@rc-tool/unified-auth-hosted-service 0.2.0

package/dist/hosted-service/session.d.ts

@@ -0,0 +1,11 @@
+import type { AuthContext, AuthSession } from "@rc-tool/unified-auth-sdk/service-client";
+import type { HostedAuthSessionContext, HostedAuthSessionRecord, HostedAuthStore } from "./store/index.js";
+import type { HostedAuthServiceOptions, SessionPayload } from "./types.js";
+export declare function createSessionExpiresAt(): string;
+export declare function createSessionPayload(session: HostedAuthSessionRecord): SessionPayload;
+export declare function parseSessionPayload(request: Request, options: HostedAuthServiceOptions): SessionPayload | null;
+export declare function getStoredSession(request: Request, options: HostedAuthServiceOptions, store: HostedAuthStore): Promise<HostedAuthSessionContext | null>;
+export declare function deleteRequestSession(request: Request, options: HostedAuthServiceOptions, store: HostedAuthStore): Promise<void>;
+export declare function toAuthSession(session: HostedAuthSessionRecord): AuthSession;
+export declare function toAuthContext(stored: HostedAuthSessionContext | null): AuthContext;
+//# sourceMappingURL=session.d.ts.map

package/dist/hosted-service/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/hosted-service/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,0CAA0C,CAAC;AAIzF,OAAO,KAAK,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC3G,OAAO,KAAK,EAAE,wBAAwB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE3E,wBAAgB,sBAAsB,WAErC;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,uBAAuB,GAAG,cAAc,CAMrF;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,wBAAwB,yBAWtF;AAED,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,wBAAwB,EACjC,KAAK,EAAE,eAAe,4CAevB;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,wBAAwB,EACjC,KAAK,EAAE,eAAe,iBAOvB;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,uBAAuB,GAAG,WAAW,CAO3E;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,wBAAwB,GAAG,IAAI,GAAG,WAAW,CAKlF"}

package/dist/hosted-service/session.js

@@ -0,0 +1,52 @@
+import { AUTH_SERVICE_SESSION_COOKIE, SESSION_MAX_AGE_SECONDS } from "./constants.js";
+import { getCookie } from "./cookies.js";
+import { parseSignedToken } from "./crypto.js";
+export function createSessionExpiresAt() {
+    return new Date(Date.now() + SESSION_MAX_AGE_SECONDS * 1000).toISOString();
+}
+export function createSessionPayload(session) {
+    return {
+        clientId: session.clientId,
+        exp: Math.floor(Date.parse(session.expiresAt) / 1000),
+        sessionId: session.id,
+    };
+}
+export function parseSessionPayload(request, options) {
+    const payload = parseSignedToken(getCookie(request, options.cookieName ?? AUTH_SERVICE_SESSION_COOKIE), options.sessionSecret);
+    if (!payload || payload.exp < Math.floor(Date.now() / 1000)) {
+        return null;
+    }
+    return payload;
+}
+export async function getStoredSession(request, options, store) {
+    const payload = parseSessionPayload(request, options);
+    if (!payload) {
+        return null;
+    }
+    const stored = await store.getSession(payload.sessionId);
+    if (!stored || stored.session.clientId !== payload.clientId) {
+        return null;
+    }
+    return stored;
+}
+export async function deleteRequestSession(request, options, store) {
+    const payload = parseSessionPayload(request, options);
+    if (payload) {
+        await store.deleteSession(payload.sessionId);
+    }
+}
+export function toAuthSession(session) {
+    return {
+        clientId: session.clientId,
+        expiresAt: session.expiresAt,
+        id: session.id,
+        userId: session.userId,
+    };
+}
+export function toAuthContext(stored) {
+    return {
+        session: stored ? toAuthSession(stored.session) : null,
+        user: stored?.user ?? null,
+    };
+}
+//# sourceMappingURL=session.js.map

package/dist/hosted-service/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/hosted-service/session.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACtF,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAI/C,MAAM,UAAU,sBAAsB;IACpC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,uBAAuB,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;AAC7E,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAgC;IACnE,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC;QACrD,SAAS,EAAE,OAAO,CAAC,EAAE;KACtB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAgB,EAAE,OAAiC;IACrF,MAAM,OAAO,GAAG,gBAAgB,CAC9B,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,IAAI,2BAA2B,CAAC,EACrE,OAAO,CAAC,aAAa,CACtB,CAAC;IAEF,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAgB,EAChB,OAAiC,EACjC,KAAsB;IAEtB,MAAM,OAAO,GAAG,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAEtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEzD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAgB,EAChB,OAAiC,EACjC,KAAsB;IAEtB,MAAM,OAAO,GAAG,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAEtD,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAgC;IAC5D,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,MAAuC;IACnE,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;QACtD,IAAI,EAAE,MAAM,EAAE,IAAI,IAAI,IAAI;KAC3B,CAAC;AACJ,CAAC"}

