@atria/server 0.0.9 → 0.0.12

package/README.md

@@ -2,12 +2,12 @@
 
 HTTP runtime server for atria development.
 
-This package powers `atria dev` by serving `public/` for the public site and `.atria/runtime` for the back-office host.
+This package powers `atria dev` by serving `production/public/` for the public site and `.atria/runtime` for the back-office host.
 
 ## Install
 
 ```bash
-npm install @atria/server @atria/shared
+npm install @atria/server @atria/shared @atria/db
 ```
 
 ## Usage
@@ -27,12 +27,28 @@ await server.close();
 
 ## Behavior
 
-- Serves `localhost` from `<projectRoot>/public`.
-- Serves `admin.localhost` from `<projectRoot>/.atria/runtime`.
-- Responds to `GET /api/health` with `{ "ok": true, "site": "public" | "admin", "publicOutputPublished": boolean }`.
-- Publish state is resolved live from `<projectRoot>/public/index.html` (no marker file required).
-- If `public/index.html` is missing, `GET /` returns `503 Service Unavailable`.
-- If `public/index.html` is missing, other public routes return `404 Not Found`.
-- If `public/index.html` exists, missing public files/routes return `404` (serving `public/404.html` when present).
-- Uses SPA-style `index.html` fallback only for `admin.localhost` non-file routes.
+- Serves `localhost` from `<projectRoot>/production/public`.
+- Serves `studio.localhost` from `<projectRoot>/.atria/runtime`.
+- Responds to `GET /api/health` with runtime diagnostics: `ok`, `status`, `site`, `publicOutputPublished`, `ownerSetupPending`, and `database` (driver/source/usesFallback/reachable/error).
+- Exposes OAuth auth endpoints on `studio.localhost`:
+  - `GET /api/auth/providers`
+  - `GET /api/auth/start/:provider`
+  - `GET /api/auth/callback/:provider`
+  - `GET /api/auth/session`
+  - `GET /api/auth/logout`
+- Publish state is resolved live from `<projectRoot>/production/public/index.html` (no marker file required).
+- Owner setup state is resolved from the database (`pending` while no owner user exists).
+- If `production/public/index.html` is missing, `GET /` returns `503 Service Unavailable`.
+- If `production/public/index.html` is missing, other public routes return `404 Not Found`.
+- If `production/public/index.html` exists, missing public files/routes return `404` (serving `production/public/404.html` when present).
+- Uses SPA-style `index.html` fallback only for `studio.localhost` non-file routes.
 - Blocks path traversal attempts outside the configured public/admin roots.
+
+## OAuth environment variables
+
+- `ATRIA_AUTH_BROKER_ORIGIN` (recommended)
+- `ATRIA_AUTH_GITHUB_CLIENT_ID`
+- `ATRIA_AUTH_GITHUB_CLIENT_SECRET`
+- `ATRIA_AUTH_GOOGLE_CLIENT_ID`
+- `ATRIA_AUTH_GOOGLE_CLIENT_SECRET`
+- `ATRIA_AUTH_ORIGIN` (optional, defaults to `http://studio.localhost:<port>`)

package/dist/auth/cookies.d.ts

@@ -0,0 +1,11 @@
+import type { IncomingHttpHeaders } from "node:http";
+interface CookieOptions {
+    httpOnly?: boolean;
+    maxAge?: number;
+    path?: string;
+    sameSite?: "Lax" | "Strict" | "None";
+    secure?: boolean;
+}
+export declare const parseCookies: (headers: IncomingHttpHeaders) => Record<string, string>;
+export declare const serializeCookie: (name: string, value: string, options?: CookieOptions) => string;
+export {};

