@aura-stack/auth 0.6.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/dist/@types/index.cjs +1 -0
  2. package/dist/@types/index.d.ts +2 -2
  3. package/dist/@types/index.js +1 -0
  4. package/dist/assert-DaZSf4SH.cjs +3 -0
  5. package/dist/assert-av6s0a6t.js +3 -0
  6. package/dist/client/index.cjs +1 -1
  7. package/dist/client/index.d.ts +1 -1
  8. package/dist/client/index.js +1 -1
  9. package/dist/crypto-BF4ETYC9.cjs +1 -0
  10. package/dist/crypto-D6aq4c8x.js +1 -0
  11. package/dist/env-BG1x-kSX.js +1 -0
  12. package/dist/env-BhQ2k7jj.cjs +1 -0
  13. package/dist/errors-Czt_w1t_.js +1 -0
  14. package/dist/errors-DcK2ELlk.cjs +1 -0
  15. package/dist/identity-n3aahaEr.cjs +1 -0
  16. package/dist/{index-BkpwQ0l4.d.cts → index-1ADcIVGC.d.ts} +822 -355
  17. package/dist/index.cjs +1 -1
  18. package/dist/index.d.ts +1 -1
  19. package/dist/index.js +1 -1
  20. package/dist/{logger-C59_CDMk.js → logger-BfUjjtxf.js} +1 -1
  21. package/dist/{logger-UnUhYL2V.cjs → logger-CVwkloPj.cjs} +1 -1
  22. package/dist/oauth/atlassian.d.ts +1 -1
  23. package/dist/oauth/bitbucket.d.ts +1 -1
  24. package/dist/oauth/click-up.cjs +1 -0
  25. package/dist/oauth/click-up.d.ts +2 -0
  26. package/dist/oauth/click-up.js +1 -0
  27. package/dist/oauth/discord.d.ts +1 -1
  28. package/dist/oauth/dribbble.cjs +1 -0
  29. package/dist/oauth/dribbble.d.ts +2 -0
  30. package/dist/oauth/dribbble.js +1 -0
  31. package/dist/oauth/dropbox.d.ts +1 -1
  32. package/dist/oauth/figma.d.ts +1 -1
  33. package/dist/oauth/github.d.ts +1 -1
  34. package/dist/oauth/gitlab.d.ts +1 -1
  35. package/dist/oauth/index.cjs +1 -1
  36. package/dist/oauth/index.d.ts +2 -2
  37. package/dist/oauth/index.js +1 -1
  38. package/dist/oauth/mailchimp.d.ts +1 -1
  39. package/dist/oauth/notion.cjs +1 -1
  40. package/dist/oauth/notion.d.ts +1 -1
  41. package/dist/oauth/notion.js +1 -1
  42. package/dist/oauth/pinterest.d.ts +1 -1
  43. package/dist/oauth/spotify.d.ts +1 -1
  44. package/dist/oauth/strava.d.ts +1 -1
  45. package/dist/oauth/twitch.cjs +1 -1
  46. package/dist/oauth/twitch.d.ts +1 -1
  47. package/dist/oauth/twitch.js +1 -1
  48. package/dist/oauth/x.d.ts +1 -1
  49. package/dist/shared/cookies.cjs +1 -0
  50. package/dist/shared/cookies.d.ts +1 -0
  51. package/dist/shared/cookies.js +1 -0
  52. package/dist/shared/crypto.cjs +1 -1
  53. package/dist/shared/crypto.d.ts +26 -2
  54. package/dist/shared/crypto.js +1 -1
  55. package/dist/shared/identity.cjs +1 -1
  56. package/dist/shared/identity.d.ts +2 -2
  57. package/dist/shared/identity.js +1 -1
  58. package/dist/shared/index.cjs +1 -1
  59. package/dist/shared/index.d.ts +1 -1
  60. package/dist/shared/index.js +1 -1
  61. package/package.json +28 -6
  62. package/dist/assert-B3iQSYlK.js +0 -3
  63. package/dist/assert-NJGroSJd.cjs +0 -3
  64. package/dist/crypto-Bz8nIciY.js +0 -1
  65. package/dist/crypto-CoXA5w_4.cjs +0 -1
  66. package/dist/env-bq387KyP.cjs +0 -1
  67. package/dist/env-nvh8QBNz.js +0 -1
  68. package/dist/errors-CCYPHuBO.cjs +0 -1
  69. package/dist/errors-DFWHOho6.js +0 -1
  70. package/dist/index-nqLV2t91.d.ts +0 -2279
  71. package/dist/index.d.cts +0 -2
  72. package/dist/oauth-BntNm6aE.cjs +0 -1
  73. package/dist/oauth-DmHy9VrB.js +0 -1
@@ -1,4 +1,6 @@
1
- import { Nt as JoseInstance, _t as User, xt as AuthRuntimeConfig } from "../index-nqLV2t91.js";
1
+ import { Kt as AsymmetricKeyPairFromEnv, Ot as JoseInstance, gt as AuthRuntimeConfig, mn as User } from "../index-1ADcIVGC.js";
2
+ import * as _$_aura_stack_jose_jose0 from "@aura-stack/jose/jose";
3
+ import { GenerateKeyPairOptions, generateKeyPair as createKeyPair } from "@aura-stack/jose/jose";
2
4
 
3
5
  //#region src/shared/crypto.d.ts
4
6
  declare const createSecretValue: (length?: number) => string;
