@aura-stack/auth 0.4.0-rc.5 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +4 -3
- package/dist/@types/router.d.cjs +0 -17
- package/dist/@types/router.d.d.ts +3 -2
- package/dist/@types/router.d.js +0 -1
- package/dist/actions/callback/access-token.cjs +40 -25
- package/dist/actions/callback/access-token.d.ts +4 -3
- package/dist/actions/callback/access-token.js +3 -4
- package/dist/actions/callback/callback.cjs +287 -77
- package/dist/actions/callback/callback.d.ts +5 -26
- package/dist/actions/callback/callback.js +13 -10
- package/dist/actions/callback/userinfo.cjs +68 -7
- package/dist/actions/callback/userinfo.d.ts +4 -3
- package/dist/actions/callback/userinfo.js +8 -6
- package/dist/actions/csrfToken/csrfToken.cjs +63 -4
- package/dist/actions/csrfToken/csrfToken.d.ts +1 -3
- package/dist/actions/csrfToken/csrfToken.js +8 -6
- package/dist/actions/index.cjs +400 -175
- package/dist/actions/index.d.ts +3 -2
- package/dist/actions/index.js +21 -19
- package/dist/actions/session/session.cjs +40 -11
- package/dist/actions/session/session.d.ts +1 -3
- package/dist/actions/session/session.js +4 -4
- package/dist/actions/signIn/authorization.cjs +171 -132
- package/dist/actions/signIn/authorization.d.ts +21 -11
- package/dist/actions/signIn/authorization.js +8 -6
- package/dist/actions/signIn/signIn.cjs +220 -113
- package/dist/actions/signIn/signIn.d.ts +5 -25
- package/dist/actions/signIn/signIn.js +9 -7
- package/dist/actions/signOut/signOut.cjs +268 -119
- package/dist/actions/signOut/signOut.d.ts +1 -9
- package/dist/actions/signOut/signOut.js +10 -8
- package/dist/assert.cjs +117 -5
- package/dist/assert.d.ts +22 -3
- package/dist/assert.js +17 -3
- package/dist/chunk-4EKY7655.js +123 -0
- package/dist/chunk-4MYWAOLG.js +31 -0
- package/dist/chunk-4YHJ4IEQ.js +25 -0
- package/dist/chunk-54CZPKR4.js +25 -0
- package/dist/chunk-5LZ7TOM3.js +25 -0
- package/dist/{chunk-W6LG7BFW.js → chunk-5W4BRQYG.js} +24 -20
- package/dist/chunk-6MXFPFR3.js +143 -0
- package/dist/{chunk-3EUWD5BB.js → chunk-7QF22LHP.js} +13 -9
- package/dist/chunk-ALG3GIV4.js +95 -0
- package/dist/chunk-E6G5YCI6.js +25 -0
- package/dist/chunk-EBAMFRB7.js +34 -0
- package/dist/chunk-EEE7UM5T.js +25 -0
- package/dist/{chunk-TLE4PXY3.js → chunk-FRJFWTOY.js} +38 -7
- package/dist/chunk-FW4W3REU.js +25 -0
- package/dist/{chunk-HT4YLL7N.js → chunk-ICAZ4OVS.js} +10 -8
- package/dist/chunk-IPKO6UQN.js +25 -0
- package/dist/{chunk-YRCB5FLE.js → chunk-KJBAQZX2.js} +13 -0
- package/dist/chunk-KMMAZFSJ.js +25 -0
- package/dist/chunk-LDU7A2JE.js +25 -0
- package/dist/{chunk-N2APGLXA.js → chunk-NUDITUKX.js} +18 -16
- package/dist/chunk-OVHNRULD.js +33 -0
- package/dist/{chunk-JVFTCTTE.js → chunk-PHFH2MGS.js} +12 -9
- package/dist/chunk-QQVSRXGX.js +149 -0
