UNPKG

@authup/core-kit

Version:

Package containing global constants, types & interfaces.

github.com/authup/authup

authup/authup

1 lines 85.4 kB
1
{"version":3,"file":"index.mjs","names":[],"sources":["../src/constants.ts","../src/domains/client/error.ts","../src/helpers/name-valid.ts","../src/domains/client/helpers.ts","../src/domains/client/validator.ts","../src/domains/client-role/validator.ts","../src/domains/client-permission/validator.ts","../src/domains/client-scope/validator.ts","../src/domains/identity/constants.ts","../src/domains/identity-provider/constants.ts","../src/domains/identity-provider/ldap/check.ts","../src/domains/identity-provider/ldap/validator.ts","../src/domains/identity-provider/oauth2/check.ts","../src/domains/identity-provider/preset/constants.ts","../src/domains/identity-provider/preset/utils.ts","../src/domains/identity-provider/oauth2/preset-validator.ts","../src/domains/identity-provider/oauth2/validator.ts","../src/domains/identity-provider/attributes-validator.ts","../src/domains/identity-provider/utils.ts","../src/domains/identity-provider/oidc/check.ts","../src/domains/identity-provider/validator.ts","../src/domains/identity-provider-role-mapping/validator.ts","../src/domains/permission/constants.ts","../src/domains/permission/helpers.ts","../src/domains/permission/validator.ts","../src/domains/permission-policy/validator.ts","../src/domains/policy/helpers.ts","../src/domains/policy/validator.ts","../src/domains/realm/constants.ts","../src/domains/realm/helpers.ts","../src/domains/realm/validator.ts","../src/domains/robot/helpers.ts","../src/domains/robot/error.ts","../src/domains/robot/validator.ts","../src/domains/robot-permission/validator.ts","../src/domains/robot-role/validator.ts","../src/domains/role/constants.ts","../src/domains/role/utils.ts","../src/domains/role/validator.ts","../src/domains/role-permission/validator.ts","../src/domains/scope/constants.ts","../src/domains/scope/utils.ts","../src/domains/scope/validator.ts","../src/domains/user/error.ts","../src/domains/user/utils.ts","../src/domains/user/validator.ts","../src/domains/user-permission/validator.ts","../src/domains/user-role/validator.ts","../src/domains/contstants.ts","../src/domains/helpers.ts"],"sourcesContent":["/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nexport enum ValidatorGroup {\n CREATE = 'create',\n UPDATE = 'update',\n}\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { AuthupError, ErrorCode } from '@authup/errors';\n\nexport class ClientError extends AuthupError {\n static credentialsInvalid() {\n return new ClientError({\n code: ErrorCode.ENTITY_CREDENTIALS_INVALID,\n message: 'The client credentials are invalid.',\n });\n }\n\n static invalid() {\n return new ClientError({\n code: ErrorCode.OAUTH_CLIENT_INVALID,\n message: 'The client is invalid.',\n });\n }\n\n static notFound() {\n return new ClientError({\n code: ErrorCode.ENTITY_NOT_FOUND,\n message: 'The client account was not found.',\n });\n }\n\n static inactive() {\n return new ClientError({\n code: ErrorCode.ENTITY_INACTIVE,\n message: 'The client account is inactive.',\n });\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { AuthupError } from '@authup/errors';\n\nexport type NameValidOptions = {\n throwOnFailure?: boolean;\n};\nexport function isNameValid(input: string, options: NameValidOptions = {}): boolean {\n if (/\\s/g.test(input)) {\n if (options.throwOnFailure) {\n throw new AuthupError('Whitespace character is not allowed.');\n }\n\n return false;\n }\n\n if (/^[a-z0-9-_.]+$/.test(input)) {\n return true;\n }\n\n if (options.throwOnFailure) {\n throw new AuthupError('Only the characters [a-z0-9-_.]+ are allowed.');\n }\n\n return false;\n}\n","/*\n * Copyright (c) 2021-2021.