@draftlab/auth 0.15.0 → 0.16.0

package/dist/provider/code.mjs

@@ -1,246 +0,0 @@
-import { generateUnbiasedDigits, timingSafeCompare } from "../random.mjs";
-
-//#region src/provider/code.ts
-/**
-* PIN code authentication provider for Draft Auth.
-* Supports flexible claim-based authentication via email, phone, or custom identifiers.
-*
-* ## Quick Setup
-*
-* ```ts
-* import { CodeUI } from "@draftlab/auth/ui/code"
-* import { CodeProvider } from "@draftlab/auth/provider/code"
-*
-* export default issuer({
-*   providers: {
-*     code: CodeProvider(
-*       CodeUI({
-*         copy: {
-*           code_info: "We'll send a PIN code to your email"
-*         },
-*         sendCode: async (claims, code) => {
-*           try {
-*             await sendEmail(claims.email, `Your code: ${code}`)
-*           } catch {
-*             return { type: "invalid_claim", key: "delivery", value: "Failed to send code" }
-*           }
-*         }
-*       })
-*     )
-*   }
-* })
-* ```
-*
-* ## Custom Configuration
-*
-* ```ts
-* const customCodeProvider = CodeProvider({
-*   length: 4, // 4-digit PIN instead of default 6
-*   request: async (req, state, form, error) => {
-*     return new Response(renderCodePage(state, form, error))
-*   },
-*   sendCode: async (claims, code) => {
-*     try {
-*       if (claims.email) {
-*         await emailService.send(claims.email, code)
-*       } else if (claims.phone) {
-*         await smsService.send(claims.phone, code)
-*       } else {
-*         return { type: "invalid_claim", key: "email", value: "Email or phone number is required" }
-*       }
-*     } catch {
-*       return { type: "invalid_claim", key: "delivery", value: "Failed to send code" }
-*     }
-*   }
-* })
-* ```
-*
-* ## Features
-*
-* - **Flexible claims**: Support any claim type (email, phone, username, etc.)
-* - **Configurable PIN length**: 4-6 digit codes typically
-* - **Resend functionality**: Built-in code resend capability
-* - **Custom UI**: Full control over the authentication interface
-* - **Error handling**: Comprehensive error states for different failure modes
-*
-* ## Flow States
-*
-* The provider manages a two-step authentication flow:
-*
-* 1. **Start**: User enters their claim (email, phone, etc.)
-* 2. **Code**: User enters the PIN code sent to their claim
-*
-* ## User Data
-*
-* ```ts
-* success: async (ctx, value) => {
-*   if (value.provider === "code") {
-*     // User's email: value.claims.email
-*     // User's phone (if provided): value.claims.phone
-*     // Any other claims collected during the flow
-*   }
-* }
-* ```
-*
-* @packageDocumentation
-*/
-/**
-* Creates a PIN code authentication provider.
-* Implements a flexible claim-based authentication flow with PIN verification.
-*
-* @template Claims - Type of claims to collect (email, phone, username, etc.)
