verdaccio-okta-oauth 33.1.0 → 34.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +3 -3
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -6
- package/dist/index.js.map +1 -1
- package/package.json +9 -9
- package/src/cli.ts +2 -2
- package/src/index.ts +8 -9
package/dist/cli.js
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
|
|
1
|
+
var _argv_registry;
|
|
2
|
+
/* eslint-disable @typescript-eslint/naming-convention */ import { execSync } from 'child_process';
|
|
2
3
|
import http from 'http';
|
|
3
4
|
import open from 'open';
|
|
5
|
+
import url from 'url';
|
|
4
6
|
import yargs from 'yargs';
|
|
5
7
|
import { hideBin } from 'yargs/helpers';
|
|
6
|
-
import { execSync } from 'child_process';
|
|
7
8
|
const argv = yargs(hideBin(process.argv)).argv;
|
|
8
|
-
var _argv_registry;
|
|
9
9
|
const registry = ((_argv_registry = argv.registry) !== null && _argv_registry !== void 0 ? _argv_registry : execSync('npm config get registry').toString()).trim().replace(/\/?$/, '/');
|
|
10
10
|
if (registry.includes('registry.npmjs.org')) {
|
|
11
11
|
throw new Error('This is incompatible with the default npm repository.');
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/cli.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/naming-convention */\nimport
|
|
1
|
+
{"version":3,"sources":["../src/cli.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/naming-convention */\nimport { execSync } from 'child_process';\nimport http from 'http';\nimport open from 'open';\nimport url from 'url';\nimport yargs, { Arguments } from 'yargs';\nimport { hideBin } from 'yargs/helpers';\n\nconst argv = yargs(hideBin(process.argv)).argv as Arguments<{ registry?: string }>;\n\nconst registry = (argv.registry ?? execSync('npm config get registry').toString())\n .trim()\n .replace(/\\/?$/, '/');\n\nif (registry.includes('registry.npmjs.org')) {\n throw new Error('This is incompatible with the default npm repository.');\n}\n\nopen(registry + 'oauth/authorize');\n\nhttp.createServer((req, res) => {\n if (!req.url) {\n throw new Error('Request URL is not defined!');\n }\n\n const {\n query: { username, jwt_token, npm_token, redirect_uri },\n } = url.parse(req.url, true);\n\n if (typeof username !== 'string') {\n throw new Error('\"username\" should be a string value!');\n }\n\n if (typeof jwt_token !== 'string') {\n throw new Error('\"jwt_token\" should be a string value!');\n }\n\n if (typeof npm_token !== 'string') {\n throw new Error('\"npm_token\" should be a string value!');\n }\n\n if (typeof redirect_uri !== 'string') {\n throw new Error('\"redirect_uri\" should be a string value!');\n }\n\n const { host, pathname } = new URL(registry);\n\n execSync(`npm config set --no-workspaces //${host}${pathname}:_authToken \"${npm_token}\"`);\n\n res.writeHead(302, {\n Location: `${redirect_uri}?${new URLSearchParams({\n username,\n token: jwt_token,\n }).toString()}`,\n });\n res.end(() => {\n process.exit(0);\n });\n}).listen(8239);\n"],"names":["argv","execSync","http","open","url","yargs","hideBin","process","registry","toString","trim","replace","includes","Error","createServer","req","res","query","username","jwt_token","npm_token","redirect_uri","parse","host","pathname","URL","writeHead","Location","URLSearchParams","token","end","exit","listen"],"mappings":"IAUkBA;AAVlB,uDAAuD,GACvD,SAASC,QAAQ,QAAQ,gBAAgB;AACzC,OAAOC,UAAU,OAAO;AACxB,OAAOC,UAAU,OAAO;AACxB,OAAOC,SAAS,MAAM;AACtB,OAAOC,WAA0B,QAAQ;AACzC,SAASC,OAAO,QAAQ,gBAAgB;AAExC,MAAMN,OAAOK,MAAMC,QAAQC,QAAQP,IAAI,GAAGA,IAAI;AAE9C,MAAMQ,WAAW,EAACR,iBAAAA,KAAKQ,QAAQ,cAAbR,4BAAAA,iBAAiBC,SAAS,2BAA2BQ,QAAQ,IAC1EC,IAAI,GACJC,OAAO,CAAC,QAAQ;AAErB,IAAIH,SAASI,QAAQ,CAAC,uBAAuB;IACzC,MAAM,IAAIC,MAAM;AACpB;AAEAV,KAAKK,WAAW;AAEhBN,KAAKY,YAAY,CAAC,CAACC,KAAKC;IACpB,IAAI,CAACD,IAAIX,GAAG,EAAE;QACV,MAAM,IAAIS,MAAM;IACpB;IAEA,MAAM,EACFI,OAAO,EAAEC,QAAQ,EAAEC,SAAS,EAAEC,SAAS,EAAEC,YAAY,EAAE,EAC1D,GAAGjB,IAAIkB,KAAK,CAACP,IAAIX,GAAG,EAAE;IAEvB,IAAI,OAAOc,aAAa,UAAU;QAC9B,MAAM,IAAIL,MAAM;IACpB;IAEA,IAAI,OAAOM,cAAc,UAAU;QAC/B,MAAM,IAAIN,MAAM;IACpB;IAEA,IAAI,OAAOO,cAAc,UAAU;QAC/B,MAAM,IAAIP,MAAM;IACpB;IAEA,IAAI,OAAOQ,iBAAiB,UAAU;QAClC,MAAM,IAAIR,MAAM;IACpB;IAEA,MAAM,EAAEU,IAAI,EAAEC,QAAQ,EAAE,GAAG,IAAIC,IAAIjB;IAEnCP,SAAS,CAAC,iCAAiC,EAAEsB,OAAOC,SAAS,aAAa,EAAEJ,UAAU,CAAC,CAAC;IAExFJ,IAAIU,SAAS,CAAC,KAAK;QACfC,UAAU,GAAGN,aAAa,CAAC,EAAE,IAAIO,gBAAgB;YAC7CV;YACAW,OAAOV;QACX,GAAGV,QAAQ,IAAI;IACnB;IACAO,IAAIc,GAAG,CAAC;QACJvB,QAAQwB,IAAI,CAAC;IACjB;AACJ,GAAGC,MAAM,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
