dbsc-toolkit 1.2.3 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -3
- package/dist/core/index.d.ts +2 -1
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +1 -1
- package/dist/core/index.js.map +1 -1
- package/dist/core/protocol/headers.d.ts +9 -1
- package/dist/core/protocol/headers.d.ts.map +1 -1
- package/dist/core/protocol/headers.js +44 -2
- package/dist/core/protocol/headers.js.map +1 -1
- package/dist/express/index.d.ts +2 -1
- package/dist/express/index.d.ts.map +1 -1
- package/dist/express/index.js +7 -5
- package/dist/express/index.js.map +1 -1
- package/dist/fastify/index.d.ts +2 -1
- package/dist/fastify/index.d.ts.map +1 -1
- package/dist/fastify/index.js +7 -5
- package/dist/fastify/index.js.map +1 -1
- package/dist/hono/index.d.ts +2 -1
- package/dist/hono/index.d.ts.map +1 -1
- package/dist/hono/index.js +10 -5
- package/dist/hono/index.js.map +1 -1
- package/dist/nextjs/index.d.ts +2 -1
- package/dist/nextjs/index.d.ts.map +1 -1
- package/dist/nextjs/index.js +14 -9
- package/dist/nextjs/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -13,9 +13,11 @@ Chrome 147+ supports DBSC natively. This library handles the server side. Verifi
|
|
|
13
13
|
|
|
14
14
|
## Live demo
|
|
15
15
|
|
|
16
|
-
Try it: <https://
|
|
16
|
+
Try it: <https://dbsc-toolkit.onrender.com/>
|
|
17
17
|
|
|
18
|
-
Open in Chrome 147+, click **Login**, then **Check session** — `tier` reads `"dbsc"` once the TPM key is bound. Use **Clear cookies** to reset and replay the flow. Source in [examples/express/](./examples/express/).
|
|
18
|
+
Open in Chrome 147+, click **Login**, then **Check session** — `tier` reads `"dbsc"` once the TPM key is bound. The demo uses a 60-second bound-cookie TTL so refresh kicks in fast — watch DevTools Network for the automatic `POST /dbsc/refresh` after the cookie expires. Use **Clear cookies** to reset and replay the flow. Source in [examples/express/](./examples/express/).
|
|
19
|
+
|
|
20
|
+
> Heads up: the demo runs on in-memory storage. Render restarts wipe sessions, so if "Check session" returns `not authenticated` after a while, the instance probably restarted — click **Login** again.
|
|
19
21
|
|
|
20
22
|
## Install
|
|
21
23
|
|
|
@@ -126,9 +128,11 @@ See [docs/security/best-practices.md](./docs/security/best-practices.md) for the
|
|
|
126
128
|
|
|
127
129
|
You need HTTPS — `__Host-` cookies require it and Chrome rejects DBSC on plain HTTP. Two options:
|
|
128
130
|
|
|
129
|
-
- Deploy somewhere that gives you HTTPS (
|
|
131
|
+
- Deploy somewhere that gives you HTTPS (Render, Fly, Railway, Cloudflare Tunnel). Easiest path. The live demo above runs on Render.
|
|
130
132
|
- Run `local-ssl-proxy --source 3001 --target 3000` in front of your local server.
|
|
131
133
|
|
|
134
|
+
If you deploy behind any reverse proxy (Render, Fly, Cloudflare, nginx), call `app.set("trust proxy", true)` in Express before mounting the DBSC middleware. Without it, `req.protocol` returns `http` even when the client connected over HTTPS, so the `scope.origin` in the registration response goes out with the wrong scheme and Chrome silently terminates the session. Fastify needs `Fastify({ trustProxy: true })`; Hono and Next.js derive origin from the request URL directly and don't need any flag.
|
|
135
|
+
|
|
132
136
|
A working demo is in [examples/express/](./examples/express/).
|
|
133
137
|
|
|
134
138
|
## Framework support
|
|
@@ -215,6 +219,24 @@ app.use(dbsc({
|
|
|
215
219
|
|
|
216
220
|
Event types: `registration`, `refresh`, `verification_failure`, `session_stolen`, `fallback_tier`.
|
|
217
221
|
|
|
222
|
+
## Skipped sessions
|
|
223
|
+
|
|
224
|
+
Chrome may send a request without the bound credential and tell you why via the `Secure-Session-Skipped` header. The library parses it and exposes the entries on the request:
|
|
225
|
+
|
|
226
|
+
```ts
|
|
227
|
+
app.get("/payment", (req, res) => {
|
|
228
|
+
const skipped = res.locals.dbsc.skipped;
|
|
229
|
+
if (skipped.some(s => s.reason === "quota_exceeded")) {
|
|
230
|
+
// Chrome throttled DBSC registrations for this site, briefly
|
|
231
|
+
// unsafe to assume the binding is fresh — fall back or step up
|
|
232
|
+
return res.status(503).json({ error: "session binding temporarily unavailable" });
|
|
233
|
+
}
|
|
234
|
+
// ...
|
|
235
|
+
});
|
|
236
|
+
```
|
|
237
|
+
|
|
238
|
+
Reasons defined by the spec: `unreachable` (couldn't reach the refresh endpoint), `server_error` (refresh got a 5xx), `quota_exceeded` (browser's anti-abuse throttle). These are diagnostics from Chrome — your server cannot disable them, but it can react to them.
