@aura-stack/auth 0.4.0-rc.5 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (201) hide show
  1. package/dist/@types/index.d.ts +8 -3
  2. package/dist/@types/router.d.cjs +0 -17
  3. package/dist/@types/router.d.d.ts +7 -2
  4. package/dist/@types/router.d.js +0 -1
  5. package/dist/actions/callback/access-token.cjs +130 -71
  6. package/dist/actions/callback/access-token.d.ts +9 -4
  7. package/dist/actions/callback/access-token.js +3 -4
  8. package/dist/actions/callback/callback.cjs +428 -152
  9. package/dist/actions/callback/callback.d.ts +11 -3
  10. package/dist/actions/callback/callback.js +12 -10
  11. package/dist/actions/callback/userinfo.cjs +159 -65
  12. package/dist/actions/callback/userinfo.d.ts +8 -3
  13. package/dist/actions/callback/userinfo.js +7 -6
  14. package/dist/actions/csrfToken/csrfToken.cjs +70 -19
  15. package/dist/actions/csrfToken/csrfToken.js +8 -7
  16. package/dist/actions/index.cjs +780 -348
  17. package/dist/actions/index.d.ts +6 -2
  18. package/dist/actions/index.js +23 -18
  19. package/dist/actions/session/session.cjs +107 -26
  20. package/dist/actions/session/session.js +7 -5
  21. package/dist/actions/signIn/authorization-url.cjs +288 -0
  22. package/dist/actions/signIn/authorization-url.d.ts +31 -0
  23. package/dist/actions/signIn/authorization-url.js +16 -0
  24. package/dist/actions/signIn/authorization.cjs +209 -211
  25. package/dist/actions/signIn/authorization.d.ts +32 -21
  26. package/dist/actions/signIn/authorization.js +12 -9
  27. package/dist/actions/signIn/signIn.cjs +470 -235
  28. package/dist/actions/signIn/signIn.d.ts +12 -3
  29. package/dist/actions/signIn/signIn.js +11 -8
  30. package/dist/actions/signOut/signOut.cjs +376 -228
  31. package/dist/actions/signOut/signOut.d.ts +1 -1
  32. package/dist/actions/signOut/signOut.js +10 -9
  33. package/dist/api/createApi.cjs +750 -0
  34. package/dist/api/createApi.d.ts +12 -0
  35. package/dist/api/createApi.js +19 -0
  36. package/dist/api/getSession.cjs +141 -0
  37. package/dist/api/getSession.d.ts +16 -0
  38. package/dist/api/getSession.js +10 -0
  39. package/dist/api/signIn.cjs +549 -0
  40. package/dist/api/signIn.d.ts +26 -0
  41. package/dist/api/signIn.js +15 -0
  42. package/dist/api/signOut.cjs +279 -0
  43. package/dist/api/signOut.d.ts +16 -0
  44. package/dist/api/signOut.js +13 -0
  45. package/dist/assert.cjs +150 -5
  46. package/dist/assert.d.ts +26 -3
  47. package/dist/assert.js +17 -3
  48. package/dist/{chunk-YRCB5FLE.js → chunk-2A5B7GWR.js} +52 -6
  49. package/dist/chunk-2GQLSIJ2.js +40 -0
  50. package/dist/chunk-2IR674WX.js +44 -0
  51. package/dist/chunk-3J5TUH2I.js +50 -0
  52. package/dist/chunk-4RWSYUKX.js +98 -0
  53. package/dist/chunk-4YHJ4IEQ.js +25 -0
  54. package/dist/chunk-54CZPKR4.js +25 -0
  55. package/dist/chunk-5LZ7TOM3.js +25 -0
  56. package/dist/chunk-7BE46WWS.js +88 -0
  57. package/dist/chunk-7YYXFKLR.js +35 -0
  58. package/dist/chunk-C3A37LQC.js +33 -0
  59. package/dist/chunk-CITNGXDA.js +31 -0
  60. package/dist/chunk-CWX724AG.js +78 -0
  61. package/dist/chunk-D2CSIUKP.js +74 -0
  62. package/dist/chunk-E6G5YCI6.js +25 -0
  63. package/dist/chunk-EBAMFRB7.js +34 -0
  64. package/dist/chunk-EEE7UM5T.js +25 -0
  65. package/dist/{chunk-HT4YLL7N.js → chunk-FPCVZUVG.js} +10 -8
  66. package/dist/chunk-FW4W3REU.js +25 -0
  67. package/dist/chunk-GNNBM2WJ.js +83 -0
  68. package/dist/chunk-IPKO6UQN.js +25 -0
  69. package/dist/chunk-JOCGX3RP.js +59 -0
  70. package/dist/chunk-KBXWTD6E.js +94 -0
  71. package/dist/chunk-KMMAZFSJ.js +25 -0
  72. package/dist/chunk-LATR3NIV.js +117 -0
  73. package/dist/chunk-LAYPUDQF.js +39 -0
  74. package/dist/chunk-LDU7A2JE.js +25 -0
  75. package/dist/chunk-LX3TJ2TJ.js +294 -0
  76. package/dist/chunk-NHZBQNRR.js +143 -0
  77. package/dist/chunk-OVHNRULD.js +33 -0
  78. package/dist/chunk-PDP3PHB3.js +127 -0
  79. package/dist/chunk-PHYNROD4.js +47 -0
  80. package/dist/chunk-QQEKY4XP.js +29 -0
  81. package/dist/chunk-U4RK4LKJ.js +348 -0
  82. package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
  83. package/dist/chunk-UN7X6SU5.js +53 -0
