mongoku 2.7.0-compat → 2.7.1-compat

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. package/README.md +3 -0
  2. package/build/client/_app/immutable/chunks/{CeXlKXQN.js → By8u4tLX.js} +1 -1
  3. package/build/client/_app/immutable/chunks/By8u4tLX.js.br +0 -0
  4. package/build/client/_app/immutable/chunks/By8u4tLX.js.gz +0 -0
  5. package/build/client/_app/immutable/chunks/{BIUJX0Ps.js → C8xXYC2Z.js} +1 -1
  6. package/build/client/_app/immutable/chunks/C8xXYC2Z.js.br +0 -0
  7. package/build/client/_app/immutable/chunks/C8xXYC2Z.js.gz +0 -0
  8. package/build/client/_app/immutable/chunks/CCpnxaiB.js +4 -0
  9. package/build/client/_app/immutable/chunks/CCpnxaiB.js.br +0 -0
  10. package/build/client/_app/immutable/chunks/CCpnxaiB.js.gz +0 -0
  11. package/build/client/_app/immutable/chunks/{BBqIHhSl.js → CYfKAzOk.js} +1 -1
  12. package/build/client/_app/immutable/chunks/CYfKAzOk.js.br +0 -0
  13. package/build/client/_app/immutable/chunks/CYfKAzOk.js.gz +0 -0
  14. package/build/client/_app/immutable/chunks/DKLdLuLU.js +1 -0
  15. package/build/client/_app/immutable/chunks/DKLdLuLU.js.br +0 -0
  16. package/build/client/_app/immutable/chunks/DKLdLuLU.js.gz +0 -0
  17. package/build/client/_app/immutable/chunks/{DtqR9xj2.js → IE1XEpRW.js} +1 -1
  18. package/build/client/_app/immutable/chunks/IE1XEpRW.js.br +0 -0
  19. package/build/client/_app/immutable/chunks/IE1XEpRW.js.gz +0 -0
  20. package/build/client/_app/immutable/chunks/{DkIdyQoH.js → UnUXmJ43.js} +1 -1
  21. package/build/client/_app/immutable/chunks/UnUXmJ43.js.br +0 -0
  22. package/build/client/_app/immutable/chunks/UnUXmJ43.js.gz +0 -0
  23. package/build/client/_app/immutable/entry/{app.DSC3O-oq.js → app.40CWB43o.js} +2 -2
  24. package/build/client/_app/immutable/entry/app.40CWB43o.js.br +0 -0
  25. package/build/client/_app/immutable/entry/app.40CWB43o.js.gz +0 -0
  26. package/build/client/_app/immutable/entry/start.lmVN1KK1.js +1 -0
  27. package/build/client/_app/immutable/entry/start.lmVN1KK1.js.br +0 -0
  28. package/build/client/_app/immutable/entry/start.lmVN1KK1.js.gz +0 -0
  29. package/build/client/_app/immutable/nodes/{0.CMAlzqMw.js → 0.DyclQIzW.js} +1 -1
  30. package/build/client/_app/immutable/nodes/0.DyclQIzW.js.br +0 -0
  31. package/build/client/_app/immutable/nodes/0.DyclQIzW.js.gz +0 -0
  32. package/build/client/_app/immutable/nodes/{1.B6Npt7WS.js → 1.C-sLMJ7d.js} +1 -1
  33. package/build/client/_app/immutable/nodes/1.C-sLMJ7d.js.br +0 -0
  34. package/build/client/_app/immutable/nodes/1.C-sLMJ7d.js.gz +0 -0
  35. package/build/client/_app/immutable/nodes/{10.UKtNnnWx.js → 10.VNwhfZRw.js} +1 -1
  36. package/build/client/_app/immutable/nodes/10.VNwhfZRw.js.br +0 -0
  37. package/build/client/_app/immutable/nodes/10.VNwhfZRw.js.gz +0 -0
  38. package/build/client/_app/immutable/nodes/{11.DZQrIhD6.js → 11.Bn2rbCuv.js} +1 -1
  39. package/build/client/_app/immutable/nodes/11.Bn2rbCuv.js.br +0 -0
  40. package/build/client/_app/immutable/nodes/11.Bn2rbCuv.js.gz +0 -0
  41. package/build/client/_app/immutable/nodes/{12.Bb2XzJJ4.js → 12.BFq091A7.js} +1 -1
  42. package/build/client/_app/immutable/nodes/12.BFq091A7.js.br +0 -0
  43. package/build/client/_app/immutable/nodes/12.BFq091A7.js.gz +0 -0
  44. package/build/client/_app/immutable/nodes/{13.B_EllgAJ.js → 13.DbNsr4WX.js} +1 -1
  45. package/build/client/_app/immutable/nodes/13.DbNsr4WX.js.br +0 -0
  46. package/build/client/_app/immutable/nodes/13.DbNsr4WX.js.gz +0 -0
  47. package/build/client/_app/immutable/nodes/{14.Ds1Cbw86.js → 14.DTYaKKlW.js} +1 -1
  48. package/build/client/_app/immutable/nodes/14.DTYaKKlW.js.br +0 -0
  49. package/build/client/_app/immutable/nodes/14.DTYaKKlW.js.gz +0 -0
  50. package/build/client/_app/immutable/nodes/{7.DrDdJlUZ.js → 7.BE4cR7tR.js} +1 -1
  51. package/build/client/_app/immutable/nodes/7.BE4cR7tR.js.br +0 -0
  52. package/build/client/_app/immutable/nodes/7.BE4cR7tR.js.gz +0 -0
  53. package/build/client/_app/immutable/nodes/{8.DY5fyf2p.js → 8.CnKkrVDw.js} +1 -1
  54. package/build/client/_app/immutable/nodes/8.CnKkrVDw.js.br +0 -0
  55. package/build/client/_app/immutable/nodes/8.CnKkrVDw.js.gz +0 -0
  56. package/build/client/_app/immutable/nodes/{9.DSZg3ucy.js → 9.Bekrbf_Y.js} +1 -1
  57. package/build/client/_app/immutable/nodes/9.Bekrbf_Y.js.br +0 -0
  58. package/build/client/_app/immutable/nodes/9.Bekrbf_Y.js.gz +0 -0
  59. package/build/client/_app/version.json +1 -1
  60. package/build/client/_app/version.json.br +0 -0
  61. package/build/client/_app/version.json.gz +0 -0
  62. package/build/server/chunks/{0-94hvO2vX.js → 0-CjMXOm6-.js} +3 -3
  63. package/build/server/chunks/{0-94hvO2vX.js.map → 0-CjMXOm6-.js.map} +1 -1
  64. package/build/server/chunks/{1-DU2n-wa5.js → 1-IQ-QIckx.js} +2 -2
  65. package/build/server/chunks/{1-DU2n-wa5.js.map → 1-IQ-QIckx.js.map} +1 -1
  66. package/build/server/chunks/{10-CA3VfgE7.js → 10-DQlggkvf.js} +2 -2
  67. package/build/server/chunks/{10-CA3VfgE7.js.map → 10-DQlggkvf.js.map} +1 -1
  68. package/build/server/chunks/{11-xh-tBR25.js → 11-eOTEk6eF.js} +2 -2
  69. package/build/server/chunks/{11-xh-tBR25.js.map → 11-eOTEk6eF.js.map} +1 -1
  70. package/build/server/chunks/{12-CHoThn5d.js → 12-QziVeVSc.js} +2 -2
  71. package/build/server/chunks/{12-CHoThn5d.js.map → 12-QziVeVSc.js.map} +1 -1
  72. package/build/server/chunks/{13-s3o-iKja.js → 13-BjZYcyS0.js} +2 -2
  73. package/build/server/chunks/{13-s3o-iKja.js.map → 13-BjZYcyS0.js.map} +1 -1
  74. package/build/server/chunks/{14-Ch_I9f3x.js → 14-C_fye7SR.js} +2 -2
  75. package/build/server/chunks/{14-Ch_I9f3x.js.map → 14-C_fye7SR.js.map} +1 -1
  76. package/build/server/chunks/{7-B_ur3ckj.js → 7-Bs1j8mlV.js} +2 -2
  77. package/build/server/chunks/{7-B_ur3ckj.js.map → 7-Bs1j8mlV.js.map} +1 -1
  78. package/build/server/chunks/{8-BEcdRamT.js → 8-BkSFBslx.js} +2 -2
  79. package/build/server/chunks/{8-BEcdRamT.js.map → 8-BkSFBslx.js.map} +1 -1
  80. package/build/server/chunks/{9-CeMYWy9o.js → 9-C474Z3kx.js} +2 -2
  81. package/build/server/chunks/{9-CeMYWy9o.js.map → 9-C474Z3kx.js.map} +1 -1
  82. package/build/server/chunks/{_server.ts-Bs5HC7Wf.js → _server.ts-BmyzPj3L.js} +7 -3
  83. package/build/server/chunks/_server.ts-BmyzPj3L.js.map +1 -0
  84. package/build/server/chunks/{_server.ts-DRL9sDg4.js → _server.ts-BsZ825gJ.js} +2 -2
  85. package/build/server/chunks/{_server.ts-DRL9sDg4.js.map → _server.ts-BsZ825gJ.js.map} +1 -1
  86. package/build/server/chunks/{_server.ts-B3lXxheE.js → _server.ts-D67MghZb.js} +2 -2
  87. package/build/server/chunks/{_server.ts-B3lXxheE.js.map → _server.ts-D67MghZb.js.map} +1 -1
  88. package/build/server/chunks/{_server.ts-DqL5edUL.js → _server.ts-DKuI03oJ.js} +2 -2
  89. package/build/server/chunks/{_server.ts-DqL5edUL.js.map → _server.ts-DKuI03oJ.js.map} +1 -1
  90. package/build/server/chunks/{hooks.server-Cq7ufuFU.js → hooks.server-FwLGFfI8.js} +2 -2
  91. package/build/server/chunks/{hooks.server-Cq7ufuFU.js.map → hooks.server-FwLGFfI8.js.map} +1 -1
  92. package/build/server/chunks/{oauth-BfIECOev.js → oauth-CpJ4lGij.js} +32 -9
  93. package/build/server/chunks/oauth-CpJ4lGij.js.map +1 -0
  94. package/build/server/index.js +2 -2
  95. package/build/server/index.js.map +1 -1
  96. package/build/server/manifest.js +15 -15
  97. package/build/server/manifest.js.map +1 -1
  98. package/package.json +1 -1
  99. package/src/lib/server/oauth.ts +43 -7
