@aura-stack/auth 0.1.0-rc.9 → 0.1.0

package/dist/schemas.js

@@ -1,20 +1,20 @@
 import {
-    OAuthAccessToken,
-    OAuthAccessTokenErrorResponse,
-    OAuthAccessTokenResponse,
-    OAuthAuthorization,
-    OAuthAuthorizationErrorResponse,
-    OAuthAuthorizationResponse,
-    OAuthErrorResponse,
-    OAuthProviderConfigSchema,
-} from "./chunk-HMRKN75I.js"
+  OAuthAccessToken,
+  OAuthAccessTokenErrorResponse,
+  OAuthAccessTokenResponse,
+  OAuthAuthorization,
+  OAuthAuthorizationErrorResponse,
+  OAuthAuthorizationResponse,
+  OAuthErrorResponse,
+  OAuthProviderConfigSchema
+} from "./chunk-HMRKN75I.js";
 export {
-    OAuthAccessToken,
-    OAuthAccessTokenErrorResponse,
-    OAuthAccessTokenResponse,
-    OAuthAuthorization,
-    OAuthAuthorizationErrorResponse,
-    OAuthAuthorizationResponse,
-    OAuthErrorResponse,
-    OAuthProviderConfigSchema,
-}
+  OAuthAccessToken,
+  OAuthAccessTokenErrorResponse,
+  OAuthAccessTokenResponse,
+  OAuthAuthorization,
+  OAuthAuthorizationErrorResponse,
+  OAuthAuthorizationResponse,
+  OAuthErrorResponse,
+  OAuthProviderConfigSchema
+};

package/dist/secure.cjs

@@ -1,123 +1,120 @@
-"use strict"
-var __create = Object.create
-var __defProp = Object.defineProperty
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor
-var __getOwnPropNames = Object.getOwnPropertyNames
-var __getProtoOf = Object.getPrototypeOf
-var __hasOwnProp = Object.prototype.hasOwnProperty
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
-    for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
-}
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 var __copyProps = (to, from, except, desc) => {
-    if ((from && typeof from === "object") || typeof from === "function") {
-        for (let key of __getOwnPropNames(from))
-            if (!__hasOwnProp.call(to, key) && key !== except)
-                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
-    }
-    return to
-}
-var __toESM = (mod, isNodeMode, target) => (
-    (target = mod != null ? __create(__getProtoOf(mod)) : {}),
-    __copyProps(
-        // If the importer is in node compatibility mode or this is not an ESM
-        // file that has been converted to a CommonJS file using a Babel-
-        // compatible transform (i.e. "__esModule" has not been set), then set
-        // "default" to the CommonJS "module.exports" for node compatibility.
-        isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-        mod
-    )
-)
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/secure.ts
-var secure_exports = {}
+var secure_exports = {};
 __export(secure_exports, {
-    createCSRF: () => createCSRF,
-    createDerivedSalt: () => createDerivedSalt,
-    createHash: () => createHash,
-    createPKCE: () => createPKCE,
-    generateSecure: () => generateSecure,
-    verifyCSRF: () => verifyCSRF,
-})
-module.exports = __toCommonJS(secure_exports)
-var import_node_crypto = __toESM(require("crypto"), 1)
+  createCSRF: () => createCSRF,
+  createDerivedSalt: () => createDerivedSalt,
+  createHash: () => createHash,
+  createPKCE: () => createPKCE,
+  generateSecure: () => generateSecure,
+  verifyCSRF: () => verifyCSRF
+});
+module.exports = __toCommonJS(secure_exports);
+var import_node_crypto = __toESM(require("crypto"), 1);
 
 // src/utils.ts
-var import_router = require("@aura-stack/router")
+var import_router = require("@aura-stack/router");
 
