@aura-stack/auth 0.4.0-rc.4 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. package/dist/@types/index.d.ts +4 -3
  2. package/dist/@types/router.d.cjs +0 -17
  3. package/dist/@types/router.d.d.ts +3 -2
  4. package/dist/@types/router.d.js +0 -1
  5. package/dist/actions/callback/access-token.cjs +40 -25
  6. package/dist/actions/callback/access-token.d.ts +4 -3
  7. package/dist/actions/callback/access-token.js +3 -4
  8. package/dist/actions/callback/callback.cjs +287 -77
  9. package/dist/actions/callback/callback.d.ts +5 -26
  10. package/dist/actions/callback/callback.js +13 -10
  11. package/dist/actions/callback/userinfo.cjs +68 -7
  12. package/dist/actions/callback/userinfo.d.ts +4 -3
  13. package/dist/actions/callback/userinfo.js +8 -6
  14. package/dist/actions/csrfToken/csrfToken.cjs +63 -4
  15. package/dist/actions/csrfToken/csrfToken.d.ts +1 -3
  16. package/dist/actions/csrfToken/csrfToken.js +8 -6
  17. package/dist/actions/index.cjs +400 -175
  18. package/dist/actions/index.d.ts +3 -2
  19. package/dist/actions/index.js +21 -19
  20. package/dist/actions/session/session.cjs +40 -11
  21. package/dist/actions/session/session.d.ts +1 -3
  22. package/dist/actions/session/session.js +4 -4
  23. package/dist/actions/signIn/authorization.cjs +171 -132
  24. package/dist/actions/signIn/authorization.d.ts +21 -11
  25. package/dist/actions/signIn/authorization.js +8 -6
  26. package/dist/actions/signIn/signIn.cjs +220 -113
  27. package/dist/actions/signIn/signIn.d.ts +5 -25
  28. package/dist/actions/signIn/signIn.js +9 -7
  29. package/dist/actions/signOut/signOut.cjs +268 -119
  30. package/dist/actions/signOut/signOut.d.ts +1 -9
  31. package/dist/actions/signOut/signOut.js +10 -8
  32. package/dist/assert.cjs +117 -5
  33. package/dist/assert.d.ts +22 -3
  34. package/dist/assert.js +17 -3
  35. package/dist/chunk-4EKY7655.js +123 -0
  36. package/dist/chunk-4MYWAOLG.js +31 -0
  37. package/dist/chunk-4YHJ4IEQ.js +25 -0
  38. package/dist/chunk-54CZPKR4.js +25 -0
  39. package/dist/chunk-5LZ7TOM3.js +25 -0
  40. package/dist/{chunk-W6LG7BFW.js → chunk-5W4BRQYG.js} +24 -20
  41. package/dist/chunk-6MXFPFR3.js +143 -0
  42. package/dist/{chunk-3EUWD5BB.js → chunk-7QF22LHP.js} +13 -9
  43. package/dist/chunk-ALG3GIV4.js +95 -0
  44. package/dist/chunk-E6G5YCI6.js +25 -0
  45. package/dist/chunk-EBAMFRB7.js +34 -0
  46. package/dist/chunk-EEE7UM5T.js +25 -0
  47. package/dist/{chunk-TLE4PXY3.js → chunk-FRJFWTOY.js} +38 -7
  48. package/dist/chunk-FW4W3REU.js +25 -0
  49. package/dist/{chunk-HT4YLL7N.js → chunk-ICAZ4OVS.js} +10 -8
  50. package/dist/chunk-IPKO6UQN.js +25 -0
  51. package/dist/{chunk-YRCB5FLE.js → chunk-KJBAQZX2.js} +13 -0
  52. package/dist/chunk-KMMAZFSJ.js +25 -0
  53. package/dist/chunk-LDU7A2JE.js +25 -0
  54. package/dist/{chunk-N2APGLXA.js → chunk-NUDITUKX.js} +18 -16
  55. package/dist/chunk-OVHNRULD.js +33 -0
  56. package/dist/{chunk-JVFTCTTE.js → chunk-PHFH2MGS.js} +12 -9
  57. package/dist/chunk-QQVSRXGX.js +149 -0
  58. package/dist/chunk-TM5IPSNF.js +113 -0
  59. package/dist/{chunk-GA2SMTJO.js → chunk-TZB6MUXN.js} +33 -13
  60. package/dist/chunk-VNCNJKS2.js +267 -0
  61. package/dist/{chunk-IVET23KF.js → chunk-XGLBNXL4.js} +31 -14
  62. package/dist/chunk-XUP6KKNG.js +106 -0
  63. package/dist/cookie.cjs +24 -20
  64. package/dist/cookie.d.ts +4 -3
  65. package/dist/cookie.js +1 -1
  66. package/dist/env.cjs +56 -0
  67. package/dist/env.d.ts +7 -0
  68. package/dist/env.js +6 -0
  69. package/dist/errors.d.ts +4 -3
  70. package/dist/headers.cjs +28 -2
  71. package/dist/headers.d.ts +25 -1
  72. package/dist/headers.js +9 -3
