npm - @hono/auth-js - Versions diffs - 1.0.0 - Mend

@hono/auth-js 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,143 @@
+# Auth.js middleware for Hono
+This is a [Auth.js](https://authjs.dev) third-party middleware for [Hono](https://github.com/honojs/hono).
+This middleware can be used to inject the Auth.js session into the request context.
+## Installation
+```plain
+npm i hono @hono/auth-js @auth/core
+```
+## Configuration
+Before starting using the middleware you must set the following environment variables:
+```plain
+AUTH_SECRET=#required
+AUTH_URL=#optional
+```
+## How to Use
+```ts
+import { Hono,Context } from 'hono'
+import { authHandler, initAuthConfig, verifyAuth, AuthConfig } from "@hono/auth-js"
+const app = new Hono()
+app.use("*", initAuthConfig(getAuthConfig))
+app.use("/api/auth/*", authHandler())
+app.use('/api/*', verifyAuth())
+app.get('/api/protected', (c) => {
+  const auth = c.get("authUser")
+  return c.json(auth)
+})
+function getAuthConfig(c: Context): AuthConfig {
+  return {
+    secret: c.env.AUTH_SECRET,
+    providers: [
+      GitHub({
+        clientId: c.env.GITHUB_ID,
+        clientSecret: c.env.GITHUB_SECRET
+      }),
+    ]
+  }
+}
+export default app
+```
+React component
+```tsx
+import { SessionProvider } from "@hono/auth-js/react"
+export default  function App() {
+  return (
+    <SessionProvider>
+       <Children />
+    </SessionProvider>
+  )
+}
+function Children() {
+  const { data: session, status } = useSession()
+  return (
+    <div >
+     I am {session?.user}
+    </div>
+  )
+}
+```
+Default `/api/auth` path can be changed to something else but that will also require you to change path in react app.
+```tsx
+import {SessionProvider,authConfigManager,useSession } from "@hono/auth-js/react"
+authConfigManager.setConfig({
+  baseUrl: '', //needed  for cross domain setup.
+  basePath: '/custom', // if auth route is diff from /api/auth
+  credentials:'same-origin' //needed  for cross domain setup
+});
+export default  function App() {
+  return (
+    <SessionProvider>
+      <Children />
+    </SessionProvider>
+  )
+}
+function Children() {
+  const { data: session, status } = useSession()
+  return (
+    <div >
+     I am {session?.user}
+    </div>
+  )
+}
+```
+For cross domain setup as mentioned above you need to set these cors headers in hono along with change in same site cookie attribute.[Read More Here](https://next-auth.js.org/configuration/options#cookies)
+``` ts
+app.use(
+  "*",
+  cors({
+    origin: (origin) => origin,
+    allowHeaders: ["Content-Type"],
+    credentials: true,
+  })
+)
+```
+SessionProvider is not needed with react query.This wrapper is enough
+```ts
+const useSession = ()=>{
+  const { data ,status } = useQuery({
+  queryKey: ["session"],
+  queryFn: async () => {
+    const res = await fetch("/api/auth/session")
+    return res.json();
+  },
+  staleTime: 5 * (60 * 1000),
+  gcTime: 10 * (60 * 1000),
+  refetchOnWindowFocus: true,
+})
+ return { session:data, status }
+}
+```
+> [!WARNING]
+> You can't use event updates which SessionProvider provides and session will not be in  sync across tabs if you use react query wrapper but in  RQ5 you can enable this using Broadcast channel (see RQ docs).