@@ -43,5 +45,27 @@ declare const hashPassword: (password: string, salt?: string, iterations?: numbe
43
45
  * @returns A promise that resolves to true if the password matches the hash, false otherwise.
44
46
  */
45
47
  declare const verifyPassword: (password: string, hashedPassword: string) => Promise<boolean>;
48
+ /**
49
+ * Imports a PEM-formatted asymmetric key pair from strings.
50
+ *
51
+ * @param key - An object containing the public and private keys as PEM-formatted strings
52
+ * @param algorithm - The intended algorithm for the keys (e.g. "RS256" for RSA signing, "RSA-OAEP" for RSA encryption)
53
+ * @returns A Promise that resolves to a CryptoKeyPair with the imported keys
54
+ */
55
+ declare const importPEMKeyPair: (key: AsymmetricKeyPairFromEnv, algorithm: string) => Promise<{
56
+ publicKey: CryptoKey;
57
+ privateKey: CryptoKey;
58
+ }>;
59
+ /**
60
+ * Generates a new asymmetric key pair and exports it in JWK format.
61
+ *
62
+ * @param alg - The intended algorithm for the keys (e.g. "RS256" for RSA signing, "RSA-OAEP" for RSA encryption)
63
+ * @param options - Optional parameters for key generation (e.g. modulusLength for RSA)
64
+ * @returns A Promise that resolves to an object containing the public and private keys in JWK format
65
+ */
66
+ declare const exportJWKKeyPair: (alg: string, options?: GenerateKeyPairOptions) => Promise<{
67
+ publicKey: _$_aura_stack_jose_jose0.JWK;
68
+ privateKey: _$_aura_stack_jose_jose0.JWK;
69
+ }>;
46
70
  //#endregion
47
- export { createCSRF, createHash, createPKCE, createSecretValue, hashPassword, verifyCSRF, verifyPassword };
71
+ export { createCSRF, createHash, createKeyPair, createPKCE, createSecretValue, exportJWKKeyPair, hashPassword, importPEMKeyPair, verifyCSRF, verifyPassword };
@@ -1 +1 @@
1
- import{a as e,i as t,n,o as r,r as i,s as a,t as o}from"../crypto-Bz8nIciY.js";export{o as createCSRF,n as createHash,i as createPKCE,t as createSecretValue,e as hashPassword,r as verifyCSRF,a as verifyPassword};
1
+ import{a as e,c as t,i as n,l as r,n as i,o as a,r as o,s,t as c,u as l}from"../crypto-D6aq4c8x.js";export{c as createCSRF,i as createHash,o as createKeyPair,n as createPKCE,e as createSecretValue,a as exportJWKKeyPair,s as hashPassword,t as importPEMKeyPair,r as verifyCSRF,l as verifyPassword};
@@ -1 +1 @@
1
- Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});let e=require(`zod/v4`);const t=e.z.object({sub:(0,e.string)(),name:(0,e.string)().nullable().optional(),image:(0,e.string)().nullable().optional(),email:(0,e.email)().nullable().optional()}),n=t=>e.z.object(t);exports.UserIdentity=t,exports.createIdentity=n;
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../identity-n3aahaEr.cjs`);exports.UserIdentity=e.t,exports.UserIdentityArkType=e.n,exports.UserIdentityTypeBox=e.r,exports.UserIdentityValibot=e.i,exports.createIdentity=e.a;
@@ -1,2 +1,2 @@
1
- import { Bn as UserIdentity, G as InferShape, H as EditableShape, Hn as UserShape, U as InferAuthIdentity, Un as createIdentity, Vn as UserIdentityType, W as InferIdentity, Y as ShapeToObject } from "../index-nqLV2t91.js";
2
- export { EditableShape, InferAuthIdentity, InferIdentity, InferShape, ShapeToObject, UserIdentity, UserIdentityType, UserShape, createIdentity };
1
+ import { $ as FromShapeToObject, Cr as UserShapeArkType, Er as createIdentity, H as ArktypeShapeToObject, Sr as UserShape, Tr as UserShapeValibot, _r as SchemaTypes, br as UserIdentityTypeBox, ct as TypeboxShapeToObject, et as InferSession, ft as ZodShapeToObject, gr as IsZod, hr as IsValibot, lt as UserFrom, mr as IsArkType, nt as InferZodShape, pr as Identities, q as EditableShape, st as SessionFrom, tt as InferUser, ut as ValibotShapeToObject, vr as UserIdentity, wr as UserShapeTypeBox, xr as UserIdentityValibot, yr as UserIdentityArkType } from "../index-1ADcIVGC.js";
2
