@aura-stack/auth 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +6 -2
- package/dist/@types/router.d.d.ts +6 -2
- package/dist/actions/callback/access-token.cjs +103 -59
- package/dist/actions/callback/access-token.d.ts +7 -3
- package/dist/actions/callback/access-token.js +3 -3
- package/dist/actions/callback/callback.cjs +200 -134
- package/dist/actions/callback/callback.d.ts +32 -3
- package/dist/actions/callback/callback.js +11 -12
- package/dist/actions/callback/userinfo.cjs +103 -70
- package/dist/actions/callback/userinfo.d.ts +6 -2
- package/dist/actions/callback/userinfo.js +7 -8
- package/dist/actions/csrfToken/csrfToken.cjs +7 -15
- package/dist/actions/csrfToken/csrfToken.d.ts +3 -1
- package/dist/actions/csrfToken/csrfToken.js +7 -8
- package/dist/actions/index.cjs +502 -295
- package/dist/actions/index.d.ts +5 -2
- package/dist/actions/index.js +23 -20
- package/dist/actions/session/session.cjs +76 -24
- package/dist/actions/session/session.d.ts +3 -1
- package/dist/actions/session/session.js +6 -4
- package/dist/actions/signIn/authorization-url.cjs +288 -0
- package/dist/actions/signIn/authorization-url.d.ts +31 -0
- package/dist/actions/signIn/authorization-url.js +16 -0
- package/dist/actions/signIn/authorization.cjs +91 -132
- package/dist/actions/signIn/authorization.d.ts +17 -16
- package/dist/actions/signIn/authorization.js +8 -7
- package/dist/actions/signIn/signIn.cjs +319 -191
- package/dist/actions/signIn/signIn.d.ts +32 -3
- package/dist/actions/signIn/signIn.js +10 -9
- package/dist/actions/signOut/signOut.cjs +211 -212
- package/dist/actions/signOut/signOut.d.ts +9 -1
- package/dist/actions/signOut/signOut.js +9 -10
- package/dist/api/createApi.cjs +750 -0
- package/dist/api/createApi.d.ts +12 -0
- package/dist/api/createApi.js +19 -0
- package/dist/api/getSession.cjs +141 -0
- package/dist/api/getSession.d.ts +16 -0
- package/dist/api/getSession.js +10 -0
- package/dist/api/signIn.cjs +549 -0
- package/dist/api/signIn.d.ts +26 -0
- package/dist/api/signIn.js +15 -0
- package/dist/api/signOut.cjs +279 -0
- package/dist/api/signOut.d.ts +16 -0
- package/dist/api/signOut.js +13 -0
- package/dist/assert.cjs +42 -9
- package/dist/assert.d.ts +8 -4
- package/dist/assert.js +5 -5
- package/dist/{chunk-KJBAQZX2.js → chunk-2A5B7GWR.js} +44 -11
- package/dist/chunk-2GQLSIJ2.js +40 -0
- package/dist/chunk-2IR674WX.js +44 -0
- package/dist/chunk-3J5TUH2I.js +50 -0
- package/dist/chunk-4RWSYUKX.js +98 -0
- package/dist/chunk-5X7JZMEF.js +0 -0
- package/dist/{chunk-TZB6MUXN.js → chunk-7BE46WWS.js} +21 -11
- package/dist/chunk-7YYXFKLR.js +35 -0
- package/dist/chunk-C3A37LQC.js +33 -0
- package/dist/chunk-CITNGXDA.js +31 -0
- package/dist/chunk-CWX724AG.js +78 -0
- package/dist/chunk-D2CSIUKP.js +74 -0
- package/dist/{chunk-ICAZ4OVS.js → chunk-FPCVZUVG.js} +2 -2
- package/dist/{chunk-XGLBNXL4.js → chunk-GNNBM2WJ.js} +17 -9
- package/dist/chunk-JOCGX3RP.js +59 -0
- package/dist/chunk-KBXWTD6E.js +94 -0
- package/dist/{chunk-XUP6KKNG.js → chunk-LATR3NIV.js} +48 -37
- package/dist/chunk-LAYPUDQF.js +39 -0
- package/dist/chunk-LX3TJ2TJ.js +294 -0
- package/dist/{chunk-6MXFPFR3.js → chunk-NHZBQNRR.js} +19 -19
