@aura-stack/auth 0.4.0-rc.4 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. package/dist/@types/index.d.ts +4 -3
  2. package/dist/@types/router.d.cjs +0 -17
  3. package/dist/@types/router.d.d.ts +3 -2
  4. package/dist/@types/router.d.js +0 -1
  5. package/dist/actions/callback/access-token.cjs +40 -25
  6. package/dist/actions/callback/access-token.d.ts +4 -3
  7. package/dist/actions/callback/access-token.js +3 -4
  8. package/dist/actions/callback/callback.cjs +287 -77
  9. package/dist/actions/callback/callback.d.ts +5 -26
  10. package/dist/actions/callback/callback.js +13 -10
  11. package/dist/actions/callback/userinfo.cjs +68 -7
  12. package/dist/actions/callback/userinfo.d.ts +4 -3
  13. package/dist/actions/callback/userinfo.js +8 -6
  14. package/dist/actions/csrfToken/csrfToken.cjs +63 -4
  15. package/dist/actions/csrfToken/csrfToken.d.ts +1 -3
  16. package/dist/actions/csrfToken/csrfToken.js +8 -6
  17. package/dist/actions/index.cjs +400 -175
  18. package/dist/actions/index.d.ts +3 -2
  19. package/dist/actions/index.js +21 -19
  20. package/dist/actions/session/session.cjs +40 -11
  21. package/dist/actions/session/session.d.ts +1 -3
  22. package/dist/actions/session/session.js +4 -4
  23. package/dist/actions/signIn/authorization.cjs +171 -132
  24. package/dist/actions/signIn/authorization.d.ts +21 -11
  25. package/dist/actions/signIn/authorization.js +8 -6
  26. package/dist/actions/signIn/signIn.cjs +220 -113
  27. package/dist/actions/signIn/signIn.d.ts +5 -25
  28. package/dist/actions/signIn/signIn.js +9 -7
  29. package/dist/actions/signOut/signOut.cjs +268 -119
  30. package/dist/actions/signOut/signOut.d.ts +1 -9
  31. package/dist/actions/signOut/signOut.js +10 -8
  32. package/dist/assert.cjs +117 -5
  33. package/dist/assert.d.ts +22 -3
  34. package/dist/assert.js +17 -3
  35. package/dist/chunk-4EKY7655.js +123 -0
  36. package/dist/chunk-4MYWAOLG.js +31 -0
  37. package/dist/chunk-4YHJ4IEQ.js +25 -0
  38. package/dist/chunk-54CZPKR4.js +25 -0
  39. package/dist/chunk-5LZ7TOM3.js +25 -0
  40. package/dist/{chunk-W6LG7BFW.js → chunk-5W4BRQYG.js} +24 -20
  41. package/dist/chunk-6MXFPFR3.js +143 -0
  42. package/dist/{chunk-3EUWD5BB.js → chunk-7QF22LHP.js} +13 -9
  43. package/dist/chunk-ALG3GIV4.js +95 -0
  44. package/dist/chunk-E6G5YCI6.js +25 -0
  45. package/dist/chunk-EBAMFRB7.js +34 -0
  46. package/dist/chunk-EEE7UM5T.js +25 -0
  47. package/dist/{chunk-TLE4PXY3.js → chunk-FRJFWTOY.js} +38 -7
  48. package/dist/chunk-FW4W3REU.js +25 -0
  49. package/dist/{chunk-HT4YLL7N.js → chunk-ICAZ4OVS.js} +10 -8
  50. package/dist/chunk-IPKO6UQN.js +25 -0
  51. package/dist/{chunk-YRCB5FLE.js → chunk-KJBAQZX2.js} +13 -0
  52. package/dist/chunk-KMMAZFSJ.js +25 -0
  53. package/dist/chunk-LDU7A2JE.js +25 -0
  54. package/dist/{chunk-N2APGLXA.js → chunk-NUDITUKX.js} +18 -16
  55. package/dist/chunk-OVHNRULD.js +33 -0
  56. package/dist/{chunk-JVFTCTTE.js → chunk-PHFH2MGS.js} +12 -9
  57. package/dist/chunk-QQVSRXGX.js +149 -0
  58. package/dist/chunk-TM5IPSNF.js +113 -0
  59. package/dist/{chunk-GA2SMTJO.js → chunk-TZB6MUXN.js} +33 -13
  60. package/dist/chunk-VNCNJKS2.js +267 -0
  61. package/dist/{chunk-IVET23KF.js → chunk-XGLBNXL4.js} +31 -14
  62. package/dist/chunk-XUP6KKNG.js +106 -0
  63. package/dist/cookie.cjs +24 -20
