@rttnd/gau 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -0
- package/dist/adapters/drizzle/index.d.ts +7 -0
- package/dist/adapters/drizzle/index.d.ts.map +1 -0
- package/dist/adapters/drizzle/index.js +2 -0
- package/dist/adapters/drizzle/index.js.map +1 -0
- package/dist/adapters/drizzle/mysql.d.ts +3 -0
- package/dist/adapters/drizzle/mysql.d.ts.map +1 -0
- package/dist/adapters/drizzle/pg.d.ts +3 -0
- package/dist/adapters/drizzle/pg.d.ts.map +1 -0
- package/dist/adapters/drizzle/sqlite.d.ts +24 -0
- package/dist/adapters/drizzle/sqlite.d.ts.map +1 -0
- package/dist/adapters/index.d.ts +3 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js +2 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/memory/index.d.ts +3 -0
- package/dist/adapters/memory/index.d.ts.map +1 -0
- package/dist/adapters/memory/index.js +2 -0
- package/dist/adapters/memory/index.js.map +1 -0
- package/dist/chunk-5A3NMHJO.js +2 -0
- package/dist/chunk-5A3NMHJO.js.map +1 -0
- package/dist/chunk-FSWBBCPG.js +2 -0
- package/dist/chunk-FSWBBCPG.js.map +1 -0
- package/dist/chunk-LWBWVQD2.js +2 -0
- package/dist/chunk-LWBWVQD2.js.map +1 -0
- package/dist/chunk-M6DEZIND.js +50 -0
- package/dist/chunk-M6DEZIND.js.map +1 -0
- package/dist/chunk-VMLU27AI.js +2 -0
- package/dist/chunk-VMLU27AI.js.map +1 -0
- package/dist/chunk-XKNIVWN6.js +2 -0
- package/dist/chunk-XKNIVWN6.js.map +1 -0
- package/dist/cli/index.d.ts +2 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +4 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/client/solid/index.d.ts +17 -0
- package/dist/client/solid/index.d.ts.map +1 -0
- package/dist/client/solid/index.js +2 -0
- package/dist/client/solid/index.js.map +1 -0
- package/dist/client/svelte/index.svelte.d.ts +13 -0
- package/dist/client/svelte/index.svelte.d.ts.map +1 -0
- package/dist/client/svelte/index.svelte.js +2 -0
- package/dist/client/svelte/index.svelte.js.map +1 -0
- package/dist/core/cookies.d.ts +20 -0
- package/dist/core/cookies.d.ts.map +1 -0
- package/dist/core/createAuth.d.ts +54 -0
- package/dist/core/createAuth.d.ts.map +1 -0
- package/dist/core/handler.d.ts +4 -0
- package/dist/core/handler.d.ts.map +1 -0
- package/dist/core/index.d.ts +64 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +2 -0
- package/dist/core/index.js.map +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -0
- package/dist/jwt/index.d.ts +2 -0
- package/dist/jwt/index.d.ts.map +1 -0
- package/dist/jwt/index.js +2 -0
- package/dist/jwt/index.js.map +1 -0
- package/dist/jwt/jwt.d.ts +48 -0
- package/dist/jwt/jwt.d.ts.map +1 -0
- package/dist/jwt/utils.d.ts +10 -0
- package/dist/jwt/utils.d.ts.map +1 -0
- package/dist/oauth/index.d.ts +31 -0
- package/dist/oauth/index.d.ts.map +1 -0
- package/dist/oauth/index.js +2 -0
- package/dist/oauth/index.js.map +1 -0
- package/dist/oauth/providers/github.d.ts +3 -0
- package/dist/oauth/providers/github.d.ts.map +1 -0
- package/dist/oauth/providers/google.d.ts +3 -0
- package/dist/oauth/providers/google.d.ts.map +1 -0
- package/dist/oauth/providers/microsoft.d.ts +7 -0
- package/dist/oauth/providers/microsoft.d.ts.map +1 -0
- package/dist/oauth/utils.d.ts +5 -0
- package/dist/oauth/utils.d.ts.map +1 -0
- package/dist/runtimes/bun/index.d.ts +3 -0
- package/dist/runtimes/bun/index.d.ts.map +1 -0
- package/dist/runtimes/bun/index.js +2 -0
- package/dist/runtimes/bun/index.js.map +1 -0
- package/dist/runtimes/cloudflare/index.d.ts +7 -0
- package/dist/runtimes/cloudflare/index.d.ts.map +1 -0
- package/dist/runtimes/cloudflare/index.js +2 -0
- package/dist/runtimes/cloudflare/index.js.map +1 -0
- package/dist/runtimes/index.d.ts +4 -0
- package/dist/runtimes/index.d.ts.map +1 -0
- package/dist/runtimes/index.js +2 -0
- package/dist/runtimes/index.js.map +1 -0
- package/dist/runtimes/tauri/index.d.ts +8 -0
- package/dist/runtimes/tauri/index.d.ts.map +1 -0
- package/dist/runtimes/tauri/index.js +2 -0
- package/dist/runtimes/tauri/index.js.map +1 -0
- package/dist/solidstart/index.d.ts +22 -0
- package/dist/solidstart/index.d.ts.map +1 -0
- package/dist/solidstart/index.js +2 -0
- package/dist/solidstart/index.js.map +1 -0
- package/dist/sveltekit/index.d.ts +24 -0
- package/dist/sveltekit/index.d.ts.map +1 -0
- package/dist/sveltekit/index.js +2 -0
- package/dist/sveltekit/index.js.map +1 -0
- package/package.json +126 -0
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import type { SerializeOptions } from 'cookie';
|
|
2
|
+
import type { SignOptions, VerifyOptions } from '../jwt';
|
|
3
|
+
import type { OAuthProvider } from '../oauth';
|
|
4
|
+
import type { Adapter, User } from './index';
|
|
5
|
+
export interface CreateAuthOptions {
|
|
6
|
+
/** The database adapter to use for storing users and accounts. */
|
|
7
|
+
adapter: Adapter;
|
|
8
|
+
/** Array of OAuth providers to support. */
|
|
9
|
+
providers: OAuthProvider[];
|
|
10
|
+
/** Base path for authentication routes (defaults to '/api/auth'). */
|
|
11
|
+
basePath?: string;
|
|
12
|
+
/** Configuration for JWT signing and verification. */
|
|
13
|
+
jwt?: {
|
|
14
|
+
/** Signing algorithm: 'ES256' (default) or 'HS256'. */
|
|
15
|
+
algorithm?: 'ES256' | 'HS256';
|
|
16
|
+
/** Secret for HS256 or base64url-encoded private key for ES256 (overrides AUTH_SECRET). */
|
|
17
|
+
secret?: string;
|
|
18
|
+
/** Issuer claim (iss) for JWTs. */
|
|
19
|
+
iss?: string;
|
|
20
|
+
/** Audience claim (aud) for JWTs. */
|
|
21
|
+
aud?: string;
|
|
22
|
+
/** Default time-to-live in seconds for JWTs (defaults to 1 day). */
|
|
23
|
+
ttl?: number;
|
|
24
|
+
};
|
|
25
|
+
/** Custom options for session cookies. */
|
|
26
|
+
cookies?: Partial<SerializeOptions>;
|
|
27
|
+
/** Trusted hosts for CSRF protection: 'all' or array of hostnames (defaults to []). */
|
|
28
|
+
trustHosts?: 'all' | string[];
|
|
29
|
+
/** Account linking behavior: 'verifiedEmail' (default), 'always', or false. */
|
|
30
|
+
