@aura-stack/auth 0.1.0-rc.9 → 0.2.0

package/dist/chunk-CAKJT3KS.js

@@ -1,77 +0,0 @@
-import { isValidURL } from "./chunk-6SM22VVJ.js"
-import { equals, getNormalizedOriginPath, sanitizeURL, toCastCase } from "./chunk-256KIVJL.js"
-import { AuthError, ERROR_RESPONSE, InvalidRedirectToError, isAuthError } from "./chunk-FJUDBLCP.js"
-import { OAuthAuthorization } from "./chunk-HMRKN75I.js"
-
-// src/actions/signIn/authorization.ts
-var createAuthorizationURL = (oauthConfig, redirectURI, state, codeChallenge, codeChallengeMethod) => {
-    const parsed = OAuthAuthorization.safeParse({ ...oauthConfig, redirectURI, state, codeChallenge, codeChallengeMethod })
-    if (!parsed.success) {
-        throw new AuthError(ERROR_RESPONSE.AUTHORIZATION.SERVER_ERROR, "Invalid OAuth configuration")
-    }
-    const { authorizeURL, ...options } = parsed.data
-    const { userInfo, accessToken, clientSecret, ...required } = options
-    const searchParams = new URLSearchParams(toCastCase(required))
-    return `${authorizeURL}?${searchParams}`
-}
-var getOriginURL = (request, trustedProxyHeaders) => {
-    const headers = request.headers
-    if (trustedProxyHeaders) {
-        const protocol = headers.get("X-Forwarded-Proto") ?? headers.get("Forwarded")?.match(/proto=([^;]+)/i)?.[1] ?? "http"
-        const host =
-            headers.get("X-Forwarded-Host") ??
-            headers.get("Host") ??
-            headers.get("Forwarded")?.match(/host=([^;]+)/i)?.[1] ??
-            null
-        return new URL(`${protocol}://${host}${getNormalizedOriginPath(new URL(request.url).pathname)}`)
-    } else {
-        return new URL(getNormalizedOriginPath(request.url))
-    }
-}
-var createRedirectURI = (request, oauth, basePath, trustedProxyHeaders) => {
-    const url = getOriginURL(request, trustedProxyHeaders)
-    return `${url.origin}${basePath}/callback/${oauth}`
-}
-var createRedirectTo = (request, redirectTo, trustedProxyHeaders) => {
-    try {
-        const headers = request.headers
-        const origin = headers.get("Origin")
-        const referer = headers.get("Referer")
-        let hostedURL = getOriginURL(request, trustedProxyHeaders)
-        if (redirectTo) {
-            if (redirectTo.startsWith("/")) {
-                return sanitizeURL(redirectTo)
-            }
-            const redirectToURL = new URL(sanitizeURL(getNormalizedOriginPath(redirectTo)))
-            if (!isValidURL(redirectTo) || !equals(redirectToURL.origin, hostedURL.origin)) {
-                throw new InvalidRedirectToError()
-            }
-            return sanitizeURL(redirectToURL.pathname)
-        }
-        if (referer) {
-            const refererURL = new URL(sanitizeURL(referer))
-            if (!isValidURL(referer) || !equals(refererURL.origin, hostedURL.origin)) {
-                throw new AuthError(
-                    ERROR_RESPONSE.AUTHORIZATION.INVALID_REQUEST,
-                    "The referer of the request does not match the hosted origin."
-                )
-            }
-            return sanitizeURL(refererURL.pathname)
-        }
-        if (origin) {
-            const originURL = new URL(sanitizeURL(getNormalizedOriginPath(origin)))
-            if (!isValidURL(origin) || !equals(originURL.origin, hostedURL.origin)) {
-                throw new AuthError(ERROR_RESPONSE.AUTHORIZATION.INVALID_REQUEST, "Invalid origin (potential CSRF).")
-            }
-            return sanitizeURL(originURL.pathname)
-        }
-        return "/"
-    } catch (error) {
-        if (isAuthError(error)) {
-            throw error
-        }
-        throw new AuthError(ERROR_RESPONSE.AUTHORIZATION.INVALID_REQUEST, "Invalid origin (potential CSRF).")
-    }
-}
-
-export { createAuthorizationURL, getOriginURL, createRedirectURI, createRedirectTo }

