@aura-stack/auth 0.4.0-rc.5 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (201) hide show
  1. package/dist/@types/index.d.ts +8 -3
  2. package/dist/@types/router.d.cjs +0 -17
  3. package/dist/@types/router.d.d.ts +7 -2
  4. package/dist/@types/router.d.js +0 -1
  5. package/dist/actions/callback/access-token.cjs +130 -71
  6. package/dist/actions/callback/access-token.d.ts +9 -4
  7. package/dist/actions/callback/access-token.js +3 -4
  8. package/dist/actions/callback/callback.cjs +428 -152
  9. package/dist/actions/callback/callback.d.ts +11 -3
  10. package/dist/actions/callback/callback.js +12 -10
  11. package/dist/actions/callback/userinfo.cjs +159 -65
  12. package/dist/actions/callback/userinfo.d.ts +8 -3
  13. package/dist/actions/callback/userinfo.js +7 -6
  14. package/dist/actions/csrfToken/csrfToken.cjs +70 -19
  15. package/dist/actions/csrfToken/csrfToken.js +8 -7
  16. package/dist/actions/index.cjs +780 -348
  17. package/dist/actions/index.d.ts +6 -2
  18. package/dist/actions/index.js +23 -18
  19. package/dist/actions/session/session.cjs +107 -26
  20. package/dist/actions/session/session.js +7 -5
  21. package/dist/actions/signIn/authorization-url.cjs +288 -0
  22. package/dist/actions/signIn/authorization-url.d.ts +31 -0
  23. package/dist/actions/signIn/authorization-url.js +16 -0
  24. package/dist/actions/signIn/authorization.cjs +209 -211
  25. package/dist/actions/signIn/authorization.d.ts +32 -21
  26. package/dist/actions/signIn/authorization.js +12 -9
  27. package/dist/actions/signIn/signIn.cjs +470 -235
  28. package/dist/actions/signIn/signIn.d.ts +12 -3
  29. package/dist/actions/signIn/signIn.js +11 -8
  30. package/dist/actions/signOut/signOut.cjs +376 -228
  31. package/dist/actions/signOut/signOut.d.ts +1 -1
  32. package/dist/actions/signOut/signOut.js +10 -9
  33. package/dist/api/createApi.cjs +750 -0
  34. package/dist/api/createApi.d.ts +12 -0
  35. package/dist/api/createApi.js +19 -0
  36. package/dist/api/getSession.cjs +141 -0
  37. package/dist/api/getSession.d.ts +16 -0
  38. package/dist/api/getSession.js +10 -0
  39. package/dist/api/signIn.cjs +549 -0
  40. package/dist/api/signIn.d.ts +26 -0
  41. package/dist/api/signIn.js +15 -0
  42. package/dist/api/signOut.cjs +279 -0
  43. package/dist/api/signOut.d.ts +16 -0
  44. package/dist/api/signOut.js +13 -0
  45. package/dist/assert.cjs +150 -5
  46. package/dist/assert.d.ts +26 -3
  47. package/dist/assert.js +17 -3
  48. package/dist/{chunk-YRCB5FLE.js → chunk-2A5B7GWR.js} +52 -6
  49. package/dist/chunk-2GQLSIJ2.js +40 -0
  50. package/dist/chunk-2IR674WX.js +44 -0
  51. package/dist/chunk-3J5TUH2I.js +50 -0
  52. package/dist/chunk-4RWSYUKX.js +98 -0
  53. package/dist/chunk-4YHJ4IEQ.js +25 -0
  54. package/dist/chunk-54CZPKR4.js +25 -0
  55. package/dist/chunk-5LZ7TOM3.js +25 -0
  56. package/dist/chunk-7BE46WWS.js +88 -0
  57. package/dist/chunk-7YYXFKLR.js +35 -0
  58. package/dist/chunk-C3A37LQC.js +33 -0
  59. package/dist/chunk-CITNGXDA.js +31 -0
  60. package/dist/chunk-CWX724AG.js +78 -0
  61. package/dist/chunk-D2CSIUKP.js +74 -0
  62. package/dist/chunk-E6G5YCI6.js +25 -0
  63. package/dist/chunk-EBAMFRB7.js +34 -0
  64. package/dist/chunk-EEE7UM5T.js +25 -0
  65. package/dist/{chunk-HT4YLL7N.js → chunk-FPCVZUVG.js} +10 -8
  66. package/dist/chunk-FW4W3REU.js +25 -0
  67. package/dist/chunk-GNNBM2WJ.js +83 -0
  68. package/dist/chunk-IPKO6UQN.js +25 -0
  69. package/dist/chunk-JOCGX3RP.js +59 -0
  70. package/dist/chunk-KBXWTD6E.js +94 -0
  71. package/dist/chunk-KMMAZFSJ.js +25 -0
  72. package/dist/chunk-LATR3NIV.js +117 -0
