@aura-stack/auth 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.d.ts +2 -2
- package/dist/assert-_fBNnaOk.js +3 -0
- package/dist/assert-hDwQ_SPO.cjs +3 -0
- package/dist/client/index.cjs +1 -1
- package/dist/client/index.d.ts +1 -1
- package/dist/client/index.js +1 -1
- package/dist/crypto-D6_SoGMH.cjs +1 -0
- package/dist/crypto-DyrRzBSQ.js +1 -0
- package/dist/env-7as-tgzO.cjs +1 -0
- package/dist/env-CJtSi1eX.js +1 -0
- package/dist/errors-Czt_w1t_.js +1 -0
- package/dist/errors-DcK2ELlk.cjs +1 -0
- package/dist/identity-b8FCr0Oa.cjs +1 -0
- package/dist/{index-BkpwQ0l4.d.cts → index-C9U6ICDT.d.ts} +792 -275
- package/dist/index.cjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/dist/{logger-C59_CDMk.js → logger-DjXkgSn5.js} +1 -1
- package/dist/{logger-UnUhYL2V.cjs → logger-G5PinyEc.cjs} +1 -1
- package/dist/oauth/atlassian.d.ts +1 -1
- package/dist/oauth/bitbucket.d.ts +1 -1
- package/dist/oauth/click-up.cjs +1 -0
- package/dist/oauth/click-up.d.ts +2 -0
- package/dist/oauth/click-up.js +1 -0
- package/dist/oauth/discord.d.ts +1 -1
- package/dist/oauth/dribbble.cjs +1 -0
- package/dist/oauth/dribbble.d.ts +2 -0
- package/dist/oauth/dribbble.js +1 -0
- package/dist/oauth/dropbox.d.ts +1 -1
- package/dist/oauth/figma.d.ts +1 -1
- package/dist/oauth/github.d.ts +1 -1
- package/dist/oauth/gitlab.d.ts +1 -1
- package/dist/oauth/index.cjs +1 -1
- package/dist/oauth/index.d.ts +2 -2
- package/dist/oauth/index.js +1 -1
- package/dist/oauth/mailchimp.d.ts +1 -1
- package/dist/oauth/notion.cjs +1 -1
- package/dist/oauth/notion.d.ts +1 -1
- package/dist/oauth/notion.js +1 -1
- package/dist/oauth/pinterest.d.ts +1 -1
- package/dist/oauth/spotify.d.ts +1 -1
- package/dist/oauth/strava.d.ts +1 -1
- package/dist/oauth/twitch.cjs +1 -1
- package/dist/oauth/twitch.d.ts +1 -1
- package/dist/oauth/twitch.js +1 -1
- package/dist/oauth/x.d.ts +1 -1
- package/dist/oauth-D3_mnBOx.js +1 -0
- package/dist/oauth-gPiWxjBd.cjs +1 -0
- package/dist/shared/crypto.cjs +1 -1
- package/dist/shared/crypto.d.ts +26 -2
- package/dist/shared/crypto.js +1 -1
- package/dist/shared/identity.cjs +1 -1
- package/dist/shared/identity.d.ts +2 -2
- package/dist/shared/identity.js +1 -1
- package/dist/shared/index.cjs +1 -1
- package/dist/shared/index.d.ts +1 -1
- package/dist/shared/index.js +1 -1
- package/package.json +9 -6
- package/dist/assert-B3iQSYlK.js +0 -3
- package/dist/assert-NJGroSJd.cjs +0 -3
- package/dist/crypto-Bz8nIciY.js +0 -1
- package/dist/crypto-CoXA5w_4.cjs +0 -1
- package/dist/env-bq387KyP.cjs +0 -1
- package/dist/env-nvh8QBNz.js +0 -1
- package/dist/errors-CCYPHuBO.cjs +0 -1
- package/dist/errors-DFWHOho6.js +0 -1
- package/dist/index-nqLV2t91.d.ts +0 -2279
- package/dist/index.d.cts +0 -2
- package/dist/oauth-BntNm6aE.cjs +0 -1
- package/dist/oauth-DmHy9VrB.js +0 -1
package/dist/shared/crypto.d.ts
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Ct as JoseInstance, Vt as AsymmetricKeyPairFromEnv, dt as AuthRuntimeConfig, ln as User } from "../index-C9U6ICDT.js";
|
|
2
|
+
import * as _$_aura_stack_jose_jose0 from "@aura-stack/jose/jose";
|
|
3
|
+
import { GenerateKeyPairOptions, generateKeyPair as createKeyPair } from "@aura-stack/jose/jose";
|
|
2
4
|
|
|
3
5
|
//#region src/shared/crypto.d.ts
|
|
4
6
|
declare const createSecretValue: (length?: number) => string;
|
|
@@ -43,5 +45,27 @@ declare const hashPassword: (password: string, salt?: string, iterations?: numbe
|
|
|
43
45
|
* @returns A promise that resolves to true if the password matches the hash, false otherwise.