-* @param config - PIN code provider configuration
-* @returns Provider instance implementing PIN code authentication
-*
-* @example
-* ```ts
-* // Email-based PIN authentication
-* const emailCodeProvider = CodeProvider<{ email: string }>({
-*   length: 6,
-*   request: async (req, state, form, error) => {
-*     if (state.type === 'start') {
-*       return new Response(renderEmailForm(form?.get('email'), error))
-*     } else {
-*       return new Response(renderPinForm(state.claims.email, error, state.resend))
-*     }
-*   },
-*   sendCode: async (claims, code) => {
-*     if (!claims.email || !isValidEmail(claims.email)) {
-*       return {
-*         type: "invalid_claim",
-*         key: "email",
-*         value: "Invalid email address"
-*       }
-*     }
-*
-*     try {
-*       await emailService.send(claims.email, `Your verification code: ${code}`)
-*     } catch {
-*       return {
-*         type: "invalid_claim",
-*         key: "delivery",
-*         value: "Failed to send code"
-*       }
-*     }
-*   }
-* })
-*
-* // Multi-channel PIN authentication (email or phone)
-* const flexibleCodeProvider = CodeProvider<{ email?: string; phone?: string }>({
-*   length: 4,
-*   request: async (req, state, form, error) => {
-*     if (state.type === 'start') {
-*       return new Response(renderContactForm(form, error))
-*     } else {
-*       const contact = state.claims.email || state.claims.phone
-*       return new Response(renderPinForm(contact, error))
-*     }
-*   },
-*   sendCode: async (claims, code) => {
-*     try {
-*       if (claims.email) {
-*         await emailService.send(claims.email, `PIN: ${code}`)
-*       } else if (claims.phone) {
-*         await smsService.send(claims.phone, `PIN: ${code}`)
-*       } else {
-*         return {
-*           type: "invalid_claim",
-*           key: "email",
-*           value: "Provide either email or phone number"
-*         }
-*       }
-*     } catch {
-*       return {
-*         type: "invalid_claim",
-*         key: "delivery",
-*         value: "Failed to send code"
-*       }
-*     }
-*   }
-* })
-*
-* // Usage in issuer
-* export default issuer({
-*   providers: {
-*     email: emailCodeProvider,
-*     flexible: flexibleCodeProvider
-*   },
-*   success: async (ctx, value) => {
-*     if (value.provider === "code") {
-*       const email = value.claims.email
-*       const phone = value.claims.phone
-*
-*       // Look up or create user based on verified claims
-*       const userId = await findOrCreateUser({ email, phone })
-*
-*       return ctx.subject("user", { userId, email, phone })
-*     }
-*   }
-* })
-* ```
-*/
-const CodeProvider = (config) => {
-	const codeLength = config.length || 6;
-	/**
-	* Generates a cryptographically secure PIN code.
-	*/
-	const generateCode = () => {
-		return generateUnbiasedDigits(codeLength);
-	};
-	return {
-		type: "code",
-		init(routes, ctx) {
-			/**
-			* Transitions between authentication states and renders the appropriate UI.
-			*/
-			const transition = async (c, nextState, formData, error) => {
-				await ctx.set(c, "provider", 3600 * 24, nextState);
-				const response = await config.request(c.request, nextState, formData, error);
-				return ctx.forward(c, response);
-			};
-			/**
-			* GET /authorize - Display initial claim collection form
-			*/
-			routes.get("/authorize", (c) => {
-				return transition(c, { type: "start" });
-			});
-			/**
-			* POST /authorize - Handle form submissions and state transitions
-			*/
-			routes.post("/authorize", async (c) => {
-				const formData = await c.formData();
-				const currentState = await ctx.get(c, "provider");
-				const action = formData.get("action")?.toString();
-				if (action === "request" || action === "resend") {
-					const code = generateCode();
-					const { action: _, ...claims } = Object.fromEntries(formData);
-					const sendError = await config.sendCode(claims, code);
-					if (sendError) return transition(c, { type: "start" }, formData, sendError);
-					return transition(c, {
-						type: "code",
-						resend: action === "resend",
-						claims,
-						code
-					}, formData);
-				} else if (action === "verify" && currentState?.type === "code") {
-					const enteredCode = formData.get("code")?.toString();
-					if (!(currentState.code && enteredCode && timingSafeCompare(currentState.code, enteredCode))) return transition(c, {
-						...currentState,
-						resend: false
-					}, formData, { type: "invalid_code" });
-					if (!await ctx.get(c, "authorization")) return transition(c, { type: "start" }, formData, {
-						type: "invalid_claim",
-						key: "session",
-						value: "Authentication session expired"
-					});
-					await ctx.unset(c, "provider");
-					return await ctx.success(c, { claims: currentState.claims });
-				}
-				return transition(c, { type: "start" });
-			});
-		}
-	};
-};
-
-//#endregion
-export { CodeProvider };

package/dist/provider/discord.d.mts

@@ -1,146 +0,0 @@
-import { Provider } from "./provider.mjs";
-import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
-
-//#region src/provider/discord.d.ts
-
-/**
- * Configuration options for Discord OAuth 2.0 provider.
- * Extends the base OAuth 2.0 configuration with Discord-specific documentation.
- */
-interface DiscordConfig extends Oauth2WrappedConfig {
-  /**
-   * Discord OAuth 2.0 client ID from Discord Developer Portal.
