@aura-stack/auth 0.1.0-rc.9 → 0.2.0-rc.1

package/dist/chunk-UTDLUEEG.js

@@ -1,25 +0,0 @@
-import { createDerivedSalt } from "./chunk-GZU3RBTB.js"
-import { AuthError } from "./chunk-FJUDBLCP.js"
-
-// src/jose.ts
-import "dotenv/config"
-import { createJWT, createJWS, createDeriveKey } from "@aura-stack/jose"
-var createJoseInstance = (secret) => {
-    secret ?? (secret = process.env.AURA_AUTH_SECRET)
-    if (!secret) {
-        throw new AuthError("JOSE_INIT_ERROR", "AURA_AUTH_SECRET environment variable is not set and no secret was provided.")
-    }
-    const salt = process.env.AURA_AUTH_SALT ?? createDerivedSalt(secret)
-    const { derivedKey: derivedSessionKey } = createDeriveKey(secret, salt, "session")
-    const { derivedKey: derivedCsrfTokenKey } = createDeriveKey(secret, salt, "csrfToken")
-    const { decodeJWT, encodeJWT } = createJWT(derivedSessionKey)
-    const { signJWS, verifyJWS } = createJWS(derivedCsrfTokenKey)
-    return {
-        decodeJWT,
-        encodeJWT,
-        signJWS,
-        verifyJWS,
-    }
-}
-
-export { createJoseInstance }

package/dist/chunk-VFTYH33W.js

@@ -1,44 +0,0 @@
-import { figma } from "./chunk-FKRDCWBF.js"
-import { github } from "./chunk-IKHPGFCW.js"
-import { gitlab } from "./chunk-KRNOMBXQ.js"
-import { spotify } from "./chunk-E3OXBRYF.js"
-import { x } from "./chunk-42XB3YCW.js"
-import { bitbucket } from "./chunk-FIPU4MLT.js"
-import { discord } from "./chunk-EBPE35JT.js"
-
-// src/oauth/index.ts
-var builtInOAuthProviders = {
-    github,
-    bitbucket,
-    figma,
-    discord,
-    gitlab,
-    spotify,
-    x,
-}
-var defineOAuthEnvironment = (oauth) => {
-    const env = process.env
-    return {
-        clientId: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_ID`],
-        clientSecret: env[`AURA_AUTH_${oauth.toUpperCase()}_CLIENT_SECRET`],
-    }
-}
-var defineOAuthProviderConfig = (config) => {
-    if (typeof config === "string") {
-        const definition = defineOAuthEnvironment(config)
-        const oauthConfig = builtInOAuthProviders[config]
-        return {
-            ...oauthConfig,
-            ...definition,
-        }
-    }
-    return config
-}
-var createBuiltInOAuthProviders = (oauth = []) => {
-    return oauth.reduce((previous, config) => {
-        const oauthConfig = defineOAuthProviderConfig(config)
-        return { ...previous, [oauthConfig.id]: oauthConfig }
-    }, {})
-}
-
-export { builtInOAuthProviders, createBuiltInOAuthProviders }

package/dist/chunk-XXJKNKGQ.js

@@ -1,27 +0,0 @@
-import { expireCookie, getCookie, secureCookieOptions } from "./chunk-ZV4BH47P.js"
-import { cacheControl } from "./chunk-STHEPPUZ.js"
-import { toISOString } from "./chunk-256KIVJL.js"
-
-// src/actions/session/session.ts
-import { createEndpoint } from "@aura-stack/router"
-var sessionAction = createEndpoint("GET", "/session", async (ctx) => {
-    const {
-        request,
-        context: { cookies, jose, trustedProxyHeaders },
-    } = ctx
-    const cookieOptions = secureCookieOptions(request, cookies, trustedProxyHeaders)
-    try {
-        const session = getCookie(request, "sessionToken", cookieOptions)
-        const decoded = await jose.decodeJWT(session)
-        const { exp, iat, jti, nbf, ...user } = decoded
-        const headers = new Headers(cacheControl)
-        return Response.json({ user, expires: toISOString(exp * 1e3) }, { headers })
-    } catch {
-        const headers = new Headers(cacheControl)
-        const sessionCookie = expireCookie("sessionToken", cookieOptions)
-        headers.set("Set-Cookie", sessionCookie)
-        return Response.json({ authenticated: false, message: "Unauthorized" }, { status: 401, headers })
-    }
-})
-
-export { sessionAction }