package/dist/auth/cookies.js

@@ -0,0 +1,38 @@
+export const parseCookies = (headers) => {
+    const raw = headers.cookie;
+    if (!raw) {
+        return {};
+    }
+    return raw
+        .split(";")
+        .map((entry) => entry.trim())
+        .filter((entry) => entry.length > 0)
+        .reduce((cookies, entry) => {
+        const separatorIndex = entry.indexOf("=");
+        if (separatorIndex <= 0) {
+            return cookies;
+        }
+        const name = entry.slice(0, separatorIndex).trim();
+        const value = entry.slice(separatorIndex + 1).trim();
+        cookies[name] = decodeURIComponent(value);
+        return cookies;
+    }, {});
+};
+export const serializeCookie = (name, value, options = {}) => {
+    const parts = [`${name}=${encodeURIComponent(value)}`];
+    parts.push(`Path=${options.path ?? "/"}`);
+    if (options.httpOnly !== false) {
+        parts.push("HttpOnly");
+    }
+    if (options.sameSite) {
+        parts.push(`SameSite=${options.sameSite}`);
+    }
+    if (typeof options.maxAge === "number") {
+        parts.push(`Max-Age=${Math.max(0, Math.floor(options.maxAge))}`);
+    }
+    if (options.secure) {
+        parts.push("Secure");
+    }
+    return parts.join("; ");
+};
+//# sourceMappingURL=cookies.js.map

package/dist/auth/cookies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../src/auth/cookies.ts"],"names":[],"mappings":"AAUA,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,OAA4B,EAA0B,EAAE;IACnF,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAC3B,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,GAAG;SACP,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;SACnC,MAAM,CAAyB,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;QACjD,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,cAAc,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO,OAAO,CAAC;IACjB,CAAC,EAAE,EAAE,CAAC,CAAC;AACX,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAC7B,IAAY,EACZ,KAAa,EACb,UAAyB,EAAE,EACnB,EAAE;IACV,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAEvD,KAAK,CAAC,IAAI,CAAC,QAAQ,OAAO,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;IAE1C,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACzB,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC,CAAC"}

package/dist/auth/hash.d.ts

@@ -0,0 +1,2 @@
+export declare const hashSecret: (secret: string) => Promise<string>;
+export declare const verifySecret: (secret: string, storedHash: string) => Promise<boolean>;

package/dist/auth/hash.js

@@ -0,0 +1,36 @@
+import { randomBytes, scrypt as scryptCallback, timingSafeEqual } from "node:crypto";
+import { promisify } from "node:util";
+const scrypt = promisify(scryptCallback);
+const HASH_SCHEME = "scrypt";
+const SALT_BYTES = 16;
+const KEY_BYTES = 64;
+const toBuffer = async (secret, salt) => Buffer.from(await scrypt(secret, salt, KEY_BYTES));
+export const hashSecret = async (secret) => {
+    const salt = randomBytes(SALT_BYTES);
+    const derived = await toBuffer(secret, salt);
+    return `${HASH_SCHEME}$${salt.toString("hex")}$${derived.toString("hex")}`;
+};
+export const verifySecret = async (secret, storedHash) => {
+    const parts = storedHash.split("$");
+    if (parts.length !== 3) {
+        return false;
+    }
+    const [scheme, saltHex, hashHex] = parts;
+    if (scheme !== HASH_SCHEME) {
+        return false;
+    }
+    if (!saltHex || !hashHex) {
+        return false;
+    }
+    const salt = Buffer.from(saltHex, "hex");
+    const expectedHash = Buffer.from(hashHex, "hex");
+    if (salt.length === 0 || expectedHash.length === 0) {
+        return false;
+    }
+    const actualHash = await toBuffer(secret, salt);
+    if (actualHash.length !== expectedHash.length) {
+        return false;
+    }
+    return timingSafeEqual(actualHash, expectedHash);
+};
+//# sourceMappingURL=hash.js.map