+Working example repo https://github.com/divyam234/next-auth-hono-react
+## Author
+Divyam <https://github.com/divyam234>

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,31 @@
+import { AuthConfig as AuthConfig$1 } from '@auth/core';
+import { AdapterUser } from '@auth/core/adapters';
+import { JWT } from '@auth/core/jwt';
+import { Session } from '@auth/core/types';
+import { Context, MiddlewareHandler } from 'hono';
+declare module 'hono' {
+    interface ContextVariableMap {
+        authUser: AuthUser;
+        authConfig: AuthConfig;
+    }
+}
+type AuthEnv = {
+    AUTH_SECRET: string;
+    AUTH_REDIRECT_PROXY_URL?: string;
+    [key: string]: string | undefined;
+};
+type AuthUser = {
+    session: Session;
+    token?: JWT;
+    user?: AdapterUser;
+};
+interface AuthConfig extends Omit<AuthConfig$1, 'raw'> {
+}
+type ConfigHandler = (c: Context) => AuthConfig;
+declare function getAuthUser(c: Context): Promise<AuthUser | null>;
+declare function verifyAuth(): MiddlewareHandler;
+declare function initAuthConfig(cb: ConfigHandler): MiddlewareHandler;
+declare function authHandler(): MiddlewareHandler;
+export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, verifyAuth };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { AuthConfig as AuthConfig$1 } from '@auth/core';
+import { AdapterUser } from '@auth/core/adapters';
+import { JWT } from '@auth/core/jwt';
+import { Session } from '@auth/core/types';
+import { Context, MiddlewareHandler } from 'hono';
+declare module 'hono' {
+    interface ContextVariableMap {
+        authUser: AuthUser;
+        authConfig: AuthConfig;
+    }
+}
+type AuthEnv = {
+    AUTH_SECRET: string;
+    AUTH_REDIRECT_PROXY_URL?: string;
+    [key: string]: string | undefined;
+};
+type AuthUser = {
+    session: Session;
+    token?: JWT;
+    user?: AdapterUser;
+};
+interface AuthConfig extends Omit<AuthConfig$1, 'raw'> {
+}
+type ConfigHandler = (c: Context) => AuthConfig;
+declare function getAuthUser(c: Context): Promise<AuthUser | null>;
+declare function verifyAuth(): MiddlewareHandler;
+declare function initAuthConfig(cb: ConfigHandler): MiddlewareHandler;
+declare function authHandler(): MiddlewareHandler;
+export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, verifyAuth };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,112 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  authHandler: () => authHandler,
+  getAuthUser: () => getAuthUser,
+  initAuthConfig: () => initAuthConfig,
+  verifyAuth: () => verifyAuth
+});
+module.exports = __toCommonJS(src_exports);
+var import_core = require("@auth/core");
+var import_http_exception = require("hono/http-exception");
+function reqWithEnvUrl(req, authUrl) {
+  return authUrl ? new Request(new URL(req.url, authUrl).href, req) : req;
+}
+function setEnvDefaults(env, config) {
+  config.secret ??= env.AUTH_SECRET;
+  config.trustHost = true;
+  config.redirectProxyUrl ??= env.AUTH_REDIRECT_PROXY_URL;
+  config.providers = config.providers.map((p) => {
+    const finalProvider = typeof p === "function" ? p({}) : p;
+    if (finalProvider.type === "oauth" || finalProvider.type === "oidc") {
+      const ID = finalProvider.id.toUpperCase();
+      finalProvider.clientId ??= env[`AUTH_${ID}_ID`];
+      finalProvider.clientSecret ??= env[`AUTH_${ID}_SECRET`];
+      if (finalProvider.type === "oidc") {
+        finalProvider.issuer ??= env[`AUTH_${ID}_ISSUER`];
+      }
+    }
+    return finalProvider;
+  });
+}
+async function getAuthUser(c) {
+  const config = c.get("authConfig");
+  const origin = new URL(c.req.url, c.env.AUTH_URL).origin;
+  const request = new Request(`${origin}/session`, {
+    headers: { cookie: c.req.header("cookie") ?? "" }
+  });
+  setEnvDefaults(c.env, config);
+  let authUser = {};
+  const response = await (0, import_core.Auth)(request, {
+    ...config,
+    callbacks: {
+      ...config.callbacks,
+      async session(...args) {
+        authUser = args[0];
+        const session2 = await config.callbacks?.session?.(...args) ?? args[0].session;
+        const user = args[0].user ?? args[0].token;
+        return { user, ...session2 };
+      }
+    }
+  });
+  const session = await response.json();
+  return session && session.user ? authUser : null;
+}
+function verifyAuth() {
+  return async (c, next) => {
+    const authUser = await getAuthUser(c);
+    const isAuth = !!authUser?.token || !!authUser?.user;
+    if (!isAuth) {
+      const res = new Response("Unauthorized", {
+        status: 401
+      });
+      throw new import_http_exception.HTTPException(401, { res });
+    } else
+      c.set("authUser", authUser);
+    await next();
+  };
+}
