@aura-stack/auth 0.1.0-rc.7 → 0.1.0-rc.9

package/dist/chunk-SJPDVKUS.js

@@ -1,112 +1,93 @@
-import {
-  createRedirectTo
-} from "./chunk-CAKJT3KS.js";
-import {
-  expireCookie,
-  getCookie,
-  secureCookieOptions
-} from "./chunk-ZV4BH47P.js";
-import {
-  cacheControl
-} from "./chunk-STHEPPUZ.js";
-import {
-  verifyCSRF
-} from "./chunk-GZU3RBTB.js";
-import {
-  getNormalizedOriginPath
-} from "./chunk-256KIVJL.js";
-import {
-  InvalidCsrfTokenError,
-  InvalidRedirectToError
-} from "./chunk-FJUDBLCP.js";
-import {
-  AuraResponse
-} from "./chunk-JAPMIE6S.js";
+import { createRedirectTo } from "./chunk-CAKJT3KS.js"
+import { expireCookie, getCookie, secureCookieOptions } from "./chunk-ZV4BH47P.js"
+import { cacheControl } from "./chunk-STHEPPUZ.js"
+import { verifyCSRF } from "./chunk-GZU3RBTB.js"
+import { getNormalizedOriginPath } from "./chunk-256KIVJL.js"
+import { InvalidCsrfTokenError, InvalidRedirectToError } from "./chunk-FJUDBLCP.js"
+import { AuraResponse } from "./chunk-JAPMIE6S.js"
 
