@aura-stack/auth 0.7.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/dist/@types/index.cjs +1 -1
  2. package/dist/@types/index.d.ts +2 -2
  3. package/dist/@types/index.js +1 -1
  4. package/dist/client/index.cjs +1 -1
  5. package/dist/client/index.d.ts +3 -2
  6. package/dist/client/index.js +1 -1
  7. package/dist/crypto-BRrGB5wn.js +3 -0
  8. package/dist/crypto-Da-Q8hsP.cjs +3 -0
  9. package/dist/errors-BWpHquVG.js +1 -0
  10. package/dist/errors-BiBhdux1.cjs +1 -0
  11. package/dist/fetch-async-DL6uySSm.js +1 -0
  12. package/dist/fetch-async-DlbcIcRD.cjs +1 -0
  13. package/dist/{identity-n3aahaEr.cjs → identity-CAygUyH6.cjs} +1 -1
  14. package/dist/{index-1ADcIVGC.d.ts → index-DIcbmH1M.d.ts} +1050 -285
  15. package/dist/index.cjs +1 -1
  16. package/dist/index.d.ts +1 -1
  17. package/dist/index.js +1 -1
  18. package/dist/{logger-BfUjjtxf.js → logger-BleaYLUV.js} +1 -1
  19. package/dist/{logger-CVwkloPj.cjs → logger-DL-kEECn.cjs} +1 -1
  20. package/dist/oauth/atlassian.d.ts +1 -1
  21. package/dist/oauth/authentik.cjs +1 -0
  22. package/dist/oauth/authentik.d.ts +2 -0
  23. package/dist/oauth/authentik.js +1 -0
  24. package/dist/oauth/bitbucket.d.ts +1 -1
  25. package/dist/oauth/click-up.d.ts +1 -1
  26. package/dist/oauth/discord.d.ts +1 -1
  27. package/dist/oauth/dribbble.d.ts +1 -1
  28. package/dist/oauth/dropbox.d.ts +1 -1
  29. package/dist/oauth/figma.d.ts +1 -1
  30. package/dist/oauth/github.d.ts +1 -1
  31. package/dist/oauth/gitlab.d.ts +1 -1
  32. package/dist/oauth/google.cjs +1 -0
  33. package/dist/oauth/google.d.ts +2 -0
  34. package/dist/oauth/google.js +1 -0
  35. package/dist/oauth/hubspot.cjs +1 -0
  36. package/dist/oauth/hubspot.d.ts +2 -0
  37. package/dist/oauth/hubspot.js +1 -0
  38. package/dist/oauth/huggingface.cjs +1 -0
  39. package/dist/oauth/huggingface.d.ts +2 -0
  40. package/dist/oauth/huggingface.js +1 -0
  41. package/dist/oauth/index.cjs +1 -1
  42. package/dist/oauth/index.d.ts +2 -2
  43. package/dist/oauth/index.js +1 -1
  44. package/dist/oauth/mailchimp.d.ts +1 -1
  45. package/dist/oauth/notion.cjs +1 -1
  46. package/dist/oauth/notion.d.ts +1 -1
  47. package/dist/oauth/notion.js +1 -1
  48. package/dist/oauth/pinterest.d.ts +1 -1
  49. package/dist/oauth/spotify.d.ts +1 -1
  50. package/dist/oauth/strava.d.ts +1 -1
  51. package/dist/oauth/twitch.d.ts +1 -1
  52. package/dist/oauth/x.d.ts +1 -1
  53. package/dist/resolve-provider-C_clBCRg.cjs +1 -0
  54. package/dist/resolve-provider-CaDu98x6.js +1 -0
  55. package/dist/shared/crypto.cjs +1 -1
  56. package/dist/shared/crypto.d.ts +2 -2
  57. package/dist/shared/crypto.js +1 -1
  58. package/dist/shared/identity.cjs +1 -1
  59. package/dist/shared/identity.d.ts +1 -1
  60. package/dist/shared/identity.js +1 -1
  61. package/dist/shared/index.cjs +1 -1
  62. package/dist/shared/index.d.ts +16 -2
  63. package/dist/shared/index.js +1 -1
  64. package/package.json +5 -4
  65. package/dist/assert-DaZSf4SH.cjs +0 -3
  66. package/dist/assert-av6s0a6t.js +0 -3
  67. package/dist/crypto-BF4ETYC9.cjs +0 -1
  68. package/dist/crypto-D6aq4c8x.js +0 -1
  69. package/dist/errors-Czt_w1t_.js +0 -1
  70. package/dist/errors-DcK2ELlk.cjs +0 -1
@@ -1 +1 @@
1
- Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-n3aahaEr.cjs`);let e=require(`zod/v4`);const t=e.z.union([(0,e.string)().url(),(0,e.object)({url:(0,e.string)().url(),params:(0,e.object)({owner:(0,e.string)().optional(),responseType:(0,e.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:(0,e.string)().optional()})})]),n=e.z.union([(0,e.string)().url(),(0,e.object)({url:(0,e.string)().url(),headers:e.z.record((0,e.string)(),(0,e.string)()).optional()})]),r=e.z.union([(0,e.string)().url(),(0,e.object)({url:(0,e.string)().url(),headers:e.z.record((0,e.string)(),(0,e.string)()).optional(),method:(0,e.string)().optional()})]),i=(0,e.object)({id:(0,e.string)(),name:(0,e.string)(),authorize:t.optional(),authorizeURL:(0,e.string)().url().optional(),accessToken:n,scope:(0,e.string)().optional(),userInfo:r,responseType:(0,e.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,e.string)(),clientSecret:(0,e.string)(),profile:e.z.function().optional()}),a=(0,e.object)({authorize:t.optional(),authorizeURL:(0,e.string)().url().optional(),accessToken:n,scope:(0,e.string)().optional(),userInfo:r,responseType:(0,e.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,e.string)(),clientSecret:(0,e.string)()}),o=a.extend({redirectURI:(0,e.string)(),state:(0,e.string)(),codeChallenge:(0,e.string)(),codeChallengeMethod:(0,e.enum)([`plain`,`S256`])});(0,e.object)({state:(0,e.string)({message:`Missing state parameter in the OAuth authorization response.`}),code:(0,e.string)({message:`Missing code parameter in the OAuth authorization response.`})});const s=(0,e.object)({error:(0,e.enum)([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:(0,e.string)().optional(),error_uri:(0,e.string)().optional(),state:(0,e.string)()});a.extend({redirectURI:(0,e.string)(),code:(0,e.string)(),codeVerifier:(0,e.string)().min(43).max(128)});const c=(0,e.object)({access_token:(0,e.string)(),token_type:(0,e.string)().optional(),expires_in:(0,e.number)().optional(),refresh_token:(0,e.string)().optional(),scope:(0,e.union)([(0,e.string)().optional().or((0,e.null)()),(0,e.array)((0,e.string)()).optional()])}),l=(0,e.object)({error:(0,e.enum)([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:(0,e.string)().optional(),error_uri:(0,e.string)().optional()}),u=(0,e.object)({error:(0,e.string)(),error_description:(0,e.string)().optional()}),d=(0,e.object)({clientId:e.z.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:e.z.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),f=(0,e.object)({redirect:e.z.stringbool().optional().default(!0),redirectTo:(0,e.string)().optional()}),p=(0,e.object)({username:(0,e.string)(),password:(0,e.string)()});exports.a=s,exports.c=i,exports.i=o,exports.l=f,exports.n=l,exports.o=d,exports.r=c,exports.s=u,exports.t=p;
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-CAygUyH6.cjs`);let e=require(`zod/v4`);const t=e.z.union([(0,e.string)().url(),(0,e.object)({url:(0,e.string)().url(),params:(0,e.object)({owner:(0,e.string)().optional(),responseType:(0,e.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:(0,e.string)().optional()})})]),n=e.z.union([(0,e.string)().url(),(0,e.object)({url:(0,e.string)().url(),headers:e.z.record((0,e.string)(),(0,e.string)()).optional()})]),r=e.z.union([(0,e.string)().url(),(0,e.object)({url:(0,e.string)().url(),request:e.z.function()}),(0,e.object)({url:(0,e.string)().url(),headers:e.z.record((0,e.string)(),(0,e.string)()).optional(),method:(0,e.string)().optional()})]),i=(0,e.object)({id:(0,e.string)(),name:(0,e.string)(),authorize:t.optional(),authorizeURL:(0,e.string)().url().optional(),accessToken:n,scope:(0,e.string)().optional(),userInfo:r,responseType:(0,e.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,e.string)(),clientSecret:(0,e.string)(),profile:e.z.function().optional()}),a=(0,e.object)({authorize:t.optional(),authorizeURL:(0,e.string)().url().optional(),accessToken:n,scope:(0,e.string)().optional(),userInfo:r,responseType:(0,e.enum)([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:(0,e.string)(),clientSecret:(0,e.string)()}),o=a.extend({redirectURI:(0,e.string)(),state:(0,e.string)(),codeChallenge:(0,e.string)(),codeChallengeMethod:(0,e.enum)([`plain`,`S256`])});(0,e.object)({state:(0,e.string)({message:`Missing state parameter in the OAuth authorization response.`}),code:(0,e.string)({message:`Missing code parameter in the OAuth authorization response.`})}),(0,e.object)({error:(0,e.enum)([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:(0,e.string)().optional(),error_uri:(0,e.string)().optional(),state:(0,e.string)()}),a.extend({redirectURI:(0,e.string)(),code:(0,e.string)(),codeVerifier:(0,e.string)().min(43).max(128)});const s=(0,e.object)({access_token:(0,e.string)(),token_type:(0,e.string)().optional(),expires_in:(0,e.number)().optional(),refresh_token:(0,e.string)().optional(),scope:(0,e.union)([(0,e.string)().optional().or((0,e.null)()),(0,e.array)((0,e.string)()).optional()])}),c=(0,e.object)({error:(0,e.enum)([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:(0,e.string)().optional(),error_uri:(0,e.string)().optional()}),l=(0,e.object)({error:(0,e.string)(),error_description:(0,e.string)().optional()}),u=(0,e.object)({clientId:e.z.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:e.z.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),d=(0,e.object)({redirect:e.z.stringbool().optional().default(!0),redirectTo:(0,e.string)().optional()}),f=(0,e.object)({username:(0,e.string)(),password:(0,e.string)()}),p=(0,e.object)({issuer:(0,e.string)().url(),authorization_endpoint:(0,e.string)().url(),token_endpoint:(0,e.string)().url(),userinfo_endpoint:(0,e.string)().url(),jwks_uri:(0,e.string)().url(),registration_endpoint:(0,e.string)().url().optional(),scopes_supported:(0,e.array)((0,e.string)()).optional(),response_types_supported:(0,e.array)((0,e.string)()).optional(),response_modes_supported:(0,e.array)((0,e.string)()).optional(),grant_types_supported:(0,e.array)((0,e.string)()).optional(),acr_values_supported:(0,e.array)((0,e.string)()).optional(),subject_types_supported:(0,e.array)((0,e.string)()),id_token_signing_alg_values_supported:(0,e.array)((0,e.string)()),id_token_encryption_alg_values_supported:(0,e.array)((0,e.string)()).optional(),id_token_encryption_enc_values_supported:(0,e.array)((0,e.string)()).optional(),userinfo_signing_alg_values_supported:(0,e.array)((0,e.string)()).optional(),userinfo_encryption_alg_values_supported:(0,e.array)((0,e.string)()).optional(),userinfo_encryption_enc_values_supported:(0,e.array)((0,e.string)()).optional(),request_object_signing_alg_values_supported:(0,e.array)((0,e.string)()).optional(),request_object_encryption_alg_values_supported:(0,e.array)((0,e.string)()).optional(),request_object_encryption_enc_values_supported:(0,e.array)((0,e.string)()).optional(),token_endpoint_auth_methods_supported:(0,e.array)((0,e.string)()).optional(),token_endpoint_auth_signing_alg_values_supported:(0,e.array)((0,e.string)()).optional(),display_values_supported:(0,e.array)((0,e.string)()).optional(),claim_types_supported:(0,e.array)((0,e.string)()).optional(),claims_supported:(0,e.array)((0,e.string)()).optional(),service_documentation:(0,e.string)().url().optional(),claims_locales_supported:(0,e.array)((0,e.string)()).optional(),ui_locales_supported:(0,e.array)((0,e.string)()).optional(),claims_parameter_supported:(0,e.boolean)().optional(),request_parameter_supported:(0,e.boolean)().optional(),request_uri_parameter_supported:(0,e.boolean)().optional(),require_request_uri_registration:(0,e.boolean)().optional(),op_policy_uri:(0,e.string)().url().optional(),op_tos_uri:(0,e.string)().url().optional()}).passthrough(),m=(0,e.object)({id:(0,e.string)(),name:(0,e.string)(),issuer:(0,e.string)().url(),clientId:(0,e.string)().optional(),clientSecret:(0,e.string)().optional(),scope:(0,e.string)().optional(),profile:e.z.function().optional()}),h=(0,e.object)({kty:(0,e.string)(),kid:(0,e.string)().optional(),use:(0,e.string)().optional(),alg:(0,e.string)().optional(),n:(0,e.string)().optional(),e:(0,e.string)().optional(),x:(0,e.string)().optional(),y:(0,e.string)().optional(),crv:(0,e.string)().optional()}).passthrough(),g=(0,e.object)({keys:(0,e.array)(h)}),_=(0,e.object)({access_token:(0,e.string)(),token_type:(0,e.string)().optional(),expires_in:(0,e.number)().optional(),refresh_token:(0,e.string)().optional(),scope:(0,e.union)([(0,e.string)().optional().or((0,e.null)()),(0,e.array)((0,e.string)()).optional()]),id_token:(0,e.string)().optional()}),v=(0,e.object)({sub:(0,e.string)(),name:(0,e.string)().optional(),given_name:(0,e.string)().optional(),family_name:(0,e.string)().optional(),middle_name:(0,e.string)().optional(),nickname:(0,e.string)().optional(),preferred_username:(0,e.string)().optional(),profile:(0,e.string)().url().optional(),picture:(0,e.string)().url().optional(),website:(0,e.string)().url().optional(),email:(0,e.string)().optional(),email_verified:(0,e.boolean)().optional(),gender:(0,e.string)().optional(),birthdate:(0,e.string)().optional(),zoneinfo:(0,e.string)().optional(),locale:(0,e.string)().optional(),phone_number:(0,e.string)().optional(),phone_number_verified:(0,e.boolean)().optional(),address:e.z.record((0,e.string)(),e.z.unknown()).optional(),updated_at:(0,e.number)().optional()}).passthrough(),y=(0,e.object)({iss:(0,e.string)(),sub:(0,e.string)(),aud:e.z.union([(0,e.string)(),(0,e.array)((0,e.string)())]),exp:(0,e.number)(),iat:(0,e.number)(),nonce:(0,e.string)().optional(),azp:(0,e.string)().optional(),auth_time:(0,e.number)().optional()}).passthrough();exports.a=s,exports.c=l,exports.d=v,exports.f=p,exports.i=c,exports.l=i,exports.m=d,exports.n=y,exports.o=o,exports.p=m,exports.r=g,exports.s=u,exports.t=f,exports.u=_;
@@ -1,2 +1,2 @@
1
- import { $ as FromShapeToObject, $t as JWTEncryptionAlgorithm, A as UpdateSessionOptions, At as Logger, B as TokenRevocationError, Bt as OAuthProvider, C as SignOutAPIOptions, Ct as CredentialsProviderContext, D as SignOutReturnData, Dt as InternalLogger, E as SignOutReturn, Et as InternalContext, F as AuthInternalErrorCode, Ft as StandardCookie, G as DeepPartial, Gt as AsymmetricKeyPair, H as ArktypeShapeToObject, Ht as OAuthProviderCredentials, I as AuthSecurityErrorCode, It as SyslogOptions, J as EditableShapeArkType, Jt as CryptoSecret, K as DeepRequired, Kt as AsymmetricKeyPairFromEnv, L as AuthorizationError, Lt as TrustedOrigin, M as UpdateSessionReturnData, Mt as SchemaRegistryContext, N as APIErrorMap, Nt as SecureCookie, O as UpdateSessionAPIOptions, Ot as JoseInstance, P as AccessTokenError, Pt as Severity, Q as EditableUser, Qt as JWTEncryptedMode, R as ErrorType, Rt as TrustedProxyHeadersConfig, S as SignInReturn, Sr as UserShape, St as CredentialsProvider, T as SignOutOptions, Tt as IdentityConfig, U as AuthResponse, Ut as OAuthProviderRecord, Vt as OAuthProviderConfig, W as ConfigSchema, Wt as ResponseType, X as EditableShapeValibot, Xt as JWTConfig, Y as EditableShapeTypebox, Yt as GetStatelessSessionReturn, Z as EditableShapeZod, Zt as JWTConfigBase, _ as SignInCredentialsAPIReturn, _t as CookieConfig, a as OAuthEnv, an as JWTSealedMode, at as Prettify, b as SignInCredentialsReturnData, bt as CookieStrategyAttributes, c as APIOptionsWithRequest, cn as JWTStrategyOptions, ct as TypeboxShapeToObject, d as GetSessionAPIOptions, dn as SessionConfig, dt as Wrap, en as JWTExpirationStrategy, et as InferSession, f as GetSessionAPIReturn, fn as SessionStrategy, ft as ZodShapeToObject, g as SignInCredentialsAPIOptions, gt as AuthRuntimeConfig, h as SignInAPIReturn, hn as BuiltInOAuthProvider, ht as AuthInstance, i as JWTStandardClaims, in as JWTMode, it as Merge, j as UpdateSessionReturn, jt as RouterGlobalContext, k as UpdateSessionAPIReturn, kt as LogLevel, l as APIOptionsWithSkipCSRFCheck, ln as SecretKey, lt as UserFrom, m as SignInAPIOptions, mn as User, mt as AuthConfig, n as AuthClientOptions, nn as JWTKeyAlgorithm, nt as InferZodShape, o as TypedJWTPayload, on as JWTSignedMode, ot as RequiredKeys, p as OptionsWithRedirectTo, pn as StatelessStrategyConfig, pt as AuthAPI, q as EditableShape, qt as CreateSessionStrategyOptions, r as JWTPayloadWithToken, rn as JWTManager, rt as LiteralUnion, s as APIOptionsWithRedirectTo, sn as JWTSigningAlgorithm, st as SessionFrom, t as AuthClient, tn as JWTKey, tt as InferUser, u as FunctionAPIContext, un as Session, ut as ValibotShapeToObject, v as SignInCredentialsOptions, vt as CookieName, w as SignOutAPIReturn, wt as HostCookie, x as SignInOptions, xt as CredentialsPayload, y as SignInCredentialsReturn, yt as CookieStoreConfig, z as OAuthError, zt as AuthorizeParams } from "../index-1ADcIVGC.js";