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport type { NameValidOptions } from '../../helpers';\nimport { isNameValid } from '../../helpers';\n\nexport function isClientNameValid(name: string, options: NameValidOptions = {}) : boolean {\n return isNameValid(name, options);\n}\n","/*\n * Copyright (c) 2025-2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants';\nimport type { Client } from './entity';\nimport { isClientNameValid } from './helpers';\n\nexport class ClientValidator extends Container<Client> {\n protected override initialize() {\n super.initialize();\n\n // ----------------------------------------------\n\n this.mount(\n 'active',\n { optional: true },\n createValidator(z.boolean()),\n );\n\n this.mount(\n 'is_confidential',\n { optional: true },\n createValidator(z.boolean()),\n );\n\n // ----------------------------------------------\n\n const nameValidator = createValidator(\n z\n .string()\n .trim()\n .toLowerCase()\n .min(3)\n .max(128)\n .check((ctx) => {\n try {\n isClientNameValid(ctx.value, { throwOnFailure: true });\n } catch (e) {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: e instanceof Error ? e.message : 'The client name is not valid.',\n });\n }\n }),\n );\n\n this.mount(\n 'name',\n { group: ValidatorGroup.CREATE },\n nameValidator,\n );\n this.mount(\n 'name',\n {\n group: ValidatorGroup.UPDATE,\n optional: true, \n },\n nameValidator,\n );\n\n this.mount(\n 'display_name',\n { optional: true },\n createValidator(z.string().min(3).max(256).nullable()),\n );\n\n this.mount(\n 'description',\n { optional: true },\n createValidator(z.string().min(3).max(4096).nullable()),\n );\n\n // ----------------------------------------------\n\n this.mount(\n 'secret',\n { optional: true },\n createValidator(z.string().min(3).max(256).nullable()),\n );\n\n this.mount(\n 'secret_encrypted',\n { optional: true },\n createValidator(z.boolean()),\n );\n\n this.mount(\n 'secret_hashed',\n { optional: true },\n createValidator(z.boolean()),\n );\n\n // ----------------------------------------------\n\n this.mount(\n 'redirect_uri',\n { optional: true },\n createValidator(\n z\n .string()\n .check((ctx) => {\n const validator = z.url();\n const urls = ctx.value.split(',');\n for (const url of urls) {\n try {\n validator.parse(url);\n } catch (e) {\n ctx.issues.push({\n input: url,\n code: 'custom',\n message: e instanceof Error ? e.message : 'The redirect_uri is not valid.',\n });\n }\n }\n })\n .nullable(),\n ),\n );\n\n this.mount(\n 'base_url',\n { optional: true },\n createValidator(\n z.url().nullable(),\n ),\n );\n\n this.mount(\n 'root_url',\n { optional: true },\n createValidator(\n z.url().nullable(),\n ),\n );\n\n this.mount(\n 'grant_types',\n { optional: true },\n createValidator(z.string().min(3).max(512).nullable()),\n );\n\n this.mount(\n 'scope',\n { optional: true },\n createValidator(z.string().min(3).max(512).nullable()),\n );\n\n // ----------------------------------------------\n\n this.mount(\n 'realm_id',\n {\n group: ValidatorGroup.CREATE,\n optional: true, \n },\n createValidator(z.uuid()),\n );\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { ClientRole } from './entity.ts';\n\nexport class ClientRoleValidator extends Container<\n ClientRole\n> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'client_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'role_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { ClientPermission } from './entity.ts';\n\nexport class ClientPermissionValidator extends Container<\n ClientPermission\n> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'client_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'permission_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'policy_id',\n { optional: true },\n createValidator(z.uuid().nullable()),\n );\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { ClientScope } from './entity.ts';\n\nexport class ClientScopeValidator extends Container<\n ClientScope\n> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'client_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'scope_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nexport enum IdentityType {\n CLIENT = 'client',\n ROBOT = 'robot',\n USER = 'user',\n}\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nexport enum IdentityProviderProtocol {\n LDAP = 'ldap',\n OAUTH2 = 'oauth2',\n OIDC = 'oidc',\n}\n\nexport enum IdentityProviderMappingSyncMode {\n /**\n * Synchronize on initial user login.