|
|
44
46
|
*/
|
|
45
47
|
declare const verifyPassword: (password: string, hashedPassword: string) => Promise<boolean>;
|
|
48
|
+
/**
|
|
49
|
+
* Imports a PEM-formatted asymmetric key pair from strings.
|
|
50
|
+
*
|
|
51
|
+
* @param key - An object containing the public and private keys as PEM-formatted strings
|
|
52
|
+
* @param algorithm - The intended algorithm for the keys (e.g. "RS256" for RSA signing, "RSA-OAEP" for RSA encryption)
|
|
53
|
+
* @returns A Promise that resolves to a CryptoKeyPair with the imported keys
|
|
54
|
+
*/
|
|
55
|
+
declare const importPEMKeyPair: (key: AsymmetricKeyPairFromEnv, algorithm: string) => Promise<{
|
|
56
|
+
publicKey: CryptoKey;
|
|
57
|
+
privateKey: CryptoKey;
|
|
58
|
+
}>;
|
|
59
|
+
/**
|
|
60
|
+
* Generates a new asymmetric key pair and exports it in JWK format.
|
|
61
|
+
*
|
|
62
|
+
* @param alg - The intended algorithm for the keys (e.g. "RS256" for RSA signing, "RSA-OAEP" for RSA encryption)
|
|
63
|
+
* @param options - Optional parameters for key generation (e.g. modulusLength for RSA)
|
|
64
|
+
* @returns A Promise that resolves to an object containing the public and private keys in JWK format
|
|
65
|
+
*/
|
|
66
|
+
declare const exportJWKKeyPair: (alg: string, options?: GenerateKeyPairOptions) => Promise<{
|
|
67
|
+
publicKey: _$_aura_stack_jose_jose0.JWK;
|
|
68
|
+
privateKey: _$_aura_stack_jose_jose0.JWK;
|
|
69
|
+
}>;
|
|
46
70
|
//#endregion
|
|
47
|
-
export { createCSRF, createHash, createPKCE, createSecretValue, hashPassword, verifyCSRF, verifyPassword };
|
|
71
|
+
export { createCSRF, createHash, createKeyPair, createPKCE, createSecretValue, exportJWKKeyPair, hashPassword, importPEMKeyPair, verifyCSRF, verifyPassword };
|
package/dist/shared/crypto.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{a as e,
|
|
1
|
+
import{a as e,c as t,i as n,l as r,n as i,o as a,r as o,s,t as c,u as l}from"../crypto-DyrRzBSQ.js";export{c as createCSRF,i as createHash,o as createKeyPair,n as createPKCE,e as createSecretValue,a as exportJWKKeyPair,s as hashPassword,t as importPEMKeyPair,r as verifyCSRF,l as verifyPassword};
|
package/dist/shared/identity.cjs
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../identity-b8FCr0Oa.cjs`);exports.UserIdentity=e.t,exports.UserIdentityArkType=e.n,exports.UserIdentityTypeBox=e.r,exports.UserIdentityValibot=e.i,exports.createIdentity=e.a;
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import {
|
|
2
|
-
export { EditableShape,
|
|
1
|
+
import { Q as InferZodShape, W as EditableShape, X as InferSession, Y as FromShapeToObject, Z as InferUser, _r as UserShape, at as ValibotShapeToObject, br as UserShapeValibot, cr as Identities, dr as IsZod, fr as SchemaTypes, gr as UserIdentityValibot, hr as UserIdentityTypeBox, it as UserFrom, lr as IsArkType, mr as UserIdentityArkType, nt as SessionFrom, pr as UserIdentity, rt as TypeboxShapeToObject, st as ZodShapeToObject, ur as IsValibot, vr as UserShapeArkType, xr as createIdentity, yr as UserShapeTypeBox, z as ArktypeShapeToObject } from "../index-C9U6ICDT.js";
