@aura-stack/auth 0.4.0-rc.5 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +8 -3
- package/dist/@types/router.d.cjs +0 -17
- package/dist/@types/router.d.d.ts +7 -2
- package/dist/@types/router.d.js +0 -1
- package/dist/actions/callback/access-token.cjs +130 -71
- package/dist/actions/callback/access-token.d.ts +9 -4
- package/dist/actions/callback/access-token.js +3 -4
- package/dist/actions/callback/callback.cjs +428 -152
- package/dist/actions/callback/callback.d.ts +11 -3
- package/dist/actions/callback/callback.js +12 -10
- package/dist/actions/callback/userinfo.cjs +159 -65
- package/dist/actions/callback/userinfo.d.ts +8 -3
- package/dist/actions/callback/userinfo.js +7 -6
- package/dist/actions/csrfToken/csrfToken.cjs +70 -19
- package/dist/actions/csrfToken/csrfToken.js +8 -7
- package/dist/actions/index.cjs +780 -348
- package/dist/actions/index.d.ts +6 -2
- package/dist/actions/index.js +23 -18
- package/dist/actions/session/session.cjs +107 -26
- package/dist/actions/session/session.js +7 -5
- package/dist/actions/signIn/authorization-url.cjs +288 -0
- package/dist/actions/signIn/authorization-url.d.ts +31 -0
- package/dist/actions/signIn/authorization-url.js +16 -0
- package/dist/actions/signIn/authorization.cjs +209 -211
- package/dist/actions/signIn/authorization.d.ts +32 -21
- package/dist/actions/signIn/authorization.js +12 -9
- package/dist/actions/signIn/signIn.cjs +470 -235
- package/dist/actions/signIn/signIn.d.ts +12 -3
- package/dist/actions/signIn/signIn.js +11 -8
- package/dist/actions/signOut/signOut.cjs +376 -228
- package/dist/actions/signOut/signOut.d.ts +1 -1
- package/dist/actions/signOut/signOut.js +10 -9
- package/dist/api/createApi.cjs +750 -0
- package/dist/api/createApi.d.ts +12 -0
- package/dist/api/createApi.js +19 -0
- package/dist/api/getSession.cjs +141 -0
- package/dist/api/getSession.d.ts +16 -0
- package/dist/api/getSession.js +10 -0
- package/dist/api/signIn.cjs +549 -0
- package/dist/api/signIn.d.ts +26 -0
- package/dist/api/signIn.js +15 -0
- package/dist/api/signOut.cjs +279 -0
- package/dist/api/signOut.d.ts +16 -0
- package/dist/api/signOut.js +13 -0
- package/dist/assert.cjs +150 -5
- package/dist/assert.d.ts +26 -3
- package/dist/assert.js +17 -3
- package/dist/{chunk-YRCB5FLE.js → chunk-2A5B7GWR.js} +52 -6
- package/dist/chunk-2GQLSIJ2.js +40 -0
- package/dist/chunk-2IR674WX.js +44 -0
- package/dist/chunk-3J5TUH2I.js +50 -0
- package/dist/chunk-4RWSYUKX.js +98 -0
- package/dist/chunk-4YHJ4IEQ.js +25 -0
- package/dist/chunk-54CZPKR4.js +25 -0
- package/dist/chunk-5LZ7TOM3.js +25 -0
- package/dist/chunk-7BE46WWS.js +88 -0
- package/dist/chunk-7YYXFKLR.js +35 -0
- package/dist/chunk-C3A37LQC.js +33 -0
- package/dist/chunk-CITNGXDA.js +31 -0
- package/dist/chunk-CWX724AG.js +78 -0
- package/dist/chunk-D2CSIUKP.js +74 -0
- package/dist/chunk-E6G5YCI6.js +25 -0
- package/dist/chunk-EBAMFRB7.js +34 -0
- package/dist/chunk-EEE7UM5T.js +25 -0
- package/dist/{chunk-HT4YLL7N.js → chunk-FPCVZUVG.js} +10 -8
- package/dist/chunk-FW4W3REU.js +25 -0
- package/dist/chunk-GNNBM2WJ.js +83 -0
- package/dist/chunk-IPKO6UQN.js +25 -0
- package/dist/chunk-JOCGX3RP.js +59 -0
- package/dist/chunk-KBXWTD6E.js +94 -0
- package/dist/chunk-KMMAZFSJ.js +25 -0
- package/dist/chunk-LATR3NIV.js +117 -0
- package/dist/chunk-LAYPUDQF.js +39 -0
- package/dist/chunk-LDU7A2JE.js +25 -0
- package/dist/chunk-LX3TJ2TJ.js +294 -0
- package/dist/chunk-NHZBQNRR.js +143 -0
- package/dist/chunk-OVHNRULD.js +33 -0
- package/dist/chunk-PDP3PHB3.js +127 -0
- package/dist/chunk-PHYNROD4.js +47 -0
- package/dist/chunk-QQEKY4XP.js +29 -0
- package/dist/chunk-U4RK4LKJ.js +348 -0
- package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
- package/dist/chunk-UN7X6SU5.js +53 -0
- package/dist/chunk-UZQJJD6A.js +100 -0
- package/dist/chunk-V6LLEAR4.js +80 -0
