@aura-stack/auth 0.4.0-rc.4 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. package/dist/@types/index.d.ts +4 -3
  2. package/dist/@types/router.d.cjs +0 -17
  3. package/dist/@types/router.d.d.ts +3 -2
  4. package/dist/@types/router.d.js +0 -1
  5. package/dist/actions/callback/access-token.cjs +40 -25
  6. package/dist/actions/callback/access-token.d.ts +4 -3
  7. package/dist/actions/callback/access-token.js +3 -4
  8. package/dist/actions/callback/callback.cjs +287 -77
  9. package/dist/actions/callback/callback.d.ts +5 -26
  10. package/dist/actions/callback/callback.js +13 -10
  11. package/dist/actions/callback/userinfo.cjs +68 -7
  12. package/dist/actions/callback/userinfo.d.ts +4 -3
  13. package/dist/actions/callback/userinfo.js +8 -6
  14. package/dist/actions/csrfToken/csrfToken.cjs +63 -4
  15. package/dist/actions/csrfToken/csrfToken.d.ts +1 -3
  16. package/dist/actions/csrfToken/csrfToken.js +8 -6
  17. package/dist/actions/index.cjs +400 -175
  18. package/dist/actions/index.d.ts +3 -2
  19. package/dist/actions/index.js +21 -19
  20. package/dist/actions/session/session.cjs +40 -11
  21. package/dist/actions/session/session.d.ts +1 -3
  22. package/dist/actions/session/session.js +4 -4
  23. package/dist/actions/signIn/authorization.cjs +171 -132
  24. package/dist/actions/signIn/authorization.d.ts +21 -11
  25. package/dist/actions/signIn/authorization.js +8 -6
  26. package/dist/actions/signIn/signIn.cjs +220 -113
  27. package/dist/actions/signIn/signIn.d.ts +5 -25
  28. package/dist/actions/signIn/signIn.js +9 -7
  29. package/dist/actions/signOut/signOut.cjs +268 -119
  30. package/dist/actions/signOut/signOut.d.ts +1 -9
  31. package/dist/actions/signOut/signOut.js +10 -8
  32. package/dist/assert.cjs +117 -5
  33. package/dist/assert.d.ts +22 -3
  34. package/dist/assert.js +17 -3
  35. package/dist/chunk-4EKY7655.js +123 -0
  36. package/dist/chunk-4MYWAOLG.js +31 -0
  37. package/dist/chunk-4YHJ4IEQ.js +25 -0
  38. package/dist/chunk-54CZPKR4.js +25 -0
  39. package/dist/chunk-5LZ7TOM3.js +25 -0
  40. package/dist/{chunk-W6LG7BFW.js → chunk-5W4BRQYG.js} +24 -20
  41. package/dist/chunk-6MXFPFR3.js +143 -0
  42. package/dist/{chunk-3EUWD5BB.js → chunk-7QF22LHP.js} +13 -9
  43. package/dist/chunk-ALG3GIV4.js +95 -0
  44. package/dist/chunk-E6G5YCI6.js +25 -0
  45. package/dist/chunk-EBAMFRB7.js +34 -0
  46. package/dist/chunk-EEE7UM5T.js +25 -0
  47. package/dist/{chunk-TLE4PXY3.js → chunk-FRJFWTOY.js} +38 -7
  48. package/dist/chunk-FW4W3REU.js +25 -0
  49. package/dist/{chunk-HT4YLL7N.js → chunk-ICAZ4OVS.js} +10 -8
  50. package/dist/chunk-IPKO6UQN.js +25 -0
  51. package/dist/{chunk-YRCB5FLE.js → chunk-KJBAQZX2.js} +13 -0
  52. package/dist/chunk-KMMAZFSJ.js +25 -0
  53. package/dist/chunk-LDU7A2JE.js +25 -0
  54. package/dist/{chunk-N2APGLXA.js → chunk-NUDITUKX.js} +18 -16
  55. package/dist/chunk-OVHNRULD.js +33 -0
  56. package/dist/{chunk-JVFTCTTE.js → chunk-PHFH2MGS.js} +12 -9
  57. package/dist/chunk-QQVSRXGX.js +149 -0
  58. package/dist/chunk-TM5IPSNF.js +113 -0
  59. package/dist/{chunk-GA2SMTJO.js → chunk-TZB6MUXN.js} +33 -13