\n */\n ONCE = 'once',\n /**\n * Synchronize on every user login.\n */\n ALWAYS = 'always',\n /**\n * Synchronize based on idp configuration.\n */\n INHERIT = 'inherit',\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { IdentityProviderProtocol } from '../constants';\nimport type { IdentityProvider } from '../entity';\nimport type { LdapIdentityProvider } from './types';\n\nexport function isLdapIdentityProvider(input: IdentityProvider) : input is LdapIdentityProvider {\n return input.protocol === IdentityProviderProtocol.LDAP;\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { IdentityProviderProtocol } from '../constants';\nimport type { LdapIdentityProvider } from './types';\n\nexport class IdentityProviderLDAPAttributesValidator extends Container<LdapIdentityProvider> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'protocol',\n createValidator(z.string().check((ctx) => {\n if (ctx.value !== IdentityProviderProtocol.LDAP) {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: 'The protocol should be LDAP.',\n });\n }\n })),\n );\n\n this.mount('url', createValidator(z.url()));\n\n this.mount('timeout', { optional: true }, createValidator(z.number().min(0).optional().nullable()));\n\n this.mount('start_tls', { optional: true }, createValidator(z.boolean().optional().nullable()));\n\n this.mount('tls', { optional: true }, createValidator(z.any().optional().nullable()));\n\n this.mount(\n 'base_dn',\n { optional: true },\n createValidator(z.string().min(3).max(2000).optional()\n .nullable()),\n );\n this.mount('user', createValidator(z.string().min(3)));\n\n this.mount('password', createValidator(z.string().min(3)));\n\n this.mount('user_base_dn', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('user_filter', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('user_name_attribute', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('user_mail_attribute', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('user_display_name_attribute', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('group_base_dn', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('group_filter', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('group_name_attribute', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('group_class', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('group_member_attribute', { optional: true }, createValidator(z.string().optional().nullable()));\n\n this.mount('group_member_user_attribute', { optional: true }, createValidator(z.string().optional().nullable()));\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { IdentityProviderProtocol } from '../constants';\nimport type { IdentityProvider } from '../entity';\nimport type { OAuth2IdentityProvider } from './types';\n\nexport function isOAuth2IdentityProvider(input: IdentityProvider) : input is OAuth2IdentityProvider {\n return input.protocol === IdentityProviderProtocol.OAUTH2;\n}\n","/*\n * Copyright (c) 2023.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nexport enum IdentityProviderPreset {\n FACEBOOK = 'facebook',\n GITHUB = 'github',\n GITLAB = 'gitlab',\n GOOGLE = 'google',\n PAYPAL = 'paypal',\n INSTAGRAM = 'instagram',\n STACKOVERFLOW = 'stackoverflow',\n TWITTER = 'twitter',\n}\n","/*\n * Copyright (c) 2023.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { IdentityProviderProtocol } from '../constants';\nimport { IdentityProviderPreset } from './constants';\n\nexport function getIdentityProviderProtocolForPreset(\n id: string,\n) : `${IdentityProviderProtocol}` | null {\n switch (id) {\n case IdentityProviderPreset.GITHUB:\n case IdentityProviderPreset.GITLAB:\n case IdentityProviderPreset.GOOGLE:\n case IdentityProviderPreset.FACEBOOK:\n case IdentityProviderPreset.INSTAGRAM:\n case IdentityProviderPreset.PAYPAL:\n case IdentityProviderPreset.STACKOVERFLOW:\n case IdentityProviderPreset.TWITTER:\n return IdentityProviderProtocol.OIDC;\n }\n\n return null;\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { IdentityProviderProtocol } from '../constants';\nimport { getIdentityProviderProtocolForPreset } from '../preset';\nimport type { OAuth2IdentityProvider } from './types';\n\nexport class IdentityProviderOAuth2PresetAttributesValidator extends Container<OAuth2IdentityProvider> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'preset',\n createValidator(z.string().check((ctx) => {\n const protocol = getIdentityProviderProtocolForPreset(ctx.value);\n\n if (\n protocol !