fa-mcp-sdk 0.4.141 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -0
- package/cli-template/.dockerignore +16 -0
- package/cli-template/.gitlab-ci.yml +135 -0
- package/cli-template/AGENTS.md +1 -0
- package/cli-template/CHANGELOG.md +64 -0
- package/cli-template/FA-MCP-SDK-DOC/00-FA-MCP-SDK-index.md +27 -4
- package/cli-template/FA-MCP-SDK-DOC/02-1-tools-and-api.md +195 -0
- package/cli-template/FA-MCP-SDK-DOC/02-2-prompts-and-resources.md +172 -9
- package/cli-template/FA-MCP-SDK-DOC/03-configuration.md +170 -12
- package/cli-template/FA-MCP-SDK-DOC/04-authentication.md +158 -8
- package/cli-template/FA-MCP-SDK-DOC/06-utilities.md +67 -6
- package/cli-template/FA-MCP-SDK-DOC/07-testing-and-operations.md +31 -15
- package/cli-template/FA-MCP-SDK-DOC/10-mcp-apps.md +1 -1
- package/cli-template/FA-MCP-SDK-DOC/11-public-contract.md +342 -0
- package/cli-template/README.md +37 -0
- package/cli-template/deploy/docker/.env.example +10 -0
- package/cli-template/deploy/docker/Dockerfile +44 -0
- package/cli-template/deploy/docker/Dockerfile.local +29 -0
- package/cli-template/deploy/docker/README.md +94 -0
- package/cli-template/deploy/docker/config/local.docker.yaml +14 -0
- package/cli-template/deploy/docker/docker-compose.yml +31 -0
- package/cli-template/deploy/gitlab-runner/.env.example +16 -0
- package/cli-template/deploy/gitlab-runner/README.md +65 -0
- package/cli-template/deploy/gitlab-runner/config/config.toml.template +26 -0
- package/cli-template/deploy/gitlab-runner/docker-compose.yml +39 -0
- package/cli-template/deploy/gitlab-runner/entrypoint.sh +27 -0
- package/cli-template/deploy/gitlab-runner/start.sh +47 -0
- package/cli-template/gitignore +96 -95
- package/cli-template/package.json +1 -1
- package/config/_local.yaml +73 -11
- package/config/custom-environment-variables.yaml +102 -0
- package/config/default.yaml +164 -11
- package/config/local.yaml +20 -19
- package/dist/core/_types_/config.d.ts +119 -0
- package/dist/core/_types_/config.d.ts.map +1 -1
- package/dist/core/_types_/types.d.ts +137 -4
- package/dist/core/_types_/types.d.ts.map +1 -1
- package/dist/core/agent-tester/agent-tester-router.d.ts.map +1 -1
- package/dist/core/agent-tester/agent-tester-router.js +25 -11
- package/dist/core/agent-tester/agent-tester-router.js.map +1 -1
- package/dist/core/agent-tester/services/TesterMcpClientService.d.ts.map +1 -1
- package/dist/core/agent-tester/services/TesterMcpClientService.js +6 -4
- package/dist/core/agent-tester/services/TesterMcpClientService.js.map +1 -1
- package/dist/core/auth/admin-auth.js +4 -4
- package/dist/core/auth/admin-auth.js.map +1 -1
- package/dist/core/auth/agent-tester-auth.d.ts +1 -1
- package/dist/core/auth/agent-tester-auth.d.ts.map +1 -1
- package/dist/core/auth/agent-tester-auth.js +8 -4
- package/dist/core/auth/agent-tester-auth.js.map +1 -1
- package/dist/core/auth/auth-profile.d.ts +38 -0
- package/dist/core/auth/auth-profile.d.ts.map +1 -0
- package/dist/core/auth/auth-profile.js +101 -0
- package/dist/core/auth/auth-profile.js.map +1 -0
- package/dist/core/auth/jwt-v2.d.ts +27 -0
- package/dist/core/auth/jwt-v2.d.ts.map +1 -0
- package/dist/core/auth/jwt-v2.js +180 -0
- package/dist/core/auth/jwt-v2.js.map +1 -0
- package/dist/core/auth/jwt.d.ts +27 -13
- package/dist/core/auth/jwt.d.ts.map +1 -1
- package/dist/core/auth/jwt.js +36 -13
- package/dist/core/auth/jwt.js.map +1 -1
- package/dist/core/auth/key-resolver.d.ts +74 -0
- package/dist/core/auth/key-resolver.d.ts.map +1 -0
- package/dist/core/auth/key-resolver.js +330 -0
- package/dist/core/auth/key-resolver.js.map +1 -0
- package/dist/core/auth/middleware.d.ts.map +1 -1
- package/dist/core/auth/middleware.js +66 -0
- package/dist/core/auth/middleware.js.map +1 -1
- package/dist/core/auth/multi-auth.d.ts +1 -1
- package/dist/core/auth/multi-auth.d.ts.map +1 -1
- package/dist/core/auth/multi-auth.js +7 -7
- package/dist/core/auth/multi-auth.js.map +1 -1
- package/dist/core/auth/token-generator/server.js +4 -4
- package/dist/core/auth/token-generator/server.js.map +1 -1
- package/dist/core/auth/types.d.ts +5 -0
- package/dist/core/auth/types.d.ts.map +1 -1
- package/dist/core/db/pg-db.d.ts +7 -0
- package/dist/core/db/pg-db.d.ts.map +1 -1
- package/dist/core/db/pg-db.js +54 -3
- package/dist/core/db/pg-db.js.map +1 -1
- package/dist/core/errors/BaseMcpError.d.ts +21 -1
- package/dist/core/errors/BaseMcpError.d.ts.map +1 -1
- package/dist/core/errors/BaseMcpError.js +20 -1
- package/dist/core/errors/BaseMcpError.js.map +1 -1
- package/dist/core/errors/ValidationError.d.ts +5 -0
- package/dist/core/errors/ValidationError.d.ts.map +1 -1
- package/dist/core/errors/ValidationError.js +6 -1
- package/dist/core/errors/ValidationError.js.map +1 -1
- package/dist/core/errors/errors.d.ts +31 -3
- package/dist/core/errors/errors.d.ts.map +1 -1
- package/dist/core/errors/errors.js +86 -6
- package/dist/core/errors/errors.js.map +1 -1
- package/dist/core/errors/specific-errors.d.ts +54 -0
- package/dist/core/errors/specific-errors.d.ts.map +1 -0
- package/dist/core/errors/specific-errors.js +82 -0
- package/dist/core/errors/specific-errors.js.map +1 -0
- package/dist/core/index.d.ts +10 -2
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +9 -1
- package/dist/core/index.js.map +1 -1
- package/dist/core/init-mcp-server.d.ts.map +1 -1
- package/dist/core/init-mcp-server.js +39 -0
- package/dist/core/init-mcp-server.js.map +1 -1
- package/dist/core/mcp/create-mcp-server.d.ts +12 -6
- package/dist/core/mcp/create-mcp-server.d.ts.map +1 -1
- package/dist/core/mcp/create-mcp-server.js +592 -33
- package/dist/core/mcp/create-mcp-server.js.map +1 -1
- package/dist/core/mcp/debug-trace.d.ts +3 -1
- package/dist/core/mcp/debug-trace.d.ts.map +1 -1
- package/dist/core/mcp/debug-trace.js +17 -2
- package/dist/core/mcp/debug-trace.js.map +1 -1
- package/dist/core/mcp/deprecation.d.ts +31 -0
- package/dist/core/mcp/deprecation.d.ts.map +1 -0
- package/dist/core/mcp/deprecation.js +96 -0
- package/dist/core/mcp/deprecation.js.map +1 -0
- package/dist/core/mcp/mcp-logging.d.ts +32 -0
- package/dist/core/mcp/mcp-logging.d.ts.map +1 -0
- package/dist/core/mcp/mcp-logging.js +97 -0
- package/dist/core/mcp/mcp-logging.js.map +1 -0
- package/dist/core/mcp/pagination.d.ts +13 -0
- package/dist/core/mcp/pagination.d.ts.map +1 -0
- package/dist/core/mcp/pagination.js +50 -0
- package/dist/core/mcp/pagination.js.map +1 -0
- package/dist/core/mcp/prompts.d.ts +5 -1
- package/dist/core/mcp/prompts.d.ts.map +1 -1
- package/dist/core/mcp/prompts.js +3 -1
- package/dist/core/mcp/prompts.js.map +1 -1
- package/dist/core/mcp/resources.d.ts +9 -0
- package/dist/core/mcp/resources.d.ts.map +1 -1
- package/dist/core/mcp/resources.js +158 -11
- package/dist/core/mcp/resources.js.map +1 -1
- package/dist/core/mcp/server-stdio.d.ts +7 -1
- package/dist/core/mcp/server-stdio.d.ts.map +1 -1
- package/dist/core/mcp/server-stdio.js +8 -3
- package/dist/core/mcp/server-stdio.js.map +1 -1
- package/dist/core/mcp/task-store.d.ts +97 -0
- package/dist/core/mcp/task-store.d.ts.map +1 -0
- package/dist/core/mcp/task-store.js +175 -0
- package/dist/core/mcp/task-store.js.map +1 -0
- package/dist/core/mcp/tool-limits.d.ts +22 -0
- package/dist/core/mcp/tool-limits.d.ts.map +1 -0
- package/dist/core/mcp/tool-limits.js +115 -0
- package/dist/core/mcp/tool-limits.js.map +1 -0
- package/dist/core/mcp/validate-tool-args.d.ts +16 -0
- package/dist/core/mcp/validate-tool-args.d.ts.map +1 -0
- package/dist/core/mcp/validate-tool-args.js +67 -0
- package/dist/core/mcp/validate-tool-args.js.map +1 -0
- package/dist/core/mcp/validate-tool-names.d.ts +11 -0
- package/dist/core/mcp/validate-tool-names.d.ts.map +1 -0
- package/dist/core/mcp/validate-tool-names.js +23 -0
- package/dist/core/mcp/validate-tool-names.js.map +1 -0
- package/dist/core/metrics/metrics.d.ts +45 -0
- package/dist/core/metrics/metrics.d.ts.map +1 -0
- package/dist/core/metrics/metrics.js +119 -0
- package/dist/core/metrics/metrics.js.map +1 -0
- package/dist/core/utils/mask-sensitive.d.ts +44 -0
- package/dist/core/utils/mask-sensitive.d.ts.map +1 -0
- package/dist/core/utils/mask-sensitive.js +64 -0
- package/dist/core/utils/mask-sensitive.js.map +1 -0
- package/dist/core/utils/testing/McpHttpClient.d.ts +8 -33
- package/dist/core/utils/testing/McpHttpClient.d.ts.map +1 -1
- package/dist/core/utils/testing/McpHttpClient.js +8 -74
- package/dist/core/utils/testing/McpHttpClient.js.map +1 -1
- package/dist/core/utils/testing/McpStreamableHttpClient.d.ts +24 -30
- package/dist/core/utils/testing/McpStreamableHttpClient.d.ts.map +1 -1
- package/dist/core/utils/testing/McpStreamableHttpClient.js +36 -198
- package/dist/core/utils/testing/McpStreamableHttpClient.js.map +1 -1
- package/dist/core/utils/utils.d.ts.map +1 -1
- package/dist/core/utils/utils.js +2 -0
- package/dist/core/utils/utils.js.map +1 -1
- package/dist/core/web/admin-router.js +3 -3
