@aura-stack/auth 0.1.0-rc.7 → 0.1.0-rc.8

package/dist/schemas.js

@@ -1,20 +1,20 @@
 import {
-  OAuthAccessToken,
-  OAuthAccessTokenErrorResponse,
-  OAuthAccessTokenResponse,
-  OAuthAuthorization,
-  OAuthAuthorizationErrorResponse,
-  OAuthAuthorizationResponse,
-  OAuthErrorResponse,
-  OAuthProviderConfigSchema
-} from "./chunk-HMRKN75I.js";
+    OAuthAccessToken,
+    OAuthAccessTokenErrorResponse,
+    OAuthAccessTokenResponse,
+    OAuthAuthorization,
+    OAuthAuthorizationErrorResponse,
+    OAuthAuthorizationResponse,
+    OAuthErrorResponse,
+    OAuthProviderConfigSchema,
+} from "./chunk-HMRKN75I.js"
 export {
-  OAuthAccessToken,
-  OAuthAccessTokenErrorResponse,
-  OAuthAccessTokenResponse,
-  OAuthAuthorization,
-  OAuthAuthorizationErrorResponse,
-  OAuthAuthorizationResponse,
-  OAuthErrorResponse,
-  OAuthProviderConfigSchema
-};
+    OAuthAccessToken,
+    OAuthAccessTokenErrorResponse,
+    OAuthAccessTokenResponse,
+    OAuthAuthorization,
+    OAuthAuthorizationErrorResponse,
+    OAuthAuthorizationResponse,
+    OAuthErrorResponse,
+    OAuthProviderConfigSchema,
+}

package/dist/secure.cjs

@@ -1,120 +1,123 @@
-"use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
+"use strict"
+var __create = Object.create
+var __defProp = Object.defineProperty
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor
+var __getOwnPropNames = Object.getOwnPropertyNames
+var __getProtoOf = Object.getPrototypeOf
+var __hasOwnProp = Object.prototype.hasOwnProperty
 var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
+    for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
+}
 var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+    if ((from && typeof from === "object") || typeof from === "function") {
+        for (let key of __getOwnPropNames(from))
+            if (!__hasOwnProp.call(to, key) && key !== except)
+                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
+    }
+    return to
+}
+var __toESM = (mod, isNodeMode, target) => (
+    (target = mod != null ? __create(__getProtoOf(mod)) : {}),
+    __copyProps(
+        // If the importer is in node compatibility mode or this is not an ESM
+        // file that has been converted to a CommonJS file using a Babel-
+        // compatible transform (i.e. "__esModule" has not been set), then set
+        // "default" to the CommonJS "module.exports" for node compatibility.
+        isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+        mod
+    )
+)
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
 
 // src/secure.ts
-var secure_exports = {};
+var secure_exports = {}
 __export(secure_exports, {
-  createCSRF: () => createCSRF,
-  createDerivedSalt: () => createDerivedSalt,
-  createHash: () => createHash,
-  createPKCE: () => createPKCE,
-  generateSecure: () => generateSecure,
-  verifyCSRF: () => verifyCSRF
-});
-module.exports = __toCommonJS(secure_exports);
-var import_node_crypto = __toESM(require("crypto"), 1);
+    createCSRF: () => createCSRF,
+    createDerivedSalt: () => createDerivedSalt,
+    createHash: () => createHash,
+    createPKCE: () => createPKCE,
+    generateSecure: () => generateSecure,
+    verifyCSRF: () => verifyCSRF,
+})
+module.exports = __toCommonJS(secure_exports)
+var import_node_crypto = __toESM(require("crypto"), 1)
 
 // src/utils.ts
-var import_router = require("@aura-stack/router");
+var import_router = require("@aura-stack/router")
 
