npm - @mastra/auth - Versions diffs - 1.0.2-alpha.0 → 1.0.3-alpha.0 - Mend

@mastra/auth 1.0.2-alpha.0 → 1.0.3-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/CHANGELOG.md +30 -0
package/dist/docs/SKILL.md +2 -2
package/dist/docs/assets/SOURCE_MAP.json +1 -1
package/dist/docs/references/docs-server-auth-custom-auth-provider.md +3 -5
package/dist/docs/references/docs-server-auth-jwt.md +18 -14
package/dist/docs/references/docs-server-auth.md +10 -7
package/dist/docs/references/reference-auth-jwt.md +1 -1
package/dist/index.cjs +2 -156
package/dist/index.cjs.map +1 -1
package/dist/index.js +1 -155
package/dist/index.js.map +1 -1
package/package.json +14 -10

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,35 @@
 # @mastra/auth
+## 1.0.3-alpha.0
+### Patch Changes
+- Security remediation for the 2026-06-17 "easy-day-js" supply-chain incident. Patch bump to publish clean versions and move the `latest` dist-tag forward, superseding the compromised versions that declared the malicious `easy-day-js` dependency. ([#18056](https://github.com/mastra-ai/mastra/pull/18056))
+- Updated dependencies [[`77a2351`](https://github.com/mastra-ai/mastra/commit/77a2351ee79296e360bce822cb3391f7cfd6489d)]:
+  - @mastra/core@1.43.1-alpha.0
+## 1.0.2
+### Patch Changes
+- Fixed Studio showing unauthenticated state when using `MastraJwtAuth` with custom headers. `MastraJwtAuth` now implements the `IUserProvider` interface (`getCurrentUser`/`getUser`), so the Studio capabilities endpoint can resolve the authenticated user from the JWT Bearer token. ([#14411](https://github.com/mastra-ai/mastra/pull/14411))
+  Also added an optional `mapUser` option to customize how JWT claims are mapped to user fields:
+  ```typescript
+  new MastraJwtAuth({
+    secret: process.env.JWT_SECRET,
+    mapUser: payload => ({
+      id: payload.userId,
+      name: payload.displayName,
+      email: payload.mail,
+    }),
+  });
+  ```
+  Closes #14350
 ## 1.0.2-alpha.0
 ### Patch Changes

package/dist/docs/SKILL.md CHANGED Viewed

@@ -3,7 +3,7 @@ name: mastra-auth
 description: Documentation for @mastra/auth. Use when working with @mastra/auth APIs, configuration, or implementation.
 metadata:
   package: "@mastra/auth"
-  version: "1.0.2-alpha.0"
+  version: "1.0.3-alpha.0"
 ---
 ## When to use
@@ -18,7 +18,7 @@ Read the individual reference documents for detailed explanations and code examp
 - [Auth overview](references/docs-server-auth.md) - Learn about different auth options for securing your Mastra API and Studio.
 - [Custom auth provider](references/docs-server-auth-custom-auth-provider.md) - Create custom authentication providers for specialized identity systems
-- [MastraJwtAuth class](references/docs-server-auth-jwt.md) - Documentation for the MastraJwtAuth class, which authenticates Mastra applications using JSON Web Tokens.
+- [JSON Web Token](references/docs-server-auth-jwt.md) - Documentation for JSON Web Token usage inside Mastra.
 ### Reference

package/dist/docs/assets/SOURCE_MAP.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "1.0.2-alpha.0",
+  "version": "1.0.3-alpha.0",
   "package": "@mastra/auth",
   "exports": {},
   "modules": {}

package/dist/docs/references/docs-server-auth-custom-auth-provider.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# Custom auth providers
+# Custom auth provider
 Custom auth providers allow you to implement authentication for identity systems that aren't covered by the built-in providers. Extend the `MastraAuthProvider` base class to integrate with any authentication system.
@@ -507,7 +507,5 @@ See the [source code](https://github.com/mastra-ai/mastra/tree/main/auth) for im
 ## Related
-- [Auth Overview](https://mastra.ai/docs/server/auth) - Authentication concepts and configuration
-- [JWT Auth](https://mastra.ai/docs/server/auth/jwt) - Simple JWT authentication
-- [Clerk Auth](https://mastra.ai/docs/server/auth/clerk) - Clerk integration
-- [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) - Controlling authentication on custom endpoints
+- [Auth Overview](https://mastra.ai/docs/server/auth): Authentication concepts and configuration
+- [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes): Controlling authentication on custom endpoints

package/dist/docs/references/docs-server-auth-jwt.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# MastraJwtAuth class
+# JSON Web Token
 The `MastraJwtAuth` class provides a lightweight authentication mechanism for Mastra using JSON Web Tokens (JWTs). It verifies incoming requests based on a shared secret and integrates with the Mastra server using the `auth` option.
@@ -30,8 +30,22 @@ yarn add @mastra/auth@latest
 bun add @mastra/auth@latest
 ```
+## Creating a JWT
+To authenticate requests to your Mastra server, you'll need a valid JSON Web Token (JWT) signed with your `MASTRA_JWT_SECRET`.
+The easiest way to generate one is using [jwt.io](https://www.jwt.io/):
+1. Select **JWT Encoder**.
+2. Scroll down to the **Sign JWT: Secret** section.
+3. Enter your secret (for example: `supersecretdevkeythatishs256safe!`).
+4. Click **Generate example** to create a valid JWT.
+5. Copy the generated token and set it as `MASTRA_JWT_TOKEN` in your `.env` file.
 ## Usage example
+Take your generated JWT and use it to configure `MastraJwtAuth` in your Mastra server:
 ```typescript
 import { Mastra } from '@mastra/core'
 import { MastraJwtAuth } from '@mastra/auth'
@@ -47,6 +61,8 @@ export const mastra = new Mastra({
 > **Info:** Visit [MastraJwtAuth](https://mastra.ai/reference/auth/jwt) for all available configuration options.
+Inside [Studio](https://mastra.ai/docs/studio/overview), go to **Settings** and under **Headers** select the **"Add Header"** button. Enter `Authorization` as the header name and `Bearer <your-jwt>` as the value.
 ## Configuring `MastraClient`
 When `auth` is enabled, all requests made with `MastraClient` must include a valid JWT in the `Authorization` header:
@@ -95,16 +111,4 @@ curl -X POST http://localhost:4111/api/agents/weatherAgent/generate \
   -d '{
     "messages": "Weather in London"
   }'
-```
-## Creating a JWT
-To authenticate requests to your Mastra server, you'll need a valid JSON Web Token (JWT) signed with your `MASTRA_JWT_SECRET`.
-The easiest way to generate one is using [jwt.io](https://www.jwt.io/):
-1. Select **JWT Encoder**.
-2. Scroll down to the **Sign JWT: Secret** section.
-3. Enter your secret (for example: `supersecretdevkeythatishs256safe!`).
-4. Click **Generate example** to create a valid JWT.
-5. Copy the generated token and set it as `MASTRA_JWT_TOKEN` in your `.env` file.
+```

