├── .bin ├── license-engine.sh ├── license-template-node.json ├── licenses └── list-licenses ├── .github ├── FUNDING.yml ├── ISSUE_TEMPLATE │ ├── BUG-REPORT.yml │ ├── DESIGN-DOC.yml │ ├── FEATURE-REQUEST.yml │ └── config.yml ├── auto_assign.yml ├── config.yml ├── pull_request_template.md └── workflows │ ├── closed_references.yml │ ├── conventional_commits.yml │ ├── labels.yml │ ├── licenses.yml │ ├── release.yml │ ├── stale.yml │ └── test.yml ├── .gitignore ├── .npmignore ├── .prettierignore ├── .reference-ignore ├── .reports └── dep-licenses.csv ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── SECURITY.md ├── babel.config.js ├── jest.config.js ├── package-lock.json ├── package.json ├── rollup.config.mjs ├── src ├── common │ ├── default-forwarded-headers.ts │ ├── get-base-url.ts │ ├── get-cookie-domain.test.ts │ ├── get-cookie-domain.ts │ └── process-location-header.ts ├── next-edge-app │ └── index.ts ├── next-edge │ ├── index.test.ts │ └── index.ts ├── next │ └── index.ts ├── routes │ └── index.ts ├── type │ └── create-api-handler-options.ts └── ui │ ├── __snapshots__ │ └── index.test.ts.snap │ ├── fixtures │ └── nodes.json │ ├── index.test.ts │ └── index.ts └── tsconfig.json /.bin/license-engine.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script detects non-compliant licenses in the output of language-specific license checkers. 4 | 5 | # These licenses are allowed. 6 | # These are the exact and complete license strings for 100% legal certainty, no regexes. 7 | ALLOWED_LICENSES=( 8 | '0BSD' 9 | 'AFLv2.1' 10 | 'AFLv2.1,BSD' 11 | '(AFL-2.1 OR BSD-3-Clause)' 12 | 'Apache 2.0' 13 | 'Apache-2.0' 14 | '(Apache-2.0 OR MPL-1.1)' 15 | 'Apache-2.0 AND MIT' 16 | 'Apache License, Version 2.0' 17 | 'Apache*' 18 | 'Artistic-2.0' 19 | 'BlueOak-1.0.0' 20 | 'BSD' 21 | 'BSD*' 22 | 'BSD-2-Clause' 23 | '(BSD-2-Clause OR MIT OR Apache-2.0)' 24 | 'BSD-3-Clause' 25 | '(BSD-3-Clause OR GPL-2.0)' 26 | 'BSD-3-Clause OR MIT' 27 | '(BSD-3-Clause AND Apache-2.0)' 28 | 'CC0-1.0' 29 | 'CC-BY-3.0' 30 | 'CC-BY-4.0' 31 | '(CC-BY-4.0 AND MIT)' 32 | 'ISC' 33 | 'ISC*' 34 | 'LGPL-2.1' # LGPL allows commercial use, requires only that modifications to LGPL-protected libraries are published under a GPL-compatible license 35 | 'MIT' 36 | 'MIT*' 37 | 'MIT-0' 38 | 'MIT AND ISC' 39 | '(MIT AND BSD-3-Clause)' 40 | '(MIT AND Zlib)' 41 | '(MIT OR Apache-2.0)' 42 | '(MIT OR CC0-1.0)' 43 | '(MIT OR GPL-2.0)' 44 | 'MPL-2.0' 45 | '(MPL-2.0 OR Apache-2.0)' 46 | 'Public Domain' 47 | 'Python-2.0' # the Python-2.0 is a permissive license, see https://en.wikipedia.org/wiki/Python_License 48 | 'Unlicense' 49 | 'WTFPL' 50 | 'WTFPL OR ISC' 51 | '(WTFPL OR MIT)' 52 | '(MIT OR WTFPL)' 53 | 'LGPL-3.0-or-later' # Requires only that modifications to LGPL-protected libraries are published under a GPL-compatible license which is not the case at Ory 54 | ) 55 | 56 | # These modules don't work with the current license checkers 57 | # and have been manually verified to have a compatible license (regex format). 58 | APPROVED_MODULES=( 59 | 'https://github.com/ory-corp/cloud/' # Ory IP 60 | 'github.com/ory/hydra-client-go' # Apache-2.0 61 | 'github.com/ory/hydra-client-go/v2' # Apache-2.0 62 | 'github.com/ory/kratos-client-go' # Apache-2.0 63 | 'github.com/gobuffalo/github_flavored_markdown' # MIT 64 | 'buffers@0.1.1' # MIT: original source at http://github.com/substack/node-bufferlist is deleted but a fork at https://github.com/pkrumins/node-bufferlist/blob/master/LICENSE contains the original license by the original author (James Halliday) 65 | 'https://github.com/iconify/iconify/packages/react' # MIT: license is in root of monorepo at https://github.com/iconify/iconify/blob/main/license.txt 66 | 'github.com/gobuffalo/.*' # MIT: license is in root of monorepo at https://github.com/gobuffalo/github_flavored_markdown/blob/main/LICENSE 67 | 'github.com/ory-corp/cloud/.*' # Ory IP 68 | 'github.com/golang/freetype/.*' # FreeType license: https://freetype.sourceforge.net/FTL.TXT 69 | 'go.opentelemetry.io/otel/exporters/jaeger/internal/third_party/thrift/lib/go/thrift' # Incorrect detection, actually Apache-2.0: https://github.com/open-telemetry/opentelemetry-go/blob/exporters/jaeger/v1.17.0/exporters/jaeger/internal/third_party/thrift/LICENSE 70 | 'go.uber.org/zap/exp/.*' # MIT license is in root of exp folder in monorepo at https://github.com/uber-go/zap/blob/master/exp/LICENSE 71 | 'github.com/ory/client-go' # Apache-2.0 72 | 'github.com/ian-kent/linkio' # BSD - https://github.com/ian-kent/linkio/blob/97566b8728870dac1c9863ba5b0f237c39166879/linkio.go#L1-L3 73 | 'github.com/t-k/fluent-logger-golang/fluent' # Apache-2.0 https://github.com/t-k/fluent-logger-golang/blob/master/LICENSE 74 | 'github.com/jmespath/go-jmespath' # Apache-2.0 https://github.com/jmespath/go-jmespath/blob/master/LICENSE 75 | 'github.com/ory/keto/proto/ory/keto/opl/v1alpha1' # Apache-2.0 - submodule of keto 76 | 'github.com/ory/keto/proto/ory/keto/relation_tuples/v1alpha2' # Apache-2.0 - submodule of keto 77 | '@ory-corp/.*' # Ory IP 78 | 'github.com/apache/arrow/.*' # Apache-2.0 https://github.com/apache/arrow/blob/main/LICENSE.txt 79 | 'github.com/ory-corp/webhook-target' # Ory IP 80 | '@ory/keto-grpc-client.*' # Apache-2.0 - submodule of keto 81 | 'golden-fleece@1.0.9' # MIT: https://github.com/Rich-Harris/golden-fleece/blob/master/LICENSE 82 | 'github.com/gogo/googleapis/.*' # Apache-2.0 https://github.com/gogo/googleapis/blob/master/LICENSE 83 | ) 84 | 85 | # These lines in the output should be ignored (plain text, no regex). 86 | IGNORE_LINES=( 87 | '"module name","licenses"' # header of license output for Node.js 88 | ) 89 | 90 | echo_green() { 91 | printf "\e[1;92m%s\e[0m\n" "$@" 92 | } 93 | 94 | echo_red() { 95 | printf "\e[0;91m%s\e[0m\n" "$@" 96 | } 97 | 98 | # capture STDIN 99 | input=$(cat -) 100 | 101 | # remove ignored lines 102 | for ignored in "${IGNORE_LINES[@]}"; do 103 | input=$(echo "$input" | grep -vF "$ignored") 104 | done 105 | 106 | # remove pre-approved modules 107 | for approved in "${APPROVED_MODULES[@]}"; do 108 | input=$(echo "$input" | grep -vE "\"${approved}\"") 109 | input=$(echo "$input" | grep -vE "\"Custom: ${approved}\"") 110 | done 111 | 112 | # remove allowed licenses 113 | for allowed in "${ALLOWED_LICENSES[@]}"; do 114 | input=$(echo "$input" | grep -vF "\"${allowed}\"") 115 | done 116 | 117 | # anything left in the input at this point is a module with an invalid license 118 | 119 | # print outcome 120 | if [ -z "$input" ]; then 121 | echo_green "Licenses are okay." 122 | else 123 | echo_red "Unknown licenses found!" 124 | echo "$input" 125 | exit 1 126 | fi 127 | -------------------------------------------------------------------------------- /.bin/license-template-node.json: -------------------------------------------------------------------------------- 1 | { 2 | "licenses": "" 3 | } 4 | -------------------------------------------------------------------------------- /.bin/licenses: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # Get the directory where this script is located 5 | bin_dir="$(cd "$(dirname "$0")" && pwd)" 6 | 7 | { echo "Checking licenses ..."; } 2>/dev/null 8 | "${bin_dir}/list-licenses" | "${bin_dir}/license-engine.sh" 9 | -------------------------------------------------------------------------------- /.bin/list-licenses: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | bin_dir="$(cd "$(dirname "$0")" && pwd)" 5 | 6 | # list Node licenses 7 | if [ -f package.json ]; then 8 | if jq -e '.dependencies and (.dependencies | keys | length > 0)' package.json >/dev/null; then 9 | npx --yes license-checker --production --csv --excludePrivatePackages --customPath "${bin_dir}"/license-template-node.json | grep -v '^$' 10 | echo 11 | else 12 | echo "No dependencies found in package.json" >&2 13 | echo 14 | fi 15 | fi 16 | 17 | # list Go licenses 18 | if [ -f go.mod ]; then 19 | # List all direct Go module dependencies, transform their paths to root module paths 20 | # (e.g., github.com/ory/x instead of github.com/ory/x/foo/bar), and generate a license report 21 | # for each unique root module. This ensures that the license report is generated for the root 22 | # module of a repository, where licenses are typically defined. 23 | go_modules=$( 24 | go list -f "{{if not .Indirect}}{{.Path}}{{end}}" -m ... | 25 | sort -u | 26 | awk -F/ '{ if ($1 == "github.com" && NF >= 3) { print $1"/"$2"/"$3 } else { print } }' | 27 | sort -u 28 | ) 29 | if [ -z "$go_modules" ]; then 30 | echo "No Go modules found" >&2 31 | else 32 | # Workaround until https://github.com/google/go-licenses/issues/307 is fixed 33 | # .bin/go-licenses report "$module_name" --template .bin/license-template-go.tpl 2>/dev/null 34 | # 35 | echo "$go_modules" | xargs -I {} sh -c '.bin/go-licenses report --template .bin/license-template-go.tpl {}' | grep -v '^$' 36 | echo 37 | fi 38 | fi 39 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/FUNDING.yml 3 | 4 | # These are supported funding model platforms 5 | 6 | # github: 7 | patreon: _ory 8 | open_collective: ory 9 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/BUG-REPORT.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/BUG-REPORT.yml 3 | 4 | description: "Create a bug report" 5 | labels: 6 | - bug 7 | name: "Bug Report" 8 | body: 9 | - attributes: 10 | value: "Thank you for taking the time to fill out this bug report!\n" 11 | type: markdown 12 | - attributes: 13 | label: "Preflight checklist" 14 | options: 15 | - label: 16 | "I could not find a solution in the existing issues, docs, nor 17 | discussions." 18 | required: true 19 | - label: 20 | "I agree to follow this project's [Code of 21 | Conduct](https://github.com/ory/integrations/blob/master/CODE_OF_CONDUCT.md)." 22 | required: true 23 | - label: 24 | "I have read and am following this repository's [Contribution 25 | Guidelines](https://github.com/ory/integrations/blob/master/CONTRIBUTING.md)." 26 | required: true 27 | - label: 28 | "I have joined the [Ory Community Slack](https://slack.ory.sh)." 29 | - label: 30 | "I am signed up to the [Ory Security Patch 31 | Newsletter](https://www.ory.sh/l/sign-up-newsletter)." 32 | id: checklist 33 | type: checkboxes 34 | - attributes: 35 | description: 36 | "Enter the slug or API URL of the affected Ory Network project. Leave 37 | empty when you are self-hosting." 38 | label: "Ory Network Project" 39 | placeholder: "https://.projects.oryapis.com" 40 | id: ory-network-project 41 | type: input 42 | - attributes: 43 | description: "A clear and concise description of what the bug is." 44 | label: "Describe the bug" 45 | placeholder: "Tell us what you see!" 46 | id: describe-bug 47 | type: textarea 48 | validations: 49 | required: true 50 | - attributes: 51 | description: | 52 | Clear, formatted, and easy to follow steps to reproduce the behavior: 53 | placeholder: | 54 | Steps to reproduce the behavior: 55 | 56 | 1. Run `docker run ....` 57 | 2. Make API Request to with `curl ...` 58 | 3. Request fails with response: `{"some": "error"}` 59 | label: "Reproducing the bug" 60 | id: reproduce-bug 61 | type: textarea 62 | validations: 63 | required: true 64 | - attributes: 65 | description: 66 | "Please copy and paste any relevant log output. This will be 67 | automatically formatted into code, so no need for backticks. Please 68 | redact any sensitive information" 69 | label: "Relevant log output" 70 | render: shell 71 | placeholder: | 72 | log=error .... 73 | id: logs 74 | type: textarea 75 | - attributes: 76 | description: 77 | "Please copy and paste any relevant configuration. This will be 78 | automatically formatted into code, so no need for backticks. Please 79 | redact any sensitive information!" 80 | label: "Relevant configuration" 81 | render: yml 82 | placeholder: | 83 | server: 84 | admin: 85 | port: 1234 86 | id: config 87 | type: textarea 88 | - attributes: 89 | description: "What version of our software are you running?" 90 | label: Version 91 | id: version 92 | type: input 93 | validations: 94 | required: true 95 | - attributes: 96 | label: "On which operating system are you observing this issue?" 97 | options: 98 | - Ory Network 99 | - macOS 100 | - Linux 101 | - Windows 102 | - FreeBSD 103 | - Other 104 | id: operating-system 105 | type: dropdown 106 | - attributes: 107 | label: "In which environment are you deploying?" 108 | options: 109 | - Ory Network 110 | - Docker 111 | - "Docker Compose" 112 | - "Kubernetes with Helm" 113 | - Kubernetes 114 | - Binary 115 | - Other 116 | id: deployment 117 | type: dropdown 118 | - attributes: 119 | description: "Add any other context about the problem here." 120 | label: Additional Context 121 | id: additional 122 | type: textarea 123 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/DESIGN-DOC.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml 3 | 4 | description: 5 | "A design document is needed for non-trivial changes to the code base." 6 | labels: 7 | - rfc 8 | name: "Design Document" 9 | body: 10 | - attributes: 11 | value: | 12 | Thank you for writing this design document. 13 | 14 | One of the key elements of Ory's software engineering culture is the use of defining software designs through design docs. These are relatively informal documents that the primary author or authors of a software system or application create before they embark on the coding project. The design doc documents the high level implementation strategy and key design decisions with emphasis on the trade-offs that were considered during those decisions. 15 | 16 | Ory is leaning heavily on [Google's design docs process](https://www.industrialempathy.com/posts/design-docs-at-google/) 17 | and [Golang Proposals](https://github.com/golang/proposal). 18 | 19 | Writing a design doc before contributing your change ensures that your ideas are checked with 20 | the community and maintainers. It will save you a lot of time developing things that might need to be changed 21 | after code reviews, and your pull requests will be merged faster. 22 | type: markdown 23 | - attributes: 24 | label: "Preflight checklist" 25 | options: 26 | - label: 27 | "I could not find a solution in the existing issues, docs, nor 28 | discussions." 29 | required: true 30 | - label: 31 | "I agree to follow this project's [Code of 32 | Conduct](https://github.com/ory/integrations/blob/master/CODE_OF_CONDUCT.md)." 33 | required: true 34 | - label: 35 | "I have read and am following this repository's [Contribution 36 | Guidelines](https://github.com/ory/integrations/blob/master/CONTRIBUTING.md)." 37 | required: true 38 | - label: 39 | "I have joined the [Ory Community Slack](https://slack.ory.sh)." 40 | - label: 41 | "I am signed up to the [Ory Security Patch 42 | Newsletter](https://www.ory.sh/l/sign-up-newsletter)." 43 | id: checklist 44 | type: checkboxes 45 | - attributes: 46 | description: 47 | "Enter the slug or API URL of the affected Ory Network project. Leave 48 | empty when you are self-hosting." 49 | label: "Ory Network Project" 50 | placeholder: "https://.projects.oryapis.com" 51 | id: ory-network-project 52 | type: input 53 | - attributes: 54 | description: | 55 | This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts. 56 | label: "Context and scope" 57 | id: scope 58 | type: textarea 59 | validations: 60 | required: true 61 | 62 | - attributes: 63 | description: | 64 | A short list of bullet points of what the goals of the system are, and, sometimes more importantly, what non-goals are. Note, that non-goals aren’t negated goals like “The system shouldn’t crash”, but rather things that could reasonably be goals, but are explicitly chosen not to be goals. A good example would be “ACID compliance”; when designing a database, you’d certainly want to know whether that is a goal or non-goal. And if it is a non-goal you might still select a solution that provides it, if it doesn’t introduce trade-offs that prevent achieving the goals. 