@aura-stack/auth 0.1.0-rc.9 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (140) hide show
  1. package/dist/@types/index.cjs +15 -15
  2. package/dist/@types/index.d.ts +6 -31
  3. package/dist/@types/index.js +1 -1
  4. package/dist/@types/router.d.cjs +1 -1
  5. package/dist/@types/router.d.d.ts +6 -7
  6. package/dist/@types/utility.cjs +15 -15
  7. package/dist/@types/utility.d.ts +4 -8
  8. package/dist/@types/utility.js +1 -1
  9. package/dist/actions/callback/access-token.cjs +159 -149
  10. package/dist/actions/callback/access-token.d.ts +14 -20
  11. package/dist/actions/callback/access-token.js +9 -4
  12. package/dist/actions/callback/callback.cjs +371 -484
  13. package/dist/actions/callback/callback.d.ts +9 -12
  14. package/dist/actions/callback/callback.js +15 -12
  15. package/dist/actions/callback/userinfo.cjs +149 -139
  16. package/dist/actions/callback/userinfo.d.ts +8 -9
  17. package/dist/actions/callback/userinfo.js +11 -6
  18. package/dist/actions/csrfToken/csrfToken.cjs +112 -190
  19. package/dist/actions/csrfToken/csrfToken.d.ts +3 -3
  20. package/dist/actions/csrfToken/csrfToken.js +12 -8
  21. package/dist/actions/index.cjs +623 -807
  22. package/dist/actions/index.d.ts +12 -13
  23. package/dist/actions/index.js +33 -18
  24. package/dist/actions/session/session.cjs +86 -176
  25. package/dist/actions/session/session.d.ts +3 -3
  26. package/dist/actions/session/session.js +10 -7
  27. package/dist/actions/signIn/authorization.cjs +248 -257
  28. package/dist/actions/signIn/authorization.d.ts +11 -18
  29. package/dist/actions/signIn/authorization.js +16 -6
  30. package/dist/actions/signIn/signIn.cjs +302 -451
  31. package/dist/actions/signIn/signIn.d.ts +9 -10
  32. package/dist/actions/signIn/signIn.js +12 -10
  33. package/dist/actions/signOut/signOut.cjs +299 -468
  34. package/dist/actions/signOut/signOut.d.ts +3 -3
  35. package/dist/actions/signOut/signOut.js +14 -11
  36. package/dist/assert.cjs +40 -36
  37. package/dist/assert.d.ts +12 -4
  38. package/dist/assert.js +12 -2
  39. package/dist/chunk-2RXNXMCZ.js +55 -0
  40. package/dist/chunk-42XB3YCW.js +19 -17
  41. package/dist/chunk-4V4JNXVF.js +55 -0
  42. package/dist/chunk-6R2YZ4AC.js +22 -0
  43. package/dist/chunk-7H3OR6UU.js +81 -0
  44. package/dist/chunk-CXLATHS5.js +143 -0
  45. package/dist/chunk-E3OXBRYF.js +19 -17
  46. package/dist/chunk-EIL2FPSS.js +22 -0
  47. package/dist/chunk-FIPU4MLT.js +18 -16
  48. package/dist/chunk-FKRDCWBF.js +19 -17
  49. package/dist/chunk-IKHPGFCW.js +11 -9
  50. package/dist/chunk-IMICRJ5U.js +197 -0
  51. package/dist/chunk-IUYZQTJV.js +30 -0
  52. package/dist/chunk-KRNOMBXQ.js +19 -17
  53. package/dist/chunk-N2APGLXA.js +71 -0
  54. package/dist/chunk-NEVKX6K2.js +70 -0
  55. package/dist/chunk-PTJUYB33.js +33 -0
  56. package/dist/chunk-QDO2KSRJ.js +35 -0
  57. package/dist/chunk-QEZL7EYN.js +96 -0
  58. package/dist/chunk-RRLIF4PQ.js +55 -0
  59. package/dist/chunk-STHEPPUZ.js +8 -6
