@objectstack/plugin-auth 4.0.3 → 4.0.4

package/dist/index.mjs

@@ -372,7 +372,20 @@ var AuthManager = class {
       // better-auth plugins — registered based on AuthPluginConfig flags
       plugins: this.buildPluginList(),
       // Trusted origins for CSRF protection (supports wildcards like "https://*.example.com")
-      ...this.config.trustedOrigins?.length ? { trustedOrigins: this.config.trustedOrigins } : {},
+      // Auto-includes origins from CORS_ORIGIN env var so CORS and CSRF stay in sync.
+      ...(() => {
+        const origins = [...this.config.trustedOrigins || []];
+        const corsOrigin = process.env.CORS_ORIGIN;
+        if (corsOrigin && corsOrigin !== "*") {
+          corsOrigin.split(",").map((s) => s.trim()).filter(Boolean).forEach((o) => {
+            if (!origins.includes(o)) origins.push(o);
+          });
+        }
+        if (!origins.length && (!corsOrigin || corsOrigin === "*")) {
+          origins.push("http://localhost:*");
+        }
+        return origins.length ? { trustedOrigins: origins } : {};
+      })(),
       // Advanced options (cross-subdomain cookies, secure cookies, CSRF, etc.)
       ...this.config.advanced ? {
         advanced: {
@@ -508,6 +521,59 @@ var AuthManager = class {
   get api() {
     return this.getOrCreateAuth().api;
   }
+  /**
+   * Get public authentication configuration
+   * Returns safe, non-sensitive configuration that can be exposed to the frontend
+   *
+   * This allows the frontend to discover:
+   * - Which social/OAuth providers are available
+   * - Whether email/password login is enabled
+   * - Which advanced features are enabled (2FA, magic links, etc.)
+   */
+  getPublicConfig() {
+    const socialProviders = [];
+    if (this.config.socialProviders) {
+      for (const [id, providerConfig] of Object.entries(this.config.socialProviders)) {
+        if (providerConfig.enabled !== false) {
+          const nameMap = {
+            google: "Google",
+            github: "GitHub",
+            microsoft: "Microsoft",
+            apple: "Apple",
+            facebook: "Facebook",
+            twitter: "Twitter",
+            discord: "Discord",
+            gitlab: "GitLab",
+            linkedin: "LinkedIn"
+          };
+          socialProviders.push({
+            id,
+            name: nameMap[id] || id.charAt(0).toUpperCase() + id.slice(1),
+            enabled: true
+          });
+        }
+      }
+    }
+    const emailPasswordConfig = this.config.emailAndPassword ?? {};
+    const emailPassword = {
+      enabled: emailPasswordConfig.enabled !== false,
+      // Default to true
+      disableSignUp: emailPasswordConfig.disableSignUp ?? false,
+      requireEmailVerification: emailPasswordConfig.requireEmailVerification ?? false
+    };
+    const pluginConfig = this.config.plugins ?? {};
+    const features = {
+      twoFactor: pluginConfig.twoFactor ?? false,
+      passkeys: pluginConfig.passkeys ?? false,
+      magicLink: pluginConfig.magicLink ?? false,
+      organization: pluginConfig.organization ?? false
+    };
+    return {
+      emailPassword,
+      socialProviders,
+      features
+    };
+  }
 };
 
 // src/objects/sys-user.object.ts
@@ -1425,6 +1491,25 @@ var AuthPlugin = class {
       );
     }
     const rawApp = httpServer.getRawApp();
+    rawApp.get(`${basePath}/config`, async (c) => {
+      try {
+        const config = this.authManager.getPublicConfig();
+        return c.json({
+          success: true,
+          data: config
+        });
+      } catch (error) {
+        const err = error instanceof Error ? error : new Error(String(error));
+        ctx.logger.error("Auth config error:", err);
+        return c.json({
+          success: false,
+          error: {
+            code: "auth_config_error",
+            message: err.message
+          }
+        }, 500);
+      }
+    });
     rawApp.all(`${basePath}/*`, async (c) => {
       try {
         const response = await this.authManager.handleRequest(c.req.raw);