- package/dist/chunk-WHNDRO3N.js +50 -0
- package/dist/{chunk-W6LG7BFW.js → chunk-XY5R3EHH.js} +30 -23
- package/dist/client/client.cjs +135 -0
- package/dist/client/client.d.ts +85 -0
- package/dist/client/client.js +9 -0
- package/dist/client/index.cjs +135 -0
- package/dist/client/index.d.ts +14 -0
- package/dist/client/index.js +10 -0
- package/dist/context.cjs +1237 -0
- package/dist/context.d.ts +16 -0
- package/dist/context.js +28 -0
- package/dist/cookie.cjs +57 -22
- package/dist/cookie.d.ts +11 -6
- package/dist/cookie.js +3 -2
- package/dist/createAuth.cjs +2320 -0
- package/dist/createAuth.d.ts +12 -0
- package/dist/createAuth.js +48 -0
- package/dist/env.cjs +78 -0
- package/dist/env.d.ts +10 -0
- package/dist/env.js +12 -0
- package/dist/errors.cjs +17 -0
- package/dist/errors.d.ts +15 -4
- package/dist/errors.js +5 -1
- package/dist/headers.cjs +28 -2
- package/dist/headers.d.ts +25 -1
- package/dist/headers.js +9 -3
- package/dist/index-_aXtxb_s.d.ts +1377 -0
- package/dist/index.cjs +1843 -610
- package/dist/index.d.ts +11 -92
- package/dist/index.js +53 -85
- package/dist/jose.cjs +113 -38
- package/dist/jose.d.ts +12 -23
- package/dist/jose.js +17 -7
- package/dist/logger.cjs +424 -0
- package/dist/logger.d.ts +12 -0
- package/dist/logger.js +17 -0
- package/dist/oauth/atlassian.cjs +57 -0
- package/dist/oauth/atlassian.d.ts +12 -0
- package/dist/oauth/atlassian.js +6 -0
- package/dist/oauth/bitbucket.cjs +19 -15
- package/dist/oauth/bitbucket.d.ts +7 -2
- package/dist/oauth/bitbucket.js +1 -1
- package/dist/oauth/discord.cjs +27 -24
- package/dist/oauth/discord.d.ts +7 -2
- package/dist/oauth/discord.js +1 -1
- package/dist/oauth/dropbox.cjs +53 -0
- package/dist/oauth/dropbox.d.ts +12 -0
- package/dist/oauth/dropbox.js +6 -0
- package/dist/oauth/figma.cjs +19 -16
- package/dist/oauth/figma.d.ts +7 -2
- package/dist/oauth/figma.js +1 -1
- package/dist/oauth/github.cjs +19 -8
- package/dist/oauth/github.d.ts +7 -2
- package/dist/oauth/github.js +1 -1
- package/dist/oauth/gitlab.cjs +19 -16
- package/dist/oauth/gitlab.d.ts +7 -2
- package/dist/oauth/gitlab.js +1 -1
- package/dist/oauth/index.cjs +529 -239
- package/dist/oauth/index.d.ts +7 -2
- package/dist/oauth/index.js +39 -22
- package/dist/oauth/mailchimp.cjs +19 -16
- package/dist/oauth/mailchimp.d.ts +7 -2
- package/dist/oauth/mailchimp.js +1 -1
- package/dist/oauth/notion.cjs +131 -0
- package/dist/oauth/notion.d.ts +12 -0
- package/dist/oauth/notion.js +9 -0
- package/dist/oauth/pinterest.cjs +19 -16
- package/dist/oauth/pinterest.d.ts +7 -2
- package/dist/oauth/pinterest.js +1 -1
- package/dist/oauth/spotify.cjs +19 -16
- package/dist/oauth/spotify.d.ts +7 -2
- package/dist/oauth/spotify.js +1 -1
- package/dist/oauth/strava.cjs +19 -16
- package/dist/oauth/strava.d.ts +7 -2
- package/dist/oauth/strava.js +1 -1
- package/dist/oauth/twitch.cjs +95 -0
- package/dist/oauth/twitch.d.ts +12 -0
- package/dist/oauth/twitch.js +7 -0
- package/dist/oauth/x.cjs +19 -16
- package/dist/oauth/x.d.ts +7 -2
- package/dist/oauth/x.js +1 -1
- package/dist/schemas.cjs +89 -42
- package/dist/schemas.d.ts +114 -18
- package/dist/schemas.js +5 -3
- package/dist/secure.cjs +73 -31
- package/dist/secure.d.ts +11 -11
- package/dist/secure.js +7 -6
- package/dist/utils.cjs +203 -90
- package/dist/utils.d.ts +21 -40
- package/dist/utils.js +21 -12
- package/package.json +9 -6
- package/dist/chunk-3EUWD5BB.js +0 -63
- package/dist/chunk-42XB3YCW.js +0 -22
- package/dist/chunk-6R2YZ4AC.js +0 -22
- package/dist/chunk-A3N4PVAT.js +0 -70
- package/dist/chunk-B737EUJV.js +0 -22
- package/dist/chunk-CXLATHS5.js +0 -143
- package/dist/chunk-E3OXBRYF.js +0 -22
- package/dist/chunk-EIL2FPSS.js +0 -22
- package/dist/chunk-EMKJA2GJ.js +0 -89
- package/dist/chunk-FIPU4MLT.js +0 -21
- package/dist/chunk-FKRDCWBF.js +0 -22
