@aura-stack/auth 0.7.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.cjs +1 -0
- package/dist/@types/index.d.ts +2 -2
- package/dist/@types/index.js +1 -0
- package/dist/{assert-hDwQ_SPO.cjs → assert-DaZSf4SH.cjs} +1 -1
- package/dist/{assert-_fBNnaOk.js → assert-av6s0a6t.js} +1 -1
- package/dist/client/index.cjs +1 -1
- package/dist/client/index.d.ts +1 -1
- package/dist/client/index.js +1 -1
- package/dist/{crypto-D6_SoGMH.cjs → crypto-BF4ETYC9.cjs} +1 -1
- package/dist/{crypto-DyrRzBSQ.js → crypto-D6aq4c8x.js} +1 -1
- package/dist/identity-n3aahaEr.cjs +1 -0
- package/dist/{index-C9U6ICDT.d.ts → index-1ADcIVGC.d.ts} +229 -279
- package/dist/index.cjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/dist/{logger-DjXkgSn5.js → logger-BfUjjtxf.js} +1 -1
- package/dist/{logger-G5PinyEc.cjs → logger-CVwkloPj.cjs} +1 -1
- package/dist/oauth/atlassian.d.ts +1 -1
- package/dist/oauth/bitbucket.d.ts +1 -1
- package/dist/oauth/click-up.d.ts +1 -1
- package/dist/oauth/discord.d.ts +1 -1
- package/dist/oauth/dribbble.d.ts +1 -1
- package/dist/oauth/dropbox.d.ts +1 -1
- package/dist/oauth/figma.d.ts +1 -1
- package/dist/oauth/github.d.ts +1 -1
- package/dist/oauth/gitlab.d.ts +1 -1
- package/dist/oauth/index.cjs +1 -1
- package/dist/oauth/index.d.ts +1 -1
- package/dist/oauth/index.js +1 -1
- package/dist/oauth/mailchimp.d.ts +1 -1
- package/dist/oauth/notion.cjs +1 -1
- package/dist/oauth/notion.d.ts +1 -1
- package/dist/oauth/notion.js +1 -1
- package/dist/oauth/pinterest.d.ts +1 -1
- package/dist/oauth/spotify.d.ts +1 -1
- package/dist/oauth/strava.d.ts +1 -1
- package/dist/oauth/twitch.cjs +1 -1
- package/dist/oauth/twitch.d.ts +1 -1
- package/dist/oauth/twitch.js +1 -1
- package/dist/oauth/x.d.ts +1 -1
- package/dist/shared/cookies.cjs +1 -0
- package/dist/shared/cookies.d.ts +1 -0
- package/dist/shared/cookies.js +1 -0
- package/dist/shared/crypto.cjs +1 -1
- package/dist/shared/crypto.d.ts +1 -1
- package/dist/shared/crypto.js +1 -1
- package/dist/shared/identity.cjs +1 -1
- package/dist/shared/identity.d.ts +1 -1
- package/dist/shared/identity.js +1 -1
- package/dist/shared/index.cjs +1 -1
- package/dist/shared/index.d.ts +1 -1
- package/dist/shared/index.js +1 -1
- package/package.json +26 -7
- package/dist/identity-b8FCr0Oa.cjs +0 -1
- package/dist/oauth-D3_mnBOx.js +0 -1
- package/dist/oauth-gPiWxjBd.cjs +0 -1
- /package/dist/{env-CJtSi1eX.js → env-BG1x-kSX.js} +0 -0
- /package/dist/{env-7as-tgzO.cjs → env-BhQ2k7jj.cjs} +0 -0
package/dist/@types/index.cjs
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-n3aahaEr.cjs`);let e=require(`zod/v4`);const t=e.z.union([(0,e.string)().url(),(0,e.object)({url:(0,e.string)().url(),params:(0,e.object)({owner:(0,e.string)().optional(),responseType:(0,e.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:(0,e.string)().optional()})})]),n=e.z.union([(0,e.string)().url(),(0,e.object)({url:(0,e.string)().url(),headers:e.z.record((0,e.string)(),(0,e.string)()).optional()})]),r=e.z.union([(0,e.string)().url(),(0,e.object)({url:(0,e.string)().url(),headers:e.z.record((0,e.string)(),(0,e.string)()).optional(),method:(0,e.string)().optional()})]),i=(0,e.object)({id:(0,e.string)(),name:(0,e.string)(),authorize:t.optional(),authorizeURL:(0,e.string)().url().optional(),accessToken:n,scope:(0,e.string)().optional(),userInfo:r,responseType:(0,e.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,e.string)(),clientSecret:(0,e.string)(),profile:e.z.function().optional()}),a=(0,e.object)({authorize:t.optional(),authorizeURL:(0,e.string)().url().optional(),accessToken:n,scope:(0,e.string)().optional(),userInfo:r,responseType:(0,e.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,e.string)(),clientSecret:(0,e.string)()}),o=a.extend({redirectURI:(0,e.string)(),state:(0,e.string)(),codeChallenge:(0,e.string)(),codeChallengeMethod:(0,e.enum)([`plain`,`S256`])});(0,e.object)({state:(0,e.string)({message:`Missing state parameter in the OAuth authorization response.`}),code:(0,e.string)({message:`Missing code parameter in the OAuth authorization response.`})});const s=(0,e.object)({error:(0,e.enum)([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:(0,e.string)().optional(),error_uri:(0,e.string)().optional(),state:(0,e.string)()});a.extend({redirectURI:(0,e.string)(),code:(0,e.string)(),codeVerifier:(0,e.string)().min(43).max(128)});const c=(0,e.object)({access_token:(0,e.string)(),token_type:(0,e.string)().optional(),expires_in:(0,e.number)().optional(),refresh_token:(0,e.string)().optional(),scope:(0,e.union)([(0,e.string)().optional().or((0,e.null)()),(0,e.array)((0,e.string)()).optional()])}),l=(0,e.object)({error:(0,e.enum)([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:(0,e.string)().optional(),error_uri:(0,e.string)().optional()}),u=(0,e.object)({error:(0,e.string)(),error_description:(0,e.string)().optional()}),d=(0,e.object)({clientId:e.z.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:e.z.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),f=(0,e.object)({redirect:e.z.stringbool().optional().default(!0),redirectTo:(0,e.string)().optional()}),p=(0,e.object)({username:(0,e.string)(),password:(0,e.string)()});exports.a=s,exports.c=i,exports.i=o,exports.l=f,exports.n=l,exports.o=d,exports.r=c,exports.s=u,exports.t=p;