|
|
239
|
+
|
|
218
240
|
## Header naming
|
|
219
241
|
|
|
220
242
|
The W3C draft renamed the headers from `Sec-Session-*` to `Secure-Session-*`. Chrome 147 acts on the new names. The middleware reads both and writes both for compatibility. If you build response headers manually, send both:
|
package/dist/core/index.d.ts
CHANGED
|
@@ -3,7 +3,8 @@ export { DbscProtocolError, DbscVerificationError, DbscStorageError, ErrorCodes
|
|
|
3
3
|
export { validateJwk, detectAlgorithm } from "./crypto/jwk.js";
|
|
4
4
|
export { verifyDbscJws, parseRegistrationJws } from "./crypto/jws.js";
|
|
5
5
|
export { generateJti, issueChallenge } from "./protocol/challenge.js";
|
|
6
|
-
export { buildRegistrationHeader, buildChallengeHeader, parseSessionResponseHeader, buildSessionIdCookie, readSessionResponseHeader, REGISTRATION_HEADER, RESPONSE_HEADER, CHALLENGE_HEADER, LEGACY_REGISTRATION_HEADER, LEGACY_RESPONSE_HEADER, LEGACY_CHALLENGE_HEADER, } from "./protocol/headers.js";
|
|
6
|
+
export { buildRegistrationHeader, buildChallengeHeader, parseSessionResponseHeader, parseSessionSkippedHeader, buildSessionIdCookie, readSessionResponseHeader, REGISTRATION_HEADER, RESPONSE_HEADER, CHALLENGE_HEADER, SKIPPED_HEADER, LEGACY_REGISTRATION_HEADER, LEGACY_RESPONSE_HEADER, LEGACY_CHALLENGE_HEADER, LEGACY_SKIPPED_HEADER, } from "./protocol/headers.js";
|
|
7
|
+
export type { SkippedEntry, SkippedReason } from "./protocol/headers.js";
|
|
7
8
|
export { handleRegistration } from "./protocol/registration.js";
|
|
8
9
|
export { handleRefresh } from "./protocol/refresh.js";
|
|
9
10
|
export { negotiateTier, detectDbscSupport } from "./fallback/negotiate.js";
|
package/dist/core/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,cAAc,EACd,QAAQ,EACR,OAAO,EACP,SAAS,EACT,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,wBAAwB,EACxB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAErG,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,0BAA0B,EAC1B,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,0BAA0B,EAC1B,sBAAsB,EACtB,uBAAuB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,cAAc,EACd,QAAQ,EACR,OAAO,EACP,SAAS,EACT,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,wBAAwB,EACxB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAErG,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,0BAA0B,EAC1B,yBAAyB,EACzB,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,0BAA0B,EAC1B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,8BAA8B,EAC9B,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAExF,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC"}
|
package/dist/core/index.js
CHANGED
|
@@ -2,7 +2,7 @@ export { DbscProtocolError, DbscVerificationError, DbscStorageError, ErrorCodes
|
|
|
2
2
|
export { validateJwk, detectAlgorithm } from "./crypto/jwk.js";
|
|
3
3
|
export { verifyDbscJws, parseRegistrationJws } from "./crypto/jws.js";
|
|
4
4
|
export { generateJti, issueChallenge } from "./protocol/challenge.js";
|
|
5
|
-
export { buildRegistrationHeader, buildChallengeHeader, parseSessionResponseHeader, buildSessionIdCookie, readSessionResponseHeader, REGISTRATION_HEADER, RESPONSE_HEADER, CHALLENGE_HEADER, LEGACY_REGISTRATION_HEADER, LEGACY_RESPONSE_HEADER, LEGACY_CHALLENGE_HEADER, } from "./protocol/headers.js";
|
|
5
|
+
export { buildRegistrationHeader, buildChallengeHeader, parseSessionResponseHeader, parseSessionSkippedHeader, buildSessionIdCookie, readSessionResponseHeader, REGISTRATION_HEADER, RESPONSE_HEADER, CHALLENGE_HEADER, SKIPPED_HEADER, LEGACY_REGISTRATION_HEADER, LEGACY_RESPONSE_HEADER, LEGACY_CHALLENGE_HEADER, LEGACY_SKIPPED_HEADER, } from "./protocol/headers.js";
|
|
6
6
|
export { handleRegistration } from "./protocol/registration.js";
|
|
7
7
|
export { handleRefresh } from "./protocol/refresh.js";
|
|
8
8
|
export { negotiateTier, detectDbscSupport } from "./fallback/negotiate.js";
|
package/dist/core/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAErG,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,0BAA0B,EAC1B,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,0BAA0B,EAC1B,sBAAsB,EACtB,uBAAuB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAErG,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,0BAA0B,EAC1B,yBAAyB,EACzB,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,0BAA0B,EAC1B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,8BAA8B,EAC9B,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAExF,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC"}
|
|
@@ -5,7 +5,7 @@ export interface RegistrationHeaderOptions {
|
|
|
5
5
|
cookieName?: string;
|
|
6
6
|
}
|
|
7
7
|
export declare function buildRegistrationHeader(opts: RegistrationHeaderOptions): string;
|
|
8
|
-
export declare function buildChallengeHeader(jti: string): string;
|
|
8
|
+
export declare function buildChallengeHeader(jti: string, sessionId?: string): string;
|
|
9
9
|
export declare function parseSessionResponseHeader(raw: string): string;
|
|
10
10
|
export declare function buildSessionIdCookie(sessionId: string, opts: {
|
|
11
11
|
secure: boolean;
|
|
@@ -14,8 +14,16 @@ export declare function buildSessionIdCookie(sessionId: string, opts: {
|
|
|
14
14
|
export declare const REGISTRATION_HEADER = "Secure-Session-Registration";
|
|
15
15
|
export declare const RESPONSE_HEADER = "Secure-Session-Response";
|
|
16
16
|
export declare const CHALLENGE_HEADER = "Secure-Session-Challenge";
|
|
17
|
+
export declare const SKIPPED_HEADER = "Secure-Session-Skipped";
|
|
17
18
|
export declare const LEGACY_REGISTRATION_HEADER = "Sec-Session-Registration";
|
|
18
19
|
export declare const LEGACY_RESPONSE_HEADER = "Sec-Session-Response";
|
|
19
20
|
export declare const LEGACY_CHALLENGE_HEADER = "Sec-Session-Challenge";
|
|
21
|
+
export declare const LEGACY_SKIPPED_HEADER = "Sec-Session-Skipped";
|
|
20
22
|
export declare function readSessionResponseHeader(headers: Record<string, string | string[] | undefined>): string | undefined;
|
|
23
|
+
export type SkippedReason = "unreachable" | "server_error" | "quota_exceeded";
|
|
24
|
+
export interface SkippedEntry {
|
|
25
|
+
reason: SkippedReason;
|
|
26
|
+
sessionId?: string;
|
|
27
|
+
}
|
|
28
|
+
export declare function parseSessionSkippedHeader(headers: Record<string, string | string[] | undefined>): SkippedEntry[];
|
|
21
29
|