  73. package/dist/{index-DkaLJFn8.d.ts → index-CSyIJmCM.d.ts} +373 -45
  74. package/dist/index.cjs +1128 -483
  75. package/dist/index.d.ts +6 -10
  76. package/dist/index.js +83 -42
  77. package/dist/jose.cjs +62 -25
  78. package/dist/jose.d.ts +7 -5
  79. package/dist/jose.js +8 -6
  80. package/dist/logger.cjs +292 -0
  81. package/dist/logger.d.ts +8 -0
  82. package/dist/logger.js +8 -0
  83. package/dist/oauth/bitbucket.cjs +19 -15
  84. package/dist/oauth/bitbucket.d.ts +3 -2
  85. package/dist/oauth/bitbucket.js +1 -1
  86. package/dist/oauth/discord.cjs +27 -24
  87. package/dist/oauth/discord.d.ts +3 -2
  88. package/dist/oauth/discord.js +1 -1
  89. package/dist/oauth/figma.cjs +19 -16
  90. package/dist/oauth/figma.d.ts +3 -2
  91. package/dist/oauth/figma.js +1 -1
  92. package/dist/oauth/github.cjs +19 -8
  93. package/dist/oauth/github.d.ts +3 -2
  94. package/dist/oauth/github.js +1 -1
  95. package/dist/oauth/gitlab.cjs +19 -16
  96. package/dist/oauth/gitlab.d.ts +3 -2
  97. package/dist/oauth/gitlab.js +1 -1
  98. package/dist/oauth/index.cjs +266 -166
  99. package/dist/oauth/index.d.ts +3 -2
  100. package/dist/oauth/index.js +22 -21
  101. package/dist/oauth/mailchimp.cjs +19 -16
  102. package/dist/oauth/mailchimp.d.ts +3 -2
  103. package/dist/oauth/mailchimp.js +1 -1
  104. package/dist/oauth/pinterest.cjs +19 -16
  105. package/dist/oauth/pinterest.d.ts +3 -2
  106. package/dist/oauth/pinterest.js +1 -1
  107. package/dist/oauth/spotify.cjs +19 -16
  108. package/dist/oauth/spotify.d.ts +3 -2
  109. package/dist/oauth/spotify.js +1 -1
  110. package/dist/oauth/strava.cjs +19 -16
  111. package/dist/oauth/strava.d.ts +3 -2
  112. package/dist/oauth/strava.js +1 -1
  113. package/dist/oauth/x.cjs +19 -16
  114. package/dist/oauth/x.d.ts +3 -2
  115. package/dist/oauth/x.js +1 -1
  116. package/dist/schemas.cjs +16 -2
  117. package/dist/schemas.d.ts +17 -1
  118. package/dist/schemas.js +5 -3
  119. package/dist/secure.cjs +58 -16
  120. package/dist/secure.d.ts +4 -10
  121. package/dist/secure.js +5 -5
  122. package/dist/utils.cjs +94 -87
  123. package/dist/utils.d.ts +9 -39
  124. package/dist/utils.js +11 -9
  125. package/package.json +3 -4
  126. package/dist/chunk-42XB3YCW.js +0 -22
  127. package/dist/chunk-6R2YZ4AC.js +0 -22
  128. package/dist/chunk-A3N4PVAT.js +0 -70
  129. package/dist/chunk-B737EUJV.js +0 -22
  130. package/dist/chunk-CXLATHS5.js +0 -143
  131. package/dist/chunk-DIVDFNAP.js +0 -0
  132. package/dist/chunk-E3OXBRYF.js +0 -22
  133. package/dist/chunk-EIL2FPSS.js +0 -22
  134. package/dist/chunk-EMKJA2GJ.js +0 -89
  135. package/dist/chunk-FIPU4MLT.js +0 -21
  136. package/dist/chunk-FKRDCWBF.js +0 -22
  137. package/dist/chunk-HP34YGGJ.js +0 -22
  138. package/dist/chunk-IKHPGFCW.js +0 -14
  139. package/dist/chunk-IUYZQTJV.js +0 -30
  140. package/dist/chunk-KRNOMBXQ.js +0 -22
  141. package/dist/chunk-KSWLO5ZU.js +0 -102
  142. package/dist/chunk-N4SX7TZT.js +0 -96
  143. package/dist/chunk-STHEPPUZ.js +0 -11
package/dist/utils.cjs CHANGED
@@ -20,12 +20,13 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
20
20
  // src/utils.ts
21
21
  var utils_exports = {};
22
22
  __export(utils_exports, {
23
+ createErrorHandler: () => createErrorHandler,
24
+ createStructuredData: () => createStructuredData,
23
25
  equals: () => equals,
26
+ extractPath: () => extractPath,
24
27
  formatZodError: () => formatZodError,
25
- getNormalizedOriginPath: () => getNormalizedOriginPath,
26
- isValidRelativePath: () => isValidRelativePath,
27
- onErrorHandler: () => onErrorHandler,
28
- sanitizeURL: () => sanitizeURL,