- package/dist/chunk-GA2SMTJO.js +0 -58
- package/dist/chunk-HP34YGGJ.js +0 -22
- package/dist/chunk-IKHPGFCW.js +0 -14
- package/dist/chunk-IUYZQTJV.js +0 -30
- package/dist/chunk-IVET23KF.js +0 -58
- package/dist/chunk-JVFTCTTE.js +0 -33
- package/dist/chunk-KRNOMBXQ.js +0 -22
- package/dist/chunk-KSWLO5ZU.js +0 -102
- package/dist/chunk-N2APGLXA.js +0 -71
- package/dist/chunk-N4SX7TZT.js +0 -96
- package/dist/chunk-STHEPPUZ.js +0 -11
- package/dist/chunk-TLE4PXY3.js +0 -39
- package/dist/index-B8jeIElf.d.ts +0 -679
- /package/dist/{chunk-DIVDFNAP.js → chunk-5X7JZMEF.js} +0 -0
|
@@ -1,11 +1,15 @@
|
|
|
1
1
|
import * as _aura_stack_router from '@aura-stack/router';
|
|
2
|
-
import { z } from 'zod';
|
|
3
|
-
import {
|
|
2
|
+
import { z } from 'zod/v4';
|
|
3
|
+
import { O as OAuthProviderRecord } from '../../index-_aXtxb_s.js';
|
|
4
|
+
import 'zod';
|
|
4
5
|
import '../../schemas.js';
|
|
5
|
-
import '@aura-stack/router/cookie';
|
|
6
6
|
import '@aura-stack/jose';
|
|
7
7
|
import '@aura-stack/jose/jose';
|
|
8
|
+
import '@aura-stack/jose/crypto';
|
|
9
|
+
import '@aura-stack/router/cookie';
|
|
8
10
|
import '../../@types/utility.js';
|
|
11
|
+
import 'jose';
|
|
12
|
+
import 'zod/v4/core';
|
|
9
13
|
|
|
10
14
|
declare const callbackAction: (oauth: OAuthProviderRecord) => _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
|
|
11
15
|
schemas?: {
|
|
@@ -22,6 +26,10 @@ declare const callbackAction: (oauth: OAuthProviderRecord) => _aura_stack_router
|
|
|
22
26
|
strava: "strava";
|
|
23
27
|
mailchimp: "mailchimp";
|
|
24
28
|
pinterest: "pinterest";
|
|
29
|
+
twitch: "twitch";
|
|
30
|
+
notion: "notion";
|
|
31
|
+
dropbox: "dropbox";
|
|
32
|
+
atlassian: "atlassian";
|
|
25
33
|
}>;
|
|
26
34
|
}, z.core.$strip>;
|
|
27
35
|
searchParams: z.ZodObject<{
|
|
@@ -1,16 +1,18 @@
|
|
|
1
1
|
import {
|
|
2
2
|
callbackAction
|
|
3
|
-
} from "../../chunk-
|
|
4
|
-
import "../../chunk-
|
|
5
|
-
import "../../chunk-
|
|
6
|
-
import "../../chunk-
|
|
7
|
-
import "../../chunk-STHEPPUZ.js";
|
|
8
|
-
import "../../chunk-N2APGLXA.js";
|
|
9
|
-
import "../../chunk-CXLATHS5.js";
|
|
10
|
-
import "../../chunk-EIL2FPSS.js";
|
|
11
|
-
import "../../chunk-RRLIF4PQ.js";
|
|
3
|
+
} from "../../chunk-NHZBQNRR.js";
|
|
4
|
+
import "../../chunk-GNNBM2WJ.js";
|
|
5
|
+
import "../../chunk-7BE46WWS.js";
|
|
6
|
+
import "../../chunk-LATR3NIV.js";
|
|
12
7
|
import "../../chunk-ZNCZVF6U.js";
|
|
13
|
-
import "../../chunk-
|
|
8
|
+
import "../../chunk-V6LLEAR4.js";
|
|
9
|
+
import "../../chunk-2A5B7GWR.js";
|
|
10
|
+
import "../../chunk-UZQJJD6A.js";
|
|
11
|
+
import "../../chunk-LX3TJ2TJ.js";
|
|
12
|
+
import "../../chunk-XY5R3EHH.js";
|
|
13
|
+
import "../../chunk-WHNDRO3N.js";
|
|
14
|
+
import "../../chunk-U5663F2U.js";
|
|
15
|
+
import "../../chunk-EBAMFRB7.js";
|
|
14
16
|
export {
|
|
15
17
|
callbackAction
|
|
16
18
|
};
|
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/actions/callback/userinfo.ts
|
|
@@ -45,9 +35,6 @@ var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
|
|
|
45
35
|
return response;
|
|
46
36
|
};
|
|
47
37
|
|
|
48
|
-
// src/secure.ts
|
|
49
|
-
var import_crypto = __toESM(require("crypto"), 1);
|
|
50
|
-
|
|
51
38
|
// src/utils.ts
|
|
52
39
|
var import_router = require("@aura-stack/router");
|
|
53
40
|
|
|
@@ -71,34 +58,119 @@ var isOAuthProtocolError = (error) => {
|
|
|
71
58
|
return error instanceof OAuthProtocolError;
|
|
72
59
|
};
|
|
73
60
|
|
|
61
|
+
// src/env.ts
|
|
62
|
+
var import_meta = {};
|
|
63
|
+
var env = new Proxy({}, {
|
|
64
|
+
get(_, prop) {
|
|
65
|
+
if (typeof prop !== "string") return void 0;
|
|
66
|
+
const hasProperty = (process2) => {
|
|
67
|
+
return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
|
|
68
|
+
};
|
|
69
|
+
try {
|
|
70
|
