@draftlab/auth 0.15.0 → 0.16.0

package/dist/provider/facebook.mjs

@@ -1,150 +0,0 @@
-import { Oauth2Provider } from "./oauth2.mjs";
-
-//#region src/provider/facebook.ts
-/**
-* Facebook OAuth 2.0 authentication provider for Draft Auth.
-* Provides access tokens for calling Facebook Graph API on behalf of users.
-*
-* ## Quick Setup
-*
-* ```ts
-* import { FacebookProvider } from "@draftlab/auth/provider/facebook"
-*
-* export default issuer({
-*   basePath: "/auth", // Important for callback URL
-*   providers: {
-*     facebook: FacebookProvider({
-*       clientID: process.env.FACEBOOK_APP_ID,
-*       clientSecret: process.env.FACEBOOK_APP_SECRET,
-*       scopes: ["email", "public_profile", "user_friends"]
-*     })
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/facebook/callback`
-* - Production: `https://yourapp.com/auth/facebook/callback`
-*
-* Register this URL in your Facebook App Dashboard.
-*
-* ## Configuration Options
-*
-* - Access tokens for Facebook Graph API calls
-* - Support for various Facebook permissions
-* - Access to user data, posts, friends, etc.
-*
-* ## Common Facebook Permissions
-*
-* - `public_profile` - Basic profile information (name, picture, etc.)
-* - `email` - User's email address
-* - `user_friends` - List of user's friends who also use your app
-* - `user_posts` - User's posts on their timeline
-* - `user_photos` - User's photos and albums
-* - `pages_read_engagement` - Read engagement data for Pages
-*
-* ## User Data Access
-*
-* ```ts
-* success: async (ctx, value) => {
-*   if (value.provider === "facebook") {
-*     const accessToken = value.tokenset.access
-*
-*     // Fetch user profile from Graph API
-*     const profileResponse = await fetch(
-*       `https://graph.facebook.com/me?fields=id,name,email,picture&access_token=${accessToken}`
-*     )
-*     const profile = await profileResponse.json()
-*
-*     // User info: `${profile.name} (${profile.email})`
-*     // Facebook ID: profile.id
-*   }
-* }
-* ```
-*
-* @packageDocumentation
-*/
-/**
-* Creates a Facebook OAuth 2.0 authentication provider.
-* Use this when you need access tokens to call Facebook Graph API on behalf of the user.
-*
-* @param config - Facebook OAuth 2.0 configuration
-* @returns OAuth 2.0 provider configured for Facebook
-*
-* @example
-* ```ts
-* // Basic Facebook authentication
-* const basicFacebook = FacebookProvider({
-*   clientID: process.env.FACEBOOK_APP_ID,
-*   clientSecret: process.env.FACEBOOK_APP_SECRET,
-*   scopes: ["email", "public_profile"]
-* })
-*
-* // Facebook with extended permissions
-* const extendedFacebook = FacebookProvider({
-*   clientID: process.env.FACEBOOK_APP_ID,
-*   clientSecret: process.env.FACEBOOK_APP_SECRET,
-*   scopes: [
-*     "email",
-*     "public_profile",
-*     "user_friends",
-*     "user_posts",
-*     "user_photos"
-*   ],
-*   query: {
-*     display: "popup",
-*     auth_type: "rerequest" // Force permission approval
-*   }
-* })
-*
-* // Using the access token for Graph API calls
-* export default issuer({
-*   providers: { facebook: extendedFacebook },
-*   success: async (ctx, value) => {
-*     if (value.provider === "facebook") {
-*       const token = value.tokenset.access
-*
-*       // Get user profile with custom fields
-*       const profileRes = await fetch(
-*         `https://graph.facebook.com/me?fields=id,name,email,picture.width(200),friends&access_token=${token}`
-*       )
-*       const profile = await profileRes.json()
-*
-*       // Get user's posts (if permission granted)
-*       const postsRes = await fetch(
-*         `https://graph.facebook.com/me/posts?access_token=${token}`
-*       )
-*       const posts = await postsRes.json()
-*
-*       return ctx.subject("user", {
-*         facebookId: profile.id,
-*         name: profile.name,
-*         email: profile.email,
-*         picture: profile.picture?.data?.url,
-*         friendsCount: profile.friends?.summary?.total_count || 0,
-*         postsCount: posts.data?.length || 0
-*       })
-*     }
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/facebook/callback`
-* - Production: `https://yourapp.com/auth/facebook/callback`
-*
-* Register this URL in your Facebook App Dashboard.
-*/
-const FacebookProvider = (config) => {
-	return Oauth2Provider({
-		...config,
-		type: "facebook",
-		endpoint: {
-			authorization: "https://www.facebook.com/v18.0/dialog/oauth",
-			token: "https://graph.facebook.com/v18.0/oauth/access_token"
-		}
-	});
-};
-
-//#endregion
-export { FacebookProvider };