+ export { ArktypeShapeToObject, EditableShape, FromShapeToObject, Identities, InferSession, InferUser, InferZodShape, IsArkType, IsValibot, IsZod, SchemaTypes, SessionFrom, TypeboxShapeToObject, UserFrom, UserIdentity, UserIdentityArkType, UserIdentityTypeBox, UserIdentityValibot, UserShape, UserShapeArkType, UserShapeTypeBox, UserShapeValibot, ValibotShapeToObject, ZodShapeToObject, createIdentity };
@@ -1 +1 @@
1
- import{email as e,string as t,z as n}from"zod/v4";const r=n.object({sub:t(),name:t().nullable().optional(),image:t().nullable().optional(),email:e().nullable().optional()}),i=e=>n.object(e);export{r as UserIdentity,i as createIdentity};
1
+ import{g as e,h as t,t as n,y as r}from"../assert-av6s0a6t.js";import{z as i}from"zod/v4";import{type as a}from"arktype";import{Type as o}from"typebox";import*as s from"valibot";const c=i.object({sub:i.string(),name:i.string().nullable().optional(),image:i.string().nullable().optional(),email:i.email().nullable().optional()}),l=s.object({sub:s.string(),name:s.optional(s.nullable(s.string())),image:s.optional(s.nullable(s.string())),email:s.optional(s.nullable(s.pipe(s.string(),s.email())))}),u=a({sub:`string`,name:`string | null?`,image:`string | null?`,email:`string.email | null?`}),d=o.Object({sub:o.String(),name:o.Optional(o.Union([o.String(),o.Null()])),image:o.Optional(o.Union([o.String(),o.Null()])),email:o.Optional(o.Union([o.String({format:`email`}),o.Null()]))}),f=a=>n(a)?a:e(a)?s.object(a):r(a)?i.object(a):t(a)?o.Object(a):i.object(a);export{c as UserIdentity,u as UserIdentityArkType,d as UserIdentityTypeBox,l as UserIdentityValibot,f as createIdentity};
@@ -1 +1 @@
1
- Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../assert-NJGroSJd.cjs`),t=require(`../logger-UnUhYL2V.cjs`);exports.createBasicAuthHeader=e.u,exports.createSyslogMessage=t.n;
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../assert-DaZSf4SH.cjs`),t=require(`../logger-CVwkloPj.cjs`);exports.createBasicAuthHeader=e.S,exports.createSyslogMessage=t.n;
@@ -1,4 +1,4 @@
1
- import { zn as createSyslogMessage } from "../index-nqLV2t91.js";
1
+ import { fr as createSyslogMessage } from "../index-1ADcIVGC.js";
2
2
  //#region src/shared/utils.d.ts
3
3
  declare const createBasicAuthHeader: (username: string, password: string) => string;
4
4
  //#endregion
@@ -1 +1 @@
1
- import{u as e}from"../assert-B3iQSYlK.js";import{n as t}from"../logger-C59_CDMk.js";export{e as createBasicAuthHeader,t as createSyslogMessage};
1
+ import{S as e}from"../assert-av6s0a6t.js";import{n as t}from"../logger-BfUjjtxf.js";export{e as createBasicAuthHeader,t as createSyslogMessage};
package/package.json CHANGED
@@ -1,9 +1,9 @@
1
1
  {
2
2
  "name": "@aura-stack/auth",
3
- "version": "0.6.0",
3
+ "version": "0.7.1",
4
4
  "private": false,
5
5
  "type": "module",
6
- "description": "Core auth for @aura-stack/auth",
6
+ "description": "Open-source authentication and authorization library for modern TypeScript and JavaScript applications. Framework-agnostic, runtime-agnostic and built on web standards.",
7
7
  "repository": {
8
8
  "type": "git",
9
9
  "url": "git+https://github.com/aura-stack-ts/auth"
@@ -56,12 +56,31 @@
56
56
  "types": "./dist/shared/index.d.ts",
57
57
  "import": "./dist/shared/index.js",
58
58
  "require": "./dist/shared/index.cjs"
59
+ },
60
+ "./cookies": {
61
+ "types": "./dist/shared/cookies.d.ts",
62
+ "import": "./dist/shared/cookies.js",
63
+ "require": "./dist/shared/cookies.cjs"
59
64
  }
60
65
  },
61
66
  "keywords": [
62
67
  "auth",
68
+ "oauth",
69
+ "oauth2",
70
+ "security",
63
71
  "session",
64
- "authentication"
72
+ "authentication",
73
+ "authorization",
74
+ "typescript",
75
+ "javascript",
76
+ "node",
77
+ "bun",
78
+ "deno",
79
+ "edge",
80
+ "aura-stack",
81
+ "aura-stack-ts",
82
+ "aura auth",
83
+ "aura-auth"