|
package/dist/@types/index.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { $ as
|
|
2
|
-
export { APIErrorMap, APIOptionsWithRedirectTo, APIOptionsWithRequest, APIOptionsWithSkipCSRFCheck, AccessTokenError, ArktypeShapeToObject, AsymmetricKeyPair, AsymmetricKeyPairFromEnv, AuthAPI, AuthClient, AuthClientOptions, AuthConfig, AuthInstance, AuthInternalErrorCode, AuthResponse, AuthRuntimeConfig, AuthSecurityErrorCode, AuthorizationError, AuthorizeParams, BuiltInOAuthProvider, ConfigSchema, CookieConfig, CookieName, CookieStoreConfig, CookieStrategyAttributes, CreateSessionStrategyOptions, CredentialsPayload, CredentialsProvider, CredentialsProviderContext, CryptoSecret, DeepPartial, DeepRequired, EditableShape, EditableShapeArkType, EditableShapeTypebox, EditableShapeValibot, EditableShapeZod, ErrorType, FromShapeToObject, FunctionAPIContext, GetSessionAPIOptions, GetSessionAPIReturn, GetStatelessSessionReturn, HostCookie, IdentityConfig, InferSession, InferUser, InferZodShape, InternalContext, InternalLogger, JWTConfig, JWTConfigBase, JWTEncryptedMode, JWTEncryptionAlgorithm, JWTExpirationStrategy, JWTKey, JWTKeyAlgorithm, JWTManager, JWTMode, JWTPayloadWithToken, JWTSealedMode, JWTSignedMode, JWTSigningAlgorithm, JWTStandardClaims, JWTStrategyOptions, JoseInstance, LiteralUnion, LogLevel, Logger, Merge, OAuthEnv, OAuthError, OAuthProvider, OAuthProviderConfig, OAuthProviderCredentials, OAuthProviderRecord, OptionsWithRedirectTo, Prettify, ResponseType, RouterGlobalContext, SchemaRegistryContext, SecretKey, SecureCookie, Session, SessionConfig, SessionFrom, SessionStrategy, Severity, SignInAPIOptions, SignInAPIReturn, SignInCredentialsAPIOptions, SignInCredentialsAPIReturn, SignInCredentialsOptions, SignInCredentialsReturn, SignInOptions, SignInReturn, SignOutAPIOptions, SignOutAPIReturn, SignOutOptions, SignOutReturn, StandardCookie, StatelessStrategyConfig, SyslogOptions, TokenRevocationError, TrustedOrigin, TrustedProxyHeadersConfig, TypeboxShapeToObject, TypedJWTPayload, UpdateSessionAPIOptions, UpdateSessionAPIReturn, UpdateSessionOptions, UpdateSessionReturn, User, UserFrom, UserShape, ValibotShapeToObject, Wrap, ZodShapeToObject };
|
|
1
|
+
import { $ as FromShapeToObject, $t as JWTEncryptionAlgorithm, A as UpdateSessionOptions, At as Logger, B as TokenRevocationError, Bt as OAuthProvider, C as SignOutAPIOptions, Ct as CredentialsProviderContext, D as SignOutReturnData, Dt as InternalLogger, E as SignOutReturn, Et as InternalContext, F as AuthInternalErrorCode, Ft as StandardCookie, G as DeepPartial, Gt as AsymmetricKeyPair, H as ArktypeShapeToObject, Ht as OAuthProviderCredentials, I as AuthSecurityErrorCode, It as SyslogOptions, J as EditableShapeArkType, Jt as CryptoSecret, K as DeepRequired, Kt as AsymmetricKeyPairFromEnv, L as AuthorizationError, Lt as TrustedOrigin, M as UpdateSessionReturnData, Mt as SchemaRegistryContext, N as APIErrorMap, Nt as SecureCookie, O as UpdateSessionAPIOptions, Ot as JoseInstance, P as AccessTokenError, Pt as Severity, Q as EditableUser, Qt as JWTEncryptedMode, R as ErrorType, Rt as TrustedProxyHeadersConfig, S as SignInReturn, Sr as UserShape, St as CredentialsProvider, T as SignOutOptions, Tt as IdentityConfig, U as AuthResponse, Ut as OAuthProviderRecord, Vt as OAuthProviderConfig, W as ConfigSchema, Wt as ResponseType, X as EditableShapeValibot, Xt as JWTConfig, Y as EditableShapeTypebox, Yt as GetStatelessSessionReturn, Z as EditableShapeZod, Zt as JWTConfigBase, _ as SignInCredentialsAPIReturn, _t as CookieConfig, a as OAuthEnv, an as JWTSealedMode, at as Prettify, b as SignInCredentialsReturnData, bt as CookieStrategyAttributes, c as APIOptionsWithRequest, cn as JWTStrategyOptions, ct as TypeboxShapeToObject, d as GetSessionAPIOptions, dn as SessionConfig, dt as Wrap, en as JWTExpirationStrategy, et as InferSession, f as GetSessionAPIReturn, fn as SessionStrategy, ft as ZodShapeToObject, g as SignInCredentialsAPIOptions, gt as AuthRuntimeConfig, h as SignInAPIReturn, hn as BuiltInOAuthProvider, ht as AuthInstance, i as JWTStandardClaims, in as JWTMode, it as Merge, j as UpdateSessionReturn, jt as RouterGlobalContext, k as UpdateSessionAPIReturn, kt as LogLevel, l as APIOptionsWithSkipCSRFCheck, ln as SecretKey, lt as UserFrom, m as SignInAPIOptions, mn as User, mt as AuthConfig, n as AuthClientOptions, nn as JWTKeyAlgorithm, nt as InferZodShape, o as TypedJWTPayload, on as JWTSignedMode, ot as RequiredKeys, p as OptionsWithRedirectTo, pn as StatelessStrategyConfig, pt as AuthAPI, q as EditableShape, qt as CreateSessionStrategyOptions, r as JWTPayloadWithToken, rn as JWTManager, rt as LiteralUnion, s as APIOptionsWithRedirectTo, sn as JWTSigningAlgorithm, st as SessionFrom, t as AuthClient, tn as JWTKey, tt as InferUser, u as FunctionAPIContext, un as Session, ut as ValibotShapeToObject, v as SignInCredentialsOptions, vt as CookieName, w as SignOutAPIReturn, wt as HostCookie, x as SignInOptions, xt as CredentialsPayload, y as SignInCredentialsReturn, yt as CookieStoreConfig, z as OAuthError, zt as AuthorizeParams } from "../index-1ADcIVGC.js";