- package/dist/core/web/admin-router.js.map +1 -1
- package/dist/core/web/cors.d.ts +9 -1
- package/dist/core/web/cors.d.ts.map +1 -1
- package/dist/core/web/cors.js +26 -5
- package/dist/core/web/cors.js.map +1 -1
- package/dist/core/web/event-store.d.ts +33 -0
- package/dist/core/web/event-store.d.ts.map +1 -0
- package/dist/core/web/event-store.js +65 -0
- package/dist/core/web/event-store.js.map +1 -0
- package/dist/core/web/oauth-router.d.ts +37 -0
- package/dist/core/web/oauth-router.d.ts.map +1 -0
- package/dist/core/web/oauth-router.js +207 -0
- package/dist/core/web/oauth-router.js.map +1 -0
- package/dist/core/web/request-id.d.ts +44 -0
- package/dist/core/web/request-id.d.ts.map +1 -0
- package/dist/core/web/request-id.js +82 -0
- package/dist/core/web/request-id.js.map +1 -0
- package/dist/core/web/server-http.d.ts.map +1 -1
- package/dist/core/web/server-http.js +322 -182
- package/dist/core/web/server-http.js.map +1 -1
- package/package.json +15 -2
- package/scripts/claude-2-agents-symlink.js +10 -1
- package/scripts/generate-jwt.js +129 -51
- package/src/template/custom-resources.ts +14 -0
- package/src/template/prompts/custom-prompts.ts +4 -0
- package/src/template/tools/handle-tool-call.ts +59 -3
- package/src/template/tools/tools.ts +92 -31
- package/src/tests/mcp/test-http.js +1 -1
- package/src/tests/mcp/test-sse.js +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/core/auth/jwt.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAA+C,MAAM,cAAc,CAAC;AAE3E,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,MAAM,IAAI,GAAG,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGjF,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;AAEpE,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC;AACrD,MAAM,YAAY,GAAG,QAAQ,EAAE,YAAY,IAAI,KAAK,CAAC;AACrD,MAAM,SAAS,GAAG,QAAQ,EAAE,SAAS,IAAI,KAAK,CAAC;AAC/C,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AAEhD,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAExC,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,EAAE,UAAU,IAAI,sCAAsC,CAAC,CAAC;AAE3F,6FAA6F;AAC7F,MAAM,gBAAgB,GAAG,aAAa,CAAC;AACvC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAErG,MAAM,CAAC,MAAM,WAAW,GAAG,gCAAgC,CAAC;AAC5D,MAAM,CAAC,MAAM,aAAa,GAAG,kDAAkD,CAAC;AAChF,wGAAwG;AACxG,MAAM,CAAC,MAAM,UAAU,GAAG,+EAA+E,CAAC;AAE1G,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEzG;;;GAGG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,IAAY,EAAU,EAAE;IAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,gBAAgB,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IACvE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAChF,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtC,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,YAAoB,EAAE,EAAE;IAC9C,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACjF,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAC;AACjC,CAAC,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,IAAY,EAAE,WAAmB,EAAE,OAAa,EAAU,EAAE;IACxF,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAE7D,gEAAgE;IAChE,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;IACxD,OAAO,YAAY,CAAC,IAAI,CAAC;IACzB,OAAO,YAAY,CAAC,MAAM,CAAC;IAC3B,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,OAAO,CAAC;IAC5B,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IAExB,MAAM,WAAW,GAAgB;QAC/B,SAAS,EAAE,OAAO;QAClB,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,WAAW;QACtB,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE;KAC3B,CAAC;IACF,IAAI,OAAO,EAAE,CAAC;QACZ,WAAW,CAAC,QAAQ,GAAG,OAAO,CAAC;IACjC,CAAC;IACD,IAAI,gBAAgB,EAAE,CAAC;QACrB,WAAW,CAAC,MAAM,GAAG,gBAAgB,CAAC;IACxC,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;AAC1D,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAK7B,EAAqB,EAAE;IACtB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAC7C,CAAC;IACD,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,gBAAgB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;AACnD,CAAC,CAAC;AAEF,SAAS,gBAAgB,CACvB,KAAa,EACb,GAA2E;IAE3E,yFAAyF;IACzF,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,aAAa,GAAkB,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/D,IAAI,gBAAgB,EAAE,CAAC;YACrB,aAAa,CAAC,MAAM,GAAG,gBAAgB,CAAC;QAC1C,CAAC;QACD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC7D,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;QACnD,CAAC;QACD,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACtC,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9E,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,2BAA2B,SAAS,KAAK,CAAC,CAAC,CAAC,mBAAmB;aAC7F,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACtC,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACvF,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAC;YAC9C,CAAC;YACD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpF,OAAO,EAAE,WAAW,EAAE,cAAc,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;YACtD,CAAC;YACD,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;QACnD,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,gCAAgC,GAAG,EAAE,OAAO,IAAI,eAAe,EAAE,EAAE,CAAC;IAC5F,CAAC;IAED,mCAAmC;IACnC,MAAM,GAAG,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,+BAA+B,EAAE,CAAC;IAClF,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC;QAC1C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5F,CAAC,CAAC,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;YACpD,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;YACf,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,eAAe,GAAG,GAAG,CAAC,eAAe,IAAI,SAAS,CAAC,IAAI,CAAC;IAC9D,MAAM,iBAAiB,GAAG,eAAe,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAElH,MAAM,OAAO,GAAkB,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,CAAC;IACpE,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,GAAG,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO,CAAC,OAAO,GAAG,iBAAiB,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAC5B,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAC5B,CAAC;IACD,0DAA0D;IAC1D,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAO,CAAC,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,oBAAoB,OAAO,CAAC,IAAI,oBAAoB,EAAE,CAAC;IACvG,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1D,IAAI,YAAY,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAClD,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2CAA2C,YAAY,iCAAiC,OAAO,CAAC,IAAI,GAAG;SACrH,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;QACtF,IAAI,eAAe,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YAC5D,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,8CAA8C,eAAe,iCAAiC,eAAe,GAAG;aAC9H,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,SAAS,IAAI,OAAO,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,wBAAwB,GAAG,CAAC,QAAQ,6BAA6B;aAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC;AAED,SAAS,cAAc,CACrB,KAAa,EACb,GAA2E;IAE3E,MAAM,CAAC,EAAE,aAAa,EAAE,gBAAgB,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1E,IAAI,CAAC,aAAa,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxC,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;IACnD,CAAC;IAED,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,UAAU,GAAW,EAAE,CAAC;IAC5B,IAAI,CAAC;QACH,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,WAAW,EAAE,gEAAgE,EAAE,CAAC;QAC3F,CAAC;IACH,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,iCAAiC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACzE,CAAC;IACD,IAAI,OAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,+CAA+C,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACvF,CAAC;IAED,IAAI,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,oBAAoB,OAAO,CAAC,IAAI,oBAAoB;SAClE,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1D,IAAI,YAAY,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAClD,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2CAA2C,YAAY,iCAAiC,OAAO,CAAC,IAAI,GAAG;SACrH,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,eAAe,GAAG,GAAG,CAAC,eAAe,IAAI,SAAS,CAAC,IAAI,CAAC;QAC9D,IAAI,eAAe,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;YAC3D,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,8CAA8C,eAAe,iCAAiC,OAAO,CAAC,OAAO,GAAG;aAC9H,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC;IACtC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2BAA2B,SAAS,KAAK;SACvD,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,IAAI,OAAO,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,wBAAwB,GAAG,CAAC,QAAQ,6BAA6B;aAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC"}
|
|
1
|
+