//# sourceMappingURL=headers.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../../src/core/protocol/headers.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,yBAAyB;IACxC,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,yBAAyB,GAAG,MAAM,CAK/E;AAED,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../../src/core/protocol/headers.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,yBAAyB;IACxC,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,yBAAyB,GAAG,MAAM,CAK/E;AAED,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAG5E;AAED,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE9D;AAED,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAC1C,MAAM,CAMR;AAED,eAAO,MAAM,mBAAmB,gCAAgC,CAAC;AACjE,eAAO,MAAM,eAAe,4BAA4B,CAAC;AACzD,eAAO,MAAM,gBAAgB,6BAA6B,CAAC;AAC3D,eAAO,MAAM,cAAc,2BAA2B,CAAC;AAEvD,eAAO,MAAM,0BAA0B,6BAA6B,CAAC;AACrE,eAAO,MAAM,sBAAsB,yBAAyB,CAAC;AAC7D,eAAO,MAAM,uBAAuB,0BAA0B,CAAC;AAC/D,eAAO,MAAM,qBAAqB,wBAAwB,CAAC;AAE3D,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,MAAM,GAAG,SAAS,CAIpB;AAED,MAAM,MAAM,aAAa,GAAG,aAAa,GAAG,cAAc,GAAG,gBAAgB,CAAC;AAE9E,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,aAAa,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAQD,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACrD,YAAY,EAAE,CAgChB"}
|
|
@@ -5,8 +5,9 @@ export function buildRegistrationHeader(opts) {
|
|
|
5
5
|
parts.push(`id="${opts.cookieName}"`);
|
|
6
6
|
return parts.join(";");
|
|
7
7
|
}
|
|
8
|
-
export function buildChallengeHeader(jti) {
|
|
9
|
-
|
|
8
|
+
export function buildChallengeHeader(jti, sessionId) {
|
|
9
|
+
const base = `"${jti}"`;
|
|
10
|
+
return sessionId ? `${base};id="${sessionId}"` : base;
|
|
10
11
|
}
|
|
11
12
|
export function parseSessionResponseHeader(raw) {
|
|
12
13
|
return raw.trim();
|
|
@@ -22,13 +23,54 @@ export function buildSessionIdCookie(sessionId, opts) {
|
|
|
22
23
|
export const REGISTRATION_HEADER = "Secure-Session-Registration";
|
|
23
24
|
export const RESPONSE_HEADER = "Secure-Session-Response";
|
|
24
25
|
export const CHALLENGE_HEADER = "Secure-Session-Challenge";
|
|
26
|
+
export const SKIPPED_HEADER = "Secure-Session-Skipped";
|
|
25
27
|
export const LEGACY_REGISTRATION_HEADER = "Sec-Session-Registration";
|
|
26
28
|
export const LEGACY_RESPONSE_HEADER = "Sec-Session-Response";
|
|
27
29
|
export const LEGACY_CHALLENGE_HEADER = "Sec-Session-Challenge";
|
|
30
|
+
export const LEGACY_SKIPPED_HEADER = "Sec-Session-Skipped";
|
|
28
31
|
export function readSessionResponseHeader(headers) {
|
|
29
32
|
const v = headers["secure-session-response"] ?? headers["sec-session-response"];
|
|
30
33
|
if (Array.isArray(v))
|
|
31
34
|
return v[0];
|
|
32
35
|
return v;
|
|
33
36
|
}
|
|
37
|
+
const SKIPPED_REASONS = new Set([
|
|
38
|
+
"unreachable",
|
|
39
|
+
"server_error",
|
|
40
|
+
"quota_exceeded",
|
|
41
|
+
]);
|
|
42
|
+
export function parseSessionSkippedHeader(headers) {
|
|
43
|
+
const raw = headers["secure-session-skipped"] ?? headers["sec-session-skipped"];
|
|
44
|
+
if (!raw)
|
|
45
|
+
return [];
|
|
46
|
+
const value = Array.isArray(raw) ? raw.join(", ") : raw;
|
|
47
|
+
const entries = [];
|
|
48
|
+
for (const item of value.split(",")) {
|
|
49
|
+
const trimmed = item.trim();
|
|
50
|
+
if (!trimmed)
|
|
51
|
+
continue;
|
|
52
|
+
const [tokenPart, ...paramParts] = trimmed.split(";");
|
|
53
|
+
const reason = tokenPart.trim();
|
|
54
|
+
if (!SKIPPED_REASONS.has(reason))
|
|
55
|
+
continue;
|
|
56
|
+
let sessionId;
|
|
57
|
+
for (const param of paramParts) {
|
|
58
|
+
const eq = param.indexOf("=");
|
|
59
|
+
if (eq === -1)
|
|
60
|
+
continue;
|
|
61
|
+
const key = param.slice(0, eq).trim();
|
|
62
|
+
let val = param.slice(eq + 1).trim();
|
|
63
|
+
if (val.startsWith('"') && val.endsWith('"')) {
|
|
64
|
+
val = val.slice(1, -1);
|
|
65
|
+
}
|
|
66
|
+
if (key === "session_identifier")
|
|
67
|
+
sessionId = val;
|
|
68
|
+
}
|
|
69
|
+
const entry = { reason: reason };
|
|
70
|
+
if (sessionId !== undefined)
|
|
71
|
+
entry.sessionId = sessionId;
|
|
72
|
+
entries.push(entry);
|
|
73
|
+
}
|
|
74
|
+
return entries;
|
|
75
|
+
}
|
|
34
76
|
//# sourceMappingURL=headers.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"headers.js","sourceRoot":"","sources":["../../../src/core/protocol/headers.ts"],"names":[],"mappings":"AAOA,MAAM,UAAU,uBAAuB,CAAC,IAA+B;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC;IACtC,MAAM,KAAK,GAAG,CAAC,IAAI,GAAG,GAAG,EAAE,SAAS,IAAI,CAAC,WAAW,GAAG,EAAE,cAAc,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;IAC1F,IAAI,IAAI,CAAC,UAAU;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;IAC3D,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,GAAW;
|
|
1
|
+
{"version":3,"file":"headers.js","sourceRoot":"","sources":["../../../src/core/protocol/headers.ts"],"names":[],"mappings":"AAOA,MAAM,UAAU,uBAAuB,CAAC,IAA+B;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC;IACtC,MAAM,KAAK,GAAG,CAAC,IAAI,GAAG,GAAG,EAAE,SAAS,IAAI,CAAC,WAAW,GAAG,EAAE,cAAc,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;IAC1F,IAAI,IAAI,CAAC,UAAU;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;IAC3D,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,GAAW,EAAE,SAAkB;IAClE,MAAM,IAAI,GAAG,IAAI,GAAG,GAAG,CAAC;IACxB,OAAO,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,QAAQ,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,GAAW;IACpD,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,SAAiB,EACjB,IAA2C;IAE3C,MAAM,KAAK,GAAG,CAAC,uBAAuB,SAAS,EAAE,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IACzE,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;IACnC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,6BAA6B,CAAC;AACjE,MAAM,CAAC,MAAM,eAAe,GAAG,yBAAyB,CAAC;AACzD,MAAM,CAAC,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;AAC3D,MAAM,CAAC,MAAM,cAAc,GAAG,wBAAwB,CAAC;AAEvD,MAAM,CAAC,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AACrE,MAAM,CAAC,MAAM,sBAAsB,GAAG,sBAAsB,CAAC;AAC7D,MAAM,CAAC,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;AAC/D,MAAM,CAAC,MAAM,qBAAqB,GAAG,qBAAqB,CAAC;AAE3D,MAAM,UAAU,yBAAyB,CACvC,OAAsD;IAEtD,MAAM,CAAC,GAAG,OAAO,CAAC,yBAAyB,CAAC,IAAI,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAChF,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,OAAO,CAAC,CAAC;AACX,CAAC;AASD,MAAM,eAAe,GAAwB,IAAI,GAAG,CAAC;IACnD,aAAa;IACb,cAAc;IACd,gBAAgB;CACjB,CAAC,CAAC;AAEH,MAAM,UAAU,yBAAyB,CACvC,OAAsD;IAEtD,MAAM,GAAG,GAAG,OAAO,CAAC,wBAAwB,CAAC,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAChF,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACxD,MAAM,OAAO,GAAmB,EAAE,CAAC;IAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,MAAM,CAAC,SAAS,EAAE,GAAG,UAAU,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,SAAU,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QAE3C,IAAI,SAA6B,CAAC;QAClC,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,MAAM,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC9B,IAAI,EAAE,KAAK,CAAC,CAAC;gBAAE,SAAS;YACxB,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YACtC,IAAI,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7C,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACzB,CAAC;YACD,IAAI,GAAG,KAAK,oBAAoB;gBAAE,SAAS,GAAG,GAAG,CAAC;QACpD,CAAC;QAED,MAAM,KAAK,GAAiB,EAAE,MAAM,EAAE,MAAuB,EAAE,CAAC;QAChE,IAAI,SAAS,KAAK,SAAS;YAAE,KAAK,CAAC,SAAS,GAAG,SAAS,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/express/index.d.ts