  100. package/src/routes/auth/callback/+server.ts +7 -1
  101. package/build/client/_app/immutable/chunks/BBqIHhSl.js.br +0 -0
  102. package/build/client/_app/immutable/chunks/BBqIHhSl.js.gz +0 -0
  103. package/build/client/_app/immutable/chunks/BIUJX0Ps.js.br +0 -0
  104. package/build/client/_app/immutable/chunks/BIUJX0Ps.js.gz +0 -0
  105. package/build/client/_app/immutable/chunks/CeXlKXQN.js.br +0 -0
  106. package/build/client/_app/immutable/chunks/CeXlKXQN.js.gz +0 -0
  107. package/build/client/_app/immutable/chunks/ChTiw7nk.js +0 -4
  108. package/build/client/_app/immutable/chunks/ChTiw7nk.js.br +0 -0
  109. package/build/client/_app/immutable/chunks/ChTiw7nk.js.gz +0 -0
  110. package/build/client/_app/immutable/chunks/Czyt1_Wc.js +0 -1
  111. package/build/client/_app/immutable/chunks/Czyt1_Wc.js.br +0 -0
  112. package/build/client/_app/immutable/chunks/Czyt1_Wc.js.gz +0 -0
  113. package/build/client/_app/immutable/chunks/DkIdyQoH.js.br +0 -0
  114. package/build/client/_app/immutable/chunks/DkIdyQoH.js.gz +0 -0
  115. package/build/client/_app/immutable/chunks/DtqR9xj2.js.br +0 -0
  116. package/build/client/_app/immutable/chunks/DtqR9xj2.js.gz +0 -0
  117. package/build/client/_app/immutable/entry/app.DSC3O-oq.js.br +0 -0
  118. package/build/client/_app/immutable/entry/app.DSC3O-oq.js.gz +0 -0
  119. package/build/client/_app/immutable/entry/start.DXWFdQeQ.js +0 -1
  120. package/build/client/_app/immutable/entry/start.DXWFdQeQ.js.br +0 -0
  121. package/build/client/_app/immutable/entry/start.DXWFdQeQ.js.gz +0 -0
  122. package/build/client/_app/immutable/nodes/0.CMAlzqMw.js.br +0 -0
  123. package/build/client/_app/immutable/nodes/0.CMAlzqMw.js.gz +0 -0
  124. package/build/client/_app/immutable/nodes/1.B6Npt7WS.js.br +0 -4
  125. package/build/client/_app/immutable/nodes/1.B6Npt7WS.js.gz +0 -0
  126. package/build/client/_app/immutable/nodes/10.UKtNnnWx.js.br +0 -0
  127. package/build/client/_app/immutable/nodes/10.UKtNnnWx.js.gz +0 -0
  128. package/build/client/_app/immutable/nodes/11.DZQrIhD6.js.br +0 -0
  129. package/build/client/_app/immutable/nodes/11.DZQrIhD6.js.gz +0 -0
  130. package/build/client/_app/immutable/nodes/12.Bb2XzJJ4.js.br +0 -0
  131. package/build/client/_app/immutable/nodes/12.Bb2XzJJ4.js.gz +0 -0
  132. package/build/client/_app/immutable/nodes/13.B_EllgAJ.js.br +0 -0
  133. package/build/client/_app/immutable/nodes/13.B_EllgAJ.js.gz +0 -0
  134. package/build/client/_app/immutable/nodes/14.Ds1Cbw86.js.br +0 -0
  135. package/build/client/_app/immutable/nodes/14.Ds1Cbw86.js.gz +0 -0
  136. package/build/client/_app/immutable/nodes/7.DrDdJlUZ.js.br +0 -0
  137. package/build/client/_app/immutable/nodes/7.DrDdJlUZ.js.gz +0 -0
  138. package/build/client/_app/immutable/nodes/8.DY5fyf2p.js.br +0 -0
  139. package/build/client/_app/immutable/nodes/8.DY5fyf2p.js.gz +0 -0
  140. package/build/client/_app/immutable/nodes/9.DSZg3ucy.js.br +0 -0
  141. package/build/client/_app/immutable/nodes/9.DSZg3ucy.js.gz +0 -0
  142. package/build/server/chunks/_server.ts-Bs5HC7Wf.js.map +0 -1
  143. package/build/server/chunks/oauth-BfIECOev.js.map +0 -1
package/build/server/chunks/{_server.ts-Bs5HC7Wf.js → _server.ts-BmyzPj3L.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { b as base } from './server-Crjo4w1q.js';
2
2
  import './url-hmE1zcJ6.js';
3
- import { g as getOAuthConfig, c as cookieOptions, e as exchangeCode, a as getCallbackUrl, b as extractUserFromIdToken, d as createSessionCookie } from './oauth-BfIECOev.js';
3
+ import { g as getOAuthConfig, c as cookieOptions, e as exchangeCode, a as getCallbackUrl, b as extractUserFromIdToken, d as checkRequiredClaim, f as createSessionCookie } from './oauth-CpJ4lGij.js';
4
4
  import { r as redirect, e as error } from './index-wpIsICWW.js';
5
5
  import './async-lVJA8xJZ.js';
6
6
  import './shared-server-BmU87nph.js';
@@ -32,15 +32,19 @@ const GET = async ({ url, cookies }) => {
32
32
  cookies.delete("mongoku_pkce_verifier", cookieOptions(url));
33
33
  const tokens = await exchangeCode(config, url.origin, code, storedVerifier, getCallbackUrl(url.origin));
34
34
  let user = {};
35
+ let claims = {};
35
36
  if (tokens.id_token) {
36
- user = extractUserFromIdToken(tokens.id_token);
37
+ ({ user, claims } = extractUserFromIdToken(tokens.id_token));
37
38
  }
38
39
  if (config.allowedSubs && (!user.sub || !config.allowedSubs.has(user.sub))) {
39
40
  error(403, "Your account is not authorized to access this application");
40
41
  }
42
+ if (config.requiredClaim && !checkRequiredClaim(claims, config.requiredClaim)) {
43
+ error(403, `Required claim not satisfied: ${config.requiredClaim.field}=${config.requiredClaim.value}`);
44
+ }
41
45
  cookies.set("mongoku_session", createSessionCookie(config, user), cookieOptions(url, config.sessionDuration));
42
46
  redirect(302, `${base}/`);
43
47
  };
44
48
 
45
49
  export { GET };
46
- //# sourceMappingURL=_server.ts-Bs5HC7Wf.js.map
50
+ //# sourceMappingURL=_server.ts-BmyzPj3L.js.map
package/build/server/chunks/_server.ts-BmyzPj3L.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"_server.ts-BmyzPj3L.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/auth/callback/_server.ts.js"],"sourcesContent":["import { b as base } from \"../../../../chunks/server.js\";\nimport \"../../../../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../../../../chunks/root.js\";\nimport { g as getOAuthConfig, c as cookieOptions, e as exchangeCode, a as getCallbackUrl, b as extractUserFromIdToken, d as checkRequiredClaim, f as createSessionCookie } from \"../../../../chunks/oauth.js\";\nimport { redirect, error } from \"@sveltejs/kit\";\nconst GET = async ({ url, cookies }) => {\n const config = await getOAuthConfig();\n if (!config) {\n redirect(302, `${base}/`);\n }\n const oauthError = url.searchParams.get(\"error\");\n if (oauthError) {\n error(403, url.searchParams.get(\"error_description\") || oauthError);\n }\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n if (!code || !state) {\n error(400, \"Missing code or state parameter\");\n }\n const storedState = cookies.get(\"mongoku_pkce_state\");\n const storedVerifier = cookies.get(\"mongoku_pkce_verifier\");\n if (!storedState || !storedVerifier) {\n error(400, \"Missing OAuth cookies — please try logging in again\");\n }\n if (state !