payload-zitadel-plugin 0.2.10 → 0.2.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/dist/handlers/authorize.d.ts.map +1 -1
- package/dist/handlers/authorize.js +5 -7
- package/dist/handlers/authorize.js.map +1 -1
- package/dist/handlers/callback.d.ts +2 -1
- package/dist/handlers/callback.d.ts.map +1 -1
- package/dist/handlers/callback.js +36 -47
- package/dist/handlers/callback.js.map +1 -1
- package/dist/handlers/index.d.ts +0 -1
- package/dist/handlers/index.d.ts.map +1 -1
- package/dist/handlers/index.js +0 -1
- package/dist/handlers/index.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -7
- package/dist/index.js.map +1 -1
- package/dist/types.d.ts +3 -2
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +8 -8
- package/dist/handlers/redirect.d.ts +0 -4
- package/dist/handlers/redirect.d.ts.map +0 -1
- package/dist/handlers/redirect.js +0 -10
- package/dist/handlers/redirect.js.map +0 -1
package/README.md
CHANGED
|
@@ -12,7 +12,7 @@ Thus the user collection in PayloadCMS becomes just a shadow of the information
|
|
|
12
12
|
## Install
|
|
13
13
|
|
|
14
14
|
```shell
|
|
15
|
-
pnpm add payload-zitadel-plugin@0.2.
|
|
15
|
+
pnpm add payload-zitadel-plugin@0.2.12
|
|
16
16
|
```
|
|
17
17
|
|
|
18
18
|
## Configuration
|
|
@@ -84,7 +84,7 @@ ZITADEL_API_KEY='-----BEGIN RSA PRIVATE KEY----- ... ----END RSA PRIVATE KEY----
|
|
|
84
84
|
|
|
85
85
|
or use the Next.js Config file:
|
|
86
86
|
|
|
87
|
-
#### next.config.
|
|
87
|
+
#### next.config.ts
|
|
88
88
|
|
|
89
89
|
```typescript
|
|
90
90
|
import {withPayload} from '@payloadcms/next/withPayload'
|
|
@@ -113,7 +113,7 @@ you have to manually add the asset URL to the Next.js config file.
|
|
|
113
113
|
Also if you want to automatically redirect to Zitadel without asking the user to click on the login button,
|
|
114
114
|
you have to add the redirect manually to the Next.js config file.
|
|
115
115
|
|
|
116
|
-
#### next.config.
|
|
116
|
+
#### next.config.ts
|
|
117
117
|
|
|
118
118
|
```typescript
|
|
119
119
|
import {withPayload} from '@payloadcms/next/withPayload'
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorize.d.ts","sourceRoot":"","sources":["../../src/handlers/authorize.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authorize.d.ts","sourceRoot":"","sources":["../../src/handlers/authorize.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAMtC,eAAO,MAAM,SAAS,EAAE,cA4BvB,CAAA"}
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
'use server';
|
|
2
|
-
import { cookies } from 'next/headers.js';
|
|
3
2
|
import process from 'node:process';
|
|
4
3
|
import { NextResponse } from 'next/server.js';
|
|
5
4
|
import { COOKIES } from '../constants.js';
|
|
6
|
-
|
|
5
|
+
import { cookies } from 'next/headers.js';
|
|
6
|
+
export const authorize = async ({ searchParams, payload: { config } })=>{
|
|
7
|
+
const { admin: { custom: { zitadel: { issuerURL, clientId, callbackURL } } } } = config;
|
|
7
8
|
const code_verifier = Buffer.from(crypto.getRandomValues(new Uint8Array(24))).toString('base64url');
|
|
9
|
+
const code_challenge = Buffer.from(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(code_verifier))).toString('base64url');
|
|
8
10
|
cookies().set({
|
|
9
11
|
name: COOKIES.pkce,
|
|
10
12
|
value: code_verifier,
|
|
@@ -14,17 +16,13 @@ const genCodeChallenge = async ()=>{
|
|
|
14
16
|
maxAge: 300,
|
|
15
17
|
secure: process.env.NODE_ENV == 'production'
|
|
16
18
|
});
|
|
17
|
-
return Buffer.from(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(code_verifier))).toString('base64url');
|
|
18
|
-
};
|
|
19
|
-
export const authorize = async ({ searchParams, payload: { config } })=>{
|
|
20
|
-
const { admin: { custom: { zitadel: { issuerURL, clientId, callbackURL } } } } = config;
|
|
21
19
|
return NextResponse.redirect(`${issuerURL}/oauth/v2/authorize?${new URLSearchParams({
|
|
22
20
|
client_id: clientId,
|
|
23
21
|
redirect_uri: callbackURL,
|
|
24
22
|
response_type: 'code',
|
|
25
23
|
scope: 'openid email profile',
|
|
26
24
|
state: btoa(searchParams.toString()),
|
|
27
|
-
code_challenge
|
|
25
|
+
code_challenge,
|
|
28
26
|
code_challenge_method: 'S256'
|
|
29
27
|
})}`);
|
|
30
28
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/handlers/authorize.ts"],"sourcesContent":["'use server'\n\nimport
|
|
1
|
+
