@hono/auth-js 1.0.6 → 1.0.7

package/dist/index.d.mts

@@ -11,6 +11,7 @@ declare module 'hono' {
     }
 }
 type AuthEnv = {
+    AUTH_URL?: string;
     AUTH_SECRET: string;
     AUTH_REDIRECT_PROXY_URL?: string;
     [key: string]: string | undefined;

package/dist/index.d.ts

@@ -11,6 +11,7 @@ declare module 'hono' {
     }
 }
 type AuthEnv = {
+    AUTH_URL?: string;
     AUTH_SECRET: string;
     AUTH_REDIRECT_PROXY_URL?: string;
     [key: string]: string | undefined;

package/dist/index.js

@@ -61,8 +61,9 @@ function setEnvDefaults(env2, config) {
 }
 async function getAuthUser(c) {
   const config = c.get("authConfig");
-  setEnvDefaults((0, import_adapter.env)(c), config);
-  const origin = (0, import_adapter.env)(c)["AUTH_URL"] ? new URL((0, import_adapter.env)(c)["AUTH_URL"]).origin : new URL(c.req.url).origin;
+  let ctxEnv = (0, import_adapter.env)(c);
+  setEnvDefaults(ctxEnv, config);
+  const origin = ctxEnv.AUTH_URL ? new URL(ctxEnv.AUTH_URL).origin : new URL(c.req.url).origin;
   const request = new Request(`${origin}${config.basePath}/session`, {
     headers: { cookie: c.req.header("cookie") ?? "" }
   });
@@ -107,11 +108,12 @@ function initAuthConfig(cb) {
 function authHandler() {
   return async (c) => {
     const config = c.get("authConfig");
-    setEnvDefaults((0, import_adapter.env)(c), config);
+    let ctxEnv = (0, import_adapter.env)(c);
+    setEnvDefaults(ctxEnv, config);
     if (!config.secret) {
       throw new import_http_exception.HTTPException(500, { message: "Missing AUTH_SECRET" });
     }
-    const res = await (0, import_core.Auth)(reqWithEnvUrl(c.req.raw, (0, import_adapter.env)(c)["AUTH_URL"]), config);
+    const res = await (0, import_core.Auth)(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config);
     return new Response(res.body, res);
   };
 }

package/dist/index.mjs

@@ -33,8 +33,9 @@ function setEnvDefaults(env2, config) {
 }
 async function getAuthUser(c) {
   const config = c.get("authConfig");
-  setEnvDefaults(env(c), config);
-  const origin = env(c)["AUTH_URL"] ? new URL(env(c)["AUTH_URL"]).origin : new URL(c.req.url).origin;
+  let ctxEnv = env(c);
+  setEnvDefaults(ctxEnv, config);
+  const origin = ctxEnv.AUTH_URL ? new URL(ctxEnv.AUTH_URL).origin : new URL(c.req.url).origin;
   const request = new Request(`${origin}${config.basePath}/session`, {
     headers: { cookie: c.req.header("cookie") ?? "" }
   });
@@ -79,11 +80,12 @@ function initAuthConfig(cb) {
 function authHandler() {
   return async (c) => {
     const config = c.get("authConfig");
-    setEnvDefaults(env(c), config);
+    let ctxEnv = env(c);
+    setEnvDefaults(ctxEnv, config);
     if (!config.secret) {
       throw new HTTPException(500, { message: "Missing AUTH_SECRET" });
     }
-    const res = await Auth(reqWithEnvUrl(c.req.raw, env(c)["AUTH_URL"]), config);
+    const res = await Auth(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config);
     return new Response(res.body, res);
   };
 }

package/dist/react.d.mts

@@ -132,13 +132,6 @@ interface GetSessionParams {
     broadcast?: boolean;
 }
 declare function getSession(params?: GetSessionParams): Promise<Session | null>;
-/**
- * Returns the current Cross-Site Request Forgery Token (CSRF Token)
- * required to make requests that changes state. (e.g. signing in or out, or updating the session).
- *
- * [CSRF Prevention: Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie)
- * @internal
- */
 declare function getCsrfToken(): Promise<string>;
 type ProvidersType = Record<LiteralUnion<BuiltInProviderType>, ClientSafeProvider>;
 declare function getProviders(): Promise<ProvidersType | null>;

package/dist/react.d.ts

@@ -132,13 +132,6 @@ interface GetSessionParams {
     broadcast?: boolean;
 }
 declare function getSession(params?: GetSessionParams): Promise<Session | null>;
-/**
- * Returns the current Cross-Site Request Forgery Token (CSRF Token)
- * required to make requests that changes state. (e.g. signing in or out, or updating the session).
- *
- * [CSRF Prevention: Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie)
- * @internal
- */
 declare function getCsrfToken(): Promise<string>;
 type ProvidersType = Record<LiteralUnion<BuiltInProviderType>, ClientSafeProvider>;
 declare function getProviders(): Promise<ProvidersType | null>;

package/dist/react.js

@@ -115,8 +115,8 @@ function parseUrl(url) {
 var AuthConfigManager = class _AuthConfigManager {
   static instance = null;
   _config = {
-    baseUrl: parseUrl(window.location.origin).origin,
-    basePath: parseUrl(window.location.origin).path,
+    baseUrl: typeof window !== "undefined" ? parseUrl(window.location.origin).origin : "",
+    basePath: typeof window !== "undefined" ? parseUrl(window.location.origin).path : "/api/auth",
     credentials: "same-origin",
     _lastSync: 0,
     _session: void 0,

package/dist/react.mjs

@@ -73,8 +73,8 @@ function parseUrl(url) {
 var AuthConfigManager = class _AuthConfigManager {
   static instance = null;
   _config = {
-    baseUrl: parseUrl(window.location.origin).origin,
-    basePath: parseUrl(window.location.origin).path,
+    baseUrl: typeof window !== "undefined" ? parseUrl(window.location.origin).origin : "",
+    basePath: typeof window !== "undefined" ? parseUrl(window.location.origin).path : "/api/auth",
     credentials: "same-origin",
     _lastSync: 0,
     _session: void 0,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hono/auth-js",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "A third-party Auth js middleware for Hono",
   "main": "dist/index.js",
   "exports": {