- package/dist/chunk-TM5IPSNF.js +113 -0
- package/dist/{chunk-GA2SMTJO.js → chunk-TZB6MUXN.js} +33 -13
- package/dist/chunk-VNCNJKS2.js +267 -0
- package/dist/{chunk-IVET23KF.js → chunk-XGLBNXL4.js} +31 -14
- package/dist/chunk-XUP6KKNG.js +106 -0
- package/dist/cookie.cjs +24 -20
- package/dist/cookie.d.ts +4 -3
- package/dist/cookie.js +1 -1
- package/dist/env.cjs +56 -0
- package/dist/env.d.ts +7 -0
- package/dist/env.js +6 -0
- package/dist/errors.d.ts +4 -3
- package/dist/headers.cjs +28 -2
- package/dist/headers.d.ts +25 -1
- package/dist/headers.js +9 -3
- package/dist/{index-B8jeIElf.d.ts → index-CSyIJmCM.d.ts} +373 -45
- package/dist/index.cjs +1128 -483
- package/dist/index.d.ts +7 -67
- package/dist/index.js +83 -42
- package/dist/jose.cjs +62 -25
- package/dist/jose.d.ts +7 -5
- package/dist/jose.js +8 -6
- package/dist/logger.cjs +292 -0
- package/dist/logger.d.ts +8 -0
- package/dist/logger.js +8 -0
- package/dist/oauth/bitbucket.cjs +19 -15
- package/dist/oauth/bitbucket.d.ts +3 -2
- package/dist/oauth/bitbucket.js +1 -1
- package/dist/oauth/discord.cjs +27 -24
- package/dist/oauth/discord.d.ts +3 -2
- package/dist/oauth/discord.js +1 -1
- package/dist/oauth/figma.cjs +19 -16
- package/dist/oauth/figma.d.ts +3 -2
- package/dist/oauth/figma.js +1 -1
- package/dist/oauth/github.cjs +19 -8
- package/dist/oauth/github.d.ts +3 -2
- package/dist/oauth/github.js +1 -1
- package/dist/oauth/gitlab.cjs +19 -16
- package/dist/oauth/gitlab.d.ts +3 -2
- package/dist/oauth/gitlab.js +1 -1
- package/dist/oauth/index.cjs +266 -166
- package/dist/oauth/index.d.ts +3 -2
- package/dist/oauth/index.js +22 -21
- package/dist/oauth/mailchimp.cjs +19 -16
- package/dist/oauth/mailchimp.d.ts +3 -2
- package/dist/oauth/mailchimp.js +1 -1
- package/dist/oauth/pinterest.cjs +19 -16
- package/dist/oauth/pinterest.d.ts +3 -2
- package/dist/oauth/pinterest.js +1 -1
- package/dist/oauth/spotify.cjs +19 -16
- package/dist/oauth/spotify.d.ts +3 -2
- package/dist/oauth/spotify.js +1 -1
- package/dist/oauth/strava.cjs +19 -16
- package/dist/oauth/strava.d.ts +3 -2
- package/dist/oauth/strava.js +1 -1
- package/dist/oauth/x.cjs +19 -16
- package/dist/oauth/x.d.ts +3 -2
- package/dist/oauth/x.js +1 -1
- package/dist/schemas.cjs +16 -2
- package/dist/schemas.d.ts +17 -1
- package/dist/schemas.js +5 -3
- package/dist/secure.cjs +58 -16
- package/dist/secure.d.ts +4 -10
- package/dist/secure.js +5 -5
- package/dist/utils.cjs +94 -87
- package/dist/utils.d.ts +9 -39
- package/dist/utils.js +11 -9
- package/package.json +3 -4
- package/dist/chunk-42XB3YCW.js +0 -22
- package/dist/chunk-6R2YZ4AC.js +0 -22
- package/dist/chunk-A3N4PVAT.js +0 -70
- package/dist/chunk-B737EUJV.js +0 -22
- package/dist/chunk-CXLATHS5.js +0 -143
