@htlkg/core 0.0.1 → 0.0.3

package/src/amplify-astro-adapter/createCookieStorageAdapterFromAstroContext.ts

@@ -0,0 +1,97 @@
+import type { CookieStorage } from 'aws-amplify/adapter-core';
+import type { AstroServer } from './types';
+import { createLogger } from '../utils/logger';
+
+const log = createLogger('cookie-storage-adapter');
+
+// Ensures the cookie names are encoded in order to look up the cookie store
+// that is manipulated by js-cookie on the client side.
+// Details of the js-cookie encoding behavior see:
+// https://github.com/js-cookie/js-cookie#encoding
+// The implementation is borrowed from js-cookie without escaping `[()]` as
+// we are not using those chars in the auth keys.
+function ensureEncodedForJSCookie(name: string): string {
+  return encodeURIComponent(name).replace(/%(2[346B]|5E|60|7C)/g, decodeURIComponent);
+}
+
+function parseCookieHeader(cookieHeader: string | null) {
+  const out: Record<string, string> = {};
+  if (!cookieHeader) return out;
+  for (const part of cookieHeader.split(';')) {
+    const [rawName, ...rest] = part.trim().split('=');
+    const name = decodeURIComponent(rawName || '');
+    const value = decodeURIComponent(rest.join('=') || '');
+    if (name) out[name] = value;
+  }
+  return out;
+}
+
+function mapSameSite(
+  s: CookieStorage.SetCookieOptions['sameSite']
+): 'lax' | 'strict' | 'none' | undefined {
+  if (s === true) return 'strict';
+  if (s === false) return 'lax';
+  if (s === 'lax' || s === 'strict' || s === 'none') return s;
+  return undefined;
+}
+
+export async function createCookieStorageAdapterFromAstroContext(
+  astroServerContext: AstroServer.ServerContext
+): Promise<CookieStorage.Adapter> {
+  if (astroServerContext === null) {
+    log.debug('Context is null, returning no-op adapter');
+    return {
+      get: () => undefined,
+      getAll: () => [],
+      set: () => {},
+      delete: () => {},
+    };
+  }
+
+  const { cookies, request } = astroServerContext;
+  const cookieHeader = request?.headers?.get('cookie');
+  const headerCookies = parseCookieHeader(cookieHeader ?? null);
+
+  // Debug: Log available cookies (names only for security)
+  const cookieNames = Object.keys(headerCookies);
+  const cognitoCookies = cookieNames.filter(name => name.includes('CognitoIdentityServiceProvider'));
+  log.debug('Available cookies:', cookieNames.length);
+  log.debug('Cognito cookies found:', cognitoCookies.length);
+  if (cognitoCookies.length > 0) {
+    log.debug('Cognito cookie names:', cognitoCookies);
+  }
+
+  const adapter: CookieStorage.Adapter = {
+    get(name) {
+      const encodedName = ensureEncodedForJSCookie(name);
+      const v = cookies?.get(encodedName)?.value ?? headerCookies[encodedName] ?? headerCookies[name];
+      // Debug: Log token lookups (only for auth-related cookies)
+      if (name.includes('accessToken') || name.includes('idToken') || name.includes('refreshToken') || name.includes('LastAuthUser')) {
+        log.debug(`get('${name}'): ${v ? 'FOUND' : 'NOT FOUND'}`);
+      }
+      return v ? { name, value: v } : undefined;
+    },
+    getAll() {
+      const fromAPI =
+        (typeof (cookies as any)?.getAll === 'function'
+          ? (cookies as any).getAll().map((c: any) => ({ name: c.name, value: c.value }))
+          : Object.entries(headerCookies).map(([name, value]) => ({ name, value })));
+      return fromAPI;
+    },
+    set(name, value, options) {
+      try {
+        (cookies as any).set(name, value, {
+          ...(options ?? {}),
+          sameSite: mapSameSite(options?.sameSite),
+        });
+      } catch {}
+    },
+    delete(name: string) {
+      try {
+        (cookies as any).delete(name);
+      } catch {}
+    },
+  };
+
+  return adapter;
+}

