npm - @neondatabase/auth - Versions diffs - 0.1.0-beta.14 → 0.1.0-beta.15 - Mend

@neondatabase/auth 0.1.0-beta.14 → 0.1.0-beta.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/{adapter-core-BPv4mLT0.mjs → adapter-core-ChIlSbGg.mjs} +126 -1
package/dist/{adapter-core-9F3bfyWA.d.mts → adapter-core-CtcS7ex8.d.mts} +128 -120
package/dist/{better-auth-react-adapter-BYvAsZdj.d.mts → better-auth-react-adapter-AucJqubr.d.mts} +7 -7
package/dist/{better-auth-react-adapter-BkeuhSFt.mjs → better-auth-react-adapter-C3_WRaIy.mjs} +1 -1
package/dist/index.d.mts +4 -3
package/dist/index.mjs +2 -1
package/dist/{neon-auth-BhLZg9v8.mjs → neon-auth-sSiNq4zM.mjs} +1 -1
package/dist/next/index.d.mts +7 -7
package/dist/next/index.mjs +7 -8
package/dist/react/adapters/index.d.mts +3 -2
package/dist/react/adapters/index.mjs +2 -1
package/dist/react/index.d.mts +3 -2
package/dist/react/index.mjs +2 -1
package/dist/{supabase-adapter-_2wgvfZ3.d.mts → supabase-adapter-Bbn88gZj.d.mts} +261 -261
package/dist/{supabase-adapter-rl2coLdb.mjs → supabase-adapter-DhlcXYb9.mjs} +1 -1
package/dist/types/index.d.mts +3 -7
package/dist/vanilla/adapters/index.d.mts +3 -2
package/dist/vanilla/adapters/index.mjs +2 -1
package/dist/vanilla/index.d.mts +3 -2
package/dist/vanilla/index.mjs +2 -1
package/llms.txt +157 -0
package/package.json +3 -2
/package/dist/{better-auth-types-CE4hLv9E.d.mts → better-auth-types-VqadyqlG.d.mts} +0 -0

package/dist/{adapter-core-BPv4mLT0.mjs → adapter-core-ChIlSbGg.mjs} RENAMED Viewed

