latchkey 2.7.3 → 2.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +55 -5
- package/dist/scripts/cryptFile.js +2 -2
- package/dist/scripts/cryptFile.js.map +1 -1
- package/dist/scripts/recordBrowserSession.js +3 -2
- package/dist/scripts/recordBrowserSession.js.map +1 -1
- package/dist/src/cli.js +5 -4
- package/dist/src/cli.js.map +1 -1
- package/dist/src/cliCommands.d.ts +1 -1
- package/dist/src/cliCommands.d.ts.map +1 -1
- package/dist/src/cliCommands.js +44 -6
- package/dist/src/cliCommands.js.map +1 -1
- package/dist/src/config.d.ts +34 -0
- package/dist/src/config.d.ts.map +1 -1
- package/dist/src/config.js +53 -0
- package/dist/src/config.js.map +1 -1
- package/dist/src/curlInjection.d.ts +1 -1
- package/dist/src/curlInjection.d.ts.map +1 -1
- package/dist/src/curlInjection.js +16 -1
- package/dist/src/curlInjection.js.map +1 -1
- package/dist/src/encryptedStorage.d.ts +9 -25
- package/dist/src/encryptedStorage.d.ts.map +1 -1
- package/dist/src/encryptedStorage.js +9 -52
- package/dist/src/encryptedStorage.js.map +1 -1
- package/dist/src/encryption.d.ts +45 -0
- package/dist/src/encryption.d.ts.map +1 -1
- package/dist/src/encryption.js +69 -0
- package/dist/src/encryption.js.map +1 -1
- package/dist/src/gateway/client.d.ts +12 -2
- package/dist/src/gateway/client.d.ts.map +1 -1
- package/dist/src/gateway/client.js +31 -4
- package/dist/src/gateway/client.js.map +1 -1
- package/dist/src/gateway/extensions.d.ts +59 -0
- package/dist/src/gateway/extensions.d.ts.map +1 -0
- package/dist/src/gateway/extensions.js +170 -0
- package/dist/src/gateway/extensions.js.map +1 -0
- package/dist/src/gateway/gatewayEndpoint.d.ts +22 -1
- package/dist/src/gateway/gatewayEndpoint.d.ts.map +1 -1
- package/dist/src/gateway/gatewayEndpoint.js +52 -15
- package/dist/src/gateway/gatewayEndpoint.js.map +1 -1
- package/dist/src/gateway/password.d.ts +16 -0
- package/dist/src/gateway/password.d.ts.map +1 -0
- package/dist/src/gateway/password.js +24 -0
- package/dist/src/gateway/password.js.map +1 -0
- package/dist/src/gateway/permissionsOverride.d.ts +65 -0
- package/dist/src/gateway/permissionsOverride.d.ts.map +1 -0
- package/dist/src/gateway/permissionsOverride.js +171 -0
- package/dist/src/gateway/permissionsOverride.js.map +1 -0
- package/dist/src/gateway/server.d.ts.map +1 -1
- package/dist/src/gateway/server.js +100 -15
- package/dist/src/gateway/server.js.map +1 -1
- package/dist/src/index.d.ts +2 -2
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +2 -2
- package/dist/src/index.js.map +1 -1
- package/dist/src/oauthUtils.d.ts +11 -2
- package/dist/src/oauthUtils.d.ts.map +1 -1
- package/dist/src/oauthUtils.js +25 -4
- package/dist/src/oauthUtils.js.map +1 -1
- package/dist/src/permissions.d.ts +3 -6
- package/dist/src/permissions.d.ts.map +1 -1
- package/dist/src/permissions.js +6 -13
- package/dist/src/permissions.js.map +1 -1
- package/dist/src/serviceRegistry.d.ts.map +1 -1
- package/dist/src/serviceRegistry.js +2 -1
- package/dist/src/serviceRegistry.js.map +1 -1
- package/dist/src/services/index.d.ts +1 -0
- package/dist/src/services/index.d.ts.map +1 -1
- package/dist/src/services/index.js +1 -0
- package/dist/src/services/index.js.map +1 -1
- package/dist/src/services/notion-mcp.d.ts +29 -0
- package/dist/src/services/notion-mcp.d.ts.map +1 -0
- package/dist/src/services/notion-mcp.js +156 -0
- package/dist/src/services/notion-mcp.js.map +1 -0
- package/dist/src/services/notion.d.ts.map +1 -1
- package/dist/src/services/notion.js +3 -2
- package/dist/src/services/notion.js.map +1 -1
- package/dist/src/version.d.ts +1 -1
- package/dist/src/version.js +1 -1
- package/dist/tests/apiCredentialStore.test.js +2 -2
- package/dist/tests/apiCredentialStore.test.js.map +1 -1
- package/dist/tests/cli.test.js +98 -53
- package/dist/tests/cli.test.js.map +1 -1
- package/dist/tests/config.test.js +37 -0
- package/dist/tests/config.test.js.map +1 -1
- package/dist/tests/encryptedStorage.test.js +19 -39
- package/dist/tests/encryptedStorage.test.js.map +1 -1
- package/dist/tests/gateway.test.js +184 -7
- package/dist/tests/gateway.test.js.map +1 -1
- package/dist/tests/gatewayClient.test.js +74 -0
- package/dist/tests/gatewayClient.test.js.map +1 -1
- package/dist/tests/gatewayExtensions.test.d.ts +2 -0
- package/dist/tests/gatewayExtensions.test.d.ts.map +1 -0
- package/dist/tests/gatewayExtensions.test.js +398 -0
- package/dist/tests/gatewayExtensions.test.js.map +1 -0
- package/dist/tests/latchkeyEndpoint.test.js +7 -6
- package/dist/tests/latchkeyEndpoint.test.js.map +1 -1
- package/dist/tests/migrations.test.js +2 -2
- package/dist/tests/migrations.test.js.map +1 -1
- package/dist/tests/oauthUtils.test.d.ts +2 -0
- package/dist/tests/oauthUtils.test.d.ts.map +1 -0
- package/dist/tests/oauthUtils.test.js +63 -0
- package/dist/tests/oauthUtils.test.js.map +1 -0
- package/dist/tests/permissions.test.js +14 -10
- package/dist/tests/permissions.test.js.map +1 -1
- package/dist/tests/permissionsOverride.test.d.ts +2 -0
- package/dist/tests/permissionsOverride.test.d.ts.map +1 -0
- package/dist/tests/permissionsOverride.test.js +136 -0
- package/dist/tests/permissionsOverride.test.js.map +1 -0
- package/dist/tests/resolveEncryptionKey.test.d.ts +2 -0
- package/dist/tests/resolveEncryptionKey.test.d.ts.map +1 -0
- package/dist/tests/resolveEncryptionKey.test.js +26 -0
- package/dist/tests/resolveEncryptionKey.test.js.map +1 -0
- package/dist/tests/sharedOperations.test.js +34 -50
- package/dist/tests/sharedOperations.test.js.map +1 -1
- package/package.json +2 -2
- package/dist/tests/encryptedStorageKeyGeneration.test.d.ts +0 -2
- package/dist/tests/encryptedStorageKeyGeneration.test.d.ts.map +0 -1
- package/dist/tests/encryptedStorageKeyGeneration.test.js +0 -22
- package/dist/tests/encryptedStorageKeyGeneration.test.js.map +0 -1