package/dist/auth/hash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/auth/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,IAAI,cAAc,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACrF,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,MAAM,GAAG,SAAS,CAAC,cAAc,CAInB,CAAC;AAErB,MAAM,WAAW,GAAG,QAAQ,CAAC;AAC7B,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,SAAS,GAAG,EAAE,CAAC;AAErB,MAAM,QAAQ,GAAG,KAAK,EAAE,MAAc,EAAE,IAAY,EAAmB,EAAE,CACvE,MAAM,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;AAErD,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAAE,MAAc,EAAmB,EAAE;IAClE,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7C,OAAO,GAAG,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AAC7E,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,MAAc,EAAE,UAAkB,EAAoB,EAAE;IACzF,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC;IACzC,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACjD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAChD,IAAI,UAAU,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,EAAE,CAAC;QAC9C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,eAAe,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;AACnD,CAAC,CAAC"}

package/dist/auth/oauth.d.ts

@@ -0,0 +1,5 @@
+import type { OAuthProfile, OAuthProviderId } from "./types.js";
+export declare const listConfiguredOAuthProviders: () => OAuthProviderId[];
+export declare const buildOAuthAuthorizationUrl: (provider: OAuthProviderId, callbackUrl: string, stateId: string) => string;
+export declare const getOAuthProfileFromCode: (provider: OAuthProviderId, code: string, callbackUrl: string) => Promise<OAuthProfile>;
+export declare const createOAuthStateId: () => string;