  84. package/dist/chunk-UZQJJD6A.js +100 -0
  85. package/dist/chunk-V6LLEAR4.js +80 -0
  86. package/dist/chunk-WHNDRO3N.js +50 -0
  87. package/dist/{chunk-W6LG7BFW.js → chunk-XY5R3EHH.js} +30 -23
  88. package/dist/client/client.cjs +135 -0
  89. package/dist/client/client.d.ts +85 -0
  90. package/dist/client/client.js +9 -0
  91. package/dist/client/index.cjs +135 -0
  92. package/dist/client/index.d.ts +14 -0
  93. package/dist/client/index.js +10 -0
  94. package/dist/context.cjs +1237 -0
  95. package/dist/context.d.ts +16 -0
  96. package/dist/context.js +28 -0
  97. package/dist/cookie.cjs +57 -22
  98. package/dist/cookie.d.ts +11 -6
  99. package/dist/cookie.js +3 -2
  100. package/dist/createAuth.cjs +2320 -0
  101. package/dist/createAuth.d.ts +12 -0
  102. package/dist/createAuth.js +48 -0
  103. package/dist/env.cjs +78 -0
  104. package/dist/env.d.ts +10 -0
  105. package/dist/env.js +12 -0
  106. package/dist/errors.cjs +17 -0
  107. package/dist/errors.d.ts +15 -4
  108. package/dist/errors.js +5 -1
  109. package/dist/headers.cjs +28 -2
  110. package/dist/headers.d.ts +25 -1
  111. package/dist/headers.js +9 -3
  112. package/dist/index-_aXtxb_s.d.ts +1377 -0
  113. package/dist/index.cjs +1843 -610
  114. package/dist/index.d.ts +11 -92
  115. package/dist/index.js +53 -85
  116. package/dist/jose.cjs +113 -38
  117. package/dist/jose.d.ts +12 -23
  118. package/dist/jose.js +17 -7
  119. package/dist/logger.cjs +424 -0
  120. package/dist/logger.d.ts +12 -0
  121. package/dist/logger.js +17 -0
  122. package/dist/oauth/atlassian.cjs +57 -0
  123. package/dist/oauth/atlassian.d.ts +12 -0
  124. package/dist/oauth/atlassian.js +6 -0
  125. package/dist/oauth/bitbucket.cjs +19 -15
  126. package/dist/oauth/bitbucket.d.ts +7 -2
  127. package/dist/oauth/bitbucket.js +1 -1
  128. package/dist/oauth/discord.cjs +27 -24
  129. package/dist/oauth/discord.d.ts +7 -2
  130. package/dist/oauth/discord.js +1 -1
  131. package/dist/oauth/dropbox.cjs +53 -0
  132. package/dist/oauth/dropbox.d.ts +12 -0
  133. package/dist/oauth/dropbox.js +6 -0
  134. package/dist/oauth/figma.cjs +19 -16
  135. package/dist/oauth/figma.d.ts +7 -2
  136. package/dist/oauth/figma.js +1 -1
  137. package/dist/oauth/github.cjs +19 -8
  138. package/dist/oauth/github.d.ts +7 -2
  139. package/dist/oauth/github.js +1 -1
  140. package/dist/oauth/gitlab.cjs +19 -16
  141. package/dist/oauth/gitlab.d.ts +7 -2
  142. package/dist/oauth/gitlab.js +1 -1
  143. package/dist/oauth/index.cjs +529 -239
  144. package/dist/oauth/index.d.ts +7 -2
  145. package/dist/oauth/index.js +39 -22
  146. package/dist/oauth/mailchimp.cjs +19 -16
  147. package/dist/oauth/mailchimp.d.ts +7 -2
  148. package/dist/oauth/mailchimp.js +1 -1
  149. package/dist/oauth/notion.cjs +131 -0
  150. package/dist/oauth/notion.d.ts +12 -0
  151. package/dist/oauth/notion.js +9 -0
  152. package/dist/oauth/pinterest.cjs +19 -16
  153. package/dist/oauth/pinterest.d.ts +7 -2
  154. package/dist/oauth/pinterest.js +1 -1
  155. package/dist/oauth/spotify.cjs +19 -16
  156. package/dist/oauth/spotify.d.ts +7 -2
  157. package/dist/oauth/spotify.js +1 -1
  158. package/dist/oauth/strava.cjs +19 -16
  159. package/dist/oauth/strava.d.ts +7 -2
  160. package/dist/oauth/strava.js +1 -1
  161. package/dist/oauth/twitch.cjs +95 -0
  162. package/dist/oauth/twitch.d.ts +12 -0
  163. package/dist/oauth/twitch.js +7 -0
  164. package/dist/oauth/x.cjs +19 -16
  165. package/dist/oauth/x.d.ts +7 -2
  166. package/dist/oauth/x.js +1 -1
  167. package/dist/schemas.cjs +89 -42
  168. package/dist/schemas.d.ts +114 -18
  169. package/dist/schemas.js +5 -3
  170. package/dist/secure.cjs +73 -31
  171. package/dist/secure.d.ts +11 -11
  172. package/dist/secure.js +7 -6
  173. package/dist/utils.cjs +203 -90
  174. package/dist/utils.d.ts +21 -40
  175. package/dist/utils.js +21 -12
  176. package/package.json +9 -6
  177. package/dist/chunk-3EUWD5BB.js +0 -63
  178. package/dist/chunk-42XB3YCW.js +0 -22
  179. package/dist/chunk-6R2YZ4AC.js +0 -22
  180. package/dist/chunk-A3N4PVAT.js +0 -70
  181. package/dist/chunk-B737EUJV.js +0 -22