package/dist/src/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,EAAE,YAAY,EAAiB,MAAM,sBAAsB,CAAC;AAEnE,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IACrD,YAAY,QAAgB,EAAE,WAAmB;QAC/C,MAAM,gBAAgB,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAClE,KAAK,CACH,QAAQ,QAAQ,8BAA8B,gBAAgB,qBAAqB,QAAQ,EAAE,CAC9F,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,WAAmB;QAC7B,KAAK,CAAC,IAAI,WAAW,0CAA0C,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,MAAM,OAAO,6BAA8B,SAAQ,KAAK;IACtD,YAAY,QAAgB;QAC1B,KAAK,CACH,+CAA+C,QAAQ,4CAA4C,CACpG,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,+BAA+B,CAAC;IAC9C,CAAC;CACF;AAED,MAAM,0BAA0B,GAAG,oBAAoB,CAAC;AACxD,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAC9C,MAAM,+BAA+B,GAAG,yBAAyB,CAAC;AAClE,MAAM,qCAAqC,GAAG,+BAA+B,CAAC;AAC9E,MAAM,qCAAqC,GAAG,+BAA+B,CAAC;AAC9E,MAAM,gCAAgC,GAAG,0BAA0B,CAAC;AACpE,MAAM,iCAAiC,GAAG,2BAA2B,CAAC;AACtE,MAAM,mCAAmC,GAAG,6BAA6B,CAAC;AAC1E,MAAM,uDAAuD,GAC3D,iDAAiD,CAAC;AACpD,MAAM,oCAAoC,GAAG,8BAA8B,CAAC;AAC5E,MAAM,wBAAwB,GAAG,kBAAkB,CAAC;AACpD,MAAM,oCAAoC,GAAG,8BAA8B,CAAC;AAC5E,MAAM,oCAAoC,GAAG,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,EAAE,YAAY,EAAiB,MAAM,sBAAsB,CAAC;AAEnE,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IACrD,YAAY,QAAgB,EAAE,WAAmB;QAC/C,MAAM,gBAAgB,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAClE,KAAK,CACH,QAAQ,QAAQ,8BAA8B,gBAAgB,qBAAqB,QAAQ,EAAE,CAC9F,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,WAAmB;QAC7B,KAAK,CAAC,IAAI,WAAW,0CAA0C,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,MAAM,OAAO,6BAA8B,SAAQ,KAAK;IACtD,YAAY,QAAgB;QAC1B,KAAK,CACH,+CAA+C,QAAQ,4CAA4C,CACpG,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,+BAA+B,CAAC;IAC9C,CAAC;CACF;AAED,MAAM,0BAA0B,GAAG,oBAAoB,CAAC;AACxD,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAC9C,MAAM,+BAA+B,GAAG,yBAAyB,CAAC;AAClE,MAAM,qCAAqC,GAAG,+BAA+B,CAAC;AAC9E,MAAM,qCAAqC,GAAG,+BAA+B,CAAC;AAC9E,MAAM,gCAAgC,GAAG,0BAA0B,CAAC;AACpE,MAAM,iCAAiC,GAAG,2BAA2B,CAAC;AACtE,MAAM,mCAAmC,GAAG,6BAA6B,CAAC;AAC1E,MAAM,uDAAuD,GAC3D,iDAAiD,CAAC;AACpD,MAAM,oCAAoC,GAAG,8BAA8B,CAAC;AAC5E,MAAM,wBAAwB,GAAG,kBAAkB,CAAC;AACpD,MAAM,oCAAoC,GAAG,8BAA8B,CAAC;AAC5E,MAAM,oCAAoC,GAAG,8BAA8B,CAAC;AAC5E,MAAM,iCAAiC,GAAG,2BAA2B,CAAC;AACtE,MAAM,wCAAwC,GAAG,kCAAkC,CAAC;AACpF,MAAM,6CAA6C,GAAG,uCAAuC,CAAC;AAE9F,MAAM,CAAC,MAAM,4BAA4B,GAAG,UAAU,CAAC;AACvD,MAAM,CAAC,MAAM,4BAA4B,GAAG,gBAAgB,CAAC;AAC7D,MAAM,CAAC,MAAM,2BAA2B,GAAG,WAAW,CAAC;AACvD,MAAM,CAAC,MAAM,2BAA2B,GAAG,IAAI,CAAC;AAEhD,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,CAAC,CAAC;AAEvD,MAAM,yBAAyB,GAAG,sBAAsB,CAAC;AACzD,MAAM,sBAAsB,GAAG,wBAAwB,CAAC;AACxD,MAAM,eAAe,GAAG,aAAa,CAAC;AACtC,MAAM,2BAA2B,GAAG,kBAAkB,CAAC;AACvD,MAAM,yBAAyB,GAAG,YAAY,CAAC;AAE/C,SAAS,6BAA6B,CAAC,IAAY;IACjD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,OAAO,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB;IACpC,IAAI,CAAC;QACH,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAE1C,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACpC,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CACpB,QAA4B,EAC5B,SAA6B,EAC7B,YAAoB;IAEpB,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IAC5C,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC9C,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAC5B,QAA4B,EAC5B,SAA6B;IAE7B,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,EAAE;QAAE,OAAO,QAAQ,CAAC;IAC/D,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,EAAE;QAAE,OAAO,SAAS,CAAC;IAClE,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,wBAAwB,CAC/B,QAA4B,EAC5B,SAA6B;IAE7B,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,KAAK,EAAE,CAAC;YAC9D,MAAM,IAAI,6BAA6B,CAAC,QAAQ,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC9C,OAAO,2BAA2B,CAAC;AACrC,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CAAC,QAA4B,EAAE,SAA8B;IAClF,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAC3D,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC9C,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,MAAM;IACR,SAAS,CAAS;IAClB,WAAW,CAAS;IAC7B;;;;OAIG;IACM,qBAAqB,CAAgB;IACrC,WAAW,CAAS;IACpB,WAAW,CAAS;IAC7B;;;OAGG;IACM,eAAe,CAAU;IAClC;;OAEG;IACM,gBAAgB,CAAU;IACnC;;;OAGG;IACM,yBAAyB,CAAgB;IAClD;;OAEG;IACM,iCAAiC,CAAU;IACpD;;;OAGG;IACM,kBAAkB,CAAU;IACrC;;;;OAIG;IACM,UAAU,CAAgB;IACnC;;;;OAIG;IACM,iBAAiB,CAAS;IACnC;;;OAGG;IACM,iBAAiB,CAAS;IACnC;;;;;;;OAOG;IACM,eAAe,CAAgB;IACxC;;;;;;;;OAQG;IACM,qBAAqB,CAAgB;IAC9C;;;;;;;;OAQG;IACM,0BAA0B,CAAgB;IAEnD,YACE,SAA+C,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAC1E,uBAAyD,YAAY;QAErE,yFAAyF;QACzF,0FAA0F;QAC1F,MAAM,YAAY,GAAG,MAAM,CAAC,0BAA0B,CAAC,CAAC;QACxD,IAAI,CAAC,SAAS,GAAG,YAAY,CAAC,CAAC,CAAC,6BAA6B,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC;QAChG,IAAI,CAAC,qBAAqB,GAAG,MAAM,CAAC,+BAA+B,CAAC,IAAI,IAAI,CAAC;QAE7E,MAAM,QAAQ,GAAG,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC,CAAC;QAE7E,IAAI,CAAC,WAAW,GAAG,aAAa,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAC9F,IAAI,CAAC,WAAW,GAAG,aAAa,CAC9B,MAAM,CAAC,qCAAqC,CAAC,EAC7C,QAAQ,CAAC,kBAAkB,EAC3B,4BAA4B,CAC7B,CAAC;QACF,IAAI,CAAC,WAAW,GAAG,aAAa,CAC9B,MAAM,CAAC,qCAAqC,CAAC,EAC7C,QAAQ,CAAC,kBAAkB,EAC3B,4BAA4B,CAC7B,CAAC;QAEF,IAAI,CAAC,eAAe,GAAG,cAAc,CACnC,MAAM,CAAC,gCAAgC,CAAC,EACxC,QAAQ,CAAC,eAAe,CACzB,CAAC;QACF,IAAI,CAAC,gBAAgB,GAAG,cAAc,CACpC,MAAM,CAAC,iCAAiC,CAAC,EACzC,QAAQ,CAAC,gBAAgB,CAC1B,CAAC;QACF,IAAI,CAAC,iCAAiC,GAAG,cAAc,CACrD,MAAM,CAAC,uDAAuD,CAAC,EAC/D,QAAQ,CAAC,iCAAiC,CAC3C,CAAC;QACF,IAAI,CAAC,kBAAkB,GAAG,cAAc,CACtC,MAAM,CAAC,oCAAoC,CAAC,EAC5C,QAAQ,CAAC,kBAAkB,CAC5B,CAAC;QAEF,MAAM,iBAAiB,GAAG,qBAAqB,CAC7C,MAAM,CAAC,mCAAmC,CAAC,EAC3C,QAAQ,CAAC,iBAAiB,CAC3B,CAAC;QACF,IAAI,CAAC,yBAAyB,GAAG,iBAAiB,CAAC;QAEnD,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,wBAAwB,CAAC,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7F,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAErE,IAAI,CAAC,iBAAiB,GAAG,aAAa,CACpC,MAAM,CAAC,oCAAoC,CAAC,EAC5C,QAAQ,CAAC,iBAAiB,EAC1B,2BAA2B,CAC5B,CAAC;QACF,IAAI,CAAC,iBAAiB,GAAG,wBAAwB,CAC/C,MAAM,CAAC,oCAAoC,CAAC,EAC5C,QAAQ,CAAC,iBAAiB,CAC3B,CAAC;QAEF,MAAM,eAAe,GAAG,MAAM,CAAC,iCAAiC,CAAC,CAAC;QAClE,IAAI,CAAC,eAAe;YAClB,eAAe,KAAK,SAAS,IAAI,eAAe,KAAK,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC;QAEnF,MAAM,qBAAqB,GAAG,MAAM,CAAC,wCAAwC,CAAC,CAAC;QAC/E,IAAI,CAAC,qBAAqB;YACxB,qBAAqB,KAAK,SAAS,IAAI,qBAAqB,KAAK,EAAE;gBACjE,CAAC,CAAC,qBAAqB;gBACvB,CAAC,CAAC,IAAI,CAAC;QAEX,MAAM,0BAA0B,GAAG,MAAM,CAAC,6CAA6C,CAAC,CAAC;QACzF,IAAI,CAAC,0BAA0B;YAC7B,0BAA0B,KAAK,SAAS,IAAI,0BAA0B,KAAK,EAAE;gBAC3E,CAAC,CAAC,0BAA0B;gBAC5B,CAAC,CAAC,IAAI,CAAC;IACb,CAAC;IAED,IAAI,mBAAmB;QACrB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,yBAAyB,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,2BAA2B,CAAC,CAAC;IAC7F,CAAC;IAED;;;OAGG;IACH,IAAI,uBAAuB;QACzB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;IACzD,CAAC;IAED;;;OAGG;IACH,6BAA6B;QAC3B,MAAM,YAAY,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAEvE,KAAK,MAAM,QAAQ,IAAI,YAAY,EAAE,CAAC;YACpC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC;YACvC,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,4BAA4B,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,wBAAwB;QACtB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC"}
|
|
@@ -31,7 +31,7 @@ export declare class CredentialsExpiredError extends Error {
|
|
|
31
31
|
}
|
|
32
32
|
export interface CurlInjectionDependencies {
|
|
33
33
|
readonly registry: ServiceRegistry;
|
|
34
|
-
readonly checkPermission: (
|
|
34
|
+
readonly checkPermission: (request: Request, configPath: string, doNotUseBuiltinSchemas: boolean) => Promise<boolean>;