 // src/error.ts
 var AuthError = class extends Error {
-    constructor(type, message) {
-        super(message)
-        this.type = type
-        this.name = "AuthError"
-    }
-}
+  constructor(type, message) {
+    super(message);
+    this.type = type;
+    this.name = "AuthError";
+  }
+};
 var InvalidCsrfTokenError = class extends AuthError {
-    constructor(message = "The provided CSRF token is invalid or has expired") {
-        super("invalid_csrf_token", message)
-        this.name = "InvalidCsrfTokenError"
-    }
-}
+  constructor(message = "The provided CSRF token is invalid or has expired") {
+    super("invalid_csrf_token", message);
+    this.name = "InvalidCsrfTokenError";
+  }
+};
 
 // src/utils.ts
 var equals = (a, b) => {
-    if (a === null || b === null || a === void 0 || b === void 0) return false
-    return a === b
-}
+  if (a === null || b === null || a === void 0 || b === void 0) return false;
+  return a === b;
+};
 
 // src/secure.ts
 var generateSecure = (length = 32) => {
-    return import_node_crypto.default.randomBytes(length).toString("base64url")
-}
+  return import_node_crypto.default.randomBytes(length).toString("base64url");
+};
 var createHash = (data, base = "hex") => {
-    return import_node_crypto.default.createHash("sha256").update(data).digest().toString(base)
-}
+  return import_node_crypto.default.createHash("sha256").update(data).digest().toString(base);
+};
 var createPKCE = async (verifier) => {
-    const codeVerifier = verifier ?? generateSecure(86)
-    const codeChallenge = createHash(codeVerifier, "base64url")
-    return { codeVerifier, codeChallenge, method: "S256" }
-}
+  const codeVerifier = verifier ?? generateSecure(86);
+  const codeChallenge = createHash(codeVerifier, "base64url");
+  return { codeVerifier, codeChallenge, method: "S256" };
+};
 var createCSRF = async (jose, csrfCookie) => {
-    try {
-        const token = generateSecure(32)
-        if (csrfCookie) {
-            await jose.verifyJWS(csrfCookie)
-            return csrfCookie
-        }
-        return jose.signJWS({ token })
-    } catch {
-        const token = generateSecure(32)
-        return jose.signJWS({ token })
+  try {
+    const token = generateSecure(32);
+    if (csrfCookie) {
+      await jose.verifyJWS(csrfCookie);
+      return csrfCookie;
     }
-}
+    return jose.signJWS({ token });
+  } catch {
+    const token = generateSecure(32);
+    return jose.signJWS({ token });
+  }
+};
 var verifyCSRF = async (jose, cookie, header) => {
-    try {
-        const { token: cookieToken } = await jose.verifyJWS(cookie)
-        const { token: headerToken } = await jose.verifyJWS(header)
-        const cookieBuffer = Buffer.from(cookieToken)
-        const headerBuffer = Buffer.from(headerToken)
-        if (!equals(headerBuffer.length, cookieBuffer.length)) {
-            throw new InvalidCsrfTokenError()
-        }
-        if (!import_node_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
-            throw new InvalidCsrfTokenError()
-        }
-        return true
-    } catch {
-        throw new InvalidCsrfTokenError()
+  try {
+    const { token: cookieToken } = await jose.verifyJWS(cookie);
+    const { token: headerToken } = await jose.verifyJWS(header);
+    const cookieBuffer = Buffer.from(cookieToken);
+    const headerBuffer = Buffer.from(headerToken);
+    if (!equals(headerBuffer.length, cookieBuffer.length)) {
+      throw new InvalidCsrfTokenError();
+    }
+    if (!import_node_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
+      throw new InvalidCsrfTokenError();
     }
-}
+    return true;
+  } catch {
+    throw new InvalidCsrfTokenError();
+  }
+};
 var createDerivedSalt = (secret) => {
-    return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex")
-}
+  return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
+};
 // Annotate the CommonJS export names for ESM import in node:
-0 &&
-    (module.exports = {
-        createCSRF,
-        createDerivedSalt,
-        createHash,
-        createPKCE,
-        generateSecure,
-        verifyCSRF,
-    })
+0 && (module.exports = {
+  createCSRF,
+  createDerivedSalt,
+  createHash,
+  createPKCE,
+  generateSecure,
+  verifyCSRF
+});

