@aura-stack/auth 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (179) hide show
  1. package/README.md +36 -1
  2. package/dist/@types/index.cjs +0 -18
  3. package/dist/@types/index.d.ts +2 -8
  4. package/dist/@types/index.js +0 -1
  5. package/dist/assert-B3iQSYlK.js +3 -0
  6. package/dist/assert-NJGroSJd.cjs +3 -0
  7. package/dist/client/index.cjs +1 -0
  8. package/dist/client/index.d.ts +11 -0
  9. package/dist/client/index.js +1 -0
  10. package/dist/crypto-Bz8nIciY.js +1 -0
  11. package/dist/crypto-CoXA5w_4.cjs +1 -0
  12. package/dist/env-bq387KyP.cjs +1 -0
  13. package/dist/env-nvh8QBNz.js +1 -0
  14. package/dist/errors-CCYPHuBO.cjs +1 -0
  15. package/dist/errors-DFWHOho6.js +1 -0
  16. package/dist/index-BkpwQ0l4.d.cts +2279 -0
  17. package/dist/index-nqLV2t91.d.ts +2279 -0
  18. package/dist/index.cjs +1 -1839
  19. package/dist/index.d.cts +2 -0
  20. package/dist/index.d.ts +2 -35
  21. package/dist/index.js +1 -132
  22. package/dist/logger-C59_CDMk.js +1 -0
  23. package/dist/logger-UnUhYL2V.cjs +1 -0
  24. package/dist/oauth/atlassian.cjs +1 -0
  25. package/dist/oauth/atlassian.d.ts +2 -0
  26. package/dist/oauth/atlassian.js +1 -0
  27. package/dist/oauth/bitbucket.cjs +1 -49
  28. package/dist/oauth/bitbucket.d.ts +2 -8
  29. package/dist/oauth/bitbucket.js +1 -6
  30. package/dist/oauth/discord.cjs +1 -57
  31. package/dist/oauth/discord.d.ts +2 -8
  32. package/dist/oauth/discord.js +1 -6
  33. package/dist/oauth/dropbox.cjs +1 -0
  34. package/dist/oauth/dropbox.d.ts +2 -0
  35. package/dist/oauth/dropbox.js +1 -0
  36. package/dist/oauth/figma.cjs +1 -49
  37. package/dist/oauth/figma.d.ts +2 -8
  38. package/dist/oauth/figma.js +1 -6
  39. package/dist/oauth/github.cjs +1 -49
  40. package/dist/oauth/github.d.ts +2 -8
  41. package/dist/oauth/github.js +1 -6
  42. package/dist/oauth/gitlab.cjs +1 -49
  43. package/dist/oauth/gitlab.d.ts +2 -8
  44. package/dist/oauth/gitlab.js +1 -6
  45. package/dist/oauth/index.cjs +1 -483
  46. package/dist/oauth/index.d.ts +2 -8
  47. package/dist/oauth/index.js +1 -52
  48. package/dist/oauth/mailchimp.cjs +1 -49
  49. package/dist/oauth/mailchimp.d.ts +2 -8
  50. package/dist/oauth/mailchimp.js +1 -6
  51. package/dist/oauth/notion.cjs +1 -0
  52. package/dist/oauth/notion.d.ts +2 -0
  53. package/dist/oauth/notion.js +1 -0
  54. package/dist/oauth/pinterest.cjs +1 -49
  55. package/dist/oauth/pinterest.d.ts +2 -8
  56. package/dist/oauth/pinterest.js +1 -6
  57. package/dist/oauth/spotify.cjs +1 -49
  58. package/dist/oauth/spotify.d.ts +2 -8
  59. package/dist/oauth/spotify.js +1 -6
  60. package/dist/oauth/strava.cjs +1 -49
  61. package/dist/oauth/strava.d.ts +2 -8
  62. package/dist/oauth/strava.js +1 -6
  63. package/dist/oauth/twitch.cjs +1 -0
  64. package/dist/oauth/twitch.d.ts +2 -0
  65. package/dist/oauth/twitch.js +1 -0
  66. package/dist/oauth/x.cjs +1 -49
  67. package/dist/oauth/x.d.ts +2 -8
  68. package/dist/oauth/x.js +1 -6
  69. package/dist/oauth-BntNm6aE.cjs +1 -0
  70. package/dist/oauth-DmHy9VrB.js +1 -0
  71. package/dist/shared/crypto.cjs +1 -0
  72. package/dist/shared/crypto.d.ts +47 -0
  73. package/dist/shared/crypto.js +1 -0
  74. package/dist/shared/identity.cjs +1 -0
  75. package/dist/shared/identity.d.ts +2 -0
  76. package/dist/shared/identity.js +1 -0
  77. package/dist/shared/index.cjs +1 -0
  78. package/dist/shared/index.d.ts +5 -0
  79. package/dist/shared/index.js +1 -0
  80. package/package.json +39 -12
  81. package/dist/@types/router.d.cjs +0 -1
  82. package/dist/@types/router.d.d.ts +0 -12
  83. package/dist/@types/router.d.js +0 -0
  84. package/dist/@types/utility.cjs +0 -18
  85. package/dist/@types/utility.d.ts +0 -6
  86. package/dist/@types/utility.js +0 -1
  87. package/dist/actions/callback/access-token.cjs +0 -206
  88. package/dist/actions/callback/access-token.d.ts +0 -29
  89. package/dist/actions/callback/access-token.js +0 -9
  90. package/dist/actions/callback/callback.cjs +0 -649
  91. package/dist/actions/callback/callback.d.ts +0 -13
  92. package/dist/actions/callback/callback.js +0 -19
  93. package/dist/actions/callback/userinfo.cjs +0 -250
  94. package/dist/actions/callback/userinfo.d.ts +0 -21
  95. package/dist/actions/callback/userinfo.js +0 -14
