From 94b119f0627ec698dbca2e6924db1370960e2a06 Mon Sep 17 00:00:00 2001 From: Alan Bridgeman Date: Sun, 11 Jan 2026 01:34:37 -0600 Subject: [PATCH] Updated auth package and made corresponding changes within the code including creating types etc... + separated oauth stuff to it's own folder --- package.json | 6 +++- src/index.ts | 4 +-- src/{ => oauth}/OAuthApp.ts | 25 +++++++++++--- src/oauth/index.ts | 9 +++++ src/oauth/types/AppSubscriptionTier.ts | 9 +++++ .../types/BridgemanAccessibleAppClaims.ts | 33 +++++++++++++++++++ yarn.lock | 8 ++--- 7 files changed, 81 insertions(+), 13 deletions(-) rename src/{ => oauth}/OAuthApp.ts (92%) create mode 100644 src/oauth/index.ts create mode 100644 src/oauth/types/AppSubscriptionTier.ts create mode 100644 src/oauth/types/BridgemanAccessibleAppClaims.ts diff --git a/package.json b/package.json index cada60c..3a55284 100644 --- a/package.json +++ b/package.json @@ -13,6 +13,10 @@ "types": "./index.d.ts", "default": "./index.js" }, + "./oauth": { + "types": "./oauth/index.d.ts", + "default": "./oauth/index.js" + }, "./middlewares": { "types": "./middlewares/index.d.ts", "default": "./middlewares/index.js" @@ -35,7 +39,7 @@ "create-ba-web-app": "node ./bin/create-project.js" }, "dependencies": { - "@BridgemanAccessible/ba-auth": "^1.0.20", + "@BridgemanAccessible/ba-auth": "^1.0.21", "@BridgemanAccessible/ba-logging": "^1.0.1", "express": "^4.19.2", "fs-extra": "^11.2.0", diff --git a/src/index.ts b/src/index.ts index 7982d88..6dd48ae 100644 --- a/src/index.ts +++ b/src/index.ts @@ -3,15 +3,13 @@ import { Initializer } from './Initializer.js'; import { Router } from './Router.js'; import { Renderer } from './Renderer.js'; import { StaticFileResolver } from './StaticFileResolver.js'; -import { OAuthApp } from './OAuthApp.js'; export { App, Initializer, Router, Renderer, - StaticFileResolver, - OAuthApp + StaticFileResolver }; export * from './controllers/index.js'; diff --git a/src/OAuthApp.ts b/src/oauth/OAuthApp.ts similarity index 92% rename from src/OAuthApp.ts rename to src/oauth/OAuthApp.ts index ca081b4..a17746b 100644 --- a/src/OAuthApp.ts +++ b/src/oauth/OAuthApp.ts @@ -4,16 +4,23 @@ import Client from '@BridgemanAccessible/ba-auth/client'; import type { OnAuthCallback } from '@BridgemanAccessible/ba-auth/client'; import { logMessage, LogLevel } from '@BridgemanAccessible/ba-logging'; -import { App } from './App.js'; -import { Initializer } from './Initializer.js'; +import { App } from '../App.js'; +import { Initializer } from '../Initializer.js'; -import { getValueFromEnvironmentVariable } from './utils/env-vars.js'; +import { getValueFromEnvironmentVariable } from '../utils/env-vars.js'; + +import type { BridgemanAccessibleAppClaims } from './types/BridgemanAccessibleAppClaims.js'; +import type { AppSubscriptionTier } from './types/AppSubscriptionTier.js'; type OAuthAppOptions = { /** The base URL of the app */ baseAppUrl?: URL, /** The abbreviation of the app */ appAbbrv?: string, + /** If a subscription is required */ + subscriptionRequired?: boolean, + /** The subscription tiers available for the app */ + subscriptionTiers?: AppSubscriptionTier[], /** The name of the app */ appName?: string | { /** Localized versions of the app name */ @@ -47,6 +54,8 @@ export class OAuthApp extends App { private baseAppUrl?: URL; private appAbbrv?: string; + private subscriptionRequired?: boolean; + private subscriptionTiers?: AppSubscriptionTier[]; private appName?: string | { [language: string]: string }; private contacts?: string[]; private scopes?: Scopes[]; @@ -107,6 +116,8 @@ export class OAuthApp extends App { if(typeof options !