siliconsolder/enkelbudget
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
michaelswanson
2026-06-25 19:58:40 +00:00
commit 860d5f55cc
47 changed files with 19216 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/db.js
Executable
+156
View File
@@ -0,0 +1,156 @@
import { Low } from 'lowdb';
import { JSONFile } from 'lowdb/node';
import { mkdirSync } from 'fs';
import { dirname } from 'path';
const DB_PATH = process.env.DB_PATH || './data/budget.json';
const DEFAULT = {
categories: [
{ id: 1, name: 'Kivra', sort_order: 1, color: '#7C3AED' },
{ id: 2, name: 'eFaktura', sort_order: 2, color: '#2563EB' },
{ id: 3, name: 'Manuella', sort_order: 3, color: '#D97706' },
{ id: 4, name: 'Autogiro', sort_order: 4, color: '#059669' },
],
months: [],
income: [],
bills: [],
subscriptions: [],
loans: [],
payments: [],
banking: {
enable_banking: {
enabled: false,
status: 'not_connected',
institution: '',
last_sync_at: null,
notes: '',
application_id: '',
private_key_pem: '',
redirect_url: '',
country: 'SE',
psu_type: 'personal',
auto_sync_enabled: false,
sync_interval_minutes: 360,
import_from_date: null,
incremental_sync_days: 7,
pending_state: null,
last_callback_at: null,
last_callback_url: '',
last_callback_code_present: false,
last_callback_state: '',
last_callback_exchange_at: null,
last_callback_exchange_error: '',
session_id: null,
session_expires_at: null,
session_created_at: null,
account_aliases: {},
transaction_categories: {},
accounts: [],
transactions: [],
last_sync_summary: null,
last_error: null,
},
},
auth: {
settings: {
enabled: false,
issuer: '',
discovery_url: '',
client_id: '',
client_secret: '',
redirect_uri: '',
scope: 'openid profile email groups',
session_secret: '',
allowed_groups: '',
allowed_emails: '',
allowed_domains: '',
session_ttl_hours: 12,
},
sessions: [],
pending: [],
},
ai: {
ollama: {
enabled: false,
base_url: 'http://host.docker.internal:11434',
model: '',
vision_model: '',
system_prompt: '',
include_budget_context: true,
include_banking_context: true,
},
conversations: [],
},
app_settings: {
finance_profile: {
salary_day_of_month: 25,
buffer_days_target: 7,
salary_account_uid: '',
recurring_income_note: '',
},
account_view: {
primary_account_uid: '',
include_savings_in_ai: false,
hide_zero_balance_accounts: false,
},
notifications: {
ntfy_enabled: false,
ntfy_base_url: 'https://ntfy.sh',
ntfy_topic: '',
ntfy_access_token: '',
ntfy_title: 'Enkelbudget',
ntfy_tags: 'money_with_wings,bank',
ntfy_click_url: '',
ntfy_priority: 3,
notify_new_transactions: true,
include_pending_transactions: false,
minimum_transaction_amount: 0,
last_error: '',
last_sent_at: null,
},
},
_seq: { categories: 4, months: 0, income: 0, bills: 0, subscriptions: 0, loans: 0, payments: 0 },
};
let _db = null;
export async function getDb() {
if (!_db) {
mkdirSync(dirname(DB_PATH), { recursive: true });
const adapter = new JSONFile(DB_PATH);
_db = new Low(adapter, DEFAULT);
await _db.read();
_db.data ||= structuredClone(DEFAULT);
_db.data.categories ||= structuredClone(DEFAULT.categories);
_db.data.months ||= [];
_db.data.income ||= [];
_db.data.bills ||= [];
_db.data.subscriptions ||= [];
_db.data.loans ||= [];
_db.data.payments ||= [];
_db.data.banking ||= structuredClone(DEFAULT.banking);
_db.data.banking.enable_banking ||= structuredClone(DEFAULT.banking.enable_banking);
_db.data.auth ||= structuredClone(DEFAULT.auth);
_db.data.auth.settings ||= structuredClone(DEFAULT.auth.settings);
_db.data.auth.sessions ||= [];
_db.data.auth.pending ||= [];
_db.data.ai ||= structuredClone(DEFAULT.ai);
_db.data.ai.ollama ||= structuredClone(DEFAULT.ai.ollama);
_db.data.ai.conversations ||= [];
_db.data.app_settings ||= structuredClone(DEFAULT.app_settings);
_db.data.app_settings.finance_profile ||= structuredClone(DEFAULT.app_settings.finance_profile);
_db.data.app_settings.account_view ||= structuredClone(DEFAULT.app_settings.account_view);
_db.data.app_settings.notifications ||= structuredClone(DEFAULT.app_settings.notifications);
_db.data._seq ||= {};
for (const [key, value] of Object.entries(DEFAULT._seq)) {
_db.data._seq[key] ??= value;
}
}
return _db;
}
export function nextId(db, table) {
db.data._seq[table] = (db.data._seq[table] ?? 0) + 1;
return db.data._seq[table];
}
server/enableBanking.js
Executable
+183
View File
@@ -0,0 +1,183 @@
import crypto from 'crypto';
const API_BASE = 'https://api.enablebanking.com';
function base64url(input) {
return Buffer.from(input)
.toString('base64')
.replace(/=/g, '')
.replace(/\+/g, '-')
.replace(/\//g, '_');
}
export function publicEnableBankingConfig(config) {
return {
...config,
private_key_pem: undefined,
has_private_key: Boolean(config.private_key_pem?.trim()),
transaction_categories: config.transaction_categories || {},
accounts: (config.accounts || []).map(account => ({
...account,
display_name: account.alias || account.name || 'Konto',
})),
};
}
export function createEnableBankingJwt({ application_id, private_key_pem, expiresInSeconds = 3600 }) {
if (!application_id?.trim()) throw new Error('Enable Banking application_id saknas');
if (!private_key_pem?.trim()) throw new Error('Enable Banking private key saknas');
const iat = Math.floor(Date.now() / 1000);
const header = {
typ: 'JWT',
alg: 'RS256',
kid: application_id.trim(),
};
const payload = {
iss: 'enablebanking.com',
aud: 'api.enablebanking.com',
iat,
exp: iat + expiresInSeconds,
};
const unsignedToken = `${base64url(JSON.stringify(header))}.${base64url(JSON.stringify(payload))}`;
const signer = crypto.createSign('RSA-SHA256');
signer.update(unsignedToken);
signer.end();
const signature = signer.sign(private_key_pem.trim());
return `${unsignedToken}.${base64url(signature)}`;
}
export async function enableBankingRequest(config, path, { method = 'GET', body } = {}) {
const token = createEnableBankingJwt(config);
const response = await fetch(`${API_BASE}${path}`, {