package/dist/docs/references/docs-server-auth.md CHANGED Viewed

@@ -1,8 +1,8 @@
 # Auth overview
-Mastra lets you choose how you handle authentication, so you can secure access to your API and [Studio](https://mastra.ai/docs/getting-started/studio) using the identity system that fits your stack.
+Mastra lets you choose how you handle authentication, so you can secure access to your API and [Studio](https://mastra.ai/docs/studio/overview) using the identity system that fits your stack.
-You can start with basic shared secret JWT authentication and switch to providers like Supabase, Firebase Auth, Auth0, Clerk, or WorkOS when you need more advanced identity features.
+You can start with basic shared secret JWT authentication and switch to known providers when you need more advanced identity features.
 ## What auth secures
@@ -13,14 +13,16 @@ Configuring authentication locks down two things at once:
 Authentication is optional. If no auth is configured, all routes and Studio are publicly accessible. Public access can be enabled on individual custom routes using `requiresAuth: false`.
-See [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) for controlling authentication on custom endpoints.
+See [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) for controlling authentication on custom endpoints. Visit the [Studio Auth docs](https://mastra.ai/docs/studio/auth) for more on securing your Studio deployment.
+> **Note:** Authentication for Studio is currently supported by the following providers: Simple Auth, JWT, WorkOS, and Better Auth.
 ## Available providers
 ### Built-in
-- [Simple Auth](https://mastra.ai/docs/server/auth/simple-auth) - Token-to-user mapping for development and API keys
-- [JSON Web Token (JWT)](https://mastra.ai/docs/server/auth/jwt) - HMAC-signed JWT verification
+- [Simple Auth](https://mastra.ai/docs/server/auth/simple-auth): Token-to-user mapping for development and API keys
+- [JSON Web Token (JWT)](https://mastra.ai/docs/server/auth/jwt): HMAC-signed JWT verification
 ### Third-party integrations
@@ -28,10 +30,11 @@ See [Custom API Routes](https://mastra.ai/docs/server/custom-api-routes) for con
 - [Better Auth](https://mastra.ai/docs/server/auth/better-auth)
 - [Clerk](https://mastra.ai/docs/server/auth/clerk)
 - [Firebase](https://mastra.ai/docs/server/auth/firebase)
+- [Okta](https://mastra.ai/docs/server/auth/okta)
 - [Supabase](https://mastra.ai/docs/server/auth/supabase)
 - [WorkOS](https://mastra.ai/docs/server/auth/workos)
 ### Advanced
-- [Composite Auth](https://mastra.ai/docs/server/auth/composite-auth) - Combine multiple auth providers
-- [Custom Auth Provider](https://mastra.ai/docs/server/auth/custom-auth-provider) - Build your own provider
+- [Composite Auth](https://mastra.ai/docs/server/auth/composite-auth): Combine multiple auth providers
+- [Custom Auth Provider](https://mastra.ai/docs/server/auth/custom-auth-provider): Build your own provider

package/dist/docs/references/reference-auth-jwt.md CHANGED Viewed

@@ -23,4 +23,4 @@ export const mastra = new Mastra({
 ## Related
-[MastraJwtAuth](https://mastra.ai/docs/server/auth/jwt)
+- [JSON Web Token](https://mastra.ai/docs/server/auth/jwt)