|
|
35
35
|
readonly permissionsConfigPath: string;
|
|
36
36
|
readonly permissionsDoNotUseBuiltinSchemas: boolean;
|
|
37
37
|
readonly passthroughUnknown: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"curlInjection.d.ts","sourceRoot":"","sources":["../../src/curlInjection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"curlInjection.d.ts","sourceRoot":"","sources":["../../src/curlInjection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAKpE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE5D,qBAAa,wBAAyB,SAAQ,KAAK;;CAKlD;AAED,qBAAa,wBAAyB,SAAQ,KAAK;gBACrC,MAAM,CAAC,EAAE,MAAM;CAQ5B;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;gBAET,GAAG,EAAE,MAAM;CAKxB;AAED,qBAAa,4BAA6B,SAAQ,KAAK;IACrD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;gBAEjB,WAAW,EAAE,MAAM;CAKhC;AAED,qBAAa,uBAAwB,SAAQ,KAAK;IAChD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;gBAEjB,WAAW,EAAE,MAAM;CAKhC;AAED,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC,QAAQ,CAAC,eAAe,EAAE,CACxB,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,MAAM,EAClB,sBAAsB,EAAE,OAAO,KAC5B,OAAO,CAAC,OAAO,CAAC,CAAC;IACtB,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,iCAAiC,EAAE,OAAO,CAAC;IACpD,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC;CACtC;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,aAAa,EAAE,SAAS,MAAM,EAAE,EAChC,kBAAkB,EAAE,kBAAkB,EACtC,YAAY,EAAE,yBAAyB,GACtC,OAAO,CAAC,SAAS,MAAM,EAAE,CAAC,CA4D5B"}
|
|
@@ -11,6 +11,7 @@
|
|
|
11
11
|
*/
|
|
12
12
|
import { maybeRefreshCredentials } from './apiCredentials/utils.js';
|
|
13
13
|
import { CurlParseError, extractUrlFromCurlArguments } from './curl.js';
|
|
14
|
+
import { parseCurlArgs } from '@imbue-ai/detent';
|
|
14
15
|
import { ErrorMessages } from './errorMessages.js';
|
|
15
16
|
export class RequestNotPermittedError extends Error {
|
|
16
17
|
constructor() {
|
|
@@ -57,7 +58,21 @@ export class CredentialsExpiredError extends Error {
|
|
|
57
58
|
* underlying permission check).
|
|
58
59
|
*/
|
|
59
60
|
export async function prepareCurlInvocation(curlArguments, apiCredentialStore, dependencies) {
|
|
60
|
-
|
|
61
|
+
// Parse the curl arguments once for the permission check. A parse failure
|
|
62
|
+
// here means the user's curl invocation is malformed, which is treated as
|
|
63
|
+
// a URL-extraction failure (the same category as the second parse below),
|
|
64
|
+
// not a permission-check failure.
|
|
65
|
+
let parsedRequest;
|
|
66
|
+
try {
|
|
67
|
+
parsedRequest = parseCurlArgs(curlArguments);
|
|
68
|
+
}
|
|
69
|
+
catch (error) {
|
|
70
|
+
if (error instanceof CurlParseError) {
|
|
71
|
+
throw new UrlExtractionFailedError(error.message);
|
|
72
|
+
}
|
|
73
|
+
throw error;
|
|
74
|
+
}
|
|
75
|
+
const allowed = await dependencies.checkPermission(parsedRequest, dependencies.permissionsConfigPath, dependencies.permissionsDoNotUseBuiltinSchemas);
|
|
61
76
|
if (!allowed) {
|
|
62
77
|
throw new RequestNotPermittedError();
|
|
63
78
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"curlInjection.js","sourceRoot":"","sources":["../../src/curlInjection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,2BAA2B,EAAE,MAAM,WAAW,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGnD,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD;QACE,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD,YAAY,MAAe;QACzB,KAAK,CACH,MAAM,KAAK,SAAS;YAClB,CAAC,CAAC,aAAa,CAAC,kBAAkB;YAClC,CAAC,CAAC,GAAG,aAAa,CAAC,uBAAuB,IAAI,MAAM,EAAE,CACzD,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,GAAG,CAAS;IAErB,YAAY,GAAW;QACrB,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAC5C,WAAW,CAAS;IAE7B,YAAY,WAAmB;QAC7B,KAAK,CAAC,aAAa,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IACvC,WAAW,CAAS;IAE7B,YAAY,WAAmB;QAC7B,KAAK,CAAC,aAAa,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;QACtC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;CACF;AAcD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,aAAgC,EAChC,kBAAsC,EACtC,YAAuC;IAEvC,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,eAAe,CAChD,aAAa,EACb,YAAY,CAAC,qBAAqB,EAClC,YAAY,CAAC,iCAAiC,CAC/C,CAAC;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,wBAAwB,EAAE,CAAC;IACvC,CAAC;IAED,IAAI,GAAkB,CAAC;IACvB,IAAI,CAAC;QACH,GAAG,GAAG,2BAA2B,CAAC,aAAa,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,cAAc,EAAE,CAAC;YACpC,MAAM,IAAI,wBAAwB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IACD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,wBAAwB,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,IAAI,YAAY,CAAC,kBAAkB,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,aAAa,CAAC,CAAC;QAC5B,CAAC;QACD,MAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,cAAc,GAA0B,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjF,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,IAAI,YAAY,CAAC,kBAAkB,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,aAAa,CAAC,CAAC;QAC5B,CAAC;QACD,MAAM,IAAI,4BAA4B,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,cAAc,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC;QACxC,cAAc,GAAG,MAAM,uBAAuB,CAAC,OAAO,EAAE,cAAc,EAAE,kBAAkB,CAAC,CAAC;QAC5F,IAAI,cAAc,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,uBAAuB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,cAAc,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;AAChE,CAAC"}
|
|
1
|
+
{"version":3,"file":"curlInjection.js","sourceRoot":"","sources":["../../src/curlInjection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,2BAA2B,EAAE,MAAM,WAAW,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGnD,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD;QACE,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD,YAAY,MAAe;QACzB,KAAK,CACH,MAAM,KAAK,SAAS;YAClB,CAAC,CAAC,aAAa,CAAC,kBAAkB;YAClC,CAAC,CAAC,GAAG,aAAa,CAAC,uBAAuB,IAAI,MAAM,EAAE,CACzD,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IACzC,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,GAAG,CAAS;IAErB,YAAY,GAAW;QACrB,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;CACF;AAED,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAC5C,WAAW,CAAS;IAE7B,YAAY,WAAmB;QAC7B,KAAK,CAAC,aAAa,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IACvC,WAAW,CAAS;IAE7B,YAAY,WAAmB;QAC7B,KAAK,CAAC,aAAa,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;QACtC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;CACF;AAcD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,aAAgC,EAChC,kBAAsC,EACtC,YAAuC;IAEvC,0EAA0E;IAC1E,0EAA0E;IAC1E,0EAA0E;IAC1E,kCAAkC;IAClC,IAAI,aAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,cAAc,EAAE,CAAC;YACpC,MAAM,IAAI,wBAAwB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