  182. package/dist/chunk-CXLATHS5.js +0 -143
  183. package/dist/chunk-E3OXBRYF.js +0 -22
  184. package/dist/chunk-EIL2FPSS.js +0 -22
  185. package/dist/chunk-EMKJA2GJ.js +0 -89
  186. package/dist/chunk-FIPU4MLT.js +0 -21
  187. package/dist/chunk-FKRDCWBF.js +0 -22
  188. package/dist/chunk-GA2SMTJO.js +0 -58
  189. package/dist/chunk-HP34YGGJ.js +0 -22
  190. package/dist/chunk-IKHPGFCW.js +0 -14
  191. package/dist/chunk-IUYZQTJV.js +0 -30
  192. package/dist/chunk-IVET23KF.js +0 -58
  193. package/dist/chunk-JVFTCTTE.js +0 -33
  194. package/dist/chunk-KRNOMBXQ.js +0 -22
  195. package/dist/chunk-KSWLO5ZU.js +0 -102
  196. package/dist/chunk-N2APGLXA.js +0 -71
  197. package/dist/chunk-N4SX7TZT.js +0 -96
  198. package/dist/chunk-STHEPPUZ.js +0 -11
  199. package/dist/chunk-TLE4PXY3.js +0 -39
  200. package/dist/index-B8jeIElf.d.ts +0 -679
  201. /package/dist/{chunk-DIVDFNAP.js → chunk-5X7JZMEF.js} +0 -0
@@ -1,11 +1,15 @@
1
1
  import * as _aura_stack_router from '@aura-stack/router';
2
- import { z } from 'zod';
3
- import { j as OAuthProviderRecord } from '../../index-B8jeIElf.js';
2
+ import { z } from 'zod/v4';
3
+ import { O as OAuthProviderRecord } from '../../index-_aXtxb_s.js';
4
+ import 'zod';
4
5
  import '../../schemas.js';
5
- import '@aura-stack/router/cookie';
6
6
  import '@aura-stack/jose';
7
7
  import '@aura-stack/jose/jose';
8
+ import '@aura-stack/jose/crypto';
9
+ import '@aura-stack/router/cookie';
8
10
  import '../../@types/utility.js';
11
+ import 'jose';
12
+ import 'zod/v4/core';
9
13
 
10
14
  declare const callbackAction: (oauth: OAuthProviderRecord) => _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
11
15
  schemas?: {
@@ -22,6 +26,10 @@ declare const callbackAction: (oauth: OAuthProviderRecord) => _aura_stack_router
22
26
  strava: "strava";
23
27
  mailchimp: "mailchimp";
24
28
  pinterest: "pinterest";
29
+ twitch: "twitch";
30
+ notion: "notion";
31
+ dropbox: "dropbox";
32
+ atlassian: "atlassian";
25
33
  }>;
26
34
  }, z.core.$strip>;
27
35
  searchParams: z.ZodObject<{
@@ -1,16 +1,18 @@
1
1
  import {
2
2
  callbackAction
3
- } from "../../chunk-KSWLO5ZU.js";
4
- import "../../chunk-GA2SMTJO.js";
5
- import "../../chunk-IVET23KF.js";
6
- import "../../chunk-W6LG7BFW.js";
7
- import "../../chunk-STHEPPUZ.js";
8
- import "../../chunk-N2APGLXA.js";
9
- import "../../chunk-CXLATHS5.js";
10
- import "../../chunk-EIL2FPSS.js";
11
- import "../../chunk-RRLIF4PQ.js";
3
+ } from "../../chunk-NHZBQNRR.js";
4
+ import "../../chunk-GNNBM2WJ.js";
5
+ import "../../chunk-7BE46WWS.js";
6
+ import "../../chunk-LATR3NIV.js";
12
7
  import "../../chunk-ZNCZVF6U.js";
13
- import "../../chunk-YRCB5FLE.js";
8
+ import "../../chunk-V6LLEAR4.js";
9
+ import "../../chunk-2A5B7GWR.js";
10
+ import "../../chunk-UZQJJD6A.js";
11
+ import "../../chunk-LX3TJ2TJ.js";
12
+ import "../../chunk-XY5R3EHH.js";
13
+ import "../../chunk-WHNDRO3N.js";
14
+ import "../../chunk-U5663F2U.js";
15
+ import "../../chunk-EBAMFRB7.js";
14
16
  export {
15
17
  callbackAction
16
18
  };
@@ -1,9 +1,7 @@
1
1
  "use strict";
2
- var __create = Object.create;
3
2
  var __defProp = Object.defineProperty;
4
3
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
4
  var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
5
  var __hasOwnProp = Object.prototype.hasOwnProperty;
8
6
  var __export = (target, all) => {
9
7
  for (var name in all)
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
17
15
  }
18
16
  return to;
19
17
  };
20
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
- // If the importer is in node compatibility mode or this is not an ESM
22
- // file that has been converted to a CommonJS file using a Babel-
23
- // compatible transform (i.e. "__esModule" has not been set), then set
24
- // "default" to the CommonJS "module.exports" for node compatibility.
25
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
- mod
27
- ));
28
18
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
19
 
30
20
  // src/actions/callback/userinfo.ts
@@ -45,9 +35,6 @@ var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
45
35
  return response;