  73. package/dist/chunk-LAYPUDQF.js +39 -0
  74. package/dist/chunk-LDU7A2JE.js +25 -0
  75. package/dist/chunk-LX3TJ2TJ.js +294 -0
  76. package/dist/chunk-NHZBQNRR.js +143 -0
  77. package/dist/chunk-OVHNRULD.js +33 -0
  78. package/dist/chunk-PDP3PHB3.js +127 -0
  79. package/dist/chunk-PHYNROD4.js +47 -0
  80. package/dist/chunk-QQEKY4XP.js +29 -0
  81. package/dist/chunk-U4RK4LKJ.js +348 -0
  82. package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
  83. package/dist/chunk-UN7X6SU5.js +53 -0
  84. package/dist/chunk-UZQJJD6A.js +100 -0
  85. package/dist/chunk-V6LLEAR4.js +80 -0
  86. package/dist/chunk-WHNDRO3N.js +50 -0
  87. package/dist/{chunk-W6LG7BFW.js → chunk-XY5R3EHH.js} +30 -23
  88. package/dist/client/client.cjs +135 -0
  89. package/dist/client/client.d.ts +85 -0
  90. package/dist/client/client.js +9 -0
  91. package/dist/client/index.cjs +135 -0
  92. package/dist/client/index.d.ts +14 -0
  93. package/dist/client/index.js +10 -0
  94. package/dist/context.cjs +1237 -0
  95. package/dist/context.d.ts +16 -0
  96. package/dist/context.js +28 -0
  97. package/dist/cookie.cjs +57 -22
  98. package/dist/cookie.d.ts +11 -6
  99. package/dist/cookie.js +3 -2
  100. package/dist/createAuth.cjs +2320 -0
  101. package/dist/createAuth.d.ts +12 -0
  102. package/dist/createAuth.js +48 -0
  103. package/dist/env.cjs +78 -0
  104. package/dist/env.d.ts +10 -0
  105. package/dist/env.js +12 -0
  106. package/dist/errors.cjs +17 -0
  107. package/dist/errors.d.ts +15 -4
  108. package/dist/errors.js +5 -1
  109. package/dist/headers.cjs +28 -2
  110. package/dist/headers.d.ts +25 -1
  111. package/dist/headers.js +9 -3
  112. package/dist/index-_aXtxb_s.d.ts +1377 -0
  113. package/dist/index.cjs +1843 -610
  114. package/dist/index.d.ts +11 -92
  115. package/dist/index.js +53 -85
  116. package/dist/jose.cjs +113 -38
  117. package/dist/jose.d.ts +12 -23
  118. package/dist/jose.js +17 -7
  119. package/dist/logger.cjs +424 -0
  120. package/dist/logger.d.ts +12 -0
  121. package/dist/logger.js +17 -0
  122. package/dist/oauth/atlassian.cjs +57 -0
  123. package/dist/oauth/atlassian.d.ts +12 -0
  124. package/dist/oauth/atlassian.js +6 -0
  125. package/dist/oauth/bitbucket.cjs +19 -15
  126. package/dist/oauth/bitbucket.d.ts +7 -2
  127. package/dist/oauth/bitbucket.js +1 -1
  128. package/dist/oauth/discord.cjs +27 -24
  129. package/dist/oauth/discord.d.ts +7 -2
  130. package/dist/oauth/discord.js +1 -1
  131. package/dist/oauth/dropbox.cjs +53 -0
  132. package/dist/oauth/dropbox.d.ts +12 -0
  133. package/dist/oauth/dropbox.js +6 -0
  134. package/dist/oauth/figma.cjs +19 -16
  135. package/dist/oauth/figma.d.ts +7 -2
  136. package/dist/oauth/figma.js +1 -1
  137. package/dist/oauth/github.cjs +19 -8
  138. package/dist/oauth/github.d.ts +7 -2
  139. package/dist/oauth/github.js +1 -1
  140. package/dist/oauth/gitlab.cjs +19 -16
  141. package/dist/oauth/gitlab.d.ts +7 -2
  142. package/dist/oauth/gitlab.js +1 -1
  143. package/dist/oauth/index.cjs +529 -239
  144. package/dist/oauth/index.d.ts +7 -2
  145. package/dist/oauth/index.js +39 -22
  146. package/dist/oauth/mailchimp.cjs +19 -16
  147. package/dist/oauth/mailchimp.d.ts +7 -2
  148. package/dist/oauth/mailchimp.js +1 -1
  149. package/dist/oauth/notion.cjs +131 -0
  150. package/dist/oauth/notion.d.ts +12 -0
  151. package/dist/oauth/notion.js +9 -0
  152. package/dist/oauth/pinterest.cjs +19 -16
  153. package/dist/oauth/pinterest.d.ts +7 -2
  154. package/dist/oauth/pinterest.js +1 -1
  155. package/dist/oauth/spotify.cjs +19 -16
