@aura-stack/auth 0.4.0-rc.5 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +8 -3
- package/dist/@types/router.d.cjs +0 -17
- package/dist/@types/router.d.d.ts +7 -2
- package/dist/@types/router.d.js +0 -1
- package/dist/actions/callback/access-token.cjs +130 -71
- package/dist/actions/callback/access-token.d.ts +9 -4
- package/dist/actions/callback/access-token.js +3 -4
- package/dist/actions/callback/callback.cjs +428 -152
- package/dist/actions/callback/callback.d.ts +11 -3
- package/dist/actions/callback/callback.js +12 -10
- package/dist/actions/callback/userinfo.cjs +159 -65
- package/dist/actions/callback/userinfo.d.ts +8 -3
- package/dist/actions/callback/userinfo.js +7 -6
- package/dist/actions/csrfToken/csrfToken.cjs +70 -19
- package/dist/actions/csrfToken/csrfToken.js +8 -7
- package/dist/actions/index.cjs +780 -348
- package/dist/actions/index.d.ts +6 -2
- package/dist/actions/index.js +23 -18
- package/dist/actions/session/session.cjs +107 -26
- package/dist/actions/session/session.js +7 -5
- package/dist/actions/signIn/authorization-url.cjs +288 -0
- package/dist/actions/signIn/authorization-url.d.ts +31 -0
- package/dist/actions/signIn/authorization-url.js +16 -0
- package/dist/actions/signIn/authorization.cjs +209 -211
- package/dist/actions/signIn/authorization.d.ts +32 -21
- package/dist/actions/signIn/authorization.js +12 -9
- package/dist/actions/signIn/signIn.cjs +470 -235
- package/dist/actions/signIn/signIn.d.ts +12 -3
- package/dist/actions/signIn/signIn.js +11 -8
- package/dist/actions/signOut/signOut.cjs +376 -228
- package/dist/actions/signOut/signOut.d.ts +1 -1
- package/dist/actions/signOut/signOut.js +10 -9
- package/dist/api/createApi.cjs +750 -0
- package/dist/api/createApi.d.ts +12 -0
- package/dist/api/createApi.js +19 -0
- package/dist/api/getSession.cjs +141 -0
- package/dist/api/getSession.d.ts +16 -0
- package/dist/api/getSession.js +10 -0
- package/dist/api/signIn.cjs +549 -0
- package/dist/api/signIn.d.ts +26 -0
- package/dist/api/signIn.js +15 -0
- package/dist/api/signOut.cjs +279 -0
- package/dist/api/signOut.d.ts +16 -0
- package/dist/api/signOut.js +13 -0
- package/dist/assert.cjs +150 -5
- package/dist/assert.d.ts +26 -3
- package/dist/assert.js +17 -3
- package/dist/{chunk-YRCB5FLE.js → chunk-2A5B7GWR.js} +52 -6
- package/dist/chunk-2GQLSIJ2.js +40 -0
- package/dist/chunk-2IR674WX.js +44 -0
- package/dist/chunk-3J5TUH2I.js +50 -0
- package/dist/chunk-4RWSYUKX.js +98 -0
- package/dist/chunk-4YHJ4IEQ.js +25 -0
- package/dist/chunk-54CZPKR4.js +25 -0
- package/dist/chunk-5LZ7TOM3.js +25 -0
- package/dist/chunk-7BE46WWS.js +88 -0
- package/dist/chunk-7YYXFKLR.js +35 -0
- package/dist/chunk-C3A37LQC.js +33 -0
- package/dist/chunk-CITNGXDA.js +31 -0
- package/dist/chunk-CWX724AG.js +78 -0
- package/dist/chunk-D2CSIUKP.js +74 -0
- package/dist/chunk-E6G5YCI6.js +25 -0
- package/dist/chunk-EBAMFRB7.js +34 -0
- package/dist/chunk-EEE7UM5T.js +25 -0
- package/dist/{chunk-HT4YLL7N.js → chunk-FPCVZUVG.js} +10 -8
- package/dist/chunk-FW4W3REU.js +25 -0
- package/dist/chunk-GNNBM2WJ.js +83 -0
- package/dist/chunk-IPKO6UQN.js +25 -0
- package/dist/chunk-JOCGX3RP.js +59 -0
- package/dist/chunk-KBXWTD6E.js +94 -0
- package/dist/chunk-KMMAZFSJ.js +25 -0
- package/dist/chunk-LATR3NIV.js +117 -0
- package/dist/chunk-LAYPUDQF.js +39 -0
- package/dist/chunk-LDU7A2JE.js +25 -0
- package/dist/chunk-LX3TJ2TJ.js +294 -0
- package/dist/chunk-NHZBQNRR.js +143 -0
- package/dist/chunk-OVHNRULD.js +33 -0
- package/dist/chunk-PDP3PHB3.js +127 -0
- package/dist/chunk-PHYNROD4.js +47 -0
- package/dist/chunk-QQEKY4XP.js +29 -0
- package/dist/chunk-U4RK4LKJ.js +348 -0
- package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
- package/dist/chunk-UN7X6SU5.js +53 -0
- package/dist/chunk-UZQJJD6A.js +100 -0
- package/dist/chunk-V6LLEAR4.js +80 -0
- package/dist/chunk-WHNDRO3N.js +50 -0
- package/dist/{chunk-W6LG7BFW.js → chunk-XY5R3EHH.js} +30 -23
- package/dist/client/client.cjs +135 -0
- package/dist/client/client.d.ts +85 -0
- package/dist/client/client.js +9 -0
- package/dist/client/index.cjs +135 -0
