@mulverse/mulguard-core 1.0.0

package/lib/init.js

@@ -0,0 +1,172 @@
+import * as jwt from "../jwt.js";
+import { createCallbackUrl } from "./utils/callback-url.js";
+import * as cookie from "./utils/cookie.js";
+import { createCSRFToken } from "./actions/callback/oauth/csrf-token.js";
+import { AdapterError, EventError } from "../errors.js";
+import parseProviders from "./utils/providers.js";
+import { setLogger } from "./utils/logger.js";
+import { merge } from "./utils/merge.js";
+import { createServerActionsAdapter } from "../adapters/server-actions-helpers.js";
+export const defaultCallbacks = {
+    signIn() {
+        return true;
+    },
+    redirect({ url, baseUrl }) {
+        if (url.startsWith("/"))
+            return `${baseUrl}${url}`;
+        else if (new URL(url).origin === baseUrl)
+            return url;
+        return baseUrl;
+    },
+    session({ session }) {
+        return {
+            user: {
+                name: session.user?.name,
+                email: session.user?.email,
+                image: session.user?.image,
+            },
+            expires: session.expires?.toISOString?.() ?? session.expires,
+        };
+    },
+    jwt({ token }) {
+        return token;
+    },
+};
+/** Initialize all internal options and cookies. */
+export async function init({ authOptions: config, providerId, action, url, cookies: reqCookies, callbackUrl: reqCallbackUrl, csrfToken: reqCsrfToken, csrfDisabled, isPost, }) {
+    const logger = setLogger(config);
+    const { providers, provider } = parseProviders({ url, providerId, config });
+    const maxAge = 30 * 24 * 60 * 60; // Sessions expire after 30 days of being idle by default
+    let isOnRedirectProxy = false;
+    if ((provider?.type === "oauth" || provider?.type === "oidc") &&
+        provider.redirectProxyUrl) {
+        try {
+            isOnRedirectProxy =
+                new URL(provider.redirectProxyUrl).origin === url.origin;
+        }
+        catch {
+            throw new TypeError(`redirectProxyUrl must be a valid URL. Received: ${provider.redirectProxyUrl}`);
+        }
+    }
+    // User provided options are overridden by other options,
+    // except for the options with special handling above
+    const options = {
+        debug: false,
+        pages: {},
+        theme: {
+            colorScheme: "auto",
+            logo: "",
+            brandColor: "",
+            buttonText: "",
+        },
+        // Custom options override defaults
+        ...config,
+        // These computed settings can have values in userOptions but we override them
+        // and are request-specific.
+        url,
+        action,
+        // @ts-expect-errors
+        provider,
+        cookies: merge(cookie.defaultCookies(config.useSecureCookies ?? url.protocol === "https:"), config.cookies),
+        providers,
+        // Session options
+        session: {
+            // If no adapter or serverActions specified, force use of JSON Web Tokens (stateless)
+            strategy: (config.adapter || config.serverActions) ? "database" : "jwt",
+            maxAge,
+            updateAge: 24 * 60 * 60,
+            generateSessionToken: () => crypto.randomUUID(),
+            ...config.session,
+        },
+        // JWT options
+        jwt: {
+            secret: config.secret,
+            maxAge: config.session?.maxAge ?? maxAge,
+            encode: jwt.encode,
+            decode: jwt.decode,
+            ...config.jwt,
+        },
+        // Event messages
+        events: eventsErrorHandler(config.events ?? {}, logger),
+        adapter: adapterErrorHandler(config.adapter || (config.serverActions ? createServerActionsAdapter(config.serverActions) : undefined), logger),
+        // Callback functions
+        callbacks: { ...defaultCallbacks, ...config.callbacks },
+        logger,
+        callbackUrl: url.origin,
+        isOnRedirectProxy,
+        experimental: {
+            ...config.experimental,
+        },
+    };
+    // Init cookies
+    const cookies = [];
+    if (csrfDisabled) {
+        options.csrfTokenVerified = true;
+    }
+    else {
+        const { csrfToken, cookie: csrfCookie, csrfTokenVerified, } = await createCSRFToken({
+            options,
+            cookieValue: reqCookies?.[options.cookies.csrfToken.name],
+            isPost,
+            bodyValue: reqCsrfToken,
+        });
+        options.csrfToken = csrfToken;
+        options.csrfTokenVerified = csrfTokenVerified;
+        if (csrfCookie) {
+            cookies.push({
+                name: options.cookies.csrfToken.name,
+                value: csrfCookie,
+                options: options.cookies.csrfToken.options,
+            });
+        }
+    }
+    const { callbackUrl, callbackUrlCookie } = await createCallbackUrl({
+        options,
+        cookieValue: reqCookies?.[options.cookies.callbackUrl.name],
+        paramValue: reqCallbackUrl,
+    });
+    options.callbackUrl = callbackUrl;
+    if (callbackUrlCookie) {
+        cookies.push({
+            name: options.cookies.callbackUrl.name,
+            value: callbackUrlCookie,
+            options: options.cookies.callbackUrl.options,
+        });
+    }
+    return { options, cookies };
+}
+/** Wraps an object of methods and adds error handling. */
+function eventsErrorHandler(methods, logger) {
+    return Object.keys(methods).reduce((acc, name) => {
+        acc[name] = async (...args) => {
+            try {
+                const method = methods[name];
+                return await method(...args);
+            }
+            catch (e) {
+                logger.error(new EventError(e));
+            }
+        };
+        return acc;
+    }, {});
+}
+/** Handles adapter induced errors. */
+function adapterErrorHandler(adapter, logger) {
+    if (!adapter)
+        return;
+    return Object.keys(adapter).reduce((acc, name) => {
+        acc[name] = async (...args) => {
+            try {
+                logger.debug(`adapter_${name}`, { args });
+                const method = adapter[name];
+                return await method(...args);
+            }
+            catch (e) {
+                const error = new AdapterError(e);
+                logger.error(error);
+                throw error;
+            }
+        };
+        return acc;
+    }, {});
+}