  96. package/dist/actions/csrfToken/csrfToken.cjs +0 -197
  97. package/dist/actions/csrfToken/csrfToken.d.ts +0 -5
  98. package/dist/actions/csrfToken/csrfToken.js +0 -14
  99. package/dist/actions/index.cjs +0 -954
  100. package/dist/actions/index.d.ts +0 -14
  101. package/dist/actions/index.js +0 -36
  102. package/dist/actions/session/session.cjs +0 -136
  103. package/dist/actions/session/session.d.ts +0 -5
  104. package/dist/actions/session/session.js +0 -10
  105. package/dist/actions/signIn/authorization.cjs +0 -322
  106. package/dist/actions/signIn/authorization.d.ts +0 -53
  107. package/dist/actions/signIn/authorization.js +0 -18
  108. package/dist/actions/signIn/signIn.cjs +0 -467
  109. package/dist/actions/signIn/signIn.d.ts +0 -13
  110. package/dist/actions/signIn/signIn.js +0 -15
  111. package/dist/actions/signOut/signOut.cjs +0 -493
  112. package/dist/actions/signOut/signOut.d.ts +0 -8
  113. package/dist/actions/signOut/signOut.js +0 -16
  114. package/dist/assert.cjs +0 -161
  115. package/dist/assert.d.ts +0 -33
  116. package/dist/assert.js +0 -26
  117. package/dist/chunk-4EKY7655.js +0 -123
  118. package/dist/chunk-4MYWAOLG.js +0 -31
  119. package/dist/chunk-4YHJ4IEQ.js +0 -25
  120. package/dist/chunk-54CZPKR4.js +0 -25
  121. package/dist/chunk-5LZ7TOM3.js +0 -25
  122. package/dist/chunk-5W4BRQYG.js +0 -201
  123. package/dist/chunk-6MXFPFR3.js +0 -143
  124. package/dist/chunk-7QF22LHP.js +0 -67
  125. package/dist/chunk-ALG3GIV4.js +0 -95
  126. package/dist/chunk-E6G5YCI6.js +0 -25
  127. package/dist/chunk-EBAMFRB7.js +0 -34
  128. package/dist/chunk-EEE7UM5T.js +0 -25
  129. package/dist/chunk-FRJFWTOY.js +0 -70
  130. package/dist/chunk-FW4W3REU.js +0 -25
  131. package/dist/chunk-ICAZ4OVS.js +0 -37
  132. package/dist/chunk-IPKO6UQN.js +0 -25
  133. package/dist/chunk-ITQ7352M.js +0 -0
  134. package/dist/chunk-KJBAQZX2.js +0 -92
  135. package/dist/chunk-KMMAZFSJ.js +0 -25
  136. package/dist/chunk-LDU7A2JE.js +0 -25
  137. package/dist/chunk-NUDITUKX.js +0 -73
  138. package/dist/chunk-OVHNRULD.js +0 -33
  139. package/dist/chunk-PG7UYFG5.js +0 -0
  140. package/dist/chunk-PHFH2MGS.js +0 -36
  141. package/dist/chunk-QQVSRXGX.js +0 -149
  142. package/dist/chunk-RRLIF4PQ.js +0 -55
  143. package/dist/chunk-TM5IPSNF.js +0 -113
  144. package/dist/chunk-TZB6MUXN.js +0 -78
  145. package/dist/chunk-VNCNJKS2.js +0 -267
  146. package/dist/chunk-XGLBNXL4.js +0 -75
  147. package/dist/chunk-XUP6KKNG.js +0 -106
  148. package/dist/chunk-ZNCZVF6U.js +0 -14
  149. package/dist/cookie.cjs +0 -246
  150. package/dist/cookie.d.ts +0 -85
  151. package/dist/cookie.js +0 -29
  152. package/dist/env.cjs +0 -56
  153. package/dist/env.d.ts +0 -7
  154. package/dist/env.js +0 -6
  155. package/dist/errors.cjs +0 -85
  156. package/dist/errors.d.ts +0 -50
  157. package/dist/errors.js +0 -18
  158. package/dist/headers.cjs +0 -61
  159. package/dist/headers.d.ts +0 -33
  160. package/dist/headers.js +0 -12
  161. package/dist/index-CSyIJmCM.d.ts +0 -1007
  162. package/dist/jose.cjs +0 -128
  163. package/dist/jose.d.ts +0 -25
  164. package/dist/jose.js +0 -12
  165. package/dist/logger.cjs +0 -292
  166. package/dist/logger.d.ts +0 -8
  167. package/dist/logger.js +0 -8
  168. package/dist/request.cjs +0 -38
  169. package/dist/request.d.ts +0 -13
  170. package/dist/request.js +0 -6
  171. package/dist/schemas.cjs +0 -125
  172. package/dist/schemas.d.ts +0 -149
  173. package/dist/schemas.js +0 -24
  174. package/dist/secure.cjs +0 -170
  175. package/dist/secure.d.ts +0 -35
  176. package/dist/secure.js +0 -19
  177. package/dist/utils.cjs +0 -223
  178. package/dist/utils.d.ts +0 -24
  179. package/dist/utils.js +0 -29
package/README.md CHANGED
@@ -5,6 +5,7 @@
5
5
  **Core authentication library for the Aura Stack ecosystem**
6
6
 
7
7
  [![npm version](https://img.shields.io/npm/v/@aura-stack/auth.svg)](https://www.npmjs.com/package/@aura-stack/auth)
8
+ [![JSR version](https://jsr.io/badges/@aura-stack/auth)](https://jsr.io/@aura-stack/auth)
8
9
  [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
9
10
 
10
11
  [Official Docs](https://aura-stack-auth.vercel.app/docs) · [Core Package Docs](https://aura-stack-auth.vercel.app/docs/packages/core)
@@ -27,13 +28,47 @@ Inspired by [Auth.js](https://authjs.dev/), Aura Auth focuses on simplicity, dev