  60. package/dist/chunk-VNCNJKS2.js +267 -0
  61. package/dist/{chunk-IVET23KF.js → chunk-XGLBNXL4.js} +31 -14
  62. package/dist/chunk-XUP6KKNG.js +106 -0
  63. package/dist/cookie.cjs +24 -20
  64. package/dist/cookie.d.ts +4 -3
  65. package/dist/cookie.js +1 -1
  66. package/dist/env.cjs +56 -0
  67. package/dist/env.d.ts +7 -0
  68. package/dist/env.js +6 -0
  69. package/dist/errors.d.ts +4 -3
  70. package/dist/headers.cjs +28 -2
  71. package/dist/headers.d.ts +25 -1
  72. package/dist/headers.js +9 -3
  73. package/dist/{index-DkaLJFn8.d.ts → index-CSyIJmCM.d.ts} +373 -45
  74. package/dist/index.cjs +1128 -483
  75. package/dist/index.d.ts +6 -10
  76. package/dist/index.js +83 -42
  77. package/dist/jose.cjs +62 -25
  78. package/dist/jose.d.ts +7 -5
  79. package/dist/jose.js +8 -6
  80. package/dist/logger.cjs +292 -0
  81. package/dist/logger.d.ts +8 -0
  82. package/dist/logger.js +8 -0
  83. package/dist/oauth/bitbucket.cjs +19 -15
  84. package/dist/oauth/bitbucket.d.ts +3 -2
  85. package/dist/oauth/bitbucket.js +1 -1
  86. package/dist/oauth/discord.cjs +27 -24
  87. package/dist/oauth/discord.d.ts +3 -2
  88. package/dist/oauth/discord.js +1 -1
  89. package/dist/oauth/figma.cjs +19 -16
  90. package/dist/oauth/figma.d.ts +3 -2
  91. package/dist/oauth/figma.js +1 -1
  92. package/dist/oauth/github.cjs +19 -8
  93. package/dist/oauth/github.d.ts +3 -2
  94. package/dist/oauth/github.js +1 -1
  95. package/dist/oauth/gitlab.cjs +19 -16
  96. package/dist/oauth/gitlab.d.ts +3 -2
  97. package/dist/oauth/gitlab.js +1 -1
  98. package/dist/oauth/index.cjs +266 -166
  99. package/dist/oauth/index.d.ts +3 -2
  100. package/dist/oauth/index.js +22 -21
  101. package/dist/oauth/mailchimp.cjs +19 -16
  102. package/dist/oauth/mailchimp.d.ts +3 -2
  103. package/dist/oauth/mailchimp.js +1 -1
  104. package/dist/oauth/pinterest.cjs +19 -16
  105. package/dist/oauth/pinterest.d.ts +3 -2
  106. package/dist/oauth/pinterest.js +1 -1
  107. package/dist/oauth/spotify.cjs +19 -16
  108. package/dist/oauth/spotify.d.ts +3 -2
  109. package/dist/oauth/spotify.js +1 -1
  110. package/dist/oauth/strava.cjs +19 -16
  111. package/dist/oauth/strava.d.ts +3 -2
  112. package/dist/oauth/strava.js +1 -1
  113. package/dist/oauth/x.cjs +19 -16
  114. package/dist/oauth/x.d.ts +3 -2
  115. package/dist/oauth/x.js +1 -1
  116. package/dist/schemas.cjs +16 -2
  117. package/dist/schemas.d.ts +17 -1
  118. package/dist/schemas.js +5 -3
  119. package/dist/secure.cjs +58 -16
  120. package/dist/secure.d.ts +4 -10
  121. package/dist/secure.js +5 -5
  122. package/dist/utils.cjs +94 -87
  123. package/dist/utils.d.ts +9 -39
  124. package/dist/utils.js +11 -9
  125. package/package.json +3 -4
  126. package/dist/chunk-42XB3YCW.js +0 -22
  127. package/dist/chunk-6R2YZ4AC.js +0 -22
  128. package/dist/chunk-A3N4PVAT.js +0 -70
  129. package/dist/chunk-B737EUJV.js +0 -22
  130. package/dist/chunk-CXLATHS5.js +0 -143
  131. package/dist/chunk-DIVDFNAP.js +0 -0
  132. package/dist/chunk-E3OXBRYF.js +0 -22
  133. package/dist/chunk-EIL2FPSS.js +0 -22
  134. package/dist/chunk-EMKJA2GJ.js +0 -89
