dbsc-toolkit 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -6
- package/dist/core/index.d.ts +1 -1
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js.map +1 -1
- package/dist/core/types.d.ts +14 -1
- package/dist/core/types.d.ts.map +1 -1
- package/dist/express/index.d.ts +10 -3
- package/dist/express/index.d.ts.map +1 -1
- package/dist/express/index.js +52 -10
- package/dist/express/index.js.map +1 -1
- package/dist/fastify/index.d.ts +10 -2
- package/dist/fastify/index.d.ts.map +1 -1
- package/dist/fastify/index.js +71 -20
- package/dist/fastify/index.js.map +1 -1
- package/dist/hono/index.d.ts +20 -2
- package/dist/hono/index.d.ts.map +1 -1
- package/dist/hono/index.js +88 -24
- package/dist/hono/index.js.map +1 -1
- package/dist/nextjs/index.d.ts +12 -1
- package/dist/nextjs/index.d.ts.map +1 -1
- package/dist/nextjs/index.js +83 -22
- package/dist/nextjs/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -43,23 +43,41 @@ npm install express cookie-parser pg
|
|
|
43
43
|
```ts
|
|
44
44
|
import express from "express";
|
|
45
45
|
import cookieParser from "cookie-parser";
|
|
46
|
-
import {
|
|
46
|
+
import { randomUUID } from "node:crypto";
|
|
47
|
+
import { dbsc, bindSession } from "dbsc-toolkit/express";
|
|
47
48
|
import { MemoryStorage } from "dbsc-toolkit/storage/memory";
|
|
48
49
|
|
|
49
50
|
const app = express();
|
|
51
|
+
app.set("trust proxy", true);
|
|
50
52
|
app.use(cookieParser());
|
|
51
|
-
app.use(
|
|
53
|
+
app.use(express.json());
|
|
52
54
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
+
const storage = new MemoryStorage();
|
|
56
|
+
app.use(dbsc({ storage }));
|
|
57
|
+
|
|
58
|
+
app.post("/login", async (req, res) => {
|
|
59
|
+
const sessionId = randomUUID();
|
|
60
|
+
await bindSession(res, sessionId, storage, { userId: req.body.username });
|
|
61
|
+
res.json({ ok: true });
|
|
55
62
|
});
|
|
56
63
|
|
|
64
|
+
app.get("/me", (req, res) => res.json(res.locals.dbsc));
|
|
65
|
+
|
|
57
66
|
app.listen(3000);
|
|
58
67
|
```
|
|
59
68
|
|
|
60
|
-
|
|
69
|
+
`app.use(dbsc(...))` mounts `POST /dbsc/registration` and `POST /dbsc/refresh` automatically — Chrome drives both, your code never sees them. `bindSession()` is the one-liner you add to your login route: it writes the session row, issues a challenge, builds the registration header (both legacy + new names), and sets the two short-lived cookies Chrome needs to complete binding.
|
|
70
|
+
|
|
71
|
+
A full demo with `/me`, `/logout`, and `/clear-cookies` is in [examples/express/src/server.js](./examples/express/src/server.js).
|
|
72
|
+
|
|
73
|
+
## Adding DBSC to an existing app
|
|
61
74
|
|
|
62
|
-
|
|
75
|
+
If you already have a working session cookie and login route (Express-session, NextAuth, your own table — doesn't matter), DBSC slots in beside what you have. You don't migrate the session store and you don't rewrite login. Two patterns:
|
|
76
|
+
|
|
77
|
+
- Add one `bindSession()` call at the end of your existing login.
|
|
78
|
+
- Or set `autoBind` on the middleware and never touch login at all — DBSC binds users on their next page load.
|
|
79
|
+
|
|
80
|
+
Full integration story, per-route policy table, and rollout timeline in [docs/integrating-existing-auth.md](./docs/integrating-existing-auth.md).
|
|
63
81
|
|
|
64
82
|
## Subpath imports
|
|
65
83
|
|
|
@@ -237,6 +255,8 @@ app.get("/payment", (req, res) => {
|
|
|
237
255
|
|
|
238
256
|
Reasons defined by the spec: `unreachable` (couldn't reach the refresh endpoint), `server_error` (refresh got a 5xx), `quota_exceeded` (browser's anti-abuse throttle). These are diagnostics from Chrome — your server cannot disable them, but it can react to them.
|
|
239
257
|
|
|
258
|
+
The quota is scoped per `(browser install, origin)`, not per origin globally. A site with a million users has a million separate quota buckets — one user spamming logins on their own Chrome cannot drain quota for anyone else. In production with normal login-once-and-stay-logged-in behavior, registration runs once per user and `quota_exceeded` essentially never trips. You hit it during development because the test loop logs in and out on the same browser dozens of times in a few minutes. To recover during testing, clear site data for the origin (`chrome://settings/clearBrowserData` → last hour → cookies and site data) or test in a fresh Incognito window.
|
|
259
|
+
|
|
240
260
|
## Header naming
|
|
241
261
|
|
|
242
262
|
The W3C draft renamed the headers from `Sec-Session-*` to `Secure-Session-*`. Chrome 147 acts on the new names. The middleware reads both and writes both for compatibility. If you build response headers manually, send both:
|
package/dist/core/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export type { ProtectionTier, BoundKey, Session, Challenge, RegistrationProof, RefreshProof, StorageAdapter, RateLimiter, DbscOptions, AnyTelemetryEvent, TelemetryEvent, RegistrationEvent, RefreshEvent, VerificationFailureEvent, SessionStolenEvent, FallbackTierEvent, } from "./types.js";
|
|
1
|
+
export type { ProtectionTier, BoundKey, Session, Challenge, RegistrationProof, RefreshProof, StorageAdapter, RateLimiter, DbscOptions, AutoBindResult, AnyTelemetryEvent, TelemetryEvent, RegistrationEvent, RefreshEvent, VerificationFailureEvent, SessionStolenEvent, FallbackTierEvent, } from "./types.js";
|
|
2
2
|
export { DbscProtocolError, DbscVerificationError, DbscStorageError, ErrorCodes } from "./errors.js";
|
|
3
3
|
export { validateJwk, detectAlgorithm } from "./crypto/jwk.js";
|
|
4
4
|
export { verifyDbscJws, parseRegistrationJws } from "./crypto/jws.js";
|
package/dist/core/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,cAAc,EACd,QAAQ,EACR,OAAO,EACP,SAAS,EACT,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,wBAAwB,EACxB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAErG,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,0BAA0B,EAC1B,yBAAyB,EACzB,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,0BAA0B,EAC1B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,8BAA8B,EAC9B,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAExF,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,cAAc,EACd,QAAQ,EACR,OAAO,EACP,SAAS,EACT,iBAAiB,EACjB,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,cAAc,EACd,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,YAAY,EACZ,wBAAwB,EACxB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAErG,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,0BAA0B,EAC1B,yBAAyB,EACzB,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,0BAA0B,EAC1B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,8BAA8B,EAC9B,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAExF,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC"}
|
package/dist/core/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAErG,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,0BAA0B,EAC1B,yBAAyB,EACzB,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,cAAc,EACd,0BAA0B,EAC1B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC3E,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,8BAA8B,EAC9B,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAExF,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC"}
|
package/dist/core/types.d.ts
CHANGED
|
@@ -81,12 +81,25 @@ export interface FallbackTierEvent extends TelemetryEvent {
|
|
|
81
81
|
export type AnyTelemetryEvent = RegistrationEvent | RefreshEvent | VerificationFailureEvent | SessionStolenEvent | FallbackTierEvent;
|
|
82
82
|
export interface DbscOptions {
|
|
83
83
|
storage: StorageAdapter;
|
|
84
|
-
fallback?: "webauthn" | "hmac" | "none";
|
|
85
84
|
registrationPath?: string;
|
|
86
85
|
refreshPath?: string;
|
|
87
86
|
boundCookieTtl?: number;
|
|
88
87
|
registrationCookieTtl?: number;
|
|
89
88
|
rateLimiter?: RateLimiter;
|
|
90
89
|
onEvent?: (event: AnyTelemetryEvent) => void;
|
|
90
|
+
/**
|
|
91
|
+
* Optional callback for transparent migration. On every request that does not
|
|
92
|
+
* carry the bound cookie yet, the middleware calls this with the
|
|
93
|
+
* framework-native request. If it returns a userId string, the response gets
|
|
94
|
+
* the registration header + the two short-lived cookies, so Chrome 147+
|
|
95
|
+
* triggers /dbsc/registration on its own. Return null to skip.
|
|
96
|
+
* The sessionId used is whatever your existing auth says — supply both via
|
|
97
|
+
* the result type below.