package/dist/chunk-EBPE35JT.js

@@ -1,29 +0,0 @@
-// src/oauth/discord.ts
-var discord = {
-    id: "discord",
-    name: "Discord",
-    authorizeURL: "https://discord.com/oauth2/authorize",
-    accessToken: "https://discord.com/api/oauth2/token",
-    userInfo: "https://discord.com/api/users/@me",
-    scope: "identify email",
-    responseType: "code",
-    profile(profile) {
-        let image = ""
-        if (profile.avatar === null) {
-            const index = profile.discriminator === "0" ? (BigInt(profile.id) >> 22n) % 6n : Number(profile.discriminator) % 5
-            image = `https://cdn.discordapp.com/embed/avatars/${index}.png`
-        } else {
-            const format = profile.avatar.startsWith("a_") ? "gif" : "png"
-            image = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`
-        }
-        return {
-            sub: profile.id,
-            // https://discord.com/developers/docs/change-log#display-names
-            name: profile.global_name ?? profile.username,
-            email: profile.email ?? "",
-            image,
-        }
-    },
-}
-
-export { discord }

package/dist/chunk-FJUDBLCP.js

@@ -1,52 +0,0 @@
-// src/error.ts
-var AuthError = class extends Error {
-    constructor(type, message) {
-        super(message)
-        this.type = type
-        this.name = "AuthError"
-    }
-}
-var InvalidCsrfTokenError = class extends AuthError {
-    constructor(message = "The provided CSRF token is invalid or has expired") {
-        super("invalid_csrf_token", message)
-        this.name = "InvalidCsrfTokenError"
-    }
-}
-var InvalidRedirectToError = class extends AuthError {
-    constructor(message = "The redirectTo parameter does not match the hosted origin.") {
-        super("invalid_redirect_to", message)
-        this.name = "InvalidRedirectToError"
-    }
-}
-var isAuthError = (error) => {
-    return error instanceof AuthError
-}
-var throwAuthError = (error, message) => {
-    if (error instanceof Error) {
-        if (isAuthError(error)) {
-            throw error
-        }
-        throw new AuthError("invalid_request", error.message ?? message)
-    }
-}
-var ERROR_RESPONSE = {
-    AUTHORIZATION: {
-        INVALID_REQUEST: "invalid_request",
-        UNAUTHORIZED_CLIENT: "unauthorized_client",
-        ACCESS_DENIED: "access_denied",
-        UNSUPPORTED_RESPONSE_TYPE: "unsupported_response_type",
-        INVALID_SCOPE: "invalid_scope",
-        SERVER_ERROR: "server_error",
-        TEMPORARILY_UNAVAILABLE: "temporarily_unavailable",
-    },
-    ACCESS_TOKEN: {
-        INVALID_REQUEST: "invalid_request",
-        INVALID_CLIENT: "invalid_client",
-        INVALID_GRANT: "invalid_grant",
-        UNAUTHORIZED_CLIENT: "unauthorized_client",
-        UNSUPPORTED_GRANT_TYPE: "unsupported_grant_type",
-        INVALID_SCOPE: "invalid_scope",
-    },
-}
-
-export { AuthError, InvalidCsrfTokenError, InvalidRedirectToError, isAuthError, throwAuthError, ERROR_RESPONSE }

