@hono/auth-js 1.0.7 → 1.0.9

package/README.md

@@ -22,8 +22,9 @@ AUTH_URL=#optional
 ## How to Use
 
 ```ts
-import { Hono,Context } from 'hono'
-import { authHandler, initAuthConfig, verifyAuth, AuthConfig } from "@hono/auth-js"
+import { Hono, Context } from 'hono'
+import { authHandler, initAuthConfig, verifyAuth, type AuthConfig } from "@hono/auth-js"
+import GitHub from "@auth/core/providers/github"
 
 const app = new Hono()
 

package/dist/index.d.mts

@@ -24,10 +24,11 @@ type AuthUser = {
 interface AuthConfig extends Omit<AuthConfig$1, 'raw'> {
 }
 type ConfigHandler = (c: Context) => AuthConfig;
-declare function reqWithEnvUrl(req: Request, authUrl?: string): Request;
+declare function setEnvDefaults(env: AuthEnv, config: AuthConfig): void;
+declare function reqWithEnvUrl(req: Request, authUrl?: string): Promise<Request>;
 declare function getAuthUser(c: Context): Promise<AuthUser | null>;
 declare function verifyAuth(): MiddlewareHandler;
 declare function initAuthConfig(cb: ConfigHandler): MiddlewareHandler;
 declare function authHandler(): MiddlewareHandler;
 
-export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, reqWithEnvUrl, verifyAuth };
+export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, reqWithEnvUrl, setEnvDefaults, verifyAuth };

package/dist/index.d.ts

@@ -24,10 +24,11 @@ type AuthUser = {
 interface AuthConfig extends Omit<AuthConfig$1, 'raw'> {
 }
 type ConfigHandler = (c: Context) => AuthConfig;
-declare function reqWithEnvUrl(req: Request, authUrl?: string): Request;
+declare function setEnvDefaults(env: AuthEnv, config: AuthConfig): void;
+declare function reqWithEnvUrl(req: Request, authUrl?: string): Promise<Request>;
 declare function getAuthUser(c: Context): Promise<AuthUser | null>;
 declare function verifyAuth(): MiddlewareHandler;
 declare function initAuthConfig(cb: ConfigHandler): MiddlewareHandler;
 declare function authHandler(): MiddlewareHandler;
 
-export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, reqWithEnvUrl, verifyAuth };
+export { type AuthConfig, type AuthEnv, type AuthUser, type ConfigHandler, authHandler, getAuthUser, initAuthConfig, reqWithEnvUrl, setEnvDefaults, verifyAuth };

package/dist/index.js

@@ -24,46 +24,74 @@ __export(src_exports, {
   getAuthUser: () => getAuthUser,
   initAuthConfig: () => initAuthConfig,
   reqWithEnvUrl: () => reqWithEnvUrl,
+  setEnvDefaults: () => setEnvDefaults,
   verifyAuth: () => verifyAuth
 });
 module.exports = __toCommonJS(src_exports);
 var import_core = require("@auth/core");
 var import_adapter = require("hono/adapter");
 var import_http_exception = require("hono/http-exception");
-function reqWithEnvUrl(req, authUrl) {
+var import_core2 = require("@auth/core");
+function setEnvDefaults(env2, config) {
+  config.secret ??= env2.AUTH_SECRET;
+  config.basePath ||= "/api/auth";
+  (0, import_core2.setEnvDefaults)(env2, config);
+}
+async function cloneRequest(input, request) {
+  if ((0, import_adapter.getRuntimeKey)() === "bun") {
+    return new Request(input, {
+      method: request.method,
+      headers: new Headers(request.headers),
+      body: request.method === "GET" || request.method === "HEAD" ? void 0 : await request.blob(),
+      // @ts-ignore: TS2353
+      referrer: "referrer" in request ? request.referrer : void 0,
+      // deno-lint-ignore no-explicit-any
+      referrerPolicy: request.referrerPolicy,
+      mode: request.mode,
+      credentials: request.credentials,
+      // @ts-ignore: TS2353
+      cache: request.cache,
+      redirect: request.redirect,
+      integrity: request.integrity,
+      keepalive: request.keepalive,
+      signal: request.signal
+    });
+  }
+  return new Request(input, request);
+}
+async function reqWithEnvUrl(req, authUrl) {
   if (authUrl) {
     const reqUrlObj = new URL(req.url);
     const authUrlObj = new URL(authUrl);
     const props = ["hostname", "protocol", "port", "password", "username"];
     props.forEach((prop) => reqUrlObj[prop] = authUrlObj[prop]);
-    return new Request(reqUrlObj.href, req);
+    return cloneRequest(reqUrlObj.href, req);
   } else {
-    return req;
-  }
-}
-function setEnvDefaults(env2, config) {
-  config.secret ??= env2.AUTH_SECRET;