|
|
98
|
+
*/
|
|
99
|
+
autoBind?: (req: any) => Promise<AutoBindResult | null> | AutoBindResult | null;
|
|
100
|
+
}
|
|
101
|
+
export interface AutoBindResult {
|
|
102
|
+
sessionId: string;
|
|
103
|
+
userId: string;
|
|
91
104
|
}
|
|
92
105
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/core/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,UAAU,GAAG,MAAM,GAAG,MAAM,CAAC;AAEnE,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,UAAU,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,GAAG,OAAO,CAAC;CAC9B;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,UAAU,CAAC;IAChB,SAAS,EAAE,OAAO,GAAG,OAAO,CAAC;IAC7B,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAChD,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzC,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IACzD,WAAW,CAAC,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjD,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IACrD,YAAY,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEhD,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,WAAW;IAC1B,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAChD,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9D,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9D;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,YAAa,SAAQ,cAAc;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,wBAAyB,SAAQ,cAAc;IAC9D,IAAI,EAAE,sBAAsB,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,kBAAmB,SAAQ,cAAc;IACxD,IAAI,EAAE,gBAAgB,CAAC;IACvB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,cAAc,CAAC;IACrB,EAAE,EAAE,cAAc,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,iBAAiB,GACzB,iBAAiB,GACjB,YAAY,GACZ,wBAAwB,GACxB,kBAAkB,GAClB,iBAAiB,CAAC;AAEtB,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,UAAU,GAAG,MAAM,GAAG,MAAM,CAAC;AAEnE,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,UAAU,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,GAAG,OAAO,CAAC;CAC9B;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,UAAU,CAAC;IAChB,SAAS,EAAE,OAAO,GAAG,OAAO,CAAC;IAC7B,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAChD,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzC,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IACzD,WAAW,CAAC,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjD,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IACrD,YAAY,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEhD,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,WAAW;IAC1B,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAChD,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9D,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9D;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,YAAa,SAAQ,cAAc;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,wBAAyB,SAAQ,cAAc;IAC9D,IAAI,EAAE,sBAAsB,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,kBAAmB,SAAQ,cAAc;IACxD,IAAI,EAAE,gBAAgB,CAAC;IACvB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,cAAc,CAAC;IACrB,EAAE,EAAE,cAAc,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,iBAAiB,GACzB,iBAAiB,GACjB,YAAY,GACZ,wBAAwB,GACxB,kBAAkB,GAClB,iBAAiB,CAAC;AAEtB,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,IAAI,CAAC;IAC7C;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,cAAc,GAAG,IAAI,CAAC;CACjF;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB"}
|
package/dist/express/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { RequestHandler } from "express";
|
|
2
|
-
import { type DbscOptions, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
1
|
+
import type { Response, RequestHandler } from "express";
|
|
2
|
+
import { type DbscOptions, type StorageAdapter, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
3
3
|
export interface DbscExpressOptions extends DbscOptions {
|
|
4
4
|
secure?: boolean;
|
|
5
5
|
}
|
|
@@ -8,7 +8,6 @@ export interface DbscLocals {
|
|
|
8
8
|
tier: ProtectionTier;
|
|
9
9
|
skipped: SkippedEntry[];
|
|
10
10
|
revoke: () => Promise<void>;
|
|
11
|
-
requireBound: () => void;
|
|
12
11
|
}
|
|
13
12
|
declare global {
|
|
14
13
|
namespace Express {
|
|
@@ -17,5 +16,13 @@ declare global {
|
|
|
17
16
|
}
|
|
18
17
|
}
|
|
19
18
|
}
|
|
19
|
+
export interface BindSessionOptions {
|
|
20
|
+
userId: string;
|
|
21
|
+
secure?: boolean;
|
|
22
|
+
registrationPath?: string;
|
|
23
|
+
registrationCookieTtl?: number;
|
|
24
|
+
sessionTtl?: number;
|
|
25
|
+
}
|
|
26
|
+
export declare function bindSession(res: Response, sessionId: string, storage: StorageAdapter, opts: BindSessionOptions): Promise<void>;
|
|
20
27
|
export declare function dbsc(opts: DbscExpressOptions): RequestHandler;
|
|
21
28
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAW,QAAQ,EAAgB,cAAc,EAAE,MAAM,SAAS,CAAC;AAE/E,OAAO,EAiBL,KAAK,WAAW,EAChB,KAAK,cAAc,EAEnB,KAAK,cAAc,EACnB,KAAK,YAAY,EAElB,MAAM,kBAAkB,CAAC;AAY1B,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,MAAM;YACd,IAAI,EAAE,UAAU,CAAC;SAClB;KACF;CACF;AAuBD,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAsB,WAAW,CAC/B,GAAG,EAAE,QAAQ,EACb,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,kBAAkB,GACvB,OAAO,CAAC,IAAI,CAAC,CAyCf;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,kBAAkB,GAAG,cAAc,CAwP7D"}
|
package/dist/express/index.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, readSessionResponseHeader, parseSessionSkippedHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
1
|
+
import { handleRegistration, handleRefresh, issueChallenge, buildRegistrationHeader, buildChallengeHeader, readSessionResponseHeader, parseSessionSkippedHeader, REGISTRATION_HEADER, CHALLENGE_HEADER, LEGACY_REGISTRATION_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
3
2
|
const cookieNames = (secure) => ({
|
|
4
3
|
bound: secure ? "__Host-dbsc-session" : "dbsc-session",
|
|
5
4
|
reg: secure ? "__Host-dbsc-reg" : "dbsc-reg",
|
|
@@ -7,6 +6,7 @@ const cookieNames = (secure) => ({
|
|
|
7
6
|
});
|
|
8
7
|
const DEFAULT_BOUND_TTL = 10 * 60 * 1000;
|
|
9
8
|
const DEFAULT_REG_TTL = 24 * 60 * 60 * 1000;
|
|
9
|
+
const DEFAULT_SESSION_TTL = 24 * 60 * 60 * 1000;
|
|
10
10
|
function cookieOpts(ttlMs, secure) {
|
|
11
11
|
return {
|
|
12
12
|
httpOnly: true,
|
|
@@ -27,9 +27,46 @@ function serializeCookie(name, value, opts) {
|
|
|
27
27
|
parts.push(`Path=${opts.path}`);
|
|
28
28
|
return parts.join("; ");
|
|
29
29
|
}
|
|
30
|
+
export async function bindSession(res, sessionId, storage, opts) {
|
|
31
|
+
const secure = opts.secure ?? true;
|
|
32
|
+
const registrationPath = opts.registrationPath ?? "/dbsc/registration";
|
|
33
|
+
const regCookieTtl = opts.registrationCookieTtl ?? DEFAULT_REG_TTL;
|
|
34
|
+
const sessionTtl = opts.sessionTtl ?? DEFAULT_SESSION_TTL;
|
|
35
|
+
const COOKIES = cookieNames(secure);
|
|
36
|
+
const existing = await storage.getSession(sessionId);
|
|
37
|
+
const now = Date.now();
|
|
38
|
+
if (!existing) {
|
|
39
|
+
await storage.setSession({
|
|
40
|
+
id: sessionId,
|
|
41
|
+
userId: opts.userId,
|
|
42
|
+
tier: "none",
|
|
43
|
+
createdAt: now,
|
|
44
|
+
expiresAt: now + sessionTtl,
|
|
45
|
+
lastRefreshAt: 0,
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
const challenge = await issueChallenge(sessionId, storage);
|
|
49
|
+
const regHeader = buildRegistrationHeader({
|
|
50
|
+
refreshPath: registrationPath,
|
|
51
|
+
challenge: challenge.jti,
|
|
52
|
+
cookieName: COOKIES.bound,
|
|
53
|
+
});
|
|
54
|
+
res.setHeader(REGISTRATION_HEADER, regHeader);
|
|
55
|
+
res.setHeader(LEGACY_REGISTRATION_HEADER, regHeader);
|
|
56
|
+
const prior = res.getHeader("Set-Cookie");
|
|
57
|
+
const priorList = Array.isArray(prior)
|
|
58
|
+
? prior.map(String)
|
|
59
|
+
: prior !== undefined
|
|
60
|
+
? [String(prior)]
|
|
61
|
+
: [];
|
|
62
|
+
res.setHeader("Set-Cookie", [
|
|
63
|
+
...priorList,
|
|
64
|
+
serializeCookie(COOKIES.reg, sessionId, cookieOpts(regCookieTtl, secure)),
|
|
65
|
+
serializeCookie(COOKIES.challenge, challenge.jti, cookieOpts(5 * 60 * 1000, secure)),
|
|
66
|
+
]);
|
|
67
|
+
}
|
|
30
68
|
export function dbsc(opts) {
|
|
31
|
-
const { storage,
|
|
32
|
-
const hmacSecret = nodeRandomBytes(32);
|
|
69
|
+
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL, registrationCookieTtl = DEFAULT_REG_TTL, rateLimiter = new NoopRateLimiter(), onEvent, autoBind, secure = true, } = opts;
|
|
33
70
|
const COOKIES = cookieNames(secure);
|
|
34
71
|
async function handleRegistrationRoute(req, res) {
|
|
35
72
|
const ip = req.ip ?? "unknown";
|
|
@@ -211,12 +248,6 @@ export function dbsc(opts) {
|
|
|
211
248
|
serializeCookie(COOKIES.bound, "", { ...cookieOpts(0, secure), maxAge: 0 }),
|
|
212
249
|
]);
|
|
213
250
|
},
|
|
214
|
-
requireBound: () => {
|
|
215
|
-
if (!sessionId) {
|
|
216
|
-
res.status(401).json({ error: "authentication required" });
|
|
217
|
-
throw new Error("unauthenticated");
|
|
218
|
-
}
|
|
219
|
-
},
|
|
220
251
|
};
|
|
221
252
|
if (sessionId) {
|
|
222
253
|
const session = await storage.getSession(sessionId);
|
|
@@ -230,6 +261,17 @@ export function dbsc(opts) {
|
|
|
230
261
|
}
|
|
231
262
|
}
|
|
232
263
|
}
|
|
264
|
+
else if (autoBind && !(req.cookies?.[COOKIES.reg])) {
|
|
265
|
+
const result = await autoBind(req);
|
|
266
|
+
if (result) {
|
|
267
|
+
await bindSession(res, result.sessionId, storage, {
|
|
268
|
+
userId: result.userId,
|
|
269
|
+
secure,
|
|
270
|
+
registrationPath,
|
|
271
|
+
registrationCookieTtl,
|
|
272
|
+
});
|
|
273
|
+
}
|
|
274
|
+
}
|
|
233
275
|
next();
|
|
234
276
|
};
|
|
235
277
