@metaloot/auth 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Metaloot
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,178 @@
+# Metaloot Auth
+
+Drop-in Metaloot auth adapters for browser games.
+
+The package owns the OAuth callback and game session so a game does not need to
+hand-roll code exchange, signed cookies, session JSON, or sign-in UI state.
+
+## Install
+
+```bash
+npm install @metaloot/auth
+```
+
+## Environment
+
+```bash
+METALOOT_CLIENT_ID=mtl_client_...
+METALOOT_CLIENT_SECRET=mtl_secret_...
+METALOOT_SESSION_SECRET=replace-with-a-long-random-secret
+```
+
+Register this callback URL in Metaloot:
+
+```txt
+https://your-game.com/auth/metaloot/callback
+```
+
+## Static Node or Express Game
+
+```js
+import express from "express";
+import { metalootAuth } from "@metaloot/auth/node";
+
+const app = express();
+
+app.use(
+  metalootAuth({
+    clientId: process.env.METALOOT_CLIENT_ID,
+    clientSecret: process.env.METALOOT_CLIENT_SECRET,
+    sessionSecret: process.env.METALOOT_SESSION_SECRET,
+    redirectUri: "https://your-game.com/auth/metaloot/callback",
+  })
+);
+
+app.use(
+  "/vendor/@metaloot/auth",
+  express.static("node_modules/@metaloot/auth/dist")
+);
+app.use(express.static("public"));
+app.listen(process.env.PORT || 3000);
+```
+
+Add the button to the game:
+
+```html
+<div id="metaloot-auth"></div>
+<script type="module">
+  import { mountMetalootAuth } from "/vendor/@metaloot/auth/browser.js";
+
+  mountMetalootAuth("#metaloot-auth", {
+    gameName: "Your Game"
+  });
+</script>
+```
+
+The middleware provides:
+
+```txt
+GET /auth/metaloot/start
+GET /auth/metaloot/callback
+GET /auth/metaloot/session
+GET /auth/metaloot/logout
+POST /auth/metaloot/logout
+```
+
+## Next.js App Router
+
+Create `app/api/auth/metaloot/[...metaloot]/route.ts`:
+
+```ts
+import { createMetalootRouteHandlers } from "@metaloot/auth/next";
+
+export const { GET, POST } = createMetalootRouteHandlers({
+  clientId: process.env.METALOOT_CLIENT_ID!,
+  clientSecret: process.env.METALOOT_CLIENT_SECRET!,
+  sessionSecret: process.env.METALOOT_SESSION_SECRET!,
+  redirectUri: "https://your-game.com/auth/metaloot/callback",
+  startPath: "/api/auth/metaloot/start",
+  callbackPath: "/api/auth/metaloot/callback",
+  sessionPath: "/api/auth/metaloot/session",
+  logoutPath: "/api/auth/metaloot/logout",
+});
+```
+
+Register the matching callback URL for this example:
+
+```txt
+https://your-game.com/api/auth/metaloot/callback
+```
+
+Mount the browser button from a client component:
+
+```tsx
+"use client";
+
+import { useEffect, useRef } from "react";
+import { mountMetalootAuth } from "@metaloot/auth/browser";
+
+export function MetalootSignIn() {
+  const ref = useRef<HTMLDivElement>(null);
+
+  useEffect(() => {
+    if (!ref.current) return;
+    mountMetalootAuth(ref.current, {
+      gameName: "Your Game",
+      startUrl: "/api/auth/metaloot/start",
+      sessionUrl: "/api/auth/metaloot/session",
+      logoutUrl: "/api/auth/metaloot/logout",
+    });
+  }, []);
+
+  return <div ref={ref} />;
+}
+```
+
+## Read the Session
+
+Browser code can check the current player:
+
+```js
+const session = await fetch("/auth/metaloot/session").then((res) => res.json());
+
+if (session.signedIn) {
+  console.log(session.user.id, session.user.name);
+}
+```
+
+Server code can read a signed session from cookies:
+
+```ts
+import { getMetalootSessionFromCookieHeader } from "@metaloot/auth/server";
+
+const session = getMetalootSessionFromCookieHeader(request.headers.get("cookie"), {
+  clientId: process.env.METALOOT_CLIENT_ID!,
+  clientSecret: process.env.METALOOT_CLIENT_SECRET!,
+  sessionSecret: process.env.METALOOT_SESSION_SECRET!,
+  redirectUri: "https://your-game.com/auth/metaloot/callback",
+});
+```
+
+## Agent Prompt
+
+Use this when asking an implementation agent to add Metaloot auth:
+
+```txt
+Install @metaloot/auth and wire Metaloot sign-in.
+
+Do not implement OAuth by hand.
+
+Requirements:
+1. Add the Metaloot server adapter for this stack.
+2. Configure METALOOT_CLIENT_ID, METALOOT_CLIENT_SECRET, and METALOOT_SESSION_SECRET on the server only.
+3. Use /auth/metaloot/start, /auth/metaloot/callback, /auth/metaloot/session, and /auth/metaloot/logout.
+4. Mount the browser sign-in button with mountMetalootAuth.
+5. On game boot, call the session endpoint and treat signedIn:true as the player being authenticated.
+6. Hide or replace any old guest-login, #mlt token, or vendored Metaloot SDK logic.
+7. Verify locally and in production that /auth/metaloot/session returns signedIn:true after login.
+```
+
+## Publishing
+
+```bash
+npm login
+npm publish --access public
+```
+
+If the `@metaloot` npm scope is not available on your account, change the
+package name in `package.json` before publishing.