|
|
2
|
+
export { ArktypeShapeToObject, EditableShape, FromShapeToObject, Identities, InferSession, InferUser, InferZodShape, IsArkType, IsValibot, IsZod, SchemaTypes, SessionFrom, TypeboxShapeToObject, UserFrom, UserIdentity, UserIdentityArkType, UserIdentityTypeBox, UserIdentityValibot, UserShape, UserShapeArkType, UserShapeTypeBox, UserShapeValibot, ValibotShapeToObject, ZodShapeToObject, createIdentity };
|
package/dist/shared/identity.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{
|
|
1
|
+
import{g as e,h as t,t as n,y as r}from"../assert-_fBNnaOk.js";import{z as i}from"zod/v4";import*as a from"valibot";import{type as o}from"arktype";import{Type as s}from"typebox";const c=i.object({sub:i.string(),name:i.string().nullable().optional(),image:i.string().nullable().optional(),email:i.email().nullable().optional()}),l=a.object({sub:a.string(),name:a.optional(a.nullable(a.string())),image:a.optional(a.nullable(a.string())),email:a.optional(a.nullable(a.pipe(a.string(),a.email())))}),u=o({sub:`string`,name:`string | null?`,image:`string | null?`,email:`string.email | null?`}),d=s.Object({sub:s.String(),name:s.Optional(s.Union([s.String(),s.Null()])),image:s.Optional(s.Union([s.String(),s.Null()])),email:s.Optional(s.Union([s.String({format:`email`}),s.Null()]))}),f=o=>n(o)?o:e(o)?a.object(o):r(o)?i.object(o):t(o)?s.Object(o):i.object(o);export{c as UserIdentity,u as UserIdentityArkType,d as UserIdentityTypeBox,l as UserIdentityValibot,f as createIdentity};
|
package/dist/shared/index.cjs
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../assert-
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../assert-hDwQ_SPO.cjs`),t=require(`../logger-G5PinyEc.cjs`);exports.createBasicAuthHeader=e.S,exports.createSyslogMessage=t.n;
|
package/dist/shared/index.d.ts
CHANGED
package/dist/shared/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{
|
|
1
|
+
import{S as e}from"../assert-_fBNnaOk.js";import{n as t}from"../logger-DjXkgSn5.js";export{e as createBasicAuthHeader,t as createSyslogMessage};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aura-stack/auth",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.0",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"description": "Core auth for @aura-stack/auth",
|
|
@@ -70,15 +70,18 @@
|
|
|
70
70
|
},
|
|
71
71
|
"license": "MIT",
|
|
72
72
|
"dependencies": {
|
|
73
|
-
"@aura-stack/router": "^0.
|
|
73
|
+
"@aura-stack/router": "^0.7.0",
|
|
74
|
+
"arktype": "^2.2.0",
|
|
75
|
+
"typebox": "^1.1.38",
|
|
76
|
+
"valibot": "^1.4.0",
|
|
74
77
|
"zod": "4.3.5",
|
|
75
|
-
"@aura-stack/jose": "0.