package/dist/chunk-ZV4BH47P.js

@@ -1,156 +0,0 @@
-import { isRequest } from "./chunk-6SM22VVJ.js"
-import { AuthError } from "./chunk-FJUDBLCP.js"
-
-// src/cookie.ts
-import { parse, serialize } from "cookie"
-import { parse as parse2 } from "cookie"
-var COOKIE_NAME = "aura-auth"
-var defaultCookieOptions = {
-    httpOnly: true,
-    sameSite: "lax",
-    path: "/",
-    maxAge: 60 * 60 * 24 * 15,
-}
-var defaultCookieConfig = {
-    strategy: "standard",
-    name: COOKIE_NAME,
-    options: defaultCookieOptions,
-}
-var defaultStandardCookieConfig = {
-    secure: false,
-    httpOnly: true,
-    prefix: "",
-}
-var defaultSecureCookieConfig = {
-    secure: true,
-    prefix: "__Secure-",
-}
-var defaultHostCookieConfig = {
-    secure: true,
-    prefix: "__Host-",
-    path: "/",
-    domain: void 0,
-}
-var expiredCookieOptions = {
-    ...defaultCookieOptions,
-    expires: /* @__PURE__ */ new Date(0),
-    maxAge: 0,
-}
-var defineDefaultCookieOptions = (options) => {
-    return {
-        name: options?.name ?? COOKIE_NAME,
-        prefix: options?.prefix ?? (options?.secure ? "__Secure-" : ""),
-        ...defaultCookieOptions,
-        ...options,
-    }
-}
-var setCookie = (cookieName, value, options) => {
-    const { prefix, name } = defineDefaultCookieOptions(options)
-    const cookieNameWithPrefix = `${prefix}${name}.${cookieName}`
-    return serialize(cookieNameWithPrefix, value, {
-        ...defaultCookieOptions,
-        ...options,
-    })
-}
-var getCookie = (petition, cookie, options, optional = false) => {
-    const cookies = isRequest(petition) ? petition.headers.get("Cookie") : petition.headers.getSetCookie().join("; ")
-    if (!cookies) {
-        if (optional) {
-            return ""
-        }
-        throw new AuthError("invalid_request", "No cookies found. There is no active session")
-    }
-    const { name, prefix } = defineDefaultCookieOptions(options)
-    const parsedCookies = parse(cookies)
-    const value = parsedCookies[`${prefix}${name}.${cookie}`]
-    if (value === void 0) {
-        if (optional) {
-            return ""
-        }
-        throw new AuthError("invalid_request", `Cookie "${cookie}" not found. There is no active session`)
-    }
-    return value
-}
-var createSessionCookie = async (session, cookieOptions, jose) => {
-    try {
-        const encoded = await jose.encodeJWT(session)
-        return setCookie("sessionToken", encoded, cookieOptions)
-    } catch (error) {
-        throw new AuthError("server_error", "Failed to create session cookie", { cause: error })
-    }
-}
-var secureCookieOptions = (request, cookieOptions, trustedProxyHeaders) => {
-    const name = cookieOptions.name ?? COOKIE_NAME
-    const isSecure = trustedProxyHeaders
-        ? request.url.startsWith("https://") ||
-          request.headers.get("X-Forwarded-Proto") === "https" ||
-          request.headers.get("Forwarded")?.includes("proto=https")
-        : request.url.startsWith("https://")
-    if (!cookieOptions.options?.httpOnly) {
-        console.warn(
-            "[WARNING]: Cookie is configured without HttpOnly. This allows JavaScript access via document.cookie and increases XSS risk."
-        )
-    }
-    if (cookieOptions.options?.domain === "*") {
-        console.warn("[WARNING]: Cookie 'Domain' is set to '*', which is insecure. Avoid wildcard domains.")
-    }
-    if (!isSecure) {
-        const options = cookieOptions.options
-        if (options?.secure) {
-            console.warn(
-                "[WARNING]: The 'Secure' attribute will be disabled for this cookie. Serve over HTTPS to enforce Secure cookies."
-            )
-        }
-        if (options?.sameSite == "none") {
-            console.warn("[WARNING]: SameSite=None without a secure connection can be blocked by browsers.")
-        }
-        if (process.env.NODE_ENV === "production") {
-            console.warn("[WARNING]: In production, ensure cookies are served over HTTPS to maintain security.")
-        }
-        return {
-            ...defaultCookieOptions,
-            ...cookieOptions.options,
-            sameSite: options?.sameSite === "none" ? "lax" : (options?.sameSite ?? "lax"),
-            ...defaultStandardCookieConfig,
-            name,
-        }
-    }
-    return cookieOptions.strategy === "host"
-        ? {
-              ...defaultCookieOptions,
-              ...cookieOptions.options,
-              ...defaultHostCookieConfig,
-              name,
-          }
-        : { ...defaultCookieOptions, ...cookieOptions.options, ...defaultSecureCookieConfig, name }
-}
-var expireCookie = (name, options) => {
-    return setCookie(name, "", { ...options, ...expiredCookieOptions })
-}
-var oauthCookie = (options) => {
-    return {
-        ...options,
-        secure: options.secure,
-        httpOnly: options.httpOnly,
-        maxAge: 5 * 60,
-        expires: new Date(Date.now() + 5 * 60 * 1e3),
-    }
-}
-
-export {
-    COOKIE_NAME,
-    defaultCookieOptions,
-    defaultCookieConfig,
-    defaultStandardCookieConfig,
-    defaultSecureCookieConfig,
-    defaultHostCookieConfig,
-    expiredCookieOptions,
-    defineDefaultCookieOptions,
-    setCookie,
-    getCookie,
-    createSessionCookie,
-    secureCookieOptions,
-    expireCookie,
-    oauthCookie,
-    parse2 as parse,
-}