+
import { AuthCallback, Config, IBasicAuth, IPluginAuth, IPluginMiddleware, PluginOptions } from '@verdaccio/types';
|
|
1
2
|
import { Express } from 'express';
|
|
2
|
-
import { Config, IPluginAuth, IPluginMiddleware, PluginOptions, AuthCallback, IBasicAuth } from '@verdaccio/types';
|
|
3
3
|
declare module '@verdaccio/types' {
|
|
4
4
|
interface IBasicAuth<T> {
|
|
5
5
|
jwtEncrypt(user: RemoteUser, signOptions: JWTSignOptions): Promise<string>;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACH,YAAY,EACZ,MAAM,EACN,UAAU,EACV,WAAW,EACX,iBAAiB,EAGjB,aAAa,EAChB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,OAAO,EAAW,MAAM,SAAS,CAAC;AAK3C,OAAO,QAAQ,kBAAkB,CAAC;IAE9B,UAAiB,UAAU,CAAC,CAAC;QACzB,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;KAC9E;CACJ;AAeD,UAAU,eAAgB,SAAQ,MAAM;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;CAChB;AAGD,MAAM,CAAC,OAAO,OAAO,SACjB,YAAW,WAAW,CAAC,eAAe,CAAC,EAAE,iBAAiB,CAAC,eAAe,CAAC;IAE3E,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,QAAQ,CAAS;IAEzB,OAAO,CAAC,KAAK,CAAQ;IACrB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,IAAI,CAAC,CAAiB;IAC9B,OAAO,CAAC,OAAO,CAAS;gBAGpB,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,eAAe,EAC9D,EAAE,MAAM,EAAE,EAAE,aAAa,CAAC,eAAe,CAAC;IAmBxC,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY;IAgBvE,oBAAoB,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC;IAyJpE,OAAO,CAAC,WAAW,CAQjB;IAEF,OAAO,CAAC,cAAc,CAapB;CACL"}
|
package/dist/index.js
CHANGED
|
@@ -31,7 +31,7 @@ class OktaOAuth {
|
|
|
31
31
|
cb(null, [
|
|
32
32
|
user
|
|
33
33
|
]);
|
|
34
|
-
} catch (
|
|
34
|
+
} catch (unused) {
|
|
35
35
|
cb(null, false);
|
|
36
36
|
}
|
|
37
37
|
}
|
|
@@ -85,6 +85,7 @@ class OktaOAuth {
|
|
|
85
85
|
}).toString()}`);
|
|
86
86
|
});
|
|
87
87
|
app.use('/oauth/callback', async (req, res)=>{
|
|
88
|
+
var _this_sign;
|
|
88
89
|
const { code, state } = req.query;
|
|
89
90
|
if (typeof code !== 'string') {
|
|
90
91
|
this.logger.error('OktaOAuth Middleware: "/oauth/authorize" returned invalid "code"!');
|
|
@@ -111,7 +112,7 @@ class OktaOAuth {
|
|
|
111
112
|
code_verifier: codeVerifier,
|
|
112
113
|
code
|
|
113
114
|
}).toString())).data);
|
|
114
|
-
} catch (
|
|
115
|
+
} catch (unused) {
|
|
115
116
|
this.logger.error('OktaOAuth Middleware: "token" request failed!');
|
|
116
117
|
res.status(500).end();
|
|
117
118
|
return;
|
|
@@ -119,7 +120,7 @@ class OktaOAuth {
|
|
|
119
120
|
let userInfo;
|
|
120
121
|
try {
|
|
121
122
|
userInfo = await this.getUserInfo(accessToken);
|
|
122
|
-
} catch (
|
|
123
|
+
} catch (unused) {
|
|
123
124
|
this.logger.error('OktaOAuth Middleware: "userinfo" request failed!');
|
|
124
125
|
res.status(500).end();
|
|
125
126
|
return;
|
|
@@ -135,7 +136,6 @@ class OktaOAuth {
|
|
|
135
136
|
'@authenticated',
|
|
136
137
|
'all'
|
|
137
138
|
];
|
|
138
|
-
var _this_sign;
|
|
139
139
|
res.redirect(`http://localhost:8239?${new URLSearchParams({
|
|
140
140
|
username,
|
|
141
141
|
jwt_token: await auth.jwtEncrypt({
|
|
@@ -152,6 +152,7 @@ class OktaOAuth {
|
|
|
152
152
|
});
|
|
153
153
|
}
|
|
154
154
|
constructor({ issuer, client_id, ttl, security, storage }, { logger }){
|
|
155
|
+
var _ref;
|
|
155
156
|
var _security_web;
|
|
156
157
|
_define_property(this, "issuer", void 0);
|
|
157
158
|
_define_property(this, "clientId", void 0);
|
|
@@ -187,10 +188,9 @@ class OktaOAuth {
|
|
|
187
188
|
stdTTL: ttl !== null && ttl !== void 0 ? ttl : 60 * 60 * 24
|
|
188
189
|
});
|
|
189
190
|
this.logger = logger;
|
|
190
|
-
var _security_web_sign;
|
|
191
191
|
this.sign = {
|
|
192
192
|
expiresIn: '7d',
|
|
193
|
-
...(
|
|
193
|
+
...(_ref = security === null || security === void 0 ? void 0 : (_security_web = security.web) === null || _security_web === void 0 ? void 0 : _security_web.sign) !== null && _ref !== void 0 ? _ref : {}
|
|
194
194
|
};
|
|
195
195
|
this.storage = storage !== null && storage !== void 0 ? storage : './storage';
|
|
196
196
|