  60. package/dist/chunk-TLE4PXY3.js +39 -0
  61. package/dist/chunk-UEH3LVON.js +97 -0
  62. package/dist/chunk-WD7AUHQ5.js +79 -0
  63. package/dist/chunk-ZLR3LI6X.js +55 -0
  64. package/dist/cookie.cjs +222 -187
  65. package/dist/cookie.d.ts +38 -76
  66. package/dist/cookie.js +27 -34
  67. package/dist/errors.cjs +85 -0
  68. package/dist/errors.d.ts +48 -0
  69. package/dist/errors.js +18 -0
  70. package/dist/headers.cjs +28 -28
  71. package/dist/headers.d.ts +2 -2
  72. package/dist/headers.js +6 -2
  73. package/dist/{index-DpfbvTZ_.d.ts → index-EqsoyjrF.d.ts} +351 -318
  74. package/dist/index.cjs +1006 -1001
  75. package/dist/index.d.ts +9 -31
  76. package/dist/index.js +82 -51
  77. package/dist/jose.cjs +74 -66
  78. package/dist/jose.d.ts +11 -8
  79. package/dist/jose.js +10 -5
  80. package/dist/oauth/bitbucket.cjs +38 -38
  81. package/dist/oauth/bitbucket.d.ts +6 -7
  82. package/dist/oauth/bitbucket.js +6 -2
  83. package/dist/oauth/discord.cjs +47 -48
  84. package/dist/oauth/discord.d.ts +6 -7
  85. package/dist/oauth/discord.js +6 -2
  86. package/dist/oauth/figma.cjs +39 -39
  87. package/dist/oauth/figma.d.ts +6 -7
  88. package/dist/oauth/figma.js +6 -2
  89. package/dist/oauth/github.cjs +31 -31
  90. package/dist/oauth/github.d.ts +6 -7
  91. package/dist/oauth/github.js +6 -2
  92. package/dist/oauth/gitlab.cjs +39 -39
  93. package/dist/oauth/gitlab.d.ts +6 -7
  94. package/dist/oauth/gitlab.js +6 -2
  95. package/dist/oauth/index.cjs +306 -180
  96. package/dist/oauth/index.d.ts +6 -26
  97. package/dist/oauth/index.js +43 -9
  98. package/dist/oauth/spotify.cjs +39 -39
  99. package/dist/oauth/spotify.d.ts +6 -7
  100. package/dist/oauth/spotify.js +6 -2
  101. package/dist/oauth/strava.cjs +46 -0
  102. package/dist/oauth/strava.d.ts +6 -0
  103. package/dist/oauth/strava.js +6 -0
  104. package/dist/oauth/x.cjs +39 -39
  105. package/dist/oauth/x.d.ts +6 -7
  106. package/dist/oauth/x.js +6 -2
  107. package/dist/schemas.cjs +97 -91
  108. package/dist/schemas.d.ts +96 -126
  109. package/dist/schemas.js +20 -18
  110. package/dist/secure.cjs +106 -101
  111. package/dist/secure.d.ts +16 -17
  112. package/dist/secure.js +19 -4
  113. package/dist/utils.cjs +197 -135
  114. package/dist/utils.d.ts +20 -26
  115. package/dist/utils.js +25 -21
  116. package/package.json +5 -6
  117. package/dist/chunk-256KIVJL.js +0 -110
  118. package/dist/chunk-6SM22VVJ.js +0 -15
  119. package/dist/chunk-CAKJT3KS.js +0 -77
  120. package/dist/chunk-EBPE35JT.js +0 -29
  121. package/dist/chunk-FJUDBLCP.js +0 -52
  122. package/dist/chunk-GZU3RBTB.js +0 -51
  123. package/dist/chunk-HGJ4TXY4.js +0 -105
  124. package/dist/chunk-HMRKN75I.js +0 -74
  125. package/dist/chunk-JAPMIE6S.js +0 -8
  126. package/dist/chunk-LLR722CL.js +0 -75
  127. package/dist/chunk-RLT4RFKV.js +0 -36
  128. package/dist/chunk-SJPDVKUS.js +0 -93
  129. package/dist/chunk-SMQO5WD7.js +0 -20