package/dist/index.cjs CHANGED Viewed

@@ -2,6 +2,7 @@
 var jwt = require('jsonwebtoken');
 var jwksClient = require('jwks-rsa');
+var server = require('@mastra/core/server');
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
@@ -32,161 +33,6 @@ async function verifyJwks(accessToken, jwksUri) {
   const signingKey = key.getPublicKey();
   return jwt__default.default.verify(accessToken, signingKey);
 }
-// ../core/dist/chunk-X2WMFSPB.js
-var RegisteredLogger = {
-  LLM: "LLM"};
-var LogLevel = {
-  DEBUG: "debug",
-  INFO: "info",
-  WARN: "warn",
-  ERROR: "error"};
-var MastraLogger = class {
-  name;
-  level;
-  transports;
-  constructor(options = {}) {
-    this.name = options.name || "Mastra";
-    this.level = options.level || LogLevel.ERROR;
-    this.transports = new Map(Object.entries(options.transports || {}));
-  }
-  getTransports() {
-    return this.transports;
-  }
-  trackException(_error) {
-  }
-  async listLogs(transportId, params) {
-    if (!transportId || !this.transports.has(transportId)) {
-      return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };
-    }
-    return this.transports.get(transportId).listLogs(params) ?? {
-      logs: [],
-      total: 0,
-      page: params?.page ?? 1,
-      perPage: params?.perPage ?? 100,
-      hasMore: false
-    };
-  }
-  async listLogsByRunId({
-    transportId,
-    runId,
-    fromDate,
-    toDate,
-    logLevel,
-    filters,
-    page,
-    perPage
-  }) {
-    if (!transportId || !this.transports.has(transportId) || !runId) {
-      return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };
-    }
-    return this.transports.get(transportId).listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
-      logs: [],
-      total: 0,
-      page: page ?? 1,
-      perPage: perPage ?? 100,
-      hasMore: false
-    };
-  }
-};
-var ConsoleLogger = class extends MastraLogger {
-  constructor(options = {}) {
-    super(options);
-  }
-  debug(message, ...args) {
-    if (this.level === LogLevel.DEBUG) {
-      console.info(message, ...args);
-    }
-  }
-  info(message, ...args) {
-    if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
-      console.info(message, ...args);
-    }
-  }
-  warn(message, ...args) {
-    if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
-      console.info(message, ...args);
-    }
-  }
-  error(message, ...args) {
-    if (this.level === LogLevel.ERROR || this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
-      console.error(message, ...args);
-    }
-  }
-  async listLogs(_transportId, _params) {
-    return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };
-  }
-  async listLogsByRunId(_args) {
-    return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };
-  }
-};
-// ../core/dist/chunk-WCAFTXGK.js
-var MastraBase = class {
-  component = RegisteredLogger.LLM;
-  logger;
-  name;
-  #rawConfig;
-  constructor({
-    component,
-    name,
-    rawConfig
-  }) {
-    this.component = component || RegisteredLogger.LLM;
-    this.name = name;
-    this.#rawConfig = rawConfig;
-    this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
-  }
-  /**
-   * Returns the raw storage configuration this primitive was created from,
-   * or undefined if it was created from code.
-   */
-  toRawConfig() {
-    return this.#rawConfig;
-  }
-  /**
-   * Sets the raw storage configuration for this primitive.
-   * @internal
-   */
-  __setRawConfig(rawConfig) {
-    this.#rawConfig = rawConfig;
-  }
-  /**
-   * Set the logger for the agent
-   * @param logger
-   */
-  __setLogger(logger) {
-    this.logger = logger;
-    if (this.component !== RegisteredLogger.LLM) {
-      this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
-    }
-  }
-};
-// ../core/dist/server/index.js
-var MastraAuthProvider = class extends MastraBase {
-  protected;
-  public;
-  constructor(options) {
-    super({ component: "AUTH", name: options?.name });
-    if (options?.authorizeUser) {
-      this.authorizeUser = options.authorizeUser.bind(this);
-    }
-    this.protected = options?.protected;
-    this.public = options?.public;
-  }
-  registerOptions(opts) {
-    if (opts?.authorizeUser) {
-      this.authorizeUser = opts.authorizeUser.bind(this);
-    }
-    if (opts?.protected) {
-      this.protected = opts.protected;
-    }
-    if (opts?.public) {
-      this.public = opts.public;
-    }
-  }
-};
 function str(value) {
   return typeof value === "string" ? value : void 0;
 }
@@ -202,7 +48,7 @@ function defaultMapUser(payload) {
     avatarUrl: str(payload.avatarUrl) || str(payload.avatar_url) || str(payload.picture)
   };
 }
-var MastraJwtAuth = class extends MastraAuthProvider {
+var MastraJwtAuth = class extends server.MastraAuthProvider {
   secret;
   mapUser;
   constructor(options) {

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt","jwksClient"],"mappings":";;;;;;;;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAASC,2BAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAOD,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAaP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACKO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;AACA,EAAA,UAAA;EAEA,WAAA,CAAY;AACV,IAAA,SAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAKC;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;EAMA,WAAA,GAAmD;AACjD,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;;;;;AAMA,EAAA,cAAA,CAAe,SAAA,EAA0C;AACvD,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AACpB,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACnCO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AC9CA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,oBAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n WORKSPACE: 'WORKSPACE',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name \|\| 'Mastra';\n this.level = options.level \|\| LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports \|\| {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId \|\| !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR \|\|\n this.level === LogLevel.WARN \|\|\n this.level === LogLevel.INFO \|\|\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n #rawConfig?: Record<string, unknown>;\n\n constructor({\n component,\n name,\n rawConfig,\n }: {\n component?: RegisteredLogger;\n name?: string;\n rawConfig?: Record<string, unknown>;\n }) {\n this.component = component \|\| RegisteredLogger.LLM;\n this.name = name;\n this.#rawConfig = rawConfig;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /*\n Returns the raw storage configuration this primitive was created from,\n * or undefined if it was created from code.\n /\n toRawConfig(): Record<string, unknown> \| undefined {\n return this.#rawConfig;\n }\n\n /\n Sets the raw storage configuration for this primitive.\n * @internal\n /\n __setRawConfig(rawConfig: Record<string, unknown>): void {\n this.#rawConfig = rawConfig;\n }\n\n /\n Set the logger for the agent\n * @param logger\n /\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> \| boolean;\n /*\n Protected paths for the auth provider\n /\n protected?: MastraAuthConfig['protected'];\n /\n Public paths for the auth provider\n /\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /\n Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n /\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser \| null>;\n\n /\n Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> \| boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User \| null;\n}\n\nfunction str(value: unknown): string \| undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User \| null {\n const id = str(payload.sub) \|\| str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) \|\| str(payload.avatar_url) \|\| str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User \| null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User \| null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User \| null> {\n return null;\n }\n}\n"]}
1	+ {"version":3,"sources":["../src/utils.ts","../src/jwt.ts"],"names":["jwt","jwksClient","MastraAuthProvider"],"mappings":";;;;;;;;;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAOA,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAUA,oBAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAASC,2BAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAOD,oBAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;ACrBA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4BE,yBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOF,oBAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User \| null;\n}\n\nfunction str(value: unknown): string \| undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User \| null {\n const id = str(payload.sub) \|\| str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) \|\| str(payload.avatar_url) \|\| str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User \| null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User \| null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User \| null> {\n return null;\n }\n}\n"]}

