED,SAAsB,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS;;QACrE,IAAI,CAAC;YACD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC;YACzD,MAAM,YAAY,GAAG,MAAM,8BAA8B,CAAC,SAAS,CAAC,EAAC,QAAQ,EAAE,SAAS,EAAC,EAAE,EAAC,IAAI,EAAE,EAAC,QAAQ,EAAC,EAAC,EAAE,EAAC,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;YAC/H,OAAO,YAAY,CAAC,YAAY,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CAAA"}
|
package/dist/auth/pam.js
CHANGED
|
@@ -1,29 +1,32 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.getPamLoginHandler = getPamLoginHandler;
|
|
4
|
-
const local_1 = require("./local");
|
|
5
4
|
const util_1 = require("../util");
|
|
6
|
-
const
|
|
5
|
+
const local_1 = require("./local");
|
|
7
6
|
function getPamLoginHandler(authConf) {
|
|
8
7
|
const { pamAuthenticate } = require("node-linux-pam");
|
|
9
8
|
return (req, res) => {
|
|
10
9
|
var _a, _b;
|
|
11
|
-
|
|
10
|
+
const username = (_a = req.body) === null || _a === void 0 ? void 0 : _a.username;
|
|
12
11
|
const password = (_b = req.body) === null || _b === void 0 ? void 0 : _b.password;
|
|
13
12
|
if (!username || !password) {
|
|
14
13
|
return res.status(400).json({ statusCode: 400, message: "Malformed login request" });
|
|
15
14
|
}
|
|
16
15
|
pamAuthenticate({ username, password }, (err, code) => {
|
|
17
16
|
if (err) {
|
|
18
|
-
return res.status(403).json({
|
|
17
|
+
return res.status(403).json({
|
|
18
|
+
statusCode: 403,
|
|
19
|
+
message: "Invalid username/password combo"
|
|
20
|
+
});
|
|
19
21
|
}
|
|
20
22
|
else {
|
|
21
23
|
try {
|
|
22
24
|
const uid = (0, util_1.getUserId)(username);
|
|
23
|
-
|
|
25
|
+
util_1.logger.info(`Authenticated as user ${username} with uid ${uid} using PAM`);
|
|
24
26
|
return (0, local_1.addTokensToResponse)(res, authConf, username);
|
|
25
27
|
}
|
|
26
28
|
catch (e) {
|
|
29
|
+
util_1.logger.debug(`A PAM-related error occurred: ${e} (code ${code})`);
|
|
27
30
|
return res.status(403).json({ statusCode: 403, message: "User does not exist" });
|
|
28
31
|
}
|
|
29
32
|
}
|
package/dist/auth/pam.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pam.js","sourceRoot":"","sources":["../../src/auth/pam.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"pam.js","sourceRoot":"","sources":["../../src/auth/pam.ts"],"names":[],"mappings":";;AAKA,gDA6BC;AAhCD,kCAA0C;AAC1C,mCAA4C;AAE5C,SAAgB,kBAAkB,CAAC,QAA8B;IAC7D,MAAM,EAAC,eAAe,EAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;;QACnC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;QACvF,CAAC;QAED,eAAe,CAAC,EAAC,QAAQ,EAAE,QAAQ,EAAC,EAAE,CAAC,GAAmB,EAAE,IAAY,EAAE,EAAE;YACxE,IAAI,GAAG,EAAE,CAAC;gBACN,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACxB,UAAU,EAAE,GAAG;oBACf,OAAO,EAAE,iCAAiC;iBAC7C,CAAC,CAAC;YACP,CAAC;iBAAM,CAAC;gBACJ,IAAI,CAAC;oBACD,MAAM,GAAG,GAAG,IAAA,gBAAS,EAAC,QAAQ,CAAC,CAAC;oBAChC,aAAM,CAAC,IAAI,CAAC,yBAAyB,QAAQ,aAAa,GAAG,YAAY,CAAC,CAAC;oBAC3E,OAAO,IAAA,2BAAmB,EAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBACxD,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACT,aAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;oBAClE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;gBACnF,CAAC;YACL,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC"}
|