@aura-stack/auth 0.1.0-rc.9 → 0.2.0-rc.1

package/dist/index-DpfbvTZ_.d.ts

@@ -1,597 +0,0 @@
-import { z } from "zod/v4"
-import { JWTPayload } from "@aura-stack/jose/jose"
-import { OAuthAuthorizationErrorResponse, OAuthAccessTokenErrorResponse } from "./schemas.js"
-import { SerializeOptions } from "cookie"
-import { LiteralUnion, Prettify } from "./@types/utility.js"
-
-/**
- * @see [X - Get my User](https://docs.x.com/x-api/users/get-my-user)
- */
-interface XProfile {
-    data: {
-        id: string
-        name: string
-        username: string
-        profile_image_url: string
-    }
-}
-/**
- * @see [X - Developer Portal](https://developer.x.com/en/portal/projects-and-apps)
- * @see [X - Get my User](https://docs.x.com/x-api/users/get-my-user)
- * @see [X - OAuth 2.0 Authorization Code Flow with PKCE](https://docs.x.com/fundamentals/authentication/oauth-2-0/authorization-code)
- * @see [X - OAuth 2.0 Scopes](https://docs.x.com/fundamentals/authentication/oauth-2-0/authorization-code#scopes)
- * @see [X - OAuth 2.0 Bearer Token](https://docs.x.com/fundamentals/authentication/oauth-2-0/application-only)
- */
-declare const x: OAuthProviderConfig<XProfile>
-
-interface Image {
-    url: string
-    height: number
-    width: number
-}
-/**
- * @see [Spotify - User Object](https://developer.spotify.com/documentation/web-api/reference/object-model/#user-object-private)
- */
-interface SpotifyProfile {
-    id: string
-    display_name: string
-    email: string
-    type: string
-    uri: string
-    country: string
-    href: string
-    images: Image[]
-    product: string
-    explicit_content: {
-        filter_enabled: boolean
-        filter_locked: boolean
-    }
-    external_urls: {
-        spotify: string
-    }
-    followers: {
-        href: string
-        total: number
-    }
-}
-/**
- * @see [Spotify - Spotify Developer Dashboard](https://developer.spotify.com/dashboard)
- * @see [Spotify - Getting started with Web API](https://developer.spotify.com/documentation/web-api/tutorials/getting-started)
- * @see [Spotify - Get Current User's Profile](https://developer.spotify.com/documentation/web-api/reference/get-current-users-profile)
- * @see [Spotify - Scopes](https://developer.spotify.com/documentation/web-api/concepts/scopes)
- * @see [Spotify - Redirect URIs](https://developer.spotify.com/documentation/web-api/concepts/redirect_uri)
- */
-declare const spotify: OAuthProviderConfig<SpotifyProfile>
-
-/**
- * @see [GitLab - Get the current user](https://docs.gitlab.com/api/users/#get-the-current-user)
- */
-interface GitLabProfile {
-    id: number
-    username: string
-    email: string
-    name: string
-    state: string
-    locked: boolean
-    avatar_url: string
-    web_url: string
-    created_at: string
-    bio: string
-    location: string | null
-    public_email: string
-    linkedin: string
-    twitter: string
-    discord: string
-    github: string
-    website_url: string
-    organization: string
-    job_title: string
-    pronouns: string
-    bot: boolean
-    work_information: string | null
-    followers: number
-    following: number
-    local_time: string
-    last_sign_in_at: string
-    confirmed_at: string
-    theme_id: number
-    last_activity_on: string
-    color_scheme_id: number
-    projects_limit: number
-    current_sign_in_at: string
-    identities: {
-        provider: string
-        extern_uid: string
-        saml_provider_id: number | null
-    }[]
-    can_create_group: boolean
-    can_create_project: boolean
-    two_factor_enabled: boolean
-    external: boolean
-    private_profile: boolean
-    commit_email: string
-    preferred_language: string
-    shared_runners_minutes_limit: number | null
-    extra_shared_runners_minutes_limit: number | null
-    scim_identities: unknown[]
-}
-/**
- * @see [GitLab - Applications](https://gitlab.com/-/user_settings/applications)
- * @see [GitLab - OAuth 2.0 identify provider API](https://docs.gitlab.com/api/oauth2/)
- * @see [GitLab - Scopes](https://docs.gitlab.com/integration/oauth_provider/#view-all-authorized-applications)
- * @see [GitLab - Get current user](https://docs.gitlab.com/api/users/#get-the-current-user)
- */
-declare const gitlab: OAuthProviderConfig<GitLabProfile>
-
-/**
- * @see [Discord - Nameplate Object](https://discord.com/developers/docs/resources/user#nameplate-nameplate-structure)
- */
-interface Nameplate {
-    sku_id: string
-    asset: string
-    label: string
-    palette: string
-}
-/**
- * The `snowflake` type is a string type. The attributes defined with this type are:
- * - `id`: The unique identifier for the object.