package/dist/chunk-GZU3RBTB.js

@@ -1,51 +0,0 @@
-import { equals } from "./chunk-256KIVJL.js"
-import { InvalidCsrfTokenError } from "./chunk-FJUDBLCP.js"
-
-// src/secure.ts
-import crypto from "crypto"
-var generateSecure = (length = 32) => {
-    return crypto.randomBytes(length).toString("base64url")
-}
-var createHash = (data, base = "hex") => {
-    return crypto.createHash("sha256").update(data).digest().toString(base)
-}
-var createPKCE = async (verifier) => {
-    const codeVerifier = verifier ?? generateSecure(86)
-    const codeChallenge = createHash(codeVerifier, "base64url")
-    return { codeVerifier, codeChallenge, method: "S256" }
-}
-var createCSRF = async (jose, csrfCookie) => {
-    try {
-        const token = generateSecure(32)
-        if (csrfCookie) {
-            await jose.verifyJWS(csrfCookie)
-            return csrfCookie
-        }
-        return jose.signJWS({ token })
-    } catch {
-        const token = generateSecure(32)
-        return jose.signJWS({ token })
-    }
-}
-var verifyCSRF = async (jose, cookie, header) => {
-    try {
-        const { token: cookieToken } = await jose.verifyJWS(cookie)
-        const { token: headerToken } = await jose.verifyJWS(header)
-        const cookieBuffer = Buffer.from(cookieToken)
-        const headerBuffer = Buffer.from(headerToken)
-        if (!equals(headerBuffer.length, cookieBuffer.length)) {
-            throw new InvalidCsrfTokenError()
-        }
-        if (!crypto.timingSafeEqual(cookieBuffer, headerBuffer)) {
-            throw new InvalidCsrfTokenError()
-        }
-        return true
-    } catch {
-        throw new InvalidCsrfTokenError()
-    }
-}
-var createDerivedSalt = (secret) => {
-    return crypto.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex")
-}
-
-export { generateSecure, createHash, createPKCE, createCSRF, verifyCSRF, createDerivedSalt }

package/dist/chunk-HGJ4TXY4.js

@@ -1,105 +0,0 @@
-import { getUserInfo } from "./chunk-RLT4RFKV.js"
-import { createAccessToken } from "./chunk-UJJ7R56J.js"
-import { createSessionCookie, expireCookie, getCookie, secureCookieOptions, setCookie } from "./chunk-ZV4BH47P.js"
-import { cacheControl } from "./chunk-STHEPPUZ.js"
-import { createCSRF } from "./chunk-GZU3RBTB.js"
-import { equals, isValidRelativePath, sanitizeURL } from "./chunk-256KIVJL.js"
-import { AuthError, ERROR_RESPONSE, isAuthError } from "./chunk-FJUDBLCP.js"
-import { AuraResponse } from "./chunk-JAPMIE6S.js"
-import { OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse } from "./chunk-HMRKN75I.js"
-
-// src/actions/callback/callback.ts
-import z from "zod"
-import { createEndpoint, createEndpointConfig, statusCode } from "@aura-stack/router"
-var callbackConfig = (oauth) => {
-    return createEndpointConfig("/callback/:oauth", {
-        schemas: {
-            searchParams: OAuthAuthorizationResponse,
-            params: z.object({
-                oauth: z.enum(Object.keys(oauth)),
-            }),
-        },
-        middlewares: [
-            (ctx) => {
-                const response = OAuthAuthorizationErrorResponse.safeParse(ctx.searchParams)
-                if (response.success) {
-                    const { error, error_description } = response.data
-                    throw new AuthError(error, error_description ?? "OAuth Authorization Error")
-                }
-                return ctx
-            },
-        ],
-    })
-}
-var callbackAction = (oauth) => {
-    return createEndpoint(
-        "GET",
-        "/callback/:oauth",
-        async (ctx) => {
-            const {
-                request,
-                params: { oauth: oauth2 },
-                searchParams: { code, state },
-                context: { oauth: providers, cookies, jose, trustedProxyHeaders },
-            } = ctx
-            try {
-                const oauthConfig = providers[oauth2]
-                const cookieOptions = secureCookieOptions(request, cookies, trustedProxyHeaders)
-                const cookieState = getCookie(request, "state", cookieOptions)
-                const cookieRedirectTo = getCookie(request, "redirect_to", cookieOptions)
-                const cookieRedirectURI = getCookie(request, "redirect_uri", cookieOptions)
-                const codeVerifier = getCookie(request, "code_verifier", cookieOptions)
-                if (!equals(cookieState, state)) {
-                    throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_REQUEST, "Mismatching state")
-                }
-                const accessToken = await createAccessToken(oauthConfig, cookieRedirectURI, code, codeVerifier)
-                const sanitized = sanitizeURL(cookieRedirectTo)
-                if (!isValidRelativePath(sanitized)) {
-                    throw new AuthError(
-                        ERROR_RESPONSE.ACCESS_TOKEN.INVALID_REQUEST,
-                        "Invalid redirect path. Potential open redirect attack detected."
-                    )
-                }
-                const headers = new Headers(cacheControl)
-                headers.set("Location", sanitized)
-                const userInfo = await getUserInfo(oauthConfig, accessToken.access_token)
-                const sessionCookie = await createSessionCookie(userInfo, cookieOptions, jose)
-                const csrfToken = await createCSRF(jose)
-                const csrfCookie = setCookie(
-                    "csrfToken",
-                    csrfToken,
-                    secureCookieOptions(
-                        request,
-                        {
-                            ...cookies,
-                            strategy: "host",
-                        },
-                        trustedProxyHeaders
-                    )
-                )
-                headers.set("Set-Cookie", sessionCookie)
-                headers.append("Set-Cookie", expireCookie("state", cookieOptions))
-                headers.append("Set-Cookie", expireCookie("redirect_uri", cookieOptions))
-                headers.append("Set-Cookie", expireCookie("redirect_to", cookieOptions))
-                headers.append("Set-Cookie", expireCookie("code_verifier", cookieOptions))
-                headers.append("Set-Cookie", csrfCookie)
-                return Response.json({ oauth: oauth2 }, { status: 302, headers })
-            } catch (error) {
-                if (isAuthError(error)) {
-                    const { type, message } = error
-                    return AuraResponse.json({ error: type, error_description: message }, { status: statusCode.BAD_REQUEST })
-                }
-                return AuraResponse.json(
-                    {
-                        error: ERROR_RESPONSE.ACCESS_TOKEN.INVALID_CLIENT,
-                        error_description: "An unexpected error occurred",
-                    },
-                    { status: statusCode.INTERNAL_SERVER_ERROR }
-                )
-            }
-        },
-        callbackConfig(oauth)
-    )
-}
-
-export { callbackAction }