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,IAAI,eAAe,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EAEzB,gBAAgB,EAEhB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAMtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,WAAW,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc;IACtD,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU;IAC5C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB;CAC/D,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACzC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAsB5C,SAAS,UAAU,CAAC,KAAa,EAAE,MAAe;IAChD,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,MAAM,EAAE,KAAK,GAAG,IAAI;QACpB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,KAAa,EAAE,IAAmC;IACvF,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACrC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,IAAwB;IAC3C,MAAM,EACJ,OAAO,EACP,QAAQ,GAAG,UAAU,EACrB,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,EAClC,qBAAqB,GAAG,eAAe,EACvC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpC,KAAK,UAAU,uBAAuB,CAAC,GAAY,EAAE,GAAa;QAChE,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAuB,CAAC;QACnE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAE3E,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;YACvE,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,kBAAkB,CACtB;gBACE,SAAS;gBACT,wBAAwB,EAAE,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC;gBACjH,WAAW;aACZ,EACD,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,cAAc;gBACpB,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,OAAO;gBAClB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAE,GAAG,CAAC,IAAI;oBAChB,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,UAAU,kBAAkB,CAAC,GAAY,EAAE,GAAa;QAC3D,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;eACnF,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAwB,CAAC;QAE1D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,cAAc,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAE/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAChF,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACvF,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAC3E,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAChF,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACvF,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAEnG,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACzD,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,gBAAgB;oBACtB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;YACL,CAAC;YAED,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAG,GAA6B,CAAC,IAAI;oBAC3C,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QAC9E,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC3D,MAAM,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACxC,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACtD,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAuB,CAAC;QACrE,MAAM,OAAO,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAExG,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG;YAChB,SAAS,EAAE,SAAS,IAAI,IAAI;YAC5B,IAAI,EAAE,MAAM;YACZ,OAAO;YACP,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;oBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;iBAC5E,CAAC,CAAC;YACL,CAAC;YACD,YAAY,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC3D,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;SACF,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;oBACvD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;gBAChC,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBACtC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,uBAAuB,EACvB,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,0BAA0B,EAC1B,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAQtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,WAAW,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc;IACtD,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU;IAC5C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB;CAC/D,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACzC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC5C,MAAM,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAqBhD,SAAS,UAAU,CAAC,KAAa,EAAE,MAAe;IAChD,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,MAAM,EAAE,KAAK,GAAG,IAAI;QACpB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,KAAa,EAAE,IAAmC;IACvF,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,EAAE,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACrC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAUD,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,GAAa,EACb,SAAiB,EACjB,OAAuB,EACvB,IAAwB;IAExB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;IACnC,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,IAAI,oBAAoB,CAAC;IACvE,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,IAAI,eAAe,CAAC;IACnE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,mBAAmB,CAAC;IAC1D,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,OAAO,CAAC,UAAU,CAAC;YACvB,EAAE,EAAE,SAAS;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM;YACZ,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,UAAU;YAC3B,aAAa,EAAE,CAAC;SACjB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAG,uBAAuB,CAAC;QACxC,WAAW,EAAE,gBAAgB;QAC7B,SAAS,EAAE,SAAS,CAAC,GAAG;QACxB,UAAU,EAAE,OAAO,CAAC,KAAK;KAC1B,CAAC,CAAC;IAEH,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;IAC9C,GAAG,CAAC,SAAS,CAAC,0BAA0B,EAAE,SAAS,CAAC,CAAC;IAErD,MAAM,KAAK,GAAG,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAa,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAC9C,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC;QACnB,CAAC,CAAC,KAAK,KAAK,SAAS;YACnB,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC,CAAC,EAAE,CAAC;IACT,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;QAC1B,GAAG,SAAS;QACZ,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACzE,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;KACrF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,IAAwB;IAC3C,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,EAClC,qBAAqB,GAAG,eAAe,EACvC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,QAAQ,EACR,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpC,KAAK,UAAU,uBAAuB,CAAC,GAAY,EAAE,GAAa;QAChE,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAuB,CAAC;QACnE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAE3E,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;YACvE,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,kBAAkB,CACtB;gBACE,SAAS;gBACT,wBAAwB,EAAE,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC;gBACjH,WAAW;aACZ,EACD,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,cAAc;gBACpB,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,OAAO;gBAClB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAE,GAAG,CAAC,IAAI;oBAChB,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,UAAU,kBAAkB,CAAC,GAAY,EAAE,GAAa;QAC3D,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;eACnF,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAwB,CAAC;QAE1D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,cAAc,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAE/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAChF,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACvF,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAC3E,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAChF,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACvF,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAEnG,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACzD,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,gBAAgB;oBACtB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;YACL,CAAC;YAED,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAG,GAA6B,CAAC,IAAI;oBAC3C,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QAC9E,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC3D,MAAM,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACxC,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACtD,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAuB,CAAC;QACrE,MAAM,OAAO,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAExG,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG;YAChB,SAAS,EAAE,SAAS,IAAI,IAAI;YAC5B,IAAI,EAAE,MAAM;YACZ,OAAO;YACP,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;oBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;iBAC5E,CAAC,CAAC;YACL,CAAC;SACF,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;oBACvD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;gBAChC,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBACtC,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACnC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;oBAChD,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,MAAM;oBACN,gBAAgB;oBAChB,qBAAqB;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/fastify/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import type { FastifyPluginAsync } from "fastify";
|
|
1
|
+
import type { FastifyPluginAsync, FastifyReply } from "fastify";
|
|
2
2
|
import "@fastify/cookie";
|
|
3
|
-
import { type DbscOptions, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
3
|
+
import { type DbscOptions, type StorageAdapter, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
4
4
|
declare module "fastify" {
|
|
5
5
|
interface FastifyRequest {
|
|
6
6
|
dbsc: {
|
|
@@ -14,5 +14,13 @@ declare module "fastify" {
|
|
|
14
14
|
export interface DbscFastifyOptions extends DbscOptions {
|
|
15
15
|
secure?: boolean;
|
|
16
16
|
}
|
|
17
|
+
export interface BindSessionOptions {
|
|
18
|
+
userId: string;
|
|
19
|
+
secure?: boolean;
|
|
20
|
+
registrationPath?: string;
|
|
21
|
+
registrationCookieTtl?: number;
|
|
22
|
+
sessionTtl?: number;
|
|
23
|
+
}
|
|
24
|
+
export declare function bindSession(reply: FastifyReply, sessionId: string, storage: StorageAdapter, opts: BindSessionOptions): Promise<void>;
|
|
17
25
|
export declare const dbsc: FastifyPluginAsync<DbscFastifyOptions>;
