@agentuity/auth 0.0.100 → 0.0.101
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth0/client.d.ts +44 -0
- package/dist/auth0/client.d.ts.map +1 -0
- package/dist/auth0/client.js +79 -0
- package/dist/auth0/client.js.map +1 -0
- package/dist/auth0/index.d.ts +35 -0
- package/dist/auth0/index.d.ts.map +1 -0
- package/dist/auth0/index.js +38 -0
- package/dist/auth0/index.js.map +1 -0
- package/dist/auth0/server.d.ts +91 -0
- package/dist/auth0/server.d.ts.map +1 -0
- package/dist/auth0/server.js +237 -0
- package/dist/auth0/server.js.map +1 -0
- package/dist/clerk/index.d.ts +1 -1
- package/dist/clerk/index.d.ts.map +1 -1
- package/dist/clerk/server.d.ts +9 -10
- package/dist/clerk/server.d.ts.map +1 -1
- package/dist/clerk/server.js +3 -2
- package/dist/clerk/server.js.map +1 -1
- package/package.json +27 -8
- package/src/auth0/client.tsx +109 -0
- package/src/auth0/index.ts +40 -0
- package/src/auth0/server.ts +378 -0
- package/src/clerk/index.ts +1 -1
- package/src/clerk/server.ts +13 -13
- package/tsconfig.tsbuildinfo +1 -1
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Auth0 client-side authentication provider for React.
|
|
3
|
+
*
|
|
4
|
+
* @module auth0/client
|
|
5
|
+
*/
|
|
6
|
+
import React from 'react';
|
|
7
|
+
import type { useAuth0 as Auth0UseAuth } from '@auth0/auth0-react';
|
|
8
|
+
type UseAuth0 = typeof Auth0UseAuth;
|
|
9
|
+
export interface AgentuityAuth0Props {
|
|
10
|
+
/** React children to render */
|
|
11
|
+
children: React.ReactNode;
|
|
12
|
+
/** Auth0's useAuth0 hook from @auth0/auth0-react */
|
|
13
|
+
useAuth0: UseAuth0;
|
|
14
|
+
/** Token refresh interval in milliseconds (default: 60000 = 1 minute) */
|
|
15
|
+
refreshInterval?: number;
|
|
16
|
+
/** Options to pass to getAccessTokenSilently */
|
|
17
|
+
tokenOptions?: Parameters<ReturnType<UseAuth0>['getAccessTokenSilently']>[0];
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Agentuity authentication provider for Auth0.
|
|
21
|
+
*
|
|
22
|
+
* This component integrates Auth0 authentication with Agentuity's context,
|
|
23
|
+
* automatically injecting auth tokens into API calls via useAPI and useWebsocket.
|
|
24
|
+
*
|
|
25
|
+
* Must be a child of both Auth0Provider and AgentuityProvider.
|
|
26
|
+
*
|
|
27
|
+
* @example
|
|
28
|
+
* ```tsx
|
|
29
|
+
* import { Auth0Provider, useAuth0 } from '@auth0/auth0-react';
|
|
30
|
+
* import { AgentuityProvider } from '@agentuity/react';
|
|
31
|
+
* import { AgentuityAuth0 } from '@agentuity/auth/auth0';
|
|
32
|
+
*
|
|
33
|
+
* <Auth0Provider domain={domain} clientId={clientId} authorizationParams={{ redirect_uri: window.location.origin }}>
|
|
34
|
+
* <AgentuityProvider>
|
|
35
|
+
* <AgentuityAuth0 useAuth0={useAuth0}>
|
|
36
|
+
* <App />
|
|
37
|
+
* </AgentuityAuth0>
|
|
38
|
+
* </AgentuityProvider>
|
|
39
|
+
* </Auth0Provider>
|
|
40
|
+
* ```
|
|
41
|
+
*/
|
|
42
|
+
export declare function AgentuityAuth0({ children, useAuth0, refreshInterval, tokenOptions, }: AgentuityAuth0Props): import("react/jsx-runtime").JSX.Element;
|
|
43
|
+
export {};
|
|
44
|
+
//# sourceMappingURL=client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/auth0/client.tsx"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAA4B,MAAM,OAAO,CAAC;AACjD,OAAO,KAAK,EAAE,QAAQ,IAAI,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGnE,KAAK,QAAQ,GAAG,OAAO,YAAY,CAAC;AAEpC,MAAM,WAAW,mBAAmB;IACnC,+BAA+B;IAC/B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAE1B,oDAAoD;IACpD,QAAQ,EAAE,QAAQ,CAAC;IAEnB,yEAAyE;IACzE,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB,gDAAgD;IAChD,YAAY,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CAC7E;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,cAAc,CAAC,EAC9B,QAAQ,EACR,QAAQ,EACR,eAAuB,EACvB,YAAY,GACZ,EAAE,mBAAmB,2CAsDrB"}
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
import { Fragment as _Fragment, jsx as _jsx } from "react/jsx-runtime";
|
|
2
|
+
/**
|
|
3
|
+
* Auth0 client-side authentication provider for React.
|
|
4
|
+
*
|
|
5
|
+
* @module auth0/client
|
|
6
|
+
*/
|
|
7
|
+
import { useEffect, useRef } from 'react';
|
|
8
|
+
import { useAuth } from '@agentuity/react';
|
|
9
|
+
/**
|
|
10
|
+
* Agentuity authentication provider for Auth0.
|
|
11
|
+
*
|
|
12
|
+
* This component integrates Auth0 authentication with Agentuity's context,
|
|
13
|
+
* automatically injecting auth tokens into API calls via useAPI and useWebsocket.
|
|
14
|
+
*
|
|
15
|
+
* Must be a child of both Auth0Provider and AgentuityProvider.
