@aura-stack/auth 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (149) hide show
  1. package/dist/@types/index.d.ts +6 -2
  2. package/dist/@types/router.d.d.ts +6 -2
  3. package/dist/actions/callback/access-token.cjs +103 -59
  4. package/dist/actions/callback/access-token.d.ts +7 -3
  5. package/dist/actions/callback/access-token.js +3 -3
  6. package/dist/actions/callback/callback.cjs +200 -134
  7. package/dist/actions/callback/callback.d.ts +32 -3
  8. package/dist/actions/callback/callback.js +11 -12
  9. package/dist/actions/callback/userinfo.cjs +103 -70
  10. package/dist/actions/callback/userinfo.d.ts +6 -2
  11. package/dist/actions/callback/userinfo.js +7 -8
  12. package/dist/actions/csrfToken/csrfToken.cjs +7 -15
  13. package/dist/actions/csrfToken/csrfToken.d.ts +3 -1
  14. package/dist/actions/csrfToken/csrfToken.js +7 -8
  15. package/dist/actions/index.cjs +502 -295
  16. package/dist/actions/index.d.ts +5 -2
  17. package/dist/actions/index.js +23 -20
  18. package/dist/actions/session/session.cjs +76 -24
  19. package/dist/actions/session/session.d.ts +3 -1
  20. package/dist/actions/session/session.js +6 -4
  21. package/dist/actions/signIn/authorization-url.cjs +288 -0
  22. package/dist/actions/signIn/authorization-url.d.ts +31 -0
  23. package/dist/actions/signIn/authorization-url.js +16 -0
  24. package/dist/actions/signIn/authorization.cjs +91 -132
  25. package/dist/actions/signIn/authorization.d.ts +17 -16
  26. package/dist/actions/signIn/authorization.js +8 -7
  27. package/dist/actions/signIn/signIn.cjs +319 -191
  28. package/dist/actions/signIn/signIn.d.ts +32 -3
  29. package/dist/actions/signIn/signIn.js +10 -9
  30. package/dist/actions/signOut/signOut.cjs +211 -212
  31. package/dist/actions/signOut/signOut.d.ts +9 -1
  32. package/dist/actions/signOut/signOut.js +9 -10
  33. package/dist/api/createApi.cjs +750 -0
  34. package/dist/api/createApi.d.ts +12 -0
  35. package/dist/api/createApi.js +19 -0
  36. package/dist/api/getSession.cjs +141 -0
  37. package/dist/api/getSession.d.ts +16 -0
  38. package/dist/api/getSession.js +10 -0
  39. package/dist/api/signIn.cjs +549 -0
  40. package/dist/api/signIn.d.ts +26 -0
  41. package/dist/api/signIn.js +15 -0
  42. package/dist/api/signOut.cjs +279 -0
  43. package/dist/api/signOut.d.ts +16 -0
  44. package/dist/api/signOut.js +13 -0
  45. package/dist/assert.cjs +42 -9
  46. package/dist/assert.d.ts +8 -4
  47. package/dist/assert.js +5 -5
  48. package/dist/{chunk-KJBAQZX2.js → chunk-2A5B7GWR.js} +44 -11
  49. package/dist/chunk-2GQLSIJ2.js +40 -0
  50. package/dist/chunk-2IR674WX.js +44 -0
  51. package/dist/chunk-3J5TUH2I.js +50 -0
  52. package/dist/chunk-4RWSYUKX.js +98 -0
  53. package/dist/chunk-5X7JZMEF.js +0 -0
  54. package/dist/{chunk-TZB6MUXN.js → chunk-7BE46WWS.js} +21 -11
  55. package/dist/chunk-7YYXFKLR.js +35 -0
  56. package/dist/chunk-C3A37LQC.js +33 -0
  57. package/dist/chunk-CITNGXDA.js +31 -0
  58. package/dist/chunk-CWX724AG.js +78 -0
  59. package/dist/chunk-D2CSIUKP.js +74 -0
  60. package/dist/{chunk-ICAZ4OVS.js → chunk-FPCVZUVG.js} +2 -2
  61. package/dist/{chunk-XGLBNXL4.js → chunk-GNNBM2WJ.js} +17 -9
  62. package/dist/chunk-JOCGX3RP.js +59 -0
  63. package/dist/chunk-KBXWTD6E.js +94 -0
  64. package/dist/{chunk-XUP6KKNG.js → chunk-LATR3NIV.js} +48 -37
  65. package/dist/chunk-LAYPUDQF.js +39 -0
  66. package/dist/chunk-LX3TJ2TJ.js +294 -0
  67. package/dist/{chunk-6MXFPFR3.js → chunk-NHZBQNRR.js} +19 -19