27
28
  - **Extensible architecture** — Easily integrate with `@aura-stack/router` or custom routing layers.
28
29
  - **Framework-agnostic** — Works seamlessly in any environment that supports the Web Request/Response APIs.
29
30
 
31
+ ## Installation
32
+
33
+ ```bash
34
+ pnpm add @aura-stack/auth
35
+ ```
36
+
37
+ ## Quick Start
38
+
39
+ ### 1. Create Auth Instance
40
+
41
+ Configure your auth instance in a shared file (e.g., `lib/auth.ts`).
42
+
43
+ ```ts
44
+ import { createAuth } from "@aura-stack/auth"
45
+
46
+ export const auth = createAuth({
47
+ oauth: ["github"],
48
+ })
49
+
50
+ export const { api, jose handlers } = auth
51
+ ```
52
+
53
+ ### 2. Creat Auth Client Instance
54
+
55
+ Configure your auth client instance in a shared file (e.g., `lib/auth-client.ts`).
56
+
57
+ ```ts
58
+ import { createAuthClient } from "@aura-stack/auth/client"
59
+
60
+ export const authClient = createAuth({
61
+ baseURL: "http://localhost:3000",
62
+ })
63
+ ```
64
+
30
65
  ## Documentation
31
66
 
32
67
  Visit the [**official documentation website**](https://aura-stack-auth.vercel.app).
33
68
 
34
69
  ## License
35
70
 
36
- Licensed under the [MIT License](LICENSE). © [Aura Stack](https://github.com/aura-stack-ts)
71
+ Licensed under the [MIT License](../../LICENSE). © [Aura Stack](https://github.com/aura-stack-ts)
37
72
 
38
73
  ---
39
74
 
@@ -1,18 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __copyProps = (to, from, except, desc) => {
7
- if (from && typeof from === "object" || typeof from === "function") {
8
- for (let key of __getOwnPropNames(from))
9
- if (!__hasOwnProp.call(to, key) && key !== except)
10
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
11
- }
12
- return to;
13
- };
14
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
15
-
16
- // src/@types/index.ts
17
- var types_exports = {};
18
- module.exports = __toCommonJS(types_exports);
@@ -1,8 +1,2 @@
1
- import 'zod';
2
- export { j as APIErrorMap, a6 as AccessTokenError, d as AuthConfig, e as AuthInstance, b as AuthInternalErrorCode, A as AuthRuntimeConfig, c as AuthSecurityErrorCode, a5 as AuthorizationError, C as CookieConfig, a3 as CookieName, a as CookieStoreConfig, a2 as CookieStrategyAttributes, E as ErrorType, a0 as HostCookie, I as InternalLogger, J as JWTPayloadWithToken, _ as JWTStandardClaims, f as JoseInstance, i as LogLevel, L as Logger, a8 as OAuthEnv, a4 as OAuthError, O as OAuthProvider, g as OAuthProviderConfig, h as OAuthProviderCredentials, k as OAuthProviderRecord, R as RouterGlobalContext, $ as SecureCookie, S as Session, a9 as Severity, a1 as StandardCookie, aa as SyslogOptions, a7 as TokenRevocationError, T as TrustedOrigin, U as User } from '../index-CSyIJmCM.js';
3
- import '../schemas.js';
4
- import '../jose.js';
5
- import '@aura-stack/router/cookie';
6
- export { LiteralUnion, Prettify } from './utility.js';
7
- import '@aura-stack/jose/jose';
8
- import '@aura-stack/jose';
1
+ import { $ as JWTConfigBase, A as APIErrorMap, At as IdentityConfig, B as DeepPartial, Bt as SyslogOptions, C as SignOutAPIReturn, Ct as CookieName, D as UpdateSessionAPIReturn, Dt as CredentialsProvider, E as UpdateSessionAPIOptions, Et as CredentialsPayload, F as ErrorType, Ft as Logger, G as InferShape, Gt as OAuthProviderCredentials, H as EditableShape, Hn as UserShape, Ht as AuthorizeParams, I as OAuthError, It as RouterGlobalContext, J as Prettify, Jt as BuiltInOAuthProvider, K as LiteralUnion, Kt as OAuthProviderRecord, L as TokenRevocationError, Lt as SecureCookie, M as AuthInternalErrorCode, Mt as InternalLogger, N as AuthSecurityErrorCode, Nt as JoseInstance, O as UpdateSessionOptions, Ot as CredentialsProviderContext, P as AuthorizationError, Pt as LogLevel, Q as JWTConfig, Rt as Severity, S as SignOutAPIOptions, St as CookieConfig, T as SignOutReturn, Tt as CookieStrategyAttributes, U as InferAuthIdentity, Ut as OAuthProvider, V as DeepRequired, Vn as UserIdentityType, Vt as TrustedOrigin, W as InferIdentity, Wt as OAuthProviderConfig, X as CreateSessionStrategyOptions, Y as ShapeToObject, Z as GetStatelessSessionReturn, _ as SignInCredentialsAPIReturn, _t as User, a as OAuthEnv, at as JWTManager, b as SignInOptions, bt as AuthInstance, c as APIOptionsWithRequest, ct