autoLink?: 'verifiedEmail' | 'always' | false;
|
|
31
|
+
}
|
|
32
|
+
export type Auth = Adapter & {
|
|
33
|
+
providerMap: Map<string, OAuthProvider>;
|
|
34
|
+
basePath: string;
|
|
35
|
+
cookieOptions: SerializeOptions;
|
|
36
|
+
jwt: {
|
|
37
|
+
ttl: number;
|
|
38
|
+
};
|
|
39
|
+
signJWT: <T extends Record<string, unknown>>(payload: T, customOptions?: Partial<SignOptions>) => Promise<string>;
|
|
40
|
+
verifyJWT: <T = Record<string, unknown>>(token: string, customOptions?: Partial<VerifyOptions>) => Promise<T | null>;
|
|
41
|
+
createSession: (userId: string, data?: Record<string, unknown>, ttl?: number) => Promise<string>;
|
|
42
|
+
validateSession: (token: string) => Promise<{
|
|
43
|
+
user: User | null;
|
|
44
|
+
session: {
|
|
45
|
+
id: string;
|
|
46
|
+
sub: string;
|
|
47
|
+
[key: string]: any;
|
|
48
|
+
} | null;
|
|
49
|
+
}>;
|
|
50
|
+
trustHosts: 'all' | string[];
|
|
51
|
+
autoLink: 'verifiedEmail' | 'always' | false;
|
|
52
|
+
};
|
|
53
|
+
export declare function createAuth(options: CreateAuthOptions): Auth;
|
|
54
|
+
//# sourceMappingURL=createAuth.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"createAuth.d.ts","sourceRoot":"","sources":["../../core/createAuth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAA;AAC9C,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AACxD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AAK5C,MAAM,WAAW,iBAAiB;IAChC,kEAAkE;IAClE,OAAO,EAAE,OAAO,CAAA;IAChB,2CAA2C;IAC3C,SAAS,EAAE,aAAa,EAAE,CAAA;IAC1B,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,sDAAsD;IACtD,GAAG,CAAC,EAAE;QACJ,uDAAuD;QACvD,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAA;QAC7B,2FAA2F;QAC3F,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,mCAAmC;QACnC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,qCAAqC;QACrC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,oEAAoE;QACpE,GAAG,CAAC,EAAE,MAAM,CAAA;KACb,CAAA;IACD,0CAA0C;IAC1C,OAAO,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACnC,uFAAuF;IACvF,UAAU,CAAC,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC7B,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;CAC9C;AAED,MAAM,MAAM,IAAI,GAAG,OAAO,GAAG;IAC3B,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IACvC,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,gBAAgB,CAAA;IAC/B,GAAG,EAAE;QACH,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;IACD,OAAO,EAAE,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IACjH,SAAS,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,KAAK,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAA;IACpH,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IAChG,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;QAC1C,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;QACjB,OAAO,EAAE;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAC;YAAC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;SAAE,GAAG,IAAI,CAAA;KAChE,CAAC,CAAA;IACF,UAAU,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC5B,QAAQ,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;CAC7C,CAAA;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI,CA2E3D"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../core/handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AA4UxD,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CA2EzF"}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
export interface RequestLike {
|
|
2
|
+
/** Absolute or relative URL */
|
|
3
|
+
readonly url: string;
|
|
4
|
+
/** Upper-case HTTP method (e.g. `GET`) */
|
|
5
|
+
readonly method: string;
|
|
6
|
+
/** All HTTP headers – mutable so adapters can append */
|
|
7
|
+
readonly headers: Headers;
|
|
8
|
+
/** Lazily parse the body as JSON */
|
|
9
|
+
json: <T = unknown>() => Promise<T>;
|
|
10
|
+
/** Raw text body */
|
|
11
|
+
text: () => Promise<string>;
|
|
12
|
+
/** FormData helper (for `application/x-www-form-urlencoded` or `multipart/form-data`) */
|
|
13
|
+
formData: () => Promise<FormData>;
|
|
14
|
+
}
|
|
15
|
+
export interface ResponseLike {
|
|
16
|
+
readonly status: number;
|
|
17
|
+
readonly headers: Headers;
|
|
18
|
+
readonly body?: BodyInit | null;
|
|
19
|
+
}
|
|
20
|
+
export interface User {
|
|
21
|
+
id: string;
|
|
22
|
+
name?: string | null;
|
|
23
|
+
email?: string | null;
|
|
24
|
+
emailVerified?: boolean | null;
|
|
25
|
+
image?: string | null;
|
|
26
|
+
}
|
|
27
|
+
export interface NewUser extends Omit<User, 'id'> {
|
|
28
|
+
id?: string;
|
|
29
|
+
}
|
|
30
|
+
export interface Account {
|
|
31
|
+
userId: string;
|
|
32
|
+
provider: string;
|
|
33
|
+
providerAccountId: string;
|
|
34
|
+
type?: string; // e.g. "oauth"
|
|
35
|
+
accessToken?: string | null;
|
|
36
|
+
refreshToken?: string | null;
|
|
37
|
+
expiresAt?: number | null; // epoch seconds
|
|
38
|
+
idToken?: string | null;
|
|
39
|
+
scope?: string | null;
|
|
40
|
+
tokenType?: string | null;
|
|
41
|
+
sessionState?: string | null;
|
|
42
|
+
}
|
|
43
|
+
export interface NewAccount extends Account {
|
|
44
|
+
}
|
|
45
|
+
export interface Adapter {
|
|
46
|
+
getUser: (id: string) => Promise<User | null>;
|
|
47
|
+
getUserByEmail: (email: string) => Promise<User | null>;
|
|
48
|
+
getUserByAccount: (provider: string, providerAccountId: string) => Promise<User | null>;
|
|
49
|
+
createUser: (data: NewUser) => Promise<User>;
|
|
50
|
+
linkAccount: (data: NewAccount) => Promise<void>;
|
|
51
|
+
updateUser: (data: Partial<User> & {
|
|
52
|
+
id: string;
|
|
53
|
+
}) => Promise<User>;
|
|
54
|
+
}
|
|
55
|
+
export declare class AuthError extends Error {
|
|
56
|
+
readonly cause?: unknown;
|
|
57
|
+
constructor(message: string, cause?: unknown);
|
|
58
|
+
}
|
|
59
|
+
export declare function json<T>(data: T, init?: ResponseInit): Response;
|
|
60
|
+
export declare function redirect(url: string, status?: 302 | 303): Response;
|
|
61
|
+
export * from './cookies';
|
|
62
|
+
export * from './createAuth';
|
|
63
