@wolkeneis/oauth2-server

Package Overview

Dependencies

Maintainers

Versions

Alerts

File Explorer

Advanced tools

License

Install Socket

Detect and block malicious and high-risk dependencies

Install

@wolkeneis/oauth2-server - npm Package Compare versions

Comparing version 1.1.0 to 1.1.1

dist/errors.js

		@@ -1,5 +0,2 @@
		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.TokenError = exports.AuthorizationError = exports.ForbiddenError = exports.BadRequestError = void 0;
		class BadRequestError extends Error {
		export class BadRequestError extends Error {
		status;
		@@ -12,4 +9,3 @@ constructor(message) {
		}
		exports.BadRequestError = BadRequestError;
		class ForbiddenError extends Error {
		export class ForbiddenError extends Error {
		status;
		@@ -22,3 +18,2 @@ constructor(message) {
		}
		exports.ForbiddenError = ForbiddenError;
		class OAuth2Error extends Error {
		@@ -35,3 +30,3 @@ code;
		}
		class AuthorizationError extends OAuth2Error {
		export class AuthorizationError extends OAuth2Error {
		constructor(message, code, uri, status) {
		@@ -64,4 +59,3 @@ if (!status) {
		}
		exports.AuthorizationError = AuthorizationError;
		class TokenError extends OAuth2Error {
		export class TokenError extends OAuth2Error {
		constructor(message, code, uri, status) {
		@@ -94,3 +88,2 @@ if (!status) {
		}
		exports.TokenError = TokenError;
		//# sourceMappingURL=errors.js.map

dist/exchange/code.js

		@@ -1,5 +0,3 @@
		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		const errors_1 = require("../errors");
		class CodeExchange {
		import { ForbiddenError, TokenError } from "../errors.js";
		export default class CodeExchange {
		issue;
		@@ -20,10 +18,10 @@ constructor(issue) {
		if (!client) {
		throw new errors_1.ForbiddenError("No user found, are you sure that you're logged in?.");
		throw new ForbiddenError("No user found, are you sure that you're logged in?.");
		}
		const code = req.body.code, redirectUri = req.body.redirect_uri;
		if (!code) {
		throw new errors_1.TokenError(`I need the following field to work: ${"code"}`, "invalid_request");
		throw new TokenError(`I need the following field to work: ${"code"}`, "invalid_request");
		}
		if (!redirectUri) {
		throw new errors_1.TokenError(`I need the following field to work: ${"redirect_uri"}`, "invalid_request");
		throw new TokenError(`I need the following field to work: ${"redirect_uri"}`, "invalid_request");
		}
		@@ -33,3 +31,3 @@ try {
		if (!tokens) {
		return next(new errors_1.TokenError("I denied the request because of an invalid authorization code or redirect_uri", "access_denied"));
		return next(new TokenError("I denied the request because of an invalid authorization code or redirect_uri", "access_denied"));
		}
		@@ -54,3 +52,2 @@ res
		}
		exports.default = CodeExchange;
		//# sourceMappingURL=code.js.map

dist/grant/code.d.ts

		import { NextFunction, Request, Response } from "express";
		import { AuthorizationError } from "../errors";
		import { AuthorizationError } from "../errors.js";
		import { Grant, IssueCodeFunction, OAuth2Request, OAuth2Transaction } from "../index.js";
		@@ -4,0 +4,0 @@ export default class CodeGrant implements Grant {