package/src/amplify-astro-adapter/createRunWithAmplifyServerContext.ts

@@ -0,0 +1,84 @@
+import type { ResourcesConfig } from 'aws-amplify';
+import { sharedInMemoryStorage } from 'aws-amplify/utils';
+import {
+  createAWSCredentialsAndIdentityIdProvider,
+  createKeyValueStorageFromCookieStorageAdapter,
+  createUserPoolsTokenProvider,
+  runWithAmplifyServerContext as coreRunWithContext,
+} from 'aws-amplify/adapter-core';
+
+import type { AstroServer } from './types';
+import { globalSettings as defaultGlobalSettings } from './globalSettings';
+import { createCookieStorageAdapterFromAstroContext } from './createCookieStorageAdapterFromAstroContext';
+import { createLogger } from '../utils/logger';
+
+const log = createLogger('amplify-server-context');
+
+/**
+ * Creates a function that runs operations within the Amplify server context.
+ *
+ * IMPORTANT: Pass globalSettings explicitly to avoid module singleton issues
+ * when using linked packages or different bundling contexts.
+ */
+export const createRunWithAmplifyServerContext = ({
+  config: resourcesConfig,
+  globalSettings = defaultGlobalSettings,
+}: {
+  config: ResourcesConfig;
+  globalSettings?: AstroServer.GlobalSettings;
+}): AstroServer.RunOperationWithContext => {
+  const isServerSideAuthEnabled = globalSettings.isServerSideAuthEnabled();
+  const isSSLOrigin = globalSettings.isSSLOrigin();
+  const setCookieOptions = globalSettings.getRuntimeOptions().cookies ?? {};
+
+  log.debug('Settings:', {
+    isServerSideAuthEnabled,
+    isSSLOrigin,
+    hasCookieOptions: Object.keys(setCookieOptions).length > 0,
+  });
+  
+  const mergedSetCookieOptions = {
+    ...(isServerSideAuthEnabled && { httpOnly: true, sameSite: 'lax' as const }),
+    ...setCookieOptions,
+    ...(isServerSideAuthEnabled && { secure: isSSLOrigin }),
+    path: '/',
+  };
+
+  const runWithContext: AstroServer.RunOperationWithContext = async ({
+    astroServerContext,
+    operation,
+  }) => {
+    if (resourcesConfig.Auth) {
+      const cookieAdapter = await createCookieStorageAdapterFromAstroContext(astroServerContext);
+      
+      const keyValueStorage =
+        astroServerContext === null
+          ? sharedInMemoryStorage
+          : createKeyValueStorageFromCookieStorageAdapter(
+              cookieAdapter,
+              undefined,
+              mergedSetCookieOptions
+            );
+
+      const credentialsProvider = createAWSCredentialsAndIdentityIdProvider(
+        resourcesConfig.Auth,
+        keyValueStorage
+      );
+      
+      const tokenProvider = createUserPoolsTokenProvider(
+        resourcesConfig.Auth,
+        keyValueStorage
+      );
+
+      return coreRunWithContext(
+        resourcesConfig,
+        { Auth: { credentialsProvider, tokenProvider } },
+        operation
+      );
+    }
+
+    return coreRunWithContext(resourcesConfig, {}, operation);
+  };
+
+  return runWithContext;
+};