package/dist/secure.d.ts

@@ -1,13 +1,13 @@
-import { A as AuthRuntimeConfig } from "./index-DpfbvTZ_.js"
-import "zod/v4"
-import "@aura-stack/jose/jose"
-import "./schemas.js"
-import "zod/v4/core"
-import "cookie"
-import "./@types/utility.js"
+import { A as AuthRuntimeConfig } from './index-DpfbvTZ_.js';
+import 'zod/v4';
+import '@aura-stack/jose/jose';
+import './schemas.js';
+import 'zod/v4/core';
+import 'cookie';
+import './@types/utility.js';
 
-declare const generateSecure: (length?: number) => string
-declare const createHash: (data: string, base?: "hex" | "base64" | "base64url") => string
+declare const generateSecure: (length?: number) => string;
+declare const createHash: (data: string, base?: "hex" | "base64" | "base64url") => string;
 /**
  * Creates the code challenge flow for PKCE OAuth flow. It generates a code verifier and its corresponding
  * code challenge using SHA-256 hashing.
@@ -18,24 +18,24 @@ declare const createHash: (data: string, base?: "hex" | "base64" | "base64url")
  * @see https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
  */
 declare const createPKCE: (verifier?: string) => Promise<{
-    codeVerifier: string
-    codeChallenge: string
-    method: string
-}>
+    codeVerifier: string;
+    codeChallenge: string;
+    method: string;
+}>;
 /**
  * Creates a CSRF token to be used in OAuth flows to prevent cross-site request forgery attacks.
  *
  * @param csrfCookie - Optional existing CSRF cookie to verify and reuse
  * @returns Signed CSRF token
  */
-declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>
-declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>
+declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
+declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>;
 /**
  * Creates a deterministic derived salt from the provided secret.
  *
  * @param secret the base secret to derive the salt from
  * @returns the derived salt as a hexadecimal string
  */
-declare const createDerivedSalt: (secret: string) => string
+declare const createDerivedSalt: (secret: string) => string;
 
-export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF }
+export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF };

package/dist/secure.js

@@ -1,4 +1,18 @@
-import { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF } from "./chunk-GZU3RBTB.js"
-import "./chunk-256KIVJL.js"
-import "./chunk-FJUDBLCP.js"
-export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF }
+import {
+  createCSRF,
+  createDerivedSalt,
+  createHash,
+  createPKCE,
+  generateSecure,
+  verifyCSRF
+} from "./chunk-GZU3RBTB.js";
+import "./chunk-256KIVJL.js";
+import "./chunk-FJUDBLCP.js";
+export {
+  createCSRF,
+  createDerivedSalt,
+  createHash,
+  createPKCE,
+  generateSecure,
+  verifyCSRF
+};

package/dist/utils.cjs

@@ -1,154 +1,141 @@
-"use strict"
-var __defProp = Object.defineProperty
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor
-var __getOwnPropNames = Object.getOwnPropertyNames
-var __hasOwnProp = Object.prototype.hasOwnProperty
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
-    for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
-}
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 var __copyProps = (to, from, except, desc) => {
-    if ((from && typeof from === "object") || typeof from === "function") {
-        for (let key of __getOwnPropNames(from))
-            if (!__hasOwnProp.call(to, key) && key !== except)
-                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
-    }
-    return to
-}
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/utils.ts
-var utils_exports = {}
+var utils_exports = {};
 __export(utils_exports, {
-    equals: () => equals,
-    getNormalizedOriginPath: () => getNormalizedOriginPath,
-    isValidRelativePath: () => isValidRelativePath,
-    onErrorHandler: () => onErrorHandler,
-    sanitizeURL: () => sanitizeURL,
-    toCastCase: () => toCastCase,
-    toISOString: () => toISOString,
-    toSnakeCase: () => toSnakeCase,
-    toUpperCase: () => toUpperCase,
-})
-module.exports = __toCommonJS(utils_exports)
-var import_router = require("@aura-stack/router")
+  equals: () => equals,
+  getNormalizedOriginPath: () => getNormalizedOriginPath,
+  isValidRelativePath: () => isValidRelativePath,
+  onErrorHandler: () => onErrorHandler,
+  sanitizeURL: () => sanitizeURL,
+  toCastCase: () => toCastCase,
+  toISOString: () => toISOString,
+  toSnakeCase: () => toSnakeCase,
+  toUpperCase: () => toUpperCase
+});
+module.exports = __toCommonJS(utils_exports);
+var import_router = require("@aura-stack/router");
 
