@aura-stack/auth 0.1.0-rc.1

package/dist/index.d.ts

@@ -0,0 +1,43 @@
+import { JWTPayload } from '@aura-stack/jose/jose';
+import * as _aura_stack_router from '@aura-stack/router';
+import { c as AuthConfig } from './index-CGRZ0wrw.js';
+import 'zod/v4';
+import './jose.js';
+import './schemas.js';
+import 'zod/v4/core';
+import 'cookie';
+import './@types/utility.js';
+
+/**
+ * Creates the authentication instance with the configuration provided for OAuth provider.
+ * > NOTE: The handlers returned by this function should be used in the server to handle the authentication routes
+ * and within the `/auth` base path
+ *
+ * @param authConfig - Authentication configuration including OAuth provider
+ * @returns Authentication instance with handlers to be used in the server
+ * @example
+ * const auth = createAuth({
+ *   oauth: ["github", {
+ *     id: "custom-oauth",
+ *     name: "custom-oauth",
+ *     authorizationURL: "https://custom-oauth.com/oauth/authorize",
+ *     accessToken: "https://custom-oauth.com/oauth/token",
+ *     scope: "profile email",
+ *     responseType: "code",
+ *     userInfo: "https://custom-oauth.com/api/userinfo",
+ *     clientId: process.env.AURA_AUTH_CUSTOM_OAUTH_CLIENT_ID!,
+ *     clientSecret: process.env.AURA_AUTH_CUSTOM_OAUTH_CLIENT_SECRET!,
+ *   }]
+ * })
+ */
+declare const createAuth: (authConfig: AuthConfig) => {
+    handlers: _aura_stack_router.GetHttpHandlers<[_aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {}>, _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {}>, _aura_stack_router.RouteEndpoint<"GET", "/session", {}>, _aura_stack_router.RouteEndpoint<"POST", "/signOut", {}>, _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {}>]>;
+    jose: {
+        decodeJWT: (token: string) => Promise<JWTPayload>;
+        encodeJWT: (payload: JWTPayload) => Promise<string>;
+        signJWS: (payload: JWTPayload) => Promise<string>;
+        verifyJWS: (payload: string) => Promise<JWTPayload>;
+    };
+};
+
+export { createAuth };

package/dist/index.js

@@ -0,0 +1,75 @@
+import {
+  createBuiltInOAuthProviders
+} from "./chunk-VFTYH33W.js";
+import "./chunk-FKRDCWBF.js";
+import "./chunk-IKHPGFCW.js";
+import "./chunk-KRNOMBXQ.js";
+import "./chunk-E3OXBRYF.js";
+import "./chunk-42XB3YCW.js";
+import "./chunk-ITQ7352M.js";
+import {
+  csrfTokenAction
+} from "./chunk-SMQO5WD7.js";
+import {
+  sessionAction
+} from "./chunk-XXJKNKGQ.js";
+import {
+  signInAction
+} from "./chunk-LLR722CL.js";
+import {
+  signOutAction
+} from "./chunk-SJPDVKUS.js";
+import "./chunk-CAKJT3KS.js";
+import {
+  callbackAction
+} from "./chunk-HGJ4TXY4.js";
+import "./chunk-RLT4RFKV.js";
+import "./chunk-UJJ7R56J.js";
+import "./chunk-FIPU4MLT.js";
+import "./chunk-EBPE35JT.js";
+import {
+  defaultCookieConfig
+} from "./chunk-ZV4BH47P.js";
+import "./chunk-6SM22VVJ.js";
+import "./chunk-STHEPPUZ.js";
+import {
+  createJoseInstance
+} from "./chunk-X7M4CQTN.js";
+import "./chunk-GZU3RBTB.js";
+import {
+  onErrorHandler
+} from "./chunk-256KIVJL.js";
+import "./chunk-FJUDBLCP.js";
+import "./chunk-JAPMIE6S.js";
+import "./chunk-HMRKN75I.js";
+
+// src/index.ts
+import "dotenv/config";
+import { createRouter } from "@aura-stack/router";
+var createInternalConfig = (authConfig) => {
+  return {
+    basePath: authConfig?.basePath ?? "/auth",
+    onError: onErrorHandler,
+    context: {
+      oauth: createBuiltInOAuthProviders(authConfig?.oauth),
+      cookies: authConfig?.cookies ?? defaultCookieConfig,
+      jose: createJoseInstance(authConfig?.secret),
+      basePath: authConfig?.basePath ?? "/auth",
+      trustedProxyHeaders: !!authConfig?.trustedProxyHeaders
+    }
+  };
+};
+var createAuth = (authConfig) => {
+  const config = createInternalConfig(authConfig);
+  const router = createRouter(
+    [signInAction(config.context.oauth), callbackAction(config.context.oauth), sessionAction, signOutAction, csrfTokenAction],
+    config
+  );
+  return {
+    handlers: router,
+    jose: config.context.jose
+  };
+};
+export {
+  createAuth
+};