package/src/amplify-astro-adapter/errors.test.ts

@@ -0,0 +1,115 @@
+import { describe, it, expect } from "vitest";
+import {
+	AmplifyAstroAdapterError,
+	ErrorCodes,
+	createConfigMissingError,
+	createAuthFailedError,
+	createCookieError,
+	createGraphQLError,
+	createContextCreationError,
+	createTokenRefreshError,
+} from "./errors";
+
+describe("AmplifyAstroAdapterError", () => {
+	it("should create error with message and code", () => {
+		const error = new AmplifyAstroAdapterError(
+			"Test error",
+			"TEST_CODE"
+		);
+
+		expect(error.message).toBe("Test error");
+		expect(error.code).toBe("TEST_CODE");
+		expect(error.name).toBe("AmplifyAstroAdapterError");
+		expect(error.recoverySuggestion).toBeUndefined();
+	});
+
+	it("should create error with recovery suggestion", () => {
+		const error = new AmplifyAstroAdapterError(
+			"Test error",
+			"TEST_CODE",
+			"Try this fix"
+		);
+
+		expect(error.recoverySuggestion).toBe("Try this fix");
+	});
+
+	it("should be instanceof Error", () => {
+		const error = new AmplifyAstroAdapterError("Test", "CODE");
+		expect(error).toBeInstanceOf(Error);
+	});
+});
+
+describe("Error factory functions", () => {
+	describe("createConfigMissingError", () => {
+		it("should create config missing error", () => {
+			const error = createConfigMissingError("userPoolId");
+
+			expect(error.message).toContain("userPoolId");
+			expect(error.code).toBe(ErrorCodes.CONFIG_MISSING);
+			expect(error.recoverySuggestion).toContain("amplify_outputs.json");
+		});
+	});
+
+	describe("createAuthFailedError", () => {
+		it("should create auth failed error", () => {
+			const error = createAuthFailedError("Invalid token");
+
+			expect(error.message).toContain("Invalid token");
+			expect(error.code).toBe(ErrorCodes.AUTH_FAILED);
+			expect(error.recoverySuggestion).toContain("tokens are valid");
+		});
+	});
+
+	describe("createCookieError", () => {
+		it("should create cookie error", () => {
+			const error = createCookieError("set", "Invalid format");
+
+			expect(error.message).toContain("set");
+			expect(error.message).toContain("Invalid format");
+			expect(error.code).toBe(ErrorCodes.COOKIE_ERROR);
+			expect(error.recoverySuggestion).toContain("cookie");
+		});
+	});
+
+	describe("createGraphQLError", () => {
+		it("should create GraphQL error", () => {
+			const error = createGraphQLError("query", "Network error");
+
+			expect(error.message).toContain("query");
+			expect(error.message).toContain("Network error");
+			expect(error.code).toBe(ErrorCodes.GRAPHQL_ERROR);
+			expect(error.recoverySuggestion).toContain("network");
+		});
+	});
+
+	describe("createContextCreationError", () => {
+		it("should create context creation error", () => {
+			const error = createContextCreationError("Missing config");
+
+			expect(error.message).toContain("Missing config");
+			expect(error.code).toBe(ErrorCodes.CONTEXT_CREATION_FAILED);
+			expect(error.recoverySuggestion).toContain("Amplify configuration");
+		});
+	});
+
+	describe("createTokenRefreshError", () => {
+		it("should create token refresh error", () => {
+			const error = createTokenRefreshError("Expired refresh token");
+
+			expect(error.message).toContain("Expired refresh token");
+			expect(error.code).toBe(ErrorCodes.TOKEN_REFRESH_FAILED);
+			expect(error.recoverySuggestion).toContain("re-authenticate");
+		});
+	});
+});
+
+describe("ErrorCodes", () => {
+	it("should have all expected error codes", () => {
+		expect(ErrorCodes.CONFIG_MISSING).toBe("CONFIG_MISSING");
+		expect(ErrorCodes.AUTH_FAILED).toBe("AUTH_FAILED");
+		expect(ErrorCodes.COOKIE_ERROR).toBe("COOKIE_ERROR");
+		expect(ErrorCodes.GRAPHQL_ERROR).toBe("GRAPHQL_ERROR");
+		expect(ErrorCodes.CONTEXT_CREATION_FAILED).toBe("CONTEXT_CREATION_FAILED");
+		expect(ErrorCodes.TOKEN_REFRESH_FAILED).toBe("TOKEN_REFRESH_FAILED");
+	});
+});

