@aura-stack/auth 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (179) hide show
  1. package/README.md +36 -1
  2. package/dist/@types/index.cjs +0 -18
  3. package/dist/@types/index.d.ts +2 -8
  4. package/dist/@types/index.js +0 -1
  5. package/dist/assert-B3iQSYlK.js +3 -0
  6. package/dist/assert-NJGroSJd.cjs +3 -0
  7. package/dist/client/index.cjs +1 -0
  8. package/dist/client/index.d.ts +11 -0
  9. package/dist/client/index.js +1 -0
  10. package/dist/crypto-Bz8nIciY.js +1 -0
  11. package/dist/crypto-CoXA5w_4.cjs +1 -0
  12. package/dist/env-bq387KyP.cjs +1 -0
  13. package/dist/env-nvh8QBNz.js +1 -0
  14. package/dist/errors-CCYPHuBO.cjs +1 -0
  15. package/dist/errors-DFWHOho6.js +1 -0
  16. package/dist/index-BkpwQ0l4.d.cts +2279 -0
  17. package/dist/index-nqLV2t91.d.ts +2279 -0
  18. package/dist/index.cjs +1 -1839
  19. package/dist/index.d.cts +2 -0
  20. package/dist/index.d.ts +2 -35
  21. package/dist/index.js +1 -132
  22. package/dist/logger-C59_CDMk.js +1 -0
  23. package/dist/logger-UnUhYL2V.cjs +1 -0
  24. package/dist/oauth/atlassian.cjs +1 -0
  25. package/dist/oauth/atlassian.d.ts +2 -0
  26. package/dist/oauth/atlassian.js +1 -0
  27. package/dist/oauth/bitbucket.cjs +1 -49
  28. package/dist/oauth/bitbucket.d.ts +2 -8
  29. package/dist/oauth/bitbucket.js +1 -6
  30. package/dist/oauth/discord.cjs +1 -57
  31. package/dist/oauth/discord.d.ts +2 -8
  32. package/dist/oauth/discord.js +1 -6
  33. package/dist/oauth/dropbox.cjs +1 -0
  34. package/dist/oauth/dropbox.d.ts +2 -0
  35. package/dist/oauth/dropbox.js +1 -0
  36. package/dist/oauth/figma.cjs +1 -49
  37. package/dist/oauth/figma.d.ts +2 -8
  38. package/dist/oauth/figma.js +1 -6
  39. package/dist/oauth/github.cjs +1 -49
  40. package/dist/oauth/github.d.ts +2 -8
  41. package/dist/oauth/github.js +1 -6
  42. package/dist/oauth/gitlab.cjs +1 -49
  43. package/dist/oauth/gitlab.d.ts +2 -8
  44. package/dist/oauth/gitlab.js +1 -6
  45. package/dist/oauth/index.cjs +1 -483
  46. package/dist/oauth/index.d.ts +2 -8
  47. package/dist/oauth/index.js +1 -52
  48. package/dist/oauth/mailchimp.cjs +1 -49
  49. package/dist/oauth/mailchimp.d.ts +2 -8
  50. package/dist/oauth/mailchimp.js +1 -6
  51. package/dist/oauth/notion.cjs +1 -0
  52. package/dist/oauth/notion.d.ts +2 -0
  53. package/dist/oauth/notion.js +1 -0
  54. package/dist/oauth/pinterest.cjs +1 -49
  55. package/dist/oauth/pinterest.d.ts +2 -8
  56. package/dist/oauth/pinterest.js +1 -6
  57. package/dist/oauth/spotify.cjs +1 -49
  58. package/dist/oauth/spotify.d.ts +2 -8
  59. package/dist/oauth/spotify.js +1 -6
  60. package/dist/oauth/strava.cjs +1 -49
  61. package/dist/oauth/strava.d.ts +2 -8
  62. package/dist/oauth/strava.js +1 -6
  63. package/dist/oauth/twitch.cjs +1 -0
  64. package/dist/oauth/twitch.d.ts +2 -0
  65. package/dist/oauth/twitch.js +1 -0
  66. package/dist/oauth/x.cjs +1 -49
  67. package/dist/oauth/x.d.ts +2 -8
  68. package/dist/oauth/x.js +1 -6
  69. package/dist/oauth-BntNm6aE.cjs +1 -0
  70. package/dist/oauth-DmHy9VrB.js +1 -0
  71. package/dist/shared/crypto.cjs +1 -0
  72. package/dist/shared/crypto.d.ts +47 -0
  73. package/dist/shared/crypto.js +1 -0
  74. package/dist/shared/identity.cjs +1 -0
  75. package/dist/shared/identity.d.ts +2 -0
  76. package/dist/shared/identity.js +1 -0
  77. package/dist/shared/index.cjs +1 -0
  78. package/dist/shared/index.d.ts +5 -0
  79. package/dist/shared/index.js +1 -0
  80. package/package.json +39 -12
  81. package/dist/@types/router.d.cjs +0 -1
  82. package/dist/@types/router.d.d.ts +0 -12
  83. package/dist/@types/router.d.js +0 -0
  84. package/dist/@types/utility.cjs +0 -18
  85. package/dist/@types/utility.d.ts +0 -6