package/dist/jose.cjs

@@ -0,0 +1,68 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/jose.ts
+var jose_exports = {};
+__export(jose_exports, {
+  createJoseInstance: () => createJoseInstance
+});
+module.exports = __toCommonJS(jose_exports);
+var import_config = require("dotenv/config");
+var import_jose = require("@aura-stack/jose");
+
+// src/secure.ts
+var import_node_crypto = __toESM(require("crypto"), 1);
+
+// src/utils.ts
+var import_router = require("@aura-stack/router");
+
+// src/secure.ts
+var createDerivedSalt = (secret) => {
+  return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
+};
+
+// src/jose.ts
+var createJoseInstance = (secret) => {
+  secret ?? (secret = process.env.AURA_AUTH_SECRET);
+  const salt = process.env.AURA_AUTH_SALT ?? createDerivedSalt(secret);
+  const { derivedKey: derivedSessionKey } = (0, import_jose.createDeriveKey)(secret, salt, "session");
+  const { derivedKey: derivedCsrfTokenKey } = (0, import_jose.createDeriveKey)(secret, salt, "csrfToken");
+  const { decodeJWT, encodeJWT } = (0, import_jose.createJWT)(derivedSessionKey);
+  const { signJWS, verifyJWS } = (0, import_jose.createJWS)(derivedCsrfTokenKey);
+  return {
+    decodeJWT,
+    encodeJWT,
+    signJWS,
+    verifyJWS
+  };
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createJoseInstance
+});

package/dist/jose.d.ts

@@ -0,0 +1,20 @@
+import * as _aura_stack_jose_jose from '@aura-stack/jose/jose';
+export { JWTPayload } from '@aura-stack/jose/jose';
+
+/**
+ * Creates the JOSE instance used for signing and verifying tokens. It derives keys
+ * for session tokens and CSRF tokens. For security and determinism, it uses the
+ * `AURA_AUTH_SALT` environment variable if available; otherwise,it uses a derived
+ * salt based on the provided secret.
+ *
+ * @param secret the base secret for key derivation
+ * @returns jose instance with methods for encoding/decoding JWTs and signing/verifying JWSs
+ */
+declare const createJoseInstance: (secret?: string) => {
+    decodeJWT: (token: string) => Promise<_aura_stack_jose_jose.JWTPayload>;
+    encodeJWT: (payload: _aura_stack_jose_jose.JWTPayload) => Promise<string>;
+    signJWS: (payload: _aura_stack_jose_jose.JWTPayload) => Promise<string>;
+    verifyJWS: (payload: string) => Promise<_aura_stack_jose_jose.JWTPayload>;
+};
+
+export { createJoseInstance };