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/core/auth/jwt.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAA+C,MAAM,cAAc,CAAC;AAE3E,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,MAAM,IAAI,GAAG,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGjF,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;AAEpE,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC;AACrD,MAAM,YAAY,GAAG,QAAQ,EAAE,YAAY,IAAI,KAAK,CAAC;AACrD,MAAM,SAAS,GAAG,QAAQ,EAAE,SAAS,IAAI,KAAK,CAAC;AAC/C,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AAEhD,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAExC,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,EAAE,UAAU,IAAI,sCAAsC,CAAC,CAAC;AAE3F,6FAA6F;AAC7F,MAAM,gBAAgB,GAAG,aAAa,CAAC;AACvC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAErG,MAAM,CAAC,MAAM,WAAW,GAAG,gCAAgC,CAAC;AAC5D,MAAM,CAAC,MAAM,aAAa,GAAG,kDAAkD,CAAC;AAChF,wGAAwG;AACxG,MAAM,CAAC,MAAM,UAAU,GAAG,+EAA+E,CAAC;AAE1G,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEzG;;;GAGG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,IAAY,EAAU,EAAE;IAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,gBAAgB,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IACvE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAChF,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtC,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,YAAoB,EAAE,EAAE;IAC9C,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACjF,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAC;AACjC,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAY,EAAE,WAAmB,EAAE,OAAa;IAClF,MAAM,EAAE,IAAI,EAAE,GAAG,mBAAmB,EAAE,CAAC;IACvC,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,OAAO,mBAAmB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,eAAe,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,IAAY,EAAE,WAAmB,EAAE,OAAa,EAAU,EAAE;IAC9F,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAE7D,gEAAgE;IAChE,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;IACxD,OAAO,YAAY,CAAC,IAAI,CAAC;IACzB,OAAO,YAAY,CAAC,MAAM,CAAC;IAC3B,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,OAAO,CAAC;IAC5B,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IACxB,OAAO,YAAY,CAAC,GAAG,CAAC;IAExB,MAAM,WAAW,GAAgB;QAC/B,SAAS,EAAE,OAAO;QAClB,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,WAAW;QACtB,KAAK,EAAE,MAAM,CAAC,UAAU,EAAE;KAC3B,CAAC;IACF,IAAI,OAAO,EAAE,CAAC;QACZ,WAAW,CAAC,QAAQ,GAAG,OAAO,CAAC;IACjC,CAAC;IACD,IAAI,gBAAgB,EAAE,CAAC;QACrB,WAAW,CAAC,MAAM,GAAG,gBAAgB,CAAC;IACxC,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;AAC1D,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAKnC;IACC,MAAM,EAAE,IAAI,EAAE,GAAG,mBAAmB,EAAE,CAAC;IACvC,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,GAKnC,EAAqB,EAAE;IACtB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAC7C,CAAC;IACD,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,gBAAgB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;AACnD,CAAC,CAAC;AAEF,SAAS,gBAAgB,CACvB,KAAa,EACb,GAA2E;IAE3E,yFAAyF;IACzF,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,aAAa,GAAkB,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/D,IAAI,gBAAgB,EAAE,CAAC;YACrB,aAAa,CAAC,MAAM,GAAG,gBAAgB,CAAC;QAC1C,CAAC;QACD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC7D,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;QACnD,CAAC;QACD,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACtC,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,YAAY,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9E,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,2BAA2B,SAAS,KAAK,CAAC,CAAC,CAAC,mBAAmB;aAC7F,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,EAAE,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACtC,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACvF,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAC;YAC9C,CAAC;YACD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpF,OAAO,EAAE,WAAW,EAAE,cAAc,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;YACtD,CAAC;YACD,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;QACnD,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,gCAAgC,GAAG,EAAE,OAAO,IAAI,eAAe,EAAE,EAAE,CAAC;IAC5F,CAAC;IAED,mCAAmC;IACnC,MAAM,GAAG,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,+BAA+B,EAAE,CAAC;IAClF,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC;QAC1C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5F,CAAC,CAAC,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;YACpD,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;YACf,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,eAAe,GAAG,GAAG,CAAC,eAAe,IAAI,SAAS,CAAC,IAAI,CAAC;IAC9D,MAAM,iBAAiB,GAAG,eAAe,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAElH,MAAM,OAAO,GAAkB,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,CAAC;IACpE,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,GAAG,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,iBAAiB,EAAE,CAAC;QACtB,OAAO,CAAC,OAAO,GAAG,iBAAiB,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAC5B,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAC5B,CAAC;IACD,0DAA0D;IAC1D,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAO,CAAC,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE,oBAAoB,OAAO,CAAC,IAAI,oBAAoB,EAAE,CAAC;IACvG,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1D,IAAI,YAAY,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAClD,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2CAA2C,YAAY,iCAAiC,OAAO,CAAC,IAAI,GAAG;SACrH,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;QACtF,IAAI,eAAe,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YAC5D,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,8CAA8C,eAAe,iCAAiC,eAAe,GAAG;aAC9H,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,SAAS,IAAI,OAAO,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,wBAAwB,GAAG,CAAC,QAAQ,6BAA6B;aAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC;AAED,SAAS,cAAc,CACrB,KAAa,EACb,GAA2E;IAE3E,MAAM,CAAC,EAAE,aAAa,EAAE,gBAAgB,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1E,IAAI,CAAC,aAAa,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxC,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;IACnD,CAAC;IAED,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,WAAW,EAAE,4BAA4B,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,UAAU,GAAW,EAAE,CAAC;IAC5B,IAAI,CAAC;QACH,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,WAAW,EAAE,gEAAgE,EAAE,CAAC;QAC3F,CAAC;IACH,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,iCAAiC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACzE,CAAC;IACD,IAAI,OAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAgB,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,OAAO,EAAE,WAAW,EAAE,+CAA+C,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACvF,CAAC;IAED,IAAI,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,oBAAoB,OAAO,CAAC,IAAI,oBAAoB;SAClE,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1D,IAAI,YAAY,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAClD,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2CAA2C,YAAY,iCAAiC,OAAO,CAAC,IAAI,GAAG;SACrH,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,eAAe,GAAG,GAAG,CAAC,eAAe,IAAI,SAAS,CAAC,IAAI,CAAC;QAC9D,IAAI,eAAe,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;YAC3D,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,8CAA8C,eAAe,iCAAiC,OAAO,CAAC,OAAO,GAAG;aAC9H,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC;IACtC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,gBAAgB,EAAE,IAAI;YACtB,WAAW,EAAE,2BAA2B,SAAS,KAAK;SACvD,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,IAAI,OAAO,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,gBAAgB,EAAE,IAAI;gBACtB,WAAW,EAAE,wBAAwB,GAAG,CAAC,QAAQ,6BAA6B;aAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC"}
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* KeyResolver — uniform interface for obtaining JWT verification keys across modes.
|
|
3
|
+
*
|
|
4
|
+
* - EmbeddedKeyResolver: reads / autogenerates a keypair in keyStoragePath
|
|
5
|
+
* - LocalKeyResolver: loads a public key (and optional private key) from PEM files
|
|
6
|
+
* - RemoteJwksKeyResolver: fetches a remote JWKS endpoint with cache & cooldown (jose)
|
|
7
|
+
*
|
|
8
|
+
* Legacy mode (legacyAesCtr) does not use a KeyResolver — verification stays in jwt.ts.
|
|
9
|
+
*/
|
|
10
|
+
import type { JWK, JWSHeaderParameters, KeyLike } from 'jose';
|
|
11
|
+
export type JwtAsymmetricAlgorithm = 'ES256' | 'RS256';
|
|
12
|
+
export interface KeyResolver {
|
|
13
|
+
/** Resolve a verification key for the given JWT header. */
|
|
14
|
+
getVerifyKey(header: JWSHeaderParameters): Promise<KeyLike | Uint8Array>;
|
|
15
|
+
/** Return the signing key + algorithm + kid for token issuance. Throws if mode cannot sign. */
|
|
16
|
+
getSignContext(): {
|
|
17
|
+
privateKey: KeyLike;
|
|
18
|
+
algorithm: JwtAsymmetricAlgorithm;
|
|
19
|
+
kid: string;
|
|
20
|
+
};
|
|
21
|
+
/** Return JWKS (public keys only) for the /.well-known/jwks.json endpoint. */
|
|
22
|
+
getPublicJwks(): {
|
|
23
|
+
keys: JWK[];
|
|
24
|
+
};
|
|
25
|
+
/** True if this resolver has access to a private key and can issue tokens. */
|
|
26
|
+
canSign(): boolean;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Synchronous predicate: can this server issue a JWT locally (sign tokens) with the
|
|
30
|
+
* currently configured jwtToken settings?