,eAAe,CAChD,aAAa,EACb,YAAY,CAAC,qBAAqB,EAClC,YAAY,CAAC,iCAAiC,CAC/C,CAAC;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,wBAAwB,EAAE,CAAC;IACvC,CAAC;IAED,IAAI,GAAkB,CAAC;IACvB,IAAI,CAAC;QACH,GAAG,GAAG,2BAA2B,CAAC,aAAa,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,cAAc,EAAE,CAAC;YACpC,MAAM,IAAI,wBAAwB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IACD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,wBAAwB,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACpD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,IAAI,YAAY,CAAC,kBAAkB,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,aAAa,CAAC,CAAC;QAC5B,CAAC;QACD,MAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,cAAc,GAA0B,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjF,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,IAAI,YAAY,CAAC,kBAAkB,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,aAAa,CAAC,CAAC;QAC5B,CAAC;QACD,MAAM,IAAI,4BAA4B,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,cAAc,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC;QACxC,cAAc,GAAG,MAAM,uBAAuB,CAAC,OAAO,EAAE,cAAc,EAAE,kBAAkB,CAAC,CAAC;QAC5F,IAAI,cAAc,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,uBAAuB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,cAAc,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;AAChE,CAAC"}
|
|
@@ -1,40 +1,24 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Encrypted file storage
|
|
3
|
-
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
* 3. Generated and stored in keychain (first run)
|
|
7
|
-
*
|
|
8
|
-
* Throws if neither a system keychain nor LATCHKEY_ENCRYPTION_KEY is available.
|
|
2
|
+
* Encrypted file storage. The master encryption key is resolved by
|
|
3
|
+
* `resolveEncryptionKey` (see `encryption.ts`), which handles the keychain /
|
|
4
|
+
* override / generate-on-first-run logic. This module only deals with
|
|
5
|
+
* reading and writing encrypted files.
|
|
9
6
|
*/
|
|
10
7
|
export declare class EncryptedStorageError extends Error {
|
|
11
8
|
constructor(message: string);
|
|
12
9
|
}
|
|
13
|
-
export declare class EncryptionKeyLostError extends EncryptedStorageError {
|
|
14
|
-
constructor();
|
|
15
|
-
}
|
|
16
10
|
export declare class PathIsDirectoryError extends Error {
|
|
17
11
|
constructor(filePath: string);
|
|
18
12
|
}
|
|
19
|
-
export interface EncryptedStorageOptions {
|
|
20
|
-
encryptionKeyOverride?: string | null;
|
|
21
|
-
serviceName?: string;
|
|
22
|
-
accountName?: string;
|
|
23
|
-
/**
|
|
24
|
-
* When false, refuse to generate a new encryption key if the keychain has no key.
|
|
25
|
-
* This prevents silently replacing a lost key, which would make existing encrypted data unreadable.
|
|
26
|
-
* Set to false when encrypted files already exist on disk.
|
|
27
|
-
*/
|
|
28
|
-
allowKeyGeneration?: boolean;
|
|
29
|
-
}
|
|
30
13
|
/**
|
|
31
|
-
*
|
|
14
|
+
* Read and write encrypted files using a pre-resolved master key. Use
|
|
15
|
+
* `resolveEncryptionKey` (from `encryption.ts`) to obtain the key from the
|
|
16
|
+
* keychain / environment / generation-on-first-run logic, then construct
|
|
17
|
+
* `EncryptedStorage` directly.
|
|
32
18
|
*/
|
|
33
19
|
export declare class EncryptedStorage {
|
|
34
20
|
private readonly key;
|
|
35
|
-
|
|
36
|
-
static create(options?: EncryptedStorageOptions): Promise<EncryptedStorage>;
|
|
37
|
-
private static initializeKey;
|
|
21
|
+
constructor(key: string);
|
|
38
22
|
/**
|
|
39
23
|
* Read and decrypt a file.
|
|
40
24
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encryptedStorage.d.ts","sourceRoot":"","sources":["../../src/encryptedStorage.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"encryptedStorage.d.ts","sourceRoot":"","sources":["../../src/encryptedStorage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,oBAAqB,SAAQ,KAAK;gBACjC,QAAQ,EAAE,MAAM;CAI7B;AAED;;;;;GAKG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;gBAEjB,GAAG,EAAE,MAAM;IAIvB;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAgCzC;;;OAGG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;CAkBnD"}
|
|
@@ -1,18 +1,13 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Encrypted file storage
|
|
3
|
-
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
* 3. Generated and stored in keychain (first run)
|
|
7
|
-
*
|
|
8
|
-
* Throws if neither a system keychain nor LATCHKEY_ENCRYPTION_KEY is available.
|
|
2
|
+
* Encrypted file storage. The master encryption key is resolved by
|
|
3
|
+
* `resolveEncryptionKey` (see `encryption.ts`), which handles the keychain /
|
|
4
|
+
* override / generate-on-first-run logic. This module only deals with
|
|
5
|
+
* reading and writing encrypted files.
|
|
9
6
|
*/
|
|
10
7
|
import { existsSync, mkdirSync, readFileSync, statSync } from 'node:fs';
|
|
11
8
|
import { dirname } from 'node:path';
|
|
12
9
|
import { writeFileAtomic } from './atomicWrite.js';
|
|
13
|
-
import {
|
|
14
|
-
import { encrypt, decrypt, generateKey, DecryptionError } from './encryption.js';
|
|
15
|
-
import { retrieveFromKeychain, storeInKeychain, KeychainNotAvailableError } from './keychain.js';
|
|
10
|
+
import { decrypt, DecryptionError, encrypt } from './encryption.js';
|
|
16
11
|
const ENCRYPTED_FILE_PREFIX = 'LATCHKEY_ENCRYPTED:';
|
|
17
12
|
export class EncryptedStorageError extends Error {
|
|
18
13
|
constructor(message) {
|
|
@@ -20,15 +15,6 @@ export class EncryptedStorageError extends Error {
|
|
|
20
15
|
this.name = 'EncryptedStorageError';
|
|
21
16
|
}
|
|
22
17
|
}
|
|
23
|
-
export class EncryptionKeyLostError extends EncryptedStorageError {
|
|
24
|
-
constructor() {
|
|
25
|
-
super('The encryption key was lost from the system keychain and encrypted data already exists. ' +
|
|
26
|
-
'Generating a new key would make existing data unreadable. ' +
|
|
27
|
-
'Restore the keychain or set LATCHKEY_ENCRYPTION_KEY, ' +
|
|
28
|
-
'or delete the encrypted files and start fresh with `latchkey auth clear`.');
|
|
29
|
-
this.name = 'EncryptionKeyLostError';
|
|
30
|
-
}
|
|
31
|
-
}
|
|
32
18
|
export class PathIsDirectoryError extends Error {
|
|
33
19
|
constructor(filePath) {
|
|
34
20
|
super(`Path is a directory, not a file: ${filePath}`);
|
|
@@ -36,45 +22,16 @@ export class PathIsDirectoryError extends Error {
|
|
|
36
22
|
}
|
|
37
23
|
}
|
|
38
24
|
/**
|
|
39
|
-
*
|
|
25
|
+
* Read and write encrypted files using a pre-resolved master key. Use
|
|
26
|
+
* `resolveEncryptionKey` (from `encryption.ts`) to obtain the key from the
|
|
27
|
+
* keychain / environment / generation-on-first-run logic, then construct
|
|
28
|
+
* `EncryptedStorage` directly.