|
|
18
26
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAkB,YAAY,EAAE,MAAM,SAAS,CAAC;AAEhF,OAAO,iBAAiB,CAAC;AACzB,OAAO,EAgBL,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,IAAI,EAAE;YACJ,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;YACzB,IAAI,EAAE,cAAc,CAAC;YACrB,OAAO,EAAE,YAAY,EAAE,CAAC;YACxB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;SACzB,CAAC;KACH;CACF;AAYD,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAsB,WAAW,CAC/B,KAAK,EAAE,YAAY,EACnB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,kBAAkB,GACvB,OAAO,CAAC,IAAI,CAAC,CAsCf;AAoMD,eAAO,MAAM,IAAI,wCAA2D,CAAC"}
|
package/dist/fastify/index.js
CHANGED
|
@@ -1,21 +1,61 @@
|
|
|
1
1
|
import fp from "fastify-plugin";
|
|
2
2
|
import "@fastify/cookie";
|
|
3
|
-
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, readSessionResponseHeader, parseSessionSkippedHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
4
|
-
const
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
3
|
+
import { handleRegistration, handleRefresh, issueChallenge, buildRegistrationHeader, buildChallengeHeader, readSessionResponseHeader, parseSessionSkippedHeader, REGISTRATION_HEADER, CHALLENGE_HEADER, LEGACY_REGISTRATION_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
4
|
+
const cookieNames = (secure) => ({
|
|
5
|
+
bound: secure ? "__Host-dbsc-session" : "dbsc-session",
|
|
6
|
+
reg: secure ? "__Host-dbsc-reg" : "dbsc-reg",
|
|
7
|
+
challenge: secure ? "__Host-dbsc-challenge" : "dbsc-challenge",
|
|
8
|
+
});
|
|
9
|
+
const DEFAULT_BOUND_TTL_MS = 10 * 60 * 1000;
|
|
10
|
+
const DEFAULT_REG_TTL_MS = 24 * 60 * 60 * 1000;
|
|
11
|
+
const DEFAULT_SESSION_TTL_MS = 24 * 60 * 60 * 1000;
|
|
12
|
+
export async function bindSession(reply, sessionId, storage, opts) {
|
|
13
|
+
const secure = opts.secure ?? true;
|
|
14
|
+
const registrationPath = opts.registrationPath ?? "/dbsc/registration";
|
|
15
|
+
const regCookieTtl = opts.registrationCookieTtl ?? DEFAULT_REG_TTL_MS;
|
|
16
|
+
const sessionTtl = opts.sessionTtl ?? DEFAULT_SESSION_TTL_MS;
|
|
17
|
+
const existing = await storage.getSession(sessionId);
|
|
18
|
+
const now = Date.now();
|
|
19
|
+
if (!existing) {
|
|
20
|
+
await storage.setSession({
|
|
21
|
+
id: sessionId,
|
|
22
|
+
userId: opts.userId,
|
|
23
|
+
tier: "none",
|
|
24
|
+
createdAt: now,
|
|
25
|
+
expiresAt: now + sessionTtl,
|
|
26
|
+
lastRefreshAt: 0,
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
const COOKIES = cookieNames(secure);
|
|
30
|
+
const challenge = await issueChallenge(sessionId, storage);
|
|
31
|
+
const regHeader = buildRegistrationHeader({
|
|
32
|
+
refreshPath: registrationPath,
|
|
33
|
+
challenge: challenge.jti,
|
|
34
|
+
cookieName: COOKIES.bound,
|
|
35
|
+
});
|
|
36
|
+
reply.header(REGISTRATION_HEADER, regHeader);
|
|
37
|
+
reply.header(LEGACY_REGISTRATION_HEADER, regHeader);
|
|
38
|
+
const cookieBase = {
|
|
39
|
+
httpOnly: true,
|
|
40
|
+
secure,
|
|
41
|
+
sameSite: "lax",
|
|
42
|
+
path: "/",
|
|
43
|
+
};
|
|
44
|
+
reply.setCookie(COOKIES.reg, sessionId, { ...cookieBase, maxAge: regCookieTtl / 1000 });
|
|
45
|
+
reply.setCookie(COOKIES.challenge, challenge.jti, { ...cookieBase, maxAge: 5 * 60 });
|
|
46
|
+
}
|
|
8
47
|
const dbscPlugin = async (fastify, opts) => {
|
|
9
|
-
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl =
|
|
48
|
+
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL_MS, registrationCookieTtl = DEFAULT_REG_TTL_MS, rateLimiter = new NoopRateLimiter(), onEvent, autoBind, secure = true, } = opts;
|
|
10
49
|
const cookieOpts = {
|
|
11
50
|
httpOnly: true,
|
|
12
51
|
secure,
|
|
13
52
|
sameSite: "lax",
|
|
14
53
|
path: "/",
|
|
15
54
|
};
|
|
55
|
+
const COOKIES = cookieNames(secure);
|
|
16
56
|
fastify.decorateRequest("dbsc", null);
|
|
17
57
|
fastify.addHook("onRequest", async (req, reply) => {
|
|
18
|
-
const sessionId = req.cookies?.[
|
|
58
|
+
const sessionId = req.cookies?.[COOKIES.bound] ?? null;
|
|
19
59
|
const skipped = parseSessionSkippedHeader(req.headers);
|
|
20
60
|
req.dbsc = {
|
|
21
61
|
sessionId,
|
|
@@ -24,7 +64,7 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
24
64
|
revoke: async () => {
|
|
25
65
|
if (sessionId)
|
|
26
66
|
await storage.revokeSession(sessionId);
|
|
27
|
-
reply.clearCookie(
|
|
67
|
+
reply.clearCookie(COOKIES.bound, cookieOpts);
|
|
28
68
|
},
|
|
29
69
|
};
|
|
30
70
|
if (sessionId) {
|
|
@@ -39,11 +79,22 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
39
79
|
}
|
|
40
80
|
}
|
|
41
81
|
}
|
|
82
|
+
else if (autoBind && !req.cookies?.[COOKIES.reg]) {
|
|
83
|
+
const result = await autoBind(req);
|
|
84
|
+
if (result) {
|
|
85
|
+
await bindSession(reply, result.sessionId, storage, {
|
|
86
|
+
userId: result.userId,
|
|
87
|
+
secure,
|
|
88
|
+
registrationPath,
|
|
89
|
+
registrationCookieTtl,
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
}
|
|
42
93
|
});
|
|
43
94
|
fastify.post(registrationPath, async (req, reply) => {
|
|
44
95
|
const ip = req.ip;
|
|
45
|
-
const sessionId = req.cookies?.[
|
|
46
|
-
const expectedJti = req.cookies?.[
|
|
96
|
+
const sessionId = req.cookies?.[COOKIES.reg];
|
|
97
|
+
const expectedJti = req.cookies?.[COOKIES.challenge];
|
|
47
98
|
if (!sessionId || !expectedJti) {
|
|
48
99
|
return reply.status(400).send({ error: "missing session or challenge cookie" });
|
|
49
100
|
}
|
|
@@ -64,11 +115,11 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
64
115
|
algorithm: "ES256",
|
|
65
116
|
ip,
|
|
66
117
|
});
|
|
67
|
-
reply.setCookie(
|
|
118
|
+
reply.setCookie(COOKIES.bound, sessionId, {
|
|
68
119
|
...cookieOpts,
|
|
69
120
|
maxAge: boundCookieTtl / 1000,
|
|
70
121
|
});
|
|
71
|
-
reply.clearCookie(
|
|
122
|
+
reply.clearCookie(COOKIES.challenge, cookieOpts);
|
|
72
123
|
const origin = `${req.protocol}://${req.hostname}`;
|
|
73
124
|
return reply.status(200).send({
|
|
74
125
|
session_identifier: sessionId,
|
|
@@ -81,7 +132,7 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
81
132
|
credentials: [
|
|
82
133
|
{
|
|
83
134
|
type: "cookie",
|
|
84
|
-
name:
|
|
135
|
+
name: COOKIES.bound,
|
|
85
136
|
attributes: "Path=/; Secure; HttpOnly; SameSite=Lax",
|
|
86
137
|
},
|
|
87
138
|
],
|
|
@@ -99,7 +150,7 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
99
150
|
const ip = req.ip;
|
|
100
151
|
const sessionIdHeader = req.headers["sec-secure-session-id"];
|
|
101
152
|
const sessionId = (Array.isArray(sessionIdHeader) ? sessionIdHeader[0] : sessionIdHeader) ??
|
|
102
|
-
req.cookies?.[
|
|
153
|
+
req.cookies?.[COOKIES.bound];
|
|
103
154
|
if (!sessionId)
|
|
104
155
|
return reply.status(403).send();
|
|
105
156
|
const allowed = await rateLimiter.checkRefresh(ip, sessionId);
|
|
@@ -110,15 +161,15 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
110
161
|
const challenge = await issueChallenge(sessionId, storage);
|
|
111
162
|
reply.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
112
163
|
reply.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
113
|
-
reply.setCookie(
|
|
164
|
+
reply.setCookie(COOKIES.challenge, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
114
165
|
return reply.status(403).send();
|
|
115
166
|
}
|
|
116
|
-
const expectedJti = req.cookies?.[
|
|
167
|
+
const expectedJti = req.cookies?.[COOKIES.challenge];
|
|
117
168
|
if (!expectedJti) {
|
|
118
169
|
const challenge = await issueChallenge(sessionId, storage);
|
|
119
170
|
reply.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
120
171
|
reply.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
121
|
-
reply.setCookie(
|
|
172
|
+
reply.setCookie(COOKIES.challenge, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
122
173
|
return reply.status(403).send();
|
|
123
174
|
}
|
|
124
175
|
try {
|
|
@@ -130,8 +181,8 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
130
181
|
timestamp: Date.now(),
|
|
131
182
|
ip,
|
|
132
183
|
});
|
|
133
|
-
reply.setCookie(
|
|
134
|
-
reply.clearCookie(
|
|
184
|
+
reply.setCookie(COOKIES.bound, sessionId, { ...cookieOpts, maxAge: boundCookieTtl / 1000 });
|
|
185
|
+
reply.clearCookie(COOKIES.challenge, cookieOpts);
|
|
135
186
|
const origin = `${req.protocol}://${req.hostname}`;
|
|
136
187
|
return reply.status(200).send({
|
|
137
188
|
session_identifier: sessionId,
|
|
@@ -144,7 +195,7 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
144
195
|
credentials: [
|
|
145
196
|
{
|
|
146
197
|
type: "cookie",
|
|
147
|
-
name:
|
|
198
|
+
name: COOKIES.bound,
|
|
148
199
|
attributes: "Path=/; Secure; HttpOnly; SameSite=Lax",
|
|
149
200
|
},
|
|
150
201
|