|
+
export * from './handler';
|
|
64
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,0CAA0C;IAC1C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,0DAAwD;IACxD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,oCAAoC;IACpC,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,OAAO,OAAO,CAAC,CAAC,CAAC,CAAA;IACnC,oBAAoB;IACpB,IAAI,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAA;IAC3B,yFAAyF;IACzF,QAAQ,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAA;CAClC;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,GAAG,IAAI,CAAA;CAChC;AAED,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACtB;AAED,MAAM,WAAW,OAAQ,SAAQ,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;IAC/C,EAAE,CAAC,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA,CAAC,eAAe;IAC7B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA,CAAC,gBAAgB;IAC1C,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,UAAW,SAAQ,OAAO;CAAG;AAE9C,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IAC7C,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvD,gBAAgB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvF,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5C,WAAW,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CACpE;AAED,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAA;IACjC,YAAY,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAI3C;CACF;AAED,wBAAgB,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB,GAAG,QAAQ,CAKlE;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,GAAG,GAAG,GAAS,GAAG,QAAQ,CAOvE;AAED,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,WAAW,CAAA"}
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
import{a,b,c,d,e,f,g,h,k as i,l as j,m as k,n as l,o as m}from"../chunk-M6DEZIND.js";export{k as AuthError,g as CALLBACK_URI_COOKIE_NAME,d as CSRF_COOKIE_NAME,h as CSRF_MAX_AGE,c as Cookies,a as DEFAULT_COOKIE_SERIALIZE_OPTIONS,f as PKCE_COOKIE_NAME,e as SESSION_COOKIE_NAME,i as createAuth,j as createHandler,l as json,b as parseCookies,m as redirect};
|
|
2
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAA"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
import{a as o,b as r,c as e,d as f,e as m,f as p,g as t,h as x,k as a,l as b,m as c,n as d,o as g}from"./chunk-M6DEZIND.js";export{c as AuthError,t as CALLBACK_URI_COOKIE_NAME,f as CSRF_COOKIE_NAME,x as CSRF_MAX_AGE,e as Cookies,o as DEFAULT_COOKIE_SERIALIZE_OPTIONS,p as PKCE_COOKIE_NAME,m as SESSION_COOKIE_NAME,a as createAuth,b as createHandler,d as json,r as parseCookies,g as redirect};
|
|
2
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
export type SupportedAlgorithm = 'ES256' | 'HS256';
|
|
2
|
+
interface CommonSignOptions {
|
|
3
|
+
/** Time-to-live in seconds (exp claim). If omitted the token will not expire. */
|
|
4
|
+
ttl?: number;
|
|
5
|
+
}
|
|
6
|
+
export type SignOptions = ({
|
|
7
|
+
algorithm?: 'ES256';
|
|
8
|
+
privateKey?: CryptoKey;
|
|
9
|
+
secret?: string;
|
|
10
|
+
} & CommonSignOptions & {
|
|
11
|
+
iss?: string;
|
|
12
|
+
aud?: string | string[];
|
|
13
|
+
sub?: string;
|
|
14
|
+
}) | ({
|
|
15
|
+
algorithm: 'HS256';
|
|
16
|
+
secret?: string | Uint8Array;
|
|
17
|
+
privateKey?: never;
|
|
18
|
+
} & CommonSignOptions & {
|
|
19
|
+
iss?: string;
|
|
20
|
+
aud?: string | string[];
|
|
21
|
+
sub?: string;
|
|
22
|
+
});
|
|
23
|
+
/**
|
|
24
|
+
* Create a signed JWT.
|
|
25
|
+
* Defaults to ES256 when a privateKey is supplied. Falls back to HS256 when a secret is supplied.
|
|
26
|
+
*/
|
|
27
|
+
export declare function sign<T extends Record<string, unknown>>(payload: T, options?: SignOptions): Promise<string>;
|
|
28
|
+
export type VerifyOptions = {
|
|
29
|
+
algorithm?: 'ES256';
|
|
30
|
+
publicKey?: CryptoKey;
|
|
31
|
+
secret?: string;
|
|
32
|
+
iss?: string;
|
|
33
|
+
aud?: string | string[];
|
|
34
|
+
} | {
|
|
35
|
+
algorithm: 'HS256';
|
|
36
|
+
secret?: string | Uint8Array;
|
|
37
|
+
publicKey?: never;
|
|
38
|
+
iss?: string;
|
|
39
|
+
aud?: string | string[];
|
|
40
|
+
};
|
|
41
|
+
/**
|
|
42
|
+
* Verify a JWT and return its payload when the signature is valid.
|
|
43
|
+
* The algorithm is inferred from options – ES256 by default.
|
|
44
|
+
* Throws when verification fails or the token is expired.
|
|
45
|
+
*/
|
|
46
|
+
export declare function verify<T = Record<string, unknown>>(token: string, options: VerifyOptions): Promise<T>;
|
|
47
|
+
export {};
|
|
48
|
+
//# sourceMappingURL=jwt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../jwt/jwt.ts"],"names":[],"mappings":"AAYA,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,OAAO,CAAA;AAElD,UAAU,iBAAiB;IACzB,iFAAiF;IACjF,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED,MAAM,MAAM,WAAW,GACjB,CAAC;IAAE,SAAS,CAAC,EAAE,OAAO,CAAC;IAAC,UAAU,CAAC,EAAE,SAAS,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GACjE,iBAAiB,GAAG;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,GAC9E,CAAC;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAAC,UAAU,CAAC,EAAE,KAAK,CAAA;CAAE,GACvE,iBAAiB,GAAG;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAAA;AAElF;;;GAGG;AACH,wBAAsB,IAAI,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,CAkEpH;AAED,MAAM,MAAM,aAAa,GACnB;IAAE,SAAS,CAAC,EAAE,OAAO,CAAC;IAAC,SAAS,CAAC,EAAE,SAAS,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,GACtG;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAAC,SAAS,CAAC,EAAE,KAAK,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,CAAA;AAEpH;;;;GAIG;AACH,wBAAsB,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAiG3G"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export declare function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean;
|
|
2
|
+
export declare function deriveKeysFromSecret(secret: string): Promise<{
|
|
3
|
+
privateKey: CryptoKey;
|
|
4
|
+
publicKey: CryptoKey;
|
|
5
|
+
}>;
|
|
6
|
+
/**
|
|
7
|
+
* Convert JWS raw signature (r || s) to DER-encoded format for WebCrypto.