package/lib/pages/error.d.ts

@@ -0,0 +1,17 @@
+import type { ErrorPageParam, Theme } from "../../types.js";
+/**
+ * The following errors are passed as error query parameters to the default or overridden error page.
+ *
+ * [Documentation](https://authjs.dev/guides/pages/error)
+ */
+export interface ErrorProps {
+    url?: URL;
+    theme?: Theme;
+    error?: ErrorPageParam;
+}
+/** Renders an error page. */
+export default function ErrorPage(props: ErrorProps): {
+    status: number;
+    html: import("preact").JSX.Element;
+};
+//# sourceMappingURL=error.d.ts.map

package/lib/pages/error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/lib/pages/error.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAE3D;;;;GAIG;AAEH,MAAM,WAAW,UAAU;IACzB,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,KAAK,CAAC,EAAE,cAAc,CAAA;CACvB;AASD,6BAA6B;AAC7B,MAAM,CAAC,OAAO,UAAU,SAAS,CAAC,KAAK,EAAE,UAAU;;;EAmFlD"}

package/lib/pages/error.js

@@ -0,0 +1,40 @@
+import { jsx as _jsx, jsxs as _jsxs } from "preact/jsx-runtime";
+/** Renders an error page. */
+export default function ErrorPage(props) {
+    const { url, error = "default", theme } = props;
+    const signinPageUrl = `${url}/signin`;
+    const errors = {
+        default: {
+            status: 200,
+            heading: "Error",
+            message: (_jsx("p", { children: _jsx("a", { className: "site", href: url?.origin, children: url?.host }) })),
+        },
+        Configuration: {
+            status: 500,
+            heading: "Server error",
+            message: (_jsxs("div", { children: [_jsx("p", { children: "There is a problem with the server configuration." }), _jsx("p", { children: "Check the server logs for more information." })] })),
+        },
+        AccessDenied: {
+            status: 403,
+            heading: "Access Denied",
+            message: (_jsxs("div", { children: [_jsx("p", { children: "You do not have permission to sign in." }), _jsx("p", { children: _jsx("a", { className: "button", href: signinPageUrl, children: "Sign in" }) })] })),
+        },
+        Verification: {
+            status: 403,
+            heading: "Unable to sign in",
+            message: (_jsxs("div", { children: [_jsx("p", { children: "The sign in link is no longer valid." }), _jsx("p", { children: "It may have been used already or it may have expired." })] })),
+            signin: (_jsx("a", { className: "button", href: signinPageUrl, children: "Sign in" })),
+        },
+    };
+    const { status, heading, message, signin } = errors[error] ?? errors.default;
+    return {
+        status,
+        html: (_jsxs("div", { className: "error", children: [theme?.brandColor && (_jsx("style", { dangerouslySetInnerHTML: {
+                        __html: `
+        :root {
+          --brand-color: ${theme?.brandColor}
+        }
+      `,
+                    } })), _jsxs("div", { className: "card", children: [theme?.logo && _jsx("img", { src: theme?.logo, alt: "Logo", className: "logo" }), _jsx("h1", { children: heading }), _jsx("div", { className: "message", children: message }), signin] })] })),
+    };
+}

