WIP: feat/automated-account-deletion #174
|
@ -6,6 +6,9 @@
|
|||
...
|
||||
}:
|
||||
{
|
||||
disabledModules = [ "services/web-apps/keycloak.nix" ];
|
||||
imports = [ ./keycloak.nix ];
|
||||
|
||||
options.pub-solar-os.auth = with lib; {
|
||||
enable = mkEnableOption "Enable keycloak to run on the node";
|
||||
|
||||
|
|
705
modules/keycloak/keycloak.nix
Normal file
705
modules/keycloak/keycloak.nix
Normal file
|
@ -0,0 +1,705 @@
|
|||
{ config, options, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.keycloak;
|
||||
opt = options.services.keycloak;
|
||||
|
||||
inherit (lib)
|
||||
types
|
||||
mkMerge
|
||||
mkOption
|
||||
mkChangedOptionModule
|
||||
mkRenamedOptionModule
|
||||
mkRemovedOptionModule
|
||||
mkPackageOption
|
||||
concatStringsSep
|
||||
mapAttrsToList
|
||||
escapeShellArg
|
||||
mkIf
|
||||
optionalString
|
||||
optionals
|
||||
mkDefault
|
||||
literalExpression
|
||||
isAttrs
|
||||
literalMD
|
||||
maintainers
|
||||
catAttrs
|
||||
collect
|
||||
hasPrefix
|
||||
;
|
||||
|
||||
inherit (builtins)
|
||||
elem
|
||||
typeOf
|
||||
isInt
|
||||
isString
|
||||
hashString
|
||||
isPath
|
||||
;
|
||||
|
||||
prefixUnlessEmpty = prefix: string: optionalString (string != "") "${prefix}${string}";
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "keycloak" "bindAddress" ]
|
||||
[ "services" "keycloak" "settings" "http-host" ])
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "keycloak" "forceBackendUrlToFrontendUrl"]
|
||||
[ "services" "keycloak" "settings" "hostname-strict-backchannel"])
|
||||
(mkChangedOptionModule
|
||||
[ "services" "keycloak" "httpPort" ]
|
||||
[ "services" "keycloak" "settings" "http-port" ]
|
||||
(config:
|
||||
builtins.fromJSON config.services.keycloak.httpPort))
|
||||
(mkChangedOptionModule
|
||||
[ "services" "keycloak" "httpsPort" ]
|
||||
[ "services" "keycloak" "settings" "https-port" ]
|
||||
(config:
|
||||
builtins.fromJSON config.services.keycloak.httpsPort))
|
||||
(mkRemovedOptionModule
|
||||
[ "services" "keycloak" "frontendUrl" ]
|
||||
''
|
||||
Set `services.keycloak.settings.hostname' and `services.keycloak.settings.http-relative-path' instead.
|
||||
NOTE: You likely want to set 'http-relative-path' to '/auth' to keep compatibility with your clients.
|
||||
See its description for more information.
|
||||
'')
|
||||
(mkRemovedOptionModule
|
||||
[ "services" "keycloak" "extraConfig" ]
|
||||
"Use `services.keycloak.settings' instead.")
|
||||
];
|
||||
|
||||
options.services.keycloak =
|
||||
let
|
||||
inherit (types)
|
||||
bool
|
||||
str
|
||||
int
|
||||
nullOr
|
||||
attrsOf
|
||||
oneOf
|
||||
path
|
||||
enum
|
||||
package
|
||||
port;
|
||||
|
||||
assertStringPath = optionName: value:
|
||||
if isPath value then
|
||||
throw ''
|
||||
services.keycloak.${optionName}:
|
||||
${toString value}
|
||||
is a Nix path, but should be a string, since Nix
|
||||
paths are copied into the world-readable Nix store.
|
||||
''
|
||||
else value;
|
||||
in
|
||||
{
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
Whether to enable the Keycloak identity and access management
|
||||
server.
|
||||
'';
|
||||
};
|
||||
|
||||
sslCertificate = mkOption {
|
||||
type = nullOr path;
|
||||
default = null;
|
||||
example = "/run/keys/ssl_cert";
|
||||
apply = assertStringPath "sslCertificate";
|
||||
description = ''
|
||||
The path to a PEM formatted certificate to use for TLS/SSL
|
||||
connections.
|
||||
'';
|
||||
};
|
||||
|
||||
sslCertificateKey = mkOption {
|
||||
type = nullOr path;
|
||||
default = null;
|
||||
example = "/run/keys/ssl_key";
|
||||
apply = assertStringPath "sslCertificateKey";
|
||||
description = ''
|
||||
The path to a PEM formatted private key to use for TLS/SSL
|
||||
connections.
|
||||
'';
|
||||
};
|
||||
|
||||
plugins = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.path;
|
||||
default = [ ];
|
||||
description = ''
|
||||
Keycloak plugin jar, ear files or derivations containing
|
||||
them. Packaged plugins are available through
|
||||
`pkgs.keycloak.plugins`.
|
||||
'';
|
||||
};
|
||||
|
||||
database = {
|
||||
type = mkOption {
|
||||
type = enum [ "mysql" "mariadb" "postgresql" ];
|
||||
default = "postgresql";
|
||||
example = "mariadb";
|
||||
description = ''
|
||||
The type of database Keycloak should connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = str;
|
||||
default = "localhost";
|
||||
description = ''
|
||||
Hostname of the database to connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
port =
|
||||
let
|
||||
dbPorts = {
|
||||
postgresql = 5432;
|
||||
mariadb = 3306;
|
||||
mysql = 3306;
|
||||
};
|
||||
in
|
||||
mkOption {
|
||||
type = port;
|
||||
default = dbPorts.${cfg.database.type};
|
||||
defaultText = literalMD "default port of selected database";
|
||||
description = ''
|
||||
Port of the database to connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
useSSL = mkOption {
|
||||
type = bool;
|
||||
default = cfg.database.host != "localhost";
|
||||
defaultText = literalExpression ''config.${opt.database.host} != "localhost"'';
|
||||
description = ''
|
||||
Whether the database connection should be secured by SSL /
|
||||
TLS.
|
||||
'';
|
||||
};
|
||||
|
||||
caCert = mkOption {
|
||||
type = nullOr path;
|
||||
default = null;
|
||||
description = ''
|
||||
The SSL / TLS CA certificate that verifies the identity of the
|
||||
database server.
|
||||
|
||||
Required when PostgreSQL is used and SSL is turned on.
|
||||
|
||||
For MySQL, if left at `null`, the default
|
||||
Java keystore is used, which should suffice if the server
|
||||
certificate is issued by an official CA.
|
||||
'';
|
||||
};
|
||||
|
||||
createLocally = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether a database should be automatically created on the
|
||||
local host. Set this to false if you plan on provisioning a
|
||||
local database yourself. This has no effect if
|
||||
services.keycloak.database.host is customized.
|
||||
'';
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = str;
|
||||
default = "keycloak";
|
||||
description = ''
|
||||
Database name to use when connecting to an external or
|
||||
manually provisioned database; has no effect when a local
|
||||
database is automatically provisioned.
|
||||
|
||||
To use this with a local database, set [](#opt-services.keycloak.database.createLocally) to
|
||||
`false` and create the database and user
|
||||
manually.
|
||||
'';
|
||||
};
|
||||
|
||||
username = mkOption {
|
||||
type = str;
|
||||
default = "keycloak";
|
||||
description = ''
|
||||
Username to use when connecting to an external or manually
|
||||
provisioned database; has no effect when a local database is
|
||||
automatically provisioned.
|
||||
|
||||
To use this with a local database, set [](#opt-services.keycloak.database.createLocally) to
|
||||
`false` and create the database and user
|
||||
manually.
|
||||
'';
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = path;
|
||||
example = "/run/keys/db_password";
|
||||
apply = assertStringPath "passwordFile";
|
||||
description = ''
|
||||
The path to a file containing the database password.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
package = mkPackageOption pkgs "keycloak" { };
|
||||
|
||||
initialAdminPassword = mkOption {
|
||||
type = str;
|
||||
default = "changeme";
|
||||
description = ''
|
||||
Initial password set for the `admin`
|
||||
user. The password is not stored safely and should be changed
|
||||
immediately in the admin panel.
|
||||
'';
|
||||
};
|
||||
|
||||
themes = mkOption {
|
||||
type = attrsOf package;
|
||||
default = { };
|
||||
description = ''
|
||||
Additional theme packages for Keycloak. Each theme is linked into
|
||||
subdirectory with a corresponding attribute name.
|
||||
|
||||
Theme packages consist of several subdirectories which provide
|
||||
different theme types: for example, `account`,
|
||||
`login` etc. After adding a theme to this option you
|
||||
can select it by its name in Keycloak administration console.