  135. package/dist/chunk-FIPU4MLT.js +0 -21
  136. package/dist/chunk-FKRDCWBF.js +0 -22
  137. package/dist/chunk-HP34YGGJ.js +0 -22
  138. package/dist/chunk-IKHPGFCW.js +0 -14
  139. package/dist/chunk-IUYZQTJV.js +0 -30
  140. package/dist/chunk-KRNOMBXQ.js +0 -22
  141. package/dist/chunk-KSWLO5ZU.js +0 -102
  142. package/dist/chunk-N4SX7TZT.js +0 -96
  143. package/dist/chunk-STHEPPUZ.js +0 -11
@@ -23,22 +23,25 @@ __export(pinterest_exports, {
23
23
  pinterest: () => pinterest
24
24
  });
25
25
  module.exports = __toCommonJS(pinterest_exports);
26
- var pinterest = {
27
- id: "pinterest",
28
- name: "Pinterest",
29
- authorizeURL: "https://api.pinterest.com/oauth/",
30
- accessToken: "https://api.pinterest.com/v5/oauth/token",
31
- userInfo: "https://api.pinterest.com/v5/user_account",
32
- scope: "user_accounts:read",
33
- responseType: "code",
34
- profile(profile) {
35
- return {
36
- sub: profile.id,
37
- name: profile.username,
38
- email: null,
39
- image: profile.profile_image
40
- };
41
- }
26
+ var pinterest = (options) => {
27
+ return {
28
+ id: "pinterest",
29
+ name: "Pinterest",
30
+ authorizeURL: "https://www.pinterest.com/oauth",
31
+ accessToken: "https://api.pinterest.com/v5/oauth/token",
32
+ userInfo: "https://api.pinterest.com/v5/user_account",
33
+ scope: "user_accounts:read",
34
+ responseType: "code",
35
+ profile(profile) {
36
+ return {
37
+ sub: profile.id,
38
+ name: profile.username,
39
+ image: profile.profile_image,
40
+ email: void 0
41
+ };
42
+ },
43
+ ...options
44
+ };
42
45
  };
43
46
  // Annotate the CommonJS export names for ESM import in node:
44
47
  0 && (module.exports = {
@@ -1,7 +1,8 @@
1
- export { P as PinterestProfile, p as pinterest } from '../index-DkaLJFn8.js';
1
+ export { P as PinterestProfile, p as pinterest } from '../index-CSyIJmCM.js';
2
2
  import '../@types/utility.js';
3
3
  import 'zod';
4
4
  import '../schemas.js';
5
- import '@aura-stack/router/cookie';
5
+ import '../jose.js';
6
6
  import '@aura-stack/jose';
7
7
  import '@aura-stack/jose/jose';
8
+ import '@aura-stack/router/cookie';
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  pinterest
3
- } from "../chunk-HP34YGGJ.js";
3
+ } from "../chunk-E6G5YCI6.js";
4
4
  export {
5
5
  pinterest
6
6
  };
@@ -23,22 +23,25 @@ __export(spotify_exports, {
23
23
  spotify: () => spotify
24
24
  });
25
25
  module.exports = __toCommonJS(spotify_exports);
26
- var spotify = {
27
- id: "spotify",
28
- name: "Spotify",
29
- authorizeURL: "https://accounts.spotify.com/authorize",
30
- accessToken: "https://accounts.spotify.com/api/token",
31
- userInfo: "https://api.spotify.com/v1/me",
32
- scope: "user-read-email user-read-private",
33
- responseType: "token",
34
- profile(profile) {
35
- return {
36
- sub: profile.id,
37
- name: profile.display_name,
38
- email: profile.email,
39
- image: profile.images?.[0]?.url
40
- };
41
- }
26
+ var spotify = (options) => {
27
+ return {
28
+ id: "spotify",
29
+ name: "Spotify",
30
+ authorizeURL: "https://accounts.spotify.com/authorize",
31
+ accessToken: "https://accounts.spotify.com/api/token",
32