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import jwt from 'jsonwebtoken';
 import jwksClient from 'jwks-rsa';
+import { MastraAuthProvider } from '@mastra/core/server';
 // src/utils.ts
 async function decodeToken(accessToken) {
@@ -25,161 +26,6 @@ async function verifyJwks(accessToken, jwksUri) {
   const signingKey = key.getPublicKey();
   return jwt.verify(accessToken, signingKey);
 }
-// ../core/dist/chunk-X2WMFSPB.js
-var RegisteredLogger = {
-  LLM: "LLM"};
-var LogLevel = {
-  DEBUG: "debug",
-  INFO: "info",
-  WARN: "warn",
-  ERROR: "error"};
-var MastraLogger = class {
-  name;
-  level;
-  transports;
-  constructor(options = {}) {
-    this.name = options.name || "Mastra";
-    this.level = options.level || LogLevel.ERROR;
-    this.transports = new Map(Object.entries(options.transports || {}));
-  }
-  getTransports() {
-    return this.transports;
-  }
-  trackException(_error) {
-  }
-  async listLogs(transportId, params) {
-    if (!transportId || !this.transports.has(transportId)) {
-      return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };
-    }
-    return this.transports.get(transportId).listLogs(params) ?? {
-      logs: [],
-      total: 0,
-      page: params?.page ?? 1,
-      perPage: params?.perPage ?? 100,
-      hasMore: false
-    };
-  }
-  async listLogsByRunId({
-    transportId,
-    runId,
-    fromDate,
-    toDate,
-    logLevel,
-    filters,
-    page,
-    perPage
-  }) {
-    if (!transportId || !this.transports.has(transportId) || !runId) {
-      return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };
-    }
-    return this.transports.get(transportId).listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {
-      logs: [],
-      total: 0,
-      page: page ?? 1,
-      perPage: perPage ?? 100,
-      hasMore: false
-    };
-  }
-};
-var ConsoleLogger = class extends MastraLogger {
-  constructor(options = {}) {
-    super(options);
-  }
-  debug(message, ...args) {
-    if (this.level === LogLevel.DEBUG) {
-      console.info(message, ...args);
-    }
-  }
-  info(message, ...args) {
-    if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
-      console.info(message, ...args);
-    }
-  }
-  warn(message, ...args) {
-    if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
-      console.info(message, ...args);
-    }
-  }
-  error(message, ...args) {
-    if (this.level === LogLevel.ERROR || this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
-      console.error(message, ...args);
-    }
-  }
-  async listLogs(_transportId, _params) {
-    return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };
-  }
-  async listLogsByRunId(_args) {
-    return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };
-  }
-};
-// ../core/dist/chunk-WCAFTXGK.js
-var MastraBase = class {
-  component = RegisteredLogger.LLM;
-  logger;
-  name;
-  #rawConfig;
-  constructor({
-    component,
-    name,
-    rawConfig
-  }) {
-    this.component = component || RegisteredLogger.LLM;
-    this.name = name;
-    this.#rawConfig = rawConfig;
-    this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
-  }
-  /**
-   * Returns the raw storage configuration this primitive was created from,
-   * or undefined if it was created from code.
-   */
-  toRawConfig() {
-    return this.#rawConfig;
-  }
-  /**
-   * Sets the raw storage configuration for this primitive.
-   * @internal
-   */
-  __setRawConfig(rawConfig) {
-    this.#rawConfig = rawConfig;
-  }
-  /**
-   * Set the logger for the agent
-   * @param logger
-   */
-  __setLogger(logger) {
-    this.logger = logger;
-    if (this.component !== RegisteredLogger.LLM) {
-      this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
-    }
-  }
-};
-// ../core/dist/server/index.js
-var MastraAuthProvider = class extends MastraBase {
-  protected;
-  public;
-  constructor(options) {
-    super({ component: "AUTH", name: options?.name });
-    if (options?.authorizeUser) {
-      this.authorizeUser = options.authorizeUser.bind(this);
-    }
-    this.protected = options?.protected;
-    this.public = options?.public;
-  }
-  registerOptions(opts) {
-    if (opts?.authorizeUser) {
-      this.authorizeUser = opts.authorizeUser.bind(this);
-    }
-    if (opts?.protected) {
-      this.protected = opts.protected;
-    }
-    if (opts?.public) {
-      this.public = opts.public;
-    }
-  }
-};
 function str(value) {
   return typeof value === "string" ? value : void 0;
 }