+
if (typeof process !== "undefined" && hasProperty(process.env)) {
|
|
71
|
+
return process.env[prop];
|
|
72
|
+
}
|
|
73
|
+
if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
|
|
74
|
+
return import_meta.env[prop];
|
|
75
|
+
}
|
|
76
|
+
if (typeof Deno !== "undefined" && Deno.env?.get) {
|
|
77
|
+
return Deno.env.get(prop);
|
|
78
|
+
}
|
|
79
|
+
if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
|
|
80
|
+
return Bun.env[prop];
|
|
81
|
+
}
|
|
82
|
+
const globalValue = globalThis[prop];
|
|
83
|
+
return typeof globalValue === "string" ? globalValue : void 0;
|
|
84
|
+
} catch {
|
|
85
|
+
return void 0;
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
});
|
|
89
|
+
|
|
90
|
+
// src/assert.ts
|
|
91
|
+
var import_crypto = require("@aura-stack/jose/crypto");
|
|
92
|
+
|
|
93
|
+
// src/utils.ts
|
|
94
|
+
var AURA_AUTH_VERSION = "0.4.0";
|
|
95
|
+
|
|
96
|
+
// src/jose.ts
|
|
97
|
+
var import_jose = require("@aura-stack/jose");
|
|
98
|
+
var import_jose2 = require("@aura-stack/jose/jose");
|
|
99
|
+
var import_crypto2 = require("@aura-stack/jose/crypto");
|
|
100
|
+
|
|
74
101
|
// src/secure.ts
|
|
75
102
|
var generateSecure = (length = 32) => {
|
|
76
|
-
return
|
|
103
|
+
return import_jose2.base64url.encode((0, import_crypto2.getRandomBytes)(length));
|
|
77
104
|
};
|
|
78
105
|
|
|
79
106
|
// src/schemas.ts
|
|
80
|
-
var
|
|
81
|
-
var
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
107
|
+
var import_v4 = require("zod/v4");
|
|
108
|
+
var AuthorizeConfigSchema = import_v4.z.union([
|
|
109
|
+
(0, import_v4.string)().url(),
|
|
110
|
+
(0, import_v4.object)({
|
|
111
|
+
url: (0, import_v4.string)().url(),
|
|
112
|
+
params: (0, import_v4.object)({
|
|
113
|
+
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
114
|
+
scope: (0, import_v4.string)().optional()
|
|
115
|
+
})
|
|
116
|
+
})
|
|
117
|
+
]);
|
|
118
|
+
var AccessTokenConfigSchema = import_v4.z.union([
|
|
119
|
+
(0, import_v4.string)().url(),
|
|
120
|
+
(0, import_v4.object)({
|
|
121
|
+
url: (0, import_v4.string)().url(),
|
|
122
|
+
headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional()
|
|
123
|
+
})
|
|
124
|
+
]);
|
|
125
|
+
var UserInfoConfigSchema = import_v4.z.union([
|
|
126
|
+
(0, import_v4.string)().url(),
|
|
127
|
+
(0, import_v4.object)({
|
|
128
|
+
url: (0, import_v4.string)().url(),
|
|
129
|
+
headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional(),
|
|
130
|
+
method: (0, import_v4.string)().optional()
|
|
131
|
+
})
|
|
132
|
+
]);
|
|
133
|
+
var OAuthProviderCredentialsSchema = (0, import_v4.object)({
|
|
134
|
+
id: (0, import_v4.string)(),
|
|
135
|
+
name: (0, import_v4.string)(),
|
|
136
|
+
authorize: AuthorizeConfigSchema.optional(),
|
|
137
|
+
/** @deprecated */
|
|
138
|
+
authorizeURL: (0, import_v4.string)().url().optional(),
|
|
139
|
+
accessToken: AccessTokenConfigSchema,
|
|
140
|
+
/** @deprecated */
|
|
141
|
+
scope: (0, import_v4.string)().optional(),
|
|
142
|
+
userInfo: UserInfoConfigSchema,
|
|
143
|
+
/** @deprecated */
|
|
144
|
+
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
145
|
+
clientId: (0, import_v4.string)(),
|
|
146
|
+
clientSecret: (0, import_v4.string)(),
|
|
147
|
+
profile: import_v4.z.function().optional()
|
|
148
|
+
});
|
|
149
|
+
var OAuthProviderConfigSchema = (0, import_v4.object)({
|
|
150
|
+
authorize: AuthorizeConfigSchema.optional(),
|
|
151
|
+
/** @deprecated */
|
|
152
|
+
authorizeURL: (0, import_v4.string)().url().optional(),
|
|
153
|
+
accessToken: AccessTokenConfigSchema,
|
|
154
|
+
/** @deprecated */
|
|
155
|
+
scope: (0, import_v4.string)().optional(),
|
|
156
|
+
userInfo: UserInfoConfigSchema,
|
|
157
|
+
/** @deprecated */
|
|
158
|
+
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
159
|
+
clientId: (0, import_v4.string)(),
