@aura-stack/auth 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +6 -2
- package/dist/@types/router.d.d.ts +6 -2
- package/dist/actions/callback/access-token.cjs +103 -59
- package/dist/actions/callback/access-token.d.ts +7 -3
- package/dist/actions/callback/access-token.js +3 -3
- package/dist/actions/callback/callback.cjs +200 -134
- package/dist/actions/callback/callback.d.ts +32 -3
- package/dist/actions/callback/callback.js +11 -12
- package/dist/actions/callback/userinfo.cjs +103 -70
- package/dist/actions/callback/userinfo.d.ts +6 -2
- package/dist/actions/callback/userinfo.js +7 -8
- package/dist/actions/csrfToken/csrfToken.cjs +7 -15
- package/dist/actions/csrfToken/csrfToken.d.ts +3 -1
- package/dist/actions/csrfToken/csrfToken.js +7 -8
- package/dist/actions/index.cjs +502 -295
- package/dist/actions/index.d.ts +5 -2
- package/dist/actions/index.js +23 -20
- package/dist/actions/session/session.cjs +76 -24
- package/dist/actions/session/session.d.ts +3 -1
- package/dist/actions/session/session.js +6 -4
- package/dist/actions/signIn/authorization-url.cjs +288 -0
- package/dist/actions/signIn/authorization-url.d.ts +31 -0
- package/dist/actions/signIn/authorization-url.js +16 -0
- package/dist/actions/signIn/authorization.cjs +91 -132
- package/dist/actions/signIn/authorization.d.ts +17 -16
- package/dist/actions/signIn/authorization.js +8 -7
- package/dist/actions/signIn/signIn.cjs +319 -191
- package/dist/actions/signIn/signIn.d.ts +32 -3
- package/dist/actions/signIn/signIn.js +10 -9
- package/dist/actions/signOut/signOut.cjs +211 -212
- package/dist/actions/signOut/signOut.d.ts +9 -1
- package/dist/actions/signOut/signOut.js +9 -10
- package/dist/api/createApi.cjs +750 -0
- package/dist/api/createApi.d.ts +12 -0
- package/dist/api/createApi.js +19 -0
- package/dist/api/getSession.cjs +141 -0
- package/dist/api/getSession.d.ts +16 -0
- package/dist/api/getSession.js +10 -0
- package/dist/api/signIn.cjs +549 -0
- package/dist/api/signIn.d.ts +26 -0
- package/dist/api/signIn.js +15 -0
- package/dist/api/signOut.cjs +279 -0
- package/dist/api/signOut.d.ts +16 -0
- package/dist/api/signOut.js +13 -0
- package/dist/assert.cjs +42 -9
- package/dist/assert.d.ts +8 -4
- package/dist/assert.js +5 -5
- package/dist/{chunk-KJBAQZX2.js → chunk-2A5B7GWR.js} +44 -11
- package/dist/chunk-2GQLSIJ2.js +40 -0
- package/dist/chunk-2IR674WX.js +44 -0
- package/dist/chunk-3J5TUH2I.js +50 -0
- package/dist/chunk-4RWSYUKX.js +98 -0
- package/dist/chunk-5X7JZMEF.js +0 -0
- package/dist/{chunk-TZB6MUXN.js → chunk-7BE46WWS.js} +21 -11
- package/dist/chunk-7YYXFKLR.js +35 -0
- package/dist/chunk-C3A37LQC.js +33 -0
- package/dist/chunk-CITNGXDA.js +31 -0
- package/dist/chunk-CWX724AG.js +78 -0
- package/dist/chunk-D2CSIUKP.js +74 -0
- package/dist/{chunk-ICAZ4OVS.js → chunk-FPCVZUVG.js} +2 -2
- package/dist/{chunk-XGLBNXL4.js → chunk-GNNBM2WJ.js} +17 -9
- package/dist/chunk-JOCGX3RP.js +59 -0
- package/dist/chunk-KBXWTD6E.js +94 -0
- package/dist/{chunk-XUP6KKNG.js → chunk-LATR3NIV.js} +48 -37
- package/dist/chunk-LAYPUDQF.js +39 -0
- package/dist/chunk-LX3TJ2TJ.js +294 -0
- package/dist/{chunk-6MXFPFR3.js → chunk-NHZBQNRR.js} +19 -19
- package/dist/{chunk-TM5IPSNF.js → chunk-PDP3PHB3.js} +33 -19
- package/dist/chunk-PHYNROD4.js +47 -0
- package/dist/chunk-QQEKY4XP.js +29 -0
- package/dist/{chunk-VNCNJKS2.js → chunk-U4RK4LKJ.js} +82 -1
- package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
- package/dist/chunk-UN7X6SU5.js +53 -0
- package/dist/chunk-UZQJJD6A.js +100 -0
- package/dist/{chunk-NUDITUKX.js → chunk-V6LLEAR4.js} +22 -15
- package/dist/{chunk-4MYWAOLG.js → chunk-WHNDRO3N.js} +20 -1
- package/dist/{chunk-5W4BRQYG.js → chunk-XY5R3EHH.js} +6 -3
