@aura-stack/auth 0.1.0-rc.8 → 0.1.0

package/dist/chunk-SJPDVKUS.js

@@ -1,93 +1,112 @@
-import { createRedirectTo } from "./chunk-CAKJT3KS.js"
-import { expireCookie, getCookie, secureCookieOptions } from "./chunk-ZV4BH47P.js"
-import { cacheControl } from "./chunk-STHEPPUZ.js"
-import { verifyCSRF } from "./chunk-GZU3RBTB.js"
-import { getNormalizedOriginPath } from "./chunk-256KIVJL.js"
-import { InvalidCsrfTokenError, InvalidRedirectToError } from "./chunk-FJUDBLCP.js"
-import { AuraResponse } from "./chunk-JAPMIE6S.js"
+import {
+  createRedirectTo
+} from "./chunk-CAKJT3KS.js";
+import {
+  expireCookie,
+  getCookie,
+  secureCookieOptions
+} from "./chunk-ZV4BH47P.js";
+import {
+  cacheControl
+} from "./chunk-STHEPPUZ.js";
+import {
+  verifyCSRF
+} from "./chunk-GZU3RBTB.js";
+import {
+  getNormalizedOriginPath
+} from "./chunk-256KIVJL.js";
+import {
+  InvalidCsrfTokenError,
+  InvalidRedirectToError
+} from "./chunk-FJUDBLCP.js";
+import {
+  AuraResponse
+} from "./chunk-JAPMIE6S.js";
 