  68. package/dist/{chunk-TM5IPSNF.js → chunk-PDP3PHB3.js} +33 -19
  69. package/dist/chunk-PHYNROD4.js +47 -0
  70. package/dist/chunk-QQEKY4XP.js +29 -0
  71. package/dist/{chunk-VNCNJKS2.js → chunk-U4RK4LKJ.js} +82 -1
  72. package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
  73. package/dist/chunk-UN7X6SU5.js +53 -0
  74. package/dist/chunk-UZQJJD6A.js +100 -0
  75. package/dist/{chunk-NUDITUKX.js → chunk-V6LLEAR4.js} +22 -15
  76. package/dist/{chunk-4MYWAOLG.js → chunk-WHNDRO3N.js} +20 -1
  77. package/dist/{chunk-5W4BRQYG.js → chunk-XY5R3EHH.js} +6 -3
  78. package/dist/client/client.cjs +135 -0
  79. package/dist/client/client.d.ts +85 -0
  80. package/dist/client/client.js +9 -0
  81. package/dist/client/index.cjs +135 -0
  82. package/dist/client/index.d.ts +14 -0
  83. package/dist/client/index.js +10 -0
  84. package/dist/context.cjs +1237 -0
  85. package/dist/context.d.ts +16 -0
  86. package/dist/context.js +28 -0
  87. package/dist/cookie.cjs +33 -2
  88. package/dist/cookie.d.ts +9 -5
  89. package/dist/cookie.js +3 -2
  90. package/dist/createAuth.cjs +2320 -0
  91. package/dist/createAuth.d.ts +12 -0
  92. package/dist/createAuth.js +48 -0
  93. package/dist/env.cjs +24 -2
  94. package/dist/env.d.ts +4 -1
  95. package/dist/env.js +9 -3
  96. package/dist/errors.cjs +17 -0
  97. package/dist/errors.d.ts +13 -3
  98. package/dist/errors.js +5 -1
  99. package/dist/{index-CSyIJmCM.d.ts → index-_aXtxb_s.d.ts} +383 -13
  100. package/dist/index.cjs +2135 -1547
  101. package/dist/index.d.ts +9 -30
  102. package/dist/index.js +46 -119
  103. package/dist/jose.cjs +52 -14
  104. package/dist/jose.d.ts +12 -25
  105. package/dist/jose.js +11 -3
  106. package/dist/logger.cjs +132 -0
  107. package/dist/logger.d.ts +6 -2
  108. package/dist/logger.js +10 -1
  109. package/dist/oauth/atlassian.cjs +57 -0
  110. package/dist/oauth/atlassian.d.ts +12 -0
  111. package/dist/oauth/atlassian.js +6 -0
  112. package/dist/oauth/bitbucket.d.ts +6 -2
  113. package/dist/oauth/discord.d.ts +6 -2
  114. package/dist/oauth/dropbox.cjs +53 -0
  115. package/dist/oauth/dropbox.d.ts +12 -0
  116. package/dist/oauth/dropbox.js +6 -0
  117. package/dist/oauth/figma.d.ts +6 -2
  118. package/dist/oauth/github.d.ts +6 -2
  119. package/dist/oauth/gitlab.d.ts +6 -2
  120. package/dist/oauth/index.cjs +278 -88
  121. package/dist/oauth/index.d.ts +6 -2
  122. package/dist/oauth/index.js +27 -11
  123. package/dist/oauth/mailchimp.d.ts +6 -2
  124. package/dist/oauth/notion.cjs +131 -0
  125. package/dist/oauth/notion.d.ts +12 -0
  126. package/dist/oauth/notion.js +9 -0
  127. package/dist/oauth/pinterest.d.ts +6 -2
  128. package/dist/oauth/spotify.d.ts +6 -2
  129. package/dist/oauth/strava.d.ts +6 -2
  130. package/dist/oauth/twitch.cjs +95 -0
  131. package/dist/oauth/twitch.d.ts +12 -0
  132. package/dist/oauth/twitch.js +7 -0
  133. package/dist/oauth/x.d.ts +6 -2
  134. package/dist/schemas.cjs +84 -51
  135. package/dist/schemas.d.ts +103 -23
  136. package/dist/schemas.js +1 -1
  137. package/dist/secure.cjs +36 -36
  138. package/dist/secure.d.ts +10 -4
  139. package/dist/secure.js +7 -6
  140. package/dist/utils.cjs +109 -3
  141. package/dist/utils.d.ts +15 -4
  142. package/dist/utils.js +11 -4
  143. package/package.json +9 -5
  144. package/dist/chunk-4EKY7655.js +0 -123
  145. package/dist/chunk-7QF22LHP.js +0 -67
  146. package/dist/chunk-ALG3GIV4.js +0 -95
  147. package/dist/chunk-FRJFWTOY.js +0 -70
  148. package/dist/chunk-PHFH2MGS.js +0 -36