|
|
16
|
+
*
|
|
17
|
+
* @example
|
|
18
|
+
* ```tsx
|
|
19
|
+
* import { Auth0Provider, useAuth0 } from '@auth0/auth0-react';
|
|
20
|
+
* import { AgentuityProvider } from '@agentuity/react';
|
|
21
|
+
* import { AgentuityAuth0 } from '@agentuity/auth/auth0';
|
|
22
|
+
*
|
|
23
|
+
* <Auth0Provider domain={domain} clientId={clientId} authorizationParams={{ redirect_uri: window.location.origin }}>
|
|
24
|
+
* <AgentuityProvider>
|
|
25
|
+
* <AgentuityAuth0 useAuth0={useAuth0}>
|
|
26
|
+
* <App />
|
|
27
|
+
* </AgentuityAuth0>
|
|
28
|
+
* </AgentuityProvider>
|
|
29
|
+
* </Auth0Provider>
|
|
30
|
+
* ```
|
|
31
|
+
*/
|
|
32
|
+
export function AgentuityAuth0({ children, useAuth0, refreshInterval = 60000, tokenOptions, }) {
|
|
33
|
+
const { getAccessTokenSilently, isLoading, isAuthenticated } = useAuth0();
|
|
34
|
+
const { setAuthHeader, setAuthLoading } = useAuth();
|
|
35
|
+
// Use ref for tokenOptions to avoid infinite re-renders when parent passes inline object
|
|
36
|
+
const tokenOptionsRef = useRef(tokenOptions);
|
|
37
|
+
tokenOptionsRef.current = tokenOptions;
|
|
38
|
+
useEffect(() => {
|
|
39
|
+
if (isLoading || !setAuthHeader || !setAuthLoading) {
|
|
40
|
+
if (setAuthLoading) {
|
|
41
|
+
setAuthLoading(true);
|
|
42
|
+
}
|
|
43
|
+
return;
|
|
44
|
+
}
|
|
45
|
+
// Not authenticated - clear auth header
|
|
46
|
+
if (!isAuthenticated) {
|
|
47
|
+
setAuthHeader(null);
|
|
48
|
+
setAuthLoading(false);
|
|
49
|
+
return;
|
|
50
|
+
}
|
|
51
|
+
const fetchToken = async () => {
|
|
52
|
+
try {
|
|
53
|
+
setAuthLoading(true);
|
|
54
|
+
const token = await getAccessTokenSilently(tokenOptionsRef.current);
|
|
55
|
+
setAuthHeader(token ? `Bearer ${token}` : null);
|
|
56
|
+
}
|
|
57
|
+
catch (error) {
|
|
58
|
+
console.error('Failed to get Auth0 token:', error instanceof Error ? error.message : 'Unknown error');
|
|
59
|
+
setAuthHeader(null);
|
|
60
|
+
}
|
|
61
|
+
finally {
|
|
62
|
+
setAuthLoading(false);
|
|
63
|
+
}
|
|
64
|
+
};
|
|
65
|
+
fetchToken();
|
|
66
|
+
// Refresh token periodically
|
|
67
|
+
const interval = setInterval(fetchToken, refreshInterval);
|
|
68
|
+
return () => clearInterval(interval);
|
|
69
|
+
}, [
|
|
70
|
+
getAccessTokenSilently,
|
|
71
|
+
isLoading,
|
|
72
|
+
isAuthenticated,
|
|
73
|
+
setAuthHeader,
|
|
74
|
+
setAuthLoading,
|
|
75
|
+
refreshInterval,
|
|
76
|
+
]);
|
|
77
|
+
return _jsx(_Fragment, { children: children });
|
|
78
|
+
}
|
|
79
|
+
//# sourceMappingURL=client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/auth0/client.tsx"],"names":[],"mappings":";AAAA;;;;GAIG;AAEH,OAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAEjD,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAkB3C;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,cAAc,CAAC,EAC9B,QAAQ,EACR,QAAQ,EACR,eAAe,GAAG,KAAK,EACvB,YAAY,GACS;IACrB,MAAM,EAAE,sBAAsB,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC1E,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;IAEpD,yFAAyF;IACzF,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;IAC7C,eAAe,CAAC,OAAO,GAAG,YAAY,CAAC;IAEvC,SAAS,CAAC,GAAG,EAAE;QACd,IAAI,SAAS,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,EAAE,CAAC;YACpD,IAAI,cAAc,EAAE,CAAC;gBACpB,cAAc,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;YACD,OAAO;QACR,CAAC;QAED,wCAAwC;QACxC,IAAI,CAAC,eAAe,EAAE,CAAC;YACtB,aAAa,CAAC,IAAI,CAAC,CAAC;YACpB,cAAc,CAAC,KAAK,CAAC,CAAC;YACtB,OAAO;QACR,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE;YAC7B,IAAI,CAAC;gBACJ,cAAc,CAAC,IAAI,CAAC,CAAC;gBACrB,MAAM,KAAK,GAAG,MAAM,sBAAsB,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;gBACpE,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACjD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,OAAO,CAAC,KAAK,CACZ,4BAA4B,EAC5B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CACxD,CAAC;gBACF,aAAa,CAAC,IAAI,CAAC,CAAC;YACrB,CAAC;oBAAS,CAAC;gBACV,cAAc,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;QACF,CAAC,CAAC;QAEF,UAAU,EAAE,CAAC;QAEb,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;QAC1D,OAAO,GAAG,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC,EAAE;QACF,sBAAsB;QACtB,SAAS;QACT,eAAe;QACf,aAAa;QACb,cAAc;QACd,eAAe;KACf,CAAC,CAAC;IAEH,OAAO,4BAAG,QAAQ,GAAI,CAAC;AACxB,CAAC"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Auth0 authentication provider for Agentuity.
|
|
3
|
+
*
|
|
4
|
+
* Provides client-side (React) and server-side (Hono) authentication.