}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/naming-convention */\nimport axios from 'axios';\nimport crypto from 'crypto';\nimport Cache from 'node-cache';\nimport { v4 as uuid } from 'uuid';\nimport { Express, Request } from 'express';\nimport {\n Config,\n IPluginAuth,\n IPluginMiddleware,\n JWTSignOptions,\n PluginOptions,\n AuthCallback,\n IBasicAuth,\n Logger,\n} from '@verdaccio/types';\n\nimport { Secrets } from './secrets.js';\n\ndeclare module '@verdaccio/types' {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n export interface IBasicAuth<T> {\n jwtEncrypt(user: RemoteUser, signOptions: JWTSignOptions): Promise<string>;\n }\n}\n\ninterface UserInfo {\n sub: string;\n name: string;\n locale: string;\n email: string;\n preferred_username: string;\n given_name: string;\n family_name: string;\n zoneinfo: string;\n updated_at: number;\n email_verified: boolean;\n}\n\ninterface OktaOAuthConfig extends Config {\n issuer?: string;\n client_id?: string;\n ttl?: number;\n}\n\n// eslint-disable-next-line import/no-default-export\nexport default class OktaOAuth\n implements IPluginAuth<OktaOAuthConfig>, IPluginMiddleware<OktaOAuthConfig>\n{\n private issuer: string;\n private clientId: string;\n\n private cache: Cache;\n private logger: Logger;\n private sign?: JWTSignOptions;\n private storage: string;\n\n constructor(\n { issuer, client_id, ttl, security, storage }: OktaOAuthConfig,\n { logger }: PluginOptions<OktaOAuthConfig>\n ) {\n if (!issuer) {\n throw new Error('\"issuer\" should be defined!');\n }\n\n if (!client_id) {\n throw new Error('\"client_id\" should be defined!');\n }\n\n this.issuer = issuer;\n this.clientId = client_id;\n\n this.cache = new Cache({ stdTTL: ttl ?? 60 * 60 * 24 });\n this.logger = logger;\n this.sign = { expiresIn: '7d', ...(security?.web?.sign ?? {}) };\n this.storage = storage ?? './storage';\n }\n\n async authenticate(user: string, refreshToken: string, cb: AuthCallback) {\n if (this.cache.has(user)) {\n cb(null, [user]);\n return;\n }\n\n try {\n const accessToken = await this.getAccessToken(refreshToken);\n const userInfo = await this.getUserInfo(accessToken);\n this.cache.set(user, userInfo);\n cb(null, [user]);\n } catch {\n cb(null, false);\n }\n }\n\n register_middlewares(app: Express, auth: IBasicAuth<OktaOAuthConfig>) {\n const { clientId, issuer } = this;\n\n const getBaseUrl = (req: Request) => {\n return `${req.protocol}://${req.get('host')}`;\n };\n\n const getCallbackUrl = (req: Request) => {\n return `${getBaseUrl(req)}/oauth/callback`;\n };\n\n const secrets = new Secrets({ cwd: this.storage });\n\n app.enable('trust proxy');\n\n app.use((req, res, next) => {\n const originalSend = res.send;\n res.send = body => {\n let html = String(body);\n\n if (html.includes('__VERDACCIO_BASENAME_UI_OPTIONS')) {\n const script = [\n `<script>`,\n `const keys = ['username', 'token'];`,\n `const searchParams = new URLSearchParams(window.location.search);`,\n `if (keys.every(key => searchParams.has(key))) {`,\n ` for (const key of keys) {`,\n ` window.localStorage.setItem(key, searchParams.get(key));`,\n ` }`,\n ` window.location.href = '${getBaseUrl(req)}';`,\n `}`,\n `</script>`,\n ];\n html = html.replace(/<\\/body>/, script.concat('</body>').join('\\n'));\n }\n\n return originalSend.call(res, html);\n };\n\n next();\n });\n\n app.use('/oauth/authorize', (req, res) => {\n const state = uuid();\n const codeVerifier = uuid() + uuid();\n\n secrets.set(state, codeVerifier);\n\n res.redirect(\n `${issuer}/oauth2/v1/authorize?${new URLSearchParams({\n state,\n client_id: clientId,\n response_type: 'code',\n scope: 'openid profile email offline_access',\n redirect_uri: getCallbackUrl(req),\n code_challenge_method: 'S256',\n code_challenge: crypto\n .createHash('sha256')\n .update(codeVerifier)\n .digest('base64')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, ''),\n }).toString()}`\n );\n });\n\n app.use('/oauth/callback', async (req, res) => {\n const { code, state } = req.query;\n\n if (typeof code !== 'string') {\n this.logger.error(\n 'OktaOAuth Middleware: \"/oauth/authorize\" returned invalid \"code\"!'\n );\n res.status(400).end();\n return;\n }\n\n if (typeof state !== 'string') {\n this.logger.error(\n 'OktaOAuth Middleware: \"/oauth/authorize\" returned invalid \"state\"!'\n );\n res.status(400).end();\n return;\n }\n\n const codeVerifier = secrets.get(state);\n\n if (typeof codeVerifier !