  149. package/dist/chunk-QQVSRXGX.js +0 -149
@@ -0,0 +1,29 @@
1
+ // src/oauth/dropbox.ts
2
+ var dropbox = (options) => {
3
+ return {
4
+ id: "dropbox",
5
+ name: "Dropbox",
6
+ authorize: {
7
+ url: "https://www.dropbox.com/oauth2/authorize",
8
+ params: { scope: "account_info.read" }
9
+ },
10
+ accessToken: "https://api.dropboxapi.com/oauth2/token",
11
+ userInfo: {
12
+ method: "POST",
13
+ url: "https://api.dropboxapi.com/2/users/get_current_account"
14
+ },
15
+ profile(profile) {
16
+ return {
17
+ sub: profile.account_id,
18
+ name: profile.name.display_name,
19
+ email: profile.email,
20
+ image: profile.profile_photo_url
21
+ };
22
+ },
23
+ ...options
24
+ };
25
+ };
26
+
27
+ export {
28
+ dropbox
29
+ };
@@ -1,3 +1,11 @@
1
+ import {
2
+ createStructuredData
3
+ } from "./chunk-LX3TJ2TJ.js";
4
+ import {
5
+ getEnv,
6
+ getEnvBoolean
7
+ } from "./chunk-WHNDRO3N.js";
8
+
1
9
  // src/logger.ts
2
10
  var logMessages = {
3
11
  ROUTER_INTERNAL_ERROR: {
@@ -257,11 +265,84 @@ var createLogEntry = (key, overrides) => {
257
265
  const message = logMessages[key];
258
266
  return {
259
267
  ...message,
268
+ timestamp: (/* @__PURE__ */ new Date()).toISOString(),
269
+ hostname: "aura-auth",
270
+ procId: typeof process !== "undefined" && process.pid ? process.pid.toString() : "-",
260
271
  ...overrides
261
272
  };
262
273
  };
274
+ var logLevelToSeverity = {
275
+ debug: ["debug", "info", "notice", "warning", "error", "critical", "alert", "emergency"],
276
+ info: ["info", "notice", "warning", "error", "critical", "alert", "emergency"],
277
+ warn: ["warning", "error", "critical", "alert", "emergency"],
278
+ error: ["error", "critical", "alert", "emergency"]
279
+ };
280
+ var isValidLogLevel = (value) => {
281
+ return value === "debug" || value === "info" || value === "warn" || value === "error";
282
+ };
283
+ var getSeverityLevel = (severity) => {
284
+ const severities = {
285
+ emergency: 0,
286
+ alert: 1,
287
+ critical: 2,
288
+ error: 3,
289
+ warning: 4,
290
+ notice: 5,
291
+ info: 6,
292
+ debug: 7
293
+ };
294
+ return severities[severity] ?? 6;
295
+ };
296
+ var createSyslogMessage = (options) => {
297
+ const { timestamp, hostname, appName = "aura-auth", procId = "-", msgId, structuredData, message } = options;
298
+ const pri = (options.facility ?? 16) * 8 + getSeverityLevel(options.severity);
299
+ const structuredDataStr = createStructuredData(structuredData ?? {});
300
+ return `<${pri}>1 ${timestamp} ${hostname} ${appName} ${procId} ${msgId} ${structuredDataStr} ${message}`;
301
+ };
302
+ var createLogger = (logger) => {
303
+ if (!logger) return void 0;
304
+ const level = logger.level;
305
+ const allowedSeverities = logLevelToSeverity[level] ?? [];
306
+ return {
307
+ level,
308
+ log(key, overrides) {
309
+ const entry = createLogEntry(key, overrides);
310
+ if (!allowedSeverities.includes(entry.severity)) return entry;
311
+ logger.log({
312
+ timestamp: entry.timestamp,
313
+ appName: entry.appName ?? "aura-auth",
314
+ hostname: entry.hostname ?? "aura-auth",
315
+ ...entry
316
+ });
317
+ return entry;
318
+ }
319
+ };
320
+ };
321
+ var createProxyLogger = (config) => {
322
+ const level = getEnv("LOG_LEVEL");
323
+ const debug = getEnvBoolean("DEBUG");
324
+ if (typeof config?.logger === "object") {
325
+ return createLogger({
326
+ log: config.logger?.log || createSyslogMessage,
327
+ level: isValidLogLevel(config.logger?.level) ? config.logger?.level : isValidLogLevel(level) ? level : "error"