|
|
5
|
+
*
|
|
6
|
+
* @example Client-side
|
|
7
|
+
* ```tsx
|
|
8
|
+
* import { Auth0Provider, useAuth0 } from '@auth0/auth0-react';
|
|
9
|
+
* import { AgentuityProvider } from '@agentuity/react';
|
|
10
|
+
* import { AgentuityAuth0 } from '@agentuity/auth/auth0';
|
|
11
|
+
*
|
|
12
|
+
* <Auth0Provider domain={domain} clientId={clientId} authorizationParams={{ redirect_uri: window.location.origin }}>
|
|
13
|
+
* <AgentuityProvider>
|
|
14
|
+
* <AgentuityAuth0 useAuth0={useAuth0}>
|
|
15
|
+
* <App />
|
|
16
|
+
* </AgentuityAuth0>
|
|
17
|
+
* </AgentuityProvider>
|
|
18
|
+
* </Auth0Provider>
|
|
19
|
+
* ```
|
|
20
|
+
*
|
|
21
|
+
* @example Server-side
|
|
22
|
+
* ```typescript
|
|
23
|
+
* import { createMiddleware } from '@agentuity/auth/auth0/server';
|
|
24
|
+
*
|
|
25
|
+
* router.get('/api/profile', createMiddleware(), async (c) => {
|
|
26
|
+
* const user = await c.var.auth.getUser();
|
|
27
|
+
* return c.json({ email: user.email });
|
|
28
|
+
* });
|
|
29
|
+
* ```
|
|
30
|
+
*
|
|
31
|
+
* @module auth0
|
|
32
|
+
*/
|
|
33
|
+
export { AgentuityAuth0 } from './client';
|
|
34
|
+
export type { AgentuityAuth0Props } from './client';
|
|
35
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth0/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Auth0 authentication provider for Agentuity.
|
|
3
|
+
*
|
|
4
|
+
* Provides client-side (React) and server-side (Hono) authentication.
|
|
5
|
+
*
|
|
6
|
+
* @example Client-side
|
|
7
|
+
* ```tsx
|
|
8
|
+
* import { Auth0Provider, useAuth0 } from '@auth0/auth0-react';
|
|
9
|
+
* import { AgentuityProvider } from '@agentuity/react';
|
|
10
|
+
* import { AgentuityAuth0 } from '@agentuity/auth/auth0';
|
|
11
|
+
*
|
|
12
|
+
* <Auth0Provider domain={domain} clientId={clientId} authorizationParams={{ redirect_uri: window.location.origin }}>
|
|
13
|
+
* <AgentuityProvider>
|
|
14
|
+
* <AgentuityAuth0 useAuth0={useAuth0}>
|
|
15
|
+
* <App />
|
|
16
|
+
* </AgentuityAuth0>
|
|
17
|
+
* </AgentuityProvider>
|
|
18
|
+
* </Auth0Provider>
|
|
19
|
+
* ```
|
|
20
|
+
*
|
|
21
|
+
* @example Server-side
|
|
22
|
+
* ```typescript
|
|
23
|
+
* import { createMiddleware } from '@agentuity/auth/auth0/server';
|
|
24
|
+
*
|
|
25
|
+
* router.get('/api/profile', createMiddleware(), async (c) => {
|
|
26
|
+
* const user = await c.var.auth.getUser();
|
|
27
|
+
* return c.json({ email: user.email });
|
|
28
|
+
* });
|
|
29
|
+
* ```
|
|
30
|
+
*
|
|
31
|
+
* @module auth0
|
|
32
|
+
*/
|
|
33
|
+
// Client-side exports (safe for browser)
|
|
34
|
+
export { AgentuityAuth0 } from './client';
|
|
35
|
+
// Server-side exports are NOT exported from the main index to prevent bundling server deps in frontend
|
|
36
|
+
// Import server code directly from '@agentuity/auth/auth0/server' instead
|
|
37
|
+
// This ensures jsonwebtoken/jwks-rsa are never bundled into browser code
|
|
38
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth0/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,yCAAyC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG1C,uGAAuG;AACvG,0EAA0E;AAC1E,yEAAyE"}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Auth0 server-side authentication middleware for Hono.
|
|
3
|
+
*
|
|
4
|
+
* @module auth0/server
|
|
5
|
+
*/
|
|
6
|
+
import type { AgentuityAuth } from '../types';
|
|
7
|
+
/**
|
|
8
|
+
* Environment type for Auth0 middleware - provides typed context variables.
|
|
9
|
+
*/
|
|
10
|
+
export type Auth0Env = {
|
|
11
|
+
Variables: {
|
|
12
|
+
auth: AgentuityAuth<Auth0User, Auth0JWTPayload>;
|
|
13
|
+
};
|
|
14
|
+
};
|
|
15
|
+
/**
|
|
16
|
+
* Auth0 JWT payload structure.
|
|
17
|
+
*/
|
|
18
|
+
export interface Auth0JWTPayload {
|
|
19
|
+
/** Subject (user ID) */
|
|
20
|
+
sub: string;
|
|
21
|
+
/** Email address */
|
|
22
|
+
email?: string;
|
|
23
|
+
/** Email verification status */
|
|
24
|
+
email_verified?: boolean;
|
|
25
|
+
/** Full name */
|
|
26
|
+
name?: string;
|
|
27
|
+
/** Given name */
|
|
28
|
+
given_name?: string;
|
|
29
|
+
/** Family name */
|
|
30
|
+
family_name?: string;
|
|
31
|
+
/** Picture URL */
|
|
32
|
+
picture?: string;
|
|
33
|
+
/** Additional claims */
|
|
34
|
+
[key: string]: unknown;
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Auth0 user info from Management API.
|
|
38
|
+
*/
|
|
39
|
+
export interface Auth0User {
|
|
40
|
+
/** User ID */
|
|
41
|
+
user_id: string;
|
|
42
|
+
/** Email address */
|
|
43
|
+
email?: string;
|
|
44
|
+
/** Email verification status */
|
|
45
|
+
email_verified?: boolean;
|
|
46
|
+
/** Full name */
|
|
47
|
+
name?: string;
|
|
48
|
+
/** Given name */
|
|
49
|
+
given_name?: string;
|
|
50
|
+
/** Family name */
|
|
51
|
+
family_name?: string;
|
|
52
|
+
/** Picture URL */
|
|
53
|
+
picture?: string;
|
|
54
|
+
/** Additional user metadata */
|
|
55
|
+
[key: string]: unknown;
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Options for Auth0 middleware.
