@aura-stack/auth 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (179) hide show
  1. package/README.md +36 -1
  2. package/dist/@types/index.cjs +0 -18
  3. package/dist/@types/index.d.ts +2 -8
  4. package/dist/@types/index.js +0 -1
  5. package/dist/assert-B3iQSYlK.js +3 -0
  6. package/dist/assert-NJGroSJd.cjs +3 -0
  7. package/dist/client/index.cjs +1 -0
  8. package/dist/client/index.d.ts +11 -0
  9. package/dist/client/index.js +1 -0
  10. package/dist/crypto-Bz8nIciY.js +1 -0
  11. package/dist/crypto-CoXA5w_4.cjs +1 -0
  12. package/dist/env-bq387KyP.cjs +1 -0
  13. package/dist/env-nvh8QBNz.js +1 -0
  14. package/dist/errors-CCYPHuBO.cjs +1 -0
  15. package/dist/errors-DFWHOho6.js +1 -0
  16. package/dist/index-BkpwQ0l4.d.cts +2279 -0
  17. package/dist/index-nqLV2t91.d.ts +2279 -0
  18. package/dist/index.cjs +1 -1839
  19. package/dist/index.d.cts +2 -0
  20. package/dist/index.d.ts +2 -35
  21. package/dist/index.js +1 -132
  22. package/dist/logger-C59_CDMk.js +1 -0
  23. package/dist/logger-UnUhYL2V.cjs +1 -0
  24. package/dist/oauth/atlassian.cjs +1 -0
  25. package/dist/oauth/atlassian.d.ts +2 -0
  26. package/dist/oauth/atlassian.js +1 -0
  27. package/dist/oauth/bitbucket.cjs +1 -49
  28. package/dist/oauth/bitbucket.d.ts +2 -8
  29. package/dist/oauth/bitbucket.js +1 -6
  30. package/dist/oauth/discord.cjs +1 -57
  31. package/dist/oauth/discord.d.ts +2 -8
  32. package/dist/oauth/discord.js +1 -6
  33. package/dist/oauth/dropbox.cjs +1 -0
  34. package/dist/oauth/dropbox.d.ts +2 -0
  35. package/dist/oauth/dropbox.js +1 -0
  36. package/dist/oauth/figma.cjs +1 -49
  37. package/dist/oauth/figma.d.ts +2 -8
  38. package/dist/oauth/figma.js +1 -6
  39. package/dist/oauth/github.cjs +1 -49
  40. package/dist/oauth/github.d.ts +2 -8
  41. package/dist/oauth/github.js +1 -6
  42. package/dist/oauth/gitlab.cjs +1 -49
  43. package/dist/oauth/gitlab.d.ts +2 -8
  44. package/dist/oauth/gitlab.js +1 -6
  45. package/dist/oauth/index.cjs +1 -483
  46. package/dist/oauth/index.d.ts +2 -8
  47. package/dist/oauth/index.js +1 -52
  48. package/dist/oauth/mailchimp.cjs +1 -49
  49. package/dist/oauth/mailchimp.d.ts +2 -8
  50. package/dist/oauth/mailchimp.js +1 -6
  51. package/dist/oauth/notion.cjs +1 -0
  52. package/dist/oauth/notion.d.ts +2 -0
  53. package/dist/oauth/notion.js +1 -0
  54. package/dist/oauth/pinterest.cjs +1 -49
  55. package/dist/oauth/pinterest.d.ts +2 -8
  56. package/dist/oauth/pinterest.js +1 -6
  57. package/dist/oauth/spotify.cjs +1 -49
  58. package/dist/oauth/spotify.d.ts +2 -8
  59. package/dist/oauth/spotify.js +1 -6
  60. package/dist/oauth/strava.cjs +1 -49
  61. package/dist/oauth/strava.d.ts +2 -8
  62. package/dist/oauth/strava.js +1 -6
  63. package/dist/oauth/twitch.cjs +1 -0
  64. package/dist/oauth/twitch.d.ts +2 -0
  65. package/dist/oauth/twitch.js +1 -0
  66. package/dist/oauth/x.cjs +1 -49