65 | label: "Goals and non-goals" 66 | id: goals 67 | type: textarea 68 | validations: 69 | required: true 70 | 71 | - attributes: 72 | description: | 73 | This section should start with an overview and then go into details. 74 | The design doc is the place to write down the trade-offs you made in designing your software. Focus on those trade-offs to produce a useful document with long-term value. That is, given the context (facts), goals and non-goals (requirements), the design doc is the place to suggest solutions and show why a particular solution best satisfies those goals. 75 | 76 | The point of writing a document over a more formal medium is to provide the flexibility to express the problem at hand in an appropriate manner. Because of this, there is no explicit guidance on how to actually describe the design. 77 | label: "The design" 78 | id: design 79 | type: textarea 80 | validations: 81 | required: true 82 | 83 | - attributes: 84 | description: | 85 | If the system under design exposes an API, then sketching out that API is usually a good idea. In most cases, however, one should withstand the temptation to copy-paste formal interface or data definitions into the doc as these are often verbose, contain unnecessary detail and quickly get out of date. Instead, focus on the parts that are relevant to the design and its trade-offs. 86 | label: "APIs" 87 | id: apis 88 | type: textarea 89 | 90 | - attributes: 91 | description: | 92 | Systems that store data should likely discuss how and in what rough form this happens. Similar to the advice on APIs, and for the same reasons, copy-pasting complete schema definitions should be avoided. Instead, focus on the parts that are relevant to the design and its trade-offs. 93 | label: "Data storage" 94 | id: persistence 95 | type: textarea 96 | 97 | - attributes: 98 | description: | 99 | Design docs should rarely contain code, or pseudo-code except in situations where novel algorithms are described. As appropriate, link to prototypes that show the feasibility of the design. 100 | label: "Code and pseudo-code" 101 | id: pseudocode 102 | type: textarea 103 | 104 | - attributes: 105 | description: | 106 | One of the primary factors that would influence the shape of a software design and hence the design doc, is the degree of constraint of the solution space. 107 | 108 | On one end of the extreme is the “greenfield software project”, where all we know are the goals, and the solution can be whatever makes the most sense. Such a document may be wide-ranging, but it also needs to quickly define a set of rules that allow zooming in on a manageable set of solutions. 109 | 110 | On the other end are systems where the possible solutions are very well defined, but it isn't at all obvious how they could even be combined to achieve the goals. This may be a legacy system that is difficult to change and wasn't designed to do what you want it to do or a library design that needs to operate within the constraints of the host programming language. 111 | 112 | In this situation, you may be able to enumerate all the things you can do relatively easily, but you need to creatively put those things together to achieve the goals. There may be multiple solutions, and none of them are great, and hence such a document should focus on selecting the best way given all identified trade-offs. 113 | label: "Degree of constraint" 114 | id: constrait 115 | type: textarea 116 | 117 | - attributes: 118 | description: | 119 | This section lists alternative designs that would have reasonably achieved similar outcomes. The focus should be on the trade-offs that each respective design makes and how those trade-offs led to the decision to select the design that is the primary topic of the document. 120 | 121 | While it is fine to be succinct about a solution that ended up not being selected, this section is one of the most important ones as it shows very explicitly why the selected solution is the best given the project goals and how other solutions, that the reader may be wondering about, introduce trade-offs that are less desirable given the goals. 122 | 123 | label: Alternatives considered 124 | id: alternatives 125 | type: textarea 126 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml 3 | 4 | description: 5 | "Suggest an idea for this project without a plan for implementation" 6 | labels: 7 | - feat 8 | name: "Feature Request" 9 | body: 10 | - attributes: 11 | value: | 12 | Thank you for suggesting an idea for this project! 13 | 14 | If you already have a plan to implement a feature or a change, please create a [design document](https://github.com/aeneasr/gh-template-test/issues/new?assignees=&labels=rfc&template=DESIGN-DOC.yml) instead if the change is non-trivial! 15 | type: markdown 16 | - attributes: 17 | label: "Preflight checklist" 18 | options: 19 | - label: 20 | "I could not find a solution in the existing issues, docs, nor 21 | discussions." 22 | required: true 23 | - label: 24 | "I agree to follow this project's [Code of 25 | Conduct](https://github.com/ory/integrations/blob/master/CODE_OF_CONDUCT.md)." 26 | required: true 27 | - label: 28 | "I have read and am following this repository's [Contribution 29 | Guidelines](https://github.com/ory/integrations/blob/master/CONTRIBUTING.md)." 30 | required: true 31 | - label: 32 | "I have joined the [Ory Community Slack](https://slack.ory.sh)." 33 | - label: 34 | "I am signed up to the [Ory Security Patch 35 | Newsletter](https://www.ory.sh/l/sign-up-newsletter)." 36 | id: checklist 37 | type: checkboxes 38 | - attributes: 39 | description: 40 | "Enter the slug or API URL of the affected Ory Network project. Leave 41 | empty when you are self-hosting." 42 | label: "Ory Network Project" 43 | placeholder: "https://.projects.oryapis.com" 44 | id: ory-network-project 45 | type: input 46 | - attributes: 47 | description: 48 | "Is your feature request related to a problem? Please describe." 49 | label: "Describe your problem" 50 | placeholder: 51 | "A clear and concise description of what the problem is. Ex. I'm always 52 | frustrated when [...]" 53 | id: problem 54 | type: textarea 55 | validations: 56 | required: true 57 | - attributes: 58 | description: | 59 | Describe the solution you'd like 60 | placeholder: | 61 | A clear and concise description of what you want to happen. 62 | label: "Describe your ideal solution" 63 | id: solution 64 | type: textarea 65 | validations: 66 | required: true 67 | - attributes: 68 | description: "Describe alternatives you've considered" 69 | label: "Workarounds or alternatives" 70 | id: alternatives 71 | type: textarea 72 | validations: 73 | required: true 74 | - attributes: 75 | description: "What version of our software are you running?" 76 | label: Version 77 | id: version 78 | type: input 79 | validations: 80 | required: true 81 | - attributes: 82 | description: 83 | "Add any other context or screenshots about the feature request here." 84 | label: Additional Context 85 | id: additional 86 | type: textarea 87 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/ISSUE_TEMPLATE/config.yml 3 | 4 | blank_issues_enabled: false 5 | contact_links: 6 | - name: Ory integrations Forum 7 | url: https://github.com/orgs/ory/discussions 8 | about: 9 | Please ask and answer questions here, show your implementations and 10 | discuss ideas. 11 | - name: Ory Chat 12 | url: https://www.ory.sh/chat 13 | about: 14 | Hang out with other Ory community members to ask and answer questions. 15 | -------------------------------------------------------------------------------- /.github/auto_assign.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/auto_assign.yml 3 | 4 | # Set to true to add reviewers to pull requests 5 | addReviewers: true 6 | 7 | # Set to true to add assignees to pull requests 8 | addAssignees: true 9 | 10 | # A list of reviewers to be added to pull requests (GitHub user name) 11 | assignees: 12 | - ory/maintainers 13 | 14 | # A number of reviewers added to the pull request 15 | # Set 0 to add all the reviewers (default: 0) 16 | numberOfReviewers: 0 17 | -------------------------------------------------------------------------------- /.github/config.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/config.yml 3 | 4 | todo: 5 | keyword: "@todo" 6 | label: todo 7 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | 12 | 13 | ## Related Issue or Design Document 14 | 15 | 29 | 30 | ## Checklist 31 | 32 | 36 | 37 | - [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md) 38 | and signed the CLA. 39 | - [ ] I have referenced an issue containing the design document if my change 40 | introduces a new feature. 41 | - [ ] I have read the [security policy](../security/policy). 42 | - [ ] I confirm that this pull request does not address a security 43 | vulnerability. If this pull request addresses a security vulnerability, I 44 | confirm that I got approval (please contact 45 | [security@ory.sh](mailto:security@ory.sh)) from the maintainers to push 46 | the changes. 47 | - [ ] I have added tests that prove my fix is effective or that my feature 48 | works. 49 | - [ ] I have added the necessary documentation within the code base (if 50 | appropriate). 51 | 52 | ## Further comments 53 | 54 | 58 | -------------------------------------------------------------------------------- /.github/workflows/closed_references.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/closed_references.yml 3 | 4 | name: Closed Reference Notifier 5 | 6 | on: 7 | schedule: 8 | - cron: "0 0 * * *" 9 | workflow_dispatch: 10 | inputs: 11 | issueLimit: 12 | description: Max. number of issues to create 13 | required: true 14 | default: "5" 15 | 16 | jobs: 17 | find_closed_references: 18 | if: github.repository_owner == 'ory' 19 | runs-on: ubuntu-latest 20 | name: Find closed references 21 | steps: 22 | - uses: actions/checkout@v2 23 | - uses: actions/setup-node@v2-beta 24 | with: 25 | node-version: "14" 26 | - uses: ory/closed-reference-notifier@v1 27 | with: 28 | token: ${{ secrets.GITHUB_TOKEN }} 29 | issueLabels: upstream,good first issue,help wanted 30 | issueLimit: ${{ github.event.inputs.issueLimit || '5' }} 31 | -------------------------------------------------------------------------------- /.github/workflows/conventional_commits.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/conventional_commits.yml 3 | 4 | name: Conventional commits 5 | 6 | # This GitHub CI Action enforces that pull request titles follow conventional commits. 7 | # More info at https://www.conventionalcommits.org. 8 | # 9 | # The Ory-wide defaults for commit titles and scopes are below. 10 | # Your repository can add/replace elements via a configuration file at the path below. 11 | # More info at https://github.com/ory/ci/blob/master/conventional_commit_config/README.md 12 | 13 | on: 14 | pull_request_target: 15 | types: 16 | - edited 17 | - opened 18 | - ready_for_review 19 | - reopened 20 | # pull_request: # for debugging, uses config in local branch but supports only Pull Requests from this repo 21 | 22 | jobs: 23 | main: 24 | name: Validate PR title 25 | runs-on: ubuntu-latest 26 | steps: 27 | - uses: actions/checkout@v3 28 | - id: config 29 | uses: ory/ci/conventional_commit_config@master 30 | with: 31 | config_path: .github/conventional_commits.json 32 | default_types: | 33 | feat 34 | fix 35 | revert 36 | docs 37 | style 38 | refactor 39 | test 40 | build 41 | autogen 42 | security 43 | ci 44 | chore 45 | default_scopes: | 46 | deps 47 | docs 48 | default_require_scope: false 49 | - uses: amannn/action-semantic-pull-request@v4 50 | env: 51 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 52 | with: 53 | types: ${{ steps.config.outputs.types }} 54 | scopes: ${{ steps.config.outputs.scopes }} 55 | requireScope: ${{ steps.config.outputs.requireScope }} 56 | subjectPattern: ^(?![A-Z]).+$ 57 | subjectPatternError: | 58 | The subject should start with a lowercase letter, yours is uppercase: 59 | "{subject}" 60 | -------------------------------------------------------------------------------- /.github/workflows/labels.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/labels.yml 3 | 4 | name: Synchronize Issue Labels 5 | 6 | on: 7 | workflow_dispatch: 8 | push: 9 | branches: 10 | - master 11 | 12 | jobs: 13 | milestone: 14 | if: github.repository_owner == 'ory' 15 | name: Synchronize Issue Labels 16 | runs-on: ubuntu-latest 17 | steps: 18 | - name: Checkout 19 | uses: actions/checkout@v2 20 | - name: Synchronize Issue Labels 21 | uses: ory/label-sync-action@v0 22 | with: 23 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 24 | dry: false 25 | forced: true 26 | -------------------------------------------------------------------------------- /.github/workflows/licenses.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/licenses.yml 3 | 4 | name: Licenses 5 | 6 | on: 7 | pull_request: 8 | push: 9 | branches: 10 | - main 11 | - v3 12 | - master 13 | 14 | jobs: 15 | licenses: 16 | name: License compliance 17 | runs-on: ubuntu-latest 18 | steps: 19 | - name: Install script 20 | uses: ory/ci/licenses/setup@master 21 | with: 22 | token: ${{ secrets.ORY_BOT_PAT || secrets.GITHUB_TOKEN }} 23 | - name: Check licenses 24 | uses: ory/ci/licenses/check@master 25 | - name: Write, commit, push licenses 26 | uses: ory/ci/licenses/write@master 27 | if: 28 | ${{ github.ref == 'refs/heads/main' || github.ref == 29 | 'refs/heads/master' || github.ref == 'refs/heads/v3' }} 30 | with: 31 | author-email: 32 | ${{ secrets.ORY_BOT_PAT && 33 | '60093411+ory-bot@users.noreply.github.com' || 34 | format('{0}@users.noreply.github.com', github.actor) }} 35 | author-name: ${{ secrets.ORY_BOT_PAT && 'ory-bot' || github.actor }} 36 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release NPM Package 2 | on: 3 | release: 4 | types: [published] 5 | 6 | jobs: 7 | build: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/checkout@v2 11 | - uses: actions/setup-node@v2 12 | with: 13 | node-version: "18" 14 | - run: npm ci 15 | - run: npm run format:check 16 | - run: npm run test 17 | - run: 18 | npm version --no-git-tag-version ${{ github.event.release.tag_name }} 19 | - run: npm run build 20 | - run: 21 | echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN_AENEASR 22 | }}" > ~/.npmrc 23 | - run: npm publish --access public 24 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | # AUTO-GENERATED, DO NOT EDIT! 2 | # Please edit the original at https://github.com/ory/meta/blob/master/templates/repository/common/.github/workflows/stale.yml 3 | 4 | name: "Close Stale Issues" 5 | on: 6 | workflow_dispatch: 7 | schedule: 8 | - cron: "0 0 * * *" 9 | 10 | jobs: 11 | stale: 12 | if: github.repository_owner == 'ory' 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/stale@v4 16 | with: 17 | repo-token: ${{ secrets.GITHUB_TOKEN }} 18 | stale-issue-message: | 19 | Hello contributors! 20 | 21 | I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue 22 | 23 | - open a PR referencing and resolving the issue; 24 | - leave a comment on it and discuss ideas on how you could contribute towards resolving it; 25 | - leave a comment and describe in detail why this issue is critical for your use case; 26 | - open a new issue with updated details and a plan for resolving the issue. 