@aura-stack/auth 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (215) hide show
  1. package/README.md +36 -1
  2. package/dist/@types/index.cjs +0 -18
  3. package/dist/@types/index.d.ts +2 -12
  4. package/dist/@types/index.js +0 -1
  5. package/dist/assert-B3iQSYlK.js +3 -0
  6. package/dist/assert-NJGroSJd.cjs +3 -0
  7. package/dist/client/index.cjs +1 -135
  8. package/dist/client/index.d.ts +11 -14
  9. package/dist/client/index.js +1 -10
  10. package/dist/crypto-Bz8nIciY.js +1 -0
  11. package/dist/crypto-CoXA5w_4.cjs +1 -0
  12. package/dist/env-bq387KyP.cjs +1 -0
  13. package/dist/env-nvh8QBNz.js +1 -0
  14. package/dist/errors-CCYPHuBO.cjs +1 -0
  15. package/dist/errors-DFWHOho6.js +1 -0
  16. package/dist/index-BkpwQ0l4.d.cts +2279 -0
  17. package/dist/index-nqLV2t91.d.ts +2279 -0
  18. package/dist/index.cjs +1 -2427
  19. package/dist/index.d.cts +2 -0
  20. package/dist/index.d.ts +2 -14
  21. package/dist/index.js +1 -59
  22. package/dist/logger-C59_CDMk.js +1 -0
  23. package/dist/logger-UnUhYL2V.cjs +1 -0
  24. package/dist/oauth/atlassian.cjs +1 -57
  25. package/dist/oauth/atlassian.d.ts +2 -12
  26. package/dist/oauth/atlassian.js +1 -6
  27. package/dist/oauth/bitbucket.cjs +1 -49
  28. package/dist/oauth/bitbucket.d.ts +2 -12
  29. package/dist/oauth/bitbucket.js +1 -6
  30. package/dist/oauth/discord.cjs +1 -57
  31. package/dist/oauth/discord.d.ts +2 -12
  32. package/dist/oauth/discord.js +1 -6
  33. package/dist/oauth/dropbox.cjs +1 -53
  34. package/dist/oauth/dropbox.d.ts +2 -12
  35. package/dist/oauth/dropbox.js +1 -6
  36. package/dist/oauth/figma.cjs +1 -49
  37. package/dist/oauth/figma.d.ts +2 -12
  38. package/dist/oauth/figma.js +1 -6
  39. package/dist/oauth/github.cjs +1 -49
  40. package/dist/oauth/github.d.ts +2 -12
  41. package/dist/oauth/github.js +1 -6
  42. package/dist/oauth/gitlab.cjs +1 -49
  43. package/dist/oauth/gitlab.d.ts +2 -12
  44. package/dist/oauth/gitlab.js +1 -6
  45. package/dist/oauth/index.cjs +1 -673
  46. package/dist/oauth/index.d.ts +2 -12
  47. package/dist/oauth/index.js +1 -68
  48. package/dist/oauth/mailchimp.cjs +1 -49
  49. package/dist/oauth/mailchimp.d.ts +2 -12
  50. package/dist/oauth/mailchimp.js +1 -6
  51. package/dist/oauth/notion.cjs +1 -131
  52. package/dist/oauth/notion.d.ts +2 -12
  53. package/dist/oauth/notion.js +1 -9
  54. package/dist/oauth/pinterest.cjs +1 -49
  55. package/dist/oauth/pinterest.d.ts +2 -12
  56. package/dist/oauth/pinterest.js +1 -6
  57. package/dist/oauth/spotify.cjs +1 -49
  58. package/dist/oauth/spotify.d.ts +2 -12
  59. package/dist/oauth/spotify.js +1 -6
  60. package/dist/oauth/strava.cjs +1 -49
  61. package/dist/oauth/strava.d.ts +2 -12
  62. package/dist/oauth/strava.js +1 -6
  63. package/dist/oauth/twitch.cjs +1 -95
  64. package/dist/oauth/twitch.d.ts +2 -12
  65. package/dist/oauth/twitch.js +1 -7
  66. package/dist/oauth/x.cjs +1 -49
  67. package/dist/oauth/x.d.ts +2 -12
  68. package/dist/oauth/x.js +1 -6
  69. package/dist/oauth-BntNm6aE.cjs +1 -0
  70. package/dist/oauth-DmHy9VrB.js +1 -0
  71. package/dist/shared/crypto.cjs +1 -0
  72. package/dist/shared/crypto.d.ts +47 -0
  73. package/dist/shared/crypto.js +1 -0
  74. package/dist/shared/identity.cjs +1 -0
  75. package/dist/shared/identity.d.ts +2 -0
  76. package/dist/shared/identity.js +1 -0
  77. package/dist/shared/index.cjs +1 -0
  78. package/dist/shared/index.d.ts +5 -0
  79. package/dist/shared/index.js +1 -0
  80. package/package.json +32 -9
  81. package/dist/@types/router.d.cjs +0 -1
  82. package/dist/@types/router.d.d.ts +0 -16
  83. package/dist/@types/router.d.js +0 -0
  84. package/dist/@types/utility.cjs +0 -18
  85. package/dist/@types/utility.d.ts +0 -6
  86. package/dist/@types/utility.js +0 -1
  87. package/dist/actions/callback/access-token.cjs +0 -250
  88. package/dist/actions/callback/access-token.d.ts +0 -33
  89. package/dist/actions/callback/access-token.js +0 -9
  90. package/dist/actions/callback/callback.cjs +0 -715
  91. package/dist/actions/callback/callback.d.ts +0 -42
  92. package/dist/actions/callback/callback.js +0 -18
  93. package/dist/actions/callback/userinfo.cjs +0 -283
  94. package/dist/actions/callback/userinfo.d.ts +0 -25
  95. package/dist/actions/callback/userinfo.js +0 -13
  96. package/dist/actions/csrfToken/csrfToken.cjs +0 -189
  97. package/dist/actions/csrfToken/csrfToken.d.ts +0 -7
  98. package/dist/actions/csrfToken/csrfToken.js +0 -13
  99. package/dist/actions/index.cjs +0 -1161
  100. package/dist/actions/index.d.ts +0 -17
  101. package/dist/actions/index.js +0 -39
  102. package/dist/actions/session/session.cjs +0 -188
  103. package/dist/actions/session/session.d.ts +0 -7
  104. package/dist/actions/session/session.js +0 -12
  105. package/dist/actions/signIn/authorization-url.cjs +0 -288
  106. package/dist/actions/signIn/authorization-url.d.ts +0 -31
  107. package/dist/actions/signIn/authorization-url.js +0 -16
  108. package/dist/actions/signIn/authorization.cjs +0 -281
  109. package/dist/actions/signIn/authorization.d.ts +0 -54
  110. package/dist/actions/signIn/authorization.js +0 -19
  111. package/dist/actions/signIn/signIn.cjs +0 -595