2
- export { APIErrorMap, APIOptionsWithRedirectTo, APIOptionsWithRequest, APIOptionsWithSkipCSRFCheck, AccessTokenError, ArktypeShapeToObject, AsymmetricKeyPair, AsymmetricKeyPairFromEnv, AuthAPI, AuthClient, AuthClientOptions, AuthConfig, AuthInstance, AuthInternalErrorCode, AuthResponse, AuthRuntimeConfig, AuthSecurityErrorCode, AuthorizationError, AuthorizeParams, BuiltInOAuthProvider, ConfigSchema, CookieConfig, CookieName, CookieStoreConfig, CookieStrategyAttributes, CreateSessionStrategyOptions, CredentialsPayload, CredentialsProvider, CredentialsProviderContext, CryptoSecret, DeepPartial, DeepRequired, EditableShape, EditableShapeArkType, EditableShapeTypebox, EditableShapeValibot, EditableShapeZod, EditableUser, ErrorType, FromShapeToObject, FunctionAPIContext, GetSessionAPIOptions, GetSessionAPIReturn, GetStatelessSessionReturn, HostCookie, IdentityConfig, InferSession, InferUser, InferZodShape, InternalContext, InternalLogger, JWTConfig, JWTConfigBase, JWTEncryptedMode, JWTEncryptionAlgorithm, JWTExpirationStrategy, JWTKey, JWTKeyAlgorithm, JWTManager, JWTMode, JWTPayloadWithToken, JWTSealedMode, JWTSignedMode, JWTSigningAlgorithm, JWTStandardClaims, JWTStrategyOptions, JoseInstance, LiteralUnion, LogLevel, Logger, Merge, OAuthEnv, OAuthError, OAuthProvider, OAuthProviderConfig, OAuthProviderCredentials, OAuthProviderRecord, OptionsWithRedirectTo, Prettify, RequiredKeys, ResponseType, RouterGlobalContext, SchemaRegistryContext, SecretKey, SecureCookie, Session, SessionConfig, SessionFrom, SessionStrategy, Severity, SignInAPIOptions, SignInAPIReturn, SignInCredentialsAPIOptions, SignInCredentialsAPIReturn, SignInCredentialsOptions, SignInCredentialsReturn, SignInCredentialsReturnData, SignInOptions, SignInReturn, SignOutAPIOptions, SignOutAPIReturn, SignOutOptions, SignOutReturn, SignOutReturnData, StandardCookie, StatelessStrategyConfig, SyslogOptions, TokenRevocationError, TrustedOrigin, TrustedProxyHeadersConfig, TypeboxShapeToObject, TypedJWTPayload, UpdateSessionAPIOptions, UpdateSessionAPIReturn, UpdateSessionOptions, UpdateSessionReturn, UpdateSessionReturnData, User, UserFrom, UserShape, ValibotShapeToObject, Wrap, ZodShapeToObject };
1
+ import { $ as EditableShapeArkType, $t as CustomUserInfoFunction, A as SignUpOptions, An as JWTSealedMode, At as CredentialsPayload, B as AuthInternalErrorCode, Bt as OnCreateUserContext, C as SignOutAPIOptions, Cn as JWTEncryptedMode, Ct as AuthConfig, D as SignOutReturnData, Dn as JWTKeyAlgorithm, Dt as CookieName, E as SignOutReturn, En as JWTKey, Et as CookieConfig, F as UpdateSessionOptions, Fn as Session, Ft as InternalContext, G as TokenRevocationError, Gt as Severity, H as AuthorizationError, Ht as RouterGlobalContext, I as UpdateSessionReturn, In as SessionConfig, It as InternalLogger, J as AuthResponse, Jt as SyslogOptions, Kt as SignUpConfig, L as UpdateSessionReturnData, Ln as SessionStrategy, Lt as JoseInstance, M as SignUpReturnData, Mn as JWTSigningAlgorithm, Mt as CredentialsProviderContext, N as UpdateSessionAPIOptions, Nn as JWTStrategyOptions, Nt as HostCookie, O as SignUpAPIOptions, On as JWTManager, Ot as CookieStoreConfig, P as UpdateSessionAPIReturn, Pn as SecretKey, Pt as IdentityConfig, Q as EditableShape, Qt as AuthorizeParams, R as APIErrorMap, Rn as StatelessStrategyConfig, Rt as LogLevel, S as SignInReturn, Sn as JWTConfigBase, St as AuthAPI, T as SignOutOptions, Tn as JWTExpirationStrategy, Tt as AuthRuntimeConfig, U as ErrorType, Ut as SchemaRegistryContext, V as AuthSecurityErrorCode, Vt as RateLimiterConfig, W as OAuthError, Wt as SecureCookie, X as DeepPartial, Xt as TrustedProxyHeadersConfig, Y as ConfigSchema, Yt as TrustedOrigin, Z as DeepRequired, Zt as AccessTokenContext, _ as SignInCredentialsAPIReturn, _n as AsymmetricKeyPairFromEnv, _t as TypeboxShapeToObject, a as OAuthEnv, an as OIDCAccessTokenResponseType, at as FromShapeToObject, b as SignInCredentialsReturnData, bn as GetStatelessSessionReturn, bt as Wrap, c as APIOptionsWithRequest, cn as RuntimeOAuthProvider, ct as InferUser, d as GetSessionAPIOptions, dt as Merge, en as OAuthAccessTokenResponseType, et as EditableShapeTypebox, f as GetSessionAPIReturn, ft as Prettify, g as SignInCredentialsAPIOptions, gn as AsymmetricKeyPair, gt as SessionFrom, h as SignInAPIReturn, hn as OpenIDProvider, ht as ReturnUpdateSessionShape, i as JWTStandardClaims, in as OAuthProviderRecord, it as EditableUser, j as SignUpReturn, jn as JWTSignedMode, jt as CredentialsProvider, k as SignUpAPIReturn, kn as JWTMode, kt as CookieStrategyAttributes, l as APIOptionsWithSkipCSRFCheck, ln as BuiltInOAuthProvider, lt as InferZodShape, m as SignInAPIOptions, mn as OpenIDMetadata, mt as RequiredKeys, n as AuthClientOptions, nn as OAuthProviderConfig, nt as EditableShapeZod, o as TypedJWTPayload, on as OIDCProviderContext, ot as InferSession, p as OptionsWithRedirectTo, pt as RemoveIndexSignature, q as ArktypeShapeToObject, qt as StandardCookie, r as JWTPayloadWithToken, rn as OAuthProviderCredentials, rt as EditableToSchema, s as APIOptionsWithRedirectTo, sn as ResponseType, st as InferSignUp, t as AuthClient, ti as UserShape, tn as OAuthProvider, tt as EditableShapeValibot, u as FunctionAPIContext, ut as LiteralUnion, v as SignInCredentialsOptions, vn as CreateSessionStrategyOptions, vt as UserFrom, w as SignOutAPIReturn, wn as JWTEncryptionAlgorithm, wt as AuthInstance, x as SignInOptions, xn as JWTConfig, xt as ZodShapeToObject, y as SignInCredentialsReturn, yn as CryptoSecret, yt as ValibotShapeToObject, z as AccessTokenError, zn as User, zt as Logger } from "../index-DIcbmH1M.js";
2
+ export { APIErrorMap, APIOptionsWithRedirectTo, APIOptionsWithRequest, APIOptionsWithSkipCSRFCheck, AccessTokenContext, AccessTokenError, ArktypeShapeToObject, AsymmetricKeyPair, AsymmetricKeyPairFromEnv, AuthAPI, AuthClient, AuthClientOptions, AuthConfig, AuthInstance, AuthInternalErrorCode, AuthResponse, AuthRuntimeConfig, AuthSecurityErrorCode, AuthorizationError, AuthorizeParams, BuiltInOAuthProvider, ConfigSchema, CookieConfig, CookieName, CookieStoreConfig, CookieStrategyAttributes, CreateSessionStrategyOptions, CredentialsPayload, CredentialsProvider, CredentialsProviderContext, CryptoSecret, CustomUserInfoFunction, DeepPartial, DeepRequired, EditableShape, EditableShapeArkType, EditableShapeTypebox, EditableShapeValibot, EditableShapeZod, EditableToSchema, EditableUser, ErrorType, FromShapeToObject, FunctionAPIContext, GetSessionAPIOptions, GetSessionAPIReturn, GetStatelessSessionReturn, HostCookie, IdentityConfig, InferSession, InferSignUp, InferUser, InferZodShape, InternalContext, InternalLogger, JWTConfig, JWTConfigBase, JWTEncryptedMode, JWTEncryptionAlgorithm, JWTExpirationStrategy, JWTKey, JWTKeyAlgorithm, JWTManager, JWTMode, JWTPayloadWithToken, JWTSealedMode, JWTSignedMode, JWTSigningAlgorithm, JWTStandardClaims, JWTStrategyOptions, JoseInstance, LiteralUnion, LogLevel, Logger, Merge, OAuthAccessTokenResponseType, OAuthEnv, OAuthError, OAuthProvider, OAuthProviderConfig, OAuthProviderCredentials, OAuthProviderRecord, OIDCAccessTokenResponseType, OIDCProviderContext, OnCreateUserContext, OpenIDMetadata, OpenIDProvider, OptionsWithRedirectTo, Prettify, RateLimiterConfig, RemoveIndexSignature, RequiredKeys, ResponseType, ReturnUpdateSessionShape, RouterGlobalContext, RuntimeOAuthProvider, SchemaRegistryContext, SecretKey, SecureCookie, Session, SessionConfig, SessionFrom, SessionStrategy, Severity, SignInAPIOptions, SignInAPIReturn, SignInCredentialsAPIOptions, SignInCredentialsAPIReturn, SignInCredentialsOptions, SignInCredentialsReturn, SignInCredentialsReturnData, SignInOptions, SignInReturn, SignOutAPIOptions, SignOutAPIReturn, SignOutOptions, SignOutReturn, SignOutReturnData, SignUpAPIOptions, SignUpAPIReturn, SignUpConfig, SignUpOptions, SignUpReturn, SignUpReturnData, StandardCookie, StatelessStrategyConfig, SyslogOptions, TokenRevocationError, TrustedOrigin, TrustedProxyHeadersConfig, TypeboxShapeToObject, TypedJWTPayload, UpdateSessionAPIOptions, UpdateSessionAPIReturn, UpdateSessionOptions, UpdateSessionReturn, UpdateSessionReturnData, User, UserFrom, UserShape, ValibotShapeToObject, Wrap, ZodShapeToObject };
@@ -1 +1 @@
1
- import{array as e,enum as t,null as n,number as r,object as i,string as a,union as o,z as s}from"zod/v4";const c=s.union([a().url(),i({url:a().url(),params:i({owner:a().optional(),responseType:t([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:a().optional()})})]),l=s.union([a().url(),i({url:a().url(),headers:s.record(a(),a()).optional()})]),u=s.union([a().url(),i({url:a().url(),headers:s.record(a(),a()).optional(),method:a().optional()})]),d=i({id:a(),name:a(),authorize:c.optional(),authorizeURL:a().url().optional(),accessToken:l,scope:a().optional(),userInfo:u,responseType:t([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:a(),clientSecret:a(),profile:s.function().optional()}),f=i({authorize:c.optional(),authorizeURL:a().url().optional(),accessToken:l,scope:a().optional(),userInfo:u,responseType:t([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:a(),clientSecret:a()}),p=f.extend({redirectURI:a(),state:a(),codeChallenge:a(),codeChallengeMethod:t([`plain`,`S256`])});i({state:a({message:`Missing state parameter in the OAuth authorization response.`}),code:a({message:`Missing code parameter in the OAuth authorization response.`})});const m=i({error:t([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:a().optional(),error_uri:a().optional(),state:a()});f.extend({redirectURI:a(),code:a(),codeVerifier:a().min(43).max(128)});const h=i({access_token:a(),token_type:a().optional(),expires_in:r().optional(),refresh_token:a().optional(),scope:o([a().optional().or(n()),e(a()).optional()])}),g=i({error:t([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:a().optional(),error_uri:a().optional()}),_=i({error:a(),error_description:a().optional()}),v=i({clientId:s.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:s.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),y=i({redirect:s.stringbool().optional().default(!0),redirectTo:a().optional()}),b=i({username:a(),password:a()});export{m as a,d as c,p as i,y as l,g as n,v as o,h as r,_ as s,b as t};
1
+ import{array as e,boolean as t,enum as n,null as r,number as i,object as a,string as o,union as s,z as c}from"zod/v4";const l=c.union([o().url(),a({url:o().url(),params:a({owner:o().optional(),responseType:n([`code`,`token`,`id_token`,`refresh_token`]).optional(),scope:o().optional()})})]),u=c.union([o().url(),a({url:o().url(),headers:c.record(o(),o()).optional()})]),d=c.union([o().url(),a({url:o().url(),request:c.function()}),a({url:o().url(),headers:c.record(o(),o()).optional(),method:o().optional()})]),f=a({id:o(),name:o(),authorize:l.optional(),authorizeURL:o().url().optional(),accessToken:u,scope:o().optional(),userInfo:d,responseType:n([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:o(),clientSecret:o(),profile:c.function().optional()}),p=a({authorize:l.optional(),authorizeURL:o().url().optional(),accessToken:u,scope:o().optional(),userInfo:d,responseType:n([`code`,`token`,`id_token`,`refresh_token`]).optional(),clientId:o(),clientSecret:o()}),m=p.extend({redirectURI:o(),state:o(),codeChallenge:o(),codeChallengeMethod:n([`plain`,`S256`])});a({state:o({message:`Missing state parameter in the OAuth authorization response.`}),code:o({message:`Missing code parameter in the OAuth authorization response.`})}),a({error:n([`invalid_request`,`unauthorized_client`,`access_denied`,`unsupported_response_type`,`invalid_scope`,`server_error`,`temporarily_unavailable`]),error_description:o().optional(),error_uri:o().optional(),state:o()}),p.extend({redirectURI:o(),code:o(),codeVerifier:o().min(43).max(128)});const h=a({access_token:o(),token_type:o().optional(),expires_in:i().optional(),refresh_token:o().optional(),scope:s([o().optional().or(r()),e(o()).optional()])}),g=a({error:n([`invalid_request`,`invalid_client`,`invalid_grant`,`unauthorized_client`,`unsupported_grant_type`,`invalid_scope`]),error_description:o().optional(),error_uri:o().optional()}),_=a({error:o(),error_description:o().optional()}),v=a({clientId:c.string().min(1,`OAuth Client ID is required in the environment variables.`),clientSecret:c.string().min(1,`OAuth Client Secret is required in the environment variables.`)}),y=a({redirect:c.stringbool().optional().default(!0),redirectTo:o().optional()}),b=a({username:o(),password:o()}),x=a({issuer:o().url(),authorization_endpoint:o().url(),token_endpoint:o().url(),userinfo_endpoint:o().url(),jwks_uri:o().url(),registration_endpoint:o().url().optional(),scopes_supported:e(o()).optional(),response_types_supported:e(o()).optional(),response_modes_supported:e(o()).optional(),grant_types_supported:e(o()).optional(),acr_values_supported:e(o()).optional(),subject_types_supported:e(o()),id_token_signing_alg_values_supported:e(o()),id_token_encryption_alg_values_supported:e(o()).optional(),id_token_encryption_enc_values_supported:e(o()).optional(),userinfo_signing_alg_values_supported:e(o()).optional(),userinfo_encryption_alg_values_supported:e(o()).optional(),userinfo_encryption_enc_values_supported:e(o()).optional(),request_object_signing_alg_values_supported:e(o()).optional(),request_object_encryption_alg_values_supported:e(o()).optional(),request_object_encryption_enc_values_supported:e(o()).optional(),token_endpoint_auth_methods_supported:e(o()).optional(),token_endpoint_auth_signing_alg_values_supported:e(o()).optional(),display_values_supported:e(o()).optional(),claim_types_supported:e(o()).optional(),claims_supported:e(o()).optional(),service_documentation:o().url().optional(),claims_locales_supported:e(o()).optional(),ui_locales_supported:e(o()).optional(),claims_parameter_supported:t().optional(),request_parameter_supported:t().optional(),request_uri_parameter_supported:t().optional(),require_request_uri_registration:t().optional(),op_policy_uri:o().url().optional(),op_tos_uri:o().url().optional()}).passthrough(),S=a({id:o(),name:o(),issuer:o().url(),clientId:o().optional(),clientSecret:o().optional(),scope:o().optional(),profile:c.function().optional()}),C=a({keys:e(a({kty:o(),kid:o().optional(),use:o().optional(),alg:o().optional(),n:o().optional(),e:o().optional(),x:o().optional(),y:o().optional(),crv:o().optional()}).passthrough())}),w=a({access_token:o(),token_type:o().optional(),expires_in:i().optional(),refresh_token:o().optional(),scope:s([o().optional().or(r()),e(o()).optional()]),id_token:o().optional()}),T=a({sub:o(),name:o().optional(),given_name:o().optional(),family_name:o().optional(),middle_name:o().optional(),nickname:o().optional(),preferred_username:o().optional(),profile:o().url().optional(),picture:o().url().optional(),website:o().url().optional(),email:o().optional(),email_verified:t().optional(),gender:o().optional(),birthdate:o().optional(),zoneinfo:o().optional(),locale:o().optional(),phone_number:o().optional(),phone_number_verified:t().optional(),address:c.record(o(),c.unknown()).optional(),updated_at:i().optional()}).passthrough(),E=a({iss:o(),sub:o(),aud:c.union([o(),e(o())]),exp:i(),iat:i(),nonce:o().optional(),azp:o().optional(),auth_time:i().optional()}).passthrough();export{h as a,_ as c,T as d,x as f,g as i,f as l,y as m,E as n,m as o,S as p,C as r,v as s,b as t,w as u};