  86. package/dist/@types/utility.js +0 -1
  87. package/dist/actions/callback/access-token.cjs +0 -206
  88. package/dist/actions/callback/access-token.d.ts +0 -29
  89. package/dist/actions/callback/access-token.js +0 -9
  90. package/dist/actions/callback/callback.cjs +0 -649
  91. package/dist/actions/callback/callback.d.ts +0 -13
  92. package/dist/actions/callback/callback.js +0 -19
  93. package/dist/actions/callback/userinfo.cjs +0 -250
  94. package/dist/actions/callback/userinfo.d.ts +0 -21
  95. package/dist/actions/callback/userinfo.js +0 -14
  96. package/dist/actions/csrfToken/csrfToken.cjs +0 -197
  97. package/dist/actions/csrfToken/csrfToken.d.ts +0 -5
  98. package/dist/actions/csrfToken/csrfToken.js +0 -14
  99. package/dist/actions/index.cjs +0 -954
  100. package/dist/actions/index.d.ts +0 -14
  101. package/dist/actions/index.js +0 -36
  102. package/dist/actions/session/session.cjs +0 -136
  103. package/dist/actions/session/session.d.ts +0 -5
  104. package/dist/actions/session/session.js +0 -10
  105. package/dist/actions/signIn/authorization.cjs +0 -322
  106. package/dist/actions/signIn/authorization.d.ts +0 -53
  107. package/dist/actions/signIn/authorization.js +0 -18
  108. package/dist/actions/signIn/signIn.cjs +0 -467
  109. package/dist/actions/signIn/signIn.d.ts +0 -13
  110. package/dist/actions/signIn/signIn.js +0 -15
  111. package/dist/actions/signOut/signOut.cjs +0 -493
  112. package/dist/actions/signOut/signOut.d.ts +0 -8
  113. package/dist/actions/signOut/signOut.js +0 -16
  114. package/dist/assert.cjs +0 -161
  115. package/dist/assert.d.ts +0 -33
  116. package/dist/assert.js +0 -26
  117. package/dist/chunk-4EKY7655.js +0 -123
  118. package/dist/chunk-4MYWAOLG.js +0 -31
  119. package/dist/chunk-4YHJ4IEQ.js +0 -25
  120. package/dist/chunk-54CZPKR4.js +0 -25
  121. package/dist/chunk-5LZ7TOM3.js +0 -25
  122. package/dist/chunk-5W4BRQYG.js +0 -201
  123. package/dist/chunk-6MXFPFR3.js +0 -143
  124. package/dist/chunk-7QF22LHP.js +0 -67
  125. package/dist/chunk-ALG3GIV4.js +0 -95
  126. package/dist/chunk-E6G5YCI6.js +0 -25
  127. package/dist/chunk-EBAMFRB7.js +0 -34
  128. package/dist/chunk-EEE7UM5T.js +0 -25
  129. package/dist/chunk-FRJFWTOY.js +0 -70
  130. package/dist/chunk-FW4W3REU.js +0 -25
  131. package/dist/chunk-ICAZ4OVS.js +0 -37
  132. package/dist/chunk-IPKO6UQN.js +0 -25
  133. package/dist/chunk-ITQ7352M.js +0 -0
  134. package/dist/chunk-KJBAQZX2.js +0 -92
  135. package/dist/chunk-KMMAZFSJ.js +0 -25
  136. package/dist/chunk-LDU7A2JE.js +0 -25
  137. package/dist/chunk-NUDITUKX.js +0 -73
  138. package/dist/chunk-OVHNRULD.js +0 -33
  139. package/dist/chunk-PG7UYFG5.js +0 -0
  140. package/dist/chunk-PHFH2MGS.js +0 -36
  141. package/dist/chunk-QQVSRXGX.js +0 -149
  142. package/dist/chunk-RRLIF4PQ.js +0 -55
  143. package/dist/chunk-TM5IPSNF.js +0 -113
  144. package/dist/chunk-TZB6MUXN.js +0 -78
  145. package/dist/chunk-VNCNJKS2.js +0 -267
  146. package/dist/chunk-XGLBNXL4.js +0 -75
  147. package/dist/chunk-XUP6KKNG.js +0 -106
  148. package/dist/chunk-ZNCZVF6U.js +0 -14
  149. package/dist/cookie.cjs +0 -246
  150. package/dist/cookie.d.ts +0 -85
  151. package/dist/cookie.js +0 -29
  152. package/dist/env.cjs +0 -56
  153. package/dist/env.d.ts +0 -7
  154. package/dist/env.js +0 -6
  155. package/dist/errors.cjs +0 -85
  156. package/dist/errors.d.ts +0 -50
  157. package/dist/errors.js +0 -18
  158. package/dist/headers.cjs +0 -61
  159. package/dist/headers.d.ts +0 -33
  160. package/dist/headers.js +0 -12
  161. package/dist/index-CSyIJmCM.d.ts +0 -1007
  162. package/dist/jose.cjs +0 -128
  163. package/dist/jose.d.ts +0 -25
  164. package/dist/jose.js +0 -12