package/dist/hosted-service/store/file.d.ts

@@ -0,0 +1,6 @@
+import type { HostedAuthStore } from "./types.js";
+export interface CreateFileAuthStoreOptions {
+    filePath: string;
+}
+export declare function createFileAuthStore(options: CreateFileAuthStoreOptions): HostedAuthStore;
+//# sourceMappingURL=file.d.ts.map

package/dist/hosted-service/store/file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/store/file.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAGV,eAAe,EAEhB,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,0BAA0B;IACzC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,0BAA0B,GAAG,eAAe,CAuExF"}

package/dist/hosted-service/store/file.js

@@ -0,0 +1,62 @@
+import { mkdir, readFile, rename, writeFile } from "node:fs/promises";
+import { dirname } from "node:path";
+import { createEmptyStoreState, createSessionInState, deleteSessionInState, getSessionInState, normalizeStoreState, upsertOAuthUserInState, } from "./state.js";
+export function createFileAuthStore(options) {
+    let state = null;
+    let queue = Promise.resolve();
+    async function readState() {
+        if (state) {
+            return state;
+        }
+        try {
+            state = normalizeStoreState(JSON.parse(await readFile(options.filePath, "utf8")));
+        }
+        catch (error) {
+            const code = error instanceof Error && "code" in error ? error.code : undefined;
+            if (code !== "ENOENT") {
+                throw error;
+            }
+            state = createEmptyStoreState();
+        }
+        return state;
+    }
+    async function writeState(nextState) {
+        const temporaryPath = `${options.filePath}.tmp`;
+        await mkdir(dirname(options.filePath), { recursive: true });
+        await writeFile(temporaryPath, `${JSON.stringify(nextState, null, 2)}\n`, "utf8");
+        await rename(temporaryPath, options.filePath);
+    }
+    async function withState(mutates, callback) {
+        const run = async () => {
+            const current = await readState();
+            const result = await callback(current);
+            if (mutates) {
+                await writeState(current);
+            }
+            return result;
+        };
+        if (!mutates) {
+            return queue.then(run);
+        }
+        const next = queue.then(run, run);
+        queue = next.then(() => undefined, () => undefined);
+        return next;
+    }
+    return {
+        createSession(input) {
+            return withState(true, (current) => createSessionInState(current, input));
+        },
+        deleteSession(sessionId) {
+            return withState(true, (current) => {
+                deleteSessionInState(current, sessionId);
+            });
+        },
+        getSession(sessionId) {
+            return withState(false, (current) => getSessionInState(current, sessionId));
+        },
+        upsertOAuthUser(provider, providerUser) {
+            return withState(true, (current) => upsertOAuthUserInState(current, provider, providerUser));
+        },
+    };
+}
+//# sourceMappingURL=file.js.map

package/dist/hosted-service/store/file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file.js","sourceRoot":"","sources":["../../../src/hosted-service/store/file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAYpB,MAAM,UAAU,mBAAmB,CAAC,OAAmC;IACrE,IAAI,KAAK,GAAgC,IAAI,CAAC;IAC9C,IAAI,KAAK,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;IAE9B,KAAK,UAAU,SAAS;QACtB,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;QACpF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,GAAG,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtB,MAAM,KAAK,CAAC;YACd,CAAC;YACD,KAAK,GAAG,qBAAqB,EAAE,CAAC;QAClC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,UAAU,UAAU,CAAC,SAA+B;QACvD,MAAM,aAAa,GAAG,GAAG,OAAO,CAAC,QAAQ,MAAM,CAAC;QAEhD,MAAM,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5D,MAAM,SAAS,CAAC,aAAa,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAClF,MAAM,MAAM,CAAC,aAAa,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,UAAU,SAAS,CACtB,OAAgB,EAChB,QAA2D;QAE3D,MAAM,GAAG,GAAG,KAAK,IAAI,EAAE;YACrB,MAAM,OAAO,GAAG,MAAM,SAAS,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;YAEvC,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAClC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAEpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,aAAa,CAAC,KAAmC;YAC/C,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,oBAAoB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;QAC5E,CAAC;QACD,aAAa,CAAC,SAAiB;YAC7B,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE;gBACjC,oBAAoB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC3C,CAAC,CAAC,CAAC;QACL,CAAC;QACD,UAAU,CAAC,SAAiB;YAC1B,OAAO,SAAS,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,eAAe,CAAC,QAA8B,EAAE,YAAsB;YACpE,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,sBAAsB,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;QAC/F,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/hosted-service/store/index.d.ts