- package/dist/client/client.cjs +135 -0
- package/dist/client/client.d.ts +85 -0
- package/dist/client/client.js +9 -0
- package/dist/client/index.cjs +135 -0
- package/dist/client/index.d.ts +14 -0
- package/dist/client/index.js +10 -0
- package/dist/context.cjs +1237 -0
- package/dist/context.d.ts +16 -0
- package/dist/context.js +28 -0
- package/dist/cookie.cjs +33 -2
- package/dist/cookie.d.ts +9 -5
- package/dist/cookie.js +3 -2
- package/dist/createAuth.cjs +2320 -0
- package/dist/createAuth.d.ts +12 -0
- package/dist/createAuth.js +48 -0
- package/dist/env.cjs +24 -2
- package/dist/env.d.ts +4 -1
- package/dist/env.js +9 -3
- package/dist/errors.cjs +17 -0
- package/dist/errors.d.ts +13 -3
- package/dist/errors.js +5 -1
- package/dist/{index-CSyIJmCM.d.ts → index-_aXtxb_s.d.ts} +383 -13
- package/dist/index.cjs +2135 -1547
- package/dist/index.d.ts +9 -30
- package/dist/index.js +46 -119
- package/dist/jose.cjs +52 -14
- package/dist/jose.d.ts +12 -25
- package/dist/jose.js +11 -3
- package/dist/logger.cjs +132 -0
- package/dist/logger.d.ts +6 -2
- package/dist/logger.js +10 -1
- package/dist/oauth/atlassian.cjs +57 -0
- package/dist/oauth/atlassian.d.ts +12 -0
- package/dist/oauth/atlassian.js +6 -0
- package/dist/oauth/bitbucket.d.ts +6 -2
- package/dist/oauth/discord.d.ts +6 -2
- package/dist/oauth/dropbox.cjs +53 -0
- package/dist/oauth/dropbox.d.ts +12 -0
- package/dist/oauth/dropbox.js +6 -0
- package/dist/oauth/figma.d.ts +6 -2
- package/dist/oauth/github.d.ts +6 -2
- package/dist/oauth/gitlab.d.ts +6 -2
- package/dist/oauth/index.cjs +278 -88
- package/dist/oauth/index.d.ts +6 -2
- package/dist/oauth/index.js +27 -11
- package/dist/oauth/mailchimp.d.ts +6 -2
- package/dist/oauth/notion.cjs +131 -0
- package/dist/oauth/notion.d.ts +12 -0
- package/dist/oauth/notion.js +9 -0
- package/dist/oauth/pinterest.d.ts +6 -2
- package/dist/oauth/spotify.d.ts +6 -2
- package/dist/oauth/strava.d.ts +6 -2
- package/dist/oauth/twitch.cjs +95 -0
- package/dist/oauth/twitch.d.ts +12 -0
- package/dist/oauth/twitch.js +7 -0
- package/dist/oauth/x.d.ts +6 -2
- package/dist/schemas.cjs +84 -51
- package/dist/schemas.d.ts +103 -23
- package/dist/schemas.js +1 -1
- package/dist/secure.cjs +36 -36
- package/dist/secure.d.ts +10 -4
- package/dist/secure.js +7 -6
- package/dist/utils.cjs +109 -3
- package/dist/utils.d.ts +15 -4
- package/dist/utils.js +11 -4
- package/package.json +9 -5
- package/dist/chunk-4EKY7655.js +0 -123
- package/dist/chunk-7QF22LHP.js +0 -67
- package/dist/chunk-ALG3GIV4.js +0 -95
- package/dist/chunk-FRJFWTOY.js +0 -70
- package/dist/chunk-PHFH2MGS.js +0 -36
- package/dist/chunk-QQVSRXGX.js +0 -149
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/actions/callback/callback.ts
|
|
@@ -33,12 +23,9 @@ __export(callback_exports, {
|
|
|
33
23
|
callbackAction: () => callbackAction
|
|
34
24
|
});
|
|
35
25
|
module.exports = __toCommonJS(callback_exports);
|
|
36
|
-
var
|
|
26
|
+
var import_v42 = require("zod/v4");
|
|
37
27
|
var import_router2 = require("@aura-stack/router");
|
|
38
28
|
|
|
39
|
-
// src/secure.ts
|
|
40
|
-
var import_crypto2 = __toESM(require("crypto"), 1);
|
|
41
|
-
|
|
42
29
|
// src/utils.ts
|
|
43
30
|
var import_router = require("@aura-stack/router");
|
|
44
31
|
|
|
@@ -82,14 +69,41 @@ var isOAuthProtocolError = (error) => {
|
|
|
82
69
|
return error instanceof OAuthProtocolError;
|
|
83
70
|
};
|
|
84
71
|
|
|
85
|
-
// src/
|
|
86
|
-
var
|
|
87
|
-
|
|
88
|
-
|
|
72
|
+
// src/env.ts
|
|
73
|
+
var import_meta = {};
|
|
74
|
+
var env = new Proxy({}, {
|
|
75
|
+
get(_, prop) {
|
|
76
|
+
if (typeof prop !== "string") return void 0;
|
|
77
|
+
const hasProperty = (process2) => {
|
|
78
|
+