65
84
  ],
66
85
  "author": "Aura Stack <aurastackjs@gmail.com> | Hernan Alvarado <halvaradop.dev@gmail.com>",
67
86
  "homepage": "https://aura-stack-auth.vercel.app",
@@ -70,9 +89,12 @@
70
89
  },
71
90
  "license": "MIT",
72
91
  "dependencies": {
73
- "@aura-stack/router": "^0.6.0",
92
+ "@aura-stack/router": "^0.7.2",
93
+ "arktype": "^2.2.0",
94
+ "typebox": "^1.1.38",
95
+ "valibot": "^1.4.0",
74
96
  "zod": "4.3.5",
75
- "@aura-stack/jose": "0.5.0"
97
+ "@aura-stack/jose": "0.6.0"
76
98
  },
77
99
  "devDependencies": {
78
100
  "typescript": "^5.9.2",
@@ -92,6 +114,6 @@
92
114
  "format:check": "oxfmt --check",
93
115
  "type-check": "tsc --noEmit",
94
116
  "clean": "rm -rf dist",
95
- "clean:cts": "if [ -d dist ]; then find dist -type f -name \"*.cts\" -delete; fi"
117
+ "clean:cts": "[ -d dist ] && find dist -type f -name \"*.cts\" -delete || true"
96
118
  }
97
119
  }
@@ -1,3 +0,0 @@
1
- import{n as e}from"./errors-DFWHOho6.js";import{n as t}from"./env-nvh8QBNz.js";import{encoder as n}from"@aura-stack/jose/crypto";const r=`0.5.0`,i=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,a=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},o=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),s=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},c=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,l=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},u=(e,t)=>{let r=n.encode(e),i=n.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},d=(r,i)=>{let a=t(r)??r,o=t(i)??i;if(!a||!o)throw new e(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encode(s)));return`Basic ${btoa(c)}`},f=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),p=[`<`,`>`,`"`,"`",` `,`\r`,`
2
- `,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
3
- `,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],m=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of p)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},h=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,g=e=>{if(e.length>100)return!1;for(let t of p)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},_=(e,t)=>{let n=new URL(e),r=new URL(t);return i(n.origin,r.origin)},v=(e,t)=>{if(!m(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(l(e)?.test(n))return!0;try{if(m(e)&&i(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},y=e=>e?.jwt?.mode??`sealed`,b=e=>y(e)===`signed`,x=e=>y(e)===`encrypted`,S=e=>y(e)===`sealed`;export{u as _,S as a,m as c,i as d,s as f,l as g,a as h,_ as i,r as l,c as m,h as n,b as o,o as p,g as r,v as s,x as t,d as u,f as v};
@@ -1,3 +0,0 @@
1
- const e=require(`./errors-CCYPHuBO.cjs`),t=require(`./env-bq387KyP.cjs`);let n=require(`@aura-stack/jose/crypto`);const r=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,i=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},a=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),o=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},s=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,c=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},l=(e,t)=>{let r=n.encoder.encode(e),i=n.encoder.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},u=(r,i)=>{let a=t.n(r)??r,o=t.n(i)??i;if(!a||!o)throw new e.n(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encoder.encode(s)));return`Basic ${btoa(c)}`},d=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),f=[`<`,`>`,`"`,"`",` `,`\r`,`
2
- `,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
3
