@draftlab/auth 0.14.0 → 0.15.1

package/dist/provider/twitch.d.mts

@@ -2,50 +2,49 @@ import { Provider } from "./provider.mjs";
 import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
 
 //#region src/provider/twitch.d.ts
-
 /**
  * Configuration options for Twitch OAuth 2.0 provider.
  * Extends the base OAuth 2.0 configuration with Twitch-specific documentation.
  */
 interface TwitchConfig extends Oauth2WrappedConfig {
   /**
-   * Twitch application client ID.
-   * Get this from your Twitch Console at https://dev.twitch.tv/console
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "abcdef123456"
-   * }
-   * ```
-   */
+       * Twitch application client ID.
+       * Get this from your Twitch Console at https://dev.twitch.tv/console
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "abcdef123456"
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * Twitch application client secret.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.TWITCH_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * Twitch application client secret.
+       * Keep this secure and never expose it to client-side code.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.TWITCH_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * Twitch OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "user:read:email",           // Access user email
-   *     "user:read:subscriptions"    // View subscriptions
-   *   ]
-   * }
-   * ```
-   */
+       * Twitch OAuth scopes to request access for.
+       * Determines what data and actions your app can access.
+       *
+       * @example
+       * ```ts
+       * {
+       *   scopes: [
+       *     "user:read:email",           // Access user email
+       *     "user:read:subscriptions"    // View subscriptions
+       *   ]
+       * }
+       * ```
+       */
   readonly scopes: string[];
 }
 /**

package/dist/provider/vercel.d.mts

@@ -2,84 +2,83 @@ import { Provider } from "./provider.mjs";
 import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
 
 //#region src/provider/vercel.d.ts
-
 /**
  * Configuration options for Vercel OAuth 2.0 + OpenID Connect provider.
  * Extends the base OAuth 2.0 configuration with Vercel-specific documentation.
  */
 interface VercelConfig extends Oauth2WrappedConfig {
   /**
-   * Vercel OAuth App client ID.
-   * Found in your Vercel App settings under the Authentication tab.
-   *
-   * To create an app:
-   * 1. Go to Team Settings → Apps → Create
-   * 2. Configure app details and callback URLs
-   * 3. Copy the Client ID from the Authentication tab
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "oac_abc123xyz789" // Vercel OAuth App Client ID
-   * }
-   * ```
-   */
+       * Vercel OAuth App client ID.
+       * Found in your Vercel App settings under the Authentication tab.
+       *
+       * To create an app:
+       * 1. Go to Team Settings → Apps → Create
+       * 2. Configure app details and callback URLs
+       * 3. Copy the Client ID from the Authentication tab
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "oac_abc123xyz789" // Vercel OAuth App Client ID
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * Vercel OAuth App client secret.
-   * Generated in your Vercel App settings under the Authentication tab.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * To generate:
-   * 1. Go to your app's Authentication tab
-   * 2. Click "Generate Client Secret"
-   * 3. Copy and store securely (shown only once)
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.VERCEL_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * Vercel OAuth App client secret.
+       * Generated in your Vercel App settings under the Authentication tab.
+       * Keep this secure and never expose it to client-side code.
+       *
+       * To generate:
+       * 1. Go to your app's Authentication tab
+       * 2. Click "Generate Client Secret"
+       * 3. Copy and store securely (shown only once)
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.VERCEL_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * OpenID Connect scopes to request.
-   * Controls what user information is included in the ID Token.
-   *
-   * Available scopes (must be enabled in Vercel App dashboard first):
-   * - `openid`: Required for ID Token issuance
-   * - `email`: User's email address
-   * - `profile`: Name, username, and avatar
-   * - `offline_access`: Refresh token for long-lived access (optional)
-   *
-   * **Important**: Enable scopes in: Vercel App → Permissions page
-   *
-   * @example
-   * ```ts
-   * {
-   *   // Basic scopes (usually sufficient)
-   *   scopes: ["openid", "email", "profile"]
-   *
-   *   // With refresh token support (enable offline_access in dashboard first)
-   *   scopes: ["openid", "email", "profile", "offline_access"]
-   * }
-   * ```
-   */
+       * OpenID Connect scopes to request.
+       * Controls what user information is included in the ID Token.
+       *
+       * Available scopes (must be enabled in Vercel App dashboard first):
+       * - `openid`: Required for ID Token issuance
+       * - `email`: User's email address
+       * - `profile`: Name, username, and avatar
+       * - `offline_access`: Refresh token for long-lived access (optional)
+       *
+       * **Important**: Enable scopes in: Vercel App → Permissions page
+       *
+       * @example
+       * ```ts
+       * {
+       *   // Basic scopes (usually sufficient)
+       *   scopes: ["openid", "email", "profile"]
+       *
+       *   // With refresh token support (enable offline_access in dashboard first)
+       *   scopes: ["openid", "email", "profile", "offline_access"]
+       * }
+       * ```
+       */
   readonly scopes: string[];
   /**
-   * Additional query parameters for Vercel OAuth authorization.
-   * Useful for customizing the authorization flow.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     prompt: "consent"  // Force consent screen every time
-   *   }
-   * }
-   * ```
-   */
+       * Additional query parameters for Vercel OAuth authorization.
+       * Useful for customizing the authorization flow.
+       *
+       * @example
+       * ```ts
+       * {
+       *   query: {
+       *     prompt: "consent"  // Force consent screen every time
+       *   }
+       * }
+       * ```
+       */
   readonly query?: Record<string, string>;
 }
 /**