dist/grant/code.js

		@@ -1,7 +0,5 @@
		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		const querystring_1 = require("querystring");
		const uuid_1 = require("uuid");
		const errors_1 = require("../errors");
		class CodeGrant {
		import { stringify } from "querystring";
		import { v4 as uuidv4 } from "uuid";
		import { AuthorizationError } from "../errors.js";
		export default class CodeGrant {
		issue;
		@@ -18,13 +16,13 @@ constructor(issue) {
		if (!clientId) {
		throw new errors_1.AuthorizationError(`I need the following field to work: ${"client_id"}`, "invalid_request");
		throw new AuthorizationError(`I need the following field to work: ${"client_id"}`, "invalid_request");
		}
		if (typeof clientId !== "string") {
		throw new errors_1.AuthorizationError(`The following field has to be a string: ${"client_id"}`, "invalid_request");
		throw new AuthorizationError(`The following field has to be a string: ${"client_id"}`, "invalid_request");
		}
		if (typeof redirectUri !== "string") {
		throw new errors_1.AuthorizationError(`The following field has to be a string: ${"redirect_uri"}`, "invalid_request");
		throw new AuthorizationError(`The following field has to be a string: ${"redirect_uri"}`, "invalid_request");
		}
		if (scope) {
		if (typeof scope !== "string") {
		throw new errors_1.AuthorizationError(`The following field has to be a string: ${"scope"}`, "invalid_request");
		throw new AuthorizationError(`The following field has to be a string: ${"scope"}`, "invalid_request");
		}
		@@ -35,3 +33,3 @@ scope = scope.split(" ");
		type: "code",
		transactionId: (0, uuid_1.v4)(),
		transactionId: uuidv4(),
		clientId: clientId,
		@@ -45,3 +43,3 @@ redirectUri: redirectUri,
		if (!transaction.info?.allow) {
		return response.redirect(`${transaction.redirectUri}?${(0, querystring_1.stringify)({ error: "access_denied" })}`);
		return response.redirect(`${transaction.redirectUri}?${stringify({ error: "access_denied" })}`);
		}
		@@ -51,5 +49,5 @@ try {
		if (!code) {
		return next(new errors_1.AuthorizationError("I denied the request.", "access_denied"));
		return next(new AuthorizationError("I denied the request.", "access_denied"));
		}
		return response.redirect(`${transaction.redirectUri}?${(0, querystring_1.stringify)({ code: code })}`);
		return response.redirect(`${transaction.redirectUri}?${stringify({ code: code })}`);
		}
		@@ -64,3 +62,3 @@ catch (error) {
		}
		return response.redirect(`${transaction.redirectUri}?${(0, querystring_1.stringify)({ error: error.code, error_description: error.message, error_uri: error.uri })}`);
		return response.redirect(`${transaction.redirectUri}?${stringify({ error: error.code, error_description: error.message, error_uri: error.uri })}`);
		}
		@@ -71,3 +69,2 @@ _isAuthorizationError(error) {
		}
		exports.default = CodeGrant;
		//# sourceMappingURL=code.js.map

dist/index.d.ts

		import { NextFunction, Request, RequestHandler, Response } from "express-serve-static-core";
		import CodeExchange from "./exchange/code";
		import CodeGrant from "./grant/code";
		import OAuth2Server from "./server";
		import CodeExchange from "./exchange/code.js";
		import CodeGrant from "./grant/code.js";
		import OAuth2Server from "./server.js";
		declare module "express-serve-static-core" {
		@@ -6,0 +6,0 @@ interface Request {

dist/index.js

		@@ -1,13 +0,5 @@
		"use strict";
		var __importDefault = (this && this.__importDefault) \|\| function (mod) {
		return (mod && mod.__esModule) ? mod : { "default": mod };
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.CodeExchange = exports.CodeGrant = exports.OAuth2Server = void 0;
		const code_1 = __importDefault(require("./exchange/code"));
		exports.CodeExchange = code_1.default;
		const code_2 = __importDefault(require("./grant/code"));
		exports.CodeGrant = code_2.default;
		const server_1 = __importDefault(require("./server"));
		exports.OAuth2Server = server_1.default;
		import CodeExchange from "./exchange/code.js";
		import CodeGrant from "./grant/code.js";
		import OAuth2Server from "./server.js";
		export { OAuth2Server, CodeGrant, CodeExchange };
		//# sourceMappingURL=index.js.map

dist/middleware/authorization.d.ts

		import { RequestHandler } from "express";
		import { ImmediateFunction, ValidateFunction } from "../index.js";
		import OAuth2Server from "../server";
		import OAuth2Server from "../server.js";
		export default function (server: OAuth2Server, validate: ValidateFunction, immediate: ImmediateFunction): RequestHandler;