- * - `primary_guild.identity_guild_id`: The unique identifier for the guild.
- * - `avatar_decoration_data.sku_id`: The unique identifier for the SKU.
- *
- * @see [Discord - User Object](https://discord.com/developers/docs/resources/user#user-object)
- */
-interface DiscordProfile {
-    id: string
-    username: string
-    discriminator: string
-    global_name: string | null
-    avatar: string | null
-    bot?: boolean
-    system?: boolean
-    mfa_enabled?: boolean
-    banner?: string | null
-    accent_color?: number | null
-    locale?: string
-    verified?: boolean
-    email?: string | null
-    flags?: number
-    premium_type?: number
-    public_flags?: number
-    avatar_decoration_data?: {
-        asset: string
-        sku_id: string
-    }
-    collections?: Record<string, Nameplate>
-    primary_guild?: {
-        identity_guild_id: string
-        identity_enabled: boolean | null
-        tag: string | null
-        badge: string | null
-    }
-}
-/**
- * @see [Discord - Applications](https://discord.com/developers/applications)
- * @see [Discord - OAuth2](https://discord.com/developers/docs/topics/oauth2)
- * @see [Discord - Get Current User](https://discord.com/developers/docs/resources/user#get-current-user)
- * @see [Discord - User Object](https://discord.com/developers/docs/resources/user#user-object)
- * @see [Discord - OAuth2 Scopes](https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-scopes)
- * @see [Discord - Image Formatting](https://discord.com/developers/docs/reference#image-formatting)
- */
-declare const discord: OAuthProviderConfig<DiscordProfile>
-
-/**
- * @see [Figma API - Users](https://developers.figma.com/docs/rest-api/users-types/)
- */
-interface FigmaProfile {
-    id: string
-    handle: string
-    img_url: string
-    email: string
-}
-/**
- * @see [Figma - REST API Introduction](https://developers.figma.com/docs/rest-api/)
- * @see [Figma - OAuth App](https://www.figma.com/developers/apps/)
- * @see [Figma - Create an OAuth App](https://developers.figma.com/docs/rest-api/authentication/#create-an-oauth-app)
- * @see [Figma - OAuth Scopes](https://developers.figma.com/docs/rest-api/scopes/)
- */
-declare const figma: OAuthProviderConfig<FigmaProfile>
-
-/**
- * @see [Get current user](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-user-get)
- */
-interface BitbucketProfile {
-    display_name: string
-    links: Record<
-        LiteralUnion<"self" | "avatar" | "repositories" | "snippets" | "html" | "hooks">,
-        {
-            href?: string
-        }
-    >
-    created_on: string
-    type: string
-    uuid: string
-    has_2fa_enabled: boolean
-    username: string
-    nickname: string
-    is_staff: boolean
-    account_id: string
-    account_status: LiteralUnion<"active" | "inactive" | "closed">
-    location: string | null
-}
-/**
- * Bitbucket OAuth Provider
- *
- * @see [Bitbucket - Official App](https://bitbucket.org/)
- * @see [Bitbucket - Workspaces](https://bitbucket.org/account/workspaces/)
- * @see [Bitbucket - Workspace Settings](https://bitbucket.org/{workspace-name}/workspace/settings/)
- * @see [Bitbucket - OAuth 2.0](https://developer.atlassian.com/cloud/bitbucket/oauth-2/)
- * @see [Bitbucket - Use OAuth on Bitbucket Cloud](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/)
- * @see [Bitbucket - Cloud REST API](https://developer.atlassian.com/cloud/bitbucket/rest/intro/)
