@aura-stack/auth 0.1.0-rc.9 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (140) hide show
  1. package/dist/@types/index.cjs +15 -15
  2. package/dist/@types/index.d.ts +6 -31
  3. package/dist/@types/index.js +1 -1
  4. package/dist/@types/router.d.cjs +1 -1
  5. package/dist/@types/router.d.d.ts +6 -7
  6. package/dist/@types/utility.cjs +15 -15
  7. package/dist/@types/utility.d.ts +4 -8
  8. package/dist/@types/utility.js +1 -1
  9. package/dist/actions/callback/access-token.cjs +159 -149
  10. package/dist/actions/callback/access-token.d.ts +14 -20
  11. package/dist/actions/callback/access-token.js +9 -4
  12. package/dist/actions/callback/callback.cjs +371 -484
  13. package/dist/actions/callback/callback.d.ts +9 -12
  14. package/dist/actions/callback/callback.js +15 -12
  15. package/dist/actions/callback/userinfo.cjs +149 -139
  16. package/dist/actions/callback/userinfo.d.ts +8 -9
  17. package/dist/actions/callback/userinfo.js +11 -6
  18. package/dist/actions/csrfToken/csrfToken.cjs +112 -190
  19. package/dist/actions/csrfToken/csrfToken.d.ts +3 -3
  20. package/dist/actions/csrfToken/csrfToken.js +12 -8
  21. package/dist/actions/index.cjs +623 -807
  22. package/dist/actions/index.d.ts +12 -13
  23. package/dist/actions/index.js +33 -18
  24. package/dist/actions/session/session.cjs +86 -176
  25. package/dist/actions/session/session.d.ts +3 -3
  26. package/dist/actions/session/session.js +10 -7
  27. package/dist/actions/signIn/authorization.cjs +248 -257
  28. package/dist/actions/signIn/authorization.d.ts +11 -18
  29. package/dist/actions/signIn/authorization.js +16 -6
  30. package/dist/actions/signIn/signIn.cjs +302 -451
  31. package/dist/actions/signIn/signIn.d.ts +9 -10
  32. package/dist/actions/signIn/signIn.js +12 -10
  33. package/dist/actions/signOut/signOut.cjs +299 -468
  34. package/dist/actions/signOut/signOut.d.ts +3 -3
  35. package/dist/actions/signOut/signOut.js +14 -11
  36. package/dist/assert.cjs +40 -36
  37. package/dist/assert.d.ts +12 -4
  38. package/dist/assert.js +12 -2
  39. package/dist/chunk-2RXNXMCZ.js +55 -0
  40. package/dist/chunk-42XB3YCW.js +19 -17
  41. package/dist/chunk-4V4JNXVF.js +55 -0
  42. package/dist/chunk-6R2YZ4AC.js +22 -0
  43. package/dist/chunk-7H3OR6UU.js +81 -0
  44. package/dist/chunk-CXLATHS5.js +143 -0
  45. package/dist/chunk-E3OXBRYF.js +19 -17
  46. package/dist/chunk-EIL2FPSS.js +22 -0
  47. package/dist/chunk-FIPU4MLT.js +18 -16
  48. package/dist/chunk-FKRDCWBF.js +19 -17
  49. package/dist/chunk-IKHPGFCW.js +11 -9
  50. package/dist/chunk-IMICRJ5U.js +197 -0
  51. package/dist/chunk-IUYZQTJV.js +30 -0
  52. package/dist/chunk-KRNOMBXQ.js +19 -17
  53. package/dist/chunk-N2APGLXA.js +71 -0
  54. package/dist/chunk-NEVKX6K2.js +70 -0
  55. package/dist/chunk-PTJUYB33.js +33 -0
  56. package/dist/chunk-QDO2KSRJ.js +35 -0
  57. package/dist/chunk-QEZL7EYN.js +96 -0