  165. package/dist/logger.cjs +0 -292
  166. package/dist/logger.d.ts +0 -8
  167. package/dist/logger.js +0 -8
  168. package/dist/request.cjs +0 -38
  169. package/dist/request.d.ts +0 -13
  170. package/dist/request.js +0 -6
  171. package/dist/schemas.cjs +0 -125
  172. package/dist/schemas.d.ts +0 -149
  173. package/dist/schemas.js +0 -24
  174. package/dist/secure.cjs +0 -170
  175. package/dist/secure.d.ts +0 -35
  176. package/dist/secure.js +0 -19
  177. package/dist/utils.cjs +0 -223
  178. package/dist/utils.d.ts +0 -24
  179. package/dist/utils.js +0 -29
@@ -1,75 +0,0 @@
1
- import {
2
- fetchAsync
3
- } from "./chunk-ZNCZVF6U.js";
4
- import {
5
- OAuthErrorResponse
6
- } from "./chunk-KJBAQZX2.js";
7
- import {
8
- generateSecure
9
- } from "./chunk-NUDITUKX.js";
10
- import {
11
- OAuthProtocolError,
12
- isNativeError,
13
- isOAuthProtocolError
14
- } from "./chunk-RRLIF4PQ.js";
15
-
16
- // src/actions/callback/userinfo.ts
17
- var getDefaultUserInfo = (profile) => {
18
- const sub = generateSecure(16);
19
- return {
20
- sub: profile?.id ?? profile?.sub ?? sub,
21
- email: profile?.email,
22
- name: profile?.name ?? profile?.username ?? profile?.nickname,
23
- image: profile?.image ?? profile?.picture
24
- };
25
- };
26
- var getUserInfo = async (oauthConfig, accessToken, logger) => {
27
- const userinfoEndpoint = oauthConfig.userInfo;
28
- try {
29
- logger?.log("OAUTH_USERINFO_REQUEST_INITIATED", {
30
- structuredData: {
31
- endpoint: userinfoEndpoint
32
- }
33
- });
34
- const response = await fetchAsync(userinfoEndpoint, {
35
- method: "GET",
36
- headers: {
37
- Accept: "application/json",
38
- Authorization: `Bearer ${accessToken}`
39
- }
40
- });
41
- if (!response.ok) {
42
- logger?.log("OAUTH_USERINFO_INVALID_RESPONSE");
43
- throw new OAuthProtocolError("INVALID_REQUEST", "Invalid userinfo response format");
44
- }
45
- const json = await response.json();
46
- const { success, data } = OAuthErrorResponse.safeParse(json);
47
- if (success) {
48
- logger?.log("OAUTH_USERINFO_ERROR", {
49
- message: "Error response received from OAuth userinfo endpoint",
50
- structuredData: {
51
- error: data.error,
52
- error_description: data.error_description ?? ""
53
- }
54
- });
55
- throw new OAuthProtocolError("INVALID_REQUEST", "An error was received from the OAuth userinfo endpoint.");
56
- }
57
- logger?.log("OAUTH_USERINFO_SUCCESS");
58
- return oauthConfig?.profile ? oauthConfig.profile(json) : getDefaultUserInfo(json);
59
- } catch (error) {
60
- if (isOAuthProtocolError(error)) {
61
- throw error;
62
- }
63
- logger?.log("OAUTH_USERINFO_REQUEST_FAILED");
64
- if (isNativeError(error)) {
65
- throw new OAuthProtocolError("SERVER_ERROR", "Failed to fetch user information from OAuth provider", "", {
66
- cause: error
67
- });
68
- }
69
- throw new OAuthProtocolError("SERVER_ERROR", "Failed to fetch user information", "", { cause: error });
70
- }
71
- };
72
-
73
- export {
74
- getUserInfo
75
- };
@@ -1,106 +0,0 @@
1
- import {
2
- OAuthAuthorization
3
- } from "./chunk-KJBAQZX2.js";
4
- import {
5
- isRelativeURL,
6
- isSameOrigin,
7
- isTrustedOrigin,
8
- isValidURL,
9
- patternToRegex
10
- } from "./chunk-4EKY7655.js";
11
- import {
12
- equals,
13
- extractPath,
14
- toCastCase
15
- } from "./chunk-QQVSRXGX.js";
16
- import {
17
- AuthInternalError
18
- } from "./chunk-RRLIF4PQ.js";
19
-
20
- // src/actions/signIn/authorization.ts
21
- var createAuthorizationURL = (oauthConfig, redirectURI, state, codeChallenge, codeChallengeMethod, logger) => {
22
- const parsed = OAuthAuthorization.safeParse({ ...oauthConfig, redirectURI, state, codeChallenge, codeChallengeMethod });
23
- if (!parsed.success) {
24