@@ -0,0 +1,6 @@
+export { createFileAuthStore } from "./file.js";
+export type { CreateFileAuthStoreOptions } from "./file.js";
+export { createMemoryAuthStore } from "./memory.js";
+export type { CreateMemoryAuthStoreOptions } from "./memory.js";
+export type { CreateHostedAuthSessionInput, HostedAuthAccountRecord, HostedAuthProviderId, HostedAuthSessionContext, HostedAuthSessionRecord, HostedAuthStore, HostedAuthStoreState, HostedAuthUserRecord, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/hosted-service/store/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/store/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAChD,YAAY,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,YAAY,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAChE,YAAY,EACV,4BAA4B,EAC5B,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,EACvB,eAAe,EACf,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,YAAY,CAAC"}

package/dist/hosted-service/store/index.js

@@ -0,0 +1,3 @@
+export { createFileAuthStore } from "./file.js";
+export { createMemoryAuthStore } from "./memory.js";
+//# sourceMappingURL=index.js.map

package/dist/hosted-service/store/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/hosted-service/store/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAEhD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC"}

package/dist/hosted-service/store/memory.d.ts

@@ -0,0 +1,6 @@
+import type { HostedAuthStore, HostedAuthStoreState } from "./types.js";
+export interface CreateMemoryAuthStoreOptions {
+    state?: Partial<HostedAuthStoreState>;
+}
+export declare function createMemoryAuthStore(options?: CreateMemoryAuthStoreOptions): HostedAuthStore;
+//# sourceMappingURL=memory.d.ts.map

package/dist/hosted-service/store/memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/store/memory.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAGV,eAAe,EACf,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,4BAA4B;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC;CACvC;AAED,wBAAgB,qBAAqB,CAAC,OAAO,GAAE,4BAAiC,GAAG,eAAe,CAiBjG"}

package/dist/hosted-service/store/memory.js

@@ -0,0 +1,19 @@
+import { createEmptyStoreState, createSessionInState, deleteSessionInState, getSessionInState, normalizeStoreState, upsertOAuthUserInState, } from "./state.js";
+export function createMemoryAuthStore(options = {}) {
+    const state = options.state ? normalizeStoreState(options.state) : createEmptyStoreState();
+    return {
+        async createSession(input) {
+            return createSessionInState(state, input);
+        },
+        async deleteSession(sessionId) {
+            deleteSessionInState(state, sessionId);
+        },
+        async getSession(sessionId) {
+            return getSessionInState(state, sessionId);
+        },
+        async upsertOAuthUser(provider, providerUser) {
+            return upsertOAuthUserInState(state, provider, providerUser);
+        },
+    };
+}
+//# sourceMappingURL=memory.js.map

package/dist/hosted-service/store/memory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory.js","sourceRoot":"","sources":["../../../src/hosted-service/store/memory.ts"],"names":[],"mappings":"AACA,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,YAAY,CAAC;AAYpB,MAAM,UAAU,qBAAqB,CAAC,UAAwC,EAAE;IAC9E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,qBAAqB,EAAE,CAAC;IAE3F,OAAO;QACL,KAAK,CAAC,aAAa,CAAC,KAAmC;YACrD,OAAO,oBAAoB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC5C,CAAC;QACD,KAAK,CAAC,aAAa,CAAC,SAAiB;YACnC,oBAAoB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACzC,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,SAAiB;YAChC,OAAO,iBAAiB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAC7C,CAAC;QACD,KAAK,CAAC,eAAe,CAAC,QAA8B,EAAE,YAAsB;YAC1E,OAAO,sBAAsB,CAAC,KAAK,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC/D,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/hosted-service/store/state.d.ts

@@ -0,0 +1,9 @@
+import type { AuthUser } from "@rc-tool/unified-auth-sdk/service-client";
+import type { CreateHostedAuthSessionInput, HostedAuthProviderId, HostedAuthSessionContext, HostedAuthSessionRecord, HostedAuthStoreState } from "./types.js";
+export declare function createEmptyStoreState(): HostedAuthStoreState;
+export declare function normalizeStoreState(value: unknown): HostedAuthStoreState;
+export declare function upsertOAuthUserInState(state: HostedAuthStoreState, provider: HostedAuthProviderId, providerUser: AuthUser): AuthUser;
+export declare function createSessionInState(state: HostedAuthStoreState, input: CreateHostedAuthSessionInput): HostedAuthSessionRecord;
+export declare function getSessionInState(state: HostedAuthStoreState, sessionId: string): HostedAuthSessionContext | null;
+export declare function deleteSessionInState(state: HostedAuthStoreState, sessionId: string): void;
+//# sourceMappingURL=state.d.ts.map

package/dist/hosted-service/store/state.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/store/state.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0CAA0C,CAAC;AACzE,OAAO,KAAK,EACV,4BAA4B,EAE5B,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,EACvB,oBAAoB,EAErB,MAAM,YAAY,CAAC;AAEpB,wBAAgB,qBAAqB,IAAI,oBAAoB,CAM5D;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,oBAAoB,CAQxE;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,oBAAoB,EAC3B,QAAQ,EAAE,oBAAoB,EAC9B,YAAY,EAAE,QAAQ,GACrB,QAAQ,CAUV;AAED,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,oBAAoB,EAC3B,KAAK,EAAE,4BAA4B,GAClC,uBAAuB,CAgBzB;AAED,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,oBAAoB,EAC3B,SAAS,EAAE,MAAM,GAChB,wBAAwB,GAAG,IAAI,CAmBjC;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,oBAAoB,EAAE,SAAS,EAAE,MAAM,QAElF"}