|
|
8
|
+
*/
|
|
9
|
+
export declare function rawToDer(raw: Uint8Array): Uint8Array;
|
|
10
|
+
//# sourceMappingURL=utils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../jwt/utils.ts"],"names":[],"mappings":"AAEA,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAOvE;AAeD,wBAAsB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,UAAU,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,SAAS,CAAA;CAAE,CAAC,CA2BnH;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,UAAU,GAAG,UAAU,CA2CpD"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import type { OAuth2Tokens } from 'arctic';
|
|
2
|
+
export { GitHub } from './providers/github';
|
|
3
|
+
export { Google } from './providers/google';
|
|
4
|
+
export { MicrosoftEntraId } from './providers/microsoft';
|
|
5
|
+
export interface OAuthProviderConfig {
|
|
6
|
+
clientId: string;
|
|
7
|
+
clientSecret: string;
|
|
8
|
+
redirectUri?: string;
|
|
9
|
+
scope?: string[];
|
|
10
|
+
}
|
|
11
|
+
export interface AuthUser {
|
|
12
|
+
id: string;
|
|
13
|
+
name: string;
|
|
14
|
+
email: string | null;
|
|
15
|
+
emailVerified: boolean | null;
|
|
16
|
+
avatar: string | null;
|
|
17
|
+
raw: Record<string, unknown>;
|
|
18
|
+
}
|
|
19
|
+
export interface OAuthProvider {
|
|
20
|
+
id: string;
|
|
21
|
+
requiresRedirectUri?: boolean;
|
|
22
|
+
getAuthorizationUrl: (state: string, codeVerifier: string, options?: {
|
|
23
|
+
scopes?: string[];
|
|
24
|
+
redirectUri?: string;
|
|
25
|
+
}) => Promise<URL>;
|
|
26
|
+
validateCallback: (code: string, codeVerifier: string, redirectUri?: string) => Promise<{
|
|
27
|
+
tokens: OAuth2Tokens;
|
|
28
|
+
user: AuthUser;
|
|
29
|
+
}>;
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAExD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,EAAE,OAAO,GAAG,IAAI,CAAA;IAC7B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,mBAAmB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IACjI,gBAAgB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,YAAY,CAAC;QAAC,IAAI,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAA;CAClI"}
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
import{CodeChallengeMethod as U,OAuth2Client as g}from"arctic";var A="https://github.com/login/oauth/authorize",v="https://github.com/login/oauth/access_token",m="https://api.github.com";async function C(t){let r=await(await fetch(`${m}/user`,{headers:{Authorization:`Bearer ${t}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}})).json(),e=r.email,n=!1,o=await fetch(`${m}/user/emails`,{headers:{Authorization:`Bearer ${t}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}});if(o.ok){let s=await o.json(),i=s.find(a=>a.primary&&a.verified);if(i)e=i.email,n=!0;else{let a=s.find(l=>l.verified);a&&(e=a.email,n=!0)}}return{id:r.id.toString(),name:r.name??r.login,email:e,emailVerified:n,avatar:r.avatar_url,raw:r}}function O(t){let c=new g(t.clientId,t.clientSecret,t.redirectUri??null);function r(e){return!e||t.redirectUri&&e===t.redirectUri?c:new g(t.clientId,t.clientSecret,e)}return{id:"github",async getAuthorizationUrl(e,n,o){let s=r(o?.redirectUri),i=o?.scopes??t.scope??["user:email"];return await s.createAuthorizationURLWithPKCE(A,e,U.S256,n,i)},async validateCallback(e,n,o){let i=await r(o).validateAuthorizationCode(v,e,n),a=await C(i.accessToken());return{tokens:i,user:a}}}}import{CodeChallengeMethod as b,OAuth2Client as h}from"arctic";var w="https://accounts.google.com/o/oauth2/v2/auth",y="https://oauth2.googleapis.com/token",_="https://openidconnect.googleapis.com/v1/userinfo";async function R(t){let r=await(await fetch(_,{headers:{Authorization:`Bearer ${t}`,"User-Agent":"gau"}})).json();return{id:r.sub,name:r.name,email:r.email,emailVerified:r.email_verified,avatar:r.picture,raw:r}}function P(t){let c=new h(t.clientId,t.clientSecret,t.redirectUri??null);function r(e){return!e||e===t.redirectUri?c:new h(t.clientId,t.clientSecret,e)}return{id:"google",requiresRedirectUri:!0,async getAuthorizationUrl(e,n,o){let s=r(o?.redirectUri),i=o?.scopes??t.scope??["openid","email","profile"];return await s.createAuthorizationURLWithPKCE(w,e,b.S256,n,i)},async validateCallback(e,n,o){let i=await r(o).validateAuthorizationCode(y,e,n),a=await R(i.accessToken());return{tokens:i,user:a}}}}import{CodeChallengeMethod as k,OAuth2Client as p}from"arctic";var E="https://graph.microsoft.com/v1.0/me",I="https://graph.microsoft.com/v1.0/me/photo/$value";function G(t){let c=t.replace(/-/g,"+").replace(/_/g,"/"),r=(4-c.length%4)%4,e=c.padEnd(c.length+r,"="),n=atob(e),o=n.length,s=new Uint8Array(o);for(let i=0;i<o;i++)s[i]=n.charCodeAt(i);return s}async function L(t,c){let e=await(await fetch(E,{headers:{Authorization:`Bearer ${t}`}})).json(),n=e.mail??e.userPrincipalName,o=!1;if(c)try{let a=c.split("."),l=JSON.parse(new TextDecoder().decode(G(a[1]))),u="9188040d-6c67-4c5b-b112-36a304b66dad";if(l.verified_primary_email){let d=Array.isArray(l.verified_primary_email)?l.verified_primary_email[0]:l.verified_primary_email;typeof d=="string"&&(n=d,o=!0)}else(l.tid===u||l.xms_edov===!0)&&(n=l.email??n,o=!0)}catch{}let s=await fetch(I,{headers:{Authorization:`Bearer ${t}`}}),i=null;if(s.ok)try{let a=await s.blob(),l=new FileReader;i=await new Promise((d,f)=>{l.onloadend=()=>d(l.result),l.onerror=f,l.readAsDataURL(a)})}catch{}return{id:e.id,name:e.displayName,email:n,emailVerified:o,avatar:i,raw:e}}function z(t){let c=t.tenant??"common",r=`https://login.microsoftonline.com/${c}/oauth2/v2.0/authorize`,e=`https://login.microsoftonline.com/${c}/oauth2/v2.0/token`,n=new p(t.clientId,t.clientSecret,t.redirectUri??null);function o(s){return!s||s===t.redirectUri?n:new p(t.clientId,t.clientSecret,s)}return{id:"microsoft-entra-id",requiresRedirectUri:!0,async getAuthorizationUrl(s,i,a){let l=o(a?.redirectUri),u=a?.scopes??t.scope??["openid","profile","email","User.Read"];return await l.createAuthorizationURLWithPKCE(r,s,k.S256,i,u)},async validateCallback(s,i,a){let u=await o(a).validateAuthorizationCode(e,s,i),d=await L(u.accessToken(),u.idToken());return{tokens:u,user:d}}}}export{O as GitHub,P as Google,z as MicrosoftEntraId};
|
|
2