|
|
160
|
+
clientSecret: (0, import_v4.string)()
|
|
89
161
|
});
|
|
90
162
|
var OAuthAuthorization = OAuthProviderConfigSchema.extend({
|
|
91
|
-
redirectURI: (0,
|
|
92
|
-
state: (0,
|
|
93
|
-
codeChallenge: (0,
|
|
94
|
-
codeChallengeMethod: (0,
|
|
163
|
+
redirectURI: (0, import_v4.string)(),
|
|
164
|
+
state: (0, import_v4.string)(),
|
|
165
|
+
codeChallenge: (0, import_v4.string)(),
|
|
166
|
+
codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
|
|
95
167
|
});
|
|
96
|
-
var OAuthAuthorizationResponse = (0,
|
|
97
|
-
state: (0,
|
|
98
|
-
code: (0,
|
|
168
|
+
var OAuthAuthorizationResponse = (0, import_v4.object)({
|
|
169
|
+
state: (0, import_v4.string)({ message: "Missing state parameter in the OAuth authorization response." }),
|
|
170
|
+
code: (0, import_v4.string)({ message: "Missing code parameter in the OAuth authorization response." })
|
|
99
171
|
});
|
|
100
|
-
var OAuthAuthorizationErrorResponse = (0,
|
|
101
|
-
error: (0,
|
|
172
|
+
var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
|
|
173
|
+
error: (0, import_v4.enum)([
|
|
102
174
|
"invalid_request",
|
|
103
175
|
"unauthorized_client",
|
|
104
176
|
"access_denied",
|
|
@@ -107,24 +179,24 @@ var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
|
|
|
107
179
|
"server_error",
|
|
108
180
|
"temporarily_unavailable"
|
|
109
181
|
]),
|
|
110
|
-
error_description: (0,
|
|
111
|
-
error_uri: (0,
|
|
112
|
-
state: (0,
|
|
182
|
+
error_description: (0, import_v4.string)().optional(),
|
|
183
|
+
error_uri: (0, import_v4.string)().optional(),
|
|
184
|
+
state: (0, import_v4.string)()
|
|
113
185
|
});
|
|
114
186
|
var OAuthAccessToken = OAuthProviderConfigSchema.extend({
|
|
115
|
-
redirectURI: (0,
|
|
116
|
-
code: (0,
|
|
117
|
-
codeVerifier: (0,
|
|
187
|
+
redirectURI: (0, import_v4.string)(),
|
|
188
|
+
code: (0, import_v4.string)(),
|
|
189
|
+
codeVerifier: (0, import_v4.string)().min(43).max(128)
|
|
118
190
|
});
|
|
119
|
-
var OAuthAccessTokenResponse = (0,
|
|
120
|
-
access_token: (0,
|
|
121
|
-
token_type: (0,
|
|
122
|
-
expires_in: (0,
|
|
123
|
-
refresh_token: (0,
|
|
124
|
-
scope: (0,
|
|
191
|
+
var OAuthAccessTokenResponse = (0, import_v4.object)({
|
|
192
|
+
access_token: (0, import_v4.string)(),
|
|
193
|
+
token_type: (0, import_v4.string)().optional(),
|
|
194
|
+
expires_in: (0, import_v4.number)().optional(),
|
|
195
|
+
refresh_token: (0, import_v4.string)().optional(),
|
|
196
|
+
scope: (0, import_v4.union)([(0, import_v4.string)().optional().or((0, import_v4.null)()), (0, import_v4.array)((0, import_v4.string)()).optional()])
|
|
125
197
|
});
|
|
126
|
-
var OAuthAccessTokenErrorResponse = (0,
|
|
127
|
-
error: (0,
|
|
198
|
+
var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
|
|
199
|
+
error: (0, import_v4.enum)([
|
|
128
200
|
"invalid_request",
|
|
129
201
|
"invalid_client",
|
|
130
202
|
"invalid_grant",
|
|
@@ -132,16 +204,16 @@ var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
|
|
|
132
204
|
"unsupported_grant_type",
|
|
133
205
|
"invalid_scope"
|
|
134
206
|
]),
|
|
135
|
-
error_description: (0,
|
|
136
|
-
error_uri: (0,
|
|
207
|
+
error_description: (0, import_v4.string)().optional(),
|
|
208
|
+
error_uri: (0, import_v4.string)().optional()
|
|
137
209
|
});
|
|
138
|
-
var OAuthErrorResponse = (0,
|
|
139
|
-
error: (0,
|
|
140
|
-
error_description: (0,
|
|
210
|
+
var OAuthErrorResponse = (0, import_v4.object)({
|
|
211
|
+
error: (0, import_v4.string)(),
|
|
212
|
+
error_description: (0, import_v4.string)().optional()
|
|
141
213
|
});
|
|
142
|
-
var OAuthEnvSchema = (0,
|
|
143
|
-
clientId:
|
|
144
|
-
clientSecret:
|
|
214
|
+
var OAuthEnvSchema = (0, import_v4.object)({
|
|
215
|
+
clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
|
|
216
|
+
clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
|
|
145
217
|
});
|
|
146
218
|
|
|
147
219
|
// src/actions/callback/userinfo.ts
|
|
@@ -154,33 +226,55 @@ var getDefaultUserInfo = (profile) => {
|
|
|
154
226
|
image: profile?.image ?? profile?.picture
|
|
155
227
|
};
|
|
156
228
|
};
|
|
157
|
-
var getUserInfo = async (oauthConfig, accessToken) => {
|
|
158
|
-
const
|
|
229
|
+
var getUserInfo = async (oauthConfig, accessToken, logger) => {
|
|
230
|
+
const userInfoConfig = oauthConfig.userInfo;
|
|
231
|
+
const userinfoURL = typeof userInfoConfig === "string" ? userInfoConfig : userInfoConfig.url;
|
|
232
|
+
const extraHeaders = typeof userInfoConfig === "string" ? void 0 : userInfoConfig.headers;
|
|
233
|
+
const method = typeof userInfoConfig === "string" ? "GET" : (userInfoConfig.method ?? "GET").toUpperCase();
|
|
159
234
|
try {
|
|
160
|
-
|
|
161
|
-
|
|
235
|
+
logger?.log("OAUTH_USERINFO_REQUEST_INITIATED", {
|
|
236
|
+
structuredData: {
|
|
237
|
+
endpoint: userinfoURL
|
|
238
|
+
}
|
|
239
|
+
});
|
|
240
|
+
const response = await fetchAsync(userinfoURL, {
|
|
241
|
+
method,
|
|
162
242
|
headers: {
|
|
243
|
+
"User-Agent": `Aura Auth/${AURA_AUTH_VERSION}`,
|
|
163
244
|
Accept: "application/json",
|
|
164
|
-
Authorization: `Bearer ${accessToken}
|
|
245
|
+
Authorization: `Bearer ${accessToken}`,
|
|
246
|
+
...extraHeaders ?? {}
|
|
165
247
|
}
|
|
166
248
|
});
|
|
249
|
+
if (!response.ok) {
|
|
250
|
+
logger?.log("OAUTH_USERINFO_INVALID_RESPONSE");
|
|
251
|
+
throw new OAuthProtocolError("INVALID_REQUEST", "Invalid userinfo response format");
|
|
252
|
+
}
|
|
167
253
|
const json = await response.json();
|
|
168
254
|
const { success, data } = OAuthErrorResponse.safeParse(json);
|
|
169
255
|
if (success) {
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
256
|
+
logger?.log("OAUTH_USERINFO_ERROR", {
|
|
257
|
+
message: "Error response received from OAuth userinfo endpoint",
|
|
258
|
+
structuredData: {
|
|
259
|
+
error: data.error,
|
|
260
|
+
error_description: data.error_description ?? ""
|
|
261
|
+
}
|
|
262
|
+
});
|
|
263
|
+
throw new OAuthProtocolError("INVALID_REQUEST", "An error was received from the OAuth userinfo endpoint.");
|
|
174
264
|
}
|
|
265
|
+
logger?.log("OAUTH_USERINFO_SUCCESS");
|
|
175
266
|
return oauthConfig?.profile ? oauthConfig.profile(json) : getDefaultUserInfo(json);
|
|
176
267
|
} catch (error) {
|
|
177
268
|
if (isOAuthProtocolError(error)) {
|
|
178
269
|
throw error;
|
|
179
270
|
}
|
|
271
|
+
logger?.log("OAUTH_USERINFO_REQUEST_FAILED");
|
|
180
272
|
if (isNativeError(error)) {
|
|
181
|
-
throw new OAuthProtocolError("
|
|
273
|
+
throw new OAuthProtocolError("SERVER_ERROR", "Failed to fetch user information from OAuth provider", "", {
|
|
274
|
+
cause: error
|
|
275
|
+
});
|
|
182
276
|
}
|
|
183
|
-
throw new OAuthProtocolError("
|
|
277
|
+
throw new OAuthProtocolError("SERVER_ERROR", "Failed to fetch user information", "", { cause: error });
|
|
184
278
|
}
|
|
185
279
|
};
|
|
186
280
|
// Annotate the CommonJS export names for ESM import in node:
|
|
@@ -1,10 +1,15 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { j as OAuthProviderCredentials, a as InternalLogger, U as User } from '../../index-_aXtxb_s.js';
|
|
2
2
|
import 'zod';
|
|
3
3
|
import '../../schemas.js';
|
|
4
|
-
import '
|
|
4
|
+
import 'zod/v4';
|
|
5
5
|
import '@aura-stack/jose';
|
|
6
6
|
import '@aura-stack/jose/jose';
|
|
7
|
+
import '@aura-stack/jose/crypto';
|
|
8
|
+
import '@aura-stack/router/cookie';
|
|
7
9
|
import '../../@types/utility.js';
|
|
10
|
+
import 'jose';
|
|
11
|
+
import '@aura-stack/router';
|
|
12
|
+
import 'zod/v4/core';
|
|
8
13
|
|
|
9
14
|
/**
|
|
10
15
|
* Get user information from the OAuth provider's userinfo endpoint using the provided access token.