  67. package/dist/oauth/x.d.ts +2 -8
  68. package/dist/oauth/x.js +1 -6
  69. package/dist/oauth-BntNm6aE.cjs +1 -0
  70. package/dist/oauth-DmHy9VrB.js +1 -0
  71. package/dist/shared/crypto.cjs +1 -0
  72. package/dist/shared/crypto.d.ts +47 -0
  73. package/dist/shared/crypto.js +1 -0
  74. package/dist/shared/identity.cjs +1 -0
  75. package/dist/shared/identity.d.ts +2 -0
  76. package/dist/shared/identity.js +1 -0
  77. package/dist/shared/index.cjs +1 -0
  78. package/dist/shared/index.d.ts +5 -0
  79. package/dist/shared/index.js +1 -0
  80. package/package.json +39 -12
  81. package/dist/@types/router.d.cjs +0 -1
  82. package/dist/@types/router.d.d.ts +0 -12
  83. package/dist/@types/router.d.js +0 -0
  84. package/dist/@types/utility.cjs +0 -18
  85. package/dist/@types/utility.d.ts +0 -6
  86. package/dist/@types/utility.js +0 -1
  87. package/dist/actions/callback/access-token.cjs +0 -206
  88. package/dist/actions/callback/access-token.d.ts +0 -29
  89. package/dist/actions/callback/access-token.js +0 -9
  90. package/dist/actions/callback/callback.cjs +0 -649
  91. package/dist/actions/callback/callback.d.ts +0 -13
  92. package/dist/actions/callback/callback.js +0 -19
  93. package/dist/actions/callback/userinfo.cjs +0 -250
  94. package/dist/actions/callback/userinfo.d.ts +0 -21
  95. package/dist/actions/callback/userinfo.js +0 -14
  96. package/dist/actions/csrfToken/csrfToken.cjs +0 -197
  97. package/dist/actions/csrfToken/csrfToken.d.ts +0 -5
  98. package/dist/actions/csrfToken/csrfToken.js +0 -14
  99. package/dist/actions/index.cjs +0 -954
  100. package/dist/actions/index.d.ts +0 -14
  101. package/dist/actions/index.js +0 -36
  102. package/dist/actions/session/session.cjs +0 -136
  103. package/dist/actions/session/session.d.ts +0 -5
  104. package/dist/actions/session/session.js +0 -10
  105. package/dist/actions/signIn/authorization.cjs +0 -322
  106. package/dist/actions/signIn/authorization.d.ts +0 -53
  107. package/dist/actions/signIn/authorization.js +0 -18
  108. package/dist/actions/signIn/signIn.cjs +0 -467
  109. package/dist/actions/signIn/signIn.d.ts +0 -13
  110. package/dist/actions/signIn/signIn.js +0 -15
  111. package/dist/actions/signOut/signOut.cjs +0 -493
  112. package/dist/actions/signOut/signOut.d.ts +0 -8
  113. package/dist/actions/signOut/signOut.js +0 -16
  114. package/dist/assert.cjs +0 -161
  115. package/dist/assert.d.ts +0 -33
  116. package/dist/assert.js +0 -26
  117. package/dist/chunk-4EKY7655.js +0 -123
  118. package/dist/chunk-4MYWAOLG.js +0 -31
  119. package/dist/chunk-4YHJ4IEQ.js +0 -25
  120. package/dist/chunk-54CZPKR4.js +0 -25
  121. package/dist/chunk-5LZ7TOM3.js +0 -25
  122. package/dist/chunk-5W4BRQYG.js +0 -201
  123. package/dist/chunk-6MXFPFR3.js +0 -143
  124. package/dist/chunk-7QF22LHP.js +0 -67
  125. package/dist/chunk-ALG3GIV4.js +0 -95
