@hono/auth-js 1.0.6 → 1.0.8

package/README.md

@@ -22,8 +22,9 @@ AUTH_URL=#optional
 ## How to Use
 
 ```ts
-import { Hono,Context } from 'hono'
-import { authHandler, initAuthConfig, verifyAuth, AuthConfig } from "@hono/auth-js"
+import { Hono, Context } from 'hono'
+import { authHandler, initAuthConfig, verifyAuth, type AuthConfig } from "@hono/auth-js"
+import GitHub from "@auth/core/providers/github"
 
 const app = new Hono()
 

package/dist/index.d.mts

@@ -11,6 +11,7 @@ declare module 'hono' {
     }
 }
 type AuthEnv = {
+    AUTH_URL?: string;
     AUTH_SECRET: string;
     AUTH_REDIRECT_PROXY_URL?: string;
     [key: string]: string | undefined;
@@ -23,10 +24,11 @@ type AuthUser = {
 interface AuthConfig extends Omit<AuthConfig$1, 'raw'> {
 }
 type ConfigHandler = (c: Context) => AuthConfig;
+declare function setEnvDefaults(env: AuthEnv, config: AuthConfig): void;
 declare function reqWithEnvUrl(req: Request, authUrl?: string): Request;
 declare function getAuthUser(c: Context): Promise<AuthUser | null>;
 declare function verifyAuth(): MiddlewareHandler;
 declare function initAuthConfig(cb: ConfigHandler): MiddlewareHandler;
 declare function authHandler(): MiddlewareHandler;
 
-export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, reqWithEnvUrl, verifyAuth };
+export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, reqWithEnvUrl, setEnvDefaults, verifyAuth };

package/dist/index.d.ts

@@ -11,6 +11,7 @@ declare module 'hono' {
     }
 }
 type AuthEnv = {
+    AUTH_URL?: string;
     AUTH_SECRET: string;
     AUTH_REDIRECT_PROXY_URL?: string;
     [key: string]: string | undefined;
@@ -23,10 +24,11 @@ type AuthUser = {
 interface AuthConfig extends Omit<AuthConfig$1, 'raw'> {
 }
 type ConfigHandler = (c: Context) => AuthConfig;
+declare function setEnvDefaults(env: AuthEnv, config: AuthConfig): void;
 declare function reqWithEnvUrl(req: Request, authUrl?: string): Request;
 declare function getAuthUser(c: Context): Promise<AuthUser | null>;
 declare function verifyAuth(): MiddlewareHandler;
 declare function initAuthConfig(cb: ConfigHandler): MiddlewareHandler;
 declare function authHandler(): MiddlewareHandler;
 
-export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, reqWithEnvUrl, verifyAuth };
+export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, reqWithEnvUrl, setEnvDefaults, verifyAuth };

package/dist/index.js

@@ -24,12 +24,19 @@ __export(src_exports, {
   getAuthUser: () => getAuthUser,
   initAuthConfig: () => initAuthConfig,
   reqWithEnvUrl: () => reqWithEnvUrl,
+  setEnvDefaults: () => setEnvDefaults,
   verifyAuth: () => verifyAuth
 });
 module.exports = __toCommonJS(src_exports);
 var import_core = require("@auth/core");
 var import_adapter = require("hono/adapter");
 var import_http_exception = require("hono/http-exception");
+var import_core2 = require("@auth/core");
+function setEnvDefaults(env2, config) {
+  config.secret ??= env2.AUTH_SECRET;
+  config.basePath ||= "/api/auth";
+  (0, import_core2.setEnvDefaults)(env2, config);
+}
 function reqWithEnvUrl(req, authUrl) {
   if (authUrl) {
     const reqUrlObj = new URL(req.url);
@@ -38,31 +45,27 @@ function reqWithEnvUrl(req, authUrl) {
     props.forEach((prop) => reqUrlObj[prop] = authUrlObj[prop]);
     return new Request(reqUrlObj.href, req);
   } else {
-    return req;
-  }
-}
-function setEnvDefaults(env2, config) {
-  config.secret ??= env2.AUTH_SECRET;
-  config.basePath ??= "/api/auth";
-  config.trustHost = true;
-  config.redirectProxyUrl ??= env2.AUTH_REDIRECT_PROXY_URL;
-  config.providers = config.providers.map((p) => {
-    const finalProvider = typeof p === "function" ? p({}) : p;
-    if (finalProvider.type === "oauth" || finalProvider.type === "oidc") {
-      const ID = finalProvider.id.toUpperCase();