- package/dist/{chunk-TM5IPSNF.js → chunk-PDP3PHB3.js} +33 -19
- package/dist/chunk-PHYNROD4.js +47 -0
- package/dist/chunk-QQEKY4XP.js +29 -0
- package/dist/{chunk-VNCNJKS2.js → chunk-U4RK4LKJ.js} +82 -1
- package/dist/{chunk-RRLIF4PQ.js → chunk-U5663F2U.js} +16 -1
- package/dist/chunk-UN7X6SU5.js +53 -0
- package/dist/chunk-UZQJJD6A.js +100 -0
- package/dist/{chunk-NUDITUKX.js → chunk-V6LLEAR4.js} +22 -15
- package/dist/{chunk-4MYWAOLG.js → chunk-WHNDRO3N.js} +20 -1
- package/dist/{chunk-5W4BRQYG.js → chunk-XY5R3EHH.js} +6 -3
- package/dist/client/client.cjs +135 -0
- package/dist/client/client.d.ts +85 -0
- package/dist/client/client.js +9 -0
- package/dist/client/index.cjs +135 -0
- package/dist/client/index.d.ts +14 -0
- package/dist/client/index.js +10 -0
- package/dist/context.cjs +1237 -0
- package/dist/context.d.ts +16 -0
- package/dist/context.js +28 -0
- package/dist/cookie.cjs +33 -2
- package/dist/cookie.d.ts +9 -5
- package/dist/cookie.js +3 -2
- package/dist/createAuth.cjs +2320 -0
- package/dist/createAuth.d.ts +12 -0
- package/dist/createAuth.js +48 -0
- package/dist/env.cjs +24 -2
- package/dist/env.d.ts +4 -1
- package/dist/env.js +9 -3
- package/dist/errors.cjs +17 -0
- package/dist/errors.d.ts +13 -3
- package/dist/errors.js +5 -1
- package/dist/{index-CSyIJmCM.d.ts → index-_aXtxb_s.d.ts} +383 -13
- package/dist/index.cjs +2135 -1547
- package/dist/index.d.ts +9 -30
- package/dist/index.js +46 -119
- package/dist/jose.cjs +52 -14
- package/dist/jose.d.ts +12 -25
- package/dist/jose.js +11 -3
- package/dist/logger.cjs +132 -0
- package/dist/logger.d.ts +6 -2
- package/dist/logger.js +10 -1
- package/dist/oauth/atlassian.cjs +57 -0
- package/dist/oauth/atlassian.d.ts +12 -0
- package/dist/oauth/atlassian.js +6 -0
- package/dist/oauth/bitbucket.d.ts +6 -2
- package/dist/oauth/discord.d.ts +6 -2
- package/dist/oauth/dropbox.cjs +53 -0
- package/dist/oauth/dropbox.d.ts +12 -0
- package/dist/oauth/dropbox.js +6 -0
- package/dist/oauth/figma.d.ts +6 -2
- package/dist/oauth/github.d.ts +6 -2
- package/dist/oauth/gitlab.d.ts +6 -2
- package/dist/oauth/index.cjs +278 -88
- package/dist/oauth/index.d.ts +6 -2
- package/dist/oauth/index.js +27 -11
- package/dist/oauth/mailchimp.d.ts +6 -2
- package/dist/oauth/notion.cjs +131 -0
- package/dist/oauth/notion.d.ts +12 -0
- package/dist/oauth/notion.js +9 -0
- package/dist/oauth/pinterest.d.ts +6 -2
- package/dist/oauth/spotify.d.ts +6 -2
- package/dist/oauth/strava.d.ts +6 -2
- package/dist/oauth/twitch.cjs +95 -0
- package/dist/oauth/twitch.d.ts +12 -0
- package/dist/oauth/twitch.js +7 -0
- package/dist/oauth/x.d.ts +6 -2
- package/dist/schemas.cjs +84 -51
- package/dist/schemas.d.ts +103 -23
- package/dist/schemas.js +1 -1
- package/dist/secure.cjs +36 -36
- package/dist/secure.d.ts +10 -4
- package/dist/secure.js +7 -6
- package/dist/utils.cjs +109 -3
- package/dist/utils.d.ts +15 -4
- package/dist/utils.js +11 -4
- package/package.json +9 -5
- package/dist/chunk-4EKY7655.js +0 -123
- package/dist/chunk-7QF22LHP.js +0 -67
- package/dist/chunk-ALG3GIV4.js +0 -95
- package/dist/chunk-FRJFWTOY.js +0 -70
- package/dist/chunk-PHFH2MGS.js +0 -36