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import type { RequestHandler } from "express";
|
|
2
|
-
import { type DbscOptions, type ProtectionTier } from "../core/index.js";
|
|
2
|
+
import { type DbscOptions, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
3
3
|
export interface DbscExpressOptions extends DbscOptions {
|
|
4
4
|
secure?: boolean;
|
|
5
5
|
}
|
|
6
6
|
export interface DbscLocals {
|
|
7
7
|
sessionId: string | null;
|
|
8
8
|
tier: ProtectionTier;
|
|
9
|
+
skipped: SkippedEntry[];
|
|
9
10
|
revoke: () => Promise<void>;
|
|
10
11
|
requireBound: () => void;
|
|
11
12
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAE/E,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAE/E,OAAO,EAiBL,KAAK,WAAW,EAEhB,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,kBAAkB,CAAC;AAW1B,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5B,YAAY,EAAE,MAAM,IAAI,CAAC;CAC1B;AAED,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,MAAM;YACd,IAAI,EAAE,UAAU,CAAC;SAClB;KACF;CACF;AAuBD,wBAAgB,IAAI,CAAC,IAAI,EAAE,kBAAkB,GAAG,cAAc,CAqP7D"}
|
package/dist/express/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { randomBytes as nodeRandomBytes } from "node:crypto";
|
|
2
|
-
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, readSessionResponseHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
2
|
+
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, readSessionResponseHeader, parseSessionSkippedHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
3
3
|
const cookieNames = (secure) => ({
|
|
4
4
|
bound: secure ? "__Host-dbsc-session" : "dbsc-session",
|
|
5
5
|
reg: secure ? "__Host-dbsc-reg" : "dbsc-reg",
|
|
@@ -115,8 +115,8 @@ export function dbsc(opts) {
|
|
|
115
115
|
const responseHeader = readSessionResponseHeader(req.headers);
|
|
116
116
|
if (!responseHeader) {
|
|
117
117
|
const challenge = await issueChallenge(sessionId, storage);
|
|
118
|
-
res.setHeader(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
119
|
-
res.setHeader(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
118
|
+
res.setHeader(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
119
|
+
res.setHeader(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
120
120
|
res.setHeader("Set-Cookie", serializeCookie(COOKIES.challenge, challenge.jti, cookieOpts(5 * 60 * 1000, secure)));
|
|
121
121
|
res.status(403).end();
|
|
122
122
|
return;
|
|
@@ -124,8 +124,8 @@ export function dbsc(opts) {
|
|
|
124
124
|
const expectedJti = req.cookies?.[COOKIES.challenge];
|
|
125
125
|
if (!expectedJti) {
|
|
126
126
|
const challenge = await issueChallenge(sessionId, storage);
|
|
127
|
-
res.setHeader(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
128
|
-
res.setHeader(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
127
|
+
res.setHeader(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
128
|
+
res.setHeader(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
129
129
|
res.setHeader("Set-Cookie", serializeCookie(COOKIES.challenge, challenge.jti, cookieOpts(5 * 60 * 1000, secure)));
|
|
130
130
|
res.status(403).end();
|
|
131
131
|
return;
|
|
@@ -199,9 +199,11 @@ export function dbsc(opts) {
|
|
|
199
199
|
return;
|
|
200
200
|
}
|
|
201
201
|
const sessionId = req.cookies?.[COOKIES.bound];
|
|
202
|
+
const skipped = parseSessionSkippedHeader(req.headers);
|
|
202
203
|
res.locals.dbsc = {
|
|
203
204
|
sessionId: sessionId ?? null,
|
|
204
205
|
tier: "none",
|
|
206
|
+
skipped,
|
|
205
207
|
revoke: async () => {
|
|
206
208
|
if (sessionId)
|
|
207
209
|
await storage.revokeSession(sessionId);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,IAAI,eAAe,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,yBAAyB,EAEzB,gBAAgB,EAEhB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,IAAI,eAAe,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EAEzB,gBAAgB,EAEhB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAMtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,WAAW,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc;IACtD,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU;IAC5C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB;CAC/D,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACzC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAsB5C,SAAS,UAAU,CAAC,KAAa,EAAE,MAAe;IAChD,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,MAAM,EAAE,KAAK,GAAG,IAAI;QACpB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,KAAa,EAAE,IAAmC;IACvF,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACrC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,IAAwB;IAC3C,MAAM,EACJ,OAAO,EACP,QAAQ,GAAG,UAAU,EACrB,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,EAClC,qBAAqB,GAAG,eAAe,EACvC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpC,KAAK,UAAU,uBAAuB,CAAC,GAAY,EAAE,GAAa;QAChE,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAuB,CAAC;QACnE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAE3E,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;YACvE,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,kBAAkB,CACtB;gBACE,SAAS;gBACT,wBAAwB,EAAE,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC;gBACjH,WAAW;aACZ,EACD,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,cAAc;gBACpB,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,OAAO;gBAClB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAE,GAAG,CAAC,IAAI;oBAChB,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