method,
headers: {
Authorization: `Bearer ${token}`,
Accept: 'application/json',
...(body ? { 'Content-Type': 'application/json' } : {}),
},
body: body ? JSON.stringify(body) : undefined,
});
const text = await response.text();
let data = null;
if (text) {
try {
data = JSON.parse(text);
} catch {
data = text;
}
}
if (!response.ok) {
const message = typeof data === 'object' && data?.message
? data.message
: typeof data === 'object' && data?.error
? data.error
: text || `Enable Banking API error ${response.status}`;
const error = new Error(`${message} [${method} ${path}]`);
error.status = response.status;
error.details = data;
error.path = path;
error.method = method;
throw error;
}
return data;
}
export async function fetchAspsps(config, country) {
return enableBankingRequest(config, `/aspsps?country=${encodeURIComponent(country)}`);
}
export async function startAuthorization(config, body) {
return enableBankingRequest(config, '/auth', {
method: 'POST',
body,
});
}
export async function createSession(config, code) {
return enableBankingRequest(config, '/sessions', {
method: 'POST',
body: { code },
});
}
export async function getSession(config, sessionId) {
return enableBankingRequest(config, `/sessions/${sessionId}`);
}
export async function deleteSession(config, sessionId) {
return enableBankingRequest(config, `/sessions/${sessionId}`, { method: 'DELETE' });
}
export async function getAccountDetails(config, accountId) {
return enableBankingRequest(config, `/accounts/${accountId}/details`);
}
export async function getAccountBalances(config, accountId) {
return enableBankingRequest(config, `/accounts/${accountId}/balances`);
}
export async function getAllTransactions(config, accountId, options = {}) {
const allTransactions = [];
let continuationKey = null;
do {
const variants = [
{ includeDateFrom: true, includeDateTo: true, includeStrategy: true },
{ includeDateFrom: true, includeDateTo: false, includeStrategy: true },
{ includeDateFrom: true, includeDateTo: false, includeStrategy: false },
{ includeDateFrom: false, includeDateTo: false, includeStrategy: false },
];
let page = null;
let lastError = null;
for (const variant of variants) {
const params = new URLSearchParams();
if (variant.includeDateFrom && options.date_from) params.set('date_from', options.date_from);
if (variant.includeDateTo && options.date_to) params.set('date_to', options.date_to);
if (continuationKey) params.set('continuation_key', continuationKey);
if (variant.includeStrategy) params.set('strategy', 'all');
const query = params.toString();
try {
page = await enableBankingRequest(
config,
`/accounts/${accountId}/transactions${query ? `?${query}` : ''}`
);
break;
} catch (error) {
lastError = error;
const badParams = (error.status === 400 || error.status === 422)
&& String(error.message || '').toLowerCase().includes('wrong request parameters provided');
if (!badParams) {
throw error;
}
}
}
if (!page) {
throw lastError || new Error('Kunde inte hämta transaktioner');
}
const transactionGroups = Array.isArray(page?.transactions)
? page.transactions
: [
...((page?.transactions?.booked ?? []).map(transaction => ({ ...transaction, status: transaction.status || 'booked' }))),
...((page?.transactions?.pending ?? []).map(transaction => ({ ...transaction, status: transaction.status || 'pending' }))),
...((page?.booked ?? []).map(transaction => ({ ...transaction, status: transaction.status || 'booked' }))),
...((page?.pending ?? []).map(transaction => ({ ...transaction, status: transaction.status || 'pending' }))),
];
allTransactions.push(...transactionGroups);
continuationKey = page?.continuation_key || null;
} while (continuationKey);
return allTransactions;
}
server/entrypoint.sh
Executable
+5
View File
@@ -0,0 +1,5 @@
#!/bin/sh
if [ -d /icons ]; then
cp /app/public/icon-512.png /icons/enkelbudget.png
fi
exec node server.js
server/oidc.js
Executable
+649
View File
@@ -0,0 +1,649 @@
import crypto from 'crypto';
import { getDb } from './db.js';
import { createRemoteJWKSet, jwtVerify } from 'jose';
import { assertSafeUrl } from './ssrf.js';
const SESSION_COOKIE = 'enkelbudget_session';
const TRANSACTION_COOKIE = 'enkelbudget_auth_tx';
const discoveryCache = new Map();
const jwksCache = new Map();
function getJwks(jwksUri) {
if (!jwksCache.has(jwksUri)) {
jwksCache.set(jwksUri, createRemoteJWKSet(new URL(jwksUri)));
}
return jwksCache.get(jwksUri);
}
function base64url(input) {
return Buffer.from(input)
.toString('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/g, '');
}
function sha256base64url(input) {
return crypto.createHash('sha256').update(input).digest('base64url');
}
function parseList(value) {
return String(value || '')
.split(',')
.map(item => item.trim())
.filter(Boolean);
}
function parseCookies(header) {
const cookies = {};
for (const part of String(header || '').split(';')) {
const index = part.indexOf('=');
if (index < 0) continue;
const name = part.slice(0, index).trim();
const value = part.slice(index + 1).trim();
cookies[name] = decodeURIComponent(value);
}
return cookies;
}
function signValue(value, secret) {
return crypto.createHmac('sha256', secret).update(value).digest('base64url');
}
function encodeSignedValue(value, secret) {
return `${value}.${signValue(value, secret)}`;
}
function decodeSignedValue(raw, secret) {
if (!raw) return null;
const index = raw.lastIndexOf('.');
if (index < 0) return null;
const value = raw.slice(0, index);
const signature = raw.slice(index + 1);
const expected = signValue(value, secret);
const signatureBuffer = Buffer.from(signature);
const expectedBuffer = Buffer.from(expected);
if (signatureBuffer.length !== expectedBuffer.length) return null;
if (!crypto.timingSafeEqual(signatureBuffer, expectedBuffer)) return null;
return value;
}
function serializeCookie(name, value, options = {}) {