- package/dist/chunk-QQVSRXGX.js +0 -149
|
@@ -20,131 +20,65 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
20
20
|
// src/actions/signIn/authorization.ts
|
|
21
21
|
var authorization_exports = {};
|
|
22
22
|
__export(authorization_exports, {
|
|
23
|
-
createAuthorizationURL: () => createAuthorizationURL,
|
|
24
23
|
createRedirectTo: () => createRedirectTo,
|
|
25
24
|
createRedirectURI: () => createRedirectURI,
|
|
25
|
+
createSignInURL: () => createSignInURL,
|
|
26
|
+
getBaseURL: () => getBaseURL,
|
|
26
27
|
getOriginURL: () => getOriginURL,
|
|
27
28
|
getTrustedOrigins: () => getTrustedOrigins
|
|
28
29
|
});
|
|
29
30
|
module.exports = __toCommonJS(authorization_exports);
|
|
30
31
|
|
|
32
|
+
// src/env.ts
|
|
33
|
+
var import_meta = {};
|
|
34
|
+
var env = new Proxy({}, {
|
|
35
|
+
get(_, prop) {
|
|
36
|
+
if (typeof prop !== "string") return void 0;
|
|
37
|
+
const hasProperty = (process2) => {
|
|
38
|
+
return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
|
|
39
|
+
};
|
|
40
|
+
try {
|
|
41
|
+
if (typeof process !== "undefined" && hasProperty(process.env)) {
|
|
42
|
+
return process.env[prop];
|
|
43
|
+
}
|
|
44
|
+
if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
|
|
45
|
+
return import_meta.env[prop];
|
|
46
|
+
}
|
|
47
|
+
if (typeof Deno !== "undefined" && Deno.env?.get) {
|
|
48
|
+
return Deno.env.get(prop);
|
|
49
|
+
}
|
|
50
|
+
if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
|
|
51
|
+
return Bun.env[prop];
|
|
52
|
+
}
|
|
53
|
+
const globalValue = globalThis[prop];
|
|
54
|
+
return typeof globalValue === "string" ? globalValue : void 0;
|
|
55
|
+
} catch {
|
|
56
|
+
return void 0;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
});
|
|
60
|
+
var getEnv = (key) => {
|
|
61
|
+
const keys = [`AURA_AUTH_${key.toUpperCase()}`, `AURA_${key.toUpperCase()}`, `AUTH_${key.toUpperCase()}`, key.toUpperCase()];
|
|
62
|
+
return env[keys.find((k) => env[k]) ?? ""];
|
|
63
|
+
};
|
|
64
|
+
|
|
31
65
|
// src/errors.ts
|
|
32
66
|
var AuthInternalError = class extends Error {
|
|
33
67
|
type = "AUTH_INTERNAL_ERROR";
|
|
34
68
|
code;
|
|
35
|
-
constructor(code, message,
|
|
36
|
-
super(message,
|
|
69
|
+
constructor(code, message, options) {
|
|
70
|
+
super(message, options);
|
|
37
71
|
this.code = code;
|
|
38
72
|
this.name = new.target.name;
|
|
39
73
|
Error.captureStackTrace(this, new.target);
|
|
40
74
|
}
|
|
41
75
|
};
|
|
42
76
|
|
|
43
|
-
// src/schemas.ts
|
|
44
|
-
var import_zod = require("zod");
|
|
45
|
-
var OAuthProviderCredentialsSchema = (0, import_zod.object)({
|
|
46
|
-
id: (0, import_zod.string)(),
|
|
47
|
-
name: (0, import_zod.string)(),
|
|
48
|
-
authorizeURL: (0, import_zod.string)().url(),
|
|
49
|
-
accessToken: (0, import_zod.string)().url(),
|
|
50
|
-
scope: (0, import_zod.string)(),
|
|
51
|
-
userInfo: (0, import_zod.string)().url(),
|
|
52
|
-
responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
|
|
53
|
-
clientId: (0, import_zod.string)(),
|
|
54
|
-
clientSecret: (0, import_zod.string)(),
|
|
55
|
-
profile: import_zod.z.function().optional()
|
|
56
|
-
});
|
|
57
|
-
var OAuthProviderConfigSchema = (0, import_zod.object)({