package/dist/browser.d.ts

@@ -0,0 +1,15 @@
+export type MetalootBrowserOptions = {
+    startUrl?: string;
+    sessionUrl?: string;
+    logoutUrl?: string;
+    buttonText?: string;
+    gameName?: string;
+    showUser?: boolean;
+};
+export type MetalootBrowserMount = {
+    refresh(): Promise<void>;
+    signIn(): void;
+    signOut(): void;
+};
+export declare function mountMetalootAuth(target: string | HTMLElement, options?: MetalootBrowserOptions): MetalootBrowserMount;
+//# sourceMappingURL=browser.d.ts.map

package/dist/browser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../src/browser.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,MAAM,IAAI,IAAI,CAAC;IACf,OAAO,IAAI,IAAI,CAAC;CACjB,CAAC;AAEF,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,GAAG,WAAW,EAC5B,OAAO,GAAE,sBAA2B,GACnC,oBAAoB,CAiCtB"}

package/dist/browser.js

@@ -0,0 +1,91 @@
+export function mountMetalootAuth(target, options = {}) {
+    const element = typeof target === "string" ? document.querySelector(target) : target;
+    if (!element)
+        throw new Error("Metaloot auth target not found.");
+    const mountElement = element;
+    const normalized = {
+        startUrl: options.startUrl ?? "/auth/metaloot/start",
+        sessionUrl: options.sessionUrl ?? "/auth/metaloot/session",
+        logoutUrl: options.logoutUrl ?? "/auth/metaloot/logout",
+        buttonText: options.buttonText ?? "Sign in with Metaloot",
+        gameName: options.gameName ?? document.title ?? "this game",
+        showUser: options.showUser ?? true,
+    };
+    injectStyles();
+    function signIn() {
+        window.location.assign(normalized.startUrl);
+    }
+    function signOut() {
+        window.location.assign(normalized.logoutUrl);
+    }
+    async function refresh() {
+        const session = await loadSession(normalized.sessionUrl);
+        render(mountElement, normalized, session, signIn, signOut);
+    }
+    void refresh();
+    return { refresh, signIn, signOut };
+}
+async function loadSession(sessionUrl) {
+    try {
+        const response = await fetch(sessionUrl, {
+            credentials: "same-origin",
+            headers: { Accept: "application/json" },
+        });
+        if (!response.ok)
+            return { signedIn: false };
+        return (await response.json());
+    }
+    catch {
+        return { signedIn: false };
+    }
+}
+function render(element, options, session, signIn, signOut) {
+    element.innerHTML = "";
+    element.classList.add("metaloot-auth-root");
+    if (session.signedIn && options.showUser) {
+        const wrapper = document.createElement("div");
+        wrapper.className = "metaloot-auth-user";
+        const label = document.createElement("span");
+        label.textContent = `${session.user.name ?? session.user.email ?? "Player"} · Metaloot`;
+        const logout = document.createElement("button");
+        logout.type = "button";
+        logout.className = "metaloot-auth-logout";
+        logout.textContent = "Sign out";
+        logout.addEventListener("click", signOut);
+        wrapper.append(label, logout);
+        element.appendChild(wrapper);
+        return;
+    }
+    if (session.signedIn) {
+        element.hidden = true;
+        return;
+    }
+    element.hidden = false;
+    const button = document.createElement("button");
+    button.type = "button";
+    button.className = "metaloot-auth-button";
+    button.innerHTML = `<span class="metaloot-auth-mark">${iconSvg()}</span><span>${escapeHtml(options.buttonText)}</span>`;
+    button.setAttribute("aria-label", `Sign in to ${options.gameName} with Metaloot`);
+    button.addEventListener("click", signIn);
+    element.appendChild(button);
+}
+function injectStyles() {
+    if (document.getElementById("metaloot-auth-adapter-styles"))
+        return;
+    const style = document.createElement("style");
+    style.id = "metaloot-auth-adapter-styles";
+    style.textContent =
+        ".metaloot-auth-root[hidden]{display:none!important}.metaloot-auth-button{align-items:center;background:#8b5cf6;border:0;border-radius:12px;box-shadow:0 12px 30px rgba(139,92,246,.26);color:#fff;cursor:pointer;display:inline-flex;font:600 14px/1.2 system-ui,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;gap:10px;justify-content:center;padding:12px 16px;transition:transform .18s ease,background .18s ease,box-shadow .18s ease}.metaloot-auth-button:hover{background:#7c3aed;box-shadow:0 14px 34px rgba(139,92,246,.34);transform:translateY(-1px)}.metaloot-auth-button:active{transform:translateY(0)}.metaloot-auth-mark{align-items:center;background:rgba(255,255,255,.18);border-radius:8px;display:inline-flex;height:24px;justify-content:center;width:24px}.metaloot-auth-user{align-items:center;background:rgba(10,7,28,.82);border:1px solid rgba(255,255,255,.14);border-radius:12px;color:#f4f1ff;display:inline-flex;font:600 13px/1.2 system-ui,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;gap:10px;padding:10px 12px}.metaloot-auth-logout{background:rgba(255,255,255,.1);border:0;border-radius:8px;color:inherit;cursor:pointer;font:600 12px/1 system-ui,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;padding:7px 9px}.metaloot-auth-logout:hover{background:rgba(255,255,255,.16)}";
+    document.head.appendChild(style);
+}
+function escapeHtml(value) {
+    return value
+        .replaceAll("&", "&amp;")
+        .replaceAll("<", "&lt;")
+        .replaceAll(">", "&gt;")
+        .replaceAll('"', "&quot;");
+}
+function iconSvg() {
+    return '<svg width="18" height="18" viewBox="0 0 24 24" fill="none" aria-hidden="true" xmlns="http://www.w3.org/2000/svg"><path d="M7 12h4M9 10v4M15.5 12h.01M18 10.5h.01" stroke="currentColor" stroke-width="2" stroke-linecap="round"/><path d="M17.32 5H6.68a4 4 0 0 0-3.98 3.59C2.61 9.42 2 14.46 2 16a3 3 0 0 0 3 3c1 0 1.5-.5 2-1l1.41-1.41A2 2 0 0 1 9.83 16h4.34a2 2 0 0 1 1.42.59L17 18c.5.5 1 1 2 1a3 3 0 0 0 3-3c0-1.54-.61-6.58-.7-7.41A4 4 0 0 0 17.32 5Z" stroke="currentColor" stroke-width="2" stroke-linejoin="round"/></svg>';
+}
+//# sourceMappingURL=browser.js.map

