@aura-stack/auth 0.7.2 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/@types/index.cjs +1 -1
- package/dist/@types/index.d.ts +2 -2
- package/dist/@types/index.js +1 -1
- package/dist/client/index.cjs +1 -1
- package/dist/client/index.d.ts +3 -2
- package/dist/client/index.js +1 -1
- package/dist/crypto-BRrGB5wn.js +3 -0
- package/dist/crypto-Da-Q8hsP.cjs +3 -0
- package/dist/errors-BWpHquVG.js +1 -0
- package/dist/errors-BiBhdux1.cjs +1 -0
- package/dist/fetch-async-DL6uySSm.js +1 -0
- package/dist/fetch-async-DlbcIcRD.cjs +1 -0
- package/dist/{identity-n3aahaEr.cjs → identity-CAygUyH6.cjs} +1 -1
- package/dist/{index-1ADcIVGC.d.ts → index-DIcbmH1M.d.ts} +1050 -285
- package/dist/index.cjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/dist/{logger-BfUjjtxf.js → logger-BleaYLUV.js} +1 -1
- package/dist/{logger-CVwkloPj.cjs → logger-DL-kEECn.cjs} +1 -1
- package/dist/oauth/atlassian.d.ts +1 -1
- package/dist/oauth/authentik.cjs +1 -0
- package/dist/oauth/authentik.d.ts +2 -0
- package/dist/oauth/authentik.js +1 -0
- package/dist/oauth/bitbucket.d.ts +1 -1
- package/dist/oauth/click-up.d.ts +1 -1
- package/dist/oauth/discord.d.ts +1 -1
- package/dist/oauth/dribbble.d.ts +1 -1
- package/dist/oauth/dropbox.d.ts +1 -1
- package/dist/oauth/figma.d.ts +1 -1
- package/dist/oauth/github.d.ts +1 -1
- package/dist/oauth/gitlab.d.ts +1 -1
- package/dist/oauth/google.cjs +1 -0
- package/dist/oauth/google.d.ts +2 -0
- package/dist/oauth/google.js +1 -0
- package/dist/oauth/hubspot.cjs +1 -0
- package/dist/oauth/hubspot.d.ts +2 -0
- package/dist/oauth/hubspot.js +1 -0
- package/dist/oauth/huggingface.cjs +1 -0
- package/dist/oauth/huggingface.d.ts +2 -0
- package/dist/oauth/huggingface.js +1 -0
- package/dist/oauth/index.cjs +1 -1
- package/dist/oauth/index.d.ts +2 -2
- package/dist/oauth/index.js +1 -1
- package/dist/oauth/mailchimp.d.ts +1 -1
- package/dist/oauth/notion.cjs +1 -1
- package/dist/oauth/notion.d.ts +1 -1
- package/dist/oauth/notion.js +1 -1
- package/dist/oauth/pinterest.d.ts +1 -1
- package/dist/oauth/spotify.d.ts +1 -1
- package/dist/oauth/strava.d.ts +1 -1
- package/dist/oauth/twitch.d.ts +1 -1
- package/dist/oauth/x.d.ts +1 -1
- package/dist/resolve-provider-C_clBCRg.cjs +1 -0
- package/dist/resolve-provider-CaDu98x6.js +1 -0
- package/dist/shared/crypto.cjs +1 -1
- package/dist/shared/crypto.d.ts +2 -2
- package/dist/shared/crypto.js +1 -1
- package/dist/shared/identity.cjs +1 -1
- package/dist/shared/identity.d.ts +1 -1
- package/dist/shared/identity.js +1 -1
- package/dist/shared/index.cjs +1 -1
- package/dist/shared/index.d.ts +16 -2
- package/dist/shared/index.js +1 -1
- package/package.json +5 -4
- package/dist/assert-DaZSf4SH.cjs +0 -3
- package/dist/assert-av6s0a6t.js +0 -3
- package/dist/crypto-BF4ETYC9.cjs +0 -1
- package/dist/crypto-D6aq4c8x.js +0 -1
- package/dist/errors-Czt_w1t_.js +0 -1
- package/dist/errors-DcK2ELlk.cjs +0 -1
package/dist/oauth/strava.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Dr as SummaryGear, Er as SummaryClub, Or as strava, Tr as StravaProfile } from "../index-DIcbmH1M.js";
|
|
2
2
|
export { StravaProfile, SummaryClub, SummaryGear, strava };
|
package/dist/oauth/twitch.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { vr as TwitchProfile, yr as twitch } from "../index-DIcbmH1M.js";
|
|
2
2
|
export { TwitchProfile, twitch };
|
package/dist/oauth/x.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Ar as x, kr as XProfile } from "../index-DIcbmH1M.js";
|
|
2
2
|
export { XProfile, x };
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
const e=require(`./errors-BiBhdux1.cjs`),t=require(`./env-BhQ2k7jj.cjs`),n=require(`./crypto-Da-Q8hsP.cjs`),r=require(`./fetch-async-DlbcIcRD.cjs`),i=require(`./@types/index.cjs`),a=require(`./oauth/github.cjs`),o=require(`./oauth/bitbucket.cjs`),s=require(`./oauth/figma.cjs`),c=require(`./oauth/discord.cjs`),l=require(`./oauth/gitlab.cjs`),u=require(`./oauth/spotify.cjs`),d=require(`./oauth/x.cjs`),f=require(`./oauth/strava.cjs`),p=require(`./oauth/mailchimp.cjs`),m=require(`./oauth/pinterest.cjs`),h=require(`./oauth/twitch.cjs`),g=require(`./oauth/notion.cjs`),_=require(`./oauth/dropbox.cjs`),v=require(`./oauth/atlassian.cjs`),y=require(`./oauth/click-up.cjs`),b=require(`./oauth/dribbble.cjs`),x=require(`./oauth/hubspot.cjs`),S=require(`./oauth/google.cjs`),C=require(`./oauth/huggingface.cjs`),w=require(`./oauth/authentik.cjs`),T=e=>e.replace(/\/$/,``),E=async t=>{let a;try{a=await r.t(`${T(t)}/.well-known/openid-configuration`,{headers:{Accept:`application/json`}}),n.d(a)}catch(t){throw new e.t({code:`OIDC_DISCOVERY_NETWORK_FAILED`,cause:t})}if(!a.ok)throw new e.t({code:`OIDC_DISCOVERY_INVALID_RESPONSE`});let o;try{o=await a.json()}catch(t){throw new e.t({code:`OIDC_DISCOVERY_INVALID_FORMAT_RESPONSE`,cause:t})}let s=i.f.safeParse(o);if(!s.success)throw new e.t({code:`OIDC_DISCOVERY_INVALID_SCHEMA`,cause:s.error});let c=s.data;if(T(c.issuer)!==T(t))throw new e.t({code:`OIDC_DISCOVERY_ISSUER_MISMATCH`});return c},D={github:a.github,bitbucket:o.bitbucket,figma:s.figma,discord:c.discord,gitlab:l.gitlab,spotify:u.spotify,x:d.x,strava:f.strava,mailchimp:p.mailchimp,pinterest:m.pinterest,twitch:h.twitch,notion:g.notion,dropbox:_.dropbox,atlassian:v.atlassian,clickUp:y.clickUp,dribbble:b.dribbble,hubspot:x.hubspot,google:S.google,huggingface:C.huggingface,authentik:w.authentik},O=n=>{let r=i.s.safeParse({clientId:t.n(`${n.replace(`-`,`_`).toUpperCase()}_CLIENT_ID`),clientSecret:t.n(`${n.replace(`-`,`_`).toUpperCase()}_CLIENT_SECRET`)});if(!r.success)throw new e.t({code:`INVALID_ENVIRONMENT_CONFIGURATION`,cause:r.error});return r.data},k=e=>typeof e==`object`&&`issuer`in e&&!