@@ -1 +1 @@
1
- Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-n3aahaEr.cjs`);const e=require(`../errors-DcK2ELlk.cjs`),t=require(`@aura-stack/router`).createClient,n=n=>{if(typeof window>`u`&&!n.baseURL)throw new e.t("`baseURL` is required when createAuthClient is used outside the browser.");let r=t({cache:`no-store`,credentials:`include`,baseURL:n.baseURL??window.location.origin,...n}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let{redirectTo:n}=t??{},i=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{redirectTo:n,redirect:!1}})).json();return t?.redirect===!0&&typeof window<`u`&&i?.signInURL&&window.location.assign(i.signInURL),i}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async e=>{try{let{redirectTo:t}=e??{},n=await(await r.post(`/signIn/credentials`,{body:e.payload,searchParams:{redirectTo:t,redirect:!1}})).json();return e?.redirect===!0&&typeof window<`u`&&n?.redirectURL&&window.location.assign(n.redirectURL),n}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e.t(`Failed to fetch CSRF token for session update.`);let{session:a,redirectTo:o}=t??{};if(!a)return{success:!1,session:null};let s=a.user??{},c=await(await r.patch(`/session`,{body:{user:s,expires:a.expires?new Date(a.expires):void 0},searchParams:{redirectTo:o,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&c?.redirectURL&&window.location.assign(c.redirectURL),c}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e.t(`Failed to fetch CSRF token for sign-out.`);let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,redirect:!1,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};exports.createAuthClient=n;
1
+ Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-CAygUyH6.cjs`);const e=require(`../errors-BiBhdux1.cjs`),t=require(`@aura-stack/router`).createClient,n=n=>{if(typeof window>`u`&&!n.baseURL)throw new e.t({code:`CLIENT_BASE_URL_MISSING`});let r=t({cache:`no-store`,credentials:`include`,baseURL:n.baseURL??window.location.origin,...n}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let{redirectTo:n}=t??{},i=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{redirectTo:n,redirect:!1}})).json();return t?.redirect===!0&&typeof window<`u`&&i?.signInURL&&window.location.assign(i.signInURL),i}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async t=>{try{let n=await i();if(!n)throw new e.t({code:`CSRF_TOKEN_MISSING`});let{redirectTo:a}=t??{},o=await(await r.post(`/signIn/credentials`,{body:t.payload,searchParams:{redirectTo:a,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&o?.redirectURL&&window.location.assign(o.redirectURL),o}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},signUp:async t=>{try{let n=await i();if(!n)throw new e.t({code:`CSRF_TOKEN_MISSING`});let{redirectTo:a}=t??{},o=await(await r.post(`/signUp`,{body:t.payload,searchParams:{redirectTo:a,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&o?.redirectURL&&window.location.assign(o.redirectURL),o}catch(e){return console.error(`Error during sign-up:`,e),{success:!1,redirect:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e.t({code:`CSRF_TOKEN_MISSING`});let{session:a,redirectTo:o}=t??{};if(!a)return{success:!1,session:null};let s=a.user??{},c=await(await r.patch(`/session`,{body:{user:s,expires:a.expires?new Date(a.expires):void 0},searchParams:{redirectTo:o,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&c?.redirectURL&&window.location.assign(c.redirectURL),c}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e.t({code:`CSRF_TOKEN_MISSING`});let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,redirect:!1,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};exports.createAuthClient=n;
@@ -1,9 +1,10 @@
1
- import { A as UpdateSessionOptions, E as SignOutReturn, S as SignInReturn, T as SignOutOptions, hn as BuiltInOAuthProvider, j as UpdateSessionReturn, mn as User, n as AuthClientOptions, rt as LiteralUnion, un as Session, v as SignInCredentialsOptions, x as SignInOptions, y as SignInCredentialsReturn } from "../index-1ADcIVGC.js";
1
+ import { A as SignUpOptions, E as SignOutReturn, F as UpdateSessionOptions, Fn as Session, I as UpdateSessionReturn, S as SignInReturn, T as SignOutOptions, j as SignUpReturn, ln as BuiltInOAuthProvider, n as AuthClientOptions, ut as LiteralUnion, v as SignInCredentialsOptions, x as SignInOptions, y as SignInCredentialsReturn, zn as User } from "../index-DIcbmH1M.js";
2
2
  //#region src/client/client.d.ts
3
- declare const createAuthClient: <DefaultUser extends User = User>(options: AuthClientOptions) => {
3
+ declare const createAuthClient: <DefaultUser extends User = User, SignUpPayload extends Record<string, any> = Record<string, any>>(options: AuthClientOptions) => {
4
4
  getSession: () => Promise<Session<DefaultUser> | null>;
5
5
  signIn: <Options extends SignInOptions>(oauth: LiteralUnion<BuiltInOAuthProvider>, options?: Options) => Promise<SignInReturn<Options>>;
6
6
  signInCredentials: <Options extends SignInCredentialsOptions>(options: Options) => Promise<SignInCredentialsReturn<Options>>;
7
+ signUp: <Options extends SignUpOptions<SignUpPayload>>(options: Options) => Promise<SignUpReturn<Options>>;
7
8
  updateSession: <Options extends UpdateSessionOptions<DefaultUser>>(options: Options) => Promise<UpdateSessionReturn<Options, DefaultUser>>;
8
9
  signOut: <Options extends SignOutOptions>(options?: Options) => Promise<SignOutReturn<Options>>;
9
10
  };
@@ -1 +1 @@
1
- import{t as e}from"../errors-Czt_w1t_.js";import{createClient as t}from"@aura-stack/router";const n=t,r=t=>{if(typeof window>`u`&&!t.baseURL)throw new e("`baseURL` is required when createAuthClient is used outside the browser.");let r=n({cache:`no-store`,credentials:`include`,baseURL:t.baseURL??window.location.origin,...t}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let{redirectTo:n}=t??{},i=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{redirectTo:n,redirect:!1}})).json();return t?.redirect===!0&&typeof window<`u`&&i?.signInURL&&window.location.assign(i.signInURL),i}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async e=>{try{let{redirectTo:t}=e??{},n=await(await r.post(`/signIn/credentials`,{body:e.payload,searchParams:{redirectTo:t,redirect:!1}})).json();return e?.redirect===!0&&typeof window<`u`&&n?.redirectURL&&window.location.assign(n.redirectURL),n}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e(`Failed to fetch CSRF token for session update.`);let{session:a,redirectTo:o}=t??{};if(!a)return{success:!1,session:null};let s=a.user??{},c=await(await r.patch(`/session`,{body:{user:s,expires:a.expires?new Date(a.expires):void 0},searchParams:{redirectTo:o,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&c?.redirectURL&&window.location.assign(c.redirectURL),c}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e(`Failed to fetch CSRF token for sign-out.`);let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,redirect:!1,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};export{r as createAuthClient};
1
+ import{t as e}from"../errors-BWpHquVG.js";import{createClient as t}from"@aura-stack/router";const n=t,r=t=>{if(typeof window>`u`&&!t.baseURL)throw new e({code:`CLIENT_BASE_URL_MISSING`});let r=n({cache:`no-store`,credentials:`include`,baseURL:t.baseURL??window.location.origin,...t}),i=async()=>{try{let e=await r.get(`/csrfToken`);return e.ok?(await e.json()).csrfToken??null:null}catch(e){return console.error(`Error fetching CSRF token:`,e),null}};return{getSession:async()=>{try{let e=await r.get(`/session`);if(!e.ok)return null;let t=await e.json();return t.success?t.session:null}catch(e){return console.error(`Error fetching session:`,e),null}},signIn:async(e,t)=>{try{let{redirectTo:n}=t??{},i=await(await r.get(`/signIn/:oauth`,{params:{oauth:e},searchParams:{redirectTo:n,redirect:!1}})).json();return t?.redirect===!0&&typeof window<`u`&&i?.signInURL&&window.location.assign(i.signInURL),i}catch(e){return console.error(`Error during sign-in:`,e),{success:!1,redirect:!1,signInURL:`/`}}},signInCredentials:async t=>{try{let n=await i();if(!n)throw new e({code:`CSRF_TOKEN_MISSING`});let{redirectTo:a}=t??{},o=await(await r.post(`/signIn/credentials`,{body:t.payload,searchParams:{redirectTo:a,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&o?.redirectURL&&window.location.assign(o.redirectURL),o}catch(e){return console.error(`Error during credentials sign-in:`,e),{success:!1,redirectURL:null}}},signUp:async t=>{try{let n=await i();if(!n)throw new e({code:`CSRF_TOKEN_MISSING`});let{redirectTo:a}=t??{},o=await(await r.post(`/signUp`,{body:t.payload,searchParams:{redirectTo:a,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&o?.redirectURL&&window.location.assign(o.redirectURL),o}catch(e){return console.error(`Error during sign-up:`,e),{success:!1,redirect:!1,redirectURL:null}}},updateSession:async t=>{try{let n=await i();if(!n)throw new e({code:`CSRF_TOKEN_MISSING`});let{session:a,redirectTo:o}=t??{};if(!a)return{success:!1,session:null};let s=a.user??{},c=await(await r.patch(`/session`,{body:{user:s,expires:a.expires?new Date(a.expires):void 0},searchParams:{redirectTo:o,redirect:!1},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&c?.redirectURL&&window.location.assign(c.redirectURL),c}catch(e){return console.error(`Error updating session:`,e),{success:!1,session:null}}},signOut:async t=>{try{let n=await i();if(!n)throw new e({code:`CSRF_TOKEN_MISSING`});let a=await(await r.post(`/signOut`,{searchParams:{redirectTo:t?.redirectTo,redirect:!1,token_type_hint:`session_token`},headers:{"X-CSRF-Token":n}})).json();return t?.redirect===!0&&typeof window<`u`&&a?.redirectURL&&window.location.assign(a.redirectURL),a}catch(e){return console.error(`Error during sign-out:`,e),{success:!1,redirect:!1,redirectURL:`/`}}}}};export{r as createAuthClient};
@@ -0,0 +1,3 @@
1
+ import{n as e,t}from"./errors-BWpHquVG.js";import{n,t as r}from"./env-BG1x-kSX.js";import"arktype";import"typebox";import{parse as i,serialize as a}from"@aura-stack/router/cookie";import{encoder as o,encoder as s,getRandomBytes as c,getSubtleCrypto as l}from"@aura-stack/jose/crypto";import{base64url as u,exportJWK as d,generateKeyPair as f,generateKeyPair as ee,importPKCS8 as p,importSPKI as te}from"@aura-stack/jose/jose";import{createDeriveKey as m,createJWE as ne,createJWS as re,createJWT as ie,createSecret as ae}from"@aura-stack/jose";const h={httpOnly:!0,sameSite:`lax`,path:`/`,maxAge:3600*24*15},oe={secure:!1,httpOnly:!0},g={secure:!0,httpOnly:!0},_={secure:!0,httpOnly:!0,path:`/`,domain:void 0},v={httpOnly:!0,maxAge:300,sameSite:`lax`,expires:new Date(Date.now()+300*1e3)},se=(e,t,n)=>a(e,t,n),ce=e=>({...e,expires:new Date(0),maxAge:0,secure:e?.secure??!0}),y=(e,n)=>{let r=e instanceof Request?e.headers.get(`Cookie`):e.get(`Cookie`);if(!r||r.length===0)throw new t({code:`COOKIE_NOT_FOUND`});let a=i(r)[n];if(!a)throw new t({code:`COOKIE_INVALID_VALUE`});return a},b=(e,t,n,i)=>(t.httpOnly||i?.log(`COOKIE_HTTPONLY_DISABLED`),t.domain===`*`&&(t.domain=void 0,i?.log(`COOKIE_WILDCARD_DOMAIN`)),e?n===`host`?{...h,...t,..._}:{...h,...t,...g}:(t.secure&&i?.log(`COOKIE_SECURE_DISABLED`),t.sameSite==`none`&&(t.sameSite=`lax`,i?.log(`COOKIE_SAMESITE_NONE_WITHOUT_SECURE`)),r.NODE_ENV===`production`&&i?.log(`COOKIE_INSECURE_IN_PRODUCTION`),n===`host`&&i?.log(`COOKIE_HOST_STRATEGY_INSECURE`),{...h,...t,...oe})),le=(e,t,n,r)=>{t??=`aura-auth`;let i=e?`__Secure-`:``,a=e?`__Host-`:``;return{sessionToken:{name:`${i}${t}.${n?.sessionToken?.name??`session_token`}`,attributes:b(e,{...h,...n?.sessionToken?.attributes},n?.sessionToken?.attributes?.strategy??`secure`,r)},state:{name:`${i}${t}.${n?.state?.name??`state`}`,attributes:b(e,{...v,...n?.state?.attributes},n?.state?.attributes?.strategy??`secure`,r)},csrfToken:{name:`${a}${t}.${n?.csrfToken?.name??`csrf_token`}`,attributes:b(e,{...n?.csrfToken?.attributes,..._,sameSite:`strict`},n?.csrfToken?.attributes?.strategy??`host`,r)},redirectTo:{name:`${i}${t}.${n?.redirectTo?.name??`redirect_to`}`,attributes:b(e,{...v,...n?.redirectTo?.attributes},n?.redirectTo?.attributes?.strategy??`secure`,r)},redirectURI:{name:`${i}${t}.${n?.redirectURI?.name??`redirect_uri`}`,attributes:b(e,{...v,...n?.redirectURI?.attributes},n?.redirectURI?.attributes?.strategy??`secure`,r)},codeVerifier:{name:`${i}${t}.${n?.codeVerifier?.name??`code_verifier`}`,attributes:b(e,{...v,...n?.codeVerifier?.attributes},n?.codeVerifier?.attributes?.strategy??`secure`,r)},nonce:{name:`${i}${t}.${n?.nonce?.name??`nonce`}`,attributes:b(e,{...v,...n?.nonce?.attributes},n?.nonce?.attributes?.strategy??`secure`,r)}}},ue=`0.7.2`,x=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,S=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},C=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},w=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,T=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},E=(e,t)=>{let n=o.encode(e),r=o.encode(t),i=Math.max(n.length,r.length),a=0;for(let e=0;e<i;e++)a|=(n[e]??0)^(r[e]??0);return a===0&&n.length===r.length},de=(e,r)=>{let i=n(e)??e,a=n(r)??r;if(!i||!a)throw new t({code:`AUTH_BASIC_CREDENTIALS_INVALID`});let s=`${i}:${a}`,c=String.fromCharCode.apply(null,Array.from(o.encode(s)));return`Basic ${btoa(c)}`},fe=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),pe=async({headers:e,cookies:n,jwt:r,logger:i})=>{let a=null;try{a=y(e,n.sessionToken.name)}catch(e){throw i?.log(`SESSION_NOT_FOUND`),new t({code:`SESSION_NOT_FOUND`,cause:e})}if(!a)throw i?.log(`SESSION_NOT_FOUND`),new t({code:`SESSION_NOT_FOUND`});try{await r.verifyToken(a)}catch(e){throw i?.log(`INVALID_JWT_TOKEN`,{structuredData:{error_type:w(e)}}),new t({code:`SESSION_INVALID`,cause:e})}},me=async({headers:e,skipCSRFCheck:n,cookies:r,logger:i,jose:a})=>{let o=null,s=e.get(`X-CSRF-Token`);try{o=y(e,r.csrfToken.name)}catch(e){throw i?.log(`CSRF_TOKEN_MISSING`),new t({code:`CSRF_TOKEN_MISSING`,cause:e})}if(i?.log(`CSRF_TOKEN_REQUESTED`,{structuredData:{has_csrf_token:!!o,has_csrf_header:!!s,skip_csrf_check:n}}),!n){if(!o)throw i?.log(`CSRF_TOKEN_MISSING`),new t({code:`CSRF_TOKEN_MISSING`});if(!s)throw i?.log(`CSRF_HEADER_MISSING`),new t({code:`CSRF_DOUBLE_SUBMIT_FAILED`});try{await Z(a,o,s)}catch(e){throw i?.log(`CSRF_TOKEN_INVALID`,{structuredData:{error_type:w(e)}}),new t({code:`CSRF_TOKEN_MISMATCH`})}i?.log(`CSRF_TOKEN_VERIFIED`)}return!0},D=[`<`,`>`,`"`,"`",` `,`\r`,`
2
+ `,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