28
+ getBaseURL: () => getBaseURL,
29
+ getErrorName: () => getErrorName,
29
30
  toCastCase: () => toCastCase,
30
31
  toISOString: () => toISOString,
31
32
  toSnakeCase: () => toSnakeCase,
@@ -95,89 +96,77 @@ var equals = (a, b) => {
95
96
  if (a === null || b === null || a === void 0 || b === void 0) return false;
96
97
  return a === b;
97
98
  };
98
- var sanitizeURL = (url) => {
99
- try {
100
- let decodedURL = decodeURIComponent(url).trim();
101
- const protocolMatch = decodedURL.match(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)/);
102
- let protocol = "";
103
- let rest = decodedURL;
104
- if (protocolMatch) {
105
- protocol = protocolMatch[1];
106
- rest = decodedURL.slice(protocol.length);
107
- const slashIndex = rest.indexOf("/");
108
- if (slashIndex === -1) {
109
- return protocol + rest;
110
- }
111
- const domain = rest.slice(0, slashIndex);
112
- let path = rest.slice(slashIndex).replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
113
- if (path !== "/" && path.endsWith("/")) {
114
- path = path.replace(/\/+$/, "/");
115
- } else if (path !== "/") {
116
- path = path.replace(/\/+$/, "");
117
- }
118
- return protocol + domain + path;
99
+ var createErrorHandler = (logger) => {
100
+ return (error) => {
101
+ if ((0, import_router.isRouterError)(error)) {
102
+ const { message, status, statusText } = error;
103
+ logger?.log("ROUTER_INTERNAL_ERROR");
104
+ return Response.json({ type: "ROUTER_ERROR", code: "ROUTER_INTERNAL_ERROR", message }, { status, statusText });
119
105
  }
120
- let sanitized = decodedURL.replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
121
- if (sanitized !== "/" && sanitized.endsWith("/")) {
122
- sanitized = sanitized.replace(/\/+$/, "/");
123
- } else if (sanitized !== "/") {
124
- sanitized = sanitized.replace(/\/+$/, "");
106
+ if ((0, import_router.isInvalidZodSchemaError)(error)) {
107
+ logger?.log("INVALID_REQUEST");
108
+ return Response.json({ type: "ROUTER_ERROR", code: "INVALID_REQUEST", message: error.errors }, { status: 422 });
125
109
  }
126
- return sanitized;
127
- } catch {
128
- return url.trim();
129
- }
130
- };
131
- var isValidRelativePath = (path) => {
132
- if (!path || typeof path !== "string") return false;
133
- if (!path.startsWith("/") || path.includes("://") || path.includes("\r") || path.includes("\n")) return false;
134
- if (/[\x00-\x1F\x7F]/.test(path) || path.includes("\0")) return false;
135
- const sanitized = sanitizeURL(path);
136
- if (sanitized.includes("..")) return false;
137
- return true;
138
- };
139
- var onErrorHandler = (error) => {
140
- if ((0, import_router.isRouterError)(error)) {
141
- const { message, status, statusText } = error;
142
- return Response.json({ type: "ROUTER_ERROR", code: "ROUTER_INTERNAL_ERROR", message }, { status, statusText });
143
- }
144
- if ((0, import_router.isInvalidZodSchemaError)(error)) {
145
- return Response.json({ type: "ROUTER_ERROR", code: "INVALID_REQUEST", message: error.errors }, { status: 422 });
146
- }
147
- if (isOAuthProtocolError(error)) {
148
- const { error: errorCode, message, type, errorURI } = error;
149
- return Response.json(
150
- {
151
- type,
152
- error: errorCode,
153
- error_description: message,
154
- error_uri: errorURI
155
- },
156
- { status: 400 }
157
- );
158
- }
159
- if (isAuthInternalError(error) || isAuthSecurityError(error)) {
160
- const { type, code, message } = error;
110
+ if (isOAuthProtocolError(error)) {
111
+ const { error: errorCode, message, type, errorURI } = error;
112
+ logger?.log("OAUTH_PROTOCOL_ERROR", {
113
+ structuredData: {
114
+ error: errorCode,
115