  64. package/dist/cookie.d.ts +4 -3
  65. package/dist/cookie.js +1 -1
  66. package/dist/env.cjs +56 -0
  67. package/dist/env.d.ts +7 -0
  68. package/dist/env.js +6 -0
  69. package/dist/errors.d.ts +4 -3
  70. package/dist/headers.cjs +28 -2
  71. package/dist/headers.d.ts +25 -1
  72. package/dist/headers.js +9 -3
  73. package/dist/{index-DkaLJFn8.d.ts → index-CSyIJmCM.d.ts} +373 -45
  74. package/dist/index.cjs +1128 -483
  75. package/dist/index.d.ts +6 -10
  76. package/dist/index.js +83 -42
  77. package/dist/jose.cjs +62 -25
  78. package/dist/jose.d.ts +7 -5
  79. package/dist/jose.js +8 -6
  80. package/dist/logger.cjs +292 -0
  81. package/dist/logger.d.ts +8 -0
  82. package/dist/logger.js +8 -0
  83. package/dist/oauth/bitbucket.cjs +19 -15
  84. package/dist/oauth/bitbucket.d.ts +3 -2
  85. package/dist/oauth/bitbucket.js +1 -1
  86. package/dist/oauth/discord.cjs +27 -24
  87. package/dist/oauth/discord.d.ts +3 -2
  88. package/dist/oauth/discord.js +1 -1
  89. package/dist/oauth/figma.cjs +19 -16
  90. package/dist/oauth/figma.d.ts +3 -2
  91. package/dist/oauth/figma.js +1 -1
  92. package/dist/oauth/github.cjs +19 -8
  93. package/dist/oauth/github.d.ts +3 -2
  94. package/dist/oauth/github.js +1 -1
  95. package/dist/oauth/gitlab.cjs +19 -16
  96. package/dist/oauth/gitlab.d.ts +3 -2
  97. package/dist/oauth/gitlab.js +1 -1
  98. package/dist/oauth/index.cjs +266 -166
  99. package/dist/oauth/index.d.ts +3 -2
  100. package/dist/oauth/index.js +22 -21
  101. package/dist/oauth/mailchimp.cjs +19 -16
  102. package/dist/oauth/mailchimp.d.ts +3 -2
  103. package/dist/oauth/mailchimp.js +1 -1
  104. package/dist/oauth/pinterest.cjs +19 -16
  105. package/dist/oauth/pinterest.d.ts +3 -2
  106. package/dist/oauth/pinterest.js +1 -1
  107. package/dist/oauth/spotify.cjs +19 -16
  108. package/dist/oauth/spotify.d.ts +3 -2
  109. package/dist/oauth/spotify.js +1 -1
  110. package/dist/oauth/strava.cjs +19 -16
  111. package/dist/oauth/strava.d.ts +3 -2
  112. package/dist/oauth/strava.js +1 -1
  113. package/dist/oauth/x.cjs +19 -16
  114. package/dist/oauth/x.d.ts +3 -2
  115. package/dist/oauth/x.js +1 -1
  116. package/dist/schemas.cjs +16 -2
  117. package/dist/schemas.d.ts +17 -1
  118. package/dist/schemas.js +5 -3
  119. package/dist/secure.cjs +58 -16
  120. package/dist/secure.d.ts +4 -10
  121. package/dist/secure.js +5 -5
  122. package/dist/utils.cjs +94 -87
  123. package/dist/utils.d.ts +9 -39
  124. package/dist/utils.js +11 -9
  125. package/package.json +3 -4
  126. package/dist/chunk-42XB3YCW.js +0 -22
  127. package/dist/chunk-6R2YZ4AC.js +0 -22
  128. package/dist/chunk-A3N4PVAT.js +0 -70
  129. package/dist/chunk-B737EUJV.js +0 -22
  130. package/dist/chunk-CXLATHS5.js +0 -143
  131. package/dist/chunk-DIVDFNAP.js +0 -0
  132. package/dist/chunk-E3OXBRYF.js +0 -22
  133. package/dist/chunk-EIL2FPSS.js +0 -22
  134. package/dist/chunk-EMKJA2GJ.js +0 -89
  135. package/dist/chunk-FIPU4MLT.js +0 -21
  136. package/dist/chunk-FKRDCWBF.js +0 -22
  137. package/dist/chunk-HP34YGGJ.js +0 -22
  138. package/dist/chunk-IKHPGFCW.js +0 -14
  139. package/dist/chunk-IUYZQTJV.js +0 -30
  140. package/dist/chunk-KRNOMBXQ.js +0 -22
  141. package/dist/chunk-KSWLO5ZU.js +0 -102
  142. package/dist/chunk-N4SX7TZT.js +0 -96