const parts = [`${name}=${encodeURIComponent(value)}`];
if (options.maxAge !== undefined) parts.push(`Max-Age=${options.maxAge}`);
if (options.httpOnly !== false) parts.push('HttpOnly');
parts.push(`Path=${options.path || '/'}`);
parts.push(`SameSite=${options.sameSite || 'Lax'}`);
if (options.secure) parts.push('Secure');
return parts.join('; ');
}
function normalizeIssuer(value) {
return String(value || '').trim().replace(/\/+$/, '');
}
function normalizeAbsoluteUrl(value) {
const raw = String(value || '').trim();
if (!raw) return '';
if (raw.startsWith('ttps://')) return `h${raw}`;
if (raw.startsWith('tps://')) return `ht${raw}`;
return raw;
}
function getEnvAuthDefaults() {
const issuer = normalizeIssuer(process.env.OIDC_ISSUER);
const discoveryUrl = String(process.env.OIDC_DISCOVERY_URL || '').trim()
|| (issuer ? `${issuer}/.well-known/openid-configuration` : '');
const clientId = String(process.env.OIDC_CLIENT_ID || '').trim();
const clientSecret = String(process.env.OIDC_CLIENT_SECRET || '').trim();
const appBaseUrl = normalizeIssuer(process.env.APP_BASE_URL);
const redirectUri = normalizeAbsoluteUrl(process.env.OIDC_REDIRECT_URI)
|| (appBaseUrl ? `${appBaseUrl}/auth/callback` : '');
const sessionSecret = String(process.env.AUTH_SESSION_SECRET || process.env.SESSION_SECRET || clientSecret).trim();
return {
enabled: Boolean(issuer && clientId && clientSecret && redirectUri && sessionSecret),
issuer,
discovery_url: discoveryUrl,
client_id: clientId,
client_secret: clientSecret,
redirect_uri: redirectUri,
scope: String(process.env.OIDC_SCOPE || 'openid profile email groups').trim(),
session_secret: sessionSecret,
session_ttl_hours: Math.max(1, parseInt(process.env.AUTH_SESSION_TTL_HOURS || '12', 10) || 12),
allowed_groups: String(process.env.OIDC_ALLOWED_GROUPS || '').trim(),
allowed_emails: String(process.env.OIDC_ALLOWED_EMAILS || '').trim(),
allowed_domains: String(process.env.OIDC_ALLOWED_DOMAINS || '').trim(),
};
}
function normalizeStoredSettings(input = {}, fallback = {}) {
const issuer = normalizeIssuer(input.issuer ?? fallback.issuer);
const discoveryUrl = String((input.discovery_url ?? fallback.discovery_url) || '').trim()
|| (issuer ? `${issuer}/.well-known/openid-configuration` : '');
const clientId = String((input.client_id ?? fallback.client_id) || '').trim();
const clientSecret = String((input.client_secret ?? fallback.client_secret) || '').trim();
const redirectUri = normalizeAbsoluteUrl((input.redirect_uri ?? fallback.redirect_uri) || '');
const scope = String((input.scope ?? fallback.scope) || 'openid profile email groups').trim() || 'openid profile email groups';
const sessionSecret = String((input.session_secret ?? fallback.session_secret) || '').trim() || clientSecret;
const allowedGroups = String((input.allowed_groups ?? fallback.allowed_groups) || '').trim();
const allowedEmails = String((input.allowed_emails ?? fallback.allowed_emails) || '').trim();
const allowedDomains = String((input.allowed_domains ?? fallback.allowed_domains) || '').trim();
const sessionTtlHours = Math.max(1, parseInt(input.session_ttl_hours ?? fallback.session_ttl_hours ?? 12, 10) || 12);
const explicitEnabled = input.enabled !== undefined ? Boolean(input.enabled) : Boolean(fallback.enabled);
return {
enabled: explicitEnabled && Boolean(issuer && clientId && clientSecret && redirectUri && sessionSecret),
issuer,
discovery_url: discoveryUrl,
client_id: clientId,
client_secret: clientSecret,
redirect_uri: redirectUri,
scope,
session_secret: sessionSecret,
session_ttl_hours: sessionTtlHours,
allowed_groups: allowedGroups,
allowed_emails: allowedEmails,
allowed_domains: allowedDomains,
};
}
export async function getAuthSettings() {
const db = await getDb();
db.data.auth ||= { settings: {}, sessions: [], pending: [] };
db.data.auth.settings ||= {};
db.data.auth.sessions ||= [];
db.data.auth.pending ||= [];
const fallback = getEnvAuthDefaults();
const settings = normalizeStoredSettings(db.data.auth.settings, fallback);
db.data.auth.settings = {
...db.data.auth.settings,
enabled: settings.enabled,
issuer: settings.issuer,
discovery_url: settings.discovery_url,
client_id: settings.client_id,
client_secret: settings.client_secret,
redirect_uri: settings.redirect_uri,
scope: settings.scope,
session_secret: settings.session_secret,
allowed_groups: settings.allowed_groups,
allowed_emails: settings.allowed_emails,
allowed_domains: settings.allowed_domains,
session_ttl_hours: settings.session_ttl_hours,
};
return settings;
}
export async function getPublicAuthSettings() {
const settings = await getAuthSettings();
return {
enabled: settings.enabled,
issuer: settings.issuer,
discovery_url: settings.discovery_url,
client_id: settings.client_id,
redirect_uri: settings.redirect_uri,
scope: settings.scope,
session_ttl_hours: settings.session_ttl_hours,
allowed_groups: settings.allowed_groups,
allowed_emails: settings.allowed_emails,
allowed_domains: settings.allowed_domains,
has_client_secret: Boolean(settings.client_secret),
has_session_secret: Boolean(settings.session_secret),
is_valid: Boolean(settings.issuer && settings.client_id && settings.client_secret && settings.redirect_uri && settings.session_secret),
};
}
export async function updateAuthSettings(input) {
const db = await getDb();
db.data.auth ||= { settings: {}, sessions: [], pending: [] };
db.data.auth.settings ||= {};
db.data.auth.sessions ||= [];
db.data.auth.pending ||= [];
const current = normalizeStoredSettings(db.data.auth.settings, getEnvAuthDefaults());
const next = normalizeStoredSettings({
...current,
enabled: input.enabled,
issuer: input.issuer,
discovery_url: input.discovery_url,
client_id: input.client_id,
client_secret: typeof input.client_secret === 'string' && input.client_secret.trim() ? input.client_secret.trim() : current.client_secret,
redirect_uri: input.redirect_uri,
scope: input.scope,