package/dist/auth/oauth.js

@@ -0,0 +1,215 @@
+import { randomBytes } from "node:crypto";
+const PROVIDERS = {
+    github: {
+        id: "github",
+        authorizationEndpoint: "https://github.com/login/oauth/authorize",
+        tokenEndpoint: "https://github.com/login/oauth/access_token",
+        scopes: ["read:user", "user:email"]
+    },
+    google: {
+        id: "google",
+        authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth",
+        tokenEndpoint: "https://oauth2.googleapis.com/token",
+        scopes: ["openid", "profile", "email"]
+    }
+};
+const hasProviderConfig = (provider) => {
+    if (provider === "github") {
+        return Boolean(process.env.ATRIA_AUTH_GITHUB_CLIENT_ID && process.env.ATRIA_AUTH_GITHUB_CLIENT_SECRET);
+    }
+    return Boolean(process.env.ATRIA_AUTH_GOOGLE_CLIENT_ID && process.env.ATRIA_AUTH_GOOGLE_CLIENT_SECRET);
+};
+const getOAuthClientConfig = (provider, callbackUrl) => {
+    if (provider === "github") {
+        const clientId = process.env.ATRIA_AUTH_GITHUB_CLIENT_ID;
+        const clientSecret = process.env.ATRIA_AUTH_GITHUB_CLIENT_SECRET;
+        if (!clientId || !clientSecret) {
+            return null;
+        }
+        return { clientId, clientSecret, callbackUrl };
+    }
+    const clientId = process.env.ATRIA_AUTH_GOOGLE_CLIENT_ID;
+    const clientSecret = process.env.ATRIA_AUTH_GOOGLE_CLIENT_SECRET;
+    if (!clientId || !clientSecret) {
+        return null;
+    }
+    return { clientId, clientSecret, callbackUrl };
+};
+const toJson = async (response) => {
+    const text = await response.text();
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        throw new Error(`Invalid JSON response from OAuth provider: ${text}`);
+    }
+};
+const exchangeCodeForAccessToken = async (provider, code, callbackUrl) => {
+    const providerConfig = PROVIDERS[provider];
+    const clientConfig = getOAuthClientConfig(provider, callbackUrl);
+    if (!providerConfig || !clientConfig) {
+        throw new Error(`OAuth provider "${provider}" is not configured.`);
+    }
+    const body = new URLSearchParams({
+        client_id: clientConfig.clientId,
+        client_secret: clientConfig.clientSecret,
+        code,
+        redirect_uri: clientConfig.callbackUrl,
+        grant_type: "authorization_code"
+    });
+    const tokenResponse = await fetch(providerConfig.tokenEndpoint, {
+        method: "POST",
+        headers: {
+            accept: "application/json",
+            "content-type": "application/x-www-form-urlencoded"
+        },
+        body
+    });
+    const tokenPayload = await toJson(tokenResponse);
+    const accessToken = typeof tokenPayload.access_token === "string" ? tokenPayload.access_token : null;
+    if (!tokenResponse.ok || !accessToken) {
+        const errorDescription = typeof tokenPayload.error_description === "string"
+            ? tokenPayload.error_description
+            : typeof tokenPayload.error === "string"
+                ? tokenPayload.error
+                : tokenResponse.statusText;
+        throw new Error(`OAuth token exchange failed (${provider}): ${errorDescription}`);
+    }
+    return { accessToken };
+};
+const toGitHubEmailEntry = (value) => typeof value === "object" && value !== null ? value : null;
+const getGitHubEmailValue = (entry) => entry && typeof entry.email === "string" ? entry.email : null;
+const isGitHubEmailVerified = (entry) => Boolean(entry && entry.verified === true && typeof entry.email === "string");
+const isGitHubEmailPrimaryAndVerified = (entry) => Boolean(entry &&
+    entry.primary === true &&
+    entry.verified === true &&
+    typeof entry.email === "string");
+const fetchGitHubProfile = async (accessToken) => {
+    const profileResponse = await fetch("https://api.github.com/user", {
+        headers: {
+            authorization: `Bearer ${accessToken}`,
+            "user-agent": "atria-dev-server",
+            accept: "application/vnd.github+json"
+        }
+    });
+    const profilePayload = await toJson(profileResponse);
+    if (!profileResponse.ok) {
+        throw new Error(`GitHub profile request failed: ${profileResponse.statusText}`);
+    }
+    const githubUserId = typeof profilePayload.id === "number"
+        ? String(profilePayload.id)
+        : typeof profilePayload.id === "string"
+            ? profilePayload.id
+            : null;
+    if (!githubUserId) {
+        throw new Error("GitHub profile did not return a valid user id.");
+    }
+    let email = typeof profilePayload.email === "string" ? profilePayload.email : null;
+    let emailVerified = false;
+    const emailResponse = await fetch("https://api.github.com/user/emails", {
+        headers: {