|
|
58
|
-
authorizeURL: (0, import_zod.string)().url(),
|
|
59
|
-
accessToken: (0, import_zod.string)().url(),
|
|
60
|
-
scope: (0, import_zod.string)().optional(),
|
|
61
|
-
userInfo: (0, import_zod.string)().url(),
|
|
62
|
-
responseType: (0, import_zod.enum)(["code", "token", "id_token"]),
|
|
63
|
-
clientId: (0, import_zod.string)(),
|
|
64
|
-
clientSecret: (0, import_zod.string)()
|
|
65
|
-
});
|
|
66
|
-
var OAuthAuthorization = OAuthProviderConfigSchema.extend({
|
|
67
|
-
redirectURI: (0, import_zod.string)(),
|
|
68
|
-
state: (0, import_zod.string)(),
|
|
69
|
-
codeChallenge: (0, import_zod.string)(),
|
|
70
|
-
codeChallengeMethod: (0, import_zod.enum)(["plain", "S256"])
|
|
71
|
-
});
|
|
72
|
-
var OAuthAuthorizationResponse = (0, import_zod.object)({
|
|
73
|
-
state: (0, import_zod.string)({ message: "Missing state parameter in the OAuth authorization response." }),
|
|
74
|
-
code: (0, import_zod.string)({ message: "Missing code parameter in the OAuth authorization response." })
|
|
75
|
-
});
|
|
76
|
-
var OAuthAuthorizationErrorResponse = (0, import_zod.object)({
|
|
77
|
-
error: (0, import_zod.enum)([
|
|
78
|
-
"invalid_request",
|
|
79
|
-
"unauthorized_client",
|
|
80
|
-
"access_denied",
|
|
81
|
-
"unsupported_response_type",
|
|
82
|
-
"invalid_scope",
|
|
83
|
-
"server_error",
|
|
84
|
-
"temporarily_unavailable"
|
|
85
|
-
]),
|
|
86
|
-
error_description: (0, import_zod.string)().optional(),
|
|
87
|
-
error_uri: (0, import_zod.string)().optional(),
|
|
88
|
-
state: (0, import_zod.string)()
|
|
89
|
-
});
|
|
90
|
-
var OAuthAccessToken = OAuthProviderConfigSchema.extend({
|
|
91
|
-
redirectURI: (0, import_zod.string)(),
|
|
92
|
-
code: (0, import_zod.string)(),
|
|
93
|
-
codeVerifier: (0, import_zod.string)().min(43).max(128)
|
|
94
|
-
});
|
|
95
|
-
var OAuthAccessTokenResponse = (0, import_zod.object)({
|
|
96
|
-
access_token: (0, import_zod.string)(),
|
|
97
|
-
token_type: (0, import_zod.string)().optional(),
|
|
98
|
-
expires_in: (0, import_zod.number)().optional(),
|
|
99
|
-
refresh_token: (0, import_zod.string)().optional(),
|
|
100
|
-
scope: (0, import_zod.string)().optional().or((0, import_zod.null)())
|
|
101
|
-
});
|
|
102
|
-
var OAuthAccessTokenErrorResponse = (0, import_zod.object)({
|
|
103
|
-
error: (0, import_zod.enum)([
|
|
104
|
-
"invalid_request",
|
|
105
|
-
"invalid_client",
|
|
106
|
-
"invalid_grant",
|
|
107
|
-
"unauthorized_client",
|
|
108
|
-
"unsupported_grant_type",
|
|
109
|
-
"invalid_scope"
|
|
110
|
-
]),
|
|
111
|
-
error_description: (0, import_zod.string)().optional(),
|
|
112
|
-
error_uri: (0, import_zod.string)().optional()
|
|
113
|
-
});
|
|
114
|
-
var OAuthErrorResponse = (0, import_zod.object)({
|
|
115
|
-
error: (0, import_zod.string)(),
|
|
116
|
-
error_description: (0, import_zod.string)().optional()
|
|
117
|
-
});
|
|
118
|
-
var OAuthEnvSchema = (0, import_zod.object)({
|
|
119
|
-
clientId: import_zod.z.string().min(1, "OAuth Client ID is required in the environment variables."),
|
|
120
|
-
clientSecret: import_zod.z.string().min(1, "OAuth Client Secret is required in the environment variables.")
