@aura-stack/auth 0.1.0-rc.9 → 0.2.0-rc.1

package/dist/oauth/index.cjs

@@ -1,213 +1,383 @@
-"use strict"
-var __defProp = Object.defineProperty
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor
-var __getOwnPropNames = Object.getOwnPropertyNames
-var __hasOwnProp = Object.prototype.hasOwnProperty
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
-    for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
-}
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 var __copyProps = (to, from, except, desc) => {
-    if ((from && typeof from === "object") || typeof from === "function") {
-        for (let key of __getOwnPropNames(from))
-            if (!__hasOwnProp.call(to, key) && key !== except)
-                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
-    }
-    return to
-}
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/oauth/index.ts
-var oauth_exports = {}
+var oauth_exports = {};
 __export(oauth_exports, {
-    bitbucket: () => bitbucket,
-    builtInOAuthProviders: () => builtInOAuthProviders,
-    createBuiltInOAuthProviders: () => createBuiltInOAuthProviders,
-    discord: () => discord,
-    figma: () => figma,
-    github: () => github,
-    gitlab: () => gitlab,
-    spotify: () => spotify,
-    x: () => x,
-})
-module.exports = __toCommonJS(oauth_exports)
+  bitbucket: () => bitbucket,
+  builtInOAuthProviders: () => builtInOAuthProviders,
+  createBuiltInOAuthProviders: () => createBuiltInOAuthProviders,
+  discord: () => discord,
+  figma: () => figma,
+  github: () => github,
+  gitlab: () => gitlab,
+  mailchimp: () => mailchimp,
+  pinterest: () => pinterest,
+  spotify: () => spotify,
+  strava: () => strava,
+  x: () => x
+});
+module.exports = __toCommonJS(oauth_exports);
 
 // src/oauth/github.ts
 var github = {
-    id: "github",
-    name: "GitHub",
-    authorizeURL: "https://github.com/login/oauth/authorize",
-    accessToken: "https://github.com/login/oauth/access_token",
-    userInfo: "https://api.github.com/user",
-    scope: "read:user user:email",
-    responseType: "code",
-}
+  id: "github",
+  name: "GitHub",
+  authorizeURL: "https://github.com/login/oauth/authorize",
+  accessToken: "https://github.com/login/oauth/access_token",
+  userInfo: "https://api.github.com/user",
+  scope: "read:user user:email",
+  responseType: "code"
+};
 
 // src/oauth/bitbucket.ts
 var bitbucket = {
-    id: "bitbucket",
-    name: "Bitbucket",
-    authorizeURL: "https://bitbucket.org/site/oauth2/authorize",
-    accessToken: "https://bitbucket.org/site/oauth2/access_token",
-    userInfo: "https://api.bitbucket.org/2.0/user",
-    scope: "account email",
-    responseType: "code",
-    profile(profile) {
-        return {
-            sub: profile.uuid ?? profile.account_id,
-            name: profile.display_name ?? profile.nickname,
-            image: profile.links.avatar.href,
-        }
-    },
-}
+  id: "bitbucket",
+  name: "Bitbucket",
+  authorizeURL: "https://bitbucket.org/site/oauth2/authorize",
+  accessToken: "https://bitbucket.org/site/oauth2/access_token",
+  userInfo: "https://api.bitbucket.org/2.0/user",
+  scope: "account email",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.uuid ?? profile.account_id,
+      name: profile.display_name ?? profile.nickname,
+      image: profile.links.avatar.href
+    };
+  }
+};
 
 // src/oauth/figma.ts
 var figma = {
-    id: "figma",
-    name: "Figma",
-    authorizeURL: "https://www.figma.com/oauth",
-    accessToken: "https://api.figma.com/v1/oauth/token",
-    userInfo: "https://api.figma.com/v1/me",
-    scope: "current_user:read",
-    responseType: "code",
-    profile(profile) {
-        return {
-            sub: profile.id,
-            name: profile.handle,
-            email: profile.email,
-            image: profile.img_url,
-        }
-    },
-}
+  id: "figma",
+  name: "Figma",
+  authorizeURL: "https://www.figma.com/oauth",
+  accessToken: "https://api.figma.com/v1/oauth/token",
+  userInfo: "https://api.figma.com/v1/me",
+  scope: "current_user:read",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.id,
+      name: profile.handle,
+      email: profile.email,
+      image: profile.img_url
+    };
+  }
+};
 