return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
|
|
79
|
+
};
|
|
80
|
+
try {
|
|
81
|
+
if (typeof process !== "undefined" && hasProperty(process.env)) {
|
|
82
|
+
return process.env[prop];
|
|
83
|
+
}
|
|
84
|
+
if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
|
|
85
|
+
return import_meta.env[prop];
|
|
86
|
+
}
|
|
87
|
+
if (typeof Deno !== "undefined" && Deno.env?.get) {
|
|
88
|
+
return Deno.env.get(prop);
|
|
89
|
+
}
|
|
90
|
+
if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
|
|
91
|
+
return Bun.env[prop];
|
|
92
|
+
}
|
|
93
|
+
const globalValue = globalThis[prop];
|
|
94
|
+
return typeof globalValue === "string" ? globalValue : void 0;
|
|
95
|
+
} catch {
|
|
96
|
+
return void 0;
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
});
|
|
100
|
+
var getEnv = (key) => {
|
|
101
|
+
const keys = [`AURA_AUTH_${key.toUpperCase()}`, `AURA_${key.toUpperCase()}`, `AUTH_${key.toUpperCase()}`, key.toUpperCase()];
|
|
102
|
+
return env[keys.find((k) => env[k]) ?? ""];
|
|
89
103
|
};
|
|
90
104
|
|
|
91
105
|
// src/assert.ts
|
|
92
|
-
var import_crypto = require("crypto");
|
|
106
|
+
var import_crypto = require("@aura-stack/jose/crypto");
|
|
93
107
|
var unsafeChars = [
|
|
94
108
|
"<",
|
|
95
109
|
">",
|
|
@@ -177,46 +191,28 @@ var isTrustedOrigin = (url, trustedOrigins) => {
|
|
|
177
191
|
}
|
|
178
192
|
return false;
|
|
179
193
|
};
|
|
180
|
-
var
|
|
181
|
-
const bufferA =
|
|
182
|
-
const bufferB =
|
|
183
|
-
|
|
184
|
-
|
|
194
|
+
var timingSafeEqual = (a, b) => {
|
|
195
|
+
const bufferA = import_crypto.encoder.encode(a);
|
|
196
|
+
const bufferB = import_crypto.encoder.encode(b);
|
|
197
|
+
const len = Math.max(bufferA.length, bufferB.length);
|
|
198
|
+
let diff = 0;
|
|
199
|
+
for (let i = 0; i < len; i++) {
|
|
200
|
+
diff |= (bufferA[i] ?? 0) ^ (bufferB[i] ?? 0);
|
|
185
201
|
}
|
|
186
|
-
return
|
|
202
|
+
return diff === 0 && bufferA.length === bufferB.length;
|
|
187
203
|
};
|
|
188
204
|
|
|
189
|
-
// src/
|
|
190
|
-
var
|
|
191
|
-
var
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
|
|
196
|
-
};
|
|
197
|
-
try {
|
|
198
|
-
if (typeof process !== "undefined" && hasProperty(process.env)) {
|
|
199
|
-
return process.env[prop];
|
|
200
|
-
}
|
|
201
|
-
if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
|
|
202
|
-
return import_meta.env[prop];
|
|
203
|
-
}
|
|
204
|
-
if (typeof Deno !== "undefined" && Deno.env?.get) {
|
|
205
|
-
return Deno.env.get(prop);
|
|
206
|
-
}
|
|
207
|
-
if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
|
|
208
|
-
return Bun.env[prop];
|
|
209
|
-
}
|
|
210
|
-
const globalValue = globalThis[prop];
|
|
211
|
-
return typeof globalValue === "string" ? globalValue : void 0;
|
|
212
|
-
} catch {
|
|
213
|
-
return void 0;
|
|
214
|
-
}
|
|
215
|
-
}
|
|
216
|
-
});
|
|
205
|
+
// src/utils.ts
|
|
206
|
+
var AURA_AUTH_VERSION = "0.4.0";
|
|
207
|
+
var equals = (a, b) => {
|
|
208
|
+
if (a === null || b === null || a === void 0 || b === void 0) return false;
|
|
209
|
+
return a === b;
|
|
210
|
+
};
|
|
217
211
|
|
|
218
212
|
// src/jose.ts
|
|
219
213
|
var import_jose = require("@aura-stack/jose");
|
|
214
|
+
var import_jose2 = require("@aura-stack/jose/jose");
|
|
215
|
+
var import_crypto2 = require("@aura-stack/jose/crypto");
|
|
220
216
|
var jwtVerificationOptions = {
|
|
221
217
|
algorithms: ["HS256"],
|
|
222
218
|
typ: "JWT"
|
|
@@ -224,7 +220,7 @@ var jwtVerificationOptions = {
|
|
|
224
220
|
|
|
225
221
|
// src/secure.ts
|
|
226
222
|
var generateSecure = (length = 32) => {
|
|
227
|
-
return
|
|
223
|
+
return import_jose2.base64url.encode((0, import_crypto2.getRandomBytes)(length));
|
|
228
224
|
};
|
|