|
|
121
|
-
});
|
|
122
|
-
|
|
123
77
|
// src/utils.ts
|
|
124
78
|
var import_router = require("@aura-stack/router");
|
|
125
|
-
var toSnakeCase = (str) => {
|
|
126
|
-
return str.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1_$2").toLowerCase().replace(/^_+/, "");
|
|
127
|
-
};
|
|
128
|
-
var toUpperCase = (str) => {
|
|
129
|
-
return str.toUpperCase();
|
|
130
|
-
};
|
|
131
|
-
var toCastCase = (obj, type = "snake") => {
|
|
132
|
-
return Object.entries(obj).reduce((previous, [key, value]) => {
|
|
133
|
-
const newKey = type === "snake" ? toSnakeCase(key) : toUpperCase(key);
|
|
134
|
-
return { ...previous, [newKey]: value };
|
|
135
|
-
}, {});
|
|
136
|
-
};
|
|
137
|
-
var equals = (a, b) => {
|
|
138
|
-
if (a === null || b === null || a === void 0 || b === void 0) return false;
|
|
139
|
-
return a === b;
|
|
140
|
-
};
|
|
141
|
-
var extractPath = (url) => {
|
|
142
|
-
const pathRegex = /^https?:\/\/[a-zA-Z0-9_\-\.]+(:\d+)?(\/.*)$/;
|
|
143
|
-
const match = url.match(pathRegex);
|
|
144
|
-
return match && match[2] ? match[2] : "/";
|
|
145
|
-
};
|
|
146
79
|
|
|
147
80
|
// src/assert.ts
|
|
81
|
+
var import_crypto = require("@aura-stack/jose/crypto");
|
|
148
82
|
var unsafeChars = [
|
|
149
83
|
"<",
|
|
150
84
|
">",
|
|
@@ -233,41 +167,54 @@ var isTrustedOrigin = (url, trustedOrigins) => {
|
|
|
233
167
|
return false;
|
|
234
168
|
};
|
|
235
169
|
|
|
236
|
-
// src/
|
|
237
|
-
var
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
logger?.log("INVALID_OAUTH_CONFIGURATION", {
|
|
241
|
-
structuredData: {
|
|
242
|
-
scope: oauthConfig.scope,
|
|
243
|
-
redirect_uri: redirectURI,
|
|
244
|
-
has_state: Boolean(state),
|
|
245
|
-
has_code_challenge: Boolean(codeChallenge),
|
|
246
|
-
code_challenge_method: codeChallengeMethod
|
|
247
|
-
}
|
|
248
|
-
});
|
|
249
|
-
throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", "The OAuth provider configuration is invalid.");
|
|
250
|
-
}
|
|
251
|
-
const { authorizeURL, ...options2 } = parsed.data;
|
|
252
|
-
const { userInfo, accessToken, clientSecret, ...required } = options2;
|
|
253
|
-
const searchParams = new URLSearchParams(toCastCase(required));
|
|
254
|
-
return `${authorizeURL}?${searchParams}`;
|
|
170
|
+
// src/utils.ts
|
|
171
|
+
var equals = (a, b) => {
|
|
172
|
+
if (a === null || b === null || a === void 0 || b === void 0) return false;
|
|
173
|
+
return a === b;
|
|
255
174
|
};
|
|
175
|
+
var extractPath = (url) => {
|
|
176
|
+
const pathRegex = /^https?:\/\/[a-zA-Z0-9_\-\.]+(:\d+)?(\/.*)$/;
|
|
177
|
+
const match = url.match(pathRegex);
|
|
178
|
+
return match && match[2] ? match[2] : "/";
|
|
179
|
+
};
|
|
180
|
+
|
|
181
|
+
