veryfront 0.1.863 → 0.1.865
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/cli/auth/callback-server.d.ts.map +1 -1
- package/esm/cli/auth/callback-server.js +9 -2
- package/esm/cli/auth/login.d.ts.map +1 -1
- package/esm/cli/auth/login.js +3 -2
- package/esm/deno.js +1 -1
- package/esm/src/agent/hosted/web-fetch-tool.js +1 -1
- package/esm/src/utils/version-constant.d.ts +1 -1
- package/esm/src/utils/version-constant.js +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"callback-server.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/callback-server.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAC7D,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACvB;AAED,MAAM,WAAW,qBAAqB;IACpC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;
|
|
1
|
+
{"version":3,"file":"callback-server.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/callback-server.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAC7D,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACvB;AAED,MAAM,WAAW,qBAAqB;IACpC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AA6UD,wBAAsB,mBAAmB,CACvC,aAAa,GAAE,MAA8B,EAC7C,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,cAAc,CAAC,CAGzB;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEnD"}
|
|
@@ -155,19 +155,26 @@ function headerOrigin(value) {
|
|
|
155
155
|
return null;
|
|
156
156
|
}
|
|
157
157
|
}
|
|
158
|
-
function
|
|
158
|
+
function hasCrossOriginOriginHeader(headers, url) {
|
|
159
159
|
const expectedOrigin = url.origin;
|
|
160
160
|
const origin = headers.get("origin");
|
|
161
161
|
if (origin && headerOrigin(origin) !== expectedOrigin)
|
|
162
162
|
return true;
|
|
163
|
+
return false;
|
|
164
|
+
}
|
|
165
|
+
function hasCrossOriginRefererHeader(headers, url) {
|
|
166
|
+
const expectedOrigin = url.origin;
|
|
163
167
|
const referer = headers.get("referer");
|
|
164
168
|
if (referer && headerOrigin(referer) !== expectedOrigin)
|
|
165
169
|
return true;
|
|
166
170
|
return false;
|
|
167
171
|
}
|
|
168
172
|
function handleCallback(url, headers, options = {}) {
|
|
169
|
-
if (
|
|
173
|
+
if (hasCrossOriginOriginHeader(headers, url))
|
|
170
174
|
return callbackError("Invalid callback origin");
|
|
175
|
+
if (!options.expectedState && hasCrossOriginRefererHeader(headers, url)) {
|
|
176
|
+
return callbackError("Invalid callback origin");
|
|
177
|
+
}
|
|
171
178
|
if (options.expectedState && url.searchParams.get("state") !== options.expectedState) {
|
|
172
179
|
return callbackError("Invalid OAuth state");
|
|
173
180
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/login.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,KAAK,iBAAiB,EAAwB,MAAM,2BAA2B,CAAC;AACzF,OAAO,EAAE,WAAW,EAAoB,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAQjG,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,OAAO,CAAC;AAErE,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AASD,wBAAgB,gBAAgB,IAAI,MAAM,CAIzC;AAED,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,EAC3C,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,GACZ,MAAM,
|
|
1
|
+
{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/cli/auth/login.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,KAAK,iBAAiB,EAAwB,MAAM,2BAA2B,CAAC;AACzF,OAAO,EAAE,WAAW,EAAoB,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAQjG,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,OAAO,CAAC;AAErE,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AASD,wBAAgB,gBAAgB,IAAI,MAAM,CAIzC;AAED,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,EAC3C,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,GACZ,MAAM,CAQR;AAED,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAgB3E;AA6ID,wBAAsB,KAAK,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CA8BzE;AAED,wBAAsB,mBAAmB,CACvC,GAAG,GAAE,iBAA0C,GAC9C,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAqB1B;AAED,wBAAsB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAI5C;AAED,wBAAsB,MAAM,CAC1B,GAAG,GAAE,iBAA0C,GAC9C,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAmD1B;AAED,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC"}
|
package/esm/cli/auth/login.js
CHANGED
|
@@ -21,9 +21,10 @@ export function createOAuthState() {
|
|
|
21
21
|
return Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("");
|
|
22
22
|
}
|
|
23
23
|
export function createOAuthAuthorizationUrl(provider, callbackUrl, state) {
|
|
24
|
-
|
|
24
|
+
const stateBoundCallbackUrl = new URL(callbackUrl);
|
|
25
|
+
stateBoundCallbackUrl.searchParams.set("state", state);
|
|
25
26
|
const authUrl = new URL(`${getApiUrl().replace(/\/$/, "")}/auth/${provider}`);
|
|
26
|
-
authUrl.searchParams.set("redirect_uri",
|
|
27
|
+
authUrl.searchParams.set("redirect_uri", stateBoundCallbackUrl.toString());
|
|
27
28
|
authUrl.searchParams.set("state", state);
|
|
28
29
|
return authUrl.toString();
|
|
29
30
|
}
|
package/esm/deno.js
CHANGED
|
@@ -27,7 +27,7 @@ async function executeHostedWebFetch(input, options, context) {
|
|
|
27
27
|
redirect: "follow",
|
|
28
28
|
signal: context?.abortSignal,
|
|
29
29
|
headers: {
|
|
30
|
-
accept: "text/html,application/xhtml+xml,application/xml
|
|
30
|
+
accept: "text/markdown,text/plain,text/html,application/xhtml+xml,application/xml,*/*;q=0.8",
|
|
31
31
|
"user-agent": "Veryfront web_fetch",
|
|
32
32
|
},
|
|
33
33
|
});
|