 // src/error.ts
 var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
-  }
-};
+    constructor(type, message) {
+        super(message)
+        this.type = type
+        this.name = "AuthError"
+    }
+}
 var InvalidCsrfTokenError = class extends AuthError {
-  constructor(message = "The provided CSRF token is invalid or has expired") {
-    super("invalid_csrf_token", message);
-    this.name = "InvalidCsrfTokenError";
-  }
-};
+    constructor(message = "The provided CSRF token is invalid or has expired") {
+        super("invalid_csrf_token", message)
+        this.name = "InvalidCsrfTokenError"
+    }
+}
 
 // src/utils.ts
 var equals = (a, b) => {
-  if (a === null || b === null || a === void 0 || b === void 0) return false;
-  return a === b;
-};
+    if (a === null || b === null || a === void 0 || b === void 0) return false
+    return a === b
+}
 
 // src/secure.ts
 var generateSecure = (length = 32) => {
-  return import_node_crypto.default.randomBytes(length).toString("base64url");
-};
+    return import_node_crypto.default.randomBytes(length).toString("base64url")
+}
 var createHash = (data, base = "hex") => {
-  return import_node_crypto.default.createHash("sha256").update(data).digest().toString(base);
-};
+    return import_node_crypto.default.createHash("sha256").update(data).digest().toString(base)
+}
 var createPKCE = async (verifier) => {
-  const codeVerifier = verifier ?? generateSecure(86);
-  const codeChallenge = createHash(codeVerifier, "base64url");
-  return { codeVerifier, codeChallenge, method: "S256" };
-};
+    const codeVerifier = verifier ?? generateSecure(86)
+    const codeChallenge = createHash(codeVerifier, "base64url")
+    return { codeVerifier, codeChallenge, method: "S256" }
+}
 var createCSRF = async (jose, csrfCookie) => {
-  try {
-    const token = generateSecure(32);
-    if (csrfCookie) {
-      await jose.verifyJWS(csrfCookie);
-      return csrfCookie;
+    try {
+        const token = generateSecure(32)
+        if (csrfCookie) {
+            await jose.verifyJWS(csrfCookie)
+            return csrfCookie
+        }
+        return jose.signJWS({ token })
+    } catch {
+        const token = generateSecure(32)
+        return jose.signJWS({ token })
     }
-    return jose.signJWS({ token });
-  } catch {
-    const token = generateSecure(32);
-    return jose.signJWS({ token });
-  }
-};
+}
 var verifyCSRF = async (jose, cookie, header) => {
-  try {
-    const { token: cookieToken } = await jose.verifyJWS(cookie);
-    const { token: headerToken } = await jose.verifyJWS(header);
-    const cookieBuffer = Buffer.from(cookieToken);
-    const headerBuffer = Buffer.from(headerToken);
-    if (!equals(headerBuffer.length, cookieBuffer.length)) {
-      throw new InvalidCsrfTokenError();
-    }
-    if (!import_node_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
-      throw new InvalidCsrfTokenError();
+    try {
+        const { token: cookieToken } = await jose.verifyJWS(cookie)
+        const { token: headerToken } = await jose.verifyJWS(header)
+        const cookieBuffer = Buffer.from(cookieToken)
+        const headerBuffer = Buffer.from(headerToken)
+        if (!equals(headerBuffer.length, cookieBuffer.length)) {
+            throw new InvalidCsrfTokenError()
+        }
+        if (!import_node_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
+            throw new InvalidCsrfTokenError()
+        }
+        return true
+    } catch {
+        throw new InvalidCsrfTokenError()
     }
-    return true;
-  } catch {
-    throw new InvalidCsrfTokenError();
-  }
-};
+}
 var createDerivedSalt = (secret) => {
-  return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
-};
+    return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex")
+}
 // Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  createCSRF,
-  createDerivedSalt,
-  createHash,
-  createPKCE,
-  generateSecure,
-  verifyCSRF
-});
+0 &&
+    (module.exports = {
+        createCSRF,
+        createDerivedSalt,
+        createHash,
+        createPKCE,
+        generateSecure,
+        verifyCSRF,
+    })