27 | 28 | Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic. 29 | 30 | Unfortunately, [burnout](https://www.jeffgeerling.com/blog/2016/why-i-close-prs-oss-project-maintainer-notes) has become a [topic](https://opensource.guide/best-practices/#its-okay-to-hit-pause) of [concern](https://docs.brew.sh/Maintainers-Avoiding-Burnout) amongst open-source projects. 31 | 32 | It can lead to severe personal and health issues as well as [opening](https://haacked.com/archive/2019/05/28/maintainer-burnout/) catastrophic [attack vectors](https://www.gradiant.org/en/blog/open-source-maintainer-burnout-as-an-attack-surface/). 33 | 34 | The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone. 35 | 36 | If this issue was marked as stale erroneously you can exempt it by adding the `backlog` label, assigning someone, or setting a milestone for it. 37 | 38 | Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you! 39 | 40 | Thank you 🙏✌️ 41 | stale-issue-label: "stale" 42 | exempt-issue-labels: "bug,blocking,docs,backlog" 43 | days-before-stale: 365 44 | days-before-close: 30 45 | exempt-milestones: true 46 | exempt-assignees: true 47 | only-pr-labels: "stale" 48 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Run tests 2 | on: 3 | pull_request: 4 | push: 5 | branches: 6 | - main 7 | 8 | jobs: 9 | build: 10 | runs-on: ubuntu-latest 11 | timeout-minutes: 5 12 | strategy: 13 | matrix: 14 | node: ["18", "20"] 15 | steps: 16 | - uses: actions/checkout@v2 17 | - uses: actions/setup-node@v2 18 | with: 19 | node-version: ${{ matrix.node }} 20 | - run: npm ci 21 | - run: npm run format:check 22 | - run: npm run test 23 | - run: npm run build 24 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | wwwroot/*.js 2 | node_modules 3 | typings 4 | dist 5 | coverage 6 | /ui 7 | /next-edge 8 | /next 9 | /routes 10 | /next-edge-app 11 | .idea 12 | 13 | pnpm-lock.yaml -------------------------------------------------------------------------------- /.npmignore: -------------------------------------------------------------------------------- 1 | # empty npmignore to ensure all required files (e.g., in the dist folder) are published by npm -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | .next/ 2 | dist/ 3 | coverage 4 | -------------------------------------------------------------------------------- /.reference-ignore: -------------------------------------------------------------------------------- 1 | **/node_modules 2 | docs 3 | CHANGELOG.md 4 | -------------------------------------------------------------------------------- /.reports/dep-licenses.csv: -------------------------------------------------------------------------------- 1 | "module name","licenses" 2 | "@ory/integrations@0.0.1","Apache-2.0" 3 | 4 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | # Contributor Covenant Code of Conduct 5 | 6 | ## Our Pledge 7 | 8 | We as members, contributors, and leaders pledge to make participation in our 9 | community a harassment-free experience for everyone, regardless of age, body 10 | size, visible or invisible disability, ethnicity, sex characteristics, gender 11 | identity and expression, level of experience, education, socio-economic status, 12 | nationality, personal appearance, race, caste, color, religion, or sexual 13 | identity and orientation. 14 | 15 | We pledge to act and interact in ways that contribute to an open, welcoming, 16 | diverse, inclusive, and healthy community. 17 | 18 | ## Our Standards 19 | 20 | Examples of behavior that contributes to a positive environment for our 21 | community include: 22 | 23 | - Demonstrating empathy and kindness toward other people 24 | - Being respectful of differing opinions, viewpoints, and experiences 25 | - Giving and gracefully accepting constructive feedback 26 | - Accepting responsibility and apologizing to those affected by our mistakes, 27 | and learning from the experience 28 | - Focusing on what is best not just for us as individuals, but for the overall 29 | community 30 | 31 | Examples of unacceptable behavior include: 32 | 33 | - The use of sexualized language or imagery, and sexual attention or advances of 34 | any kind 35 | - Trolling, insulting or derogatory comments, and personal or political attacks 36 | - Public or private harassment 37 | - Publishing others' private information, such as a physical or email address, 38 | without their explicit permission 39 | - Other conduct which could reasonably be considered inappropriate in a 40 | professional setting 41 | 42 | ## Open Source Community Support 43 | 44 | Ory Open source software is collaborative and based on contributions by 45 | developers in the Ory community. There is no obligation from Ory to help with 46 | individual problems. If Ory open source software is used in production in a 47 | for-profit company or enterprise environment, we mandate a paid support contract 48 | where Ory is obligated under their service level agreements (SLAs) to offer a 49 | defined level of availability and responsibility. For more information about 50 | paid support please contact us at sales@ory.sh. 51 | 52 | ## Enforcement Responsibilities 53 | 54 | Community leaders are responsible for clarifying and enforcing our standards of 55 | acceptable behavior and will take appropriate and fair corrective action in 56 | response to any behavior that they deem inappropriate, threatening, offensive, 57 | or harmful. 58 | 59 | Community leaders have the right and responsibility to remove, edit, or reject 60 | comments, commits, code, wiki edits, issues, and other contributions that are 61 | not aligned to this Code of Conduct, and will communicate reasons for moderation 62 | decisions when appropriate. 63 | 64 | ## Scope 65 | 66 | This Code of Conduct applies within all community spaces, and also applies when 67 | an individual is officially representing the community in public spaces. 68 | Examples of representing our community include using an official e-mail address, 69 | posting via an official social media account, or acting as an appointed 70 | representative at an online or offline event. 71 | 72 | ## Enforcement 73 | 74 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 75 | reported to the community leaders responsible for enforcement at 76 | [office@ory.sh](mailto:office@ory.sh). All complaints will be reviewed and 77 | investigated promptly and fairly. 78 | 79 | All community leaders are obligated to respect the privacy and security of the 80 | reporter of any incident. 81 | 82 | ## Enforcement Guidelines 83 | 84 | Community leaders will follow these Community Impact Guidelines in determining 85 | the consequences for any action they deem in violation of this Code of Conduct: 86 | 87 | ### 1. Correction 88 | 89 | **Community Impact**: Use of inappropriate language or other behavior deemed 90 | unprofessional or unwelcome in the community. 91 | 92 | **Consequence**: A private, written warning from community leaders, providing 93 | clarity around the nature of the violation and an explanation of why the 94 | behavior was inappropriate. A public apology may be requested. 95 | 96 | ### 2. Warning 97 | 98 | **Community Impact**: A violation through a single incident or series of 99 | actions. 100 | 101 | **Consequence**: A warning with consequences for continued behavior. No 102 | interaction with the people involved, including unsolicited interaction with 103 | those enforcing the Code of Conduct, for a specified period of time. This 104 | includes avoiding interactions in community spaces as well as external channels 105 | like social media. Violating these terms may lead to a temporary or permanent 106 | ban. 107 | 108 | ### 3. Temporary Ban 109 | 110 | **Community Impact**: A serious violation of community standards, including 111 | sustained inappropriate behavior. 112 | 113 | **Consequence**: A temporary ban from any sort of interaction or public 114 | communication with the community for a specified period of time. No public or 115 | private interaction with the people involved, including unsolicited interaction 116 | with those enforcing the Code of Conduct, is allowed during this period. 117 | Violating these terms may lead to a permanent ban. 118 | 119 | ### 4. Permanent Ban 120 | 121 | **Community Impact**: Demonstrating a pattern of violation of community 122 | standards, including sustained inappropriate behavior, harassment of an 123 | individual, or aggression toward or disparagement of classes of individuals. 124 | 125 | **Consequence**: A permanent ban from any sort of public interaction within the 126 | community. 127 | 128 | ## Attribution 129 | 130 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 131 | version 2.1, available at 132 | [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. 133 | 134 | Community Impact Guidelines were inspired by [Mozilla's code of conduct 135 | enforcement ladder][mozilla coc]. 136 | 137 | For answers to common questions about this code of conduct, see the FAQ at 138 | [https://www.contributor-covenant.org/faq][faq]. Translations are available at 139 | [https://www.contributor-covenant.org/translations][translations]. 140 | 141 | [homepage]: https://www.contributor-covenant.org 142 | [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html 143 | [mozilla coc]: https://github.com/mozilla/diversity 144 | [faq]: https://www.contributor-covenant.org/faq 145 | [translations]: https://www.contributor-covenant.org/translations 146 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | # Contribute to Ory integrations 5 | 6 | 7 | 8 | 9 | - [Introduction](#introduction) 10 | - [FAQ](#faq) 11 | - [How can I contribute?](#how-can-i-contribute) 12 | - [Communication](#communication) 13 | - [Contribute examples or community projects](#contribute-examples-or-community-projects) 14 | - [Contribute code](#contribute-code) 15 | - [Contribute documentation](#contribute-documentation) 16 | - [Disclosing vulnerabilities](#disclosing-vulnerabilities) 17 | - [Code style](#code-style) 18 | - [Working with forks](#working-with-forks) 19 | - [Conduct](#conduct) 20 | 21 | 22 | 23 | ## Introduction 24 | 25 | _Please note_: We take Ory integrations's security and our users' trust very 26 | seriously. If you believe you have found a security issue in Ory integrations, 27 | please disclose it by contacting us at security@ory.sh. 28 | 29 | There are many ways in which you can contribute. The goal of this document is to 30 | provide a high-level overview of how you can get involved in Ory. 31 | 32 | As a potential contributor, your changes and ideas are welcome at any hour of 33 | the day or night, on weekdays, weekends, and holidays. Please do not ever 34 | hesitate to ask a question or send a pull request. 35 | 36 | If you are unsure, just ask or submit the issue or pull request anyways. You 37 | won't be yelled at for giving it your best effort. The worst that can happen is 38 | that you'll be politely asked to change something. We appreciate any sort of 39 | contributions and don't want a wall of rules to get in the way of that. 40 | 41 | That said, if you want to ensure that a pull request is likely to be merged, 42 | talk to us! You can find out our thoughts and ensure that your contribution 43 | won't clash with Ory integrations's direction. A great way to do this is via 44 | [Ory integrations Discussions](https://github.com/orgs/ory/discussions) or the 45 | [Ory Chat](https://www.ory.sh/chat). 46 | 47 | ## FAQ 48 | 49 | - I am new to the community. Where can I find the 50 | [Ory Community Code of Conduct?](https://github.com/ory/integrations/blob/master/CODE_OF_CONDUCT.md) 51 | 52 | - I have a question. Where can I get 53 | [answers to questions regarding Ory integrations?](#communication) 54 | 55 | - I would like to contribute but I am not sure how. Are there 56 | [easy ways to contribute?](#how-can-i-contribute) 57 | [Or good first issues?](https://github.com/search?l=&o=desc&q=label%3A%22help+wanted%22+label%3A%22good+first+issue%22+is%3Aopen+user%3Aory+user%3Aory-corp&s=updated&type=Issues) 58 | 59 | - I want to talk to other Ory integrations users. 60 | [How can I become a part of the community?](#communication) 61 | 62 | - I would like to know what I am agreeing to when I contribute to Ory 63 | integrations. Does Ory have 64 | [a Contributors License Agreement?](https://cla-assistant.io/ory/integrations) 65 | 66 | - I would like updates about new versions of Ory integrations. 67 | [How are new releases announced?](https://www.ory.sh/l/sign-up-newsletter) 68 | 69 | ## How can I contribute? 70 | 71 | If you want to start to contribute code right away, take a look at the 72 | [list of good first issues](https://github.com/ory/integrations/labels/good%20first%20issue). 73 | 74 | There are many other ways you can contribute. Here are a few things you can do 75 | to help out: 76 | 77 | - **Give us a star.** It may not seem like much, but it really makes a 78 | difference. This is something that everyone can do to help out Ory 79 | integrations. Github stars help the project gain visibility and stand out. 80 | 81 | - **Join the community.** Sometimes helping people can be as easy as listening 82 | to their problems and offering a different perspective. Join our Slack, have a 83 | look at discussions in the forum and take part in community events. More info 84 | on this in [Communication](#communication). 85 | 86 | - **Answer discussions.** At all times, there are several unanswered discussions 87 | on GitHub. You can see an 88 | [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc). 89 | If you think you know an answer or can provide some information that might 90 | help, please share it! Bonus: You get GitHub achievements for answered 91 | discussions. 92 | 93 | - **Help with open issues.** We have a lot of open issues for Ory integrations 94 | and some of them may lack necessary information, some are duplicates of older 95 | issues. You can help out by guiding people through the process of filling out 96 | the issue template, asking for clarifying information or pointing them to 97 | existing issues that match their description of the problem. 98 | 99 | - **Review documentation changes.** Most documentation just needs a review for 100 | proper spelling and grammar. If you think a document can be improved in any 101 | way, feel free to hit the `edit` button at the top of the page. More info on 102 | contributing to the documentation [here](#contribute-documentation). 103 | 104 | - **Help with tests.** Pull requests may lack proper tests or test plans. These 105 | are needed for the change to be implemented safely. 106 | 107 | ## Communication 108 | 109 | We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask 110 | questions, discuss bugs and feature requests, talk to other users of Ory, etc. 111 | 112 | Check out 113 | [Ory integrations Discussions](https://github.com/orgs/ory/discussions). This is 114 | a great place for in-depth discussions and lots of code examples, logs and 115 | similar data. 116 | 117 | You can also join our community calls if you want to speak to the Ory team 118 | directly or ask some questions. You can find more info and participate in 119 | [Slack](https://www.ory.sh/chat) in the #community-call channel. 