as JWTSignedMode, d as GetSessionAPIOptions, dt as KeyPair, et as JWTEncryptedMode, f as GetSessionAPIReturn, ft as SecretKey, g as SignInCredentialsAPIOptions, gt as StatelessStrategyConfig, h as SignInAPIReturn, ht as SessionStrategy, i as JWTStandardClaims, it as JWTKeyAlgorithm, j as AccessTokenError, jt as InternalContext, k as UpdateSessionReturn, kt as HostCookie, l as APIOptionsWithSkipCSRFCheck, lt as JWTSigningAlgorithm, m as SignInAPIOptions, mt as SessionConfig, n as AuthClientOptions, nt as JWTExpirationStrategy, o as TypedJWTPayload, ot as JWTMode, p as OptionsWithRedirectTo, pt as Session, q as Merge, qt as ResponseType, r as JWTPayloadWithToken, rt as JWTKey, s as APIOptionsWithRedirectTo, st as JWTSealedMode, t as AuthClient, tt as JWTEncryptionAlgorithm, u as FunctionAPIContext, ut as JWTStrategyOptions, v as SignInCredentialsOptions, vt as AuthAPI, w as SignOutOptions, wt as CookieStoreConfig, x as SignInReturn, xt as AuthRuntimeConfig, y as SignInCredentialsReturn, yt as AuthConfig, z as AuthResponse, zt as StandardCookie } from "../index-nqLV2t91.js";
2
+ export { APIErrorMap, APIOptionsWithRedirectTo, APIOptionsWithRequest, APIOptionsWithSkipCSRFCheck, AccessTokenError, AuthAPI, AuthClient, AuthClientOptions, AuthConfig, AuthInstance, AuthInternalErrorCode, AuthResponse, AuthRuntimeConfig, AuthSecurityErrorCode, AuthorizationError, AuthorizeParams, BuiltInOAuthProvider, CookieConfig, CookieName, CookieStoreConfig, CookieStrategyAttributes, CreateSessionStrategyOptions, CredentialsPayload, CredentialsProvider, CredentialsProviderContext, DeepPartial, DeepRequired, EditableShape, ErrorType, FunctionAPIContext, GetSessionAPIOptions, GetSessionAPIReturn, GetStatelessSessionReturn, HostCookie, IdentityConfig, InferAuthIdentity, InferIdentity, InferShape, InternalContext, InternalLogger, JWTConfig, JWTConfigBase, JWTEncryptedMode, JWTEncryptionAlgorithm, JWTExpirationStrategy, JWTKey, JWTKeyAlgorithm, JWTManager, JWTMode, JWTPayloadWithToken, JWTSealedMode, JWTSignedMode, JWTSigningAlgorithm, JWTStandardClaims, JWTStrategyOptions, JoseInstance, KeyPair, LiteralUnion, LogLevel, Logger, Merge, OAuthEnv, OAuthError, OAuthProvider, OAuthProviderConfig, OAuthProviderCredentials, OAuthProviderRecord, OptionsWithRedirectTo, Prettify, ResponseType, RouterGlobalContext, SecretKey, SecureCookie, Session, SessionConfig, SessionStrategy, Severity, ShapeToObject, SignInAPIOptions, SignInAPIReturn, SignInCredentialsAPIOptions, SignInCredentialsAPIReturn, SignInCredentialsOptions, SignInCredentialsReturn, SignInOptions, SignInReturn, SignOutAPIOptions, SignOutAPIReturn, SignOutOptions, SignOutReturn, StandardCookie, StatelessStrategyConfig, SyslogOptions, TokenRevocationError, TrustedOrigin, TypedJWTPayload, UpdateSessionAPIOptions, UpdateSessionAPIReturn, UpdateSessionOptions, UpdateSessionReturn, User, UserIdentityType, UserShape };
@@ -1 +0,0 @@
1
- import "../chunk-PG7UYFG5.js";
@@ -0,0 +1,3 @@
1
+ import{n as e}from"./errors-DFWHOho6.js";import{n as t}from"./env-nvh8QBNz.js";import{encoder as n}from"@aura-stack/jose/crypto";const r=`0.5.0`,i=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,a=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},o=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),s=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},c=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,l=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},u=(e,t)=>{let r=n.encode(e),i=n.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},d=(r,i)=>{let a=t(r)??r,o=t(i)??i;if(!a||!o)throw new e(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encode(s)));return`Basic ${btoa(c)}`},f=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),p=[`<`,`>`,`"`,"`",` `,`\r`,`
2
+ `,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
3
+ `,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],m=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of p)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},h=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,g=e=>{if(e.length>100)return!1;for(let t of p)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},_=(e,t)=>{let n=new URL(e),r=new URL(t);return i(n.origin,r.origin)},v=(e,t)=>{if(!m(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(l(e)?.test(n))return!0;try{if(m(e)&&i(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},y=e=>e?.jwt?.mode??`sealed`,b=e=>y(e)===`signed`,x=e=>y(e)===`encrypted`,S=e=>y(e)===`sealed`;export{u as _,S as a,m as c,i as d,s as f,l as g,a as h,_ as i,r as l,c as m,h as n,b as o,o as p,g as r,v as s,x as t,d as u,f as v};