 // src/error.ts
 var AuthError = class extends Error {
-    constructor(type, message) {
-        super(message)
-        this.type = type
-        this.name = "AuthError"
-    }
-}
+  constructor(type, message) {
+    super(message);
+    this.type = type;
+    this.name = "AuthError";
+  }
+};
 var isAuthError = (error) => {
-    return error instanceof AuthError
-}
+  return error instanceof AuthError;
+};
 
 // src/utils.ts
 var toSnakeCase = (str) => {
-    return str
-        .replace(/([a-z0-9])([A-Z])/g, "$1_$2")
-        .replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2")
-        .toLowerCase()
-        .replace(/^_+/, "")
-}
+  return str.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2").toLowerCase().replace(/^_+/, "");
+};
 var toUpperCase = (str) => {
-    return str.toUpperCase()
-}
+  return str.toUpperCase();
+};
 var toCastCase = (obj, type = "snake") => {
-    return Object.entries(obj).reduce((previous, [key, value]) => {
-        const newKey = type === "snake" ? toSnakeCase(key) : toUpperCase(key)
-        return { ...previous, [newKey]: value }
-    }, {})
-}
+  return Object.entries(obj).reduce((previous, [key, value]) => {
+    const newKey = type === "snake" ? toSnakeCase(key) : toUpperCase(key);
+    return { ...previous, [newKey]: value };
+  }, {});
+};
 var equals = (a, b) => {
-    if (a === null || b === null || a === void 0 || b === void 0) return false
-    return a === b
-}
+  if (a === null || b === null || a === void 0 || b === void 0) return false;
+  return a === b;
+};
 var sanitizeURL = (url) => {
-    try {
-        let decodedURL = decodeURIComponent(url).trim()
-        const protocolMatch = decodedURL.match(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)/)
-        let protocol = ""
-        let rest = decodedURL
-        if (protocolMatch) {
-            protocol = protocolMatch[1]
-            rest = decodedURL.slice(protocol.length)
-            const slashIndex = rest.indexOf("/")
-            if (slashIndex === -1) {
-                return protocol + rest
-            }
-            const domain = rest.slice(0, slashIndex)
-            let path = rest
-                .slice(slashIndex)
-                .replace(/\/\.\.\//g, "/")
-                .replace(/\/\.\.$/, "")
-                .replace(/\.{2,}/g, "")
-                .replace(/\/{2,}/g, "/")
-            if (path !== "/" && path.endsWith("/")) {
-                path = path.replace(/\/+$/, "/")
-            } else if (path !== "/") {
-                path = path.replace(/\/+$/, "")
-            }
-            return protocol + domain + path
-        }
-        let sanitized = decodedURL
-            .replace(/\/\.\.\//g, "/")
-            .replace(/\/\.\.$/, "")
-            .replace(/\.{2,}/g, "")
-            .replace(/\/{2,}/g, "/")
-        if (sanitized !== "/" && sanitized.endsWith("/")) {
-            sanitized = sanitized.replace(/\/+$/, "/")
-        } else if (sanitized !== "/") {
-            sanitized = sanitized.replace(/\/+$/, "")
-        }
-        return sanitized
-    } catch {
-        return url.trim()
+  try {
+    let decodedURL = decodeURIComponent(url).trim();
+    const protocolMatch = decodedURL.match(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)/);
+    let protocol = "";
+    let rest = decodedURL;
+    if (protocolMatch) {
+      protocol = protocolMatch[1];
+      rest = decodedURL.slice(protocol.length);
+      const slashIndex = rest.indexOf("/");
+      if (slashIndex === -1) {
+        return protocol + rest;
+      }