- package/dist/client/index.d.ts +14 -0
- package/dist/client/index.js +10 -0
- package/dist/context.cjs +1237 -0
- package/dist/context.d.ts +16 -0
- package/dist/context.js +28 -0
- package/dist/cookie.cjs +57 -22
- package/dist/cookie.d.ts +11 -6
- package/dist/cookie.js +3 -2
- package/dist/createAuth.cjs +2320 -0
- package/dist/createAuth.d.ts +12 -0
- package/dist/createAuth.js +48 -0
- package/dist/env.cjs +78 -0
- package/dist/env.d.ts +10 -0
- package/dist/env.js +12 -0
- package/dist/errors.cjs +17 -0
- package/dist/errors.d.ts +15 -4
- package/dist/errors.js +5 -1
- package/dist/headers.cjs +28 -2
- package/dist/headers.d.ts +25 -1
- package/dist/headers.js +9 -3
- package/dist/index-_aXtxb_s.d.ts +1377 -0
- package/dist/index.cjs +1843 -610
- package/dist/index.d.ts +11 -92
- package/dist/index.js +53 -85
- package/dist/jose.cjs +113 -38
- package/dist/jose.d.ts +12 -23
- package/dist/jose.js +17 -7
- package/dist/logger.cjs +424 -0
- package/dist/logger.d.ts +12 -0
- package/dist/logger.js +17 -0
- package/dist/oauth/atlassian.cjs +57 -0
- package/dist/oauth/atlassian.d.ts +12 -0
- package/dist/oauth/atlassian.js +6 -0
- package/dist/oauth/bitbucket.cjs +19 -15
- package/dist/oauth/bitbucket.d.ts +7 -2
- package/dist/oauth/bitbucket.js +1 -1
- package/dist/oauth/discord.cjs +27 -24
- package/dist/oauth/discord.d.ts +7 -2
- package/dist/oauth/discord.js +1 -1
- package/dist/oauth/dropbox.cjs +53 -0
- package/dist/oauth/dropbox.d.ts +12 -0
- package/dist/oauth/dropbox.js +6 -0
- package/dist/oauth/figma.cjs +19 -16
- package/dist/oauth/figma.d.ts +7 -2
- package/dist/oauth/figma.js +1 -1
- package/dist/oauth/github.cjs +19 -8
- package/dist/oauth/github.d.ts +7 -2
- package/dist/oauth/github.js +1 -1
- package/dist/oauth/gitlab.cjs +19 -16
- package/dist/oauth/gitlab.d.ts +7 -2
- package/dist/oauth/gitlab.js +1 -1
- package/dist/oauth/index.cjs +529 -239
- package/dist/oauth/index.d.ts +7 -2
- package/dist/oauth/index.js +39 -22
- package/dist/oauth/mailchimp.cjs +19 -16
- package/dist/oauth/mailchimp.d.ts +7 -2
- package/dist/oauth/mailchimp.js +1 -1
- package/dist/oauth/notion.cjs +131 -0
- package/dist/oauth/notion.d.ts +12 -0
- package/dist/oauth/notion.js +9 -0
- package/dist/oauth/pinterest.cjs +19 -16
- package/dist/oauth/pinterest.d.ts +7 -2
- package/dist/oauth/pinterest.js +1 -1
- package/dist/oauth/spotify.cjs +19 -16
- package/dist/oauth/spotify.d.ts +7 -2
- package/dist/oauth/spotify.js +1 -1
- package/dist/oauth/strava.cjs +19 -16
- package/dist/oauth/strava.d.ts +7 -2
- package/dist/oauth/strava.js +1 -1
- package/dist/oauth/twitch.cjs +95 -0
- package/dist/oauth/twitch.d.ts +12 -0
- package/dist/oauth/twitch.js +7 -0
- package/dist/oauth/x.cjs +19 -16
- package/dist/oauth/x.d.ts +7 -2
- package/dist/oauth/x.js +1 -1
- package/dist/schemas.cjs +89 -42
- package/dist/schemas.d.ts +114 -18
- package/dist/schemas.js +5 -3
- package/dist/secure.cjs +73 -31
- package/dist/secure.d.ts +11 -11
- package/dist/secure.js +7 -6
- package/dist/utils.cjs +203 -90
- package/dist/utils.d.ts +21 -40
- package/dist/utils.js +21 -12
- package/package.json +9 -6
- package/dist/chunk-3EUWD5BB.js +0 -63
- package/dist/chunk-42XB3YCW.js +0 -22
- package/dist/chunk-6R2YZ4AC.js +0 -22
- package/dist/chunk-A3N4PVAT.js +0 -70
- package/dist/chunk-B737EUJV.js +0 -22
- package/dist/chunk-CXLATHS5.js +0 -143
- package/dist/chunk-E3OXBRYF.js +0 -22
- package/dist/chunk-EIL2FPSS.js +0 -22
- package/dist/chunk-EMKJA2GJ.js +0 -89
- package/dist/chunk-FIPU4MLT.js +0 -21
- package/dist/chunk-FKRDCWBF.js +0 -22
- package/dist/chunk-GA2SMTJO.js +0 -58
- package/dist/chunk-HP34YGGJ.js +0 -22
- package/dist/chunk-IKHPGFCW.js +0 -14
- package/dist/chunk-IUYZQTJV.js +0 -30
- package/dist/chunk-IVET23KF.js +0 -58
- package/dist/chunk-JVFTCTTE.js +0 -33
- package/dist/chunk-KRNOMBXQ.js +0 -22
- package/dist/chunk-KSWLO5ZU.js +0 -102
- package/dist/chunk-N2APGLXA.js +0 -71
- package/dist/chunk-N4SX7TZT.js +0 -96
- package/dist/chunk-STHEPPUZ.js +0 -11
- package/dist/chunk-TLE4PXY3.js +0 -39
- package/dist/index-B8jeIElf.d.ts +0 -679