- `,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],p=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of f)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},m=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,h=e=>{if(e.length>100)return!1;for(let t of f)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},g=(e,t)=>{let n=new URL(e),i=new URL(t);return r(n.origin,i.origin)},_=(e,t)=>{if(!p(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(c(e)?.test(n))return!0;try{if(p(e)&&r(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},v=e=>e?.jwt?.mode??`sealed`,y=e=>v(e)===`signed`,b=e=>v(e)===`encrypted`,x=e=>v(e)===`sealed`;Object.defineProperty(exports,`_`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return p}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`g`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`h`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return`0.5.0`}}),Object.defineProperty(exports,`m`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`p`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return u}}),Object.defineProperty(exports,`v`,{enumerable:!0,get:function(){return d}});
@@ -1 +0,0 @@
1
- import{i as e,n as t}from"./errors-DFWHOho6.js";import{n}from"./env-nvh8QBNz.js";import{_ as r,a as i,d as a,n as o,o as s,t as c}from"./assert-B3iQSYlK.js";import{encoder as l,getRandomBytes as u,getSubtleCrypto as d}from"@aura-stack/jose/crypto";import{createDeriveKey as f,createJWE as p,createJWS as m,createJWT as h,createSecret as g}from"@aura-stack/jose";import{base64url as _}from"@aura-stack/jose/jose";const v=e=>e?.jwt,y=e=>{let t=v(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},b=(e,t)=>({...y(t),...e}),x=(e,t)=>{let n={};return(s(e)||i(e))&&e?.jwt?.signingAlgorithm&&(n.alg=e.jwt.signingAlgorithm),{...n,...t}},S=(e,t)=>{let n={};return(c(e)||i(e))&&(e?.jwt?.keyAlgorithm&&(n.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(n.enc=e.jwt.encryptionAlgorithm)),{...n,...t}},C=(e,t)=>{let n={};return(s(e)||i(e))&&(e?.jwt?.signingAlgorithm&&(n.algorithms=[e.jwt.signingAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},w=(e,t)=>{let n={};return(c(e)||i(e))&&(e?.jwt?.keyAlgorithm&&(n.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(n.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},T=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},E=(e,r)=>{if(e??=n(`SECRET`),!e)throw new t(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`);let i=n(`SALT`);if(!i)throw new t(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{g(i)}catch(e){throw new t(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:e})}let a=(async()=>{let[t,n,r]=await Promise.all([f(e,i,`signing`),f(e,i,`encryption`),f(e,i,`csrfToken`)]);return{jwt:h({sign:t,encrypt:n}),jws:m(r),jwe:p(n)}})();return a.catch(()=>{}),{signJWS:async(e,t)=>{let{jws:n}=await a;return n.signJWS(b(e,r),x(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await a,i=await n.verifyJWS(e,C(r,t));return T(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await a;return n.encryptJWE(b(e,r),S(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await a,i=await n.decryptJWE(e,w(r,t));return T(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await a;return await n.encodeJWT(b(e,r),{sign:x(r,t?.sign),encrypt:S(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await a,i=await n.decodeJWT(e,{verify:C(r,t?.verify),decrypt:w(r,t?.decrypt)});return T(i),i}}},D=(e=32)=>_.encode(u(e)),O=async e=>{let t=await d().digest(`SHA-256`,l.encode(e));return _.encode(new Uint8Array(t))},k=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??D(n??64);if(r.length<43||r.length>128)throw new e(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await O(r),method:`S256`}},A=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=D(32);return e.signJWS({token:n})}catch{let t=D(32);return e.signJWS({token:t})}},j=async(t,n,i)=>{try{let s=await t.verifyJWS(n),c=await t.verifyJWS(i);if(!o(s))throw new e(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!o(c))throw new e(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!a(s.token.length,c.token.length)||!r(s.token,c.token))throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},M=async(e,t,n=1e5)=>{let r=d(),i=t?