== IdentityProviderProtocol.OAUTH2 &&\n protocol !== IdentityProviderProtocol.OIDC\n ) {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: `The resolved protocol should be ${IdentityProviderProtocol.OAUTH2} or ${IdentityProviderProtocol.OIDC}`,\n });\n }\n })),\n );\n\n this.mount(\n 'client_id',\n createValidator(z.string().min(3).max(128)),\n );\n\n this.mount(\n 'client_secret',\n { optional: true },\n createValidator(z.string().min(3).max(128).optional()\n .nullable()),\n );\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { getIdentityProviderProtocolForPreset } from '../preset';\nimport type { OAuth2IdentityProvider } from './types';\n\nexport class IdentityProviderOAuth2AttributesValidator extends Container<OAuth2IdentityProvider> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'preset',\n createValidator(z\n .string()\n .optional()\n .nullable()\n .check((ctx) => {\n let protocol : string | null | undefined;\n if (typeof ctx.value === 'string') {\n protocol = getIdentityProviderProtocolForPreset(ctx.value);\n }\n\n if (typeof protocol === 'string') {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: 'The preset should not be defined.',\n });\n }\n })),\n );\n\n this.mount(\n 'client_id',\n createValidator(z.string().min(3).max(128)),\n );\n\n this.mount(\n 'client_secret',\n { optional: true },\n createValidator(z.string().min(3).max(128).optional()\n .nullable()),\n );\n\n this.mount(\n 'token_url',\n createValidator(z.url()),\n );\n\n this.mount(\n 'token_revoke_url',\n { optional: true },\n createValidator(z.url().optional().nullable()),\n );\n\n this.mount(\n 'authorize_url',\n createValidator(z.url()),\n );\n\n this.mount(\n 'user_info_url',\n { optional: true },\n createValidator(z.url().optional().nullable()),\n );\n\n this.mount(\n 'scope',\n createValidator(z.string().min(3).max(2000).optional()\n .nullable()),\n );\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport type { ObjectLiteral } from '@authup/kit';\nimport type { ContainerOptions } from 'validup';\nimport { Container } from 'validup';\nimport { IdentityProviderLDAPAttributesValidator } from './ldap';\nimport { IdentityProviderOAuth2AttributesValidator, IdentityProviderOAuth2PresetAttributesValidator } from './oauth2';\n\nexport class IdentityProviderAttributesValidator extends Container<ObjectLiteral> {\n constructor(options: ContainerOptions<ObjectLiteral> = {}) {\n super({\n ...options,\n oneOf: true,\n });\n }\n\n protected override initialize() {\n super.initialize();\n\n this.mount(new IdentityProviderLDAPAttributesValidator());\n this.mount(new IdentityProviderOAuth2AttributesValidator());\n this.mount(new IdentityProviderOAuth2PresetAttributesValidator());\n }\n}\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport type { NameValidOptions } from '../../helpers';\nimport { isNameValid } from '../../helpers';\n\nexport function buildIdentityProviderAuthorizeCallbackPath(id: string | number) {\n return `/identity-providers/${id}/authorize-in`;\n}\n\nexport function buildIdentityProviderAuthorizePath(id: string | number) {\n return `/identity-providers/${id}/authorize-out`;\n}\n\nexport function isIdentityProviderNameValid(input: string, options: NameValidOptions = {}) : boolean {\n return isNameValid(input, options);\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { IdentityProviderProtocol } from '../constants';\nimport type { IdentityProvider } from '../entity';\nimport type { OpenIDIdentityProvider } from './types';\n\nexport function