 // src/oauth/discord.ts
 var discord = {
-    id: "discord",
-    name: "Discord",
-    authorizeURL: "https://discord.com/oauth2/authorize",
-    accessToken: "https://discord.com/api/oauth2/token",
-    userInfo: "https://discord.com/api/users/@me",
-    scope: "identify email",
-    responseType: "code",
-    profile(profile) {
-        let image = ""
-        if (profile.avatar === null) {
-            const index = profile.discriminator === "0" ? (BigInt(profile.id) >> 22n) % 6n : Number(profile.discriminator) % 5
-            image = `https://cdn.discordapp.com/embed/avatars/${index}.png`
-        } else {
-            const format = profile.avatar.startsWith("a_") ? "gif" : "png"
-            image = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`
-        }
-        return {
-            sub: profile.id,
-            // https://discord.com/developers/docs/change-log#display-names
-            name: profile.global_name ?? profile.username,
-            email: profile.email ?? "",
-            image,
-        }
-    },
-}
+  id: "discord",
+  name: "Discord",
+  authorizeURL: "https://discord.com/oauth2/authorize",
+  accessToken: "https://discord.com/api/oauth2/token",
+  userInfo: "https://discord.com/api/users/@me",
+  scope: "identify email",
+  responseType: "code",
+  profile(profile) {
+    let image = "";
+    if (profile.avatar === null) {
+      const index = profile.discriminator === "0" ? (BigInt(profile.id) >> 22n) % 6n : Number(profile.discriminator) % 5;
+      image = `https://cdn.discordapp.com/embed/avatars/${index}.png`;
+    } else {
+      const format = profile.avatar.startsWith("a_") ? "gif" : "png";
+      image = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
+    }
+    return {
+      sub: profile.id,
+      name: profile.global_name ?? profile.username,
+      email: profile.email ?? "",
+      image
+    };
+  }
+};
 
 // src/oauth/gitlab.ts
 var gitlab = {
-    id: "gitlab",
-    name: "GitLab",
-    authorizeURL: "https://gitlab.com/oauth/authorize",
-    accessToken: "https://gitlab.com/oauth/token",
-    userInfo: "https://gitlab.com/api/v4/user",
-    scope: "read_user",
-    responseType: "code",
-    profile(profile) {
-        return {
-            sub: profile.id.toString(),
-            name: profile.name ?? profile.username,
-            email: profile.email,
-            avatar: profile.avatar_url,
-        }
-    },
-}
+  id: "gitlab",
+  name: "GitLab",
+  authorizeURL: "https://gitlab.com/oauth/authorize",
+  accessToken: "https://gitlab.com/oauth/token",
+  userInfo: "https://gitlab.com/api/v4/user",
+  scope: "read_user",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.id.toString(),
+      name: profile.name ?? profile.username,
+      email: profile.email,
+      avatar: profile.avatar_url
+    };
+  }
+};
 
 // src/oauth/spotify.ts
 var spotify = {
-    id: "spotify",
-    name: "Spotify",
-    authorizeURL: "https://accounts.spotify.com/authorize",
-    accessToken: "https://accounts.spotify.com/api/token",
-    userInfo: "https://api.spotify.com/v1/me",
-    scope: "user-read-email user-read-private",
-    responseType: "token",
-    profile(profile) {
-        return {
-            sub: profile.id,
-            name: profile.display_name,
-            email: profile.email,
-            image: profile.images?.[0]?.url,
-        }
-    },
-}
+  id: "spotify",
+  name: "Spotify",
+  authorizeURL: "https://accounts.spotify.com/authorize",
+  accessToken: "https://accounts.spotify.com/api/token",
+  userInfo: "https://api.spotify.com/v1/me",
+  scope: "user-read-email user-read-private",
+  responseType: "token",
+  profile(profile) {
+    return {
+      sub: profile.id,
+      name: profile.display_name,
+      email: profile.email,
+      image: profile.images?.[0]?.url
+    };
+  }
+};
 