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/utils.ts","../../core/src/logger/constants.ts","../../core/src/logger/logger.ts","../../core/src/logger/default-logger.ts","../../core/src/base.ts","../../core/src/server/auth.ts","../src/jwt.ts"],"names":["jwt"],"mappings":";;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;;;ACjCO,IAAM,gBAAA,GAAmB;EAM9B,GAAA,EAAK,KAaP,CAAA;AAIO,IAAM,QAAA,GAAW;EACtB,KAAA,EAAO,OAAA;EACP,IAAA,EAAM,MAAA;EACN,IAAA,EAAM,MAAA;EACN,KAAA,EAAO,OAET,CAAA;ACKO,IAAe,eAAf,MAAqD;AAChD,EAAA,IAAA;AACA,EAAA,KAAA;AACA,EAAA,UAAA;EAEV,WAAA,CACE,OAAA,GAII,EAAA,EACJ;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,QAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,QAAA,CAAS,KAAA;AACvC,IAAA,IAAA,CAAK,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,QAAQ,OAAA,CAAQ,UAAA,IAAc,EAAE,CAAC,CAAA;AACpE,EAAA;EAOA,aAAA,GAAgB;AACd,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;AAEA,EAAA,cAAA,CAAe,MAAA,EAAqB;AAAC,EAAA;EAErC,MAAM,QAAA,CACJ,aACA,MAAA,EAQA;AACA,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,EAAG;AACrD,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,MAAA,EAAQ,IAAA,IAAQ,GAAG,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClG,IAAA;AAEA,IAAA,OACE,KAAK,UAAA,CAAW,GAAA,CAAI,WAAW,CAAA,CAAG,QAAA,CAAS,MAAM,CAAA,IAAK;AACpD,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,QAAQ,IAAA,IAAQ,CAAA;AACtB,MAAA,OAAA,EAAS,QAAQ,OAAA,IAAW,GAAA;MAC5B,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AAEA,EAAA,MAAM,eAAA,CAAgB;AACpB,IAAA,WAAA;AACA,IAAA,KAAA;AACA,IAAA,QAAA;AACA,IAAA,MAAA;AACA,IAAA,QAAA;AACA,IAAA,OAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAUC;AACD,IAAA,IAAI,CAAC,eAAe,CAAC,IAAA,CAAK,WAAW,GAAA,CAAI,WAAW,CAAA,IAAK,CAAC,KAAA,EAAO;AAC/D,MAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,KAAA,EAAO,CAAA,EAAG,IAAA,EAAM,IAAA,IAAQ,CAAA,EAAG,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAClF,IAAA;AAEA,IAAA,OACE,IAAA,CAAK,UAAA,CACF,GAAA,CAAI,WAAW,EACf,eAAA,CAAgB,EAAE,KAAA,EAAO,QAAA,EAAU,QAAQ,QAAA,EAAU,OAAA,EAAS,IAAA,EAAM,OAAA,EAAS,CAAA,IAAK;AACnF,MAAA,IAAA,EAAM,EAAA;MACN,KAAA,EAAO,CAAA;AACP,MAAA,IAAA,EAAM,IAAA,IAAQ,CAAA;AACd,MAAA,OAAA,EAAS,OAAA,IAAW,GAAA;MACpB,OAAA,EAAS;AAAA,KAAA;AAGf,EAAA;AACF,CAAA;AC5GO,IAAM,aAAA,GAAN,cAA4B,YAAA,CAAa;EAC9C,WAAA,CACE,OAAA,GAGI,EAAA,EACJ;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACf,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjC,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,KAAK,KAAA,KAAU,QAAA,CAAS,QAAQ,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AACjE,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,IAAA,CAAK,YAAoB,IAAA,EAAmB;AAC1C,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IAAQ,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,EAAO;AACjG,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,GAAG,IAAI,CAAA;AAC/B,IAAA;AACF,EAAA;AAEA,EAAA,KAAA,CAAM,YAAoB,IAAA,EAAmB;AAC3C,IAAA,IACE,IAAA,CAAK,KAAA,KAAU,QAAA,CAAS,KAAA,IACxB,KAAK,KAAA,KAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,UAAU,QAAA,CAAS,IAAA,IACxB,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EACxB;AACA,MAAA,OAAA,CAAQ,KAAA,CAAM,OAAA,EAAS,GAAG,IAAI,CAAA;AAChC,IAAA;AACF,EAAA;EAEA,MAAM,QAAA,CACJ,cACA,OAAA,EAQA;AACA,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,GAAG,OAAA,EAAS,OAAA,EAAS,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AACpG,EAAA;AAEA,EAAA,MAAM,gBAAgB,KAAA,EASnB;AACD,IAAA,OAAO,EAAE,IAAA,EAAM,EAAA,EAAI,OAAO,CAAA,EAAG,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,GAAG,OAAA,EAAS,KAAA,CAAM,OAAA,IAAW,GAAA,EAAK,SAAS,KAAA,EAAA;AAC9F,EAAA;AACF,CAAA;;;AC7EO,IAAM,aAAN,MAAiB;AACtB,EAAA,SAAA,GAA8B,gBAAA,CAAiB,GAAA;AACrC,EAAA,MAAA;AACV,EAAA,IAAA;AACA,EAAA,UAAA;EAEA,WAAA,CAAY;AACV,IAAA,SAAA;AACA,IAAA,IAAA;AACA,IAAA;GAAA,EAKC;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,aAAa,gBAAA,CAAiB,GAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,aAAA,CAAc,EAAE,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,SAAS,CAAA,GAAA,EAAM,IAAA,CAAK,IAAI,CAAA,CAAA,EAAI,CAAA;AAC9E,EAAA;;;;;EAMA,WAAA,GAAmD;AACjD,IAAA,OAAO,IAAA,CAAK,UAAA;AACd,EAAA;;;;;AAMA,EAAA,cAAA,CAAe,SAAA,EAA0C;AACvD,IAAA,IAAA,CAAK,UAAA,GAAa,SAAA;AACpB,EAAA;;;;;AAMA,EAAA,WAAA,CAAY,MAAA,EAAuB;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAEd,IAAA,IAAI,IAAA,CAAK,SAAA,KAAc,gBAAA,CAAiB,GAAA,EAAK;AAC3C,MAAA,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,0BAAA,EAA6B,IAAA,CAAK,SAAS,CAAA,QAAA,EAAW,IAAA,CAAK,IAAI,CAAA,CAAA,CAAG,CAAA;AACtF,IAAA;AACF,EAAA;AACF,CAAA;;;ACnCO,IAAe,kBAAA,GAAf,cAA2D,UAAA,CAAW;AACpE,EAAA,SAAA;AACA,EAAA,MAAA;AAEP,EAAA,WAAA,CAAY,OAAA,EAA4C;AACtD,IAAA,KAAA,CAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAS,MAAM,CAAA;AAEhD,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,IAAA,CAAK,aAAA,GAAgB,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACtD,IAAA;AAEA,IAAA,IAAA,CAAK,YAAY,OAAA,EAAS,SAAA;AAC1B,IAAA,IAAA,CAAK,SAAS,OAAA,EAAS,MAAA;AACzB,EAAA;AAkBU,EAAA,eAAA,CAAgB,IAAA,EAAyC;AACjE,IAAA,IAAI,MAAM,aAAA,EAAe;AACvB,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAA,CAAK,aAAA,CAAc,IAAA,CAAK,IAAI,CAAA;AACnD,IAAA;AACA,IAAA,IAAI,MAAM,SAAA,EAAW;AACnB,MAAA,IAAA,CAAK,YAAY,IAAA,CAAK,SAAA;AACxB,IAAA;AACA,IAAA,IAAI,MAAM,MAAA,EAAQ;AAChB,MAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACrB,IAAA;AACF,EAAA;AACF,CAAA;AC9CA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,GAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","// Constants