@@ -0,0 +1,3 @@
1
+ const e=require(`./errors-CCYPHuBO.cjs`),t=require(`./env-bq387KyP.cjs`);let n=require(`@aura-stack/jose/crypto`);const r=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,i=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},a=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),o=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},s=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,c=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},l=(e,t)=>{let r=n.encoder.encode(e),i=n.encoder.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},u=(r,i)=>{let a=t.n(r)??r,o=t.n(i)??i;if(!a||!o)throw new e.n(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encoder.encode(s)));return`Basic ${btoa(c)}`},d=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),f=[`<`,`>`,`"`,"`",` `,`\r`,`
2
+ `,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
3
+ `,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],p=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of f)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},m=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,h=e=>{if(e.length>100)return!1;for(let t of f)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},g=(e,t)=>{let n=new URL(e),i=new URL(t);return r(n.origin,i.origin)},_=(e,t)=>{if(!p(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(c(e)?.test(n))return!0;try{if(p(e)&&r(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},v=e=>e?.jwt?.mode??`sealed`,y=e=>v(e)===`signed`,b=e=>v(e)===`encrypted`,x=e=>v(e)===`sealed`;Object.defineProperty(exports,`_`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return p}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`g`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`h`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return`0.5.0`}}),Object.defineProperty(exports,`m`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`p`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return u}}),Object.defineProperty(exports,`v`,{enumerable:!0,get:function(){return d}});
@@ -0,0 +1 @@
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../errors-CCYPHuBO.cjs`),t=require(`@aura-stack/router`).createClient,n=n=>{if(typeof window>`u`&&!n.baseURL)throw new e.t("`baseURL` is required when createAuthClient is used outside the browser.");let r=t({cache:`no-store`,credentials:`include`,baseURL:n.baseURL??window.location.origin,...n}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let n=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{...t,redirect:!1}})).json();return(t?.redirect??!0)&&typeof window<`u`&&n?.signInURL&&window.location.assign(n.signInURL),n}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async e=>{try{let t=await(await r.post(`/signIn/credentials`,{body:e.payload,searchParams:{redirectTo:e?.redirectTo}})).json();return(e?.redirect??!0)&&typeof window<`u`&&t?.redirectURL&&window.location.assign(t.redirectURL),t}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e.t(`Failed to fetch CSRF token for session update.`);let{session:a}=t??{};if(!a)return{success:!1,session:null};let o=a.user??{},s=await(await r.patch(`/session`,{body:{user:o,expires:a.expires?new Date(a.expires):void 0},headers:{"X-CSRF-Token":n}})).json();return(t.redirect??!0)&&typeof window<`u`&&s?.redirectURL&&window.location.assign(s.redirectURL),s}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e.t(`Failed to fetch CSRF token for sign-out.`);let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return(t?.redirect??!0)&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};exports.createAuthClient=n;
@@ -0,0 +1,11 @@
1
+ import { Jt as BuiltInOAuthProvider, K as LiteralUnion, O as UpdateSessionOptions, T as SignOutReturn, _t as User, b as SignInOptions, k as UpdateSessionReturn, n as AuthClientOptions, pt as Session, v as SignInCredentialsOptions, w as SignOutOptions, x as SignInReturn, y as SignInCredentialsReturn } from "../index-nqLV2t91.js";
2