  156. package/dist/oauth/spotify.d.ts +7 -2
  157. package/dist/oauth/spotify.js +1 -1
  158. package/dist/oauth/strava.cjs +19 -16
  159. package/dist/oauth/strava.d.ts +7 -2
  160. package/dist/oauth/strava.js +1 -1
  161. package/dist/oauth/twitch.cjs +95 -0
  162. package/dist/oauth/twitch.d.ts +12 -0
  163. package/dist/oauth/twitch.js +7 -0
  164. package/dist/oauth/x.cjs +19 -16
  165. package/dist/oauth/x.d.ts +7 -2
  166. package/dist/oauth/x.js +1 -1
  167. package/dist/schemas.cjs +89 -42
  168. package/dist/schemas.d.ts +114 -18
  169. package/dist/schemas.js +5 -3
  170. package/dist/secure.cjs +73 -31
  171. package/dist/secure.d.ts +11 -11
  172. package/dist/secure.js +7 -6
  173. package/dist/utils.cjs +203 -90
  174. package/dist/utils.d.ts +21 -40
  175. package/dist/utils.js +21 -12
  176. package/package.json +9 -6
  177. package/dist/chunk-3EUWD5BB.js +0 -63
  178. package/dist/chunk-42XB3YCW.js +0 -22
  179. package/dist/chunk-6R2YZ4AC.js +0 -22
  180. package/dist/chunk-A3N4PVAT.js +0 -70
  181. package/dist/chunk-B737EUJV.js +0 -22
  182. package/dist/chunk-CXLATHS5.js +0 -143
  183. package/dist/chunk-E3OXBRYF.js +0 -22
  184. package/dist/chunk-EIL2FPSS.js +0 -22
  185. package/dist/chunk-EMKJA2GJ.js +0 -89
  186. package/dist/chunk-FIPU4MLT.js +0 -21
  187. package/dist/chunk-FKRDCWBF.js +0 -22
  188. package/dist/chunk-GA2SMTJO.js +0 -58
  189. package/dist/chunk-HP34YGGJ.js +0 -22
  190. package/dist/chunk-IKHPGFCW.js +0 -14
  191. package/dist/chunk-IUYZQTJV.js +0 -30
  192. package/dist/chunk-IVET23KF.js +0 -58
  193. package/dist/chunk-JVFTCTTE.js +0 -33
  194. package/dist/chunk-KRNOMBXQ.js +0 -22
  195. package/dist/chunk-KSWLO5ZU.js +0 -102
  196. package/dist/chunk-N2APGLXA.js +0 -71
  197. package/dist/chunk-N4SX7TZT.js +0 -96
  198. package/dist/chunk-STHEPPUZ.js +0 -11
  199. package/dist/chunk-TLE4PXY3.js +0 -39
  200. package/dist/index-B8jeIElf.d.ts +0 -679
  201. /package/dist/{chunk-DIVDFNAP.js → chunk-5X7JZMEF.js} +0 -0
@@ -1,70 +0,0 @@
1
- import {
2
- createRedirectTo
3
- } from "./chunk-N4SX7TZT.js";
4
- import {
5
- expiredCookieAttributes
6
- } from "./chunk-W6LG7BFW.js";
7
- import {
8
- cacheControl
9
- } from "./chunk-STHEPPUZ.js";
10
- import {
11
- verifyCSRF
12
- } from "./chunk-N2APGLXA.js";
13
- import {
14
- getNormalizedOriginPath
15
- } from "./chunk-CXLATHS5.js";
16
- import {
17
- AuthSecurityError
18
- } from "./chunk-RRLIF4PQ.js";
19
-
20
- // src/actions/signOut/signOut.ts
21
- import { z } from "zod";
22
- import { createEndpoint, createEndpointConfig, HeadersBuilder, statusCode } from "@aura-stack/router";
23
- var config = createEndpointConfig({
24
- schemas: {
25
- searchParams: z.object({
26
- token_type_hint: z.literal("session_token"),
27
- redirectTo: z.string().optional()
28
- })
29
- }
30
- });
31
- var signOutAction = createEndpoint(
32
- "POST",
33
- "/signOut",
34
- async (ctx) => {
35
- const {
36
- request,
37
- headers,
38
- searchParams: { redirectTo },
39
- context: { jose, cookies }
40
- } = ctx;
41
- const session = headers.getCookie(cookies.sessionToken.name);
42
- const csrfToken = headers.getCookie(cookies.csrfToken.name);
43
- const header = headers.getHeader("X-CSRF-Token");
44
- if (!session) {
45
- throw new AuthSecurityError("SESSION_TOKEN_MISSING", "The sessionToken is missing.");
46
- }
47
- if (!csrfToken) {
48
- throw new AuthSecurityError("CSRF_TOKEN_MISSING", "The CSRF token is missing.");
49
- }
50
- if (!header) {
51
- throw new AuthSecurityError("CSRF_TOKEN_MISSING", "The CSRF header is missing.");
52
- }
53
- await verifyCSRF(jose, csrfToken, header);
54