package/dist/error.cjs

@@ -1,88 +0,0 @@
-"use strict"
-var __defProp = Object.defineProperty
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor
-var __getOwnPropNames = Object.getOwnPropertyNames
-var __hasOwnProp = Object.prototype.hasOwnProperty
-var __export = (target, all) => {
-    for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
-}
-var __copyProps = (to, from, except, desc) => {
-    if ((from && typeof from === "object") || typeof from === "function") {
-        for (let key of __getOwnPropNames(from))
-            if (!__hasOwnProp.call(to, key) && key !== except)
-                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
-    }
-    return to
-}
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
-
-// src/error.ts
-var error_exports = {}
-__export(error_exports, {
-    AuthError: () => AuthError,
-    ERROR_RESPONSE: () => ERROR_RESPONSE,
-    InvalidCsrfTokenError: () => InvalidCsrfTokenError,
-    InvalidRedirectToError: () => InvalidRedirectToError,
-    isAuthError: () => isAuthError,
-    throwAuthError: () => throwAuthError,
-})
-module.exports = __toCommonJS(error_exports)
-var AuthError = class extends Error {
-    constructor(type, message) {
-        super(message)
-        this.type = type
-        this.name = "AuthError"
-    }
-}
-var InvalidCsrfTokenError = class extends AuthError {
-    constructor(message = "The provided CSRF token is invalid or has expired") {
-        super("invalid_csrf_token", message)
-        this.name = "InvalidCsrfTokenError"
-    }
-}
-var InvalidRedirectToError = class extends AuthError {
-    constructor(message = "The redirectTo parameter does not match the hosted origin.") {
-        super("invalid_redirect_to", message)
-        this.name = "InvalidRedirectToError"
-    }
-}
-var isAuthError = (error) => {
-    return error instanceof AuthError
-}
-var throwAuthError = (error, message) => {
-    if (error instanceof Error) {
-        if (isAuthError(error)) {
-            throw error
-        }
-        throw new AuthError("invalid_request", error.message ?? message)
-    }
-}
-var ERROR_RESPONSE = {
-    AUTHORIZATION: {
-        INVALID_REQUEST: "invalid_request",
-        UNAUTHORIZED_CLIENT: "unauthorized_client",
-        ACCESS_DENIED: "access_denied",
-        UNSUPPORTED_RESPONSE_TYPE: "unsupported_response_type",
-        INVALID_SCOPE: "invalid_scope",
-        SERVER_ERROR: "server_error",
-        TEMPORARILY_UNAVAILABLE: "temporarily_unavailable",
-    },
-    ACCESS_TOKEN: {
-        INVALID_REQUEST: "invalid_request",
-        INVALID_CLIENT: "invalid_client",
-        INVALID_GRANT: "invalid_grant",
-        UNAUTHORIZED_CLIENT: "unauthorized_client",
-        UNSUPPORTED_GRANT_TYPE: "unsupported_grant_type",
-        INVALID_SCOPE: "invalid_scope",
-    },
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 &&
-    (module.exports = {
-        AuthError,
-        ERROR_RESPONSE,
-        InvalidCsrfTokenError,
-        InvalidRedirectToError,
-        isAuthError,
-        throwAuthError,
-    })