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../oauth/providers/github.ts","../../oauth/providers/google.ts","../../oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n id: number\n login: string\n avatar_url: string\n name: string\n email: string | null\n [key: string]: unknown\n}\n\ninterface GitHubEmail {\n email: string\n primary: boolean\n verified: boolean\n visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n const response = await fetch(`${GITHUB_API_URL}/user`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n const data: GitHubUser = await response.json()\n\n let email: string | null = data.email\n let emailVerified = false\n\n const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n headers: {\n 'Authorization': `Bearer ${accessToken}`,\n 'User-Agent': 'gau',\n 'Accept': 'application/vnd.github+json',\n },\n })\n\n if (emailsResponse.ok) {\n const emails: GitHubEmail[] = await emailsResponse.json()\n const primaryEmail = emails.find(e => e.primary && e.verified)\n if (primaryEmail) {\n email = primaryEmail.email\n emailVerified = true\n }\n else {\n // Fallback to the first verified email if no primary is found\n const verifiedEmail = emails.find(e => e.verified)\n if (verifiedEmail) {\n email = verifiedEmail.email\n emailVerified = true\n }\n }\n }\n\n return {\n id: data.id.toString(),\n name: data.name ?? data.login,\n email,\n emailVerified,\n avatar: data.avatar_url,\n raw: data,\n }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider {\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || (config.redirectUri && redirectUri === config.redirectUri))\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'github',\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['user:email']\n const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n const user = await getUser(tokens.accessToken())\n return { tokens, user }\n },\n }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\r\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\r\n\r\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\r\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\r\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\r\n\r\ninterface GoogleUser {\r\n sub: string\r\n name: string\r\n email: string | null\r\n email_verified: boolean\r\n picture: string | null\r\n [key: string]: unknown\r\n}\r\n\r\nasync function getUser(accessToken: string): Promise<AuthUser> {\r\n const response = await fetch(GOOGLE_USERINFO_URL, {\r\n headers: {\r\n 'Authorization': `Bearer ${accessToken}`,\r\n 'User-Agent': 'gau',\r\n },\r\n })\r\n const data: GoogleUser = await response.json()\r\n\r\n return {\r\n id: data.sub,\r\n name: data.name,\r\n email: data.email,\r\n emailVerified: data.email_verified,\r\n avatar: data.picture,\r\n raw: data,\r\n }\r\n}\r\n\r\nexport function Google(config: OAuthProviderConfig): OAuthProvider {\r\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\r\n\r\n function getClient(redirectUri?: string): OAuth2Client {\r\n if (!redirectUri || redirectUri === config.redirectUri)\r\n return defaultClient\r\n\r\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\r\n }\r\n\r\n return {\r\n id: 'google',\r\n requiresRedirectUri: true,\r\n\r\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\r\n const client = getClient(options?.redirectUri)\r\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\r\n const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\r\n return url\r\n },\r\n\r\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\r\n const client = getClient(redirectUri)\r\n const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\r\n const user = await getUser(tokens.accessToken())\r\n return { tokens, user }\r\n },\r\n }\r\n}\r\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\ninterface MicrosoftEntraIdConfig extends OAuthProviderConfig {\n tenant?: 'common' | 'organizations' | 'consumers' | string\n}\n\ninterface MicrosoftUser {\n id: string\n displayName: string\n mail: string | null\n userPrincipalName: string\n [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n const padLength = (4 - (base64.length % 4)) % 4\n const padded = base64.padEnd(base64.length + padLength, '=')\n const binary_string = atob(padded)\n const len = binary_string.length\n const bytes = new Uint8Array(len)\n for (let i = 0; i < len; i++)\n bytes[i] = binary_string.charCodeAt(i)\n\n return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n const userData: MicrosoftUser = await userResponse.json()\n\n let email: string | null = userData.mail ?? userData.userPrincipalName\n let emailVerified = false\n if (idToken) {\n try {\n const parts = idToken.split('.')\n const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n // For work/school accounts, the `verified_primary_email` is the source of truth.\n if (payload.verified_primary_email) {\n const primaryEmail = Array.isArray(payload.verified_primary_email)\n ? payload.verified_primary_email[0]\n : payload.verified_primary_email\n\n if (typeof primaryEmail === 'string') {\n email = primaryEmail\n emailVerified = true\n }\n }\n // For personal accounts, the `email` claim is reliable and verified.\n else if (payload.tid === personalTenantId) {\n email = payload.email ?? email\n emailVerified = true\n }\n // Legacy fallback for `xms_edov`.\n else if (payload.xms_edov === true) {\n email = payload.email ?? email\n emailVerified = true\n }\n }\n catch {\n }\n }\n\n const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n\n let avatar: string | null = null\n if (photoResponse.ok) {\n try {\n const blob = await photoResponse.blob()\n const reader = new FileReader()\n const dataUrlPromise = new Promise<string>((resolve, reject) => {\n reader.onloadend = () => resolve(reader.result as string)\n reader.onerror = reject\n reader.readAsDataURL(blob)\n })\n avatar = await dataUrlPromise\n }\n catch {\n }\n }\n\n return {\n id: userData.id,\n name: userData.displayName,\n email,\n emailVerified,\n avatar,\n raw: userData,\n }\n}\n\nexport function MicrosoftEntraId(config: MicrosoftEntraIdConfig): OAuthProvider {\n const tenant = config.tenant ?? 