 // src/oauth/x.ts
 var x = {
-    id: "x",
-    name: "X",
-    authorizeURL: "https://x.com/i/oauth2/authorize",
-    accessToken: "https://api.x.com/2/oauth2/token",
-    userInfo: "https://api.x.com/2/users/me?user.fields=profile_image_url",
-    scope: "users.read users.email tweet.read offline.access",
-    responseType: "code",
-    profile({ data }) {
-        return {
-            sub: data.id,
-            name: data.name,
-            image: data.profile_image_url,
-            email: "",
-        }
-    },
-}
+  id: "x",
+  name: "X",
+  authorizeURL: "https://x.com/i/oauth2/authorize",
+  accessToken: "https://api.x.com/2/oauth2/token",
+  userInfo: "https://api.x.com/2/users/me?user.fields=profile_image_url",
+  scope: "users.read users.email tweet.read offline.access",
+  responseType: "code",
+  profile({ data }) {
+    return {
+      sub: data.id,
+      name: data.name,
+      image: data.profile_image_url,
+      email: ""
+    };
+  }
+};
+
+// src/oauth/strava.ts
+var strava = {
+  id: "strava",
+  name: "Strava",
+  authorizeURL: "https://www.strava.com/oauth/authorize",
+  accessToken: "https://www.strava.com/oauth/token",
+  userInfo: "https://www.strava.com/api/v3/athlete",
+  scope: "read",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.id.toString(),
+      name: `${profile.firstname} ${profile.lastname}`,
+      image: profile.profile,
+      email: ""
+    };
+  }
+};
+
+// src/oauth/mailchimp.ts
+var mailchimp = {
+  id: "mailchimp",
+  name: "Mailchimp",
+  authorizeURL: "https://login.mailchimp.com/oauth2/authorize",
+  accessToken: "https://login.mailchimp.com/oauth2/token",
+  userInfo: "https://login.mailchimp.com/oauth2/metadata",
+  scope: "",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.user_id,
+      name: profile.accountname,
+      email: profile.login.login_email,
+      image: null
+    };
+  }
+};
+
+// src/oauth/pinterest.ts
+var pinterest = {
+  id: "pinterest",
+  name: "Pinterest",
+  authorizeURL: "https://api.pinterest.com/oauth/",
+  accessToken: "https://api.pinterest.com/v5/oauth/token",
+  userInfo: "https://api.pinterest.com/v5/user_account",
+  scope: "user_accounts:read",
+  responseType: "code",
+  profile(profile) {
+    return {
+      sub: profile.id,
+      name: profile.username,
+      email: null,
+      image: profile.profile_image
+    };
+  }
+};
+
+// src/schemas.ts
+var import_zod = require("zod");
+var OAuthProviderConfigSchema = (0, import_zod.object)({
+  authorizeURL: (0, import_zod.string)().url(),
+  accessToken: (0, import_zod.string)().url(),
+  scope: (0, import_zod.string)().optional(),
+  userInfo: (0, import_zod.string)().url(),
+  responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
+  clientId: (0, import_zod.string)(),
+  clientSecret: (0, import_zod.string)()
+});
+var OAuthAuthorization = OAuthProviderConfigSchema.extend({
+  redirectURI: (0, import_zod.string)(),
+  state: (0, import_zod.string)(),
+  codeChallenge: (0, import_zod.string)(),
+  codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
+});
+var OAuthAuthorizationResponse = (0, import_zod.object)({
+  state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
+  code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
+});
+var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
+    "invalid_request",
+    "unauthorized_client",
+    "access_denied",
+    "unsupported_response_type",
+    "invalid_scope",
+    "server_error",
+    "temporarily_unavailable"
+  ]),
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional(),
+  state: (0, import_zod.string)()
+});
+var OAuthAccessToken = OAuthProviderConfigSchema.extend({
+  redirectURI: (0, import_zod.string)(),
+  code: (0, import_zod.string)(),
+  codeVerifier: (0, import_zod.string)().min(43).max(128)
+});
+var OAuthAccessTokenResponse = (0, import_zod.object)({
+  access_token: (0, import_zod.string)(),
+  token_type: (0, import_zod.string)().optional(),
+  expires_in: (0, import_zod.number)().optional(),
+  refresh_token: (0, import_zod.string)().optional(),
+  scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
+});
+var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.enum)([
+    "invalid_request",
+    "invalid_client",
+    "invalid_grant",
+    "unauthorized_client",
+    "unsupported_grant_type",
+    "invalid_scope"
+  ]),
+  error_description: (0, import_zod.string)().optional(),
+  error_uri: (0, import_zod.string)().optional()
+});
+var OAuthErrorResponse = (0, import_zod.object)({
+  error: (0, import_zod.string)(),
+  error_description: (0, import_zod.string)().optional()
+});
+var OAuthEnvSchema = (0, import_zod.object)({
+  clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+});
+
+// src/errors.ts
+var AuthInternalError = class extends Error {
+  type = "AUTH_INTERNAL_ERROR";
+  code;
+  constructor(code, message, options2) {
+    super(message, options2);
+    this.code = code;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
+  }
+};
+
+// src/utils.ts
+var import_router = require("@aura-stack/router");
+var formatZodError = (error) => {
+  if (!error.issues || error.issues.length === 0) {
+    return {};
+  }
+  return error.issues.reduce((previous, issue) => {
+    const key = issue.path.join(".");
+    return {
+      ...previous,
+      [key]: {
+        code: issue.code,
+        message: issue.message
+      }
+    };
+  }, {});
+};
 
