@aura-stack/auth 0.4.0-rc.4 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +4 -3
- package/dist/@types/router.d.cjs +0 -17
- package/dist/@types/router.d.d.ts +3 -2
- package/dist/@types/router.d.js +0 -1
- package/dist/actions/callback/access-token.cjs +40 -25
- package/dist/actions/callback/access-token.d.ts +4 -3
- package/dist/actions/callback/access-token.js +3 -4
- package/dist/actions/callback/callback.cjs +287 -77
- package/dist/actions/callback/callback.d.ts +5 -26
- package/dist/actions/callback/callback.js +13 -10
- package/dist/actions/callback/userinfo.cjs +68 -7
- package/dist/actions/callback/userinfo.d.ts +4 -3
- package/dist/actions/callback/userinfo.js +8 -6
- package/dist/actions/csrfToken/csrfToken.cjs +63 -4
- package/dist/actions/csrfToken/csrfToken.d.ts +1 -3
- package/dist/actions/csrfToken/csrfToken.js +8 -6
- package/dist/actions/index.cjs +400 -175
- package/dist/actions/index.d.ts +3 -2
- package/dist/actions/index.js +21 -19
- package/dist/actions/session/session.cjs +40 -11
- package/dist/actions/session/session.d.ts +1 -3
- package/dist/actions/session/session.js +4 -4
- package/dist/actions/signIn/authorization.cjs +171 -132
- package/dist/actions/signIn/authorization.d.ts +21 -11
- package/dist/actions/signIn/authorization.js +8 -6
- package/dist/actions/signIn/signIn.cjs +220 -113
- package/dist/actions/signIn/signIn.d.ts +5 -25
- package/dist/actions/signIn/signIn.js +9 -7
- package/dist/actions/signOut/signOut.cjs +268 -119
- package/dist/actions/signOut/signOut.d.ts +1 -9
- package/dist/actions/signOut/signOut.js +10 -8
- package/dist/assert.cjs +117 -5
- package/dist/assert.d.ts +22 -3
- package/dist/assert.js +17 -3
- package/dist/chunk-4EKY7655.js +123 -0
- package/dist/chunk-4MYWAOLG.js +31 -0
- package/dist/chunk-4YHJ4IEQ.js +25 -0
- package/dist/chunk-54CZPKR4.js +25 -0
- package/dist/chunk-5LZ7TOM3.js +25 -0
- package/dist/{chunk-W6LG7BFW.js → chunk-5W4BRQYG.js} +24 -20
- package/dist/chunk-6MXFPFR3.js +143 -0
- package/dist/{chunk-3EUWD5BB.js → chunk-7QF22LHP.js} +13 -9
- package/dist/chunk-ALG3GIV4.js +95 -0
- package/dist/chunk-E6G5YCI6.js +25 -0
- package/dist/chunk-EBAMFRB7.js +34 -0
- package/dist/chunk-EEE7UM5T.js +25 -0
- package/dist/{chunk-TLE4PXY3.js → chunk-FRJFWTOY.js} +38 -7
- package/dist/chunk-FW4W3REU.js +25 -0
- package/dist/{chunk-HT4YLL7N.js → chunk-ICAZ4OVS.js} +10 -8
- package/dist/chunk-IPKO6UQN.js +25 -0
- package/dist/{chunk-YRCB5FLE.js → chunk-KJBAQZX2.js} +13 -0
- package/dist/chunk-KMMAZFSJ.js +25 -0
- package/dist/chunk-LDU7A2JE.js +25 -0
- package/dist/{chunk-N2APGLXA.js → chunk-NUDITUKX.js} +18 -16
- package/dist/chunk-OVHNRULD.js +33 -0
- package/dist/{chunk-JVFTCTTE.js → chunk-PHFH2MGS.js} +12 -9
- package/dist/chunk-QQVSRXGX.js +149 -0
- package/dist/chunk-TM5IPSNF.js +113 -0
- package/dist/{chunk-GA2SMTJO.js → chunk-TZB6MUXN.js} +33 -13
- package/dist/chunk-VNCNJKS2.js +267 -0
- package/dist/{chunk-IVET23KF.js → chunk-XGLBNXL4.js} +31 -14