+ error_description: message,
116
+ error_uri: errorURI ?? ""
117
+ }
118
+ });
119
+ return Response.json(
120
+ {
121
+ type,
122
+ message
123
+ },
124
+ { status: 400 }
125
+ );
126
+ }
127
+ if (isAuthInternalError(error)) {
128
+ const { type, code, message } = error;
129
+ logger?.log("INVALID_OAUTH_CONFIGURATION", {
130
+ structuredData: {
131
+ error: code,
132
+ error_description: message
133
+ }
134
+ });
135
+ return Response.json(
136
+ {
137
+ type,
138
+ message
139
+ },
140
+ { status: 400 }
141
+ );
142
+ }
143
+ if (isAuthSecurityError(error)) {
144
+ const { type, code, message } = error;
145
+ logger?.log("INVALID_OAUTH_CONFIGURATION", {
146
+ structuredData: {
147
+ error: code,
148
+ error_description: message
149
+ }
150
+ });
151
+ return Response.json(
152
+ {
153
+ type,
154
+ code,
155
+ message
156
+ },
157
+ { status: 400 }
158
+ );
159
+ }
160
+ logger?.log("SERVER_ERROR");
161
161
  return Response.json(
162
- {
163
- type,
164
- code,
165
- message
166
- },
167
- { status: 400 }
162
+ { type: "SERVER_ERROR", code: "SERVER_ERROR", message: "An unexpected error occurred" },
163
+ { status: 500 }
168
164
  );
169
- }
170
- return Response.json({ type: "SERVER_ERROR", code: "server_error", message: "An unexpected error occurred" }, { status: 500 });
171
- };
172
- var getNormalizedOriginPath = (path) => {
173
- try {
174
- const url = new URL(path);
175
- url.hash = "";
176
- url.search = "";
177
- return `${url.origin}${url.pathname}`;
178
- } catch {
179
- return sanitizeURL(path);
180
- }
165
+ };
166
+ };
167
+ var getBaseURL = (request) => {
168
+ const url = new URL(request.url);
169
+ return `${url.origin}${url.pathname}`;
181
170
  };
182
171
  var toISOString = (date) => {
183
172
  return new Date(date).toISOString();
@@ -200,14 +189,32 @@ var formatZodError = (error) => {
200
189
  };
201
190
  }, {});
202
191
  };
192
+ var extractPath = (url) => {
193
+ const pathRegex = /^https?:\/\/[a-zA-Z0-9_\-\.]+(:\d+)?(\/.*)$/;
194
+ const match = url.match(pathRegex);
195
+ return match && match[2] ? match[2] : "/";
196
+ };
197
+ var createStructuredData = (data, sdID = "metadata") => {
198
+ const entries = Object.entries(data);
199
+ if (entries.length === 0) return `[${sdID}]`;
200
+ const values = entries.map(([key, value]) => `${key}="${String(value).replace(/(["\\\]])/g, "\\$1")}"`).join(" ");
201
+ return `[${sdID} ${values}]`;
202
+ };
203
+ var getErrorName = (error) => {
204
+ if (error instanceof Error) {
205
+ return error.name;
206
+ }
207
+ return typeof error === "string" ? error : "UnknownError";
208
+ };
203
209
  // Annotate the CommonJS export names for ESM import in node:
204
210
  0 && (module.exports = {
211
+ createErrorHandler,
212
+ createStructuredData,
205
213
  equals,
214
+ extractPath,
206
215
  formatZodError,
207
- getNormalizedOriginPath,
208
- isValidRelativePath,
209
- onErrorHandler,
210
- sanitizeURL,
216
+ getBaseURL,
217
+ getErrorName,
211
218
  toCastCase,
212
219
  toISOString,
213
220
  toSnakeCase,
package/dist/utils.d.ts CHANGED
@@ -1,54 +1,24 @@
1
1
  import { RouterConfig } from '@aura-stack/router';
2
- import { i as APIErrorMap } from './index-DkaLJFn8.js';
3
2
  import { ZodError } from 'zod';
3
+ import { I as InternalLogger, j as APIErrorMap } from './index-CSyIJmCM.js';
4
4
  import './schemas.js';
5
- import '@aura-stack/router/cookie';
5
+ import './jose.js';
6
6
  import '@aura-stack/jose';
7
7
  import '@aura-stack/jose/jose';
8
+ import '@aura-stack/router/cookie';
8
9
  import './@types/utility.js';
9
10
 
10
11
  declare const toSnakeCase: (str: string) => string;
11
12