|
|
2
|
+
export { APIErrorMap, APIOptionsWithRedirectTo, APIOptionsWithRequest, APIOptionsWithSkipCSRFCheck, AccessTokenError, ArktypeShapeToObject, AsymmetricKeyPair, AsymmetricKeyPairFromEnv, AuthAPI, AuthClient, AuthClientOptions, AuthConfig, AuthInstance, AuthInternalErrorCode, AuthResponse, AuthRuntimeConfig, AuthSecurityErrorCode, AuthorizationError, AuthorizeParams, BuiltInOAuthProvider, ConfigSchema, CookieConfig, CookieName, CookieStoreConfig, CookieStrategyAttributes, CreateSessionStrategyOptions, CredentialsPayload, CredentialsProvider, CredentialsProviderContext, CryptoSecret, DeepPartial, DeepRequired, EditableShape, EditableShapeArkType, EditableShapeTypebox, EditableShapeValibot, EditableShapeZod, EditableUser, ErrorType, FromShapeToObject, FunctionAPIContext, GetSessionAPIOptions, GetSessionAPIReturn, GetStatelessSessionReturn, HostCookie, IdentityConfig, InferSession, InferUser, InferZodShape, InternalContext, InternalLogger, JWTConfig, JWTConfigBase, JWTEncryptedMode, JWTEncryptionAlgorithm, JWTExpirationStrategy, JWTKey, JWTKeyAlgorithm, JWTManager, JWTMode, JWTPayloadWithToken, JWTSealedMode, JWTSignedMode, JWTSigningAlgorithm, JWTStandardClaims, JWTStrategyOptions, JoseInstance, LiteralUnion, LogLevel, Logger, Merge, OAuthEnv, OAuthError, OAuthProvider, OAuthProviderConfig, OAuthProviderCredentials, OAuthProviderRecord, OptionsWithRedirectTo, Prettify, RequiredKeys, ResponseType, RouterGlobalContext, SchemaRegistryContext, SecretKey, SecureCookie, Session, SessionConfig, SessionFrom, SessionStrategy, Severity, SignInAPIOptions, SignInAPIReturn, SignInCredentialsAPIOptions, SignInCredentialsAPIReturn, SignInCredentialsOptions, SignInCredentialsReturn, SignInCredentialsReturnData, SignInOptions, SignInReturn, SignOutAPIOptions, SignOutAPIReturn, SignOutOptions, SignOutReturn, SignOutReturnData, StandardCookie, StatelessStrategyConfig, SyslogOptions, TokenRevocationError, TrustedOrigin, TrustedProxyHeadersConfig, TypeboxShapeToObject, TypedJWTPayload, UpdateSessionAPIOptions, UpdateSessionAPIReturn, UpdateSessionOptions, UpdateSessionReturn, UpdateSessionReturnData, User, UserFrom, UserShape, ValibotShapeToObject, Wrap, ZodShapeToObject };
|
package/dist/@types/index.js
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{array as e,enum as t,null as n,number as r,object as i,string as a,union as o,z as s}from"zod/v4";const c=s.union([a().url(),i({url:a().url(),params:i({owner:a().optional(),responseType:t([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:a().optional()})})]),l=s.union([a().url(),i({url:a().url(),headers:s.record(a(),a()).optional()})]),u=s.union([a().url(),i({url:a().url(),headers:s.record(a(),a()).optional(),method:a().optional()})]),d=i({id:a(),name:a(),authorize:c.optional(),authorizeURL:a().url().optional(),accessToken:l,scope:a().optional(),userInfo:u,responseType:t([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:a(),clientSecret:a(),profile:s.function().optional()}),f=i({authorize:c.optional(),authorizeURL:a().url().optional(),accessToken:l,scope:a().optional(),userInfo:u,responseType:t([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:a(),clientSecret:a()}),p=f.extend({redirectURI:a(),state:a(),codeChallenge:a(),codeChallengeMethod:t([`plain`,`S256`])});i({state:a({message:`Missing state parameter in the OAuth authorization response.`}),code:a({message:`Missing code parameter in the OAuth authorization response.`})});const m=i({error:t([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:a().optional(),error_uri:a().optional(),state:a()});f.extend({redirectURI:a(),code:a(),codeVerifier:a().min(43).max(128)});const h=i({access_token:a(),token_type:a().optional(),expires_in:r().optional(),refresh_token:a().optional(),scope:o([a().optional().or(n()),e(a()).optional()])}),g=i({error:t([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:a().optional(),error_uri:a().optional()}),_=i({error:a(),error_description:a().optional()}),v=i({clientId:s.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:s.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),y=i({redirect:s.stringbool().optional().default(!0),redirectTo:a().optional()}),b=i({username:a(),password:a()});export{m as a,d as c,p as i,y as l,g as n,v as o,h as r,_ as s,b as t};
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
require(`./identity-
|
|
1
|
+