'common'\n\n const authURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`\n const tokenURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`\n\n const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n function getClient(redirectUri?: string): OAuth2Client {\n if (!redirectUri || redirectUri === config.redirectUri)\n return defaultClient\n\n return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n }\n\n return {\n id: 'microsoft-entra-id',\n requiresRedirectUri: true,\n\n async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n const client = getClient(options?.redirectUri)\n const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n return url\n },\n\n async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n const client = getClient(redirectUri)\n const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n const user = await getUser(tokens.accessToken(), tokens.idToken())\n return { tokens, user }\n },\n }\n}\n"],"mappings":"AACA,OAAS,uBAAAA,EAAqB,gBAAAC,MAAoB,SAElD,IAAMC,EAAkB,2CAClBC,EAAmB,8CACnBC,EAAiB,yBAkBvB,eAAeC,EAAQC,EAAwC,CAQ7D,IAAMC,EAAmB,MAPR,MAAM,MAAM,GAAGH,CAAc,QAAS,CACrD,QAAS,CACP,cAAiB,UAAUE,CAAW,GACtC,aAAc,MACd,OAAU,6BACZ,CACF,CAAC,GACuC,KAAK,EAEzCE,EAAuBD,EAAK,MAC5BE,EAAgB,GAEdC,EAAiB,MAAM,MAAM,GAAGN,CAAc,eAAgB,CAClE,QAAS,CACP,cAAiB,UAAUE,CAAW,GACtC,aAAc,MACd,OAAU,6BACZ,CACF,CAAC,EAED,GAAII,EAAe,GAAI,CACrB,IAAMC,EAAwB,MAAMD,EAAe,KAAK,EAClDE,EAAeD,EAAO,KAAKE,GAAKA,EAAE,SAAWA,EAAE,QAAQ,EAC7D,GAAID,EACFJ,EAAQI,EAAa,MACrBH,EAAgB,OAEb,CAEH,IAAMK,EAAgBH,EAAO,KAAKE,GAAKA,EAAE,QAAQ,EAC7CC,IACFN,EAAQM,EAAc,MACtBL,EAAgB,GAEpB,CACF,CAEA,MAAO,CACL,GAAIF,EAAK,GAAG,SAAS,EACrB,KAAMA,EAAK,MAAQA,EAAK,MACxB,MAAAC,EACA,cAAAC,EACA,OAAQF,EAAK,WACb,IAAKA,CACP,CACF,CAEO,SAASQ,EAAOC,EAA4C,CACjE,IAAMC,EAAgB,IAAIhB,EAAae,EAAO,SAAUA,EAAO,aAAcA,EAAO,aAAe,IAAI,EAEvG,SAASE,EAAUC,EAAoC,CACrD,MAAI,CAACA,GAAgBH,EAAO,aAAeG,IAAgBH,EAAO,YACzDC,EAEF,IAAIhB,EAAae,EAAO,SAAUA,EAAO,aAAcG,CAAW,CAC3E,CAEA,MAAO,CACL,GAAI,SAEJ,MAAM,oBAAoBC,EAAeC,EAAsBC,EAAuD,CACpH,IAAMC,EAASL,EAAUI,GAAS,WAAW,EACvCE,EAASF,GAAS,QAAUN,EAAO,OAAS,CAAC,YAAY,EAE/D,OADY,MAAMO,EAAO,+BAA+BrB,EAAiBkB,EAAOpB,EAAoB,KAAMqB,EAAcG,CAAM,CAEhI,EAEA,MAAM,iBAAiBC,EAAcJ,EAAsBF,EAAsB,CAE/E,IAAMO,EAAS,MADAR,EAAUC,CAAW,EACR,0BAA0BhB,EAAkBsB,EAAMJ,CAAY,EACpFM,EAAO,MAAMtB,EAAQqB,EAAO,YAAY,CAAC,EAC/C,MAAO,CAAE,OAAAA,EAAQ,KAAAC,CAAK,CACxB,CACF,CACF,CCjGA,OAAS,uBAAAC,EAAqB,gBAAAC,MAAoB,SAElD,IAAMC,EAAkB,+CAClBC,EAAmB,sCACnBC,EAAsB,mDAW5B,eAAeC,EAAQC,EAAwC,CAO7D,IAAMC,EAAmB,MANR,MAAM,MAAMH,EAAqB,CAChD,QAAS,CACP,cAAiB,UAAUE,CAAW,GACtC,aAAc,KAChB,CACF,CAAC,GACuC,KAAK,EAE7C,MAAO,CACL,GAAIC,EAAK,IACT,KAAMA,EAAK,KACX,MAAOA,EAAK,MACZ,cAAeA,EAAK,eACpB,OAAQA,EAAK,QACb,IAAKA,CACP,CACF,CAEO,SAASC,EAAOC,EAA4C,CACjE,IAAMC,EAAgB,IAAIT,EAAaQ,EAAO,SAAUA,EAAO,aAAcA,EAAO,aAAe,IAAI,EAEvG,SAASE,EAAUC,EAAoC,CACrD,MAAI,CAACA,GAAeA,IAAgBH,EAAO,YAClCC,EAEF,IAAIT,EAAaQ,EAAO,SAAUA,EAAO,aAAcG,CAAW,CAC3E,CAEA,MAAO,CACL,GAAI,SACJ,oBAAqB,GAErB,MAAM,oBAAoBC,EAAeC,EAAsBC,EAAuD,CACpH,IAAMC,EAASL,EAAUI,GAAS,WAAW,EACvCE,EAASF,GAAS,QAAUN,EAAO,OAAS,CAAC,SAAU,QAAS,SAAS,EAE/E,OADY,MAAMO,EAAO,+BAA+Bd,EAAiBW,EAAOb,EAAoB,KAAMc,EAAcG,CAAM,CAEhI,EAEA,MAAM,iBAAiBC,EAAcJ,EAAsBF,EAAsB,CAE/E,IAAMO,EAAS,MADAR,EAAUC,CAAW,EACR,0BAA0BT,EAAkBe,EAAMJ,CAAY,EACpFM,EAAO,MAAMf,EAAQc,EAAO,YAAY,CAAC,EAC/C,MAAO,CAAE,OAAAA,EAAQ,KAAAC,CAAK,CACxB,CACF,CACF,CC9DA,OAAS,uBAAAC,EAAqB,gBAAAC,MAAoB,SAGlD,IAAMC,EAA0B,sCAG1BC,EAA2B,mDAcjC,SAASC,EAAiBC,EAAyB,CACjD,IAAMC,EAASD,EAAI,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EACjDE,GAAa,EAAKD,EAAO,OAAS,GAAM,EACxCE,EAASF,EAAO,OAAOA,EAAO,OAASC,EAAW,GAAG,EACrDE,EAAgB,KAAKD,CAAM,EAC3BE,EAAMD,EAAc,OACpBE,EAAQ,IAAI,WAAWD,CAAG,EAChC,QAAS,EAAI,EAAG,EAAIA,EAAK,IACvBC,EAAM,CAAC,EAAIF,EAAc,WAAW,CAAC,EAEvC,OAAOE,CACT,CAEA,eAAeC,EAAQC,EAAqBC,EAA2C,CAMrF,IAAMC,EAA0B,MALX,MAAM,MAAMb,EAAyB,CACxD,QAAS,CACP,cAAe,UAAUW,CAAW,EACtC,CACF,CAAC,GACkD,KAAK,EAEpDG,EAAuBD,EAAS,MAAQA,EAAS,kBACjDE,EAAgB,GACpB,GAAIH,EACF,GAAI,CACF,IAAMI,EAAQJ,EAAQ,MAAM,GAAG,EACzBK,EAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAOf,EAAiBc,EAAM,CAAC,CAAE,CAAC,CAAC,EAC1EE,EAAmB,uCAGzB,GAAID,EAAQ,uBAAwB,CAClC,IAAME,EAAe,MAAM,QAAQF,EAAQ,sBAAsB,EAC7DA,EAAQ,uBAAuB,CAAC,EAChCA,EAAQ,uBAER,OAAOE,GAAiB,WAC1BL,EAAQK,EACRJ,EAAgB,GAEpB,MAESE,EAAQ,MAAQC,GAKhBD,EAAQ,WAAa,MAC5BH,EAAQG,EAAQ,OAASH,EACzBC,EAAgB,GAEpB,MACM,CACN,CAGF,IAAMK,EAAgB,MAAM,MAAMnB,EAA0B,CAC1D,QAAS,CACP,cAAe,UAAUU,CAAW,EACtC,CACF,CAAC,EAEGU,EAAwB,KAC5B,GAAID,EAAc,GAChB,GAAI,CACF,IAAME,EAAO,MAAMF,EAAc,KAAK,EAChCG,EAAS,IAAI,WAMnBF,EAAS,MALc,IAAI,QAAgB,CAACG,EAASC,IAAW,CAC9DF,EAAO,UAAY,IAAMC,EAAQD,EAAO,MAAgB,EACxDA,EAAO,QAAUE,EACjBF,EAAO,cAAcD,CAAI,CAC3B,CAAC,CAEH,MACM,CACN,CAGF,MAAO,CACL,GAAIT,EAAS,GACb,KAAMA,EAAS,YACf,MAAAC,EACA,cAAAC,EACA,OAAAM,EACA,IAAKR,CACP,CACF,CAEO,SAASa,EAAiBC,EAA+C,CAC9E,IAAMC,EAASD,EAAO,QAAU,SAE1BE,EAAU,qCAAqCD,CAAM,yBACrDE,EAAW,qCAAqCF,CAAM,qBAEtDG,EAAgB,IAAIhC,EAAa4B,EAAO,SAAUA,EAAO,aAAcA,EAAO,aAAe,IAAI,EAEvG,SAASK,EAAUC,EAAoC,CACrD,MAAI,CAACA,GAAeA,IAAgBN,EAAO,YAClCI,EAEF,IAAIhC,EAAa4B,EAAO,SAAUA,EAAO,aAAcM,CAAW,CAC3E,CAEA,MAAO,CACL,GAAI,qBACJ,oBAAqB,GAErB,MAAM,oBAAoBC,EAAeC,EAAsBC,EAAuD,CACpH,IAAMC,EAASL,EAAUI,GAAS,WAAW,EACvCE,EAASF,GAAS,QAAUT,EAAO,OAAS,CAAC,SAAU,UAAW,QAAS,WAAW,EAE5F,OADY,MAAMU,EAAO,+BAA+BR,EAASK,EAAOpC,EAAoB,KAAMqC,EAAcG,CAAM,CAExH,EAEA,MAAM,iBAAiBC,EAAcJ,EAAsBF,EAAsB,CAE/E,IAAMO,EAAS,MADAR,EAAUC,CAAW,EACR,0BAA0BH,EAAUS,EAAMJ,CAAY,EAC5EM,EAAO,MAAM/B,EAAQ8B,EAAO,YAAY,EAAGA,EAAO,QAAQ,CAAC,EACjE,MAAO,CAAE,OAAAA,EAAQ,KAAAC,CAAK,CACxB,CACF,CACF","names":["CodeChallengeMethod","OAuth2Client","GITHUB_AUTH_URL","GITHUB_TOKEN_URL","GITHUB_API_URL","getUser","accessToken","data","email","emailVerified","emailsResponse","emails","primaryEmail","e","verifiedEmail","GitHub","config","defaultClient","getClient","redirectUri","state","codeVerifier","options","client","scopes","code","tokens","user","CodeChallengeMethod","OAuth2Client","GOOGLE_AUTH_URL","GOOGLE_TOKEN_URL","GOOGLE_USERINFO_URL","getUser","accessToken","data","Google","config","defaultClient","getClient","redirectUri","state","codeVerifier","options","client","scopes","code","tokens","user","CodeChallengeMethod","OAuth2Client","MICROSOFT_USER_INFO_URL","MICROSOFT_USER_PHOTO_URL","base64url_decode","str","base64","padLength","padded","binary_string","len","bytes","getUser","accessToken","idToken","userData","email","emailVerified","parts","payload","personalTenantId","primaryEmail","photoResponse","avatar","blob","reader","resolve","reject","MicrosoftEntraId","config","tenant","authURL","tokenURL","defaultClient","getClient","redirectUri","state","codeVerifier","options","client","scopes","code","tokens","user"]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../oauth/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAuE5E,wBAAgB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CA2BjE"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../oauth/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAmC5E,wBAAgB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CA4BjE"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { OAuthProvider, OAuthProviderConfig } from '../index';