+      const domain = rest.slice(0, slashIndex);
+      let path = rest.slice(slashIndex).replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
+      if (path !== "/" && path.endsWith("/")) {
+        path = path.replace(/\/+$/, "/");
+      } else if (path !== "/") {
+        path = path.replace(/\/+$/, "");
+      }
+      return protocol + domain + path;
+    }
+    let sanitized = decodedURL.replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
+    if (sanitized !== "/" && sanitized.endsWith("/")) {
+      sanitized = sanitized.replace(/\/+$/, "/");
+    } else if (sanitized !== "/") {
+      sanitized = sanitized.replace(/\/+$/, "");
     }
-}
+    return sanitized;
+  } catch {
+    return url.trim();
+  }
+};
 var isValidRelativePath = (path) => {
-    if (!path || typeof path !== "string") return false
-    if (!path.startsWith("/") || path.includes("://") || path.includes("\r") || path.includes("\n")) return false
-    if (/[\x00-\x1F\x7F]/.test(path) || path.includes("\0")) return false
-    const sanitized = sanitizeURL(path)
-    if (sanitized.includes("..")) return false
-    return true
-}
+  if (!path || typeof path !== "string") return false;
+  if (!path.startsWith("/") || path.includes("://") || path.includes("\r") || path.includes("\n")) return false;
+  if (/[\x00-\x1F\x7F]/.test(path) || path.includes("\0")) return false;
+  const sanitized = sanitizeURL(path);
+  if (sanitized.includes("..")) return false;
+  return true;
+};
 var onErrorHandler = (error) => {
-    if ((0, import_router.isRouterError)(error)) {
-        const { message, status, statusText } = error
-        return Response.json({ error: "invalid_request", error_description: message }, { status, statusText })
-    }
-    if (isAuthError(error)) {
-        const { type, message } = error
-        return Response.json({ error: type, error_description: message }, { status: 400 })
-    }
-    return Response.json({ error: "server_error", error_description: "An unexpected error occurred" }, { status: 500 })
-}
+  if ((0, import_router.isRouterError)(error)) {
+    const { message, status, statusText } = error;
+    return Response.json({ error: "invalid_request", error_description: message }, { status, statusText });
+  }
+  if (isAuthError(error)) {
+    const { type, message } = error;
+    return Response.json({ error: type, error_description: message }, { status: 400 });
+  }
+  return Response.json({ error: "server_error", error_description: "An unexpected error occurred" }, { status: 500 });
+};
 var getNormalizedOriginPath = (path) => {
-    try {
-        const url = new URL(path)
-        url.hash = ""
-        url.search = ""
-        return `${url.origin}${url.pathname}`
-    } catch {
-        return sanitizeURL(path)
-    }
-}
+  try {
+    const url = new URL(path);
+    url.hash = "";
+    url.search = "";
+    return `${url.origin}${url.pathname}`;
+  } catch {
+    return sanitizeURL(path);
+  }
+};
 var toISOString = (date) => {
-    return new Date(date).toISOString()
-}
+  return new Date(date).toISOString();
+};
 // Annotate the CommonJS export names for ESM import in node:
-0 &&
-    (module.exports = {
-        equals,
-        getNormalizedOriginPath,
-        isValidRelativePath,
-        onErrorHandler,
-        sanitizeURL,
-        toCastCase,
-        toISOString,
-        toSnakeCase,
-        toUpperCase,
-    })
+0 && (module.exports = {
+  equals,
+  getNormalizedOriginPath,
+  isValidRelativePath,
+  onErrorHandler,
+  sanitizeURL,
+  toCastCase,
+  toISOString,
+  toSnakeCase,
+  toUpperCase
+});