,UAAU,kBAAkB,CAAC,GAAY,EAAE,GAAa;QAC3D,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;eACnF,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAwB,CAAC;QAE1D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,cAAc,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAE/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAChF,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACvF,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAC3E,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAChF,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACvF,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAEnG,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACzD,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,gBAAgB;oBACtB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;YACL,CAAC;YAED,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAG,GAA6B,CAAC,IAAI;oBAC3C,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QAC9E,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC3D,MAAM,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACxC,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACtD,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAuB,CAAC;QACrE,MAAM,OAAO,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAExG,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG;YAChB,SAAS,EAAE,SAAS,IAAI,IAAI;YAC5B,IAAI,EAAE,MAAM;YACZ,OAAO;YACP,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;oBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;iBAC5E,CAAC,CAAC;YACL,CAAC;YACD,YAAY,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC3D,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;SACF,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;oBACvD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;gBAChC,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBACtC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/fastify/index.d.ts
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import type { FastifyPluginAsync } from "fastify";
|
|
2
2
|
import "@fastify/cookie";
|
|
3
|
-
import { type DbscOptions, type ProtectionTier } from "../core/index.js";
|
|
3
|
+
import { type DbscOptions, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
4
4
|
declare module "fastify" {
|
|
5
5
|
interface FastifyRequest {
|
|
6
6
|
dbsc: {
|
|
7
7
|
sessionId: string | null;
|
|
8
8
|
tier: ProtectionTier;
|
|
9
|
+
skipped: SkippedEntry[];
|
|
9
10
|
revoke(): Promise<void>;
|
|
10
11
|
};
|
|
11
12
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAgC,MAAM,SAAS,CAAC;AAEhF,OAAO,iBAAiB,CAAC;AACzB,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAgC,MAAM,SAAS,CAAC;AAEhF,OAAO,iBAAiB,CAAC;AACzB,OAAO,EAaL,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,IAAI,EAAE;YACJ,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;YACzB,IAAI,EAAE,cAAc,CAAC;YACrB,OAAO,EAAE,YAAY,EAAE,CAAC;YACxB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;SACzB,CAAC;KACH;CACF;AAQD,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAsLD,eAAO,MAAM,IAAI,wCAA2D,CAAC"}
|
package/dist/fastify/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import fp from "fastify-plugin";
|
|
2
2
|
import "@fastify/cookie";
|
|
3
|
-
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, readSessionResponseHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
3
|
+
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, readSessionResponseHeader, parseSessionSkippedHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
4
4
|
const BOUND_COOKIE = "__Host-dbsc-session";
|
|
5
5
|
const REGISTRATION_COOKIE = "__Host-dbsc-reg";
|
|
6
6
|
const CHALLENGE_COOKIE = "__Host-dbsc-challenge";
|
|
@@ -16,9 +16,11 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
16
16
|
fastify.decorateRequest("dbsc", null);
|
|
17
17
|
fastify.addHook("onRequest", async (req, reply) => {
|
|
18
18
|
const sessionId = req.cookies?.[BOUND_COOKIE] ?? null;
|
|
19
|
+
const skipped = parseSessionSkippedHeader(req.headers);
|
|
19
20
|
req.dbsc = {
|
|
20
21
|
sessionId,
|
|
21
22
|
tier: "none",
|
|
23
|
+
skipped,
|
|
22
24
|
revoke: async () => {
|
|
23
25
|
if (sessionId)
|
|
24
26
|
await storage.revokeSession(sessionId);
|
|
@@ -106,16 +108,16 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
106
108
|
const responseHeader = readSessionResponseHeader(req.headers);
|
|
107
109
|
if (!responseHeader) {
|
|
108
110
|
const challenge = await issueChallenge(sessionId, storage);
|
|
109
|
-
reply.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
110
|
-
reply.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
111
|
+
reply.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
112
|
+
reply.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
111
113
|
reply.setCookie(CHALLENGE_COOKIE, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
112
114
|
return reply.status(403).send();
|
|
113
115
|
}
|
|
114
116
|
const expectedJti = req.cookies?.[CHALLENGE_COOKIE];
|
|
115
117
|
if (!expectedJti) {
|
|
116
118
|
const challenge = await issueChallenge(sessionId, storage);
|
|
117
|
-
reply.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
118
|
-
reply.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
119
|
+
reply.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
120
|
+
reply.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
119
121
|
reply.setCookie(CHALLENGE_COOKIE, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
120
122
|
return reply.status(403).send();
|
|
121
123