_.decode(t):u(16),a=await r.importKey(`raw`,l.encode(e),`PBKDF2`,!1,[`deriveBits`]),o=await r.deriveBits({name:`PBKDF2`,salt:i,iterations:n,hash:`SHA-256`},a,256),s=new Uint8Array(o),c=_.encode(s);return`pbkdf2-sha256:${n}:${_.encode(i)}:${c}`},N=async(e,t)=>{try{let n=t.split(`:`);if(n.length!==4)return!1;let[i,a,o]=n;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);return isNaN(s)?!1:r(await M(e,o,s),t)}catch{return!1}};export{M as a,E as c,D as i,O as n,j as o,k as r,N as s,A as t};
@@ -1 +0,0 @@
1
- const e=require(`./errors-CCYPHuBO.cjs`),t=require(`./env-bq387KyP.cjs`),n=require(`./assert-NJGroSJd.cjs`);let r=require(`@aura-stack/jose/crypto`),i=require(`@aura-stack/jose`),a=require(`@aura-stack/jose/jose`);const o=e=>e?.jwt,s=e=>{let t=o(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},c=(e,t)=>({...s(t),...e}),l=(e,t)=>{let r={};return(n.o(e)||n.a(e))&&e?.jwt?.signingAlgorithm&&(r.alg=e.jwt.signingAlgorithm),{...r,...t}},u=(e,t)=>{let r={};return(n.t(e)||n.a(e))&&(e?.jwt?.keyAlgorithm&&(r.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(r.enc=e.jwt.encryptionAlgorithm)),{...r,...t}},d=(e,t)=>{let r={};return(n.o(e)||n.a(e))&&(e?.jwt?.signingAlgorithm&&(r.algorithms=[e.jwt.signingAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},f=(e,t)=>{let r={};return(n.t(e)||n.a(e))&&(e?.jwt?.keyAlgorithm&&(r.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(r.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},p=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e.i(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},m=(n,r)=>{if(n??=t.n(`SECRET`),!n)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`);let a=t.n(`SALT`);if(!a)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{(0,i.createSecret)(a)}catch(t){throw new e.n(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:t})}let o=(async()=>{let[e,t,r]=await Promise.all([(0,i.createDeriveKey)(n,a,`signing`),(0,i.createDeriveKey)(n,a,`encryption`),(0,i.createDeriveKey)(n,a,`csrfToken`)]);return{jwt:(0,i.createJWT)({sign:e,encrypt:t}),jws:(0,i.createJWS)(r),jwe:(0,i.createJWE)(t)}})();return o.catch(()=>{}),{signJWS:async(e,t)=>{let{jws:n}=await o;return n.signJWS(c(e,r),l(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await o,i=await n.verifyJWS(e,d(r,t));return p(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await o;return n.encryptJWE(c(e,r),u(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await o,i=await n.decryptJWE(e,f(r,t));return p(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await o;return await n.encodeJWT(c(e,r),{sign:l(r,t?.sign),encrypt:u(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await o,i=await n.decodeJWT(e,{verify:d(r,t?.verify),decrypt:f(r,t?.decrypt)});return p(i),i}}},h=(e=32)=>a.base64url.encode((0,r.getRandomBytes)(e)),g=async e=>{let t=await(0,r.getSubtleCrypto)().digest(`SHA-256`,r.encoder.encode(e));return a.base64url.encode(new Uint8Array(t))},_=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??h(n??64);if(r.length<43||r.length>128)throw new e.i(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await g(r),method:`S256`}},v=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=h(32);return e.signJWS({token:n})}catch{let t=h(32);return e.signJWS({token:t})}},y=async(t,r,i)=>{try{let a=await t.verifyJWS(r),o=await t.verifyJWS(i);if(!n.n(a))throw new e.i(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!n.n(o))throw new e.i(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!n.d(a.token.length,o.token.length)||!n._(a.token,o.token))throw new e.i(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e.i(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},b=async(e,t,n=1e5)=>{let i=(0,r.getSubtleCrypto)(),o=t?a.base64url.decode(t):(0,r.getRandomBytes)(16),s=await i.importKey(`raw`,r.encoder.encode(e),`PBKDF2`,!1,[`deriveBits`]),c=await i.deriveBits({name:`PBKDF2`,salt:o,iterations:n,hash:`SHA-256`},s,256),l=new Uint8Array(c),u=a.base64url.encode(l);return`pbkdf2-sha256:${n}:${a.base64url.encode(o)}:${u}`},x=async(e,t)=>{try{let r=t.split(`:`);if(r.length!==4)return!1;let[i,a,o]=r;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);return isNaN(s)?!1:n._(await b(e,o,s),t)}catch{return!1}};Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return v}});