package/lib/pages/index.d.ts

@@ -0,0 +1,42 @@
+import type { InternalOptions, RequestInternal, ResponseInternal, InternalProvider, PublicProvider } from "../../types.js";
+import type { Cookie } from "../utils/cookie.js";
+type RenderPageParams = {
+    query?: RequestInternal["query"];
+    cookies?: Cookie[];
+} & Partial<Pick<InternalOptions, "url" | "callbackUrl" | "csrfToken" | "providers" | "theme" | "pages">>;
+/**
+ * Unless the user defines their [own pages](https://authjs.dev/reference/core#pages),
+ * we render a set of default ones, using Preact SSR.
+ */
+export default function renderPage(params: RenderPageParams): {
+    csrf(skip: boolean, options: InternalOptions, cookies: Cookie[]): {
+        headers: {
+            "Content-Type": string;
+            "Cache-Control": string;
+            Expires: string;
+            Pragma: string;
+        };
+        body: {
+            csrfToken: string | undefined;
+        };
+        cookies: Cookie[];
+        status?: undefined;
+    } | {
+        status: number;
+        cookies: Cookie[];
+        headers?: undefined;
+        body?: undefined;
+    };
+    providers(providers: InternalProvider[]): {
+        headers: {
+            "Content-Type": string;
+        };
+        body: Record<string, PublicProvider>;
+    };
+    signin(providerId?: string, error?: any): ResponseInternal<any>;
+    signout(): ResponseInternal<any>;
+    verifyRequest(props?: any): ResponseInternal<any>;
+    error(error?: string): ResponseInternal<any>;
+};
+export {};
+//# sourceMappingURL=index.d.ts.map

package/lib/pages/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/pages/index.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACf,MAAM,gBAAgB,CAAA;AACvB,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAsBhD,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,eAAe,CAAC,OAAO,CAAC,CAAA;IAChC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;CACnB,GAAG,OAAO,CACT,IAAI,CACF,eAAe,EACf,KAAK,GAAG,aAAa,GAAG,WAAW,GAAG,WAAW,GAAG,OAAO,GAAG,OAAO,CACtE,CACF,CAAA;AAED;;;GAGG;AACH,MAAM,CAAC,OAAO,UAAU,UAAU,CAAC,MAAM,EAAE,gBAAgB;eAI5C,OAAO,WAAW,eAAe,WAAW,MAAM,EAAE;;;;;;;;;;;;;;;;;;yBAqB1C,gBAAgB,EAAE;;;;;;wBAYnB,MAAM,UAAU,GAAG;;0BA6DjB,GAAG;kBAaX,MAAM;EAkBvB"}