package/dist/chunk-HMRKN75I.js

@@ -1,74 +0,0 @@
-// src/schemas.ts
-import { object, string, enum as options, number, url } from "zod/v4"
-var OAuthProviderConfigSchema = object({
-    authorizeURL: url(),
-    accessToken: url(),
-    scope: string().optional(),
-    userInfo: url(),
-    responseType: options(["code", "token", "id_token"]),
-    clientId: string(),
-    clientSecret: string(),
-})
-var OAuthAuthorization = OAuthProviderConfigSchema.extend({
-    redirectURI: string(),
-    state: string(),
-    codeChallenge: string(),
-    codeChallengeMethod: options(["plain", "S256"]),
-})
-var OAuthAuthorizationResponse = object({
-    state: string(),
-    code: string(),
-})
-var OAuthAuthorizationErrorResponse = object({
-    error: options([
-        "invalid_request",
-        "unauthorized_client",
-        "access_denied",
-        "unsupported_response_type",
-        "invalid_scope",
-        "server_error",
-        "temporarily_unavailable",
-    ]),
-    error_description: string().optional(),
-    error_uri: string().optional(),
-    state: string(),
-})
-var OAuthAccessToken = OAuthProviderConfigSchema.extend({
-    redirectURI: string(),
-    code: string(),
-    codeVerifier: string().min(43).max(128),
-})
-var OAuthAccessTokenResponse = object({
-    access_token: string(),
-    token_type: string(),
-    expires_in: number().optional(),
-    refresh_token: string().optional(),
-    scope: string().optional(),
-})
-var OAuthAccessTokenErrorResponse = object({
-    error: options([
-        "invalid_request",
-        "invalid_client",
-        "invalid_grant",
-        "unauthorized_client",
-        "unsupported_grant_type",
-        "invalid_scope",
-    ]),
-    error_description: string().optional(),
-    error_uri: string().optional(),
-})
-var OAuthErrorResponse = object({
-    error: string(),
-    error_description: string().optional(),
-})
-
-export {
-    OAuthProviderConfigSchema,
-    OAuthAuthorization,
-    OAuthAuthorizationResponse,
-    OAuthAuthorizationErrorResponse,
-    OAuthAccessToken,
-    OAuthAccessTokenResponse,
-    OAuthAccessTokenErrorResponse,
-    OAuthErrorResponse,
-}