- logger?.log("INVALID_OAUTH_CONFIGURATION", {
25
- structuredData: {
26
- scope: oauthConfig.scope,
27
- redirect_uri: redirectURI,
28
- has_state: Boolean(state),
29
- has_code_challenge: Boolean(codeChallenge),
30
- code_challenge_method: codeChallengeMethod
31
- }
32
- });
33
- throw new AuthInternalError("INVALID_OAUTH_CONFIGURATION", "The OAuth provider configuration is invalid.");
34
- }
35
- const { authorizeURL, ...options } = parsed.data;
36
- const { userInfo, accessToken, clientSecret, ...required } = options;
37
- const searchParams = new URLSearchParams(toCastCase(required));
38
- return `${authorizeURL}?${searchParams}`;
39
- };
40
- var getTrustedOrigins = async (request, trustedOrigins) => {
41
- if (!trustedOrigins) return [];
42
- const raw = typeof trustedOrigins === "function" ? await trustedOrigins(request) : trustedOrigins;
43
- return Array.isArray(raw) ? raw : typeof raw === "string" ? [raw] : [];
44
- };
45
- var getOriginURL = async (request, context) => {
46
- const headers = request.headers;
47
- let origin = new URL(request.url).origin;
48
- const trustedOrigins = await getTrustedOrigins(request, context?.trustedOrigins);
49
- trustedOrigins.push(origin);
50
- if (context?.trustedProxyHeaders) {
51
- const protocol = headers.get("Forwarded")?.match(/proto=([^;]+)/i)?.[1] ?? headers.get("X-Forwarded-Proto") ?? "http";
52
- const host = headers.get("Host") ?? headers.get("Forwarded")?.match(/host=([^;]+)/i)?.[1] ?? headers.get("X-Forwarded-Host") ?? null;
53
- origin = `${protocol}://${host}`;
54
- }
55
- if (!isTrustedOrigin(origin, trustedOrigins)) {
56
- context?.logger?.log("UNTRUSTED_ORIGIN", { structuredData: { origin } });
57
- throw new AuthInternalError("UNTRUSTED_ORIGIN", "The constructed origin URL is not trusted.");
58
- }
59
- return origin;
60
- };
61
- var createRedirectURI = async (request, oauth, context) => {
62
- const origin = await getOriginURL(request, context);
63
- return `${origin}${context.basePath}/callback/${oauth}`;
64
- };
65
- var createRedirectTo = async (request, redirectTo, context) => {
66
- try {
67
- const headers = request.headers;
68
- const requestOrigin = await getOriginURL(request, context);
69
- const origins = await getTrustedOrigins(request, context?.trustedOrigins);
70
- const validateURL = (url) => {
71
- if (!isRelativeURL(url) && !isValidURL(url)) return "/";
72
- if (isRelativeURL(url)) return url;
73
- if (origins.length > 0) {
74
- if (isTrustedOrigin(url, origins)) {
75
- const urlOrigin = new URL(url).origin;
76
- for (const pattern of origins) {
77
- const regex = patternToRegex(pattern);
78
- if (regex?.test(urlOrigin)) {
79
- return isSameOrigin(url, request.url) ? extractPath(url) : url;
80
- }
81
- if (isValidURL(pattern) && equals(new URL(pattern).origin, urlOrigin)) return url;
82
- }
83
- }
84
- context?.logger?.log("OPEN_REDIRECT_ATTACK");
85
- return "/";
86
- }
87
- if (isSameOrigin(url, requestOrigin)) {
88
- return extractPath(url);
89
- }
90
- context?.logger?.log("OPEN_REDIRECT_ATTACK");
91
- return "/";
92
- };
93
- return validateURL(redirectTo ?? headers.get("Referer") ?? headers.get("Origin") ?? "/");
94
- } catch (error) {
95
- context?.logger?.log("POTENTIAL_OPEN_REDIRECT_ATTACK_DETECTED");
96
- return "/";
97
- }
98
- };
99
-
100
- export {
101
- createAuthorizationURL,
102
- getTrustedOrigins,
103
- getOriginURL,
104
- createRedirectURI,
105
- createRedirectTo
106
- };
@@ -1,14 +0,0 @@
1
- // src/request.ts
2
- var fetchAsync = async (url, options = {}, timeout = 5e3) => {
3
- const controller = new AbortController();
4
- const timeoutId = setTimeout(() => controller.abort(), timeout);
5
- const response = await fetch(url, {
6
- ...options,