session_secret: typeof input.session_secret === 'string' && input.session_secret.trim() ? input.session_secret.trim() : current.session_secret,
allowed_groups: input.allowed_groups,
allowed_emails: input.allowed_emails,
allowed_domains: input.allowed_domains,
session_ttl_hours: input.session_ttl_hours,
});
if (input.clear_client_secret) next.client_secret = '';
if (input.clear_session_secret) next.session_secret = '';
next.enabled = Boolean(input.enabled) && Boolean(next.issuer && next.client_id && next.client_secret && next.redirect_uri && next.session_secret);
db.data.auth.settings = { ...next };
await db.write();
return getPublicAuthSettings();
}
async function getEffectiveAuthConfig() {
const settings = await getAuthSettings();
return {
enabled: settings.enabled,
issuer: settings.issuer,
discoveryUrl: settings.discovery_url,
clientId: settings.client_id,
clientSecret: settings.client_secret,
redirectUri: settings.redirect_uri,
scope: settings.scope,
sessionSecret: settings.session_secret,
sessionTtlHours: settings.session_ttl_hours,
allowedGroups: parseList(settings.allowed_groups),
allowedEmails: parseList(settings.allowed_emails).map(item => item.toLowerCase()),
allowedDomains: parseList(settings.allowed_domains).map(item => item.toLowerCase()),
};
}
async function getDiscovery(config) {
const cacheKey = config.discoveryUrl;
const cached = discoveryCache.get(cacheKey);
if (cached && Date.now() - cached.fetchedAt < 60 * 60 * 1000) {
return cached.value;
}
await assertSafeUrl(config.discoveryUrl);
const response = await fetch(config.discoveryUrl);
if (!response.ok) {
throw new Error(`Kunde inte läsa OIDC discovery (${response.status})`);
}
const data = await response.json();
discoveryCache.set(cacheKey, { value: data, fetchedAt: Date.now() });
return data;
}
function normalizeGroups(value) {
if (Array.isArray(value)) return value.map(item => String(item));
if (typeof value === 'string') return value.split(',').map(item => item.trim()).filter(Boolean);
return [];
}
function buildUserProfile(idTokenClaims, userInfo) {
const source = { ...idTokenClaims, ...userInfo };
return {
sub: source.sub,
name: source.name || source.preferred_username || source.email || source.sub,
email: source.email || null,
preferred_username: source.preferred_username || null,
groups: normalizeGroups(source.groups),
};
}
function ensureAuthorizedUser(config, user) {
if (config.allowedEmails.length && !config.allowedEmails.includes(String(user.email || '').toLowerCase())) {
throw new Error('Det här kontot är inte tillåtet för Enkelbudget.');
}
if (config.allowedDomains.length) {
const domain = String(user.email || '').split('@')[1]?.toLowerCase() || '';
if (!config.allowedDomains.includes(domain)) {
throw new Error('E-postdomänen är inte tillåten för Enkelbudget.');
}
}
if (config.allowedGroups.length) {
const groups = (user.groups || []).map(group => group.toLowerCase());
const hasMatch = config.allowedGroups.some(group => groups.includes(group.toLowerCase()));
if (!hasMatch) {
throw new Error('Kontot saknar rätt Pocket ID-grupp för att logga in.');
}
}
}
async function cleanupAuthState(db) {
const now = Date.now();
const sessions = db.data.auth.sessions || [];
db.data.auth.sessions = sessions.filter(session => !session.expires_at || new Date(session.expires_at).getTime() > now);
const pending = db.data.auth.pending || [];
db.data.auth.pending = pending.filter(transaction => now - new Date(transaction.created_at).getTime() < 15 * 60 * 1000);
}
async function saveDb(db) {
await cleanupAuthState(db);
await db.write();
}
function getSafeReturnTo(value) {
if (!value || typeof value !== 'string') return '/';
if (!value.startsWith('/')) return '/';
if (value.startsWith('//')) return '/';
if (value.startsWith('/api/')) return '/';
if (value.startsWith('/auth/')) return '/';
if (value.startsWith('/login')) return '/';
if (value.includes('returnTo=')) return '/';
return value;
}
async function createPendingTransaction(returnTo) {
const config = await getEffectiveAuthConfig();
const discovery = await getDiscovery(config);
const db = await getDb();
db.data.auth ||= { settings: {}, sessions: [], pending: [] };
db.data.auth.settings ||= {};
db.data.auth.sessions ||= [];
db.data.auth.pending ||= [];
const state = crypto.randomUUID();
const nonce = crypto.randomUUID();
const codeVerifier = base64url(crypto.randomBytes(48));
const transactionId = crypto.randomUUID();
db.data.auth.pending.push({
id: transactionId,
state,
nonce,
code_verifier: codeVerifier,
return_to: getSafeReturnTo(returnTo),
created_at: new Date().toISOString(),
});
await saveDb(db);
const params = new URLSearchParams({
client_id: config.clientId,
redirect_uri: config.redirectUri,
response_type: 'code',
scope: config.scope,
state,
nonce,
code_challenge: sha256base64url(codeVerifier),
code_challenge_method: 'S256',
});
return {
config,
transactionId,
authUrl: `${discovery.authorization_endpoint}?${params.toString()}`,
};
}
async function exchangeCodeForSession(code, transaction) {
const config = await getEffectiveAuthConfig();
const discovery = await getDiscovery(config);
const tokenResponse = await fetch(discovery.token_endpoint, {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'authorization_code',
code,
redirect_uri: config.redirectUri,
client_id: config.clientId,
client_secret: config.clientSecret,
code_verifier: transaction.code_verifier,
}),
});
if (!tokenResponse.ok) {
const details = await tokenResponse.text();
throw new Error(`Pocket ID nekade tokenutbytet (${tokenResponse.status}). ${details}`.trim());
}
const tokenData = await tokenResponse.json();
if (!tokenData.id_token) {
throw new Error('Pocket ID returnerade inget id_token.');
}
if (!discovery.jwks_uri) {
throw new Error('OIDC discovery saknar jwks_uri kan inte verifiera id_token.');
}
// Verifierar signatur, iss, aud och exp kryptografiskt mot providerns JWKS.