and Types (keeping from original implementation)\nexport const RegisteredLogger = {\n AGENT: 'AGENT',\n OBSERVABILITY: 'OBSERVABILITY',\n AUTH: 'AUTH',\n NETWORK: 'NETWORK',\n WORKFLOW: 'WORKFLOW',\n LLM: 'LLM',\n TTS: 'TTS',\n VOICE: 'VOICE',\n VECTOR: 'VECTOR',\n BUNDLER: 'BUNDLER',\n DEPLOYER: 'DEPLOYER',\n MEMORY: 'MEMORY',\n STORAGE: 'STORAGE',\n EMBEDDINGS: 'EMBEDDINGS',\n MCP_SERVER: 'MCP_SERVER',\n SERVER_CACHE: 'SERVER_CACHE',\n SERVER: 'SERVER',\n WORKSPACE: 'WORKSPACE',\n} as const;\n\nexport type RegisteredLogger = (typeof RegisteredLogger)[keyof typeof RegisteredLogger];\n\nexport const LogLevel = {\n DEBUG: 'debug',\n INFO: 'info',\n WARN: 'warn',\n ERROR: 'error',\n NONE: 'silent',\n} as const;\n\nexport type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];\n","import type { MastraError } from '../error';\nimport { LogLevel } from './constants';\nimport type { BaseLogMessage, LoggerTransport } from './transport';\n\nexport interface IMastraLogger {\n debug(message: string, ...args: any[]): void;\n info(message: string, ...args: any[]): void;\n warn(message: string, ...args: any[]): void;\n error(message: string, ...args: any[]): void;\n trackException(error: MastraError): void;\n\n getTransports(): Map<string, LoggerTransport>;\n listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }): Promise<{ logs: BaseLogMessage[]; total: number; page: number; perPage: number; hasMore: boolean }>;\n}\n\nexport abstract class MastraLogger implements IMastraLogger {\n protected name: string;\n protected level: LogLevel;\n protected transports: Map<string, LoggerTransport>;\n\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n } = {},\n ) {\n this.name = options.name \|\| 'Mastra';\n this.level = options.level \|\| LogLevel.ERROR;\n this.transports = new Map(Object.entries(options.transports \|\| {}));\n }\n\n abstract debug(message: string, ...args: any[]): void;\n abstract info(message: string, ...args: any[]): void;\n abstract warn(message: string, ...args: any[]): void;\n abstract error(message: string, ...args: any[]): void;\n\n getTransports() {\n return this.transports;\n }\n\n trackException(_error: MastraError) {}\n\n async listLogs(\n transportId: string,\n params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n if (!transportId \|\| !this.transports.has(transportId)) {\n return { logs: [], total: 0, page: params?.page ?? 1, perPage: params?.perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports.get(transportId)!.listLogs(params) ?? {\n logs: [],\n total: 0,\n page: params?.page ?? 1,\n perPage: params?.perPage ?? 100,\n hasMore: false,\n }\n );\n }\n\n async listLogsByRunId({\n transportId,\n runId,\n fromDate,\n toDate,\n logLevel,\n filters,\n page,\n perPage,\n }: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n if (!transportId \|\| !this.transports.has(transportId) \|\| !runId) {\n return { logs: [], total: 0, page: page ?? 1, perPage: perPage ?? 100, hasMore: false };\n }\n\n return (\n this.transports\n .get(transportId)!\n .listLogsByRunId({ runId, fromDate, toDate, logLevel, filters, page, perPage }) ?? {\n logs: [],\n total: 0,\n page: page ?? 1,\n perPage: perPage ?? 100,\n hasMore: false,\n }\n );\n }\n}\n","import { LogLevel } from './constants';\nimport { MastraLogger } from './logger';\nimport type { LoggerTransport } from './transport';\n\nexport const createLogger = (options: {\n name?: string;\n level?: LogLevel;\n transports?: Record<string, LoggerTransport>;\n}) => {\n const logger = new ConsoleLogger(options);\n\n logger.warn(`createLogger is deprecated. Please use \"new ConsoleLogger()\" from \"@mastra/core/logger\" instead.`);\n\n return logger;\n};\n\nexport class ConsoleLogger extends MastraLogger {\n constructor(\n options: {\n name?: string;\n level?: LogLevel;\n } = {},\n ) {\n super(options);\n }\n\n debug(message: string, ...args: any[]): void {\n if (this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n info(message: string, ...args: any[]): void {\n if (this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n warn(message: string, ...args: any[]): void {\n if (this.level === LogLevel.WARN \|\| this.level === LogLevel.INFO \|\| this.level === LogLevel.DEBUG) {\n console.info(message, ...args);\n }\n }\n\n error(message: string, ...args: any[]): void {\n if (\n this.level === LogLevel.ERROR \|\|\n this.level === LogLevel.WARN \|\|\n this.level === LogLevel.INFO \|\|\n this.level === LogLevel.DEBUG\n ) {\n console.error(message, ...args);\n }\n }\n\n async listLogs(\n _transportId: string,\n _params?: {\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n },\n ) {\n return { logs: [], total: 0, page: _params?.page ?? 1, perPage: _params?.perPage ?? 100, hasMore: false };\n }\n\n async listLogsByRunId(_args: {\n transportId: string;\n runId: string;\n fromDate?: Date;\n toDate?: Date;\n logLevel?: LogLevel;\n filters?: Record<string, any>;\n page?: number;\n perPage?: number;\n }) {\n return { logs: [], total: 0, page: _args.page ?? 1, perPage: _args.perPage ?? 100, hasMore: false };\n }\n}\n","import type { IMastraLogger } from './logger';\nimport { RegisteredLogger } from './logger/constants';\nimport { ConsoleLogger } from './logger/default-logger';\n\nexport class MastraBase {\n component: RegisteredLogger = RegisteredLogger.LLM;\n protected logger: IMastraLogger;\n name?: string;\n #rawConfig?: Record<string, unknown>;\n\n constructor({\n component,\n name,\n rawConfig,\n }: {\n component?: RegisteredLogger;\n name?: string;\n rawConfig?: Record<string, unknown>;\n }) {\n this.component = component \|\| RegisteredLogger.LLM;\n this.name = name;\n this.