  112. package/dist/actions/signIn/signIn.d.ts +0 -42
  113. package/dist/actions/signIn/signIn.js +0 -16
  114. package/dist/actions/signOut/signOut.cjs +0 -492
  115. package/dist/actions/signOut/signOut.d.ts +0 -16
  116. package/dist/actions/signOut/signOut.js +0 -15
  117. package/dist/api/createApi.cjs +0 -750
  118. package/dist/api/createApi.d.ts +0 -12
  119. package/dist/api/createApi.js +0 -19
  120. package/dist/api/getSession.cjs +0 -141
  121. package/dist/api/getSession.d.ts +0 -16
  122. package/dist/api/getSession.js +0 -10
  123. package/dist/api/signIn.cjs +0 -549
  124. package/dist/api/signIn.d.ts +0 -26
  125. package/dist/api/signIn.js +0 -15
  126. package/dist/api/signOut.cjs +0 -279
  127. package/dist/api/signOut.d.ts +0 -16
  128. package/dist/api/signOut.js +0 -13
  129. package/dist/assert.cjs +0 -194
  130. package/dist/assert.d.ts +0 -37
  131. package/dist/assert.js +0 -26
  132. package/dist/chunk-2A5B7GWR.js +0 -125
  133. package/dist/chunk-2GQLSIJ2.js +0 -40
  134. package/dist/chunk-2IR674WX.js +0 -44
  135. package/dist/chunk-3J5TUH2I.js +0 -50
  136. package/dist/chunk-4RWSYUKX.js +0 -98
  137. package/dist/chunk-4YHJ4IEQ.js +0 -25
  138. package/dist/chunk-54CZPKR4.js +0 -25
  139. package/dist/chunk-5LZ7TOM3.js +0 -25
  140. package/dist/chunk-5X7JZMEF.js +0 -0
  141. package/dist/chunk-7BE46WWS.js +0 -88
  142. package/dist/chunk-7YYXFKLR.js +0 -35
  143. package/dist/chunk-C3A37LQC.js +0 -33
  144. package/dist/chunk-CITNGXDA.js +0 -31
  145. package/dist/chunk-CWX724AG.js +0 -78
  146. package/dist/chunk-D2CSIUKP.js +0 -74
  147. package/dist/chunk-E6G5YCI6.js +0 -25
  148. package/dist/chunk-EBAMFRB7.js +0 -34
  149. package/dist/chunk-EEE7UM5T.js +0 -25
  150. package/dist/chunk-FPCVZUVG.js +0 -37
  151. package/dist/chunk-FW4W3REU.js +0 -25
  152. package/dist/chunk-GNNBM2WJ.js +0 -83
  153. package/dist/chunk-IPKO6UQN.js +0 -25
  154. package/dist/chunk-ITQ7352M.js +0 -0
  155. package/dist/chunk-JOCGX3RP.js +0 -59
  156. package/dist/chunk-KBXWTD6E.js +0 -94
  157. package/dist/chunk-KMMAZFSJ.js +0 -25
  158. package/dist/chunk-LATR3NIV.js +0 -117
  159. package/dist/chunk-LAYPUDQF.js +0 -39
  160. package/dist/chunk-LDU7A2JE.js +0 -25
  161. package/dist/chunk-LX3TJ2TJ.js +0 -294
  162. package/dist/chunk-NHZBQNRR.js +0 -143
  163. package/dist/chunk-OVHNRULD.js +0 -33
  164. package/dist/chunk-PDP3PHB3.js +0 -127
  165. package/dist/chunk-PG7UYFG5.js +0 -0
  166. package/dist/chunk-PHYNROD4.js +0 -47
  167. package/dist/chunk-QQEKY4XP.js +0 -29
  168. package/dist/chunk-U4RK4LKJ.js +0 -348
  169. package/dist/chunk-U5663F2U.js +0 -70
  170. package/dist/chunk-UN7X6SU5.js +0 -53
  171. package/dist/chunk-UZQJJD6A.js +0 -100
  172. package/dist/chunk-V6LLEAR4.js +0 -80
  173. package/dist/chunk-WHNDRO3N.js +0 -50
  174. package/dist/chunk-XY5R3EHH.js +0 -204
  175. package/dist/chunk-ZNCZVF6U.js +0 -14
  176. package/dist/client/client.cjs +0 -135
  177. package/dist/client/client.d.ts +0 -85
  178. package/dist/client/client.js +0 -9
  179. package/dist/context.cjs +0 -1237
  180. package/dist/context.d.ts +0 -16
  181. package/dist/context.js +0 -28
  182. package/dist/cookie.cjs +0 -277
  183. package/dist/cookie.d.ts +0 -89
  184. package/dist/cookie.js +0 -30
  185. package/dist/createAuth.cjs +0 -2320
  186. package/dist/createAuth.d.ts +0 -12
  187. package/dist/createAuth.js +0 -48
  188. package/dist/env.cjs +0 -78
  189. package/dist/env.d.ts +0 -10
  190. package/dist/env.js +0 -12
  191. package/dist/errors.cjs +0 -102
  192. package/dist/errors.d.ts +0 -60
  193. package/dist/errors.js +0 -22
  194. package/dist/headers.cjs +0 -61
  195. package/dist/headers.d.ts +0 -33
  196. package/dist/headers.js +0 -12
  197. package/dist/index-_aXtxb_s.d.ts +0 -1377
  198. package/dist/jose.cjs +0 -166
  199. package/dist/jose.d.ts +0 -12
  200. package/dist/jose.js +0 -20
  201. package/dist/logger.cjs +0 -424
  202. package/dist/logger.d.ts +0 -12
  203. package/dist/logger.js +0 -17
  204. package/dist/request.cjs +0 -38
  205. package/dist/request.d.ts +0 -13
  206. package/dist/request.js +0 -6
  207. package/dist/schemas.cjs +0 -158
  208. package/dist/schemas.d.ts +0 -229
  209. package/dist/schemas.js +0 -24
  210. package/dist/secure.cjs +0 -170
  211. package/dist/secure.d.ts +0 -41
  212. package/dist/secure.js +0 -20
  213. package/dist/utils.cjs +0 -329
  214. package/dist/utils.d.ts +0 -35
  215. package/dist/utils.js +0 -36
package/README.md CHANGED
@@ -5,6 +5,7 @@
5
5
  **Core authentication library for the Aura Stack ecosystem**
6
6
 
7
7
  [![npm version](https://img.shields.io/npm/v/@aura-stack/auth.svg)](https://www.npmjs.com/package/@aura-stack/auth)
8
+ [![JSR version](https://jsr.io/badges/@aura-stack/auth)](https://jsr.io/@aura-stack/auth)
8
9
  [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
9
10
 
10
11
  [Official Docs](https://aura-stack-auth.vercel.app/docs) · [Core Package Docs](https://aura-stack-auth.vercel.app/docs/packages/core)
@@ -27,13 +28,47 @@ Inspired by [Auth.js](https://authjs.dev/), Aura Auth focuses on simplicity, dev
27
28