let idTokenClaims;
try {
const jwks = getJwks(discovery.jwks_uri);
const verified = await jwtVerify(tokenData.id_token, jwks, {
issuer: normalizeIssuer(discovery.issuer || config.issuer),
audience: config.clientId,
});
idTokenClaims = verified.payload;
} catch (error) {
throw new Error(`Kunde inte verifiera id_token från Pocket ID: ${error.message}`);
}
if (idTokenClaims.nonce && idTokenClaims.nonce !== transaction.nonce) {
throw new Error('Pocket ID returnerade ett id_token med fel nonce.');
}
let userInfo = {};
if (discovery.userinfo_endpoint && tokenData.access_token) {
const userInfoResponse = await fetch(discovery.userinfo_endpoint, {
headers: { Authorization: `Bearer ${tokenData.access_token}` },
});
if (!userInfoResponse.ok) {
const details = await userInfoResponse.text();
throw new Error(`Kunde inte läsa användarprofil från Pocket ID (${userInfoResponse.status}). ${details}`.trim());
}
userInfo = await userInfoResponse.json();
// Skydd mot att userinfo tillhör en annan användare än id_token.
if (userInfo.sub && idTokenClaims.sub && userInfo.sub !== idTokenClaims.sub) {
throw new Error('userinfo-svaret matchar inte id_token (sub skiljer sig).');
}
}
const user = buildUserProfile(idTokenClaims, userInfo);
ensureAuthorizedUser(config, user);
const sessionId = crypto.randomUUID();
const expiresAt = new Date(Date.now() + config.sessionTtlHours * 60 * 60 * 1000).toISOString();
const db = await getDb();
db.data.auth ||= { settings: {}, sessions: [], pending: [] };
db.data.auth.sessions.push({
id: sessionId,
user,
created_at: new Date().toISOString(),
expires_at: expiresAt,
});
db.data.auth.pending = (db.data.auth.pending || []).filter(item => item.id !== transaction.id);
await saveDb(db);
return {
config,
id: sessionId,
user,
expires_at: expiresAt,
return_to: getSafeReturnTo(transaction.return_to),
};
}
export async function getAuthSession(req) {
const config = await getEffectiveAuthConfig();
if (!config.enabled) {
return { enabled: false, authenticated: false, user: null };
}
const cookies = parseCookies(req.headers.cookie);
const signedValue = decodeSignedValue(cookies[SESSION_COOKIE], config.sessionSecret);
if (!signedValue) {
return { enabled: true, authenticated: false, user: null };
}
const db = await getDb();
db.data.auth ||= { settings: {}, sessions: [], pending: [] };
db.data.auth.settings ||= {};
db.data.auth.sessions ||= [];
db.data.auth.pending ||= [];
await cleanupAuthState(db);
const session = db.data.auth.sessions.find(item => item.id === signedValue);
if (!session) {
return { enabled: true, authenticated: false, user: null };
}
return {
enabled: true,
authenticated: true,
user: session.user,
expires_at: session.expires_at,
};
}
export async function handleOidcLogin(req, res) {
const { config, transactionId, authUrl } = await createPendingTransaction(req.query.returnTo);
if (!config.enabled) {
res.redirect('/');
return;
}
res.setHeader('Set-Cookie', serializeCookie(
TRANSACTION_COOKIE,
encodeSignedValue(transactionId, config.sessionSecret),
{ maxAge: 15 * 60, secure: req.secure || req.headers['x-forwarded-proto'] === 'https' }
));
res.redirect(authUrl);
}
export async function handleOidcCallback(req, res) {
const config = await getEffectiveAuthConfig();
if (!config.enabled) {
res.redirect('/');
return;
}
const cookies = parseCookies(req.headers.cookie);
const transactionId = decodeSignedValue(cookies[TRANSACTION_COOKIE], config.sessionSecret);
const db = await getDb();
db.data.auth ||= { settings: {}, sessions: [], pending: [] };
db.data.auth.settings ||= {};
db.data.auth.sessions ||= [];
db.data.auth.pending ||= [];
const transaction = (db.data.auth.pending || []).find(item => item.id === transactionId);
if (!transaction || transaction.state !== req.query.state) {
res.status(400).send('Ogiltig eller utgången Pocket ID-inloggning.');
return;
}
if (!req.query.code) {
res.status(400).send('Pocket ID returnerade ingen auth code.');
return;
}
try {
const session = await exchangeCodeForSession(String(req.query.code), transaction);
res.setHeader('Set-Cookie', [
serializeCookie(
SESSION_COOKIE,
encodeSignedValue(session.id, session.config.sessionSecret),
{
maxAge: session.config.sessionTtlHours * 60 * 60,
secure: req.secure || req.headers['x-forwarded-proto'] === 'https',
}
),
serializeCookie(
TRANSACTION_COOKIE,
'',
{
maxAge: 0,
secure: req.secure || req.headers['x-forwarded-proto'] === 'https',
}
),
]);
res.redirect(session.return_to || '/');
} catch (error) {
db.data.auth.pending = (db.data.auth.pending || []).filter(item => item.id !== transaction.id);
await saveDb(db);
res.status(500).send(`Pocket ID-inloggningen misslyckades: ${error.message}`);
}
}
export async function handleOidcLogout(req, res) {
const config = await getEffectiveAuthConfig();
if (config.enabled) {
const cookies = parseCookies(req.headers.cookie);
const sessionId = decodeSignedValue(cookies[SESSION_COOKIE], config.sessionSecret);
if (sessionId) {
const db = await getDb();
db.data.auth ||= { settings: {}, sessions: [], pending: [] };
db.data.auth.settings ||= {};
db.data.auth.sessions ||= [];
db.data.auth.pending ||= [];
db.data.auth.sessions = (db.data.auth.sessions || []).filter(item => item.id !== sessionId);
await saveDb(db);
}
}
res.setHeader('Set-Cookie', serializeCookie(
SESSION_COOKIE,
'',
{ maxAge: 0, secure: req.secure || req.headers['x-forwarded-proto'] === 'https' }
));
res.json({ ok: true });
}
export async function renderLoginPage(req, res) {
const config = await getEffectiveAuthConfig();
if (!config.enabled) {
res.redirect('/');
return;
}
const returnTo = encodeURIComponent(getSafeReturnTo(String(req.query.returnTo || '/')));
res.type('html').send(`<!doctype html>
<html lang="sv">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Logga in - Enkelbudget</title>
<style>
:root { color-scheme: light; }
body { margin: 0; font-family: system-ui, sans-serif; background: linear-gradient(160deg, #eff6ff, #ffffff 45%, #ecfeff); color: #0f172a; }
main { min-height: 100vh; display: grid; place-items: center; padding: 24px; }
.card { width: min(460px, 100%); background: rgba(255,255,255,.94); border: 1px solid #dbeafe; border-radius: 24px; box-shadow: 0 24px 80px rgba(15, 23, 42, .12); padding: 28px; }
.eyebrow { font-size: 12px; font-weight: 700; letter-spacing: .16em; text-transform: uppercase; color: #2563eb; }
h1 { margin: 10px 0 12px; font-size: 30px; line-height: 1.1; }
p { margin: 0 0 22px; color: #475569; line-height: 1.55; }
.actions { display: flex; justify-content: center; margin-top: 8px; }
a { display: inline-flex; align-items: center; justify-content: center; min-width: 240px; max-width: 100%; border-radius: 14px; background: #2563eb; color: white; text-decoration: none; font-weight: 700; padding: 14px 22px; box-shadow: 0 10px 24px rgba(37, 99, 235, .18); }
.hint { margin-top: 14px; font-size: 13px; color: #64748b; text-align: center; }
</style>
</head>
<body>
<main>
<section class="card">
<div class="eyebrow">Pocket ID</div>
<h1>Logga in i Enkelbudget</h1>