- await jose.decodeJWT(session);
55
- const normalizedOriginPath = getNormalizedOriginPath(request.url);
56
- const location = createRedirectTo(
57
- new Request(normalizedOriginPath, {
58
- headers: headers.toHeaders()
59
- }),
60
- redirectTo
61
- );
62
- const headersList = new HeadersBuilder(cacheControl).setHeader("Location", location).setCookie(cookies.csrfToken.name, "", expiredCookieAttributes).setCookie(cookies.sessionToken.name, "", expiredCookieAttributes).toHeaders();
63
- return Response.json({ message: "Signed out successfully" }, { status: statusCode.ACCEPTED, headers: headersList });
64
- },
65
- config
66
- );
67
-
68
- export {
69
- signOutAction
70
- };
@@ -1,22 +0,0 @@
1
- // src/oauth/mailchimp.ts
2
- var mailchimp = {
3
- id: "mailchimp",
4
- name: "Mailchimp",
5
- authorizeURL: "https://login.mailchimp.com/oauth2/authorize",
6
- accessToken: "https://login.mailchimp.com/oauth2/token",
7
- userInfo: "https://login.mailchimp.com/oauth2/metadata",
8
- scope: "",
9
- responseType: "code",
10
- profile(profile) {
11
- return {
12
- sub: profile.user_id,
13
- name: profile.accountname,
14
- email: profile.login.login_email,
15
- image: null
16
- };
17
- }
18
- };
19
-
20
- export {
21
- mailchimp
22
- };
@@ -1,143 +0,0 @@
1
- import {
2
- isAuthInternalError,
3
- isAuthSecurityError,
4
- isOAuthProtocolError
5
- } from "./chunk-RRLIF4PQ.js";
6
-
7
- // src/utils.ts
8
- import { isInvalidZodSchemaError, isRouterError } from "@aura-stack/router";
9
- var toSnakeCase = (str) => {
10
- return str.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2").toLowerCase().replace(/^_+/, "");
11
- };
12
- var toUpperCase = (str) => {
13
- return str.toUpperCase();
14
- };
15
- var toCastCase = (obj, type = "snake") => {
16
- return Object.entries(obj).reduce((previous, [key, value]) => {
17
- const newKey = type === "snake" ? toSnakeCase(key) : toUpperCase(key);
18
- return { ...previous, [newKey]: value };
19
- }, {});
20
- };
21
- var equals = (a, b) => {
22
- if (a === null || b === null || a === void 0 || b === void 0) return false;
23
- return a === b;
24
- };
25
- var sanitizeURL = (url) => {
26
- try {
27
- let decodedURL = decodeURIComponent(url).trim();
28
- const protocolMatch = decodedURL.match(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)/);
29
- let protocol = "";
30
- let rest = decodedURL;
31
- if (protocolMatch) {
32
- protocol = protocolMatch[1];
33
- rest = decodedURL.slice(protocol.length);
34
- const slashIndex = rest.indexOf("/");
35
- if (slashIndex === -1) {
36
- return protocol + rest;
37
- }
38
- const domain = rest.slice(0, slashIndex);
39
- let path = rest.slice(slashIndex).replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
40
- if (path !== "/" && path.endsWith("/")) {
41
- path = path.replace(/\/+$/, "/");
42
- } else if (path !== "/") {
43
- path = path.replace(/\/+$/, "");
44
- }
45
- return protocol + domain + path;
46
- }
47
- let sanitized = decodedURL.replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
48
- if (sanitized !== "/" && sanitized.endsWith("/")) {
49
- sanitized = sanitized.replace(/\/+$/, "/");
50
- } else if (sanitized !== "/") {
51
- sanitized = sanitized.replace(/\/+$/, "");
52
- }
53
- return sanitized;
54
- } catch {
55
- return url.trim();
56
- }
57
- };
58
- var isValidRelativePath = (path) => {
59
- if (!path || typeof path !== "string") return false;
60
- if (!path.startsWith("/") || path.includes("://") || path.includes("\r") || path.includes("\n")) return false;
61
- if (/[\x00-\x1F\x7F]/.test(path) || path.includes("\0")) return false;
62