== 'string') {\n this.logger.error('OktaOAuth Middleware: your \"code_verifier\" has expired!');\n res.status(440).end();\n return;\n }\n\n let accessToken: string, refreshToken: string;\n try {\n ({ access_token: accessToken, refresh_token: refreshToken } = (\n await axios.post(\n `${issuer}/oauth2/v1/token`,\n new URLSearchParams({\n client_id: clientId,\n grant_type: 'authorization_code',\n redirect_uri: getCallbackUrl(req),\n code_verifier: codeVerifier,\n code,\n }).toString()\n )\n ).data);\n } catch {\n this.logger.error('OktaOAuth Middleware: \"token\" request failed!');\n res.status(500).end();\n return;\n }\n\n let userInfo: UserInfo;\n try {\n userInfo = await this.getUserInfo(accessToken);\n } catch {\n this.logger.error('OktaOAuth Middleware: \"userinfo\" request failed!');\n res.status(500).end();\n return;\n }\n\n const username = userInfo.name;\n const groups = [username];\n const defaultLoggedUserRoles = [\n '$all',\n '$authenticated',\n '@all',\n '@authenticated',\n 'all',\n ];\n\n res.redirect(\n `http://localhost:8239?${new URLSearchParams({\n username,\n jwt_token: await auth.jwtEncrypt(\n {\n name: username,\n groups: [...groups, ...defaultLoggedUserRoles],\n real_groups: groups,\n },\n this.sign ?? {}\n ),\n npm_token: auth\n .aesEncrypt(Buffer.from(`${username}:${refreshToken}`))\n .toString('base64'),\n redirect_uri: getBaseUrl(req),\n }).toString()}`\n );\n });\n }\n\n private getUserInfo = async (accessToken: string) => {\n const { issuer } = this;\n\n return (\n await axios.get<UserInfo>(`${issuer}/oauth2/v1/userinfo`, {\n headers: { Authorization: `Bearer ${accessToken}` },\n })\n ).data;\n };\n\n private getAccessToken = async (refreshToken: string) => {\n const { clientId, issuer } = this;\n\n return (\n await axios.post(\n `${issuer}/oauth2/v1/token`,\n new URLSearchParams({\n client_id: clientId,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n }).toString()\n )\n ).data.access_token;\n };\n}\n"],"names":["axios","crypto","Cache","v4","uuid","Secrets","OktaOAuth","authenticate","user","refreshToken","cb","cache","has","accessToken","getAccessToken","userInfo","getUserInfo","set","register_middlewares","app","auth","clientId","issuer","getBaseUrl","req","protocol","get","getCallbackUrl","secrets","cwd","storage","enable","use","res","next","originalSend","send","body","html","String","includes","script","replace","concat","join","call","state","codeVerifier","redirect","URLSearchParams","client_id","response_type","scope","redirect_uri","code_challenge_method","code_challenge","createHash","update","digest","toString","code","query","logger","error","status","end","access_token","refresh_token","post","grant_type","code_verifier","data","username","name","groups","defaultLoggedUserRoles","jwt_token","jwtEncrypt","real_groups","sign","npm_token","aesEncrypt","Buffer","from","ttl","security","headers","Authorization","Error","stdTTL","expiresIn","web"],"mappings":"AAAA,uDAAuD;;;;;;;;;;;;;AACvD,OAAOA,WAAW,QAAQ;AAC1B,OAAOC,YAAY,SAAS;AAC5B,OAAOC,WAAW,aAAa;AAC/B,SAASC,MAAMC,IAAI,QAAQ,OAAO;AAalC,SAASC,OAAO,QAAQ,eAAe;AA6BxB,MAAMC;IAgCjB,MAAMC,aAAaC,IAAY,EAAEC,YAAoB,EAAEC,EAAgB,EAAE;QACrE,IAAI,IAAI,CAACC,KAAK,CAACC,GAAG,CAACJ,OAAO;YACtBE,GAAG,MAAM;gBAACF;aAAK;YACf;QACJ;QAEA,IAAI;YACA,MAAMK,cAAc,MAAM,IAAI,CAACC,cAAc,CAACL;YAC9C,MAAMM,WAAW,MAAM,IAAI,CAACC,WAAW,CAACH;YACxC,IAAI,CAACF,KAAK,CAACM,GAAG,CAACT,MAAMO;YACrBL,GAAG,MAAM;gBAACF;aAAK;QACnB,EAAE,UAAM;YACJE,GAAG,MAAM;QACb;IACJ;IAEAQ,qBAAqBC,GAAY,EAAEC,IAAiC,EAAE;QAClE,MAAM,EAAEC,QAAQ,EAAEC,MAAM,EAAE,GAAG,IAAI;QAEjC,MAAMC,aAAa,CAACC;YAChB,OAAO,GAAGA,IAAIC,QAAQ,CAAC,GAAG,EAAED,IAAIE,GAAG,CAAC,SAAS;QACjD;QAEA,MAAMC,iBAAiB,CAACH;YACpB,OAAO,GAAGD,WAAWC,KAAK,eAAe,CAAC;QAC9C;QAEA,MAAMI,UAAU,IAAIvB,QAAQ;YAAEwB,KAAK,IAAI,CAACC,OAAO;QAAC;QAEhDX,IAAIY,MAAM,CAAC;QAEXZ,IAAIa,GAAG,CAAC,CAACR,KAAKS,KAAKC;YACf,MAAMC,eAAeF,IAAIG,IAAI;YAC7BH,IAAIG,IAAI,GAAGC,CAAAA;gBACP,IAAIC,OAAOC,OAAOF;gBAElB,IAAIC,KAAKE,QAAQ,CAAC,oCAAoC;oBAClD,MAAMC,SAAS;wBACX,CAAC,QAAQ,CAAC;wBACV,CAAC,mCAAmC,CAAC;wBACrC,CAAC,iEAAiE,CAAC;wBACnE,CAAC,+CAA+C,CAAC;wBACjD,CAAC,6BAA6B,CAAC;wBAC/B,CAAC,gEAAgE,CAAC;wBAClE,CAAC,KAAK,CAAC;wBACP,CAAC,4BAA4B,EAAElB,WAAWC,KAAK,EAAE,CAAC;wBAClD,CAAC,CAAC,CAAC;wBACH,CAAC,SAAS,CAAC;qBACd;oBACDc,OAAOA,KAAKI,OAAO,CAAC,YAAYD,OAAOE,MAAM,CAAC,WAAWC,IAAI,CAAC;gBAClE;gBAEA,OAAOT,aAAaU,IAAI,CAACZ,KAAKK;YAClC;YAEAJ;QACJ;QAEAf,IAAIa,GAAG,CAAC,oBAAoB,CAACR,KAAKS;YAC9B,MAAMa,QAAQ1C;YACd,MAAM2C,eAAe3C,SAASA;YAE9BwB,QAAQX,GAAG,CAAC6B,OAAOC;YAEnBd,IAAIe,QAAQ,CACR,GAAG1B,OAAO,qBAAqB,EAAE,IAAI2B,gBAAgB;gBACjDH;gBACAI,WAAW7B;gBACX8B,eAAe;gBACfC,OAAO;gBACPC,cAAc1B,eAAeH;gBAC7B8B,uBAAuB;gBACvBC,gBAAgBtD,OACXuD,UAAU,CAAC,UACXC,MAAM,CAACV,cACPW,MAAM,CAAC,UACPhB,OAAO,CAAC,OAAO,KACfA,OAAO,CAAC,OAAO,KACfA,OAAO,CAAC,OAAO;YACxB,GAAGiB,QAAQ,IAAI;QAEvB;QAEAxC,IAAIa,GAAG,CAAC,mBAAmB,OAAOR,KAAKS;YACnC,MAAM,EAAE2B,IAAI,EAAEd,KAAK,EAAE,GAAGtB,IAAIqC,KAAK;YAEjC,IAAI,OAAOD,SAAS,UAAU;gBAC1B,IAAI,CAACE,MAAM,CAACC,KAAK,CACb;gBAEJ9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAI,OAAOnB,UAAU,UAAU;gBAC3B,IAAI,CAACgB,MAAM,CAACC,KAAK,CACb;gBAEJ9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,MAAMlB,eAAenB,QAAQF,GAAG,CAACoB;YAEjC,IAAI,OAAOC,iBAAiB,UAAU;gBAClC,IAAI,CAACe,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAIpD,aAAqBJ;YACzB,IAAI;gBACC,CAAA,EAAEyD,cAAcrD,WAAW,EAAEsD,eAAe1D,YAAY,EAAE,GAAG,AAC1D,CAAA,MAAMT,MAAMoE,IAAI,CACZ,GAAG9C,OAAO,gBAAgB,CAAC,EAC3B,IAAI2B,gBAAgB;oBAChBC,WAAW7B;oBACXgD,YAAY;oBACZhB,cAAc1B,eAAeH;oBAC7B8C,eAAevB;oBACfa;gBACJ,GAAGD,QAAQ,GACf,EACFY,IAAI,AAAD;YACT,EAAE,UAAM;gBACJ,IAAI,CAACT,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAIlD;YACJ,IAAI;gBACAA,WAAW,MAAM,IAAI,CAACC,WAAW,CAACH;YACtC,EAAE,UAAM;gBACJ,IAAI,CAACiD,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,MAAMO,WAAWzD,SAAS0D,IAAI;YAC9B,MAAMC,SAAS;gBAACF;aAAS;YACzB,MAAMG,yBAAyB;gBAC3B;gBACA;gBACA;gBACA;gBACA;aACH;gBAWW;YATZ1C,IAAIe,QAAQ,CACR,CAAC,sBAAsB,EAAE,IAAIC,gBAAgB;gBACzCuB;gBACAI,WAAW,MAAMxD,KAAKyD,UAAU,CAC5B;oBACIJ,MAAMD;oBACNE,QAAQ;2BAAIA;2BAAWC;qBAAuB;oBAC9CG,aAAaJ;gBACjB,GACA,CAAA,aAAA,IAAI,CAACK,IAAI,cAAT,wBAAA,aAAa,CAAC;gBAElBC,WAAW5D,KACN6D,UAAU,CAACC,OAAOC,IAAI,CAAC,GAAGX,SAAS,CAAC,EAAE/D,cAAc,GACpDkD,QAAQ,CAAC;gBACdN,cAAc9B,WAAWC;YAC7B,GAAGmC,QAAQ,IAAI;QAEvB;IACJ;IA5LA,YACI,EAAErC,MAAM,EAAE4B,SAAS,EAAEkC,GAAG,EAAEC,QAAQ,EAAEvD,OAAO,EAAmB,EAC9D,EAAEgC,MAAM,EAAkC,CAC5C;YAcqCuB;QAzBvC,uBAAQ/D,UAAR,KAAA;QACA,uBAAQD,YAAR,KAAA;QAEA,uBAAQV,SAAR,KAAA;QACA,uBAAQmD,UAAR,KAAA;QACA,uBAAQiB,QAAR,KAAA;QACA,uBAAQjD,WAAR,KAAA;QAgMA,uBAAQd,eAAc,OAAOH;YACzB,MAAM,EAAES,MAAM,EAAE,GAAG,IAAI;YAEvB,OAAO,AACH,CAAA,MAAMtB,MAAM0B,GAAG,CAAW,GAAGJ,OAAO,mBAAmB,CAAC,EAAE;gBACtDgE,SAAS;oBAAEC,eAAe,CAAC,OAAO,EAAE1E,aAAa;gBAAC;YACtD,EAAC,EACH0D,IAAI;QACV;QAEA,uBAAQzD,kBAAiB,OAAOL;YAC5B,MAAM,EAAEY,QAAQ,EAAEC,MAAM,EAAE,GAAG,IAAI;YAEjC,OAAO,AACH,CAAA,MAAMtB,MAAMoE,IAAI,CACZ,GAAG9C,OAAO,gBAAgB,CAAC,EAC3B,IAAI2B,gBAAgB;gBAChBC,WAAW7B;gBACXgD,YAAY;gBACZF,eAAe1D;YACnB,GAAGkD,QAAQ,GACf,EACFY,IAAI,CAACL,YAAY;QACvB;QAjNI,IAAI,CAAC5C,QAAQ;YACT,MAAM,IAAIkE,MAAM;QACpB;QAEA,IAAI,CAACtC,WAAW;YACZ,MAAM,IAAIsC,MAAM;QACpB;QAEA,IAAI,CAAClE,MAAM,GAAGA;QACd,IAAI,CAACD,QAAQ,GAAG6B;QAEhB,IAAI,CAACvC,KAAK,GAAG,IAAIT,MAAM;YAAEuF,QAAQL,gBAAAA,iBAAAA,MAAO,KAAK,KAAK;QAAG;QACrD,IAAI,CAACtB,MAAM,GAAGA;YACqBuB;QAAnC,IAAI,CAACN,IAAI,GAAG;YAAEW,WAAW;YAAM,GAAIL,CAAAA,qBAAAA,qBAAAA,gCAAAA,gBAAAA,SAAUM,GAAG,cAAbN,oCAAAA,cAAeN,IAAI,cAAnBM,gCAAAA,qBAAuB,CAAC,CAAC;QAAE;QAC9D,IAAI,CAACvD,OAAO,GAAGA,oBAAAA,qBAAAA,UAAW;IAC9B;AAmMJ;AAlOA,oDAAoD;AACpD,SAAqBxB,uBAiOpB"}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/naming-convention */\nimport {\n AuthCallback,\n Config,\n IBasicAuth,\n IPluginAuth,\n IPluginMiddleware,\n JWTSignOptions,\n Logger,\n PluginOptions,\n} from '@verdaccio/types';\nimport axios from 'axios';\nimport crypto from 'crypto';\nimport { Express, Request } from 'express';\nimport Cache from 'node-cache';\nimport { v4 as uuid } from 'uuid';\nimport { Secrets } from './secrets.js';\n\ndeclare module '@verdaccio/types' {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n export interface IBasicAuth<T> {\n jwtEncrypt(user: RemoteUser, signOptions: JWTSignOptions): Promise<string>;\n }\n}\n\ninterface UserInfo {\n sub: string;\n name: string;\n locale: string;\n email: string;\n preferred_username: string;\n given_name: string;\n family_name: string;\n zoneinfo: string;\n updated_at: number;\n email_verified: boolean;\n}\n\ninterface OktaOAuthConfig extends Config {\n issuer?: string;\n client_id?: string;\n ttl?: number;\n}\n\n// eslint-disable-next-line import/no-default-export\nexport default class OktaOAuth\n implements IPluginAuth<OktaOAuthConfig>, IPluginMiddleware<OktaOAuthConfig>\n{\n private issuer: string;\n private clientId: string;\n\n private cache: Cache;\n private logger: Logger;\n private sign?: JWTSignOptions;\n private storage: string;\n\n constructor(\n { issuer, client_id, ttl, security, storage }: OktaOAuthConfig,\n { logger }: PluginOptions<OktaOAuthConfig>\n ) {\n if (!issuer) {\n throw new Error('\"issuer\" should be defined!');\n }\n\n if (!client_id) {\n throw new Error('\"client_id\" should be defined!');\n }\n\n this.issuer = issuer;\n this.clientId = client_id;\n\n this.cache = new Cache({ stdTTL: ttl ?? 