+function initAuthConfig(cb) {
+  return async (c, next) => {
+    const config = cb(c);
+    c.set("authConfig", config);
+    await next();
+  };
+}
+function authHandler() {
+  return async (c) => {
+    const config = c.get("authConfig");
+    setEnvDefaults(c.env, config);
+    if (!config.secret) {
+      throw new import_http_exception.HTTPException(500, { message: "Missing AUTH_SECRET" });
+    }
+    const res = await (0, import_core.Auth)(reqWithEnvUrl(c.req.raw, c.env.AUTH_URL), config);
+    return new Response(res.body, res);
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  authHandler,
+  getAuthUser,
+  initAuthConfig,
+  verifyAuth
+});

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,84 @@
+// src/index.ts
+import { Auth } from "@auth/core";
+import { HTTPException } from "hono/http-exception";
+function reqWithEnvUrl(req, authUrl) {
+  return authUrl ? new Request(new URL(req.url, authUrl).href, req) : req;
+}
+function setEnvDefaults(env, config) {
+  config.secret ??= env.AUTH_SECRET;
+  config.trustHost = true;
+  config.redirectProxyUrl ??= env.AUTH_REDIRECT_PROXY_URL;
+  config.providers = config.providers.map((p) => {
+    const finalProvider = typeof p === "function" ? p({}) : p;
+    if (finalProvider.type === "oauth" || finalProvider.type === "oidc") {
+      const ID = finalProvider.id.toUpperCase();
+      finalProvider.clientId ??= env[`AUTH_${ID}_ID`];
+      finalProvider.clientSecret ??= env[`AUTH_${ID}_SECRET`];
+      if (finalProvider.type === "oidc") {
+        finalProvider.issuer ??= env[`AUTH_${ID}_ISSUER`];
+      }
+    }
+    return finalProvider;
+  });
+}
+async function getAuthUser(c) {
+  const config = c.get("authConfig");
+  const origin = new URL(c.req.url, c.env.AUTH_URL).origin;
+  const request = new Request(`${origin}/session`, {
+    headers: { cookie: c.req.header("cookie") ?? "" }
+  });
+  setEnvDefaults(c.env, config);
+  let authUser = {};
+  const response = await Auth(request, {
+    ...config,
+    callbacks: {
+      ...config.callbacks,
+      async session(...args) {
+        authUser = args[0];
+        const session2 = await config.callbacks?.session?.(...args) ?? args[0].session;
+        const user = args[0].user ?? args[0].token;
+        return { user, ...session2 };
+      }
+    }
+  });
+  const session = await response.json();
+  return session && session.user ? authUser : null;
+}
+function verifyAuth() {
+  return async (c, next) => {
+    const authUser = await getAuthUser(c);
+    const isAuth = !!authUser?.token || !!authUser?.user;
+    if (!isAuth) {
+      const res = new Response("Unauthorized", {
+        status: 401
+      });
+      throw new HTTPException(401, { res });
+    } else
+      c.set("authUser", authUser);
+    await next();
+  };
+}
+function initAuthConfig(cb) {
+  return async (c, next) => {
+    const config = cb(c);
+    c.set("authConfig", config);
+    await next();
+  };
+}
+function authHandler() {
+  return async (c) => {
+    const config = c.get("authConfig");
+    setEnvDefaults(c.env, config);
+    if (!config.secret) {
+      throw new HTTPException(500, { message: "Missing AUTH_SECRET" });
+    }
+    const res = await Auth(reqWithEnvUrl(c.req.raw, c.env.AUTH_URL), config);
+    return new Response(res.body, res);
+  };
+}
+export {
+  authHandler,
+  getAuthUser,
+  initAuthConfig,
+  verifyAuth
+};

package/dist/react.d.mts ADDED Viewed

@@ -0,0 +1,153 @@
+import { BuiltInProviderType, ProviderType, RedirectableProviderType } from '@auth/core/providers';
+import { Session } from '@auth/core/types';
+import * as React from 'react';
+interface AuthClientConfig {
+    baseUrl: string;
+    basePath: string;
+    credentials?: RequestCredentials;
+    /** Stores last session response */
+    _session?: Session | null | undefined;
+    /** Used for timestamp since last sycned (in seconds) */
+    _lastSync: number;
+    /**
+     * Stores the `SessionProvider`'s session update method to be able to
+     * trigger session updates from places like `signIn` or `signOut`
+     */
+    _getSession: (...args: any[]) => any;
+}
+interface UseSessionOptions<R extends boolean> {
+    required: R;
+    /** Defaults to `signIn` */
+    onUnauthenticated?: () => void;
+}
+type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
+interface ClientSafeProvider {
+    id: LiteralUnion<BuiltInProviderType>;
+    name: string;
+    type: ProviderType;
+    signinUrl: string;
+    callbackUrl: string;
+}
+interface SignInOptions extends Record<string, unknown> {
+    /**
+     * Specify to which URL the user will be redirected after signing in. Defaults to the page URL the sign-in is initiated from.
