@draftlab/auth 0.15.0 → 0.16.0

package/dist/esm/storage/turso.js

@@ -0,0 +1,93 @@
+// src/storage/turso.ts
+import { joinKey, splitKey } from "./storage";
+var TursoStorage = (client) => {
+  const TABLE_NAME = "__draftauth__kv_storage";
+  client.execute(`
+		CREATE TABLE IF NOT EXISTS ${TABLE_NAME} (
+			key TEXT PRIMARY KEY, 
+			value TEXT NOT NULL, 
+			expiry INTEGER
+		)
+	`).catch(() => console.log(`Failed to create storage table: ${TABLE_NAME}`));
+  client.execute(`
+		CREATE INDEX IF NOT EXISTS idx_${TABLE_NAME}_key_prefix 
+		ON ${TABLE_NAME} (key)
+	`).catch(() => console.log(`Failed to create index prefix for table: ${TABLE_NAME}`));
+  client.execute(`
+		CREATE INDEX IF NOT EXISTS idx_${TABLE_NAME}_expiry 
+		ON ${TABLE_NAME} (expiry) 
+		WHERE expiry IS NOT NULL
+	`).catch(() => console.log(`Failed to create index expiry-based for table: ${TABLE_NAME}`));
+  return {
+    async get(key) {
+      const joinedKey = joinKey(key);
+      const { rows } = await client.execute({
+        sql: `SELECT value, expiry FROM ${TABLE_NAME} WHERE key = ?`,
+        args: [joinedKey]
+      });
+      const row = rows[0];
+      if (!row) {
+        return;
+      }
+      if (row.expiry && row.expiry < Date.now()) {
+        await client.execute({
+          sql: `DELETE FROM ${TABLE_NAME} WHERE key = ?`,
+          args: [joinedKey]
+        });
+        return;
+      }
+      try {
+        return JSON.parse(row.value);
+      } catch {
+        return;
+      }
+    },
+    async set(key, value, expiry) {
+      const joinedKey = joinKey(key);
+      const expiryTimestamp = expiry?.getTime() ?? null;
+      try {
+        const serializedValue = JSON.stringify(value);
+        await client.execute({
+          sql: `INSERT OR REPLACE INTO ${TABLE_NAME} (key, value, expiry) VALUES (?, ?, ?)`,
+          args: [joinedKey, serializedValue, expiryTimestamp]
+        });
+      } catch {
+        throw new Error("Storage operation failed");
+      }
+    },
+    async remove(key) {
+      const joinedKey = joinKey(key);
+      await client.execute({
+        sql: `DELETE FROM ${TABLE_NAME} WHERE key = ?`,
+        args: [joinedKey]
+      });
+    },
+    async* scan(prefix) {
+      const joinedPrefix = joinKey(prefix);
+      const now = Date.now();
+      const { rows } = await client.execute({
+        sql: `
+					SELECT key, value, expiry 
+					FROM ${TABLE_NAME} 
+					WHERE key LIKE ? 
+					AND (expiry IS NULL OR expiry >= ?)
+					ORDER BY key
+				`,
+        args: [`${joinedPrefix}%`, now]
+      });
+      for (const row of rows) {
+        try {
+          const parsedValue = JSON.parse(row.value);
+          yield [splitKey(row.key), parsedValue];
+        } catch {}
+      }
+      client.execute({
+        sql: `DELETE FROM ${TABLE_NAME} WHERE expiry IS NOT NULL AND expiry < ?`,
+        args: [now]
+      }).catch(() => {});
+    }
+  };
+};
+export {
+  TursoStorage
+};

