@iqauth/sdk 2.0.0

package/dist/express.mjs

@@ -0,0 +1,122 @@
+import {
+  DEFAULT_REFRESH_COOKIE,
+  iqAuthMiddleware
+} from "./chunk-73R6BEGO.mjs";
+import {
+  handleCallback,
+  handleRefresh,
+  handleSignout
+} from "./chunk-5HF3OBNO.mjs";
+import {
+  parsePublishableKey
+} from "./chunk-5WFR6Y33.mjs";
+import {
+  IQAuthClient
+} from "./chunk-JQWYIIIS.mjs";
+import {
+  ErrorCodes,
+  IQAuthError
+} from "./chunk-6I6RM4MN.mjs";
+import "./chunk-Y6FXYEAI.mjs";
+
+// src/express.ts
+function applyHandlerResponse(res, hr) {
+  for (const c of hr.cookies) {
+    if (typeof res.cookie === "function") {
+      const opts = {
+        httpOnly: c.httpOnly,
+        secure: c.secure,
+        sameSite: c.sameSite,
+        path: c.path,
+        maxAge: c.maxAge * 1e3
+      };
+      if (c.domain) opts.domain = c.domain;
+      res.cookie(c.name, c.value, opts);
+    } else {
+      const existing = res.getHeader?.("Set-Cookie") || [];
+      const list = Array.isArray(existing) ? existing : [existing];
+      const parts = [`${c.name}=${encodeURIComponent(c.value)}`, `Path=${c.path}`, `Max-Age=${c.maxAge}`, `SameSite=${c.sameSite}`];
+      if (c.secure) parts.push("Secure");
+      if (c.httpOnly) parts.push("HttpOnly");
+      if (c.domain) parts.push(`Domain=${c.domain}`);
+      list.push(parts.join("; "));
+      res.setHeader?.("Set-Cookie", list);
+    }
+  }
+  res.status(hr.status).json(hr.body);
+}
+function readBody(req) {
+  return req.body && typeof req.body === "object" ? req.body : {};
+}
+function readCookieFromReq(req, name) {
+  if (req.cookies && typeof req.cookies[name] === "string") return req.cookies[name];
+  const header = req.headers?.cookie;
+  if (typeof header !== "string") return void 0;
+  const target = `${name}=`;
+  for (const seg of header.split(";")) {
+    const t = seg.trim();
+    if (t.startsWith(target)) {
+      try {
+        return decodeURIComponent(t.slice(target.length));
+      } catch {
+        return t.slice(target.length);
+      }
+    }
+  }
+  return void 0;
+}
+function iqAuth(options) {
+  const parsed = parsePublishableKey(options.publishableKey);
+  if (!parsed) {
+    throw new Error("@iqauth/sdk/express: invalid publishable key");
+  }
+  const issuer = (options.issuer ?? (parsed.iss.startsWith("http") ? parsed.iss : `https://${parsed.iss}`)).replace(/\/+$/, "");
+  const client = new IQAuthClient({
+    baseUrl: issuer,
+    environment: "server"
+  });
+  const verify = iqAuthMiddleware(client, options);
+  const helperConfig = { ...options, issuer };
+  const mount = (options.mountPath ?? "/api/iqauth").replace(/\/+$/, "");
+  const refreshCookie = options.refreshCookieName ?? DEFAULT_REFRESH_COOKIE;
+  const accessCookie = options.accessCookieName ?? "iqauth_at";
+  const mountHelpers = options.mountHelperRoutes !== false;
+  const middleware = (req, res, next) => {
+    const path = req.path || req.url || "";
+    if (mountHelpers && path.startsWith(mount + "/")) return next();
+    return verify(req, res, next);
+  };
+  const attachHelpers = (app) => {
+    app.post(`${mount}/callback`, async (req, res) => {
+      const body = readBody(req);
+      const hr = await handleCallback(helperConfig, {
+        code: body.code,
+        codeVerifier: body.codeVerifier,
+        redirectUri: body.redirectUri
+      });
+      applyHandlerResponse(res, hr);
+    });
+    app.post(`${mount}/refresh`, async (req, res) => {
+      const body = readBody(req);
+      const refreshToken = body.refreshToken || readCookieFromReq(req, refreshCookie);
+      const hr = await handleRefresh(helperConfig, { refreshToken });
+      applyHandlerResponse(res, hr);
+    });
+    app.post(`${mount}/signout`, async (req, res) => {
+      const accessToken = req.headers?.authorization?.replace(/^Bearer /i, "") || readCookieFromReq(req, accessCookie);
+      const hr = await handleSignout(helperConfig, { accessToken });
+      applyHandlerResponse(res, hr);
+    });
+  };
+  const composed = (req, res, next) => middleware(req, res, next);
+  composed.middleware = middleware;
+  composed.attachHelpers = attachHelpers;
+  composed.client = client;
+  return composed;
+}
+export {
+  ErrorCodes,
+  IQAuthError,
+  iqAuth,
+  iqAuthMiddleware
+};

package/dist/fastify.d.mts

@@ -0,0 +1,23 @@
+import { IQAuthHelperConfig } from './server/handlers.mjs';
+
+/**
+ * @iqauth/sdk/fastify — Fastify adapter.
+ *
+ *   import Fastify from "fastify";
+ *   import { iqAuth } from "@iqauth/sdk/fastify";
+ *   const app = Fastify();
+ *   await app.register(iqAuth, { publishableKey: ..., secretKey: ... });
+ *
+ * The plugin verifies bearer / cookie tokens, attaches `request.auth`, and
+ * mounts /api/iqauth/{callback,refresh,signout}.
+ */
+
+interface IQAuthFastifyOptions extends IQAuthHelperConfig {
+    mountPath?: string;
+    mountHelperRoutes?: boolean;
+    /** Routes that bypass verification (e.g. health checks). */
+    publicPaths?: string[] | ((path: string) => boolean);
+}
+declare function iqAuth(fastify: any, options: IQAuthFastifyOptions): Promise<void>;
+
+export { type IQAuthFastifyOptions, iqAuth as default, iqAuth };

package/dist/fastify.d.ts

@@ -0,0 +1,23 @@
+import { IQAuthHelperConfig } from './server/handlers.js';
+
+/**
+ * @iqauth/sdk/fastify — Fastify adapter.
+ *
+ *   import Fastify from "fastify";
+ *   import { iqAuth } from "@iqauth/sdk/fastify";
+ *   const app = Fastify();
+ *   await app.register(iqAuth, { publishableKey: ..., secretKey: ... });
+ *
+ * The plugin verifies bearer / cookie tokens, attaches `request.auth`, and
+ * mounts /api/iqauth/{callback,refresh,signout}.
+ */
+
+interface IQAuthFastifyOptions extends IQAuthHelperConfig {
+    mountPath?: string;
+    mountHelperRoutes?: boolean;
+    /** Routes that bypass verification (e.g. health checks). */
+    publicPaths?: string[] | ((path: string) => boolean);
+}
+declare function iqAuth(fastify: any, options: IQAuthFastifyOptions): Promise<void>;
+
+export { type IQAuthFastifyOptions, iqAuth as default, iqAuth };