verdaccio-okta-oauth 31.4.0 → 31.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js.map +1 -1
  2. package/dist/secrets.js.map +1 -1
  3. package/package.json +2 -2
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/naming-convention */\nimport axios from 'axios';\nimport crypto from 'crypto';\nimport Cache from 'node-cache';\nimport { v4 as uuid } from 'uuid';\nimport { Express, Request } from 'express';\nimport {\n Config,\n IPluginAuth,\n IPluginMiddleware,\n JWTSignOptions,\n PluginOptions,\n AuthCallback,\n IBasicAuth,\n Logger,\n} from '@verdaccio/types';\n\nimport { Secrets } from './secrets.js';\n\ndeclare module '@verdaccio/types' {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n export interface IBasicAuth<T> {\n jwtEncrypt(user: RemoteUser, signOptions: JWTSignOptions): Promise<string>;\n }\n}\n\ninterface UserInfo {\n sub: string;\n name: string;\n locale: string;\n email: string;\n preferred_username: string;\n given_name: string;\n family_name: string;\n zoneinfo: string;\n updated_at: number;\n email_verified: boolean;\n}\n\ninterface OktaOAuthConfig extends Config {\n issuer?: string;\n client_id?: string;\n ttl?: number;\n}\n\n// eslint-disable-next-line import/no-default-export\nexport default class OktaOAuth\n implements IPluginAuth<OktaOAuthConfig>, IPluginMiddleware<OktaOAuthConfig>\n{\n private issuer: string;\n private clientId: string;\n\n private cache: Cache;\n private logger: Logger;\n private sign?: JWTSignOptions;\n private storage: string;\n\n constructor(\n { issuer, client_id, ttl, security, storage }: OktaOAuthConfig,\n { logger }: PluginOptions<OktaOAuthConfig>\n ) {\n if (!issuer) {\n throw new Error('\"issuer\" should be defined!');\n }\n\n if (!client_id) {\n throw new Error('\"client_id\" should be defined!');\n }\n\n this.issuer = issuer;\n this.clientId = client_id;\n\n this.cache = new Cache({ stdTTL: ttl ?? 60 * 60 * 24 });\n this.logger = logger;\n this.sign = { expiresIn: '7d', ...(security?.web?.sign ?? {}) };\n this.storage = storage ?? './storage';\n }\n\n async authenticate(user: string, refreshToken: string, cb: AuthCallback) {\n if (this.cache.has(user)) {\n cb(null, [user]);\n return;\n }\n\n try {\n const accessToken = await this.getAccessToken(refreshToken);\n const userInfo = await this.getUserInfo(accessToken);\n this.cache.set(user, userInfo);\n cb(null, [user]);\n } catch {\n cb(null, false);\n }\n }\n\n register_middlewares(app: Express, auth: IBasicAuth<OktaOAuthConfig>) {\n const { clientId, issuer } = this;\n\n const getBaseUrl = (req: Request) => {\n return `${req.protocol}://${req.get('host')}`;\n };\n\n const getCallbackUrl = (req: Request) => {\n return `${getBaseUrl(req)}/oauth/callback`;\n };\n\n const secrets = new Secrets({ cwd: this.storage });\n\n app.enable('trust proxy');\n\n app.use((req, res, next) => {\n const originalSend = res.send;\n res.send = body => {\n let html = String(body);\n\n if (html.includes('__VERDACCIO_BASENAME_UI_OPTIONS')) {\n const script = [\n `<script>`,\n `const keys = ['username', 'token'];`,\n `const searchParams = new URLSearchParams(window.location.search);`,\n `if (keys.every(key => searchParams.has(key))) {`,\n ` for (const key of keys) {`,\n ` window.localStorage.setItem(key, searchParams.get(key));`,\n ` }`,\n ` window.location.href = '${getBaseUrl(req)}';`,\n `}`,\n `</script>`,\n ];\n html = html.replace(/<\\/body>/, script.concat('</body>').join('\\n'));\n }\n\n return originalSend.call(res, html);\n };\n\n next();\n });\n\n app.use('/oauth/authorize', (req, res) => {\n const state = uuid();\n const codeVerifier = uuid() + uuid();\n\n secrets.set(state, codeVerifier);\n\n res.redirect(\n `${issuer}/oauth2/v1/authorize?