328
+ });
329
+ }
330
+ if (debug || config?.logger === true || level) {
331
+ return createLogger({
332
+ level: isValidLogLevel(level) ? level : "debug",
333
+ log: (options) => {
334
+ const message = createSyslogMessage(options);
335
+ console.log(message);
336
+ }
337
+ });
338
+ }
339
+ return void 0;
340
+ };
263
341
 
264
342
  export {
265
343
  logMessages,
266
- createLogEntry
344
+ createLogEntry,
345
+ createSyslogMessage,
346
+ createLogger,
347
+ createProxyLogger
267
348
  };
@@ -31,6 +31,16 @@ var AuthSecurityError = class extends Error {
31
31
  Error.captureStackTrace(this, new.target);
32
32
  }
33
33
  };
34
+ var AuthClientError = class extends Error {
35
+ type = "AUTH_CLIENT_ERROR";
36
+ code;
37
+ constructor(code, message, options) {
38
+ super(message, options);
39
+ this.code = code;
40
+ this.name = new.target.name;
41
+ Error.captureStackTrace(this, new.target);
42
+ }
43
+ };
34
44
  var isNativeError = (error) => {
35
45
  return error instanceof Error;
36
46
  };
@@ -43,13 +53,18 @@ var isAuthInternalError = (error) => {
43
53
  var isAuthSecurityError = (error) => {
44
54
  return error instanceof AuthSecurityError;
45
55
  };
56
+ var isAuthClientError = (error) => {
57
+ return error instanceof AuthClientError;
58
+ };
46
59
 
47
60
  export {
48
61
  OAuthProtocolError,
49
62
  AuthInternalError,
50
63
  AuthSecurityError,
64
+ AuthClientError,
51
65
  isNativeError,
52
66
  isOAuthProtocolError,
53
67
  isAuthInternalError,
54
- isAuthSecurityError
68
+ isAuthSecurityError,
69
+ isAuthClientError
55
70
  };
@@ -0,0 +1,53 @@
1
+ import {
2
+ signIn
3
+ } from "./chunk-JOCGX3RP.js";
4
+
5
+ // src/actions/signIn/signIn.ts
6
+ import { z } from "zod/v4";
7
+ import { createEndpoint, createEndpointConfig } from "@aura-stack/router";
8
+ var signInConfig = (oauth) => {
9
+ return createEndpointConfig("/signIn/:oauth", {
10
+ schemas: {
11
+ params: z.object({
12
+ oauth: z.enum(
13
+ Object.keys(oauth),
14
+ "The OAuth provider is not supported or invalid."
15
+ )
16
+ }),
17
+ searchParams: z.object({
18
+ redirect: z.stringbool().optional().default(true),
19
+ redirectTo: z.string().optional()
20
+ })
21
+ }
22
+ });
23
+ };
24
+ var signInAction = (oauth) => {
25
+ return createEndpoint(
26
+ "GET",
27
+ "/signIn/:oauth",
28
+ async (ctx) => {
29
+ const {
30
+ request,
31
+ params: { oauth: oauth2 },
32
+ searchParams: { redirectTo, redirect },
33
+ context
34
+ } = ctx;
35
+ const signInResult = await signIn(oauth2, {
36
+ ctx: context,
37
+ headers: request.headers,
38
+ redirect,
39
+ redirectTo,
40
+ request
41
+ });
42
+ if (!redirect) {
43
+ return Response.json(signInResult, { status: 200 });
44
+ }
45
+ return signInResult;
46
+ },
47
+ signInConfig(oauth)
48
+ );
49
+ };
50
+
51
+ export {
52
+ signInAction
53
+ };
@@ -0,0 +1,100 @@
1
+ import {
2
+ getEnv
3
+ } from "./chunk-WHNDRO3N.js";
4
+ import {
5
+ AuthInternalError
6
+ } from "./chunk-U5663F2U.js";
7
+
8
+ // src/jose.ts
9
+ import {
10
+ createJWT,
11
+ createJWS,
12
+ createJWE,
13
+ createDeriveKey,
14
+ createSecret
15
+ } from "@aura-stack/jose";
16
+ import { base64url } from "@aura-stack/jose/jose";
17
+ import { encoder, getRandomBytes, getSubtleCrypto } from "@aura-stack/jose/crypto";
18
+ var createJoseInstance = (secret) => {
19
+ secret ??= getEnv("SECRET");
20
+ if (!secret) {
21
+ throw new AuthInternalError(
22
+ "JOSE_INITIALIZATION_FAILED",
23
+ "AURA_AUTH_SECRET environment variable is not set and no secret was provided."