== storedState) {\n error(403, \"Invalid OAuth state\");\n }\n cookies.delete(\"mongoku_pkce_state\", cookieOptions(url));\n cookies.delete(\"mongoku_pkce_verifier\", cookieOptions(url));\n const tokens = await exchangeCode(config, url.origin, code, storedVerifier, getCallbackUrl(url.origin));\n let user = {};\n let claims = {};\n if (tokens.id_token) {\n ({ user, claims } = extractUserFromIdToken(tokens.id_token));\n }\n if (config.allowedSubs && (!user.sub || !config.allowedSubs.has(user.sub))) {\n error(403, \"Your account is not authorized to access this application\");\n }\n if (config.requiredClaim && !checkRequiredClaim(claims, config.requiredClaim)) {\n error(403, `Required claim not satisfied: ${config.requiredClaim.field}=${config.requiredClaim.value}`);\n }\n cookies.set(\"mongoku_session\", createSessionCookie(config, user), cookieOptions(url, config.sessionDuration));\n redirect(302, `${base}/`);\n};\nexport {\n GET\n};\n"],"names":[],"mappings":";;;;;;;;AAMK,MAAC,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK;AACxC,EAAE,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE;AACvC,EAAE,IAAI,CAAC,MAAM,EAAE;AACf,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7B,EAAE;AACF,EAAE,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;AAClD,EAAE,IAAI,UAAU,EAAE;AAClB,IAAI,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,UAAU,CAAC;AACvE,EAAE;AACF,EAAE,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;AAC3C,EAAE,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;AAC7C,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE;AACvB,IAAI,KAAK,CAAC,GAAG,EAAE,iCAAiC,CAAC;AACjD,EAAE;AACF,EAAE,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;AACvD,EAAE,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;AAC7D,EAAE,IAAI,CAAC,WAAW,IAAI,CAAC,cAAc,EAAE;AACvC,IAAI,KAAK,CAAC,GAAG,EAAE,qDAAqD,CAAC;AACrE,EAAE;AACF,EAAE,IAAI,KAAK,KAAK,WAAW,EAAE;AAC7B,IAAI,KAAK,CAAC,GAAG,EAAE,qBAAqB,CAAC;AACrC,EAAE;AACF,EAAE,OAAO,CAAC,MAAM,CAAC,oBAAoB,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;AAC1D,EAAE,OAAO,CAAC,MAAM,CAAC,uBAAuB,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;AAC7D,EAAE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACzG,EAAE,IAAI,IAAI,GAAG,EAAE;AACf,EAAE,IAAI,MAAM,GAAG,EAAE;AACjB,EAAE,IAAI,MAAM,CAAC,QAAQ,EAAE;AACvB,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,sBAAsB,CAAC,MAAM,CAAC,QAAQ,CAAC;AAC/D,EAAE;AACF,EAAE,IAAI,MAAM,CAAC,WAAW,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE;AAC9E,IAAI,KAAK,CAAC,GAAG,EAAE,2DAA2D,CAAC;AAC3E,EAAE;AACF,EAAE,IAAI,MAAM,CAAC,aAAa,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC,EAAE;AACjF,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC,8BAA8B,EAAE,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;AAC3G,EAAE;AACF,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;AAC/G,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AAC3B;;;;"}
package/build/server/chunks/{_server.ts-DRL9sDg4.js → _server.ts-BsZ825gJ.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { b as base } from './server-Crjo4w1q.js';
2
2
  import './url-hmE1zcJ6.js';
3
- import { g as getOAuthConfig, O as OAUTH_CIMD_CLIENT_ID, a as getCallbackUrl } from './oauth-BfIECOev.js';
3
+ import { g as getOAuthConfig, O as OAUTH_CIMD_CLIENT_ID, a as getCallbackUrl } from './oauth-CpJ4lGij.js';
4
4
  import './async-lVJA8xJZ.js';
5
5
  import './shared-server-BmU87nph.js';
6
6
  import 'node:crypto';
@@ -31,4 +31,4 @@ const GET = async ({ url }) => {
31
31
  };
32
32
 
33
33
  export { GET };
34
- //# sourceMappingURL=_server.ts-DRL9sDg4.js.map
34
+ //# sourceMappingURL=_server.ts-BsZ825gJ.js.map
package/build/server/chunks/{_server.ts-DRL9sDg4.js.map → _server.ts-BsZ825gJ.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"_server.ts-DRL9sDg4.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/.well-known/cimd.json/_server.ts.js"],"sourcesContent":["import { b as base } from \"../../../../chunks/server.js\";\nimport \"../../../../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../../../../chunks/root.js\";\nimport { g as getOAuthConfig, O as OAUTH_CIMD_CLIENT_ID, a as getCallbackUrl } from \"../../../../chunks/oauth.js\";\nconst GET = async ({ url }) => {\n const config = await getOAuthConfig();\n if (!config) {\n return new Response(\"OAuth is not configured\", { status: 404 });\n }\n if (config.clientId !== OAUTH_CIMD_CLIENT_ID) {\n return new Response(\"CIMD is disabled\", { status: 404 });\n }\n return new Response(\n JSON.stringify({\n client_id: new URL(url.pathname, url.origin).toString(),\n client_name: \"Mongoku\",\n client_uri: `${url.origin}${base}`,\n redirect_uris: [getCallbackUrl(url.origin)],\n token_endpoint_auth_method: \"none\",\n scope: config.scopes\n }),\n {\n headers: {\n \"Content-Type\": \"application/json\"\n }\n }\n );\n};\nexport {\n GET\n};\n"],"names":[],"mappings":";;;;;;;AAKK,MAAC,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,KAAK;AAC/B,EAAE,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE;AACvC,EAAE,IAAI,CAAC,MAAM,EAAE;AACf,IAAI,OAAO,IAAI,QAAQ,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACnE,EAAE;AACF,EAAE,IAAI,MAAM,CAAC,QAAQ,KAAK,oBAAoB,EAAE;AAChD,IAAI,OAAO,IAAI,QAAQ,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AAC5D,EAAE;AACF,EAAE,OAAO,IAAI,QAAQ;AACrB,IAAI,IAAI,CAAC,SAAS,CAAC;AACnB,MAAM,SAAS,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE;AAC7D,MAAM,WAAW,EAAE,SAAS;AAC5B,MAAM,UAAU,EAAE,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;AACxC,MAAM,aAAa,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACjD,MAAM,0BAA0B,EAAE,MAAM;AACxC,MAAM,KAAK,EAAE,MAAM,CAAC;AACpB,KAAK,CAAC;AACN,IAAI;AACJ,MAAM,OAAO,EAAE;AACf,QAAQ,cAAc,EAAE;AACxB;AACA;AACA,GAAG;AACH;;;;"}
1
+ {"version":3,"file":"_server.ts-BsZ825gJ.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/.well-known/cimd.json/_server.ts.js"],"sourcesContent":["import { b as base } from \"../../../../chunks/server.js\";\nimport \"../../../../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../../../../chunks/root.js\";\nimport { g as getOAuthConfig, O as OAUTH_CIMD_CLIENT_ID, a as getCallbackUrl } from \"../../../../chunks/oauth.js\";\nconst GET = async ({ url }) => {\n const config = await getOAuthConfig();\n if (!config) {\n return new Response(\"OAuth is not configured\", { status: 404 });\n }\n if (config.clientId !== OAUTH_CIMD_CLIENT_ID) {\n return new Response(\"CIMD is disabled\", { status: 404 });\n }\n return new Response(\n JSON.stringify({\n client_id: new URL(url.pathname, url.origin).toString(),\n client_name: \"Mongoku\",\n client_uri: `${url.origin}${base}`,\n redirect_uris: [getCallbackUrl(url.origin)],\n token_endpoint_auth_method: \"none\",\n scope: config.scopes\n }),\n {\n headers: {\n \"Content-Type\": \"application/json\"\n }\n }\n );\n};\nexport {\n GET\n};\n"],"names":[],"mappings":";;;;;;;AAKK,MAAC,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,KAAK;AAC/B,EAAE,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE;AACvC,EAAE,IAAI,CAAC,MAAM,EAAE;AACf,IAAI,OAAO,IAAI,QAAQ,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACnE,EAAE;AACF,EAAE,IAAI,MAAM,CAAC,QAAQ,KAAK,oBAAoB,EAAE;AAChD,IAAI,OAAO,IAAI,QAAQ,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AAC5D,EAAE;AACF,EAAE,OAAO,IAAI,QAAQ;AACrB,IAAI,IAAI,CAAC,SAAS,CAAC;AACnB,MAAM,SAAS,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE;AAC7D,MAAM,WAAW,EAAE,SAAS;AAC5B,MAAM,UAAU,EAAE,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;AACxC,MAAM,aAAa,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACjD,MAAM,0BAA0B,EAAE,MAAM;AACxC,MAAM,KAAK,EAAE,MAAM,CAAC;AACpB,KAAK,CAAC;AACN,IAAI;AACJ,MAAM,OAAO,EAAE;AACf,QAAQ,cAAc,EAAE;AACxB;AACA;AACA,GAAG;AACH;;;;"}
package/build/server/chunks/{_server.ts-B3lXxheE.js → _server.ts-D67MghZb.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { b as base } from './server-Crjo4w1q.js';
2
2
  import './url-hmE1zcJ6.js';
3
- import { c as cookieOptions } from './oauth-BfIECOev.js';
3
+ import { c as cookieOptions } from './oauth-CpJ4lGij.js';
4
4
  import { r as redirect } from './index-wpIsICWW.js';
5
5
  import './async-lVJA8xJZ.js';
6
6
  import './shared-server-BmU87nph.js';
@@ -12,4 +12,4 @@ const POST = async ({ cookies, url }) => {
12
12
  };
13
13
 
14
14
  export { POST };
15
- //# sourceMappingURL=_server.ts-B3lXxheE.js.map
15
+ //# sourceMappingURL=_server.ts-D67MghZb.js.map