package/dist/browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser.js","sourceRoot":"","sources":["../src/browser.ts"],"names":[],"mappings":"AAiBA,MAAM,UAAU,iBAAiB,CAC/B,MAA4B,EAC5B,UAAkC,EAAE;IAEpC,MAAM,OAAO,GACX,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAc,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACpF,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACjE,MAAM,YAAY,GAAG,OAAO,CAAC;IAE7B,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,sBAAsB;QACpD,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,wBAAwB;QAC1D,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,uBAAuB;QACvD,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,uBAAuB;QACzD,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,QAAQ,CAAC,KAAK,IAAI,WAAW;QAC3D,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;KACnC,CAAC;IAEF,YAAY,EAAE,CAAC;IAEf,SAAS,MAAM;QACb,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED,SAAS,OAAO;QACd,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,UAAU,OAAO;QACpB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QACzD,MAAM,CAAC,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,OAAO,EAAE,CAAC;IAEf,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,UAAkB;IAC3C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;YACvC,WAAW,EAAE,aAAa;YAC1B,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7C,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC7B,CAAC;AACH,CAAC;AAED,SAAS,MAAM,CACb,OAAoB,EACpB,OAAyC,EACzC,OAAgC,EAChC,MAAkB,EAClB,OAAmB;IAEnB,OAAO,CAAC,SAAS,GAAG,EAAE,CAAC;IACvB,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAC9C,OAAO,CAAC,SAAS,GAAG,oBAAoB,CAAC;QACzC,MAAM,KAAK,GAAG,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAC7C,KAAK,CAAC,WAAW,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,QAAQ,aAAa,CAAC;QACxF,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,CAAC,IAAI,GAAG,QAAQ,CAAC;QACvB,MAAM,CAAC,SAAS,GAAG,sBAAsB,CAAC;QAC1C,MAAM,CAAC,WAAW,GAAG,UAAU,CAAC;QAChC,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC9B,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC7B,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;QACtB,OAAO;IACT,CAAC;IAED,OAAO,CAAC,MAAM,GAAG,KAAK,CAAC;IACvB,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,CAAC,IAAI,GAAG,QAAQ,CAAC;IACvB,MAAM,CAAC,SAAS,GAAG,sBAAsB,CAAC;IAC1C,MAAM,CAAC,SAAS,GAAG,oCAAoC,OAAO,EAAE,gBAAgB,UAAU,CACxF,OAAO,CAAC,UAAU,CACnB,SAAS,CAAC;IACX,MAAM,CAAC,YAAY,CAAC,YAAY,EAAE,cAAc,OAAO,CAAC,QAAQ,gBAAgB,CAAC,CAAC;IAClF,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACzC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,YAAY;IACnB,IAAI,QAAQ,CAAC,cAAc,CAAC,8BAA8B,CAAC;QAAE,OAAO;IACpE,MAAM,KAAK,GAAG,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IAC9C,KAAK,CAAC,EAAE,GAAG,8BAA8B,CAAC;IAC1C,KAAK,CAAC,WAAW;QACf,sxCAAsxC,CAAC;IACzxC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK;SACT,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC;SACxB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC;SACvB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC;SACvB,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,OAAO;IACd,OAAO,ygBAAygB,CAAC;AACnhB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export { createMetalootAuthHandler, getMetalootSessionFromCookieHeader, handleMetalootRequest, } from "./server.js";
+export { metalootAuth } from "./node.js";
+export { createMetalootRouteHandlers } from "./next.js";
+export type { MetalootAuthOptions, MetalootSession, MetalootSessionResponse, MetalootUser, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,yBAAyB,EACzB,kCAAkC,EAClC,qBAAqB,GACtB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,2BAA2B,EAAE,MAAM,WAAW,CAAC;AACxD,YAAY,EACV,mBAAmB,EACnB,eAAe,EACf,uBAAuB,EACvB,YAAY,GACb,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,4 @@
+export { createMetalootAuthHandler, getMetalootSessionFromCookieHeader, handleMetalootRequest, } from "./server.js";
+export { metalootAuth } from "./node.js";
+export { createMetalootRouteHandlers } from "./next.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,yBAAyB,EACzB,kCAAkC,EAClC,qBAAqB,GACtB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,2BAA2B,EAAE,MAAM,WAAW,CAAC"}

package/dist/next.d.ts

@@ -0,0 +1,6 @@
+import type { MetalootAuthOptions } from "./types.js";
+export declare function createMetalootRouteHandlers(options: MetalootAuthOptions): {
+    GET: (request: Request) => Promise<Response>;
+    POST: (request: Request) => Promise<Response>;
+};
+//# sourceMappingURL=next.d.ts.map

package/dist/next.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"next.d.ts","sourceRoot":"","sources":["../src/next.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEtD,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,mBAAmB;mBACtC,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;oBAA3B,OAAO,KAAG,OAAO,CAAC,QAAQ,CAAC;EAS5D"}

package/dist/next.js

@@ -0,0 +1,12 @@
+import { handleMetalootRequest } from "./server.js";
+export function createMetalootRouteHandlers(options) {
+    async function handler(request) {
+        const response = await handleMetalootRequest(request, options);
+        return response ?? new Response("Not found", { status: 404 });
+    }
+    return {
+        GET: handler,
+        POST: handler,
+    };
+}
+//# sourceMappingURL=next.js.map

