npm - @aura-stack/auth - Versions diffs - 0.1.0 → 0.2.0 - Mend

@aura-stack/auth 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/dist/@types/index.d.ts +3 -4
package/dist/@types/router.d.d.ts +3 -4
package/dist/@types/utility.d.ts +1 -5
package/dist/actions/callback/access-token.cjs +51 -41
package/dist/actions/callback/access-token.d.ts +3 -4
package/dist/actions/callback/access-token.js +4 -3
package/dist/actions/callback/callback.cjs +115 -210
package/dist/actions/callback/callback.d.ts +3 -4
package/dist/actions/callback/callback.js +9 -10
package/dist/actions/callback/userinfo.cjs +35 -22
package/dist/actions/callback/userinfo.d.ts +3 -4
package/dist/actions/callback/userinfo.js +6 -5
package/dist/actions/csrfToken/csrfToken.cjs +34 -103
package/dist/actions/csrfToken/csrfToken.js +6 -6
package/dist/actions/index.cjs +234 -391
package/dist/actions/index.d.ts +3 -4
package/dist/actions/index.js +16 -17
package/dist/actions/session/session.cjs +25 -109
package/dist/actions/session/session.js +4 -5
package/dist/actions/signIn/authorization.cjs +64 -55
package/dist/actions/signIn/authorization.d.ts +3 -4
package/dist/actions/signIn/authorization.js +5 -5
package/dist/actions/signIn/signIn.cjs +84 -206
package/dist/actions/signIn/signIn.d.ts +3 -4
package/dist/actions/signIn/signIn.js +7 -9
package/dist/actions/signOut/signOut.cjs +88 -234
package/dist/actions/signOut/signOut.js +8 -9
package/dist/assert.cjs +5 -0
package/dist/assert.d.ts +9 -1
package/dist/assert.js +3 -1
package/dist/chunk-2RXNXMCZ.js +55 -0
package/dist/{chunk-UJJ7R56J.js → chunk-4V4JNXVF.js} +13 -10
package/dist/chunk-6R2YZ4AC.js +22 -0
package/dist/{chunk-VFTYH33W.js → chunk-7H3OR6UU.js} +29 -9
package/dist/{chunk-256KIVJL.js → chunk-CXLATHS5.js} +53 -9
package/dist/{chunk-6SM22VVJ.js → chunk-EIL2FPSS.js} +5 -1
package/dist/chunk-IMICRJ5U.js +197 -0
package/dist/{chunk-EBPE35JT.js → chunk-IUYZQTJV.js} +0 -1
package/dist/{chunk-GZU3RBTB.js → chunk-N2APGLXA.js} +19 -10
package/dist/chunk-NEVKX6K2.js +70 -0
package/dist/{chunk-XXJKNKGQ.js → chunk-PTJUYB33.js} +9 -13
package/dist/chunk-QDO2KSRJ.js +35 -0
package/dist/{chunk-CAKJT3KS.js → chunk-QEZL7EYN.js} +21 -17
package/dist/chunk-RRLIF4PQ.js +55 -0
package/dist/chunk-TLE4PXY3.js +39 -0
package/dist/chunk-UEH3LVON.js +97 -0
package/dist/{chunk-HMRKN75I.js → chunk-WD7AUHQ5.js} +12 -7
package/dist/{chunk-RLT4RFKV.js → chunk-ZLR3LI6X.js} +19 -9
package/dist/cookie.cjs +140 -99
package/dist/cookie.d.ts +33 -43
package/dist/cookie.js +10 -17
package/dist/errors.cjs +85 -0
package/dist/errors.d.ts +48 -0
package/dist/errors.js +18 -0
package/dist/{index-DpfbvTZ_.d.ts → index-EqsoyjrF.d.ts} +139 -57
package/dist/index.cjs +427 -389
package/dist/index.d.ts +4 -5
package/dist/index.js +37 -26
package/dist/jose.cjs +23 -12
package/dist/jose.d.ts +4 -1
package/dist/jose.js +5 -4
package/dist/oauth/bitbucket.d.ts +3 -4
package/dist/oauth/discord.cjs +0 -1
package/dist/oauth/discord.d.ts +3 -4
package/dist/oauth/discord.js +1 -1
package/dist/oauth/figma.d.ts +3 -4
package/dist/oauth/github.d.ts +3 -4
package/dist/oauth/gitlab.d.ts +3 -4
package/dist/oauth/index.cjs +132 -6
package/dist/oauth/index.d.ts +3 -4
package/dist/oauth/index.js +12 -5
package/dist/oauth/spotify.d.ts +3 -4
package/dist/{response.cjs → oauth/strava.cjs} +21 -9
package/dist/oauth/strava.d.ts +6 -0
package/dist/oauth/strava.js +6 -0
package/dist/oauth/x.d.ts +3 -4
package/dist/schemas.cjs +11 -5
package/dist/schemas.d.ts +70 -67
package/dist/schemas.js +3 -1
package/dist/secure.cjs +27 -19
package/dist/secure.d.ts +3 -4
package/dist/secure.js +4 -3
package/dist/utils.cjs +90 -15
package/dist/utils.d.ts +11 -2
package/dist/utils.js +8 -4
package/package.json +5 -6
package/dist/chunk-FJUDBLCP.js +0 -59
package/dist/chunk-HGJ4TXY4.js +0 -137
package/dist/chunk-JAPMIE6S.js +0 -10
package/dist/chunk-LLR722CL.js +0 -96
package/dist/chunk-SJPDVKUS.js +0 -112
package/dist/chunk-SMQO5WD7.js +0 -30
package/dist/chunk-UTDLUEEG.js +0 -31
package/dist/chunk-ZV4BH47P.js +0 -154
package/dist/error.cjs +0 -88
package/dist/error.d.ts +0 -62
package/dist/error.js +0 -16
package/dist/response.d.ts +0 -10
package/dist/response.js +0 -6