|
||||
'';
|
||||
};
|
||||
|
||||
extraStartupFlags = lib.mkOption {
|
||||
type = lib.types.listOf str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
Extra flags to be added to the startup command kc.sh.
|
||||
This can be used to import a realm during startup or to
|
||||
set configuration variables, see <https://www.keycloak.org/server/configuration>.
|
||||
|
||||
--verbose and --optimized are always added.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = lib.types.submodule {
|
||||
freeformType = attrsOf (nullOr (oneOf [ str int bool (attrsOf path) ]));
|
||||
|
||||
options = {
|
||||
http-host = mkOption {
|
||||
type = str;
|
||||
default = "0.0.0.0";
|
||||
example = "127.0.0.1";
|
||||
description = ''
|
||||
On which address Keycloak should accept new connections.
|
||||
'';
|
||||
};
|
||||
|
||||
http-port = mkOption {
|
||||
type = port;
|
||||
default = 80;
|
||||
example = 8080;
|
||||
description = ''
|
||||
On which port Keycloak should listen for new HTTP connections.
|
||||
'';
|
||||
};
|
||||
|
||||
https-port = mkOption {
|
||||
type = port;
|
||||
default = 443;
|
||||
example = 8443;
|
||||
description = ''
|
||||
On which port Keycloak should listen for new HTTPS connections.
|
||||
'';
|
||||
};
|
||||
|
||||
http-relative-path = mkOption {
|
||||
type = str;
|
||||
default = "/";
|
||||
example = "/auth";
|
||||
apply = x: if !(hasPrefix "/") x then "/" + x else x;
|
||||
description = ''
|
||||
The path relative to `/` for serving
|
||||
resources.
|
||||
|
||||
::: {.note}
|
||||
In versions of Keycloak using Wildfly (<17),
|
||||
this defaulted to `/auth`. If
|
||||
upgrading from the Wildfly version of Keycloak,
|
||||
i.e. a NixOS version before 22.05, you'll likely
|
||||
want to set this to `/auth` to
|
||||
keep compatibility with your clients.
|
||||
|
||||
See <https://www.keycloak.org/migration/migrating-to-quarkus>
|
||||
for more information on migrating from Wildfly to Quarkus.
|
||||
:::
|
||||
'';
|
||||
};
|
||||
|
||||
hostname = mkOption {
|
||||
type = nullOr str;
|
||||
example = "keycloak.example.com";
|
||||
description = ''
|
||||
The hostname part of the public URL used as base for
|
||||
all frontend requests.
|
||||
|
||||
See <https://www.keycloak.org/server/hostname>
|
||||
for more information about hostname configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
hostname-backchannel-dynamic = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
Enables dynamic resolving of backchannel URLs,
|
||||
including hostname, scheme, port and context path.
|
||||
|
||||
See <https://www.keycloak.org/server/hostname>
|
||||
for more information about hostname configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
proxy = mkOption {
|
||||
type = enum [ "edge" "reencrypt" "passthrough" "none" ];
|
||||
default = "none";
|
||||
example = "edge";
|
||||
description = ''
|
||||
The proxy address forwarding mode if the server is
|
||||
behind a reverse proxy.
|
||||
|
||||
- `edge`:
|
||||
Enables communication through HTTP between the
|
||||
proxy and Keycloak.
|
||||
- `reencrypt`:
|
||||
Requires communication through HTTPS between the
|
||||
proxy and Keycloak.
|
||||
- `passthrough`:
|
||||
Enables communication through HTTP or HTTPS between
|
||||
the proxy and Keycloak.
|
||||
|
||||
See <https://www.keycloak.org/server/reverseproxy> for more information.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
example = literalExpression ''
|
||||
{
|
||||
hostname = "keycloak.example.com";
|
||||
proxy = "reencrypt";
|
||||
https-key-store-file = "/path/to/file";
|
||||
https-key-store-password = { _secret = "/run/keys/store_password"; };
|
||||
}
|
||||
'';
|
||||
|
||||
description = ''
|
||||
Configuration options corresponding to parameters set in
|
||||
{file}`conf/keycloak.conf`.
|
||||
|
||||
Most available options are documented at <https://www.keycloak.org/server/all-config>.
|
||||
|
||||
Options containing secret data should be set to an attribute
|
||||
set containing the attribute `_secret` - a
|
||||
string pointing to a file containing the value the option
|
||||
should be set to. See the example to get a better picture of
|
||||
this: in the resulting
|
||||
{file}`conf/keycloak.conf` file, the
|
||||
`https-key-store-password` key will be set
|
||||
to the contents of the
|
||||
{file}`/run/keys/store_password` file.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config =
|
||||
let
|
||||
# We only want to create a database if we're actually going to
|
||||
# connect to it.
|
||||
databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == "localhost";
|
||||
createLocalPostgreSQL = databaseActuallyCreateLocally && cfg.database.type == "postgresql";
|
||||
createLocalMySQL = databaseActuallyCreateLocally && elem cfg.database.type [ "mysql" "mariadb" ];
|
||||
|
||||
mySqlCaKeystore = pkgs.runCommand "mysql-ca-keystore" { } ''
|
||||
${pkgs.jre}/bin/keytool -importcert -trustcacerts -alias MySQLCACert -file ${cfg.database.caCert} -keystore $out -storepass notsosecretpassword -noprompt
|
||||
'';
|
||||
|
||||
# Both theme and theme type directories need to be actual
|
||||
# directories in one hierarchy to pass Keycloak checks.
|
||||
themesBundle = pkgs.runCommand "keycloak-themes" { } ''
|
||||
linkTheme() {
|
||||
theme="$1"
|
||||
name="$2"
|
||||
|
||||
mkdir "$out/$name"
|
||||
for typeDir in "$theme"/*; do
|
||||
if [ -d "$typeDir" ]; then
|
||||
type="$(basename "$typeDir")"
|
||||
mkdir "$out/$name/$type"
|
||||
for file in "$typeDir"/*; do
|
||||
ln -sn "$file" "$out/$name/$type/$(basename "$file")"
|
||||
done
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
mkdir -p "$out"
|
||||
for theme in ${keycloakBuild}/themes/*; do
|
||||
if [ -d "$theme" ]; then
|
||||
linkTheme "$theme" "$(basename "$theme")"
|
||||
fi
|
||||
done
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList (name: theme: "linkTheme ${theme} ${escapeShellArg name}") cfg.themes)}
|
||||
'';
|
||||
|
||||
keycloakConfig = lib.generators.toKeyValue {
|
||||
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" {
|
||||
mkValueString = v:
|
||||
if isInt v then toString v
|
||||
else if isString v then v
|
||||
else if true == v then "true"
|
||||
else if false == v then "false"
|
||||
else if isSecret v then hashString "sha256" v._secret
|
||||
else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}";
|
||||
};
|
||||
};
|
||||
|
||||
isSecret = v: isAttrs v && v ? _secret && isString v._secret;
|
||||
filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [{ } null])) cfg.settings;
|
||||
confFile = pkgs.writeText "keycloak.conf" (keycloakConfig filteredConfig);
|
||||
keycloakBuild = cfg.package.override {
|
||||
inherit confFile;
|
||||
plugins = cfg.package.enabledPlugins ++ cfg.plugins ++
|
||||
(with cfg.package.plugins; [quarkus-systemd-notify quarkus-systemd-notify-deployment]);
|
||||
};
|
||||
in
|
||||
mkIf cfg.enable
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = (cfg.database.useSSL && cfg.database.type == "postgresql") -> (cfg.database.caCert != null);
|
||||
message = "A CA certificate must be specified (in 'services.keycloak.database.caCert') when PostgreSQL is used with SSL";
|
||||
}
|
||||
{
|
||||
assertion = createLocalPostgreSQL -> config.services.postgresql.settings.standard_conforming_strings or true;
|
||||
message = "Setting up a local PostgreSQL db for Keycloak requires `standard_conforming_strings` turned on to work reliably";
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings.hostname != null || ! cfg.settings.hostname-strict or true;
|
||||
message = "Setting the Keycloak hostname is required, see `services.keycloak.settings.hostname`";
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings.hostname-url or null == null;
|
||||
message = ''
|
||||
The option `services.keycloak.settings.hostname-url' has been removed.
|
||||
Set `services.keycloak.settings.hostname' instead.
|
||||
See [New Hostname options](https://www.keycloak.org/docs/25.0.0/upgrading/#new-hostname-options) for details.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = cfg.settings.hostname-strict-backchannel or null == null;
|
||||
message = ''
|
||||
The option `services.keycloak.settings.hostname-strict-backchannel' has been removed.