+ userInfo: "https://api.spotify.com/v1/me",
33
+ scope: "user-read-private user-read-email",
34
+ responseType: "code",
35
+ profile(profile) {
36
+ return {
37
+ sub: profile.id,
38
+ name: profile.display_name,
39
+ email: profile.email,
40
+ image: profile.images[0]?.url ?? void 0
41
+ };
42
+ },
43
+ ...options
44
+ };
42
45
  };
43
46
  // Annotate the CommonJS export names for ESM import in node:
44
47
  0 && (module.exports = {
@@ -1,7 +1,8 @@
1
- export { I as Image, o as SpotifyProfile, q as spotify } from '../index-DkaLJFn8.js';
1
+ export { u as SpotifyImage, v as SpotifyProfile, w as spotify } from '../index-CSyIJmCM.js';
2
2
  import 'zod';
3
3
  import '../schemas.js';
4
- import '@aura-stack/router/cookie';
4
+ import '../jose.js';
5
5
  import '@aura-stack/jose';
6
6
  import '@aura-stack/jose/jose';
7
+ import '@aura-stack/router/cookie';
7
8
  import '../@types/utility.js';
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  spotify
3
- } from "../chunk-E3OXBRYF.js";
3
+ } from "../chunk-IPKO6UQN.js";
4
4
  export {
5
5
  spotify
6
6
  };
@@ -23,22 +23,25 @@ __export(strava_exports, {
23
23
  strava: () => strava
24
24
  });
25
25
  module.exports = __toCommonJS(strava_exports);
26
- var strava = {
27
- id: "strava",
28
- name: "Strava",
29
- authorizeURL: "https://www.strava.com/oauth/authorize",
30
- accessToken: "https://www.strava.com/oauth/token",
31
- userInfo: "https://www.strava.com/api/v3/athlete",
32
- scope: "read",
33
- responseType: "code",
34
- profile(profile) {
35
- return {
36
- sub: profile.id.toString(),
37
- name: `${profile.firstname} ${profile.lastname}`,
38
- image: profile.profile,
39
- email: ""
40
- };
41
- }
26
+ var strava = (options) => {
27
+ return {
28
+ id: "strava",
29
+ name: "Strava",
30
+ authorizeURL: "https://www.strava.com/oauth/authorize",
31
+ accessToken: "https://www.strava.com/oauth/token",
32
+ userInfo: "https://www.strava.com/api/v3/athlete",
33
+ scope: "read",
34
+ responseType: "code",
35
+ profile(profile) {
36
+ return {
37
+ sub: profile.id.toString(),
38
+ name: `${profile.firstname} ${profile.lastname}`,
39
+ image: profile.profile,
40
+ email: void 0
41
+ };
42
+ },
43
+ ...options
44
+ };
42
45
  };
43
46
  // Annotate the CommonJS export names for ESM import in node:
44
47
  0 && (module.exports = {
@@ -1,7 +1,8 @@
1
- export { n as StravaProfile, k as SummaryClub, l as SummaryGear, s as strava } from '../index-DkaLJFn8.js';
1
+ export { s as StravaProfile, q as SummaryClub, r as SummaryGear, t as strava } from '../index-CSyIJmCM.js';
2
2
  import 'zod';
3
3
  import '../schemas.js';
4
- import '@aura-stack/router/cookie';
4
+ import '../jose.js';
5
5
  import '@aura-stack/jose';
6
6
  import '@aura-stack/jose/jose';
7
+ import '@aura-stack/router/cookie';
7
8
  import '../@types/utility.js';
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  strava
3
- } from "../chunk-6R2YZ4AC.js";
3
+ } from "../chunk-54CZPKR4.js";
4
4
  export {
5
5
  strava
6
6
  };
package/dist/oauth/x.cjs CHANGED
@@ -23,22 +23,25 @@ __export(x_exports, {
23
23
  x: () => x
24
24
  });
25
25
  module.exports = __toCommonJS(x_exports);