${new URLSearchParams({\n state,\n client_id: clientId,\n response_type: 'code',\n scope: 'openid profile email offline_access',\n redirect_uri: getCallbackUrl(req),\n code_challenge_method: 'S256',\n code_challenge: crypto\n .createHash('sha256')\n .update(codeVerifier)\n .digest('base64')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, ''),\n }).toString()}`\n );\n });\n\n app.use('/oauth/callback', async (req, res) => {\n const { code, state } = req.query;\n\n if (typeof code !== 'string') {\n this.logger.error(\n 'OktaOAuth Middleware: \"/oauth/authorize\" returned invalid \"code\"!'\n );\n res.status(400).end();\n return;\n }\n\n if (typeof state !== 'string') {\n this.logger.error(\n 'OktaOAuth Middleware: \"/oauth/authorize\" returned invalid \"state\"!'\n );\n res.status(400).end();\n return;\n }\n\n const codeVerifier = secrets.get(state);\n\n if (typeof codeVerifier !== 'string') {\n this.logger.error('OktaOAuth Middleware: your \"code_verifier\" has expired!');\n res.status(440).end();\n return;\n }\n\n let accessToken: string, refreshToken: string;\n try {\n ({ access_token: accessToken, refresh_token: refreshToken } = (\n await axios.post(\n `${issuer}/oauth2/v1/token`,\n new URLSearchParams({\n client_id: clientId,\n grant_type: 'authorization_code',\n redirect_uri: getCallbackUrl(req),\n code_verifier: codeVerifier,\n code,\n }).toString()\n )\n ).data);\n } catch {\n this.logger.error('OktaOAuth Middleware: \"token\" request failed!');\n res.status(500).end();\n return;\n }\n\n let userInfo: UserInfo;\n try {\n userInfo = await this.getUserInfo(accessToken);\n } catch {\n this.logger.error('OktaOAuth Middleware: \"userinfo\" request failed!');\n res.status(500).end();\n return;\n }\n\n const username = userInfo.name;\n const groups = [username];\n const defaultLoggedUserRoles = [\n '$all',\n '$authenticated',\n '@all',\n '@authenticated',\n 'all',\n ];\n\n res.redirect(\n `http://localhost:8239?${new URLSearchParams({\n username,\n jwt_token: await auth.jwtEncrypt(\n {\n name: username,\n groups: [...groups, ...defaultLoggedUserRoles],\n real_groups: groups,\n },\n this.sign ?? {}\n ),\n npm_token: auth\n .aesEncrypt(Buffer.from(`${username}:${refreshToken}`))\n .toString('base64'),\n redirect_uri: getBaseUrl(req),\n }).toString()}`\n );\n });\n }\n\n private getUserInfo = async (accessToken: string) => {\n const { issuer } = this;\n\n return (\n await axios.get<UserInfo>(`${issuer}/oauth2/v1/userinfo`, {\n headers: { Authorization: `Bearer ${accessToken}` },\n })\n ).data;\n };\n\n private getAccessToken = async (refreshToken: string) => {\n const { clientId, issuer } = this;\n\n return (\n await axios.post(\n `${issuer}/oauth2/v1/token`,\n new URLSearchParams({\n client_id: clientId,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n }).toString()\n )\n ).data.access_token;\n };\n}\n"],"names":["axios","crypto","Cache","v4","uuid","Secrets","OktaOAuth","authenticate","user","refreshToken","cb","cache","has","accessToken","getAccessToken","userInfo","getUserInfo","set","register_middlewares","app","auth","clientId","issuer","getBaseUrl","req","protocol","get","getCallbackUrl","secrets","cwd","storage","enable","use","res","next","originalSend","send","body","html","String","includes","script","replace","concat","join","call","state","codeVerifier","redirect","URLSearchParams","client_id","response_type","scope","redirect_uri","code_challenge_method","code_challenge","createHash","update","digest","toString","code","query","logger","error","status","end","access_token","refresh