package/dist/next.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"next.js","sourceRoot":"","sources":["../src/next.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAGpD,MAAM,UAAU,2BAA2B,CAAC,OAA4B;IACtE,KAAK,UAAU,OAAO,CAAC,OAAgB;QACrC,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/D,OAAO,QAAQ,IAAI,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO;QACL,GAAG,EAAE,OAAO;QACZ,IAAI,EAAE,OAAO;KACd,CAAC;AACJ,CAAC"}

package/dist/node.d.ts

@@ -0,0 +1,10 @@
+import type { MetalootAuthOptions } from "./types.js";
+import type { IncomingMessage, ServerResponse } from "node:http";
+export type NodeLikeRequest = IncomingMessage & {
+    protocol?: string;
+    originalUrl?: string;
+};
+export type NodeLikeResponse = ServerResponse;
+export type NodeNextFunction = (error?: unknown) => void;
+export declare function metalootAuth(options: MetalootAuthOptions): (req: NodeLikeRequest, res: NodeLikeResponse, next?: NodeNextFunction) => Promise<void>;
+//# sourceMappingURL=node.d.ts.map

package/dist/node.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"node.d.ts","sourceRoot":"","sources":["../src/node.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAEjE,MAAM,MAAM,eAAe,GAAG,eAAe,GAAG;IAC9C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG,cAAc,CAAC;AAE9C,MAAM,MAAM,gBAAgB,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;AAEzD,wBAAgB,YAAY,CAAC,OAAO,EAAE,mBAAmB,IAErD,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,OAAO,gBAAgB,mBAkB1B"}

package/dist/node.js

@@ -0,0 +1,54 @@
+import { handleMetalootRequest } from "./server.js";
+export function metalootAuth(options) {
+    return async function metalootAuthMiddleware(req, res, next) {
+        try {
+            const request = toWebRequest(req, options);
+            const response = await handleMetalootRequest(request, options);
+            if (!response) {
+                if (next)
+                    return next();
+                res.statusCode = 404;
+                res.end("Not found");
+                return;
+            }
+            await sendWebResponse(res, response);
+        }
+        catch (error) {
+            if (next)
+                return next(error);
+            res.statusCode = 500;
+            res.end("Metaloot auth error");
+        }
+    };
+}
+function toWebRequest(req, options) {
+    const host = req.headers.host ?? "localhost";
+    const protocol = req.protocol ??
+        (req.headers["x-forwarded-proto"]
+            ? String(req.headers["x-forwarded-proto"]).split(",")[0]
+            : "http");
+    const baseUrl = `${protocol}://${host}`;
+    const url = new URL(req.originalUrl ?? req.url ?? "/", baseUrl).toString();
+    return new Request(url, {
+        method: req.method,
+        headers: req.headers,
+    });
+}
+async function sendWebResponse(res, response) {
+    res.statusCode = response.status;
+    response.headers.forEach((value, key) => {
+        res.setHeader(key, value);
+    });
+    const setCookies = "getSetCookie" in response.headers
+        ? response.headers.getSetCookie()
+        : [];
+    if (setCookies.length > 0)
+        res.setHeader("Set-Cookie", setCookies);
+    if (!response.body) {
+        res.end();
+        return;
+    }
+    const body = Buffer.from(await response.arrayBuffer());
+    res.end(body);
+}
+//# sourceMappingURL=node.js.map

package/dist/node.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"node.js","sourceRoot":"","sources":["../src/node.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAapD,MAAM,UAAU,YAAY,CAAC,OAA4B;IACvD,OAAO,KAAK,UAAU,sBAAsB,CAC1C,GAAoB,EACpB,GAAqB,EACrB,IAAuB;QAEvB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,MAAM,qBAAqB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,IAAI,IAAI;oBAAE,OAAO,IAAI,EAAE,CAAC;gBACxB,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YACD,MAAM,eAAe,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,IAAI;gBAAE,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7B,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACjC,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAoB,EAAE,OAA4B;IACtE,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;IAC7C,MAAM,QAAQ,GACZ,GAAG,CAAC,QAAQ;QACZ,CAAC,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC;YAC/B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACxD,CAAC,CAAC,MAAM,CAAC,CAAC;IACd,MAAM,OAAO,GAAG,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAC;IACxC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE;QACtB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,OAAO,EAAE,GAAG,CAAC,OAAsB;KACpC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,GAAqB,EACrB,QAAkB;IAElB,GAAG,CAAC,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC;IACjC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACtC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GACd,cAAc,IAAI,QAAQ,CAAC,OAAO;QAChC,CAAC,CAAE,QAAQ,CAAC,OAAkD,CAAC,YAAY,EAAE;QAC7E,CAAC,CAAC,EAAE,CAAC;IACT,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;QAAE,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAEnE,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnB,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IACvD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,6 @@
+import type { MetalootAuthOptions, MetalootSession, NormalizedMetalootAuthOptions } from "./types.js";
+export type MetalootRequestHandler = (request: Request) => Promise<Response | null>;
+export declare function createMetalootAuthHandler(options: MetalootAuthOptions): MetalootRequestHandler;
+export declare function handleMetalootRequest(request: Request, options: MetalootAuthOptions | NormalizedMetalootAuthOptions): Promise<Response | null>;
+export declare function getMetalootSessionFromCookieHeader(cookieHeader: string | null | undefined, options: MetalootAuthOptions): MetalootSession | null;
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EACV,mBAAmB,EACnB,eAAe,EAIf,6BAA6B,EAC9B,MAAM,YAAY,CAAC;AAEpB,MAAM,MAAM,sBAAsB,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;AAEpF,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,mBAAmB,GAC3B,sBAAsB,CAGxB;AAED,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,mBAAmB,GAAG,6BAA6B,GAC3D,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAyB1B;AAED,wBAAgB,kCAAkC,CAChD,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACvC,OAAO,EAAE,mBAAmB,GAC3B,eAAe,GAAG,IAAI,CAKxB"}