require(`./identity-n3aahaEr.cjs`);const e=require(`./errors-DcK2ELlk.cjs`),t=require(`./env-BhQ2k7jj.cjs`);require(`arktype`),require(`typebox`);let n=require(`@aura-stack/jose/crypto`);const r=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,i=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},a=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),o=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},s=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,c=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},l=(e,t)=>{let r=n.encoder.encode(e),i=n.encoder.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},u=(r,i)=>{let a=t.n(r)??r,o=t.n(i)??i;if(!a||!o)throw new e.n(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encoder.encode(s)));return`Basic ${btoa(c)}`},d=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),f=[`<`,`>`,`"`,"`",` `,`\r`,`
|
|
2
2
|
`,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
|
|
3
3
|
`,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],p=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of f)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},m=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,h=e=>{if(e.length>100)return!1;for(let t of f)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},g=(e,t)=>{let n=new URL(e),i=new URL(t);return r(n.origin,i.origin)},_=(e,t)=>{if(!p(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(c(e)?.test(n))return!0;try{if(p(e)&&r(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},v=e=>e?.jwt?.mode??`sealed`,y=e=>v(e)===`signed`,b=e=>v(e)===`encrypted`,x=e=>v(e)===`sealed`,S=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,C=e=>typeof e==`object`&&!!e&&`algorithm`in e&&`extractable`in e,w=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,T=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&(C(e.sign)||S(e.sign))&&(C(e.encrypt)||S(e.encrypt)),E=e=>typeof e==`string`&&/-----BEGIN (PUBLIC|PRIVATE) KEY-----/.test(e),D=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e&&E(e.publicKey)&&E(e.privateKey),O=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&D(e.sign)&&D(e.encrypt),k=e=>typeof e==`object`&&!!e&&`~run`in e&&typeof e[`~run`]==`function`,A=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).length>0&&Object.values(e).every(k),j=e=>typeof e==`object`&&!!e&&`_def`in e,M=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(j),N=e=>typeof e==`function`&&e!==null&&`allows`in e&&`assert`in e,P=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(e=>typeof e==`object`&&`type`in e);Object.defineProperty(exports,`A`,{enumerable:!0,get:function(){return d}}),Object.defineProperty(exports,`C`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`D`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`E`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`O`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`S`,{enumerable:!0,get:function(){return u}}),Object.defineProperty(exports,`T`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`_`,{enumerable:!0,get:function(){return k}}),Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`b`,{enumerable:!0,get:function(){return j}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return w}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`g`,{enumerable:!0,get:function(){return A}}),Object.defineProperty(exports,`h`,{enumerable:!0,get:function(){return P}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return T}}),Object.defineProperty(exports,`k`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return D}}),Object.defineProperty(exports,`m`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return C}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return O}}),Object.defineProperty(exports,`p`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return S}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return N}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`v`,{enumerable:!0,get:function(){return p}}),Object.defineProperty(exports,`w`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`x`,{enumerable:!0,get:function(){return`0.5.0`}}),Object.defineProperty(exports,`y`,{enumerable:!0,get:function(){return M}});
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import{n as e}from"./errors-Czt_w1t_.js";import{n as t}from"./env-
|
|
1
|
+
import{n as e}from"./errors-Czt_w1t_.js";import{n as t}from"./env-BG1x-kSX.js";import"arktype";import"typebox";import{encoder as n}from"@aura-stack/jose/crypto";const r=`0.5.0`,i=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,a=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},o=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),s=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},c=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,l=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},u=(e,t)=>{let r=n.encode(e),i=n.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},d=(r,i)=>{let a=t(r)??r,o=t(i)??i;if(!a||!o)throw new e(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encode(s)));return`Basic ${btoa(c)}`},f=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),p=[`<`,`>`,`"`,"`",` `,`\r`,`