24
+ );
25
+ }
26
+ const salt = getEnv("SALT");
27
+ if (!salt) {
28
+ throw new AuthInternalError(
29
+ "JOSE_INITIALIZATION_FAILED",
30
+ "AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation."
31
+ );
32
+ }
33
+ try {
34
+ createSecret(salt);
35
+ } catch (error) {
36
+ throw new AuthInternalError(
37
+ "INVALID_SALT_SECRET_VALUE",
38
+ "AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.",
39
+ { cause: error }
40
+ );
41
+ }
42
+ const jose = (async () => {
43
+ const derivedSigningKey = await createDeriveKey(secret, salt, "signing");
44
+ const derivedEncryptionKey = await createDeriveKey(secret, salt, "encryption");
45
+ const derivedCsrfTokenKey = await createDeriveKey(secret, salt, "csrfToken");
46
+ return {
47
+ jwt: createJWT({ jws: derivedSigningKey, jwe: derivedEncryptionKey }),
48
+ jws: createJWS(derivedCsrfTokenKey),
49
+ jwe: createJWE(derivedEncryptionKey)
50
+ };
51
+ })();
52
+ jose.catch(() => {
53
+ });
54
+ return {
55
+ decodeJWT: async (token, options) => {
56
+ const { jwt } = await jose;
57
+ return jwt.decodeJWT(token, options);
58
+ },
59
+ encodeJWT: async (payload) => {
60
+ const { jwt } = await jose;
61
+ return jwt.encodeJWT(payload);
62
+ },
63
+ signJWS: async (...args) => {
64
+ const { jws } = await jose;
65
+ return jws.signJWS(...args);
66
+ },
67
+ verifyJWS: async (...args) => {
68
+ const { jws } = await jose;
69
+ return jws.verifyJWS(...args);
70
+ },
71
+ encryptJWE: async (...args) => {
72
+ const { jwe } = await jose;
73
+ return jwe.encryptJWE(...args);
74
+ },
75
+ decryptJWE: async (...args) => {
76
+ const { jwe } = await jose;
77
+ return jwe.decryptJWE(...args);
78
+ }
79
+ };
80
+ };
81
+ var jwtVerificationOptions = {
82
+ algorithms: ["HS256"],
83
+ typ: "JWT"
84
+ };
85
+ var decodeJWTOptions = {
86
+ jws: jwtVerificationOptions,
87
+ jwt: {
88
+ typ: "JWT"
89
+ }
90
+ };
91
+
92
+ export {
93
+ createJoseInstance,
94
+ jwtVerificationOptions,
95
+ decodeJWTOptions,
96
+ base64url,
97
+ encoder,
98
+ getRandomBytes,
99
+ getSubtleCrypto
100
+ };
@@ -1,24 +1,30 @@
1
1
  import {
2
- isJWTPayloadWithToken,
3
- safeEquals
4
- } from "./chunk-4EKY7655.js";
5
- import {
6
- equals
7
- } from "./chunk-QQVSRXGX.js";
8
- import {
2
+ base64url,
3
+ encoder,
4
+ getRandomBytes,
5
+ getSubtleCrypto,
9
6
  jwtVerificationOptions
10
- } from "./chunk-FRJFWTOY.js";
7
+ } from "./chunk-UZQJJD6A.js";
8
+ import {
9
+ equals,
10
+ isJWTPayloadWithToken,
11
+ timingSafeEqual
12
+ } from "./chunk-LX3TJ2TJ.js";
11
13
  import {
12
14
  AuthSecurityError
13
- } from "./chunk-RRLIF4PQ.js";
15
+ } from "./chunk-U5663F2U.js";
14
16
 
15
17
  // src/secure.ts
16
- import crypto from "crypto";
17
18
  var generateSecure = (length = 32) => {
18
- return crypto.randomBytes(length).toString("base64url");
19
+ return base64url.encode(getRandomBytes(length));
20
+ };
21
+ var createSecretValue = (length = 32) => {
22
+ return base64url.encode(getRandomBytes(length));
19
23
  };
20
- var createHash = (data, base = "hex") => {
21
- return crypto.createHash("sha256").update(data).digest().toString(base);
24
+ var createHash = async (data) => {
25
+ const subtle = getSubtleCrypto();
26
+ const digest = await subtle.digest("SHA-256", encoder.encode(data));
27
+ return base64url.encode(new Uint8Array(digest));
22
28
  };
23
29
  var createPKCE = async (verifier) => {
24
30
  const byteLength = verifier ? void 0 : Math.floor(Math.random() * (96 - 32 + 1) + 32);
@@ -26,7 +32,7 @@ var createPKCE = async (verifier) => {
26
32
