refactor: update code to remove errors

src/app.controller.ts

@@ -33,4 +33,9 @@ export class AppController {
  async createAdmin(@Body() data: { username: string; password: string }) {
  return await this.appService.createAdmin(data);
  }
+
+ @Post('login')
+ async confirmLogin(@Req() req: Request){
+ console.log(req.body);
+ }
 }

src/app.module.ts

@@ -19,6 +19,7 @@ import { TenantModule } from './tenant/tenant.module';
 import { ApiKeysModule } from './api-keys/api-keys.module';
 import { UtilsService } from './utils/utils.service';
 import { OidcModule } from './oidc/oidc.module';
+import { InteractionController } from './oidc/interaction/interaction.controller';
 
 @Module({
  imports: [
@@ -39,7 +40,7 @@ import { OidcModule } from './oidc/oidc.module';
  TenantModule,
  ApiKeysModule,
  ],
- controllers: [AppController],
+ controllers: [AppController, InteractionController],
  providers: [AppService, PrismaService, MemoryMonitorService, UtilsService],
 })
 export class AppModule {}

src/key/key.service.ts

@@ -274,7 +274,7 @@ export class KeyService {
  keyFields = (key: any) => ({
  privateKey: jwkToPem(key, { private: true }),
  publicKey: jwkToPem(key),
- data: JSON.stringify(this.removeSensitiveRSAFields(key)),
+ data: JSON.stringify(key),
  });
  break;
  case 'ES256':
@@ -289,7 +289,7 @@ export class KeyService {
  keyFields = (key: any) => ({
  privateKey: jwkToPem(key, { private: true }),
  publicKey: jwkToPem(key),
- data: JSON.stringify(this.removeSensitiveECFields(key)),
+ data: JSON.stringify(key),
  });
  break;
  default:

src/oidc/interaction/interaction.controller.ts

@@ -0,0 +1,36 @@
+import { Controller, Get, Param, Post, Req, Res } from '@nestjs/common';
+import { Request, Response } from 'express';
+
+@Controller('interaction')
+export class InteractionController {
+ @Get(':id')
+ serveLoginPage(@Param('id') id: string, @Res() res: Response) {
+ const loginHtml = `
+ <!DOCTYPE html>
+ <html lang="en">
+ <head>
+ <meta charset="UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>Login</title>
+ <style>
+ body { font-family: Arial, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; }
+ form { background: #f0f0f0; padding: 20px; border-radius: 5px; }
+ input { display: block; margin: 10px 0; padding: 5px; width: 200px; }
+ button { background: #007bff; color: white; border: none; padding: 10px; cursor: pointer; }
+ </style>
+ </head>
+ <body>
+ <form action="/login" method="POST">
+ <h2>Login</h2>
+ <input type="text" name="username" placeholder="Username" required>
+ <input type="password" name="password" placeholder="Password" required>
+ <input type="hidden" name="interaction_id" value="${id}">
+ <button type="submit">Log In</button>
+ </form>
+ </body>
+ </html>
+ `;
+
+ res.type('text/html').send(loginHtml);
+ }
+}

src/oidc/oidc.adapter.ts

@@ -29,11 +29,11 @@ const types = [
 const prepare = (doc: OidcModel) => {
  doc.payload = JSON.parse(doc.payload);
  const isPayloadJson =
-  doc.payload &&
-  typeof doc.payload === 'object' &&
-  !Array.isArray(JSON.parse(doc.payload));
-
- const payload = isPayloadJson ? JSON.parse(doc.payload) : {};
+ doc.payload &&
+ typeof doc.payload === 'object' &&
+ !Array.isArray(doc.payload);
+ 
+ const payload = isPayloadJson ? doc.payload : {};
 
  return {
  ...payload,
@@ -56,7 +56,7 @@ export class PrismaAdapter implements Adapter {
  constructor(name: string) {
  this.type = types[name];
  this.name = name;
- //console.log('Constructor', name);
+ // console.log('Constructor', name);
  }
 