+            authorization: `Bearer ${accessToken}`,
+            "user-agent": "atria-dev-server",
+            accept: "application/vnd.github+json"
+        }
+    });
+    if (emailResponse.ok) {
+        const emailPayload = (await toJson(emailResponse));
+        if (Array.isArray(emailPayload)) {
+            const entries = emailPayload
+                .map((entry) => toGitHubEmailEntry(entry))
+                .filter((entry) => entry !== null);
+            const verifiedPrimary = entries.find((entry) => isGitHubEmailPrimaryAndVerified(entry)) ?? null;
+            const verifiedAny = entries.find((entry) => isGitHubEmailVerified(entry)) ?? null;
+            const firstAny = entries.find((entry) => typeof entry.email === "string") ?? null;
+            const verifiedPrimaryEmail = getGitHubEmailValue(verifiedPrimary);
+            const verifiedAnyEmail = getGitHubEmailValue(verifiedAny);
+            const firstAnyEmail = getGitHubEmailValue(firstAny);
+            if (verifiedPrimaryEmail) {
+                email = verifiedPrimaryEmail;
+                emailVerified = true;
+            }
+            else if (verifiedAnyEmail) {
+                email = verifiedAnyEmail;
+                emailVerified = true;
+            }
+            else if (!email && firstAnyEmail) {
+                email = firstAnyEmail;
+            }
+            if (email && !emailVerified) {
+                const normalizedEmail = email.toLowerCase();
+                const matchingVerified = entries.find((entry) => {
+                    if (!isGitHubEmailVerified(entry)) {
+                        return false;
+                    }
+                    const entryEmail = getGitHubEmailValue(entry);
+                    return entryEmail ? entryEmail.toLowerCase() === normalizedEmail : false;
+                });
+                emailVerified = matchingVerified !== undefined;
+            }
+        }
+    }
+    return {
+        provider: "github",
+        providerUserId: githubUserId,
+        email,
+        emailVerified,
+        name: typeof profilePayload.name === "string" ? profilePayload.name : null,
+        avatarUrl: typeof profilePayload.avatar_url === "string" ? profilePayload.avatar_url : null
+    };
+};
+const fetchGoogleProfile = async (accessToken) => {
+    const profileResponse = await fetch("https://openidconnect.googleapis.com/v1/userinfo", {
+        headers: {
+            authorization: `Bearer ${accessToken}`,
+            accept: "application/json"
+        }
+    });
+    const profilePayload = await toJson(profileResponse);
+    if (!profileResponse.ok) {
+        throw new Error(`Google profile request failed: ${profileResponse.statusText}`);
+    }
+    const googleUserId = typeof profilePayload.sub === "string" ? profilePayload.sub : null;
+    if (!googleUserId) {
+        throw new Error("Google profile did not return a valid user id.");
+    }
+    const email = typeof profilePayload.email === "string" ? profilePayload.email : null;
+    const emailVerified = email !== null && profilePayload.email_verified === true;
+    return {
+        provider: "google",
+        providerUserId: googleUserId,
+        email,
+        emailVerified,
+        name: typeof profilePayload.name === "string" ? profilePayload.name : null,
+        avatarUrl: typeof profilePayload.picture === "string" ? profilePayload.picture : null
+    };
+};
+export const listConfiguredOAuthProviders = () => Object.keys(PROVIDERS).filter((provider) => hasProviderConfig(provider));
+export const buildOAuthAuthorizationUrl = (provider, callbackUrl, stateId) => {
+    const providerConfig = PROVIDERS[provider];
+    const clientConfig = getOAuthClientConfig(provider, callbackUrl);
+    if (!providerConfig || !clientConfig) {
+        throw new Error(`OAuth provider "${provider}" is not configured.`);
+    }
+    const query = new URLSearchParams({
+        client_id: clientConfig.clientId,
+        redirect_uri: clientConfig.callbackUrl,
+        response_type: "code",
+        scope: providerConfig.scopes.join(" "),
+        state: stateId
+    });
+    if (provider === "google") {
+        query.set("access_type", "offline");
+        query.set("prompt", "consent");
+    }
+    return `${providerConfig.authorizationEndpoint}?${query.toString()}`;
+};
+export const getOAuthProfileFromCode = async (provider, code, callbackUrl) => {
+    const token = await exchangeCodeForAccessToken(provider, code, callbackUrl);
+    if (provider === "github") {
+        return fetchGitHubProfile(token.accessToken);
+    }
+    return fetchGoogleProfile(token.accessToken);
+};
+export const createOAuthStateId = () => randomBytes(24).toString("hex");
+//# sourceMappingURL=oauth.js.map