-   * Found in your Discord application settings.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "1234567890123456789"
-   * }
-   * ```
-   */
-  readonly clientID: string;
-  /**
-   * Discord OAuth 2.0 client secret from Discord Developer Portal.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.DISCORD_CLIENT_SECRET
-   * }
-   * ```
-   */
-  readonly clientSecret: string;
-  /**
-   * Discord OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "identify",    // Basic user information
-   *     "email",       // Email address
-   *     "guilds",      // User's Discord servers
-   *     "connections"  // Connected accounts (Steam, etc.)
-   *   ]
-   * }
-   * ```
-   */
-  readonly scopes: string[];
-  /**
-   * Additional query parameters for Discord OAuth authorization.
-   * Useful for Discord-specific options like permissions.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     permissions: "8",        // Administrator permission
-   *     guild_id: "123456789",   // Pre-select specific guild
-   *     disable_guild_select: "true" // Disable guild selection
-   *   }
-   * }
-   * ```
-   */
-  readonly query?: Record<string, string>;
-}
-/**
- * Creates a Discord OAuth 2.0 authentication provider.
- * Use this when you need access tokens to call Discord APIs on behalf of the user.
- *
- * @param config - Discord OAuth 2.0 configuration
- * @returns OAuth 2.0 provider configured for Discord
- *
- * @example
- * ```ts
- * // Basic Discord authentication
- * const basicDiscord = DiscordProvider({
- *   clientID: process.env.DISCORD_CLIENT_ID,
- *   clientSecret: process.env.DISCORD_CLIENT_SECRET
- * })
- *
- * // Discord with specific scopes
- * const discordWithScopes = DiscordProvider({
- *   clientID: process.env.DISCORD_CLIENT_ID,
- *   clientSecret: process.env.DISCORD_CLIENT_SECRET,
- *   scopes: [
- *     "identify",
- *     "email",
- *     "guilds",
- *     "connections"
- *   ]
- * })
- *
- * // Discord bot integration
- * const discordBot = DiscordProvider({
- *   clientID: process.env.DISCORD_CLIENT_ID,
- *   clientSecret: process.env.DISCORD_CLIENT_SECRET,
- *   scopes: ["bot", "guilds"],
- *   query: {
- *     permissions: "2048" // Send Messages permission
- *   }
- * })
- *
- * // Using the access token to fetch data
- * export default issuer({
- *   providers: { discord: discordWithScopes },
- *   success: async (ctx, value) => {
- *     if (value.provider === "discord") {
- *       const token = value.tokenset.access
- *
- *       // Get user profile
- *       const userRes = await fetch('https://discord.com/api/users/@me', {
- *         headers: { Authorization: `Bearer ${token}` }
- *       })
- *       const user = await userRes.json()
- *
- *       // Get user guilds (if guilds scope granted)
- *       const guildsRes = await fetch('https://discord.com/api/users/@me/guilds', {
- *         headers: { Authorization: `Bearer ${token}` }
- *       })
- *       const guilds = await guildsRes.json()
- *
- *       return ctx.subject("user", {
- *         discordId: user.id,
- *         username: user.username,
- *         discriminator: user.discriminator,
- *         email: user.email,
- *         avatar: user.avatar ? `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png` : null,
- *         guildCount: guilds.length
- *       })
- *     }
- *   }
- * })
- * ```
- *
- * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
- * - Development: `http://localhost:3000/auth/discord/callback`
- * - Production: `https://yourapp.com/auth/discord/callback`
- *
- * Register this URL in your Discord Developer Portal.
- */
-declare const DiscordProvider: (config: DiscordConfig) => Provider<Oauth2UserData>;
-//#endregion
-export { DiscordConfig, DiscordProvider };

package/dist/provider/discord.mjs

@@ -1,156 +0,0 @@
-import { Oauth2Provider } from "./oauth2.mjs";
-
-//#region src/provider/discord.ts
-/**
-* Discord OAuth 2.0 authentication provider for Draft Auth.
-* Provides access tokens for calling Discord APIs on behalf of users.
-*
-* ## Quick Setup
-*
-* ```ts
-* import { DiscordProvider } from "@draftlab/auth/provider/discord"
-*
-* export default issuer({
-*   basePath: "/auth", // Important for callback URL
-*   providers: {
-*     discord: DiscordProvider({
-*       clientID: process.env.DISCORD_CLIENT_ID,
-*       clientSecret: process.env.DISCORD_CLIENT_SECRET,
-*       scopes: ["identify", "email", "guilds"]
-*     })
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/discord/callback`
-* - Production: `https://yourapp.com/auth/discord/callback`
-*
-* Register this URL in your Discord Developer Portal.
