@authup/core-kit
Version:
Package containing global constants, types & interfaces.
894 lines (893 loc) • 35.6 kB
JavaScript
import { AuthupError, ErrorCode } from "@authup/errors";
import { createValidator } from "@validup/adapter-zod";
import { Container } from "validup";
import zod, { z } from "zod";
import { DecisionStrategy } from "@authup/kit";
//#region src/constants.ts
let ValidatorGroup = /* @__PURE__ */ function(ValidatorGroup) {
ValidatorGroup["CREATE"] = "create";
ValidatorGroup["UPDATE"] = "update";
return ValidatorGroup;
}({});
//#endregion
//#region src/domains/client/error.ts
var ClientError = class ClientError extends AuthupError {
static credentialsInvalid() {
return new ClientError({
code: ErrorCode.ENTITY_CREDENTIALS_INVALID,
message: "The client credentials are invalid."
});
}
static invalid() {
return new ClientError({
code: ErrorCode.OAUTH_CLIENT_INVALID,
message: "The client is invalid."
});
}
static notFound() {
return new ClientError({
code: ErrorCode.ENTITY_NOT_FOUND,
message: "The client account was not found."
});
}
static inactive() {
return new ClientError({
code: ErrorCode.ENTITY_INACTIVE,
message: "The client account is inactive."
});
}
};
//#endregion
//#region src/helpers/name-valid.ts
function isNameValid(input, options = {}) {
if (/\s/g.test(input)) {
if (options.throwOnFailure) throw new AuthupError("Whitespace character is not allowed.");
return false;
}
if (/^[a-z0-9-_.]+$/.test(input)) return true;
if (options.throwOnFailure) throw new AuthupError("Only the characters [a-z0-9-_.]+ are allowed.");
return false;
}
//#endregion
//#region src/domains/client/helpers.ts
function isClientNameValid(name, options = {}) {
return isNameValid(name, options);
}
//#endregion
//#region src/domains/client/validator.ts
var ClientValidator = class extends Container {
initialize() {
super.initialize();
this.mount("active", { optional: true }, createValidator(z.boolean()));
this.mount("is_confidential", { optional: true }, createValidator(z.boolean()));
const nameValidator = createValidator(z.string().trim().toLowerCase().min(3).max(128).check((ctx) => {
try {
isClientNameValid(ctx.value, { throwOnFailure: true });
} catch (e) {
ctx.issues.push({
input: ctx.value,
code: "custom",
message: e instanceof Error ? e.message : "The client name is not valid."
});
}
}));
this.mount("name", { group: "create" }, nameValidator);
this.mount("name", {
group: "update",
optional: true
}, nameValidator);
this.mount("display_name", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("description", { optional: true }, createValidator(z.string().min(3).max(4096).nullable()));
this.mount("secret", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("secret_encrypted", { optional: true }, createValidator(z.boolean()));
this.mount("secret_hashed", { optional: true }, createValidator(z.boolean()));
this.mount("redirect_uri", { optional: true }, createValidator(z.string().check((ctx) => {
const validator = z.url();
const urls = ctx.value.split(",");
for (const url of urls) try {
validator.parse(url);
} catch (e) {
ctx.issues.push({
input: url,
code: "custom",
message: e instanceof Error ? e.message : "The redirect_uri is not valid."
});
}
}).nullable()));
this.mount("base_url", { optional: true }, createValidator(z.url().nullable()));
this.mount("root_url", { optional: true }, createValidator(z.url().nullable()));
this.mount("grant_types", { optional: true }, createValidator(z.string().min(3).max(512).nullable()));
this.mount("scope", { optional: true }, createValidator(z.string().min(3).max(512).nullable()));
this.mount("realm_id", {
group: "create",
optional: true
}, createValidator(z.uuid()));
}
};
//#endregion
//#region src/domains/client-role/validator.ts
var ClientRoleValidator = class extends Container {
initialize() {
super.initialize();
this.mount("client_id", { group: "create" }, createValidator(z.uuid()));
this.mount("role_id", { group: "create" }, createValidator(z.uuid()));
}
};
//#endregion
//#region src/domains/client-permission/validator.ts
var ClientPermissionValidator = class extends Container {
initialize() {
super.initialize();
this.mount("client_id", { group: "create" }, createValidator(z.uuid()));
this.mount("permission_id", { group: "create" }, createValidator(z.uuid()));
this.mount("policy_id", { optional: true }, createValidator(z.uuid().nullable()));
}
};
//#endregion
//#region src/domains/client-scope/validator.ts
var ClientScopeValidator = class extends Container {
initialize() {
super.initialize();
this.mount("client_id", { group: "create" }, createValidator(z.uuid()));
this.mount("scope_id", { group: "create" }, createValidator(z.uuid()));
}
};
//#endregion
//#region src/domains/identity/constants.ts
let IdentityType = /* @__PURE__ */ function(IdentityType) {
IdentityType["CLIENT"] = "client";
IdentityType["ROBOT"] = "robot";
IdentityType["USER"] = "user";
return IdentityType;
}({});
//#endregion
//#region src/domains/identity-provider/constants.ts
let IdentityProviderProtocol = /* @__PURE__ */ function(IdentityProviderProtocol) {
IdentityProviderProtocol["LDAP"] = "ldap";
IdentityProviderProtocol["OAUTH2"] = "oauth2";
IdentityProviderProtocol["OIDC"] = "oidc";
return IdentityProviderProtocol;
}({});
let IdentityProviderMappingSyncMode = /* @__PURE__ */ function(IdentityProviderMappingSyncMode) {
/**
* Synchronize on initial user login.