package/dist/chunk-JAPMIE6S.js

@@ -1,8 +0,0 @@
-// src/response.ts
-var AuraResponse = class extends Response {
-    static json(body, init) {
-        return Response.json(body, init)
-    }
-}
-
-export { AuraResponse }

package/dist/chunk-LLR722CL.js

@@ -1,75 +0,0 @@
-import { createAuthorizationURL, createRedirectTo, createRedirectURI } from "./chunk-CAKJT3KS.js"
-import { oauthCookie, secureCookieOptions, setCookie } from "./chunk-ZV4BH47P.js"
-import { createPKCE, generateSecure } from "./chunk-GZU3RBTB.js"
-import { ERROR_RESPONSE, isAuthError } from "./chunk-FJUDBLCP.js"
-import { AuraResponse } from "./chunk-JAPMIE6S.js"
-
-// src/actions/signIn/signIn.ts
-import z from "zod"
-import { createEndpoint, createEndpointConfig, statusCode } from "@aura-stack/router"
-var signInConfig = (oauth) => {
-    return createEndpointConfig("/signIn/:oauth", {
-        schemas: {
-            params: z.object({
-                oauth: z.enum(Object.keys(oauth)),
-                redirectTo: z.string().optional(),
-            }),
-        },
-    })
-}
-var signInAction = (oauth) => {
-    return createEndpoint(
-        "GET",
-        "/signIn/:oauth",
-        async (ctx) => {
-            const {
-                request,
-                params: { oauth: oauth2, redirectTo },
-                context: { oauth: providers, cookies, trustedProxyHeaders, basePath },
-            } = ctx
-            try {
-                const cookieOptions = secureCookieOptions(request, cookies, trustedProxyHeaders)
-                const state = generateSecure()
-                const redirectURI = createRedirectURI(request, oauth2, basePath, trustedProxyHeaders)
-                const stateCookie = setCookie("state", state, oauthCookie(cookieOptions))
-                const redirectURICookie = setCookie("redirect_uri", redirectURI, oauthCookie(cookieOptions))
-                const redirectToCookie = setCookie(
-                    "redirect_to",
-                    createRedirectTo(request, redirectTo, trustedProxyHeaders),
-                    oauthCookie(cookieOptions)
-                )
-                const { codeVerifier, codeChallenge, method } = await createPKCE()
-                const codeVerifierCookie = setCookie("code_verifier", codeVerifier, oauthCookie(cookieOptions))
-                const authorization = createAuthorizationURL(providers[oauth2], redirectURI, state, codeChallenge, method)
-                const headers = new Headers()
-                headers.set("Location", authorization)
-                headers.append("Set-Cookie", stateCookie)
-                headers.append("Set-Cookie", redirectURICookie)
-                headers.append("Set-Cookie", redirectToCookie)
-                headers.append("Set-Cookie", codeVerifierCookie)
-                return Response.json(
-                    { oauth: oauth2 },
-                    {
-                        status: 302,
-                        headers,
-                    }
-                )
-            } catch (error) {
-                if (isAuthError(error)) {
-                    const { type, message } = error
-                    return AuraResponse.json({ error: type, error_description: message }, { status: statusCode.BAD_REQUEST })
-                }
-                return AuraResponse.json(
-                    {
-                        error: ERROR_RESPONSE.AUTHORIZATION.SERVER_ERROR,
-                        error_description: "An unexpected error occurred",
-                    },
-                    { status: statusCode.INTERNAL_SERVER_ERROR }
-                )
-            }
-        },
-        signInConfig(oauth)
-    )
-}
-
-export { signInAction }