(`accessToken`in e),A=(t,n)=>t.replace(/(^|\/):([A-Za-z_][A-Za-z0-9_]*)/g,(t,r,i)=>{let a=n[i];if(a==null)throw new e.t({code:`OIDC_INVALID_ISSUER_PARAMS`});return`${r}${encodeURIComponent(String(a))}`}),j=t=>{let n=i.p.safeParse(t);if(!n.success)throw new e.t({code:`INVALID_OAUTH_PROVIDER_SCHEMA_CONFIG`,cause:n.error});let r=!t.clientId||!t.clientSecret?O(t.id):void 0;return t.issuer=A(t.issuer,t),R(t,{clientId:t.clientId||r.clientId,clientSecret:t.clientSecret||r.clientSecret})},M=t=>{if(typeof t==`string`){let n=O(t),r=D[t](),a=i.l.safeParse({...r,...n});if(!a.success){let t=i.p.safeParse({...r,...n});if(t.success)return j(t.data);throw new e.t({code:`INVALID_OAUTH_PROVIDER_SCHEMA_CONFIG`,cause:a.error})}return a.data}if(k(t))return j(t);let n=t.clientId&&t.clientSecret?{}:O(t.id),r=i.l.safeParse({...n,...t});if(!r.success)throw new e.t({code:`INVALID_OAUTH_PROVIDER_SCHEMA_CONFIG`,cause:r.error});return r.data},N=(t=[])=>t.reduce((t,n)=>{let r=M(n);if(r.id in t)throw new e.t({code:`DUPLICATED_OAUTH_PROVIDER_ID`,cause:Error(`Duplicate OAuth provider id "${r.id}" found. Each provider must have a unique id.`)});return{...t,[r.id]:r}},{}),P=`openid profile email`,F=new Map,I=e=>e.oidc!==void 0,L=async e=>{let t=F.get(e.id);if(t)return t;let n=e.oidc?.issuer;if(!n)throw Error(`OIDC provider is missing issuer configuration: `+e.id);n=A(n,e);let r=await E(n),i=typeof e.authorize==`object`&&e.authorize.params?.scope?e.authorize.params.scope:P,a={...e,clientId:e.clientId,clientSecret:e.clientSecret,authorize:{url:r.authorization_endpoint,params:{responseType:`code`,scope:i}},accessToken:r.token_endpoint,userInfo:r.userinfo_endpoint,oidc:{issuer:r.issuer,jwks_uri:r.jwks_uri}};return F.set(e.id,a),a},R=(e,t)=>{let n=e.scope??P;return{id:e.id,name:e.name,clientId:t.clientId,clientSecret:t.clientSecret,profile:e.profile,authorize:{url:``,params:{responseType:`code`,scope:n}},accessToken:``,userInfo:``,oidc:{issuer:A(e.issuer,e)}}};Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return j}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return N}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return L}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return A}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return D}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return T}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return I}});
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{t as e}from"./errors-BWpHquVG.js";import{n as t}from"./env-BG1x-kSX.js";import{f as n}from"./crypto-BRrGB5wn.js";import{t as r}from"./fetch-async-DL6uySSm.js";import{f as i,l as a,p as o,s}from"./@types/index.js";import{github as c}from"./oauth/github.js";import{bitbucket as l}from"./oauth/bitbucket.js";import{figma as u}from"./oauth/figma.js";import{discord as d}from"./oauth/discord.js";import{gitlab as f}from"./oauth/gitlab.js";import{spotify as p}from"./oauth/spotify.js";import{x as m}from"./oauth/x.js";import{strava as h}from"./oauth/strava.js";import{mailchimp as g}from"./oauth/mailchimp.js";import{pinterest as _}from"./oauth/pinterest.js";import{twitch as v}from"./oauth/twitch.js";import{notion as y}from"./oauth/notion.js";import{dropbox as b}from"./oauth/dropbox.js";import{atlassian as x}from"./oauth/atlassian.js";import{clickUp as S}from"./oauth/click-up.js";import{dribbble as C}from"./oauth/dribbble.js";import{hubspot as w}from"./oauth/hubspot.js";import{google as T}from"./oauth/google.js";import{huggingface as E}from"./oauth/huggingface.js";import{authentik as D}from"./oauth/authentik.js";const O=e=>e.replace(/\/$/,``),k=async t=>{let a;try{a=await r(`${O(t)}/.well-known/openid-configuration`,{headers:{Accept:`application/json`}}),n(a)}catch(t){throw new e({code:`OIDC_DISCOVERY_NETWORK_FAILED`,cause:t})}if(!a.ok)throw new e({code:`OIDC_DISCOVERY_INVALID_RESPONSE`});let o;try{o=await a.json()}catch(t){throw new e({code:`OIDC_DISCOVERY_INVALID_FORMAT_RESPONSE`,cause:t})}let s=i.safeParse(o);if(!s.success)throw new e({code:`OIDC_DISCOVERY_INVALID_SCHEMA`,cause:s.error});let c=s.data;if(O(c.issuer)!==O(t))throw new e({code:`OIDC_DISCOVERY_ISSUER_MISMATCH`});return c},A={github:c,bitbucket:l,figma:u,discord:d,gitlab:f,spotify:p,x:m,strava:h,mailchimp:g,pinterest:_,twitch:v,notion:y,dropbox:b,atlassian:x,clickUp:S,dribbble:C,hubspot:w,google:T,huggingface:E,authentik:D},j=n=>{let r=s.safeParse({clientId:t(`${n.replace(`-`,`_`).toUpperCase()}_CLIENT_ID`),clientSecret:t(`${n.replace(`-`,`_`).toUpperCase()}_CLIENT_SECRET`)});if(!r.success)throw new e({code:`INVALID_ENVIRONMENT_CONFIGURATION`,cause:r.error});return r.data},M=e=>typeof e==`object`&&`issuer`in e&&!(`accessToken`in e),N=(t,n)=>t.replace(/(^|\/):([A-Za-z_][A-Za-z0-9_]*)/g,(t,r,i)=>{let a=n[i];if(a==null)throw new e({code:`OIDC_INVALID_ISSUER_PARAMS`});return`${r}${encodeURIComponent(String(a))}`}),P=t=>{let n=o.safeParse(t);if(!n.success)throw new e({code:`INVALID_OAUTH_PROVIDER_SCHEMA_CONFIG`,cause:n.error});let r=!t.clientId||!t.clientSecret?j(t.id):void 0;return t.issuer=N(t.issuer,t),V(t,{clientId:t.clientId||r.clientId,clientSecret:t.clientSecret||r.clientSecret})},F=t=>{if(typeof t==`string`){let n=j(t),r=A[t](),i=a.safeParse({...r,...n});if(!i.success){let t=o.safeParse({...r,...n});if(t.success)return P(t.data);throw new e({code:`INVALID_OAUTH_PROVIDER_SCHEMA_CONFIG`,cause:i.error})}return i.data}if(M(t))return P(t);let n=t.clientId&&t.clientSecret?