26
- var x = {
27
- id: "x",
28
- name: "X",
29
- authorizeURL: "https://x.com/i/oauth2/authorize",
30
- accessToken: "https://api.x.com/2/oauth2/token",
31
- userInfo: "https://api.x.com/2/users/me?user.fields=profile_image_url",
32
- scope: "users.read users.email tweet.read offline.access",
33
- responseType: "code",
34
- profile({ data }) {
35
- return {
36
- sub: data.id,
37
- name: data.name,
38
- image: data.profile_image_url,
39
- email: ""
40
- };
41
- }
26
+ var x = (options) => {
27
+ return {
28
+ id: "x",
29
+ name: "X",
30
+ authorizeURL: "https://twitter.com/i/oauth2/authorize",
31
+ accessToken: "https://api.twitter.com/2/oauth2/token",
32
+ userInfo: "https://api.twitter.com/2/users/me?user.fields=profile_image_url",
33
+ scope: "tweet.read users.read offline.access",
34
+ responseType: "code",
35
+ profile(profile) {
36
+ return {
37
+ sub: profile.data.id,
38
+ name: profile.data.name,
39
+ image: profile.data.profile_image_url,
40
+ email: void 0
41
+ };
42
+ },
43
+ ...options
44
+ };
42
45
  };
43
46
  // Annotate the CommonJS export names for ESM import in node:
44
47
  0 && (module.exports = {
package/dist/oauth/x.d.ts CHANGED
@@ -1,7 +1,8 @@
1
- export { X as XProfile, x } from '../index-DkaLJFn8.js';
1
+ export { X as XProfile, x } from '../index-CSyIJmCM.js';
2
2
  import 'zod';
3
3
  import '../schemas.js';
4
- import '@aura-stack/router/cookie';
4
+ import '../jose.js';
5
5
  import '@aura-stack/jose';
6
6
  import '@aura-stack/jose/jose';
7
+ import '@aura-stack/router/cookie';
7
8
  import '../@types/utility.js';
package/dist/oauth/x.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  x
3
- } from "../chunk-42XB3YCW.js";
3
+ } from "../chunk-EEE7UM5T.js";
4
4
  export {
5
5
  x
6
6
  };
package/dist/schemas.cjs CHANGED
@@ -28,10 +28,23 @@ __export(schemas_exports, {
28
28
  OAuthAuthorizationResponse: () => OAuthAuthorizationResponse,
29
29
  OAuthEnvSchema: () => OAuthEnvSchema,
30
30
  OAuthErrorResponse: () => OAuthErrorResponse,
31
- OAuthProviderConfigSchema: () => OAuthProviderConfigSchema
31
+ OAuthProviderConfigSchema: () => OAuthProviderConfigSchema,
32
+ OAuthProviderCredentialsSchema: () => OAuthProviderCredentialsSchema
32
33
  });
33
34
  module.exports = __toCommonJS(schemas_exports);
34
35
  var import_zod = require("zod");
36
+ var OAuthProviderCredentialsSchema = (0, import_zod.object)({
37
+ id: (0, import_zod.string)(),
38
+ name: (0, import_zod.string)(),
39
+ authorizeURL: (0, import_zod.string)().url(),
40
+ accessToken: (0, import_zod.string)().url(),
41
+ scope: (0, import_zod.string)(),
42
+ userInfo: (0, import_zod.string)().url(),
43
+ responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
44
+ clientId: (0, import_zod.string)(),
45
+ clientSecret: (0, import_zod.string)(),
46
+ profile: import_zod.z.function().optional()
47
+ });
35
48
  var OAuthProviderConfigSchema = (0, import_zod.object)({
36
49
  authorizeURL: (0, import_zod.string)().url(),
37
50
  accessToken: (0, import_zod.string)().url(),
@@ -107,5 +120,6 @@ var OAuthEnvSchema = (0, import_zod.object)({
107
120
  OAuthAuthorizationResponse,