- /package/dist/{chunk-DIVDFNAP.js → chunk-5X7JZMEF.js} +0 -0
package/dist/chunk-A3N4PVAT.js
DELETED
|
@@ -1,70 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
createRedirectTo
|
|
3
|
-
} from "./chunk-N4SX7TZT.js";
|
|
4
|
-
import {
|
|
5
|
-
expiredCookieAttributes
|
|
6
|
-
} from "./chunk-W6LG7BFW.js";
|
|
7
|
-
import {
|
|
8
|
-
cacheControl
|
|
9
|
-
} from "./chunk-STHEPPUZ.js";
|
|
10
|
-
import {
|
|
11
|
-
verifyCSRF
|
|
12
|
-
} from "./chunk-N2APGLXA.js";
|
|
13
|
-
import {
|
|
14
|
-
getNormalizedOriginPath
|
|
15
|
-
} from "./chunk-CXLATHS5.js";
|
|
16
|
-
import {
|
|
17
|
-
AuthSecurityError
|
|
18
|
-
} from "./chunk-RRLIF4PQ.js";
|
|
19
|
-
|
|
20
|
-
// src/actions/signOut/signOut.ts
|
|
21
|
-
import { z } from "zod";
|
|
22
|
-
import { createEndpoint, createEndpointConfig, HeadersBuilder, statusCode } from "@aura-stack/router";
|
|
23
|
-
var config = createEndpointConfig({
|
|
24
|
-
schemas: {
|
|
25
|
-
searchParams: z.object({
|
|
26
|
-
token_type_hint: z.literal("session_token"),
|
|
27
|
-
redirectTo: z.string().optional()
|
|
28
|
-
})
|
|
29
|
-
}
|
|
30
|
-
});
|
|
31
|
-
var signOutAction = createEndpoint(
|
|
32
|
-
"POST",
|
|
33
|
-
"/signOut",
|
|
34
|
-
async (ctx) => {
|
|
35
|
-
const {
|
|
36
|
-
request,
|
|
37
|
-
headers,
|
|
38
|
-
searchParams: { redirectTo },
|
|
39
|
-
context: { jose, cookies }
|
|
40
|
-
} = ctx;
|
|
41
|
-
const session = headers.getCookie(cookies.sessionToken.name);
|
|
42
|
-
const csrfToken = headers.getCookie(cookies.csrfToken.name);
|
|
43
|
-
const header = headers.getHeader("X-CSRF-Token");
|
|
44
|
-
if (!session) {
|
|
45
|
-
throw new AuthSecurityError("SESSION_TOKEN_MISSING", "The sessionToken is missing.");
|
|
46
|
-
}
|
|
47
|
-
if (!csrfToken) {
|
|
48
|
-
throw new AuthSecurityError("CSRF_TOKEN_MISSING", "The CSRF token is missing.");
|
|
49
|
-
}
|
|
50
|
-
if (!header) {
|
|
51
|
-
throw new AuthSecurityError("CSRF_TOKEN_MISSING", "The CSRF header is missing.");
|
|
52
|
-
}
|
|
53
|
-
await verifyCSRF(jose, csrfToken, header);
|
|
54
|
-
await jose.decodeJWT(session);
|
|
55
|
-
const normalizedOriginPath = getNormalizedOriginPath(request.url);
|
|
56
|
-
const location = createRedirectTo(
|
|
57
|
-
new Request(normalizedOriginPath, {
|
|
58
|
-
headers: headers.toHeaders()
|
|
59
|
-
}),
|
|
60
|
-
redirectTo
|
|
61
|
-
);
|
|
62
|
-
const headersList = new HeadersBuilder(cacheControl).setHeader("Location", location).setCookie(cookies.csrfToken.name, "", expiredCookieAttributes).setCookie(cookies.sessionToken.name, "", expiredCookieAttributes).toHeaders();
|
|
63
|
-
return Response.json({ message: "Signed out successfully" }, { status: statusCode.ACCEPTED, headers: headersList });
|
|
64
|
-
},
|
|
65
|
-
config
|
|
66
|
-
);
|
|
67
|
-
|
|
68
|
-
export {
|
|
69
|
-
signOutAction
|
|
70
|
-
};
|
package/dist/chunk-B737EUJV.js
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
// src/oauth/mailchimp.ts
|
|
2
|
-
var mailchimp = {
|
|
3
|
-
id: "mailchimp",
|
|
4
|
-
name: "Mailchimp",
|
|
5
|
-
authorizeURL: "https://login.mailchimp.com/oauth2/authorize",
|
|
6
|
-
accessToken: "https://login.mailchimp.com/oauth2/token",
|
|
7
|
-
userInfo: "https://login.mailchimp.com/oauth2/metadata",
|
|
8
|
-
scope: "",
|
|
9
|
-
responseType: "code",
|
|
10
|
-
profile(profile) {
|
|
11
|
-
return {
|
|
12
|
-
sub: profile.user_id,
|
|
13
|
-
name: profile.accountname,
|
|
14
|
-
email: profile.login.login_email,
|
|
15
|
-
image: null
|
|
16
|
-
};
|
|
17
|
-
}
|
|
18
|
-
};
|
|
19
|
-
|
|
20
|
-
export {
|
|
21
|
-
mailchimp
|
|
22
|
-
};
|
package/dist/chunk-CXLATHS5.js
DELETED
|
@@ -1,143 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
isAuthInternalError,
|
|
3
|
-
isAuthSecurityError,
|
|
4
|
-
isOAuthProtocolError
|
|
5
|
-
} from "./chunk-RRLIF4PQ.js";
|
|
6
|
-
|
|
7
|
-
// src/utils.ts
|
|
8
|
-
import { isInvalidZodSchemaError, isRouterError } from "@aura-stack/router";
|
|
9
|
-
var toSnakeCase = (str) => {
|
|
10
|
-
return str.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2").toLowerCase().replace(/^_+/, "");
|
|
11
|
-
};
|
|
12
|
-