- package/dist/chunk-XUP6KKNG.js +106 -0
- package/dist/cookie.cjs +24 -20
- package/dist/cookie.d.ts +4 -3
- package/dist/cookie.js +1 -1
- package/dist/env.cjs +56 -0
- package/dist/env.d.ts +7 -0
- package/dist/env.js +6 -0
- package/dist/errors.d.ts +4 -3
- package/dist/headers.cjs +28 -2
- package/dist/headers.d.ts +25 -1
- package/dist/headers.js +9 -3
- package/dist/{index-DkaLJFn8.d.ts → index-CSyIJmCM.d.ts} +373 -45
- package/dist/index.cjs +1128 -483
- package/dist/index.d.ts +6 -10
- package/dist/index.js +83 -42
- package/dist/jose.cjs +62 -25
- package/dist/jose.d.ts +7 -5
- package/dist/jose.js +8 -6
- package/dist/logger.cjs +292 -0
- package/dist/logger.d.ts +8 -0
- package/dist/logger.js +8 -0
- package/dist/oauth/bitbucket.cjs +19 -15
- package/dist/oauth/bitbucket.d.ts +3 -2
- package/dist/oauth/bitbucket.js +1 -1
- package/dist/oauth/discord.cjs +27 -24
- package/dist/oauth/discord.d.ts +3 -2
- package/dist/oauth/discord.js +1 -1
- package/dist/oauth/figma.cjs +19 -16
- package/dist/oauth/figma.d.ts +3 -2
- package/dist/oauth/figma.js +1 -1
- package/dist/oauth/github.cjs +19 -8
- package/dist/oauth/github.d.ts +3 -2
- package/dist/oauth/github.js +1 -1
- package/dist/oauth/gitlab.cjs +19 -16
- package/dist/oauth/gitlab.d.ts +3 -2
- package/dist/oauth/gitlab.js +1 -1
- package/dist/oauth/index.cjs +266 -166
- package/dist/oauth/index.d.ts +3 -2
- package/dist/oauth/index.js +22 -21
- package/dist/oauth/mailchimp.cjs +19 -16
- package/dist/oauth/mailchimp.d.ts +3 -2
- package/dist/oauth/mailchimp.js +1 -1
- package/dist/oauth/pinterest.cjs +19 -16
- package/dist/oauth/pinterest.d.ts +3 -2
- package/dist/oauth/pinterest.js +1 -1
- package/dist/oauth/spotify.cjs +19 -16
- package/dist/oauth/spotify.d.ts +3 -2
- package/dist/oauth/spotify.js +1 -1
- package/dist/oauth/strava.cjs +19 -16
- package/dist/oauth/strava.d.ts +3 -2
- package/dist/oauth/strava.js +1 -1
- package/dist/oauth/x.cjs +19 -16
- package/dist/oauth/x.d.ts +3 -2
- package/dist/oauth/x.js +1 -1
- package/dist/schemas.cjs +16 -2
- package/dist/schemas.d.ts +17 -1
- package/dist/schemas.js +5 -3
- package/dist/secure.cjs +58 -16
- package/dist/secure.d.ts +4 -10
- package/dist/secure.js +5 -5
- package/dist/utils.cjs +94 -87
- package/dist/utils.d.ts +9 -39
- package/dist/utils.js +11 -9
- package/package.json +3 -4
- package/dist/chunk-42XB3YCW.js +0 -22
- package/dist/chunk-6R2YZ4AC.js +0 -22
- package/dist/chunk-A3N4PVAT.js +0 -70
- package/dist/chunk-B737EUJV.js +0 -22
- package/dist/chunk-CXLATHS5.js +0 -143
- package/dist/chunk-DIVDFNAP.js +0 -0
- package/dist/chunk-E3OXBRYF.js +0 -22
- package/dist/chunk-EIL2FPSS.js +0 -22
- package/dist/chunk-EMKJA2GJ.js +0 -89
- package/dist/chunk-FIPU4MLT.js +0 -21
- package/dist/chunk-FKRDCWBF.js +0 -22
- package/dist/chunk-HP34YGGJ.js +0 -22
- package/dist/chunk-IKHPGFCW.js +0 -14
- package/dist/chunk-IUYZQTJV.js +0 -30
- package/dist/chunk-KRNOMBXQ.js +0 -22
- package/dist/chunk-KSWLO5ZU.js +0 -102
- package/dist/chunk-N4SX7TZT.js +0 -96