3
+ `,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],O=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of D)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},k=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,he=e=>{if(e.length>100)return!1;for(let t of D)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},ge=(e,t)=>{let n=new URL(e),r=new URL(t);return x(n.origin,r.origin)},_e=(e,t)=>{if(!O(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(T(e)?.test(n))return!0;try{if(O(e)&&x(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},A=e=>e?.jwt?.mode??`sealed`,j=e=>A(e)===`signed`,M=e=>A(e)===`encrypted`,N=e=>A(e)===`sealed`,P=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,F=e=>typeof e==`object`&&!!e&&`algorithm`in e&&`extractable`in e,I=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,ve=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&(F(e.sign)||P(e.sign))&&(F(e.encrypt)||P(e.encrypt)),L=e=>typeof e==`string`&&/-----BEGIN (PUBLIC|PRIVATE) KEY-----/.test(e),R=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e&&L(e.publicKey)&&L(e.privateKey),z=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&R(e.sign)&&R(e.encrypt),B=e=>typeof e==`object`&&!!e&&`~run`in e&&typeof e[`~run`]==`function`,ye=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).length>0&&Object.values(e).every(B),V=e=>typeof e==`object`&&!!e&&`_def`in e,be=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(V),xe=e=>typeof e==`function`&&e!==null&&`allows`in e&&`assert`in e,Se=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(e=>typeof e==`object`&&`type`in e),Ce=e=>typeof e==`object`&&!!e&&typeof e.url==`string`&&`request`in e&&typeof e.request==`function`,we=(e,n)=>{let r=e.headers.get(`Content-Type`);if(r?.split(`;`)[0]?.trim().toLowerCase()!==`application/json`)throw n?.log(`OAUTH_INVALID_CONTENT_TYPE`,{structuredData:{content_type:r}}),new t({code:`OAUTH_INVALID_CONTENT_TYPE`})},Te=e=>e?.jwt,Ee=e=>{let t=Te(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},H=(e,t)=>({...Ee(t),...e}),U=(e,t)=>{let n={};return(j(e)||N(e))&&e?.jwt?.signingAlgorithm&&(n.alg=e.jwt.signingAlgorithm),{...n,...t}},W=(e,t)=>{let n={};return(M(e)||N(e))&&(e?.jwt?.keyAlgorithm&&(n.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(n.enc=e.jwt.encryptionAlgorithm)),{...n,...t}},G=(e,t)=>{let n={};return(j(e)||N(e))&&(e?.jwt?.signingAlgorithm&&(n.algorithms=[e.jwt.signingAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},K=(e,t)=>{let n={};return(M(e)||N(e))&&(e?.jwt?.keyAlgorithm&&(n.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(n.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},q=e=>{let n=Math.floor(Date.now()/1e3);if(e.mexp&&typeof e.mexp==`number`&&n>e.mexp)throw new t({code:`JWT_EXPIRED`})},De=async(e,r,i)=>{if(z(e)){if(!N(i))throw new t({code:`INVALID_PEM_KEY_PAIR_MODE_MISMATCH`});let{sign:r,encrypt:a}=e,o=n(`SIGNING_ALG`)||n(`SIGNING_ALGORITHM`)||i?.jwt.signingAlgorithm||`RS256`,s=n(`ENCRYPTION_ALG`)||n(`ENCRYPTION_ALGORITHM`)||i?.jwt.keyAlgorithm||`RSA-OAEP-256`,c=await $(r,o),l=await $(a,s);return{jwsSecret:c,jweSecret:l,jwtSecret:{sign:c,encrypt:l}}}if(R(e)){if(N(i))throw new t({code:`INVALID_PEM_KEY_PAIR_SINGLE_MISMATCH`});let{publicKey:r,privateKey:a}=await $(e,n(`ALGORITHM`)||n(`ALG`)||(j(i)?i?.jwt?.signingAlgorithm:void 0)||(M(i)?i?.jwt?.keyAlgorithm:void 0)||`RS256`);return{jwsSecret:{publicKey:r,privateKey:a},jweSecret:{publicKey:r,privateKey:a},jwtSecret:{sign:{publicKey:r,privateKey:a},encrypt:{publicKey:r,privateKey:a}}}}if(ve(e))return{jwsSecret:e.sign,jweSecret:e.encrypt,jwtSecret:{sign:e.sign,encrypt:e.encrypt}};if(F(e)||P(e)||I(e))return{jwsSecret:e,jweSecret:e,jwtSecret:{sign:e,encrypt:e}};let[a,o]=await Promise.all([m(e,r,`aura:signing`),m(e,r,`aura:encryption`)]);return{jwsSecret:a,jweSecret:o,jwtSecret:{sign:a,encrypt:o}}},J=e=>{let t=n(`${e}${e&&`_`}PUBLIC_KEY`),r=n(`${e}${e&&`_`}PRIVATE_KEY`);return t&&r?{publicKey:t,privateKey:r}:null},Oe=e=>{if(e??=n(`SECRET`),e)return e;let r=J(``);if(r)return r;let i=J(`SIGNING`),a=J(`ENCRYPTION`);if(i&&a)return{sign:i,encrypt:a};throw new t({code:`JOSE_INITIALIZATION_SECRET_MISSING`})},ke=(e,r)=>{let i=Oe(e),a=n(`SALT`);if(!a)throw new t({code:`JOSE_INITIALIZATION_SALT_MISSING`});try{ae(a)}catch(e){throw new t({code:`INVALID_SALT_SECRET_VALUE`,cause:e})}let o=(async()=>{let{jwsSecret:e,jweSecret:t,jwtSecret:n}=await De(i,a,r);return{jwt:ie(n),jws:re(e),jwe:ne(t)}})();return{signJWS:async(e,t)=>{let{jws:n}=await o;return n.signJWS(H(e,r),U(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await o,i=await n.verifyJWS(e,G(r,t));return q(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await o;return n.encryptJWE(H(e,r),W(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await o,i=await n.decryptJWE(e,K(r,t));return q(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await o;return await n.encodeJWT(H(e,r),{sign:U(r,t?.sign),encrypt:W(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await o,i=await n.decodeJWT(e,{verify:G(r,t?.verify),decrypt:K(r,t?.decrypt)});return q(i),i}}},Y=(e=32)=>u.encode(c(e)),X=async e=>{let t=await l().digest(`SHA-256`,s.encode(e));return u.encode(new Uint8Array(t))},Ae=async e=>{let n=e?void 0:Math.floor(Math.random()*65+32),r=e??Y(n??64);if(r.length<43||r.length>128)throw new t({code:`PKCE_VERIFIER_INVALID`});return{codeVerifier:r,codeChallenge:await X(r),method:`S256`}},je=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=Y(32);return e.signJWS({token:n})}catch{let t=Y(32);return e.signJWS({token:t})}},Z=async(n,r,i)=>{try{let e=await n.verifyJWS(r),a=await n.verifyJWS(i);if(!k(e)||!k(a))throw new t({code:`CSRF_TOKEN_MISSING`});if(!x(e.token.length,a.token.length)||!E(e.token,a.token))throw new t({code:`CSRF_TOKEN_MISMATCH`});return!0}catch(n){throw e(n)?n:new t({code:`CSRF_TOKEN_MISSING`,cause:n})}},Q=async(e,t,n=6e5)=>{let r=l(),i=t?u.decode(t):c(16),a=await r.importKey(`raw`,s.encode(e),`PBKDF2`,!1,[`deriveBits`]),o=await r.deriveBits({name:`PBKDF2`,salt:i,iterations:n,hash:`SHA-256`},a,256),d=new Uint8Array(o),f=u.encode(d);return`pbkdf2-sha256:${n}:${u.encode(i)}:${f}`},Me=async(e,t)=>{try{let n=t.split(`:`);if(n.length!==4)return!1;let[r,i,a]=n;if(r!==`pbkdf2-sha256`)return!1;let o=parseInt(i,10);if(isNaN(o))return!1;let[,,,s]=(await Q(e,a,o)).split(`:`),[,,,c]=t.split(`:`);return!s||!c?!1:E(s,c)}catch{return!1}},$=async(e,t)=>{let n=await p(e.privateKey,t,{extractable:!0});return{publicKey:await te(e.publicKey,t,{extractable:!0}),privateKey:n}},Ne=async(e,t)=>{let{publicKey:n,privateKey:r}=await f(e,t);return{publicKey:await d(n),privateKey:await d(r)}};export{T as A,V as C,C as D,x as E,le as F,y as I,ce as L,fe as M,me as N,w as O,pe as P,se as R,be as S,de as T,_e as _,Y as a,B as b,$ as c,ke as d,we as f,ge as g,he as h,Ae as i,E as j,S as k,Z as l,Ce as m,X as n,Ne as o,xe as p,ee as r,Q as s,je as t,Me as u,Se as v,ue as w,O as x,ye as y};
@@ -0,0 +1,3 @@
1
+ require(`./identity-CAygUyH6.cjs`);const e=require(`./errors-BiBhdux1.cjs`),t=require(`./env-BhQ2k7jj.cjs`);require(`arktype`),require(`typebox`);let n=require(`@aura-stack/router/cookie`),r=require(`@aura-stack/jose/crypto`),i=require(`@aura-stack/jose/jose`),a=require(`@aura-stack/jose`);const o={httpOnly:!0,sameSite:`lax`,path:`/`,maxAge:3600*24*15},s={secure:!1,httpOnly:!0},c={secure:!0,httpOnly:!0},l={secure:!0,httpOnly:!0,path:`/`,domain:void 0},u={httpOnly:!0,maxAge:300,sameSite:`lax`,expires:new Date(Date.now()+300*1e3)},ee=(e,t,r)=>(0,n.serialize)(e,t,r),te=e=>({...e,expires:new Date(0),maxAge:0,secure:e?.secure??!0}),d=(t,r)=>{let i=t instanceof Request?t.headers.get(`Cookie`):t.get(`Cookie`);if(!i||i.length===0)throw new e.t({code:`COOKIE_NOT_FOUND`});let a=(0,n.parse)(i)[r];if(!a)throw new e.t({code:`COOKIE_INVALID_VALUE`});return a},f=(e,n,r,i)=>(n.httpOnly||i?.log(`COOKIE_HTTPONLY_DISABLED`),n.domain===`*`&&(n.domain=void 0,i?.log(`COOKIE_WILDCARD_DOMAIN`)),e?r===`host`?{...o,...n,...l}:{...o,...n,...c}:(n.secure&&i?.log(`COOKIE_SECURE_DISABLED`),n.sameSite==`none`&&(n.sameSite=`lax`,i?.log(`COOKIE_SAMESITE_NONE_WITHOUT_SECURE`)),t.t.NODE_ENV===`production`&&i?.log(`COOKIE_INSECURE_IN_PRODUCTION`),r===`host`&&i?.log(`COOKIE_HOST_STRATEGY_INSECURE`),{...o,...n,...s})),p=(e,t,n,r)=>{t??=`aura-auth`;let i=e?`__Secure-`:``,a=e?`__Host-`:``;return{sessionToken:{name:`${i}${t}.${n?.sessionToken?.name??`session_token`}`,attributes:f(e,{...o,...n?.sessionToken?.attributes},n?.sessionToken?.attributes?.strategy??`secure`,r)},state:{name:`${i}${t}.${n?.state?.name??`state`}`,attributes:f(e,{...u,...n?.state?.attributes},n?.state?.attributes?.strategy??`secure`,r)},csrfToken:{name:`${a}${t}.${n?.csrfToken?.name??`csrf_token`}`,attributes:f(e,{...n?.csrfToken?.attributes,...l,sameSite:`strict`},n?.csrfToken?.attributes?.strategy??`host`,r)},redirectTo:{name:`${i}${t}.${n?.redirectTo?.name??`redirect_to`}`,attributes:f(e,{...u,...n?.redirectTo?.attributes},n?.redirectTo?.attributes?.strategy??`secure`,r)},redirectURI:{name:`${i}${t}.${n?.redirectURI?.name??`redirect_uri`}`,attributes:f(e,{...u,...n?.redirectURI?.attributes},n?.redirectURI?.attributes?.strategy??`secure`,r)},codeVerifier:{name:`${i}${t}.${n?.codeVerifier?.name??`code_verifier`}`,attributes:f(e,{...u,...n?.codeVerifier?.attributes},n?.codeVerifier?.attributes?.strategy??`secure`,r)},nonce:{name:`${i}${t}.${n?.nonce?.name??`nonce`}`,attributes:f(e,{...u,...n?.nonce?.attributes},n?.nonce?.attributes?.strategy??`secure`,r)}}},m=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,ne=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},re=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},h=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,g=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},_=(e,t)=>{let n=r.encoder.encode(e),i=r.encoder.encode(t),a=Math.max(n.length,i.length),o=0;for(let e=0;e<a;e++)o|=(n[e]??0)^(i[e]??0);return o===0&&n.length===i.length},ie=(n,i)=>{let a=t.n(n)??n,o=t.n(i)??i;if(!a||!o)throw new e.t({code:`AUTH_BASIC_CREDENTIALS_INVALID`});let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(r.encoder.encode(s)));return`Basic ${btoa(c)}`},v=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),ae=async({headers:t,cookies:n,jwt:r,logger:i})=>{let a=null;try{a=d(t,n.sessionToken.name)}catch(t){throw i?.log(`SESSION_NOT_FOUND`),new e.t({code:`SESSION_NOT_FOUND`,cause:t})}if(!a)throw i?.log(`SESSION_NOT_FOUND`),new e.t({code:`SESSION_NOT_FOUND`});try{await r.verifyToken(a)}catch(t){throw i?.log(`INVALID_JWT_TOKEN`,{structuredData:{error_type:h(t)}}),new e.t({code:`SESSION_INVALID`,cause:t})}},oe=async({headers:t,skipCSRFCheck:n,cookies:r,logger:i,jose:a})=>{let o=null,s=t.get(`X-CSRF-Token`);try{o=d(t,r.csrfToken.name)}catch(t){throw i?.log(`CSRF_TOKEN_MISSING`),new e.t({code:`CSRF_TOKEN_MISSING`,cause:t})}if(i?.log(`CSRF_TOKEN_REQUESTED`,{structuredData:{has_csrf_token:!!o,has_csrf_header:!!s,skip_csrf_check:n}}),!n){if(!o)throw i?.log(`CSRF_TOKEN_MISSING`),new e.t({code:`CSRF_TOKEN_MISSING`});if(!s)throw i?.log(`CSRF_HEADER_MISSING`),new e.t({code:`CSRF_DOUBLE_SUBMIT_FAILED`});try{await Z(a,o,s)}catch(t){throw i?.log(`CSRF_TOKEN_INVALID`,{structuredData:{error_type:h(t)}}),new e.t({code:`CSRF_TOKEN_MISMATCH`})}i?.log(`CSRF_TOKEN_VERIFIED`)}return!0},y=[`<`,`>`,`"`,"`",` `,`\r`,`
2
+ `,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
3
+ `,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],b=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of y)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},x=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,se=e=>{if(e.length>100)return!1;for(let t of y)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},ce=(e,t)=>{let n=new URL(e),r=new URL(t);return m(n.origin,r.origin)},S=(e,t)=>{if(!b(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(g(e)?.test(n))return!0;try{if(b(e)&&m(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},C=e=>e?.jwt?.mode??`sealed`,w=e=>C(e)===`signed`,T=e=>C(e)===`encrypted`,E=e=>C(e)===`sealed`,D=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,O=e=>typeof e==`object`&&!!e&&`algorithm`in e&&`extractable`in e,le=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,ue=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&(O(e.sign)||D(e.sign))&&(O(e.encrypt)||D(e.encrypt)),k=e=>typeof e==`string`&&/-----BEGIN (PUBLIC|PRIVATE) KEY-----/.test(e),A=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e&&k(e.publicKey)&&k(e.privateKey),j=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&A(e.sign)&&A(e.encrypt),M=e=>typeof e==`object`&&!!e&&`~run`in e&&typeof e[`~run`]==`function`,N=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).length>0&&Object.values(e).every(M),P=e=>typeof e==`object`&&!!e&&`_def`in e,F=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(P),I=e=>typeof e==`function`&&e!==null&&`allows`in e&&`assert`in e,L=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(e=>typeof e==`object`&&`type`in e),R=e=>typeof e==`object`&&!!e&&typeof e.url==`string`&&`request`in e&&typeof e.request==`function`,z=(t,n)=>{let r=t.headers.get(`Content-Type`);if(r?.split(`;`)[0]?.trim().toLowerCase()!==`application/json`)throw n?.log(`OAUTH_INVALID_CONTENT_TYPE`,{structuredData:{content_type:r}}),new e.t({code:`OAUTH_INVALID_CONTENT_TYPE`})},B=e=>e?.jwt,V=e=>{let t=B(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},H=(e,t)=>({...V(t),...e}),U=(e,t)=>{let n={};return(w(e)||E(e))&&e?.jwt?.signingAlgorithm&&(n.alg=e.jwt.signingAlgorithm),{...n,...t}},W=(e,t)=>{let n={};return(T(e)||E(e))&&(e?.jwt?.keyAlgorithm&&(n.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(n.enc=e.jwt.encryptionAlgorithm)),{...n,...t}},G=(e,t)=>{let n={};return(w(e)||E(e))&&(e?.jwt?.signingAlgorithm&&(n.algorithms=[e.jwt.signingAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},K=(e,t)=>{let n={};return(T(e)||E(e))&&(e?.jwt?.keyAlgorithm&&(n.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(n.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},q=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e.t({code:`JWT_EXPIRED`})},de=async(n,r,i)=>{if(j(n)){if(!E(i))throw new e.t({code:`INVALID_PEM_KEY_PAIR_MODE_MISMATCH`});let{sign:r,encrypt:a}=n,o=t.n(`SIGNING_ALG`)||t.n(`SIGNING_ALGORITHM`)||i?.jwt.signingAlgorithm||`RS256`,s=t.n(`ENCRYPTION_ALG`)||t.n(`ENCRYPTION_ALGORITHM`)||i?.jwt.keyAlgorithm||`RSA-OAEP-256`,c=await $(r,o),l=await $(a,s);return{jwsSecret:c,jweSecret:l,jwtSecret:{sign:c,encrypt:l}}}if(A(n)){if(E(i))throw new e.t({code:`INVALID_PEM_KEY_PAIR_SINGLE_MISMATCH`});let{publicKey:r,privateKey:a}=await $(n,t.n(`ALGORITHM`)||t.n(`ALG`)||(w(i)?i?.jwt?.signingAlgorithm:void 0)||(T(i)?i?.jwt?.keyAlgorithm:void 0)||`RS256`);return{jwsSecret:{publicKey:r,privateKey:a},jweSecret:{publicKey:r,privateKey:a},jwtSecret:{sign:{publicKey:r,privateKey:a},encrypt:{publicKey:r,privateKey:a}}}}if(ue(n))return{jwsSecret:n.sign,jweSecret:n.encrypt,jwtSecret:{sign:n.sign,encrypt:n.encrypt}};if(O(n)||D(n)||le(n))return{jwsSecret:n,jweSecret:n,jwtSecret:{sign:n,encrypt:n}};let[o,s]=await Promise.all([(0,a.createDeriveKey)(n,r,`aura:signing`),(0,a.createDeriveKey)(n,r,`aura:encryption`)]);return{jwsSecret:o,jweSecret:s,jwtSecret:{sign:o,encrypt:s}}},J=e=>{let n=t.n(`${e}${e&&`_`}PUBLIC_KEY`),r=t.n(`${e}${e&&`_`}PRIVATE_KEY`);return n&&r?