|
|
31
|
+
*
|
|
32
|
+
* - legacyAesCtr: yes if encryptKey is set, ≥8 chars and not the placeholder '***'
|
|
33
|
+
* - embedded: yes (keypair auto-generated on first sign call)
|
|
34
|
+
* - localKey: yes only if privateKeyPath is configured (presence checked at sign time)
|
|
35
|
+
* - remoteJwks: no (tokens come from the external IdP)
|
|
36
|
+
*
|
|
37
|
+
* Used by callers that need to know upfront whether JWT issuance is possible without
|
|
38
|
+
* incurring an async KeyResolver init — e.g. when choosing between issuing a JWT vs.
|
|
39
|
+
* falling back to permanent/basic credentials.
|
|
40
|
+
*/
|
|
41
|
+
export declare function canLocallyIssueJwt(): boolean;
|
|
42
|
+
/**
|
|
43
|
+
* Resolve mode + algorithm from config, applying defaults.
|
|
44
|
+
*/
|
|
45
|
+
export declare function getJwtRuntimeConfig(): {
|
|
46
|
+
mode: "legacyAesCtr" | "embedded" | "localKey" | "remoteJwks";
|
|
47
|
+
algorithm: JwtAsymmetricAlgorithm;
|
|
48
|
+
keyStoragePath: string;
|
|
49
|
+
publicKeyPath: string;
|
|
50
|
+
privateKeyPath: string;
|
|
51
|
+
jwksUri: string;
|
|
52
|
+
expectedIssuer: string;
|
|
53
|
+
expectedAudience: string;
|
|
54
|
+
jwksCacheTtl: number;
|
|
55
|
+
jwksCooldown: number;
|
|
56
|
+
clockSkew: number;
|
|
57
|
+
defaultTtl: number;
|
|
58
|
+
};
|
|
59
|
+
/**
|
|
60
|
+
* Lazily build the singleton resolver for the configured mode.
|
|
61
|
+
* Returns `undefined` for legacy mode (legacy verifier handles it directly).
|
|
62
|
+
*/
|
|
63
|
+
export declare function getKeyResolver(): Promise<KeyResolver | undefined>;
|
|
64
|
+
/**
|
|
65
|
+
* For tests / hot-reload scenarios. Drops cached resolver so the next call rebuilds it.
|
|
66
|
+
*/
|
|
67
|
+
export declare function resetKeyResolverCache(): void;
|
|
68
|
+
/**
|
|
69
|
+
* Build the public JWKS document for the current resolver. Throws in modes that don't expose one.
|
|
70
|
+
*/
|
|
71
|
+
export declare function buildLocalJwks(): Promise<{
|
|
72
|
+
keys: JWK[];
|
|
73
|
+
}>;
|
|
74
|
+
//# sourceMappingURL=key-resolver.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"key-resolver.d.ts","sourceRoot":"","sources":["../../../src/core/auth/key-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAQH,OAAO,KAAK,EAAE,GAAG,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAO9D,MAAM,MAAM,sBAAsB,GAAG,OAAO,GAAG,OAAO,CAAC;AAEvD,MAAM,WAAW,WAAW;IAC1B,2DAA2D;IAC3D,YAAY,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,OAAO,GAAG,UAAU,CAAC,CAAC;IACzE,+FAA+F;IAC/F,cAAc,IAAI;QAAE,UAAU,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,sBAAsB,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1F,8EAA8E;IAC9E,aAAa,IAAI;QAAE,IAAI,EAAE,GAAG,EAAE,CAAA;KAAE,CAAC;IACjC,8EAA8E;IAC9E,OAAO,IAAI,OAAO,CAAC;CACpB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,IAAI,OAAO,CAe5C;AAED;;GAEG;AACH,wBAAgB,mBAAmB;;;;;;;;;;;;;EAoBlC;AAyPD;;;GAGG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,CAuBvE;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,IAAI,CAG5C;AAED;;GAEG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC;IAAE,IAAI,EAAE,GAAG,EAAE,CAAA;CAAE,CAAC,CAS/D"}
|
|
@@ -0,0 +1,330 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* KeyResolver — uniform interface for obtaining JWT verification keys across modes.
|
|
3
|
+
*
|
|
4
|
+
* - EmbeddedKeyResolver: reads / autogenerates a keypair in keyStoragePath
|
|
5
|
+
* - LocalKeyResolver: loads a public key (and optional private key) from PEM files
|
|
6
|
+
* - RemoteJwksKeyResolver: fetches a remote JWKS endpoint with cache & cooldown (jose)
|
|
7
|
+
*
|
|
8
|
+
* Legacy mode (legacyAesCtr) does not use a KeyResolver — verification stays in jwt.ts.
|
|
9
|
+
*/
|
|
10
|
+
import crypto from 'crypto';
|
|
11
|
+
import { existsSync, mkdirSync, readFileSync, writeFileSync, chmodSync } from 'fs';
|
|
12
|
+
import { resolve as resolvePath } from 'path';
|
|
13
|
+
import chalk from 'chalk';
|
|
14
|
+
import { createRemoteJWKSet, exportJWK, exportSPKI, generateKeyPair, importPKCS8, importSPKI } from 'jose';
|
|
15
|
+
import { appConfig } from '../bootstrap/init-config.js';
|
|
16
|
+
import { logger as lgr } from '../logger.js';
|
|
17
|
+
const logger = lgr.getSubLogger({ name: chalk.cyan('key-resolver') });
|
|
18
|
+
/**
|
|
19
|
+
* Synchronous predicate: can this server issue a JWT locally (sign tokens) with the
|
|
20
|
+
* currently configured jwtToken settings?
|
|
21
|
+
*
|
|
22
|
+
* - legacyAesCtr: yes if encryptKey is set, ≥8 chars and not the placeholder '***'
|
|
23
|
+
* - embedded: yes (keypair auto-generated on first sign call)
|
|
24
|
+
* - localKey: yes only if privateKeyPath is configured (presence checked at sign time)
|
|
25
|
+
* - remoteJwks: no (tokens come from the external IdP)
|
|
26
|
+
*
|
|
27
|
+
* Used by callers that need to know upfront whether JWT issuance is possible without
|
|
28
|
+
* incurring an async KeyResolver init — e.g. when choosing between issuing a JWT vs.
|
|
29
|
+
* falling back to permanent/basic credentials.
|
|
30
|
+
*/
|
|
31
|
+
export function canLocallyIssueJwt() {
|
|
32
|
+
const cfg = getJwtRuntimeConfig();
|
|
33
|
+
const encryptKey = (appConfig.webServer?.auth?.jwtToken?.encryptKey ?? '');
|
|
34
|
+
switch (cfg.mode) {
|
|
35
|
+
case 'legacyAesCtr':
|
|
36
|
+
return typeof encryptKey === 'string' && encryptKey.length >= 8 && encryptKey !== '***';
|
|
37
|
+
case 'embedded':
|
|
38
|
+
return true;
|
|
39
|
+
case 'localKey':
|
|
40
|
+
return Boolean(cfg.privateKeyPath);
|
|
41
|
+
case 'remoteJwks':
|
|
42
|
+
return false;
|
|
43
|
+
default:
|
|
44
|
+
return false;
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Resolve mode + algorithm from config, applying defaults.
|
|
49
|
+
*/
|
|
50
|
+
export function getJwtRuntimeConfig() {
|
|
51
|
+
const jwt = appConfig.webServer?.auth?.jwtToken;
|
|
52
|
+
const rawMode = jwt?.mode;
|
|
53
|
+
const mode = rawMode === 'embedded' || rawMode === 'localKey' || rawMode === 'remoteJwks' ? rawMode : 'legacyAesCtr';
|
|
54
|
+
const algorithm = jwt?.algorithm === 'RS256' ? 'RS256' : 'ES256';
|
|
55
|
+
return {
|
|
56
|
+
mode,
|
|
57
|
+
algorithm,
|
|
58
|
+
keyStoragePath: jwt?.keyStoragePath || './keys',
|
|
59
|
+
publicKeyPath: jwt?.publicKeyPath || '',
|
|
60
|
+
privateKeyPath: jwt?.privateKeyPath || '',
|
|
61
|
+
jwksUri: jwt?.jwksUri || '',
|
|
62
|
+
expectedIssuer: jwt?.expectedIssuer || '',
|
|
63
|
+
expectedAudience: jwt?.expectedAudience || '',
|
|
64
|
+
jwksCacheTtl: typeof jwt?.jwksCacheTtl === 'number' ? jwt.jwksCacheTtl : 600,
|
|
65
|
+
jwksCooldown: typeof jwt?.jwksCooldown === 'number' ? jwt.jwksCooldown : 30,
|
|
66
|
+
clockSkew: typeof jwt?.clockSkew === 'number' ? jwt.clockSkew : 30,
|
|
67
|
+
defaultTtl: typeof jwt?.defaultTtl === 'number' ? jwt.defaultTtl : 1800,
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Compute a stable `kid` from a JWK (SHA-256 thumbnail, RFC 7638-style first 16 bytes).