-      finalProvider.clientId ??= env2[`AUTH_${ID}_ID`];
-      finalProvider.clientSecret ??= env2[`AUTH_${ID}_SECRET`];
-      if (finalProvider.type === "oidc") {
-        finalProvider.issuer ??= env2[`AUTH_${ID}_ISSUER`];
-      }
+    const url = new URL(req.url);
+    const proto = req.headers.get("x-forwarded-proto");
+    const host = req.headers.get("x-forwarded-host") ?? req.headers.get("host");
+    if (proto != null)
+      url.protocol = proto.endsWith(":") ? proto : proto + ":";
+    if (host) {
+      url.host = host;
+      const portMatch = host.match(/:(\d+)$/);
+      if (portMatch)
+        url.port = portMatch[1];
+      else
+        url.port = "";
     }
-    return finalProvider;
-  });
+    return new Request(url.href, req);
+  }
 }
 async function getAuthUser(c) {
   const config = c.get("authConfig");
-  setEnvDefaults((0, import_adapter.env)(c), config);
-  const origin = (0, import_adapter.env)(c)["AUTH_URL"] ? new URL((0, import_adapter.env)(c)["AUTH_URL"]).origin : new URL(c.req.url).origin;
+  let ctxEnv = (0, import_adapter.env)(c);
+  setEnvDefaults(ctxEnv, config);
+  const origin = new URL(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL).url).origin;
   const request = new Request(`${origin}${config.basePath}/session`, {
     headers: { cookie: c.req.header("cookie") ?? "" }
   });
@@ -107,11 +110,12 @@ function initAuthConfig(cb) {
 function authHandler() {
   return async (c) => {
     const config = c.get("authConfig");
-    setEnvDefaults((0, import_adapter.env)(c), config);
-    if (!config.secret) {
+    let ctxEnv = (0, import_adapter.env)(c);
+    setEnvDefaults(ctxEnv, config);
+    if (!config.secret || config.secret.length === 0) {
       throw new import_http_exception.HTTPException(500, { message: "Missing AUTH_SECRET" });
     }
-    const res = await (0, import_core.Auth)(reqWithEnvUrl(c.req.raw, (0, import_adapter.env)(c)["AUTH_URL"]), config);
+    const res = await (0, import_core.Auth)(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config);
     return new Response(res.body, res);
   };
 }
@@ -121,5 +125,6 @@ function authHandler() {
   getAuthUser,
   initAuthConfig,
   reqWithEnvUrl,
+  setEnvDefaults,
   verifyAuth
 });

package/dist/index.mjs

@@ -2,6 +2,12 @@
 import { Auth } from "@auth/core";
 import { env } from "hono/adapter";
 import { HTTPException } from "hono/http-exception";
+import { setEnvDefaults as coreSetEnvDefaults } from "@auth/core";
+function setEnvDefaults(env2, config) {
+  config.secret ??= env2.AUTH_SECRET;
+  config.basePath ||= "/api/auth";
+  coreSetEnvDefaults(env2, config);
+}
 function reqWithEnvUrl(req, authUrl) {
   if (authUrl) {
     const reqUrlObj = new URL(req.url);
@@ -10,31 +16,27 @@ function reqWithEnvUrl(req, authUrl) {
     props.forEach((prop) => reqUrlObj[prop] = authUrlObj[prop]);
     return new Request(reqUrlObj.href, req);
   } else {
-    return req;
-  }
-}
-function setEnvDefaults(env2, config) {
-  config.secret ??= env2.AUTH_SECRET;
-  config.basePath ??= "/api/auth";
-  config.trustHost = true;
-  config.redirectProxyUrl ??= env2.AUTH_REDIRECT_PROXY_URL;
-  config.providers = config.providers.map((p) => {
-    const finalProvider = typeof p === "function" ? p({}) : p;
-    if (finalProvider.type === "oauth" || finalProvider.type === "oidc") {
-      const ID = finalProvider.id.toUpperCase();
-      finalProvider.clientId ??= env2[`AUTH_${ID}_ID`];
-      finalProvider.clientSecret ??= env2[`AUTH_${ID}_SECRET`];
-      if (finalProvider.type === "oidc") {
-        finalProvider.issuer ??= env2[`AUTH_${ID}_ISSUER`];
-      }
+    const url = new URL(req.url);
+    const proto = req.headers.get("x-forwarded-proto");
+    const host = req.headers.get("x-forwarded-host") ?? req.headers.get("host");