7
- signal: controller.signal
8
- }).finally(() => clearTimeout(timeoutId));
9
- return response;
10
- };
11
-
12
- export {
13
- fetchAsync
14
- };
package/dist/cookie.cjs DELETED
@@ -1,246 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __export = (target, all) => {
7
- for (var name in all)
8
- __defProp(target, name, { get: all[name], enumerable: true });
9
- };
10
- var __copyProps = (to, from, except, desc) => {
11
- if (from && typeof from === "object" || typeof from === "function") {
12
- for (let key of __getOwnPropNames(from))
13
- if (!__hasOwnProp.call(to, key) && key !== except)
14
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
- }
16
- return to;
17
- };
18
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
-
20
- // src/cookie.ts
21
- var cookie_exports = {};
22
- __export(cookie_exports, {
23
- COOKIE_NAME: () => COOKIE_NAME,
24
- createCookieStore: () => createCookieStore,
25
- createSessionCookie: () => createSessionCookie,
26
- defaultCookieOptions: () => defaultCookieOptions,
27
- defaultHostCookieConfig: () => defaultHostCookieConfig,
28
- defaultSecureCookieConfig: () => defaultSecureCookieConfig,
29
- defaultStandardCookieConfig: () => defaultStandardCookieConfig,
30
- defineSecureCookieOptions: () => defineSecureCookieOptions,
31
- expiredCookieAttributes: () => expiredCookieAttributes,
32
- getCookie: () => getCookie,
33
- getSetCookie: () => getSetCookie,
34
- setCookie: () => setCookie
35
- });
36
- module.exports = __toCommonJS(cookie_exports);
37
- var import_cookie = require("@aura-stack/router/cookie");
38
-
39
- // src/errors.ts
40
- var AuthInternalError = class extends Error {
41
- type = "AUTH_INTERNAL_ERROR";
42
- code;
43
- constructor(code, message, options) {
44
- super(message, options);
45
- this.code = code;
46
- this.name = new.target.name;
47
- Error.captureStackTrace(this, new.target);
48
- }
49
- };
50
-
51
- // src/cookie.ts
52
- var COOKIE_NAME = "aura-auth";
53
- var defaultCookieOptions = {
54
- httpOnly: true,
55
- sameSite: "lax",
56
- path: "/",
57
- maxAge: 60 * 60 * 24 * 15
58
- };
59
- var defaultStandardCookieConfig = {
60
- secure: false,
61
- httpOnly: true
62
- };
63
- var defaultSecureCookieConfig = {
64
- secure: true,
65
- httpOnly: true
66
- };
67
- var defaultHostCookieConfig = {
68
- secure: true,
69
- httpOnly: true,
70
- path: "/",
71
- domain: void 0
72
- };
73
- var oauthCookieOptions = {
74
- httpOnly: true,
75
- maxAge: 5 * 60,
76
- sameSite: "lax",
77
- expires: new Date(Date.now() + 5 * 60 * 1e3)
78
- };
79
- var setCookie = (cookieName, value, options) => {
80
- return (0, import_cookie.serialize)(cookieName, value, options);
81
- };
82
- var expiredCookieAttributes = {
83
- ...defaultCookieOptions,
84
- expires: /* @__PURE__ */ new Date(0),
85
- maxAge: 0,
86
- secure: true
87
- };
88
- var getCookie = (request, cookieName) => {
89
- const cookies = request.headers.get("Cookie");
90
- if (!cookies) {
91
- throw new AuthInternalError("COOKIE_NOT_FOUND", "No cookies found. There is no active session");
92
- }
93
- const value = (0, import_cookie.parse)(cookies)[cookieName];
94
- if (!value) {
95
- throw new AuthInternalError("COOKIE_NOT_FOUND", `Cookie "${cookieName}" not found. There is no active session`);
96
- }
97
- return value;
98
- };
99
- var getSetCookie = (response, cookieName) => {
100
- const cookies = response.headers.getSetCookie();
101
- if (!cookies) {
102
- throw new AuthInternalError("COOKIE_NOT_FOUND", "No cookies found in response.");
103
- }
104
- const strCookie = cookies.find((cookie) => cookie.startsWith(`${cookieName}=`));
105
- if (!strCookie) {
106
- throw new AuthInternalError("COOKIE_NOT_FOUND", `Cookie "${cookieName}" not found in response.`);