- package/dist/chunk-STHEPPUZ.js +0 -11
package/dist/oauth/pinterest.cjs
CHANGED
|
@@ -23,22 +23,25 @@ __export(pinterest_exports, {
|
|
|
23
23
|
pinterest: () => pinterest
|
|
24
24
|
});
|
|
25
25
|
module.exports = __toCommonJS(pinterest_exports);
|
|
26
|
-
var pinterest = {
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
26
|
+
var pinterest = (options) => {
|
|
27
|
+
return {
|
|
28
|
+
id: "pinterest",
|
|
29
|
+
name: "Pinterest",
|
|
30
|
+
authorizeURL: "https://www.pinterest.com/oauth",
|
|
31
|
+
accessToken: "https://api.pinterest.com/v5/oauth/token",
|
|
32
|
+
userInfo: "https://api.pinterest.com/v5/user_account",
|
|
33
|
+
scope: "user_accounts:read",
|
|
34
|
+
responseType: "code",
|
|
35
|
+
profile(profile) {
|
|
36
|
+
return {
|
|
37
|
+
sub: profile.id,
|
|
38
|
+
name: profile.username,
|
|
39
|
+
image: profile.profile_image,
|
|
40
|
+
email: void 0
|
|
41
|
+
};
|
|
42
|
+
},
|
|
43
|
+
...options
|
|
44
|
+
};
|
|
42
45
|
};
|
|
43
46
|
// Annotate the CommonJS export names for ESM import in node:
|
|
44
47
|
0 && (module.exports = {
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
export { P as PinterestProfile, p as pinterest } from '../index-
|
|
1
|
+
export { P as PinterestProfile, p as pinterest } from '../index-CSyIJmCM.js';
|
|
2
2
|
import '../@types/utility.js';
|
|
3
3
|
import 'zod';
|
|
4
4
|
import '../schemas.js';
|
|
5
|
-
import '
|
|
5
|
+
import '../jose.js';
|
|
6
6
|
import '@aura-stack/jose';
|
|
7
7
|
import '@aura-stack/jose/jose';
|
|
8
|
+
import '@aura-stack/router/cookie';
|
package/dist/oauth/pinterest.js
CHANGED
package/dist/oauth/spotify.cjs
CHANGED
|
@@ -23,22 +23,25 @@ __export(spotify_exports, {
|
|
|
23
23
|
spotify: () => spotify
|
|
24
24
|
});
|
|
25
25
|
module.exports = __toCommonJS(spotify_exports);
|
|
26
|
-
var spotify = {
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
26
|
+
var spotify = (options) => {
|
|
27
|
+
return {
|
|
28
|
+
id: "spotify",
|
|
29
|
+
name: "Spotify",
|
|
30
|
+
authorizeURL: "https://accounts.spotify.com/authorize",
|
|
31
|
+
accessToken: "https://accounts.spotify.com/api/token",
|
|
32
|
+
userInfo: "https://api.spotify.com/v1/me",
|
|
33
|
+
scope: "user-read-private user-read-email",
|
|
34
|
+
responseType: "code",
|
|
35
|
+
profile(profile) {
|
|
36
|
+
return {
|
|
37
|
+
sub: profile.id,
|
|
38
|
+
name: profile.display_name,
|
|
39
|
+
email: profile.email,
|
|
40
|
+
image: profile.images[0]?.url ?? void 0
|
|
41
|
+
};
|
|
42
|
+
},
|
|
43
|
+
...options
|
|
44
|
+
};
|
|
42
45
|
};
|
|
43
46
|
// Annotate the CommonJS export names for ESM import in node:
|
|
44
47
|
0 && (module.exports = {
|
package/dist/oauth/spotify.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
export {
|
|
1
|
+
export { u as SpotifyImage, v as SpotifyProfile, w as spotify } from '../index-CSyIJmCM.js';
|
|
2
2
|
import 'zod';
|
|
3
3
|
import '../schemas.js';
|
|
4
|
-
import '
|
|
4
|
+
import '../jose.js';
|
|