@@ -1 +0,0 @@
1
- const e=new Proxy({},{get(e,t){if(typeof t!=`string`)return;let n=e=>e&&Object.prototype.hasOwnProperty.call(e,t);try{if(typeof process<`u`&&n(process.env))return process.env[t];if(n({}.env))return{}.env[t];if(typeof Deno<`u`&&Deno.env?.get)return Deno.env.get(t);if(typeof Bun<`u`&&n(Bun.env))return Bun.env[t];let e=globalThis[t];return typeof e==`string`?e:void 0}catch{return}}}),t=t=>e[[`AURA_AUTH_${t.toUpperCase()}`,`AURA_${t.toUpperCase()}`,`AUTH_${t.toUpperCase()}`,t.toUpperCase()].find(t=>e[t])??``],n=e=>{let n=t(e);if(n===void 0)return!1;let r=n.trim().toLowerCase();return!![`1`,`true`,`yes`,`on`,`debug`].includes(r)},r=(e,n=[])=>{let r=t(e);return r?r.split(/[,;\n]+/).map(e=>e.trim()).filter(Boolean):n};Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return n}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return t}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return e}});
@@ -1 +0,0 @@
1
- const e=new Proxy({},{get(e,t){if(typeof t!=`string`)return;let n=e=>e&&Object.prototype.hasOwnProperty.call(e,t);try{if(typeof process<`u`&&n(process.env))return process.env[t];if(n(import.meta.env))return import.meta.env[t];if(typeof Deno<`u`&&Deno.env?.get)return Deno.env.get(t);if(typeof Bun<`u`&&n(Bun.env))return Bun.env[t];let e=globalThis[t];return typeof e==`string`?e:void 0}catch{return}}}),t=t=>e[[`AURA_AUTH_${t.toUpperCase()}`,`AURA_${t.toUpperCase()}`,`AUTH_${t.toUpperCase()}`,t.toUpperCase()].find(t=>e[t])??``],n=e=>{let n=t(e);if(n===void 0)return!1;let r=n.trim().toLowerCase();return!![`1`,`true`,`yes`,`on`,`debug`].includes(r)},r=(e,n=[])=>{let r=t(e);return r?r.split(/[,;\n]+/).map(e=>e.trim()).filter(Boolean):n};export{n as i,t as n,r,e as t};
@@ -1 +0,0 @@
1
- var e=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(e,t,n,r){super(t,r),this.error=e,this.errorURI=n,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},t=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(e,t){super(e,t),this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}},a=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}};const o=e=>e instanceof Error,s=t=>t instanceof e,c=e=>e instanceof t,l=e=>e instanceof n,u=e=>e instanceof r,d=e=>e instanceof a,f=e=>c(e)||l(e)||u(e)||d(e);Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return n}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return t}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return e}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return f}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return d}});
@@ -1 +0,0 @@
1
- var e=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(e,t,n,r){super(t,r),this.error=e,this.errorURI=n,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},t=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(e,t){super(e,t),this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}},a=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(e,t,n){super(t,n),this.code=e,this.name=new.target.name,Error?.captureStackTrace?.(this,new.target)}};const o=e=>e instanceof Error,s=t=>t instanceof e,c=e=>e instanceof t,l=e=>e instanceof n,u=e=>e instanceof r,d=e=>e instanceof a,f=e=>c(e)||l(e)||u(e)||d(e);export{a,c,o as d,s as f,n as i,l,t as n,e as o,i as r,f as s,r as t,d as u};