From ca9ff7ba259dbe72bbb0fdb4886a4856ce3376d9 Mon Sep 17 00:00:00 2001 From: kyy Date: Wed, 6 May 2026 10:52:59 +0900 Subject: [PATCH] first commit --- .env.sample | 7 + .gitignore | 33 ++ Dockerfile | 12 + README.md | 69 ++++ app.js | 470 ++++++++++++++++++++++ docker-compose.yml | 22 + package-lock.json | 980 +++++++++++++++++++++++++++++++++++++++++++++ package.json | 19 + views/error.ejs | 26 ++ views/index.ejs | 25 ++ views/profile.ejs | 28 ++ 11 files changed, 1691 insertions(+) create mode 100644 .env.sample create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 app.js create mode 100644 docker-compose.yml create mode 100644 package-lock.json create mode 100644 package.json create mode 100644 views/error.ejs create mode 100644 views/index.ejs create mode 100644 views/profile.ejs diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..179ce3a --- /dev/null +++ b/.env.sample @@ -0,0 +1,7 @@ +PORT=3000 +SESSION_SECRET=a-very-secret-key-for-session +OIDC_ISSUER_URL=https://sso-test.hmac.kr/oidc +OIDC_CLIENT_ID=220df97e-c2c2-435b-94b8-d76d753f6b94 +OIDC_CLIENT_SECRET=Nae9rle3BlHW5cX9O1SxPZHax3k +OIDC_REDIRECT_URI=http://localhost:3000/callback +BARON_API_BASE_URL=https://sso-test.hmac.kr diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bc922ab --- /dev/null +++ b/.gitignore @@ -0,0 +1,33 @@ +# Dependencies +node_modules +/jspm_packages/ + +# Debug logs +npm-debug.log* +yarn-debug.log* +yarn-error.log* +pnpm-debug.log* + +# Environment variables +.env +.env.local +.env.development.local +.env.test.local +.env.production.local + +# OS files +.DS_Store +Thumbs.db + +# IDEs and editors +.vscode/ +.idea/ +*.swp +*.swo + +# Docker +.docker-compose.override.yml + +# Logs +logs +*.log diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..6c3230a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +FROM node:20-alpine + +WORKDIR /app + +COPY package*.json ./ +RUN npm install + +COPY . . + +EXPOSE 3000 + +CMD ["node", "app.js"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..026cb87 --- /dev/null +++ b/README.md @@ -0,0 +1,69 @@ +# Baron SSO Login Demo (Express.js) + +이 프로젝트는 `baron-sso`의 OIDC 로그인을 테스트하기 위한 단순한 Expressjs 데모 페이지입니다. + +## 사전 준비 + +1. `baron-sso` 프로젝트가 실행 중이어야 합니다. +2. `baron_net` 네트워크가 생성되어 있어야 합니다. + +## 1. OIDC 클라이언트 등록 + +`baron-sso` 프로젝트 폴더에서 다음 명령을 실행하여 데모용 클라이언트를 Hydra에 등록합니다. + +```bash +docker exec ory_hydra \ + hydra create oauth2-client \ + --endpoint http://127.0.0.1:4445 \ + --id demo-client \ + --secret demo-secret \ + --grant-type authorization_code,refresh_token \ + --response-type code \ + --scope openid,offline_access,profile,email \ + --redirect-uri http://localhost:3000/callback +``` + +## 2. 데모 페이지 실행 + +이 폴더(`baron-sso-login-demo`)에서 다음 명령을 실행합니다. + +```bash +docker-compose up --build +``` + +## 3. 테스트 + +1. 브라우저에서 `http://localhost:3000`에 접속합니다. +2. "Login with Baron SSO" 버튼을 클릭합니다. +3. `baron-sso` 로그인 화면으로 리다이렉트되면 로그인을 진행합니다. +4. 로그인 성공 후 사용자 프로필 정보가 표시되는지 확인합니다. + +## 환경 변수 설정 (.env) + +필요에 따라 `.env` 파일을 생성하여 설정을 변경할 수 있습니다. + +- `OIDC_ISSUER_URL`: Baron SSO의 OIDC Issuer URL (기본값: `http://localhost:5000/oidc`) +- `OIDC_CLIENT_ID`: 등록한 클라이언트 ID +- `OIDC_CLIENT_SECRET`: 등록한 클라이언트 시크릿 +- `OIDC_REDIRECT_URI`: 콜백 URL +- `BARON_API_BASE_URL`: Baron Backend/Public Gateway 기준 URL. 기본적으로 `OIDC_ISSUER_URL`에서 `/oidc`를 제거한 값을 사용합니다. +- `BARON_BACKCHANNEL_JWKS_URL`: Baron이 서명한 `logout_token` 검증용 JWKS URL. 기본값은 `/api/v1/auth/backchannel/jwks.json` 입니다. + +## 세션 종료 / 연동 해지 동작 + +이 데모 앱은 두 경로로 로그아웃을 반영합니다. + +1. 기본 경로: 각 요청마다 Baron의 `GET /api/v1/user/me`를 Bearer token으로 호출하여 현재 Baron 세션이 아직 유효한지 다시 확인합니다. Baron 세션이 무효하면 다음 요청에서 로컬 세션을 정리합니다. +2. Back-Channel Logout 경로: `POST /backchannel-logout` 엔드포인트에서 Baron이 전송한 `logout_token`을 검증하고, `sid` 또는 `sub`에 매핑된 `express-session` 세션을 즉시 파기합니다. + +### Back-Channel Logout 테스트 전제 + +- DevFront에서 대상 RP에 `Back-Channel Logout URI`를 `http://localhost:3000/backchannel-logout` 또는 외부 접근 가능한 주소로 설정해야 합니다. +- Baron 서버가 해당 데모 앱 주소에 직접 접근 가능해야 합니다. +- 로그인 후 ID Token의 `sid` 또는 `sub`를 기준으로 RP 세션이 메모리에 매핑됩니다. + +따라서 다음 상황을 테스트할 수 있습니다. + +- UserFront에서 `세션 종료` 후 Baron이 RP에 백채널 로그아웃을 전송하는지 +- UserFront에서 `연동 해지` 후 RP 세션이 즉시 파기되는지 +- RP 보호 페이지 접근 시 이미 로그아웃 상태인지 diff --git a/app.js b/app.js new file mode 100644 index 0000000..9bfbc0c --- /dev/null +++ b/app.js @@ -0,0 +1,470 @@ +require('dotenv').config(); +const express = require('express'); +const session = require('express-session'); +const { + discovery, + randomPKCECodeVerifier, + randomNonce, + randomState, + calculatePKCECodeChallenge, + buildAuthorizationUrl, + authorizationCodeGrant, + fetchUserInfo, +} = require('openid-client'); +const { createRemoteJWKSet, jwtVerify } = require('jose'); +const path = require('path'); + +process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; + +const BACKCHANNEL_LOGOUT_EVENT_URI = + 'http://schemas.openid.net/event/backchannel-logout'; +const LOGOUT_TOKEN_REPLAY_TTL_MS = 10 * 60 * 1000; + +const app = express(); +const port = process.env.PORT || 3000; + +const sidToSessionIds = new Map(); +const subToSessionIds = new Map(); +const sessionIdToBinding = new Map(); +const processedLogoutTokens = new Map(); + +app.set('view engine', 'ejs'); +app.set('views', path.join(__dirname, 'views')); + +app.use(express.urlencoded({ extended: false })); + +const sessionMiddleware = session({ + name: 'baron.demo.sid', + secret: process.env.SESSION_SECRET || 'demo-session-secret', + resave: true, + saveUninitialized: true, + cookie: { + secure: false, + httpOnly: true, + sameSite: 'lax', + maxAge: 30 * 60 * 1000, + }, +}); +app.use(sessionMiddleware); + +function deriveBaronApiBaseUrl() { + const explicit = (process.env.BARON_API_BASE_URL || '').trim(); + if (explicit) { + return explicit.replace(/\/$/, ''); + } + + const issuerUrl = (process.env.OIDC_ISSUER_URL || 'http://localhost:5000/oidc').trim(); + return issuerUrl.replace(/\/oidc\/?$/, ''); +} + +function deriveBackchannelJwksUrl() { + const explicit = (process.env.BARON_BACKCHANNEL_JWKS_URL || '').trim(); + if (explicit) { + return explicit; + } + return `${deriveBaronApiBaseUrl()}/api/v1/auth/backchannel/jwks.json`; +} + +function addSessionBinding(map, key, sessionId) { + if (!key) { + return; + } + let existing = map.get(key); + if (!existing) { + existing = new Set(); + map.set(key, existing); + } + existing.add(sessionId); +} + +function removeSessionBindingFromMap(map, key, sessionId) { + if (!key) { + return; + } + const existing = map.get(key); + if (!existing) { + return; + } + existing.delete(sessionId); + if (existing.size === 0) { + map.delete(key); + } +} + +function removeSessionBinding(sessionId) { + const existing = sessionIdToBinding.get(sessionId); + if (!existing) { + return; + } + + removeSessionBindingFromMap(sidToSessionIds, existing.sid, sessionId); + removeSessionBindingFromMap(subToSessionIds, existing.sub, sessionId); + sessionIdToBinding.delete(sessionId); +} + +function registerSessionBinding(sessionId, claims) { + const sid = typeof claims?.sid === 'string' ? claims.sid.trim() : ''; + const sub = typeof claims?.sub === 'string' ? claims.sub.trim() : ''; + + removeSessionBinding(sessionId); + sessionIdToBinding.set(sessionId, { sid, sub }); + addSessionBinding(sidToSessionIds, sid, sessionId); + addSessionBinding(subToSessionIds, sub, sessionId); + + console.log('[Session Binding] Registered', { + sessionId, + sid: sid || '(none)', + sub: sub || '(none)', + }); +} + +function getSessionIdsForLogoutClaims(claims) { + const targets = new Set(); + const sid = typeof claims?.sid === 'string' ? claims.sid.trim() : ''; + const sub = typeof claims?.sub === 'string' ? claims.sub.trim() : ''; + + if (sid && sidToSessionIds.has(sid)) { + for (const sessionId of sidToSessionIds.get(sid)) { + targets.add(sessionId); + } + } + + if (targets.size === 0 && sub && subToSessionIds.has(sub)) { + for (const sessionId of subToSessionIds.get(sub)) { + targets.add(sessionId); + } + } + + return Array.from(targets); +} + +function destroySessionById(store, sessionId) { + return new Promise((resolve, reject) => { + store.destroy(sessionId, (err) => { + if (err) { + reject(err); + return; + } + resolve(); + }); + }); +} + +function cleanupProcessedLogoutTokens(now = Date.now()) { + for (const [jti, expiresAt] of processedLogoutTokens.entries()) { + if (expiresAt <= now) { + processedLogoutTokens.delete(jti); + } + } +} + +function rememberProcessedLogoutToken(jti) { + cleanupProcessedLogoutTokens(); + if (processedLogoutTokens.has(jti)) { + return false; + } + processedLogoutTokens.set(jti, Date.now() + LOGOUT_TOKEN_REPLAY_TTL_MS); + return true; +} + +async function validateBaronSession(accessToken) { + if (!accessToken) { + return { ok: false, reason: 'missing_access_token' }; + } + + const baseUrl = deriveBaronApiBaseUrl(); + const response = await fetch(`${baseUrl}/api/v1/user/me`, { + method: 'GET', + headers: { + Authorization: `Bearer ${accessToken}`, + Accept: 'application/json', + }, + }); + + if (!response.ok) { + const detail = await response.text().catch(() => ''); + return { + ok: false, + reason: `baron_validation_failed:${response.status}`, + detail, + }; + } + + const profile = await response.json().catch(() => null); + return { ok: true, profile }; +} + +function destroyDemoSession(req, res) { + const sessionId = req.sessionID; + removeSessionBinding(sessionId); + + return new Promise((resolve) => { + req.session.destroy(() => { + if (res) { + res.clearCookie('baron.demo.sid'); + } + resolve(); + }); + }); +} + +async function verifyBackchannelLogoutToken({ + logoutToken, + expectedIssuer, + expectedAudience, + jwks, +}) { + const { payload } = await jwtVerify(logoutToken, jwks, { + issuer: expectedIssuer, + audience: expectedAudience, + }); + + if (payload.nonce !== undefined) { + throw new Error('logout_token must not include nonce'); + } + + if (!payload.events || typeof payload.events !== 'object') { + throw new Error('logout_token is missing events claim'); + } + + if (!(BACKCHANNEL_LOGOUT_EVENT_URI in payload.events)) { + throw new Error('logout_token is missing back-channel logout event'); + } + + const sid = typeof payload.sid === 'string' ? payload.sid.trim() : ''; + const sub = typeof payload.sub === 'string' ? payload.sub.trim() : ''; + if (!sid && !sub) { + throw new Error('logout_token requires sid or sub'); + } + + const jti = typeof payload.jti === 'string' ? payload.jti.trim() : ''; + if (!jti) { + throw new Error('logout_token is missing jti'); + } + if (!rememberProcessedLogoutToken(jti)) { + throw new Error('logout_token replay detected'); + } + + return { + sid, + sub, + jti, + payload, + }; +} + +async function destroySessionsForLogout(store, claims) { + const sessionIds = getSessionIdsForLogoutClaims(claims); + let destroyedCount = 0; + + for (const sessionId of sessionIds) { + removeSessionBinding(sessionId); + try { + await destroySessionById(store, sessionId); + destroyedCount += 1; + } catch (error) { + console.error('[Backchannel Logout] Failed to destroy session', { + sessionId, + error: error.message, + }); + } + } + + return { sessionIds, destroyedCount }; +} + +async function setupOIDC() { + const issuerUrl = process.env.OIDC_ISSUER_URL || 'http://localhost:5000/oidc'; + const clientId = process.env.OIDC_CLIENT_ID || 'demo-client'; + const redirectUri = process.env.OIDC_REDIRECT_URI || 'http://localhost:3000/callback'; + const backchannelJwksUrl = deriveBackchannelJwksUrl(); + const backchannelJwks = createRemoteJWKSet(new URL(backchannelJwksUrl)); + + console.log(`Discovering issuer: ${issuerUrl}`); + console.log(`Back-channel logout JWKS: ${backchannelJwksUrl}`); + const issuer = await discovery(new URL(issuerUrl), clientId); + issuer.token_endpoint_auth_method = 'none'; + + app.use(async (req, res, next) => { + const skipPaths = new Set(['/login', '/callback', '/logout', '/backchannel-logout']); + if (skipPaths.has(req.path)) { + return next(); + } + + const accessToken = req.session?.user?.tokenset?.access_token; + if (!accessToken) { + return next(); + } + + try { + const validation = await validateBaronSession(accessToken); + if (validation.ok) { + if (validation.profile) { + req.session.user.userinfo = validation.profile; + } + return next(); + } + + console.warn('[Session Validation] Baron session is no longer valid', { + path: req.path, + reason: validation.reason, + }); + await destroyDemoSession(req, res); + return res.redirect('/'); + } catch (error) { + console.error('[Session Validation] Failed to validate Baron session', error); + await destroyDemoSession(req, res); + return res.redirect('/'); + } + }); + + app.get('/', (req, res) => { + res.render('index', { user: req.session.user }); + }); + + app.get('/login', async (req, res) => { + console.log(`\n[Login Start] Session: ${req.sessionID}`); + + if (!req.session.state) { + req.session.code_verifier = randomPKCECodeVerifier(); + req.session.state = randomState(); + req.session.nonce = randomNonce(); + console.log(`[Login] New state generated: ${req.session.state}`); + } else { + console.log(`[Login] Re-using existing state: ${req.session.state}`); + } + + const code_challenge = await calculatePKCECodeChallenge(req.session.code_verifier); + + req.session.save((err) => { + if (err) { + return res.status(500).send('Session save failed'); + } + + const url = buildAuthorizationUrl(issuer, { + redirect_uri: redirectUri, + scope: 'openid profile email', + code_challenge, + code_challenge_method: 'S256', + nonce: req.session.nonce, + state: req.session.state, + }); + + res.redirect(url.href); + }); + }); + + app.get('/callback', async (req, res) => { + console.log(`\n[Callback Start] Session: ${req.sessionID}`); + console.log(`[Callback Info] State from URL: ${req.query.state}`); + console.log(`[Callback Info] State in Session: ${req.session.state}`); + + if (!req.session.state || !req.session.code_verifier) { + if (req.session.user) { + return res.redirect('/profile'); + } + + return res.status(400).render('error', { + message: 'Session Data Missing', + detail: '세션 정보가 유실되었습니다. 브라우저가 쿠키를 차단했는지 확인하세요.', + }); + } + + try { + const currentUrl = new URL(req.url, `http://${req.headers.host}`); + const tokenset = await authorizationCodeGrant( + issuer, + currentUrl, + { + expectedNonce: req.session.nonce, + expectedState: req.session.state, + pkceCodeVerifier: req.session.code_verifier, + }, + ); + + console.log('[Callback Success] Token exchanged'); + + const tokenClaims = tokenset.claims(); + const userinfo = await fetchUserInfo( + issuer, + tokenset.access_token, + tokenClaims.sub, + ).catch(() => tokenClaims); + + req.session.user = { tokenset, userinfo }; + registerSessionBinding(req.sessionID, tokenClaims); + + delete req.session.state; + delete req.session.code_verifier; + delete req.session.nonce; + + req.session.save(() => res.redirect('/profile')); + } catch (err) { + console.error('[Callback Error]', err); + res.status(500).render('error', { + message: 'Authentication Failed', + detail: err.message, + }); + } + }); + + app.post('/backchannel-logout', async (req, res) => { + const logoutToken = typeof req.body.logout_token === 'string' + ? req.body.logout_token.trim() + : ''; + + if (!logoutToken) { + return res.status(400).json({ error: 'logout_token is required' }); + } + + try { + const claims = await verifyBackchannelLogoutToken({ + logoutToken, + expectedIssuer: issuerUrl, + expectedAudience: clientId, + jwks: backchannelJwks, + }); + + const result = await destroySessionsForLogout(sessionMiddleware.store, claims); + console.log('[Backchannel Logout] Processed', { + sid: claims.sid || '(none)', + sub: claims.sub || '(none)', + destroyedCount: result.destroyedCount, + sessionIds: result.sessionIds, + }); + + return res.status(200).json({ + success: true, + destroyedSessionCount: result.destroyedCount, + }); + } catch (error) { + console.error('[Backchannel Logout] Verification failed', error); + return res.status(400).json({ + error: 'invalid logout token', + detail: error.message, + }); + } + }); + + app.get('/profile', (req, res) => { + if (!req.session.user) { + return res.redirect('/'); + } + res.render('profile', { user: req.session.user }); + }); + + app.get('/logout', (req, res) => { + destroyDemoSession(req, res).then(() => { + res.redirect('/'); + }); + }); + + app.listen(port, '0.0.0.0', () => { + console.log(`Demo app listening at http://localhost:${port}`); + }); +} + +setupOIDC().catch((err) => { + console.error('OIDC setup failed:', err); + process.exit(1); +}); diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..bf09270 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,22 @@ +services: + login-demo: + build: . + container_name: baron-sso-login-demo + ports: + - "3333:3333" + environment: + - PORT=3333 + - SESSION_SECRET=demo-session-secret + - OIDC_ISSUER_URL=https://sso-test.hmac.kr/oidc + - OIDC_CLIENT_ID=f5cdd938-a3ae-4e47-ab83-4c13e59949f5 + - OIDC_REDIRECT_URI=http://localhost:3333/callback + - BARON_API_BASE_URL=https://sso-test.hmac.kr + extra_hosts: + - "localhost:host-gateway" + networks: + - baron_net + +networks: + baron_net: + external: true + name: baron_net diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..1f9f9ed --- /dev/null +++ b/package-lock.json @@ -0,0 +1,980 @@ +{ + "name": "baron-sso-login-demo", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "baron-sso-login-demo", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "dotenv": "^17.4.2", + "ejs": "^5.0.2", + "express": "^5.2.1", + "express-session": "^1.19.0", + "openid-client": "^6.8.3" + } + }, + "node_modules/accepts": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz", + "integrity": "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==", + "license": "MIT", + "dependencies": { + "mime-types": "^3.0.0", + "negotiator": "^1.0.