{}:j(t.id),r=a.safeParse({...n,...t});if(!r.success)throw new e({code:`INVALID_OAUTH_PROVIDER_SCHEMA_CONFIG`,cause:r.error});return r.data},I=(t=[])=>t.reduce((t,n)=>{let r=F(n);if(r.id in t)throw new e({code:`DUPLICATED_OAUTH_PROVIDER_ID`,cause:Error(`Duplicate OAuth provider id "${r.id}" found. Each provider must have a unique id.`)});return{...t,[r.id]:r}},{}),L=`openid profile email`,R=new Map,z=e=>e.oidc!==void 0,B=async e=>{let t=R.get(e.id);if(t)return t;let n=e.oidc?.issuer;if(!n)throw Error(`OIDC provider is missing issuer configuration: `+e.id);n=N(n,e);let r=await k(n),i=typeof e.authorize==`object`&&e.authorize.params?.scope?e.authorize.params.scope:L,a={...e,clientId:e.clientId,clientSecret:e.clientSecret,authorize:{url:r.authorization_endpoint,params:{responseType:`code`,scope:i}},accessToken:r.token_endpoint,userInfo:r.userinfo_endpoint,oidc:{issuer:r.issuer,jwks_uri:r.jwks_uri}};return R.set(e.id,a),a},V=(e,t)=>{let n=e.scope??L;return{id:e.id,name:e.name,clientId:t.clientId,clientSecret:t.clientSecret,profile:e.profile,authorize:{url:``,params:{responseType:`code`,scope:n}},accessToken:``,userInfo:``,oidc:{issuer:N(e.issuer,e)}}};export{P as a,I as i,B as n,N as o,A as r,O as s,z as t};
|
package/dist/shared/crypto.cjs
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`}),require(`../identity-CAygUyH6.cjs`);const e=require(`../crypto-Da-Q8hsP.cjs`);let t=require(`@aura-stack/jose/jose`);exports.createCSRF=e.t,exports.createHash=e.n,Object.defineProperty(exports,`createKeyPair`,{enumerable:!0,get:function(){return t.generateKeyPair}}),exports.createPKCE=e.r,exports.createSecretValue=e.i,exports.exportJWKKeyPair=e.a,exports.hashPassword=e.o,exports.importPEMKeyPair=e.s,exports.verifyCSRF=e.c,exports.verifyPassword=e.l;
|
package/dist/shared/crypto.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Lt as JoseInstance, Tt as AuthRuntimeConfig, _n as AsymmetricKeyPairFromEnv, zn as User } from "../index-DIcbmH1M.js";
|
|
2
2
|
import * as _$_aura_stack_jose_jose0 from "@aura-stack/jose/jose";
|
|
3
3
|
import { GenerateKeyPairOptions, generateKeyPair as createKeyPair } from "@aura-stack/jose/jose";
|
|
4
4
|
|
|
@@ -33,7 +33,7 @@ declare const verifyCSRF: <DefaultUser extends User = User>(jose: JoseInstance<D
|
|
|
33
33
|
*
|
|
34
34
|
* @param password - The password to hash.
|
|
35
35
|
* @param salt - Optional salt (base64url encoded). If not provided, a random salt will be generated.
|
|
36
|
-
* @param iterations - The number of PBKDF2 iterations. Default is
|
|
36
|
+
* @param iterations - The number of PBKDF2 iterations. Default is 600,000.
|
|
37
37
|
* @returns The hashed password in the format `iterations:salt:hash` (all segments base64url encoded).
|
|
38
38
|
*/
|
|
39
39
|
declare const hashPassword: (password: string, salt?: string, iterations?: number) => Promise<string>;
|
package/dist/shared/crypto.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{a as e,c as t,i as n,l as r,n as i,o as a,r as o,s,t as c,u as l}from"../crypto-
|
|
1
|
+
import{a as e,c as t,i as n,l as r,n as i,o as a,r as o,s,t as c,u as l}from"../crypto-BRrGB5wn.js";export{c as createCSRF,i as createHash,o as createKeyPair,n as createPKCE,e as createSecretValue,a as exportJWKKeyPair,s as hashPassword,t as importPEMKeyPair,r as verifyCSRF,l as verifyPassword};
|
package/dist/shared/identity.cjs
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../identity-
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../identity-CAygUyH6.cjs`);exports.UserIdentity=e.t,exports.UserIdentityArkType=e.n,exports.UserIdentityTypeBox=e.r,exports.UserIdentityValibot=e.i,exports.createIdentity=e.a;
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import { $ as
|
|
1
|
+
import { $r as UserIdentityTypeBox, Jr as IsValibot, Kr as Identities, Q as EditableShape, Qr as UserIdentityArkType, Xr as SchemaTypes, Yr as IsZod, Zr as UserIdentity, _t as TypeboxShapeToObject, ai as createIdentity, at as FromShapeToObject, ct as InferUser, ei as UserIdentityValibot, gt as SessionFrom, ii as UserShapeValibot, lt as InferZodShape, ni as UserShapeArkType, ot as InferSession, q as ArktypeShapeToObject, qr as IsArkType, ri as UserShapeTypeBox, ti as UserShape, vt as UserFrom, xt as ZodShapeToObject, yt as ValibotShapeToObject } from "../index-DIcbmH1M.js";
|
|
2
2
|
export { ArktypeShapeToObject, EditableShape, FromShapeToObject, Identities, InferSession, InferUser, InferZodShape, IsArkType, IsValibot, IsZod, SchemaTypes, SessionFrom, TypeboxShapeToObject, UserFrom, UserIdentity, UserIdentityArkType, UserIdentityTypeBox, UserIdentityValibot, UserShape, UserShapeArkType, UserShapeTypeBox, UserShapeValibot, ValibotShapeToObject, ZodShapeToObject, createIdentity };
|
package/dist/shared/identity.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{
|
|
1
|
+
import{S as e,p as t,v as n,y as r}from"../crypto-BRrGB5wn.js";import{z as i}from"zod/v4";import{type as a}from"arktype";import{Type as o}from"typebox";import*as s from"valibot";const c=i.object({sub:i.string(),name:i.string().nullable().optional(),image:i.string().nullable().optional(),email:i.email().nullable().optional()}),l=s.object({sub:s.string(),name:s.optional(s.nullable(s.string())),image:s.optional(s.nullable(s.string())),email:s.optional(s.nullable(s.pipe(s.string(),s.email())))}),u=a({sub:`string`,name:`string | null?`,image:`string | null?`,email:`string.email | null?`}),d=o.Object({sub:o.String(),name:o.Optional(o.Union([o.String(),o.Null()])),image:o.Optional(o.Union([o.String(),o.Null()])),email:o.Optional(o.Union([o.String({format:`email`}),o.Null()]))}),f=a=>t(a)?a:r(a)?s.object(a):e(a)?i.object(a):n(a)?o.Object(a):i.object(a);export{c as UserIdentity,u as UserIdentityArkType,d as UserIdentityTypeBox,l as UserIdentityValibot,f as createIdentity};