package/dist/provider/github.d.mts

@@ -1,140 +0,0 @@
-import { Provider } from "./provider.mjs";
-import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
-
-//#region src/provider/github.d.ts
-
-/**
- * Configuration options for GitHub OAuth 2.0 provider.
- * Extends the base OAuth 2.0 configuration with GitHub-specific documentation.
- */
-interface GithubConfig extends Oauth2WrappedConfig {
-  /**
-   * GitHub OAuth App client ID or GitHub App client ID.
-   * Found in your GitHub App settings or OAuth App settings.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "Iv1.a629723000043722" // OAuth App
-   *   // or
-   *   clientID: "Iv23liAG5t7VwMkUsKTi" // GitHub App
-   * }
-   * ```
-   */
-  readonly clientID: string;
-  /**
-   * GitHub OAuth App client secret or GitHub App client secret.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.GITHUB_CLIENT_SECRET
-   * }
-   * ```
-   */
-  readonly clientSecret: string;
-  /**
-   * GitHub OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "user:email",    // Access user email addresses
-   *     "read:user",     // Read user profile info
-   *     "public_repo",   // Access public repositories
-   *     "read:org"       // Read organization membership
-   *   ]
-   * }
-   * ```
-   */
-  readonly scopes: string[];
-  /**
-   * Additional query parameters for GitHub OAuth authorization.
-   * Useful for GitHub-specific options like restricting to organizations.
-   *
-   * @example
-   * ```ts
-   * {
-   *   query: {
-   *     allow_signup: "false",      // Disable new account creation
-   *     login: "suggested-username" // Pre-fill username field
-   *   }
-   * }
-   * ```
-   */
-  readonly query?: Record<string, string>;
-}
-/**
- * Creates a GitHub OAuth 2.0 authentication provider.
- * Supports both GitHub OAuth Apps and GitHub Apps for user authentication.
- *
- * @param config - GitHub OAuth 2.0 configuration
- * @returns OAuth 2.0 provider configured for GitHub
- *
- * @example
- * ```ts
- * // Basic GitHub authentication
- * const basicGithub = GithubProvider({
- *   clientID: process.env.GITHUB_CLIENT_ID,
- *   clientSecret: process.env.GITHUB_CLIENT_SECRET
- * })
- *
- * // GitHub with specific scopes
- * const githubWithScopes = GithubProvider({
- *   clientID: process.env.GITHUB_CLIENT_ID,
- *   clientSecret: process.env.GITHUB_CLIENT_SECRET,
- *   scopes: [
- *     "user:email",
- *     "read:user",
- *     "public_repo",
- *     "read:org"
- *   ]
- * })
- *
- * // GitHub with custom authorization options
- * const restrictedGithub = GithubProvider({
- *   clientID: process.env.GITHUB_CLIENT_ID,
- *   clientSecret: process.env.GITHUB_CLIENT_SECRET,
- *   scopes: ["user:email", "read:user"],
- *   query: {
- *     allow_signup: "false" // Don't allow new GitHub account creation
- *   }
- * })
- *
- * // Using the access token to fetch data
- * export default issuer({
- *   providers: { github: githubWithScopes },
- *   success: async (ctx, value) => {
- *     if (value.provider === "github") {
- *       const token = value.tokenset.access
- *
- *       // Get user profile
- *       const userRes = await fetch('https://api.github.com/user', {
- *         headers: { Authorization: `Bearer ${token}` }
- *       })
- *       const user = await userRes.json()
- *
- *       // Get user repositories (if repo scope granted)
- *       const reposRes = await fetch('https://api.github.com/user/repos', {
- *         headers: { Authorization: `Bearer ${token}` }
- *       })
- *       const repos = await reposRes.json()
- *
- *       return ctx.subject("user", {
- *         githubId: user.id,
- *         username: user.login,
- *         email: user.email,
- *         name: user.name,
- *         repoCount: repos.length
- *       })
- *     }
- *   }
- * })
- * ```
- */
-declare const GithubProvider: (config: GithubConfig) => Provider<Oauth2UserData>;
-//#endregion
-export { GithubConfig, GithubProvider };