|
|
2
2
|
`,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
|
|
3
3
|
`,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],m=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of p)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},h=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,g=e=>{if(e.length>100)return!1;for(let t of p)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},_=(e,t)=>{let n=new URL(e),r=new URL(t);return i(n.origin,r.origin)},v=(e,t)=>{if(!m(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(l(e)?.test(n))return!0;try{if(m(e)&&i(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},y=e=>e?.jwt?.mode??`sealed`,b=e=>y(e)===`signed`,x=e=>y(e)===`encrypted`,S=e=>y(e)===`sealed`,C=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,w=e=>typeof e==`object`&&!!e&&`algorithm`in e&&`extractable`in e,T=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,E=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&(w(e.sign)||C(e.sign))&&(w(e.encrypt)||C(e.encrypt)),D=e=>typeof e==`string`&&/-----BEGIN (PUBLIC|PRIVATE) KEY-----/.test(e),O=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e&&D(e.publicKey)&&D(e.privateKey),k=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&O(e.sign)&&O(e.encrypt),A=e=>typeof e==`object`&&!!e&&`~run`in e&&typeof e[`~run`]==`function`,j=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).length>0&&Object.values(e).every(A),M=e=>typeof e==`object`&&!!e&&`_def`in e,N=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(M),P=e=>typeof e==`function`&&e!==null&&`allows`in e&&`assert`in e,F=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(e=>typeof e==`object`&&`type`in e);export{f as A,i as C,a as D,c as E,l as O,d as S,o as T,A as _,x as a,M as b,T as c,_ as d,S as f,j as g,F as h,E as i,u as k,O as l,v as m,w as n,k as o,b as p,C as r,h as s,P as t,g as u,m as v,s as w,r as x,N as y};
|
package/dist/client/index.cjs
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-n3aahaEr.cjs`);const e=require(`../errors-DcK2ELlk.cjs`),t=require(`@aura-stack/router`).createClient,n=n=>{if(typeof window>`u`&&!n.baseURL)throw new e.t("`baseURL` is required when createAuthClient is used outside the browser.");let r=t({cache:`no-store`,credentials:`include`,baseURL:n.baseURL??window.location.origin,...n}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let{redirectTo:n}=t??{},i=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{redirectTo:n,redirect:!1}})).json();return t?.redirect===!0&&typeof window<`u`&&i?.signInURL&&window.location.assign(i.signInURL),i}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async e=>{try{let{redirectTo:t}=e??{},n=await(await r.post(`/signIn/credentials`,{body:e.payload,searchParams:{redirectTo:t,redirect:!1}})).json();return e?.redirect===!0&&typeof window<`u`&&n?.redirectURL&&window.location.assign(n.redirectURL),n}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e.t(`Failed to fetch CSRF token for session update.`);let{session:a,redirectTo:o}=t??{};if(!a)return{success:!1,session:null};let s=a.user??{},c=await(await r.patch(`/session`,{body:{user:s,expires:a.expires?new Date(a.expires):void 0},searchParams:{redirectTo:o,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&c?.redirectURL&&window.location.assign(c.redirectURL),c}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e.t(`Failed to fetch CSRF token for sign-out.`);let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,redirect:!1,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};exports.createAuthClient=n;
|
package/dist/client/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { A as UpdateSessionOptions, E as SignOutReturn, S as SignInReturn, T as SignOutOptions, hn as BuiltInOAuthProvider, j as UpdateSessionReturn, mn as User, n as AuthClientOptions, rt as LiteralUnion, un as Session, v as SignInCredentialsOptions, x as SignInOptions, y as SignInCredentialsReturn } from "../index-1ADcIVGC.js";
|
|
2
2
|
//#region src/client/client.d.ts
|
|
3
3
|
declare const createAuthClient: <DefaultUser extends User = User>(options: AuthClientOptions) => {
|
|
4
4
|
getSession: () => Promise<Session<DefaultUser> | null>;
|
package/dist/client/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{t as e}from"../errors-Czt_w1t_.js";import{createClient as t}from"@aura-stack/router";const n=t,r=t=>{if(typeof window>`u`&&!t.baseURL)throw new e("`baseURL` is required when createAuthClient is used outside the browser.");let r=n({cache:`no-store`,credentials:`include`,baseURL:t.baseURL??window.location.origin,...t}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let
|
|
1
|
+