|
||||
Set `services.keycloak.settings.hostname-backchannel-dynamic' instead.
|
||||
See [New Hostname options](https://www.keycloak.org/docs/25.0.0/upgrading/#new-hostname-options) for details.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = [ keycloakBuild ];
|
||||
|
||||
services.keycloak.settings =
|
||||
let
|
||||
postgresParams = concatStringsSep "&" (
|
||||
optionals cfg.database.useSSL [
|
||||
"ssl=true"
|
||||
] ++ optionals (cfg.database.caCert != null) [
|
||||
"sslrootcert=${cfg.database.caCert}"
|
||||
"sslmode=verify-ca"
|
||||
]
|
||||
);
|
||||
mariadbParams = concatStringsSep "&" ([
|
||||
"characterEncoding=UTF-8"
|
||||
] ++ optionals cfg.database.useSSL [
|
||||
"useSSL=true"
|
||||
"requireSSL=true"
|
||||
"verifyServerCertificate=true"
|
||||
] ++ optionals (cfg.database.caCert != null) [
|
||||
"trustCertificateKeyStoreUrl=file:${mySqlCaKeystore}"
|
||||
"trustCertificateKeyStorePassword=notsosecretpassword"
|
||||
]);
|
||||
dbProps = if cfg.database.type == "postgresql" then postgresParams else mariadbParams;
|
||||
in
|
||||
mkMerge [
|
||||
{
|
||||
db = if cfg.database.type == "postgresql" then "postgres" else cfg.database.type;
|
||||
db-username = if databaseActuallyCreateLocally then "keycloak" else cfg.database.username;
|
||||
db-password._secret = cfg.database.passwordFile;
|
||||
db-url-host = cfg.database.host;
|
||||
db-url-port = toString cfg.database.port;
|
||||
db-url-database = if databaseActuallyCreateLocally then "keycloak" else cfg.database.name;
|
||||
db-url-properties = prefixUnlessEmpty "?" dbProps;
|
||||
db-url = null;
|
||||
}
|
||||
(mkIf (cfg.sslCertificate != null && cfg.sslCertificateKey != null) {
|
||||
https-certificate-file = "/run/keycloak/ssl/ssl_cert";
|
||||
https-certificate-key-file = "/run/keycloak/ssl/ssl_key";
|
||||
})
|
||||
];
|
||||
|
||||
systemd.services.keycloakPostgreSQLInit = mkIf createLocalPostgreSQL {
|
||||
after = [ "postgresql.service" ];
|
||||
before = [ "keycloak.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
path = [ config.services.postgresql.package ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
User = "postgres";
|
||||
Group = "postgres";
|
||||
LoadCredential = [ "db_password:${cfg.database.passwordFile}" ];
|
||||
};
|
||||
script = ''
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
create_role="$(mktemp)"
|
||||
trap 'rm -f "$create_role"' EXIT
|
||||
|
||||
# Read the password from the credentials directory and
|
||||
# escape any single quotes by adding additional single
|
||||
# quotes after them, following the rules laid out here:
|
||||
# https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS
|
||||
db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
|
||||
db_password="''${db_password//\'/\'\'}"
|
||||
|
||||
echo "CREATE ROLE keycloak WITH LOGIN PASSWORD '$db_password' CREATEDB" > "$create_role"
|
||||
psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='keycloak'" | grep -q 1 || psql -tA --file="$create_role"
|
||||
psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'keycloak'" | grep -q 1 || psql -tAc 'CREATE DATABASE "keycloak" OWNER "keycloak"'
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.keycloakMySQLInit = mkIf createLocalMySQL {
|
||||
after = [ "mysql.service" ];
|
||||
before = [ "keycloak.service" ];
|
||||
bindsTo = [ "mysql.service" ];
|
||||
path = [ config.services.mysql.package ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
User = config.services.mysql.user;
|
||||
Group = config.services.mysql.group;
|
||||
LoadCredential = [ "db_password:${cfg.database.passwordFile}" ];
|
||||
};
|
||||
script = ''
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
# Read the password from the credentials directory and
|
||||
# escape any single quotes by adding additional single
|
||||
# quotes after them, following the rules laid out here:
|
||||
# https://dev.mysql.com/doc/refman/8.0/en/string-literals.html
|
||||
db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
|
||||
db_password="''${db_password//\'/\'\'}"
|
||||
|
||||
( echo "SET sql_mode = 'NO_BACKSLASH_ESCAPES';"
|
||||
echo "CREATE USER IF NOT EXISTS 'keycloak'@'localhost' IDENTIFIED BY '$db_password';"
|
||||
echo "CREATE DATABASE IF NOT EXISTS keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
|
||||
echo "GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';"
|
||||
) | mysql -N
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.keycloak =
|
||||
let
|
||||
databaseServices =
|
||||
if createLocalPostgreSQL then [
|
||||
"keycloakPostgreSQLInit.service"
|
||||
"postgresql.service"
|
||||
]
|
||||
else if createLocalMySQL then [
|
||||
"keycloakMySQLInit.service"
|
||||
"mysql.service"
|
||||
]
|
||||
else [ ];
|
||||
secretPaths = catAttrs "_secret" (collect isSecret cfg.settings);
|
||||
mkSecretReplacement = file: ''
|
||||
replace-secret ${hashString "sha256" file} $CREDENTIALS_DIRECTORY/${baseNameOf file} /run/keycloak/conf/keycloak.conf
|
||||
'';
|
||||
secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
|
||||
extraStartupFlags = lib.concatStringsSep " " cfg.extraStartupFlags;
|
||||
in
|
||||
{
|
||||
after = databaseServices;
|
||||
bindsTo = databaseServices;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = with pkgs; [
|
||||
keycloakBuild
|
||||
openssl
|
||||
replace-secret
|
||||
];
|
||||
environment = {
|
||||
KC_HOME_DIR = "/run/keycloak";
|
||||
KC_CONF_DIR = "/run/keycloak/conf";
|
||||
};
|
||||
serviceConfig = {
|
||||
LoadCredential =
|
||||
map (p: "${baseNameOf p}:${p}") secretPaths
|
||||
++ optionals (cfg.sslCertificate != null && cfg.sslCertificateKey != null) [
|
||||
"ssl_cert:${cfg.sslCertificate}"
|
||||
"ssl_key:${cfg.sslCertificateKey}"
|
||||
];
|
||||
User = "keycloak";
|
||||
Group = "keycloak";
|
||||
DynamicUser = true;
|
||||
RuntimeDirectory = "keycloak";
|
||||
RuntimeDirectoryMode = "0700";
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
Type = "notify"; # Requires quarkus-systemd-notify plugin
|
||||
NotifyAccess = "all";
|
||||
};
|
||||
script = ''
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
shopt -s inherit_errexit
|
||||
|
||||
umask u=rwx,g=,o=
|
||||
|
||||
ln -s ${themesBundle} /run/keycloak/themes
|
||||
ln -s ${keycloakBuild}/providers /run/keycloak/
|
||||
|
||||
install -D -m 0600 ${confFile} /run/keycloak/conf/keycloak.conf
|
||||
|
||||
${secretReplacements}
|
||||
|
||||
# Escape any backslashes in the db parameters, since
|
||||
# they're otherwise unexpectedly read as escape
|
||||
# sequences.
|
||||
sed -i '/db-/ s|\\|\\\\|g' /run/keycloak/conf/keycloak.conf
|
||||
|
||||
'' + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) ''
|
||||
mkdir -p /run/keycloak/ssl
|
||||
cp $CREDENTIALS_DIRECTORY/ssl_{cert,key} /run/keycloak/ssl/
|
||||
'' + ''
|
||||
export KEYCLOAK_ADMIN=admin
|
||||
export KEYCLOAK_ADMIN_PASSWORD=${escapeShellArg cfg.initialAdminPassword}
|
||||
kc.sh --verbose start --optimized ${extraStartupFlags}
|
||||
'';
|
||||
};
|
||||
|
||||
services.postgresql.enable = mkDefault createLocalPostgreSQL;
|
||||
services.mysql.enable = mkDefault createLocalMySQL;
|
||||
services.mysql.package =
|
||||
let
|
||||
dbPkg = if cfg.database.type == "mariadb" then pkgs.mariadb else pkgs.mysql80;
|
||||
in
|
||||
mkIf createLocalMySQL (mkDefault dbPkg);
|
||||
};
|
||||
|
||||
meta.doc = ./keycloak.md;
|
||||
meta.maintainers = [ maintainers.talyz ];
|
||||
}
|
|
@ -6,6 +6,10 @@
|
|||
...