package/lib/pages/index.js

@@ -0,0 +1,136 @@
+import { renderToString } from "preact-render-to-string";
+import ErrorPage from "./error.js";
+import SigninPage from "./signin.js";
+import SignoutPage from "./signout.js";
+import css from "./styles.js";
+import VerifyRequestPage from "./verify-request.js";
+import { UnknownAction } from "../../errors.js";
+function send({ html, title, status, cookies, theme, headTags, }) {
+    return {
+        cookies,
+        status,
+        headers: { "Content-Type": "text/html" },
+        body: `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>${css}</style><title>${title}</title>${headTags ?? ""}</head><body class="__next-auth-theme-${theme?.colorScheme ?? "auto"}"><div class="page">${renderToString(html)}</div></body></html>`,
+    };
+}
+/**
+ * Unless the user defines their [own pages](https://authjs.dev/reference/core#pages),
+ * we render a set of default ones, using Preact SSR.
+ */
+export default function renderPage(params) {
+    const { url, theme, query, cookies, pages, providers } = params;
+    return {
+        csrf(skip, options, cookies) {
+            if (!skip) {
+                return {
+                    headers: {
+                        "Content-Type": "application/json",
+                        "Cache-Control": "private, no-cache, no-store",
+                        Expires: "0",
+                        Pragma: "no-cache",
+                    },
+                    body: { csrfToken: options.csrfToken },
+                    cookies,
+                };
+            }
+            options.logger.warn("csrf-disabled");
+            cookies.push({
+                name: options.cookies.csrfToken.name,
+                value: "",
+                options: { ...options.cookies.csrfToken.options, maxAge: 0 },
+            });
+            return { status: 404, cookies };
+        },
+        providers(providers) {
+            return {
+                headers: { "Content-Type": "application/json" },
+                body: providers.reduce((acc, { id, name, type, signinUrl, callbackUrl }) => {
+                    acc[id] = { id, name, type, signinUrl, callbackUrl };
+                    return acc;
+                }, {}),
+            };
+        },
+        signin(providerId, error) {
+            if (providerId)
+                throw new UnknownAction("Unsupported action");
+            if (pages?.signIn) {
+                let signinUrl = `${pages.signIn}${pages.signIn.includes("?") ? "&" : "?"}${new URLSearchParams({ callbackUrl: params.callbackUrl ?? "/" })}`;
+                if (error)
+                    signinUrl = `${signinUrl}&${new URLSearchParams({ error })}`;
+                return { redirect: signinUrl, cookies };
+            }
+            // If we have a webauthn provider with conditional UI and
+            // a simpleWebAuthnBrowserScript is defined, we need to
+            // render the script in the page.
+            const webauthnProvider = providers?.find((p) => p.type === "webauthn" &&
+                p.enableConditionalUI &&
+                !!p.simpleWebAuthnBrowserVersion);
+            let simpleWebAuthnBrowserScript = "";
+            if (webauthnProvider) {
+                const { simpleWebAuthnBrowserVersion } = webauthnProvider;
+                simpleWebAuthnBrowserScript = `<script src="https://unpkg.com/@simplewebauthn/browser@${simpleWebAuthnBrowserVersion}/dist/bundle/index.umd.min.js" crossorigin="anonymous"></script>`;
+            }
+            return send({
+                cookies,
+                theme,
+                html: SigninPage({
+                    csrfToken: params.csrfToken,
+                    // We only want to render providers
+                    providers: params.providers?.filter((provider) => 
+                    // Always render oauth and email type providers
+                    ["email", "oauth", "oidc"].includes(provider.type) ||
+                        // Only render credentials type provider if credentials are defined
+                        (provider.type === "credentials" && provider.credentials) ||
+                        // Only render webauthn type provider if formFields are defined
+                        (provider.type === "webauthn" && provider.formFields) ||
+                        // Don't render other provider types
+                        false),
+                    callbackUrl: params.callbackUrl,
+                    theme: params.theme,
+                    error,
+                    ...query,
+                }),
+                title: "Sign In",
+                headTags: simpleWebAuthnBrowserScript,
+            });
+        },
+        signout() {
+            if (pages?.signOut)
+                return { redirect: pages.signOut, cookies };
+            return send({
+                cookies,
+                theme,
+                html: SignoutPage({ csrfToken: params.csrfToken, url, theme }),
+                title: "Sign Out",
+            });
+        },
+        verifyRequest(props) {
+            if (pages?.verifyRequest)
+                return {
+                    redirect: `${pages.verifyRequest}${url?.search ?? ""}`,
+                    cookies,
+                };
+            return send({
+                cookies,
+                theme,
+                html: VerifyRequestPage({ url, theme, ...props }),
+                title: "Verify Request",
+            });
+        },
+        error(error) {
+            if (pages?.error) {
+                return {
+                    redirect: `${pages.error}${pages.error.includes("?") ? "&" : "?"}error=${error}`,
+                    cookies,
+                };
+            }
+            return send({
+                cookies,
+                theme,
+                // @ts-expect-error fix error type
+                ...ErrorPage({ url, theme, error }),
+                title: "Error",
+            });
+        },
+    };
+}

package/lib/pages/signin.d.ts

@@ -0,0 +1,10 @@
+import type { InternalProvider, SignInPageErrorParam, Theme } from "../../types.js";
+export default function SigninPage(props: {
+    csrfToken?: string;
+    providers?: InternalProvider[];
+    callbackUrl?: string;
+    email?: string;
+    error?: SignInPageErrorParam;
+    theme?: Theme;
+}): import("preact").JSX.Element;
+//# sourceMappingURL=signin.d.ts.map

package/lib/pages/signin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signin.d.ts","sourceRoot":"","sources":["../../src/lib/pages/signin.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,EACN,MAAM,gBAAgB,CAAA;AAgCvB,MAAM,CAAC,OAAO,UAAU,UAAU,CAAC,KAAK,EAAE;IACxC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,gBAAgB,EAAE,CAAA;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,oBAAoB,CAAA;IAC5B,KAAK,CAAC,EAAE,KAAK,CAAA;CACd,gCAmNA"}