package/dist/esm/storage/unstorage.js

@@ -0,0 +1,78 @@
+// src/storage/unstorage.ts
+import { createStorage } from "unstorage";
+import { joinKey, splitKey } from "./storage";
+var UnStorage = ({ driver } = {}) => {
+  const store = createStorage({
+    driver
+  });
+  return {
+    async get(key) {
+      try {
+        const keyPath = joinKey(key);
+        const entry = await store.getItem(keyPath);
+        if (!entry) {
+          return;
+        }
+        if (entry.expiry && Date.now() >= entry.expiry) {
+          store.removeItem(keyPath).catch(() => {});
+          return;
+        }
+        return entry.value;
+      } catch (error) {
+        console.error("UnStorage get error:", error);
+        return;
+      }
+    },
+    async set(key, value, expiry) {
+      try {
+        const keyPath = joinKey(key);
+        const entry = {
+          value,
+          expiry: expiry ? expiry.getTime() : undefined
+        };
+        await store.setItem(keyPath, entry);
+      } catch (error) {
+        console.error("UnStorage set error:", error);
+        throw error;
+      }
+    },
+    async remove(key) {
+      try {
+        const keyPath = joinKey(key);
+        await store.removeItem(keyPath);
+      } catch (error) {
+        console.error("UnStorage remove error:", error);
+      }
+    },
+    async* scan(prefix) {
+      try {
+        const now = Date.now();
+        const prefixPath = joinKey(prefix);
+        let keys = await store.getKeys(prefixPath);
+        if (keys.length === 0) {
+          const allKeys = await store.getKeys();
+          if (allKeys.length > 0) {
+            keys = allKeys.filter((key) => key.startsWith(prefixPath));
+          }
+        }
+        for (const keyPath of keys) {
+          try {
+            const entry = await store.getItem(keyPath);
+            if (!entry || !entry.value)
+              continue;
+            if (entry.expiry && now >= entry.expiry) {
+              store.removeItem(keyPath).catch(() => {});
+              continue;
+            }
+            yield [splitKey(keyPath), entry.value];
+          } catch {}
+        }
+      } catch (error) {
+        console.error("UnStorage scan error:", error);
+      }
+    }
+  };
+};
+export {
+  UnStorage
+};

package/dist/esm/subject.js

@@ -0,0 +1,7 @@
+// src/subject.ts
+var createSubjects = (types) => {
+  return { ...types };
+};
+export {
+  createSubjects
+};