  58. package/dist/chunk-RRLIF4PQ.js +55 -0
  59. package/dist/chunk-STHEPPUZ.js +8 -6
  60. package/dist/chunk-TLE4PXY3.js +39 -0
  61. package/dist/chunk-UEH3LVON.js +97 -0
  62. package/dist/chunk-WD7AUHQ5.js +79 -0
  63. package/dist/chunk-ZLR3LI6X.js +55 -0
  64. package/dist/cookie.cjs +222 -187
  65. package/dist/cookie.d.ts +38 -76
  66. package/dist/cookie.js +27 -34
  67. package/dist/errors.cjs +85 -0
  68. package/dist/errors.d.ts +48 -0
  69. package/dist/errors.js +18 -0
  70. package/dist/headers.cjs +28 -28
  71. package/dist/headers.d.ts +2 -2
  72. package/dist/headers.js +6 -2
  73. package/dist/{index-DpfbvTZ_.d.ts → index-EqsoyjrF.d.ts} +351 -318
  74. package/dist/index.cjs +1006 -1001
  75. package/dist/index.d.ts +9 -31
  76. package/dist/index.js +82 -51
  77. package/dist/jose.cjs +74 -66
  78. package/dist/jose.d.ts +11 -8
  79. package/dist/jose.js +10 -5
  80. package/dist/oauth/bitbucket.cjs +38 -38
  81. package/dist/oauth/bitbucket.d.ts +6 -7
  82. package/dist/oauth/bitbucket.js +6 -2
  83. package/dist/oauth/discord.cjs +47 -48
  84. package/dist/oauth/discord.d.ts +6 -7
  85. package/dist/oauth/discord.js +6 -2
  86. package/dist/oauth/figma.cjs +39 -39
  87. package/dist/oauth/figma.d.ts +6 -7
  88. package/dist/oauth/figma.js +6 -2
  89. package/dist/oauth/github.cjs +31 -31
  90. package/dist/oauth/github.d.ts +6 -7
  91. package/dist/oauth/github.js +6 -2
  92. package/dist/oauth/gitlab.cjs +39 -39
  93. package/dist/oauth/gitlab.d.ts +6 -7
  94. package/dist/oauth/gitlab.js +6 -2
  95. package/dist/oauth/index.cjs +306 -180
  96. package/dist/oauth/index.d.ts +6 -26
  97. package/dist/oauth/index.js +43 -9
  98. package/dist/oauth/spotify.cjs +39 -39
  99. package/dist/oauth/spotify.d.ts +6 -7
  100. package/dist/oauth/spotify.js +6 -2
  101. package/dist/oauth/strava.cjs +46 -0
  102. package/dist/oauth/strava.d.ts +6 -0
  103. package/dist/oauth/strava.js +6 -0
  104. package/dist/oauth/x.cjs +39 -39
  105. package/dist/oauth/x.d.ts +6 -7
  106. package/dist/oauth/x.js +6 -2
  107. package/dist/schemas.cjs +97 -91
  108. package/dist/schemas.d.ts +96 -126
  109. package/dist/schemas.js +20 -18
  110. package/dist/secure.cjs +106 -101
  111. package/dist/secure.d.ts +16 -17
  112. package/dist/secure.js +19 -4
  113. package/dist/utils.cjs +197 -135
  114. package/dist/utils.d.ts +20 -26
  115. package/dist/utils.js +25 -21
  116. package/package.json +5 -6
  117. package/dist/chunk-256KIVJL.js +0 -110
  118. package/dist/chunk-6SM22VVJ.js +0 -15
  119. package/dist/chunk-CAKJT3KS.js +0 -77
  120. package/dist/chunk-EBPE35JT.js +0 -29
  121. package/dist/chunk-FJUDBLCP.js +0 -52
  122. package/dist/chunk-GZU3RBTB.js +0 -51
  123. package/dist/chunk-HGJ4TXY4.js +0 -105
  124. package/dist/chunk-HMRKN75I.js +0 -74
  125. package/dist/chunk-JAPMIE6S.js +0 -8
  126. package/dist/chunk-LLR722CL.js +0 -75