|
|
@@ -15,6 +20,6 @@ import '../../@types/utility.js';
|
|
|
15
20
|
* @param accessToken - Access Token to access the userinfo endpoint
|
|
16
21
|
* @returns The user information retrieved from the userinfo endpoint
|
|
17
22
|
*/
|
|
18
|
-
declare const getUserInfo: (oauthConfig: OAuthProviderCredentials, accessToken: string) => Promise<User>;
|
|
23
|
+
declare const getUserInfo: (oauthConfig: OAuthProviderCredentials, accessToken: string, logger?: InternalLogger) => Promise<User>;
|
|
19
24
|
|
|
20
25
|
export { getUserInfo };
|
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
import {
|
|
2
2
|
getUserInfo
|
|
3
|
-
} from "../../chunk-
|
|
4
|
-
import "../../chunk-N2APGLXA.js";
|
|
5
|
-
import "../../chunk-CXLATHS5.js";
|
|
6
|
-
import "../../chunk-EIL2FPSS.js";
|
|
7
|
-
import "../../chunk-RRLIF4PQ.js";
|
|
3
|
+
} from "../../chunk-GNNBM2WJ.js";
|
|
8
4
|
import "../../chunk-ZNCZVF6U.js";
|
|
9
|
-
import "../../chunk-
|
|
5
|
+
import "../../chunk-V6LLEAR4.js";
|
|
6
|
+
import "../../chunk-2A5B7GWR.js";
|
|
7
|
+
import "../../chunk-UZQJJD6A.js";
|
|
8
|
+
import "../../chunk-LX3TJ2TJ.js";
|
|
9
|
+
import "../../chunk-WHNDRO3N.js";
|
|
10
|
+
import "../../chunk-U5663F2U.js";
|
|
10
11
|
export {
|
|
11
12
|
getUserInfo
|
|
12
13
|
};
|
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/actions/csrfToken/csrfToken.ts
|
|
@@ -35,9 +25,6 @@ __export(csrfToken_exports, {
|
|
|
35
25
|
module.exports = __toCommonJS(csrfToken_exports);
|
|
36
26
|
var import_router2 = require("@aura-stack/router");
|
|
37
27
|
|
|
38
|
-
// src/secure.ts
|
|
39
|
-
var import_crypto = __toESM(require("crypto"), 1);
|
|
40
|
-
|
|
41
28
|
// src/utils.ts
|
|
42
29
|
var import_router = require("@aura-stack/router");
|
|
43
30
|
|
|
@@ -53,15 +40,56 @@ var AuthInternalError = class extends Error {
|
|
|
53
40
|
}
|
|
54
41
|
};
|
|
55
42
|
|
|
43
|
+
// src/env.ts
|
|
44
|
+
var import_meta = {};
|
|
45
|
+
var env = new Proxy({}, {
|
|
46
|
+
get(_, prop) {
|
|
47
|
+
if (typeof prop !== "string") return void 0;
|
|
48
|
+
const hasProperty = (process2) => {
|
|
49
|
+
return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
|
|
50
|
+
};
|
|
51
|
+
try {
|
|
52
|
+
if (typeof process !== "undefined" && hasProperty(process.env)) {
|
|
53
|
+
return process.env[prop];
|
|
54
|
+
}
|
|
55
|
+
if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
|
|
56
|
+
return import_meta.env[prop];
|
|
57
|
+
}
|
|
58
|
+
if (typeof Deno !== "undefined" && Deno.env?.get) {
|
|
59
|
+
return Deno.env.get(prop);
|
|
60
|
+
}
|
|
61
|
+
if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
|
|
62
|
+
return Bun.env[prop];
|
|
63
|
+
}
|
|
64
|
+
const globalValue = globalThis[prop];
|
|
65
|
+
return typeof globalValue === "string" ? globalValue : void 0;
|
|
66
|
+
} catch {
|
|
67
|
+
return void 0;
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
});
|
|
71
|
+
|
|
72
|
+
// src/assert.ts
|
|
73
|
+
var import_crypto = require("@aura-stack/jose/crypto");
|
|
74
|
+
|
|
75
|
+
// src/jose.ts
|
|
76
|
+
var import_jose = require("@aura-stack/jose");
|
|
77
|
+
var import_jose2 = require("@aura-stack/jose/jose");
|
|
78
|
+
var import_crypto2 = require("@aura-stack/jose/crypto");
|
|
79
|
+
var jwtVerificationOptions = {
|
|
80
|
+
algorithms: ["HS256"],
|
|
81
|
+
typ: "JWT"
|
|
82
|
+
};
|
|
83
|
+
|
|
56
84
|
// src/secure.ts
|
|
57
85
|
var generateSecure = (length = 32) => {
|
|
58
|
-
return
|
|
86
|
+
return import_jose2.base64url.encode((0, import_crypto2.getRandomBytes)(length));
|
|
59
87
|
};
|
|
60
88
|