|
|
72
|
+
* Not the full RFC 7638 thumbprint, but sufficient and deterministic for our needs.
|
|
73
|
+
*/
|
|
74
|
+
function deriveKid(jwk) {
|
|
75
|
+
// Build a canonical subset and hash it
|
|
76
|
+
const src = jwk;
|
|
77
|
+
const canonical = {};
|
|
78
|
+
for (const key of ['crv', 'e', 'kty', 'n', 'x', 'y'].sort()) {
|
|
79
|
+
const v = src[key];
|
|
80
|
+
if (typeof v === 'string') {
|
|
81
|
+
canonical[key] = v;
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
const hash = crypto.createHash('sha256').update(JSON.stringify(canonical)).digest('base64url');
|
|
85
|
+
return hash.substring(0, 16);
|
|
86
|
+
}
|
|
87
|
+
// ────────────────────────────────────────────────────────────────────────────
|
|
88
|
+
// Embedded — autogenerate keypair under keyStoragePath/{private.pem,public.pem}
|
|
89
|
+
// ────────────────────────────────────────────────────────────────────────────
|
|
90
|
+
class EmbeddedKeyResolver {
|
|
91
|
+
privateKey;
|
|
92
|
+
publicKey;
|
|
93
|
+
algorithm;
|
|
94
|
+
kid;
|
|
95
|
+
initialized = false;
|
|
96
|
+
constructor(algorithm) {
|
|
97
|
+
this.algorithm = algorithm;
|
|
98
|
+
}
|
|
99
|
+
async init() {
|
|
100
|
+
if (this.initialized) {
|
|
101
|
+
return;
|
|
102
|
+
}
|
|
103
|
+
const { keyStoragePath } = getJwtRuntimeConfig();
|
|
104
|
+
const absDir = resolvePath(keyStoragePath);
|
|
105
|
+
const privPath = resolvePath(absDir, 'private.pem');
|
|
106
|
+
const pubPath = resolvePath(absDir, 'public.pem');
|
|
107
|
+
if (!existsSync(privPath) || !existsSync(pubPath)) {
|
|
108
|
+
logger.info(`Generating embedded ${this.algorithm} keypair at ${absDir}`);
|
|
109
|
+
mkdirSync(absDir, { recursive: true });
|
|
110
|
+
const { privateKey, publicKey } = await generateKeyPair(this.algorithm, { extractable: true });
|
|
111
|
+
const pkcs8 = await exportPrivateKeyPem(privateKey);
|
|
112
|
+
const spki = await exportSPKI(publicKey);
|
|
113
|
+
writeFileSync(privPath, pkcs8, { encoding: 'utf8' });
|
|
114
|
+
try {
|
|
115
|
+
chmodSync(privPath, 0o600);
|
|
116
|
+
}
|
|
117
|
+
catch {
|
|
118
|
+
// Windows or restricted FS — ignore
|
|
119
|
+
}
|
|
120
|
+
writeFileSync(pubPath, spki, { encoding: 'utf8' });
|
|
121
|
+
}
|
|
122
|
+
const privPem = readFileSync(privPath, 'utf8');
|
|
123
|
+
const pubPem = readFileSync(pubPath, 'utf8');
|
|
124
|
+
this.privateKey = await importPKCS8(privPem, this.algorithm, { extractable: true });
|
|
125
|
+
this.publicKey = await importSPKI(pubPem, this.algorithm, { extractable: true });
|
|
126
|
+
const jwk = await exportJWK(this.publicKey);
|
|
127
|
+
this.kid = deriveKid(jwk);
|
|
128
|
+
this.initialized = true;
|
|
129
|
+
logger.info(`Embedded IdP ready (alg=${this.algorithm}, kid=${this.kid})`);
|
|
130
|
+
}
|
|
131
|
+
async getVerifyKey(_header) {
|
|
132
|
+
await this.init();
|
|
133
|
+
return this.publicKey;
|
|
134
|
+
}
|
|
135
|
+
getSignContext() {
|
|
136
|
+
if (!this.initialized) {
|
|
137
|
+
throw new Error('EmbeddedKeyResolver not initialized — call init() first');
|
|
138
|
+
}
|
|
139
|
+
return { privateKey: this.privateKey, algorithm: this.algorithm, kid: this.kid };
|
|
140
|
+
}
|
|
141
|
+
getPublicJwks() {
|
|
142
|
+
if (!this.initialized) {
|
|
143
|
+
throw new Error('EmbeddedKeyResolver not initialized — call init() first');
|
|
144
|
+
}
|
|
145
|
+
// Cannot be async here — caller must ensure init() has run.
|
|
146
|
+
return { keys: [this.cachedJwk] };
|
|
147
|
+
}
|
|
148
|
+
// Cached JWK for the public key (populated during init).
|
|
149
|
+
cachedJwk;
|
|
150
|
+
async buildJwks() {
|
|
151
|
+
await this.init();
|
|
152
|
+
if (!this.cachedJwk) {
|
|
153
|
+
const jwk = await exportJWK(this.publicKey);
|
|
154
|
+
jwk.kid = this.kid;
|
|
155
|
+
jwk.use = 'sig';
|
|
156
|
+
jwk.alg = this.algorithm;
|
|
157
|
+
this.cachedJwk = jwk;
|
|
158
|
+
}
|
|
159
|
+
return { keys: [this.cachedJwk] };
|
|
160
|
+
}
|
|
161
|
+
canSign() {
|
|
162
|
+
return true;
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
/**
|
|
166
|
+
* Helper around exportPKCS8 — wraps the awaited PEM string for embedded keypair write.
|
|
167
|
+
*/
|
|
168
|
+
async function exportPrivateKeyPem(key) {
|
|
169
|
+
const { exportPKCS8 } = await import('jose');
|
|
170
|
+
return exportPKCS8(key);
|
|
171
|
+
}
|
|
172
|
+
// ────────────────────────────────────────────────────────────────────────────
|
|
173
|
+
// LocalKey — public key from disk, optional private key for issuance
|
|
174
|
+
// ────────────────────────────────────────────────────────────────────────────
|
|
175
|
+
class LocalKeyResolver {
|
|
176
|
+
publicKey;
|
|
177
|
+
privateKey;
|
|
178
|
+
algorithm;
|
|
179
|
+
kid;
|
|
180
|
+
initialized = false;
|
|
181
|
+
cachedJwk;
|
|
182
|
+
constructor(algorithm) {
|
|
183
|
+
this.algorithm = algorithm;
|
|
184
|
+
}
|
|
185
|
+
async init() {
|
|
186
|
+
if (this.initialized) {
|
|
187
|
+
return;
|
|
188
|
+
}
|
|
189
|
+
const { publicKeyPath, privateKeyPath } = getJwtRuntimeConfig();
|
|
190
|
+
if (!publicKeyPath) {
|
|
191
|
+
throw new Error('jwtToken.publicKeyPath is required for mode=localKey');
|
|
192
|
+
}
|
|
193
|
+
const pubAbs = resolvePath(publicKeyPath);
|
|
194
|
+
if (!existsSync(pubAbs)) {
|
|
195
|
+
throw new Error(`jwtToken.publicKeyPath not found: ${pubAbs}`);
|
|
196
|
+
}
|
|
197
|
+
const pubPem = readFileSync(pubAbs, 'utf8');
|
|
198
|
+
this.publicKey = await importSPKI(pubPem, this.algorithm, { extractable: true });
|
|
199
|
+
if (privateKeyPath) {
|
|
200
|
+
const privAbs = resolvePath(privateKeyPath);
|
|
201
|
+
if (!existsSync(privAbs)) {
|
|
202
|
+
throw new Error(`jwtToken.privateKeyPath not found: ${privAbs}`);
|
|
203
|
+
}
|
|
204
|
+
const privPem = readFileSync(privAbs, 'utf8');
|
|
205
|
+
this.privateKey = await importPKCS8(privPem, this.algorithm, { extractable: true });
|
|
206
|
+
}
|
|
207
|
+
const jwk = await exportJWK(this.publicKey);
|
|
208
|
+
this.kid = deriveKid(jwk);
|
|
209
|
+
jwk.kid = this.kid;
|
|
210
|
+
jwk.use = 'sig';
|
|
211
|
+
jwk.alg = this.algorithm;
|
|
212
|
+
this.cachedJwk = jwk;
|
|
213
|
+
this.initialized = true;
|
|
214
|
+
logger.info(`LocalKey resolver ready (alg=${this.algorithm}, kid=${this.kid}, signing=${this.privateKey ? 'on' : 'off'})`);
|
|
215
|
+
}
|
|
216
|
+
async getVerifyKey(_header) {
|
|
217
|
+
await this.init();
|
|
218
|
+
return this.publicKey;
|
|
219
|
+
}
|
|
220
|
+
getSignContext() {
|
|
221
|
+
if (!this.initialized || !this.privateKey) {
|
|
222
|
+
throw new Error('LocalKey: signing requires jwtToken.privateKeyPath to be configured');
|
|
223
|
+
}
|
|
224
|
+
return { privateKey: this.privateKey, algorithm: this.algorithm, kid: this.kid };
|
|
225
|
+
}
|
|
226
|
+
getPublicJwks() {
|
|
227
|
+
if (!this.cachedJwk) {
|
|
228
|
+
throw new Error('LocalKeyResolver not initialized — call init() first');
|
|
229
|
+
}
|
|
230
|
+
return { keys: [this.cachedJwk] };
|
|
231
|
+
}
|
|
232
|
+
async buildJwks() {
|
|
233
|
+
await this.init();
|
|
234
|
+
return this.getPublicJwks();
|
|
235
|
+
}
|
|
236
|
+
canSign() {
|
|
237
|
+
return Boolean(this.privateKey);
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
// ────────────────────────────────────────────────────────────────────────────
|
|
241
|
+
// RemoteJwks — fetch JWKS from external IdP (jose handles cache + cooldown)
|
|
242
|
+
// ────────────────────────────────────────────────────────────────────────────
|
|
243
|
+
class RemoteJwksKeyResolver {
|
|
244
|
+
jwksFn;
|
|
245
|
+
initialized = false;
|
|
246
|
+
init() {
|
|
247
|
+
if (this.initialized) {
|
|
248
|
+
return;
|
|
249
|
+
}
|
|
250
|
+
const { jwksUri, jwksCacheTtl, jwksCooldown } = getJwtRuntimeConfig();
|
|
251
|
+
if (!jwksUri) {
|
|
252
|
+
