@qlover/oauth-wrapper 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/core.cjs ADDED
@@ -0,0 +1,301 @@
1
+ "use strict";
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
6
+ var __export = (target, all) => {
7
+ for (var name in all)
8
+ __defProp(target, name, { get: all[name], enumerable: true });
9
+ };
10
+ var __copyProps = (to, from, except, desc) => {
11
+ if (from && typeof from === "object" || typeof from === "function") {
12
+ for (let key of __getOwnPropNames(from))
13
+ if (!__hasOwnProp.call(to, key) && key !== except)
14
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
+ }
16
+ return to;
17
+ };
18
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
+
20
+ // src/core/index.ts
21
+ var core_exports = {};
22
+ __export(core_exports, {
23
+ OAuthAuthorizationCodeRowSchema: () => OAuthAuthorizationCodeRowSchema,
24
+ OAuthAuthorizeQuerySchema: () => OAuthAuthorizeQuerySchema,
25
+ OAuthClientCreateResponseSchema: () => OAuthClientCreateResponseSchema,
26
+ OAuthClientCreateSchema: () => OAuthClientCreateSchema,
27
+ OAuthClientDetailSchema: () => OAuthClientDetailSchema,
28
+ OAuthClientListItemSchema: () => OAuthClientListItemSchema,
29
+ OAuthClientRowSchema: () => OAuthClientRowSchema,
30
+ OAuthClientSecretRotateResponseSchema: () => OAuthClientSecretRotateResponseSchema,
31
+ OAuthClientUpdateSchema: () => OAuthClientUpdateSchema,
32
+ OAuthConsentBodySchema: () => OAuthConsentBodySchema,
33
+ OAuthRefreshTokenSchema: () => OAuthRefreshTokenSchema,
34
+ OAuthRfcCodes: () => OAuthRfcCodes,
35
+ OAuthTokenAuthorizationCodeSchema: () => OAuthTokenAuthorizationCodeSchema,
36
+ OAuthTokenErrorResponseSchema: () => OAuthTokenErrorResponseSchema,
37
+ OAuthTokenRefreshSchema: () => OAuthTokenRefreshSchema,
38
+ OAuthTokenRequestSchema: () => OAuthTokenRequestSchema,
39
+ OAuthTokenResponseSchema: () => OAuthTokenResponseSchema,
40
+ OAuthTokenRevokeSchema: () => OAuthTokenRevokeSchema,
41
+ OAuthUserCredentialsSchema: () => OAuthUserCredentialsSchema,
42
+ OAuthUserInfoErrorResponseSchema: () => OAuthUserInfoErrorResponseSchema,
43
+ OAuthUserInfoResponseSchema: () => OAuthUserInfoResponseSchema,
44
+ computePkceS256Challenge: () => computePkceS256Challenge,
45
+ generatePkceVerifier: () => generatePkceVerifier,
46
+ isOAuthRedirectUri: () => isOAuthRedirectUri,
47
+ randomOAuthState: () => randomOAuthState
48
+ });
49
+ module.exports = __toCommonJS(core_exports);
50
+
51
+ // src/core/schema/OAuthAuthorizeSchema.ts
52
+ var import_zod = require("zod");
53
+ function isOAuthRedirectUri(value) {
54
+ const trimmed = value.trim();
55
+ if (!trimmed) {
56
+ return false;
57
+ }
58
+ try {
59
+ const parsed = new URL(trimmed);
60
+ return Boolean(parsed.protocol && parsed.protocol.endsWith(":"));
61
+ } catch {
62
+ return /^[a-zA-Z][a-zA-Z0-9+.-]*:/.test(trimmed);
63
+ }
64
+ }
65
+ var oauthRedirectUriSchema = import_zod.z.string().min(1).refine(isOAuthRedirectUri, { message: "Invalid redirect URI" });
66
+ var OAuthClientRowSchema = import_zod.z.object({
67
+ id: import_zod.z.number(),
68
+ client_id: import_zod.z.string(),
69
+ client_secret_hash: import_zod.z.string().nullable().optional(),
70
+ client_name: import_zod.z.string(),
71
+ client_uri: import_zod.z.string().nullable().optional(),
72