import{t as e}from"../errors-Czt_w1t_.js";import{createClient as t}from"@aura-stack/router";const n=t,r=t=>{if(typeof window>`u`&&!t.baseURL)throw new e("`baseURL` is required when createAuthClient is used outside the browser.");let r=n({cache:`no-store`,credentials:`include`,baseURL:t.baseURL??window.location.origin,...t}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let{redirectTo:n}=t??{},i=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{redirectTo:n,redirect:!1}})).json();return t?.redirect===!0&&typeof window<`u`&&i?.signInURL&&window.location.assign(i.signInURL),i}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async e=>{try{let{redirectTo:t}=e??{},n=await(await r.post(`/signIn/credentials`,{body:e.payload,searchParams:{redirectTo:t,redirect:!1}})).json();return e?.redirect===!0&&typeof window<`u`&&n?.redirectURL&&window.location.assign(n.redirectURL),n}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e(`Failed to fetch CSRF token for session update.`);let{session:a,redirectTo:o}=t??{};if(!a)return{success:!1,session:null};let s=a.user??{},c=await(await r.patch(`/session`,{body:{user:s,expires:a.expires?new Date(a.expires):void 0},searchParams:{redirectTo:o,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&c?.redirectURL&&window.location.assign(c.redirectURL),c}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e(`Failed to fetch CSRF token for sign-out.`);let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,redirect:!1,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};export{r as createAuthClient};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
require(`./identity-
|
|
1
|
+
require(`./identity-n3aahaEr.cjs`);const e=require(`./errors-DcK2ELlk.cjs`),t=require(`./env-BhQ2k7jj.cjs`),n=require(`./assert-DaZSf4SH.cjs`);let r=require(`@aura-stack/jose/crypto`),i=require(`@aura-stack/jose/jose`),a=require(`@aura-stack/jose`);const o=e=>e?.jwt,s=e=>{let t=o(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},c=(e,t)=>({...s(t),...e}),l=(e,t)=>{let r={};return(n.p(e)||n.f(e))&&e?.jwt?.signingAlgorithm&&(r.alg=e.jwt.signingAlgorithm),{...r,...t}},u=(e,t)=>{let r={};return(n.a(e)||n.f(e))&&(e?.jwt?.keyAlgorithm&&(r.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(r.enc=e.jwt.encryptionAlgorithm)),{...r,...t}},d=(e,t)=>{let r={};return(n.p(e)||n.f(e))&&(e?.jwt?.signingAlgorithm&&(r.algorithms=[e.jwt.signingAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},f=(e,t)=>{let r={};return(n.a(e)||n.f(e))&&(e?.jwt?.keyAlgorithm&&(r.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(r.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},p=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e.a(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},m=async(r,i,o)=>{if(n.o(r)){if(!n.f(o))throw new e.i(`INVALID_PEM_KEY_PAIR`,`Multiples PEM Key Pairs from environment variables require 'sealed' JWT mode. For 'signed' or 'encrypted' modes, provide a single PEM key pair or a combined key object.`);let{sign:i,encrypt:a}=r,s=t.n(`SIGNING_ALG`)||t.n(`SIGNING_ALGORITHM`)||o?.jwt.signingAlgorithm||`RS256`,c=t.n(`ENCRYPTION_ALG`)||t.n(`ENCRYPTION_ALGORITHM`)||o?.jwt.keyAlgorithm||`RSA-OAEP-256`,l=await T(i,s),u=await T(a,c);return{jwsSecret:l,jweSecret:u,jwtSecret:{sign:l,encrypt:u}}}if(n.l(r)){if(n.f(o))throw new e.i(`INVALID_PEM_KEY_PAIR`,`Single PEM key pairs from environment variables require 'signed' or 'encrypted' JWT mode. For 'sealed' mode, provide separate signing and encryption keys or a combined key object.`);let{publicKey:i,privateKey:a}=await T(r,t.n(`ALGORITHM`)||t.n(`ALG`)||(n.p(o)?o?.jwt?.signingAlgorithm:void 0)||(n.a(o)?o?.jwt?.keyAlgorithm:void 0)||`RS256`);return{jwsSecret:{publicKey:i,privateKey:a},jweSecret:{publicKey:i,privateKey:a},jwtSecret:{sign:{publicKey:i,privateKey:a},encrypt:{publicKey:i,privateKey:a}}}}if(n.i(r))return{jwsSecret:r.sign,jweSecret:r.encrypt,jwtSecret:{sign:r.sign,encrypt:r.encrypt}};if(n.n(r)||n.r(r)||n.c(r))return{jwsSecret:r,jweSecret:r,jwtSecret:{sign:r,encrypt:r}};let[s,c]=await Promise.all([(0,a.createDeriveKey)(r,i,`aura:signing`),(0,a.createDeriveKey)(r,i,`aura:encryption`)]);return{jwsSecret:s,jweSecret:c,jwtSecret:{sign:s,encrypt:c}}},h=e=>{let n=t.n(`${e}${e&&`_`}PUBLIC_KEY`),r=t.n(`${e}${e&&`_`}PRIVATE_KEY`);return n&&r?{publicKey:n,privateKey:r}:null},g=n=>{if(n??