package/dist/server.js

@@ -0,0 +1,155 @@
+import { createAuthorizeUrl, normalizeOptions, samePath } from "./shared.js";
+import { clearCookie, parseCookieHeader, randomState, serializeCookie, signSession, verifySession, } from "./session.js";
+export function createMetalootAuthHandler(options) {
+    const normalized = normalizeOptions(options);
+    return (request) => handleMetalootRequest(request, normalized);
+}
+export async function handleMetalootRequest(request, options) {
+    const normalized = normalizeOptions(options);
+    const url = new URL(request.url);
+    const secure = shouldUseSecureCookies(request, normalized);
+    if (request.method === "GET" && samePath(url, normalized.startPath)) {
+        return startAuth(normalized, secure);
+    }
+    if (request.method === "GET" && samePath(url, normalized.callbackPath)) {
+        return callbackAuth(request, normalized, secure);
+    }
+    if (request.method === "GET" && samePath(url, normalized.sessionPath)) {
+        return sessionResponse(request, normalized);
+    }
+    if ((request.method === "GET" || request.method === "POST") &&
+        samePath(url, normalized.logoutPath)) {
+        return logoutAuth(normalized, secure);
+    }
+    return null;
+}
+export function getMetalootSessionFromCookieHeader(cookieHeader, options) {
+    const normalized = normalizeOptions(options);
+    const cookies = parseCookieHeader(cookieHeader);
+    const token = cookies.get(normalized.sessionCookieName);
+    return token ? verifySession(token, normalized.sessionSecret) : null;
+}
+async function startAuth(options, secure) {
+    const state = randomState();
+    const headers = new Headers({
+        Location: createAuthorizeUrl(options, state),
+    });
+    headers.append("Set-Cookie", serializeCookie(options.stateCookieName, state, {
+        httpOnly: true,
+        maxAge: 10 * 60,
+        path: "/",
+        sameSite: "Lax",
+        secure,
+    }));
+    return new Response(null, { status: 302, headers });
+}
+async function callbackAuth(request, options, secure) {
+    const url = new URL(request.url);
+    const code = url.searchParams.get("code");
+    const error = url.searchParams.get("error");
+    const returnedState = url.searchParams.get("state");
+    const cookies = parseCookieHeader(request.headers.get("cookie"));
+    const expectedState = cookies.get(options.stateCookieName);
+    if (error) {
+        return json({ error }, 400);
+    }
+    if (!code) {
+        return json({ error: "missing_code" }, 400);
+    }
+    if (expectedState && returnedState !== expectedState) {
+        return json({ error: "invalid_state" }, 400);
+    }
+    const token = await exchangeMetalootCode(code, options);
+    const user = token.user
+        ? normalizeUser(token.user)
+        : await fetchMetalootUser(token, options.authOrigin);
+    const expiresAt = new Date(Date.now() + token.expires_in * 1000).toISOString();
+    const sessionToken = signSession({
+        signedIn: true,
+        user,
+        accessToken: token.access_token,
+        scope: token.scope,
+        expiresAt,
+    }, options.sessionSecret);
+    const headers = new Headers({ Location: options.afterSignInPath });
+    headers.append("Set-Cookie", serializeCookie(options.sessionCookieName, sessionToken, {
+        httpOnly: true,
+        maxAge: token.expires_in,
+        path: "/",
+        sameSite: "Lax",
+        secure,
+    }));
+    headers.append("Set-Cookie", clearCookie(options.stateCookieName, secure));
+    return new Response(null, { status: 302, headers });
+}
+async function sessionResponse(request, options) {
+    const cookies = parseCookieHeader(request.headers.get("cookie"));
+    const token = cookies.get(options.sessionCookieName);
+    const session = token ? verifySession(token, options.sessionSecret) : null;
+    const body = session
+        ? {
+            signedIn: true,
+            user: session.user,
+            scope: session.scope,
+            expiresAt: session.expiresAt,
+        }
+        : { signedIn: false };
+    return json(body);
+}
+async function logoutAuth(options, secure) {
+    const headers = new Headers({ Location: options.afterSignOutPath });
+    headers.append("Set-Cookie", clearCookie(options.sessionCookieName, secure));
+    return new Response(null, { status: 302, headers });
+}
+async function exchangeMetalootCode(code, options) {
+    const response = await fetch(new URL("/api/oauth/token", options.authOrigin), {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            grant_type: "authorization_code",
+            client_id: options.clientId,
+            client_secret: options.clientSecret,
+            code,
+            redirect_uri: options.redirectUri,
+        }),
+    });
+    const body = (await response.json());
+    if (!response.ok || !("access_token" in body)) {
+        throw new Error("Metaloot token exchange failed.");
+    }
+    return body;
+}
+async function fetchMetalootUser(token, authOrigin) {
+    const response = await fetch(new URL("/api/oauth/userinfo", authOrigin), {
+        headers: { Authorization: `Bearer ${token.access_token}` },
+    });
+    if (!response.ok)
+        throw new Error("Metaloot userinfo request failed.");
+    const user = (await response.json());
+    return {
+        id: user.id ?? user.sub ?? "",
+        email: user.email,
+        name: user.name,