+ //#region src/client/client.d.ts
3
+ declare const createAuthClient: <DefaultUser extends User = User>(options: AuthClientOptions) => {
4
+ getSession: () => Promise<Session<DefaultUser> | null>;
5
+ signIn: <Options extends SignInOptions>(oauth: LiteralUnion<BuiltInOAuthProvider>, options?: Options) => Promise<SignInReturn<Options>>;
6
+ signInCredentials: <Options extends SignInCredentialsOptions>(options: Options) => Promise<SignInCredentialsReturn<Options>>;
7
+ updateSession: <Options extends UpdateSessionOptions<DefaultUser>>(options: Options) => Promise<UpdateSessionReturn<Options, DefaultUser>>;
8
+ signOut: <Options extends SignOutOptions>(options?: Options) => Promise<SignOutReturn<Options>>;
9
+ };
10
+ //#endregion
11
+ export { type AuthClientOptions, createAuthClient };
@@ -0,0 +1 @@
1
+ import{t as e}from"../errors-DFWHOho6.js";import{createClient as t}from"@aura-stack/router";const n=t,r=t=>{if(typeof window>`u`&&!t.baseURL)throw new e("`baseURL` is required when createAuthClient is used outside the browser.");let r=n({cache:`no-store`,credentials:`include`,baseURL:t.baseURL??window.location.origin,...t}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let n=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{...t,redirect:!1}})).json();return(t?.redirect??!0)&&typeof window<`u`&&n?.signInURL&&window.location.assign(n.signInURL),n}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async e=>{try{let t=await(await r.post(`/signIn/credentials`,{body:e.payload,searchParams:{redirectTo:e?.redirectTo}})).json();return(e?.redirect??!0)&&typeof window<`u`&&t?.redirectURL&&window.location.assign(t.redirectURL),t}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e(`Failed to fetch CSRF token for session update.`);let{session:a}=t??{};if(!a)return{success:!1,session:null};let o=a.user??{},s=await(await r.patch(`/session`,{body:{user:o,expires:a.expires?new Date(a.expires):void 0},headers:{"X-CSRF-Token":n}})).json();return(t.redirect??!0)&&typeof window<`u`&&s?.redirectURL&&window.location.assign(s.redirectURL),s}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e(`Failed to fetch CSRF token for sign-out.`);let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return(t?.redirect??!0)&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};export{r as createAuthClient};
@@ -0,0 +1 @@
1
+ import{i as e,n as t}from"./errors-DFWHOho6.js";import{n}from"./env-nvh8QBNz.js";import{_ as r,a as i,d as a,n as o,o as s,t as c}from"./assert-B3iQSYlK.js";import{encoder as l,getRandomBytes as u,getSubtleCrypto as d}from"@aura-stack/jose/crypto";import{createDeriveKey as f,createJWE as p,createJWS as m,createJWT as h,createSecret as g}from"@aura-stack/jose";import{base64url as _}from"@aura-stack/jose/jose";const v=e=>e?.jwt,y=e=>{let t=v(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},b=(e,t)=>({...y(t),...e}),x=(e,t)=>{let n={};return(s(e)||i(e))&&e?.jwt?.signingAlgorithm&&(n.alg=e.jwt.signingAlgorithm),{...n,...t}},S=(e,t)=>{let n={};return(c(e)||i(e))&&(e?.jwt?.keyAlgorithm&&(n.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(n.enc=e.jwt.encryptionAlgorithm)),{...n,...t}},C=(e,t)=>{let n={};return(s(e)||i(e))&&(e?.jwt?.signingAlgorithm&&(n.algorithms=[e.jwt.signingAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},w=(e,t)=>{let n={};return(c(e)||i(e))&&(e?.jwt?.keyAlgorithm&&(n.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(n.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},T=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},E=(e,r)=>{if(e??=n(`SECRET`),!e)throw new t(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`);let i=n(`SALT`);if(!i)throw new t(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{g(i)}catch(e){throw new t(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:e})}let a=(async()=>{let[t,n,r]=await Promise.all([f(e,i,`signing`),f(e,i,`encryption`),f(e,i,`csrfToken`)]);return{jwt:h({sign:t,encrypt:n}),jws:m(r),jwe:p(n)}})();return a.catch(()=>{}),{signJWS:async(e,t)=>{let{jws:n}=await a;return n.signJWS(b(e,r),x(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await a,i=await n.verifyJWS(e,C(r,t));return T(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await a;return n.encryptJWE(b(e,r),S(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await