46
36
  };
47
37
 
48
- // src/secure.ts
49
- var import_crypto = __toESM(require("crypto"), 1);
50
-
51
38
  // src/utils.ts
52
39
  var import_router = require("@aura-stack/router");
53
40
 
@@ -71,34 +58,119 @@ var isOAuthProtocolError = (error) => {
71
58
  return error instanceof OAuthProtocolError;
72
59
  };
73
60
 
61
+ // src/env.ts
62
+ var import_meta = {};
63
+ var env = new Proxy({}, {
64
+ get(_, prop) {
65
+ if (typeof prop !== "string") return void 0;
66
+ const hasProperty = (process2) => {
67
+ return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
68
+ };
69
+ try {
70
+ if (typeof process !== "undefined" && hasProperty(process.env)) {
71
+ return process.env[prop];
72
+ }
73
+ if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
74
+ return import_meta.env[prop];
75
+ }
76
+ if (typeof Deno !== "undefined" && Deno.env?.get) {
77
+ return Deno.env.get(prop);
78
+ }
79
+ if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
80
+ return Bun.env[prop];
81
+ }
82
+ const globalValue = globalThis[prop];
83
+ return typeof globalValue === "string" ? globalValue : void 0;
84
+ } catch {
85
+ return void 0;
86
+ }
87
+ }
88
+ });
89
+
90
+ // src/assert.ts
91
+ var import_crypto = require("@aura-stack/jose/crypto");
92
+
93
+ // src/utils.ts
94
+ var AURA_AUTH_VERSION = "0.4.0";
95
+
96
+ // src/jose.ts
97
+ var import_jose = require("@aura-stack/jose");
98
+ var import_jose2 = require("@aura-stack/jose/jose");
99
+ var import_crypto2 = require("@aura-stack/jose/crypto");
100
+
74
101
  // src/secure.ts
75
102
  var generateSecure = (length = 32) => {
76
- return import_crypto.default.randomBytes(length).toString("base64url");
103
+ return import_jose2.base64url.encode((0, import_crypto2.getRandomBytes)(length));
77
104
  };
78
105
 
79
106
  // src/schemas.ts
80
- var import_zod = require("zod");
81
- var OAuthProviderConfigSchema = (0, import_zod.object)({
82
- authorizeURL: (0, import_zod.string)().url(),
83
- accessToken: (0, import_zod.string)().url(),
84
- scope: (0, import_zod.string)().optional(),
85
- userInfo: (0, import_zod.string)().url(),
86
- responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
87
- clientId: (0, import_zod.string)(),
88
- clientSecret: (0, import_zod.string)()
107
+ var import_v4 = require("zod/v4");
108
+ var AuthorizeConfigSchema = import_v4.z.union([
109
+ (0, import_v4.string)().url(),
110
+ (0, import_v4.object)({
111
+ url: (0, import_v4.string)().url(),
112
+ params: (0, import_v4.object)({
113
+ responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
114
+ scope: (0, import_v4.string)().optional()
115
+ })
116
+ })
117
+ ]);
118
+ var AccessTokenConfigSchema = import_v4.z.union([
119
+ (0, import_v4.string)().url(),
120
+ (0, import_v4.object)({
121
+ url: (0, import_v4.string)().url(),
122
+ headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional()
123
+ })
124
+ ]);
125
+ var UserInfoConfigSchema = import_v4.z.union([
126
+ (0, import_v4.string)().url(),
127
+ (0, import_v4.object)({
128
+ url: (0, import_v4.string)().url(),
129
+ headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional(),
130
+ method: (0, import_v4.string)().optional()
131
+ })
132
+ ]);
133
+ var OAuthProviderCredentialsSchema = (0, import_v4.object)({
134
+ id: (0, import_v4.string)(),
135
+ name: (0, import_v4.string)(),
136
+ authorize: AuthorizeConfigSchema.optional(),
137
+ /** @deprecated */
138
+ authorizeURL: (0, import_v4.string)().url().optional(),
139
+ accessToken: AccessTokenConfigSchema,
140
+ /** @deprecated */
141
+ scope: (0, import_v4.string)().optional(),
142
+ userInfo: UserInfoConfigSchema,
143
+ /** @deprecated */
144
+ responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
145
+ clientId: (0, import_v4.string)(),
146
+ clientSecret: (0, import_v4.string)(),
147
+ profile: import_v4.z.function().optional()
148
+ });
149
+ var OAuthProviderConfigSchema = (0, import_v4.object)({
150
+ authorize: AuthorizeConfigSchema.optional(),
151
+ /** @deprecated */
152
+ authorizeURL: (0, import_v4.string)().url().optional(),
153
+ accessToken: AccessTokenConfigSchema,
154
+ /** @deprecated */