  126. package/dist/chunk-E6G5YCI6.js +0 -25
  127. package/dist/chunk-EBAMFRB7.js +0 -34
  128. package/dist/chunk-EEE7UM5T.js +0 -25
  129. package/dist/chunk-FRJFWTOY.js +0 -70
  130. package/dist/chunk-FW4W3REU.js +0 -25
  131. package/dist/chunk-ICAZ4OVS.js +0 -37
  132. package/dist/chunk-IPKO6UQN.js +0 -25
  133. package/dist/chunk-ITQ7352M.js +0 -0
  134. package/dist/chunk-KJBAQZX2.js +0 -92
  135. package/dist/chunk-KMMAZFSJ.js +0 -25
  136. package/dist/chunk-LDU7A2JE.js +0 -25
  137. package/dist/chunk-NUDITUKX.js +0 -73
  138. package/dist/chunk-OVHNRULD.js +0 -33
  139. package/dist/chunk-PG7UYFG5.js +0 -0
  140. package/dist/chunk-PHFH2MGS.js +0 -36
  141. package/dist/chunk-QQVSRXGX.js +0 -149
  142. package/dist/chunk-RRLIF4PQ.js +0 -55
  143. package/dist/chunk-TM5IPSNF.js +0 -113
  144. package/dist/chunk-TZB6MUXN.js +0 -78
  145. package/dist/chunk-VNCNJKS2.js +0 -267
  146. package/dist/chunk-XGLBNXL4.js +0 -75
  147. package/dist/chunk-XUP6KKNG.js +0 -106
  148. package/dist/chunk-ZNCZVF6U.js +0 -14
  149. package/dist/cookie.cjs +0 -246
  150. package/dist/cookie.d.ts +0 -85
  151. package/dist/cookie.js +0 -29
  152. package/dist/env.cjs +0 -56
  153. package/dist/env.d.ts +0 -7
  154. package/dist/env.js +0 -6
  155. package/dist/errors.cjs +0 -85
  156. package/dist/errors.d.ts +0 -50
  157. package/dist/errors.js +0 -18
  158. package/dist/headers.cjs +0 -61
  159. package/dist/headers.d.ts +0 -33
  160. package/dist/headers.js +0 -12
  161. package/dist/index-CSyIJmCM.d.ts +0 -1007
  162. package/dist/jose.cjs +0 -128
  163. package/dist/jose.d.ts +0 -25
  164. package/dist/jose.js +0 -12
  165. package/dist/logger.cjs +0 -292
  166. package/dist/logger.d.ts +0 -8
  167. package/dist/logger.js +0 -8
  168. package/dist/request.cjs +0 -38
  169. package/dist/request.d.ts +0 -13
  170. package/dist/request.js +0 -6
  171. package/dist/schemas.cjs +0 -125
  172. package/dist/schemas.d.ts +0 -149
  173. package/dist/schemas.js +0 -24
  174. package/dist/secure.cjs +0 -170
  175. package/dist/secure.d.ts +0 -35
  176. package/dist/secure.js +0 -19
  177. package/dist/utils.cjs +0 -223
  178. package/dist/utils.d.ts +0 -24
  179. package/dist/utils.js +0 -29
@@ -1,67 +0,0 @@
1
- import {
2
- createAuthorizationURL,
3
- createRedirectTo,
4
- createRedirectURI
5
- } from "./chunk-XUP6KKNG.js";
6
- import {
7
- createPKCE,
8
- generateSecure
9
- } from "./chunk-NUDITUKX.js";
10
- import {
11
- cacheControl
12
- } from "./chunk-EBAMFRB7.js";
13
-
14
- // src/actions/signIn/signIn.ts
15
- import { z } from "zod";
16
- import { createEndpoint, createEndpointConfig, HeadersBuilder } from "@aura-stack/router";
17
- var signInConfig = (oauth) => {
18
- return createEndpointConfig("/signIn/:oauth", {
19
- schemas: {
20
- params: z.object({
21
- oauth: z.enum(
22
- Object.keys(oauth),
23
- "The OAuth provider is not supported or invalid."
