@electr0zed/auth-gateway-cf 0.1.0

package/README.md

@@ -0,0 +1,59 @@
+# Auth Gateway (Cloudflare Workers)
+
+Simple authentication gateway for Cloudflare Workers.
+Handles OAuth and password login, manages sessions, and forwards requests to internal services.
+
+---
+
+## Features
+
+* OAuth login (e.g. Google)
+* Email + password login
+* Session handling (Durable Object or JWT)
+* Route-based auth protection
+* CSRF + optional Turnstile support
+* Password hashing with pepper rotation
+* Optional username support
+
+---
+
+## Basic Usage
+
+```ts
+import createGateway from '@electr0zed/auth-gateway-cf';
+import config from './config';
+
+export default createGateway(config);
+```
+
+---
+
+## Auth Routes
+
+### OAuth
+
+* `/auth/login`
+* `/auth/callback`
+* `/auth/logout`
+
+### Password
+
+* `GET  /auth/csrf`
+* `POST /auth/password/register`
+* `POST /auth/password/login`
+* `POST /auth/password/change`
+
+---
+
+## Config Example
+
+Can be found at src/config.example.ts
+
+---
+
+## Notes
+
+* `/auth/*` is used internally by the gateway
+* UI (e.g. `/sign-in`) should be handled separately
+* Public env vars (e.g. Turnstile site key) are set at build time
+* Worker secrets are configured via Wrangler

package/dist/auth/index.d.ts

@@ -0,0 +1,84 @@
+import type { ProjectConfig, UserStore, SessionStrategy } from '../types';
+export declare class AuthRouter {
+    private cfg;
+    private env;
+    private store;
+    private strat;
+    constructor(cfg: ProjectConfig, env: Env, store: UserStore, strat: SessionStrategy);
+    /**
+     * Handles incoming authentication requests.
+     *
+     * @async
+     * @param {Request} request
+     * @returns {Promise<Response>}
+     */
+    handle(request: Request): Promise<Response>;
+    /**
+     * Handles login or linking of new oauth providers.
+     *
+     * @private
+     * @async
+     * @param {Request} request
+     * @param {URL} url
+     * @returns {Promise<Response>}
+     */
+    private loginOrLink;
+    /**
+     * Handles the OAuth callback.
+     *
+     * @private
+     * @async
+     * @param {Request} request
+     * @param {URL} url
+     * @returns {Promise<Response>}
+     */
+    private callback;
+    /**
+     * Handles user logout.
+     *
+     * @private
+     * @returns {Response}
+     */
+    private logout;
+    /**
+     * Selects the OAuth provider implementation and configuration.
+     *
+     * @private
+     * @param {?string} [explicit]
+     * @returns {{ impl: any; cfg: any; }}
+     */
+    private pickProvider;
+    /**
+     * Handles error redirection during auth flow.
+     *
+     * @private
+     * @param {string} code
+     * @param {?string} [returnTo]
+     * @returns {*}
+     */
+    private redirectError;
+    private csrf;
+    private passwordRegister;
+    private passwordLogin;
+    private passwordChange;
+    checkUserStates(userId: string): Promise<{
+        success: true;
+    } | {
+        success: false;
+        reason: 'account_disabled' | 'account_unapproved' | 'email_unverified';
+    }>;
+    private applyIssuedCookies;
+    private oauthEnabled;
+    private passwordEnabled;
+    authFeatureEnabled(): boolean;
+    private pepperEnvName;
+    private passwordPolicy;
+    private turnstileEnabled;
+    private turnstileSecret;
+    private turnstileTokenField;
+    private requireTurnstile;
+    private canAutoLoginAfterSignup;
+    getGlobalUnauthenticatedRedirectUrl(): string;
+    createUnauthenticatedRedirect(base: string, returnTo?: string, redirectTo?: string): Response;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,eAAe,EAA2B,MAAM,UAAU,CAAC;AAmBnG,qBAAa,UAAU;IAErB,OAAO,CAAC,GAAG;IACX,OAAO,CAAC,GAAG;IACX,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,KAAK;gBAHL,GAAG,EAAE,aAAa,EAClB,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,SAAS,EAChB,KAAK,EAAE,eAAe;IAG/B;;;;;;OAMG;IACG,MAAM,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAsDjD;;;;;;;;OAQG;YACW,WAAW;IA+BzB;;;;;;;;OAQG;YACW,QAAQ;IAuJtB;;;;;OAKG;YACW,MAAM;IAUpB;;;;;;OAMG;IACH,OAAO,CAAC,YAAY;IAcpB;;;;;;;OAOG;IACH,OAAO,CAAC,aAAa;IAkBrB,OAAO,CAAC,IAAI;YAOE,gBAAgB;YA0GhB,aAAa;YA+Db,cAAc;IA4CtB,eAAe,CACpB,MAAM,EAAE,MAAM,GACZ,OAAO,CAAC;QAAE,OAAO,EAAE,IAAI,CAAA;KAAE,GAAG;QAAE,OAAO,EAAE,KAAK,CAAC;QAAC,MAAM,EAAE,kBAAkB,GAAG,oBAAoB,GAAG,kBAAkB,CAAA;KAAE,CAAC;YAyB5G,kBAAkB;IAQhC,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,eAAe;IAIvB,kBAAkB,IAAI,OAAO;IAI7B,OAAO,CAAC,aAAa;IAKrB,OAAO,CAAC,cAAc;IAKtB,OAAO,CAAC,gBAAgB;IAKxB,OAAO,CAAC,eAAe;IASvB,OAAO,CAAC,mBAAmB;YAMb,gBAAgB;IAmB9B,OAAO,CAAC,uBAAuB;IAY/B,mCAAmC,IAAI,MAAM;IAI7C,6BAA6B,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ;CAK7F"}