@aura-stack/auth 0.4.0-rc.5 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (201) hide show
  1. package/dist/@types/index.d.ts +8 -3
  2. package/dist/@types/router.d.cjs +0 -17
  3. package/dist/@types/router.d.d.ts +7 -2
  4. package/dist/@types/router.d.js +0 -1
  5. package/dist/actions/callback/access-token.cjs +130 -71
  6. package/dist/actions/callback/access-token.d.ts +9 -4
  7. package/dist/actions/callback/access-token.js +3 -4
  8. package/dist/actions/callback/callback.cjs +428 -152
  9. package/dist/actions/callback/callback.d.ts +11 -3
  10. package/dist/actions/callback/callback.js +12 -10
  11. package/dist/actions/callback/userinfo.cjs +159 -65
  12. package/dist/actions/callback/userinfo.d.ts +8 -3
  13. package/dist/actions/callback/userinfo.js +7 -6
  14. package/dist/actions/csrfToken/csrfToken.cjs +70 -19
  15. package/dist/actions/csrfToken/csrfToken.js +8 -7
  16. package/dist/actions/index.cjs +780 -348
  17. package/dist/actions/index.d.ts +6 -2
  18. package/dist/actions/index.js +23 -18
  19. package/dist/actions/session/session.cjs +107 -26
  20. package/dist/actions/session/session.js +7 -5
  21. package/dist/actions/signIn/authorization-url.cjs +288 -0
  22. package/dist/actions/signIn/authorization-url.d.ts +31 -0
  23. package/dist/actions/signIn/authorization-url.js +16 -0
  24. package/dist/actions/signIn/authorization.cjs +209 -211
  25. package/dist/actions/signIn/authorization.d.ts +32 -21
  26. package/dist/actions/signIn/authorization.js +12 -9
  27. package/dist/actions/signIn/signIn.cjs +470 -235
  28. package/dist/actions/signIn/signIn.d.ts +12 -3
  29. package/dist/actions/signIn/signIn.js +11 -8
  30. package/dist/actions/signOut/signOut.cjs +376 -228
  31. package/dist/actions/signOut/signOut.d.ts +1 -1
  32. package/dist/actions/signOut/signOut.js +10 -9
  33. package/dist/api/createApi.cjs +750 -0
  34. package/dist/api/createApi.d.ts +12 -0
  35. package/dist/api/createApi.js +19 -0
  36. package/dist/api/getSession.cjs +141 -0
  37. package/dist/api/getSession.d.ts +16 -0
  38. package/dist/api/getSession.js +10 -0
  39. package/dist/api/signIn.cjs +549 -0
  40. package/dist/api/signIn.d.ts +26 -0
  41. package/dist/api/signIn.js +15 -0
  42. package/dist/api/signOut.cjs +279 -0
  43. package/dist/api/signOut.d.ts +16 -0
  44. package/dist/api/signOut.js +13 -0
  45. package/dist/assert.cjs +150 -5
  46. package/dist/assert.d.ts +26 -3
  47. package/dist/assert.js +17 -3
  48. package/dist/{chunk-YRCB5FLE.js → chunk-2A5B7GWR.js} +52 -6
  49. package/dist/chunk-2GQLSIJ2.js +40 -0
  50. package/dist/chunk-2IR674WX.js +44 -0
  51. package/dist/chunk-3J5TUH2I.js +50 -0
  52. package/dist/chunk-4RWSYUKX.js +98 -0
  53. package/dist/chunk-4YHJ4IEQ.js +25 -0
  54. package/dist/chunk-54CZPKR4.js +25 -0
  55. package/dist/chunk-5LZ7TOM3.js +25 -0
  56. package/dist/chunk-7BE46WWS.js +88 -0
  57. package/dist/chunk-7YYXFKLR.js +35 -0
  58. package/dist/chunk-C3A37LQC.js +33 -0
  59. package/dist/chunk-CITNGXDA.js +31 -0
  60. package/dist/chunk-CWX724AG.js +78 -0
  61. package/dist/chunk-D2CSIUKP.js +74 -0
  62. package/dist/chunk-E6G5YCI6.js +25 -0
  63. package/dist/chunk-EBAMFRB7.js +34 -0
  64. package/dist/chunk-EEE7UM5T.js +25 -0
  65. package/dist/{chunk-HT4YLL7N.js → chunk-FPCVZUVG.js} +10 -8
  66. package/dist/chunk-FW4W3REU.js +25 -0
  67. package/dist/chunk-GNNBM2WJ.js +83 -0
  68. package/dist/chunk-IPKO6UQN.js +25 -0
  69. package/dist/chunk-JOCGX3RP.js +59 -0
  70. package/dist/chunk-KBXWTD6E.js +94 -0
  71. package/dist/chunk-KMMAZFSJ.js +25 -0
  72. package/dist/chunk-LATR3NIV.js +117 -0