var toUpperCase = (str) => {
|
|
13
|
-
return str.toUpperCase();
|
|
14
|
-
};
|
|
15
|
-
var toCastCase = (obj, type = "snake") => {
|
|
16
|
-
return Object.entries(obj).reduce((previous, [key, value]) => {
|
|
17
|
-
const newKey = type === "snake" ? toSnakeCase(key) : toUpperCase(key);
|
|
18
|
-
return { ...previous, [newKey]: value };
|
|
19
|
-
}, {});
|
|
20
|
-
};
|
|
21
|
-
var equals = (a, b) => {
|
|
22
|
-
if (a === null || b === null || a === void 0 || b === void 0) return false;
|
|
23
|
-
return a === b;
|
|
24
|
-
};
|
|
25
|
-
var sanitizeURL = (url) => {
|
|
26
|
-
try {
|
|
27
|
-
let decodedURL = decodeURIComponent(url).trim();
|
|
28
|
-
const protocolMatch = decodedURL.match(/^([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)/);
|
|
29
|
-
let protocol = "";
|
|
30
|
-
let rest = decodedURL;
|
|
31
|
-
if (protocolMatch) {
|
|
32
|
-
protocol = protocolMatch[1];
|
|
33
|
-
rest = decodedURL.slice(protocol.length);
|
|
34
|
-
const slashIndex = rest.indexOf("/");
|
|
35
|
-
if (slashIndex === -1) {
|
|
36
|
-
return protocol + rest;
|
|
37
|
-
}
|
|
38
|
-
const domain = rest.slice(0, slashIndex);
|
|
39
|
-
let path = rest.slice(slashIndex).replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
|
|
40
|
-
if (path !== "/" && path.endsWith("/")) {
|
|
41
|
-
path = path.replace(/\/+$/, "/");
|
|
42
|
-
} else if (path !== "/") {
|
|
43
|
-
path = path.replace(/\/+$/, "");
|
|
44
|
-
}
|
|
45
|
-
return protocol + domain + path;
|
|
46
|
-
}
|
|
47
|
-
let sanitized = decodedURL.replace(/\/\.\.\//g, "/").replace(/\/\.\.$/, "").replace(/\.{2,}/g, "").replace(/\/{2,}/g, "/");
|
|
48
|
-
if (sanitized !== "/" && sanitized.endsWith("/")) {
|
|
49
|
-
sanitized = sanitized.replace(/\/+$/, "/");
|
|
50
|
-
} else if (sanitized !== "/") {
|
|
51
|
-
sanitized = sanitized.replace(/\/+$/, "");
|
|
52
|
-
}
|
|
53
|
-
return sanitized;
|
|
54
|
-
} catch {
|
|
55
|
-
return url.trim();
|
|
56
|
-
}
|
|
57
|
-
};
|
|
58
|
-
var isValidRelativePath = (path) => {
|
|
59
|
-
if (!path || typeof path !== "string") return false;
|
|
60
|
-
if (!path.startsWith("/") || path.includes("://") || path.includes("\r") || path.includes("\n")) return false;
|
|
61
|
-
if (/[\x00-\x1F\x7F]/.test(path) || path.includes("\0")) return false;
|
|
62
|
-
const sanitized = sanitizeURL(path);
|
|
63
|
-
if (sanitized.includes("..")) return false;
|
|
64
|
-
return true;
|
|
65
|
-
};
|
|
66
|
-
var onErrorHandler = (error) => {
|
|
67
|
-
if (isRouterError(error)) {
|
|
68
|
-
const { message, status, statusText } = error;
|
|
69
|
-
return Response.json({ type: "ROUTER_ERROR", code: "ROUTER_INTERNAL_ERROR", message }, { status, statusText });
|
|
70
|
-
}
|
|
71
|
-
if (isInvalidZodSchemaError(error)) {
|
|
72
|
-
return Response.json({ type: "ROUTER_ERROR", code: "INVALID_REQUEST", message: error.errors }, { status: 422 });
|
|
73
|
-
}
|
|
74
|
-
if (isOAuthProtocolError(error)) {
|
|
75
|
-
const { error: errorCode, message, type, errorURI } = error;
|
|
76
|
-
return Response.json(
|
|
77
|
-
{
|
|
78
|
-
type,
|
|
79
|
-
error: errorCode,
|
|
80
|
-
error_description: message,
|
|
81
|
-
error_uri: errorURI
|
|
82
|
-
},
|
|
83
|
-
{ status: 400 }
|
|
84
|
-
);
|
|
85
|
-
}
|
|
86
|
-
if (isAuthInternalError(error) || isAuthSecurityError(error)) {
|
|
87
|
-
const { type, code, message } = error;
|
|
88
|
-
return Response.json(
|
|
89
|
-
{
|
|
90
|
-
type,
|
|
91
|
-
code,
|
|
92
|
-
message
|
|
93
|
-
},
|
|
94
|
-
{ status: 400 }
|
|
95
|
-
);
|
|
96
|
-
}
|
|
97
|
-
return Response.json({ type: "SERVER_ERROR", code: "server_error", message: "An unexpected error occurred" }, { status: 500 });
|
|
98
|
-
};
|
|
99
|
-
var getNormalizedOriginPath = (path) => {
|
|
100
|
-
try {
|
|
101
|
-
const url = new URL(path);
|
|
102
|
-
url.hash = "";
|
|
103
|
-
url.search = "";
|
|
104
|
-
return `${url.origin}${url.pathname}`;
|
|
105
|
-
} catch {
|
|
106
|
-
return sanitizeURL(path);
|
|
107
|
-
}
|
|
108
|
-
};
|
|
109
|
-
var toISOString = (date) => {
|
|
110
|
-
return new Date(date).toISOString();
|
|
111
|
-
};
|
|
112
|
-