package/dist/revocation.d.mts

@@ -1,7 +1,6 @@
 import { StorageAdapter } from "./storage/storage.mjs";
 
 //#region src/revocation.d.ts
-
 /**
  * Data stored for a revoked token.
  * Tracks when the token was revoked and when it naturally expires.
@@ -18,37 +17,37 @@ interface RevocationRecord {
  */
 declare const Revocation: {
   /**
-   * Revokes a token, preventing it from being used even if not yet expired.
-   *
-   * @param storage - Storage adapter to use
-   * @param token - The token to revoke (access or refresh token)
-   * @param expiresAt - When the token naturally expires (milliseconds since epoch)
-   * @returns Promise that resolves when revocation is stored
-   *
-   * @example
-   * ```ts
-   * // Revoke a refresh token on logout
-   * await Revocation.revoke(storage, refreshToken, expiresAt)
-   * ```
-   */
+       * Revokes a token, preventing it from being used even if not yet expired.
+       *
+       * @param storage - Storage adapter to use
+       * @param token - The token to revoke (access or refresh token)
+       * @param expiresAt - When the token naturally expires (milliseconds since epoch)
+       * @returns Promise that resolves when revocation is stored
+       *
+       * @example
+       * ```ts
+       * // Revoke a refresh token on logout
+       * await Revocation.revoke(storage, refreshToken, expiresAt)
+       * ```
+       */
   readonly revoke: (storage: StorageAdapter, token: string, expiresAt: number) => Promise<void>;
   /**
-   * Checks if a token has been revoked.
-   * Returns false if token is not in revocation list (never revoked or already expired).
-   *
-   * @param storage - Storage adapter to use
-   * @param token - The token to check
-   * @returns Promise resolving to true if token is revoked, false otherwise
-   *
-   * @example
-   * ```ts
-   * // Check if token was revoked before using it
-   * const isRevoked = await Revocation.isRevoked(storage, accessToken)
-   * if (isRevoked) {
-   *   throw new InvalidAccessTokenError()
-   * }
-   * ```
-   */
+       * Checks if a token has been revoked.
+       * Returns false if token is not in revocation list (never revoked or already expired).
+       *
+       * @param storage - Storage adapter to use
+       * @param token - The token to check
+       * @returns Promise resolving to true if token is revoked, false otherwise
+       *
+       * @example
+       * ```ts
+       * // Check if token was revoked before using it
+       * const isRevoked = await Revocation.isRevoked(storage, accessToken)
+       * if (isRevoked) {
+       *   throw new InvalidAccessTokenError()
+       * }
+       * ```
+       */
   readonly isRevoked: (storage: StorageAdapter, token: string) => Promise<boolean>;
 };
 //#endregion

package/dist/router/context.d.mts

@@ -0,0 +1,21 @@
+import { RouterContext, VariableMap } from "./types.mjs";
+
+//#region src/router/context.d.ts
+declare class ContextBuilder<TVariables extends VariableMap = VariableMap> {
+  private readonly request;
+  private readonly matchedParams;
+  private readonly searchParams;
+  private readonly cookies;
+  private readonly variableManager;
+  private readonly responseHeaders;
+  private status;
+  private finalized;
+  private cachedFormData;
+  private formDataPromise;
+  private bodyText;
+  constructor(request: Request, matchedParams: Record<string, string>, initialVariables?: Partial<TVariables>);
+  build<TParams extends Record<string, string>>(): RouterContext<TParams, TVariables>;
+  newResponse(body?: BodyInit, init?: ResponseInit): Response;
+}
+//#endregion
+export { ContextBuilder };