+ logo_uri: import_zod.z.string().nullable().optional(),
73
+ redirect_uris: import_zod.z.array(import_zod.z.string()),
74
+ grant_types: import_zod.z.array(import_zod.z.string()),
75
+ scopes: import_zod.z.array(import_zod.z.string()),
76
+ confidential: import_zod.z.boolean(),
77
+ owner_user_id: import_zod.z.number(),
78
+ created_at: import_zod.z.string(),
79
+ updated_at: import_zod.z.string()
80
+ });
81
+ var OAuthClientListItemSchema = import_zod.z.object({
82
+ client_id: import_zod.z.string(),
83
+ client_name: import_zod.z.string(),
84
+ client_uri: import_zod.z.string().nullable().optional(),
85
+ logo_uri: import_zod.z.string().nullable().optional(),
86
+ redirect_uris: import_zod.z.array(import_zod.z.string()),
87
+ confidential: import_zod.z.boolean(),
88
+ created_at: import_zod.z.string(),
89
+ updated_at: import_zod.z.string()
90
+ });
91
+ var OAuthClientDetailSchema = import_zod.z.object({
92
+ client_id: import_zod.z.string(),
93
+ client_name: import_zod.z.string(),
94
+ client_uri: import_zod.z.string().nullable().optional(),
95
+ logo_uri: import_zod.z.string().nullable().optional(),
96
+ redirect_uris: import_zod.z.array(import_zod.z.string()),
97
+ grant_types: import_zod.z.array(import_zod.z.string()),
98
+ scopes: import_zod.z.array(import_zod.z.string()),
99
+ confidential: import_zod.z.boolean(),
100
+ created_at: import_zod.z.string(),
101
+ updated_at: import_zod.z.string()
102
+ });
103
+ var OAuthClientCreateSchema = import_zod.z.object({
104
+ client_name: import_zod.z.string().min(1).max(100),
105
+ client_uri: import_zod.z.string().url().optional().or(import_zod.z.literal("")),
106
+ redirect_uris: import_zod.z.array(oauthRedirectUriSchema).min(1),
107
+ /** `true` = confidential (client_secret); `false` = public (PKCE required). */
108
+ confidential: import_zod.z.boolean().default(true)
109
+ });
110
+ var OAuthClientUpdateSchema = import_zod.z.object({
111
+ client_name: import_zod.z.string().min(1).max(100),
112
+ client_uri: import_zod.z.string().url().optional().or(import_zod.z.literal("")),
113
+ redirect_uris: import_zod.z.array(oauthRedirectUriSchema).min(1)
114
+ });
115
+ var OAuthClientCreateResponseSchema = import_zod.z.object({
116
+ client_id: import_zod.z.string(),
117
+ client_secret: import_zod.z.string().optional(),
118
+ confidential: import_zod.z.boolean(),
119
+ client_name: import_zod.z.string(),
120
+ client_uri: import_zod.z.string().nullable().optional(),
121
+ redirect_uris: import_zod.z.array(import_zod.z.string()),
122
+ created_at: import_zod.z.string()
123
+ });
124
+ var OAuthClientSecretRotateResponseSchema = import_zod.z.object({
125
+ client_id: import_zod.z.string(),
126
+ client_secret: import_zod.z.string()
127
+ });
128
+ var OAuthAuthorizeQuerySchema = import_zod.z.object({
129
+ response_type: import_zod.z.literal("code"),
130
+ client_id: import_zod.z.string().min(1),
131
+ redirect_uri: oauthRedirectUriSchema,
132
+ scope: import_zod.z.string().optional(),
133
+ state: import_zod.z.string().optional(),
134
+ code_challenge: import_zod.z.string().min(43).max(128).optional(),
135
+ code_challenge_method: import_zod.z.literal("S256").optional()
136
+ });
137
+ var OAuthConsentBodySchema = import_zod.z.object({
138
+ action: import_zod.z.enum(["allow", "deny"]),