|
|
78
|
+
"@aura-stack/jose": "0.6.0"
|
|
76
79
|
},
|
|
77
80
|
"devDependencies": {
|
|
78
81
|
"typescript": "^5.9.2",
|
|
79
82
|
"vitest": "4.1.4",
|
|
80
|
-
"@aura-stack/
|
|
81
|
-
"@aura-stack/
|
|
83
|
+
"@aura-stack/tsdown-config": "0.0.0",
|
|
84
|
+
"@aura-stack/tsconfig": "0.0.0"
|
|
82
85
|
},
|
|
83
86
|
"scripts": {
|
|
84
87
|
"dev": "tsdown --watch",
|
|
@@ -92,6 +95,6 @@
|
|
|
92
95
|
"format:check": "oxfmt --check",
|
|
93
96
|
"type-check": "tsc --noEmit",
|
|
94
97
|
"clean": "rm -rf dist",
|
|
95
|
-
"clean:cts": "
|
|
98
|
+
"clean:cts": "find dist -type f -name \"*.cts\" -delete"
|
|
96
99
|
}
|
|
97
100
|
}
|
package/dist/assert-B3iQSYlK.js
DELETED
|
@@ -1,3 +0,0 @@
|
|
|
1
|
-
import{n as e}from"./errors-DFWHOho6.js";import{n as t}from"./env-nvh8QBNz.js";import{encoder as n}from"@aura-stack/jose/crypto";const r=`0.5.0`,i=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,a=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},o=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),s=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},c=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,l=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},u=(e,t)=>{let r=n.encode(e),i=n.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},d=(r,i)=>{let a=t(r)??r,o=t(i)??i;if(!a||!o)throw new e(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encode(s)));return`Basic ${btoa(c)}`},f=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),p=[`<`,`>`,`"`,"`",` `,`\r`,`
|
|
2
|
-
`,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
|
|
3
|
-
`,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],m=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of p)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},h=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,g=e=>{if(e.length>100)return!1;for(let t of p)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},_=(e,t)=>{let n=new URL(e),r=new URL(t);return i(n.origin,r.origin)},v=(e,t)=>{if(!m(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(l(e)?.test(n))return!0;try{if(m(e)&&i(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},y=e=>e?.jwt?.mode??`sealed`,b=e=>y(e)===`signed`,x=e=>y(e)===`encrypted`,S=e=>y(e)===`sealed`;export{u as _,S as a,m as c,i as d,s as f,l as g,a as h,_ as i,r as l,c as m,h as n,b as o,o as p,g as r,v as s,x as t,d as u,f as v};
|
package/dist/assert-NJGroSJd.cjs
DELETED
|
@@ -1,3 +0,0 @@
|
|
|
1
|
-
const e=require(`./errors-CCYPHuBO.cjs`),t=require(`./env-bq387KyP.cjs`);let n=require(`@aura-stack/jose/crypto`);const r=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,i=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},a=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),o=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},s=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,c=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},l=(e,t)=>{let r=n.encoder.encode(e),i=n.encoder.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},u=(r,i)=>{let a=t.n(r)??r,o=t.n(i)??i;if(!a||!o)throw new e.n(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encoder.encode(s)));return`Basic ${btoa(c)}`},d=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),f=[`<`,`>`,`"`,"`",` `,`\r`,`
|
|
2
|
-
`,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
|
|
3
|
-