*/
IdentityProviderMappingSyncMode["ONCE"] = "once";
/**
* Synchronize on every user login.
*/
IdentityProviderMappingSyncMode["ALWAYS"] = "always";
/**
* Synchronize based on idp configuration.
*/
IdentityProviderMappingSyncMode["INHERIT"] = "inherit";
return IdentityProviderMappingSyncMode;
}({});
//#endregion
//#region src/domains/identity-provider/ldap/check.ts
function isLdapIdentityProvider(input) {
return input.protocol === "ldap";
}
//#endregion
//#region src/domains/identity-provider/ldap/validator.ts
var IdentityProviderLDAPAttributesValidator = class extends Container {
initialize() {
super.initialize();
this.mount("protocol", createValidator(z.string().check((ctx) => {
if (ctx.value !== "ldap") ctx.issues.push({
input: ctx.value,
code: "custom",
message: "The protocol should be LDAP."
});
})));
this.mount("url", createValidator(z.url()));
this.mount("timeout", { optional: true }, createValidator(z.number().min(0).optional().nullable()));
this.mount("start_tls", { optional: true }, createValidator(z.boolean().optional().nullable()));
this.mount("tls", { optional: true }, createValidator(z.any().optional().nullable()));
this.mount("base_dn", { optional: true }, createValidator(z.string().min(3).max(2e3).optional().nullable()));
this.mount("user", createValidator(z.string().min(3)));
this.mount("password", createValidator(z.string().min(3)));
this.mount("user_base_dn", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("user_filter", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("user_name_attribute", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("user_mail_attribute", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("user_display_name_attribute", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("group_base_dn", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("group_filter", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("group_name_attribute", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("group_class", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("group_member_attribute", { optional: true }, createValidator(z.string().optional().nullable()));
this.mount("group_member_user_attribute", { optional: true }, createValidator(z.string().optional().nullable()));
}
};
//#endregion
//#region src/domains/identity-provider/oauth2/check.ts
function isOAuth2IdentityProvider(input) {
return input.protocol === "oauth2";
}
//#endregion
//#region src/domains/identity-provider/preset/constants.ts
let IdentityProviderPreset = /* @__PURE__ */ function(IdentityProviderPreset) {
IdentityProviderPreset["FACEBOOK"] = "facebook";
IdentityProviderPreset["GITHUB"] = "github";
IdentityProviderPreset["GITLAB"] = "gitlab";
IdentityProviderPreset["GOOGLE"] = "google";
IdentityProviderPreset["PAYPAL"] = "paypal";
IdentityProviderPreset["INSTAGRAM"] = "instagram";
IdentityProviderPreset["STACKOVERFLOW"] = "stackoverflow";
IdentityProviderPreset["TWITTER"] = "twitter";
return IdentityProviderPreset;
}({});
//#endregion
//#region src/domains/identity-provider/preset/utils.ts
function getIdentityProviderProtocolForPreset(id) {
switch (id) {
case "github":
case "gitlab":
case "google":
case "facebook":
case "instagram":
case "paypal":
case "stackoverflow":
case "twitter": return "oidc";
}
return null;
}
//#endregion
//#region src/domains/identity-provider/oauth2/preset-validator.ts
var IdentityProviderOAuth2PresetAttributesValidator = class extends Container {
initialize() {
super.initialize();
this.mount("preset", createValidator(z.string().check((ctx) => {
const protocol = getIdentityProviderProtocolForPreset(ctx.value);
if (protocol !== "oauth2" && protocol !== "oidc") ctx.issues.push({
input: ctx.value,
code: "custom",
message: `The resolved protocol should be oauth2 or oidc`
});
})));
this.mount("client_id", createValidator(z.string().min(3).max(128)));
this.mount("client_secret", { optional: true }, createValidator(z.string().min(3).max(128).optional().nullable()));
}
};
//#endregion
//#region src/domains/identity-provider/oauth2/validator.ts
var IdentityProviderOAuth2AttributesValidator = class extends Container {
initialize() {
super.initialize();
this.mount("preset", createValidator(z.string().optional().nullable().check((ctx) => {
let protocol;
if (typeof ctx.value === "string") protocol = getIdentityProviderProtocolForPreset(ctx.value);
if (typeof protocol === "string") ctx.issues.push({
input: ctx.value,
code: "custom",
message: "The preset should not be defined."