24
- )
25
- }),
26
- searchParams: z.object({
27
- redirectTo: z.string().optional()
28
- })
29
- }
30
- });
31
- };
32
- var signInAction = (oauth) => {
33
- return createEndpoint(
34
- "GET",
35
- "/signIn/:oauth",
36
- async (ctx) => {
37
- const {
38
- request,
39
- params: { oauth: oauth2 },
40
- searchParams: { redirectTo },
41
- context
42
- } = ctx;
43
- const { oauth: providers, cookies, logger } = context;
44
- const state = generateSecure();
45
- const redirectURI = await createRedirectURI(request, oauth2, context);
46
- const redirectToValue = await createRedirectTo(request, redirectTo, context);
47
- const { codeVerifier, codeChallenge, method } = await createPKCE();
48
- const authorization = createAuthorizationURL(providers[oauth2], redirectURI, state, codeChallenge, method, logger);
49
- logger?.log("SIGN_IN_INITIATED", {
50
- structuredData: { oauth_provider: oauth2, code_challenge_method: method }
51
- });
52
- const headers = new HeadersBuilder(cacheControl).setHeader("Location", authorization).setCookie(cookies.state.name, state, cookies.state.attributes).setCookie(cookies.redirectURI.name, redirectURI, cookies.redirectURI.attributes).setCookie(cookies.redirectTo.name, redirectToValue, cookies.redirectTo.attributes).setCookie(cookies.codeVerifier.name, codeVerifier, cookies.codeVerifier.attributes).toHeaders();
53
- return Response.json(
54
- { oauth: oauth2 },
55
- {
56
- status: 302,
57
- headers
58
- }
59
- );
60
- },
61
- signInConfig(oauth)
62
- );
63
- };
64
-
65
- export {
66
- signInAction
67
- };
@@ -1,95 +0,0 @@
1
- import {
2
- createRedirectTo
3
- } from "./chunk-XUP6KKNG.js";
4
- import {
5
- verifyCSRF
6
- } from "./chunk-NUDITUKX.js";
7
- import {
8
- getBaseURL,
9
- getErrorName
10
- } from "./chunk-QQVSRXGX.js";
11
- import {
12
- expiredCookieAttributes
13
- } from "./chunk-5W4BRQYG.js";
14
- import {
15
- secureApiHeaders
16
- } from "./chunk-EBAMFRB7.js";
17
- import {
18
- AuthSecurityError
19
- } from "./chunk-RRLIF4PQ.js";
20
-
21
- // src/actions/signOut/signOut.ts
22
- import { z } from "zod";
23
- import { createEndpoint, createEndpointConfig, HeadersBuilder, statusCode } from "@aura-stack/router";
24
- var config = createEndpointConfig({
25
- schemas: {
26
- searchParams: z.object({
27
- token_type_hint: z.literal("session_token"),
28
- redirectTo: z.string().optional()
29
- })
30
- }
31
- });
32
- var signOutAction = createEndpoint(
33
- "POST",
34
- "/signOut",
35
- async (ctx) => {
36
- const {
37
- request,
38
- headers,
39
- searchParams: { redirectTo },
40
- context
41
- } = ctx;
42
- const { jose, cookies, logger } = context;
43
- const session = headers.getCookie(cookies.sessionToken.name);
44
- const csrfToken = headers.getCookie(cookies.csrfToken.name);
45
- const header = headers.getHeader("X-CSRF-Token");
46
- logger?.log("SIGN_OUT_ATTEMPT", {
47
- structuredData: {
48
- has_session: Boolean(session),
49
- has_csrf_token: Boolean(csrfToken),
50
- has_csrf_header: Boolean(header)
51
- }
52
- });
53
- if (!session) {
54
- logger?.log("SESSION_TOKEN_MISSING");
55
- throw new AuthSecurityError("SESSION_TOKEN_MISSING", "The sessionToken is missing.");
56
- }
57
- if (!csrfToken) {
58
- logger?.log("CSRF_TOKEN_MISSING");
59
- throw new AuthSecurityError("CSRF_TOKEN_MISSING", "The CSRF token is missing.");
60
- }
61
- if (!header) {
62
- logger?.log("CSRF_HEADER_MISSING");
63
- throw new AuthSecurityError("CSRF_HEADER_MISSING", "The CSRF header is missing.");
64
- }
65
- try {
66
- await verifyCSRF(jose, csrfToken, header);
67
- } catch (error) {
68
- logger?.log("CSRF_TOKEN_INVALID", { structuredData: { error_type: getErrorName(error) } });
69
- throw new AuthSecurityError("CSRF_TOKEN_INVALID", "CSRF token verification failed");
70
- }
71