229
225
|
var createCSRF = async (jose, csrfCookie) => {
|
|
230
226
|
try {
|
|
@@ -280,40 +276,73 @@ var fetchAsync = async (url, options2 = {}, timeout = 5e3) => {
|
|
|
280
276
|
};
|
|
281
277
|
|
|
282
278
|
// src/schemas.ts
|
|
283
|
-
var
|
|
284
|
-
var
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
279
|
+
var import_v4 = require("zod/v4");
|
|
280
|
+
var AuthorizeConfigSchema = import_v4.z.union([
|
|
281
|
+
(0, import_v4.string)().url(),
|
|
282
|
+
(0, import_v4.object)({
|
|
283
|
+
url: (0, import_v4.string)().url(),
|
|
284
|
+
params: (0, import_v4.object)({
|
|
285
|
+
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
286
|
+
scope: (0, import_v4.string)().optional()
|
|
287
|
+
})
|
|
288
|
+
})
|
|
289
|
+
]);
|
|
290
|
+
var AccessTokenConfigSchema = import_v4.z.union([
|
|
291
|
+
(0, import_v4.string)().url(),
|
|
292
|
+
(0, import_v4.object)({
|
|
293
|
+
url: (0, import_v4.string)().url(),
|
|
294
|
+
headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional()
|
|
295
|
+
})
|
|
296
|
+
]);
|
|
297
|
+
var UserInfoConfigSchema = import_v4.z.union([
|
|
298
|
+
(0, import_v4.string)().url(),
|
|
299
|
+
(0, import_v4.object)({
|
|
300
|
+
url: (0, import_v4.string)().url(),
|
|
301
|
+
headers: import_v4.z.record((0, import_v4.string)(), (0, import_v4.string)()).optional(),
|
|
302
|
+
method: (0, import_v4.string)().optional()
|
|
303
|
+
})
|
|
304
|
+
]);
|
|
305
|
+
var OAuthProviderCredentialsSchema = (0, import_v4.object)({
|
|
306
|
+
id: (0, import_v4.string)(),
|
|
307
|
+
name: (0, import_v4.string)(),
|
|
308
|
+
authorize: AuthorizeConfigSchema.optional(),
|
|
309
|
+
/** @deprecated */
|
|
310
|
+
authorizeURL: (0, import_v4.string)().url().optional(),
|
|
311
|
+
accessToken: AccessTokenConfigSchema,
|
|
312
|
+
/** @deprecated */
|
|
313
|
+
scope: (0, import_v4.string)().optional(),
|
|
314
|
+
userInfo: UserInfoConfigSchema,
|
|
315
|
+
/** @deprecated */
|
|
316
|
+
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
317
|
+
clientId: (0, import_v4.string)(),
|
|
318
|
+
clientSecret: (0, import_v4.string)(),
|
|
319
|
+
profile: import_v4.z.function().optional()
|
|
295
320
|
});
|
|
296
|
-
var OAuthProviderConfigSchema = (0,
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
321
|
+
var OAuthProviderConfigSchema = (0, import_v4.object)({
|
|
322
|
+
authorize: AuthorizeConfigSchema.optional(),
|
|
323
|
+
/** @deprecated */
|
|
324
|
+
authorizeURL: (0, import_v4.string)().url().optional(),
|
|
325
|
+
accessToken: AccessTokenConfigSchema,
|
|
326
|
+
/** @deprecated */
|
|
327
|
+
scope: (0, import_v4.string)().optional(),
|
|
328
|
+
userInfo: UserInfoConfigSchema,
|
|
329
|
+
/** @deprecated */
|
|
330
|
+
responseType: (0, import_v4.enum)(["code", "token", "id_token", "refresh_token"]).optional(),
|
|
331
|
+
clientId: (0, import_v4.string)(),
|
|
332
|
+
clientSecret: (0, import_v4.string)()
|
|
304
333
|
});
|
|
305
334
|
var OAuthAuthorization = OAuthProviderConfigSchema.extend({
|
|
306
|
-
redirectURI: (0,
|
|
307
|
-
state: (0,
|
|
308
|
-
codeChallenge: (0,
|
|
309
|
-
codeChallengeMethod: (0,
|
|
335
|
+
redirectURI: (0, import_v4.string)(),
|
|
336
|
+
state: (0, import_v4.string)(),
|
|
337
|
+
codeChallenge: (0, import_v4.string)(),
|
|
338
|
+
codeChallengeMethod: (0, import_v4.enum)(["plain", "S256"])
|
|
310
339
|
});
|
|
311
|
-
var OAuthAuthorizationResponse = (0,
|
|
312
|
-
state: (0,
|
|
313
|
-
code: (0,
|
|
340
|
+
var OAuthAuthorizationResponse = (0, import_v4.object)({
|
|
341
|
+
state: (0, import_v4.string)({ message: "Missing state parameter in the OAuth authorization response." }),
|
|
342
|
+
code: (0, import_v4.string)({ message: "Missing code parameter in the OAuth authorization response." })