120 | 121 | If you want to receive regular notifications about updates to Ory integrations, 122 | consider joining the mailing list. We will _only_ send you vital information on 123 | the projects that you are interested in. 124 | 125 | Also, [follow us on Twitter](https://twitter.com/orycorp). 126 | 127 | ## Contribute examples or community projects 128 | 129 | One of the most impactful ways to contribute is by adding code examples or other 130 | Ory-related code. You can find an overview of community code in the 131 | [awesome-ory](https://github.com/ory/awesome-ory) repository. 132 | 133 | _If you would like to contribute a new example, we would love to hear from you!_ 134 | 135 | Please [open a pull request at awesome-ory](https://github.com/ory/awesome-ory/) 136 | to add your example or Ory-related project to the awesome-ory README. 137 | 138 | ## Contribute code 139 | 140 | Unless you are fixing a known bug, we **strongly** recommend discussing it with 141 | the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat) 142 | before getting started to ensure your work is consistent with Ory integrations's 143 | roadmap and architecture. 144 | 145 | All contributions are made via pull requests. To make a pull request, you will 146 | need a GitHub account; if you are unclear on this process, see GitHub's 147 | documentation on [forking](https://help.github.com/articles/fork-a-repo) and 148 | [pull requests](https://help.github.com/articles/using-pull-requests). Pull 149 | requests should be targeted at the `master` branch. Before creating a pull 150 | request, go through this checklist: 151 | 152 | 1. Create a feature branch off of `master` so that changes do not get mixed up. 153 | 1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local 154 | changes against the `master` branch. 155 | 1. Run the full project test suite with the `go test -tags sqlite ./...` (or 156 | equivalent) command and confirm that it passes. 157 | 1. Run `make format` 158 | 1. Add a descriptive prefix to commits. This ensures a uniform commit history 159 | and helps structure the changelog. Please refer to this 160 | [Convential Commits configuration](https://github.com/ory/integrations/blob/master/.github/workflows/conventional_commits.yml) 161 | for the list of accepted prefixes. You can read more about the Conventional 162 | Commit specification 163 | [at their site](https://www.conventionalcommits.org/en/v1.0.0/). 164 | 165 | If a pull request is not ready to be reviewed yet 166 | [it should be marked as a "Draft"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request). 167 | 168 | Before your contributions can be reviewed you need to sign our 169 | [Contributor License Agreement](https://cla-assistant.io/ory/integrations). 170 | 171 | This agreement defines the terms under which your code is contributed to Ory. 172 | More specifically it declares that you have the right to, and actually do, grant 173 | us the rights to use your contribution. You can see the Apache 2.0 license under 174 | which our projects are published 175 | [here](https://github.com/ory/meta/blob/master/LICENSE). 176 | 177 | When pull requests fail the automated testing stages (for example unit or E2E 178 | tests), authors are expected to update their pull requests to address the 179 | failures until the tests pass. 180 | 181 | Pull requests eligible for review 182 | 183 | 1. follow the repository's code formatting conventions; 184 | 2. include tests that prove that the change works as intended and does not add 185 | regressions; 186 | 3. document the changes in the code and/or the project's documentation; 187 | 4. pass the CI pipeline; 188 | 5. have signed our 189 | [Contributor License Agreement](https://cla-assistant.io/ory/integrations); 190 | 6. include a proper git commit message following the 191 | [Conventional Commit Specification](https://www.conventionalcommits.org/en/v1.0.0/). 192 | 193 | If all of these items are checked, the pull request is ready to be reviewed and 194 | you should change the status to "Ready for review" and 195 | [request review from a maintainer](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review). 196 | 197 | Reviewers will approve the pull request once they are satisfied with the patch. 198 | 199 | ## Contribute documentation 200 | 201 | Please provide documentation when changing, removing, or adding features. All 202 | Ory Documentation resides in the 203 | [Ory documentation repository](https://github.com/ory/docs/). For further 204 | instructions please head over to the Ory Documentation 205 | [README.md](https://github.com/ory/docs/blob/master/README.md). 206 | 207 | ## Disclosing vulnerabilities 208 | 209 | Please disclose vulnerabilities exclusively to 210 | [security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. 211 | 212 | ## Code style 213 | 214 | Please run `make format` to format all source code following the Ory standard. 215 | 216 | ### Working with forks 217 | 218 | ```bash 219 | # First you clone the original repository 220 | git clone git@github.com:ory/ory/integrations.git 221 | 222 | # Next you add a git remote that is your fork: 223 | git remote add fork git@github.com:/ory/integrations.git 224 | 225 | # Next you fetch the latest changes from origin for master: 226 | git fetch origin 227 | git checkout master 228 | git pull --rebase 229 | 230 | # Next you create a new feature branch off of master: 231 | git checkout my-feature-branch 232 | 233 | # Now you do your work and commit your changes: 234 | git add -A 235 | git commit -a -m "fix: this is the subject line" -m "This is the body line. Closes #123" 236 | 237 | # And the last step is pushing this to your fork 238 | git push -u fork my-feature-branch 239 | ``` 240 | 241 | Now go to the project's GitHub Pull Request page and click "New pull request" 242 | 243 | ## Conduct 244 | 245 | Whether you are a regular contributor or a newcomer, we care about making this 246 | community a safe place for you and we've got your back. 247 | 248 | [Ory Community Code of Conduct](https://github.com/ory/integrations/blob/master/CODE_OF_CONDUCT.md) 249 | 250 | We welcome discussion about creating a welcoming, safe, and productive 251 | environment for the community. If you have any questions, feedback, or concerns 252 | [please let us know](https://www.ory.sh/chat). 253 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NextJS with Ory 2 | 3 | 4 | > [!CAUTION] 5 | > This repository is deprecated and in read-only mode. Please use 6 | > [`@ory/nextjs`](https://github.com/ory/elements/tree/main/packages/nextjs) 7 | > instead. 8 | 9 | This repository contains integrations for connecting with Ory Network. 10 | 11 | ## Table of Contents 12 | 13 | 14 | 15 | 16 | - [NextJS](#nextjs) 17 | - [Vercel](#vercel) 18 | - [SDK Helpers](#sdk-helpers) 19 | - [Type Guards](#type-guards) 20 | - [UI Node Helpers](#ui-node-helpers) 21 | 22 | 23 | 24 | ## NextJS 25 | 26 | To connect a NextJS app with Ory, do the following in your NextJS App: 27 | 28 | ``` 29 | $ npm i --save @ory/integrations 30 | ``` 31 | 32 | Then create a file at `/api/.ory/[...paths].ts` with the 33 | following contents: 34 | 35 | ```typescript 36 | import { config, createApiHandler } from "@ory/integrations/next-edge" 37 | 38 | export { config } 39 | 40 | export default createApiHandler({ 41 | /* ... */ 42 | }) 43 | ``` 44 | 45 | You need to set the environment variable `ORY_SDK_URL` to your 46 | [Ory Cloud Project SDK URL](https://www.ory.sh/docs/concepts/services-api). For 47 | a list of available options head over to 48 | [`src/nextjs/index.ts`](src/next-edge/index.ts). 49 | 50 | ## Vercel 51 | 52 | To connect a non NextJS vercel app, do the following in your vercel app: 53 | 54 | ``` 55 | $ npm i --save @ory/integrations 56 | ``` 57 | 58 | Then create a file at `/api/oryproxy.js` with the following 59 | contents: 60 | 61 | ```javascript 62 | import { config, createApiHandler } from "@ory/integrations/next-edge" 63 | 64 | export { config } 65 | 66 | const ah = createApiHandler({ 67 | /* ... */ 68 | }) 69 | const apiHandlerWrapper = (req, res) => { 70 | req.query.paths = req.url.replace(/^\/api\/.ory\//, "").split("?")[0] 71 | ah(req, res) 72 | } 73 | export default apiHandlerWrapper 74 | ``` 75 | 76 | Then add the following contents to `/vercel.json`: 77 | 78 | ``` 79 | { 80 | "rewrites": [ 81 | { "source": "/api/.ory/:match*", "destination": "/api/oryproxy" } 82 | ] 83 | } 84 | ``` 85 | 86 | ## SDK Helpers 87 | 88 | This package contains several helpers for using the Ory SDKs with TypeScript, 89 | JavaScript, and NodeJS. 90 | 91 | ### Type Guards 92 | 93 | This package includes type guards for identifying UI nodes. 94 | 95 | ```ts 96 | import { 97 | isUiNodeImageAttributes, 98 | isUiNodeInputAttributes, 99 | isUiNodeScriptAttributes, 100 | isUiNodeTextAttributes, 101 | // ... 102 | } from "@ory/integrations/ui" 103 | 104 | // ... 105 | 106 | if (isUiNodeImageAttributes(node.attributes)) { 107 | console.log("it is an image: ", node.attributes.src) 108 | } 109 | ``` 110 | 111 | ### UI Node Helpers 112 | 113 | This package contains convenience functions for UI nodes: 114 | 115 | - `import { getNodeLabel } from '@ory/integrations/ui'`: Returns the node's 116 | label. 117 | - `import { getNodeId } from '@ory/integrations/ui'`: Returns a node's ID. 118 | - `import { filterNodesByGroups } from '@ory/integrations/ui'`: Filters nodes by 119 | their groups. 120 | 121 | An example of using the `filterNodesByGroups` function could be to map the 122 | UiNode[] to a certain JSX components. 123 | 124 | The example below is from the [ory/themes](https://github.com/ory/themes) 125 | repository and is used to map out the UI Nodes to JSX Components. 126 | 127 | Understanding `filterNodesByGroups` is quite easy if you think about it as a 128 | hierarchy: 129 | 130 | ```ts 131 | const nodes = [ 132 | { 133 | group: "webauthn", 134 | attributes: { 135 | node_type: "input", 136 | type: "input", 137 | }, 138 | }, 139 | { 140 | group: "oidc", 141 | attributes: { 142 | node_types: "button", 143 | type: "submit", 144 | }, 145 | }, 146 | { 147 | group: "oidc", //<-- take note here, we have 2 oidc groups 148 | attributes: { 149 | node_types: "input", 150 | type: "checkbox" 151 | } 152 | } 153 | { 154 | group: "foo", 155 | attributes: { 156 | node_types: "bar", 157 | type: "bar", 158 | }, 159 | }, 160 | ] 161 | 162 | filterNodesByGroups({ 163 | nodes: nodes, 164 | groups: "oidc,webauthn", //<-- filter these first 165 | attributes: "submit", // <-- then these will only take nodes containing the `submit` attributes 166 | withoutDefaultAttributes: true, //<-- dont add 'hidden' and 'script' fields when we specify attributes 167 | excludeAttributes: "checkbox", // <-- defining this wont do much here since we defined attributes. exclude the attributes to see what happens. 168 | }) 169 | ``` 170 | 171 | How will our output look like? 172 | 173 | ```diff 174 | [ 175 | - { 176 | - group: "webauthn", 177 | - attributes: { 178 | - node_type: "input", 179 | - type: "input", 180 | - }, 181 | - }, 182 | + { 183 | + group: "oidc", 184 | + attributes: { 185 | + node_types: "button", 186 | + type: "submit", 187 | + }, 188 | + }, 189 | - { 190 | - group: "oidc", //<-- take note here, we have 2 oidc groups 191 | - attributes: { 192 | - node_types: "input", 193 | - type: "checkbox" 194 | - } 195 | - } 196 | - { 197 | - group: "foo", 198 | - attributes: { 199 | - node_types: "bar", 200 | - type: "bar", 201 | - }, 202 | - }, 203 | ] 204 | ``` 205 | 206 | An example is we have a UINode containing the group "totp" and attributes node 207 | type "input". 208 | 209 | ```json5 210 | { 211 | group: "totp", 212 | attributes: { 213 | name: "f", 214 | type: "input", 215 | node_type: "input", 216 | }, 217 | } 218 | ``` 219 | 220 | Our end goal is to map it to HTML, something like this. 221 | 222 | ```html 223 | 224 | ``` 225 | 226 | To achieve that, we could wrap it in a nifty JSX component which returns the 227 | correct component based on our UI node type. 228 | 229 | We accept a `filter` object which is basically the `FilterNodesByGroups` type 230 | and return a `` component, which is a component that helps us return our 231 | specific HTML. 232 | 233 | ```tsx 234 | export const FilterFlowNodes = ({ 235 | filter, 236 | includeCSRF, 237 | }: { 238 | filter: FilterNodesByGroups 239 | includeCSRF?: boolean 240 | }): JSX.Element | null => { 241 | const getInputName = (node: UiNode): string => 242 | isUiNodeInputAttributes(node.attributes) ? node.attributes.name : "" 243 | 244 | // Here we are using our filterNodesByGroups to get the nodes we really want. We can even do some more filtering and mapping 245 | const nodes = filterNodesByGroups(filter) 246 | // we don't want to map the csrf token every time, only on the form level 247 | .filter((node) => 248 | getInputName(node) === "csrf_token" && !includeCSRF ? false : true, 249 | ) 250 | .map((node, k) => 251 | ["hidden"].includes(getNodeInputType(node.attributes)) 252 | ? { 253 | node: , 254 | hidden: true, 255 | } 256 | : { 257 | node: , 258 | hidden: false, 259 | }, 260 | ) 261 | 262 | return nodes.length > 0 ? ( 263 | <> 264 | // we don't want hidden fields to create new gaps 265 | {nodes.filter((node) => node.hidden).map((node) => node.node)} 266 |
267 | {nodes.filter((node) => !node.hidden).map((node) => node.node)} 268 |