`,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],p=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of f)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},m=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,h=e=>{if(e.length>100)return!1;for(let t of f)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},g=(e,t)=>{let n=new URL(e),i=new URL(t);return r(n.origin,i.origin)},_=(e,t)=>{if(!p(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(c(e)?.test(n))return!0;try{if(p(e)&&r(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},v=e=>e?.jwt?.mode??`sealed`,y=e=>v(e)===`signed`,b=e=>v(e)===`encrypted`,x=e=>v(e)===`sealed`;Object.defineProperty(exports,`_`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return p}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`g`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`h`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return`0.5.0`}}),Object.defineProperty(exports,`m`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`p`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return u}}),Object.defineProperty(exports,`v`,{enumerable:!0,get:function(){return d}});
|
package/dist/crypto-Bz8nIciY.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
import{i as e,n as t}from"./errors-DFWHOho6.js";import{n}from"./env-nvh8QBNz.js";import{_ as r,a as i,d as a,n as o,o as s,t as c}from"./assert-B3iQSYlK.js";import{encoder as l,getRandomBytes as u,getSubtleCrypto as d}from"@aura-stack/jose/crypto";import{createDeriveKey as f,createJWE as p,createJWS as m,createJWT as h,createSecret as g}from"@aura-stack/jose";import{base64url as _}from"@aura-stack/jose/jose";const v=e=>e?.jwt,y=e=>{let t=v(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},b=(e,t)=>({...y(t),...e}),x=(e,t)=>{let n={};return(s(e)||i(e))&&e?.jwt?.signingAlgorithm&&(n.alg=e.jwt.signingAlgorithm),{...n,...t}},S=(e,t)=>{let n={};return(c(e)||i(e))&&(e?.jwt?.keyAlgorithm&&(n.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(n.enc=e.jwt.encryptionAlgorithm)),{...n,...t}},C=(e,t)=>{let n={};return(s(e)||i(e))&&(e?.jwt?.signingAlgorithm&&(n.algorithms=[e.jwt.signingAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},w=(e,t)=>{let n={};return(c(e)||i(e))&&(e?.jwt?.keyAlgorithm&&(n.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(n.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},T=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},E=(e,r)=>{if(e??=n(`SECRET`),!e)throw new t(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`);let i=n(`SALT`);if(!i)throw new t(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{g(i)}catch(e){throw new t(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:e})}let a=(async()=>{let[t,n,r]=await Promise.all([f(e,i,`signing`),f(e,i,`encryption`),f(e,i,`csrfToken`)]);return{jwt:h({sign:t,encrypt:n}),jws:m(r),jwe:p(n)}})();return a.catch(()=>{}),{signJWS:async(e,t)=>{let{jws:n}=await a;return n.signJWS(b(e,r),x(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await a,i=await n.verifyJWS(e,C(r,t));return T(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await a;return n.encryptJWE(b(e,r),S(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await a,i=await n.decryptJWE(e,w(r,t));return T(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await a;return await n.encodeJWT(b(e,r),{sign:x(r,t?.sign),encrypt:S(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await a,i=await n.decodeJWT(e,{verify:C(r,t?.verify),decrypt:w(r,t?.decrypt)});return T(i),i}}},D=(e=32)=>_.encode(u(e)),O=async e=>{let t=await d().digest(`SHA-256`,l.encode(e));return _.encode(new Uint8Array(t))},k=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??D(n??64);if(r.length<43||r.length>128)throw new e(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await O(r),method:`S256`}},A=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=D(32);return e.signJWS({token:n})}catch{let t=D(32);return e.signJWS({token:t})}},j=async(t,n,i)=>{try{let s=await t.verifyJWS(n),c=await t.verifyJWS(i);if(!o(s))throw new e(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!o(c))throw new e(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!a(s.token.length,c.token.length)||!r(s.token,c.token))throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},M=async(e,t,n=1e5)=>{let r=d(),i=t?_.decode(t):u(16),a=await r.importKey(`raw`,l.encode(e),`PBKDF2`,!1,[`deriveBits`]),o=await r.deriveBits({name:`PBKDF2`,salt:i,iterations:n,hash:`SHA-256`},a,256),s=new Uint8Array(o),c=_.encode(s);return`pbkdf2-sha256:${n}:${_.encode(i)}:${c}`},N=async(e,t)=>{try{let n=t.split(`:`);if(n.length!==4)return!1;let[i,a,o]=n;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);return isNaN(s)?!1:r(await M(e,o,s),t)}catch{return!1}};export{M as a,E as c,D as i,O as n,j as o,k as r,N as s,A as t};