5
5
|
import '@aura-stack/jose';
|
|
6
6
|
import '@aura-stack/jose/jose';
|
|
7
|
+
import '@aura-stack/router/cookie';
|
|
7
8
|
import '../@types/utility.js';
|
package/dist/oauth/spotify.js
CHANGED
package/dist/oauth/strava.cjs
CHANGED
|
@@ -23,22 +23,25 @@ __export(strava_exports, {
|
|
|
23
23
|
strava: () => strava
|
|
24
24
|
});
|
|
25
25
|
module.exports = __toCommonJS(strava_exports);
|
|
26
|
-
var strava = {
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
26
|
+
var strava = (options) => {
|
|
27
|
+
return {
|
|
28
|
+
id: "strava",
|
|
29
|
+
name: "Strava",
|
|
30
|
+
authorizeURL: "https://www.strava.com/oauth/authorize",
|
|
31
|
+
accessToken: "https://www.strava.com/oauth/token",
|
|
32
|
+
userInfo: "https://www.strava.com/api/v3/athlete",
|
|
33
|
+
scope: "read",
|
|
34
|
+
responseType: "code",
|
|
35
|
+
profile(profile) {
|
|
36
|
+
return {
|
|
37
|
+
sub: profile.id.toString(),
|
|
38
|
+
name: `${profile.firstname} ${profile.lastname}`,
|
|
39
|
+
image: profile.profile,
|
|
40
|
+
email: void 0
|
|
41
|
+
};
|
|
42
|
+
},
|
|
43
|
+
...options
|
|
44
|
+
};
|
|
42
45
|
};
|
|
43
46
|
// Annotate the CommonJS export names for ESM import in node:
|
|
44
47
|
0 && (module.exports = {
|
package/dist/oauth/strava.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
export {
|
|
1
|
+
export { s as StravaProfile, q as SummaryClub, r as SummaryGear, t as strava } from '../index-CSyIJmCM.js';
|
|
2
2
|
import 'zod';
|
|
3
3
|
import '../schemas.js';
|
|
4
|
-
import '
|
|
4
|
+
import '../jose.js';
|
|
5
5
|
import '@aura-stack/jose';
|
|
6
6
|
import '@aura-stack/jose/jose';
|
|
7
|
+
import '@aura-stack/router/cookie';
|
|
7
8
|
import '../@types/utility.js';
|
package/dist/oauth/strava.js
CHANGED
package/dist/oauth/x.cjs
CHANGED
|
@@ -23,22 +23,25 @@ __export(x_exports, {
|
|
|
23
23
|
x: () => x
|
|
24
24
|
});
|
|
25
25
|
module.exports = __toCommonJS(x_exports);
|
|
26
|
-
var x = {
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
26
|
+
var x = (options) => {
|
|
27
|
+
return {
|
|
28
|
+
id: "x",
|
|
29
|
+
name: "X",
|
|
30
|
+
authorizeURL: "https://twitter.com/i/oauth2/authorize",
|
|
31
|
+
accessToken: "https://api.twitter.com/2/oauth2/token",
|
|
32
|
+
userInfo: "https://api.twitter.com/2/users/me?user.fields=profile_image_url",
|
|
33
|
+
scope: "tweet.read users.read offline.access",
|
|
34
|
+
responseType: "code",
|
|
35
|
+
profile(profile) {
|
|
36
|
+
return {
|
|
37
|
+
sub: profile.data.id,
|
|
38
|
+
name: profile.data.name,
|
|
39
|
+
image: profile.data.profile_image_url,
|
|
40
|
+
email: void 0
|
|
41
|
+
};
|
|
42
|
+
},
|
|
43
|
+
...options
|
|
44
|
+
};
|
|
42
45
|
};
|
|
43
46
|
// Annotate the CommonJS export names for ESM import in node:
|
|
44
47
|
0 && (module.exports = {
|
package/dist/oauth/x.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
export { X as XProfile, x } from '../index-
|
|
1
|
+
export { X as XProfile, x } from '../index-CSyIJmCM.js';
|
|
2
2