- package/dist/chunk-DIVDFNAP.js +0 -0
- package/dist/chunk-E3OXBRYF.js +0 -22
- package/dist/chunk-EIL2FPSS.js +0 -22
- package/dist/chunk-EMKJA2GJ.js +0 -89
- package/dist/chunk-FIPU4MLT.js +0 -21
- package/dist/chunk-FKRDCWBF.js +0 -22
- package/dist/chunk-HP34YGGJ.js +0 -22
- package/dist/chunk-IKHPGFCW.js +0 -14
- package/dist/chunk-IUYZQTJV.js +0 -30
- package/dist/chunk-KRNOMBXQ.js +0 -22
- package/dist/chunk-KSWLO5ZU.js +0 -102
- package/dist/chunk-N4SX7TZT.js +0 -96
- package/dist/chunk-STHEPPUZ.js +0 -11
package/dist/index.d.ts
CHANGED
|
@@ -1,14 +1,11 @@
|
|
|
1
|
-
import { d as AuthConfig, e as
|
|
2
|
-
export { f as
|
|
3
|
-
import
|
|
4
|
-
export { createClient } from '@aura-stack/router';
|
|
5
|
-
import * as zod_v4_core from 'zod/v4/core';
|
|
6
|
-
import * as zod from 'zod';
|
|
7
|
-
import './@types/router.d.js';
|
|
1
|
+
import { d as AuthConfig, e as AuthInstance } from './index-CSyIJmCM.js';
|
|
2
|
+
export { C as CookieConfig, E as ErrorType, f as JoseInstance, i as LogLevel, L as Logger, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, S as Session, T as TrustedOrigin, U as User } from './index-CSyIJmCM.js';
|
|
3
|
+
import 'zod';
|
|
8
4
|
import './schemas.js';
|
|
9
|
-
import '
|
|
5
|
+
import './jose.js';
|
|
10
6
|
import '@aura-stack/jose';
|
|
11
7
|
import '@aura-stack/jose/jose';
|
|
8
|
+
import '@aura-stack/router/cookie';
|
|
12
9
|
import './@types/utility.js';
|
|
13
10
|
|
|
14
11
|
/**
|
|
@@ -33,63 +30,6 @@ import './@types/utility.js';
|
|
|
33
30
|
* }]
|
|
34
31
|
* })
|
|
35
32
|
*/
|
|
36
|
-
declare const createAuth: (authConfig: AuthConfig) =>
|
|
37
|
-
handlers: _aura_stack_router.Router<[_aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {
|
|
38
|
-
schemas?: {
|
|
39
|
-
params: zod.ZodObject<{
|
|
40
|
-
oauth: zod.ZodEnum<{
|
|
41
|
-
[x: string & Record<never, never>]: string & Record<never, never>;
|
|
42
|
-
github: "github";
|
|
43
|
-
bitbucket: "bitbucket";
|
|
44
|
-
figma: "figma";
|
|
45
|
-
discord: "discord";
|
|
46
|
-
gitlab: "gitlab";
|
|
47
|
-
spotify: "spotify";
|
|
48
|
-
x: "x";
|
|
49
|
-
strava: "strava";
|
|
50
|
-
mailchimp: "mailchimp";
|
|
51
|
-
pinterest: "pinterest";
|
|
52
|
-
}>;
|
|
53
|
-
}, zod_v4_core.$strip>;
|
|
54
|
-
searchParams: zod.ZodObject<{
|
|
55
|
-
redirectTo: zod.ZodOptional<zod.ZodString>;
|
|
56
|
-
}, zod_v4_core.$strip>;
|
|
57
|
-
} | undefined;
|
|
58
|
-
}>, _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
|
|
59
|
-
schemas?: {
|
|
60
|
-
params: zod.ZodObject<{
|
|
61
|
-
oauth: zod.ZodEnum<{
|
|
62
|
-
[x: string & Record<never, never>]: string & Record<never, never>;
|
|
63
|
-
github: "github";
|
|
64
|
-
bitbucket: "bitbucket";
|
|
65
|
-
figma: "figma";
|
|
66
|
-
discord: "discord";