|
|
40
29
|
*/
|
|
41
30
|
export class EncryptedStorage {
|
|
42
31
|
key;
|
|
43
32
|
constructor(key) {
|
|
44
33
|
this.key = key;
|
|
45
34
|
}
|
|
46
|
-
static async create(options = {}) {
|
|
47
|
-
const key = await EncryptedStorage.initializeKey(options);
|
|
48
|
-
return new EncryptedStorage(key);
|
|
49
|
-
}
|
|
50
|
-
static async initializeKey(options) {
|
|
51
|
-
// If key was provided via override, use it
|
|
52
|
-
if (options.encryptionKeyOverride !== undefined && options.encryptionKeyOverride !== null) {
|
|
53
|
-
return options.encryptionKeyOverride;
|
|
54
|
-
}
|
|
55
|
-
const serviceName = options.serviceName ?? DEFAULT_KEYRING_SERVICE_NAME;
|
|
56
|
-
const accountName = options.accountName ?? DEFAULT_KEYRING_ACCOUNT_NAME;
|
|
57
|
-
try {
|
|
58
|
-
const keychainKey = await retrieveFromKeychain(serviceName, accountName);
|
|
59
|
-
if (keychainKey) {
|
|
60
|
-
return keychainKey;
|
|
61
|
-
}
|
|
62
|
-
if (options.allowKeyGeneration === false) {
|
|
63
|
-
throw new EncryptionKeyLostError();
|
|
64
|
-
}
|
|
65
|
-
// Generate new key and store in keychain
|
|
66
|
-
const newKey = generateKey();
|
|
67
|
-
await storeInKeychain(serviceName, accountName, newKey);
|
|
68
|
-
return newKey;
|
|
69
|
-
}
|
|
70
|
-
catch (error) {
|
|
71
|
-
if (error instanceof KeychainNotAvailableError) {
|
|
72
|
-
throw new EncryptedStorageError('No encryption key available. ' +
|
|
73
|
-
'Set LATCHKEY_ENCRYPTION_KEY or ensure system keychain is accessible.');
|
|
74
|
-
}
|
|
75
|
-
throw error;
|
|
76
|
-
}
|
|
77
|
-
}
|
|
78
35
|
/**
|
|
79
36
|
* Read and decrypt a file.
|
|
80
37
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encryptedStorage.js","sourceRoot":"","sources":["../../src/encryptedStorage.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"encryptedStorage.js","sourceRoot":"","sources":["../../src/encryptedStorage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAEpE,MAAM,qBAAqB,GAAG,qBAAqB,CAAC;AAEpD,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7C,YAAY,QAAgB;QAC1B,KAAK,CAAC,oCAAoC,QAAQ,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,gBAAgB;IACV,GAAG,CAAS;IAE7B,YAAY,GAAW;QACrB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,QAAgB;QACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACjC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAEhD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,qBAAqB,CAC7B,0BAA0B,QAAQ,IAAI;gBACpC,oDAAoD,CACvD,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC;YACH,OAAO,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;gBACrC,MAAM,IAAI,qBAAqB,CAC7B,2BAA2B,KAAK,CAAC,OAAO,IAAI,GAAG,sCAAsC,CACtF,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,SAAS,CAAC,QAAgB,EAAE,OAAe;QACzC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC9B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,oBAAoB,CAAC,QAAQ,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,qBAAqB,GAAG,aAAa,CAAC;QAE1D,eAAe,CAAC,QAAQ,EAAE,WAAW,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7E,CAAC;CACF"}
|
package/dist/src/encryption.d.ts
CHANGED
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Encryption utilities for secure credential storage.
|
|
3
3
|
* Uses AES-256-GCM for authenticated encryption.
|
|
4
|
+
*
|
|
5
|
+
* Also exposes `resolveEncryptionKey`, which returns the master key Latchkey
|
|
6
|
+
* uses for encryption (and for deriving sub-keys for other purposes such as
|
|
7
|
+
* signing gateway permissions-override JWTs).
|
|
4
8
|
*/
|
|
5
9
|
export declare class EncryptionError extends Error {
|
|
6
10
|
constructor(message: string);
|
|
@@ -8,6 +12,47 @@ export declare class EncryptionError extends Error {
|
|
|
8
12
|
export declare class DecryptionError extends Error {
|
|
9
13
|
constructor(message: string);
|
|
10
14
|
}
|
|
15
|
+
/**
|
|
16
|
+
* Common base class for encryption-key resolution problems. Catching this
|
|
17
|
+
* lets callers handle all key-acquisition failures uniformly.
|
|
18
|
+
*/
|
|
19
|
+
export declare class EncryptionKeyError extends Error {
|
|
20
|
+
constructor(message: string);
|
|
21
|
+
}
|
|
22
|
+
export declare class EncryptionKeyLostError extends EncryptionKeyError {
|
|
23
|
+
constructor();
|
|
24
|
+
}
|
|
25
|
+
export declare class EncryptionKeyUnavailableError extends EncryptionKeyError {
|
|
26
|
+
constructor();
|
|
27
|
+
}
|
|
28
|
+
export interface ResolveEncryptionKeyOptions {
|
|
29
|
+
/**
|
|
30
|
+
* If provided, this key is used as-is and the keychain is not consulted.
|
|
31
|
+
*/
|
|
32
|
+
encryptionKeyOverride?: string | null;
|
|
33
|
+
serviceName?: string;
|
|
34
|
+
accountName?: string;
|
|
35
|
+
/**
|
|
36
|
+
* When false, refuse to generate a new encryption key if the keychain has
|
|
37
|
+
* no key. Used to prevent silently replacing a lost key, which would make
|
|
38
|
+
* existing encrypted data unreadable. Set to false when encrypted files
|
|
39
|
+
* already exist on disk.
|
|
40
|
+
*/
|
|
41
|
+
allowKeyGeneration?: boolean;
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Resolve the Latchkey master encryption key. Precedence:
|
|
45
|
+
* 1. `encryptionKeyOverride` from the caller (typically
|
|
46
|
+
* `LATCHKEY_ENCRYPTION_KEY`),
|
|
47
|
+
* 2. system keychain entry,
|
|
48
|
+
* 3. freshly generated key, stored in the keychain (only when
|
|
49
|
+
* `allowKeyGeneration` is true).
|
|
50
|
+
*
|
|
51
|
+
* Throws `EncryptionKeyLostError` when the keychain has no key but generation
|
|
52
|
+
* is disallowed, and `EncryptionKeyUnavailableError` when no key can be
|
|
53
|
+
* obtained at all (e.g. no keychain available and no override set).
|
|
54
|
+
*/
|
|
55
|
+
export declare function resolveEncryptionKey(options?: ResolveEncryptionKeyOptions): Promise<string>;
|
|
11
56
|
/**
|
|
12
57
|
* Encrypt data using AES-256-GCM.
|
|
13
58
|
* The key should be a base64-encoded 256-bit key.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/encryption.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/encryption.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAWH,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM;CAI5B;AAED;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,sBAAuB,SAAQ,kBAAkB;;CAU7D;AAED,qBAAa,6BAA8B,SAAQ,kBAAkB;;CAQpE;AAED,MAAM,WAAW,2BAA2B;IAC1C;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,MAAM,CAAC,CA2BjB;AAED;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CA0BpE;AAED;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAiCxE;AAED;;;GAGG;AACH,wBAAgB,WAAW,IAAI,MAAM,CAEpC"}
|
package/dist/src/encryption.js
CHANGED
|
@@ -1,8 +1,14 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Encryption utilities for secure credential storage.