 // src/actions/signOut/signOut.ts
-import z from "zod";
-import { createEndpoint, createEndpointConfig, statusCode } from "@aura-stack/router";
+import z from "zod"
+import { createEndpoint, createEndpointConfig, statusCode } from "@aura-stack/router"
 var config = createEndpointConfig({
-  schemas: {
-    searchParams: z.object({
-      token_type_hint: z.literal("session_token"),
-      redirectTo: z.string().optional()
-    })
-  }
-});
-var signOutAction = createEndpoint(
-  "POST",
-  "/signOut",
-  async (ctx) => {
-    const {
-      request,
-      headers,
-      searchParams: { redirectTo },
-      context: { cookies, jose, trustedProxyHeaders }
-    } = ctx;
-    try {
-      const cookiesOptions = secureCookieOptions(request, cookies, trustedProxyHeaders);
-      const session = getCookie(request, "sessionToken", cookiesOptions);
-      const csrfToken = getCookie(request, "csrfToken", {
-        ...cookiesOptions,
-        prefix: cookiesOptions.secure ? "__Host-" : ""
-      });
-      const header = headers.get("X-CSRF-Token");
-      if (!header || !session || !csrfToken) {
-        throw new Error("Missing CSRF token or session token");
-      }
-      await verifyCSRF(jose, csrfToken, header);
-      await jose.decodeJWT(session);
-      const normalizedOriginPath = getNormalizedOriginPath(request.url);
-      const location = createRedirectTo(
-        new Request(normalizedOriginPath, {
-          headers
+    schemas: {
+        searchParams: z.object({
+            token_type_hint: z.literal("session_token"),
+            redirectTo: z.string().optional(),
         }),
-        redirectTo
-      );
-      const responseHeaders = new Headers(cacheControl);
-      responseHeaders.append("Set-Cookie", expireCookie("sessionToken", cookiesOptions));
-      responseHeaders.append(
-        "Set-Cookie",
-        expireCookie("csrfToken", { ...cookiesOptions, prefix: cookiesOptions.secure ? "__Host-" : "" })
-      );
-      responseHeaders.append("Location", location);
-      return Response.json(
-        { message: "Signed out successfully" },
-        { status: statusCode.ACCEPTED, headers: responseHeaders }
-      );
-    } catch (error) {
-      if (error instanceof InvalidCsrfTokenError) {
-        return AuraResponse.json(
-          {
-            error: "invalid_csrf_token",
-            error_description: "The provided CSRF token is invalid or has expired"
-          },
-          { status: statusCode.UNAUTHORIZED }
-        );
-      }
-      if (error instanceof InvalidRedirectToError) {
-        const { type, message } = error;
-        return AuraResponse.json(
-          {
-            error: type,
-            error_description: message
-          },
-          { status: statusCode.BAD_REQUEST }
-        );
-      }
-      return AuraResponse.json(
-        {
-          error: "invalid_session_token",
-          error_description: "The provided sessionToken is invalid or has already expired"
-        },
-        { status: statusCode.UNAUTHORIZED }
-      );
-    }
-  },
-  config
-);
+    },
+})
+var signOutAction = createEndpoint(
+    "POST",
+    "/signOut",
+    async (ctx) => {
+        const {
+            request,
+            headers,
+            searchParams: { redirectTo },
+            context: { cookies, jose, trustedProxyHeaders },
+        } = ctx
+        try {
+            const cookiesOptions = secureCookieOptions(request, cookies, trustedProxyHeaders)
+            const session = getCookie(request, "sessionToken", cookiesOptions)
+            const csrfToken = getCookie(request, "csrfToken", {
+                ...cookiesOptions,
+                prefix: cookiesOptions.secure ? "__Host-" : "",
+            })
+            const header = headers.get("X-CSRF-Token")
+            if (!header || !session || !csrfToken) {
+                throw new Error("Missing CSRF token or session token")
+            }
+            await verifyCSRF(jose, csrfToken, header)
+            await jose.decodeJWT(session)
+            const normalizedOriginPath = getNormalizedOriginPath(request.url)
+            const location = createRedirectTo(
+                new Request(normalizedOriginPath, {
+                    headers,
+                }),
+                redirectTo
+            )
+            const responseHeaders = new Headers(cacheControl)
+            responseHeaders.append("Set-Cookie", expireCookie("sessionToken", cookiesOptions))
+            responseHeaders.append(
+                "Set-Cookie",
+                expireCookie("csrfToken", { ...cookiesOptions, prefix: cookiesOptions.secure ? "__Host-" : "" })
+            )
+            responseHeaders.append("Location", location)
+            return Response.json(
+                { message: "Signed out successfully" },
+                { status: statusCode.ACCEPTED, headers: responseHeaders }
+            )
+        } catch (error) {
+            if (error instanceof InvalidCsrfTokenError) {
+                return AuraResponse.json(
+                    {
+                        error: "invalid_csrf_token",
+                        error_description: "The provided CSRF token is invalid or has expired",
+                    },
+                    { status: statusCode.UNAUTHORIZED }
+                )
+            }
+            if (error instanceof InvalidRedirectToError) {
+                const { type, message } = error
+                return AuraResponse.json(
+                    {
+                        error: type,
+                        error_description: message,
+                    },
+                    { status: statusCode.BAD_REQUEST }
+                )
+            }
+            return AuraResponse.json(
+                {
+                    error: "invalid_session_token",
+                    error_description: "The provided sessionToken is invalid or has already expired",
+                },
+                { status: statusCode.UNAUTHORIZED }
+            )
+        }
+    },
+    config
+)
 
-export {
-  signOutAction
-};
+export { signOutAction }

package/dist/chunk-SMQO5WD7.js

@@ -1,30 +1,20 @@
-import {
-  getCookie,
-  secureCookieOptions,
-  setCookie
-} from "./chunk-ZV4BH47P.js";
-import {
-  cacheControl
-} from "./chunk-STHEPPUZ.js";
-import {
-  createCSRF
-} from "./chunk-GZU3RBTB.js";
+import { getCookie, secureCookieOptions, setCookie } from "./chunk-ZV4BH47P.js"
+import { cacheControl } from "./chunk-STHEPPUZ.js"
+import { createCSRF } from "./chunk-GZU3RBTB.js"
 