package/lib/pages/signin.js

@@ -0,0 +1,75 @@
+import { jsx as _jsx, Fragment as _Fragment, jsxs as _jsxs } from "preact/jsx-runtime";
+import { webauthnScript } from "../utils/webauthn-client.js";
+const signinErrors = {
+    default: "Unable to sign in.",
+    Signin: "Try signing in with a different account.",
+    OAuthSignin: "Try signing in with a different account.",
+    OAuthCallbackError: "Try signing in with a different account.",
+    OAuthCreateAccount: "Try signing in with a different account.",
+    EmailCreateAccount: "Try signing in with a different account.",
+    Callback: "Try signing in with a different account.",
+    OAuthAccountNotLinked: "To confirm your identity, sign in with the same account you used originally.",
+    EmailSignin: "The e-mail could not be sent.",
+    CredentialsSignin: "Sign in failed. Check the details you provided are correct.",
+    SessionRequired: "Please sign in to access this page.",
+};
+function ConditionalUIScript(providerID) {
+    const startConditionalUIScript = `
+const currentURL = window.location.href;
+const authURL = currentURL.substring(0, currentURL.lastIndexOf('/'));
+(${webauthnScript})(authURL, "${providerID}");
+`;
+    return (_jsx(_Fragment, { children: _jsx("script", { dangerouslySetInnerHTML: { __html: startConditionalUIScript } }) }));
+}
+export default function SigninPage(props) {
+    const { csrfToken, providers = [], callbackUrl, theme, email, error: errorType, } = props;
+    if (typeof document !== "undefined" && theme?.brandColor) {
+        document.documentElement.style.setProperty("--brand-color", theme.brandColor);
+    }
+    if (typeof document !== "undefined" && theme?.buttonText) {
+        document.documentElement.style.setProperty("--button-text-color", theme.buttonText);
+    }
+    const error = errorType && (signinErrors[errorType] ?? signinErrors.default);
+    const providerLogoPath = "https://authjs.dev/img/providers";
+    const conditionalUIProviderID = providers.find((provider) => provider.type === "webauthn" && provider.enableConditionalUI)?.id;
+    return (_jsxs("div", { className: "signin", children: [theme?.brandColor && (_jsx("style", { dangerouslySetInnerHTML: {
+                    __html: `:root {--brand-color: ${theme.brandColor}}`,
+                } })), theme?.buttonText && (_jsx("style", { dangerouslySetInnerHTML: {
+                    __html: `
+        :root {
+          --button-text-color: ${theme.buttonText}
+        }
+      `,
+                } })), _jsxs("div", { className: "card", children: [error && (_jsx("div", { className: "error", children: _jsx("p", { children: error }) })), theme?.logo && _jsx("img", { src: theme.logo, alt: "Logo", className: "logo" }), providers.map((provider, i) => {
+                        let bg, brandColor, logo;
+                        if (provider.type === "oauth" || provider.type === "oidc") {
+                            ;
+                            ({
+                                bg = "#fff",
+                                brandColor,
+                                logo = `${providerLogoPath}/${provider.id}.svg`,
+                            } = provider.style ?? {});
+                        }
+                        const color = brandColor ?? bg ?? "#fff";
+                        return (_jsxs("div", { className: "provider", children: [provider.type === "oauth" || provider.type === "oidc" ? (_jsxs("form", { action: provider.signinUrl, method: "POST", children: [_jsx("input", { type: "hidden", name: "csrfToken", value: csrfToken }), callbackUrl && (_jsx("input", { type: "hidden", name: "callbackUrl", value: callbackUrl })), _jsxs("button", { type: "submit", className: "button", style: {
+                                                "--provider-brand-color": color,
+                                            }, tabIndex: 0, children: [_jsxs("span", { style: {
+                                                        filter: "invert(1) grayscale(1) brightness(1.3) contrast(9000)",
+                                                        "mix-blend-mode": "luminosity",
+                                                        opacity: 0.95,
+                                                    }, children: ["Sign in with ", provider.name] }), logo && _jsx("img", { loading: "lazy", height: 24, src: logo })] })] })) : null, (provider.type === "email" ||
+                                    provider.type === "credentials" ||
+                                    provider.type === "webauthn") &&
+                                    i > 0 &&
+                                    providers[i - 1].type !== "email" &&
+                                    providers[i - 1].type !== "credentials" &&
+                                    providers[i - 1].type !== "webauthn" && _jsx("hr", {}), provider.type === "email" && (_jsxs("form", { action: provider.signinUrl, method: "POST", children: [_jsx("input", { type: "hidden", name: "csrfToken", value: csrfToken }), _jsx("label", { className: "section-header", htmlFor: `input-email-for-${provider.id}-provider`, children: "Email" }), _jsx("input", { id: `input-email-for-${provider.id}-provider`, autoFocus: true, type: "email", name: "email", value: email, placeholder: "email@example.com", required: true }), _jsxs("button", { id: "submitButton", type: "submit", tabIndex: 0, children: ["Sign in with ", provider.name] })] })), provider.type === "credentials" && (_jsxs("form", { action: provider.callbackUrl, method: "POST", children: [_jsx("input", { type: "hidden", name: "csrfToken", value: csrfToken }), Object.keys(provider.credentials).map((credential) => {
+                                            return (_jsxs("div", { children: [_jsx("label", { className: "section-header", htmlFor: `input-${credential}-for-${provider.id}-provider`, children: provider.credentials[credential].label ?? credential }), _jsx("input", { name: credential, id: `input-${credential}-for-${provider.id}-provider`, type: provider.credentials[credential].type ?? "text", placeholder: provider.credentials[credential].placeholder ?? "", ...provider.credentials[credential] })] }, `input-group-${provider.id}`));
+                                        }), _jsxs("button", { id: "submitButton", type: "submit", tabIndex: 0, children: ["Sign in with ", provider.name] })] })), provider.type === "webauthn" && (_jsxs("form", { action: provider.callbackUrl, method: "POST", id: `${provider.id}-form`, children: [_jsx("input", { type: "hidden", name: "csrfToken", value: csrfToken }), Object.keys(provider.formFields).map((field) => {
+                                            return (_jsxs("div", { children: [_jsx("label", { className: "section-header", htmlFor: `input-${field}-for-${provider.id}-provider`, children: provider.formFields[field].label ?? field }), _jsx("input", { name: field, "data-form-field": true, id: `input-${field}-for-${provider.id}-provider`, type: provider.formFields[field].type ?? "text", placeholder: provider.formFields[field].placeholder ?? "", ...provider.formFields[field] })] }, `input-group-${provider.id}`));
+                                        }), _jsxs("button", { id: `submitButton-${provider.id}`, type: "submit", tabIndex: 0, children: ["Sign in with ", provider.name] })] })), (provider.type === "email" ||
+                                    provider.type === "credentials" ||
+                                    provider.type === "webauthn") &&
+                                    i + 1 < providers.length && _jsx("hr", {})] }, provider.id));
+                    })] }), conditionalUIProviderID && ConditionalUIScript(conditionalUIProviderID)] }));
+}