{publicKey:n,privateKey:r}:null},fe=n=>{if(n??=t.n(`SECRET`),n)return n;let r=J(``);if(r)return r;let i=J(`SIGNING`),a=J(`ENCRYPTION`);if(i&&a)return{sign:i,encrypt:a};throw new e.t({code:`JOSE_INITIALIZATION_SECRET_MISSING`})},pe=(n,r)=>{let i=fe(n),o=t.n(`SALT`);if(!o)throw new e.t({code:`JOSE_INITIALIZATION_SALT_MISSING`});try{(0,a.createSecret)(o)}catch(t){throw new e.t({code:`INVALID_SALT_SECRET_VALUE`,cause:t})}let s=(async()=>{let{jwsSecret:e,jweSecret:t,jwtSecret:n}=await de(i,o,r);return{jwt:(0,a.createJWT)(n),jws:(0,a.createJWS)(e),jwe:(0,a.createJWE)(t)}})();return{signJWS:async(e,t)=>{let{jws:n}=await s;return n.signJWS(H(e,r),U(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await s,i=await n.verifyJWS(e,G(r,t));return q(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await s;return n.encryptJWE(H(e,r),W(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await s,i=await n.decryptJWE(e,K(r,t));return q(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await s;return await n.encodeJWT(H(e,r),{sign:U(r,t?.sign),encrypt:W(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await s,i=await n.decodeJWT(e,{verify:G(r,t?.verify),decrypt:K(r,t?.decrypt)});return q(i),i}}},Y=(e=32)=>i.base64url.encode((0,r.getRandomBytes)(e)),X=async e=>{let t=await(0,r.getSubtleCrypto)().digest(`SHA-256`,r.encoder.encode(e));return i.base64url.encode(new Uint8Array(t))},me=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??Y(n??64);if(r.length<43||r.length>128)throw new e.t({code:`PKCE_VERIFIER_INVALID`});return{codeVerifier:r,codeChallenge:await X(r),method:`S256`}},he=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=Y(32);return e.signJWS({token:n})}catch{let t=Y(32);return e.signJWS({token:t})}},Z=async(t,n,r)=>{try{let i=await t.verifyJWS(n),a=await t.verifyJWS(r);if(!x(i)||!x(a))throw new e.t({code:`CSRF_TOKEN_MISSING`});if(!m(i.token.length,a.token.length)||!_(i.token,a.token))throw new e.t({code:`CSRF_TOKEN_MISMATCH`});return!0}catch(t){throw e.n(t)?t:new e.t({code:`CSRF_TOKEN_MISSING`,cause:t})}},Q=async(e,t,n=6e5)=>{let a=(0,r.getSubtleCrypto)(),o=t?i.base64url.decode(t):(0,r.getRandomBytes)(16),s=await a.importKey(`raw`,r.encoder.encode(e),`PBKDF2`,!1,[`deriveBits`]),c=await a.deriveBits({name:`PBKDF2`,salt:o,iterations:n,hash:`SHA-256`},s,256),l=new Uint8Array(c),u=i.base64url.encode(l);return`pbkdf2-sha256:${n}:${i.base64url.encode(o)}:${u}`},ge=async(e,t)=>{try{let n=t.split(`:`);if(n.length!==4)return!1;let[r,i,a]=n;if(r!==`pbkdf2-sha256`)return!1;let o=parseInt(i,10);if(isNaN(o))return!1;let[,,,s]=(await Q(e,a,o)).split(`:`),[,,,c]=t.split(`:`);return!s||!c?!1:_(s,c)}catch{return!1}},$=async(e,t)=>{let n=await(0,i.importPKCS8)(e.privateKey,t,{extractable:!0});return{publicKey:await(0,i.importSPKI)(e.publicKey,t,{extractable:!0}),privateKey:n}},_e=async(e,t)=>{let{publicKey:n,privateKey:r}=await(0,i.generateKeyPair)(e,t);return{publicKey:await(0,i.exportJWK)(n),privateKey:await(0,i.exportJWK)(r)}};Object.defineProperty(exports,`A`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`C`,{enumerable:!0,get:function(){return`0.7.2`}}),Object.defineProperty(exports,`D`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`E`,{enumerable:!0,get:function(){return re}}),Object.defineProperty(exports,`F`,{enumerable:!0,get:function(){return d}}),Object.defineProperty(exports,`I`,{enumerable:!0,get:function(){return te}}),Object.defineProperty(exports,`L`,{enumerable:!0,get:function(){return ee}}),Object.defineProperty(exports,`M`,{enumerable:!0,get:function(){return oe}}),Object.defineProperty(exports,`N`,{enumerable:!0,get:function(){return ae}}),Object.defineProperty(exports,`O`,{enumerable:!0,get:function(){return ne}}),Object.defineProperty(exports,`P`,{enumerable:!0,get:function(){return p}}),Object.defineProperty(exports,`S`,{enumerable:!0,get:function(){return P}}),Object.defineProperty(exports,`T`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`_`,{enumerable:!0,get:function(){return L}}),Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return _e}}),Object.defineProperty(exports,`b`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return Z}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return z}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return I}}),Object.defineProperty(exports,`g`,{enumerable:!0,get:function(){return S}}),Object.defineProperty(exports,`h`,{enumerable:!0,get:function(){return ce}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return Y}}),Object.defineProperty(exports,`j`,{enumerable:!0,get:function(){return v}}),Object.defineProperty(exports,`k`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return ge}}),Object.defineProperty(exports,`m`,{enumerable:!0,get:function(){return se}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return X}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return Q}}),Object.defineProperty(exports,`p`,{enumerable:!0,get:function(){return R}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return me}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return $}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return he}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return pe}}),Object.defineProperty(exports,`v`,{enumerable:!0,get:function(){return N}}),Object.defineProperty(exports,`w`,{enumerable:!0,get:function(){return ie}}),Object.defineProperty(exports,`x`,{enumerable:!0,get:function(){return F}}),Object.defineProperty(exports,`y`,{enumerable:!0,get:function(){return M}});
@@ -0,0 +1 @@
1
+ const e={JWT_EXPIRED:{type:`AUTH_FLOW`,statusCode:401,name:`JwtError`,message:`The provided JSON Web Token has expired based on its 'exp' claim or maxExpiration (mexp) library settings.`,userMessage:`Your session has expired based on its max expiration. Please sign in again.`},JWT_INVALID_SIGNATURE:{type:`AUTH_FLOW`,statusCode:401,name:`JwtError`,message:`The cryptographic signature verification failed. The token token may have been tampered with or signed with an invalid key.`,userMessage:`Authentication failed. Please sign in again.`},JWT_MALFORMED:{type:`VALIDATION`,statusCode:401,name:`JwtError`,message:`The token string does not conform to the standard JWS/JWT three-part structure (header.payload.signature).`,userMessage:`Authentication failed. Please sign in again.`},JWT_ALGORITHM_MISMATCH:{type:`VALIDATION`,statusCode:401,name:`JwtError`,message:`The token header specifies an 'alg' that is not permitted by your local library security configuration restrictions.`,userMessage:`Authentication failed. Please sign in again.`},JWT_KEY_ROTATION_FAILED:{type:`INTERNAL`,statusCode:500,name:`JwtError`,message:`Failed to fetch or parse the remote JSON Web Key Set (JWKS) during an automatic signature key rotation cycle.`,userMessage:`An internal error occurred. Please try again.`},JWT_SEAL_FAILED:{type:`INTERNAL`,statusCode:500,name:`JwtError`,message:`The HKDF key derivation or AES-GCM encryption pipeline failed while trying to encrypt/seal the session payload.`,userMessage:`An internal error occurred. Please try again.`},JWT_UNSEAL_FAILED:{type:`INTERNAL`,statusCode:500,name:`JwtError`,message:`The decryption pattern or integrity authentication tag validation failed during the token unseal execution loop.`,userMessage:`Authentication failed. Please sign in again.`},JWT_INVALID_MODE:{type:`VALIDATION`,statusCode:500,name:`JwtError`,message:`The specified session mode does not match structural constraints. Expected configurations: 'sealed', 'signed', or 'encrypted'.`,userMessage:`Invalid JWT mode configured. Valid options are: 'sealed', 'signed', 'encrypted'.`},CSRF_TOKEN_MISSING:{type:`AUTH_FLOW`,statusCode:403,name:`CsrfError`,message:`State tracking failed because the required CSRF token cookie could not be extracted from incoming request headers.`,userMessage:`The CSRF token is missing. Please refresh and try again.`},CSRF_TOKEN_MISMATCH:{type:`AUTH_FLOW`,statusCode:403,name:`CsrfError`,message:`Security violation: The request payload/header anti-forgery token string does not match the value stored in the secure session cookie.`,userMessage:`CSRF token verification failed. Please refresh and try again.`},CSRF_ORIGIN_REJECTED:{type:`AUTH_FLOW`,statusCode:403,name:`CsrfError`,message:`Cross-Origin request blocked: The incoming Request 'Origin' header does not match the expected application Host or trusted subdomains.`,userMessage:`Request validation failed. Request origin is untrusted.`},CSRF_DOUBLE_SUBMIT_FAILED:{type:`AUTH_FLOW`,statusCode:403,name:`CsrfError`,message:`The state verification engine failed because the custom 'X-CSRF-Token' header was missing from the mutation request parameters.`,userMessage:`The CSRF header is missing. Please refresh and try again.`},SESSION_NOT_FOUND:{type:`AUTH_FLOW`,statusCode:401,name:`SessionError`,message:`The context evaluation phase failed because the target identifier sessionToken could not be pulled from the cookies object context.`,userMessage:`The session token is not found. There is no active session.`},SESSION_EXPIRED:{type:`AUTH_FLOW`,statusCode:401,name:`SessionError`,message:`The user session lifecycle timestamp has exceeded the absolute maximum duration threshold specified in storage settings.`,userMessage:`Your session has expired. Please sign in again.`},SESSION_REVOKED:{type:`AUTH_FLOW`,statusCode:403,name:`SessionError`,message:`The session block execution was aborted because the target token was explicitly blacklisted or flagged as inactive in persistence layer checks.`,userMessage:`Your session has been revoked. Please sign in again.`},SESSION_INVALID:{type:`AUTH_FLOW`,statusCode:401,name:`SessionError`,message:`The framework extracted a session token string, but it failed basic integrity decoding checks or cryptographic signatures.`,userMessage:`The session is not valid. Its signature or decryption parameters failed.`},SESSION_STRATEGY_MISMATCH:{type:`VALIDATION`,statusCode:500,name:`SessionError`,message:`The storage strategy context configuration doesn't align with active adapter engines (e.g. database adapter passed but strategy forced to pure 'jwt').`,userMessage:`The session handling configuration strategy is mismatched.`},SESSION_STORE_UNAVAILABLE:{type:`INTERNAL`,statusCode:503,name:`SessionError`,message:`The backing session persistence manager or distributed key-value store cache failed to respond within operational timeout limits.`,userMessage:`Service temporarily unavailable. Please try again.`},UPDATE_SESSION_INVALID:{type:`AUTH_FLOW`,statusCode:400,name:`SessionError`,message:`The internal call to 'refreshSession' completed, but returned a nullish value, meaning token mutation could not finish cleanly.`,userMessage:`Failed to update session parameters.`},INVALID_SESSION_STRATEGY:{type:`VALIDATION`,statusCode:500,name:`SessionError`,message:`The provided 'session.strategy' option string value is unsupported by the engine runtime core configurations.`,userMessage:`Unknown session strategy configured. Valid options are: 'jwt'.`},COOKIE_NOT_FOUND:{type:`AUTH_FLOW`,statusCode:401,name:`CookieError`,message:`The request pipeline expected parsing access to a 'Cookie' header block, but the raw header property evaluates to undefined.`,userMessage:`No cookies found. There is no active session.`},COOKIE_INVALID_VALUE:{type:`AUTH_FLOW`,statusCode:401,name:`CookieError`,message:`A target cookie identifier was discovered by the parser, but its internal string value payload resolved to blank or nullish data.`,userMessage:`Expected configuration cookie not found or contains an empty value.`},SET_COOKIE_NOT_FOUND:{type:`INTERNAL`,statusCode:500,name:`CookieError`,message:`The outbound Response middleware pipeline completed execution, but no structural 'Set-Cookie' header operations were registered.`,userMessage:`No cookies found in the application response.`},SET_COOKIE_INVALID_VALUE:{type:`INTERNAL`,statusCode:500,name:`CookieError`,message:`The system attempted to assign outbound state, but the generated value parameter evaluation payload returned a nullish value.`,userMessage:`The response cookie update target string has a nullish value.`},AUTH_CREDENTIALS_INVALID:{type:`AUTH_FLOW`,statusCode:401,name:`AuthError`,message:`The custom user 'authorize' handler function returned a nullish profile structure object or explicitly threw a mismatch validation signal.`,userMessage:`The user's session couldn't be established with the provided credentials.`},AUTH_PROVIDER_REJECTED:{type:`PROTOCOL`,statusCode:502,name:`AuthError`,message:`The downstream identity provider rejected verification protocols or explicit request parameters during handshake loops.`,userMessage:`Authentication provider error. Please try again.`},AUTH_CALLBACK_STATE_INVALID:{type:`PROTOCOL`,statusCode:400,name:`AuthError`,message:`The incoming state value from the third-party endpoint query string failed basic framework schema or parsing validations.`,userMessage:`Invalid authentication state. Please try again.`},AUTH_MFA_REQUIRED:{type:`AUTH_FLOW`,statusCode:403,name:`AuthError`,message:`Primary credential step passed, but system identity rules dictate intercepting execution to wait for a Multi-Factor token challenge verification.`,userMessage:`Multi-factor authentication check is required to continue.`},AUTH_MFA_CODE_INVALID:{type:`AUTH_FLOW`,statusCode:401,name:`AuthError`,message:`The custom Multi-Factor authentication TOTP/HOTP or SMS code submission string failed validation verification checks against host rules.`,userMessage:`The multi-factor verification code is invalid.`},USER_CREATION_FAILED:{type:`INTERNAL`,statusCode:500,name:`AuthError`,message:`The custom lifecycle hook 'onCreateUser' aborted execution, thrown exception handling traps, or returned an unexpected null reference mapping.`,userMessage:`Failed to create user account with the provided metadata payload.`},AUTH_BASIC_CREDENTIALS_INVALID:{type:`AUTH_FLOW`,statusCode:401,name:`AuthError`,message:`The HTTP Basic Authentication header failed credential verification. The decoded username and password pair did not match any user records or the authentication provider rejected the credentials.`,userMessage:`The username or password is incorrect. Please verify your credentials and try again.`},CONFIG_INVALID:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The primary configuration object argument failed initial structural layout runtime checks during engine context setups.`,userMessage:`An internal library validation error occurred.`},CONFIG_MISSING_REQUIRED:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`Crucial framework setup options are absent. Verify that required structural fields are present during initialization mappings.`,userMessage:`Required core environment parameters are missing from registration settings.`},CONFIG_BASE_URL_MISSING:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The application base URL could not be resolved from the current runtime configuration.`,userMessage:`The application base URL is missing. Set BASE_URL or provide valid host/proxy headers.