fix(oauth2-profiler): fix OAuth2 profiler params

typegate/src/runtimes/typegate.ts

@@ -85,6 +85,9 @@ export class TypeGateRuntime extends Runtime {
       if (name === "argInfoByPath") {
         return this.argInfoByPath;
       }
+      if (name === "findListQueries") {
+        return this.findListQueries;
+      }
 
       return async ({ _: { parent }, ...args }) => {
         const resolver = parent[stage.props.node];
@@ -200,6 +203,39 @@ export class TypeGateRuntime extends Runtime {
 
     return paths.map((path) => walkPath(tg!.tg, input, 0, path));
   };
+
+  findListQueries: Resolver = ({ typegraph }) => {
+    const tg = this.typegate.register.get(typegraph);
+
+    const root = tg!.tg.type(0, Type.OBJECT).properties.query;
+    const exposed = tg!.tg.type(root, Type.OBJECT).properties;
+
+    return Object.entries(exposed).map(([name, idx]) => {
+      const func = tg!.tg.type(idx, Type.FUNCTION);
+      const input = tg!.tg.type(func.input, Type.OBJECT);
+      const inputs = input.properties;
+      const output = tg!.tg.type(func.output);
+      if (output.type != Type.LIST) {
+        return null;
+      }
+      const outputItem = tg!.tg.type(output.items);
+      if (outputItem.type != Type.OBJECT) {
+        return null;
+      }
+
+      return {
+        name,
+        inputs: Object.keys(inputs).map((name) => {
+          return {
+            name,
+            type: walkPath(tg!.tg, input, 0, [name]),
+          };
+        }),
+        output: walkPath(tg!.tg, output, 0, []),
+        outputItem: walkPath(tg!.tg, outputItem, 0, []),
+      };
+    }).filter((e) => e != null);
+  };
 }
 
 function resolveOptional(tg: TypeGraph, node: TypeNode) {
@@ -225,6 +261,7 @@ function collectObjectFields(
   // first generate all possible paths
 
   const paths = [] as Array<Array<string>>;
+  const traversed = new Set();
 
   const collectAllPaths = (
     parent: TypeNode,
@@ -233,6 +270,10 @@ function collectObjectFields(
     const node = resolveOptional(tg, parent).node;
 
     if (node.type == Type.OBJECT) {
+      if (traversed.has(node.title)) {
+        return;
+      }
+      traversed.add(node.title);
       for (const [keyName, fieldIdx] of Object.entries(node.properties)) {
         collectAllPaths(tg.type(fieldIdx), [...currentPath, keyName]);
       }

typegate/src/services/auth/mod.ts

@@ -97,7 +97,7 @@ export async function ensureJWT(
 
   const [context, nextAuth] = await auth.tokenMiddleware(
     token,
-    new URL(request.url),
+    request,
   );
   if (nextAuth !== null) {
     // "" is valid as it signal to remove the token

typegate/src/services/auth/protocols/basic.ts

@@ -35,7 +35,7 @@ export class BasicAuth extends Protocol {
 
   tokenMiddleware(
     jwt: string,
-    _url: URL,
+    _request: Request,
   ): Promise<[Record<string, unknown>, string | null]> {
     try {
       const [username, token] = b64decode(jwt).split(

typegate/src/services/auth/protocols/internal.ts

@@ -24,7 +24,7 @@ export class InternalAuth extends Protocol {
 
   async tokenMiddleware(
     token: string,
-    _url: URL,
+    _request: Request,
   ): Promise<[Record<string, unknown>, string | null]> {
     try {
       const claims = await verifyJWT(token);

typegate/src/services/auth/protocols/jwt.ts

@@ -47,7 +47,7 @@ export class JWTAuth extends Protocol {
 
   async tokenMiddleware(
     token: string,
-    _url: URL,
+    _request: Request,
   ): Promise<[Record<string, unknown>, string | null]> {
     try {
       const claims = await jwt.verify(token, this.signKey);

typegate/src/services/auth/protocols/oauth2.ts

@@ -55,15 +55,26 @@ class AuthProfiler {
     });
   }
 
-  async transform(profile: any, url: string) {
+  async transform(
+    profile: any,
+    request: Request,
+  ) {
     const { tg, runtimeReferences } = this.authParameters;
     const funcNode = tg.type(this.funcIndex, Type.FUNCTION);
     const mat = tg.materializer(funcNode.materializer);
     const runtime = runtimeReferences[mat.runtime];
     const validatorInputWeak = generateWeakValidator(tg, funcNode.input);
     const validatorOutput = generateValidator(tg, funcNode.output);
 
-    const input = { ...profile, _: { info: { url } } };
+    const input = {
+      ...profile,
+      _: {
+        info: {
+          url: new URL(request.url),
+          headers: Object.fromEntries(request.headers.entries()),
+        },
+      },
+    };
     validatorInputWeak(input);
 
     // Note: this assumes func is a simple t.func(inp, out, mat)
@@ -154,7 +165,7 @@ export class OAuth2Auth extends Protocol {
             this.typegraphName,
           );
         const tokens = await client.code.getToken(url, { state, codeVerifier });
-        const token = await this.createJWT(tokens);
+        const token = await this.createJWT(tokens, request);
         const headers = await setEncryptedSessionCookie(
           url.hostname,
           this.typegraphName,
@@ -211,8 +222,9 @@ export class OAuth2Auth extends Protocol {
 
   async tokenMiddleware(
     token: string,
-    url: URL,
+    request: Request,
   ): Promise<[Record<string, unknown>, string | null]> {
+    const url = new URL(request.url);
     const typegraphPath = `/${this.typegraphName}`;
     const client = new OAuth2Client({
       ...this.clientData,
@@ -236,7 +248,7 @@ export class OAuth2Auth extends Protocol {
     if (new Date().valueOf() / 1000 > claims.refreshAt) {
       try {
         const newClaims = await client.refreshToken.refresh(refreshToken);
-        const token = await this.createJWT(newClaims);
+        const token = await this.createJWT(newClaims, request);
         return [
           claims,
           token ?? "", // token or clear
@@ -252,6 +264,7 @@ export class OAuth2Auth extends Protocol {
 
   private async getProfile(
     token: Tokens,
+    request: Request,
   ): Promise<null | Record<string, unknown>> {
     if (!this.profileUrl) {
       return null;
@@ -270,7 +283,7 @@ export class OAuth2Auth extends Protocol {
       let profile = await res.json();
 
       if (this.authProfiler) {
-        profile = await this.authProfiler!.transform(profile, url);
+        profile = await this.authProfiler!.transform(profile, request);
       }
 
       return profile;
@@ -279,8 +292,11 @@ export class OAuth2Auth extends Protocol {
     }
   }
 
-  private async createJWT(token: Tokens): Promise<string> {
-    const profile = await this.getProfile(token);
+  private async createJWT(
+    token: Tokens,
+    request: Request,
+  ): Promise<string> {
+    const profile = await this.getProfile(token, request);
     const profileClaims: ProfileClaims = profile
       ? mapKeys(profile, (k) => `profile.${k}`)
       : {};

typegate/src/services/auth/protocols/protocol.ts

@@ -12,6 +12,6 @@ export abstract class Protocol {
 
   abstract tokenMiddleware(
     token: string,
-    url: URL,
+    request: Request,
   ): Promise<[Record<string, unknown>, string | null]>;
 }