// src/actions/signIn/authorization.ts
|
|
256
182
|
var getTrustedOrigins = async (request, trustedOrigins) => {
|
|
257
183
|
if (!trustedOrigins) return [];
|
|
258
184
|
const raw = typeof trustedOrigins === "function" ? await trustedOrigins(request) : trustedOrigins;
|
|
259
185
|
return Array.isArray(raw) ? raw : typeof raw === "string" ? [raw] : [];
|
|
260
186
|
};
|
|
187
|
+
var getBaseURL = async ({
|
|
188
|
+
ctx,
|
|
189
|
+
request,
|
|
190
|
+
headers: headersInit
|
|
191
|
+
}) => {
|
|
192
|
+
const origin = getEnv("BASE_URL") || ctx?.baseURL;
|
|
193
|
+
if (origin && origin !== "/") return origin;
|
|
194
|
+
if (ctx?.trustedProxyHeaders) {
|
|
195
|
+
const headers = headersInit && new Headers(headersInit) || request?.headers;
|
|
196
|
+
const protocol = headers?.get("Forwarded")?.match(/proto=([^;]+)/i)?.[1] ?? headers?.get("X-Forwarded-Proto") ?? "http";
|
|
197
|
+
const host = headers?.get("Host") ?? headers?.get("Forwarded")?.match(/host=([^;]+)/i)?.[1] ?? headers?.get("X-Forwarded-Host") ?? null;
|
|
198
|
+
if (host) return `${protocol}://${host}`;
|
|
199
|
+
throw new AuthInternalError(
|
|
200
|
+
"INVALID_OAUTH_CONFIGURATION",
|
|
201
|
+
"The URL cannot be constructed. Please set the BASE_URL environment variable or provide trusted proxy host headers."
|
|
202
|
+
);
|
|
203
|
+
}
|
|
204
|
+
try {
|
|
205
|
+
return new URL(request?.url ?? "not-found").origin;
|
|
206
|
+
} catch (error) {
|
|
207
|
+
throw new AuthInternalError(
|
|
208
|
+
"INVALID_OAUTH_CONFIGURATION",
|
|
209
|
+
"The URL cannot be constructed. Please set the BASE_URL environment variable or enable trustedProxyHeaders.",
|
|
210
|
+
{ cause: error }
|
|
211
|
+
);
|
|
212
|
+
}
|
|
213
|
+
};
|
|
261
214
|
var getOriginURL = async (request, context) => {
|
|
262
|
-
const headers = request.headers;
|
|
263
|
-
let origin = new URL(request.url).origin;
|
|
264
215
|
const trustedOrigins = await getTrustedOrigins(request, context?.trustedOrigins);
|
|
265
|
-
trustedOrigins.push(origin);
|
|
266
|
-
|
|
267
|
-
const protocol = headers.get("Forwarded")?.match(/proto=([^;]+)/i)?.[1] ?? headers.get("X-Forwarded-Proto") ?? "http";
|
|
268
|
-
const host = headers.get("Host") ?? headers.get("Forwarded")?.match(/host=([^;]+)/i)?.[1] ?? headers.get("X-Forwarded-Host") ?? null;
|
|
269
|
-
origin = `${protocol}://${host}`;
|
|
270
|
-
}
|
|
216
|
+
trustedOrigins.push(new URL(request.url).origin);
|
|
217
|
+
const origin = await getBaseURL({ request, ctx: context });
|
|
271
218
|
if (!isTrustedOrigin(origin, trustedOrigins)) {
|
|
272
219
|
context?.logger?.log("UNTRUSTED_ORIGIN", { structuredData: { origin } });
|
|
273
220
|