60 * 60 * 24 });\n this.logger = logger;\n this.sign = { expiresIn: '7d', ...(security?.web?.sign ?? {}) };\n this.storage = storage ?? './storage';\n }\n\n async authenticate(user: string, refreshToken: string, cb: AuthCallback) {\n if (this.cache.has(user)) {\n cb(null, [user]);\n return;\n }\n\n try {\n const accessToken = await this.getAccessToken(refreshToken);\n const userInfo = await this.getUserInfo(accessToken);\n this.cache.set(user, userInfo);\n cb(null, [user]);\n } catch {\n cb(null, false);\n }\n }\n\n register_middlewares(app: Express, auth: IBasicAuth<OktaOAuthConfig>) {\n const { clientId, issuer } = this;\n\n const getBaseUrl = (req: Request) => {\n return `${req.protocol}://${req.get('host')}`;\n };\n\n const getCallbackUrl = (req: Request) => {\n return `${getBaseUrl(req)}/oauth/callback`;\n };\n\n const secrets = new Secrets({ cwd: this.storage });\n\n app.enable('trust proxy');\n\n app.use((req, res, next) => {\n const originalSend = res.send;\n res.send = body => {\n let html = String(body);\n\n if (html.includes('__VERDACCIO_BASENAME_UI_OPTIONS')) {\n const script = [\n `<script>`,\n `const keys = ['username', 'token'];`,\n `const searchParams = new URLSearchParams(window.location.search);`,\n `if (keys.every(key => searchParams.has(key))) {`,\n ` for (const key of keys) {`,\n ` window.localStorage.setItem(key, searchParams.get(key));`,\n ` }`,\n ` window.location.href = '${getBaseUrl(req)}';`,\n `}`,\n `</script>`,\n ];\n html = html.replace(/<\\/body>/, script.concat('</body>').join('\\n'));\n }\n\n return originalSend.call(res, html);\n };\n\n next();\n });\n\n app.use('/oauth/authorize', (req, res) => {\n const state = uuid();\n const codeVerifier = uuid() + uuid();\n\n secrets.set(state, codeVerifier);\n\n res.redirect(\n `${issuer}/oauth2/v1/authorize?${new URLSearchParams({\n state,\n client_id: clientId,\n response_type: 'code',\n scope: 'openid profile email offline_access',\n redirect_uri: getCallbackUrl(req),\n code_challenge_method: 'S256',\n code_challenge: crypto\n .createHash('sha256')\n .update(codeVerifier)\n .digest('base64')\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, ''),\n }).toString()}`\n );\n });\n\n app.use('/oauth/callback', async (req, res) => {\n const { code, state } = req.query;\n\n if (typeof code !== 'string') {\n this.logger.error(\n 'OktaOAuth Middleware: \"/oauth/authorize\" returned invalid \"code\"!'\n );\n res.status(400).end();\n return;\n }\n\n if (typeof state !== 'string') {\n this.logger.error(\n 'OktaOAuth Middleware: \"/oauth/authorize\" returned invalid \"state\"!'\n );\n res.status(400).end();\n return;\n }\n\n const codeVerifier = secrets.get(state);\n\n if (typeof codeVerifier !== 'string') {\n this.logger.error('OktaOAuth Middleware: your \"code_verifier\" has expired!');\n res.status(440).end();\n return;\n }\n\n let accessToken: string, refreshToken: string;\n try {\n ({ access_token: accessToken, refresh_token: refreshToken } = (\n await axios.post(\n `${issuer}/oauth2/v1/token`,\n new URLSearchParams({\n client_id: clientId,\n grant_type: 'authorization_code',\n redirect_uri: getCallbackUrl(req),\n code_verifier: codeVerifier,\n code,\n }).toString()\n )\n ).data);\n } catch {\n this.logger.error('OktaOAuth Middleware: \"token\" request failed!');\n res.status(500).end();\n return;\n }\n\n let userInfo: UserInfo;\n try {\n userInfo = await this.getUserInfo(accessToken);\n } catch {\n this.logger.error('OktaOAuth Middleware: \"userinfo\" request failed!');\n res.status(500).end();\n return;\n }\n\n const username = userInfo.name;\n const groups = [username];\n const defaultLoggedUserRoles = [\n '$all',\n '$authenticated',\n '@all',\n '@authenticated',\n 'all',\n ];\n\n res.redirect(\n `http://localhost:8239?