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,yBAAyB,EACzB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EACzB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAItB,MAAM,kBAAkB,CAAC;AAa1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAMlC,MAAM,UAAU,GAA2C,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACjF,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,GAAG,IAAI,EACzC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,OAAO,CAAC,eAAe,CAAgC,MAAM,EAAE,IAAI,CAAC,CAAC;IAErE,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAC9E,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC;QACtD,MAAM,OAAO,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAExG,GAAG,CAAC,IAAI,GAAG;YACT,SAAS;YACT,IAAI,EAAE,MAAM;YACZ,OAAO;YACP,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAC9C,CAAC;SACF,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;oBACvD,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;gBACzB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAChF,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAC,CAAC;QAEpD,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvE,IAAI,CAAC;YACH,MAAM,kBAAkB,CACtB;gBACE,SAAS;gBACT,wBAAwB,EAAE,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC;gBACjH,WAAW;aACZ,EACD,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,cAAc;gBACpB,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,OAAO;gBAClB,EAAE;aACH,CAAC,CAAC;YAEH,KAAK,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,EAAE;gBACvC,GAAG,UAAU;gBACb,MAAM,EAAE,cAAc,GAAG,IAAI;aAC9B,CAAC,CAAC;YACH,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;YAChD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,EAAE,CAAC;YACnD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,YAAY;wBAClB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAC3E,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAC7D,MAAM,SAAS,GACb,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;YACvE,GAAG,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC;QAE9B,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAEhD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvE,MAAM,cAAc,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAE/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAC/E,KAAK,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACtF,KAAK,CAAC,SAAS,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACpF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAC,CAAC;QACpD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAC/E,KAAK,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACtF,KAAK,CAAC,SAAS,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACpF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAEnG,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,EAAE;aACH,CAAC,CAAC;YAEH,KAAK,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI,EAAE,CAAC,CAAC;YAC3F,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;YAChD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,EAAE,CAAC;YACnD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,YAAY;wBAClB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,8BAA8B,EAAE,CAAC,CAAC"}
|
package/dist/hono/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { MiddlewareHandler } from "hono";
|
|
2
|
-
import { type DbscOptions, type ProtectionTier } from "../core/index.js";
|
|
2
|
+
import { type DbscOptions, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
3
3
|
export interface DbscHonoOptions extends DbscOptions {
|
|
4
4
|
secure?: boolean;
|
|
5
5
|
}
|
|
@@ -7,6 +7,7 @@ declare module "hono" {
|
|
|
7
7
|
interface ContextVariableMap {
|
|
8
8
|
dbscSessionId: string | null;
|
|
9
9
|
dbscTier: ProtectionTier;
|
|
10
|
+
dbscSkipped: SkippedEntry[];
|
|
10
11
|
}
|
|
11
12
|
}
|
|
12
13
|
export declare function dbsc(opts: DbscHonoOptions): MiddlewareHandler;
|
package/dist/hono/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAW,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAEvD,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAW,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAEvD,OAAO,EAaL,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,kBAAkB,CAAC;AAQ1B,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,OAAO,QAAQ,MAAM,CAAC;IACpB,UAAU,kBAAkB;QAC1B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,QAAQ,EAAE,cAAc,CAAC;QACzB,WAAW,EAAE,YAAY,EAAE,CAAC;KAC7B;CACF;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,eAAe,GAAG,iBAAiB,CAkL7D"}
|
package/dist/hono/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { getCookie, setCookie, deleteCookie } from "hono/cookie";
|
|
2
|
-
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
2
|
+
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, parseSessionSkippedHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
3
3
|
const BOUND_COOKIE = "__Host-dbsc-session";
|
|
4
4
|
const REGISTRATION_COOKIE = "__Host-dbsc-reg";
|
|
5
5
|
const CHALLENGE_COOKIE = "__Host-dbsc-challenge";
|
|
@@ -80,16 +80,16 @@ export function dbsc(opts) {
|
|
|
80
80
|
const responseHeader = c.req.header("secure-session-response") ?? c.req.header("sec-session-response");
|
|
81
81
|
if (!responseHeader) {
|
|
82
82
|
const challenge = await issueChallenge(sessionId, storage);
|
|
83
|
-
c.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
84
|
-
c.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
83
|
+
c.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
84
|
+
c.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
85
85
|
setCookie(c, CHALLENGE_COOKIE, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
86
86
|
return c.body(null, 403);
|
|
87
87
|
}
|
|
88
88
|
const expectedJti = getCookie(c, CHALLENGE_COOKIE);
|
|
89
89
|
if (!expectedJti) {
|
|
90
90
|
const challenge = await issueChallenge(sessionId, storage);
|
|
91
|
-
c.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
92
|
-
c.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
91
|
+
c.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
92
|
+
c.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
93
93
|
setCookie(c, CHALLENGE_COOKIE, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
94
94
|
return c.body(null, 403);
|
|
95
95
|
}
|
|
@@ -130,8 +130,13 @@ export function dbsc(opts) {
|
|
|
130
130
|
}
|
|
131
131
|
}
|
|
132
132
|
const sessionId = getCookie(c, BOUND_COOKIE) ?? null;
|
|
133
|
+
const skippedRaw = {
|
|
134
|
+
"secure-session-skipped": c.req.header("secure-session-skipped"),
|
|
135
|
+
"sec-session-skipped": c.req.header("sec-session-skipped"),
|
|
136
|
+
};
|
|
133
137
|
c.set("dbscSessionId", sessionId);
|
|
134
138
|
c.set("dbscTier", "none");
|
|
139
|
+
c.set("dbscSkipped", parseSessionSkippedHeader(skippedRaw));
|
|
135
140
|
if (sessionId) {
|
|
136
141
|
const session = await storage.getSession(sessionId);
|
|
137
142
|
if (session) {
|