});
})));
this.mount("client_id", createValidator(z.string().min(3).max(128)));
this.mount("client_secret", { optional: true }, createValidator(z.string().min(3).max(128).optional().nullable()));
this.mount("token_url", createValidator(z.url()));
this.mount("token_revoke_url", { optional: true }, createValidator(z.url().optional().nullable()));
this.mount("authorize_url", createValidator(z.url()));
this.mount("user_info_url", { optional: true }, createValidator(z.url().optional().nullable()));
this.mount("scope", createValidator(z.string().min(3).max(2e3).optional().nullable()));
}
};
//#endregion
//#region src/domains/identity-provider/attributes-validator.ts
var IdentityProviderAttributesValidator = class extends Container {
constructor(options = {}) {
super({
...options,
oneOf: true
});
}
initialize() {
super.initialize();
this.mount(new IdentityProviderLDAPAttributesValidator());
this.mount(new IdentityProviderOAuth2AttributesValidator());
this.mount(new IdentityProviderOAuth2PresetAttributesValidator());
}
};
//#endregion
//#region src/domains/identity-provider/utils.ts
function buildIdentityProviderAuthorizeCallbackPath(id) {
return `/identity-providers/${id}/authorize-in`;
}
function buildIdentityProviderAuthorizePath(id) {
return `/identity-providers/${id}/authorize-out`;
}
function isIdentityProviderNameValid(input, options = {}) {
return isNameValid(input, options);
}
//#endregion
//#region src/domains/identity-provider/oidc/check.ts
function isOpenIDIdentityProvider(input) {
return input.protocol === "oidc";
}
//#endregion
//#region src/domains/identity-provider/validator.ts
var IdentityProviderValidator = class extends Container {
initialize() {
super.initialize();
const nameValidator = createValidator(zod.string().trim().toLowerCase().min(3).max(128).check((ctx) => {
try {
isIdentityProviderNameValid(ctx.value, { throwOnFailure: true });
} catch (e) {
ctx.issues.push({
input: ctx.value,
code: "custom",
message: e instanceof Error ? e.message : "The name is not valid."
});
}
}));
this.mount("name", { group: "create" }, nameValidator);
this.mount("name", {
group: "update",
optional: true
}, nameValidator);
this.mount("display_name", { optional: true }, createValidator(zod.string().min(3).max(256)));
const enabledValidator = createValidator(zod.boolean());
this.mount("enabled", { group: "create" }, enabledValidator);
this.mount("enabled", {
group: "update",
optional: true
}, enabledValidator);
this.mount("realm_id", {
group: "create",
optional: true
}, createValidator(zod.uuid()));
this.mount("protocol", createValidator(zod.enum(IdentityProviderProtocol)));
this.mount("preset", { optional: true }, createValidator(zod.enum(IdentityProviderPreset).optional().nullable()));
}
};
//#endregion
//#region src/domains/identity-provider-role-mapping/validator.ts
var IdentityProviderRoleMappingValidator = class extends Container {
initialize() {
super.initialize();
this.mount("provider_id", { group: "create" }, createValidator(z.uuid()));
this.mount("role_id", { group: "create" }, createValidator(z.uuid()));
this.mount("name", { optional: true }, createValidator(z.string().max(64).nullable()));
this.mount("value", { optional: true }, createValidator(z.string().max(128).nullable()));
this.mount("value_is_regex", { optional: true }, createValidator(z.boolean()));
this.mount("synchronization_mode", { optional: true }, createValidator(z.nativeEnum(IdentityProviderMappingSyncMode).nullable()));
}
};
//#endregion
//#region src/domains/permission/constants.ts
let PermissionName = /* @__PURE__ */ function(PermissionName) {
PermissionName["CLIENT_CREATE"] = "client_create";
PermissionName["CLIENT_DELETE"] = "client_delete";
PermissionName["CLIENT_UPDATE"] = "client_update";
PermissionName["CLIENT_READ"] = "client_read";