|
||||
}:
|
||||
let
|
||||
realm-export = pkgs.writeTextFile {
|
||||
name = "realm-export.json";
|
||||
text = builtins.readFile ./support/keycloak-realm-export/realm-export.json;
|
||||
};
|
||||
in
|
||||
{
|
||||
name = "keycloak";
|
||||
|
@ -53,6 +57,10 @@ in
|
|||
database-password-file = "/tmp/dbf";
|
||||
};
|
||||
services.keycloak.database.createLocally = true;
|
||||
services.keycloak.extraStartupFlags = [
|
||||
"--import-realm"
|
||||
"--file=${realm-export}"
|
||||
];
|
||||
|
||||
networking.interfaces.eth0.ipv4.addresses = [
|
||||
{
|
||||
|
@ -75,6 +83,9 @@ in
|
|||
wmClass = su "${gdbus} ${gseval} global.display.focus_window.wm_class";
|
||||
in
|
||||
''
|
||||
def puppeteer_run(cmd):
|
||||
client.succeed(f'puppeteer-run \'{cmd}\' ')
|
||||
|
||||
start_all()
|
||||
|
||||
nachtigall.wait_for_unit("system.slice")
|
||||
|
@ -86,9 +97,22 @@ in
|
|||
|
||||
client.wait_for_unit("system.slice")
|
||||
client.wait_for_file("/tmp/puppeteer.sock")
|
||||
client.succeed("puppeteer-run 'console.log(1234)'")
|
||||
client.succeed("puppeteer-run 'page.goto(\"https://auth.test.pub.solar\")'")
|
||||
client.succeed("puppeteer-run 'page.waitForSelector(\"body\")'")
|
||||
client.screenshot("screen")
|
||||
puppeteer_run('page.goto("https://auth.test.pub.solar")')
|
||||
puppeteer_run('page.waitForNetworkIdle()')
|
||||
client.screenshot("initial")
|
||||
puppeteer_run('page.locator("::-p-text(Sign in)").click()')
|
||||
puppeteer_run('page.waitForNetworkIdle()')
|
||||
client.screenshot("sign-in")
|
||||
puppeteer_run('page.locator("::-p-text(Register)").click()')
|
||||
puppeteer_run('page.waitForNetworkIdle()')
|
||||
client.screenshot("register")
|
||||
puppeteer_run('page.locator("[name=username]").fill("test-user")')
|
||||
puppeteer_run('page.locator("[name=email]").fill("test-user@test.pub.solar")')
|
||||
puppeteer_run('page.locator("[name=password]").fill("Password1234")')
|
||||
puppeteer_run('page.locator("[name=password-confirm]").fill("Password1234")')
|
||||
client.screenshot("register-filled-in")
|
||||
puppeteer_run('page.locator("button::-p-text(Register)").click()')
|
||||
puppeteer_run('page.waitForNetworkIdle()')
|
||||
client.screenshot("after-register")
|
||||
'';
|
||||
}
|
||||
|
|
1
tests/support/keycloak-realm-export/.gitignore
vendored
Normal file
1
tests/support/keycloak-realm-export/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
node_modules
|
1
tests/support/keycloak-realm-export/.npmignore
Normal file
1
tests/support/keycloak-realm-export/.npmignore
Normal file
|
@ -0,0 +1 @@
|
|||
*.nix
|
5
tests/support/keycloak-realm-export/README.md
Normal file
5
tests/support/keycloak-realm-export/README.md
Normal file
|
@ -0,0 +1,5 @@
|
|||
# Keycloak realm export anonymizer
|
||||
|
||||
1. Export realm settings from keycloak, you'll get a file called `realm-export.json`.
|
||||
2. Install dependencies for this package: `npm ci`
|
||||
3. Clean the exported file: `npm start $downloadedExportJSON > realm-export.json
|
942
tests/support/keycloak-realm-export/package-lock.json
generated
Normal file
942
tests/support/keycloak-realm-export/package-lock.json
generated
Normal file
|
@ -0,0 +1,942 @@
|
|||
{
|
||||
"name": "keycloak-realm-export",
|
||||
"version": "1.0.0",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "keycloak-realm-export",
|
||||
"version": "1.0.0",
|
||||
"license": "AGPL-3.0-or-later",
|
||||
"dependencies": {
|
||||
"puppeteer-core": "^23.1.1",
|
||||
"uuid": "^10.0.0"
|
||||
},
|
||||
"bin": {
|
||||
"puppeteer-socket": "src/index.mjs"
|
||||
}
|
||||
},
|
||||
"node_modules/@puppeteer/browsers": {
|
||||
"version": "2.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@puppeteer/browsers/-/browsers-2.3.1.tgz",
|
||||
"integrity": "sha512-uK7o3hHkK+naEobMSJ+2ySYyXtQkBxIH8Gn4MK9ciePjNV+Pf+PgY/W7iPzn2MTjl3stcYB5AlcTmPYw7AXDwA==",
|
||||
"dependencies": {
|
||||
"debug": "^4.3.6",
|
||||
"extract-zip": "^2.0.1",
|
||||
"progress": "^2.0.3",
|
||||
"proxy-agent": "^6.4.0",
|
||||
"semver": "^7.6.3",
|
||||
"tar-fs": "^3.0.6",
|
||||
"unbzip2-stream": "^1.4.3",
|
||||
"yargs": "^17.7.2"
|
||||
},
|
||||
"bin": {
|
||||
"browsers": "lib/cjs/main-cli.js"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=18"
|
||||
}
|
||||
},
|
||||
"node_modules/@tootallnate/quickjs-emscripten": {
|
||||
"version": "0.23.0",
|
||||
"resolved": "https://registry.npmjs.org/@tootallnate/quickjs-emscripten/-/quickjs-emscripten-0.23.0.tgz",
|
||||
"integrity": "sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA=="
|
||||
},
|
||||
"node_modules/@types/node": {
|
||||
"version": "22.5.0",
|
||||
"resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.0.tgz",
|
||||
"integrity": "sha512-DkFrJOe+rfdHTqqMg0bSNlGlQ85hSoh2TPzZyhHsXnMtligRWpxUySiyw8FY14ITt24HVCiQPWxS3KO/QlGmWg==",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"undici-types": "~6.19.2"
|
||||
}
|
||||
},
|
||||
"node_modules/@types/yauzl": {
|
||||
"version": "2.10.3",
|
||||
"resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.3.tgz",
|
||||
"integrity": "sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q==",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"@types/node": "*"
|
||||
}
|
||||
},
|
||||
"node_modules/agent-base": {
|
||||
"version": "7.1.1",
|
||||
"resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz",
|
||||
"integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==",
|
||||
"dependencies": {
|
||||
"debug": "^4.3.4"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/ansi-regex": {
|
||||
"version": "5.0.1",
|
||||
"resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
|
||||
"integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
|
||||
"engines": {
|
||||
"node": ">=8"
|
||||
}
|
||||
},
|
||||
"node_modules/ast-types": {
|
||||
"version": "0.13.4",
|
||||
"resolved": "https://registry.npmjs.org/ast-types/-/ast-types-0.13.4.tgz",
|
||||
"integrity": "sha512-x1FCFnFifvYDDzTaLII71vG5uvDwgtmDTEVWAxrgeiR8VjMONcCXJx7E+USjDtHlwFmt9MysbqgF9b9Vjr6w+w==",
|
||||
"dependencies": {
|
||||
"tslib": "^2.0.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=4"
|
||||
}
|
||||
},
|
||||
"node_modules/b4a": {
|
||||
"version": "1.6.6",
|
||||
"resolved": "https://registry.npmjs.org/b4a/-/b4a-1.6.6.tgz",
|
||||
"integrity": "sha512-5Tk1HLk6b6ctmjIkAcU/Ujv/1WqiDl0F0JdRCR80VsOcUlHcu7pWeWRlOqQLHfDEsVx9YH/aif5AG4ehoCtTmg=="
|
||||
},
|
||||
"node_modules/bare-events": {
|
||||
"version": "2.4.2",
|
||||
"resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.4.2.tgz",
|
||||
"integrity": "sha512-qMKFd2qG/36aA4GwvKq8MxnPgCQAmBWmSyLWsJcbn8v03wvIPQ/hG1Ms8bPzndZxMDoHpxez5VOS+gC9Yi24/Q==",
|
||||
"optional": true
|
||||
},
|
||||
"node_modules/bare-fs": {
|
||||
"version": "2.3.1",
|
||||
"resolved": "https://registry.npmjs.org/bare-fs/-/bare-fs-2.3.1.tgz",
|
||||
"integrity": "sha512-W/Hfxc/6VehXlsgFtbB5B4xFcsCl+pAh30cYhoFyXErf6oGrwjh8SwiPAdHgpmWonKuYpZgGywN0SXt7dgsADA==",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"bare-events": "^2.0.0",
|
||||
"bare-path": "^2.0.0",
|
||||
"bare-stream": "^2.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/bare-os": {
|
||||
"version": "2.4.0",
|
||||
"resolved": "https://registry.npmjs.org/bare-os/-/bare-os-2.4.0.tgz",
|
||||
"integrity": "sha512-v8DTT08AS/G0F9xrhyLtepoo9EJBJ85FRSMbu1pQUlAf6A8T0tEEQGMVObWeqpjhSPXsE0VGlluFBJu2fdoTNg==",
|
||||
"optional": true
|
||||
},
|
||||
"node_modules/bare-path": {
|
||||
"version": "2.1.3",
|
||||
"resolved": "https://registry.npmjs.org/bare-path/-/bare-path-2.1.3.tgz",
|
||||