throw new Error('jwtToken.jwksUri is required for mode=remoteJwks');
|
|
253
|
+
}
|
|
254
|
+
this.jwksFn = createRemoteJWKSet(new URL(jwksUri), {
|
|
255
|
+
cacheMaxAge: jwksCacheTtl * 1000,
|
|
256
|
+
cooldownDuration: jwksCooldown * 1000,
|
|
257
|
+
});
|
|
258
|
+
this.initialized = true;
|
|
259
|
+
logger.info(`RemoteJwks resolver ready (uri=${jwksUri}, cacheTtl=${jwksCacheTtl}s, cooldown=${jwksCooldown}s)`);
|
|
260
|
+
}
|
|
261
|
+
async getVerifyKey(header) {
|
|
262
|
+
this.init();
|
|
263
|
+
return (await this.jwksFn(header, {}));
|
|
264
|
+
}
|
|
265
|
+
getSignContext() {
|
|
266
|
+
throw new Error(`remoteJwks mode does not issue tokens. Obtain a token from the IdP at ${getJwtRuntimeConfig().jwksUri}`);
|
|
267
|
+
}
|
|
268
|
+
getPublicJwks() {
|
|
269
|
+
throw new Error('remoteJwks mode does not expose a local JWKS — the IdP publishes it');
|
|
270
|
+
}
|
|
271
|
+
canSign() {
|
|
272
|
+
return false;
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
// ────────────────────────────────────────────────────────────────────────────
|
|
276
|
+
// Factory + module-level singleton (initialized lazily on first use)
|
|
277
|
+
// ────────────────────────────────────────────────────────────────────────────
|
|
278
|
+
let _resolver;
|
|
279
|
+
let _resolverMode;
|
|
280
|
+
/**
|
|
281
|
+
* Lazily build the singleton resolver for the configured mode.
|
|
282
|
+
* Returns `undefined` for legacy mode (legacy verifier handles it directly).
|
|
283
|
+
*/
|
|
284
|
+
export async function getKeyResolver() {
|
|
285
|
+
const { mode, algorithm } = getJwtRuntimeConfig();
|
|
286
|
+
if (mode === 'legacyAesCtr') {
|
|
287
|
+
return undefined;
|
|
288
|
+
}
|
|
289
|
+
if (_resolver && _resolverMode === mode) {
|
|
290
|
+
return _resolver;
|
|
291
|
+
}
|
|
292
|
+
_resolverMode = mode;
|
|
293
|
+
if (mode === 'embedded') {
|
|
294
|
+
const r = new EmbeddedKeyResolver(algorithm);
|
|
295
|
+
await r.init();
|
|
296
|
+
_resolver = r;
|
|
297
|
+
}
|
|
298
|
+
else if (mode === 'localKey') {
|
|
299
|
+
const r = new LocalKeyResolver(algorithm);
|
|
300
|
+
await r.init();
|
|
301
|
+
_resolver = r;
|
|
302
|
+
}
|
|
303
|
+
else if (mode === 'remoteJwks') {
|
|
304
|
+
const r = new RemoteJwksKeyResolver();
|
|
305
|
+
r.init();
|
|
306
|
+
_resolver = r;
|
|
307
|
+
}
|
|
308
|
+
return _resolver;
|
|
309
|
+
}
|
|
310
|
+
/**
|
|
311
|
+
* For tests / hot-reload scenarios. Drops cached resolver so the next call rebuilds it.
|
|
312
|
+
*/
|
|
313
|
+
export function resetKeyResolverCache() {
|
|
314
|
+
_resolver = undefined;
|
|
315
|
+
_resolverMode = undefined;
|
|
316
|
+
}
|
|
317
|
+
/**
|
|
318
|
+
* Build the public JWKS document for the current resolver. Throws in modes that don't expose one.
|
|
319
|
+
*/
|
|
320
|
+
export async function buildLocalJwks() {
|
|
321
|
+
const resolver = await getKeyResolver();
|
|
322
|
+
if (!resolver) {
|
|
323
|
+
throw new Error('JWKS not available in legacy mode');
|
|
324
|
+
}
|
|
325
|
+
if (resolver instanceof EmbeddedKeyResolver || resolver instanceof LocalKeyResolver) {
|
|
326
|
+
return resolver.buildJwks();
|
|
327
|
+
}
|
|
328
|
+
return resolver.getPublicJwks();
|
|
329
|
+
}
|
|
330
|
+
//# sourceMappingURL=key-resolver.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"key-resolver.js","sourceRoot":"","sources":["../../../src/core/auth/key-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACnF,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,MAAM,CAAC;AAE9C,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,UAAU,EAAE,eAAe,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAG3G,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,MAAM,IAAI,GAAG,EAAE,MAAM,cAAc,CAAC;AAE7C,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;AAetE;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,GAAG,GAAG,mBAAmB,EAAE,CAAC;IAClC,MAAM,UAAU,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,IAAI,EAAE,CAAW,CAAC;IACrF,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,cAAc;YACjB,OAAO,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,IAAI,UAAU,KAAK,KAAK,CAAC;QAC1F,KAAK,UAAU;YACb,OAAO,IAAI,CAAC;QACd,KAAK,UAAU;YACb,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACrC,KAAK,YAAY;YACf,OAAO,KAAK,CAAC;QACf;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC;IAChD,MAAM,OAAO,GAAG,GAAG,EAAE,IAAI,CAAC;IAC1B,MAAM,IAAI,GACR,OAAO,KAAK,UAAU,IAAI,OAAO,KAAK,UAAU,IAAI,OAAO,KAAK,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC;IAC1G,MAAM,SAAS,GAA2B,GAAG,EAAE,SAAS,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;IACzF,OAAO;QACL,IAAI;QACJ,SAAS;QACT,cAAc,EAAE,GAAG,EAAE,cAAc,IAAI,QAAQ;QAC/C,aAAa,EAAE,GAAG,EAAE,aAAa,IAAI,EAAE;QACvC,cAAc,EAAE,GAAG,EAAE,cAAc,IAAI,EAAE;QACzC,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,EAAE;QAC3B,cAAc,EAAE,GAAG,EAAE,cAAc,IAAI,EAAE;QACzC,gBAAgB,EAAE,GAAG,EAAE,gBAAgB,IAAI,EAAE;QAC7C,YAAY,EAAE,OAAO,GAAG,EAAE,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG;QAC5E,YAAY,EAAE,OAAO,GAAG,EAAE,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE;QAC3E,SAAS,EAAE,OAAO,GAAG,EAAE,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;QAClE,UAAU,EAAE,OAAO,GAAG,EAAE,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI;KACxE,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAAC,GAAQ;IACzB,uCAAuC;IACvC,MAAM,GAAG,GAAG,GAAoD,CAAC;IACjE,MAAM,SAAS,GAA2B,EAAE,CAAC;IAC7C,KAAK,MAAM,GAAG,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QAC5D,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACnB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC/F,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED,+EAA+E;AAC/E,gFAAgF;AAChF,+EAA+E;AAE/E,MAAM,mBAAmB;IACf,UAAU,CAAW;IACrB,SAAS,CAAW;IACpB,SAAS,CAAyB;IAClC,GAAG,CAAU;IACb,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,SAAiC;QAC3C,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,EAAE,cAAc,EAAE,GAAG,mBAAmB,EAAE,CAAC;QACjD,MAAM,MAAM,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAElD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAClD,MAAM,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,SAAS,eAAe,MAAM,EAAE,CAAC,CAAC;YAC1E,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACvC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/F,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;YACpD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;YACzC,aAAa,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;YACrD,IAAI,CAAC;gBACH,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC7B,CAAC;YAAC,MAAM,CAAC;gBACP,oCAAoC;YACtC,CAAC;YACD,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,UAAU,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACpF,IAAI,CAAC,SAAS,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACjF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,2BAA2B,IAAI,CAAC,SAAS,SAAS,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAA4B;QAC7C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,cAAc;QACZ,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QACD,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;IACnF,CAAC;IAED,aAAa;QACX,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QACD,4DAA4D;QAC5D,OAAO,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,SAAU,CAAC,EAAE,CAAC;IACrC,CAAC;IAED,yDAAyD;IACjD,SAAS,CAAkB;IAEnC,KAAK,CAAC,SAAS;QACb,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC5C,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;YACnB,GAAG,CAAC,GAAG,GAAG,KAAK,CAAC;YAChB,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC;YACzB,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;QACvB,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;IACpC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAAC,GAAY;IAC7C,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED,+EAA+E;AAC/E,qEAAqE;AACrE,+EAA+E;AAE/E,MAAM,gBAAgB;IACZ,