package/dist/actions/callback/callback.d.ts CHANGED Viewed

@@ -1,10 +1,9 @@
 import * as _aura_stack_router from '@aura-stack/router';
-import { A as AuthRuntimeConfig } from '../../index-DpfbvTZ_.js';
+import { A as AuthRuntimeConfig } from '../../index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import '../../@types/utility.js';
 declare const callbackAction: (oauth: AuthRuntimeConfig["oauth"]) => _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {}>;

package/dist/actions/callback/callback.js CHANGED Viewed

@@ -1,16 +1,15 @@
 import {
   callbackAction
-} from "../../chunk-HGJ4TXY4.js";
-import "../../chunk-RLT4RFKV.js";
-import "../../chunk-UJJ7R56J.js";
-import "../../chunk-ZV4BH47P.js";
-import "../../chunk-6SM22VVJ.js";
+} from "../../chunk-UEH3LVON.js";
+import "../../chunk-ZLR3LI6X.js";
+import "../../chunk-4V4JNXVF.js";
+import "../../chunk-IMICRJ5U.js";
 import "../../chunk-STHEPPUZ.js";
-import "../../chunk-GZU3RBTB.js";
-import "../../chunk-256KIVJL.js";
-import "../../chunk-FJUDBLCP.js";
-import "../../chunk-JAPMIE6S.js";
-import "../../chunk-HMRKN75I.js";
+import "../../chunk-WD7AUHQ5.js";
+import "../../chunk-N2APGLXA.js";
+import "../../chunk-CXLATHS5.js";
+import "../../chunk-EIL2FPSS.js";
+import "../../chunk-RRLIF4PQ.js";
 export {
   callbackAction
 };