  73. package/dist/chunk-LAYPUDQF.js +39 -0
  74. package/dist/chunk-LDU7A2JE.js +25 -0
  75. package/dist/chunk-LX3TJ2TJ.js +294 -0
  76. package/dist/chunk-NHZBQNRR.js +143 -0
  77. package/dist/chunk-OVHNRULD.js +33 -0
  78. package/dist/chunk-PDP3PHB3.js +127 -0
  79. package/dist/chunk-PHYNROD4.js +47 -0
  80. package/dist/chunk-QQEKY4XP.js +29 -0
  81. package/dist/chunk-U4RK4LKJ.js +348 -0
  82. package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
  83. package/dist/chunk-UN7X6SU5.js +53 -0
  84. package/dist/chunk-UZQJJD6A.js +100 -0
  85. package/dist/chunk-V6LLEAR4.js +80 -0
  86. package/dist/chunk-WHNDRO3N.js +50 -0
  87. package/dist/{chunk-W6LG7BFW.js → chunk-XY5R3EHH.js} +30 -23
  88. package/dist/client/client.cjs +135 -0
  89. package/dist/client/client.d.ts +85 -0
  90. package/dist/client/client.js +9 -0
  91. package/dist/client/index.cjs +135 -0
  92. package/dist/client/index.d.ts +14 -0
  93. package/dist/client/index.js +10 -0
  94. package/dist/context.cjs +1237 -0
  95. package/dist/context.d.ts +16 -0
  96. package/dist/context.js +28 -0
  97. package/dist/cookie.cjs +57 -22
  98. package/dist/cookie.d.ts +11 -6
  99. package/dist/cookie.js +3 -2
  100. package/dist/createAuth.cjs +2320 -0
  101. package/dist/createAuth.d.ts +12 -0
  102. package/dist/createAuth.js +48 -0
  103. package/dist/env.cjs +78 -0
  104. package/dist/env.d.ts +10 -0
  105. package/dist/env.js +12 -0
  106. package/dist/errors.cjs +17 -0
  107. package/dist/errors.d.ts +15 -4
  108. package/dist/errors.js +5 -1
  109. package/dist/headers.cjs +28 -2
  110. package/dist/headers.d.ts +25 -1
  111. package/dist/headers.js +9 -3
  112. package/dist/index-_aXtxb_s.d.ts +1377 -0
  113. package/dist/index.cjs +1843 -610
  114. package/dist/index.d.ts +11 -92
  115. package/dist/index.js +53 -85
  116. package/dist/jose.cjs +113 -38
  117. package/dist/jose.d.ts +12 -23
  118. package/dist/jose.js +17 -7
  119. package/dist/logger.cjs +424 -0
  120. package/dist/logger.d.ts +12 -0
  121. package/dist/logger.js +17 -0
  122. package/dist/oauth/atlassian.cjs +57 -0
  123. package/dist/oauth/atlassian.d.ts +12 -0
  124. package/dist/oauth/atlassian.js +6 -0
  125. package/dist/oauth/bitbucket.cjs +19 -15
  126. package/dist/oauth/bitbucket.d.ts +7 -2
  127. package/dist/oauth/bitbucket.js +1 -1
  128. package/dist/oauth/discord.cjs +27 -24
  129. package/dist/oauth/discord.d.ts +7 -2
  130. package/dist/oauth/discord.js +1 -1
  131. package/dist/oauth/dropbox.cjs +53 -0
  132. package/dist/oauth/dropbox.d.ts +12 -0
  133. package/dist/oauth/dropbox.js +6 -0
  134. package/dist/oauth/figma.cjs +19 -16
  135. package/dist/oauth/figma.d.ts +7 -2
  136. package/dist/oauth/figma.js +1 -1
  137. package/dist/oauth/github.cjs +19 -8
  138. package/dist/oauth/github.d.ts +7 -2
  139. package/dist/oauth/github.js +1 -1
  140. package/dist/oauth/gitlab.cjs +19 -16
  141. package/dist/oauth/gitlab.d.ts +7 -2
  142. package/dist/oauth/gitlab.js +1 -1
  143. package/dist/oauth/index.cjs +529 -239
  144. package/dist/oauth/index.d.ts +7 -2
  145. package/dist/oauth/index.js +39 -22
  146. package/dist/oauth/mailchimp.cjs +19 -16
  147. package/dist/oauth/mailchimp.d.ts +7 -2
  148. package/dist/oauth/mailchimp.js +1 -1
  149. package/dist/oauth/notion.cjs +131 -0
  150. package/dist/oauth/notion.d.ts +12 -0
  151. package/dist/oauth/notion.js +9 -0
  152. package/dist/oauth/pinterest.cjs +19 -16
  153. package/dist/oauth/pinterest.d.ts +7 -2
  154. package/dist/oauth/pinterest.js +1 -1
  155. package/dist/oauth/spotify.cjs +19 -16