  130. package/dist/chunk-UJJ7R56J.js +0 -42
  131. package/dist/chunk-UTDLUEEG.js +0 -25
  132. package/dist/chunk-VFTYH33W.js +0 -44
  133. package/dist/chunk-XXJKNKGQ.js +0 -27
  134. package/dist/chunk-ZV4BH47P.js +0 -156
  135. package/dist/error.cjs +0 -88
  136. package/dist/error.d.ts +0 -62
  137. package/dist/error.js +0 -9
  138. package/dist/response.cjs +0 -34
  139. package/dist/response.d.ts +0 -10
  140. package/dist/response.js +0 -2
package/dist/schemas.d.ts CHANGED
@@ -1,163 +1,133 @@
1
- import * as zod_v4_core from "zod/v4/core"
2
- import * as zod_v4 from "zod/v4"
1
+ import { z } from 'zod/v4';
3
2
 
4
3
  /**
5
4
  * Schema for OAuth Provider Configuration
6
5
  */
7
- declare const OAuthProviderConfigSchema: zod_v4.ZodObject<
8
- {
9
- authorizeURL: zod_v4.ZodURL
10
- accessToken: zod_v4.ZodURL
11
- scope: zod_v4.ZodOptional<zod_v4.ZodString>
12
- userInfo: zod_v4.ZodURL
13
- responseType: zod_v4.ZodEnum<{
14
- token: "token"
15
- code: "code"
16
- id_token: "id_token"
17
- }>
18
- clientId: zod_v4.ZodString
19
- clientSecret: zod_v4.ZodString
20
- },
21
- zod_v4_core.$strip
22
- >
6
+ declare const OAuthProviderConfigSchema: z.ZodObject<{
7
+ authorizeURL: z.ZodURL;
8
+ accessToken: z.ZodURL;
9
+ scope: z.ZodOptional<z.ZodString>;
10
+ userInfo: z.ZodURL;
11
+ responseType: z.ZodEnum<{
12
+ code: "code";
13
+ token: "token";
14
+ id_token: "id_token";
15
+ }>;
16
+ clientId: z.ZodString;
17
+ clientSecret: z.ZodString;
18
+ }, z.core.$strip>;
23
19
  /**
24
20
  * Schema used to create the authorization URL for the OAuth flow and verify the
25
21
  * OAuth configuration.
26
22
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
27
23
  */
28
- declare const OAuthAuthorization: zod_v4.ZodObject<
29
- {
30
- authorizeURL: zod_v4.ZodURL
31
- accessToken: zod_v4.ZodURL
32
- scope: zod_v4.ZodOptional<zod_v4.ZodString>
33
- userInfo: zod_v4.ZodURL
34
- responseType: zod_v4.ZodEnum<{
35
- token: "token"
36
- code: "code"
37
- id_token: "id_token"
38
- }>
39
- clientId: zod_v4.ZodString
40
- clientSecret: zod_v4.ZodString
41
- redirectURI: zod_v4.ZodString
42
- state: zod_v4.ZodString
43
- codeChallenge: zod_v4.ZodString
44
- codeChallengeMethod: zod_v4.ZodEnum<{
45
- S256: "S256"
46
- plain: "plain"
47
- }>
48
- },
49
- zod_v4_core.$strip
50
- >
24
+ declare const OAuthAuthorization: z.ZodObject<{
25
+ authorizeURL: z.ZodURL;
26
+ accessToken: z.ZodURL;
27
+ scope: z.ZodOptional<z.ZodString>;
28
+ userInfo: z.ZodURL;
29
+ responseType: z.ZodEnum<{
30
+ code: "code";
31
+ token: "token";
32
+ id_token: "id_token";
33
+ }>;
34
+ clientId: z.ZodString;
35
+ clientSecret: z.ZodString;
36
+ redirectURI: z.ZodString;
37
+ state: z.ZodString;
38
+ codeChallenge: z.ZodString;
39
+ codeChallengeMethod: z.ZodEnum<{
40
+ plain: "plain";
41
+ S256: "S256";
42
+ }>;
43
+ }, z.core.$strip>;
51
44
  /**
52
45
  * Schema used in the callback action to validate the authorization response when the resource owner
53
46
  * has granted.