package/dist/jose.js

@@ -0,0 +1,9 @@
+import {
+  createJoseInstance
+} from "./chunk-X7M4CQTN.js";
+import "./chunk-GZU3RBTB.js";
+import "./chunk-256KIVJL.js";
+import "./chunk-FJUDBLCP.js";
+export {
+  createJoseInstance
+};

package/dist/oauth/bitbucket.cjs

@@ -0,0 +1,45 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/oauth/bitbucket.ts
+var bitbucket_exports = {};
+__export(bitbucket_exports, {
+  bitbucket: () => bitbucket
+});
+module.exports = __toCommonJS(bitbucket_exports);
+var bitbucket = {
+  id: "bitbucket",
+  name: "Bitbucket",
+  authorizeURL: "https://bitbucket.org/site/oauth2/authorize",
+  accessToken: "https://bitbucket.org/site/oauth2/access_token",
+  userInfo: "https://api.bitbucket.org/2.0/user",
+  scope: "account email",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.uuid ?? profile.account_id,
+      name: profile.display_name ?? profile.nickname,
+      image: profile.links.avatar.href
+    };
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  bitbucket
+});

package/dist/oauth/bitbucket.d.cts

@@ -0,0 +1,9 @@
+export { B as BitbucketProfile, h as bitbucket } from '../index-B1vDUGwh.cjs';
+import '../@types/utility.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';

package/dist/oauth/bitbucket.d.ts

@@ -0,0 +1,9 @@
+export { B as BitbucketProfile, h as bitbucket } from '../index-CGRZ0wrw.js';
+import '../@types/utility.js';
+import 'zod/v4';
+import '../jose.js';
+import '@aura-stack/jose/jose';
+import '../schemas.js';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';

package/dist/oauth/bitbucket.js

@@ -0,0 +1,6 @@
+import {
+  bitbucket
+} from "../chunk-FIPU4MLT.js";
+export {
+  bitbucket
+};

package/dist/oauth/discord.cjs

@@ -0,0 +1,55 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/oauth/discord.ts
+var discord_exports = {};
+__export(discord_exports, {
+  discord: () => discord
+});
+module.exports = __toCommonJS(discord_exports);
+var discord = {
+  id: "discord",
+  name: "Discord",
+  authorizeURL: "https://discord.com/oauth2/authorize",
+  accessToken: "https://discord.com/api/oauth2/token",
+  userInfo: "https://discord.com/api/users/@me",
+  scope: "identify email",
+  responseType: "code",
+  profile(profile) {
+    let image = "";
+    if (profile.avatar === null) {
+      const index = profile.discriminator === "0" ? (BigInt(profile.id) >> 22n) % 6n : Number(profile.discriminator) % 5;
+      image = `https://cdn.discordapp.com/embed/avatars/${index}.png`;
+    } else {
+      const format = profile.avatar.startsWith("a_") ? "gif" : "png";
+      image = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
+    }
+    return {
+      sub: profile.id,
+      // https://discord.com/developers/docs/change-log#display-names
+      name: profile.global_name ?? profile.username,
+      email: profile.email ?? "",
+      image
+    };
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  discord
+});

package/dist/oauth/discord.d.cts

@@ -0,0 +1,9 @@
+export { D as DiscordProfile, N as Nameplate, e as discord } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/discord.d.ts

@@ -0,0 +1,9 @@
+export { D as DiscordProfile, N as Nameplate, e as discord } from '../index-CGRZ0wrw.js';
+import 'zod/v4';
+import '../jose.js';
+import '@aura-stack/jose/jose';
+import '../schemas.js';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.js';

package/dist/oauth/discord.js

@@ -0,0 +1,6 @@
+import {
+  discord
+} from "../chunk-EBPE35JT.js";
+export {
+  discord
+};