  - **Extensible architecture** — Easily integrate with `@aura-stack/router` or custom routing layers.
28
29
  - **Framework-agnostic** — Works seamlessly in any environment that supports the Web Request/Response APIs.
29
30
 
31
+ ## Installation
32
+
33
+ ```bash
34
+ pnpm add @aura-stack/auth
35
+ ```
36
+
37
+ ## Quick Start
38
+
39
+ ### 1. Create Auth Instance
40
+
41
+ Configure your auth instance in a shared file (e.g., `lib/auth.ts`).
42
+
43
+ ```ts
44
+ import { createAuth } from "@aura-stack/auth"
45
+
46
+ export const auth = createAuth({
47
+ oauth: ["github"],
48
+ })
49
+
50
+ export const { api, jose handlers } = auth
51
+ ```
52
+
53
+ ### 2. Creat Auth Client Instance
54
+
55
+ Configure your auth client instance in a shared file (e.g., `lib/auth-client.ts`).
56
+
57
+ ```ts
58
+ import { createAuthClient } from "@aura-stack/auth/client"
59
+
60
+ export const authClient = createAuth({
61
+ baseURL: "http://localhost:3000",
62
+ })
63
+ ```
64
+
30
65
  ## Documentation
31
66
 
32
67
  Visit the [**official documentation website**](https://aura-stack-auth.vercel.app).
33
68
 
34
69
  ## License
35
70
 
36
- Licensed under the [MIT License](LICENSE). © [Aura Stack](https://github.com/aura-stack-ts)
71
+ Licensed under the [MIT License](../../LICENSE). © [Aura Stack](https://github.com/aura-stack-ts)
37
72
 
38
73
  ---
39
74
 
@@ -1,18 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __copyProps = (to, from, except, desc) => {
7
- if (from && typeof from === "object" || typeof from === "function") {
8
- for (let key of __getOwnPropNames(from))
9
- if (!__hasOwnProp.call(to, key) && key !== except)
10
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
11
- }
12
- return to;
13
- };
14
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
15
-
16
- // src/@types/index.ts
17
- var types_exports = {};
18
- module.exports = __toCommonJS(types_exports);
@@ -1,12 +1,2 @@
1
- import 'zod';
2
- export { f as APIErrorMap, aA as AccessTokenError, q as AuthAPI, p as AuthClient, l as AuthClientOptions, A as AuthConfig, r as AuthInstance, d as AuthInternalErrorCode, c as AuthRuntimeConfig, e as AuthSecurityErrorCode, aB as AuthorizationError, aC as AuthorizeParams, B as BuiltInOAuthProvider, C as CookieConfig, aD as CookieName, b as CookieStoreConfig, aE as CookieStrategyAttributes, E as ErrorType, F as FunctionAPIContext, aF as GetSessionAPI, G as GetSessionAPIOptions, aG as HostCookie, I as InternalContext, a as InternalLogger, J as JWTPayloadWithToken, aH as JWTStandardClaims, s as JoseInstance, L as LogLevel, t as Logger, aI as OAuthEnv, aJ as OAuthError, k as OAuthProvider, u as OAuthProviderConfig, j as OAuthProviderCredentials, O as OAuthProviderRecord, aK as ResponseType, R as RouterGlobalContext, aL as SecureCookie, m as Session, S as SessionResponse, aM as Severity, g as SignInAPIOptions, n as SignInOptions, h as SignInReturn, i as SignOutAPIOptions, o as SignOutOptions, aN as StandardCookie, aO as SyslogOptions, aP as TokenRevocationError, T as TrustedOrigin, U as User } from '../index-_aXtxb_s.js';
3
- import '../schemas.js';
4
- import '@aura-stack/router/cookie';
5
- export { LiteralUnion, Prettify } from './utility.js';
6
- import '@aura-stack/router';
7
- import '@aura-stack/jose/jose';
8
- import '@aura-stack/jose';
9
- import '@aura-stack/jose/crypto';
10
- import 'jose';
11
- import 'zod/v4/core';
12
- import 'zod/v4';
1
+ import { $ as JWTConfigBase, A as APIErrorMap, At as IdentityConfig, B as DeepPartial, Bt as SyslogOptions, C as SignOutAPIReturn, Ct as CookieName, D as UpdateSessionAPIReturn, Dt as CredentialsProvider, E as UpdateSessionAPIOptions, Et as CredentialsPayload, F as ErrorType, Ft as Logger, G as InferShape, Gt as OAuthProviderCredentials, H as EditableShape, Hn as UserShape, Ht as AuthorizeParams, I as OAuthError, It as RouterGlobalContext, J as Prettify, Jt as BuiltInOAuthProvider, K as LiteralUnion, Kt as OAuthProviderRecord, L as TokenRevocationError, Lt as SecureCookie, M as AuthInternalErrorCode, Mt as InternalLogger, N as AuthSecurityErrorCode, Nt as JoseInstance, O as UpdateSessionOptions, Ot as CredentialsProviderContext, P as AuthorizationError, Pt as LogLevel, Q as JWTConfig, Rt as Severity, S as SignOutAPIOptions, St as CookieConfig, T as SignOutReturn, Tt as CookieStrategyAttributes, U as InferAuthIdentity, Ut as OAuthProvider, V as DeepRequired, Vn as UserIdentityType, Vt as TrustedOrigin, W as InferIdentity, Wt as OAuthProviderConfig, X as CreateSessionStrategyOptions, Y as ShapeToObject, Z as GetStatelessSessionReturn, _ as SignInCredentialsAPIReturn, _t as User, a as OAuthEnv, at as JWTManager, b as SignInOptions, bt as AuthInstance, c as APIOptionsWithRequest, ct as JWTSignedMode, d as GetSessionAPIOptions, dt as KeyPair, et as JWTEncryptedMode, f as GetSessionAPIReturn, ft as SecretKey, g as SignInCredentialsAPIOptions, gt as StatelessStrategyConfig, h as SignInAPIReturn, ht as SessionStrategy, i as JWTStandardClaims, it as JWTKeyAlgorithm, j as AccessTokenError, jt as InternalContext, k as UpdateSessionReturn, kt as HostCookie, l as APIOptionsWithSkipCSRFCheck, lt as JWTSigningAlgorithm, m as SignInAPIOptions, mt as SessionConfig, n as AuthClientOptions, nt as JWTExpirationStrategy, o as TypedJWTPayload, ot as JWTMode, p as OptionsWithRedirectTo, pt as Session, q as Merge, qt as ResponseType, r as JWTPayloadWithToken, rt as JWTKey, s as APIOptionsWithRedirectTo, st as JWTSealedMode, t as AuthClient, tt as JWTEncryptionAlgorithm, u as FunctionAPIContext, ut as JWTStrategyOptions, v as SignInCredentialsOptions, vt as AuthAPI, w as SignOutOptions, wt as CookieStoreConfig, x as SignInReturn, xt as AuthRuntimeConfig, y as SignInCredentialsReturn, yt as AuthConfig, z as AuthResponse, zt as StandardCookie } from "../index-nqLV2t91.js";
