couchloop-eq-mcp 1.0.4 → 1.0.5

package/dist/server/oauth/refreshTokenRotation.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"refreshTokenRotation.js","sourceRoot":"","sources":["../../../src/server/oauth/refreshTokenRotation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,GAAG,MAAM,cAAc,CAAC;AA+B/B;;GAEG;AACH,MAAM,CAAN,IAAY,aAKX;AALD,WAAY,aAAa;IACvB,gDAA+B,CAAA;IAC/B,8DAA6C,CAAA;IAC7C,wDAAuC,CAAA;IACvC,4DAA2C,CAAA;AAC7C,CAAC,EALW,aAAa,KAAb,aAAa,QAKxB;AAED;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IACtB,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;IACtC,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAC,CAAC,aAAa;IACjF,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,SAAS,CAAC,CAAC,CAAC,UAAU;IACpF,kBAAkB,GAAG,GAAG,CAAC,CAAC,4BAA4B;IACtD,sBAAsB,GAAG,IAAI,CAAC,CAAC,yBAAyB;IAEzE;;OAEG;IACH,KAAK,CAAC,iBAAiB,CACrB,MAAc,EACd,QAAgB,EAChB,QAAkC;QAElC,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACjD,MAAM,gBAAgB,GAAG,eAAe,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAEjE,MAAM,MAAM,GAAgB;YAC1B,QAAQ;YACR,gBAAgB,EAAE,gBAAgB;YAClC,mBAAmB,EAAE,EAAE;YACvB,MAAM;YACN,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,WAAW,EAAE,IAAI,IAAI,EAAE;YACvB,aAAa,EAAE,CAAC;YAChB,QAAQ;SACT,CAAC;QAEF,sCAAsC;QACtC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAEpD,wBAAwB;QACxB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAErE,MAAM,CAAC,IAAI,CAAC,4BAA4B,QAAQ,aAAa,MAAM,EAAE,CAAC,CAAC;QAEvE,OAAO;YACL,WAAW;YACX,YAAY;YACZ,SAAS,EAAE,IAAI,CAAC,gBAAgB;YAChC,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,kBAAkB,CACtB,eAAuB,EACvB,QAAkC;QAElC,MAAM,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAEhE,oBAAoB;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QAExD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,KAAK,CAAC,mCAAmC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YACnE,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QAED,oDAAoD;QACpD,IAAI,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,yCAAyC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YACxE,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,yCAAyC;QACzC,IAAI,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,mDAAmD,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YAClF,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;QACzE,CAAC;QAED,sBAAsB;QACtB,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACpD,MAAM,mBAAmB,GAAG,eAAe,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QACvE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEtF,sBAAsB;QACtB,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QACzD,MAAM,CAAC,gBAAgB,GAAG,mBAAmB,CAAC;QAC9C,MAAM,CAAC,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;QAChC,MAAM,CAAC,aAAa,EAAE,CAAC;QAEvB,uDAAuD;QACvD,IAAI,MAAM,CAAC,mBAAmB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC3C,MAAM,CAAC,mBAAmB,GAAG,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,QAAQ,GAAG,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,GAAG,QAAQ,EAAE,CAAC;QACxD,CAAC;QAED,kBAAkB;QAClB,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QAEvE,MAAM,CAAC,IAAI,CAAC,oCAAoC,MAAM,CAAC,QAAQ,eAAe,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC;QAEtG,OAAO;YACL,WAAW,EAAE,cAAc;YAC3B,YAAY,EAAE,eAAe;YAC7B,SAAS,EAAE,IAAI,CAAC,gBAAgB;YAChC,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,aAAa,CAAC,MAAmB,EAAE,SAAiB;QAChE,yBAAyB;QACzB,IAAI,SAAS,KAAK,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,+DAA+D;QAC/D,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACpE,IAAI,iBAAiB,GAAG,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACpD,MAAM,YAAY,GAAG,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACvF,IAAI,SAAS,KAAK,YAAY,EAAE,CAAC;gBAC/B,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;gBACxD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,OAAO,MAAM,CAAC,mBAAmB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACxD,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,gBAAgB,CAAC,MAAmB;QAChD,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,QAAgB;QACtC,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEhD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;QACT,CAAC;QAED,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QAEnB,uCAAuC;QACvC,MAAM,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC;aACzB,GAAG,CAAC;YACH,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,gBAAgB,EAAE,gBAAgB;SACnC,CAAC;aACD,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC;QAElD,qBAAqB;QACrB,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEpC,MAAM,CAAC,IAAI,CAAC,wBAAwB,QAAQ,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1E,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC1E,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,mBAAmB,CAAC,MAAc;QACtC,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QAEnB,oBAAoB;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC;aACzB,GAAG,CAAC;YACH,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,gBAAgB,EAAE,kBAAkB;SACrC,CAAC;aACD,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QAEzC,qBAAqB;QACrB,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9D,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC7B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,+BAA+B,MAAM,EAAE,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAAC,SAAiB;QAC7C,2BAA2B;QAC3B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;YACjD,IAAI,MAAM,CAAC,gBAAgB,KAAK,SAAS;gBACrC,MAAM,CAAC,mBAAmB,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACnD,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,iBAAiB;QACjB,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE;aAC7B,IAAI,CAAC,WAAW,CAAC;aACjB,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,WAAW,CAAC,gBAAgB,EAAE,SAAS,CAAC,EAC3C,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAC9B,CACF;aACA,KAAK,CAAC,CAAC,CAAC,CAAC;QAEZ,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mCAAmC;QACnC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAExB,yBAAyB;QACzB,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,gBAAgB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YACjF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAgB;YAC1B,QAAQ,EAAE,KAAK,CAAC,aAAa;YAC7B,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,mBAAmB,EAAE,EAAE,EAAE,6CAA6C;YACtE,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,CAAC,SAAS;YAC5B,aAAa,EAAE,CAAC;YAChB,QAAQ,EAAE;gBACR,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS;gBACvC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS;aACxC;SACF,CAAC;QAEF,kBAAkB;QAClB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEhD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,wBAAwB,CAC9B,MAAmB,EACnB,WAAqC;QAErC,6CAA6C;QAC7C,MAAM,qBAAqB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACxE,IAAI,qBAAqB,GAAG,KAAK,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,uBAAuB;QACvB,IAAI,WAAW,EAAE,SAAS;YACtB,MAAM,CAAC,QAAQ,EAAE,SAAS;YAC1B,WAAW,CAAC,SAAS,KAAK,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mBAAmB;QACnB,IAAI,WAAW,EAAE,QAAQ;YACrB,MAAM,CAAC,QAAQ,EAAE,QAAQ;YACzB,WAAW,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,oBAAoB;QAC1B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,QAAgB;QAChE,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,MAAM;YACX,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,QAAQ;YACpB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAClC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,gBAAgB;SAC3D,CAAC;QAEF,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,iCAAiC,CAAC;QAC3E,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAC9B,MAAmB,EACnB,YAAoB;QAEpB,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QACnB,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAExE,MAAM,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC;aACzB,MAAM,CAAC;YACN,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,aAAa,EAAE,MAAM,CAAC,QAAQ;YAC9B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,qBAAqB,EAAE,cAAc,CAAC,SAAS;YAC/C,eAAe,EAAE,EAAE,EAAE,yBAAyB;YAC9C,oBAAoB,EAAE,EAAE,EAAE,yBAAyB;YACnD,KAAK,EAAE,SAAS;YAChB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;YAC/D,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS;YACrC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS;SACtC,CAAC,CAAC;IACP,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,MAAmB,EACnB,eAAuB,EACvB,eAAuB;QAEvB,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QACnB,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QAC3E,MAAM,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAEhE,4BAA4B;QAC5B,MAAM,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC;aACzB,GAAG,CAAC;YACH,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,gBAAgB,EAAE,SAAS;SAC5B,CAAC;aACD,KAAK,CAAC,EAAE,CAAC,WAAW,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC,CAAC;QAEzD,mBAAmB;QACnB,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,KAAoB,EACpB,MAAmB;QAEnB,MAAM,CAAC,IAAI,CAAC,mBAAmB,KAAK,eAAe,MAAM,CAAC,QAAQ,UAAU,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7F,2BAA2B;IAC7B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAAC,MAAmB;QAClD,oCAAoC;QACpC,MAAM,CAAC,KAAK,CAAC,iDAAiD,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACjF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB;QAC1B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;QAEzE,MAAM,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC;aACzB,GAAG,CAAC;YACH,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,gBAAgB,EAAE,SAAS;SAC5B,CAAC;aACD,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,EAC/B,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,WAAW,CAAC,CACvC,CACF,CAAC;QAEJ,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACpD,CAAC;CACF;AAED,4BAA4B;AAC5B,MAAM,CAAC,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,EAAE,CAAC"}