-  config.basePath ??= "/api/auth";
-  config.trustHost = true;
-  config.redirectProxyUrl ??= env2.AUTH_REDIRECT_PROXY_URL;
-  config.providers = config.providers.map((p) => {
-    const finalProvider = typeof p === "function" ? p({}) : p;
-    if (finalProvider.type === "oauth" || finalProvider.type === "oidc") {
-      const ID = finalProvider.id.toUpperCase();
-      finalProvider.clientId ??= env2[`AUTH_${ID}_ID`];
-      finalProvider.clientSecret ??= env2[`AUTH_${ID}_SECRET`];
-      if (finalProvider.type === "oidc") {
-        finalProvider.issuer ??= env2[`AUTH_${ID}_ISSUER`];
-      }
+    const url = new URL(req.url);
+    const proto = req.headers.get("x-forwarded-proto");
+    const host = req.headers.get("x-forwarded-host") ?? req.headers.get("host");
+    if (proto != null)
+      url.protocol = proto.endsWith(":") ? proto : proto + ":";
+    if (host != null) {
+      url.host = host;
+      const portMatch = host.match(/:(\d+)$/);
+      if (portMatch)
+        url.port = portMatch[1];
+      else
+        url.port = "";
+      req.headers.delete("x-forwarded-host");
+      req.headers.delete("Host");
+      req.headers.set("Host", host);
     }
-    return finalProvider;
-  });
+    return cloneRequest(url.href, req);
+  }
 }
 async function getAuthUser(c) {
   const config = c.get("authConfig");
-  let ctxEnv = (0, import_adapter.env)(c);
+  const ctxEnv = (0, import_adapter.env)(c);
   setEnvDefaults(ctxEnv, config);
-  const origin = ctxEnv.AUTH_URL ? new URL(ctxEnv.AUTH_URL).origin : new URL(c.req.url).origin;
+  const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
+  const origin = new URL(authReq.url).origin;
   const request = new Request(`${origin}${config.basePath}/session`, {
     headers: { cookie: c.req.header("cookie") ?? "" }
   });
@@ -108,12 +136,13 @@ function initAuthConfig(cb) {
 function authHandler() {
   return async (c) => {
     const config = c.get("authConfig");
-    let ctxEnv = (0, import_adapter.env)(c);
+    const ctxEnv = (0, import_adapter.env)(c);
     setEnvDefaults(ctxEnv, config);
-    if (!config.secret) {
+    if (!config.secret || config.secret.length === 0) {
       throw new import_http_exception.HTTPException(500, { message: "Missing AUTH_SECRET" });
     }
-    const res = await (0, import_core.Auth)(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config);
+    const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
+    const res = await (0, import_core.Auth)(authReq, config);
     return new Response(res.body, res);
   };
 }
@@ -123,5 +152,6 @@ function authHandler() {
   getAuthUser,
   initAuthConfig,
   reqWithEnvUrl,
+  setEnvDefaults,
   verifyAuth
 });

package/dist/index.mjs

@@ -1,41 +1,68 @@
 // src/index.ts
 import { Auth } from "@auth/core";
-import { env } from "hono/adapter";
+import { env, getRuntimeKey } from "hono/adapter";
 import { HTTPException } from "hono/http-exception";
-function reqWithEnvUrl(req, authUrl) {
+import { setEnvDefaults as coreSetEnvDefaults } from "@auth/core";
+function setEnvDefaults(env2, config) {
+  config.secret ??= env2.AUTH_SECRET;
+  config.basePath ||= "/api/auth";
+  coreSetEnvDefaults(env2, config);
+}
+async function cloneRequest(input, request) {
+  if (getRuntimeKey() === "bun") {
+    return new Request(input, {
+      method: request.method,
+      headers: new Headers(request.headers),
+      body: request.method === "GET" || request.method === "HEAD" ? void 0 : await request.blob(),
+      // @ts-ignore: TS2353
+      referrer: "referrer" in request ? request.referrer : void 0,
+      // deno-lint-ignore no-explicit-any
+      referrerPolicy: request.referrerPolicy,
+      mode: request.mode,
+      credentials: request.credentials,
+      // @ts-ignore: TS2353
+      cache: request.cache,
+      redirect: request.redirect,
+      integrity: request.integrity,
+      keepalive: request.keepalive,
+      signal: request.signal
+    });
+  }
+  return new Request(input, request);
+}
+async function reqWithEnvUrl(req, authUrl) {
   if (authUrl) {
     const reqUrlObj = new URL(req.url);
     const authUrlObj = new URL(authUrl);
     const props = ["hostname", "protocol", "port", "password", "username"];