package/dist/secure.d.ts

@@ -1,13 +1,13 @@
-import { A as AuthRuntimeConfig } from './index-DpfbvTZ_.js';
-import 'zod/v4';
-import '@aura-stack/jose/jose';
-import './schemas.js';
-import 'zod/v4/core';
-import 'cookie';
-import './@types/utility.js';
+import { A as AuthRuntimeConfig } from "./index-DpfbvTZ_.js"
+import "zod/v4"
+import "@aura-stack/jose/jose"
+import "./schemas.js"
+import "zod/v4/core"
+import "cookie"
+import "./@types/utility.js"
 
-declare const generateSecure: (length?: number) => string;
-declare const createHash: (data: string, base?: "hex" | "base64" | "base64url") => string;
+declare const generateSecure: (length?: number) => string
+declare const createHash: (data: string, base?: "hex" | "base64" | "base64url") => string
 /**
  * Creates the code challenge flow for PKCE OAuth flow. It generates a code verifier and its corresponding
  * code challenge using SHA-256 hashing.
@@ -18,24 +18,24 @@ declare const createHash: (data: string, base?: "hex" | "base64" | "base64url")
  * @see https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
  */
 declare const createPKCE: (verifier?: string) => Promise<{
-    codeVerifier: string;
-    codeChallenge: string;
-    method: string;
-}>;
+    codeVerifier: string
+    codeChallenge: string
+    method: string
+}>
 /**
  * Creates a CSRF token to be used in OAuth flows to prevent cross-site request forgery attacks.
  *
  * @param csrfCookie - Optional existing CSRF cookie to verify and reuse
  * @returns Signed CSRF token
  */
-declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
-declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>;
+declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>
+declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>
 /**
  * Creates a deterministic derived salt from the provided secret.
  *
  * @param secret the base secret to derive the salt from
  * @returns the derived salt as a hexadecimal string
  */
-declare const createDerivedSalt: (secret: string) => string;
+declare const createDerivedSalt: (secret: string) => string
 
-export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF };
+export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF }

package/dist/secure.js

@@ -1,18 +1,4 @@
-import {
-  createCSRF,
-  createDerivedSalt,
-  createHash,
-  createPKCE,
-  generateSecure,
-  verifyCSRF
-} from "./chunk-GZU3RBTB.js";
-import "./chunk-256KIVJL.js";
-import "./chunk-FJUDBLCP.js";
-export {
-  createCSRF,
-  createDerivedSalt,
-  createHash,
-  createPKCE,
-  generateSecure,
-  verifyCSRF
-};
+import { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF } from "./chunk-GZU3RBTB.js"
+import "./chunk-256KIVJL.js"
+import "./chunk-FJUDBLCP.js"
+export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF }

package/dist/utils.cjs

@@ -1,141 +1,154 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
+"use strict"
+var __defProp = Object.defineProperty
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor
+var __getOwnPropNames = Object.getOwnPropertyNames
+var __hasOwnProp = Object.prototype.hasOwnProperty
 var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
+    for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
+}
 var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+    if ((from && typeof from === "object") || typeof from === "function") {
+        for (let key of __getOwnPropNames(from))
+            if (!__hasOwnProp.call(to, key) && key !== except)
+                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
+    }
+    return to
+}
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
 