155
+ scope: (0, import_v4.string)().optional(),
156
+ userInfo: UserInfoConfigSchema,
157
+ /** @deprecated */
158
+ responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
159
+ clientId: (0, import_v4.string)(),
160
+ clientSecret: (0, import_v4.string)()
89
161
  });
90
162
  var OAuthAuthorization = OAuthProviderConfigSchema.extend({
91
- redirectURI: (0, import_zod.string)(),
92
- state: (0, import_zod.string)(),
93
- codeChallenge: (0, import_zod.string)(),
94
- codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
163
+ redirectURI: (0, import_v4.string)(),
164
+ state: (0, import_v4.string)(),
165
+ codeChallenge: (0, import_v4.string)(),
166
+ codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
95
167
  });
96
- var OAuthAuthorizationResponse = (0, import_zod.object)({
97
- state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
98
- code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
168
+ var OAuthAuthorizationResponse = (0, import_v4.object)({
169
+ state: (0, import_v4.string)({ message: "Missing state parameter in the OAuth authorization response." }),
170
+ code: (0, import_v4.string)({ message: "Missing code parameter in the OAuth authorization response." })
99
171
  });
100
- var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
101
- error: (0, import_zod.enum)([
172
+ var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
173
+ error: (0, import_v4.enum)([
102
174
  "invalid_request",
103
175
  "unauthorized_client",
104
176
  "access_denied",
@@ -107,24 +179,24 @@ var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
107
179
  "server_error",
108
180
  "temporarily_unavailable"
109
181
  ]),
110
- error_description: (0, import_zod.string)().optional(),
111
- error_uri: (0, import_zod.string)().optional(),
112
- state: (0, import_zod.string)()
182
+ error_description: (0, import_v4.string)().optional(),
183
+ error_uri: (0, import_v4.string)().optional(),
184
+ state: (0, import_v4.string)()
113
185
  });
114
186
  var OAuthAccessToken = OAuthProviderConfigSchema.extend({
115
- redirectURI: (0, import_zod.string)(),
116
- code: (0, import_zod.string)(),
117
- codeVerifier: (0, import_zod.string)().min(43).max(128)
187
+ redirectURI: (0, import_v4.string)(),
188
+ code: (0, import_v4.string)(),
189
+ codeVerifier: (0, import_v4.string)().min(43).max(128)
118
190
  });
119
- var OAuthAccessTokenResponse = (0, import_zod.object)({
120
- access_token: (0, import_zod.string)(),
121
- token_type: (0, import_zod.string)().optional(),
122
- expires_in: (0, import_zod.number)().optional(),
123
- refresh_token: (0, import_zod.string)().optional(),
124
- scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
191
+ var OAuthAccessTokenResponse = (0, import_v4.object)({
192
+ access_token: (0, import_v4.string)(),
193
+ token_type: (0, import_v4.string)().optional(),
194
+ expires_in: (0, import_v4.number)().optional(),
195
+ refresh_token: (0, import_v4.string)().optional(),
196
+ scope: (0, import_v4.union)([(0, import_v4.string)().optional().or((0, import_v4.null)()), (0, import_v4.array)((0, import_v4.string)()).optional()])
125
197
  });
126
- var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
127
- error: (0, import_zod.enum)([
198
+ var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
199
+ error: (0, import_v4.enum)([
128
200
  "invalid_request",
129
201
  "invalid_client",
130
202
  "invalid_grant",
@@ -132,16 +204,16 @@ var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
132
204
  "unsupported_grant_type",
133
205
  "invalid_scope"
134
206
  ]),
135
- error_description: (0, import_zod.string)().optional(),
136
- error_uri: (0, import_zod.string)().optional()
207
+ error_description: (0, import_v4.string)().optional(),
208
+ error_uri: (0, import_v4.string)().optional()
137
209
  });
138
- var OAuthErrorResponse = (0, import_zod.object)({
139
- error: (0, import_zod.string)(),
140
- error_description: (0, import_zod.string)().optional()
210
+ var OAuthErrorResponse = (0, import_v4.object)({
211
+ error: (0, import_v4.string)(),
212
+ error_description: (0, import_v4.string)().optional()