package/dist/auth/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AA0B1C,MAAM,SAAS,GAAiD;IAC9D,MAAM,EAAE;QACN,EAAE,EAAE,QAAQ;QACZ,qBAAqB,EAAE,0CAA0C;QACjE,aAAa,EAAE,6CAA6C;QAC5D,MAAM,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC;KACpC;IACD,MAAM,EAAE;QACN,EAAE,EAAE,QAAQ;QACZ,qBAAqB,EAAE,8CAA8C;QACrE,aAAa,EAAE,qCAAqC;QACpD,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;KACvC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,QAAyB,EAAW,EAAE;IAC/D,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;IACzG,CAAC;IAED,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;AACzG,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,CAC3B,QAAyB,EACzB,WAAmB,EACO,EAAE;IAC5B,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;QACzD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC;QACjE,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;IACjD,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IACzD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC;IACjE,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC;AACjD,CAAC,CAAC;AAEF,MAAM,MAAM,GAAG,KAAK,EAAE,QAAkB,EAAoC,EAAE;IAC5E,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,8CAA8C,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,0BAA0B,GAAG,KAAK,EACtC,QAAyB,EACzB,IAAY,EACZ,WAAmB,EACU,EAAE;IAC/B,MAAM,cAAc,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,oBAAoB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACjE,IAAI,CAAC,cAAc,IAAI,CAAC,YAAY,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,sBAAsB,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,SAAS,EAAE,YAAY,CAAC,QAAQ;QAChC,aAAa,EAAE,YAAY,CAAC,YAAY;QACxC,IAAI;QACJ,YAAY,EAAE,YAAY,CAAC,WAAW;QACtC,UAAU,EAAE,oBAAoB;KACjC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,aAAa,EAAE;QAC9D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;YAC1B,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI;KACL,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,OAAO,YAAY,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC;IAErG,IAAI,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,gBAAgB,GACpB,OAAO,YAAY,CAAC,iBAAiB,KAAK,QAAQ;YAChD,CAAC,CAAC,YAAY,CAAC,iBAAiB;YAChC,CAAC,CAAC,OAAO,YAAY,CAAC,KAAK,KAAK,QAAQ;gBACtC,CAAC,CAAC,YAAY,CAAC,KAAK;gBACpB,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,MAAM,gBAAgB,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,CAAC;AACzB,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,KAAc,EAA2B,EAAE,CACrE,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,CAAE,KAA0B,CAAC,CAAC,CAAC,IAAI,CAAC;AAEnF,MAAM,mBAAmB,GAAG,CAAC,KAA8B,EAAiB,EAAE,CAC5E,KAAK,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAEhE,MAAM,qBAAqB,GAAG,CAAC,KAA8B,EAAW,EAAE,CACxE,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC;AAE/E,MAAM,+BAA+B,GAAG,CAAC,KAA8B,EAAW,EAAE,CAClF,OAAO,CACL,KAAK;IACH,KAAK,CAAC,OAAO,KAAK,IAAI;IACtB,KAAK,CAAC,QAAQ,KAAK,IAAI;IACvB,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAClC,CAAC;AAEJ,MAAM,kBAAkB,GAAG,KAAK,EAAE,WAAmB,EAAyB,EAAE;IAC9E,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,6BAA6B,EAAE;QACjE,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,YAAY,EAAE,kBAAkB;YAChC,MAAM,EAAE,6BAA6B;SACtC;KACF,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;IACrD,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,kCAAkC,eAAe,CAAC,UAAU,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,YAAY,GAChB,OAAO,cAAc,CAAC,EAAE,KAAK,QAAQ;QACnC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;QAC3B,CAAC,CAAC,OAAO,cAAc,CAAC,EAAE,KAAK,QAAQ;YACrC,CAAC,CAAC,cAAc,CAAC,EAAE;YACnB,CAAC,CAAC,IAAI,CAAC;IACb,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,IAAI,KAAK,GAAG,OAAO,cAAc,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IACnF,IAAI,aAAa,GAAG,KAAK,CAAC;IAE1B,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,oCAAoC,EAAE;QACtE,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,YAAY,EAAE,kBAAkB;YAChC,MAAM,EAAE,6BAA6B;SACtC;KACF,CAAC,CAAC;IAEH,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;QACrB,MAAM,YAAY,GAAG,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,CAAY,CAAC;QAC9D,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,YAAY;iBACzB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;iBACzC,MAAM,CAAC,CAAC,KAAK,EAA6B,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;YAEhE,MAAM,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,+BAA+B,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC;YAChG,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC;YAClF,