 // src/actions/csrfToken/csrfToken.ts
-import { createEndpoint } from "@aura-stack/router";
+import { createEndpoint } from "@aura-stack/router"
 var csrfTokenAction = createEndpoint("GET", "/csrfToken", async (ctx) => {
-  const {
-    request,
-    context: { cookies, jose, trustedProxyHeaders }
-  } = ctx;
-  const cookieOptions = secureCookieOptions(request, { ...cookies, strategy: "host" }, trustedProxyHeaders);
-  const existingCSRFToken = getCookie(request, "csrfToken", cookieOptions, true);
-  const csrfToken = await createCSRF(jose, existingCSRFToken);
-  const headers = new Headers(cacheControl);
-  headers.set("Set-Cookie", setCookie("csrfToken", csrfToken, cookieOptions));
-  return Response.json({ csrfToken }, { headers });
-});
+    const {
+        request,
+        context: { cookies, jose, trustedProxyHeaders },
+    } = ctx
+    const cookieOptions = secureCookieOptions(request, { ...cookies, strategy: "host" }, trustedProxyHeaders)
+    const existingCSRFToken = getCookie(request, "csrfToken", cookieOptions, true)
+    const csrfToken = await createCSRF(jose, existingCSRFToken)
+    const headers = new Headers(cacheControl)
+    headers.set("Set-Cookie", setCookie("csrfToken", csrfToken, cookieOptions))
+    return Response.json({ csrfToken }, { headers })
+})
 
-export {
-  csrfTokenAction
-};
+export { csrfTokenAction }

package/dist/chunk-STHEPPUZ.js

@@ -1,11 +1,9 @@
 // src/headers.ts
 var cacheControl = {
-  "Cache-Control": "no-store",
-  Pragma: "no-cache",
-  Expires: "0",
-  Vary: "Cookie"
-};
+    "Cache-Control": "no-store",
+    Pragma: "no-cache",
+    Expires: "0",
+    Vary: "Cookie",
+}
 
-export {
-  cacheControl
-};
+export { cacheControl }

package/dist/chunk-UJJ7R56J.js

@@ -1,52 +1,42 @@
-import {
-  AuthError,
-  ERROR_RESPONSE,
-  throwAuthError
-} from "./chunk-FJUDBLCP.js";
-import {
-  OAuthAccessToken,
-  OAuthAccessTokenErrorResponse,
-  OAuthAccessTokenResponse
-} from "./chunk-HMRKN75I.js";
+import { AuthError, ERROR_RESPONSE, throwAuthError } from "./chunk-FJUDBLCP.js"
+import { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse } from "./chunk-HMRKN75I.js"
 
 // src/actions/callback/access-token.ts
 var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) => {
-  const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier });
-  if (!parsed.success) {
-    throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_REQUEST, "Invalid OAuth configuration");
-  }
-  const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data;
-  try {
-    const response = await fetch(accessToken, {
-      method: "POST",
-      headers: {
-        Accept: "application/json",
-        "Content-Type": "application/x-www-form-urlencoded"
-      },
-      body: new URLSearchParams({
-        client_id: clientId,
-        client_secret: clientSecret,
-        code: codeParsed,
-        redirect_uri: redirectParsed,
-        grant_type: "authorization_code",
-        code_verifier: codeVerifier
-      }).toString()
-    });
-    const json = await response.json();
-    const token = OAuthAccessTokenResponse.safeParse(json);
-    if (!token.success) {
-      const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json);
-      if (!success) {
-        throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_GRANT, "Invalid access token response format");
-      }
-      throw new AuthError(data.error, data?.error_description ?? "Failed to retrieve access token");
+    const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier })
+    if (!parsed.success) {
+        throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_REQUEST, "Invalid OAuth configuration")
     }
-    return token.data;
-  } catch (error) {
-    throw throwAuthError(error, "Failed to create access token");
-  }
-};
+    const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data
+    try {
+        const response = await fetch(accessToken, {
+            method: "POST",
+            headers: {
+                Accept: "application/json",
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            body: new URLSearchParams({
+                client_id: clientId,
+                client_secret: clientSecret,
+                code: codeParsed,
+                redirect_uri: redirectParsed,
+                grant_type: "authorization_code",
+                code_verifier: codeVerifier,
+            }).toString(),
+        })
+        const json = await response.json()
+        const token = OAuthAccessTokenResponse.safeParse(json)
+        if (!token.success) {
+            const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json)
+            if (!success) {
+                throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_GRANT, "Invalid access token response format")
+            }
+            throw new AuthError(data.error, data?.error_description ?? "Failed to retrieve access token")
+        }
+        return token.data
+    } catch (error) {
+        throw throwAuthError(error, "Failed to create access token")
+    }
+}
 