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/body-parser": { + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.2.tgz", + "integrity": "sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==", + "license": "MIT", + "dependencies": { + "bytes": "^3.1.2", + "content-type": "^1.0.5", + "debug": "^4.4.3", + "http-errors": "^2.0.0", + "iconv-lite": "^0.7.0", + "on-finished": "^2.4.1", + "qs": "^6.14.1", + "raw-body": "^3.0.1", + "type-is": "^2.0.1" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/content-disposition": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.1.0.tgz", + "integrity": "sha512-5jRCH9Z/+DRP7rkvY83B+yGIGX96OYdJmzngqnw2SBSxqCFPd0w2km3s5iawpGX8krnwSGmF0FW5Nhr0Hfai3g==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-signature": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz", + "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==", + "license": "MIT", + "engines": { + "node": ">=6.6.0" + } + }, + "node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/dotenv": { + "version": "17.4.2", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.4.2.tgz", + "integrity": "sha512-nI4U3TottKAcAD9LLud4Cb7b2QztQMUEfHbvhTH09bqXTxnSie8WnjPALV/WMCrJZ6UV/qHJ6L03OqO3LcdYZw==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://dotenvx.com" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, + "node_modules/ejs": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-5.0.2.tgz", + "integrity": "sha512-IpbUaI/CAW86l3f+T8zN0iggSc0LmMZLcIW5eRVStLVNCoTXkE0YlncbbH50fp8Cl6zHIky0sW2uUbhBqGw0Jw==", + "license": "Apache-2.0", + "bin": { + "ejs": "bin/cli.js" + }, + "engines": { + "node": ">=0.12.18" + } + }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz", + "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==", + "license": "MIT", + "dependencies": { + "accepts": "^2.0.0", + "body-parser": "^2.2.1", + "content-disposition": "^1.0.0", + "content-type": "^1.0.5", + "cookie": "^0.7.1", + "cookie-signature": "^1.2.1", + "debug": "^4.4.0", + "depd": "^2.0.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "finalhandler": "^2.1.0", + "fresh": "^2.0.0", + "http-errors": "^2.0.0", + "merge-descriptors": "^2.0.0", + "mime-types": "^3.0.0", + "on-finished": "^2.4.1", + "once": "^1.4.0", + "parseurl": "^1.3.3", + "proxy-addr": "^2.0.7", + "qs": "^6.14.0", + "range-parser": "^1.2.1", + "router": "^2.2.0", + "send": "^1.1.0", + "serve-static": "^2.2.0", + "statuses": "^2.0.1", + "type-is": "^2.0.1", + "vary": "^1.1.2" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/express-session": { + "version": "1.19.0", + "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.19.0.tgz", + "integrity": "sha512-0csaMkGq+vaiZTmSMMGkfdCOabYv192VbytFypcvI0MANrp+4i/7yEkJ0sbAEhycQjntaKGzYfjfXQyVb7BHMA==", + "license": "MIT", + "dependencies": { + "cookie": "~0.7.2", + "cookie-signature": "~1.0.7", + "debug": "~2.6.9", + "depd": "~2.0.0", + "on-headers": "~1.1.0", + "parseurl": "~1.3.3", + "safe-buffer": "~5.2.1", + "uid-safe": "~2.1.5" + }, + "engines": { + "node": ">= 0.8.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/express-session/node_modules/cookie-signature": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz", + "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", + "license": "MIT" + }, + "node_modules/express-session/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/express-session/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/finalhandler": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.1.tgz", + "integrity": "sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "on-finished": "^2.4.1", + "parseurl": "^1.3.3", + "statuses": "^2.0.1" + }, + "engines": { + "node": ">= 18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fresh": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-2.0.0.tgz", + "integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz", + "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/iconv-lite": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.2.tgz", + "integrity": "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/is-promise": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz", + "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==", + "license": "MIT" + }, + "node_modules/jose": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/jose/-/jose-6.2.2.tgz", + "integrity": "sha512-d7kPDd34KO/YnzaDOlikGpOurfF0ByC2sEV4cANCtdqLlTfBlw2p14O/5d/zv40gJPbIQxfES3nSx1/oYNyuZQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