+    if (proto != null)
+      url.protocol = proto.endsWith(":") ? proto : proto + ":";
+    if (host) {
+      url.host = host;
+      const portMatch = host.match(/:(\d+)$/);
+      if (portMatch)
+        url.port = portMatch[1];
+      else
+        url.port = "";
     }
-    return finalProvider;
-  });
+    return new Request(url.href, req);
+  }
 }
 async function getAuthUser(c) {
   const config = c.get("authConfig");
-  setEnvDefaults(env(c), config);
-  const origin = env(c)["AUTH_URL"] ? new URL(env(c)["AUTH_URL"]).origin : new URL(c.req.url).origin;
+  let ctxEnv = env(c);
+  setEnvDefaults(ctxEnv, config);
+  const origin = new URL(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL).url).origin;
   const request = new Request(`${origin}${config.basePath}/session`, {
     headers: { cookie: c.req.header("cookie") ?? "" }
   });
@@ -79,11 +81,12 @@ function initAuthConfig(cb) {
 function authHandler() {
   return async (c) => {
     const config = c.get("authConfig");
-    setEnvDefaults(env(c), config);
-    if (!config.secret) {
+    let ctxEnv = env(c);
+    setEnvDefaults(ctxEnv, config);
+    if (!config.secret || config.secret.length === 0) {
       throw new HTTPException(500, { message: "Missing AUTH_SECRET" });
     }
-    const res = await Auth(reqWithEnvUrl(c.req.raw, env(c)["AUTH_URL"]), config);
+    const res = await Auth(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config);
     return new Response(res.body, res);
   };
 }
@@ -92,5 +95,6 @@ export {
   getAuthUser,
   initAuthConfig,
   reqWithEnvUrl,
+  setEnvDefaults,
   verifyAuth
 };

package/dist/react.d.mts

@@ -6,19 +6,12 @@ interface AuthClientConfig {
     baseUrl: string;
     basePath: string;
     credentials?: RequestCredentials;
-    /** Stores last session response */
     _session?: Session | null | undefined;
-    /** Used for timestamp since last sycned (in seconds) */
     _lastSync: number;
-    /**
-     * Stores the `SessionProvider`'s session update method to be able to
-     * trigger session updates from places like `signIn` or `signOut`
-     */
     _getSession: (...args: any[]) => any;
 }
 interface UseSessionOptions<R extends boolean> {
     required: R;
-    /** Defaults to `signIn` */
     onUnauthenticated?: () => void;
 }
 type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
@@ -45,12 +38,7 @@ interface SignInResponse {
     ok: boolean;
     url: string | null;
 }
-/**
- * Match `inputType` of `new URLSearchParams(inputType)`
- * @internal
- */
 type SignInAuthorizationParams = string | string[][] | Record<string, string> | URLSearchParams;
-/** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1) */
 interface SignOutResponse {
     url: string;
 }
@@ -60,32 +48,13 @@ interface SignOutParams<R extends boolean = true> {
     /** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
     redirect?: R;
 }
-/**
- 
- * If you have session expiry times of 30 days (the default) or more, then you probably don't need to change any of the default options.
- *
- * However, if you need to customize the session behavior and/or are using short session expiry times, you can pass options to the provider to customize the behavior of the {@link useSession} hook.
- */
 interface SessionProviderProps {
     children: React.ReactNode;
     session?: Session | null;
     baseUrl?: string;
     basePath?: string;
-    /**
-     * A time interval (in seconds) after which the session will be re-fetched.
-     * If set to `0` (default), the session is not polled.
-     */
     refetchInterval?: number;
-    /**
-     * `SessionProvider` automatically refetches the session when the user switches between windows.
-     * This option activates this behaviour if set to `true` (default).