  156. package/dist/oauth/spotify.d.ts +7 -2
  157. package/dist/oauth/spotify.js +1 -1
  158. package/dist/oauth/strava.cjs +19 -16
  159. package/dist/oauth/strava.d.ts +7 -2
  160. package/dist/oauth/strava.js +1 -1
  161. package/dist/oauth/twitch.cjs +95 -0
  162. package/dist/oauth/twitch.d.ts +12 -0
  163. package/dist/oauth/twitch.js +7 -0
  164. package/dist/oauth/x.cjs +19 -16
  165. package/dist/oauth/x.d.ts +7 -2
  166. package/dist/oauth/x.js +1 -1
  167. package/dist/schemas.cjs +89 -42
  168. package/dist/schemas.d.ts +114 -18
  169. package/dist/schemas.js +5 -3
  170. package/dist/secure.cjs +73 -31
  171. package/dist/secure.d.ts +11 -11
  172. package/dist/secure.js +7 -6
  173. package/dist/utils.cjs +203 -90
  174. package/dist/utils.d.ts +21 -40
  175. package/dist/utils.js +21 -12
  176. package/package.json +9 -6
  177. package/dist/chunk-3EUWD5BB.js +0 -63
  178. package/dist/chunk-42XB3YCW.js +0 -22
  179. package/dist/chunk-6R2YZ4AC.js +0 -22
  180. package/dist/chunk-A3N4PVAT.js +0 -70
  181. package/dist/chunk-B737EUJV.js +0 -22
  182. package/dist/chunk-CXLATHS5.js +0 -143
  183. package/dist/chunk-E3OXBRYF.js +0 -22
  184. package/dist/chunk-EIL2FPSS.js +0 -22
  185. package/dist/chunk-EMKJA2GJ.js +0 -89
  186. package/dist/chunk-FIPU4MLT.js +0 -21
  187. package/dist/chunk-FKRDCWBF.js +0 -22
  188. package/dist/chunk-GA2SMTJO.js +0 -58
  189. package/dist/chunk-HP34YGGJ.js +0 -22
  190. package/dist/chunk-IKHPGFCW.js +0 -14
  191. package/dist/chunk-IUYZQTJV.js +0 -30
  192. package/dist/chunk-IVET23KF.js +0 -58
  193. package/dist/chunk-JVFTCTTE.js +0 -33
  194. package/dist/chunk-KRNOMBXQ.js +0 -22
  195. package/dist/chunk-KSWLO5ZU.js +0 -102
  196. package/dist/chunk-N2APGLXA.js +0 -71
  197. package/dist/chunk-N4SX7TZT.js +0 -96
  198. package/dist/chunk-STHEPPUZ.js +0 -11
  199. package/dist/chunk-TLE4PXY3.js +0 -39
  200. package/dist/index-B8jeIElf.d.ts +0 -679
  201. /package/dist/{chunk-DIVDFNAP.js → chunk-5X7JZMEF.js} +0 -0
package/dist/index.d.ts CHANGED
@@ -1,95 +1,14 @@
1
- import { d as AuthConfig, e as JoseInstance } from './index-B8jeIElf.js';
2
- export { f as AuthInstance, C as CookieConfig, E as ErrorType, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, S as Session, U as User } from './index-B8jeIElf.js';
3
- import * as _aura_stack_router from '@aura-stack/router';
4
- export { createClient } from '@aura-stack/router';
5
- import * as zod_v4_core from 'zod/v4/core';
6
- import * as zod from 'zod';
7
- import './@types/router.d.js';
1
+ export { q as AuthAPI, p as AuthClient, l as AuthClientOptions, A as AuthConfig, r as AuthInstance, B as BuiltInOAuthProvider, C as CookieConfig, E as ErrorType, G as GetSessionAPIOptions, s as JoseInstance, L as LogLevel, t as Logger, k as OAuthProvider, u as OAuthProviderConfig, j as OAuthProviderCredentials, m as Session, g as SignInAPIOptions, n as SignInOptions, i as SignOutAPIOptions, o as SignOutOptions, T as TrustedOrigin, U as User, v as builtInOAuthProviders, w as createAuth, x as createSyslogMessage } from './index-_aXtxb_s.js';
2
+ export { createAuthClient, createClient } from './client/client.js';
3
+ export { Client, ClientOptions } from '@aura-stack/router/types';
4
+ export { LiteralUnion, Prettify } from './@types/utility.js';
5
+ import 'zod';
8
6
  import './schemas.js';
9
- import '@aura-stack/router/cookie';
7
+ import 'zod/v4';
10
8
  import '@aura-stack/jose';
11
9
  import '@aura-stack/jose/jose';
12
- import './@types/utility.js';
13
-
14
- /**
15
- * Creates the authentication instance with the configuration provided for OAuth provider.