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,IAAI,IAAI,CAAC;YAElF,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,eAAe,CAAC,CAAC;YAClE,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;YAC1D,MAAM,aAAa,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAEpD,IAAI,oBAAoB,EAAE,CAAC;gBACzB,KAAK,GAAG,oBAAoB,CAAC;gBAC7B,aAAa,GAAG,IAAI,CAAC;YACvB,CAAC;iBAAM,IAAI,gBAAgB,EAAE,CAAC;gBAC5B,KAAK,GAAG,gBAAgB,CAAC;gBACzB,aAAa,GAAG,IAAI,CAAC;YACvB,CAAC;iBAAM,IAAI,CAAC,KAAK,IAAI,aAAa,EAAE,CAAC;gBACnC,KAAK,GAAG,aAAa,CAAC;YACxB,CAAC;YAED,IAAI,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC5B,MAAM,eAAe,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;gBAC5C,MAAM,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC9C,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,EAAE,CAAC;wBAClC,OAAO,KAAK,CAAC;oBACf,CAAC;oBAED,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;oBAC9C,OAAO,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC3E,CAAC,CAAC,CAAC;gBAEH,aAAa,GAAG,gBAAgB,KAAK,SAAS,CAAC;YACjD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,QAAQ;QAClB,cAAc,EAAE,YAAY;QAC5B,KAAK;QACL,aAAa;QACb,IAAI,EAAE,OAAO,cAAc,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;QAC1E,SAAS,EAAE,OAAO,cAAc,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI;KAC5F,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,KAAK,EAAE,WAAmB,EAAyB,EAAE;IAC9E,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,kDAAkD,EAAE;QACtF,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,MAAM,EAAE,kBAAkB;SAC3B;KACF,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;IACrD,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,kCAAkC,eAAe,CAAC,UAAU,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,cAAc,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,cAAc,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IACrF,MAAM,aAAa,GAAG,KAAK,KAAK,IAAI,IAAI,cAAc,CAAC,cAAc,KAAK,IAAI,CAAC;IAE/E,OAAO;QACL,QAAQ,EAAE,QAAQ;QAClB,cAAc,EAAE,YAAY;QAC5B,KAAK;QACL,aAAa;QACb,IAAI,EAAE,OAAO,cAAc,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;QAC1E,SAAS,EAAE,OAAO,cAAc,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI;KACtF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,4BAA4B,GAAG,GAAsB,EAAE,CACjE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAuB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;AAElG,MAAM,CAAC,MAAM,0BAA0B,GAAG,CACxC,QAAyB,EACzB,WAAmB,EACnB,OAAe,EACP,EAAE;IACV,MAAM,cAAc,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,oBAAoB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACjE,IAAI,CAAC,cAAc,IAAI,CAAC,YAAY,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,sBAAsB,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC;QAChC,SAAS,EAAE,YAAY,CAAC,QAAQ;QAChC,YAAY,EAAE,YAAY,CAAC,WAAW;QACtC,aAAa,EAAE,MAAM;QACrB,KAAK,EAAE,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACtC,KAAK,EAAE,OAAO;KACf,CAAC,CAAC;IAEH,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QACpC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,GAAG,cAAc,CAAC,qBAAqB,IAAI,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC;AACvE,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG,KAAK,EAC1C,QAAyB,EACzB,IAAY,EACZ,WAAmB,EACI,EAAE;IACzB,MAAM,KAAK,GAAG,MAAM,0BAA0B,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IAC5E,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,kBAAkB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,kBAAkB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAW,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC"}

package/dist/auth/runtime.d.ts

@@ -0,0 +1,28 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { type AuthMethod } from "@atria/shared";
+interface CreateAuthRuntimeOptions {
+    projectRoot: string;
+    port: number;
+}
+interface OwnerSetupState {
+    pending: boolean;
+    preferredAuthMethod: AuthMethod | null;
+}
+export interface AuthRuntime {
+    handleRequest: (request: IncomingMessage, response: ServerResponse, requestUrl: URL) => Promise<boolean>;
+    hasUsers: () => Promise<boolean>;
+    getOwnerSetupState: () => Promise<OwnerSetupState>;
+    getSession: (request: IncomingMessage) => Promise<SessionResult>;
+    close: () => Promise<void>;
+}
+interface SessionResult {
+    authenticated: boolean;
+    user: {
+        id: string;
+        email: string | null;
+        name: string | null;
+        avatarUrl: string | null;
+    } | null;
+}
+export declare const createAuthRuntime: (options: CreateAuthRuntimeOptions) => AuthRuntime;
+export {};