  127. package/dist/chunk-RLT4RFKV.js +0 -36
  128. package/dist/chunk-SJPDVKUS.js +0 -93
  129. package/dist/chunk-SMQO5WD7.js +0 -20
  130. package/dist/chunk-UJJ7R56J.js +0 -42
  131. package/dist/chunk-UTDLUEEG.js +0 -25
  132. package/dist/chunk-VFTYH33W.js +0 -44
  133. package/dist/chunk-XXJKNKGQ.js +0 -27
  134. package/dist/chunk-ZV4BH47P.js +0 -156
  135. package/dist/error.cjs +0 -88
  136. package/dist/error.d.ts +0 -62
  137. package/dist/error.js +0 -9
  138. package/dist/response.cjs +0 -34
  139. package/dist/response.d.ts +0 -10
  140. package/dist/response.js +0 -2
package/dist/actions/csrfToken/csrfToken.cjs CHANGED
@@ -1,216 +1,138 @@
1
- "use strict"
2
- var __create = Object.create
3
- var __defProp = Object.defineProperty
4
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor
5
- var __getOwnPropNames = Object.getOwnPropertyNames
6
- var __getProtoOf = Object.getPrototypeOf
7
- var __hasOwnProp = Object.prototype.hasOwnProperty
1
+ "use strict";
2
+ var __create = Object.create;
3
+ var __defProp = Object.defineProperty;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
8
8
  var __export = (target, all) => {
9
- for (var name in all) __defProp(target, name, { get: all[name], enumerable: true })
10
- }
9
+ for (var name in all)
10
+ __defProp(target, name, { get: all[name], enumerable: true });
11
+ };
11
12
  var __copyProps = (to, from, except, desc) => {
12
- if ((from && typeof from === "object") || typeof from === "function") {
13
- for (let key of __getOwnPropNames(from))
14
- if (!__hasOwnProp.call(to, key) && key !== except)
15
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable })
16
- }
17
- return to
18
- }
19
- var __toESM = (mod, isNodeMode, target) => (
20
- (target = mod != null ? __create(__getProtoOf(mod)) : {}),
21
- __copyProps(
22
- // If the importer is in node compatibility mode or this is not an ESM
23
- // file that has been converted to a CommonJS file using a Babel-
24
- // compatible transform (i.e. "__esModule" has not been set), then set
25
- // "default" to the CommonJS "module.exports" for node compatibility.
26
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
27
- mod
28
- )
29
- )
30
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod)
13
+ if (from && typeof from === "object" || typeof from === "function") {
14
+ for (let key of __getOwnPropNames(from))
15
+ if (!__hasOwnProp.call(to, key) && key !== except)
16
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
17
+ }
18
+ return to;
19
+ };
20
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
+ // If the importer is in node compatibility mode or this is not an ESM
22
+ // file that has been converted to a CommonJS file using a Babel-
23
+ // compatible transform (i.e. "__esModule" has not been set), then set
24
+ // "default" to the CommonJS "module.exports" for node compatibility.