|
package/dist/crypto-CoXA5w_4.cjs
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
const e=require(`./errors-CCYPHuBO.cjs`),t=require(`./env-bq387KyP.cjs`),n=require(`./assert-NJGroSJd.cjs`);let r=require(`@aura-stack/jose/crypto`),i=require(`@aura-stack/jose`),a=require(`@aura-stack/jose/jose`);const o=e=>e?.jwt,s=e=>{let t=o(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},c=(e,t)=>({...s(t),...e}),l=(e,t)=>{let r={};return(n.o(e)||n.a(e))&&e?.jwt?.signingAlgorithm&&(r.alg=e.jwt.signingAlgorithm),{...r,...t}},u=(e,t)=>{let r={};return(n.t(e)||n.a(e))&&(e?.jwt?.keyAlgorithm&&(r.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(r.enc=e.jwt.encryptionAlgorithm)),{...r,...t}},d=(e,t)=>{let r={};return(n.o(e)||n.a(e))&&(e?.jwt?.signingAlgorithm&&(r.algorithms=[e.jwt.signingAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},f=(e,t)=>{let r={};return(n.t(e)||n.a(e))&&(e?.jwt?.keyAlgorithm&&(r.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(r.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},p=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e.i(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},m=(n,r)=>{if(n??=t.n(`SECRET`),!n)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`);let a=t.n(`SALT`);if(!a)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{(0,i.createSecret)(a)}catch(t){throw new e.n(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:t})}let o=(async()=>{let[e,t,r]=await Promise.all([(0,i.createDeriveKey)(n,a,`signing`),(0,i.createDeriveKey)(n,a,`encryption`),(0,i.createDeriveKey)(n,a,`csrfToken`)]);return{jwt:(0,i.createJWT)({sign:e,encrypt:t}),jws:(0,i.createJWS)(r),jwe:(0,i.createJWE)(t)}})();return o.catch(()=>{}),{signJWS:async(e,t)=>{let{jws:n}=await o;return n.signJWS(c(e,r),l(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await o,i=await n.verifyJWS(e,d(r,t));return p(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await o;return n.encryptJWE(c(e,r),u(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await o,i=await n.decryptJWE(e,f(r,t));return p(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await o;return await n.encodeJWT(c(e,r),{sign:l(r,t?.sign),encrypt:u(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await o,i=await n.decodeJWT(e,{verify:d(r,t?.verify),decrypt:f(r,t?.decrypt)});return p(i),i}}},h=(e=32)=>a.base64url.encode((0,r.getRandomBytes)(e)),g=async e=>{let t=await(0,r.getSubtleCrypto)().digest(`SHA-256`,r.encoder.encode(e));return a.base64url.encode(new Uint8Array(t))},_=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??h(n??64);if(r.length<43||r.length>128)throw new e.i(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await g(r),method:`S256`}},v=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=h(32);return e.signJWS({token:n})}catch{let t=h(32);return e.signJWS({token:t})}},y=async(t,r,i)=>{try{let a=await t.verifyJWS(r),o=await t.verifyJWS(i);if(!n.n(a))throw new e.i(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!n.n(o))throw new e.i(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!n.d(a.token.length,o.token.length)||!n._(a.token,o.token))throw new e.i(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e.i(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},b=async(e,t,n=1e5)=>{let i=(0,r.getSubtleCrypto)(),o=t?a.base64url.decode(t):(0,r.getRandomBytes)(16),s=await i.importKey(`raw`,r.encoder.encode(e),`PBKDF2`,!1,[`deriveBits`]),c=await i.deriveBits({name:`PBKDF2`,salt:o,iterations:n,hash:`SHA-256`},s,256),l=new Uint8Array(c),u=a.base64url.encode(l);return`pbkdf2-sha256:${n}:${a.base64url.encode(o)}:${u}`},x=async(e,t)=>{try{let r=t.split(`:`);if(r.length!==4)return!1;let[i,a,o]=r;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);return isNaN(s)?!1:n._(await b(e,o,s),t)}catch{return!1}};Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return v}});