package/dist/esm/themes/theme.js

@@ -0,0 +1,115 @@
+// src/themes/theme.ts
+var THEME_DRAFTAUTH = {
+  title: "Draft Auth",
+  radius: "none",
+  background: {
+    dark: "black",
+    light: "white"
+  },
+  primary: {
+    dark: "white",
+    light: "black"
+  },
+  font: {
+    family: "IBM Plex Sans, sans-serif"
+  },
+  css: `
+    @import url('https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@100;200;300;400;500;600;700&display=swap');
+  `
+};
+var THEME_TERMINAL = {
+  title: "terminal",
+  radius: "none",
+  favicon: "https://www.terminal.shop/favicon.svg",
+  logo: {
+    dark: "https://www.terminal.shop/images/logo-white.svg",
+    light: "https://www.terminal.shop/images/logo-black.svg"
+  },
+  primary: "#ff5e00",
+  background: {
+    dark: "rgb(0, 0, 0)",
+    light: "rgb(255, 255, 255)"
+  },
+  font: {
+    family: "Geist Mono, monospace"
+  },
+  css: `
+    @import url('https://fonts.googleapis.com/css2?family=Geist+Mono:wght@100;200;300;400;500;600;700;800;900&display=swap');
+  `
+};
+var THEME_SST = {
+  title: "SST",
+  favicon: "https://sst.dev/favicon.svg",
+  logo: {
+    dark: "https://sst.dev/favicon.svg",
+    light: "https://sst.dev/favicon.svg"
+  },
+  background: {
+    dark: "#1a1a2d",
+    light: "rgb(255, 255, 255)"
+  },
+  primary: "#f3663f",
+  font: {
+    family: "Rubik, sans-serif"
+  },
+  css: `
+    @import url('https://fonts.googleapis.com/css2?family=Rubik:wght@100;200;300;400;500;600;700;800;900&display=swap');
+  `
+};
+var THEME_SUPABASE = {
+  title: "Supabase",
+  logo: {
+    dark: "https://supabase.com/dashboard/_next/image?url=%2Fdashboard%2Fimg%2Fsupabase-dark.svg&w=128&q=75",
+    light: "https://supabase.com/dashboard/_next/image?url=%2Fdashboard%2Fimg%2Fsupabase-light.svg&w=128&q=75"
+  },
+  background: {
+    dark: "#171717",
+    light: "#f8f8f8"
+  },
+  primary: {
+    dark: "#006239",
+    light: "#72e3ad"
+  },
+  font: {
+    family: "Varela Round, sans-serif"
+  },
+  css: `
+    @import url('https://fonts.googleapis.com/css2?family=Varela+Round:wght@100;200;300;400;500;600;700;800;900&display=swap');
+  `
+};
+var THEME_VERCEL = {
+  title: "Vercel",
+  logo: {
+    dark: "https://vercel.com/mktng/_next/static/media/vercel-logotype-dark.e8c0a742.svg",
+    light: "https://vercel.com/mktng/_next/static/media/vercel-logotype-light.700a8d26.svg"
+  },
+  background: {
+    dark: "black",
+    light: "white"
+  },
+  primary: {
+    dark: "white",
+    light: "black"
+  },
+  font: {
+    family: "Geist, sans-serif"
+  },
+  css: `
+    @import url('https://fonts.googleapis.com/css2?family=Geist:wght@100;200;300;400;500;600;700;800;900&display=swap');
+  `
+};
+var setTheme = (value) => {
+  globalThis.DRAFTAUTH_THEME = value;
+};
+var getTheme = () => {
+  return globalThis.DRAFTAUTH_THEME || THEME_DRAFTAUTH;
+};
+export {
+  setTheme,
+  getTheme,
+  THEME_VERCEL,
+  THEME_TERMINAL,
+  THEME_SUPABASE,
+  THEME_SST,
+  THEME_DRAFTAUTH
+};