- * @see [Bitbucket - User Endpoint](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-users-endpoint)
- */
-declare const bitbucket: OAuthProviderConfig<BitbucketProfile>
-
-/**
- * @see [Get the authenticated user](https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-the-authenticated-user)
- */
-interface GitHubProfile {
-    login: string
-    id: number
-    user_view_type: string
-    node_id: string
-    avatar_url: string
-    gravatar_id: string | null
-    url: string
-    html_url: string
-    followers_url: string
-    following_url: string
-    gists_url: string
-    starred_url: string
-    subscriptions_url: string
-    organizations_url: string
-    repos_url: string
-    events_url: string
-    received_events_url: string
-    type: string
-    site_admin: boolean
-    name: string | null
-    company: string | null
-    blog: string | null
-    location: string | null
-    email: string | null
-    notification_email: string | null
-    hireable: boolean | null
-    bio: string | null
-    twitter_username?: string | null
-    public_repos: number
-    public_gists: number
-    followers: number
-    following: number
-    created_at: string
-    updated_at: string
-    private_gists?: number
-    total_private_repos?: number
-    owned_private_repos?: number
-    disk_usage?: number
-    collaborators?: number
-    two_factor_authentication: boolean
-    plan?: {
-        collaborators: number
-        name: string
-        space: number
-        private_repos: number
-    }
-}
-/**
- * GitHub OAuth Provider
- * @see [GitHub - Creating an OAuth App](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
- * @see [GitHub - Authorizing OAuth Apps](https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps)
- * @see [GitHub - Configure your GitHub OAuth Apps](https://github.com/settings/developers)
- * @see [Github - Get the authenticated user](https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-the-authenticated-user)
- */
-declare const github: OAuthProviderConfig<GitHubProfile>
-
-declare const builtInOAuthProviders: {
-    github: OAuthProviderConfig<GitHubProfile>
-    bitbucket: OAuthProviderConfig<BitbucketProfile>
-    figma: OAuthProviderConfig<FigmaProfile>
-    discord: OAuthProviderConfig<DiscordProfile>
-    gitlab: OAuthProviderConfig<GitLabProfile>
-    spotify: OAuthProviderConfig<SpotifyProfile>
-    x: OAuthProviderConfig<XProfile>
-}
-/**
- * Constructs OAuth provider configurations from an array of provider names or configurations.
- * It loads the client ID and client secret from environment variables if only the provider name is provided.
- *
- * @param oauth - Array of OAuth provider configurations or provider names to be defined from environment variables
- * @returns A record of OAuth provider configurations
- */
-declare const createBuiltInOAuthProviders: (
-    oauth?: (BuiltInOAuthProvider | OAuthProviderCredentials)[]
-) => Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials>
-type BuiltInOAuthProvider = keyof typeof builtInOAuthProviders
-
-/**
- * Standard JWT claims that are managed internally by the token system.
- * These fields are typically filtered out before returning user data.
- */
-type JWTStandardClaims = Pick<JWTPayload, "exp" | "iat" | "jti" | "nbf" | "sub" | "aud" | "iss">
-/**
- * Standardized user profile returned by OAuth providers after fetching user information
- * and mapping the response to this format by default or via the `profile` custom function.