|
package/dist/shared/index.cjs
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../
|
|
1
|
+
Object.defineProperty(exports,Symbol.toStringTag,{value:`Module`});const e=require(`../crypto-Da-Q8hsP.cjs`),t=require(`../fetch-async-DlbcIcRD.cjs`),n=require(`../logger-DL-kEECn.cjs`);exports.createBasicAuthHeader=e.w,exports.createSyslogMessage=n.n,exports.fetchAsync=t.t;
|
package/dist/shared/index.d.ts
CHANGED
|
@@ -1,5 +1,19 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Gr as createSyslogMessage } from "../index-DIcbmH1M.js";
|
|
2
|
+
|
|
2
3
|
//#region src/shared/utils.d.ts
|
|
3
4
|
declare const createBasicAuthHeader: (username: string, password: string) => string;
|
|
4
5
|
//#endregion
|
|
5
|
-
|
|
6
|
+
//#region src/shared/fetch-async.d.ts
|
|
7
|
+
/**
|
|
8
|
+
* Fetches a resource with a timeout mechanism.
|
|
9
|
+
*
|
|
10
|
+
* @param url - The URL or Request object to fetch
|
|
11
|
+
* @param options - Optional RequestInit configuration object
|
|
12
|
+
* @param timeout - Timeout duration in milliseconds (default: 5000ms)
|
|
13
|
+
* @returns A promise that resolves to the Response object
|
|
14
|
+
* @example
|
|
15
|
+
* const response = await fetchAsync('https://api.example.com/data', {}, 3000);
|
|
16
|
+
*/
|
|
17
|
+
declare const fetchAsync: (url: string | Request, options?: RequestInit, timeout?: number) => Promise<Response>;
|
|
18
|
+
//#endregion
|
|
19
|
+
export { createBasicAuthHeader, createSyslogMessage, fetchAsync };
|
package/dist/shared/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
import{
|
|
1
|
+
import{T as e}from"../crypto-BRrGB5wn.js";import{t}from"../fetch-async-DL6uySSm.js";import{n}from"../logger-BleaYLUV.js";export{e as createBasicAuthHeader,n as createSyslogMessage,t as fetchAsync};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aura-stack/auth",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.8.0",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"description": "Open-source authentication and authorization library for modern TypeScript and JavaScript applications. Framework-agnostic, runtime-agnostic and built on web standards.",
|
|
@@ -89,15 +89,16 @@
|
|
|
89
89
|
},
|
|
90
90
|
"license": "MIT",
|
|
91
91
|
"dependencies": {
|
|
92
|
-
"@aura-stack/router": "^0.
|
|
92
|
+
"@aura-stack/router": "^0.9.0",
|
|
93
93
|
"arktype": "^2.2.0",
|
|
94
94
|
"typebox": "^1.1.38",
|
|
95
95
|
"valibot": "^1.4.0",
|
|
96
96
|
"zod": "4.3.5",
|
|
97
|
-
"@aura-stack/jose": "0.6.0"
|
|
97
|
+
"@aura-stack/jose": "0.6.0",
|
|
98
|
+
"@aura-stack/rate-limiter": "0.0.0"
|
|
98
99
|
},
|
|
99
100
|
"devDependencies": {
|
|
100
|
-
"typescript": "^5.9.
|
|
101
|
+
"typescript": "^5.9.3",
|
|
101
102
|
"vitest": "4.1.4",
|
|
102
103
|
"@aura-stack/tsdown-config": "0.0.0",
|
|
103
104
|
"@aura-stack/tsconfig": "0.0.0"
|
package/dist/assert-DaZSf4SH.cjs
DELETED
|
@@ -1,3 +0,0 @@
|
|
|
1
|
-
require(`./identity-n3aahaEr.cjs`);const e=require(`./errors-DcK2ELlk.cjs`),t=require(`./env-BhQ2k7jj.cjs`);require(`arktype`),require(`typebox`);let n=require(`@aura-stack/jose/crypto`);const r=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,i=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},a=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),o=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},s=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,c=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},l=(e,t)=>{let r=n.encoder.encode(e),i=n.encoder.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},u=(r,i)=>{let a=t.n(r)??r,o=t.n(i)??i;if(!a||!o)throw new e.n(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encoder.encode(s)));return`Basic ${btoa(c)}`},d=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),f=[`<`,`>`,`"`,"`",` `,`\r`,`
|
|
2
|
-
`,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
|
|
3
|
-
`,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],p=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of f)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},m=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,h=e=>{if(e.length>100)return!1;for(let t of f)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},g=(e,t)=>{let n=new URL(e),i=new URL(t);return r(n.origin,i.origin)},_=(e,t)=>{if(!p(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(c(e)?.test(n))return!0;try{if(p(e)&&r(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},v=e=>e?.jwt?.mode??`sealed`,y=e=>v(e)===`signed`,b=e=>v(e)===`encrypted`,x=e=>v(e)===`sealed`,S=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,C=e=>typeof e==`object`&&!!e&&`algorithm`in e&&`extractable`in e,w=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,T=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&(C(e.sign)||S(e.sign))&&(C(e.encrypt)||S(e.encrypt)),E=e=>typeof e==`string`&&/-----BEGIN (PUBLIC|PRIVATE) KEY-----/.test(e),D=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e&&E(e.publicKey)&&E(e.privateKey),O=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&D(e.sign)&&D(e.encrypt),k=e=>typeof e==`object`&&!!e&&`~run`in e&&typeof e[`~run`]==`function`,A=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).length>0&&Object.values(e).every(k),j=e=>typeof e==`object`&&!!e&&`_def`in e,M=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(j),N=e=>typeof e==`function`&&e!