isOpenIDIdentityProvider(input: IdentityProvider) : input is OpenIDIdentityProvider {\n return input.protocol === IdentityProviderProtocol.OIDC;\n}\n","/*\n * Copyright (c) 2025-2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport zod from 'zod';\nimport { ValidatorGroup } from '../../constants';\nimport { IdentityProviderProtocol } from './constants';\nimport type { IdentityProvider } from './entity';\nimport { IdentityProviderPreset } from './preset';\nimport { isIdentityProviderNameValid } from './utils';\n\nexport class IdentityProviderValidator extends Container<IdentityProvider> {\n protected override initialize() {\n super.initialize();\n\n const nameValidator = createValidator(\n zod.string()\n .trim()\n .toLowerCase()\n .min(3)\n .max(128)\n .check((ctx) => {\n try {\n isIdentityProviderNameValid(ctx.value, { throwOnFailure: true });\n } catch (e) {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: e instanceof Error ? e.message : 'The name is not valid.',\n });\n }\n }),\n );\n\n this.mount('name', { group: ValidatorGroup.CREATE }, nameValidator);\n this.mount('name', {\n group: ValidatorGroup.UPDATE,\n optional: true, \n }, nameValidator);\n\n this.mount('display_name', { optional: true }, createValidator(\n zod.string().min(3).max(256),\n ));\n\n const enabledValidator = createValidator(zod.boolean());\n this.mount('enabled', { group: ValidatorGroup.CREATE }, enabledValidator);\n this.mount('enabled', {\n group: ValidatorGroup.UPDATE,\n optional: true, \n }, enabledValidator);\n\n this.mount(\n 'realm_id',\n {\n group: ValidatorGroup.CREATE,\n optional: true, \n },\n createValidator(zod.uuid()),\n );\n\n this.mount('protocol', createValidator(zod.enum(IdentityProviderProtocol)));\n\n this.mount('preset', { optional: true }, createValidator(zod.enum(IdentityProviderPreset).optional().nullable()));\n }\n}\n","/*\n * Copyright (c) 2026.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { IdentityProviderMappingSyncMode } from '../identity-provider/constants.ts';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { IdentityProviderRoleMapping } from './entity.ts';\n\nexport class IdentityProviderRoleMappingValidator extends Container<\n IdentityProviderRoleMapping\n> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'provider_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'role_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'name',\n { optional: true },\n createValidator(z.string().max(64).nullable()),\n );\n\n this.mount(\n 'value',\n { optional: true },\n createValidator(z.string().max(128).nullable()),\n );\n\n this.mount(\n 'value_is_regex',\n { optional: true },\n createValidator(z.boolean()),\n );\n\n this.mount(\n 'synchronization_mode',\n { optional: true },\n createValidator(z.nativeEnum(IdentityProviderMappingSyncMode).nullable()),\n );\n }\n}\n","/*\n * Copyright (c) 2021.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nexport enum PermissionName {\n CLIENT_CREATE = 'client_create',\n CLIENT_DELETE = 'client_delete',\n CLIENT_UPDATE = 'client_update',\n CLIENT_READ = 'client_read',\n CLIENT_SELF_MANAGE = 'client_self_manage',\n\n CLIENT_PERMISSION_CREATE = 'client_permission_create',\n CLIENT_PERMISSION_DELETE = 'client_permission_delete',\n CLIENT_PERMISSION_READ = 'client_permission_read',\n CLIENT_PERMISSION_UPDATE = 'client_permission_update',\n\n CLIENT_ROLE_CREATE = 'client_role_create',\n CLIENT_ROLE_DELETE = 'client_role_delete',\n CLIENT_ROLE_UPDATE = 'client_role_update',\n CLIENT_ROLE_READ = 'client_role_read',\n\n CLIENT_SCOPE_CREATE = 'client_scope_create',\n CLIENT_SCOPE_DELETE = 'client_scope_delete',\n CLIENT_SCOPE_READ = 'client_scope_read',\n\n IDENTITY_PROVIDER_CREATE = 'identity_provider_create',\n IDENTITY_PROVIDER_DELETE = 'identity_provider_delete',\n IDENTITY_PROVIDER_UPDATE = 'identity_provider_update',\n IDENTITY_PROVIDER_READ = 'identity_provider_read',\n\n IDENTITY_PROVIDER_ROLE_CREATE = 'identity_provider_role_create',\n IDENTITY_PROVIDER_ROLE_DELETE = 'identity_provider_role_delete',\n IDENTITY_PROVIDER_ROLE_UPDATE = 'identity_provider_role_update',\n IDENTITY_PROVIDER_ROLE_READ = 'identity_provider_role_read',\n\n PERMISSION_CREATE = 'permission_create',\n PERMISSION_DELETE = 'permission_delete',\n PERMISSION_UPDATE = 'permission_update',\n PERMISSION_READ = 'permission_read',\n\n REALM_CREATE = 'realm_create',\n REALM_DELETE = 'realm_delete',\n REALM_UPDATE = 'realm_update',\n REALM_READ = 'realm_read',\n\n ROBOT_CREATE = 'robot_create',\n ROBOT_DELETE = 'robot_delete',\n ROBOT_UPDATE = 'robot_update',\n ROBOT_READ = 'robot_read',\n ROBOT_SELF_MANAGE = 'robot_self_manage',\n\n ROBOT_PERMISSION_CREATE = 'robot_permission_create',\n ROBOT_PERMISSION_DELETE = 'robot_permission_delete',\n ROBOT_PERMISSION_READ = 'robot_permission_read',\n ROBOT_PERMISSION_UPDATE = 'robot_permission_update',\n\n ROBOT_ROLE_CREATE = 'robot_role_create',\n ROBOT_ROLE_DELETE = 'robot_role_delete',\n ROBOT_ROLE_UPDATE = 'robot_role_update',\n ROBOT_ROLE_READ = 'robot_role_read',\n\n ROLE_CREATE = 'role_create',\n ROLE_DELETE = 'role_delete',\n ROLE_UPDATE = 'role_update',\n ROLE_READ = 'role_read',\n\n ROLE_PERMISSION_CREATE = 'role_permission_create',\n ROLE_PERMISSION_DELETE = 'role_permission_delete',\n ROLE_PERMISSION_READ = 'role_permission_read',\n ROLE_PERMISSION_UPDATE = 'role_permission_update',\n\n SCOPE_CREATE = 'scope_create',\n SCOPE_DELETE = 'scope_delete',\n SCOPE_UPDATE = 'scope_update',\n SCOPE_READ = 'scope_read',\n\n USER_CREATE = 'user_create',\n USER_DELETE = 'user_delete',\n USER_UPDATE = 'user_update',\n USER_READ = 'user_read',\n USER_SELF_MANAGE = 'user_self_manage',\n\n USER_PERMISSION_CREATE = 'user_permission_create',\n USER_PERMISSION_DELETE = 'user_permission_delete',\n USER_PERMISSION_READ = 'user_permission_read',\n USER_PERMISSION_UPDATE = 'user_permission_update',\n\n USER_ROLE_CREATE = 'user_role_create',\n USER_ROLE_DELETE = 'user_role_delete',\n USER_ROLE_UPDATE = 'user_role_update',\n USER_ROLE_READ = 'user_role_read',\n}\n","/*\n * Copyright (c) 2021-2021.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport type { NameValidOptions } from '../../helpers';\nimport { isNameValid } from '../../helpers';\n\nexport function isPermissionNameValid(name: string, options: NameValidOptions = {}) : boolean {\n return isNameValid(name, options);\n}\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { DecisionStrategy } from '@authup/kit';\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { Permission } from './entity.ts';\nimport { isPermissionNameValid } from './helpers.ts';\n\nexport class PermissionValidator extends Container<\n Permission\n> {\n protected override initialize() {\n super.initialize();\n\n const nameValidator = createValidator(\n z\n .string()\n .trim()\n .toLowerCase()\n .min(3)\n .max(128)\n .check((ctx) => {\n try {\n isPermissionNameValid(ctx.value, { throwOnFailure: true });\n } catch (e) {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: e instanceof Error ? e.message : 'The permission name is not valid.',\n });\n }\n }),\n );\n this.mount('name', { group: ValidatorGroup.CREATE }, nameValidator);\n this.mount('name', {\n group: ValidatorGroup.UPDATE,\n optional: true, \n }, nameValidator);\n\n this.mount(\n 'display_name',\n { optional: true },\n createValidator(z.string().min(3).max(256).nullable()),\n );\n\n this.mount(\n 'description',\n { optional: true },\n createValidator(z.string().min(5).max(4096).nullable()),\n );\n\n this.mount(\n 'client_id',\n { optional: true },\n createValidator(z.uuid().nullable()),\n );\n\n this.mount(\n 'realm_id',\n {\n group: ValidatorGroup.CREATE,\n optional: true, \n },\n createValidator(z.uuid().nullable().optional()),\n );\n\n this.mount(\n 'decision_strategy',\n { optional: true },\n createValidator(\n z.enum(DecisionStrategy)\n .nullable(),\n ),\n );\n }\n}\n","/*\n * Copyright (c) 2026.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { PermissionPolicy } from './entity.ts';\n\nexport class PermissionPolicyValidator extends Container<\n PermissionPolicy\n> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'permission_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'policy_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n }\n}\n","/*\n * Copyright (c) 2021-2021.