<p>Appen är skyddad med OIDC/SSO via Pocket ID. Fortsätt med ditt godkända konto för att komma åt budget, lån, transaktioner och inställningar.</p>
<div class="actions">
<a href="/auth/login?returnTo=${returnTo}">Fortsätt med Pocket ID</a>
</div>
<div class="hint">Om du inte ska vara här: stäng fliken eller kontrollera grupp- och klientinställningarna i Pocket ID.</div>
</section>
</main>
</body>
</html>`);
}
export async function requireApiAuth(req, res, next) {
try {
const session = await getAuthSession(req);
req.auth = session;
if (!session.enabled || session.authenticated) {
next();
return;
}
res.status(401).json({
error: 'Autentisering krävs',
login_url: `/login?returnTo=${encodeURIComponent(req.originalUrl === '/api/auth/session' ? '/' : req.originalUrl.replace(/^\/api/, '') || '/')}`,
});
} catch (error) {
res.status(500).json({ error: error.message });
}
}
server/ollama.js
Executable
+1075
View File
File diff suppressed because it is too large Load Diff
server/package-lock.json
Generated Executable
+892
View File
@@ -0,0 +1,892 @@
{
"name": "enkelbudget-server",
"version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "enkelbudget-server",
"version": "1.0.0",
"dependencies": {
"cors": "^2.8.5",
"express": "^4.19.2",
"jose": "^6.2.3",
"lowdb": "^7.0.1"
}
},
"node_modules/accepts": {
"version": "1.3.8",
"resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
"integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
"license": "MIT",
"dependencies": {
"mime-types": "~2.1.34",
"negotiator": "0.6.3"
},
"engines": {
"node": ">= 0.6"
}
},
"node_modules/array-flatten": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
"integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==",
"license": "MIT"
},
"node_modules/body-parser": {
"version": "1.20.5",
"resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz",
"integrity": "sha512-3grm+/2tUOvu2cjJkvsIxrv/wVpfXQW4PsQHYm7yk4vfpu7Ekl6nEsYBoJUL6qDwZUx8wUhQ8tR2qz+ad9c9OA==",
"license": "MIT",
"dependencies": {
"bytes": "~3.1.2",
"content-type": "~1.0.5",
"debug": "2.6.9",
"depd": "2.0.0",
"destroy": "~1.2.0",
"http-errors": "~2.0.1",
"iconv-lite": "~0.4.24",
"on-finished": "~2.4.1",
"qs": "~6.15.1",
"raw-body": "~2.5.3",
"type-is": "~1.6.18",
"unpipe": "~1.0.0"
},
"engines": {
"node": ">= 0.8",
"npm": "1.2.8000 || >= 1.4.16"
}
},
"node_modules/bytes": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
"integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/call-bind-apply-helpers": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
"integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
"license": "MIT",
"dependencies": {
"es-errors": "^1.3.0",
"function-bind": "^1.1.2"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/call-bound": {
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
"integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
"license": "MIT",
"dependencies": {
"call-bind-apply-helpers": "^1.0.2",
"get-intrinsic": "^1.3.0"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/content-disposition": {
"version": "0.5.4",
"resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
"integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
"license": "MIT",
"dependencies": {
"safe-buffer": "5.2.1"
},
"engines": {
"node": ">= 0.6"
}
},
"node_modules/content-type": {
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
"integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/cookie": {
"version": "0.7.2",
"resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
"integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/cookie-signature": {
"version": "1.0.7",
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
"integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==",
"license": "MIT"
},
"node_modules/cors": {
"version": "2.8.6",
"resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz",
"integrity": "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==",
"license": "MIT",
"dependencies": {
"object-assign": "^4",
"vary": "^1"
},
"engines": {
"node": ">= 0.10"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/debug": {
"version": "2.6.9",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
"integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
"license": "MIT",
"dependencies": {
"ms": "2.0.0"
}
},
"node_modules/depd": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
"integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/destroy": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
"integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==",
"license": "MIT",
"engines": {
"node": ">= 0.8",
"npm": "1.2.8000 || >= 1.4.16"
}
},
"node_modules/dunder-proto": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
"integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
"license": "MIT",
"dependencies": {
"call-bind-apply-helpers": "^1.0.1",
"es-errors": "^1.3.0",
"gopd": "^1.2.0"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/ee-first": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
"integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==",
"license": "MIT"
},
"node_modules/encodeurl": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
"integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/es-define-property": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
"integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
}
},
"node_modules/es-errors": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
"integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
}
},
"node_modules/es-object-atoms": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.2.tgz",
"integrity": "sha512-HWcBoN6NileqtSydK2FqHbS/LoDd2pqrnQHLyJzBj4kOp/ky2MWMN694xOfkK8/SnUsW2DH7EfyVlydKCsm1Zw==",
"license": "MIT",
"dependencies": {
"es-errors": "^1.3.0"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/escape-html": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
"integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==",
"license": "MIT"
},
"node_modules/etag": {
"version": "1.8.1",
"resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
"integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/express": {
"version": "4.22.2",
"resolved": "https://registry.npmjs.org/express/-/express-4.22.2.tgz",
"integrity": "sha512-IuL+Elrou2ZvCFHs18/CIzy2Nzvo25nZ1/D2eIZlz7c+QUayAcYoiM2BthCjs+EBHVpjYjcuLDAiCWgeIX3X1Q==",
"license": "MIT",
"dependencies": {
"accepts": "~1.3.8",
"array-flatten": "1.1.1",
"body-parser": "~1.20.5",
"content-disposition": "~0.5.4",
"content-type": "~1.0.4",
"cookie": "~0.7.1",
"cookie-signature": "~1.0.6",
"debug": "2.6.9",
"depd": "2.0.0",
"encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"etag": "~1.8.1",
"finalhandler": "~1.3.1",
"fresh": "~0.5.2",
"http-errors": "~2.0.0",
"merge-descriptors": "1.0.3",
"methods": "~1.1.2",
"on-finished": "~2.4.1",
"parseurl": "~1.3.3",
"path-to-regexp": "~0.1.12",
"proxy-addr": "~2.0.7",
"qs": "~6.15.1",
"range-parser": "~1.2.1",
"safe-buffer": "5.2.1",
"send": "~0.19.0",
"serve-static": "~1.16.2",
"setprototypeof": "1.2.0",
"statuses": "~2.0.1",
"type-is": "~1.6.18",
"utils-merge": "1.0.1",