2
+ export { APIErrorMap, APIOptionsWithRedirectTo, APIOptionsWithRequest, APIOptionsWithSkipCSRFCheck, AccessTokenError, AuthAPI, AuthClient, AuthClientOptions, AuthConfig, AuthInstance, AuthInternalErrorCode, AuthResponse, AuthRuntimeConfig, AuthSecurityErrorCode, AuthorizationError, AuthorizeParams, BuiltInOAuthProvider, CookieConfig, CookieName, CookieStoreConfig, CookieStrategyAttributes, CreateSessionStrategyOptions, CredentialsPayload, CredentialsProvider, CredentialsProviderContext, DeepPartial, DeepRequired, EditableShape, ErrorType, FunctionAPIContext, GetSessionAPIOptions, GetSessionAPIReturn, GetStatelessSessionReturn, HostCookie, IdentityConfig, InferAuthIdentity, InferIdentity, InferShape, InternalContext, InternalLogger, JWTConfig, JWTConfigBase, JWTEncryptedMode, JWTEncryptionAlgorithm, JWTExpirationStrategy, JWTKey, JWTKeyAlgorithm, JWTManager, JWTMode, JWTPayloadWithToken, JWTSealedMode, JWTSignedMode, JWTSigningAlgorithm, JWTStandardClaims, JWTStrategyOptions, JoseInstance, KeyPair, LiteralUnion, LogLevel, Logger, Merge, OAuthEnv, OAuthError, OAuthProvider, OAuthProviderConfig, OAuthProviderCredentials, OAuthProviderRecord, OptionsWithRedirectTo, Prettify, ResponseType, RouterGlobalContext, SecretKey, SecureCookie, Session, SessionConfig, SessionStrategy, Severity, ShapeToObject, SignInAPIOptions, SignInAPIReturn, SignInCredentialsAPIOptions, SignInCredentialsAPIReturn, SignInCredentialsOptions, SignInCredentialsReturn, SignInOptions, SignInReturn, SignOutAPIOptions, SignOutAPIReturn, SignOutOptions, SignOutReturn, StandardCookie, StatelessStrategyConfig, SyslogOptions, TokenRevocationError, TrustedOrigin, TypedJWTPayload, UpdateSessionAPIOptions, UpdateSessionAPIReturn, UpdateSessionOptions, UpdateSessionReturn, User, UserIdentityType, UserShape };
@@ -1 +0,0 @@
1
- import "../chunk-PG7UYFG5.js";
@@ -0,0 +1,3 @@
1
+ import{n as e}from"./errors-DFWHOho6.js";import{n as t}from"./env-nvh8QBNz.js";import{encoder as n}from"@aura-stack/jose/crypto";const r=`0.5.0`,i=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,a=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},o=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),s=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},c=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,l=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},u=(e,t)=>{let r=n.encode(e),i=n.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},d=(r,i)=>{let a=t(r)??r,o=t(i)??i;if(!a||!o)throw new e(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encode(s)));return`Basic ${btoa(c)}`},f=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),p=[`<`,`>`,`"`,"`",` `,`\r`,`
2
+ `,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
3
+ `,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],m=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of p)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},h=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,g=e=>{if(e.length>100)return!1;for(let t of p)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},_=(e,t)=>{let n=new URL(e),r=new URL(t);return i(n.origin,r.origin)},v=(e,t)=>{if(!m(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(l(e)?.test(n))return!0;try{if(m(e)&&i(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},y=e=>e?.jwt?.mode??`sealed`,b=e=>y(e)===`signed`,x=e=>y(e)===`encrypted`,S=e=>y(e)===`sealed`;export{u as _,S as a,m as c,i as d,s as f,l as g,a as h,_ as i,r as l,c as m,h as n,b as o,o as p,g as r,v as s,x as t,d as u,f as v};
@@ -0,0 +1,3 @@
1
+ const e=require(`./errors-CCYPHuBO.cjs`),t=require(`./env-bq387KyP.cjs`);let n=require(`@aura-stack/jose/crypto`);const r=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,i=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},a=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),o=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},s=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,c=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},l=(e,t)=>{let r=n.encoder.encode(e),i=n.encoder.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},u=(r,i)=>{let a=t.n(r)??r,o=t.n(i)??i;if(!a||!o)throw new e.n(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encoder.encode(s)));return`Basic ${btoa(c)}`},d=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),f=[`<`,`>`,`"`,"`",` `,`\r`,`
2
+ `,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
3