- const sanitized = sanitizeURL(path);
63
- if (sanitized.includes("..")) return false;
64
- return true;
65
- };
66
- var onErrorHandler = (error) => {
67
- if (isRouterError(error)) {
68
- const { message, status, statusText } = error;
69
- return Response.json({ type: "ROUTER_ERROR", code: "ROUTER_INTERNAL_ERROR", message }, { status, statusText });
70
- }
71
- if (isInvalidZodSchemaError(error)) {
72
- return Response.json({ type: "ROUTER_ERROR", code: "INVALID_REQUEST", message: error.errors }, { status: 422 });
73
- }
74
- if (isOAuthProtocolError(error)) {
75
- const { error: errorCode, message, type, errorURI } = error;
76
- return Response.json(
77
- {
78
- type,
79
- error: errorCode,
80
- error_description: message,
81
- error_uri: errorURI
82
- },
83
- { status: 400 }
84
- );
85
- }
86
- if (isAuthInternalError(error) || isAuthSecurityError(error)) {
87
- const { type, code, message } = error;
88
- return Response.json(
89
- {
90
- type,
91
- code,
92
- message
93
- },
94
- { status: 400 }
95
- );
96
- }
97
- return Response.json({ type: "SERVER_ERROR", code: "server_error", message: "An unexpected error occurred" }, { status: 500 });
98
- };
99
- var getNormalizedOriginPath = (path) => {
100
- try {
101
- const url = new URL(path);
102
- url.hash = "";
103
- url.search = "";
104
- return `${url.origin}${url.pathname}`;
105
- } catch {
106
- return sanitizeURL(path);
107
- }
108
- };
109
- var toISOString = (date) => {
110
- return new Date(date).toISOString();
111
- };
112
- var useSecureCookies = (request, trustedProxyHeaders) => {
113
- return trustedProxyHeaders ? request.url.startsWith("https://") || request.headers.get("X-Forwarded-Proto") === "https" || (request.headers.get("Forwarded")?.includes("proto=https") ?? false) : request.url.startsWith("https://");
114
- };
115
- var formatZodError = (error) => {
116
- if (!error.issues || error.issues.length === 0) {
117
- return {};
118
- }
119
- return error.issues.reduce((previous, issue) => {
120
- const key = issue.path.join(".");
121
- return {
122
- ...previous,
123
- [key]: {
124
- code: issue.code,
125
- message: issue.message
126
- }
127
- };
128
- }, {});
129
- };
130
-
131
- export {
132
- toSnakeCase,
133
- toUpperCase,
134
- toCastCase,
135
- equals,
136
- sanitizeURL,
137
- isValidRelativePath,
138
- onErrorHandler,
139
- getNormalizedOriginPath,
140
- toISOString,
141
- useSecureCookies,
142
- formatZodError
143
- };
@@ -1,22 +0,0 @@
1
- // src/oauth/spotify.ts
2
- var spotify = {
3
- id: "spotify",
4
- name: "Spotify",
5
- authorizeURL: "https://accounts.spotify.com/authorize",
6
- accessToken: "https://accounts.spotify.com/api/token",
7
- userInfo: "https://api.spotify.com/v1/me",
8
- scope: "user-read-email user-read-private",
9
- responseType: "token",
10
- profile(profile) {
11
- return {
12
- sub: profile.id,
13
- name: profile.display_name,
14
- email: profile.email,
15
- image: profile.images?.[0]?.url
16
- };
17
- }
18
- };
19
-
20
- export {
21
- spotify
22
- };
@@ -1,22 +0,0 @@
1
- // src/assert.ts
2
- var isFalsy = (value) => {
3
- return value === false || value === 0 || value === "" || value === null || value === void 0 || Number.isNaN(value);
4
- };
5
- var isRequest = (value) => {
6
- return typeof Request !== "undefined" && value instanceof Request;
7
- };
8
- var isValidURL = (value) => {
9
- if (value.includes("\r\n") || value.includes("\n") || value.includes("\r")) return false;
10
- const regex = /^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()*+,;=:@-]*)*\/?$/;
11
- return regex.test(value);
12
- };
13
- var isJWTPayloadWithToken = (payload) => {
14