- */
-interface User {
-    sub: string
-    name?: string
-    email?: string
-    image?: string
-}
-/**
- * Session data returned by the session endpoint.
- */
-interface Session {
-    user: User
-    expires: string
-}
-/**
- * Configuration for an OAuth provider without credentials.
- * Use this type when defining provider metadata and endpoints.
- */
-interface OAuthProviderConfig<Profile extends object = {}> {
-    id: string
-    name: string
-    authorizeURL: string
-    accessToken: string
-    userInfo: string
-    scope: string
-    responseType: string
-    profile?: (profile: Profile) => User | Promise<User>
-}
-/**
- * OAuth provider configuration with client credentials.
- * Extends OAuthProviderConfig with clientId and clientSecret.
- */
-interface OAuthProviderCredentials extends OAuthProviderConfig {
-    clientId: string
-    clientSecret: string
-}
-/**
- * Complete OAuth provider type combining configuration and credentials.
- */
-type OAuthProvider<Profile extends Record<string, unknown> = {}> = OAuthProviderConfig<Profile> & OAuthProviderCredentials
-/**
- * Cookie type with __Secure- prefix, must be Secure.
- * @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__secure-prefix
- */
-type SecureCookie = {
-    strategy: "secure"
-} & {
-    options?: Prettify<Omit<SerializeOptions, "secure" | "encode">>
-}
-/**
- * Cookie type with __Host- prefix, must be Secure, Path=/, no Domain attribute.
- * @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__host-prefix
- */
-type HostCookie = {
-    strategy: "host"
-} & {
-    options?: Prettify<Omit<SerializeOptions, "secure" | "path" | "domain" | "encode">>
-}
-/**
- * Standard cookie type without security prefixes.
- * Can be sent over both HTTP and HTTPS connections (default in development).
- */
-type StandardCookie = {
-    strategy?: "standard"
-} & {
-    options?: Prettify<Omit<SerializeOptions, "encode">>
-}
-/**
- * Union type for cookie options based on the specified strategy.
- * - `secure`: Cookies are only sent over HTTPS connections
- * - `host`: Cookies use the __Host- prefix and are only sent over HTTPS connections
- * - `standard`: Cookies can be sent over both HTTP and HTTPS connections (default in development)
- */
-type CookieStrategyOptions = StandardCookie | SecureCookie | HostCookie
-/**
- * Configuration options for cookies used in Aura Auth.
- * @see {@link AuthConfig.cookies}
- */
-type CookieConfig = Prettify<
-    {
-        name?: string
-    } & CookieStrategyOptions
->
-/**
- * Internal representation of cookie configuration with all options resolved.
- * @internal
- */
-type CookieConfigInternal = {
-    name?: string
-    prefix?: string
-} & SerializeOptions
-/**
- * Names of cookies used by Aura Auth for session management and OAuth flows.
- * - `sessionToken`: User session JWT
- * - `csrfToken`: CSRF protection token
- * - `state`: OAuth state parameter for CSRF protection
- * - `code_verifier`: PKCE code verifier for authorization code flow
- * - `redirect_uri`: OAuth callback URI
- * - `redirect_to`: Post-authentication redirect path
- * - `nonce`: OpenID Connect nonce parameter
- */
-type CookieName = "sessionToken" | "csrfToken" | "state" | "nonce" | "code_verifier" | "redirect_to" | "redirect_uri"
-/**
- * Main configuration interface for Aura Auth.
- * This is the user-facing configuration object passed to `createAuth()`.
- */
-interface AuthConfig {
-    /**
-     * OAuth providers available in the authentication and authorization flows. It provides a type-inference
-     * for the OAuth providers that are supported by Aura Stack Auth; alternatively, you can provide a custom
-     * OAuth third-party authorization service by implementing the `OAuthProviderCredentials` interface.