  declare const toUpperCase: (str: string) => string;
12
13
  declare const toCastCase: <Obj extends Record<string, string>, Type extends "snake" | "upper">(obj: Obj, type?: Type) => Type extends "snake" ? { [K in keyof Obj as `${string & K}`]: Obj[K]; } : { [K in keyof Obj as Uppercase<string & K>]: Obj[K]; };
13
14
  declare const equals: (a: string | number | undefined | null, b: string | number | undefined | null) => boolean;
14
- /**
15
- * Sanitizes a URL by removing dangerous patterns that could be used for path traversal
16
- * or other attacks. This function:
17
- * - Decodes URL-encoded characters
18
- * - Removes multiple consecutive slashes (preserving protocol slashes)
19
- * - Removes path traversal patterns (..)
20
- * - Removes trailing slashes (except root)
21
- * - Trims whitespace
22
- *
23
- * @param url - The URL or path to sanitize
24
- * @returns The sanitized URL or path
25
- */
26
- declare const sanitizeURL: (url: string) => string;
27
- /**
28
- * Validates that a path is a safe relative path to prevent open redirect attacks.
29
- * A safe relative path must:
30
- * - Start with '/'
31
- * - Not contain protocol schemes (://)
32
- * - Not contain newline characters
33
- * - Not contain null bytes
34
- * - Not be an absolute URL
35
- *
36
- * @param path - The path to validate
37
- * @returns true if the path is safe, false otherwise
38
- */
39
- declare const isValidRelativePath: (path: string | undefined | null) => boolean;
40
- declare const onErrorHandler: RouterConfig["onError"];
41
- /**
42
- * Extracts and normalizes the origin and pathname from a URL string.
43
- * Removes query parameters and hash fragments for a clean path.
44
- * Falls back to the original string if URL parsing fails.
45
- *
46
- * @param path - The URL or path string to process
47
- * @returns The normalized URL with origin and pathname, or the original path
48
- */
49
- declare const getNormalizedOriginPath: (path: string) => string;
15
+ declare const createErrorHandler: (logger?: InternalLogger) => RouterConfig["onError"];
16
+ declare const getBaseURL: (request: Request) => string;
50
17
  declare const toISOString: (date: Date | string | number) => string;
51
18
  declare const useSecureCookies: (request: Request, trustedProxyHeaders: boolean) => boolean;
52
19
  declare const formatZodError: <T extends Record<string, unknown> = Record<string, unknown>>(error: ZodError<T>) => APIErrorMap;
20
+ declare const extractPath: (url: string) => string;
21
+ declare const createStructuredData: (data: Record<string, string | number | boolean>, sdID?: string) => string;
22
+ declare const getErrorName: (error: unknown) => string;
53
23
 
54
- export { equals, formatZodError, getNormalizedOriginPath, isValidRelativePath, onErrorHandler, sanitizeURL, toCastCase, toISOString, toSnakeCase, toUpperCase, useSecureCookies };
24
+ export { createErrorHandler, createStructuredData, equals, extractPath, formatZodError, getBaseURL, getErrorName, toCastCase, toISOString, toSnakeCase, toUpperCase, useSecureCookies };
package/dist/utils.js CHANGED
@@ -1,24 +1,26 @@
1
1
  import {
2
+ createErrorHandler,
3
+ createStructuredData,
2
4
  equals,
5
+ extractPath,
3
6
  formatZodError,
4
- getNormalizedOriginPath,
5
- isValidRelativePath,
6
- onErrorHandler,
7
- sanitizeURL,
7
+ getBaseURL,
8
+ getErrorName,
8
9
  toCastCase,
9
10
  toISOString,
10
11
  toSnakeCase,
11
12
  toUpperCase,
12
13
  useSecureCookies
13
- } from "./chunk-CXLATHS5.js";
14
+ } from "./chunk-QQVSRXGX.js";
14
15
  import "./chunk-RRLIF4PQ.js";
15
16
  export {
17
+ createErrorHandler,
18
+ createStructuredData,
16
19
  equals,
20
+ extractPath,