_token","post","grant_type","code_verifier","data","username","name","groups","defaultLoggedUserRoles","jwt_token","jwtEncrypt","real_groups","sign","npm_token","aesEncrypt","Buffer","from","constructor","ttl","security","headers","Authorization","Error","stdTTL","expiresIn","web"],"mappings":"AAAA,uDAAuD;;;;;;;;;;;;;AACvD,OAAOA,WAAW,QAAQ;AAC1B,OAAOC,YAAY,SAAS;AAC5B,OAAOC,WAAW,aAAa;AAC/B,SAASC,MAAMC,IAAI,QAAQ,OAAO;AAalC,SAASC,OAAO,QAAQ,eAAe;AA6BxB,MAAMC;IAgCjB,MAAMC,aAAaC,IAAY,EAAEC,YAAoB,EAAEC,EAAgB,EAAE;QACrE,IAAI,IAAI,CAACC,KAAK,CAACC,GAAG,CAACJ,OAAO;YACtBE,GAAG,MAAM;gBAACF;aAAK;YACf;QACJ;QAEA,IAAI;YACA,MAAMK,cAAc,MAAM,IAAI,CAACC,cAAc,CAACL;YAC9C,MAAMM,WAAW,MAAM,IAAI,CAACC,WAAW,CAACH;YACxC,IAAI,CAACF,KAAK,CAACM,GAAG,CAACT,MAAMO;YACrBL,GAAG,MAAM;gBAACF;aAAK;QACnB,EAAE,UAAM;YACJE,GAAG,MAAM;QACb;IACJ;IAEAQ,qBAAqBC,GAAY,EAAEC,IAAiC,EAAE;QAClE,MAAM,EAAEC,QAAQ,EAAEC,MAAM,EAAE,GAAG,IAAI;QAEjC,MAAMC,aAAa,CAACC;YAChB,OAAO,GAAGA,IAAIC,QAAQ,CAAC,GAAG,EAAED,IAAIE,GAAG,CAAC,SAAS;QACjD;QAEA,MAAMC,iBAAiB,CAACH;YACpB,OAAO,GAAGD,WAAWC,KAAK,eAAe,CAAC;QAC9C;QAEA,MAAMI,UAAU,IAAIvB,QAAQ;YAAEwB,KAAK,IAAI,CAACC,OAAO;QAAC;QAEhDX,IAAIY,MAAM,CAAC;QAEXZ,IAAIa,GAAG,CAAC,CAACR,KAAKS,KAAKC;YACf,MAAMC,eAAeF,IAAIG,IAAI;YAC7BH,IAAIG,IAAI,GAAGC,CAAAA;gBACP,IAAIC,OAAOC,OAAOF;gBAElB,IAAIC,KAAKE,QAAQ,CAAC,oCAAoC;oBAClD,MAAMC,SAAS;wBACX,CAAC,QAAQ,CAAC;wBACV,CAAC,mCAAmC,CAAC;wBACrC,CAAC,iEAAiE,CAAC;wBACnE,CAAC,+CAA+C,CAAC;wBACjD,CAAC,6BAA6B,CAAC;wBAC/B,CAAC,gEAAgE,CAAC;wBAClE,CAAC,KAAK,CAAC;wBACP,CAAC,4BAA4B,EAAElB,WAAWC,KAAK,EAAE,CAAC;wBAClD,CAAC,CAAC,CAAC;wBACH,CAAC,SAAS,CAAC;qBACd;oBACDc,OAAOA,KAAKI,OAAO,CAAC,YAAYD,OAAOE,MAAM,CAAC,WAAWC,IAAI,CAAC;gBAClE;gBAEA,OAAOT,aAAaU,IAAI,CAACZ,KAAKK;YAClC;YAEAJ;QACJ;QAEAf,IAAIa,GAAG,CAAC,oBAAoB,CAACR,KAAKS;YAC9B,MAAMa,QAAQ1C;YACd,MAAM2C,eAAe3C,SAASA;YAE9BwB,QAAQX,GAAG,CAAC6B,OAAOC;YAEnBd,IAAIe,QAAQ,CACR,GAAG1B,OAAO,qBAAqB,EAAE,IAAI2B,gBAAgB;gBACjDH;gBACAI,WAAW7B;gBACX8B,eAAe;gBACfC,OAAO;gBACPC,cAAc1B,eAAeH;gBAC7B8B,uBAAuB;gBACvBC,gBAAgBtD,OACXuD,UAAU,CAAC,UACXC,MAAM,CAACV,cACPW,MAAM,CAAC,UACPhB,OAAO,CAAC,OAAO,KACfA,OAAO,CAAC,OAAO,KACfA,OAAO,CAAC,OAAO;YACxB,GAAGiB,QAAQ,IAAI;QAEvB;QAEAxC,IAAIa,GAAG,CAAC,mBAAmB,OAAOR,KAAKS;YACnC,MAAM,EAAE2B,IAAI,EAAEd,KAAK,EAAE,GAAGtB,IAAIqC,KAAK;YAEjC,IAAI,OAAOD,SAAS,UAAU;gBAC1B,IAAI,CAACE,MAAM,CAACC,KAAK,CACb;gBAEJ9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAI,OAAOnB,UAAU,UAAU;gBAC3B,IAAI,CAACgB,MAAM,CAACC,KAAK,CACb;gBAEJ9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,MAAMlB,eAAenB,QAAQF,GAAG,CAACoB;YAEjC,IAAI,OAAOC,iBAAiB,UAAU;gBAClC,IAAI,CAACe,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAIpD,aAAqBJ;YACzB,IAAI;gBACC,CAAA,EAAEyD,cAAcrD,WAAW,EAAEsD,eAAe1D,YAAY,EAAE,GAAG,AAC1D,CAAA,MAAMT,MAAMoE,IAAI,CACZ,GAAG9C,OAAO,gBAAgB,CAAC,EAC3B,IAAI2B,gBAAgB;oBAChBC,WAAW7B;oBACXgD,YAAY;oBACZhB,cAAc1B,eAAeH;oBAC7B8C,eAAevB;oBACfa;gBACJ,GAAGD,QAAQ,GACf,EACFY,IAAI,AAAD;YACT,EAAE,UAAM;gBACJ,IAAI,CAACT,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAIlD;YACJ,IAAI;gBACAA,WAAW,MAAM,IAAI,CAACC,WAAW,CAACH;YACtC,EAAE,UAAM;gBACJ,IAAI,CAACiD,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,MAAMO,WAAWzD,SAAS0D,IAAI;YAC9B,MAAMC,SAAS;gBAACF;aAAS;YACzB,MAAMG,yBAAyB;gBAC3B;gBACA;gBACA;gBACA;gBACA;aACH;gBAWW;YATZ1C,IAAIe,QAAQ,CACR,CAAC,sBAAsB,EAAE,IAAIC,gBAAgB;gBACzCuB;gBACAI,WAAW,MAAMxD,KAAKyD,UAAU,CAC5B;oBACIJ,MAAMD;oBACNE,QAAQ;2BAAIA;2BAAWC;qBAAuB;oBAC9CG,aAAaJ;gBACjB,GACA,CAAA,aAAA,IAAI,CAACK,IAAI,cAAT,wBAAA,aAAa,CAAC;gBAElBC,WAAW5D,KACN6D,UAAU,CAACC,OAAOC,IAAI,CAAC,GAAGX,SAAS,CAAC,EAAE/D,cAAc,GACpDkD,QAAQ,CAAC;gBACdN,cAAc9B,WAAWC;YAC7B,GAAGmC,QAAQ,IAAI;QAEvB;IACJ;IA5LAyB,YACI,EAAE9D,MAAM,EAAE4B,SAAS,EAAEmC,GAAG,EAAEC,QAAQ,