package/dist/provider/github.mjs

@@ -1,169 +0,0 @@
-import { Oauth2Provider } from "./oauth2.mjs";
-
-//#region src/provider/github.ts
-/**
-* GitHub authentication provider for Draft Auth.
-* Implements OAuth 2.0 flow for authenticating users with their GitHub accounts.
-*
-* ## Quick Setup
-*
-* ```ts
-* import { GithubProvider } from "@draftlab/auth/provider/github"
-*
-* export default issuer({
-*   basePath: "/auth", // Important for callback URL
-*   providers: {
-*     github: GithubProvider({
-*       clientID: process.env.GITHUB_CLIENT_ID,
-*       clientSecret: process.env.GITHUB_CLIENT_SECRET,
-*       scopes: ["user:email", "read:user"]
-*     })
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/github/callback`
-* - Production: `https://yourapp.com/auth/github/callback`
-*
-* Register this URL in your GitHub App/OAuth App settings.
-*
-* ## GitHub App vs OAuth App
-*
-* This provider works with both GitHub OAuth Apps and GitHub Apps:
-*
-* ### OAuth App (Recommended for user authentication)
-* ```ts
-* GithubProvider({
-*   clientID: "your-oauth-app-client-id",
-*   clientSecret: "your-oauth-app-client-secret",
-*   scopes: ["user:email", "read:user"]
-* })
-* ```
-*
-* ### GitHub App (For organization-level integrations)
-* ```ts
-* GithubProvider({
-*   clientID: "your-github-app-client-id",
-*   clientSecret: "your-github-app-client-secret",
-*   scopes: ["user:email", "read:user", "repo"]
-* })
-* ```
-*
-* ## Common Scopes
-*
-* - `user:email` - Access user's email addresses
-* - `read:user` - Read user profile information
-* - `repo` - Access public and private repositories
-* - `public_repo` - Access public repositories only
-* - `read:org` - Read organization membership
-* - `gist` - Create and update gists
-*
-* ## User Data Access
-*
-* ```ts
-* success: async (ctx, value) => {
-*   if (value.provider === "github") {
-*     const accessToken = value.tokenset.access
-*
-*     // Fetch user information
-*     const userResponse = await fetch('https://api.github.com/user', {
-*       headers: { Authorization: `Bearer ${accessToken}` }
-*     })
-*     const user = await userResponse.json()
-*
-*     // Fetch user emails (requires user:email scope)
-*     const emailsResponse = await fetch('https://api.github.com/user/emails', {
-*       headers: { Authorization: `Bearer ${accessToken}` }
-*     })
-*     const emails = await emailsResponse.json()
-*
-*     // User info: `${user.login} (${user.name})`
-*     // Primary email: emails.find(e => e.primary)?.email
-*   }
-* }
-* ```
-*
-* @packageDocumentation
-*/
-/**
-* Creates a GitHub OAuth 2.0 authentication provider.
-* Supports both GitHub OAuth Apps and GitHub Apps for user authentication.
-*
-* @param config - GitHub OAuth 2.0 configuration
-* @returns OAuth 2.0 provider configured for GitHub
-*
-* @example
-* ```ts
-* // Basic GitHub authentication
-* const basicGithub = GithubProvider({
-*   clientID: process.env.GITHUB_CLIENT_ID,
-*   clientSecret: process.env.GITHUB_CLIENT_SECRET
-* })
-*
-* // GitHub with specific scopes
-* const githubWithScopes = GithubProvider({
-*   clientID: process.env.GITHUB_CLIENT_ID,
-*   clientSecret: process.env.GITHUB_CLIENT_SECRET,
-*   scopes: [
-*     "user:email",
-*     "read:user",
-*     "public_repo",
-*     "read:org"
-*   ]
-* })
-*
-* // GitHub with custom authorization options
-* const restrictedGithub = GithubProvider({
-*   clientID: process.env.GITHUB_CLIENT_ID,
-*   clientSecret: process.env.GITHUB_CLIENT_SECRET,
-*   scopes: ["user:email", "read:user"],
-*   query: {
-*     allow_signup: "false" // Don't allow new GitHub account creation
-*   }
-* })
-*
-* // Using the access token to fetch data
-* export default issuer({
-*   providers: { github: githubWithScopes },
-*   success: async (ctx, value) => {
-*     if (value.provider === "github") {
-*       const token = value.tokenset.access
-*
-*       // Get user profile
-*       const userRes = await fetch('https://api.github.com/user', {
-*         headers: { Authorization: `Bearer ${token}` }
-*       })
-*       const user = await userRes.json()
-*
-*       // Get user repositories (if repo scope granted)
-*       const reposRes = await fetch('https://api.github.com/user/repos', {
-*         headers: { Authorization: `Bearer ${token}` }
-*       })
-*       const repos = await reposRes.json()
-*
-*       return ctx.subject("user", {
-*         githubId: user.id,
-*         username: user.login,
-*         email: user.email,
-*         name: user.name,
-*         repoCount: repos.length
-*       })
-*     }
-*   }
-* })
-* ```
-*/
-const GithubProvider = (config) => {
-	return Oauth2Provider({
-		...config,
-		type: "github",
-		endpoint: {
-			authorization: "https://github.com/login/oauth/authorize",
-			token: "https://github.com/login/oauth/access_token"
-		}
-	});
-};
-
-//#endregion
-export { GithubProvider };