108
121
  OAuthEnvSchema,
109
122
  OAuthErrorResponse,
110
- OAuthProviderConfigSchema
123
+ OAuthProviderConfigSchema,
124
+ OAuthProviderCredentialsSchema
111
125
  });
package/dist/schemas.d.ts CHANGED
@@ -1,5 +1,21 @@
1
1
  import { z } from 'zod';
2
2
 
3
+ declare const OAuthProviderCredentialsSchema: z.ZodObject<{
4
+ id: z.ZodString;
5
+ name: z.ZodString;
6
+ authorizeURL: z.ZodString;
7
+ accessToken: z.ZodString;
8
+ scope: z.ZodString;
9
+ userInfo: z.ZodString;
10
+ responseType: z.ZodEnum<{
11
+ token: "token";
12
+ code: "code";
13
+ id_token: "id_token";
14
+ }>;
15
+ clientId: z.ZodString;
16
+ clientSecret: z.ZodString;
17
+ profile: z.ZodOptional<z.ZodFunction<z.core.$ZodFunctionArgs, z.core.$ZodFunctionOut>>;
18
+ }, z.core.$strip>;
3
19
  /**
4
20
  * Schema for OAuth Provider Configuration
5
21
  */
@@ -130,4 +146,4 @@ declare const OAuthEnvSchema: z.ZodObject<{
130
146
  clientSecret: z.ZodString;
131
147
  }, z.core.$strip>;
132
148
 
133
- export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema };
149
+ export { OAuthAccessToken, OAuthAccessTokenErrorResponse, OAuthAccessTokenResponse, OAuthAuthorization, OAuthAuthorizationErrorResponse, OAuthAuthorizationResponse, OAuthEnvSchema, OAuthErrorResponse, OAuthProviderConfigSchema, OAuthProviderCredentialsSchema };
package/dist/schemas.js CHANGED
@@ -7,8 +7,9 @@ import {
7
7
  OAuthAuthorizationResponse,
8
8
  OAuthEnvSchema,
9
9
  OAuthErrorResponse,
10
- OAuthProviderConfigSchema
11
- } from "./chunk-YRCB5FLE.js";
10
+ OAuthProviderConfigSchema,
11
+ OAuthProviderCredentialsSchema
12
+ } from "./chunk-KJBAQZX2.js";
12
13
  export {
13
14
  OAuthAccessToken,
14
15
  OAuthAccessTokenErrorResponse,
@@ -18,5 +19,6 @@ export {
18
19
  OAuthAuthorizationResponse,
19
20
  OAuthEnvSchema,
20
21
  OAuthErrorResponse,
21
- OAuthProviderConfigSchema
22
+ OAuthProviderConfigSchema,
23
+ OAuthProviderCredentialsSchema
22
24
  };
package/dist/secure.cjs CHANGED
@@ -31,14 +31,13 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
31
31
  var secure_exports = {};
32
32
  __export(secure_exports, {
33
33
  createCSRF: () => createCSRF,
34
- createDerivedSalt: () => createDerivedSalt,
35
34
  createHash: () => createHash,
36
35
  createPKCE: () => createPKCE,
37
36
  generateSecure: () => generateSecure,
38
37
  verifyCSRF: () => verifyCSRF
39
38
  });
40
39
  module.exports = __toCommonJS(secure_exports);
41
- var import_crypto = __toESM(require("crypto"), 1);
40
+ var import_crypto2 = __toESM(require("crypto"), 1);
42
41
 
43
42
  // src/utils.ts
44
43
  var import_router = require("@aura-stack/router");
@@ -62,19 +61,68 @@ var equals = (a, b) => {
62
61
  };
63
62
 
64
63
  // src/assert.ts
64
+ var import_crypto = require("crypto");
65
65
  var isJWTPayloadWithToken = (payload) => {
66
66
  return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
67
67
  };
68
+ var safeEquals = (a, b) => {
69
+ const bufferA = Buffer.from(a);
70
+ const bufferB = Buffer.from(b);
71
+ if (bufferA.length !== bufferB.length) {
72
+ return false;
73
+ }
74
+ return (0, import_crypto.timingSafeEqual)(bufferA, bufferB);
75