],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EACzB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,uBAAuB,EACvB,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,0BAA0B,EAC1B,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAKtB,MAAM,kBAAkB,CAAC;AAa1B,MAAM,WAAW,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc;IACtD,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU;IAC5C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB;CAC/D,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC5C,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC/C,MAAM,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAcnD,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,KAAmB,EACnB,SAAiB,EACjB,OAAuB,EACvB,IAAwB;IAExB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;IACnC,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,IAAI,oBAAoB,CAAC;IACvE,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,IAAI,kBAAkB,CAAC;IACtE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,sBAAsB,CAAC;IAE7D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,OAAO,CAAC,UAAU,CAAC;YACvB,EAAE,EAAE,SAAS;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM;YACZ,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,UAAU;YAC3B,aAAa,EAAE,CAAC;SACjB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAG,uBAAuB,CAAC;QACxC,WAAW,EAAE,gBAAgB;QAC7B,SAAS,EAAE,SAAS,CAAC,GAAG;QACxB,UAAU,EAAE,OAAO,CAAC,KAAK;KAC1B,CAAC,CAAC;IAEH,KAAK,CAAC,MAAM,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;IAC7C,KAAK,CAAC,MAAM,CAAC,0BAA0B,EAAE,SAAS,CAAC,CAAC;IAEpD,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IACF,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,YAAY,GAAG,IAAI,EAAE,CAAC,CAAC;IACxF,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AACvF,CAAC;AAED,MAAM,UAAU,GAA2C,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACjF,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,oBAAoB,EACrC,qBAAqB,GAAG,kBAAkB,EAC1C,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,QAAQ,EACR,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO,CAAC,eAAe,CAAgC,MAAM,EAAE,IAAI,CAAC,CAAC;IAErE,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAC9E,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;QACvD,MAAM,OAAO,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAExG,GAAG,CAAC,IAAI,GAAG;YACT,SAAS;YACT,IAAI,EAAE,MAAM;YACZ,OAAO;YACP,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;YAC/C,CAAC;SACF,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;oBACvD,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;gBACzB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACnC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;oBAClD,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,MAAM;oBACN,gBAAgB;oBAChB,qBAAqB;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAChF,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAErD,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvE,IAAI,CAAC;YACH,MAAM,kBAAkB,CACtB;gBACE,SAAS;gBACT,wBAAwB,EAAE,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC;gBACjH,WAAW;aACZ,EACD,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,cAAc;gBACpB,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,OAAO;gBAClB,EAAE;aACH,CAAC,CAAC;YAEH,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE;gBACxC,GAAG,UAAU;gBACb,MAAM,EAAE,cAAc,GAAG,IAAI;aAC9B,CAAC,CAAC;YACH,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,EAAE,CAAC;YACnD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAC3E,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAC7D,MAAM,SAAS,GACb,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;YACvE,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAE/B,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAEhD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvE,MAAM,cAAc,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAE/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAC/E,KAAK,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACtF,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACrF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACrD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YAC/E,KAAK,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;YACtF,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACrF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAEnG,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,EAAE;aACH,CAAC,CAAC;YAEH,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI,EAAE,CAAC,CAAC;YAC5F,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACjD,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,EAAE,CAAC;YACnD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE;oBACL,MAAM;oBACN,YAAY,EAAE,IAAI;oBAClB,mBAAmB,EAAE,EAAE;iBACxB;gBACD,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,wCAAwC;qBACrD;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,8BAA8B,EAAE,CAAC,CAAC"}
|
package/dist/hono/index.d.ts
CHANGED
|
@@ -1,14 +1,32 @@
|
|
|
1
|
-
import type { MiddlewareHandler } from "hono";
|
|
2
|
-
import { type DbscOptions, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
1
|
+
import type { Context, MiddlewareHandler } from "hono";
|
|
2
|
+
import { type DbscOptions, type StorageAdapter, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
3
3
|
export interface DbscHonoOptions extends DbscOptions {
|
|
4
4
|
secure?: boolean;
|
|
5
5
|
}
|
|
6
|
+
export interface DbscHonoSession {
|
|
7
|
+
sessionId: string | null;
|
|
8
|
+
tier: ProtectionTier;
|
|
9
|
+
skipped: SkippedEntry[];
|
|
10
|
+
revoke: () => Promise<void>;
|
|
11
|
+
}
|
|
6
12
|
declare module "hono" {
|
|
7
13
|
interface ContextVariableMap {
|
|
14
|
+
dbsc: DbscHonoSession;
|
|
15
|
+
/** @deprecated read `c.get("dbsc").sessionId`. Removed in 2.0.0. */
|
|
8
16
|
dbscSessionId: string | null;
|
|
17
|
+
/** @deprecated read `c.get("dbsc").tier`. Removed in 2.0.0. */
|
|
9
18
|
dbscTier: ProtectionTier;
|
|
19
|
+
/** @deprecated read `c.get("dbsc").skipped`. Removed in 2.0.0. */
|
|
10
20
|
dbscSkipped: SkippedEntry[];
|
|
11
21
|
}
|
|
12
22
|
}
|
|
23
|
+
export interface BindSessionOptions {
|
|
24
|
+
userId: string;
|
|
25
|
+
secure?: boolean;
|
|
26
|
+
registrationPath?: string;
|
|
27
|
+
registrationCookieTtl?: number;
|
|
28
|
+
sessionTtl?: number;
|
|
29
|
+
}
|
|
30
|
+
export declare function bindSession(c: Context, sessionId: string, storage: StorageAdapter, opts: BindSessionOptions): Promise<void>;
|
|
13
31
|
export declare function dbsc(opts: DbscHonoOptions): MiddlewareHandler;
|
|
14
32
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/hono/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAEvD,OAAO,EAeL,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,kBAAkB,CAAC;AAY1B,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED,OAAO,QAAQ,MAAM,CAAC;IACpB,UAAU,kBAAkB;QAC1B,IAAI,EAAE,eAAe,CAAC;QACtB,oEAAoE;QACpE,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,+DAA+D;QAC/D,QAAQ,EAAE,cAAc,CAAC;QACzB,kEAAkE;QAClE,WAAW,EAAE,YAAY,EAAE,CAAC;KAC7B;CACF;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAsB,WAAW,CAC/B,CAAC,EAAE,OAAO,EACV,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,kBAAkB,GACvB,OAAO,CAAC,IAAI,CAAC,CAsCf;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,eAAe,GAAG,iBAAiB,CA8M7D"}
|
package/dist/hono/index.js
CHANGED
|
@@ -1,23 +1,63 @@
|
|
|
1
1
|
import { getCookie, setCookie, deleteCookie } from "hono/cookie";
|
|
2
|
-
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, parseSessionSkippedHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
3
|
-
const
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
2
|
+
import { handleRegistration, handleRefresh, issueChallenge, buildRegistrationHeader, buildChallengeHeader, parseSessionSkippedHeader, REGISTRATION_HEADER, CHALLENGE_HEADER, LEGACY_REGISTRATION_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
3
|
+
const cookieNames = (secure) => ({
|
|
4
|
+
bound: secure ? "__Host-dbsc-session" : "dbsc-session",
|
|
5
|
+
reg: secure ? "__Host-dbsc-reg" : "dbsc-reg",
|
|
6
|
+
challenge: secure ? "__Host-dbsc-challenge" : "dbsc-challenge",
|
|
7
|
+
});
|
|
8
|
+
const DEFAULT_BOUND_TTL_MS = 10 * 60 * 1000;
|
|
9
|
+
const DEFAULT_REG_TTL_MS = 24 * 60 * 60 * 1000;
|
|
10
|
+
const DEFAULT_SESSION_TTL_MS = 24 * 60 * 60 * 1000;
|
|
11
|
+
export async function bindSession(c, sessionId, storage, opts) {
|
|
12
|
+
const secure = opts.secure ?? true;
|
|
13
|
+
const registrationPath = opts.registrationPath ?? "/dbsc/registration";
|
|
14
|
+
const regCookieTtl = opts.registrationCookieTtl ?? DEFAULT_REG_TTL_MS;
|
|
15
|
+
const sessionTtl = opts.sessionTtl ?? DEFAULT_SESSION_TTL_MS;
|
|
16
|
+
const existing = await storage.getSession(sessionId);
|
|
17
|
+
const now = Date.now();
|
|
18
|
+
if (!existing) {
|
|
19
|
+
await storage.setSession({
|
|
20
|
+
id: sessionId,
|
|
21
|
+
userId: opts.userId,
|
|
22
|
+
tier: "none",
|
|
23
|
+
createdAt: now,
|
|
24
|
+
expiresAt: now + sessionTtl,
|
|
25
|
+
lastRefreshAt: 0,
|
|
26
|
+
});
|
|
27
|
+
}
|
|
28
|
+
const COOKIES = cookieNames(secure);
|
|
29
|
+
const challenge = await issueChallenge(sessionId, storage);
|
|
30
|
+
const regHeader = buildRegistrationHeader({
|
|
31
|
+
refreshPath: registrationPath,
|
|
32
|
+
challenge: challenge.jti,
|
|
33
|
+
cookieName: COOKIES.bound,
|
|
34
|
+
});
|
|
35
|
+
c.header(REGISTRATION_HEADER, regHeader);
|
|
36
|
+
c.header(LEGACY_REGISTRATION_HEADER, regHeader);
|
|
37
|
+
const cookieBase = {
|
|
38
|
+
httpOnly: true,
|
|
39
|
+
secure,
|
|
40
|
+
sameSite: "lax",
|
|
41
|
+
path: "/",
|
|
42
|
+
};
|
|
43
|
+
setCookie(c, COOKIES.reg, sessionId, { ...cookieBase, maxAge: regCookieTtl / 1000 });
|
|
44
|
+
setCookie(c, COOKIES.challenge, challenge.jti, { ...cookieBase, maxAge: 5 * 60 });
|
|
45
|
+
}
|
|
7
46
|
export function dbsc(opts) {
|
|
8
|
-
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl =
|
|
47
|
+
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL_MS, registrationCookieTtl = DEFAULT_REG_TTL_MS, rateLimiter = new NoopRateLimiter(), onEvent, autoBind, secure = true, } = opts;
|
|
9
48
|
const cookieOpts = {
|
|
10
49
|
httpOnly: true,
|
|
11
50
|
secure,
|
|
12
51
|
sameSite: "lax",
|
|
13
52
|
path: "/",
|
|
14
53
|
};
|
|
54
|
+
const COOKIES = cookieNames(secure);
|
|
15
55
|
return async (c, next) => {
|
|
16
56
|
const url = new URL(c.req.url);
|
|
17
57
|
const ip = c.req.header("x-forwarded-for") ?? "unknown";
|
|
18
58
|
if (c.req.method === "POST" && url.pathname === registrationPath) {
|
|
19
|
-
const sessionId = getCookie(c,
|
|
20
|
-
const expectedJti = getCookie(c,
|
|
59
|
+
const sessionId = getCookie(c, COOKIES.reg);
|
|
60
|
+
const expectedJti = getCookie(c, COOKIES.challenge);
|
|
21
61
|
if (!sessionId || !expectedJti) {
|
|
22
62
|
return c.json({ error: "missing session or challenge cookie" }, 400);