-     */
     refetchOnWindowFocus?: boolean;
-    /**
-     * Set to `false` to stop polling when the device has no internet access offline (determined by `navigator.onLine`)
-     *
-     * [`navigator.onLine` documentation](https://developer.mozilla.org/en-US/docs/Web/API/NavigatorOnLine/onLine)
-     */
     refetchWhenOffline?: false;
 }
 
@@ -97,7 +66,6 @@ declare class AuthConfigManager {
     getConfig(): AuthClientConfig;
 }
 declare const authConfigManager: AuthConfigManager;
-/** @todo Document */
 type UpdateSession = (data?: any) => Promise<Session | null>;
 type SessionContextValue<R extends boolean = false> = R extends true ? {
     update: UpdateSession;
@@ -132,13 +100,6 @@ interface GetSessionParams {
     broadcast?: boolean;
 }
 declare function getSession(params?: GetSessionParams): Promise<Session | null>;
-/**
- * Returns the current Cross-Site Request Forgery Token (CSRF Token)
- * required to make requests that changes state. (e.g. signing in or out, or updating the session).
- *
- * [CSRF Prevention: Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie)
- * @internal
- */
 declare function getCsrfToken(): Promise<string>;
 type ProvidersType = Record<LiteralUnion<BuiltInProviderType>, ClientSafeProvider>;
 declare function getProviders(): Promise<ProvidersType | null>;

package/dist/react.d.ts

@@ -6,19 +6,12 @@ interface AuthClientConfig {
     baseUrl: string;
     basePath: string;
     credentials?: RequestCredentials;
-    /** Stores last session response */
     _session?: Session | null | undefined;
-    /** Used for timestamp since last sycned (in seconds) */
     _lastSync: number;
-    /**
-     * Stores the `SessionProvider`'s session update method to be able to
-     * trigger session updates from places like `signIn` or `signOut`
-     */
     _getSession: (...args: any[]) => any;
 }
 interface UseSessionOptions<R extends boolean> {
     required: R;
-    /** Defaults to `signIn` */
     onUnauthenticated?: () => void;
 }
 type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
@@ -45,12 +38,7 @@ interface SignInResponse {
     ok: boolean;
     url: string | null;
 }
-/**
- * Match `inputType` of `new URLSearchParams(inputType)`
- * @internal
- */
 type SignInAuthorizationParams = string | string[][] | Record<string, string> | URLSearchParams;
-/** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1) */
 interface SignOutResponse {
     url: string;
 }
@@ -60,32 +48,13 @@ interface SignOutParams<R extends boolean = true> {
     /** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
     redirect?: R;
 }
-/**
- 
- * If you have session expiry times of 30 days (the default) or more, then you probably don't need to change any of the default options.
- *
- * However, if you need to customize the session behavior and/or are using short session expiry times, you can pass options to the provider to customize the behavior of the {@link useSession} hook.
- */
 interface SessionProviderProps {
     children: React.ReactNode;
     session?: Session | null;
     baseUrl?: string;
     basePath?: string;
-    /**
-     * A time interval (in seconds) after which the session will be re-fetched.
-     * If set to `0` (default), the session is not polled.
-     */
     refetchInterval?: number;
-    /**
-     * `SessionProvider` automatically refetches the session when the user switches between windows.
-     * This option activates this behaviour if set to `true` (default).
-     */
     refetchOnWindowFocus?: boolean;
-    /**
-     * Set to `false` to stop polling when the device has no internet access offline (determined by `navigator.onLine`)
-     *
-     * [`navigator.onLine` documentation](https://developer.mozilla.org/en-US/docs/Web/API/NavigatorOnLine/onLine)
-     */
     refetchWhenOffline?: false;
 }
 
@@ -97,7 +66,6 @@ declare class AuthConfigManager {
     getConfig(): AuthClientConfig;
 }
 declare const authConfigManager: AuthConfigManager;
-/** @todo Document */
 type UpdateSession = (data?: any) => Promise<Session | null>;
 type SessionContextValue<R extends boolean = false> = R extends true ? {
     update: UpdateSession;
@@ -132,13 +100,6 @@ interface GetSessionParams {
     broadcast?: boolean;
 }
 declare function getSession(params?: GetSessionParams): Promise<Session | null>;
-/**
- * Returns the current Cross-Site Request Forgery Token (CSRF Token)
- * required to make requests that changes state. (e.g. signing in or out, or updating the session).