var createCSRF = async (jose, csrfCookie) => {
|
|
61
89
|
try {
|
|
62
90
|
const token = generateSecure(32);
|
|
63
91
|
if (csrfCookie) {
|
|
64
|
-
await jose.verifyJWS(csrfCookie);
|
|
92
|
+
await jose.verifyJWS(csrfCookie, jwtVerificationOptions);
|
|
65
93
|
return csrfCookie;
|
|
66
94
|
}
|
|
67
95
|
return jose.signJWS({ token });
|
|
@@ -78,6 +106,26 @@ var cacheControl = {
|
|
|
78
106
|
Expires: "0",
|
|
79
107
|
Vary: "Cookie"
|
|
80
108
|
};
|
|
109
|
+
var contentSecurityPolicy = {
|
|
110
|
+
"Content-Security-Policy": [
|
|
111
|
+
"default-src 'none'",
|
|
112
|
+
"script-src 'self'",
|
|
113
|
+
"frame-src 'none'",
|
|
114
|
+
"object-src 'none'",
|
|
115
|
+
"frame-ancestors 'none'",
|
|
116
|
+
"base-uri 'none'"
|
|
117
|
+
].join("; ")
|
|
118
|
+
};
|
|
119
|
+
var secureHeaders = {
|
|
120
|
+
"X-Content-Type-Options": "nosniff",
|
|
121
|
+
"X-Frame-Options": "DENY",
|
|
122
|
+
"Referrer-Policy": "strict-origin-when-cross-origin"
|
|
123
|
+
};
|
|
124
|
+
var secureApiHeaders = {
|
|
125
|
+
...cacheControl,
|
|
126
|
+
...contentSecurityPolicy,
|
|
127
|
+
...secureHeaders
|
|
128
|
+
};
|
|
81
129
|
|
|
82
130
|
// src/cookie.ts
|
|
83
131
|
var import_cookie = require("@aura-stack/router/cookie");
|
|
@@ -99,10 +147,11 @@ var setCookie = (cookieName, value, options) => {
|
|
|
99
147
|
var expiredCookieAttributes = {
|
|
100
148
|
...defaultCookieOptions,
|
|
101
149
|
expires: /* @__PURE__ */ new Date(0),
|
|
102
|
-
maxAge: 0
|
|
150
|
+
maxAge: 0,
|
|
151
|
+
secure: true
|
|
103
152
|
};
|
|
104
153
|
var getCookie = (request, cookieName) => {
|
|
105
|
-
const cookies = request.headers.get("Cookie");
|
|
154
|
+
const cookies = request instanceof Request ? request.headers.get("Cookie") : request.get("Cookie");
|
|
106
155
|
if (!cookies) {
|
|
107
156
|
throw new AuthInternalError("COOKIE_NOT_FOUND", "No cookies found. There is no active session");
|
|
108
157
|
}
|
|
@@ -124,11 +173,13 @@ var getCSRFToken = (request, cookieName) => {
|
|
|
124
173
|
var csrfTokenAction = (0, import_router2.createEndpoint)("GET", "/csrfToken", async (ctx) => {
|
|
125
174
|
const {
|
|
126
175
|
request,
|
|
127
|
-
context: { jose, cookies }
|
|
176
|
+
context: { jose, cookies, logger }
|
|
128
177
|
} = ctx;
|
|
129
178
|
const token = getCSRFToken(request, cookies.csrfToken.name);
|
|
179
|
+
logger?.log("CSRF_TOKEN_REQUESTED", { structuredData: { has_token: Boolean(token) } });
|
|
130
180
|
const csrfToken = await createCSRF(jose, token);
|
|
131
|
-
|
|
181
|
+
logger?.log("CSRF_TOKEN_ISSUED", { structuredData: { issued: Boolean(csrfToken) } });
|
|
182
|
+
const headers = new Headers(secureApiHeaders);
|
|
132
183
|
headers.append("Set-Cookie", setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes));
|
|
133
184
|
return Response.json({ csrfToken }, { headers });
|
|
134
185
|
});
|
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
import {
|
|
2
2
|
csrfTokenAction
|
|
3
|
-
} from "../../chunk-
|
|
4
|
-
import "../../chunk-
|
|
5
|
-
import "../../chunk-
|
|
6
|
-
import "../../chunk-
|
|
7
|
-
import "../../chunk-
|
|
8
|
-
import "../../chunk-
|
|
9
|
-
import "../../chunk-
|
|
3
|
+
} from "../../chunk-FPCVZUVG.js";
|
|
4
|
+
import "../../chunk-V6LLEAR4.js";
|
|
5
|
+
import "../../chunk-UZQJJD6A.js";
|
|
6
|
+
import "../../chunk-LX3TJ2TJ.js";
|
|
7
|
+
import "../../chunk-XY5R3EHH.js";
|
|
8
|
+
import "../../chunk-WHNDRO3N.js";
|
|
9
|
+
import "../../chunk-U5663F2U.js";
|
|
10
|
+
import "../../chunk-EBAMFRB7.js";
|
|
10
11
|
export {
|
|
11
12
|
csrfTokenAction
|
|
12
13
|
};
|