|
|
23
63
|
}
|
|
@@ -39,11 +79,11 @@ export function dbsc(opts) {
|
|
|
39
79
|
algorithm: "ES256",
|
|
40
80
|
ip,
|
|
41
81
|
});
|
|
42
|
-
setCookie(c,
|
|
82
|
+
setCookie(c, COOKIES.bound, sessionId, {
|
|
43
83
|
...cookieOpts,
|
|
44
84
|
maxAge: boundCookieTtl / 1000,
|
|
45
85
|
});
|
|
46
|
-
deleteCookie(c,
|
|
86
|
+
deleteCookie(c, COOKIES.challenge);
|
|
47
87
|
return c.json({
|
|
48
88
|
session_identifier: sessionId,
|
|
49
89
|
refresh_url: refreshPath,
|
|
@@ -55,7 +95,7 @@ export function dbsc(opts) {
|
|
|
55
95
|
credentials: [
|
|
56
96
|
{
|
|
57
97
|
type: "cookie",
|
|
58
|
-
name:
|
|
98
|
+
name: COOKIES.bound,
|
|
59
99
|
attributes: "Path=/; Secure; HttpOnly; SameSite=Lax",
|
|
60
100
|
},
|
|
61
101
|
],
|
|
@@ -71,7 +111,7 @@ export function dbsc(opts) {
|
|
|
71
111
|
}
|
|
72
112
|
if (c.req.method === "POST" && url.pathname === refreshPath) {
|
|
73
113
|
const sessionIdHeader = c.req.header("sec-secure-session-id");
|
|
74
|
-
const sessionId = sessionIdHeader ?? getCookie(c,
|
|
114
|
+
const sessionId = sessionIdHeader ?? getCookie(c, COOKIES.bound);
|
|
75
115
|
if (!sessionId)
|
|
76
116
|
return c.body(null, 403);
|
|
77
117
|
const allowed = await rateLimiter.checkRefresh(ip, sessionId);
|
|
@@ -82,15 +122,15 @@ export function dbsc(opts) {
|
|
|
82
122
|
const challenge = await issueChallenge(sessionId, storage);
|
|
83
123
|
c.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
84
124
|
c.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
85
|
-
setCookie(c,
|
|
125
|
+
setCookie(c, COOKIES.challenge, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
86
126
|
return c.body(null, 403);
|
|
87
127
|
}
|
|
88
|
-
const expectedJti = getCookie(c,
|
|
128
|
+
const expectedJti = getCookie(c, COOKIES.challenge);
|
|
89
129
|
if (!expectedJti) {
|
|
90
130
|
const challenge = await issueChallenge(sessionId, storage);
|
|
91
131
|
c.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
92
132
|
c.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
93
|
-
setCookie(c,
|
|
133
|
+
setCookie(c, COOKIES.challenge, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
94
134
|
return c.body(null, 403);
|
|
95
135
|
}
|
|
96
136
|
try {
|
|
@@ -102,8 +142,8 @@ export function dbsc(opts) {
|
|
|
102
142
|
timestamp: Date.now(),
|
|
103
143
|
ip,
|
|
104
144
|
});
|
|
105
|
-
setCookie(c,
|
|
106
|
-
deleteCookie(c,
|
|
145
|
+
setCookie(c, COOKIES.bound, sessionId, { ...cookieOpts, maxAge: boundCookieTtl / 1000 });
|
|
146
|
+
deleteCookie(c, COOKIES.challenge);
|
|
107
147
|
return c.json({
|
|
108
148
|
session_identifier: sessionId,
|
|
109
149
|
refresh_url: refreshPath,
|
|
@@ -115,7 +155,7 @@ export function dbsc(opts) {
|
|
|
115
155
|
credentials: [
|
|
116
156
|
{
|
|
117
157
|
type: "cookie",
|
|
118
|
-
name:
|
|
158
|
+
name: COOKIES.bound,
|
|
119
159
|
attributes: "Path=/; Secure; HttpOnly; SameSite=Lax",
|
|
120
160
|
},
|
|
121
161
|
],
|
|
@@ -129,26 +169,50 @@ export function dbsc(opts) {
|
|
|
129
169
|
throw err;
|
|
130
170
|
}
|
|
131
171
|
}
|
|
132
|
-
const sessionId = getCookie(c,
|
|
172
|
+
const sessionId = getCookie(c, COOKIES.bound) ?? null;
|
|
133
173
|
const skippedRaw = {
|
|
134
174
|
"secure-session-skipped": c.req.header("secure-session-skipped"),
|
|
135
175
|
"sec-session-skipped": c.req.header("sec-session-skipped"),
|
|
136
176
|
};
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
c.set("dbscSkipped", parseSessionSkippedHeader(skippedRaw));
|
|
177
|
+
const skipped = parseSessionSkippedHeader(skippedRaw);
|
|
178
|
+
let tier = "none";
|
|
140
179
|
if (sessionId) {
|
|
141
180
|
const session = await storage.getSession(sessionId);
|
|
142
181
|
if (session) {
|
|
143
182
|
const staleAfter = session.lastRefreshAt + boundCookieTtl;
|
|
144
183
|
if (session.tier === "dbsc" && Date.now() > staleAfter) {
|
|
145
|
-
|
|
184
|
+
tier = "none";
|
|
146
185
|
}
|
|
147
186
|
else {
|
|
148
|
-
|
|
187
|
+
tier = session.tier;
|
|
149
188
|
}
|
|
150
189
|
}
|
|
151
190
|
}
|
|
191
|
+
else if (autoBind && !getCookie(c, COOKIES.reg)) {
|
|
192
|
+
const result = await autoBind(c);
|
|
193
|
+
if (result) {
|
|
194
|
+
await bindSession(c, result.sessionId, storage, {
|
|
195
|
+
userId: result.userId,
|
|
196
|
+
secure,
|
|
197
|
+
registrationPath,
|
|
198
|
+
registrationCookieTtl,
|
|
199
|
+
});
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
const dbscSession = {
|
|
203
|
+
sessionId,
|
|
204
|
+
tier,
|
|
205
|
+
skipped,
|
|
206
|
+
revoke: async () => {
|
|
207
|
+
if (sessionId)
|
|
208
|
+
await storage.revokeSession(sessionId);
|
|
209
|
+
deleteCookie(c, COOKIES.bound, { path: "/", secure, sameSite: "Lax" });
|
|
210
|
+
},
|
|
211
|
+
};
|
|
212
|
+
c.set("dbsc", dbscSession);
|
|
213
|
+
c.set("dbscSessionId", sessionId);
|
|
214
|
+
c.set("dbscTier", tier);
|
|
215
|
+
c.set("dbscSkipped", skipped);
|
|
152
216
|
await next();
|
|
153
217
|
};
|
|
154
218
|
}
|
package/dist/hono/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,uBAAuB,EACvB,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,0BAA0B,EAC1B,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAKtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,WAAW,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc;IACtD,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU;IAC5C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB;CAC/D,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC5C,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC/C,MAAM,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAiCnD,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,CAAU,EACV,SAAiB,EACjB,OAAuB,EACvB,IAAwB;IAExB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;IACnC,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,IAAI,oBAAoB,CAAC;IACvE,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,IAAI,kBAAkB,CAAC;IACtE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,sBAAsB,CAAC;IAE7D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,OAAO,CAAC,UAAU,CAAC;YACvB,EAAE,EAAE,SAAS;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM;YACZ,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,UAAU;YAC3B,aAAa,EAAE,CAAC;SACjB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAG,uBAAuB,CAAC;QACxC,WAAW,EAAE,gBAAgB;QAC7B,SAAS,EAAE,SAAS,CAAC,GAAG;QACxB,UAAU,EAAE,OAAO,CAAC,KAAK;KAC1B,CAAC,CAAC;IAEH,CAAC,CAAC,MAAM,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;IACzC,CAAC,CAAC,MAAM,CAAC,0BAA0B,EAAE,SAAS,CAAC,CAAC;IAEhD,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IACF,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,YAAY,GAAG,IAAI,EAAE,CAAC,CAAC;IACrF,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AACpF,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,IAAqB;IACxC,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,oBAAoB,EACrC,qBAAqB,GAAG,kBAAkB,EAC1C,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,QAAQ,EACR,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,EAAE;QAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QAExD,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;YACjE,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YAC5C,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;YAEpD,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,EAAE,GAAG,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5D,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;gBAChG,MAAM,kBAAkB,CACtB;oBACE,SAAS;oBACT,wBAAwB,EAAE,OAAO;oBACjC,WAAW;iBACZ,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,cAAc;oBACpB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,SAAS,EAAE,OAAO;oBAClB,EAAE;iBACH,CAAC,CAAC;gBAEH,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE;oBACrC,GAAG,UAAU;oBACb,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnC,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE;wBACL,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,YAAY,EAAE,IAAI;wBAClB,mBAAmB,EAAE,EAAE;qBACxB;oBACD,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,OAAO,CAAC,KAAK;4BACnB,UAAU,EAAE,wCAAwC;yBACrD;qBACF;iBACF,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC7C,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC5D,MAAM,eAAe,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,eAAe,IAAI,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YAEjE,IAAI,CAAC,SAAS;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5D,MAAM,cAAc,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEvG,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,CAAC,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAC3E,CAAC,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAClF,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBAClF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAED,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,CAAC,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAC3E,CAAC,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAClF,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBAClF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;gBAEnG,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,SAAS;oBACf,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;gBAEH,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI,EAAE,CAAC,CAAC;gBACzF,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnC,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE;wBACL,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,YAAY,EAAE,IAAI;wBAClB,mBAAmB,EAAE,EAAE;qBACxB;oBACD,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,OAAO,CAAC,KAAK;4BACnB,UAAU,EAAE,wCAAwC;yBACrD;qBACF;iBACF,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC7C,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;QACtD,MAAM,UAAU,GAAuC;YACrD,wBAAwB,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,wBAAwB,CAAC;YAChE,qBAAqB,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,qBAAqB,CAAC;SAC3D,CAAC;QACF,MAAM,OAAO,GAAG,yBAAyB,CAAC,UAAU,CAAC,CAAC;QAEtD,IAAI,IAAI,GAAmB,MAAM,CAAC;QAClC,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;oBACvD,IAAI,GAAG,MAAM,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAClD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,WAAW,CAAC,CAAC,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;oBAC9C,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,MAAM;oBACN,gBAAgB;oBAChB,qBAAqB;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAoB;YACnC,SAAS;YACT,IAAI;YACJ,OAAO;YACP,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;YACzE,CAAC;SACF,CAAC;QAEF,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC3B,CAAC,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QACxB,CAAC,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAE9B,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/nextjs/index.d.ts