54
47
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2
55
48
  */
56
- declare const OAuthAuthorizationResponse: zod_v4.ZodObject<
57
- {
58
- state: zod_v4.ZodString
59
- code: zod_v4.ZodString
60
- },
61
- zod_v4_core.$strip
62
- >
49
+ declare const OAuthAuthorizationResponse: z.ZodObject<{
50
+ state: z.ZodString;
51
+ code: z.ZodString;
52
+ }, z.core.$strip>;
63
53
  /**
64
54
  * Schema used in the callback action to validate the authorization error response when the resource owner
65
55
  * has denied the authorization request.
66
56
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
67
57
  */
68
- declare const OAuthAuthorizationErrorResponse: zod_v4.ZodObject<
69
- {
70
- error: zod_v4.ZodEnum<{
71
- invalid_request: "invalid_request"
72
- unauthorized_client: "unauthorized_client"
73
- access_denied: "access_denied"
74
- unsupported_response_type: "unsupported_response_type"
75
- invalid_scope: "invalid_scope"
76
- server_error: "server_error"
77
- temporarily_unavailable: "temporarily_unavailable"
78
- }>
79
- error_description: zod_v4.ZodOptional<zod_v4.ZodString>
80
- error_uri: zod_v4.ZodOptional<zod_v4.ZodString>
81
- state: zod_v4.ZodString
82
- },
83
- zod_v4_core.$strip
84
- >
58
+ declare const OAuthAuthorizationErrorResponse: z.ZodObject<{
59
+ error: z.ZodEnum<{
60
+ invalid_request: "invalid_request";
61
+ unauthorized_client: "unauthorized_client";
62
+ access_denied: "access_denied";
63
+ unsupported_response_type: "unsupported_response_type";
64
+ invalid_scope: "invalid_scope";
65
+ server_error: "server_error";
66
+ temporarily_unavailable: "temporarily_unavailable";
67
+ }>;
68
+ error_description: z.ZodOptional<z.ZodString>;
69
+ error_uri: z.ZodOptional<z.ZodString>;
70
+ state: z.ZodString;
71
+ }, z.core.$strip>;
85
72
  /**
86
73
  * Schema for OAuth Access Token Request and OAuth Configuration
87
74
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
88
75
  */
89
- declare const OAuthAccessToken: zod_v4.ZodObject<
90
- {
91
- authorizeURL: zod_v4.ZodURL
92
- accessToken: zod_v4.ZodURL
93
- scope: zod_v4.ZodOptional<zod_v4.ZodString>
94
- userInfo: zod_v4.ZodURL
95
- responseType: zod_v4.ZodEnum<{
96
- token: "token"
97
- code: "code"
98
- id_token: "id_token"
99
- }>
100
- clientId: zod_v4.ZodString
101
- clientSecret: zod_v4.ZodString
102
- redirectURI: zod_v4.ZodString
103
- code: zod_v4.ZodString
104
- codeVerifier: zod_v4.ZodString
105
- },
106
- zod_v4_core.$strip
107
- >
76
+ declare const OAuthAccessToken: z.ZodObject<{
77
+ authorizeURL: z.ZodURL;
78
+ accessToken: z.ZodURL;
79
+ scope: z.ZodOptional<z.ZodString>;
80
+ userInfo: z.ZodURL;
81
+ responseType: z.ZodEnum<{
82
+ code: "code";
83
+ token: "token";
84
+ id_token: "id_token";
85
+ }>;
86
+ clientId: z.ZodString;
87
+ clientSecret: z.ZodString;
88
+ redirectURI: z.ZodString;
89
+ code: z.ZodString;
90
+ codeVerifier: z.ZodString;
91
+ }, z.core.$strip>;
108
92
  /**
109
93
  * Schema for OAuth Access Token Response
110
94
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
111
95
  * @see https://datatracker.ietf.org/doc/html/rfc7636#section-4
112
96
  */
113
- declare const OAuthAccessTokenResponse: zod_v4.ZodObject<
114
- {
115
- access_token: zod_v4.ZodString
116
- token_type: zod_v4.ZodString
117
- expires_in: zod_v4.ZodOptional<zod_v4.ZodNumber>
118
- refresh_token: zod_v4.ZodOptional<zod_v4.ZodString>
119
- scope: zod_v4.ZodOptional<zod_v4.ZodString>
120
- },
121
- zod_v4_core.$strip
122
- >
97
+ declare const OAuthAccessTokenResponse: z.ZodObject<{
98
+ access_token: z.ZodString;
99
+ token_type: z.ZodString;
100
+ expires_in: z.ZodOptional<z.ZodNumber>;
101
+ refresh_token: z.ZodOptional<z.ZodString>;
