@iqauth/sdk 2.0.0

package/dist/fastify.mjs

@@ -0,0 +1,118 @@
+import {
+  handleCallback,
+  handleRefresh,
+  handleSignout,
+  serializeCookie
+} from "./chunk-5HF3OBNO.mjs";
+import {
+  parsePublishableKey
+} from "./chunk-5WFR6Y33.mjs";
+import {
+  IQAuthClient
+} from "./chunk-JQWYIIIS.mjs";
+import {
+  IQAuthError
+} from "./chunk-6I6RM4MN.mjs";
+import "./chunk-Y6FXYEAI.mjs";
+
+// src/fastify.ts
+var KNOWN_AUTH_ERRORS = /* @__PURE__ */ new Set([
+  "TOKEN_INVALID",
+  "TOKEN_EXPIRED",
+  "TOKEN_REVOKED",
+  "SESSION_EXPIRED",
+  "SESSION_INVALID",
+  "AUTH_REQUIRED"
+]);
+function applyResponse(reply, hr) {
+  for (const c of hr.cookies) {
+    const cookie = serializeCookie(c);
+    const existing = reply.getHeader?.("set-cookie") ?? [];
+    const list = Array.isArray(existing) ? existing : [existing];
+    list.push(cookie);
+    reply.header("set-cookie", list);
+  }
+  reply.code(hr.status).send(hr.body);
+}
+function readCookie(req, name) {
+  if (req.cookies && typeof req.cookies[name] === "string") return req.cookies[name];
+  const raw = req.headers?.cookie;
+  if (typeof raw !== "string") return void 0;
+  const target = `${name}=`;
+  for (const seg of raw.split(";")) {
+    const t = seg.trim();
+    if (t.startsWith(target)) {
+      try {
+        return decodeURIComponent(t.slice(target.length));
+      } catch {
+        return t.slice(target.length);
+      }
+    }
+  }
+  return void 0;
+}
+async function iqAuth(fastify, options) {
+  const parsed = parsePublishableKey(options.publishableKey);
+  if (!parsed) throw new Error("@iqauth/sdk/fastify: invalid publishable key");
+  const issuer = (options.issuer ?? (parsed.iss.startsWith("http") ? parsed.iss : `https://${parsed.iss}`)).replace(/\/+$/, "");
+  const helperConfig = { ...options, issuer };
+  const client = new IQAuthClient({ baseUrl: issuer, environment: "server" });
+  const accessCookie = options.accessCookieName ?? "iqauth_at";
+  const refreshCookie = options.refreshCookieName ?? "iqauth_rt";
+  const mount = (options.mountPath ?? "/api/iqauth").replace(/\/+$/, "");
+  const mountHelpers = options.mountHelperRoutes !== false;
+  const isPublic = (p) => {
+    if (mountHelpers && p.startsWith(mount + "/")) return true;
+    if (Array.isArray(options.publicPaths)) return options.publicPaths.includes(p);
+    if (typeof options.publicPaths === "function") return options.publicPaths(p);
+    return false;
+  };
+  fastify.addHook("preHandler", async (req, reply) => {
+    const path = req.url?.split("?")[0] ?? "";
+    if (isPublic(path)) return;
+    const auth = req.headers?.authorization;
+    let token;
+    if (typeof auth === "string" && auth.startsWith("Bearer ")) token = auth.slice(7);
+    if (!token) token = readCookie(req, accessCookie);
+    if (!token) {
+      reply.code(401).send({ success: false, error: { code: "TOKEN_INVALID", message: "Missing access token" } });
+      return reply;
+    }
+    try {
+      req.auth = await client.tokens.verify(token);
+    } catch (err) {
+      if (err instanceof IQAuthError && KNOWN_AUTH_ERRORS.has(err.code)) {
+        reply.code(401).send({ success: false, error: { code: err.code, message: err.message } });
+        return reply;
+      }
+      reply.code(500).send({ success: false, error: { code: "INTERNAL_ERROR", message: "Authentication failed" } });
+      return reply;
+    }
+  });
+  if (mountHelpers) {
+    fastify.post(`${mount}/callback`, async (req, reply) => {
+      const body = req.body || {};
+      applyResponse(reply, await handleCallback(helperConfig, {
+        code: body.code,
+        codeVerifier: body.codeVerifier,
+        redirectUri: body.redirectUri
+      }));
+    });
+    fastify.post(`${mount}/refresh`, async (req, reply) => {
+      const body = req.body || {};
+      const refreshToken = body.refreshToken || readCookie(req, refreshCookie);
+      applyResponse(reply, await handleRefresh(helperConfig, { refreshToken }));
+    });
+    fastify.post(`${mount}/signout`, async (req, reply) => {
+      const auth = req.headers?.authorization;
+      const accessToken = (typeof auth === "string" ? auth.replace(/^Bearer /i, "") : void 0) || readCookie(req, accessCookie);
+      applyResponse(reply, await handleSignout(helperConfig, { accessToken }));
+    });
+  }
+  fastify.decorate("iqauth", { client, issuer });
+}
+var fastify_default = iqAuth;
+export {
+  fastify_default as default,
+  iqAuth
+};

package/dist/hono.d.mts

@@ -0,0 +1,22 @@
+import { IQAuthHelperConfig } from './server/handlers.mjs';
+
+/**
+ * @iqauth/sdk/hono — Hono adapter.
+ *
+ *   import { Hono } from "hono";
+ *   import { iqAuth } from "@iqauth/sdk/hono";
+ *   const app = new Hono();
+ *   app.use("*", iqAuth({ publishableKey, secretKey }));
+ *
+ * Returns a single middleware function. When `mountHelperRoutes` is true
+ * (the default), the middleware also serves the helper POST routes inline.
+ */
+
+interface IQAuthHonoOptions extends IQAuthHelperConfig {
+    mountPath?: string;
+    mountHelperRoutes?: boolean;
+    publicPaths?: string[] | ((path: string) => boolean);
+}
+declare function iqAuth(options: IQAuthHonoOptions): (c: any, next: () => Promise<void>) => Promise<any>;
+
+export { type IQAuthHonoOptions, iqAuth };

package/dist/hono.d.ts

@@ -0,0 +1,22 @@
+import { IQAuthHelperConfig } from './server/handlers.js';
+
+/**
+ * @iqauth/sdk/hono — Hono adapter.
+ *
+ *   import { Hono } from "hono";
+ *   import { iqAuth } from "@iqauth/sdk/hono";
+ *   const app = new Hono();
+ *   app.use("*", iqAuth({ publishableKey, secretKey }));
+ *
+ * Returns a single middleware function. When `mountHelperRoutes` is true
+ * (the default), the middleware also serves the helper POST routes inline.
+ */
+
+interface IQAuthHonoOptions extends IQAuthHelperConfig {
+    mountPath?: string;
+    mountHelperRoutes?: boolean;
+    publicPaths?: string[] | ((path: string) => boolean);
+}
+declare function iqAuth(options: IQAuthHonoOptions): (c: any, next: () => Promise<void>) => Promise<any>;
+
+export { type IQAuthHonoOptions, iqAuth };