107
- }
108
- return (0, import_cookie.parseSetCookie)(strCookie).value;
109
- };
110
- var createSessionCookie = async (jose, session) => {
111
- try {
112
- const encoded = await jose.encodeJWT(session);
113
- return encoded;
114
- } catch (error) {
115
- throw new AuthInternalError("INVALID_JWT_TOKEN", "Failed to create session cookie", { cause: error });
116
- }
117
- };
118
- var defineSecureCookieOptions = (useSecure, attributes, strategy, logger) => {
119
- if (!attributes.httpOnly) {
120
- logger?.log("COOKIE_HTTPONLY_DISABLED");
121
- }
122
- if (attributes.domain === "*") {
123
- attributes.domain = void 0;
124
- logger?.log("COOKIE_WILDCARD_DOMAIN");
125
- }
126
- if (!useSecure) {
127
- if (attributes.secure) {
128
- logger?.log("COOKIE_SECURE_DISABLED");
129
- }
130
- if (attributes.sameSite == "none") {
131
- attributes.sameSite = "lax";
132
- logger?.log("COOKIE_SAMESITE_NONE_WITHOUT_SECURE");
133
- }
134
- if (process.env.NODE_ENV === "production") {
135
- logger?.log("COOKIE_INSECURE_IN_PRODUCTION");
136
- }
137
- if (strategy === "host") {
138
- logger?.log("COOKIE_HOST_STRATEGY_INSECURE");
139
- }
140
- return {
141
- ...defaultCookieOptions,
142
- ...attributes,
143
- ...defaultStandardCookieConfig
144
- };
145
- }
146
- return strategy === "host" ? {
147
- ...defaultCookieOptions,
148
- ...attributes,
149
- ...defaultHostCookieConfig
150
- } : { ...defaultCookieOptions, ...attributes, ...defaultSecureCookieConfig };
151
- };
152
- var createCookieStore = (useSecure, prefix, overrides, logger) => {
153
- prefix ??= COOKIE_NAME;
154
- const securePrefix = useSecure ? "__Secure-" : "";
155
- const hostPrefix = useSecure ? "__Host-" : "";
156
- return {
157
- sessionToken: {
158
- name: `${securePrefix}${prefix}.${overrides?.sessionToken?.name ?? "session_token"}`,
159
- attributes: defineSecureCookieOptions(
160
- useSecure,
161
- {
162
- ...defaultCookieOptions,
163
- ...overrides?.sessionToken?.attributes
164
- },
165
- overrides?.sessionToken?.attributes?.strategy ?? "secure",
166
- logger
167
- )
168
- },
169
- state: {
170
- name: `${securePrefix}${prefix}.${overrides?.state?.name ?? "state"}`,
171
- attributes: defineSecureCookieOptions(
172
- useSecure,
173
- {
174
- ...oauthCookieOptions,
175
- ...overrides?.state?.attributes
176
- },
177
- overrides?.state?.attributes?.strategy ?? "secure",
178
- logger
179
- )
180
- },
181
- csrfToken: {
182
- name: `${hostPrefix}${prefix}.${overrides?.csrfToken?.name ?? "csrf_token"}`,
183
- attributes: defineSecureCookieOptions(
184
- useSecure,
185
- {
186
- ...overrides?.csrfToken?.attributes,
187
- ...defaultHostCookieConfig,
188
- sameSite: "strict"
189
- },
190
- overrides?.csrfToken?.attributes?.strategy ?? "host",
191
- logger
192
- )
193
- },
194
- redirectTo: {
195
- name: `${securePrefix}${prefix}.${overrides?.redirectTo?.name ?? "redirect_to"}`,
196
- attributes: defineSecureCookieOptions(
197
- useSecure,
198
- {
199
- ...oauthCookieOptions,
200
- ...overrides?.redirectTo?.attributes
201
- },
202
- overrides?.redirectTo?.attributes?.strategy ?? "secure",
203
- logger
204
- )
205
- },
206
- redirectURI: {
207
- name: `${securePrefix}${prefix}.${overrides?.redirectURI?.name ?? "redirect_uri"}`,
208
- attributes: defineSecureCookieOptions(
209
- useSecure,
210
- {
211
- ...oauthCookieOptions,
212
- ...overrides?.redirectURI?.attributes
213
- },
214
- overrides?.redirectURI?.attributes?.strategy ?? "secure",
215
- logger
216
- )
217
- },
218
- codeVerifier: {
219
- name: `${securePrefix}${prefix}.${overrides?.codeVerifier?.name ?? "code_verifier"}`,
220
- attributes: defineSecureCookieOptions(
221
- useSecure,
222
- {
223
- ...oauthCookieOptions,