package/dist/hosted-service/store/state.js

@@ -0,0 +1,156 @@
+import { randomBytes } from "node:crypto";
+export function createEmptyStoreState() {
+    return {
+        accounts: [],
+        sessions: [],
+        users: [],
+    };
+}
+export function normalizeStoreState(value) {
+    const state = value && typeof value === "object" ? value : {};
+    return {
+        accounts: Array.isArray(state.accounts) ? state.accounts : [],
+        sessions: Array.isArray(state.sessions) ? state.sessions : [],
+        users: Array.isArray(state.users) ? state.users : [],
+    };
+}
+export function upsertOAuthUserInState(state, provider, providerUser) {
+    const now = new Date().toISOString();
+    const providerAccountId = providerUser.id;
+    const account = findAccount(state, provider, providerAccountId);
+    const user = account ? findOrCreateMissingUser(state, account, providerUser, provider, now) : findOrCreateUser(state, providerUser, provider, now);
+    updateUserProfile(user, providerUser, provider, providerAccountId, now);
+    upsertAccount(state, user, provider, providerUser, now);
+    return toAuthUser(user, provider, providerAccountId, providerUser.metadata);
+}
+export function createSessionInState(state, input) {
+    const now = new Date().toISOString();
+    const session = {
+        clientId: input.clientId,
+        createdAt: now,
+        expiresAt: input.expiresAt,
+        id: `session_${createId()}`,
+        provider: input.provider,
+        providerAccountId: input.providerAccountId,
+        updatedAt: now,
+        userId: input.userId,
+    };
+    state.sessions.push(session);
+    return session;
+}
+export function getSessionInState(state, sessionId) {
+    const session = state.sessions.find((item) => item.id === sessionId);
+    if (!session || Date.parse(session.expiresAt) <= Date.now()) {
+        return null;
+    }
+    const user = state.users.find((item) => item.id === session.userId);
+    if (!user) {
+        return null;
+    }
+    const account = findAccount(state, session.provider, session.providerAccountId);
+    return {
+        session,
+        user: toAuthUser(user, session.provider, session.providerAccountId, account?.metadata),
+    };
+}
+export function deleteSessionInState(state, sessionId) {
+    state.sessions = state.sessions.filter((item) => item.id !== sessionId);
+}
+function findOrCreateUser(state, providerUser, provider, now) {
+    const byEmail = findUserByEmail(state, providerUser.email);
+    if (byEmail) {
+        return byEmail;
+    }
+    const user = {
+        avatarUrl: providerUser.avatarUrl ?? null,
+        createdAt: now,
+        email: providerUser.email ?? null,
+        id: `auth_${createId()}`,
+        metadata: {},
+        name: providerUser.name ?? null,
+        registrationChannel: provider,
+        updatedAt: now,
+    };
+    state.users.push(user);
+    return user;
+}
+function findOrCreateMissingUser(state, account, providerUser, provider, now) {
+    const user = state.users.find((item) => item.id === account.userId);
+    if (user) {
+        return user;
+    }
+    return findOrCreateUser(state, providerUser, provider, now);
+}
+function updateUserProfile(user, providerUser, provider, providerAccountId, now) {
+    user.avatarUrl = providerUser.avatarUrl ?? user.avatarUrl;
+    user.email = providerUser.email ?? user.email;
+    user.metadata = mergeMetadata(user.metadata, providerUser.metadata, {
+        provider,
+        providerUserId: providerAccountId,
+        registrationChannel: user.registrationChannel,
+    });
+    user.name = providerUser.name ?? user.name;
+    user.updatedAt = now;
+}
+function upsertAccount(state, user, provider, providerUser, now) {
+    const existing = findAccount(state, provider, providerUser.id);
+    const metadata = mergeMetadata(providerUser.metadata, {
+        provider,
+        providerUserId: providerUser.id,
+    });
+    if (existing) {
+        existing.email = providerUser.email ?? existing.email;
+        existing.lastLoginAt = now;
+        existing.metadata = metadata;
+        existing.updatedAt = now;
+        existing.userId = user.id;
+        return;
+    }
+    state.accounts.push({
+        createdAt: now,
+        email: providerUser.email ?? null,
+        id: `account_${createId()}`,
+        lastLoginAt: now,
+        metadata,
+        provider,
+        providerAccountId: providerUser.id,
+        updatedAt: now,
+        userId: user.id,
+    });
+}
+function toAuthUser(user, provider, providerAccountId, providerMetadata) {
+    return {
+        avatarUrl: user.avatarUrl,
+        email: user.email,
+        id: user.id,
+        metadata: mergeMetadata(user.metadata, providerMetadata, {
+            provider,
+            providerUserId: providerAccountId,
+            registrationChannel: user.registrationChannel,
+        }),
+        name: user.name,
+    };
+}
+function findAccount(state, provider, providerAccountId) {
+    return state.accounts.find((item) => item.provider === provider && item.providerAccountId === providerAccountId);
+}
+function findUserByEmail(state, email) {
+    const normalized = normalizeEmail(email);
+    if (!normalized) {
+        return undefined;
+    }
+    return state.users.find((item) => normalizeEmail(item.email) === normalized);
+}
+function mergeMetadata(...items) {
+    return items.reduce((result, item) => ({
+        ...result,
+        ...(item ?? {}),
+    }), {});
+}
+function normalizeEmail(email) {
+    return email?.trim().toLowerCase() || undefined;
+}
+function createId() {
+    return randomBytes(12).toString("base64url");
+}
+//# sourceMappingURL=state.js.map