`},INVALID_AUTH_CONFIGURATION:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The system cannot establish request resolution routes. Provide a valid 'BASE_URL' system environment configuration value or setup trusted proxy headers.`,userMessage:`The application context URL cannot be constructed. Set BASE_URL or provide proxy host headers.`},INVALID_TRUSTED_ORIGIN:{type:`VALIDATION`,statusCode:400,name:`ConfigError`,message:`The request location context was blocked. The incoming value does not match patterns mapped inside your array configuration rules.`,userMessage:`The incoming ORIGIN is not trusted. Verify your trustedOrigins configuration.`},CLIENT_BASE_URL_MISSING:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The client wrapper utility was instantiated inside a non-browser environment (Server Action, API route, etc.) without providing an explicit 'baseURL' fallback string property.`,userMessage:`baseURL is required when createAuthClient is invoked outside browser environments.`},POTENTIAL_OPEN_REDIRECT_ATTACK_DETECTED:{type:`VALIDATION`,statusCode:400,name:`ConfigError`,message:`The downstream navigation parameter target path evaluation failed security context tracking verification. The destination URL domain is untrusted.`,userMessage:`Invalid redirect path intercepted. Potential open redirect attack detected.`},JOSE_INITIALIZATION_SALT_MISSING:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`Core security initialization failed because both 'AURA_AUTH_SALT' and 'AUTH_SALT' environment string keys are completely missing from runtime access contexts.`,userMessage:`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. Salt required for key derivation.`},JOSE_INITIALIZATION_SECRET_MISSING:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`Core security initialization failed because both 'AURA_AUTH_SECRET' and 'AUTH_SECRET' environment string keys are completely missing from runtime access contexts.`,userMessage:`AURA_AUTH_SECRET environment variable is not set and no fallback secret was provided.`},INVALID_SALT_SECRET_VALUE:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The extracted salt string parameter does not fit minimum byte length requirements or baseline entropy targets needed for safe PBKDF2 key derivations.`,userMessage:`The encryption salt value must be at least 32 bytes long and meet baseline entropy values.`},INVALID_PEM_KEY_PAIR_MODE_MISMATCH:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`A configuration layout rule conflict was detected. Multiple asymmetric keys were passed but the runtime 'session.mode' parameter was not forced to 'sealed'.`,userMessage:`Multiple PEM Key Pairs found in runtime configurations require 'sealed' JWT mode.`},INVALID_PEM_KEY_PAIR_SINGLE_MISMATCH:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`A configuration layout rule conflict was detected. A single asymmetric key pair structure was loaded but the session processing mode was set to 'sealed'.`,userMessage:`Single PEM key pairs from configurations require 'signed' or 'encrypted' JWT mode.`},UNSUPPORTED_OAUTH_CONFIGURATION:{type:`VALIDATION`,statusCode:400,name:`OAuthError`,message:`An execution request flow was initialized targeting a specific identity provider code string that doesn't exist within initialized provider definitions.`,userMessage:`The targeted OAuth provider has not been configured in the initialization parameters.`},INVALID_ACCESS_TOKEN_OAUTH_CONFIG:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The runtime provider definition block lacks token endpoints, formatting methods, or client routing configurations required for handshake mutations.`,userMessage:`The remote access token exchange profile setup parameters are invalid.`},INVALID_OAUTH_ACCESS_TOKEN_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The outbound HTTP request to the remote identity provider token exchange endpoint failed validation checks. The response 'ok' field resolved to false.`,userMessage:`The authorization server rejected the request during the token exchange handshake.`},INVALID_OAUTH_ACCESS_TOKEN_RES_FORMAT:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The third-party authentication server responded with an HTTP status 200, but the returned data block structure fails schema verification (e.g. missing 'access_token').`,userMessage:`The identity provider token payload did not satisfy standard schema formats.`},INVALID_ACCESS_TOKEN:{type:`PROTOCOL`,statusCode:401,name:`OAuthError`,message:`The external authorization endpoint directly responded with an explicit error code payload parameter during token processing loops.`,userMessage:`Failed to clear identity transport verification down to the provider.`},UNKNOWN_OAUTH_ACCESS_TOKEN_ERROR:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`An unexpected runtime code path crash or unclassified transport exception occurred during the remote provider access token exchange execution flow.`,userMessage:`An unclassified token pipeline failure occurred during third-party processing.`},INVALID_USER_INFO:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The downstream mapping verification phase was aborted because the decoded third-party profile structure does not expose a stable immutable mapping key (id/sub/uid).`,userMessage:`The provider profile identity map did not supply an immutable index key (id/sub/uid).`},INVALID_OAUTH_USER_INFO_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The downstream endpoint fetch request to the provider user profile storage API returned an invalid response code status.`,userMessage:`The resource userInfo target server returned an error code response.`},INVALID_OAUTH_USER_INFO_RES_FORMAT:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The provider profile user data response format did not match semantic JSON object types required for downstream database generation.`,userMessage:`The returned user info profile structure payload is corrupted or unexpected.`},UNKNOWN_OAUTH_USER_INFO_ERROR:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`An unmapped connection trap exploded during asynchronous background operations inside the default profile fetch pipeline routines.`,userMessage:`Failed to communicate clean state down to the user configuration data provider.`},INVALID_CUSTOM_USER_INFO_ERROR:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The host application developer supplied a custom 'profile' mapping block callback method, but the return value runtime resolution returned undefined or threw an error.`,userMessage:`The custom userinfo mapper callback returned an empty payload reference or threw.`},UNKNOWN_CUSTOM_USER_INFO_ERROR:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`An unclassified system runtime breakdown occurred while trying to process data records down inside the developer's user profile normalization routine.`,userMessage:`An internal engine exception stopped custom resource user tracking map executions.`},AUTH_CALLBACK_MISSING_PARAMETERS:{type:`PROTOCOL`,statusCode:400,name:`OAuthError`,message:`The incoming callback route handler intercepted a processing execution path where query location search fields are missing vital OAuth spec values ('code' or 'state').`,userMessage:`Expected security parameter state or exchange code is completely missing from request.`},AUTH_MISMATCHING_STATE:{type:`PROTOCOL`,statusCode:400,name:`OAuthError`,message:`CSRF state attack prevented. The 'state' payload value extracted from incoming third-party route query properties doesn't match local session storage values.`,userMessage:`The provided state passed in the OAuth response does not match the stored token state.`},INVALID_OAUTH_PROVIDER_URL_CONFIG:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`A required structural provider URL definition configuration parameter is empty or holds an invalid URI layout inside your provider customization registry.`,userMessage:`The authorization gateway URL setup rule is missing from the custom provider setup object.`},INVALID_OAUTH_PROVIDER_SCHEMA_CONFIG:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The loaded configuration settings array failed standard library schema validation checks against required engine operational footprints.`,userMessage:`The provider context configuration properties failed standard schema verification checks.`},DUPLICATED_OAUTH_PROVIDER_ID:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The registration collection contains duplicate identifier keys. Unique registration indices are mandatory across tracking providers.`,userMessage:`Duplicate identification keys detected in the engine providers registration list.`},INVALID_ENVIRONMENT_CONFIGURATION:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The framework cannot resolve environment credentials for the current provider target. Make sure target system secret variables are configured properly.`,userMessage:`Client identification strings or secret hashes are missing from configuration contexts.`},PKCE_VERIFIER_INVALID:{type:`PROTOCOL`,statusCode:400,name:`OAuthError`,message:`The generated or passed PKCE 'code_verifier' configuration string structure does not fulfill security specification layout rules (must be between 43 and 128 characters long).`,userMessage:`The cryptographic dynamic code verifier does not fit structural specification constraints (43-128 chars).`},AUTH_INVALID_PROXY_HEADERS_CONFIG:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`Security assertion failed during instantiation: 'trustedProxyHeaders' was enabled, but 'trustedOrigins' is completely empty or undefined. Real proxy networks require explicit origin mapping rules to mitigate host-header hijacking and cache-poisoning vectors.`,userMessage:`Internal configuration failure. Enabling trusted proxy headers requires an explicit trusted origins array setup.`},OAUTH_INVALID_CONTENT_TYPE:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The remote identity provider endpoint returned an invalid Content-Type header. Expected 'application/json', but received an incompatible format (e.g., text/html). This usually indicates an upstream server error, proxy block, or provider outage.`,userMessage:`The identity provider returned an unreadable response format. Please try again or check the provider status.`},SCHEMA_INVALID_MODE:{type:`VALIDATION`,statusCode:500,name:`SchemaError`,message:`The identity mapping configuration validation mode string is unsupported. Supported string flags: 'strip', 'passthrough', 'strict', 'partial'.`,userMessage:`Unsupported schema parsing parameters configuration. Options: 'strip', 'passthrough', 'strict', 'partial'.`},SCHEMA_UNSUPPORTED:{type:`VALIDATION`,statusCode:500,name:`SchemaError`,message:`The library failed to find a matching validator compiler module. The custom strategy must inherit from supported engines: Zod, Valibot, Typebox, or Arktype.`,userMessage:`Unsupported structural compilation type. Supported adapters: Zod, Valibot, Typebox, Arktype.`},SCHEMA_PARSER_FAILED:{type:`VALIDATION`,statusCode:500,name:`SchemaError`,message:`The schema validator failed to parse or execute the configured schema. This typically indicates a malformed schema definition or a runtime parser issue inside the selected validation adapter.`,userMessage:`An internal schema parsing error occurred. Please verify your schema configuration and validation adapter setup.`},NETWORK_REQUEST_FAILED:{type:`NETWORK`,statusCode:502,name:`NetworkError`,message:`The internal network wrapper failed to establish a secure HTTP connection handshake with upstream servers or external REST resource targets.`,userMessage:`An internal outgoing transport network execution failed down to external services.`},NETWORK_TIMEOUT:{type:`NETWORK`,statusCode:504,name:`NetworkError`,message:`The external API target connection pool or request fetch signal context exceeded designated millisecond timeout threshold rules without returning headers.`,userMessage:`The network response time tracking expired before receiving data headers.`},OIDC_DISCOVERY_INVALID_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OidcDiscoveryError`,message:`The outbound HTTP request to the OpenID Connect metadata endpoint configuration route returned a non-2xx status code. The response 'ok' field resolved to false.`,userMessage:`The OpenID Connect discovery endpoint rejected the configuration request or is currently unreachable.`},OIDC_DISCOVERY_NETWORK_FAILED:{type:`NETWORK`,statusCode:504,name:`OidcDiscoveryError`,message:`An unhandled transport exception, socket hang-up, or DNS resolution failure occurred while communicating with the remote OIDC identity service provider context.`,userMessage:`A network pipeline failure occurred while discovering configuration metadata properties from the third-party provider.`},OIDC_DISCOVERY_INVALID_FORMAT_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OidcDiscoveryError`,message:`The OIDC discovery endpoint returned a payload structure that could not be parsed as a valid JSON object. The stream processing operation failed.`,userMessage:`The OIDC discovery document format is malformed or corrupted.`},OIDC_DISCOVERY_ISSUER_MISMATCH:{type:`PROTOCOL`,statusCode:502,name:`OidcDiscoveryError`,message:`OIDC metadata validation failed. The 'issuer' URL string returned in the remote discovery document does not exactly match the original provider base configuration URL. Verification stopped to prevent open validation or provider redirection vulnerabilities.`,userMessage:`The identity provider configuration could not be securely verified due to a provider issuer mismatch.`},OIDC_DISCOVERY_INVALID_SCHEMA:{type:`VALIDATION`,statusCode:502,name:`OidcDiscoveryError`,message:`The OIDC discovery document failed structural validation against the OpenID Provider Metadata schema. Required fields may be missing or malformed.`,userMessage:`The identity provider discovery document is invalid or incomplete.`},OIDC_NONCE_MISMATCH:{type:`PROTOCOL`,statusCode:400,name:`OidcIdTokenError`,message:`The nonce claim in the ID Token does not match the nonce value stored during the authorization request. This may indicate a replay attack or session mismatch.`,userMessage:`Authentication failed due to a security validation error. Please sign in again.`},OIDC_ID_TOKEN_INVALID:{type:`PROTOCOL`,statusCode:401,name:`OidcIdTokenError`,message:`The ID Token failed validation. The token may be malformed, expired, or contain invalid claims after signature verification.`,userMessage:`Authentication failed. Please sign in again.`},OIDC_USERINFO_INVALID_SCHEMA:{type:`VALIDATION`,statusCode:502,name:`OidcUserInfoError`,message:`The UserInfo endpoint response failed structural validation against the OpenID Connect standard claims schema.`,userMessage:`The identity provider returned invalid user information.`},OIDC_JWKS_INVALID_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OidcJwksError`,message:`The outbound HTTP request to the JWKS endpoint returned a non-2xx status code or could not be retrieved.`,userMessage:`The identity provider key set could not be retrieved.`},OIDC_JWKS_INVALID_SCHEMA:{type:`VALIDATION`,statusCode:502,name:`OidcJwksError`,message:`The JWKS document failed structural validation against the JSON Web Key Set schema. Required keys array may be missing or malformed.`,userMessage:`The identity provider key set format is invalid.`},OIDC_INVALID_ISSUER_PARAMS:{type:`VALIDATION`,statusCode:502,name:`OIDCInvalidIssuerError`,message:`The configured OpenID Connect issuer parameters are missing or invalid, preventing issuer validation.`,userMessage:`The identity provider configuration is invalid. Please check issuer settings and try again.`}},t=e=>`captureStackTrace`in e&&typeof e.captureStackTrace==`function`;var n=class extends Error{code;type;userMessage;statusCode;constructor({code:n,message:r,cause:i,statusCode:a,userMessage:o}){let s=e[n],c=r??s.message;super(c,{cause:i}),this.name=s.name,this.code=n,this.type=s.type,this.statusCode=a??s.statusCode,this.userMessage=o??s.userMessage,Object.setPrototypeOf(this,new.target.prototype),t(Error)&&Error.captureStackTrace(this,new.target)}toResponse(){return Response.json({type:this.type,code:this.code,message:this.userMessage},{status:this.statusCode,statusText:this.code})}};const r=e=>e instanceof n;export{r as n,n as t};