269 | 270 | ) : null 271 | } 272 | ``` 273 | 274 | Now we can use our wrapper to return the HTML we want based on the `nodes`. 275 | 276 | Here we only want nodes that do not have the `hidden` attribute. 277 | 278 | ```tsx 279 | 285 | ``` 286 | 287 | Another more complex example is to filter out the UI nodes to only retrieve the 288 | `oidc` and `password` groups. We also exclude the `default` group here with 289 | `withoutDefaultGroup: true`. Furthermore we do some exclusions on the 290 | `submit and `hidden`attributes, so any group which has an attribute containing a node type`submit`or`hidden` 291 | will be filtered out. 292 | 293 | ```tsx 294 | 302 | ``` 303 | 304 | Another example of us wanting the `oidc` and `webauthn` group (note: we can use 305 | comma seperated strings instead of an array). We also exclude default attributes 306 | with `withoutDefaultAttributes: true` which are `hidden` and `script` elements. 307 | This will also only return us the nodes which have a `submit` attribute. 308 | 309 | ```tsx 310 | 318 | ``` 319 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | # Ory Security Policy 5 | 6 | This policy outlines Ory's security commitments and practices for users across 7 | different licensing and deployment models. 8 | 9 | To learn more about Ory's security service level agreements (SLAs) and 10 | processes, please [contact us](https://www.ory.sh/contact/). 11 | 12 | ## Ory Network Users 13 | 14 | - **Security SLA:** Ory addresses vulnerabilities in the Ory Network according 15 | to the following guidelines: 16 | - Critical: Typically addressed within 14 days. 17 | - High: Typically addressed within 30 days. 18 | - Medium: Typically addressed within 90 days. 19 | - Low: Typically addressed within 180 days. 20 | - Informational: Addressed as necessary. 21 | These timelines are targets and may vary based on specific circumstances. 22 | - **Release Schedule:** Updates are deployed to the Ory Network as 23 | vulnerabilities are resolved. 24 | - **Version Support:** The Ory Network always runs the latest version, ensuring 25 | up-to-date security fixes. 26 | 27 | ## Ory Enterprise License Customers 28 | 29 | - **Security SLA:** Ory addresses vulnerabilities based on their severity: 30 | - Critical: Typically addressed within 14 days. 31 | - High: Typically addressed within 30 days. 32 | - Medium: Typically addressed within 90 days. 33 | - Low: Typically addressed within 180 days. 34 | - Informational: Addressed as necessary. 35 | These timelines are targets and may vary based on specific circumstances. 36 | - **Release Schedule:** Updates are made available as vulnerabilities are 37 | resolved. Ory works closely with enterprise customers to ensure timely updates 38 | that align with their operational needs. 39 | - **Version Support:** Ory may provide security support for multiple versions, 40 | depending on the terms of the enterprise agreement. 41 | 42 | ## Apache 2.0 License Users 43 | 44 | - **Security SLA:** Ory does not provide a formal SLA for security issues under 45 | the Apache 2.0 License. 46 | - **Release Schedule:** Releases prioritize new functionality and include fixes 47 | for known security vulnerabilities at the time of release. While major 48 | releases typically occur one to two times per year, Ory does not guarantee a 49 | fixed release schedule. 50 | - **Version Support:** Security patches are only provided for the latest release 51 | version. 52 | 53 | ## Reporting a Vulnerability 54 | 55 | For details on how to report security vulnerabilities, visit our 56 | [security policy documentation](https://www.ory.sh/docs/ecosystem/security). 57 | -------------------------------------------------------------------------------- /babel.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | presets: [ 3 | ["@babel/preset-env", { targets: { node: "current" } }], 4 | "@babel/preset-typescript", 5 | ], 6 | } 7 | -------------------------------------------------------------------------------- /jest.config.js: -------------------------------------------------------------------------------- 1 | /* 2 | * For a detailed explanation regarding each configuration property, visit: 3 | * https://jestjs.io/docs/configuration 4 | */ 5 | 6 | module.exports = { 7 | // All imported modules in your tests should be mocked automatically 8 | // automock: false, 9 | 10 | // Stop running tests after `n` failures 11 | // bail: 0, 12 | 13 | // The directory where Jest should store its cached dependency information 14 | // cacheDirectory: "/private/var/folders/mt/m1dwr59n73zgsq7bk0q2lrmc0000gn/T/jest_dx", 15 | 16 | // Automatically clear mock calls and instances between every test 17 | clearMocks: true, 18 | 19 | // Indicates whether the coverage information should be collected while executing the test 20 | collectCoverage: true, 21 | 22 | // An array of glob patterns indicating a set of files for which coverage information should be collected 23 | // collectCoverageFrom: undefined, 24 | 25 | // The directory where Jest should output its coverage files 26 | coverageDirectory: "coverage", 27 | 28 | // An array of regexp pattern strings used to skip coverage collection 29 | // coveragePathIgnorePatterns: [ 30 | // "/node_modules/" 31 | // ], 32 | 33 | // Indicates which provider should be used to instrument code for coverage 34 | // coverageProvider: "babel", 35 | 36 | // A list of reporter names that Jest uses when writing coverage reports 37 | // coverageReporters: [ 38 | // "json", 39 | // "text", 40 | // "lcov", 41 | // "clover" 42 | // ], 43 | 44 | // An object that configures minimum threshold enforcement for coverage results 45 | // coverageThreshold: undefined, 46 | 47 | // A path to a custom dependency extractor 48 | // dependencyExtractor: undefined, 49 | 50 | // Make calling deprecated APIs throw helpful error messages 51 | // errorOnDeprecated: false, 52 | 53 | // Force coverage collection from ignored files using an array of glob patterns 54 | // forceCoverageMatch: [], 55 | 56 | // A path to a module which exports an async function that is triggered once before all test suites 57 | // globalSetup: undefined, 58 | 59 | // A path to a module which exports an async function that is triggered once after all test suites 60 | // globalTeardown: undefined, 61 | 62 | // A set of global variables that need to be available in all test environments 63 | // globals: {}, 64 | 65 | // The maximum amount of workers used to run your tests. Can be specified as % or a number. E.g. maxWorkers: 10% will use 10% of your CPU amount + 1 as the maximum worker number. maxWorkers: 2 will use a maximum of 2 workers. 66 | // maxWorkers: "50%", 67 | 68 | // An array of directory names to be searched recursively up from the requiring module's location 69 | // moduleDirectories: [ 70 | // "node_modules" 71 | // ], 72 | 73 | // An array of file extensions your modules use 74 | // moduleFileExtensions: [ 75 | // "js", 76 | // "jsx", 77 | // "ts", 78 | // "tsx", 79 | // "json", 80 | // "node" 81 | // ], 82 | 83 | // A map from regular expressions to module names or to arrays of module names that allow to stub out resources with a single module 84 | // moduleNameMapper: {}, 85 | 86 | // An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader 87 | // modulePathIgnorePatterns: [], 88 | 89 | // Activates notifications for test results 90 | // notify: false, 91 | 92 | // An enum that specifies notification mode. Requires { notify: true } 93 | // notifyMode: "failure-change", 94 | 95 | // A preset that is used as a base for Jest's configuration 96 | // preset: undefined, 97 | 98 | // Run tests from one or more projects 99 | // projects: undefined, 100 | 101 | // Use this configuration option to add custom reporters to Jest 102 | // reporters: undefined, 103 | 104 | // Automatically reset mock state between every test 105 | // resetMocks: false, 106 | 107 | // Reset the module registry before running each individual test 108 | // resetModules: false, 109 | 110 | // A path to a custom resolver 111 | // resolver: undefined, 112 | 113 | // Automatically restore mock state between every test 114 | // restoreMocks: false, 115 | 116 | // The root directory that Jest should scan for tests and modules within 117 | // rootDir: undefined, 118 | 119 | // A list of paths to directories that Jest should use to search for files in 120 | // roots: [ 121 | // "" 122 | // ], 123 | 124 | // Allows you to use a custom runner instead of Jest's default test runner 125 | // runner: "jest-runner", 126 | 127 | // The paths to modules that run some code to configure or set up the testing environment before each test 128 | // setupFiles: [], 129 | 130 | // A list of paths to modules that run some code to configure or set up the testing framework before each test 131 | // setupFilesAfterEnv: [], 132 | 133 | // The number of seconds after which a test is considered as slow and reported as such in the results. 134 | // slowTestThreshold: 5, 135 | 136 | // A list of paths to snapshot serializer modules Jest should use for snapshot testing 137 | // snapshotSerializers: [], 138 | 139 | // The test environment that will be used for testing 140 | // testEnvironment: "jest-environment-node", 141 | 142 | // Options that will be passed to the testEnvironment 143 | // testEnvironmentOptions: {}, 144 | 145 | // Adds a location field to test results 146 | // testLocationInResults: false, 147 | 148 | // The glob patterns Jest uses to detect test files 149 | // testMatch: [ 150 | // "**/__tests__/**/*.[jt]s?(x)", 151 | // "**/?(*.)+(spec|test).[tj]s?(x)" 152 | // ], 153 | 154 | // An array of regexp pattern strings that are matched against all test paths, matched tests are skipped 155 | // testPathIgnorePatterns: [ 156 | // "/node_modules/" 157 | // ], 158 | 159 | // The regexp pattern or array of patterns that Jest uses to detect test files 160 | // testRegex: [], 161 | 162 | // This option allows the use of a custom results processor 163 | // testResultsProcessor: undefined, 164 | 165 | // This option allows use of a custom test runner 166 | // testRunner: "jest-circus/runner", 167 | 168 | // This option sets the URL for the jsdom environment. It is reflected in properties such as location.href 169 | // testURL: "http://localhost", 170 | 171 | // Setting this value to "fake" allows the use of fake timers for functions such as "setTimeout" 172 | // timers: "real", 173 | 174 | // A map from regular expressions to paths to transformers 175 | // transform: undefined, 176 | 177 | // An array of regexp pattern strings that are matched against all source file paths, matched files will skip transformation 178 | // transformIgnorePatterns: [ 179 | // "/node_modules/", 180 | // "\\.pnp\\.[^\\/]+$" 181 | // ], 182 | 183 | // An array of regexp pattern strings that are matched against all modules before the module loader will automatically return a mock for them 184 | // unmockedModulePathPatterns: undefined, 185 | 186 | // Indicates whether each individual test should be reported during the run 187 | // verbose: undefined, 188 | 189 | // An array of regexp patterns that are matched against all source file paths before re-running tests in watch mode 190 | // watchPathIgnorePatterns: [], 191 | 192 | // Whether to use watchman for file crawling 193 | // watchman: true, 194 | } 195 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@ory/integrations", 3 | "version": "v0.0.1", 4 | "description": "Integrations for Ory Cloud", 5 | "author": "Ory GmbH", 6 | "prettier": "ory-prettier-styles", 7 | "license": "Apache-2.0", 8 | "repository": "https://github.com/ory/integrations", 9 | "config": { 10 | "prettierTarget": "**/*.{tsx,ts,json,md,js,css}" 11 | }, 12 | "scripts": { 13 | "format": "prettier --write ${npm_package_config_prettierTarget}", 14 | "format:check": "prettier --check ${npm_package_config_prettierTarget}", 15 | "build": "rm -rf dist ui nextjs && rollup -c", 16 | "prepublishOnly": "npm run build", 17 | "test": "jest --forceExit" 18 | }, 19 | "devDependencies": { 20 | "ory-prettier-styles": "1.3.0", 21 | "prettier": "3.2.5", 22 | "@babel/core": "7.23.9", 23 | "@babel/preset-env": "7.23.9", 24 | "@babel/preset-typescript": "7.23.3", 25 | "@ory/client": "1.6.2", 26 | "@types/cookie": "0.6.0", 27 | "@types/express": "4.17.21", 28 | "@types/jest": "29.5.12", 29 | "@types/node": "18.17.14", 30 | "@types/set-cookie-parser": "2.4.7", 31 | "@types/supertest": "6.0.2", 32 | "babel-jest": "29.7.0", 33 | "esbuild": "0.20.1", 34 | "express": "~4.21.1", 35 | "jest": "29.7.0", 36 | "rollup": "~4.24.0", 37 | "rollup-plugin-dts": "6.1.0", 38 | "rollup-plugin-esbuild": "6.1.1", 39 | "supertest": "6.3.4", 40 | "typescript": "5.3.3" 41 | }, 42 | "peerDependencies": { 43 | "@ory/client": ">1.1.38", 44 | "next": ">=12.0.10" 45 | }, 46 | "dependencies": { 47 | "@types/tldjs": "~2.3.4", 48 | "cookie": "~1.0.1", 49 | "istextorbinary": "~9.5.0", 50 | "next": ">=12.0.10", 51 | "set-cookie-parser": "~2.7.0", 52 | "tldjs": "~2.3.1" 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /rollup.config.mjs: -------------------------------------------------------------------------------- 1 | import dts from "rollup-plugin-dts" 2 | import esbuild from "rollup-plugin-esbuild" 3 | 4 | const bundle = (config) => ({ 5 | ...config, 6 | external: (id) => !/^[./]/.test(id), 7 | }) 8 | 9 | const modules = ["ui", "routes", "next-edge", "next", "next-edge-app"] 10 | .map((module) => [ 11 | bundle({ 12 | plugins: [esbuild()], 13 | input: `src/${module}/index.ts`, 14 | output: [ 15 | { 16 | file: `${module}/index.js`, 17 | format: "cjs", 18 | sourcemap: true, 19 | }, 20 | { 21 | file: `${module}/index.mjs`, 22 | format: "es", 23 | sourcemap: true, 24 | }, 25 | ], 26 | }), 27 | bundle({ 28 | plugins: [dts()], 29 | input: `src/${module}/index.ts`, 30 | output: { 31 | file: `${module}/index.d.ts`, 32 | format: "es", 33 | }, 34 | }), 35 | ]) 36 | .reduce((acc, e) => [...acc, ...e], []) 37 | 38 | export default modules 39 | -------------------------------------------------------------------------------- /src/common/default-forwarded-headers.ts: -------------------------------------------------------------------------------- 1 | export const defaultForwardedHeaders = [ 2 | "accept", 3 | "accept-charset", 4 | "accept-encoding", 5 | "accept-language", 6 | "authorization", 7 | "cache-control", 8 | "content-type", 9 | "cookie", 10 | "host", 11 | "user-agent", 12 | "referer", 13 | ] 14 | -------------------------------------------------------------------------------- /src/common/get-base-url.ts: -------------------------------------------------------------------------------- 1 | import { type CreateApiHandlerOptions } from "../type/create-api-handler-options" 2 | 3 | export function getBaseUrl(options: CreateApiHandlerOptions) { 4 | let baseUrl = options.fallbackToPlayground 5 | ? "https://playground.projects.oryapis.com/" 6 | : "" 7 | 8 | if (process.env.ORY_SDK_URL) { 9 | baseUrl = process.env.ORY_SDK_URL 10 | } 11 | 12 | if (process.env.ORY_KRATOS_URL) { 13 | baseUrl = process.env.ORY_KRATOS_URL 14 | } 15 | 16 | if (process.env.ORY_SDK_URL && process.env.ORY_KRATOS_URL) { 17 | throw new Error("Only one of ORY_SDK_URL or ORY_KRATOS_URL can be set.") 18 | } 19 | 20 | if (options.apiBaseUrlOverride) { 21 | baseUrl = options.apiBaseUrlOverride 22 | } 23 | 24 | return baseUrl.replace(/\/$/, "") 25 | } 26 | export { CreateApiHandlerOptions } 27 | -------------------------------------------------------------------------------- /src/common/get-cookie-domain.test.ts: -------------------------------------------------------------------------------- 1 | import { guessCookieDomain } from "./get-cookie-domain" 2 | 3 | describe("cookie guesser", () => { 4 | test("uses force domain", async () => { 5 | expect( 6 | guessCookieDomain("https://localhost", { 7 | forceCookieDomain: "some-domain", 8 | }), 9 | ).toEqual("some-domain") 10 | }) 11 | 12 | test("does not use any guessing domain", async () => { 13 | expect( 14 | guessCookieDomain("https://localhost", { 15 | dontUseTldForCookieDomain: true, 16 | }), 17 | ).toEqual(undefined) 18 | }) 19 | 20 | test("is not confused by invalid data", async () => { 21 | expect( 22 | guessCookieDomain("5qw5tare4g", { 23 | dontUseTldForCookieDomain: true, 24 | }), 25 | ).toEqual(undefined) 26 | expect( 27 | guessCookieDomain("https://123.123.123.123.123", { 28 | dontUseTldForCookieDomain: true, 29 | }), 30 | ).toEqual(undefined) 31 | }) 32 | 33 | test("is not confused by IP", async () => { 34 | expect( 35 | guessCookieDomain("https://123.123.123.123", { 36 | dontUseTldForCookieDomain: true, 37 | }), 38 | ).toEqual(undefined) 39 | expect( 40 | guessCookieDomain("https://2001:0db8:0000:0000:0000:ff00:0042:8329", { 41 | dontUseTldForCookieDomain: true, 42 | }), 43 | ).toEqual(undefined) 44 | }) 45 | 46 | test("uses TLD", async () => { 47 | expect(guessCookieDomain("https://foo.localhost", {})).toEqual( 48 | "foo.localhost", 49 | ) 50 | 51 | expect(guessCookieDomain("https://foo.localhost:1234", {})).toEqual( 52 | "foo.localhost", 53 | ) 54 | 55 | expect( 56 | guessCookieDomain( 57 | "https://spark-public.s3.amazonaws.com/dataanalysis/loansData.csv", 58 | {}, 59 | ), 60 | ).toEqual("spark-public.s3.amazonaws.com") 61 | 62 | expect(guessCookieDomain("spark-public.s3.amazonaws.com", {})).toEqual( 63 | "spark-public.s3.amazonaws.com", 64 | ) 65 | 66 | expect(guessCookieDomain("https://localhost/123", {})).toEqual("localhost") 67 | expect(guessCookieDomain("https://localhost:1234/123", {})).toEqual( 68 | "localhost", 69 | ) 70 | }) 71 | }) 72 | -------------------------------------------------------------------------------- /src/common/get-cookie-domain.ts: -------------------------------------------------------------------------------- 1 | import tldjs from "tldjs" 2 | import { CreateApiHandlerOptions } from "./get-base-url" 3 | 4 | export function guessCookieDomain( 5 | url: string | undefined, 6 | options: CreateApiHandlerOptions, 7 | ) { 8 | if (!url || options.forceCookieDomain) { 9 | return options.forceCookieDomain 10 | } 11 | 12 | if (options.dontUseTldForCookieDomain) { 13 | return undefined 14 | } 15 | 16 | const parsed = tldjs.parse(url || "") 17 | 18 | if (!parsed.isValid || parsed.isIp) { 19 | return undefined 20 | } 21 | 22 | if (!parsed.domain) { 23 | return parsed.hostname 24 | } 25 | 26 | return parsed.domain 27 | } 28 | -------------------------------------------------------------------------------- /src/common/process-location-header.ts: -------------------------------------------------------------------------------- 1 | export function processLocationHeader( 2 | locationHeaderValue: string, 3 | baseUrl: string, 4 | ) { 5 | if (locationHeaderValue.startsWith(baseUrl)) { 6 | return locationHeaderValue.replace(baseUrl, "/api/.ory") 7 | } 8 | 9 | if ( 10 | locationHeaderValue.startsWith("/api/kratos/public/") || 11 | locationHeaderValue.startsWith("/self-service/") || 12 | locationHeaderValue.startsWith("/ui/") 13 | ) { 14 | return "/api/.ory" + locationHeaderValue 15 | } 16 | 17 | return locationHeaderValue 18 | } 19 | -------------------------------------------------------------------------------- /src/next-edge-app/index.ts: -------------------------------------------------------------------------------- 1 | import { SerializeOptions as CookieSerializeOptions, serialize } from "cookie" 2 | import { headers } from "next/headers" 3 | import { redirect } from "next/navigation" 4 | import { NextResponse, type NextRequest } from "next/server" 5 | import parse, { splitCookiesString } from "set-cookie-parser" 6 | import { getBaseUrl } from "../common/get-base-url" 7 | import { CreateApiHandlerOptions } from "../type/create-api-handler-options" 8 | import { defaultForwardedHeaders } from "../common/default-forwarded-headers" 9 | import { processLocationHeader } from "../common/process-location-header" 10 | import { guessCookieDomain } from "../common/get-cookie-domain" 11 | 12 | export function filterRequestHeaders( 13 | forwardAdditionalHeaders?: string[], 14 | ): Headers { 15 | const filteredHeaders = new Headers() 16 | headers().forEach((value, key) => { 17 | const isValid = 18 | defaultForwardedHeaders.includes(key) || 19 | (forwardAdditionalHeaders ?? []).includes(key) 20 | if (isValid) filteredHeaders.set(key, value) 21 | }) 22 | 23 | return filteredHeaders 24 | } 25 | 26 | function processSetCookieHeader( 27 | protocol: string, 28 | fetchResponse: Response, 29 | options: CreateApiHandlerOptions, 30 | ) { 31 | const requestHeaders = headers() 32 | const isTls = 33 | protocol === "https:" || requestHeaders.get("x-forwarded-proto") === "https" 34 | 35 | const secure = 36 | options.forceCookieSecure === undefined ? isTls : options.forceCookieSecure 37 | 38 | const forwarded = requestHeaders.get("x-forwarded-host") 39 | const host = forwarded ? forwarded : requestHeaders.get("host") 40 | const domain = guessCookieDomain(host, options) 41 | 42 | return parse( 43 | splitCookiesString(fetchResponse.headers.get("set-cookie") || ""), 44 | ) 45 | .map((cookie) => ({ 46 | ...cookie, 47 | domain, 48 | secure, 49 | encode: (v: string) => v, 50 | })) 51 | .map(({ value, name, ...options }) => 52 | serialize(name, value, options as CookieSerializeOptions), 53 | ) 54 | } 55 | 56 | export function createApiHandler(options: CreateApiHandlerOptions) { 57 | const baseUrl = getBaseUrl(options) 58 | 59 | const handler = async ( 60 | request: NextRequest, 61 | { params }: { params: { path: string[] } }, 62 | ) => { 63 | const path = request.nextUrl.pathname.replace("/api/.ory", "") 64 | const url = new URL(path, baseUrl) 65 | url.search = request.nextUrl.search 66 | 67 | if (path === "ui/welcome") { 68 | // A special for redirecting to the home page 69 | // if we were being redirected to the hosted UI 70 | // welcome page. 71 | redirect("../../../") 72 | } 73 | 74 | const requestHeaders = filterRequestHeaders( 75 | options.forwardAdditionalHeaders, 76 | ) 77 | 78 | requestHeaders.set("X-Ory-Base-URL-Rewrite", "false") 79 | requestHeaders.set("Ory-Base-URL-Rewrite", "false") 80 | requestHeaders.set("Ory-No-Custom-Domain-Redirect", "true") 81 | 82 | // Only effective in CI. 83 | if ( 84 | process.env.ORY_CI_RATE_LIMIT_HEADER && 85 | process.env.ORY_CI_RATE_LIMIT_HEADER_VALUE 86 | ) { 87 | requestHeaders.set( 88 | process.env.ORY_CI_RATE_LIMIT_HEADER, 89 | process.env.ORY_CI_RATE_LIMIT_HEADER_VALUE, 90 | ) 91 | } 92 | 93 | try { 94 | const response = await fetch(url, { 95 | method: request.method, 96 | headers: requestHeaders, 97 | body: 98 | request.method !== "GET" && request.method !== "HEAD" 99 | ? await request.arrayBuffer() 100 | : null, 101 | redirect: "manual", 102 | }) 103 | 104 | const responseHeaders = new Headers() 105 | for (const [key, value] of response.headers) { 106 | responseHeaders.append(key, value) 107 | } 108 | 109 | responseHeaders.delete("location") 110 | responseHeaders.delete("set-cookie") 111 | if (response.headers.get("set-cookie")) { 112 | const cookies = processSetCookieHeader( 113 | request.nextUrl.protocol, 114 | response, 115 | options, 116 | ) 117 | cookies.forEach((cookie) => { 118 | responseHeaders.append("Set-Cookie", cookie) 119 | }) 120 | } 121 | 122 | if (response.headers.get("location")) { 123 | const location = processLocationHeader( 124 | response.headers.get("location"), 125 | baseUrl, 126 | ) 127 | responseHeaders.set("location", location) 128 | } 129 | 130 | responseHeaders.delete("transfer-encoding") 131 | responseHeaders.delete("content-encoding") 132 | responseHeaders.delete("content-length") 133 | 134 | const buf = Buffer.from(await response.arrayBuffer()) 135 | 136 | try { 137 | return new NextResponse( 138 | buf.toString("utf-8").replace(new RegExp(baseUrl, "g"), "/api/.ory"), 139 | { 140 | status: response.status, 141 | headers: responseHeaders, 142 | }, 143 | ) 144 | } catch (err) { 145 | return new NextResponse(response.body, { 146 | status: response.status, 147 | headers: responseHeaders, 148 | }) 149 | } 150 | } catch (error) { 151 | console.error(error, { 152 | path, 153 | url, 154 | method: request.method, 155 | headers: requestHeaders, 156 | }) 157 | throw error 158 | } 159 | } 160 | 161 | return { 162 | GET: handler, 163 | POST: handler, 164 | } 165 | } 166 | -------------------------------------------------------------------------------- /src/next-edge/index.test.ts: -------------------------------------------------------------------------------- 1 | import { createApiHandler, filterRequestHeaders } from "./index" 2 | import express from "express" 3 | import { NextApiRequest, NextApiResponse } from "next" 4 | import supertest from "supertest" 5 | import parse, { splitCookiesString } from "set-cookie-parser" 6 | import http from "http" 7 | import { Application } from "express-serve-static-core" 8 | import { CreateApiHandlerOptions } from "../type/create-api-handler-options" 9 | 10 | interface AppResult { 11 | app: Application 12 | server: http.Server 13 | } 14 | 15 | function createApp(options: CreateApiHandlerOptions): AppResult { 16 | const app = express() 17 | 18 | const handler = createApiHandler({ 19 | apiBaseUrlOverride: 20 | "https://youthful-feynman-ml50dfb20g.projects.staging.oryapis.dev", 21 | ...options, 22 | }) 23 | const router = express.Router() 24 | router.use((req, res) => { 25 | handler(req as any as NextApiRequest, res as any as NextApiResponse) 26 | }) 27 | 28 | app.use(router) 29 | 30 | return { 31 | app, 32 | server: app.listen(), 33 | } 34 | } 35 | 36 | describe("NextJS handler", () => { 37 | let app: AppResult 38 | 39 | afterEach((done) => { 40 | app.server.close(done) 41 | }) 42 | 43 | test("returns the revision ID", (done) => { 44 | app = createApp({ 45 | apiBaseUrlOverride: "https://playground.projects.oryapis.com", 46 | forceCookieSecure: false, 47 | }) 48 | 49 | supertest(app.app) 50 | .get("/?paths=revisions&paths=kratos") 51 | .expect(200) 52 | .then((res) => { 53 | expect(res.body).toHaveLength(36) 54 | done() 55 | }) 56 | .catch(done) 57 | }) 58 | 59 | test("sets the appropriate cookies", (done) => { 60 | app = createApp({ 61 | apiBaseUrlOverride: "https://playground.projects.oryapis.com", 62 | }) 63 | 64 | supertest(app.app) 65 | .get("/?paths=self-service&paths=login&paths=browser") 66 | .set("Host", "www.example.org") 67 | .expect(303) 68 | .then((res) => { 69 | expect(res.headers["set-cookie"]).toBeDefined() 70 | 71 | const cookies = parse(res.headers["set-cookie"]) 72 | expect( 73 | cookies.find(({ name }) => name.indexOf("csrf_token") > -1), 74 | ).toBeDefined() 75 | 76 | cookies.forEach(({ domain, secure }) => { 77 | expect(domain).toEqual("example.org") 78 | expect(secure).toBeFalsy() 79 | }) 80 | 81 | done() 82 | }) 83 | .catch(done) 84 | }) 85 | 86 | test("sets the appropriate cookie domain based on headers", (done) => { 87 | app = createApp({ 88 | apiBaseUrlOverride: "https://playground.projects.oryapis.com", 89 | }) 90 | 91 | supertest(app.app) 92 | .get("/?paths=self-service&paths=login&paths=browser") 93 | .set("Host", "www.example.org") 94 | .set("X-Forwarded-Host", "www.example.bar") 95 | .expect(303) 96 | .then((res) => { 97 | const cookies = parse(splitCookiesString(res.headers["set-cookie"])) 98 | cookies.forEach(({ domain }) => { 99 | expect(domain).toEqual("example.bar") 100 | }) 101 | 102 | done() 103 | }) 104 | .catch(done) 105 | }) 106 | 107 | test("sets secure true if a TLS connection", (done) => { 108 | app = createApp({ 109 | apiBaseUrlOverride: "https://playground.projects.oryapis.com", 110 | }) 111 | 112 | supertest(app.app) 113 | .get("/?paths=self-service&paths=login&paths=browser") 114 | .set("x-forwarded-proto", "https") 115 | .expect(303) 116 | .then((res) => { 117 | expect(res.headers["set-cookie"]).toBeDefined() 118 | 119 | const cookies = parse(res.headers["set-cookie"]) 120 | expect( 121 | cookies.find(({ name }) => name.indexOf("csrf_token") > -1), 122 | ).toBeDefined() 123 | 124 | cookies.forEach(({ domain, secure }) => { 125 | expect(domain).toBeUndefined() 126 | expect(secure).toBeTruthy() 127 | }) 128 | 129 | done() 130 | }) 131 | .catch(done) 132 | }) 133 | 134 | test("uses the options correctly", async () => { 135 | app = createApp({ 136 | apiBaseUrlOverride: "https://i-do-not-exist.projects.oryapis.com", 137 | forceCookieSecure: true, 138 | forceCookieDomain: "some-domain", 139 | }) 140 | 141 | const response = await supertest(app.app) 142 | .get("/?paths=health&paths=alive") 143 | .expect(404) 144 | .then((res) => res) 145 | 146 | expect(response.headers["set-cookie"]).toBeDefined() 147 | 148 | const cookies = parse(response.headers["set-cookie"]) 149 | expect( 150 | cookies.find(({ name }) => name.indexOf("csrf_token") > -1), 151 | ).toBeUndefined() 152 | 153 | cookies.forEach(({ domain, secure }) => { 154 | expect(domain).toBe("some-domain") 155 | expect(secure).toBeTruthy() 156 | }) 157 | }) 158 | 159 | test("returns the alive status code for the playground", (done) => { 160 | app = createApp({ 161 | forceCookieSecure: false, 162 | fallbackToPlayground: true, 163 | }) 164 | 165 | supertest(app.app) 166 | .get("/?paths=revisions&paths=kratos") 167 | .expect(200) 168 | .then((res) => { 169 | expect(res.body).toHaveLength(36) 170 | done() 171 | }) 172 | .catch(done) 173 | }) 174 | 175 | test("updates the redirect location", async () => { 176 | app = createApp({ 177 | forceCookieSecure: false, 178 | fallbackToPlayground: true, 179 | }) 180 | 181 | await supertest(app.app) 182 | .get("/?paths=ui&paths=login") 183 | .redirects(0) 184 | .expect( 185 | "Location", 186 | "../self-service/login/browser?aal=&refresh=&return_to=&organization=&via=", 187 | ) 188 | .expect(303) 189 | }) 190 | 191 | test("updates the redirect location with the new schema", async () => { 192 | app = createApp({ 193 | apiBaseUrlOverride: 194 | "https://fervent-jang-vww1sezlls.projects.staging.oryapis.dev", 195 | forceCookieSecure: false, 196 | fallbackToPlayground: true, 197 | }) 198 | 199 | await supertest(app.app) 200 | .get("/?paths=ui&paths=login") 201 | .redirects(0) 202 | .expect( 203 | "Location", 204 | "../self-service/login/browser?aal=&refresh=&return_to=&organization=&via=", 205 | ) 206 | .expect(303) 207 | }) 208 | 209 | test("redirects home if we end up at the welcome page", async () => { 210 | app = createApp({ 211 | forceCookieSecure: false, 212 | fallbackToPlayground: true, 213 | }) 214 | 215 | await supertest(app.app) 216 | .get("/?paths=ui&paths=welcome") 217 | .redirects(0) 218 | .expect("Location", "../../../") 219 | .expect(303) 220 | }) 221 | 222 | test("redirects to login if we access settings without a session", async () => { 223 | app = createApp({ 224 | forceCookieSecure: false, 225 | fallbackToPlayground: true, 226 | }) 227 | 228 | await supertest(app.app) 229 | .get("/?paths=ui&paths=settings") 230 | .redirects(0) 231 | .expect("Location", "/api/.ory/self-service/login/browser") 232 | .expect(302) 233 | }) 234 | 235 | test("updates the contents of JSON", async () => { 236 | app = createApp({ 237 | forceCookieSecure: false, 238 | fallbackToPlayground: true, 239 | }) 240 | 241 | const response = await supertest(app.app) 242 | .get("/?paths=self-service&paths=login&paths=api") 243 | .expect(200) 244 | .then((res) => res.body) 245 | 246 | expect(response.ui.action).toContain("/self-service/login?flow=") 247 | }) 248 | 249 | test("should work with binaries", async () => { 250 | app = createApp({ 251 | forceCookieSecure: false, 252 | fallbackToPlayground: true, 253 | }) 254 | 255 | await supertest(app.app).get("/?paths=ui&paths=ory-small.svg").expect(200) 256 | }) 257 | 258 | test("updates the contents of HTML", async () => { 259 | app = createApp({ 260 | forceCookieSecure: false, 261 | fallbackToPlayground: true, 262 | }) 263 | 264 | let response = await supertest(app.app) 265 | .get("/?paths=self-service&paths=login&paths=browser") 266 | .expect(303) 267 | 268 | expect(response.headers["location"]).toContain("/api/.ory/ui/login") 269 | const loc = response.headers["location"] 270 | .replace("/api/.ory/", "") 271 | .split("/") 272 | .map((p: string) => `paths=${p}`) 273 | .join("&") 274 | .replace("?flow", "&flow") 275 | 276 | response = await supertest(app.app) 277 | .get("/?" + loc) 278 | .set("Cookie", [splitCookiesString(response.headers["set-cookie"])[0]]) 279 | .expect("Content-Type", /text\/html/) 280 | .expect(200) 281 | 282 | expect(response.text).toContain('action="/api/.ory/self-service/login') 283 | }) 284 | }) 285 | 286 | describe("filterRequestHeaders", () => { 287 | test("correctly filters headers", async () => { 288 | const headers = { 289 | accept: "application/json", 290 | filtered: "any", 291 | "x-custom": "some", 292 | } 293 | 294 | expect(filterRequestHeaders(headers).get("accept")).toEqual( 295 | "application/json", 296 | ) 297 | 298 | const customHeader = filterRequestHeaders(headers, ["x-custom"]) 299 | expect(customHeader.get("accept")).toEqual("application/json") 300 | expect(customHeader.get("x-custom")).toEqual("some") 301 | }) 302 | }) 303 | -------------------------------------------------------------------------------- /src/next-edge/index.ts: -------------------------------------------------------------------------------- 1 | import { SerializeOptions as CookieSerializeOptions, serialize } from "cookie" 2 | import { IncomingHttpHeaders } from "http" 