package/dist/server/oauth/security.d.ts

@@ -1,101 +0,0 @@
-/**
- * State data for CSRF protection
- */
-export interface StateData {
-    clientId: string;
-    redirectUri: string;
-    nonce: string;
-    scope?: string;
-    codeChallenge?: string;
-    codeChallengeMethod?: 'S256' | 'plain';
-    createdAt: Date;
-    expiresAt: Date;
-    ipAddress?: string;
-    userAgent?: string;
-    fingerprint?: string;
-}
-/**
- * OAuth Security Manager
- * Handles CSRF protection, state management, and nonce generation
- */
-export declare class OAuthSecurity {
-    private stateStore;
-    private usedNonces;
-    private readonly STATE_TTL;
-    private readonly NONCE_TTL;
-    /**
-     * Generate a secure state token with embedded data
-     * Uses JWT for tamper-proof state management
-     */
-    generateStateToken(data: Omit<StateData, 'createdAt' | 'expiresAt'>): Promise<string>;
-    /**
-     * Validate state token and extract data
-     * Prevents CSRF attacks by ensuring state matches
-     */
-    validateState(token: string): Promise<StateData | null>;
-    /**
-     * Generate cryptographically secure nonce
-     * Used for OpenID Connect flows
-     */
-    generateNonce(): string;
-    /**
-     * Validate nonce hasn't been used before
-     */
-    validateNonce(nonce: string): boolean;
-    /**
-     * Generate browser fingerprint for additional security
-     * Combines multiple browser characteristics
-     */
-    generateFingerprint(req: any): string;
-    /**
-     * Validate request fingerprint matches stored one
-     */
-    validateFingerprint(stored: string | undefined, current: string): boolean;
-    /**
-     * Clean up expired states to prevent memory leak
-     */
-    private cleanupExpiredStates;
-    /**
-     * Clean up old nonces to prevent memory leak
-     */
-    private cleanupOldNonces;
-    /**
-     * Validate redirect URI against whitelist
-     * Prevents open redirect vulnerabilities
-     */
-    validateRedirectUri(uri: string, clientId: string): boolean;
-    /**
-     * Get allowed redirect URIs for a client
-     * In production, this should query from database
-     */
-    private getAllowedRedirectUris;
-    /**
-     * Validate authorization request parameters
-     * Comprehensive validation for security
-     */
-    validateAuthorizationRequest(params: {
-        response_type: string;
-        client_id: string;
-        redirect_uri: string;
-        scope?: string;
-        state?: string;
-        code_challenge?: string;
-        code_challenge_method?: string;
-    }): {
-        valid: boolean;
-        error?: string;
-    };
-    /**
-     * Get statistics about stored states
-     */
-    getStats(): {
-        states: number;
-        nonces: number;
-    };
-    /**
-     * Clear all states and nonces (for testing)
-     */
-    clearAll(): void;
-}
-export declare const oauthSecurity: OAuthSecurity;
-//# sourceMappingURL=security.d.ts.map

package/dist/server/oauth/security.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/security.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,mBAAmB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IACvC,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,UAAU,CAAqB;IACvC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAkB;IAC5C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAkB;IAE5C;;;OAGG;IACG,kBAAkB,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE,WAAW,GAAG,WAAW,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IAkC3F;;;OAGG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IA2C7D;;;OAGG;IACH,aAAa,IAAI,MAAM;IAcvB;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAYrC;;;OAGG;IACH,mBAAmB,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM;IAgBrC;;OAEG;IACH,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO;IAczE;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAgB5B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAUxB;;;OAGG;IACH,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO;IAa3D;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAM9B;;;OAGG;IACH,4BAA4B,CAAC,MAAM,EAAE;QACnC,aAAa,EAAE,MAAM,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,qBAAqB,CAAC,EAAE,MAAM,CAAC;KAChC,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IA4DtC;;OAEG;IACH,QAAQ,IAAI;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE;IAS9C;;OAEG;IACH,QAAQ,IAAI,IAAI;CAKjB;AAGD,eAAO,MAAM,aAAa,eAAsB,CAAC"}

package/dist/server/oauth/security.js

@@ -1,268 +0,0 @@
-import { randomBytes, createHash } from 'crypto';
-import { SignJWT, jwtVerify } from 'jose';
-import { logger } from '../../utils/logger.js';
-/**
- * OAuth Security Manager
