@authrim/sveltekit 0.1.3 → 0.1.4

package/dist/server/handoff.d.ts

@@ -0,0 +1,77 @@
+/**
+ * Smart Handoff SSO Handler for SvelteKit
+ *
+ * Handles handoff token verification and session management for cross-domain SSO
+ * in SvelteKit server-side code.
+ */
+import type { Handle, RequestEvent } from '@sveltejs/kit';
+import type { Session, User } from '@authrim/core';
+import { type ServerSessionManagerOptions } from './session.js';
+/**
+ * Handoff verification options
+ */
+export interface HandoffVerifyOptions {
+    /**
+     * Authrim IdP URL (required if not using createAuthHandle)
+     */
+    issuer?: string;
+    /**
+     * OAuth client ID (required if not using createAuthHandle)
+     */
+    clientId?: string;
+    /**
+     * Handoff verify endpoint
+     * @default '/auth/external/handoff/verify'
+     */
+    verifyEndpoint?: string;
+    /**
+     * Error redirect path
+     * @default '/login'
+     */
+    errorRedirect?: string;
+    /**
+     * Session manager options
+     */
+    sessionOptions?: ServerSessionManagerOptions;
+}
+/**
+ * Verify handoff token from callback URL
+ *
+ * Usage in +page.server.ts:
+ * ```typescript
+ * export const load = async (event) => {
+ *   const result = await verifyHandoffToken(event);
+ *   if (!result.success) {
+ *     throw redirect(302, '/login');
+ *   }
+ *   return { session: result.session, user: result.user };
+ * };
+ * ```
+ */
+export declare function verifyHandoffToken(event: RequestEvent, options?: HandoffVerifyOptions): Promise<{
+    success: true;
+    session: Session;
+    user: User;
+} | {
+    success: false;
+    error: string;
+}>;
+/**
+ * Create handoff handler for SvelteKit hooks
+ *
+ * Usage in hooks.server.ts:
+ * ```typescript
+ * import { sequence } from '@sveltejs/kit/hooks';
+ * import { createAuthHandle, createHandoffHandler } from '@authrim/sveltekit/server';
+ *
+ * export const handle = sequence(
+ *   createAuthHandle({
+ *     issuer: env.AUTHRIM_ISSUER,
+ *     clientId: env.AUTHRIM_CLIENT_ID,
+ *   }),
+ *   createHandoffHandler()
+ * );
+ * ```
+ */
+export declare function createHandoffHandler(options?: HandoffVerifyOptions): Handle;
+//# sourceMappingURL=handoff.d.ts.map

package/dist/server/handoff.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handoff.d.ts","sourceRoot":"","sources":["../../src/lib/server/handoff.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE1D,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAGL,KAAK,2BAA2B,EACjC,MAAM,cAAc,CAAC;AAEtB;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;OAEG;IACH,cAAc,CAAC,EAAE,2BAA2B,CAAC;CAC9C;AAmDD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,YAAY,EACnB,OAAO,CAAC,EAAE,oBAAoB,GAC7B,OAAO,CACN;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,IAAI,CAAA;CAAE,GAC/C;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CACpC,CA+DA;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,CAAC,EAAE,oBAAoB,GAAG,MAAM,CAwB3E"}