-*
-* ## Common Scopes
-*
-* - `identify` - Access to user's basic account information
-* - `email` - Access to user's email address
-* - `guilds` - Access to user's guilds (servers)
-* - `guilds.join` - Ability to join user to guilds
-* - `gdm.join` - Ability to join user to group DMs
-* - `connections` - Access to user's connections (Steam, YouTube, etc.)
-* - `guilds.members.read` - Read guild member information
-* - `bot` - For bot applications (requires additional setup)
-*
-* ## User Data Access
-*
-* ```ts
-* success: async (ctx, value) => {
-*   if (value.provider === "discord") {
-*     const accessToken = value.tokenset.access
-*
-*     // Fetch user information
-*     const userResponse = await fetch('https://discord.com/api/users/@me', {
-*       headers: { Authorization: `Bearer ${accessToken}` }
-*     })
-*     const user = await userResponse.json()
-*
-*     // Fetch user guilds (requires guilds scope)
-*     const guildsResponse = await fetch('https://discord.com/api/users/@me/guilds', {
-*       headers: { Authorization: `Bearer ${accessToken}` }
-*     })
-*     const guilds = await guildsResponse.json()
-*
-*     // User info: user.username + user.discriminator
-*     // Avatar: `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png`
-*   }
-* }
-* ```
-*
-* @packageDocumentation
-*/
-/**
-* Creates a Discord OAuth 2.0 authentication provider.
-* Use this when you need access tokens to call Discord APIs on behalf of the user.
-*
-* @param config - Discord OAuth 2.0 configuration
-* @returns OAuth 2.0 provider configured for Discord
-*
-* @example
-* ```ts
-* // Basic Discord authentication
-* const basicDiscord = DiscordProvider({
-*   clientID: process.env.DISCORD_CLIENT_ID,
-*   clientSecret: process.env.DISCORD_CLIENT_SECRET
-* })
-*
-* // Discord with specific scopes
-* const discordWithScopes = DiscordProvider({
-*   clientID: process.env.DISCORD_CLIENT_ID,
-*   clientSecret: process.env.DISCORD_CLIENT_SECRET,
-*   scopes: [
-*     "identify",
-*     "email",
-*     "guilds",
-*     "connections"
-*   ]
-* })
-*
-* // Discord bot integration
-* const discordBot = DiscordProvider({
-*   clientID: process.env.DISCORD_CLIENT_ID,
-*   clientSecret: process.env.DISCORD_CLIENT_SECRET,
-*   scopes: ["bot", "guilds"],
-*   query: {
-*     permissions: "2048" // Send Messages permission
-*   }
-* })
-*
-* // Using the access token to fetch data
-* export default issuer({
-*   providers: { discord: discordWithScopes },
-*   success: async (ctx, value) => {
-*     if (value.provider === "discord") {
-*       const token = value.tokenset.access
-*
-*       // Get user profile
-*       const userRes = await fetch('https://discord.com/api/users/@me', {
-*         headers: { Authorization: `Bearer ${token}` }
-*       })
-*       const user = await userRes.json()
-*
-*       // Get user guilds (if guilds scope granted)
-*       const guildsRes = await fetch('https://discord.com/api/users/@me/guilds', {
-*         headers: { Authorization: `Bearer ${token}` }
-*       })
-*       const guilds = await guildsRes.json()
-*
-*       return ctx.subject("user", {
-*         discordId: user.id,
-*         username: user.username,
-*         discriminator: user.discriminator,
-*         email: user.email,
-*         avatar: user.avatar ? `https://cdn.discordapp.com/avatars/${user.id}/${user.avatar}.png` : null,
-*         guildCount: guilds.length
-*       })
-*     }
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/discord/callback`
-* - Production: `https://yourapp.com/auth/discord/callback`
-*
-* Register this URL in your Discord Developer Portal.