141
213
  });
142
- var OAuthEnvSchema = (0, import_zod.object)({
143
- clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
144
- clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
214
+ var OAuthEnvSchema = (0, import_v4.object)({
215
+ clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
216
+ clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
145
217
  });
146
218
 
147
219
  // src/actions/callback/userinfo.ts
@@ -154,33 +226,55 @@ var getDefaultUserInfo = (profile) => {
154
226
  image: profile?.image ?? profile?.picture
155
227
  };
156
228
  };
157
- var getUserInfo = async (oauthConfig, accessToken) => {
158
- const userinfoEndpoint = oauthConfig.userInfo;
229
+ var getUserInfo = async (oauthConfig, accessToken, logger) => {
230
+ const userInfoConfig = oauthConfig.userInfo;
231
+ const userinfoURL = typeof userInfoConfig === "string" ? userInfoConfig : userInfoConfig.url;
232
+ const extraHeaders = typeof userInfoConfig === "string" ? void 0 : userInfoConfig.headers;
233
+ const method = typeof userInfoConfig === "string" ? "GET" : (userInfoConfig.method ?? "GET").toUpperCase();
159
234
  try {
160
- const response = await fetchAsync(userinfoEndpoint, {
161
- method: "GET",
235
+ logger?.log("OAUTH_USERINFO_REQUEST_INITIATED", {
236
+ structuredData: {
237
+ endpoint: userinfoURL
238
+ }
239
+ });
240
+ const response = await fetchAsync(userinfoURL, {
241
+ method,
162
242
  headers: {
243
+ "User-Agent": `Aura Auth/${AURA_AUTH_VERSION}`,
163
244
  Accept: "application/json",
164
- Authorization: `Bearer ${accessToken}`
245
+ Authorization: `Bearer ${accessToken}`,
246
+ ...extraHeaders ?? {}
165
247
  }
166
248
  });
249
+ if (!response.ok) {
250
+ logger?.log("OAUTH_USERINFO_INVALID_RESPONSE");
251
+ throw new OAuthProtocolError("INVALID_REQUEST", "Invalid userinfo response format");
252
+ }
167
253
  const json = await response.json();
168
254
  const { success, data } = OAuthErrorResponse.safeParse(json);
169
255
  if (success) {
170
- throw new OAuthProtocolError(
171
- data.error,
172
- data?.error_description ?? "An error occurred while fetching user information."
173
- );
256
+ logger?.log("OAUTH_USERINFO_ERROR", {
257
+ message: "Error response received from OAuth userinfo endpoint",
258
+ structuredData: {
259
+ error: data.error,
260
+ error_description: data.error_description ?? ""
261
+ }
262
+ });
263
+ throw new OAuthProtocolError("INVALID_REQUEST", "An error was received from the OAuth userinfo endpoint.");
174
264
  }
265
+ logger?.log("OAUTH_USERINFO_SUCCESS");
175
266
  return oauthConfig?.profile ? oauthConfig.profile(json) : getDefaultUserInfo(json);
176
267
  } catch (error) {
177
268
  if (isOAuthProtocolError(error)) {
178
269
  throw error;
179
270
  }
271
+ logger?.log("OAUTH_USERINFO_REQUEST_FAILED");
180
272
  if (isNativeError(error)) {
181
- throw new OAuthProtocolError("invalid_request", error.message, "", { cause: error });
273
+ throw new OAuthProtocolError("SERVER_ERROR", "Failed to fetch user information from OAuth provider", "", {
274
+ cause: error
275
+ });
182
276
  }
183
- throw new OAuthProtocolError("invalid_request", "Failed to fetch user information.", "", { cause: error });
277
+ throw new OAuthProtocolError("SERVER_ERROR", "Failed to fetch user information", "", { cause: error });
184
278
  }
185
279
  };
186
280
  // Annotate the CommonJS export names for ESM import in node:
@@ -1,10 +1,15 @@
1
- import { h as OAuthProviderCredentials, U as User } from '../../index-B8jeIElf.js';
1
+ import { j as OAuthProviderCredentials, a as InternalLogger, U as User } from '../../index-_aXtxb_s.js';
2
2
  import 'zod';
3
3
  import '../../schemas.js';
4
- import '@aura-stack/router/cookie';
4
+ import 'zod/v4';
5
5
  import '@aura-stack/jose';
6
6
  import '@aura-stack/jose/jose';
7
+ import '@aura-stack/jose/crypto';
8
+ import '@aura-stack/router/cookie';
7
9
  import '../../@types/utility.js';
10
+ import 'jose';
11
+ import '@aura-stack/router';
12
+ import 'zod/v4/core';
8
13
 
9
14
  /**
10
15
  * Get user information from the OAuth provider's userinfo endpoint using the provided access token.