package/dist/chunk-RLT4RFKV.js

@@ -1,36 +0,0 @@
-import { generateSecure } from "./chunk-GZU3RBTB.js"
-import { AuthError, throwAuthError } from "./chunk-FJUDBLCP.js"
-import { OAuthErrorResponse } from "./chunk-HMRKN75I.js"
-
-// src/actions/callback/userinfo.ts
-var getDefaultUserInfo = (profile) => {
-    const sub = generateSecure(16)
-    return {
-        sub: profile?.id ?? profile?.sub ?? sub,
-        email: profile?.email,
-        name: profile?.name ?? profile?.username ?? profile?.nickname,
-        image: profile?.image ?? profile?.picture,
-    }
-}
-var getUserInfo = async (oauthConfig, accessToken) => {
-    const userinfoEndpoint = oauthConfig.userInfo
-    try {
-        const response = await fetch(userinfoEndpoint, {
-            method: "GET",
-            headers: {
-                Accept: "application/json",
-                Authorization: `Bearer ${accessToken}`,
-            },
-        })
-        const json = await response.json()
-        const { success, data } = OAuthErrorResponse.safeParse(json)
-        if (success) {
-            throw new AuthError(data.error, data?.error_description ?? "An error occurred while fetching user information.")
-        }
-        return oauthConfig?.profile ? oauthConfig.profile(json) : getDefaultUserInfo(json)
-    } catch (error) {
-        throw throwAuthError(error, "Failed to retrieve userinfo")
-    }
-}
-
-export { getUserInfo }

package/dist/chunk-SJPDVKUS.js

@@ -1,93 +0,0 @@
-import { createRedirectTo } from "./chunk-CAKJT3KS.js"
-import { expireCookie, getCookie, secureCookieOptions } from "./chunk-ZV4BH47P.js"
-import { cacheControl } from "./chunk-STHEPPUZ.js"
-import { verifyCSRF } from "./chunk-GZU3RBTB.js"
-import { getNormalizedOriginPath } from "./chunk-256KIVJL.js"
-import { InvalidCsrfTokenError, InvalidRedirectToError } from "./chunk-FJUDBLCP.js"
-import { AuraResponse } from "./chunk-JAPMIE6S.js"
-
-// src/actions/signOut/signOut.ts
-import z from "zod"
-import { createEndpoint, createEndpointConfig, statusCode } from "@aura-stack/router"
-var config = createEndpointConfig({
-    schemas: {
-        searchParams: z.object({
-            token_type_hint: z.literal("session_token"),
-            redirectTo: z.string().optional(),
-        }),
-    },
-})
-var signOutAction = createEndpoint(
-    "POST",
-    "/signOut",
-    async (ctx) => {
-        const {
-            request,
-            headers,
-            searchParams: { redirectTo },
-            context: { cookies, jose, trustedProxyHeaders },
-        } = ctx
-        try {
-            const cookiesOptions = secureCookieOptions(request, cookies, trustedProxyHeaders)
-            const session = getCookie(request, "sessionToken", cookiesOptions)
-            const csrfToken = getCookie(request, "csrfToken", {
-                ...cookiesOptions,
-                prefix: cookiesOptions.secure ? "__Host-" : "",
-            })
-            const header = headers.get("X-CSRF-Token")
-            if (!header || !session || !csrfToken) {
-                throw new Error("Missing CSRF token or session token")
-            }
-            await verifyCSRF(jose, csrfToken, header)
-            await jose.decodeJWT(session)
-            const normalizedOriginPath = getNormalizedOriginPath(request.url)
-            const location = createRedirectTo(
-                new Request(normalizedOriginPath, {
-                    headers,
-                }),
-                redirectTo
-            )
-            const responseHeaders = new Headers(cacheControl)
-            responseHeaders.append("Set-Cookie", expireCookie("sessionToken", cookiesOptions))
-            responseHeaders.append(
-                "Set-Cookie",
-                expireCookie("csrfToken", { ...cookiesOptions, prefix: cookiesOptions.secure ? "__Host-" : "" })
-            )
-            responseHeaders.append("Location", location)
-            return Response.json(
-                { message: "Signed out successfully" },
-                { status: statusCode.ACCEPTED, headers: responseHeaders }
-            )
-        } catch (error) {
-            if (error instanceof InvalidCsrfTokenError) {
-                return AuraResponse.json(
-                    {
-                        error: "invalid_csrf_token",
-                        error_description: "The provided CSRF token is invalid or has expired",
-                    },
-                    { status: statusCode.UNAUTHORIZED }
-                )
-            }
-            if (error instanceof InvalidRedirectToError) {
-                const { type, message } = error
-                return AuraResponse.json(
-                    {
-                        error: type,
-                        error_description: message,
-                    },
-                    { status: statusCode.BAD_REQUEST }
-                )
-            }
-            return AuraResponse.json(
-                {
-                    error: "invalid_session_token",
-                    error_description: "The provided sessionToken is invalid or has already expired",
-                },
-                { status: statusCode.UNAUTHORIZED }
-            )
-        }
-    },
-    config
-)
-
-export { signOutAction }