224
- ...overrides?.codeVerifier?.attributes
225
- },
226
- overrides?.codeVerifier?.attributes?.strategy ?? "secure",
227
- logger
228
- )
229
- }
230
- };
231
- };
232
- // Annotate the CommonJS export names for ESM import in node:
233
- 0 && (module.exports = {
234
- COOKIE_NAME,
235
- createCookieStore,
236
- createSessionCookie,
237
- defaultCookieOptions,
238
- defaultHostCookieConfig,
239
- defaultSecureCookieConfig,
240
- defaultStandardCookieConfig,
241
- defineSecureCookieOptions,
242
- expiredCookieAttributes,
243
- getCookie,
244
- getSetCookie,
245
- setCookie
246
- });
package/dist/cookie.d.ts DELETED
@@ -1,85 +0,0 @@
1
- import { SerializeOptions } from '@aura-stack/router/cookie';
2
- import { JWTPayload } from '@aura-stack/jose/jose';
3
- import { A as AuthRuntimeConfig, I as InternalLogger, C as CookieConfig, a as CookieStoreConfig } from './index-CSyIJmCM.js';
4
- import 'zod';
5
- import './schemas.js';
6
- import './jose.js';
7
- import '@aura-stack/jose';
8
- import './@types/utility.js';
9
-
10
- /**
11
- * Prefix for all cookies set by Aura Auth.
12
- */
13
- declare const COOKIE_NAME = "aura-auth";
14
- /**
15
- * Default cookie options used by Aura Auth.
16
- */
17
- declare const defaultCookieOptions: SerializeOptions;
18
- declare const defaultStandardCookieConfig: SerializeOptions;
19
- /**
20
- * Default cookie options for "__Secure-" cookies.
21
- * @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__secure-prefix
22
- */
23
- declare const defaultSecureCookieConfig: SerializeOptions;
24
- /**
25
- * Default cookie options for "__Host-" cookies.
26
- * @see https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-__host-prefix
27
- */
28
- declare const defaultHostCookieConfig: SerializeOptions;
29
- /**
30
- * Set a cookie with the given name, value and `SerializeOptions`; supports secure
31
- * cookies with the `__Secure-` and `__Host-` prefixes.
32
- *
33
- * Cookie attributes are serialized in the following order:
34
- * Expires, Max-Age, Domain, Path, Secure, HttpOnly, SameSite, Partitioned, Priority.
35
- */
36
- declare const setCookie: (cookieName: string, value: string, options?: SerializeOptions) => string;
37
- declare const expiredCookieAttributes: SerializeOptions;
38
- /**
39
- * Get a cookie by name from the request.
40
- *
41
- * @param request The incoming request object
42
- * @param cookie Cookie name to retrieve
43
- * @returns The value of the cookie or throw an error if not found
44
- */
45
- declare const getCookie: (request: Request, cookieName: string) => string;
46
- /**
47
- * Get a Set-Cookie header value by cookie name from the response.
48
- *
49
- * @param response The response object
50
- * @param cookieName Cookie name to retrieve
51
- * @returns The value of the Set-Cookie header or throw an error if not found
52
- */
53
- declare const getSetCookie: (response: Response, cookieName: string) => string | undefined;
54
- /**
55
- * Create a session cookie containing a signed and encrypted JWT, using the
56
- * `@aura-stack/jose` package for the encoding.
57
- *
58
- * @param jose - Jose Instance
59
- * @param session - The JWT payload to be encoded in the session cookie
60
- * @returns The serialized session cookie string
61
- */
62
- declare const createSessionCookie: (jose: AuthRuntimeConfig["jose"], session: JWTPayload) => Promise<string>;
63
- /**
64
- * Defines the cookie configuration based on the request security and cookie options passed
65
- * in the Aura Auth configuration (`createAuth` function). This function ensures the correct
66
- * cookie prefixes and security attributes are applied based on whether the request is secure
67
- * (HTTPS) or not.