- * Handles CSRF protection, state management, and nonce generation
- */
-export class OAuthSecurity {
-    stateStore = new Map();
-    usedNonces = new Set();
-    STATE_TTL = 10 * 60 * 1000; // 10 minutes
-    NONCE_TTL = 60 * 60 * 1000; // 1 hour
-    /**
-     * Generate a secure state token with embedded data
-     * Uses JWT for tamper-proof state management
-     */
-    async generateStateToken(data) {
-        const stateId = randomBytes(16).toString('base64url');
-        const now = new Date();
-        const expiresAt = new Date(now.getTime() + this.STATE_TTL);
-        const stateData = {
-            ...data,
-            createdAt: now,
-            expiresAt,
-        };
-        // Store in memory for quick validation
-        this.stateStore.set(stateId, stateData);
-        // Create JWT with state data
-        const secret = new TextEncoder().encode(process.env.STATE_SECRET || 'dev-state-secret-change-in-production');
-        const jwt = await new SignJWT({
-            sid: stateId,
-            cid: data.clientId,
-            ruri: data.redirectUri,
-            nonce: data.nonce,
-            iat: Math.floor(now.getTime() / 1000),
-            exp: Math.floor(expiresAt.getTime() / 1000),
-        })
-            .setProtectedHeader({ alg: 'HS256' })
-            .setIssuedAt()
-            .setExpirationTime('10m')
-            .sign(secret);
-        logger.debug(`Generated state token for client ${data.clientId}`);
-        return jwt;
-    }
-    /**
-     * Validate state token and extract data
-     * Prevents CSRF attacks by ensuring state matches
-     */
-    async validateState(token) {
-        try {
-            const secret = new TextEncoder().encode(process.env.STATE_SECRET || 'dev-state-secret-change-in-production');
-            // Verify JWT signature and expiration
-            const { payload } = await jwtVerify(token, secret, {
-                algorithms: ['HS256'],
-            });
-            const stateId = payload.sid;
-            const stateData = this.stateStore.get(stateId);
-            if (!stateData) {
-                logger.warn(`State data not found for ID ${stateId}`);
-                return null;
-            }
-            // Check expiration
-            if (new Date() > stateData.expiresAt) {
-                logger.warn(`State token expired for ID ${stateId}`);
-                this.stateStore.delete(stateId);
-                return null;
-            }
-            // Validate data consistency
-            if (stateData.clientId !== payload.cid ||
-                stateData.redirectUri !== payload.ruri ||
-                stateData.nonce !== payload.nonce) {
-                logger.error('State data mismatch - possible tampering detected');
-                return null;
-            }
-            // Remove used state to prevent replay
-            this.stateStore.delete(stateId);
-            logger.info(`State validation successful for client ${stateData.clientId}`);
-            return stateData;
-        }
-        catch (error) {
-            logger.error('State validation failed:', error);
-            return null;
-        }
-    }
-    /**
-     * Generate cryptographically secure nonce
-     * Used for OpenID Connect flows
-     */
-    generateNonce() {
-        const nonce = randomBytes(16).toString('base64url');
-        const nonceHash = createHash('sha256').update(nonce).digest('hex');
-        // Store nonce hash to prevent replay
-        this.usedNonces.add(nonceHash);
-        // Clean old nonces periodically
-        this.cleanupOldNonces();
-        logger.debug('Generated new nonce');
-        return nonce;
-    }
-    /**
-     * Validate nonce hasn't been used before
-     */
-    validateNonce(nonce) {
-        const nonceHash = createHash('sha256').update(nonce).digest('hex');
-        if (this.usedNonces.has(nonceHash)) {
-            logger.warn('Nonce replay detected');
-            return false;
-        }
-        this.usedNonces.add(nonceHash);
-        return true;
-    }
-    /**
-     * Generate browser fingerprint for additional security
-     * Combines multiple browser characteristics
-     */
-    generateFingerprint(req) {
-        const components = [
-            req.headers['user-agent'] || '',
-            req.headers['accept-language'] || '',
-            req.headers['accept-encoding'] || '',
-            req.ip || req.connection.remoteAddress || '',
-        ];
-        const fingerprint = createHash('sha256')
-            .update(components.join('|'))
-            .digest('base64url');
-        logger.debug('Generated browser fingerprint');
-        return fingerprint;
-    }
-    /**
-     * Validate request fingerprint matches stored one
-     */
-    validateFingerprint(stored, current) {
-        if (!stored) {