package/dist/hono/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EAEpB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EAEpB,yBAAyB,EACzB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAItB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAclC,MAAM,UAAU,IAAI,CAAC,IAAqB;IACxC,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,GAAG,IAAI,EACzC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,OAAO,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,EAAE;QAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QAExD,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;YACjE,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC;YACpD,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;YAEnD,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,EAAE,GAAG,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5D,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;gBAChG,MAAM,kBAAkB,CACtB;oBACE,SAAS;oBACT,wBAAwB,EAAE,OAAO;oBACjC,WAAW;iBACZ,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,cAAc;oBACpB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,SAAS,EAAE,OAAO;oBAClB,EAAE;iBACH,CAAC,CAAC;gBAEH,SAAS,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE;oBACpC,GAAG,UAAU;oBACb,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,YAAY,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;gBAClC,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE;wBACL,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,YAAY,EAAE,IAAI;wBAClB,mBAAmB,EAAE,EAAE;qBACxB;oBACD,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,wCAAwC;yBACrD;qBACF;iBACF,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC7C,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC5D,MAAM,eAAe,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,eAAe,IAAI,SAAS,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;YAEhE,IAAI,CAAC,SAAS;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5D,MAAM,cAAc,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEvG,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,CAAC,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAC3E,CAAC,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAClF,SAAS,CAAC,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBACjF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAED,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;YACnD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,CAAC,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAC3E,CAAC,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAClF,SAAS,CAAC,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBACjF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;gBAEnG,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,SAAS;oBACf,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;gBAEH,SAAS,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI,EAAE,CAAC,CAAC;gBACxF,YAAY,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;gBAClC,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE;wBACL,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,YAAY,EAAE,IAAI;wBAClB,mBAAmB,EAAE,EAAE;qBACxB;oBACD,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,wCAAwC;yBACrD;qBACF;iBACF,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC7C,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,YAAY,CAAC,IAAI,IAAI,CAAC;QACrD,MAAM,UAAU,GAAuC;YACrD,wBAAwB,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,wBAAwB,CAAC;YAChE,qBAAqB,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,qBAAqB,CAAC;SAC3D,CAAC;QACF,CAAC,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1B,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,yBAAyB,CAAC,UAAU,CAAC,CAAC,CAAC;QAE5D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;oBACvD,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBAC5B,CAAC;qBAAM,CAAC;oBACN,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;gBAClC,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/nextjs/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { NextRequest } from "next/server.js";
|
|
2
2
|
import { NextResponse } from "next/server.js";
|
|
3
|
-
import { type DbscOptions, type ProtectionTier } from "../core/index.js";
|
|
3
|
+
import { type DbscOptions, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
4
4
|
export interface DbscNextOptions extends DbscOptions {
|
|
5
5
|
secure?: boolean;
|
|
6
6
|
}
|
|
@@ -8,6 +8,7 @@ export declare function createDbscMiddleware(opts: DbscNextOptions): (req: NextR
|
|
|
8
8
|
export interface DbscSessionInfo {
|
|
9
9
|
sessionId: string | null;
|
|
10
10
|
tier: ProtectionTier;
|
|
11
|
+
skipped: SkippedEntry[];
|
|
11
12
|
}
|
|
12
13
|
export declare function getDbscSession(req: NextRequest, storage: DbscOptions["storage"], opts?: {
|
|
13
14
|
boundCookieTtl?: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAaL,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,kBAAkB,CAAC;AAS1B,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAWD,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,eAAe,IAYvB,KAAK,WAAW,KAAG,OAAO,CAAC,YAAY,CAAC,CA8J1E;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,OAAO,EAAE,YAAY,EAAE,CAAC;CACzB;AAED,wBAAsB,cAAc,CAClC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,WAAW,CAAC,SAAS,CAAC,EAC/B,IAAI,GAAE;IAAE,cAAc,CAAC,EAAE,MAAM,CAAA;CAAO,GACrC,OAAO,CAAC,eAAe,CAAC,CAoB1B"}
|
package/dist/nextjs/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { NextResponse } from "next/server.js";
|
|
2
|
-
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
2
|
+
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, parseSessionSkippedHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
3
3
|
const BOUND_COOKIE = "__Host-dbsc-session";
|
|
4
4
|
const REGISTRATION_COOKIE = "__Host-dbsc-reg";
|
|
5
5
|
const CHALLENGE_COOKIE = "__Host-dbsc-challenge";
|
|
@@ -91,8 +91,8 @@ export function createDbscMiddleware(opts) {
|
|
|
91
91
|
if (!responseHeader) {
|
|
92
92
|
const challenge = await issueChallenge(sessionId, storage);
|
|
93
93
|
const res = new NextResponse(null, { status: 403 });
|
|
94
|
-
res.headers.set(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
95
|
-
res.headers.set(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
94
|
+
res.headers.set(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
95
|
+
res.headers.set(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
96
96
|
res.cookies.set(CHALLENGE_COOKIE, challenge.jti, {
|
|
97
97
|
...cookieBase(secure),
|
|
98
98
|
maxAge: 5 * 60,
|
|
@@ -103,8 +103,8 @@ export function createDbscMiddleware(opts) {
|
|
|
103
103
|
if (!expectedJti) {
|
|
104
104
|
const challenge = await issueChallenge(sessionId, storage);
|
|
105
105
|
const res = new NextResponse(null, { status: 403 });
|
|
106
|
-
res.headers.set(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
107
|
-
res.headers.set(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