package/dist/actions/callback/userinfo.cjs CHANGED Viewed

@@ -40,24 +40,24 @@ var import_node_crypto = __toESM(require("crypto"), 1);
 // src/utils.ts
 var import_router = require("@aura-stack/router");
-// src/error.ts
-var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
+// src/errors.ts
+var OAuthProtocolError = class extends Error {
+  type = "OAUTH_PROTOCOL_ERROR";
+  error;
+  errorURI;
+  constructor(error, description, errorURI, options2) {
+    super(description, options2);
+    this.error = error;
+    this.errorURI = errorURI;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
   }
 };
-var isAuthError = (error) => {
-  return error instanceof AuthError;
+var isNativeError = (error) => {
+  return error instanceof Error;
 };
-var throwAuthError = (error, message) => {
-  if (error instanceof Error) {
-    if (isAuthError(error)) {
-      throw error;
-    }
-    throw new AuthError("invalid_request", error.message ?? message);
-  }
+var isOAuthProtocolError = (error) => {
+  return error instanceof OAuthProtocolError;
 };
 // src/secure.ts
@@ -68,10 +68,10 @@ var generateSecure = (length = 32) => {
 // src/schemas.ts
 var import_v4 = require("zod/v4");
 var OAuthProviderConfigSchema = (0, import_v4.object)({
-  authorizeURL: (0, import_v4.url)(),
-  accessToken: (0, import_v4.url)(),
+  authorizeURL: (0, import_v4.httpUrl)(),
+  accessToken: (0, import_v4.httpUrl)(),
   scope: (0, import_v4.string)().optional(),
-  userInfo: (0, import_v4.url)(),
+  userInfo: (0, import_v4.httpUrl)(),
   responseType: (0, import_v4.enum)(["code", "token", "id_token"]),
   clientId: (0, import_v4.string)(),
   clientSecret: (0, import_v4.string)()
@@ -83,8 +83,8 @@ var OAuthAuthorization = OAuthProviderConfigSchema.extend({
   codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
 });
 var OAuthAuthorizationResponse = (0, import_v4.object)({
-  state: (0, import_v4.string)(),
-  code: (0, import_v4.string)()
+  state: (0, import_v4.string)("Missing state parameter in the OAuth authorization response."),
+  code: (0, import_v4.string)("Missing code parameter in the OAuth authorization response.")
 });
 var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
   error: (0, import_v4.enum)([
@@ -128,6 +128,10 @@ var OAuthErrorResponse = (0, import_v4.object)({
   error: (0, import_v4.string)(),
   error_description: (0, import_v4.string)().optional()
 });
+var OAuthEnvSchema = (0, import_v4.object)({
+  clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
+  clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
+});
 // src/actions/callback/userinfo.ts
 var getDefaultUserInfo = (profile) => {
@@ -152,11 +156,20 @@ var getUserInfo = async (oauthConfig, accessToken) => {
     const json = await response.json();
     const { success, data } = OAuthErrorResponse.safeParse(json);
     if (success) {
-      throw new AuthError(data.error, data?.error_description ?? "An error occurred while fetching user information.");
+      throw new OAuthProtocolError(
+        data.error,
+        data?.error_description ?? "An error occurred while fetching user information."
+      );
     }
     return oauthConfig?.profile ? oauthConfig.profile(json) : getDefaultUserInfo(json);
   } catch (error) {
-    throw throwAuthError(error, "Failed to retrieve userinfo");
+    if (isOAuthProtocolError(error)) {
+      throw error;
+    }
+    if (isNativeError(error)) {
+      throw new OAuthProtocolError("invalid_request", error.message, "", { cause: error });
+    }
+    throw new OAuthProtocolError("invalid_request", "Failed to fetch user information.", "", { cause: error });
   }
 };
 // Annotate the CommonJS export names for ESM import in node:

package/dist/actions/callback/userinfo.d.ts CHANGED Viewed

@@ -1,9 +1,8 @@
-import { f as OAuthProviderCredentials, U as User } from '../../index-DpfbvTZ_.js';
+import { h as OAuthProviderCredentials, U as User } from '../../index-EqsoyjrF.js';
 import 'zod/v4';
-import '@aura-stack/jose/jose';
 import '../../schemas.js';
-import 'zod/v4/core';
-import 'cookie';
+import '@aura-stack/router/cookie';
+import '@aura-stack/jose/jose';
 import '../../@types/utility.js';
 /**

package/dist/actions/callback/userinfo.js CHANGED Viewed

@@ -1,10 +1,11 @@
 import {
   getUserInfo
-} from "../../chunk-RLT4RFKV.js";
-import "../../chunk-GZU3RBTB.js";
-import "../../chunk-256KIVJL.js";
-import "../../chunk-FJUDBLCP.js";
-import "../../chunk-HMRKN75I.js";
+} from "../../chunk-ZLR3LI6X.js";
+import "../../chunk-WD7AUHQ5.js";
+import "../../chunk-N2APGLXA.js";
+import "../../chunk-CXLATHS5.js";
+import "../../chunk-EIL2FPSS.js";
+import "../../chunk-RRLIF4PQ.js";
 export {
   getUserInfo
 };