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport type { NameValidOptions } from '../../helpers';\nimport { isNameValid } from '../../helpers';\nimport type { Policy } from './entity';\n\nexport function isPolicyNameValid(name: string, options: NameValidOptions = {}) : boolean {\n return isNameValid(name, options);\n}\n\nexport function isPolicy(input: Record<string, any>): input is Policy {\n return typeof input === 'object' &&\n input !== null &&\n typeof input.id === 'string' &&\n typeof input.type === 'string';\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { Policy } from './entity.ts';\nimport { isPolicyNameValid } from './helpers.ts';\n\nexport class PolicyValidator extends Container<\n Policy\n> {\n protected override initialize() {\n super.initialize();\n\n const nameValidator = createValidator(\n z\n .string()\n .trim()\n .toLowerCase()\n .min(3)\n .max(128)\n .check((ctx) => {\n try {\n isPolicyNameValid(ctx.value, { throwOnFailure: true });\n } catch (e) {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: e instanceof Error ? e.message : 'The policy name is not valid.',\n });\n }\n }),\n );\n\n this.mount('name', { group: ValidatorGroup.CREATE }, nameValidator);\n this.mount('name', {\n group: ValidatorGroup.UPDATE,\n optional: true, \n }, nameValidator);\n\n this.mount(\n 'display_name',\n { optional: true },\n createValidator(z.string().min(3).max(256).nullable()),\n );\n\n this.mount(\n 'invert',\n { optional: true },\n createValidator(z.boolean()),\n );\n\n this.mount(\n 'type',\n { group: ValidatorGroup.CREATE },\n createValidator(z.string().min(3).max(128)),\n );\n\n this.mount(\n 'parent_id',\n { optional: true },\n createValidator(z.uuid().nullable()),\n );\n\n this.mount(\n 'realm_id',\n {\n group: ValidatorGroup.CREATE,\n optional: true, \n },\n createValidator(z.uuid().nullable()),\n );\n }\n}\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nexport const REALM_MASTER_NAME = 'master';\nexport const REALM_NAME_REGEX = /^[a-zA-Z0-9_]{3,128}$/;\n","/*\n * Copyright (c) 2021-2021.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport type { NameValidOptions } from '../../helpers';\nimport { isNameValid } from '../../helpers';\n\nexport function isRealmNameValid(name: string, options: NameValidOptions = {}) : boolean {\n return isNameValid(name, options);\n}\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { Realm } from './entity.ts';\nimport { isRealmNameValid } from './helpers.ts';\n\nexport class RealmValidator extends Container<\n Realm\n> {\n protected override initialize() {\n super.initialize();\n\n const nameValidator = createValidator(\n z\n .string()\n .trim()\n .toLowerCase()\n .min(3)\n .max(128)\n .check((ctx) => {\n try {\n isRealmNameValid(ctx.value, { throwOnFailure: true });\n } catch (e) {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: e instanceof Error ? e.message : 'The realm name is not valid.',\n });\n }\n }),\n );\n\n this.mount('name', { group: ValidatorGroup.CREATE }, nameValidator);\n this.mount('name', {\n group: ValidatorGroup.UPDATE,\n optional: true, \n }, nameValidator);\n\n this.mount(\n 'display_name',\n { optional: true },\n createValidator(z.string().min(3).max(256).nullable()),\n );\n\n this.mount(\n 'description',\n { optional: true },\n createValidator(z.string().min(5).max(4096).nullable()),\n );\n }\n}\n","/*\n * Copyright (c) 2021-2021.