/media-typer": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz", + "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/merge-descriptors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-2.0.0.tgz", + "integrity": "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.2.tgz", + "integrity": "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==", + "license": "MIT", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/negotiator": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz", + "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/oauth4webapi": { + "version": "3.8.5", + "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-3.8.5.tgz", + "integrity": "sha512-A8jmyUckVhRJj5lspguklcl90Ydqk61H3dcU0oLhH3Yv13KpAliKTt5hknpGGPZSSfOwGyraNEFmofDYH+1kSg==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/object-inspect": { + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/on-headers": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", + "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "license": "ISC", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/openid-client": { + "version": "6.8.3", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-6.8.3.tgz", + "integrity": "sha512-AoY/NaN9esS3+xvHInFSK0g3skSfeE0uqQAKRj4rB6/GsBIvzwTUaYo9+HcqpKIaP0dP85p5W07hayKgS4GAeA==", + "license": "MIT", + "dependencies": { + "jose": "^6.2.2", + "oauth4webapi": "^3.8.5" + }, + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/path-to-regexp": { + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz", + "integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/qs": { + "version": "6.15.1", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.1.tgz", + "integrity": "sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/random-bytes": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz", + "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz", + "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.7.0", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/router": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz", + "integrity": "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.0", + "depd": "^2.0.0", + "is-promise": "^4.0.0", + "parseurl": "^1.3.3", + "path-to-regexp": "^8.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "license": "MIT" + }, + "node_modules/send": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/send/-/send-1.2.1.tgz", + "integrity": "sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.3", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "fresh": "^2.0.0", + "http-errors": "^2.0.1", + "mime-types": "^3.0.2", + "ms": "^2.1.3", + "on-finished": "^2.4.1", + "range-parser": "^1.2.1", + "statuses": "^2.0.2" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/serve-static": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.1.tgz", + "integrity": "sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw==", + "license": "MIT", + "dependencies": { + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "parseurl": "^1.3.3", + "send": "^1.2.0" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "license": "ISC" + }, + "node_modules/side-channel": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz", + "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "license": "MIT", + "engines": { + "node": ">=0.6" + } + }, + "node_modules/type-is": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz", + "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==", + "license": "MIT", + "dependencies": { + "content-type": "^1.0.5", + "media-typer": "^1.1.0", + "mime-types": "^3.0.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/uid-safe": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz", + "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==", + "license": "MIT", + "dependencies": { + "random-bytes": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "license": "ISC" + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..ad6a9d9 --- /dev/null +++ b/package.json @@ -0,0 +1,19 @@ +{ + "name": "baron-sso-login-demo", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "ISC", + "dependencies": { + "dotenv": "^17.4.2", + "ejs": "^5.0.2", + "express": "^5.2.1", + "express-session": "^1.19.0", + "openid-client": "^6.8.3" + } +} diff --git a/views/error.ejs b/views/error.ejs new file mode 100644 index 0000000..e4805d6 --- /dev/null +++ b/views/error.ejs @@ -0,0 +1,26 @@ + + + + Error - Baron SSO Demo + + + +
+