68
- *
69
- * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Proto
70
- * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Forwarded
71
- * @param useSecure Whether the request is secure (HTTPS)
72
- * @param attributes The cookie attributes to be applied
73
- * @param strategy The cookie strategy: "host", "secure", or "standard"
74
- * @returns The finalized cookie options to be used for setting cookies
75
- */
76
- declare const defineSecureCookieOptions: (useSecure: boolean, attributes: SerializeOptions, strategy: "host" | "secure" | "standard", logger?: InternalLogger) => SerializeOptions;
77
- /**
78
- * @param useSecure Whether the request is secure (HTTPS)
79
- * @param prefix Optional prefix added to all cookie names
80
- * @param overrides Optional overrides for individual cookie configurations
81
- * @returns The complete cookie store configuration
82
- */
83
- declare const createCookieStore: (useSecure: boolean, prefix?: string, overrides?: CookieConfig["overrides"], logger?: InternalLogger) => CookieStoreConfig;
84
-
85
- export { COOKIE_NAME, createCookieStore, createSessionCookie, defaultCookieOptions, defaultHostCookieConfig, defaultSecureCookieConfig, defaultStandardCookieConfig, defineSecureCookieOptions, expiredCookieAttributes, getCookie, getSetCookie, setCookie };
package/dist/cookie.js DELETED
@@ -1,29 +0,0 @@
1
- import {
2
- COOKIE_NAME,
3
- createCookieStore,
4
- createSessionCookie,
5
- defaultCookieOptions,
6
- defaultHostCookieConfig,
7
- defaultSecureCookieConfig,
8
- defaultStandardCookieConfig,
9
- defineSecureCookieOptions,
10
- expiredCookieAttributes,
11
- getCookie,
12
- getSetCookie,
13
- setCookie
14
- } from "./chunk-5W4BRQYG.js";
15
- import "./chunk-RRLIF4PQ.js";
16
- export {
17
- COOKIE_NAME,
18
- createCookieStore,
19
- createSessionCookie,
20
- defaultCookieOptions,
21
- defaultHostCookieConfig,
22
- defaultSecureCookieConfig,
23
- defaultStandardCookieConfig,
24
- defineSecureCookieOptions,
25
- expiredCookieAttributes,
26
- getCookie,
27
- getSetCookie,
28
- setCookie
29
- };
package/dist/env.cjs DELETED
@@ -1,56 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __export = (target, all) => {
7
- for (var name in all)
8
- __defProp(target, name, { get: all[name], enumerable: true });
9
- };
10
- var __copyProps = (to, from, except, desc) => {
11
- if (from && typeof from === "object" || typeof from === "function") {
12
- for (let key of __getOwnPropNames(from))
13
- if (!__hasOwnProp.call(to, key) && key !== except)
14
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
- }
16
- return to;
17
- };
18
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
-
20
- // src/env.ts
21
- var env_exports = {};
22
- __export(env_exports, {
23
- env: () => env
24
- });
25
- module.exports = __toCommonJS(env_exports);
26
- var import_meta = {};
27
- var env = new Proxy({}, {
28
- get(_, prop) {
29
- if (typeof prop !== "string") return void 0;
30
- const hasProperty = (process2) => {
31
- return process2 && Object.prototype.hasOwnProperty.call(process2, prop);
32
- };
33
- try {
34
- if (typeof process !== "undefined" && hasProperty(process.env)) {
35
- return process.env[prop];
36
- }
37
- if (typeof import_meta !== "undefined" && hasProperty(import_meta.env)) {
38
- return import_meta.env[prop];
39
- }
40
- if (typeof Deno !== "undefined" && Deno.env?.get) {
41
- return Deno.env.get(prop);
42
- }
43
- if (typeof Bun !== "undefined" && hasProperty(Bun.env)) {
44
- return Bun.env[prop];
45
- }
46
- const globalValue = globalThis[prop];
47
- return typeof globalValue === "string" ? globalValue : void 0;
48
- } catch {
49
- return void 0;
50
- }
51
- }
52
- });
53
- // Annotate the CommonJS export names for ESM import in node:
54
- 0 && (module.exports = {
55
- env
56
- });
package/dist/env.d.ts DELETED
@@ -1,7 +0,0 @@
1
- /**
2
- * A runtime-agnostic environment variable proxy.
3
- * Checks multiple sources to ensure compatibility with Node, Bun, Deno, Vite, and Edge platforms.
4
- */
5
- declare const env: Record<string, string | undefined>;
6
-
7
- export { env };
package/dist/env.js DELETED
@@ -1,6 +0,0 @@
1
- import {
2
- env
3
- } from "./chunk-4MYWAOLG.js";
4
- export {
5
- env
6
- };