SAAS,CAAW;IACpB,UAAU,CAAsB;IAChC,SAAS,CAAyB;IAClC,GAAG,CAAU;IACb,WAAW,GAAG,KAAK,CAAC;IACpB,SAAS,CAAkB;IAEnC,YAAY,SAAiC;QAC3C,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,mBAAmB,EAAE,CAAC;QAChE,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QACD,MAAM,MAAM,GAAG,WAAW,CAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,qCAAqC,MAAM,EAAE,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,SAAS,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjF,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,OAAO,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;YAC5C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,sCAAsC,OAAO,EAAE,CAAC,CAAC;YACnE,CAAC;YACD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,IAAI,CAAC,UAAU,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC1B,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACnB,GAAG,CAAC,GAAG,GAAG,KAAK,CAAC;QAChB,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,gCAAgC,IAAI,CAAC,SAAS,SAAS,IAAI,CAAC,GAAG,aAAa,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,CAC9G,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAA4B;QAC7C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,cAAc;QACZ,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;QACzF,CAAC;QACD,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;IACnF,CAAC;IAED,aAAa;QACX,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,SAAS;QACb,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,aAAa,EAAE,CAAC;IAC9B,CAAC;IAED,OAAO;QACL,OAAO,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAClC,CAAC;CACF;AAED,+EAA+E;AAC/E,4EAA4E;AAC5E,+EAA+E;AAE/E,MAAM,qBAAqB;IACjB,MAAM,CAAyC;IAC/C,WAAW,GAAG,KAAK,CAAC;IAE5B,IAAI;QACF,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,mBAAmB,EAAE,CAAC;QACtE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,EAAE;YACjD,WAAW,EAAE,YAAY,GAAG,IAAI;YAChC,gBAAgB,EAAE,YAAY,GAAG,IAAI;SACtC,CAAC,CAAC;QACH,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC,kCAAkC,OAAO,cAAc,YAAY,eAAe,YAAY,IAAI,CAAC,CAAC;IAClH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAA2B;QAC5C,IAAI,CAAC,IAAI,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAS,CAAC,CAAuB,CAAC;IACtE,CAAC;IAED,cAAc;QACZ,MAAM,IAAI,KAAK,CACb,yEAAyE,mBAAmB,EAAE,CAAC,OAAO,EAAE,CACzG,CAAC;IACJ,CAAC;IAED,aAAa;QACX,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;IACzF,CAAC;IAED,OAAO;QACL,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED,+EAA+E;AAC/E,qEAAqE;AACrE,+EAA+E;AAE/E,IAAI,SAAkC,CAAC;AACvC,IAAI,aAAiC,CAAC;AAEtC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,mBAAmB,EAAE,CAAC;IAClD,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,SAAS,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QACxC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,aAAa,GAAG,IAAI,CAAC;IACrB,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,IAAI,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAC7C,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACf,SAAS,GAAG,CAAC,CAAC;IAChB,CAAC;SAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,IAAI,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAC1C,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACf,SAAS,GAAG,CAAC,CAAC;IAChB,CAAC;SAAM,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QACjC,MAAM,CAAC,GAAG,IAAI,qBAAqB,EAAE,CAAC;QACtC,CAAC,CAAC,IAAI,EAAE,CAAC;QACT,SAAS,GAAG,CAAC,CAAC;IAChB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,SAAS,GAAG,SAAS,CAAC;IACtB,aAAa,GAAG,SAAS,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,QAAQ,GAAG,MAAM,cAAc,EAAE,CAAC;IACxC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,QAAQ,YAAY,mBAAmB,IAAI,QAAQ,YAAY,gBAAgB,EAAE,CAAC;QACpF,OAAO,QAAQ,CAAC,SAAS,EAAE,CAAC;IAC9B,CAAC;IACD,OAAO,QAAQ,CAAC,aAAa,EAAE,CAAC;AAClC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/core/auth/middleware.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/core/auth/middleware.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAgJ1D;;;GAGG;AACH,eAAO,MAAM,iBAAiB,GAAU,KAAK,OAAO,KAAG,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAe3G,CAAC;AAMF,UAAU,qBAAqB;IAC7B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,GAAE,qBAA0B,IAGhD,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,wDA+D9D"}
|
|
@@ -2,8 +2,10 @@
|
|
|
2
2
|
import { cyan, lBlue, magenta, red, reset } from 'af-color';
|
|
3
3
|
import { appConfig } from '../bootstrap/init-config.js';
|
|
4
4
|
import { debugTokenAuth } from '../debug.js';
|
|
5
|
+
import { getMetrics } from '../metrics/metrics.js';
|
|
5
6
|
import { getPromptsList } from '../mcp/prompts.js';
|
|
6
7
|
import { getResourcesList } from '../mcp/resources.js';
|
|
8
|
+
import { buildWwwAuthenticateHeader } from '../web/oauth-router.js';
|
|
7
9
|
import { checkMultiAuth, logAuthConfiguration } from './multi-auth.js';
|
|
8
10
|
const { enabled: authEnabled } = appConfig.webServer.auth;
|
|
9
11
|
const SHOW_HEADERS_SET = new Set(['user', 'authorization', 'x-real-ip', 'x-mode', 'host']);
|
|
@@ -76,6 +78,46 @@ const isPublicMcpRequest = async (req) => {
|
|
|
76
78
|
return false;
|
|
77
79
|
}
|
|
78
80
|
};
|
|
81
|
+
/**
|
|
82
|
+
* Standard §7.5 — verify the bearer token carries every scope required by the target
|
|
83
|
+
* resource / prompt. Returns the missing scopes (empty array when OK).
|
|
84
|
+
*/
|
|
85
|
+
function checkScopes(required, payload) {
|
|
86
|
+
if (!Array.isArray(required) || required.length === 0) {
|
|
87
|
+
return [];
|
|
88
|
+
}
|
|
89
|
+
const tokenScopes = String(payload?.scope ?? '')
|
|
90
|
+
.split(/\s+/)
|
|
91
|
+
.filter(Boolean);
|
|
92
|
+
return required.filter((s) => !tokenScopes.includes(s));
|
|
93
|
+
}
|
|
94
|
+
/**
|
|
95
|
+
* Map the MCP method on a successful auth result to a required-scopes list, then verify
|
|
96
|
+
* the token carries them. Returns an `AuthResult.forbidden` shape when scopes are missing.
|
|
97
|
+
*/
|
|
98
|
+
async function enforceScopes(req, authResult) {
|
|
99
|
+
const { method } = req.body || {};
|
|
100
|
+
let required;
|
|
101
|
+
if (method === 'resources/read') {
|
|
102
|
+
const uri = req.body?.params?.uri;
|
|
103
|
+
if (uri) {
|
|
104
|
+
const { resources } = await getResourcesList({ transport: 'http' });
|
|
105
|
+
required = resources.find((r) => r.uri === uri)?.requiredScopes;
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
else if (method === 'prompts/get') {
|
|
109
|
+
const name = req.body?.params?.name;
|
|
110
|
+
if (name) {
|
|
111
|
+
const { prompts } = await getPromptsList({ transport: 'http' });
|
|
112
|
+
required = prompts.find((p) => p.name === name)?.requiredScopes;
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
const missing = checkScopes(required, authResult.payload);
|
|
116
|
+
if (missing.length > 0) {
|
|
117
|
+
return { forbidden: true, error: `Missing scopes: ${missing.join(',')}` };
|
|
118
|
+
}
|
|
119
|
+
return undefined;
|
|
120
|
+
}
|
|
79
121
|
// Legacy middleware functions removed - use createAuthMW() instead
|
|
80
122
|
/**
|
|
81
123
|
* Programmatic authentication checking - for manual auth validation in code
|
|
@@ -91,6 +133,7 @@ export const getMultiAuthError = async (req) => {
|
|
|
91
133
|
}
|
|
92
134
|
// Add authentication information to request for use in application
|
|
93
135
|
req.authInfo = { ...authResult };
|
|
136
|
+
req.auth = { ...authResult }; // SDK transport bridge — see createAuthMW
|
|
94
137
|
return undefined;
|
|
95
138
|
};
|
|
96
139
|
/**
|
|
@@ -121,11 +164,34 @@ export function createAuthMW(options = {}) {
|
|
|
121
164
|
// Use enhanced combined authentication (standard + custom validator)
|
|
122
165
|
const authResult = await checkMultiAuth(req);
|
|
123
166
|
if (!authResult.success) {
|
|
167
|
+
// Standard §7.4 — forbidden (authenticated but lacking permission) → 403, NO WWW-Authenticate.
