@objectstack/plugin-auth 7.0.0 → 7.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +58 -4
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +58 -4
- package/dist/index.mjs.map +1 -1
- package/package.json +4 -4
package/dist/index.js
CHANGED
|
@@ -1092,18 +1092,22 @@ var AuthManager = class {
|
|
|
1092
1092
|
plugins.push(jwt({ schema: buildJwtPluginSchema() }));
|
|
1093
1093
|
const { oauthProvider } = await import("@better-auth/oauth-provider");
|
|
1094
1094
|
const baseUrl = (this.config.baseUrl ?? "").replace(/\/$/, "");
|
|
1095
|
+
const uiBase = (this.config.uiBasePath ?? "/_console").replace(/\/$/, "");
|
|
1095
1096
|
plugins.push(oauthProvider({
|
|
1096
|
-
//
|
|
1097
|
-
|
|
1098
|
-
|
|
1097
|
+
// Console SPA renders both pages (replaces the legacy Account SPA at
|
|
1098
|
+
// /_account). Override `uiBasePath` in AuthConfig if Console is
|
|
1099
|
+
// mounted elsewhere.
|
|
1100
|
+
loginPage: `${baseUrl}${uiBase}/login`,
|
|
1101
|
+
consentPage: `${baseUrl}${uiBase}/oauth/consent`,
|
|
1099
1102
|
schema: buildOauthProviderPluginSchema()
|
|
1100
1103
|
}));
|
|
1101
1104
|
}
|
|
1102
1105
|
if (enabled.deviceAuthorization) {
|
|
1103
1106
|
const { deviceAuthorization } = await import("better-auth/plugins/device-authorization");
|
|
1104
1107
|
const baseUrl = (this.config.baseUrl ?? "").replace(/\/$/, "");
|
|
1108
|
+
const uiBase = (this.config.uiBasePath ?? "/_console").replace(/\/$/, "");
|
|
1105
1109
|
plugins.push(deviceAuthorization({
|
|
1106
|
-
verificationUri: `${baseUrl}/
|
|
1110
|
+
verificationUri: `${baseUrl}${uiBase}/auth/device`,
|
|
1107
1111
|
schema: buildDeviceAuthorizationPluginSchema()
|
|
1108
1112
|
}));
|
|
1109
1113
|
}
|
|
@@ -1696,6 +1700,56 @@ var AuthPlugin = class {
|
|
|
1696
1700
|
return c.json({ success: false, error: { code: "internal", message: err.message } }, 500);
|
|
1697
1701
|
}
|
|
1698
1702
|
});
|
|
1703
|
+
rawApp.post(`${basePath}/sys-oauth-application/register`, async (c) => {
|
|
1704
|
+
try {
|
|
1705
|
+
let body = {};
|
|
1706
|
+
try {
|
|
1707
|
+
body = await c.req.json();
|
|
1708
|
+
} catch {
|
|
1709
|
+
body = {};
|
|
1710
|
+
}
|
|
1711
|
+
const name = body?.name;
|
|
1712
|
+
const redirectUrlsInput = body?.redirectURLs;
|
|
1713
|
+
const type = body?.type;
|
|
1714
|
+
if (typeof name !== "string" || name.trim().length === 0) {
|
|
1715
|
+
return c.json({ success: false, error: { code: "invalid_request", message: "name is required" } }, 400);
|
|
1716
|
+
}
|
|
1717
|
+
if (typeof redirectUrlsInput !== "string" || redirectUrlsInput.trim().length === 0) {
|
|
1718
|
+
return c.json({ success: false, error: { code: "invalid_request", message: "redirectURLs is required" } }, 400);
|
|
1719
|
+
}
|
|
1720
|
+
const redirectUris = redirectUrlsInput.split(/[\r\n]+/).map((line) => line.trim()).filter((line) => line.length > 0);
|
|
1721
|
+
if (redirectUris.length === 0) {
|
|
1722
|
+
return c.json({ success: false, error: { code: "invalid_request", message: "redirectURLs must contain at least one URL" } }, 400);
|
|
1723
|
+
}
|
|
1724
|
+
const allowedTypes = /* @__PURE__ */ new Set(["web", "native", "user-agent-based"]);
|
|
1725
|
+
const safeType = typeof type === "string" && allowedTypes.has(type) ? type : "web";
|
|
1726
|
+
const authApi = await this.authManager.getApi();
|
|
1727
|
+
if (!authApi?.createOAuthClient) {
|
|
1728
|
+
return c.json({ success: false, error: { code: "unavailable", message: "OIDC provider is not enabled on this environment" } }, 503);
|
|
1729
|
+
}
|
|
1730
|
+
let result;
|
|
1731
|
+
try {
|
|
1732
|
+
result = await authApi.createOAuthClient({
|
|
1733
|
+
body: {
|
|
1734
|
+
client_name: name.trim(),
|
|
1735
|
+
redirect_uris: redirectUris,
|
|
1736
|
+
type: safeType
|
|
1737
|
+
},
|
|
1738
|
+
headers: c.req.raw.headers
|
|
1739
|
+
});
|
|
1740
|
+
} catch (err) {
|
|
1741
|
+
const status = typeof err?.status === "number" ? err.status : 500;
|
|
1742
|
+
const code = err?.body?.error ?? "oauth_register_failed";
|
|
1743
|
+
const message = err?.body?.error_description ?? err?.message ?? "Unable to register OAuth client";
|
|
1744
|
+
return c.json({ success: false, error: { code, message } }, status);
|
|
1745
|
+
}
|
|
1746
|
+
return c.json({ success: true, data: { client: result } });
|
|
1747
|
+
} catch (error) {
|
|
1748
|
+
const err = error instanceof Error ? error : new Error(String(error));
|
|
1749
|
+
ctx.logger.error("[AuthPlugin] sys-oauth-application/register failed", err);
|
|
1750
|
+
return c.json({ success: false, error: { code: "internal", message: err.message } }, 500);
|
|
1751
|
+
}
|
|
1752
|
+
});
|
|
1699
1753
|
rawApp.all(`${basePath}/*`, async (c) => {
|
|
1700
1754
|
try {
|
|
1701
1755
|
const response = await this.authManager.handleRequest(c.req.raw);
|