@hono/auth-js 1.0.11 → 1.0.13

package/README.md

@@ -16,78 +16,72 @@ Before starting using the middleware you must set the following environment vari
 
 ```plain
 AUTH_SECRET=#required
-AUTH_URL=#optional
+AUTH_URL=https://example.com/api/auth
 ```
 
 ## How to Use
 
 ```ts
-import { Hono, Context } from 'hono'
-import { authHandler, initAuthConfig, verifyAuth, type AuthConfig } from "@hono/auth-js"
-import GitHub from "@auth/core/providers/github"
+import { Hono } from 'hono'
+import { authHandler, initAuthConfig, verifyAuth } from '@hono/auth-js'
+import GitHub from '@auth/core/providers/github'
 
 const app = new Hono()
 
-app.use("*", initAuthConfig(getAuthConfig))
+app.use(
+  '*',
+  initAuthConfig((c) => ({
+    secret: c.env.AUTH_SECRET,
+    providers: [
+      GitHub({
+        clientId: c.env.GITHUB_ID,
+        clientSecret: c.env.GITHUB_SECRET,
+      }),
+    ],
+  }))
+)
 
-app.use("/api/auth/*", authHandler())
+app.use('/api/auth/*', authHandler())
 
 app.use('/api/*', verifyAuth())
 
 app.get('/api/protected', (c) => {
-  const auth = c.get("authUser")
+  const auth = c.get('authUser')
   return c.json(auth)
 })
 
-function getAuthConfig(c: Context): AuthConfig {
-  return {
-    secret: c.env.AUTH_SECRET,
-    providers: [
-      GitHub({
-        clientId: c.env.GITHUB_ID,
-        clientSecret: c.env.GITHUB_SECRET
-      }),
-    ]
-  }
-}
-
 export default app
 ```
 
 React component
-```tsx
-import { SessionProvider } from "@hono/auth-js/react"
 
-export default  function App() {
+```tsx
+import { SessionProvider, useSession } from '@hono/auth-js/react'
 
+export default function App() {
   return (
     <SessionProvider>
-       <Children />
+      <Children />
     </SessionProvider>
   )
 }
 
 function Children() {
   const { data: session, status } = useSession()
-  return (
-    <div >
-     I am {session?.user}
-    </div>
-  )
+  return <div>I am {session?.user}</div>
 }
 ```
+
 Default `/api/auth` path can be changed to something else but that will also require you to change path in react app.
 
 ```tsx
-import {SessionProvider,authConfigManager,useSession } from "@hono/auth-js/react"
+import { SessionProvider, authConfigManager, useSession } from '@hono/auth-js/react'
 
 authConfigManager.setConfig({
-  baseUrl: '', //needed  for cross domain setup.
   basePath: '/custom', // if auth route is diff from /api/auth
-  credentials:'same-origin' //needed  for cross domain setup
-});
+})
 
-export default  function App() {
+export default function App() {
   return (
     <SessionProvider>
       <Children />
@@ -97,47 +91,28 @@ export default  function App() {
 
 function Children() {
   const { data: session, status } = useSession()
-  return (
-    <div >
-     I am {session?.user}
-    </div>
-  )
+  return <div>I am {session?.user}</div>
 }
 ```
-For cross domain setup as mentioned above you need to set these cors headers in hono along with change in same site cookie attribute.[Read More Here](https://next-auth.js.org/configuration/options#cookies)
-``` ts
-app.use(
-  "*",
-  cors({
-    origin: (origin) => origin,
-    allowHeaders: ["Content-Type"],
-    credentials: true,
-  })
-)
-```
-
 
-SessionProvider is not needed with react query.This wrapper is enough
+SessionProvider is not needed with react query.Use useQuery hook to fetch session data.
 