     props.forEach((prop) => reqUrlObj[prop] = authUrlObj[prop]);
-    return new Request(reqUrlObj.href, req);
+    return cloneRequest(reqUrlObj.href, req);
   } else {
-    return req;
-  }
-}
-function setEnvDefaults(env2, config) {
-  config.secret ??= env2.AUTH_SECRET;
-  config.basePath ??= "/api/auth";
-  config.trustHost = true;
-  config.redirectProxyUrl ??= env2.AUTH_REDIRECT_PROXY_URL;
-  config.providers = config.providers.map((p) => {
-    const finalProvider = typeof p === "function" ? p({}) : p;
-    if (finalProvider.type === "oauth" || finalProvider.type === "oidc") {
-      const ID = finalProvider.id.toUpperCase();
-      finalProvider.clientId ??= env2[`AUTH_${ID}_ID`];
-      finalProvider.clientSecret ??= env2[`AUTH_${ID}_SECRET`];
-      if (finalProvider.type === "oidc") {
-        finalProvider.issuer ??= env2[`AUTH_${ID}_ISSUER`];
-      }
+    const url = new URL(req.url);
+    const proto = req.headers.get("x-forwarded-proto");
+    const host = req.headers.get("x-forwarded-host") ?? req.headers.get("host");
+    if (proto != null)
+      url.protocol = proto.endsWith(":") ? proto : proto + ":";
+    if (host != null) {
+      url.host = host;
+      const portMatch = host.match(/:(\d+)$/);
+      if (portMatch)
+        url.port = portMatch[1];
+      else
+        url.port = "";
+      req.headers.delete("x-forwarded-host");
+      req.headers.delete("Host");
+      req.headers.set("Host", host);
     }
-    return finalProvider;
-  });
+    return cloneRequest(url.href, req);
+  }
 }
 async function getAuthUser(c) {
   const config = c.get("authConfig");
-  let ctxEnv = env(c);
+  const ctxEnv = env(c);
   setEnvDefaults(ctxEnv, config);
-  const origin = ctxEnv.AUTH_URL ? new URL(ctxEnv.AUTH_URL).origin : new URL(c.req.url).origin;
+  const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
+  const origin = new URL(authReq.url).origin;
   const request = new Request(`${origin}${config.basePath}/session`, {
     headers: { cookie: c.req.header("cookie") ?? "" }
   });
@@ -80,12 +107,13 @@ function initAuthConfig(cb) {
 function authHandler() {
   return async (c) => {
     const config = c.get("authConfig");
-    let ctxEnv = env(c);
+    const ctxEnv = env(c);
     setEnvDefaults(ctxEnv, config);
-    if (!config.secret) {
+    if (!config.secret || config.secret.length === 0) {
       throw new HTTPException(500, { message: "Missing AUTH_SECRET" });
     }
-    const res = await Auth(reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL), config);
+    const authReq = await reqWithEnvUrl(c.req.raw, ctxEnv.AUTH_URL);
+    const res = await Auth(authReq, config);
     return new Response(res.body, res);
   };
 }
@@ -94,5 +122,6 @@ export {
   getAuthUser,
   initAuthConfig,
   reqWithEnvUrl,
+  setEnvDefaults,
   verifyAuth
 };

package/dist/react.d.mts

@@ -6,19 +6,12 @@ interface AuthClientConfig {
     baseUrl: string;
     basePath: string;
     credentials?: RequestCredentials;
-    /** Stores last session response */
     _session?: Session | null | undefined;
-    /** Used for timestamp since last sycned (in seconds) */
     _lastSync: number;
-    /**
-     * Stores the `SessionProvider`'s session update method to be able to
-     * trigger session updates from places like `signIn` or `signOut`
-     */
     _getSession: (...args: any[]) => any;
 }
 interface UseSessionOptions<R extends boolean> {
     required: R;
-    /** Defaults to `signIn` */
     onUnauthenticated?: () => void;
 }
 type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
@@ -45,12 +38,7 @@ interface SignInResponse {
     ok: boolean;
     url: string | null;
 }
-/**
- * Match `inputType` of `new URLSearchParams(inputType)`
- * @internal
- */
 type SignInAuthorizationParams = string | string[][] | Record<string, string> | URLSearchParams;
-/** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1) */
 interface SignOutResponse {
     url: string;
 }
@@ -60,32 +48,13 @@ interface SignOutParams<R extends boolean = true> {
     /** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
     redirect?: R;
 }
-/**
- 
- * If you have session expiry times of 30 days (the default) or more, then you probably don't need to change any of the default options.