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport type { NameValidOptions } from '../../helpers';\nimport { isNameValid } from '../../helpers';\n\nexport function isRobotNameValid(name: string, options: NameValidOptions = {}) : boolean {\n return isNameValid(name, options);\n}\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { AuthupError, ErrorCode } from '@authup/errors';\n\nexport class RobotError extends AuthupError {\n static credentialsInvalid() {\n return new RobotError({\n code: ErrorCode.ENTITY_CREDENTIALS_INVALID,\n message: 'The robot credentials are invalid.',\n });\n }\n\n static notFound() {\n return new RobotError({\n code: ErrorCode.ENTITY_NOT_FOUND,\n message: 'The robot account was not found.',\n });\n }\n\n static inactive() {\n return new RobotError({\n code: ErrorCode.ENTITY_INACTIVE,\n message: 'The robot account is inactive.',\n });\n }\n}\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { Robot } from './entity.ts';\nimport { isRobotNameValid } from './helpers.ts';\n\nexport class RobotValidator extends Container<\n Robot\n> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'secret',\n { optional: true },\n createValidator(z.string().min(3).max(256).nullable()),\n );\n\n this.mount(\n 'active',\n { optional: true },\n createValidator(z.boolean()),\n );\n\n const nameValidator = createValidator(\n z\n .string()\n .trim()\n .toLowerCase()\n .min(3)\n .max(128)\n .check((ctx) => {\n try {\n isRobotNameValid(ctx.value, { throwOnFailure: true });\n } catch (e) {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: e instanceof Error ? e.message : 'The robot name is not valid.',\n });\n }\n }),\n );\n\n this.mount(\n 'name',\n { group: ValidatorGroup.CREATE },\n nameValidator,\n );\n this.mount(\n 'name',\n {\n group: ValidatorGroup.UPDATE,\n optional: true, \n },\n nameValidator,\n );\n\n this.mount(\n 'display_name',\n { optional: true },\n createValidator(z.string().min(3).max(256).nullable()),\n );\n\n this.mount(\n 'description',\n { optional: true },\n createValidator(z.string().min(5).max(4096).nullable()),\n );\n\n this.mount(\n 'user_id',\n { optional: true },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'realm_id',\n {\n group: ValidatorGroup.CREATE,\n optional: true, \n },\n createValidator(z.uuid()),\n );\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { RobotPermission } from './entity.ts';\n\nexport class RobotPermissionValidator extends Container<\n RobotPermission\n> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'robot_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'permission_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'policy_id',\n { optional: true },\n createValidator(z.uuid().nullable()),\n );\n }\n}\n","/*\n * Copyright (c) 2025.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { RobotRole } from './entity.ts';\n\nexport class RobotRoleValidator extends Container<\n RobotRole\n> {\n protected override initialize() {\n super.initialize();\n\n this.mount(\n 'robot_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n\n this.mount(\n 'role_id',\n { group: ValidatorGroup.CREATE },\n createValidator(z.uuid()),\n );\n }\n}\n","/*\n * Copyright (c) 2024.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nexport const ROLE_ADMIN_NAME = 'admin';\nexport const ROLE_REALM_ADMIN_NAME = 'realm_admin';\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport type { NameValidOptions } from '../../helpers';\nimport { isNameValid } from '../../helpers';\n\nexport function isRoleNameValid(name: string, options: NameValidOptions = {}) : boolean {\n return isNameValid(name, options);\n}\n","/*\n * Copyright (c) 2022.\n * Author Peter Placzek (tada5hi)\n * For the full copyright and license information,\n * view the LICENSE file that was distributed with this source code.\n */\n\nimport { createValidator } from '@validup/adapter-zod';\nimport { Container } from 'validup';\nimport { z } from 'zod';\nimport { ValidatorGroup } from '../../constants.ts';\nimport type { Role } from './entity.ts';\nimport { isRoleNameValid } from './utils.ts';\n\nexport class RoleValidator extends Container<\n Role\n> {\n protected override initialize() {\n super.initialize();\n\n const nameValidator = createValidator(\n z\n .string()\n .trim()\n .toLowerCase()\n .min(3)\n .max(128)\n .check((ctx) => {\n try {\n isRoleNameValid(ctx.value, { throwOnFailure: true });\n } catch (e) {\n ctx.issues.push({\n input: ctx.value,\n code: 'custom',\n message: e instanceof Error ? e.message : 'The role name is not valid.',\n });\n }\n }),\n