|
|
3
3
|
* Uses AES-256-GCM for authenticated encryption.
|
|
4
|
+
*
|
|
5
|
+
* Also exposes `resolveEncryptionKey`, which returns the master key Latchkey
|
|
6
|
+
* uses for encryption (and for deriving sub-keys for other purposes such as
|
|
7
|
+
* signing gateway permissions-override JWTs).
|
|
4
8
|
*/
|
|
5
9
|
import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';
|
|
10
|
+
import { DEFAULT_KEYRING_ACCOUNT_NAME, DEFAULT_KEYRING_SERVICE_NAME } from './config.js';
|
|
11
|
+
import { KeychainNotAvailableError, retrieveFromKeychain, storeInKeychain } from './keychain.js';
|
|
6
12
|
const ALGORITHM = 'aes-256-gcm';
|
|
7
13
|
const KEY_LENGTH = 32; // 256 bits
|
|
8
14
|
const IV_LENGTH = 12; // 96 bits for GCM
|
|
@@ -19,6 +25,69 @@ export class DecryptionError extends Error {
|
|
|
19
25
|
this.name = 'DecryptionError';
|
|
20
26
|
}
|
|
21
27
|
}
|
|
28
|
+
/**
|
|
29
|
+
* Common base class for encryption-key resolution problems. Catching this
|
|
30
|
+
* lets callers handle all key-acquisition failures uniformly.
|
|
31
|
+
*/
|
|
32
|
+
export class EncryptionKeyError extends Error {
|
|
33
|
+
constructor(message) {
|
|
34
|
+
super(message);
|
|
35
|
+
this.name = 'EncryptionKeyError';
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
export class EncryptionKeyLostError extends EncryptionKeyError {
|
|
39
|
+
constructor() {
|
|
40
|
+
super('The encryption key was lost from the system keychain and encrypted data already exists. ' +
|
|
41
|
+
'Generating a new key would make existing data unreadable. ' +
|
|
42
|
+
'Restore the keychain or set LATCHKEY_ENCRYPTION_KEY, ' +
|
|
43
|
+
'or delete the encrypted files and start fresh with `latchkey auth clear`.');
|
|
44
|
+
this.name = 'EncryptionKeyLostError';
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
export class EncryptionKeyUnavailableError extends EncryptionKeyError {
|
|
48
|
+
constructor() {
|
|
49
|
+
super('No encryption key available. ' +
|
|
50
|
+
'Set LATCHKEY_ENCRYPTION_KEY or ensure system keychain is accessible.');
|
|
51
|
+
this.name = 'EncryptionKeyUnavailableError';
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Resolve the Latchkey master encryption key. Precedence:
|
|
56
|
+
* 1. `encryptionKeyOverride` from the caller (typically
|
|
57
|
+
* `LATCHKEY_ENCRYPTION_KEY`),
|
|
58
|
+
* 2. system keychain entry,
|
|
59
|
+
* 3. freshly generated key, stored in the keychain (only when
|
|
60
|
+
* `allowKeyGeneration` is true).
|
|
61
|
+
*
|
|
62
|
+
* Throws `EncryptionKeyLostError` when the keychain has no key but generation
|
|
63
|
+
* is disallowed, and `EncryptionKeyUnavailableError` when no key can be
|
|
64
|
+
* obtained at all (e.g. no keychain available and no override set).
|
|
65
|
+
*/
|
|
66
|
+
export async function resolveEncryptionKey(options = {}) {
|
|
67
|
+
if (options.encryptionKeyOverride !== undefined && options.encryptionKeyOverride !== null) {
|
|
68
|
+
return options.encryptionKeyOverride;
|
|
69
|
+
}
|
|
70
|
+
const serviceName = options.serviceName ?? DEFAULT_KEYRING_SERVICE_NAME;
|
|
71
|
+
const accountName = options.accountName ?? DEFAULT_KEYRING_ACCOUNT_NAME;
|
|
72
|
+
try {
|
|
73
|
+
const keychainKey = await retrieveFromKeychain(serviceName, accountName);
|
|
74
|
+
if (keychainKey !== null) {
|
|
75
|
+
return keychainKey;
|
|
76
|
+
}
|
|
77
|
+
if (options.allowKeyGeneration === false) {
|
|
78
|
+
throw new EncryptionKeyLostError();
|
|
79
|
+
}
|
|
80
|
+
const newKey = generateKey();
|
|
81
|
+
await storeInKeychain(serviceName, accountName, newKey);
|
|
82
|
+
return newKey;
|
|
83
|
+
}
|
|
84
|
+
catch (error) {
|
|
85
|
+
if (error instanceof KeychainNotAvailableError) {
|
|
86
|
+
throw new EncryptionKeyUnavailableError();
|
|
87
|
+
}
|
|
88
|
+
throw error;
|
|
89
|
+
}
|
|
90
|
+
}
|
|
22
91
|
/**
|
|
23
92
|
* Encrypt data using AES-256-GCM.
|
|
24
93
|
* The key should be a base64-encoded 256-bit key.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../src/encryption.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../src/encryption.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,4BAA4B,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AACzF,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEjG,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,WAAW;AAClC,MAAM,SAAS,GAAG,EAAE,CAAC,CAAC,kBAAkB;AACxC,MAAM,eAAe,GAAG,EAAE,CAAC,CAAC,WAAW;AAEvC,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAC3C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,kBAAkB;IAC5D;QACE,KAAK,CACH,0FAA0F;YACxF,4DAA4D;YAC5D,uDAAuD;YACvD,2EAA2E,CAC9E,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAED,MAAM,OAAO,6BAA8B,SAAQ,kBAAkB;IACnE;QACE,KAAK,CACH,+BAA+B;YAC7B,sEAAsE,CACzE,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,+BAA+B,CAAC;IAC9C,CAAC;CACF;AAkBD;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,UAAuC,EAAE;IAEzC,IAAI,OAAO,CAAC,qBAAqB,KAAK,SAAS,IAAI,OAAO,CAAC,qBAAqB,KAAK,IAAI,EAAE,CAAC;QAC1F,OAAO,OAAO,CAAC,qBAAqB,CAAC;IACvC,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,4BAA4B,CAAC;IACxE,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,4BAA4B,CAAC;IAExE,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,oBAAoB,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACzE,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,IAAI,OAAO,CAAC,kBAAkB,KAAK,KAAK,EAAE,CAAC;YACzC,MAAM,IAAI,sBAAsB,EAAE,CAAC;QACrC,CAAC;QAED,MAAM,MAAM,GAAG,WAAW,EAAE,CAAC;QAC7B,MAAM,eAAe,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,yBAAyB,EAAE,CAAC;YAC/C,MAAM,IAAI,6BAA6B,EAAE,CAAC;QAC5C,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,OAAO,CAAC,SAAiB,EAAE,SAAiB;IAC1D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7C,IAAI,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC9B,MAAM,IAAI,eAAe,CACvB,gCAAgC,MAAM,CAAC,UAAU,CAAC,eAAe,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;QAElC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC,CAAC;QACtF,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACrF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,+CAA+C;QAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;QAC1D,OAAO,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;YACrC,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,IAAI,eAAe,CACvB,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACpF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,OAAO,CAAC,aAAqB,EAAE,SAAiB;IAC9D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7C,IAAI,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC9B,MAAM,IAAI,eAAe,CACvB,gCAAgC,MAAM,CAAC,UAAU,CAAC,eAAe,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAEtD,4EAA4E;QAC5E,IAAI,QAAQ,CAAC,MAAM,GAAG,SAAS,GAAG,eAAe,EAAE,CAAC;YAClD,MAAM,IAAI,eAAe,CAAC,mCAAmC,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,SAAS,GAAG,eAAe,CAAC,CAAC;QAC1E,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,SAAS,GAAG,eAAe,CAAC,CAAC;QAElE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC,CAAC;QAC1F,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjF,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;YACrC,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,IAAI,eAAe,CACvB,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACpF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,WAAW,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACpD,CAAC"}
|
|
@@ -17,8 +17,12 @@ export declare class GatewayCurlRewriteError extends Error {
|
|
|
17
17
|
}
|
|
18
18
|
/**
|
|
19
19
|
* POST a request to the gateway's `/latchkey/` endpoint and return its `result`.