+ `,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],p=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of f)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},m=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,h=e=>{if(e.length>100)return!1;for(let t of f)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},g=(e,t)=>{let n=new URL(e),i=new URL(t);return r(n.origin,i.origin)},_=(e,t)=>{if(!p(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(c(e)?.test(n))return!0;try{if(p(e)&&r(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},v=e=>e?.jwt?.mode??`sealed`,y=e=>v(e)===`signed`,b=e=>v(e)===`encrypted`,x=e=>v(e)===`sealed`;Object.defineProperty(exports,`_`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return p}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`g`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`h`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return`0.5.0`}}),Object.defineProperty(exports,`m`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`p`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return u}}),Object.defineProperty(exports,`v`,{enumerable:!0,get:function(){return d}});
@@ -1,135 +1 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __export = (target, all) => {
7
- for (var name in all)
8
- __defProp(target, name, { get: all[name], enumerable: true });
9
- };
10
- var __copyProps = (to, from, except, desc) => {
11
- if (from && typeof from === "object" || typeof from === "function") {
12
- for (let key of __getOwnPropNames(from))
13
- if (!__hasOwnProp.call(to, key) && key !== except)
14
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
- }
16
- return to;
17
- };
18
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
-
20
- // src/client/index.ts
21
- var client_exports = {};
22
- __export(client_exports, {
23
- createAuthClient: () => createAuthClient,
24
- createClient: () => createClient
25
- });
26
- module.exports = __toCommonJS(client_exports);
27
-
28
- // src/errors.ts
29
- var AuthClientError = class extends Error {
30
- type = "AUTH_CLIENT_ERROR";
31
- code;
32
- constructor(code, message, options) {
33
- super(message, options);
34
- this.code = code;
35
- this.name = new.target.name;
36
- Error.captureStackTrace(this, new.target);
37
- }
38
- };
39
- var isNativeError = (error) => {
40
- return error instanceof Error;
41
- };
42
-
43
- // src/client/client.ts
44
- var import_router = require("@aura-stack/router");
45
- var createClient = import_router.createClient;
46
- var createAuthClient = (options) => {
47
- if (typeof window === "undefined" && !options.baseURL) {
48
- throw new AuthClientError("`baseURL` is required when createAuthClient is used outside the browser.");
49
- }
50
- const client = createClient({
51
- cache: "no-store",
52
- credentials: "include",
53
- baseURL: options.baseURL ?? window.location.origin,
54
- ...options
55
- });
56
- const getCSRFToken = async () => {
57
- try {
58
- const response = await client.get("/csrfToken");
59
- if (!response.ok) return null;
60
- const data = await response.json();
61
- return data.csrfToken;
62
- } catch (error) {
63
- console.error("Error fetching CSRF token:", error);
64
- return null;
65
- }
66
- };
67
- const getSession = async () => {
68
- try {
69
- const response = await client.get("/session");
70
- if (!response.ok) return null;
71
- const session = await response.json();
72
- if (!session?.authenticated) return null;
73
- return session.session;
74
- } catch (error) {
75
- console.error("Error fetching session:", error);
76
- return null;
77
- }
78
- };
79
- const signIn = async (oauth, options2) => {
80
- try {
81
- const response = await client.get("/signIn/:oauth", {
82
- params: {
83
- oauth
84
- },
85
- searchParams: {
86
- ...options2,
87
- redirect: false
88
- }
89
- });
90
- const json = await response.json();
91
- if ((options2?.redirect ?? true) && typeof window !== "undefined" && json?.signInURL) {
92
- window.location.assign(json.signInURL);
93
- }
94
- return json;
95
- } catch (error) {
96
- console.error("Error during sign-in:", error);
97
- return { redirect: false, signInURL: "/" };
98
- }
99
- };
100
- const signOut = async (options2) => {
101
- try {
102
- const csrfToken = await getCSRFToken();
103
- if (!csrfToken) {
104
- throw new AuthClientError("Failed to fetch CSRF token for sign-out.");
105
- }
106
- const response = await client.post("/signOut", {
107
- searchParams: {
108
- redirectTo: options2?.redirectTo ?? "/",
109
- token_type_hint: "session_token"
110
- },
111
- headers: {
112
- "X-CSRF-Token": csrfToken
113
- }
114
- });
115
- const json = await response.json();
116
- if ((options2?.redirect ?? true) && typeof window !== "undefined" && json?.url) {
117
- window.location.assign(json.url);
118
- }
119
- return json;
120
- } catch (error) {
121
- console.error("Error during sign-out:", error);
122
- throw isNativeError(error) ? error : new AuthClientError("Sign-out failed.", "The sign-out request failed.", { cause: error });
123
- }
124
- };
125
- return {
126
- getSession,
127
- signIn,
128
- signOut
129
- };
130
- };
131
- // Annotate the CommonJS export names for ESM import in node:
132
- 0 && (module.exports = {
133
- createAuthClient,
134
- createClient
135
- });