 // src/actions/signOut/signOut.ts
-import z from "zod"
-import { createEndpoint, createEndpointConfig, statusCode } from "@aura-stack/router"
+import z from "zod";
+import { createEndpoint, createEndpointConfig, statusCode } from "@aura-stack/router";
 var config = createEndpointConfig({
-    schemas: {
-        searchParams: z.object({
-            token_type_hint: z.literal("session_token"),
-            redirectTo: z.string().optional(),
-        }),
-    },
-})
+  schemas: {
+    searchParams: z.object({
+      token_type_hint: z.literal("session_token"),
+      redirectTo: z.string().optional()
+    })
+  }
+});
 var signOutAction = createEndpoint(
-    "POST",
-    "/signOut",
-    async (ctx) => {
-        const {
-            request,
-            headers,
-            searchParams: { redirectTo },
-            context: { cookies, jose, trustedProxyHeaders },
-        } = ctx
-        try {
-            const cookiesOptions = secureCookieOptions(request, cookies, trustedProxyHeaders)
-            const session = getCookie(request, "sessionToken", cookiesOptions)
-            const csrfToken = getCookie(request, "csrfToken", {
-                ...cookiesOptions,
-                prefix: cookiesOptions.secure ? "__Host-" : "",
-            })
-            const header = headers.get("X-CSRF-Token")
-            if (!header || !session || !csrfToken) {
-                throw new Error("Missing CSRF token or session token")
-            }
-            await verifyCSRF(jose, csrfToken, header)
-            await jose.decodeJWT(session)
-            const normalizedOriginPath = getNormalizedOriginPath(request.url)
-            const location = createRedirectTo(
-                new Request(normalizedOriginPath, {
-                    headers,
-                }),
-                redirectTo
-            )
-            const responseHeaders = new Headers(cacheControl)
-            responseHeaders.append("Set-Cookie", expireCookie("sessionToken", cookiesOptions))
-            responseHeaders.append(
-                "Set-Cookie",
-                expireCookie("csrfToken", { ...cookiesOptions, prefix: cookiesOptions.secure ? "__Host-" : "" })
-            )
-            responseHeaders.append("Location", location)
-            return Response.json(
-                { message: "Signed out successfully" },
-                { status: statusCode.ACCEPTED, headers: responseHeaders }
-            )
-        } catch (error) {
-            if (error instanceof InvalidCsrfTokenError) {
-                return AuraResponse.json(
-                    {
-                        error: "invalid_csrf_token",
-                        error_description: "The provided CSRF token is invalid or has expired",
-                    },
-                    { status: statusCode.UNAUTHORIZED }
-                )
-            }
-            if (error instanceof InvalidRedirectToError) {
-                const { type, message } = error
-                return AuraResponse.json(
-                    {
-                        error: type,
-                        error_description: message,
-                    },
-                    { status: statusCode.BAD_REQUEST }
-                )
-            }
-            return AuraResponse.json(
-                {
-                    error: "invalid_session_token",
-                    error_description: "The provided sessionToken is invalid or has already expired",
-                },
-                { status: statusCode.UNAUTHORIZED }
-            )
-        }
-    },
-    config
-)
+  "POST",
+  "/signOut",
+  async (ctx) => {
+    const {
+      request,
+      headers,
+      searchParams: { redirectTo },
+      context: { cookies, jose, trustedProxyHeaders }
+    } = ctx;
+    try {
+      const cookiesOptions = secureCookieOptions(request, cookies, trustedProxyHeaders);
+      const session = getCookie(request, "sessionToken", cookiesOptions);
+      const csrfToken = getCookie(request, "csrfToken", {
+        ...cookiesOptions,
+        prefix: cookiesOptions.secure ? "__Host-" : ""
+      });
+      const header = headers.get("X-CSRF-Token");
+      if (!header || !session || !csrfToken) {
+        throw new Error("Missing CSRF token or session token");
+      }
+      await verifyCSRF(jose, csrfToken, header);
+      await jose.decodeJWT(session);
+      const normalizedOriginPath = getNormalizedOriginPath(request.url);
+      const location = createRedirectTo(
+        new Request(normalizedOriginPath, {
+          headers
+        }),
+        redirectTo
+      );
+      const responseHeaders = new Headers(cacheControl);
+      responseHeaders.append("Set-Cookie", expireCookie("sessionToken", cookiesOptions));
+      responseHeaders.append(
+        "Set-Cookie",
+        expireCookie("csrfToken", { ...cookiesOptions, prefix: cookiesOptions.secure ? "__Host-" : "" })
+      );
+      responseHeaders.append("Location", location);
+      return Response.json(
+        { message: "Signed out successfully" },
+        { status: statusCode.ACCEPTED, headers: responseHeaders }
+      );
+    } catch (error) {
+      if (error instanceof InvalidCsrfTokenError) {
+        return AuraResponse.json(
+          {
+            error: "invalid_csrf_token",
+            error_description: "The provided CSRF token is invalid or has expired"
+          },
+          { status: statusCode.UNAUTHORIZED }
+        );
+      }
+      if (error instanceof InvalidRedirectToError) {
+        const { type, message } = error;
+        return AuraResponse.json(
+          {
+            error: type,
+            error_description: message
+          },
+          { status: statusCode.BAD_REQUEST }
+        );
+      }
+      return AuraResponse.json(
+        {
+          error: "invalid_session_token",
+          error_description: "The provided sessionToken is invalid or has already expired"
+        },
+        { status: statusCode.UNAUTHORIZED }
+      );
+    }
+  },
+  config
+);
 
-export { signOutAction }
+export {
+  signOutAction
+};

package/dist/chunk-SMQO5WD7.js

@@ -1,20 +1,30 @@
-import { getCookie, secureCookieOptions, setCookie } from "./chunk-ZV4BH47P.js"
-import { cacheControl } from "./chunk-STHEPPUZ.js"
-import { createCSRF } from "./chunk-GZU3RBTB.js"
+import {
+  getCookie,
+  secureCookieOptions,
+  setCookie
+} from "./chunk-ZV4BH47P.js";
+import {
+  cacheControl
+} from "./chunk-STHEPPUZ.js";
+import {
+  createCSRF
+} from "./chunk-GZU3RBTB.js";
 