25
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
+ mod
27
+ ));
28
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
31
29
 
32
30
  // src/actions/csrfToken/csrfToken.ts
33
- var csrfToken_exports = {}
31
+ var csrfToken_exports = {};
34
32
  __export(csrfToken_exports, {
35
- csrfTokenAction: () => csrfTokenAction,
36
- })
37
- module.exports = __toCommonJS(csrfToken_exports)
38
- var import_router2 = require("@aura-stack/router")
33
+ csrfTokenAction: () => csrfTokenAction
34
+ });
35
+ module.exports = __toCommonJS(csrfToken_exports);
36
+ var import_router2 = require("@aura-stack/router");
39
37
 
40
38
  // src/secure.ts
41
- var import_node_crypto = __toESM(require("crypto"), 1)
39
+ var import_node_crypto = __toESM(require("crypto"), 1);
42
40
 
43
41
  // src/utils.ts
44
- var import_router = require("@aura-stack/router")
42
+ var import_router = require("@aura-stack/router");
45
43
 
46
- // src/error.ts
47
- var AuthError = class extends Error {
48
- constructor(type, message) {
49
- super(message)
50
- this.type = type
51
- this.name = "AuthError"
52
- }
53
- }
44
+ // src/errors.ts
45
+ var AuthInternalError = class extends Error {
46
+ type = "AUTH_INTERNAL_ERROR";
47
+ code;
48
+ constructor(code, message, options) {
49
+ super(message, options);
50
+ this.code = code;
51
+ this.name = new.target.name;
52
+ Error.captureStackTrace(this, new.target);
53
+ }
54
+ };
54
55
 
55
56
  // src/secure.ts
56
57
  var generateSecure = (length = 32) => {
57
- return import_node_crypto.default.randomBytes(length).toString("base64url")
58
- }
58
+ return import_node_crypto.default.randomBytes(length).toString("base64url");
59
+ };
59
60
  var createCSRF = async (jose, csrfCookie) => {
60
- try {
61
- const token = generateSecure(32)
62
- if (csrfCookie) {
63
- await jose.verifyJWS(csrfCookie)
64
- return csrfCookie
65
- }
66
- return jose.signJWS({ token })
67
- } catch {
68
- const token = generateSecure(32)
69
- return jose.signJWS({ token })
61
+ try {
62
+ const token = generateSecure(32);
63
+ if (csrfCookie) {
64
+ await jose.verifyJWS(csrfCookie);
65
+ return csrfCookie;
70
66
  }
71
- }
67
+ return jose.signJWS({ token });
68
+ } catch {
69
+ const token = generateSecure(32);
70
+ return jose.signJWS({ token });
71
+ }
72
+ };
72
73
 
73
74
  // src/headers.ts
74
75
  var cacheControl = {
75
- "Cache-Control": "no-store",
76
- Pragma: "no-cache",
77
- Expires: "0",
78
- Vary: "Cookie",
79
- }
80
-
81
- // src/cookie.ts
82
- var import_cookie = require("cookie")
83
-
84
- // src/assert.ts
85
- var isRequest = (value) => {
86
- return typeof Request !== "undefined" && value instanceof Request
87
- }
76
+ "Cache-Control": "no-store",
77
+ Pragma: "no-cache",
78
+ Expires: "0",
79
+ Vary: "Cookie"
80
+ };
88
81
 
89
82
  // src/cookie.ts
90
- var import_cookie2 = require("cookie")
91
- var COOKIE_NAME = "aura-auth"
83
+ var import_cookie = require("@aura-stack/router/cookie");
92
84
  var defaultCookieOptions = {
93
- httpOnly: true,
94
- sameSite: "lax",
95
- path: "/",
96
- maxAge: 60 * 60 * 24 * 15,
97
- }
98
- var defaultStandardCookieConfig = {
99
- secure: false,
100
- httpOnly: true,
101
- prefix: "",
102
- }
103
- var defaultSecureCookieConfig = {
104
- secure: true,