  if (codeVerifier.length < 43 || codeVerifier.length > 128) {
27
33
  throw new AuthSecurityError("PKCE_VERIFIER_INVALID", "The code verifier must be between 43 and 128 characters in length.");
28
34
  }
29
- const codeChallenge = createHash(codeVerifier, "base64url");
35
+ const codeChallenge = await createHash(codeVerifier);
30
36
  return { codeVerifier, codeChallenge, method: "S256" };
31
37
  };
32
38
  var createCSRF = async (jose, csrfCookie) => {
@@ -55,7 +61,7 @@ var verifyCSRF = async (jose, cookie, header) => {
55
61
  if (!equals(cookiePayload.token.length, headerPayload.token.length)) {
56
62
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
57
63
  }
58
- if (!safeEquals(cookiePayload.token, headerPayload.token)) {
64
+ if (!timingSafeEqual(cookiePayload.token, headerPayload.token)) {
59
65
  throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
60
66
  }
61
67
  return true;
@@ -66,6 +72,7 @@ var verifyCSRF = async (jose, cookie, header) => {
66
72
 
67
73
  export {
68
74
  generateSecure,
75
+ createSecretValue,
69
76
  createHash,
70
77
  createPKCE,
71
78
  createCSRF,
@@ -25,7 +25,26 @@ var env = new Proxy({}, {
25
25
  }
26
26
  }
27
27
  });
28
+ var getEnv = (key) => {
29
+ const keys = [`AURA_AUTH_${key.toUpperCase()}`, `AURA_${key.toUpperCase()}`, `AUTH_${key.toUpperCase()}`, key.toUpperCase()];
30
+ return env[keys.find((k) => env[k]) ?? ""];
31
+ };
32
+ var getEnvBoolean = (key) => {
33
+ const value = getEnv(key);
34
+ if (value === void 0) return false;
35
+ const normalized = value.trim().toLowerCase();
36
+ if (["1", "true", "yes", "on", "debug"].includes(normalized)) return true;
37
+ return false;
38
+ };
39
+ var getEnvArray = (key, defaultValue = []) => {
40
+ const value = getEnv(key);
41
+ if (!value) return defaultValue;
42
+ return value.split(/[,;\n]+/).map((v) => v.trim()).filter(Boolean);
43
+ };
28
44
 
29
45
  export {
30
- env
46
+ env,
47
+ getEnv,
48
+ getEnvBoolean,
49
+ getEnvArray
31
50
  };
@@ -1,6 +1,9 @@
1
+ import {
2
+ env
3
+ } from "./chunk-WHNDRO3N.js";
1
4
  import {
2
5
  AuthInternalError
3
- } from "./chunk-RRLIF4PQ.js";
6
+ } from "./chunk-U5663F2U.js";
4
7
 
5
8
  // src/cookie.ts
6
9
  import { parse, parseSetCookie, serialize } from "@aura-stack/router/cookie";
@@ -41,7 +44,7 @@ var expiredCookieAttributes = {
41
44
  secure: true
42
45
  };
43
46
  var getCookie = (request, cookieName) => {
44
- const cookies = request.headers.get("Cookie");
47
+ const cookies = request instanceof Request ? request.headers.get("Cookie") : request.get("Cookie");
45
48
  if (!cookies) {
46
49
  throw new AuthInternalError("COOKIE_NOT_FOUND", "No cookies found. There is no active session");
47
50
  }
@@ -86,7 +89,7 @@ var defineSecureCookieOptions = (useSecure, attributes, strategy, logger) => {
86
89
  attributes.sameSite = "lax";
87
90
  logger?.log("COOKIE_SAMESITE_NONE_WITHOUT_SECURE");
88
91
  }
89
- if (process.env.NODE_ENV === "production") {
92
+ if (env.NODE_ENV === "production") {
90
93
  logger?.log("COOKIE_INSECURE_IN_PRODUCTION");
91
94
  }
92
95
  if (strategy === "host") {
@@ -0,0 +1,135 @@
1
+ "use strict";
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
6
+ var __export = (target, all) => {
7
+ for (var name in all)
8
+ __defProp(target, name, { get: all[name], enumerable: true });
9
+ };
10
+ var __copyProps = (to, from, except, desc) => {
11
+ if (from && typeof from === "object" || typeof from === "function") {
12
+ for (let key of __getOwnPropNames(from))
13