var useSecureCookies = (request, trustedProxyHeaders) => {
|
|
113
|
-
return trustedProxyHeaders ? request.url.startsWith("https://") || request.headers.get("X-Forwarded-Proto") === "https" || (request.headers.get("Forwarded")?.includes("proto=https") ?? false) : request.url.startsWith("https://");
|
|
114
|
-
};
|
|
115
|
-
var formatZodError = (error) => {
|
|
116
|
-
if (!error.issues || error.issues.length === 0) {
|
|
117
|
-
return {};
|
|
118
|
-
}
|
|
119
|
-
return error.issues.reduce((previous, issue) => {
|
|
120
|
-
const key = issue.path.join(".");
|
|
121
|
-
return {
|
|
122
|
-
...previous,
|
|
123
|
-
[key]: {
|
|
124
|
-
code: issue.code,
|
|
125
|
-
message: issue.message
|
|
126
|
-
}
|
|
127
|
-
};
|
|
128
|
-
}, {});
|
|
129
|
-
};
|
|
130
|
-
|
|
131
|
-
export {
|
|
132
|
-
toSnakeCase,
|
|
133
|
-
toUpperCase,
|
|
134
|
-
toCastCase,
|
|
135
|
-
equals,
|
|
136
|
-
sanitizeURL,
|
|
137
|
-
isValidRelativePath,
|
|
138
|
-
onErrorHandler,
|
|
139
|
-
getNormalizedOriginPath,
|
|
140
|
-
toISOString,
|
|
141
|
-
useSecureCookies,
|
|
142
|
-
formatZodError
|
|
143
|
-
};
|
package/dist/chunk-E3OXBRYF.js
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
// src/oauth/spotify.ts
|
|
2
|
-
var spotify = {
|
|
3
|
-
id: "spotify",
|
|
4
|
-
name: "Spotify",
|
|
5
|
-
authorizeURL: "https://accounts.spotify.com/authorize",
|
|
6
|
-
accessToken: "https://accounts.spotify.com/api/token",
|
|
7
|
-
userInfo: "https://api.spotify.com/v1/me",
|
|
8
|
-
scope: "user-read-email user-read-private",
|
|
9
|
-
responseType: "token",
|
|
10
|
-
profile(profile) {
|
|
11
|
-
return {
|
|
12
|
-
sub: profile.id,
|
|
13
|
-
name: profile.display_name,
|
|
14
|
-
email: profile.email,
|
|
15
|
-
image: profile.images?.[0]?.url
|
|
16
|
-
};
|
|
17
|
-
}
|
|
18
|
-
};
|
|
19
|
-
|
|
20
|
-
export {
|
|
21
|
-
spotify
|
|
22
|
-
};
|
package/dist/chunk-EIL2FPSS.js
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
// src/assert.ts
|
|
2
|
-
var isFalsy = (value) => {
|
|
3
|
-
return value === false || value === 0 || value === "" || value === null || value === void 0 || Number.isNaN(value);
|
|
4
|
-
};
|
|
5
|
-
var isRequest = (value) => {
|
|
6
|
-
return typeof Request !== "undefined" && value instanceof Request;
|
|
7
|
-
};
|
|
8
|
-
var isValidURL = (value) => {
|
|
9
|
-
if (value.includes("\r\n") || value.includes("\n") || value.includes("\r")) return false;
|
|
10
|
-
const regex = /^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()*+,;=:@-]*)*\/?$/;
|
|
11
|
-
return regex.test(value);
|
|
12
|
-
};
|
|
13
|
-
var isJWTPayloadWithToken = (payload) => {
|
|
14
|
-
return typeof payload === "object" && payload !== null && "token" in payload && typeof payload?.token === "string";
|
|
15
|
-
};
|
|
16
|
-
|
|
17
|
-
export {
|
|
18
|
-
isFalsy,
|
|
19
|
-
isRequest,
|
|
20
|
-
isValidURL,
|
|
21
|
-
isJWTPayloadWithToken
|
|
22
|
-
};
|
package/dist/chunk-EMKJA2GJ.js
DELETED
|
@@ -1,89 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
x
|
|
3
|
-
} from "./chunk-42XB3YCW.js";
|
|
4
|
-
import {
|
|
5
|
-
figma
|
|
6
|
-
} from "./chunk-FKRDCWBF.js";
|
|
7
|
-
import {
|
|
8
|
-
github
|
|
9
|
-
} from "./chunk-IKHPGFCW.js";
|
|
10
|
-
import {
|
|
11
|
-
gitlab
|
|
12
|
-
} from "./chunk-KRNOMBXQ.js";
|
|
13
|
-
import {
|
|
14
|
-
mailchimp
|
|
15
|
-
} from "./chunk-B737EUJV.js";
|
|
16
|
-
import {
|
|
17
|
-
pinterest
|
|
18
|
-
} from "./chunk-HP34YGGJ.js";
|
|
19
|
-
import {
|
|
20
|
-
spotify
|
|
21
|
-
} from "./chunk-E3OXBRYF.js";
|
|
22
|
-
import {
|
|
23
|
-
strava
|
|
24
|
-
} from "./chunk-6R2YZ4AC.js";
|
|
25
|
-
import {
|
|
26
|
-
bitbucket
|
|
27
|
-
} from "./chunk-FIPU4MLT.js";
|
|
28
|
-
import {
|
|
29
|
-
discord
|
|
30
|
-
} from "./chunk-IUYZQTJV.js";
|
|
31
|
-
import {
|
|
32
|
-
formatZodError
|
|
33
|
-
} from "./chunk-CXLATHS5.js";
|
|
34
|
-
import {
|
|
35
|
-
AuthInternalError
|
|
36
|
-
} from "./chunk-RRLIF4PQ.js";
|
|
37
|
-
import {
|
|
38
|
-
OAuthEnvSchema
|
|
39
|
-
} from "./chunk-YRCB5FLE.js";
|
|
40
|
-
|
|
41
|
-
// src/oauth/index.ts
|
|
42
|
-
var builtInOAuthProviders = {