3 | import { isText } from "istextorbinary" 4 | import { NextApiRequest, NextApiResponse } from "next" 5 | import parse, { splitCookiesString } from "set-cookie-parser" 6 | import { CreateApiHandlerOptions } from "../type/create-api-handler-options" 7 | import { getBaseUrl } from "../common/get-base-url" 8 | import { defaultForwardedHeaders } from "../common/default-forwarded-headers" 9 | import { processLocationHeader } from "../common/process-location-header" 10 | import { guessCookieDomain } from "../common/get-cookie-domain" 11 | 12 | function readRawBody(req: NextApiRequest): Promise { 13 | return new Promise((resolve, reject) => { 14 | const chunks: Uint8Array[] = [] 15 | req.on("data", (chunk) => chunks.push(chunk)) 16 | req.on("end", () => resolve(Buffer.concat(chunks))) 17 | req.on("error", (err) => reject(err)) 18 | }) 19 | } 20 | 21 | export function filterRequestHeaders( 22 | headers: IncomingHttpHeaders, 23 | forwardAdditionalHeaders?: string[], 24 | ): Headers { 25 | const filteredHeaders = new Headers() 26 | Object.entries(headers).forEach(([key, value]) => { 27 | const isValid = 28 | defaultForwardedHeaders.includes(key) || 29 | (forwardAdditionalHeaders ?? []).includes(key) 30 | if (isValid) 31 | filteredHeaders.set(key, Array.isArray(value) ? value.join(",") : value) 32 | }) 33 | return filteredHeaders 34 | } 35 | 36 | /** 37 | * The NextJS API configuration 38 | */ 39 | export const config = { 40 | api: { 41 | bodyParser: false, 42 | }, 43 | } 44 | 45 | function processSetCookieHeader( 46 | protocol: string, 47 | originalReq: NextApiRequest, 48 | fetchResponse: Response, 49 | options: CreateApiHandlerOptions, 50 | ) { 51 | const isTls = 52 | protocol === "https:" || 53 | originalReq.headers["x-forwarded-proto"] === "https" 54 | 55 | const secure = 56 | options.forceCookieSecure === undefined ? isTls : options.forceCookieSecure 57 | 58 | const forwarded = originalReq.rawHeaders.findIndex( 59 | (h) => h.toLowerCase() === "x-forwarded-host", 60 | ) 61 | const host = 62 | forwarded > -1 63 | ? originalReq.rawHeaders[forwarded + 1] 64 | : originalReq.headers.host 65 | const domain = guessCookieDomain(host, options) 66 | 67 | return parse( 68 | splitCookiesString(fetchResponse.headers.get("set-cookie") || ""), 69 | ) 70 | .map((cookie) => ({ 71 | ...cookie, 72 | domain, 73 | secure, 74 | encode: (v: string) => v, 75 | })) 76 | .map(({ value, name, ...options }) => 77 | serialize(name, value, options as CookieSerializeOptions), 78 | ) 79 | } 80 | 81 | /** 82 | * Creates a NextJS / Vercel API Handler 83 | * 84 | * For this handler to work, please set the environment variable `ORY_SDK_URL`. 85 | */ 86 | export function createApiHandler(options: CreateApiHandlerOptions) { 87 | const baseUrl = getBaseUrl(options) 88 | return async (req: NextApiRequest, res: NextApiResponse) => { 89 | const { paths, ...query } = req.query 90 | 91 | const searchParams = new URLSearchParams() 92 | Object.keys(query).forEach((key) => { 93 | searchParams.set(key, String(query[key])) 94 | }) 95 | 96 | const path = Array.isArray(paths) ? paths.join("/") : paths 97 | 98 | const url = new URL(path, baseUrl) 99 | url.search = searchParams.toString() 100 | 101 | if (path === "ui/welcome") { 102 | // A special for redirecting to the home page 103 | // if we were being redirected to the hosted UI 104 | // welcome page. 105 | res.redirect(303, "../../../") 106 | return 107 | } 108 | 109 | const headers = filterRequestHeaders( 110 | req.headers, 111 | options.forwardAdditionalHeaders, 112 | ) 113 | 114 | headers.set("X-Ory-Base-URL-Rewrite", "false") 115 | headers.set("Ory-Base-URL-Rewrite", "false") 116 | headers.set("Ory-No-Custom-Domain-Redirect", "true") 117 | 118 | // Only effective in CI. 119 | if ( 120 | process.env.ORY_CI_RATE_LIMIT_HEADER && 121 | process.env.ORY_CI_RATE_LIMIT_HEADER_VALUE 122 | ) { 123 | headers.set( 124 | process.env.ORY_CI_RATE_LIMIT_HEADER, 125 | process.env.ORY_CI_RATE_LIMIT_HEADER_VALUE, 126 | ) 127 | } 128 | 129 | const response = await fetch(url, { 130 | method: req.method, 131 | headers, 132 | body: 133 | req.method !== "GET" && req.method !== "HEAD" 134 | ? await readRawBody(req) 135 | : null, 136 | redirect: "manual", 137 | }) 138 | 139 | for (const [key, value] of response.headers) { 140 | res.appendHeader(key, value) 141 | } 142 | 143 | res.removeHeader("set-cookie") 144 | res.removeHeader("location") 145 | 146 | if (response.headers.get("set-cookie")) { 147 | const cookies = processSetCookieHeader( 148 | (req as unknown as { protocol: string }).protocol, 149 | req, 150 | response, 151 | options, 152 | ) 153 | cookies.forEach((cookie) => { 154 | res.appendHeader("Set-Cookie", cookie) 155 | }) 156 | } 157 | 158 | if (response.headers.get("location")) { 159 | const location = processLocationHeader( 160 | response.headers.get("location"), 161 | baseUrl, 162 | ) 163 | res.setHeader("Location", location) 164 | } 165 | 166 | res.removeHeader("transfer-encoding") 167 | res.removeHeader("content-encoding") 168 | res.removeHeader("content-length") 169 | 170 | res.status(response.status) 171 | 172 | const buf = Buffer.from(await response.arrayBuffer()) 173 | 174 | if (buf.byteLength > 0) { 175 | if (isText(null, buf)) { 176 | res.send( 177 | buf.toString("utf-8").replace(new RegExp(baseUrl, "g"), "/api/.ory"), 178 | ) 179 | } else { 180 | res.write(buf) 181 | } 182 | } 183 | 184 | res.end() 185 | } 186 | } 187 | -------------------------------------------------------------------------------- /src/next/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * SDK configuration for using the ory-next library. 3 | */ 4 | export const edgeConfig = { 5 | basePath: "/api/.ory", 6 | baseOptions: { 7 | withCredentials: true, 8 | }, 9 | } 10 | -------------------------------------------------------------------------------- /src/routes/index.ts: -------------------------------------------------------------------------------- 1 | export const initBrowserLogin = "/self-service/login/browser" 2 | export const initBrowserRegistration = "/self-service/registration/browser" 3 | export const initBrowserRecovery = "/self-service/recovery/browser" 4 | export const initBrowserVerification = "/self-service/verification/browser" 5 | export const initBrowserSettings = "/self-service/settings/browser" 6 | -------------------------------------------------------------------------------- /src/type/create-api-handler-options.ts: -------------------------------------------------------------------------------- 1 | export interface CreateApiHandlerOptions { 2 | /** 3 | * If set overrides the API Base URL. Usually, this URL 4 | * is taken from the ORY_KRATOS_URL environment variable. 5 | * 6 | * If you don't have a project you can use the playground project SDK URL: 7 | * 8 | * https://playground.projects.oryapis.com 9 | */ 10 | apiBaseUrlOverride?: string 11 | 12 | /** 13 | * Per default, this handler will strip the cookie domain from 14 | * the Set-Cookie instruction which is recommended for most set ups. 15 | * 16 | * If you are running this app on a subdomain and you want the session and CSRF cookies 17 | * to be valid for the whole TLD, you can use this setting to force a cookie domain. 18 | * 19 | * Please be aware that his method disables the `dontUseTldForCookieDomain` option. 20 | */ 21 | forceCookieDomain?: string 22 | 23 | /** 24 | * Per default the cookie will be set on the hosts top-level-domain. If the app 25 | * runs on www.example.org, the cookie domain will be set automatically to example.org. 26 | * 27 | * Set this option to true to disable that behaviour. 28 | */ 29 | dontUseTldForCookieDomain?: boolean 30 | 31 | /** 32 | * If set to true will set the "Secure" flag for all cookies. This might come in handy when you deploy 33 | * not on Vercel. 34 | */ 35 | forceCookieSecure?: boolean 36 | 37 | /** 38 | * If set to true will fallback to the playground if no other value is set for the Ory SDK URL. 39 | */ 40 | fallbackToPlayground?: boolean 41 | 42 | /** 43 | * Per default headers are filtered to forward only a fixed list. 44 | * 45 | * If you need to forward additional headers you can use this setting to define them. 46 | */ 47 | forwardAdditionalHeaders?: string[] 48 | } 49 | -------------------------------------------------------------------------------- /src/ui/__snapshots__/index.test.ts.snap: -------------------------------------------------------------------------------- 1 | // Jest Snapshot v1, https://goo.gl/fbAQLP 2 | 3 | exports[`generic helpers getNodeLabel 1`] = ` 4 | [ 5 | "", 6 | "", 7 | "", 8 | "", 9 | "", 10 | "", 11 | "", 12 | "Save", 13 | "Password", 14 | "Save", 15 | "", 16 | "Remove security key "bar"", 17 | "Remove security key "foo"", 18 | "Name of the security key", 19 | "Add security key", 20 | "", 21 | "", 22 | "Authenticator app QR code", 23 | "This is your authenticator app secret. Use it if you can not scan the QR code.", 24 | "Verify code", 25 | "Save", 26 | ] 27 | `; 28 | -------------------------------------------------------------------------------- /src/ui/fixtures/nodes.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "attributes": { 4 | "disabled": false, 5 | "name": "csrf_token", 6 | "required": true, 7 | "type": "hidden", 8 | "value": "MGJxbTV5b291N3JnbTNkdTV4ZHlpazYwOGtvb3hzejQ=" 9 | }, 10 | "group": "default", 11 | "messages": [], 12 | "meta": {}, 13 | "type": "input" 14 | }, 15 | { 16 | "attributes": { 17 | "disabled": false, 18 | "name": "traits.email", 19 | "type": "text", 20 | "value": "john-browser@doe.com" 21 | }, 22 | "group": "profile", 23 | "messages": [], 24 | "meta": {}, 25 | "type": "input" 26 | }, 27 | { 28 | "attributes": { 29 | "disabled": false, 30 | "name": "traits.stringy", 31 | "type": "text", 32 | "value": "foobar" 33 | }, 34 | "group": "profile", 35 | "messages": [], 36 | "meta": {}, 37 | "type": "input" 38 | }, 39 | { 40 | "attributes": { 41 | "disabled": false, 42 | "name": "traits.numby", 43 | "type": "number", 44 | "value": 2.5 45 | }, 46 | "group": "profile", 47 | "messages": [], 48 | "meta": {}, 49 | "type": "input" 50 | }, 51 | { 52 | "attributes": { 53 | "disabled": false, 54 | "name": "traits.booly", 55 | "type": "checkbox", 56 | "value": false 57 | }, 58 | "group": "profile", 59 | "messages": [], 60 | "meta": {}, 61 | "type": "input" 62 | }, 63 | { 64 | "attributes": { 65 | "disabled": false, 66 | "name": "traits.should_big_number", 67 | "type": "number", 68 | "value": 2048 69 | }, 70 | "group": "profile", 71 | "messages": [], 72 | "meta": {}, 73 | "type": "input" 74 | }, 75 | { 76 | "attributes": { 77 | "disabled": false, 78 | "name": "traits.should_long_string", 79 | "type": "text", 80 | "value": "asdfasdfasdfasdfasfdasdfasdfasdf" 81 | }, 82 | "group": "profile", 83 | "messages": [], 84 | "meta": {}, 85 | "type": "input" 86 | }, 87 | { 88 | "attributes": { 89 | "disabled": false, 90 | "name": "method", 91 | "type": "submit", 92 | "value": "profile" 93 | }, 94 | "group": "profile", 95 | "messages": [], 96 | "meta": { 97 | "label": { 98 | "id": 1070003, 99 | "text": "Save", 100 | "type": "info" 101 | } 102 | }, 103 | "type": "input" 104 | }, 105 | { 106 | "attributes": { 107 | "disabled": false, 108 | "name": "password", 109 | "required": true, 110 | "type": "password" 111 | }, 112 | "group": "password", 113 | "messages": [], 114 | "meta": { 115 | "label": { 116 | "id": 1070001, 117 | "text": "Password", 118 | "type": "info" 119 | } 120 | }, 121 | "type": "input" 122 | }, 123 | { 124 | "attributes": { 125 | "disabled": false, 126 | "name": "method", 127 | "type": "submit", 128 | "value": "password" 129 | }, 130 | "group": "password", 131 | "messages": [], 132 | "meta": { 133 | "label": { 134 | "id": 1070003, 135 | "text": "Save", 136 | "type": "info" 137 | } 138 | }, 139 | "type": "input" 140 | }, 141 | { 142 | "attributes": { 143 | "disabled": false, 144 | "name": "csrf_token", 145 | "required": true, 146 | "type": "hidden", 147 | "value": "aWJlY3F1bHp1aXN2YnFvY2NzdHpjNnJ0YnkxNnI2Mzk=" 148 | }, 149 | "group": "default", 150 | "messages": [], 151 | "meta": {}, 152 | "type": "input" 153 | }, 154 | { 155 | "attributes": { 156 | "disabled": false, 157 | "name": "webauthn_remove", 158 | "type": "submit", 159 | "value": "626172626172" 160 | }, 161 | "group": "webauthn", 162 | "messages": [], 163 | "meta": { 164 | "label": { 165 | "context": { 166 | "added_at": "0001-01-01T00:00:00Z", 167 | "display_name": "bar" 168 | }, 169 | "id": 1050012, 170 | "text": "Remove security key \"bar\"", 171 | "type": "info" 172 | } 173 | }, 174 | "type": "input" 175 | }, 176 | { 177 | "attributes": { 178 | "disabled": false, 179 | "name": "webauthn_remove", 180 | "type": "submit", 181 | "value": "666f6f666f6f" 182 | }, 183 | "group": "webauthn", 184 | "messages": [], 185 | "meta": { 186 | "label": { 187 | "context": { 188 | "added_at": "0001-01-01T00:00:00Z", 189 | "display_name": "foo" 190 | }, 191 | "id": 1050012, 192 | "text": "Remove security key \"foo\"", 193 | "type": "info" 194 | } 195 | }, 196 | "type": "input" 197 | }, 198 | { 199 | "attributes": { 200 | "disabled": false, 201 | "name": "webauthn_register_displayname", 202 | "type": "text", 203 | "value": "" 204 | }, 205 | "group": "webauthn", 206 | "messages": [], 207 | "meta": { 208 | "label": { 209 | "id": 1050013, 210 | "text": "Name of the security key", 211 | "type": "info" 212 | } 213 | }, 214 | "type": "input" 215 | }, 216 | { 217 | "attributes": { 218 | "disabled": false, 219 | "name": "webauthn_register_trigger", 220 | "onclick": "window.__oryWebAuthnRegistration({\"publicKey\":{\"challenge\":\"h7BkjEGXvBnOPDrDsBUiSRB90QamqOtWbprYhcaBwro=\",\"rp\":{\"name\":\"Ory Corp\",\"id\":\"localhost\"},\"user\":{\"name\":\"placeholder\",\"icon\":\"https://via.placeholder.com/128\",\"displayName\":\"placeholder\",\"id\":\"uJTun1EFRNurSuKVCLV9ZA==\"},\"pubKeyCredParams\":[{\"type\":\"public-key\",\"alg\":-7},{\"type\":\"public-key\",\"alg\":-35},{\"type\":\"public-key\",\"alg\":-36},{\"type\":\"public-key\",\"alg\":-257},{\"type\":\"public-key\",\"alg\":-258},{\"type\":\"public-key\",\"alg\":-259},{\"type\":\"public-key\",\"alg\":-37},{\"type\":\"public-key\",\"alg\":-38},{\"type\":\"public-key\",\"alg\":-39},{\"type\":\"public-key\",\"alg\":-8}],\"authenticatorSelection\":{\"requireResidentKey\":false,\"userVerification\":\"preferred\"},\"timeout\":60000}})", 221 | "onload": "if (\n (window \u0026\u0026 window.__oryWebAuthnLogin \u0026\u0026 window.__oryWebAuthnRegistration) ||\n (!window \u0026\u0026 __oryWebAuthnLogin \u0026\u0026 __oryWebAuthnRegistration)\n) {\n // Already registered these functions, do nothing.