|
|
59
|
+
*/
|
|
60
|
+
export interface Auth0MiddlewareOptions {
|
|
61
|
+
/** Auth0 domain (defaults to process.env.AUTH0_DOMAIN) */
|
|
62
|
+
domain?: string;
|
|
63
|
+
/** Auth0 audience/API identifier (defaults to process.env.AUTH0_AUDIENCE) */
|
|
64
|
+
audience?: string;
|
|
65
|
+
/** Auth0 issuer (defaults to https://{domain}/) */
|
|
66
|
+
issuer?: string;
|
|
67
|
+
/** Custom token extractor function */
|
|
68
|
+
getToken?: (authHeader: string) => string;
|
|
69
|
+
/** Whether to fetch full user profile from Management API (requires AUTH0_M2M_CLIENT_ID and AUTH0_M2M_CLIENT_SECRET) */
|
|
70
|
+
fetchUserProfile?: boolean;
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* Create Hono middleware for Auth0 authentication.
|
|
74
|
+
*
|
|
75
|
+
* This middleware:
|
|
76
|
+
* - Extracts and validates JWT tokens from Authorization header
|
|
77
|
+
* - Returns 401 if token is missing or invalid
|
|
78
|
+
* - Exposes authenticated user via c.var.auth
|
|
79
|
+
*
|
|
80
|
+
* @example
|
|
81
|
+
* ```typescript
|
|
82
|
+
* import { createMiddleware } from '@agentuity/auth/auth0';
|
|
83
|
+
*
|
|
84
|
+
* router.get('/api/profile', createMiddleware(), async (c) => {
|
|
85
|
+
* const user = await c.var.auth.getUser();
|
|
86
|
+
* return c.json({ email: user.email });
|
|
87
|
+
* });
|
|
88
|
+
* ```
|
|
89
|
+
*/
|
|
90
|
+
export declare function createMiddleware(options?: Auth0MiddlewareOptions): import("hono/types").MiddlewareHandler<Auth0Env, string, {}, Response>;
|
|
91
|
+
//# sourceMappingURL=server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/auth0/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAEjE;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG;IACtB,SAAS,EAAE;QACV,IAAI,EAAE,aAAa,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;KAChD,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,oBAAoB;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iBAAiB;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,cAAc;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iBAAiB;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACtC,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,6EAA6E;IAC7E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,mDAAmD;IACnD,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,sCAAsC;IACtC,QAAQ,CAAC,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,MAAM,CAAC;IAE1C,wHAAwH;IACxH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,sBAA2B,0EAgJpE"}
|
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Auth0 server-side authentication middleware for Hono.
|
|
3
|
+
*
|
|
4
|
+
* @module auth0/server
|
|
5
|
+
*/
|
|
6
|
+
import { createMiddleware as createHonoMiddleware } from 'hono/factory';
|
|
7
|
+
import jwt from 'jsonwebtoken';
|
|
8
|
+
import jwksClient from 'jwks-rsa';
|
|
9
|
+
/**
|
|
10
|
+
* Create Hono middleware for Auth0 authentication.
|
|
11
|
+
*
|
|
12
|
+
* This middleware:
|
|
13
|
+
* - Extracts and validates JWT tokens from Authorization header
|
|
14
|
+
* - Returns 401 if token is missing or invalid
|
|
15
|
+
* - Exposes authenticated user via c.var.auth
|
|
16
|
+
*
|
|
17
|
+
* @example
|
|
18
|
+
* ```typescript
|
|
19
|
+
* import { createMiddleware } from '@agentuity/auth/auth0';
|
|
20
|
+
*
|
|
21
|
+
* router.get('/api/profile', createMiddleware(), async (c) => {
|
|
22
|
+
* const user = await c.var.auth.getUser();
|
|
23
|
+
* return c.json({ email: user.email });
|
|
24
|
+
* });
|
|
25
|
+
* ```
|
|
26
|
+
*/
|
|
27
|
+
export function createMiddleware(options = {}) {
|
|
28
|
+
const domain = options.domain || process.env.AGENTUITY_PUBLIC_AUTH0_DOMAIN || process.env.AUTH0_DOMAIN;
|
|
29
|
+
const audience = options.audience || process.env.AGENTUITY_PUBLIC_AUTH0_AUDIENCE || process.env.AUTH0_AUDIENCE;
|
|
30
|
+
const issuer = options.issuer || (domain ? `https://${domain}/` : undefined);
|
|
31
|
+
if (!domain) {
|
|
32
|
+
console.error('[Auth0 Auth] AUTH0_DOMAIN is not set. Add it to your .env file or pass domain option to createMiddleware()');
|
|
33
|
+
throw new Error('Auth0 domain is required (set AUTH0_DOMAIN or pass domain option)');
|
|
34
|
+
}
|
|
35
|
+
if (!issuer) {
|
|
36
|
+
throw new Error('Auth0 issuer is required');
|
|
37
|
+
}
|
|
38
|
+
// Create JWKS client for fetching signing keys
|
|
39
|
+
const client = jwksClient({
|
|
40
|
+
jwksUri: `https://${domain}/.well-known/jwks.json`,
|
|
41
|
+
cache: true,
|
|
42
|
+
cacheMaxAge: 86400000, // 24 hours
|
|
43
|
+
});
|
|
44
|
+
// Get signing key function for jwt.verify
|
|
45
|
+
const getKey = (header, callback) => {
