npm - @meridianjs/google-oauth - Versions diffs - 0.1.1 - Mend

@meridianjs/google-oauth 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,33 @@
+import { ModuleDefinition } from '@meridianjs/types';
+interface GoogleOAuthOptions {
+    clientId: string;
+    clientSecret: string;
+    callbackUrl: string;
+    frontendUrl: string;
+}
+interface GoogleProfile {
+    googleId: string;
+    email: string;
+    firstName: string | null;
+    lastName: string | null;
+    picture: string | null;
+}
+declare class GoogleOAuthService {
+    private readonly options;
+    private readonly jwks;
+    constructor(container: any);
+    /** Build the Google OAuth authorization URL with the given state parameter. */
+    getAuthUrl(state: string): string;
+    /**
+     * Exchange an authorization code for a GoogleProfile.
+     * Verifies the id_token signature against Google's JWK keyset per
+     * https://developers.google.com/identity/openid-connect/openid-connect#validatinganidtoken
+     */
+    exchangeCode(code: string): Promise<GoogleProfile>;
+    get frontendUrl(): string;
+}
+declare const GoogleOAuthModule: ModuleDefinition;
+export { type GoogleOAuthOptions, GoogleOAuthService, type GoogleProfile, GoogleOAuthModule as default };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { ModuleDefinition } from '@meridianjs/types';
+interface GoogleOAuthOptions {
+    clientId: string;
+    clientSecret: string;
+    callbackUrl: string;
+    frontendUrl: string;
+}
+interface GoogleProfile {
+    googleId: string;
+    email: string;
+    firstName: string | null;
+    lastName: string | null;
+    picture: string | null;
+}
+declare class GoogleOAuthService {
+    private readonly options;
+    private readonly jwks;
+    constructor(container: any);
+    /** Build the Google OAuth authorization URL with the given state parameter. */
+    getAuthUrl(state: string): string;
+    /**
+     * Exchange an authorization code for a GoogleProfile.
+     * Verifies the id_token signature against Google's JWK keyset per
+     * https://developers.google.com/identity/openid-connect/openid-connect#validatinganidtoken
+     */
+    exchangeCode(code: string): Promise<GoogleProfile>;
+    get frontendUrl(): string;
+}
+declare const GoogleOAuthModule: ModuleDefinition;
+export { type GoogleOAuthOptions, GoogleOAuthService, type GoogleProfile, GoogleOAuthModule as default };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,127 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  GoogleOAuthService: () => GoogleOAuthService,
+  default: () => index_default
+});
+module.exports = __toCommonJS(index_exports);
+// src/service.ts
+var import_jose = require("jose");
+var GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth";
+var GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token";
+var GOOGLE_JWKS_URL = "https://www.googleapis.com/oauth2/v3/certs";
+var GOOGLE_ISSUERS = ["https://accounts.google.com", "accounts.google.com"];
+var GoogleOAuthService = class {
+  options;
+  jwks;
+  constructor(container) {
+    this.options = container.resolve("moduleOptions");
+    try {
+      const parsed = new URL(this.options.frontendUrl);
+      if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        throw new Error("must be http or https");
+      }
+    } catch {
+      throw new Error(
+        `[google-oauth] Invalid frontendUrl: "${this.options.frontendUrl}". Must be a valid http:// or https:// URL.`
+      );
+    }
+    this.jwks = (0, import_jose.createRemoteJWKSet)(new URL(GOOGLE_JWKS_URL));
+  }
+  /** Build the Google OAuth authorization URL with the given state parameter. */
+  getAuthUrl(state) {
+    const params = new URLSearchParams({
+      client_id: this.options.clientId,
+      redirect_uri: this.options.callbackUrl,
+      response_type: "code",
+      scope: "openid email profile",
+      state,
+      access_type: "online"
+    });
+    return `${GOOGLE_AUTH_URL}?${params.toString()}`;
+  }
+  /**
+   * Exchange an authorization code for a GoogleProfile.
+   * Verifies the id_token signature against Google's JWK keyset per
+   * https://developers.google.com/identity/openid-connect/openid-connect#validatinganidtoken
+   */
+  async exchangeCode(code) {
+    const body = new URLSearchParams({
+      code,
+      client_id: this.options.clientId,
+      client_secret: this.options.clientSecret,
+      redirect_uri: this.options.callbackUrl,
+      grant_type: "authorization_code"
+    });
+    const tokenRes = await fetch(GOOGLE_TOKEN_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: body.toString()
+    });
+    if (!tokenRes.ok) {
+      const text = await tokenRes.text().catch(() => "");
+      throw Object.assign(new Error(`Google token exchange failed: ${text}`), { status: 502 });
+    }
+    const tokenData = await tokenRes.json();
+    if (!tokenData.id_token) {
+      throw Object.assign(new Error("Google did not return an id_token"), { status: 502 });
+    }
+    let payload;
+    try {
+      const { payload: verified } = await (0, import_jose.jwtVerify)(tokenData.id_token, this.jwks, {
+        audience: this.options.clientId,
+        issuer: GOOGLE_ISSUERS
+      });
+      payload = verified;
+    } catch (err) {
+      throw Object.assign(
+        new Error(`id_token verification failed: ${err.message ?? "invalid token"}`),
+        { status: 502 }
+      );
+    }
+    if (!payload.email_verified) {
+      throw Object.assign(new Error("Google email address is not verified"), { status: 403 });
+    }
+    return {
+      googleId: payload.sub,
+      email: payload.email,
+      firstName: payload.given_name ?? null,
+      lastName: payload.family_name ?? null,
+      picture: payload.picture ?? null
+    };
+  }
+  get frontendUrl() {
+    return this.options.frontendUrl;
+  }
+};
+// src/index.ts
+var GoogleOAuthModule = {
+  key: "googleOAuthService",
+  service: GoogleOAuthService
+};
+var index_default = GoogleOAuthModule;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  GoogleOAuthService
+});