package/dist/esm/toolkit/client.js

@@ -0,0 +1,119 @@
+// src/toolkit/client.ts
+import { generatePKCE } from "../pkce";
+import { createSessionStorage } from "./storage";
+import { generateSecureRandom } from "./utils";
+var createOAuthClient = (config) => {
+  const storage = config.storage || (typeof sessionStorage !== "undefined" ? createSessionStorage() : null);
+  if (!storage) {
+    throw new Error("No storage adapter provided. Please provide a storage adapter for server-side environments.");
+  }
+  return {
+    async authorize(provider, options) {
+      const providerConfig = config.providers[provider];
+      if (!providerConfig) {
+        throw new Error(`Provider '${String(provider)}' not configured`);
+      }
+      const pkce = await generatePKCE();
+      const state = generateSecureRandom(16);
+      await storage.set({
+        state,
+        verifier: pkce.verifier,
+        provider: String(provider),
+        nonce: options?.nonce
+      });
+      const scopes = options?.scopes || providerConfig.scopes || providerConfig.strategy.scopes;
+      const params = new URLSearchParams({
+        client_id: providerConfig.clientId,
+        redirect_uri: providerConfig.redirectUri,
+        response_type: "code",
+        scope: Array.isArray(scopes) ? scopes.join(" ") : scopes,
+        state,
+        code_challenge: pkce.challenge,
+        code_challenge_method: pkce.method,
+        ...options?.params
+      });
+      const url = `${providerConfig.strategy.authorizationEndpoint}?${params.toString()}`;
+      return { url, state };
+    },
+    async handleCallback(callbackUrl) {
+      const url = new URL(callbackUrl);
+      const code = url.searchParams.get("code");
+      const state = url.searchParams.get("state");
+      const error = url.searchParams.get("error");
+      const errorDescription = url.searchParams.get("error_description");
+      if (error) {
+        throw new Error(`OAuth error: ${error}${errorDescription ? ` - ${errorDescription}` : ""}`);
+      }
+      if (!code || !state) {
+        throw new Error("Invalid callback URL: missing code or state parameter");
+      }
+      const storedState = await storage.get();
+      await storage.clear();
+      if (!storedState) {
+        throw new Error("No stored PKCE state found. OAuth flow may have expired or been tampered with.");
+      }
+      if (state !== storedState.state) {
+        throw new Error("State mismatch. Possible CSRF attack detected.");
+      }
+      const providerConfig = config.providers[storedState.provider];
+      if (!providerConfig) {
+        throw new Error(`Provider '${storedState.provider}' from callback not configured`);
+      }
+      const tokenParams = new URLSearchParams({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: providerConfig.redirectUri,
+        client_id: providerConfig.clientId,
+        client_secret: providerConfig.clientSecret,
+        code_verifier: storedState.verifier
+      });
+      const tokenResponse = await fetch(providerConfig.strategy.tokenEndpoint, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          Accept: "application/json"
+        },
+        body: tokenParams
+      });
+      if (!tokenResponse.ok) {
+        const errorText = await tokenResponse.text();
+        throw new Error(`Token exchange failed (${tokenResponse.status}): ${errorText}`);
+      }
+      const tokenData = await tokenResponse.json();
+      if (!tokenData.access_token) {
+        throw new Error("No access token in provider response");
+      }
+      return {
+        provider: storedState.provider,
+        accessToken: tokenData.access_token,
+        refreshToken: tokenData.refresh_token,
+        expiresIn: tokenData.expires_in,
+        tokenType: tokenData.token_type,
+        idToken: tokenData.id_token
+      };
+    },
+    async getUserInfo(provider, accessToken) {
+      const providerConfig = config.providers[provider];
+      if (!providerConfig) {
+        throw new Error(`Provider '${String(provider)}' not configured`);
+      }
+      if (!providerConfig.strategy.userInfoEndpoint) {
+        throw new Error(`Provider '${String(provider)}' does not support user info endpoint`);
+      }
+      const response = await fetch(providerConfig.strategy.userInfoEndpoint, {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          Accept: "application/json"
+        }
+      });
+      if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`Failed to fetch user info (${response.status}): ${errorText}`);
+      }
+      return response.json();
+    }
+  };
+};
+export {
+  createOAuthClient
+};

package/dist/esm/toolkit/index.js

@@ -0,0 +1,25 @@
+// src/toolkit/index.ts
+import { generatePKCE } from "../pkce";
+import { createOAuthClient } from "./client";
+import { FacebookStrategy } from "./providers/facebook";
+import { GitHubStrategy } from "./providers/github";
+import { GoogleStrategy } from "./providers/google";
+import {
+  createCookieStorage,
+  createLocalStorage,
+  createMemoryStorage,
+  createSessionStorage
+} from "./storage";
+import { generateSecureRandom } from "./utils";
+export {
+  generateSecureRandom,
+  generatePKCE,
+  createSessionStorage,
+  createOAuthClient,
+  createMemoryStorage,
+  createLocalStorage,
+  createCookieStorage,
+  GoogleStrategy,
+  GitHubStrategy,
+  FacebookStrategy
+};

package/dist/esm/toolkit/providers/facebook.js

@@ -0,0 +1,11 @@
+// src/toolkit/providers/facebook.ts
+var FacebookStrategy = {
+  name: "facebook",
+  authorizationEndpoint: "https://www.facebook.com/v23.0/dialog/oauth",
+  tokenEndpoint: "https://graph.facebook.com/v23.0/oauth/access_token",
+  userInfoEndpoint: "https://graph.facebook.com/me?fields=id,name,email",
+  scopes: ["public_profile", "email"]
+};
+export {
+  FacebookStrategy
+};