"integrity": "sha512-lh/eITfU8hrj9Ru5quUp0Io1kJWIk1bTjzo7JH1P5dWmQ2EL4hFUlfI8FonAhSlgIfhn63p84CDY/x+PisgcXA==",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"bare-os": "^2.1.0"
|
||||
}
|
||||
},
|
||||
"node_modules/bare-stream": {
|
||||
"version": "2.1.3",
|
||||
"resolved": "https://registry.npmjs.org/bare-stream/-/bare-stream-2.1.3.tgz",
|
||||
"integrity": "sha512-tiDAH9H/kP+tvNO5sczyn9ZAA7utrSMobyDchsnyyXBuUe2FSQWbxhtuHB8jwpHYYevVo2UJpcmvvjrbHboUUQ==",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"streamx": "^2.18.0"
|
||||
}
|
||||
},
|
||||
"node_modules/base64-js": {
|
||||
"version": "1.5.1",
|
||||
"resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
|
||||
"integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
|
||||
"funding": [
|
||||
{
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/feross"
|
||||
},
|
||||
{
|
||||
"type": "patreon",
|
||||
"url": "https://www.patreon.com/feross"
|
||||
},
|
||||
{
|
||||
"type": "consulting",
|
||||
"url": "https://feross.org/support"
|
||||
}
|
||||
]
|
||||
},
|
||||
"node_modules/basic-ftp": {
|
||||
"version": "5.0.5",
|
||||
"resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.0.5.tgz",
|
||||
"integrity": "sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==",
|
||||
"engines": {
|
||||
"node": ">=10.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/buffer": {
|
||||
"version": "5.7.1",
|
||||
"resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz",
|
||||
"integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==",
|
||||
"funding": [
|
||||
{
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/feross"
|
||||
},
|
||||
{
|
||||
"type": "patreon",
|
||||
"url": "https://www.patreon.com/feross"
|
||||
},
|
||||
{
|
||||
"type": "consulting",
|
||||
"url": "https://feross.org/support"
|
||||
}
|
||||
],
|
||||
"dependencies": {
|
||||
"base64-js": "^1.3.1",
|
||||
"ieee754": "^1.1.13"
|
||||
}
|
||||
},
|
||||
"node_modules/buffer-crc32": {
|
||||
"version": "0.2.13",
|
||||
"resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz",
|
||||
"integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==",
|
||||
"engines": {
|
||||
"node": "*"
|
||||
}
|
||||
},
|
||||
"node_modules/chromium-bidi": {
|
||||
"version": "0.6.4",
|
||||
"resolved": "https://registry.npmjs.org/chromium-bidi/-/chromium-bidi-0.6.4.tgz",
|
||||
"integrity": "sha512-8zoq6ogmhQQkAKZVKO2ObFTl4uOkqoX1PlKQX3hZQ5E9cbUotcAb7h4pTNVAGGv8Z36PF3CtdOriEp/Rz82JqQ==",
|
||||
"dependencies": {
|
||||
"mitt": "3.0.1",
|
||||
"urlpattern-polyfill": "10.0.0",
|
||||
"zod": "3.23.8"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"devtools-protocol": "*"
|
||||
}
|
||||
},
|
||||
"node_modules/cliui": {
|
||||
"version": "8.0.1",
|
||||
"resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
|
||||
"integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==",
|
||||
"dependencies": {
|
||||
"string-width": "^4.2.0",
|
||||
"strip-ansi": "^6.0.1",
|
||||
"wrap-ansi": "^7.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
}
|
||||
},
|
||||
"node_modules/data-uri-to-buffer": {
|
||||
"version": "6.0.2",
|
||||
"resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-6.0.2.tgz",
|
||||
"integrity": "sha512-7hvf7/GW8e86rW0ptuwS3OcBGDjIi6SZva7hCyWC0yYry2cOPmLIjXAUHI6DK2HsnwJd9ifmt57i8eV2n4YNpw==",
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/debug": {
|
||||
"version": "4.3.6",
|
||||
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz",
|
||||
"integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==",
|
||||
"dependencies": {
|
||||
"ms": "2.1.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=6.0"
|
||||
},
|
||||
"peerDependenciesMeta": {
|
||||
"supports-color": {
|
||||
"optional": true
|
||||
}
|
||||
}
|
||||
},
|
||||
"node_modules/degenerator": {
|
||||
"version": "5.0.1",
|
||||
"resolved": "https://registry.npmjs.org/degenerator/-/degenerator-5.0.1.tgz",
|
||||
"integrity": "sha512-TllpMR/t0M5sqCXfj85i4XaAzxmS5tVA16dqvdkMwGmzI+dXLXnw3J+3Vdv7VKw+ThlTMboK6i9rnZ6Nntj5CQ==",
|
||||
"dependencies": {
|
||||
"ast-types": "^0.13.4",
|
||||
"escodegen": "^2.1.0",
|
||||
"esprima": "^4.0.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/devtools-protocol": {
|
||||
"version": "0.0.1312386",
|
||||
"resolved": "https://registry.npmjs.org/devtools-protocol/-/devtools-protocol-0.0.1312386.tgz",
|
||||
"integrity": "sha512-DPnhUXvmvKT2dFA/j7B+riVLUt9Q6RKJlcppojL5CoRywJJKLDYnRlw0gTFKfgDPHP5E04UoB71SxoJlVZy8FA=="
|
||||
},
|
||||
"node_modules/emoji-regex": {
|
||||
"version": "8.0.0",
|
||||
"resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
|
||||
"integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
|
||||
},
|
||||
"node_modules/end-of-stream": {
|
||||
"version": "1.4.4",
|
||||
"resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz",
|
||||
"integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==",
|
||||
"dependencies": {
|
||||
"once": "^1.4.0"
|
||||
}
|
||||
},
|
||||
"node_modules/escalade": {
|
||||
"version": "3.1.2",
|
||||
"resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz",
|
||||
"integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==",
|
||||
"engines": {
|
||||
"node": ">=6"
|
||||
}
|
||||
},
|
||||
"node_modules/escodegen": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.1.0.tgz",
|
||||
"integrity": "sha512-2NlIDTwUWJN0mRPQOdtQBzbUHvdGY2P1VXSyU83Q3xKxM7WHX2Ql8dKq782Q9TgQUNOLEzEYu9bzLNj1q88I5w==",
|
||||
"dependencies": {
|
||||
"esprima": "^4.0.1",
|
||||
"estraverse": "^5.2.0",
|
||||
"esutils": "^2.0.2"
|
||||
},
|
||||
"bin": {
|
||||
"escodegen": "bin/escodegen.js",
|
||||
"esgenerate": "bin/esgenerate.js"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=6.0"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
"source-map": "~0.6.1"
|
||||
}
|
||||
},
|
||||
"node_modules/esprima": {
|
||||
"version": "4.0.1",
|
||||
"resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
|
||||
"integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
|
||||
"bin": {
|
||||
"esparse": "bin/esparse.js",
|
||||
"esvalidate": "bin/esvalidate.js"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=4"
|
||||
}
|
||||
},
|
||||
"node_modules/estraverse": {
|
||||
"version": "5.3.0",
|
||||
"resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz",
|
||||
"integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==",
|
||||
"engines": {
|
||||
"node": ">=4.0"
|
||||
}
|
||||
},
|
||||
"node_modules/esutils": {
|
||||
"version": "2.0.3",
|
||||
"resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
|
||||
"integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==",
|
||||
"engines": {
|
||||
"node": ">=0.10.0"
|
||||
}
|
||||
},
|
||||
"node_modules/extract-zip": {
|
||||
"version": "2.0.1",
|
||||
"resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-2.0.1.tgz",
|
||||
"integrity": "sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg==",
|
||||
"dependencies": {
|
||||
"debug": "^4.1.1",
|
||||
"get-stream": "^5.1.0",
|
||||
"yauzl": "^2.10.0"
|
||||
},
|
||||
"bin": {
|
||||
"extract-zip": "cli.js"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 10.17.0"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
"@types/yauzl": "^2.9.1"
|
||||
}
|
||||
},
|
||||
"node_modules/fast-fifo": {
|
||||
"version": "1.3.2",
|
||||
"resolved": "https://registry.npmjs.org/fast-fifo/-/fast-fifo-1.3.2.tgz",
|
||||
"integrity": "sha512-/d9sfos4yxzpwkDkuN7k2SqFKtYNmCTzgfEpz82x34IM9/zc8KGxQoXg1liNC/izpRM/MBdt44Nmx41ZWqk+FQ=="
|
||||
},
|
||||
"node_modules/fd-slicer": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz",
|
||||