PermissionName["CLIENT_SELF_MANAGE"] = "client_self_manage";
PermissionName["CLIENT_PERMISSION_CREATE"] = "client_permission_create";
PermissionName["CLIENT_PERMISSION_DELETE"] = "client_permission_delete";
PermissionName["CLIENT_PERMISSION_READ"] = "client_permission_read";
PermissionName["CLIENT_PERMISSION_UPDATE"] = "client_permission_update";
PermissionName["CLIENT_ROLE_CREATE"] = "client_role_create";
PermissionName["CLIENT_ROLE_DELETE"] = "client_role_delete";
PermissionName["CLIENT_ROLE_UPDATE"] = "client_role_update";
PermissionName["CLIENT_ROLE_READ"] = "client_role_read";
PermissionName["CLIENT_SCOPE_CREATE"] = "client_scope_create";
PermissionName["CLIENT_SCOPE_DELETE"] = "client_scope_delete";
PermissionName["CLIENT_SCOPE_READ"] = "client_scope_read";
PermissionName["IDENTITY_PROVIDER_CREATE"] = "identity_provider_create";
PermissionName["IDENTITY_PROVIDER_DELETE"] = "identity_provider_delete";
PermissionName["IDENTITY_PROVIDER_UPDATE"] = "identity_provider_update";
PermissionName["IDENTITY_PROVIDER_READ"] = "identity_provider_read";
PermissionName["IDENTITY_PROVIDER_ROLE_CREATE"] = "identity_provider_role_create";
PermissionName["IDENTITY_PROVIDER_ROLE_DELETE"] = "identity_provider_role_delete";
PermissionName["IDENTITY_PROVIDER_ROLE_UPDATE"] = "identity_provider_role_update";
PermissionName["IDENTITY_PROVIDER_ROLE_READ"] = "identity_provider_role_read";
PermissionName["PERMISSION_CREATE"] = "permission_create";
PermissionName["PERMISSION_DELETE"] = "permission_delete";
PermissionName["PERMISSION_UPDATE"] = "permission_update";
PermissionName["PERMISSION_READ"] = "permission_read";
PermissionName["REALM_CREATE"] = "realm_create";
PermissionName["REALM_DELETE"] = "realm_delete";
PermissionName["REALM_UPDATE"] = "realm_update";
PermissionName["REALM_READ"] = "realm_read";
PermissionName["ROBOT_CREATE"] = "robot_create";
PermissionName["ROBOT_DELETE"] = "robot_delete";
PermissionName["ROBOT_UPDATE"] = "robot_update";
PermissionName["ROBOT_READ"] = "robot_read";
PermissionName["ROBOT_SELF_MANAGE"] = "robot_self_manage";
PermissionName["ROBOT_PERMISSION_CREATE"] = "robot_permission_create";
PermissionName["ROBOT_PERMISSION_DELETE"] = "robot_permission_delete";
PermissionName["ROBOT_PERMISSION_READ"] = "robot_permission_read";
PermissionName["ROBOT_PERMISSION_UPDATE"] = "robot_permission_update";
PermissionName["ROBOT_ROLE_CREATE"] = "robot_role_create";
PermissionName["ROBOT_ROLE_DELETE"] = "robot_role_delete";
PermissionName["ROBOT_ROLE_UPDATE"] = "robot_role_update";
PermissionName["ROBOT_ROLE_READ"] = "robot_role_read";
PermissionName["ROLE_CREATE"] = "role_create";
PermissionName["ROLE_DELETE"] = "role_delete";
PermissionName["ROLE_UPDATE"] = "role_update";
PermissionName["ROLE_READ"] = "role_read";
PermissionName["ROLE_PERMISSION_CREATE"] = "role_permission_create";
PermissionName["ROLE_PERMISSION_DELETE"] = "role_permission_delete";
PermissionName["ROLE_PERMISSION_READ"] = "role_permission_read";
PermissionName["ROLE_PERMISSION_UPDATE"] = "role_permission_update";
PermissionName["SCOPE_CREATE"] = "scope_create";
PermissionName["SCOPE_DELETE"] = "scope_delete";
PermissionName["SCOPE_UPDATE"] = "scope_update";
PermissionName["SCOPE_READ"] = "scope_read";
PermissionName["USER_CREATE"] = "user_create";
PermissionName["USER_DELETE"] = "user_delete";
PermissionName["USER_UPDATE"] = "user_update";
PermissionName["USER_READ"] = "user_read";
PermissionName["USER_SELF_MANAGE"] = "user_self_manage";
PermissionName["USER_PERMISSION_CREATE"] = "user_permission_create";
PermissionName["USER_PERMISSION_DELETE"] = "user_permission_delete";
PermissionName["USER_PERMISSION_READ"] = "user_permission_read";
PermissionName["USER_PERMISSION_UPDATE"] = "user_permission_update";