#rawConfig = rawConfig;\n this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });\n }\n\n /*\n Returns the raw storage configuration this primitive was created from,\n * or undefined if it was created from code.\n /\n toRawConfig(): Record<string, unknown> \| undefined {\n return this.#rawConfig;\n }\n\n /\n Sets the raw storage configuration for this primitive.\n * @internal\n /\n __setRawConfig(rawConfig: Record<string, unknown>): void {\n this.#rawConfig = rawConfig;\n }\n\n /\n Set the logger for the agent\n * @param logger\n /\n __setLogger(logger: IMastraLogger) {\n this.logger = logger;\n\n if (this.component !== RegisteredLogger.LLM) {\n this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);\n }\n }\n}\n\nexport from './types';\n","import type { HonoRequest } from 'hono';\nimport { MastraBase } from '../base';\nimport type { MastraAuthConfig } from './types';\n\nexport interface MastraAuthProviderOptions<TUser = unknown> {\n name?: string;\n authorizeUser?: (user: TUser, request: HonoRequest) => Promise<boolean> \| boolean;\n /*\n Protected paths for the auth provider\n /\n protected?: MastraAuthConfig['protected'];\n /\n Public paths for the auth provider\n /\n public?: MastraAuthConfig['public'];\n}\n\nexport abstract class MastraAuthProvider<TUser = unknown> extends MastraBase {\n public protected?: MastraAuthConfig['protected'];\n public public?: MastraAuthConfig['public'];\n\n constructor(options?: MastraAuthProviderOptions<TUser>) {\n super({ component: 'AUTH', name: options?.name });\n\n if (options?.authorizeUser) {\n this.authorizeUser = options.authorizeUser.bind(this);\n }\n\n this.protected = options?.protected;\n this.public = options?.public;\n }\n\n /\n Authenticate a token and return the payload\n * @param token - The token to authenticate\n * @param request - The request\n * @returns The payload\n /\n abstract authenticateToken(token: string, request: HonoRequest): Promise<TUser \| null>;\n\n /\n Authorize a user for a path and method\n * @param user - The user to authorize\n * @param request - The request\n * @returns The authorization result\n */\n abstract authorizeUser(user: TUser, request: HonoRequest): Promise<boolean> \| boolean;\n\n protected registerOptions(opts?: MastraAuthProviderOptions<TUser>) {\n if (opts?.authorizeUser) {\n this.authorizeUser = opts.authorizeUser.bind(this);\n }\n if (opts?.protected) {\n this.protected = opts.protected;\n }\n if (opts?.public) {\n this.public = opts.public;\n }\n }\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User \| null;\n}\n\nfunction str(value: unknown): string \| undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User \| null {\n const id = str(payload.sub) \|\| str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) \|\| str(payload.avatar_url) \|\| str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User \| null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User \| null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User \| null> {\n return null;\n }\n}\n"]}
1	+ {"version":3,"sources":["../src/utils.ts","../src/jwt.ts"],"names":["jwt"],"mappings":";;;;;AAKA,eAAsB,YAAY,WAAA,EAAqB;AACrD,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAC1D,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAC7C,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,IAAW,OAAO,OAAA,CAAQ,YAAY,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,uBAAuB,CAAA;AACpG,EAAA,IAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,KAAK,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAChE,EAAA,OAAO,QAAQ,OAAA,CAAQ,GAAA;AACzB;AAEA,eAAsB,UAAA,CAAW,aAAqB,MAAA,EAAgB;AACpE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,MAAM,CAAA;AACvC;AAEA,eAAsB,UAAA,CAAW,aAAqB,OAAA,EAAiB;AACrE,EAAA,MAAM,UAAU,GAAA,CAAI,MAAA,CAAO,aAAa,EAAE,QAAA,EAAU,MAAM,CAAA;AAE1D,EAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,MAAM,eAAe,CAAA;AAE7C,EAAA,MAAM,MAAA,GAAS,UAAA,CAAW,EAAE,OAAA,EAAS,CAAA;AACrC,EAAA,MAAM,MAAM,MAAM,MAAA,CAAO,aAAA,CAAc,OAAA,CAAQ,OAAO,GAAG,CAAA;AACzD,EAAA,MAAM,UAAA,GAAa,IAAI,YAAA,EAAa;AACpC,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,UAAU,CAAA;AAC3C;ACrBA,SAAS,IAAI,KAAA,EAAoC;AAC/C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,GAAW,KAAA,GAAQ,MAAA;AAC7C;AAEA,SAAS,eAAe,OAAA,EAA+B;AACrD,EAAA,MAAM,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,IAAK,GAAA,CAAI,QAAQ,EAAE,CAAA;AAC7C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,EAAA;AAAA,IACA,KAAA,EAAO,GAAA,CAAI,OAAA,CAAQ,KAAK,CAAA;AAAA,IACxB,IAAA,EAAM,GAAA,CAAI,OAAA,CAAQ,IAAI,CAAA;AAAA,IACtB,SAAA,EAAW,GAAA,CAAI,OAAA,CAAQ,SAAS,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,UAAU,CAAA,IAAK,GAAA,CAAI,OAAA,CAAQ,OAAO;AAAA,GACrF;AACF;AAEO,IAAM,aAAA,GAAN,cAA4B,kBAAA,CAAqD;AAAA,EAC5E,MAAA;AAAA,EACF,OAAA;AAAA,EAER,YAAY,OAAA,EAAgC;AAC1C,IAAA,KAAA,CAAM,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,IAAQ,OAAO,CAAA;AAEtC,IAAA,IAAA,CAAK,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,OAAA,CAAQ,IAAI,eAAA,IAAmB,EAAA;AAEhE,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,IAC/C;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