"integrity": "sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==",
|
||||
"dependencies": {
|
||||
"pend": "~1.2.0"
|
||||
}
|
||||
},
|
||||
"node_modules/fs-extra": {
|
||||
"version": "11.2.0",
|
||||
"resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz",
|
||||
"integrity": "sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==",
|
||||
"dependencies": {
|
||||
"graceful-fs": "^4.2.0",
|
||||
"jsonfile": "^6.0.1",
|
||||
"universalify": "^2.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=14.14"
|
||||
}
|
||||
},
|
||||
"node_modules/get-caller-file": {
|
||||
"version": "2.0.5",
|
||||
"resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
|
||||
"integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
|
||||
"engines": {
|
||||
"node": "6.* || 8.* || >= 10.*"
|
||||
}
|
||||
},
|
||||
"node_modules/get-stream": {
|
||||
"version": "5.2.0",
|
||||
"resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz",
|
||||
"integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==",
|
||||
"dependencies": {
|
||||
"pump": "^3.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=8"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/sindresorhus"
|
||||
}
|
||||
},
|
||||
"node_modules/get-uri": {
|
||||
"version": "6.0.3",
|
||||
"resolved": "https://registry.npmjs.org/get-uri/-/get-uri-6.0.3.tgz",
|
||||
"integrity": "sha512-BzUrJBS9EcUb4cFol8r4W3v1cPsSyajLSthNkz5BxbpDcHN5tIrM10E2eNvfnvBn3DaT3DUgx0OpsBKkaOpanw==",
|
||||
"dependencies": {
|
||||
"basic-ftp": "^5.0.2",
|
||||
"data-uri-to-buffer": "^6.0.2",
|
||||
"debug": "^4.3.4",
|
||||
"fs-extra": "^11.2.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/graceful-fs": {
|
||||
"version": "4.2.11",
|
||||
"resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
|
||||
"integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
|
||||
},
|
||||
"node_modules/http-proxy-agent": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz",
|
||||
"integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==",
|
||||
"dependencies": {
|
||||
"agent-base": "^7.1.0",
|
||||
"debug": "^4.3.4"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/https-proxy-agent": {
|
||||
"version": "7.0.5",
|
||||
"resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz",
|
||||
"integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==",
|
||||
"dependencies": {
|
||||
"agent-base": "^7.0.2",
|
||||
"debug": "4"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/ieee754": {
|
||||
"version": "1.2.1",
|
||||
"resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
|
||||
"integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==",
|
||||
"funding": [
|
||||
{
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/feross"
|
||||
},
|
||||
{
|
||||
"type": "patreon",
|
||||
"url": "https://www.patreon.com/feross"
|
||||
},
|
||||
{
|
||||
"type": "consulting",
|
||||
"url": "https://feross.org/support"
|
||||
}
|
||||
]
|
||||
},
|
||||
"node_modules/ip-address": {
|
||||
"version": "9.0.5",
|
||||
"resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz",
|
||||
"integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==",
|
||||
"dependencies": {
|
||||
"jsbn": "1.1.0",
|
||||
"sprintf-js": "^1.1.3"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 12"
|
||||
}
|
||||
},
|
||||
"node_modules/is-fullwidth-code-point": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
|
||||
"integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
|
||||
"engines": {
|
||||
"node": ">=8"
|
||||
}
|
||||
},
|
||||
"node_modules/jsbn": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz",
|
||||
"integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A=="
|
||||
},
|
||||
"node_modules/jsonfile": {
|
||||
"version": "6.1.0",
|
||||
"resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
|
||||
"integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==",
|
||||
"dependencies": {
|
||||
"universalify": "^2.0.0"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
"graceful-fs": "^4.1.6"
|
||||
}
|
||||
},
|
||||
"node_modules/lru-cache": {
|
||||
"version": "7.18.3",
|
||||
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz",
|
||||
"integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==",
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
}
|
||||
},
|
||||
"node_modules/mitt": {
|
||||
"version": "3.0.1",
|
||||
"resolved": "https://registry.npmjs.org/mitt/-/mitt-3.0.1.tgz",
|
||||
"integrity": "sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw=="
|
||||
},
|
||||
"node_modules/ms": {
|
||||
"version": "2.1.2",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
|
||||
"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
|
||||
},
|
||||
"node_modules/netmask": {
|
||||
"version": "2.0.2",
|
||||
"resolved": "https://registry.npmjs.org/netmask/-/netmask-2.0.2.tgz",
|
||||
"integrity": "sha512-dBpDMdxv9Irdq66304OLfEmQ9tbNRFnFTuZiLo+bD+r332bBmMJ8GBLXklIXXgxd3+v9+KUnZaUR5PJMa75Gsg==",
|
||||
"engines": {
|
||||
"node": ">= 0.4.0"
|
||||
}
|
||||
},
|
||||
"node_modules/once": {
|
||||
"version": "1.4.0",
|
||||
"resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
|
||||
"integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
|
||||
"dependencies": {
|
||||
"wrappy": "1"
|
||||
}
|
||||
},
|
||||
"node_modules/pac-proxy-agent": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/pac-proxy-agent/-/pac-proxy-agent-7.0.2.tgz",
|
||||
"integrity": "sha512-BFi3vZnO9X5Qt6NRz7ZOaPja3ic0PhlsmCRYLOpN11+mWBCR6XJDqW5RF3j8jm4WGGQZtBA+bTfxYzeKW73eHg==",
|
||||
"dependencies": {
|
||||
"@tootallnate/quickjs-emscripten": "^0.23.0",
|
||||
"agent-base": "^7.0.2",
|
||||
"debug": "^4.3.4",
|
||||
"get-uri": "^6.0.1",
|
||||
"http-proxy-agent": "^7.0.0",
|
||||
"https-proxy-agent": "^7.0.5",
|
||||
"pac-resolver": "^7.0.1",
|
||||
"socks-proxy-agent": "^8.0.4"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/pac-resolver": {
|
||||
"version": "7.0.1",
|
||||
"resolved": "https://registry.npmjs.org/pac-resolver/-/pac-resolver-7.0.1.tgz",
|
||||
"integrity": "sha512-5NPgf87AT2STgwa2ntRMr45jTKrYBGkVU36yT0ig/n/GMAa3oPqhZfIQ2kMEimReg0+t9kZViDVZ83qfVUlckg==",
|
||||
"dependencies": {
|
||||
"degenerator": "^5.0.0",
|
||||
"netmask": "^2.0.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/pend": {
|
||||
"version": "1.2.0",
|
||||
"resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",
|
||||
"integrity": "sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg=="
|
||||
},
|
||||
"node_modules/progress": {
|
||||
"version": "2.0.3",
|
||||
"resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz",
|
||||
"integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==",
|
||||
"engines": {
|
||||
"node": ">=0.4.0"
|
||||
}
|
||||
},
|
||||
"node_modules/proxy-agent": {
|
||||
"version": "6.4.0",
|
||||
"resolved": "https://registry.npmjs.org/proxy-agent/-/proxy-agent-6.4.0.tgz",
|
||||
"integrity": "sha512-u0piLU+nCOHMgGjRbimiXmA9kM/L9EHh3zL81xCdp7m+Y2pHIsnmbdDoEDoAz5geaonNR6q6+yOPQs6n4T6sBQ==",
|
||||
"dependencies": {
|
||||
"agent-base": "^7.0.2",
|
||||
"debug": "^4.3.4",
|
||||
"http-proxy-agent": "^7.0.1",
|
||||
"https-proxy-agent": "^7.0.3",
|
||||
"lru-cache": "^7.14.1",
|
||||
"pac-proxy-agent": "^7.0.1",
|
||||
"proxy-from-env": "^1.1.0",
|
||||
"socks-proxy-agent": "^8.0.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/proxy-from-env": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
|
||||
"integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg=="
|
||||
},
|
||||
"node_modules/pump": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz",
|
||||
"integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==",
|
||||
"dependencies": {
|
||||
"end-of-stream": "^1.1.0",
|
||||
"once": "^1.3.1"
|
||||
}
|
||||
},
|
||||
"node_modules/puppeteer-core": {
|
||||
"version": "23.1.1",
|
||||
"resolved": "https://registry.npmjs.org/puppeteer-core/-/puppeteer-core-23.1.1.tgz",
|
||||
"integrity": "sha512-OeTqNiYGF9qZtwZU4Yc88DDqFJs4TJ4rnK81jkillh6MwDeQodyisM9xe5lBmPhwiDy92s5J5DQtQLjCKHFQ3g==",
|
||||
"dependencies": {
|
||||
"@puppeteer/browsers": "2.3.1",
|
||||
"chromium-bidi": "0.6.4",
|
||||
"debug": "^4.3.6",
|
||||
"devtools-protocol": "0.0.1312386",
|
||||
"typed-query-selector": "^2.12.0",
|
||||
"ws": "^8.18.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=18"
|
||||
}
|
||||
},
|
||||
"node_modules/queue-tick": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/queue-tick/-/queue-tick-1.0.1.tgz",
|
||||
"integrity": "sha512-kJt5qhMxoszgU/62PLP1CJytzd2NKetjSRnyuj31fDd3Rlcz3fzlFdFLD1SItunPwyqEOkca6GbV612BWfaBag=="
|
||||
},
|
||||
"node_modules/require-directory": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
|
||||
"integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
|
||||
"engines": {
|
||||
"node": ">=0.10.0"
|
||||
}
|
||||
},
|
||||
"node_modules/semver": {
|
||||
"version": "7.6.3",
|
||||
"resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
|
||||
"integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
|
||||
"bin": {
|
||||
"semver": "bin/semver.js"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=10"
|
||||
}
|
||||
},
|
||||
"node_modules/smart-buffer": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz",
|
||||
"integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==",
|
||||
"engines": {
|
||||
"node": ">= 6.0.0",
|
||||
"npm": ">= 3.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/socks": {
|
||||
"version": "2.8.3",
|
||||
"resolved": "https://registry.npmjs.org/socks/-/socks-2.8.3.tgz",
|
||||
"integrity": "sha512-l5x7VUUWbjVFbafGLxPWkYsHIhEvmF85tbIeFZWc8ZPtoMyybuEhL7Jye/ooC4/d48FgOjSJXgsF/AJPYCW8Zw==",
|
||||
"dependencies": {
|
||||
"ip-address": "^9.0.5",
|
||||
"smart-buffer": "^4.2.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 10.0.0",
|
||||
"npm": ">= 3.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/socks-proxy-agent": {
|
||||
"version": "8.0.4",
|
||||
"resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.4.tgz",
|
||||
"integrity": "sha512-GNAq/eg8Udq2x0eNiFkr9gRg5bA7PXEWagQdeRX4cPSG+X/8V38v637gim9bjFptMk1QWsCTr0ttrJEiXbNnRw==",
|
||||
"dependencies": {
|
||||
"agent-base": "^7.1.1",
|
||||
"debug": "^4.3.4",
|
||||
"socks": "^2.8.3"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 14"
|
||||
}
|
||||
},
|
||||
"node_modules/source-map": {
|
||||
"version": "0.6.1",
|
||||
"resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
|
||||
"integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
|
||||
"optional": true,
|
||||
"engines": {
|
||||
"node": ">=0.10.0"
|
||||
}
|
||||
},
|
||||
"node_modules/sprintf-js": {
|
||||
"version": "1.1.3",
|
||||
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz",
|
||||
"integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA=="
|
||||
},
|
||||
"node_modules/streamx": {
|
||||
"version": "2.19.0",
|
||||
"resolved": "https://registry.npmjs.org/streamx/-/streamx-2.19.0.tgz",
|
||||
"integrity": "sha512-5z6CNR4gtkPbwlxyEqoDGDmWIzoNJqCBt4Eac1ICP9YaIT08ct712cFj0u1rx4F8luAuL+3Qc+RFIdI4OX00kg==",
|
||||
"dependencies": {
|
||||
"fast-fifo": "^1.3.2",
|
||||
"queue-tick": "^1.0.1",
|
||||
"text-decoder": "^1.1.0"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
"bare-events": "^2.2.0"
|
||||
}
|
||||
},
|
||||
"node_modules/string-width": {
|
||||
"version": "4.2.3",
|
||||
"resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
|
||||
"integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
|
||||
"dependencies": {
|
||||
"emoji-regex": "^8.0.0",
|
||||
"is-fullwidth-code-point": "^3.0.0",
|
||||
"strip-ansi": "^6.0.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=8"
|
||||
}
|
||||
},
|
||||
"node_modules/strip-ansi": {
|
||||
"version": "6.0.1",
|
||||
"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
|
||||
"integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
|
||||
"dependencies": {
|
||||
"ansi-regex": "^5.0.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=8"
|
||||
}
|
||||
},
|
||||
"node_modules/tar-fs": {
|
||||
"version": "3.0.6",
|
||||
"resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.0.6.tgz",
|
||||
"integrity": "sha512-iokBDQQkUyeXhgPYaZxmczGPhnhXZ0CmrqI+MOb/WFGS9DW5wnfrLgtjUJBvz50vQ3qfRwJ62QVoCFu8mPVu5w==",
|
||||
"dependencies": {
|
||||
"pump": "^3.0.0",
|
||||
"tar-stream": "^3.1.5"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
"bare-fs": "^2.1.1",
|
||||
"bare-path": "^2.1.0"
|
||||
}
|
||||
},
|
||||
"node_modules/tar-stream": {
|
||||
"version": "3.1.7",
|
||||
"resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-3.1.7.tgz",
|
||||
"integrity": "sha512-qJj60CXt7IU1Ffyc3NJMjh6EkuCFej46zUqJ4J7pqYlThyd9bO0XBTmcOIhSzZJVWfsLks0+nle/j538YAW9RQ==",
|
||||
"dependencies": {
|
||||
"b4a": "^1.6.4",
|
||||
"fast-fifo": "^1.2.0",
|
||||
"streamx": "^2.15.0"
|
||||
}
|
||||
},
|
||||
"node_modules/text-decoder": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/text-decoder/-/text-decoder-1.1.1.tgz",
|
||||
"integrity": "sha512-8zll7REEv4GDD3x4/0pW+ppIxSNs7H1J10IKFZsuOMscumCdM2a+toDGLPA3T+1+fLBql4zbt5z83GEQGGV5VA==",
|
||||
"dependencies": {
|
||||
"b4a": "^1.6.4"
|
||||
}
|
||||
},
|
||||
"node_modules/through": {
|
||||
"version": "2.3.8",
|
||||
"resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
|
||||
"integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg=="
|
||||
},
|
||||
"node_modules/tslib": {
|
||||
"version": "2.7.0",
|
||||
"resolved": "https://registry.npmjs.org/tslib/-/tslib-2.7.0.tgz",
|
||||
"integrity": "sha512-gLXCKdN1/j47AiHiOkJN69hJmcbGTHI0ImLmbYLHykhgeN0jVGola9yVjFgzCUklsZQMW55o+dW7IXv3RCXDzA=="
|
||||
},
|
||||
"node_modules/typed-query-selector": {
|
||||
"version": "2.12.0",
|
||||
"resolved": "https://registry.npmjs.org/typed-query-selector/-/typed-query-selector-2.12.0.tgz",
|
||||
"integrity": "sha512-SbklCd1F0EiZOyPiW192rrHZzZ5sBijB6xM+cpmrwDqObvdtunOHHIk9fCGsoK5JVIYXoyEp4iEdE3upFH3PAg=="
|
||||
},
|
||||
"node_modules/unbzip2-stream": {
|
||||
"version": "1.4.3",
|
||||
"resolved": "https://registry.npmjs.org/unbzip2-stream/-/unbzip2-stream-1.4.3.tgz",
|
||||
"integrity": "sha512-mlExGW4w71ebDJviH16lQLtZS32VKqsSfk80GCfUlwT/4/hNRFsoscrF/c++9xinkMzECL1uL9DDwXqFWkruPg==",
|
||||
"dependencies": {
|
||||
"buffer": "^5.2.1",
|
||||
"through": "^2.3.8"
|
||||
}
|
||||
},
|
||||
"node_modules/undici-types": {
|
||||
"version": "6.19.8",
|
||||
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",
|
||||
"integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==",
|
||||
"optional": true
|
||||
},
|
||||
"node_modules/universalify": {
|
||||
"version": "2.0.1",
|
||||
"resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
|
||||
"integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==",
|
||||
"engines": {
|
||||
"node": ">= 10.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/urlpattern-polyfill": {
|
||||
"version": "10.0.0",
|
||||
"resolved": "https://registry.npmjs.org/urlpattern-polyfill/-/urlpattern-polyfill-10.0.0.tgz",
|
||||
"integrity": "sha512-H/A06tKD7sS1O1X2SshBVeA5FLycRpjqiBeqGKmBwBDBy28EnRjORxTNe269KSSr5un5qyWi1iL61wLxpd+ZOg=="
|
||||
},
|
||||
"node_modules/uuid": {
|
||||
"version": "10.0.0",
|
||||
"resolved": "https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz",