-export {
-  createAccessToken
-};
+export { createAccessToken }

package/dist/chunk-UTDLUEEG.js

@@ -0,0 +1,25 @@
+import { createDerivedSalt } from "./chunk-GZU3RBTB.js"
+import { AuthError } from "./chunk-FJUDBLCP.js"
+
+// src/jose.ts
+import "dotenv/config"
+import { createJWT, createJWS, createDeriveKey } from "@aura-stack/jose"
+var createJoseInstance = (secret) => {
+    secret ?? (secret = process.env.AURA_AUTH_SECRET)
+    if (!secret) {
+        throw new AuthError("JOSE_INIT_ERROR", "AURA_AUTH_SECRET environment variable is not set and no secret was provided.")
+    }
+    const salt = process.env.AURA_AUTH_SALT ?? createDerivedSalt(secret)
+    const { derivedKey: derivedSessionKey } = createDeriveKey(secret, salt, "session")
+    const { derivedKey: derivedCsrfTokenKey } = createDeriveKey(secret, salt, "csrfToken")
+    const { decodeJWT, encodeJWT } = createJWT(derivedSessionKey)
+    const { signJWS, verifyJWS } = createJWS(derivedCsrfTokenKey)
+    return {
+        decodeJWT,
+        encodeJWT,
+        signJWS,
+        verifyJWS,
+    }
+}
+
+export { createJoseInstance }

package/dist/chunk-VFTYH33W.js

@@ -1,61 +1,44 @@
-import {
-  figma
-} from "./chunk-FKRDCWBF.js";
-import {
-  github
-} from "./chunk-IKHPGFCW.js";
-import {
-  gitlab
-} from "./chunk-KRNOMBXQ.js";
-import {
-  spotify
-} from "./chunk-E3OXBRYF.js";
-import {
-  x
-} from "./chunk-42XB3YCW.js";
-import {
-  bitbucket
-} from "./chunk-FIPU4MLT.js";
-import {
-  discord
-} from "./chunk-EBPE35JT.js";
+import { figma } from "./chunk-FKRDCWBF.js"
+import { github } from "./chunk-IKHPGFCW.js"
+import { gitlab } from "./chunk-KRNOMBXQ.js"
+import { spotify } from "./chunk-E3OXBRYF.js"
+import { x } from "./chunk-42XB3YCW.js"
+import { bitbucket } from "./chunk-FIPU4MLT.js"
+import { discord } from "./chunk-EBPE35JT.js"
 