 // src/oauth/index.ts
 var builtInOAuthProviders = {
-    github,
-    bitbucket,
-    figma,
-    discord,
-    gitlab,
-    spotify,
-    x,
-}
+  github,
+  bitbucket,
+  figma,
+  discord,
+  gitlab,
+  spotify,
+  x,
+  strava,
+  mailchimp,
+  pinterest
+};
 var defineOAuthEnvironment = (oauth) => {
-    const env = process.env
-    return {
-        clientId: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_ID`],
-        clientSecret: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_SECRET`],
-    }
-}
+  const env = process.env;
+  const clientIdSuffix = `${oauth.toUpperCase()}_CLIENT_ID`;
+  const clientSecretSuffix = `${oauth.toUpperCase()}_CLIENT_SECRET`;
+  const loadEnvs = OAuthEnvSchema.safeParse({
+    clientId: env[`AURA_AUTH_${clientIdSuffix}`] ?? env[`AUTH_${clientIdSuffix}`] ?? env[`${clientIdSuffix}`],
+    clientSecret: env[`AURA_AUTH_${clientSecretSuffix}`] ?? env[`AUTH_${clientSecretSuffix}`] ?? env[`${clientSecretSuffix}`]
+  });
+  if (!loadEnvs.success) {
+    const msg = JSON.stringify(formatZodError(loadEnvs.error), null, 2);
+    throw new AuthInternalError("INVALID_ENVIRONMENT_CONFIGURATION", msg);
+  }
+  return loadEnvs.data;
+};
 var defineOAuthProviderConfig = (config) => {
-    if (typeof config === "string") {
-        const definition = defineOAuthEnvironment(config)
-        const oauthConfig = builtInOAuthProviders[config]
-        return {
-            ...oauthConfig,
-            ...definition,
-        }
-    }
-    return config
-}
+  if (typeof config === "string") {
+    const definition = defineOAuthEnvironment(config);
+    const oauthConfig = builtInOAuthProviders[config];
+    return {
+      ...oauthConfig,
+      ...definition
+    };
+  }
+  return config;
+};
 var createBuiltInOAuthProviders = (oauth = []) => {
-    return oauth.reduce((previous, config) => {
-        const oauthConfig = defineOAuthProviderConfig(config)
-        return { ...previous, [oauthConfig.id]: oauthConfig }
-    }, {})
-}
+  return oauth.reduce((previous, config) => {
+    const oauthConfig = defineOAuthProviderConfig(config);
+    return { ...previous, [oauthConfig.id]: oauthConfig };
+  }, {});
+};
 // Annotate the CommonJS export names for ESM import in node:
-0 &&
-    (module.exports = {
-        bitbucket,
-        builtInOAuthProviders,
-        createBuiltInOAuthProviders,
-        discord,
-        figma,
-        github,
-        gitlab,
-        spotify,
-        x,
-    })
+0 && (module.exports = {
+  bitbucket,
+  builtInOAuthProviders,
+  createBuiltInOAuthProviders,
+  discord,
+  figma,
+  github,
+  gitlab,
+  mailchimp,
+  pinterest,
+  spotify,
+  strava,
+  x
+});