@@ -0,0 +1 @@
1
+ const e={JWT_EXPIRED:{type:`AUTH_FLOW`,statusCode:401,name:`JwtError`,message:`The provided JSON Web Token has expired based on its 'exp' claim or maxExpiration (mexp) library settings.`,userMessage:`Your session has expired based on its max expiration. Please sign in again.`},JWT_INVALID_SIGNATURE:{type:`AUTH_FLOW`,statusCode:401,name:`JwtError`,message:`The cryptographic signature verification failed. The token token may have been tampered with or signed with an invalid key.`,userMessage:`Authentication failed. Please sign in again.`},JWT_MALFORMED:{type:`VALIDATION`,statusCode:401,name:`JwtError`,message:`The token string does not conform to the standard JWS/JWT three-part structure (header.payload.signature).`,userMessage:`Authentication failed. Please sign in again.`},JWT_ALGORITHM_MISMATCH:{type:`VALIDATION`,statusCode:401,name:`JwtError`,message:`The token header specifies an 'alg' that is not permitted by your local library security configuration restrictions.`,userMessage:`Authentication failed. Please sign in again.`},JWT_KEY_ROTATION_FAILED:{type:`INTERNAL`,statusCode:500,name:`JwtError`,message:`Failed to fetch or parse the remote JSON Web Key Set (JWKS) during an automatic signature key rotation cycle.`,userMessage:`An internal error occurred. Please try again.`},JWT_SEAL_FAILED:{type:`INTERNAL`,statusCode:500,name:`JwtError`,message:`The HKDF key derivation or AES-GCM encryption pipeline failed while trying to encrypt/seal the session payload.`,userMessage:`An internal error occurred. Please try again.`},JWT_UNSEAL_FAILED:{type:`INTERNAL`,statusCode:500,name:`JwtError`,message:`The decryption pattern or integrity authentication tag validation failed during the token unseal execution loop.`,userMessage:`Authentication failed. Please sign in again.`},JWT_INVALID_MODE:{type:`VALIDATION`,statusCode:500,name:`JwtError`,message:`The specified session mode does not match structural constraints. Expected configurations: 'sealed', 'signed', or 'encrypted'.`,userMessage:`Invalid JWT mode configured. Valid options are: 'sealed', 'signed', 'encrypted'.`},CSRF_TOKEN_MISSING:{type:`AUTH_FLOW`,statusCode:403,name:`CsrfError`,message:`State tracking failed because the required CSRF token cookie could not be extracted from incoming request headers.`,userMessage:`The CSRF token is missing. Please refresh and try again.`},CSRF_TOKEN_MISMATCH:{type:`AUTH_FLOW`,statusCode:403,name:`CsrfError`,message:`Security violation: The request payload/header anti-forgery token string does not match the value stored in the secure session cookie.`,userMessage:`CSRF token verification failed. Please refresh and try again.`},CSRF_ORIGIN_REJECTED:{type:`AUTH_FLOW`,statusCode:403,name:`CsrfError`,message:`Cross-Origin request blocked: The incoming Request 'Origin' header does not match the expected application Host or trusted subdomains.`,userMessage:`Request validation failed. Request origin is untrusted.`},CSRF_DOUBLE_SUBMIT_FAILED:{type:`AUTH_FLOW`,statusCode:403,name:`CsrfError`,message:`The state verification engine failed because the custom 'X-CSRF-Token' header was missing from the mutation request parameters.`,userMessage:`The CSRF header is missing. Please refresh and try again.`},SESSION_NOT_FOUND:{type:`AUTH_FLOW`,statusCode:401,name:`SessionError`,message:`The context evaluation phase failed because the target identifier sessionToken could not be pulled from the cookies object context.`,userMessage:`The session token is not found. There is no active session.`},SESSION_EXPIRED:{type:`AUTH_FLOW`,statusCode:401,name:`SessionError`,message:`The user session lifecycle timestamp has exceeded the absolute maximum duration threshold specified in storage settings.`,userMessage:`Your session has expired. Please sign in again.`},SESSION_REVOKED:{type:`AUTH_FLOW`,statusCode:403,name:`SessionError`,message:`The session block execution was aborted because the target token was explicitly blacklisted or flagged as inactive in persistence layer checks.`,userMessage:`Your session has been revoked. Please sign in again.`},SESSION_INVALID:{type:`AUTH_FLOW`,statusCode:401,name:`SessionError`,message:`The framework extracted a session token string, but it failed basic integrity decoding checks or cryptographic signatures.`,userMessage:`The session is not valid. Its signature or decryption parameters failed.`},SESSION_STRATEGY_MISMATCH:{type:`VALIDATION`,statusCode:500,name:`SessionError`,message:`The storage strategy context configuration doesn't align with active adapter engines (e.g. database adapter passed but strategy forced to pure 'jwt').`,userMessage:`The session handling configuration strategy is mismatched.`},SESSION_STORE_UNAVAILABLE:{type:`INTERNAL`,statusCode:503,name:`SessionError`,message:`The backing session persistence manager or distributed key-value store cache failed to respond within operational timeout limits.`,userMessage:`Service temporarily unavailable. Please try again.`},UPDATE_SESSION_INVALID:{type:`AUTH_FLOW`,statusCode:400,name:`SessionError`,message:`The internal call to 'refreshSession' completed, but returned a nullish value, meaning token mutation could not finish cleanly.`,userMessage:`Failed to update session parameters.`},INVALID_SESSION_STRATEGY:{type:`VALIDATION`,statusCode:500,name:`SessionError`,message:`The provided 'session.strategy' option string value is unsupported by the engine runtime core configurations.`,userMessage:`Unknown session strategy configured. Valid options are: 'jwt'.`},COOKIE_NOT_FOUND:{type:`AUTH_FLOW`,statusCode:401,name:`CookieError`,message:`The request pipeline expected parsing access to a 'Cookie' header block, but the raw header property evaluates to undefined.`,userMessage:`No cookies found. There is no active session.`},COOKIE_INVALID_VALUE:{type:`AUTH_FLOW`,statusCode:401,name:`CookieError`,message:`A target cookie identifier was discovered by the parser, but its internal string value payload resolved to blank or nullish data.`,userMessage:`Expected configuration cookie not found or contains an empty value.`},SET_COOKIE_NOT_FOUND:{type:`INTERNAL`,statusCode:500,name:`CookieError`,message:`The outbound Response middleware pipeline completed execution, but no structural 'Set-Cookie' header operations were registered.`,userMessage:`No cookies found in the application response.`},SET_COOKIE_INVALID_VALUE:{type:`INTERNAL`,statusCode:500,name:`CookieError`,message:`The system attempted to assign outbound state, but the generated value parameter evaluation payload returned a nullish value.`,userMessage:`The response cookie update target string has a nullish value.`},AUTH_CREDENTIALS_INVALID:{type:`AUTH_FLOW`,statusCode:401,name:`AuthError`,message:`The custom user 'authorize' handler function returned a nullish profile structure object or explicitly threw a mismatch validation signal.`,userMessage:`The user's session couldn't be established with the provided credentials.`},AUTH_PROVIDER_REJECTED:{type:`PROTOCOL`,statusCode:502,name:`AuthError`,message:`The downstream identity provider rejected verification protocols or explicit request parameters during handshake loops.`,userMessage:`Authentication provider error. Please try again.`},AUTH_CALLBACK_STATE_INVALID:{type:`PROTOCOL`,statusCode:400,name:`AuthError`,message:`The incoming state value from the third-party endpoint query string failed basic framework schema or parsing validations.`,userMessage:`Invalid authentication state. Please try again.`},AUTH_MFA_REQUIRED:{type:`AUTH_FLOW`,statusCode:403,name:`AuthError`,message:`Primary credential step passed, but system identity rules dictate intercepting execution to wait for a Multi-Factor token challenge verification.`,userMessage:`Multi-factor authentication check is required to continue.`},AUTH_MFA_CODE_INVALID:{type:`AUTH_FLOW`,statusCode:401,name:`AuthError`,message:`The custom Multi-Factor authentication TOTP/HOTP or SMS code submission string failed validation verification checks against host rules.`,userMessage:`The multi-factor verification code is invalid.`},USER_CREATION_FAILED:{type:`INTERNAL`,statusCode:500,name:`AuthError`,message:`The custom lifecycle hook 'onCreateUser' aborted execution, thrown exception handling traps, or returned an unexpected null reference mapping.`,userMessage:`Failed to create user account with the provided metadata payload.`},AUTH_BASIC_CREDENTIALS_INVALID:{type:`AUTH_FLOW`,statusCode:401,name:`AuthError`,message:`The HTTP Basic Authentication header failed credential verification. The decoded username and password pair did not match any user records or the authentication provider rejected the credentials.`,userMessage:`The username or password is incorrect. Please verify your credentials and try again.`},CONFIG_INVALID:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The primary configuration object argument failed initial structural layout runtime checks during engine context setups.`,userMessage:`An internal library validation error occurred.`},CONFIG_MISSING_REQUIRED:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`Crucial framework setup options are absent. Verify that required structural fields are present during initialization mappings.`,userMessage:`Required core environment parameters are missing from registration settings.`},CONFIG_BASE_URL_MISSING:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The application base URL could not be resolved from the current runtime configuration.`,userMessage:`The application base URL is missing. Set BASE_URL or provide valid host/proxy headers.`},INVALID_AUTH_CONFIGURATION:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The system cannot establish request resolution routes. Provide a valid 'BASE_URL' system environment configuration value or setup trusted proxy headers.`,userMessage:`The application context URL cannot be constructed. Set BASE_URL or provide proxy host headers.`},INVALID_TRUSTED_ORIGIN:{type:`VALIDATION`,statusCode:400,name:`ConfigError`,message:`The request location context was blocked. The incoming value does not match patterns mapped inside your array configuration rules.`,userMessage:`The incoming ORIGIN is not trusted. Verify your trustedOrigins configuration.`},CLIENT_BASE_URL_MISSING:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The client wrapper utility was instantiated inside a non-browser environment (Server Action, API route, etc.) without providing an explicit 'baseURL' fallback string property.`,userMessage:`baseURL is required when createAuthClient is invoked outside browser environments.`},POTENTIAL_OPEN_REDIRECT_ATTACK_DETECTED:{type:`VALIDATION`,statusCode:400,name:`ConfigError`,message:`The downstream navigation parameter target path evaluation failed security context tracking verification. The destination URL domain is untrusted.`,userMessage:`Invalid redirect path intercepted. Potential open redirect attack detected.`},JOSE_INITIALIZATION_SALT_MISSING:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`Core security initialization failed because both 'AURA_AUTH_SALT' and 'AUTH_SALT' environment string keys are completely missing from runtime access contexts.`,userMessage:`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. Salt required for key derivation.`},JOSE_INITIALIZATION_SECRET_MISSING:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`Core security initialization failed because both 'AURA_AUTH_SECRET' and 'AUTH_SECRET' environment string keys are completely missing from runtime access contexts.`,userMessage:`AURA_AUTH_SECRET environment variable is not set and no fallback secret was provided.`},INVALID_SALT_SECRET_VALUE:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`The extracted salt string parameter does not fit minimum byte length requirements or baseline entropy targets needed for safe PBKDF2 key derivations.`,userMessage:`The encryption salt value must be at least 32 bytes long and meet baseline entropy values.`},INVALID_PEM_KEY_PAIR_MODE_MISMATCH:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`A configuration layout rule conflict was detected. Multiple asymmetric keys were passed but the runtime 'session.mode' parameter was not forced to 'sealed'.`,userMessage:`Multiple PEM Key Pairs found in runtime configurations require 'sealed' JWT mode.`},INVALID_PEM_KEY_PAIR_SINGLE_MISMATCH:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`A configuration layout rule conflict was detected. A single asymmetric key pair structure was loaded but the session processing mode was set to 'sealed'.`,userMessage:`Single PEM key pairs from configurations require 'signed' or 'encrypted' JWT mode.`},UNSUPPORTED_OAUTH_CONFIGURATION:{type:`VALIDATION`,statusCode:400,name:`OAuthError`,message:`An execution request flow was initialized targeting a specific identity provider code string that doesn't exist within initialized provider definitions.`,userMessage:`The targeted OAuth provider has not been configured in the initialization parameters.`},INVALID_ACCESS_TOKEN_OAUTH_CONFIG:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The runtime provider definition block lacks token endpoints, formatting methods, or client routing configurations required for handshake mutations.`,userMessage:`The remote access token exchange profile setup parameters are invalid.`},INVALID_OAUTH_ACCESS_TOKEN_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The outbound HTTP request to the remote identity provider token exchange endpoint failed validation checks. The response 'ok' field resolved to false.`,userMessage:`The authorization server rejected the request during the token exchange handshake.`},INVALID_OAUTH_ACCESS_TOKEN_RES_FORMAT:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The third-party authentication server responded with an HTTP status 200, but the returned data block structure fails schema verification (e.g. missing 'access_token').`,userMessage:`The identity provider token payload did not satisfy standard schema formats.