package/build/server/chunks/{_server.ts-B3lXxheE.js.map → _server.ts-D67MghZb.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"_server.ts-B3lXxheE.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/auth/logout/_server.ts.js"],"sourcesContent":["import { b as base } from \"../../../../chunks/server.js\";\nimport \"../../../../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../../../../chunks/root.js\";\nimport { c as cookieOptions } from \"../../../../chunks/oauth.js\";\nimport { redirect } from \"@sveltejs/kit\";\nconst POST = async ({ cookies, url }) => {\n cookies.delete(\"mongoku_session\", cookieOptions(url));\n redirect(302, `${base}/auth/logout`);\n};\nexport {\n POST\n};\n"],"names":[],"mappings":";;;;;;;;AAMK,MAAC,IAAI,GAAG,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK;AACzC,EAAE,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;AACvD,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;AACtC;;;;"}
1
+ {"version":3,"file":"_server.ts-D67MghZb.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/auth/logout/_server.ts.js"],"sourcesContent":["import { b as base } from \"../../../../chunks/server.js\";\nimport \"../../../../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../../../../chunks/root.js\";\nimport { c as cookieOptions } from \"../../../../chunks/oauth.js\";\nimport { redirect } from \"@sveltejs/kit\";\nconst POST = async ({ cookies, url }) => {\n cookies.delete(\"mongoku_session\", cookieOptions(url));\n redirect(302, `${base}/auth/logout`);\n};\nexport {\n POST\n};\n"],"names":[],"mappings":";;;;;;;;AAMK,MAAC,IAAI,GAAG,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK;AACzC,EAAE,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;AACvD,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;AACtC;;;;"}
package/build/server/chunks/{_server.ts-DqL5edUL.js → _server.ts-DKuI03oJ.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { b as base } from './server-Crjo4w1q.js';
2
2
  import './url-hmE1zcJ6.js';
3
- import { g as getOAuthConfig, f as generateCodeVerifier, h as generateCodeChallenge, i as generateState, a as getCallbackUrl, c as cookieOptions, j as buildAuthorizationUrl } from './oauth-BfIECOev.js';
3
+ import { g as getOAuthConfig, h as generateCodeVerifier, i as generateCodeChallenge, j as generateState, a as getCallbackUrl, c as cookieOptions, k as buildAuthorizationUrl } from './oauth-CpJ4lGij.js';
4
4
  import { r as redirect } from './index-wpIsICWW.js';
5
5
  import './async-lVJA8xJZ.js';
6
6
  import './shared-server-BmU87nph.js';
@@ -21,4 +21,4 @@ const GET = async ({ url, cookies }) => {
21
21
  };
22
22
 
23
23
  export { GET };
24
- //# sourceMappingURL=_server.ts-DqL5edUL.js.map
24
+ //# sourceMappingURL=_server.ts-DKuI03oJ.js.map
package/build/server/chunks/{_server.ts-DqL5edUL.js.map → _server.ts-DKuI03oJ.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"_server.ts-DqL5edUL.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/auth/login/_server.ts.js"],"sourcesContent":["import { b as base } from \"../../../../chunks/server.js\";\nimport \"../../../../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../../../../chunks/root.js\";\nimport { g as getOAuthConfig, f as generateCodeVerifier, h as generateCodeChallenge, i as generateState, a as getCallbackUrl, c as cookieOptions, j as buildAuthorizationUrl } from \"../../../../chunks/oauth.js\";\nimport { redirect } from \"@sveltejs/kit\";\nconst GET = async ({ url, cookies }) => {\n const config = await getOAuthConfig();\n if (!config) {\n redirect(302, `${base}/`);\n }\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n const callbackUrl = getCallbackUrl(url.origin);\n cookies.set(\"mongoku_pkce_verifier\", codeVerifier, cookieOptions(url, 300));\n cookies.set(\"mongoku_pkce_state\", state, cookieOptions(url, 300));\n redirect(302, buildAuthorizationUrl(config, url.origin, callbackUrl, codeChallenge, state));\n};\nexport {\n GET\n};\n"],"names":[],"mappings":";;;;;;;;AAMK,MAAC,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK;AACxC,EAAE,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE;AACvC,EAAE,IAAI,CAAC,MAAM,EAAE;AACf,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7B,EAAE;AACF,EAAE,MAAM,YAAY,GAAG,oBAAoB,EAAE;AAC7C,EAAE,MAAM,aAAa,GAAG,qBAAqB,CAAC,YAAY,CAAC;AAC3D,EAAE,MAAM,KAAK,GAAG,aAAa,EAAE;AAC/B,EAAE,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC;AAChD,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,YAAY,EAAE,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC7E,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,EAAE,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AACnE,EAAE,QAAQ,CAAC,GAAG,EAAE,qBAAqB,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,KAAK,CAAC,CAAC;AAC7F;;;;"}
1
+ {"version":3,"file":"_server.ts-DKuI03oJ.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/auth/login/_server.ts.js"],"sourcesContent":["import { b as base } from \"../../../../chunks/server.js\";\nimport \"../../../../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../../../../chunks/root.js\";\nimport { g as getOAuthConfig, h as generateCodeVerifier, i as generateCodeChallenge, j as generateState, a as getCallbackUrl, c as cookieOptions, k as buildAuthorizationUrl } from \"../../../../chunks/oauth.js\";\nimport { redirect } from \"@sveltejs/kit\";\nconst GET = async ({ url, cookies }) => {\n const config = await getOAuthConfig();\n if (!config) {\n redirect(302, `${base}/`);\n }\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n const callbackUrl = getCallbackUrl(url.origin);\n cookies.set(\"mongoku_pkce_verifier\", codeVerifier, cookieOptions(url, 300));\n cookies.set(\"mongoku_pkce_state\", state, cookieOptions(url, 300));\n redirect(302, buildAuthorizationUrl(config, url.origin, callbackUrl, codeChallenge, state));\n};\nexport {\n GET\n};\n"],"names":[],"mappings":";;;;;;;;AAMK,MAAC,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK;AACxC,EAAE,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE;AACvC,EAAE,IAAI,CAAC,MAAM,EAAE;AACf,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7B,EAAE;AACF,EAAE,MAAM,YAAY,GAAG,oBAAoB,EAAE;AAC7C,EAAE,MAAM,aAAa,GAAG,qBAAqB,CAAC,YAAY,CAAC;AAC3D,EAAE,MAAM,KAAK,GAAG,aAAa,EAAE;AAC/B,EAAE,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC;AAChD,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,YAAY,EAAE,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC7E,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,EAAE,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AACnE,EAAE,QAAQ,CAAC,GAAG,EAAE,qBAAqB,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,KAAK,CAAC,CAAC;AAC7F;;;;"}
package/build/server/chunks/{hooks.server-Cq7ufuFU.js → hooks.server-FwLGFfI8.js} RENAMED
@@ -2,7 +2,7 @@ import { b as base } from './server-Crjo4w1q.js';
2
2
  import './url-hmE1zcJ6.js';
3
3
  import { p as private_env } from './shared-server-BmU87nph.js';
4
4
  import { c as contextStore, l as logger } from './logger-PfH_grbh.js';
5
- import { g as getOAuthConfig, v as verifySession } from './oauth-BfIECOev.js';
5
+ import { g as getOAuthConfig, v as verifySession } from './oauth-CpJ4lGij.js';
6
6
  import { MongoError } from 'mongodb';
7
7
  import './async-lVJA8xJZ.js';
8
8
  import 'async_hooks';
@@ -76,4 +76,4 @@ const handleError = ({ error }) => {
76
76
  };
77
77
 
78
78
  export { handle, handleError };
79
- //# sourceMappingURL=hooks.server-Cq7ufuFU.js.map
79
+ //# sourceMappingURL=hooks.server-FwLGFfI8.js.map