|
|
314
343
|
});
|
|
315
|
-
var OAuthAuthorizationErrorResponse = (0,
|
|
316
|
-
error: (0,
|
|
344
|
+
var OAuthAuthorizationErrorResponse = (0, import_v4.object)({
|
|
345
|
+
error: (0, import_v4.enum)([
|
|
317
346
|
"invalid_request",
|
|
318
347
|
"unauthorized_client",
|
|
319
348
|
"access_denied",
|
|
@@ -322,24 +351,24 @@ var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
|
|
|
322
351
|
"server_error",
|
|
323
352
|
"temporarily_unavailable"
|
|
324
353
|
]),
|
|
325
|
-
error_description: (0,
|
|
326
|
-
error_uri: (0,
|
|
327
|
-
state: (0,
|
|
354
|
+
error_description: (0, import_v4.string)().optional(),
|
|
355
|
+
error_uri: (0, import_v4.string)().optional(),
|
|
356
|
+
state: (0, import_v4.string)()
|
|
328
357
|
});
|
|
329
358
|
var OAuthAccessToken = OAuthProviderConfigSchema.extend({
|
|
330
|
-
redirectURI: (0,
|
|
331
|
-
code: (0,
|
|
332
|
-
codeVerifier: (0,
|
|
359
|
+
redirectURI: (0, import_v4.string)(),
|
|
360
|
+
code: (0, import_v4.string)(),
|
|
361
|
+
codeVerifier: (0, import_v4.string)().min(43).max(128)
|
|
333
362
|
});
|
|
334
|
-
var OAuthAccessTokenResponse = (0,
|
|
335
|
-
access_token: (0,
|
|
336
|
-
token_type: (0,
|
|
337
|
-
expires_in: (0,
|
|
338
|
-
refresh_token: (0,
|
|
339
|
-
scope: (0,
|
|
363
|
+
var OAuthAccessTokenResponse = (0, import_v4.object)({
|
|
364
|
+
access_token: (0, import_v4.string)(),
|
|
365
|
+
token_type: (0, import_v4.string)().optional(),
|
|
366
|
+
expires_in: (0, import_v4.number)().optional(),
|
|
367
|
+
refresh_token: (0, import_v4.string)().optional(),
|
|
368
|
+
scope: (0, import_v4.union)([(0, import_v4.string)().optional().or((0, import_v4.null)()), (0, import_v4.array)((0, import_v4.string)()).optional()])
|
|
340
369
|
});
|
|
341
|
-
var OAuthAccessTokenErrorResponse = (0,
|
|
342
|
-
error: (0,
|
|
370
|
+
var OAuthAccessTokenErrorResponse = (0, import_v4.object)({
|
|
371
|
+
error: (0, import_v4.enum)([
|
|
343
372
|
"invalid_request",
|
|
344
373
|
"invalid_client",
|
|
345
374
|
"invalid_grant",
|
|
@@ -347,16 +376,16 @@ var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
|
|
|
347
376
|
"unsupported_grant_type",
|
|
348
377
|
"invalid_scope"
|
|
349
378
|
]),
|
|
350
|
-
error_description: (0,
|
|
351
|
-
error_uri: (0,
|
|
379
|
+
error_description: (0, import_v4.string)().optional(),
|
|
380
|
+
error_uri: (0, import_v4.string)().optional()
|
|
352
381
|
});
|
|
353
|
-
var OAuthErrorResponse = (0,
|
|
354
|
-
error: (0,
|
|
355
|
-
error_description: (0,
|
|
382
|
+
var OAuthErrorResponse = (0, import_v4.object)({
|
|
383
|
+
error: (0, import_v4.string)(),
|
|
384
|
+
error_description: (0, import_v4.string)().optional()
|
|
356
385
|
});
|
|
357
|
-
var OAuthEnvSchema = (0,
|
|
358
|
-
clientId:
|
|
359
|
-
clientSecret:
|
|
386
|
+
var OAuthEnvSchema = (0, import_v4.object)({
|
|
387
|
+
clientId: import_v4.z.string().min(1, "OAuth Client ID is required in the environment variables."),
|
|
388
|
+
clientSecret: import_v4.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
|
|
360
389
|
});
|
|
361
390
|
|
|
362
391
|
// src/actions/callback/userinfo.ts
|
|
@@ -370,18 +399,23 @@ var getDefaultUserInfo = (profile) => {
|
|
|
370
399
|
};
|
|
371
400
|
};
|
|
372
401
|
var getUserInfo = async (oauthConfig, accessToken, logger) => {
|
|
373
|
-
const
|
|
402
|
+
const userInfoConfig = oauthConfig.userInfo;
|
|
403
|
+
const userinfoURL = typeof userInfoConfig === "string" ? userInfoConfig : userInfoConfig.url;
|
|
404
|
+
const extraHeaders = typeof userInfoConfig === "string" ? void 0 : userInfoConfig.headers;
|
|
405
|
+
const method = typeof userInfoConfig === "string" ? "GET" : (userInfoConfig.method ?? "GET").toUpperCase();