throw new AuthInternalError("UNTRUSTED_ORIGIN", "The constructed origin URL is not trusted.");
|
|
@@ -278,6 +225,17 @@ var createRedirectURI = async (request, oauth, context) => {
|
|
|
278
225
|
const origin = await getOriginURL(request, context);
|
|
279
226
|
return `${origin}${context.basePath}/callback/${oauth}`;
|
|
280
227
|
};
|
|
228
|
+
var createSignInURL = async ({
|
|
229
|
+
request,
|
|
230
|
+
oauth,
|
|
231
|
+
ctx,
|
|
232
|
+
redirectTo
|
|
233
|
+
}) => {
|
|
234
|
+
const origin = await getOriginURL(request, ctx);
|
|
235
|
+
const searchParams = new URLSearchParams();
|
|
236
|
+
if (redirectTo !== void 0) searchParams.set("redirectTo", String(redirectTo));
|
|
237
|
+
return `${origin}${ctx.basePath}/signIn/${oauth}?${searchParams.toString()}`;
|
|
238
|
+
};
|
|
281
239
|
var createRedirectTo = async (request, redirectTo, context) => {
|
|
282
240
|
try {
|
|
283
241
|
const headers = request.headers;
|
|
@@ -314,9 +272,10 @@ var createRedirectTo = async (request, redirectTo, context) => {
|
|
|
314
272
|
};
|
|
315
273
|
// Annotate the CommonJS export names for ESM import in node:
|
|
316
274
|
0 && (module.exports = {
|
|
317
|
-
createAuthorizationURL,
|
|
318
275
|
createRedirectTo,
|
|
319
276
|
createRedirectURI,
|
|
277
|
+
createSignInURL,
|
|
278
|
+
getBaseURL,
|
|
320
279
|
getOriginURL,
|
|
321
280
|
getTrustedOrigins
|
|
322
281
|
});
|
|
@@ -1,30 +1,25 @@
|
|
|
1
|
+
import { A as AuthConfig } from '../../index-_aXtxb_s.js';
|
|
1
2
|
import { GlobalContext } from '@aura-stack/router';
|
|
2
|
-
import { h as OAuthProviderCredentials, I as InternalLogger, d as AuthConfig } from '../../index-CSyIJmCM.js';
|
|
3
3
|
import 'zod';
|
|
4
4
|
import '../../schemas.js';
|
|
5
|
-
import '
|
|
5
|
+
import 'zod/v4';
|
|
6
6
|
import '@aura-stack/jose';
|
|
7
7
|
import '@aura-stack/jose/jose';
|
|
8
|
+
import '@aura-stack/jose/crypto';
|
|
8
9
|
import '@aura-stack/router/cookie';
|
|
9
10
|
import '../../@types/utility.js';
|
|
11
|
+
import 'jose';
|
|
12
|
+
import 'zod/v4/core';
|
|
10
13
|
|
|
11
|
-
/**
|
|
12
|
-
* Constructs the request URI for the Authorization Request to the third-party OAuth service. It includes
|
|
13
|
-
* the necessary query parameters such as `client_id`, `redirect_uri`, `response_type`, `scope`, `state`,
|
|
14
|
-
* `code_challenge`, and `code_challenge_method`.
|
|
15
|
-
*
|
|
16
|
-
* @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
|
|
17
|
-
* @see https://datatracker.ietf.org/doc/html/rfc7636#section-4
|
|
18
|
-
*
|
|
19
|
-
* @param oauthConfig - The OAuth configuration for the third-party service.
|
|
20
|
-
* @param redirectURI - The redirect URI where the OAuth service will send the user after authorization.