105
- prefix: "__Secure-",
106
- }
107
- var defaultHostCookieConfig = {
108
- secure: true,
109
- prefix: "__Host-",
110
- path: "/",
111
- domain: void 0,
112
- }
113
- var expiredCookieOptions = {
114
- ...defaultCookieOptions,
115
- expires: /* @__PURE__ */ new Date(0),
116
- maxAge: 0,
117
- }
118
- var defineDefaultCookieOptions = (options) => {
119
- return {
120
- name: options?.name ?? COOKIE_NAME,
121
- prefix: options?.prefix ?? (options?.secure ? "__Secure-" : ""),
122
- ...defaultCookieOptions,
123
- ...options,
124
- }
125
- }
85
+ httpOnly: true,
86
+ sameSite: "lax",
87
+ path: "/",
88
+ maxAge: 60 * 60 * 24 * 15
89
+ };
90
+ var oauthCookieOptions = {
91
+ httpOnly: true,
92
+ maxAge: 5 * 60,
93
+ sameSite: "lax",
94
+ expires: new Date(Date.now() + 5 * 60 * 1e3)
95
+ };
126
96
  var setCookie = (cookieName, value, options) => {
127
- const { prefix, name } = defineDefaultCookieOptions(options)
128
- const cookieNameWithPrefix = `${prefix}${name}.${cookieName}`
129
- return (0, import_cookie.serialize)(cookieNameWithPrefix, value, {
130
- ...defaultCookieOptions,
131
- ...options,
132
- })
133
- }
134
- var getCookie = (petition, cookie, options, optional = false) => {
135
- const cookies = isRequest(petition) ? petition.headers.get("Cookie") : petition.headers.getSetCookie().join("; ")
136
- if (!cookies) {
137
- if (optional) {
138
- return ""
139
- }
140
- throw new AuthError("invalid_request", "No cookies found. There is no active session")
141
- }
142
- const { name, prefix } = defineDefaultCookieOptions(options)
143
- const parsedCookies = (0, import_cookie.parse)(cookies)
144
- const value = parsedCookies[`${prefix}${name}.${cookie}`]
145
- if (value === void 0) {
146
- if (optional) {
147
- return ""
148
- }
149
- throw new AuthError("invalid_request", `Cookie "${cookie}" not found. There is no active session`)
150
- }
151
- return value
152
- }
153
- var secureCookieOptions = (request, cookieOptions, trustedProxyHeaders) => {
154
- const name = cookieOptions.name ?? COOKIE_NAME
155
- const isSecure = trustedProxyHeaders
156
- ? request.url.startsWith("https://") ||
157
- request.headers.get("X-Forwarded-Proto") === "https" ||
158
- request.headers.get("Forwarded")?.includes("proto=https")
159
- : request.url.startsWith("https://")
160
- if (!cookieOptions.options?.httpOnly) {
161
- console.warn(
162
- "[WARNING]: Cookie is configured without HttpOnly. This allows JavaScript access via document.cookie and increases XSS risk."
163
- )
164
- }
165
- if (cookieOptions.options?.domain === "*") {
166
- console.warn("[WARNING]: Cookie 'Domain' is set to '*', which is insecure. Avoid wildcard domains.")
167
- }
168
- if (!isSecure) {
169
- const options = cookieOptions.options
170
- if (options?.secure) {
171
- console.warn(
172
- "[WARNING]: The 'Secure' attribute will be disabled for this cookie. Serve over HTTPS to enforce Secure cookies."
173
- )
174
- }
175
- if (options?.sameSite == "none") {
176
- console.warn("[WARNING]: SameSite=None without a secure connection can be blocked by browsers.")
177
- }
178
- if (process.env.NODE_ENV === "production") {
179
- console.warn("[WARNING]: In production, ensure cookies are served over HTTPS to maintain security.")