dist/middleware/authorization.js

		@@ -1,14 +0,12 @@
		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		const errors_1 = require("../errors");
		const session_1 = require("../session");
		function default_1(server, validate, immediate) {
		import { AuthorizationError } from "../errors.js";
		import { store } from "../session.js";
		export default function (server, validate, immediate) {
		return async function (req, res, next) {
		const type = req.query?.response_type ?? req.body?.response_type;
		if (!type) {
		return next(new errors_1.AuthorizationError(`I need the following field to work: ${"response_type"}`, "invalid_request"));
		return next(new AuthorizationError(`I need the following field to work: ${"response_type"}`, "invalid_request"));
		}
		const parser = server.grant(type);
		if (!parser) {
		return next(new errors_1.AuthorizationError(`The response type "${type}" is unsupported.`, "unsupported_response_type"));
		return next(new AuthorizationError(`The response type "${type}" is unsupported.`, "unsupported_response_type"));
		}
		@@ -43,3 +41,3 @@ let parsedRequest;
		if (!transaction.info) {
		return next(new errors_1.AuthorizationError("An internal server error occurred."));
		return next(new AuthorizationError("An internal server error occurred."));
		}
		@@ -49,3 +47,3 @@ if (transaction.info.allow) {
		if (!parser) {
		return next(new errors_1.AuthorizationError(`The response type "${type}" is unsupported.`, "unsupported_response_type"));
		return next(new AuthorizationError(`The response type "${type}" is unsupported.`, "unsupported_response_type"));
		}
		@@ -61,3 +59,3 @@ try {
		try {
		await (0, session_1.store)(server, req, transaction);
		await store(server, req, transaction);
		req.oauth2 = transaction;
		@@ -72,3 +70,2 @@ return next();
		}
		exports.default = default_1;
		//# sourceMappingURL=authorization.js.map

dist/middleware/decision.d.ts

		import { RequestHandler } from "express";
		import OAuth2Server from "../server";
		import OAuth2Server from "../server.js";
		export default function (server: OAuth2Server): RequestHandler;

dist/middleware/decision.js

		@@ -1,6 +0,4 @@
		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		const errors_1 = require("../errors");
		const session_1 = require("../session");
		function default_1(server) {
		import { AuthorizationError, ForbiddenError } from "../errors.js";
		import { remove } from "../session.js";
		export default function (server) {
		return async function (req, res, next) {
		@@ -17,10 +15,10 @@ if (!req.body) {
		if (!user) {
		throw new errors_1.ForbiddenError("No user found, are you sure that you're logged in?.");
		throw new ForbiddenError("No user found, are you sure that you're logged in?.");
		}
		res.on("finish", async () => {
		await (0, session_1.remove)(req, transaction.transactionId);
		await remove(req, transaction.transactionId);
		});
		const parser = server.grant(transaction.request.type);
		if (!parser) {
		return next(new errors_1.AuthorizationError(`The response type "${transaction.request.type}" is unsupported.`, "unsupported_response_type"));
		return next(new AuthorizationError(`The response type "${transaction.request.type}" is unsupported.`, "unsupported_response_type"));
		}
		@@ -35,3 +33,2 @@ try {
		}
		exports.default = default_1;
		//# sourceMappingURL=decision.js.map

dist/middleware/token.d.ts

		import { RequestHandler } from "express";
		import OAuth2Server from "../server";
		import OAuth2Server from "../server.js";
		export default function (server: OAuth2Server): RequestHandler;

dist/middleware/token.js

		@@ -1,5 +0,3 @@
		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		const errors_1 = require("../errors");
		function default_1(server) {
		import { TokenError } from "../errors.js";
		export default function (server) {
		return async function (req, res, next) {
		@@ -11,7 +9,7 @@ if (!req.body) {
		if (!req.body.grant_type) {
		throw new errors_1.TokenError(`I need the following field to work: ${"grant_type"}`, "invalid_request");
		throw new TokenError(`I need the following field to work: ${"grant_type"}`, "invalid_request");
		}
		const exchange = server.exchange(grantType);
		if (!exchange) {
		return next(new errors_1.TokenError("Unsupported grant type: " + grantType, "unsupported_grant_type"));
		return next(new TokenError("Unsupported grant type: " + grantType, "unsupported_grant_type"));
		}
		@@ -26,3 +24,2 @@ try {
		}
		exports.default = default_1;
		//# sourceMappingURL=token.js.map