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../errors-CCYPHuBO.cjs`),t=require(`@aura-stack/router`).createClient,n=n=>{if(typeof window>`u`&&!n.baseURL)throw new e.t("`baseURL` is required when createAuthClient is used outside the browser.");let r=t({cache:`no-store`,credentials:`include`,baseURL:n.baseURL??window.location.origin,...n}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let n=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{...t,redirect:!1}})).json();return(t?.redirect??!0)&&typeof window<`u`&&n?.signInURL&&window.location.assign(n.signInURL),n}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async e=>{try{let t=await(await r.post(`/signIn/credentials`,{body:e.payload,searchParams:{redirectTo:e?.redirectTo}})).json();return(e?.redirect??!0)&&typeof window<`u`&&t?.redirectURL&&window.location.assign(t.redirectURL),t}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e.t(`Failed to fetch CSRF token for session update.`);let{session:a}=t??{};if(!a)return{success:!1,session:null};let o=a.user??{},s=await(await r.patch(`/session`,{body:{user:o,expires:a.expires?new Date(a.expires):void 0},headers:{"X-CSRF-Token":n}})).json();return(t.redirect??!0)&&typeof window<`u`&&s?.redirectURL&&window.location.assign(s.redirectURL),s}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e.t(`Failed to fetch CSRF token for sign-out.`);let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return(t?.redirect??!0)&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};exports.createAuthClient=n;
@@ -1,14 +1,11 @@
1
- export { createAuthClient, createClient } from './client.js';
2
- export { p as AuthClient, l as AuthClientOptions, n as SignInOptions, o as SignOutOptions } from '../index-_aXtxb_s.js';
3
- export { Client, ClientOptions } from '@aura-stack/router/types';
4
- import 'zod/v4/core';
5
- import 'zod';
6
- import '@aura-stack/router';
7
- import '../@types/utility.js';
8
- import '../schemas.js';
9
- import 'zod/v4';
10
- import '@aura-stack/jose';
11
- import '@aura-stack/jose/jose';
12
- import '@aura-stack/jose/crypto';
13
- import '@aura-stack/router/cookie';
14
- import 'jose';
1
+ import { Jt as BuiltInOAuthProvider, K as LiteralUnion, O as UpdateSessionOptions, T as SignOutReturn, _t as User, b as SignInOptions, k as UpdateSessionReturn, n as AuthClientOptions, pt as Session, v as SignInCredentialsOptions, w as SignOutOptions, x as SignInReturn, y as SignInCredentialsReturn } from "../index-nqLV2t91.js";
2
+ //#region src/client/client.d.ts
3
+ declare const createAuthClient: <DefaultUser extends User = User>(options: AuthClientOptions) => {
4
+ getSession: () => Promise<Session<DefaultUser> | null>;
5
+ signIn: <Options extends SignInOptions>(oauth: LiteralUnion<BuiltInOAuthProvider>, options?: Options) => Promise<SignInReturn<Options>>;
6
+ signInCredentials: <Options extends SignInCredentialsOptions>(options: Options) => Promise<SignInCredentialsReturn<Options>>;
7
+ updateSession: <Options extends UpdateSessionOptions<DefaultUser>>(options: Options) => Promise<UpdateSessionReturn<Options, DefaultUser>>;
8
+ signOut: <Options extends SignOutOptions>(options?: Options) => Promise<SignOutReturn<Options>>;
9
+ };
10
+ //#endregion
11
+ export { type AuthClientOptions, createAuthClient };
@@ -1,10 +1 @@
1
- import "../chunk-5X7JZMEF.js";
2
- import {
3
- createAuthClient,
4
- createClient
5
- } from "../chunk-4RWSYUKX.js";
6
- import "../chunk-U5663F2U.js";
7
- export {
8
- createAuthClient,
9
- createClient
10
- };
1
+ import{t as e}from"../errors-DFWHOho6.js";import{createClient as t}from"@aura-stack/router";const n=t,r=t=>{if(typeof window>`u`&&!t.baseURL)throw new e("`baseURL` is required when createAuthClient is used outside the browser.");let r=n({cache:`no-store`,credentials:`include`,baseURL:t.baseURL??window.location.origin,...t}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let n=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{...t,redirect:!1}})).json();return(t?.redirect??!0)&&typeof window<`u`&&n?.signInURL&&window.location.assign(n.signInURL),n}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async e=>{try{let t=await(await r.post(`/signIn/credentials`,{body:e.payload,searchParams:{redirectTo:e?.redirectTo}})).json();return(e?.redirect??!0)&&typeof window<`u`&&t?.redirectURL&&window.location.assign(t.redirectURL),t}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e(`Failed to fetch CSRF token for session update.`);let{session:a}=t??{};if(!a)return{success:!1,session:null};let o=a.user??{},s=await(await r.patch(`/session`,{body:{user:o,expires:a.expires?new Date(a.expires):void 0},headers:{"X-CSRF-Token":n}})).json();return(t.redirect??!0)&&typeof window<`u`&&s?.redirectURL&&window.location.assign(s.redirectURL),s}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e(`Failed to fetch CSRF token for sign-out.`);let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return(t?.redirect??!0)&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};export{r as createAuthClient};
@@ -0,0 +1 @@
1