package/build/server/chunks/{hooks.server-Cq7ufuFU.js.map → hooks.server-FwLGFfI8.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"hooks.server-Cq7ufuFU.js","sources":["../../../.svelte-kit/adapter-node/entries/hooks.server.js"],"sourcesContent":["import { b as base } from \"../chunks/server.js\";\nimport \"../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../chunks/root.js\";\nimport { b as private_env } from \"../chunks/shared-server.js\";\nimport { c as contextStore, l as logger } from \"../chunks/logger.js\";\nimport { g as getOAuthConfig, v as verifySession } from \"../chunks/oauth.js\";\nimport { MongoError } from \"mongodb\";\nError.stackTraceLimit = 100;\nconst handle = async ({ event, resolve }) => {\n const oauthConfig = await getOAuthConfig();\n const authBasic = private_env.MONGOKU_AUTH_BASIC;\n event.locals.requestId = event.request.headers.get(\"X-Request-ID\") || crypto.randomUUID();\n event.setHeaders({\n \"X-Request-ID\": event.locals.requestId\n });\n return contextStore.run(event, async () => {\n const startTime = performance.now();\n if (oauthConfig) {\n const isAuthRoute = event.url.pathname.startsWith(`${base}/auth/`);\n const isCimdRoute = event.url.pathname === `${base}/.well-known/cimd.json`;\n if (!isAuthRoute && !isCimdRoute) {\n const sessionCookie = event.cookies.get(\"mongoku_session\");\n const session = sessionCookie ? verifySession(oauthConfig, sessionCookie) : null;\n if (!session) {\n const acceptsHtml = event.request.headers.get(\"accept\")?.includes(\"text/html\");\n logger.logRequest(acceptsHtml ? 302 : 401, performance.now() - startTime);\n if (acceptsHtml) {\n return new Response(null, {\n status: 302,\n headers: { Location: `${base}/auth/login` }\n });\n }\n return new Response(JSON.stringify({ message: \"Session expired\" }), {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" }\n });\n }\n event.locals.user = { sub: session.sub, name: session.name, email: session.email };\n }\n } else if (authBasic) {\n const [username, password] = authBasic.split(\":\");\n const basicAuth = event.request.headers.get(\"Authorization\");\n if (!basicAuth?.toLowerCase().startsWith(\"basic \") || basicAuth.slice(\"basic \".length) !== Buffer.from(`${username}:${password}`).toString(\"base64\")) {\n logger.logRequest(401, performance.now() - startTime);\n return new Response(\"Unauthorized\", {\n status: 401,\n headers: { \"WWW-Authenticate\": \"Basic\" }\n });\n }\n }\n const response = await resolve(event);\n logger.logRequest(response.status, performance.now() - startTime);\n return response;\n });\n};\nconst handleError = ({ error }) => {\n logger.error(error);\n if (error instanceof MongoError) {\n return {\n message: error.message,\n code: error.code\n };\n }\n if (error instanceof Error) {\n return {\n message: error.message\n };\n }\n return {\n message: \"An unexpected error occurred\"\n };\n};\nexport {\n handle,\n handleError\n};\n"],"names":[],"mappings":";;;;;;;;;;;AAQA,KAAK,CAAC,eAAe,GAAG,GAAG;AACtB,MAAC,MAAM,GAAG,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;AAC7C,EAAE,MAAM,WAAW,GAAG,MAAM,cAAc,EAAE;AAC5C,EAAE,MAAM,SAAS,GAAG,WAAW,CAAC,kBAAkB;AAClD,EAAE,KAAK,CAAC,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE;AAC3F,EAAE,KAAK,CAAC,UAAU,CAAC;AACnB,IAAI,cAAc,EAAE,KAAK,CAAC,MAAM,CAAC;AACjC,GAAG,CAAC;AACJ,EAAE,OAAO,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY;AAC7C,IAAI,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE;AACvC,IAAI,IAAI,WAAW,EAAE;AACrB,MAAM,MAAM,WAAW,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;AACxE,MAAM,MAAM,WAAW,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,KAAK,CAAC,EAAE,IAAI,CAAC,sBAAsB,CAAC;AAChF,MAAM,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE;AACxC,QAAQ,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;AAClE,QAAQ,MAAM,OAAO,GAAG,aAAa,GAAG,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,GAAG,IAAI;AACxF,QAAQ,IAAI,CAAC,OAAO,EAAE;AACtB,UAAU,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,WAAW,CAAC;AACxF,UAAU,MAAM,CAAC,UAAU,CAAC,WAAW,GAAG,GAAG,GAAG,GAAG,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;AACnF,UAAU,IAAI,WAAW,EAAE;AAC3B,YAAY,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;AACtC,cAAc,MAAM,EAAE,GAAG;AACzB,cAAc,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC;AACvD,aAAa,CAAC;AACd,UAAU;AACV,UAAU,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC,EAAE;AAC9E,YAAY,MAAM,EAAE,GAAG;AACvB,YAAY,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AACzD,WAAW,CAAC;AACZ,QAAQ;AACR,QAAQ,KAAK,CAAC,MAAM,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;AAC1F,MAAM;AACN,IAAI,CAAC,MAAM,IAAI,SAAS,EAAE;AAC1B,MAAM,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC;AACvD,MAAM,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;AAClE,MAAM,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;AAC5J,QAAQ,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;AAC7D,QAAQ,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE;AAC5C,UAAU,MAAM,EAAE,GAAG;AACrB,UAAU,OAAO,EAAE,EAAE,kBAAkB,EAAE,OAAO;AAChD,SAAS,CAAC;AACV,MAAM;AACN,IAAI;AACJ,IAAI,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;AACzC,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;AACrE,IAAI,OAAO,QAAQ;AACnB,EAAE,CAAC,CAAC;AACJ;AACK,MAAC,WAAW,GAAG,CAAC,EAAE,KAAK,EAAE,KAAK;AACnC,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;AACrB,EAAE,IAAI,KAAK,YAAY,UAAU,EAAE;AACnC,IAAI,OAAO;AACX,MAAM,OAAO,EAAE,KAAK,CAAC,OAAO;AAC5B,MAAM,IAAI,EAAE,KAAK,CAAC;AAClB,KAAK;AACL,EAAE;AACF,EAAE,IAAI,KAAK,YAAY,KAAK,EAAE;AAC9B,IAAI,OAAO;AACX,MAAM,OAAO,EAAE,KAAK,CAAC;AACrB,KAAK;AACL,EAAE;AACF,EAAE,OAAO;AACT,IAAI,OAAO,EAAE;AACb,GAAG;AACH;;;;"}
1
+ {"version":3,"file":"hooks.server-FwLGFfI8.js","sources":["../../../.svelte-kit/adapter-node/entries/hooks.server.js"],"sourcesContent":["import { b as base } from \"../chunks/server.js\";\nimport \"../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../chunks/root.js\";\nimport { b as private_env } from \"../chunks/shared-server.js\";\nimport { c as contextStore, l as logger } from \"../chunks/logger.js\";\nimport { g as getOAuthConfig, v as verifySession } from \"../chunks/oauth.js\";\nimport { MongoError } from \"mongodb\";\nError.stackTraceLimit = 100;\nconst handle = async ({ event, resolve }) => {\n const oauthConfig = await getOAuthConfig();\n const authBasic = private_env.MONGOKU_AUTH_BASIC;\n event.locals.requestId = event.request.headers.get(\"X-Request-ID\") || crypto.randomUUID();\n event.setHeaders({\n \"X-Request-ID\": event.locals.requestId\n });\n return contextStore.run(event, async () => {\n const startTime = performance.now();\n if (oauthConfig) {\n const isAuthRoute = event.url.pathname.startsWith(`${base}/auth/`);\n const isCimdRoute = event.url.pathname === `${base}/.well-known/cimd.json`;\n if (!isAuthRoute && !isCimdRoute) {\n const sessionCookie = event.cookies.get(\"mongoku_session\");\n const session = sessionCookie ? verifySession(oauthConfig, sessionCookie) : null;\n if (!session) {\n const acceptsHtml = event.request.headers.get(\"accept\")?.includes(\"text/html\");\n logger.logRequest(acceptsHtml ? 302 : 401, performance.now() - startTime);\n if (acceptsHtml) {\n return new Response(null, {\n status: 302,\n headers: { Location: `${base}/auth/login` }\n });\n }\n return new Response(JSON.stringify({ message: \"Session expired\" }), {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" }\n });\n }\n event.locals.user = { sub: session.sub, name: session.name, email: session.email };\n }\n } else if (authBasic) {\n const [username, password] = authBasic.split(\":\");\n const basicAuth = event.request.headers.get(\"Authorization\");\n if (!basicAuth?.toLowerCase().startsWith(\"basic \") || basicAuth.slice(\"basic \".length) !