|
|
2
|
+
interface MicrosoftEntraIdConfig extends OAuthProviderConfig {
|
|
3
|
+
tenant?: 'common' | 'organizations' | 'consumers' | string;
|
|
4
|
+
}
|
|
5
|
+
export declare function MicrosoftEntraId(config: MicrosoftEntraIdConfig): OAuthProvider;
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=microsoft.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../oauth/providers/microsoft.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAS5E,UAAU,sBAAuB,SAAQ,mBAAmB;IAC1D,MAAM,CAAC,EAAE,QAAQ,GAAG,eAAe,GAAG,WAAW,GAAG,MAAM,CAAA;CAC3D;AAiGD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,sBAAsB,GAAG,aAAa,CAiC9E"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../oauth/utils.ts"],"names":[],"mappings":"AAEA,wBAAgB,eAAe;;;EAQ9B"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../runtimes/bun/index.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,eAAO,MAAM,sBAAsB,OAAO,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { CreateAuthOptions } from '../../core';
|
|
2
|
+
/**
|
|
3
|
+
* Creates an auth instance configured for Cloudflare Workers,
|
|
4
|
+
* automatically trusting all hosts since Workers handle proxies securely.
|
|
5
|
+
*/
|
|
6
|
+
export declare function cloudflareAuth(options: CreateAuthOptions): import("../..").Auth;
|
|
7
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../runtimes/cloudflare/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAA;AAGnD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,iBAAiB,wBAKxD"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../runtimes/index.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAA;AACrB,cAAc,cAAc,CAAA;AAC5B,cAAc,SAAS,CAAA"}
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
import{a as e,b as f,c as m,d as p,e as t,f as x,g as a}from"../chunk-5A3NMHJO.js";import{a as r}from"../chunk-VMLU27AI.js";import"../chunk-M6DEZIND.js";import{a as o}from"../chunk-LWBWVQD2.js";export{o as _bunRuntimePlaceholder,a as clearSessionToken,r as cloudflareAuth,x as getSessionToken,p as handleTauriDeepLink,e as isTauri,m as setupTauriListener,f as signInWithTauri,t as storeSessionToken};
|
|
2
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export declare const isTauri: boolean;
|
|
2
|
+
export declare function signInWithTauri(provider: string, baseUrl: string, scheme?: string): Promise<void>;
|
|
3
|
+
export declare function setupTauriListener(handler: (url: string) => Promise<void>): void;
|
|
4
|
+
export declare function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void): void;
|
|
5
|
+
export declare function storeSessionToken(token: string): void;
|
|
6
|
+
export declare function getSessionToken(): string | null;
|
|
7
|
+
export declare function clearSessionToken(): void;
|
|
8
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../runtimes/tauri/index.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,OAAO,SAA6C,CAAA;AAEjE,wBAAsB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,GAAE,MAAc,iBAgB9F;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,QAOzE;AAED,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,QAQjH;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,QAQ9C;AAED,wBAAgB,eAAe,IAAI,MAAM,GAAG,IAAI,CAI/C;AAED,wBAAgB,iBAAiB,SAQhC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import type { CreateAuthOptions } from '../core';
|
|
2
|
+
import { createAuth } from '../core';
|
|
3
|
+
type AuthInstance = ReturnType<typeof createAuth>;
|
|
4
|
+
/**
|
|
5
|
+
* Creates GET and POST handlers for SolidStart.
|
|
6
|
+
*
|
|
7
|
+
* @example
|
|
8
|
+
* ```ts
|
|
9
|
+
* // src/routes/api/auth/[...auth].ts
|
|
10
|
+
* import { SolidAuth } from '@rttnd/gau/solid-start'
|
|
11
|
+
* import { authOptions } from '~/server/auth'
|
|
12
|
+
*
|
|
13
|
+
* export const { GET, POST } = SolidAuth(authOptions)
|
|
14
|
+
* ```
|
|
15
|
+
*/
|
|
16
|
+
export declare function SolidAuth(optionsOrAuth: CreateAuthOptions | AuthInstance): {
|
|
17
|
+
GET: (event: any) => Promise<import("..").ResponseLike>;
|
|
18
|
+
POST: (event: any) => Promise<import("..").ResponseLike>;
|
|
19
|
+
OPTIONS: (event: any) => Promise<import("..").ResponseLike>;
|
|
20
|
+
};
|
|
21
|
+
export {};
|
|
22
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../solidstart/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAA;AAChD,OAAO,EAAE,UAAU,EAAiB,MAAM,SAAS,CAAA;AAEnD,KAAK,YAAY,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC,CAAA;AAEjD;;;;;;;;;;;GAWG;AACH,wBAAgB,SAAS,CAAC,aAAa,EAAE,iBAAiB,GAAG,YAAY;;;;EAexE"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../solidstart/index.ts"],"sourcesContent":["import type { CreateAuthOptions } from '../core'\r\nimport { createAuth, createHandler } from '../core'\r\n\r\ntype AuthInstance = ReturnType<typeof createAuth>\r\n\r\n/**\r\n * Creates GET and POST handlers for SolidStart.\r\n *\r\n * @example\r\n * ```ts\r\n * // src/routes/api/auth/[...auth].ts\r\n * import { SolidAuth } from '@rttnd/gau/solid-start'\r\n * import { authOptions } from '~/server/auth'\r\n *\r\n * export const { GET, POST } = SolidAuth(authOptions)\r\n * ```\r\n */\r\nexport function SolidAuth(optionsOrAuth: CreateAuthOptions | AuthInstance) {\r\n // TODO: Duck-type to check if we have an instance or raw options\r\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\r\n\r\n const auth = isInstance\r\n ? (optionsOrAuth as AuthInstance)\r\n : createAuth(optionsOrAuth as CreateAuthOptions)\r\n\r\n const handler = createHandler(auth)\r\n const solidHandler = (event: any) => handler(event.request)\r\n return {\r\n GET: solidHandler,\r\n POST: solidHandler,\r\n OPTIONS: solidHandler,\r\n }\r\n}\r\n"],"mappings":"gDAiBO,SAASA,EAAUC,EAAiD,CAIzE,IAAMC,EAFa,gBAAiBD,GAAiB,YAAaA,EAG7DA,EACDE,EAAWF,CAAkC,EAE3CG,EAAUC,EAAcH,CAAI,EAC5BI,EAAgBC,GAAeH,EAAQG,EAAM,OAAO,EAC1D,MAAO,CACL,IAAKD,EACL,KAAMA,EACN,QAASA,CACX,CACF","names":["SolidAuth","optionsOrAuth","auth","createAuth","handler","createHandler","solidHandler","event"]}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import type { Handle, RequestEvent } from '@sveltejs/kit';
|
|
2
|
+
import type { CreateAuthOptions } from '../core';
|
|
3
|
+
import { createAuth } from '../core';
|
|
4
|
+
type AuthInstance = ReturnType<typeof createAuth>;
|
|
5
|
+
/**
|
|
6
|
+
* Creates GET and POST handlers for SvelteKit.