  143. package/dist/chunk-STHEPPUZ.js +0 -11
@@ -71,6 +71,38 @@ var isOAuthProtocolError = (error) => {
71
71
  return error instanceof OAuthProtocolError;
72
72
  };
73
73
 
74
+ // src/env.ts
75
+ var import_meta = {};
76
+ var env = new Proxy({}, {
77
+ get(_, prop) {
78
+ if (typeof prop !== "string") return void 0;
79
+ const hasProperty = (process2) => {
80
+ return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
81
+ };
82
+ try {
83
+ if (typeof process !== "undefined" && hasProperty(process.env)) {
84
+ return process.env[prop];
85
+ }
86
+ if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
87
+ return import_meta.env[prop];
88
+ }
89
+ if (typeof Deno !== "undefined" && Deno.env?.get) {
90
+ return Deno.env.get(prop);
91
+ }
92
+ if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
93
+ return Bun.env[prop];
94
+ }
95
+ const globalValue = globalThis[prop];
96
+ return typeof globalValue === "string" ? globalValue : void 0;
97
+ } catch {
98
+ return void 0;
99
+ }
100
+ }
101
+ });
102
+
103
+ // src/jose.ts
104
+ var import_jose = require("@aura-stack/jose");
105
+
74
106
  // src/secure.ts
75
107
  var generateSecure = (length = 32) => {
76
108
  return import_crypto.default.randomBytes(length).toString("base64url");
@@ -78,6 +110,18 @@ var generateSecure = (length = 32) => {
78
110
 
79
111
  // src/schemas.ts
80
112
  var import_zod = require("zod");
113
+ var OAuthProviderCredentialsSchema = (0, import_zod.object)({
114
+ id: (0, import_zod.string)(),
115
+ name: (0, import_zod.string)(),
116
+ authorizeURL: (0, import_zod.string)().url(),
117
+ accessToken: (0, import_zod.string)().url(),
118
+ scope: (0, import_zod.string)(),
119
+ userInfo: (0, import_zod.string)().url(),
120
+ responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
121
+ clientId: (0, import_zod.string)(),
122
+ clientSecret: (0, import_zod.string)(),
123
+ profile: import_zod.z.function().optional()
124
+ });
81
125
  var OAuthProviderConfigSchema = (0, import_zod.object)({
82
126
  authorizeURL: (0, import_zod.string)().url(),
83
127
  accessToken: (0, import_zod.string)().url(),
@@ -154,9 +198,14 @@ var getDefaultUserInfo = (profile) => {
154
198
  image: profile?.image ?? profile?.picture
155
199
  };
156
200
  };
157
- var getUserInfo = async (oauthConfig, accessToken) => {
201
+ var getUserInfo = async (oauthConfig, accessToken, logger) => {
158
202
  const userinfoEndpoint = oauthConfig.userInfo;
159
203
  try {
204
+ logger?.log("OAUTH_USERINFO_REQUEST_INITIATED", {
205
+ structuredData: {
206
+ endpoint: userinfoEndpoint
207
+ }
208
+ });
160
209
  const response = await fetchAsync(userinfoEndpoint, {
161
210
  method: "GET",
162
211
  headers: {
@@ -164,23 +213,35 @@ var getUserInfo = async (oauthConfig, accessToken) => {
164
213
  Authorization: `Bearer ${accessToken}`
165
214
  }
166
215
  });
216
+ if (!response.ok) {
217
+ logger?.log("OAUTH_USERINFO_INVALID_RESPONSE");
218
+ throw new OAuthProtocolError("INVALID_REQUEST", "Invalid userinfo response format");
219
+ }
167
220
  const json = await response.json();
168
221
  const { success, data } = OAuthErrorResponse.safeParse(json);
169
222
  if (success) {
170
- throw new OAuthProtocolError(
171
- data.error,
172
- data?.error_description ?? "An error occurred while fetching user information."