== Buffer.from(`${username}:${password}`).toString(\"base64\")) {\n logger.logRequest(401, performance.now() - startTime);\n return new Response(\"Unauthorized\", {\n status: 401,\n headers: { \"WWW-Authenticate\": \"Basic\" }\n });\n }\n }\n const response = await resolve(event);\n logger.logRequest(response.status, performance.now() - startTime);\n return response;\n });\n};\nconst handleError = ({ error }) => {\n logger.error(error);\n if (error instanceof MongoError) {\n return {\n message: error.message,\n code: error.code\n };\n }\n if (error instanceof Error) {\n return {\n message: error.message\n };\n }\n return {\n message: \"An unexpected error occurred\"\n };\n};\nexport {\n handle,\n handleError\n};\n"],"names":[],"mappings":";;;;;;;;;;;AAQA,KAAK,CAAC,eAAe,GAAG,GAAG;AACtB,MAAC,MAAM,GAAG,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;AAC7C,EAAE,MAAM,WAAW,GAAG,MAAM,cAAc,EAAE;AAC5C,EAAE,MAAM,SAAS,GAAG,WAAW,CAAC,kBAAkB;AAClD,EAAE,KAAK,CAAC,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE;AAC3F,EAAE,KAAK,CAAC,UAAU,CAAC;AACnB,IAAI,cAAc,EAAE,KAAK,CAAC,MAAM,CAAC;AACjC,GAAG,CAAC;AACJ,EAAE,OAAO,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY;AAC7C,IAAI,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE;AACvC,IAAI,IAAI,WAAW,EAAE;AACrB,MAAM,MAAM,WAAW,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;AACxE,MAAM,MAAM,WAAW,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,KAAK,CAAC,EAAE,IAAI,CAAC,sBAAsB,CAAC;AAChF,MAAM,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE;AACxC,QAAQ,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;AAClE,QAAQ,MAAM,OAAO,GAAG,aAAa,GAAG,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,GAAG,IAAI;AACxF,QAAQ,IAAI,CAAC,OAAO,EAAE;AACtB,UAAU,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,WAAW,CAAC;AACxF,UAAU,MAAM,CAAC,UAAU,CAAC,WAAW,GAAG,GAAG,GAAG,GAAG,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;AACnF,UAAU,IAAI,WAAW,EAAE;AAC3B,YAAY,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;AACtC,cAAc,MAAM,EAAE,GAAG;AACzB,cAAc,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC;AACvD,aAAa,CAAC;AACd,UAAU;AACV,UAAU,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC,EAAE;AAC9E,YAAY,MAAM,EAAE,GAAG;AACvB,YAAY,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AACzD,WAAW,CAAC;AACZ,QAAQ;AACR,QAAQ,KAAK,CAAC,MAAM,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;AAC1F,MAAM;AACN,IAAI,CAAC,MAAM,IAAI,SAAS,EAAE;AAC1B,MAAM,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC;AACvD,MAAM,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;AAClE,MAAM,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;AAC5J,QAAQ,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;AAC7D,QAAQ,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE;AAC5C,UAAU,MAAM,EAAE,GAAG;AACrB,UAAU,OAAO,EAAE,EAAE,kBAAkB,EAAE,OAAO;AAChD,SAAS,CAAC;AACV,MAAM;AACN,IAAI;AACJ,IAAI,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;AACzC,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;AACrE,IAAI,OAAO,QAAQ;AACnB,EAAE,CAAC,CAAC;AACJ;AACK,MAAC,WAAW,GAAG,CAAC,EAAE,KAAK,EAAE,KAAK;AACnC,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;AACrB,EAAE,IAAI,KAAK,YAAY,UAAU,EAAE;AACnC,IAAI,OAAO;AACX,MAAM,OAAO,EAAE,KAAK,CAAC,OAAO;AAC5B,MAAM,IAAI,EAAE,KAAK,CAAC;AAClB,KAAK;AACL,EAAE;AACF,EAAE,IAAI,KAAK,YAAY,KAAK,EAAE;AAC9B,IAAI,OAAO;AACX,MAAM,OAAO,EAAE,KAAK,CAAC;AACrB,KAAK;AACL,EAAE;AACF,EAAE,OAAO;AACT,IAAI,OAAO,EAAE;AACb,GAAG;AACH;;;;"}
package/build/server/chunks/{oauth-BfIECOev.js → oauth-CpJ4lGij.js} RENAMED
@@ -49,6 +49,18 @@ async function getOAuthConfig() {
49
49
  const allowedSubs = allowedSubsRaw ? new Set(
50
50
  allowedSubsRaw.split(",").map((s) => s.trim()).filter(Boolean)
51
51
  ) : void 0;
52
+ const requiredClaimRaw = private_env.MONGOKU_OAUTH_REQUIRED_CLAIM;
53
+ let requiredClaim;
54
+ if (requiredClaimRaw) {
55
+ const eqIndex = requiredClaimRaw.indexOf("=");
56
+ if (eqIndex <= 0) {
57
+ throw new Error('MONGOKU_OAUTH_REQUIRED_CLAIM must be in the format "field=value" (e.g. "authority=admin")');
58
+ }
59
+ requiredClaim = {
60
+ field: requiredClaimRaw.slice(0, eqIndex),
61
+ value: requiredClaimRaw.slice(eqIndex + 1)
62
+ };
63
+ }
52
64
  cachedConfig = {
53
65
  clientId,
54
66
  issuerUrl,
@@ -57,7 +69,8 @@ async function getOAuthConfig() {
57
69
  scopes: private_env.MONGOKU_OAUTH_SCOPES ?? "openid profile email",
58
70
  sessionSecret,
59
71
  sessionDuration: parseSessionDuration(private_env.MONGOKU_OAUTH_SESSION_DURATION),
60
- allowedSubs
72
+ allowedSubs,
73
+ requiredClaim
61
74
  };
62
75
  return cachedConfig;
63
76
  }
@@ -113,17 +126,27 @@ function extractUserFromIdToken(idToken) {
113
126
  try {
114
127
  const parts = idToken.split(".");
115
128
  if (parts.length !== 3) {
116
- return {};
129
+ return { user: {}, claims: {} };
117
130
  }
118
- const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
131
+ const claims = JSON.parse(Buffer.from(parts[1], "base64url").toString());
119
132
  return {
120
- sub: payload.sub,
121
- name: payload.name || payload.preferred_username,
122
- email: payload.email
133
+ user: {
134
+ sub: claims.sub,
135
+ name: claims.name || claims.preferred_username,
136
+ email: claims.email
137
+ },
138
+ claims
123
139
  };
124
140
  } catch {
125
- return {};
141
+ return { user: {}, claims: {} };
142
+ }
143
+ }
144
+ function checkRequiredClaim(claims, required) {
145
+ const actual = claims[required.field];
146
+ if (Array.isArray(actual)) {
147
+ return actual.includes(required.value);
126
148
  }
149
+ return String(actual) === required.value;
127
150
  }
128
151
  function createSessionCookie(config, user) {
129
152
  const sessionDuration = Number.isInteger(config.sessionDuration) && config.sessionDuration > 0 ? config.sessionDuration : DEFAULT_SESSION_DURATION;
@@ -174,5 +197,5 @@ function cookieOptions(url, maxAge) {
174
197
  };
175
198
  }
176
199
 
177
- export { OAUTH_CIMD_CLIENT_ID as O, getCallbackUrl as a, extractUserFromIdToken as b, cookieOptions as c, createSessionCookie as d, exchangeCode as e, generateCodeVerifier as f, getOAuthConfig as g, generateCodeChallenge as h, generateState as i, buildAuthorizationUrl as j, verifySession as v };
178
- //# sourceMappingURL=oauth-BfIECOev.js.map
200
+ export { OAUTH_CIMD_CLIENT_ID as O, getCallbackUrl as a, extractUserFromIdToken as b, cookieOptions as c, checkRequiredClaim as d, exchangeCode as e, createSessionCookie as f, getOAuthConfig as g, generateCodeVerifier as h, generateCodeChallenge as i, generateState as j, buildAuthorizationUrl as k, verifySession as v };
201
+ //# sourceMappingURL=oauth-CpJ4lGij.js.map