|
|
67
|
-
gitlab: "gitlab";
|
|
68
|
-
spotify: "spotify";
|
|
69
|
-
x: "x";
|
|
70
|
-
strava: "strava";
|
|
71
|
-
mailchimp: "mailchimp";
|
|
72
|
-
pinterest: "pinterest";
|
|
73
|
-
}>;
|
|
74
|
-
}, zod_v4_core.$strip>;
|
|
75
|
-
searchParams: zod.ZodObject<{
|
|
76
|
-
code: zod.ZodString;
|
|
77
|
-
state: zod.ZodString;
|
|
78
|
-
}, zod_v4_core.$strip>;
|
|
79
|
-
} | undefined;
|
|
80
|
-
}>, _aura_stack_router.RouteEndpoint<"GET", "/session", {
|
|
81
|
-
schemas?: _aura_stack_router.EndpointSchemas | undefined;
|
|
82
|
-
}>, _aura_stack_router.RouteEndpoint<"POST", "/signOut", {
|
|
83
|
-
schemas?: {
|
|
84
|
-
searchParams: zod.ZodObject<{
|
|
85
|
-
token_type_hint: zod.ZodLiteral<"session_token">;
|
|
86
|
-
redirectTo: zod.ZodOptional<zod.ZodString>;
|
|
87
|
-
}, zod_v4_core.$strip>;
|
|
88
|
-
} | undefined;
|
|
89
|
-
}>, _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {
|
|
90
|
-
schemas?: _aura_stack_router.EndpointSchemas | undefined;
|
|
91
|
-
}>]>;
|
|
92
|
-
jose: JoseInstance;
|
|
93
|
-
};
|
|
33
|
+
declare const createAuth: (authConfig: AuthConfig) => AuthInstance;
|
|
94
34
|
|
|
95
|
-
export { AuthConfig,
|
|
35
|
+
export { AuthConfig, AuthInstance, createAuth };
|
package/dist/index.js
CHANGED
|
@@ -1,73 +1,115 @@
|
|
|
1
1
|
import {
|
|
2
2
|
createBuiltInOAuthProviders
|
|
3
|
-
} from "./chunk-
|
|
4
|
-
import "./chunk-
|
|
5
|
-
import "./chunk-
|
|
6
|
-
import "./chunk-
|
|
7
|
-
import "./chunk-
|
|
8
|
-
import "./chunk-
|
|
9
|
-
import "./chunk-
|
|
10
|
-
import "./chunk-
|
|
11
|
-
import "./chunk-
|
|
12
|
-
import "./chunk-
|
|
3
|
+
} from "./chunk-TM5IPSNF.js";
|
|
4
|
+
import "./chunk-IPKO6UQN.js";
|
|
5
|
+
import "./chunk-54CZPKR4.js";
|
|
6
|
+
import "./chunk-EEE7UM5T.js";
|
|
7
|
+
import "./chunk-4YHJ4IEQ.js";
|
|
8
|
+
import "./chunk-OVHNRULD.js";
|
|
9
|
+
import "./chunk-KMMAZFSJ.js";
|
|
10
|
+
import "./chunk-FW4W3REU.js";
|
|
11
|
+
import "./chunk-5LZ7TOM3.js";
|
|
12
|
+
import "./chunk-LDU7A2JE.js";
|
|
13
|
+
import "./chunk-E6G5YCI6.js";
|
|
13
14
|
import "./chunk-ITQ7352M.js";
|
|
15
|
+
import {
|
|
16
|
+
signInAction
|
|
17
|
+
} from "./chunk-7QF22LHP.js";
|
|
18
|
+
import {
|
|
19
|
+
csrfTokenAction
|
|
20
|
+
} from "./chunk-ICAZ4OVS.js";
|
|
14
21
|
import {
|
|
15
22
|
signOutAction
|
|
16
|
-
} from "./chunk-
|
|
23
|
+
} from "./chunk-ALG3GIV4.js";
|
|
17
24
|
import {
|
|
18
25
|
callbackAction
|
|
19
|
-
} from "./chunk-
|
|
20
|
-
import "./chunk-
|
|
21
|
-
import "./chunk-
|
|
22
|
-
import {
|
|
23
|
-
csrfTokenAction
|
|
24
|
-
} from "./chunk-HT4YLL7N.js";
|
|
26
|
+
} from "./chunk-6MXFPFR3.js";
|
|
27
|
+
import "./chunk-TZB6MUXN.js";
|
|
28
|
+
import "./chunk-XGLBNXL4.js";
|
|
25
29
|
import {
|
|
