@objectstack/plugin-auth 7.0.0 → 7.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +58 -4
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +58 -4
- package/dist/index.mjs.map +1 -1
- package/package.json +4 -4
package/dist/index.mjs
CHANGED
|
@@ -1028,18 +1028,22 @@ var AuthManager = class {
|
|
|
1028
1028
|
plugins.push(jwt({ schema: buildJwtPluginSchema() }));
|
|
1029
1029
|
const { oauthProvider } = await import("@better-auth/oauth-provider");
|
|
1030
1030
|
const baseUrl = (this.config.baseUrl ?? "").replace(/\/$/, "");
|
|
1031
|
+
const uiBase = (this.config.uiBasePath ?? "/_console").replace(/\/$/, "");
|
|
1031
1032
|
plugins.push(oauthProvider({
|
|
1032
|
-
//
|
|
1033
|
-
|
|
1034
|
-
|
|
1033
|
+
// Console SPA renders both pages (replaces the legacy Account SPA at
|
|
1034
|
+
// /_account). Override `uiBasePath` in AuthConfig if Console is
|
|
1035
|
+
// mounted elsewhere.
|
|
1036
|
+
loginPage: `${baseUrl}${uiBase}/login`,
|
|
1037
|
+
consentPage: `${baseUrl}${uiBase}/oauth/consent`,
|
|
1035
1038
|
schema: buildOauthProviderPluginSchema()
|
|
1036
1039
|
}));
|
|
1037
1040
|
}
|
|
1038
1041
|
if (enabled.deviceAuthorization) {
|
|
1039
1042
|
const { deviceAuthorization } = await import("better-auth/plugins/device-authorization");
|
|
1040
1043
|
const baseUrl = (this.config.baseUrl ?? "").replace(/\/$/, "");
|
|
1044
|
+
const uiBase = (this.config.uiBasePath ?? "/_console").replace(/\/$/, "");
|
|
1041
1045
|
plugins.push(deviceAuthorization({
|
|
1042
|
-
verificationUri: `${baseUrl}/
|
|
1046
|
+
verificationUri: `${baseUrl}${uiBase}/auth/device`,
|
|
1043
1047
|
schema: buildDeviceAuthorizationPluginSchema()
|
|
1044
1048
|
}));
|
|
1045
1049
|
}
|
|
@@ -1651,6 +1655,56 @@ var AuthPlugin = class {
|
|
|
1651
1655
|
return c.json({ success: false, error: { code: "internal", message: err.message } }, 500);
|
|
1652
1656
|
}
|
|
1653
1657
|
});
|
|
1658
|
+
rawApp.post(`${basePath}/sys-oauth-application/register`, async (c) => {
|
|
1659
|
+
try {
|
|
1660
|
+
let body = {};
|
|
1661
|
+
try {
|
|
1662
|
+
body = await c.req.json();
|
|
1663
|
+
} catch {
|
|
1664
|
+
body = {};
|
|
1665
|
+
}
|
|
1666
|
+
const name = body?.name;
|
|
1667
|
+
const redirectUrlsInput = body?.redirectURLs;
|
|
1668
|
+
const type = body?.type;
|
|
1669
|
+
if (typeof name !== "string" || name.trim().length === 0) {
|
|
1670
|
+
return c.json({ success: false, error: { code: "invalid_request", message: "name is required" } }, 400);
|
|
1671
|
+
}
|
|
1672
|
+
if (typeof redirectUrlsInput !== "string" || redirectUrlsInput.trim().length === 0) {
|
|
1673
|
+
return c.json({ success: false, error: { code: "invalid_request", message: "redirectURLs is required" } }, 400);
|
|
1674
|
+
}
|
|
1675
|
+
const redirectUris = redirectUrlsInput.split(/[\r\n]+/).map((line) => line.trim()).filter((line) => line.length > 0);
|
|
1676
|
+
if (redirectUris.length === 0) {
|
|
1677
|
+
return c.json({ success: false, error: { code: "invalid_request", message: "redirectURLs must contain at least one URL" } }, 400);
|
|
1678
|
+
}
|
|
1679
|
+
const allowedTypes = /* @__PURE__ */ new Set(["web", "native", "user-agent-based"]);
|
|
1680
|
+
const safeType = typeof type === "string" && allowedTypes.has(type) ? type : "web";
|
|
1681
|
+
const authApi = await this.authManager.getApi();
|
|
1682
|
+
if (!authApi?.createOAuthClient) {
|
|
1683
|
+
return c.json({ success: false, error: { code: "unavailable", message: "OIDC provider is not enabled on this environment" } }, 503);
|
|
1684
|
+
}
|
|
1685
|
+
let result;
|
|
1686
|
+
try {
|
|
1687
|
+
result = await authApi.createOAuthClient({
|
|
1688
|
+
body: {
|
|
1689
|
+
client_name: name.trim(),
|
|
1690
|
+
redirect_uris: redirectUris,
|
|
1691
|
+
type: safeType
|
|
1692
|
+
},
|
|
1693
|
+
headers: c.req.raw.headers
|
|
1694
|
+
});
|
|
1695
|
+
} catch (err) {
|
|
1696
|
+
const status = typeof err?.status === "number" ? err.status : 500;
|
|
1697
|
+
const code = err?.body?.error ?? "oauth_register_failed";
|
|
1698
|
+
const message = err?.body?.error_description ?? err?.message ?? "Unable to register OAuth client";
|
|
1699
|
+
return c.json({ success: false, error: { code, message } }, status);
|
|
1700
|
+
}
|
|
1701
|
+
return c.json({ success: true, data: { client: result } });
|
|
1702
|
+
} catch (error) {
|
|
1703
|
+
const err = error instanceof Error ? error : new Error(String(error));
|
|
1704
|
+
ctx.logger.error("[AuthPlugin] sys-oauth-application/register failed", err);
|
|
1705
|
+
return c.json({ success: false, error: { code: "internal", message: err.message } }, 500);
|
|
1706
|
+
}
|
|
1707
|
+
});
|
|
1654
1708
|
rawApp.all(`${basePath}/*`, async (c) => {
|
|
1655
1709
|
try {
|
|
1656
1710
|
const response = await this.authManager.handleRequest(c.req.raw);
|