package/dist/actions/csrfToken/csrfToken.cjs CHANGED Viewed

@@ -41,12 +41,15 @@ var import_node_crypto = __toESM(require("crypto"), 1);
 // src/utils.ts
 var import_router = require("@aura-stack/router");
-// src/error.ts
-var AuthError = class extends Error {
-  constructor(type, message) {
-    super(message);
-    this.type = type;
-    this.name = "AuthError";
+// src/errors.ts
+var AuthInternalError = class extends Error {
+  type = "AUTH_INTERNAL_ERROR";
+  code;
+  constructor(code, message, options) {
+    super(message, options);
+    this.code = code;
+    this.name = new.target.name;
+    Error.captureStackTrace(this, new.target);
   }
 };
@@ -77,128 +80,56 @@ var cacheControl = {
 };
 // src/cookie.ts
-var import_cookie = require("cookie");
-// src/assert.ts
-var isRequest = (value) => {
-  return typeof Request !== "undefined" && value instanceof Request;
-};
-// src/cookie.ts
-var import_cookie2 = require("cookie");
-var COOKIE_NAME = "aura-auth";
+var import_cookie = require("@aura-stack/router/cookie");
 var defaultCookieOptions = {
   httpOnly: true,
   sameSite: "lax",
   path: "/",
   maxAge: 60 * 60 * 24 * 15
 };
-var defaultStandardCookieConfig = {
-  secure: false,
+var oauthCookieOptions = {
   httpOnly: true,
-  prefix: ""
-};
-var defaultSecureCookieConfig = {
-  secure: true,
-  prefix: "__Secure-"
+  maxAge: 5 * 60,
+  sameSite: "lax",
+  expires: new Date(Date.now() + 5 * 60 * 1e3)
 };
-var defaultHostCookieConfig = {
-  secure: true,
-  prefix: "__Host-",
-  path: "/",
-  domain: void 0
+var setCookie = (cookieName, value, options) => {
+  return (0, import_cookie.serialize)(cookieName, value, options);
 };
-var expiredCookieOptions = {
+var expiredCookieAttributes = {
   ...defaultCookieOptions,
   expires: /* @__PURE__ */ new Date(0),
   maxAge: 0
 };
-var defineDefaultCookieOptions = (options) => {
-  return {
-    name: options?.name ?? COOKIE_NAME,
-    prefix: options?.prefix ?? (options?.secure ? "__Secure-" : ""),
-    ...defaultCookieOptions,
-    ...options
-  };
-};
-var setCookie = (cookieName, value, options) => {
-  const { prefix, name } = defineDefaultCookieOptions(options);
-  const cookieNameWithPrefix = `${prefix}${name}.${cookieName}`;
-  return (0, import_cookie.serialize)(cookieNameWithPrefix, value, {
-    ...defaultCookieOptions,
-    ...options
-  });
-};
-var getCookie = (petition, cookie, options, optional = false) => {
-  const cookies = isRequest(petition) ? petition.headers.get("Cookie") : petition.headers.getSetCookie().join("; ");
+var getCookie = (request, cookieName) => {
+  const cookies = request.headers.get("Cookie");
   if (!cookies) {
-    if (optional) {
-      return "";
-    }
-    throw new AuthError("invalid_request", "No cookies found. There is no active session");
+    throw new AuthInternalError("COOKIE_NOT_FOUND", "No cookies found. There is no active session");
   }
-  const { name, prefix } = defineDefaultCookieOptions(options);
-  const parsedCookies = (0, import_cookie.parse)(cookies);
-  const value = parsedCookies[`${prefix}${name}.${cookie}`];
-  if (value === void 0) {
-    if (optional) {
-      return "";
-    }
-    throw new AuthError("invalid_request", `Cookie "${cookie}" not found. There is no active session`);
+  const value = (0, import_cookie.parse)(cookies)[cookieName];
+  if (!value) {
+    throw new AuthInternalError("COOKIE_NOT_FOUND", `Cookie "${cookieName}" not found. There is no active session`);
   }
   return value;
 };