-     *
-     * Built-in OAuth providers:
-     * oauth: ["github", "google"]
-     *
-     * Custom OAuth providers:
-     * oauth: [
-     *   {
-     *     id: "oauth-providers",
-     *     name: "OAuth",
-     *     authorizeURL: "https://example.com/oauth/authorize",
-     *     accessToken: "https://example.com/oauth/token",
-     *     scope: "profile email",
-     *     responseType: "code",
-     *     userInfo: "https://example.com/oauth/userinfo",
-     *     clientId: process.env.AURA_AUTH_OAUTH_PROVIDER_CLIENT_ID!,
-     *     clientSecret: process.env.AURA_AUTH_OAUTH_PROVIDER_CLIENT_SECRET!,
-     *   }
-     * ]
-     */
-    oauth: (BuiltInOAuthProvider | OAuthProviderCredentials)[]
-    /**
-     * Cookie options defines the configuration for cookies used in Aura Auth.
-     * It includes a prefix for cookie names and flag options to determine
-     * the security and scope of the cookies.
-     *
-     * **⚠️ WARNING:** Ensure that the cookie options are configured correctly to
-     * maintain the security and integrity of the authentication process. `Aura Auth`
-     * is not responsible for misconfigured cookies that may lead to security vulnerabilities.
-     *
-     * - prefix: A string prefix to be added to all cookie names, by default "aura-stack".
-     * - flag options (This attributes help to define the security level of the cookies):
-     *   - secure: Cookies use the __Secure- prefix and are only sent over HTTPS connections.
-     *   - host: Cookies use the __Host- prefix and are only sent over HTTPS connections.
-     *   - standard: Cookies can be sent over both HTTP and HTTPS connections. (default in development)
-     *
-     * @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__secure-prefix
-     * @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__host-prefix
-     */
-    cookies?: CookieConfig
-    /**
-     * Secret used to sign and verify JWT tokens for session and csrf protection.
-     * If not provided, it will load from the environment variable `AURA_AUTH_SECRET`, but if it
-     * doesn't exist, it will throw an error during the initialization of the Auth module.
-     */
-    secret?: string
-    /**
-     * Base path for all authentication routes. Default is `/auth`.
-     */
-    basePath?: `/${string}`
-    /**
-     * Enable trusted proxy headers for scenarios where the application is behind a reverse proxy or load balancer.
-     * This setting allows Aura Auth to correctly interpret headers like `X-Forwarded-For` and `X-Forwarded-Proto`
-     * to determine the original client IP address and protocol.
-     *
-     * Default is `false`. Enable this option only if you are certain that your application is behind a trusted proxy.
-     * Misconfiguration can lead to security vulnerabilities, such as incorrect handling of secure cookies or
-     * inaccurate client IP logging.
-     *
-     * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
-     * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
-     * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
-     * @experimental
-     */
-    trustedProxyHeaders?: boolean
-}
-interface JoseInstance {
-    decodeJWT: (token: string) => Promise<JWTPayload>
-    encodeJWT: (payload: JWTPayload) => Promise<string>
-    signJWS: (payload: JWTPayload) => Promise<string>
-    verifyJWS: (payload: string) => Promise<JWTPayload>
-}
-/**
- * Internal runtime configuration used within Aura Auth after initialization.
- * All optional fields from AuthConfig are resolved to their default values.
- * @internal
- * @todo: is this needed?
- */
-interface AuthRuntimeConfig {
-    oauth: Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials>
-    cookies: CookieConfig
-    secret: string
-    jose: JoseInstance
-}
-interface RouterGlobalContext {
-    oauth: Record<LiteralUnion<BuiltInOAuthProvider>, OAuthProviderCredentials>
-    cookies: CookieConfigInternal
-    jose: JoseInstance
-    basePath: string
-    trustedProxyHeaders: boolean
-}
-interface AuthInstance {
-    handlers: {
-        GET: (request: Request) => Response | Promise<Response>
-        POST: (request: Request) => Response | Promise<Response>
-    }
-    jose: JoseInstance
-}
-/**
- * Base OAuth error response structure.