|
||||
"integrity": "sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ==",
|
||||
"funding": [
|
||||
"https://github.com/sponsors/broofa",
|
||||
"https://github.com/sponsors/ctavan"
|
||||
],
|
||||
"bin": {
|
||||
"uuid": "dist/bin/uuid"
|
||||
}
|
||||
},
|
||||
"node_modules/wrap-ansi": {
|
||||
"version": "7.0.0",
|
||||
"resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
|
||||
"integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
|
||||
"dependencies": {
|
||||
"ansi-styles": "^4.0.0",
|
||||
"string-width": "^4.1.0",
|
||||
"strip-ansi": "^6.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=10"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/chalk/wrap-ansi?sponsor=1"
|
||||
}
|
||||
},
|
||||
"node_modules/wrap-ansi/node_modules/ansi-styles": {
|
||||
"version": "4.3.0",
|
||||
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
|
||||
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
|
||||
"dependencies": {
|
||||
"color-convert": "^2.0.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=8"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/chalk/ansi-styles?sponsor=1"
|
||||
}
|
||||
},
|
||||
"node_modules/wrap-ansi/node_modules/color-convert": {
|
||||
"version": "2.0.1",
|
||||
"resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
|
||||
"integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
|
||||
"dependencies": {
|
||||
"color-name": "~1.1.4"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=7.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/wrap-ansi/node_modules/color-name": {
|
||||
"version": "1.1.4",
|
||||
"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
|
||||
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
|
||||
},
|
||||
"node_modules/wrappy": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
|
||||
"integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
|
||||
},
|
||||
"node_modules/ws": {
|
||||
"version": "8.18.0",
|
||||
"resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz",
|
||||
"integrity": "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==",
|
||||
"engines": {
|
||||
"node": ">=10.0.0"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"bufferutil": "^4.0.1",
|
||||
"utf-8-validate": ">=5.0.2"
|
||||
},
|
||||
"peerDependenciesMeta": {
|
||||
"bufferutil": {
|
||||
"optional": true
|
||||
},
|
||||
"utf-8-validate": {
|
||||
"optional": true
|
||||
}
|
||||
}
|
||||
},
|
||||
"node_modules/y18n": {
|
||||
"version": "5.0.8",
|
||||
"resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
|
||||
"integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
|
||||
"engines": {
|
||||
"node": ">=10"
|
||||
}
|
||||
},
|
||||
"node_modules/yargs": {
|
||||
"version": "17.7.2",
|
||||
"resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
|
||||
"integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
|
||||
"dependencies": {
|
||||
"cliui": "^8.0.1",
|
||||
"escalade": "^3.1.1",
|
||||
"get-caller-file": "^2.0.5",
|
||||
"require-directory": "^2.1.1",
|
||||
"string-width": "^4.2.3",
|
||||
"y18n": "^5.0.5",
|
||||
"yargs-parser": "^21.1.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
}
|
||||
},
|
||||
"node_modules/yargs-parser": {
|
||||
"version": "21.1.1",
|
||||
"resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz",
|
||||
"integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==",
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
}
|
||||
},
|
||||
"node_modules/yauzl": {
|
||||
"version": "2.10.0",
|
||||
"resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz",
|
||||
"integrity": "sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==",
|
||||
"dependencies": {
|
||||
"buffer-crc32": "~0.2.3",
|
||||
"fd-slicer": "~1.1.0"
|
||||
}
|
||||
},
|
||||
"node_modules/zod": {
|
||||
"version": "3.23.8",
|
||||
"resolved": "https://registry.npmjs.org/zod/-/zod-3.23.8.tgz",
|
||||
"integrity": "sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==",
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/colinhacks"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
18
tests/support/keycloak-realm-export/package.json
Normal file
18
tests/support/keycloak-realm-export/package.json
Normal file
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"name": "keycloak-realm-export",
|
||||
"version": "1.0.0",
|
||||
"main": "src/index.mjs",
|
||||
"scripts": {
|
||||
"start": "node src/index.mjs"
|
||||
},
|
||||
"bin": {
|
||||
"puppeteer-socket": "src/index.mjs"
|
||||
},
|
||||
"author": "",
|
||||
"license": "AGPL-3.0-or-later",
|
||||
"description": "",
|
||||
"dependencies": {
|
||||
"puppeteer-core": "^23.1.1",
|
||||
"uuid": "^10.0.0"
|
||||
}
|
||||
}
|
3215
tests/support/keycloak-realm-export/realm-export.json
Normal file
3215
tests/support/keycloak-realm-export/realm-export.json
Normal file
File diff suppressed because it is too large
Load diff
69
tests/support/keycloak-realm-export/src/index.mjs
Normal file
69
tests/support/keycloak-realm-export/src/index.mjs
Normal file
|
@ -0,0 +1,69 @@
|
|||
#!/usr/bin/env node
|
||||
|
||||
import { readFile } from 'node:fs/promises';
|
||||
import { v4 } from 'uuid';
|
||||
|
||||
const filePath = process.argv[2];
|
||||
|
||||
const newIds = {};
|
||||
const ID_KEYS = [
|
||||
'id',
|
||||
'containerId',
|
||||
'_id',
|
||||
];
|
||||
|
||||
const renameDomain = (s) => s.replace(/pub.solar/g, 'test.pub.solar');
|
||||
|
||||
const changeClientSecrets = (data) => ({
|
||||
...data,
|
||||
clients: data.clients.map(c => ({
|
||||
...c,
|
||||
...(c.secret ? {
|
||||
secret: 'secret',
|
||||
attributes: {
|
||||
...c.attributes,
|
||||
"client.secret.creation.time": +(new Date()),
|
||||
},
|
||||
} : {}),
|
||||
})),
|
||||
});
|
||||
|
||||
const shouldChangeId = (node, key) => ID_KEYS.find(name => name === key) && typeof node[key] === "string";
|
||||
|
||||
const changeIds = (node) => {
|
||||
if (!node) {
|
||||
return node;
|
||||
}
|
||||
|
||||
if (Array.isArray(node)) {
|
||||
return node.map(n => changeIds(n));
|
||||
}
|
||||
|
||||
if (typeof node === "object") {
|
||||
return Object.keys(node).reduce((acc, key) => ({
|
||||
...acc,
|
||||
[key]: shouldChangeId(node, key)
|
||||
? (() => {
|
||||
const oldId = node[key];
|
||||
if (newIds[oldId]) {
|
||||
return newIds[oldId];
|
||||
}
|
||||
|
||||
newIds[oldId] = v4();
|
||||
return newIds[oldId];
|
||||
})()
|
||||
: changeIds(node[key]),
|
||||
}), {});
|
||||
}
|
||||
|
||||
return node;
|
||||
};
|
||||
|
||||
(async () => {
|
||||
const fileContents = await readFile(filePath, { encoding: 'utf8' });
|
||||
const data = JSON.parse(renameDomain(fileContents));
|
||||
|
||||
const newData = changeIds(changeClientSecrets(data));
|
||||
|
||||
console.log(JSON.stringify(newData, null, 2));
|
||||
})();
|
|
@ -4,5 +4,5 @@
|
|||
}: writeShellScriptBin "puppeteer-run" ''
|
||||
set -e
|
||||
|
||||
exec ${curl}/bin/curl -X POST -d "$@" --unix-socket "/tmp/puppeteer.sock" http://puppeteer-socket
|
||||
exec ${curl}/bin/curl --fail-with-body -X POST -d "$@" --unix-socket "/tmp/puppeteer.sock" http://puppeteer-socket
|
||||
''
|
||||
|
|
|
@ -16,6 +16,13 @@ const EXECUTABLE = process.env.EXECUTABLE || 'firefox';
|
|||
});
|
||||
|
||||
const page = await firefoxBrowser.newPage();
|
||||
page.on('request', request => {
|
||||
console.log(request.url());
|
||||
});
|
||||
|
||||
page.on('response', response => {
|
||||
console.log(response.url());
|
||||
});
|
||||
const actions = [];
|
||||
|
||||
const server = http.createServer({}, (req, res) => {
|
||||
|
|
Loading…
Reference in a new issue