26
30
|
sessionAction
|
|
27
|
-
} from "./chunk-
|
|
31
|
+
} from "./chunk-PHFH2MGS.js";
|
|
32
|
+
import "./chunk-XUP6KKNG.js";
|
|
33
|
+
import "./chunk-ZNCZVF6U.js";
|
|
34
|
+
import "./chunk-KJBAQZX2.js";
|
|
35
|
+
import "./chunk-NUDITUKX.js";
|
|
36
|
+
import "./chunk-4EKY7655.js";
|
|
28
37
|
import {
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
import "./chunk-FIPU4MLT.js";
|
|
33
|
-
import "./chunk-IUYZQTJV.js";
|
|
38
|
+
createErrorHandler,
|
|
39
|
+
useSecureCookies
|
|
40
|
+
} from "./chunk-QQVSRXGX.js";
|
|
34
41
|
import {
|
|
35
42
|
createCookieStore
|
|
36
|
-
} from "./chunk-
|
|
37
|
-
import "./chunk-
|
|
43
|
+
} from "./chunk-5W4BRQYG.js";
|
|
44
|
+
import "./chunk-EBAMFRB7.js";
|
|
38
45
|
import {
|
|
39
46
|
createJoseInstance
|
|
40
|
-
} from "./chunk-
|
|
41
|
-
import "./chunk-
|
|
42
|
-
import {
|
|
43
|
-
onErrorHandler,
|
|
44
|
-
useSecureCookies
|
|
45
|
-
} from "./chunk-CXLATHS5.js";
|
|
46
|
-
import "./chunk-EIL2FPSS.js";
|
|
47
|
+
} from "./chunk-FRJFWTOY.js";
|
|
48
|
+
import "./chunk-4MYWAOLG.js";
|
|
47
49
|
import "./chunk-RRLIF4PQ.js";
|
|
48
|
-
import
|
|
49
|
-
|
|
50
|
+
import {
|
|
51
|
+
createLogEntry
|
|
52
|
+
} from "./chunk-VNCNJKS2.js";
|
|
50
53
|
|
|
51
54
|
// src/index.ts
|
|
52
|
-
import "
|
|
53
|
-
|
|
55
|
+
import { createRouter } from "@aura-stack/router";
|
|
56
|
+
var logLevelToSeverity = {
|
|
57
|
+
debug: ["debug", "info", "notice", "warning", "error", "critical", "alert", "emergency"],
|
|
58
|
+
info: ["info", "notice", "warning", "error", "critical", "alert", "emergency"],
|
|
59
|
+
warn: ["warning", "error", "critical", "alert", "emergency"],
|
|
60
|
+
error: ["error", "critical", "alert", "emergency"]
|
|
61
|
+
};
|
|
62
|
+
var createLoggerProxy = (logger) => {
|
|
63
|
+
if (!logger) return void 0;
|
|
64
|
+
const level = logger.level;
|
|
65
|
+
const allowedSeverities = logLevelToSeverity[level] ?? [];
|
|
66
|
+
const internalLogger = {
|
|
67
|
+
level,
|
|
68
|
+
log(key, overrides) {
|
|
69
|
+
const entry = createLogEntry(key, overrides);
|
|
70
|
+
if (!allowedSeverities.includes(entry.severity)) return entry;
|
|
71
|
+
logger.log({
|
|
72
|
+
timestamp: entry.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
|
|
73
|
+
appName: entry.appName ?? "aura-auth",
|
|
74
|
+
hostname: entry.hostname ?? "aura-auth",
|
|
75
|
+
...entry
|
|
76
|
+
});
|
|
77
|
+
return entry;
|
|
78
|
+
}
|
|
79
|
+
};
|
|
80
|
+
return internalLogger;
|
|
81
|
+
};
|
|
54
82
|
var createInternalConfig = (authConfig) => {
|
|
55
83
|
const useSecure = authConfig?.trustedProxyHeaders ?? false;
|
|
84
|
+
const logger = authConfig?.logger;
|
|
85
|
+
const internalLogger = createLoggerProxy(logger);
|
|
56
86
|
return {