|
|
46
|
+
if (!header.kid) {
|
|
47
|
+
callback(new Error('No kid in token header'));
|
|
48
|
+
return;
|
|
49
|
+
}
|
|
50
|
+
client.getSigningKey(header.kid, (err, key) => {
|
|
51
|
+
if (err) {
|
|
52
|
+
callback(err);
|
|
53
|
+
return;
|
|
54
|
+
}
|
|
55
|
+
if (!key) {
|
|
56
|
+
callback(new Error('No signing key found'));
|
|
57
|
+
return;
|
|
58
|
+
}
|
|
59
|
+
const signingKey = key.getPublicKey();
|
|
60
|
+
callback(null, signingKey);
|
|
61
|
+
});
|
|
62
|
+
};
|
|
63
|
+
return createHonoMiddleware(async (c, next) => {
|
|
64
|
+
const authHeader = c.req.header('Authorization');
|
|
65
|
+
if (!authHeader) {
|
|
66
|
+
return c.json({ error: 'Unauthorized' }, 401);
|
|
67
|
+
}
|
|
68
|
+
try {
|
|
69
|
+
// Extract token from Bearer header
|
|
70
|
+
let token;
|
|
71
|
+
if (options.getToken) {
|
|
72
|
+
token = options.getToken(authHeader);
|
|
73
|
+
}
|
|
74
|
+
else {
|
|
75
|
+
// Validate Authorization scheme is Bearer
|
|
76
|
+
if (!authHeader.match(/^Bearer\s+/i)) {
|
|
77
|
+
return c.json({ error: 'Unauthorized' }, 401);
|
|
78
|
+
}
|
|
79
|
+
token = authHeader.replace(/^Bearer\s+/i, '');
|
|
80
|
+
}
|
|
81
|
+
// Ensure token is not empty
|
|
82
|
+
if (!token || token.trim().length === 0) {
|
|
83
|
+
return c.json({ error: 'Unauthorized' }, 401);
|
|
84
|
+
}
|
|
85
|
+
// Verify token with Auth0
|
|
86
|
+
const verifyOptions = {
|
|
87
|
+
issuer,
|
|
88
|
+
algorithms: ['RS256'],
|
|
89
|
+
};
|
|
90
|
+
// Only validate audience if it's configured
|
|
91
|
+
if (audience) {
|
|
92
|
+
verifyOptions.audience = audience;
|
|
93
|
+
}
|
|
94
|
+
const payload = await new Promise((resolve, reject) => {
|
|
95
|
+
jwt.verify(token, getKey, verifyOptions, (err, decoded) => {
|
|
96
|
+
if (err) {
|
|
97
|
+
reject(err);
|
|
98
|
+
return;
|
|
99
|
+
}
|
|
100
|
+
if (!decoded || typeof decoded !== 'object') {
|
|
101
|
+
reject(new Error('Invalid token payload'));
|
|
102
|
+
return;
|
|
103
|
+
}
|
|
104
|
+
resolve(decoded);
|
|
105
|
+
});
|
|
106
|
+
});
|
|
107
|
+
// Validate payload has required subject claim
|
|
108
|
+
if (!payload.sub || typeof payload.sub !== 'string') {
|
|
109
|
+
throw new Error('Invalid token: missing or invalid subject claim');
|
|
110
|
+
}
|
|
111
|
+
// Memoize user fetch to avoid multiple API calls
|
|
112
|
+
let cachedUser = null;
|
|
113
|
+
// Create auth object with Auth0 payload types
|
|
114
|
+
const auth = {
|
|
115
|
+
async getUser() {
|
|
116
|
+
if (cachedUser) {
|
|
117
|
+
return cachedUser;
|
|
118
|
+
}
|
|
119
|
+
// If fetchUserProfile is enabled, fetch from Management API (more complete data)
|
|
120
|
+
if (options.fetchUserProfile) {
|
|
121
|
+
const user = await fetchUserFromManagementAPI(payload.sub);
|
|
122
|
+
cachedUser = mapAuth0UserToAgentuityUser(user);
|
|
123
|
+
}
|
|
124
|
+
else {
|
|
125
|
+
// Fetch from /userinfo endpoint (access token has openid scope)
|
|
126
|
+
const user = await fetchUserFromUserInfo(domain, token);
|
|
127
|
+
cachedUser = mapAuth0UserToAgentuityUser(user);
|
|
128
|
+
}
|
|
129
|
+
return cachedUser;
|
|
130
|
+
},
|
|
131
|
+
async getToken() {
|
|
132
|
+
return token;
|
|
133
|
+
},
|
|
134
|
+
raw: payload,
|
|
135
|
+
};
|
|
136
|
+
c.set('auth', auth);
|
|
137
|
+
await next();
|
|
138
|
+
}
|
|
139
|
+
catch (error) {
|
|
140
|
+
const hasErrorCode = error && typeof error === 'object' && 'code' in error && typeof error.code === 'string';
|
|
141
|
+
console.error('[Auth0 Auth] Authentication failed', { hasErrorCode });
|
|
142
|
+
return c.json({ error: 'Unauthorized' }, 401);
|
|
143
|
+
}
|
|
144
|
+
});
|
|
145
|
+
}
|
|
146
|
+
/**
|
|
147
|
+
* Fetch user info from Auth0 /userinfo endpoint using access token.
|
|
148
|
+
*/
|
|
149
|
+
async function fetchUserFromUserInfo(domain, accessToken) {
|
|
150
|
+
const response = await fetch(`https://${domain}/userinfo`, {
|
|
151
|
+
headers: {
|
|
152
|
+
Authorization: `Bearer ${accessToken}`,
|
|
153
|
+
},
|
|
154
|
+
});
|
|
155
|
+
if (!response.ok) {
|
|
156
|
+
throw new Error(`Failed to fetch user info: ${response.status}`);
|
|
157
|
+
}
|
|
158
|
+
const userInfo = (await response.json());
|
|
159
|
+
return {
|
|
160
|
+
user_id: userInfo.sub,
|
|
161
|
+
email: userInfo.email,
|
|
162
|
+
email_verified: userInfo.email_verified,
|
|
163
|
+
name: userInfo.name,
|
|
164
|
+
given_name: userInfo.given_name,
|
|
165
|
+
family_name: userInfo.family_name,
|
|
166
|
+
picture: userInfo.picture,
|
|
167
|
+
};
|
|
168
|
+
}
|
|
169
|
+
/**
|
|
170
|
+
* Map Auth0 User to AgentuityAuthUser.