-            return true; // No fingerprint stored, skip validation
-        }
-        const isValid = stored === current;
-        if (!isValid) {
-            logger.warn('Browser fingerprint mismatch - possible session hijacking');
-        }
-        return isValid;
-    }
-    /**
-     * Clean up expired states to prevent memory leak
-     */
-    cleanupExpiredStates() {
-        const now = new Date();
-        let cleaned = 0;
-        for (const [id, state] of this.stateStore.entries()) {
-            if (now > state.expiresAt) {
-                this.stateStore.delete(id);
-                cleaned++;
-            }
-        }
-        if (cleaned > 0) {
-            logger.debug(`Cleaned up ${cleaned} expired states`);
-        }
-    }
-    /**
-     * Clean up old nonces to prevent memory leak
-     */
-    cleanupOldNonces() {
-        // Keep only last 1000 nonces
-        if (this.usedNonces.size > 1000) {
-            const toKeep = Array.from(this.usedNonces).slice(-500);
-            this.usedNonces.clear();
-            toKeep.forEach(nonce => this.usedNonces.add(nonce));
-            logger.debug('Cleaned up old nonces');
-        }
-    }
-    /**
-     * Validate redirect URI against whitelist
-     * Prevents open redirect vulnerabilities
-     */
-    validateRedirectUri(uri, clientId) {
-        const allowedUris = this.getAllowedRedirectUris(clientId);
-        // Exact match required (OAuth 2.1 requirement)
-        const isValid = allowedUris.includes(uri);
-        if (!isValid) {
-            logger.error(`Invalid redirect URI: ${uri} for client ${clientId}`);
-        }
-        return isValid;
-    }
-    /**
-     * Get allowed redirect URIs for a client
-     * In production, this should query from database
-     */
-    getAllowedRedirectUris(clientId) {
-        // TODO: Fetch from database based on clientId
-        const uris = process.env[`${clientId.toUpperCase()}_REDIRECT_URIS`];
-        return uris ? uris.split(',') : [];
-    }
-    /**
-     * Validate authorization request parameters
-     * Comprehensive validation for security
-     */
-    validateAuthorizationRequest(params) {
-        // Response type must be 'code' (OAuth 2.1 - no implicit flow)
-        if (params.response_type !== 'code') {
-            return {
-                valid: false,
-                error: 'Invalid response_type. Only "code" is supported'
-            };
-        }
-        // Client ID required
-        if (!params.client_id) {
-            return {
-                valid: false,
-                error: 'Missing client_id'
-            };
-        }
-        // Redirect URI required and must be valid
-        if (!params.redirect_uri) {
-            return {
-                valid: false,
-                error: 'Missing redirect_uri'
-            };
-        }
-        if (!this.validateRedirectUri(params.redirect_uri, params.client_id)) {
-            return {
-                valid: false,
-                error: 'Invalid redirect_uri'
-            };
-        }
-        // State parameter required (CSRF protection)
-        if (!params.state) {
-            return {
-                valid: false,
-                error: 'Missing state parameter'
-            };
-        }
-        // PKCE required for all clients (OAuth 2.1)
-        if (!params.code_challenge) {
-            return {
-                valid: false,
-                error: 'Missing code_challenge (PKCE required)'
-            };
-        }
-        // S256 method required (plain is deprecated)
-        if (params.code_challenge_method && params.code_challenge_method !== 'S256') {
-            return {
-                valid: false,
-                error: 'Invalid code_challenge_method. Only S256 is supported'
-            };
-        }
-        logger.info(`Authorization request validated for client ${params.client_id}`);
-        return { valid: true };
-    }
-    /**
-     * Get statistics about stored states
-     */
-    getStats() {
-        this.cleanupExpiredStates();
-        return {
-            states: this.stateStore.size,
-            nonces: this.usedNonces.size,
-        };
-    }
-    /**
-     * Clear all states and nonces (for testing)
-     */
-    clearAll() {
-        this.stateStore.clear();
-        this.usedNonces.clear();
-        logger.debug('Cleared all states and nonces');
-    }
-}
-// Export singleton instance
-export const oauthSecurity = new OAuthSecurity();
-//# sourceMappingURL=security.js.map