dist/middleware/transaction.d.ts

		import { RequestHandler } from "express";
		import OAuth2Server from "../server";
		import OAuth2Server from "../server.js";
		export default function (server: OAuth2Server): RequestHandler;

dist/middleware/transaction.js

		@@ -1,10 +0,8 @@
		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		const errors_1 = require("../errors");
		const session_1 = require("../session");
		function default_1(server) {
		import { BadRequestError } from "../errors.js";
		import { load } from "../session.js";
		export default function (server) {
		return async function (req, _res, next) {
		const transactionId = req.query?.transaction_id ?? req.body?.transaction_id;
		if (!transactionId) {
		throw new errors_1.BadRequestError(`I need the following field to work: ${"transaction_id"}`);
		throw new BadRequestError(`I need the following field to work: ${"transaction_id"}`);
		}
		@@ -15,3 +13,3 @@ if (req.oauth2) {
		try {
		const transaction = await (0, session_1.load)(server, req, transactionId);
		const transaction = await load(server, req, transactionId);
		req.oauth2 = transaction;
		@@ -25,3 +23,2 @@ return next();
		}
		exports.default = default_1;
		//# sourceMappingURL=transaction.js.map

dist/server.js

		@@ -1,11 +0,6 @@
		"use strict";
		var __importDefault = (this && this.__importDefault) \|\| function (mod) {
		return (mod && mod.__esModule) ? mod : { "default": mod };
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		const authorization_1 = __importDefault(require("./middleware/authorization"));
		const decision_1 = __importDefault(require("./middleware/decision"));
		const token_1 = __importDefault(require("./middleware/token"));
		const transaction_1 = __importDefault(require("./middleware/transaction"));
		class OAuth2Server {
		import authorization from "./middleware/authorization.js";
		import decision from "./middleware/decision.js";
		import token from "./middleware/token.js";
		import transaction from "./middleware/transaction.js";
		export default class OAuth2Server {
		_clientSerializer;
		@@ -38,15 +33,14 @@ _clientDeserializer;
		authorization(validate, immediate) {
		return (0, authorization_1.default)(this, validate, immediate);
		return authorization(this, validate, immediate);
		}
		decision() {
		return (0, decision_1.default)(this);
		return decision(this);
		}
		token() {
		return (0, token_1.default)(this);
		return token(this);
		}
		transaction() {
		return (0, transaction_1.default)(this);
		return transaction(this);
		}
		}
		exports.default = OAuth2Server;
		//# sourceMappingURL=server.js.map

dist/session.d.ts

		import { Request } from "express";
		import { OAuth2Transaction } from "./index.js";
		import OAuth2Server from "./server";
		import OAuth2Server from "./server.js";
		export declare function load(server: OAuth2Server, request: Request, transactionId: string): Promise<OAuth2Transaction<any, any, any>>;
		export declare function store(server: OAuth2Server, request: Request, transaction: OAuth2Transaction<any, any, any>): Promise<void>;
		export declare function remove(request: Request, transactionId: string): Promise<void>;