-*/
-const DiscordProvider = (config) => {
-	return Oauth2Provider({
-		...config,
-		type: "discord",
-		endpoint: {
-			authorization: "https://discord.com/oauth2/authorize",
-			token: "https://discord.com/api/oauth2/token"
-		}
-	});
-};
-
-//#endregion
-export { DiscordProvider };

package/dist/provider/facebook.d.mts

@@ -1,142 +0,0 @@
-import { Provider } from "./provider.mjs";
-import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
-
-//#region src/provider/facebook.d.ts
-
-/**
- * Configuration options for Facebook OAuth 2.0 provider.
- * Extends the base OAuth 2.0 configuration with Facebook-specific documentation.
- */
-interface FacebookConfig extends Oauth2WrappedConfig {
-  /**
-   * Facebook App ID from your Facebook App Dashboard.
-   * This is the public identifier for your Facebook application.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "1234567890123456"
-   * }
-   * ```
-   */
-  readonly clientID: string;
-  /**
-   * Facebook App Secret from your Facebook App Dashboard.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.FACEBOOK_APP_SECRET
-   * }
-   * ```
-   */
-  readonly clientSecret: string;
-  /**
-   * Facebook permissions to request during login.
-   * Determines what data your app can access from the user's Facebook account.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "email",           // User's email address
-   *     "public_profile",  // Basic profile info
-   *     "user_friends",    // User's friends list
-   *     "user_posts"       // User's timeline posts
-   *   ]
-   * }
-   * ```
-   */
-  readonly scopes: string[];
-  /**
-   * Additional query parameters for Facebook OAuth authorization.
-   * Useful for Facebook-specific options like response type or display mode.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     display: "popup",           // Show login in popup
-   *     auth_type: "rerequest",     // Force permission re-request
-   *     state: "custom-state"       // Custom state parameter
-   *   }
-   * }
-   * ```
-   */
-  readonly query?: Record<string, string>;
-}
-/**
- * Creates a Facebook OAuth 2.0 authentication provider.
- * Use this when you need access tokens to call Facebook Graph API on behalf of the user.
- *
- * @param config - Facebook OAuth 2.0 configuration
- * @returns OAuth 2.0 provider configured for Facebook
- *
- * @example
- * ```ts
- * // Basic Facebook authentication
- * const basicFacebook = FacebookProvider({
- *   clientID: process.env.FACEBOOK_APP_ID,
- *   clientSecret: process.env.FACEBOOK_APP_SECRET,
- *   scopes: ["email", "public_profile"]
- * })
- *
- * // Facebook with extended permissions
- * const extendedFacebook = FacebookProvider({
- *   clientID: process.env.FACEBOOK_APP_ID,
- *   clientSecret: process.env.FACEBOOK_APP_SECRET,
- *   scopes: [
- *     "email",
- *     "public_profile",
- *     "user_friends",
- *     "user_posts",
- *     "user_photos"
- *   ],
- *   query: {
- *     display: "popup",
- *     auth_type: "rerequest" // Force permission approval
- *   }
- * })
- *
- * // Using the access token for Graph API calls
- * export default issuer({
- *   providers: { facebook: extendedFacebook },
- *   success: async (ctx, value) => {
- *     if (value.provider === "facebook") {
- *       const token = value.tokenset.access
- *
- *       // Get user profile with custom fields
- *       const profileRes = await fetch(
- *         `https://graph.facebook.com/me?fields=id,name,email,picture.width(200),friends&access_token=${token}`
- *       )
- *       const profile = await profileRes.json()
- *
- *       // Get user's posts (if permission granted)
- *       const postsRes = await fetch(
- *         `https://graph.facebook.com/me/posts?access_token=${token}`
- *       )
- *       const posts = await postsRes.json()
- *
- *       return ctx.subject("user", {
- *         facebookId: profile.id,
- *         name: profile.name,
- *         email: profile.email,
- *         picture: profile.picture?.data?.url,
- *         friendsCount: profile.friends?.summary?.total_count || 0,
- *         postsCount: posts.data?.length || 0
- *       })
- *     }
- *   }
- * })
- * ```
- *
- * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
- * - Development: `http://localhost:3000/auth/facebook/callback`
- * - Production: `https://yourapp.com/auth/facebook/callback`
- *
- * Register this URL in your Facebook App Dashboard.
- */
-declare const FacebookProvider: (config: FacebookConfig) => Provider<Oauth2UserData>;
-//#endregion
-export { FacebookConfig, FacebookProvider };