139
+ client_id: import_zod.z.string().min(1),
140
+ redirect_uri: oauthRedirectUriSchema,
141
+ scope: import_zod.z.string().optional(),
142
+ state: import_zod.z.string().optional(),
143
+ trust: import_zod.z.boolean().optional(),
144
+ code_challenge: import_zod.z.string().min(43).max(128).optional(),
145
+ code_challenge_method: import_zod.z.literal("S256").optional()
146
+ });
147
+ var OAuthAuthorizationCodeRowSchema = import_zod.z.object({
148
+ code: import_zod.z.string(),
149
+ client_id: import_zod.z.string(),
150
+ user_id: import_zod.z.number(),
151
+ redirect_uri: import_zod.z.string(),
152
+ scope: import_zod.z.string().nullable().optional(),
153
+ code_challenge: import_zod.z.string().nullable().optional(),
154
+ code_challenge_method: import_zod.z.string().nullable().optional(),
155
+ expires_at: import_zod.z.string(),
156
+ used: import_zod.z.boolean(),
157
+ created_at: import_zod.z.string()
158
+ });
159
+
160
+ // src/core/schema/OAuthClientSchema.ts
161
+ var import_zod2 = require("zod");
162
+ var OAuthUserCredentialsSchema = import_zod2.z.object({
163
+ user_id: import_zod2.z.number(),
164
+ provider_refresh_token: import_zod2.z.string().nullable().optional(),
165
+ provider_session_token: import_zod2.z.string().nullable().optional(),
166
+ updated_at: import_zod2.z.string()
167
+ });
168
+ var OAuthRefreshTokenSchema = import_zod2.z.object({
169
+ id: import_zod2.z.number(),
170
+ refresh_token: import_zod2.z.string(),
171
+ client_id: import_zod2.z.string(),
172
+ user_id: import_zod2.z.number(),
173
+ expires_at: import_zod2.z.string(),
174
+ revoked: import_zod2.z.boolean(),
175
+ created_at: import_zod2.z.string()
176
+ });
177
+ var OAuthTokenResponseSchema = import_zod2.z.object({
178
+ access_token: import_zod2.z.string(),
179
+ token_type: import_zod2.z.literal("Bearer"),
180
+ expires_in: import_zod2.z.number(),
181
+ refresh_token: import_zod2.z.string().optional(),
182
+ scope: import_zod2.z.string().optional()
183
+ });
184
+
185
+ // src/core/schema/OAuthUserInfoSchema.ts
186
+ var import_zod3 = require("zod");
187
+ var OAuthUserInfoResponseSchema = import_zod3.z.object({
188
+ sub: import_zod3.z.string(),
189
+ email: import_zod3.z.string().email(),
190
+ name: import_zod3.z.string(),
191
+ roles: import_zod3.z.array(import_zod3.z.string()).optional()
192
+ });
193
+ var OAuthUserInfoErrorResponseSchema = import_zod3.z.object({
194
+ error: import_zod3.z.literal("invalid_token"),
195
+ error_id: import_zod3.z.string().optional()
196
+ });
197
+
198
+ // src/core/schema/OAuthTokenSchema.ts
199
+ var import_zod4 = require("zod");
200
+ var OAuthTokenAuthorizationCodeSchema = import_zod4.z.object({
201
+ grant_type: import_zod4.z.literal("authorization_code"),
202
+ code: import_zod4.z.string().min(1),
203
+ redirect_uri: import_zod4.z.string().min(1),
204
+ client_id: import_zod4.z.string().min(1),
205
+ client_secret: import_zod4.z.string().min(1).optional(),
206
+ code_verifier: import_zod4.z.string().min(43).max(128).optional()
207
+ });
208
+ var OAuthTokenRefreshSchema = import_zod4.z.object({
209
+ grant_type: import_zod4.z.literal("refresh_token"),
210
+ refresh_token: import_zod4.z.string().min(1),
211
+ client_id: import_zod4.z.string().min(1),
212
+ client_secret: import_zod4.z.string().min(1).optional()