${new URLSearchParams({\n username,\n jwt_token: await auth.jwtEncrypt(\n {\n name: username,\n groups: [...groups, ...defaultLoggedUserRoles],\n real_groups: groups,\n },\n this.sign ?? {}\n ),\n npm_token: auth\n .aesEncrypt(Buffer.from(`${username}:${refreshToken}`))\n .toString('base64'),\n redirect_uri: getBaseUrl(req),\n }).toString()}`\n );\n });\n }\n\n private getUserInfo = async (accessToken: string) => {\n const { issuer } = this;\n\n return (\n await axios.get<UserInfo>(`${issuer}/oauth2/v1/userinfo`, {\n headers: { Authorization: `Bearer ${accessToken}` },\n })\n ).data;\n };\n\n private getAccessToken = async (refreshToken: string) => {\n const { clientId, issuer } = this;\n\n return (\n await axios.post(\n `${issuer}/oauth2/v1/token`,\n new URLSearchParams({\n client_id: clientId,\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n }).toString()\n )\n ).data.access_token;\n };\n}\n"],"names":["axios","crypto","Cache","v4","uuid","Secrets","OktaOAuth","authenticate","user","refreshToken","cb","cache","has","accessToken","getAccessToken","userInfo","getUserInfo","set","register_middlewares","app","auth","clientId","issuer","getBaseUrl","req","protocol","get","getCallbackUrl","secrets","cwd","storage","enable","use","res","next","originalSend","send","body","html","String","includes","script","replace","concat","join","call","state","codeVerifier","redirect","URLSearchParams","client_id","response_type","scope","redirect_uri","code_challenge_method","code_challenge","createHash","update","digest","toString","code","query","logger","error","status","end","access_token","refresh_token","post","grant_type","code_verifier","data","username","name","groups","defaultLoggedUserRoles","jwt_token","jwtEncrypt","real_groups","sign","npm_token","aesEncrypt","Buffer","from","ttl","security","headers","Authorization","Error","stdTTL","expiresIn","web"],"mappings":"AAAA,uDAAuD;;;;;;;;;;;;;AAWvD,OAAOA,WAAW,QAAQ;AAC1B,OAAOC,YAAY,SAAS;AAE5B,OAAOC,WAAW,aAAa;AAC/B,SAASC,MAAMC,IAAI,QAAQ,OAAO;AAClC,SAASC,OAAO,QAAQ,eAAe;AA6BxB,MAAMC;IAgCjB,MAAMC,aAAaC,IAAY,EAAEC,YAAoB,EAAEC,EAAgB,EAAE;QACrE,IAAI,IAAI,CAACC,KAAK,CAACC,GAAG,CAACJ,OAAO;YACtBE,GAAG,MAAM;gBAACF;aAAK;YACf;QACJ;QAEA,IAAI;YACA,MAAMK,cAAc,MAAM,IAAI,CAACC,cAAc,CAACL;YAC9C,MAAMM,WAAW,MAAM,IAAI,CAACC,WAAW,CAACH;YACxC,IAAI,CAACF,KAAK,CAACM,GAAG,CAACT,MAAMO;YACrBL,GAAG,MAAM;gBAACF;aAAK;QACnB,EAAE,eAAM;YACJE,GAAG,MAAM;QACb;IACJ;IAEAQ,qBAAqBC,GAAY,EAAEC,IAAiC,EAAE;QAClE,MAAM,EAAEC,QAAQ,EAAEC,MAAM,EAAE,GAAG,IAAI;QAEjC,MAAMC,aAAa,CAACC;YAChB,OAAO,GAAGA,IAAIC,QAAQ,CAAC,GAAG,EAAED,IAAIE,GAAG,CAAC,SAAS;QACjD;QAEA,MAAMC,iBAAiB,CAACH;YACpB,OAAO,GAAGD,WAAWC,KAAK,eAAe,CAAC;QAC9C;QAEA,MAAMI,UAAU,IAAIvB,QAAQ;YAAEwB,KAAK,IAAI,CAACC,OAAO;QAAC;QAEhDX,IAAIY,MAAM,CAAC;QAEXZ,IAAIa,GAAG,CAAC,CAACR,KAAKS,KAAKC;YACf,MAAMC,eAAeF,IAAIG,IAAI;YAC7BH,IAAIG,IAAI,GAAGC,CAAAA;gBACP,IAAIC,OAAOC,OAAOF;gBAElB,IAAIC,KAAKE,QAAQ,CAAC,oCAAoC;oBAClD,MAAMC,SAAS;wBACX,CAAC,QAAQ,CAAC;wBACV,CAAC,mCAAmC,CAAC;wBACrC,CAAC,iEAAiE,CAAC;wBACnE,CAAC,+CAA+C,CAAC;wBACjD,CAAC,6BAA6B,CAAC;wBAC/B,CAAC,gEAAgE,CAAC;wBAClE,CAAC,KAAK,CAAC;wBACP,CAAC,4BAA4B,EAAElB,WAAWC,KAAK,EAAE,CAAC;wBAClD,CAAC,CAAC,CAAC;wBACH,CAAC,SAAS,CAAC;qBACd;oBACDc,OAAOA,KAAKI,OAAO,CAAC,YAAYD,OAAOE,MAAM,CAAC,WAAWC,IAAI,CAAC;gBAClE;gBAEA,OAAOT,aAAaU,IAAI,CAACZ,KAAKK;YAClC;YAEAJ;QACJ;QAEAf,IAAIa,GAAG,CAAC,oBAAoB,CAACR,KAAKS;YAC9B,MAAMa,QAAQ1C;YACd,MAAM2C,eAAe3C,SAASA;YAE9BwB,QAAQX,GAAG,CAAC6B,OAAOC;YAEnBd,IAAIe,QAAQ,CACR,GAAG1B,OAAO,qBAAqB,EAAE,IAAI2B,gBAAgB;gBACjDH;gBACAI,WAAW7B;gBACX8B,eAAe;gBACfC,OAAO;gBACPC,cAAc1B,eAAeH;gBAC7B8B,uBAAuB;gBACvBC,gBAAgBtD,OACXuD,UAAU,CAAC,UACXC,MAAM,CAACV,cACPW,MAAM,CAAC,UACPhB,OAAO,CAAC,OAAO,KACfA,OAAO,CAAC,OAAO,KACfA,OAAO,CAAC,OAAO;YACxB,GAAGiB,QAAQ,IAAI;QAEvB;QAEAxC,IAAIa,GAAG,CAAC,mBAAmB,OAAOR,KAAKS;gBA2EvB;YA1EZ,MAAM,EAAE2B,IAAI,EAAEd,KAAK,EAAE,GAAGtB,IAAIqC,KAAK;YAEjC,IAAI,OAAOD,SAAS,UAAU;gBAC1B,IAAI,CAACE,MAAM,CAACC,KAAK,CACb;gBAEJ9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAI,OAAOnB,UAAU,UAAU;gBAC3B,IAAI,CAACgB,MAAM,CAACC,KAAK,CACb;gBAEJ9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,MAAMlB,eAAenB,QAAQF,GAAG,CAACoB;YAEjC,IAAI,OAAOC,iBAAiB,UAAU;gBAClC,IAAI,CAACe,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAIpD,aAAqBJ;YACzB,IAAI;gBACC,CAAA,EAAEyD,cAAcrD,WAAW,EAAEsD,eAAe1D,YAAY,EAAE,GAAG,AAC1D,CAAA,MAAMT,MAAMoE,IAAI,CACZ,GAAG9C,OAAO,gBAAgB,CAAC,EAC3B,IAAI2B,gBAAgB;oBAChBC,WAAW7B;oBACXgD,YAAY;oBACZhB,cAAc1B,eAAeH;oBAC7B8C,eAAevB;oBACfa;gBACJ,GAAGD,QAAQ,GACf,EACFY,IAAI,AAAD;YACT,EAAE,eAAM;gBACJ,IAAI,CAACT,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,IAAIlD;YACJ,IAAI;gBACAA,WAAW,MAAM,IAAI,CAACC,WAAW,CAACH;YACtC,EAAE,eAAM;gBACJ,IAAI,CAACiD,MAAM,CAACC,KAAK,CAAC;gBAClB9B,IAAI+B,MAAM,CAAC,KAAKC,GAAG;gBACnB;YACJ;YAEA,MAAMO,WAAWzD,SAAS0D,IAAI;YAC9B,MAAMC,SAAS;gBAACF;aAAS;YACzB,MAAMG,yBAAyB;gBAC3B;gBACA;gBACA;gBACA;gBACA;aACH;YAED1C,IAAIe,QAAQ,CACR,CAAC,sBAAsB,EAAE