package/dist/provider/gitlab.d.mts

@@ -1,106 +0,0 @@
-import { Provider } from "./provider.mjs";
-import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
-
-//#region src/provider/gitlab.d.ts
-
-/**
- * Configuration options for GitLab OAuth 2.0 provider.
- * Extends the base OAuth 2.0 configuration with GitLab-specific documentation.
- */
-interface GitlabConfig extends Oauth2WrappedConfig {
-  /**
-   * GitLab application client ID.
-   * Get this from your GitLab application settings.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "abcdef123456"
-   * }
-   * ```
-   */
-  readonly clientID: string;
-  /**
-   * GitLab application client secret.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.GITLAB_CLIENT_SECRET
-   * }
-   * ```
-   */
-  readonly clientSecret: string;
-  /**
-   * GitLab OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "read_user",        // Access user profile
-   *     "read_api",         // Read-access to API
-   *     "read_repository"   // Access repositories
-   *   ]
-   * }
-   * ```
-   */
-  readonly scopes: string[];
-}
-/**
- * Creates a GitLab OAuth 2.0 authentication provider.
- * Allows users to authenticate using their GitLab accounts (gitlab.com or self-hosted).
- *
- * @param config - GitLab OAuth 2.0 configuration
- * @returns OAuth 2.0 provider configured for GitLab
- *
- * @example
- * ```ts
- * // Basic GitLab.com authentication
- * const basicGitlab = GitlabProvider({
- *   clientID: process.env.GITLAB_CLIENT_ID,
- *   clientSecret: process.env.GITLAB_CLIENT_SECRET
- * })
- *
- * // GitLab with read access
- * const gitlabWithRead = GitlabProvider({
- *   clientID: process.env.GITLAB_CLIENT_ID,
- *   clientSecret: process.env.GITLAB_CLIENT_SECRET,
- *   scopes: ["read_user", "read_api"]
- * })
- *
- * // Using the access token to fetch user data
- * export default issuer({
- *   providers: { gitlab: gitlabWithRead },
- *   success: async (ctx, value) => {
- *     if (value.provider === "gitlab") {
- *       const token = value.tokenset.access
- *
- *       const userRes = await fetch('https://gitlab.com/api/v4/user', {
- *         headers: { Authorization: `Bearer ${token}` }
- *       })
- *       const user = await userRes.json()
- *
- *       return ctx.subject("user", {
- *         gitlabId: user.id,
- *         username: user.username,
- *         email: user.email,
- *         name: user.name,
- *         avatar: user.avatar_url
- *       })
- *     }
- *   }
- * })
- * ```
- *
- * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
- * - Development: `http://localhost:3000/auth/gitlab/callback`
- * - Production: `https://yourapp.com/auth/gitlab/callback`
- *
- * Register this URL in your GitLab Application settings.
- */
-declare const GitlabProvider: (config: GitlabConfig) => Provider<Oauth2UserData>;
-//#endregion
-export { GitlabConfig, GitlabProvider };