package/src/amplify-astro-adapter/errors.ts

@@ -0,0 +1,105 @@
+/**
+ * Error classes for adapter-specific errors
+ */
+
+/**
+ * Base error class for Amplify Astro Adapter errors
+ */
+export class AmplifyAstroAdapterError extends Error {
+  public readonly code: string;
+  public readonly recoverySuggestion?: string;
+
+  constructor(
+    message: string,
+    code: string,
+    recoverySuggestion?: string
+  ) {
+    super(message);
+    this.name = 'AmplifyAstroAdapterError';
+    this.code = code;
+    this.recoverySuggestion = recoverySuggestion;
+
+    // Maintains proper stack trace for where our error was thrown (only available on V8)
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, AmplifyAstroAdapterError);
+    }
+  }
+}
+
+/**
+ * Error codes for different types of adapter errors
+ */
+export const ErrorCodes = {
+  CONFIG_MISSING: 'CONFIG_MISSING',
+  AUTH_FAILED: 'AUTH_FAILED',
+  COOKIE_ERROR: 'COOKIE_ERROR',
+  GRAPHQL_ERROR: 'GRAPHQL_ERROR',
+  CONTEXT_CREATION_FAILED: 'CONTEXT_CREATION_FAILED',
+  TOKEN_REFRESH_FAILED: 'TOKEN_REFRESH_FAILED',
+} as const;
+
+/**
+ * Creates a configuration missing error
+ */
+export function createConfigMissingError(missingConfig: string): AmplifyAstroAdapterError {
+  return new AmplifyAstroAdapterError(
+    `Amplify configuration is missing: ${missingConfig}`,
+    ErrorCodes.CONFIG_MISSING,
+    'Ensure amplify_outputs.json is properly configured and accessible to the adapter'
+  );
+}
+
+/**
+ * Creates an authentication failed error
+ */
+export function createAuthFailedError(reason: string): AmplifyAstroAdapterError {
+  return new AmplifyAstroAdapterError(
+    `Authentication failed: ${reason}`,
+    ErrorCodes.AUTH_FAILED,
+    'Check that authentication tokens are valid and not expired'
+  );
+}
+
+/**
+ * Creates a cookie error
+ */
+export function createCookieError(operation: string, reason: string): AmplifyAstroAdapterError {
+  return new AmplifyAstroAdapterError(
+    `Cookie ${operation} failed: ${reason}`,
+    ErrorCodes.COOKIE_ERROR,
+    'Verify cookie data format and ensure cookies are properly set in the response'
+  );
+}
+
+/**
+ * Creates a GraphQL error
+ */
+export function createGraphQLError(operation: string, reason: string): AmplifyAstroAdapterError {
+  return new AmplifyAstroAdapterError(
+    `GraphQL ${operation} failed: ${reason}`,
+    ErrorCodes.GRAPHQL_ERROR,
+    'Check network connectivity and GraphQL schema configuration'
+  );
+}
+
+/**
+ * Creates a context creation failed error
+ */
+export function createContextCreationError(reason: string): AmplifyAstroAdapterError {
+  return new AmplifyAstroAdapterError(
+    `Server context creation failed: ${reason}`,
+    ErrorCodes.CONTEXT_CREATION_FAILED,
+    'Verify Amplify configuration and authentication setup'
+  );
+}
+
+/**
+ * Creates a token refresh failed error
+ */
+export function createTokenRefreshError(reason: string): AmplifyAstroAdapterError {
+  return new AmplifyAstroAdapterError(
+    `Token refresh failed: ${reason}`,
+    ErrorCodes.TOKEN_REFRESH_FAILED,
+    'User may need to re-authenticate or check refresh token validity'
+  );
+}

package/src/amplify-astro-adapter/globalSettings.test.ts

@@ -0,0 +1,78 @@
+import { describe, it, expect, beforeEach } from "vitest";
+import { globalSettings } from "./globalSettings";
+
+describe("globalSettings", () => {
+	beforeEach(() => {
+		// Reset settings before each test
+		globalSettings.setRuntimeOptions({});
+		globalSettings.setIsSSLOrigin(false);
+	});
+
+	describe("runtimeOptions", () => {
+		it("should set and get runtime options", () => {
+			const options = {
+				cookies: {
+					domain: "example.com",
+					httpOnly: true,
+					secure: true,
+				},
+			};
+
+			globalSettings.setRuntimeOptions(options);
+			expect(globalSettings.getRuntimeOptions()).toEqual(options);
+		});
+
+		it("should handle empty options", () => {
+			globalSettings.setRuntimeOptions({});
+			expect(globalSettings.getRuntimeOptions()).toEqual({});
+		});
+
+		it("should handle undefined options", () => {
+			globalSettings.setRuntimeOptions(undefined as any);
+			expect(globalSettings.getRuntimeOptions()).toEqual({});
+		});
+	});
+
+	describe("serverSideAuth", () => {
+		it("should be enabled by default", () => {
+			// The implementation starts with serverSideAuthEnabled = true
+			expect(globalSettings.isServerSideAuthEnabled()).toBe(true);
+		});
+
+		it("should enable server-side auth", () => {
+			globalSettings.enableServerSideAuth();
+			expect(globalSettings.isServerSideAuthEnabled()).toBe(true);
+		});
+
+		it("should remain enabled after multiple calls", () => {
+			globalSettings.enableServerSideAuth();
+			globalSettings.enableServerSideAuth();
+			expect(globalSettings.isServerSideAuthEnabled()).toBe(true);
+		});
+	});
+
+	describe("SSL origin", () => {
+		it("should start as false", () => {
+			expect(globalSettings.isSSLOrigin()).toBe(false);
+		});
+
+		it("should set SSL origin to true", () => {
+			globalSettings.setIsSSLOrigin(true);
+			expect(globalSettings.isSSLOrigin()).toBe(true);
+		});
+
+		it("should set SSL origin to false", () => {
+			globalSettings.setIsSSLOrigin(true);
+			globalSettings.setIsSSLOrigin(false);
+			expect(globalSettings.isSSLOrigin()).toBe(false);
+		});
+
+		it("should toggle SSL origin", () => {
+			expect(globalSettings.isSSLOrigin()).toBe(false);
+			globalSettings.setIsSSLOrigin(true);
+			expect(globalSettings.isSSLOrigin()).toBe(true);
+			globalSettings.setIsSSLOrigin(false);
+			expect(globalSettings.isSSLOrigin()).toBe(false);
+		});
+	});
+});