|
|
374
406
|
try {
|
|
375
407
|
logger?.log("OAUTH_USERINFO_REQUEST_INITIATED", {
|
|
376
408
|
structuredData: {
|
|
377
|
-
endpoint:
|
|
409
|
+
endpoint: userinfoURL
|
|
378
410
|
}
|
|
379
411
|
});
|
|
380
|
-
const response = await fetchAsync(
|
|
381
|
-
method
|
|
412
|
+
const response = await fetchAsync(userinfoURL, {
|
|
413
|
+
method,
|
|
382
414
|
headers: {
|
|
415
|
+
"User-Agent": `Aura Auth/${AURA_AUTH_VERSION}`,
|
|
383
416
|
Accept: "application/json",
|
|
384
|
-
Authorization: `Bearer ${accessToken}
|
|
417
|
+
Authorization: `Bearer ${accessToken}`,
|
|
418
|
+
...extraHeaders ?? {}
|
|
385
419
|
}
|
|
386
420
|
});
|
|
387
421
|
if (!response.ok) {
|
|
@@ -422,16 +456,37 @@ var getTrustedOrigins = async (request, trustedOrigins) => {
|
|
|
422
456
|
const raw = typeof trustedOrigins === "function" ? await trustedOrigins(request) : trustedOrigins;
|
|
423
457
|
return Array.isArray(raw) ? raw : typeof raw === "string" ? [raw] : [];
|
|
424
458
|
};
|
|
459
|
+
var getBaseURL = async ({
|
|
460
|
+
ctx,
|
|
461
|
+
request,
|
|
462
|
+
headers: headersInit
|
|
463
|
+
}) => {
|
|
464
|
+
const origin = getEnv("BASE_URL") || ctx?.baseURL;
|
|
465
|
+
if (origin && origin !== "/") return origin;
|
|
466
|
+
if (ctx?.trustedProxyHeaders) {
|
|
467
|
+
const headers = headersInit && new Headers(headersInit) || request?.headers;
|
|
468
|
+
const protocol = headers?.get("Forwarded")?.match(/proto=([^;]+)/i)?.[1] ?? headers?.get("X-Forwarded-Proto") ?? "http";
|
|
469
|
+
const host = headers?.get("Host") ?? headers?.get("Forwarded")?.match(/host=([^;]+)/i)?.[1] ?? headers?.get("X-Forwarded-Host") ?? null;
|
|
470
|
+
if (host) return `${protocol}://${host}`;
|
|
471
|
+
throw new AuthInternalError(
|
|
472
|
+
"INVALID_OAUTH_CONFIGURATION",
|
|
473
|
+
"The URL cannot be constructed. Please set the BASE_URL environment variable or provide trusted proxy host headers."
|
|
474
|
+
);
|
|
475
|
+
}
|
|
476
|
+
try {
|
|
477
|
+
return new URL(request?.url ?? "not-found").origin;
|
|
478
|
+
} catch (error) {
|
|
479
|
+
throw new AuthInternalError(
|
|
480
|
+
"INVALID_OAUTH_CONFIGURATION",
|
|
481
|
+
"The URL cannot be constructed. Please set the BASE_URL environment variable or enable trustedProxyHeaders.",
|
|
482
|
+
{ cause: error }
|
|
483
|
+
);
|
|
484
|
+
}
|
|
485
|
+
};
|
|
425
486
|
var getOriginURL = async (request, context) => {
|
|
426
|
-
const headers = request.headers;
|
|
427
|
-
let origin = new URL(request.url).origin;
|
|
428
487
|
const trustedOrigins = await getTrustedOrigins(request, context?.trustedOrigins);
|
|
429
|
-
trustedOrigins.push(origin);
|
|
430
|
-
|
|
431
|
-
const protocol = headers.get("Forwarded")?.match(/proto=([^;]+)/i)?.[1] ?? headers.get("X-Forwarded-Proto") ?? "http";
|
|
432
|
-
const host = headers.get("Host") ?? headers.get("Forwarded")?.match(/host=([^;]+)/i)?.[1] ?? headers.get("X-Forwarded-Host") ?? null;
|
|
433
|
-
origin = `${protocol}://${host}`;
|
|
434
|
-
}
|
|
488
|
+
trustedOrigins.push(new URL(request.url).origin);
|
|
489
|
+
const origin = await getBaseURL({ request, ctx: context });
|
|
435
490
|
if (!isTrustedOrigin(origin, trustedOrigins)) {
|
|
436
491
|
context?.logger?.log("UNTRUSTED_ORIGIN", { structuredData: { origin } });
|
|
437
492
|
throw new AuthInternalError("UNTRUSTED_ORIGIN", "The constructed origin URL is not trusted.");
|
|
@@ -441,31 +496,42 @@ var getOriginURL = async (request, context) => {
|
|
|
441
496
|
|
|
442
497
|
// src/actions/callback/access-token.ts
|
|
443
498
|
var createAccessToken = async (oauthConfig, redirectURI, code, codeVerifier, logger) => {
|
|
444
|
-
const
|
|
445
|
-
if (!