@@ -15,6 +20,6 @@ import '../../@types/utility.js';
15
20
  * @param accessToken - Access Token to access the userinfo endpoint
16
21
  * @returns The user information retrieved from the userinfo endpoint
17
22
  */
18
- declare const getUserInfo: (oauthConfig: OAuthProviderCredentials, accessToken: string) => Promise<User>;
23
+ declare const getUserInfo: (oauthConfig: OAuthProviderCredentials, accessToken: string, logger?: InternalLogger) => Promise<User>;
19
24
 
20
25
  export { getUserInfo };
@@ -1,12 +1,13 @@
1
1
  import {
2
2
  getUserInfo
3
- } from "../../chunk-IVET23KF.js";
4
- import "../../chunk-N2APGLXA.js";
5
- import "../../chunk-CXLATHS5.js";
6
- import "../../chunk-EIL2FPSS.js";
7
- import "../../chunk-RRLIF4PQ.js";
3
+ } from "../../chunk-GNNBM2WJ.js";
8
4
  import "../../chunk-ZNCZVF6U.js";
9
- import "../../chunk-YRCB5FLE.js";
5
+ import "../../chunk-V6LLEAR4.js";
6
+ import "../../chunk-2A5B7GWR.js";
7
+ import "../../chunk-UZQJJD6A.js";
8
+ import "../../chunk-LX3TJ2TJ.js";
9
+ import "../../chunk-WHNDRO3N.js";
10
+ import "../../chunk-U5663F2U.js";
10
11
  export {
11
12
  getUserInfo
12
13
  };
@@ -1,9 +1,7 @@
1
1
  "use strict";
2
- var __create = Object.create;
3
2
  var __defProp = Object.defineProperty;
4
3
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
4
  var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
5
  var __hasOwnProp = Object.prototype.hasOwnProperty;
8
6
  var __export = (target, all) => {
9
7
  for (var name in all)
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
17
15
  }
18
16
  return to;
19
17
  };
20
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
- // If the importer is in node compatibility mode or this is not an ESM
22
- // file that has been converted to a CommonJS file using a Babel-
23
- // compatible transform (i.e. "__esModule" has not been set), then set
24
- // "default" to the CommonJS "module.exports" for node compatibility.
25
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
- mod
27
- ));
28
18
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
19
 
30
20
  // src/actions/csrfToken/csrfToken.ts
@@ -35,9 +25,6 @@ __export(csrfToken_exports, {
35
25
  module.exports = __toCommonJS(csrfToken_exports);
36
26
  var import_router2 = require("@aura-stack/router");
37
27
 
38
- // src/secure.ts
39
- var import_crypto = __toESM(require("crypto"), 1);
40
-
41
28
  // src/utils.ts
42
29
  var import_router = require("@aura-stack/router");
43
30
 
@@ -53,15 +40,56 @@ var AuthInternalError = class extends Error {
53
40
  }
54
41
  };
55
42
 
43
+ // src/env.ts
44
+ var import_meta = {};
45
+ var env = new Proxy({}, {
46
+ get(_, prop) {
47
+ if (typeof prop !== "string") return void 0;
48
+ const hasProperty = (process2) => {
49
+ return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
50
+ };
51
+ try {
52
+ if (typeof process !== "undefined" && hasProperty(process.env)) {
53
+ return process.env[prop];
54
+ }
55
+ if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
56
+ return import_meta.env[prop];
57
+ }
58
+ if (typeof Deno !== "undefined" && Deno.env?.get) {
59
+ return Deno.env.get(prop);
60
+ }
61
+ if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
62
+ return Bun.env[prop];
63
+ }
64
+ const globalValue = globalThis[prop];
65
+ return typeof globalValue === "string" ? globalValue : void 0;
66
+ } catch {
67
+ return void 0;
68
+ }
69
+ }
70
+ });
71
+
72
+ // src/assert.ts
73
+ var import_crypto = require("@aura-stack/jose/crypto");
74
+
75
+ // src/jose.ts
76
+ var import_jose = require("@aura-stack/jose");
77
+ var import_jose2 = require("@aura-stack/jose/jose");
78