{"version":3,"sources":["../../src/handlers/authorize.ts"],"sourcesContent":["'use server'\n\nimport process from 'node:process'\nimport {PayloadHandler} from 'payload'\nimport {NextResponse} from 'next/server.js'\nimport {PayloadConfigWithZitadel} from '../types.js'\nimport {COOKIES} from '../constants.js'\nimport {cookies} from 'next/headers.js'\n\nexport const authorize: PayloadHandler = async ({searchParams, payload: {config}}) => {\n\n const {admin: {custom: {zitadel: {issuerURL, clientId, callbackURL}}}} = config as PayloadConfigWithZitadel\n\n const code_verifier = Buffer.from(crypto.getRandomValues(new Uint8Array(24))).toString('base64url')\n\n const code_challenge = Buffer.from(await crypto.subtle.digest('SHA-256', new TextEncoder().encode(code_verifier))).toString('base64url')\n\n cookies().set({\n name: COOKIES.pkce,\n value: code_verifier,\n httpOnly: true,\n sameSite: 'lax',\n path: '/',\n maxAge: 300,\n secure: process.env.NODE_ENV == 'production'\n })\n\n return NextResponse.redirect(`${issuerURL}/oauth/v2/authorize?${new URLSearchParams({\n client_id: clientId,\n redirect_uri: callbackURL,\n response_type: 'code',\n scope: 'openid email profile',\n state: btoa(searchParams.toString()),\n code_challenge,\n code_challenge_method: 'S256'\n })}`)\n\n}\n"],"names":["process","NextResponse","COOKIES","cookies","authorize","searchParams","payload","config","admin","custom","zitadel","issuerURL","clientId","callbackURL","code_verifier","Buffer","from","crypto","getRandomValues","Uint8Array","toString","code_challenge","subtle","digest","TextEncoder","encode","set","name","pkce","value","httpOnly","sameSite","path","maxAge","secure","env","NODE_ENV","redirect","URLSearchParams","client_id","redirect_uri","response_type","scope","state","btoa","code_challenge_method"],"mappings":"AAAA;AAEA,OAAOA,aAAa,eAAc;AAElC,SAAQC,YAAY,QAAO,iBAAgB;AAE3C,SAAQC,OAAO,QAAO,kBAAiB;AACvC,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,OAAO,MAAMC,YAA4B,OAAO,EAACC,YAAY,EAAEC,SAAS,EAACC,MAAM,EAAC,EAAC;IAE7E,MAAM,EAACC,OAAO,EAACC,QAAQ,EAACC,SAAS,EAACC,SAAS,EAAEC,QAAQ,EAAEC,WAAW,EAAC,EAAC,EAAC,EAAC,GAAGN;IAEzE,MAAMO,gBAAgBC,OAAOC,IAAI,CAACC,OAAOC,eAAe,CAAC,IAAIC,WAAW,MAAMC,QAAQ,CAAC;IAEvF,MAAMC,iBAAiBN,OAAOC,IAAI,CAAC,MAAMC,OAAOK,MAAM,CAACC,MAAM,CAAC,WAAW,IAAIC,cAAcC,MAAM,CAACX,iBAAiBM,QAAQ,CAAC;IAE5HjB,UAAUuB,GAAG,CAAC;QACVC,MAAMzB,QAAQ0B,IAAI;QAClBC,OAAOf;QACPgB,UAAU;QACVC,UAAU;QACVC,MAAM;QACNC,QAAQ;QACRC,QAAQlC,QAAQmC,GAAG,CAACC,QAAQ,IAAI;IACpC;IAEA,OAAOnC,aAAaoC,QAAQ,CAAC,CAAC,EAAE1B,UAAU,oBAAoB,EAAE,IAAI2B,gBAAgB;QAChFC,WAAW3B;QACX4B,cAAc3B;QACd4B,eAAe;QACfC,OAAO;QACPC,OAAOC,KAAKvC,aAAae,QAAQ;QACjCC;QACAwB,uBAAuB;IAC3B,GAAG,CAAC;AAER,EAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAItC,OAAO,EAA2C,gBAAgB,EAAC,MAAM,aAAa,CAAA;AAGtF,eAAO,MAAM,QAAQ,cAAe,gBAAgB,KAAG,cAiEtD,CAAA"}
|
|
@@ -1,62 +1,51 @@
|
|
|
1
1
|
import { cookies } from 'next/headers.js';
|
|
2
2
|
import process from 'node:process';
|
|
3
3
|
import jwt from 'jsonwebtoken';
|
|
4
|
-
import { NextResponse } from 'next/server.js';
|
|
5
4
|
import { COOKIES } from '../constants.js';
|
|
6
|
-
export const callback = async ({ payload: { config, secret },
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
path: '/',
|
|
40
|
-
sameSite: 'lax',
|
|
41
|
-
maxAge: 300,
|
|
42
|
-
secure: process.env.NODE_ENV == 'production'
|
|
5
|
+
export const callback = (onSuccess)=>async ({ payload: { config, secret }, query: { code, state } })=>{
|
|
6
|
+
const { admin: { custom: { zitadel: { issuerURL, clientId, callbackURL } } } } = config;
|
|
7
|
+
const cookieStore = cookies();
|
|
8
|
+
const code_verifier = cookieStore.get(COOKIES.pkce)?.value;
|
|
9
|
+
if (code_verifier) {
|
|
10
|
+
const response = await fetch(new URL(`${issuerURL}/oauth/v2/token`), {
|
|
11
|
+
method: 'POST',
|
|
12
|
+
body: new URLSearchParams({
|
|
13
|
+
grant_type: 'authorization_code',
|
|
14
|
+
code: code,
|
|
15
|
+
redirect_uri: callbackURL,
|
|
16
|
+
client_id: clientId,
|
|
17
|
+
code_verifier
|
|
18
|
+
})
|
|
19
|
+
});
|
|
20
|
+
if (response.ok) {
|
|
21
|
+
const { id_token } = await response.json();
|
|
22
|
+
if (id_token) {
|
|
23
|
+
cookieStore.delete(COOKIES.pkce);
|
|
24
|
+
cookieStore.set({
|
|
25
|
+
name: COOKIES.idToken,
|
|
26
|
+
value: jwt.sign(jwt.decode(id_token), secret),
|
|
27
|
+
httpOnly: true,
|
|
28
|
+
path: '/',
|
|
29
|
+
sameSite: 'lax',
|
|
30
|
+
maxAge: 900,
|
|
31
|
+
secure: process.env.NODE_ENV == 'production'
|
|
32
|
+
});
|
|
33
|
+
return onSuccess(new URLSearchParams(atob(state ?? '')));
|
|
34
|
+
}
|
|
35
|
+
return Response.json({
|
|
36
|
+
status: 'error',
|
|
37
|
+
message: 'token could not be retrieved from the response'
|
|
43
38
|
});
|
|
44
|
-
return response;
|
|
45
39
|
}
|
|
46
40
|
return Response.json({
|
|
47
41
|
status: 'error',
|
|
48
|
-
message: '
|
|
42
|
+
message: 'error while communicating with token endpoint'
|
|
49
43
|
});
|
|
50
44
|
}
|
|
51
45
|
return Response.json({
|
|
52
46
|
status: 'error',
|
|
53
|
-
message: '
|
|
47
|
+
message: 'code verifier not found (associated http-only cookie is empty)'
|
|
54
48
|
});
|
|
55
|
-
}
|
|
56
|
-
return Response.json({
|
|
57
|
-
status: 'error',
|
|
58
|
-
message: 'code verifier not found (associated http-only cookie is empty)'
|
|
59
|
-
});
|
|
60
|
-
};
|
|
49
|
+
};
|
|
61
50
|
|
|
62
51
|
//# sourceMappingURL=callback.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {cookies} from 'next/headers.js'\nimport process from 'node:process'\nimport jwt from 'jsonwebtoken'\nimport {PayloadConfigWithZitadel, ZitadelIdToken} from '../types.js'\nimport {
|
|
1
|
+