- return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
15
- };
16
-
17
- export {
18
- isFalsy,
19
- isRequest,
20
- isValidURL,
21
- isJWTPayloadWithToken
22
- };
@@ -1,89 +0,0 @@
1
- import {
2
- x
3
- } from "./chunk-42XB3YCW.js";
4
- import {
5
- figma
6
- } from "./chunk-FKRDCWBF.js";
7
- import {
8
- github
9
- } from "./chunk-IKHPGFCW.js";
10
- import {
11
- gitlab
12
- } from "./chunk-KRNOMBXQ.js";
13
- import {
14
- mailchimp
15
- } from "./chunk-B737EUJV.js";
16
- import {
17
- pinterest
18
- } from "./chunk-HP34YGGJ.js";
19
- import {
20
- spotify
21
- } from "./chunk-E3OXBRYF.js";
22
- import {
23
- strava
24
- } from "./chunk-6R2YZ4AC.js";
25
- import {
26
- bitbucket
27
- } from "./chunk-FIPU4MLT.js";
28
- import {
29
- discord
30
- } from "./chunk-IUYZQTJV.js";
31
- import {
32
- formatZodError
33
- } from "./chunk-CXLATHS5.js";
34
- import {
35
- AuthInternalError
36
- } from "./chunk-RRLIF4PQ.js";
37
- import {
38
- OAuthEnvSchema
39
- } from "./chunk-YRCB5FLE.js";
40
-
41
- // src/oauth/index.ts
42
- var builtInOAuthProviders = {
43
- github,
44
- bitbucket,
45
- figma,
46
- discord,
47
- gitlab,
48
- spotify,
49
- x,
50
- strava,
51
- mailchimp,
52
- pinterest
53
- };
54
- var defineOAuthEnvironment = (oauth) => {
55
- const env = process.env;
56
- const clientIdSuffix = `${oauth.toUpperCase()}_CLIENT_ID`;
57
- const clientSecretSuffix = `${oauth.toUpperCase()}_CLIENT_SECRET`;
58
- const loadEnvs = OAuthEnvSchema.safeParse({
59
- clientId: env[`AURA_AUTH_${clientIdSuffix}`] ?? env[`AUTH_${clientIdSuffix}`] ?? env[`${clientIdSuffix}`],
60
- clientSecret: env[`AURA_AUTH_${clientSecretSuffix}`] ?? env[`AUTH_${clientSecretSuffix}`] ?? env[`${clientSecretSuffix}`]
61
- });
62
- if (!loadEnvs.success) {
63
- const msg = JSON.stringify(formatZodError(loadEnvs.error), null, 2);
64
- throw new AuthInternalError("INVALID_ENVIRONMENT_CONFIGURATION", msg);
65
- }
66
- return loadEnvs.data;
67
- };
68
- var defineOAuthProviderConfig = (config) => {
69
- if (typeof config === "string") {
70
- const definition = defineOAuthEnvironment(config);
71
- const oauthConfig = builtInOAuthProviders[config];
72
- return {
73
- ...oauthConfig,
74
- ...definition
75
- };
76
- }
77
- return config;
78
- };
79
- var createBuiltInOAuthProviders = (oauth = []) => {
80
- return oauth.reduce((previous, config) => {
81
- const oauthConfig = defineOAuthProviderConfig(config);
82
- return { ...previous, [oauthConfig.id]: oauthConfig };
83
- }, {});
84
- };
85
-
86
- export {
87
- builtInOAuthProviders,
88
- createBuiltInOAuthProviders
89
- };
@@ -1,21 +0,0 @@
1
- // src/oauth/bitbucket.ts
2
- var bitbucket = {
3
- id: "bitbucket",
4
- name: "Bitbucket",
5
- authorizeURL: "https://bitbucket.org/site/oauth2/authorize",
6
- accessToken: "https://bitbucket.org/site/oauth2/access_token",
7
- userInfo: "https://api.bitbucket.org/2.0/user",
8
- scope: "account email",
9
- responseType: "code",
10
- profile(profile) {
11
- return {
12
- sub: profile.uuid ?? profile.account_id,
13
- name: profile.display_name ?? profile.nickname,
14
- image: profile.links.avatar.href
15
- };
16
- }
17
- };
18
-
19
- export {
20
- bitbucket
21
- };
@@ -1,22 +0,0 @@
1
- // src/oauth/figma.ts
2
- var figma = {
3
- id: "figma",
4
- name: "Figma",
5
- authorizeURL: "https://www.figma.com/oauth",
6
- accessToken: "https://api.figma.com/v1/oauth/token",
7
- userInfo: "https://api.figma.com/v1/me",
8
- scope: "current_user:read",
9
- responseType: "code",
10
- profile(profile) {
11
- return {
12
- sub: profile.id,
13
- name: profile.handle,
14
- email: profile.email,
15
- image: profile.img_url