|
import 'zod';
|
|
3
3
|
import '../schemas.js';
|
|
4
|
-
import '
|
|
4
|
+
import '../jose.js';
|
|
5
5
|
import '@aura-stack/jose';
|
|
6
6
|
import '@aura-stack/jose/jose';
|
|
7
|
+
import '@aura-stack/router/cookie';
|
|
7
8
|
import '../@types/utility.js';
|
package/dist/oauth/x.js
CHANGED
package/dist/schemas.cjs
CHANGED
|
@@ -28,10 +28,23 @@ __export(schemas_exports, {
|
|
|
28
28
|
OAuthAuthorizationResponse: () => OAuthAuthorizationResponse,
|
|
29
29
|
OAuthEnvSchema: () => OAuthEnvSchema,
|
|
30
30
|
OAuthErrorResponse: () => OAuthErrorResponse,
|
|
31
|
-
OAuthProviderConfigSchema: () => OAuthProviderConfigSchema
|
|
31
|
+
OAuthProviderConfigSchema: () => OAuthProviderConfigSchema,
|
|
32
|
+
OAuthProviderCredentialsSchema: () => OAuthProviderCredentialsSchema
|
|
32
33
|
});
|
|
33
34
|
module.exports = __toCommonJS(schemas_exports);
|
|
34
35
|
var import_zod = require("zod");
|
|
36
|
+
var OAuthProviderCredentialsSchema = (0, import_zod.object)({
|
|
37
|
+
id: (0, import_zod.string)(),
|
|
38
|
+
name: (0, import_zod.string)(),
|
|
39
|
+
authorizeURL: (0, import_zod.string)().url(),
|
|
40
|
+
accessToken: (0, import_zod.string)().url(),
|
|
41
|
+
scope: (0, import_zod.string)(),
|
|
42
|
+
userInfo: (0, import_zod.string)().url(),
|
|
43
|
+
responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
|
|
44
|
+
clientId: (0, import_zod.string)(),
|
|
45
|
+
clientSecret: (0, import_zod.string)(),
|
|
46
|
+
profile: import_zod.z.function().optional()
|
|
47
|
+
});
|
|
35
48
|
var OAuthProviderConfigSchema = (0, import_zod.object)({
|
|
36
49
|
authorizeURL: (0, import_zod.string)().url(),
|
|
37
50
|
accessToken: (0, import_zod.string)().url(),
|
|
@@ -107,5 +120,6 @@ var OAuthEnvSchema = (0, import_zod.object)({
|
|
|
107
120
|
OAuthAuthorizationResponse,
|
|
108
121
|
OAuthEnvSchema,
|
|
109
122
|
OAuthErrorResponse,
|
|
110
|
-
OAuthProviderConfigSchema
|
|
123
|
+
OAuthProviderConfigSchema,
|
|
124
|
+
OAuthProviderCredentialsSchema
|
|
111
125
|
});
|
package/dist/schemas.d.ts
CHANGED
|
@@ -1,5 +1,21 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
|
|
3
|
+
declare const OAuthProviderCredentialsSchema: z.ZodObject<{
|
|
4
|
+
id: z.ZodString;
|
|
5
|
+
name: z.ZodString;
|
|
6
|
+
authorizeURL: z.ZodString;
|
|
7
|
+
accessToken: z.ZodString;
|
|
8
|
+
scope: z.ZodString;
|
|
9
|
+
userInfo: z.ZodString;
|
|
10
|
+
responseType: z.ZodEnum<{
|
|
11
|
+
token: "token";
|
|
12
|
+
code: "code";
|
|
13
|
+
id_token: "id_token";
|
|
14
|
+
}>;
|
|
15
|
+
clientId: z.ZodString;
|
|
16
|
+
clientSecret: z.ZodString;
|
|
17
|
+
profile: z.ZodOptional<z.ZodFunction<z.core.$ZodFunctionArgs, z.core.$ZodFunctionOut>>;
|
|
18
|
+
}, z.core.$strip>;
|
|
3
19
|
/**
|
|
4
20
|
* Schema for OAuth Provider Configuration
|
|
5
21
|
*/
|
|
@@ -130,4 +146,4 @@ declare const OAuthEnvSchema: z.ZodObject<{
|
|
|
130
146
|
clientSecret: z.ZodString;
|
|
131
147
|
}, z.core.$strip>;
|
|
132
148
|
|
|
133
|
-