package/dist/hosted-service/store/state.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"state.js","sourceRoot":"","sources":["../../../src/hosted-service/store/state.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAY1C,MAAM,UAAU,qBAAqB;IACnC,OAAO;QACL,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,KAAK,EAAE,EAAE;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAc;IAChD,MAAM,KAAK,GAAG,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAsC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/F,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;QAC7D,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;QAC7D,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;KACrD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,KAA2B,EAC3B,QAA8B,EAC9B,YAAsB;IAEtB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,iBAAiB,GAAG,YAAY,CAAC,EAAE,CAAC;IAC1C,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IAChE,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IAEnJ,iBAAiB,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,CAAC,CAAC;IACxE,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,CAAC,CAAC;IAExD,OAAO,UAAU,CAAC,IAAI,EAAE,QAAQ,EAAE,iBAAiB,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAC;AAC9E,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,KAA2B,EAC3B,KAAmC;IAEnC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,OAAO,GAA4B;QACvC,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,EAAE,EAAE,WAAW,QAAQ,EAAE,EAAE;QAC3B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;QAC1C,SAAS,EAAE,GAAG;QACd,MAAM,EAAE,KAAK,CAAC,MAAM;KACrB,CAAC;IAEF,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAE7B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAA2B,EAC3B,SAAiB;IAEjB,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;IAErE,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAEpE,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAEhF,OAAO;QACL,OAAO;QACP,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,iBAAiB,EAAE,OAAO,EAAE,QAAQ,CAAC;KACvF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,KAA2B,EAAE,SAAiB;IACjF,KAAK,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,gBAAgB,CACvB,KAA2B,EAC3B,YAAsB,EACtB,QAA8B,EAC9B,GAAW;IAEX,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC;IAE3D,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,IAAI,GAAyB;QACjC,SAAS,EAAE,YAAY,CAAC,SAAS,IAAI,IAAI;QACzC,SAAS,EAAE,GAAG;QACd,KAAK,EAAE,YAAY,CAAC,KAAK,IAAI,IAAI;QACjC,EAAE,EAAE,QAAQ,QAAQ,EAAE,EAAE;QACxB,QAAQ,EAAE,EAAE;QACZ,IAAI,EAAE,YAAY,CAAC,IAAI,IAAI,IAAI;QAC/B,mBAAmB,EAAE,QAAQ;QAC7B,SAAS,EAAE,GAAG;KACf,CAAC;IAEF,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEvB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAA2B,EAC3B,OAAgC,EAChC,YAAsB,EACtB,QAA8B,EAC9B,GAAW;IAEX,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAEpE,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,gBAAgB,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,iBAAiB,CACxB,IAA0B,EAC1B,YAAsB,EACtB,QAA8B,EAC9B,iBAAyB,EACzB,GAAW;IAEX,IAAI,CAAC,SAAS,GAAG,YAAY,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC;IAC1D,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC;IAC9C,IAAI,CAAC,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE;QAClE,QAAQ;QACR,cAAc,EAAE,iBAAiB;QACjC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;KAC9C,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC;IAC3C,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CACpB,KAA2B,EAC3B,IAA0B,EAC1B,QAA8B,EAC9B,YAAsB,EACtB,GAAW;IAEX,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,EAAE,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE;QACpD,QAAQ;QACR,cAAc,EAAE,YAAY,CAAC,EAAE;KAChC,CAAC,CAAC;IAEH,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,KAAK,GAAG,YAAY,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,CAAC;QACtD,QAAQ,CAAC,WAAW,GAAG,GAAG,CAAC;QAC3B,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,SAAS,GAAG,GAAG,CAAC;QACzB,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO;IACT,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClB,SAAS,EAAE,GAAG;QACd,KAAK,EAAE,YAAY,CAAC,KAAK,IAAI,IAAI;QACjC,EAAE,EAAE,WAAW,QAAQ,EAAE,EAAE;QAC3B,WAAW,EAAE,GAAG;QAChB,QAAQ;QACR,QAAQ;QACR,iBAAiB,EAAE,YAAY,CAAC,EAAE;QAClC,SAAS,EAAE,GAAG;QACd,MAAM,EAAE,IAAI,CAAC,EAAE;KAChB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CACjB,IAA0B,EAC1B,QAA8B,EAC9B,iBAAyB,EACzB,gBAAqD;IAErD,OAAO;QACL,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,QAAQ,EAAE,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YACvD,QAAQ;YACR,cAAc,EAAE,iBAAiB;YACjC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;SAC9C,CAAC;QACF,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAA2B,EAAE,QAA8B,EAAE,iBAAyB;IACzG,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,IAAI,IAAI,CAAC,iBAAiB,KAAK,iBAAiB,CAAC,CAAC;AACnH,CAAC;AAED,SAAS,eAAe,CAAC,KAA2B,EAAE,KAAgC;IACpF,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEzC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,UAAU,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,aAAa,CAAC,GAAG,KAAiD;IACzE,OAAO,KAAK,CAAC,MAAM,CAA0B,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QAC9D,GAAG,MAAM;QACT,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;KAChB,CAAC,EAAE,EAAE,CAAC,CAAC;AACV,CAAC;AAED,SAAS,cAAc,CAAC,KAAgC;IACtD,OAAO,KAAK,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,SAAS,CAAC;AAClD,CAAC;AAED,SAAS,QAAQ;IACf,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC"}