 ```ts
-const useSession = ()=>{
-  const { data ,status } = useQuery({
-  queryKey: ["session"],
-  queryFn: async () => {
-    const res = await fetch("/api/auth/session")
-    return res.json();
-  },
-  staleTime: 5 * (60 * 1000),
-  gcTime: 10 * (60 * 1000),
-  refetchOnWindowFocus: true,
-})
- return { session:data, status }
+const useSession = () => {
+  const { data, status } = useQuery({
+    queryKey: ['session'],
+    queryFn: async () => {
+      const res = await fetch('/api/auth/session')
+      return res.json()
+    },
+    staleTime: 5 * (60 * 1000),
+    gcTime: 10 * (60 * 1000),
+    refetchOnWindowFocus: true,
+  })
+  return { session: data, status }
 }
 ```
-> [!WARNING]
-> You can't use event updates which SessionProvider provides and session will not be in  sync across tabs if you use react query wrapper but in  RQ5 you can enable this using Broadcast channel (see RQ docs).
-
-Working example repo https://github.com/divyam234/next-auth-hono-react
+For more details on how to Popup Oauth Login see [example](https://github.com/divyam234/next-auth-hono-react)
 
 ## Author
 

package/dist/index.d.mts

@@ -25,7 +25,7 @@ interface AuthConfig extends Omit<AuthConfig$1, 'raw'> {
 }
 type ConfigHandler = (c: Context) => AuthConfig;
 declare function setEnvDefaults(env: AuthEnv, config: AuthConfig): void;
-declare function reqWithEnvUrl(req: Request, authUrl?: string): Promise<Request>;
+declare function reqWithEnvUrl(req: Request, authUrl?: string): Request;
 declare function getAuthUser(c: Context): Promise<AuthUser | null>;
 declare function verifyAuth(): MiddlewareHandler;
 declare function initAuthConfig(cb: ConfigHandler): MiddlewareHandler;

package/dist/index.d.ts

@@ -25,7 +25,7 @@ interface AuthConfig extends Omit<AuthConfig$1, 'raw'> {
 }
 type ConfigHandler = (c: Context) => AuthConfig;
 declare function setEnvDefaults(env: AuthEnv, config: AuthConfig): void;
-declare function reqWithEnvUrl(req: Request, authUrl?: string): Promise<Request>;
+declare function reqWithEnvUrl(req: Request, authUrl?: string): Request;
 declare function getAuthUser(c: Context): Promise<AuthUser | null>;
 declare function verifyAuth(): MiddlewareHandler;
 declare function initAuthConfig(cb: ConfigHandler): MiddlewareHandler;

package/dist/index.js

@@ -36,61 +36,41 @@ function setEnvDefaults(env2, config) {
   config.secret ??= env2.AUTH_SECRET;
   (0, import_core2.setEnvDefaults)(env2, config);
 }
-async function cloneRequest(input, request, headers) {
-  if ((0, import_adapter.getRuntimeKey)() === "bun") {
-    return new Request(input, {
-      method: request.method,
-      headers: headers ?? new Headers(request.headers),
-      body: request.method === "GET" || request.method === "HEAD" ? void 0 : await request.blob(),
-      // @ts-ignore: TS2353
-      referrer: "referrer" in request ? request.referrer : void 0,
-      // deno-lint-ignore no-explicit-any
-      referrerPolicy: request.referrerPolicy,
-      mode: request.mode,
-      credentials: request.credentials,
-      // @ts-ignore: TS2353
-      cache: request.cache,
-      redirect: request.redirect,
-      integrity: request.integrity,
-      keepalive: request.keepalive,
-      signal: request.signal
-    });
-  }
-  return new Request(input, request);
-}
-async function reqWithEnvUrl(req, authUrl) {
+function reqWithEnvUrl(req, authUrl) {
   if (authUrl) {
     const reqUrlObj = new URL(req.url);
     const authUrlObj = new URL(authUrl);
     const props = ["hostname", "protocol", "port", "password", "username"];
-    props.forEach((prop) => reqUrlObj[prop] = authUrlObj[prop]);
-    return cloneRequest(reqUrlObj.href, req);
-  } else {
-    const url = new URL(req.url);
-    const headers = new Headers(req.headers);
-    const proto = headers.get("x-forwarded-proto");
-    const host = headers.get("x-forwarded-host") ?? headers.get("host");
-    if (proto != null)
-      url.protocol = proto.endsWith(":") ? proto : proto + ":";
-    if (host != null) {
-      url.host = host;
-      const portMatch = host.match(/:(\d+)$/);
-      if (portMatch)
-        url.port = portMatch[1];
-      else
-        url.port = "";
-      headers.delete("x-forwarded-host");