+ if (!__hasOwnProp.call(to, key) && key !== except)
14
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
+ }
16
+ return to;
17
+ };
18
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
+
20
+ // src/client/client.ts
21
+ var client_exports = {};
22
+ __export(client_exports, {
23
+ createAuthClient: () => createAuthClient,
24
+ createClient: () => createClient
25
+ });
26
+ module.exports = __toCommonJS(client_exports);
27
+
28
+ // src/errors.ts
29
+ var AuthClientError = class extends Error {
30
+ type = "AUTH_CLIENT_ERROR";
31
+ code;
32
+ constructor(code, message, options) {
33
+ super(message, options);
34
+ this.code = code;
35
+ this.name = new.target.name;
36
+ Error.captureStackTrace(this, new.target);
37
+ }
38
+ };
39
+ var isNativeError = (error) => {
40
+ return error instanceof Error;
41
+ };
42
+
43
+ // src/client/client.ts
44
+ var import_router = require("@aura-stack/router");
45
+ var createClient = import_router.createClient;
46
+ var createAuthClient = (options) => {
47
+ if (typeof window === "undefined" && !options.baseURL) {
48
+ throw new AuthClientError("`baseURL` is required when createAuthClient is used outside the browser.");
49
+ }
50
+ const client = createClient({
51
+ cache: "no-store",
52
+ credentials: "include",
53
+ baseURL: options.baseURL ?? window.location.origin,
54
+ ...options
55
+ });
56
+ const getCSRFToken = async () => {
57
+ try {
58
+ const response = await client.get("/csrfToken");
59
+ if (!response.ok) return null;
60
+ const data = await response.json();
61
+ return data.csrfToken;
62
+ } catch (error) {
63
+ console.error("Error fetching CSRF token:", error);
64
+ return null;
65
+ }
66
+ };
67
+ const getSession = async () => {
68
+ try {
69
+ const response = await client.get("/session");
70
+ if (!response.ok) return null;
71
+ const session = await response.json();
72
+ if (!session?.authenticated) return null;
73
+ return session.session;
74
+ } catch (error) {
75
+ console.error("Error fetching session:", error);
76
+ return null;
77
+ }
78
+ };
79
+ const signIn = async (oauth, options2) => {
80
+ try {
81
+ const response = await client.get("/signIn/:oauth", {
82
+ params: {
83
+ oauth
84
+ },
85
+ searchParams: {
86
+ ...options2,
87
+ redirect: false
88
+ }
89
+ });
90
+ const json = await response.json();
91
+ if ((options2?.redirect ?? true) && typeof window !== "undefined" && json?.signInURL) {
92
+ window.location.assign(json.signInURL);
93
+ }
94
+ return json;
95
+ } catch (error) {
96
+ console.error("Error during sign-in:", error);
97
+ return { redirect: false, signInURL: "/" };
98
+ }
99
+ };
100
+ const signOut = async (options2) => {
101
+ try {
102
+ const csrfToken = await getCSRFToken();
103
+ if (!csrfToken) {
104
+ throw new AuthClientError("Failed to fetch CSRF token for sign-out.");
105
+ }
106
+ const response = await client.post("/signOut", {
107
+ searchParams: {
108
+ redirectTo: options2?.redirectTo ?? "/",
109
+ token_type_hint: "session_token"
110
+ },
111
+ headers: {
112
+ "X-CSRF-Token": csrfToken
113
+ }
114
+ });
115
+ const json = await response.json();
116
+ if ((options2?.redirect ?? true) && typeof window !== "undefined" && json?.url) {
117
+ window.location.assign(json.url);
118
+ }
119
+ return json;
120
+ } catch (error) {
121
+ console.error("Error during sign-out:", error);
122
+ throw isNativeError(error) ? error : new AuthClientError("Sign-out failed.", "The sign-out request failed.", { cause: error });
123
+ }
124
+ };
125
+ return {
126
+ getSession,
127