 // src/utils.ts
-var utils_exports = {};
+var utils_exports = {}
 __export(utils_exports, {
-  equals: () => equals,
-  getNormalizedOriginPath: () => getNormalizedOriginPath,
-  isValidRelativePath: () => isValidRelativePath,
-  onErrorHandler: () => onErrorHandler,
-  sanitizeURL: () => sanitizeURL,
-  toCastCase: () => toCastCase,
-  toISOString: () => toISOString,
-  toSnakeCase: () => toSnakeCase,
-  toUpperCase: () => toUpperCase
-});
-module.exports = __toCommonJS(utils_exports);
-var import_router = require("@aura-stack/router");
+    equals: () => equals,
+    getNormalizedOriginPath: () => getNormalizedOriginPath,
+    isValidRelativePath: () => isValidRelativePath,
+    onErrorHandler: () => onErrorHandler,
+    sanitizeURL: () => sanitizeURL,
+    toCastCase: () => toCastCase,
+    toISOString: () => toISOString,
+    toSnakeCase: () => toSnakeCase,
+    toUpperCase: () => toUpperCase,
+})
+module.exports = __toCommonJS(utils_exports)
+var import_router = require("@aura-stack/router")
 
 // src/error.ts
 var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
-  }
-};
+    constructor(type, message) {
+        super(message)
+        this.type = type
+        this.name = "AuthError"
+    }
+}
 var isAuthError = (error) => {
-  return error instanceof AuthError;
-};
+    return error instanceof AuthError
+}
 