+ var import_crypto2 = require("@aura-stack/jose/crypto");
79
+ var jwtVerificationOptions = {
80
+ algorithms: ["HS256"],
81
+ typ: "JWT"
82
+ };
83
+
56
84
  // src/secure.ts
57
85
  var generateSecure = (length = 32) => {
58
- return import_crypto.default.randomBytes(length).toString("base64url");
86
+ return import_jose2.base64url.encode((0, import_crypto2.getRandomBytes)(length));
59
87
  };
60
88
  var createCSRF = async (jose, csrfCookie) => {
61
89
  try {
62
90
  const token = generateSecure(32);
63
91
  if (csrfCookie) {
64
- await jose.verifyJWS(csrfCookie);
92
+ await jose.verifyJWS(csrfCookie, jwtVerificationOptions);
65
93
  return csrfCookie;
66
94
  }
67
95
  return jose.signJWS({ token });
@@ -78,6 +106,26 @@ var cacheControl = {
78
106
  Expires: "0",
79
107
  Vary: "Cookie"
80
108
  };
109
+ var contentSecurityPolicy = {
110
+ "Content-Security-Policy": [
111
+ "default-src 'none'",
112
+ "script-src 'self'",
113
+ "frame-src 'none'",
114
+ "object-src 'none'",
115
+ "frame-ancestors 'none'",
116
+ "base-uri 'none'"
117
+ ].join("; ")
118
+ };
119
+ var secureHeaders = {
120
+ "X-Content-Type-Options": "nosniff",
121
+ "X-Frame-Options": "DENY",
122
+ "Referrer-Policy": "strict-origin-when-cross-origin"
123
+ };
124
+ var secureApiHeaders = {
125
+ ...cacheControl,
126
+ ...contentSecurityPolicy,
127
+ ...secureHeaders
128
+ };
81
129
 
82
130
  // src/cookie.ts
83
131
  var import_cookie = require("@aura-stack/router/cookie");
@@ -99,10 +147,11 @@ var setCookie = (cookieName, value, options) => {
99
147
  var expiredCookieAttributes = {
100
148
  ...defaultCookieOptions,
101
149
  expires: /* @__PURE__ */ new Date(0),
102
- maxAge: 0
150
+ maxAge: 0,
151
+ secure: true
103
152
  };
104
153
  var getCookie = (request, cookieName) => {
105
- const cookies = request.headers.get("Cookie");
154
+ const cookies = request instanceof Request ? request.headers.get("Cookie") : request.get("Cookie");
106
155
  if (!cookies) {
107
156
  throw new AuthInternalError("COOKIE_NOT_FOUND", "No cookies found. There is no active session");
108
157
  }
@@ -124,11 +173,13 @@ var getCSRFToken = (request, cookieName) => {
124
173
  var csrfTokenAction = (0, import_router2.createEndpoint)("GET", "/csrfToken", async (ctx) => {
125
174
  const {
126
175
  request,
127
- context: { jose, cookies }
176
+ context: { jose, cookies, logger }
128
177
  } = ctx;
129
178
  const token = getCSRFToken(request, cookies.csrfToken.name);
179
+ logger?.log("CSRF_TOKEN_REQUESTED", { structuredData: { has_token: Boolean(token) } });
130
180
  const csrfToken = await createCSRF(jose, token);
131
- const headers = new Headers(cacheControl);
181
+ logger?.log("CSRF_TOKEN_ISSUED", { structuredData: { issued: Boolean(csrfToken) } });
182
+ const headers = new Headers(secureApiHeaders);
132
183
  headers.append("Set-Cookie", setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes));
133
184
  return Response.json({ csrfToken }, { headers });
134
185
  });
@@ -1,12 +1,13 @@
1
1
  import {
2
2
  csrfTokenAction
3
- } from "../../chunk-HT4YLL7N.js";
4
- import "../../chunk-W6LG7BFW.js";
5
- import "../../chunk-STHEPPUZ.js";
6
- import "../../chunk-N2APGLXA.js";
7
- import "../../chunk-CXLATHS5.js";
8
- import "../../chunk-EIL2FPSS.js";
9
- import "../../chunk-RRLIF4PQ.js";
3
+ } from "../../chunk-FPCVZUVG.js";
4
+ import "../../chunk-V6LLEAR4.js";
5
+ import "../../chunk-UZQJJD6A.js";
6
+ import "../../chunk-LX3TJ2TJ.js";
7
+ import "../../chunk-XY5R3EHH.js";
8
+ import "../../chunk-WHNDRO3N.js";
9
+ import "../../chunk-U5663F2U.js";
10
+ import "../../chunk-EBAMFRB7.js";
10
11
  export {
11
12
  csrfTokenAction
12
13
  };