Authentication Error

+
+

Message: <%= message %>

+

Detail: <%= detail %>

+
+ +

Check the server logs for more technical details.

+ + Back to Home +
+ + diff --git a/views/index.ejs b/views/index.ejs new file mode 100644 index 0000000..e60cbbd --- /dev/null +++ b/views/index.ejs @@ -0,0 +1,25 @@ + + + + Baron SSO Login Demo + + + +
+

Baron SSO Demo

+ <% if (user) { %> +

Welcome, <%= user.userinfo.name || user.userinfo.sub %>!

+ View Profile + Logout + <% } else { %> +

You are not logged in.

+ Login with Baron SSO + <% } %> +
+ + diff --git a/views/profile.ejs b/views/profile.ejs new file mode 100644 index 0000000..5d04529 --- /dev/null +++ b/views/profile.ejs @@ -0,0 +1,28 @@ + + + + User Profile - Baron SSO Demo + + + +
+

User Profile

+

Sub: <%= user.userinfo.sub %>

+

Name: <%= user.userinfo.name || 'N/A' %>

+

Email: <%= user.userinfo.email || 'N/A' %>

+ +

Raw User Info

+ 
<%= JSON.stringify(user.userinfo, null, 2) %>
+ +

Tokens

+ 
<%= JSON.stringify(user.tokenset, null, 2) %>
+ + Back to Home +
+ +