17
21
  formatZodError,
18
- getNormalizedOriginPath,
19
- isValidRelativePath,
20
- onErrorHandler,
21
- sanitizeURL,
22
+ getBaseURL,
23
+ getErrorName,
22
24
  toCastCase,
23
25
  toISOString,
24
26
  toSnakeCase,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aura-stack/auth",
3
- "version": "0.4.0-rc.4",
3
+ "version": "0.4.0",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "description": "Core auth for @aura-stack/auth",
@@ -44,10 +44,9 @@
44
44
  },
45
45
  "license": "MIT",
46
46
  "dependencies": {
47
- "@aura-stack/router": "0.6.0-rc.1",
48
- "dotenv": "^17.2.3",
47
+ "@aura-stack/router": "^0.5.0",
49
48
  "zod": "^4.3.5",
50
- "@aura-stack/jose": "0.2.0"
49
+ "@aura-stack/jose": "0.3.0"
51
50
  },
52
51
  "devDependencies": {
53
52
  "@types/node": "^24.9.2",
@@ -1,22 +0,0 @@
1
- // src/oauth/x.ts
2
- var x = {
3
- id: "x",
4
- name: "X",
5
- authorizeURL: "https://x.com/i/oauth2/authorize",
6
- accessToken: "https://api.x.com/2/oauth2/token",
7
- userInfo: "https://api.x.com/2/users/me?user.fields=profile_image_url",
8
- scope: "users.read users.email tweet.read offline.access",
9
- responseType: "code",
10
- profile({ data }) {
11
- return {
12
- sub: data.id,
13
- name: data.name,
14
- image: data.profile_image_url,
15
- email: ""
16
- };
17
- }
18
- };
19
-
20
- export {
21
- x
22
- };
@@ -1,22 +0,0 @@
1
- // src/oauth/strava.ts
2
- var strava = {
3
- id: "strava",
4
- name: "Strava",
5
- authorizeURL: "https://www.strava.com/oauth/authorize",
6
- accessToken: "https://www.strava.com/oauth/token",
7
- userInfo: "https://www.strava.com/api/v3/athlete",
8
- scope: "read",
9
- responseType: "code",
10
- profile(profile) {
11
- return {
12
- sub: profile.id.toString(),
13
- name: `${profile.firstname} ${profile.lastname}`,
14
- image: profile.profile,
15
- email: ""
16
- };
17
- }
18
- };
19
-
20
- export {
21
- strava
22
- };
@@ -1,70 +0,0 @@
1
- import {
2
- createRedirectTo
3
- } from "./chunk-N4SX7TZT.js";
4
- import {
5
- expiredCookieAttributes
6
- } from "./chunk-W6LG7BFW.js";
7
- import {
8
- cacheControl
9
- } from "./chunk-STHEPPUZ.js";
10
- import {
11
- verifyCSRF
12
- } from "./chunk-N2APGLXA.js";
13
- import {
14
- getNormalizedOriginPath
15
- } from "./chunk-CXLATHS5.js";
16
- import {
17
- AuthSecurityError
18
- } from "./chunk-RRLIF4PQ.js";
19
-
20
- // src/actions/signOut/signOut.ts
21
- import { z } from "zod";
22
- import { createEndpoint, createEndpointConfig, HeadersBuilder, statusCode } from "@aura-stack/router";
23
- var config = createEndpointConfig({
24
- schemas: {
25
- searchParams: z.object({
26
- token_type_hint: z.literal("session_token"),
27
- redirectTo: z.string().optional()
28
- })
29
- }
30
- });
31
- var signOutAction = createEndpoint(
32
- "POST",
33
- "/signOut",
34
- async (ctx) => {
35
- const {
36
- request,
37
- headers,
38
- searchParams: { redirectTo },
39
- context: { jose, cookies }
40
- } = ctx;
41
- const session = headers.getCookie(cookies.sessionToken.name);
42
- const csrfToken = headers.getCookie(cookies.csrfToken.name);
43
- const header = headers.getHeader("X-CSRF-Token");
44
- if (!session) {
45
- throw new AuthSecurityError("SESSION_TOKEN_MISSING", "The sessionToken is missing.");
46
- }
47
- if (!csrfToken) {
48
- throw new AuthSecurityError("CSRF_TOKEN_MISSING", "The CSRF token is missing.");
49
- }
50
- if (!header) {
51
- throw new AuthSecurityError("CSRF_TOKEN_MISSING", "The CSRF header is missing.");
52
- }
53
- await verifyCSRF(jose, csrfToken, header);
54
- await jose.decodeJWT(session);
55
- const normalizedOriginPath = getNormalizedOriginPath(request.url);
56
- const location = createRedirectTo(