==null&&`allows`in e&&`assert`in e,P=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(e=>typeof e==`object`&&`type`in e);Object.defineProperty(exports,`A`,{enumerable:!0,get:function(){return d}}),Object.defineProperty(exports,`C`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`D`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`E`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`O`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`S`,{enumerable:!0,get:function(){return u}}),Object.defineProperty(exports,`T`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`_`,{enumerable:!0,get:function(){return k}}),Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`b`,{enumerable:!0,get:function(){return j}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return w}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return g}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`g`,{enumerable:!0,get:function(){return A}}),Object.defineProperty(exports,`h`,{enumerable:!0,get:function(){return P}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return T}}),Object.defineProperty(exports,`k`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return D}}),Object.defineProperty(exports,`m`,{enumerable:!0,get:function(){return _}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return C}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return O}}),Object.defineProperty(exports,`p`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return S}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return N}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return h}}),Object.defineProperty(exports,`v`,{enumerable:!0,get:function(){return p}}),Object.defineProperty(exports,`w`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`x`,{enumerable:!0,get:function(){return`0.5.0`}}),Object.defineProperty(exports,`y`,{enumerable:!0,get:function(){return M}});
|
package/dist/assert-av6s0a6t.js
DELETED
|
@@ -1,3 +0,0 @@
|
|
|
1
|
-
import{n as e}from"./errors-Czt_w1t_.js";import{n as t}from"./env-BG1x-kSX.js";import"arktype";import"typebox";import{encoder as n}from"@aura-stack/jose/crypto";const r=`0.5.0`,i=(e,t)=>e===null||t===null||e===void 0||t===void 0?!1:e===t,a=(e,t)=>{let n=e instanceof Headers?e:e.headers,r=e instanceof Headers?null:e.url;return t?r?.startsWith(`https://`)||n.get(`X-Forwarded-Proto`)===`https`||(n.get(`Forwarded`)?.includes(`proto=https`)??!1):r?.startsWith(`https://`)??!1},o=e=>!e.issues||e.issues.length===0?{}:e.issues.reduce((e,t)=>{let n=t.path.join(`.`);return{...e,[n]:{code:t.code,message:t.message}}},{}),s=e=>{let t=e.match(/^https?:\/\/[a-zA-Z0-9_\-.]+(:\d+)?(\/.*)$/);return t&&t[2]?t[2]:`/`},c=e=>e instanceof Error?e.name:typeof e==`string`?e:`UnknownError`,l=e=>{try{if(e.length>2048)return null;e=e.replace(/\\/g,``);let t=e.match(/^(https?):\/\/([a-zA-Z0-9.*-]{1,253})(?::(\d{1,5}|\*))?(?:\/.*)?$/);if(!t)return null;let[,n,r,i]=t,a=r.includes(`*`);if(a&&!r.startsWith(`*.`)||a&&!r.startsWith(`*.`)||a&&r.slice(2).includes(`*`))return null;let o=(a?r.slice(2):r).replace(/[.*+?^${}()|[\]\\]/g,`\\$&`),s=a?`[^.]+\\.${o}`:o,c=i===`*`?`:\\d{1,5}`:i?`:${i}`:``;return RegExp(`^${n}:\\/\\/${s}${c}$`)}catch{return null}},u=(e,t)=>{let r=n.encode(e),i=n.encode(t),a=Math.max(r.length,i.length),o=0;for(let e=0;e<a;e++)o|=(r[e]??0)^(i[e]??0);return o===0&&r.length===i.length},d=(r,i)=>{let a=t(r)??r,o=t(i)??i;if(!a||!o)throw new e(`INVALID_OAUTH_CONFIGURATION`,`Missing client credentials for OAuth provider configuration.`);let s=`${a}:${o}`,c=String.fromCharCode.apply(null,Array.from(n.encode(s)));return`Basic ${btoa(c)}`},f=(e,t)=>(new Headers(t).forEach((t,n)=>{e.has(n)||(n.toLowerCase()===`set-cookie`?e.append(n,t):e.set(n,t))}),e),p=[`<`,`>`,`"`,"`",` `,`\r`,`
|
|
2
|
-
`,` `,`\\`,`%2F`,`%5C`,`%2f`,`%5c`,`\r
|
|
3
|
-
`,`%0A`,`%0D`,`%0a`,`%0d`,`..`,`//`,`///`,`...`,`%20`,`\0`],m=e=>{if(!new RegExp(/^https?:\/\/[^/]/).test(e))return!1;let t=e.match(/^(https?:\/\/)(.*)$/);if(!t)return!1;let n=t[2];for(let e of p)if(n.includes(e))return!1;return/^https?:\/\/(?:[a-zA-Z0-9._-]+|localhost|\[[0-9a-fA-F:]+\])(?::\d{1,5})?(?:\/[a-zA-Z0-9._~!$&'()?#*+,;=:@-]*)*\/?$/.test(t[0])},h=e=>typeof e==`object`&&!!e&&`token`in e&&typeof e?.token==`string`,g=e=>{if(e.length>100)return!1;for(let t of p)if(e.includes(t))return!1;return/^\/[a-zA-Z0-9\-_/.?&=#]*\/?$/.test(e)},_=(e,t)=>{let n=new URL(e),r=new URL(t);return i(n.origin,r.origin)},v=(e,t)=>{if(!m(e)||t.length===0)return!1;try{let n=new URL(e).origin;for(let e of t){if(l(e)?.test(n))return!0;try{if(m(e)&&i(new URL(e).origin,n))return!0}catch{}}}catch{}return!1},y=e=>e?.jwt?.mode??`sealed`,b=e=>y(e)===`signed`,x=e=>y(e)===`encrypted`,S=e=>y(e)===`sealed`,C=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,w=e=>typeof e==`object`&&!!e&&`algorithm`in e&&`extractable`in e,T=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e,E=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&(w(e.sign)||C(e.sign))&&(w(e.encrypt)||C(e.encrypt)),D=e=>typeof e==`string`&&/-----BEGIN (PUBLIC|PRIVATE) KEY-----/.test(e),O=e=>typeof e==`object`&&!!e&&`publicKey`in e&&`privateKey`in e&&D(e.publicKey)&&D(e.privateKey),k=e=>typeof e==`object`&&!!e&&`sign`in e&&`encrypt`in e&&O(e.sign)&&O(e.encrypt),A=e=>typeof e==`object`&&!!e&&`~run`in e&&typeof e[`~run`]==`function`,j=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).length>0&&Object.values(e).every(A),M=e=>typeof e==`object`&&!!e&&`_def`in e,N=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(M),P=e=>typeof e==`function`&&e!==null&&`allows`in e&&`assert`in e,F=e=>typeof e==`object`&&!!e&&!Array.isArray(e)&&Object.values(e).every(e=>typeof e==`object`&&`type`in e);export{f as A,i as C,a as D,c as E,l as O,d as S,o as T,A as _,x as a,M as b,T as c,_ as d,S as f,j as g,F as h,E as i,u as k,O as l,v as m,w as n,k as o,b as p,C as r,h as s,P as t,g as u,m as v,s as w,r as x,N as y};