package/dist/chunk-SMQO5WD7.js

@@ -1,20 +0,0 @@
-import { getCookie, secureCookieOptions, setCookie } from "./chunk-ZV4BH47P.js"
-import { cacheControl } from "./chunk-STHEPPUZ.js"
-import { createCSRF } from "./chunk-GZU3RBTB.js"
-
-// src/actions/csrfToken/csrfToken.ts
-import { createEndpoint } from "@aura-stack/router"
-var csrfTokenAction = createEndpoint("GET", "/csrfToken", async (ctx) => {
-    const {
-        request,
-        context: { cookies, jose, trustedProxyHeaders },
-    } = ctx
-    const cookieOptions = secureCookieOptions(request, { ...cookies, strategy: "host" }, trustedProxyHeaders)
-    const existingCSRFToken = getCookie(request, "csrfToken", cookieOptions, true)
-    const csrfToken = await createCSRF(jose, existingCSRFToken)
-    const headers = new Headers(cacheControl)
-    headers.set("Set-Cookie", setCookie("csrfToken", csrfToken, cookieOptions))
-    return Response.json({ csrfToken }, { headers })
-})
-
-export { csrfTokenAction }

package/dist/chunk-UJJ7R56J.js

@@ -1,42 +0,0 @@
-import { AuthError, ERROR_RESPONSE, throwAuthError } from "./chunk-FJUDBLCP.js"
-import { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse } from "./chunk-HMRKN75I.js"
-
-// src/actions/callback/access-token.ts
-var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) => {
-    const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier })
-    if (!parsed.success) {
-        throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_REQUEST, "Invalid OAuth configuration")
-    }
-    const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data
-    try {
-        const response = await fetch(accessToken, {
-            method: "POST",
-            headers: {
-                Accept: "application/json",
-                "Content-Type": "application/x-www-form-urlencoded",
-            },
-            body: new URLSearchParams({
-                client_id: clientId,
-                client_secret: clientSecret,
-                code: codeParsed,
-                redirect_uri: redirectParsed,
-                grant_type: "authorization_code",
-                code_verifier: codeVerifier,
-            }).toString(),
-        })
-        const json = await response.json()
-        const token = OAuthAccessTokenResponse.safeParse(json)
-        if (!token.success) {
-            const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json)
-            if (!success) {
-                throw new AuthError(ERROR_RESPONSE.ACCESS_TOKEN.INVALID_GRANT, "Invalid access token response format")
-            }
-            throw new AuthError(data.error, data?.error_description ?? "Failed to retrieve access token")
-        }
-        return token.data
-    } catch (error) {
-        throw throwAuthError(error, "Failed to create access token")
-    }
-}
-
-export { createAccessToken }