16
- * > NOTE: The handlers returned by this function should be used in the server to handle the authentication routes
17
- * and within the `/auth` base path
18
- *
19
- * @param authConfig - Authentication configuration including OAuth provider
20
- * @returns Authentication instance with handlers to be used in the server
21
- * @example
22
- * const auth = createAuth({
23
- * oauth: ["github", {
24
- * id: "custom-oauth",
25
- * name: "custom-oauth",
26
- * authorizationURL: "https://custom-oauth.com/oauth/authorize",
27
- * accessToken: "https://custom-oauth.com/oauth/token",
28
- * scope: "profile email",
29
- * responseType: "code",
30
- * userInfo: "https://custom-oauth.com/api/userinfo",
31
- * clientId: process.env.AURA_AUTH_CUSTOM_OAUTH_CLIENT_ID!,
32
- * clientSecret: process.env.AURA_AUTH_CUSTOM_OAUTH_CLIENT_SECRET!,
33
- * }]
34
- * })
35
- */
36
- declare const createAuth: (authConfig: AuthConfig) => {
37
- handlers: _aura_stack_router.Router<[_aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {
38
- schemas?: {
39
- params: zod.ZodObject<{
40
- oauth: zod.ZodEnum<{
41
- [x: string & Record<never, never>]: string & Record<never, never>;
42
- github: "github";
43
- bitbucket: "bitbucket";
44
- figma: "figma";
45
- discord: "discord";
46
- gitlab: "gitlab";
47
- spotify: "spotify";
48
- x: "x";
49
- strava: "strava";
50
- mailchimp: "mailchimp";
51
- pinterest: "pinterest";
52
- }>;
53
- }, zod_v4_core.$strip>;
54
- searchParams: zod.ZodObject<{
55
- redirectTo: zod.ZodOptional<zod.ZodString>;
56
- }, zod_v4_core.$strip>;
57
- } | undefined;
58
- }>, _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
59
- schemas?: {
60
- params: zod.ZodObject<{
61
- oauth: zod.ZodEnum<{
62
- [x: string & Record<never, never>]: string & Record<never, never>;
63
- github: "github";
64
- bitbucket: "bitbucket";
65
- figma: "figma";
66
- discord: "discord";
67
- gitlab: "gitlab";
68
- spotify: "spotify";
69
- x: "x";
70
- strava: "strava";
71
- mailchimp: "mailchimp";
72
- pinterest: "pinterest";
73
- }>;
74
- }, zod_v4_core.$strip>;
75
- searchParams: zod.ZodObject<{
76
- code: zod.ZodString;
77
- state: zod.ZodString;
78
- }, zod_v4_core.$strip>;
79
- } | undefined;
80
- }>, _aura_stack_router.RouteEndpoint<"GET", "/session", {
81
- schemas?: _aura_stack_router.EndpointSchemas | undefined;
82
- }>, _aura_stack_router.RouteEndpoint<"POST", "/signOut", {
83
- schemas?: {
84
- searchParams: zod.ZodObject<{
85
- token_type_hint: zod.ZodLiteral<"session_token">;
86
- redirectTo: zod.ZodOptional<zod.ZodString>;
87
- }, zod_v4_core.$strip>;
88
- } | undefined;
89
- }>, _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {
90
- schemas?: _aura_stack_router.EndpointSchemas | undefined;
91
- }>]>;
92
- jose: JoseInstance;
93
- };
94
-
95
- export { AuthConfig, JoseInstance, createAuth };
10
+ import '@aura-stack/jose/crypto';
11
+ import '@aura-stack/router/cookie';
12
+ import 'jose';
13
+ import '@aura-stack/router';
14
+ import 'zod/v4/core';
package/dist/index.js CHANGED
@@ -1,91 +1,59 @@
1
+ import "./chunk-5X7JZMEF.js";
1
2
  import {
2
- createBuiltInOAuthProviders
3
- } from "./chunk-EMKJA2GJ.js";
4
- import "./chunk-42XB3YCW.js";
5
- import "./chunk-FKRDCWBF.js";
6
- import "./chunk-IKHPGFCW.js";
7
- import "./chunk-KRNOMBXQ.js";
8
- import "./chunk-B737EUJV.js";
9
- import "./chunk-HP34YGGJ.js";
10
- import "./chunk-E3OXBRYF.js";
11
- import "./chunk-6R2YZ4AC.js";
12