  async upsert(
@@ -72,7 +72,7 @@ export class PrismaAdapter implements Adapter {
  uid: payload.uid,
  expiresAt: expiresAt(expiresIn),
  };
- //console.log('upsert', id, this.name, payload);
+ // console.log('upsert', id, this.name, payload);
  await prisma.oidcModel.upsert({
  where: {
  id_type: {
@@ -91,7 +91,7 @@ export class PrismaAdapter implements Adapter {
  }
 
  async find(id: string): Promise<AdapterPayload | undefined> {
- //console.log('find', this.name, id);
+ // console.log('find', this.name, id);
  if (this.name === 'Client') {
  // can do domain pinning here
  const client = await PrismaAdapter.prismaService.application.findUnique({
@@ -134,7 +134,7 @@ export class PrismaAdapter implements Adapter {
  // do domain pinning here or cors?
  if (!client) return undefined;
  }
-
+ 
  if (!doc || (doc.expiresAt && doc.expiresAt < new Date())) {
  return undefined;
  }

src/oidc/oidc.config.service.ts

@@ -1,5 +1,5 @@
 import { Injectable } from '@nestjs/common';
-import { Configuration } from 'oidc-provider';
+import Provider, { Configuration, Interaction, JWKS } from 'oidc-provider';
 import { PrismaAdapter } from './oidc.adapter';
 import Account from './findAccount';
 import { PrismaService } from 'src/prisma/prisma.service';
@@ -8,111 +8,114 @@ import { ApplicationDataDto } from 'src/application/application.dto';
 @Injectable()
 export class OidcConfigService {
  private provider;
- private client_ttlMap: Map<string, ApplicationDataDto>;
- private configuration: Configuration = {
- interactions: {
- url(ctx, interaction) {
- return `/interaction/${interaction.uid}`;
- },
- },
- adapter: (modelName: string) => new PrismaAdapter(modelName),
- findAccount: (ctx, sub, token) =>
- Account.findAccount(ctx as unknown as any, sub, token),
- claims: {
- address: ['address'],
- email: ['email', 'email_verified'],
- phone: ['phone_number', 'phone_number_verified'],
- profile: [
- 'birthdate',
- 'family_name',
- 'gender',
- 'given_name',
- 'locale',
- 'middle_name',
- 'name',
- 'nickname',
- 'picture',
- 'preferred_username',
- 'profile',
- 'updated_at',
- 'website',
- 'zoneinfo',
- ],
- },
- clientBasedCORS(ctx, origin, client) {
- console.log('CLORS', ctx, origin, client);
- return false;
- },
- pkce: {
- required(ctx, client) {
- return false;
+ private async returnConfiguration(): Promise<Configuration> {
+ const client_ttlMap: Map<string, ApplicationDataDto> = await this.returnTTL();
+
+ const jwksArray = await this.prismaService.key.findMany();
+ const jwksFinal = jwksArray.map(jwk => JSON.parse(jwk.data));
+ const jwks: JWKS = jwksFinal.length > 0 ? {keys: jwksFinal}: undefined;
+ return {
+ interactions: {
+ url(ctx, interaction) {
+ return `/interaction/${interaction.uid}`;
+ },
  },
- },
- features: {
- introspection: { enabled: true },
- jwtIntrospection: { enabled: true },
- userinfo: { enabled: true },
- // resource Indicators?
- revocation: { enabled: true },
- devInteractions: {
- enabled: true,
+ adapter: (modelName: string) => new PrismaAdapter(modelName),
+ findAccount: (ctx, sub, token) =>
+ Account.findAccount(ctx as unknown as any, sub, token),
+ claims: {
+ address: ['address'],
+ email: ['email', 'email_verified'],
+ phone: ['phone_number', 'phone_number_verified'],
+ profile: [
+ 'birthdate',
+ 'family_name',
+ 'gender',
+ 'given_name',
+ 'locale',
+ 'middle_name',
+ 'name',
+ 'nickname',
+ 'picture',
+ 'preferred_username',
+ 'profile',
+ 'updated_at',
+ 'website',
+ 'zoneinfo',
+ ],
  },
- },
- issueRefreshToken: async (ctx, client, code) => {
- return true;
- },
- // loadExistingGrant(ctx) { // runs after giving consent
- // console.log(ctx);
- // return undefined;
- // },
- ttl: {
- AccessToken: (ctx, token, client) => {
- const clientData = this.client_ttlMap.get(client.clientId);
- return clientData.jwtConfiguration.timeToLiveInSeconds || 10000;
+ clientBasedCORS(ctx, origin, client) {
+ console.log('CLORS', ctx, origin, client);
+ return false;
  },
- RefreshToken: (ctx, token, client) => {
- const clientData = this.client_ttlMap.get(client.clientId);
- return (
- clientData.jwtConfiguration.refreshTokenTimeToLiveInMinutes * 60 ||
- 60000
- );
+ pkce: {
+ required(ctx, client) {
+ return false;
+ },
  },
- Grant: (ctx, token, client) => {
- return 300000;
+ features: {
+ introspection: { enabled: true },
+ jwtIntrospection: { enabled: true },
+ userinfo: { enabled: true },
+ // resource Indicators?
+ revocation: { enabled: true },
+ devInteractions: {
+ enabled: false,
+ },
  },
- AuthorizationCode: (ctx, token, client) => {
- return 300000;
+ issueRefreshToken: async (ctx, client, code) => {
+ return true;
  },
- Session: (ctx, token, client) => {
- return 300000;
- }, // id token ka set kr
- IdToken: (ctx, token, client) => {
- return 300000;
+ // loadExistingGrant(ctx) { // runs after giving consent
+ // console.log(ctx);
+ // return undefined;
+ // },
+ ttl: {
+ AccessToken: (ctx, token, client) => {
+ const clientData = client_ttlMap.get(client.clientId);
+ return clientData.jwtConfiguration.timeToLiveInSeconds || 10000;
+ },
+ RefreshToken: (ctx, token, client) => {
+ const clientData = client_ttlMap.get(client.clientId);
+ return (
+ clientData.jwtConfiguration.refreshTokenTimeToLiveInMinutes * 60 ||
+ 60000
+ );
+ },
+ Grant: (ctx, token, client) => {
+ return 300000;
+ },
+ AuthorizationCode: (ctx, token, client) => {
+ return 300000;
+ },
+ Session: (ctx, token, client) => {
+ return 300000;
+ }, // id token ka set kr
+ IdToken: (ctx, token, client) => {
+ return 300000;
+ },
  },
- },
- };
-
- constructor(private readonly prismaService: PrismaService) {
- this.client_ttlMap = new Map();
- this.prismaService.application.findMany().then((data) => {
- data.forEach((client) => {
- this.client_ttlMap.set(
- client.id,
- JSON.parse(client.data) as ApplicationDataDto,
- );
- });
- });
+ jwks,
+ };
  }
 