package/dist/router/context.mjs

@@ -0,0 +1,193 @@
+import { ContextVariableManager } from "./variables.mjs";
+
+//#region src/router/context.ts
+const parseCookies = (request) => {
+	const cookies = /* @__PURE__ */ new Map();
+	const cookieHeader = request.headers.get("cookie");
+	if (!cookieHeader) return cookies;
+	try {
+		for (const cookie of cookieHeader.split(";")) {
+			const trimmedCookie = cookie.trim();
+			if (!trimmedCookie) continue;
+			const [name, ...valueParts] = trimmedCookie.split("=");
+			if (!name || name.trim() === "") continue;
+			const trimmedName = name.trim();
+			if (!/^[!#$%&'*+\-.0-9A-Z^_`a-z|~]+$/.test(trimmedName)) {
+				console.warn(`Invalid cookie name: ${trimmedName}`);
+				continue;
+			}
+			const value = valueParts.join("=");
+			try {
+				cookies.set(trimmedName, decodeURIComponent(value));
+			} catch {
+				cookies.set(trimmedName, value);
+			}
+		}
+	} catch (error) {
+		console.error("Failed to parse cookies:", error);
+	}
+	return cookies;
+};
+const serializeCookie = (name, value, options = {}) => {
+	if (!/^[!#$%&'*+\-.0-9A-Z^_`a-z|~]+$/.test(name)) throw new Error(`Invalid cookie name: ${name}`);
+	const parts = [`${name}=${encodeURIComponent(value)}`];
+	if (options.domain) parts.push(`Domain=${options.domain}`);
+	if (options.path) parts.push(`Path=${options.path}`);
+	if (options.expires) parts.push(`Expires=${options.expires.toUTCString()}`);
+	if (options.maxAge) parts.push(`Max-Age=${options.maxAge}`);
+	if (options.httpOnly) parts.push("HttpOnly");
+	if (options.secure) parts.push("Secure");
+	if (options.sameSite) parts.push(`SameSite=${options.sameSite}`);
+	return parts.join("; ");
+};
+const validateRedirectStatus = (status) => {
+	if (![
+		300,
+		301,
+		302,
+		303,
+		307,
+		308
+	].includes(status)) throw new Error(`Invalid redirect status code: ${status}.`);
+	return true;
+};
+var ContextBuilder = class {
+	request;
+	matchedParams;
+	searchParams;
+	cookies;
+	variableManager;
+	responseHeaders = new Headers();
+	status = 200;
+	finalized = false;
+	cachedFormData = null;
+	formDataPromise = null;
+	bodyText = null;
+	constructor(request, matchedParams, initialVariables) {
+		if (!request || typeof request !== "object" || !request.url || !request.method) throw new Error("Invalid request object provided to ContextBuilder.");
+		this.request = request;
+		this.matchedParams = matchedParams;
+		this.searchParams = new URL(request.url).searchParams;
+		this.cookies = parseCookies(request);
+		this.variableManager = new ContextVariableManager(initialVariables);
+		Object.freeze(this.matchedParams);
+	}
+	build() {
+		return {
+			request: this.request,
+			params: this.matchedParams,
+			searchParams: this.searchParams,
+			query: (key) => this.searchParams.get(key) ?? void 0,
+			header: (key) => this.request.headers.get(key) ?? void 0,
+			cookie: (key) => this.cookies.get(key),
+			formData: async () => {
+				if (this.cachedFormData) return this.cachedFormData;
+				if (this.formDataPromise) try {
+					return await this.formDataPromise;
+				} catch {
+					this.formDataPromise = null;
+				}
+				this.formDataPromise = (async () => {
+					try {
+						const formData = await this.request.formData();
+						this.cachedFormData = formData;
+						return formData;
+					} catch (error) {
+						this.formDataPromise = null;
+						throw new Error(`Failed to read form data: ${error instanceof Error ? error.message : "Unknown error"}`);
+					}
+				})();
+				return this.formDataPromise;
+			},
+			parseJson: async () => {
+				try {
+					if (this.bodyText !== null) {
+						if (!this.bodyText) throw new Error("Request body is empty.");
+						return JSON.parse(this.bodyText);
+					}
+					const text = await this.request.text();
+					this.bodyText = text;
+					if (!text) throw new Error("Request body is empty.");
+					return JSON.parse(text);
+				} catch (error) {
+					throw new Error(`Failed to parse JSON: ${error instanceof Error ? error.message : "Unknown error"}`);
+				}
+			},
+			redirect: (url, status = 302) => {
+				validateRedirectStatus(status);
+				const location = url instanceof URL ? url.toString() : url;
+				return this.newResponse(void 0, {
+					status,
+					headers: { location }
+				});
+			},
+			json: (data, init) => {
+				const finalInit = {
+					...init,
+					headers: {
+						"content-type": "application/json; charset=utf-8",
+						...init?.headers
+					}
+				};
+				return this.newResponse(JSON.stringify(data), finalInit);
+			},
+			text: (data, init) => {
+				const finalInit = {
+					...init,
+					headers: {
+						"content-type": "text/plain; charset=utf-8",
+						...init?.headers
+					}
+				};
+				return this.newResponse(data, finalInit);
+			},
+			setCookie: (name, value, options) => {
+				try {
+					const cookie = serializeCookie(name, value, options);
+					this.responseHeaders.append("Set-Cookie", cookie);
+				} catch (error) {
+					console.error(`Failed to set cookie "${name}":`, error);
+				}
+			},
+			deleteCookie: (name, options) => {
+				try {
+					const cookie = serializeCookie(name, "", {
+						...options,
+						expires: /* @__PURE__ */ new Date(0)
+					});
+					this.responseHeaders.append("Set-Cookie", cookie);
+				} catch (error) {
+					console.error(`Failed to delete cookie "${name}":`, error);
+				}
+			},
+			newResponse: (body, init) => this.newResponse(body, init),
+			set: (key, value) => {
+				this.variableManager.set(key, value);
+			},
+			get: (key) => {
+				return this.variableManager.get(key);
+			},
+			has: (key) => {
+				return this.variableManager.has(key);
+			}
+		};
+	}
+	newResponse(body, init) {
+		if (this.finalized) throw new Error("Response already finalized");
+		const finalHeaders = new Headers(this.responseHeaders);
+		if (init?.headers) new Headers(init.headers).forEach((value, key) => {
+			if (key.toLowerCase() === "set-cookie") finalHeaders.append(key, value);
+			else finalHeaders.set(key, value);
+		});
+		const response = new Response(body, {
+			status: init?.status || this.status,
+			statusText: init?.statusText,
+			headers: finalHeaders
+		});
+		this.finalized = true;
+		return response;
+	}
+};
+
+//#endregion
+export { ContextBuilder };