export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema };
|
|
149
|
+
export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema, OAuthProviderCredentialsSchema };
|
package/dist/schemas.js
CHANGED
|
@@ -7,8 +7,9 @@ import {
|
|
|
7
7
|
OAuthAuthorizationResponse,
|
|
8
8
|
OAuthEnvSchema,
|
|
9
9
|
OAuthErrorResponse,
|
|
10
|
-
OAuthProviderConfigSchema
|
|
11
|
-
|
|
10
|
+
OAuthProviderConfigSchema,
|
|
11
|
+
OAuthProviderCredentialsSchema
|
|
12
|
+
} from "./chunk-KJBAQZX2.js";
|
|
12
13
|
export {
|
|
13
14
|
OAuthAccessToken,
|
|
14
15
|
OAuthAccessTokenErrorResponse,
|
|
@@ -18,5 +19,6 @@ export {
|
|
|
18
19
|
OAuthAuthorizationResponse,
|
|
19
20
|
OAuthEnvSchema,
|
|
20
21
|
OAuthErrorResponse,
|
|
21
|
-
OAuthProviderConfigSchema
|
|
22
|
+
OAuthProviderConfigSchema,
|
|
23
|
+
OAuthProviderCredentialsSchema
|
|
22
24
|
};
|
package/dist/secure.cjs
CHANGED
|
@@ -31,14 +31,13 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
31
31
|
var secure_exports = {};
|
|
32
32
|
__export(secure_exports, {
|
|
33
33
|
createCSRF: () => createCSRF,
|
|
34
|
-
createDerivedSalt: () => createDerivedSalt,
|
|
35
34
|
createHash: () => createHash,
|
|
36
35
|
createPKCE: () => createPKCE,
|
|
37
36
|
generateSecure: () => generateSecure,
|
|
38
37
|
verifyCSRF: () => verifyCSRF
|
|
39
38
|
});
|
|
40
39
|
module.exports = __toCommonJS(secure_exports);
|
|
41
|
-
var
|
|
40
|
+
var import_crypto2 = __toESM(require("crypto"), 1);
|
|
42
41
|
|
|
43
42
|
// src/utils.ts
|
|
44
43
|
var import_router = require("@aura-stack/router");
|
|
@@ -62,19 +61,68 @@ var equals = (a, b) => {
|
|
|
62
61
|
};
|
|
63
62
|
|
|
64
63
|
// src/assert.ts
|
|
64
|
+
var import_crypto = require("crypto");
|
|
65
65
|
var isJWTPayloadWithToken = (payload) => {
|
|
66
66
|
return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
|
|
67
67
|
};
|
|
68
|
+
var safeEquals = (a, b) => {
|
|
69
|
+
const bufferA = Buffer.from(a);
|
|
70
|
+
const bufferB = Buffer.from(b);
|
|
71
|
+
if (bufferA.length !== bufferB.length) {
|
|
72
|
+
return false;
|
|
73
|
+
}
|
|
74
|
+
return (0, import_crypto.timingSafeEqual)(bufferA, bufferB);
|
|
75
|
+
};
|
|
76
|
+
|
|
77
|
+
// src/env.ts
|
|
78
|
+
var import_meta = {};
|
|
79
|
+
var env = new Proxy({}, {
|
|
80
|
+
get(_, prop) {
|
|
81
|
+
if (typeof prop !== "string") return void 0;
|
|
82
|
+
const hasProperty = (process2) => {
|
|
83
|
+
return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
|
|
84
|
+
};
|
|
85
|
+
try {
|
|
86
|
+
if (typeof process !== "undefined" && hasProperty(process.env)) {
|
|
87
|
+
return process.env[prop];
|
|
88
|
+
}
|
|
89
|
+
if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
|
|
90
|
+
return import_meta.env[prop];
|
|
91
|
+
}
|
|
92
|
+
if (typeof Deno !== "undefined" && Deno.env?.get) {
|
|
93
|
+
return Deno.env.get(prop);
|
|
94
|
+
}
|
|
95
|
+
if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
|
|
96
|
+
return Bun.env[prop];
|
|
97
|
+
}
|
|
98
|
+