{"version":3,"sources":["../../src/handlers/callback.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {cookies} from 'next/headers.js'\nimport process from 'node:process'\nimport jwt from 'jsonwebtoken'\nimport {PayloadConfigWithZitadel, ZitadelIdToken, ZitadelOnSuccess} from '../types.js'\nimport {COOKIES} from '../constants.js'\n\nexport const callback = (onSuccess: ZitadelOnSuccess): PayloadHandler => async ({\n payload: {config, secret},\n query: {code, state}\n }) => {\n\n const {admin: {custom: {zitadel: {issuerURL, clientId, callbackURL}}}} = config as PayloadConfigWithZitadel\n\n const cookieStore = cookies()\n\n const code_verifier = cookieStore.get(COOKIES.pkce)?.value\n\n if (code_verifier) {\n\n const response = await fetch(new URL(`${issuerURL}/oauth/v2/token`), {\n method: 'POST',\n body: new URLSearchParams({\n grant_type: 'authorization_code',\n code: code as string,\n redirect_uri: callbackURL,\n client_id: clientId,\n code_verifier\n })\n })\n\n if (response.ok) {\n\n const {id_token} = await response.json()\n\n if (id_token) {\n\n cookieStore.delete(COOKIES.pkce)\n\n cookieStore.set({\n name: COOKIES.idToken,\n value: jwt.sign(jwt.decode(id_token) as ZitadelIdToken, secret),\n httpOnly: true,\n path: '/',\n sameSite: 'lax',\n maxAge: 900,\n secure: process.env.NODE_ENV == 'production'\n })\n\n return onSuccess(new URLSearchParams(atob(state as string ?? '')))\n\n }\n\n return Response.json({\n status: 'error',\n message: 'token could not be retrieved from the response'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'error while communicating with token endpoint'\n })\n\n }\n\n return Response.json({\n status: 'error',\n message: 'code verifier not found (associated http-only cookie is empty)'\n })\n\n}"],"names":["cookies","process","jwt","COOKIES","callback","onSuccess","payload","config","secret","query","code","state","admin","custom","zitadel","issuerURL","clientId","callbackURL","cookieStore","code_verifier","get","pkce","value","response","fetch","URL","method","body","URLSearchParams","grant_type","redirect_uri","client_id","ok","id_token","json","delete","set","name","idToken","sign","decode","httpOnly","path","sameSite","maxAge","secure","env","NODE_ENV","atob","Response","status","message"],"mappings":"AACA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,OAAOC,aAAa,eAAc;AAClC,OAAOC,SAAS,eAAc;AAE9B,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,OAAO,MAAMC,WAAW,CAACC,YAAgD,OAAO,EACIC,SAAS,EAACC,MAAM,EAAEC,MAAM,EAAC,EACzBC,OAAO,EAACC,IAAI,EAAEC,KAAK,EAAC,EACvB;QAE7E,MAAM,EAACC,OAAO,EAACC,QAAQ,EAACC,SAAS,EAACC,SAAS,EAAEC,QAAQ,EAAEC,WAAW,EAAC,EAAC,EAAC,EAAC,GAAGV;QAEzE,MAAMW,cAAclB;QAEpB,MAAMmB,gBAAgBD,YAAYE,GAAG,CAACjB,QAAQkB,IAAI,GAAGC;QAErD,IAAIH,eAAe;YAEf,MAAMI,WAAW,MAAMC,MAAM,IAAIC,IAAI,CAAC,EAAEV,UAAU,eAAe,CAAC,GAAG;gBACjEW,QAAQ;gBACRC,MAAM,IAAIC,gBAAgB;oBACtBC,YAAY;oBACZnB,MAAMA;oBACNoB,cAAcb;oBACdc,WAAWf;oBACXG;gBACJ;YACJ;YAEA,IAAII,SAASS,EAAE,EAAE;gBAEb,MAAM,EAACC,QAAQ,EAAC,GAAG,MAAMV,SAASW,IAAI;gBAEtC,IAAID,UAAU;oBAEVf,YAAYiB,MAAM,CAAChC,QAAQkB,IAAI;oBAE/BH,YAAYkB,GAAG,CAAC;wBACZC,MAAMlC,QAAQmC,OAAO;wBACrBhB,OAAOpB,IAAIqC,IAAI,CAACrC,IAAIsC,MAAM,CAACP,WAA6BzB;wBACxDiC,UAAU;wBACVC,MAAM;wBACNC,UAAU;wBACVC,QAAQ;wBACRC,QAAQ5C,QAAQ6C,GAAG,CAACC,QAAQ,IAAI;oBACpC;oBAEA,OAAO1C,UAAU,IAAIuB,gBAAgBoB,KAAKrC,SAAmB;gBAEjE;gBAEA,OAAOsC,SAASf,IAAI,CAAC;oBACjBgB,QAAQ;oBACRC,SAAS;gBACb;YAEJ;YAEA,OAAOF,SAASf,IAAI,CAAC;gBACjBgB,QAAQ;gBACRC,SAAS;YACb;QAEJ;QAEA,OAAOF,SAASf,IAAI,CAAC;YACjBgB,QAAQ;YACRC,SAAS;QACb;IAEJ,EAAC"}
|
package/dist/handlers/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/handlers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAC,MAAM,gBAAgB,CAAA;AACxC,OAAO,EAAC,QAAQ,EAAC,MAAM,eAAe,CAAA
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/handlers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAC,MAAM,gBAAgB,CAAA;AACxC,OAAO,EAAC,QAAQ,EAAC,MAAM,eAAe,CAAA"}
|
package/dist/handlers/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/handlers/index.ts"],"sourcesContent":["export {authorize} from './authorize.js'\nexport {callback} from './callback.js'
|
|
1
|
+
{"version":3,"sources":["../../src/handlers/index.ts"],"sourcesContent":["export {authorize} from './authorize.js'\nexport {callback} from './callback.js'"],"names":["authorize","callback"],"mappings":"AAAA,SAAQA,SAAS,QAAO,iBAAgB;AACxC,SAAQC,QAAQ,QAAO,gBAAe"}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAA6C,iBAAiB,EAAC,MAAM,YAAY,CAAA;AAIxF,OAAO,EAAC,cAAc,EAAC,MAAM,kBAAkB,CAAA;AAE/C,eAAO,MAAM,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAA6C,iBAAiB,EAAC,MAAM,YAAY,CAAA;AAIxF,OAAO,EAAC,cAAc,EAAC,MAAM,kBAAkB,CAAA;AAE/C,eAAO,MAAM,aAAa,EAAE,iBAqM3B,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { cookies } from 'next/headers.js';
|
|
2
2
|
import { Avatar, LoginButton } from './components/index.js';
|
|
3
3
|
import { COOKIES, DEFAULT_CONFIG, DELETE_ME_USER, ERROR_MESSAGES, ROUTES } from './constants.js';
|
|
4
|
-
import { authorize, callback
|
|
4
|
+
import { authorize, callback } from './handlers/index.js';
|
|
5
5
|
import { zitadelStrategy } from './strategy.js';
|
|
6
6
|
import { translations } from './translations.js';