- *
- * [CSRF Prevention: Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie)
- * @internal
- */
 declare function getCsrfToken(): Promise<string>;
 type ProvidersType = Record<LiteralUnion<BuiltInProviderType>, ClientSafeProvider>;
 declare function getProviders(): Promise<ProvidersType | null>;

package/dist/react.js

@@ -79,9 +79,9 @@ function useOnline() {
   const [isOnline, setIsOnline] = React.useState(
     typeof navigator !== "undefined" ? navigator.onLine : false
   );
-  const setOnline = () => setIsOnline(true);
-  const setOffline = () => setIsOnline(false);
   React.useEffect(() => {
+    const setOnline = () => setIsOnline(true);
+    const setOffline = () => setIsOnline(false);
     window.addEventListener("online", setOnline);
     window.addEventListener("offline", setOffline);
     return () => {
@@ -95,16 +95,13 @@ function now() {
   return Math.floor(Date.now() / 1e3);
 }
 function parseUrl(url) {
-  const defaultUrl = new URL("http://localhost:3000/api/auth");
-  if (url && !url.startsWith("http")) {
-    url = `https://${url}`;
-  }
-  const _url = new URL(url ?? defaultUrl);
-  const path = (_url.pathname === "/" ? defaultUrl.pathname : _url.pathname).replace(/\/$/, "");
-  const base = `${_url.origin}${path}`;
+  const defaultUrl = "http://localhost:3000/api/auth";
+  const parsedUrl = new URL(url?.startsWith("http") ? url : `https://${url}` || defaultUrl);
+  const path = parsedUrl.pathname === "/" ? "/api/auth" : parsedUrl.pathname.replace(/\/$/, "");
+  const base = `${parsedUrl.origin}${path}`;
   return {
-    origin: _url.origin,
-    host: _url.host,
+    origin: parsedUrl.origin,
+    host: parsedUrl.host,
     path,
     base,
     toString: () => base
@@ -115,8 +112,8 @@ function parseUrl(url) {
 var AuthConfigManager = class _AuthConfigManager {
   static instance = null;
   _config = {
-    baseUrl: parseUrl(window.location.origin).origin,
-    basePath: parseUrl(window.location.origin).path,
+    baseUrl: typeof window !== "undefined" ? parseUrl(window.location.origin).origin : "",
+    basePath: typeof window !== "undefined" ? parseUrl(window.location.origin).path : "/api/auth",
     credentials: "same-origin",
     _lastSync: 0,
     _session: void 0,

package/dist/react.mjs

@@ -37,9 +37,9 @@ function useOnline() {
   const [isOnline, setIsOnline] = React.useState(
     typeof navigator !== "undefined" ? navigator.onLine : false
   );
-  const setOnline = () => setIsOnline(true);
-  const setOffline = () => setIsOnline(false);
   React.useEffect(() => {
+    const setOnline = () => setIsOnline(true);
+    const setOffline = () => setIsOnline(false);
     window.addEventListener("online", setOnline);
     window.addEventListener("offline", setOffline);
     return () => {
@@ -53,16 +53,13 @@ function now() {
   return Math.floor(Date.now() / 1e3);
 }
 function parseUrl(url) {
-  const defaultUrl = new URL("http://localhost:3000/api/auth");
-  if (url && !url.startsWith("http")) {
-    url = `https://${url}`;
-  }
-  const _url = new URL(url ?? defaultUrl);
-  const path = (_url.pathname === "/" ? defaultUrl.pathname : _url.pathname).replace(/\/$/, "");
-  const base = `${_url.origin}${path}`;
+  const defaultUrl = "http://localhost:3000/api/auth";
+  const parsedUrl = new URL(url?.startsWith("http") ? url : `https://${url}` || defaultUrl);
+  const path = parsedUrl.pathname === "/" ? "/api/auth" : parsedUrl.pathname.replace(/\/$/, "");
+  const base = `${parsedUrl.origin}${path}`;
   return {
-    origin: _url.origin,
-    host: _url.host,
+    origin: parsedUrl.origin,
+    host: parsedUrl.host,
     path,
     base,
     toString: () => base
@@ -73,8 +70,8 @@ function parseUrl(url) {
 var AuthConfigManager = class _AuthConfigManager {
   static instance = null;
   _config = {
-    baseUrl: parseUrl(window.location.origin).origin,
-    basePath: parseUrl(window.location.origin).path,
+    baseUrl: typeof window !== "undefined" ? parseUrl(window.location.origin).origin : "",
+    basePath: typeof window !== "undefined" ? parseUrl(window.location.origin).path : "/api/auth",
     credentials: "same-origin",
     _lastSync: 0,
     _session: void 0,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hono/auth-js",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "A third-party Auth js middleware for Hono",
   "main": "dist/index.js",
   "exports": {