 // src/utils.ts
 var toSnakeCase = (str) => {
-  return str.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2").toLowerCase().replace(/^_+/, "");
-};
+    return str
+        .replace(/([a-z0-9])([A-Z])/g, "$1_$2")
+        .replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2")
+        .toLowerCase()
+        .replace(/^_+/, "")
+}
 var toUpperCase = (str) => {
-  return str.toUpperCase();
-};
+    return str.toUpperCase()
+}
 var toCastCase = (obj, type = "snake") => {
-  return Object.entries(obj).reduce((previous, [key, value]) => {
-    const newKey = type === "snake" ? toSnakeCase(key) : toUpperCase(key);
-    return { ...previous, [newKey]: value };
-  }, {});
-};
+    return Object.entries(obj).reduce((previous, [key, value]) => {
+        const newKey = type === "snake" ? toSnakeCase(key) : toUpperCase(key)
+        return { ...previous, [newKey]: value }
+    }, {})
+}
 var equals = (a, b) => {
-  if (a === null || b === null || a === void 0 || b === void 0) return false;
-  return a === b;
-};
+    if (a === null || b === null || a === void 0 || b === void 0) return false
+    return a === b
+}
 var sanitizeURL = (url) => {
-  try {
-    let decodedURL = decodeURIComponent(url).trim();
-    const protocolMatch = decodedURL.match(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)/);
-    let protocol = "";
-    let rest = decodedURL;
-    if (protocolMatch) {
-      protocol = protocolMatch[1];
-      rest = decodedURL.slice(protocol.length);
-      const slashIndex = rest.indexOf("/");
-      if (slashIndex === -1) {
-        return protocol + rest;
-      }
-      const domain = rest.slice(0, slashIndex);
-      let path = rest.slice(slashIndex).replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
-      if (path !== "/" && path.endsWith("/")) {
-        path = path.replace(/\/+$/, "/");
-      } else if (path !== "/") {
-        path = path.replace(/\/+$/, "");
-      }
-      return protocol + domain + path;
-    }
-    let sanitized = decodedURL.replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
-    if (sanitized !== "/" && sanitized.endsWith("/")) {
-      sanitized = sanitized.replace(/\/+$/, "/");
-    } else if (sanitized !== "/") {
-      sanitized = sanitized.replace(/\/+$/, "");
+    try {
+        let decodedURL = decodeURIComponent(url).trim()
+        const protocolMatch = decodedURL.match(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)/)
+        let protocol = ""
+        let rest = decodedURL
+        if (protocolMatch) {
+            protocol = protocolMatch[1]
+            rest = decodedURL.slice(protocol.length)
+            const slashIndex = rest.indexOf("/")
+            if (slashIndex === -1) {
+                return protocol + rest
+            }
+            const domain = rest.slice(0, slashIndex)
+            let path = rest
+                .slice(slashIndex)
+                .replace(/\/\.\.\//g, "/")
+                .replace(/\/\.\.$/, "")
+                .replace(/\.{2,}/g, "")
+                .replace(/\/{2,}/g, "/")
+            if (path !== "/" && path.endsWith("/")) {
+                path = path.replace(/\/+$/, "/")
+            } else if (path !== "/") {
+                path = path.replace(/\/+$/, "")
+            }
+            return protocol + domain + path
+        }
+        let sanitized = decodedURL
+            .replace(/\/\.\.\//g, "/")
+            .replace(/\/\.\.$/, "")
+            .replace(/\.{2,}/g, "")
+            .replace(/\/{2,}/g, "/")
+        if (sanitized !== "/" && sanitized.endsWith("/")) {
+            sanitized = sanitized.replace(/\/+$/, "/")
+        } else if (sanitized !== "/") {
+            sanitized = sanitized.replace(/\/+$/, "")
+        }
+        return sanitized
+    } catch {
+        return url.trim()
     }
-    return sanitized;
-  } catch {
-    return url.trim();
-  }
-};
+}
 var isValidRelativePath = (path) => {
-  if (!path || typeof path !== "string") return false;
-  if (!path.startsWith("/") || path.includes("://") || path.includes("\r") || path.includes("\n")) return false;
-  if (/[\x00-\x1F\x7F]/.test(path) || path.includes("\0")) return false;
-  const sanitized = sanitizeURL(path);
-  if (sanitized.includes("..")) return false;
-  return true;
-};
+    if (!path || typeof path !== "string") return false
+    if (!path.startsWith("/") || path.includes("://") || path.includes("\r") || path.includes("\n")) return false
+    if (/[\x00-\x1F\x7F]/.test(path) || path.includes("\0")) return false
+    const sanitized = sanitizeURL(path)
+    if (sanitized.includes("..")) return false
+    return true
+}
 var onErrorHandler = (error) => {
-  if ((0, import_router.isRouterError)(error)) {
-    const { message, status, statusText } = error;
-    return Response.json({ error: "invalid_request", error_description: message }, { status, statusText });
-  }
-  if (isAuthError(error)) {
-    const { type, message } = error;
-    return Response.json({ error: type, error_description: message }, { status: 400 });
-  }
-  return Response.json({ error: "server_error", error_description: "An unexpected error occurred" }, { status: 500 });
-};
+    if ((0, import_router.isRouterError)(error)) {
+        const { message, status, statusText } = error
+        return Response.json({ error: "invalid_request", error_description: message }, { status, statusText })
+    }
+    if (isAuthError(error)) {
+        const { type, message } = error
+        return Response.json({ error: type, error_description: message }, { status: 400 })
+    }
+    return Response.json({ error: "server_error", error_description: "An unexpected error occurred" }, { status: 500 })
+}
 var getNormalizedOriginPath = (path) => {
-  try {
-    const url = new URL(path);
-    url.hash = "";
-    url.search = "";
-    return `${url.origin}${url.pathname}`;
-  } catch {
-    return sanitizeURL(path);
-  }
-};
+    try {
+        const url = new URL(path)
+        url.hash = ""
+        url.search = ""
+        return `${url.origin}${url.pathname}`
+    } catch {
+        return sanitizeURL(path)
+    }
+}
 var toISOString = (date) => {
-  return new Date(date).toISOString();
-};
+    return new Date(date).toISOString()
+}
 // Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  equals,
-  getNormalizedOriginPath,
-  isValidRelativePath,
-  onErrorHandler,
-  sanitizeURL,
-  toCastCase,
-  toISOString,
-  toSnakeCase,
-  toUpperCase
-});
+0 &&
+    (module.exports = {
+        equals,
+        getNormalizedOriginPath,
+        isValidRelativePath,
+        onErrorHandler,
+        sanitizeURL,
+        toCastCase,
+        toISOString,
+        toSnakeCase,
+        toUpperCase,
+    })