|
|
7
7
|
import { NextResponse } from 'next/server.js';
|
|
@@ -105,12 +105,7 @@ export const ZitadelPlugin = ({ associatedIdFieldName = DEFAULT_CONFIG.associate
|
|
|
105
105
|
{
|
|
106
106
|
path: ROUTES.callback,
|
|
107
107
|
method: 'get',
|
|
108
|
-
handler: callback
|
|
109
|
-
},
|
|
110
|
-
{
|
|
111
|
-
path: ROUTES.redirect,
|
|
112
|
-
method: 'get',
|
|
113
|
-
handler: redirect(onSuccess ?? defaultOnSuccess)
|
|
108
|
+
handler: callback(onSuccess ?? defaultOnSuccess)
|
|
114
109
|
}
|
|
115
110
|
],
|
|
116
111
|
fields: [
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {Avatar, LoginButton} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, DELETE_ME_USER, ERROR_MESSAGES, ROUTES} from './constants.js'\nimport {authorize, callback, redirect} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {PayloadConfigWithZitadel, ZitadelOnSuccess, ZitadelPluginType} from './types.js'\nimport {translations} from './translations.js'\nimport {NextResponse} from 'next/server.js'\n\nexport {getCurrentUser} from './utils/index.js'\n\nexport const ZitadelPlugin: ZitadelPluginType = ({\n associatedIdFieldName = DEFAULT_CONFIG.associatedIdFieldName,\n disableAvatar,\n disableDefaultLoginButton,\n strategyName = DEFAULT_CONFIG.strategyName,\n label = DEFAULT_CONFIG.label,\n issuerURL,\n clientId,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey,\n onSuccess\n }) => {\n\n if (!issuerURL)\n throw new Error(ERROR_MESSAGES.issuerURL)\n if (!clientId)\n throw new Error(ERROR_MESSAGES.clientId)\n if (enableAPI) {\n if (!apiClientId)\n throw new Error(ERROR_MESSAGES.apiClientId)\n if (!apiKeyId)\n throw new Error(ERROR_MESSAGES.apiKey)\n if (!apiKey)\n throw new Error(ERROR_MESSAGES.apiKey)\n }\n\n return (incomingConfig) => {\n\n const serverURL = incomingConfig.serverURL ?? 'http://localhost'\n\n const authSlug = incomingConfig.admin?.user ?? 'users'\n\n const authBaseURL = `${serverURL}/api/${authSlug}`\n\n const defaultOnSuccess: ZitadelOnSuccess = (state) =>\n NextResponse.redirect(serverURL + (state.get('redirect') ?? ''))\n\n return {\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...(disableAvatar ? {} : {avatar: Avatar}),\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin || [],\n ...(disableDefaultLoginButton ? [] : [LoginButton])\n ]\n },\n custom: {\n zitadel: {\n issuerURL,\n clientId,\n label,\n authorizeURL: authBaseURL + ROUTES.authorize,\n callbackURL: authBaseURL + ROUTES.callback\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == authSlug ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n authSlug,\n associatedIdFieldName,\n strategyName: strategyName,\n issuerURL: issuerURL as string,\n clientId: clientId as string,\n ...(enableAPI ? {\n enableAPI: true,\n apiClientId: apiClientId!,\n apiKeyId: apiClientId!,\n apiKey: apiKey!\n } : {enableAPI: undefined})\n })\n ]\n },\n hooks: {\n afterLogout: [() => cookies().delete(COOKIES.idToken)],\n\n // current work around (see onInit)\n afterChange: [async ({req}) => {\n const response = await req.payload.find({collection: authSlug})\n // to minimize unnecessary checks after the first two real users\n if (response.totalDocs == 2) {\n await req.payload.delete({\n collection: authSlug,\n where: {\n [associatedIdFieldName]: {\n equals: DELETE_ME_USER.associatedId\n }\n }\n })\n }\n }]\n\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback\n },\n {\n path: ROUTES.redirect,\n method: 'get',\n handler: redirect(onSuccess ?? defaultOnSuccess)\n }\n ],\n fields: [\n ...collection.fields,\n {\n name: associatedIdFieldName,\n type: 'text',\n admin: {\n readOnly: true\n },\n unique: true,\n required: true\n },\n {\n name: 'email',\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n name: 'name',\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n name: 'image',\n type: 'text',\n admin: {\n readOnly: true\n }\n }\n ]\n } : {}\n }\n }),\n\n // current work around on creating a non-functional first user, which will be deleted after first login\n async onInit(payload) {\n if (incomingConfig.onInit)\n await incomingConfig.onInit(payload)\n\n const existingUsers = await payload.find({\n collection: authSlug,\n limit: 1\n })\n\n if (existingUsers.docs.length === 0) {\n await payload.create({\n collection: authSlug,\n data: {\n email: DELETE_ME_USER.email,\n password: DELETE_ME_USER.password,\n [associatedIdFieldName]: DELETE_ME_USER.associatedId\n }\n })\n }\n },\n\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n } satisfies PayloadConfigWithZitadel\n\n }\n\n}"],"names":["cookies","Avatar","LoginButton","COOKIES","DEFAULT_CONFIG","DELETE_ME_USER","ERROR_MESSAGES","ROUTES","authorize","callback","redirect","zitadelStrategy","translations","NextResponse","getCurrentUser","ZitadelPlugin","associatedIdFieldName","disableAvatar","disableDefaultLoginButton","strategyName","label","issuerURL","clientId","enableAPI","apiClientId","apiKeyId","apiKey","onSuccess","Error","incomingConfig","serverURL","authSlug","admin","user","authBaseURL","defaultOnSuccess","state","get","avatar","components","afterLogin","custom","zitadel","authorizeURL","callbackURL","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","undefined","hooks","afterLogout","delete","idToken","afterChange","req","response","payload","find","totalDocs","where","equals","associatedId","endpoints","path","method","handler","fields","name","type","readOnly","unique","required","onInit","existingUsers","limit","docs","length","create","data","email","password","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,MAAM,EAAEC,WAAW,QAAO,wBAAuB;AACzD,SAAQC,OAAO,EAAEC,cAAc,EAAEC,cAAc,EAAEC,cAAc,EAAEC,MAAM,QAAO,iBAAgB;AAC9F,SAAQC,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,QAAO,sBAAqB;AACjE,SAAQC,eAAe,QAAO,gBAAe;AAE7C,SAAQC,YAAY,QAAO,oBAAmB;AAC9C,SAAQC,YAAY,QAAO,iBAAgB;AAE3C,SAAQC,cAAc,QAAO,mBAAkB;AAE/C,OAAO,MAAMC,gBAAmC,CAAC,EACIC,wBAAwBZ,eAAeY,qBAAqB,EAC5DC,aAAa,EACbC,yBAAyB,EACzBC,eAAef,eAAee,YAAY,EAC1CC,QAAQhB,eAAegB,KAAK,EAC5BC,SAAS,EACTC,QAAQ,EACRC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACNC,SAAS,EACZ;IAE9C,IAAI,CAACN,WACD,MAAM,IAAIO,MAAMtB,eAAee,SAAS;IAC5C,IAAI,CAACC,UACD,MAAM,IAAIM,MAAMtB,eAAegB,QAAQ;IAC3C,IAAIC,WAAW;QACX,IAAI,CAACC,aACD,MAAM,IAAII,MAAMtB,eAAekB,WAAW;QAC9C,IAAI,CAACC,UACD,MAAM,IAAIG,MAAMtB,eAAeoB,MAAM;QACzC,IAAI,CAACA,QACD,MAAM,IAAIE,MAAMtB,eAAeoB,MAAM;IAC7C;IAEA,OAAO,CAACG;QAEJ,MAAMC,YAAYD,eAAeC,SAAS,IAAI;QAE9C,MAAMC,WAAWF,eAAeG,KAAK,EAAEC,QAAQ;QAE/C,MAAMC,cAAc,CAAC,EAAEJ,UAAU,KAAK,EAAEC,SAAS,CAAC;QAElD,MAAMI,mBAAqC,CAACC,QACxCvB,aAAaH,QAAQ,CAACoB,YAAaM,CAAAA,MAAMC,GAAG,CAAC,eAAe,EAAC;QAEjE,OAAO;YACH,GAAGR,cAAc;YACjBG,OAAO;gBACH,GAAGH,eAAeG,KAAK;gBACvB,GAAIf,gBAAgB,CAAC,IAAI;oBAACqB,QAAQrC;gBAAM,CAAC;gBACzCsC,YAAY;oBACR,GAAGV,eAAeG,KAAK,EAAEO,UAAU;oBACnCC,YAAY;2BACLX,eAAeG,KAAK,EAAEO,YAAYC,cAAc,EAAE;2BACjDtB,4BAA4B,EAAE,GAAG;4BAAChB;yBAAY;qBACrD;gBACL;gBACAuC,QAAQ;oBACJC,SAAS;wBACLrB;wBACAC;wBACAF;wBACAuB,cAAcT,cAAc3B,OAAOC,SAAS;wBAC5CoC,aAAaV,cAAc3B,OAAOE,QAAQ;oBAC9C;gBACJ;YACJ;YACAoC,aAAa,AAAChB,CAAAA,eAAegB,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAInB,WAAW;wBAC7BkB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/BzC,gBAAgB;oCACZoB;oCACAf;oCACAG,cAAcA;oCACdE,WAAWA;oCACXC,UAAUA;oCACV,GAAIC,YAAY;wCACZA,WAAW;wCACXC,aAAaA;wCACbC,UAAUD;wCACVE,QAAQA;oCACZ,IAAI;wCAACH,WAAW8B;oCAAS,CAAC;gCAC9B;6BACH;wBACL;wBACAC,OAAO;4BACHC,aAAa;gCAAC,IAAMvD,UAAUwD,MAAM,CAACrD,QAAQsD,OAAO;6BAAE;4BAEtD,mCAAmC;4BACnCC,aAAa;gCAAC,OAAO,EAACC,GAAG,EAAC;oCACtB,MAAMC,WAAW,MAAMD,IAAIE,OAAO,CAACC,IAAI,CAAC;wCAACf,YAAYhB;oCAAQ;oCAC7D,gEAAgE;oCAChE,IAAI6B,SAASG,SAAS,IAAI,GAAG;wCACzB,MAAMJ,IAAIE,OAAO,CAACL,MAAM,CAAC;4CACrBT,YAAYhB;4CACZiC,OAAO;gDACH,CAAChD,sBAAsB,EAAE;oDACrBiD,QAAQ5D,eAAe6D,YAAY;gDACvC;4CACJ;wCACJ;oCACJ;gCACJ;6BAAE;wBAEN;wBACAC,WAAW;4BACP;gCACIC,MAAM7D,OAAOC,SAAS;gCACtB6D,QAAQ;gCACRC,SAAS9D;4BACb;4BACA;gCACI4D,MAAM7D,OAAOE,QAAQ;gCACrB4D,QAAQ;gCACRC,SAAS7D;4BACb;4BACA;gCACI2D,MAAM7D,OAAOG,QAAQ;gCACrB2D,QAAQ;gCACRC,SAAS5D,SAASiB,aAAaQ;4BACnC;yBACH;wBACDoC,QAAQ;+BACDxB,WAAWwB,MAAM;4BACpB;gCACIC,MAAMxD;gCACNyD,MAAM;gCACNzC,OAAO;oCACH0C,UAAU;gCACd;gCACAC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACIJ,MAAM;gCACNC,MAAM;gCACNzC,OAAO;oCACH0C,UAAU;gCACd;4BACJ;4BACA;gCACIF,MAAM;gCACNC,MAAM;gCACNzC,OAAO;oCACH0C,UAAU;gCACd;4BACJ;4BACA;gCACIF,MAAM;gCACNC,MAAM;gCACNzC,OAAO;oCACH0C,UAAU;gCACd;4BACJ;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YAEA,uGAAuG;YACvG,MAAMG,QAAOhB,OAAO;gBAChB,IAAIhC,eAAegD,MAAM,EACrB,MAAMhD,eAAegD,MAAM,CAAChB;gBAEhC,MAAMiB,gBAAgB,MAAMjB,QAAQC,IAAI,CAAC;oBACrCf,YAAYhB;oBACZgD,OAAO;gBACX;gBAEA,IAAID,cAAcE,IAAI,CAACC,MAAM,KAAK,GAAG;oBACjC,MAAMpB,QAAQqB,MAAM,CAAC;wBACjBnC,YAAYhB;wBACZoD,MAAM;4BACFC,OAAO/E,eAAe+E,KAAK;4BAC3BC,UAAUhF,eAAegF,QAAQ;4BACjC,CAACrE,sBAAsB,EAAEX,eAAe6D,YAAY;wBACxD;oBACJ;gBACJ;YACJ;YAEAoB,MAAM;gBACF,GAAGzD,eAAeyD,IAAI;gBACtB1E,cAAc;oBACV,GAAGiB,eAAeyD,IAAI,EAAE1E,YAAY;oBACpC2E,IAAI;wBACA,GAAG1D,eAAeyD,IAAI,EAAE1E,cAAc2E,EAAE;wBACxC,GAAG3E,aAAa2E,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG3D,eAAeyD,IAAI,EAAE1E,cAAc4E,EAAE;wBACxC,GAAG5E,aAAa4E,EAAE;oBACtB;gBACJ;YACJ;QACJ;IAEJ;AAEJ,EAAC"}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {cookies} from 'next/headers.js'\nimport {Avatar, LoginButton} from './components/index.js'\nimport {COOKIES, DEFAULT_CONFIG, DELETE_ME_USER, ERROR_MESSAGES, ROUTES} from './constants.js'\nimport {authorize, callback} from './handlers/index.js'\nimport {zitadelStrategy} from './strategy.js'\nimport {PayloadConfigWithZitadel, ZitadelOnSuccess, ZitadelPluginType} from './types.js'\nimport {translations} from './translations.js'\nimport {NextResponse} from 'next/server.js'\n\nexport {getCurrentUser} from './utils/index.js'\n\nexport const ZitadelPlugin: ZitadelPluginType = ({\n associatedIdFieldName = DEFAULT_CONFIG.associatedIdFieldName,\n disableAvatar,\n disableDefaultLoginButton,\n strategyName = DEFAULT_CONFIG.strategyName,\n label = DEFAULT_CONFIG.label,\n issuerURL,\n clientId,\n enableAPI,\n apiClientId,\n apiKeyId,\n apiKey,\n onSuccess\n }) => {\n\n if (!issuerURL)\n throw new Error(ERROR_MESSAGES.issuerURL)\n if (!clientId)\n throw new Error(ERROR_MESSAGES.clientId)\n if (enableAPI) {\n if (!apiClientId)\n throw new Error(ERROR_MESSAGES.apiClientId)\n if (!apiKeyId)\n throw new Error(ERROR_MESSAGES.apiKey)\n if (!apiKey)\n throw new Error(ERROR_MESSAGES.apiKey)\n }\n\n return (incomingConfig) => {\n\n const serverURL = incomingConfig.serverURL ?? 