== 'undefined') { this.baseAppUrl = options.baseAppUrl; this.appAbbrv = options.appAbbrv; + this.subscriptionRequired = options.subscriptionRequired; + this.subscriptionTiers = options.subscriptionTiers; this.appName = options.appName; this.contacts = options.contacts; this.scopes = options.scopes; @@ -149,12 +160,16 @@ export class OAuthApp extends App { .getRouter() .addOutsideFrameworkRoute('/.well-known/jwks.json'); - const client = await Client.setup( + const client = await Client.setup( app.getExpressApp(), baseAppUrl, this.onAuth, this.saveSecret, - appAbbrv, + { + client_abbreviation: appAbbrv, + subscription_required: this.subscriptionRequired ?? false, + subscription_tiers: this.subscriptionTiers + }, this.appName, this.scopes, { diff --git a/src/oauth/index.ts b/src/oauth/index.ts new file mode 100644 index 0000000..a802d62 --- /dev/null +++ b/src/oauth/index.ts @@ -0,0 +1,9 @@ +import { OAuthApp } from './OAuthApp.js'; +import { BridgemanAccessibleAppClaims } from './types/BridgemanAccessibleAppClaims.js'; +import { AppSubscriptionTier } from './types/AppSubscriptionTier.js'; + +export { + OAuthApp, + BridgemanAccessibleAppClaims, + AppSubscriptionTier +} \ No newline at end of file diff --git a/src/oauth/types/AppSubscriptionTier.ts b/src/oauth/types/AppSubscriptionTier.ts new file mode 100644 index 0000000..82ea8f2 --- /dev/null +++ b/src/oauth/types/AppSubscriptionTier.ts @@ -0,0 +1,9 @@ +/** App subscription tier (mostly for app registration) */ +export interface AppSubscriptionTier { + id: string; + name: string; // e.g., "Free", "Pro" + cost: number; // e.g., 1000 (cents) + currency: string; // e.g., "USD" + description?: string; + // You can add 'features' list here if needed +} \ No newline at end of file diff --git a/src/oauth/types/BridgemanAccessibleAppClaims.ts b/src/oauth/types/BridgemanAccessibleAppClaims.ts new file mode 100644 index 0000000..497302a --- /dev/null +++ b/src/oauth/types/BridgemanAccessibleAppClaims.ts @@ -0,0 +1,33 @@ +import { ClientCustomClaims } from '@BridgemanAccessible/ba-auth/server'; + +import { AppSubscriptionTier } from './AppSubscriptionTier.js'; + +/** + * The custom registration claims (for Bridgeman Accessible apps) as used by this server + * + * This allows registering apps to specify very specific things this Authorization Server supports, such as: + * - their subscription tiers + * - and client abbreviation. + * + * Which are useful internally to this server and clients/apps registering with it. + * But aren't a part of the major OAuth2 standards supported by the Auth library + * (and aren't helpful for other Authorization Server implementations). + */ +export interface BridgemanAccessibleAppClaims extends ClientCustomClaims { + /** + * The abbreviation for the app + * + * This is used as a prefix for related user properties associated with the app. + * + * For example, take the "Accessible Events Platform", with the abbreviation "aep". + * If we want to store some kind of ID for it, the property in the user might be `aepId`. + * And all apps would follow this pattern of ``. + */ + client_abbreviation: string; + + /** Whether a paid subscription is mandatory to use the app */ + subscription_required: boolean; + + /** The available subscription tiers for this client application */ + subscription_tiers?: AppSubscriptionTier[]; +} \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 491937d..946a171 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2,10 +2,10 @@ # yarn lockfile v1 -"@BridgemanAccessible/ba-auth@^1.0.20": - version "1.0.20" - resolved "https://npm.pkg.bridgemanaccessible.ca/@BridgemanAccessible/ba-auth/-/ba-auth-1.0.20.tgz#3e9c5b5608b1a01fe0d9b70fba27dc9a8dc3e470" - integrity sha512-tHNVLc6ZX7uE/6bXpMfHqO6Yw/HQw0eQuP17YxvwJdLO+UTinirtMNJ43UQMAonmxrMkwTK0emfV/R13qiW4HA== +"@BridgemanAccessible/ba-auth@^1.0.21": + version "1.0.21" + resolved "https://npm.pkg.bridgemanaccessible.ca/@BridgemanAccessible/ba-auth/-/ba-auth-1.0.21.tgz#288b72f5f40b634ca34ace34400857e0fe62cb20" + integrity sha512-3KkRj1SwYUot64/CoLGOojPLORTTXhqBBJIMVS4bpXOj695TXOluoNAv2dH0n61cfKCbBxbVnwt6h1AQq7cvfw== dependencies: "@BridgemanAccessible/ba-logging" "^1.0.1" "@azure/identity" "^4.0.1"