|
|
20
|
+
* When `password` is provided, it is sent in the gateway password header so
|
|
21
|
+
* the request can be authenticated by a password-protected gateway. When
|
|
22
|
+
* `permissionsOverride` is provided, it is sent in the permissions-override
|
|
23
|
+
* header so the gateway uses an alternative permissions.json for this request.
|
|
20
24
|
*/
|
|
21
|
-
export declare function callLatchkeyEndpoint(gatewayUrl: string, request: LatchkeyRequest): Promise<unknown>;
|
|
25
|
+
export declare function callLatchkeyEndpoint(gatewayUrl: string, request: LatchkeyRequest, password?: string | null, permissionsOverride?: string | null): Promise<unknown>;
|
|
22
26
|
/**
|
|
23
27
|
* Build the URL used to proxy a `latchkey curl` invocation through the
|
|
24
28
|
* gateway's `/gateway/` endpoint.
|
|
@@ -27,6 +31,12 @@ export declare function buildGatewayProxyUrl(gatewayUrl: string, targetUrl: stri
|
|
|
27
31
|
/**
|
|
28
32
|
* Rewrite a curl argument list so the target URL points at the gateway's
|
|
29
33
|
* `/gateway/<target>` endpoint. Returns a new array; the original is unchanged.
|
|
34
|
+
*
|
|
35
|
+
* When `password` is provided, an `-H` argument carrying the gateway
|
|
36
|
+
* password header is prepended so the rewritten curl call can authenticate
|
|
37
|
+
* against a password-protected gateway. When `permissionsOverride` is
|
|
38
|
+
* provided, an `-H` argument carrying the permissions-override JWT is also
|
|
39
|
+
* prepended.
|
|
30
40
|
*/
|
|
31
|
-
export declare function rewriteCurlArgumentsForGateway(curlArguments: readonly string[], targetUrl: string, gatewayUrl: string): readonly string[];
|
|
41
|
+
export declare function rewriteCurlArgumentsForGateway(curlArguments: readonly string[], targetUrl: string, gatewayUrl: string, password?: string | null, permissionsOverride?: string | null): readonly string[];
|
|
32
42
|
//# sourceMappingURL=client.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/gateway/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/gateway/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAI7D,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM;CAKhD;AAED,qBAAa,+BAAgC,SAAQ,KAAK;gBAC5C,WAAW,EAAE,MAAM;CAOhC;AAED,qBAAa,uBAAwB,SAAQ,KAAK;gBACpC,OAAO,EAAE,MAAM;CAI5B;AAOD;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,eAAe,EACxB,QAAQ,GAAE,MAAM,GAAG,IAAW,EAC9B,mBAAmB,GAAE,MAAM,GAAG,IAAW,GACxC,OAAO,CAAC,OAAO,CAAC,CA4ClB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAElF;AAED;;;;;;;;;GASG;AACH,wBAAgB,8BAA8B,CAC5C,aAAa,EAAE,SAAS,MAAM,EAAE,EAChC,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,QAAQ,GAAE,MAAM,GAAG,IAAW,EAC9B,mBAAmB,GAAE,MAAM,GAAG,IAAW,GACxC,SAAS,MAAM,EAAE,CA0BnB"}
|
|
@@ -4,6 +4,8 @@
|
|
|
4
4
|
* Commands are forwarded to the gateway's `/latchkey/` RPC endpoint, while
|
|
5
5
|
* `latchkey curl` has its target URL rewritten to route through `/gateway/`.
|
|
6
6
|
*/
|
|
7
|
+
import { GATEWAY_PASSWORD_HEADER } from './password.js';
|
|
8
|
+
import { PERMISSIONS_OVERRIDE_HEADER } from './permissionsOverride.js';
|
|
7
9
|
export class GatewayRequestError extends Error {
|
|
8
10
|
statusCode;
|
|
9
11
|
constructor(message, statusCode) {
|
|
@@ -31,14 +33,25 @@ function buildEndpointUrl(gatewayUrl, path) {
|
|
|
31
33
|
}
|
|
32
34
|
/**
|
|
33
35
|
* POST a request to the gateway's `/latchkey/` endpoint and return its `result`.
|
|
36
|
+
* When `password` is provided, it is sent in the gateway password header so
|
|
37
|
+
* the request can be authenticated by a password-protected gateway. When
|
|
38
|
+
* `permissionsOverride` is provided, it is sent in the permissions-override
|
|
39
|
+
* header so the gateway uses an alternative permissions.json for this request.
|
|
34
40
|
*/
|
|
35
|
-
export async function callLatchkeyEndpoint(gatewayUrl, request) {
|
|
41
|
+
export async function callLatchkeyEndpoint(gatewayUrl, request, password = null, permissionsOverride = null) {
|
|
36
42
|
const endpoint = buildEndpointUrl(gatewayUrl, '/latchkey');
|
|
43
|
+
const headers = { 'Content-Type': 'application/json' };
|
|
44
|
+
if (password !== null) {
|
|
45
|
+
headers[GATEWAY_PASSWORD_HEADER] = password;
|
|
46
|
+
}
|
|
47
|
+
if (permissionsOverride !== null) {
|
|
48
|
+
headers[PERMISSIONS_OVERRIDE_HEADER] = permissionsOverride;
|
|
49
|
+
}
|
|
37
50
|
let response;
|
|
38
51
|
try {
|
|
39
52
|
response = await fetch(endpoint, {
|
|
40
53
|
method: 'POST',
|
|
41
|
-
headers
|
|
54
|
+
headers,
|
|
42
55
|
body: JSON.stringify(request),
|
|
43
56
|
});
|
|
44
57
|
}
|
|
@@ -73,8 +86,14 @@ export function buildGatewayProxyUrl(gatewayUrl, targetUrl) {
|
|
|
73
86
|
/**
|
|
74
87
|
* Rewrite a curl argument list so the target URL points at the gateway's
|
|
75
88
|
* `/gateway/<target>` endpoint. Returns a new array; the original is unchanged.
|
|
89
|
+
*
|
|
90
|
+
* When `password` is provided, an `-H` argument carrying the gateway
|
|
91
|
+
* password header is prepended so the rewritten curl call can authenticate
|
|
92
|
+
* against a password-protected gateway. When `permissionsOverride` is
|
|
93
|
+
* provided, an `-H` argument carrying the permissions-override JWT is also
|
|
94
|
+
* prepended.
