moleculer-iam/dist/op/app/index.js

Centralized IAM module for moleculer. Including a certified OIDC provider and an Identity provider for user profile, credentials, and custom claims management. Custom claims could be defined/updated by declarative schema which contains claims validation a

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.buildApplication = void 0;
const tslib_1 = require("tslib");
const _ = tslib_1.__importStar(require("lodash"));
const oidc_provider_1 = require("oidc-provider");
const proxy_1 = require("../proxy");
const federation_1 = require("./federation");
const routes_1 = require("./routes");
const abort_1 = require("./abort");
const find_email_1 = require("./find_email");
const reset_password_1 = require("./reset_password");
const verify_email_1 = require("./verify_email");
const verify_phone_1 = require("./verify_phone");
const register_1 = require("./register");
const federate_1 = require("./federate");
const login_1 = require("./login");
const consent_1 = require("./consent");
function buildApplication(builder, opts = {}) {
    const { prefix = "/op", federation = {}, renderer = {} } = opts;
    builder
        // set routes url prefix
        .setPrefix(prefix)
        // extend client metadata
        .setExtraClientMetadata({
        // skip consent phase for skip_consent feature enabled client
        properties: ["skip_consent"],
        validator(k, v, meta) {
            switch (k) {
                case "skip_consent":
                    if (typeof v !== "boolean") {
                        // throw new OIDCErrors.InvalidClientMetadata("skip_consent should be boolean type value");
                        meta.skip_consent = false;
                    }
                    break;
                default:
                    throw new proxy_1.OIDCErrors.InvalidClientMetadata("unknown client property: " + k);
            }
        },
    })
        .setExtraParams([
        // /login?change_account=true to not auto-fill signed in session account
        "change_account",
        // /login?federate=google to automatically start federation process
        "federate",
    ])
        // configure app
        .app
        // set supported prompts (), custom policies like: MFA, captcha, rate limit can be added
        .setPrompts([
        oidc_provider_1.interactionPolicy.base().get("login"),
        oidc_provider_1.interactionPolicy.base().get("consent"),
    ])
        .setRoutesFactory(routes_1.createApplicationRoutesFactory(builder, opts))
        // set app renderer
        .setRendererFactory(renderer.factory || require("moleculer-iam-app"), renderer.options)
        // configure federation
        .federation
        // callback URL is /op/federate/:providerName
        .setCallbackPrefix("/federate")
        .setProviderConfigurationMap(_.defaultsDeep(federation, federation_1.identityFederationProviderOptionsPreset));
    // build app routes
    abort_1.buildAbortRoutes(builder, opts);
    find_email_1.buildFindEmailRoutes(builder, opts);
    verify_email_1.buildVerifyEmailRoutes(builder, opts);
    verify_phone_1.buildVerifyPhoneRoutes(builder, opts);
    reset_password_1.buildResetPasswordRoutes(builder, opts);
    register_1.buildRegisterRoutes(builder, opts);
    federate_1.buildFederateRoutes(builder, opts);
    login_1.buildLoginRoutes(builder, opts);
    consent_1.buildConsentRoutes(builder, opts);
}
exports.buildApplication = buildApplication;
//# sourceMappingURL=index.js.map