-      headers.delete("Host");
-      headers.set("Host", host);
+    for (const prop of props) {
+      if (authUrlObj[prop])
+        reqUrlObj[prop] = authUrlObj[prop];
     }
-    return cloneRequest(url.href, req, headers);
+    return new Request(reqUrlObj.href, req);
+  }
+  const newReq = new Request(req);
+  const url = new URL(newReq.url);
+  const proto = newReq.headers.get("x-forwarded-proto");
+  const host = newReq.headers.get("x-forwarded-host") ?? newReq.headers.get("host");
+  if (proto != null)
+    url.protocol = proto.endsWith(":") ? proto : `${proto}:`;
+  if (host != null) {
+    url.host = host;
+    const portMatch = host.match(/:(\d+)$/);
+    if (portMatch)
+      url.port = portMatch[1];
+    else
+      url.port = "";
+    newReq.headers.delete("x-forwarded-host");
+    newReq.headers.delete("Host");
+    newReq.headers.set("Host", host);
   }
+  return new Request(url.href, newReq);
 }
 async function getAuthUser(c) {
   const config = c.get("authConfig");
   const ctxEnv = (0, import_adapter.env)(c);
   setEnvDefaults(ctxEnv, config);
-  const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
+  const authReq = reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
   const origin = new URL(authReq.url).origin;
   const request = new Request(`${origin}${config.basePath}/session`, {
     headers: { cookie: c.req.header("cookie") ?? "" }
@@ -109,7 +89,7 @@ async function getAuthUser(c) {
     }
   });
   const session = await response.json();
-  return session && session.user ? authUser : null;
+  return session?.user ? authUser : null;
 }
 function verifyAuth() {
   return async (c, next) => {
@@ -120,9 +100,8 @@ function verifyAuth() {
         status: 401
       });
       throw new import_http_exception.HTTPException(401, { res });
-    } else {
-      c.set("authUser", authUser);
     }
+    c.set("authUser", authUser);
     await next();
   };
 }
@@ -141,8 +120,7 @@ function authHandler() {
     if (!config.secret || config.secret.length === 0) {
       throw new import_http_exception.HTTPException(500, { message: "Missing AUTH_SECRET" });
     }
-    const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
-    const res = await (0, import_core.Auth)(authReq, config);
+    const res = await (0, import_core.Auth)(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config);
     return new Response(res.body, res);
   };
 }

package/dist/index.mjs

@@ -1,67 +1,47 @@
 // src/index.ts
 import { Auth } from "@auth/core";
-import { env, getRuntimeKey } from "hono/adapter";
+import { env } from "hono/adapter";
 import { HTTPException } from "hono/http-exception";
 import { setEnvDefaults as coreSetEnvDefaults } from "@auth/core";
 function setEnvDefaults(env2, config) {
   config.secret ??= env2.AUTH_SECRET;
   coreSetEnvDefaults(env2, config);
 }
-async function cloneRequest(input, request, headers) {
-  if (getRuntimeKey() === "bun") {
-    return new Request(input, {
-      method: request.method,
-      headers: headers ?? new Headers(request.headers),
-      body: request.method === "GET" || request.method === "HEAD" ? void 0 : await request.blob(),
-      // @ts-ignore: TS2353
-      referrer: "referrer" in request ? request.referrer : void 0,
-      // deno-lint-ignore no-explicit-any
-      referrerPolicy: request.referrerPolicy,
-      mode: request.mode,
-      credentials: request.credentials,
-      // @ts-ignore: TS2353
-      cache: request.cache,
-      redirect: request.redirect,
-      integrity: request.integrity,
-      keepalive: request.keepalive,
-      signal: request.signal
-    });
-  }
-  return new Request(input, request);
-}
-async function reqWithEnvUrl(req, authUrl) {
+function reqWithEnvUrl(req, authUrl) {
   if (authUrl) {
     const reqUrlObj = new URL(req.url);
     const authUrlObj = new URL(authUrl);
     const props = ["hostname", "protocol", "port", "password", "username"];
-    props.forEach((prop) => reqUrlObj[prop] = authUrlObj[prop]);
-    return cloneRequest(reqUrlObj.href, req);
-  } else {
-    const url = new URL(req.url);
-    const headers = new Headers(req.headers);
-    const proto = headers.get("x-forwarded-proto");
