{"version":3,"file":"auth.mjs","names":["scopes: Set<string> | undefined"],"sources":["../../../src/http/middleware/auth.ts"],"sourcesContent":["import type { NextFunction, Response } from 'express'\nimport type { ObRequest } from '../router'\nimport type { OpenBadgesHttpModule } from '../OpenBadgesHttpModule'\n\nimport { getRequestContext, sendError } from '../router'\nimport { OpenBadgesTokenRepository } from '../../repository/OpenBadgesTokenRepository'\n\nexport function bearerAuth(module: OpenBadgesHttpModule) {\n  return async function (req: ObRequest, res: Response, next: NextFunction) {\n    const header = req.headers['authorization'] || ''\n    if (!header || typeof header !== 'string' || !header.startsWith('Bearer ')) {\n      return sendError(res, 401, 'unauthorized', 'Missing bearer token')\n    }\n    const token = header.slice('Bearer '.length)\n    try {\n      const { agentContext } = getRequestContext(req)\n      const repo = agentContext.dependencyManager.resolve(OpenBadgesTokenRepository)\n      const tokenEntry = await repo.findByToken(agentContext, token)\n      if (!tokenEntry || tokenEntry.tokenType !== 'access' || tokenEntry.expiresAt.getTime() < Date.now()) {\n        return sendError(res, 401, 'unauthorized', 'Invalid or expired token')\n      }\n      ;(req.requestContext as any).auth = {\n        subject: tokenEntry.subject,\n        scope: tokenEntry.scope,\n        clientId: tokenEntry.clientId,\n        scopes: new Set(String(tokenEntry.scope || '').split(/\\s+/).filter(Boolean)),\n      }\n      return next()\n    } catch (_e) {\n      return sendError(res, 401, 'unauthorized', 'Invalid or expired token')\n    }\n  }\n}\n\nexport function requireScopes(required: string[]) {\n  return function (req: ObRequest, res: Response, next: NextFunction) {\n    const auth = (req.requestContext as any)?.auth\n    const scopes: Set<string> | undefined = auth?.scopes\n    if (!scopes) return sendError(res, 403, 'insufficient_scope', 'No scopes present')\n    for (const s of required) {\n      if (!scopes.has(s)) return sendError(res, 403, 'insufficient_scope', `Missing scope: ${s}`)\n    }\n    next()\n  }\n}\n"],"mappings":";;;;aAIwD;AAGxD,SAAgB,WAAW,QAA8B;AACvD,QAAO,eAAgB,KAAgB,KAAe,MAAoB;EACxE,MAAM,SAAS,IAAI,QAAQ,oBAAoB;AAC/C,MAAI,CAAC,UAAU,OAAO,WAAW,YAAY,CAAC,OAAO,WAAW,UAAU,CACxE,QAAO,UAAU,KAAK,KAAK,gBAAgB,uBAAuB;EAEpE,MAAM,QAAQ,OAAO,MAAM,EAAiB;AAC5C,MAAI;GACF,MAAM,EAAE,iBAAiB,kBAAkB,IAAI;GAE/C,MAAM,aAAa,MADN,aAAa,kBAAkB,QAAQ,0BAA0B,CAChD,YAAY,cAAc,MAAM;AAC9D,OAAI,CAAC,cAAc,WAAW,cAAc,YAAY,WAAW,UAAU,SAAS,GAAG,KAAK,KAAK,CACjG,QAAO,UAAU,KAAK,KAAK,gBAAgB,2BAA2B;AAEvE,GAAC,IAAI,eAAuB,OAAO;IAClC,SAAS,WAAW;IACpB,OAAO,WAAW;IAClB,UAAU,WAAW;IACrB,QAAQ,IAAI,IAAI,OAAO,WAAW,SAAS,GAAG,CAAC,MAAM,MAAM,CAAC,OAAO,QAAQ,CAAC;IAC7E;AACD,UAAO,MAAM;WACN,IAAI;AACX,UAAO,UAAU,KAAK,KAAK,gBAAgB,2BAA2B;;;;AAK5E,SAAgB,cAAc,UAAoB;AAChD,QAAO,SAAU,KAAgB,KAAe,MAAoB;EAElE,MAAMA,UADQ,IAAI,gBAAwB,OACI;AAC9C,MAAI,CAAC,OAAQ,QAAO,UAAU,KAAK,KAAK,sBAAsB,oBAAoB;AAClF,OAAK,MAAM,KAAK,SACd,KAAI,CAAC,OAAO,IAAI,EAAE,CAAE,QAAO,UAAU,KAAK,KAAK,sBAAsB,kBAAkB,IAAI;AAE7F,QAAM"}