CHANGED
|
@@ -1,16 +1,27 @@
|
|
|
1
1
|
import type { NextRequest } from "next/server.js";
|
|
2
2
|
import { NextResponse } from "next/server.js";
|
|
3
|
-
import { type DbscOptions, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
3
|
+
import { type DbscOptions, type StorageAdapter, type ProtectionTier, type SkippedEntry } from "../core/index.js";
|
|
4
4
|
export interface DbscNextOptions extends DbscOptions {
|
|
5
5
|
secure?: boolean;
|
|
6
6
|
}
|
|
7
|
+
export interface BindSessionOptions {
|
|
8
|
+
userId: string;
|
|
9
|
+
secure?: boolean;
|
|
10
|
+
registrationPath?: string;
|
|
11
|
+
registrationCookieTtl?: number;
|
|
12
|
+
sessionTtl?: number;
|
|
13
|
+
}
|
|
14
|
+
export declare function bindSession(res: NextResponse, sessionId: string, storage: StorageAdapter, opts: BindSessionOptions): Promise<void>;
|
|
7
15
|
export declare function createDbscMiddleware(opts: DbscNextOptions): (req: NextRequest) => Promise<NextResponse>;
|
|
8
16
|
export interface DbscSessionInfo {
|
|
9
17
|
sessionId: string | null;
|
|
10
18
|
tier: ProtectionTier;
|
|
11
19
|
skipped: SkippedEntry[];
|
|
20
|
+
revoke: () => Promise<void>;
|
|
12
21
|
}
|
|
13
22
|
export declare function getDbscSession(req: NextRequest, storage: DbscOptions["storage"], opts?: {
|
|
14
23
|
boundCookieTtl?: number;
|
|
24
|
+
res?: NextResponse;
|
|
25
|
+
secure?: boolean;
|
|
15
26
|
}): Promise<DbscSessionInfo>;
|
|
16
27
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAeL,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,kBAAkB,CAAC;AAY1B,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAWD,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,wBAAsB,WAAW,CAC/B,GAAG,EAAE,YAAY,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,cAAc,EACvB,IAAI,EAAE,kBAAkB,GACvB,OAAO,CAAC,IAAI,CAAC,CAsCf;AAED,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,eAAe,IAevB,KAAK,WAAW,KAAG,OAAO,CAAC,YAAY,CAAC,CA4K1E;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED,wBAAsB,cAAc,CAClC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,WAAW,CAAC,SAAS,CAAC,EAC/B,IAAI,GAAE;IAAE,cAAc,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,YAAY,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAO,GAC3E,OAAO,CAAC,eAAe,CAAC,CA8B1B"}
|
package/dist/nextjs/index.js
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
import { NextResponse } from "next/server.js";
|
|
2
|
-
import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, parseSessionSkippedHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
3
|
-
const
|
|
4
|
-
|
|
5
|
-
|
|
2
|
+
import { handleRegistration, handleRefresh, issueChallenge, buildRegistrationHeader, buildChallengeHeader, parseSessionSkippedHeader, REGISTRATION_HEADER, CHALLENGE_HEADER, LEGACY_REGISTRATION_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
|
|
3
|
+
const cookieNames = (secure) => ({
|
|
4
|
+
bound: secure ? "__Host-dbsc-session" : "dbsc-session",
|
|
5
|
+
reg: secure ? "__Host-dbsc-reg" : "dbsc-reg",
|
|
6
|
+
challenge: secure ? "__Host-dbsc-challenge" : "dbsc-challenge",
|
|
7
|
+
});
|
|
6
8
|
const DEFAULT_BOUND_TTL = 10 * 60;
|
|
7
9
|
const DEFAULT_REG_TTL = 24 * 60 * 60;
|
|
10
|
+
const DEFAULT_SESSION_TTL_MS = 24 * 60 * 60 * 1000;
|
|
8
11
|
function cookieBase(secure) {
|
|
9
12
|
return {
|
|
10
13
|
httpOnly: true,
|
|
@@ -13,14 +16,50 @@ function cookieBase(secure) {
|
|
|
13
16
|
path: "/",
|
|
14
17
|
};
|
|
15
18
|
}
|
|
19
|
+
export async function bindSession(res, sessionId, storage, opts) {
|
|
20
|
+
const secure = opts.secure ?? true;
|
|
21
|
+
const registrationPath = opts.registrationPath ?? "/dbsc/registration";
|
|
22
|
+
const regCookieTtl = opts.registrationCookieTtl ?? DEFAULT_REG_TTL * 1000;
|
|
23
|
+
const sessionTtl = opts.sessionTtl ?? DEFAULT_SESSION_TTL_MS;
|
|
24
|
+
const existing = await storage.getSession(sessionId);
|
|
25
|
+
const now = Date.now();
|
|
26
|
+
if (!existing) {
|
|
27
|
+
await storage.setSession({
|
|
28
|
+
id: sessionId,
|
|
29
|
+
userId: opts.userId,
|
|
30
|
+
tier: "none",
|
|
31
|
+
createdAt: now,
|
|
32
|
+
expiresAt: now + sessionTtl,
|
|
33
|
+
lastRefreshAt: 0,
|
|
34
|
+
});
|
|
35
|
+
}
|
|
36
|
+
const COOKIES = cookieNames(secure);
|
|
37
|
+
const challenge = await issueChallenge(sessionId, storage);
|
|
38
|
+
const regHeader = buildRegistrationHeader({
|
|
39
|
+
refreshPath: registrationPath,
|
|
40
|
+
challenge: challenge.jti,
|
|
41
|
+
cookieName: COOKIES.bound,
|
|
42
|
+
});
|
|
43
|
+
res.headers.set(REGISTRATION_HEADER, regHeader);
|
|
44
|
+
res.headers.set(LEGACY_REGISTRATION_HEADER, regHeader);
|
|
45
|
+
res.cookies.set(COOKIES.reg, sessionId, {
|
|
46
|
+
...cookieBase(secure),
|
|
47
|
+
maxAge: regCookieTtl / 1000,
|
|
48
|
+
});
|
|
49
|
+
res.cookies.set(COOKIES.challenge, challenge.jti, {
|
|
50
|
+
...cookieBase(secure),
|
|
51
|
+
maxAge: 5 * 60,
|
|
52
|
+
});
|
|
53
|
+
}
|
|
16
54
|
export function createDbscMiddleware(opts) {
|
|
17
|
-
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL * 1000, registrationCookieTtl = DEFAULT_REG_TTL * 1000, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, } = opts;
|
|
55
|
+
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL * 1000, registrationCookieTtl = DEFAULT_REG_TTL * 1000, rateLimiter = new NoopRateLimiter(), onEvent, autoBind, secure = true, } = opts;
|
|
56
|
+
const COOKIES = cookieNames(secure);
|
|
18
57
|
return async function middleware(req) {
|
|
19
58
|
const url = req.nextUrl.pathname;
|
|
20
59
|
const ip = req.headers.get("x-forwarded-for") ?? "unknown";
|
|
21
60
|
if (req.method === "POST" && url === registrationPath) {
|
|
22
|
-
const sessionId = req.cookies.get(
|
|
23
|
-
const expectedJti = req.cookies.get(
|
|
61
|
+
const sessionId = req.cookies.get(COOKIES.reg)?.value;
|
|
62
|
+
const expectedJti = req.cookies.get(COOKIES.challenge)?.value;
|
|
24
63
|
if (!sessionId || !expectedJti) {
|
|
25
64
|
return NextResponse.json({ error: "missing session or challenge cookie" }, { status: 400 });
|
|
26
65
|
}
|
|
@@ -55,17 +94,17 @@ export function createDbscMiddleware(opts) {
|
|
|
55
94
|
credentials: [
|
|
56
95
|
{
|
|
57
96
|
type: "cookie",
|
|
58
|
-
name:
|
|
97
|
+
name: COOKIES.bound,
|
|
59
98
|
attributes: "Path=/; Secure; HttpOnly; SameSite=Lax",
|
|
60
99
|
},
|
|
61
100
|
],
|
|
62
101
|
};
|
|
63
102
|
const res = NextResponse.json(body, { status: 200 });
|
|
64
|
-
res.cookies.set(
|
|
103
|
+
res.cookies.set(COOKIES.bound, sessionId, {
|
|
65
104
|
...cookieBase(secure),
|
|
66
105
|
maxAge: boundCookieTtl / 1000,
|
|
67
106
|
});
|
|
68
|
-
res.cookies.delete(
|
|
107
|
+
res.cookies.delete(COOKIES.challenge);
|
|
69
108
|
return res;
|
|
70
109
|
}
|
|
71
110
|
catch (err) {
|
|
@@ -78,7 +117,7 @@ export function createDbscMiddleware(opts) {
|
|
|
78
117
|
}
|
|
79
118
|
if (req.method === "POST" && url === refreshPath) {
|
|
80
119
|
const sessionIdHeader = req.headers.get("sec-secure-session-id");
|
|
81
|
-
const sessionId = sessionIdHeader ?? req.cookies.get(
|
|
120
|
+
const sessionId = sessionIdHeader ?? req.cookies.get(COOKIES.bound)?.value;
|
|
82
121
|
if (!sessionId) {
|
|
83
122
|
return new NextResponse(null, { status: 403 });
|
|
84
123
|
}
|
|
@@ -93,19 +132,19 @@ export function createDbscMiddleware(opts) {
|
|
|
93
132
|
const res = new NextResponse(null, { status: 403 });
|
|
94
133
|
res.headers.set(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
95
134
|
res.headers.set(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
96
|
-
res.cookies.set(
|
|
135
|
+
res.cookies.set(COOKIES.challenge, challenge.jti, {
|
|
97
136
|
...cookieBase(secure),
|
|
98
137
|
maxAge: 5 * 60,
|
|
99
138
|
});
|
|
100
139
|
return res;
|
|
101
140
|
}
|
|
102
|
-
const expectedJti = req.cookies.get(
|
|
141
|
+
const expectedJti = req.cookies.get(COOKIES.challenge)?.value;
|
|
103
142
|
if (!expectedJti) {
|
|
104
143
|
const challenge = await issueChallenge(sessionId, storage);
|
|
105
144
|
const res = new NextResponse(null, { status: 403 });
|
|
106
145
|
res.headers.set(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
107
146
|
res.headers.set(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti, sessionId));
|
|
108
|
-
res.cookies.set(
|
|
147
|
+
res.cookies.set(COOKIES.challenge, challenge.jti, {
|
|
109
148
|
...cookieBase(secure),
|
|
110
149
|
maxAge: 5 * 60,
|
|
111
150
|
});
|
|
@@ -131,17 +170,17 @@ export function createDbscMiddleware(opts) {
|
|
|
131
170
|
credentials: [
|
|
132
171
|
{
|
|
133
172
|
type: "cookie",
|
|
134
|
-
name:
|
|
173
|
+
name: COOKIES.bound,
|
|
135
174
|
attributes: "Path=/; Secure; HttpOnly; SameSite=Lax",
|
|
136
175
|
},
|
|
137
176
|
],
|
|
