@objectstack/plugin-auth 4.0.3 → 4.0.4

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
 
-> @objectstack/plugin-auth@4.0.3 build /home/runner/work/framework/framework/packages/plugins/plugin-auth
+> @objectstack/plugin-auth@4.0.4 build /home/runner/work/framework/framework/packages/plugins/plugin-auth
 > tsup --config ../../../tsup.config.ts
 
 ▲ [WARNING] The condition "types" here will never be used as it comes after both "import" and "require" [package.json]
@@ -47,6 +47,9 @@
          ╵       ~~~~~~~~~
 
 
+CJS dist/index.js     50.99 KB
+CJS dist/index.js.map 104.52 KB
+CJS ⚡️ Build success in 85ms
 [warn] ▲ [WARNING] The condition "types" here will never be used as it comes after both "import" and "require" [package.json]
 
     package.json:13:6:
@@ -66,13 +69,10 @@
          ╵       ~~~~~~~~~
 
 
-CJS dist/index.js     48.18 KB
-CJS dist/index.js.map 99.34 KB
-CJS ⚡️ Build success in 86ms
-ESM dist/index.mjs     44.60 KB
-ESM dist/index.mjs.map 98.83 KB
-ESM ⚡️ Build success in 86ms
+ESM dist/index.mjs     47.42 KB
+ESM dist/index.mjs.map 104.01 KB
+ESM ⚡️ Build success in 95ms
 DTS Build start
-DTS ⚡️ Build success in 5289ms
-DTS dist/index.d.mts 913.41 KB
-DTS dist/index.d.ts  913.41 KB
+DTS ⚡️ Build success in 7023ms
+DTS dist/index.d.mts 914.23 KB
+DTS dist/index.d.ts  914.23 KB

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 4.0.4
+
+### Patch Changes
+
+- Updated dependencies [326b66b]
+  - @objectstack/spec@4.0.4
+  - @objectstack/core@4.0.4
+
 ## 4.0.3
 
 ### Patch Changes

package/dist/index.d.mts

@@ -2286,6 +2286,33 @@ declare class AuthManager {
             data: Record<string, any>;
         } | null>;
     }>>;
+    /**
+     * Get public authentication configuration
+     * Returns safe, non-sensitive configuration that can be exposed to the frontend
+     *
+     * This allows the frontend to discover:
+     * - Which social/OAuth providers are available
+     * - Whether email/password login is enabled
+     * - Which advanced features are enabled (2FA, magic links, etc.)
+     */
+    getPublicConfig(): {
+        emailPassword: {
+            enabled: boolean;
+            disableSignUp: boolean;
+            requireEmailVerification: boolean;
+        };
+        socialProviders: {
+            id: string;
+            name: string;
+            enabled: boolean;
+        }[];
+        features: {
+            twoFactor: boolean;
+            passkeys: boolean;
+            magicLink: boolean;
+            organization: boolean;
+        };
+    };
 }
 
 /**

package/dist/index.d.ts

@@ -2286,6 +2286,33 @@ declare class AuthManager {
             data: Record<string, any>;
         } | null>;
     }>>;
+    /**
+     * Get public authentication configuration
+     * Returns safe, non-sensitive configuration that can be exposed to the frontend
+     *
+     * This allows the frontend to discover:
+     * - Which social/OAuth providers are available
+     * - Whether email/password login is enabled
+     * - Which advanced features are enabled (2FA, magic links, etc.)
+     */
+    getPublicConfig(): {
+        emailPassword: {
+            enabled: boolean;
+            disableSignUp: boolean;
+            requireEmailVerification: boolean;
+        };
+        socialProviders: {
+            id: string;
+            name: string;
+            enabled: boolean;
+        }[];
+        features: {
+            twoFactor: boolean;
+            passkeys: boolean;
+            magicLink: boolean;
+            organization: boolean;
+        };
+    };
 }
 