- import "./chunk-DIVDFNAP.js";
13
- import "./chunk-ITQ7352M.js";
14
- import {
15
- signOutAction
16
- } from "./chunk-A3N4PVAT.js";
17
- import {
18
- callbackAction
19
- } from "./chunk-KSWLO5ZU.js";
20
- import "./chunk-GA2SMTJO.js";
21
- import "./chunk-IVET23KF.js";
22
- import {
23
- csrfTokenAction
24
- } from "./chunk-HT4YLL7N.js";
25
- import {
26
- sessionAction
27
- } from "./chunk-JVFTCTTE.js";
28
- import {
29
- signInAction
30
- } from "./chunk-3EUWD5BB.js";
31
- import "./chunk-N4SX7TZT.js";
32
- import "./chunk-FIPU4MLT.js";
33
- import "./chunk-IUYZQTJV.js";
34
- import {
35
- createCookieStore
36
- } from "./chunk-W6LG7BFW.js";
37
- import "./chunk-STHEPPUZ.js";
38
- import {
39
- createJoseInstance
40
- } from "./chunk-TLE4PXY3.js";
41
- import "./chunk-N2APGLXA.js";
3
+ createAuthClient,
4
+ createClient
5
+ } from "./chunk-4RWSYUKX.js";
42
6
  import {
43
- onErrorHandler,
44
- useSecureCookies
45
- } from "./chunk-CXLATHS5.js";
46
- import "./chunk-EIL2FPSS.js";
47
- import "./chunk-RRLIF4PQ.js";
7
+ createAuth
8
+ } from "./chunk-CWX724AG.js";
9
+ import "./chunk-ITQ7352M.js";
10
+ import "./chunk-NHZBQNRR.js";
11
+ import "./chunk-GNNBM2WJ.js";
12
+ import "./chunk-FPCVZUVG.js";
13
+ import "./chunk-UN7X6SU5.js";
14
+ import "./chunk-7YYXFKLR.js";
15
+ import "./chunk-3J5TUH2I.js";
16
+ import "./chunk-7BE46WWS.js";
17
+ import "./chunk-LAYPUDQF.js";
18
+ import "./chunk-CITNGXDA.js";
19
+ import "./chunk-JOCGX3RP.js";
20
+ import "./chunk-D2CSIUKP.js";
21
+ import "./chunk-LATR3NIV.js";
22
+ import "./chunk-KBXWTD6E.js";
48
23
  import "./chunk-ZNCZVF6U.js";
49
- import "./chunk-YRCB5FLE.js";
50
-
51
- // src/index.ts
52
- import "dotenv/config";
53
- import { createRouter, createClient } from "@aura-stack/router";
54
- var createInternalConfig = (authConfig) => {
55
- const useSecure = authConfig?.trustedProxyHeaders ?? false;
56
- return {
57
- basePath: authConfig?.basePath ?? "/auth",
58
- onError: onErrorHandler,
59
- context: {
60
- oauth: createBuiltInOAuthProviders(authConfig?.oauth),
61
- cookies: createCookieStore(useSecure, authConfig?.cookies?.prefix, authConfig?.cookies?.overrides ?? {}),
62
- jose: createJoseInstance(authConfig?.secret),
63
- secret: authConfig?.secret,
64
- basePath: authConfig?.basePath ?? "/auth",
65
- trustedProxyHeaders: useSecure
66
- },
67
- middlewares: [
68
- (ctx) => {
69
- const useSecure2 = useSecureCookies(ctx.request, ctx.context.trustedProxyHeaders);
70
- const cookies = createCookieStore(useSecure2, authConfig?.cookies?.prefix, authConfig?.cookies?.overrides ?? {});
71
- ctx.context.cookies = cookies;
72
- return ctx;
73
- }
74
- ]
75
- };
76
- };
77
- var createAuth = (authConfig) => {
78
- const config = createInternalConfig(authConfig);
79
- const router = createRouter(
80
- [signInAction(config.context.oauth), callbackAction(config.context.oauth), sessionAction, signOutAction, csrfTokenAction],
81
- config
82
- );
83
- return {
84
- handlers: router,
85
- jose: config.context.jose
86
- };
87
- };
24
+ import "./chunk-V6LLEAR4.js";
25
+ import "./chunk-2IR674WX.js";
26
+ import {
27
+ builtInOAuthProviders
28
+ } from "./chunk-PDP3PHB3.js";
29
+ import "./chunk-LDU7A2JE.js";
30
+ import "./chunk-PHYNROD4.js";
31
+ import "./chunk-E6G5YCI6.js";
32
+ import "./chunk-IPKO6UQN.js";
33
+ import "./chunk-54CZPKR4.js";
34
+ import "./chunk-2GQLSIJ2.js";
35
+ import "./chunk-EEE7UM5T.js";
36