138
177
|
};
|
|
139
178
|
const res = NextResponse.json(body, { status: 200 });
|
|
140
|
-
res.cookies.set(
|
|
179
|
+
res.cookies.set(COOKIES.bound, sessionId, {
|
|
141
180
|
...cookieBase(secure),
|
|
142
181
|
maxAge: boundCookieTtl / 1000,
|
|
143
182
|
});
|
|
144
|
-
res.cookies.delete(
|
|
183
|
+
res.cookies.delete(COOKIES.challenge);
|
|
145
184
|
return res;
|
|
146
185
|
}
|
|
147
186
|
catch (err) {
|
|
@@ -152,6 +191,19 @@ export function createDbscMiddleware(opts) {
|
|
|
152
191
|
throw err;
|
|
153
192
|
}
|
|
154
193
|
}
|
|
194
|
+
if (autoBind && !req.cookies.get(COOKIES.bound)?.value && !req.cookies.get(COOKIES.reg)?.value) {
|
|
195
|
+
const result = await autoBind(req);
|
|
196
|
+
if (result) {
|
|
197
|
+
const res = NextResponse.next();
|
|
198
|
+
await bindSession(res, result.sessionId, storage, {
|
|
199
|
+
userId: result.userId,
|
|
200
|
+
secure,
|
|
201
|
+
registrationPath,
|
|
202
|
+
registrationCookieTtl,
|
|
203
|
+
});
|
|
204
|
+
return res;
|
|
205
|
+
}
|
|
206
|
+
}
|
|
155
207
|
return NextResponse.next();
|
|
156
208
|
};
|
|
157
209
|
}
|
|
@@ -161,17 +213,26 @@ export async function getDbscSession(req, storage, opts = {}) {
|
|
|
161
213
|
"sec-session-skipped": req.headers.get("sec-session-skipped") ?? undefined,
|
|
162
214
|
};
|
|
163
215
|
const skipped = parseSessionSkippedHeader(skippedRaw);
|
|
164
|
-
const
|
|
216
|
+
const secure = opts.secure ?? true;
|
|
217
|
+
const COOKIES = cookieNames(secure);
|
|
218
|
+
const sessionId = req.cookies.get(COOKIES.bound)?.value ?? null;
|
|
219
|
+
const revoke = async () => {
|
|
220
|
+
if (sessionId)
|
|
221
|
+
await storage.revokeSession(sessionId);
|
|
222
|
+
if (opts.res) {
|
|
223
|
+
opts.res.cookies.delete(COOKIES.bound);
|
|
224
|
+
}
|
|
225
|
+
};
|
|
165
226
|
if (!sessionId)
|
|
166
|
-
return { sessionId: null, tier: "none", skipped };
|
|
227
|
+
return { sessionId: null, tier: "none", skipped, revoke };
|
|
167
228
|
const session = await storage.getSession(sessionId);
|
|
168
229
|
if (!session)
|
|
169
|
-
return { sessionId: null, tier: "none", skipped };
|
|
230
|
+
return { sessionId: null, tier: "none", skipped, revoke };
|
|
170
231
|
const boundCookieTtl = opts.boundCookieTtl ?? DEFAULT_BOUND_TTL * 1000;
|
|
171
232
|
const staleAfter = session.lastRefreshAt + boundCookieTtl;
|
|
172
233
|
if (session.tier === "dbsc" && Date.now() > staleAfter) {
|
|
173
|
-
return { sessionId, tier: "none", skipped };
|
|
234
|
+
return { sessionId, tier: "none", skipped, revoke };
|
|
174
235
|
}
|
|
175
|
-
return { sessionId, tier: session.tier, skipped };
|
|
236
|
+
return { sessionId, tier: session.tier, skipped, revoke };
|
|
176
237
|
}
|
|
177
238
|
//# sourceMappingURL=index.js.map
|
package/dist/nextjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,uBAAuB,EACvB,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,0BAA0B,EAC1B,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAKtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,WAAW,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc;IACtD,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU;IAC5C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB;CAC/D,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAClC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AACrC,MAAM,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAMnD,SAAS,UAAU,CAAC,MAAe;IACjC,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAUD,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,GAAiB,EACjB,SAAiB,EACjB,OAAuB,EACvB,IAAwB;IAExB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;IACnC,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,IAAI,oBAAoB,CAAC;IACvE,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,IAAI,eAAe,GAAG,IAAI,CAAC;IAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,sBAAsB,CAAC;IAE7D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,OAAO,CAAC,UAAU,CAAC;YACvB,EAAE,EAAE,SAAS;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM;YACZ,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,UAAU;YAC3B,aAAa,EAAE,CAAC;SACjB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAG,uBAAuB,CAAC;QACxC,WAAW,EAAE,gBAAgB;QAC7B,SAAS,EAAE,SAAS,CAAC,GAAG;QACxB,UAAU,EAAE,OAAO,CAAC,KAAK;KAC1B,CAAC,CAAC;IAEH,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;IAChD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,SAAS,CAAC,CAAC;IAEvD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE;QACtC,GAAG,UAAU,CAAC,MAAM,CAAC;QACrB,MAAM,EAAE,YAAY,GAAG,IAAI;KAC5B,CAAC,CAAC;IACH,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE;QAChD,GAAG,UAAU,CAAC,MAAM,CAAC;QACrB,MAAM,EAAE,CAAC,GAAG,EAAE;KACf,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,IAAqB;IACxD,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,GAAG,IAAI,EACzC,qBAAqB,GAAG,eAAe,GAAG,IAAI,EAC9C,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,QAAQ,EACR,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO,KAAK,UAAU,UAAU,CAAC,GAAgB;QAC/C,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;QACjC,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QAE3D,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,KAAK,gBAAgB,EAAE,CAAC;YACtD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC;YACtD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC;YAE9D,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC/B,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9F,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,kBAAkB,CACtB;oBACE,SAAS;oBACT,wBAAwB,EACtB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;wBAC1C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;wBACvC,SAAS;oBACX,WAAW;iBACZ,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,cAAc;oBACpB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,SAAS,EAAE,OAAO;oBAClB,EAAE;iBACH,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG;oBACX,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE;wBACL,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;wBAC1B,YAAY,EAAE,IAAI;wBAClB,mBAAmB,EAAE,EAAE;qBACxB;oBACD,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,OAAO,CAAC,KAAK;4BACnB,UAAU,EAAE,wCAAwC;yBACrD;qBACF;iBACF,CAAC;gBACF,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACrD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE;oBACxC,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBACtC,OAAO,GAAG,CAAC;YACb,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACjD,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YACjE,MAAM,SAAS,GAAG,eAAe,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC;YAE3E,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACjD,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,cAAc,GAClB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;gBAC1C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;YAE1C,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,MAAM,GAAG,GAAG,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAClF,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBACzF,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE;oBAChD,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,CAAC,GAAG,EAAE;iBACf,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC;YAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC;YAC9D,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,MAAM,GAAG,GAAG,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBAClF,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;gBACzF,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE;oBAChD,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,CAAC,GAAG,EAAE;iBACf,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;gBAEnG,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,SAAS;oBACf,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG;oBACX,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE;wBACL,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;wBAC1B,YAAY,EAAE,IAAI;wBAClB,mBAAmB,EAAE,EAAE;qBACxB;oBACD,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,OAAO,CAAC,KAAK;4BACnB,UAAU,EAAE,wCAAwC;yBACrD;qBACF;iBACF,CAAC;gBACF,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACrD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE;oBACxC,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBACtC,OAAO,GAAG,CAAC;YACb,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,KAAK,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC;YAC/F,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YACnC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;gBAChC,MAAM,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;oBAChD,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,MAAM;oBACN,gBAAgB;oBAChB,qBAAqB;iBACtB,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;IAC7B,CAAC,CAAC;AACJ,CAAC;AASD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAgB,EAChB,OAA+B,EAC/B,OAA0E,EAAE;IAE5E,MAAM,UAAU,GAAuC;QACrD,wBAAwB,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,SAAS;QAChF,qBAAqB,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,SAAS;KAC3E,CAAC;IACF,MAAM,OAAO,GAAG,yBAAyB,CAAC,UAAU,CAAC,CAAC;IAEtD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;IACnC,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAEhE,MAAM,MAAM,GAAG,KAAK,IAAI,EAAE;QACxB,IAAI,SAAS;YAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QACtD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAE1E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAExE,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,iBAAiB,GAAG,IAAI,CAAC;IACvE,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,cAAc,CAAC;IAC1D,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;QACvD,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IACtD,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AAC5D,CAAC"}
|