- logger?.log("SIGN_OUT_CSRF_VERIFIED");
72
- try {
73
- await jose.decodeJWT(session);
74
- logger?.log("SIGN_OUT_SUCCESS");
75
- } catch (error) {
76
- logger?.log("INVALID_JWT_TOKEN", { structuredData: { error_type: getErrorName(error) } });
77
- }
78
- const baseURL = getBaseURL(request);
79
- const location = await createRedirectTo(
80
- new Request(baseURL, {
81
- headers: headers.toHeaders()
82
- }),
83
- redirectTo,
84
- context
85
- );
86
- logger?.log("SIGN_OUT_REDIRECT", { structuredData: { location } });
87
- const headersList = new HeadersBuilder(secureApiHeaders).setHeader("Location", location).setCookie(cookies.csrfToken.name, "", expiredCookieAttributes).setCookie(cookies.sessionToken.name, "", expiredCookieAttributes).toHeaders();
88
- return Response.json({ message: "Signed out successfully" }, { status: statusCode.ACCEPTED, headers: headersList });
89
- },
90
- config
91
- );
92
-
93
- export {
94
- signOutAction
95
- };
@@ -1,25 +0,0 @@
1
- // src/oauth/pinterest.ts
2
- var pinterest = (options) => {
3
- return {
4
- id: "pinterest",
5
- name: "Pinterest",
6
- authorizeURL: "https://www.pinterest.com/oauth",
7
- accessToken: "https://api.pinterest.com/v5/oauth/token",
8
- userInfo: "https://api.pinterest.com/v5/user_account",
9
- scope: "user_accounts:read",
10
- responseType: "code",
11
- profile(profile) {
12
- return {
13
- sub: profile.id,
14
- name: profile.username,
15
- image: profile.profile_image,
16
- email: void 0
17
- };
18
- },
19
- ...options
20
- };
21
- };
22
-
23
- export {
24
- pinterest
25
- };
@@ -1,34 +0,0 @@
1
- // src/headers.ts
2
- var cacheControl = {
3
- "Cache-Control": "no-store",
4
- Pragma: "no-cache",
5
- Expires: "0",
6
- Vary: "Cookie"
7
- };
8
- var contentSecurityPolicy = {
9
- "Content-Security-Policy": [
10
- "default-src 'none'",
11
- "script-src 'self'",
12
- "frame-src 'none'",
13
- "object-src 'none'",
14
- "frame-ancestors 'none'",
15
- "base-uri 'none'"
16
- ].join("; ")
17
- };
18
- var secureHeaders = {
19
- "X-Content-Type-Options": "nosniff",
20
- "X-Frame-Options": "DENY",
21
- "Referrer-Policy": "strict-origin-when-cross-origin"
22
- };
23
- var secureApiHeaders = {
24
- ...cacheControl,
25
- ...contentSecurityPolicy,
26
- ...secureHeaders
27
- };
28
-
29
- export {
30
- cacheControl,
31
- contentSecurityPolicy,
32
- secureHeaders,
33
- secureApiHeaders
34
- };
@@ -1,25 +0,0 @@
1
- // src/oauth/x.ts
2
- var x = (options) => {
3
- return {
4
- id: "x",
5
- name: "X",
6
- authorizeURL: "https://twitter.com/i/oauth2/authorize",
7
- accessToken: "https://api.twitter.com/2/oauth2/token",
8
- userInfo: "https://api.twitter.com/2/users/me?user.fields=profile_image_url",
9
- scope: "tweet.read users.read offline.access",
10
- responseType: "code",
11
- profile(profile) {
12
- return {
13
- sub: profile.data.id,
14
- name: profile.data.name,
15
- image: profile.data.profile_image_url,
16
- email: void 0
17
- };
18
- },
19
- ...options
20
- };
21
- };
22
-
23
- export {
24
- x
25
- };
@@ -1,70 +0,0 @@
1
- import {
2
- env
3
- } from "./chunk-4MYWAOLG.js";
4
- import {
5
- AuthInternalError
6
- } from "./chunk-RRLIF4PQ.js";
7
-
8
- // src/jose.ts
9
- import {
10
- createJWT,
11
- createJWS,
12
- createJWE,
13
- createDeriveKey,
14
- createSecret
15
- } from "@aura-stack/jose";
16
- var createJoseInstance = (secret) => {
17
- secret ??= env.AURA_AUTH_SECRET ?? env.AUTH_SECRET;
18
- if (!secret) {
19
- throw new AuthInternalError(
20
- "JOSE_INITIALIZATION_FAILED",
21
- "AURA_AUTH_SECRET environment variable is not set and no secret was provided."
22
- );
23
- }
24
- const salt = env.AURA_AUTH_SALT ?? env.AUTH_SALT;
25
- if (!salt) {
26
- throw new AuthInternalError(
27
- "JOSE_INITIALIZATION_FAILED",
28
- "AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation."