 /**

package/dist/index.js

@@ -433,7 +433,20 @@ var AuthManager = class {
       // better-auth plugins — registered based on AuthPluginConfig flags
       plugins: this.buildPluginList(),
       // Trusted origins for CSRF protection (supports wildcards like "https://*.example.com")
-      ...this.config.trustedOrigins?.length ? { trustedOrigins: this.config.trustedOrigins } : {},
+      // Auto-includes origins from CORS_ORIGIN env var so CORS and CSRF stay in sync.
+      ...(() => {
+        const origins = [...this.config.trustedOrigins || []];
+        const corsOrigin = process.env.CORS_ORIGIN;
+        if (corsOrigin && corsOrigin !== "*") {
+          corsOrigin.split(",").map((s) => s.trim()).filter(Boolean).forEach((o) => {
+            if (!origins.includes(o)) origins.push(o);
+          });
+        }
+        if (!origins.length && (!corsOrigin || corsOrigin === "*")) {
+          origins.push("http://localhost:*");
+        }
+        return origins.length ? { trustedOrigins: origins } : {};
+      })(),
       // Advanced options (cross-subdomain cookies, secure cookies, CSRF, etc.)
       ...this.config.advanced ? {
         advanced: {
@@ -569,6 +582,59 @@ var AuthManager = class {
   get api() {
     return this.getOrCreateAuth().api;
   }
+  /**
+   * Get public authentication configuration
+   * Returns safe, non-sensitive configuration that can be exposed to the frontend
+   *
+   * This allows the frontend to discover:
+   * - Which social/OAuth providers are available
+   * - Whether email/password login is enabled
+   * - Which advanced features are enabled (2FA, magic links, etc.)
+   */
+  getPublicConfig() {
+    const socialProviders = [];
+    if (this.config.socialProviders) {
+      for (const [id, providerConfig] of Object.entries(this.config.socialProviders)) {
+        if (providerConfig.enabled !== false) {
+          const nameMap = {
+            google: "Google",
+            github: "GitHub",
+            microsoft: "Microsoft",
+            apple: "Apple",
+            facebook: "Facebook",
+            twitter: "Twitter",
+            discord: "Discord",
+            gitlab: "GitLab",
+            linkedin: "LinkedIn"
+          };
+          socialProviders.push({
+            id,
+            name: nameMap[id] || id.charAt(0).toUpperCase() + id.slice(1),
+            enabled: true
+          });
+        }
+      }
+    }
+    const emailPasswordConfig = this.config.emailAndPassword ?? {};
+    const emailPassword = {
+      enabled: emailPasswordConfig.enabled !== false,
+      // Default to true
+      disableSignUp: emailPasswordConfig.disableSignUp ?? false,
+      requireEmailVerification: emailPasswordConfig.requireEmailVerification ?? false
+    };
+    const pluginConfig = this.config.plugins ?? {};
+    const features = {
+      twoFactor: pluginConfig.twoFactor ?? false,
+      passkeys: pluginConfig.passkeys ?? false,
+      magicLink: pluginConfig.magicLink ?? false,
+      organization: pluginConfig.organization ?? false
+    };
+    return {
+      emailPassword,
+      socialProviders,
+      features
+    };
+  }
 };
 
 // src/objects/sys-user.object.ts
@@ -1486,6 +1552,25 @@ var AuthPlugin = class {
       );
     }
     const rawApp = httpServer.getRawApp();
+    rawApp.get(`${basePath}/config`, async (c) => {
+      try {
+        const config = this.authManager.getPublicConfig();
+        return c.json({
+          success: true,
+          data: config
+        });
+      } catch (error) {
+        const err = error instanceof Error ? error : new Error(String(error));
+        ctx.logger.error("Auth config error:", err);
+        return c.json({
+          success: false,
+          error: {
+            code: "auth_config_error",
+            message: err.message
+          }
+        }, 500);
+      }
+    });
     rawApp.all(`${basePath}/*`, async (c) => {
       try {
         const response = await this.authManager.handleRequest(c.req.raw);