- *
- * However, if you need to customize the session behavior and/or are using short session expiry times, you can pass options to the provider to customize the behavior of the {@link useSession} hook.
- */
 interface SessionProviderProps {
     children: React.ReactNode;
     session?: Session | null;
     baseUrl?: string;
     basePath?: string;
-    /**
-     * A time interval (in seconds) after which the session will be re-fetched.
-     * If set to `0` (default), the session is not polled.
-     */
     refetchInterval?: number;
-    /**
-     * `SessionProvider` automatically refetches the session when the user switches between windows.
-     * This option activates this behaviour if set to `true` (default).
-     */
     refetchOnWindowFocus?: boolean;
-    /**
-     * Set to `false` to stop polling when the device has no internet access offline (determined by `navigator.onLine`)
-     *
-     * [`navigator.onLine` documentation](https://developer.mozilla.org/en-US/docs/Web/API/NavigatorOnLine/onLine)
-     */
     refetchWhenOffline?: false;
 }
 
@@ -97,7 +66,6 @@ declare class AuthConfigManager {
     getConfig(): AuthClientConfig;
 }
 declare const authConfigManager: AuthConfigManager;
-/** @todo Document */
 type UpdateSession = (data?: any) => Promise<Session | null>;
 type SessionContextValue<R extends boolean = false> = R extends true ? {
     update: UpdateSession;

package/dist/react.d.ts

@@ -6,19 +6,12 @@ interface AuthClientConfig {
     baseUrl: string;
     basePath: string;
     credentials?: RequestCredentials;
-    /** Stores last session response */
     _session?: Session | null | undefined;
-    /** Used for timestamp since last sycned (in seconds) */
     _lastSync: number;
-    /**
-     * Stores the `SessionProvider`'s session update method to be able to
-     * trigger session updates from places like `signIn` or `signOut`
-     */
     _getSession: (...args: any[]) => any;
 }
 interface UseSessionOptions<R extends boolean> {
     required: R;
-    /** Defaults to `signIn` */
     onUnauthenticated?: () => void;
 }
 type LiteralUnion<T extends U, U = string> = T | (U & Record<never, never>);
@@ -45,12 +38,7 @@ interface SignInResponse {
     ok: boolean;
     url: string | null;
 }
-/**
- * Match `inputType` of `new URLSearchParams(inputType)`
- * @internal
- */
 type SignInAuthorizationParams = string | string[][] | Record<string, string> | URLSearchParams;
-/** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1) */
 interface SignOutResponse {
     url: string;
 }
@@ -60,32 +48,13 @@ interface SignOutParams<R extends boolean = true> {
     /** [Documentation](https://next-auth.js.org/getting-started/client#using-the-redirect-false-option-1 */
     redirect?: R;
 }
-/**
- 
- * If you have session expiry times of 30 days (the default) or more, then you probably don't need to change any of the default options.
- *
- * However, if you need to customize the session behavior and/or are using short session expiry times, you can pass options to the provider to customize the behavior of the {@link useSession} hook.
- */
 interface SessionProviderProps {
     children: React.ReactNode;
     session?: Session | null;
     baseUrl?: string;
     basePath?: string;
-    /**
-     * A time interval (in seconds) after which the session will be re-fetched.
-     * If set to `0` (default), the session is not polled.