|
|
446
|
-
logger?.log("INVALID_OAUTH_CONFIGURATION"
|
|
499
|
+
const { accessToken, clientId, clientSecret } = oauthConfig;
|
|
500
|
+
if (!clientId || !clientSecret || !redirectURI || !code || !codeVerifier || !accessToken) {
|
|
501
|
+
logger?.log("INVALID_OAUTH_CONFIGURATION", {
|
|
502
|
+
structuredData: {
|
|
503
|
+
has_client_id: Boolean(clientId),
|
|
504
|
+
has_client_secret: Boolean(clientSecret),
|
|
505
|
+
has_access_token: Boolean(accessToken),
|
|
506
|
+
has_redirect_uri: Boolean(redirectURI),
|
|
507
|
+
has_code: Boolean(code),
|
|
508
|
+
has_code_verifier: Boolean(codeVerifier)
|
|
509
|
+
}
|
|
510
|
+
});
|
|
447
511
|
throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", "The OAuth provider configuration is invalid.");
|
|
448
512
|
}
|
|
449
|
-
const
|
|
513
|
+
const tokenURL = typeof accessToken === "string" ? accessToken : accessToken.url;
|
|
514
|
+
const extraHeaders = typeof accessToken === "string" ? void 0 : accessToken.headers;
|
|
450
515
|
try {
|
|
451
516
|
logger?.log("OAUTH_ACCESS_TOKEN_REQUEST_INITIATED", {
|
|
452
517
|
structuredData: {
|
|
453
518
|
has_client_id: Boolean(clientId),
|
|
454
|
-
redirect_uri:
|
|
519
|
+
redirect_uri: redirectURI,
|
|
455
520
|
grant_type: "authorization_code"
|
|
456
521
|
}
|
|
457
522
|
});
|
|
458
|
-
const response = await fetchAsync(
|
|
523
|
+
const response = await fetchAsync(tokenURL, {
|
|
459
524
|
method: "POST",
|
|
460
525
|
headers: {
|
|
526
|
+
...extraHeaders ?? {},
|
|
461
527
|
Accept: "application/json",
|
|
462
528
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
463
529
|
},
|
|
464
530
|
body: new URLSearchParams({
|
|
465
531
|
client_id: clientId,
|
|
466
532
|
client_secret: clientSecret,
|
|
467
|
-
code
|
|
468
|
-
redirect_uri:
|
|
533
|
+
code,
|
|
534
|
+
redirect_uri: redirectURI,
|
|
469
535
|
grant_type: "authorization_code",
|
|
470
536
|
code_verifier: codeVerifier
|
|
471
537
|
}).toString()
|
|
@@ -522,7 +588,7 @@ var expiredCookieAttributes = {
|
|
|
522
588
|
secure: true
|
|
523
589
|
};
|
|
524
590
|
var getCookie = (request, cookieName) => {
|
|
525
|
-
const cookies = request.headers.get("Cookie");
|
|
591
|
+
const cookies = request instanceof Request ? request.headers.get("Cookie") : request.get("Cookie");
|
|
526
592
|
if (!cookies) {
|
|
527
593
|
throw new AuthInternalError("COOKIE_NOT_FOUND", "No cookies found. There is no active session");
|
|
528
594
|
}
|
|
@@ -545,18 +611,18 @@ var createSessionCookie = async (jose, session) => {
|
|
|
545
611
|
var callbackConfig = (oauth) => {
|
|
546
612
|
return (0, import_router2.createEndpointConfig)("/callback/:oauth", {
|
|
547
613
|
schemas: {
|
|
548
|
-
params:
|
|
549
|
-
oauth:
|
|
614
|
+
params: import_v42.z.object({
|
|
615
|
+
oauth: import_v42.z.enum(
|
|
550
616
|
Object.keys(oauth),
|
|
551
617
|
"The OAuth provider is not supported or invalid."
|
|
552
618
|
)
|
|
553
619
|
}),
|
|
554
|
-
searchParams:
|
|
555
|
-
code:
|
|
556
|
-
state:
|
|
620
|
+
searchParams: import_v42.z.object({
|
|
621
|
+
code: import_v42.z.string("Missing code parameter in the OAuth authorization response."),
|
|
622
|
+
state: import_v42.z.string("Missing state parameter in the OAuth authorization response.")
|
|
557
623
|
})
|
|
558
624
|
},
|
|
559
|
-
|
|
625
|
+
use: [
|
|
560
626
|
(ctx) => {
|
|
561
627
|
const {
|
|
562
628
|
searchParams,
|
|
@@ -598,7 +664,7 @@ var callbackAction = (oauth) => {
|
|
|
598
664
|
const codeVerifier = getCookie(request, cookies.codeVerifier.name);
|
|
599
665
|
const cookieRedirectTo = getCookie(request, cookies.redirectTo.name);
|
|
600
666
|
const cookieRedirectURI = getCookie(request, cookies.redirectURI.name);
|
|
601
|
-
if (!