|
|
43
|
-
github,
|
|
44
|
-
bitbucket,
|
|
45
|
-
figma,
|
|
46
|
-
discord,
|
|
47
|
-
gitlab,
|
|
48
|
-
spotify,
|
|
49
|
-
x,
|
|
50
|
-
strava,
|
|
51
|
-
mailchimp,
|
|
52
|
-
pinterest
|
|
53
|
-
};
|
|
54
|
-
var defineOAuthEnvironment = (oauth) => {
|
|
55
|
-
const env = process.env;
|
|
56
|
-
const clientIdSuffix = `${oauth.toUpperCase()}_CLIENT_ID`;
|
|
57
|
-
const clientSecretSuffix = `${oauth.toUpperCase()}_CLIENT_SECRET`;
|
|
58
|
-
const loadEnvs = OAuthEnvSchema.safeParse({
|
|
59
|
-
clientId: env[`AURA_AUTH_${clientIdSuffix}`] ?? env[`AUTH_${clientIdSuffix}`] ?? env[`${clientIdSuffix}`],
|
|
60
|
-
clientSecret: env[`AURA_AUTH_${clientSecretSuffix}`] ?? env[`AUTH_${clientSecretSuffix}`] ?? env[`${clientSecretSuffix}`]
|
|
61
|
-
});
|
|
62
|
-
if (!loadEnvs.success) {
|
|
63
|
-
const msg = JSON.stringify(formatZodError(loadEnvs.error), null, 2);
|
|
64
|
-
throw new AuthInternalError("INVALID_ENVIRONMENT_CONFIGURATION", msg);
|
|
65
|
-
}
|
|
66
|
-
return loadEnvs.data;
|
|
67
|
-
};
|
|
68
|
-
var defineOAuthProviderConfig = (config) => {
|
|
69
|
-
if (typeof config === "string") {
|
|
70
|
-
const definition = defineOAuthEnvironment(config);
|
|
71
|
-
const oauthConfig = builtInOAuthProviders[config];
|
|
72
|
-
return {
|
|
73
|
-
...oauthConfig,
|
|
74
|
-
...definition
|
|
75
|
-
};
|
|
76
|
-
}
|
|
77
|
-
return config;
|
|
78
|
-
};
|
|
79
|
-
var createBuiltInOAuthProviders = (oauth = []) => {
|
|
80
|
-
return oauth.reduce((previous, config) => {
|
|
81
|
-
const oauthConfig = defineOAuthProviderConfig(config);
|
|
82
|
-
return { ...previous, [oauthConfig.id]: oauthConfig };
|
|
83
|
-
}, {});
|
|
84
|
-
};
|
|
85
|
-
|
|
86
|
-
export {
|
|
87
|
-
builtInOAuthProviders,
|
|
88
|
-
createBuiltInOAuthProviders
|
|
89
|
-
};
|
package/dist/chunk-FIPU4MLT.js
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
// src/oauth/bitbucket.ts
|
|
2
|
-
var bitbucket = {
|
|
3
|
-
id: "bitbucket",
|
|
4
|
-
name: "Bitbucket",
|
|
5
|
-
authorizeURL: "https://bitbucket.org/site/oauth2/authorize",
|
|
6
|
-
accessToken: "https://bitbucket.org/site/oauth2/access_token",
|
|
7
|
-
userInfo: "https://api.bitbucket.org/2.0/user",
|
|
8
|
-
scope: "account email",
|
|
9
|
-
responseType: "code",
|
|
10
|
-
profile(profile) {
|
|
11
|
-
return {
|
|
12
|
-
sub: profile.uuid ?? profile.account_id,
|
|
13
|
-
name: profile.display_name ?? profile.nickname,
|
|
14
|
-
image: profile.links.avatar.href
|
|
15
|
-
};
|
|
16
|
-
}
|
|
17
|
-
};
|
|
18
|
-
|
|
19
|
-
export {
|
|
20
|
-
bitbucket
|
|
21
|
-
};
|
package/dist/chunk-FKRDCWBF.js
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
// src/oauth/figma.ts
|
|
2
|
-
var figma = {
|
|
3
|
-
id: "figma",
|
|
4
|
-
name: "Figma",
|
|
5
|
-
authorizeURL: "https://www.figma.com/oauth",
|
|
6
|
-
accessToken: "https://api.figma.com/v1/oauth/token",
|
|
7
|
-
userInfo: "https://api.figma.com/v1/me",
|
|
8
|
-
scope: "current_user:read",
|
|
9
|
-
responseType: "code",
|
|
10
|
-
profile(profile) {
|
|
11
|
-
return {
|
|
12
|
-
sub: profile.id,
|
|
13
|
-
name: profile.handle,
|
|
14
|
-
email: profile.email,
|
|
15
|
-
image: profile.img_url
|
|
16
|
-
};
|
|
17
|
-
}
|
|
18
|
-
};
|
|
19
|
-
|
|
20
|
-
export {
|
|
21
|
-
figma
|
|
22
|
-
};
|
package/dist/chunk-GA2SMTJO.js
DELETED
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
formatZodError
|
|
3
|
-
} from "./chunk-CXLATHS5.js";
|
|
4
|
-
import {
|
|
5
|
-
AuthInternalError,
|
|
6
|
-
OAuthProtocolError
|
|
7
|
-
} from "./chunk-RRLIF4PQ.js";
|
|
8
|
-
import {
|
|
9
|
-
fetchAsync
|
|
10
|
-
} from "./chunk-ZNCZVF6U.js";
|
|
11
|
-
import {
|
|
12
|
-
OAuthAccessToken,
|
|
13
|
-
OAuthAccessTokenErrorResponse,
|
|
14
|
-
OAuthAccessTokenResponse
|
|
15
|
-
} from "./chunk-YRCB5FLE.js";
|
|
16
|
-
|
|
17
|
-
// src/actions/callback/access-token.ts
|
|
18
|
-
var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier) => {
|
|
19
|
-
const parsed = OAuthAccessToken.safeParse({ ...oauthConfig, redirectURI, code, codeVerifier });
|
|
20
|
-
if (!parsed.success) {
|
|
21
|
-