29
- );
30
- }
31
- try {
32
- createSecret(salt);
33
- } catch (error) {
34
- throw new AuthInternalError(
35
- "INVALID_SALT_SECRET_VALUE",
36
- "AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.",
37
- { cause: error }
38
- );
39
- }
40
- const { derivedKey: derivedSigningKey } = createDeriveKey(secret, salt, "signing");
41
- const { derivedKey: derivedEncryptionKey } = createDeriveKey(secret, salt, "encryption");
42
- const { derivedKey: derivedCsrfTokenKey } = createDeriveKey(secret, salt, "csrfToken");
43
- const { decodeJWT, encodeJWT } = createJWT({ jws: derivedSigningKey, jwe: derivedEncryptionKey });
44
- const { signJWS, verifyJWS } = createJWS(derivedCsrfTokenKey);
45
- const { encryptJWE, decryptJWE } = createJWE(derivedEncryptionKey);
46
- return {
47
- decodeJWT,
48
- encodeJWT,
49
- signJWS,
50
- verifyJWS,
51
- encryptJWE,
52
- decryptJWE
53
- };
54
- };
55
- var jwtVerificationOptions = {
56
- algorithms: ["HS256"],
57
- typ: "JWT"
58
- };
59
- var decodeJWTOptions = {
60
- jws: jwtVerificationOptions,
61
- jwt: {
62
- typ: "JWT"
63
- }
64
- };
65
-
66
- export {
67
- createJoseInstance,
68
- jwtVerificationOptions,
69
- decodeJWTOptions
70
- };
@@ -1,25 +0,0 @@
1
- // src/oauth/github.ts
2
- var github = (options) => {
3
- return {
4
- id: "github",
5
- name: "GitHub",
6
- authorizeURL: "https://github.com/login/oauth/authorize",
7
- accessToken: "https://github.com/login/oauth/access_token",
8
- userInfo: "https://api.github.com/user",
9
- scope: "read:user user:email",
10
- responseType: "code",
11
- profile: (profile) => {
12
- return {
13
- sub: profile.id.toString(),
14
- name: profile.name ?? profile.login,
15
- email: profile.email ?? void 0,
16
- image: profile.avatar_url
17
- };
18
- },
19
- ...options
20
- };
21
- };
22
-
23
- export {
24
- github
25
- };
@@ -1,37 +0,0 @@
1
- import {
2
- createCSRF
3
- } from "./chunk-NUDITUKX.js";
4
- import {
5
- getCookie,
6
- setCookie
7
- } from "./chunk-5W4BRQYG.js";
8
- import {
9
- secureApiHeaders
10
- } from "./chunk-EBAMFRB7.js";
11
-
12
- // src/actions/csrfToken/csrfToken.ts
13
- import { createEndpoint } from "@aura-stack/router";
14
- var getCSRFToken = (request, cookieName) => {
15
- try {
16
- return getCookie(request, cookieName);
17
- } catch {
18
- return void 0;
19
- }
20
- };
21
- var csrfTokenAction = createEndpoint("GET", "/csrfToken", async (ctx) => {
22
- const {
23
- request,
24
- context: { jose, cookies, logger }
25
- } = ctx;
26
- const token = getCSRFToken(request, cookies.csrfToken.name);
27
- logger?.log("CSRF_TOKEN_REQUESTED", { structuredData: { has_token: Boolean(token) } });
28
- const csrfToken = await createCSRF(jose, token);
29
- logger?.log("CSRF_TOKEN_ISSUED", { structuredData: { issued: Boolean(csrfToken) } });
30
- const headers = new Headers(secureApiHeaders);
31
- headers.append("Set-Cookie", setCookie(cookies.csrfToken.name, csrfToken, cookies.csrfToken.attributes));
32
- return Response.json({ csrfToken }, { headers });
33
- });
34
-
35
- export {
36
- csrfTokenAction
37
- };
@@ -1,25 +0,0 @@
1
- // src/oauth/spotify.ts
2
- var spotify = (options) => {
3
- return {
4
- id: "spotify",
5
- name: "Spotify",
6
- authorizeURL: "https://accounts.spotify.com/authorize",
7
- accessToken: "https://accounts.spotify.com/api/token",
8
- userInfo: "https://api.spotify.com/v1/me",
9
- scope: "user-read-private user-read-email",
10
- responseType: "code",
11
- profile(profile) {
12
- return {
13
- sub: profile.id,
14
- name: profile.display_name,
15
- email: profile.email,
16
- image: profile.images[0]?.url ?? void 0
17
- };
18
- },
19
- ...options
20
- };
21
- };
22
-
23
- export {
24
- spotify
25
- };
File without changes
@@ -1,92 +0,0 @@
1
- // src/schemas.ts
2
- import { object, string, enum as options, number, z, null as nullable } from "zod";
3