,IAAIC,gBAAgB;gBACzCuB;gBACAI,WAAW,MAAMxD,KAAKyD,UAAU,CAC5B;oBACIJ,MAAMD;oBACNE,QAAQ;2BAAIA;2BAAWC;qBAAuB;oBAC9CG,aAAaJ;gBACjB,IACA,aAAA,IAAI,CAACK,IAAI,cAAT,wBAAA,aAAa,CAAC;gBAElBC,WAAW5D,KACN6D,UAAU,CAACC,OAAOC,IAAI,CAAC,GAAGX,SAAS,CAAC,EAAE/D,cAAc,GACpDkD,QAAQ,CAAC;gBACdN,cAAc9B,WAAWC;YAC7B,GAAGmC,QAAQ,IAAI;QAEvB;IACJ;IA5LA,YACI,EAAErC,MAAM,EAAE4B,SAAS,EAAEkC,GAAG,EAAEC,QAAQ,EAAEvD,OAAO,EAAmB,EAC9D,EAAEgC,MAAM,EAAkC,CAC5C;;YAcqCuB;QAzBvC,uBAAQ/D,UAAR,KAAA;QACA,uBAAQD,YAAR,KAAA;QAEA,uBAAQV,SAAR,KAAA;QACA,uBAAQmD,UAAR,KAAA;QACA,uBAAQiB,QAAR,KAAA;QACA,uBAAQjD,WAAR,KAAA;QAgMA,uBAAQd,eAAc,OAAOH;YACzB,MAAM,EAAES,MAAM,EAAE,GAAG,IAAI;YAEvB,OAAO,AACH,CAAA,MAAMtB,MAAM0B,GAAG,CAAW,GAAGJ,OAAO,mBAAmB,CAAC,EAAE;gBACtDgE,SAAS;oBAAEC,eAAe,CAAC,OAAO,EAAE1E,aAAa;gBAAC;YACtD,EAAC,EACH0D,IAAI;QACV;QAEA,uBAAQzD,kBAAiB,OAAOL;YAC5B,MAAM,EAAEY,QAAQ,EAAEC,MAAM,EAAE,GAAG,IAAI;YAEjC,OAAO,AACH,CAAA,MAAMtB,MAAMoE,IAAI,CACZ,GAAG9C,OAAO,gBAAgB,CAAC,EAC3B,IAAI2B,gBAAgB;gBAChBC,WAAW7B;gBACXgD,YAAY;gBACZF,eAAe1D;YACnB,GAAGkD,QAAQ,GACf,EACFY,IAAI,CAACL,YAAY;QACvB;QAjNI,IAAI,CAAC5C,QAAQ;YACT,MAAM,IAAIkE,MAAM;QACpB;QAEA,IAAI,CAACtC,WAAW;YACZ,MAAM,IAAIsC,MAAM;QACpB;QAEA,IAAI,CAAClE,MAAM,GAAGA;QACd,IAAI,CAACD,QAAQ,GAAG6B;QAEhB,IAAI,CAACvC,KAAK,GAAG,IAAIT,MAAM;YAAEuF,MAAM,EAAEL,gBAAAA,iBAAAA,MAAO,KAAK,KAAK;QAAG;QACrD,IAAI,CAACtB,MAAM,GAAGA;QACd,IAAI,CAACiB,IAAI,GAAG;YAAEW,WAAW;uBAAUL,qBAAAA,gCAAAA,gBAAAA,SAAUM,GAAG,cAAbN,oCAAAA,cAAeN,IAAI,uCAAI,CAAC,CAA5B;QAA+B;QAC9D,IAAI,CAACjD,OAAO,GAAGA,oBAAAA,qBAAAA,UAAW;IAC9B;AAmMJ;AAlOA,oDAAoD;AACpD,SAAqBxB,uBAiOpB"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "verdaccio-okta-oauth",
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "",
|
|
3
|
+
"version": "34.0.0",
|
|
4
|
+
"description": "Verdaccio authentication plugin using Okta OAuth",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"repository": {
|
|
7
7
|
"type": "git",
|
|
@@ -16,18 +16,18 @@
|
|
|
16
16
|
],
|
|
17
17
|
"bin": "./bin/index.js",
|
|
18
18
|
"devDependencies": {
|
|
19
|
-
"@types/express": "~5.0.
|
|
19
|
+
"@types/express": "~5.0.6",
|
|
20
20
|
"@types/uuid": "~10.0.0",
|
|
21
|
-
"@types/yargs": "~17.0.
|
|
21
|
+
"@types/yargs": "~17.0.35"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
24
|
"@verdaccio/types": "~10.4.2",
|
|
25
|
-
"axios": "^1.
|
|
26
|
-
"express": "^5.1
|
|
25
|
+
"axios": "^1.13.2",
|
|
26
|
+
"express": "^5.2.1",
|
|
27
27
|
"node-cache": "~5.1.2",
|
|
28
|
-
"open": "~
|
|
28
|
+
"open": "~11.0.0",
|
|
29
29
|
"uuid": "~13.0.0",
|
|
30
|
-
"yargs": "~
|
|
30
|
+
"yargs": "~18.0.0"
|
|
31
31
|
},
|
|
32
32
|
"publishConfig": {
|
|
33
33
|
"access": "public"
|
|
@@ -35,5 +35,5 @@
|
|
|
35
35
|
"cli": {
|
|
36
36
|
"webpack": false
|
|
37
37
|
},
|
|
38
|
-
"gitHead": "
|
|
38
|
+
"gitHead": "e193dc22703963f67099874a24de535d0696b6e2"
|
|
39
39
|
}
|
package/src/cli.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
/* eslint-disable @typescript-eslint/naming-convention */
|
|
2
|
-
import
|
|
2
|
+
import { execSync } from 'child_process';
|
|
3
3
|
import http from 'http';
|
|
4
4
|
import open from 'open';
|
|
5
|
+
import url from 'url';
|
|
5
6
|
import yargs, { Arguments } from 'yargs';
|
|
6
7
|
import { hideBin } from 'yargs/helpers';
|
|
7
|
-
import { execSync } from 'child_process';
|
|
8
8
|
|
|
9
9
|
const argv = yargs(hideBin(process.argv)).argv as Arguments<{ registry?: string }>;
|
|
10
10
|
|
package/src/index.ts
CHANGED
|
@@ -1,20 +1,19 @@
|
|
|
1
1
|
/* eslint-disable @typescript-eslint/naming-convention */
|
|
2
|
-
import axios from 'axios';
|
|
3
|
-
import crypto from 'crypto';
|
|
4
|
-
import Cache from 'node-cache';
|
|
5
|
-
import { v4 as uuid } from 'uuid';
|
|
6
|
-
import { Express, Request } from 'express';
|
|
7
2
|
import {
|
|
3
|
+
AuthCallback,
|
|
8
4
|
Config,
|
|
5
|
+
IBasicAuth,
|
|
9
6
|
IPluginAuth,
|
|
10
7
|
IPluginMiddleware,
|
|
11
8
|
JWTSignOptions,
|
|
12
|
-
PluginOptions,
|
|
13
|
-
AuthCallback,
|
|
14
|
-
IBasicAuth,
|
|
15
9
|
Logger,
|
|
10
|
+
PluginOptions,
|
|
16
11
|
} from '@verdaccio/types';
|
|
17
|
-
|
|
12
|
+
import axios from 'axios';
|
|
13
|
+
import crypto from 'crypto';
|
|
14
|
+
import { Express, Request } from 'express';
|
|
15
|
+
import Cache from 'node-cache';
|
|
16
|
+
import { v4 as uuid } from 'uuid';
|
|
18
17
|
import { Secrets } from './secrets.js';
|
|
19
18
|
|
|
20
19
|
declare module '@verdaccio/types' {
|