+        imageUrl: user.picture,
+    };
+}
+function normalizeUser(user) {
+    return {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        imageUrl: user.imageUrl ?? user.image_url,
+    };
+}
+function shouldUseSecureCookies(request, options) {
+    if (typeof options.cookieSecure === "boolean")
+        return options.cookieSecure;
+    return new URL(request.url).protocol === "https:";
+}
+function json(body, status = 200) {
+    return new Response(JSON.stringify(body), {
+        status,
+        headers: { "Content-Type": "application/json" },
+    });
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC7E,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,WAAW,EACX,aAAa,GACd,MAAM,cAAc,CAAC;AAYtB,MAAM,UAAU,yBAAyB,CACvC,OAA4B;IAE5B,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC7C,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,qBAAqB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,OAAgB,EAChB,OAA4D;IAE5D,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,sBAAsB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAE3D,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,OAAO,SAAS,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACvE,OAAO,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACtE,OAAO,eAAe,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAC9C,CAAC;IAED,IACE,CAAC,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,CAAC;QACvD,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,UAAU,CAAC,EACpC,CAAC;QACD,OAAO,UAAU,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kCAAkC,CAChD,YAAuC,EACvC,OAA4B;IAE5B,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACvE,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,OAAsC,EACtC,MAAe;IAEf,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;QAC1B,QAAQ,EAAE,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC;KAC7C,CAAC,CAAC;IACH,OAAO,CAAC,MAAM,CACZ,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,EAAE;QAC9C,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,EAAE,GAAG,EAAE;QACf,IAAI,EAAE,GAAG;QACT,QAAQ,EAAE,KAAK;QACf,MAAM;KACP,CAAC,CACH,CAAC;IACF,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;AACtD,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,OAAgB,EAChB,OAAsC,EACtC,MAAe;IAEf,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,aAAa,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjE,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAE3D,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,aAAa,IAAI,aAAa,KAAK,aAAa,EAAE,CAAC;QACrD,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI;QACrB,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC;QAC3B,CAAC,CAAC,MAAM,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACvD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC/E,MAAM,YAAY,GAAG,WAAW,CAC9B;QACE,QAAQ,EAAE,IAAI;QACd,IAAI;QACJ,WAAW,EAAE,KAAK,CAAC,YAAY;QAC/B,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,SAAS;KACV,EACD,OAAO,CAAC,aAAa,CACtB,CAAC;IACF,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;IACnE,OAAO,CAAC,MAAM,CACZ,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,iBAAiB,EAAE,YAAY,EAAE;QACvD,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,KAAK,CAAC,UAAU;QACxB,IAAI,EAAE,GAAG;QACT,QAAQ,EAAE,KAAK;QACf,MAAM;KACP,CAAC,CACH,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;IAC3E,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;AACtD,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,OAAgB,EAChB,OAAsC;IAEtC,MAAM,OAAO,GAAG,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjE,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC3E,MAAM,IAAI,GAA4B,OAAO;QAC3C,CAAC,CAAC;YACE,QAAQ,EAAE,IAAI;YACd,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B;QACH,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IACxB,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAsC,EACtC,MAAe;IAEf,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACpE,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7E,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;AACtD,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,OAAsC;IAEtC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,UAAU,CAAC,EAAE;QAC5E,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,OAAO,CAAC,QAAQ;YAC3B,aAAa,EAAE,OAAO,CAAC,YAAY;YACnC,IAAI;YACJ,YAAY,EAAE,OAAO,CAAC,WAAW;SAClC,CAAC;KACH,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA+C,CAAC;IAEnF,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC,cAAc,IAAI,IAAI,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,KAA4B,EAC5B,UAAkB;IAElB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,qBAAqB,EAAE,UAAU,CAAC,EAAE;QACvE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,CAAC,YAAY,EAAE,EAAE;KAC3D,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvE,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAMlC,CAAC;IACF,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,GAAG,IAAI,EAAE;QAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE,IAAI,CAAC,OAAO;KACvB,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,IAAgD;IACrE,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,SAAS;KAC1C,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAC7B,OAAgB,EAChB,OAAsC;IAEtC,IAAI,OAAO,OAAO,CAAC,YAAY,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC,YAAY,CAAC;IAC3E,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;AACpD,CAAC;AAED,SAAS,IAAI,CAAC,IAAa,EAAE,MAAM,GAAG,GAAG;IACvC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC"}