|
|
76
95
|
*/
|
|
77
|
-
export function rewriteCurlArgumentsForGateway(curlArguments, targetUrl, gatewayUrl) {
|
|
96
|
+
export function rewriteCurlArgumentsForGateway(curlArguments, targetUrl, gatewayUrl, password = null, permissionsOverride = null) {
|
|
78
97
|
const occurrences = curlArguments.reduce((count, argument) => (argument === targetUrl ? count + 1 : count), 0);
|
|
79
98
|
if (occurrences === 0) {
|
|
80
99
|
throw new GatewayCurlRewriteError(`Target URL '${targetUrl}' not found in curl arguments; refusing to rewrite.`);
|
|
@@ -84,6 +103,14 @@ export function rewriteCurlArgumentsForGateway(curlArguments, targetUrl, gateway
|
|
|
84
103
|
`refusing to rewrite to avoid ambiguous substitution.`);
|
|
85
104
|
}
|
|
86
105
|
const proxyUrl = buildGatewayProxyUrl(gatewayUrl, targetUrl);
|
|
87
|
-
|
|
106
|
+
const rewritten = curlArguments.map((argument) => (argument === targetUrl ? proxyUrl : argument));
|
|
107
|
+
const extraHeaders = [];
|
|
108
|
+
if (password !== null) {
|
|
109
|
+
extraHeaders.push('-H', `${GATEWAY_PASSWORD_HEADER}: ${password}`);
|
|
110
|
+
}
|
|
111
|
+
if (permissionsOverride !== null) {
|
|
112
|
+
extraHeaders.push('-H', `${PERMISSIONS_OVERRIDE_HEADER}: ${permissionsOverride}`);
|
|
113
|
+
}
|
|
114
|
+
return [...extraHeaders, ...rewritten];
|
|
88
115
|
}
|
|
89
116
|
//# sourceMappingURL=client.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/gateway/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/gateway/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,2BAA2B,EAAE,MAAM,0BAA0B,CAAC;AAEvE,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IACnC,UAAU,CAAS;IAE5B,YAAY,OAAe,EAAE,UAAkB;QAC7C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;QAClC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AAED,MAAM,OAAO,+BAAgC,SAAQ,KAAK;IACxD,YAAY,WAAmB;QAC7B,KAAK,CACH,IAAI,WAAW,oDAAoD;YACjE,mDAAmD,CACtD,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,iCAAiC,CAAC;IAChD,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,SAAS,gBAAgB,CAAC,UAAkB,EAAE,IAAY;IACxD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC5C,OAAO,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,UAAkB,EAClB,OAAwB,EACxB,WAA0B,IAAI,EAC9B,sBAAqC,IAAI;IAEzC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAE3D,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;IAC/E,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,OAAO,CAAC,uBAAuB,CAAC,GAAG,QAAQ,CAAC;IAC9C,CAAC;IACD,IAAI,mBAAmB,KAAK,IAAI,EAAE,CAAC;QACjC,OAAO,CAAC,2BAA2B,CAAC,GAAG,mBAAmB,CAAC;IAC7D,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YAC/B,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,IAAI,mBAAmB,CAAC,uCAAuC,QAAQ,KAAK,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;IAClG,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,UAAgD,CAAC;IACrD,IAAI,CAAC;QACH,UAAU;YACR,QAAQ,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAA0C,CAAC;IAC1F,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,mBAAmB,CAC3B,kDAAkD,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,QAAQ,EAAE,EAC5F,QAAQ,CAAC,MAAM,CAChB,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,OAAO,GACX,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ;YAClC,CAAC,CAAC,UAAU,CAAC,KAAK;YAClB,CAAC,CAAC,oCAAoC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QACvE,MAAM,IAAI,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,UAAU,CAAC,MAAM,IAAI,IAAI,CAAC;AACnC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAkB,EAAE,SAAiB;IACxE,OAAO,GAAG,gBAAgB,CAAC,UAAU,EAAE,WAAW,CAAC,GAAG,SAAS,EAAE,CAAC;AACpE,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,8BAA8B,CAC5C,aAAgC,EAChC,SAAiB,EACjB,UAAkB,EAClB,WAA0B,IAAI,EAC9B,sBAAqC,IAAI;IAEzC,MAAM,WAAW,GAAG,aAAa,CAAC,MAAM,CACtC,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EACjE,CAAC,CACF,CAAC;IACF,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,uBAAuB,CAC/B,eAAe,SAAS,qDAAqD,CAC9E,CAAC;IACJ,CAAC;IACD,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,uBAAuB,CAC/B,eAAe,SAAS,aAAa,WAAW,CAAC,QAAQ,EAAE,4BAA4B;YACrF,sDAAsD,CACzD,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,oBAAoB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC7D,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClG,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,uBAAuB,KAAK,QAAQ,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,mBAAmB,KAAK,IAAI,EAAE,CAAC;QACjC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,2BAA2B,KAAK,mBAAmB,EAAE,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,CAAC,GAAG,YAAY,EAAE,GAAG,SAAS,CAAC,CAAC;AACzC,CAAC"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Extensions: user-supplied HTTP handlers mounted on the gateway.
|
|
3
|
+
*
|
|
4
|
+
* The gateway scans `extensionsDirectory` for `*.mjs` files at startup
|
|
5
|
+
* and dynamically imports each one. Each module's default export must be
|
|
6
|
+
* a function `(request, response) => boolean | Promise<boolean>`:
|
|
7
|
+
*
|
|
8
|
+
* - return `true` when the extension has handled the request (i.e. it
|
|
9
|
+
* has written / will write the response). The gateway will not consult
|
|
10
|
+
* any further extensions.
|
|
11
|
+
* - return `false` to defer to the next extension. The handler must not
|
|
12
|
+
* touch the response in this case.
|
|
13
|
+
*
|
|
14
|
+
* Extensions only see Node's raw HTTP request / response. They do NOT have
|
|
15
|
+
* access to credential storage, the curl-injection pipeline, or the service
|
|
16
|
+
* registry. Each extension request is run through the same
|
|
17
|
+
* `permissions.json` machinery as `/gateway/...` proxy requests, by
|
|
18
|
+
* synthesising a request whose URL uses fixed placeholder values
|
|
19
|
+
* (representing "this gateway") while preserving the inbound method, path,
|
|
20
|
+
* and headers.
|
|
21
|
+
*/
|
|
22
|
+
import * as http from 'node:http';
|
|
23
|
+
import type { CliDependencies } from '../cliCommands.js';
|
|
24
|
+
/**
|
|
25
|
+
* Placeholder URL parts that stand in for "this gateway" when extension
|
|
26
|
+
* requests are run through the permission check. They use RFC 2606's
|
|
27
|
+
* reserved `.invalid` TLD so the synthetic URL is guaranteed never to
|
|
28
|
+
* resolve to a real host. Detent schemas matching extension routes should
|
|
29
|
+
* key on these exact values.
|
|
30
|
+
*/
|
|
31
|
+
export declare const EXTENSION_PLACEHOLDER_SCHEME = "https";
|
|
32
|
+
export declare const EXTENSION_PLACEHOLDER_HOST = "latchkey-self.invalid";
|
|
33
|
+
export declare const EXTENSION_PLACEHOLDER_PORT = 1;
|
|
34
|
+
export type ExtensionHandler = (request: http.IncomingMessage, response: http.ServerResponse) => boolean | Promise<boolean>;
|
|
35
|
+
export interface LoadedExtension {
|
|
36
|
+
readonly handler: ExtensionHandler;
|
|
37
|
+
/** Absolute path of the file the handler was loaded from. */
|
|
38
|
+
readonly sourceFile: string;
|
|
39
|
+
}
|
|
40
|
+
export declare class ExtensionLoadError extends Error {
|
|
41
|
+
constructor(message: string);
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Load every extension module in `directory` and return the resulting
|
|
45
|
+
* ordered list. Extensions are tried in alphabetical order of filename, so
|
|
46
|
+
* the loader returns them in that order. Returns an empty list if the
|
|
47
|
+
* directory does not exist. Throws `ExtensionLoadError` on the first file
|
|
48
|
+
* that fails to import or has the wrong shape.
|
|
49
|
+
*/
|
|
50
|
+
export declare function loadExtensions(directory: string): Promise<readonly LoadedExtension[]>;
|
|
51
|
+
/**
|
|
52
|
+
* Run the permission check for an inbound extension request and offer it to
|
|
53
|
+
* each loaded extension in order. Returns true when an extension claimed
|
|
54
|
+
* the request (i.e. responded or threw). When false, no extension touched
|
|
55
|
+
* the response and the caller is responsible for sending a fallback
|
|
56
|
+
* (typically `404`).
|
|
57
|
+
*/
|
|
58
|
+
export declare function dispatchExtensionRequest(request: http.IncomingMessage, response: http.ServerResponse, extensions: readonly LoadedExtension[], deps: CliDependencies, permissionsConfigPath: string): Promise<boolean>;
|
|
59
|
+
//# sourceMappingURL=extensions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"extensions.d.ts","sourceRoot":"","sources":["../../../src/gateway/extensions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAIlC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAKzD;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,UAAU,CAAC;AACpD,eAAO,MAAM,0BAA0B,0BAA0B,CAAC;AAClE,eAAO,MAAM,0BAA0B,IAAI,CAAC;AAI5C,MAAM,MAAM,gBAAgB,GAAG,CAC7B,OAAO,EAAE,IAAI,CAAC,eAAe,EAC7B,QAAQ,EAAE,IAAI,CAAC,cAAc,KAC1B,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEhC,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACnC,6DAA6D;IAC7D,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAMD,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAWD;;;;;;GAMG;AACH,wBAAsB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,eAAe,EAAE,CAAC,CAiC3F;AA0CD;;;;;;GAMG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,IAAI,CAAC,eAAe,EAC7B,QAAQ,EAAE,IAAI,CAAC,cAAc,EAC7B,UAAU,EAAE,SAAS,eAAe,EAAE,EACtC,IAAI,EAAE,eAAe,EACrB,qBAAqB,EAAE,MAAM,GAC5B,OAAO,CAAC,OAAO,CAAC,CA6ClB"}
|