-     */
     refetchInterval?: number;
-    /**
-     * `SessionProvider` automatically refetches the session when the user switches between windows.
-     * This option activates this behaviour if set to `true` (default).
-     */
     refetchOnWindowFocus?: boolean;
-    /**
-     * Set to `false` to stop polling when the device has no internet access offline (determined by `navigator.onLine`)
-     *
-     * [`navigator.onLine` documentation](https://developer.mozilla.org/en-US/docs/Web/API/NavigatorOnLine/onLine)
-     */
     refetchWhenOffline?: false;
 }
 
@@ -97,7 +66,6 @@ declare class AuthConfigManager {
     getConfig(): AuthClientConfig;
 }
 declare const authConfigManager: AuthConfigManager;
-/** @todo Document */
 type UpdateSession = (data?: any) => Promise<Session | null>;
 type SessionContextValue<R extends boolean = false> = R extends true ? {
     update: UpdateSession;

package/dist/react.js

@@ -79,9 +79,9 @@ function useOnline() {
   const [isOnline, setIsOnline] = React.useState(
     typeof navigator !== "undefined" ? navigator.onLine : false
   );
-  const setOnline = () => setIsOnline(true);
-  const setOffline = () => setIsOnline(false);
   React.useEffect(() => {
+    const setOnline = () => setIsOnline(true);
+    const setOffline = () => setIsOnline(false);
     window.addEventListener("online", setOnline);
     window.addEventListener("offline", setOffline);
     return () => {
@@ -95,16 +95,13 @@ function now() {
   return Math.floor(Date.now() / 1e3);
 }
 function parseUrl(url) {
-  const defaultUrl = new URL("http://localhost:3000/api/auth");
-  if (url && !url.startsWith("http")) {
-    url = `https://${url}`;
-  }
-  const _url = new URL(url ?? defaultUrl);
-  const path = (_url.pathname === "/" ? defaultUrl.pathname : _url.pathname).replace(/\/$/, "");
-  const base = `${_url.origin}${path}`;
+  const defaultUrl = "http://localhost:3000/api/auth";
+  const parsedUrl = new URL(url?.startsWith("http") ? url : `https://${url}` || defaultUrl);
+  const path = parsedUrl.pathname === "/" ? "/api/auth" : parsedUrl.pathname.replace(/\/$/, "");
+  const base = `${parsedUrl.origin}${path}`;
   return {
-    origin: _url.origin,
-    host: _url.host,
+    origin: parsedUrl.origin,
+    host: parsedUrl.host,
     path,
     base,
     toString: () => base

package/dist/react.mjs

@@ -37,9 +37,9 @@ function useOnline() {
   const [isOnline, setIsOnline] = React.useState(
     typeof navigator !== "undefined" ? navigator.onLine : false
   );
-  const setOnline = () => setIsOnline(true);
-  const setOffline = () => setIsOnline(false);
   React.useEffect(() => {
+    const setOnline = () => setIsOnline(true);
+    const setOffline = () => setIsOnline(false);
     window.addEventListener("online", setOnline);
     window.addEventListener("offline", setOffline);
     return () => {
@@ -53,16 +53,13 @@ function now() {
   return Math.floor(Date.now() / 1e3);
 }
 function parseUrl(url) {
-  const defaultUrl = new URL("http://localhost:3000/api/auth");
-  if (url && !url.startsWith("http")) {
-    url = `https://${url}`;
-  }
-  const _url = new URL(url ?? defaultUrl);
-  const path = (_url.pathname === "/" ? defaultUrl.pathname : _url.pathname).replace(/\/$/, "");
-  const base = `${_url.origin}${path}`;
+  const defaultUrl = "http://localhost:3000/api/auth";
+  const parsedUrl = new URL(url?.startsWith("http") ? url : `https://${url}` || defaultUrl);
+  const path = parsedUrl.pathname === "/" ? "/api/auth" : parsedUrl.pathname.replace(/\/$/, "");
+  const base = `${parsedUrl.origin}${path}`;
   return {
-    origin: _url.origin,
-    host: _url.host,
+    origin: parsedUrl.origin,
+    host: parsedUrl.host,
     path,
     base,
     toString: () => base

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hono/auth-js",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "description": "A third-party Auth js middleware for Hono",
   "main": "dist/index.js",
   "exports": {