213
+ });
214
+ var OAuthTokenRequestSchema = import_zod4.z.discriminatedUnion("grant_type", [
215
+ OAuthTokenAuthorizationCodeSchema,
216
+ OAuthTokenRefreshSchema
217
+ ]);
218
+ var OAuthTokenErrorResponseSchema = import_zod4.z.object({
219
+ error: import_zod4.z.string(),
220
+ error_id: import_zod4.z.string().optional(),
221
+ error_description: import_zod4.z.string().optional()
222
+ });
223
+ var OAuthTokenRevokeSchema = import_zod4.z.object({
224
+ token: import_zod4.z.string().min(1),
225
+ token_type_hint: import_zod4.z.enum(["access_token", "refresh_token"]).optional(),
226
+ client_id: import_zod4.z.string().min(1),
227
+ client_secret: import_zod4.z.string().min(1).optional()
228
+ });
229
+
230
+ // src/core/config.ts
231
+ var OAuthRfcCodes = {
232
+ INVALID_REQUEST: "invalid_request",
233
+ INVALID_CLIENT: "invalid_client",
234
+ INVALID_GRANT: "invalid_grant",
235
+ INVALID_TOKEN: "invalid_token",
236
+ UNAUTHORIZED_CLIENT: "unauthorized_client",
237
+ INVALID_SCOPE: "invalid_scope",
238
+ ACCESS_DENIED: "access_denied",
239
+ UNSUPPORTED_RESPONSE_TYPE: "unsupported_response_type",
240
+ UNSUPPORTED_GRANT_TYPE: "unsupported_grant_type",
241
+ OAUTH_ERROR: "oauth_error"
242
+ };
243
+
244
+ // src/core/utils/pkce.ts
245
+ var PKCE_CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
246
+ function generatePkceVerifier(length = 64) {
247
+ const size = Math.min(128, Math.max(43, length));
248
+ const values = new Uint8Array(size);
249
+ crypto.getRandomValues(values);
250
+ let result = "";
251
+ for (let i = 0; i < size; i++) {
252
+ result += PKCE_CHARSET[values[i] % PKCE_CHARSET.length];
253
+ }
254
+ return result;
255
+ }
256
+ function base64UrlEncode(buffer) {
257
+ const bytes = new Uint8Array(buffer);
258
+ let binary = "";
259
+ for (const byte of bytes) {
260
+ binary += String.fromCharCode(byte);
261
+ }
262
+ return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
263
+ }
264
+ async function computePkceS256Challenge(verifier) {
265
+ const data = new TextEncoder().encode(verifier);
266
+ const digest = await crypto.subtle.digest("SHA-256", data);
267
+ return base64UrlEncode(digest);
268
+ }
269
+ function randomOAuthState() {
270
+ const bytes = new Uint8Array(16);
271
+ crypto.getRandomValues(bytes);
272
+ return Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
273
+ }
274
+ // Annotate the CommonJS export names for ESM import in node:
275
+ 0 && (module.exports = {
276
+ OAuthAuthorizationCodeRowSchema,
277
+ OAuthAuthorizeQuerySchema,
278
+ OAuthClientCreateResponseSchema,
279
+ OAuthClientCreateSchema,
280
+ OAuthClientDetailSchema,
281
+ OAuthClientListItemSchema,
282
+ OAuthClientRowSchema,
283
+ OAuthClientSecretRotateResponseSchema,
284
+ OAuthClientUpdateSchema,
285
+ OAuthConsentBodySchema,
286
+ OAuthRefreshTokenSchema,
287
+ OAuthRfcCodes,
288
+ OAuthTokenAuthorizationCodeSchema,
289
+ OAuthTokenErrorResponseSchema,
290
+ OAuthTokenRefreshSchema,
291
+ OAuthTokenRequestSchema,
292
+ OAuthTokenResponseSchema,
293
+ OAuthTokenRevokeSchema,
294
+ OAuthUserCredentialsSchema,
295
+ OAuthUserInfoErrorResponseSchema,
296
+ OAuthUserInfoResponseSchema,
297
+ computePkceS256Challenge,
298
+ generatePkceVerifier,
299
+ isOAuthRedirectUri,
300
+ randomOAuthState
301
+ });