+ signIn,
128
+ signOut
129
+ };
130
+ };
131
+ // Annotate the CommonJS export names for ESM import in node:
132
+ 0 && (module.exports = {
133
+ createAuthClient,
134
+ createClient
135
+ });
@@ -0,0 +1,85 @@
1
+ import { l as AuthClientOptions, m as Session, B as BuiltInOAuthProvider, n as SignInOptions, o as SignOutOptions } from '../index-_aXtxb_s.js';
2
+ import '@aura-stack/router/types';
3
+ import * as zod_v4_core from 'zod/v4/core';
4
+ import * as zod from 'zod';
5
+ import * as _aura_stack_router from '@aura-stack/router';
6
+ import { LiteralUnion } from '../@types/utility.js';
7
+ import '../schemas.js';
8
+ import 'zod/v4';
9
+ import '@aura-stack/jose';
10
+ import '@aura-stack/jose/jose';
11
+ import '@aura-stack/jose/crypto';
12
+ import '@aura-stack/router/cookie';
13
+ import 'jose';
14
+
15
+ declare const createClient: (options: _aura_stack_router.ClientOptions) => _aura_stack_router.Client<[_aura_stack_router.RouteEndpoint<"GET", "/signIn/:oauth", {
16
+ schemas?: {
17
+ params: zod.ZodObject<{
18
+ oauth: zod.ZodEnum<{
19
+ [x: string & Record<never, never>]: string & Record<never, never>;
20
+ github: "github";
21
+ bitbucket: "bitbucket";
22
+ figma: "figma";
23
+ discord: "discord";
24
+ gitlab: "gitlab";
25
+ spotify: "spotify";
26
+ x: "x";
27
+ strava: "strava";
28
+ mailchimp: "mailchimp";
29
+ pinterest: "pinterest";
30
+ twitch: "twitch";
31
+ notion: "notion";
32
+ dropbox: "dropbox";
33
+ atlassian: "atlassian";
34
+ }>;
35
+ }, zod_v4_core.$strip>;
36
+ searchParams: zod.ZodObject<{
37
+ redirect: zod.ZodDefault<zod.ZodOptional<zod.ZodCodec<zod.ZodString, zod.ZodBoolean>>>;
38
+ redirectTo: zod.ZodOptional<zod.ZodString>;
39
+ }, zod_v4_core.$strip>;
40
+ } | undefined;
41
+ }>, _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
42
+ schemas?: {
43
+ params: zod.ZodObject<{
44
+ oauth: zod.ZodEnum<{
45
+ [x: string & Record<never, never>]: string & Record<never, never>;
46
+ github: "github";
47
+ bitbucket: "bitbucket";
48
+ figma: "figma";
49
+ discord: "discord";
50
+ gitlab: "gitlab";
51
+ spotify: "spotify";
52
+ x: "x";
53
+ strava: "strava";
54
+ mailchimp: "mailchimp";
55
+ pinterest: "pinterest";
56
+ twitch: "twitch";
57
+ notion: "notion";
58
+ dropbox: "dropbox";
59
+ atlassian: "atlassian";
60
+ }>;
61
+ }, zod_v4_core.$strip>;
62
+ searchParams: zod.ZodObject<{
63
+ code: zod.ZodString;
64
+ state: zod.ZodString;
65
+ }, zod_v4_core.$strip>;
66
+ } | undefined;
67
+ }>, _aura_stack_router.RouteEndpoint<"GET", "/session", {
68
+ schemas?: _aura_stack_router.EndpointSchemas | undefined;
69
+ }>, _aura_stack_router.RouteEndpoint<"POST", "/signOut", {
70
+ schemas?: {
71
+ searchParams: zod.ZodObject<{
72
+ token_type_hint: zod.ZodLiteral<"session_token">;
73
+ redirectTo: zod.ZodOptional<zod.ZodString>;
74
+ }, zod_v4_core.$strip>;
75
+ } | undefined;
76
+ }>, _aura_stack_router.RouteEndpoint<"GET", "/csrfToken", {
77
+ schemas?: _aura_stack_router.EndpointSchemas | undefined;
78
+ }>]>;
79
+ declare const createAuthClient: (options: AuthClientOptions) => {
80
+ getSession: () => Promise<Session | null>;
81
+ signIn: (oauth: LiteralUnion<BuiltInOAuthProvider>, options?: SignInOptions) => Promise<any>;
82
+ signOut: (options?: SignOutOptions) => Promise<any>;
83
+ };
84
+
85
+ export { createAuthClient, createClient };
@@ -0,0 +1,9 @@
1
+ import {
2
+ createAuthClient,
3
+ createClient
4
+ } from "../chunk-4RWSYUKX.js";
5
+ import "../chunk-U5663F2U.js";
6
+ export {
7
+ createAuthClient,
8
+ createClient
9
+ };