package/dist/oauth/figma.cjs

@@ -0,0 +1,46 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/oauth/figma.ts
+var figma_exports = {};
+__export(figma_exports, {
+  figma: () => figma
+});
+module.exports = __toCommonJS(figma_exports);
+var figma = {
+  id: "figma",
+  name: "Figma",
+  authorizeURL: "https://www.figma.com/oauth",
+  accessToken: "https://api.figma.com/v1/oauth/token",
+  userInfo: "https://api.figma.com/v1/me",
+  scope: "current_user:read",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.id,
+      name: profile.handle,
+      email: profile.email,
+      image: profile.img_url
+    };
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  figma
+});

package/dist/oauth/figma.d.cts

@@ -0,0 +1,9 @@
+export { F as FigmaProfile, f as figma } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/figma.d.ts

@@ -0,0 +1,9 @@
+export { F as FigmaProfile, f as figma } from '../index-CGRZ0wrw.js';
+import 'zod/v4';
+import '../jose.js';
+import '@aura-stack/jose/jose';
+import '../schemas.js';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.js';

package/dist/oauth/figma.js

@@ -0,0 +1,6 @@
+import {
+  figma
+} from "../chunk-FKRDCWBF.js";
+export {
+  figma
+};

package/dist/oauth/github.cjs

@@ -0,0 +1,38 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/oauth/github.ts
+var github_exports = {};
+__export(github_exports, {
+  github: () => github
+});
+module.exports = __toCommonJS(github_exports);
+var github = {
+  id: "github",
+  name: "GitHub",
+  authorizeURL: "https://github.com/login/oauth/authorize",
+  accessToken: "https://github.com/login/oauth/access_token",
+  userInfo: "https://api.github.com/user",
+  scope: "read:user user:email",
+  responseType: "code"
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  github
+});

package/dist/oauth/github.d.cts

@@ -0,0 +1,9 @@
+export { i as GitHubProfile, j as github } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/github.d.ts

@@ -0,0 +1,9 @@
+export { i as GitHubProfile, j as github } from '../index-CGRZ0wrw.js';
+import 'zod/v4';
+import '../jose.js';
+import '@aura-stack/jose/jose';
+import '../schemas.js';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.js';

package/dist/oauth/github.js

@@ -0,0 +1,6 @@
+import {
+  github
+} from "../chunk-IKHPGFCW.js";
+export {
+  github
+};

package/dist/oauth/gitlab.cjs

@@ -0,0 +1,46 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/oauth/gitlab.ts
+var gitlab_exports = {};
+__export(gitlab_exports, {
+  gitlab: () => gitlab
+});
+module.exports = __toCommonJS(gitlab_exports);
+var gitlab = {
+  id: "gitlab",
+  name: "GitLab",
+  authorizeURL: "https://gitlab.com/oauth/authorize",
+  accessToken: "https://gitlab.com/oauth/token",
+  userInfo: "https://gitlab.com/api/v4/user",
+  scope: "read_user",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.id.toString(),
+      name: profile.name ?? profile.username,
+      email: profile.email,
+      avatar: profile.avatar_url
+    };
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  gitlab
+});

package/dist/oauth/gitlab.d.cts

@@ -0,0 +1,9 @@
+export { G as GitLabProfile, g as gitlab } from '../index-B1vDUGwh.cjs';
+import 'zod/v4';
+import '../jose.cjs';
+import '@aura-stack/jose/jose';
+import '../schemas.cjs';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.cjs';

package/dist/oauth/gitlab.d.ts

@@ -0,0 +1,9 @@
+export { G as GitLabProfile, g as gitlab } from '../index-CGRZ0wrw.js';
+import 'zod/v4';
+import '../jose.js';
+import '@aura-stack/jose/jose';
+import '../schemas.js';
+import 'zod/v4/core';
+import '@aura-stack/router';
+import 'cookie';
+import '../@types/utility.js';

package/dist/oauth/gitlab.js

@@ -0,0 +1,6 @@
+import {
+  gitlab
+} from "../chunk-KRNOMBXQ.js";
+export {
+  gitlab
+};