 // src/actions/csrfToken/csrfToken.ts
-import { createEndpoint } from "@aura-stack/router"
+import { createEndpoint } from "@aura-stack/router";
 var csrfTokenAction = createEndpoint("GET", "/csrfToken", async (ctx) => {
-    const {
-        request,
-        context: { cookies, jose, trustedProxyHeaders },
-    } = ctx
-    const cookieOptions = secureCookieOptions(request, { ...cookies, strategy: "host" }, trustedProxyHeaders)
-    const existingCSRFToken = getCookie(request, "csrfToken", cookieOptions, true)
-    const csrfToken = await createCSRF(jose, existingCSRFToken)
-    const headers = new Headers(cacheControl)
-    headers.set("Set-Cookie", setCookie("csrfToken", csrfToken, cookieOptions))
-    return Response.json({ csrfToken }, { headers })
-})
+  const {
+    request,
+    context: { cookies, jose, trustedProxyHeaders }
+  } = ctx;
+  const cookieOptions = secureCookieOptions(request, { ...cookies, strategy: "host" }, trustedProxyHeaders);
+  const existingCSRFToken = getCookie(request, "csrfToken", cookieOptions, true);
+  const csrfToken = await createCSRF(jose, existingCSRFToken);
+  const headers = new Headers(cacheControl);
+  headers.set("Set-Cookie", setCookie("csrfToken", csrfToken, cookieOptions));
+  return Response.json({ csrfToken }, { headers });
+});
 
-export { csrfTokenAction }
+export {
+  csrfTokenAction
+};

package/dist/chunk-STHEPPUZ.js

@@ -1,9 +1,11 @@
 // src/headers.ts
 var cacheControl = {
-    "Cache-Control": "no-store",
-    Pragma: "no-cache",
-    Expires: "0",
-    Vary: "Cookie",
-}
+  "Cache-Control": "no-store",
+  Pragma: "no-cache",
+  Expires: "0",
+  Vary: "Cookie"
+};
 
-export { cacheControl }
+export {
+  cacheControl
+};

package/dist/chunk-UJJ7R56J.js

@@ -1,42 +1,52 @@
-import { AuthError, ERROR_RESPONSE, throwAuthError } from "./chunk-FJUDBLCP.js"
-import { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse } from "./chunk-HMRKN75I.js"
+import {
+  AuthError,
+  ERROR_RESPONSE,
+  throwAuthError
+} from "./chunk-FJUDBLCP.js";
+import {
+  OAuthAccessToken,
+  OAuthAccessTokenErrorResponse,
+  OAuthAccessTokenResponse
+} from "./chunk-HMRKN75I.js";
 
 // src/actions/callback/access-token.ts
 var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) => {
-    const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier })
-    if (!parsed.success) {
-        throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_REQUEST, "Invalid OAuth configuration")
+  const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier });
+  if (!parsed.success) {
+    throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_REQUEST, "Invalid OAuth configuration");
+  }
+  const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data;
+  try {
+    const response = await fetch(accessToken, {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        client_id: clientId,
+        client_secret: clientSecret,
+        code: codeParsed,
+        redirect_uri: redirectParsed,
+        grant_type: "authorization_code",
+        code_verifier: codeVerifier
+      }).toString()
+    });
+    const json = await response.json();
+    const token = OAuthAccessTokenResponse.safeParse(json);
+    if (!token.success) {
+      const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json);
+      if (!success) {
+        throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_GRANT, "Invalid access token response format");
+      }
+      throw new AuthError(data.error, data?.error_description ?? "Failed to retrieve access token");
     }
-    const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data
-    try {
-        const response = await fetch(accessToken, {
-            method: "POST",
-            headers: {
-                Accept: "application/json",
-                "Content-Type": "application/x-www-form-urlencoded",
-            },
-            body: new URLSearchParams({
-                client_id: clientId,
-                client_secret: clientSecret,
-                code: codeParsed,
-                redirect_uri: redirectParsed,
-                grant_type: "authorization_code",
-                code_verifier: codeVerifier,
-            }).toString(),
-        })
-        const json = await response.json()
-        const token = OAuthAccessTokenResponse.safeParse(json)
-        if (!token.success) {
-            const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json)
-            if (!success) {
-                throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_GRANT, "Invalid access token response format")
-            }
-            throw new AuthError(data.error, data?.error_description ?? "Failed to retrieve access token")
-        }
-        return token.data
-    } catch (error) {
-        throw throwAuthError(error, "Failed to create access token")
-    }
-}
+    return token.data;
+  } catch (error) {
+    throw throwAuthError(error, "Failed to create access token");
+  }
+};
 