package/dist/server/oauth/security.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"security.js","sourceRoot":"","sources":["../../../src/server/oauth/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAmB/C;;;GAGG;AACH,MAAM,OAAO,aAAa;IAChB,UAAU,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC1C,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACtB,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;IACzC,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;IAEtD;;;OAGG;IACH,KAAK,CAAC,kBAAkB,CAAC,IAAgD;QACvE,MAAM,OAAO,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;QAE3D,MAAM,SAAS,GAAc;YAC3B,GAAG,IAAI;YACP,SAAS,EAAE,GAAG;YACd,SAAS;SACV,CAAC;QAEF,uCAAuC;QACvC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAExC,6BAA6B;QAC7B,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uCAAuC,CAAC,CAAC;QAE7G,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC;YAC5B,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,IAAI,CAAC,QAAQ;YAClB,IAAI,EAAE,IAAI,CAAC,WAAW;YACtB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YACrC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;SAC5C,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,WAAW,EAAE;aACb,iBAAiB,CAAC,KAAK,CAAC;aACxB,IAAI,CAAC,MAAM,CAAC,CAAC;QAEhB,MAAM,CAAC,KAAK,CAAC,oCAAoC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAClE,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uCAAuC,CAAC,CAAC;YAE7G,sCAAsC;YACtC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE;gBACjD,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,OAAO,CAAC,GAAa,CAAC;YACtC,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAE/C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,+BAA+B,OAAO,EAAE,CAAC,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,mBAAmB;YACnB,IAAI,IAAI,IAAI,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;gBACrC,MAAM,CAAC,IAAI,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC;gBACrD,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAChC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,4BAA4B;YAC5B,IAAI,SAAS,CAAC,QAAQ,KAAK,OAAO,CAAC,GAAG;gBAClC,SAAS,CAAC,WAAW,KAAK,OAAO,CAAC,IAAI;gBACtC,SAAS,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC;gBACtC,MAAM,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;gBAClE,OAAO,IAAI,CAAC;YACd,CAAC;YAED,sCAAsC;YACtC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAEhC,MAAM,CAAC,IAAI,CAAC,0CAA0C,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC5E,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,aAAa;QACX,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEnE,qCAAqC;QACrC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE/B,gCAAgC;QAChC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,KAAa;QACzB,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEnE,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,mBAAmB,CAAC,GAAQ;QAC1B,MAAM,UAAU,GAAG;YACjB,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE;YAC/B,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,EAAE;YACpC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,EAAE;YACpC,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,UAAU,CAAC,aAAa,IAAI,EAAE;SAC7C,CAAC;QAEF,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;aACrC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aAC5B,MAAM,CAAC,WAAW,CAAC,CAAC;QAEvB,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC9C,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,MAA0B,EAAE,OAAe;QAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,CAAC,yCAAyC;QACxD,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,KAAK,OAAO,CAAC;QAEnC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QAC3E,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,oBAAoB;QAC1B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;YACpD,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBAC1B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC3B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,MAAM,CAAC,KAAK,CAAC,cAAc,OAAO,iBAAiB,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,gBAAgB;QACtB,6BAA6B;QAC7B,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,EAAE,CAAC;YAChC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;YACvD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACxB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;YACpD,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,mBAAmB,CAAC,GAAW,EAAE,QAAgB;QAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;QAE1D,+CAA+C;QAC/C,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAE1C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,yBAAyB,GAAG,eAAe,QAAQ,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACK,sBAAsB,CAAC,QAAgB;QAC7C,8CAA8C;QAC9C,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACrC,CAAC;IAED;;;OAGG;IACH,4BAA4B,CAAC,MAQ5B;QACC,8DAA8D;QAC9D,IAAI,MAAM,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACpC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,iDAAiD;aACzD,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACtB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,mBAAmB;aAC3B,CAAC;QACJ,CAAC;QAED,0CAA0C;QAC1C,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,sBAAsB;aAC9B,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACrE,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,sBAAsB;aAC9B,CAAC;QACJ,CAAC;QAED,6CAA6C;QAC7C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,yBAAyB;aACjC,CAAC;QACJ,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC3B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,wCAAwC;aAChD,CAAC;QACJ,CAAC;QAED,6CAA6C;QAC7C,IAAI,MAAM,CAAC,qBAAqB,IAAI,MAAM,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YAC5E,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,uDAAuD;aAC/D,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,8CAA8C,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAC9E,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE5B,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI;YAC5B,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI;SAC7B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAChD,CAAC;CACF;AAED,4BAA4B;AAC5B,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC"}

package/dist/server/oauth/tokenEncryption.d.ts

@@ -1,80 +0,0 @@
-/**
- * Encrypted token structure
- */
-export interface EncryptedToken {
-    encrypted: string;
-    hash: string;
-}
-/**
- * Token Encryption Manager
- * Provides AES-256-GCM encryption for tokens at rest
- */
-export declare class TokenEncryption {
-    private readonly algorithm;
-    private readonly saltLength;
-    private readonly tagLength;
-    private readonly ivLength;
-    private readonly keyLength;
-    /**
-     * Encrypt a token using AES-256-GCM
-     * Returns encrypted data and a hash for indexing
-     */
-    encryptToken(plaintext: string): Promise<EncryptedToken>;
-    /**
-     * Decrypt a token
-     */
-    decryptToken(encryptedData: string): Promise<string>;
-    /**
-     * Hash a token for indexing
-     * Uses SHA256 for consistent hashing
-     */
-    hashToken(token: string): string;
-    /**
-     * Verify a plaintext token matches a hash
-     */
-    verifyTokenHash(plaintext: string, hash: string): boolean;
-    /**
-     * Encrypt sensitive data (generic, not just tokens)
-     */
-    encrypt(text: string): Promise<string>;
-    /**
-     * Decrypt sensitive data (generic)
-     */
-    decrypt(encryptedData: string): Promise<string>;
-    /**
-     * Derive encryption key from password and salt
-     * Uses scrypt for key derivation
-     */
-    private deriveKey;
-    /**
-     * Get the master encryption key
-     * In production, this should come from a secure key management service
-     */
-    private getEncryptionKey;
-    /**
-     * Rotate encryption (re-encrypt with new salt/IV)
-     * Useful for key rotation scenarios
-     */
-    rotateEncryption(encryptedData: string): Promise<EncryptedToken>;
-    /**
-     * Batch encrypt multiple tokens
-     * More efficient than individual encryption
-     */
-    encryptBatch(tokens: string[]): Promise<EncryptedToken[]>;
-    /**
-     * Batch decrypt multiple tokens
-     */
-    decryptBatch(encryptedTokens: string[]): Promise<string[]>;
-    /**
-     * Generate a secure random token
-     * Useful for generating access/refresh tokens
-     */
-    generateSecureToken(length?: number): string;
-    /**
-     * Validate encryption key on startup
-     * Ensures the key meets security requirements
-     */
-    validateEncryptionSetup(): boolean;
-}
-export declare const tokenEncryption: TokenEncryption;
-//# sourceMappingURL=tokenEncryption.d.ts.map

package/dist/server/oauth/tokenEncryption.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tokenEncryption.d.ts","sourceRoot":"","sources":["../../../src/server/oauth/tokenEncryption.ts"],"names":[],"mappings":"AAMA;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAiB;IAC3C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAM;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAM;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAM;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAM;IAEhC;;;OAGG;IACG,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAyC9D;;OAEG;IACG,YAAY,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA8C1D;;;OAGG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAQhC;;OAEG;IACH,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAkBzD;;OAEG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAK5C;;OAEG;IACG,OAAO,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIrD;;;OAGG;YACW,SAAS;IAKvB;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAexB;;;OAGG;IACG,gBAAgB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAQtE;;;OAGG;IACG,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAI/D;;OAEG;IACG,YAAY,CAAC,eAAe,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAIhE;;;OAGG;IACH,mBAAmB,CAAC,MAAM,GAAE,MAAW,GAAG,MAAM;IAIhD;;;OAGG;IACH,uBAAuB,IAAI,OAAO;CA4BnC;AAGD,eAAO,MAAM,eAAe,iBAAwB,CAAC"}