-    const host = headers.get("x-forwarded-host") ?? headers.get("host");
-    if (proto != null)
-      url.protocol = proto.endsWith(":") ? proto : proto + ":";
-    if (host != null) {
-      url.host = host;
-      const portMatch = host.match(/:(\d+)$/);
-      if (portMatch)
-        url.port = portMatch[1];
-      else
-        url.port = "";
-      headers.delete("x-forwarded-host");
-      headers.delete("Host");
-      headers.set("Host", host);
+    for (const prop of props) {
+      if (authUrlObj[prop])
+        reqUrlObj[prop] = authUrlObj[prop];
     }
-    return cloneRequest(url.href, req, headers);
+    return new Request(reqUrlObj.href, req);
+  }
+  const newReq = new Request(req);
+  const url = new URL(newReq.url);
+  const proto = newReq.headers.get("x-forwarded-proto");
+  const host = newReq.headers.get("x-forwarded-host") ?? newReq.headers.get("host");
+  if (proto != null)
+    url.protocol = proto.endsWith(":") ? proto : `${proto}:`;
+  if (host != null) {
+    url.host = host;
+    const portMatch = host.match(/:(\d+)$/);
+    if (portMatch)
+      url.port = portMatch[1];
+    else
+      url.port = "";
+    newReq.headers.delete("x-forwarded-host");
+    newReq.headers.delete("Host");
+    newReq.headers.set("Host", host);
   }
+  return new Request(url.href, newReq);
 }
 async function getAuthUser(c) {
   const config = c.get("authConfig");
   const ctxEnv = env(c);
   setEnvDefaults(ctxEnv, config);
-  const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
+  const authReq = reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
   const origin = new URL(authReq.url).origin;
   const request = new Request(`${origin}${config.basePath}/session`, {
     headers: { cookie: c.req.header("cookie") ?? "" }
@@ -80,7 +60,7 @@ async function getAuthUser(c) {
     }
   });
   const session = await response.json();
-  return session && session.user ? authUser : null;
+  return session?.user ? authUser : null;
 }
 function verifyAuth() {
   return async (c, next) => {
@@ -91,9 +71,8 @@ function verifyAuth() {
         status: 401
       });
       throw new HTTPException(401, { res });
-    } else {
-      c.set("authUser", authUser);
     }
+    c.set("authUser", authUser);
     await next();
   };
 }
@@ -112,8 +91,7 @@ function authHandler() {
     if (!config.secret || config.secret.length === 0) {
       throw new HTTPException(500, { message: "Missing AUTH_SECRET" });
     }
-    const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
-    const res = await Auth(authReq, config);
+    const res = await Auth(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config);
     return new Response(res.body, res);
   };
 }

package/dist/react.d.mts

@@ -1,14 +1,18 @@
 import { BuiltInProviderType, ProviderType, RedirectableProviderType } from '@auth/core/providers';
 import { Session } from '@auth/core/types';
-import * as React from 'react';
+import * as React$1 from 'react';
 
+interface GetSessionParams {
+    event?: 'storage' | 'timer' | 'hidden' | string;
+    triggerEvent?: boolean;
+}
 interface AuthClientConfig {
     baseUrl: string;
     basePath: string;
-    credentials?: RequestCredentials;
-    _session?: Session | null | undefined;
-    _lastSync: number;
-    _getSession: (...args: any[]) => any;
+    credentials: RequestCredentials;
+    lastSync: number;
+    session: Session | null;
+    fetchSession: (params?: GetSessionParams) => Promise<void>;
 }
 interface UseSessionOptions<R extends boolean> {
     required: R;
@@ -23,13 +27,7 @@ interface ClientSafeProvider {
     callbackUrl: string;
 }
 interface SignInOptions extends Record<string, unknown> {
-    /**
-     * Specify to which URL the user will be redirected after signing in. Defaults to the page URL the sign-in is initiated from.
-     *
-     * [Documentation](https://next-auth.js.org/getting-started/client#specifying-a-callbackurl)
-     */
     callbackUrl?: string;
-    /** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option) */
     redirect?: boolean;
 }
 interface SignInResponse {
@@ -43,29 +41,16 @@ interface SignOutResponse {
     url: string;
 }
 interface SignOutParams<R extends boolean = true> {