,SAAS,OAAA,IAAW,cAAA;AACnC,IAAA,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EAC9B;AAAA,EAEA,MAAM,kBAAkB,KAAA,EAAiC;AACvD,IAAA,OAAOA,GAAAA,CAAI,MAAA,CAAO,KAAA,EAAO,IAAA,CAAK,MAAM,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,cAAc,IAAA,EAAe;AACjC,IAAA,OAAO,CAAC,CAAC,IAAA;AAAA,EACX;AAAA,EAEA,MAAM,eAAe,OAAA,EAAwC;AAC3D,IAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,IAAA,MAAM,KAAA,GAAQ,UAAA,EAAY,WAAA,EAAY,CAAE,UAAA,CAAW,SAAS,CAAA,GAAI,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK,GAAI,IAAA;AAC7F,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAClD,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,OAAO,CAAA;AAChD,MAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,MAAA,OAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAM,QAAQ,OAAA,EAAuC;AACnD,IAAA,OAAO,IAAA;AAAA,EACT;AACF","file":"index.js","sourcesContent":["import jwt from 'jsonwebtoken';\nimport jwksClient from 'jwks-rsa';\n\nexport type JwtPayload = jwt.JwtPayload;\n\nexport async function decodeToken(accessToken: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n return decoded;\n}\n\nexport function getTokenIssuer(decoded: jwt.JwtPayload \| null) {\n if (!decoded) throw new Error('Invalid token');\n if (!decoded.payload \|\| typeof decoded.payload !== 'object') throw new Error('Invalid token payload');\n if (!decoded.payload.iss) throw new Error('Invalid token header');\n return decoded.payload.iss;\n}\n\nexport async function verifyHmac(accessToken: string, secret: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n return jwt.verify(accessToken, secret) as jwt.JwtPayload;\n}\n\nexport async function verifyJwks(accessToken: string, jwksUri: string) {\n const decoded = jwt.decode(accessToken, { complete: true });\n\n if (!decoded) throw new Error('Invalid token');\n\n const client = jwksClient({ jwksUri });\n const key = await client.getSigningKey(decoded.header.kid);\n const signingKey = key.getPublicKey();\n return jwt.verify(accessToken, signingKey) as jwt.JwtPayload;\n}\n","import type { User, IUserProvider } from '@mastra/core/auth';\nimport { MastraAuthProvider } from '@mastra/core/server';\nimport type { MastraAuthProviderOptions } from '@mastra/core/server';\n\nimport jwt from 'jsonwebtoken';\n\ntype JwtUser = jwt.JwtPayload;\n\ninterface MastraJwtAuthOptions extends MastraAuthProviderOptions<JwtUser> {\n secret?: string;\n mapUser?: (payload: JwtUser) => User \| null;\n}\n\nfunction str(value: unknown): string \| undefined {\n return typeof value === 'string' ? value : undefined;\n}\n\nfunction defaultMapUser(payload: JwtUser): User \| null {\n const id = str(payload.sub) \|\| str(payload.id);\n if (!id) {\n return null;\n }\n return {\n id,\n email: str(payload.email),\n name: str(payload.name),\n avatarUrl: str(payload.avatarUrl) \|\| str(payload.avatar_url) \|\| str(payload.picture),\n };\n}\n\nexport class MastraJwtAuth extends MastraAuthProvider<JwtUser> implements IUserProvider {\n protected secret: string;\n private mapUser: (payload: JwtUser) => User \| null;\n\n constructor(options?: MastraJwtAuthOptions) {\n super({ name: options?.name ?? 'jwt' });\n\n this.secret = options?.secret ?? process.env.JWT_AUTH_SECRET ?? '';\n\n if (!this.secret) {\n throw new Error('JWT auth secret is required');\n }\n\n this.mapUser = options?.mapUser ?? defaultMapUser;\n this.registerOptions(options);\n }\n\n async authenticateToken(token: string): Promise<JwtUser> {\n return jwt.verify(token, this.secret) as JwtUser;\n }\n\n async authorizeUser(user: JwtUser) {\n return !!user;\n }\n\n async getCurrentUser(request: Request): Promise<User \| null> {\n const authHeader = request.headers.get('authorization');\n const token = authHeader?.toLowerCase().startsWith('bearer ') ? authHeader.slice(7).trim() : null;\n if (!token) return null;\n\n try {\n const payload = await this.authenticateToken(token);\n const allowed = await this.authorizeUser(payload);\n if (!allowed) return null;\n return this.mapUser(payload);\n } catch {\n return null;\n }\n }\n\n async getUser(_userId: string): Promise<User \| null> {\n return null;\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mastra/auth",
-  "version": "1.0.2-alpha.0",
+  "version": "1.0.3-alpha.0",
   "description": "",
   "type": "module",
   "files": [
@@ -30,16 +30,17 @@
   },
   "devDependencies": {
     "@types/jsonwebtoken": "^9.0.10",
-    "@types/node": "22.19.15",
-    "@vitest/coverage-v8": "4.0.18",
-    "@vitest/ui": "4.0.18",
-    "eslint": "^9.39.4",
+    "@types/node": "22.19.21",
+    "@vitest/coverage-v8": "4.1.8",
+    "@vitest/ui": "4.1.8",
+    "eslint": "^10.4.1",
     "tsup": "^8.5.1",
-    "typescript": "^5.9.3",
-    "vitest": "4.0.18",
-    "@internal/lint": "0.0.71",
-    "@internal/types-builder": "0.0.46",
-    "@mastra/core": "1.14.0-alpha.2"
+    "tsx": "^4.22.4",
+    "typescript": "^6.0.3",
+    "vitest": "4.1.8",
+    "@internal/lint": "0.0.105",
+    "@internal/types-builder": "0.0.80",
+    "@mastra/core": "1.43.1-alpha.0"
   },
   "homepage": "https://mastra.ai",
   "repository": {
@@ -53,6 +54,9 @@
   "engines": {
     "node": ">=22.13.0"
   },
+  "peerDependencies": {
+    "@mastra/core": ">=1.32.0-0 <2.0.0-0"
+  },
   "scripts": {
     "build:lib": "tsup --silent --config tsup.config.ts",
     "build:watch": "tsup --watch --silent --config tsup.config.ts",