|
package/dist/crypto-BF4ETYC9.cjs
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
require(`./identity-n3aahaEr.cjs`);const e=require(`./errors-DcK2ELlk.cjs`),t=require(`./env-BhQ2k7jj.cjs`),n=require(`./assert-DaZSf4SH.cjs`);let r=require(`@aura-stack/jose/crypto`),i=require(`@aura-stack/jose/jose`),a=require(`@aura-stack/jose`);const o=e=>e?.jwt,s=e=>{let t=o(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},c=(e,t)=>({...s(t),...e}),l=(e,t)=>{let r={};return(n.p(e)||n.f(e))&&e?.jwt?.signingAlgorithm&&(r.alg=e.jwt.signingAlgorithm),{...r,...t}},u=(e,t)=>{let r={};return(n.a(e)||n.f(e))&&(e?.jwt?.keyAlgorithm&&(r.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(r.enc=e.jwt.encryptionAlgorithm)),{...r,...t}},d=(e,t)=>{let r={};return(n.p(e)||n.f(e))&&(e?.jwt?.signingAlgorithm&&(r.algorithms=[e.jwt.signingAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},f=(e,t)=>{let r={};return(n.a(e)||n.f(e))&&(e?.jwt?.keyAlgorithm&&(r.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(r.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),r.issuer=e?.jwt?.issuer,r.audience=e?.jwt?.audience),{...r,...t}},p=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e.a(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},m=async(r,i,o)=>{if(n.o(r)){if(!n.f(o))throw new e.i(`INVALID_PEM_KEY_PAIR`,`Multiples PEM Key Pairs from environment variables require 'sealed' JWT mode. For 'signed' or 'encrypted' modes, provide a single PEM key pair or a combined key object.`);let{sign:i,encrypt:a}=r,s=t.n(`SIGNING_ALG`)||t.n(`SIGNING_ALGORITHM`)||o?.jwt.signingAlgorithm||`RS256`,c=t.n(`ENCRYPTION_ALG`)||t.n(`ENCRYPTION_ALGORITHM`)||o?.jwt.keyAlgorithm||`RSA-OAEP-256`,l=await T(i,s),u=await T(a,c);return{jwsSecret:l,jweSecret:u,jwtSecret:{sign:l,encrypt:u}}}if(n.l(r)){if(n.f(o))throw new e.i(`INVALID_PEM_KEY_PAIR`,`Single PEM key pairs from environment variables require 'signed' or 'encrypted' JWT mode. For 'sealed' mode, provide separate signing and encryption keys or a combined key object.`);let{publicKey:i,privateKey:a}=await T(r,t.n(`ALGORITHM`)||t.n(`ALG`)||(n.p(o)?o?.jwt?.signingAlgorithm:void 0)||(n.a(o)?o?.jwt?.keyAlgorithm:void 0)||`RS256`);return{jwsSecret:{publicKey:i,privateKey:a},jweSecret:{publicKey:i,privateKey:a},jwtSecret:{sign:{publicKey:i,privateKey:a},encrypt:{publicKey:i,privateKey:a}}}}if(n.i(r))return{jwsSecret:r.sign,jweSecret:r.encrypt,jwtSecret:{sign:r.sign,encrypt:r.encrypt}};if(n.n(r)||n.r(r)||n.c(r))return{jwsSecret:r,jweSecret:r,jwtSecret:{sign:r,encrypt:r}};let[s,c]=await Promise.all([(0,a.createDeriveKey)(r,i,`aura:signing`),(0,a.createDeriveKey)(r,i,`aura:encryption`)]);return{jwsSecret:s,jweSecret:c,jwtSecret:{sign:s,encrypt:c}}},h=e=>{let n=t.n(`${e}${e&&`_`}PUBLIC_KEY`),r=t.n(`${e}${e&&`_`}PRIVATE_KEY`);return n&&r?{publicKey:n,privateKey:r}:null},g=n=>{if(n??=t.n(`SECRET`),n)return n;let r=h(``);if(r)return r;let i=h(`SIGNING`),a=h(`ENCRYPTION`);if(i&&a)return{sign:i,encrypt:a};throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`)},_=(n,r)=>{let i=g(n),o=t.n(`SALT`);if(!o)throw new e.n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{(0,a.createSecret)(o)}catch(t){throw new e.n(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:t})}let s=(async()=>{let{jwsSecret:e,jweSecret:t,jwtSecret:n}=await m(i,o,r);return{jwt:(0,a.createJWT)(n),jws:(0,a.createJWS)(e),jwe:(0,a.createJWE)(t)}})();return{signJWS:async(e,t)=>{let{jws:n}=await s;return n.signJWS(c(e,r),l(r,t))},verifyJWS:async(e,t)=>{let{jws:n}=await s,i=await n.verifyJWS(e,d(r,t));return p(i),i},encryptJWE:async(e,t)=>{let{jwe:n}=await s;return n.encryptJWE(c(e,r),u(r,t))},decryptJWE:async(e,t)=>{let{jwe:n}=await s,i=await n.decryptJWE(e,f(r,t));return p(i),i},encodeJWT:async(e,t)=>{let{jwt:n}=await s;return await n.encodeJWT(c(e,r),{sign:l(r,t?.sign),encrypt:u(r,t?.encrypt)})},decodeJWT:async(e,t)=>{let{jwt:n}=await s,i=await n.decodeJWT(e,{verify:d(r,t?.verify),decrypt:f(r,t?.decrypt)});return p(i),i}}},v=(e=32)=>i.base64url.encode((0,r.getRandomBytes)(e)),y=async e=>{let t=await(0,r.getSubtleCrypto)().digest(`SHA-256`,r.encoder.encode(e));return i.base64url.encode(new Uint8Array(t))},b=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??v(n??64);if(r.length<43||r.length>128)throw new e.a(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await y(r),method:`S256`}},x=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=v(32);return e.signJWS({token:n})}catch{let t=v(32);return e.signJWS({token:t})}},S=async(t,r,i)=>{try{let a=await t.verifyJWS(r),o=await t.verifyJWS(i);if(!n.s(a))throw new e.a(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!n.s(o))throw new e.a(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!n.C(a.token.length,o.token.length)||!n.k(a.token,o.token))throw new e.a(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e.a(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},C=async(e,t,n=1e5)=>{let a=(0,r.getSubtleCrypto)(),o=t?i.base64url.decode(t):(0,r.getRandomBytes)(16),s=await a.importKey(`raw`,r.encoder.encode(e),`PBKDF2`,!1,[`deriveBits`]),c=await a.deriveBits({name:`PBKDF2`,salt:o,iterations:n,hash:`SHA-256`},s,256),l=new Uint8Array(c),u=i.base64url.encode(l);return`pbkdf2-sha256:${n}:${i.base64url.encode(o)}:${u}`},w=async(e,t)=>{try{let r=t.split(`:`);if(r.length!