'http://localhost'\n\n const authSlug = incomingConfig.admin?.user ?? 'users'\n\n const authBaseURL = `${serverURL}/api/${authSlug}`\n\n const defaultOnSuccess: ZitadelOnSuccess = (state) =>\n NextResponse.redirect(serverURL + (state.get('redirect') ?? ''))\n\n return {\n ...incomingConfig,\n admin: {\n ...incomingConfig.admin,\n ...(disableAvatar ? {} : {avatar: Avatar}),\n components: {\n ...incomingConfig.admin?.components,\n afterLogin: [\n ...incomingConfig.admin?.components?.afterLogin || [],\n ...(disableDefaultLoginButton ? [] : [LoginButton])\n ]\n },\n custom: {\n zitadel: {\n issuerURL,\n clientId,\n label,\n authorizeURL: authBaseURL + ROUTES.authorize,\n callbackURL: authBaseURL + ROUTES.callback\n }\n }\n },\n collections: (incomingConfig.collections || []).map((collection) => {\n\n const authConfig = typeof collection.auth == 'boolean' ? {} : collection.auth\n\n return {\n ...collection,\n ...collection.slug == authSlug ? {\n auth: {\n ...authConfig,\n disableLocalStrategy: true,\n strategies: [\n ...authConfig?.strategies ?? [],\n zitadelStrategy({\n authSlug,\n associatedIdFieldName,\n strategyName: strategyName,\n issuerURL: issuerURL as string,\n clientId: clientId as string,\n ...(enableAPI ? {\n enableAPI: true,\n apiClientId: apiClientId!,\n apiKeyId: apiClientId!,\n apiKey: apiKey!\n } : {enableAPI: undefined})\n })\n ]\n },\n hooks: {\n afterLogout: [() => cookies().delete(COOKIES.idToken)],\n\n // current work around (see onInit)\n afterChange: [async ({req}) => {\n const response = await req.payload.find({collection: authSlug})\n // to minimize unnecessary checks after the first two real users\n if (response.totalDocs == 2) {\n await req.payload.delete({\n collection: authSlug,\n where: {\n [associatedIdFieldName]: {\n equals: DELETE_ME_USER.associatedId\n }\n }\n })\n }\n }]\n\n },\n endpoints: [\n {\n path: ROUTES.authorize,\n method: 'get',\n handler: authorize\n },\n {\n path: ROUTES.callback,\n method: 'get',\n handler: callback(onSuccess ?? defaultOnSuccess)\n }\n ],\n fields: [\n ...collection.fields,\n {\n name: associatedIdFieldName,\n type: 'text',\n admin: {\n readOnly: true\n },\n unique: true,\n required: true\n },\n {\n name: 'email',\n type: 'email',\n admin: {\n readOnly: true\n }\n },\n {\n name: 'name',\n type: 'text',\n admin: {\n readOnly: true\n }\n },\n {\n name: 'image',\n type: 'text',\n admin: {\n readOnly: true\n }\n }\n ]\n } : {}\n }\n }),\n\n // current work around on creating a non-functional first user, which will be deleted after first login\n async onInit(payload) {\n if (incomingConfig.onInit)\n await incomingConfig.onInit(payload)\n\n const existingUsers = await payload.find({\n collection: authSlug,\n limit: 1\n })\n\n if (existingUsers.docs.length === 0) {\n await payload.create({\n collection: authSlug,\n data: {\n email: DELETE_ME_USER.email,\n password: DELETE_ME_USER.password,\n [associatedIdFieldName]: DELETE_ME_USER.associatedId\n }\n })\n }\n },\n\n i18n: {\n ...incomingConfig.i18n,\n translations: {\n ...incomingConfig.i18n?.translations,\n de: {\n ...incomingConfig.i18n?.translations?.de,\n ...translations.de\n },\n en: {\n ...incomingConfig.i18n?.translations?.en,\n ...translations.en\n }\n }\n }\n } satisfies PayloadConfigWithZitadel\n\n }\n\n}"],"names":["cookies","Avatar","LoginButton","COOKIES","DEFAULT_CONFIG","DELETE_ME_USER","ERROR_MESSAGES","ROUTES","authorize","callback","zitadelStrategy","translations","NextResponse","getCurrentUser","ZitadelPlugin","associatedIdFieldName","disableAvatar","disableDefaultLoginButton","strategyName","label","issuerURL","clientId","enableAPI","apiClientId","apiKeyId","apiKey","onSuccess","Error","incomingConfig","serverURL","authSlug","admin","user","authBaseURL","defaultOnSuccess","state","redirect","get","avatar","components","afterLogin","custom","zitadel","authorizeURL","callbackURL","collections","map","collection","authConfig","auth","slug","disableLocalStrategy","strategies","undefined","hooks","afterLogout","delete","idToken","afterChange","req","response","payload","find","totalDocs","where","equals","associatedId","endpoints","path","method","handler","fields","name","type","readOnly","unique","required","onInit","existingUsers","limit","docs","length","create","data","email","password","i18n","de","en"],"mappings":"AAAA,SAAQA,OAAO,QAAO,kBAAiB;AACvC,SAAQC,MAAM,EAAEC,WAAW,QAAO,wBAAuB;AACzD,SAAQC,OAAO,EAAEC,cAAc,EAAEC,cAAc,EAAEC,cAAc,EAAEC,MAAM,QAAO,iBAAgB;AAC9F,SAAQC,SAAS,EAAEC,QAAQ,QAAO,sBAAqB;AACvD,SAAQC,eAAe,QAAO,gBAAe;AAE7C,SAAQC,YAAY,QAAO,oBAAmB;AAC9C,SAAQC,YAAY,QAAO,iBAAgB;AAE3C,SAAQC,cAAc,QAAO,mBAAkB;AAE/C,OAAO,MAAMC,gBAAmC,CAAC,EACIC,wBAAwBX,eAAeW,qBAAqB,EAC5DC,aAAa,EACbC,yBAAyB,EACzBC,eAAed,eAAec,YAAY,EAC1CC,QAAQf,eAAee,KAAK,EAC5BC,SAAS,EACTC,QAAQ,EACRC,SAAS,EACTC,WAAW,EACXC,QAAQ,EACRC,MAAM,EACNC,SAAS,EACZ;IAE9C,IAAI,CAACN,WACD,MAAM,IAAIO,MAAMrB,eAAec,SAAS;IAC5C,IAAI,CAACC,UACD,MAAM,IAAIM,MAAMrB,eAAee,QAAQ;IAC3C,IAAIC,WAAW;QACX,IAAI,CAACC,aACD,MAAM,IAAII,MAAMrB,eAAeiB,WAAW;QAC9C,IAAI,CAACC,UACD,MAAM,IAAIG,MAAMrB,eAAemB,MAAM;QACzC,IAAI,CAACA,QACD,MAAM,IAAIE,MAAMrB,eAAemB,MAAM;IAC7C;IAEA,OAAO,CAACG;QAEJ,MAAMC,YAAYD,eAAeC,SAAS,IAAI;QAE9C,MAAMC,WAAWF,eAAeG,KAAK,EAAEC,QAAQ;QAE/C,MAAMC,cAAc,CAAC,EAAEJ,UAAU,KAAK,EAAEC,SAAS,CAAC;QAElD,MAAMI,mBAAqC,CAACC,QACxCvB,aAAawB,QAAQ,CAACP,YAAaM,CAAAA,MAAME,GAAG,CAAC,eAAe,EAAC;QAEjE,OAAO;YACH,GAAGT,cAAc;YACjBG,OAAO;gBACH,GAAGH,eAAeG,KAAK;gBACvB,GAAIf,gBAAgB,CAAC,IAAI;oBAACsB,QAAQrC;gBAAM,CAAC;gBACzCsC,YAAY;oBACR,GAAGX,eAAeG,KAAK,EAAEQ,UAAU;oBACnCC,YAAY;2BACLZ,eAAeG,KAAK,EAAEQ,YAAYC,cAAc,EAAE;2BACjDvB,4BAA4B,EAAE,GAAG;4BAACf;yBAAY;qBACrD;gBACL;gBACAuC,QAAQ;oBACJC,SAAS;wBACLtB;wBACAC;wBACAF;wBACAwB,cAAcV,cAAc1B,OAAOC,SAAS;wBAC5CoC,aAAaX,cAAc1B,OAAOE,QAAQ;oBAC9C;gBACJ;YACJ;YACAoC,aAAa,AAACjB,CAAAA,eAAeiB,WAAW,IAAI,EAAE,AAAD,EAAGC,GAAG,CAAC,CAACC;gBAEjD,MAAMC,aAAa,OAAOD,WAAWE,IAAI,IAAI,YAAY,CAAC,IAAIF,WAAWE,IAAI;gBAE7E,OAAO;oBACH,GAAGF,UAAU;oBACb,GAAGA,WAAWG,IAAI,IAAIpB,WAAW;wBAC7BmB,MAAM;4BACF,GAAGD,UAAU;4BACbG,sBAAsB;4BACtBC,YAAY;mCACLJ,YAAYI,cAAc,EAAE;gCAC/B1C,gBAAgB;oCACZoB;oCACAf;oCACAG,cAAcA;oCACdE,WAAWA;oCACXC,UAAUA;oCACV,GAAIC,YAAY;wCACZA,WAAW;wCACXC,aAAaA;wCACbC,UAAUD;wCACVE,QAAQA;oCACZ,IAAI;wCAACH,WAAW+B;oCAAS,CAAC;gCAC9B;6BACH;wBACL;wBACAC,OAAO;4BACHC,aAAa;gCAAC,IAAMvD,UAAUwD,MAAM,CAACrD,QAAQsD,OAAO;6BAAE;4BAEtD,mCAAmC;4BACnCC,aAAa;gCAAC,OAAO,EAACC,GAAG,EAAC;oCACtB,MAAMC,WAAW,MAAMD,IAAIE,OAAO,CAACC,IAAI,CAAC;wCAACf,YAAYjB;oCAAQ;oCAC7D,gEAAgE;oCAChE,IAAI8B,SAASG,SAAS,IAAI,GAAG;wCACzB,MAAMJ,IAAIE,OAAO,CAACL,MAAM,CAAC;4CACrBT,YAAYjB;4CACZkC,OAAO;gDACH,CAACjD,sBAAsB,EAAE;oDACrBkD,QAAQ5D,eAAe6D,YAAY;gDACvC;4CACJ;wCACJ;oCACJ;gCACJ;6BAAE;wBAEN;wBACAC,WAAW;4BACP;gCACIC,MAAM7D,OAAOC,SAAS;gCACtB6D,QAAQ;gCACRC,SAAS9D;4BACb;4BACA;gCACI4D,MAAM7D,OAAOE,QAAQ;gCACrB4D,QAAQ;gCACRC,SAAS7D,SAASiB,aAAaQ;4BACnC;yBACH;wBACDqC,QAAQ;+BACDxB,WAAWwB,MAAM;4BACpB;gCACIC,MAAMzD;gCACN0D,MAAM;gCACN1C,OAAO;oCACH2C,UAAU;gCACd;gCACAC,QAAQ;gCACRC,UAAU;4BACd;4BACA;gCACIJ,MAAM;gCACNC,MAAM;gCACN1C,OAAO;oCACH2C,UAAU;gCACd;4BACJ;4BACA;gCACIF,MAAM;gCACNC,MAAM;gCACN1C,OAAO;oCACH2C,UAAU;gCACd;4BACJ;4BACA;gCACIF,MAAM;gCACNC,MAAM;gCACN1C,OAAO;oCACH2C,UAAU;gCACd;4BACJ;yBACH;oBACL,IAAI,CAAC,CAAC;gBACV;YACJ;YAEA,uGAAuG;YACvG,MAAMG,QAAOhB,OAAO;gBAChB,IAAIjC,eAAeiD,MAAM,EACrB,MAAMjD,eAAeiD,MAAM,CAAChB;gBAEhC,MAAMiB,gBAAgB,MAAMjB,QAAQC,IAAI,CAAC;oBACrCf,YAAYjB;oBACZiD,OAAO;gBACX;gBAEA,IAAID,cAAcE,IAAI,CAACC,MAAM,KAAK,GAAG;oBACjC,MAAMpB,QAAQqB,MAAM,CAAC;wBACjBnC,YAAYjB;wBACZqD,MAAM;4BACFC,OAAO/E,eAAe+E,KAAK;4BAC3BC,UAAUhF,eAAegF,QAAQ;4BACjC,CAACtE,sBAAsB,EAAEV,eAAe6D,YAAY;wBACxD;oBACJ;gBACJ;YACJ;YAEAoB,MAAM;gBACF,GAAG1D,eAAe0D,IAAI;gBACtB3E,cAAc;oBACV,GAAGiB,eAAe0D,IAAI,EAAE3E,YAAY;oBACpC4E,IAAI;wBACA,GAAG3D,eAAe0D,IAAI,EAAE3E,cAAc4E,EAAE;wBACxC,GAAG5E,aAAa4E,EAAE;oBACtB;oBACAC,IAAI;wBACA,GAAG5D,eAAe0D,IAAI,EAAE3E,cAAc6E,EAAE;wBACxC,GAAG7E,aAAa6E,EAAE;oBACtB;gBACJ;YACJ;QACJ;IAEJ;AAEJ,EAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import { AuthStrategy, Config,
|
|
1
|
+
import { AuthStrategy, Config, SanitizedConfig, TypeWithID } from 'payload';
|
|
2
|
+
import { NextResponse } from 'next/server.js';
|
|
2
3
|
export type ZitadelPluginProps = Partial<{
|
|
3
4
|
disableAvatar: true;
|
|
4
5
|
disableDefaultLoginButton: true;
|
|
@@ -35,7 +36,7 @@ export type ZitadelUser = TypeWithID & Partial<{
|
|
|
35
36
|
name: string | null;
|
|
36
37
|
image: string | null;
|
|
37
38
|
}>;
|
|
38
|
-
export type ZitadelOnSuccess = (state: URLSearchParams) =>
|
|
39
|
+
export type ZitadelOnSuccess = (state: URLSearchParams) => NextResponse;
|
|
39
40
|
export type PayloadConfigWithZitadel = (Config | SanitizedConfig) & {
|
|
40
41
|
admin: {
|
|
41
42
|
custom: {
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAE,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAE,MAAM,EAAE,eAAe,EAAE,UAAU,EAAC,MAAM,SAAS,CAAA;AACzE,OAAO,EAAC,YAAY,EAAC,MAAM,gBAAgB,CAAA;AAE3C,MAAM,MAAM,kBAAkB,GAAG,OAAO,CAAC;IACrC,aAAa,EAAE,IAAI,CAAA;IACnB,yBAAyB,EAAE,IAAI,CAAA;IAC/B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,gBAAgB,CAAA;CAC9B,CAAC,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAA;AAElC,MAAM,MAAM,iBAAiB,GAAG,CAAC,KAAK,EAAE,kBAAkB,KAAK,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAA;AAEzF,MAAM,MAAM,eAAe,GAAG;IAC1B,SAAS,EAAE,IAAI,CAAA;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAA;CACnB,GAAG;IACA,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,EAAE,MAAM,CAAC;CACjC,GAAG,CAAC,eAAe,GAAG;IACnB,SAAS,CAAC,EAAE,SAAS,CAAA;CACxB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAA;AAE7B,MAAM,MAAM,mBAAmB,GAAG,CAAC,KAAK,EAAE,oBAAoB,KAAK,YAAY,CAAA;AAE/E,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAA;CAClB,CAAC,CAAA;AAEF,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,OAAO,CAAC;IAC3C,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CAAA;AAEF,MAAM,MAAM,gBAAgB,GAAG,CAAC,KAAK,EAAE,eAAe,KAAK,YAAY,CAAA;AAEvE,MAAM,MAAM,wBAAwB,GAAG,CAAC,MAAM,GAAG,eAAe,CAAC,GAAG;IAChE,KAAK,EAAE;QACH,MAAM,EAAE;YACJ,OAAO,EAAE;gBACL,SAAS,EAAE,MAAM,CAAA;gBACjB,QAAQ,EAAE,MAAM,CAAA;gBAChB,KAAK,EAAE,MAAM,CAAA;gBACb,YAAY,EAAE,MAAM,CAAA;gBACpB,WAAW,EAAE,MAAM,CAAA;aACtB,CAAA;SACJ,CAAA;KACJ,CAAA;CACJ,CAAA"}