102
+ scope: z.ZodOptional<z.ZodString>;
103
+ }, z.core.$strip>;
123
104
  /**
124
105
  * Schema for OAuth Access Token Error Response
125
106
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
126
107
  */
127
- declare const OAuthAccessTokenErrorResponse: zod_v4.ZodObject<
128
- {
129
- error: zod_v4.ZodEnum<{
130
- invalid_request: "invalid_request"
131
- unauthorized_client: "unauthorized_client"
132
- invalid_scope: "invalid_scope"
133
- invalid_client: "invalid_client"
134
- invalid_grant: "invalid_grant"
135
- unsupported_grant_type: "unsupported_grant_type"
136
- }>
137
- error_description: zod_v4.ZodOptional<zod_v4.ZodString>
138
- error_uri: zod_v4.ZodOptional<zod_v4.ZodString>
139
- },
140
- zod_v4_core.$strip
141
- >
108
+ declare const OAuthAccessTokenErrorResponse: z.ZodObject<{
109
+ error: z.ZodEnum<{
110
+ invalid_request: "invalid_request";
111
+ unauthorized_client: "unauthorized_client";
112
+ invalid_scope: "invalid_scope";
113
+ invalid_client: "invalid_client";
114
+ invalid_grant: "invalid_grant";
115
+ unsupported_grant_type: "unsupported_grant_type";
116
+ }>;
117
+ error_description: z.ZodOptional<z.ZodString>;
118
+ error_uri: z.ZodOptional<z.ZodString>;
119
+ }, z.core.$strip>;
142
120
  /**
143
121
  * @todo: verify if this schema is still needed
144
122
  * @deprecated
145
123
  */
146
- declare const OAuthErrorResponse: zod_v4.ZodObject<
147
- {
148
- error: zod_v4.ZodString
149
- error_description: zod_v4.ZodOptional<zod_v4.ZodString>
150
- },
151
- zod_v4_core.$strip
152
- >
124
+ declare const OAuthErrorResponse: z.ZodObject<{
125
+ error: z.ZodString;
126
+ error_description: z.ZodOptional<z.ZodString>;
127
+ }, z.core.$strip>;
128
+ declare const OAuthEnvSchema: z.ZodObject<{
129
+ clientId: z.ZodString;
130
+ clientSecret: z.ZodString;
131
+ }, z.core.$strip>;
153
132
 
154
- export {
155
- OAuthAccessToken,
156
- OAuthAccessTokenErrorResponse,
157
- OAuthAccessTokenResponse,
158
- OAuthAuthorization,
159
- OAuthAuthorizationErrorResponse,
160
- OAuthAuthorizationResponse,
161
- OAuthErrorResponse,
162
- OAuthProviderConfigSchema,
163
- }
133
+ export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema };
package/dist/schemas.js CHANGED
@@ -1,20 +1,22 @@
1
1
  import {
2
- OAuthAccessToken,
3
- OAuthAccessTokenErrorResponse,
4
- OAuthAccessTokenResponse,
5
- OAuthAuthorization,
6
- OAuthAuthorizationErrorResponse,
7
- OAuthAuthorizationResponse,
8
- OAuthErrorResponse,
9
- OAuthProviderConfigSchema,
10
- } from "./chunk-HMRKN75I.js"
2
+ OAuthAccessToken,
3
+ OAuthAccessTokenErrorResponse,
4
+ OAuthAccessTokenResponse,
5
+ OAuthAuthorization,
6
+ OAuthAuthorizationErrorResponse,
7
+ OAuthAuthorizationResponse,
8
+ OAuthEnvSchema,
9
+ OAuthErrorResponse,
10
+ OAuthProviderConfigSchema
11
+ } from "./chunk-WD7AUHQ5.js";
11
12
  export {
12
- OAuthAccessToken,
13
- OAuthAccessTokenErrorResponse,
14
- OAuthAccessTokenResponse,
15
- OAuthAuthorization,
16
- OAuthAuthorizationErrorResponse,
17
- OAuthAuthorizationResponse,
18
- OAuthErrorResponse,
19
- OAuthProviderConfigSchema,
20
- }
13
+ OAuthAccessToken,
14
+ OAuthAccessTokenErrorResponse,
15
+ OAuthAccessTokenResponse,
16
+ OAuthAuthorization,
17
+ OAuthAuthorizationErrorResponse,
18
+ OAuthAuthorizationResponse,
19
+ OAuthEnvSchema,
20
+ OAuthErrorResponse,
21
+ OAuthProviderConfigSchema
22
+ };
package/dist/secure.cjs CHANGED
@@ -1,123 +1,128 @@
1
- "use strict"
2
- var __create = Object.create
3
- var __defProp = Object.defineProperty
4
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor
5
- var __getOwnPropNames = Object.getOwnPropertyNames
6
- var __getProtoOf = Object.getPrototypeOf
7