package/dist/hosted-service/store/types.d.ts

@@ -0,0 +1,56 @@
+import type { AuthUser } from "@rc-tool/unified-auth-sdk/service-client";
+export type HostedAuthProviderId = "dev" | "feishu" | "github" | "google";
+export interface HostedAuthUserRecord {
+    avatarUrl: string | null;
+    createdAt: string;
+    email: string | null;
+    id: string;
+    metadata: Record<string, unknown>;
+    name: string | null;
+    registrationChannel: HostedAuthProviderId;
+    updatedAt: string;
+}
+export interface HostedAuthAccountRecord {
+    createdAt: string;
+    email: string | null;
+    id: string;
+    lastLoginAt: string;
+    metadata: Record<string, unknown>;
+    provider: HostedAuthProviderId;
+    providerAccountId: string;
+    updatedAt: string;
+    userId: string;
+}
+export interface HostedAuthSessionRecord {
+    clientId: string;
+    createdAt: string;
+    expiresAt: string;
+    id: string;
+    provider: HostedAuthProviderId;
+    providerAccountId: string;
+    updatedAt: string;
+    userId: string;
+}
+export interface HostedAuthStoreState {
+    accounts: HostedAuthAccountRecord[];
+    sessions: HostedAuthSessionRecord[];
+    users: HostedAuthUserRecord[];
+}
+export interface HostedAuthSessionContext {
+    session: HostedAuthSessionRecord;
+    user: AuthUser;
+}
+export interface CreateHostedAuthSessionInput {
+    clientId: string;
+    expiresAt: string;
+    provider: HostedAuthProviderId;
+    providerAccountId: string;
+    userId: string;
+}
+export interface HostedAuthStore {
+    createSession(input: CreateHostedAuthSessionInput): Promise<HostedAuthSessionRecord>;
+    deleteSession(sessionId: string): Promise<void>;
+    getSession(sessionId: string): Promise<HostedAuthSessionContext | null>;
+    upsertOAuthUser(provider: HostedAuthProviderId, providerUser: AuthUser): Promise<AuthUser>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/hosted-service/store/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/store/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0CAA0C,CAAC;AAEzE,MAAM,MAAM,oBAAoB,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE1E,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,mBAAmB,EAAE,oBAAoB,CAAC;IAC1C,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,uBAAuB,EAAE,CAAC;IACpC,QAAQ,EAAE,uBAAuB,EAAE,CAAC;IACpC,KAAK,EAAE,oBAAoB,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,uBAAuB,CAAC;IACjC,IAAI,EAAE,QAAQ,CAAC;CAChB;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,aAAa,CAAC,KAAK,EAAE,4BAA4B,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACrF,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAAC;IACxE,eAAe,CAAC,QAAQ,EAAE,oBAAoB,EAAE,YAAY,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC5F"}

package/dist/hosted-service/store/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/hosted-service/store/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/hosted-service/store/types.ts"],"names":[],"mappings":""}

package/dist/hosted-service/types.d.ts

@@ -0,0 +1,48 @@
+import type { HostedAuthStore } from "./store/index.js";
+export interface HostedAuthApplication {
+    allowedRedirectURIs?: string[];
+    clientId: string;
+    name?: string;
+    redirectURI?: string;
+}
+export interface HostedFeishuConfig {
+    appId?: string;
+    appSecret?: string;
+    redirectURI?: string;
+}
+export interface HostedGoogleConfig {
+    clientId?: string;
+    clientSecret?: string;
+    redirectURI?: string;
+    scopes?: string[];
+}
+export interface HostedGitHubConfig {
+    clientId?: string;
+    clientSecret?: string;
+    redirectURI?: string;
+    scopes?: string[];
+}
+export interface HostedAuthServiceOptions {
+    allowDevLogin?: boolean;
+    applications?: HostedAuthApplication[];
+    authBaseURL: string;
+    cookieDomain?: string;
+    cookieName?: string;
+    feishu?: HostedFeishuConfig;
+    github?: HostedGitHubConfig;
+    google?: HostedGoogleConfig;
+    sessionSecret: string;
+    store?: HostedAuthStore;
+}
+export type SessionPayload = {
+    clientId: string;
+    exp: number;
+    sessionId: string;
+};
+export type StatePayload = {
+    clientId: string;
+    exp: number;
+    redirectURI: string;
+    state: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/hosted-service/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/hosted-service/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,MAAM,WAAW,qBAAqB;IACpC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,wBAAwB;IACvC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,YAAY,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAC5B,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAC5B,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,eAAe,CAAC;CACzB;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC"}