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/types.ts"],"sourcesContent":["import {AuthStrategy, Config,
|
|
1
|
+
{"version":3,"sources":["../src/types.ts"],"sourcesContent":["import {AuthStrategy, Config, SanitizedConfig, TypeWithID} from 'payload'\nimport {NextResponse} from 'next/server.js'\n\nexport type ZitadelPluginProps = Partial<{\n disableAvatar: true\n disableDefaultLoginButton: true\n defaultLoginButtonTitle: string\n label: string\n onSuccess: ZitadelOnSuccess\n}> & Partial<ZitadelStrategyProps>\n\nexport type ZitadelPluginType = (props: ZitadelPluginProps) => (config: Config) => Config\n\nexport type ZitadelAPIProps = {\n enableAPI: true\n apiClientId: string,\n apiKeyId: string,\n apiKey: string\n}\n\nexport type ZitadelStrategyProps = {\n strategyName: string,\n issuerURL: string,\n clientId: string\n} & {\n authSlug: string,\n associatedIdFieldName: string,\n} & (ZitadelAPIProps | {\n enableAPI?: undefined\n} & Partial<ZitadelAPIProps>)\n\nexport type ZitadelStrategyType = (props: ZitadelStrategyProps) => AuthStrategy\n\nexport type ZitadelIdToken = Partial<{\n sub: string,\n name: string,\n email: string,\n picture: string\n}>\n\nexport type ZitadelUser = TypeWithID & Partial<{\n email: string | null,\n name: string | null,\n image: string | null,\n}>\n\nexport type ZitadelOnSuccess = (state: URLSearchParams) => NextResponse\n\nexport type PayloadConfigWithZitadel = (Config | SanitizedConfig) & {\n admin: {\n custom: {\n zitadel: {\n issuerURL: string\n clientId: string\n label: string\n authorizeURL: string\n callbackURL: string\n }\n }\n }\n}"],"names":[],"mappings":"AAgDA,WAYC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "payload-zitadel-plugin",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.12",
|
|
4
4
|
"description": "plugin for Payload CMS, which enables authentication via Zitadel IdP",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
@@ -36,20 +36,20 @@
|
|
|
36
36
|
"dist"
|
|
37
37
|
],
|
|
38
38
|
"dependencies": {
|
|
39
|
-
"@payloadcms/next": "3.0.0-beta.
|
|
40
|
-
"@payloadcms/translations": "3.0.0-beta.
|
|
41
|
-
"@payloadcms/ui": "3.0.0-beta.
|
|
39
|
+
"@payloadcms/next": "3.0.0-beta.70",
|
|
40
|
+
"@payloadcms/translations": "3.0.0-beta.70",
|
|
41
|
+
"@payloadcms/ui": "3.0.0-beta.70",
|
|
42
42
|
"jsonwebtoken": "^9.0.2",
|
|
43
|
-
"next": "
|
|
44
|
-
"payload": "3.0.0-beta.
|
|
43
|
+
"next": "15.0.0-canary.87",
|
|
44
|
+
"payload": "3.0.0-beta.70",
|
|
45
45
|
"react": "rc",
|
|
46
46
|
"react-dom": "rc"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
49
|
"@swc/cli": "^0.4.0",
|
|
50
|
-
"@swc/core": "^1.7.
|
|
50
|
+
"@swc/core": "^1.7.3",
|
|
51
51
|
"@types/jsonwebtoken": "^9.0.6",
|
|
52
|
-
"@types/node": "^
|
|
52
|
+
"@types/node": "^22.0.0",
|
|
53
53
|
"@types/react": "^18.3.3",
|
|
54
54
|
"@types/react-dom": "^18.3.0",
|
|
55
55
|
"rimraf": "^6.0.1",
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"redirect.d.ts","sourceRoot":"","sources":["../../src/handlers/redirect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAC,MAAM,SAAS,CAAA;AAEtC,OAAO,EAAC,gBAAgB,EAAC,MAAM,aAAa,CAAA;AAG5C,eAAO,MAAM,QAAQ,cAAe,gBAAgB,KAAG,cAUtD,CAAA"}
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
import { cookies } from 'next/headers.js';
|
|
2
|
-
import { COOKIES } from '../constants.js';
|
|
3
|
-
export const redirect = (onSuccess)=>async ()=>{
|
|
4
|
-
const cookieStore = cookies();
|
|
5
|
-
const zitadelState = new URLSearchParams(atob(cookieStore.get(COOKIES.state)?.value ?? ''));
|
|
6
|
-
cookieStore.delete(COOKIES.state);
|
|
7
|
-
return onSuccess(zitadelState);
|
|
8
|
-
};
|
|
9
|
-
|
|
10
|
-
//# sourceMappingURL=redirect.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/handlers/redirect.ts"],"sourcesContent":["import {PayloadHandler} from 'payload'\nimport {cookies} from 'next/headers.js'\nimport {ZitadelOnSuccess} from '../types.js'\nimport {COOKIES} from '../constants.js'\n\nexport const redirect = (onSuccess: ZitadelOnSuccess): PayloadHandler => async () => {\n\n const cookieStore = cookies()\n\n const zitadelState = new URLSearchParams(atob(cookieStore.get(COOKIES.state)?.value ?? ''))\n\n cookieStore.delete(COOKIES.state)\n\n return onSuccess(zitadelState)\n\n}"],"names":["cookies","COOKIES","redirect","onSuccess","cookieStore","zitadelState","URLSearchParams","atob","get","state","value","delete"],"mappings":"AACA,SAAQA,OAAO,QAAO,kBAAiB;AAEvC,SAAQC,OAAO,QAAO,kBAAiB;AAEvC,OAAO,MAAMC,WAAW,CAACC,YAAgD;QAErE,MAAMC,cAAcJ;QAEpB,MAAMK,eAAe,IAAIC,gBAAgBC,KAAKH,YAAYI,GAAG,CAACP,QAAQQ,KAAK,GAAGC,SAAS;QAEvFN,YAAYO,MAAM,CAACV,QAAQQ,KAAK;QAEhC,OAAON,UAAUE;IAErB,EAAC"}
|