- var __hasOwnProp = Object.prototype.hasOwnProperty
1
+ "use strict";
2
+ var __create = Object.create;
3
+ var __defProp = Object.defineProperty;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
8
8
  var __export = (target, all) => {
9
- for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
10
- }
9
+ for (var name in all)
10
+ __defProp(target, name, { get: all[name], enumerable: true });
11
+ };
11
12
  var __copyProps = (to, from, except, desc) => {
12
- if ((from && typeof from === "object") || typeof from === "function") {
13
- for (let key of __getOwnPropNames(from))
14
- if (!__hasOwnProp.call(to, key) && key !== except)
15
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
16
- }
17
- return to
18
- }
19
- var __toESM = (mod, isNodeMode, target) => (
20
- (target = mod != null ? __create(__getProtoOf(mod)) : {}),
21
- __copyProps(
22
- // If the importer is in node compatibility mode or this is not an ESM
23
- // file that has been converted to a CommonJS file using a Babel-
24
- // compatible transform (i.e. "__esModule" has not been set), then set
25
- // "default" to the CommonJS "module.exports" for node compatibility.
26
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
27
- mod
28
- )
29
- )
30
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
13
+ if (from && typeof from === "object" || typeof from === "function") {
14
+ for (let key of __getOwnPropNames(from))
15
+ if (!__hasOwnProp.call(to, key) && key !== except)
16
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
17
+ }
18
+ return to;
19
+ };
20
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
+ // If the importer is in node compatibility mode or this is not an ESM
22
+ // file that has been converted to a CommonJS file using a Babel-
23
+ // compatible transform (i.e. "__esModule" has not been set), then set
24
+ // "default" to the CommonJS "module.exports" for node compatibility.
25
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
+ mod
27
+ ));
28
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
31
29
 
32
30
  // src/secure.ts
33
- var secure_exports = {}
31
+ var secure_exports = {};
34
32
  __export(secure_exports, {
35
- createCSRF: () => createCSRF,
36
- createDerivedSalt: () => createDerivedSalt,
37
- createHash: () => createHash,
38
- createPKCE: () => createPKCE,
39
- generateSecure: () => generateSecure,
40
- verifyCSRF: () => verifyCSRF,
41
- })
42
- module.exports = __toCommonJS(secure_exports)
43
- var import_node_crypto = __toESM(require("crypto"), 1)
33
+ createCSRF: () => createCSRF,
34
+ createDerivedSalt: () => createDerivedSalt,
35
+ createHash: () => createHash,
36
+ createPKCE: () => createPKCE,
37
+ generateSecure: () => generateSecure,
38
+ verifyCSRF: () => verifyCSRF
39
+ });
40
+ module.exports = __toCommonJS(secure_exports);
41
+ var import_node_crypto = __toESM(require("crypto"), 1);
44
42
 
45
43
  // src/utils.ts
46
- var import_router = require("@aura-stack/router")
44
+ var import_router = require("@aura-stack/router");
47
45
 
48
- // src/error.ts
49
- var AuthError = class extends Error {
50
- constructor(type, message) {
51
- super(message)
52
- this.type = type
53
- this.name = "AuthError"
54
- }
55
- }
56
- var InvalidCsrfTokenError = class extends AuthError {
57
- constructor(message = "The provided CSRF token is invalid or has expired") {
58
- super("invalid_csrf_token", message)
59
- this.name = "InvalidCsrfTokenError"
60
- }
61
- }
46
+ // src/errors.ts
47
+ var AuthSecurityError = class extends Error {
48
+ type = "AUTH_SECURITY_ERROR";
49
+ code;
50
+ constructor(code, message, options) {
51
+ super(message, options);
52
+ this.code = code;
53
+ this.name = new.target.name;