=t.n(`SECRET`),n)return n;let r=h(``);if(r)return r;let i=h(`SIGNING`),a=h(`ENCRYPTION`);if(i&&a)return{sign:i,encrypt:a};throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`)},_=(n,r)=>{let i=g(n),o=t.n(`SALT`);if(!o)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{(0,a.createSecret)(o)}catch(t){throw new e.n(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:t})}let s=(async()=>{let{jwsSecret:e,jweSecret:t,jwtSecret:n}=await m(i,o,r);return{jwt:(0,a.createJWT)(n),jws:(0,a.createJWS)(e),jwe:(0,a.createJWE)(t)}})();return{signJWS:async(e,t)=>{let{jws:n}=await s;return n.signJWS(c(e,r),l(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await s,i=await n.verifyJWS(e,d(r,t));return p(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await s;return n.encryptJWE(c(e,r),u(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await s,i=await n.decryptJWE(e,f(r,t));return p(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await s;return await n.encodeJWT(c(e,r),{sign:l(r,t?.sign),encrypt:u(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await s,i=await n.decodeJWT(e,{verify:d(r,t?.verify),decrypt:f(r,t?.decrypt)});return p(i),i}}},v=(e=32)=>i.base64url.encode((0,r.getRandomBytes)(e)),y=async e=>{let t=await(0,r.getSubtleCrypto)().digest(`SHA-256`,r.encoder.encode(e));return i.base64url.encode(new Uint8Array(t))},b=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??v(n??64);if(r.length<43||r.length>128)throw new e.a(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await y(r),method:`S256`}},x=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=v(32);return e.signJWS({token:n})}catch{let t=v(32);return e.signJWS({token:t})}},S=async(t,r,i)=>{try{let a=await t.verifyJWS(r),o=await t.verifyJWS(i);if(!n.s(a))throw new e.a(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!n.s(o))throw new e.a(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!n.C(a.token.length,o.token.length)||!n.k(a.token,o.token))throw new e.a(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e.a(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},C=async(e,t,n=1e5)=>{let a=(0,r.getSubtleCrypto)(),o=t?i.base64url.decode(t):(0,r.getRandomBytes)(16),s=await a.importKey(`raw`,r.encoder.encode(e),`PBKDF2`,!1,[`deriveBits`]),c=await a.deriveBits({name:`PBKDF2`,salt:o,iterations:n,hash:`SHA-256`},s,256),l=new Uint8Array(c),u=i.base64url.encode(l);return`pbkdf2-sha256:${n}:${i.base64url.encode(o)}:${u}`},w=async(e,t)=>{try{let r=t.split(`:`);if(r.length!==4)return!1;let[i,a,o]=r;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);if(isNaN(s))return!1;let[,,,c]=(await C(e,o,s)).split(`:`),[,,,l]=t.split(`:`);return!c||!l?!1:n.k(c,l)}catch{return!1}},T=async(e,t)=>{let n=await(0,i.importPKCS8)(e.privateKey,t,{extractable:!0});return{publicKey:await(0,i.importSPKI)(e.publicKey,t,{extractable:!0}),privateKey:n}},E=async(e,t)=>{let{publicKey:n,privateKey:r}=await(0,i.generateKeyPair)(e,t);return{publicKey:await(0,i.exportJWK)(n),privateKey:await(0,i.exportJWK)(r)}};Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return E}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return S}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return v}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return w}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return C}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return T}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return _}});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{a as e,i as t,n}from"./errors-Czt_w1t_.js";import{n as r}from"./env-
|
|
1
|
+
import{a as e,i as t,n}from"./errors-Czt_w1t_.js";import{n as r}from"./env-BG1x-kSX.js";import{C as i,a,c as o,f as s,i as c,k as l,l as u,n as d,o as f,p,r as m,s as h}from"./assert-av6s0a6t.js";import{encoder as g,getRandomBytes as _,getSubtleCrypto as v}from"@aura-stack/jose/crypto";import{base64url as y,exportJWK as b,generateKeyPair as x,generateKeyPair as S,importPKCS8 as C,importSPKI as w}from"@aura-stack/jose/jose";import{createDeriveKey as T,createJWE as E,createJWS as D,createJWT as O,createSecret as k}from"@aura-stack/jose";const A=e=>e?.jwt,j=e=>{let t=A(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},M=(e,t)=>({...j(t),...e}),N=(e,t)=>{let n={};return(p(e)||s(e))&&e?.jwt?.signingAlgorithm&&(n.alg=e.jwt.signingAlgorithm),{...n,...t}},P=(e,t)=>{let n={};return(a(e)||s(e))&&(e?.jwt?.keyAlgorithm&&(n.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(n.enc=e.jwt.encryptionAlgorithm)),{...n,...t}},F=(e,t)=>{let n={};return(p(e)||s(e))&&(e?.jwt?.signingAlgorithm&&(n.algorithms=[e.jwt.signingAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},I=(e,t)=>{let n={};return(a(e)||s(e))&&(e?.jwt?.keyAlgorithm&&(n.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(n.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},L=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},R=async(e,n,i)=>{if(f(e)){if(!s(i))throw new t(`INVALID_PEM_KEY_PAIR`,`Multiples PEM Key Pairs from environment variables require 'sealed' JWT mode. For 'signed' or 'encrypted' modes, provide a single PEM key pair or a combined key object.`);let{sign:n,encrypt:a}=e,o=r(`SIGNING_ALG`)||r(`SIGNING_ALGORITHM`)||i?.jwt.signingAlgorithm||`RS256`,c=r(`ENCRYPTION_ALG`)||r(`ENCRYPTION_ALGORITHM`)||i?.jwt.keyAlgorithm||`RSA-OAEP-256`,l=await Y(n,o),u=await Y(a,c);return{jwsSecret:l,jweSecret:u,jwtSecret:{sign:l,encrypt:u}}}if(u(e)){if(s(i))throw new t(`INVALID_PEM_KEY_PAIR`,`Single PEM key pairs from environment variables require 'signed' or 'encrypted' JWT mode. For 'sealed' mode, provide separate signing and encryption keys or a combined key object.