106
|
+
res.headers.set(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
107
|
+
res.headers.set(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
108
108
|
res.cookies.set(CHALLENGE_COOKIE, challenge.jti, {
|
|
109
109
|
...cookieBase(secure),
|
|
110
110
|
maxAge: 5 * 60,
|
|
@@ -156,17 +156,22 @@ export function createDbscMiddleware(opts) {
|
|
|
156
156
|
};
|
|
157
157
|
}
|
|
158
158
|
export async function getDbscSession(req, storage, opts = {}) {
|
|
159
|
+
const skippedRaw = {
|
|
160
|
+
"secure-session-skipped": req.headers.get("secure-session-skipped") ?? undefined,
|
|
161
|
+
"sec-session-skipped": req.headers.get("sec-session-skipped") ?? undefined,
|
|
162
|
+
};
|
|
163
|
+
const skipped = parseSessionSkippedHeader(skippedRaw);
|
|
159
164
|
const sessionId = req.cookies.get(BOUND_COOKIE)?.value ?? null;
|
|
160
165
|
if (!sessionId)
|
|
161
|
-
return { sessionId: null, tier: "none" };
|
|
166
|
+
return { sessionId: null, tier: "none", skipped };
|
|
162
167
|
const session = await storage.getSession(sessionId);
|
|
163
168
|
if (!session)
|
|
164
|
-
return { sessionId: null, tier: "none" };
|
|
169
|
+
return { sessionId: null, tier: "none", skipped };
|
|
165
170
|
const boundCookieTtl = opts.boundCookieTtl ?? DEFAULT_BOUND_TTL * 1000;
|
|
166
171
|
const staleAfter = session.lastRefreshAt + boundCookieTtl;
|
|
167
172
|
if (session.tier === "dbsc" && Date.now() > staleAfter) {
|
|
168
|
-
return { sessionId, tier: "none" };
|
|
173
|
+
return { sessionId, tier: "none", skipped };
|
|
169
174
|
}
|
|
170
|
-
return { sessionId, tier: session.tier };
|
|
175
|
+
return { sessionId, tier: session.tier, skipped };
|
|
171
176
|
}
|
|
172
177
|
//# sourceMappingURL=index.js.map
|
package/dist/nextjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,yBAAyB,EACzB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAItB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAClC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAMrC,SAAS,UAAU,CAAC,MAAe;IACjC,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,IAAqB;IACxD,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,GAAG,IAAI,EACzC,qBAAqB,GAAG,eAAe,GAAG,IAAI,EAC9C,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,OAAO,KAAK,UAAU,UAAU,CAAC,GAAgB;QAC/C,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;QACjC,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QAE3D,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,KAAK,gBAAgB,EAAE,CAAC;YACtD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,KAAK,CAAC;YAC9D,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,KAAK,CAAC;YAE7D,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC/B,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9F,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,kBAAkB,CACtB;oBACE,SAAS;oBACT,wBAAwB,EACtB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;wBAC1C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;wBACvC,SAAS;oBACX,WAAW;iBACZ,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,cAAc;oBACpB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,SAAS,EAAE,OAAO;oBAClB,EAAE;iBACH,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG;oBACX,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE;wBACL,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;wBAC1B,YAAY,EAAE,IAAI;wBAClB,mBAAmB,EAAE,EAAE;qBACxB;oBACD,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,wCAAwC;yBACrD;qBACF;iBACF,CAAC;gBACF,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACrD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE;oBACvC,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACrC,OAAO,GAAG,CAAC;YACb,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACjD,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YACjE,MAAM,SAAS,GAAG,eAAe,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC;YAE1E,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACjD,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,cAAc,GAClB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;gBAC1C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;YAE1C,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,MAAM,GAAG,GAAG,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAClF,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBACzF,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE;oBAC/C,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,CAAC,GAAG,EAAE;iBACf,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC;YAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,KAAK,CAAC;YAC7D,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,MAAM,GAAG,GAAG,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAClF,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBACzF,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE;oBAC/C,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,CAAC,GAAG,EAAE;iBACf,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;gBAEnG,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,SAAS;oBACf,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG;oBACX,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE;wBACL,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;wBAC1B,YAAY,EAAE,IAAI;wBAClB,mBAAmB,EAAE,EAAE;qBACxB;oBACD,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,wCAAwC;yBACrD;qBACF;iBACF,CAAC;gBACF,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACrD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE;oBACvC,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACrC,OAAO,GAAG,CAAC;YACb,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;IAC7B,CAAC,CAAC;AACJ,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAgB,EAChB,OAA+B,EAC/B,OAAoC,EAAE;IAEtC,MAAM,UAAU,GAAuC;QACrD,wBAAwB,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,SAAS;QAChF,qBAAqB,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,SAAS;KAC3E,CAAC;IACF,MAAM,OAAO,GAAG,yBAAyB,CAAC,UAAU,CAAC,CAAC;IAEtD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC/D,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAElE,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAEhE,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,iBAAiB,GAAG,IAAI,CAAC;IACvE,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;IAC1D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;QACvD,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC9C,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AACpD,CAAC"}
|