package/dist/router/cookies.d.mts

@@ -0,0 +1,8 @@
+import { CookieOptions, RouterContext, VariableMap } from "./types.mjs";
+
+//#region src/router/cookies.d.ts
+declare const getCookie: <TVariables extends VariableMap = VariableMap>(ctx: RouterContext<Record<string, string>, TVariables>, name: string) => string | undefined;
+declare const setCookie: <TVariables extends VariableMap = VariableMap>(ctx: RouterContext<Record<string, string>, TVariables>, name: string, value: string, options?: CookieOptions) => void;
+declare const deleteCookie: <TVariables extends VariableMap = VariableMap>(ctx: RouterContext<Record<string, string>, TVariables>, name: string, options?: Pick<CookieOptions, "domain" | "path">) => void;
+//#endregion
+export { deleteCookie, getCookie, setCookie };

package/dist/router/cookies.mjs

@@ -0,0 +1,13 @@
+//#region src/router/cookies.ts
+const getCookie = (ctx, name) => {
+	return ctx.cookie(name);
+};
+const setCookie = (ctx, name, value, options) => {
+	ctx.setCookie(name, value, options);
+};
+const deleteCookie = (ctx, name, options) => {
+	ctx.deleteCookie(name, options);
+};
+
+//#endregion
+export { deleteCookie, getCookie, setCookie };

package/dist/router/index.d.mts

@@ -0,0 +1,21 @@
+import { AnyHandler, ErrorHandler, ExtractParams, GlobalMiddleware, RouterEnvironment, RouterOptions } from "./types.mjs";
+
+//#region src/router/index.d.ts
+declare class Router<TEnvironment extends RouterEnvironment = RouterEnvironment> {
+  private readonly routes;
+  private readonly matcher;
+  private readonly globalMiddleware;
+  private errorHandler?;
+  constructor(routerOptions?: RouterOptions);
+  private addRoute;
+  get<TPath extends string>(path: TPath, handler: AnyHandler<ExtractParams<TPath>, TEnvironment["Variables"]>): this;
+  post<TPath extends string>(path: TPath, handler: AnyHandler<ExtractParams<TPath>, TEnvironment["Variables"]>): this;
+  use(middleware: GlobalMiddleware<TEnvironment["Variables"]>): this;
+  onError(handler: ErrorHandler<TEnvironment["Variables"]>): this;
+  mount<TMountedEnvironment extends RouterEnvironment>(path: string, router: Router<TMountedEnvironment>): this;
+  handle(request: Request, initialVariables?: Partial<TEnvironment["Variables"]>): Promise<Response>;
+  get fetch(): (request: Request) => Promise<Response>;
+  private createErrorResponse;
+}
+//#endregion
+export { Router };