package/dist/session.d.ts

@@ -0,0 +1,14 @@
+import type { MetalootSession } from "./types.js";
+export declare function randomState(): string;
+export declare function signSession(session: MetalootSession, secret: string): string;
+export declare function verifySession(token: string, secret: string): MetalootSession | null;
+export declare function parseCookieHeader(header: string | null | undefined): Map<string, string>;
+export declare function serializeCookie(name: string, value: string, options?: {
+    httpOnly?: boolean;
+    maxAge?: number;
+    path?: string;
+    sameSite?: "Lax" | "Strict" | "None";
+    secure?: boolean;
+}): string;
+export declare function clearCookie(name: string, secure: boolean): string;
+//# sourceMappingURL=session.d.ts.map

package/dist/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAIlD,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAI5E;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAiBnF;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAaxF;AAED,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;IACP,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;CACb,GACL,MAAM,CAQR;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,MAAM,CAQjE"}

package/dist/session.js

@@ -0,0 +1,77 @@
+import { createHmac, randomBytes, timingSafeEqual } from "node:crypto";
+const TEXT_ENCODER = new TextEncoder();
+export function randomState() {
+    return base64Url(randomBytes(32));
+}
+export function signSession(session, secret) {
+    const payload = base64Url(JSON.stringify(session));
+    const signature = createSignature(payload, secret);
+    return `${payload}.${signature}`;
+}
+export function verifySession(token, secret) {
+    const [payload, signature] = token.split(".");
+    if (!payload || !signature)
+        return null;
+    const expected = createSignature(payload, secret);
+    if (!safeEqual(signature, expected))
+        return null;
+    try {
+        const session = JSON.parse(Buffer.from(payload, "base64url").toString("utf8"));
+        if (!session?.signedIn || !session.user?.id || !session.expiresAt)
+            return null;
+        if (new Date(session.expiresAt).getTime() <= Date.now())
+            return null;
+        return session;
+    }
+    catch {
+        return null;
+    }
+}
+export function parseCookieHeader(header) {
+    const cookies = new Map();
+    if (!header)
+        return cookies;
+    for (const part of header.split(";")) {
+        const index = part.indexOf("=");
+        if (index === -1)
+            continue;
+        const key = part.slice(0, index).trim();
+        const value = part.slice(index + 1).trim();
+        if (key)
+            cookies.set(key, decodeURIComponent(value));
+    }
+    return cookies;
+}
+export function serializeCookie(name, value, options = {}) {
+    const parts = [`${name}=${encodeURIComponent(value)}`];
+    parts.push(`Path=${options.path ?? "/"}`);
+    if (typeof options.maxAge === "number")
+        parts.push(`Max-Age=${options.maxAge}`);
+    if (options.httpOnly ?? true)
+        parts.push("HttpOnly");
+    parts.push(`SameSite=${options.sameSite ?? "Lax"}`);
+    if (options.secure)
+        parts.push("Secure");
+    return parts.join("; ");
+}
+export function clearCookie(name, secure) {
+    return serializeCookie(name, "", {
+        httpOnly: true,
+        maxAge: 0,
+        path: "/",
+        sameSite: "Lax",
+        secure,
+    });
+}
+function createSignature(payload, secret) {
+    return base64Url(createHmac("sha256", secret).update(payload).digest());
+}
+function safeEqual(a, b) {
+    const left = TEXT_ENCODER.encode(a);
+    const right = TEXT_ENCODER.encode(b);
+    return left.length === right.length && timingSafeEqual(left, right);
+}
+function base64Url(value) {
+    return Buffer.from(value).toString("base64url");
+}
+//# sourceMappingURL=session.js.map

package/dist/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAGvE,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC;AAEvC,MAAM,UAAU,WAAW;IACzB,OAAO,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAwB,EAAE,MAAc;IAClE,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACnD,OAAO,GAAG,OAAO,IAAI,SAAS,EAAE,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa,EAAE,MAAc;IACzD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAExC,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAClD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAEjD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAEhE,CAAC;QACd,IAAI,CAAC,OAAO,EAAE,QAAQ,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAC/E,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE;YAAE,OAAO,IAAI,CAAC;QACrE,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,MAAiC;IACjE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,IAAI,CAAC,MAAM;QAAE,OAAO,OAAO,CAAC;IAE5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,SAAS;QAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,GAAG;YAAE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,IAAY,EACZ,KAAa,EACb,UAMI,EAAE;IAEN,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvD,KAAK,CAAC,IAAI,CAAC,QAAQ,OAAO,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;IAC1C,IAAI,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAChF,IAAI,OAAO,CAAC,QAAQ,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,QAAQ,IAAI,KAAK,EAAE,CAAC,CAAC;IACpD,IAAI,OAAO,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,MAAe;IACvD,OAAO,eAAe,CAAC,IAAI,EAAE,EAAE,EAAE;QAC/B,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC;QACT,IAAI,EAAE,GAAG;QACT,QAAQ,EAAE,KAAK;QACf,MAAM;KACP,CAAC,CAAC;AACL,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,MAAc;IACtD,OAAO,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,SAAS,CAAC,CAAS,EAAE,CAAS;IACrC,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACrC,OAAO,IAAI,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,IAAI,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,SAAS,CAAC,KAAsB;IACvC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAClD,CAAC"}

package/dist/shared.d.ts

@@ -0,0 +1,7 @@
+import type { MetalootAuthOptions, NormalizedMetalootAuthOptions } from "./types.js";
+export declare const DEFAULT_AUTH_ORIGIN = "https://metaloot.app";
+export declare function normalizeOptions(options: MetalootAuthOptions): NormalizedMetalootAuthOptions;
+export declare function trimTrailingSlash(value: string): string;
+export declare function createAuthorizeUrl(options: NormalizedMetalootAuthOptions, state: string): string;
+export declare function samePath(requestUrl: URL, path: string): boolean;
+//# sourceMappingURL=shared.d.ts.map

package/dist/shared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../src/shared.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,6BAA6B,EAAE,MAAM,YAAY,CAAC;AAErF,eAAO,MAAM,mBAAmB,yBAAyB,CAAC;AAE1D,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,mBAAmB,GAC3B,6BAA6B,CAsB/B;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,6BAA6B,EACtC,KAAK,EAAE,MAAM,GACZ,MAAM,CAQR;AAED,wBAAgB,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/D"}

package/dist/shared.js

@@ -0,0 +1,42 @@
+export const DEFAULT_AUTH_ORIGIN = "https://metaloot.app";
+export function normalizeOptions(options) {
+    if (!options.clientId)
+        throw new Error("Metaloot auth requires clientId.");
+    if (!options.clientSecret)
+        throw new Error("Metaloot auth requires clientSecret.");
+    if (!options.redirectUri)
+        throw new Error("Metaloot auth requires redirectUri.");
+    return {
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+        redirectUri: options.redirectUri,
+        authOrigin: trimTrailingSlash(options.authOrigin ?? DEFAULT_AUTH_ORIGIN),
+        scope: options.scope ?? "profile email",
+        sessionSecret: options.sessionSecret ?? options.clientSecret,
+        startPath: options.startPath ?? "/auth/metaloot/start",
+        callbackPath: options.callbackPath ?? "/auth/metaloot/callback",
+        sessionPath: options.sessionPath ?? "/auth/metaloot/session",
+        logoutPath: options.logoutPath ?? "/auth/metaloot/logout",
+        afterSignInPath: options.afterSignInPath ?? "/",
+        afterSignOutPath: options.afterSignOutPath ?? "/",
+        sessionCookieName: options.sessionCookieName ?? "metaloot_session",
+        stateCookieName: options.stateCookieName ?? "metaloot_oauth_state",
+        cookieSecure: options.cookieSecure ?? "auto",
+    };
+}
+export function trimTrailingSlash(value) {
+    return value.replace(/\/+$/, "");
+}
+export function createAuthorizeUrl(options, state) {
+    const url = new URL("/oauth/authorize", options.authOrigin);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("client_id", options.clientId);
+    url.searchParams.set("redirect_uri", options.redirectUri);
+    url.searchParams.set("scope", options.scope);
+    url.searchParams.set("state", state);
+    return url.toString();
+}
+export function samePath(requestUrl, path) {
+    return requestUrl.pathname.replace(/\/+$/, "") === path.replace(/\/+$/, "");
+}
+//# sourceMappingURL=shared.js.map