package/dist/hosted-service/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/hosted-service/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/hosted-service/types.ts"],"names":[],"mappings":""}

package/dist/hosted-service-cli.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=hosted-service-cli.d.ts.map

package/dist/hosted-service-cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hosted-service-cli.d.ts","sourceRoot":"","sources":["../src/hosted-service-cli.ts"],"names":[],"mappings":""}

package/dist/hosted-service-cli.js

@@ -0,0 +1,89 @@
+import { existsSync, readFileSync } from "node:fs";
+import { resolve } from "node:path";
+import { config as loadEnv, parse as parseEnv } from "dotenv";
+import { createHostedAuthNodeServer } from "./hosted-service-node.js";
+import { createFileAuthStore } from "./index.js";
+const FEISHU_ENV_KEYS = ["FEISHU_APP_ID", "FEISHU_APP_SECRET", "FEISHU_REDIRECT_URI"];
+loadEnv({ path: ".env.local", quiet: true });
+loadEnv({ quiet: true });
+loadLegacyFeishuEnv();
+function readEnv(name, fallback = "") {
+    return process.env[name]?.trim() || fallback;
+}
+const port = Number(readEnv("AUTH_SERVICE_PORT", readEnv("PORT", "3005")));
+const authBaseURL = readEnv("AUTH_SERVICE_URL", `http://localhost:${port}`);
+const clientId = readEnv("AUTH_CLIENT_ID", "ai-pm");
+const redirectURI = readEnv("AUTH_ALLOWED_REDIRECT_URI", "http://localhost:3004/");
+const sessionSecret = readEnv("AUTH_SESSION_SECRET", readEnv("SESSION_SECRET", readEnv("BETTER_AUTH_SECRET", "unified-auth-local-secret")));
+const storeFile = readEnv("AUTH_STORE_FILE", ".auth/unified-auth-store.json");
+const authDatabaseUrl = readEnv("AUTH_DATABASE_URL", readEnv("DATABASE_URL"));
+const storeProvider = readEnv("AUTH_STORE_PROVIDER", authDatabaseUrl ? "prisma" : "file");
+function loadLegacyFeishuEnv() {
+    const envFile = resolve(readEnv("AUTH_FEISHU_ENV_FILE", "../ai-pm/.env.local"));
+    if (!existsSync(envFile)) {
+        return;
+    }
+    const legacyEnv = parseEnv(readFileSync(envFile));
+    for (const key of FEISHU_ENV_KEYS) {
+        // 迁移期允许 SDK Auth Service 读取 AI PM 里的飞书 OAuth 配置，但只补缺失值；
+        // 这样 Google/GitHub、数据库和未来 SDK 自有配置不会被旧项目环境变量意外覆盖。
+        if (!process.env[key] && legacyEnv[key]) {
+            process.env[key] = legacyEnv[key];
+        }
+    }
+}
+async function createAuthStore() {
+    if (storeProvider === "prisma") {
+        const { createPrismaAuthStore } = await importPrismaStore();
+        return createPrismaAuthStore({ databaseUrl: authDatabaseUrl });
+    }
+    if (storeProvider === "file") {
+        return createFileAuthStore({ filePath: storeFile });
+    }
+    throw new Error(`Unsupported AUTH_STORE_PROVIDER: ${storeProvider}`);
+}
+async function importPrismaStore() {
+    const dynamicImport = new Function("specifier", "return import(specifier)");
+    try {
+        return await dynamicImport("@rc-tool/unified-auth-prisma-store");
+    }
+    catch (error) {
+        throw new Error("AUTH_STORE_PROVIDER=prisma requires installing @rc-tool/unified-auth-prisma-store.", { cause: error });
+    }
+}
+const server = createHostedAuthNodeServer({
+    allowDevLogin: readEnv("AUTH_ALLOW_DEV_LOGIN", "true") !== "false",
+    applications: [
+        {
+            allowedRedirectURIs: [redirectURI],
+            clientId,
+            name: readEnv("AUTH_CLIENT_NAME", "AI PM"),
+            redirectURI,
+        },
+    ],
+    authBaseURL,
+    cookieDomain: readEnv("AUTH_COOKIE_DOMAIN") || undefined,
+    feishu: {
+        appId: readEnv("FEISHU_APP_ID") || undefined,
+        appSecret: readEnv("FEISHU_APP_SECRET") || undefined,
+        redirectURI: readEnv("FEISHU_REDIRECT_URI") || undefined,
+    },
+    google: {
+        clientId: readEnv("GOOGLE_CLIENT_ID") || undefined,
+        clientSecret: readEnv("GOOGLE_CLIENT_SECRET") || undefined,
+        redirectURI: readEnv("GOOGLE_REDIRECT_URI") || undefined,
+    },
+    github: {
+        clientId: readEnv("GITHUB_CLIENT_ID") || undefined,
+        clientSecret: readEnv("GITHUB_CLIENT_SECRET") || undefined,
+        redirectURI: readEnv("GITHUB_REDIRECT_URI") || undefined,
+    },
+    sessionSecret,
+    store: await createAuthStore(),
+});
+server.listen(port, () => {
+    console.log(`Unified Auth Service listening on ${authBaseURL}`);
+    console.log(`Configured client ${clientId} -> ${redirectURI}`);
+    console.log(`Auth store: ${storeProvider}`);
+});
+//# sourceMappingURL=hosted-service-cli.js.map

