refactor: 🔥 Remove plugin functionality, move OpenID plugin to core

2026-03-13 22:09:16 +01:00 · 2025-07-07 05:52:11 +02:00 · 2025-07-07 05:52:11 +02:00 · b5e9e35427
commit b5e9e35427
parent 278bf960cb
45 changed files with 1502 additions and 2304 deletions
--- a/packages/api/routes/well-known/jwks.test.ts
+++ b/packages/api/routes/well-known/jwks.test.ts
@ -0,0 +1,35 @@
+import { afterAll, describe, expect, test } from "bun:test";
+import { Application } from "@versia-server/kit/db";
+import { fakeRequest } from "@versia-server/tests";
+import { randomUUIDv7 } from "bun";
+
+const application = await Application.insert({
+    id: randomUUIDv7(),
+    clientId: "test-client-id",
+    redirectUri: "https://example.com/callback",
+    scopes: "openid profile email",
+    secret: "test-secret",
+    name: "Test Application",
+});
+
+afterAll(async () => {
+    await application.delete();
+});
+
+describe("/.well-known/jwks", () => {
+    test("should return JWK set with valid inputs", async () => {
+        const response = await fakeRequest("/.well-known/jwks", {
+            method: "GET",
+        });
+
+        expect(response.status).toBe(200);
+        const body = await response.json();
+        expect(body.keys).toHaveLength(1);
+        expect(body.keys[0].kty).toBe("OKP");
+        expect(body.keys[0].use).toBe("sig");
+        expect(body.keys[0].alg).toBe("EdDSA");
+        expect(body.keys[0].kid).toBe("1");
+        expect(body.keys[0].crv).toBe("Ed25519");
+        expect(body.keys[0].x).toBeString();
+    });
+});
--- a/packages/api/routes/well-known/jwks.ts
+++ b/packages/api/routes/well-known/jwks.ts
@ -0,0 +1,62 @@
+import { config } from "@versia-server/config";
+import { apiRoute, auth } from "@versia-server/kit/api";
+import { describeRoute, resolver } from "hono-openapi";
+import { exportJWK } from "jose";
+import { z } from "zod/v4";
+
+export default apiRoute((app) => {
+    app.get(
+        "/.well-known/jwks",
+        describeRoute({
+            summary: "JWK Set",
+            tags: ["OpenID"],
+            responses: {
+                200: {
+                    description: "JWK Set",
+                    content: {
+                        "application/json": {
+                            schema: resolver(
+                                z.object({
+                                    keys: z.array(
+                                        z.object({
+                                            kty: z.string().optional(),
+                                            use: z.string(),
+                                            alg: z.string(),
+                                            kid: z.string(),
+                                            crv: z.string().optional(),
+                                            x: z.string().optional(),
+                                            y: z.string().optional(),
+                                        }),
+                                    ),
+                                }),
+                            ),
+                        },
+                    },
+                },
+            },
+        }),
+        auth({
+            auth: false,
+        }),
+        async (context) => {
+            const jwk = await exportJWK(config.authentication.keys.private);
+
+            // Remove the private key 💀
+            jwk.d = undefined;
+
+            return context.json(
+                {
+                    keys: [
+                        {
+                            ...jwk,
+                            use: "sig",
+                            alg: "EdDSA",
+                            kid: "1",
+                        },
+                    ],
+                },
+                200,
+            );
+        },
+    );
+});