|
|
667
|
+
if (!timingSafeEqual(cookieState, state)) {
|
|
602
668
|
logger?.log("MISMATCHING_STATE", {
|
|
603
669
|
structuredData: {
|
|
604
670
|
oauth_provider: oauth2
|
|
@@ -1,13 +1,42 @@
|
|
|
1
1
|
import * as _aura_stack_router from '@aura-stack/router';
|
|
2
|
-
import {
|
|
2
|
+
import { z } from 'zod/v4';
|
|
3
|
+
import { O as OAuthProviderRecord } from '../../index-_aXtxb_s.js';
|
|
3
4
|
import 'zod';
|
|
4
5
|
import '../../schemas.js';
|
|
5
|
-
import '../../jose.js';
|
|
6
6
|
import '@aura-stack/jose';
|
|
7
7
|
import '@aura-stack/jose/jose';
|
|
8
|
+
import '@aura-stack/jose/crypto';
|
|
8
9
|
import '@aura-stack/router/cookie';
|
|
9
10
|
import '../../@types/utility.js';
|
|
11
|
+
import 'jose';
|
|
12
|
+
import 'zod/v4/core';
|
|
10
13
|
|
|
11
|
-
declare const callbackAction: (oauth: OAuthProviderRecord) => _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
|
|
14
|
+
declare const callbackAction: (oauth: OAuthProviderRecord) => _aura_stack_router.RouteEndpoint<"GET", "/callback/:oauth", {
|
|
15
|
+
schemas?: {
|
|
16
|
+
params: z.ZodObject<{
|
|
17
|
+
oauth: z.ZodEnum<{
|
|
18
|
+
[x: string & Record<never, never>]: string & Record<never, never>;
|
|
19
|
+
github: "github";
|
|
20
|
+
bitbucket: "bitbucket";
|
|
21
|
+
figma: "figma";
|
|
22
|
+
discord: "discord";
|
|
23
|
+
gitlab: "gitlab";
|
|
24
|
+
spotify: "spotify";
|
|
25
|
+
x: "x";
|
|
26
|
+
strava: "strava";
|
|
27
|
+
mailchimp: "mailchimp";
|
|
28
|
+
pinterest: "pinterest";
|
|
29
|
+
twitch: "twitch";
|
|
30
|
+
notion: "notion";
|
|
31
|
+
dropbox: "dropbox";
|
|
32
|
+
atlassian: "atlassian";
|
|
33
|
+
}>;
|
|
34
|
+
}, z.core.$strip>;
|
|
35
|
+
searchParams: z.ZodObject<{
|
|
36
|
+
code: z.ZodString;
|
|
37
|
+
state: z.ZodString;
|
|
38
|
+
}, z.core.$strip>;
|
|
39
|
+
} | undefined;
|
|
40
|
+
}>;
|
|
12
41
|
|
|
13
42
|
export { callbackAction };
|
|
@@ -1,19 +1,18 @@
|
|
|
1
1
|
import {
|
|
2
2
|
callbackAction
|
|
3
|
-
} from "../../chunk-
|
|
4
|
-
import "../../chunk-
|
|
5
|
-
import "../../chunk-
|
|
6
|
-
import "../../chunk-
|
|
3
|
+
} from "../../chunk-NHZBQNRR.js";
|
|
4
|
+
import "../../chunk-GNNBM2WJ.js";
|
|
5
|
+
import "../../chunk-7BE46WWS.js";
|
|
6
|
+
import "../../chunk-LATR3NIV.js";
|
|
7
7
|
import "../../chunk-ZNCZVF6U.js";
|
|
8
|
-
import "../../chunk-
|
|
9
|
-
import "../../chunk-
|
|
10
|
-
import "../../chunk-
|
|
11
|
-
import "../../chunk-
|
|
12
|
-
import "../../chunk-
|
|
8
|
+
import "../../chunk-V6LLEAR4.js";
|
|
9
|
+
import "../../chunk-2A5B7GWR.js";
|
|
10
|
+
import "../../chunk-UZQJJD6A.js";
|
|
11
|
+
import "../../chunk-LX3TJ2TJ.js";
|
|
12
|
+
import "../../chunk-XY5R3EHH.js";
|
|
13
|
+
import "../../chunk-WHNDRO3N.js";
|
|
14
|
+
import "../../chunk-U5663F2U.js";
|
|
13
15
|
import "../../chunk-EBAMFRB7.js";
|
|
14
|
-
import "../../chunk-FRJFWTOY.js";
|
|
15
|
-
import "../../chunk-4MYWAOLG.js";
|
|
16
|
-
import "../../chunk-RRLIF4PQ.js";
|
|
17
16
|
export {
|
|
18
17
|
callbackAction
|
|
19
18
|
};
|