+ import{i as e,n as t}from"./errors-DFWHOho6.js";import{n}from"./env-nvh8QBNz.js";import{_ as r,a as i,d as a,n as o,o as s,t as c}from"./assert-B3iQSYlK.js";import{encoder as l,getRandomBytes as u,getSubtleCrypto as d}from"@aura-stack/jose/crypto";import{createDeriveKey as f,createJWE as p,createJWS as m,createJWT as h,createSecret as g}from"@aura-stack/jose";import{base64url as _}from"@aura-stack/jose/jose";const v=e=>e?.jwt,y=e=>{let t=v(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},b=(e,t)=>({...y(t),...e}),x=(e,t)=>{let n={};return(s(e)||i(e))&&e?.jwt?.signingAlgorithm&&(n.alg=e.jwt.signingAlgorithm),{...n,...t}},S=(e,t)=>{let n={};return(c(e)||i(e))&&(e?.jwt?.keyAlgorithm&&(n.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(n.enc=e.jwt.encryptionAlgorithm)),{...n,...t}},C=(e,t)=>{let n={};return(s(e)||i(e))&&(e?.jwt?.signingAlgorithm&&(n.algorithms=[e.jwt.signingAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},w=(e,t)=>{let n={};return(c(e)||i(e))&&(e?.jwt?.keyAlgorithm&&(n.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(n.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},T=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},E=(e,r)=>{if(e??=n(`SECRET`),!e)throw new t(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`);let i=n(`SALT`);if(!i)throw new t(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{g(i)}catch(e){throw new t(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:e})}let a=(async()=>{let[t,n,r]=await Promise.all([f(e,i,`signing`),f(e,i,`encryption`),f(e,i,`csrfToken`)]);return{jwt:h({sign:t,encrypt:n}),jws:m(r),jwe:p(n)}})();return a.catch(()=>{}),{signJWS:async(e,t)=>{let{jws:n}=await a;return n.signJWS(b(e,r),x(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await a,i=await n.verifyJWS(e,C(r,t));return T(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await a;return n.encryptJWE(b(e,r),S(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await a,i=await n.decryptJWE(e,w(r,t));return T(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await a;return await n.encodeJWT(b(e,r),{sign:x(r,t?.sign),encrypt:S(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await a,i=await n.decodeJWT(e,{verify:C(r,t?.verify),decrypt:w(r,t?.decrypt)});return T(i),i}}},D=(e=32)=>_.encode(u(e)),O=async e=>{let t=await d().digest(`SHA-256`,l.encode(e));return _.encode(new Uint8Array(t))},k=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??D(n??64);if(r.length<43||r.length>128)throw new e(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await O(r),method:`S256`}},A=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=D(32);return e.signJWS({token:n})}catch{let t=D(32);return e.signJWS({token:t})}},j=async(t,n,i)=>{try{let s=await t.verifyJWS(n),c=await t.verifyJWS(i);if(!o(s))throw new e(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!o(c))throw new e(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!a(s.token.length,c.token.length)||!r(s.token,c.token))throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},M=async(e,t,n=1e5)=>{let r=d(),i=t?_.decode(t):u(16),a=await r.importKey(`raw`,l.encode(e),`PBKDF2`,!1,[`deriveBits`]),o=await r.deriveBits({name:`PBKDF2`,salt:i,iterations:n,hash:`SHA-256`},a,256),s=new Uint8Array(o),c=_.encode(s);return`pbkdf2-sha256:${n}:${_.encode(i)}:${c}`},N=async(e,t)=>{try{let n=t.split(`:`);if(n.length!==4)return!1;let[i,a,o]=n;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);return isNaN(s)?!1:r(await M(e,o,s),t)}catch{return!1}};export{M as a,E as c,D as i,O as n,j as o,k as r,N as s,A as t};
@@ -0,0 +1 @@
1
+ const e=require(`./errors-CCYPHuBO.cjs`),t=require(`./env-bq387KyP.cjs`),n=require(`./assert-NJGroSJd.cjs`);let r=require(`@aura-stack/jose/crypto`),i=require(`@aura-stack/jose`),a=require(`@aura-stack/jose/jose`);const o=e=>e?.jwt,s=e=>{let t=o(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},c=(e,t)=>({...s(t),...e}),l=(e,t)=>{let r={};return(n.o(e)||n.a(e))&&e?.jwt?.signingAlgorithm&&(r.alg=e.jwt.signingAlgorithm),{...r,...t}},u=(e,t)=>{let r={};return(n.t(e)||n.a(e))&&(e?.jwt?.keyAlgorithm&&(r.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(r.enc=e.jwt.encryptionAlgorithm)),{...r,...t}},d=(e,t)=>{let r={};return(n.o(e)||n.a(e))&&(e?.jwt?.signingAlgorithm&&(r.algorithms=[e.jwt.signingAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},f=(e,t)=>{let r={};return(n.t(e)||n.a(e))&&(e?.jwt?.keyAlgorithm&&(r.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(r.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},p=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e.i(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},m=(n,r)=>{if(n??