dist/session.js

		@@ -1,6 +0,3 @@
		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.remove = exports.store = exports.load = void 0;
		const errors_1 = require("./errors");
		async function load(server, request, transactionId) {
		import { BadRequestError, ForbiddenError } from "./errors.js";
		export async function load(server, request, transactionId) {
		if (!request.session) {
		@@ -10,11 +7,11 @@ throw new Error("I need a session..., Did you forget app.use(express.session(...))?");
		if (!request.session.oauth2) {
		throw new errors_1.ForbiddenError("There are sessions, but there is no transaction saved here.");
		throw new ForbiddenError("There are sessions, but there is no transaction saved here.");
		}
		const user = request.user;
		if (!user) {
		throw new errors_1.ForbiddenError("No user found, are you sure that you're logged in?.");
		throw new ForbiddenError("No user found, are you sure that you're logged in?.");
		}
		const serializedTransaction = request.session.oauth2[transactionId];
		if (!serializedTransaction) {
		throw new errors_1.BadRequestError(`I can't find a transaction with ${serializedTransaction} as the transaction identifier.`);
		throw new BadRequestError(`I can't find a transaction with ${serializedTransaction} as the transaction identifier.`);
		}
		@@ -32,4 +29,3 @@ const client = await server.deserializeClient(serializedTransaction.clientId);
		}
		exports.load = load;
		async function store(server, request, transaction) {
		export async function store(server, request, transaction) {
		if (!request.session) {
		@@ -48,4 +44,3 @@ throw new Error("I need a session..., Did you forget app.use(express.session(...))?");
		}
		exports.store = store;
		async function remove(request, transactionId) {
		export async function remove(request, transactionId) {
		if (!request.session) {
		@@ -58,3 +53,2 @@ throw new Error("I need a session..., Did you forget app.use(express.session(...))?");
		}
		exports.remove = remove;
		//# sourceMappingURL=session.js.map

package.json

		{
		"name": "@wolkeneis/oauth2-server",
		"version": "1.1.0",
		"version": "1.1.1",
		"description": "OAuth2 Server for express with passport using connect style middleware.",
		@@ -29,23 +29,20 @@ "keywords": [
		"bin": {},
		"type": "module",
		"devDependencies": {
		"@types/node": "^17.0.40",
		"@types/express": "^4.17.13",
		"@types/express-serve-static-core": "^4.17.29",
		"@types/express-session": "^1.17.4",
		"@types/node": "^18.0.0",
		"@types/passport": "^1.0.9",
		"@types/uuid": "^8.3.4",
		"@typescript-eslint/eslint-plugin": "^5.27.1",
		"@typescript-eslint/parser": "^5.27.1",
		"eslint": "^8.17.0",
		"@typescript-eslint/eslint-plugin": "^5.28.0",
		"@typescript-eslint/parser": "^5.28.0",
		"eslint": "^8.18.0",
		"eslint-config-prettier": "^8.5.0",
		"husky": "^8.0.1",
		"lint-staged": "^13.0.0",
		"prettier": "2.6.2",
		"typescript": "^4.7.3"
		"lint-staged": "^13.0.2",
		"prettier": "2.7.1",
		"typescript": "^4.7.4"
		},
		"lint-staged": {
		"*.{js,ts}": "eslint --ext ts --cache --fix",
		"*.{js,ts,css,md,json}": "prettier --write"
		},
		"dependencies": {
		"@types/express": "^4.17.13",
		"@types/express-serve-static-core": "^4.17.28",
		"@types/express-session": "^1.17.4",
		"@types/passport": "^1.0.8",
		"uuid": "^8.3.2"
		@@ -58,5 +55,9 @@ },
		},
		"lint-staged": {
		"*.{js,ts}": "eslint --ext ts --cache --fix",
		"*.{js,ts,css,md,json}": "prettier --write"
		},
		"scripts": {
		"lint": "eslint --ext ts .",
		"lint:fix": "yarn lint --fix",
		"lint:fix": "eslint --fix --ext ts .",
		"pretty": "prettier --write .",
		@@ -63,0 +64,0 @@ "build": "tsc --incremental",

src/exchange/code.ts

		import { RequestHandler } from "express";
		import { ForbiddenError, TokenError } from "../errors";
		import { ForbiddenError, TokenError } from "../errors.js";
		import { Exchange, IssueTokenFunction, OAuth2Tokens } from "../index.js";
		@@ -4,0 +4,0 @@

src/grant/code.ts

		import { NextFunction, Request, Response } from "express";
		import { stringify } from "querystring";
		import { v4 as uuidv4 } from "uuid";
		import { AuthorizationError } from "../errors";
		import { AuthorizationError } from "../errors.js";
		import { Grant, IssueCodeFunction, OAuth2Request, OAuth2Transaction } from "../index.js";
		@@ -6,0 +6,0 @@

src/index.ts

		import { NextFunction, Request, RequestHandler, Response } from "express-serve-static-core";
		import CodeExchange from "./exchange/code";
		import CodeGrant from "./grant/code";
		import OAuth2Server from "./server";
		import CodeExchange from "./exchange/code.js";
		import CodeGrant from "./grant/code.js";
		import OAuth2Server from "./server.js";