a,i=await n.decryptJWE(e,w(r,t));return T(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await a;return await n.encodeJWT(b(e,r),{sign:x(r,t?.sign),encrypt:S(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await a,i=await n.decodeJWT(e,{verify:C(r,t?.verify),decrypt:w(r,t?.decrypt)});return T(i),i}}},D=(e=32)=>_.encode(u(e)),O=async e=>{let t=await d().digest(`SHA-256`,l.encode(e));return _.encode(new Uint8Array(t))},k=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??D(n??64);if(r.length<43||r.length>128)throw new e(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await O(r),method:`S256`}},A=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=D(32);return e.signJWS({token:n})}catch{let t=D(32);return e.signJWS({token:t})}},j=async(t,n,i)=>{try{let s=await t.verifyJWS(n),c=await t.verifyJWS(i);if(!o(s))throw new e(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!o(c))throw new e(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!a(s.token.length,c.token.length)||!r(s.token,c.token))throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},M=async(e,t,n=1e5)=>{let r=d(),i=t?_.decode(t):u(16),a=await r.importKey(`raw`,l.encode(e),`PBKDF2`,!1,[`deriveBits`]),o=await r.deriveBits({name:`PBKDF2`,salt:i,iterations:n,hash:`SHA-256`},a,256),s=new Uint8Array(o),c=_.encode(s);return`pbkdf2-sha256:${n}:${_.encode(i)}:${c}`},N=async(e,t)=>{try{let n=t.split(`:`);if(n.length!==4)return!1;let[i,a,o]=n;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);return isNaN(s)?!1:r(await M(e,o,s),t)}catch{return!1}};export{M as a,E as c,D as i,O as n,j as o,k as r,N as s,A as t};
@@ -0,0 +1 @@
1
+ const e=require(`./errors-CCYPHuBO.cjs`),t=require(`./env-bq387KyP.cjs`),n=require(`./assert-NJGroSJd.cjs`);let r=require(`@aura-stack/jose/crypto`),i=require(`@aura-stack/jose`),a=require(`@aura-stack/jose/jose`);const o=e=>e?.jwt,s=e=>{let t=o(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},c=(e,t)=>({...s(t),...e}),l=(e,t)=>{let r={};return(n.o(e)||n.a(e))&&e?.jwt?.signingAlgorithm&&(r.alg=e.jwt.signingAlgorithm),{...r,...t}},u=(e,t)=>{let r={};return(n.t(e)||n.a(e))&&(e?.jwt?.keyAlgorithm&&(r.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(r.enc=e.jwt.encryptionAlgorithm)),{...r,...t}},d=(e,t)=>{let r={};return(n.o(e)||n.a(e))&&(e?.jwt?.signingAlgorithm&&(r.algorithms=[e.jwt.signingAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},f=(e,t)=>{let r={};return(n.t(e)||n.a(e))&&(e?.jwt?.keyAlgorithm&&(r.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(r.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},p=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e.i(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},m=(n,r)=>{if(n??=t.n(`SECRET`),!n)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`);let a=t.n(`SALT`);if(!a)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{(0,i.createSecret)(a)}catch(t){throw new e.n(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:t})}let o=(async()=>{let[e,t,r]=await Promise.all([(0,i.createDeriveKey)(n,a,`signing`),(0,i.createDeriveKey)(n,a,`encryption`),(0,i.createDeriveKey)(n,a,`csrfToken`)]);return{jwt:(0,i.createJWT)({sign:e,encrypt:t}),jws:(0,i.createJWS)(r),jwe:(0,i.createJWE)(t)}})();return o.catch(()=>{}),{signJWS:async(e,t)=>{let{jws:n}=await o;return n.signJWS(c(e,r),l(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await o,i=await n.verifyJWS(e,d(r,t));return p(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await o;return n.encryptJWE(c(e,r),u(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await o,i=await n.decryptJWE(e,f(r,t));return p(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await o;return await n.encodeJWT(c(e,r),{sign:l(r,t?.sign),encrypt:u(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await o,i=await n.decodeJWT(e,{verify:d(r,t?.verify),decrypt:f(r,t?.decrypt)});return p(i),i}}},h=(e=32)=>a.base64url.encode((0,r.getRandomBytes)(e)),g=async e=>{let t=await(0,r.getSubtleCrypto)().digest(`SHA-256`,r.encoder.encode(e));return a.base64url.encode(new Uint8Array(t))},_=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??h(n??64);if(r.length<43||r.length>128)throw new e.i(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await g(r),method:`S256`}},v=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=h(32);return