package/dist/shared.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared.js","sourceRoot":"","sources":["../src/shared.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,mBAAmB,GAAG,sBAAsB,CAAC;AAE1D,MAAM,UAAU,gBAAgB,CAC9B,OAA4B;IAE5B,IAAI,CAAC,OAAO,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC3E,IAAI,CAAC,OAAO,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACnF,IAAI,CAAC,OAAO,CAAC,WAAW;QAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IAEjF,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,UAAU,EAAE,iBAAiB,CAAC,OAAO,CAAC,UAAU,IAAI,mBAAmB,CAAC;QACxE,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,eAAe;QACvC,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,YAAY;QAC5D,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,sBAAsB;QACtD,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,yBAAyB;QAC/D,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,wBAAwB;QAC5D,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,uBAAuB;QACzD,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,GAAG;QAC/C,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,GAAG;QACjD,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,IAAI,kBAAkB;QAClE,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,sBAAsB;QAClE,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,MAAM;KAC7C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,OAAsC,EACtC,KAAa;IAEb,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,kBAAkB,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAC5D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IACpD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC1D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,UAAe,EAAE,IAAY;IACpD,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAC9E,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,55 @@
+export type MetalootUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    imageUrl?: string;
+};
+export type MetalootSession = {
+    signedIn: true;
+    user: MetalootUser;
+    accessToken: string;
+    scope: string;
+    expiresAt: string;
+};
+export type MetalootSessionResponse = {
+    signedIn: true;
+    user: MetalootUser;
+    scope: string;
+    expiresAt: string;
+} | {
+    signedIn: false;
+};
+export type MetalootAuthOptions = {
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+    authOrigin?: string;
+    scope?: string;
+    sessionSecret?: string;
+    startPath?: string;
+    callbackPath?: string;
+    sessionPath?: string;
+    logoutPath?: string;
+    afterSignInPath?: string;
+    afterSignOutPath?: string;
+    sessionCookieName?: string;
+    stateCookieName?: string;
+    cookieSecure?: boolean | "auto";
+};
+export type NormalizedMetalootAuthOptions = Required<Pick<MetalootAuthOptions, "clientId" | "clientSecret" | "redirectUri" | "authOrigin" | "scope" | "sessionSecret" | "startPath" | "callbackPath" | "sessionPath" | "logoutPath" | "afterSignInPath" | "afterSignOutPath" | "sessionCookieName" | "stateCookieName">> & {
+    cookieSecure: boolean | "auto";
+};
+export type MetalootTokenResponse = {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    scope: string;
+    user?: {
+        id: string;
+        email?: string;
+        name?: string;
+        image_url?: string;
+        imageUrl?: string;
+    };
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAC/B;IACE,QAAQ,EAAE,IAAI,CAAC;IACf,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,GACD;IACE,QAAQ,EAAE,KAAK,CAAC;CACjB,CAAC;AAEN,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CACjC,CAAC;AAEF,MAAM,MAAM,6BAA6B,GAAG,QAAQ,CAClD,IAAI,CACF,mBAAmB,EACjB,UAAU,GACV,cAAc,GACd,aAAa,GACb,YAAY,GACZ,OAAO,GACP,eAAe,GACf,WAAW,GACX,cAAc,GACd,aAAa,GACb,YAAY,GACZ,iBAAiB,GACjB,kBAAkB,GAClB,mBAAmB,GACnB,iBAAiB,CACpB,CACF,GAAG;IACF,YAAY,EAAE,OAAO,GAAG,MAAM,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE;QACL,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;CACH,CAAC"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "@metaloot/auth",
+  "version": "0.1.0",
+  "description": "Drop-in Metaloot auth adapters for browser games.",
+  "type": "module",
+  "license": "MIT",
+  "author": "Metaloot",
+  "homepage": "https://metaloot.app",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Complexia/metaloot-auth.git"
+  },
+  "bugs": {
+    "url": "https://github.com/Complexia/metaloot-auth/issues"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "sideEffects": false,
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./browser": {
+      "types": "./dist/browser.d.ts",
+      "import": "./dist/browser.js"
+    },
+    "./node": {
+      "types": "./dist/node.d.ts",
+      "import": "./dist/node.js"
+    },
+    "./next": {
+      "types": "./dist/next.d.ts",
+      "import": "./dist/next.js"
+    },
+    "./server": {
+      "types": "./dist/server.d.ts",
+      "import": "./dist/server.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "clean": "rm -rf dist",
+    "prepack": "npm run clean && npm run build",
+    "test": "npm run build && node --test test/*.test.mjs",
+    "typecheck": "tsc -p tsconfig.json --noEmit"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "keywords": [
+    "metaloot",
+    "auth",
+    "oauth",
+    "games",
+    "browser-games"
+  ],
+  "devDependencies": {
+    "@types/node": "^20.19.0",
+    "typescript": "^5.9.0"
+  }
+}