|
|
171
|
+
*/
|
|
172
|
+
function mapAuth0UserToAgentuityUser(user) {
|
|
173
|
+
return {
|
|
174
|
+
id: user.user_id,
|
|
175
|
+
name: user.name ||
|
|
176
|
+
(user.given_name && user.family_name
|
|
177
|
+
? `${user.given_name} ${user.family_name}`.trim()
|
|
178
|
+
: user.given_name || user.family_name),
|
|
179
|
+
email: user.email,
|
|
180
|
+
raw: user,
|
|
181
|
+
};
|
|
182
|
+
}
|
|
183
|
+
// M2M token cache to avoid fetching on every request
|
|
184
|
+
let cachedM2MToken = null;
|
|
185
|
+
/**
|
|
186
|
+
* Get M2M access token for Management API, with caching.
|
|
187
|
+
*/
|
|
188
|
+
async function getM2MAccessToken(domain, clientId, clientSecret) {
|
|
189
|
+
// Return cached token if still valid (with 60s buffer before expiry)
|
|
190
|
+
if (cachedM2MToken && Date.now() < cachedM2MToken.expiresAt - 60000) {
|
|
191
|
+
return cachedM2MToken.token;
|
|
192
|
+
}
|
|
193
|
+
const tokenResponse = await fetch(`https://${domain}/oauth/token`, {
|
|
194
|
+
method: 'POST',
|
|
195
|
+
headers: { 'Content-Type': 'application/json' },
|
|
196
|
+
body: JSON.stringify({
|
|
197
|
+
client_id: clientId,
|
|
198
|
+
client_secret: clientSecret,
|
|
199
|
+
audience: `https://${domain}/api/v2/`,
|
|
200
|
+
grant_type: 'client_credentials',
|
|
201
|
+
}),
|
|
202
|
+
});
|
|
203
|
+
if (!tokenResponse.ok) {
|
|
204
|
+
throw new Error('Failed to get Management API access token');
|
|
205
|
+
}
|
|
206
|
+
const { access_token, expires_in } = (await tokenResponse.json());
|
|
207
|
+
cachedM2MToken = {
|
|
208
|
+
token: access_token,
|
|
209
|
+
expiresAt: Date.now() + expires_in * 1000,
|
|
210
|
+
};
|
|
211
|
+
return access_token;
|
|
212
|
+
}
|
|
213
|
+
/**
|
|
214
|
+
* Fetch user profile from Auth0 Management API.
|
|
215
|
+
*/
|
|
216
|
+
async function fetchUserFromManagementAPI(userId) {
|
|
217
|
+
const clientId = process.env.AUTH0_M2M_CLIENT_ID;
|
|
218
|
+
const clientSecret = process.env.AUTH0_M2M_CLIENT_SECRET;
|
|
219
|
+
const domain = process.env.AGENTUITY_PUBLIC_AUTH0_DOMAIN || process.env.AUTH0_DOMAIN;
|
|
220
|
+
if (!clientId || !clientSecret || !domain) {
|
|
221
|
+
throw new Error('AUTH0_M2M_CLIENT_ID, AUTH0_M2M_CLIENT_SECRET, and AUTH0_DOMAIN must be set to fetch user profile');
|
|
222
|
+
}
|
|
223
|
+
// Get cached or fresh Management API access token
|
|
224
|
+
const accessToken = await getM2MAccessToken(domain, clientId, clientSecret);
|
|
225
|
+
// Fetch user from Management API
|
|
226
|
+
const userResponse = await fetch(`https://${domain}/api/v2/users/${encodeURIComponent(userId)}`, {
|
|
227
|
+
headers: {
|
|
228
|
+
Authorization: `Bearer ${accessToken}`,
|
|
229
|
+
'Content-Type': 'application/json',
|
|
230
|
+
},
|
|
231
|
+
});
|
|
232
|
+
if (!userResponse.ok) {
|
|
233
|
+
throw new Error('Failed to fetch user from Management API');
|
|
234
|
+
}
|
|
235
|
+
return (await userResponse.json());
|
|
236
|
+
}
|
|
237
|
+
//# sourceMappingURL=server.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/auth0/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,IAAI,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,UAAU,MAAM,UAAU,CAAC;AA4ElC;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAkC,EAAE;IACpE,MAAM,MAAM,GACX,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,6BAA6B,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACzF,MAAM,QAAQ,GACb,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,+BAA+B,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC/F,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAE7E,IAAI,CAAC,MAAM,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CACZ,4GAA4G,CAC5G,CAAC;QACF,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACtF,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC7C,CAAC;IAED,+CAA+C;IAC/C,MAAM,MAAM,GAAG,UAAU,CAAC;QACzB,OAAO,EAAE,WAAW,MAAM,wBAAwB;QAClD,KAAK,EAAE,IAAI;QACX,WAAW,EAAE,QAAQ,EAAE,WAAW;KAClC,CAAC,CAAC;IAEH,0CAA0C;IAC1C,MAAM,MAAM,GAAG,CAAC,MAAqB,EAAE,QAAgC,EAAE,EAAE;QAC1E,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACjB,QAAQ,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;YAC9C,OAAO;QACR,CAAC;QACD,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,GAAiB,EAAE,GAA2B,EAAE,EAAE;YACnF,IAAI,GAAG,EAAE,CAAC;gBACT,QAAQ,CAAC,GAAG,CAAC,CAAC;gBACd,OAAO;YACR,CAAC;YACD,IAAI,CAAC,GAAG,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC;gBAC5C,OAAO;YACR,CAAC;YACD,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;YACtC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;IACJ,CAAC,CAAC;IAEF,OAAO,oBAAoB,CAAW,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAEjD,IAAI,CAAC,UAAU,EAAE,CAAC;YACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,CAAC;YACJ,mCAAmC;YACnC,IAAI,KAAa,CAAC;YAClB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACtB,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACP,0CAA0C;gBAC1C,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;oBACtC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC/C,CAAC;gBACD,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAC/C,CAAC;YAED,4BAA4B;YAC5B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAC/C,CAAC;YAED,0BAA0B;YAC1B,MAAM,aAAa,GAAsB;gBACxC,MAAM;gBACN,UAAU,EAAE,CAAC,OAAO,CAAC;aACrB,CAAC;YAEF,4CAA4C;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACd,aAAa,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACnC,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,OAAO,CAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACtE,GAAG,CAAC,MAAM,CACT,KAAK,EACL,MAAM,EACN,aAAa,EACb,CAAC,GAA4B,EAAE,OAA4C,EAAE,EAAE;oBAC9E,IAAI,GAAG,EAAE,CAAC;wBACT,MAAM,CAAC,GAAG,CAAC,CAAC;wBACZ,OAAO;oBACR,CAAC;oBACD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;wBAC7C,MAAM,CAAC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC;wBAC3C,OAAO;oBACR,CAAC;oBACD,OAAO,CAAC,OAA0B,CAAC,CAAC;gBACrC,CAAC,CACD,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,8CAA8C;YAC9C,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACrD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACpE,CAAC;YAED,iDAAiD;YACjD,IAAI,UAAU,GAAwC,IAAI,CAAC;YAE3D,8CAA8C;YAC9C,MAAM,IAAI,GAA8C;gBACvD,KAAK,CAAC,OAAO;oBACZ,IAAI,UAAU,EAAE,CAAC;wBAChB,OAAO,UAAU,CAAC;oBACnB,CAAC;oBAED,iFAAiF;oBACjF,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;wBAC9B,MAAM,IAAI,GAAG,MAAM,0BAA0B,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;wBAC3D,UAAU,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;oBAChD,CAAC;yBAAM,CAAC;wBACP,gEAAgE;wBAChE,MAAM,IAAI,GAAG,MAAM,qBAAqB,CAAC,MAAO,EAAE,KAAK,CAAC,CAAC;wBACzD,UAAU,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;oBAChD,CAAC;oBAED,OAAO,UAAU,CAAC;gBACnB,CAAC;gBAED,KAAK,CAAC,QAAQ;oBACb,OAAO,KAAK,CAAC;gBACd,CAAC;gBAED,GAAG,EAAE,OAAO;aACZ,CAAC;YAEF,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACpB,MAAM,IAAI,EAAE,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,MAAM,YAAY,GACjB,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC;YACzF,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC;YACtE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/C,CAAC;IACF,CAAC,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAAC,MAAc,EAAE,WAAmB;IACvE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,MAAM,WAAW,EAAE;QAC1D,OAAO,EAAE;YACR,aAAa,EAAE,UAAU,WAAW,EAAE;SACtC;KACD,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAStC,CAAC;IAEF,OAAO;QACN,OAAO,EAAE,QAAQ,CAAC,GAAG;QACrB,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,cAAc,EAAE,QAAQ,CAAC,cAAc;QACvC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,OAAO,EAAE,QAAQ,CAAC,OAAO;KACzB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,IAAe;IACnD,OAAO;QACN,EAAE,EAAE,IAAI,CAAC,OAAO;QAChB,IAAI,EACH,IAAI,CAAC,IAAI;YACT,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,WAAW;gBACnC,CAAC,CAAC,GAAG,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE;gBACjD,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,WAAW,CAAC;QACxC,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,GAAG,EAAE,IAAI;KACT,CAAC;AACH,CAAC;AAED,qDAAqD;AACrD,IAAI,cAAc,GAAgD,IAAI,CAAC;AAEvE;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAC/B,MAAc,EACd,QAAgB,EAChB,YAAoB;IAEpB,qEAAqE;IACrE,IAAI,cAAc,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC,SAAS,GAAG,KAAK,EAAE,CAAC;QACrE,OAAO,cAAc,CAAC,KAAK,CAAC;IAC7B,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,WAAW,MAAM,cAAc,EAAE;QAClE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACpB,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,QAAQ,EAAE,WAAW,MAAM,UAAU;YACrC,UAAU,EAAE,oBAAoB;SAChC,CAAC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAG/D,CAAC;IAEF,cAAc,GAAG;QAChB,KAAK,EAAE,YAAY;QACnB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI;KACzC,CAAC;IAEF,OAAO,YAAY,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,0BAA0B,CAAC,MAAc;IACvD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACzD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IAErF,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CACd,kGAAkG,CAClG,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IAE5E,iCAAiC;IACjC,MAAM,YAAY,GAAG,MAAM,KAAK,CAC/B,WAAW,MAAM,iBAAiB,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAC9D;QACC,OAAO,EAAE;YACR,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,cAAc,EAAE,kBAAkB;SAClC;KACD,CACD,CAAC;IAEF,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC7D,CAAC;IAED,OAAO,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAAc,CAAC;AACjD,CAAC"}
|
package/dist/clerk/index.d.ts
CHANGED
|
@@ -33,5 +33,5 @@
|
|
|
33
33
|
export { AgentuityClerk } from './client';
|
|
34
34
|
export type { AgentuityClerkProps } from './client';
|
|
35
35
|
export { createMiddleware } from './server';
|
|
36
|
-
export type { ClerkMiddlewareOptions, ClerkJWTPayload } from './server';
|
|
36
|
+
export type { ClerkMiddlewareOptions, ClerkJWTPayload, ClerkEnv } from './server';
|
|
37
37
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/clerk/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,YAAY,EAAE,sBAAsB,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/clerk/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,YAAY,EAAE,sBAAsB,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC"}
|
package/dist/clerk/server.d.ts
CHANGED
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
*
|
|
4
4
|
* @module clerk/server
|
|
5
5
|
*/
|
|
6
|
-
import type { MiddlewareHandler } from 'hono';
|
|
7
6
|
import type { User } from '@clerk/backend';
|
|
8
7
|
import type { AgentuityAuth } from '../types';
|
|
9
8
|
/**
|
|
@@ -15,6 +14,14 @@ export interface ClerkJWTPayload {
|
|
|
15
14
|
/** Additional claims */
|
|
16
15
|
[key: string]: unknown;
|
|
17
16
|
}
|
|
17
|
+
/**
|
|
18
|
+
* Environment type for Clerk middleware - provides typed context variables.