 // src/oauth/index.ts
 var builtInOAuthProviders = {
-  github,
-  bitbucket,
-  figma,
-  discord,
-  gitlab,
-  spotify,
-  x
-};
+    github,
+    bitbucket,
+    figma,
+    discord,
+    gitlab,
+    spotify,
+    x,
+}
 var defineOAuthEnvironment = (oauth) => {
-  const env = process.env;
-  return {
-    clientId: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_ID`],
-    clientSecret: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_SECRET`]
-  };
-};
-var defineOAuthProviderConfig = (config) => {
-  if (typeof config === "string") {
-    const definition = defineOAuthEnvironment(config);
-    const oauthConfig = builtInOAuthProviders[config];
+    const env = process.env
     return {
-      ...oauthConfig,
-      ...definition
-    };
-  }
-  return config;
-};
+        clientId: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_ID`],
+        clientSecret: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_SECRET`],
+    }
+}
+var defineOAuthProviderConfig = (config) => {
+    if (typeof config === "string") {
+        const definition = defineOAuthEnvironment(config)
+        const oauthConfig = builtInOAuthProviders[config]
+        return {
+            ...oauthConfig,
+            ...definition,
+        }
+    }
+    return config
+}
 var createBuiltInOAuthProviders = (oauth = []) => {
-  return oauth.reduce((previous, config) => {
-    const oauthConfig = defineOAuthProviderConfig(config);
-    return { ...previous, [oauthConfig.id]: oauthConfig };
-  }, {});
-};
+    return oauth.reduce((previous, config) => {
+        const oauthConfig = defineOAuthProviderConfig(config)
+        return { ...previous, [oauthConfig.id]: oauthConfig }
+    }, {})
+}
 
-export {
-  builtInOAuthProviders,
-  createBuiltInOAuthProviders
-};
+export { builtInOAuthProviders, createBuiltInOAuthProviders }

package/dist/chunk-XXJKNKGQ.js

@@ -1,37 +1,27 @@
-import {
-  expireCookie,
-  getCookie,
-  secureCookieOptions
-} from "./chunk-ZV4BH47P.js";
-import {
-  cacheControl
-} from "./chunk-STHEPPUZ.js";
-import {
-  toISOString
-} from "./chunk-256KIVJL.js";
+import { expireCookie, getCookie, secureCookieOptions } from "./chunk-ZV4BH47P.js"
+import { cacheControl } from "./chunk-STHEPPUZ.js"
+import { toISOString } from "./chunk-256KIVJL.js"
 
 // src/actions/session/session.ts
-import { createEndpoint } from "@aura-stack/router";
+import { createEndpoint } from "@aura-stack/router"
 var sessionAction = createEndpoint("GET", "/session", async (ctx) => {
-  const {
-    request,
-    context: { cookies, jose, trustedProxyHeaders }
-  } = ctx;
-  const cookieOptions = secureCookieOptions(request, cookies, trustedProxyHeaders);
-  try {
-    const session = getCookie(request, "sessionToken", cookieOptions);
-    const decoded = await jose.decodeJWT(session);
-    const { exp, iat, jti, nbf, ...user } = decoded;
-    const headers = new Headers(cacheControl);
-    return Response.json({ user, expires: toISOString(exp * 1e3) }, { headers });
-  } catch {
-    const headers = new Headers(cacheControl);
-    const sessionCookie = expireCookie("sessionToken", cookieOptions);
-    headers.set("Set-Cookie", sessionCookie);
-    return Response.json({ authenticated: false, message: "Unauthorized" }, { status: 401, headers });
-  }
-});
+    const {
+        request,
+        context: { cookies, jose, trustedProxyHeaders },
+    } = ctx
+    const cookieOptions = secureCookieOptions(request, cookies, trustedProxyHeaders)
+    try {
+        const session = getCookie(request, "sessionToken", cookieOptions)
+        const decoded = await jose.decodeJWT(session)
+        const { exp, iat, jti, nbf, ...user } = decoded
+        const headers = new Headers(cacheControl)
+        return Response.json({ user, expires: toISOString(exp * 1e3) }, { headers })
+    } catch {
+        const headers = new Headers(cacheControl)
+        const sessionCookie = expireCookie("sessionToken", cookieOptions)
+        headers.set("Set-Cookie", sessionCookie)
+        return Response.json({ authenticated: false, message: "Unauthorized" }, { status: 401, headers })
+    }
+})
 
-export {
-  sessionAction
-};
+export { sessionAction }