EAAExD,OAAO,EAAmB,EAC9D,EAAEgC,MAAM,EAAkC,CAC5C;YAcqCwB;QAzBvC,uBAAQhE,UAAR,KAAA;QACA,uBAAQD,YAAR,KAAA;QAEA,uBAAQV,SAAR,KAAA;QACA,uBAAQmD,UAAR,KAAA;QACA,uBAAQiB,QAAR,KAAA;QACA,uBAAQjD,WAAR,KAAA;QAgMA,uBAAQd,eAAc,OAAOH;YACzB,MAAM,EAAES,MAAM,EAAE,GAAG,IAAI;YAEvB,OAAO,AACH,CAAA,MAAMtB,MAAM0B,GAAG,CAAW,GAAGJ,OAAO,mBAAmB,CAAC,EAAE;gBACtDiE,SAAS;oBAAEC,eAAe,CAAC,OAAO,EAAE3E,aAAa;gBAAC;YACtD,EAAC,EACH0D,IAAI;QACV;QAEA,uBAAQzD,kBAAiB,OAAOL;YAC5B,MAAM,EAAEY,QAAQ,EAAEC,MAAM,EAAE,GAAG,IAAI;YAEjC,OAAO,AACH,CAAA,MAAMtB,MAAMoE,IAAI,CACZ,GAAG9C,OAAO,gBAAgB,CAAC,EAC3B,IAAI2B,gBAAgB;gBAChBC,WAAW7B;gBACXgD,YAAY;gBACZF,eAAe1D;YACnB,GAAGkD,QAAQ,GACf,EACFY,IAAI,CAACL,YAAY;QACvB;QAjNI,IAAI,CAAC5C,QAAQ;YACT,MAAM,IAAImE,MAAM;QACpB;QAEA,IAAI,CAACvC,WAAW;YACZ,MAAM,IAAIuC,MAAM;QACpB;QAEA,IAAI,CAACnE,MAAM,GAAGA;QACd,IAAI,CAACD,QAAQ,GAAG6B;QAEhB,IAAI,CAACvC,KAAK,GAAG,IAAIT,MAAM;YAAEwF,QAAQL,gBAAAA,iBAAAA,MAAO,KAAK,KAAK;QAAG;QACrD,IAAI,CAACvB,MAAM,GAAGA;YACqBwB;QAAnC,IAAI,CAACP,IAAI,GAAG;YAAEY,WAAW;YAAM,GAAIL,CAAAA,qBAAAA,qBAAAA,gCAAAA,gBAAAA,SAAUM,GAAG,cAAbN,oCAAAA,cAAeP,IAAI,cAAnBO,gCAAAA,qBAAuB,CAAC,CAAC;QAAE;QAC9D,IAAI,CAACxD,OAAO,GAAGA,oBAAAA,qBAAAA,UAAW;IAC9B;AAmMJ;AAlOA,oDAAoD;AACpD,SAAqBxB,uBAiOpB"}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/naming-convention */\nimport axios from 'axios';\nimport crypto from 'crypto';\nimport Cache from 'node-cache';\nimport { v4 as uuid } from 'uuid';\nimport { Express, Request } from 'express';\nimport {\n Config,\n IPluginAuth,\n IPluginMiddleware,\n JWTSignOptions,\n PluginOptions,\n AuthCallback,\n IBasicAuth,\n Logger,\n} from '@verdaccio/types';\n\nimport { Secrets } from './secrets.js';\n\ndeclare module '@verdaccio/types' {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n export interface IBasicAuth<T> {\n jwtEncrypt(user: RemoteUser, signOptions: JWTSignOptions): Promise<string>;\n }\n}\n\ninterface UserInfo {\n sub: string;\n name: string;\n locale: string;\n email: string;\n preferred_username: string;\n given_name: string;\n family_name: string;\n zoneinfo: string;\n updated_at: number;\n email_verified: boolean;\n}\n\ninterface OktaOAuthConfig extends Config {\n issuer?: string;\n client_id?: string;\n ttl?: number;\n}\n\n// eslint-disable-next-line import/no-default-export\nexport default class OktaOAuth\n implements IPluginAuth<OktaOAuthConfig>, IPluginMiddleware<OktaOAuthConfig>\n{\n private issuer: string;\n private clientId: string;\n\n private cache: Cache;\n private logger: Logger;\n private sign?: JWTSignOptions;\n private storage: string;\n\n constructor(\n { issuer, client_id, ttl, security, storage }: OktaOAuthConfig,\n { logger }: PluginOptions<OktaOAuthConfig>\n ) {\n if (!issuer) {\n throw new Error('\"issuer\" should be defined!');\n }\n\n if (!client_id) {\n throw new Error('\"client_id\" should be defined!');\n }\n\n this.issuer = issuer;\n this.clientId = client_id;\n\n this.cache = new Cache({ stdTTL: ttl ?? 60 * 60 * 24 });\n this.logger = logger;\n this.sign = { expiresIn: '7d', ...(security?.web?.sign ?? {}) };\n this.storage = storage ?? './storage';\n }\n\n async authenticate(user: string, refreshToken: string, cb: AuthCallback) {\n if (this.cache.has(user)) {\n cb(null, [user]);\n return;\n }\n\n try {\n const accessToken = await this.getAccessToken(refreshToken);\n const userInfo = await this.getUserInfo(accessToken);\n this.cache.set(user, userInfo);\n cb(null, [user]);\n } catch {\n cb(null, false);\n }\n }\n\n register_middlewares(app: Express, auth: IBasicAuth<OktaOAuthConfig>) {\n const { clientId, issuer } = this;\n\n const getBaseUrl = (req: Request) => {\n return `${req.protocol}://${req.get('host')}`;\n };\n\n const getCallbackUrl = (req: Request) => {\n return `${getBaseUrl(req)}/oauth/callback`;\n };\n\n const secrets = new Secrets({ cwd: this.storage });\n\n app.enable('trust proxy');\n\n app.use((req, res, next) => {\n const originalSend = res.send;\n res.send = body => {\n let html = String(body);\n\n if (html.includes('__VERDACCIO_BASENAME_UI_OPTIONS')) {\n const script = [\n `<script>`,\n `const keys = ['username', 'token'];`,\n `const searchParams = new URLSearchParams(window.location.search);`,\n `if (keys.every(key => searchParams.has(key))) {`,\n ` for (const key of keys) {`,\n ` window.localStorage.setItem(key, searchParams.get(key));`,\n ` }`,\n ` window.location.href = '${getBaseUrl(req)}';`,\n `}`,\n `</script>`,\n ];\n html = html.replace(/<\\/body>/, script.concat('</body>').join('\\n'));\n }\n\n return originalSend.call(res, html);\n };\n\n next();\n });\n\n app.use('/oauth/authorize', (req, res) => {\n const state = uuid();\n const codeVerifier = uuid() + uuid();\n\n secrets.set(state, codeVerifier);\n\n res.redirect(\n `${issuer}/oauth2/v1/authorize?${new URLSearchParams({\n state,\n client_id: clientId,\n response_type: 'code',\n scope: 'openid profile email offline_access',\n redirect_uri: getCallbackUrl(req),\n code_challenge_method: 'S256',\n code_challenge: crypto\n .createHash('sha256')\n .update(codeVerifier)\n .digest('base64')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, ''),\n }).toString()}`\n );\n });\n\n app.use('/oauth/callback', async (req, res) => {\n const { code, state } = req.query;\n\n if (typeof code !== 'string') {\n this.logger.error(\n 'OktaOAuth Middleware: \"/oauth/authorize\" returned invalid \"code\"!'\n );\n res.status(400).end();\n return;\n }\n\n if (typeof state !== 'string') {\n this.logger.error(\n 'OktaOAuth Middleware: \"/oauth/authorize\" returned invalid \"state\"!'\n );\n res.status(400).end();\n return;\n }\n\n const codeVerifier = secrets.get(state);\n\n if (typeof codeVerifier !== 'string') {\n this.logger.error('OktaOAuth Middleware: your \"code_verifier\" has expired!');\n res.status(440).end();\n return;\n }\n\n let accessToken: string, refreshToken: string;\n try {\n ({ access_token: accessToken, refresh_token: refreshToken } = (\n await axios.post(\n `${issuer}/oauth2/v1/token`,\n new URLSearchParams({\n client_id: clientId,\n grant_type: 'authorization_code',\n redirect_uri: getCallbackUrl(req),\n code_verifier: codeVerifier,\n code,\n }).toString()\n )\n ).data);\n } catch {\n this.logger.error('OktaOAuth Middleware: \"token\" request failed!');\n res.status(500).end();\n return;\n }\n\n let userInfo: UserInfo;\n try {\n userInfo = await this.getUserInfo(accessToken);\n } catch {\n this.logger.error('OktaOAuth Middleware: \"userinfo\" request failed!');\n res.status(500).end();\n return;\n }\n\n const username = userInfo.name;\n const groups = [username];\n const defaultLoggedUserRoles = [\n '$all',\n '$authenticated',\n '@all',\n '@authenticated',\n 'all',\n ];\n\n res.redirect(\n `http://localhost:8239?${new URLSearchParams({\n username,\n jwt_token: await auth.jwtEncrypt(\n {\n name: username,\n groups: [...groups, ...defaultLoggedUserRoles],\n real_groups: groups,\n },\n this.sign ?? {}\n ),\n npm_token: auth\n .aesEncrypt(Buffer.from(`${username}:${refreshToken}`))\n .toString('base64'),\n redirect_uri: getBaseUrl(req),\n }).toString()}`\n );\n });\n }\n\n private getUserInfo = async (accessToken: string) => {\n const { issuer } = this;\n\n return (\n await axios.get<UserInfo>(`${issuer}/oauth2/v1/userinfo`, {\n headers: { Authorization: `Bearer ${accessToken}` },\n })\n ).data;\n };\n\n private getAccessToken = async (refreshToken: string) => {\n const { clientId, issuer } = this;\n\n return (\n await axios.post(\n `${issuer}/oauth2/v1/token`,\n new URLSearchParams({\n client_id: clientId,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n }).toString()\n )\n ).data.access_token;\n };\n}\n"],"names":["axios","crypto","Cache","v4","uuid","Secrets","OktaOAuth","authenticate","user","refreshToken","cb","cache","has","accessToken","getAccessToken","userInfo","getUserInfo","set","register_middlewares","app","auth","clientId","issuer","getBaseUrl","req","protocol","get","getCallbackUrl","secrets","cwd","storage","enable","use","res","next","originalSend","send","body","html","String","includes","script","replace","concat","join","call","state","codeVerifier","redirect","URLSearchParams","client_id","response_type","scope","redirect_uri","code_challenge_method","code_challenge","createHash","update","digest","toString","code","query","logger","error","status","end","access_token","refresh_token","post","grant_type","code_verifier","data","username","name","groups","defaultLoggedUserRoles","jwt_token","jwtEncrypt","real_groups","sign","npm_token","aesEncrypt","Buffer","from","ttl","security","headers","Authorization","Error","stdTTL","expiresIn","web"],"mappings":"AAAA,uDAAuD;;;;;;;;;;;;;AACvD,OAAOA,WAAW,QAAQ;AAC1B,OAAOC,YAAY,SAAS;AAC5B,OAAOC,WAAW,aAAa;AAC/B,SAASC,MAAMC,IAAI,QAAQ,OAAO;AAalC,SAASC,OAAO,QAAQ,eAAe;AA6BxB,MAAMC;IAgCjB,MAAMC,aAAaC,IAAY,EAAEC,YAAoB,EAAEC,EAAgB,EAAE;QACrE,IAAI,IAAI,CAACC,KAAK,CAACC,GAAG,CAACJ,OAAO;YACtBE,GAAG,MAAM;gBAACF;aAAK;YACf;QACJ;QAEA,IAAI;YACA,MAAMK,cAAc,MAAM,IAAI,CAACC,cAAc,CAACL;YAC9C,MAAMM,WAAW,MAAM,IAAI,CAACC,WAAW,CAACH;YACxC,IAAI,CAACF,KAAK,CAACM,GAAG,CAACT,MAAMO;YACrBL,GAAG,MAAM;gBAACF;aAAK;QACnB,EAAE,UAAM;YACJE,GAAG,MAAM;QACb;IACJ;IAEAQ,qBAAqBC,GAAY,EAAEC,IAAiC,EAAE;QAClE,MAAM,EAAEC,QAAQ,EAAEC,MAAM,EAAE,GAAG,IAAI;QAEjC,MAAMC,aAAa,CAACC;YAChB,OAAO,GAAGA,IAAIC,QAAQ,CAAC,GAAG,EAAED,IAAIE,GAAG,CAAC,SAAS;QACjD;QAEA,MAAMC,iBAAiB,CAACH;YACpB,OAAO,GAAGD,WAAWC,KAAK,eAAe,CAAC;QAC9C;QAEA,MAAMI,UAAU,IAAIvB,QAAQ;YAAEwB,KAAK,IAAI,CAACC,OAAO;QAAC;QAEhDX,IAAIY,MAAM,CAAC;QAEXZ,IAAIa,GAAG,CAAC,CAACR,KAAKS,KAAKC;YACf,MAAMC,eAAeF,IAAIG,IAAI;YAC7BH,IAAIG,IAAI,GAAGC,CAAAA;gBACP,IAAIC,OAAOC,OAAOF;gBAElB,IAAIC,KAAKE,QAAQ,CAAC,oCAAoC;oBAClD,MAAMC,SAAS;wBACX,CAAC,QAAQ,CAAC;wBACV,CAAC,mCAAmC,CAAC;wBACrC,CAAC,iEAAiE,CAAC;wBACnE,CAAC,+CAA+C,CAAC;wBACjD,CAAC,6BAA6B,CAAC;wBAC/B,CAAC,gEAAgE,CAAC;wBAClE,CAAC,KAAK,CAAC;wBACP,CAAC,4BAA4B,EAAElB,WAAWC,KAAK,EAAE,CAAC;wBAClD,CAAC,CAAC,CAAC;wBACH,CAAC,SAAS,CAAC;qBACd;oBACDc,OAAOA,KAAKI,OAAO,CAAC,YAAYD,OAAOE,MAAM,CAAC,WAAWC,IAAI,CAAC;gBAClE;gBAEA,OAAOT,aAAaU,IAAI,CAACZ,KAAKK;YAClC;YAEAJ;QACJ;QAEAf,IAAIa,GAAG,CAAC,oBAAoB,CAACR,KAAKS;YAC9B,MAAMa,QAAQ1C;YACd,MAAM2C,eAAe3C,SAASA;YAE9BwB,QAAQX,GAAG,CAAC6B,OAAOC;YAEnBd,IAAIe,QAAQ,CACR,GAAG1B,OAAO,qBAAqB,EAAE,IAAI2B,gBAAgB;gBACjDH;gBACAI,WAAW7B;gBACX8B,eAAe;gBACfC,OAAO;gBACPC,cAAc1B,eAAeH;gBAC7B8B,uBAAuB;gBACvBC,gBAAgBtD,OACXuD,UAAU,CAAC,UACXC,MAAM,CAACV,cACPW,MAAM,CAAC,UACPhB,OAAO,CAAC,OAAO,KACfA,OAAO,CAAC,OAAO,KACfA,OAAO,CAAC,OAAO;YACxB,GAAGiB,QAAQ,IAAI;QAEvB;QAEAxC,IAAIa,GAAG,CAAC,mBAAmB,OAAOR,KAAKS;YACnC,MAAM,EAAE2B,IAAI,EAAEd,KAAK,EAAE,GAAGtB,IAAIqC,KAAK;YAEjC,IAAI,OAAOD,SAAS,UAAU;gBAC1B,IAAI,CAACE,MAAM,CAACC,KAAK,CACb;gBAEJ9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAI,OAAOnB,UAAU,UAAU;gBAC3B,IAAI,CAACgB,MAAM,CAACC,KAAK,CACb;gBAEJ9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,MAAMlB,eAAenB,QAAQF,GAAG,CAACoB;YAEjC,IAAI,OAAOC,iBAAiB,UAAU;gBAClC,IAAI,CAACe,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAIpD,aAAqBJ;YACzB,IAAI;gBACC,CAAA,EAAEyD,cAAcrD,WAAW,EAAEsD,eAAe1D,YAAY,EAAE,GAAG,AAC1D,CAAA,MAAMT,MAAMoE,IAAI,CACZ,GAAG9C,OAAO,gBAAgB,CAAC,EAC3B,IAAI2B,gBAAgB;oBAChBC,WAAW7B;oBACXgD,YAAY;oBACZhB,cAAc1B,eAAeH;oBAC7B8C,eAAevB;oBACfa;gBACJ,GAAGD,QAAQ,GACf,EACFY,IAAI,AAAD;YACT,EAAE,UAAM;gBACJ,IAAI,CAACT,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAIlD;YACJ,IAAI;gBACAA,WAAW,MAAM,IAAI,CAACC,WAAW,CAACH;YACtC,EAAE,UAAM;gBACJ,IAAI,CAACiD,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,MAAMO,WAAWzD,SAAS0D,IAAI;YAC9B,MAAMC,SAAS;gBAACF;aAAS;YACzB,MAAMG,yBAAyB;gBAC3B;gBACA;gBACA;gBACA;gBACA;aACH;gBAWW;YATZ1C,IAAIe,QAAQ,CACR,CAAC,sBAAsB,EAAE,IAAIC,gBAAgB;gBACzCuB;gBACAI,WAAW,MAAMxD,KAAKyD,UAAU,CAC5B;oBACIJ,MAAMD;oBACNE,QAAQ;2BAAIA;2BAAWC;qBAAuB;oBAC9CG,aAAaJ;gBACjB,GACA,CAAA,aAAA,IAAI,CAACK,IAAI,cAAT,wBAAA,aAAa,CAAC;gBAElBC,WAAW5D,KACN6D,UAAU,CAACC,OAAOC,IAAI,CAAC,GAAGX,SAAS,CAAC,EAAE/D,cAAc,GACpDkD,QAAQ,CAAC;gBACdN,cAAc9B,WAAWC;YAC7B,GAAGmC,QAAQ,IAAI;QAEvB;IACJ;IA5LA,YACI,EAAErC,MAAM,EAAE4B,SAAS,EAAEkC,GAAG,EAAEC,QAAQ,EAAEvD,OAAO,EAAmB,EAC9D,EAAEgC,MAAM,EAAkC,CAC5C;YAcqCuB;QAzBvC,uBAAQ/D,UAAR,KAAA;QACA,uBAAQD,YAAR,KAAA;QAEA,uBAAQV,SAAR,KAAA;QACA,uBAAQmD,UAAR,KAAA;QACA,uBAAQiB,QAAR,KAAA;QACA,uBAAQjD,WAAR,KAAA;QAgMA,uBAAQd,eAAc,OAAOH;YACzB,MAAM,EAAES,MAAM,EAAE,GAAG,IAAI;YAEvB,OAAO,AACH,CAAA,MAAMtB,MAAM0B,GAAG,CAAW,GAAGJ,OAAO,mBAAmB,CAAC,EAAE;gBACtDgE,SAAS;oBAAEC,eAAe,CAAC,OAAO,EAAE1E,aAAa;gBAAC;YACtD,EAAC,EACH0D,IAAI;QACV;QAEA,uBAAQzD,kBAAiB,OAAOL;YAC5B,MAAM,EAAEY,QAAQ,EAAEC,MAAM,EAAE,GAAG,IAAI;YAEjC,OAAO,AACH,CAAA,MAAMtB,MAAMoE,IAAI,CACZ,GAAG9C,OAAO,gBAAgB,CAAC,EAC3B,IAAI2B,gBAAgB;gBAChBC,WAAW7B;gBACXgD,YAAY;gBACZF,eAAe1D;YACnB,GAAGkD,QAAQ,GACf,EACFY,IAAI,CAACL,YAAY;QACvB;QAjNI,IAAI,CAAC5C,QAAQ;YACT,MAAM,IAAIkE,MAAM;QACpB;QAEA,IAAI,CAACtC,WAAW;YACZ,MAAM,IAAIsC,MAAM;QACpB;QAEA,IAAI,CAAClE,MAAM,GAAGA;QACd,IAAI,CAACD,QAAQ,GAAG6B;QAEhB,IAAI,CAACvC,KAAK,GAAG,IAAIT,MAAM;YAAEuF,QAAQL,gBAAAA,iBAAAA,MAAO,KAAK,KAAK;QAAG;QACrD,IAAI,CAACtB,MAAM,GAAGA;YACqBuB;QAAnC,IAAI,CAACN,IAAI,GAAG;YAAEW,WAAW;YAAM,GAAIL,CAAAA,qBAAAA,qBAAAA,gCAAAA,gBAAAA,SAAUM,GAAG,cAAbN,oCAAAA,cAAeN,IAAI,cAAnBM,gCAAAA,qBAAuB,CAAC,CAAC;QAAE;QAC9D,IAAI,CAACvD,OAAO,GAAGA,oBAAAA,qBAAAA,UAAW;IAC9B;AAmMJ;AAlOA,oDAAoD;AACpD,SAAqBxB,uBAiOpB"}
package/dist/secrets.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/secrets.ts"],"sourcesContent":["import fs from 'fs';\nimport path from 'path';\n\nexport interface SecretsOptions {\n cwd: string;\n ttl?: number;\n checkperiod?: number;\n}\n\nexport class Secrets {\n storage: string;\n\n constructor({ cwd, ttl = 5 * 60 * 1000, checkperiod = 5 * 60 * 1000 }: SecretsOptions) {\n this.storage = path.join(cwd, '.secrets');\n\n if (!fs.existsSync(this.storage)) {\n fs.mkdirSync(this.storage);\n }\n\n const storage = this.storage;\n setTimeout(function cleanup() {\n for (const file of fs.readdirSync(storage)) {\n const { ctimeMs } = fs.statSync(path.join(storage, file));\n\n if (Date.now() > ctimeMs + ttl) {\n fs.rmSync(path.join(storage, file));\n }\n }\n\n setTimeout(cleanup, checkperiod);\n }, checkperiod);\n }\n\n get = (key: string) => {\n if (fs.existsSync(path.join(this.storage, key))) {\n return fs.readFileSync(path.join(this.storage, key), 'utf8');\n }\n\n return undefined;\n };\n\n set = (key: string, value: string) => {\n fs.writeFileSync(path.join(this.storage, key), value, 'utf8');\n };\n}\n"],"names":["fs","path","Secrets","constructor","cwd","ttl","checkperiod","storage","get","key","existsSync","join","readFileSync","undefined","set","value","writeFileSync","mkdirSync","setTimeout","cleanup","file","readdirSync","ctimeMs","statSync","Date","now","rmSync"],"mappings":";;;;;;;;;;;;;AAAA,OAAOA,QAAQ,KAAK;AACpB,OAAOC,UAAU,OAAO;AAQxB,OAAO,MAAMC;IAGTC,YAAY,EAAEC,GAAG,EAAEC,MAAM,IAAI,KAAK,IAAI,EAAEC,cAAc,IAAI,KAAK,IAAI,EAAkB,CAAE;QAFvFC,uBAAAA,WAAAA,KAAAA;QAuBAC,uBAAAA,OAAM,CAACC;YACH,IAAIT,GAAGU,UAAU,CAACT,KAAKU,IAAI,CAAC,IAAI,CAACJ,OAAO,EAAEE,OAAO;gBAC7C,OAAOT,GAAGY,YAAY,CAACX,KAAKU,IAAI,CAAC,IAAI,CAACJ,OAAO,EAAEE,MAAM;YACzD;YAEA,OAAOI;QACX;QAEAC,uBAAAA,OAAM,CAACL,KAAaM;YAChBf,GAAGgB,aAAa,CAACf,KAAKU,IAAI,CAAC,IAAI,CAACJ,OAAO,EAAEE,MAAMM,OAAO;QAC1D;QA9BI,IAAI,CAACR,OAAO,GAAGN,KAAKU,IAAI,CAACP,KAAK;QAE9B,IAAI,CAACJ,GAAGU,UAAU,CAAC,IAAI,CAACH,OAAO,GAAG;YAC9BP,GAAGiB,SAAS,CAAC,IAAI,CAACV,OAAO;QAC7B;QAEA,MAAMA,UAAU,IAAI,CAACA,OAAO;QAC5BW,WAAW,SAASC;YAChB,KAAK,MAAMC,QAAQpB,GAAGqB,WAAW,CAACd,SAAU;gBACxC,MAAM,EAAEe,OAAO,EAAE,GAAGtB,GAAGuB,QAAQ,CAACtB,KAAKU,IAAI,CAACJ,SAASa;gBAEnD,IAAII,KAAKC,GAAG,KAAKH,UAAUjB,KAAK;oBAC5BL,GAAG0B,MAAM,CAACzB,KAAKU,IAAI,CAACJ,SAASa;gBACjC;YACJ;YAEAF,WAAWC,SAASb;QACxB,GAAGA;IACP;AAaJ"}
1
+ {"version":3,"sources":["../src/secrets.ts"],"sourcesContent":["import fs from 'fs';\nimport path from 'path';\n\nexport interface SecretsOptions {\n cwd: string;\n ttl?: number;\n checkperiod?: number;\n}\n\nexport class Secrets {\n storage: string;\n\n constructor({ cwd, ttl = 5 * 60 * 1000, checkperiod = 5 * 60 * 1000 }: SecretsOptions) {\n this.storage = path.join(cwd, '.secrets');\n\n if (!fs.existsSync(this.storage)) {\n fs.mkdirSync(this.storage);\n }\n\n const storage = this.storage;\n setTimeout(function cleanup() {\n for (const file of fs.readdirSync(storage)) {\n const { ctimeMs } = fs.statSync(path.join(storage, file));\n\n if (Date.now() > ctimeMs + ttl) {\n fs.rmSync(path.join(storage, file));\n }\n }\n\n setTimeout(cleanup, checkperiod);\n }, checkperiod);\n }\n\n get = (key: string) => {\n if (fs.existsSync(path.join(this.storage, key))) {\n return fs.readFileSync(path.join(this.storage, key), 'utf8');\n }\n\n return undefined;\n };\n\n set = (key: string, value: string) => {\n fs.writeFileSync(path.join(this.storage, key), value, 'utf8');\n };\n}\n"],"names":["fs","path","Secrets","cwd","ttl","checkperiod","storage","get","key","existsSync","join","readFileSync","undefined","set","value","writeFileSync","mkdirSync","setTimeout","cleanup","file","readdirSync","ctimeMs","statSync","Date","now","rmSync"],"mappings":";;;;;;;;;;;;;AAAA,OAAOA,QAAQ,KAAK;AACpB,OAAOC,UAAU,OAAO;AAQxB,OAAO,MAAMC;IAGT,YAAY,EAAEC,GAAG,EAAEC,MAAM,IAAI,KAAK,IAAI,EAAEC,cAAc,IAAI,KAAK,IAAI,EAAkB,CAAE;QAFvFC,uBAAAA,WAAAA,KAAAA;QAuBAC,uBAAAA,OAAM,CAACC;YACH,IAAIR,GAAGS,UAAU,CAACR,KAAKS,IAAI,CAAC,IAAI,CAACJ,OAAO,EAAEE,OAAO;gBAC7C,OAAOR,GAAGW,YAAY,CAACV,KAAKS,IAAI,CAAC,IAAI,CAACJ,OAAO,EAAEE,MAAM;YACzD;YAEA,OAAOI;QACX;QAEAC,uBAAAA,OAAM,CAACL,KAAaM;YAChBd,GAAGe,aAAa,CAACd,KAAKS,IAAI,CAAC,IAAI,CAACJ,OAAO,EAAEE,MAAMM,OAAO;QAC1D;QA9BI,IAAI,CAACR,OAAO,GAAGL,KAAKS,IAAI,CAACP,KAAK;QAE9B,IAAI,CAACH,GAAGS,UAAU,CAAC,IAAI,CAACH,OAAO,GAAG;YAC9BN,GAAGgB,SAAS,CAAC,IAAI,CAACV,OAAO;QAC7B;QAEA,MAAMA,UAAU,IAAI,CAACA,OAAO;QAC5BW,WAAW,SAASC;YAChB,KAAK,MAAMC,QAAQnB,GAAGoB,WAAW,CAACd,SAAU;gBACxC,MAAM,EAAEe,OAAO,EAAE,GAAGrB,GAAGsB,QAAQ,CAACrB,KAAKS,IAAI,CAACJ,SAASa;gBAEnD,IAAII,KAAKC,GAAG,KAAKH,UAAUjB,KAAK;oBAC5BJ,GAAGyB,MAAM,CAACxB,KAAKS,IAAI,CAACJ,SAASa;gBACjC;YACJ;YAEAF,WAAWC,SAASb;QACxB,GAAGA;IACP;AAaJ"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "verdaccio-okta-oauth",
3
- "version": "31.4.0",
3
+ "version": "31.5.1",
4
4
  "description": "",
5
5
  "type": "module",
6
6
  "repository": {
@@ -35,5 +35,5 @@
35
35
  "cli": {
36
36
  "webpack": false
37
37
  },
38
- "gitHead": "21360511d426098c7231809ca33b13ecd11f16dd"
38
+ "gitHead": "8eb35a6e98b9e3cb3b18b452ce9ba76f278d0e61"
39
39
  }