`},INVALID_ACCESS_TOKEN:{type:`PROTOCOL`,statusCode:401,name:`OAuthError`,message:`The external authorization endpoint directly responded with an explicit error code payload parameter during token processing loops.`,userMessage:`Failed to clear identity transport verification down to the provider.`},UNKNOWN_OAUTH_ACCESS_TOKEN_ERROR:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`An unexpected runtime code path crash or unclassified transport exception occurred during the remote provider access token exchange execution flow.`,userMessage:`An unclassified token pipeline failure occurred during third-party processing.`},INVALID_USER_INFO:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The downstream mapping verification phase was aborted because the decoded third-party profile structure does not expose a stable immutable mapping key (id/sub/uid).`,userMessage:`The provider profile identity map did not supply an immutable index key (id/sub/uid).`},INVALID_OAUTH_USER_INFO_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The downstream endpoint fetch request to the provider user profile storage API returned an invalid response code status.`,userMessage:`The resource userInfo target server returned an error code response.`},INVALID_OAUTH_USER_INFO_RES_FORMAT:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The provider profile user data response format did not match semantic JSON object types required for downstream database generation.`,userMessage:`The returned user info profile structure payload is corrupted or unexpected.`},UNKNOWN_OAUTH_USER_INFO_ERROR:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`An unmapped connection trap exploded during asynchronous background operations inside the default profile fetch pipeline routines.`,userMessage:`Failed to communicate clean state down to the user configuration data provider.`},INVALID_CUSTOM_USER_INFO_ERROR:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The host application developer supplied a custom 'profile' mapping block callback method, but the return value runtime resolution returned undefined or threw an error.`,userMessage:`The custom userinfo mapper callback returned an empty payload reference or threw.`},UNKNOWN_CUSTOM_USER_INFO_ERROR:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`An unclassified system runtime breakdown occurred while trying to process data records down inside the developer's user profile normalization routine.`,userMessage:`An internal engine exception stopped custom resource user tracking map executions.`},AUTH_CALLBACK_MISSING_PARAMETERS:{type:`PROTOCOL`,statusCode:400,name:`OAuthError`,message:`The incoming callback route handler intercepted a processing execution path where query location search fields are missing vital OAuth spec values ('code' or 'state').`,userMessage:`Expected security parameter state or exchange code is completely missing from request.`},AUTH_MISMATCHING_STATE:{type:`PROTOCOL`,statusCode:400,name:`OAuthError`,message:`CSRF state attack prevented. The 'state' payload value extracted from incoming third-party route query properties doesn't match local session storage values.`,userMessage:`The provided state passed in the OAuth response does not match the stored token state.`},INVALID_OAUTH_PROVIDER_URL_CONFIG:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`A required structural provider URL definition configuration parameter is empty or holds an invalid URI layout inside your provider customization registry.`,userMessage:`The authorization gateway URL setup rule is missing from the custom provider setup object.`},INVALID_OAUTH_PROVIDER_SCHEMA_CONFIG:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The loaded configuration settings array failed standard library schema validation checks against required engine operational footprints.`,userMessage:`The provider context configuration properties failed standard schema verification checks.`},DUPLICATED_OAUTH_PROVIDER_ID:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The registration collection contains duplicate identifier keys. Unique registration indices are mandatory across tracking providers.`,userMessage:`Duplicate identification keys detected in the engine providers registration list.`},INVALID_ENVIRONMENT_CONFIGURATION:{type:`VALIDATION`,statusCode:500,name:`OAuthError`,message:`The framework cannot resolve environment credentials for the current provider target. Make sure target system secret variables are configured properly.`,userMessage:`Client identification strings or secret hashes are missing from configuration contexts.`},PKCE_VERIFIER_INVALID:{type:`PROTOCOL`,statusCode:400,name:`OAuthError`,message:`The generated or passed PKCE 'code_verifier' configuration string structure does not fulfill security specification layout rules (must be between 43 and 128 characters long).`,userMessage:`The cryptographic dynamic code verifier does not fit structural specification constraints (43-128 chars).`},AUTH_INVALID_PROXY_HEADERS_CONFIG:{type:`VALIDATION`,statusCode:500,name:`ConfigError`,message:`Security assertion failed during instantiation: 'trustedProxyHeaders' was enabled, but 'trustedOrigins' is completely empty or undefined. Real proxy networks require explicit origin mapping rules to mitigate host-header hijacking and cache-poisoning vectors.`,userMessage:`Internal configuration failure. Enabling trusted proxy headers requires an explicit trusted origins array setup.`},OAUTH_INVALID_CONTENT_TYPE:{type:`PROTOCOL`,statusCode:502,name:`OAuthError`,message:`The remote identity provider endpoint returned an invalid Content-Type header. Expected 'application/json', but received an incompatible format (e.g., text/html). This usually indicates an upstream server error, proxy block, or provider outage.`,userMessage:`The identity provider returned an unreadable response format. Please try again or check the provider status.`},SCHEMA_INVALID_MODE:{type:`VALIDATION`,statusCode:500,name:`SchemaError`,message:`The identity mapping configuration validation mode string is unsupported. Supported string flags: 'strip', 'passthrough', 'strict', 'partial'.`,userMessage:`Unsupported schema parsing parameters configuration. Options: 'strip', 'passthrough', 'strict', 'partial'.`},SCHEMA_UNSUPPORTED:{type:`VALIDATION`,statusCode:500,name:`SchemaError`,message:`The library failed to find a matching validator compiler module. The custom strategy must inherit from supported engines: Zod, Valibot, Typebox, or Arktype.`,userMessage:`Unsupported structural compilation type. Supported adapters: Zod, Valibot, Typebox, Arktype.`},SCHEMA_PARSER_FAILED:{type:`VALIDATION`,statusCode:500,name:`SchemaError`,message:`The schema validator failed to parse or execute the configured schema. This typically indicates a malformed schema definition or a runtime parser issue inside the selected validation adapter.`,userMessage:`An internal schema parsing error occurred. Please verify your schema configuration and validation adapter setup.`},NETWORK_REQUEST_FAILED:{type:`NETWORK`,statusCode:502,name:`NetworkError`,message:`The internal network wrapper failed to establish a secure HTTP connection handshake with upstream servers or external REST resource targets.`,userMessage:`An internal outgoing transport network execution failed down to external services.`},NETWORK_TIMEOUT:{type:`NETWORK`,statusCode:504,name:`NetworkError`,message:`The external API target connection pool or request fetch signal context exceeded designated millisecond timeout threshold rules without returning headers.`,userMessage:`The network response time tracking expired before receiving data headers.`},OIDC_DISCOVERY_INVALID_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OidcDiscoveryError`,message:`The outbound HTTP request to the OpenID Connect metadata endpoint configuration route returned a non-2xx status code. The response 'ok' field resolved to false.`,userMessage:`The OpenID Connect discovery endpoint rejected the configuration request or is currently unreachable.`},OIDC_DISCOVERY_NETWORK_FAILED:{type:`NETWORK`,statusCode:504,name:`OidcDiscoveryError`,message:`An unhandled transport exception, socket hang-up, or DNS resolution failure occurred while communicating with the remote OIDC identity service provider context.`,userMessage:`A network pipeline failure occurred while discovering configuration metadata properties from the third-party provider.`},OIDC_DISCOVERY_INVALID_FORMAT_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OidcDiscoveryError`,message:`The OIDC discovery endpoint returned a payload structure that could not be parsed as a valid JSON object. The stream processing operation failed.`,userMessage:`The OIDC discovery document format is malformed or corrupted.`},OIDC_DISCOVERY_ISSUER_MISMATCH:{type:`PROTOCOL`,statusCode:502,name:`OidcDiscoveryError`,message:`OIDC metadata validation failed. The 'issuer' URL string returned in the remote discovery document does not exactly match the original provider base configuration URL. Verification stopped to prevent open validation or provider redirection vulnerabilities.`,userMessage:`The identity provider configuration could not be securely verified due to a provider issuer mismatch.`},OIDC_DISCOVERY_INVALID_SCHEMA:{type:`VALIDATION`,statusCode:502,name:`OidcDiscoveryError`,message:`The OIDC discovery document failed structural validation against the OpenID Provider Metadata schema. Required fields may be missing or malformed.`,userMessage:`The identity provider discovery document is invalid or incomplete.`},OIDC_NONCE_MISMATCH:{type:`PROTOCOL`,statusCode:400,name:`OidcIdTokenError`,message:`The nonce claim in the ID Token does not match the nonce value stored during the authorization request. This may indicate a replay attack or session mismatch.`,userMessage:`Authentication failed due to a security validation error. Please sign in again.`},OIDC_ID_TOKEN_INVALID:{type:`PROTOCOL`,statusCode:401,name:`OidcIdTokenError`,message:`The ID Token failed validation. The token may be malformed, expired, or contain invalid claims after signature verification.`,userMessage:`Authentication failed. Please sign in again.`},OIDC_USERINFO_INVALID_SCHEMA:{type:`VALIDATION`,statusCode:502,name:`OidcUserInfoError`,message:`The UserInfo endpoint response failed structural validation against the OpenID Connect standard claims schema.`,userMessage:`The identity provider returned invalid user information.`},OIDC_JWKS_INVALID_RESPONSE:{type:`PROTOCOL`,statusCode:502,name:`OidcJwksError`,message:`The outbound HTTP request to the JWKS endpoint returned a non-2xx status code or could not be retrieved.`,userMessage:`The identity provider key set could not be retrieved.`},OIDC_JWKS_INVALID_SCHEMA:{type:`VALIDATION`,statusCode:502,name:`OidcJwksError`,message:`The JWKS document failed structural validation against the JSON Web Key Set schema. Required keys array may be missing or malformed.`,userMessage:`The identity provider key set format is invalid.`},OIDC_INVALID_ISSUER_PARAMS:{type:`VALIDATION`,statusCode:502,name:`OIDCInvalidIssuerError`,message:`The configured OpenID Connect issuer parameters are missing or invalid, preventing issuer validation.`,userMessage:`The identity provider configuration is invalid. Please check issuer settings and try again.`}},t=e=>`captureStackTrace`in e&&typeof e.captureStackTrace==`function`;var n=class extends Error{code;type;userMessage;statusCode;constructor({code:n,message:r,cause:i,statusCode:a,userMessage:o}){let s=e[n],c=r??s.message;super(c,{cause:i}),this.name=s.name,this.code=n,this.type=s.type,this.statusCode=a??s.statusCode,this.userMessage=o??s.userMessage,Object.setPrototypeOf(this,new.target.prototype),t(Error)&&Error.captureStackTrace(this,new.target)}toResponse(){return Response.json({type:this.type,code:this.code,message:this.userMessage},{status:this.statusCode,statusText:this.code})}};const r=e=>e instanceof n;Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return n}});
@@ -0,0 +1 @@
1
+ const e=async(e,t={},n=5e3)=>{let r=new AbortController,i=setTimeout(()=>r.abort(),n);return await fetch(e,{...t,signal:r.signal}).finally(()=>clearTimeout(i))};export{e as t};
@@ -0,0 +1 @@
1
+ const e=async(e,t={},n=5e3)=>{let r=new AbortController,i=setTimeout(()=>r.abort(),n);return await fetch(e,{...t,signal:r.signal}).finally(()=>clearTimeout(i))};Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return e}});
@@ -1 +1 @@
1
- var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object.prototype.hasOwnProperty,o=(e,i,o,s)=>{if(i&&typeof i==`object`||typeof i==`function`)for(var c=r(i),l=0,u=c.length,d;l<u;l++)d=c[l],!a.call(e,d)&&d!==o&&t(e,d,{get:(e=>i[e]).bind(null,d),enumerable:!(s=n(i,d))||s.enumerable});return e},s=(n,r,a)=>(a=n==null?{}:e(i(n)),o(r||!n||!n.__esModule?t(a,`default`,{value:n,enumerable:!0}):a,n));const c=require(`./assert-DaZSf4SH.cjs`);let l=require(`zod/v4`),u=require(`arktype`),d=require(`typebox`),f=require(`valibot`);f=s(f,1);const p=l.z.object({sub:l.z.string(),name:l.z.string().nullable().optional(),image:l.z.string().nullable().optional(),email:l.z.email().nullable().optional()}),m=f.object({sub:f.string(),name:f.optional(f.nullable(f.string())),image:f.optional(f.nullable(f.string())),email:f.optional(f.nullable(f.pipe(f.string(),f.email())))}),h=(0,u.type)({sub:`string`,name:`string | null?`,image:`string | null?`,email:`string.email | null?`}),g=d.Type.Object({sub:d.Type.String(),name:d.Type.Optional(d.Type.Union([d.Type.String(),d.Type.Null()])),image:d.Type.Optional(d.Type.Union([d.Type.String(),d.Type.Null()])),email:d.Type.Optional(d.Type.Union([d.Type.String({format:`email`}),d.Type.Null()]))}),_=e=>c.t(e)?e:c.g(e)?f.object(e):c.y(e)?l.z.object(e):c.h(e)?d.Type.Object(e):l.z.object(e);Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return p}});
1
+ var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object.prototype.hasOwnProperty,o=(e,i,o,s)=>{if(i&&typeof i==`object`||typeof i==`function`)for(var c=r(i),l=0,u=c.length,d;l<u;l++)d=c[l],!a.call(e,d)&&d!==o&&t(e,d,{get:(e=>i[e]).bind(null,d),enumerable:!(s=n(i,d))||s.enumerable});return e},s=(n,r,a)=>(a=n==null?{}:e(i(n)),o(r||!n||!n.__esModule?t(a,`default`,{value:n,enumerable:!0}):a,n));const c=require(`./crypto-Da-Q8hsP.cjs`);let l=require(`zod/v4`),u=require(`arktype`),d=require(`typebox`),f=require(`valibot`);f=s(f,1);const p=l.z.object({sub:l.z.string(),name:l.z.string().nullable().optional(),image:l.z.string().nullable().optional(),email:l.z.email().nullable().optional()}),m=f.object({sub:f.string(),name:f.optional(f.nullable(f.string())),image:f.optional(f.nullable(f.string())),email:f.optional(f.nullable(f.pipe(f.string(),f.email())))}),h=(0,u.type)({sub:`string`,name:`string | null?`,image:`string | null?`,email:`string.email | null?`}),g=d.Type.Object({sub:d.Type.String(),name:d.Type.Optional(d.Type.Union([d.Type.String(),d.Type.Null()])),image:d.Type.Optional(d.Type.Union([d.Type.String(),d.Type.Null()])),email:d.Type.Optional(d.Type.Union([d.Type.String({format:`email`}),d.Type.Null()]))}),_=e=>c.f(e)?e:c.v(e)?f.object(e):c.x(e)?l.z.object(e):c._(e)?d.Type.Object(e):l.z.object(e);Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return p}});