+ constructor(private readonly prismaService: PrismaService) {}
+
  async returnOidc() {
  if (typeof this.provider !== 'undefined') {
  return this.provider;
  }
  const mod = await eval(`import('oidc-provider')`);
  this.provider = mod.default;
- const oidc = new this.provider(process.env.FULL_URL, this.configuration);
+ const configuration: Configuration = await this.returnConfiguration();
+ const oidc = new this.provider(process.env.FULL_URL, configuration);
  return oidc;
  }
 
- private async returnTTL() {}
+ private async returnTTL() {
+ const client_ttlMap: Map<string, ApplicationDataDto> = new Map();
+ const clients = await this.prismaService.application.findMany();
+ clients.forEach(client => client_ttlMap.set(client.id,JSON.parse(client.data) as ApplicationDataDto))
+ return client_ttlMap;
+ }
 }

swagger-spec.json

@@ -56,6 +56,40 @@
  ]
  }
  },
+ "/login": {
+ "post": {
+ "operationId": "AppController_confirmLogin",
+ "parameters": [],
+ "responses": {
+ "201": {
+ "description": ""
+ }
+ },
+ "tags": [
+ "OIDC Wrapper"
+ ]
+ }
+ },
+ "/interaction/{id}": {
+ "get": {
+ "operationId": "InteractionController_serveLoginPage",
+ "parameters": [
+ {
+ "name": "id",
+ "required": true,
+ "in": "path",
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": ""
+ }
+ }
+ }
+ },
  "/oidc/*": {
  "get": {
  "operationId": "OidcController_mountedOidc_get",