@mindfulauth/core 2.0.0-beta.6 → 2.0.0-beta.8

package/dist/astro/SecurityScript.astro

@@ -46,16 +46,12 @@ async function loadQRCodeLibrary() {
 // ============================================================================
 
 /**
- * Extracts recordid from window variable (injected server-side by backend)
- * Backend MUST inject this variable for all implementations
- * Architecture
- * - All protected routes require /{memberid}/page URL structure
- * - Backend extracts memberid from URL path and validates against session
- * - Frontend receives memberid via window.MEMBERID injection
- * @returns {string|null} The recordid if found, null otherwise
+ * Extracts the recordId from the URL path (/{memberid}/...).
+ * The memberid is the first path segment, already validated server-side by middleware.
+ * @returns {string|undefined} The recordId if found, undefined otherwise
  */
 function getRecordId() {
-    return window.MEMBERID || null;
+    return window.location.pathname.split('/').filter(Boolean)[0] || undefined;
 }
 
 // ============================================================================

package/dist/core/csp.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Scans the mindfulauth/astro/ directory at build time and returns SHA-384
+ * hashes for all <script is:inline> blocks found in .astro component files.
+ *
+ * Astro's static CSP analysis cannot resolve dynamically rendered components,
+ * so hashes must be declared manually in astro.config.mjs. This function
+ * computes them automatically so no manual maintenance is needed.
+ *
+ * When published as a package, this function resolves the astro/ directory
+ * relative to its own location — no consumer configuration required.
+ *
+ * @example
+ * // astro.config.mjs
+ * // import { getScriptHashes } from '@mindfulauth/core';
+ *
+ * scriptDirective: { hashes: getScriptHashes() }
+ */
+export declare function getScriptHashes(): string[];
+//# sourceMappingURL=csp.d.ts.map

package/dist/core/csp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csp.d.ts","sourceRoot":"","sources":["../../src/core/csp.ts"],"names":[],"mappings":"AAWA;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAS1C"}

package/dist/core/csp.js

@@ -0,0 +1,36 @@
+// ============================================================================
+// Build-time CSP utilities for Mindful Auth
+// Import this in astro.config.mjs only — not at SSR runtime.
+// ============================================================================
+import { readFileSync, readdirSync } from 'fs';
+import { createHash } from 'crypto';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+/**
+ * Scans the mindfulauth/astro/ directory at build time and returns SHA-384
+ * hashes for all <script is:inline> blocks found in .astro component files.
+ *
+ * Astro's static CSP analysis cannot resolve dynamically rendered components,
+ * so hashes must be declared manually in astro.config.mjs. This function
+ * computes them automatically so no manual maintenance is needed.
+ *
+ * When published as a package, this function resolves the astro/ directory
+ * relative to its own location — no consumer configuration required.
+ *
+ * @example
+ * // astro.config.mjs
+ * // import { getScriptHashes } from '@mindfulauth/core';
+ *
+ * scriptDirective: { hashes: getScriptHashes() }
+ */
+export function getScriptHashes() {
+    const dir = join(__dirname, '../astro');
+    return readdirSync(dir)
+        .filter(f => f.endsWith('.astro'))
+        .flatMap(file => {
+        const content = readFileSync(join(dir, file), 'utf8');
+        return [...content.matchAll(/<script\b[^>]*>([\s\S]*?)<\/script>/g)]
+            .map((m) => 'sha384-' + createHash('sha384').update(m[1], 'utf8').digest('base64'));
+    });
+}

package/dist/core/index.d.ts

@@ -4,4 +4,5 @@ export * from './auth';
 export * from './auth-handler';
 export * from './security';
 export * from './middleware';
+export * from './csp';
 //# sourceMappingURL=index.d.ts.map

package/dist/core/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAGA,cAAc,SAAS,CAAC;AAGxB,cAAc,UAAU,CAAC;AAGzB,cAAc,QAAQ,CAAC;AAGvB,cAAc,gBAAgB,CAAC;AAG/B,cAAc,YAAY,CAAC;AAG3B,cAAc,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAGA,cAAc,SAAS,CAAC;AAGxB,cAAc,UAAU,CAAC;AAGzB,cAAc,QAAQ,CAAC;AAGvB,cAAc,gBAAgB,CAAC;AAG/B,cAAc,YAAY,CAAC;AAG3B,cAAc,cAAc,CAAC;AAG7B,cAAc,OAAO,CAAC"}

package/dist/core/index.js

@@ -11,3 +11,5 @@ export * from './auth-handler';
 export * from './security';
 // Middleware  
 export * from './middleware';
+// Build-time CSP utilities
+export * from './csp';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mindfulauth/core",
-  "version": "2.0.0-beta.6",
+  "version": "2.0.0-beta.8",
   "description": "Mindful Auth core authentication library for Astro 6",
   "type": "module",
   "main": "./dist/core/index.js",
@@ -26,6 +26,10 @@
     "./config": {
       "types": "./dist/core/config.d.ts",
       "import": "./dist/core/config.js"
+    },
+    "./csp": {
+      "types": "./dist/core/csp.d.ts",
+      "import": "./dist/core/csp.js"
     }
   },
   "files": [
@@ -51,7 +55,8 @@
   },
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20260307.1",
+    "@types/node": "^25.3.5",
     "astro": "^6.0.0-beta.20",
     "typescript": "^5.9.3"
   }
-}
+}