PermissionName["USER_ROLE_CREATE"] = "user_role_create";
PermissionName["USER_ROLE_DELETE"] = "user_role_delete";
PermissionName["USER_ROLE_UPDATE"] = "user_role_update";
PermissionName["USER_ROLE_READ"] = "user_role_read";
return PermissionName;
}({});
//#endregion
//#region src/domains/permission/helpers.ts
function isPermissionNameValid(name, options = {}) {
return isNameValid(name, options);
}
//#endregion
//#region src/domains/permission/validator.ts
var PermissionValidator = class extends Container {
initialize() {
super.initialize();
const nameValidator = createValidator(z.string().trim().toLowerCase().min(3).max(128).check((ctx) => {
try {
isPermissionNameValid(ctx.value, { throwOnFailure: true });
} catch (e) {
ctx.issues.push({
input: ctx.value,
code: "custom",
message: e instanceof Error ? e.message : "The permission name is not valid."
});
}
}));
this.mount("name", { group: "create" }, nameValidator);
this.mount("name", {
group: "update",
optional: true
}, nameValidator);
this.mount("display_name", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("description", { optional: true }, createValidator(z.string().min(5).max(4096).nullable()));
this.mount("client_id", { optional: true }, createValidator(z.uuid().nullable()));
this.mount("realm_id", {
group: "create",
optional: true
}, createValidator(z.uuid().nullable().optional()));
this.mount("decision_strategy", { optional: true }, createValidator(z.enum(DecisionStrategy).nullable()));
}
};
//#endregion
//#region src/domains/permission-policy/validator.ts
var PermissionPolicyValidator = class extends Container {
initialize() {
super.initialize();
this.mount("permission_id", { group: "create" }, createValidator(z.uuid()));
this.mount("policy_id", { group: "create" }, createValidator(z.uuid()));
}
};
//#endregion
//#region src/domains/policy/helpers.ts
function isPolicyNameValid(name, options = {}) {
return isNameValid(name, options);
}
function isPolicy(input) {
return typeof input === "object" && input !== null && typeof input.id === "string" && typeof input.type === "string";
}
//#endregion
//#region src/domains/policy/validator.ts
var PolicyValidator = class extends Container {
initialize() {
super.initialize();
const nameValidator = createValidator(z.string().trim().toLowerCase().min(3).max(128).check((ctx) => {
try {
isPolicyNameValid(ctx.value, { throwOnFailure: true });
} catch (e) {
ctx.issues.push({
input: ctx.value,
code: "custom",
message: e instanceof Error ? e.message : "The policy name is not valid."
});
}
}));
this.mount("name", { group: "create" }, nameValidator);
this.mount("name", {
group: "update",
optional: true
}, nameValidator);
this.mount("display_name", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("invert", { optional: true }, createValidator(z.boolean()));
this.mount("type", { group: "create" }, createValidator(z.string().min(3).max(128)));
this.mount("parent_id", { optional: true }, createValidator(z.uuid().nullable()));
this.mount("realm_id", {
group: "create",
optional: true
}, createValidator(z.uuid().nullable()));
}
};
//#endregion
//#region src/domains/realm/constants.ts
const REALM_MASTER_NAME = "master";
const REALM_NAME_REGEX = /^[a-zA-Z0-9_]{3,128}$/;
//#endregion
//#region src/domains/realm/helpers.ts
function isRealmNameValid(name, options = {}) {
return isNameValid(name, options);
}
//#endregion
//#region src/domains/realm/validator.ts
var RealmValidator = class extends Container {
initialize() {
super.initialize();
const nameValidator = createValidator(z.string().trim().toLowerCase().min(3).max(128).check((ctx) => {
try {
isRealmNameValid(ctx.value, { throwOnFailure: true });
} catch (e) {
ctx.issues.push({
input: ctx.value,
code: "custom",
message: e instanceof Error ? e.message : "The realm name is not valid."