+     *
+     * [Documentation](https://next-auth.js.org/getting-started/client#specifying-a-callbackurl)
+     */
+    callbackUrl?: string;
+    /** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option) */
+    redirect?: boolean;
+}
+interface SignInResponse {
+    error: string | undefined;
+    status: number;
+    ok: boolean;
+    url: string | null;
+}
+/**
+ * Match `inputType` of `new URLSearchParams(inputType)`
+ * @internal
+ */
+type SignInAuthorizationParams = string | string[][] | Record<string, string> | URLSearchParams;
+/** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1) */
+interface SignOutResponse {
+    url: string;
+}
+interface SignOutParams<R extends boolean = true> {
+    /** [Documentation](https://next-auth.js.org/getting-started/client#specifying-a-callbackurl-1) */
+    callbackUrl?: string;
+    /** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
+    redirect?: R;
+}
+/**
+ * If you have session expiry times of 30 days (the default) or more, then you probably don't need to change any of the default options.
+ *
+ * However, if you need to customize the session behavior and/or are using short session expiry times, you can pass options to the provider to customize the behavior of the {@link useSession} hook.
+ */
+interface SessionProviderProps {
+    children: React.ReactNode;
+    session?: Session | null;
+    baseUrl?: string;
+    basePath?: string;
+    /**
+     * A time interval (in seconds) after which the session will be re-fetched.
+     * If set to `0` (default), the session is not polled.
+     */
+    refetchInterval?: number;
+    /**
+     * `SessionProvider` automatically refetches the session when the user switches between windows.
+     * This option activates this behaviour if set to `true` (default).
+     */
+    refetchOnWindowFocus?: boolean;
+    /**
+     * Set to `false` to stop polling when the device has no internet access offline (determined by `navigator.onLine`)
+     *
+     * [`navigator.onLine` documentation](https://developer.mozilla.org/en-US/docs/Web/API/NavigatorOnLine/onLine)
+     */
+    refetchWhenOffline?: false;
+}
+declare class AuthConfigManager {
+    private static instance;
+    _config: AuthClientConfig;
+    static getInstance(): AuthConfigManager;
+    setConfig(userConfig: Partial<AuthClientConfig>): void;
+    getConfig(): AuthClientConfig;
+}
+declare const authConfigManager: AuthConfigManager;
+/** @todo Document */
+type UpdateSession = (data?: any) => Promise<Session | null>;
+type SessionContextValue<R extends boolean = false> = R extends true ? {
+    update: UpdateSession;
+    data: Session;
+    status: 'authenticated';
+} | {
+    update: UpdateSession;
+    data: null;
+    status: 'loading';
+} : {
+    update: UpdateSession;
+    data: Session;
+    status: 'authenticated';
+} | {
+    update: UpdateSession;
+    data: null;
+    status: 'unauthenticated' | 'loading';
+};
+declare const SessionContext: React.Context<{
+    update: UpdateSession;
+    data: Session;
+    status: 'authenticated';
+} | {
+    update: UpdateSession;
+    data: null;
+    status: 'unauthenticated' | 'loading';
+} | undefined>;
+declare function useSession<R extends boolean>(options?: UseSessionOptions<R>): SessionContextValue<R>;
+interface GetSessionParams {
+    event?: 'storage' | 'timer' | 'hidden' | string;
+    triggerEvent?: boolean;
+    broadcast?: boolean;
+}
+declare function getSession(params?: GetSessionParams): Promise<Session | null>;
+/**
+ * Returns the current Cross-Site Request Forgery Token (CSRF Token)
+ * required to make requests that changes state. (e.g. signing in or out, or updating the session).
+ *
+ * [CSRF Prevention: Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie)
+ * @internal
+ */
+declare function getCsrfToken(): Promise<string>;
+type ProvidersType = Record<LiteralUnion<BuiltInProviderType>, ClientSafeProvider>;
+declare function getProviders(): Promise<ProvidersType | null>;
+declare function signIn<P extends RedirectableProviderType | undefined = undefined>(provider?: LiteralUnion<P extends RedirectableProviderType ? P | BuiltInProviderType : BuiltInProviderType>, options?: SignInOptions, authorizationParams?: SignInAuthorizationParams): Promise<P extends RedirectableProviderType ? SignInResponse | undefined : undefined>;
+/**
+ * Initiate a signout, by destroying the current session.
+ * Handles CSRF protection.
+ */
+declare function signOut<R extends boolean = true>(options?: SignOutParams<R>): Promise<R extends true ? undefined : SignOutResponse>;
+declare function SessionProvider(props: SessionProviderProps): React.JSX.Element;
+export { type GetSessionParams, type LiteralUnion, SessionContext, type SessionContextValue, SessionProvider, type SessionProviderProps, type SignInAuthorizationParams, type SignInOptions, type SignInResponse, type SignOutParams, type UpdateSession, authConfigManager, getCsrfToken, getProviders, getSession, signIn, signOut, useSession };