const msg = JSON.stringify(formatZodError(parsed.error), null, 2);
|
|
22
|
-
throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", msg);
|
|
23
|
-
}
|
|
24
|
-
const { accessToken, clientId, clientSecret, code: codeParsed, redirectURI: redirectParsed } = parsed.data;
|
|
25
|
-
try {
|
|
26
|
-
const response = await fetchAsync(accessToken, {
|
|
27
|
-
method: "POST",
|
|
28
|
-
headers: {
|
|
29
|
-
Accept: "application/json",
|
|
30
|
-
"Content-Type": "application/x-www-form-urlencoded"
|
|
31
|
-
},
|
|
32
|
-
body: new URLSearchParams({
|
|
33
|
-
client_id: clientId,
|
|
34
|
-
client_secret: clientSecret,
|
|
35
|
-
code: codeParsed,
|
|
36
|
-
redirect_uri: redirectParsed,
|
|
37
|
-
grant_type: "authorization_code",
|
|
38
|
-
code_verifier: codeVerifier
|
|
39
|
-
}).toString()
|
|
40
|
-
});
|
|
41
|
-
const json = await response.json();
|
|
42
|
-
const token = OAuthAccessTokenResponse.safeParse(json);
|
|
43
|
-
if (!token.success) {
|
|
44
|
-
const { success, data } = OAuthAccessTokenErrorResponse.safeParse(json);
|
|
45
|
-
if (!success) {
|
|
46
|
-
throw new OAuthProtocolError("INVALID_REQUEST", "Invalid access token response format");
|
|
47
|
-
}
|
|
48
|
-
throw new OAuthProtocolError(data.error, data?.error_description ?? "Failed to retrieve access token");
|
|
49
|
-
}
|
|
50
|
-
return token.data;
|
|
51
|
-
} catch (error) {
|
|
52
|
-
throw error;
|
|
53
|
-
}
|
|
54
|
-
};
|
|
55
|
-
|
|
56
|
-
export {
|
|
57
|
-
createAccessToken
|
|
58
|
-
};
|
package/dist/chunk-HP34YGGJ.js
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
// src/oauth/pinterest.ts
|
|
2
|
-
var pinterest = {
|
|
3
|
-
id: "pinterest",
|
|
4
|
-
name: "Pinterest",
|
|
5
|
-
authorizeURL: "https://api.pinterest.com/oauth/",
|
|
6
|
-
accessToken: "https://api.pinterest.com/v5/oauth/token",
|
|
7
|
-
userInfo: "https://api.pinterest.com/v5/user_account",
|
|
8
|
-
scope: "user_accounts:read",
|
|
9
|
-
responseType: "code",
|
|
10
|
-
profile(profile) {
|
|
11
|
-
return {
|
|
12
|
-
sub: profile.id,
|
|
13
|
-
name: profile.username,
|
|
14
|
-
email: null,
|
|
15
|
-
image: profile.profile_image
|
|
16
|
-
};
|
|
17
|
-
}
|
|
18
|
-
};
|
|
19
|
-
|
|
20
|
-
export {
|
|
21
|
-
pinterest
|
|
22
|
-
};
|
package/dist/chunk-IKHPGFCW.js
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
// src/oauth/github.ts
|
|
2
|
-
var github = {
|
|
3
|
-
id: "github",
|
|
4
|
-
name: "GitHub",
|
|
5
|
-
authorizeURL: "https://github.com/login/oauth/authorize",
|
|
6
|
-
accessToken: "https://github.com/login/oauth/access_token",
|
|
7
|
-
userInfo: "https://api.github.com/user",
|
|
8
|
-
scope: "read:user user:email",
|
|
9
|
-
responseType: "code"
|
|
10
|
-
};
|
|
11
|
-
|
|
12
|
-
export {
|
|
13
|
-
github
|
|
14
|
-
};
|
package/dist/chunk-IUYZQTJV.js
DELETED
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
// src/oauth/discord.ts
|
|
2
|
-
var discord = {
|
|
3
|
-
id: "discord",
|
|
4
|
-
name: "Discord",
|
|
5
|
-
authorizeURL: "https://discord.com/oauth2/authorize",
|
|
6
|
-
accessToken: "https://discord.com/api/oauth2/token",
|
|
7
|
-
userInfo: "https://discord.com/api/users/@me",
|
|
8
|
-
scope: "identify email",
|
|
9
|
-
responseType: "code",
|
|
10
|
-
profile(profile) {
|
|
11
|
-
let image = "";
|
|
12
|
-
if (profile.avatar === null) {
|
|
13
|
-
const index = profile.discriminator === "0" ? (BigInt(profile.id) >> 22n) % 6n : Number(profile.discriminator) % 5;
|
|
14
|
-
image = `https://cdn.discordapp.com/embed/avatars/${index}.png`;
|
|
15
|
-
} else {
|
|
16
|
-
const format = profile.avatar.startsWith("a_") ? "gif" : "png";
|
|
17
|
-
image = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
|
|
18
|
-
}
|
|
19
|
-
return {
|
|
20
|
-
sub: profile.id,
|
|
21
|
-
name: profile.global_name ?? profile.username,
|
|
22
|
-
email: profile.email ?? "",
|
|
23
|
-
image
|
|
24
|
-
};
|
|
25
|
-
}
|
|
26
|
-
};
|
|
27
|
-
|
|
28
|
-
export {
|
|
29
|
-
discord
|
|
30
|
-
};
|
package/dist/chunk-IVET23KF.js
DELETED
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
generateSecure
|
|
3
|
-
} from "./chunk-N2APGLXA.js";
|
|
4
|
-
import {