-var secureCookieOptions = (request, cookieOptions, trustedProxyHeaders) => {
-  const name = cookieOptions.name ?? COOKIE_NAME;
-  const isSecure = trustedProxyHeaders ? request.url.startsWith("https://") || request.headers.get("X-Forwarded-Proto") === "https" || request.headers.get("Forwarded")?.includes("proto=https") : request.url.startsWith("https://");
-  if (!cookieOptions.options?.httpOnly) {
-    console.warn(
-      "[WARNING]: Cookie is configured without HttpOnly. This allows JavaScript access via document.cookie and increases XSS risk."
-    );
-  }
-  if (cookieOptions.options?.domain === "*") {
-    console.warn("[WARNING]: Cookie 'Domain' is set to '*', which is insecure. Avoid wildcard domains.");
-  }
-  if (!isSecure) {
-    const options = cookieOptions.options;
-    if (options?.secure) {
-      console.warn(
-        "[WARNING]: The 'Secure' attribute will be disabled for this cookie. Serve over HTTPS to enforce Secure cookies."
-      );
-    }
-    if (options?.sameSite == "none") {
-      console.warn("[WARNING]: SameSite=None without a secure connection can be blocked by browsers.");
-    }
-    if (process.env.NODE_ENV === "production") {
-      console.warn("[WARNING]: In production, ensure cookies are served over HTTPS to maintain security.");
-    }
-    return {
-      ...defaultCookieOptions,
-      ...cookieOptions.options,
-      sameSite: options?.sameSite === "none" ? "lax" : options?.sameSite ?? "lax",
-      ...defaultStandardCookieConfig,
-      name
-    };
-  }
-  return cookieOptions.strategy === "host" ? {
-    ...defaultCookieOptions,
-    ...cookieOptions.options,
-    ...defaultHostCookieConfig,
-    name
-  } : { ...defaultCookieOptions, ...cookieOptions.options, ...defaultSecureCookieConfig, name };
-};
 // src/actions/csrfToken/csrfToken.ts
+var getCSRFToken = (request, cookieName) => {
+  try {
+    return getCookie(request, cookieName);
+  } catch {
+    return void 0;
+  }
+};
 var csrfTokenAction = (0, import_router2.createEndpoint)("GET", "/csrfToken", async (ctx) => {
   const {
     request,
-    context: { cookies, jose, trustedProxyHeaders }
+    context: { jose, cookies }
   } = ctx;
-  const cookieOptions = secureCookieOptions(request, { ...cookies, strategy: "host" }, trustedProxyHeaders);
-  const existingCSRFToken = getCookie(request, "csrfToken", cookieOptions, true);
-  const csrfToken = await createCSRF(jose, existingCSRFToken);
+  const token = getCSRFToken(request, cookies.csrfToken.name);
+  const csrfToken = await createCSRF(jose, token);
   const headers = new Headers(cacheControl);
-  headers.set("Set-Cookie", setCookie("csrfToken", csrfToken, cookieOptions));
+  headers.append("Set-Cookie", setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes));
   return Response.json({ csrfToken }, { headers });
 });
 // Annotate the CommonJS export names for ESM import in node:

package/dist/actions/csrfToken/csrfToken.js CHANGED Viewed

@@ -1,12 +1,12 @@
 import {
   csrfTokenAction
-} from "../../chunk-SMQO5WD7.js";
-import "../../chunk-ZV4BH47P.js";
-import "../../chunk-6SM22VVJ.js";
+} from "../../chunk-QDO2KSRJ.js";
+import "../../chunk-IMICRJ5U.js";
 import "../../chunk-STHEPPUZ.js";
-import "../../chunk-GZU3RBTB.js";
-import "../../chunk-256KIVJL.js";
-import "../../chunk-FJUDBLCP.js";
+import "../../chunk-N2APGLXA.js";
+import "../../chunk-CXLATHS5.js";
+import "../../chunk-EIL2FPSS.js";
+import "../../chunk-RRLIF4PQ.js";
 export {
   csrfTokenAction
 };