package/build/server/chunks/oauth-CpJ4lGij.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-CpJ4lGij.js","sources":["../../../.svelte-kit/adapter-node/chunks/oauth.js"],"sourcesContent":["import { b as base } from \"./server.js\";\nimport \"./url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"./root.js\";\nimport { b as private_env } from \"./shared-server.js\";\nimport { createHmac, randomBytes, createHash, timingSafeEqual } from \"node:crypto\";\nconst DEFAULT_SESSION_DURATION = 86400;\nconst OAUTH_CIMD_CLIENT_ID = \"__CIMD__\";\nlet cachedConfig;\nfunction parseSessionDuration(rawDuration) {\n if (!rawDuration) {\n return DEFAULT_SESSION_DURATION;\n }\n const parsed = Number(rawDuration);\n if (!Number.isInteger(parsed) || parsed <= 0) {\n return DEFAULT_SESSION_DURATION;\n }\n return parsed;\n}\nasync function fetchOpenIDConfiguration(issuerUrl) {\n const wellKnown = issuerUrl.replace(/\\/+$/, \"\") + \"/.well-known/openid-configuration\";\n const response = await fetch(wellKnown);\n if (!response.ok) {\n throw new Error(`Failed to fetch OpenID configuration from ${wellKnown} (${response.status})`);\n }\n const config = await response.json();\n if (!config.authorization_endpoint || !config.token_endpoint) {\n throw new Error(`OpenID configuration at ${wellKnown} is missing required endpoints`);\n }\n return config;\n}\nasync function getOAuthConfig() {\n if (cachedConfig !== void 0) {\n return cachedConfig;\n }\n const clientId = private_env.MONGOKU_OAUTH_CLIENT_ID;\n if (!clientId) {\n cachedConfig = null;\n return null;\n }\n const issuerUrl = private_env.MONGOKU_OAUTH_ISSUER_URL;\n const sessionSecret = private_env.MONGOKU_OAUTH_SESSION_SECRET;\n if (!issuerUrl || !sessionSecret) {\n throw new Error(\n \"OAuth is partially configured. When MONGOKU_OAUTH_CLIENT_ID is set, MONGOKU_OAUTH_ISSUER_URL and MONGOKU_OAUTH_SESSION_SECRET are also required.\"\n );\n }\n const oidc = await fetchOpenIDConfiguration(issuerUrl);\n const allowedSubsRaw = private_env.MONGOKU_OAUTH_ALLOWED_SUBS;\n const allowedSubs = allowedSubsRaw ? new Set(\n allowedSubsRaw.split(\",\").map((s) => s.trim()).filter(Boolean)\n ) : void 0;\n const requiredClaimRaw = private_env.MONGOKU_OAUTH_REQUIRED_CLAIM;\n let requiredClaim;\n if (requiredClaimRaw) {\n const eqIndex = requiredClaimRaw.indexOf(\"=\");\n if (eqIndex <= 0) {\n throw new Error('MONGOKU_OAUTH_REQUIRED_CLAIM must be in the format \"field=value\" (e.g. \"authority=admin\")');\n }\n requiredClaim = {\n field: requiredClaimRaw.slice(0, eqIndex),\n value: requiredClaimRaw.slice(eqIndex + 1)\n };\n }\n cachedConfig = {\n clientId,\n issuerUrl,\n authorizationUrl: oidc.authorization_endpoint,\n tokenUrl: oidc.token_endpoint,\n scopes: private_env.MONGOKU_OAUTH_SCOPES ?? \"openid profile email\",\n sessionSecret,\n sessionDuration: parseSessionDuration(private_env.MONGOKU_OAUTH_SESSION_DURATION),\n allowedSubs,\n requiredClaim\n };\n return cachedConfig;\n}\nfunction resolveOAuthClientId(config, origin) {\n if (config.clientId !== OAUTH_CIMD_CLIENT_ID) {\n return config.clientId;\n }\n return new URL(`${base}/.well-known/cimd.json`, origin).toString();\n}\nfunction base64url(buffer) {\n return buffer.toString(\"base64url\");\n}\nfunction generateCodeVerifier() {\n return base64url(randomBytes(64));\n}\nfunction generateCodeChallenge(verifier) {\n return base64url(createHash(\"sha256\").update(verifier).digest());\n}\nfunction generateState() {\n return base64url(randomBytes(32));\n}\nfunction buildAuthorizationUrl(config, origin, callbackUrl, codeChallenge, state) {\n const url = new URL(config.authorizationUrl);\n url.searchParams.set(\"client_id\", resolveOAuthClientId(config, origin));\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"redirect_uri\", callbackUrl);\n url.searchParams.set(\"scope\", config.scopes);\n url.searchParams.set(\"state\", state);\n url.searchParams.set(\"code_challenge\", codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n return url.toString();\n}\nasync function exchangeCode(config, origin, code, codeVerifier, callbackUrl) {\n const body = new URLSearchParams({\n grant_type: \"authorization_code\",\n code,\n redirect_uri: callbackUrl,\n client_id: resolveOAuthClientId(config, origin),\n code_verifier: codeVerifier\n });\n const response = await fetch(config.tokenUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: body.toString()\n });\n if (!response.ok) {\n const text = await response.text();\n throw new Error(`Token exchange failed (${response.status}): ${text}`);\n }\n return response.json();\n}\nfunction extractUserFromIdToken(idToken) {\n try {\n const parts = idToken.split(\".\");\n if (parts.length !== 3) {\n return { user: {}, claims: {} };\n }\n const claims = JSON.parse(Buffer.from(parts[1], \"base64url\").toString());\n return {\n user: {\n sub: claims.sub,\n name: claims.name || claims.preferred_username,\n email: claims.email\n },\n claims\n };\n } catch {\n return { user: {}, claims: {} };\n }\n}\nfunction checkRequiredClaim(claims, required) {\n const actual = claims[required.field];\n if (Array.isArray(actual)) {\n return actual.includes(required.value);\n }\n return String(actual) === required.value;\n}\nfunction createSessionCookie(config, user) {\n const sessionDuration = Number.isInteger(config.sessionDuration) && config.sessionDuration > 0 ? config.sessionDuration : DEFAULT_SESSION_DURATION;\n const payload = {\n ...user,\n exp: Math.floor(Date.now() / 1e3) + sessionDuration\n };\n const payloadStr = Buffer.from(JSON.stringify(payload)).toString(\"base64url\");\n const signature = createHmac(\"sha256\", config.sessionSecret).update(payloadStr).digest(\"base64url\");\n return `${payloadStr}.${signature}`;\n}\nfunction verifySession(config, cookie) {\n const dotIndex = cookie.lastIndexOf(\".\");\n if (dotIndex === -1) {\n return null;\n }\n const payloadStr = cookie.slice(0, dotIndex);\n const signature = cookie.slice(dotIndex + 1);\n const expectedSignature = createHmac(\"sha256\", config.sessionSecret).update(payloadStr).digest(\"base64url\");\n const a = Buffer.from(signature);\n const b = Buffer.from(expectedSignature);\n if (a.length !== b.length || !timingSafeEqual(a, b)) {\n return null;\n }\n try {\n const payload = JSON.parse(Buffer.from(payloadStr, \"base64url\").toString());\n if (!Number.isFinite(payload.exp)) {\n return null;\n }\n if (payload.exp < Math.floor(Date.now() / 1e3)) {\n return null;\n }\n return payload;\n } catch {\n return null;\n }\n}\nfunction getCallbackUrl(origin) {\n return `${origin}${base}/auth/callback`;\n}\nfunction cookieOptions(url, maxAge) {\n return {\n httpOnly: true,\n secure: url.protocol === \"https:\",\n sameSite: \"lax\",\n path: base || \"/\",\n ...maxAge !== void 0 && { maxAge }\n };\n}\nexport {\n OAUTH_CIMD_CLIENT_ID as O,\n getCallbackUrl as a,\n extractUserFromIdToken as b,\n cookieOptions as c,\n checkRequiredClaim as d,\n exchangeCode as e,\n createSessionCookie as f,\n getOAuthConfig as g,\n generateCodeVerifier as h,\n generateCodeChallenge as i,\n generateState as j,\n buildAuthorizationUrl as k,\n verifySession as