|
package/dist/env-bq387KyP.cjs
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
const e=new Proxy({},{get(e,t){if(typeof t!=`string`)return;let n=e=>e&&Object.prototype.hasOwnProperty.call(e,t);try{if(typeof process<`u`&&n(process.env))return process.env[t];if(n({}.env))return{}.env[t];if(typeof Deno<`u`&&Deno.env?.get)return Deno.env.get(t);if(typeof Bun<`u`&&n(Bun.env))return Bun.env[t];let e=globalThis[t];return typeof e==`string`?e:void 0}catch{return}}}),t=t=>e[[`AURA_AUTH_${t.toUpperCase()}`,`AURA_${t.toUpperCase()}`,`AUTH_${t.toUpperCase()}`,t.toUpperCase()].find(t=>e[t])??``],n=e=>{let n=t(e);if(n===void 0)return!1;let r=n.trim().toLowerCase();return!![`1`,`true`,`yes`,`on`,`debug`].includes(r)},r=(e,n=[])=>{let r=t(e);return r?r.split(/[,;\n]+/).map(e=>e.trim()).filter(Boolean):n};Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return n}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return t}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return e}});
|
package/dist/env-nvh8QBNz.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
const e=new Proxy({},{get(e,t){if(typeof t!=`string`)return;let n=e=>e&&Object.prototype.hasOwnProperty.call(e,t);try{if(typeof process<`u`&&n(process.env))return process.env[t];if(n(import.meta.env))return import.meta.env[t];if(typeof Deno<`u`&&Deno.env?.get)return Deno.env.get(t);if(typeof Bun<`u`&&n(Bun.env))return Bun.env[t];let e=globalThis[t];return typeof e==`string`?e:void 0}catch{return}}}),t=t=>e[[`AURA_AUTH_${t.toUpperCase()}`,`AURA_${t.toUpperCase()}`,`AUTH_${t.toUpperCase()}`,t.toUpperCase()].find(t=>e[t])??``],n=e=>{let n=t(e);if(n===void 0)return!1;let r=n.trim().toLowerCase();return!![`1`,`true`,`yes`,`on`,`debug`].includes(r)},r=(e,n=[])=>{let r=t(e);return r?r.split(/[,;\n]+/).map(e=>e.trim()).filter(Boolean):n};export{n as i,t as n,r,e as t};
|
package/dist/errors-CCYPHuBO.cjs
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
var e=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(e,t,n,r){super(t,r),this.error=e,this.errorURI=n,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},t=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(e,t){super(e,t),this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}},a=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}};const o=e=>e instanceof Error,s=t=>t instanceof e,c=e=>e instanceof t,l=e=>e instanceof n,u=e=>e instanceof r,d=e=>e instanceof a,f=e=>c(e)||l(e)||u(e)||d(e);Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return n}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return t}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return e}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return f}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return d}});
|
package/dist/errors-DFWHOho6.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
var e=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(e,t,n,r){super(t,r),this.error=e,this.errorURI=n,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},t=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(e,t){super(e,t),this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}},a=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}};const o=e=>e instanceof Error,s=t=>t instanceof e,c=e=>e instanceof t,l=e=>e instanceof n,u=e=>e instanceof r,d=e=>e instanceof a,f=e=>c(e)||l(e)||u(e)||d(e);export{a,c,o as d,s as f,n as i,l,t as n,e as o,i as r,f as s,r as t,d as u};
|