+ import "./chunk-C3A37LQC.js";
37
+ import "./chunk-4YHJ4IEQ.js";
38
+ import "./chunk-OVHNRULD.js";
39
+ import "./chunk-QQEKY4XP.js";
40
+ import "./chunk-KMMAZFSJ.js";
41
+ import "./chunk-FW4W3REU.js";
42
+ import "./chunk-5LZ7TOM3.js";
43
+ import {
44
+ createSyslogMessage
45
+ } from "./chunk-U4RK4LKJ.js";
46
+ import "./chunk-2A5B7GWR.js";
47
+ import "./chunk-UZQJJD6A.js";
48
+ import "./chunk-LX3TJ2TJ.js";
49
+ import "./chunk-XY5R3EHH.js";
50
+ import "./chunk-WHNDRO3N.js";
51
+ import "./chunk-U5663F2U.js";
52
+ import "./chunk-EBAMFRB7.js";
88
53
  export {
54
+ builtInOAuthProviders,
89
55
  createAuth,
90
- createClient
56
+ createAuthClient,
57
+ createClient,
58
+ createSyslogMessage
91
59
  };
package/dist/jose.cjs CHANGED
@@ -1,9 +1,7 @@
1
1
  "use strict";
2
- var __create = Object.create;
3
2
  var __defProp = Object.defineProperty;
4
3
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
4
  var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
5
  var __hasOwnProp = Object.prototype.hasOwnProperty;
8
6
  var __export = (target, all) => {
9
7
  for (var name in all)
@@ -17,30 +15,56 @@ var __copyProps = (to, from, except, desc) => {
17
15
  }
18
16
  return to;
19
17
  };
20
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
- // If the importer is in node compatibility mode or this is not an ESM
22
- // file that has been converted to a CommonJS file using a Babel-
23
- // compatible transform (i.e. "__esModule" has not been set), then set
24
- // "default" to the CommonJS "module.exports" for node compatibility.
25
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
- mod
27
- ));
28
18
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
19
 
30
20
  // src/jose.ts
31
21
  var jose_exports = {};
32
22
  __export(jose_exports, {
33
- createJoseInstance: () => createJoseInstance
23
+ base64url: () => import_jose2.base64url,
24
+ createJoseInstance: () => createJoseInstance,
25
+ decodeJWTOptions: () => decodeJWTOptions,
26
+ encoder: () => import_crypto.encoder,
27
+ getRandomBytes: () => import_crypto.getRandomBytes,
28
+ getSubtleCrypto: () => import_crypto.getSubtleCrypto,
29
+ jwtVerificationOptions: () => jwtVerificationOptions
34
30
  });
35
31
  module.exports = __toCommonJS(jose_exports);
36
- var import_config = require("dotenv/config");
37
- var import_jose = require("@aura-stack/jose");
38
32
 
39
- // src/secure.ts
40
- var import_crypto = __toESM(require("crypto"), 1);
33
+ // src/env.ts
34
+ var import_meta = {};
35
+ var env = new Proxy({}, {
36
+ get(_, prop) {
37
+ if (typeof prop !== "string") return void 0;
38
+ const hasProperty = (process2) => {
39
+ return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
40
+ };
41
+ try {
42
+ if (typeof process !== "undefined" && hasProperty(process.env)) {
43
+ return process.env[prop];
44
+ }
45
+ if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
46
+ return import_meta.env[prop];
47
+ }
48
+ if (typeof Deno !== "undefined" && Deno.env?.get) {
49
+ return Deno.env.get(prop);
50
+ }
51
+ if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
52
+ return Bun.env[prop];
53
+ }
54
+ const globalValue = globalThis[prop];
55
+ return typeof globalValue === "string" ? globalValue : void 0;
56
+ } catch {
57
+ return void 0;
58
+ }
59
+ }
60
+ });
61
+ var getEnv = (key) => {
62
+ const keys = [`AURA_AUTH_${key.toUpperCase()}`, `AURA_${key.toUpperCase()}`, `AUTH_${key.toUpperCase()}`, key.toUpperCase()];