|
|
5
|
-
OAuthProtocolError,
|
|
6
|
-
isNativeError,
|
|
7
|
-
isOAuthProtocolError
|
|
8
|
-
} from "./chunk-RRLIF4PQ.js";
|
|
9
|
-
import {
|
|
10
|
-
fetchAsync
|
|
11
|
-
} from "./chunk-ZNCZVF6U.js";
|
|
12
|
-
import {
|
|
13
|
-
OAuthErrorResponse
|
|
14
|
-
} from "./chunk-YRCB5FLE.js";
|
|
15
|
-
|
|
16
|
-
// src/actions/callback/userinfo.ts
|
|
17
|
-
var getDefaultUserInfo = (profile) => {
|
|
18
|
-
const sub = generateSecure(16);
|
|
19
|
-
return {
|
|
20
|
-
sub: profile?.id ?? profile?.sub ?? sub,
|
|
21
|
-
email: profile?.email,
|
|
22
|
-
name: profile?.name ?? profile?.username ?? profile?.nickname,
|
|
23
|
-
image: profile?.image ?? profile?.picture
|
|
24
|
-
};
|
|
25
|
-
};
|
|
26
|
-
var getUserInfo = async (oauthConfig, accessToken) => {
|
|
27
|
-
const userinfoEndpoint = oauthConfig.userInfo;
|
|
28
|
-
try {
|
|
29
|
-
const response = await fetchAsync(userinfoEndpoint, {
|
|
30
|
-
method: "GET",
|
|
31
|
-
headers: {
|
|
32
|
-
Accept: "application/json",
|
|
33
|
-
Authorization: `Bearer ${accessToken}`
|
|
34
|
-
}
|
|
35
|
-
});
|
|
36
|
-
const json = await response.json();
|
|
37
|
-
const { success, data } = OAuthErrorResponse.safeParse(json);
|
|
38
|
-
if (success) {
|
|
39
|
-
throw new OAuthProtocolError(
|
|
40
|
-
data.error,
|
|
41
|
-
data?.error_description ?? "An error occurred while fetching user information."
|
|
42
|
-
);
|
|
43
|
-
}
|
|
44
|
-
return oauthConfig?.profile ? oauthConfig.profile(json) : getDefaultUserInfo(json);
|
|
45
|
-
} catch (error) {
|
|
46
|
-
if (isOAuthProtocolError(error)) {
|
|
47
|
-
throw error;
|
|
48
|
-
}
|
|
49
|
-
if (isNativeError(error)) {
|
|
50
|
-
throw new OAuthProtocolError("invalid_request", error.message, "", { cause: error });
|
|
51
|
-
}
|
|
52
|
-
throw new OAuthProtocolError("invalid_request", "Failed to fetch user information.", "", { cause: error });
|
|
53
|
-
}
|
|
54
|
-
};
|
|
55
|
-
|
|
56
|
-
export {
|
|
57
|
-
getUserInfo
|
|
58
|
-
};
|
package/dist/chunk-JVFTCTTE.js
DELETED
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
expiredCookieAttributes,
|
|
3
|
-
getCookie
|
|
4
|
-
} from "./chunk-W6LG7BFW.js";
|
|
5
|
-
import {
|
|
6
|
-
cacheControl
|
|
7
|
-
} from "./chunk-STHEPPUZ.js";
|
|
8
|
-
import {
|
|
9
|
-
toISOString
|
|
10
|
-
} from "./chunk-CXLATHS5.js";
|
|
11
|
-
|
|
12
|
-
// src/actions/session/session.ts
|
|
13
|
-
import { createEndpoint, HeadersBuilder } from "@aura-stack/router";
|
|
14
|
-
var sessionAction = createEndpoint("GET", "/session", async (ctx) => {
|
|
15
|
-
const {
|
|
16
|
-
request,
|
|
17
|
-
context: { jose, cookies }
|
|
18
|
-
} = ctx;
|
|
19
|
-
try {
|
|
20
|
-
const session = getCookie(request, cookies.sessionToken.name);
|
|
21
|
-
const decoded = await jose.decodeJWT(session);
|
|
22
|
-
const { exp, iat, jti, nbf, ...user } = decoded;
|
|
23
|
-
const headers = new Headers(cacheControl);
|
|
24
|
-
return Response.json({ user, expires: toISOString(exp * 1e3) }, { headers });
|
|
25
|
-
} catch (error) {
|
|
26
|
-
const headers = new HeadersBuilder(cacheControl).setCookie(cookies.sessionToken.name, "", expiredCookieAttributes).toHeaders();
|
|
27
|
-
return Response.json({ authenticated: false, message: "Unauthorized" }, { status: 401, headers });
|
|
28
|
-
}
|
|
29
|
-
});
|
|
30
|
-
|
|
31
|
-
export {
|
|
32
|
-
sessionAction
|
|
33
|
-
};
|
package/dist/chunk-KRNOMBXQ.js
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
// src/oauth/gitlab.ts
|
|
2
|
-
var gitlab = {
|
|
3
|
-
id: "gitlab",
|
|
4
|
-
name: "GitLab",
|
|
5
|
-
authorizeURL: "https://gitlab.com/oauth/authorize",
|
|
6
|
-
accessToken: "https://gitlab.com/oauth/token",
|
|
7
|
-
userInfo: "https://gitlab.com/api/v4/user",
|
|
8
|
-
scope: "read_user",
|
|
9
|
-
responseType: "code",
|
|
10
|
-
profile(profile) {
|
|
11
|
-
return {
|
|
12
|
-
sub: profile.id.toString(),
|
|
13
|
-
name: profile.name ?? profile.username,
|
|
14
|
-
email: profile.email,
|
|
15
|
-
avatar: profile.avatar_url
|
|
16
|
-
};
|
|
17
|
-
}
|
|
18
|
-
};
|
|
19
|
-
|
|
20
|
-
export {
|
|
21
|
-
gitlab
|
|
22
|
-
};
|