54
+ Error.captureStackTrace(this, new.target);
55
+ }
56
+ };
62
57
 
63
58
  // src/utils.ts
64
59
  var equals = (a, b) => {
65
- if (a === null || b === null || a === void 0 || b === void 0) return false
66
- return a === b
67
- }
60
+ if (a === null || b === null || a === void 0 || b === void 0) return false;
61
+ return a === b;
62
+ };
63
+
64
+ // src/assert.ts
65
+ var isJWTPayloadWithToken = (payload) => {
66
+ return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
67
+ };
68
68
 
69
69
  // src/secure.ts
70
70
  var generateSecure = (length = 32) => {
71
- return import_node_crypto.default.randomBytes(length).toString("base64url")
72
- }
71
+ return import_node_crypto.default.randomBytes(length).toString("base64url");
72
+ };
73
73
  var createHash = (data, base = "hex") => {
74
- return import_node_crypto.default.createHash("sha256").update(data).digest().toString(base)
75
- }
74
+ return import_node_crypto.default.createHash("sha256").update(data).digest().toString(base);
75
+ };
76
76
  var createPKCE = async (verifier) => {
77
- const codeVerifier = verifier ?? generateSecure(86)
78
- const codeChallenge = createHash(codeVerifier, "base64url")
79
- return { codeVerifier, codeChallenge, method: "S256" }
80
- }
77
+ const codeVerifier = verifier ?? generateSecure(86);
78
+ const codeChallenge = createHash(codeVerifier, "base64url");
79
+ return { codeVerifier, codeChallenge, method: "S256" };
80
+ };
81
81
  var createCSRF = async (jose, csrfCookie) => {
82
- try {
83
- const token = generateSecure(32)
84
- if (csrfCookie) {
85
- await jose.verifyJWS(csrfCookie)
86
- return csrfCookie
87
- }
88
- return jose.signJWS({ token })
89
- } catch {
90
- const token = generateSecure(32)
91
- return jose.signJWS({ token })
82
+ try {
83
+ const token = generateSecure(32);
84
+ if (csrfCookie) {
85
+ await jose.verifyJWS(csrfCookie);
86
+ return csrfCookie;
92
87
  }
93
- }
88
+ return jose.signJWS({ token });
89
+ } catch {
90
+ const token = generateSecure(32);
91
+ return jose.signJWS({ token });
92
+ }
93
+ };
94
94
  var verifyCSRF = async (jose, cookie, header) => {
95
- try {
96
- const { token: cookieToken } = await jose.verifyJWS(cookie)
97
- const { token: headerToken } = await jose.verifyJWS(header)
98
- const cookieBuffer = Buffer.from(cookieToken)
99
- const headerBuffer = Buffer.from(headerToken)
100
- if (!equals(headerBuffer.length, cookieBuffer.length)) {
101
- throw new InvalidCsrfTokenError()
102
- }
103
- if (!import_node_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
104
- throw new InvalidCsrfTokenError()
105
- }
106
- return true
107
- } catch {
108
- throw new InvalidCsrfTokenError()
95
+ try {
96
+ const cookiePayload = await jose.verifyJWS(cookie);
97
+ const headerPayload = await jose.verifyJWS(header);
98
+ if (!isJWTPayloadWithToken(cookiePayload)) {
99
+ throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Cookie payload missing token field.");
100
+ }
101
+ if (!isJWTPayloadWithToken(headerPayload)) {
102
+ throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Header payload missing token field.");
103
+ }
104
+ const cookieBuffer = Buffer.from(cookiePayload.token);
105
+ const headerBuffer = Buffer.from(headerPayload.token);
106
+ if (!equals(headerBuffer.length, cookieBuffer.length)) {
107
+ throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
108
+ }
109
+ if (!import_node_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
110
+ throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
109
111
  }
110
- }
112
+ return true;
113
+ } catch {
114
+ throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
115
+ }
116
+ };
111
117