=t.n(`SECRET`),!n)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`);let a=t.n(`SALT`);if(!a)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{(0,i.createSecret)(a)}catch(t){throw new e.n(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:t})}let o=(async()=>{let[e,t,r]=await Promise.all([(0,i.createDeriveKey)(n,a,`signing`),(0,i.createDeriveKey)(n,a,`encryption`),(0,i.createDeriveKey)(n,a,`csrfToken`)]);return{jwt:(0,i.createJWT)({sign:e,encrypt:t}),jws:(0,i.createJWS)(r),jwe:(0,i.createJWE)(t)}})();return o.catch(()=>{}),{signJWS:async(e,t)=>{let{jws:n}=await o;return n.signJWS(c(e,r),l(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await o,i=await n.verifyJWS(e,d(r,t));return p(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await o;return n.encryptJWE(c(e,r),u(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await o,i=await n.decryptJWE(e,f(r,t));return p(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await o;return await n.encodeJWT(c(e,r),{sign:l(r,t?.sign),encrypt:u(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await o,i=await n.decodeJWT(e,{verify:d(r,t?.verify),decrypt:f(r,t?.decrypt)});return p(i),i}}},h=(e=32)=>a.base64url.encode((0,r.getRandomBytes)(e)),g=async e=>{let t=await(0,r.getSubtleCrypto)().digest(`SHA-256`,r.encoder.encode(e));return a.base64url.encode(new Uint8Array(t))},_=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??h(n??64);if(r.length<43||r.length>128)throw new e.i(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await g(r),method:`S256`}},v=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=h(32);return e.signJWS({token:n})}catch{let t=h(32);return e.signJWS({token:t})}},y=async(t,r,i)=>{try{let a=await t.verifyJWS(r),o=await t.verifyJWS(i);if(!n.n(a))throw new e.i(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!n.n(o))throw new e.i(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!n.d(a.token.length,o.token.length)||!n._(a.token,o.token))throw new e.i(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e.i(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},b=async(e,t,n=1e5)=>{let i=(0,r.getSubtleCrypto)(),o=t?a.base64url.decode(t):(0,r.getRandomBytes)(16),s=await i.importKey(`raw`,r.encoder.encode(e),`PBKDF2`,!1,[`deriveBits`]),c=await i.deriveBits({name:`PBKDF2`,salt:o,iterations:n,hash:`SHA-256`},s,256),l=new Uint8Array(c),u=a.base64url.encode(l);return`pbkdf2-sha256:${n}:${a.base64url.encode(o)}:${u}`},x=async(e,t)=>{try{let r=t.split(`:`);if(r.length!==4)return!1;let[i,a,o]=r;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);return isNaN(s)?!1:n._(await b(e,o,s),t)}catch{return!1}};Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return v}});
@@ -0,0 +1 @@
1
+ const e=new Proxy({},{get(e,t){if(typeof t!=`string`)return;let n=e=>e&&Object.prototype.hasOwnProperty.call(e,t);try{if(typeof process<`u`&&n(process.env))return process.env[t];if(n({}.env))return{}.env[t];if(typeof Deno<`u`&&Deno.env?.get)return Deno.env.get(t);if(typeof Bun<`u`&&n(Bun.env))return Bun.env[t];let e=globalThis[t];return typeof e==`string`?e:void 0}catch{return}}}),t=t=>e[[`AURA_AUTH_${t.toUpperCase()}`,`AURA_${t.toUpperCase()}`,`AUTH_${t.toUpperCase()}`,t.toUpperCase()].find(t=>e[t])??``],n=e=>{let n=t(e);if(n===void 0)return!1;let r=n.trim().toLowerCase();return!![`1`,`true`,`yes`,`on`,`debug`].includes(r)},r=(e,n=[])=>{let r=t(e);return r?r.split(/[,;\n]+/).map(e=>e.trim()).filter(Boolean):n};Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return n}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return t}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return e}});
@@ -0,0 +1 @@
1
+ const e=new Proxy({},{get(e,t){if(typeof t!=`string`)return;let n=e=>e&&Object.prototype.hasOwnProperty.call(e,t);try{if(typeof process<`u`&&n(process.env))return process.env[t];if(n(import.meta.env))return import.meta.env[t];if(typeof Deno<`u`&&Deno.env?.get)return Deno.env.get(t);if(typeof Bun<`u`&&n(Bun.env))return Bun.env[t];let e=globalThis[t];return typeof e==`string`?e:void 0}catch{return}}}),t=t=>e[[`AURA_AUTH_${t.toUpperCase()}`,`AURA_${t.toUpperCase()}`,`AUTH_${t.toUpperCase()}`,t.toUpperCase()].find(t=>e[t])??``],n=e=>{let n=t(e);if(n===void 0)return!1;let r=n.trim().toLowerCase();return!![`1`,`true`,`yes`,`on`,`debug`].includes(r)},r=(e,n=[])=>{let r=t(e);return r?r.split(/[,;\n]+/).map(e=>e.trim()).filter(Boolean):n};export{n as i,t as n,r,e as t};
@@ -0,0 +1 @@
1
+ var e=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(e,t,n,r){super(t,r),this.error=e,this.errorURI=n,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},t=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(e,t){super(e,t),this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}},a=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}};const o=e=>e instanceof Error,s=t=>t instanceof e,c=e=>e instanceof t,l=e=>e instanceof n,u=e=>e instanceof r,d=e=>e instanceof a,f=e=>c(e)||l(e)||u(e)||d(e);Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return n}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return t}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return e}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return f}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return d}});
@@ -0,0 +1 @@
1
+ var e=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(e,t,n,r){super(t,r),this.error=e,this.errorURI=n,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},t=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(e,t){super(e,t),this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}},a=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}};const o=e=>e instanceof Error,s=t=>t instanceof e,c=e=>e instanceof t,l=e=>e instanceof n,u=e=>e instanceof r,d=e=>e instanceof a,f=e=>c(e)||l(e)||u(e)||d(e);export{a,c,o as d,s as f,n as i,l,t as n,e as o,i as r,f as s,r as t,d as u};