-export { createAccessToken }
+export {
+  createAccessToken
+};

package/dist/chunk-UTDLUEEG.js

@@ -1,25 +1,31 @@
-import { createDerivedSalt } from "./chunk-GZU3RBTB.js"
-import { AuthError } from "./chunk-FJUDBLCP.js"
+import {
+  createDerivedSalt
+} from "./chunk-GZU3RBTB.js";
+import {
+  AuthError
+} from "./chunk-FJUDBLCP.js";
 
 // src/jose.ts
-import "dotenv/config"
-import { createJWT, createJWS, createDeriveKey } from "@aura-stack/jose"
+import "dotenv/config";
+import { createJWT, createJWS, createDeriveKey } from "@aura-stack/jose";
 var createJoseInstance = (secret) => {
-    secret ?? (secret = process.env.AURA_AUTH_SECRET)
-    if (!secret) {
-        throw new AuthError("JOSE_INIT_ERROR", "AURA_AUTH_SECRET environment variable is not set and no secret was provided.")
-    }
-    const salt = process.env.AURA_AUTH_SALT ?? createDerivedSalt(secret)
-    const { derivedKey: derivedSessionKey } = createDeriveKey(secret, salt, "session")
-    const { derivedKey: derivedCsrfTokenKey } = createDeriveKey(secret, salt, "csrfToken")
-    const { decodeJWT, encodeJWT } = createJWT(derivedSessionKey)
-    const { signJWS, verifyJWS } = createJWS(derivedCsrfTokenKey)
-    return {
-        decodeJWT,
-        encodeJWT,
-        signJWS,
-        verifyJWS,
-    }
-}
+  secret ?? (secret = process.env.AURA_AUTH_SECRET);
+  if (!secret) {
+    throw new AuthError("JOSE_INIT_ERROR", "AURA_AUTH_SECRET environment variable is not set and no secret was provided.");
+  }
+  const salt = process.env.AURA_AUTH_SALT ?? createDerivedSalt(secret);
+  const { derivedKey: derivedSessionKey } = createDeriveKey(secret, salt, "session");
+  const { derivedKey: derivedCsrfTokenKey } = createDeriveKey(secret, salt, "csrfToken");
+  const { decodeJWT, encodeJWT } = createJWT(derivedSessionKey);
+  const { signJWS, verifyJWS } = createJWS(derivedCsrfTokenKey);
+  return {
+    decodeJWT,
+    encodeJWT,
+    signJWS,
+    verifyJWS
+  };
+};
 
-export { createJoseInstance }
+export {
+  createJoseInstance
+};

package/dist/chunk-VFTYH33W.js

@@ -1,44 +1,61 @@
-import { figma } from "./chunk-FKRDCWBF.js"
-import { github } from "./chunk-IKHPGFCW.js"
-import { gitlab } from "./chunk-KRNOMBXQ.js"
-import { spotify } from "./chunk-E3OXBRYF.js"
-import { x } from "./chunk-42XB3YCW.js"
-import { bitbucket } from "./chunk-FIPU4MLT.js"
-import { discord } from "./chunk-EBPE35JT.js"
+import {
+  figma
+} from "./chunk-FKRDCWBF.js";
+import {
+  github
+} from "./chunk-IKHPGFCW.js";
+import {
+  gitlab
+} from "./chunk-KRNOMBXQ.js";
+import {
+  spotify
+} from "./chunk-E3OXBRYF.js";
+import {
+  x
+} from "./chunk-42XB3YCW.js";
+import {
+  bitbucket
+} from "./chunk-FIPU4MLT.js";
+import {
+  discord
+} from "./chunk-EBPE35JT.js";
 