==4)return!1;let[i,a,o]=r;if(i!==`pbkdf2-sha256`)return!1;let s=parseInt(a,10);if(isNaN(s))return!1;let[,,,c]=(await C(e,o,s)).split(`:`),[,,,l]=t.split(`:`);return!c||!l?!1:n.k(c,l)}catch{return!1}},T=async(e,t)=>{let n=await(0,i.importPKCS8)(e.privateKey,t,{extractable:!0});return{publicKey:await(0,i.importSPKI)(e.publicKey,t,{extractable:!0}),privateKey:n}},E=async(e,t)=>{let{publicKey:n,privateKey:r}=await(0,i.generateKeyPair)(e,t);return{publicKey:await(0,i.exportJWK)(n),privateKey:await(0,i.exportJWK)(r)}};Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return E}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return S}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return v}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return w}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return y}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return C}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return b}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return T}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return x}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return _}});
|
package/dist/crypto-D6aq4c8x.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
import{a as e,i as t,n}from"./errors-Czt_w1t_.js";import{n as r}from"./env-BG1x-kSX.js";import{C as i,a,c as o,f as s,i as c,k as l,l as u,n as d,o as f,p,r as m,s as h}from"./assert-av6s0a6t.js";import{encoder as g,getRandomBytes as _,getSubtleCrypto as v}from"@aura-stack/jose/crypto";import{base64url as y,exportJWK as b,generateKeyPair as x,generateKeyPair as S,importPKCS8 as C,importSPKI as w}from"@aura-stack/jose/jose";import{createDeriveKey as T,createJWE as E,createJWS as D,createJWT as O,createSecret as k}from"@aura-stack/jose";const A=e=>e?.jwt,j=e=>{let t=A(e),n={};t?.audience&&(n.aud=t.audience),t?.issuer&&(n.iss=t.issuer);let r=Math.floor(Date.now()/1e3);return t?.maxAge&&(n.exp=r+t.maxAge),t?.maxExpiration&&(n.mexp=r+t.maxExpiration),n},M=(e,t)=>({...j(t),...e}),N=(e,t)=>{let n={};return(p(e)||s(e))&&e?.jwt?.signingAlgorithm&&(n.alg=e.jwt.signingAlgorithm),{...n,...t}},P=(e,t)=>{let n={};return(a(e)||s(e))&&(e?.jwt?.keyAlgorithm&&(n.alg=e.jwt.keyAlgorithm),e?.jwt?.encryptionAlgorithm&&(n.enc=e.jwt.encryptionAlgorithm)),{...n,...t}},F=(e,t)=>{let n={};return(p(e)||s(e))&&(e?.jwt?.signingAlgorithm&&(n.algorithms=[e.jwt.signingAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},I=(e,t)=>{let n={};return(a(e)||s(e))&&(e?.jwt?.keyAlgorithm&&(n.keyManagementAlgorithms=[e.jwt.keyAlgorithm]),e?.jwt?.encryptionAlgorithm&&(n.contentEncryptionAlgorithms=[e.jwt.encryptionAlgorithm]),n.issuer=e?.jwt?.issuer,n.audience=e?.jwt?.audience),{...n,...t}},L=t=>{let n=Math.floor(Date.now()/1e3);if(t.mexp&&typeof t.mexp==`number`&&n>t.mexp)throw new e(`TOKEN_EXPIRED`,`The token has expired based on its maxExpiration (mexp) claim.`)},R=async(e,n,i)=>{if(f(e)){if(!s(i))throw new t(`INVALID_PEM_KEY_PAIR`,`Multiples PEM Key Pairs from environment variables require 'sealed' JWT mode. For 'signed' or 'encrypted' modes, provide a single PEM key pair or a combined key object.`);let{sign:n,encrypt:a}=e,o=r(`SIGNING_ALG`)||r(`SIGNING_ALGORITHM`)||i?.jwt.signingAlgorithm||`RS256`,c=r(`ENCRYPTION_ALG`)||r(`ENCRYPTION_ALGORITHM`)||i?.jwt.keyAlgorithm||`RSA-OAEP-256`,l=await Y(n,o),u=await Y(a,c);return{jwsSecret:l,jweSecret:u,jwtSecret:{sign:l,encrypt:u}}}if(u(e)){if(s(i))throw new t(`INVALID_PEM_KEY_PAIR`,`Single PEM key pairs from environment variables require 'signed' or 'encrypted' JWT mode. For 'sealed' mode, provide separate signing and encryption keys or a combined key object.`);let{publicKey:n,privateKey:o}=await Y(e,r(`ALGORITHM`)||r(`ALG`)||(p(i)?i?.jwt?.signingAlgorithm:void 0)||(a(i)?i?.jwt?.keyAlgorithm:void 0)||`RS256`);return{jwsSecret:{publicKey:n,privateKey:o},jweSecret:{publicKey:n,privateKey:o},jwtSecret:{sign:{publicKey:n,privateKey:o},encrypt:{publicKey:n,privateKey:o}}}}if(c(e))return{jwsSecret:e.sign,jweSecret:e.encrypt,jwtSecret:{sign:e.sign,encrypt:e.encrypt}};if(d(e)||m(e)||o(e))return{jwsSecret:e,jweSecret:e,jwtSecret:{sign:e,encrypt:e}};let[l,h]=await Promise.all([T(e,n,`aura:signing`),T(e,n,`aura:encryption`)]);return{jwsSecret:l,jweSecret:h,jwtSecret:{sign:l,encrypt:h}}},z=e=>{let t=r(`${e}${e&&`_`}PUBLIC_KEY`),n=r(`${e}${e&&`_`}PRIVATE_KEY`);return t&&n?{publicKey:t,privateKey:n}:null},B=e=>{if(e??=r(`SECRET`),e)return e;let t=z(``);if(t)return t;let i=z(`SIGNING`),a=z(`ENCRYPTION`);if(i&&a)return{sign:i,encrypt:a};throw new n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SECRET environment variable is not set and no secret was provided.`)},V=(e,t)=>{let i=B(e),a=r(`SALT`);if(!a)throw new n(`JOSE_INITIALIZATION_FAILED`,`AURA_AUTH_SALT or AUTH_SALT environment variable is not set. A salt value is required for key derivation.`);try{k(a)}catch(e){throw new n(`INVALID_SALT_SECRET_VALUE`,`AURA_AUTH_SALT/AUTH_SALT is invalid. It must be at least 32 bytes long and meet entropy requirements.