"vary": "~1.1.2"
},
"engines": {
"node": ">= 0.10.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/finalhandler": {
"version": "1.3.2",
"resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz",
"integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==",
"license": "MIT",
"dependencies": {
"debug": "2.6.9",
"encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"on-finished": "~2.4.1",
"parseurl": "~1.3.3",
"statuses": "~2.0.2",
"unpipe": "~1.0.0"
},
"engines": {
"node": ">= 0.8"
}
},
"node_modules/forwarded": {
"version": "0.2.0",
"resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
"integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/fresh": {
"version": "0.5.2",
"resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
"integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/function-bind": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
"integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/get-intrinsic": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
"integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
"license": "MIT",
"dependencies": {
"call-bind-apply-helpers": "^1.0.2",
"es-define-property": "^1.0.1",
"es-errors": "^1.3.0",
"es-object-atoms": "^1.1.1",
"function-bind": "^1.1.2",
"get-proto": "^1.0.1",
"gopd": "^1.2.0",
"has-symbols": "^1.1.0",
"hasown": "^2.0.2",
"math-intrinsics": "^1.1.0"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/get-proto": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
"integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
"license": "MIT",
"dependencies": {
"dunder-proto": "^1.0.1",
"es-object-atoms": "^1.0.0"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/gopd": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
"integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/has-symbols": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
"integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/hasown": {
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz",
"integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==",
"license": "MIT",
"dependencies": {
"function-bind": "^1.1.2"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/http-errors": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
"integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
"license": "MIT",
"dependencies": {
"depd": "~2.0.0",
"inherits": "~2.0.4",
"setprototypeof": "~1.2.0",
"statuses": "~2.0.2",
"toidentifier": "~1.0.1"
},
"engines": {
"node": ">= 0.8"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/iconv-lite": {
"version": "0.4.24",
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
"integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
"license": "MIT",
"dependencies": {
"safer-buffer": ">= 2.1.2 < 3"
},
"engines": {
"node": ">=0.10.0"
}
},
"node_modules/inherits": {
"version": "2.0.4",
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
"integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
"license": "ISC"
},
"node_modules/ipaddr.js": {
"version": "1.9.1",
"resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
"integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
"license": "MIT",
"engines": {
"node": ">= 0.10"
}
},
"node_modules/jose": {
"version": "6.2.3",
"resolved": "https://registry.npmjs.org/jose/-/jose-6.2.3.tgz",
"integrity": "sha512-YYVDInQKFJfR/xa3ojUTl8c2KoTwiL1R5Wg9YCydwH0x0B9grbzlg5HC7mMjCtUJjbQ/YnGEZIhI5tCgfTb4Hw==",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/panva"
}
},
"node_modules/lowdb": {
"version": "7.0.1",
"resolved": "https://registry.npmjs.org/lowdb/-/lowdb-7.0.1.tgz",
"integrity": "sha512-neJAj8GwF0e8EpycYIDFqEPcx9Qz4GUho20jWFR7YiFeXzF1YMLdxB36PypcTSPMA+4+LvgyMacYhlr18Zlymw==",
"license": "MIT",
"dependencies": {
"steno": "^4.0.2"
},
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/typicode"
}
},
"node_modules/math-intrinsics": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
"integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
}
},
"node_modules/media-typer": {
"version": "0.3.0",
"resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
"integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/merge-descriptors": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
"integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/methods": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
"integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/mime": {
"version": "1.6.0",
"resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
"integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
"license": "MIT",
"bin": {
"mime": "cli.js"
},
"engines": {
"node": ">=4"
}
},
"node_modules/mime-db": {
"version": "1.52.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
"integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/mime-types": {
"version": "2.1.35",
"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
"integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
"license": "MIT",
"dependencies": {
"mime-db": "1.52.0"
},
"engines": {
"node": ">= 0.6"
}
},
"node_modules/ms": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
"license": "MIT"
},
"node_modules/negotiator": {
"version": "0.6.3",
"resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
"integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/object-assign": {
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
"integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
"license": "MIT",
"engines": {
"node": ">=0.10.0"
}
},
"node_modules/object-inspect": {
"version": "1.13.4",
"resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
"integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/on-finished": {
"version": "2.4.1",
"resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
"integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
"license": "MIT",
"dependencies": {
"ee-first": "1.1.1"
},
"engines": {
"node": ">= 0.8"
}
},
"node_modules/parseurl": {
"version": "1.3.3",
"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
"integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/path-to-regexp": {
"version": "0.1.13",
"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz",
"integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==",
"license": "MIT"
},
"node_modules/proxy-addr": {
"version": "2.0.7",
"resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
"integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
"license": "MIT",
"dependencies": {
"forwarded": "0.2.0",
"ipaddr.js": "1.9.1"
},
"engines": {
"node": ">= 0.10"
}
},
"node_modules/qs": {
"version": "6.15.2",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz",
"integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==",
"license": "BSD-3-Clause",
"dependencies": {
"side-channel": "^1.1.0"
},
"engines": {
"node": ">=0.6"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/range-parser": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
"integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/raw-body": {
"version": "2.5.3",
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
"integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
"license": "MIT",
"dependencies": {
"bytes": "~3.1.2",
"http-errors": "~2.0.1",
"iconv-lite": "~0.4.24",
"unpipe": "~1.0.0"
},
"engines": {
"node": ">= 0.8"
}
},
"node_modules/safe-buffer": {
"version": "5.2.1",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
"integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
"funding": [
{
"type": "github",
"url": "https://github.com/sponsors/feross"
},
{
"type": "patreon",
"url": "https://www.patreon.com/feross"
},
{
"type": "consulting",
"url": "https://feross.org/support"
}
],
"license": "MIT"
},
"node_modules/safer-buffer": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
"license": "MIT"
},
"node_modules/send": {
"version": "0.19.2",
"resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz",
"integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==",
"license": "MIT",
"dependencies": {
"debug": "2.6.9",
"depd": "2.0.0",
"destroy": "1.2.0",
"encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"etag": "~1.8.1",
"fresh": "~0.5.2",
"http-errors": "~2.0.1",
"mime": "1.6.0",
"ms": "2.1.3",
"on-finished": "~2.4.1",
"range-parser": "~1.2.1",
"statuses": "~2.0.2"
},
"engines": {
"node": ">= 0.8.0"
}
},
"node_modules/send/node_modules/ms": {
"version": "2.1.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
"license": "MIT"
},
"node_modules/serve-static": {
"version": "1.16.3",
"resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz",
"integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==",
"license": "MIT",
"dependencies": {
"encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"parseurl": "~1.3.3",
"send": "~0.19.1"
},
"engines": {
"node": ">= 0.8.0"
}
},
"node_modules/setprototypeof": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
"integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
"license": "ISC"
},
"node_modules/side-channel": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
"integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
"license": "MIT",
"dependencies": {
"es-errors": "^1.3.0",
"object-inspect": "^1.13.3",
"side-channel-list": "^1.0.0",
"side-channel-map": "^1.0.1",
"side-channel-weakmap": "^1.0.2"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/side-channel-list": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz",
"integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==",
"license": "MIT",
"dependencies": {
"es-errors": "^1.3.0",
"object-inspect": "^1.13.4"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/side-channel-map": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
"integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
"license": "MIT",
"dependencies": {
"call-bound": "^1.0.2",
"es-errors": "^1.3.0",
"get-intrinsic": "^1.2.5",
"object-inspect": "^1.13.3"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/side-channel-weakmap": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
"integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
"license": "MIT",
"dependencies": {
"call-bound": "^1.0.2",
"es-errors": "^1.3.0",
"get-intrinsic": "^1.2.5",
"object-inspect": "^1.13.3",
"side-channel-map": "^1.0.1"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/statuses": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
"integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/steno": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/steno/-/steno-4.0.2.tgz",
"integrity": "sha512-yhPIQXjrlt1xv7dyPQg2P17URmXbuM5pdGkpiMB3RenprfiBlvK415Lctfe0eshk90oA7/tNq7WEiMK8RSP39A==",
"license": "MIT",
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/typicode"
}
},
"node_modules/toidentifier": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
"integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
"license": "MIT",
"engines": {
"node": ">=0.6"
}
},
"node_modules/type-is": {
"version": "1.6.18",
"resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
"integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
"license": "MIT",
"dependencies": {
"media-typer": "0.3.0",
"mime-types": "~2.1.24"
},
"engines": {
"node": ">= 0.6"
}
},
"node_modules/unpipe": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
"integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/utils-merge": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
"integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
"license": "MIT",
"engines": {
"node": ">= 0.4.0"
}
},
"node_modules/vary": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
"integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
}
}
}
server/package.json
Executable
+16
View File
@@ -0,0 +1,16 @@
{
"name": "enkelbudget-server",
"version": "1.0.0",
"type": "module",
"scripts": {
"start": "node server.js",
"dev": "node --watch server.js"
},
"dependencies": {
"cors": "^2.8.5",
"express": "^4.19.2",
"express-rate-limit": "^7.4.1",
"jose": "^6.2.3",
"lowdb": "^7.0.1"
}
}
server/server.js
Executable
+1872
View File
File diff suppressed because it is too large Load Diff
server/ssrf.js
Executable
+80
View File
@@ -0,0 +1,80 @@
import dns from 'node:dns/promises';
import net from 'node:net';
// Värdnamn som medvetet tillåts trots att de pekar lokalt (t.ex. lokal Ollama).
export const LOCAL_ALLOWED_HOSTS = new Set([
'host.docker.internal',
'localhost',
'127.0.0.1',
'::1',
]);
function isPrivateIp(ip) {
if (net.isIPv4(ip)) {
const [a, b] = ip.split('.').map(Number);
return (
a === 10 ||
a === 127 ||
a === 0 ||
(a === 192 && b === 168) ||
(a === 172 && b >= 16 && b <= 31) ||
(a === 169 && b === 254) // link-local / cloud-metadata
);
}
if (net.isIPv6(ip)) {
const lower = ip.toLowerCase();
return (
lower === '::1' ||
lower === '::' ||
lower.startsWith('fc') ||
lower.startsWith('fd') ||
lower.startsWith('fe80') ||
lower.startsWith('::ffff:') // IPv4-mappad
);
}
return true; // okänt format → blockera
}
/**
* Validerar en URL mot SSRF. Kastar om adressen är ogiltig eller pekar internt.
* @param {string} rawUrl
* @param {{ allowList?: Set<string>, allowPrivateNetwork?: boolean }} [options] - värdnamn som tillåts trots privat IP
* @returns {Promise<URL>}
*/
export async function assertSafeUrl(rawUrl, { allowList = new Set(), allowPrivateNetwork = false } = {}) {
let url;
try {
url = new URL(String(rawUrl || ''));
} catch {
throw new Error('Ogiltig URL');
}
if (!['http:', 'https:'].includes(url.protocol)) {
throw new Error('Endast http/https tillåts');
}
if (allowList.has(url.hostname)) return url;
// Om värden redan är en literal IP behöver vi ingen DNS-lookup.
if (net.isIP(url.hostname)) {
if (!allowPrivateNetwork && isPrivateIp(url.hostname)) throw new Error('Adressen pekar mot ett internt nät');
return url;
}
let resolved;
try {
resolved = await dns.lookup(url.hostname, { all: true });
} catch {
throw new Error('Kunde inte slå upp värdnamnet');
}
if (!resolved.length) {
throw new Error('Kunde inte slå upp värdnamnet');
}
if (!allowPrivateNetwork && resolved.some(entry => isPrivateIp(entry.address))) {
throw new Error('Adressen pekar mot ett internt nät');
}
return url;
}