package/src/amplify-astro-adapter/globalSettings.ts

@@ -0,0 +1,16 @@
+import type { AstroServer } from './types';
+
+export const globalSettings: AstroServer.GlobalSettings = (() => {
+  let runtimeOptions: AstroServer.RuntimeOptions = {};
+  let serverSideAuthEnabled = true;
+  let sslOrigin = false;
+
+  return {
+    setRuntimeOptions(opts) { runtimeOptions = opts ?? {}; },
+    getRuntimeOptions() { return runtimeOptions; },
+    enableServerSideAuth() { serverSideAuthEnabled = true; },
+    isServerSideAuthEnabled() { return serverSideAuthEnabled; },
+    setIsSSLOrigin(v: boolean) { sslOrigin = v; },
+    isSSLOrigin() { return sslOrigin; },
+  };
+})();

package/src/amplify-astro-adapter/index.ts

@@ -0,0 +1,14 @@
+/**
+ * Amplify Astro Adapter
+ * 
+ * Provides server-side authentication support for Astro with AWS Amplify
+ */
+
+export { createRunWithAmplifyServerContext } from './createRunWithAmplifyServerContext';
+export { createCookieStorageAdapterFromAstroContext } from './createCookieStorageAdapterFromAstroContext';
+export { globalSettings } from './globalSettings';
+export * from './types';
+export * from './errors';
+
+// Re-export logger for convenience
+export { logger, createLogger } from '../utils/logger';

package/src/amplify-astro-adapter/types.ts

@@ -0,0 +1,55 @@
+import type { ResourcesConfig } from 'aws-amplify';
+import type { CookieStorage } from 'aws-amplify/adapter-core';
+
+/**
+ * Amplify configuration structure matching amplify_outputs.json format
+ */
+export type AstroAmplifyConfig = ResourcesConfig;
+
+export namespace AstroServer {
+  export type RuntimeCookieOptions = CookieStorage.SetCookieOptions & {
+    domain?: string;
+  };
+
+  export interface RuntimeOptions {
+    cookies?: RuntimeCookieOptions;
+  }
+
+  export interface AstroComponentContext {
+    cookies: import('astro').AstroGlobal['cookies'];
+    request: Request;
+  }
+
+  export interface APIEndpointContext {
+    cookies: import('astro').APIContext['cookies'];
+    request: Request;
+  }
+
+  export type ServerContext =
+    | AstroComponentContext
+    | APIEndpointContext
+    | null;
+
+  export interface GlobalSettings {
+    setRuntimeOptions(opts: RuntimeOptions): void;
+    getRuntimeOptions(): RuntimeOptions;
+    enableServerSideAuth(): void;
+    isServerSideAuthEnabled(): boolean;
+    setIsSSLOrigin(val: boolean): void;
+    isSSLOrigin(): boolean;
+  }
+
+  export type RunOperationWithContext = <T>(input: {
+    astroServerContext: ServerContext;
+    operation: (contextSpec: unknown) => Promise<T>;
+  }) => Promise<T>;
+
+  export interface CreateServerRunnerInput {
+    config: ResourcesConfig;
+    runtimeOptions?: RuntimeOptions;
+  }
+
+  export interface CreateServerRunnerOutput {
+    runWithAmplifyServerContext: RunOperationWithContext;
+  }
+}