package/dist/server/handoff.js

@@ -0,0 +1,133 @@
+/**
+ * Smart Handoff SSO Handler for SvelteKit
+ *
+ * Handles handoff token verification and session management for cross-domain SSO
+ * in SvelteKit server-side code.
+ */
+import { redirect } from '@sveltejs/kit';
+import { createServerSessionManager, } from './session.js';
+/**
+ * Get auth config from options or event.locals
+ */
+function getAuthConfig(event, options) {
+    // Try to get from options first
+    if (options?.issuer && options?.clientId) {
+        return { issuer: options.issuer, clientId: options.clientId };
+    }
+    // Fallback to event.locals (set by createAuthHandle)
+    const issuer = event.locals.authrim_issuer;
+    const clientId = event.locals.authrim_client_id;
+    if (!issuer || !clientId) {
+        throw new Error('Authrim config not found. Please provide issuer and clientId in options, or use createAuthHandle.');
+    }
+    return { issuer, clientId };
+}
+/**
+ * Verify handoff token from callback URL
+ *
+ * Usage in +page.server.ts:
+ * ```typescript
+ * export const load = async (event) => {
+ *   const result = await verifyHandoffToken(event);
+ *   if (!result.success) {
+ *     throw redirect(302, '/login');
+ *   }
+ *   return { session: result.session, user: result.user };
+ * };
+ * ```
+ */
+export async function verifyHandoffToken(event, options) {
+    const { url } = event;
+    const handoffToken = url.searchParams.get('handoff_token');
+    const state = url.searchParams.get('state');
+    if (!handoffToken || !state) {
+        return { success: false, error: 'Missing handoff token or state' };
+    }
+    try {
+        const { issuer, clientId } = getAuthConfig(event, options);
+        const verifyEndpoint = options?.verifyEndpoint || '/auth/external/handoff/verify';
+        const response = await fetch(`${issuer}${verifyEndpoint}`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                handoff_token: handoffToken,
+                state: state,
+                client_id: clientId,
+            }),
+        });
+        if (!response.ok) {
+            const error = await response.json().catch(() => ({}));
+            return {
+                success: false,
+                error: error.error_description || 'Handoff verification failed',
+            };
+        }
+        const data = await response.json();
+        // Save session to cookie
+        const sessionManager = createServerSessionManager(options?.sessionOptions);
+        const authContext = {
+            session: {
+                id: data.session.id,
+                userId: data.session.userId,
+                createdAt: data.session.createdAt,
+                expiresAt: data.session.expiresAt,
+            },
+            user: {
+                id: data.user.id,
+                email: data.user.email ?? undefined,
+                name: data.user.name ?? undefined,
+                emailVerified: data.user.emailVerified,
+            },
+        };
+        sessionManager.set(event, authContext);
+        return {
+            success: true,
+            session: authContext.session,
+            user: authContext.user,
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            error: error instanceof Error ? error.message : 'Unknown error',
+        };
+    }
+}
+/**
+ * Create handoff handler for SvelteKit hooks
+ *
+ * Usage in hooks.server.ts:
+ * ```typescript
+ * import { sequence } from '@sveltejs/kit/hooks';
+ * import { createAuthHandle, createHandoffHandler } from '@authrim/sveltekit/server';
+ *
+ * export const handle = sequence(
+ *   createAuthHandle({
+ *     issuer: env.AUTHRIM_ISSUER,
+ *     clientId: env.AUTHRIM_CLIENT_ID,
+ *   }),
+ *   createHandoffHandler()
+ * );
+ * ```
+ */
+export function createHandoffHandler(options) {
+    return async ({ event, resolve }) => {
+        // Check if this is a handoff callback
+        const { url } = event;
+        if (url.searchParams.has('handoff_token')) {
+            const result = await verifyHandoffToken(event, options);
+            if (!result.success) {
+                const errorRedirect = options?.errorRedirect || '/login';
+                // Use 303 See Other (POST → GET redirect, safer than 302)
+                throw redirect(303, errorRedirect);
+            }
+            // Remove handoff token from URL
+            const cleanUrl = new URL(url);
+            cleanUrl.searchParams.delete('handoff_token');
+            cleanUrl.searchParams.delete('state');
+            // Use 303 See Other (認証後のリダイレクトに適切)
+            throw redirect(303, cleanUrl.toString());
+        }
+        return resolve(event);
+    };
+}

package/dist/server/index.d.ts

@@ -1,4 +1,5 @@
 export { createServerSessionManager, type ServerSessionManager, type ServerSessionManagerOptions, type ServerAuthContext, } from './session.js';
 export { createAuthHandle, getServerSessionManager, getAuthFromEvent, type AuthHandleOptions, } from './handle.js';
 export { requireAuth, createAuthLoad, isAuthenticated, getUser, getSession, type AuthLoadOptions, } from './load.js';
+export { verifyHandoffToken, createHandoffHandler, type HandoffVerifyOptions, } from './handoff.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,0BAA0B,EAC1B,KAAK,oBAAoB,EACzB,KAAK,2BAA2B,EAChC,KAAK,iBAAiB,GACvB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,gBAAgB,EAChB,KAAK,iBAAiB,GACvB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,WAAW,EACX,cAAc,EACd,eAAe,EACf,OAAO,EACP,UAAU,EACV,KAAK,eAAe,GACrB,MAAM,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,0BAA0B,EAC1B,KAAK,oBAAoB,EACzB,KAAK,2BAA2B,EAChC,KAAK,iBAAiB,GACvB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,gBAAgB,EAChB,KAAK,iBAAiB,GACvB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,WAAW,EACX,cAAc,EACd,eAAe,EACf,OAAO,EACP,UAAU,EACV,KAAK,eAAe,GACrB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,KAAK,oBAAoB,GAC1B,MAAM,cAAc,CAAC"}

package/dist/server/index.js

@@ -1,3 +1,4 @@
 export { createServerSessionManager, } from './session.js';
 export { createAuthHandle, getServerSessionManager, getAuthFromEvent, } from './handle.js';
 export { requireAuth, createAuthLoad, isAuthenticated, getUser, getSession, } from './load.js';
+export { verifyHandoffToken, createHandoffHandler, } from './handoff.js';

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@authrim/sveltekit",
   "packageManager": "pnpm@9.15.0",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "SvelteKit SDK for Authrim authentication",
   "type": "module",
   "svelte": "./dist/index.js",