package/dist/error.d.ts

@@ -1,62 +0,0 @@
-import { E as ErrorType } from "./index-DpfbvTZ_.js"
-import { LiteralUnion } from "./@types/utility.js"
-import "zod/v4"
-import "@aura-stack/jose/jose"
-import "./schemas.js"
-import "zod/v4/core"
-import "cookie"
-
-/**
- * Error class for all Aura Auth errors.
- */
-declare class AuthError extends Error {
-    readonly type: LiteralUnion<ErrorType>
-    constructor(type: LiteralUnion<ErrorType>, message: string)
-}
-declare class InvalidCsrfTokenError extends AuthError {
-    constructor(message?: string)
-}
-declare class InvalidRedirectToError extends AuthError {
-    constructor(message?: string)
-}
-/**
- * Verifies if the provided error is an instance of AuthError.
- *
- * @param error The error to be checked
- * @returns True if the error is an instance of AuthError, false otherwise
- */
-declare const isAuthError: (error: unknown) => error is AuthError
-/**
- * Captures and Error and verifies if it's an AuthError, rethrowing it if so.
- * If it's a different type of error, it wraps it in a new AuthError with the provided message.
- *
- * @param error The error to be processed
- * @param message The error message to be used if wrapping the error
- */
-declare const throwAuthError: (error: unknown, message?: string) => void
-/**
- * Errores responses returned by the OAuth flows including Authorization and Access Token errors.
- * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
- * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
- */
-declare const ERROR_RESPONSE: {
-    AUTHORIZATION: {
-        INVALID_REQUEST: string
-        UNAUTHORIZED_CLIENT: string
-        ACCESS_DENIED: string
-        UNSUPPORTED_RESPONSE_TYPE: string
-        INVALID_SCOPE: string
-        SERVER_ERROR: string
-        TEMPORARILY_UNAVAILABLE: string
-    }
-    ACCESS_TOKEN: {
-        INVALID_REQUEST: string
-        INVALID_CLIENT: string
-        INVALID_GRANT: string
-        UNAUTHORIZED_CLIENT: string
-        UNSUPPORTED_GRANT_TYPE: string
-        INVALID_SCOPE: string
-    }
-}
-
-export { AuthError, ERROR_RESPONSE, InvalidCsrfTokenError, InvalidRedirectToError, isAuthError, throwAuthError }

package/dist/error.js

@@ -1,9 +0,0 @@
-import {
-    AuthError,
-    ERROR_RESPONSE,
-    InvalidCsrfTokenError,
-    InvalidRedirectToError,
-    isAuthError,
-    throwAuthError,
-} from "./chunk-FJUDBLCP.js"
-export { AuthError, ERROR_RESPONSE, InvalidCsrfTokenError, InvalidRedirectToError, isAuthError, throwAuthError }