package/lib/pages/signout.d.ts

@@ -0,0 +1,8 @@
+import type { Theme } from "../../types.js";
+export interface SignoutProps {
+    url?: URL;
+    csrfToken?: string;
+    theme?: Theme;
+}
+export default function SignoutPage(props: SignoutProps): import("preact").JSX.Element;
+//# sourceMappingURL=signout.d.ts.map

package/lib/pages/signout.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signout.d.ts","sourceRoot":"","sources":["../../src/lib/pages/signout.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAE3C,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,KAAK,CAAC,EAAE,KAAK,CAAA;CACd;AAED,MAAM,CAAC,OAAO,UAAU,WAAW,CAAC,KAAK,EAAE,YAAY,gCAwCtD"}

package/lib/pages/signout.js

@@ -0,0 +1,17 @@
+import { jsx as _jsx, jsxs as _jsxs } from "preact/jsx-runtime";
+export default function SignoutPage(props) {
+    const { url, csrfToken, theme } = props;
+    return (_jsxs("div", { className: "signout", children: [theme?.brandColor && (_jsx("style", { dangerouslySetInnerHTML: {
+                    __html: `
+        :root {
+          --brand-color: ${theme.brandColor}
+        }
+      `,
+                } })), theme?.buttonText && (_jsx("style", { dangerouslySetInnerHTML: {
+                    __html: `
+        :root {
+          --button-text-color: ${theme.buttonText}
+        }
+      `,
+                } })), _jsxs("div", { className: "card", children: [theme?.logo && _jsx("img", { src: theme.logo, alt: "Logo", className: "logo" }), _jsx("h1", { children: "Signout" }), _jsx("p", { children: "Are you sure you want to sign out?" }), _jsxs("form", { action: url?.toString(), method: "POST", children: [_jsx("input", { type: "hidden", name: "csrfToken", value: csrfToken }), _jsx("button", { id: "submitButton", type: "submit", children: "Sign out" })] })] })] }));
+}