e.signJWS({token:n})}catch{let t=h(32);return e.signJWS({token:t})}},y=async(t,r,i)=>{try{let a=await t.verifyJWS(r),o=await t.verifyJWS(i);if(!n.n(a))throw new e.i(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!n.n(o))throw new e.i(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!n.d(a.token.length,o.token.length)||!n._(a.token,o.token))throw new e.i(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e.i(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},b=async(e,t,n=1e5)=>{let i=(0,r.getSubtleCrypto)(),o=t?a.base64url.decode(t):(0,r.getRandomBytes)(16),s=await i.importKey(`raw`,r.encoder.encode(e),`PBKDF2`,!1,[`deriveBits`]),c=await i.deriveBits({name:`PBKDF2`,salt:o,iterations:n,hash:`SHA-256`},s,256),l=new Uint8Array(c),u=a.base64url.encode(l);return`pbkdf2-sha256:${n}:${a.base64url.encode(o)}:${u}`},x=async(e,t)=>{try{let r=t.split(`:`);if(r.length!==4)return!1;let[i,a,o]=r;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);return isNaN(s)?!1:n._(await b(e,o,s),t)}catch{return!1}};Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return v}});
@@ -0,0 +1 @@
1
+ const e=new Proxy({},{get(e,t){if(typeof t!=`string`)return;let n=e=>e&&Object.prototype.hasOwnProperty.call(e,t);try{if(typeof process<`u`&&n(process.env))return process.env[t];if(n({}.env))return{}.env[t];if(typeof Deno<`u`&&Deno.env?.get)return Deno.env.get(t);if(typeof Bun<`u`&&n(Bun.env))return Bun.env[t];let e=globalThis[t];return typeof e==`string`?e:void 0}catch{return}}}),t=t=>e[[`AURA_AUTH_${t.toUpperCase()}`,`AURA_${t.toUpperCase()}`,`AUTH_${t.toUpperCase()}`,t.toUpperCase()].find(t=>e[t])??``],n=e=>{let n=t(e);if(n===void 0)return!1;let r=n.trim().toLowerCase();return!![`1`,`true`,`yes`,`on`,`debug`].includes(r)},r=(e,n=[])=>{let r=t(e);return r?r.split(/[,;\n]+/).map(e=>e.trim()).filter(Boolean):n};Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return n}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return t}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return e}});
@@ -0,0 +1 @@
1
+ const e=new Proxy({},{get(e,t){if(typeof t!=`string`)return;let n=e=>e&&Object.prototype.hasOwnProperty.call(e,t);try{if(typeof process<`u`&&n(process.env))return process.env[t];if(n(import.meta.env))return import.meta.env[t];if(typeof Deno<`u`&&Deno.env?.get)return Deno.env.get(t);if(typeof Bun<`u`&&n(Bun.env))return Bun.env[t];let e=globalThis[t];return typeof e==`string`?e:void 0}catch{return}}}),t=t=>e[[`AURA_AUTH_${t.toUpperCase()}`,`AURA_${t.toUpperCase()}`,`AUTH_${t.toUpperCase()}`,t.toUpperCase()].find(t=>e[t])??``],n=e=>{let n=t(e);if(n===void 0)return!1;let r=n.trim().toLowerCase();return!![`1`,`true`,`yes`,`on`,`debug`].includes(r)},r=(e,n=[])=>{let r=t(e);return r?r.split(/[,;\n]+/).map(e=>e.trim()).filter(Boolean):n};export{n as i,t as n,r,e as t};
@@ -0,0 +1 @@
1
+ var e=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(e,t,n,r){super(t,r),this.error=e,this.errorURI=n,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},t=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(e,t){super(e,t),this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}},a=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}};const o=e=>e instanceof Error,s=t=>t instanceof e,c=e=>e instanceof t,l=e=>e instanceof n,u=e=>e instanceof r,d=e=>e instanceof a,f=e=>c(e)||l(e)||u(e)||d(e);Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return n}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return t}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return e}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return f}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return d}});
@@ -0,0 +1 @@
1
+ var e=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(e,t,n,r){super(t,r),this.error=e,this.errorURI=n,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},t=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(e,t){super(e,t),this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}},a=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}};const o=e=>e instanceof Error,s=t=>t instanceof e,c=e=>e instanceof t,l=e=>e instanceof n,u=e=>e instanceof r,d=e=>e instanceof a,f=e=>c(e)||l(e)||u(e)||d(e);export{a,c,o as d,s as f,n as i,l,t as n,e as o,i as r,f as s,r as t,d as u};