package/dist/oauth/index.d.ts

@@ -1,26 +1,7 @@
-export {
-    B as BitbucketProfile,
-    p as BuiltInOAuthProvider,
-    D as DiscordProfile,
-    F as FigmaProfile,
-    l as GitHubProfile,
-    G as GitLabProfile,
-    N as Nameplate,
-    g as SpotifyProfile,
-    X as XProfile,
-    k as bitbucket,
-    n as builtInOAuthProviders,
-    o as createBuiltInOAuthProviders,
-    i as discord,
-    j as figma,
-    m as github,
-    h as gitlab,
-    s as spotify,
-    x,
-} from "../index-DpfbvTZ_.js"
-import "../@types/utility.js"
-import "zod/v4"
-import "@aura-stack/jose/jose"
-import "../schemas.js"
-import "zod/v4/core"
-import "cookie"
+export { B as BitbucketProfile, K as BuiltInOAuthProvider, D as DiscordProfile, F as FigmaProfile, w as GitHubProfile, G as GitLabProfile, I as Image, L as Login, M as MailchimpProfile, N as Nameplate, P as PinterestProfile, o as SpotifyProfile, n as StravaProfile, k as SummaryClub, l as SummaryGear, X as XProfile, v as bitbucket, z as builtInOAuthProviders, H as createBuiltInOAuthProviders, t as discord, u as figma, y as github, r as gitlab, m as mailchimp, p as pinterest, q as spotify, s as strava, x } from '../index-DkaLJFn8.js';
+import '../@types/utility.js';
+import 'zod';
+import '../schemas.js';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose';
+import '@aura-stack/jose/jose';

package/dist/oauth/index.js

@@ -1,9 +1,51 @@
-import { builtInOAuthProviders, createBuiltInOAuthProviders } from "../chunk-VFTYH33W.js"
-import { figma } from "../chunk-FKRDCWBF.js"
-import { github } from "../chunk-IKHPGFCW.js"
-import { gitlab } from "../chunk-KRNOMBXQ.js"
-import { spotify } from "../chunk-E3OXBRYF.js"
-import { x } from "../chunk-42XB3YCW.js"
-import { bitbucket } from "../chunk-FIPU4MLT.js"
-import { discord } from "../chunk-EBPE35JT.js"
-export { bitbucket, builtInOAuthProviders, createBuiltInOAuthProviders, discord, figma, github, gitlab, spotify, x }
+import {
+  builtInOAuthProviders,
+  createBuiltInOAuthProviders
+} from "../chunk-EMKJA2GJ.js";
+import {
+  x
+} from "../chunk-42XB3YCW.js";
+import {
+  figma
+} from "../chunk-FKRDCWBF.js";
+import {
+  github
+} from "../chunk-IKHPGFCW.js";
+import {
+  gitlab
+} from "../chunk-KRNOMBXQ.js";
+import {
+  mailchimp
+} from "../chunk-B737EUJV.js";
+import {
+  pinterest
+} from "../chunk-HP34YGGJ.js";
+import {
+  spotify
+} from "../chunk-E3OXBRYF.js";
+import {
+  strava
+} from "../chunk-6R2YZ4AC.js";
+import {
+  bitbucket
+} from "../chunk-FIPU4MLT.js";
+import {
+  discord
+} from "../chunk-IUYZQTJV.js";
+import "../chunk-CXLATHS5.js";
+import "../chunk-RRLIF4PQ.js";
+import "../chunk-YRCB5FLE.js";
+export {
+  bitbucket,
+  builtInOAuthProviders,
+  createBuiltInOAuthProviders,
+  discord,
+  figma,
+  github,
+  gitlab,
+  mailchimp,
+  pinterest,
+  spotify,
+  strava,
+  x
+};