 // src/oauth/index.ts
 var builtInOAuthProviders = {
-    github,
-    bitbucket,
-    figma,
-    discord,
-    gitlab,
-    spotify,
-    x,
-}
+  github,
+  bitbucket,
+  figma,
+  discord,
+  gitlab,
+  spotify,
+  x
+};
 var defineOAuthEnvironment = (oauth) => {
-    const env = process.env
-    return {
-        clientId: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_ID`],
-        clientSecret: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_SECRET`],
-    }
-}
+  const env = process.env;
+  return {
+    clientId: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_ID`],
+    clientSecret: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_SECRET`]
+  };
+};
 var defineOAuthProviderConfig = (config) => {
-    if (typeof config === "string") {
-        const definition = defineOAuthEnvironment(config)
-        const oauthConfig = builtInOAuthProviders[config]
-        return {
-            ...oauthConfig,
-            ...definition,
-        }
-    }
-    return config
-}
+  if (typeof config === "string") {
+    const definition = defineOAuthEnvironment(config);
+    const oauthConfig = builtInOAuthProviders[config];
+    return {
+      ...oauthConfig,
+      ...definition
+    };
+  }
+  return config;
+};
 var createBuiltInOAuthProviders = (oauth = []) => {
-    return oauth.reduce((previous, config) => {
-        const oauthConfig = defineOAuthProviderConfig(config)
-        return { ...previous, [oauthConfig.id]: oauthConfig }
-    }, {})
-}
+  return oauth.reduce((previous, config) => {
+    const oauthConfig = defineOAuthProviderConfig(config);
+    return { ...previous, [oauthConfig.id]: oauthConfig };
+  }, {});
+};
 
-export { builtInOAuthProviders, createBuiltInOAuthProviders }
+export {
+  builtInOAuthProviders,
+  createBuiltInOAuthProviders
+};

package/dist/chunk-XXJKNKGQ.js

@@ -1,27 +1,37 @@
-import { expireCookie, getCookie, secureCookieOptions } from "./chunk-ZV4BH47P.js"
-import { cacheControl } from "./chunk-STHEPPUZ.js"
-import { toISOString } from "./chunk-256KIVJL.js"
+import {
+  expireCookie,
+  getCookie,
+  secureCookieOptions
+} from "./chunk-ZV4BH47P.js";
+import {
+  cacheControl
+} from "./chunk-STHEPPUZ.js";
+import {
+  toISOString
+} from "./chunk-256KIVJL.js";
 
 // src/actions/session/session.ts
-import { createEndpoint } from "@aura-stack/router"
+import { createEndpoint } from "@aura-stack/router";
 var sessionAction = createEndpoint("GET", "/session", async (ctx) => {
-    const {
-        request,
-        context: { cookies, jose, trustedProxyHeaders },
-    } = ctx
-    const cookieOptions = secureCookieOptions(request, cookies, trustedProxyHeaders)
-    try {
-        const session = getCookie(request, "sessionToken", cookieOptions)
-        const decoded = await jose.decodeJWT(session)
-        const { exp, iat, jti, nbf, ...user } = decoded
-        const headers = new Headers(cacheControl)
-        return Response.json({ user, expires: toISOString(exp * 1e3) }, { headers })
-    } catch {
-        const headers = new Headers(cacheControl)
-        const sessionCookie = expireCookie("sessionToken", cookieOptions)
-        headers.set("Set-Cookie", sessionCookie)
-        return Response.json({ authenticated: false, message: "Unauthorized" }, { status: 401, headers })
-    }
-})
+  const {
+    request,
+    context: { cookies, jose, trustedProxyHeaders }
+  } = ctx;
+  const cookieOptions = secureCookieOptions(request, cookies, trustedProxyHeaders);
+  try {
+    const session = getCookie(request, "sessionToken", cookieOptions);
+    const decoded = await jose.decodeJWT(session);
+    const { exp, iat, jti, nbf, ...user } = decoded;
+    const headers = new Headers(cacheControl);
+    return Response.json({ user, expires: toISOString(exp * 1e3) }, { headers });
+  } catch {
+    const headers = new Headers(cacheControl);
+    const sessionCookie = expireCookie("sessionToken", cookieOptions);
+    headers.set("Set-Cookie", sessionCookie);
+    return Response.json({ authenticated: false, message: "Unauthorized" }, { status: 401, headers });
+  }
+});
 
-export { sessionAction }
+export {
+  sessionAction
+};