57
- new Request(normalizedOriginPath, {
58
- headers: headers.toHeaders()
59
- }),
60
- redirectTo
61
- );
62
- const headersList = new HeadersBuilder(cacheControl).setHeader("Location", location).setCookie(cookies.csrfToken.name, "", expiredCookieAttributes).setCookie(cookies.sessionToken.name, "", expiredCookieAttributes).toHeaders();
63
- return Response.json({ message: "Signed out successfully" }, { status: statusCode.ACCEPTED, headers: headersList });
64
- },
65
- config
66
- );
67
-
68
- export {
69
- signOutAction
70
- };
@@ -1,22 +0,0 @@
1
- // src/oauth/mailchimp.ts
2
- var mailchimp = {
3
- id: "mailchimp",
4
- name: "Mailchimp",
5
- authorizeURL: "https://login.mailchimp.com/oauth2/authorize",
6
- accessToken: "https://login.mailchimp.com/oauth2/token",
7
- userInfo: "https://login.mailchimp.com/oauth2/metadata",
8
- scope: "",
9
- responseType: "code",
10
- profile(profile) {
11
- return {
12
- sub: profile.user_id,
13
- name: profile.accountname,
14
- email: profile.login.login_email,
15
- image: null
16
- };
17
- }
18
- };
19
-
20
- export {
21
- mailchimp
22
- };
@@ -1,143 +0,0 @@
1
- import {
2
- isAuthInternalError,
3
- isAuthSecurityError,
4
- isOAuthProtocolError
5
- } from "./chunk-RRLIF4PQ.js";
6
-
7
- // src/utils.ts
8
- import { isInvalidZodSchemaError, isRouterError } from "@aura-stack/router";
9
- var toSnakeCase = (str) => {
10
- return str.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2").toLowerCase().replace(/^_+/, "");
11
- };
12
- var toUpperCase = (str) => {
13
- return str.toUpperCase();
14
- };
15
- var toCastCase = (obj, type = "snake") => {
16
- return Object.entries(obj).reduce((previous, [key, value]) => {
17
- const newKey = type === "snake" ? toSnakeCase(key) : toUpperCase(key);
18
- return { ...previous, [newKey]: value };
19
- }, {});
20
- };
21
- var equals = (a, b) => {
22
- if (a === null || b === null || a === void 0 || b === void 0) return false;
23
- return a === b;
24
- };
25
- var sanitizeURL = (url) => {
26
- try {
27
- let decodedURL = decodeURIComponent(url).trim();
28
- const protocolMatch = decodedURL.match(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)/);
29
- let protocol = "";
30
- let rest = decodedURL;
31
- if (protocolMatch) {
32
- protocol = protocolMatch[1];
33
- rest = decodedURL.slice(protocol.length);
34
- const slashIndex = rest.indexOf("/");
35
- if (slashIndex === -1) {
36
- return protocol + rest;
37
- }
38
- const domain = rest.slice(0, slashIndex);
39
- let path = rest.slice(slashIndex).replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
40
- if (path !== "/" && path.endsWith("/")) {
41
- path = path.replace(/\/+$/, "/");
42
- } else if (path !== "/") {
43
- path = path.replace(/\/+$/, "");
44
- }
45
- return protocol + domain + path;
46
- }
47
- let sanitized = decodedURL.replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
48
- if (sanitized !== "/" && sanitized.endsWith("/")) {
49
- sanitized = sanitized.replace(/\/+$/, "/");
50
- } else if (sanitized !== "/") {
51
- sanitized = sanitized.replace(/\/+$/, "");
52
- }
53
- return sanitized;
54
- } catch {
55
- return url.trim();
56
- }
57
- };
58
- var isValidRelativePath = (path) => {
59
- if (!path || typeof path !== "string") return false;
60
- if (!path.startsWith("/") || path.includes("://") || path.includes("\r") || path.includes("\n")) return false;
61
- if (/[\x00-\x1F\x7F]/.test(path) || path.includes("\0")) return false;
62
- const sanitized = sanitizeURL(path);
63
- if (sanitized.includes("..")) return false;
64
- return true;
65
- };
66
- var onErrorHandler = (error) => {
67
- if (isRouterError(error)) {