`,{cause:e})}let o=(async()=>{let{jwsSecret:e,jweSecret:n,jwtSecret:r}=await R(i,a,t);return{jwt:O(r),jws:D(e),jwe:E(n)}})();return{signJWS:async(e,n)=>{let{jws:r}=await o;return r.signJWS(M(e,t),N(t,n))},verifyJWS:async(e,n)=>{let{jws:r}=await o,i=await r.verifyJWS(e,F(t,n));return L(i),i},encryptJWE:async(e,n)=>{let{jwe:r}=await o;return r.encryptJWE(M(e,t),P(t,n))},decryptJWE:async(e,n)=>{let{jwe:r}=await o,i=await r.decryptJWE(e,I(t,n));return L(i),i},encodeJWT:async(e,n)=>{let{jwt:r}=await o;return await r.encodeJWT(M(e,t),{sign:N(t,n?.sign),encrypt:P(t,n?.encrypt)})},decodeJWT:async(e,n)=>{let{jwt:r}=await o,i=await r.decodeJWT(e,{verify:F(t,n?.verify),decrypt:I(t,n?.decrypt)});return L(i),i}}},H=(e=32)=>y.encode(_(e)),U=async e=>{let t=await v().digest(`SHA-256`,g.encode(e));return y.encode(new Uint8Array(t))},W=async t=>{let n=t?void 0:Math.floor(Math.random()*65+32),r=t??H(n??64);if(r.length<43||r.length>128)throw new e(`PKCE_VERIFIER_INVALID`,`The code verifier must be between 43 and 128 characters in length.`);return{codeVerifier:r,codeChallenge:await U(r),method:`S256`}},G=async(e,t)=>{try{if(t)return await e.verifyJWS(t),t;let n=H(32);return e.signJWS({token:n})}catch{let t=H(32);return e.signJWS({token:t})}},K=async(t,n,r)=>{try{let a=await t.verifyJWS(n),o=await t.verifyJWS(r);if(!h(a))throw new e(`CSRF_TOKEN_INVALID`,`Cookie payload missing token field.`);if(!h(o))throw new e(`CSRF_TOKEN_INVALID`,`Header payload missing token field.`);if(!i(a.token.length,o.token.length)||!l(a.token,o.token))throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`);return!0}catch{throw new e(`CSRF_TOKEN_INVALID`,`The CSRF tokens do not match.`)}},q=async(e,t,n=1e5)=>{let r=v(),i=t?y.decode(t):_(16),a=await r.importKey(`raw`,g.encode(e),`PBKDF2`,!1,[`deriveBits`]),o=await r.deriveBits({name:`PBKDF2`,salt:i,iterations:n,hash:`SHA-256`},a,256),s=new Uint8Array(o),c=y.encode(s);return`pbkdf2-sha256:${n}:${y.encode(i)}:${c}`},J=async(e,t)=>{try{let n=t.split(`:`);if(n.length!==4)return!1;let[r,i,a]=n;if(r!==`pbkdf2-sha256`)return!1;let o=parseInt(i,10);if(isNaN(o))return!1;let[,,,s]=(await q(e,a,o)).split(`:`),[,,,c]=t.split(`:`);return!s||!c?!1:l(s,c)}catch{return!1}},Y=async(e,t)=>{let n=await C(e.privateKey,t,{extractable:!0});return{publicKey:await w(e.publicKey,t,{extractable:!0}),privateKey:n}},X=async(e,t)=>{let{publicKey:n,privateKey:r}=await x(e,t);return{publicKey:await b(n),privateKey:await b(r)}};export{H as a,Y as c,V as d,W as i,K as l,U as n,X as o,S as r,q as s,G as t,J as u};
|
package/dist/errors-Czt_w1t_.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
const e=e=>`captureStackTrace`in e&&typeof e.captureStackTrace==`function`;var t=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(t,n,r,i){super(n,i),this.error=t,this.errorURI=r,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},a=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(t,n){super(t,n),this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},o=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},s=class extends Error{type=`JOSE_INITIALIZATION_FAILED`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}};const c=e=>e instanceof Error,l=e=>e instanceof t,u=e=>e instanceof n,d=e=>e instanceof r,f=e=>e instanceof i,p=e=>e instanceof o,m=e=>u(e)||d(e)||f(e)||p(e);export{r as a,m as c,p as d,c as f,s as i,u as l,n,o,l as p,a as r,t as s,i as t,d as u};
|
package/dist/errors-DcK2ELlk.cjs
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
const e=e=>`captureStackTrace`in e&&typeof e.captureStackTrace==`function`;var t=class extends Error{type=`OAUTH_PROTOCOL_ERROR`;error;errorURI;constructor(t,n,r,i){super(n,i),this.error=t,this.errorURI=r,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},n=class extends Error{type=`AUTH_INTERNAL_ERROR`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},r=class extends Error{type=`AUTH_SECURITY_ERROR`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},i=class extends Error{type=`AUTH_CLIENT_ERROR`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},a=class extends Error{type=`AUTH_INVALID_CONFIGURATION_ERROR`;constructor(t,n){super(t,n),this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},o=class extends Error{type=`AUTH_VALIDATION_ERROR`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}},s=class extends Error{type=`JOSE_INITIALIZATION_FAILED`;code;constructor(t,n,r){super(n,r),this.code=t,this.name=new.target.name,e(Error)&&Error.captureStackTrace(this,new.target)}};const c=e=>e instanceof Error,l=e=>e instanceof t,u=e=>e instanceof n,d=e=>e instanceof r,f=e=>e instanceof i,p=e=>e instanceof o,m=e=>u(e)||d(e)||f(e)||p(e);Object.defineProperty(exports,`a`,{enumerable:!0,get:function(){return r}}),Object.defineProperty(exports,`c`,{enumerable:!0,get:function(){return m}}),Object.defineProperty(exports,`d`,{enumerable:!0,get:function(){return p}}),Object.defineProperty(exports,`f`,{enumerable:!0,get:function(){return c}}),Object.defineProperty(exports,`i`,{enumerable:!0,get:function(){return s}}),Object.defineProperty(exports,`l`,{enumerable:!0,get:function(){return u}}),Object.defineProperty(exports,`n`,{enumerable:!0,get:function(){return n}}),Object.defineProperty(exports,`o`,{enumerable:!0,get:function(){return o}}),Object.defineProperty(exports,`p`,{enumerable:!0,get:function(){return l}}),Object.defineProperty(exports,`r`,{enumerable:!0,get:function(){return a}}),Object.defineProperty(exports,`s`,{enumerable:!0,get:function(){return t}}),Object.defineProperty(exports,`t`,{enumerable:!0,get:function(){return i}}),Object.defineProperty(exports,`u`,{enumerable:!0,get:function(){return d}});
|