\n} else {\n function __oryWebAuthnBufferDecode(value) {\n return Uint8Array.from(atob(value), function (c) {\n return c.charCodeAt(0)\n });\n }\n\n function __oryWebAuthnBufferEncode(value) {\n return btoa(String.fromCharCode.apply(null, new Uint8Array(value)))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=/g, '');\n }\n\n function __oryWebAuthnLogin(opt, resultQuerySelector = '*[name=\"webauthn_login\"]', triggerQuerySelector = '*[name=\"webauthn_login_trigger\"]') {\n if (!window.PublicKeyCredential) {\n alert('This browser does not support WebAuthn!');\n }\n\n opt.publicKey.challenge = __oryWebAuthnBufferDecode(opt.publicKey.challenge);\n opt.publicKey.allowCredentials = opt.publicKey.allowCredentials.map(function (value) {\n return {\n ...value,\n id: __oryWebAuthnBufferDecode(value.id)\n }\n });\n\n navigator.credentials.get(opt).then(function (credential) {\n document.querySelector(resultQuerySelector).value = JSON.stringify({\n id: credential.id,\n rawId: __oryWebAuthnBufferEncode(credential.rawId),\n type: credential.type,\n response: {\n authenticatorData: __oryWebAuthnBufferEncode(credential.response.authenticatorData),\n clientDataJSON: __oryWebAuthnBufferEncode(credential.response.clientDataJSON),\n signature: __oryWebAuthnBufferEncode(credential.response.signature),\n userHandle: __oryWebAuthnBufferEncode(credential.response.userHandle),\n },\n })\n\n document.querySelector(triggerQuerySelector).closest('form').submit()\n }).catch((err) =\u003e {\n alert(err)\n })\n }\n\n function __oryWebAuthnRegistration(opt, resultQuerySelector = '*[name=\"webauthn_register\"]', triggerQuerySelector = '*[name=\"webauthn_register_trigger\"]') {\n if (!window.PublicKeyCredential) {\n alert('This browser does not support WebAuthn!');\n }\n\n opt.publicKey.user.id = __oryWebAuthnBufferDecode(opt.publicKey.user.id);\n opt.publicKey.challenge = __oryWebAuthnBufferDecode(opt.publicKey.challenge);\n\n if (opt.publicKey.excludeCredentials) {\n opt.publicKey.excludeCredentials = opt.publicKey.excludeCredentials.map(function (value) {\n return {\n ...value,\n id: __oryWebAuthnBufferDecode(value.id)\n }\n })\n }\n\n navigator.credentials.create(opt).then(function (credential) {\n document.querySelector(resultQuerySelector).value = JSON.stringify({\n id: credential.id,\n rawId: __oryWebAuthnBufferEncode(credential.rawId),\n type: credential.type,\n response: {\n attestationObject: __oryWebAuthnBufferEncode(credential.response.attestationObject),\n clientDataJSON: __oryWebAuthnBufferEncode(credential.response.clientDataJSON),\n },\n })\n\n document.querySelector(triggerQuerySelector).closest('form').submit()\n }).catch((err) =\u003e {\n alert(err)\n })\n }\n\n if (window) {\n window.__oryWebAuthnLogin = __oryWebAuthnLogin\n window.__oryWebAuthnRegistration = __oryWebAuthnRegistration\n }\n}\n", 222 | "type": "button", 223 | "value": "" 224 | }, 225 | "group": "webauthn", 226 | "messages": [], 227 | "meta": { 228 | "label": { 229 | "id": 1050012, 230 | "text": "Add security key", 231 | "type": "info" 232 | } 233 | }, 234 | "type": "input" 235 | }, 236 | { 237 | "attributes": { 238 | "disabled": false, 239 | "name": "webauthn_register", 240 | "type": "hidden", 241 | "value": "" 242 | }, 243 | "group": "webauthn", 244 | "messages": [], 245 | "meta": {}, 246 | "type": "input" 247 | }, 248 | { 249 | "attributes": { 250 | "disabled": false, 251 | "name": "csrf_token", 252 | "required": true, 253 | "type": "hidden", 254 | "value": "aXZ1M3E2cmdkOG5namVsMzNob2kwcmlnMGo0Yjc5MGw=" 255 | }, 256 | "group": "default", 257 | "messages": [], 258 | "meta": {}, 259 | "type": "input" 260 | }, 261 | { 262 | "attributes": { 263 | "height": 256, 264 | "id": "totp_qr", 265 | "src": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEAEAAAAAApiSv5AAAH6UlEQVR4nOyd244bOQxEM4v8/y9nn3pgaM0hi6TWCOqct7h1G6dAqcWLf//58wuM+efTC4DPggDMQQDmIABzEIA5CMAcBGAOAjAHAZiDAMxBAOYgAHMQgDkIwBwEYA4CMAcBmIMAzEEA5iAAcxCAOb+Vxl9fvUmiyONnvPP5OU/1eTReNl/E2T5bVzZP9P1l46gokd5YAHMQgDkIwBzpDPCg7qHZONmerj7P1qGeFdSzStQu+jxbz9b3/Q4sgDkIwBwEYE7rDPDQfa+t7v3dPbM7btS+2k49W0TzRKjfdwUsgDkIwBwEYM7oDNAlOwuc7dTxHtS9OBsvIvs7tnwZN8ACmIMAzEEA5nzkDFDdq6O9MXrvzt7bT9TnU799N77gJlgAcxCAOQjAnNEZYGvPyu7oq3fm1f6qD6HaTvUdqNw4I2ABzEEA5iAAc1pngO4eFo2Tve+fZHtuN+4/Gl9dX7Zedf1b3/c7sADmIABzEIA50hngU78uku2VXT961r4bXxA9j9qr8QybYAHMQQDmIABzvpR9ZvoerM4T9e/6BKqo9QrOdtnfq+ZHqOtVwAKYgwDMQQDmtM4AEereF32+FR8Qratbw2e7dpF6ZsjG7dyHYAHMQQDmIABzpDPAd6dhDlx3nGme/5afX41X6L6n36gHcIIFMAcBmIMAzFmpE7hVh6/aP1uXereexQRG7bJxTrr3IGrsIPcAUAYBmIMAzGn9XoCaa7e915/9q2z5FrLxzufbdQE2awphAcxBAOYgAHNW8gLUHLuofzZv9305W391vojpHp/VLbyZK4gFMAcBmIMAzPlf4wFUunUCtmsFRfNG/dSYva08h87/JRbAHARgDgIw58rvBnZr/ajtp/Oc6z3bR8/Pz8/3d/WOvhtf0fVhvIIFMAcBmIMAzLlaJ7D7Xlztr64nGv+hGvOX+Ryy/tV+0Zkn6k9MIMggAHMQgDktX8B352Gtm2mO2/a42/cXWzGB2zWKXsECmIMAzEEA5qzGAzxs5dln/aJ1dWsNde8n1PnP9uffpd4rTPIDsADmIABzEIA5V+oEqvH76h55Pu/unRnTdXdzJrvrVPv9wgIAAjAHAZhz1RfwsBXXfisGsLpO9X4h4tb7P74AkEEA5iAAc0Y1gqK95mY++0/zTfMFHtQ9upsH0I0LmNY2egULYA4CMAcBmLNyD/DQ3fu7d+bdWLzt+bK/Zzu/YSMO4AELYA4CMAcBmHM1JjDr131Pz553YwBVVB/D1Hex5Yt4BQtgDgIwBwGYM7oH+M9gw7301h66tb5snO4dfzZutp4JWABzEIA5CMCcUTxAxGb++rt+2Xv81j1Fto7q+Op6svVxDwBrIABzEIA5rd8MUuPfp3Hyqn+/etcf9c/28C3fRDaeuj7qA4AMAjAHAZjTugeI/n2ylSPXrbWToe6Z0zoG2Xjd+gPkBkIbBGAOAjDnSkxglWntnWldvuq6prmO1ff26ffKPQDIIABzEIA5ozqBXd/A2b87f7SO6Pk5Ttdvr9YP7OYSZvNm7StgAcxBAOYgAHNavxsY0a1bV93DquNWYwUzf3v3XmGaq3j7LPUKFsAcBGAOAjBntUbQw/Q9Va3V032P7t5rqDmK01pDXV9JBSyAOQjAHARgzigm8GF7z88+r/bvxvBN13Frns18gAcsgDkIwBwEYM7IF1DNk6/uhVvx/934gKydOk41NzH6PNvzq2een8ACmIMAzEEA5ozqA1TbqbV8uu/P5/Npbp1am+icv3ovMK0ryD0AtEEA5iAAc1Z/O7jaTo2rP8c526kxeNX1ZXRjH7fOFJP/uwcsgDkIwBwEYM5qXsBJNe4+69e9L4jmU2PqunkI5/PuGaM7XwUsgDkIwBwEYM5KTOC0Vk+35k803vb7djTftC5BN16he2/xDiyAOQjAHARgzqhO4NYef7bL5q2OO11f1G+6TnXeaP4N3wAWwBwEYA4CMOfK7wVU4+7P9mq7as2faRxBhLoHV8ffuoeogAUwBwGYgwDMacUDqO/BZ7/tO3A1h071+6tnCjXeIfo8azfZ+x+wAOYgAHMQgDkrvxnU9XtH/bNxtvL/z/bdnMdo3dV1dc9U2TorYAHMQQDmIABzRr6AaXy/6g8/mdYSUtur9QOi8VWfxWYewAkWwBwEYA4CMGdUI+jWe6yaU5jl0EXjqntxNH7171N9EKpvgphAkEEA5iAAc0Y1gr4Hae5tEeqePI3ty5jGGN46K3XneQULYA4CMAcBmLNSI6j7Hp6h7qnVcVU/fjbOtu+hW8OoAxbAHARgDgIwZ6VGUIZaJy/zAWzV8snOJFUfQJaz2KV6ZiIeANogAHMQgDlXcgMfurFwt+oQZP1V1LPK1vom/v8TLIA5CMAcBGDOyBfQjVOf5hZ2Y/uyz6vr7far5vl3cxmJCQQZBGAOAjDn6m8GZUR7+DRHcFpTN8p72Hr/ntZQ2tj7H7AA5iAAcxCAOR85A1Tz66f+/2g+9f4ie09X4xy6eQ1qPkIFLIA5CMAcBGDO6AwwfV9XY/Wy9iddX4W6t3Zr/05jLKuf/wQWwBwEYA4CMKd1Bpj6x9VYOvWsMI0n2Pb/q/kH03oIClgAcxCAOQjAnJUaQfD3ggUwBwGYgwDMQQDmIABzEIA5CMAcBGAOAjAHAZiDAMxBAOYgAHMQgDkIwBwEYA4CMAcBmIMAzEEA5iAAc/4NAAD//2bnVGe2kqtuAAAAAElFTkSuQmCC", 266 | "width": 256 267 | }, 268 | "group": "totp", 269 | "messages": [], 270 | "meta": { 271 | "label": { 272 | "id": 1050005, 273 | "text": "Authenticator app QR code", 274 | "type": "info" 275 | } 276 | }, 277 | "type": "img" 278 | }, 279 | { 280 | "attributes": { 281 | "id": "totp_secret_key", 282 | "text": { 283 | "context": { 284 | "secret": "Z5YLZXOY6TQPJEUHYX6O4JVAXFVZPQSD" 285 | }, 286 | "id": 1050006, 287 | "text": "Z5YLZXOY6TQPJEUHYX6O4JVAXFVZPQSD", 288 | "type": "info" 289 | } 290 | }, 291 | "group": "totp", 292 | "messages": [], 293 | "meta": { 294 | "label": { 295 | "id": 1050006, 296 | "text": "This is your authenticator app secret. Use it if you can not scan the QR code.", 297 | "type": "info" 298 | } 299 | }, 300 | "type": "text" 301 | }, 302 | { 303 | "attributes": { 304 | "disabled": false, 305 | "name": "totp_code", 306 | "required": true, 307 | "type": "text" 308 | }, 309 | "group": "totp", 310 | "messages": [], 311 | "meta": { 312 | "label": { 313 | "id": 1070006, 314 | "text": "Verify code", 315 | "type": "info" 316 | } 317 | }, 318 | "type": "input" 319 | }, 320 | { 321 | "attributes": { 322 | "disabled": false, 323 | "name": "method", 324 | "type": "submit", 325 | "value": "totp" 326 | }, 327 | "group": "totp", 328 | "messages": [], 329 | "meta": { 330 | "label": { 331 | "id": 1070003, 332 | "text": "Save", 333 | "type": "info" 334 | } 335 | }, 336 | "type": "input" 337 | } 338 | ] 339 | -------------------------------------------------------------------------------- /src/ui/index.test.ts: -------------------------------------------------------------------------------- 1 | import { UiNode } from "@ory/client" 2 | import { filterNodesByGroups, FilterNodesByGroups, getNodeLabel } from "./index" 3 | import nodes from "./fixtures/nodes.json" 4 | 5 | describe("generic helpers", () => { 6 | const testNodes: Array = [ 7 | { group: "default", type: "a" }, 8 | { group: "foo", type: "b" }, 9 | { group: "bar", type: "c" }, 10 | { 11 | group: "default", 12 | attributes: { 13 | name: "a", 14 | type: "checkbox", 15 | node_type: "input", 16 | }, 17 | }, 18 | { 19 | group: "foo", 20 | attributes: { 21 | name: "c", 22 | type: "hidden", 23 | node_type: "input", 24 | }, 25 | }, 26 | { 27 | group: "webauthn", 28 | attributes: { 29 | name: "d", 30 | type: "script", 31 | node_type: "input", 32 | }, 33 | }, 34 | { 35 | group: "webauthn", 36 | attributes: { 37 | name: "e", 38 | type: "input", 39 | node_type: "input", 40 | }, 41 | }, 42 | { 43 | group: "totp", 44 | attributes: { 45 | name: "f", 46 | type: "input", 47 | node_type: "input", 48 | }, 49 | }, 50 | { 51 | group: "default", 52 | attributes: { 53 | name: "g", 54 | type: "hidden", 55 | node_type: "input", 56 | }, 57 | }, 58 | ] 59 | 60 | const uiNodes = testNodes as Array 61 | 62 | const tc: Array<{ 63 | description: string 64 | opts: Partial 65 | expected: Array 66 | }> = [ 67 | { 68 | description: "nodes with the checkbox attribute", 69 | opts: { 70 | attributes: "checkbox", 71 | withoutDefaultAttributes: true, 72 | }, 73 | expected: [ 74 | { 75 | group: "default", 76 | attributes: { 77 | name: "a", 78 | type: "checkbox", 79 | node_type: "input", 80 | }, 81 | }, 82 | ], 83 | }, 84 | { 85 | description: 86 | "filtering by nodes should always include the default attributes", 87 | opts: { 88 | attributes: "email", 89 | withoutDefaultAttributes: false, 90 | }, 91 | expected: [ 92 | { 93 | group: "webauthn", 94 | attributes: { 95 | name: "d", 96 | type: "script", 97 | node_type: "input", 98 | }, 99 | }, 100 | { 101 | group: "webauthn", 102 | attributes: { 103 | name: "e", 104 | type: "input", 105 | node_type: "input", 106 | }, 107 | }, 108 | { 109 | group: "totp", 110 | attributes: { 111 | name: "f", 112 | type: "input", 113 | node_type: "input", 114 | }, 115 | }, 116 | { 117 | group: "default", 118 | attributes: { 119 | name: "g", 120 | type: "hidden", 121 | node_type: "input", 122 | }, 123 | }, 124 | ], 125 | }, 126 | { 127 | description: 128 | "can filter by nodes using comma seperated groups and should always include the default groups", 129 | opts: { 130 | groups: "foo,bar", 131 | }, 132 | expected: [ 133 | { group: "default", type: "a" }, 134 | { group: "foo", type: "b" }, 135 | { group: "bar", type: "c" }, 136 | { 137 | group: "default", 138 | attributes: { 139 | name: "a", 140 | type: "checkbox", 141 | node_type: "input", 142 | }, 143 | }, 144 | { 145 | group: "foo", 146 | attributes: { 147 | name: "c", 148 | type: "hidden", 149 | node_type: "input", 150 | }, 151 | }, 152 | { 153 | group: "default", 154 | attributes: { 155 | name: "g", 156 | type: "hidden", 157 | node_type: "input", 158 | }, 159 | }, 160 | ], 161 | }, 162 | { 163 | description: 164 | "can filter by nodes using an array of groups and should always include the default groups", 165 | opts: { 166 | groups: ["foo", "bar"], 167 | }, 168 | expected: [ 169 | { group: "default", type: "a" }, 170 | { group: "foo", type: "b" }, 171 | { group: "bar", type: "c" }, 172 | { 173 | group: "default", 174 | attributes: { 175 | name: "a", 176 | type: "checkbox", 177 | node_type: "input", 178 | }, 179 | }, 180 | { 181 | group: "foo", 182 | attributes: { 183 | name: "c", 184 | type: "hidden", 185 | node_type: "input", 186 | }, 187 | }, 188 | { 189 | group: "default", 190 | attributes: { 191 | name: "g", 192 | type: "hidden", 193 | node_type: "input", 194 | }, 195 | }, 196 | ], 197 | }, 198 | { 199 | description: 200 | "can filter by nodes using a group and exclude default groups", 201 | opts: { 202 | groups: ["foo"], 203 | withoutDefaultGroup: true, 204 | }, 205 | expected: [ 206 | { group: "foo", type: "b" }, 207 | { 208 | group: "foo", 209 | attributes: { 210 | name: "c", 211 | type: "hidden", 212 | node_type: "input", 213 | }, 214 | }, 215 | ], 216 | }, 217 | { 218 | description: "can filter by attributes and exclude default attributes", 219 | opts: { 220 | attributes: "hidden", 221 | withoutDefaultAttributes: true, 222 | }, 223 | expected: [ 224 | { 225 | group: "foo", 226 | attributes: { 227 | name: "c", 228 | type: "hidden", 229 | node_type: "input", 230 | }, 231 | }, 232 | { 233 | group: "default", 234 | attributes: { 235 | name: "g", 236 | type: "hidden", 237 | node_type: "input", 238 | }, 239 | }, 240 | ], 241 | }, 242 | { 243 | description: "can filter by nodes and exclude attributes", 244 | opts: { 245 | groups: "webauthn", 246 | withoutDefaultGroup: true, 247 | excludeAttributes: "script", 248 | }, 249 | expected: [ 250 | { 251 | group: "webauthn", 252 | attributes: { 253 | name: "e", 254 | type: "input", 255 | node_type: "input", 256 | }, 257 | }, 258 | ], 259 | }, 260 | { 261 | description: 262 | "filtering by attributes should always include the default attributes even when group is not defined", 263 | opts: { 264 | attributes: "something", 265 | }, 266 | expected: [ 267 | { 268 | group: "webauthn", 269 | attributes: { 270 | name: "d", 271 | type: "script", 272 | node_type: "input", 273 | }, 274 | }, 275 | { 276 | group: "webauthn", 277 | attributes: { 278 | name: "e", 279 | type: "input", 280 | node_type: "input", 281 | }, 282 | }, 283 | { 284 | group: "totp", 285 | attributes: { 286 | name: "f", 287 | type: "input", 288 | node_type: "input", 289 | }, 290 | }, 291 | { 292 | group: "default", 293 | attributes: { 294 | name: "g", 295 | type: "hidden", 296 | node_type: "input", 297 | }, 298 | }, 299 | ], 300 | }, 301 | ] 302 | 303 | test.each(tc)("$description", ({ opts, expected }) => { 304 | expect( 305 | filterNodesByGroups({ 306 | nodes: uiNodes, 307 | ...opts, 308 | }), 309 | ).toEqual(expected) 310 | }) 311 | 312 | test("getNodeLabel", () => { 313 | expect((nodes as UiNode[]).map(getNodeLabel)).toMatchSnapshot() 314 | }) 315 | }) 316 | -------------------------------------------------------------------------------- /src/ui/index.ts: -------------------------------------------------------------------------------- 1 | import type { 2 | UiNode, 3 | UiNodeAnchorAttributes, 4 | UiNodeAttributes, 5 | UiNodeGroupEnum, 6 | UiNodeImageAttributes, 7 | UiNodeInputAttributes, 8 | UiNodeInputAttributesTypeEnum, 9 | UiNodeScriptAttributes, 10 | UiNodeTextAttributes, 11 | } from "@ory/client" 12 | 13 | /** 14 | * Returns the node's label. 15 | * 16 | * @param node 17 | * @return label 18 | */ 19 | export const getNodeLabel = (node: UiNode): string => { 20 | const attributes = node.attributes 21 | if (isUiNodeAnchorAttributes(attributes)) { 22 | return attributes.title.text 23 | } 24 | 25 | if (isUiNodeImageAttributes(attributes)) { 26 | return node.meta.label?.text || "" 27 | } 28 | 29 | if (isUiNodeInputAttributes(attributes)) { 30 | if (attributes.label?.text) { 31 | return attributes.label.text 32 | } 33 | } 34 | 35 | return node.meta.label?.text || "" 36 | } 37 | 38 | /** 39 | * A TypeScript type guard for nodes of the type 40 | * 41 | * @param attrs 42 | */ 43 | export function isUiNodeAnchorAttributes( 44 | attrs: UiNodeAttributes, 45 | ): attrs is UiNodeAnchorAttributes & { node_type: "a" } { 46 | return attrs.node_type === "a" 47 | } 48 | 49 | /** 50 | * A TypeScript type guard for nodes of the type 51 | * 52 | * @param attrs 53 | */ 54 | export function isUiNodeImageAttributes( 55 | attrs: UiNodeAttributes, 56 | ): attrs is UiNodeImageAttributes & { node_type: "img" } { 57 | return attrs.node_type === "img" 58 | } 59 | 60 | /** 61 | * A TypeScript type guard for nodes of the type 62 | * 63 | * @param attrs 64 | */ 65 | export function isUiNodeInputAttributes( 66 | attrs: UiNodeAttributes, 67 | ): attrs is UiNodeInputAttributes & { node_type: "input" } { 68 | return attrs.node_type === "input" 69 | } 70 | 71 | /** 72 | * A TypeScript type guard for nodes of the type {text} 73 | * 74 | * @param attrs 75 | */ 76 | export function isUiNodeTextAttributes( 77 | attrs: UiNodeAttributes, 78 | ): attrs is UiNodeTextAttributes & { node_type: "text" } { 79 | return attrs.node_type === "text" 80 | } 81 | 82 | /** 83 | * A TypeScript type guard for nodes of the type