68
- const { message, status, statusText } = error;
69
- return Response.json({ type: "ROUTER_ERROR", code: "ROUTER_INTERNAL_ERROR", message }, { status, statusText });
70
- }
71
- if (isInvalidZodSchemaError(error)) {
72
- return Response.json({ type: "ROUTER_ERROR", code: "INVALID_REQUEST", message: error.errors }, { status: 422 });
73
- }
74
- if (isOAuthProtocolError(error)) {
75
- const { error: errorCode, message, type, errorURI } = error;
76
- return Response.json(
77
- {
78
- type,
79
- error: errorCode,
80
- error_description: message,
81
- error_uri: errorURI
82
- },
83
- { status: 400 }
84
- );
85
- }
86
- if (isAuthInternalError(error) || isAuthSecurityError(error)) {
87
- const { type, code, message } = error;
88
- return Response.json(
89
- {
90
- type,
91
- code,
92
- message
93
- },
94
- { status: 400 }
95
- );
96
- }
97
- return Response.json({ type: "SERVER_ERROR", code: "server_error", message: "An unexpected error occurred" }, { status: 500 });
98
- };
99
- var getNormalizedOriginPath = (path) => {
100
- try {
101
- const url = new URL(path);
102
- url.hash = "";
103
- url.search = "";
104
- return `${url.origin}${url.pathname}`;
105
- } catch {
106
- return sanitizeURL(path);
107
- }
108
- };
109
- var toISOString = (date) => {
110
- return new Date(date).toISOString();
111
- };
112
- var useSecureCookies = (request, trustedProxyHeaders) => {
113
- return trustedProxyHeaders ? request.url.startsWith("https://") || request.headers.get("X-Forwarded-Proto") === "https" || (request.headers.get("Forwarded")?.includes("proto=https") ?? false) : request.url.startsWith("https://");
114
- };
115
- var formatZodError = (error) => {
116
- if (!error.issues || error.issues.length === 0) {
117
- return {};
118
- }
119
- return error.issues.reduce((previous, issue) => {
120
- const key = issue.path.join(".");
121
- return {
122
- ...previous,
123
- [key]: {
124
- code: issue.code,
125
- message: issue.message
126
- }
127
- };
128
- }, {});
129
- };
130
-
131
- export {
132
- toSnakeCase,
133
- toUpperCase,
134
- toCastCase,
135
- equals,
136
- sanitizeURL,
137
- isValidRelativePath,
138
- onErrorHandler,
139
- getNormalizedOriginPath,
140
- toISOString,
141
- useSecureCookies,
142
- formatZodError
143
- };
File without changes
@@ -1,22 +0,0 @@
1
- // src/oauth/spotify.ts
2
- var spotify = {
3
- id: "spotify",
4
- name: "Spotify",
5
- authorizeURL: "https://accounts.spotify.com/authorize",
6
- accessToken: "https://accounts.spotify.com/api/token",
7
- userInfo: "https://api.spotify.com/v1/me",
8
- scope: "user-read-email user-read-private",
9
- responseType: "token",
10
- profile(profile) {
11
- return {
12
- sub: profile.id,
13
- name: profile.display_name,
14
- email: profile.email,
15
- image: profile.images?.[0]?.url
16
- };
17
- }
18
- };
19
-
20
- export {
21
- spotify
22
- };
@@ -1,22 +0,0 @@
1
- // src/assert.ts
2
- var isFalsy = (value) => {
3
- return value === false || value === 0 || value === "" || value === null || value === void 0 || Number.isNaN(value);
4
- };
5
- var isRequest = (value) => {
6
- return typeof Request !== "undefined" && value instanceof Request;
7
- };
8
- var isValidURL = (value) => {
9
- if (value.includes("\r\n") || value.includes("\n") || value.includes("\r")) return false;
10
- const regex = /^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()*+,;=:@-]*)*\/?$/;
11
- return regex.test(value);
12
- };
13
- var isJWTPayloadWithToken = (payload) => {
14
- return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
15
- };
16
-
17
- export {
18
- isFalsy,
19
- isRequest,
20
- isValidURL,
21
- isJWTPayloadWithToken
22
- };