180
- }
181
- return {
182
- ...defaultCookieOptions,
183
- ...cookieOptions.options,
184
- sameSite: options?.sameSite === "none" ? "lax" : (options?.sameSite ?? "lax"),
185
- ...defaultStandardCookieConfig,
186
- name,
187
- }
188
- }
189
- return cookieOptions.strategy === "host"
190
- ? {
191
- ...defaultCookieOptions,
192
- ...cookieOptions.options,
193
- ...defaultHostCookieConfig,
194
- name,
195
- }
196
- : { ...defaultCookieOptions, ...cookieOptions.options, ...defaultSecureCookieConfig, name }
197
- }
97
+ return (0, import_cookie.serialize)(cookieName, value, options);
98
+ };
99
+ var expiredCookieAttributes = {
100
+ ...defaultCookieOptions,
101
+ expires: /* @__PURE__ */ new Date(0),
102
+ maxAge: 0
103
+ };
104
+ var getCookie = (request, cookieName) => {
105
+ const cookies = request.headers.get("Cookie");
106
+ if (!cookies) {
107
+ throw new AuthInternalError("COOKIE_NOT_FOUND", "No cookies found. There is no active session");
108
+ }
109
+ const value = (0, import_cookie.parse)(cookies)[cookieName];
110
+ if (!value) {
111
+ throw new AuthInternalError("COOKIE_NOT_FOUND", `Cookie "${cookieName}" not found. There is no active session`);
112
+ }
113
+ return value;
114
+ };
198
115
 
199
116
  // src/actions/csrfToken/csrfToken.ts
117
+ var getCSRFToken = (request, cookieName) => {
118
+ try {
119
+ return getCookie(request, cookieName);
120
+ } catch {
121
+ return void 0;
122
+ }
123
+ };
200
124
  var csrfTokenAction = (0, import_router2.createEndpoint)("GET", "/csrfToken", async (ctx) => {
201
- const {
202
- request,
203
- context: { cookies, jose, trustedProxyHeaders },
204
- } = ctx
205
- const cookieOptions = secureCookieOptions(request, { ...cookies, strategy: "host" }, trustedProxyHeaders)
206
- const existingCSRFToken = getCookie(request, "csrfToken", cookieOptions, true)
207
- const csrfToken = await createCSRF(jose, existingCSRFToken)
208
- const headers = new Headers(cacheControl)
209
- headers.set("Set-Cookie", setCookie("csrfToken", csrfToken, cookieOptions))
210
- return Response.json({ csrfToken }, { headers })
211
- })
125
+ const {
126
+ request,
127
+ context: { jose, cookies }
128
+ } = ctx;
129
+ const token = getCSRFToken(request, cookies.csrfToken.name);
130
+ const csrfToken = await createCSRF(jose, token);
131
+ const headers = new Headers(cacheControl);
132
+ headers.append("Set-Cookie", setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes));
133
+ return Response.json({ csrfToken }, { headers });
134
+ });
212
135
  // Annotate the CommonJS export names for ESM import in node:
213
- 0 &&
214
- (module.exports = {
215
- csrfTokenAction,
216
- })
136
+ 0 && (module.exports = {
137
+ csrfTokenAction
138
+ });
package/dist/actions/csrfToken/csrfToken.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import * as _aura_stack_router from "@aura-stack/router"
1
+ import * as _aura_stack_router from '@aura-stack/router';
2
2
 
3
- declare const csrfTokenAction: _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {}>
3
+ declare const csrfTokenAction: _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {}>;
4
4
 
5
- export { csrfTokenAction }
5
+ export { csrfTokenAction };
package/dist/actions/csrfToken/csrfToken.js CHANGED
@@ -1,8 +1,12 @@
1
- import { csrfTokenAction } from "../../chunk-SMQO5WD7.js"
2
- import "../../chunk-ZV4BH47P.js"
3
- import "../../chunk-6SM22VVJ.js"
4
- import "../../chunk-STHEPPUZ.js"
5
- import "../../chunk-GZU3RBTB.js"
6
- import "../../chunk-256KIVJL.js"
7
- import "../../chunk-FJUDBLCP.js"
8
- export { csrfTokenAction }
1
+ import {
2
+ csrfTokenAction
3
+ } from "../../chunk-QDO2KSRJ.js";
4
+ import "../../chunk-IMICRJ5U.js";
5
+ import "../../chunk-STHEPPUZ.js";
6
+ import "../../chunk-N2APGLXA.js";
7
+ import "../../chunk-CXLATHS5.js";
8
+ import "../../chunk-EIL2FPSS.js";
9
+ import "../../chunk-RRLIF4PQ.js";
10
+ export {
11
+ csrfTokenAction
12
+ };