const globalValue = globalThis[prop];
|
|
99
|
+
return typeof globalValue === "string" ? globalValue : void 0;
|
|
100
|
+
} catch {
|
|
101
|
+
return void 0;
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
});
|
|
105
|
+
|
|
106
|
+
// src/jose.ts
|
|
107
|
+
var import_jose = require("@aura-stack/jose");
|
|
108
|
+
var jwtVerificationOptions = {
|
|
109
|
+
algorithms: ["HS256"],
|
|
110
|
+
typ: "JWT"
|
|
111
|
+
};
|
|
68
112
|
|
|
69
113
|
// src/secure.ts
|
|
70
114
|
var generateSecure = (length = 32) => {
|
|
71
|
-
return
|
|
115
|
+
return import_crypto2.default.randomBytes(length).toString("base64url");
|
|
72
116
|
};
|
|
73
117
|
var createHash = (data, base = "hex") => {
|
|
74
|
-
return
|
|
118
|
+
return import_crypto2.default.createHash("sha256").update(data).digest().toString(base);
|
|
75
119
|
};
|
|
76
120
|
var createPKCE = async (verifier) => {
|
|
77
|
-
const
|
|
121
|
+
const byteLength = verifier ? void 0 : Math.floor(Math.random() * (96 - 32 + 1) + 32);
|
|
122
|
+
const codeVerifier = verifier ?? generateSecure(byteLength ?? 64);
|
|
123
|
+
if (codeVerifier.length < 43 || codeVerifier.length > 128) {
|
|
124
|
+
throw new AuthSecurityError("PKCE_VERIFIER_INVALID", "The code verifier must be between 43 and 128 characters in length.");
|
|
125
|
+
}
|
|
78
126
|
const codeChallenge = createHash(codeVerifier, "base64url");
|
|
79
127
|
return { codeVerifier, codeChallenge, method: "S256" };
|
|
80
128
|
};
|
|
@@ -82,7 +130,7 @@ var createCSRF = async (jose, csrfCookie) => {
|
|
|
82
130
|
try {
|
|
83
131
|
const token = generateSecure(32);
|
|
84
132
|
if (csrfCookie) {
|
|
85
|
-
await jose.verifyJWS(csrfCookie);
|
|
133
|
+
await jose.verifyJWS(csrfCookie, jwtVerificationOptions);
|
|
86
134
|
return csrfCookie;
|
|
87
135
|
}
|
|
88
136
|
return jose.signJWS({ token });
|
|
@@ -93,20 +141,18 @@ var createCSRF = async (jose, csrfCookie) => {
|
|
|
93
141
|
};
|
|
94
142
|
var verifyCSRF = async (jose, cookie, header) => {
|
|
95
143
|
try {
|
|
96
|
-
const cookiePayload = await jose.verifyJWS(cookie);
|
|
97
|
-
const headerPayload = await jose.verifyJWS(header);
|
|
144
|
+
const cookiePayload = await jose.verifyJWS(cookie, jwtVerificationOptions);
|
|
145
|
+
const headerPayload = await jose.verifyJWS(header, jwtVerificationOptions);
|
|
98
146
|
if (!isJWTPayloadWithToken(cookiePayload)) {
|
|
99
147
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Cookie payload missing token field.");
|
|
100
148
|
}
|
|
101
149
|
if (!isJWTPayloadWithToken(headerPayload)) {
|
|
102
150
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Header payload missing token field.");
|
|
103
151
|
}
|
|
104
|
-
|
|
105
|
-
const headerBuffer = Buffer.from(headerPayload.token);
|
|
106
|
-
if (!equals(headerBuffer.length, cookieBuffer.length)) {
|
|
152
|
+
if (!equals(cookiePayload.token.length, headerPayload.token.length)) {
|
|
107
153
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
|
|
108
154
|
}
|
|
109
|
-
if (!