+ };
76
+
77
+ // src/env.ts
78
+ var import_meta = {};
79
+ var env = new Proxy({}, {
80
+ get(_, prop) {
81
+ if (typeof prop !== "string") return void 0;
82
+ const hasProperty = (process2) => {
83
+ return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
84
+ };
85
+ try {
86
+ if (typeof process !== "undefined" && hasProperty(process.env)) {
87
+ return process.env[prop];
88
+ }
89
+ if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
90
+ return import_meta.env[prop];
91
+ }
92
+ if (typeof Deno !== "undefined" && Deno.env?.get) {
93
+ return Deno.env.get(prop);
94
+ }
95
+ if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
96
+ return Bun.env[prop];
97
+ }
98
+ const globalValue = globalThis[prop];
99
+ return typeof globalValue === "string" ? globalValue : void 0;
100
+ } catch {
101
+ return void 0;
102
+ }
103
+ }
104
+ });
105
+
106
+ // src/jose.ts
107
+ var import_jose = require("@aura-stack/jose");
108
+ var jwtVerificationOptions = {
109
+ algorithms: ["HS256"],
110
+ typ: "JWT"
111
+ };
68
112
 
69
113
  // src/secure.ts
70
114
  var generateSecure = (length = 32) => {
71
- return import_crypto.default.randomBytes(length).toString("base64url");
115
+ return import_crypto2.default.randomBytes(length).toString("base64url");
72
116
  };
73
117
  var createHash = (data, base = "hex") => {
74
- return import_crypto.default.createHash("sha256").update(data).digest().toString(base);
118
+ return import_crypto2.default.createHash("sha256").update(data).digest().toString(base);
75
119
  };
76
120
  var createPKCE = async (verifier) => {
77
- const codeVerifier = verifier ?? generateSecure(86);
121
+ const byteLength = verifier ? void 0 : Math.floor(Math.random() * (96 - 32 + 1) + 32);
122
+ const codeVerifier = verifier ?? generateSecure(byteLength ?? 64);
123
+ if (codeVerifier.length < 43 || codeVerifier.length > 128) {
124
+ throw new AuthSecurityError("PKCE_VERIFIER_INVALID", "The code verifier must be between 43 and 128 characters in length.");
125
+ }
78
126
  const codeChallenge = createHash(codeVerifier, "base64url");
79
127
  return { codeVerifier, codeChallenge, method: "S256" };
80
128
  };
@@ -82,7 +130,7 @@ var createCSRF = async (jose, csrfCookie) => {
82
130
  try {
83
131
  const token = generateSecure(32);
84
132
  if (csrfCookie) {
85
- await jose.verifyJWS(csrfCookie);
133
+ await jose.verifyJWS(csrfCookie, jwtVerificationOptions);
86
134
  return csrfCookie;
87
135
  }
88
136
  return jose.signJWS({ token });
@@ -93,20 +141,18 @@ var createCSRF = async (jose, csrfCookie) => {
93
141
  };
94
142
  var verifyCSRF = async (jose, cookie, header) => {
95
143
  try {
96
- const cookiePayload = await jose.verifyJWS(cookie);
97
- const headerPayload = await jose.verifyJWS(header);
144
+ const cookiePayload = await jose.verifyJWS(cookie, jwtVerificationOptions);
145
+ const headerPayload = await jose.verifyJWS(header, jwtVerificationOptions);
98
146
  if (!isJWTPayloadWithToken(cookiePayload)) {
99
147
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Cookie payload missing token field.");
100
148
  }
101
149
  if (!isJWTPayloadWithToken(headerPayload)) {