173
- );
223
+ logger?.log("OAUTH_USERINFO_ERROR", {
224
+ message: "Error response received from OAuth userinfo endpoint",
225
+ structuredData: {
226
+ error: data.error,
227
+ error_description: data.error_description ?? ""
228
+ }
229
+ });
230
+ throw new OAuthProtocolError("INVALID_REQUEST", "An error was received from the OAuth userinfo endpoint.");
174
231
  }
232
+ logger?.log("OAUTH_USERINFO_SUCCESS");
175
233
  return oauthConfig?.profile ? oauthConfig.profile(json) : getDefaultUserInfo(json);
176
234
  } catch (error) {
177
235
  if (isOAuthProtocolError(error)) {
178
236
  throw error;
179
237
  }
238
+ logger?.log("OAUTH_USERINFO_REQUEST_FAILED");
180
239
  if (isNativeError(error)) {
181
- throw new OAuthProtocolError("invalid_request", error.message, "", { cause: error });
240
+ throw new OAuthProtocolError("SERVER_ERROR", "Failed to fetch user information from OAuth provider", "", {
241
+ cause: error
242
+ });
182
243
  }
183
- throw new OAuthProtocolError("invalid_request", "Failed to fetch user information.", "", { cause: error });
244
+ throw new OAuthProtocolError("SERVER_ERROR", "Failed to fetch user information", "", { cause: error });
184
245
  }
185
246
  };
186
247
  // Annotate the CommonJS export names for ESM import in node:
@@ -1,9 +1,10 @@
1
- import { h as OAuthProviderCredentials, U as User } from '../../index-DkaLJFn8.js';
1
+ import { h as OAuthProviderCredentials, I as InternalLogger, U as User } from '../../index-CSyIJmCM.js';
2
2
  import 'zod';
3
3
  import '../../schemas.js';
4
- import '@aura-stack/router/cookie';
4
+ import '../../jose.js';
5
5
  import '@aura-stack/jose';
6
6
  import '@aura-stack/jose/jose';
7
+ import '@aura-stack/router/cookie';
7
8
  import '../../@types/utility.js';
8
9
 
9
10
  /**
@@ -15,6 +16,6 @@ import '../../@types/utility.js';
15
16
  * @param accessToken - Access Token to access the userinfo endpoint
16
17
  * @returns The user information retrieved from the userinfo endpoint
17
18
  */
18
- declare const getUserInfo: (oauthConfig: OAuthProviderCredentials, accessToken: string) => Promise<User>;
19
+ declare const getUserInfo: (oauthConfig: OAuthProviderCredentials, accessToken: string, logger?: InternalLogger) => Promise<User>;
19
20
 
20
21
  export { getUserInfo };
@@ -1,12 +1,14 @@
1
1
  import {
2
2
  getUserInfo
3
- } from "../../chunk-IVET23KF.js";
4
- import "../../chunk-N2APGLXA.js";
5
- import "../../chunk-CXLATHS5.js";
6
- import "../../chunk-EIL2FPSS.js";
7
- import "../../chunk-RRLIF4PQ.js";
3
+ } from "../../chunk-XGLBNXL4.js";
8
4
  import "../../chunk-ZNCZVF6U.js";
9
- import "../../chunk-YRCB5FLE.js";
5
+ import "../../chunk-KJBAQZX2.js";
6
+ import "../../chunk-NUDITUKX.js";
7
+ import "../../chunk-4EKY7655.js";
8
+ import "../../chunk-QQVSRXGX.js";
9
+ import "../../chunk-FRJFWTOY.js";
10
+ import "../../chunk-4MYWAOLG.js";
11
+ import "../../chunk-RRLIF4PQ.js";
10
12
  export {
11
13
  getUserInfo
12
14
  };
@@ -53,6 +53,42 @@ var AuthInternalError = class extends Error {
53
53
  }
54
54
  };
55
55
 
56
+ // src/env.ts
57
+ var import_meta = {};
58
+ var env = new Proxy({}, {
59
+ get(_, prop) {
60
+ if (typeof prop !== "string") return void 0;
61
+ const hasProperty = (process2) => {
62
+ return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
63
+ };
64
+ try {
65
+ if (typeof process !== "undefined" && hasProperty(process.env)) {
66
+ return process.env[prop];
67
+ }
68
+ if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
69
+ return import_meta.env[prop];
70
+ }
71
+ if (typeof Deno !== "undefined" && Deno.env?.get) {
72
+ return Deno.env.get(prop);
73
+ }
74
+ if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
75
+ return Bun.env[prop];
76
+ }
77
+ const globalValue = globalThis[prop];
78
+ return typeof globalValue === "string" ? globalValue : void 0;