package/dist/esm/toolkit/providers/github.js

@@ -0,0 +1,11 @@
+// src/toolkit/providers/github.ts
+var GitHubStrategy = {
+  name: "github",
+  authorizationEndpoint: "https://github.com/login/oauth/authorize",
+  tokenEndpoint: "https://github.com/login/oauth/access_token",
+  userInfoEndpoint: "https://api.github.com/user",
+  scopes: ["read:user", "user:email"]
+};
+export {
+  GitHubStrategy
+};

package/dist/esm/toolkit/providers/google.js

@@ -0,0 +1,11 @@
+// src/toolkit/providers/google.ts
+var GoogleStrategy = {
+  name: "google",
+  authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth",
+  tokenEndpoint: "https://oauth2.googleapis.com/token",
+  userInfoEndpoint: "https://www.googleapis.com/oauth2/v3/userinfo",
+  scopes: ["openid", "email", "profile"]
+};
+export {
+  GoogleStrategy
+};

package/dist/esm/toolkit/storage.js

@@ -0,0 +1,81 @@
+// src/toolkit/storage.ts
+var STORAGE_KEY = "draftauth.pkce";
+var createSessionStorage = () => ({
+  set: (data) => {
+    if (typeof sessionStorage === "undefined") {
+      throw new Error("sessionStorage is not available in this environment");
+    }
+    sessionStorage.setItem(STORAGE_KEY, JSON.stringify(data));
+  },
+  get: () => {
+    if (typeof sessionStorage === "undefined") {
+      return null;
+    }
+    const data = sessionStorage.getItem(STORAGE_KEY);
+    return data ? JSON.parse(data) : null;
+  },
+  clear: () => {
+    if (typeof sessionStorage === "undefined") {
+      return;
+    }
+    sessionStorage.removeItem(STORAGE_KEY);
+  }
+});
+var createLocalStorage = () => ({
+  set: (data) => {
+    if (typeof localStorage === "undefined") {
+      throw new Error("localStorage is not available in this environment");
+    }
+    localStorage.setItem(STORAGE_KEY, JSON.stringify(data));
+  },
+  get: () => {
+    if (typeof localStorage === "undefined") {
+      return null;
+    }
+    const data = localStorage.getItem(STORAGE_KEY);
+    return data ? JSON.parse(data) : null;
+  },
+  clear: () => {
+    if (typeof localStorage === "undefined") {
+      return;
+    }
+    localStorage.removeItem(STORAGE_KEY);
+  }
+});
+var createMemoryStorage = () => {
+  let state = null;
+  return {
+    set: (data) => {
+      state = data;
+    },
+    get: () => {
+      return state;
+    },
+    clear: () => {
+      state = null;
+    }
+  };
+};
+var createCookieStorage = (options) => ({
+  set: async (data) => {
+    await options.setCookie(STORAGE_KEY, JSON.stringify(data), {
+      maxAge: 60 * 10,
+      httpOnly: true,
+      secure: false,
+      sameSite: "lax"
+    });
+  },
+  get: async () => {
+    const value = await options.getCookie(STORAGE_KEY);
+    return value ? JSON.parse(value) : null;
+  },
+  clear: async () => {
+    await options.deleteCookie(STORAGE_KEY);
+  }
+});
+export {
+  createSessionStorage,
+  createMemoryStorage,
+  createLocalStorage,
+  createCookieStorage
+};

package/dist/esm/toolkit/utils.js

@@ -0,0 +1,18 @@
+// src/toolkit/utils.ts
+var generateSecureRandom = (length = 32) => {
+  if (length <= 0 || !Number.isInteger(length)) {
+    throw new RangeError("Length must be a positive integer");
+  }
+  const randomBytes = new Uint8Array(length);
+  crypto.getRandomValues(randomBytes);
+  let base64 = "";
+  if (typeof btoa !== "undefined") {
+    base64 = btoa(String.fromCharCode(...randomBytes));
+  } else {
+    base64 = Buffer.from(randomBytes).toString("base64");
+  }
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+};
+export {
+  generateSecureRandom
+};