|
|
7
|
+
*
|
|
8
|
+
* @example
|
|
9
|
+
* ```ts
|
|
10
|
+
* // src/routes/api/auth/[...gau]/+server.ts
|
|
11
|
+
* import { SvelteKitAuth } from '@rttnd/gau/sveltekit'
|
|
12
|
+
* import { auth } from '$lib/server/auth'
|
|
13
|
+
*
|
|
14
|
+
* export const { GET, POST } = SvelteKitAuth(auth)
|
|
15
|
+
* ```
|
|
16
|
+
*/
|
|
17
|
+
export declare function SvelteKitAuth(optionsOrAuth: CreateAuthOptions | AuthInstance): {
|
|
18
|
+
GET: (event: RequestEvent<Partial<Record<string, string>>, string | null>) => Promise<import("..").ResponseLike>;
|
|
19
|
+
POST: (event: RequestEvent<Partial<Record<string, string>>, string | null>) => Promise<import("..").ResponseLike>;
|
|
20
|
+
OPTIONS: (event: RequestEvent<Partial<Record<string, string>>, string | null>) => Promise<import("..").ResponseLike>;
|
|
21
|
+
handle: Handle;
|
|
22
|
+
};
|
|
23
|
+
export {};
|
|
24
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../sveltekit/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAA;AAChD,OAAO,EAAE,UAAU,EAAoD,MAAM,SAAS,CAAA;AAEtF,KAAK,YAAY,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC,CAAA;AAEjD;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAAC,aAAa,EAAE,iBAAiB,GAAG,YAAY;;;;;EAyC5E"}
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
import{b as o,e as i,k as u,l as c}from"../chunk-M6DEZIND.js";function A(t){let r="providerMap"in t&&"signJWT"in t?t:u(t),l=c(r),n=e=>l(e.request);return{GET:n,POST:n,OPTIONS:n,handle:async({event:e,resolve:h})=>(e.locals.getSession=async()=>{let s=o(e.request.headers.get("Cookie")).get(i);if(!s){let a=e.request.headers.get("Authorization");a?.startsWith("Bearer ")&&(s=a.substring(7))}if(!s)return null;try{return await r.validateSession(s)}catch{return null}},h(e))}}export{A as SvelteKitAuth};
|
|
2
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../sveltekit/index.ts"],"sourcesContent":["import type { Handle, RequestEvent } from '@sveltejs/kit'\r\nimport type { CreateAuthOptions } from '../core'\r\nimport { createAuth, createHandler, parseCookies, SESSION_COOKIE_NAME } from '../core'\r\n\r\ntype AuthInstance = ReturnType<typeof createAuth>\r\n\r\n/**\r\n * Creates GET and POST handlers for SvelteKit.\r\n *\r\n * @example\r\n * ```ts\r\n * // src/routes/api/auth/[...gau]/+server.ts\r\n * import { SvelteKitAuth } from '@rttnd/gau/sveltekit'\r\n * import { auth } from '$lib/server/auth'\r\n *\r\n * export const { GET, POST } = SvelteKitAuth(auth)\r\n * ```\r\n */\r\nexport function SvelteKitAuth(optionsOrAuth: CreateAuthOptions | AuthInstance) {\r\n // TODO: Duck-type to check if we have an instance or raw options\r\n const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\r\n\r\n const auth = isInstance\r\n ? (optionsOrAuth as AuthInstance)\r\n : createAuth(optionsOrAuth as CreateAuthOptions)\r\n\r\n const handler = createHandler(auth)\r\n const sveltekitHandler = (event: RequestEvent) => handler(event.request)\r\n\r\n const handle: Handle = async ({ event, resolve }) => {\r\n (event.locals as any).getSession = async () => {\r\n const requestCookies = parseCookies(event.request.headers.get('Cookie'))\r\n let sessionToken = requestCookies.get(SESSION_COOKIE_NAME)\r\n\r\n if (!sessionToken) {\r\n const authHeader = event.request.headers.get('Authorization')\r\n if (authHeader?.startsWith('Bearer '))\r\n sessionToken = authHeader.substring(7)\r\n }\r\n\r\n if (!sessionToken)\r\n return null\r\n\r\n try {\r\n return await auth.validateSession(sessionToken)\r\n }\r\n catch {\r\n return null\r\n }\r\n }\r\n return resolve(event)\r\n }\r\n\r\n return {\r\n GET: sveltekitHandler,\r\n POST: sveltekitHandler,\r\n OPTIONS: sveltekitHandler,\r\n handle,\r\n }\r\n}\r\n"],"mappings":"8DAkBO,SAASA,EAAcC,EAAiD,CAI7E,IAAMC,EAFa,gBAAiBD,GAAiB,YAAaA,EAG7DA,EACDE,EAAWF,CAAkC,EAE3CG,EAAUC,EAAcH,CAAI,EAC5BI,EAAoBC,GAAwBH,EAAQG,EAAM,OAAO,EA0BvE,MAAO,CACL,IAAKD,EACL,KAAMA,EACN,QAASA,EACT,OA5BqB,MAAO,CAAE,MAAAC,EAAO,QAAAC,CAAQ,KAC5CD,EAAM,OAAe,WAAa,SAAY,CAE7C,IAAIE,EADmBC,EAAaH,EAAM,QAAQ,QAAQ,IAAI,QAAQ,CAAC,EACrC,IAAII,CAAmB,EAEzD,GAAI,CAACF,EAAc,CACjB,IAAMG,EAAaL,EAAM,QAAQ,QAAQ,IAAI,eAAe,EACxDK,GAAY,WAAW,SAAS,IAClCH,EAAeG,EAAW,UAAU,CAAC,EACzC,CAEA,GAAI,CAACH,EACH,OAAO,KAET,GAAI,CACF,OAAO,MAAMP,EAAK,gBAAgBO,CAAY,CAChD,MACM,CACJ,OAAO,IACT,CACF,EACOD,EAAQD,CAAK,EAQtB,CACF","names":["SvelteKitAuth","optionsOrAuth","auth","createAuth","handler","createHandler","sveltekitHandler","event","resolve","sessionToken","parseCookies","SESSION_COOKIE_NAME","authHeader"]}
|