|
|
57
87
|
basePath: authConfig?.basePath ?? "/auth",
|
|
58
|
-
onError:
|
|
88
|
+
onError: createErrorHandler(internalLogger),
|
|
59
89
|
context: {
|
|
60
90
|
oauth: createBuiltInOAuthProviders(authConfig?.oauth),
|
|
61
|
-
cookies: createCookieStore(
|
|
91
|
+
cookies: createCookieStore(
|
|
92
|
+
useSecure,
|
|
93
|
+
authConfig?.cookies?.prefix,
|
|
94
|
+
authConfig?.cookies?.overrides ?? {},
|
|
95
|
+
internalLogger
|
|
96
|
+
),
|
|
62
97
|
jose: createJoseInstance(authConfig?.secret),
|
|
63
98
|
secret: authConfig?.secret,
|
|
64
99
|
basePath: authConfig?.basePath ?? "/auth",
|
|
65
|
-
trustedProxyHeaders: useSecure
|
|
100
|
+
trustedProxyHeaders: useSecure,
|
|
101
|
+
trustedOrigins: authConfig?.trustedOrigins,
|
|
102
|
+
logger: internalLogger
|
|
66
103
|
},
|
|
67
104
|
middlewares: [
|
|
68
105
|
(ctx) => {
|
|
69
106
|
const useSecure2 = useSecureCookies(ctx.request, ctx.context.trustedProxyHeaders);
|
|
70
|
-
const cookies = createCookieStore(
|
|
107
|
+
const cookies = createCookieStore(
|
|
108
|
+
useSecure2,
|
|
109
|
+
authConfig?.cookies?.prefix,
|
|
110
|
+
authConfig?.cookies?.overrides ?? {},
|
|
111
|
+
internalLogger
|
|
112
|
+
);
|
|
71
113
|
ctx.context.cookies = cookies;
|
|
72
114
|
return ctx;
|
|
73
115
|
}
|
|
@@ -86,6 +128,5 @@ var createAuth = (authConfig) => {
|
|
|
86
128
|
};
|
|
87
129
|
};
|
|
88
130
|
export {
|
|
89
|
-
createAuth
|
|
90
|
-
createClient
|
|
131
|
+
createAuth
|
|
91
132
|
};
|
package/dist/jose.cjs
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,30 +15,48 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/jose.ts
|
|
31
21
|
var jose_exports = {};
|
|
32
22
|
__export(jose_exports, {
|
|
33
|
-
createJoseInstance: () => createJoseInstance
|
|
23
|
+
createJoseInstance: () => createJoseInstance,
|
|
24
|
+
decodeJWTOptions: () => decodeJWTOptions,
|
|
25
|
+
jwtVerificationOptions: () => jwtVerificationOptions
|
|
34
26
|
});
|
|
35
27
|
module.exports = __toCommonJS(jose_exports);
|
|
36
|
-
var import_config = require("dotenv/config");
|
|
37
|
-
var import_jose = require("@aura-stack/jose");
|
|
38
28
|
|
|
39
|
-
// src/
|
|
40
|
-
var
|
|
29
|
+
// src/env.ts
|
|
30
|
+
var import_meta = {};
|
|
31
|
+
var env = new Proxy({}, {
|
|
32
|
+
get(_, prop) {
|
|
33
|
+
if (typeof prop !== "string") return void 0;
|
|
34
|
+
const hasProperty = (process2) => {
|
|
35
|
+
return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
|
|
36
|
+
};
|
|
37
|
+
try {
|
|
38
|
+
if (typeof process !== "undefined" && hasProperty(process.env)) {
|
|
39
|
+
return process.env[prop];
|
|
40
|
+
}
|
|
41
|
+
if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
|
|
42
|
+
return import_meta.env[prop];
|
|
43
|
+
}
|
|
44
|
+