|
|
168
|
+
if (authResult.forbidden) {
|
|
169
|
+
getMetrics()?.authFailures.inc({ reason: 'forbidden' });
|
|
170
|
+
const errorDetails = debugAuth(req, 403, authResult.error || 'Forbidden');
|
|
171
|
+
return res.status(errorDetails.code).send(errorDetails.message);
|
|
172
|
+
}
|
|
173
|
+
const reason = (authResult.error ?? 'unauthorized').slice(0, 64);
|
|
174
|
+
getMetrics()?.authFailures.inc({ reason });
|
|
124
175
|
const errorDetails = debugAuth(req, 401, authResult.error || 'Authentication failed');
|
|
176
|
+
const wwwAuth = buildWwwAuthenticateHeader(req, {
|
|
177
|
+
errorReason: authResult.error,
|
|
178
|
+
isTokenDecrypted: authResult.isTokenDecrypted,
|
|
179
|
+
});
|
|
180
|
+
res.setHeader('WWW-Authenticate', wwwAuth);
|
|
181
|
+
return res.status(errorDetails.code).send(errorDetails.message);
|
|
182
|
+
}
|
|
183
|
+
// Standard §7.5 — scope enforcement against the target resource / prompt.
|
|
184
|
+
const scopeViolation = await enforceScopes(req, authResult);
|
|
185
|
+
if (scopeViolation) {
|
|
186
|
+
getMetrics()?.authFailures.inc({ reason: 'missing_scope' });
|
|
187
|
+
const errorDetails = debugAuth(req, 403, scopeViolation.error);
|
|
125
188
|
return res.status(errorDetails.code).send(errorDetails.message);
|
|
126
189
|
}
|
|
127
190
|
// Add authentication information to request for use in application
|
|
128
191
|
req.authInfo = authResult;
|
|
192
|
+
// Bridge for SDK transports: `StreamableHTTPServerTransport` reads `req.auth` and surfaces it
|
|
193
|
+
// to handlers as `extra.authInfo`. Keep `payload` so `createMcpServer` can pass it downstream.
|
|
194
|
+
req.auth = authResult;
|
|
129
195
|
return next();
|
|
130
196
|
}
|
|
131
197
|
catch {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/core/auth/middleware.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAG5D,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/core/auth/middleware.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAG5D,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC;AAEpE,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAGvE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC;AAE1D,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;AAE3F,MAAM,SAAS,GAAG,CAAC,GAAY,EAAE,IAAY,EAAE,OAAe,EAAqC,EAAE;IACnG,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;QAC3B,IAAI,UAAU,GAAW,EAAE,CAAC;QAC5B,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;iBACrC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE;gBACd,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBAC1C,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,OAAO,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC;gBACvD,CAAC;gBACD,OAAO,SAAS,CAAC;YACnB,CAAC,CAAC;iBACD,MAAM,CAAC,OAAO,CAAC;iBACf,IAAI,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC;QACD,cAAc,CAAC,GAAG,GAAG,gBAAgB,KAAK,GAAG,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,aAAa,UAAU,IAAI,GAAG,EAAE,CAAC,CAAC;IAC9G,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC,CAAC;AAEF,wDAAwD;AAExD;;GAEG;AACH,MAAM,gBAAgB,GAAG,KAAK,EAAE,GAAW,EAAoB,EAAE;IAC/D,kDAAkD;IAClD,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,MAAM,gBAAgB,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IAClF,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;IAEzD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,KAAK,CAAC,CAAC,4CAA4C;IAC5D,CAAC;IAED,OAAO,QAAQ,CAAC,WAAW,KAAK,IAAI,CAAC;AACvC,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAG,KAAK,EAAE,IAAY,EAAoB,EAAE;IAC9D,gDAAgD;IAChD,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IAEvD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,KAAK,CAAC,CAAC,0CAA0C;IAC1D,CAAC;IAED,OAAQ,MAAc,CAAC,WAAW,KAAK,IAAI,CAAC;AAC9C,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG,KAAK,EAAE,GAAY,EAAoB,EAAE;IAClE,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IAElC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM,CAAC;QACZ,KAAK,YAAY,CAAC;QAClB,KAAK,2BAA2B,CAAC;QACjC,KAAK,YAAY,CAAC;QAClB,KAAK,cAAc,CAAC;QACpB,KAAK,gBAAgB;YACnB,OAAO,IAAI,CAAC;QAEd,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC;YAClC,OAAO,GAAG,CAAC,CAAC,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACnD,CAAC;QAED,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC;YACpC,OAAO,IAAI,CAAC,CAAC,CAAC,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACnD,CAAC;QAED;YACE,2CAA2C;YAC3C,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC,CAAC;AAEF;;;GAGG;AACH,SAAS,WAAW,CAAC,QAA8B,EAAE,OAAY;IAC/D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtD,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE,CAAC;SAC7C,KAAK,CAAC,KAAK,CAAC;SACZ,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAY,EACZ,UAA4C;IAE5C,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IAClC,IAAI,QAA8B,CAAC;IACnC,IAAI,MAAM,KAAK,gBAAgB,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC;QAClC,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,gBAAgB,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;YACpE,QAAQ,GAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAS,EAAE,cAAc,CAAC;QAC3E,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC;QACpC,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,cAAc,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;YAChE,QAAQ,GAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAS,EAAE,cAAc,CAAC;QAC3E,CAAC;IACH,CAAC;IACD,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;IAC1D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,mBAAmB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;IAC5E,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,mEAAmE;AAEnE;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EAAE,GAAY,EAA0D,EAAE;IAC9G,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC;IAC1E,CAAC;IAED,mEAAmE;IAClE,GAAW,CAAC,QAAQ,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC;IACzC,GAAW,CAAC,IAAI,GAAG,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC,0CAA0C;IAEjF,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAWF;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,UAAiC,EAAE;IAC9D,MAAM,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM,EAAE,GAAG,OAAO,CAAC;IAEjH,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/D,yFAAyF;QACzF,IAAK,GAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC;YACnC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,qCAAqC;QACrC,IAAI,SAAS,IAAI,CAAE,YAAoB,CAAC,OAAO,EAAE,CAAC;YAChD,oBAAoB,EAAE,CAAC;YACtB,YAAoB,CAAC,OAAO,GAAG,IAAI,CAAC;QACvC,CAAC;QAED,uEAAuE;QACvE,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,YAAY,IAAI,CAAC,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACpD,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,IAAI,CAAC;YACH,qEAAqE;YACrE,MAAM,UAAU,GAAe,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;YACzD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,+FAA+F;gBAC/F,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;oBACzB,UAAU,EAAE,EAAE,YAAY,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;oBACxD,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,KAAK,IAAI,WAAW,CAAC,CAAC;oBAC1E,OAAO,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;gBAClE,CAAC;gBACD,MAAM,MAAM,GAAG,CAAC,UAAU,CAAC,KAAK,IAAI,cAAc,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACjE,UAAU,EAAE,EAAE,YAAY,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC3C,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC;gBACtF,MAAM,OAAO,GAAG,0BAA0B,CAAC,GAAG,EAAE;oBAC9C,WAAW,EAAE,UAAU,CAAC,KAAK;oBAC7B,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;iBAC9C,CAAC,CAAC;gBACH,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;gBAC3C,OAAO,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,0EAA0E;YAC1E,MAAM,cAAc,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,UAAiB,CAAC,CAAC;YACnE,IAAI,cAAc,EAAE,CAAC;gBACnB,UAAU,EAAE,EAAE,YAAY,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;gBAC5D,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC/D,OAAO,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,mEAAmE;YAClE,GAAW,CAAC,QAAQ,GAAG,UAAU,CAAC;YACnC,8FAA8F;YAC9F,+FAA+F;YAC9F,GAAW,CAAC,IAAI,GAAG,UAAU,CAAC;YAC/B,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,uCAAuC;AACtC,YAAoB,CAAC,OAAO,GAAG,KAAK,CAAC"}
|
|
@@ -26,5 +26,5 @@ export declare function logAuthConfiguration(): void;
|
|
|
26
26
|
* 3. JWT token - if jwtToken.encryptKey is set, generate token on the fly
|
|
27
27
|
* @returns {Object} Headers object with Authorization header if auth is enabled
|
|
28
28
|
*/
|
|
29
|
-
export declare function getAuthHeadersForTests(): object
|
|
29
|
+
export declare function getAuthHeadersForTests(): Promise<object>;
|
|
30
30
|
//# sourceMappingURL=multi-auth.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"multi-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/multi-auth.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"multi-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/multi-auth.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAWlC,OAAO,EAAE,mBAAmB,EAAE,UAAU,EAAY,MAAM,YAAY,CAAC;AAqBvE,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,QAAQ,CAAC;AAG5C,eAAO,MAAM,sBAAsB,GACjC,KAAK,OAAO,KACX;IAAE,MAAM,CAAC,EAAE,UAAU,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,OAAO,CAAA;CAcrE,CAAC;AAyBF;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,mBAAmB,CAgD7D;AAsBD;;GAEG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAgGtE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,IAAI,CAa3C;AAED;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,MAAM,CAAC,CAsC9D"}
|