- */
-interface OAuthError<T extends string> {
-    error: T
-    error_description?: string
-}
-/**
- * OAuth 2.0 Authorization Error Response Types
- * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
- */
-type AuthorizationError = OAuthError<z.infer<typeof OAuthAuthorizationErrorResponse>["error"]>
-/**
- * OAuth 2.0 Access Token Error Response Types
- * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
- */
-type AccessTokenError = OAuthError<z.infer<typeof OAuthAccessTokenErrorResponse>["error"]>
-/**
- * OAuth 2.0 Token Revocation Error Response Types
- * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.2.1
- */
-type TokenRevocationError = OAuthError<"invalid_session_token" | "invalid_csrf_token" | "invalid_redirect_to">
-type ErrorType = AuthorizationError["error"] | AccessTokenError["error"] | TokenRevocationError["error"]
-
-export {
-    type AuthRuntimeConfig as A,
-    type BitbucketProfile as B,
-    type CookieConfig as C,
-    type DiscordProfile as D,
-    type ErrorType as E,
-    type FigmaProfile as F,
-    type GitLabProfile as G,
-    type HostCookie as H,
-    type JoseInstance as J,
-    type Nameplate as N,
-    type OAuthProvider as O,
-    type RouterGlobalContext as R,
-    type Session as S,
-    type TokenRevocationError as T,
-    type User as U,
-    type XProfile as X,
-    type CookieConfigInternal as a,
-    type CookieName as b,
-    type AuthConfig as c,
-    type AuthInstance as d,
-    type OAuthProviderConfig as e,
-    type OAuthProviderCredentials as f,
-    type SpotifyProfile as g,
-    gitlab as h,
-    discord as i,
-    figma as j,
-    bitbucket as k,
-    type GitHubProfile as l,
-    github as m,
-    builtInOAuthProviders as n,
-    createBuiltInOAuthProviders as o,
-    type BuiltInOAuthProvider as p,
-    type JWTStandardClaims as q,
-    type SecureCookie as r,
-    spotify as s,
-    type StandardCookie as t,
-    type CookieStrategyOptions as u,
-    type OAuthError as v,
-    type AuthorizationError as w,
-    x,
-    type AccessTokenError as y,
-}

package/dist/response.cjs

@@ -1,34 +0,0 @@
-"use strict"
-var __defProp = Object.defineProperty
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor
-var __getOwnPropNames = Object.getOwnPropertyNames
-var __hasOwnProp = Object.prototype.hasOwnProperty
-var __export = (target, all) => {
-    for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
-}
-var __copyProps = (to, from, except, desc) => {
-    if ((from && typeof from === "object") || typeof from === "function") {
-        for (let key of __getOwnPropNames(from))
-            if (!__hasOwnProp.call(to, key) && key !== except)
-                __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
-    }
-    return to
-}
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
-
-// src/response.ts
-var response_exports = {}
-__export(response_exports, {
-    AuraResponse: () => AuraResponse,
-})
-module.exports = __toCommonJS(response_exports)
-var AuraResponse = class extends Response {
-    static json(body, init) {
-        return Response.json(body, init)
-    }
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 &&
-    (module.exports = {
-        AuraResponse,
-    })

package/dist/response.d.ts

@@ -1,10 +0,0 @@
-/**
- * Custom Response class for Aura Auth.
- *
- * @experimental
- */
-declare class AuraResponse extends Response {
-    static json<T>(body: T, init?: ResponseInit): Response
-}
-
-export { AuraResponse }

package/dist/response.js

@@ -1,2 +0,0 @@
-import { AuraResponse } from "./chunk-JAPMIE6S.js"
-export { AuraResponse }