if (typeof Deno !== "undefined" && Deno.env?.get) {
|
|
45
|
+
return Deno.env.get(prop);
|
|
46
|
+
}
|
|
47
|
+
if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
|
|
48
|
+
return Bun.env[prop];
|
|
49
|
+
}
|
|
50
|
+
const globalValue = globalThis[prop];
|
|
51
|
+
return typeof globalValue === "string" ? globalValue : void 0;
|
|
52
|
+
} catch {
|
|
53
|
+
return void 0;
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
});
|
|
41
57
|
|
|
42
|
-
// src/
|
|
43
|
-
var
|
|
58
|
+
// src/jose.ts
|
|
59
|
+
var import_jose = require("@aura-stack/jose");
|
|
44
60
|
|
|
45
61
|
// src/errors.ts
|
|
46
62
|
var AuthInternalError = class extends Error {
|
|
@@ -54,14 +70,8 @@ var AuthInternalError = class extends Error {
|
|
|
54
70
|
}
|
|
55
71
|
};
|
|
56
72
|
|
|
57
|
-
// src/secure.ts
|
|
58
|
-
var createDerivedSalt = (secret) => {
|
|
59
|
-
return import_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
|
|
60
|
-
};
|
|
61
|
-
|
|
62
73
|
// src/jose.ts
|
|
63
74
|
var createJoseInstance = (secret) => {
|
|
64
|
-
const env = process.env;
|
|
65
75
|
secret ??= env.AURA_AUTH_SECRET ?? env.AUTH_SECRET;
|
|
66
76
|
if (!secret) {
|
|
67
77
|
throw new AuthInternalError(
|
|
@@ -69,7 +79,22 @@ var createJoseInstance = (secret) => {
|
|
|
69
79
|
"AURA_AUTH_SECRET environment variable is not set and no secret was provided."
|
|
70
80
|
);
|
|
71
81
|
}
|
|
72
|
-
const salt = env.AURA_AUTH_SALT ?? env.AUTH_SALT
|
|
82
|
+
const salt = env.AURA_AUTH_SALT ?? env.AUTH_SALT;
|
|
83
|
+
if (!salt) {
|
|
84
|
+
throw new AuthInternalError(
|
|
85
|
+
"JOSE_INITIALIZATION_FAILED",
|
|
86
|
+
"AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation."
|
|
87
|
+
);
|
|
88
|
+
}
|
|
89
|
+
try {
|
|
90
|
+
(0, import_jose.createSecret)(salt);
|
|
91
|
+
} catch (error) {
|
|
92
|
+
throw new AuthInternalError(
|
|
93
|
+
"INVALID_SALT_SECRET_VALUE",
|
|
94
|
+
"AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.",
|
|
95
|
+
{ cause: error }
|
|
96
|
+
);
|
|
97
|
+
}
|
|
73
98
|
const { derivedKey: derivedSigningKey } = (0, import_jose.createDeriveKey)(secret, salt, "signing");
|
|
74
99
|
const { derivedKey: derivedEncryptionKey } = (0, import_jose.createDeriveKey)(secret, salt, "encryption");
|
|
75
100
|
const { derivedKey: derivedCsrfTokenKey } = (0, import_jose.createDeriveKey)(secret, salt, "csrfToken");
|
|
@@ -85,7 +110,19 @@ var createJoseInstance = (secret) => {
|
|
|
85
110
|
decryptJWE
|
|
86
111
|
};
|
|
87
112
|
};
|
|
113
|
+
var jwtVerificationOptions = {
|
|
114
|
+
algorithms: ["HS256"],
|
|
115
|
+
typ: "JWT"
|
|
116
|
+
};
|
|
117
|
+
var decodeJWTOptions = {
|
|
118
|
+
jws: jwtVerificationOptions,
|
|
119
|
+
jwt: {
|
|
120
|
+
typ: "JWT"
|
|
121
|
+
}
|
|
122
|
+
};
|
|
88
123
|