v\n};\n"],"names":[],"mappings":";;;;;AAMA,MAAM,wBAAwB,GAAG,KAAK;AACjC,MAAC,oBAAoB,GAAG;AAC7B,IAAI,YAAY;AAChB,SAAS,oBAAoB,CAAC,WAAW,EAAE;AAC3C,EAAE,IAAI,CAAC,WAAW,EAAE;AACpB,IAAI,OAAO,wBAAwB;AACnC,EAAE;AACF,EAAE,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC;AACpC,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE;AAChD,IAAI,OAAO,wBAAwB;AACnC,EAAE;AACF,EAAE,OAAO,MAAM;AACf;AACA,eAAe,wBAAwB,CAAC,SAAS,EAAE;AACnD,EAAE,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,mCAAmC;AACvF,EAAE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC;AACzC,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AACpB,IAAI,MAAM,IAAI,KAAK,CAAC,CAAC,0CAA0C,EAAE,SAAS,CAAC,EAAE,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAClG,EAAE;AACF,EAAE,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE;AACtC,EAAE,IAAI,CAAC,MAAM,CAAC,sBAAsB,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE;AAChE,IAAI,MAAM,IAAI,KAAK,CAAC,CAAC,wBAAwB,EAAE,SAAS,CAAC,8BAA8B,CAAC,CAAC;AACzF,EAAE;AACF,EAAE,OAAO,MAAM;AACf;AACA,eAAe,cAAc,GAAG;AAChC,EAAE,IAAI,YAAY,KAAK,MAAM,EAAE;AAC/B,IAAI,OAAO,YAAY;AACvB,EAAE;AACF,EAAE,MAAM,QAAQ,GAAG,WAAW,CAAC,uBAAuB;AACtD,EAAE,IAAI,CAAC,QAAQ,EAAE;AACjB,IAAI,YAAY,GAAG,IAAI;AACvB,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,MAAM,SAAS,GAAG,WAAW,CAAC,wBAAwB;AACxD,EAAE,MAAM,aAAa,GAAG,WAAW,CAAC,4BAA4B;AAChE,EAAE,IAAI,CAAC,SAAS,IAAI,CAAC,aAAa,EAAE;AACpC,IAAI,MAAM,IAAI,KAAK;AACnB,MAAM;AACN,KAAK;AACL,EAAE;AACF,EAAE,MAAM,IAAI,GAAG,MAAM,wBAAwB,CAAC,SAAS,CAAC;AACxD,EAAE,MAAM,cAAc,GAAG,WAAW,CAAC,0BAA0B;AAC/D,EAAE,MAAM,WAAW,GAAG,cAAc,GAAG,IAAI,GAAG;AAC9C,IAAI,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO;AACjE,GAAG,GAAG,MAAM;AACZ,EAAE,MAAM,gBAAgB,GAAG,WAAW,CAAC,4BAA4B;AACnE,EAAE,IAAI,aAAa;AACnB,EAAE,IAAI,gBAAgB,EAAE;AACxB,IAAI,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC;AACjD,IAAI,IAAI,OAAO,IAAI,CAAC,EAAE;AACtB,MAAM,MAAM,IAAI,KAAK,CAAC,2FAA2F,CAAC;AAClH,IAAI;AACJ,IAAI,aAAa,GAAG;AACpB,MAAM,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC;AAC/C,MAAM,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC;AAC/C,KAAK;AACL,EAAE;AACF,EAAE,YAAY,GAAG;AACjB,IAAI,QAAQ;AACZ,IAAI,SAAS;AACb,IAAI,gBAAgB,EAAE,IAAI,CAAC,sBAAsB;AACjD,IAAI,QAAQ,EAAE,IAAI,CAAC,cAAc;AACjC,IAAI,MAAM,EAAE,WAAW,CAAC,oBAAoB,IAAI,sBAAsB;AACtE,IAAI,aAAa;AACjB,IAAI,eAAe,EAAE,oBAAoB,CAAC,WAAW,CAAC,8BAA8B,CAAC;AACrF,IAAI,WAAW;AACf,IAAI;AACJ,GAAG;AACH,EAAE,OAAO,YAAY;AACrB;AACA,SAAS,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE;AAC9C,EAAE,IAAI,MAAM,CAAC,QAAQ,KAAK,oBAAoB,EAAE;AAChD,IAAI,OAAO,MAAM,CAAC,QAAQ;AAC1B,EAAE;AACF,EAAE,OAAO,IAAI,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,sBAAsB,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,EAAE;AACpE;AACA,SAAS,SAAS,CAAC,MAAM,EAAE;AAC3B,EAAE,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;AACrC;AACA,SAAS,oBAAoB,GAAG;AAChC,EAAE,OAAO,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AACnC;AACA,SAAS,qBAAqB,CAAC,QAAQ,EAAE;AACzC,EAAE,OAAO,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC;AAClE;AACA,SAAS,aAAa,GAAG;AACzB,EAAE,OAAO,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AACnC;AACA,SAAS,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE;AAClF,EAAE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC;AAC9C,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACzE,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC;AAC/C,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC;AACnD,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC;AAC9C,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC;AACtC,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC;AACvD,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC;AACvD,EAAE,OAAO,GAAG,CAAC,QAAQ,EAAE;AACvB;AACA,eAAe,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE;AAC7E,EAAE,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;AACnC,IAAI,UAAU,EAAE,oBAAoB;AACpC,IAAI,IAAI;AACR,IAAI,YAAY,EAAE,WAAW;AAC7B,IAAI,SAAS,EAAE,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC;AACnD,IAAI,aAAa,EAAE;AACnB,GAAG,CAAC;AACJ,EAAE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE;AAChD,IAAI,MAAM,EAAE,MAAM;AAClB,IAAI,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;AACpE,IAAI,IAAI,EAAE,IAAI,CAAC,QAAQ;AACvB,GAAG,CAAC;AACJ,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AACpB,IAAI,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE;AACtC,IAAI,MAAM,IAAI,KAAK,CAAC,CAAC,uBAAuB,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;AAC1E,EAAE;AACF,EAAE,OAAO,QAAQ,CAAC,IAAI,EAAE;AACxB;AACA,SAAS,sBAAsB,CAAC,OAAO,EAAE;AACzC,EAAE,IAAI;AACN,IAAI,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;AACpC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;AAC5B,MAAM,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;AACrC,IAAI;AACJ,IAAI,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC5E,IAAI,OAAO;AACX,MAAM,IAAI,EAAE;AACZ,QAAQ,GAAG,EAAE,MAAM,CAAC,GAAG;AACvB,QAAQ,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,kBAAkB;AACtD,QAAQ,KAAK,EAAE,MAAM,CAAC;AACtB,OAAO;AACP,MAAM;AACN,KAAK;AACL,EAAE,CAAC,CAAC,MAAM;AACV,IAAI,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;AACnC,EAAE;AACF;AACA,SAAS,kBAAkB,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC9C,EAAE,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;AACvC,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;AAC7B,IAAI,OAAO,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;AAC1C,EAAE;AACF,EAAE,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,QAAQ,CAAC,KAAK;AAC1C;AACA,SAAS,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE;AAC3C,EAAE,MAAM,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,MAAM,CAAC,eAAe,GAAG,CAAC,GAAG,MAAM,CAAC,eAAe,GAAG,wBAAwB;AACpJ,EAAE,MAAM,OAAO,GAAG;AAClB,IAAI,GAAG,IAAI;AACX,IAAI,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,GAAG;AACxC,GAAG;AACH,EAAE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;AAC/E,EAAE,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;AACrG,EAAE,OAAO,CAAC,EAAE,UAAU,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;AACrC;AACA,SAAS,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE;AACvC,EAAE,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC;AAC1C,EAAE,IAAI,QAAQ,KAAK,EAAE,EAAE;AACvB,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC;AAC9C,EAAE,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;AAC9C,EAAE,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;AAC7G,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;AAClC,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC;AAC1C,EAAE,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;AACvD,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,IAAI;AACN,IAAI,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC/E,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;AACvC,MAAM,OAAO,IAAI;AACjB,IAAI;AACJ,IAAI,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,EAAE;AACpD,MAAM,OAAO,IAAI;AACjB,IAAI;AACJ,IAAI,OAAO,OAAO;AAClB,EAAE,CAAC,CAAC,MAAM;AACV,IAAI,OAAO,IAAI;AACf,EAAE;AACF;AACA,SAAS,cAAc,CAAC,MAAM,EAAE;AAChC,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC;AACzC;AACA,SAAS,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE;AACpC,EAAE,OAAO;AACT,IAAI,QAAQ,EAAE,IAAI;AAClB,IAAI,MAAM,EAAE,GAAG,CAAC,QAAQ,KAAK,QAAQ;AACrC,IAAI,QAAQ,EAAE,KAAK;AACnB,IAAI,IAAI,EAAE,IAAI,IAAI,GAAG;AACrB,IAAI,GAAG,MAAM,KAAK,MAAM,IAAI,EAAE,MAAM;AACpC,GAAG;AACH;;;;"}
package/build/server/index.js CHANGED
@@ -118,7 +118,7 @@ const options = {
118
118
  <div class="error">
119
119
  <span class="status">` + status + '</span>\n <div class="message">\n <h1>' + message + "</h1>\n </div>\n </div>\n </body>\n</html>\n"
120
120
  },
121
- version_hash: "1kmr27x"
121
+ version_hash: "wgbkjj"
122
122
  };
123
123
  async function get_hooks() {
124
124
  let handle;
@@ -126,7 +126,7 @@ async function get_hooks() {
126
126
  let handleError;
127
127
  let handleValidationError;
128
128
  let init;
129
- ({ handle, handleFetch, handleError, handleValidationError, init } = await import('./chunks/hooks.server-Cq7ufuFU.js'));
129
+ ({ handle, handleFetch, handleError, handleValidationError, init } = await import('./chunks/hooks.server-FwLGFfI8.js'));
130
130
  let reroute;
131
131
  let transport;
132
132
  return {