63
+ return env[keys.find((k) => env[k]) ?? ""];
64
+ };
41
65
 
42
- // src/utils.ts
43
- var import_router = require("@aura-stack/router");
66
+ // src/jose.ts
67
+ var import_jose = require("@aura-stack/jose");
44
68
 
45
69
  // src/errors.ts
46
70
  var AuthInternalError = class extends Error {
@@ -54,38 +78,89 @@ var AuthInternalError = class extends Error {
54
78
  }
55
79
  };
56
80
 
57
- // src/secure.ts
58
- var createDerivedSalt = (secret) => {
59
- return import_crypto.default.createHash("sha256").update(secret).update("aura-auth-salt").digest("hex");
60
- };
61
-
62
81
  // src/jose.ts
82
+ var import_jose2 = require("@aura-stack/jose/jose");
83
+ var import_crypto = require("@aura-stack/jose/crypto");
63
84
  var createJoseInstance = (secret) => {
64
- const env = process.env;
65
- secret ??= env.AURA_AUTH_SECRET ?? env.AUTH_SECRET;
85
+ secret ??= getEnv("SECRET");
66
86
  if (!secret) {
67
87
  throw new AuthInternalError(
68
88
  "JOSE_INITIALIZATION_FAILED",
69
89
  "AURA_AUTH_SECRET environment variable is not set and no secret was provided."
70
90
  );
71
91
  }
72
- const salt = env.AURA_AUTH_SALT ?? env.AUTH_SALT ?? createDerivedSalt(secret);
73
- const { derivedKey: derivedSigningKey } = (0, import_jose.createDeriveKey)(secret, salt, "signing");
74
- const { derivedKey: derivedEncryptionKey } = (0, import_jose.createDeriveKey)(secret, salt, "encryption");
75
- const { derivedKey: derivedCsrfTokenKey } = (0, import_jose.createDeriveKey)(secret, salt, "csrfToken");
76
- const { decodeJWT, encodeJWT } = (0, import_jose.createJWT)({ jws: derivedSigningKey, jwe: derivedEncryptionKey });
77
- const { signJWS, verifyJWS } = (0, import_jose.createJWS)(derivedCsrfTokenKey);
78
- const { encryptJWE, decryptJWE } = (0, import_jose.createJWE)(derivedEncryptionKey);
92
+ const salt = getEnv("SALT");
93
+ if (!salt) {
94
+ throw new AuthInternalError(
95
+ "JOSE_INITIALIZATION_FAILED",
96
+ "AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation."
97
+ );
98
+ }
99
+ try {
100
+ (0, import_jose.createSecret)(salt);
101
+ } catch (error) {
102
+ throw new AuthInternalError(
103
+ "INVALID_SALT_SECRET_VALUE",
104
+ "AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.",
105
+ { cause: error }
106
+ );
107
+ }
108
+ const jose = (async () => {
109
+ const derivedSigningKey = await (0, import_jose.createDeriveKey)(secret, salt, "signing");
110
+ const derivedEncryptionKey = await (0, import_jose.createDeriveKey)(secret, salt, "encryption");
111
+ const derivedCsrfTokenKey = await (0, import_jose.createDeriveKey)(secret, salt, "csrfToken");
112
+ return {
113
+ jwt: (0, import_jose.createJWT)({ jws: derivedSigningKey, jwe: derivedEncryptionKey }),
114
+ jws: (0, import_jose.createJWS)(derivedCsrfTokenKey),
115
+ jwe: (0, import_jose.createJWE)(derivedEncryptionKey)
116
+ };
117
+ })();
118
+ jose.catch(() => {
119
+ });
79
120
  return {
80
- decodeJWT,
81
- encodeJWT,
82
- signJWS,
83
- verifyJWS,
84
- encryptJWE,
85
- decryptJWE
121
+ decodeJWT: async (token, options) => {
122
+ const { jwt } = await jose;
123
+ return jwt.decodeJWT(token, options);
124
+ },
125
+ encodeJWT: async (payload) => {
126
+ const { jwt } = await jose;
127
+ return jwt.encodeJWT(payload);
128
+ },
129
+ signJWS: async (...args) => {
130
+ const { jws } = await jose;
131
+ return jws.signJWS(...args);
132
+ },
133
+ verifyJWS: async (...args) => {
134