// Annotate the CommonJS export names for ESM import in node:
|
|
89
124
|
0 && (module.exports = {
|
|
90
|
-
createJoseInstance
|
|
125
|
+
createJoseInstance,
|
|
126
|
+
decodeJWTOptions,
|
|
127
|
+
jwtVerificationOptions
|
|
91
128
|
});
|
package/dist/jose.d.ts
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
import * as _aura_stack_jose from '@aura-stack/jose';
|
|
2
|
+
import { JWTVerifyOptions, DecodedJWTPayloadOptions } from '@aura-stack/jose';
|
|
2
3
|
import * as _aura_stack_jose_jose from '@aura-stack/jose/jose';
|
|
3
4
|
export { JWTPayload } from '@aura-stack/jose/jose';
|
|
4
5
|
|
|
5
6
|
/**
|
|
6
7
|
* Creates the JOSE instance used for signing and verifying tokens. It derives keys
|
|
7
|
-
* for session tokens and CSRF tokens. For security and determinism, it
|
|
8
|
-
*
|
|
9
|
-
* salt based on the provided secret.
|
|
8
|
+
* for session tokens and CSRF tokens. For security and determinism, it's required
|
|
9
|
+
* to set a salt value in `AURA_AUTH_SALT` or `AUTH_SALT` env.
|
|
10
10
|
*
|
|
11
11
|
* @param secret the base secret for key derivation
|
|
12
12
|
* @returns jose instance with methods for encoding/decoding JWTs and signing/verifying JWSs
|
|
@@ -15,9 +15,11 @@ declare const createJoseInstance: (secret?: string) => {
|
|
|
15
15
|
decodeJWT: (token: string) => Promise<_aura_stack_jose_jose.JWTPayload>;
|
|
16
16
|
encodeJWT: (payload: _aura_stack_jose_jose.JWTPayload) => Promise<string>;
|
|
17
17
|
signJWS: (payload: _aura_stack_jose_jose.JWTPayload) => Promise<string>;
|
|
18
|
-
verifyJWS: (payload: string, options?:
|
|
18
|
+
verifyJWS: (payload: string, options?: JWTVerifyOptions) => Promise<_aura_stack_jose_jose.JWTPayload>;
|
|
19
19
|
encryptJWE: (payload: string, options?: _aura_stack_jose.EncryptOptions) => Promise<string>;
|
|
20
20
|
decryptJWE: (payload: string, options?: _aura_stack_jose.JWTDecryptOptions) => Promise<string>;
|
|
21
21
|
};
|
|
22
|
+
declare const jwtVerificationOptions: JWTVerifyOptions;
|
|
23
|
+
declare const decodeJWTOptions: DecodedJWTPayloadOptions;
|
|
22
24
|
|
|
23
|
-
export { createJoseInstance };
|
|
25
|
+
export { createJoseInstance, decodeJWTOptions, jwtVerificationOptions };
|
package/dist/jose.js
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import {
|
|
2
|
-
createJoseInstance
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
import "./chunk-
|
|
2
|
+
createJoseInstance,
|
|
3
|
+
decodeJWTOptions,
|
|
4
|
+
jwtVerificationOptions
|
|
5
|
+
} from "./chunk-FRJFWTOY.js";
|
|
6
|
+
import "./chunk-4MYWAOLG.js";
|
|
7
7
|
import "./chunk-RRLIF4PQ.js";
|
|
8
8
|
export {
|
|
9
|
-
createJoseInstance
|
|
9
|
+
createJoseInstance,
|
|
10
|
+
decodeJWTOptions,
|
|
11
|
+
jwtVerificationOptions
|
|
10
12
|
};
|