79
+ } catch {
80
+ return void 0;
81
+ }
82
+ }
83
+ });
84
+
85
+ // src/jose.ts
86
+ var import_jose = require("@aura-stack/jose");
87
+ var jwtVerificationOptions = {
88
+ algorithms: ["HS256"],
89
+ typ: "JWT"
90
+ };
91
+
56
92
  // src/secure.ts
57
93
  var generateSecure = (length = 32) => {
58
94
  return import_crypto.default.randomBytes(length).toString("base64url");
@@ -61,7 +97,7 @@ var createCSRF = async (jose, csrfCookie) => {
61
97
  try {
62
98
  const token = generateSecure(32);
63
99
  if (csrfCookie) {
64
- await jose.verifyJWS(csrfCookie);
100
+ await jose.verifyJWS(csrfCookie, jwtVerificationOptions);
65
101
  return csrfCookie;
66
102
  }
67
103
  return jose.signJWS({ token });
@@ -78,6 +114,26 @@ var cacheControl = {
78
114
  Expires: "0",
79
115
  Vary: "Cookie"
80
116
  };
117
+ var contentSecurityPolicy = {
118
+ "Content-Security-Policy": [
119
+ "default-src 'none'",
120
+ "script-src 'self'",
121
+ "frame-src 'none'",
122
+ "object-src 'none'",
123
+ "frame-ancestors 'none'",
124
+ "base-uri 'none'"
125
+ ].join("; ")
126
+ };
127
+ var secureHeaders = {
128
+ "X-Content-Type-Options": "nosniff",
129
+ "X-Frame-Options": "DENY",
130
+ "Referrer-Policy": "strict-origin-when-cross-origin"
131
+ };
132
+ var secureApiHeaders = {
133
+ ...cacheControl,
134
+ ...contentSecurityPolicy,
135
+ ...secureHeaders
136
+ };
81
137
 
82
138
  // src/cookie.ts
83
139
  var import_cookie = require("@aura-stack/router/cookie");
@@ -99,7 +155,8 @@ var setCookie = (cookieName, value, options) => {
99
155
  var expiredCookieAttributes = {
100
156
  ...defaultCookieOptions,
101
157
  expires: /* @__PURE__ */ new Date(0),
102
- maxAge: 0
158
+ maxAge: 0,
159
+ secure: true
103
160
  };
104
161
  var getCookie = (request, cookieName) => {
105
162
  const cookies = request.headers.get("Cookie");
@@ -124,11 +181,13 @@ var getCSRFToken = (request, cookieName) => {
124
181
  var csrfTokenAction = (0, import_router2.createEndpoint)("GET", "/csrfToken", async (ctx) => {
125
182
  const {
126
183
  request,
127
- context: { jose, cookies }
184
+ context: { jose, cookies, logger }
128
185
  } = ctx;
129
186
  const token = getCSRFToken(request, cookies.csrfToken.name);
187
+ logger?.log("CSRF_TOKEN_REQUESTED", { structuredData: { has_token: Boolean(token) } });
130
188
  const csrfToken = await createCSRF(jose, token);
131
- const headers = new Headers(cacheControl);
189
+ logger?.log("CSRF_TOKEN_ISSUED", { structuredData: { issued: Boolean(csrfToken) } });
190
+ const headers = new Headers(secureApiHeaders);
132
191
  headers.append("Set-Cookie", setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes));
133
192
  return Response.json({ csrfToken }, { headers });
134
193
  });
@@ -1,7 +1,5 @@
1
1
  import * as _aura_stack_router from '@aura-stack/router';
2
2
 
3
- declare const csrfTokenAction: _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {
4
- schemas?: _aura_stack_router.EndpointSchemas | undefined;
5
- }>;
3
+ declare const csrfTokenAction: _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {}>;
6
4
 
7
5
  export { csrfTokenAction };
@@ -1,11 +1,13 @@
1
1
  import {
2
2
  csrfTokenAction
3
- } from "../../chunk-HT4YLL7N.js";
4
- import "../../chunk-W6LG7BFW.js";
5
- import "../../chunk-STHEPPUZ.js";
6
- import "../../chunk-N2APGLXA.js";
7
- import "../../chunk-CXLATHS5.js";
8
- import "../../chunk-EIL2FPSS.js";
3
+ } from "../../chunk-ICAZ4OVS.js";
4
+ import "../../chunk-NUDITUKX.js";
5
+ import "../../chunk-4EKY7655.js";
6
+ import "../../chunk-QQVSRXGX.js";
7
+ import "../../chunk-5W4BRQYG.js";
8
+ import "../../chunk-EBAMFRB7.js";
9
+ import "../../chunk-FRJFWTOY.js";
10
+ import "../../chunk-4MYWAOLG.js";
9
11
  import "../../chunk-RRLIF4PQ.js";
10
12
  export {
11
13
  csrfTokenAction