package/dist/router/index.mjs

@@ -0,0 +1,107 @@
+import { ContextBuilder } from "./context.mjs";
+import { RouteMatcher } from "./matcher.mjs";
+import { makeSafeRequest } from "./safe-request.mjs";
+
+//#region src/router/index.ts
+var Router = class {
+	routes = /* @__PURE__ */ new Map();
+	matcher;
+	globalMiddleware = [];
+	errorHandler;
+	constructor(routerOptions = {}) {
+		this.matcher = new RouteMatcher(routerOptions);
+	}
+	addRoute(method, path, handler) {
+		const { handler: mainHandler, middleware = [] } = typeof handler === "function" ? { handler } : handler;
+		if (typeof mainHandler !== "function") throw new Error(`Handler for ${method} ${path} must be a function.`);
+		const route = {
+			method,
+			pattern: path,
+			handler: mainHandler,
+			middleware: [...this.globalMiddleware, ...middleware],
+			compiled: this.matcher.compile(path)
+		};
+		const methodRoutes = this.routes.get(method) ?? [];
+		if (methodRoutes.some((r) => r.pattern === path)) console.warn(`Route already exists: ${method} ${path}. Overwriting.`);
+		const newRoutes = [...methodRoutes.filter((r) => r.pattern !== path), route];
+		const sortedPatterns = this.matcher.sortRoutesBySpecificity(newRoutes.map((r) => r.pattern));
+		newRoutes.sort((a, b) => sortedPatterns.indexOf(a.pattern) - sortedPatterns.indexOf(b.pattern));
+		this.routes.set(method, newRoutes);
+		return this;
+	}
+	get(path, handler) {
+		return this.addRoute("GET", path, handler);
+	}
+	post(path, handler) {
+		return this.addRoute("POST", path, handler);
+	}
+	use(middleware) {
+		this.globalMiddleware.push(middleware);
+		return this;
+	}
+	onError(handler) {
+		this.errorHandler = handler;
+		return this;
+	}
+	mount(path, router) {
+		const normalizedPath = path.endsWith("/") ? path.slice(0, -1) : path;
+		for (const [method, routes] of router.routes) for (const route of routes) this.addRoute(method, `${normalizedPath}${route.pattern}`, {
+			handler: route.handler,
+			middleware: route.middleware
+		});
+		return this;
+	}
+	async handle(request, initialVariables) {
+		const safeRequest = await makeSafeRequest(request);
+		try {
+			const url = new URL(safeRequest.url);
+			const method = safeRequest.method.toUpperCase();
+			const pathname = this.matcher.normalizePath(url.pathname);
+			const methodRoutes = this.routes.get(method);
+			if (!methodRoutes) return this.createErrorResponse("Not Found", 404);
+			for (const route of methodRoutes) {
+				const match = this.matcher.match(route.pattern, pathname);
+				if (match) {
+					const context = new ContextBuilder(safeRequest, match.params, initialVariables).build();
+					const allMiddleware = [...this.globalMiddleware, ...route.middleware];
+					const run = async (index, ctx) => {
+						if (index < allMiddleware.length) {
+							const middleware = allMiddleware[index];
+							if (middleware) return middleware(ctx, () => run(index + 1, ctx));
+						}
+						return route.handler(ctx);
+					};
+					return await run(0, context);
+				}
+			}
+			return this.createErrorResponse(`Route not found: ${method} ${pathname}`, 404);
+		} catch (error) {
+			console.error("Router handle error:", error);
+			if (this.errorHandler) try {
+				const errorContext = new ContextBuilder(safeRequest, {}, initialVariables).build();
+				return await this.errorHandler(error, errorContext);
+			} catch (handlerError) {
+				console.error("Error handler failed:", handlerError);
+			}
+			const message = error instanceof Error ? error.message : "Internal Server Error";
+			return this.createErrorResponse(message, 500);
+		}
+	}
+	get fetch() {
+		return (request) => {
+			return this.handle(request);
+		};
+	}
+	createErrorResponse(message, status) {
+		return new Response(JSON.stringify({
+			error: message,
+			status
+		}), {
+			status,
+			headers: { "Content-Type": "application/json" }
+		});
+	}
+};
+
+//#endregion
+export { Router };