});
}
}));
this.mount("name", { group: "create" }, nameValidator);
this.mount("name", {
group: "update",
optional: true
}, nameValidator);
this.mount("display_name", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("description", { optional: true }, createValidator(z.string().min(5).max(4096).nullable()));
}
};
//#endregion
//#region src/domains/robot/helpers.ts
function isRobotNameValid(name, options = {}) {
return isNameValid(name, options);
}
//#endregion
//#region src/domains/robot/error.ts
var RobotError = class RobotError extends AuthupError {
static credentialsInvalid() {
return new RobotError({
code: ErrorCode.ENTITY_CREDENTIALS_INVALID,
message: "The robot credentials are invalid."
});
}
static notFound() {
return new RobotError({
code: ErrorCode.ENTITY_NOT_FOUND,
message: "The robot account was not found."
});
}
static inactive() {
return new RobotError({
code: ErrorCode.ENTITY_INACTIVE,
message: "The robot account is inactive."
});
}
};
//#endregion
//#region src/domains/robot/validator.ts
var RobotValidator = class extends Container {
initialize() {
super.initialize();
this.mount("secret", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("active", { optional: true }, createValidator(z.boolean()));
const nameValidator = createValidator(z.string().trim().toLowerCase().min(3).max(128).check((ctx) => {
try {
isRobotNameValid(ctx.value, { throwOnFailure: true });
} catch (e) {
ctx.issues.push({
input: ctx.value,
code: "custom",
message: e instanceof Error ? e.message : "The robot name is not valid."
});
}
}));
this.mount("name", { group: "create" }, nameValidator);
this.mount("name", {
group: "update",
optional: true
}, nameValidator);
this.mount("display_name", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("description", { optional: true }, createValidator(z.string().min(5).max(4096).nullable()));
this.mount("user_id", { optional: true }, createValidator(z.uuid()));
this.mount("realm_id", {
group: "create",
optional: true
}, createValidator(z.uuid()));
}
};
//#endregion
//#region src/domains/robot-permission/validator.ts
var RobotPermissionValidator = class extends Container {
initialize() {
super.initialize();
this.mount("robot_id", { group: "create" }, createValidator(z.uuid()));
this.mount("permission_id", { group: "create" }, createValidator(z.uuid()));
this.mount("policy_id", { optional: true }, createValidator(z.uuid().nullable()));
}
};
//#endregion
//#region src/domains/robot-role/validator.ts
var RobotRoleValidator = class extends Container {
initialize() {
super.initialize();
this.mount("robot_id", { group: "create" }, createValidator(z.uuid()));
this.mount("role_id", { group: "create" }, createValidator(z.uuid()));
}
};
//#endregion
//#region src/domains/role/constants.ts
const ROLE_ADMIN_NAME = "admin";
const ROLE_REALM_ADMIN_NAME = "realm_admin";
//#endregion
//#region src/domains/role/utils.ts
function isRoleNameValid(name, options = {}) {
return isNameValid(name, options);
}
//#endregion
//#region src/domains/role/validator.ts
var RoleValidator = class extends Container {
initialize() {
super.initialize();
const nameValidator = createValidator(z.string().trim().toLowerCase().min(3).max(128).check((ctx) => {
try {
isRoleNameValid(ctx.value, { throwOnFailure: true });
} catch (e) {
ctx.issues.push({
input: ctx.value,
code: "custom",
message: e instanceof Error ? e.message : "The role name is not valid."
});
}
}));
this.mount("name", { group: "create" }, nameValidator);
this.mount("name", {
group: "update",
optional: true
}, nameValidator);
this.mount("display_name", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("description", { optional: true }, createValidator(z.string().min(5).max(4096).nullable()));
this.mount("client_id", { optional: true }, createValidator(z.uuid().nullable()));
this.mount("realm_id", {
group: "create",
optional: true
}, createValidator(z.uuid().nullable()));
}
};
//#endregion
//#region src/domains/role-permission/validator.ts
var RolePermissionValidator = class extends Container {
initialize() {
super.initialize();
this.mount("role_id", { group: "create" }, createValidator(z.uuid()));
this.mount("permission_id", { group: "create" }, createValidator(z.uuid()));
this.mount("policy_id", { optional: true }, createValidator(z.uuid().nullable()));
}
};
//#endregion
//#region src/domains/scope/constants.ts
let ScopeName = /* @__PURE__ */ function(ScopeName) {
/**
* Full permissions
*/
ScopeName["GLOBAL"] = "global";
/**
* for Openid usage (id-token)
*/
ScopeName["OPEN_ID"] = "openid";
/**
* /users/@me with email (userinfo & id-token)
*/
ScopeName["EMAIL"] = "email";
/**
* Roles array (id-token)
*/
ScopeName["ROLES"] = "roles";
/**
* /users/@me without email (userinfo & id-token)
*/
ScopeName["IDENTITY"] = "identity";
return ScopeName;
}({});
//#endregion
//#region src/domains/scope/utils.ts
function isScopeNameValid(name, options = {}) {
return isNameValid(name, options);
}
//#endregion
//#region src/domains/scope/validator.ts
var ScopeValidator = class extends Container {
initialize() {
super.initialize();
const nameValidator = createValidator(z.string().trim().toLowerCase().min(3).max(128).check((ctx) => {
try {
isScopeNameValid(ctx.value, { throwOnFailure: true });
} catch (e) {
ctx.issues.push({
input: ctx.value,
code: "custom",
message: e instanceof Error ? e.message : "The scope name is not valid."