- var OAuthProviderCredentialsSchema = object({
4
- id: string(),
5
- name: string(),
6
- authorizeURL: string().url(),
7
- accessToken: string().url(),
8
- scope: string(),
9
- userInfo: string().url(),
10
- responseType: options(["code", "token", "id_token"]),
11
- clientId: string(),
12
- clientSecret: string(),
13
- profile: z.function().optional()
14
- });
15
- var OAuthProviderConfigSchema = object({
16
- authorizeURL: string().url(),
17
- accessToken: string().url(),
18
- scope: string().optional(),
19
- userInfo: string().url(),
20
- responseType: options(["code", "token", "id_token"]),
21
- clientId: string(),
22
- clientSecret: string()
23
- });
24
- var OAuthAuthorization = OAuthProviderConfigSchema.extend({
25
- redirectURI: string(),
26
- state: string(),
27
- codeChallenge: string(),
28
- codeChallengeMethod: options(["plain", "S256"])
29
- });
30
- var OAuthAuthorizationResponse = object({
31
- state: string({ message: "Missing state parameter in the OAuth authorization response." }),
32
- code: string({ message: "Missing code parameter in the OAuth authorization response." })
33
- });
34
- var OAuthAuthorizationErrorResponse = object({
35
- error: options([
36
- "invalid_request",
37
- "unauthorized_client",
38
- "access_denied",
39
- "unsupported_response_type",
40
- "invalid_scope",
41
- "server_error",
42
- "temporarily_unavailable"
43
- ]),
44
- error_description: string().optional(),
45
- error_uri: string().optional(),
46
- state: string()
47
- });
48
- var OAuthAccessToken = OAuthProviderConfigSchema.extend({
49
- redirectURI: string(),
50
- code: string(),
51
- codeVerifier: string().min(43).max(128)
52
- });
53
- var OAuthAccessTokenResponse = object({
54
- access_token: string(),
55
- token_type: string().optional(),
56
- expires_in: number().optional(),
57
- refresh_token: string().optional(),
58
- scope: string().optional().or(nullable())
59
- });
60
- var OAuthAccessTokenErrorResponse = object({
61
- error: options([
62
- "invalid_request",
63
- "invalid_client",
64
- "invalid_grant",
65
- "unauthorized_client",
66
- "unsupported_grant_type",
67
- "invalid_scope"
68
- ]),
69
- error_description: string().optional(),
70
- error_uri: string().optional()
71
- });
72
- var OAuthErrorResponse = object({
73
- error: string(),
74
- error_description: string().optional()
75
- });
76
- var OAuthEnvSchema = object({
77
- clientId: z.string().min(1, "OAuth Client ID is required in the environment variables."),
78
- clientSecret: z.string().min(1, "OAuth Client Secret is required in the environment variables.")
79
- });
80
-
81
- export {
82
- OAuthProviderCredentialsSchema,
83
- OAuthProviderConfigSchema,
84
- OAuthAuthorization,
85
- OAuthAuthorizationResponse,
86
- OAuthAuthorizationErrorResponse,
87
- OAuthAccessToken,
88
- OAuthAccessTokenResponse,
89
- OAuthAccessTokenErrorResponse,
90
- OAuthErrorResponse,
91
- OAuthEnvSchema
92
- };
@@ -1,25 +0,0 @@
1
- // src/oauth/figma.ts
2
- var figma = (options) => {
3
- return {
4
- id: "figma",
5
- name: "Figma",
6
- authorizeURL: "https://www.figma.com/oauth",
7
- accessToken: "https://api.figma.com/v1/oauth/token",
8
- userInfo: "https://api.figma.com/v1/me",
9
- scope: "current_user:read",
10
- responseType: "code",
11
- profile(profile) {
12
- return {
13
- sub: profile.id,
14
- name: profile.handle,
15
- email: profile.email,
16
- image: profile.img_url
17
- };
18
- },
19
- ...options
20
- };
21
- };
22
-
23
- export {
24
- figma
25
- };
@@ -1,25 +0,0 @@
1
- // src/oauth/mailchimp.ts
2
- var mailchimp = (options) => {
3
- return {
4
- id: "mailchimp",
5
- name: "Mailchimp",
6
- authorizeURL: "https://login.mailchimp.com/oauth2/authorize",
7
- accessToken: "https://login.mailchimp.com/oauth2/token",
8
- userInfo: "https://login.mailchimp.com/oauth2/metadata",
9
- scope: "",
10
- responseType: "code",
11
- profile(profile) {
12