16
- };
17
- }
18
- };
19
-
20
- export {
21
- figma
22
- };
@@ -1,58 +0,0 @@
1
- import {
2
- formatZodError
3
- } from "./chunk-CXLATHS5.js";
4
- import {
5
- AuthInternalError,
6
- OAuthProtocolError
7
- } from "./chunk-RRLIF4PQ.js";
8
- import {
9
- fetchAsync
10
- } from "./chunk-ZNCZVF6U.js";
11
- import {
12
- OAuthAccessToken,
13
- OAuthAccessTokenErrorResponse,
14
- OAuthAccessTokenResponse
15
- } from "./chunk-YRCB5FLE.js";
16
-
17
- // src/actions/callback/access-token.ts
18
- var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) => {
19
- const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier });
20
- if (!parsed.success) {
21
- const msg = JSON.stringify(formatZodError(parsed.error), null, 2);
22
- throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", msg);
23
- }
24
- const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data;
25
- try {
26
- const response = await fetchAsync(accessToken, {
27
- method: "POST",
28
- headers: {
29
- Accept: "application/json",
30
- "Content-Type": "application/x-www-form-urlencoded"
31
- },
32
- body: new URLSearchParams({
33
- client_id: clientId,
34
- client_secret: clientSecret,
35
- code: codeParsed,
36
- redirect_uri: redirectParsed,
37
- grant_type: "authorization_code",
38
- code_verifier: codeVerifier
39
- }).toString()
40
- });
41
- const json = await response.json();
42
- const token = OAuthAccessTokenResponse.safeParse(json);
43
- if (!token.success) {
44
- const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json);
45
- if (!success) {
46
- throw new OAuthProtocolError("INVALID_REQUEST", "Invalid access token response format");
47
- }
48
- throw new OAuthProtocolError(data.error, data?.error_description ?? "Failed to retrieve access token");
49
- }
50
- return token.data;
51
- } catch (error) {
52
- throw error;
53
- }
54
- };
55
-
56
- export {
57
- createAccessToken
58
- };
@@ -1,22 +0,0 @@
1
- // src/oauth/pinterest.ts
2
- var pinterest = {
3
- id: "pinterest",
4
- name: "Pinterest",
5
- authorizeURL: "https://api.pinterest.com/oauth/",
6
- accessToken: "https://api.pinterest.com/v5/oauth/token",
7
- userInfo: "https://api.pinterest.com/v5/user_account",
8
- scope: "user_accounts:read",
9
- responseType: "code",
10
- profile(profile) {
11
- return {
12
- sub: profile.id,
13
- name: profile.username,
14
- email: null,
15
- image: profile.profile_image
16
- };
17
- }
18
- };
19
-
20
- export {
21
- pinterest
22
- };
@@ -1,14 +0,0 @@
1
- // src/oauth/github.ts
2
- var github = {
3
- id: "github",
4
- name: "GitHub",
5
- authorizeURL: "https://github.com/login/oauth/authorize",
6
- accessToken: "https://github.com/login/oauth/access_token",
7
- userInfo: "https://api.github.com/user",
8
- scope: "read:user user:email",
9
- responseType: "code"
10
- };
11
-
12
- export {
13
- github
14
- };
@@ -1,30 +0,0 @@
1
- // src/oauth/discord.ts
2
- var discord = {
3
- id: "discord",
4
- name: "Discord",
5
- authorizeURL: "https://discord.com/oauth2/authorize",
6
- accessToken: "https://discord.com/api/oauth2/token",
7
- userInfo: "https://discord.com/api/users/@me",
8
- scope: "identify email",
9
- responseType: "code",
10
- profile(profile) {
11
- let image = "";
12
- if (profile.avatar === null) {
13
- const index = profile.discriminator === "0" ? (BigInt(profile.id) >> 22n) % 6n : Number(profile.discriminator) % 5;
14
- image = `https://cdn.discordapp.com/embed/avatars/${index}.png`;
15
- } else {
16
- const format = profile.avatar.startsWith("a_") ? "gif" : "png";
17
- image = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
18
- }
19
- return {
20