-    /** [Documentation](https://next-auth.js.org/getting-started/client#specifying-a-callbackurl-1) */
     callbackUrl?: string;
-    /** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
     redirect?: R;
 }
 interface SessionProviderProps {
     children: React.ReactNode;
     session?: Session | null;
-    baseUrl?: string;
-    basePath?: string;
     refetchInterval?: number;
     refetchOnWindowFocus?: boolean;
     refetchWhenOffline?: false;
 }
-
-declare class AuthConfigManager {
-    private static instance;
-    _config: AuthClientConfig;
-    static getInstance(): AuthConfigManager;
-    setConfig(userConfig: Partial<AuthClientConfig>): void;
-    getConfig(): AuthClientConfig;
-}
-declare const authConfigManager: AuthConfigManager;
 type UpdateSession = (data?: any) => Promise<Session | null>;
 type SessionContextValue<R extends boolean = false> = R extends true ? {
     update: UpdateSession;
@@ -84,31 +69,49 @@ type SessionContextValue<R extends boolean = false> = R extends true ? {
     data: null;
     status: 'unauthenticated' | 'loading';
 };
-declare const SessionContext: React.Context<{
+type WindowProps = {
+    url: string;
+    title: string;
+    width: number;
+    height: number;
+};
+
+declare class AuthConfigManager {
+    private static instance;
+    private config;
+    private constructor();
+    private createDefaultConfig;
+    static getInstance(): AuthConfigManager;
+    setConfig(userConfig: Partial<AuthClientConfig>): void;
+    getConfig(): AuthClientConfig;
+    initializeConfig(hasInitialSession: boolean): void;
+}
+declare const authConfigManager: AuthConfigManager;
+declare const SessionContext: React$1.Context<{
     update: UpdateSession;
     data: Session;
-    status: 'authenticated';
+    status: "authenticated";
 } | {
     update: UpdateSession;
     data: null;
-    status: 'unauthenticated' | 'loading';
+    status: "loading" | "unauthenticated";
 } | undefined>;
-declare function useSession<R extends boolean>(options?: UseSessionOptions<R>): SessionContextValue<R>;
-interface GetSessionParams {
-    event?: 'storage' | 'timer' | 'hidden' | string;
-    triggerEvent?: boolean;
-    broadcast?: boolean;
-}
 declare function getSession(params?: GetSessionParams): Promise<Session | null>;
 declare function getCsrfToken(): Promise<string>;
+declare function SessionProvider(props: SessionProviderProps): React$1.JSX.Element;
+declare function useSession<R extends boolean>(options?: UseSessionOptions<R>): SessionContextValue<R>;
 type ProvidersType = Record<LiteralUnion<BuiltInProviderType>, ClientSafeProvider>;
 declare function getProviders(): Promise<ProvidersType | null>;
 declare function signIn<P extends RedirectableProviderType | undefined = undefined>(provider?: LiteralUnion<P extends RedirectableProviderType ? P | BuiltInProviderType : BuiltInProviderType>, options?: SignInOptions, authorizationParams?: SignInAuthorizationParams): Promise<P extends RedirectableProviderType ? SignInResponse | undefined : undefined>;
-/**
- * Initiate a signout, by destroying the current session.
- * Handles CSRF protection.
- */
 declare function signOut<R extends boolean = true>(options?: SignOutParams<R>): Promise<R extends true ? undefined : SignOutResponse>;
-declare function SessionProvider(props: SessionProviderProps): React.JSX.Element;
+interface PopupLoginOptions extends Partial<Omit<WindowProps, 'url'>> {
+    onSuccess?: () => void;
+    callbackUrl?: string;
+}
+declare const useOauthPopupLogin: (provider: Parameters<typeof signIn>[0], options?: PopupLoginOptions) => {
+    status: "loading" | "success" | "errored";
+    error?: string | undefined;
+    popUpSignin: () => Promise<void>;
+};
 
-export { type GetSessionParams, type LiteralUnion, SessionContext, type SessionContextValue, SessionProvider, type SessionProviderProps, type SignInAuthorizationParams, type SignInOptions, type SignInResponse, type SignOutParams, type UpdateSession, authConfigManager, getCsrfToken, getProviders, getSession, signIn, signOut, useSession };
+export { SessionContext, SessionProvider, authConfigManager, getCsrfToken, getProviders, getSession, signIn, signOut, useOauthPopupLogin, useSession };