  var createDerivedSalt = (secret) => {
112
- return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex")
113
- }
118
+ return import_node_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
119
+ };
114
120
  // Annotate the CommonJS export names for ESM import in node:
115
- 0 &&
116
- (module.exports = {
117
- createCSRF,
118
- createDerivedSalt,
119
- createHash,
120
- createPKCE,
121
- generateSecure,
122
- verifyCSRF,
123
- })
121
+ 0 && (module.exports = {
122
+ createCSRF,
123
+ createDerivedSalt,
124
+ createHash,
125
+ createPKCE,
126
+ generateSecure,
127
+ verifyCSRF
128
+ });
package/dist/secure.d.ts CHANGED
@@ -1,13 +1,12 @@
1
- import { A as AuthRuntimeConfig } from "./index-DpfbvTZ_.js"
2
- import "zod/v4"
3
- import "@aura-stack/jose/jose"
4
- import "./schemas.js"
5
- import "zod/v4/core"
6
- import "cookie"
7
- import "./@types/utility.js"
1
+ import { A as AuthRuntimeConfig } from './index-EqsoyjrF.js';
2
+ import 'zod/v4';
3
+ import './schemas.js';
4
+ import '@aura-stack/router/cookie';
5
+ import '@aura-stack/jose/jose';
6
+ import './@types/utility.js';
8
7
 
9
- declare const generateSecure: (length?: number) => string
10
- declare const createHash: (data: string, base?: "hex" | "base64" | "base64url") => string
8
+ declare const generateSecure: (length?: number) => string;
9
+ declare const createHash: (data: string, base?: "hex" | "base64" | "base64url") => string;
11
10
  /**
12
11
  * Creates the code challenge flow for PKCE OAuth flow. It generates a code verifier and its corresponding
13
12
  * code challenge using SHA-256 hashing.
@@ -18,24 +17,24 @@ declare const createHash: (data: string, base?: "hex" | "base64" | "base64url")
18
17
  * @see https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
19
18
  */
20
19
  declare const createPKCE: (verifier?: string) => Promise<{
21
- codeVerifier: string
22
- codeChallenge: string
23
- method: string
24
- }>
20
+ codeVerifier: string;
21
+ codeChallenge: string;
22
+ method: string;
23
+ }>;
25
24
  /**
26
25
  * Creates a CSRF token to be used in OAuth flows to prevent cross-site request forgery attacks.
27
26
  *
28
27
  * @param csrfCookie - Optional existing CSRF cookie to verify and reuse
29
28
  * @returns Signed CSRF token
30
29
  */
31
- declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>
32
- declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>
30
+ declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
31
+ declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>;
33
32
  /**
34
33
  * Creates a deterministic derived salt from the provided secret.
35
34
  *
36
35
  * @param secret the base secret to derive the salt from
37
36
  * @returns the derived salt as a hexadecimal string
38
37
  */
39
- declare const createDerivedSalt: (secret: string) => string
38
+ declare const createDerivedSalt: (secret: string) => string;
40
39
 
41
- export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF }
40
+ export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF };
package/dist/secure.js CHANGED
@@ -1,4 +1,19 @@
1
- import { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF } from "./chunk-GZU3RBTB.js"
2
- import "./chunk-256KIVJL.js"
3
- import "./chunk-FJUDBLCP.js"
4
- export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF }
1
+ import {
2
+ createCSRF,
3
+ createDerivedSalt,
4
+ createHash,
5
+ createPKCE,
6
+ generateSecure,
7
+ verifyCSRF
8
+ } from "./chunk-N2APGLXA.js";
9
+ import "./chunk-CXLATHS5.js";
10
+ import "./chunk-EIL2FPSS.js";
11
+ import "./chunk-RRLIF4PQ.js";
12
+ export {
13
+ createCSRF,
14
+ createDerivedSalt,
15
+ createHash,
16
+ createPKCE,
17
+ generateSecure,
18
+ verifyCSRF
19
+ };