+ const { jws } = await jose;
135
+ return jws.verifyJWS(...args);
136
+ },
137
+ encryptJWE: async (...args) => {
138
+ const { jwe } = await jose;
139
+ return jwe.encryptJWE(...args);
140
+ },
141
+ decryptJWE: async (...args) => {
142
+ const { jwe } = await jose;
143
+ return jwe.decryptJWE(...args);
144
+ }
86
145
  };
87
146
  };
147
+ var jwtVerificationOptions = {
148
+ algorithms: ["HS256"],
149
+ typ: "JWT"
150
+ };
151
+ var decodeJWTOptions = {
152
+ jws: jwtVerificationOptions,
153
+ jwt: {
154
+ typ: "JWT"
155
+ }
156
+ };
88
157
  // Annotate the CommonJS export names for ESM import in node:
89
158
  0 && (module.exports = {
90
- createJoseInstance
159
+ base64url,
160
+ createJoseInstance,
161
+ decodeJWTOptions,
162
+ encoder,
163
+ getRandomBytes,
164
+ getSubtleCrypto,
165
+ jwtVerificationOptions
91
166
  });
package/dist/jose.d.ts CHANGED
@@ -1,23 +1,12 @@
1
- import * as _aura_stack_jose from '@aura-stack/jose';
2
- import * as _aura_stack_jose_jose from '@aura-stack/jose/jose';
3
- export { JWTPayload } from '@aura-stack/jose/jose';
4
-
5
- /**
6
- * Creates the JOSE instance used for signing and verifying tokens. It derives keys
7
- * for session tokens and CSRF tokens. For security and determinism, it uses the
8
- * `AURA_AUTH_SALT` environment variable if available; otherwise,it uses a derived
9
- * salt based on the provided secret.
10
- *
11
- * @param secret the base secret for key derivation
12
- * @returns jose instance with methods for encoding/decoding JWTs and signing/verifying JWSs
13
- */
14
- declare const createJoseInstance: (secret?: string) => {
15
- decodeJWT: (token: string) => Promise<_aura_stack_jose_jose.JWTPayload>;
16
- encodeJWT: (payload: _aura_stack_jose_jose.JWTPayload) => Promise<string>;
17
- signJWS: (payload: _aura_stack_jose_jose.JWTPayload) => Promise<string>;
18
- verifyJWS: (payload: string, options?: _aura_stack_jose.JWTVerifyOptions) => Promise<_aura_stack_jose_jose.JWTPayload>;
19
- encryptJWE: (payload: string, options?: _aura_stack_jose.EncryptOptions) => Promise<string>;
20
- decryptJWE: (payload: string, options?: _aura_stack_jose.JWTDecryptOptions) => Promise<string>;
21
- };
22
-
23
- export { createJoseInstance };
1
+ import '@aura-stack/jose';
2
+ export { JWTPayload, base64url } from '@aura-stack/jose/jose';
3
+ export { encoder, getRandomBytes, getSubtleCrypto } from '@aura-stack/jose/crypto';
4
+ export { K as createJoseInstance, M as decodeJWTOptions, N as jwtVerificationOptions } from './index-_aXtxb_s.js';
5
+ import 'zod';
6
+ import './schemas.js';
7
+ import 'zod/v4';
8
+ import '@aura-stack/router/cookie';
9
+ import './@types/utility.js';
10
+ import 'jose';
11
+ import '@aura-stack/router';
12
+ import 'zod/v4/core';
package/dist/jose.js CHANGED
@@ -1,10 +1,20 @@
1
1
  import {
2
- createJoseInstance
3
- } from "./chunk-TLE4PXY3.js";
4
- import "./chunk-N2APGLXA.js";
5
- import "./chunk-CXLATHS5.js";
6
- import "./chunk-EIL2FPSS.js";
7
- import "./chunk-RRLIF4PQ.js";
2
+ base64url,
3
+ createJoseInstance,
4
+ decodeJWTOptions,
5
+ encoder,
6
+ getRandomBytes,
7
+ getSubtleCrypto,
8
+ jwtVerificationOptions
9
+ } from "./chunk-UZQJJD6A.js";
10
+ import "./chunk-WHNDRO3N.js";
11
+ import "./chunk-U5663F2U.js";
8
12
  export {
9
- createJoseInstance
13
+ base64url,
14
+ createJoseInstance,
15
+ decodeJWTOptions,
16
+ encoder,
17
+ getRandomBytes,
18
+ getSubtleCrypto,
19
+ jwtVerificationOptions
10
20
  };