|
|
155
|
+
if (!safeEquals(cookiePayload.token, headerPayload.token)) {
|
|
110
156
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
|
|
111
157
|
}
|
|
112
158
|
return true;
|
|
@@ -114,13 +160,9 @@ var verifyCSRF = async (jose, cookie, header) => {
|
|
|
114
160
|
throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
|
|
115
161
|
}
|
|
116
162
|
};
|
|
117
|
-
var createDerivedSalt = (secret) => {
|
|
118
|
-
return import_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
|
|
119
|
-
};
|
|
120
163
|
// Annotate the CommonJS export names for ESM import in node:
|
|
121
164
|
0 && (module.exports = {
|
|
122
165
|
createCSRF,
|
|
123
|
-
createDerivedSalt,
|
|
124
166
|
createHash,
|
|
125
167
|
createPKCE,
|
|
126
168
|
generateSecure,
|
package/dist/secure.d.ts
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
|
-
import { A as AuthRuntimeConfig } from './index-
|
|
1
|
+
import { A as AuthRuntimeConfig } from './index-CSyIJmCM.js';
|
|
2
2
|
import 'zod';
|
|
3
3
|
import './schemas.js';
|
|
4
|
-
import '
|
|
4
|
+
import './jose.js';
|
|
5
5
|
import '@aura-stack/jose';
|
|
6
6
|
import '@aura-stack/jose/jose';
|
|
7
|
+
import '@aura-stack/router/cookie';
|
|
7
8
|
import './@types/utility.js';
|
|
8
9
|
|
|
9
10
|
declare const generateSecure: (length?: number) => string;
|
|
@@ -30,12 +31,5 @@ declare const createPKCE: (verifier?: string) => Promise<{
|
|
|
30
31
|
*/
|
|
31
32
|
declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
|
|
32
33
|
declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>;
|
|
33
|
-
/**
|
|
34
|
-
* Creates a deterministic derived salt from the provided secret.
|
|
35
|
-
*
|
|
36
|
-
* @param secret the base secret to derive the salt from
|
|
37
|
-
* @returns the derived salt as a hexadecimal string
|
|
38
|
-
*/
|
|
39
|
-
declare const createDerivedSalt: (secret: string) => string;
|
|
40
34
|
|
|
41
|
-
export { createCSRF,
|
|
35
|
+
export { createCSRF, createHash, createPKCE, generateSecure, verifyCSRF };
|
package/dist/secure.js
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
import {
|
|
2
2
|
createCSRF,
|
|
3
|
-
createDerivedSalt,
|
|
4
3
|
createHash,
|
|
5
4
|
createPKCE,
|
|
6
5
|
generateSecure,
|
|
7
6
|
verifyCSRF
|
|
8
|
-
} from "./chunk-
|
|
9
|
-
import "./chunk-
|
|
10
|
-
import "./chunk-
|
|
7
|
+
} from "./chunk-NUDITUKX.js";
|
|
8
|
+
import "./chunk-4EKY7655.js";
|
|
9
|
+
import "./chunk-QQVSRXGX.js";
|
|
10
|
+
import "./chunk-FRJFWTOY.js";
|
|
11
|
+
import "./chunk-4MYWAOLG.js";
|
|
11
12
|
import "./chunk-RRLIF4PQ.js";
|
|
12
13
|
export {
|
|
13
14
|
createCSRF,
|
|
14
|
-
createDerivedSalt,
|
|
15
15
|
createHash,
|
|
16
16
|
createPKCE,
|
|
17
17
|
generateSecure,
|