@@ -118,6 +118,14 @@ const CLOCK_SKEW_BUFFER_MS = 1e4;
 const DEFAULT_SESSION_EXPIRY_MS = 36e5;
 /** Name of the session verifier parameter in the URL, used for the OAUTH flow */
 const NEON_AUTH_SESSION_VERIFIER_PARAM_NAME = "neon_auth_session_verifier";
+/** Name of the popup marker parameter in the URL, used for OAuth popup flow in iframes */
+const NEON_AUTH_POPUP_PARAM_NAME = "neon_popup";
+/** Name of the original callback URL parameter, used in OAuth popup flow */
+const NEON_AUTH_POPUP_CALLBACK_PARAM_NAME = "neon_popup_callback";
+/** The callback route used for OAuth popup completion (must be in middleware SKIP_ROUTES) */
+const NEON_AUTH_POPUP_CALLBACK_ROUTE = "/auth/callback";
+/** Message type for OAuth popup completion postMessage */
+const OAUTH_POPUP_MESSAGE_TYPE = "neon-auth:oauth-complete";
 //#endregion
 //#region src/utils/jwt.ts
@@ -293,6 +301,59 @@ var AnonymousTokenCacheManager = class {
 	}
 };
+//#endregion
+//#region src/core/oauth-popup.ts
+/**
+* Opens an OAuth popup window and waits for completion.
+*
+* This is used when the app is running inside an iframe, where OAuth
+* redirect flows don't work due to X-Frame-Options/CSP restrictions.
+* The popup completes the OAuth flow and sends a postMessage back
+* with the session verifier needed to fetch the session.
+*
+* @param url - The OAuth authorization URL to open in the popup
+* @returns Promise that resolves with the session verifier when OAuth completes
+* @throws Error if popup is blocked, closed by user, or times out
+*/
+async function openOAuthPopup(url) {
+	const timeout = 12e4;
+	const pollInterval = 500;
+	return new Promise((resolve, reject) => {
+		const popup = globalThis.open(url, "neon_oauth_popup", "width=500,height=700,popup=yes");
+		if (!popup || popup.closed) {
+			reject(/* @__PURE__ */ new Error("Popup blocked. Please allow popups for this site."));
+			return;
+		}
+		const timeoutId = setTimeout(() => {
+			cleanup();
+			try {
+				popup.close();
+			} catch {}
+			reject(/* @__PURE__ */ new Error("OAuth popup timed out. Please try again."));
+		}, timeout);
+		const pollId = setInterval(() => {
+			try {
+				if (popup.closed) {
+					cleanup();
+					reject(/* @__PURE__ */ new Error("OAuth popup was closed. Please try again."));
+				}
+			} catch {}
+		}, pollInterval);
+		function cleanup() {
+			clearTimeout(timeoutId);
+			clearInterval(pollId);
+			globalThis.removeEventListener("message", handleMessage);
+		}
+		function handleMessage(event) {
+			if (event.origin !== globalThis.location.origin) return;
+			if (event.data?.type !== OAUTH_POPUP_MESSAGE_TYPE) return;
+			cleanup();
+			resolve({ verifier: event.data.verifier || null });
+		}
+		globalThis.addEventListener("message", handleMessage);
+	});
+}
 //#endregion
 //#region src/utils/browser.ts
 /**
@@ -302,6 +363,19 @@ var AnonymousTokenCacheManager = class {
 const isBrowser = () => {
 	return globalThis.window !== void 0 && typeof document !== "undefined";
 };
+/**
+* Checks if the code is running inside an iframe
+* Used to detect embedded contexts where OAuth redirect won't work
+* @returns true if in iframe, false otherwise
+*/
+const isIframe = () => {
+	if (!isBrowser()) return false;
+	try {
+		return globalThis.self !== globalThis.top;
+	} catch {
+		return true;
+	}
+};
 //#endregion
 //#region src/plugins/anonymous-token.ts
@@ -341,6 +415,39 @@ const BETTER_AUTH_ENDPOINTS = {
 	anonymousSignIn: "/sign-in/anonymous",
 	anonymousToken: "/token/anonymous"
 };
+/**
+* Handles social sign-in via popup when running inside an iframe.
+* This is necessary because OAuth redirects don't work in iframes due to
+* X-Frame-Options/CSP restrictions from OAuth providers.
+*
+* Flow:
+* 1. Request OAuth URL from server (with disableRedirect)
+* 2. Open popup window with the OAuth URL
+* 3. Wait for popup to complete and send back the session verifier
+* 4. Navigate to callbackURL with verifier - normal page load handles session
+*/
+async function handleSocialSignInViaPopup(input, init) {
+	const body = JSON.parse(init?.body || "{}");
+	const originalCallbackURL = body.callbackURL || "/";
+	const popupCallbackUrl = new URL(NEON_AUTH_POPUP_CALLBACK_ROUTE, globalThis.location.origin);
+	popupCallbackUrl.searchParams.set(NEON_AUTH_POPUP_PARAM_NAME, "1");
+	popupCallbackUrl.searchParams.set(NEON_AUTH_POPUP_CALLBACK_PARAM_NAME, originalCallbackURL);
+	body.callbackURL = popupCallbackUrl.toString();
+	body.disableRedirect = true;
+	const response = await fetch(input, {
+		...init,
+		body: JSON.stringify(body)
+	});
+	const data = await response.json();
+	const oauthUrl = data.url;
+	if (!oauthUrl) throw new Error("Failed to get OAuth URL");
+	const popupResult = await openOAuthPopup(oauthUrl);
+	if (!popupResult.verifier) throw new Error("OAuth completed but no session verifier received");
+	const navigationUrl = new URL(originalCallbackURL, globalThis.location.origin);
+	navigationUrl.searchParams.set(NEON_AUTH_SESSION_VERIFIER_PARAM_NAME, popupResult.verifier);
+	globalThis.location.href = navigationUrl.toString();
+	return Response.json(data, { status: response.status });
+}
 const BETTER_AUTH_METHODS_HOOKS = {
 	signUp: {
 		onRequest: () => {},
@@ -359,6 +466,10 @@ const BETTER_AUTH_METHODS_HOOKS = {
 		}
 	},
 	signIn: {
+		beforeRequest: (input, init) => {
+			if (!(typeof input === "string" ? input : input.toString()).includes("/sign-in/social") || !isIframe()) return null;
+			return handleSocialSignInViaPopup(input, init);
+		},
 		onRequest: () => {},
 		onSuccess: (responseData) => {
 			if (isSessionResponseData(responseData)) {
@@ -513,6 +624,20 @@ function deriveBetterAuthMethodFromUrl(url) {
 	if (url.includes(BETTER_AUTH_ENDPOINTS.getSession) || url.includes(BETTER_AUTH_ENDPOINTS.token)) return "getSession";
 }
 function initBroadcastChannel() {
+	if (isBrowser() && globalThis.opener && globalThis.opener !== globalThis) {
+		const params = new URLSearchParams(globalThis.location.search);
+		if (params.has(NEON_AUTH_POPUP_PARAM_NAME)) {
+			const verifier = params.get(NEON_AUTH_SESSION_VERIFIER_PARAM_NAME);
+			const originalCallback = params.get(NEON_AUTH_POPUP_CALLBACK_PARAM_NAME);
+			globalThis.opener.postMessage({
+				type: OAUTH_POPUP_MESSAGE_TYPE,
+				verifier,
+				originalCallback
+			}, "*");
+			globalThis.close();
+			return;
+		}
+	}
 	getGlobalBroadcastChannel().subscribe((message) => {
 		if (message.clientId === CURRENT_TAB_CLIENT_ID) return;
 		const trigger = message.data?.trigger;
@@ -615,4 +740,4 @@ var NeonAuthAdapterCore = class {
 };
 //#endregion
-export { DEFAULT_SESSION_EXPIRY_MS as a, CURRENT_TAB_CLIENT_ID as i, BETTER_AUTH_METHODS_CACHE as n, BETTER_AUTH_METHODS_HOOKS as r, NeonAuthAdapterCore as t };
+export { DEFAULT_SESSION_EXPIRY_MS as a, CURRENT_TAB_CLIENT_ID as i, BETTER_AUTH_METHODS_CACHE as n, NEON_AUTH_SESSION_VERIFIER_PARAM_NAME as o, BETTER_AUTH_METHODS_HOOKS as r, NeonAuthAdapterCore as t };