});
}
}));
this.mount("name", { group: "create" }, nameValidator);
this.mount("name", {
group: "update",
optional: true
}, nameValidator);
this.mount("display_name", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("description", { optional: true }, createValidator(z.string().min(5).max(4096).nullable()));
this.mount("realm_id", {
group: "create",
optional: true
}, createValidator(z.uuid().nullable()));
}
};
//#endregion
//#region src/domains/user/error.ts
var UserError = class UserError extends AuthupError {
static credentialsInvalid() {
return new UserError({
code: ErrorCode.ENTITY_CREDENTIALS_INVALID,
message: "The user credentials are invalid."
});
}
static notFound() {
return new UserError({
code: ErrorCode.ENTITY_NOT_FOUND,
message: "The user account was not found."
});
}
static inactive() {
return new UserError({
code: ErrorCode.ENTITY_INACTIVE,
message: "The user account is inactive."
});
}
};
//#endregion
//#region src/domains/user/utils.ts
function isUserNameValid(input, options = {}) {
if (!isNameValid(input, options)) return false;
input = input.toLowerCase();
if ([
"bot",
"system",
"everyone",
"here"
].some((el) => input.startsWith(el))) {
if (options.throwOnFailure) throw new AuthupError(`${input} is a reserved name.`);
return false;
}
return true;
}
function isValidUserEmail(input) {
return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(input);
}
function buildUserFakeEmail(input) {
if (isUserFakeEmail(input)) return input;
return `${input}.com`;
}
function isUserFakeEmail(input) {
return input.endsWith("@example.com");
}
//#endregion
//#region src/domains/user/validator.ts
var UserValidator = class extends Container {
initialize() {
super.initialize();
const nameValidator = createValidator(z.string().trim().toLowerCase().min(3).max(128).check((ctx) => {
try {
isUserNameValid(ctx.value, { throwOnFailure: true });
} catch (e) {
ctx.issues.push({
input: ctx.value,
code: "custom",
message: e instanceof Error ? e.message : "The user name is not valid."
});
}
}));
this.mount("name", { group: "create" }, nameValidator);
this.mount("name", {
group: "update",
optional: true
}, nameValidator);
this.mount("name_locked", { optional: true }, createValidator(z.boolean()));
this.mount("first_name", { optional: true }, createValidator(z.string().min(3).max(128).nullable()));
this.mount("last_name", { optional: true }, createValidator(z.string().min(3).max(128).nullable()));
this.mount("display_name", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
const emailValidator = createValidator(z.email().trim().toLowerCase().regex(/^[^A-Z]+$/, "Email must be lowercase."));
this.mount("email", { group: "create" }, emailValidator);
this.mount("email", {
optional: true,
group: "update"
}, emailValidator);
this.mount("password", { optional: true }, createValidator(z.string().min(3).max(512)));
this.mount("active", { optional: true }, createValidator(z.boolean()));
this.mount("name_locked", { optional: true }, createValidator(z.boolean()));
this.mount("realm_id", {
group: "create",
optional: true
}, createValidator(z.uuid()));
this.mount("status", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
this.mount("status_message", { optional: true }, createValidator(z.string().min(3).max(256).nullable()));
}
};
//#endregion
//#region src/domains/user-permission/validator.ts
var UserPermissionValidator = class extends Container {
initialize() {
super.initialize();
this.mount("user_id", { group: "create" }, createValidator(z.uuid()));
this.mount("permission_id", { group: "create" }, createValidator(z.uuid()));
this.mount("policy_id", { optional: true }, createValidator(z.uuid().nullable()));