`);let{publicKey:n,privateKey:o}=await Y(e,r(`ALGORITHM`)||r(`ALG`)||(p(i)?i?.jwt?.signingAlgorithm:void 0)||(a(i)?i?.jwt?.keyAlgorithm:void 0)||`RS256`);return{jwsSecret:{publicKey:n,privateKey:o},jweSecret:{publicKey:n,privateKey:o},jwtSecret:{sign:{publicKey:n,privateKey:o},encrypt:{publicKey:n,privateKey:o}}}}if(c(e))return{jwsSecret:e.sign,jweSecret:e.encrypt,jwtSecret:{sign:e.sign,encrypt:e.encrypt}};if(d(e)||m(e)||o(e))return{jwsSecret:e,jweSecret:e,jwtSecret:{sign:e,encrypt:e}};let[l,h]=await Promise.all([T(e,n,`aura:signing`),T(e,n,`aura:encryption`)]);return{jwsSecret:l,jweSecret:h,jwtSecret:{sign:l,encrypt:h}}},z=e=>{let t=r(`${e}${e&&`_`}PUBLIC_KEY`),n=r(`${e}${e&&`_`}PRIVATE_KEY`);return t&&n?{publicKey:t,privateKey:n}:null},B=e=>{if(e??=r(`SECRET`),e)return e;let t=z(``);if(t)return t;let i=z(`SIGNING`),a=z(`ENCRYPTION`);if(i&&a)return{sign:i,encrypt:a};throw new n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`)},V=(e,t)=>{let i=B(e),a=r(`SALT`);if(!a)throw new n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{k(a)}catch(e){throw new n(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:e})}let o=(async()=>{let{jwsSecret:e,jweSecret:n,jwtSecret:r}=await R(i,a,t);return{jwt:O(r),jws:D(e),jwe:E(n)}})();return{signJWS:async(e,n)=>{let{jws:r}=await o;return r.signJWS(M(e,t),N(t,n))},verifyJWS:async(e,n)=>{let{jws:r}=await o,i=await r.verifyJWS(e,F(t,n));return L(i),i},encryptJWE:async(e,n)=>{let{jwe:r}=await o;return r.encryptJWE(M(e,t),P(t,n))},decryptJWE:async(e,n)=>{let{jwe:r}=await o,i=await r.decryptJWE(e,I(t,n));return L(i),i},encodeJWT:async(e,n)=>{let{jwt:r}=await o;return await r.encodeJWT(M(e,t),{sign:N(t,n?.sign),encrypt:P(t,n?.encrypt)})},decodeJWT:async(e,n)=>{let{jwt:r}=await o,i=await r.decodeJWT(e,{verify:F(t,n?.verify),decrypt:I(t,n?.decrypt)});return L(i),i}}},H=(e=32)=>y.encode(_(e)),U=async e=>{let t=await v().digest(`SHA-256`,g.encode(e));return y.encode(new Uint8Array(t))},W=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??H(n??64);if(r.length<43||r.length>128)throw new e(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await U(r),method:`S256`}},G=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=H(32);return e.signJWS({token:n})}catch{let t=H(32);return e.signJWS({token:t})}},K=async(t,n,r)=>{try{let a=await t.verifyJWS(n),o=await t.verifyJWS(r);if(!h(a))throw new e(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!h(o))throw new e(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!i(a.token.length,o.token.length)||!l(a.token,o.token))throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},q=async(e,t,n=1e5)=>{let r=v(),i=t?y.decode(t):_(16),a=await r.importKey(`raw`,g.encode(e),`PBKDF2`,!1,[`deriveBits`]),o=await r.deriveBits({name:`PBKDF2`,salt:i,iterations:n,hash:`SHA-256`},a,256),s=new Uint8Array(o),c=y.encode(s);return`pbkdf2-sha256:${n}:${y.encode(i)}:${c}`},J=async(e,t)=>{try{let n=t.split(`:`);if(n.length!==4)return!1;let[r,i,a]=n;if(r!==`pbkdf2-sha256`)return!1;let o=parseInt(i,10);if(isNaN(o))return!1;let[,,,s]=(await q(e,a,o)).split(`:`),[,,,c]=t.split(`:`);return!s||!c?!1:l(s,c)}catch{return!1}},Y=async(e,t)=>{let n=await C(e.privateKey,t,{extractable:!0});return{publicKey:await w(e.publicKey,t,{extractable:!0}),privateKey:n}},X=async(e,t)=>{let{publicKey:n,privateKey:r}=await x(e,t);return{publicKey:await b(n),privateKey:await b(r)}};export{H as a,Y as c,V as d,W as i,K as l,U as n,X as o,S as r,q as s,G as t,J as u};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object.prototype.hasOwnProperty,o=(e,i,o,s)=>{if(i&&typeof i==`object`||typeof i==`function`)for(var c=r(i),l=0,u=c.length,d;l<u;l++)d=c[l],!a.call(e,d)&&d!==o&&t(e,d,{get:(e=>i[e]).bind(null,d),enumerable:!(s=n(i,d))||s.enumerable});return e},s=(n,r,a)=>(a=n==null?{}:e(i(n)),o(r||!n||!n.__esModule?t(a,`default`,{value:n,enumerable:!0}):a,n));const c=require(`./assert-DaZSf4SH.cjs`);let l=require(`zod/v4`),u=require(`arktype`),d=require(`typebox`),f=require(`valibot`);f=s(f,1);const p=l.z.object({sub:l.z.string(),name:l.z.string().nullable().optional(),image:l.z.string().nullable().optional(),email:l.z.email().nullable().optional()}),m=f.object({sub:f.string(),name:f.optional(f.nullable(f.string())),image:f.optional(f.nullable(f.string())),email:f.optional(f.nullable(f.pipe(f.string(),f.email())))}),h=(0,u.type)({sub:`string`,name:`string | null?`,image:`string | null?`,email:`string.email | null?`}),g=d.Type.Object({sub:d.Type.String(),name:d.Type.Optional(d.Type.Union([d.Type.String(),d.Type.Null()])),image:d.Type.Optional(d.Type.Union([d.Type.String(),d.Type.Null()])),email:d.Type.Optional(d.Type.Union([d.Type.String({format:`email`}),d.Type.Null()]))}),_=e=>c.t(e)?e:c.g(e)?f.object(e):c.y(e)?l.z.object(e):c.h(e)?d.Type.Object(e):l.z.object(e);Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return p}});
|