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,100 @@
+// src/service.ts
+import { createRemoteJWKSet, jwtVerify } from "jose";
+var GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth";
+var GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token";
+var GOOGLE_JWKS_URL = "https://www.googleapis.com/oauth2/v3/certs";
+var GOOGLE_ISSUERS = ["https://accounts.google.com", "accounts.google.com"];
+var GoogleOAuthService = class {
+  options;
+  jwks;
+  constructor(container) {
+    this.options = container.resolve("moduleOptions");
+    try {
+      const parsed = new URL(this.options.frontendUrl);
+      if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        throw new Error("must be http or https");
+      }
+    } catch {
+      throw new Error(
+        `[google-oauth] Invalid frontendUrl: "${this.options.frontendUrl}". Must be a valid http:// or https:// URL.`
+      );
+    }
+    this.jwks = createRemoteJWKSet(new URL(GOOGLE_JWKS_URL));
+  }
+  /** Build the Google OAuth authorization URL with the given state parameter. */
+  getAuthUrl(state) {
+    const params = new URLSearchParams({
+      client_id: this.options.clientId,
+      redirect_uri: this.options.callbackUrl,
+      response_type: "code",
+      scope: "openid email profile",
+      state,
+      access_type: "online"
+    });
+    return `${GOOGLE_AUTH_URL}?${params.toString()}`;
+  }
+  /**
+   * Exchange an authorization code for a GoogleProfile.
+   * Verifies the id_token signature against Google's JWK keyset per
+   * https://developers.google.com/identity/openid-connect/openid-connect#validatinganidtoken
+   */
+  async exchangeCode(code) {
+    const body = new URLSearchParams({
+      code,
+      client_id: this.options.clientId,
+      client_secret: this.options.clientSecret,
+      redirect_uri: this.options.callbackUrl,
+      grant_type: "authorization_code"
+    });
+    const tokenRes = await fetch(GOOGLE_TOKEN_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: body.toString()
+    });
+    if (!tokenRes.ok) {
+      const text = await tokenRes.text().catch(() => "");
+      throw Object.assign(new Error(`Google token exchange failed: ${text}`), { status: 502 });
+    }
+    const tokenData = await tokenRes.json();
+    if (!tokenData.id_token) {
+      throw Object.assign(new Error("Google did not return an id_token"), { status: 502 });
+    }
+    let payload;
+    try {
+      const { payload: verified } = await jwtVerify(tokenData.id_token, this.jwks, {
+        audience: this.options.clientId,
+        issuer: GOOGLE_ISSUERS
+      });
+      payload = verified;
+    } catch (err) {
+      throw Object.assign(
+        new Error(`id_token verification failed: ${err.message ?? "invalid token"}`),
+        { status: 502 }
+      );
+    }
+    if (!payload.email_verified) {
+      throw Object.assign(new Error("Google email address is not verified"), { status: 403 });
+    }
+    return {
+      googleId: payload.sub,
+      email: payload.email,
+      firstName: payload.given_name ?? null,
+      lastName: payload.family_name ?? null,
+      picture: payload.picture ?? null
+    };
+  }
+  get frontendUrl() {
+    return this.options.frontendUrl;
+  }
+};
+// src/index.ts
+var GoogleOAuthModule = {
+  key: "googleOAuthService",
+  service: GoogleOAuthService
+};
+var index_default = GoogleOAuthModule;
+export {
+  GoogleOAuthService,
+  index_default as default
+};

package/package.json ADDED Viewed

@@ -0,0 +1,41 @@
+{
+  "name": "@meridianjs/google-oauth",
+  "version": "0.1.1",
+  "description": "Google OAuth 2.0 sign-in module for Meridian",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.mts",
+        "default": "./dist/index.mjs"
+      },
+      "require": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      }
+    }
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --dts --clean",
+    "dev": "tsup src/index.ts --format esm,cjs --dts --watch",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@meridianjs/types": "^0.1.0",
+    "jose": "^5.9.6"
+  },
+  "devDependencies": {
+    "tsup": "^8.3.5",
+    "typescript": "*"
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  }
+}