package/dist/hosted-service-cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hosted-service-cli.js","sourceRoot":"","sources":["../src/hosted-service-cli.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,MAAM,IAAI,OAAO,EAAE,KAAK,IAAI,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAGjD,MAAM,eAAe,GAAG,CAAC,eAAe,EAAE,mBAAmB,EAAE,qBAAqB,CAAU,CAAC;AAE/F,OAAO,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7C,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACzB,mBAAmB,EAAE,CAAC;AAEtB,SAAS,OAAO,CAAC,IAAY,EAAE,QAAQ,GAAG,EAAE;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,QAAQ,CAAC;AAC/C,CAAC;AAED,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;AAC3E,MAAM,WAAW,GAAG,OAAO,CAAC,kBAAkB,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;AAC5E,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;AACpD,MAAM,WAAW,GAAG,OAAO,CAAC,2BAA2B,EAAE,wBAAwB,CAAC,CAAC;AACnF,MAAM,aAAa,GAAG,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,oBAAoB,EAAE,2BAA2B,CAAC,CAAC,CAAC,CAAC;AAC5I,MAAM,SAAS,GAAG,OAAO,CAAC,iBAAiB,EAAE,+BAA+B,CAAC,CAAC;AAC9E,MAAM,eAAe,GAAG,OAAO,CAAC,mBAAmB,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;AAC9E,MAAM,aAAa,GAAG,OAAO,CAAC,qBAAqB,EAAE,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1F,SAAS,mBAAmB;IAC1B,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,sBAAsB,EAAE,qBAAqB,CAAC,CAAC,CAAC;IAEhF,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;IAElD,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAClC,wDAAwD;QACxD,kDAAkD;QAClD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe;IAC5B,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,iBAAiB,EAAE,CAAC;QAE5D,OAAO,qBAAqB,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,aAAa,KAAK,MAAM,EAAE,CAAC;QAC7B,OAAO,mBAAmB,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,oCAAoC,aAAa,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,KAAK,UAAU,iBAAiB;IAC9B,MAAM,aAAa,GAAG,IAAI,QAAQ,CAAC,WAAW,EAAE,0BAA0B,CAEqB,CAAC;IAEhG,IAAI,CAAC;QACH,OAAO,MAAM,aAAa,CAAC,oCAAoC,CAAC,CAAC;IACnE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,oFAAoF,EACpF,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,MAAM,GAAG,0BAA0B,CAAC;IACxC,aAAa,EAAE,OAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,KAAK,OAAO;IAClE,YAAY,EAAE;QACZ;YACE,mBAAmB,EAAE,CAAC,WAAW,CAAC;YAClC,QAAQ;YACR,IAAI,EAAE,OAAO,CAAC,kBAAkB,EAAE,OAAO,CAAC;YAC1C,WAAW;SACZ;KACF;IACD,WAAW;IACX,YAAY,EAAE,OAAO,CAAC,oBAAoB,CAAC,IAAI,SAAS;IACxD,MAAM,EAAE;QACN,KAAK,EAAE,OAAO,CAAC,eAAe,CAAC,IAAI,SAAS;QAC5C,SAAS,EAAE,OAAO,CAAC,mBAAmB,CAAC,IAAI,SAAS;QACpD,WAAW,EAAE,OAAO,CAAC,qBAAqB,CAAC,IAAI,SAAS;KACzD;IACD,MAAM,EAAE;QACN,QAAQ,EAAE,OAAO,CAAC,kBAAkB,CAAC,IAAI,SAAS;QAClD,YAAY,EAAE,OAAO,CAAC,sBAAsB,CAAC,IAAI,SAAS;QAC1D,WAAW,EAAE,OAAO,CAAC,qBAAqB,CAAC,IAAI,SAAS;KACzD;IACD,MAAM,EAAE;QACN,QAAQ,EAAE,OAAO,CAAC,kBAAkB,CAAC,IAAI,SAAS;QAClD,YAAY,EAAE,OAAO,CAAC,sBAAsB,CAAC,IAAI,SAAS;QAC1D,WAAW,EAAE,OAAO,CAAC,qBAAqB,CAAC,IAAI,SAAS;KACzD;IACD,aAAa;IACb,KAAK,EAAE,MAAM,eAAe,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;IACvB,OAAO,CAAC,GAAG,CAAC,qCAAqC,WAAW,EAAE,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,qBAAqB,QAAQ,OAAO,WAAW,EAAE,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,eAAe,aAAa,EAAE,CAAC,CAAC;AAC9C,CAAC,CAAC,CAAC"}