- sub: profile.id,
21
- name: profile.global_name ?? profile.username,
22
- email: profile.email ?? "",
23
- image
24
- };
25
- }
26
- };
27
-
28
- export {
29
- discord
30
- };
@@ -1,58 +0,0 @@
1
- import {
2
- generateSecure
3
- } from "./chunk-N2APGLXA.js";
4
- import {
5
- OAuthProtocolError,
6
- isNativeError,
7
- isOAuthProtocolError
8
- } from "./chunk-RRLIF4PQ.js";
9
- import {
10
- fetchAsync
11
- } from "./chunk-ZNCZVF6U.js";
12
- import {
13
- OAuthErrorResponse
14
- } from "./chunk-YRCB5FLE.js";
15
-
16
- // src/actions/callback/userinfo.ts
17
- var getDefaultUserInfo = (profile) => {
18
- const sub = generateSecure(16);
19
- return {
20
- sub: profile?.id ?? profile?.sub ?? sub,
21
- email: profile?.email,
22
- name: profile?.name ?? profile?.username ?? profile?.nickname,
23
- image: profile?.image ?? profile?.picture
24
- };
25
- };
26
- var getUserInfo = async (oauthConfig, accessToken) => {
27
- const userinfoEndpoint = oauthConfig.userInfo;
28
- try {
29
- const response = await fetchAsync(userinfoEndpoint, {
30
- method: "GET",
31
- headers: {
32
- Accept: "application/json",
33
- Authorization: `Bearer ${accessToken}`
34
- }
35
- });
36
- const json = await response.json();
37
- const { success, data } = OAuthErrorResponse.safeParse(json);
38
- if (success) {
39
- throw new OAuthProtocolError(
40
- data.error,
41
- data?.error_description ?? "An error occurred while fetching user information."
42
- );
43
- }
44
- return oauthConfig?.profile ? oauthConfig.profile(json) : getDefaultUserInfo(json);
45
- } catch (error) {
46
- if (isOAuthProtocolError(error)) {
47
- throw error;
48
- }
49
- if (isNativeError(error)) {
50
- throw new OAuthProtocolError("invalid_request", error.message, "", { cause: error });
51
- }
52
- throw new OAuthProtocolError("invalid_request", "Failed to fetch user information.", "", { cause: error });
53
- }
54
- };
55
-
56
- export {
57
- getUserInfo
58
- };
@@ -1,33 +0,0 @@
1
- import {
2
- expiredCookieAttributes,
3
- getCookie
4
- } from "./chunk-W6LG7BFW.js";
5
- import {
6
- cacheControl
7
- } from "./chunk-STHEPPUZ.js";
8
- import {
9
- toISOString
10
- } from "./chunk-CXLATHS5.js";
11
-
12
- // src/actions/session/session.ts
13
- import { createEndpoint, HeadersBuilder } from "@aura-stack/router";
14
- var sessionAction = createEndpoint("GET", "/session", async (ctx) => {
15
- const {
16
- request,
17
- context: { jose, cookies }
18
- } = ctx;
19
- try {
20
- const session = getCookie(request, cookies.sessionToken.name);
21
- const decoded = await jose.decodeJWT(session);
22
- const { exp, iat, jti, nbf, ...user } = decoded;
23
- const headers = new Headers(cacheControl);
24
- return Response.json({ user, expires: toISOString(exp * 1e3) }, { headers });
25
- } catch (error) {
26
- const headers = new HeadersBuilder(cacheControl).setCookie(cookies.sessionToken.name, "", expiredCookieAttributes).toHeaders();
27
- return Response.json({ authenticated: false, message: "Unauthorized" }, { status: 401, headers });
28
- }
29
- });
30
-
31
- export {
32
- sessionAction
33
- };
@@ -1,22 +0,0 @@
1
- // src/oauth/gitlab.ts
2
- var gitlab = {
3
- id: "gitlab",
4
- name: "GitLab",
5
- authorizeURL: "https://gitlab.com/oauth/authorize",
6
- accessToken: "https://gitlab.com/oauth/token",
7
- userInfo: "https://gitlab.com/api/v4/user",
8
- scope: "read_user",
9
- responseType: "code",
10
- profile(profile) {
11
- return {
12
- sub: profile.id.toString(),
13
- name: profile.name ?? profile.username,
14
- email: profile.email,
15
- avatar: profile.avatar_url
16
- };
17
- }
18
- };
19
-
20
- export {
21
- gitlab
22
- };