|
|
19
|
+
*/
|
|
20
|
+
export type ClerkEnv = {
|
|
21
|
+
Variables: {
|
|
22
|
+
auth: AgentuityAuth<User, ClerkJWTPayload>;
|
|
23
|
+
};
|
|
24
|
+
};
|
|
18
25
|
/**
|
|
19
26
|
* Options for Clerk middleware.
|
|
20
27
|
*/
|
|
@@ -44,13 +51,5 @@ export interface ClerkMiddlewareOptions {
|
|
|
44
51
|
* });
|
|
45
52
|
* ```
|
|
46
53
|
*/
|
|
47
|
-
export declare function createMiddleware(options?: ClerkMiddlewareOptions): MiddlewareHandler
|
|
48
|
-
/**
|
|
49
|
-
* Augment Hono's context types to include auth.
|
|
50
|
-
*/
|
|
51
|
-
declare module 'hono' {
|
|
52
|
-
interface ContextVariableMap {
|
|
53
|
-
auth: AgentuityAuth<User, ClerkJWTPayload>;
|
|
54
|
-
}
|
|
55
|
-
}
|
|
54
|
+
export declare function createMiddleware(options?: ClerkMiddlewareOptions): import("hono/types").MiddlewareHandler<ClerkEnv, string, {}, Response>;
|
|
56
55
|
//# sourceMappingURL=server.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/clerk/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/clerk/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAEjE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,wBAAwB;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG;IACtB,SAAS,EAAE;QACV,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;KAC3C,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACtC,kEAAkE;IAClE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,sCAAsC;IACtC,QAAQ,CAAC,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,MAAM,CAAC;IAE1C,mDAAmD;IACnD,cAAc,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,sBAA2B,0EA6FpE"}
|
package/dist/clerk/server.js
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* @module clerk/server
|
|
5
5
|
*/
|
|
6
|
+
import { createMiddleware as createHonoMiddleware } from 'hono/factory';
|
|
6
7
|
import { createClerkClient, verifyToken } from '@clerk/backend';
|
|
7
8
|
/**
|
|
8
9
|
* Create Hono middleware for Clerk authentication.
|
|
@@ -36,7 +37,7 @@ export function createMiddleware(options = {}) {
|
|
|
36
37
|
}
|
|
37
38
|
// Create Clerk client instance
|
|
38
39
|
const clerkClient = createClerkClient({ secretKey });
|
|
39
|
-
return async (c, next) => {
|
|
40
|
+
return createHonoMiddleware(async (c, next) => {
|
|
40
41
|
const authHeader = c.req.header('Authorization');
|
|
41
42
|
if (!authHeader) {
|
|
42
43
|
return c.json({ error: 'Unauthorized' }, 401);
|
|
@@ -94,7 +95,7 @@ export function createMiddleware(options = {}) {
|
|
|
94
95
|
console.error(`[Clerk Auth] Authentication failed: ${errorCode} - ${errorMessage}`);
|
|
95
96
|
return c.json({ error: 'Unauthorized' }, 401);
|
|
96
97
|
}
|
|
97
|
-
};
|
|
98
|
+
});
|
|
98
99
|
}
|
|
99
100
|
/**
|
|
100
101
|
* Map Clerk User to AgentuityAuthUser.
|
package/dist/clerk/server.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/clerk/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/clerk/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,IAAI,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAqChE;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAkC,EAAE;IACpE,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACpE,MAAM,cAAc,GACnB,OAAO,CAAC,cAAc;QACtB,OAAO,CAAC,GAAG,CAAC,sCAAsC;QAClD,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IAEnC,IAAI,CAAC,SAAS,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CACZ,mHAAmH,CACnH,CAAC;QACF,MAAM,IAAI,KAAK,CACd,8EAA8E,CAC9E,CAAC;IACH,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CACX,sHAAsH,CACtH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,WAAW,GAAG,iBAAiB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IAErD,OAAO,oBAAoB,CAAW,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAEjD,IAAI,CAAC,UAAU,EAAE,CAAC;YACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,CAAC;YACJ,mCAAmC;YACnC,IAAI,KAAa,CAAC;YAClB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACtB,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACP,0CAA0C;gBAC1C,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;oBACtC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC/C,CAAC;gBACD,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAC/C,CAAC;YAED,4BAA4B;YAC5B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAC/C,CAAC;YAED,6DAA6D;YAC7D,MAAM,OAAO,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE;gBACzC,SAAS;aACT,CAAC,CAAoB,CAAC;YAEvB,8CAA8C;YAC9C,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACrD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACpE,CAAC;YAED,iDAAiD;YACjD,IAAI,UAAU,GAAmC,IAAI,CAAC;YAEtD,uDAAuD;YACvD,MAAM,IAAI,GAAyC;gBAClD,KAAK,CAAC,OAAO;oBACZ,IAAI,UAAU,EAAE,CAAC;wBAChB,OAAO,UAAU,CAAC;oBACnB,CAAC;oBACD,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;oBAC1D,UAAU,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;oBAC/C,OAAO,UAAU,CAAC;gBACnB,CAAC;gBAED,KAAK,CAAC,QAAQ;oBACb,OAAO,KAAK,CAAC;gBACd,CAAC;gBAED,GAAG,EAAE,OAAO;aACZ,CAAC;YAEF,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACpB,MAAM,IAAI,EAAE,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,MAAM,SAAS,GACd,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ;gBACtF,CAAC,CAAC,KAAK,CAAC,IAAI;gBACZ,CAAC,CAAC,kBAAkB,CAAC;YACvB,OAAO,CAAC,KAAK,CAAC,uCAAuC,SAAS,MAAM,YAAY,EAAE,CAAC,CAAC;YACpF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/C,CAAC;IACF,CAAC,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,SAAe;IACnD,OAAO;QACN,EAAE,EAAE,SAAS,CAAC,EAAE;QAChB,IAAI,EAAE,GAAG,SAAS,CAAC,SAAS,IAAI,EAAE,IAAI,SAAS,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,IAAI,SAAS;QACpF,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,YAAY;QAChD,GAAG,EAAE,SAAS;KACd,CAAC;AACH,CAAC"}
|