102
150
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Header payload missing token field.");
103
151
  }
104
- const cookieBuffer = Buffer.from(cookiePayload.token);
105
- const headerBuffer = Buffer.from(headerPayload.token);
106
- if (!equals(headerBuffer.length, cookieBuffer.length)) {
152
+ if (!equals(cookiePayload.token.length, headerPayload.token.length)) {
107
153
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
108
154
  }
109
- if (!import_crypto.default.timingSafeEqual(cookieBuffer, headerBuffer)) {
155
+ if (!safeEquals(cookiePayload.token, headerPayload.token)) {
110
156
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
111
157
  }
112
158
  return true;
@@ -114,13 +160,9 @@ var verifyCSRF = async (jose, cookie, header) => {
114
160
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
115
161
  }
116
162
  };
117
- var createDerivedSalt = (secret) => {
118
- return import_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
119
- };
120
163
  // Annotate the CommonJS export names for ESM import in node:
121
164
  0 && (module.exports = {
122
165
  createCSRF,
123
- createDerivedSalt,
124
166
  createHash,
125
167
  createPKCE,
126
168
  generateSecure,
package/dist/secure.d.ts CHANGED
@@ -1,9 +1,10 @@
1
- import { A as AuthRuntimeConfig } from './index-DkaLJFn8.js';
1
+ import { A as AuthRuntimeConfig } from './index-CSyIJmCM.js';
2
2
  import 'zod';
3
3
  import './schemas.js';
4
- import '@aura-stack/router/cookie';
4
+ import './jose.js';
5
5
  import '@aura-stack/jose';
6
6
  import '@aura-stack/jose/jose';
7
+ import '@aura-stack/router/cookie';
7
8
  import './@types/utility.js';
8
9
 
9
10
  declare const generateSecure: (length?: number) => string;
@@ -30,12 +31,5 @@ declare const createPKCE: (verifier?: string) => Promise<{
30
31
  */
31
32
  declare const createCSRF: (jose: AuthRuntimeConfig["jose"], csrfCookie?: string) => Promise<string>;
32
33
  declare const verifyCSRF: (jose: AuthRuntimeConfig["jose"], cookie: string, header: string) => Promise<boolean>;
33
- /**
34
- * Creates a deterministic derived salt from the provided secret.
35
- *
36
- * @param secret the base secret to derive the salt from
37
- * @returns the derived salt as a hexadecimal string
38
- */
39
- declare const createDerivedSalt: (secret: string) => string;
40
34
 
41
- export { createCSRF, createDerivedSalt, createHash, createPKCE, generateSecure, verifyCSRF };
35
+ export { createCSRF, createHash, createPKCE, generateSecure, verifyCSRF };
package/dist/secure.js CHANGED
@@ -1,17 +1,17 @@
1
1
  import {
2
2
  createCSRF,
3
- createDerivedSalt,
4
3
  createHash,
5
4
  createPKCE,
6
5
  generateSecure,
7
6
  verifyCSRF
8
- } from "./chunk-N2APGLXA.js";
9
- import "./chunk-CXLATHS5.js";
10
- import "./chunk-EIL2FPSS.js";
7
+ } from "./chunk-NUDITUKX.js";
8
+ import "./chunk-4EKY7655.js";
9
+ import "./chunk-QQVSRXGX.js";
10
+ import "./chunk-FRJFWTOY.js";
11
+ import "./chunk-4MYWAOLG.js";
11
12
  import "./chunk-RRLIF4PQ.js";
12
13
  export {
13
14
  createCSRF,
14
- createDerivedSalt,
15
15
  createHash,
16
16
  createPKCE,
17
17
  generateSecure,