		@@ -6,0 +6,0 @@ declare module "express-serve-static-core" {

src/middleware/authorization.ts

		import { RequestHandler } from "express";
		import { AuthorizationError } from "../errors";
		import { AuthorizationError } from "../errors.js";
		import { ImmediateFunction, OAuth2Client, OAuth2Request, OAuth2Transaction, ValidateFunction } from "../index.js";
		import OAuth2Server from "../server";
		import { store } from "../session";
		import OAuth2Server from "../server.js";
		import { store } from "../session.js";

		@@ -7,0 +7,0 @@ export default function (server: OAuth2Server, validate: ValidateFunction, immediate: ImmediateFunction): RequestHandler {

src/middleware/decision.ts

		import { RequestHandler } from "express";
		import { AuthorizationError, ForbiddenError } from "../errors";
		import { AuthorizationError, ForbiddenError } from "../errors.js";
		import { OAuth2Transaction } from "../index.js";
		import OAuth2Server from "../server";
		import { remove } from "../session";
		import OAuth2Server from "../server.js";
		import { remove } from "../session.js";

		@@ -7,0 +7,0 @@ export default function (server: OAuth2Server): RequestHandler {

src/middleware/token.ts

		import { RequestHandler } from "express";
		import { TokenError } from "../errors";
		import OAuth2Server from "../server";
		import { TokenError } from "../errors.js";
		import OAuth2Server from "../server.js";

		@@ -5,0 +5,0 @@ export default function (server: OAuth2Server): RequestHandler {

src/middleware/transaction.ts

		import { RequestHandler } from "express";
		import { BadRequestError } from "../errors";
		import { BadRequestError } from "../errors.js";
		import { OAuth2Transaction } from "../index.js";
		import OAuth2Server from "../server";
		import { load } from "../session";
		import OAuth2Server from "../server.js";
		import { load } from "../session.js";

		@@ -7,0 +7,0 @@ export default function (server: OAuth2Server): RequestHandler {

src/server.ts

		import { RequestHandler } from "express-serve-static-core";
		import { ClientDeserializer, ClientSerializer, Exchange, Grant, ImmediateFunction, OAuth2Client, ValidateFunction } from "./index.js";
		import authorization from "./middleware/authorization";
		import decision from "./middleware/decision";
		import token from "./middleware/token";
		import transaction from "./middleware/transaction";
		import authorization from "./middleware/authorization.js";
		import decision from "./middleware/decision.js";
		import token from "./middleware/token.js";
		import transaction from "./middleware/transaction.js";

		@@ -8,0 +8,0 @@ export default class OAuth2Server {

src/session.ts

		import { Request } from "express";
		import { BadRequestError, ForbiddenError } from "./errors";
		import { BadRequestError, ForbiddenError } from "./errors.js";
		import { OAuth2SerializedTransaction, OAuth2Transaction } from "./index.js";
		import OAuth2Server from "./server";
		import OAuth2Server from "./server.js";

		@@ -6,0 +6,0 @@ export async function load(server: OAuth2Server, request: Request, transactionId: string): Promise<OAuth2Transaction<any, any, any>> {

tsconfig.json

		{
		"compilerOptions": {
		"allowSyntheticDefaultImports": true,
		"baseUrl": "src",
		"declaration": true,
		@@ -9,4 +8,4 @@ "esModuleInterop": true,
		"isolatedModules": true,
		"module": "commonjs",
		"moduleResolution": "node",
		"module": "ESNext",
		"moduleResolution": "Node",
		"newLine": "lf",
		@@ -24,6 +23,6 @@ "noEmit": false,
		"strictNullChecks": true,
		"target": "esnext"
		"target": "ESNext"
		},
		"include": ["src/.ts", "src//.ts"],
		"include": ["src/*/.ts"],
		"exclude": ["node_modules"]
		}

dist/errors.js.map