package/dist/provider/gitlab.mjs

@@ -1,147 +0,0 @@
-import { Oauth2Provider } from "./oauth2.mjs";
-
-//#region src/provider/gitlab.ts
-/**
-* GitLab authentication provider for Draft Auth.
-* Implements OAuth 2.0 flow for authenticating users with their GitLab accounts.
-*
-* ## Quick Setup
-*
-* ```ts
-* import { GitlabProvider } from "@draftlab/auth/provider/gitlab"
-*
-* export default issuer({
-*   basePath: "/auth", // Important for callback URL
-*   providers: {
-*     gitlab: GitlabProvider({
-*       clientID: process.env.GITLAB_CLIENT_ID,
-*       clientSecret: process.env.GITLAB_CLIENT_SECRET,
-*       scopes: ["read_user", "read_api"]
-*     })
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/gitlab/callback`
-* - Production: `https://yourapp.com/auth/gitlab/callback`
-*
-* Register this URL in your GitLab Application settings.
-*
-* ## Common Scopes
-*
-* - `read_user` - Access user profile
-* - `read_api` - Read-access to the API
-* - `read_repository` - Access to project repositories
-* - `write_repository` - Write access to repositories
-* - `api` - Full API access
-* - `read_user_email` - Access user email
-*
-* ## Self-Hosted GitLab
-*
-* For self-hosted GitLab instances, you can override the endpoint URLs:
-*
-* ```ts
-* const selfHostedGitlab = Oauth2Provider({
-*   clientID: process.env.GITLAB_CLIENT_ID,
-*   clientSecret: process.env.GITLAB_CLIENT_SECRET,
-*   scopes: ["read_user"],
-*   type: "gitlab",
-*   endpoint: {
-*     authorization: "https://your-gitlab.com/oauth/authorize",
-*     token: "https://your-gitlab.com/oauth/token"
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/gitlab/callback`
-* - Production: `https://yourapp.com/auth/gitlab/callback`
-*
-* Register this URL in your GitLab Application settings.
-*
-* ## User Data Access
-*
-* ```ts
-* success: async (ctx, value) => {
-*   if (value.provider === "gitlab") {
-*     const accessToken = value.tokenset.access
-*
-*     // Fetch user information
-*     const userResponse = await fetch('https://gitlab.com/api/v4/user', {
-*       headers: { Authorization: `Bearer ${accessToken}` }
-*     })
-*     const user = await userResponse.json()
-*
-*     // User info: id, username, email, name, avatar_url
-*   }
-* }
-* ```
-*
-* @packageDocumentation
-*/
-/**
-* Creates a GitLab OAuth 2.0 authentication provider.
-* Allows users to authenticate using their GitLab accounts (gitlab.com or self-hosted).
-*
-* @param config - GitLab OAuth 2.0 configuration
-* @returns OAuth 2.0 provider configured for GitLab
-*
-* @example
-* ```ts
-* // Basic GitLab.com authentication
-* const basicGitlab = GitlabProvider({
-*   clientID: process.env.GITLAB_CLIENT_ID,
-*   clientSecret: process.env.GITLAB_CLIENT_SECRET
-* })
-*
-* // GitLab with read access
-* const gitlabWithRead = GitlabProvider({
-*   clientID: process.env.GITLAB_CLIENT_ID,
-*   clientSecret: process.env.GITLAB_CLIENT_SECRET,
-*   scopes: ["read_user", "read_api"]
-* })
-*
-* // Using the access token to fetch user data
-* export default issuer({
-*   providers: { gitlab: gitlabWithRead },
-*   success: async (ctx, value) => {
-*     if (value.provider === "gitlab") {
-*       const token = value.tokenset.access
-*
-*       const userRes = await fetch('https://gitlab.com/api/v4/user', {
-*         headers: { Authorization: `Bearer ${token}` }
-*       })
-*       const user = await userRes.json()
-*
-*       return ctx.subject("user", {
-*         gitlabId: user.id,
-*         username: user.username,
-*         email: user.email,
-*         name: user.name,
-*         avatar: user.avatar_url
-*       })
-*     }
-*   }
-* })
-* ```
-*
-* **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
-* - Development: `http://localhost:3000/auth/gitlab/callback`
-* - Production: `https://yourapp.com/auth/gitlab/callback`
-*
-* Register this URL in your GitLab Application settings.
-*/
-const GitlabProvider = (config) => {
-	return Oauth2Provider({
-		...config,
-		type: "gitlab",
-		endpoint: {
-			authorization: "https://gitlab.com/oauth/authorize",
-			token: "https://gitlab.com/oauth/token"
-		}
-	});
-};
-
-//#endregion
-export { GitlabProvider };