package/lib/pages/styles.d.ts

@@ -0,0 +1,3 @@
+declare const _default: ":root {\n  --border-width: 1px;\n  --border-radius: 0.5rem;\n  --color-error: #c94b4b;\n  --color-info: #157efb;\n  --color-info-hover: #0f6ddb;\n  --color-info-text: #fff;\n}\n\n.__next-auth-theme-auto,\n.__next-auth-theme-light {\n  --color-background: #ececec;\n  --color-background-hover: rgba(236, 236, 236, 0.8);\n  --color-background-card: #fff;\n  --color-text: #000;\n  --color-primary: #444;\n  --color-control-border: #bbb;\n  --color-button-active-background: #f9f9f9;\n  --color-button-active-border: #aaa;\n  --color-separator: #ccc;\n  --provider-bg: #fff;\n  --provider-bg-hover: color-mix(\n    in srgb,\n    var(--provider-brand-color) 30%,\n    #fff\n  );\n}\n\n.__next-auth-theme-dark {\n  --color-background: #161b22;\n  --color-background-hover: rgba(22, 27, 34, 0.8);\n  --color-background-card: #0d1117;\n  --color-text: #fff;\n  --color-primary: #ccc;\n  --color-control-border: #555;\n  --color-button-active-background: #060606;\n  --color-button-active-border: #666;\n  --color-separator: #444;\n  --provider-bg: #161b22;\n  --provider-bg-hover: color-mix(\n    in srgb,\n    var(--provider-brand-color) 30%,\n    #000\n  );\n}\n\n.__next-auth-theme-dark img[src$=\"42-school.svg\"],\n  .__next-auth-theme-dark img[src$=\"apple.svg\"],\n  .__next-auth-theme-dark img[src$=\"boxyhq-saml.svg\"],\n  .__next-auth-theme-dark img[src$=\"eveonline.svg\"],\n  .__next-auth-theme-dark img[src$=\"github.svg\"],\n  .__next-auth-theme-dark img[src$=\"mailchimp.svg\"],\n  .__next-auth-theme-dark img[src$=\"medium.svg\"],\n  .__next-auth-theme-dark img[src$=\"okta.svg\"],\n  .__next-auth-theme-dark img[src$=\"patreon.svg\"],\n  .__next-auth-theme-dark img[src$=\"ping-id.svg\"],\n  .__next-auth-theme-dark img[src$=\"roblox.svg\"],\n  .__next-auth-theme-dark img[src$=\"threads.svg\"],\n  .__next-auth-theme-dark img[src$=\"wikimedia.svg\"] {\n    filter: invert(1);\n  }\n\n.__next-auth-theme-dark #submitButton {\n    background-color: var(--provider-bg, var(--color-info));\n  }\n\n@media (prefers-color-scheme: dark) {\n  .__next-auth-theme-auto {\n    --color-background: #161b22;\n    --color-background-hover: rgba(22, 27, 34, 0.8);\n    --color-background-card: #0d1117;\n    --color-text: #fff;\n    --color-primary: #ccc;\n    --color-control-border: #555;\n    --color-button-active-background: #060606;\n    --color-button-active-border: #666;\n    --color-separator: #444;\n    --provider-bg: #161b22;\n    --provider-bg-hover: color-mix(\n      in srgb,\n      var(--provider-brand-color) 30%,\n      #000\n    );\n  }\n    .__next-auth-theme-auto img[src$=\"42-school.svg\"],\n    .__next-auth-theme-auto img[src$=\"apple.svg\"],\n    .__next-auth-theme-auto img[src$=\"boxyhq-saml.svg\"],\n    .__next-auth-theme-auto img[src$=\"eveonline.svg\"],\n    .__next-auth-theme-auto img[src$=\"github.svg\"],\n    .__next-auth-theme-auto img[src$=\"mailchimp.svg\"],\n    .__next-auth-theme-auto img[src$=\"medium.svg\"],\n    .__next-auth-theme-auto img[src$=\"okta.svg\"],\n    .__next-auth-theme-auto img[src$=\"patreon.svg\"],\n    .__next-auth-theme-auto img[src$=\"ping-id.svg\"],\n    .__next-auth-theme-auto img[src$=\"roblox.svg\"],\n    .__next-auth-theme-auto img[src$=\"threads.svg\"],\n    .__next-auth-theme-auto img[src$=\"wikimedia.svg\"] {\n      filter: invert(1);\n    }\n    .__next-auth-theme-auto #submitButton {\n      background-color: var(--provider-bg, var(--color-info));\n    }\n}\n\nhtml {\n  box-sizing: border-box;\n}\n\n*,\n*:before,\n*:after {\n  box-sizing: inherit;\n  margin: 0;\n  padding: 0;\n}\n\nbody {\n  background-color: var(--color-background);\n  margin: 0;\n  padding: 0;\n  font-family:\n    ui-sans-serif,\n    system-ui,\n    -apple-system,\n    BlinkMacSystemFont,\n    \"Segoe UI\",\n    Roboto,\n    \"Helvetica Neue\",\n    Arial,\n    \"Noto Sans\",\n    sans-serif,\n    \"Apple Color Emoji\",\n    \"Segoe UI Emoji\",\n    \"Segoe UI Symbol\",\n    \"Noto Color Emoji\";\n}\n\nh1 {\n  margin-bottom: 1.5rem;\n  padding: 0 1rem;\n  font-weight: 400;\n  color: var(--color-text);\n}\n\np {\n  margin-bottom: 1.5rem;\n  padding: 0 1rem;\n  color: var(--color-text);\n}\n\nform {\n  margin: 0;\n  padding: 0;\n}\n\nlabel {\n  font-weight: 500;\n  text-align: left;\n  margin-bottom: 0.25rem;\n  display: block;\n  color: var(--color-text);\n}\n\ninput[type] {\n  