- return {
13
- sub: profile.user_id,
14
- name: profile.accountname,
15
- email: profile.login.email,
16
- image: profile.login.avatar
17
- };
18
- },
19
- ...options
20
- };
21
- };
22
-
23
- export {
24
- mailchimp
25
- };
@@ -1,73 +0,0 @@
1
- import {
2
- isJWTPayloadWithToken,
3
- safeEquals
4
- } from "./chunk-4EKY7655.js";
5
- import {
6
- equals
7
- } from "./chunk-QQVSRXGX.js";
8
- import {
9
- jwtVerificationOptions
10
- } from "./chunk-FRJFWTOY.js";
11
- import {
12
- AuthSecurityError
13
- } from "./chunk-RRLIF4PQ.js";
14
-
15
- // src/secure.ts
16
- import crypto from "crypto";
17
- var generateSecure = (length = 32) => {
18
- return crypto.randomBytes(length).toString("base64url");
19
- };
20
- var createHash = (data, base = "hex") => {
21
- return crypto.createHash("sha256").update(data).digest().toString(base);
22
- };
23
- var createPKCE = async (verifier) => {
24
- const byteLength = verifier ? void 0 : Math.floor(Math.random() * (96 - 32 + 1) + 32);
25
- const codeVerifier = verifier ?? generateSecure(byteLength ?? 64);
26
- if (codeVerifier.length < 43 || codeVerifier.length > 128) {
27
- throw new AuthSecurityError("PKCE_VERIFIER_INVALID", "The code verifier must be between 43 and 128 characters in length.");
28
- }
29
- const codeChallenge = createHash(codeVerifier, "base64url");
30
- return { codeVerifier, codeChallenge, method: "S256" };
31
- };
32
- var createCSRF = async (jose, csrfCookie) => {
33
- try {
34
- const token = generateSecure(32);
35
- if (csrfCookie) {
36
- await jose.verifyJWS(csrfCookie, jwtVerificationOptions);
37
- return csrfCookie;
38
- }
39
- return jose.signJWS({ token });
40
- } catch {
41
- const token = generateSecure(32);
42
- return jose.signJWS({ token });
43
- }
44
- };
45
- var verifyCSRF = async (jose, cookie, header) => {
46
- try {
47
- const cookiePayload = await jose.verifyJWS(cookie, jwtVerificationOptions);
48
- const headerPayload = await jose.verifyJWS(header, jwtVerificationOptions);
49
- if (!isJWTPayloadWithToken(cookiePayload)) {
50
- throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Cookie payload missing token field.");
51
- }
52
- if (!isJWTPayloadWithToken(headerPayload)) {
53
- throw new AuthSecurityError("CSRF_TOKEN_INVALID", "Header payload missing token field.");
54
- }
55
- if (!equals(cookiePayload.token.length, headerPayload.token.length)) {
56
- throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
57
- }
58
- if (!safeEquals(cookiePayload.token, headerPayload.token)) {
59
- throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
60
- }
61
- return true;
62
- } catch {
63
- throw new AuthSecurityError("CSRF_TOKEN_INVALID", "The CSRF tokens do not match.");
64
- }
65
- };
66
-
67
- export {
68
- generateSecure,
69
- createHash,
70
- createPKCE,
71
- createCSRF,
72
- verifyCSRF
73
- };
@@ -1,33 +0,0 @@
1
- // src/oauth/discord.ts
2
- var discord = (options) => {
3
- return {
4
- id: "discord",
5
- name: "Discord",
6
- authorizeURL: "https://discord.com/oauth2/authorize",
7
- accessToken: "https://discord.com/api/oauth2/token",
8
- userInfo: "https://discord.com/api/users/@me",
9
- scope: "identify email",
10
- responseType: "code",
11
- profile(profile) {
12
- let image = "";
13
- if (profile.avatar === null) {
14
- const index = profile.discriminator === "0" ? (BigInt(profile.id) >> 22n) % 6n : Number(profile.discriminator) % 5;
15
- image = `https://cdn.discordapp.com/embed/avatars/${index}.png`;
16
- } else {
17
- const format = profile.avatar.startsWith("a_") ? "gif" : "png";
18
- image = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
19
- }
20
- return {
21
- sub: profile.id,
22
- name: profile.global_name ?? profile.username,
23
- email: profile.email ?? "",
24
- image
25
- };
26
- },
27
- ...options
28
- };
29
- };
30
-
31
- export {
32
- discord
33
- };
File without changes