}
};
//#endregion
//#region src/domains/user-role/validator.ts
var UserRoleValidator = class extends Container {
initialize() {
super.initialize();
this.mount("user_id", { group: "create" }, createValidator(z.uuid()));
this.mount("role_id", { group: "create" }, createValidator(z.uuid()));
}
};
//#endregion
//#region src/domains/contstants.ts
let EntityType = /* @__PURE__ */ function(EntityType) {
EntityType["CLIENT"] = "client";
EntityType["CLIENT_PERMISSION"] = "clientPermission";
EntityType["CLIENT_ROLE"] = "clientRole";
EntityType["CLIENT_SCOPE"] = "clientScope";
EntityType["IDENTITY_PROVIDER"] = "identityProvider";
EntityType["IDENTITY_PROVIDER_ACCOUNT"] = "identityProviderAccount";
EntityType["IDENTITY_PROVIDER_ATTRIBUTE"] = "identityProviderAttribute";
EntityType["IDENTITY_PROVIDER_ATTRIBUTE_MAPPING"] = "identityProviderAttributeMapping";
EntityType["IDENTITY_PROVIDER_PERMISSION_MAPPING"] = "identityProviderPermissionMapping";
EntityType["IDENTITY_PROVIDER_ROLE_MAPPING"] = "identityProviderRoleMapping";
EntityType["KEY"] = "key";
EntityType["POLICY"] = "policy";
EntityType["POLICY_ATTRIBUTE"] = "policyAttribute";
EntityType["PERMISSION"] = "permission";
EntityType["PERMISSION_POLICY"] = "permissionPolicy";
EntityType["REALM"] = "realm";
EntityType["ROBOT"] = "robot";
EntityType["ROBOT_PERMISSION"] = "robotPermission";
EntityType["ROBOT_ROLE"] = "robotRole";
EntityType["ROLE"] = "role";
EntityType["ROLE_ATTRIBUTE"] = "roleAttribute";
EntityType["ROLE_PERMISSION"] = "rolePermission";
EntityType["SCOPE"] = "scope";
EntityType["USER"] = "user";
EntityType["USER_ATTRIBUTE"] = "userAttribute";
EntityType["USER_PERMISSION"] = "userPermission";
EntityType["USER_ROLE"] = "userRole";
return EntityType;
}({});
let EntityDefaultEventName = /* @__PURE__ */ function(EntityDefaultEventName) {
EntityDefaultEventName["CREATED"] = "created";
EntityDefaultEventName["DELETED"] = "deleted";
EntityDefaultEventName["UPDATED"] = "updated";
return EntityDefaultEventName;
}({});
//#endregion
//#region src/domains/helpers.ts
function buildEntityChannelName(entity, id) {
return id ? `${entity}:${id}` : entity;
}
function buildEntityNamespaceName(id) {
return `/realm#${id}`;
}
//#endregion
export { ClientError, ClientPermissionValidator, ClientRoleValidator, ClientScopeValidator, ClientValidator, EntityDefaultEventName, EntityType, IdentityProviderAttributesValidator, IdentityProviderLDAPAttributesValidator, IdentityProviderMappingSyncMode, IdentityProviderOAuth2AttributesValidator, IdentityProviderOAuth2PresetAttributesValidator, IdentityProviderPreset, IdentityProviderProtocol, IdentityProviderRoleMappingValidator, IdentityProviderValidator, IdentityType, PermissionName, PermissionPolicyValidator, PermissionValidator, PolicyValidator, REALM_MASTER_NAME, REALM_NAME_REGEX, ROLE_ADMIN_NAME, ROLE_REALM_ADMIN_NAME, RealmValidator, RobotError, RobotPermissionValidator, RobotRoleValidator, RobotValidator, RolePermissionValidator, RoleValidator, ScopeName, ScopeValidator, UserError, UserPermissionValidator, UserRoleValidator, UserValidator, ValidatorGroup, buildEntityChannelName, buildEntityNamespaceName, buildIdentityProviderAuthorizeCallbackPath, buildIdentityProviderAuthorizePath, buildUserFakeEmail, getIdentityProviderProtocolForPreset, isClientNameValid, isIdentityProviderNameValid, isLdapIdentityProvider, isNameValid, isOAuth2IdentityProvider, isOpenIDIdentityProvider, isPermissionNameValid, isPolicy, isPolicyNameValid, isRealmNameValid, isRobotNameValid, isRoleNameValid, isScopeNameValid, isUserFakeEmail, isUserNameValid, isValidUserEmail };
//# sourceMappingURL=index.mjs.map