box-sizing: border-box;\n  display: block;\n  width: 100%;\n  padding: 0.5rem 1rem;\n  border: var(--border-width) solid var(--color-control-border);\n  background: var(--color-background-card);\n  font-size: 1rem;\n  border-radius: var(--border-radius);\n  color: var(--color-text);\n}\n\np {\n  font-size: 1.1rem;\n  line-height: 2rem;\n}\n\na.button {\n  text-decoration: none;\n  line-height: 1rem;\n}\n\na.button:link,\n  a.button:visited {\n    background-color: var(--color-background);\n    color: var(--color-primary);\n  }\n\nbutton,\na.button {\n  padding: 0.75rem 1rem;\n  color: var(--provider-color, var(--color-primary));\n  background-color: var(--provider-bg, var(--color-background));\n  border: 1px solid #00000031;\n  font-size: 0.9rem;\n  height: 50px;\n  border-radius: var(--border-radius);\n  transition: background-color 250ms ease-in-out;\n  font-weight: 300;\n  position: relative;\n  display: flex;\n  align-items: center;\n  justify-content: space-between;\n}\n\n:is(button,a.button):hover {\n    background-color: var(--provider-bg-hover, var(--color-background-hover));\n    cursor: pointer;\n  }\n\n:is(button,a.button):active {\n    cursor: pointer;\n  }\n\n:is(button,a.button) span {\n    color: var(--provider-bg);\n  }\n\n#submitButton {\n  color: var(--button-text-color, var(--color-info-text));\n  background-color: var(--brand-color, var(--color-info));\n  width: 100%;\n}\n\n#submitButton:hover {\n    background-color: var(\n      --button-hover-bg,\n      var(--color-info-hover)\n    ) !important;\n  }\n\na.site {\n  color: var(--color-primary);\n  text-decoration: none;\n  font-size: 1rem;\n  line-height: 2rem;\n}\n\na.site:hover {\n    text-decoration: underline;\n  }\n\n.page {\n  position: absolute;\n  width: 100%;\n  height: 100%;\n  display: grid;\n  place-items: center;\n  margin: 0;\n  padding: 0;\n  box-sizing: border-box;\n}\n\n.page > div {\n    text-align: center;\n  }\n\n.error a.button {\n    padding-left: 2rem;\n    padding-right: 2rem;\n    margin-top: 0.5rem;\n  }\n\n.error .message {\n    margin-bottom: 1.5rem;\n  }\n\n.signin input[type=\"text\"] {\n    margin-left: auto;\n    margin-right: auto;\n    display: block;\n  }\n\n.signin hr {\n    display: block;\n    border: 0;\n    border-top: 1px solid var(--color-separator);\n    margin: 2rem auto 1rem auto;\n    overflow: visible;\n  }\n\n.signin hr::before {\n      content: \"or\";\n      background: var(--color-background-card);\n      color: #888;\n      padding: 0 0.4rem;\n      position: relative;\n      top: -0.7rem;\n    }\n\n.signin .error {\n    background: #f5f5f5;\n    font-weight: 500;\n    border-radius: 0.3rem;\n    background: var(--color-error);\n  }\n\n.signin .error p {\n      text-align: left;\n      padding: 0.5rem 1rem;\n      font-size: 0.9rem;\n      line-height: 1.2rem;\n      color: var(--color-info-text);\n    }\n\n.signin > div,\n  .signin form {\n    display: block;\n  }\n\n.signin > div input[type], .signin form input[type] {\n      margin-bottom: 0.5rem;\n    }\n\n.signin > div button, .signin form button {\n      width: 100%;\n    }\n\n.signin .provider + .provider {\n    margin-top: 1rem;\n  }\n\n.logo {\n  display: inline-block;\n  max-width: 150px;\n  margin: 1.25rem 0;\n  max-height: 70px;\n}\n\n.card {\n  background-color: var(--color-background-card);\n  border-radius: 1rem;\n  padding: 1.25rem 2rem;\n}\n\n.card .header {\n    color: var(--color-primary);\n  }\n\n.card input[type]::-moz-placeholder {\n    color: color-mix(\n      in srgb,\n      var(--color-text) 20%,\n      var(--color-button-active-background)\n    );\n  }\n\n.card input[type]::placeholder {\n    color: color-mix(\n      in srgb,\n      var(--color-text) 20%,\n      var(--color-button-active-background)\n    );\n  }\n\n.card input[type] {\n    background: color-mix(in srgb, var(--color-background-card) 95%, black);\n  }\n\n.section-header {\n  color: var(--color-text);\n}\n\n@media screen and (min-width: 450px) {\n  .card {\n    margin: 2rem 0;\n    width: 368px;\n  }\n}\n\n@media screen and (max-width: 450px) {\n  .card {\n    margin: 1rem 0;\n    width: 343px;\n  }\n}\n";
+export default _default;
+//# sourceMappingURL=styles.d.ts.map

package/lib/pages/styles.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"styles.d.ts","sourceRoot":"","sources":["../../src/lib/pages/styles.ts"],"names":[],"mappings":";AACA,wBA2XC"}