|
|
21
|
-
* @param state - A unique string used to maintain state between the request and callback.
|
|
22
|
-
*/
|
|
23
|
-
declare const createAuthorizationURL: (oauthConfig: OAuthProviderCredentials, redirectURI: string, state: string, codeChallenge: string, codeChallengeMethod: string, logger?: InternalLogger) => string;
|
|
24
14
|
/**
|
|
25
15
|
* Resolves trusted origins from config (array or function).
|
|
26
16
|
*/
|
|
27
17
|
declare const getTrustedOrigins: (request: Request, trustedOrigins: AuthConfig["trustedOrigins"]) => Promise<string[]>;
|
|
18
|
+
declare const getBaseURL: ({ ctx, request, headers: headersInit, }: {
|
|
19
|
+
ctx?: GlobalContext;
|
|
20
|
+
request?: Request;
|
|
21
|
+
headers?: HeadersInit;
|
|
22
|
+
}) => Promise<string>;
|
|
28
23
|
declare const getOriginURL: (request: Request, context?: GlobalContext) => Promise<string>;
|
|
29
24
|
/**
|
|
30
25
|
* Creates the redirect URI for the OAuth callback based on the original request URL and the OAuth provider.
|
|
@@ -35,6 +30,12 @@ declare const getOriginURL: (request: Request, context?: GlobalContext) => Promi
|
|
|
35
30
|
* @returns The redirect URI for the OAuth callback.
|
|
36
31
|
*/
|
|
37
32
|
declare const createRedirectURI: (request: Request, oauth: string, context: GlobalContext) => Promise<string>;
|
|
33
|
+
declare const createSignInURL: ({ request, oauth, ctx, redirectTo, }: {
|
|
34
|
+
request: Request;
|
|
35
|
+
oauth: string;
|
|
36
|
+
ctx: GlobalContext;
|
|
37
|
+
redirectTo?: string;
|
|
38
|
+
}) => Promise<string>;
|
|
38
39
|
/**
|
|
39
40
|
* Verifies if the request's origin matches the expected origin. It accepts the redirectTo search
|
|
40
41
|
* parameter for redirection. It checks the Referer and Origin headers and the request URL against
|
|
@@ -50,4 +51,4 @@ declare const createRedirectURI: (request: Request, oauth: string, context: Glob
|
|
|
50
51
|
*/
|
|
51
52
|
declare const createRedirectTo: (request: Request, redirectTo?: string, context?: GlobalContext) => Promise<string>;
|
|
52
53
|
|
|
53
|
-
export {
|
|
54
|
+
export { createRedirectTo, createRedirectURI, createSignInURL, getBaseURL, getOriginURL, getTrustedOrigins };
|
|
@@ -1,18 +1,19 @@
|
|
|
1
1
|
import {
|
|
2
|
-
createAuthorizationURL,
|
|
3
2
|
createRedirectTo,
|
|
4
3
|
createRedirectURI,
|
|
4
|
+
createSignInURL,
|
|
5
|
+
getBaseURL,
|
|
5
6
|
getOriginURL,
|
|
6
7
|
getTrustedOrigins
|
|
7
|
-
} from "../../chunk-
|
|
8
|
-
import "../../chunk-
|
|
9
|
-
import "../../chunk-
|
|
10
|
-
import "../../chunk-
|
|
11
|
-
import "../../chunk-RRLIF4PQ.js";
|
|
8
|
+
} from "../../chunk-LATR3NIV.js";
|
|
9
|
+
import "../../chunk-LX3TJ2TJ.js";
|
|
10
|
+
import "../../chunk-WHNDRO3N.js";
|
|
11
|
+
import "../../chunk-U5663F2U.js";
|
|
12
12
|
export {
|
|
13
|
-
createAuthorizationURL,
|
|
14
13
|
createRedirectTo,
|
|
15
14
|
createRedirectURI,
|
|
15
|
+
createSignInURL,
|
|
16
|
+
getBaseURL,
|
|
16
17
|
getOriginURL,
|
|
17
18
|
getTrustedOrigins
|
|
18
19
|
};
|